shithub: riscv

--- a/sys/include/ape/openssl/aes.h

+++ /dev/null

@@ -1,138 +1,0 @@

-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef HEADER_AES_H

-#define HEADER_AES_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_AES

-#error AES is disabled.

-#endif

-#define AES_ENCRYPT	1

-#define AES_DECRYPT	0

-/* Because array size can't be a const in C, the following two are macros.

-   Both sizes are in bytes. */

-#define AES_MAXNR 14

-#define AES_BLOCK_SIZE 16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* This should be a hidden type, but EVP requires that the size be known */

-struct aes_key_st {

-#ifdef AES_LONG

-    unsigned long rd_key[4 *(AES_MAXNR + 1)];

-#else

-    unsigned int rd_key[4 *(AES_MAXNR + 1)];

-#endif

-    int rounds;

-};

-typedef struct aes_key_st AES_KEY;

-const char *AES_options(void);

-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,

-	AES_KEY *key);

-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,

-	AES_KEY *key);

-void AES_encrypt(const unsigned char *in, unsigned char *out,

-	const AES_KEY *key);

-void AES_decrypt(const unsigned char *in, unsigned char *out,

-	const AES_KEY *key);

-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const AES_KEY *key, const int enc);

-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, const int enc);

-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,

-			    const int nbits,const AES_KEY *key,

-			    unsigned char *ivec,const int enc);

-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num);

-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char ivec[AES_BLOCK_SIZE],

-	unsigned char ecount_buf[AES_BLOCK_SIZE],

-	unsigned int *num);

-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */

-/* NB: the IV is _two_ blocks long */

-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,

-		     const unsigned long length, const AES_KEY *key,

-		     unsigned char *ivec, const int enc);

-/* NB: the IV is _four_ blocks long */

-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,

-			const unsigned long length, const AES_KEY *key,

-			const AES_KEY *key2, const unsigned char *ivec,

-			const int enc);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* !HEADER_AES_H */

--- a/sys/include/ape/openssl/asn1.h

+++ /dev/null

@@ -1,1278 +1,0 @@

-/* crypto/asn1/asn1.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ASN1_H

-#define HEADER_ASN1_H

-#include <time.h>

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/safestack.h>

-#include <openssl/symhacks.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define V_ASN1_UNIVERSAL		0x00

-#define	V_ASN1_APPLICATION		0x40

-#define V_ASN1_CONTEXT_SPECIFIC		0x80

-#define V_ASN1_PRIVATE			0xc0

-#define V_ASN1_CONSTRUCTED		0x20

-#define V_ASN1_PRIMITIVE_TAG		0x1f

-#define V_ASN1_PRIMATIVE_TAG		0x1f

-#define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */

-#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */

-#define V_ASN1_ANY			-4	/* used in ASN1 template code */

-#define V_ASN1_NEG			0x100	/* negative flag */

-#define V_ASN1_UNDEF			-1

-#define V_ASN1_EOC			0

-#define V_ASN1_BOOLEAN			1	/**/

-#define V_ASN1_INTEGER			2

-#define V_ASN1_NEG_INTEGER		(2 | V_ASN1_NEG)

-#define V_ASN1_BIT_STRING		3

-#define V_ASN1_OCTET_STRING		4

-#define V_ASN1_NULL			5

-#define V_ASN1_OBJECT			6

-#define V_ASN1_OBJECT_DESCRIPTOR	7

-#define V_ASN1_EXTERNAL			8

-#define V_ASN1_REAL			9

-#define V_ASN1_ENUMERATED		10

-#define V_ASN1_NEG_ENUMERATED		(10 | V_ASN1_NEG)

-#define V_ASN1_UTF8STRING		12

-#define V_ASN1_SEQUENCE			16

-#define V_ASN1_SET			17

-#define V_ASN1_NUMERICSTRING		18	/**/

-#define V_ASN1_PRINTABLESTRING		19

-#define V_ASN1_T61STRING		20

-#define V_ASN1_TELETEXSTRING		20	/* alias */

-#define V_ASN1_VIDEOTEXSTRING		21	/**/

-#define V_ASN1_IA5STRING		22

-#define V_ASN1_UTCTIME			23

-#define V_ASN1_GENERALIZEDTIME		24	/**/

-#define V_ASN1_GRAPHICSTRING		25	/**/

-#define V_ASN1_ISO64STRING		26	/**/

-#define V_ASN1_VISIBLESTRING		26	/* alias */

-#define V_ASN1_GENERALSTRING		27	/**/

-#define V_ASN1_UNIVERSALSTRING		28	/**/

-#define V_ASN1_BMPSTRING		30

-/* For use with d2i_ASN1_type_bytes() */

-#define B_ASN1_NUMERICSTRING	0x0001

-#define B_ASN1_PRINTABLESTRING	0x0002

-#define B_ASN1_T61STRING	0x0004

-#define B_ASN1_TELETEXSTRING	0x0004

-#define B_ASN1_VIDEOTEXSTRING	0x0008

-#define B_ASN1_IA5STRING	0x0010

-#define B_ASN1_GRAPHICSTRING	0x0020

-#define B_ASN1_ISO64STRING	0x0040

-#define B_ASN1_VISIBLESTRING	0x0040

-#define B_ASN1_GENERALSTRING	0x0080

-#define B_ASN1_UNIVERSALSTRING	0x0100

-#define B_ASN1_OCTET_STRING	0x0200

-#define B_ASN1_BIT_STRING	0x0400

-#define B_ASN1_BMPSTRING	0x0800

-#define B_ASN1_UNKNOWN		0x1000

-#define B_ASN1_UTF8STRING	0x2000

-#define B_ASN1_UTCTIME		0x4000

-#define B_ASN1_GENERALIZEDTIME	0x8000

-#define B_ASN1_SEQUENCE		0x10000

-/* For use with ASN1_mbstring_copy() */

-#define MBSTRING_FLAG		0x1000

-#define MBSTRING_UTF8		(MBSTRING_FLAG)

-#define MBSTRING_ASC		(MBSTRING_FLAG|1)

-#define MBSTRING_BMP		(MBSTRING_FLAG|2)

-#define MBSTRING_UNIV		(MBSTRING_FLAG|4)

-struct X509_algor_st;

-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */

-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */

-/* We MUST make sure that, except for constness, asn1_ctx_st and

-   asn1_const_ctx are exactly the same.  Fortunately, as soon as

-   the old ASN1 parsing macros are gone, we can throw this away

-   as well... */

-typedef struct asn1_ctx_st

-	{

-	unsigned char *p;/* work char pointer */

-	int eos;	/* end of sequence read for indefinite encoding */

-	int error;	/* error code to use when returning an error */

-	int inf;	/* constructed if 0x20, indefinite is 0x21 */

-	int tag;	/* tag from last 'get object' */

-	int xclass;	/* class from last 'get object' */

-	long slen;	/* length of last 'get object' */

-	unsigned char *max; /* largest value of p allowed */

-	unsigned char *q;/* temporary variable */

-	unsigned char **pp;/* variable */

-	int line;	/* used in error processing */

-	} ASN1_CTX;

-typedef struct asn1_const_ctx_st

-	{

-	const unsigned char *p;/* work char pointer */

-	int eos;	/* end of sequence read for indefinite encoding */

-	int error;	/* error code to use when returning an error */

-	int inf;	/* constructed if 0x20, indefinite is 0x21 */

-	int tag;	/* tag from last 'get object' */

-	int xclass;	/* class from last 'get object' */

-	long slen;	/* length of last 'get object' */

-	const unsigned char *max; /* largest value of p allowed */

-	const unsigned char *q;/* temporary variable */

-	const unsigned char **pp;/* variable */

-	int line;	/* used in error processing */

-	} ASN1_const_CTX;

-/* These are used internally in the ASN1_OBJECT to keep track of

- * whether the names and data need to be free()ed */

-#define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */

-#define ASN1_OBJECT_FLAG_CRITICAL	 0x02	/* critical x509v3 object id */

-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04	/* internal use */

-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */

-typedef struct asn1_object_st

-	{

-	const char *sn,*ln;

-	int nid;

-	int length;

-	unsigned char *data;

-	int flags;	/* Should we free this one */

-	} ASN1_OBJECT;

-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */

-/* This indicates that the ASN1_STRING is not a real value but just a place

- * holder for the location where indefinite length constructed data should

- * be inserted in the memory buffer

- */

-#define ASN1_STRING_FLAG_NDEF 0x010

-/* This is the base type that holds just about everything :-) */

-typedef struct asn1_string_st

-	{

-	int length;

-	int type;

-	unsigned char *data;

-	/* The value of the following field depends on the type being

-	 * held.  It is mostly being used for BIT_STRING so if the

-	 * input data has a non-zero 'unused bits' value, it will be

-	 * handled correctly */

-	long flags;

-	} ASN1_STRING;

-/* ASN1_ENCODING structure: this is used to save the received

- * encoding of an ASN1 type. This is useful to get round

- * problems with invalid encodings which can break signatures.

- */

-typedef struct ASN1_ENCODING_st

-	{

-	unsigned char *enc;	/* DER encoding */

-	long len;		/* Length of encoding */

-	int modified;		 /* set to 1 if 'enc' is invalid */

-	} ASN1_ENCODING;

-/* Used with ASN1 LONG type: if a long is set to this it is omitted */

-#define ASN1_LONG_UNDEF	0x7fffffffL

-#define STABLE_FLAGS_MALLOC	0x01

-#define STABLE_NO_MASK		0x02

-#define DIRSTRING_TYPE	\

- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)

-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)

-typedef struct asn1_string_table_st {

-	int nid;

-	long minsize;

-	long maxsize;

-	unsigned long mask;

-	unsigned long flags;

-} ASN1_STRING_TABLE;

-DECLARE_STACK_OF(ASN1_STRING_TABLE)

-/* size limits: this stuff is taken straight from RFC2459 */

-#define ub_name				32768

-#define ub_common_name			64

-#define ub_locality_name		128

-#define ub_state_name			128

-#define ub_organization_name		64

-#define ub_organization_unit_name	64

-#define ub_title			64

-#define ub_email_address		128

-/* Declarations for template structures: for full definitions

- * see asn1t.h

- */

-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;

-typedef struct ASN1_ITEM_st ASN1_ITEM;

-typedef struct ASN1_TLC_st ASN1_TLC;

-/* This is just an opaque pointer */

-typedef struct ASN1_VALUE_st ASN1_VALUE;

-/* Declare ASN1 functions: the implement macro in in asn1t.h */

-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)

-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \

-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)

-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \

-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \

-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)

-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \

-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \

-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)

-#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \

-	type *d2i_##name(type **a, const unsigned char **in, long len); \

-	int i2d_##name(type *a, unsigned char **out); \

-	DECLARE_ASN1_ITEM(itname)

-#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \

-	type *d2i_##name(type **a, const unsigned char **in, long len); \

-	int i2d_##name(const type *a, unsigned char **out); \

-	DECLARE_ASN1_ITEM(name)

-#define	DECLARE_ASN1_NDEF_FUNCTION(name) \

-	int i2d_##name##_NDEF(name *a, unsigned char **out);

-#define DECLARE_ASN1_FUNCTIONS_const(name) \

-	name *name##_new(void); \

-	void name##_free(name *a);

-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \

-	type *name##_new(void); \

-	void name##_free(type *a);

-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)

-#define I2D_OF(type) int (*)(type *,unsigned char **)

-#define I2D_OF_const(type) int (*)(const type *,unsigned char **)

-#define CHECKED_D2I_OF(type, d2i) \

-    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))

-#define CHECKED_I2D_OF(type, i2d) \

-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))

-#define CHECKED_NEW_OF(type, xnew) \

-    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))

-#define CHECKED_PTR_OF(type, p) \

-    ((void*) (1 ? p : (type*)0))

-#define CHECKED_PPTR_OF(type, p) \

-    ((void**) (1 ? p : (type**)0))

-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)

-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)

-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)

-TYPEDEF_D2I2D_OF(void);

-/* The following macros and typedefs allow an ASN1_ITEM

- * to be embedded in a structure and referenced. Since

- * the ASN1_ITEM pointers need to be globally accessible

- * (possibly from shared libraries) they may exist in

- * different forms. On platforms that support it the

- * ASN1_ITEM structure itself will be globally exported.

- * Other platforms will export a function that returns

- * an ASN1_ITEM pointer.

- *

- * To handle both cases transparently the macros below

- * should be used instead of hard coding an ASN1_ITEM

- * pointer in a structure.

- *

- * The structure will look like this:

- *

- * typedef struct SOMETHING_st {

- *      ...

- *      ASN1_ITEM_EXP *iptr;

- *      ...

- * } SOMETHING;

- *

- * It would be initialised as e.g.:

- *

- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};

- *

- * and the actual pointer extracted with:

- *

- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);

- *

- * Finally an ASN1_ITEM pointer can be extracted from an

- * appropriate reference with: ASN1_ITEM_rptr(X509). This

- * would be used when a function takes an ASN1_ITEM * argument.

- *

- */

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-/* ASN1_ITEM pointer exported type */

-typedef const ASN1_ITEM ASN1_ITEM_EXP;

-/* Macro to obtain ASN1_ITEM pointer from exported type */

-#define ASN1_ITEM_ptr(iptr) (iptr)

-/* Macro to include ASN1_ITEM pointer from base type */

-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))

-#define ASN1_ITEM_rptr(ref) (&(ref##_it))

-#define DECLARE_ASN1_ITEM(name) \

-	OPENSSL_EXTERN const ASN1_ITEM name##_it;

-#else

-/* Platforms that can't easily handle shared global variables are declared

- * as functions returning ASN1_ITEM pointers.

- */

-/* ASN1_ITEM pointer exported type */

-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);

-/* Macro to obtain ASN1_ITEM pointer from exported type */

-#define ASN1_ITEM_ptr(iptr) (iptr())

-/* Macro to include ASN1_ITEM pointer from base type */

-#define ASN1_ITEM_ref(iptr) (iptr##_it)

-#define ASN1_ITEM_rptr(ref) (ref##_it())

-#define DECLARE_ASN1_ITEM(name) \

-	const ASN1_ITEM * name##_it(void);

-#endif

-/* Parameters used by ASN1_STRING_print_ex() */

-/* These determine which characters to escape:

- * RFC2253 special characters, control characters and

- * MSB set characters

- */

-#define ASN1_STRFLGS_ESC_2253		1

-#define ASN1_STRFLGS_ESC_CTRL		2

-#define ASN1_STRFLGS_ESC_MSB		4

-/* This flag determines how we do escaping: normally

- * RC2253 backslash only, set this to use backslash and

- * quote.

- */

-#define ASN1_STRFLGS_ESC_QUOTE		8

-/* These three flags are internal use only. */

-/* Character is a valid PrintableString character */

-#define CHARTYPE_PRINTABLESTRING	0x10

-/* Character needs escaping if it is the first character */

-#define CHARTYPE_FIRST_ESC_2253		0x20

-/* Character needs escaping if it is the last character */

-#define CHARTYPE_LAST_ESC_2253		0x40

-/* NB the internal flags are safely reused below by flags

- * handled at the top level.

- */

-/* If this is set we convert all character strings

- * to UTF8 first

- */

-#define ASN1_STRFLGS_UTF8_CONVERT	0x10

-/* If this is set we don't attempt to interpret content:

- * just assume all strings are 1 byte per character. This

- * will produce some pretty odd looking output!

- */

-#define ASN1_STRFLGS_IGNORE_TYPE	0x20

-/* If this is set we include the string type in the output */

-#define ASN1_STRFLGS_SHOW_TYPE		0x40

-/* This determines which strings to display and which to

- * 'dump' (hex dump of content octets or DER encoding). We can

- * only dump non character strings or everything. If we

- * don't dump 'unknown' they are interpreted as character

- * strings with 1 octet per character and are subject to

- * the usual escaping options.

- */

-#define ASN1_STRFLGS_DUMP_ALL		0x80

-#define ASN1_STRFLGS_DUMP_UNKNOWN	0x100

-/* These determine what 'dumping' does, we can dump the

- * content octets or the DER encoding: both use the

- * RFC2253 #XXXXX notation.

- */

-#define ASN1_STRFLGS_DUMP_DER		0x200

-/* All the string flags consistent with RFC2253,

- * escaping control characters isn't essential in

- * RFC2253 but it is advisable anyway.

- */

-#define ASN1_STRFLGS_RFC2253	(ASN1_STRFLGS_ESC_2253 | \

-				ASN1_STRFLGS_ESC_CTRL | \

-				ASN1_STRFLGS_ESC_MSB | \

-				ASN1_STRFLGS_UTF8_CONVERT | \

-				ASN1_STRFLGS_DUMP_UNKNOWN | \

-				ASN1_STRFLGS_DUMP_DER)

-DECLARE_STACK_OF(ASN1_INTEGER)

-DECLARE_ASN1_SET_OF(ASN1_INTEGER)

-DECLARE_STACK_OF(ASN1_GENERALSTRING)

-typedef struct asn1_type_st

-	{

-	int type;

-	union	{

-		char *ptr;

-		ASN1_BOOLEAN		boolean;

-		ASN1_STRING *		asn1_string;

-		ASN1_OBJECT *		object;

-		ASN1_INTEGER *		integer;

-		ASN1_ENUMERATED *	enumerated;

-		ASN1_BIT_STRING *	bit_string;

-		ASN1_OCTET_STRING *	octet_string;

-		ASN1_PRINTABLESTRING *	printablestring;

-		ASN1_T61STRING *	t61string;

-		ASN1_IA5STRING *	ia5string;

-		ASN1_GENERALSTRING *	generalstring;

-		ASN1_BMPSTRING *	bmpstring;

-		ASN1_UNIVERSALSTRING *	universalstring;

-		ASN1_UTCTIME *		utctime;

-		ASN1_GENERALIZEDTIME *	generalizedtime;

-		ASN1_VISIBLESTRING *	visiblestring;

-		ASN1_UTF8STRING *	utf8string;

-		/* set and sequence are left complete and still

-		 * contain the set or sequence bytes */

-		ASN1_STRING *		set;

-		ASN1_STRING *		sequence;

-		} value;

-	} ASN1_TYPE;

-DECLARE_STACK_OF(ASN1_TYPE)

-DECLARE_ASN1_SET_OF(ASN1_TYPE)

-typedef struct asn1_method_st

-	{

-	i2d_of_void *i2d;

-	d2i_of_void *d2i;

-	void *(*create)(void);

-	void (*destroy)(void *);

-	} ASN1_METHOD;

-/* This is used when parsing some Netscape objects */

-typedef struct asn1_header_st

-	{

-	ASN1_OCTET_STRING *header;

-	void *data;

-	ASN1_METHOD *meth;

-	} ASN1_HEADER;

-/* This is used to contain a list of bit names */

-typedef struct BIT_STRING_BITNAME_st {

-	int bitnum;

-	const char *lname;

-	const char *sname;

-} BIT_STRING_BITNAME;

-#define M_ASN1_STRING_length(x)	((x)->length)

-#define M_ASN1_STRING_length_set(x, n)	((x)->length = (n))

-#define M_ASN1_STRING_type(x)	((x)->type)

-#define M_ASN1_STRING_data(x)	((x)->data)

-/* Macros for string operations */

-#define M_ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\

-		ASN1_STRING_type_new(V_ASN1_BIT_STRING)

-#define M_ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\

-		ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)

-#define M_ASN1_INTEGER_new()	(ASN1_INTEGER *)\

-		ASN1_STRING_type_new(V_ASN1_INTEGER)

-#define M_ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\

-		ASN1_STRING_type_new(V_ASN1_ENUMERATED)

-#define M_ASN1_ENUMERATED_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\

-		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)

-#define M_ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\

-		ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)

-#define M_ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)

-#define M_i2d_ASN1_OCTET_STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\

-		V_ASN1_UNIVERSAL)

-#define B_ASN1_TIME \

-			B_ASN1_UTCTIME | \

-			B_ASN1_GENERALIZEDTIME

-#define B_ASN1_PRINTABLE \

-			B_ASN1_PRINTABLESTRING| \

-			B_ASN1_T61STRING| \

-			B_ASN1_IA5STRING| \

-			B_ASN1_BIT_STRING| \

-			B_ASN1_UNIVERSALSTRING|\

-			B_ASN1_BMPSTRING|\

-			B_ASN1_UTF8STRING|\

-			B_ASN1_SEQUENCE|\

-			B_ASN1_UNKNOWN

-#define B_ASN1_DIRECTORYSTRING \

-			B_ASN1_PRINTABLESTRING| \

-			B_ASN1_TELETEXSTRING|\

-			B_ASN1_BMPSTRING|\

-			B_ASN1_UNIVERSALSTRING|\

-			B_ASN1_UTF8STRING

-#define B_ASN1_DISPLAYTEXT \

-			B_ASN1_IA5STRING| \

-			B_ASN1_VISIBLESTRING| \

-			B_ASN1_BMPSTRING|\

-			B_ASN1_UTF8STRING

-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)

-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\

-		pp,a->type,V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \

-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \

-			B_ASN1_PRINTABLE)

-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)

-#define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\

-						pp,a->type,V_ASN1_UNIVERSAL)

-#define M_d2i_DIRECTORYSTRING(a,pp,l) \

-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \

-			B_ASN1_DIRECTORYSTRING)

-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)

-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\

-						pp,a->type,V_ASN1_UNIVERSAL)

-#define M_d2i_DISPLAYTEXT(a,pp,l) \

-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \

-			B_ASN1_DISPLAYTEXT)

-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\

-		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)

-#define M_ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\

-		V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \

-		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)

-#define M_ASN1_T61STRING_new()	(ASN1_T61STRING *)\

-		ASN1_STRING_type_new(V_ASN1_T61STRING)

-#define M_ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_T61STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\

-		V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_T61STRING(a,pp,l) \

-		(ASN1_T61STRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)

-#define M_ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\

-		ASN1_STRING_type_new(V_ASN1_IA5STRING)

-#define M_ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_IA5STRING_dup(a)	\

-			(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_i2d_ASN1_IA5STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_IA5STRING(a,pp,l) \

-		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\

-			B_ASN1_IA5STRING)

-#define M_ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\

-		ASN1_STRING_type_new(V_ASN1_UTCTIME)

-#define M_ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\

-		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)

-#define M_ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\

-	(ASN1_STRING *)a)

-#define M_ASN1_TIME_new()	(ASN1_TIME *)\

-		ASN1_STRING_type_new(V_ASN1_UTCTIME)

-#define M_ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\

-		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)

-#define M_ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_GENERALSTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \

-		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)

-#define M_ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\

-		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)

-#define M_ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \

-		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)

-#define M_ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\

-		ASN1_STRING_type_new(V_ASN1_BMPSTRING)

-#define M_ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_BMPSTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \

-		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)

-#define M_ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\

-		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)

-#define M_ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \

-		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)

-#define M_ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\

-		ASN1_STRING_type_new(V_ASN1_UTF8STRING)

-#define M_ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_UTF8STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \

-		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)

-  /* for the is_set parameter to i2d_ASN1_SET */

-#define IS_SEQUENCE	0

-#define IS_SET		1

-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)

-int ASN1_TYPE_get(ASN1_TYPE *a);

-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);

-ASN1_OBJECT *	ASN1_OBJECT_new(void );

-void		ASN1_OBJECT_free(ASN1_OBJECT *a);

-int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);

-ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,

-			long length);

-ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,

-			long length);

-DECLARE_ASN1_ITEM(ASN1_OBJECT)

-DECLARE_STACK_OF(ASN1_OBJECT)

-DECLARE_ASN1_SET_OF(ASN1_OBJECT)

-ASN1_STRING *	ASN1_STRING_new(void);

-void		ASN1_STRING_free(ASN1_STRING *a);

-ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);

-ASN1_STRING *	ASN1_STRING_type_new(int type );

-int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);

-  /* Since this is used to store all sorts of things, via macros, for now, make

-     its data void * */

-int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);

-int ASN1_STRING_length(ASN1_STRING *x);

-void ASN1_STRING_length_set(ASN1_STRING *x, int n);

-int ASN1_STRING_type(ASN1_STRING *x);

-unsigned char * ASN1_STRING_data(ASN1_STRING *x);

-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)

-int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);

-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,

-			long length);

-int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,

-			int length );

-int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);

-int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);

-#ifndef OPENSSL_NO_BIO

-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,

-				BIT_STRING_BITNAME *tbl, int indent);

-#endif

-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);

-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,

-				BIT_STRING_BITNAME *tbl);

-int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);

-int 		d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);

-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)

-int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);

-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,

-			long length);

-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,

-			long length);

-ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);

-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);

-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);

-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);

-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);

-#if 0

-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);

-#endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);

-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);

-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);

-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)

-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);

-int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);

-int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);

-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)

-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)

-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);

-int UTF8_putc(unsigned char *str, int len, unsigned long value);

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)

-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)

-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)

-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)

-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);

-int ASN1_TIME_check(ASN1_TIME *t);

-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

-int i2d_ASN1_SET(STACK *a, unsigned char **pp,

-		 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);

-STACK *	d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,

-		     d2i_of_void *d2i, void (*free_func)(void *),

-		     int ex_tag, int ex_class);

-#ifndef OPENSSL_NO_BIO

-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);

-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);

-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);

-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);

-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);

-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);

-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);

-#endif

-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);

-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);

-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,

-	const char *sn, const char *ln);

-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);

-long ASN1_INTEGER_get(ASN1_INTEGER *a);

-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);

-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);

-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);

-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);

-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);

-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);

-/* General */

-/* given a string, return the correct type, max is the maximum length */

-int ASN1_PRINTABLE_type(const unsigned char *s, int max);

-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);

-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,

-	long length, int Ptag, int Pclass);

-unsigned long ASN1_tag2bit(int tag);

-/* type is one or more of the B_ASN1_ values. */

-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,

-		long length,int type);

-/* PARSING */

-int asn1_Finish(ASN1_CTX *c);

-int asn1_const_Finish(ASN1_const_CTX *c);

-/* SPECIALS */

-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,

-	int *pclass, long omax);

-int ASN1_check_infinite_end(unsigned char **p,long len);

-int ASN1_const_check_infinite_end(const unsigned char **p,long len);

-void ASN1_put_object(unsigned char **pp, int constructed, int length,

-	int tag, int xclass);

-int ASN1_put_eoc(unsigned char **pp);

-int ASN1_object_size(int constructed, int length, int tag);

-/* Used to implement other functions */

-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);

-#define ASN1_dup_of(type,i2d,d2i,x) \

-    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \

-		     CHECKED_D2I_OF(type, d2i), \

-		     CHECKED_PTR_OF(type, x)))

-#define ASN1_dup_of_const(type,i2d,d2i,x) \

-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \

-		     CHECKED_D2I_OF(type, d2i), \

-		     CHECKED_PTR_OF(const type, x)))

-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);

-#ifndef OPENSSL_NO_FP_API

-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);

-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \

-    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \

-			CHECKED_D2I_OF(type, d2i), \

-			in, \

-			CHECKED_PPTR_OF(type, x)))

-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);

-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);

-#define ASN1_i2d_fp_of(type,i2d,out,x) \

-    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \

-		 out, \

-		 CHECKED_PTR_OF(type, x)))

-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \

-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \

-		 out, \

-		 CHECKED_PTR_OF(const type, x)))

-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);

-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);

-#endif

-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);

-#ifndef OPENSSL_NO_BIO

-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);

-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \

-    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \

-			  CHECKED_D2I_OF(type, d2i), \

-			  in, \

-			  CHECKED_PPTR_OF(type, x)))

-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);

-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);

-#define ASN1_i2d_bio_of(type,i2d,out,x) \

-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \

-		  out, \

-		  CHECKED_PTR_OF(type, x)))

-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \

-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \

-		  out, \

-		  CHECKED_PTR_OF(const type, x)))

-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);

-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);

-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);

-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);

-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);

-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);

-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);

-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);

-#endif

-const char *ASN1_tag2str(int tag);

-/* Used to load and write netscape format cert/key */

-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);

-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);

-ASN1_HEADER *ASN1_HEADER_new(void );

-void ASN1_HEADER_free(ASN1_HEADER *a);

-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);

-/* Not used that much at this point, except for the first two */

-ASN1_METHOD *X509_asn1_meth(void);

-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);

-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);

-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);

-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,

-	unsigned char *data, int len);

-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,

-	unsigned char *data, int max_len);

-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,

-	unsigned char *data, int len);

-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,

-	unsigned char *data, int max_len);

-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,

-		       d2i_of_void *d2i, void (*free_func)(void *));

-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,

-			     unsigned char **buf, int *len );

-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);

-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);

-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,

-			      ASN1_OCTET_STRING **oct);

-#define ASN1_pack_string_of(type,obj,i2d,oct) \

-    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \

-		      CHECKED_I2D_OF(type, i2d), \

-		      oct))

-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);

-void ASN1_STRING_set_default_mask(unsigned long mask);

-int ASN1_STRING_set_default_mask_asc(char *p);

-unsigned long ASN1_STRING_get_default_mask(void);

-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,

-					int inform, unsigned long mask);

-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,

-					int inform, unsigned long mask,

-					long minsize, long maxsize);

-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,

-		const unsigned char *in, int inlen, int inform, int nid);

-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);

-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);

-void ASN1_STRING_TABLE_cleanup(void);

-/* ASN1 template functions */

-/* Old API compatible functions */

-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);

-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);

-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);

-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);

-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);

-void ASN1_add_oid_module(void);

-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);

-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ASN1_strings(void);

-/* Error codes for the ASN1 functions. */

-/* Function codes. */

-#define ASN1_F_A2D_ASN1_OBJECT				 100

-#define ASN1_F_A2I_ASN1_ENUMERATED			 101

-#define ASN1_F_A2I_ASN1_INTEGER				 102

-#define ASN1_F_A2I_ASN1_STRING				 103

-#define ASN1_F_APPEND_EXP				 176

-#define ASN1_F_ASN1_BIT_STRING_SET_BIT			 183

-#define ASN1_F_ASN1_CB					 177

-#define ASN1_F_ASN1_CHECK_TLEN				 104

-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105

-#define ASN1_F_ASN1_COLLECT				 106

-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108

-#define ASN1_F_ASN1_D2I_FP				 109

-#define ASN1_F_ASN1_D2I_READ_BIO			 107

-#define ASN1_F_ASN1_DIGEST				 184

-#define ASN1_F_ASN1_DO_ADB				 110

-#define ASN1_F_ASN1_DUP					 111

-#define ASN1_F_ASN1_ENUMERATED_SET			 112

-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113

-#define ASN1_F_ASN1_EX_C2I				 204

-#define ASN1_F_ASN1_FIND_END				 190

-#define ASN1_F_ASN1_GENERALIZEDTIME_SET			 185

-#define ASN1_F_ASN1_GENERATE_V3				 178

-#define ASN1_F_ASN1_GET_OBJECT				 114

-#define ASN1_F_ASN1_HEADER_NEW				 115

-#define ASN1_F_ASN1_I2D_BIO				 116

-#define ASN1_F_ASN1_I2D_FP				 117

-#define ASN1_F_ASN1_INTEGER_SET				 118

-#define ASN1_F_ASN1_INTEGER_TO_BN			 119

-#define ASN1_F_ASN1_ITEM_D2I_FP				 206

-#define ASN1_F_ASN1_ITEM_DUP				 191

-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW			 121

-#define ASN1_F_ASN1_ITEM_EX_D2I				 120

-#define ASN1_F_ASN1_ITEM_I2D_BIO			 192

-#define ASN1_F_ASN1_ITEM_I2D_FP				 193

-#define ASN1_F_ASN1_ITEM_PACK				 198

-#define ASN1_F_ASN1_ITEM_SIGN				 195

-#define ASN1_F_ASN1_ITEM_UNPACK				 199

-#define ASN1_F_ASN1_ITEM_VERIFY				 197

-#define ASN1_F_ASN1_MBSTRING_NCOPY			 122

-#define ASN1_F_ASN1_OBJECT_NEW				 123

-#define ASN1_F_ASN1_PACK_STRING				 124

-#define ASN1_F_ASN1_PCTX_NEW				 205

-#define ASN1_F_ASN1_PKCS5_PBE_SET			 125

-#define ASN1_F_ASN1_SEQ_PACK				 126

-#define ASN1_F_ASN1_SEQ_UNPACK				 127

-#define ASN1_F_ASN1_SIGN				 128

-#define ASN1_F_ASN1_STR2TYPE				 179

-#define ASN1_F_ASN1_STRING_SET				 186

-#define ASN1_F_ASN1_STRING_TABLE_ADD			 129

-#define ASN1_F_ASN1_STRING_TYPE_NEW			 130

-#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132

-#define ASN1_F_ASN1_TEMPLATE_NEW			 133

-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I			 131

-#define ASN1_F_ASN1_TIME_SET				 175

-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134

-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135

-#define ASN1_F_ASN1_UNPACK_STRING			 136

-#define ASN1_F_ASN1_UTCTIME_SET				 187

-#define ASN1_F_ASN1_VERIFY				 137

-#define ASN1_F_BITSTR_CB				 180

-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138

-#define ASN1_F_BN_TO_ASN1_INTEGER			 139

-#define ASN1_F_C2I_ASN1_BIT_STRING			 189

-#define ASN1_F_C2I_ASN1_INTEGER				 194

-#define ASN1_F_C2I_ASN1_OBJECT				 196

-#define ASN1_F_COLLECT_DATA				 140

-#define ASN1_F_D2I_ASN1_BIT_STRING			 141

-#define ASN1_F_D2I_ASN1_BOOLEAN				 142

-#define ASN1_F_D2I_ASN1_BYTES				 143

-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144

-#define ASN1_F_D2I_ASN1_HEADER				 145

-#define ASN1_F_D2I_ASN1_INTEGER				 146

-#define ASN1_F_D2I_ASN1_OBJECT				 147

-#define ASN1_F_D2I_ASN1_SET				 148

-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149

-#define ASN1_F_D2I_ASN1_UINTEGER			 150

-#define ASN1_F_D2I_ASN1_UTCTIME				 151

-#define ASN1_F_D2I_NETSCAPE_RSA				 152

-#define ASN1_F_D2I_NETSCAPE_RSA_2			 153

-#define ASN1_F_D2I_PRIVATEKEY				 154

-#define ASN1_F_D2I_PUBLICKEY				 155

-#define ASN1_F_D2I_RSA_NET				 200

-#define ASN1_F_D2I_RSA_NET_2				 201

-#define ASN1_F_D2I_X509					 156

-#define ASN1_F_D2I_X509_CINF				 157

-#define ASN1_F_D2I_X509_PKEY				 159

-#define ASN1_F_I2D_ASN1_SET				 188

-#define ASN1_F_I2D_ASN1_TIME				 160

-#define ASN1_F_I2D_DSA_PUBKEY				 161

-#define ASN1_F_I2D_EC_PUBKEY				 181

-#define ASN1_F_I2D_PRIVATEKEY				 163

-#define ASN1_F_I2D_PUBLICKEY				 164

-#define ASN1_F_I2D_RSA_NET				 162

-#define ASN1_F_I2D_RSA_PUBKEY				 165

-#define ASN1_F_LONG_C2I					 166

-#define ASN1_F_OID_MODULE_INIT				 174

-#define ASN1_F_PARSE_TAGGING				 182

-#define ASN1_F_PKCS5_PBE2_SET				 167

-#define ASN1_F_PKCS5_PBE_SET				 202

-#define ASN1_F_X509_CINF_NEW				 168

-#define ASN1_F_X509_CRL_ADD0_REVOKED			 169

-#define ASN1_F_X509_INFO_NEW				 170

-#define ASN1_F_X509_NAME_ENCODE				 203

-#define ASN1_F_X509_NAME_EX_D2I				 158

-#define ASN1_F_X509_NAME_EX_NEW				 171

-#define ASN1_F_X509_NEW					 172

-#define ASN1_F_X509_PKEY_NEW				 173

-/* Reason codes. */

-#define ASN1_R_ADDING_OBJECT				 171

-#define ASN1_R_AUX_ERROR				 100

-#define ASN1_R_BAD_CLASS				 101

-#define ASN1_R_BAD_OBJECT_HEADER			 102

-#define ASN1_R_BAD_PASSWORD_READ			 103

-#define ASN1_R_BAD_TAG					 104

-#define ASN1_R_BN_LIB					 105

-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106

-#define ASN1_R_BUFFER_TOO_SMALL				 107

-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108

-#define ASN1_R_DATA_IS_WRONG				 109

-#define ASN1_R_DECODE_ERROR				 110

-#define ASN1_R_DECODING_ERROR				 111

-#define ASN1_R_DEPTH_EXCEEDED				 174

-#define ASN1_R_ENCODE_ERROR				 112

-#define ASN1_R_ERROR_GETTING_TIME			 173

-#define ASN1_R_ERROR_LOADING_SECTION			 172

-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113

-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114

-#define ASN1_R_EXPECTING_AN_INTEGER			 115

-#define ASN1_R_EXPECTING_AN_OBJECT			 116

-#define ASN1_R_EXPECTING_A_BOOLEAN			 117

-#define ASN1_R_EXPECTING_A_TIME				 118

-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119

-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120

-#define ASN1_R_FIELD_MISSING				 121

-#define ASN1_R_FIRST_NUM_TOO_LARGE			 122

-#define ASN1_R_HEADER_TOO_LONG				 123

-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 175

-#define ASN1_R_ILLEGAL_BOOLEAN				 176

-#define ASN1_R_ILLEGAL_CHARACTERS			 124

-#define ASN1_R_ILLEGAL_FORMAT				 177

-#define ASN1_R_ILLEGAL_HEX				 178

-#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 179

-#define ASN1_R_ILLEGAL_INTEGER				 180

-#define ASN1_R_ILLEGAL_NESTED_TAGGING			 181

-#define ASN1_R_ILLEGAL_NULL				 125

-#define ASN1_R_ILLEGAL_NULL_VALUE			 182

-#define ASN1_R_ILLEGAL_OBJECT				 183

-#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126

-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170

-#define ASN1_R_ILLEGAL_TAGGED_ANY			 127

-#define ASN1_R_ILLEGAL_TIME_VALUE			 184

-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185

-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128

-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129

-#define ASN1_R_INVALID_DIGIT				 130

-#define ASN1_R_INVALID_MODIFIER				 186

-#define ASN1_R_INVALID_NUMBER				 187

-#define ASN1_R_INVALID_SEPARATOR			 131

-#define ASN1_R_INVALID_TIME_FORMAT			 132

-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133

-#define ASN1_R_INVALID_UTF8STRING			 134

-#define ASN1_R_IV_TOO_LARGE				 135

-#define ASN1_R_LENGTH_ERROR				 136

-#define ASN1_R_LIST_ERROR				 188

-#define ASN1_R_MISSING_EOC				 137

-#define ASN1_R_MISSING_SECOND_NUMBER			 138

-#define ASN1_R_MISSING_VALUE				 189

-#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139

-#define ASN1_R_MSTRING_WRONG_TAG			 140

-#define ASN1_R_NESTED_ASN1_STRING			 197

-#define ASN1_R_NON_HEX_CHARACTERS			 141

-#define ASN1_R_NOT_ASCII_FORMAT				 190

-#define ASN1_R_NOT_ENOUGH_DATA				 142

-#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143

-#define ASN1_R_NULL_IS_WRONG_LENGTH			 144

-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 191

-#define ASN1_R_ODD_NUMBER_OF_CHARS			 145

-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146

-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147

-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148

-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149

-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 192

-#define ASN1_R_SHORT_LINE				 150

-#define ASN1_R_STRING_TOO_LONG				 151

-#define ASN1_R_STRING_TOO_SHORT				 152

-#define ASN1_R_TAG_VALUE_TOO_HIGH			 153

-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154

-#define ASN1_R_TIME_NOT_ASCII_FORMAT			 193

-#define ASN1_R_TOO_LONG					 155

-#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156

-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157

-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158

-#define ASN1_R_UNEXPECTED_EOC				 159

-#define ASN1_R_UNKNOWN_FORMAT				 160

-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161

-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162

-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163

-#define ASN1_R_UNKNOWN_TAG				 194

-#define ASN1_R_UNKOWN_FORMAT				 195

-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164

-#define ASN1_R_UNSUPPORTED_CIPHER			 165

-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166

-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167

-#define ASN1_R_UNSUPPORTED_TYPE				 196

-#define ASN1_R_WRONG_TAG				 168

-#define ASN1_R_WRONG_TYPE				 169

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/asn1_mac.h

+++ /dev/null

@@ -1,571 +1,0 @@

-/* crypto/asn1/asn1_mac.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ASN1_MAC_H

-#define HEADER_ASN1_MAC_H

-#include <openssl/asn1.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifndef ASN1_MAC_ERR_LIB

-#define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1

-#endif

-#define ASN1_MAC_H_err(f,r,line) \

-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))

-#define M_ASN1_D2I_vars(a,type,func) \

-	ASN1_const_CTX c; \

-	type ret=NULL; \

-	\

-	c.pp=(const unsigned char **)pp; \

-	c.q= *(const unsigned char **)pp; \

-	c.error=ERR_R_NESTED_ASN1_ERROR; \

-	if ((a == NULL) || ((*a) == NULL)) \

-		{ if ((ret=(type)func()) == NULL) \

-			{ c.line=__LINE__; goto err; } } \

-	else	ret=(*a);

-#define M_ASN1_D2I_Init() \

-	c.p= *(const unsigned char **)pp; \

-	c.max=(length == 0)?0:(c.p+length);

-#define M_ASN1_D2I_Finish_2(a) \

-	if (!asn1_const_Finish(&c)) \

-		{ c.line=__LINE__; goto err; } \

-	*(const unsigned char **)pp=c.p; \

-	if (a != NULL) (*a)=ret; \

-	return(ret);

-#define M_ASN1_D2I_Finish(a,func,e) \

-	M_ASN1_D2I_Finish_2(a); \

-err:\

-	ASN1_MAC_H_err((e),c.error,c.line); \

-	asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \

-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \

-	return(NULL)

-#define M_ASN1_D2I_start_sequence() \

-	if (!asn1_GetSequence(&c,&length)) \

-		{ c.line=__LINE__; goto err; }

-/* Begin reading ASN1 without a surrounding sequence */

-#define M_ASN1_D2I_begin() \

-	c.slen = length;

-/* End reading ASN1 with no check on length */

-#define M_ASN1_D2I_Finish_nolen(a, func, e) \

-	*pp=c.p; \

-	if (a != NULL) (*a)=ret; \

-	return(ret); \

-err:\

-	ASN1_MAC_H_err((e),c.error,c.line); \

-	asn1_add_error(*pp,(int)(c.q- *pp)); \

-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \

-	return(NULL)

-#define M_ASN1_D2I_end_sequence() \

-	(((c.inf&1) == 0)?(c.slen <= 0): \

-		(c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))

-/* Don't use this with d2i_ASN1_BOOLEAN() */

-#define M_ASN1_D2I_get(b, func) \

-	c.q=c.p; \

-	if (func(&(b),&c.p,c.slen) == NULL) \

-		{c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-/* Don't use this with d2i_ASN1_BOOLEAN() */

-#define M_ASN1_D2I_get_x(type,b,func) \

-	c.q=c.p; \

-	if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \

-		{c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-/* use this instead () */

-#define M_ASN1_D2I_get_int(b,func) \

-	c.q=c.p; \

-	if (func(&(b),&c.p,c.slen) < 0) \

-		{c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_opt(b,func,type) \

-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \

-		== (V_ASN1_UNIVERSAL|(type)))) \

-		{ \

-		M_ASN1_D2I_get(b,func); \

-		}

-#define M_ASN1_D2I_get_imp(b,func, type) \

-	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \

-	c.q=c.p; \

-	if (func(&(b),&c.p,c.slen) == NULL) \

-		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \

-	c.slen-=(c.p-c.q);\

-	M_ASN1_next_prev=_tmp;

-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \

-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \

-		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \

-		{ \

-		unsigned char _tmp = M_ASN1_next; \

-		M_ASN1_D2I_get_imp(b,func, type);\

-		}

-#define M_ASN1_D2I_get_set(r,func,free_func) \

-		M_ASN1_D2I_get_imp_set(r,func,free_func, \

-			V_ASN1_SET,V_ASN1_UNIVERSAL);

-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \

-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \

-			V_ASN1_SET,V_ASN1_UNIVERSAL);

-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\

-		{ M_ASN1_D2I_get_set(r,func,free_func); }

-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\

-		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }

-#define M_ASN1_I2D_len_SET_opt(a,f) \

-	if ((a != NULL) && (sk_num(a) != 0)) \

-		M_ASN1_I2D_len_SET(a,f);

-#define M_ASN1_I2D_put_SET_opt(a,f) \

-	if ((a != NULL) && (sk_num(a) != 0)) \

-		M_ASN1_I2D_put_SET(a,f);

-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \

-	if ((a != NULL) && (sk_num(a) != 0)) \

-		M_ASN1_I2D_put_SEQUENCE(a,f);

-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \

-	if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);

-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \

-	if ((c.slen != 0) && \

-		(M_ASN1_next == \

-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\

-		{ \

-		M_ASN1_D2I_get_imp_set(b,func,free_func,\

-			tag,V_ASN1_CONTEXT_SPECIFIC); \

-		}

-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \

-	if ((c.slen != 0) && \

-		(M_ASN1_next == \

-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\

-		{ \

-		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\

-			tag,V_ASN1_CONTEXT_SPECIFIC); \

-		}

-#define M_ASN1_D2I_get_seq(r,func,free_func) \

-		M_ASN1_D2I_get_imp_set(r,func,free_func,\

-			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);

-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \

-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\

-					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)

-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\

-		{ M_ASN1_D2I_get_seq(r,func,free_func); }

-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\

-		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }

-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \

-		M_ASN1_D2I_get_imp_set(r,func,free_func,\

-			x,V_ASN1_CONTEXT_SPECIFIC);

-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \

-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\

-			x,V_ASN1_CONTEXT_SPECIFIC);

-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \

-	c.q=c.p; \

-	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\

-		(void (*)())free_func,a,b) == NULL) \

-		{ c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \

-	c.q=c.p; \

-	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\

-				   free_func,a,b) == NULL) \

-		{ c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \

-	c.q=c.p; \

-	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \

-		{ c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \

-	if ((c.slen != 0L) && (M_ASN1_next == \

-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \

-		{ \

-		int Tinf,Ttag,Tclass; \

-		long Tlen; \

-		\

-		c.q=c.p; \

-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \

-		if (Tinf & 0x80) \

-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \

-			c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \

-					Tlen = c.slen - (c.p - c.q) - 2; \

-		if (func(&(r),&c.p,Tlen) == NULL) \

-			{ c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \

-			Tlen = c.slen - (c.p - c.q); \

-			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \

-				{ c.error=ERR_R_MISSING_ASN1_EOS; \

-				c.line=__LINE__; goto err; } \

-		}\

-		c.slen-=(c.p-c.q); \

-		}

-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \

-	if ((c.slen != 0) && (M_ASN1_next == \

-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \

-		{ \

-		int Tinf,Ttag,Tclass; \

-		long Tlen; \

-		\

-		c.q=c.p; \

-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \

-		if (Tinf & 0x80) \

-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \

-			c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \

-					Tlen = c.slen - (c.p - c.q) - 2; \

-		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \

-			(void (*)())free_func, \

-			b,V_ASN1_UNIVERSAL) == NULL) \

-			{ c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \

-			Tlen = c.slen - (c.p - c.q); \

-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \

-				{ c.error=ERR_R_MISSING_ASN1_EOS; \

-				c.line=__LINE__; goto err; } \

-		}\

-		c.slen-=(c.p-c.q); \

-		}

-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \

-	if ((c.slen != 0) && (M_ASN1_next == \

-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \

-		{ \

-		int Tinf,Ttag,Tclass; \

-		long Tlen; \

-		\

-		c.q=c.p; \

-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \

-		if (Tinf & 0x80) \

-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \

-			c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \

-					Tlen = c.slen - (c.p - c.q) - 2; \

-		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \

-			free_func,b,V_ASN1_UNIVERSAL) == NULL) \

-			{ c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \

-			Tlen = c.slen - (c.p - c.q); \

-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \

-				{ c.error=ERR_R_MISSING_ASN1_EOS; \

-				c.line=__LINE__; goto err; } \

-		}\

-		c.slen-=(c.p-c.q); \

-		}

-/* New macros */

-#define M_ASN1_New_Malloc(ret,type) \

-	if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \

-		{ c.line=__LINE__; goto err2; }

-#define M_ASN1_New(arg,func) \

-	if (((arg)=func()) == NULL) return(NULL)

-#define M_ASN1_New_Error(a) \

-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \

-		return(NULL);*/ \

-	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \

-		return(NULL)

-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,

-   some macros that use ASN1_const_CTX still insist on writing in the input

-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.

-   Please?						-- Richard Levitte */

-#define M_ASN1_next		(*((unsigned char *)(c.p)))

-#define M_ASN1_next_prev	(*((unsigned char *)(c.q)))

-/*************************************************/

-#define M_ASN1_I2D_vars(a)	int r=0,ret=0; \

-				unsigned char *p; \

-				if (a == NULL) return(0)

-/* Length Macros */

-#define M_ASN1_I2D_len(a,f)	ret+=f(a,NULL)

-#define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)

-#define M_ASN1_I2D_len_SET(a,f) \

-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);

-#define M_ASN1_I2D_len_SET_type(type,a,f) \

-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \

-					    V_ASN1_UNIVERSAL,IS_SET);

-#define M_ASN1_I2D_len_SEQUENCE(a,f) \

-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \

-				  IS_SEQUENCE);

-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \

-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \

-					    V_ASN1_UNIVERSAL,IS_SEQUENCE)

-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			M_ASN1_I2D_len_SEQUENCE(a,f);

-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);

-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \

-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);

-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \

-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \

-					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);

-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-					  IS_SET);

-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \

-					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);

-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \

-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-				  IS_SEQUENCE);

-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-					  IS_SEQUENCE);

-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \

-						    V_ASN1_CONTEXT_SPECIFIC, \

-						    IS_SEQUENCE);

-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \

-		if (a != NULL)\

-			{ \

-			v=f(a,NULL); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0))\

-			{ \

-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0))\

-			{ \

-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \

-				       IS_SEQUENCE); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0))\

-			{ \

-			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \

-						 V_ASN1_UNIVERSAL, \

-						 IS_SEQUENCE); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-/* Put Macros */

-#define M_ASN1_I2D_put(a,f)	f(a,&p)

-#define M_ASN1_I2D_put_IMP_opt(a,f,t)	\

-		if (a != NULL) \

-			{ \

-			unsigned char *q=p; \

-			f(a,&p); \

-			*q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\

-			}

-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\

-			V_ASN1_UNIVERSAL,IS_SET)

-#define M_ASN1_I2D_put_SET_type(type,a,f) \

-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)

-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\

-			V_ASN1_CONTEXT_SPECIFIC,IS_SET)

-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \

-     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)

-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\

-			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)

-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\

-					     V_ASN1_UNIVERSAL,IS_SEQUENCE)

-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \

-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \

-			    IS_SEQUENCE)

-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			M_ASN1_I2D_put_SEQUENCE(a,f);

-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-				       IS_SET); }

-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \

-						 V_ASN1_CONTEXT_SPECIFIC, \

-						 IS_SET); }

-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-				       IS_SEQUENCE); }

-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \

-						 V_ASN1_CONTEXT_SPECIFIC, \

-						 IS_SEQUENCE); }

-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \

-		if (a != NULL) \

-			{ \

-			ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \

-			f(a,&p); \

-			}

-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ \

-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \

-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \

-			}

-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ \

-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \

-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \

-			}

-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			{ \

-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \

-			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \

-					       IS_SEQUENCE); \

-			}

-#define M_ASN1_I2D_seq_total() \

-		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \

-		if (pp == NULL) return(r); \

-		p= *pp; \

-		ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)

-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \

-		*(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \

-		*(p++)=0x80

-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00

-#define M_ASN1_I2D_finish()	*pp=p; \

-				return(r);

-int asn1_GetSequence(ASN1_const_CTX *c, long *length);

-void asn1_add_error(const unsigned char *address,int offset);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/asn1t.h

+++ /dev/null

@@ -1,886 +1,0 @@

-/* asn1t.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ASN1T_H

-#define HEADER_ASN1T_H

-#include <stddef.h>

-#include <openssl/e_os2.h>

-#include <openssl/asn1.h>

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-/* ASN1 template defines, structures and functions */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */

-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))

-/* Macros for start and end of ASN1_ITEM definition */

-#define ASN1_ITEM_start(itname) \

-	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {

-#define ASN1_ITEM_end(itname) \

-		};

-#else

-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */

-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))

-/* Macros for start and end of ASN1_ITEM definition */

-#define ASN1_ITEM_start(itname) \

-	const ASN1_ITEM * itname##_it(void) \

-	{ \

-		static const ASN1_ITEM local_it = {

-#define ASN1_ITEM_end(itname) \

-		}; \

-	return &local_it; \

-	}

-#endif

-/* Macros to aid ASN1 template writing */

-#define ASN1_ITEM_TEMPLATE(tname) \

-	static const ASN1_TEMPLATE tname##_item_tt

-#define ASN1_ITEM_TEMPLATE_END(tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_PRIMITIVE,\

-		-1,\

-		&tname##_item_tt,\

-		0,\

-		NULL,\

-		0,\

-		#tname \

-	ASN1_ITEM_end(tname)

-/* This is a ASN1 type which just embeds a template */

-/* This pair helps declare a SEQUENCE. We can do:

- *

- * 	ASN1_SEQUENCE(stname) = {

- * 		... SEQUENCE components ...

- * 	} ASN1_SEQUENCE_END(stname)

- *

- * 	This will produce an ASN1_ITEM called stname_it

- *	for a structure called stname.

- *

- * 	If you want the same structure but a different

- *	name then use:

- *

- * 	ASN1_SEQUENCE(itname) = {

- * 		... SEQUENCE components ...

- * 	} ASN1_SEQUENCE_END_name(stname, itname)

- *

- *	This will create an item called itname_it using

- *	a structure called stname.

- */

-#define ASN1_SEQUENCE(tname) \

-	static const ASN1_TEMPLATE tname##_seq_tt[]

-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)

-#define ASN1_SEQUENCE_END_name(stname, tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_SEQUENCE,\

-		V_ASN1_SEQUENCE,\

-		tname##_seq_tt,\

-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\

-		NULL,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-#define ASN1_NDEF_SEQUENCE(tname) \

-	ASN1_SEQUENCE(tname)

-#define ASN1_SEQUENCE_cb(tname, cb) \

-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_BROKEN_SEQUENCE(tname) \

-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_SEQUENCE_ref(tname, cb, lck) \

-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_SEQUENCE_enc(tname, enc, cb) \

-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_NDEF_SEQUENCE_END(tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_NDEF_SEQUENCE,\

-		V_ASN1_SEQUENCE,\

-		tname##_seq_tt,\

-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\

-		NULL,\

-		sizeof(tname),\

-		#tname \

-	ASN1_ITEM_end(tname)

-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)

-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)

-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)

-#define ASN1_SEQUENCE_END_ref(stname, tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_SEQUENCE,\

-		V_ASN1_SEQUENCE,\

-		tname##_seq_tt,\

-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\

-		&tname##_aux,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-/* This pair helps declare a CHOICE type. We can do:

- *

- * 	ASN1_CHOICE(chname) = {

- * 		... CHOICE options ...

- * 	ASN1_CHOICE_END(chname)

- *

- * 	This will produce an ASN1_ITEM called chname_it

- *	for a structure called chname. The structure

- *	definition must look like this:

- *	typedef struct {

- *		int type;

- *		union {

- *			ASN1_SOMETHING *opt1;

- *			ASN1_SOMEOTHER *opt2;

- *		} value;

- *	} chname;

- *

- *	the name of the selector must be 'type'.

- * 	to use an alternative selector name use the

- *      ASN1_CHOICE_END_selector() version.

- */

-#define ASN1_CHOICE(tname) \

-	static const ASN1_TEMPLATE tname##_ch_tt[]

-#define ASN1_CHOICE_cb(tname, cb) \

-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \

-	ASN1_CHOICE(tname)

-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)

-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)

-#define ASN1_CHOICE_END_selector(stname, tname, selname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_CHOICE,\

-		offsetof(stname,selname) ,\

-		tname##_ch_tt,\

-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\

-		NULL,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-#define ASN1_CHOICE_END_cb(stname, tname, selname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_CHOICE,\

-		offsetof(stname,selname) ,\

-		tname##_ch_tt,\

-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\

-		&tname##_aux,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-/* This helps with the template wrapper form of ASN1_ITEM */

-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \

-	(flags), (tag), 0,\

-	#name, ASN1_ITEM_ref(type) }

-/* These help with SEQUENCE or CHOICE components */

-/* used to declare other types */

-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \

-	(flags), (tag), offsetof(stname, field),\

-	#field, ASN1_ITEM_ref(type) }

-/* used when the structure is combined with the parent */

-#define ASN1_EX_COMBINE(flags, tag, type) { \

-	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }

-/* implicit and explicit helper macros */

-#define ASN1_IMP_EX(stname, field, type, tag, ex) \

-		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)

-#define ASN1_EXP_EX(stname, field, type, tag, ex) \

-		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)

-/* Any defined by macros: the field used is in the table itself */

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }

-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }

-#else

-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }

-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }

-#endif

-/* Plain simple type */

-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)

-/* OPTIONAL simple type */

-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)

-/* IMPLICIT tagged simple type */

-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)

-/* IMPLICIT tagged OPTIONAL simple type */

-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)

-/* Same as above but EXPLICIT */

-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)

-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)

-/* SEQUENCE OF type */

-#define ASN1_SEQUENCE_OF(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)

-/* OPTIONAL SEQUENCE OF */

-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)

-/* Same as above but for SET OF */

-#define ASN1_SET_OF(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)

-#define ASN1_SET_OF_OPT(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)

-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */

-#define ASN1_IMP_SET_OF(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)

-#define ASN1_EXP_SET_OF(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)

-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)

-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)

-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)

-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)

-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)

-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)

-/* EXPLICIT OPTIONAL using indefinite length constructed form */

-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)

-/* Macros for the ASN1_ADB structure */

-#define ASN1_ADB(name) \

-	static const ASN1_ADB_TABLE name##_adbtbl[]

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \

-	;\

-	static const ASN1_ADB name##_adb = {\

-		flags,\

-		offsetof(name, field),\

-		app_table,\

-		name##_adbtbl,\

-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\

-		def,\

-		none\

-	}

-#else

-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \

-	;\

-	static const ASN1_ITEM *name##_adb(void) \

-	{ \

-	static const ASN1_ADB internal_adb = \

-		{\

-		flags,\

-		offsetof(name, field),\

-		app_table,\

-		name##_adbtbl,\

-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\

-		def,\

-		none\

-		}; \

-		return (const ASN1_ITEM *) &internal_adb; \

-	} \

-	void dummy_function(void)

-#endif

-#define ADB_ENTRY(val, template) {val, template}

-#define ASN1_ADB_TEMPLATE(name) \

-	static const ASN1_TEMPLATE name##_tt

-/* This is the ASN1 template structure that defines

- * a wrapper round the actual type. It determines the

- * actual position of the field in the value structure,

- * various flags such as OPTIONAL and the field name.

- */

-struct ASN1_TEMPLATE_st {

-unsigned long flags;		/* Various flags */

-long tag;			/* tag, not used if no tagging */

-unsigned long offset;		/* Offset of this field in structure */

-#ifndef NO_ASN1_FIELD_NAMES

-const char *field_name;		/* Field name */

-#endif

-ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */

-};

-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */

-#define ASN1_TEMPLATE_item(t) (t->item_ptr)

-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)

-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;

-typedef struct ASN1_ADB_st ASN1_ADB;

-struct ASN1_ADB_st {

-	unsigned long flags;	/* Various flags */

-	unsigned long offset;	/* Offset of selector field */

-	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */

-	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */

-	long tblcount;		/* Number of entries in tbl */

-	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */

-	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */

-};

-struct ASN1_ADB_TABLE_st {

-	long value;		/* NID for an object or value for an int */

-	const ASN1_TEMPLATE tt;		/* item for this value */

-};

-/* template flags */

-/* Field is optional */

-#define ASN1_TFLG_OPTIONAL	(0x1)

-/* Field is a SET OF */

-#define ASN1_TFLG_SET_OF	(0x1 << 1)

-/* Field is a SEQUENCE OF */

-#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)

-/* Special case: this refers to a SET OF that

- * will be sorted into DER order when encoded *and*

- * the corresponding STACK will be modified to match

- * the new order.

- */

-#define ASN1_TFLG_SET_ORDER	(0x3 << 1)

-/* Mask for SET OF or SEQUENCE OF */

-#define ASN1_TFLG_SK_MASK	(0x3 << 1)

-/* These flags mean the tag should be taken from the

- * tag field. If EXPLICIT then the underlying type

- * is used for the inner tag.

- */

-/* IMPLICIT tagging */

-#define ASN1_TFLG_IMPTAG	(0x1 << 3)

-/* EXPLICIT tagging, inner tag from underlying type */

-#define ASN1_TFLG_EXPTAG	(0x2 << 3)

-#define ASN1_TFLG_TAG_MASK	(0x3 << 3)

-/* context specific IMPLICIT */

-#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT

-/* context specific EXPLICIT */

-#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT

-/* If tagging is in force these determine the

- * type of tag to use. Otherwise the tag is

- * determined by the underlying type. These

- * values reflect the actual octet format.

- */

-/* Universal tag */

-#define ASN1_TFLG_UNIVERSAL	(0x0<<6)

-/* Application tag */

-#define ASN1_TFLG_APPLICATION	(0x1<<6)

-/* Context specific tag */

-#define ASN1_TFLG_CONTEXT	(0x2<<6)

-/* Private tag */

-#define ASN1_TFLG_PRIVATE	(0x3<<6)

-#define ASN1_TFLG_TAG_CLASS	(0x3<<6)

-/* These are for ANY DEFINED BY type. In this case

- * the 'item' field points to an ASN1_ADB structure

- * which contains a table of values to decode the

- * relevant type

- */

-#define ASN1_TFLG_ADB_MASK	(0x3<<8)

-#define ASN1_TFLG_ADB_OID	(0x1<<8)

-#define ASN1_TFLG_ADB_INT	(0x1<<9)

-/* This flag means a parent structure is passed

- * instead of the field: this is useful is a

- * SEQUENCE is being combined with a CHOICE for

- * example. Since this means the structure and

- * item name will differ we need to use the

- * ASN1_CHOICE_END_name() macro for example.

- */

-#define ASN1_TFLG_COMBINE	(0x1<<10)

-/* This flag when present in a SEQUENCE OF, SET OF

- * or EXPLICIT causes indefinite length constructed

- * encoding to be used if required.

- */

-#define ASN1_TFLG_NDEF		(0x1<<11)

-/* This is the actual ASN1 item itself */

-struct ASN1_ITEM_st {

-char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */

-long utype;			/* underlying type */

-const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */

-long tcount;			/* Number of templates if SEQUENCE or CHOICE */

-const void *funcs;		/* functions that handle this type */

-long size;			/* Structure size (usually)*/

-#ifndef NO_ASN1_FIELD_NAMES

-const char *sname;		/* Structure name */

-#endif

-};

-/* These are values for the itype field and

- * determine how the type is interpreted.

- *

- * For PRIMITIVE types the underlying type

- * determines the behaviour if items is NULL.

- *

- * Otherwise templates must contain a single

- * template and the type is treated in the

- * same way as the type specified in the template.

- *

- * For SEQUENCE types the templates field points

- * to the members, the size field is the

- * structure size.

- *

- * For CHOICE types the templates field points

- * to each possible member (typically a union)

- * and the 'size' field is the offset of the

- * selector.

- *

- * The 'funcs' field is used for application

- * specific functions.

- *

- * For COMPAT types the funcs field gives a

- * set of functions that handle this type, this

- * supports the old d2i, i2d convention.

- *

- * The EXTERN type uses a new style d2i/i2d.

- * The new style should be used where possible

- * because it avoids things like the d2i IMPLICIT

- * hack.

- *

- * MSTRING is a multiple string type, it is used

- * for a CHOICE of character strings where the

- * actual strings all occupy an ASN1_STRING

- * structure. In this case the 'utype' field

- * has a special meaning, it is used as a mask

- * of acceptable types using the B_ASN1 constants.

- *

- * NDEF_SEQUENCE is the same as SEQUENCE except

- * that it will use indefinite length constructed

- * encoding if requested.

- *

- */

-#define ASN1_ITYPE_PRIMITIVE		0x0

-#define ASN1_ITYPE_SEQUENCE		0x1

-#define ASN1_ITYPE_CHOICE		0x2

-#define ASN1_ITYPE_COMPAT		0x3

-#define ASN1_ITYPE_EXTERN		0x4

-#define ASN1_ITYPE_MSTRING		0x5

-#define ASN1_ITYPE_NDEF_SEQUENCE	0x6

-/* Cache for ASN1 tag and length, so we

- * don't keep re-reading it for things

- * like CHOICE

- */

-struct ASN1_TLC_st{

-	char valid;	/* Values below are valid */

-	int ret;	/* return value */

-	long plen;	/* length */

-	int ptag;	/* class value */

-	int pclass;	/* class value */

-	int hdrlen;	/* header length */

-};

-/* Typedefs for ASN1 function pointers */

-typedef ASN1_VALUE * ASN1_new_func(void);

-typedef void ASN1_free_func(ASN1_VALUE *a);

-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);

-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);

-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,

-					int tag, int aclass, char opt, ASN1_TLC *ctx);

-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);

-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);

-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);

-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);

-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);

-typedef struct ASN1_COMPAT_FUNCS_st {

-	ASN1_new_func *asn1_new;

-	ASN1_free_func *asn1_free;

-	ASN1_d2i_func *asn1_d2i;

-	ASN1_i2d_func *asn1_i2d;

-} ASN1_COMPAT_FUNCS;

-typedef struct ASN1_EXTERN_FUNCS_st {

-	void *app_data;

-	ASN1_ex_new_func *asn1_ex_new;

-	ASN1_ex_free_func *asn1_ex_free;

-	ASN1_ex_free_func *asn1_ex_clear;

-	ASN1_ex_d2i *asn1_ex_d2i;

-	ASN1_ex_i2d *asn1_ex_i2d;

-} ASN1_EXTERN_FUNCS;

-typedef struct ASN1_PRIMITIVE_FUNCS_st {

-	void *app_data;

-	unsigned long flags;

-	ASN1_ex_new_func *prim_new;

-	ASN1_ex_free_func *prim_free;

-	ASN1_ex_free_func *prim_clear;

-	ASN1_primitive_c2i *prim_c2i;

-	ASN1_primitive_i2c *prim_i2c;

-} ASN1_PRIMITIVE_FUNCS;

-/* This is the ASN1_AUX structure: it handles various

- * miscellaneous requirements. For example the use of

- * reference counts and an informational callback.

- *

- * The "informational callback" is called at various

- * points during the ASN1 encoding and decoding. It can

- * be used to provide minor customisation of the structures

- * used. This is most useful where the supplied routines

- * *almost* do the right thing but need some extra help

- * at a few points. If the callback returns zero then

- * it is assumed a fatal error has occurred and the

- * main operation should be abandoned.

- *

- * If major changes in the default behaviour are required

- * then an external type is more appropriate.

- */

-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);

-typedef struct ASN1_AUX_st {

-	void *app_data;

-	int flags;

-	int ref_offset;		/* Offset of reference value */

-	int ref_lock;		/* Lock type to use */

-	ASN1_aux_cb *asn1_cb;

-	int enc_offset;		/* Offset of ASN1_ENCODING structure */

-} ASN1_AUX;

-/* Flags in ASN1_AUX */

-/* Use a reference count */

-#define ASN1_AFLG_REFCOUNT	1

-/* Save the encoding of structure (useful for signatures) */

-#define ASN1_AFLG_ENCODING	2

-/* The Sequence length is invalid */

-#define ASN1_AFLG_BROKEN	4

-/* operation values for asn1_cb */

-#define ASN1_OP_NEW_PRE		0

-#define ASN1_OP_NEW_POST	1

-#define ASN1_OP_FREE_PRE	2

-#define ASN1_OP_FREE_POST	3

-#define ASN1_OP_D2I_PRE		4

-#define ASN1_OP_D2I_POST	5

-#define ASN1_OP_I2D_PRE		6

-#define ASN1_OP_I2D_POST	7

-/* Macro to implement a primitive type */

-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)

-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \

-				ASN1_ITEM_start(itname) \

-					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \

-				ASN1_ITEM_end(itname)

-/* Macro to implement a multi string type */

-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \

-				ASN1_ITEM_start(itname) \

-					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \

-				ASN1_ITEM_end(itname)

-/* Macro to implement an ASN1_ITEM in terms of old style funcs */

-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)

-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \

-	static const ASN1_COMPAT_FUNCS sname##_ff = { \

-		(ASN1_new_func *)sname##_new, \

-		(ASN1_free_func *)sname##_free, \

-		(ASN1_d2i_func *)d2i_##sname, \

-		(ASN1_i2d_func *)i2d_##sname, \

-	}; \

-	ASN1_ITEM_start(sname) \

-		ASN1_ITYPE_COMPAT, \

-		tag, \

-		NULL, \

-		0, \

-		&sname##_ff, \

-		0, \

-		#sname \

-	ASN1_ITEM_end(sname)

-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \

-	ASN1_ITEM_start(sname) \

-		ASN1_ITYPE_EXTERN, \

-		tag, \

-		NULL, \

-		0, \

-		&fptrs, \

-		0, \

-		#sname \

-	ASN1_ITEM_end(sname)

-/* Macro to implement standard functions in terms of ASN1_ITEM structures */

-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)

-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)

-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \

-			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)

-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \

-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)

-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \

-	stname *fname##_new(void) \

-	{ \

-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \

-	} \

-	void fname##_free(stname *a) \

-	{ \

-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \

-	}

-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)

-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \

-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \

-	{ \

-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\

-	} \

-	int i2d_##fname(stname *a, unsigned char **out) \

-	{ \

-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\

-	}

-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \

-	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \

-	{ \

-		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\

-	}

-/* This includes evil casts to remove const: they will go away when full

- * ASN1 constification is done.

- */

-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \

-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \

-	{ \

-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\

-	} \

-	int i2d_##fname(const stname *a, unsigned char **out) \

-	{ \

-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\

-	}

-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \

-	stname * stname##_dup(stname *x) \

-        { \

-        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \

-        }

-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \

-		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)

-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)

-/* external definitions for primitive types */

-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)

-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)

-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)

-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)

-DECLARE_ASN1_ITEM(CBIGNUM)

-DECLARE_ASN1_ITEM(BIGNUM)

-DECLARE_ASN1_ITEM(LONG)

-DECLARE_ASN1_ITEM(ZLONG)

-DECLARE_STACK_OF(ASN1_VALUE)

-/* Functions used internally by the ASN1 code */

-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);

-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,

-				int tag, int aclass, char opt, ASN1_TLC *ctx);

-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);

-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);

-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);

-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);

-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);

-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);

-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);

-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/bio.h

+++ /dev/null

@@ -1,775 +1,0 @@

-/* crypto/bio/bio.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BIO_H

-#define HEADER_BIO_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-# include <stdio.h>

-#endif

-#include <stdarg.h>

-#include <openssl/crypto.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* These are the 'types' of BIOs */

-#define BIO_TYPE_NONE		0

-#define BIO_TYPE_MEM		(1|0x0400)

-#define BIO_TYPE_FILE		(2|0x0400)

-#define BIO_TYPE_FD		(4|0x0400|0x0100)

-#define BIO_TYPE_SOCKET		(5|0x0400|0x0100)

-#define BIO_TYPE_NULL		(6|0x0400)

-#define BIO_TYPE_SSL		(7|0x0200)

-#define BIO_TYPE_MD		(8|0x0200)		/* passive filter */

-#define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */

-#define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */

-#define BIO_TYPE_BASE64		(11|0x0200)		/* filter */

-#define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */

-#define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */

-#define BIO_TYPE_PROXY_CLIENT	(14|0x0200)		/* client proxy BIO */

-#define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */

-#define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */

-#define BIO_TYPE_NULL_FILTER	(17|0x0200)

-#define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */

-#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */

-#define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */

-#define BIO_TYPE_DGRAM		(21|0x0400|0x0100)

-#define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */

-#define BIO_TYPE_FILTER		0x0200

-#define BIO_TYPE_SOURCE_SINK	0x0400

-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.

- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */

-#define BIO_NOCLOSE		0x00

-#define BIO_CLOSE		0x01

-/* These are used in the following macros and are passed to

- * BIO_ctrl() */

-#define BIO_CTRL_RESET		1  /* opt - rewind/zero etc */

-#define BIO_CTRL_EOF		2  /* opt - are we at the eof */

-#define BIO_CTRL_INFO		3  /* opt - extra tit-bits */

-#define BIO_CTRL_SET		4  /* man - set the 'IO' type */

-#define BIO_CTRL_GET		5  /* man - get the 'IO' type */

-#define BIO_CTRL_PUSH		6  /* opt - internal, used to signify change */

-#define BIO_CTRL_POP		7  /* opt - internal, used to signify change */

-#define BIO_CTRL_GET_CLOSE	8  /* man - set the 'close' on free */

-#define BIO_CTRL_SET_CLOSE	9  /* man - set the 'close' on free */

-#define BIO_CTRL_PENDING	10  /* opt - is their more data buffered */

-#define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */

-#define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */

-#define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */

-/* callback is int cb(BIO *bio,state,ret); */

-#define BIO_CTRL_SET_CALLBACK	14  /* opt - set callback function */

-#define BIO_CTRL_GET_CALLBACK	15  /* opt - set callback function */

-#define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */

-/* dgram BIO stuff */

-#define BIO_CTRL_DGRAM_CONNECT       31  /* BIO dgram special */

-#define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally

-					  * connected socket to be

-					  * passed in */

-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */

-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */

-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */

-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */

-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */

-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */

-/* #ifdef IP_MTU_DISCOVER */

-#define BIO_CTRL_DGRAM_MTU_DISCOVER       39 /* set DF bit on egress packets */

-/* #endif */

-#define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */

-#define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */

-#define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for

-					      * MTU. want to use this

-					      * if asking the kernel

-					      * fails */

-#define BIO_CTRL_DGRAM_MTU_EXCEEDED       43 /* check whether the MTU

-					      * was exceed in the

-					      * previous write

-					      * operation */

-#define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */

-/* modifiers */

-#define BIO_FP_READ		0x02

-#define BIO_FP_WRITE		0x04

-#define BIO_FP_APPEND		0x08

-#define BIO_FP_TEXT		0x10

-#define BIO_FLAGS_READ		0x01

-#define BIO_FLAGS_WRITE		0x02

-#define BIO_FLAGS_IO_SPECIAL	0x04

-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)

-#define BIO_FLAGS_SHOULD_RETRY	0x08

-#ifndef	BIO_FLAGS_UPLINK

-/* "UPLINK" flag denotes file descriptors provided by application.

-   It defaults to 0, as most platforms don't require UPLINK interface. */

-#define	BIO_FLAGS_UPLINK	0

-#endif

-/* Used in BIO_gethostbyname() */

-#define BIO_GHBN_CTRL_HITS		1

-#define BIO_GHBN_CTRL_MISSES		2

-#define BIO_GHBN_CTRL_CACHE_SIZE	3

-#define BIO_GHBN_CTRL_GET_ENTRY		4

-#define BIO_GHBN_CTRL_FLUSH		5

-/* Mostly used in the SSL BIO */

-/* Not used anymore

- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10

- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20

- * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40

- */

-#define BIO_FLAGS_BASE64_NO_NL	0x100

-/* This is used with memory BIOs: it means we shouldn't free up or change the

- * data in any way.

- */

-#define BIO_FLAGS_MEM_RDONLY	0x200

-typedef struct bio_st BIO;

-void BIO_set_flags(BIO *b, int flags);

-int  BIO_test_flags(const BIO *b, int flags);

-void BIO_clear_flags(BIO *b, int flags);

-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))

-#define BIO_set_retry_special(b) \

-		BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))

-#define BIO_set_retry_read(b) \

-		BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))

-#define BIO_set_retry_write(b) \

-		BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))

-/* These are normally used internally in BIOs */

-#define BIO_clear_retry_flags(b) \

-		BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))

-#define BIO_get_retry_flags(b) \

-		BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))

-/* These should be used by the application to tell why we should retry */

-#define BIO_should_read(a)		BIO_test_flags(a, BIO_FLAGS_READ)

-#define BIO_should_write(a)		BIO_test_flags(a, BIO_FLAGS_WRITE)

-#define BIO_should_io_special(a)	BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)

-#define BIO_retry_type(a)		BIO_test_flags(a, BIO_FLAGS_RWS)

-#define BIO_should_retry(a)		BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)

-/* The next three are used in conjunction with the

- * BIO_should_io_special() condition.  After this returns true,

- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO

- * stack and return the 'reason' for the special and the offending BIO.

- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */

-/* Returned from the SSL bio when the certificate retrieval code had an error */

-#define BIO_RR_SSL_X509_LOOKUP		0x01

-/* Returned from the connect BIO when a connect would have blocked */

-#define BIO_RR_CONNECT			0x02

-/* Returned from the accept BIO when an accept would have blocked */

-#define BIO_RR_ACCEPT			0x03

-/* These are passed by the BIO callback */

-#define BIO_CB_FREE	0x01

-#define BIO_CB_READ	0x02

-#define BIO_CB_WRITE	0x03

-#define BIO_CB_PUTS	0x04

-#define BIO_CB_GETS	0x05

-#define BIO_CB_CTRL	0x06

-/* The callback is called before and after the underling operation,

- * The BIO_CB_RETURN flag indicates if it is after the call */

-#define BIO_CB_RETURN	0x80

-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))

-#define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))

-#define BIO_cb_post(a)	((a)&BIO_CB_RETURN)

-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);

-void BIO_set_callback(BIO *b,

-	long (*callback)(struct bio_st *,int,const char *,int, long,long));

-char *BIO_get_callback_arg(const BIO *b);

-void BIO_set_callback_arg(BIO *b, char *arg);

-const char * BIO_method_name(const BIO *b);

-int BIO_method_type(const BIO *b);

-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);

-#ifndef OPENSSL_SYS_WIN16

-typedef struct bio_method_st

-	{

-	int type;

-	const char *name;

-	int (*bwrite)(BIO *, const char *, int);

-	int (*bread)(BIO *, char *, int);

-	int (*bputs)(BIO *, const char *);

-	int (*bgets)(BIO *, char *, int);

-	long (*ctrl)(BIO *, int, long, void *);

-	int (*create)(BIO *);

-	int (*destroy)(BIO *);

-        long (*callback_ctrl)(BIO *, int, bio_info_cb *);

-	} BIO_METHOD;

-#else

-typedef struct bio_method_st

-	{

-	int type;

-	const char *name;

-	int (_far *bwrite)();

-	int (_far *bread)();

-	int (_far *bputs)();

-	int (_far *bgets)();

-	long (_far *ctrl)();

-	int (_far *create)();

-	int (_far *destroy)();

-	long (_far *callback_ctrl)();

-	} BIO_METHOD;

-#endif

-struct bio_st

-	{

-	BIO_METHOD *method;

-	/* bio, mode, argp, argi, argl, ret */

-	long (*callback)(struct bio_st *,int,const char *,int, long,long);

-	char *cb_arg; /* first argument for the callback */

-	int init;

-	int shutdown;

-	int flags;	/* extra storage */

-	int retry_reason;

-	int num;

-	void *ptr;

-	struct bio_st *next_bio;	/* used by filter BIOs */

-	struct bio_st *prev_bio;	/* used by filter BIOs */

-	int references;

-	unsigned long num_read;

-	unsigned long num_write;

-	CRYPTO_EX_DATA ex_data;

-	};

-DECLARE_STACK_OF(BIO)

-typedef struct bio_f_buffer_ctx_struct

-	{

-	/* BIO *bio; */ /* this is now in the BIO struct */

-	int ibuf_size;	/* how big is the input buffer */

-	int obuf_size;	/* how big is the output buffer */

-	char *ibuf;		/* the char array */

-	int ibuf_len;		/* how many bytes are in it */

-	int ibuf_off;		/* write/read offset */

-	char *obuf;		/* the char array */

-	int obuf_len;		/* how many bytes are in it */

-	int obuf_off;		/* write/read offset */

-	} BIO_F_BUFFER_CTX;

-/* connect BIO stuff */

-#define BIO_CONN_S_BEFORE		1

-#define BIO_CONN_S_GET_IP		2

-#define BIO_CONN_S_GET_PORT		3

-#define BIO_CONN_S_CREATE_SOCKET	4

-#define BIO_CONN_S_CONNECT		5

-#define BIO_CONN_S_OK			6

-#define BIO_CONN_S_BLOCKED_CONNECT	7

-#define BIO_CONN_S_NBIO			8

-/*#define BIO_CONN_get_param_hostname	BIO_ctrl */

-#define BIO_C_SET_CONNECT			100

-#define BIO_C_DO_STATE_MACHINE			101

-#define BIO_C_SET_NBIO				102

-#define BIO_C_SET_PROXY_PARAM			103

-#define BIO_C_SET_FD				104

-#define BIO_C_GET_FD				105

-#define BIO_C_SET_FILE_PTR			106

-#define BIO_C_GET_FILE_PTR			107

-#define BIO_C_SET_FILENAME			108

-#define BIO_C_SET_SSL				109

-#define BIO_C_GET_SSL				110

-#define BIO_C_SET_MD				111

-#define BIO_C_GET_MD				112

-#define BIO_C_GET_CIPHER_STATUS			113

-#define BIO_C_SET_BUF_MEM			114

-#define BIO_C_GET_BUF_MEM_PTR			115

-#define BIO_C_GET_BUFF_NUM_LINES		116

-#define BIO_C_SET_BUFF_SIZE			117

-#define BIO_C_SET_ACCEPT			118

-#define BIO_C_SSL_MODE				119

-#define BIO_C_GET_MD_CTX			120

-#define BIO_C_GET_PROXY_PARAM			121

-#define BIO_C_SET_BUFF_READ_DATA		122 /* data to read first */

-#define BIO_C_GET_CONNECT			123

-#define BIO_C_GET_ACCEPT			124

-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125

-#define BIO_C_GET_SSL_NUM_RENEGOTIATES		126

-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127

-#define BIO_C_FILE_SEEK				128

-#define BIO_C_GET_CIPHER_CTX			129

-#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/

-#define BIO_C_SET_BIND_MODE			131

-#define BIO_C_GET_BIND_MODE			132

-#define BIO_C_FILE_TELL				133

-#define BIO_C_GET_SOCKS				134

-#define BIO_C_SET_SOCKS				135

-#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */

-#define BIO_C_GET_WRITE_BUF_SIZE		137

-#define BIO_C_MAKE_BIO_PAIR			138

-#define BIO_C_DESTROY_BIO_PAIR			139

-#define BIO_C_GET_WRITE_GUARANTEE		140

-#define BIO_C_GET_READ_REQUEST			141

-#define BIO_C_SHUTDOWN_WR			142

-#define BIO_C_NREAD0				143

-#define BIO_C_NREAD				144

-#define BIO_C_NWRITE0				145

-#define BIO_C_NWRITE				146

-#define BIO_C_RESET_READ_REQUEST		147

-#define BIO_C_SET_MD_CTX			148

-#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,arg)

-#define BIO_get_app_data(s)		BIO_get_ex_data(s,0)

-/* BIO_s_connect() and BIO_s_socks4a_connect() */

-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)

-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)

-#define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)

-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)

-#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)

-#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)

-#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)

-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)

-#define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)

-/* BIO_s_accept_socket() */

-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)

-#define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)

-/* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */

-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)

-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)

-#define BIO_BIND_NORMAL			0

-#define BIO_BIND_REUSEADDR_IF_UNUSED	1

-#define BIO_BIND_REUSEADDR		2

-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)

-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)

-#define BIO_do_connect(b)	BIO_do_handshake(b)

-#define BIO_do_accept(b)	BIO_do_handshake(b)

-#define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)

-/* BIO_s_proxy_client() */

-#define BIO_set_url(b,url)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))

-#define BIO_set_proxies(b,p)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))

-/* BIO_set_nbio(b,n) */

-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))

-/* BIO *BIO_get_filter_bio(BIO *bio); */

-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))

-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)

-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)

-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)

-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))

-#define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))

-#define BIO_get_no_connect_return(b)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)

-#define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)

-#define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)

-#define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)

-#define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)

-#define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)

-#define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)

-/* name is cast to lose const, but might be better to route through a function

-   so we can do it safely */

-#ifdef CONST_STRICT

-/* If you are wondering why this isn't defined, its because CONST_STRICT is

- * purely a compile-time kludge to allow const to be checked.

- */

-int BIO_read_filename(BIO *b,const char *name);

-#else

-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_READ,(char *)name)

-#endif

-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_WRITE,name)

-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_APPEND,name)

-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)

-/* WARNING WARNING, this ups the reference count on the read bio of the

- * SSL structure.  This is because the ssl read BIO is now pointed to by

- * the next_bio field in the bio.  So when you free the BIO, make sure

- * you are doing a BIO_free_all() to catch the underlying BIO. */

-#define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)

-#define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)

-#define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)

-#define BIO_set_ssl_renegotiate_bytes(b,num) \

-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);

-#define BIO_get_num_renegotiates(b) \

-	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);

-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \

-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);

-/* defined in evp.h */

-/* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */

-#define BIO_get_mem_data(b,pp)	BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)

-#define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)

-#define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)

-#define BIO_set_mem_eof_return(b,v) \

-				BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)

-/* For the BIO_f_buffer() type */

-#define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)

-#define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)

-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)

-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)

-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)

-/* Don't use the next one unless you know what you are doing :-) */

-#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))

-#define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)

-#define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)

-#define BIO_set_close(b,c)	(int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)

-#define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)

-#define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)

-#define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)

-/* ...pending macros have inappropriate return type */

-size_t BIO_ctrl_pending(BIO *b);

-size_t BIO_ctrl_wpending(BIO *b);

-#define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)

-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \

-						   cbp)

-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)

-/* For the BIO_f_buffer() type */

-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)

-/* For BIO_s_bio() */

-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)

-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)

-#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)

-#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)

-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)

-/* macros with inappropriate type -- but ...pending macros use int too: */

-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)

-#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)

-size_t BIO_ctrl_get_write_guarantee(BIO *b);

-size_t BIO_ctrl_get_read_request(BIO *b);

-int BIO_ctrl_reset_read_request(BIO *b);

-/* ctrl macros for dgram */

-#define BIO_ctrl_dgram_connect(b,peer)  \

-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)

-#define BIO_ctrl_set_connected(b, state, peer) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)

-#define BIO_dgram_recv_timedout(b) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)

-#define BIO_dgram_send_timedout(b) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)

-#define BIO_dgram_set_peer(b,peer) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)

-/* These two aren't currently implemented */

-/* int BIO_get_ex_num(BIO *bio); */

-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */

-int BIO_set_ex_data(BIO *bio,int idx,void *data);

-void *BIO_get_ex_data(BIO *bio,int idx);

-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-unsigned long BIO_number_read(BIO *bio);

-unsigned long BIO_number_written(BIO *bio);

-# ifndef OPENSSL_NO_FP_API

-#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)

-BIO_METHOD *BIO_s_file_internal(void);

-BIO *BIO_new_file_internal(char *filename, char *mode);

-BIO *BIO_new_fp_internal(FILE *stream, int close_flag);

-#    define BIO_s_file	BIO_s_file_internal

-#    define BIO_new_file	BIO_new_file_internal

-#    define BIO_new_fp	BIO_new_fp_internal

-#  else /* FP_API */

-BIO_METHOD *BIO_s_file(void );

-BIO *BIO_new_file(const char *filename, const char *mode);

-BIO *BIO_new_fp(FILE *stream, int close_flag);

-#    define BIO_s_file_internal		BIO_s_file

-#    define BIO_new_file_internal	BIO_new_file

-#    define BIO_new_fp_internal		BIO_s_file

-#  endif /* FP_API */

-# endif

-BIO *	BIO_new(BIO_METHOD *type);

-int	BIO_set(BIO *a,BIO_METHOD *type);

-int	BIO_free(BIO *a);

-void	BIO_vfree(BIO *a);

-int	BIO_read(BIO *b, void *data, int len);

-int	BIO_gets(BIO *bp,char *buf, int size);

-int	BIO_write(BIO *b, const void *data, int len);

-int	BIO_puts(BIO *bp,const char *buf);

-int	BIO_indent(BIO *b,int indent,int max);

-long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);

-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));

-char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);

-long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);

-BIO *	BIO_push(BIO *b,BIO *append);

-BIO *	BIO_pop(BIO *b);

-void	BIO_free_all(BIO *a);

-BIO *	BIO_find_type(BIO *b,int bio_type);

-BIO *	BIO_next(BIO *b);

-BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);

-int	BIO_get_retry_reason(BIO *bio);

-BIO *	BIO_dup_chain(BIO *in);

-int BIO_nread0(BIO *bio, char **buf);

-int BIO_nread(BIO *bio, char **buf, int num);

-int BIO_nwrite0(BIO *bio, char **buf);

-int BIO_nwrite(BIO *bio, char **buf, int num);

-#ifndef OPENSSL_SYS_WIN16

-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,

-	long argl,long ret);

-#else

-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,

-	long argl,long ret);

-#endif

-BIO_METHOD *BIO_s_mem(void);

-BIO *BIO_new_mem_buf(void *buf, int len);

-BIO_METHOD *BIO_s_socket(void);

-BIO_METHOD *BIO_s_connect(void);

-BIO_METHOD *BIO_s_accept(void);

-BIO_METHOD *BIO_s_fd(void);

-#ifndef OPENSSL_SYS_OS2

-BIO_METHOD *BIO_s_log(void);

-#endif

-BIO_METHOD *BIO_s_bio(void);

-BIO_METHOD *BIO_s_null(void);

-BIO_METHOD *BIO_f_null(void);

-BIO_METHOD *BIO_f_buffer(void);

-#ifdef OPENSSL_SYS_VMS

-BIO_METHOD *BIO_f_linebuffer(void);

-#endif

-BIO_METHOD *BIO_f_nbio_test(void);

-#ifndef OPENSSL_NO_DGRAM

-BIO_METHOD *BIO_s_datagram(void);

-#endif

-/* BIO_METHOD *BIO_f_ber(void); */

-int BIO_sock_should_retry(int i);

-int BIO_sock_non_fatal_error(int error);

-int BIO_dgram_non_fatal_error(int error);

-int BIO_fd_should_retry(int i);

-int BIO_fd_non_fatal_error(int error);

-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),

-		void *u, const char *s, int len);

-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),

-		       void *u, const char *s, int len, int indent);

-int BIO_dump(BIO *b,const char *bytes,int len);

-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);

-#ifndef OPENSSL_NO_FP_API

-int BIO_dump_fp(FILE *fp, const char *s, int len);

-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);

-#endif

-struct hostent *BIO_gethostbyname(const char *name);

-/* We might want a thread-safe interface too:

- * struct hostent *BIO_gethostbyname_r(const char *name,

- *     struct hostent *result, void *buffer, size_t buflen);

- * or something similar (caller allocates a struct hostent,

- * pointed to by "result", and additional buffer space for the various

- * substructures; if the buffer does not suffice, NULL is returned

- * and an appropriate error code is set).

- */

-int BIO_sock_error(int sock);

-int BIO_socket_ioctl(int fd, long type, void *arg);

-int BIO_socket_nbio(int fd,int mode);

-int BIO_get_port(const char *str, unsigned short *port_ptr);

-int BIO_get_host_ip(const char *str, unsigned char *ip);

-int BIO_get_accept_socket(char *host_port,int mode);

-int BIO_accept(int sock,char **ip_port);

-int BIO_sock_init(void );

-void BIO_sock_cleanup(void);

-int BIO_set_tcp_ndelay(int sock,int turn_on);

-BIO *BIO_new_socket(int sock, int close_flag);

-BIO *BIO_new_dgram(int fd, int close_flag);

-BIO *BIO_new_fd(int fd, int close_flag);

-BIO *BIO_new_connect(char *host_port);

-BIO *BIO_new_accept(char *host_port);

-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,

-	BIO **bio2, size_t writebuf2);

-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.

- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.

- * Size 0 uses default value.

- */

-void BIO_copy_next_retry(BIO *b);

-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/

-#ifdef __GNUC__

-#  define __bio_h__attr__ __attribute__

-#else

-#  define __bio_h__attr__(x)

-#endif

-int BIO_printf(BIO *bio, const char *format, ...)

-	__bio_h__attr__((__format__(__printf__,2,3)));

-int BIO_vprintf(BIO *bio, const char *format, va_list args)

-	__bio_h__attr__((__format__(__printf__,2,0)));

-int BIO_snprintf(char *buf, size_t n, const char *format, ...)

-	__bio_h__attr__((__format__(__printf__,3,4)));

-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)

-	__bio_h__attr__((__format__(__printf__,3,0)));

-#undef __bio_h__attr__

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_BIO_strings(void);

-/* Error codes for the BIO functions. */

-/* Function codes. */

-#define BIO_F_ACPT_STATE				 100

-#define BIO_F_BIO_ACCEPT				 101

-#define BIO_F_BIO_BER_GET_HEADER			 102

-#define BIO_F_BIO_CALLBACK_CTRL				 131

-#define BIO_F_BIO_CTRL					 103

-#define BIO_F_BIO_GETHOSTBYNAME				 120

-#define BIO_F_BIO_GETS					 104

-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105

-#define BIO_F_BIO_GET_HOST_IP				 106

-#define BIO_F_BIO_GET_PORT				 107

-#define BIO_F_BIO_MAKE_PAIR				 121

-#define BIO_F_BIO_NEW					 108

-#define BIO_F_BIO_NEW_FILE				 109

-#define BIO_F_BIO_NEW_MEM_BUF				 126

-#define BIO_F_BIO_NREAD					 123

-#define BIO_F_BIO_NREAD0				 124

-#define BIO_F_BIO_NWRITE				 125

-#define BIO_F_BIO_NWRITE0				 122

-#define BIO_F_BIO_PUTS					 110

-#define BIO_F_BIO_READ					 111

-#define BIO_F_BIO_SOCK_INIT				 112

-#define BIO_F_BIO_WRITE					 113

-#define BIO_F_BUFFER_CTRL				 114

-#define BIO_F_CONN_CTRL					 127

-#define BIO_F_CONN_STATE				 115

-#define BIO_F_FILE_CTRL					 116

-#define BIO_F_FILE_READ					 130

-#define BIO_F_LINEBUFFER_CTRL				 129

-#define BIO_F_MEM_READ					 128

-#define BIO_F_MEM_WRITE					 117

-#define BIO_F_SSL_NEW					 118

-#define BIO_F_WSASTARTUP				 119

-/* Reason codes. */

-#define BIO_R_ACCEPT_ERROR				 100

-#define BIO_R_BAD_FOPEN_MODE				 101

-#define BIO_R_BAD_HOSTNAME_LOOKUP			 102

-#define BIO_R_BROKEN_PIPE				 124

-#define BIO_R_CONNECT_ERROR				 103

-#define BIO_R_EOF_ON_MEMORY_BIO				 127

-#define BIO_R_ERROR_SETTING_NBIO			 104

-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105

-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106

-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107

-#define BIO_R_INVALID_ARGUMENT				 125

-#define BIO_R_INVALID_IP_ADDRESS			 108

-#define BIO_R_IN_USE					 123

-#define BIO_R_KEEPALIVE					 109

-#define BIO_R_NBIO_CONNECT_ERROR			 110

-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111

-#define BIO_R_NO_HOSTNAME_SPECIFIED			 112

-#define BIO_R_NO_PORT_DEFINED				 113

-#define BIO_R_NO_PORT_SPECIFIED				 114

-#define BIO_R_NO_SUCH_FILE				 128

-#define BIO_R_NULL_PARAMETER				 115

-#define BIO_R_TAG_MISMATCH				 116

-#define BIO_R_UNABLE_TO_BIND_SOCKET			 117

-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118

-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119

-#define BIO_R_UNINITIALIZED				 120

-#define BIO_R_UNSUPPORTED_METHOD			 121

-#define BIO_R_WRITE_TO_READ_ONLY_BIO			 126

-#define BIO_R_WSASTARTUP				 122

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/blowfish.h

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/bf/blowfish.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BLOWFISH_H

-#define HEADER_BLOWFISH_H

-#include <openssl/e_os2.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_BF

-#error BF is disabled.

-#endif

-#define BF_ENCRYPT	1

-#define BF_DECRYPT	0

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! BF_LONG_LOG2 has to be defined along.                        !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define BF_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define BF_LONG unsigned long

-#define BF_LONG_LOG2 3

-/*

- * _CRAY note. I could declare short, but I have no idea what impact

- * does it have on performance on none-T3E machines. I could declare

- * int, but at least on C90 sizeof(int) can be chosen at compile time.

- * So I've chosen long...

- *					<[email protected]>

- */

-#else

-#define BF_LONG unsigned int

-#endif

-#define BF_ROUNDS	16

-#define BF_BLOCK	8

-typedef struct bf_key_st

-	{

-	BF_LONG P[BF_ROUNDS+2];

-	BF_LONG S[4*256];

-	} BF_KEY;

-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);

-void BF_encrypt(BF_LONG *data,const BF_KEY *key);

-void BF_decrypt(BF_LONG *data,const BF_KEY *key);

-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const BF_KEY *key, int enc);

-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	const BF_KEY *schedule, unsigned char *ivec, int enc);

-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,

-	const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);

-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,

-	const BF_KEY *schedule, unsigned char *ivec, int *num);

-const char *BF_options(void);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/bn.h

+++ /dev/null

@@ -1,839 +1,0 @@

-/* crypto/bn/bn.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the Eric Young open source

- * license provided above.

- *

- * The binary polynomial arithmetic software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#ifndef HEADER_BN_H

-#define HEADER_BN_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h> /* FILE */

-#endif

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* These preprocessor symbols control various aspects of the bignum headers and

- * library code. They're not defined by any "normal" configuration, as they are

- * intended for development and testing purposes. NB: defining all three can be

- * useful for debugging application code as well as openssl itself.

- *

- * BN_DEBUG - turn on various debugging alterations to the bignum code

- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up

- * mismanagement of bignum internals. You must also define BN_DEBUG.

- */

-/* #define BN_DEBUG */

-/* #define BN_DEBUG_RAND */

-#define BN_MUL_COMBA

-#define BN_SQR_COMBA

-#define BN_RECURSION

-/* This next option uses the C libraries (2 word)/(1 word) function.

- * If it is not defined, I use my C version (which is slower).

- * The reason for this flag is that when the particular C compiler

- * library routine is used, and the library is linked with a different

- * compiler, the library is missing.  This mostly happens when the

- * library is built with gcc and then linked using normal cc.  This would

- * be a common occurrence because gcc normally produces code that is

- * 2 times faster than system compilers for the big number stuff.

- * For machines with only one compiler (or shared libraries), this should

- * be on.  Again this in only really a problem on machines

- * using "long long's", are 32bit, and are not using my assembler code. */

-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \

-    defined(OPENSSL_SYS_WIN32) || defined(linux)

-# ifndef BN_DIV2W

-#  define BN_DIV2W

-# endif

-#endif

-/* assuming long is 64bit - this is the DEC Alpha

- * unsigned long long is only 64 bits :-(, don't define

- * BN_LLONG for the DEC Alpha */

-#ifdef SIXTY_FOUR_BIT_LONG

-#define BN_ULLONG	unsigned long long

-#define BN_ULONG	unsigned long

-#define BN_LONG		long

-#define BN_BITS		128

-#define BN_BYTES	8

-#define BN_BITS2	64

-#define BN_BITS4	32

-#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)

-#define BN_MASK2	(0xffffffffffffffffL)

-#define BN_MASK2l	(0xffffffffL)

-#define BN_MASK2h	(0xffffffff00000000L)

-#define BN_MASK2h1	(0xffffffff80000000L)

-#define BN_TBIT		(0x8000000000000000L)

-#define BN_DEC_CONV	(10000000000000000000UL)

-#define BN_DEC_FMT1	"%lu"

-#define BN_DEC_FMT2	"%019lu"

-#define BN_DEC_NUM	19

-#endif

-/* This is where the long long data type is 64 bits, but long is 32.

- * For machines where there are 64bit registers, this is the mode to use.

- * IRIX, on R4000 and above should use this mode, along with the relevant

- * assembler code :-).  Do NOT define BN_LLONG.

- */

-#ifdef SIXTY_FOUR_BIT

-#undef BN_LLONG

-#undef BN_ULLONG

-#define BN_ULONG	unsigned long long

-#define BN_LONG		long long

-#define BN_BITS		128

-#define BN_BYTES	8

-#define BN_BITS2	64

-#define BN_BITS4	32

-#define BN_MASK2	(0xffffffffffffffffLL)

-#define BN_MASK2l	(0xffffffffL)

-#define BN_MASK2h	(0xffffffff00000000LL)

-#define BN_MASK2h1	(0xffffffff80000000LL)

-#define BN_TBIT		(0x8000000000000000LL)

-#define BN_DEC_CONV	(10000000000000000000ULL)

-#define BN_DEC_FMT1	"%llu"

-#define BN_DEC_FMT2	"%019llu"

-#define BN_DEC_NUM	19

-#endif

-#ifdef THIRTY_TWO_BIT

-#ifdef BN_LLONG

-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)

-#  define BN_ULLONG	unsigned __int64

-# else

-#  define BN_ULLONG	unsigned long long

-# endif

-#endif

-#define BN_ULONG	unsigned long

-#define BN_LONG		long

-#define BN_BITS		64

-#define BN_BYTES	4

-#define BN_BITS2	32

-#define BN_BITS4	16

-#ifdef OPENSSL_SYS_WIN32

-/* VC++ doesn't like the LL suffix */

-#define BN_MASK		(0xffffffffffffffffL)

-#else

-#define BN_MASK		(0xffffffffffffffffLL)

-#endif

-#define BN_MASK2	(0xffffffffL)

-#define BN_MASK2l	(0xffff)

-#define BN_MASK2h1	(0xffff8000L)

-#define BN_MASK2h	(0xffff0000L)

-#define BN_TBIT		(0x80000000L)

-#define BN_DEC_CONV	(1000000000L)

-#define BN_DEC_FMT1	"%lu"

-#define BN_DEC_FMT2	"%09lu"

-#define BN_DEC_NUM	9

-#endif

-#ifdef SIXTEEN_BIT

-#ifndef BN_DIV2W

-#define BN_DIV2W

-#endif

-#define BN_ULLONG	unsigned long

-#define BN_ULONG	unsigned short

-#define BN_LONG		short

-#define BN_BITS		32

-#define BN_BYTES	2

-#define BN_BITS2	16

-#define BN_BITS4	8

-#define BN_MASK		(0xffffffff)

-#define BN_MASK2	(0xffff)

-#define BN_MASK2l	(0xff)

-#define BN_MASK2h1	(0xff80)

-#define BN_MASK2h	(0xff00)

-#define BN_TBIT		(0x8000)

-#define BN_DEC_CONV	(100000)

-#define BN_DEC_FMT1	"%u"

-#define BN_DEC_FMT2	"%05u"

-#define BN_DEC_NUM	5

-#endif

-#ifdef EIGHT_BIT

-#ifndef BN_DIV2W

-#define BN_DIV2W

-#endif

-#define BN_ULLONG	unsigned short

-#define BN_ULONG	unsigned char

-#define BN_LONG		char

-#define BN_BITS		16

-#define BN_BYTES	1

-#define BN_BITS2	8

-#define BN_BITS4	4

-#define BN_MASK		(0xffff)

-#define BN_MASK2	(0xff)

-#define BN_MASK2l	(0xf)

-#define BN_MASK2h1	(0xf8)

-#define BN_MASK2h	(0xf0)

-#define BN_TBIT		(0x80)

-#define BN_DEC_CONV	(100)

-#define BN_DEC_FMT1	"%u"

-#define BN_DEC_FMT2	"%02u"

-#define BN_DEC_NUM	2

-#endif

-#define BN_DEFAULT_BITS	1280

-#define BN_FLG_MALLOCED		0x01

-#define BN_FLG_STATIC_DATA	0x02

-#define BN_FLG_CONSTTIME	0x04 /* avoid leaking exponent information through timing,

-                                      * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,

-                                      * BN_div() will call BN_div_no_branch,

-                                      * BN_mod_inverse() will call BN_mod_inverse_no_branch.

-                                      */

-#ifndef OPENSSL_NO_DEPRECATED

-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */

-                                      /* avoid leaking exponent information through timings

-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#define BN_FLG_FREE		0x8000	/* used for debuging */

-#endif

-#define BN_set_flags(b,n)	((b)->flags|=(n))

-#define BN_get_flags(b,n)	((b)->flags&(n))

-/* get a clone of a BIGNUM with changed flags, for *temporary* use only

- * (the two BIGNUMs cannot not be used in parallel!) */

-#define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \

-                                  (dest)->top=(b)->top, \

-                                  (dest)->dmax=(b)->dmax, \

-                                  (dest)->neg=(b)->neg, \

-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \

-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \

-                                                 |  BN_FLG_STATIC_DATA \

-                                                 |  (n)))

-/* Already declared in ossl_typ.h */

-#if 0

-typedef struct bignum_st BIGNUM;

-/* Used for temp variables (declaration hidden in bn_lcl.h) */

-typedef struct bignum_ctx BN_CTX;

-typedef struct bn_blinding_st BN_BLINDING;

-typedef struct bn_mont_ctx_st BN_MONT_CTX;

-typedef struct bn_recp_ctx_st BN_RECP_CTX;

-typedef struct bn_gencb_st BN_GENCB;

-#endif

-struct bignum_st

-	{

-	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */

-	int top;	/* Index of last used d +1. */

-	/* The next are internal book keeping for bn_expand. */

-	int dmax;	/* Size of the d array. */

-	int neg;	/* one if the number is negative */

-	int flags;

-	};

-/* Used for montgomery multiplication */

-struct bn_mont_ctx_st

-	{

-	int ri;        /* number of bits in R */

-	BIGNUM RR;     /* used to convert to montgomery form */

-	BIGNUM N;      /* The modulus */

-	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1

-	                * (Ni is only stored for bignum algorithm) */

-	BN_ULONG n0;   /* least significant word of Ni */

-	int flags;

-	};

-/* Used for reciprocal division/mod functions

- * It cannot be shared between threads

- */

-struct bn_recp_ctx_st

-	{

-	BIGNUM N;	/* the divisor */

-	BIGNUM Nr;	/* the reciprocal */

-	int num_bits;

-	int shift;

-	int flags;

-	};

-/* Used for slow "generation" functions. */

-struct bn_gencb_st

-	{

-	unsigned int ver;	/* To handle binary (in)compatibility */

-	void *arg;		/* callback-specific data */

-	union

-		{

-		/* if(ver==1) - handles old style callbacks */

-		void (*cb_1)(int, int, void *);

-		/* if(ver==2) - new callback style */

-		int (*cb_2)(int, int, BN_GENCB *);

-		} cb;

-	};

-/* Wrapper function to make using BN_GENCB easier,  */

-int BN_GENCB_call(BN_GENCB *cb, int a, int b);

-/* Macro to populate a BN_GENCB structure with an "old"-style callback */

-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \

-		BN_GENCB *tmp_gencb = (gencb); \

-		tmp_gencb->ver = 1; \

-		tmp_gencb->arg = (cb_arg); \

-		tmp_gencb->cb.cb_1 = (callback); }

-/* Macro to populate a BN_GENCB structure with a "new"-style callback */

-#define BN_GENCB_set(gencb, callback, cb_arg) { \

-		BN_GENCB *tmp_gencb = (gencb); \

-		tmp_gencb->ver = 2; \

-		tmp_gencb->arg = (cb_arg); \

-		tmp_gencb->cb.cb_2 = (callback); }

-#define BN_prime_checks 0 /* default: select number of iterations

-			     based on the size of the number */

-/* number of Miller-Rabin iterations for an error rate  of less than 2^-80

- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook

- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];

- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates

- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */

-#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \

-                                (b) >=  850 ?  3 : \

-                                (b) >=  650 ?  4 : \

-                                (b) >=  550 ?  5 : \

-                                (b) >=  450 ?  6 : \

-                                (b) >=  400 ?  7 : \

-                                (b) >=  350 ?  8 : \

-                                (b) >=  300 ?  9 : \

-                                (b) >=  250 ? 12 : \

-                                (b) >=  200 ? 15 : \

-                                (b) >=  150 ? 18 : \

-                                /* b >= 100 */ 27)

-#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)

-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */

-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \

-				(((w) == 0) && ((a)->top == 0)))

-#define BN_is_zero(a)       ((a)->top == 0)

-#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)

-#define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))

-#define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))

-#define BN_one(a)	(BN_set_word((a),1))

-#define BN_zero_ex(a) \

-	do { \

-		BIGNUM *_tmp_bn = (a); \

-		_tmp_bn->top = 0; \

-		_tmp_bn->neg = 0; \

-	} while(0)

-#ifdef OPENSSL_NO_DEPRECATED

-#define BN_zero(a)	BN_zero_ex(a)

-#else

-#define BN_zero(a)	(BN_set_word((a),0))

-#endif

-const BIGNUM *BN_value_one(void);

-char *	BN_options(void);

-BN_CTX *BN_CTX_new(void);

-#ifndef OPENSSL_NO_DEPRECATED

-void	BN_CTX_init(BN_CTX *c);

-#endif

-void	BN_CTX_free(BN_CTX *c);

-void	BN_CTX_start(BN_CTX *ctx);

-BIGNUM *BN_CTX_get(BN_CTX *ctx);

-void	BN_CTX_end(BN_CTX *ctx);

-int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);

-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);

-int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);

-int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);

-int	BN_num_bits(const BIGNUM *a);

-int	BN_num_bits_word(BN_ULONG);

-BIGNUM *BN_new(void);

-void	BN_init(BIGNUM *);

-void	BN_clear_free(BIGNUM *a);

-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);

-void	BN_swap(BIGNUM *a, BIGNUM *b);

-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);

-int	BN_bn2bin(const BIGNUM *a, unsigned char *to);

-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);

-int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);

-int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);

-int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);

-/** BN_set_negative sets sign of a BIGNUM

- * \param  b  pointer to the BIGNUM object

- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise

- */

-void	BN_set_negative(BIGNUM *b, int n);

-/** BN_is_negative returns 1 if the BIGNUM is negative

- * \param  a  pointer to the BIGNUM object

- * \return 1 if a < 0 and 0 otherwise

- */

-#define BN_is_negative(a) ((a)->neg != 0)

-int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,

-	BN_CTX *ctx);

-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))

-int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);

-int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);

-int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);

-int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);

-int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);

-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);

-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);

-int	BN_mul_word(BIGNUM *a, BN_ULONG w);

-int	BN_add_word(BIGNUM *a, BN_ULONG w);

-int	BN_sub_word(BIGNUM *a, BN_ULONG w);

-int	BN_set_word(BIGNUM *a, BN_ULONG w);

-BN_ULONG BN_get_word(const BIGNUM *a);

-int	BN_cmp(const BIGNUM *a, const BIGNUM *b);

-void	BN_free(BIGNUM *a);

-int	BN_is_bit_set(const BIGNUM *a, int n);

-int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);

-int	BN_lshift1(BIGNUM *r, const BIGNUM *a);

-int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);

-int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m,BN_CTX *ctx);

-int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);

-int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,

-	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,

-	BN_CTX *ctx,BN_MONT_CTX *m_ctx);

-int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m,BN_CTX *ctx);

-int	BN_mask_bits(BIGNUM *a,int n);

-#ifndef OPENSSL_NO_FP_API

-int	BN_print_fp(FILE *fp, const BIGNUM *a);

-#endif

-#ifdef HEADER_BIO_H

-int	BN_print(BIO *fp, const BIGNUM *a);

-#else

-int	BN_print(void *fp, const BIGNUM *a);

-#endif

-int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);

-int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);

-int	BN_rshift1(BIGNUM *r, const BIGNUM *a);

-void	BN_clear(BIGNUM *a);

-BIGNUM *BN_dup(const BIGNUM *a);

-int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);

-int	BN_set_bit(BIGNUM *a, int n);

-int	BN_clear_bit(BIGNUM *a, int n);

-char *	BN_bn2hex(const BIGNUM *a);

-char *	BN_bn2dec(const BIGNUM *a);

-int 	BN_hex2bn(BIGNUM **a, const char *str);

-int 	BN_dec2bn(BIGNUM **a, const char *str);

-int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);

-int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */

-BIGNUM *BN_mod_inverse(BIGNUM *ret,

-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);

-BIGNUM *BN_mod_sqrt(BIGNUM *ret,

-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);

-/* Deprecated versions */

-#ifndef OPENSSL_NO_DEPRECATED

-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,

-	const BIGNUM *add, const BIGNUM *rem,

-	void (*callback)(int,int,void *),void *cb_arg);

-int	BN_is_prime(const BIGNUM *p,int nchecks,

-	void (*callback)(int,int,void *),

-	BN_CTX *ctx,void *cb_arg);

-int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,

-	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,

-	int do_trial_division);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* Newer versions */

-int	BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,

-		const BIGNUM *rem, BN_GENCB *cb);

-int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);

-int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,

-		int do_trial_division, BN_GENCB *cb);

-BN_MONT_CTX *BN_MONT_CTX_new(void );

-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);

-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,

-	BN_MONT_CTX *mont, BN_CTX *ctx);

-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\

-	(r),(a),&((mont)->RR),(mont),(ctx))

-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,

-	BN_MONT_CTX *mont, BN_CTX *ctx);

-void BN_MONT_CTX_free(BN_MONT_CTX *mont);

-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);

-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);

-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,

-					const BIGNUM *mod, BN_CTX *ctx);

-/* BN_BLINDING flags */

-#define	BN_BLINDING_NO_UPDATE	0x00000001

-#define	BN_BLINDING_NO_RECREATE	0x00000002

-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);

-void BN_BLINDING_free(BN_BLINDING *b);

-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);

-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);

-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);

-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);

-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);

-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);

-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);

-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);

-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);

-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,

-	const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,

-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),

-	BN_MONT_CTX *m_ctx);

-#ifndef OPENSSL_NO_DEPRECATED

-void BN_set_params(int mul,int high,int low,int mont);

-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */

-#endif

-void	BN_RECP_CTX_init(BN_RECP_CTX *recp);

-BN_RECP_CTX *BN_RECP_CTX_new(void);

-void	BN_RECP_CTX_free(BN_RECP_CTX *recp);

-int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);

-int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,

-	BN_RECP_CTX *recp,BN_CTX *ctx);

-int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx);

-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,

-	BN_RECP_CTX *recp, BN_CTX *ctx);

-/* Functions for arithmetic over binary polynomials represented by BIGNUMs.

- *

- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is

- * ignored.

- *

- * Note that input arguments are not const so that their bit arrays can

- * be expanded to the appropriate size if needed.

- */

-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/

-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)

-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/

-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */

-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	BN_CTX *ctx); /* r = (a * a) mod p */

-int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,

-	BN_CTX *ctx); /* r = (1 / b) mod p */

-int	BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */

-int	BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */

-int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	BN_CTX *ctx); /* r = sqrt(a) mod p */

-int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	BN_CTX *ctx); /* r^2 + r = a mod p */

-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))

-/* Some functions allow for representation of the irreducible polynomials

- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:

- *     t^p[0] + t^p[1] + ... + t^p[k]

- * where m = p[0] > p[1] > ... > p[k] = 0.

- */

-int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);

-	/* r = a mod p */

-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */

-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],

-	BN_CTX *ctx); /* r = (a * a) mod p */

-int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],

-	BN_CTX *ctx); /* r = (1 / b) mod p */

-int	BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */

-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */

-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,

-	const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */

-int	BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,

-	const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */

-int	BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);

-int	BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);

-/* faster mod functions for the 'NIST primes'

- * 0 <= a < p^2 */

-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-const BIGNUM *BN_get0_nist_prime_192(void);

-const BIGNUM *BN_get0_nist_prime_224(void);

-const BIGNUM *BN_get0_nist_prime_256(void);

-const BIGNUM *BN_get0_nist_prime_384(void);

-const BIGNUM *BN_get0_nist_prime_521(void);

-/* library internal functions */

-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\

-	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))

-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))

-BIGNUM *bn_expand2(BIGNUM *a, int words);

-#ifndef OPENSSL_NO_DEPRECATED

-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */

-#endif

-/* Bignum consistency macros

- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from

- * bignum data after direct manipulations on the data. There is also an

- * "internal" macro, bn_check_top(), for verifying that there are no leading

- * zeroes. Unfortunately, some auditing is required due to the fact that

- * bn_fix_top() has become an overabused duct-tape because bignum data is

- * occasionally passed around in an inconsistent state. So the following

- * changes have been made to sort this out;

- * - bn_fix_top()s implementation has been moved to bn_correct_top()

- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and

- *   bn_check_top() is as before.

- * - if BN_DEBUG *is* defined;

- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is

- *     consistent. (ed: only if BN_DEBUG_RAND is defined)

- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.

- * The idea is to have debug builds flag up inconsistent bignums when they

- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if

- * the use of bn_fix_top() was appropriate (ie. it follows directly after code

- * that manipulates the bignum) it is converted to bn_correct_top(), and if it

- * was not appropriate, we convert it permanently to bn_check_top() and track

- * down the cause of the bug. Eventually, no internal code should be using the

- * bn_fix_top() macro. External applications and libraries should try this with

- * their own code too, both in terms of building against the openssl headers

- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it

- * defined. This not only improves external code, it provides more test

- * coverage for openssl's own code.

- */

-#ifdef BN_DEBUG

-/* We only need assert() when debugging */

-#include <assert.h>

-#ifdef BN_DEBUG_RAND

-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */

-#ifndef RAND_pseudo_bytes

-int RAND_pseudo_bytes(unsigned char *buf,int num);

-#define BN_DEBUG_TRIX

-#endif

-#define bn_pollute(a) \

-	do { \

-		const BIGNUM *_bnum1 = (a); \

-		if(_bnum1->top < _bnum1->dmax) { \

-			unsigned char _tmp_char; \

-			/* We cast away const without the compiler knowing, any \

-			 * *genuinely* constant variables that aren't mutable \

-			 * wouldn't be constructed with top!=dmax. */ \

-			BN_ULONG *_not_const; \

-			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \

-			RAND_pseudo_bytes(&_tmp_char, 1); \

-			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \

-				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \

-		} \

-	} while(0)

-#ifdef BN_DEBUG_TRIX

-#undef RAND_pseudo_bytes

-#endif

-#else

-#define bn_pollute(a)

-#endif

-#define bn_check_top(a) \

-	do { \

-		const BIGNUM *_bnum2 = (a); \

-		if (_bnum2 != NULL) { \

-			assert((_bnum2->top == 0) || \

-				(_bnum2->d[_bnum2->top - 1] != 0)); \

-			bn_pollute(_bnum2); \

-		} \

-	} while(0)

-#define bn_fix_top(a)		bn_check_top(a)

-#else /* !BN_DEBUG */

-#define bn_pollute(a)

-#define bn_check_top(a)

-#define bn_fix_top(a)		bn_correct_top(a)

-#endif

-#define bn_correct_top(a) \

-        { \

-        BN_ULONG *ftl; \

-	if ((a)->top > 0) \

-		{ \

-		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \

-		if (*(ftl--)) break; \

-		} \

-	bn_pollute(a); \

-	}

-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);

-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);

-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);

-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);

-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);

-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);

-/* Primes from RFC 2409 */

-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);

-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);

-/* Primes from RFC 3526 */

-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);

-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_BN_strings(void);

-/* Error codes for the BN functions. */

-/* Function codes. */

-#define BN_F_BNRAND					 127

-#define BN_F_BN_BLINDING_CONVERT_EX			 100

-#define BN_F_BN_BLINDING_CREATE_PARAM			 128

-#define BN_F_BN_BLINDING_INVERT_EX			 101

-#define BN_F_BN_BLINDING_NEW				 102

-#define BN_F_BN_BLINDING_UPDATE				 103

-#define BN_F_BN_BN2DEC					 104

-#define BN_F_BN_BN2HEX					 105

-#define BN_F_BN_CTX_GET					 116

-#define BN_F_BN_CTX_NEW					 106

-#define BN_F_BN_CTX_START				 129

-#define BN_F_BN_DIV					 107

-#define BN_F_BN_DIV_NO_BRANCH				 138

-#define BN_F_BN_DIV_RECP				 130

-#define BN_F_BN_EXP					 123

-#define BN_F_BN_EXPAND2					 108

-#define BN_F_BN_EXPAND_INTERNAL				 120

-#define BN_F_BN_GF2M_MOD				 131

-#define BN_F_BN_GF2M_MOD_EXP				 132

-#define BN_F_BN_GF2M_MOD_MUL				 133

-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD			 134

-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR			 135

-#define BN_F_BN_GF2M_MOD_SQR				 136

-#define BN_F_BN_GF2M_MOD_SQRT				 137

-#define BN_F_BN_MOD_EXP2_MONT				 118

-#define BN_F_BN_MOD_EXP_MONT				 109

-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME			 124

-#define BN_F_BN_MOD_EXP_MONT_WORD			 117

-#define BN_F_BN_MOD_EXP_RECP				 125

-#define BN_F_BN_MOD_EXP_SIMPLE				 126

-#define BN_F_BN_MOD_INVERSE				 110

-#define BN_F_BN_MOD_INVERSE_NO_BRANCH			 139

-#define BN_F_BN_MOD_LSHIFT_QUICK			 119

-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111

-#define BN_F_BN_MOD_SQRT				 121

-#define BN_F_BN_MPI2BN					 112

-#define BN_F_BN_NEW					 113

-#define BN_F_BN_RAND					 114

-#define BN_F_BN_RAND_RANGE				 122

-#define BN_F_BN_USUB					 115

-/* Reason codes. */

-#define BN_R_ARG2_LT_ARG3				 100

-#define BN_R_BAD_RECIPROCAL				 101

-#define BN_R_BIGNUM_TOO_LONG				 114

-#define BN_R_CALLED_WITH_EVEN_MODULUS			 102

-#define BN_R_DIV_BY_ZERO				 103

-#define BN_R_ENCODING_ERROR				 104

-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105

-#define BN_R_INPUT_NOT_REDUCED				 110

-#define BN_R_INVALID_LENGTH				 106

-#define BN_R_INVALID_RANGE				 115

-#define BN_R_NOT_A_SQUARE				 111

-#define BN_R_NOT_INITIALIZED				 107

-#define BN_R_NO_INVERSE					 108

-#define BN_R_NO_SOLUTION				 116

-#define BN_R_P_IS_NOT_PRIME				 112

-#define BN_R_TOO_MANY_ITERATIONS			 113

-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/buffer.h

+++ /dev/null

@@ -1,118 +1,0 @@

-/* crypto/buffer/buffer.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BUFFER_H

-#define HEADER_BUFFER_H

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#include <stddef.h>

-#if !defined(NO_SYS_TYPES_H)

-#include <sys/types.h>

-#endif

-/* Already declared in ossl_typ.h */

-/* typedef struct buf_mem_st BUF_MEM; */

-struct buf_mem_st

-	{

-	int length;	/* current number of bytes */

-	char *data;

-	int max;	/* size of buffer */

-	};

-BUF_MEM *BUF_MEM_new(void);

-void	BUF_MEM_free(BUF_MEM *a);

-int	BUF_MEM_grow(BUF_MEM *str, int len);

-int	BUF_MEM_grow_clean(BUF_MEM *str, int len);

-char *	BUF_strdup(const char *str);

-char *	BUF_strndup(const char *str, size_t siz);

-void *	BUF_memdup(const void *data, size_t siz);

-/* safe string functions */

-size_t BUF_strlcpy(char *dst,const char *src,size_t siz);

-size_t BUF_strlcat(char *dst,const char *src,size_t siz);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_BUF_strings(void);

-/* Error codes for the BUF functions. */

-/* Function codes. */

-#define BUF_F_BUF_MEMDUP				 103

-#define BUF_F_BUF_MEM_GROW				 100

-#define BUF_F_BUF_MEM_GROW_CLEAN			 105

-#define BUF_F_BUF_MEM_NEW				 101

-#define BUF_F_BUF_STRDUP				 102

-#define BUF_F_BUF_STRNDUP				 104

-/* Reason codes. */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/camellia.h

+++ /dev/null

@@ -1,129 +1,0 @@

-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef HEADER_CAMELLIA_H

-#define HEADER_CAMELLIA_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_CAMELLIA

-#error CAMELLIA is disabled.

-#endif

-#define CAMELLIA_ENCRYPT	1

-#define CAMELLIA_DECRYPT	0

-/* Because array size can't be a const in C, the following two are macros.

-   Both sizes are in bytes. */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* This should be a hidden type, but EVP requires that the size be known */

-#define CAMELLIA_BLOCK_SIZE 16

-#define CAMELLIA_TABLE_BYTE_LEN 272

-#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)

- /* to match with WORD */

-typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];

-struct camellia_key_st

-	{

-	KEY_TABLE_TYPE rd_key;

-	int bitLength;

-	void (*enc)(const unsigned int *subkey, unsigned int *io);

-	void (*dec)(const unsigned int *subkey, unsigned int *io);

-	};

-typedef struct camellia_key_st CAMELLIA_KEY;

-int Camellia_set_key(const unsigned char *userKey, const int bits,

-	CAMELLIA_KEY *key);

-void Camellia_encrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key);

-void Camellia_decrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key);

-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key, const int enc);

-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, const int enc);

-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,

-	const int nbits,const CAMELLIA_KEY *key,

-	unsigned char *ivec,const int enc);

-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num);

-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char ivec[CAMELLIA_BLOCK_SIZE],

-	unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],

-	unsigned int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* !HEADER_Camellia_H */

--- a/sys/include/ape/openssl/cast.h

+++ /dev/null

@@ -1,105 +1,0 @@

-/* crypto/cast/cast.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_CAST_H

-#define HEADER_CAST_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_CAST

-#error CAST is disabled.

-#endif

-#define CAST_ENCRYPT	1

-#define CAST_DECRYPT	0

-#define CAST_LONG unsigned long

-#define CAST_BLOCK	8

-#define CAST_KEY_LENGTH	16

-typedef struct cast_key_st

-	{

-	CAST_LONG data[32];

-	int short_key;	/* Use reduced rounds for short key */

-	} CAST_KEY;

-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);

-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,

-		      int enc);

-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);

-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);

-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-		      CAST_KEY *ks, unsigned char *iv, int enc);

-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, CAST_KEY *schedule, unsigned char *ivec,

-			int *num, int enc);

-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, CAST_KEY *schedule, unsigned char *ivec,

-			int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/comp.h

+++ /dev/null

@@ -1,66 +1,0 @@

-#ifndef HEADER_COMP_H

-#define HEADER_COMP_H

-#include <openssl/crypto.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct comp_ctx_st COMP_CTX;

-typedef struct comp_method_st

-	{

-	int type;		/* NID for compression library */

-	const char *name;	/* A text string to identify the library */

-	int (*init)(COMP_CTX *ctx);

-	void (*finish)(COMP_CTX *ctx);

-	int (*compress)(COMP_CTX *ctx,

-			unsigned char *out, unsigned int olen,

-			unsigned char *in, unsigned int ilen);

-	int (*expand)(COMP_CTX *ctx,

-		      unsigned char *out, unsigned int olen,

-		      unsigned char *in, unsigned int ilen);

-	/* The following two do NOTHING, but are kept for backward compatibility */

-	long (*ctrl)(void);

-	long (*callback_ctrl)(void);

-	} COMP_METHOD;

-struct comp_ctx_st

-	{

-	COMP_METHOD *meth;

-	unsigned long compress_in;

-	unsigned long compress_out;

-	unsigned long expand_in;

-	unsigned long expand_out;

-	CRYPTO_EX_DATA	ex_data;

-	};

-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);

-void COMP_CTX_free(COMP_CTX *ctx);

-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,

-	unsigned char *in, int ilen);

-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,

-	unsigned char *in, int ilen);

-COMP_METHOD *COMP_rle(void );

-COMP_METHOD *COMP_zlib(void );

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_COMP_strings(void);

-/* Error codes for the COMP functions. */

-/* Function codes. */

-/* Reason codes. */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/conf.h

+++ /dev/null

@@ -1,254 +1,0 @@

-/* crypto/conf/conf.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef  HEADER_CONF_H

-#define HEADER_CONF_H

-#include <openssl/bio.h>

-#include <openssl/lhash.h>

-#include <openssl/stack.h>

-#include <openssl/safestack.h>

-#include <openssl/e_os2.h>

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct

-	{

-	char *section;

-	char *name;

-	char *value;

-	} CONF_VALUE;

-DECLARE_STACK_OF(CONF_VALUE)

-DECLARE_STACK_OF(CONF_MODULE)

-DECLARE_STACK_OF(CONF_IMODULE)

-struct conf_st;

-struct conf_method_st;

-typedef struct conf_method_st CONF_METHOD;

-struct conf_method_st

-	{

-	const char *name;

-	CONF *(*create)(CONF_METHOD *meth);

-	int (*init)(CONF *conf);

-	int (*destroy)(CONF *conf);

-	int (*destroy_data)(CONF *conf);

-	int (*load_bio)(CONF *conf, BIO *bp, long *eline);

-	int (*dump)(const CONF *conf, BIO *bp);

-	int (*is_number)(const CONF *conf, char c);

-	int (*to_int)(const CONF *conf, char c);

-	int (*load)(CONF *conf, const char *name, long *eline);

-	};

-/* Module definitions */

-typedef struct conf_imodule_st CONF_IMODULE;

-typedef struct conf_module_st CONF_MODULE;

-/* DSO module function typedefs */

-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);

-typedef void conf_finish_func(CONF_IMODULE *md);

-#define	CONF_MFLAGS_IGNORE_ERRORS	0x1

-#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2

-#define CONF_MFLAGS_SILENT		0x4

-#define CONF_MFLAGS_NO_DSO		0x8

-#define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10

-#define CONF_MFLAGS_DEFAULT_SECTION	0x20

-int CONF_set_default_method(CONF_METHOD *meth);

-void CONF_set_nconf(CONF *conf,LHASH *hash);

-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);

-#ifndef OPENSSL_NO_FP_API

-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);

-#endif

-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);

-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);

-char *CONF_get_string(LHASH *conf,const char *group,const char *name);

-long CONF_get_number(LHASH *conf,const char *group,const char *name);

-void CONF_free(LHASH *conf);

-int CONF_dump_fp(LHASH *conf, FILE *out);

-int CONF_dump_bio(LHASH *conf, BIO *out);

-void OPENSSL_config(const char *config_name);

-void OPENSSL_no_config(void);

-/* New conf code.  The semantics are different from the functions above.

-   If that wasn't the case, the above functions would have been replaced */

-struct conf_st

-	{

-	CONF_METHOD *meth;

-	void *meth_data;

-	LHASH *data;

-	};

-CONF *NCONF_new(CONF_METHOD *meth);

-CONF_METHOD *NCONF_default(void);

-CONF_METHOD *NCONF_WIN32(void);

-#if 0 /* Just to give you an idea of what I have in mind */

-CONF_METHOD *NCONF_XML(void);

-#endif

-void NCONF_free(CONF *conf);

-void NCONF_free_data(CONF *conf);

-int NCONF_load(CONF *conf,const char *file,long *eline);

-#ifndef OPENSSL_NO_FP_API

-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);

-#endif

-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);

-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);

-char *NCONF_get_string(const CONF *conf,const char *group,const char *name);

-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,

-		       long *result);

-int NCONF_dump_fp(const CONF *conf, FILE *out);

-int NCONF_dump_bio(const CONF *conf, BIO *out);

-#if 0 /* The following function has no error checking,

-	 and should therefore be avoided */

-long NCONF_get_number(CONF *conf,char *group,char *name);

-#else

-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)

-#endif

-/* Module functions */

-int CONF_modules_load(const CONF *cnf, const char *appname,

-		      unsigned long flags);

-int CONF_modules_load_file(const char *filename, const char *appname,

-			   unsigned long flags);

-void CONF_modules_unload(int all);

-void CONF_modules_finish(void);

-void CONF_modules_free(void);

-int CONF_module_add(const char *name, conf_init_func *ifunc,

-		    conf_finish_func *ffunc);

-const char *CONF_imodule_get_name(const CONF_IMODULE *md);

-const char *CONF_imodule_get_value(const CONF_IMODULE *md);

-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);

-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);

-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);

-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);

-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);

-void *CONF_module_get_usr_data(CONF_MODULE *pmod);

-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);

-char *CONF_get1_default_config_file(void);

-int CONF_parse_list(const char *list, int sep, int nospc,

-	int (*list_cb)(const char *elem, int len, void *usr), void *arg);

-void OPENSSL_load_builtin_modules(void);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_CONF_strings(void);

-/* Error codes for the CONF functions. */

-/* Function codes. */

-#define CONF_F_CONF_DUMP_FP				 104

-#define CONF_F_CONF_LOAD				 100

-#define CONF_F_CONF_LOAD_BIO				 102

-#define CONF_F_CONF_LOAD_FP				 103

-#define CONF_F_CONF_MODULES_LOAD			 116

-#define CONF_F_DEF_LOAD					 120

-#define CONF_F_DEF_LOAD_BIO				 121

-#define CONF_F_MODULE_INIT				 115

-#define CONF_F_MODULE_LOAD_DSO				 117

-#define CONF_F_MODULE_RUN				 118

-#define CONF_F_NCONF_DUMP_BIO				 105

-#define CONF_F_NCONF_DUMP_FP				 106

-#define CONF_F_NCONF_GET_NUMBER				 107

-#define CONF_F_NCONF_GET_NUMBER_E			 112

-#define CONF_F_NCONF_GET_SECTION			 108

-#define CONF_F_NCONF_GET_STRING				 109

-#define CONF_F_NCONF_LOAD				 113

-#define CONF_F_NCONF_LOAD_BIO				 110

-#define CONF_F_NCONF_LOAD_FP				 114

-#define CONF_F_NCONF_NEW				 111

-#define CONF_F_STR_COPY					 101

-/* Reason codes. */

-#define CONF_R_ERROR_LOADING_DSO			 110

-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100

-#define CONF_R_MISSING_EQUAL_SIGN			 101

-#define CONF_R_MISSING_FINISH_FUNCTION			 111

-#define CONF_R_MISSING_INIT_FUNCTION			 112

-#define CONF_R_MODULE_INITIALIZATION_ERROR		 109

-#define CONF_R_NO_CLOSE_BRACE				 102

-#define CONF_R_NO_CONF					 105

-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106

-#define CONF_R_NO_SECTION				 107

-#define CONF_R_NO_SUCH_FILE				 114

-#define CONF_R_NO_VALUE					 108

-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103

-#define CONF_R_UNKNOWN_MODULE_NAME			 113

-#define CONF_R_VARIABLE_HAS_NO_VALUE			 104

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/conf_api.h

+++ /dev/null

@@ -1,89 +1,0 @@

-/* conf_api.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef  HEADER_CONF_API_H

-#define HEADER_CONF_API_H

-#include <openssl/lhash.h>

-#include <openssl/conf.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Up until OpenSSL 0.9.5a, this was new_section */

-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);

-/* Up until OpenSSL 0.9.5a, this was get_section */

-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);

-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */

-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,

-					       const char *section);

-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);

-char *_CONF_get_string(const CONF *conf, const char *section,

-		       const char *name);

-long _CONF_get_number(const CONF *conf, const char *section, const char *name);

-int _CONF_new_data(CONF *conf);

-void _CONF_free_data(CONF *conf);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/crypto.h

+++ /dev/null

@@ -1,550 +1,0 @@

-/* crypto/crypto.h */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_CRYPTO_H

-#define HEADER_CRYPTO_H

-#include <stdlib.h>

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/safestack.h>

-#include <openssl/opensslv.h>

-#include <openssl/ossl_typ.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-/* Resolve problems on some operating systems with symbol names that clash

-   one way or another */

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Backward compatibility to SSLeay */

-/* This is more to be used to check the correct DLL is being used

- * in the MS world. */

-#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER

-#define SSLEAY_VERSION		0

-/* #define SSLEAY_OPTIONS	1 no longer supported */

-#define SSLEAY_CFLAGS		2

-#define SSLEAY_BUILT_ON		3

-#define SSLEAY_PLATFORM		4

-#define SSLEAY_DIR		5

-/* Already declared in ossl_typ.h */

-#if 0

-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;

-/* Called when a new object is created */

-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-/* Called when an object is free()ed */

-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-/* Called when we need to dup an object */

-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,

-					int idx, long argl, void *argp);

-#endif

-/* A generic structure to pass assorted data in a expandable way */

-typedef struct openssl_item_st

-	{

-	int code;

-	void *value;		/* Not used for flag attributes */

-	size_t value_size;	/* Max size of value for output, length for input */

-	size_t *value_length;	/* Returned length of value for output */

-	} OPENSSL_ITEM;

-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock

- * names in cryptlib.c

- */

-#define	CRYPTO_LOCK_ERR			1

-#define	CRYPTO_LOCK_EX_DATA		2

-#define	CRYPTO_LOCK_X509		3

-#define	CRYPTO_LOCK_X509_INFO		4

-#define	CRYPTO_LOCK_X509_PKEY		5

-#define CRYPTO_LOCK_X509_CRL		6

-#define CRYPTO_LOCK_X509_REQ		7

-#define CRYPTO_LOCK_DSA			8

-#define CRYPTO_LOCK_RSA			9

-#define CRYPTO_LOCK_EVP_PKEY		10

-#define CRYPTO_LOCK_X509_STORE		11

-#define CRYPTO_LOCK_SSL_CTX		12

-#define CRYPTO_LOCK_SSL_CERT		13

-#define CRYPTO_LOCK_SSL_SESSION		14

-#define CRYPTO_LOCK_SSL_SESS_CERT	15

-#define CRYPTO_LOCK_SSL			16

-#define CRYPTO_LOCK_SSL_METHOD		17

-#define CRYPTO_LOCK_RAND		18

-#define CRYPTO_LOCK_RAND2		19

-#define CRYPTO_LOCK_MALLOC		20

-#define CRYPTO_LOCK_BIO			21

-#define CRYPTO_LOCK_GETHOSTBYNAME	22

-#define CRYPTO_LOCK_GETSERVBYNAME	23

-#define CRYPTO_LOCK_READDIR		24

-#define CRYPTO_LOCK_RSA_BLINDING	25

-#define CRYPTO_LOCK_DH			26

-#define CRYPTO_LOCK_MALLOC2		27

-#define CRYPTO_LOCK_DSO			28

-#define CRYPTO_LOCK_DYNLOCK		29

-#define CRYPTO_LOCK_ENGINE		30

-#define CRYPTO_LOCK_UI			31

-#define CRYPTO_LOCK_ECDSA               32

-#define CRYPTO_LOCK_EC			33

-#define CRYPTO_LOCK_ECDH		34

-#define CRYPTO_LOCK_BN  		35

-#define CRYPTO_LOCK_EC_PRE_COMP		36

-#define CRYPTO_LOCK_STORE		37

-#define CRYPTO_LOCK_COMP		38

-#define CRYPTO_NUM_LOCKS		39

-#define CRYPTO_LOCK		1

-#define CRYPTO_UNLOCK		2

-#define CRYPTO_READ		4

-#define CRYPTO_WRITE		8

-#ifndef OPENSSL_NO_LOCKING

-#ifndef CRYPTO_w_lock

-#define CRYPTO_w_lock(type)	\

-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)

-#define CRYPTO_w_unlock(type)	\

-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)

-#define CRYPTO_r_lock(type)	\

-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)

-#define CRYPTO_r_unlock(type)	\

-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)

-#define CRYPTO_add(addr,amount,type)	\

-	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)

-#endif

-#else

-#define CRYPTO_w_lock(a)

-#define CRYPTO_w_unlock(a)

-#define CRYPTO_r_lock(a)

-#define CRYPTO_r_unlock(a)

-#define CRYPTO_add(a,b,c)	((*(a))+=(b))

-#endif

-/* Some applications as well as some parts of OpenSSL need to allocate

-   and deallocate locks in a dynamic fashion.  The following typedef

-   makes this possible in a type-safe manner.  */

-/* struct CRYPTO_dynlock_value has to be defined by the application. */

-typedef struct

-	{

-	int references;

-	struct CRYPTO_dynlock_value *data;

-	} CRYPTO_dynlock;

-/* The following can be used to detect memory leaks in the SSLeay library.

- * It used, it turns on malloc checking */

-#define CRYPTO_MEM_CHECK_OFF	0x0	/* an enume */

-#define CRYPTO_MEM_CHECK_ON	0x1	/* a bit */

-#define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */

-#define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */

-/* The following are bit values to turn on or off options connected to the

- * malloc checking functionality */

-/* Adds time to the memory checking information */

-#define V_CRYPTO_MDEBUG_TIME	0x1 /* a bit */

-/* Adds thread number to the memory checking information */

-#define V_CRYPTO_MDEBUG_THREAD	0x2 /* a bit */

-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)

-/* predec of the BIO type */

-typedef struct bio_st BIO_dummy;

-struct crypto_ex_data_st

-	{

-	STACK *sk;

-	int dummy; /* gcc is screwing up this data structure :-( */

-	};

-/* This stuff is basically class callback functions

- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */

-typedef struct crypto_ex_data_func_st

-	{

-	long argl;	/* Arbitary long */

-	void *argp;	/* Arbitary void * */

-	CRYPTO_EX_new *new_func;

-	CRYPTO_EX_free *free_func;

-	CRYPTO_EX_dup *dup_func;

-	} CRYPTO_EX_DATA_FUNCS;

-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)

-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA

- * entry.

- */

-#define CRYPTO_EX_INDEX_BIO		0

-#define CRYPTO_EX_INDEX_SSL		1

-#define CRYPTO_EX_INDEX_SSL_CTX		2

-#define CRYPTO_EX_INDEX_SSL_SESSION	3

-#define CRYPTO_EX_INDEX_X509_STORE	4

-#define CRYPTO_EX_INDEX_X509_STORE_CTX	5

-#define CRYPTO_EX_INDEX_RSA		6

-#define CRYPTO_EX_INDEX_DSA		7

-#define CRYPTO_EX_INDEX_DH		8

-#define CRYPTO_EX_INDEX_ENGINE		9

-#define CRYPTO_EX_INDEX_X509		10

-#define CRYPTO_EX_INDEX_UI		11

-#define CRYPTO_EX_INDEX_ECDSA		12

-#define CRYPTO_EX_INDEX_ECDH		13

-#define CRYPTO_EX_INDEX_COMP		14

-#define CRYPTO_EX_INDEX_STORE		15

-/* Dynamically assigned indexes start from this value (don't use directly, use

- * via CRYPTO_ex_data_new_class). */

-#define CRYPTO_EX_INDEX_USER		100

-/* This is the default callbacks, but we can have others as well:

- * this is needed in Win32 where the application malloc and the

- * library malloc may not be the same.

- */

-#define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\

-	malloc, realloc, free)

-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD

-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */

-#  define CRYPTO_MDEBUG

-# endif

-#endif

-/* Set standard debugging functions (not done by default

- * unless CRYPTO_MDEBUG is defined) */

-#define CRYPTO_malloc_debug_init()	do {\

-	CRYPTO_set_mem_debug_functions(\

-		CRYPTO_dbg_malloc,\

-		CRYPTO_dbg_realloc,\

-		CRYPTO_dbg_free,\

-		CRYPTO_dbg_set_options,\

-		CRYPTO_dbg_get_options);\

-	} while(0)

-int CRYPTO_mem_ctrl(int mode);

-int CRYPTO_is_mem_check_on(void);

-/* for applications */

-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)

-#define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)

-/* for library-internal use */

-#define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)

-#define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)

-#define is_MemCheck_on() CRYPTO_is_mem_check_on()

-#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)

-#define OPENSSL_realloc(addr,num) \

-	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)

-#define OPENSSL_realloc_clean(addr,old_num,num) \

-	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)

-#define OPENSSL_remalloc(addr,num) \

-	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)

-#define OPENSSL_freeFunc	CRYPTO_free

-#define OPENSSL_free(addr)	CRYPTO_free(addr)

-#define OPENSSL_malloc_locked(num) \

-	CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)

-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)

-const char *SSLeay_version(int type);

-unsigned long SSLeay(void);

-int OPENSSL_issetugid(void);

-/* An opaque type representing an implementation of "ex_data" support */

-typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;

-/* Return an opaque pointer to the current "ex_data" implementation */

-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);

-/* Sets the "ex_data" implementation to be used (if it's not too late) */

-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);

-/* Get a new "ex_data" class, and return the corresponding "class_index" */

-int CRYPTO_ex_data_new_class(void);

-/* Within a given class, get/register a new index */

-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,

-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-		CRYPTO_EX_free *free_func);

-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given

- * class (invokes whatever per-class callbacks are applicable) */

-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);

-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,

-		CRYPTO_EX_DATA *from);

-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);

-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index

- * (relative to the class type involved) */

-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);

-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);

-/* This function cleans up all "ex_data" state. It mustn't be called under

- * potential race-conditions. */

-void CRYPTO_cleanup_all_ex_data(void);

-int CRYPTO_get_new_lockid(char *name);

-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */

-void CRYPTO_lock(int mode, int type,const char *file,int line);

-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,

-					      const char *file,int line));

-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,

-		int line);

-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,

-					      const char *file, int line));

-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,

-					  const char *file,int line);

-void CRYPTO_set_id_callback(unsigned long (*func)(void));

-unsigned long (*CRYPTO_get_id_callback(void))(void);

-unsigned long CRYPTO_thread_id(void);

-const char *CRYPTO_get_lock_name(int type);

-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,

-		    int line);

-int CRYPTO_get_new_dynlockid(void);

-void CRYPTO_destroy_dynlockid(int i);

-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);

-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));

-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));

-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));

-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);

-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);

-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);

-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --

- * call the latter last if you need different functions */

-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));

-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));

-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),

-                                void *(*r)(void *,size_t,const char *,int),

-                                void (*f)(void *));

-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),

-                                       void (*free_func)(void *));

-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),

-				   void (*r)(void *,void *,int,const char *,int,int),

-				   void (*f)(void *,int),

-				   void (*so)(long),

-				   long (*go)(void));

-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));

-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));

-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),

-                                 void *(**r)(void *, size_t,const char *,int),

-                                 void (**f)(void *));

-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),

-                                        void (**f)(void *));

-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),

-				    void (**r)(void *,void *,int,const char *,int,int),

-				    void (**f)(void *,int),

-				    void (**so)(long),

-				    long (**go)(void));

-void *CRYPTO_malloc_locked(int num, const char *file, int line);

-void CRYPTO_free_locked(void *);

-void *CRYPTO_malloc(int num, const char *file, int line);

-void CRYPTO_free(void *);

-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);

-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,

-			   int line);

-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);

-void OPENSSL_cleanse(void *ptr, size_t len);

-void CRYPTO_set_mem_debug_options(long bits);

-long CRYPTO_get_mem_debug_options(void);

-#define CRYPTO_push_info(info) \

-        CRYPTO_push_info_(info, __FILE__, __LINE__);

-int CRYPTO_push_info_(const char *info, const char *file, int line);

-int CRYPTO_pop_info(void);

-int CRYPTO_remove_all_info(void);

-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;

- * used as default in CRYPTO_MDEBUG compilations): */

-/* The last argument has the following significance:

- *

- * 0:	called before the actual memory allocation has taken place

- * 1:	called after the actual memory allocation has taken place

- */

-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);

-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);

-void CRYPTO_dbg_free(void *addr,int before_p);

-/* Tell the debugging code about options.  By default, the following values

- * apply:

- *

- * 0:                           Clear all options.

- * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.

- * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.

- * V_CRYPTO_MDEBUG_ALL (3):     1 + 2

- */

-void CRYPTO_dbg_set_options(long bits);

-long CRYPTO_dbg_get_options(void);

-#ifndef OPENSSL_NO_FP_API

-void CRYPTO_mem_leaks_fp(FILE *);

-#endif

-void CRYPTO_mem_leaks(struct bio_st *bio);

-/* unsigned long order, char *file, int line, int num_bytes, char *addr */

-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);

-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);

-/* die if we have to */

-void OpenSSLDie(const char *file,int line,const char *assertion);

-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))

-unsigned long *OPENSSL_ia32cap_loc(void);

-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_CRYPTO_strings(void);

-/* Error codes for the CRYPTO functions. */

-/* Function codes. */

-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100

-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103

-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101

-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102

-#define CRYPTO_F_DEF_ADD_INDEX				 104

-#define CRYPTO_F_DEF_GET_CLASS				 105

-#define CRYPTO_F_INT_DUP_EX_DATA			 106

-#define CRYPTO_F_INT_FREE_EX_DATA			 107

-#define CRYPTO_F_INT_NEW_EX_DATA			 108

-/* Reason codes. */

-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/des.h

+++ /dev/null

@@ -1,244 +1,0 @@

-/* crypto/des/des.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_NEW_DES_H

-#define HEADER_NEW_DES_H

-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES,

-				   DES_LONG (via openssl/opensslconf.h */

-#ifdef OPENSSL_NO_DES

-#error DES is disabled.

-#endif

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef unsigned char DES_cblock[8];

-typedef /* const */ unsigned char const_DES_cblock[8];

-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *

- * and const_DES_cblock * are incompatible pointer types. */

-typedef struct DES_ks

-    {

-    union

-	{

-	DES_cblock cblock;

-	/* make sure things are correct size on machines with

-	 * 8 byte longs */

-	DES_LONG deslong[2];

-	} ks[16];

-    } DES_key_schedule;

-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT

-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT

-#  define OPENSSL_ENABLE_OLD_DES_SUPPORT

-# endif

-#endif

-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT

-# include <openssl/des_old.h>

-#endif

-#define DES_KEY_SZ 	(sizeof(DES_cblock))

-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))

-#define DES_ENCRYPT	1

-#define DES_DECRYPT	0

-#define DES_CBC_MODE	0

-#define DES_PCBC_MODE	1

-#define DES_ecb2_encrypt(i,o,k1,k2,e) \

-	DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \

-	DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \

-	DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \

-	DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-OPENSSL_DECLARE_GLOBAL(int,DES_check_key);	/* defaults to false */

-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)

-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */

-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)

-const char *DES_options(void);

-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,

-		      DES_key_schedule *ks1,DES_key_schedule *ks2,

-		      DES_key_schedule *ks3, int enc);

-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,

-		       long length,DES_key_schedule *schedule,

-		       const_DES_cblock *ivec);

-/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */

-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,

-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		     int enc);

-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,

-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		      int enc);

-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,

-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);

-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,

-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		     int enc);

-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,

-		     DES_key_schedule *ks,int enc);

-/* 	This is the DES encryption function that gets called by just about

-	every other DES routine in the library.  You should not use this

-	function except to implement 'modes' of DES.  I say this because the

-	functions that call this routine do the conversion from 'char *' to

-	long, and this needs to be done to make sure 'non-aligned' memory

-	access do not occur.  The characters are loaded 'little endian'.

-	Data is a pointer to 2 unsigned long's and ks is the

-	DES_key_schedule to use.  enc, is non zero specifies encryption,

-	zero if decryption. */

-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);

-/* 	This functions is the same as DES_encrypt1() except that the DES

-	initial permutation (IP) and final permutation (FP) have been left

-	out.  As for DES_encrypt1(), you should not use this function.

-	It is used by the routines in the library that implement triple DES.

-	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same

-	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */

-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);

-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,

-		  DES_key_schedule *ks2, DES_key_schedule *ks3);

-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,

-		  DES_key_schedule *ks2, DES_key_schedule *ks3);

-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output,

-			  long length,

-			  DES_key_schedule *ks1,DES_key_schedule *ks2,

-			  DES_key_schedule *ks3,DES_cblock *ivec,int enc);

-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,

-			   long length,

-			   DES_key_schedule *ks1,DES_key_schedule *ks2,

-			   DES_key_schedule *ks3,

-			   DES_cblock *ivec1,DES_cblock *ivec2,

-			   int enc);

-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,

-			    long length,DES_key_schedule *ks1,

-			    DES_key_schedule *ks2,DES_key_schedule *ks3,

-			    DES_cblock *ivec,int *num,int enc);

-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,

-			  int numbits,long length,DES_key_schedule *ks1,

-			  DES_key_schedule *ks2,DES_key_schedule *ks3,

-			  DES_cblock *ivec,int enc);

-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,

-			    long length,DES_key_schedule *ks1,

-			    DES_key_schedule *ks2,DES_key_schedule *ks3,

-			    DES_cblock *ivec,int *num);

-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,

-		       DES_cblock *out_white);

-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,

-		 DES_cblock *iv);

-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,

-		  DES_cblock *iv);

-char *DES_fcrypt(const char *buf,const char *salt, char *ret);

-char *DES_crypt(const char *buf,const char *salt);

-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,

-		     long length,DES_key_schedule *schedule,DES_cblock *ivec);

-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,

-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		      int enc);

-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],

-			long length,int out_count,DES_cblock *seed);

-int DES_random_key(DES_cblock *ret);

-void DES_set_odd_parity(DES_cblock *key);

-int DES_check_key_parity(const_DES_cblock *key);

-int DES_is_weak_key(const_DES_cblock *key);

-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls

- * DES_set_key_checked if global variable DES_check_key is set,

- * DES_set_key_unchecked otherwise. */

-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);

-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);

-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);

-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);

-void DES_string_to_key(const char *str,DES_cblock *key);

-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);

-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,

-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,

-		       int enc);

-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,

-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);

-int DES_read_password(DES_cblock *key, const char *prompt, int verify);

-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,

-	int verify);

-#define DES_fixup_key_parity DES_set_odd_parity

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/des_old.h

+++ /dev/null

@@ -1,445 +1,0 @@

-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */

-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- *

- * The function names in here are deprecated and are only present to

- * provide an interface compatible with openssl 0.9.6 and older as

- * well as libdes.  OpenSSL now provides functions where "des_" has

- * been replaced with "DES_" in the names, to make it possible to

- * make incompatible changes that are needed for C type security and

- * other stuff.

- *

- * This include files has two compatibility modes:

- *

- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API

- *     that is compatible with libdes and SSLeay.

- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an

- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.

- *

- * Note that these modes break earlier snapshots of OpenSSL, where

- * libdes compatibility was the only available mode or (later on) the

- * prefered compatibility mode.  However, after much consideration

- * (and more or less violent discussions with external parties), it

- * was concluded that OpenSSL should be compatible with earlier versions

- * of itself before anything else.  Also, in all honesty, libdes is

- * an old beast that shouldn't really be used any more.

- *

- * Please consider starting to use the DES_ functions rather than the

- * des_ ones.  The des_ functions will disappear completely before

- * OpenSSL 1.0!

- *

- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_DES_H

-#define HEADER_DES_H

-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */

-#ifdef OPENSSL_NO_DES

-#error DES is disabled.

-#endif

-#ifndef HEADER_NEW_DES_H

-#error You must include des.h, not des_old.h directly.

-#endif

-#ifdef _KERBEROS_DES_H

-#error <openssl/des_old.h> replaces <kerberos/des.h>.

-#endif

-#include <openssl/symhacks.h>

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef _

-#undef _

-#endif

-typedef unsigned char _ossl_old_des_cblock[8];

-typedef struct _ossl_old_des_ks_struct

-	{

-	union	{

-		_ossl_old_des_cblock _;

-		/* make sure things are correct size on machines with

-		 * 8 byte longs */

-		DES_LONG pad[2];

-		} ks;

-	} _ossl_old_des_key_schedule[16];

-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY

-#define des_cblock DES_cblock

-#define const_des_cblock const_DES_cblock

-#define des_key_schedule DES_key_schedule

-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\

-	DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))

-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\

-	DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))

-#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\

-	DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))

-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\

-	DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))

-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\

-	DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))

-#define des_options()\

-	DES_options()

-#define des_cbc_cksum(i,o,l,k,iv)\

-	DES_cbc_cksum((i),(o),(l),&(k),(iv))

-#define des_cbc_encrypt(i,o,l,k,iv,e)\

-	DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))

-#define des_ncbc_encrypt(i,o,l,k,iv,e)\

-	DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))

-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\

-	DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))

-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\

-	DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))

-#define des_ecb_encrypt(i,o,k,e)\

-	DES_ecb_encrypt((i),(o),&(k),(e))

-#define des_encrypt1(d,k,e)\

-	DES_encrypt1((d),&(k),(e))

-#define des_encrypt2(d,k,e)\

-	DES_encrypt2((d),&(k),(e))

-#define des_encrypt3(d,k1,k2,k3)\

-	DES_encrypt3((d),&(k1),&(k2),&(k3))

-#define des_decrypt3(d,k1,k2,k3)\

-	DES_decrypt3((d),&(k1),&(k2),&(k3))

-#define des_xwhite_in2out(k,i,o)\

-	DES_xwhite_in2out((k),(i),(o))

-#define des_enc_read(f,b,l,k,iv)\

-	DES_enc_read((f),(b),(l),&(k),(iv))

-#define des_enc_write(f,b,l,k,iv)\

-	DES_enc_write((f),(b),(l),&(k),(iv))

-#define des_fcrypt(b,s,r)\

-	DES_fcrypt((b),(s),(r))

-#if 0

-#define des_crypt(b,s)\

-	DES_crypt((b),(s))

-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)

-#define crypt(b,s)\

-	DES_crypt((b),(s))

-#endif

-#endif

-#define des_ofb_encrypt(i,o,n,l,k,iv)\

-	DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))

-#define des_pcbc_encrypt(i,o,l,k,iv,e)\

-	DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))

-#define des_quad_cksum(i,o,l,c,s)\

-	DES_quad_cksum((i),(o),(l),(c),(s))

-#define des_random_seed(k)\

-	_ossl_096_des_random_seed((k))

-#define des_random_key(r)\

-	DES_random_key((r))

-#define des_read_password(k,p,v) \

-	DES_read_password((k),(p),(v))

-#define des_read_2passwords(k1,k2,p,v) \

-	DES_read_2passwords((k1),(k2),(p),(v))

-#define des_set_odd_parity(k)\

-	DES_set_odd_parity((k))

-#define des_check_key_parity(k)\

-	DES_check_key_parity((k))

-#define des_is_weak_key(k)\

-	DES_is_weak_key((k))

-#define des_set_key(k,ks)\

-	DES_set_key((k),&(ks))

-#define des_key_sched(k,ks)\

-	DES_key_sched((k),&(ks))

-#define des_set_key_checked(k,ks)\

-	DES_set_key_checked((k),&(ks))

-#define des_set_key_unchecked(k,ks)\

-	DES_set_key_unchecked((k),&(ks))

-#define des_string_to_key(s,k)\

-	DES_string_to_key((s),(k))

-#define des_string_to_2keys(s,k1,k2)\

-	DES_string_to_2keys((s),(k1),(k2))

-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\

-	DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))

-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\

-	DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))

-#define des_ecb2_encrypt(i,o,k1,k2,e) \

-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \

-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \

-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \

-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-#define des_check_key DES_check_key

-#define des_rw_mode DES_rw_mode

-#else /* libdes compatibility */

-/* Map all symbol names to _ossl_old_des_* form, so we avoid all

-   clashes with libdes */

-#define des_cblock _ossl_old_des_cblock

-#define des_key_schedule _ossl_old_des_key_schedule

-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\

-	_ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))

-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\

-	_ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))

-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\

-	_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))

-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\

-	_ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))

-#define des_options()\

-	_ossl_old_des_options()

-#define des_cbc_cksum(i,o,l,k,iv)\

-	_ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))

-#define des_cbc_encrypt(i,o,l,k,iv,e)\

-	_ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))

-#define des_ncbc_encrypt(i,o,l,k,iv,e)\

-	_ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))

-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\

-	_ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))

-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\

-	_ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))

-#define des_ecb_encrypt(i,o,k,e)\

-	_ossl_old_des_ecb_encrypt((i),(o),(k),(e))

-#define des_encrypt(d,k,e)\

-	_ossl_old_des_encrypt((d),(k),(e))

-#define des_encrypt2(d,k,e)\

-	_ossl_old_des_encrypt2((d),(k),(e))

-#define des_encrypt3(d,k1,k2,k3)\

-	_ossl_old_des_encrypt3((d),(k1),(k2),(k3))

-#define des_decrypt3(d,k1,k2,k3)\

-	_ossl_old_des_decrypt3((d),(k1),(k2),(k3))

-#define des_xwhite_in2out(k,i,o)\

-	_ossl_old_des_xwhite_in2out((k),(i),(o))

-#define des_enc_read(f,b,l,k,iv)\

-	_ossl_old_des_enc_read((f),(b),(l),(k),(iv))

-#define des_enc_write(f,b,l,k,iv)\

-	_ossl_old_des_enc_write((f),(b),(l),(k),(iv))

-#define des_fcrypt(b,s,r)\

-	_ossl_old_des_fcrypt((b),(s),(r))

-#define des_crypt(b,s)\

-	_ossl_old_des_crypt((b),(s))

-#if 0

-#define crypt(b,s)\

-	_ossl_old_crypt((b),(s))

-#endif

-#define des_ofb_encrypt(i,o,n,l,k,iv)\

-	_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))

-#define des_pcbc_encrypt(i,o,l,k,iv,e)\

-	_ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))

-#define des_quad_cksum(i,o,l,c,s)\

-	_ossl_old_des_quad_cksum((i),(o),(l),(c),(s))

-#define des_random_seed(k)\

-	_ossl_old_des_random_seed((k))

-#define des_random_key(r)\

-	_ossl_old_des_random_key((r))

-#define des_read_password(k,p,v) \

-	_ossl_old_des_read_password((k),(p),(v))

-#define des_read_2passwords(k1,k2,p,v) \

-	_ossl_old_des_read_2passwords((k1),(k2),(p),(v))

-#define des_set_odd_parity(k)\

-	_ossl_old_des_set_odd_parity((k))

-#define des_is_weak_key(k)\

-	_ossl_old_des_is_weak_key((k))

-#define des_set_key(k,ks)\

-	_ossl_old_des_set_key((k),(ks))

-#define des_key_sched(k,ks)\

-	_ossl_old_des_key_sched((k),(ks))

-#define des_string_to_key(s,k)\

-	_ossl_old_des_string_to_key((s),(k))

-#define des_string_to_2keys(s,k1,k2)\

-	_ossl_old_des_string_to_2keys((s),(k1),(k2))

-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\

-	_ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))

-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\

-	_ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))

-#define des_ecb2_encrypt(i,o,k1,k2,e) \

-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \

-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \

-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \

-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-#define des_check_key DES_check_key

-#define des_rw_mode DES_rw_mode

-#endif

-const char *_ossl_old_des_options(void);

-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, int enc);

-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);

-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,

-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);

-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,

-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	_ossl_old_des_key_schedule ks,int enc);

-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);

-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);

-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,

-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);

-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,

-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);

-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output,

-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);

-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,

-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);

-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,

-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);

-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),

-	_ossl_old_des_cblock (*out_white));

-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,

-	_ossl_old_des_cblock *iv);

-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,

-	_ossl_old_des_cblock *iv);

-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);

-char *_ossl_old_des_crypt(const char *buf,const char *salt);

-#if !defined(PERL5) && !defined(NeXT)

-char *_ossl_old_crypt(const char *buf,const char *salt);

-#endif

-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,

-	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);

-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	long length,int out_count,_ossl_old_des_cblock *seed);

-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);

-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);

-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);

-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,

-	const char *prompt,int verify);

-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);

-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);

-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);

-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);

-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);

-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);

-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);

-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);

-void _ossl_096_des_random_seed(des_cblock *key);

-/* The following definitions provide compatibility with the MIT Kerberos

- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */

-#define _KERBEROS_DES_H

-#define KRBDES_ENCRYPT DES_ENCRYPT

-#define KRBDES_DECRYPT DES_DECRYPT

-#ifdef KERBEROS

-#  define ENCRYPT DES_ENCRYPT

-#  define DECRYPT DES_DECRYPT

-#endif

-#ifndef NCOMPAT

-#  define C_Block des_cblock

-#  define Key_schedule des_key_schedule

-#  define KEY_SZ DES_KEY_SZ

-#  define string_to_key des_string_to_key

-#  define read_pw_string des_read_pw_string

-#  define random_key des_random_key

-#  define pcbc_encrypt des_pcbc_encrypt

-#  define set_key des_set_key

-#  define key_sched des_key_sched

-#  define ecb_encrypt des_ecb_encrypt

-#  define cbc_encrypt des_cbc_encrypt

-#  define ncbc_encrypt des_ncbc_encrypt

-#  define xcbc_encrypt des_xcbc_encrypt

-#  define cbc_cksum des_cbc_cksum

-#  define quad_cksum des_quad_cksum

-#  define check_parity des_check_key_parity

-#endif

-#define des_fixup_key_parity DES_fixup_key_parity

-#ifdef  __cplusplus

-}

-#endif

-/* for DES_read_pw_string et al */

-#include <openssl/ui_compat.h>

-#endif

--- a/sys/include/ape/openssl/dh.h

+++ /dev/null

@@ -1,234 +1,0 @@

-/* crypto/dh/dh.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_DH_H

-#define HEADER_DH_H

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_DH

-#error DH is disabled.

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifndef OPENSSL_DH_MAX_MODULUS_BITS

-# define OPENSSL_DH_MAX_MODULUS_BITS	10000

-#endif

-#define DH_FLAG_CACHE_MONT_P     0x01

-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH

-                                       * implementation now uses constant time

-                                       * modular exponentiation for secret exponents

-                                       * by default. This flag causes the

-                                       * faster variable sliding window method to

-                                       * be used for all exponents.

-                                       */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct dh_st DH; */

-/* typedef struct dh_method DH_METHOD; */

-struct dh_method

-	{

-	const char *name;

-	/* Methods here */

-	int (*generate_key)(DH *dh);

-	int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);

-	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,

-				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-				BN_MONT_CTX *m_ctx); /* Can be null */

-	int (*init)(DH *dh);

-	int (*finish)(DH *dh);

-	int flags;

-	char *app_data;

-	/* If this is non-NULL, it will be used to generate parameters */

-	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);

-	};

-struct dh_st

-	{

-	/* This first argument is used to pick up errors when

-	 * a DH is passed instead of a EVP_PKEY */

-	int pad;

-	int version;

-	BIGNUM *p;

-	BIGNUM *g;

-	long length; /* optional */

-	BIGNUM *pub_key;	/* g^x */

-	BIGNUM *priv_key;	/* x */

-	int flags;

-	BN_MONT_CTX *method_mont_p;

-	/* Place holders if we want to do X9.42 DH */

-	BIGNUM *q;

-	BIGNUM *j;

-	unsigned char *seed;

-	int seedlen;

-	BIGNUM *counter;

-	int references;

-	CRYPTO_EX_DATA ex_data;

-	const DH_METHOD *meth;

-	ENGINE *engine;

-	};

-#define DH_GENERATOR_2		2

-/* #define DH_GENERATOR_3	3 */

-#define DH_GENERATOR_5		5

-/* DH_check error codes */

-#define DH_CHECK_P_NOT_PRIME		0x01

-#define DH_CHECK_P_NOT_SAFE_PRIME	0x02

-#define DH_UNABLE_TO_CHECK_GENERATOR	0x04

-#define DH_NOT_SUITABLE_GENERATOR	0x08

-/* DH_check_pub_key error codes */

-#define DH_CHECK_PUBKEY_TOO_SMALL	0x01

-#define DH_CHECK_PUBKEY_TOO_LARGE	0x02

-/* primes p where (p-1)/2 is prime too are called "safe"; we define

-   this for backward compatibility: */

-#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME

-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)

-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \

-		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))

-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \

-		(unsigned char *)(x))

-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)

-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)

-const DH_METHOD *DH_OpenSSL(void);

-void DH_set_default_method(const DH_METHOD *meth);

-const DH_METHOD *DH_get_default_method(void);

-int DH_set_method(DH *dh, const DH_METHOD *meth);

-DH *DH_new_method(ENGINE *engine);

-DH *	DH_new(void);

-void	DH_free(DH *dh);

-int	DH_up_ref(DH *dh);

-int	DH_size(const DH *dh);

-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int DH_set_ex_data(DH *d, int idx, void *arg);

-void *DH_get_ex_data(DH *d, int idx);

-/* Deprecated version */

-#ifndef OPENSSL_NO_DEPRECATED

-DH *	DH_generate_parameters(int prime_len,int generator,

-		void (*callback)(int,int,void *),void *cb_arg);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* New version */

-int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);

-int	DH_check(const DH *dh,int *codes);

-int	DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);

-int	DH_generate_key(DH *dh);

-int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);

-DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);

-int	i2d_DHparams(const DH *a,unsigned char **pp);

-#ifndef OPENSSL_NO_FP_API

-int	DHparams_print_fp(FILE *fp, const DH *x);

-#endif

-#ifndef OPENSSL_NO_BIO

-int	DHparams_print(BIO *bp, const DH *x);

-#else

-int	DHparams_print(char *bp, const DH *x);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_DH_strings(void);

-/* Error codes for the DH functions. */

-/* Function codes. */

-#define DH_F_COMPUTE_KEY				 102

-#define DH_F_DHPARAMS_PRINT				 100

-#define DH_F_DHPARAMS_PRINT_FP				 101

-#define DH_F_DH_BUILTIN_GENPARAMS			 106

-#define DH_F_DH_NEW_METHOD				 105

-#define DH_F_GENERATE_KEY				 103

-#define DH_F_GENERATE_PARAMETERS			 104

-/* Reason codes. */

-#define DH_R_BAD_GENERATOR				 101

-#define DH_R_INVALID_PUBKEY				 102

-#define DH_R_MODULUS_TOO_LARGE				 103

-#define DH_R_NO_PRIVATE_VALUE				 100

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/dsa.h

+++ /dev/null

@@ -1,285 +1,0 @@

-/* crypto/dsa/dsa.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*

- * The DSS routines are based on patches supplied by

- * Steven Schoch <[email protected]>.  He basically did the

- * work and I have just tweaked them a little to fit into my

- * stylistic vision for SSLeay :-) */

-#ifndef HEADER_DSA_H

-#define HEADER_DSA_H

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_DSA

-#error DSA is disabled.

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/crypto.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_DH

-# include <openssl/dh.h>

-#endif

-#endif

-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS

-# define OPENSSL_DSA_MAX_MODULUS_BITS	10000

-#endif

-#define DSA_FLAG_CACHE_MONT_P	0x01

-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA

-                                              * implementation now uses constant time

-                                              * modular exponentiation for secret exponents

-                                              * by default. This flag causes the

-                                              * faster variable sliding window method to

-                                              * be used for all exponents.

-                                              */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct dsa_st DSA; */

-/* typedef struct dsa_method DSA_METHOD; */

-typedef struct DSA_SIG_st

-	{

-	BIGNUM *r;

-	BIGNUM *s;

-	} DSA_SIG;

-struct dsa_method

-	{

-	const char *name;

-	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);

-	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,

-								BIGNUM **rp);

-	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,

-							DSA_SIG *sig, DSA *dsa);

-	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,

-			BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,

-			BN_MONT_CTX *in_mont);

-	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,

-				const BIGNUM *m, BN_CTX *ctx,

-				BN_MONT_CTX *m_ctx); /* Can be null */

-	int (*init)(DSA *dsa);

-	int (*finish)(DSA *dsa);

-	int flags;

-	char *app_data;

-	/* If this is non-NULL, it is used to generate DSA parameters */

-	int (*dsa_paramgen)(DSA *dsa, int bits,

-			unsigned char *seed, int seed_len,

-			int *counter_ret, unsigned long *h_ret,

-			BN_GENCB *cb);

-	/* If this is non-NULL, it is used to generate DSA keys */

-	int (*dsa_keygen)(DSA *dsa);

-	};

-struct dsa_st

-	{

-	/* This first variable is used to pick up errors where

-	 * a DSA is passed instead of of a EVP_PKEY */

-	int pad;

-	long version;

-	int write_params;

-	BIGNUM *p;

-	BIGNUM *q;	/* == 20 */

-	BIGNUM *g;

-	BIGNUM *pub_key;  /* y public key */

-	BIGNUM *priv_key; /* x private key */

-	BIGNUM *kinv;	/* Signing pre-calc */

-	BIGNUM *r;	/* Signing pre-calc */

-	int flags;

-	/* Normally used to cache montgomery values */

-	BN_MONT_CTX *method_mont_p;

-	int references;

-	CRYPTO_EX_DATA ex_data;

-	const DSA_METHOD *meth;

-	/* functional reference if 'meth' is ENGINE-provided */

-	ENGINE *engine;

-	};

-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)

-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \

-		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))

-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \

-		(unsigned char *)(x))

-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)

-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)

-DSA_SIG * DSA_SIG_new(void);

-void	DSA_SIG_free(DSA_SIG *a);

-int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);

-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);

-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);

-int	DSA_do_verify(const unsigned char *dgst,int dgst_len,

-		      DSA_SIG *sig,DSA *dsa);

-const DSA_METHOD *DSA_OpenSSL(void);

-void	DSA_set_default_method(const DSA_METHOD *);

-const DSA_METHOD *DSA_get_default_method(void);

-int	DSA_set_method(DSA *dsa, const DSA_METHOD *);

-DSA *	DSA_new(void);

-DSA *	DSA_new_method(ENGINE *engine);

-void	DSA_free (DSA *r);

-/* "up" the DSA object's reference count */

-int	DSA_up_ref(DSA *r);

-int	DSA_size(const DSA *);

-	/* next 4 return -1 on error */

-int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);

-int	DSA_sign(int type,const unsigned char *dgst,int dlen,

-		unsigned char *sig, unsigned int *siglen, DSA *dsa);

-int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,

-		const unsigned char *sigbuf, int siglen, DSA *dsa);

-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int DSA_set_ex_data(DSA *d, int idx, void *arg);

-void *DSA_get_ex_data(DSA *d, int idx);

-DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);

-DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);

-DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);

-/* Deprecated version */

-#ifndef OPENSSL_NO_DEPRECATED

-DSA *	DSA_generate_parameters(int bits,

-		unsigned char *seed,int seed_len,

-		int *counter_ret, unsigned long *h_ret,void

-		(*callback)(int, int, void *),void *cb_arg);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* New version */

-int	DSA_generate_parameters_ex(DSA *dsa, int bits,

-		unsigned char *seed,int seed_len,

-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

-int	DSA_generate_key(DSA *a);

-int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);

-int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);

-int	i2d_DSAparams(const DSA *a,unsigned char **pp);

-#ifndef OPENSSL_NO_BIO

-int	DSAparams_print(BIO *bp, const DSA *x);

-int	DSA_print(BIO *bp, const DSA *x, int off);

-#endif

-#ifndef OPENSSL_NO_FP_API

-int	DSAparams_print_fp(FILE *fp, const DSA *x);

-int	DSA_print_fp(FILE *bp, const DSA *x, int off);

-#endif

-#define DSS_prime_checks 50

-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:

- * 50 rounds of Rabin-Miller */

-#define DSA_is_prime(n, callback, cb_arg) \

-	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)

-#ifndef OPENSSL_NO_DH

-/* Convert DSA structure (key or just parameters) into DH structure

- * (be careful to avoid small subgroup attacks when using this!) */

-DH *DSA_dup_DH(const DSA *r);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_DSA_strings(void);

-/* Error codes for the DSA functions. */

-/* Function codes. */

-#define DSA_F_D2I_DSA_SIG				 110

-#define DSA_F_DSAPARAMS_PRINT				 100

-#define DSA_F_DSAPARAMS_PRINT_FP			 101

-#define DSA_F_DSA_DO_SIGN				 112

-#define DSA_F_DSA_DO_VERIFY				 113

-#define DSA_F_DSA_NEW_METHOD				 103

-#define DSA_F_DSA_PRINT					 104

-#define DSA_F_DSA_PRINT_FP				 105

-#define DSA_F_DSA_SIGN					 106

-#define DSA_F_DSA_SIGN_SETUP				 107

-#define DSA_F_DSA_SIG_NEW				 109

-#define DSA_F_DSA_VERIFY				 108

-#define DSA_F_I2D_DSA_SIG				 111

-#define DSA_F_SIG_CB					 114

-/* Reason codes. */

-#define DSA_R_BAD_Q_VALUE				 102

-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100

-#define DSA_R_MISSING_PARAMETERS			 101

-#define DSA_R_MODULUS_TOO_LARGE				 103

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/dso.h

+++ /dev/null

@@ -1,368 +1,0 @@

-/* dso.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_DSO_H

-#define HEADER_DSO_H

-#include <openssl/crypto.h>

-#ifdef __cplusplus

-extern "C" {

-#endif

-/* These values are used as commands to DSO_ctrl() */

-#define DSO_CTRL_GET_FLAGS	1

-#define DSO_CTRL_SET_FLAGS	2

-#define DSO_CTRL_OR_FLAGS	3

-/* By default, DSO_load() will translate the provided filename into a form

- * typical for the platform (more specifically the DSO_METHOD) using the

- * dso_name_converter function of the method. Eg. win32 will transform "blah"

- * into "blah.dll", and dlfcn will transform it into "libblah.so". The

- * behaviour can be overriden by setting the name_converter callback in the DSO

- * object (using DSO_set_name_converter()). This callback could even utilise

- * the DSO_METHOD's converter too if it only wants to override behaviour for

- * one or two possible DSO methods. However, the following flag can be set in a

- * DSO to prevent *any* native name-translation at all - eg. if the caller has

- * prompted the user for a path to a driver library so the filename should be

- * interpreted as-is. */

-#define DSO_FLAG_NO_NAME_TRANSLATION		0x01

-/* An extra flag to give if only the extension should be added as

- * translation.  This is obviously only of importance on Unix and

- * other operating systems where the translation also may prefix

- * the name with something, like 'lib', and ignored everywhere else.

- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used

- * at the same time. */

-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY	0x02

-/* The following flag controls the translation of symbol names to upper

- * case.  This is currently only being implemented for OpenVMS.

- */

-#define DSO_FLAG_UPCASE_SYMBOL			0x10

-/* This flag loads the library with public symbols.

- * Meaning: The exported symbols of this library are public

- * to all libraries loaded after this library.

- * At the moment only implemented in unix.

- */

-#define DSO_FLAG_GLOBAL_SYMBOLS			0x20

-typedef void (*DSO_FUNC_TYPE)(void);

-typedef struct dso_st DSO;

-/* The function prototype used for method functions (or caller-provided

- * callbacks) that transform filenames. They are passed a DSO structure pointer

- * (or NULL if they are to be used independantly of a DSO object) and a

- * filename to transform. They should either return NULL (if there is an error

- * condition) or a newly allocated string containing the transformed form that

- * the caller will need to free with OPENSSL_free() when done. */

-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);

-/* The function prototype used for method functions (or caller-provided

- * callbacks) that merge two file specifications. They are passed a

- * DSO structure pointer (or NULL if they are to be used independantly of

- * a DSO object) and two file specifications to merge. They should

- * either return NULL (if there is an error condition) or a newly allocated

- * string containing the result of merging that the caller will need

- * to free with OPENSSL_free() when done.

- * Here, merging means that bits and pieces are taken from each of the

- * file specifications and added together in whatever fashion that is

- * sensible for the DSO method in question.  The only rule that really

- * applies is that if the two specification contain pieces of the same

- * type, the copy from the first string takes priority.  One could see

- * it as the first specification is the one given by the user and the

- * second being a bunch of defaults to add on if they're missing in the

- * first. */

-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);

-typedef struct dso_meth_st

-	{

-	const char *name;

-	/* Loads a shared library, NB: new DSO_METHODs must ensure that a

-	 * successful load populates the loaded_filename field, and likewise a

-	 * successful unload OPENSSL_frees and NULLs it out. */

-	int (*dso_load)(DSO *dso);

-	/* Unloads a shared library */

-	int (*dso_unload)(DSO *dso);

-	/* Binds a variable */

-	void *(*dso_bind_var)(DSO *dso, const char *symname);

-	/* Binds a function - assumes a return type of DSO_FUNC_TYPE.

-	 * This should be cast to the real function prototype by the

-	 * caller. Platforms that don't have compatible representations

-	 * for different prototypes (this is possible within ANSI C)

-	 * are highly unlikely to have shared libraries at all, let

-	 * alone a DSO_METHOD implemented for them. */

-	DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);

-/* I don't think this would actually be used in any circumstances. */

-#if 0

-	/* Unbinds a variable */

-	int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);

-	/* Unbinds a function */

-	int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);

-#endif

-	/* The generic (yuck) "ctrl()" function. NB: Negative return

-	 * values (rather than zero) indicate errors. */

-	long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);

-	/* The default DSO_METHOD-specific function for converting filenames to

-	 * a canonical native form. */

-	DSO_NAME_CONVERTER_FUNC dso_name_converter;

-	/* The default DSO_METHOD-specific function for converting filenames to

-	 * a canonical native form. */

-	DSO_MERGER_FUNC dso_merger;

-	/* [De]Initialisation handlers. */

-	int (*init)(DSO *dso);

-	int (*finish)(DSO *dso);

-	} DSO_METHOD;

-/**********************************************************************/

-/* The low-level handle type used to refer to a loaded shared library */

-struct dso_st

-	{

-	DSO_METHOD *meth;

-	/* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS

-	 * doesn't use anything but will need to cache the filename

-	 * for use in the dso_bind handler. All in all, let each

-	 * method control its own destiny. "Handles" and such go in

-	 * a STACK. */

-	STACK *meth_data;

-	int references;

-	int flags;

-	/* For use by applications etc ... use this for your bits'n'pieces,

-	 * don't touch meth_data! */

-	CRYPTO_EX_DATA ex_data;

-	/* If this callback function pointer is set to non-NULL, then it will

-	 * be used in DSO_load() in place of meth->dso_name_converter. NB: This

-	 * should normally set using DSO_set_name_converter(). */

-	DSO_NAME_CONVERTER_FUNC name_converter;

-	/* If this callback function pointer is set to non-NULL, then it will

-	 * be used in DSO_load() in place of meth->dso_merger. NB: This

-	 * should normally set using DSO_set_merger(). */

-	DSO_MERGER_FUNC merger;

-	/* This is populated with (a copy of) the platform-independant

-	 * filename used for this DSO. */

-	char *filename;

-	/* This is populated with (a copy of) the translated filename by which

-	 * the DSO was actually loaded. It is NULL iff the DSO is not currently

-	 * loaded. NB: This is here because the filename translation process

-	 * may involve a callback being invoked more than once not only to

-	 * convert to a platform-specific form, but also to try different

-	 * filenames in the process of trying to perform a load. As such, this

-	 * variable can be used to indicate (a) whether this DSO structure

-	 * corresponds to a loaded library or not, and (b) the filename with

-	 * which it was actually loaded. */

-	char *loaded_filename;

-	};

-DSO *	DSO_new(void);

-DSO *	DSO_new_method(DSO_METHOD *method);

-int	DSO_free(DSO *dso);

-int	DSO_flags(DSO *dso);

-int	DSO_up_ref(DSO *dso);

-long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);

-/* This function sets the DSO's name_converter callback. If it is non-NULL,

- * then it will be used instead of the associated DSO_METHOD's function. If

- * oldcb is non-NULL then it is set to the function pointer value being

- * replaced. Return value is non-zero for success. */

-int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,

-				DSO_NAME_CONVERTER_FUNC *oldcb);

-/* These functions can be used to get/set the platform-independant filename

- * used for a DSO. NB: set will fail if the DSO is already loaded. */

-const char *DSO_get_filename(DSO *dso);

-int	DSO_set_filename(DSO *dso, const char *filename);

-/* This function will invoke the DSO's name_converter callback to translate a

- * filename, or if the callback isn't set it will instead use the DSO_METHOD's

- * converter. If "filename" is NULL, the "filename" in the DSO itself will be

- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is

- * simply duplicated. NB: This function is usually called from within a

- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that

- * caller-created DSO_METHODs can do the same thing. A non-NULL return value

- * will need to be OPENSSL_free()'d. */

-char	*DSO_convert_filename(DSO *dso, const char *filename);

-/* This function will invoke the DSO's merger callback to merge two file

- * specifications, or if the callback isn't set it will instead use the

- * DSO_METHOD's merger.  A non-NULL return value will need to be

- * OPENSSL_free()'d. */

-char	*DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);

-/* If the DSO is currently loaded, this returns the filename that it was loaded

- * under, otherwise it returns NULL. So it is also useful as a test as to

- * whether the DSO is currently loaded. NB: This will not necessarily return

- * the same value as DSO_convert_filename(dso, dso->filename), because the

- * DSO_METHOD's load function may have tried a variety of filenames (with

- * and/or without the aid of the converters) before settling on the one it

- * actually loaded. */

-const char *DSO_get_loaded_filename(DSO *dso);

-void	DSO_set_default_method(DSO_METHOD *meth);

-DSO_METHOD *DSO_get_default_method(void);

-DSO_METHOD *DSO_get_method(DSO *dso);

-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);

-/* The all-singing all-dancing load function, you normally pass NULL

- * for the first and third parameters. Use DSO_up and DSO_free for

- * subsequent reference count handling. Any flags passed in will be set

- * in the constructed DSO after its init() function but before the

- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */

-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);

-/* This function binds to a variable inside a shared library. */

-void *DSO_bind_var(DSO *dso, const char *symname);

-/* This function binds to a function inside a shared library. */

-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);

-/* This method is the default, but will beg, borrow, or steal whatever

- * method should be the default on any particular platform (including

- * DSO_METH_null() if necessary). */

-DSO_METHOD *DSO_METHOD_openssl(void);

-/* This method is defined for all platforms - if a platform has no

- * DSO support then this will be the only method! */

-DSO_METHOD *DSO_METHOD_null(void);

-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions

- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into

- * this method. If not, this method will return NULL. */

-DSO_METHOD *DSO_METHOD_dlfcn(void);

-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load,

- * shl_unload, shl_findsym, etc) will be used and incorporated into

- * this method. If not, this method will return NULL. */

-DSO_METHOD *DSO_METHOD_dl(void);

-/* If WIN32 is defined, use DLLs. If not, return NULL. */

-DSO_METHOD *DSO_METHOD_win32(void);

-/* If VMS is defined, use shared images. If not, return NULL. */

-DSO_METHOD *DSO_METHOD_vms(void);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_DSO_strings(void);

-/* Error codes for the DSO functions. */

-/* Function codes. */

-#define DSO_F_DLFCN_BIND_FUNC				 100

-#define DSO_F_DLFCN_BIND_VAR				 101

-#define DSO_F_DLFCN_LOAD				 102

-#define DSO_F_DLFCN_MERGER				 130

-#define DSO_F_DLFCN_NAME_CONVERTER			 123

-#define DSO_F_DLFCN_UNLOAD				 103

-#define DSO_F_DL_BIND_FUNC				 104

-#define DSO_F_DL_BIND_VAR				 105

-#define DSO_F_DL_LOAD					 106

-#define DSO_F_DL_MERGER					 131

-#define DSO_F_DL_NAME_CONVERTER				 124

-#define DSO_F_DL_UNLOAD					 107

-#define DSO_F_DSO_BIND_FUNC				 108

-#define DSO_F_DSO_BIND_VAR				 109

-#define DSO_F_DSO_CONVERT_FILENAME			 126

-#define DSO_F_DSO_CTRL					 110

-#define DSO_F_DSO_FREE					 111

-#define DSO_F_DSO_GET_FILENAME				 127

-#define DSO_F_DSO_GET_LOADED_FILENAME			 128

-#define DSO_F_DSO_LOAD					 112

-#define DSO_F_DSO_MERGE					 132

-#define DSO_F_DSO_NEW_METHOD				 113

-#define DSO_F_DSO_SET_FILENAME				 129

-#define DSO_F_DSO_SET_NAME_CONVERTER			 122

-#define DSO_F_DSO_UP_REF				 114

-#define DSO_F_VMS_BIND_SYM				 115

-#define DSO_F_VMS_LOAD					 116

-#define DSO_F_VMS_MERGER				 133

-#define DSO_F_VMS_UNLOAD				 117

-#define DSO_F_WIN32_BIND_FUNC				 118

-#define DSO_F_WIN32_BIND_VAR				 119

-#define DSO_F_WIN32_JOINER				 135

-#define DSO_F_WIN32_LOAD				 120

-#define DSO_F_WIN32_MERGER				 134

-#define DSO_F_WIN32_NAME_CONVERTER			 125

-#define DSO_F_WIN32_SPLITTER				 136

-#define DSO_F_WIN32_UNLOAD				 121

-/* Reason codes. */

-#define DSO_R_CTRL_FAILED				 100

-#define DSO_R_DSO_ALREADY_LOADED			 110

-#define DSO_R_EMPTY_FILE_STRUCTURE			 113

-#define DSO_R_FAILURE					 114

-#define DSO_R_FILENAME_TOO_BIG				 101

-#define DSO_R_FINISH_FAILED				 102

-#define DSO_R_INCORRECT_FILE_SYNTAX			 115

-#define DSO_R_LOAD_FAILED				 103

-#define DSO_R_NAME_TRANSLATION_FAILED			 109

-#define DSO_R_NO_FILENAME				 111

-#define DSO_R_NO_FILE_SPECIFICATION			 116

-#define DSO_R_NULL_HANDLE				 104

-#define DSO_R_SET_FILENAME_FAILED			 112

-#define DSO_R_STACK_ERROR				 105

-#define DSO_R_SYM_FAILURE				 106

-#define DSO_R_UNLOAD_FAILED				 107

-#define DSO_R_UNSUPPORTED				 108

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/dtls1.h

+++ /dev/null

@@ -1,211 +1,0 @@

-/* ssl/dtls1.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_DTLS1_H

-#define HEADER_DTLS1_H

-#include <openssl/buffer.h>

-#include <openssl/pqueue.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define DTLS1_VERSION			0xFEFF

-#define DTLS1_BAD_VER			0x0100

-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110

-/* lengths of messages */

-#define DTLS1_COOKIE_LENGTH                     32

-#define DTLS1_RT_HEADER_LENGTH                  13

-#define DTLS1_HM_HEADER_LENGTH                  12

-#define DTLS1_HM_BAD_FRAGMENT                   -2

-#define DTLS1_HM_FRAGMENT_RETRY                 -3

-#define DTLS1_CCS_HEADER_LENGTH                  1

-#define DTLS1_AL_HEADER_LENGTH                   7

-typedef struct dtls1_bitmap_st

-	{

-	PQ_64BIT map;

-	unsigned long length;     /* sizeof the bitmap in bits */

-	PQ_64BIT max_seq_num;  /* max record number seen so far */

-	} DTLS1_BITMAP;

-struct hm_header_st

-	{

-	unsigned char type;

-	unsigned long msg_len;

-	unsigned short seq;

-	unsigned long frag_off;

-	unsigned long frag_len;

-	unsigned int is_ccs;

-	};

-struct ccs_header_st

-	{

-	unsigned char type;

-	unsigned short seq;

-	};

-struct dtls1_timeout_st

-	{

-	/* Number of read timeouts so far */

-	unsigned int read_timeouts;

-	/* Number of write timeouts so far */

-	unsigned int write_timeouts;

-	/* Number of alerts received so far */

-	unsigned int num_alerts;

-	};

-typedef struct record_pqueue_st

-	{

-	unsigned short epoch;

-	pqueue q;

-	} record_pqueue;

-typedef struct hm_fragment_st

-	{

-	struct hm_header_st msg_header;

-	unsigned char *fragment;

-	} hm_fragment;

-typedef struct dtls1_state_st

-	{

-	unsigned int send_cookie;

-	unsigned char cookie[DTLS1_COOKIE_LENGTH];

-	unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];

-	unsigned int cookie_len;

-	/*

-	 * The current data and handshake epoch.  This is initially

-	 * undefined, and starts at zero once the initial handshake is

-	 * completed

-	 */

-	unsigned short r_epoch;

-	unsigned short w_epoch;

-	/* records being received in the current epoch */

-	DTLS1_BITMAP bitmap;

-	/* renegotiation starts a new set of sequence numbers */

-	DTLS1_BITMAP next_bitmap;

-	/* handshake message numbers */

-	unsigned short handshake_write_seq;

-	unsigned short next_handshake_write_seq;

-	unsigned short handshake_read_seq;

-	/* Received handshake records (processed and unprocessed) */

-	record_pqueue unprocessed_rcds;

-	record_pqueue processed_rcds;

-	/* Buffered handshake messages */

-	pqueue buffered_messages;

-	/* Buffered (sent) handshake records */

-	pqueue sent_messages;

-	unsigned int mtu; /* max wire packet size */

-	struct hm_header_st w_msg_hdr;

-	struct hm_header_st r_msg_hdr;

-	struct dtls1_timeout_st timeout;

-	/* storage for Alert/Handshake protocol data received but not

-	 * yet processed by ssl3_read_bytes: */

-	unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];

-	unsigned int alert_fragment_len;

-	unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];

-	unsigned int handshake_fragment_len;

-	unsigned int retransmitting;

-	} DTLS1_STATE;

-typedef struct dtls1_record_data_st

-	{

-	unsigned char *packet;

-	unsigned int   packet_length;

-	SSL3_BUFFER    rbuf;

-	SSL3_RECORD    rrec;

-	} DTLS1_RECORD_DATA;

-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */

-#define DTLS1_TMO_READ_COUNT                      2

-#define DTLS1_TMO_WRITE_COUNT                     2

-#define DTLS1_TMO_ALERT_COUNT                     12

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_4758cca_err.h

+++ /dev/null

@@ -1,93 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_CCA4758_ERR_H

-#define HEADER_CCA4758_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_CCA4758_strings(void);

-static void ERR_unload_CCA4758_strings(void);

-static void ERR_CCA4758_error(int function, int reason, char *file, int line);

-#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the CCA4758 functions. */

-/* Function codes. */

-#define CCA4758_F_CCA_RSA_SIGN				 105

-#define CCA4758_F_CCA_RSA_VERIFY			 106

-#define CCA4758_F_IBM_4758_CCA_CTRL			 100

-#define CCA4758_F_IBM_4758_CCA_FINISH			 101

-#define CCA4758_F_IBM_4758_CCA_INIT			 102

-#define CCA4758_F_IBM_4758_LOAD_PRIVKEY			 103

-#define CCA4758_F_IBM_4758_LOAD_PUBKEY			 104

-/* Reason codes. */

-#define CCA4758_R_ALREADY_LOADED			 100

-#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD		 101

-#define CCA4758_R_COMMAND_NOT_IMPLEMENTED		 102

-#define CCA4758_R_DSO_FAILURE				 103

-#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY		 104

-#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY		 105

-#define CCA4758_R_NOT_LOADED				 106

-#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107

-#define CCA4758_R_UNIT_FAILURE				 108

-#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE		 109

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_aep_err.h

+++ /dev/null

@@ -1,101 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_AEPHK_ERR_H

-#define HEADER_AEPHK_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_AEPHK_strings(void);

-static void ERR_unload_AEPHK_strings(void);

-static void ERR_AEPHK_error(int function, int reason, char *file, int line);

-#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the AEPHK functions. */

-/* Function codes. */

-#define AEPHK_F_AEP_CTRL				 100

-#define AEPHK_F_AEP_FINISH				 101

-#define AEPHK_F_AEP_GET_CONNECTION			 102

-#define AEPHK_F_AEP_INIT				 103

-#define AEPHK_F_AEP_MOD_EXP				 104

-#define AEPHK_F_AEP_MOD_EXP_CRT				 105

-#define AEPHK_F_AEP_RAND				 106

-#define AEPHK_F_AEP_RSA_MOD_EXP				 107

-/* Reason codes. */

-#define AEPHK_R_ALREADY_LOADED				 100

-#define AEPHK_R_CLOSE_HANDLES_FAILED			 101

-#define AEPHK_R_CONNECTIONS_IN_USE			 102

-#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define AEPHK_R_FINALIZE_FAILED				 104

-#define AEPHK_R_GET_HANDLE_FAILED			 105

-#define AEPHK_R_GET_RANDOM_FAILED			 106

-#define AEPHK_R_INIT_FAILURE				 107

-#define AEPHK_R_MISSING_KEY_COMPONENTS			 108

-#define AEPHK_R_MOD_EXP_CRT_FAILED			 109

-#define AEPHK_R_MOD_EXP_FAILED				 110

-#define AEPHK_R_NOT_LOADED				 111

-#define AEPHK_R_OK					 112

-#define AEPHK_R_RETURN_CONNECTION_FAILED		 113

-#define AEPHK_R_SETBNCALLBACK_FAILURE			 114

-#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 116

-#define AEPHK_R_UNIT_FAILURE				 115

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_atalla_err.h

+++ /dev/null

@@ -1,89 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ATALLA_ERR_H

-#define HEADER_ATALLA_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_ATALLA_strings(void);

-static void ERR_unload_ATALLA_strings(void);

-static void ERR_ATALLA_error(int function, int reason, char *file, int line);

-#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the ATALLA functions. */

-/* Function codes. */

-#define ATALLA_F_ATALLA_CTRL				 100

-#define ATALLA_F_ATALLA_FINISH				 101

-#define ATALLA_F_ATALLA_INIT				 102

-#define ATALLA_F_ATALLA_MOD_EXP				 103

-#define ATALLA_F_ATALLA_RSA_MOD_EXP			 104

-/* Reason codes. */

-#define ATALLA_R_ALREADY_LOADED				 100

-#define ATALLA_R_BN_CTX_FULL				 101

-#define ATALLA_R_BN_EXPAND_FAIL				 102

-#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define ATALLA_R_MISSING_KEY_COMPONENTS			 104

-#define ATALLA_R_NOT_LOADED				 105

-#define ATALLA_R_REQUEST_FAILED				 106

-#define ATALLA_R_UNIT_FAILURE				 107

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_chil_err.h

+++ /dev/null

@@ -1,101 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_HWCRHK_ERR_H

-#define HEADER_HWCRHK_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_HWCRHK_strings(void);

-static void ERR_unload_HWCRHK_strings(void);

-static void ERR_HWCRHK_error(int function, int reason, char *file, int line);

-#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the HWCRHK functions. */

-/* Function codes. */

-#define HWCRHK_F_HWCRHK_CTRL				 100

-#define HWCRHK_F_HWCRHK_FINISH				 101

-#define HWCRHK_F_HWCRHK_GET_PASS			 102

-#define HWCRHK_F_HWCRHK_INIT				 103

-#define HWCRHK_F_HWCRHK_INSERT_CARD			 104

-#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY			 105

-#define HWCRHK_F_HWCRHK_LOAD_PUBKEY			 106

-#define HWCRHK_F_HWCRHK_MOD_EXP				 107

-#define HWCRHK_F_HWCRHK_RAND_BYTES			 108

-#define HWCRHK_F_HWCRHK_RSA_MOD_EXP			 109

-/* Reason codes. */

-#define HWCRHK_R_ALREADY_LOADED				 100

-#define HWCRHK_R_BIO_WAS_FREED				 101

-#define HWCRHK_R_CHIL_ERROR				 102

-#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define HWCRHK_R_DSO_FAILURE				 104

-#define HWCRHK_R_LOCKING_MISSING			 114

-#define HWCRHK_R_MISSING_KEY_COMPONENTS			 105

-#define HWCRHK_R_NOT_INITIALISED			 106

-#define HWCRHK_R_NOT_LOADED				 107

-#define HWCRHK_R_NO_CALLBACK				 108

-#define HWCRHK_R_NO_KEY					 109

-#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED	 110

-#define HWCRHK_R_REQUEST_FAILED				 111

-#define HWCRHK_R_REQUEST_FALLBACK			 112

-#define HWCRHK_R_UNIT_FAILURE				 113

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_cswift_err.h

+++ /dev/null

@@ -1,94 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_CSWIFT_ERR_H

-#define HEADER_CSWIFT_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_CSWIFT_strings(void);

-static void ERR_unload_CSWIFT_strings(void);

-static void ERR_CSWIFT_error(int function, int reason, char *file, int line);

-#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the CSWIFT functions. */

-/* Function codes. */

-#define CSWIFT_F_CSWIFT_CTRL				 100

-#define CSWIFT_F_CSWIFT_DSA_SIGN			 101

-#define CSWIFT_F_CSWIFT_DSA_VERIFY			 102

-#define CSWIFT_F_CSWIFT_FINISH				 103

-#define CSWIFT_F_CSWIFT_INIT				 104

-#define CSWIFT_F_CSWIFT_MOD_EXP				 105

-#define CSWIFT_F_CSWIFT_MOD_EXP_CRT			 106

-#define CSWIFT_F_CSWIFT_RAND_BYTES			 108

-#define CSWIFT_F_CSWIFT_RSA_MOD_EXP			 107

-/* Reason codes. */

-#define CSWIFT_R_ALREADY_LOADED				 100

-#define CSWIFT_R_BAD_KEY_SIZE				 101

-#define CSWIFT_R_BN_CTX_FULL				 102

-#define CSWIFT_R_BN_EXPAND_FAIL				 103

-#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED		 104

-#define CSWIFT_R_MISSING_KEY_COMPONENTS			 105

-#define CSWIFT_R_NOT_LOADED				 106

-#define CSWIFT_R_REQUEST_FAILED				 107

-#define CSWIFT_R_UNIT_FAILURE				 108

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_gmp_err.h

+++ /dev/null

@@ -1,81 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_GMP_ERR_H

-#define HEADER_GMP_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_GMP_strings(void);

-static void ERR_unload_GMP_strings(void);

-static void ERR_GMP_error(int function, int reason, char *file, int line);

-#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the GMP functions. */

-/* Function codes. */

-#define GMP_F_E_GMP_CTRL				 100

-#define GMP_F_E_GMP_RSA_MOD_EXP				 101

-/* Reason codes. */

-#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED		 100

-#define GMP_R_KEY_CONTEXT_ERROR				 101

-#define GMP_R_MISSING_KEY_COMPONENTS			 102

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_nuron_err.h

+++ /dev/null

@@ -1,86 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_NURON_ERR_H

-#define HEADER_NURON_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_NURON_strings(void);

-static void ERR_unload_NURON_strings(void);

-static void ERR_NURON_error(int function, int reason, char *file, int line);

-#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the NURON functions. */

-/* Function codes. */

-#define NURON_F_NURON_CTRL				 100

-#define NURON_F_NURON_FINISH				 101

-#define NURON_F_NURON_INIT				 102

-#define NURON_F_NURON_MOD_EXP				 103

-/* Reason codes. */

-#define NURON_R_ALREADY_LOADED				 100

-#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED		 101

-#define NURON_R_DSO_FAILURE				 102

-#define NURON_R_DSO_FUNCTION_NOT_FOUND			 103

-#define NURON_R_DSO_NOT_FOUND				 104

-#define NURON_R_NOT_LOADED				 105

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_os2.h

+++ /dev/null

@@ -1,279 +1,0 @@

-/* e_os2.h */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#ifndef HEADER_E_OS2_H

-#define HEADER_E_OS2_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/******************************************************************************

- * Detect operating systems.  This probably needs completing.

- * The result is that at least one OPENSSL_SYS_os macro should be defined.

- * However, if none is defined, Unix is assumed.

- **/

-#define OPENSSL_SYS_UNIX

-/* ----------------------- Macintosh, before MacOS X ----------------------- */

-#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_MACINTOSH_CLASSIC

-#endif

-/* ----------------------- NetWare ----------------------------------------- */

-#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_NETWARE

-#endif

-/* ---------------------- Microsoft operating systems ---------------------- */

-/* Note that MSDOS actually denotes 32-bit environments running on top of

-   MS-DOS, such as DJGPP one. */

-#if defined(OPENSSL_SYSNAME_MSDOS)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_MSDOS

-#endif

-/* For 32 bit environment, there seems to be the CygWin environment and then

-   all the others that try to do the same thing Microsoft does... */

-#if defined(OPENSSL_SYSNAME_UWIN)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_WIN32_UWIN

-#else

-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)

-#  undef OPENSSL_SYS_UNIX

-#  define OPENSSL_SYS_WIN32_CYGWIN

-# else

-#  if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)

-#   undef OPENSSL_SYS_UNIX

-#   define OPENSSL_SYS_WIN32

-#  endif

-#  if defined(OPENSSL_SYSNAME_WINNT)

-#   undef OPENSSL_SYS_UNIX

-#   define OPENSSL_SYS_WINNT

-#  endif

-#  if defined(OPENSSL_SYSNAME_WINCE)

-#   undef OPENSSL_SYS_UNIX

-#   define OPENSSL_SYS_WINCE

-#  endif

-# endif

-#endif

-/* Anything that tries to look like Microsoft is "Windows" */

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_WINDOWS

-# ifndef OPENSSL_SYS_MSDOS

-#  define OPENSSL_SYS_MSDOS

-# endif

-#endif

-/* DLL settings.  This part is a bit tough, because it's up to the application

-   implementor how he or she will link the application, so it requires some

-   macro to be used. */

-#ifdef OPENSSL_SYS_WINDOWS

-# ifndef OPENSSL_OPT_WINDLL

-#  if defined(_WINDLL) /* This is used when building OpenSSL to indicate that

-                          DLL linkage should be used */

-#   define OPENSSL_OPT_WINDLL

-#  endif

-# endif

-#endif

-/* -------------------------------- OpenVMS -------------------------------- */

-#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_VMS

-# if defined(__DECC)

-#  define OPENSSL_SYS_VMS_DECC

-# elif defined(__DECCXX)

-#  define OPENSSL_SYS_VMS_DECC

-#  define OPENSSL_SYS_VMS_DECCXX

-# else

-#  define OPENSSL_SYS_VMS_NODECC

-# endif

-#endif

-/* --------------------------------- OS/2 ---------------------------------- */

-#if defined(__EMX__) || defined(__OS2__)

-# undef OPENSSL_SYS_UNIX

-# define OPENSSL_SYS_OS2

-#endif

-/* --------------------------------- Unix ---------------------------------- */

-#ifdef OPENSSL_SYS_UNIX

-# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)

-#  define OPENSSL_SYS_LINUX

-# endif

-# ifdef OPENSSL_SYSNAME_MPE

-#  define OPENSSL_SYS_MPE

-# endif

-# ifdef OPENSSL_SYSNAME_SNI

-#  define OPENSSL_SYS_SNI

-# endif

-# ifdef OPENSSL_SYSNAME_ULTRASPARC

-#  define OPENSSL_SYS_ULTRASPARC

-# endif

-# ifdef OPENSSL_SYSNAME_NEWS4

-#  define OPENSSL_SYS_NEWS4

-# endif

-# ifdef OPENSSL_SYSNAME_MACOSX

-#  define OPENSSL_SYS_MACOSX

-# endif

-# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY

-#  define OPENSSL_SYS_MACOSX_RHAPSODY

-#  define OPENSSL_SYS_MACOSX

-# endif

-# ifdef OPENSSL_SYSNAME_SUNOS

-#  define OPENSSL_SYS_SUNOS

-#endif

-# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)

-#  define OPENSSL_SYS_CRAY

-# endif

-# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)

-#  define OPENSSL_SYS_AIX

-# endif

-#endif

-/* --------------------------------- VOS ----------------------------------- */

-#ifdef OPENSSL_SYSNAME_VOS

-# define OPENSSL_SYS_VOS

-#endif

-/* ------------------------------- VxWorks --------------------------------- */

-#ifdef OPENSSL_SYSNAME_VXWORKS

-# define OPENSSL_SYS_VXWORKS

-#endif

-/**

- * That's it for OS-specific stuff

- *****************************************************************************/

-/* Specials for I/O an exit */

-#ifdef OPENSSL_SYS_MSDOS

-# define OPENSSL_UNISTD_IO <io.h>

-# define OPENSSL_DECLARE_EXIT extern void exit(int);

-#else

-# define OPENSSL_UNISTD_IO OPENSSL_UNISTD

-# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */

-#endif

-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare

-   certain global symbols that, with some compilers under VMS, have to be

-   defined and declared explicitely with globaldef and globalref.

-   Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare

-   DLL exports and imports for compilers under Win32.  These are a little

-   more complicated to use.  Basically, for any library that exports some

-   global variables, the following code must be present in the header file

-   that declares them, before OPENSSL_EXTERN is used:

-   #ifdef SOME_BUILD_FLAG_MACRO

-   # undef OPENSSL_EXTERN

-   # define OPENSSL_EXTERN OPENSSL_EXPORT

-   #endif

-   The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL

-   have some generally sensible values, and for OPENSSL_EXTERN to have the

-   value OPENSSL_IMPORT.

-*/

-#if defined(OPENSSL_SYS_VMS_NODECC)

-# define OPENSSL_EXPORT globalref

-# define OPENSSL_IMPORT globalref

-# define OPENSSL_GLOBAL globaldef

-#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)

-# define OPENSSL_EXPORT extern __declspec(dllexport)

-# define OPENSSL_IMPORT extern __declspec(dllimport)

-# define OPENSSL_GLOBAL

-#else

-# define OPENSSL_EXPORT extern

-# define OPENSSL_IMPORT extern

-# define OPENSSL_GLOBAL

-#endif

-#define OPENSSL_EXTERN OPENSSL_IMPORT

-/* Macros to allow global variables to be reached through function calls when

-   required (if a shared library version requvres it, for example.

-   The way it's done allows definitions like this:

-	// in foobar.c

-	OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;

-	// in foobar.h

-	OPENSSL_DECLARE_GLOBAL(int,foobar);

-	#define foobar OPENSSL_GLOBAL_REF(foobar)

-*/

-#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION

-# define OPENSSL_IMPLEMENT_GLOBAL(type,name)			     \

-	extern type _hide_##name;				     \

-	type *_shadow_##name(void) { return &_hide_##name; }	     \

-	type _hide_##name

-# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)

-# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))

-#else

-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name

-# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name

-# define OPENSSL_GLOBAL_REF(name) _shadow_##name

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_sureware_err.h

+++ /dev/null

@@ -1,98 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SUREWARE_ERR_H

-#define HEADER_SUREWARE_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_SUREWARE_strings(void);

-static void ERR_unload_SUREWARE_strings(void);

-static void ERR_SUREWARE_error(int function, int reason, char *file, int line);

-#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the SUREWARE functions. */

-/* Function codes. */

-#define SUREWARE_F_SUREWAREHK_CTRL			 100

-#define SUREWARE_F_SUREWAREHK_DH_EX_FREE		 112

-#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN		 101

-#define SUREWARE_F_SUREWAREHK_EX_FREE			 102

-#define SUREWARE_F_SUREWAREHK_FINISH			 103

-#define SUREWARE_F_SUREWAREHK_INIT			 104

-#define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY		 105

-#define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY		 113

-#define SUREWARE_F_SUREWAREHK_MODEXP			 107

-#define SUREWARE_F_SUREWAREHK_RAND_BYTES		 108

-#define SUREWARE_F_SUREWAREHK_RAND_SEED			 109

-#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC		 110

-#define SUREWARE_F_SUREWAREHK_RSA_SIGN			 111

-#define SUREWARE_F_SUREWARE_LOAD_PUBLIC			 106

-/* Reason codes. */

-#define SUREWARE_R_BIO_WAS_FREED			 100

-#define SUREWARE_R_MISSING_KEY_COMPONENTS		 105

-#define SUREWARE_R_PADDING_CHECK_FAILED			 106

-#define SUREWARE_R_REQUEST_FAILED			 101

-#define SUREWARE_R_REQUEST_FALLBACK			 102

-#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 103

-#define SUREWARE_R_UNIT_FAILURE				 104

-#define SUREWARE_R_UNKNOWN_PADDING_TYPE			 107

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/e_ubsec_err.h

+++ /dev/null

@@ -1,97 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UBSEC_ERR_H

-#define HEADER_UBSEC_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_UBSEC_strings(void);

-static void ERR_unload_UBSEC_strings(void);

-static void ERR_UBSEC_error(int function, int reason, char *file, int line);

-#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the UBSEC functions. */

-/* Function codes. */

-#define UBSEC_F_UBSEC_CTRL				 100

-#define UBSEC_F_UBSEC_DH_COMPUTE_KEY			 101

-#define UBSEC_F_UBSEC_DH_GENERATE_KEY			 111

-#define UBSEC_F_UBSEC_DSA_DO_SIGN			 102

-#define UBSEC_F_UBSEC_DSA_VERIFY			 103

-#define UBSEC_F_UBSEC_FINISH				 104

-#define UBSEC_F_UBSEC_INIT				 105

-#define UBSEC_F_UBSEC_MOD_EXP				 106

-#define UBSEC_F_UBSEC_MOD_EXP_CRT			 110

-#define UBSEC_F_UBSEC_RAND_BYTES			 107

-#define UBSEC_F_UBSEC_RSA_MOD_EXP			 108

-#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT			 109

-/* Reason codes. */

-#define UBSEC_R_ALREADY_LOADED				 100

-#define UBSEC_R_BN_EXPAND_FAIL				 101

-#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED		 102

-#define UBSEC_R_DSO_FAILURE				 103

-#define UBSEC_R_MISSING_KEY_COMPONENTS			 104

-#define UBSEC_R_NOT_LOADED				 105

-#define UBSEC_R_REQUEST_FAILED				 106

-#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107

-#define UBSEC_R_UNIT_FAILURE				 108

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ebcdic.h

+++ /dev/null

@@ -1,19 +1,0 @@

-/* crypto/ebcdic.h */

-#ifndef HEADER_EBCDIC_H

-#define HEADER_EBCDIC_H

-#include <sys/types.h>

-/* Avoid name clashes with other applications */

-#define os_toascii   _openssl_os_toascii

-#define os_toebcdic  _openssl_os_toebcdic

-#define ebcdic2ascii _openssl_ebcdic2ascii

-#define ascii2ebcdic _openssl_ascii2ebcdic

-extern const unsigned char os_toascii[256];

-extern const unsigned char os_toebcdic[256];

-void *ebcdic2ascii(void *dest, const void *srce, size_t count);

-void *ascii2ebcdic(void *dest, const void *srce, size_t count);

-#endif

--- a/sys/include/ape/openssl/ec.h

+++ /dev/null

@@ -1,526 +1,0 @@

-/* crypto/ec/ec.h */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#ifndef HEADER_EC_H

-#define HEADER_EC_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_EC

-#error EC is disabled.

-#endif

-#include <openssl/asn1.h>

-#include <openssl/symhacks.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#elif defined(__SUNPRO_C)

-# if __SUNPRO_C >= 0x520

-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)

-# endif

-#endif

-#ifndef OPENSSL_ECC_MAX_FIELD_BITS

-# define OPENSSL_ECC_MAX_FIELD_BITS 661

-#endif

-typedef enum {

-	/* values as defined in X9.62 (ECDSA) and elsewhere */

-	POINT_CONVERSION_COMPRESSED = 2,

-	POINT_CONVERSION_UNCOMPRESSED = 4,

-	POINT_CONVERSION_HYBRID = 6

-} point_conversion_form_t;

-typedef struct ec_method_st EC_METHOD;

-typedef struct ec_group_st

-	/*

-	 EC_METHOD *meth;

-	 -- field definition

-	 -- curve coefficients

-	 -- optional generator with associated information (order, cofactor)

-	 -- optional extra data (precomputed table for fast computation of multiples of generator)

-	 -- ASN1 stuff

-	*/

-	EC_GROUP;

-typedef struct ec_point_st EC_POINT;

-/* EC_METHODs for curves over GF(p).

- * EC_GFp_simple_method provides the basis for the optimized methods.

- */

-const EC_METHOD *EC_GFp_simple_method(void);

-const EC_METHOD *EC_GFp_mont_method(void);

-const EC_METHOD *EC_GFp_nist_method(void);

-/* EC_METHOD for curves over GF(2^m).

- */

-const EC_METHOD *EC_GF2m_simple_method(void);

-EC_GROUP *EC_GROUP_new(const EC_METHOD *);

-void EC_GROUP_free(EC_GROUP *);

-void EC_GROUP_clear_free(EC_GROUP *);

-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);

-EC_GROUP *EC_GROUP_dup(const EC_GROUP *);

-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);

-int EC_METHOD_get_field_type(const EC_METHOD *);

-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);

-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);

-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);

-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);

-void EC_GROUP_set_curve_name(EC_GROUP *, int nid);

-int EC_GROUP_get_curve_name(const EC_GROUP *);

-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);

-int EC_GROUP_get_asn1_flag(const EC_GROUP *);

-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);

-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);

-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);

-size_t EC_GROUP_get_seed_len(const EC_GROUP *);

-size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);

-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-/* returns the number of bits needed to represent a field element */

-int EC_GROUP_get_degree(const EC_GROUP *);

-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */

-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);

-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the

- * elliptic curve is not zero, 0 otherwise */

-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);

-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */

-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);

-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()

- * after choosing an appropriate EC_METHOD */

-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure

- * specified by a curve name (in form of a NID) */

-EC_GROUP *EC_GROUP_new_by_curve_name(int nid);

-/* handling of internal curves */

-typedef struct {

-	int nid;

-	const char *comment;

-	} EC_builtin_curve;

-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number

- * of all available curves or zero if a error occurred.

- * In case r ist not zero nitems EC_builtin_curve structures

- * are filled with the data of the first nitems internal groups */

-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);

-/* EC_POINT functions */

-EC_POINT *EC_POINT_new(const EC_GROUP *);

-void EC_POINT_free(EC_POINT *);

-void EC_POINT_clear_free(EC_POINT *);

-int EC_POINT_copy(EC_POINT *, const EC_POINT *);

-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);

-const EC_METHOD *EC_POINT_method_of(const EC_POINT *);

-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);

-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);

-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);

-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BN_CTX *);

-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, int y_bit, BN_CTX *);

-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BN_CTX *);

-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, int y_bit, BN_CTX *);

-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,

-        unsigned char *buf, size_t len, BN_CTX *);

-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,

-        const unsigned char *buf, size_t len, BN_CTX *);

-/* other interfaces to point2oct/oct2point: */

-BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,

-	point_conversion_form_t form, BIGNUM *, BN_CTX *);

-EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,

-	EC_POINT *, BN_CTX *);

-char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,

-	point_conversion_form_t form, BN_CTX *);

-EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,

-	EC_POINT *, BN_CTX *);

-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);

-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);

-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);

-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);

-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);

-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);

-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */

-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);

-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */

-int EC_GROUP_have_precompute_mult(const EC_GROUP *);

-/* ASN1 stuff */

-/* EC_GROUP_get_basis_type() returns the NID of the basis type

- * used to represent the field elements */

-int EC_GROUP_get_basis_type(const EC_GROUP *);

-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);

-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,

-	unsigned int *k2, unsigned int *k3);

-#define OPENSSL_EC_NAMED_CURVE	0x001

-typedef struct ecpk_parameters_st ECPKPARAMETERS;

-EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);

-int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);

-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)

-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)

-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \

-                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))

-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \

-		(unsigned char *)(x))

-#ifndef OPENSSL_NO_BIO

-int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);

-#endif

-#ifndef OPENSSL_NO_FP_API

-int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);

-#endif

-/* the EC_KEY stuff */

-typedef struct ec_key_st EC_KEY;

-/* some values for the encoding_flag */

-#define EC_PKEY_NO_PARAMETERS	0x001

-#define EC_PKEY_NO_PUBKEY	0x002

-EC_KEY *EC_KEY_new(void);

-EC_KEY *EC_KEY_new_by_curve_name(int nid);

-void EC_KEY_free(EC_KEY *);

-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);

-EC_KEY *EC_KEY_dup(const EC_KEY *);

-int EC_KEY_up_ref(EC_KEY *);

-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);

-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);

-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);

-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);

-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);

-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);

-unsigned EC_KEY_get_enc_flags(const EC_KEY *);

-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);

-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);

-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);

-/* functions to set/get method specific data  */

-void *EC_KEY_get_key_method_data(EC_KEY *,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-/* wrapper functions for the underlying EC_GROUP object */

-void EC_KEY_set_asn1_flag(EC_KEY *, int);

-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);

-/* EC_KEY_generate_key() creates a ec private (public) key */

-int EC_KEY_generate_key(EC_KEY *);

-/* EC_KEY_check_key() */

-int EC_KEY_check_key(const EC_KEY *);

-/* de- and encoding functions for SEC1 ECPrivateKey */

-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);

-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);

-/* de- and encoding functions for EC parameters */

-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);

-int i2d_ECParameters(EC_KEY *a, unsigned char **out);

-/* de- and encoding functions for EC public key

- * (octet string, not DER -- hence 'o2i' and 'i2o') */

-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);

-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);

-#ifndef OPENSSL_NO_BIO

-int	ECParameters_print(BIO *bp, const EC_KEY *x);

-int	EC_KEY_print(BIO *bp, const EC_KEY *x, int off);

-#endif

-#ifndef OPENSSL_NO_FP_API

-int	ECParameters_print_fp(FILE *fp, const EC_KEY *x);

-int	EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);

-#endif

-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)

-#ifndef __cplusplus

-#if defined(__SUNPRO_C)

-#  if __SUNPRO_C >= 0x520

-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)

-#  endif

-# endif

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_EC_strings(void);

-/* Error codes for the EC functions. */

-/* Function codes. */

-#define EC_F_COMPUTE_WNAF				 143

-#define EC_F_D2I_ECPARAMETERS				 144

-#define EC_F_D2I_ECPKPARAMETERS				 145

-#define EC_F_D2I_ECPRIVATEKEY				 146

-#define EC_F_ECPARAMETERS_PRINT				 147

-#define EC_F_ECPARAMETERS_PRINT_FP			 148

-#define EC_F_ECPKPARAMETERS_PRINT			 149

-#define EC_F_ECPKPARAMETERS_PRINT_FP			 150

-#define EC_F_ECP_NIST_MOD_192				 203

-#define EC_F_ECP_NIST_MOD_224				 204

-#define EC_F_ECP_NIST_MOD_256				 205

-#define EC_F_ECP_NIST_MOD_521				 206

-#define EC_F_EC_ASN1_GROUP2CURVE			 153

-#define EC_F_EC_ASN1_GROUP2FIELDID			 154

-#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155

-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156

-#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157

-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158

-#define EC_F_EC_EX_DATA_SET_DATA			 211

-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY		 208

-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT	 159

-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE		 195

-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT			 160

-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT			 161

-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162

-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163

-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES	 164

-#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133

-#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134

-#define EC_F_EC_GFP_MONT_FIELD_MUL			 131

-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE		 209

-#define EC_F_EC_GFP_MONT_FIELD_SQR			 132

-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE		 189

-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP		 135

-#define EC_F_EC_GFP_NIST_FIELD_MUL			 200

-#define EC_F_EC_GFP_NIST_FIELD_SQR			 201

-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE		 202

-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 165

-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE		 166

-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100

-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101

-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102

-#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103

-#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104

-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137

-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES	 167

-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105

-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES	 168

-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128

-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES	 169

-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129

-#define EC_F_EC_GROUP_CHECK				 170

-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 171

-#define EC_F_EC_GROUP_COPY				 106

-#define EC_F_EC_GROUP_GET0_GENERATOR			 139

-#define EC_F_EC_GROUP_GET_COFACTOR			 140

-#define EC_F_EC_GROUP_GET_CURVE_GF2M			 172

-#define EC_F_EC_GROUP_GET_CURVE_GFP			 130

-#define EC_F_EC_GROUP_GET_DEGREE			 173

-#define EC_F_EC_GROUP_GET_ORDER				 141

-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS		 193

-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS		 194

-#define EC_F_EC_GROUP_NEW				 108

-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME			 174

-#define EC_F_EC_GROUP_NEW_FROM_DATA			 175

-#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142

-#define EC_F_EC_GROUP_SET_CURVE_GF2M			 176

-#define EC_F_EC_GROUP_SET_CURVE_GFP			 109

-#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110

-#define EC_F_EC_GROUP_SET_GENERATOR			 111

-#define EC_F_EC_KEY_CHECK_KEY				 177

-#define EC_F_EC_KEY_COPY				 178

-#define EC_F_EC_KEY_GENERATE_KEY			 179

-#define EC_F_EC_KEY_NEW					 182

-#define EC_F_EC_KEY_PRINT				 180

-#define EC_F_EC_KEY_PRINT_FP				 181

-#define EC_F_EC_POINTS_MAKE_AFFINE			 136

-#define EC_F_EC_POINTS_MUL				 138

-#define EC_F_EC_POINT_ADD				 112

-#define EC_F_EC_POINT_CMP				 113

-#define EC_F_EC_POINT_COPY				 114

-#define EC_F_EC_POINT_DBL				 115

-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M	 183

-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116

-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117

-#define EC_F_EC_POINT_INVERT				 210

-#define EC_F_EC_POINT_IS_AT_INFINITY			 118

-#define EC_F_EC_POINT_IS_ON_CURVE			 119

-#define EC_F_EC_POINT_MAKE_AFFINE			 120

-#define EC_F_EC_POINT_MUL				 184

-#define EC_F_EC_POINT_NEW				 121

-#define EC_F_EC_POINT_OCT2POINT				 122

-#define EC_F_EC_POINT_POINT2OCT				 123

-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M	 185

-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124

-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M	 186

-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125

-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126

-#define EC_F_EC_POINT_SET_TO_INFINITY			 127

-#define EC_F_EC_PRE_COMP_DUP				 207

-#define EC_F_EC_PRE_COMP_NEW				 196

-#define EC_F_EC_WNAF_MUL				 187

-#define EC_F_EC_WNAF_PRECOMPUTE_MULT			 188

-#define EC_F_I2D_ECPARAMETERS				 190

-#define EC_F_I2D_ECPKPARAMETERS				 191

-#define EC_F_I2D_ECPRIVATEKEY				 192

-#define EC_F_I2O_ECPUBLICKEY				 151

-#define EC_F_O2I_ECPUBLICKEY				 152

-/* Reason codes. */

-#define EC_R_ASN1_ERROR					 115

-#define EC_R_ASN1_UNKNOWN_FIELD				 116

-#define EC_R_BUFFER_TOO_SMALL				 100

-#define EC_R_D2I_ECPKPARAMETERS_FAILURE			 117

-#define EC_R_DISCRIMINANT_IS_ZERO			 118

-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE		 119

-#define EC_R_FIELD_TOO_LARGE				 138

-#define EC_R_GROUP2PKPARAMETERS_FAILURE			 120

-#define EC_R_I2D_ECPKPARAMETERS_FAILURE			 121

-#define EC_R_INCOMPATIBLE_OBJECTS			 101

-#define EC_R_INVALID_ARGUMENT				 112

-#define EC_R_INVALID_COMPRESSED_POINT			 110

-#define EC_R_INVALID_COMPRESSION_BIT			 109

-#define EC_R_INVALID_ENCODING				 102

-#define EC_R_INVALID_FIELD				 103

-#define EC_R_INVALID_FORM				 104

-#define EC_R_INVALID_GROUP_ORDER			 122

-#define EC_R_INVALID_PENTANOMIAL_BASIS			 132

-#define EC_R_INVALID_PRIVATE_KEY			 123

-#define EC_R_INVALID_TRINOMIAL_BASIS			 137

-#define EC_R_MISSING_PARAMETERS				 124

-#define EC_R_MISSING_PRIVATE_KEY			 125

-#define EC_R_NOT_A_NIST_PRIME				 135

-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136

-#define EC_R_NOT_IMPLEMENTED				 126

-#define EC_R_NOT_INITIALIZED				 111

-#define EC_R_NO_FIELD_MOD				 133

-#define EC_R_PASSED_NULL_PARAMETER			 134

-#define EC_R_PKPARAMETERS2GROUP_FAILURE			 127

-#define EC_R_POINT_AT_INFINITY				 106

-#define EC_R_POINT_IS_NOT_ON_CURVE			 107

-#define EC_R_SLOT_FULL					 108

-#define EC_R_UNDEFINED_GENERATOR			 113

-#define EC_R_UNDEFINED_ORDER				 128

-#define EC_R_UNKNOWN_GROUP				 129

-#define EC_R_UNKNOWN_ORDER				 114

-#define EC_R_UNSUPPORTED_FIELD				 131

-#define EC_R_WRONG_ORDER				 130

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ecdh.h

+++ /dev/null

@@ -1,123 +1,0 @@

-/* crypto/ecdh/ecdh.h */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH software is originally written by Douglas Stebila of

- * Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ECDH_H

-#define HEADER_ECDH_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_ECDH

-#error ECDH is disabled.

-#endif

-#include <openssl/ec.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef __cplusplus

-extern "C" {

-#endif

-const ECDH_METHOD *ECDH_OpenSSL(void);

-void	  ECDH_set_default_method(const ECDH_METHOD *);

-const ECDH_METHOD *ECDH_get_default_method(void);

-int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);

-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,

-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));

-int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new

-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);

-void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ECDH_strings(void);

-/* Error codes for the ECDH functions. */

-/* Function codes. */

-#define ECDH_F_ECDH_COMPUTE_KEY				 100

-#define ECDH_F_ECDH_DATA_NEW_METHOD			 101

-/* Reason codes. */

-#define ECDH_R_KDF_FAILED				 102

-#define ECDH_R_NO_PRIVATE_VALUE				 100

-#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ecdsa.h

+++ /dev/null

@@ -1,271 +1,0 @@

-/* crypto/ecdsa/ecdsa.h */

-/**

- * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions

- * \author Written by Nils Larsch for the OpenSSL project

- */

-/* ====================================================================

- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ECDSA_H

-#define HEADER_ECDSA_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_ECDSA

-#error ECDSA is disabled.

-#endif

-#include <openssl/ec.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef __cplusplus

-extern "C" {

-#endif

-typedef struct ECDSA_SIG_st

-	{

-	BIGNUM *r;

-	BIGNUM *s;

-	} ECDSA_SIG;

-/** ECDSA_SIG *ECDSA_SIG_new(void)

- * allocates and initialize a ECDSA_SIG structure

- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred

- */

-ECDSA_SIG *ECDSA_SIG_new(void);

-/** ECDSA_SIG_free

- * frees a ECDSA_SIG structure

- * \param a pointer to the ECDSA_SIG structure

- */

-void	  ECDSA_SIG_free(ECDSA_SIG *a);

-/** i2d_ECDSA_SIG

- * DER encode content of ECDSA_SIG object (note: this function modifies *pp

- * (*pp += length of the DER encoded signature)).

- * \param a  pointer to the ECDSA_SIG object

- * \param pp pointer to a unsigned char pointer for the output or NULL

- * \return the length of the DER encoded ECDSA_SIG object or 0

- */

-int	  i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);

-/** d2i_ECDSA_SIG

- * decodes a DER encoded ECDSA signature (note: this function changes *pp

- * (*pp += len)).

- * \param v pointer to ECDSA_SIG pointer (may be NULL)

- * \param pp buffer with the DER encoded signature

- * \param len bufferlength

- * \return pointer to the decoded ECDSA_SIG structure (or NULL)

- */

-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);

-/** ECDSA_do_sign

- * computes the ECDSA signature of the given hash value using

- * the supplied private key and returns the created signature.

- * \param dgst pointer to the hash value

- * \param dgst_len length of the hash value

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return pointer to a ECDSA_SIG structure or NULL

- */

-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);

-/** ECDSA_do_sign_ex

- * computes ECDSA signature of a given hash value using the supplied

- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).

- * \param dgst pointer to the hash value to sign

- * \param dgstlen length of the hash value

- * \param kinv optional pointer to a pre-computed inverse k

- * \param rp optional pointer to the pre-computed rp value (see

- *        ECDSA_sign_setup

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return pointer to a ECDSA_SIG structure or NULL

- */

-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,

-		const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);

-/** ECDSA_do_verify

- * verifies that the supplied signature is a valid ECDSA

- * signature of the supplied hash value using the supplied public key.

- * \param dgst pointer to the hash value

- * \param dgst_len length of the hash value

- * \param sig  pointer to the ECDSA_SIG structure

- * \param eckey pointer to the EC_KEY object containing a public EC key

- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error

- */

-int	  ECDSA_do_verify(const unsigned char *dgst, int dgst_len,

-		const ECDSA_SIG *sig, EC_KEY* eckey);

-const ECDSA_METHOD *ECDSA_OpenSSL(void);

-/** ECDSA_set_default_method

- * sets the default ECDSA method

- * \param meth the new default ECDSA_METHOD

- */

-void	  ECDSA_set_default_method(const ECDSA_METHOD *meth);

-/** ECDSA_get_default_method

- * returns the default ECDSA method

- * \return pointer to ECDSA_METHOD structure containing the default method

- */

-const ECDSA_METHOD *ECDSA_get_default_method(void);

-/** ECDSA_set_method

- * sets method to be used for the ECDSA operations

- * \param eckey pointer to the EC_KEY object

- * \param meth  pointer to the new method

- * \return 1 on success and 0 otherwise

- */

-int 	  ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);

-/** ECDSA_size

- * returns the maximum length of the DER encoded signature

- * \param  eckey pointer to a EC_KEY object

- * \return numbers of bytes required for the DER encoded signature

- */

-int	  ECDSA_size(const EC_KEY *eckey);

-/** ECDSA_sign_setup

- * precompute parts of the signing operation.

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \param ctx  pointer to a BN_CTX object (may be NULL)

- * \param kinv pointer to a BIGNUM pointer for the inverse of k

- * \param rp   pointer to a BIGNUM pointer for x coordinate of k * generator

- * \return 1 on success and 0 otherwise

- */

-int 	  ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,

-		BIGNUM **rp);

-/** ECDSA_sign

- * computes ECDSA signature of a given hash value using the supplied

- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).

- * \param type this parameter is ignored

- * \param dgst pointer to the hash value to sign

- * \param dgstlen length of the hash value

- * \param sig buffer to hold the DER encoded signature

- * \param siglen pointer to the length of the returned signature

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return 1 on success and 0 otherwise

- */

-int	  ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,

-		unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);

-/** ECDSA_sign_ex

- * computes ECDSA signature of a given hash value using the supplied

- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).

- * \param type this parameter is ignored

- * \param dgst pointer to the hash value to sign

- * \param dgstlen length of the hash value

- * \param sig buffer to hold the DER encoded signature

- * \param siglen pointer to the length of the returned signature

- * \param kinv optional pointer to a pre-computed inverse k

- * \param rp optional pointer to the pre-computed rp value (see

- *        ECDSA_sign_setup

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return 1 on success and 0 otherwise

- */

-int	  ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,

-		unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,

-		const BIGNUM *rp, EC_KEY *eckey);

-/** ECDSA_verify

- * verifies that the given signature is valid ECDSA signature

- * of the supplied hash value using the specified public key.

- * \param type this parameter is ignored

- * \param dgst pointer to the hash value

- * \param dgstlen length of the hash value

- * \param sig  pointer to the DER encoded signature

- * \param siglen length of the DER encoded signature

- * \param eckey pointer to the EC_KEY object containing a public EC key

- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error

- */

-int 	  ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,

-		const unsigned char *sig, int siglen, EC_KEY *eckey);

-/* the standard ex_data functions */

-int 	  ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new

-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int 	  ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);

-void 	  *ECDSA_get_ex_data(EC_KEY *d, int idx);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ECDSA_strings(void);

-/* Error codes for the ECDSA functions. */

-/* Function codes. */

-#define ECDSA_F_ECDSA_DATA_NEW_METHOD			 100

-#define ECDSA_F_ECDSA_DO_SIGN				 101

-#define ECDSA_F_ECDSA_DO_VERIFY				 102

-#define ECDSA_F_ECDSA_SIGN_SETUP			 103

-/* Reason codes. */

-#define ECDSA_R_BAD_SIGNATURE				 100

-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 101

-#define ECDSA_R_ERR_EC_LIB				 102

-#define ECDSA_R_MISSING_PARAMETERS			 103

-#define ECDSA_R_NEED_NEW_SETUP_VALUES			 106

-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104

-#define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/engine.h

+++ /dev/null

@@ -1,785 +1,0 @@

-/* openssl/engine.h */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_ENGINE_H

-#define HEADER_ENGINE_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_ENGINE

-#error ENGINE is disabled.

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#ifndef OPENSSL_NO_ECDH

-#include <openssl/ecdh.h>

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#include <openssl/ecdsa.h>

-#endif

-#include <openssl/rand.h>

-#include <openssl/store.h>

-#include <openssl/ui.h>

-#include <openssl/err.h>

-#endif

-#include <openssl/ossl_typ.h>

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* These flags are used to control combinations of algorithm (methods)

- * by bitwise "OR"ing. */

-#define ENGINE_METHOD_RSA		(unsigned int)0x0001

-#define ENGINE_METHOD_DSA		(unsigned int)0x0002

-#define ENGINE_METHOD_DH		(unsigned int)0x0004

-#define ENGINE_METHOD_RAND		(unsigned int)0x0008

-#define ENGINE_METHOD_ECDH		(unsigned int)0x0010

-#define ENGINE_METHOD_ECDSA		(unsigned int)0x0020

-#define ENGINE_METHOD_CIPHERS		(unsigned int)0x0040

-#define ENGINE_METHOD_DIGESTS		(unsigned int)0x0080

-#define ENGINE_METHOD_STORE		(unsigned int)0x0100

-/* Obvious all-or-nothing cases. */

-#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF

-#define ENGINE_METHOD_NONE		(unsigned int)0x0000

-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used

- * internally to control registration of ENGINE implementations, and can be set

- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to

- * initialise registered ENGINEs if they are not already initialised. */

-#define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001

-/* ENGINE flags that can be set by ENGINE_set_flags(). */

-/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */

-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related

- * control commands on their own. Without this flag, ENGINE_ctrl() handles these

- * control commands on behalf of the ENGINE using their "cmd_defns" data. */

-#define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002

-/* This flag is for ENGINEs who return new duplicate structures when found via

- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()

- * commands are called in sequence as part of some stateful process like

- * key-generation setup and execution), it can set this flag - then each attempt

- * to obtain the ENGINE will result in it being copied into a new structure.

- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments

- * the existing ENGINE's structural reference count. */

-#define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004

-/* ENGINEs can support their own command types, and these flags are used in

- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each

- * command expects. Currently only numeric and string input is supported. If a

- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,

- * then it is regarded as an "internal" control command - and not for use in

- * config setting situations. As such, they're not available to the

- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to

- * this list of 'command types' should be reflected carefully in

- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */

-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */

-#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001

-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to

- * ENGINE_ctrl) */

-#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002

-/* Indicates that the control command takes *no* input. Ie. the control command

- * is unparameterised. */

-#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004

-/* Indicates that the control command is internal. This control command won't

- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()

- * function. */

-#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008

-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs

- * relying on these commands should compile conditional support for

- * compatibility (eg. if these symbols are defined) but should also migrate the

- * same functionality to their own ENGINE-specific control functions that can be

- * "discovered" by calling applications. The fact these control commands

- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the

- * fact that application code can find and use them without requiring per-ENGINE

- * hacking. */

-/* These flags are used to tell the ctrl function what should be done.

- * All command numbers are shared between all engines, even if some don't

- * make sense to some engines.  In such a case, they do nothing but return

- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */

-#define ENGINE_CTRL_SET_LOGSTREAM		1

-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2

-#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any

-						     handles/connections etc. */

-#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */

-#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used

-						     when calling the password

-						     callback and the user

-						     interface */

-#define ENGINE_CTRL_LOAD_CONFIGURATION		6 /* Load a configuration, given

-						     a string that represents a

-						     file name or so */

-#define ENGINE_CTRL_LOAD_SECTION		7 /* Load data from a given

-						     section in the already loaded

-						     configuration */

-/* These control commands allow an application to deal with an arbitrary engine

- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE

- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,

- * including ENGINE-specific command types, return zero for an error.

- *

- * An ENGINE can choose to implement these ctrl functions, and can internally

- * manage things however it chooses - it does so by setting the

- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the

- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns

- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()

- * handler need only implement its own commands - the above "meta" commands will

- * be taken care of. */

-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then

- * all the remaining control commands will return failure, so it is worth

- * checking this first if the caller is trying to "discover" the engine's

- * capabilities and doesn't want errors generated unnecessarily. */

-#define ENGINE_CTRL_HAS_CTRL_FUNCTION		10

-/* Returns a positive command number for the first command supported by the

- * engine. Returns zero if no ctrl commands are supported. */

-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11

-/* The 'long' argument specifies a command implemented by the engine, and the

- * return value is the next command supported, or zero if there are no more. */

-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12

-/* The 'void*' argument is a command name (cast from 'const char *'), and the

- * return value is the command that corresponds to it. */

-#define ENGINE_CTRL_GET_CMD_FROM_NAME		13

-/* The next two allow a command to be converted into its corresponding string

- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN

- * case, the return value is the length of the command name (not counting a

- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer

- * large enough, and it will be populated with the name of the command (WITH a

- * trailing EOL). */

-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14

-#define ENGINE_CTRL_GET_NAME_FROM_CMD		15

-/* The next two are similar but give a "short description" of a command. */

-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16

-#define ENGINE_CTRL_GET_DESC_FROM_CMD		17

-/* With this command, the return value is the OR'd combination of

- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given

- * engine-specific ctrl command expects. */

-#define ENGINE_CTRL_GET_CMD_FLAGS		18

-/* ENGINE implementations should start the numbering of their own control

- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */

-#define ENGINE_CMD_BASE				200

-/* NB: These 2 nCipher "chil" control commands are deprecated, and their

- * functionality is now available through ENGINE-specific control commands

- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2

- * commands should be migrated to the more general command handling before these

- * are removed. */

-/* Flags specific to the nCipher "chil" engine */

-#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100

-	/* Depending on the value of the (long)i argument, this sets or

-	 * unsets the SimpleForkCheck flag in the CHIL API to enable or

-	 * disable checking and workarounds for applications that fork().

-	 */

-#define ENGINE_CTRL_CHIL_NO_LOCKING		101

-	/* This prevents the initialisation function from providing mutex

-	 * callbacks to the nCipher library. */

-/* If an ENGINE supports its own specific control commands and wishes the

- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its

- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries

- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that

- * supports the stated commands (ie. the "cmd_num" entries as described by the

- * array). NB: The array must be ordered in increasing order of cmd_num.

- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set

- * to zero and/or cmd_name set to NULL. */

-typedef struct ENGINE_CMD_DEFN_st

-	{

-	unsigned int cmd_num; /* The command number */

-	const char *cmd_name; /* The command name itself */

-	const char *cmd_desc; /* A short description of the command */

-	unsigned int cmd_flags; /* The input the command expects */

-	} ENGINE_CMD_DEFN;

-/* Generic function pointer */

-typedef int (*ENGINE_GEN_FUNC_PTR)(void);

-/* Generic function pointer taking no arguments */

-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);

-/* Specific control function pointer */

-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));

-/* Generic load_key function pointer */

-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,

-	UI_METHOD *ui_method, void *callback_data);

-/* These callback types are for an ENGINE's handler for cipher and digest logic.

- * These handlers have these prototypes;

- *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);

- *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);

- * Looking at how to implement these handlers in the case of cipher support, if

- * the framework wants the EVP_CIPHER for 'nid', it will call;

- *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)

- * If the framework wants a list of supported 'nid's, it will call;

- *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)

- */

-/* Returns to a pointer to the array of supported cipher 'nid's. If the second

- * parameter is non-NULL it is set to the size of the returned array. */

-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);

-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);

-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE

- * structures where the pointers have a "structural reference". This means that

- * their reference is to allowed access to the structure but it does not imply

- * that the structure is functional. To simply increment or decrement the

- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not

- * required when iterating using ENGINE_get_next as it will automatically

- * decrement the structural reference count of the "current" ENGINE and

- * increment the structural reference count of the ENGINE it returns (unless it

- * is NULL). */

-/* Get the first/last "ENGINE" type available. */

-ENGINE *ENGINE_get_first(void);

-ENGINE *ENGINE_get_last(void);

-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */

-ENGINE *ENGINE_get_next(ENGINE *e);

-ENGINE *ENGINE_get_prev(ENGINE *e);

-/* Add another "ENGINE" type into the array. */

-int ENGINE_add(ENGINE *e);

-/* Remove an existing "ENGINE" type from the array. */

-int ENGINE_remove(ENGINE *e);

-/* Retrieve an engine from the list by its unique "id" value. */

-ENGINE *ENGINE_by_id(const char *id);

-/* Add all the built-in engines. */

-void ENGINE_load_openssl(void);

-void ENGINE_load_dynamic(void);

-#ifndef OPENSSL_NO_STATIC_ENGINE

-void ENGINE_load_4758cca(void);

-void ENGINE_load_aep(void);

-void ENGINE_load_atalla(void);

-void ENGINE_load_chil(void);

-void ENGINE_load_cswift(void);

-#ifndef OPENSSL_NO_GMP

-void ENGINE_load_gmp(void);

-#endif

-void ENGINE_load_nuron(void);

-void ENGINE_load_sureware(void);

-void ENGINE_load_ubsec(void);

-#endif

-void ENGINE_load_cryptodev(void);

-void ENGINE_load_padlock(void);

-void ENGINE_load_builtin_engines(void);

-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation

- * "registry" handling. */

-unsigned int ENGINE_get_table_flags(void);

-void ENGINE_set_table_flags(unsigned int flags);

-/* Manage registration of ENGINEs per "table". For each type, there are 3

- * functions;

- *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)

- *   ENGINE_unregister_***(e) - unregister the implementation from 'e'

- *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list

- * Cleanup is automatically registered from each table when required, so

- * ENGINE_cleanup() will reverse any "register" operations. */

-int ENGINE_register_RSA(ENGINE *e);

-void ENGINE_unregister_RSA(ENGINE *e);

-void ENGINE_register_all_RSA(void);

-int ENGINE_register_DSA(ENGINE *e);

-void ENGINE_unregister_DSA(ENGINE *e);

-void ENGINE_register_all_DSA(void);

-int ENGINE_register_ECDH(ENGINE *e);

-void ENGINE_unregister_ECDH(ENGINE *e);

-void ENGINE_register_all_ECDH(void);

-int ENGINE_register_ECDSA(ENGINE *e);

-void ENGINE_unregister_ECDSA(ENGINE *e);

-void ENGINE_register_all_ECDSA(void);

-int ENGINE_register_DH(ENGINE *e);

-void ENGINE_unregister_DH(ENGINE *e);

-void ENGINE_register_all_DH(void);

-int ENGINE_register_RAND(ENGINE *e);

-void ENGINE_unregister_RAND(ENGINE *e);

-void ENGINE_register_all_RAND(void);

-int ENGINE_register_STORE(ENGINE *e);

-void ENGINE_unregister_STORE(ENGINE *e);

-void ENGINE_register_all_STORE(void);

-int ENGINE_register_ciphers(ENGINE *e);

-void ENGINE_unregister_ciphers(ENGINE *e);

-void ENGINE_register_all_ciphers(void);

-int ENGINE_register_digests(ENGINE *e);

-void ENGINE_unregister_digests(ENGINE *e);

-void ENGINE_register_all_digests(void);

-/* These functions register all support from the above categories. Note, use of

- * these functions can result in static linkage of code your application may not

- * need. If you only need a subset of functionality, consider using more

- * selective initialisation. */

-int ENGINE_register_complete(ENGINE *e);

-int ENGINE_register_all_complete(void);

-/* Send parametrised control commands to the engine. The possibilities to send

- * down an integer, a pointer to data or a function pointer are provided. Any of

- * the parameters may or may not be NULL, depending on the command number. In

- * actuality, this function only requires a structural (rather than functional)

- * reference to an engine, but many control commands may require the engine be

- * functional. The caller should be aware of trying commands that require an

- * operational ENGINE, and only use functional references in such situations. */

-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-/* This function tests if an ENGINE-specific command is usable as a "setting".

- * Eg. in an application's config file that gets processed through

- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to

- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */

-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);

-/* This function works like ENGINE_ctrl() with the exception of taking a

- * command name instead of a command number, and can handle optional commands.

- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to

- * use the cmd_name and cmd_optional. */

-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,

-        long i, void *p, void (*f)(void), int cmd_optional);

-/* This function passes a command-name and argument to an ENGINE. The cmd_name

- * is converted to a command number and the control command is called using

- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in

- * which case no control command is called). The command is checked for input

- * flags, and if necessary the argument will be converted to a numeric value. If

- * cmd_optional is non-zero, then if the ENGINE doesn't support the given

- * cmd_name the return value will be success anyway. This function is intended

- * for applications to use so that users (or config files) can supply

- * engine-specific config data to the ENGINE at run-time to control behaviour of

- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()

- * functions that return data, deal with binary data, or that are otherwise

- * supposed to be used directly through ENGINE_ctrl() in application code. Any

- * "return" data from an ENGINE_ctrl() operation in this function will be lost -

- * the return value is interpreted as failure if the return value is zero,

- * success otherwise, and this function returns a boolean value as a result. In

- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE

- * implementations with parameterisations that work in this scheme, so that

- * compliant ENGINE-based applications can work consistently with the same

- * configuration for the same ENGINE-enabled devices, across applications. */

-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,

-				int cmd_optional);

-/* These functions are useful for manufacturing new ENGINE structures. They

- * don't address reference counting at all - one uses them to populate an ENGINE

- * structure with personalised implementations of things prior to using it

- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also

- * here so that the ENGINE structure doesn't have to be exposed and break binary

- * compatibility! */

-ENGINE *ENGINE_new(void);

-int ENGINE_free(ENGINE *e);

-int ENGINE_up_ref(ENGINE *e);

-int ENGINE_set_id(ENGINE *e, const char *id);

-int ENGINE_set_name(ENGINE *e, const char *name);

-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);

-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);

-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);

-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);

-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);

-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);

-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);

-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);

-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);

-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);

-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);

-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);

-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);

-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);

-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);

-int ENGINE_set_flags(ENGINE *e, int flags);

-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);

-/* These functions allow control over any per-structure ENGINE data. */

-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);

-void *ENGINE_get_ex_data(const ENGINE *e, int idx);

-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function

- * automatically ensures the list cleanup function is registered to be called

- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure

- * ENGINE_cleanup() will clean up after them. */

-void ENGINE_cleanup(void);

-/* These return values from within the ENGINE structure. These can be useful

- * with functional references as well as structural references - it depends

- * which you obtained. Using the result for functional purposes if you only

- * obtained a structural reference may be problematic! */

-const char *ENGINE_get_id(const ENGINE *e);

-const char *ENGINE_get_name(const ENGINE *e);

-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);

-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);

-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);

-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);

-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);

-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);

-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);

-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);

-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);

-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);

-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);

-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);

-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);

-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);

-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);

-int ENGINE_get_flags(const ENGINE *e);

-/* FUNCTIONAL functions. These functions deal with ENGINE structures

- * that have (or will) be initialised for use. Broadly speaking, the

- * structural functions are useful for iterating the list of available

- * engine types, creating new engine types, and other "list" operations.

- * These functions actually deal with ENGINEs that are to be used. As

- * such these functions can fail (if applicable) when particular

- * engines are unavailable - eg. if a hardware accelerator is not

- * attached or not functioning correctly. Each ENGINE has 2 reference

- * counts; structural and functional. Every time a functional reference

- * is obtained or released, a corresponding structural reference is

- * automatically obtained or released too. */

-/* Initialise a engine type for use (or up its reference count if it's

- * already in use). This will fail if the engine is not currently

- * operational and cannot initialise. */

-int ENGINE_init(ENGINE *e);

-/* Free a functional reference to a engine type. This does not require

- * a corresponding call to ENGINE_free as it also releases a structural

- * reference. */

-int ENGINE_finish(ENGINE *e);

-/* The following functions handle keys that are stored in some secondary

- * location, handled by the engine.  The storage may be on a card or

- * whatever. */

-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-/* This returns a pointer for the current ENGINE structure that

- * is (by default) performing any RSA operations. The value returned

- * is an incremented reference, so it should be free'd (ENGINE_finish)

- * before it is discarded. */

-ENGINE *ENGINE_get_default_RSA(void);

-/* Same for the other "methods" */

-ENGINE *ENGINE_get_default_DSA(void);

-ENGINE *ENGINE_get_default_ECDH(void);

-ENGINE *ENGINE_get_default_ECDSA(void);

-ENGINE *ENGINE_get_default_DH(void);

-ENGINE *ENGINE_get_default_RAND(void);

-/* These functions can be used to get a functional reference to perform

- * ciphering or digesting corresponding to "nid". */

-ENGINE *ENGINE_get_cipher_engine(int nid);

-ENGINE *ENGINE_get_digest_engine(int nid);

-/* This sets a new default ENGINE structure for performing RSA

- * operations. If the result is non-zero (success) then the ENGINE

- * structure will have had its reference count up'd so the caller

- * should still free their own reference 'e'. */

-int ENGINE_set_default_RSA(ENGINE *e);

-int ENGINE_set_default_string(ENGINE *e, const char *def_list);

-/* Same for the other "methods" */

-int ENGINE_set_default_DSA(ENGINE *e);

-int ENGINE_set_default_ECDH(ENGINE *e);

-int ENGINE_set_default_ECDSA(ENGINE *e);

-int ENGINE_set_default_DH(ENGINE *e);

-int ENGINE_set_default_RAND(ENGINE *e);

-int ENGINE_set_default_ciphers(ENGINE *e);

-int ENGINE_set_default_digests(ENGINE *e);

-/* The combination "set" - the flags are bitwise "OR"d from the

- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"

- * function, this function can result in unnecessary static linkage. If your

- * application requires only specific functionality, consider using more

- * selective functions. */

-int ENGINE_set_default(ENGINE *e, unsigned int flags);

-void ENGINE_add_conf_module(void);

-/* Deprecated functions ... */

-/* int ENGINE_clear_defaults(void); */

-/**************************/

-/* DYNAMIC ENGINE SUPPORT */

-/**************************/

-/* Binary/behaviour compatibility levels */

-#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00020000

-/* Binary versions older than this are too old for us (whether we're a loader or

- * a loadee) */

-#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00020000

-/* When compiling an ENGINE entirely as an external shared library, loadable by

- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure

- * type provides the calling application's (or library's) error functionality

- * and memory management function pointers to the loaded library. These should

- * be used/set in the loaded library code so that the loading application's

- * 'state' will be used/changed in all operations. The 'static_state' pointer

- * allows the loaded library to know if it shares the same static data as the

- * calling application (or library), and thus whether these callbacks need to be

- * set or not. */

-typedef void *(*dyn_MEM_malloc_cb)(size_t);

-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);

-typedef void (*dyn_MEM_free_cb)(void *);

-typedef struct st_dynamic_MEM_fns {

-	dyn_MEM_malloc_cb			malloc_cb;

-	dyn_MEM_realloc_cb			realloc_cb;

-	dyn_MEM_free_cb				free_cb;

-	} dynamic_MEM_fns;

-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use

- * these types so we (and any other dependant code) can simplify a bit?? */

-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);

-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);

-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(

-						const char *,int);

-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,

-						const char *,int);

-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,

-						const char *,int);

-typedef struct st_dynamic_LOCK_fns {

-	dyn_lock_locking_cb			lock_locking_cb;

-	dyn_lock_add_lock_cb			lock_add_lock_cb;

-	dyn_dynlock_create_cb			dynlock_create_cb;

-	dyn_dynlock_lock_cb			dynlock_lock_cb;

-	dyn_dynlock_destroy_cb			dynlock_destroy_cb;

-	} dynamic_LOCK_fns;

-/* The top-level structure */

-typedef struct st_dynamic_fns {

-	void 					*static_state;

-	const ERR_FNS				*err_fns;

-	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;

-	dynamic_MEM_fns				mem_fns;

-	dynamic_LOCK_fns			lock_fns;

-	} dynamic_fns;

-/* The version checking function should be of this prototype. NB: The

- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.

- * If this function returns zero, it indicates a (potential) version

- * incompatibility and the loaded library doesn't believe it can proceed.

- * Otherwise, the returned value is the (latest) version supported by the

- * loading library. The loader may still decide that the loaded code's version

- * is unsatisfactory and could veto the load. The function is expected to

- * be implemented with the symbol name "v_check", and a default implementation

- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */

-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);

-#define IMPLEMENT_DYNAMIC_CHECK_FN() \

-	OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \

-		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \

-		return 0; }

-/* This function is passed the ENGINE structure to initialise with its own

- * function and command settings. It should not adjust the structural or

- * functional reference counts. If this function returns zero, (a) the load will

- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the

- * structure, and (c) the shared library will be unloaded. So implementations

- * should do their own internal cleanup in failure circumstances otherwise they

- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that

- * the loader is looking for. If this is NULL, the shared library can choose to

- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared

- * library must initialise only an ENGINE matching the passed 'id'. The function

- * is expected to be implemented with the symbol name "bind_engine". A standard

- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where

- * the parameter 'fn' is a callback function that populates the ENGINE structure

- * and returns an int value (zero for failure). 'fn' should have prototype;

- *    [static] int fn(ENGINE *e, const char *id); */

-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,

-				const dynamic_fns *fns);

-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \

-	OPENSSL_EXPORT \

-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \

-		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \

-		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \

-			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \

-			return 0; \

-		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \

-		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \

-		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \

-		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \

-		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \

-		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \

-			return 0; \

-		if(!ERR_set_implementation(fns->err_fns)) return 0; \

-	skip_cbs: \

-		if(!fn(e,id)) return 0; \

-		return 1; }

-/* If the loading application (or library) and the loaded ENGINE library share

- * the same static data (eg. they're both dynamically linked to the same

- * libcrypto.so) we need a way to avoid trying to set system callbacks - this

- * would fail, and for the same reason that it's unnecessary to try. If the

- * loaded ENGINE has (or gets from through the loader) its own copy of the

- * libcrypto static data, we will need to set the callbacks. The easiest way to

- * detect this is to have a function that returns a pointer to some static data

- * and let the loading application and loaded ENGINE compare their respective

- * values. */

-void *ENGINE_get_static_state(void);

-#if defined(__OpenBSD__) || defined(__FreeBSD__)

-void ENGINE_setup_bsd_cryptodev(void);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ENGINE_strings(void);

-/* Error codes for the ENGINE functions. */

-/* Function codes. */

-#define ENGINE_F_DYNAMIC_CTRL				 180

-#define ENGINE_F_DYNAMIC_GET_DATA_CTX			 181

-#define ENGINE_F_DYNAMIC_LOAD				 182

-#define ENGINE_F_DYNAMIC_SET_DATA_CTX			 183

-#define ENGINE_F_ENGINE_ADD				 105

-#define ENGINE_F_ENGINE_BY_ID				 106

-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE		 170

-#define ENGINE_F_ENGINE_CTRL				 142

-#define ENGINE_F_ENGINE_CTRL_CMD			 178

-#define ENGINE_F_ENGINE_CTRL_CMD_STRING			 171

-#define ENGINE_F_ENGINE_FINISH				 107

-#define ENGINE_F_ENGINE_FREE_UTIL			 108

-#define ENGINE_F_ENGINE_GET_CIPHER			 185

-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE		 177

-#define ENGINE_F_ENGINE_GET_DIGEST			 186

-#define ENGINE_F_ENGINE_GET_NEXT			 115

-#define ENGINE_F_ENGINE_GET_PREV			 116

-#define ENGINE_F_ENGINE_INIT				 119

-#define ENGINE_F_ENGINE_LIST_ADD			 120

-#define ENGINE_F_ENGINE_LIST_REMOVE			 121

-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150

-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151

-#define ENGINE_F_ENGINE_NEW				 122

-#define ENGINE_F_ENGINE_REMOVE				 123

-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING		 189

-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126

-#define ENGINE_F_ENGINE_SET_ID				 129

-#define ENGINE_F_ENGINE_SET_NAME			 130

-#define ENGINE_F_ENGINE_TABLE_REGISTER			 184

-#define ENGINE_F_ENGINE_UNLOAD_KEY			 152

-#define ENGINE_F_ENGINE_UNLOCKED_FINISH			 191

-#define ENGINE_F_ENGINE_UP_REF				 190

-#define ENGINE_F_INT_CTRL_HELPER			 172

-#define ENGINE_F_INT_ENGINE_CONFIGURE			 188

-#define ENGINE_F_INT_ENGINE_MODULE_INIT			 187

-#define ENGINE_F_LOG_MESSAGE				 141

-/* Reason codes. */

-#define ENGINE_R_ALREADY_LOADED				 100

-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER		 133

-#define ENGINE_R_CMD_NOT_EXECUTABLE			 134

-#define ENGINE_R_COMMAND_TAKES_INPUT			 135

-#define ENGINE_R_COMMAND_TAKES_NO_INPUT			 136

-#define ENGINE_R_CONFLICTING_ENGINE_ID			 103

-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119

-#define ENGINE_R_DH_NOT_IMPLEMENTED			 139

-#define ENGINE_R_DSA_NOT_IMPLEMENTED			 140

-#define ENGINE_R_DSO_FAILURE				 104

-#define ENGINE_R_DSO_NOT_FOUND				 132

-#define ENGINE_R_ENGINES_SECTION_ERROR			 148

-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105

-#define ENGINE_R_ENGINE_SECTION_ERROR			 149

-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128

-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129

-#define ENGINE_R_FINISH_FAILED				 106

-#define ENGINE_R_GET_HANDLE_FAILED			 107

-#define ENGINE_R_ID_OR_NAME_MISSING			 108

-#define ENGINE_R_INIT_FAILED				 109

-#define ENGINE_R_INTERNAL_LIST_ERROR			 110

-#define ENGINE_R_INVALID_ARGUMENT			 143

-#define ENGINE_R_INVALID_CMD_NAME			 137

-#define ENGINE_R_INVALID_CMD_NUMBER			 138

-#define ENGINE_R_INVALID_INIT_VALUE			 151

-#define ENGINE_R_INVALID_STRING				 150

-#define ENGINE_R_NOT_INITIALISED			 117

-#define ENGINE_R_NOT_LOADED				 112

-#define ENGINE_R_NO_CONTROL_FUNCTION			 120

-#define ENGINE_R_NO_INDEX				 144

-#define ENGINE_R_NO_LOAD_FUNCTION			 125

-#define ENGINE_R_NO_REFERENCE				 130

-#define ENGINE_R_NO_SUCH_ENGINE				 116

-#define ENGINE_R_NO_UNLOAD_FUNCTION			 126

-#define ENGINE_R_PROVIDE_PARAMETERS			 113

-#define ENGINE_R_RSA_NOT_IMPLEMENTED			 141

-#define ENGINE_R_UNIMPLEMENTED_CIPHER			 146

-#define ENGINE_R_UNIMPLEMENTED_DIGEST			 147

-#define ENGINE_R_VERSION_INCOMPATIBILITY		 145

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/err.h

+++ /dev/null

@@ -1,318 +1,0 @@

-/* crypto/err/err.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ERR_H

-#define HEADER_ERR_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h>

-#include <stdlib.h>

-#endif

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifndef OPENSSL_NO_LHASH

-#include <openssl/lhash.h>

-#endif

-#ifdef	__cplusplus

-extern "C" {

-#endif

-#ifndef OPENSSL_NO_ERR

-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)

-#else

-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)

-#endif

-#include <errno.h>

-#define ERR_TXT_MALLOCED	0x01

-#define ERR_TXT_STRING		0x02

-#define ERR_FLAG_MARK		0x01

-#define ERR_NUM_ERRORS	16

-typedef struct err_state_st

-	{

-	unsigned long pid;

-	int err_flags[ERR_NUM_ERRORS];

-	unsigned long err_buffer[ERR_NUM_ERRORS];

-	char *err_data[ERR_NUM_ERRORS];

-	int err_data_flags[ERR_NUM_ERRORS];

-	const char *err_file[ERR_NUM_ERRORS];

-	int err_line[ERR_NUM_ERRORS];

-	int top,bottom;

-	} ERR_STATE;

-/* library */

-#define ERR_LIB_NONE		1

-#define ERR_LIB_SYS		2

-#define ERR_LIB_BN		3

-#define ERR_LIB_RSA		4

-#define ERR_LIB_DH		5

-#define ERR_LIB_EVP		6

-#define ERR_LIB_BUF		7

-#define ERR_LIB_OBJ		8

-#define ERR_LIB_PEM		9

-#define ERR_LIB_DSA		10

-#define ERR_LIB_X509		11

-/* #define ERR_LIB_METH         12 */

-#define ERR_LIB_ASN1		13

-#define ERR_LIB_CONF		14

-#define ERR_LIB_CRYPTO		15

-#define ERR_LIB_EC		16

-#define ERR_LIB_SSL		20

-/* #define ERR_LIB_SSL23        21 */

-/* #define ERR_LIB_SSL2         22 */

-/* #define ERR_LIB_SSL3         23 */

-/* #define ERR_LIB_RSAREF       30 */

-/* #define ERR_LIB_PROXY        31 */

-#define ERR_LIB_BIO		32

-#define ERR_LIB_PKCS7		33

-#define ERR_LIB_X509V3		34

-#define ERR_LIB_PKCS12		35

-#define ERR_LIB_RAND		36

-#define ERR_LIB_DSO		37

-#define ERR_LIB_ENGINE		38

-#define ERR_LIB_OCSP            39

-#define ERR_LIB_UI              40

-#define ERR_LIB_COMP            41

-#define ERR_LIB_ECDSA		42

-#define ERR_LIB_ECDH		43

-#define ERR_LIB_STORE           44

-#define ERR_LIB_USER		128

-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)

-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)

-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)

-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)

-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)

-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)

-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)

-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)

-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)

-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)

-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)

-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)

-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)

-#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)

-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)

-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)

-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)

-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)

-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)

-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)

-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)

-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)

-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)

-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)

-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)

-#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)

-#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)

-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)

-/* Borland C seems too stupid to be able to shift and do longs in

- * the pre-processor :-( */

-#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)*0x1000000)| \

-				((((unsigned long)f)&0xfffL)*0x1000)| \

-				((((unsigned long)r)&0xfffL)))

-#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)

-#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)

-#define ERR_GET_REASON(l)	(int)((l)&0xfffL)

-#define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)

-/* OS functions */

-#define SYS_F_FOPEN		1

-#define SYS_F_CONNECT		2

-#define SYS_F_GETSERVBYNAME	3

-#define SYS_F_SOCKET		4

-#define SYS_F_IOCTLSOCKET	5

-#define SYS_F_BIND		6

-#define SYS_F_LISTEN		7

-#define SYS_F_ACCEPT		8

-#define SYS_F_WSASTARTUP	9 /* Winsock stuff */

-#define SYS_F_OPENDIR		10

-#define SYS_F_FREAD		11

-/* reasons */

-#define ERR_R_SYS_LIB	ERR_LIB_SYS       /* 2 */

-#define ERR_R_BN_LIB	ERR_LIB_BN        /* 3 */

-#define ERR_R_RSA_LIB	ERR_LIB_RSA       /* 4 */

-#define ERR_R_DH_LIB	ERR_LIB_DH        /* 5 */

-#define ERR_R_EVP_LIB	ERR_LIB_EVP       /* 6 */

-#define ERR_R_BUF_LIB	ERR_LIB_BUF       /* 7 */

-#define ERR_R_OBJ_LIB	ERR_LIB_OBJ       /* 8 */

-#define ERR_R_PEM_LIB	ERR_LIB_PEM       /* 9 */

-#define ERR_R_DSA_LIB	ERR_LIB_DSA      /* 10 */

-#define ERR_R_X509_LIB	ERR_LIB_X509     /* 11 */

-#define ERR_R_ASN1_LIB	ERR_LIB_ASN1     /* 13 */

-#define ERR_R_CONF_LIB	ERR_LIB_CONF     /* 14 */

-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */

-#define ERR_R_EC_LIB	ERR_LIB_EC       /* 16 */

-#define ERR_R_SSL_LIB	ERR_LIB_SSL      /* 20 */

-#define ERR_R_BIO_LIB	ERR_LIB_BIO      /* 32 */

-#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7    /* 33 */

-#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */

-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */

-#define ERR_R_RAND_LIB	ERR_LIB_RAND     /* 36 */

-#define ERR_R_DSO_LIB	ERR_LIB_DSO      /* 37 */

-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */

-#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */

-#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */

-#define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */

-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA	 /* 42 */

-#define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */

-#define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */

-#define ERR_R_NESTED_ASN1_ERROR			58

-#define ERR_R_BAD_ASN1_OBJECT_HEADER		59

-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		60

-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	61

-#define ERR_R_ASN1_LENGTH_MISMATCH		62

-#define ERR_R_MISSING_ASN1_EOS			63

-/* fatal error */

-#define ERR_R_FATAL				64

-#define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)

-#define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)

-#define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)

-#define	ERR_R_INTERNAL_ERROR			(4|ERR_R_FATAL)

-#define	ERR_R_DISABLED				(5|ERR_R_FATAL)

-/* 99 is the maximum possible ERR_R_... code, higher values

- * are reserved for the individual libraries */

-typedef struct ERR_string_data_st

-	{

-	unsigned long error;

-	const char *string;

-	} ERR_STRING_DATA;

-void ERR_put_error(int lib, int func,int reason,const char *file,int line);

-void ERR_set_error_data(char *data,int flags);

-unsigned long ERR_get_error(void);

-unsigned long ERR_get_error_line(const char **file,int *line);

-unsigned long ERR_get_error_line_data(const char **file,int *line,

-				      const char **data, int *flags);

-unsigned long ERR_peek_error(void);

-unsigned long ERR_peek_error_line(const char **file,int *line);

-unsigned long ERR_peek_error_line_data(const char **file,int *line,

-				       const char **data,int *flags);

-unsigned long ERR_peek_last_error(void);

-unsigned long ERR_peek_last_error_line(const char **file,int *line);

-unsigned long ERR_peek_last_error_line_data(const char **file,int *line,

-				       const char **data,int *flags);

-void ERR_clear_error(void );

-char *ERR_error_string(unsigned long e,char *buf);

-void ERR_error_string_n(unsigned long e, char *buf, size_t len);

-const char *ERR_lib_error_string(unsigned long e);

-const char *ERR_func_error_string(unsigned long e);

-const char *ERR_reason_error_string(unsigned long e);

-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),

-			 void *u);

-#ifndef OPENSSL_NO_FP_API

-void ERR_print_errors_fp(FILE *fp);

-#endif

-#ifndef OPENSSL_NO_BIO

-void ERR_print_errors(BIO *bp);

-void ERR_add_error_data(int num, ...);

-#endif

-void ERR_load_strings(int lib,ERR_STRING_DATA str[]);

-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);

-void ERR_load_ERR_strings(void);

-void ERR_load_crypto_strings(void);

-void ERR_free_strings(void);

-void ERR_remove_state(unsigned long pid); /* if zero we look it up */

-ERR_STATE *ERR_get_state(void);

-#ifndef OPENSSL_NO_LHASH

-LHASH *ERR_get_string_table(void);

-LHASH *ERR_get_err_state_table(void);

-void ERR_release_err_state_table(LHASH **hash);

-#endif

-int ERR_get_next_error_library(void);

-int ERR_set_mark(void);

-int ERR_pop_to_mark(void);

-/* Already defined in ossl_typ.h */

-/* typedef struct st_ERR_FNS ERR_FNS; */

-/* An application can use this function and provide the return value to loaded

- * modules that should use the application's ERR state/functionality */

-const ERR_FNS *ERR_get_implementation(void);

-/* A loaded module should call this function prior to any ERR operations using

- * the application's "ERR_FNS". */

-int ERR_set_implementation(const ERR_FNS *fns);

-#ifdef	__cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/evp.h

+++ /dev/null

@@ -1,979 +1,0 @@

-/* crypto/evp/evp.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ENVELOPE_H

-#define HEADER_ENVELOPE_H

-#ifdef OPENSSL_ALGORITHM_DEFINES

-# include <openssl/opensslconf.h>

-#else

-# define OPENSSL_ALGORITHM_DEFINES

-# include <openssl/opensslconf.h>

-# undef OPENSSL_ALGORITHM_DEFINES

-#endif

-#include <openssl/ossl_typ.h>

-#include <openssl/symhacks.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-/*

-#define EVP_RC2_KEY_SIZE		16

-#define EVP_RC4_KEY_SIZE		16

-#define EVP_BLOWFISH_KEY_SIZE		16

-#define EVP_CAST5_KEY_SIZE		16

-#define EVP_RC5_32_12_16_KEY_SIZE	16

-*/

-#define EVP_MAX_MD_SIZE			64	/* longest known is SHA512 */

-#define EVP_MAX_KEY_LENGTH		32

-#define EVP_MAX_IV_LENGTH		16

-#define EVP_MAX_BLOCK_LENGTH		32

-#define PKCS5_SALT_LEN			8

-/* Default PKCS#5 iteration count */

-#define PKCS5_DEFAULT_ITER		2048

-#include <openssl/objects.h>

-#define EVP_PK_RSA	0x0001

-#define EVP_PK_DSA	0x0002

-#define EVP_PK_DH	0x0004

-#define EVP_PK_EC	0x0008

-#define EVP_PKT_SIGN	0x0010

-#define EVP_PKT_ENC	0x0020

-#define EVP_PKT_EXCH	0x0040

-#define EVP_PKS_RSA	0x0100

-#define EVP_PKS_DSA	0x0200

-#define EVP_PKS_EC	0x0400

-#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */

-#define EVP_PKEY_NONE	NID_undef

-#define EVP_PKEY_RSA	NID_rsaEncryption

-#define EVP_PKEY_RSA2	NID_rsa

-#define EVP_PKEY_DSA	NID_dsa

-#define EVP_PKEY_DSA1	NID_dsa_2

-#define EVP_PKEY_DSA2	NID_dsaWithSHA

-#define EVP_PKEY_DSA3	NID_dsaWithSHA1

-#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2

-#define EVP_PKEY_DH	NID_dhKeyAgreement

-#define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey

-#ifdef	__cplusplus

-extern "C" {

-#endif

-/* Type needs to be a bit field

- * Sub-type needs to be for variations on the method, as in, can it do

- * arbitrary encryption.... */

-struct evp_pkey_st

-	{

-	int type;

-	int save_type;

-	int references;

-	union	{

-		char *ptr;

-#ifndef OPENSSL_NO_RSA

-		struct rsa_st *rsa;	/* RSA */

-#endif

-#ifndef OPENSSL_NO_DSA

-		struct dsa_st *dsa;	/* DSA */

-#endif

-#ifndef OPENSSL_NO_DH

-		struct dh_st *dh;	/* DH */

-#endif

-#ifndef OPENSSL_NO_EC

-		struct ec_key_st *ec;	/* ECC */

-#endif

-		} pkey;

-	int save_parameters;

-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */

-	} /* EVP_PKEY */;

-#define EVP_PKEY_MO_SIGN	0x0001

-#define EVP_PKEY_MO_VERIFY	0x0002

-#define EVP_PKEY_MO_ENCRYPT	0x0004

-#define EVP_PKEY_MO_DECRYPT	0x0008

-#if 0

-/* This structure is required to tie the message digest and signing together.

- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or

- * oid, md and pkey.

- * This is required because for various smart-card perform the digest and

- * signing/verification on-board.  To handle this case, the specific

- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.

- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.

- * This can either be software or a token to provide the required low level

- * routines.

- */

-typedef struct evp_pkey_md_st

-	{

-	int oid;

-	EVP_MD *md;

-	EVP_PKEY_METHOD *pkey;

-	} EVP_PKEY_MD;

-#define EVP_rsa_md2() \

-		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_md2())

-#define EVP_rsa_md5() \

-		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_md5())

-#define EVP_rsa_sha0() \

-		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_sha())

-#define EVP_rsa_sha1() \

-		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_sha1())

-#define EVP_rsa_ripemd160() \

-		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\

-			EVP_rsa_pkcs1(),EVP_ripemd160())

-#define EVP_rsa_mdc2() \

-		EVP_PKEY_MD_add(NID_mdc2WithRSA,\

-			EVP_rsa_octet_string(),EVP_mdc2())

-#define EVP_dsa_sha() \

-		EVP_PKEY_MD_add(NID_dsaWithSHA,\

-			EVP_dsa(),EVP_sha())

-#define EVP_dsa_sha1() \

-		EVP_PKEY_MD_add(NID_dsaWithSHA1,\

-			EVP_dsa(),EVP_sha1())

-typedef struct evp_pkey_method_st

-	{

-	char *name;

-	int flags;

-	int type;		/* RSA, DSA, an SSLeay specific constant */

-	int oid;		/* For the pub-key type */

-	int encrypt_oid;	/* pub/priv key encryption */

-	int (*sign)();

-	int (*verify)();

-	struct	{

-		int (*set)();	/* get and/or set the underlying type */

-		int (*get)();

-		int (*encrypt)();

-		int (*decrypt)();

-		int (*i2d)();

-		int (*d2i)();

-		int (*dup)();

-		} pub,priv;

-	int (*set_asn1_parameters)();

-	int (*get_asn1_parameters)();

-	} EVP_PKEY_METHOD;

-#endif

-#ifndef EVP_MD

-struct env_md_st

-	{

-	int type;

-	int pkey_type;

-	int md_size;

-	unsigned long flags;

-	int (*init)(EVP_MD_CTX *ctx);

-	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);

-	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);

-	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);

-	int (*cleanup)(EVP_MD_CTX *ctx);

-	/* FIXME: prototype these some day */

-	int (*sign)(int type, const unsigned char *m, unsigned int m_length,

-		    unsigned char *sigret, unsigned int *siglen, void *key);

-	int (*verify)(int type, const unsigned char *m, unsigned int m_length,

-		      const unsigned char *sigbuf, unsigned int siglen,

-		      void *key);

-	int required_pkey_type[5]; /*EVP_PKEY_xxx */

-	int block_size;

-	int ctx_size; /* how big does the ctx->md_data need to be */

-	} /* EVP_MD */;

-typedef int evp_sign_method(int type,const unsigned char *m,

-			    unsigned int m_length,unsigned char *sigret,

-			    unsigned int *siglen, void *key);

-typedef int evp_verify_method(int type,const unsigned char *m,

-			    unsigned int m_length,const unsigned char *sigbuf,

-			    unsigned int siglen, void *key);

-#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single

-					* block */

-#define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}

-#ifndef OPENSSL_NO_DSA

-#define EVP_PKEY_DSA_method	(evp_sign_method *)DSA_sign, \

-				(evp_verify_method *)DSA_verify, \

-				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \

-					EVP_PKEY_DSA4,0}

-#else

-#define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \

-				(evp_verify_method *)ECDSA_verify, \

-                                 {EVP_PKEY_EC,0,0,0}

-#else

-#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method

-#endif

-#ifndef OPENSSL_NO_RSA

-#define EVP_PKEY_RSA_method	(evp_sign_method *)RSA_sign, \

-				(evp_verify_method *)RSA_verify, \

-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}

-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \

-				(evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \

-				(evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \

-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}

-#else

-#define EVP_PKEY_RSA_method	EVP_PKEY_NULL_method

-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method

-#endif

-#endif /* !EVP_MD */

-struct env_md_ctx_st

-	{

-	const EVP_MD *digest;

-	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */

-	unsigned long flags;

-	void *md_data;

-	} /* EVP_MD_CTX */;

-/* values for EVP_MD_CTX flags */

-#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called

-						* once only */

-#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been

-						* cleaned */

-#define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data

-						* in EVP_MD_CTX_cleanup */

-struct evp_cipher_st

-	{

-	int nid;

-	int block_size;

-	int key_len;		/* Default value for variable length ciphers */

-	int iv_len;

-	unsigned long flags;	/* Various flags */

-	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-		    const unsigned char *iv, int enc);	/* init key */

-	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */

-	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */

-	int ctx_size;		/* how big ctx->cipher_data needs to be */

-	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */

-	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */

-	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */

-	void *app_data;		/* Application data */

-	} /* EVP_CIPHER */;

-/* Values for cipher flags */

-/* Modes for ciphers */

-#define		EVP_CIPH_STREAM_CIPHER		0x0

-#define		EVP_CIPH_ECB_MODE		0x1

-#define		EVP_CIPH_CBC_MODE		0x2

-#define		EVP_CIPH_CFB_MODE		0x3

-#define		EVP_CIPH_OFB_MODE		0x4

-#define 	EVP_CIPH_MODE			0x7

-/* Set if variable length cipher */

-#define 	EVP_CIPH_VARIABLE_LENGTH	0x8

-/* Set if the iv handling should be done by the cipher itself */

-#define 	EVP_CIPH_CUSTOM_IV		0x10

-/* Set if the cipher's init() function should be called if key is NULL */

-#define 	EVP_CIPH_ALWAYS_CALL_INIT	0x20

-/* Call ctrl() to init cipher parameters */

-#define 	EVP_CIPH_CTRL_INIT		0x40

-/* Don't use standard key length function */

-#define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80

-/* Don't use standard block padding */

-#define 	EVP_CIPH_NO_PADDING		0x100

-/* cipher handles random key generation */

-#define 	EVP_CIPH_RAND_KEY		0x200

-/* ctrl() values */

-#define		EVP_CTRL_INIT			0x0

-#define 	EVP_CTRL_SET_KEY_LENGTH		0x1

-#define 	EVP_CTRL_GET_RC2_KEY_BITS	0x2

-#define 	EVP_CTRL_SET_RC2_KEY_BITS	0x3

-#define 	EVP_CTRL_GET_RC5_ROUNDS		0x4

-#define 	EVP_CTRL_SET_RC5_ROUNDS		0x5

-#define 	EVP_CTRL_RAND_KEY		0x6

-typedef struct evp_cipher_info_st

-	{

-	const EVP_CIPHER *cipher;

-	unsigned char iv[EVP_MAX_IV_LENGTH];

-	} EVP_CIPHER_INFO;

-struct evp_cipher_ctx_st

-	{

-	const EVP_CIPHER *cipher;

-	ENGINE *engine;	/* functional reference if 'cipher' is ENGINE-provided */

-	int encrypt;		/* encrypt or decrypt */

-	int buf_len;		/* number we have left */

-	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */

-	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */

-	unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */

-	int num;				/* used by cfb/ofb mode */

-	void *app_data;		/* application stuff */

-	int key_len;		/* May change for variable length cipher */

-	unsigned long flags;	/* Various flags */

-	void *cipher_data; /* per EVP data */

-	int final_used;

-	int block_mask;

-	unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */

-	} /* EVP_CIPHER_CTX */;

-typedef struct evp_Encode_Ctx_st

-	{

-	int num;	/* number saved in a partial encode/decode */

-	int length;	/* The length is either the output line length

-			 * (in input bytes) or the shortest input line

-			 * length that is ok.  Once decoding begins,

-			 * the length is adjusted up each time a longer

-			 * line is decoded */

-	unsigned char enc_data[80];	/* data to encode */

-	int line_num;	/* number read on current line */

-	int expect_nl;

-	} EVP_ENCODE_CTX;

-/* Password based encryption function */

-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-		ASN1_TYPE *param, const EVP_CIPHER *cipher,

-                const EVP_MD *md, int en_de);

-#ifndef OPENSSL_NO_RSA

-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\

-					(char *)(rsa))

-#endif

-#ifndef OPENSSL_NO_DSA

-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\

-					(char *)(dsa))

-#endif

-#ifndef OPENSSL_NO_DH

-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\

-					(char *)(dh))

-#endif

-#ifndef OPENSSL_NO_EC

-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\

-                                        (char *)(eckey))

-#endif

-/* Add some extra combinations */

-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))

-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))

-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))

-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))

-int EVP_MD_type(const EVP_MD *md);

-#define EVP_MD_nid(e)			EVP_MD_type(e)

-#define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))

-int EVP_MD_pkey_type(const EVP_MD *md);

-int EVP_MD_size(const EVP_MD *md);

-int EVP_MD_block_size(const EVP_MD *md);

-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);

-#define EVP_MD_CTX_size(e)		EVP_MD_size(EVP_MD_CTX_md(e))

-#define EVP_MD_CTX_block_size(e)	EVP_MD_block_size(EVP_MD_CTX_md(e))

-#define EVP_MD_CTX_type(e)		EVP_MD_type(EVP_MD_CTX_md(e))

-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);

-#define EVP_CIPHER_name(e)		OBJ_nid2sn(EVP_CIPHER_nid(e))

-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);

-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);

-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);

-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);

-#define EVP_CIPHER_mode(e)		(EVP_CIPHER_flags(e) & EVP_CIPH_MODE)

-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);

-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);

-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);

-#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))

-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);

-#define EVP_CIPHER_CTX_mode(e)		(EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)

-#define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)

-#define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)

-#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)

-#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)

-#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)

-#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)

-#define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)

-#define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)

-#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)

-#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)

-#ifdef CONST_STRICT

-void BIO_set_md(BIO *,const EVP_MD *md);

-#else

-# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)

-#endif

-#define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)

-#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)

-#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)

-#define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)

-#define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)

-int EVP_Cipher(EVP_CIPHER_CTX *c,

-		unsigned char *out,

-		const unsigned char *in,

-		unsigned int inl);

-#define EVP_add_cipher_alias(n,alias) \

-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))

-#define EVP_add_digest_alias(n,alias) \

-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))

-#define EVP_delete_cipher_alias(alias) \

-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);

-#define EVP_delete_digest_alias(alias) \

-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);

-void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);

-int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);

-EVP_MD_CTX *EVP_MD_CTX_create(void);

-void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);

-int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);

-void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);

-void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);

-int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);

-int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);

-int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,

-			 size_t cnt);

-int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);

-int	EVP_Digest(const void *data, size_t count,

-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);

-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);

-int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);

-int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);

-int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);

-void	EVP_set_pw_prompt(const char *prompt);

-char *	EVP_get_pw_prompt(void);

-int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,

-		const unsigned char *salt, const unsigned char *data,

-		int datal, int count, unsigned char *key,unsigned char *iv);

-int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		int *outl, const unsigned char *in, int inl);

-int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

-int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

-int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		int *outl, const unsigned char *in, int inl);

-int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,

-		       const unsigned char *key,const unsigned char *iv,

-		       int enc);

-int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		       const unsigned char *key,const unsigned char *iv,

-		       int enc);

-int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		int *outl, const unsigned char *in, int inl);

-int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,

-		EVP_PKEY *pkey);

-int	EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,

-		unsigned int siglen,EVP_PKEY *pkey);

-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,

-		const unsigned char *ek, int ekl, const unsigned char *iv,

-		EVP_PKEY *priv);

-int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

-		 unsigned char **ek, int *ekl, unsigned char *iv,

-		EVP_PKEY **pubk, int npubk);

-int	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);

-void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);

-void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,

-		const unsigned char *in,int inl);

-void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);

-int	EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);

-void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);

-int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,

-		const unsigned char *in, int inl);

-int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned

-		char *out, int *outl);

-int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);

-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);

-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);

-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);

-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);

-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);

-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);

-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);

-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);

-#ifndef OPENSSL_NO_BIO

-BIO_METHOD *BIO_f_md(void);

-BIO_METHOD *BIO_f_base64(void);

-BIO_METHOD *BIO_f_cipher(void);

-BIO_METHOD *BIO_f_reliable(void);

-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,

-		const unsigned char *i, int enc);

-#endif

-const EVP_MD *EVP_md_null(void);

-#ifndef OPENSSL_NO_MD2

-const EVP_MD *EVP_md2(void);

-#endif

-#ifndef OPENSSL_NO_MD4

-const EVP_MD *EVP_md4(void);

-#endif

-#ifndef OPENSSL_NO_MD5

-const EVP_MD *EVP_md5(void);

-#endif

-#ifndef OPENSSL_NO_SHA

-const EVP_MD *EVP_sha(void);

-const EVP_MD *EVP_sha1(void);

-const EVP_MD *EVP_dss(void);

-const EVP_MD *EVP_dss1(void);

-const EVP_MD *EVP_ecdsa(void);

-#endif

-#ifndef OPENSSL_NO_SHA256

-const EVP_MD *EVP_sha224(void);

-const EVP_MD *EVP_sha256(void);

-#endif

-#ifndef OPENSSL_NO_SHA512

-const EVP_MD *EVP_sha384(void);

-const EVP_MD *EVP_sha512(void);

-#endif

-#ifndef OPENSSL_NO_MDC2

-const EVP_MD *EVP_mdc2(void);

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-const EVP_MD *EVP_ripemd160(void);

-#endif

-const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */

-#ifndef OPENSSL_NO_DES

-const EVP_CIPHER *EVP_des_ecb(void);

-const EVP_CIPHER *EVP_des_ede(void);

-const EVP_CIPHER *EVP_des_ede3(void);

-const EVP_CIPHER *EVP_des_ede_ecb(void);

-const EVP_CIPHER *EVP_des_ede3_ecb(void);

-const EVP_CIPHER *EVP_des_cfb64(void);

-# define EVP_des_cfb EVP_des_cfb64

-const EVP_CIPHER *EVP_des_cfb1(void);

-const EVP_CIPHER *EVP_des_cfb8(void);

-const EVP_CIPHER *EVP_des_ede_cfb64(void);

-# define EVP_des_ede_cfb EVP_des_ede_cfb64

-#if 0

-const EVP_CIPHER *EVP_des_ede_cfb1(void);

-const EVP_CIPHER *EVP_des_ede_cfb8(void);

-#endif

-const EVP_CIPHER *EVP_des_ede3_cfb64(void);

-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64

-const EVP_CIPHER *EVP_des_ede3_cfb1(void);

-const EVP_CIPHER *EVP_des_ede3_cfb8(void);

-const EVP_CIPHER *EVP_des_ofb(void);

-const EVP_CIPHER *EVP_des_ede_ofb(void);

-const EVP_CIPHER *EVP_des_ede3_ofb(void);

-const EVP_CIPHER *EVP_des_cbc(void);

-const EVP_CIPHER *EVP_des_ede_cbc(void);

-const EVP_CIPHER *EVP_des_ede3_cbc(void);

-const EVP_CIPHER *EVP_desx_cbc(void);

-/* This should now be supported through the dev_crypto ENGINE. But also, why are

- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */

-#if 0

-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO

-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);

-const EVP_CIPHER *EVP_dev_crypto_rc4(void);

-const EVP_MD *EVP_dev_crypto_md5(void);

-# endif

-#endif

-#endif

-#ifndef OPENSSL_NO_RC4

-const EVP_CIPHER *EVP_rc4(void);

-const EVP_CIPHER *EVP_rc4_40(void);

-#endif

-#ifndef OPENSSL_NO_IDEA

-const EVP_CIPHER *EVP_idea_ecb(void);

-const EVP_CIPHER *EVP_idea_cfb64(void);

-# define EVP_idea_cfb EVP_idea_cfb64

-const EVP_CIPHER *EVP_idea_ofb(void);

-const EVP_CIPHER *EVP_idea_cbc(void);

-#endif

-#ifndef OPENSSL_NO_RC2

-const EVP_CIPHER *EVP_rc2_ecb(void);

-const EVP_CIPHER *EVP_rc2_cbc(void);

-const EVP_CIPHER *EVP_rc2_40_cbc(void);

-const EVP_CIPHER *EVP_rc2_64_cbc(void);

-const EVP_CIPHER *EVP_rc2_cfb64(void);

-# define EVP_rc2_cfb EVP_rc2_cfb64

-const EVP_CIPHER *EVP_rc2_ofb(void);

-#endif

-#ifndef OPENSSL_NO_BF

-const EVP_CIPHER *EVP_bf_ecb(void);

-const EVP_CIPHER *EVP_bf_cbc(void);

-const EVP_CIPHER *EVP_bf_cfb64(void);

-# define EVP_bf_cfb EVP_bf_cfb64

-const EVP_CIPHER *EVP_bf_ofb(void);

-#endif

-#ifndef OPENSSL_NO_CAST

-const EVP_CIPHER *EVP_cast5_ecb(void);

-const EVP_CIPHER *EVP_cast5_cbc(void);

-const EVP_CIPHER *EVP_cast5_cfb64(void);

-# define EVP_cast5_cfb EVP_cast5_cfb64

-const EVP_CIPHER *EVP_cast5_ofb(void);

-#endif

-#ifndef OPENSSL_NO_RC5

-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);

-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);

-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);

-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64

-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);

-#endif

-#ifndef OPENSSL_NO_AES

-const EVP_CIPHER *EVP_aes_128_ecb(void);

-const EVP_CIPHER *EVP_aes_128_cbc(void);

-const EVP_CIPHER *EVP_aes_128_cfb1(void);

-const EVP_CIPHER *EVP_aes_128_cfb8(void);

-const EVP_CIPHER *EVP_aes_128_cfb128(void);

-# define EVP_aes_128_cfb EVP_aes_128_cfb128

-const EVP_CIPHER *EVP_aes_128_ofb(void);

-#if 0

-const EVP_CIPHER *EVP_aes_128_ctr(void);

-#endif

-const EVP_CIPHER *EVP_aes_192_ecb(void);

-const EVP_CIPHER *EVP_aes_192_cbc(void);

-const EVP_CIPHER *EVP_aes_192_cfb1(void);

-const EVP_CIPHER *EVP_aes_192_cfb8(void);

-const EVP_CIPHER *EVP_aes_192_cfb128(void);

-# define EVP_aes_192_cfb EVP_aes_192_cfb128

-const EVP_CIPHER *EVP_aes_192_ofb(void);

-#if 0

-const EVP_CIPHER *EVP_aes_192_ctr(void);

-#endif

-const EVP_CIPHER *EVP_aes_256_ecb(void);

-const EVP_CIPHER *EVP_aes_256_cbc(void);

-const EVP_CIPHER *EVP_aes_256_cfb1(void);

-const EVP_CIPHER *EVP_aes_256_cfb8(void);

-const EVP_CIPHER *EVP_aes_256_cfb128(void);

-# define EVP_aes_256_cfb EVP_aes_256_cfb128

-const EVP_CIPHER *EVP_aes_256_ofb(void);

-#if 0

-const EVP_CIPHER *EVP_aes_256_ctr(void);

-#endif

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-const EVP_CIPHER *EVP_camellia_128_ecb(void);

-const EVP_CIPHER *EVP_camellia_128_cbc(void);

-const EVP_CIPHER *EVP_camellia_128_cfb1(void);

-const EVP_CIPHER *EVP_camellia_128_cfb8(void);

-const EVP_CIPHER *EVP_camellia_128_cfb128(void);

-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128

-const EVP_CIPHER *EVP_camellia_128_ofb(void);

-const EVP_CIPHER *EVP_camellia_192_ecb(void);

-const EVP_CIPHER *EVP_camellia_192_cbc(void);

-const EVP_CIPHER *EVP_camellia_192_cfb1(void);

-const EVP_CIPHER *EVP_camellia_192_cfb8(void);

-const EVP_CIPHER *EVP_camellia_192_cfb128(void);

-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128

-const EVP_CIPHER *EVP_camellia_192_ofb(void);

-const EVP_CIPHER *EVP_camellia_256_ecb(void);

-const EVP_CIPHER *EVP_camellia_256_cbc(void);

-const EVP_CIPHER *EVP_camellia_256_cfb1(void);

-const EVP_CIPHER *EVP_camellia_256_cfb8(void);

-const EVP_CIPHER *EVP_camellia_256_cfb128(void);

-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128

-const EVP_CIPHER *EVP_camellia_256_ofb(void);

-#endif

-#ifndef OPENSSL_NO_SEED

-const EVP_CIPHER *EVP_seed_ecb(void);

-const EVP_CIPHER *EVP_seed_cbc(void);

-const EVP_CIPHER *EVP_seed_cfb128(void);

-# define EVP_seed_cfb EVP_seed_cfb128

-const EVP_CIPHER *EVP_seed_ofb(void);

-#endif

-void OPENSSL_add_all_algorithms_noconf(void);

-void OPENSSL_add_all_algorithms_conf(void);

-#ifdef OPENSSL_LOAD_CONF

-#define OpenSSL_add_all_algorithms() \

-		OPENSSL_add_all_algorithms_conf()

-#else

-#define OpenSSL_add_all_algorithms() \

-		OPENSSL_add_all_algorithms_noconf()

-#endif

-void OpenSSL_add_all_ciphers(void);

-void OpenSSL_add_all_digests(void);

-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()

-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()

-#define SSLeay_add_all_digests() OpenSSL_add_all_digests()

-int EVP_add_cipher(const EVP_CIPHER *cipher);

-int EVP_add_digest(const EVP_MD *digest);

-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);

-const EVP_MD *EVP_get_digestbyname(const char *name);

-void EVP_cleanup(void);

-int		EVP_PKEY_decrypt(unsigned char *dec_key,

-			const unsigned char *enc_key,int enc_key_len,

-			EVP_PKEY *private_key);

-int		EVP_PKEY_encrypt(unsigned char *enc_key,

-			const unsigned char *key,int key_len,

-			EVP_PKEY *pub_key);

-int		EVP_PKEY_type(int type);

-int		EVP_PKEY_bits(EVP_PKEY *pkey);

-int		EVP_PKEY_size(EVP_PKEY *pkey);

-int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);

-#ifndef OPENSSL_NO_RSA

-struct rsa_st;

-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);

-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_DSA

-struct dsa_st;

-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);

-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_DH

-struct dh_st;

-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);

-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_EC

-struct ec_key_st;

-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);

-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);

-#endif

-EVP_PKEY *	EVP_PKEY_new(void);

-void		EVP_PKEY_free(EVP_PKEY *pkey);

-EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,

-			long length);

-int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);

-EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,

-			long length);

-EVP_PKEY *	d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,

-			long length);

-int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);

-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);

-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);

-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);

-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);

-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);

-int EVP_CIPHER_type(const EVP_CIPHER *ctx);

-/* calls methods */

-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);

-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);

-/* These are used by EVP_CIPHER methods */

-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);

-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);

-/* PKCS5 password based encryption */

-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,

-			 int en_de);

-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,

-			   const unsigned char *salt, int saltlen, int iter,

-			   int keylen, unsigned char *out);

-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,

-			 int en_de);

-void PKCS5_PBE_add(void);

-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,

-	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);

-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,

-		    EVP_PBE_KEYGEN *keygen);

-void EVP_PBE_cleanup(void);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_EVP_strings(void);

-/* Error codes for the EVP functions. */

-/* Function codes. */

-#define EVP_F_AES_INIT_KEY				 133

-#define EVP_F_CAMELLIA_INIT_KEY				 159

-#define EVP_F_D2I_PKEY					 100

-#define EVP_F_DSAPKEY2PKCS8				 134

-#define EVP_F_DSA_PKEY2PKCS8				 135

-#define EVP_F_ECDSA_PKEY2PKCS8				 129

-#define EVP_F_ECKEY_PKEY2PKCS8				 132

-#define EVP_F_EVP_CIPHERINIT_EX				 123

-#define EVP_F_EVP_CIPHER_CTX_CTRL			 124

-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122

-#define EVP_F_EVP_DECRYPTFINAL_EX			 101

-#define EVP_F_EVP_DIGESTINIT_EX				 128

-#define EVP_F_EVP_ENCRYPTFINAL_EX			 127

-#define EVP_F_EVP_MD_CTX_COPY_EX			 110

-#define EVP_F_EVP_OPENINIT				 102

-#define EVP_F_EVP_PBE_ALG_ADD				 115

-#define EVP_F_EVP_PBE_CIPHERINIT			 116

-#define EVP_F_EVP_PKCS82PKEY				 111

-#define EVP_F_EVP_PKEY2PKCS8_BROKEN			 113

-#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103

-#define EVP_F_EVP_PKEY_DECRYPT				 104

-#define EVP_F_EVP_PKEY_ENCRYPT				 105

-#define EVP_F_EVP_PKEY_GET1_DH				 119

-#define EVP_F_EVP_PKEY_GET1_DSA				 120

-#define EVP_F_EVP_PKEY_GET1_ECDSA			 130

-#define EVP_F_EVP_PKEY_GET1_EC_KEY			 131

-#define EVP_F_EVP_PKEY_GET1_RSA				 121

-#define EVP_F_EVP_PKEY_NEW				 106

-#define EVP_F_EVP_RIJNDAEL				 126

-#define EVP_F_EVP_SIGNFINAL				 107

-#define EVP_F_EVP_VERIFYFINAL				 108

-#define EVP_F_PKCS5_PBE_KEYIVGEN			 117

-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118

-#define EVP_F_PKCS8_SET_BROKEN				 112

-#define EVP_F_RC2_MAGIC_TO_METH				 109

-#define EVP_F_RC5_CTRL					 125

-/* Reason codes. */

-#define EVP_R_AES_KEY_SETUP_FAILED			 143

-#define EVP_R_ASN1_LIB					 140

-#define EVP_R_BAD_BLOCK_LENGTH				 136

-#define EVP_R_BAD_DECRYPT				 100

-#define EVP_R_BAD_KEY_LENGTH				 137

-#define EVP_R_BN_DECODE_ERROR				 112

-#define EVP_R_BN_PUBKEY_ERROR				 113

-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED			 157

-#define EVP_R_CIPHER_PARAMETER_ERROR			 122

-#define EVP_R_CTRL_NOT_IMPLEMENTED			 132

-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED		 133

-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138

-#define EVP_R_DECODE_ERROR				 114

-#define EVP_R_DIFFERENT_KEY_TYPES			 101

-#define EVP_R_ENCODE_ERROR				 115

-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119

-#define EVP_R_EXPECTING_AN_RSA_KEY			 127

-#define EVP_R_EXPECTING_A_DH_KEY			 128

-#define EVP_R_EXPECTING_A_DSA_KEY			 129

-#define EVP_R_EXPECTING_A_ECDSA_KEY			 141

-#define EVP_R_EXPECTING_A_EC_KEY			 142

-#define EVP_R_INITIALIZATION_ERROR			 134

-#define EVP_R_INPUT_NOT_INITIALIZED			 111

-#define EVP_R_INVALID_KEY_LENGTH			 130

-#define EVP_R_IV_TOO_LARGE				 102

-#define EVP_R_KEYGEN_FAILURE				 120

-#define EVP_R_MISSING_PARAMETERS			 103

-#define EVP_R_NO_CIPHER_SET				 131

-#define EVP_R_NO_DIGEST_SET				 139

-#define EVP_R_NO_DSA_PARAMETERS				 116

-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104

-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105

-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117

-#define EVP_R_PUBLIC_KEY_NOT_RSA			 106

-#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121

-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135

-#define EVP_R_UNSUPPORTED_CIPHER			 107

-#define EVP_R_UNSUPPORTED_KEYLENGTH			 123

-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124

-#define EVP_R_UNSUPPORTED_KEY_SIZE			 108

-#define EVP_R_UNSUPPORTED_PRF				 125

-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118

-#define EVP_R_UNSUPPORTED_SALT_TYPE			 126

-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109

-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110

-#define EVP_R_SEED_KEY_SETUP_FAILED			 162

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/hmac.h

+++ /dev/null

@@ -1,108 +1,0 @@

-/* crypto/hmac/hmac.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_HMAC_H

-#define HEADER_HMAC_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_HMAC

-#error HMAC is disabled.

-#endif

-#include <openssl/evp.h>

-#define HMAC_MAX_MD_CBLOCK	128	/* largest known is SHA512 */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct hmac_ctx_st

-	{

-	const EVP_MD *md;

-	EVP_MD_CTX md_ctx;

-	EVP_MD_CTX i_ctx;

-	EVP_MD_CTX o_ctx;

-	unsigned int key_length;

-	unsigned char key[HMAC_MAX_MD_CBLOCK];

-	} HMAC_CTX;

-#define HMAC_size(e)	(EVP_MD_size((e)->md))

-void HMAC_CTX_init(HMAC_CTX *ctx);

-void HMAC_CTX_cleanup(HMAC_CTX *ctx);

-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */

-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,

-	       const EVP_MD *md); /* deprecated */

-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,

-		  const EVP_MD *md, ENGINE *impl);

-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);

-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,

-		    const unsigned char *d, size_t n, unsigned char *md,

-		    unsigned int *md_len);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/hw_cluster_labs_err.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_CL_ERR_H

-#define HEADER_CL_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_CL_strings(void);

-static void ERR_unload_CL_strings(void);

-static void ERR_CL_error(int function, int reason, char *file, int line);

-#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the CL functions. */

-/* Function codes. */

-#define CL_F_CLUSTER_LABS_CTRL				 100

-#define CL_F_CLUSTER_LABS_DSA_SIGN			 101

-#define CL_F_CLUSTER_LABS_DSA_VERIFY			 102

-#define CL_F_CLUSTER_LABS_FINISH			 103

-#define CL_F_CLUSTER_LABS_INIT				 104

-#define CL_F_CLUSTER_LABS_MOD_EXP			 105

-#define CL_F_CLUSTER_LABS_MOD_EXP_CRT			 106

-#define CL_F_CLUSTER_LABS_RAND_BYTES			 107

-#define CL_F_CLUSTER_LABS_RSA_MOD_EXP			 108

-#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC			 109

-#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC			 110

-#define CL_F_CLUSTER_LABS_RSA_PUB_DEC			 111

-#define CL_F_CLUSTER_LABS_RSA_PUB_ENC			 112

-/* Reason codes. */

-#define CL_R_ALREADY_LOADED				 100

-#define CL_R_COMMAND_NOT_IMPLEMENTED			 101

-#define CL_R_DSO_FAILURE				 102

-#define CL_R_FUNCTION_NOT_BINDED			 103

-#define CL_R_INIT_FAILED				 104

-#define CL_R_NOT_LOADED					 105

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/hw_ibmca_err.h

+++ /dev/null

@@ -1,98 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_IBMCA_ERR_H

-#define HEADER_IBMCA_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_IBMCA_strings(void);

-static void ERR_unload_IBMCA_strings(void);

-static void ERR_IBMCA_error(int function, int reason, char *file, int line);

-#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the IBMCA functions. */

-/* Function codes. */

-#define IBMCA_F_IBMCA_CTRL				 100

-#define IBMCA_F_IBMCA_FINISH				 101

-#define IBMCA_F_IBMCA_INIT				 102

-#define IBMCA_F_IBMCA_MOD_EXP				 103

-#define IBMCA_F_IBMCA_MOD_EXP_CRT			 104

-#define IBMCA_F_IBMCA_RAND_BYTES			 105

-#define IBMCA_F_IBMCA_RSA_MOD_EXP			 106

-/* Reason codes. */

-#define IBMCA_R_ALREADY_LOADED				 100

-#define IBMCA_R_BN_CTX_FULL				 101

-#define IBMCA_R_BN_EXPAND_FAIL				 102

-#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define IBMCA_R_DSO_FAILURE				 104

-#define IBMCA_R_MEXP_LENGTH_TO_LARGE			 105

-#define IBMCA_R_MISSING_KEY_COMPONENTS			 106

-#define IBMCA_R_NOT_INITIALISED				 107

-#define IBMCA_R_NOT_LOADED				 108

-#define IBMCA_R_OPERANDS_TO_LARGE			 109

-#define IBMCA_R_OUTLEN_TO_LARGE				 110

-#define IBMCA_R_REQUEST_FAILED				 111

-#define IBMCA_R_UNDERFLOW_CONDITION			 112

-#define IBMCA_R_UNDERFLOW_KEYRECORD			 113

-#define IBMCA_R_UNIT_FAILURE				 114

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/hw_ubsec.h

+++ /dev/null

@@ -1,100 +1,0 @@

-/******************************************************************************

- *

- *  Copyright 2000

- *  Broadcom Corporation

- *  16215 Alton Parkway

- *  PO Box 57013

- *  Irvine CA 92619-7013

- *

- *****************************************************************************/

-/*

- * Broadcom Corporation uBSec SDK

- */

-/*

- * Character device header file.

- */

-/*

- * Revision History:

- *

- * October 2000 JTT Created.

- */

-#define MAX_PUBLIC_KEY_BITS (1024)

-#define MAX_PUBLIC_KEY_BYTES (1024/8)

-#define SHA_BIT_SIZE  (160)

-#define MAX_CRYPTO_KEY_LENGTH 24

-#define MAX_MAC_KEY_LENGTH 64

-#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")

-#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")

-/* Math command types. */

-#define UBSEC_MATH_MODADD 0x0001

-#define UBSEC_MATH_MODSUB 0x0002

-#define UBSEC_MATH_MODMUL 0x0004

-#define UBSEC_MATH_MODEXP 0x0008

-#define UBSEC_MATH_MODREM 0x0010

-#define UBSEC_MATH_MODINV 0x0020

-typedef long ubsec_MathCommand_t;

-typedef long ubsec_RNGCommand_t;

-typedef struct ubsec_crypto_context_s {

-	unsigned int	flags;

-	unsigned char	crypto[MAX_CRYPTO_KEY_LENGTH];

-	unsigned char 	auth[MAX_MAC_KEY_LENGTH];

-} ubsec_crypto_context_t, *ubsec_crypto_context_p;

-/*

- * Predeclare the function pointer types that we dynamically load from the DSO.

- */

-typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);

-typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);

-typedef int t_UBSEC_ubsec_open(unsigned char *device);

-typedef int t_UBSEC_ubsec_close(int fd);

-typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,

-	unsigned char *x, int *x_len, unsigned char *y, int *y_len,

-	unsigned char *g, int g_len, unsigned char *m, int m_len,

-	unsigned char *userX, int userX_len, int random_bits);

-typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,

-	unsigned char *x, int x_len, unsigned char *y, int y_len,

-	unsigned char *m, int m_len, unsigned char *k, int *k_len);

-typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,

-	unsigned char *x, int x_len, unsigned char *m, int m_len,

-	unsigned char *e, int e_len, unsigned char *y, int *y_len);

-typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,

-	unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,

-	unsigned char *edq, int edq_len, unsigned char *q, int q_len,

-	unsigned char *edp, int edp_len, unsigned char *p, int p_len,

-	unsigned char *y, int *y_len);

-typedef int t_UBSEC_dsa_sign_ioctl (int fd,

-	int hash, unsigned char *data, int data_len,

-	unsigned char *rndom, int random_len,

-	unsigned char *p, int p_len, unsigned char *q, int q_len,

-	unsigned char *g, int g_len, unsigned char *key, int key_len,

-	unsigned char *r, int *r_len, unsigned char *s, int *s_len);

-typedef int t_UBSEC_dsa_verify_ioctl (int fd,

-	int hash, unsigned char *data, int data_len,

-	unsigned char *p, int p_len, unsigned char *q, int q_len,

-	unsigned char *g, int g_len, unsigned char *key, int key_len,

-	unsigned char *r, int r_len, unsigned char *s, int s_len,

-	unsigned char *v, int *v_len);

-typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,

-	unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,

-	unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,

-	unsigned char *Result, int *Result_len);

-typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,

-	unsigned char *Result, int *Result_len);

-typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);

--- a/sys/include/ape/openssl/hw_zencod_err.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ZENCOD_ERR_H

-#define HEADER_ZENCOD_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_ZENCOD_strings(void);

-static void ERR_unload_ZENCOD_strings(void);

-static void ERR_ZENCOD_error(int function, int reason, char *file, int line);

-#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the ZENCOD functions. */

-/* Function codes. */

-#define ZENCOD_F_ZENCOD_BN_MOD_EXP			 100

-#define ZENCOD_F_ZENCOD_CTRL				 101

-#define ZENCOD_F_ZENCOD_DH_COMPUTE			 102

-#define ZENCOD_F_ZENCOD_DH_GENERATE			 103

-#define ZENCOD_F_ZENCOD_DSA_DO_SIGN			 104

-#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY			 105

-#define ZENCOD_F_ZENCOD_FINISH				 106

-#define ZENCOD_F_ZENCOD_INIT				 107

-#define ZENCOD_F_ZENCOD_RAND				 108

-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP			 109

-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT			 110

-/* Reason codes. */

-#define ZENCOD_R_ALREADY_LOADED				 100

-#define ZENCOD_R_BAD_KEY_COMPONENTS			 101

-#define ZENCOD_R_BN_EXPAND_FAIL				 102

-#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define ZENCOD_R_DSO_FAILURE				 104

-#define ZENCOD_R_NOT_LOADED				 105

-#define ZENCOD_R_REQUEST_FAILED				 106

-#define ZENCOD_R_UNIT_FAILURE				 107

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/idea.h

+++ /dev/null

@@ -1,100 +1,0 @@

-/* crypto/idea/idea.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_IDEA_H

-#define HEADER_IDEA_H

-#include <openssl/opensslconf.h> /* IDEA_INT, OPENSSL_NO_IDEA */

-#ifdef OPENSSL_NO_IDEA

-#error IDEA is disabled.

-#endif

-#define IDEA_ENCRYPT	1

-#define IDEA_DECRYPT	0

-#define IDEA_BLOCK	8

-#define IDEA_KEY_LENGTH	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct idea_key_st

-	{

-	IDEA_INT data[9][6];

-	} IDEA_KEY_SCHEDULE;

-const char *idea_options(void);

-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	IDEA_KEY_SCHEDULE *ks);

-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);

-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);

-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);

-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,

-	int *num,int enc);

-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);

-void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/krb5_asn.h

+++ /dev/null

@@ -1,256 +1,0 @@

-/* krb5_asn.h */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project,

-** using ocsp/{*.h,*asn*.c} as a starting point

-*/

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_KRB5_ASN_H

-#define HEADER_KRB5_ASN_H

-/*

-#include <krb5.h>

-*/

-#include <openssl/safestack.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*	ASN.1 from Kerberos RFC 1510

-*/

-/*	EncryptedData ::=   SEQUENCE {

-**		etype[0]                      INTEGER, -- EncryptionType

-**		kvno[1]                       INTEGER OPTIONAL,

-**		cipher[2]                     OCTET STRING -- ciphertext

-**	}

-*/

-typedef	struct	krb5_encdata_st

-	{

-	ASN1_INTEGER			*etype;

-	ASN1_INTEGER			*kvno;

-	ASN1_OCTET_STRING		*cipher;

-	}	KRB5_ENCDATA;

-DECLARE_STACK_OF(KRB5_ENCDATA)

-/*	PrincipalName ::=   SEQUENCE {

-**		name-type[0]                  INTEGER,

-**		name-string[1]                SEQUENCE OF GeneralString

-**	}

-*/

-typedef	struct	krb5_princname_st

-	{

-	ASN1_INTEGER			*nametype;

-	STACK_OF(ASN1_GENERALSTRING)	*namestring;

-	}	KRB5_PRINCNAME;

-DECLARE_STACK_OF(KRB5_PRINCNAME)

-/*	Ticket ::=	[APPLICATION 1] SEQUENCE {

-**		tkt-vno[0]                    INTEGER,

-**		realm[1]                      Realm,

-**		sname[2]                      PrincipalName,

-**		enc-part[3]                   EncryptedData

-**	}

-*/

-typedef	struct	krb5_tktbody_st

-	{

-	ASN1_INTEGER			*tktvno;

-	ASN1_GENERALSTRING		*realm;

-	KRB5_PRINCNAME			*sname;

-	KRB5_ENCDATA			*encdata;

-	}	KRB5_TKTBODY;

-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;

-DECLARE_STACK_OF(KRB5_TKTBODY)

-/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {

-**		pvno[0]                       INTEGER,

-**		msg-type[1]                   INTEGER,

-**		ap-options[2]                 APOptions,

-**		ticket[3]                     Ticket,

-**		authenticator[4]              EncryptedData

-**	}

-**

-**	APOptions ::=   BIT STRING {

-**		reserved(0), use-session-key(1), mutual-required(2) }

-*/

-typedef	struct	krb5_ap_req_st

-	{

-	ASN1_INTEGER			*pvno;

-	ASN1_INTEGER			*msgtype;

-	ASN1_BIT_STRING			*apoptions;

-	KRB5_TICKET			*ticket;

-	KRB5_ENCDATA			*authenticator;

-	}	KRB5_APREQBODY;

-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;

-DECLARE_STACK_OF(KRB5_APREQBODY)

-/*	Authenticator Stuff	*/

-/*	Checksum ::=   SEQUENCE {

-**		cksumtype[0]                  INTEGER,

-**		checksum[1]                   OCTET STRING

-**	}

-*/

-typedef	struct	krb5_checksum_st

-	{

-	ASN1_INTEGER			*ctype;

-	ASN1_OCTET_STRING		*checksum;

-	}	KRB5_CHECKSUM;

-DECLARE_STACK_OF(KRB5_CHECKSUM)

-/*	EncryptionKey ::=   SEQUENCE {

-**		keytype[0]                    INTEGER,

-**		keyvalue[1]                   OCTET STRING

-**	}

-*/

-typedef struct  krb5_encryptionkey_st

-	{

-	ASN1_INTEGER			*ktype;

-	ASN1_OCTET_STRING		*keyvalue;

-	}	KRB5_ENCKEY;

-DECLARE_STACK_OF(KRB5_ENCKEY)

-/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {

-**		ad-type[0]                    INTEGER,

-**              ad-data[1]                    OCTET STRING

-**	}

-*/

-typedef struct	krb5_authorization_st

-	{

-	ASN1_INTEGER			*adtype;

-	ASN1_OCTET_STRING		*addata;

-	}	KRB5_AUTHDATA;

-DECLARE_STACK_OF(KRB5_AUTHDATA)

-/*	-- Unencrypted authenticator

-**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {

-**		authenticator-vno[0]          INTEGER,

-**		crealm[1]                     Realm,

-**		cname[2]                      PrincipalName,

-**		cksum[3]                      Checksum OPTIONAL,

-**		cusec[4]                      INTEGER,

-**		ctime[5]                      KerberosTime,

-**		subkey[6]                     EncryptionKey OPTIONAL,

-**		seq-number[7]                 INTEGER OPTIONAL,

-**		authorization-data[8]         AuthorizationData OPTIONAL

-**	}

-*/

-typedef struct	krb5_authenticator_st

-	{

-	ASN1_INTEGER			*avno;

-	ASN1_GENERALSTRING		*crealm;

-	KRB5_PRINCNAME			*cname;

-	KRB5_CHECKSUM			*cksum;

-	ASN1_INTEGER			*cusec;

-	ASN1_GENERALIZEDTIME		*ctime;

-	KRB5_ENCKEY			*subkey;

-	ASN1_INTEGER			*seqnum;

-	KRB5_AUTHDATA			*authorization;

-	}	KRB5_AUTHENTBODY;

-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;

-DECLARE_STACK_OF(KRB5_AUTHENTBODY)

-/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =

-**	type *name##_new(void);

-**	void name##_free(type *a);

-**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =

-**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =

-**	  type *d2i_##name(type **a, const unsigned char **in, long len);

-**	  int i2d_##name(type *a, unsigned char **out);

-**	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it

-*/

-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)

-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)

-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)

-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)

-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)

-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)

-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)

-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)

-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)

-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)

-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/kssl.h

+++ /dev/null

@@ -1,179 +1,0 @@

-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project 2000.

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

-**	19990701	VRS 	Started.

-*/

-#ifndef	KSSL_H

-#define	KSSL_H

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_KRB5

-#include <stdio.h>

-#include <ctype.h>

-#include <krb5.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*

-**	Depending on which KRB5 implementation used, some types from

-**	the other may be missing.  Resolve that here and now

-*/

-#ifdef KRB5_HEIMDAL

-typedef unsigned char krb5_octet;

-#define FAR

-#else

-#ifndef FAR

-#define FAR

-#endif

-#endif

-/*	Uncomment this to debug kssl problems or

-**	to trace usage of the Kerberos session key

-**

-**	#define		KSSL_DEBUG

-*/

-#ifndef	KRB5SVC

-#define KRB5SVC	"host"

-#endif

-#ifndef	KRB5KEYTAB

-#define KRB5KEYTAB	"/etc/krb5.keytab"

-#endif

-#ifndef KRB5SENDAUTH

-#define KRB5SENDAUTH	1

-#endif

-#ifndef KRB5CHECKAUTH

-#define KRB5CHECKAUTH	1

-#endif

-#ifndef KSSL_CLOCKSKEW

-#define	KSSL_CLOCKSKEW	300;

-#endif

-#define	KSSL_ERR_MAX	255

-typedef struct kssl_err_st  {

-	int  reason;

-	char text[KSSL_ERR_MAX+1];

-	} KSSL_ERR;

-/*	Context for passing

-**		(1) Kerberos session key to SSL, and

-**		(2)	Config data between application and SSL lib

-*/

-typedef struct kssl_ctx_st

-        {

-                                /*	used by:    disposition:            */

-	char *service_name;	/*	C,S	    default ok (kssl)       */

-	char *service_host;	/*	C	    input, REQUIRED         */

-	char *client_princ;	/*	S	    output from krb5 ticket */

-	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */

-	char *cred_cache;	/*	C	    NULL (default)          */

-	krb5_enctype enctype;

-	int length;

-	krb5_octet FAR *key;

-	} KSSL_CTX;

-#define	KSSL_CLIENT 	1

-#define KSSL_SERVER 	2

-#define	KSSL_SERVICE	3

-#define	KSSL_KEYTAB 	4

-#define KSSL_CTX_OK 	0

-#define KSSL_CTX_ERR	1

-#define KSSL_NOMEM	2

-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */

-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);

-KSSL_CTX *kssl_ctx_new(void);

-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);

-void kssl_ctx_show(KSSL_CTX *kssl_ctx);

-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,

-        krb5_data *realm, krb5_data *entity, int nentities);

-krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,

-        krb5_data *authenp, KSSL_ERR *kssl_err);

-krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,

-        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);

-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);

-void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);

-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);

-krb5_error_code  kssl_build_principal_2(krb5_context context,

-			krb5_principal *princ, int rlen, const char *realm,

-			int slen, const char *svc, int hlen, const char *host);

-krb5_error_code  kssl_validate_times(krb5_timestamp atime,

-					krb5_ticket_times *ttimes);

-krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,

-			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);

-unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);

-#ifdef  __cplusplus

-}

-#endif

-#endif	/* OPENSSL_NO_KRB5	*/

-#endif	/* KSSL_H 	*/

--- a/sys/include/ape/openssl/lhash.h

+++ /dev/null

@@ -1,200 +1,0 @@

-/* crypto/lhash/lhash.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Header for dynamic hash table routines

- * Author - Eric Young

- */

-#ifndef HEADER_LHASH_H

-#define HEADER_LHASH_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h>

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct lhash_node_st

-	{

-	void *data;

-	struct lhash_node_st *next;

-#ifndef OPENSSL_NO_HASH_COMP

-	unsigned long hash;

-#endif

-	} LHASH_NODE;

-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);

-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);

-typedef void (*LHASH_DOALL_FN_TYPE)(void *);

-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);

-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.

- * This way, callbacks can be provided to LHASH structures without function

- * pointer casting and the macro-defined callbacks provide per-variable casting

- * before deferring to the underlying type-specific callbacks. NB: It is

- * possible to place a "static" in front of both the DECLARE and IMPLEMENT

- * macros if the functions are strictly internal. */

-/* First: "hash" functions */

-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \

-	unsigned long f_name##_LHASH_HASH(const void *);

-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \

-	unsigned long f_name##_LHASH_HASH(const void *arg) { \

-		o_type a = (o_type)arg; \

-		return f_name(a); }

-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH

-/* Second: "compare" functions */

-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \

-	int f_name##_LHASH_COMP(const void *, const void *);

-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \

-	int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \

-		o_type a = (o_type)arg1; \

-		o_type b = (o_type)arg2; \

-		return f_name(a,b); }

-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP

-/* Third: "doall" functions */

-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \

-	void f_name##_LHASH_DOALL(void *);

-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \

-	void f_name##_LHASH_DOALL(void *arg) { \

-		o_type a = (o_type)arg; \

-		f_name(a); }

-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL

-/* Fourth: "doall_arg" functions */

-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \

-	void f_name##_LHASH_DOALL_ARG(void *, void *);

-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \

-	void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \

-		o_type a = (o_type)arg1; \

-		a_type b = (a_type)arg2; \

-		f_name(a,b); }

-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG

-typedef struct lhash_st

-	{

-	LHASH_NODE **b;

-	LHASH_COMP_FN_TYPE comp;

-	LHASH_HASH_FN_TYPE hash;

-	unsigned int num_nodes;

-	unsigned int num_alloc_nodes;

-	unsigned int p;

-	unsigned int pmax;

-	unsigned long up_load; /* load times 256 */

-	unsigned long down_load; /* load times 256 */

-	unsigned long num_items;

-	unsigned long num_expands;

-	unsigned long num_expand_reallocs;

-	unsigned long num_contracts;

-	unsigned long num_contract_reallocs;

-	unsigned long num_hash_calls;

-	unsigned long num_comp_calls;

-	unsigned long num_insert;

-	unsigned long num_replace;

-	unsigned long num_delete;

-	unsigned long num_no_delete;

-	unsigned long num_retrieve;

-	unsigned long num_retrieve_miss;

-	unsigned long num_hash_comps;

-	int error;

-	} LHASH;

-#define LH_LOAD_MULT	256

-/* Indicates a malloc() error in the last call, this is only bad

- * in lh_insert(). */

-#define lh_error(lh)	((lh)->error)

-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);

-void lh_free(LHASH *lh);

-void *lh_insert(LHASH *lh, void *data);

-void *lh_delete(LHASH *lh, const void *data);

-void *lh_retrieve(LHASH *lh, const void *data);

-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);

-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);

-unsigned long lh_strhash(const char *c);

-unsigned long lh_num_items(const LHASH *lh);

-#ifndef OPENSSL_NO_FP_API

-void lh_stats(const LHASH *lh, FILE *out);

-void lh_node_stats(const LHASH *lh, FILE *out);

-void lh_node_usage_stats(const LHASH *lh, FILE *out);

-#endif

-#ifndef OPENSSL_NO_BIO

-void lh_stats_bio(const LHASH *lh, BIO *out);

-void lh_node_stats_bio(const LHASH *lh, BIO *out);

-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/md2.h

+++ /dev/null

@@ -1,92 +1,0 @@

-/* crypto/md/md2.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MD2_H

-#define HEADER_MD2_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */

-#ifdef OPENSSL_NO_MD2

-#error MD2 is disabled.

-#endif

-#include <stddef.h>

-#define MD2_DIGEST_LENGTH	16

-#define MD2_BLOCK       	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct MD2state_st

-	{

-	unsigned int num;

-	unsigned char data[MD2_BLOCK];

-	MD2_INT cksm[MD2_BLOCK];

-	MD2_INT state[MD2_BLOCK];

-	} MD2_CTX;

-const char *MD2_options(void);

-int MD2_Init(MD2_CTX *c);

-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);

-int MD2_Final(unsigned char *md, MD2_CTX *c);

-unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/md4.h

+++ /dev/null

@@ -1,117 +1,0 @@

-/* crypto/md4/md4.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MD4_H

-#define HEADER_MD4_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_MD4

-#error MD4 is disabled.

-#endif

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! MD4_LONG_LOG2 has to be defined along.			   !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define MD4_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define MD4_LONG unsigned long

-#define MD4_LONG_LOG2 3

-/*

- * _CRAY note. I could declare short, but I have no idea what impact

- * does it have on performance on none-T3E machines. I could declare

- * int, but at least on C90 sizeof(int) can be chosen at compile time.

- * So I've chosen long...

- *					<[email protected]>

- */

-#else

-#define MD4_LONG unsigned int

-#endif

-#define MD4_CBLOCK	64

-#define MD4_LBLOCK	(MD4_CBLOCK/4)

-#define MD4_DIGEST_LENGTH 16

-typedef struct MD4state_st

-	{

-	MD4_LONG A,B,C,D;

-	MD4_LONG Nl,Nh;

-	MD4_LONG data[MD4_LBLOCK];

-	unsigned int num;

-	} MD4_CTX;

-int MD4_Init(MD4_CTX *c);

-int MD4_Update(MD4_CTX *c, const void *data, size_t len);

-int MD4_Final(unsigned char *md, MD4_CTX *c);

-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);

-void MD4_Transform(MD4_CTX *c, const unsigned char *b);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/md5.h

+++ /dev/null

@@ -1,117 +1,0 @@

-/* crypto/md5/md5.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MD5_H

-#define HEADER_MD5_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_MD5

-#error MD5 is disabled.

-#endif

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! MD5_LONG_LOG2 has to be defined along.			   !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define MD5_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define MD5_LONG unsigned long

-#define MD5_LONG_LOG2 3

-/*

- * _CRAY note. I could declare short, but I have no idea what impact

- * does it have on performance on none-T3E machines. I could declare

- * int, but at least on C90 sizeof(int) can be chosen at compile time.

- * So I've chosen long...

- *					<[email protected]>

- */

-#else

-#define MD5_LONG unsigned int

-#endif

-#define MD5_CBLOCK	64

-#define MD5_LBLOCK	(MD5_CBLOCK/4)

-#define MD5_DIGEST_LENGTH 16

-typedef struct MD5state_st

-	{

-	MD5_LONG A,B,C,D;

-	MD5_LONG Nl,Nh;

-	MD5_LONG data[MD5_LBLOCK];

-	unsigned int num;

-	} MD5_CTX;

-int MD5_Init(MD5_CTX *c);

-int MD5_Update(MD5_CTX *c, const void *data, size_t len);

-int MD5_Final(unsigned char *md, MD5_CTX *c);

-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);

-void MD5_Transform(MD5_CTX *c, const unsigned char *b);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/mdc2.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/mdc2/mdc2.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MDC2_H

-#define HEADER_MDC2_H

-#include <openssl/des.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_MDC2

-#error MDC2 is disabled.

-#endif

-#define MDC2_BLOCK              8

-#define MDC2_DIGEST_LENGTH      16

-typedef struct mdc2_ctx_st

-	{

-	unsigned int num;

-	unsigned char data[MDC2_BLOCK];

-	DES_cblock h,hh;

-	int pad_type; /* either 1 or 2, default 1 */

-	} MDC2_CTX;

-int MDC2_Init(MDC2_CTX *c);

-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);

-int MDC2_Final(unsigned char *md, MDC2_CTX *c);

-unsigned char *MDC2(const unsigned char *d, size_t n,

-	unsigned char *md);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/obj_mac.h

+++ /dev/null

@@ -1,3433 +1,0 @@

-/* crypto/objects/obj_mac.h */

-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the

- * following command:

- * perl objects.pl objects.txt obj_mac.num obj_mac.h

- */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define SN_undef			"UNDEF"

-#define LN_undef			"undefined"

-#define NID_undef			0

-#define OBJ_undef			0L

-#define SN_itu_t		"ITU-T"

-#define LN_itu_t		"itu-t"

-#define NID_itu_t		645

-#define OBJ_itu_t		0L

-#define NID_ccitt		404

-#define OBJ_ccitt		OBJ_itu_t

-#define SN_iso		"ISO"

-#define LN_iso		"iso"

-#define NID_iso		181

-#define OBJ_iso		1L

-#define SN_joint_iso_itu_t		"JOINT-ISO-ITU-T"

-#define LN_joint_iso_itu_t		"joint-iso-itu-t"

-#define NID_joint_iso_itu_t		646

-#define OBJ_joint_iso_itu_t		2L

-#define NID_joint_iso_ccitt		393

-#define OBJ_joint_iso_ccitt		OBJ_joint_iso_itu_t

-#define SN_member_body		"member-body"

-#define LN_member_body		"ISO Member Body"

-#define NID_member_body		182

-#define OBJ_member_body		OBJ_iso,2L

-#define SN_identified_organization		"identified-organization"

-#define NID_identified_organization		676

-#define OBJ_identified_organization		OBJ_iso,3L

-#define SN_certicom_arc		"certicom-arc"

-#define NID_certicom_arc		677

-#define OBJ_certicom_arc		OBJ_identified_organization,132L

-#define SN_international_organizations		"international-organizations"

-#define LN_international_organizations		"International Organizations"

-#define NID_international_organizations		647

-#define OBJ_international_organizations		OBJ_joint_iso_itu_t,23L

-#define SN_wap		"wap"

-#define NID_wap		678

-#define OBJ_wap		OBJ_international_organizations,43L

-#define SN_wap_wsg		"wap-wsg"

-#define NID_wap_wsg		679

-#define OBJ_wap_wsg		OBJ_wap,13L

-#define SN_selected_attribute_types		"selected-attribute-types"

-#define LN_selected_attribute_types		"Selected Attribute Types"

-#define NID_selected_attribute_types		394

-#define OBJ_selected_attribute_types		OBJ_joint_iso_itu_t,5L,1L,5L

-#define SN_clearance		"clearance"

-#define NID_clearance		395

-#define OBJ_clearance		OBJ_selected_attribute_types,55L

-#define SN_ISO_US		"ISO-US"

-#define LN_ISO_US		"ISO US Member Body"

-#define NID_ISO_US		183

-#define OBJ_ISO_US		OBJ_member_body,840L

-#define SN_X9_57		"X9-57"

-#define LN_X9_57		"X9.57"

-#define NID_X9_57		184

-#define OBJ_X9_57		OBJ_ISO_US,10040L

-#define SN_X9cm		"X9cm"

-#define LN_X9cm		"X9.57 CM ?"

-#define NID_X9cm		185

-#define OBJ_X9cm		OBJ_X9_57,4L

-#define SN_dsa		"DSA"

-#define LN_dsa		"dsaEncryption"

-#define NID_dsa		116

-#define OBJ_dsa		OBJ_X9cm,1L

-#define SN_dsaWithSHA1		"DSA-SHA1"

-#define LN_dsaWithSHA1		"dsaWithSHA1"

-#define NID_dsaWithSHA1		113

-#define OBJ_dsaWithSHA1		OBJ_X9cm,3L

-#define SN_ansi_X9_62		"ansi-X9-62"

-#define LN_ansi_X9_62		"ANSI X9.62"

-#define NID_ansi_X9_62		405

-#define OBJ_ansi_X9_62		OBJ_ISO_US,10045L

-#define OBJ_X9_62_id_fieldType		OBJ_ansi_X9_62,1L

-#define SN_X9_62_prime_field		"prime-field"

-#define NID_X9_62_prime_field		406

-#define OBJ_X9_62_prime_field		OBJ_X9_62_id_fieldType,1L

-#define SN_X9_62_characteristic_two_field		"characteristic-two-field"

-#define NID_X9_62_characteristic_two_field		407

-#define OBJ_X9_62_characteristic_two_field		OBJ_X9_62_id_fieldType,2L

-#define SN_X9_62_id_characteristic_two_basis		"id-characteristic-two-basis"

-#define NID_X9_62_id_characteristic_two_basis		680

-#define OBJ_X9_62_id_characteristic_two_basis		OBJ_X9_62_characteristic_two_field,3L

-#define SN_X9_62_onBasis		"onBasis"

-#define NID_X9_62_onBasis		681

-#define OBJ_X9_62_onBasis		OBJ_X9_62_id_characteristic_two_basis,1L

-#define SN_X9_62_tpBasis		"tpBasis"

-#define NID_X9_62_tpBasis		682

-#define OBJ_X9_62_tpBasis		OBJ_X9_62_id_characteristic_two_basis,2L

-#define SN_X9_62_ppBasis		"ppBasis"

-#define NID_X9_62_ppBasis		683

-#define OBJ_X9_62_ppBasis		OBJ_X9_62_id_characteristic_two_basis,3L

-#define OBJ_X9_62_id_publicKeyType		OBJ_ansi_X9_62,2L

-#define SN_X9_62_id_ecPublicKey		"id-ecPublicKey"

-#define NID_X9_62_id_ecPublicKey		408

-#define OBJ_X9_62_id_ecPublicKey		OBJ_X9_62_id_publicKeyType,1L

-#define OBJ_X9_62_ellipticCurve		OBJ_ansi_X9_62,3L

-#define OBJ_X9_62_c_TwoCurve		OBJ_X9_62_ellipticCurve,0L

-#define SN_X9_62_c2pnb163v1		"c2pnb163v1"

-#define NID_X9_62_c2pnb163v1		684

-#define OBJ_X9_62_c2pnb163v1		OBJ_X9_62_c_TwoCurve,1L

-#define SN_X9_62_c2pnb163v2		"c2pnb163v2"

-#define NID_X9_62_c2pnb163v2		685

-#define OBJ_X9_62_c2pnb163v2		OBJ_X9_62_c_TwoCurve,2L

-#define SN_X9_62_c2pnb163v3		"c2pnb163v3"

-#define NID_X9_62_c2pnb163v3		686

-#define OBJ_X9_62_c2pnb163v3		OBJ_X9_62_c_TwoCurve,3L

-#define SN_X9_62_c2pnb176v1		"c2pnb176v1"

-#define NID_X9_62_c2pnb176v1		687

-#define OBJ_X9_62_c2pnb176v1		OBJ_X9_62_c_TwoCurve,4L

-#define SN_X9_62_c2tnb191v1		"c2tnb191v1"

-#define NID_X9_62_c2tnb191v1		688

-#define OBJ_X9_62_c2tnb191v1		OBJ_X9_62_c_TwoCurve,5L

-#define SN_X9_62_c2tnb191v2		"c2tnb191v2"

-#define NID_X9_62_c2tnb191v2		689

-#define OBJ_X9_62_c2tnb191v2		OBJ_X9_62_c_TwoCurve,6L

-#define SN_X9_62_c2tnb191v3		"c2tnb191v3"

-#define NID_X9_62_c2tnb191v3		690

-#define OBJ_X9_62_c2tnb191v3		OBJ_X9_62_c_TwoCurve,7L

-#define SN_X9_62_c2onb191v4		"c2onb191v4"

-#define NID_X9_62_c2onb191v4		691

-#define OBJ_X9_62_c2onb191v4		OBJ_X9_62_c_TwoCurve,8L

-#define SN_X9_62_c2onb191v5		"c2onb191v5"

-#define NID_X9_62_c2onb191v5		692

-#define OBJ_X9_62_c2onb191v5		OBJ_X9_62_c_TwoCurve,9L

-#define SN_X9_62_c2pnb208w1		"c2pnb208w1"

-#define NID_X9_62_c2pnb208w1		693

-#define OBJ_X9_62_c2pnb208w1		OBJ_X9_62_c_TwoCurve,10L

-#define SN_X9_62_c2tnb239v1		"c2tnb239v1"

-#define NID_X9_62_c2tnb239v1		694

-#define OBJ_X9_62_c2tnb239v1		OBJ_X9_62_c_TwoCurve,11L

-#define SN_X9_62_c2tnb239v2		"c2tnb239v2"

-#define NID_X9_62_c2tnb239v2		695

-#define OBJ_X9_62_c2tnb239v2		OBJ_X9_62_c_TwoCurve,12L

-#define SN_X9_62_c2tnb239v3		"c2tnb239v3"

-#define NID_X9_62_c2tnb239v3		696

-#define OBJ_X9_62_c2tnb239v3		OBJ_X9_62_c_TwoCurve,13L

-#define SN_X9_62_c2onb239v4		"c2onb239v4"

-#define NID_X9_62_c2onb239v4		697

-#define OBJ_X9_62_c2onb239v4		OBJ_X9_62_c_TwoCurve,14L

-#define SN_X9_62_c2onb239v5		"c2onb239v5"

-#define NID_X9_62_c2onb239v5		698

-#define OBJ_X9_62_c2onb239v5		OBJ_X9_62_c_TwoCurve,15L

-#define SN_X9_62_c2pnb272w1		"c2pnb272w1"

-#define NID_X9_62_c2pnb272w1		699

-#define OBJ_X9_62_c2pnb272w1		OBJ_X9_62_c_TwoCurve,16L

-#define SN_X9_62_c2pnb304w1		"c2pnb304w1"

-#define NID_X9_62_c2pnb304w1		700

-#define OBJ_X9_62_c2pnb304w1		OBJ_X9_62_c_TwoCurve,17L

-#define SN_X9_62_c2tnb359v1		"c2tnb359v1"

-#define NID_X9_62_c2tnb359v1		701

-#define OBJ_X9_62_c2tnb359v1		OBJ_X9_62_c_TwoCurve,18L

-#define SN_X9_62_c2pnb368w1		"c2pnb368w1"

-#define NID_X9_62_c2pnb368w1		702

-#define OBJ_X9_62_c2pnb368w1		OBJ_X9_62_c_TwoCurve,19L

-#define SN_X9_62_c2tnb431r1		"c2tnb431r1"

-#define NID_X9_62_c2tnb431r1		703

-#define OBJ_X9_62_c2tnb431r1		OBJ_X9_62_c_TwoCurve,20L

-#define OBJ_X9_62_primeCurve		OBJ_X9_62_ellipticCurve,1L

-#define SN_X9_62_prime192v1		"prime192v1"

-#define NID_X9_62_prime192v1		409

-#define OBJ_X9_62_prime192v1		OBJ_X9_62_primeCurve,1L

-#define SN_X9_62_prime192v2		"prime192v2"

-#define NID_X9_62_prime192v2		410

-#define OBJ_X9_62_prime192v2		OBJ_X9_62_primeCurve,2L

-#define SN_X9_62_prime192v3		"prime192v3"

-#define NID_X9_62_prime192v3		411

-#define OBJ_X9_62_prime192v3		OBJ_X9_62_primeCurve,3L

-#define SN_X9_62_prime239v1		"prime239v1"

-#define NID_X9_62_prime239v1		412

-#define OBJ_X9_62_prime239v1		OBJ_X9_62_primeCurve,4L

-#define SN_X9_62_prime239v2		"prime239v2"

-#define NID_X9_62_prime239v2		413

-#define OBJ_X9_62_prime239v2		OBJ_X9_62_primeCurve,5L

-#define SN_X9_62_prime239v3		"prime239v3"

-#define NID_X9_62_prime239v3		414

-#define OBJ_X9_62_prime239v3		OBJ_X9_62_primeCurve,6L

-#define SN_X9_62_prime256v1		"prime256v1"

-#define NID_X9_62_prime256v1		415

-#define OBJ_X9_62_prime256v1		OBJ_X9_62_primeCurve,7L

-#define OBJ_X9_62_id_ecSigType		OBJ_ansi_X9_62,4L

-#define SN_ecdsa_with_SHA1		"ecdsa-with-SHA1"

-#define NID_ecdsa_with_SHA1		416

-#define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L

-#define OBJ_secg_ellipticCurve		OBJ_certicom_arc,0L

-#define SN_secp112r1		"secp112r1"

-#define NID_secp112r1		704

-#define OBJ_secp112r1		OBJ_secg_ellipticCurve,6L

-#define SN_secp112r2		"secp112r2"

-#define NID_secp112r2		705

-#define OBJ_secp112r2		OBJ_secg_ellipticCurve,7L

-#define SN_secp128r1		"secp128r1"

-#define NID_secp128r1		706

-#define OBJ_secp128r1		OBJ_secg_ellipticCurve,28L

-#define SN_secp128r2		"secp128r2"

-#define NID_secp128r2		707

-#define OBJ_secp128r2		OBJ_secg_ellipticCurve,29L

-#define SN_secp160k1		"secp160k1"

-#define NID_secp160k1		708

-#define OBJ_secp160k1		OBJ_secg_ellipticCurve,9L

-#define SN_secp160r1		"secp160r1"

-#define NID_secp160r1		709

-#define OBJ_secp160r1		OBJ_secg_ellipticCurve,8L

-#define SN_secp160r2		"secp160r2"

-#define NID_secp160r2		710

-#define OBJ_secp160r2		OBJ_secg_ellipticCurve,30L

-#define SN_secp192k1		"secp192k1"

-#define NID_secp192k1		711

-#define OBJ_secp192k1		OBJ_secg_ellipticCurve,31L

-#define SN_secp224k1		"secp224k1"

-#define NID_secp224k1		712

-#define OBJ_secp224k1		OBJ_secg_ellipticCurve,32L

-#define SN_secp224r1		"secp224r1"

-#define NID_secp224r1		713

-#define OBJ_secp224r1		OBJ_secg_ellipticCurve,33L

-#define SN_secp256k1		"secp256k1"

-#define NID_secp256k1		714

-#define OBJ_secp256k1		OBJ_secg_ellipticCurve,10L

-#define SN_secp384r1		"secp384r1"

-#define NID_secp384r1		715

-#define OBJ_secp384r1		OBJ_secg_ellipticCurve,34L

-#define SN_secp521r1		"secp521r1"

-#define NID_secp521r1		716

-#define OBJ_secp521r1		OBJ_secg_ellipticCurve,35L

-#define SN_sect113r1		"sect113r1"

-#define NID_sect113r1		717

-#define OBJ_sect113r1		OBJ_secg_ellipticCurve,4L

-#define SN_sect113r2		"sect113r2"

-#define NID_sect113r2		718

-#define OBJ_sect113r2		OBJ_secg_ellipticCurve,5L

-#define SN_sect131r1		"sect131r1"

-#define NID_sect131r1		719

-#define OBJ_sect131r1		OBJ_secg_ellipticCurve,22L

-#define SN_sect131r2		"sect131r2"

-#define NID_sect131r2		720

-#define OBJ_sect131r2		OBJ_secg_ellipticCurve,23L

-#define SN_sect163k1		"sect163k1"

-#define NID_sect163k1		721

-#define OBJ_sect163k1		OBJ_secg_ellipticCurve,1L

-#define SN_sect163r1		"sect163r1"

-#define NID_sect163r1		722

-#define OBJ_sect163r1		OBJ_secg_ellipticCurve,2L

-#define SN_sect163r2		"sect163r2"

-#define NID_sect163r2		723

-#define OBJ_sect163r2		OBJ_secg_ellipticCurve,15L

-#define SN_sect193r1		"sect193r1"

-#define NID_sect193r1		724

-#define OBJ_sect193r1		OBJ_secg_ellipticCurve,24L

-#define SN_sect193r2		"sect193r2"

-#define NID_sect193r2		725

-#define OBJ_sect193r2		OBJ_secg_ellipticCurve,25L

-#define SN_sect233k1		"sect233k1"

-#define NID_sect233k1		726

-#define OBJ_sect233k1		OBJ_secg_ellipticCurve,26L

-#define SN_sect233r1		"sect233r1"

-#define NID_sect233r1		727

-#define OBJ_sect233r1		OBJ_secg_ellipticCurve,27L

-#define SN_sect239k1		"sect239k1"

-#define NID_sect239k1		728

-#define OBJ_sect239k1		OBJ_secg_ellipticCurve,3L

-#define SN_sect283k1		"sect283k1"

-#define NID_sect283k1		729

-#define OBJ_sect283k1		OBJ_secg_ellipticCurve,16L

-#define SN_sect283r1		"sect283r1"

-#define NID_sect283r1		730

-#define OBJ_sect283r1		OBJ_secg_ellipticCurve,17L

-#define SN_sect409k1		"sect409k1"

-#define NID_sect409k1		731

-#define OBJ_sect409k1		OBJ_secg_ellipticCurve,36L

-#define SN_sect409r1		"sect409r1"

-#define NID_sect409r1		732

-#define OBJ_sect409r1		OBJ_secg_ellipticCurve,37L

-#define SN_sect571k1		"sect571k1"

-#define NID_sect571k1		733

-#define OBJ_sect571k1		OBJ_secg_ellipticCurve,38L

-#define SN_sect571r1		"sect571r1"

-#define NID_sect571r1		734

-#define OBJ_sect571r1		OBJ_secg_ellipticCurve,39L

-#define OBJ_wap_wsg_idm_ecid		OBJ_wap_wsg,4L

-#define SN_wap_wsg_idm_ecid_wtls1		"wap-wsg-idm-ecid-wtls1"

-#define NID_wap_wsg_idm_ecid_wtls1		735

-#define OBJ_wap_wsg_idm_ecid_wtls1		OBJ_wap_wsg_idm_ecid,1L

-#define SN_wap_wsg_idm_ecid_wtls3		"wap-wsg-idm-ecid-wtls3"

-#define NID_wap_wsg_idm_ecid_wtls3		736

-#define OBJ_wap_wsg_idm_ecid_wtls3		OBJ_wap_wsg_idm_ecid,3L

-#define SN_wap_wsg_idm_ecid_wtls4		"wap-wsg-idm-ecid-wtls4"

-#define NID_wap_wsg_idm_ecid_wtls4		737

-#define OBJ_wap_wsg_idm_ecid_wtls4		OBJ_wap_wsg_idm_ecid,4L

-#define SN_wap_wsg_idm_ecid_wtls5		"wap-wsg-idm-ecid-wtls5"

-#define NID_wap_wsg_idm_ecid_wtls5		738

-#define OBJ_wap_wsg_idm_ecid_wtls5		OBJ_wap_wsg_idm_ecid,5L

-#define SN_wap_wsg_idm_ecid_wtls6		"wap-wsg-idm-ecid-wtls6"

-#define NID_wap_wsg_idm_ecid_wtls6		739

-#define OBJ_wap_wsg_idm_ecid_wtls6		OBJ_wap_wsg_idm_ecid,6L

-#define SN_wap_wsg_idm_ecid_wtls7		"wap-wsg-idm-ecid-wtls7"

-#define NID_wap_wsg_idm_ecid_wtls7		740

-#define OBJ_wap_wsg_idm_ecid_wtls7		OBJ_wap_wsg_idm_ecid,7L

-#define SN_wap_wsg_idm_ecid_wtls8		"wap-wsg-idm-ecid-wtls8"

-#define NID_wap_wsg_idm_ecid_wtls8		741

-#define OBJ_wap_wsg_idm_ecid_wtls8		OBJ_wap_wsg_idm_ecid,8L

-#define SN_wap_wsg_idm_ecid_wtls9		"wap-wsg-idm-ecid-wtls9"

-#define NID_wap_wsg_idm_ecid_wtls9		742

-#define OBJ_wap_wsg_idm_ecid_wtls9		OBJ_wap_wsg_idm_ecid,9L

-#define SN_wap_wsg_idm_ecid_wtls10		"wap-wsg-idm-ecid-wtls10"

-#define NID_wap_wsg_idm_ecid_wtls10		743

-#define OBJ_wap_wsg_idm_ecid_wtls10		OBJ_wap_wsg_idm_ecid,10L

-#define SN_wap_wsg_idm_ecid_wtls11		"wap-wsg-idm-ecid-wtls11"

-#define NID_wap_wsg_idm_ecid_wtls11		744

-#define OBJ_wap_wsg_idm_ecid_wtls11		OBJ_wap_wsg_idm_ecid,11L

-#define SN_wap_wsg_idm_ecid_wtls12		"wap-wsg-idm-ecid-wtls12"

-#define NID_wap_wsg_idm_ecid_wtls12		745

-#define OBJ_wap_wsg_idm_ecid_wtls12		OBJ_wap_wsg_idm_ecid,12L

-#define SN_cast5_cbc		"CAST5-CBC"

-#define LN_cast5_cbc		"cast5-cbc"

-#define NID_cast5_cbc		108

-#define OBJ_cast5_cbc		OBJ_ISO_US,113533L,7L,66L,10L

-#define SN_cast5_ecb		"CAST5-ECB"

-#define LN_cast5_ecb		"cast5-ecb"

-#define NID_cast5_ecb		109

-#define SN_cast5_cfb64		"CAST5-CFB"

-#define LN_cast5_cfb64		"cast5-cfb"

-#define NID_cast5_cfb64		110

-#define SN_cast5_ofb64		"CAST5-OFB"

-#define LN_cast5_ofb64		"cast5-ofb"

-#define NID_cast5_ofb64		111

-#define LN_pbeWithMD5AndCast5_CBC		"pbeWithMD5AndCast5CBC"

-#define NID_pbeWithMD5AndCast5_CBC		112

-#define OBJ_pbeWithMD5AndCast5_CBC		OBJ_ISO_US,113533L,7L,66L,12L

-#define SN_rsadsi		"rsadsi"

-#define LN_rsadsi		"RSA Data Security, Inc."

-#define NID_rsadsi		1

-#define OBJ_rsadsi		OBJ_ISO_US,113549L

-#define SN_pkcs		"pkcs"

-#define LN_pkcs		"RSA Data Security, Inc. PKCS"

-#define NID_pkcs		2

-#define OBJ_pkcs		OBJ_rsadsi,1L

-#define SN_pkcs1		"pkcs1"

-#define NID_pkcs1		186

-#define OBJ_pkcs1		OBJ_pkcs,1L

-#define LN_rsaEncryption		"rsaEncryption"

-#define NID_rsaEncryption		6

-#define OBJ_rsaEncryption		OBJ_pkcs1,1L

-#define SN_md2WithRSAEncryption		"RSA-MD2"

-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"

-#define NID_md2WithRSAEncryption		7

-#define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L

-#define SN_md4WithRSAEncryption		"RSA-MD4"

-#define LN_md4WithRSAEncryption		"md4WithRSAEncryption"

-#define NID_md4WithRSAEncryption		396

-#define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L

-#define SN_md5WithRSAEncryption		"RSA-MD5"

-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"

-#define NID_md5WithRSAEncryption		8

-#define OBJ_md5WithRSAEncryption		OBJ_pkcs1,4L

-#define SN_sha1WithRSAEncryption		"RSA-SHA1"

-#define LN_sha1WithRSAEncryption		"sha1WithRSAEncryption"

-#define NID_sha1WithRSAEncryption		65

-#define OBJ_sha1WithRSAEncryption		OBJ_pkcs1,5L

-#define SN_sha256WithRSAEncryption		"RSA-SHA256"

-#define LN_sha256WithRSAEncryption		"sha256WithRSAEncryption"

-#define NID_sha256WithRSAEncryption		668

-#define OBJ_sha256WithRSAEncryption		OBJ_pkcs1,11L

-#define SN_sha384WithRSAEncryption		"RSA-SHA384"

-#define LN_sha384WithRSAEncryption		"sha384WithRSAEncryption"

-#define NID_sha384WithRSAEncryption		669

-#define OBJ_sha384WithRSAEncryption		OBJ_pkcs1,12L

-#define SN_sha512WithRSAEncryption		"RSA-SHA512"

-#define LN_sha512WithRSAEncryption		"sha512WithRSAEncryption"

-#define NID_sha512WithRSAEncryption		670

-#define OBJ_sha512WithRSAEncryption		OBJ_pkcs1,13L

-#define SN_sha224WithRSAEncryption		"RSA-SHA224"

-#define LN_sha224WithRSAEncryption		"sha224WithRSAEncryption"

-#define NID_sha224WithRSAEncryption		671

-#define OBJ_sha224WithRSAEncryption		OBJ_pkcs1,14L

-#define SN_pkcs3		"pkcs3"

-#define NID_pkcs3		27

-#define OBJ_pkcs3		OBJ_pkcs,3L

-#define LN_dhKeyAgreement		"dhKeyAgreement"

-#define NID_dhKeyAgreement		28

-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L

-#define SN_pkcs5		"pkcs5"

-#define NID_pkcs5		187

-#define OBJ_pkcs5		OBJ_pkcs,5L

-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"

-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"

-#define NID_pbeWithMD2AndDES_CBC		9

-#define OBJ_pbeWithMD2AndDES_CBC		OBJ_pkcs5,1L

-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"

-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"

-#define NID_pbeWithMD5AndDES_CBC		10

-#define OBJ_pbeWithMD5AndDES_CBC		OBJ_pkcs5,3L

-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"

-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"

-#define NID_pbeWithMD2AndRC2_CBC		168

-#define OBJ_pbeWithMD2AndRC2_CBC		OBJ_pkcs5,4L

-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"

-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"

-#define NID_pbeWithMD5AndRC2_CBC		169

-#define OBJ_pbeWithMD5AndRC2_CBC		OBJ_pkcs5,6L

-#define SN_pbeWithSHA1AndDES_CBC		"PBE-SHA1-DES"

-#define LN_pbeWithSHA1AndDES_CBC		"pbeWithSHA1AndDES-CBC"

-#define NID_pbeWithSHA1AndDES_CBC		170

-#define OBJ_pbeWithSHA1AndDES_CBC		OBJ_pkcs5,10L

-#define SN_pbeWithSHA1AndRC2_CBC		"PBE-SHA1-RC2-64"

-#define LN_pbeWithSHA1AndRC2_CBC		"pbeWithSHA1AndRC2-CBC"

-#define NID_pbeWithSHA1AndRC2_CBC		68

-#define OBJ_pbeWithSHA1AndRC2_CBC		OBJ_pkcs5,11L

-#define LN_id_pbkdf2		"PBKDF2"

-#define NID_id_pbkdf2		69

-#define OBJ_id_pbkdf2		OBJ_pkcs5,12L

-#define LN_pbes2		"PBES2"

-#define NID_pbes2		161

-#define OBJ_pbes2		OBJ_pkcs5,13L

-#define LN_pbmac1		"PBMAC1"

-#define NID_pbmac1		162

-#define OBJ_pbmac1		OBJ_pkcs5,14L

-#define SN_pkcs7		"pkcs7"

-#define NID_pkcs7		20

-#define OBJ_pkcs7		OBJ_pkcs,7L

-#define LN_pkcs7_data		"pkcs7-data"

-#define NID_pkcs7_data		21

-#define OBJ_pkcs7_data		OBJ_pkcs7,1L

-#define LN_pkcs7_signed		"pkcs7-signedData"

-#define NID_pkcs7_signed		22

-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L

-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"

-#define NID_pkcs7_enveloped		23

-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L

-#define LN_pkcs7_signedAndEnveloped		"pkcs7-signedAndEnvelopedData"

-#define NID_pkcs7_signedAndEnveloped		24

-#define OBJ_pkcs7_signedAndEnveloped		OBJ_pkcs7,4L

-#define LN_pkcs7_digest		"pkcs7-digestData"

-#define NID_pkcs7_digest		25

-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L

-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"

-#define NID_pkcs7_encrypted		26

-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L

-#define SN_pkcs9		"pkcs9"

-#define NID_pkcs9		47

-#define OBJ_pkcs9		OBJ_pkcs,9L

-#define LN_pkcs9_emailAddress		"emailAddress"

-#define NID_pkcs9_emailAddress		48

-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L

-#define LN_pkcs9_unstructuredName		"unstructuredName"

-#define NID_pkcs9_unstructuredName		49

-#define OBJ_pkcs9_unstructuredName		OBJ_pkcs9,2L

-#define LN_pkcs9_contentType		"contentType"

-#define NID_pkcs9_contentType		50

-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L

-#define LN_pkcs9_messageDigest		"messageDigest"

-#define NID_pkcs9_messageDigest		51

-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L

-#define LN_pkcs9_signingTime		"signingTime"

-#define NID_pkcs9_signingTime		52

-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L

-#define LN_pkcs9_countersignature		"countersignature"

-#define NID_pkcs9_countersignature		53

-#define OBJ_pkcs9_countersignature		OBJ_pkcs9,6L

-#define LN_pkcs9_challengePassword		"challengePassword"

-#define NID_pkcs9_challengePassword		54

-#define OBJ_pkcs9_challengePassword		OBJ_pkcs9,7L

-#define LN_pkcs9_unstructuredAddress		"unstructuredAddress"

-#define NID_pkcs9_unstructuredAddress		55

-#define OBJ_pkcs9_unstructuredAddress		OBJ_pkcs9,8L

-#define LN_pkcs9_extCertAttributes		"extendedCertificateAttributes"

-#define NID_pkcs9_extCertAttributes		56

-#define OBJ_pkcs9_extCertAttributes		OBJ_pkcs9,9L

-#define SN_ext_req		"extReq"

-#define LN_ext_req		"Extension Request"

-#define NID_ext_req		172

-#define OBJ_ext_req		OBJ_pkcs9,14L

-#define SN_SMIMECapabilities		"SMIME-CAPS"

-#define LN_SMIMECapabilities		"S/MIME Capabilities"

-#define NID_SMIMECapabilities		167

-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L

-#define SN_SMIME		"SMIME"

-#define LN_SMIME		"S/MIME"

-#define NID_SMIME		188

-#define OBJ_SMIME		OBJ_pkcs9,16L

-#define SN_id_smime_mod		"id-smime-mod"

-#define NID_id_smime_mod		189

-#define OBJ_id_smime_mod		OBJ_SMIME,0L

-#define SN_id_smime_ct		"id-smime-ct"

-#define NID_id_smime_ct		190

-#define OBJ_id_smime_ct		OBJ_SMIME,1L

-#define SN_id_smime_aa		"id-smime-aa"

-#define NID_id_smime_aa		191

-#define OBJ_id_smime_aa		OBJ_SMIME,2L

-#define SN_id_smime_alg		"id-smime-alg"

-#define NID_id_smime_alg		192

-#define OBJ_id_smime_alg		OBJ_SMIME,3L

-#define SN_id_smime_cd		"id-smime-cd"

-#define NID_id_smime_cd		193

-#define OBJ_id_smime_cd		OBJ_SMIME,4L

-#define SN_id_smime_spq		"id-smime-spq"

-#define NID_id_smime_spq		194

-#define OBJ_id_smime_spq		OBJ_SMIME,5L

-#define SN_id_smime_cti		"id-smime-cti"

-#define NID_id_smime_cti		195

-#define OBJ_id_smime_cti		OBJ_SMIME,6L

-#define SN_id_smime_mod_cms		"id-smime-mod-cms"

-#define NID_id_smime_mod_cms		196

-#define OBJ_id_smime_mod_cms		OBJ_id_smime_mod,1L

-#define SN_id_smime_mod_ess		"id-smime-mod-ess"

-#define NID_id_smime_mod_ess		197

-#define OBJ_id_smime_mod_ess		OBJ_id_smime_mod,2L

-#define SN_id_smime_mod_oid		"id-smime-mod-oid"

-#define NID_id_smime_mod_oid		198

-#define OBJ_id_smime_mod_oid		OBJ_id_smime_mod,3L

-#define SN_id_smime_mod_msg_v3		"id-smime-mod-msg-v3"

-#define NID_id_smime_mod_msg_v3		199

-#define OBJ_id_smime_mod_msg_v3		OBJ_id_smime_mod,4L

-#define SN_id_smime_mod_ets_eSignature_88		"id-smime-mod-ets-eSignature-88"

-#define NID_id_smime_mod_ets_eSignature_88		200

-#define OBJ_id_smime_mod_ets_eSignature_88		OBJ_id_smime_mod,5L

-#define SN_id_smime_mod_ets_eSignature_97		"id-smime-mod-ets-eSignature-97"

-#define NID_id_smime_mod_ets_eSignature_97		201

-#define OBJ_id_smime_mod_ets_eSignature_97		OBJ_id_smime_mod,6L

-#define SN_id_smime_mod_ets_eSigPolicy_88		"id-smime-mod-ets-eSigPolicy-88"

-#define NID_id_smime_mod_ets_eSigPolicy_88		202

-#define OBJ_id_smime_mod_ets_eSigPolicy_88		OBJ_id_smime_mod,7L

-#define SN_id_smime_mod_ets_eSigPolicy_97		"id-smime-mod-ets-eSigPolicy-97"

-#define NID_id_smime_mod_ets_eSigPolicy_97		203

-#define OBJ_id_smime_mod_ets_eSigPolicy_97		OBJ_id_smime_mod,8L

-#define SN_id_smime_ct_receipt		"id-smime-ct-receipt"

-#define NID_id_smime_ct_receipt		204

-#define OBJ_id_smime_ct_receipt		OBJ_id_smime_ct,1L

-#define SN_id_smime_ct_authData		"id-smime-ct-authData"

-#define NID_id_smime_ct_authData		205

-#define OBJ_id_smime_ct_authData		OBJ_id_smime_ct,2L

-#define SN_id_smime_ct_publishCert		"id-smime-ct-publishCert"

-#define NID_id_smime_ct_publishCert		206

-#define OBJ_id_smime_ct_publishCert		OBJ_id_smime_ct,3L

-#define SN_id_smime_ct_TSTInfo		"id-smime-ct-TSTInfo"

-#define NID_id_smime_ct_TSTInfo		207

-#define OBJ_id_smime_ct_TSTInfo		OBJ_id_smime_ct,4L

-#define SN_id_smime_ct_TDTInfo		"id-smime-ct-TDTInfo"

-#define NID_id_smime_ct_TDTInfo		208

-#define OBJ_id_smime_ct_TDTInfo		OBJ_id_smime_ct,5L

-#define SN_id_smime_ct_contentInfo		"id-smime-ct-contentInfo"

-#define NID_id_smime_ct_contentInfo		209

-#define OBJ_id_smime_ct_contentInfo		OBJ_id_smime_ct,6L

-#define SN_id_smime_ct_DVCSRequestData		"id-smime-ct-DVCSRequestData"

-#define NID_id_smime_ct_DVCSRequestData		210

-#define OBJ_id_smime_ct_DVCSRequestData		OBJ_id_smime_ct,7L

-#define SN_id_smime_ct_DVCSResponseData		"id-smime-ct-DVCSResponseData"

-#define NID_id_smime_ct_DVCSResponseData		211

-#define OBJ_id_smime_ct_DVCSResponseData		OBJ_id_smime_ct,8L

-#define SN_id_smime_aa_receiptRequest		"id-smime-aa-receiptRequest"

-#define NID_id_smime_aa_receiptRequest		212

-#define OBJ_id_smime_aa_receiptRequest		OBJ_id_smime_aa,1L

-#define SN_id_smime_aa_securityLabel		"id-smime-aa-securityLabel"

-#define NID_id_smime_aa_securityLabel		213

-#define OBJ_id_smime_aa_securityLabel		OBJ_id_smime_aa,2L

-#define SN_id_smime_aa_mlExpandHistory		"id-smime-aa-mlExpandHistory"

-#define NID_id_smime_aa_mlExpandHistory		214

-#define OBJ_id_smime_aa_mlExpandHistory		OBJ_id_smime_aa,3L

-#define SN_id_smime_aa_contentHint		"id-smime-aa-contentHint"

-#define NID_id_smime_aa_contentHint		215

-#define OBJ_id_smime_aa_contentHint		OBJ_id_smime_aa,4L

-#define SN_id_smime_aa_msgSigDigest		"id-smime-aa-msgSigDigest"

-#define NID_id_smime_aa_msgSigDigest		216

-#define OBJ_id_smime_aa_msgSigDigest		OBJ_id_smime_aa,5L

-#define SN_id_smime_aa_encapContentType		"id-smime-aa-encapContentType"

-#define NID_id_smime_aa_encapContentType		217

-#define OBJ_id_smime_aa_encapContentType		OBJ_id_smime_aa,6L

-#define SN_id_smime_aa_contentIdentifier		"id-smime-aa-contentIdentifier"

-#define NID_id_smime_aa_contentIdentifier		218

-#define OBJ_id_smime_aa_contentIdentifier		OBJ_id_smime_aa,7L

-#define SN_id_smime_aa_macValue		"id-smime-aa-macValue"

-#define NID_id_smime_aa_macValue		219

-#define OBJ_id_smime_aa_macValue		OBJ_id_smime_aa,8L

-#define SN_id_smime_aa_equivalentLabels		"id-smime-aa-equivalentLabels"

-#define NID_id_smime_aa_equivalentLabels		220

-#define OBJ_id_smime_aa_equivalentLabels		OBJ_id_smime_aa,9L

-#define SN_id_smime_aa_contentReference		"id-smime-aa-contentReference"

-#define NID_id_smime_aa_contentReference		221

-#define OBJ_id_smime_aa_contentReference		OBJ_id_smime_aa,10L

-#define SN_id_smime_aa_encrypKeyPref		"id-smime-aa-encrypKeyPref"

-#define NID_id_smime_aa_encrypKeyPref		222

-#define OBJ_id_smime_aa_encrypKeyPref		OBJ_id_smime_aa,11L

-#define SN_id_smime_aa_signingCertificate		"id-smime-aa-signingCertificate"

-#define NID_id_smime_aa_signingCertificate		223

-#define OBJ_id_smime_aa_signingCertificate		OBJ_id_smime_aa,12L

-#define SN_id_smime_aa_smimeEncryptCerts		"id-smime-aa-smimeEncryptCerts"

-#define NID_id_smime_aa_smimeEncryptCerts		224

-#define OBJ_id_smime_aa_smimeEncryptCerts		OBJ_id_smime_aa,13L

-#define SN_id_smime_aa_timeStampToken		"id-smime-aa-timeStampToken"

-#define NID_id_smime_aa_timeStampToken		225

-#define OBJ_id_smime_aa_timeStampToken		OBJ_id_smime_aa,14L

-#define SN_id_smime_aa_ets_sigPolicyId		"id-smime-aa-ets-sigPolicyId"

-#define NID_id_smime_aa_ets_sigPolicyId		226

-#define OBJ_id_smime_aa_ets_sigPolicyId		OBJ_id_smime_aa,15L

-#define SN_id_smime_aa_ets_commitmentType		"id-smime-aa-ets-commitmentType"

-#define NID_id_smime_aa_ets_commitmentType		227

-#define OBJ_id_smime_aa_ets_commitmentType		OBJ_id_smime_aa,16L

-#define SN_id_smime_aa_ets_signerLocation		"id-smime-aa-ets-signerLocation"

-#define NID_id_smime_aa_ets_signerLocation		228

-#define OBJ_id_smime_aa_ets_signerLocation		OBJ_id_smime_aa,17L

-#define SN_id_smime_aa_ets_signerAttr		"id-smime-aa-ets-signerAttr"

-#define NID_id_smime_aa_ets_signerAttr		229

-#define OBJ_id_smime_aa_ets_signerAttr		OBJ_id_smime_aa,18L

-#define SN_id_smime_aa_ets_otherSigCert		"id-smime-aa-ets-otherSigCert"

-#define NID_id_smime_aa_ets_otherSigCert		230

-#define OBJ_id_smime_aa_ets_otherSigCert		OBJ_id_smime_aa,19L

-#define SN_id_smime_aa_ets_contentTimestamp		"id-smime-aa-ets-contentTimestamp"

-#define NID_id_smime_aa_ets_contentTimestamp		231

-#define OBJ_id_smime_aa_ets_contentTimestamp		OBJ_id_smime_aa,20L

-#define SN_id_smime_aa_ets_CertificateRefs		"id-smime-aa-ets-CertificateRefs"

-#define NID_id_smime_aa_ets_CertificateRefs		232

-#define OBJ_id_smime_aa_ets_CertificateRefs		OBJ_id_smime_aa,21L

-#define SN_id_smime_aa_ets_RevocationRefs		"id-smime-aa-ets-RevocationRefs"

-#define NID_id_smime_aa_ets_RevocationRefs		233

-#define OBJ_id_smime_aa_ets_RevocationRefs		OBJ_id_smime_aa,22L

-#define SN_id_smime_aa_ets_certValues		"id-smime-aa-ets-certValues"

-#define NID_id_smime_aa_ets_certValues		234

-#define OBJ_id_smime_aa_ets_certValues		OBJ_id_smime_aa,23L

-#define SN_id_smime_aa_ets_revocationValues		"id-smime-aa-ets-revocationValues"

-#define NID_id_smime_aa_ets_revocationValues		235

-#define OBJ_id_smime_aa_ets_revocationValues		OBJ_id_smime_aa,24L

-#define SN_id_smime_aa_ets_escTimeStamp		"id-smime-aa-ets-escTimeStamp"

-#define NID_id_smime_aa_ets_escTimeStamp		236

-#define OBJ_id_smime_aa_ets_escTimeStamp		OBJ_id_smime_aa,25L

-#define SN_id_smime_aa_ets_certCRLTimestamp		"id-smime-aa-ets-certCRLTimestamp"

-#define NID_id_smime_aa_ets_certCRLTimestamp		237

-#define OBJ_id_smime_aa_ets_certCRLTimestamp		OBJ_id_smime_aa,26L

-#define SN_id_smime_aa_ets_archiveTimeStamp		"id-smime-aa-ets-archiveTimeStamp"

-#define NID_id_smime_aa_ets_archiveTimeStamp		238

-#define OBJ_id_smime_aa_ets_archiveTimeStamp		OBJ_id_smime_aa,27L

-#define SN_id_smime_aa_signatureType		"id-smime-aa-signatureType"

-#define NID_id_smime_aa_signatureType		239

-#define OBJ_id_smime_aa_signatureType		OBJ_id_smime_aa,28L

-#define SN_id_smime_aa_dvcs_dvc		"id-smime-aa-dvcs-dvc"

-#define NID_id_smime_aa_dvcs_dvc		240

-#define OBJ_id_smime_aa_dvcs_dvc		OBJ_id_smime_aa,29L

-#define SN_id_smime_alg_ESDHwith3DES		"id-smime-alg-ESDHwith3DES"

-#define NID_id_smime_alg_ESDHwith3DES		241

-#define OBJ_id_smime_alg_ESDHwith3DES		OBJ_id_smime_alg,1L

-#define SN_id_smime_alg_ESDHwithRC2		"id-smime-alg-ESDHwithRC2"

-#define NID_id_smime_alg_ESDHwithRC2		242

-#define OBJ_id_smime_alg_ESDHwithRC2		OBJ_id_smime_alg,2L

-#define SN_id_smime_alg_3DESwrap		"id-smime-alg-3DESwrap"

-#define NID_id_smime_alg_3DESwrap		243

-#define OBJ_id_smime_alg_3DESwrap		OBJ_id_smime_alg,3L

-#define SN_id_smime_alg_RC2wrap		"id-smime-alg-RC2wrap"

-#define NID_id_smime_alg_RC2wrap		244

-#define OBJ_id_smime_alg_RC2wrap		OBJ_id_smime_alg,4L

-#define SN_id_smime_alg_ESDH		"id-smime-alg-ESDH"

-#define NID_id_smime_alg_ESDH		245

-#define OBJ_id_smime_alg_ESDH		OBJ_id_smime_alg,5L

-#define SN_id_smime_alg_CMS3DESwrap		"id-smime-alg-CMS3DESwrap"

-#define NID_id_smime_alg_CMS3DESwrap		246

-#define OBJ_id_smime_alg_CMS3DESwrap		OBJ_id_smime_alg,6L

-#define SN_id_smime_alg_CMSRC2wrap		"id-smime-alg-CMSRC2wrap"

-#define NID_id_smime_alg_CMSRC2wrap		247

-#define OBJ_id_smime_alg_CMSRC2wrap		OBJ_id_smime_alg,7L

-#define SN_id_smime_cd_ldap		"id-smime-cd-ldap"

-#define NID_id_smime_cd_ldap		248

-#define OBJ_id_smime_cd_ldap		OBJ_id_smime_cd,1L

-#define SN_id_smime_spq_ets_sqt_uri		"id-smime-spq-ets-sqt-uri"

-#define NID_id_smime_spq_ets_sqt_uri		249

-#define OBJ_id_smime_spq_ets_sqt_uri		OBJ_id_smime_spq,1L

-#define SN_id_smime_spq_ets_sqt_unotice		"id-smime-spq-ets-sqt-unotice"

-#define NID_id_smime_spq_ets_sqt_unotice		250

-#define OBJ_id_smime_spq_ets_sqt_unotice		OBJ_id_smime_spq,2L

-#define SN_id_smime_cti_ets_proofOfOrigin		"id-smime-cti-ets-proofOfOrigin"

-#define NID_id_smime_cti_ets_proofOfOrigin		251

-#define OBJ_id_smime_cti_ets_proofOfOrigin		OBJ_id_smime_cti,1L

-#define SN_id_smime_cti_ets_proofOfReceipt		"id-smime-cti-ets-proofOfReceipt"

-#define NID_id_smime_cti_ets_proofOfReceipt		252

-#define OBJ_id_smime_cti_ets_proofOfReceipt		OBJ_id_smime_cti,2L

-#define SN_id_smime_cti_ets_proofOfDelivery		"id-smime-cti-ets-proofOfDelivery"

-#define NID_id_smime_cti_ets_proofOfDelivery		253

-#define OBJ_id_smime_cti_ets_proofOfDelivery		OBJ_id_smime_cti,3L

-#define SN_id_smime_cti_ets_proofOfSender		"id-smime-cti-ets-proofOfSender"

-#define NID_id_smime_cti_ets_proofOfSender		254

-#define OBJ_id_smime_cti_ets_proofOfSender		OBJ_id_smime_cti,4L

-#define SN_id_smime_cti_ets_proofOfApproval		"id-smime-cti-ets-proofOfApproval"

-#define NID_id_smime_cti_ets_proofOfApproval		255

-#define OBJ_id_smime_cti_ets_proofOfApproval		OBJ_id_smime_cti,5L

-#define SN_id_smime_cti_ets_proofOfCreation		"id-smime-cti-ets-proofOfCreation"

-#define NID_id_smime_cti_ets_proofOfCreation		256

-#define OBJ_id_smime_cti_ets_proofOfCreation		OBJ_id_smime_cti,6L

-#define LN_friendlyName		"friendlyName"

-#define NID_friendlyName		156

-#define OBJ_friendlyName		OBJ_pkcs9,20L

-#define LN_localKeyID		"localKeyID"

-#define NID_localKeyID		157

-#define OBJ_localKeyID		OBJ_pkcs9,21L

-#define SN_ms_csp_name		"CSPName"

-#define LN_ms_csp_name		"Microsoft CSP Name"

-#define NID_ms_csp_name		417

-#define OBJ_ms_csp_name		1L,3L,6L,1L,4L,1L,311L,17L,1L

-#define OBJ_certTypes		OBJ_pkcs9,22L

-#define LN_x509Certificate		"x509Certificate"

-#define NID_x509Certificate		158

-#define OBJ_x509Certificate		OBJ_certTypes,1L

-#define LN_sdsiCertificate		"sdsiCertificate"

-#define NID_sdsiCertificate		159

-#define OBJ_sdsiCertificate		OBJ_certTypes,2L

-#define OBJ_crlTypes		OBJ_pkcs9,23L

-#define LN_x509Crl		"x509Crl"

-#define NID_x509Crl		160

-#define OBJ_x509Crl		OBJ_crlTypes,1L

-#define OBJ_pkcs12		OBJ_pkcs,12L

-#define OBJ_pkcs12_pbeids		OBJ_pkcs12,1L

-#define SN_pbe_WithSHA1And128BitRC4		"PBE-SHA1-RC4-128"

-#define LN_pbe_WithSHA1And128BitRC4		"pbeWithSHA1And128BitRC4"

-#define NID_pbe_WithSHA1And128BitRC4		144

-#define OBJ_pbe_WithSHA1And128BitRC4		OBJ_pkcs12_pbeids,1L

-#define SN_pbe_WithSHA1And40BitRC4		"PBE-SHA1-RC4-40"

-#define LN_pbe_WithSHA1And40BitRC4		"pbeWithSHA1And40BitRC4"

-#define NID_pbe_WithSHA1And40BitRC4		145

-#define OBJ_pbe_WithSHA1And40BitRC4		OBJ_pkcs12_pbeids,2L

-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC		"PBE-SHA1-3DES"

-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC		"pbeWithSHA1And3-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC		146

-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,3L

-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC		"PBE-SHA1-2DES"

-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC		"pbeWithSHA1And2-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC		147

-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,4L

-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"

-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"

-#define NID_pbe_WithSHA1And128BitRC2_CBC		148

-#define OBJ_pbe_WithSHA1And128BitRC2_CBC		OBJ_pkcs12_pbeids,5L

-#define SN_pbe_WithSHA1And40BitRC2_CBC		"PBE-SHA1-RC2-40"

-#define LN_pbe_WithSHA1And40BitRC2_CBC		"pbeWithSHA1And40BitRC2-CBC"

-#define NID_pbe_WithSHA1And40BitRC2_CBC		149

-#define OBJ_pbe_WithSHA1And40BitRC2_CBC		OBJ_pkcs12_pbeids,6L

-#define OBJ_pkcs12_Version1		OBJ_pkcs12,10L

-#define OBJ_pkcs12_BagIds		OBJ_pkcs12_Version1,1L

-#define LN_keyBag		"keyBag"

-#define NID_keyBag		150

-#define OBJ_keyBag		OBJ_pkcs12_BagIds,1L

-#define LN_pkcs8ShroudedKeyBag		"pkcs8ShroudedKeyBag"

-#define NID_pkcs8ShroudedKeyBag		151

-#define OBJ_pkcs8ShroudedKeyBag		OBJ_pkcs12_BagIds,2L

-#define LN_certBag		"certBag"

-#define NID_certBag		152

-#define OBJ_certBag		OBJ_pkcs12_BagIds,3L

-#define LN_crlBag		"crlBag"

-#define NID_crlBag		153

-#define OBJ_crlBag		OBJ_pkcs12_BagIds,4L

-#define LN_secretBag		"secretBag"

-#define NID_secretBag		154

-#define OBJ_secretBag		OBJ_pkcs12_BagIds,5L

-#define LN_safeContentsBag		"safeContentsBag"

-#define NID_safeContentsBag		155

-#define OBJ_safeContentsBag		OBJ_pkcs12_BagIds,6L

-#define SN_md2		"MD2"

-#define LN_md2		"md2"

-#define NID_md2		3

-#define OBJ_md2		OBJ_rsadsi,2L,2L

-#define SN_md4		"MD4"

-#define LN_md4		"md4"

-#define NID_md4		257

-#define OBJ_md4		OBJ_rsadsi,2L,4L

-#define SN_md5		"MD5"

-#define LN_md5		"md5"

-#define NID_md5		4

-#define OBJ_md5		OBJ_rsadsi,2L,5L

-#define SN_md5_sha1		"MD5-SHA1"

-#define LN_md5_sha1		"md5-sha1"

-#define NID_md5_sha1		114

-#define LN_hmacWithSHA1		"hmacWithSHA1"

-#define NID_hmacWithSHA1		163

-#define OBJ_hmacWithSHA1		OBJ_rsadsi,2L,7L

-#define SN_rc2_cbc		"RC2-CBC"

-#define LN_rc2_cbc		"rc2-cbc"

-#define NID_rc2_cbc		37

-#define OBJ_rc2_cbc		OBJ_rsadsi,3L,2L

-#define SN_rc2_ecb		"RC2-ECB"

-#define LN_rc2_ecb		"rc2-ecb"

-#define NID_rc2_ecb		38

-#define SN_rc2_cfb64		"RC2-CFB"

-#define LN_rc2_cfb64		"rc2-cfb"

-#define NID_rc2_cfb64		39

-#define SN_rc2_ofb64		"RC2-OFB"

-#define LN_rc2_ofb64		"rc2-ofb"

-#define NID_rc2_ofb64		40

-#define SN_rc2_40_cbc		"RC2-40-CBC"

-#define LN_rc2_40_cbc		"rc2-40-cbc"

-#define NID_rc2_40_cbc		98

-#define SN_rc2_64_cbc		"RC2-64-CBC"

-#define LN_rc2_64_cbc		"rc2-64-cbc"

-#define NID_rc2_64_cbc		166

-#define SN_rc4		"RC4"

-#define LN_rc4		"rc4"

-#define NID_rc4		5

-#define OBJ_rc4		OBJ_rsadsi,3L,4L

-#define SN_rc4_40		"RC4-40"

-#define LN_rc4_40		"rc4-40"

-#define NID_rc4_40		97

-#define SN_des_ede3_cbc		"DES-EDE3-CBC"

-#define LN_des_ede3_cbc		"des-ede3-cbc"

-#define NID_des_ede3_cbc		44

-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L

-#define SN_rc5_cbc		"RC5-CBC"

-#define LN_rc5_cbc		"rc5-cbc"

-#define NID_rc5_cbc		120

-#define OBJ_rc5_cbc		OBJ_rsadsi,3L,8L

-#define SN_rc5_ecb		"RC5-ECB"

-#define LN_rc5_ecb		"rc5-ecb"

-#define NID_rc5_ecb		121

-#define SN_rc5_cfb64		"RC5-CFB"

-#define LN_rc5_cfb64		"rc5-cfb"

-#define NID_rc5_cfb64		122

-#define SN_rc5_ofb64		"RC5-OFB"

-#define LN_rc5_ofb64		"rc5-ofb"

-#define NID_rc5_ofb64		123

-#define SN_ms_ext_req		"msExtReq"

-#define LN_ms_ext_req		"Microsoft Extension Request"

-#define NID_ms_ext_req		171

-#define OBJ_ms_ext_req		1L,3L,6L,1L,4L,1L,311L,2L,1L,14L

-#define SN_ms_code_ind		"msCodeInd"

-#define LN_ms_code_ind		"Microsoft Individual Code Signing"

-#define NID_ms_code_ind		134

-#define OBJ_ms_code_ind		1L,3L,6L,1L,4L,1L,311L,2L,1L,21L

-#define SN_ms_code_com		"msCodeCom"

-#define LN_ms_code_com		"Microsoft Commercial Code Signing"

-#define NID_ms_code_com		135

-#define OBJ_ms_code_com		1L,3L,6L,1L,4L,1L,311L,2L,1L,22L

-#define SN_ms_ctl_sign		"msCTLSign"

-#define LN_ms_ctl_sign		"Microsoft Trust List Signing"

-#define NID_ms_ctl_sign		136

-#define OBJ_ms_ctl_sign		1L,3L,6L,1L,4L,1L,311L,10L,3L,1L

-#define SN_ms_sgc		"msSGC"

-#define LN_ms_sgc		"Microsoft Server Gated Crypto"

-#define NID_ms_sgc		137

-#define OBJ_ms_sgc		1L,3L,6L,1L,4L,1L,311L,10L,3L,3L

-#define SN_ms_efs		"msEFS"

-#define LN_ms_efs		"Microsoft Encrypted File System"

-#define NID_ms_efs		138

-#define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L

-#define SN_ms_smartcard_login		"msSmartcardLogin"

-#define LN_ms_smartcard_login		"Microsoft Smartcardlogin"

-#define NID_ms_smartcard_login		648

-#define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L

-#define SN_ms_upn		"msUPN"

-#define LN_ms_upn		"Microsoft Universal Principal Name"

-#define NID_ms_upn		649

-#define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L

-#define SN_idea_cbc		"IDEA-CBC"

-#define LN_idea_cbc		"idea-cbc"

-#define NID_idea_cbc		34

-#define OBJ_idea_cbc		1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L

-#define SN_idea_ecb		"IDEA-ECB"

-#define LN_idea_ecb		"idea-ecb"

-#define NID_idea_ecb		36

-#define SN_idea_cfb64		"IDEA-CFB"

-#define LN_idea_cfb64		"idea-cfb"

-#define NID_idea_cfb64		35

-#define SN_idea_ofb64		"IDEA-OFB"

-#define LN_idea_ofb64		"idea-ofb"

-#define NID_idea_ofb64		46

-#define SN_bf_cbc		"BF-CBC"

-#define LN_bf_cbc		"bf-cbc"

-#define NID_bf_cbc		91

-#define OBJ_bf_cbc		1L,3L,6L,1L,4L,1L,3029L,1L,2L

-#define SN_bf_ecb		"BF-ECB"

-#define LN_bf_ecb		"bf-ecb"

-#define NID_bf_ecb		92

-#define SN_bf_cfb64		"BF-CFB"

-#define LN_bf_cfb64		"bf-cfb"

-#define NID_bf_cfb64		93

-#define SN_bf_ofb64		"BF-OFB"

-#define LN_bf_ofb64		"bf-ofb"

-#define NID_bf_ofb64		94

-#define SN_id_pkix		"PKIX"

-#define NID_id_pkix		127

-#define OBJ_id_pkix		1L,3L,6L,1L,5L,5L,7L

-#define SN_id_pkix_mod		"id-pkix-mod"

-#define NID_id_pkix_mod		258

-#define OBJ_id_pkix_mod		OBJ_id_pkix,0L

-#define SN_id_pe		"id-pe"

-#define NID_id_pe		175

-#define OBJ_id_pe		OBJ_id_pkix,1L

-#define SN_id_qt		"id-qt"

-#define NID_id_qt		259

-#define OBJ_id_qt		OBJ_id_pkix,2L

-#define SN_id_kp		"id-kp"

-#define NID_id_kp		128

-#define OBJ_id_kp		OBJ_id_pkix,3L

-#define SN_id_it		"id-it"

-#define NID_id_it		260

-#define OBJ_id_it		OBJ_id_pkix,4L

-#define SN_id_pkip		"id-pkip"

-#define NID_id_pkip		261

-#define OBJ_id_pkip		OBJ_id_pkix,5L

-#define SN_id_alg		"id-alg"

-#define NID_id_alg		262

-#define OBJ_id_alg		OBJ_id_pkix,6L

-#define SN_id_cmc		"id-cmc"

-#define NID_id_cmc		263

-#define OBJ_id_cmc		OBJ_id_pkix,7L

-#define SN_id_on		"id-on"

-#define NID_id_on		264

-#define OBJ_id_on		OBJ_id_pkix,8L

-#define SN_id_pda		"id-pda"

-#define NID_id_pda		265

-#define OBJ_id_pda		OBJ_id_pkix,9L

-#define SN_id_aca		"id-aca"

-#define NID_id_aca		266

-#define OBJ_id_aca		OBJ_id_pkix,10L

-#define SN_id_qcs		"id-qcs"

-#define NID_id_qcs		267

-#define OBJ_id_qcs		OBJ_id_pkix,11L

-#define SN_id_cct		"id-cct"

-#define NID_id_cct		268

-#define OBJ_id_cct		OBJ_id_pkix,12L

-#define SN_id_ppl		"id-ppl"

-#define NID_id_ppl		662

-#define OBJ_id_ppl		OBJ_id_pkix,21L

-#define SN_id_ad		"id-ad"

-#define NID_id_ad		176

-#define OBJ_id_ad		OBJ_id_pkix,48L

-#define SN_id_pkix1_explicit_88		"id-pkix1-explicit-88"

-#define NID_id_pkix1_explicit_88		269

-#define OBJ_id_pkix1_explicit_88		OBJ_id_pkix_mod,1L

-#define SN_id_pkix1_implicit_88		"id-pkix1-implicit-88"

-#define NID_id_pkix1_implicit_88		270

-#define OBJ_id_pkix1_implicit_88		OBJ_id_pkix_mod,2L

-#define SN_id_pkix1_explicit_93		"id-pkix1-explicit-93"

-#define NID_id_pkix1_explicit_93		271

-#define OBJ_id_pkix1_explicit_93		OBJ_id_pkix_mod,3L

-#define SN_id_pkix1_implicit_93		"id-pkix1-implicit-93"

-#define NID_id_pkix1_implicit_93		272

-#define OBJ_id_pkix1_implicit_93		OBJ_id_pkix_mod,4L

-#define SN_id_mod_crmf		"id-mod-crmf"

-#define NID_id_mod_crmf		273

-#define OBJ_id_mod_crmf		OBJ_id_pkix_mod,5L

-#define SN_id_mod_cmc		"id-mod-cmc"

-#define NID_id_mod_cmc		274

-#define OBJ_id_mod_cmc		OBJ_id_pkix_mod,6L

-#define SN_id_mod_kea_profile_88		"id-mod-kea-profile-88"

-#define NID_id_mod_kea_profile_88		275

-#define OBJ_id_mod_kea_profile_88		OBJ_id_pkix_mod,7L

-#define SN_id_mod_kea_profile_93		"id-mod-kea-profile-93"

-#define NID_id_mod_kea_profile_93		276

-#define OBJ_id_mod_kea_profile_93		OBJ_id_pkix_mod,8L

-#define SN_id_mod_cmp		"id-mod-cmp"

-#define NID_id_mod_cmp		277

-#define OBJ_id_mod_cmp		OBJ_id_pkix_mod,9L

-#define SN_id_mod_qualified_cert_88		"id-mod-qualified-cert-88"

-#define NID_id_mod_qualified_cert_88		278

-#define OBJ_id_mod_qualified_cert_88		OBJ_id_pkix_mod,10L

-#define SN_id_mod_qualified_cert_93		"id-mod-qualified-cert-93"

-#define NID_id_mod_qualified_cert_93		279

-#define OBJ_id_mod_qualified_cert_93		OBJ_id_pkix_mod,11L

-#define SN_id_mod_attribute_cert		"id-mod-attribute-cert"

-#define NID_id_mod_attribute_cert		280

-#define OBJ_id_mod_attribute_cert		OBJ_id_pkix_mod,12L

-#define SN_id_mod_timestamp_protocol		"id-mod-timestamp-protocol"

-#define NID_id_mod_timestamp_protocol		281

-#define OBJ_id_mod_timestamp_protocol		OBJ_id_pkix_mod,13L

-#define SN_id_mod_ocsp		"id-mod-ocsp"

-#define NID_id_mod_ocsp		282

-#define OBJ_id_mod_ocsp		OBJ_id_pkix_mod,14L

-#define SN_id_mod_dvcs		"id-mod-dvcs"

-#define NID_id_mod_dvcs		283

-#define OBJ_id_mod_dvcs		OBJ_id_pkix_mod,15L

-#define SN_id_mod_cmp2000		"id-mod-cmp2000"

-#define NID_id_mod_cmp2000		284

-#define OBJ_id_mod_cmp2000		OBJ_id_pkix_mod,16L

-#define SN_info_access		"authorityInfoAccess"

-#define LN_info_access		"Authority Information Access"

-#define NID_info_access		177

-#define OBJ_info_access		OBJ_id_pe,1L

-#define SN_biometricInfo		"biometricInfo"

-#define LN_biometricInfo		"Biometric Info"

-#define NID_biometricInfo		285

-#define OBJ_biometricInfo		OBJ_id_pe,2L

-#define SN_qcStatements		"qcStatements"

-#define NID_qcStatements		286

-#define OBJ_qcStatements		OBJ_id_pe,3L

-#define SN_ac_auditEntity		"ac-auditEntity"

-#define NID_ac_auditEntity		287

-#define OBJ_ac_auditEntity		OBJ_id_pe,4L

-#define SN_ac_targeting		"ac-targeting"

-#define NID_ac_targeting		288

-#define OBJ_ac_targeting		OBJ_id_pe,5L

-#define SN_aaControls		"aaControls"

-#define NID_aaControls		289

-#define OBJ_aaControls		OBJ_id_pe,6L

-#define SN_sbgp_ipAddrBlock		"sbgp-ipAddrBlock"

-#define NID_sbgp_ipAddrBlock		290

-#define OBJ_sbgp_ipAddrBlock		OBJ_id_pe,7L

-#define SN_sbgp_autonomousSysNum		"sbgp-autonomousSysNum"

-#define NID_sbgp_autonomousSysNum		291

-#define OBJ_sbgp_autonomousSysNum		OBJ_id_pe,8L

-#define SN_sbgp_routerIdentifier		"sbgp-routerIdentifier"

-#define NID_sbgp_routerIdentifier		292

-#define OBJ_sbgp_routerIdentifier		OBJ_id_pe,9L

-#define SN_ac_proxying		"ac-proxying"

-#define NID_ac_proxying		397

-#define OBJ_ac_proxying		OBJ_id_pe,10L

-#define SN_sinfo_access		"subjectInfoAccess"

-#define LN_sinfo_access		"Subject Information Access"

-#define NID_sinfo_access		398

-#define OBJ_sinfo_access		OBJ_id_pe,11L

-#define SN_proxyCertInfo		"proxyCertInfo"

-#define LN_proxyCertInfo		"Proxy Certificate Information"

-#define NID_proxyCertInfo		663

-#define OBJ_proxyCertInfo		OBJ_id_pe,14L

-#define SN_id_qt_cps		"id-qt-cps"

-#define LN_id_qt_cps		"Policy Qualifier CPS"

-#define NID_id_qt_cps		164

-#define OBJ_id_qt_cps		OBJ_id_qt,1L

-#define SN_id_qt_unotice		"id-qt-unotice"

-#define LN_id_qt_unotice		"Policy Qualifier User Notice"

-#define NID_id_qt_unotice		165

-#define OBJ_id_qt_unotice		OBJ_id_qt,2L

-#define SN_textNotice		"textNotice"

-#define NID_textNotice		293

-#define OBJ_textNotice		OBJ_id_qt,3L

-#define SN_server_auth		"serverAuth"

-#define LN_server_auth		"TLS Web Server Authentication"

-#define NID_server_auth		129

-#define OBJ_server_auth		OBJ_id_kp,1L

-#define SN_client_auth		"clientAuth"

-#define LN_client_auth		"TLS Web Client Authentication"

-#define NID_client_auth		130

-#define OBJ_client_auth		OBJ_id_kp,2L

-#define SN_code_sign		"codeSigning"

-#define LN_code_sign		"Code Signing"

-#define NID_code_sign		131

-#define OBJ_code_sign		OBJ_id_kp,3L

-#define SN_email_protect		"emailProtection"

-#define LN_email_protect		"E-mail Protection"

-#define NID_email_protect		132

-#define OBJ_email_protect		OBJ_id_kp,4L

-#define SN_ipsecEndSystem		"ipsecEndSystem"

-#define LN_ipsecEndSystem		"IPSec End System"

-#define NID_ipsecEndSystem		294

-#define OBJ_ipsecEndSystem		OBJ_id_kp,5L

-#define SN_ipsecTunnel		"ipsecTunnel"

-#define LN_ipsecTunnel		"IPSec Tunnel"

-#define NID_ipsecTunnel		295

-#define OBJ_ipsecTunnel		OBJ_id_kp,6L

-#define SN_ipsecUser		"ipsecUser"

-#define LN_ipsecUser		"IPSec User"

-#define NID_ipsecUser		296

-#define OBJ_ipsecUser		OBJ_id_kp,7L

-#define SN_time_stamp		"timeStamping"

-#define LN_time_stamp		"Time Stamping"

-#define NID_time_stamp		133

-#define OBJ_time_stamp		OBJ_id_kp,8L

-#define SN_OCSP_sign		"OCSPSigning"

-#define LN_OCSP_sign		"OCSP Signing"

-#define NID_OCSP_sign		180

-#define OBJ_OCSP_sign		OBJ_id_kp,9L

-#define SN_dvcs		"DVCS"

-#define LN_dvcs		"dvcs"

-#define NID_dvcs		297

-#define OBJ_dvcs		OBJ_id_kp,10L

-#define SN_id_it_caProtEncCert		"id-it-caProtEncCert"

-#define NID_id_it_caProtEncCert		298

-#define OBJ_id_it_caProtEncCert		OBJ_id_it,1L

-#define SN_id_it_signKeyPairTypes		"id-it-signKeyPairTypes"

-#define NID_id_it_signKeyPairTypes		299

-#define OBJ_id_it_signKeyPairTypes		OBJ_id_it,2L

-#define SN_id_it_encKeyPairTypes		"id-it-encKeyPairTypes"

-#define NID_id_it_encKeyPairTypes		300

-#define OBJ_id_it_encKeyPairTypes		OBJ_id_it,3L

-#define SN_id_it_preferredSymmAlg		"id-it-preferredSymmAlg"

-#define NID_id_it_preferredSymmAlg		301

-#define OBJ_id_it_preferredSymmAlg		OBJ_id_it,4L

-#define SN_id_it_caKeyUpdateInfo		"id-it-caKeyUpdateInfo"

-#define NID_id_it_caKeyUpdateInfo		302

-#define OBJ_id_it_caKeyUpdateInfo		OBJ_id_it,5L

-#define SN_id_it_currentCRL		"id-it-currentCRL"

-#define NID_id_it_currentCRL		303

-#define OBJ_id_it_currentCRL		OBJ_id_it,6L

-#define SN_id_it_unsupportedOIDs		"id-it-unsupportedOIDs"

-#define NID_id_it_unsupportedOIDs		304

-#define OBJ_id_it_unsupportedOIDs		OBJ_id_it,7L

-#define SN_id_it_subscriptionRequest		"id-it-subscriptionRequest"

-#define NID_id_it_subscriptionRequest		305

-#define OBJ_id_it_subscriptionRequest		OBJ_id_it,8L

-#define SN_id_it_subscriptionResponse		"id-it-subscriptionResponse"

-#define NID_id_it_subscriptionResponse		306

-#define OBJ_id_it_subscriptionResponse		OBJ_id_it,9L

-#define SN_id_it_keyPairParamReq		"id-it-keyPairParamReq"

-#define NID_id_it_keyPairParamReq		307

-#define OBJ_id_it_keyPairParamReq		OBJ_id_it,10L

-#define SN_id_it_keyPairParamRep		"id-it-keyPairParamRep"

-#define NID_id_it_keyPairParamRep		308

-#define OBJ_id_it_keyPairParamRep		OBJ_id_it,11L

-#define SN_id_it_revPassphrase		"id-it-revPassphrase"

-#define NID_id_it_revPassphrase		309

-#define OBJ_id_it_revPassphrase		OBJ_id_it,12L

-#define SN_id_it_implicitConfirm		"id-it-implicitConfirm"

-#define NID_id_it_implicitConfirm		310

-#define OBJ_id_it_implicitConfirm		OBJ_id_it,13L

-#define SN_id_it_confirmWaitTime		"id-it-confirmWaitTime"

-#define NID_id_it_confirmWaitTime		311

-#define OBJ_id_it_confirmWaitTime		OBJ_id_it,14L

-#define SN_id_it_origPKIMessage		"id-it-origPKIMessage"

-#define NID_id_it_origPKIMessage		312

-#define OBJ_id_it_origPKIMessage		OBJ_id_it,15L

-#define SN_id_regCtrl		"id-regCtrl"

-#define NID_id_regCtrl		313

-#define OBJ_id_regCtrl		OBJ_id_pkip,1L

-#define SN_id_regInfo		"id-regInfo"

-#define NID_id_regInfo		314

-#define OBJ_id_regInfo		OBJ_id_pkip,2L

-#define SN_id_regCtrl_regToken		"id-regCtrl-regToken"

-#define NID_id_regCtrl_regToken		315

-#define OBJ_id_regCtrl_regToken		OBJ_id_regCtrl,1L

-#define SN_id_regCtrl_authenticator		"id-regCtrl-authenticator"

-#define NID_id_regCtrl_authenticator		316

-#define OBJ_id_regCtrl_authenticator		OBJ_id_regCtrl,2L

-#define SN_id_regCtrl_pkiPublicationInfo		"id-regCtrl-pkiPublicationInfo"

-#define NID_id_regCtrl_pkiPublicationInfo		317

-#define OBJ_id_regCtrl_pkiPublicationInfo		OBJ_id_regCtrl,3L

-#define SN_id_regCtrl_pkiArchiveOptions		"id-regCtrl-pkiArchiveOptions"

-#define NID_id_regCtrl_pkiArchiveOptions		318

-#define OBJ_id_regCtrl_pkiArchiveOptions		OBJ_id_regCtrl,4L

-#define SN_id_regCtrl_oldCertID		"id-regCtrl-oldCertID"

-#define NID_id_regCtrl_oldCertID		319

-#define OBJ_id_regCtrl_oldCertID		OBJ_id_regCtrl,5L

-#define SN_id_regCtrl_protocolEncrKey		"id-regCtrl-protocolEncrKey"

-#define NID_id_regCtrl_protocolEncrKey		320

-#define OBJ_id_regCtrl_protocolEncrKey		OBJ_id_regCtrl,6L

-#define SN_id_regInfo_utf8Pairs		"id-regInfo-utf8Pairs"

-#define NID_id_regInfo_utf8Pairs		321

-#define OBJ_id_regInfo_utf8Pairs		OBJ_id_regInfo,1L

-#define SN_id_regInfo_certReq		"id-regInfo-certReq"

-#define NID_id_regInfo_certReq		322

-#define OBJ_id_regInfo_certReq		OBJ_id_regInfo,2L

-#define SN_id_alg_des40		"id-alg-des40"

-#define NID_id_alg_des40		323

-#define OBJ_id_alg_des40		OBJ_id_alg,1L

-#define SN_id_alg_noSignature		"id-alg-noSignature"

-#define NID_id_alg_noSignature		324

-#define OBJ_id_alg_noSignature		OBJ_id_alg,2L

-#define SN_id_alg_dh_sig_hmac_sha1		"id-alg-dh-sig-hmac-sha1"

-#define NID_id_alg_dh_sig_hmac_sha1		325

-#define OBJ_id_alg_dh_sig_hmac_sha1		OBJ_id_alg,3L

-#define SN_id_alg_dh_pop		"id-alg-dh-pop"

-#define NID_id_alg_dh_pop		326

-#define OBJ_id_alg_dh_pop		OBJ_id_alg,4L

-#define SN_id_cmc_statusInfo		"id-cmc-statusInfo"

-#define NID_id_cmc_statusInfo		327

-#define OBJ_id_cmc_statusInfo		OBJ_id_cmc,1L

-#define SN_id_cmc_identification		"id-cmc-identification"

-#define NID_id_cmc_identification		328

-#define OBJ_id_cmc_identification		OBJ_id_cmc,2L

-#define SN_id_cmc_identityProof		"id-cmc-identityProof"

-#define NID_id_cmc_identityProof		329

-#define OBJ_id_cmc_identityProof		OBJ_id_cmc,3L

-#define SN_id_cmc_dataReturn		"id-cmc-dataReturn"

-#define NID_id_cmc_dataReturn		330

-#define OBJ_id_cmc_dataReturn		OBJ_id_cmc,4L

-#define SN_id_cmc_transactionId		"id-cmc-transactionId"

-#define NID_id_cmc_transactionId		331

-#define OBJ_id_cmc_transactionId		OBJ_id_cmc,5L

-#define SN_id_cmc_senderNonce		"id-cmc-senderNonce"

-#define NID_id_cmc_senderNonce		332

-#define OBJ_id_cmc_senderNonce		OBJ_id_cmc,6L

-#define SN_id_cmc_recipientNonce		"id-cmc-recipientNonce"

-#define NID_id_cmc_recipientNonce		333

-#define OBJ_id_cmc_recipientNonce		OBJ_id_cmc,7L

-#define SN_id_cmc_addExtensions		"id-cmc-addExtensions"

-#define NID_id_cmc_addExtensions		334

-#define OBJ_id_cmc_addExtensions		OBJ_id_cmc,8L

-#define SN_id_cmc_encryptedPOP		"id-cmc-encryptedPOP"

-#define NID_id_cmc_encryptedPOP		335

-#define OBJ_id_cmc_encryptedPOP		OBJ_id_cmc,9L

-#define SN_id_cmc_decryptedPOP		"id-cmc-decryptedPOP"

-#define NID_id_cmc_decryptedPOP		336

-#define OBJ_id_cmc_decryptedPOP		OBJ_id_cmc,10L

-#define SN_id_cmc_lraPOPWitness		"id-cmc-lraPOPWitness"

-#define NID_id_cmc_lraPOPWitness		337

-#define OBJ_id_cmc_lraPOPWitness		OBJ_id_cmc,11L

-#define SN_id_cmc_getCert		"id-cmc-getCert"

-#define NID_id_cmc_getCert		338

-#define OBJ_id_cmc_getCert		OBJ_id_cmc,15L

-#define SN_id_cmc_getCRL		"id-cmc-getCRL"

-#define NID_id_cmc_getCRL		339

-#define OBJ_id_cmc_getCRL		OBJ_id_cmc,16L

-#define SN_id_cmc_revokeRequest		"id-cmc-revokeRequest"

-#define NID_id_cmc_revokeRequest		340

-#define OBJ_id_cmc_revokeRequest		OBJ_id_cmc,17L

-#define SN_id_cmc_regInfo		"id-cmc-regInfo"

-#define NID_id_cmc_regInfo		341

-#define OBJ_id_cmc_regInfo		OBJ_id_cmc,18L

-#define SN_id_cmc_responseInfo		"id-cmc-responseInfo"

-#define NID_id_cmc_responseInfo		342

-#define OBJ_id_cmc_responseInfo		OBJ_id_cmc,19L

-#define SN_id_cmc_queryPending		"id-cmc-queryPending"

-#define NID_id_cmc_queryPending		343

-#define OBJ_id_cmc_queryPending		OBJ_id_cmc,21L

-#define SN_id_cmc_popLinkRandom		"id-cmc-popLinkRandom"

-#define NID_id_cmc_popLinkRandom		344

-#define OBJ_id_cmc_popLinkRandom		OBJ_id_cmc,22L

-#define SN_id_cmc_popLinkWitness		"id-cmc-popLinkWitness"

-#define NID_id_cmc_popLinkWitness		345

-#define OBJ_id_cmc_popLinkWitness		OBJ_id_cmc,23L

-#define SN_id_cmc_confirmCertAcceptance		"id-cmc-confirmCertAcceptance"

-#define NID_id_cmc_confirmCertAcceptance		346

-#define OBJ_id_cmc_confirmCertAcceptance		OBJ_id_cmc,24L

-#define SN_id_on_personalData		"id-on-personalData"

-#define NID_id_on_personalData		347

-#define OBJ_id_on_personalData		OBJ_id_on,1L

-#define SN_id_pda_dateOfBirth		"id-pda-dateOfBirth"

-#define NID_id_pda_dateOfBirth		348

-#define OBJ_id_pda_dateOfBirth		OBJ_id_pda,1L

-#define SN_id_pda_placeOfBirth		"id-pda-placeOfBirth"

-#define NID_id_pda_placeOfBirth		349

-#define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L

-#define SN_id_pda_gender		"id-pda-gender"

-#define NID_id_pda_gender		351

-#define OBJ_id_pda_gender		OBJ_id_pda,3L

-#define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"

-#define NID_id_pda_countryOfCitizenship		352

-#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L

-#define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"

-#define NID_id_pda_countryOfResidence		353

-#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L

-#define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"

-#define NID_id_aca_authenticationInfo		354

-#define OBJ_id_aca_authenticationInfo		OBJ_id_aca,1L

-#define SN_id_aca_accessIdentity		"id-aca-accessIdentity"

-#define NID_id_aca_accessIdentity		355

-#define OBJ_id_aca_accessIdentity		OBJ_id_aca,2L

-#define SN_id_aca_chargingIdentity		"id-aca-chargingIdentity"

-#define NID_id_aca_chargingIdentity		356

-#define OBJ_id_aca_chargingIdentity		OBJ_id_aca,3L

-#define SN_id_aca_group		"id-aca-group"

-#define NID_id_aca_group		357

-#define OBJ_id_aca_group		OBJ_id_aca,4L

-#define SN_id_aca_role		"id-aca-role"

-#define NID_id_aca_role		358

-#define OBJ_id_aca_role		OBJ_id_aca,5L

-#define SN_id_aca_encAttrs		"id-aca-encAttrs"

-#define NID_id_aca_encAttrs		399

-#define OBJ_id_aca_encAttrs		OBJ_id_aca,6L

-#define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"

-#define NID_id_qcs_pkixQCSyntax_v1		359

-#define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L

-#define SN_id_cct_crs		"id-cct-crs"

-#define NID_id_cct_crs		360

-#define OBJ_id_cct_crs		OBJ_id_cct,1L

-#define SN_id_cct_PKIData		"id-cct-PKIData"

-#define NID_id_cct_PKIData		361

-#define OBJ_id_cct_PKIData		OBJ_id_cct,2L

-#define SN_id_cct_PKIResponse		"id-cct-PKIResponse"

-#define NID_id_cct_PKIResponse		362

-#define OBJ_id_cct_PKIResponse		OBJ_id_cct,3L

-#define SN_id_ppl_anyLanguage		"id-ppl-anyLanguage"

-#define LN_id_ppl_anyLanguage		"Any language"

-#define NID_id_ppl_anyLanguage		664

-#define OBJ_id_ppl_anyLanguage		OBJ_id_ppl,0L

-#define SN_id_ppl_inheritAll		"id-ppl-inheritAll"

-#define LN_id_ppl_inheritAll		"Inherit all"

-#define NID_id_ppl_inheritAll		665

-#define OBJ_id_ppl_inheritAll		OBJ_id_ppl,1L

-#define SN_Independent		"id-ppl-independent"

-#define LN_Independent		"Independent"

-#define NID_Independent		667

-#define OBJ_Independent		OBJ_id_ppl,2L

-#define SN_ad_OCSP		"OCSP"

-#define LN_ad_OCSP		"OCSP"

-#define NID_ad_OCSP		178

-#define OBJ_ad_OCSP		OBJ_id_ad,1L

-#define SN_ad_ca_issuers		"caIssuers"

-#define LN_ad_ca_issuers		"CA Issuers"

-#define NID_ad_ca_issuers		179

-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L

-#define SN_ad_timeStamping		"ad_timestamping"

-#define LN_ad_timeStamping		"AD Time Stamping"

-#define NID_ad_timeStamping		363

-#define OBJ_ad_timeStamping		OBJ_id_ad,3L

-#define SN_ad_dvcs		"AD_DVCS"

-#define LN_ad_dvcs		"ad dvcs"

-#define NID_ad_dvcs		364

-#define OBJ_ad_dvcs		OBJ_id_ad,4L

-#define OBJ_id_pkix_OCSP		OBJ_ad_OCSP

-#define SN_id_pkix_OCSP_basic		"basicOCSPResponse"

-#define LN_id_pkix_OCSP_basic		"Basic OCSP Response"

-#define NID_id_pkix_OCSP_basic		365

-#define OBJ_id_pkix_OCSP_basic		OBJ_id_pkix_OCSP,1L

-#define SN_id_pkix_OCSP_Nonce		"Nonce"

-#define LN_id_pkix_OCSP_Nonce		"OCSP Nonce"

-#define NID_id_pkix_OCSP_Nonce		366

-#define OBJ_id_pkix_OCSP_Nonce		OBJ_id_pkix_OCSP,2L

-#define SN_id_pkix_OCSP_CrlID		"CrlID"

-#define LN_id_pkix_OCSP_CrlID		"OCSP CRL ID"

-#define NID_id_pkix_OCSP_CrlID		367

-#define OBJ_id_pkix_OCSP_CrlID		OBJ_id_pkix_OCSP,3L

-#define SN_id_pkix_OCSP_acceptableResponses		"acceptableResponses"

-#define LN_id_pkix_OCSP_acceptableResponses		"Acceptable OCSP Responses"

-#define NID_id_pkix_OCSP_acceptableResponses		368

-#define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L

-#define SN_id_pkix_OCSP_noCheck		"noCheck"

-#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"

-#define NID_id_pkix_OCSP_noCheck		369

-#define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L

-#define SN_id_pkix_OCSP_archiveCutoff		"archiveCutoff"

-#define LN_id_pkix_OCSP_archiveCutoff		"OCSP Archive Cutoff"

-#define NID_id_pkix_OCSP_archiveCutoff		370

-#define OBJ_id_pkix_OCSP_archiveCutoff		OBJ_id_pkix_OCSP,6L

-#define SN_id_pkix_OCSP_serviceLocator		"serviceLocator"

-#define LN_id_pkix_OCSP_serviceLocator		"OCSP Service Locator"

-#define NID_id_pkix_OCSP_serviceLocator		371

-#define OBJ_id_pkix_OCSP_serviceLocator		OBJ_id_pkix_OCSP,7L

-#define SN_id_pkix_OCSP_extendedStatus		"extendedStatus"

-#define LN_id_pkix_OCSP_extendedStatus		"Extended OCSP Status"

-#define NID_id_pkix_OCSP_extendedStatus		372

-#define OBJ_id_pkix_OCSP_extendedStatus		OBJ_id_pkix_OCSP,8L

-#define SN_id_pkix_OCSP_valid		"valid"

-#define NID_id_pkix_OCSP_valid		373

-#define OBJ_id_pkix_OCSP_valid		OBJ_id_pkix_OCSP,9L

-#define SN_id_pkix_OCSP_path		"path"

-#define NID_id_pkix_OCSP_path		374

-#define OBJ_id_pkix_OCSP_path		OBJ_id_pkix_OCSP,10L

-#define SN_id_pkix_OCSP_trustRoot		"trustRoot"

-#define LN_id_pkix_OCSP_trustRoot		"Trust Root"

-#define NID_id_pkix_OCSP_trustRoot		375

-#define OBJ_id_pkix_OCSP_trustRoot		OBJ_id_pkix_OCSP,11L

-#define SN_algorithm		"algorithm"

-#define LN_algorithm		"algorithm"

-#define NID_algorithm		376

-#define OBJ_algorithm		1L,3L,14L,3L,2L

-#define SN_md5WithRSA		"RSA-NP-MD5"

-#define LN_md5WithRSA		"md5WithRSA"

-#define NID_md5WithRSA		104

-#define OBJ_md5WithRSA		OBJ_algorithm,3L

-#define SN_des_ecb		"DES-ECB"

-#define LN_des_ecb		"des-ecb"

-#define NID_des_ecb		29

-#define OBJ_des_ecb		OBJ_algorithm,6L

-#define SN_des_cbc		"DES-CBC"

-#define LN_des_cbc		"des-cbc"

-#define NID_des_cbc		31

-#define OBJ_des_cbc		OBJ_algorithm,7L

-#define SN_des_ofb64		"DES-OFB"

-#define LN_des_ofb64		"des-ofb"

-#define NID_des_ofb64		45

-#define OBJ_des_ofb64		OBJ_algorithm,8L

-#define SN_des_cfb64		"DES-CFB"

-#define LN_des_cfb64		"des-cfb"

-#define NID_des_cfb64		30

-#define OBJ_des_cfb64		OBJ_algorithm,9L

-#define SN_rsaSignature		"rsaSignature"

-#define NID_rsaSignature		377

-#define OBJ_rsaSignature		OBJ_algorithm,11L

-#define SN_dsa_2		"DSA-old"

-#define LN_dsa_2		"dsaEncryption-old"

-#define NID_dsa_2		67

-#define OBJ_dsa_2		OBJ_algorithm,12L

-#define SN_dsaWithSHA		"DSA-SHA"

-#define LN_dsaWithSHA		"dsaWithSHA"

-#define NID_dsaWithSHA		66

-#define OBJ_dsaWithSHA		OBJ_algorithm,13L

-#define SN_shaWithRSAEncryption		"RSA-SHA"

-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"

-#define NID_shaWithRSAEncryption		42

-#define OBJ_shaWithRSAEncryption		OBJ_algorithm,15L

-#define SN_des_ede_ecb		"DES-EDE"

-#define LN_des_ede_ecb		"des-ede"

-#define NID_des_ede_ecb		32

-#define OBJ_des_ede_ecb		OBJ_algorithm,17L

-#define SN_des_ede3_ecb		"DES-EDE3"

-#define LN_des_ede3_ecb		"des-ede3"

-#define NID_des_ede3_ecb		33

-#define SN_des_ede_cbc		"DES-EDE-CBC"

-#define LN_des_ede_cbc		"des-ede-cbc"

-#define NID_des_ede_cbc		43

-#define SN_des_ede_cfb64		"DES-EDE-CFB"

-#define LN_des_ede_cfb64		"des-ede-cfb"

-#define NID_des_ede_cfb64		60

-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"

-#define LN_des_ede3_cfb64		"des-ede3-cfb"

-#define NID_des_ede3_cfb64		61

-#define SN_des_ede_ofb64		"DES-EDE-OFB"

-#define LN_des_ede_ofb64		"des-ede-ofb"

-#define NID_des_ede_ofb64		62

-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"

-#define LN_des_ede3_ofb64		"des-ede3-ofb"

-#define NID_des_ede3_ofb64		63

-#define SN_desx_cbc		"DESX-CBC"

-#define LN_desx_cbc		"desx-cbc"

-#define NID_desx_cbc		80

-#define SN_sha		"SHA"

-#define LN_sha		"sha"

-#define NID_sha		41

-#define OBJ_sha		OBJ_algorithm,18L

-#define SN_sha1		"SHA1"

-#define LN_sha1		"sha1"

-#define NID_sha1		64

-#define OBJ_sha1		OBJ_algorithm,26L

-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"

-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"

-#define NID_dsaWithSHA1_2		70

-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L

-#define SN_sha1WithRSA		"RSA-SHA1-2"

-#define LN_sha1WithRSA		"sha1WithRSA"

-#define NID_sha1WithRSA		115

-#define OBJ_sha1WithRSA		OBJ_algorithm,29L

-#define SN_ripemd160		"RIPEMD160"

-#define LN_ripemd160		"ripemd160"

-#define NID_ripemd160		117

-#define OBJ_ripemd160		1L,3L,36L,3L,2L,1L

-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"

-#define LN_ripemd160WithRSA		"ripemd160WithRSA"

-#define NID_ripemd160WithRSA		119

-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L

-#define SN_sxnet		"SXNetID"

-#define LN_sxnet		"Strong Extranet ID"

-#define NID_sxnet		143

-#define OBJ_sxnet		1L,3L,101L,1L,4L,1L

-#define SN_X500		"X500"

-#define LN_X500		"directory services (X.500)"

-#define NID_X500		11

-#define OBJ_X500		2L,5L

-#define SN_X509		"X509"

-#define NID_X509		12

-#define OBJ_X509		OBJ_X500,4L

-#define SN_commonName		"CN"

-#define LN_commonName		"commonName"

-#define NID_commonName		13

-#define OBJ_commonName		OBJ_X509,3L

-#define SN_surname		"SN"

-#define LN_surname		"surname"

-#define NID_surname		100

-#define OBJ_surname		OBJ_X509,4L

-#define LN_serialNumber		"serialNumber"

-#define NID_serialNumber		105

-#define OBJ_serialNumber		OBJ_X509,5L

-#define SN_countryName		"C"

-#define LN_countryName		"countryName"

-#define NID_countryName		14

-#define OBJ_countryName		OBJ_X509,6L

-#define SN_localityName		"L"

-#define LN_localityName		"localityName"

-#define NID_localityName		15

-#define OBJ_localityName		OBJ_X509,7L

-#define SN_stateOrProvinceName		"ST"

-#define LN_stateOrProvinceName		"stateOrProvinceName"

-#define NID_stateOrProvinceName		16

-#define OBJ_stateOrProvinceName		OBJ_X509,8L

-#define LN_streetAddress		"streetAddress"

-#define NID_streetAddress		660

-#define OBJ_streetAddress		OBJ_X509,9L

-#define SN_organizationName		"O"

-#define LN_organizationName		"organizationName"

-#define NID_organizationName		17

-#define OBJ_organizationName		OBJ_X509,10L

-#define SN_organizationalUnitName		"OU"

-#define LN_organizationalUnitName		"organizationalUnitName"

-#define NID_organizationalUnitName		18

-#define OBJ_organizationalUnitName		OBJ_X509,11L

-#define LN_title		"title"

-#define NID_title		106

-#define OBJ_title		OBJ_X509,12L

-#define LN_description		"description"

-#define NID_description		107

-#define OBJ_description		OBJ_X509,13L

-#define LN_postalCode		"postalCode"

-#define NID_postalCode		661

-#define OBJ_postalCode		OBJ_X509,17L

-#define SN_name		"name"

-#define LN_name		"name"

-#define NID_name		173

-#define OBJ_name		OBJ_X509,41L

-#define SN_givenName		"GN"

-#define LN_givenName		"givenName"

-#define NID_givenName		99

-#define OBJ_givenName		OBJ_X509,42L

-#define LN_initials		"initials"

-#define NID_initials		101

-#define OBJ_initials		OBJ_X509,43L

-#define LN_generationQualifier		"generationQualifier"

-#define NID_generationQualifier		509

-#define OBJ_generationQualifier		OBJ_X509,44L

-#define LN_x500UniqueIdentifier		"x500UniqueIdentifier"

-#define NID_x500UniqueIdentifier		503

-#define OBJ_x500UniqueIdentifier		OBJ_X509,45L

-#define SN_dnQualifier		"dnQualifier"

-#define LN_dnQualifier		"dnQualifier"

-#define NID_dnQualifier		174

-#define OBJ_dnQualifier		OBJ_X509,46L

-#define LN_pseudonym		"pseudonym"

-#define NID_pseudonym		510

-#define OBJ_pseudonym		OBJ_X509,65L

-#define SN_role		"role"

-#define LN_role		"role"

-#define NID_role		400

-#define OBJ_role		OBJ_X509,72L

-#define SN_X500algorithms		"X500algorithms"

-#define LN_X500algorithms		"directory services - algorithms"

-#define NID_X500algorithms		378

-#define OBJ_X500algorithms		OBJ_X500,8L

-#define SN_rsa		"RSA"

-#define LN_rsa		"rsa"

-#define NID_rsa		19

-#define OBJ_rsa		OBJ_X500algorithms,1L,1L

-#define SN_mdc2WithRSA		"RSA-MDC2"

-#define LN_mdc2WithRSA		"mdc2WithRSA"

-#define NID_mdc2WithRSA		96

-#define OBJ_mdc2WithRSA		OBJ_X500algorithms,3L,100L

-#define SN_mdc2		"MDC2"

-#define LN_mdc2		"mdc2"

-#define NID_mdc2		95

-#define OBJ_mdc2		OBJ_X500algorithms,3L,101L

-#define SN_id_ce		"id-ce"

-#define NID_id_ce		81

-#define OBJ_id_ce		OBJ_X500,29L

-#define SN_subject_directory_attributes		"subjectDirectoryAttributes"

-#define LN_subject_directory_attributes		"X509v3 Subject Directory Attributes"

-#define NID_subject_directory_attributes		769

-#define OBJ_subject_directory_attributes		OBJ_id_ce,9L

-#define SN_subject_key_identifier		"subjectKeyIdentifier"

-#define LN_subject_key_identifier		"X509v3 Subject Key Identifier"

-#define NID_subject_key_identifier		82

-#define OBJ_subject_key_identifier		OBJ_id_ce,14L

-#define SN_key_usage		"keyUsage"

-#define LN_key_usage		"X509v3 Key Usage"

-#define NID_key_usage		83

-#define OBJ_key_usage		OBJ_id_ce,15L

-#define SN_private_key_usage_period		"privateKeyUsagePeriod"

-#define LN_private_key_usage_period		"X509v3 Private Key Usage Period"

-#define NID_private_key_usage_period		84

-#define OBJ_private_key_usage_period		OBJ_id_ce,16L

-#define SN_subject_alt_name		"subjectAltName"

-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"

-#define NID_subject_alt_name		85

-#define OBJ_subject_alt_name		OBJ_id_ce,17L

-#define SN_issuer_alt_name		"issuerAltName"

-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"

-#define NID_issuer_alt_name		86

-#define OBJ_issuer_alt_name		OBJ_id_ce,18L

-#define SN_basic_constraints		"basicConstraints"

-#define LN_basic_constraints		"X509v3 Basic Constraints"

-#define NID_basic_constraints		87

-#define OBJ_basic_constraints		OBJ_id_ce,19L

-#define SN_crl_number		"crlNumber"

-#define LN_crl_number		"X509v3 CRL Number"

-#define NID_crl_number		88

-#define OBJ_crl_number		OBJ_id_ce,20L

-#define SN_crl_reason		"CRLReason"

-#define LN_crl_reason		"X509v3 CRL Reason Code"

-#define NID_crl_reason		141

-#define OBJ_crl_reason		OBJ_id_ce,21L

-#define SN_invalidity_date		"invalidityDate"

-#define LN_invalidity_date		"Invalidity Date"

-#define NID_invalidity_date		142

-#define OBJ_invalidity_date		OBJ_id_ce,24L

-#define SN_delta_crl		"deltaCRL"

-#define LN_delta_crl		"X509v3 Delta CRL Indicator"

-#define NID_delta_crl		140

-#define OBJ_delta_crl		OBJ_id_ce,27L

-#define SN_issuing_distribution_point		"issuingDistributionPoint"

-#define LN_issuing_distribution_point		"X509v3 Issuing Distrubution Point"

-#define NID_issuing_distribution_point		770

-#define OBJ_issuing_distribution_point		OBJ_id_ce,28L

-#define SN_certificate_issuer		"certificateIssuer"

-#define LN_certificate_issuer		"X509v3 Certificate Issuer"

-#define NID_certificate_issuer		771

-#define OBJ_certificate_issuer		OBJ_id_ce,29L

-#define SN_name_constraints		"nameConstraints"

-#define LN_name_constraints		"X509v3 Name Constraints"

-#define NID_name_constraints		666

-#define OBJ_name_constraints		OBJ_id_ce,30L

-#define SN_crl_distribution_points		"crlDistributionPoints"

-#define LN_crl_distribution_points		"X509v3 CRL Distribution Points"

-#define NID_crl_distribution_points		103

-#define OBJ_crl_distribution_points		OBJ_id_ce,31L

-#define SN_certificate_policies		"certificatePolicies"

-#define LN_certificate_policies		"X509v3 Certificate Policies"

-#define NID_certificate_policies		89

-#define OBJ_certificate_policies		OBJ_id_ce,32L

-#define SN_any_policy		"anyPolicy"

-#define LN_any_policy		"X509v3 Any Policy"

-#define NID_any_policy		746

-#define OBJ_any_policy		OBJ_certificate_policies,0L

-#define SN_policy_mappings		"policyMappings"

-#define LN_policy_mappings		"X509v3 Policy Mappings"

-#define NID_policy_mappings		747

-#define OBJ_policy_mappings		OBJ_id_ce,33L

-#define SN_authority_key_identifier		"authorityKeyIdentifier"

-#define LN_authority_key_identifier		"X509v3 Authority Key Identifier"

-#define NID_authority_key_identifier		90

-#define OBJ_authority_key_identifier		OBJ_id_ce,35L

-#define SN_policy_constraints		"policyConstraints"

-#define LN_policy_constraints		"X509v3 Policy Constraints"

-#define NID_policy_constraints		401

-#define OBJ_policy_constraints		OBJ_id_ce,36L

-#define SN_ext_key_usage		"extendedKeyUsage"

-#define LN_ext_key_usage		"X509v3 Extended Key Usage"

-#define NID_ext_key_usage		126

-#define OBJ_ext_key_usage		OBJ_id_ce,37L

-#define SN_inhibit_any_policy		"inhibitAnyPolicy"

-#define LN_inhibit_any_policy		"X509v3 Inhibit Any Policy"

-#define NID_inhibit_any_policy		748

-#define OBJ_inhibit_any_policy		OBJ_id_ce,54L

-#define SN_target_information		"targetInformation"

-#define LN_target_information		"X509v3 AC Targeting"

-#define NID_target_information		402

-#define OBJ_target_information		OBJ_id_ce,55L

-#define SN_no_rev_avail		"noRevAvail"

-#define LN_no_rev_avail		"X509v3 No Revocation Available"

-#define NID_no_rev_avail		403

-#define OBJ_no_rev_avail		OBJ_id_ce,56L

-#define SN_netscape		"Netscape"

-#define LN_netscape		"Netscape Communications Corp."

-#define NID_netscape		57

-#define OBJ_netscape		2L,16L,840L,1L,113730L

-#define SN_netscape_cert_extension		"nsCertExt"

-#define LN_netscape_cert_extension		"Netscape Certificate Extension"

-#define NID_netscape_cert_extension		58

-#define OBJ_netscape_cert_extension		OBJ_netscape,1L

-#define SN_netscape_data_type		"nsDataType"

-#define LN_netscape_data_type		"Netscape Data Type"

-#define NID_netscape_data_type		59

-#define OBJ_netscape_data_type		OBJ_netscape,2L

-#define SN_netscape_cert_type		"nsCertType"

-#define LN_netscape_cert_type		"Netscape Cert Type"

-#define NID_netscape_cert_type		71

-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L

-#define SN_netscape_base_url		"nsBaseUrl"

-#define LN_netscape_base_url		"Netscape Base Url"

-#define NID_netscape_base_url		72

-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L

-#define SN_netscape_revocation_url		"nsRevocationUrl"

-#define LN_netscape_revocation_url		"Netscape Revocation Url"

-#define NID_netscape_revocation_url		73

-#define OBJ_netscape_revocation_url		OBJ_netscape_cert_extension,3L

-#define SN_netscape_ca_revocation_url		"nsCaRevocationUrl"

-#define LN_netscape_ca_revocation_url		"Netscape CA Revocation Url"

-#define NID_netscape_ca_revocation_url		74

-#define OBJ_netscape_ca_revocation_url		OBJ_netscape_cert_extension,4L

-#define SN_netscape_renewal_url		"nsRenewalUrl"

-#define LN_netscape_renewal_url		"Netscape Renewal Url"

-#define NID_netscape_renewal_url		75

-#define OBJ_netscape_renewal_url		OBJ_netscape_cert_extension,7L

-#define SN_netscape_ca_policy_url		"nsCaPolicyUrl"

-#define LN_netscape_ca_policy_url		"Netscape CA Policy Url"

-#define NID_netscape_ca_policy_url		76

-#define OBJ_netscape_ca_policy_url		OBJ_netscape_cert_extension,8L

-#define SN_netscape_ssl_server_name		"nsSslServerName"

-#define LN_netscape_ssl_server_name		"Netscape SSL Server Name"

-#define NID_netscape_ssl_server_name		77

-#define OBJ_netscape_ssl_server_name		OBJ_netscape_cert_extension,12L

-#define SN_netscape_comment		"nsComment"

-#define LN_netscape_comment		"Netscape Comment"

-#define NID_netscape_comment		78

-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L

-#define SN_netscape_cert_sequence		"nsCertSequence"

-#define LN_netscape_cert_sequence		"Netscape Certificate Sequence"

-#define NID_netscape_cert_sequence		79

-#define OBJ_netscape_cert_sequence		OBJ_netscape_data_type,5L

-#define SN_ns_sgc		"nsSGC"

-#define LN_ns_sgc		"Netscape Server Gated Crypto"

-#define NID_ns_sgc		139

-#define OBJ_ns_sgc		OBJ_netscape,4L,1L

-#define SN_org		"ORG"

-#define LN_org		"org"

-#define NID_org		379

-#define OBJ_org		OBJ_iso,3L

-#define SN_dod		"DOD"

-#define LN_dod		"dod"

-#define NID_dod		380

-#define OBJ_dod		OBJ_org,6L

-#define SN_iana		"IANA"

-#define LN_iana		"iana"

-#define NID_iana		381

-#define OBJ_iana		OBJ_dod,1L

-#define OBJ_internet		OBJ_iana

-#define SN_Directory		"directory"

-#define LN_Directory		"Directory"

-#define NID_Directory		382

-#define OBJ_Directory		OBJ_internet,1L

-#define SN_Management		"mgmt"

-#define LN_Management		"Management"

-#define NID_Management		383

-#define OBJ_Management		OBJ_internet,2L

-#define SN_Experimental		"experimental"

-#define LN_Experimental		"Experimental"

-#define NID_Experimental		384

-#define OBJ_Experimental		OBJ_internet,3L

-#define SN_Private		"private"

-#define LN_Private		"Private"

-#define NID_Private		385

-#define OBJ_Private		OBJ_internet,4L

-#define SN_Security		"security"

-#define LN_Security		"Security"

-#define NID_Security		386

-#define OBJ_Security		OBJ_internet,5L

-#define SN_SNMPv2		"snmpv2"

-#define LN_SNMPv2		"SNMPv2"

-#define NID_SNMPv2		387

-#define OBJ_SNMPv2		OBJ_internet,6L

-#define LN_Mail		"Mail"

-#define NID_Mail		388

-#define OBJ_Mail		OBJ_internet,7L

-#define SN_Enterprises		"enterprises"

-#define LN_Enterprises		"Enterprises"

-#define NID_Enterprises		389

-#define OBJ_Enterprises		OBJ_Private,1L

-#define SN_dcObject		"dcobject"

-#define LN_dcObject		"dcObject"

-#define NID_dcObject		390

-#define OBJ_dcObject		OBJ_Enterprises,1466L,344L

-#define SN_mime_mhs		"mime-mhs"

-#define LN_mime_mhs		"MIME MHS"

-#define NID_mime_mhs		504

-#define OBJ_mime_mhs		OBJ_Mail,1L

-#define SN_mime_mhs_headings		"mime-mhs-headings"

-#define LN_mime_mhs_headings		"mime-mhs-headings"

-#define NID_mime_mhs_headings		505

-#define OBJ_mime_mhs_headings		OBJ_mime_mhs,1L

-#define SN_mime_mhs_bodies		"mime-mhs-bodies"

-#define LN_mime_mhs_bodies		"mime-mhs-bodies"

-#define NID_mime_mhs_bodies		506

-#define OBJ_mime_mhs_bodies		OBJ_mime_mhs,2L

-#define SN_id_hex_partial_message		"id-hex-partial-message"

-#define LN_id_hex_partial_message		"id-hex-partial-message"

-#define NID_id_hex_partial_message		507

-#define OBJ_id_hex_partial_message		OBJ_mime_mhs_headings,1L

-#define SN_id_hex_multipart_message		"id-hex-multipart-message"

-#define LN_id_hex_multipart_message		"id-hex-multipart-message"

-#define NID_id_hex_multipart_message		508

-#define OBJ_id_hex_multipart_message		OBJ_mime_mhs_headings,2L

-#define SN_rle_compression		"RLE"

-#define LN_rle_compression		"run length compression"

-#define NID_rle_compression		124

-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L

-#define SN_zlib_compression		"ZLIB"

-#define LN_zlib_compression		"zlib compression"

-#define NID_zlib_compression		125

-#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L

-#define OBJ_csor		2L,16L,840L,1L,101L,3L

-#define OBJ_nistAlgorithms		OBJ_csor,4L

-#define OBJ_aes		OBJ_nistAlgorithms,1L

-#define SN_aes_128_ecb		"AES-128-ECB"

-#define LN_aes_128_ecb		"aes-128-ecb"

-#define NID_aes_128_ecb		418

-#define OBJ_aes_128_ecb		OBJ_aes,1L

-#define SN_aes_128_cbc		"AES-128-CBC"

-#define LN_aes_128_cbc		"aes-128-cbc"

-#define NID_aes_128_cbc		419

-#define OBJ_aes_128_cbc		OBJ_aes,2L

-#define SN_aes_128_ofb128		"AES-128-OFB"

-#define LN_aes_128_ofb128		"aes-128-ofb"

-#define NID_aes_128_ofb128		420

-#define OBJ_aes_128_ofb128		OBJ_aes,3L

-#define SN_aes_128_cfb128		"AES-128-CFB"

-#define LN_aes_128_cfb128		"aes-128-cfb"

-#define NID_aes_128_cfb128		421

-#define OBJ_aes_128_cfb128		OBJ_aes,4L

-#define SN_aes_192_ecb		"AES-192-ECB"

-#define LN_aes_192_ecb		"aes-192-ecb"

-#define NID_aes_192_ecb		422

-#define OBJ_aes_192_ecb		OBJ_aes,21L

-#define SN_aes_192_cbc		"AES-192-CBC"

-#define LN_aes_192_cbc		"aes-192-cbc"

-#define NID_aes_192_cbc		423

-#define OBJ_aes_192_cbc		OBJ_aes,22L

-#define SN_aes_192_ofb128		"AES-192-OFB"

-#define LN_aes_192_ofb128		"aes-192-ofb"

-#define NID_aes_192_ofb128		424

-#define OBJ_aes_192_ofb128		OBJ_aes,23L

-#define SN_aes_192_cfb128		"AES-192-CFB"

-#define LN_aes_192_cfb128		"aes-192-cfb"

-#define NID_aes_192_cfb128		425

-#define OBJ_aes_192_cfb128		OBJ_aes,24L

-#define SN_aes_256_ecb		"AES-256-ECB"

-#define LN_aes_256_ecb		"aes-256-ecb"

-#define NID_aes_256_ecb		426

-#define OBJ_aes_256_ecb		OBJ_aes,41L

-#define SN_aes_256_cbc		"AES-256-CBC"

-#define LN_aes_256_cbc		"aes-256-cbc"

-#define NID_aes_256_cbc		427

-#define OBJ_aes_256_cbc		OBJ_aes,42L

-#define SN_aes_256_ofb128		"AES-256-OFB"

-#define LN_aes_256_ofb128		"aes-256-ofb"

-#define NID_aes_256_ofb128		428

-#define OBJ_aes_256_ofb128		OBJ_aes,43L

-#define SN_aes_256_cfb128		"AES-256-CFB"

-#define LN_aes_256_cfb128		"aes-256-cfb"

-#define NID_aes_256_cfb128		429

-#define OBJ_aes_256_cfb128		OBJ_aes,44L

-#define SN_aes_128_cfb1		"AES-128-CFB1"

-#define LN_aes_128_cfb1		"aes-128-cfb1"

-#define NID_aes_128_cfb1		650

-#define SN_aes_192_cfb1		"AES-192-CFB1"

-#define LN_aes_192_cfb1		"aes-192-cfb1"

-#define NID_aes_192_cfb1		651

-#define SN_aes_256_cfb1		"AES-256-CFB1"

-#define LN_aes_256_cfb1		"aes-256-cfb1"

-#define NID_aes_256_cfb1		652

-#define SN_aes_128_cfb8		"AES-128-CFB8"

-#define LN_aes_128_cfb8		"aes-128-cfb8"

-#define NID_aes_128_cfb8		653

-#define SN_aes_192_cfb8		"AES-192-CFB8"

-#define LN_aes_192_cfb8		"aes-192-cfb8"

-#define NID_aes_192_cfb8		654

-#define SN_aes_256_cfb8		"AES-256-CFB8"

-#define LN_aes_256_cfb8		"aes-256-cfb8"

-#define NID_aes_256_cfb8		655

-#define SN_des_cfb1		"DES-CFB1"

-#define LN_des_cfb1		"des-cfb1"

-#define NID_des_cfb1		656

-#define SN_des_cfb8		"DES-CFB8"

-#define LN_des_cfb8		"des-cfb8"

-#define NID_des_cfb8		657

-#define SN_des_ede3_cfb1		"DES-EDE3-CFB1"

-#define LN_des_ede3_cfb1		"des-ede3-cfb1"

-#define NID_des_ede3_cfb1		658

-#define SN_des_ede3_cfb8		"DES-EDE3-CFB8"

-#define LN_des_ede3_cfb8		"des-ede3-cfb8"

-#define NID_des_ede3_cfb8		659

-#define OBJ_nist_hashalgs		OBJ_nistAlgorithms,2L

-#define SN_sha256		"SHA256"

-#define LN_sha256		"sha256"

-#define NID_sha256		672

-#define OBJ_sha256		OBJ_nist_hashalgs,1L

-#define SN_sha384		"SHA384"

-#define LN_sha384		"sha384"

-#define NID_sha384		673

-#define OBJ_sha384		OBJ_nist_hashalgs,2L

-#define SN_sha512		"SHA512"

-#define LN_sha512		"sha512"

-#define NID_sha512		674

-#define OBJ_sha512		OBJ_nist_hashalgs,3L

-#define SN_sha224		"SHA224"

-#define LN_sha224		"sha224"

-#define NID_sha224		675

-#define OBJ_sha224		OBJ_nist_hashalgs,4L

-#define SN_hold_instruction_code		"holdInstructionCode"

-#define LN_hold_instruction_code		"Hold Instruction Code"

-#define NID_hold_instruction_code		430

-#define OBJ_hold_instruction_code		OBJ_id_ce,23L

-#define OBJ_holdInstruction		OBJ_X9_57,2L

-#define SN_hold_instruction_none		"holdInstructionNone"

-#define LN_hold_instruction_none		"Hold Instruction None"

-#define NID_hold_instruction_none		431

-#define OBJ_hold_instruction_none		OBJ_holdInstruction,1L

-#define SN_hold_instruction_call_issuer		"holdInstructionCallIssuer"

-#define LN_hold_instruction_call_issuer		"Hold Instruction Call Issuer"

-#define NID_hold_instruction_call_issuer		432

-#define OBJ_hold_instruction_call_issuer		OBJ_holdInstruction,2L

-#define SN_hold_instruction_reject		"holdInstructionReject"

-#define LN_hold_instruction_reject		"Hold Instruction Reject"

-#define NID_hold_instruction_reject		433

-#define OBJ_hold_instruction_reject		OBJ_holdInstruction,3L

-#define SN_data		"data"

-#define NID_data		434

-#define OBJ_data		OBJ_itu_t,9L

-#define SN_pss		"pss"

-#define NID_pss		435

-#define OBJ_pss		OBJ_data,2342L

-#define SN_ucl		"ucl"

-#define NID_ucl		436

-#define OBJ_ucl		OBJ_pss,19200300L

-#define SN_pilot		"pilot"

-#define NID_pilot		437

-#define OBJ_pilot		OBJ_ucl,100L

-#define LN_pilotAttributeType		"pilotAttributeType"

-#define NID_pilotAttributeType		438

-#define OBJ_pilotAttributeType		OBJ_pilot,1L

-#define LN_pilotAttributeSyntax		"pilotAttributeSyntax"

-#define NID_pilotAttributeSyntax		439

-#define OBJ_pilotAttributeSyntax		OBJ_pilot,3L

-#define LN_pilotObjectClass		"pilotObjectClass"

-#define NID_pilotObjectClass		440

-#define OBJ_pilotObjectClass		OBJ_pilot,4L

-#define LN_pilotGroups		"pilotGroups"

-#define NID_pilotGroups		441

-#define OBJ_pilotGroups		OBJ_pilot,10L

-#define LN_iA5StringSyntax		"iA5StringSyntax"

-#define NID_iA5StringSyntax		442

-#define OBJ_iA5StringSyntax		OBJ_pilotAttributeSyntax,4L

-#define LN_caseIgnoreIA5StringSyntax		"caseIgnoreIA5StringSyntax"

-#define NID_caseIgnoreIA5StringSyntax		443

-#define OBJ_caseIgnoreIA5StringSyntax		OBJ_pilotAttributeSyntax,5L

-#define LN_pilotObject		"pilotObject"

-#define NID_pilotObject		444

-#define OBJ_pilotObject		OBJ_pilotObjectClass,3L

-#define LN_pilotPerson		"pilotPerson"

-#define NID_pilotPerson		445

-#define OBJ_pilotPerson		OBJ_pilotObjectClass,4L

-#define SN_account		"account"

-#define NID_account		446

-#define OBJ_account		OBJ_pilotObjectClass,5L

-#define SN_document		"document"

-#define NID_document		447

-#define OBJ_document		OBJ_pilotObjectClass,6L

-#define SN_room		"room"

-#define NID_room		448

-#define OBJ_room		OBJ_pilotObjectClass,7L

-#define LN_documentSeries		"documentSeries"

-#define NID_documentSeries		449

-#define OBJ_documentSeries		OBJ_pilotObjectClass,9L

-#define SN_Domain		"domain"

-#define LN_Domain		"Domain"

-#define NID_Domain		392

-#define OBJ_Domain		OBJ_pilotObjectClass,13L

-#define LN_rFC822localPart		"rFC822localPart"

-#define NID_rFC822localPart		450

-#define OBJ_rFC822localPart		OBJ_pilotObjectClass,14L

-#define LN_dNSDomain		"dNSDomain"

-#define NID_dNSDomain		451

-#define OBJ_dNSDomain		OBJ_pilotObjectClass,15L

-#define LN_domainRelatedObject		"domainRelatedObject"

-#define NID_domainRelatedObject		452

-#define OBJ_domainRelatedObject		OBJ_pilotObjectClass,17L

-#define LN_friendlyCountry		"friendlyCountry"

-#define NID_friendlyCountry		453

-#define OBJ_friendlyCountry		OBJ_pilotObjectClass,18L

-#define LN_simpleSecurityObject		"simpleSecurityObject"

-#define NID_simpleSecurityObject		454

-#define OBJ_simpleSecurityObject		OBJ_pilotObjectClass,19L

-#define LN_pilotOrganization		"pilotOrganization"

-#define NID_pilotOrganization		455

-#define OBJ_pilotOrganization		OBJ_pilotObjectClass,20L

-#define LN_pilotDSA		"pilotDSA"

-#define NID_pilotDSA		456

-#define OBJ_pilotDSA		OBJ_pilotObjectClass,21L

-#define LN_qualityLabelledData		"qualityLabelledData"

-#define NID_qualityLabelledData		457

-#define OBJ_qualityLabelledData		OBJ_pilotObjectClass,22L

-#define SN_userId		"UID"

-#define LN_userId		"userId"

-#define NID_userId		458

-#define OBJ_userId		OBJ_pilotAttributeType,1L

-#define LN_textEncodedORAddress		"textEncodedORAddress"

-#define NID_textEncodedORAddress		459

-#define OBJ_textEncodedORAddress		OBJ_pilotAttributeType,2L

-#define SN_rfc822Mailbox		"mail"

-#define LN_rfc822Mailbox		"rfc822Mailbox"

-#define NID_rfc822Mailbox		460

-#define OBJ_rfc822Mailbox		OBJ_pilotAttributeType,3L

-#define SN_info		"info"

-#define NID_info		461

-#define OBJ_info		OBJ_pilotAttributeType,4L

-#define LN_favouriteDrink		"favouriteDrink"

-#define NID_favouriteDrink		462

-#define OBJ_favouriteDrink		OBJ_pilotAttributeType,5L

-#define LN_roomNumber		"roomNumber"

-#define NID_roomNumber		463

-#define OBJ_roomNumber		OBJ_pilotAttributeType,6L

-#define SN_photo		"photo"

-#define NID_photo		464

-#define OBJ_photo		OBJ_pilotAttributeType,7L

-#define LN_userClass		"userClass"

-#define NID_userClass		465

-#define OBJ_userClass		OBJ_pilotAttributeType,8L

-#define SN_host		"host"

-#define NID_host		466

-#define OBJ_host		OBJ_pilotAttributeType,9L

-#define SN_manager		"manager"

-#define NID_manager		467

-#define OBJ_manager		OBJ_pilotAttributeType,10L

-#define LN_documentIdentifier		"documentIdentifier"

-#define NID_documentIdentifier		468

-#define OBJ_documentIdentifier		OBJ_pilotAttributeType,11L

-#define LN_documentTitle		"documentTitle"

-#define NID_documentTitle		469

-#define OBJ_documentTitle		OBJ_pilotAttributeType,12L

-#define LN_documentVersion		"documentVersion"

-#define NID_documentVersion		470

-#define OBJ_documentVersion		OBJ_pilotAttributeType,13L

-#define LN_documentAuthor		"documentAuthor"

-#define NID_documentAuthor		471

-#define OBJ_documentAuthor		OBJ_pilotAttributeType,14L

-#define LN_documentLocation		"documentLocation"

-#define NID_documentLocation		472

-#define OBJ_documentLocation		OBJ_pilotAttributeType,15L

-#define LN_homeTelephoneNumber		"homeTelephoneNumber"

-#define NID_homeTelephoneNumber		473

-#define OBJ_homeTelephoneNumber		OBJ_pilotAttributeType,20L

-#define SN_secretary		"secretary"

-#define NID_secretary		474

-#define OBJ_secretary		OBJ_pilotAttributeType,21L

-#define LN_otherMailbox		"otherMailbox"

-#define NID_otherMailbox		475

-#define OBJ_otherMailbox		OBJ_pilotAttributeType,22L

-#define LN_lastModifiedTime		"lastModifiedTime"

-#define NID_lastModifiedTime		476

-#define OBJ_lastModifiedTime		OBJ_pilotAttributeType,23L

-#define LN_lastModifiedBy		"lastModifiedBy"

-#define NID_lastModifiedBy		477

-#define OBJ_lastModifiedBy		OBJ_pilotAttributeType,24L

-#define SN_domainComponent		"DC"

-#define LN_domainComponent		"domainComponent"

-#define NID_domainComponent		391

-#define OBJ_domainComponent		OBJ_pilotAttributeType,25L

-#define LN_aRecord		"aRecord"

-#define NID_aRecord		478

-#define OBJ_aRecord		OBJ_pilotAttributeType,26L

-#define LN_pilotAttributeType27		"pilotAttributeType27"

-#define NID_pilotAttributeType27		479

-#define OBJ_pilotAttributeType27		OBJ_pilotAttributeType,27L

-#define LN_mXRecord		"mXRecord"

-#define NID_mXRecord		480

-#define OBJ_mXRecord		OBJ_pilotAttributeType,28L

-#define LN_nSRecord		"nSRecord"

-#define NID_nSRecord		481

-#define OBJ_nSRecord		OBJ_pilotAttributeType,29L

-#define LN_sOARecord		"sOARecord"

-#define NID_sOARecord		482

-#define OBJ_sOARecord		OBJ_pilotAttributeType,30L

-#define LN_cNAMERecord		"cNAMERecord"

-#define NID_cNAMERecord		483

-#define OBJ_cNAMERecord		OBJ_pilotAttributeType,31L

-#define LN_associatedDomain		"associatedDomain"

-#define NID_associatedDomain		484

-#define OBJ_associatedDomain		OBJ_pilotAttributeType,37L

-#define LN_associatedName		"associatedName"

-#define NID_associatedName		485

-#define OBJ_associatedName		OBJ_pilotAttributeType,38L

-#define LN_homePostalAddress		"homePostalAddress"

-#define NID_homePostalAddress		486

-#define OBJ_homePostalAddress		OBJ_pilotAttributeType,39L

-#define LN_personalTitle		"personalTitle"

-#define NID_personalTitle		487

-#define OBJ_personalTitle		OBJ_pilotAttributeType,40L

-#define LN_mobileTelephoneNumber		"mobileTelephoneNumber"

-#define NID_mobileTelephoneNumber		488

-#define OBJ_mobileTelephoneNumber		OBJ_pilotAttributeType,41L

-#define LN_pagerTelephoneNumber		"pagerTelephoneNumber"

-#define NID_pagerTelephoneNumber		489

-#define OBJ_pagerTelephoneNumber		OBJ_pilotAttributeType,42L

-#define LN_friendlyCountryName		"friendlyCountryName"

-#define NID_friendlyCountryName		490

-#define OBJ_friendlyCountryName		OBJ_pilotAttributeType,43L

-#define LN_organizationalStatus		"organizationalStatus"

-#define NID_organizationalStatus		491

-#define OBJ_organizationalStatus		OBJ_pilotAttributeType,45L

-#define LN_janetMailbox		"janetMailbox"

-#define NID_janetMailbox		492

-#define OBJ_janetMailbox		OBJ_pilotAttributeType,46L

-#define LN_mailPreferenceOption		"mailPreferenceOption"

-#define NID_mailPreferenceOption		493

-#define OBJ_mailPreferenceOption		OBJ_pilotAttributeType,47L

-#define LN_buildingName		"buildingName"

-#define NID_buildingName		494

-#define OBJ_buildingName		OBJ_pilotAttributeType,48L

-#define LN_dSAQuality		"dSAQuality"

-#define NID_dSAQuality		495

-#define OBJ_dSAQuality		OBJ_pilotAttributeType,49L

-#define LN_singleLevelQuality		"singleLevelQuality"

-#define NID_singleLevelQuality		496

-#define OBJ_singleLevelQuality		OBJ_pilotAttributeType,50L

-#define LN_subtreeMinimumQuality		"subtreeMinimumQuality"

-#define NID_subtreeMinimumQuality		497

-#define OBJ_subtreeMinimumQuality		OBJ_pilotAttributeType,51L

-#define LN_subtreeMaximumQuality		"subtreeMaximumQuality"

-#define NID_subtreeMaximumQuality		498

-#define OBJ_subtreeMaximumQuality		OBJ_pilotAttributeType,52L

-#define LN_personalSignature		"personalSignature"

-#define NID_personalSignature		499

-#define OBJ_personalSignature		OBJ_pilotAttributeType,53L

-#define LN_dITRedirect		"dITRedirect"

-#define NID_dITRedirect		500

-#define OBJ_dITRedirect		OBJ_pilotAttributeType,54L

-#define SN_audio		"audio"

-#define NID_audio		501

-#define OBJ_audio		OBJ_pilotAttributeType,55L

-#define LN_documentPublisher		"documentPublisher"

-#define NID_documentPublisher		502

-#define OBJ_documentPublisher		OBJ_pilotAttributeType,56L

-#define SN_id_set		"id-set"

-#define LN_id_set		"Secure Electronic Transactions"

-#define NID_id_set		512

-#define OBJ_id_set		OBJ_international_organizations,42L

-#define SN_set_ctype		"set-ctype"

-#define LN_set_ctype		"content types"

-#define NID_set_ctype		513

-#define OBJ_set_ctype		OBJ_id_set,0L

-#define SN_set_msgExt		"set-msgExt"

-#define LN_set_msgExt		"message extensions"

-#define NID_set_msgExt		514

-#define OBJ_set_msgExt		OBJ_id_set,1L

-#define SN_set_attr		"set-attr"

-#define NID_set_attr		515

-#define OBJ_set_attr		OBJ_id_set,3L

-#define SN_set_policy		"set-policy"

-#define NID_set_policy		516

-#define OBJ_set_policy		OBJ_id_set,5L

-#define SN_set_certExt		"set-certExt"

-#define LN_set_certExt		"certificate extensions"

-#define NID_set_certExt		517

-#define OBJ_set_certExt		OBJ_id_set,7L

-#define SN_set_brand		"set-brand"

-#define NID_set_brand		518

-#define OBJ_set_brand		OBJ_id_set,8L

-#define SN_setct_PANData		"setct-PANData"

-#define NID_setct_PANData		519

-#define OBJ_setct_PANData		OBJ_set_ctype,0L

-#define SN_setct_PANToken		"setct-PANToken"

-#define NID_setct_PANToken		520

-#define OBJ_setct_PANToken		OBJ_set_ctype,1L

-#define SN_setct_PANOnly		"setct-PANOnly"

-#define NID_setct_PANOnly		521

-#define OBJ_setct_PANOnly		OBJ_set_ctype,2L

-#define SN_setct_OIData		"setct-OIData"

-#define NID_setct_OIData		522

-#define OBJ_setct_OIData		OBJ_set_ctype,3L

-#define SN_setct_PI		"setct-PI"

-#define NID_setct_PI		523

-#define OBJ_setct_PI		OBJ_set_ctype,4L

-#define SN_setct_PIData		"setct-PIData"

-#define NID_setct_PIData		524

-#define OBJ_setct_PIData		OBJ_set_ctype,5L

-#define SN_setct_PIDataUnsigned		"setct-PIDataUnsigned"

-#define NID_setct_PIDataUnsigned		525

-#define OBJ_setct_PIDataUnsigned		OBJ_set_ctype,6L

-#define SN_setct_HODInput		"setct-HODInput"

-#define NID_setct_HODInput		526

-#define OBJ_setct_HODInput		OBJ_set_ctype,7L

-#define SN_setct_AuthResBaggage		"setct-AuthResBaggage"

-#define NID_setct_AuthResBaggage		527

-#define OBJ_setct_AuthResBaggage		OBJ_set_ctype,8L

-#define SN_setct_AuthRevReqBaggage		"setct-AuthRevReqBaggage"

-#define NID_setct_AuthRevReqBaggage		528

-#define OBJ_setct_AuthRevReqBaggage		OBJ_set_ctype,9L

-#define SN_setct_AuthRevResBaggage		"setct-AuthRevResBaggage"

-#define NID_setct_AuthRevResBaggage		529

-#define OBJ_setct_AuthRevResBaggage		OBJ_set_ctype,10L

-#define SN_setct_CapTokenSeq		"setct-CapTokenSeq"

-#define NID_setct_CapTokenSeq		530

-#define OBJ_setct_CapTokenSeq		OBJ_set_ctype,11L

-#define SN_setct_PInitResData		"setct-PInitResData"

-#define NID_setct_PInitResData		531

-#define OBJ_setct_PInitResData		OBJ_set_ctype,12L

-#define SN_setct_PI_TBS		"setct-PI-TBS"

-#define NID_setct_PI_TBS		532

-#define OBJ_setct_PI_TBS		OBJ_set_ctype,13L

-#define SN_setct_PResData		"setct-PResData"

-#define NID_setct_PResData		533

-#define OBJ_setct_PResData		OBJ_set_ctype,14L

-#define SN_setct_AuthReqTBS		"setct-AuthReqTBS"

-#define NID_setct_AuthReqTBS		534

-#define OBJ_setct_AuthReqTBS		OBJ_set_ctype,16L

-#define SN_setct_AuthResTBS		"setct-AuthResTBS"

-#define NID_setct_AuthResTBS		535

-#define OBJ_setct_AuthResTBS		OBJ_set_ctype,17L

-#define SN_setct_AuthResTBSX		"setct-AuthResTBSX"

-#define NID_setct_AuthResTBSX		536

-#define OBJ_setct_AuthResTBSX		OBJ_set_ctype,18L

-#define SN_setct_AuthTokenTBS		"setct-AuthTokenTBS"

-#define NID_setct_AuthTokenTBS		537

-#define OBJ_setct_AuthTokenTBS		OBJ_set_ctype,19L

-#define SN_setct_CapTokenData		"setct-CapTokenData"

-#define NID_setct_CapTokenData		538

-#define OBJ_setct_CapTokenData		OBJ_set_ctype,20L

-#define SN_setct_CapTokenTBS		"setct-CapTokenTBS"

-#define NID_setct_CapTokenTBS		539

-#define OBJ_setct_CapTokenTBS		OBJ_set_ctype,21L

-#define SN_setct_AcqCardCodeMsg		"setct-AcqCardCodeMsg"

-#define NID_setct_AcqCardCodeMsg		540

-#define OBJ_setct_AcqCardCodeMsg		OBJ_set_ctype,22L

-#define SN_setct_AuthRevReqTBS		"setct-AuthRevReqTBS"

-#define NID_setct_AuthRevReqTBS		541

-#define OBJ_setct_AuthRevReqTBS		OBJ_set_ctype,23L

-#define SN_setct_AuthRevResData		"setct-AuthRevResData"

-#define NID_setct_AuthRevResData		542

-#define OBJ_setct_AuthRevResData		OBJ_set_ctype,24L

-#define SN_setct_AuthRevResTBS		"setct-AuthRevResTBS"

-#define NID_setct_AuthRevResTBS		543

-#define OBJ_setct_AuthRevResTBS		OBJ_set_ctype,25L

-#define SN_setct_CapReqTBS		"setct-CapReqTBS"

-#define NID_setct_CapReqTBS		544

-#define OBJ_setct_CapReqTBS		OBJ_set_ctype,26L

-#define SN_setct_CapReqTBSX		"setct-CapReqTBSX"

-#define NID_setct_CapReqTBSX		545

-#define OBJ_setct_CapReqTBSX		OBJ_set_ctype,27L

-#define SN_setct_CapResData		"setct-CapResData"

-#define NID_setct_CapResData		546

-#define OBJ_setct_CapResData		OBJ_set_ctype,28L

-#define SN_setct_CapRevReqTBS		"setct-CapRevReqTBS"

-#define NID_setct_CapRevReqTBS		547

-#define OBJ_setct_CapRevReqTBS		OBJ_set_ctype,29L

-#define SN_setct_CapRevReqTBSX		"setct-CapRevReqTBSX"

-#define NID_setct_CapRevReqTBSX		548

-#define OBJ_setct_CapRevReqTBSX		OBJ_set_ctype,30L

-#define SN_setct_CapRevResData		"setct-CapRevResData"

-#define NID_setct_CapRevResData		549

-#define OBJ_setct_CapRevResData		OBJ_set_ctype,31L

-#define SN_setct_CredReqTBS		"setct-CredReqTBS"

-#define NID_setct_CredReqTBS		550

-#define OBJ_setct_CredReqTBS		OBJ_set_ctype,32L

-#define SN_setct_CredReqTBSX		"setct-CredReqTBSX"

-#define NID_setct_CredReqTBSX		551

-#define OBJ_setct_CredReqTBSX		OBJ_set_ctype,33L

-#define SN_setct_CredResData		"setct-CredResData"

-#define NID_setct_CredResData		552

-#define OBJ_setct_CredResData		OBJ_set_ctype,34L

-#define SN_setct_CredRevReqTBS		"setct-CredRevReqTBS"

-#define NID_setct_CredRevReqTBS		553

-#define OBJ_setct_CredRevReqTBS		OBJ_set_ctype,35L

-#define SN_setct_CredRevReqTBSX		"setct-CredRevReqTBSX"

-#define NID_setct_CredRevReqTBSX		554

-#define OBJ_setct_CredRevReqTBSX		OBJ_set_ctype,36L

-#define SN_setct_CredRevResData		"setct-CredRevResData"

-#define NID_setct_CredRevResData		555

-#define OBJ_setct_CredRevResData		OBJ_set_ctype,37L

-#define SN_setct_PCertReqData		"setct-PCertReqData"

-#define NID_setct_PCertReqData		556

-#define OBJ_setct_PCertReqData		OBJ_set_ctype,38L

-#define SN_setct_PCertResTBS		"setct-PCertResTBS"

-#define NID_setct_PCertResTBS		557

-#define OBJ_setct_PCertResTBS		OBJ_set_ctype,39L

-#define SN_setct_BatchAdminReqData		"setct-BatchAdminReqData"

-#define NID_setct_BatchAdminReqData		558

-#define OBJ_setct_BatchAdminReqData		OBJ_set_ctype,40L

-#define SN_setct_BatchAdminResData		"setct-BatchAdminResData"

-#define NID_setct_BatchAdminResData		559

-#define OBJ_setct_BatchAdminResData		OBJ_set_ctype,41L

-#define SN_setct_CardCInitResTBS		"setct-CardCInitResTBS"

-#define NID_setct_CardCInitResTBS		560

-#define OBJ_setct_CardCInitResTBS		OBJ_set_ctype,42L

-#define SN_setct_MeAqCInitResTBS		"setct-MeAqCInitResTBS"

-#define NID_setct_MeAqCInitResTBS		561

-#define OBJ_setct_MeAqCInitResTBS		OBJ_set_ctype,43L

-#define SN_setct_RegFormResTBS		"setct-RegFormResTBS"

-#define NID_setct_RegFormResTBS		562

-#define OBJ_setct_RegFormResTBS		OBJ_set_ctype,44L

-#define SN_setct_CertReqData		"setct-CertReqData"

-#define NID_setct_CertReqData		563

-#define OBJ_setct_CertReqData		OBJ_set_ctype,45L

-#define SN_setct_CertReqTBS		"setct-CertReqTBS"

-#define NID_setct_CertReqTBS		564

-#define OBJ_setct_CertReqTBS		OBJ_set_ctype,46L

-#define SN_setct_CertResData		"setct-CertResData"

-#define NID_setct_CertResData		565

-#define OBJ_setct_CertResData		OBJ_set_ctype,47L

-#define SN_setct_CertInqReqTBS		"setct-CertInqReqTBS"

-#define NID_setct_CertInqReqTBS		566

-#define OBJ_setct_CertInqReqTBS		OBJ_set_ctype,48L

-#define SN_setct_ErrorTBS		"setct-ErrorTBS"

-#define NID_setct_ErrorTBS		567

-#define OBJ_setct_ErrorTBS		OBJ_set_ctype,49L

-#define SN_setct_PIDualSignedTBE		"setct-PIDualSignedTBE"

-#define NID_setct_PIDualSignedTBE		568

-#define OBJ_setct_PIDualSignedTBE		OBJ_set_ctype,50L

-#define SN_setct_PIUnsignedTBE		"setct-PIUnsignedTBE"

-#define NID_setct_PIUnsignedTBE		569

-#define OBJ_setct_PIUnsignedTBE		OBJ_set_ctype,51L

-#define SN_setct_AuthReqTBE		"setct-AuthReqTBE"

-#define NID_setct_AuthReqTBE		570

-#define OBJ_setct_AuthReqTBE		OBJ_set_ctype,52L

-#define SN_setct_AuthResTBE		"setct-AuthResTBE"

-#define NID_setct_AuthResTBE		571

-#define OBJ_setct_AuthResTBE		OBJ_set_ctype,53L

-#define SN_setct_AuthResTBEX		"setct-AuthResTBEX"

-#define NID_setct_AuthResTBEX		572

-#define OBJ_setct_AuthResTBEX		OBJ_set_ctype,54L

-#define SN_setct_AuthTokenTBE		"setct-AuthTokenTBE"

-#define NID_setct_AuthTokenTBE		573

-#define OBJ_setct_AuthTokenTBE		OBJ_set_ctype,55L

-#define SN_setct_CapTokenTBE		"setct-CapTokenTBE"

-#define NID_setct_CapTokenTBE		574

-#define OBJ_setct_CapTokenTBE		OBJ_set_ctype,56L

-#define SN_setct_CapTokenTBEX		"setct-CapTokenTBEX"

-#define NID_setct_CapTokenTBEX		575

-#define OBJ_setct_CapTokenTBEX		OBJ_set_ctype,57L

-#define SN_setct_AcqCardCodeMsgTBE		"setct-AcqCardCodeMsgTBE"

-#define NID_setct_AcqCardCodeMsgTBE		576

-#define OBJ_setct_AcqCardCodeMsgTBE		OBJ_set_ctype,58L

-#define SN_setct_AuthRevReqTBE		"setct-AuthRevReqTBE"

-#define NID_setct_AuthRevReqTBE		577

-#define OBJ_setct_AuthRevReqTBE		OBJ_set_ctype,59L

-#define SN_setct_AuthRevResTBE		"setct-AuthRevResTBE"

-#define NID_setct_AuthRevResTBE		578

-#define OBJ_setct_AuthRevResTBE		OBJ_set_ctype,60L

-#define SN_setct_AuthRevResTBEB		"setct-AuthRevResTBEB"

-#define NID_setct_AuthRevResTBEB		579

-#define OBJ_setct_AuthRevResTBEB		OBJ_set_ctype,61L

-#define SN_setct_CapReqTBE		"setct-CapReqTBE"

-#define NID_setct_CapReqTBE		580

-#define OBJ_setct_CapReqTBE		OBJ_set_ctype,62L

-#define SN_setct_CapReqTBEX		"setct-CapReqTBEX"

-#define NID_setct_CapReqTBEX		581

-#define OBJ_setct_CapReqTBEX		OBJ_set_ctype,63L

-#define SN_setct_CapResTBE		"setct-CapResTBE"

-#define NID_setct_CapResTBE		582

-#define OBJ_setct_CapResTBE		OBJ_set_ctype,64L

-#define SN_setct_CapRevReqTBE		"setct-CapRevReqTBE"

-#define NID_setct_CapRevReqTBE		583

-#define OBJ_setct_CapRevReqTBE		OBJ_set_ctype,65L

-#define SN_setct_CapRevReqTBEX		"setct-CapRevReqTBEX"

-#define NID_setct_CapRevReqTBEX		584

-#define OBJ_setct_CapRevReqTBEX		OBJ_set_ctype,66L

-#define SN_setct_CapRevResTBE		"setct-CapRevResTBE"

-#define NID_setct_CapRevResTBE		585

-#define OBJ_setct_CapRevResTBE		OBJ_set_ctype,67L

-#define SN_setct_CredReqTBE		"setct-CredReqTBE"

-#define NID_setct_CredReqTBE		586

-#define OBJ_setct_CredReqTBE		OBJ_set_ctype,68L

-#define SN_setct_CredReqTBEX		"setct-CredReqTBEX"

-#define NID_setct_CredReqTBEX		587

-#define OBJ_setct_CredReqTBEX		OBJ_set_ctype,69L

-#define SN_setct_CredResTBE		"setct-CredResTBE"

-#define NID_setct_CredResTBE		588

-#define OBJ_setct_CredResTBE		OBJ_set_ctype,70L

-#define SN_setct_CredRevReqTBE		"setct-CredRevReqTBE"

-#define NID_setct_CredRevReqTBE		589

-#define OBJ_setct_CredRevReqTBE		OBJ_set_ctype,71L

-#define SN_setct_CredRevReqTBEX		"setct-CredRevReqTBEX"

-#define NID_setct_CredRevReqTBEX		590

-#define OBJ_setct_CredRevReqTBEX		OBJ_set_ctype,72L

-#define SN_setct_CredRevResTBE		"setct-CredRevResTBE"

-#define NID_setct_CredRevResTBE		591

-#define OBJ_setct_CredRevResTBE		OBJ_set_ctype,73L

-#define SN_setct_BatchAdminReqTBE		"setct-BatchAdminReqTBE"

-#define NID_setct_BatchAdminReqTBE		592

-#define OBJ_setct_BatchAdminReqTBE		OBJ_set_ctype,74L

-#define SN_setct_BatchAdminResTBE		"setct-BatchAdminResTBE"

-#define NID_setct_BatchAdminResTBE		593

-#define OBJ_setct_BatchAdminResTBE		OBJ_set_ctype,75L

-#define SN_setct_RegFormReqTBE		"setct-RegFormReqTBE"

-#define NID_setct_RegFormReqTBE		594

-#define OBJ_setct_RegFormReqTBE		OBJ_set_ctype,76L

-#define SN_setct_CertReqTBE		"setct-CertReqTBE"

-#define NID_setct_CertReqTBE		595

-#define OBJ_setct_CertReqTBE		OBJ_set_ctype,77L

-#define SN_setct_CertReqTBEX		"setct-CertReqTBEX"

-#define NID_setct_CertReqTBEX		596

-#define OBJ_setct_CertReqTBEX		OBJ_set_ctype,78L

-#define SN_setct_CertResTBE		"setct-CertResTBE"

-#define NID_setct_CertResTBE		597

-#define OBJ_setct_CertResTBE		OBJ_set_ctype,79L

-#define SN_setct_CRLNotificationTBS		"setct-CRLNotificationTBS"

-#define NID_setct_CRLNotificationTBS		598

-#define OBJ_setct_CRLNotificationTBS		OBJ_set_ctype,80L

-#define SN_setct_CRLNotificationResTBS		"setct-CRLNotificationResTBS"

-#define NID_setct_CRLNotificationResTBS		599

-#define OBJ_setct_CRLNotificationResTBS		OBJ_set_ctype,81L

-#define SN_setct_BCIDistributionTBS		"setct-BCIDistributionTBS"

-#define NID_setct_BCIDistributionTBS		600

-#define OBJ_setct_BCIDistributionTBS		OBJ_set_ctype,82L

-#define SN_setext_genCrypt		"setext-genCrypt"

-#define LN_setext_genCrypt		"generic cryptogram"

-#define NID_setext_genCrypt		601

-#define OBJ_setext_genCrypt		OBJ_set_msgExt,1L

-#define SN_setext_miAuth		"setext-miAuth"

-#define LN_setext_miAuth		"merchant initiated auth"

-#define NID_setext_miAuth		602

-#define OBJ_setext_miAuth		OBJ_set_msgExt,3L

-#define SN_setext_pinSecure		"setext-pinSecure"

-#define NID_setext_pinSecure		603

-#define OBJ_setext_pinSecure		OBJ_set_msgExt,4L

-#define SN_setext_pinAny		"setext-pinAny"

-#define NID_setext_pinAny		604

-#define OBJ_setext_pinAny		OBJ_set_msgExt,5L

-#define SN_setext_track2		"setext-track2"

-#define NID_setext_track2		605

-#define OBJ_setext_track2		OBJ_set_msgExt,7L

-#define SN_setext_cv		"setext-cv"

-#define LN_setext_cv		"additional verification"

-#define NID_setext_cv		606

-#define OBJ_setext_cv		OBJ_set_msgExt,8L

-#define SN_set_policy_root		"set-policy-root"

-#define NID_set_policy_root		607

-#define OBJ_set_policy_root		OBJ_set_policy,0L

-#define SN_setCext_hashedRoot		"setCext-hashedRoot"

-#define NID_setCext_hashedRoot		608

-#define OBJ_setCext_hashedRoot		OBJ_set_certExt,0L

-#define SN_setCext_certType		"setCext-certType"

-#define NID_setCext_certType		609

-#define OBJ_setCext_certType		OBJ_set_certExt,1L

-#define SN_setCext_merchData		"setCext-merchData"

-#define NID_setCext_merchData		610

-#define OBJ_setCext_merchData		OBJ_set_certExt,2L

-#define SN_setCext_cCertRequired		"setCext-cCertRequired"

-#define NID_setCext_cCertRequired		611

-#define OBJ_setCext_cCertRequired		OBJ_set_certExt,3L

-#define SN_setCext_tunneling		"setCext-tunneling"

-#define NID_setCext_tunneling		612

-#define OBJ_setCext_tunneling		OBJ_set_certExt,4L

-#define SN_setCext_setExt		"setCext-setExt"

-#define NID_setCext_setExt		613

-#define OBJ_setCext_setExt		OBJ_set_certExt,5L

-#define SN_setCext_setQualf		"setCext-setQualf"

-#define NID_setCext_setQualf		614

-#define OBJ_setCext_setQualf		OBJ_set_certExt,6L

-#define SN_setCext_PGWYcapabilities		"setCext-PGWYcapabilities"

-#define NID_setCext_PGWYcapabilities		615

-#define OBJ_setCext_PGWYcapabilities		OBJ_set_certExt,7L

-#define SN_setCext_TokenIdentifier		"setCext-TokenIdentifier"

-#define NID_setCext_TokenIdentifier		616

-#define OBJ_setCext_TokenIdentifier		OBJ_set_certExt,8L

-#define SN_setCext_Track2Data		"setCext-Track2Data"

-#define NID_setCext_Track2Data		617

-#define OBJ_setCext_Track2Data		OBJ_set_certExt,9L

-#define SN_setCext_TokenType		"setCext-TokenType"

-#define NID_setCext_TokenType		618

-#define OBJ_setCext_TokenType		OBJ_set_certExt,10L

-#define SN_setCext_IssuerCapabilities		"setCext-IssuerCapabilities"

-#define NID_setCext_IssuerCapabilities		619

-#define OBJ_setCext_IssuerCapabilities		OBJ_set_certExt,11L

-#define SN_setAttr_Cert		"setAttr-Cert"

-#define NID_setAttr_Cert		620

-#define OBJ_setAttr_Cert		OBJ_set_attr,0L

-#define SN_setAttr_PGWYcap		"setAttr-PGWYcap"

-#define LN_setAttr_PGWYcap		"payment gateway capabilities"

-#define NID_setAttr_PGWYcap		621

-#define OBJ_setAttr_PGWYcap		OBJ_set_attr,1L

-#define SN_setAttr_TokenType		"setAttr-TokenType"

-#define NID_setAttr_TokenType		622

-#define OBJ_setAttr_TokenType		OBJ_set_attr,2L

-#define SN_setAttr_IssCap		"setAttr-IssCap"

-#define LN_setAttr_IssCap		"issuer capabilities"

-#define NID_setAttr_IssCap		623

-#define OBJ_setAttr_IssCap		OBJ_set_attr,3L

-#define SN_set_rootKeyThumb		"set-rootKeyThumb"

-#define NID_set_rootKeyThumb		624

-#define OBJ_set_rootKeyThumb		OBJ_setAttr_Cert,0L

-#define SN_set_addPolicy		"set-addPolicy"

-#define NID_set_addPolicy		625

-#define OBJ_set_addPolicy		OBJ_setAttr_Cert,1L

-#define SN_setAttr_Token_EMV		"setAttr-Token-EMV"

-#define NID_setAttr_Token_EMV		626

-#define OBJ_setAttr_Token_EMV		OBJ_setAttr_TokenType,1L

-#define SN_setAttr_Token_B0Prime		"setAttr-Token-B0Prime"

-#define NID_setAttr_Token_B0Prime		627

-#define OBJ_setAttr_Token_B0Prime		OBJ_setAttr_TokenType,2L

-#define SN_setAttr_IssCap_CVM		"setAttr-IssCap-CVM"

-#define NID_setAttr_IssCap_CVM		628

-#define OBJ_setAttr_IssCap_CVM		OBJ_setAttr_IssCap,3L

-#define SN_setAttr_IssCap_T2		"setAttr-IssCap-T2"

-#define NID_setAttr_IssCap_T2		629

-#define OBJ_setAttr_IssCap_T2		OBJ_setAttr_IssCap,4L

-#define SN_setAttr_IssCap_Sig		"setAttr-IssCap-Sig"

-#define NID_setAttr_IssCap_Sig		630

-#define OBJ_setAttr_IssCap_Sig		OBJ_setAttr_IssCap,5L

-#define SN_setAttr_GenCryptgrm		"setAttr-GenCryptgrm"

-#define LN_setAttr_GenCryptgrm		"generate cryptogram"

-#define NID_setAttr_GenCryptgrm		631

-#define OBJ_setAttr_GenCryptgrm		OBJ_setAttr_IssCap_CVM,1L

-#define SN_setAttr_T2Enc		"setAttr-T2Enc"

-#define LN_setAttr_T2Enc		"encrypted track 2"

-#define NID_setAttr_T2Enc		632

-#define OBJ_setAttr_T2Enc		OBJ_setAttr_IssCap_T2,1L

-#define SN_setAttr_T2cleartxt		"setAttr-T2cleartxt"

-#define LN_setAttr_T2cleartxt		"cleartext track 2"

-#define NID_setAttr_T2cleartxt		633

-#define OBJ_setAttr_T2cleartxt		OBJ_setAttr_IssCap_T2,2L

-#define SN_setAttr_TokICCsig		"setAttr-TokICCsig"

-#define LN_setAttr_TokICCsig		"ICC or token signature"

-#define NID_setAttr_TokICCsig		634

-#define OBJ_setAttr_TokICCsig		OBJ_setAttr_IssCap_Sig,1L

-#define SN_setAttr_SecDevSig		"setAttr-SecDevSig"

-#define LN_setAttr_SecDevSig		"secure device signature"

-#define NID_setAttr_SecDevSig		635

-#define OBJ_setAttr_SecDevSig		OBJ_setAttr_IssCap_Sig,2L

-#define SN_set_brand_IATA_ATA		"set-brand-IATA-ATA"

-#define NID_set_brand_IATA_ATA		636

-#define OBJ_set_brand_IATA_ATA		OBJ_set_brand,1L

-#define SN_set_brand_Diners		"set-brand-Diners"

-#define NID_set_brand_Diners		637

-#define OBJ_set_brand_Diners		OBJ_set_brand,30L

-#define SN_set_brand_AmericanExpress		"set-brand-AmericanExpress"

-#define NID_set_brand_AmericanExpress		638

-#define OBJ_set_brand_AmericanExpress		OBJ_set_brand,34L

-#define SN_set_brand_JCB		"set-brand-JCB"

-#define NID_set_brand_JCB		639

-#define OBJ_set_brand_JCB		OBJ_set_brand,35L

-#define SN_set_brand_Visa		"set-brand-Visa"

-#define NID_set_brand_Visa		640

-#define OBJ_set_brand_Visa		OBJ_set_brand,4L

-#define SN_set_brand_MasterCard		"set-brand-MasterCard"

-#define NID_set_brand_MasterCard		641

-#define OBJ_set_brand_MasterCard		OBJ_set_brand,5L

-#define SN_set_brand_Novus		"set-brand-Novus"

-#define NID_set_brand_Novus		642

-#define OBJ_set_brand_Novus		OBJ_set_brand,6011L

-#define SN_des_cdmf		"DES-CDMF"

-#define LN_des_cdmf		"des-cdmf"

-#define NID_des_cdmf		643

-#define OBJ_des_cdmf		OBJ_rsadsi,3L,10L

-#define SN_rsaOAEPEncryptionSET		"rsaOAEPEncryptionSET"

-#define NID_rsaOAEPEncryptionSET		644

-#define OBJ_rsaOAEPEncryptionSET		OBJ_rsadsi,1L,1L,6L

-#define SN_ipsec3		"Oakley-EC2N-3"

-#define LN_ipsec3		"ipsec3"

-#define NID_ipsec3		749

-#define SN_ipsec4		"Oakley-EC2N-4"

-#define LN_ipsec4		"ipsec4"

-#define NID_ipsec4		750

-#define SN_camellia_128_cbc		"CAMELLIA-128-CBC"

-#define LN_camellia_128_cbc		"camellia-128-cbc"

-#define NID_camellia_128_cbc		751

-#define OBJ_camellia_128_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,2L

-#define SN_camellia_192_cbc		"CAMELLIA-192-CBC"

-#define LN_camellia_192_cbc		"camellia-192-cbc"

-#define NID_camellia_192_cbc		752

-#define OBJ_camellia_192_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,3L

-#define SN_camellia_256_cbc		"CAMELLIA-256-CBC"

-#define LN_camellia_256_cbc		"camellia-256-cbc"

-#define NID_camellia_256_cbc		753

-#define OBJ_camellia_256_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,4L

-#define OBJ_ntt_ds		0L,3L,4401L,5L

-#define OBJ_camellia		OBJ_ntt_ds,3L,1L,9L

-#define SN_camellia_128_ecb		"CAMELLIA-128-ECB"

-#define LN_camellia_128_ecb		"camellia-128-ecb"

-#define NID_camellia_128_ecb		754

-#define OBJ_camellia_128_ecb		OBJ_camellia,1L

-#define SN_camellia_128_ofb128		"CAMELLIA-128-OFB"

-#define LN_camellia_128_ofb128		"camellia-128-ofb"

-#define NID_camellia_128_ofb128		766

-#define OBJ_camellia_128_ofb128		OBJ_camellia,3L

-#define SN_camellia_128_cfb128		"CAMELLIA-128-CFB"

-#define LN_camellia_128_cfb128		"camellia-128-cfb"

-#define NID_camellia_128_cfb128		757

-#define OBJ_camellia_128_cfb128		OBJ_camellia,4L

-#define SN_camellia_192_ecb		"CAMELLIA-192-ECB"

-#define LN_camellia_192_ecb		"camellia-192-ecb"

-#define NID_camellia_192_ecb		755

-#define OBJ_camellia_192_ecb		OBJ_camellia,21L

-#define SN_camellia_192_ofb128		"CAMELLIA-192-OFB"

-#define LN_camellia_192_ofb128		"camellia-192-ofb"

-#define NID_camellia_192_ofb128		767

-#define OBJ_camellia_192_ofb128		OBJ_camellia,23L

-#define SN_camellia_192_cfb128		"CAMELLIA-192-CFB"

-#define LN_camellia_192_cfb128		"camellia-192-cfb"

-#define NID_camellia_192_cfb128		758

-#define OBJ_camellia_192_cfb128		OBJ_camellia,24L

-#define SN_camellia_256_ecb		"CAMELLIA-256-ECB"

-#define LN_camellia_256_ecb		"camellia-256-ecb"

-#define NID_camellia_256_ecb		756

-#define OBJ_camellia_256_ecb		OBJ_camellia,41L

-#define SN_camellia_256_ofb128		"CAMELLIA-256-OFB"

-#define LN_camellia_256_ofb128		"camellia-256-ofb"

-#define NID_camellia_256_ofb128		768

-#define OBJ_camellia_256_ofb128		OBJ_camellia,43L

-#define SN_camellia_256_cfb128		"CAMELLIA-256-CFB"

-#define LN_camellia_256_cfb128		"camellia-256-cfb"

-#define NID_camellia_256_cfb128		759

-#define OBJ_camellia_256_cfb128		OBJ_camellia,44L

-#define SN_camellia_128_cfb1		"CAMELLIA-128-CFB1"

-#define LN_camellia_128_cfb1		"camellia-128-cfb1"

-#define NID_camellia_128_cfb1		760

-#define SN_camellia_192_cfb1		"CAMELLIA-192-CFB1"

-#define LN_camellia_192_cfb1		"camellia-192-cfb1"

-#define NID_camellia_192_cfb1		761

-#define SN_camellia_256_cfb1		"CAMELLIA-256-CFB1"

-#define LN_camellia_256_cfb1		"camellia-256-cfb1"

-#define NID_camellia_256_cfb1		762

-#define SN_camellia_128_cfb8		"CAMELLIA-128-CFB8"

-#define LN_camellia_128_cfb8		"camellia-128-cfb8"

-#define NID_camellia_128_cfb8		763

-#define SN_camellia_192_cfb8		"CAMELLIA-192-CFB8"

-#define LN_camellia_192_cfb8		"camellia-192-cfb8"

-#define NID_camellia_192_cfb8		764

-#define SN_camellia_256_cfb8		"CAMELLIA-256-CFB8"

-#define LN_camellia_256_cfb8		"camellia-256-cfb8"

-#define NID_camellia_256_cfb8		765

-#define SN_kisa		"KISA"

-#define LN_kisa		"kisa"

-#define NID_kisa		773

-#define OBJ_kisa		OBJ_member_body,410L,200004L

-#define SN_seed_ecb		"SEED-ECB"

-#define LN_seed_ecb		"seed-ecb"

-#define NID_seed_ecb		776

-#define OBJ_seed_ecb		OBJ_kisa,1L,3L

-#define SN_seed_cbc		"SEED-CBC"

-#define LN_seed_cbc		"seed-cbc"

-#define NID_seed_cbc		777

-#define OBJ_seed_cbc		OBJ_kisa,1L,4L

-#define SN_seed_cfb128		"SEED-CFB"

-#define LN_seed_cfb128		"seed-cfb"

-#define NID_seed_cfb128		779

-#define OBJ_seed_cfb128		OBJ_kisa,1L,5L

-#define SN_seed_ofb128		"SEED-OFB"

-#define LN_seed_ofb128		"seed-ofb"

-#define NID_seed_ofb128		778

-#define OBJ_seed_ofb128		OBJ_kisa,1L,6L

--- a/sys/include/ape/openssl/objects.h

+++ /dev/null

@@ -1,1049 +1,0 @@

-/* crypto/objects/objects.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_OBJECTS_H

-#define HEADER_OBJECTS_H

-#define USE_OBJ_MAC

-#ifdef USE_OBJ_MAC

-#include <openssl/obj_mac.h>

-#else

-#define SN_undef			"UNDEF"

-#define LN_undef			"undefined"

-#define NID_undef			0

-#define OBJ_undef			0L

-#define SN_Algorithm			"Algorithm"

-#define LN_algorithm			"algorithm"

-#define NID_algorithm			38

-#define OBJ_algorithm			1L,3L,14L,3L,2L

-#define LN_rsadsi			"rsadsi"

-#define NID_rsadsi			1

-#define OBJ_rsadsi			1L,2L,840L,113549L

-#define LN_pkcs				"pkcs"

-#define NID_pkcs			2

-#define OBJ_pkcs			OBJ_rsadsi,1L

-#define SN_md2				"MD2"

-#define LN_md2				"md2"

-#define NID_md2				3

-#define OBJ_md2				OBJ_rsadsi,2L,2L

-#define SN_md5				"MD5"

-#define LN_md5				"md5"

-#define NID_md5				4

-#define OBJ_md5				OBJ_rsadsi,2L,5L

-#define SN_rc4				"RC4"

-#define LN_rc4				"rc4"

-#define NID_rc4				5

-#define OBJ_rc4				OBJ_rsadsi,3L,4L

-#define LN_rsaEncryption		"rsaEncryption"

-#define NID_rsaEncryption		6

-#define OBJ_rsaEncryption		OBJ_pkcs,1L,1L

-#define SN_md2WithRSAEncryption		"RSA-MD2"

-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"

-#define NID_md2WithRSAEncryption	7

-#define OBJ_md2WithRSAEncryption	OBJ_pkcs,1L,2L

-#define SN_md5WithRSAEncryption		"RSA-MD5"

-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"

-#define NID_md5WithRSAEncryption	8

-#define OBJ_md5WithRSAEncryption	OBJ_pkcs,1L,4L

-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"

-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"

-#define NID_pbeWithMD2AndDES_CBC	9

-#define OBJ_pbeWithMD2AndDES_CBC	OBJ_pkcs,5L,1L

-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"

-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"

-#define NID_pbeWithMD5AndDES_CBC	10

-#define OBJ_pbeWithMD5AndDES_CBC	OBJ_pkcs,5L,3L

-#define LN_X500				"X500"

-#define NID_X500			11

-#define OBJ_X500			2L,5L

-#define LN_X509				"X509"

-#define NID_X509			12

-#define OBJ_X509			OBJ_X500,4L

-#define SN_commonName			"CN"

-#define LN_commonName			"commonName"

-#define NID_commonName			13

-#define OBJ_commonName			OBJ_X509,3L

-#define SN_countryName			"C"

-#define LN_countryName			"countryName"

-#define NID_countryName			14

-#define OBJ_countryName			OBJ_X509,6L

-#define SN_localityName			"L"

-#define LN_localityName			"localityName"

-#define NID_localityName		15

-#define OBJ_localityName		OBJ_X509,7L

-/* Postal Address? PA */

-/* should be "ST" (rfc1327) but MS uses 'S' */

-#define SN_stateOrProvinceName		"ST"

-#define LN_stateOrProvinceName		"stateOrProvinceName"

-#define NID_stateOrProvinceName		16

-#define OBJ_stateOrProvinceName		OBJ_X509,8L

-#define SN_organizationName		"O"

-#define LN_organizationName		"organizationName"

-#define NID_organizationName		17

-#define OBJ_organizationName		OBJ_X509,10L

-#define SN_organizationalUnitName	"OU"

-#define LN_organizationalUnitName	"organizationalUnitName"

-#define NID_organizationalUnitName	18

-#define OBJ_organizationalUnitName	OBJ_X509,11L

-#define SN_rsa				"RSA"

-#define LN_rsa				"rsa"

-#define NID_rsa				19

-#define OBJ_rsa				OBJ_X500,8L,1L,1L

-#define LN_pkcs7			"pkcs7"

-#define NID_pkcs7			20

-#define OBJ_pkcs7			OBJ_pkcs,7L

-#define LN_pkcs7_data			"pkcs7-data"

-#define NID_pkcs7_data			21

-#define OBJ_pkcs7_data			OBJ_pkcs7,1L

-#define LN_pkcs7_signed			"pkcs7-signedData"

-#define NID_pkcs7_signed		22

-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L

-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"

-#define NID_pkcs7_enveloped		23

-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L

-#define LN_pkcs7_signedAndEnveloped	"pkcs7-signedAndEnvelopedData"

-#define NID_pkcs7_signedAndEnveloped	24

-#define OBJ_pkcs7_signedAndEnveloped	OBJ_pkcs7,4L

-#define LN_pkcs7_digest			"pkcs7-digestData"

-#define NID_pkcs7_digest		25

-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L

-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"

-#define NID_pkcs7_encrypted		26

-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L

-#define LN_pkcs3			"pkcs3"

-#define NID_pkcs3			27

-#define OBJ_pkcs3			OBJ_pkcs,3L

-#define LN_dhKeyAgreement		"dhKeyAgreement"

-#define NID_dhKeyAgreement		28

-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L

-#define SN_des_ecb			"DES-ECB"

-#define LN_des_ecb			"des-ecb"

-#define NID_des_ecb			29

-#define OBJ_des_ecb			OBJ_algorithm,6L

-#define SN_des_cfb64			"DES-CFB"

-#define LN_des_cfb64			"des-cfb"

-#define NID_des_cfb64			30

-/* IV + num */

-#define OBJ_des_cfb64			OBJ_algorithm,9L

-#define SN_des_cbc			"DES-CBC"

-#define LN_des_cbc			"des-cbc"

-#define NID_des_cbc			31

-/* IV */

-#define OBJ_des_cbc			OBJ_algorithm,7L

-#define SN_des_ede			"DES-EDE"

-#define LN_des_ede			"des-ede"

-#define NID_des_ede			32

-/* ?? */

-#define OBJ_des_ede			OBJ_algorithm,17L

-#define SN_des_ede3			"DES-EDE3"

-#define LN_des_ede3			"des-ede3"

-#define NID_des_ede3			33

-#define SN_idea_cbc			"IDEA-CBC"

-#define LN_idea_cbc			"idea-cbc"

-#define NID_idea_cbc			34

-#define OBJ_idea_cbc			1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L

-#define SN_idea_cfb64			"IDEA-CFB"

-#define LN_idea_cfb64			"idea-cfb"

-#define NID_idea_cfb64			35

-#define SN_idea_ecb			"IDEA-ECB"

-#define LN_idea_ecb			"idea-ecb"

-#define NID_idea_ecb			36

-#define SN_rc2_cbc			"RC2-CBC"

-#define LN_rc2_cbc			"rc2-cbc"

-#define NID_rc2_cbc			37

-#define OBJ_rc2_cbc			OBJ_rsadsi,3L,2L

-#define SN_rc2_ecb			"RC2-ECB"

-#define LN_rc2_ecb			"rc2-ecb"

-#define NID_rc2_ecb			38

-#define SN_rc2_cfb64			"RC2-CFB"

-#define LN_rc2_cfb64			"rc2-cfb"

-#define NID_rc2_cfb64			39

-#define SN_rc2_ofb64			"RC2-OFB"

-#define LN_rc2_ofb64			"rc2-ofb"

-#define NID_rc2_ofb64			40

-#define SN_sha				"SHA"

-#define LN_sha				"sha"

-#define NID_sha				41

-#define OBJ_sha				OBJ_algorithm,18L

-#define SN_shaWithRSAEncryption		"RSA-SHA"

-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"

-#define NID_shaWithRSAEncryption	42

-#define OBJ_shaWithRSAEncryption	OBJ_algorithm,15L

-#define SN_des_ede_cbc			"DES-EDE-CBC"

-#define LN_des_ede_cbc			"des-ede-cbc"

-#define NID_des_ede_cbc			43

-#define SN_des_ede3_cbc			"DES-EDE3-CBC"

-#define LN_des_ede3_cbc			"des-ede3-cbc"

-#define NID_des_ede3_cbc		44

-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L

-#define SN_des_ofb64			"DES-OFB"

-#define LN_des_ofb64			"des-ofb"

-#define NID_des_ofb64			45

-#define OBJ_des_ofb64			OBJ_algorithm,8L

-#define SN_idea_ofb64			"IDEA-OFB"

-#define LN_idea_ofb64			"idea-ofb"

-#define NID_idea_ofb64			46

-#define LN_pkcs9			"pkcs9"

-#define NID_pkcs9			47

-#define OBJ_pkcs9			OBJ_pkcs,9L

-#define SN_pkcs9_emailAddress		"Email"

-#define LN_pkcs9_emailAddress		"emailAddress"

-#define NID_pkcs9_emailAddress		48

-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L

-#define LN_pkcs9_unstructuredName	"unstructuredName"

-#define NID_pkcs9_unstructuredName	49

-#define OBJ_pkcs9_unstructuredName	OBJ_pkcs9,2L

-#define LN_pkcs9_contentType		"contentType"

-#define NID_pkcs9_contentType		50

-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L

-#define LN_pkcs9_messageDigest		"messageDigest"

-#define NID_pkcs9_messageDigest		51

-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L

-#define LN_pkcs9_signingTime		"signingTime"

-#define NID_pkcs9_signingTime		52

-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L

-#define LN_pkcs9_countersignature	"countersignature"

-#define NID_pkcs9_countersignature	53

-#define OBJ_pkcs9_countersignature	OBJ_pkcs9,6L

-#define LN_pkcs9_challengePassword	"challengePassword"

-#define NID_pkcs9_challengePassword	54

-#define OBJ_pkcs9_challengePassword	OBJ_pkcs9,7L

-#define LN_pkcs9_unstructuredAddress	"unstructuredAddress"

-#define NID_pkcs9_unstructuredAddress	55

-#define OBJ_pkcs9_unstructuredAddress	OBJ_pkcs9,8L

-#define LN_pkcs9_extCertAttributes	"extendedCertificateAttributes"

-#define NID_pkcs9_extCertAttributes	56

-#define OBJ_pkcs9_extCertAttributes	OBJ_pkcs9,9L

-#define SN_netscape			"Netscape"

-#define LN_netscape			"Netscape Communications Corp."

-#define NID_netscape			57

-#define OBJ_netscape			2L,16L,840L,1L,113730L

-#define SN_netscape_cert_extension	"nsCertExt"

-#define LN_netscape_cert_extension	"Netscape Certificate Extension"

-#define NID_netscape_cert_extension	58

-#define OBJ_netscape_cert_extension	OBJ_netscape,1L

-#define SN_netscape_data_type		"nsDataType"

-#define LN_netscape_data_type		"Netscape Data Type"

-#define NID_netscape_data_type		59

-#define OBJ_netscape_data_type		OBJ_netscape,2L

-#define SN_des_ede_cfb64		"DES-EDE-CFB"

-#define LN_des_ede_cfb64		"des-ede-cfb"

-#define NID_des_ede_cfb64		60

-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"

-#define LN_des_ede3_cfb64		"des-ede3-cfb"

-#define NID_des_ede3_cfb64		61

-#define SN_des_ede_ofb64		"DES-EDE-OFB"

-#define LN_des_ede_ofb64		"des-ede-ofb"

-#define NID_des_ede_ofb64		62

-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"

-#define LN_des_ede3_ofb64		"des-ede3-ofb"

-#define NID_des_ede3_ofb64		63

-/* I'm not sure about the object ID */

-#define SN_sha1				"SHA1"

-#define LN_sha1				"sha1"

-#define NID_sha1			64

-#define OBJ_sha1			OBJ_algorithm,26L

-/* 28 Jun 1996 - eay */

-/* #define OBJ_sha1			1L,3L,14L,2L,26L,05L <- wrong */

-#define SN_sha1WithRSAEncryption	"RSA-SHA1"

-#define LN_sha1WithRSAEncryption	"sha1WithRSAEncryption"

-#define NID_sha1WithRSAEncryption	65

-#define OBJ_sha1WithRSAEncryption	OBJ_pkcs,1L,5L

-#define SN_dsaWithSHA			"DSA-SHA"

-#define LN_dsaWithSHA			"dsaWithSHA"

-#define NID_dsaWithSHA			66

-#define OBJ_dsaWithSHA			OBJ_algorithm,13L

-#define SN_dsa_2			"DSA-old"

-#define LN_dsa_2			"dsaEncryption-old"

-#define NID_dsa_2			67

-#define OBJ_dsa_2			OBJ_algorithm,12L

-/* proposed by microsoft to RSA */

-#define SN_pbeWithSHA1AndRC2_CBC	"PBE-SHA1-RC2-64"

-#define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"

-#define NID_pbeWithSHA1AndRC2_CBC	68

-#define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L

-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now

- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something

- * completely different.

- */

-#define LN_id_pbkdf2			"PBKDF2"

-#define NID_id_pbkdf2			69

-#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L

-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"

-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"

-#define NID_dsaWithSHA1_2		70

-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */

-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L

-#define SN_netscape_cert_type		"nsCertType"

-#define LN_netscape_cert_type		"Netscape Cert Type"

-#define NID_netscape_cert_type		71

-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L

-#define SN_netscape_base_url		"nsBaseUrl"

-#define LN_netscape_base_url		"Netscape Base Url"

-#define NID_netscape_base_url		72

-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L

-#define SN_netscape_revocation_url	"nsRevocationUrl"

-#define LN_netscape_revocation_url	"Netscape Revocation Url"

-#define NID_netscape_revocation_url	73

-#define OBJ_netscape_revocation_url	OBJ_netscape_cert_extension,3L

-#define SN_netscape_ca_revocation_url	"nsCaRevocationUrl"

-#define LN_netscape_ca_revocation_url	"Netscape CA Revocation Url"

-#define NID_netscape_ca_revocation_url	74

-#define OBJ_netscape_ca_revocation_url	OBJ_netscape_cert_extension,4L

-#define SN_netscape_renewal_url		"nsRenewalUrl"

-#define LN_netscape_renewal_url		"Netscape Renewal Url"

-#define NID_netscape_renewal_url	75

-#define OBJ_netscape_renewal_url	OBJ_netscape_cert_extension,7L

-#define SN_netscape_ca_policy_url	"nsCaPolicyUrl"

-#define LN_netscape_ca_policy_url	"Netscape CA Policy Url"

-#define NID_netscape_ca_policy_url	76

-#define OBJ_netscape_ca_policy_url	OBJ_netscape_cert_extension,8L

-#define SN_netscape_ssl_server_name	"nsSslServerName"

-#define LN_netscape_ssl_server_name	"Netscape SSL Server Name"

-#define NID_netscape_ssl_server_name	77

-#define OBJ_netscape_ssl_server_name	OBJ_netscape_cert_extension,12L

-#define SN_netscape_comment		"nsComment"

-#define LN_netscape_comment		"Netscape Comment"

-#define NID_netscape_comment		78

-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L

-#define SN_netscape_cert_sequence	"nsCertSequence"

-#define LN_netscape_cert_sequence	"Netscape Certificate Sequence"

-#define NID_netscape_cert_sequence	79

-#define OBJ_netscape_cert_sequence	OBJ_netscape_data_type,5L

-#define SN_desx_cbc			"DESX-CBC"

-#define LN_desx_cbc			"desx-cbc"

-#define NID_desx_cbc			80

-#define SN_id_ce			"id-ce"

-#define NID_id_ce			81

-#define OBJ_id_ce			2L,5L,29L

-#define SN_subject_key_identifier	"subjectKeyIdentifier"

-#define LN_subject_key_identifier	"X509v3 Subject Key Identifier"

-#define NID_subject_key_identifier	82

-#define OBJ_subject_key_identifier	OBJ_id_ce,14L

-#define SN_key_usage			"keyUsage"

-#define LN_key_usage			"X509v3 Key Usage"

-#define NID_key_usage			83

-#define OBJ_key_usage			OBJ_id_ce,15L

-#define SN_private_key_usage_period	"privateKeyUsagePeriod"

-#define LN_private_key_usage_period	"X509v3 Private Key Usage Period"

-#define NID_private_key_usage_period	84

-#define OBJ_private_key_usage_period	OBJ_id_ce,16L

-#define SN_subject_alt_name		"subjectAltName"

-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"

-#define NID_subject_alt_name		85

-#define OBJ_subject_alt_name		OBJ_id_ce,17L

-#define SN_issuer_alt_name		"issuerAltName"

-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"

-#define NID_issuer_alt_name		86

-#define OBJ_issuer_alt_name		OBJ_id_ce,18L

-#define SN_basic_constraints		"basicConstraints"

-#define LN_basic_constraints		"X509v3 Basic Constraints"

-#define NID_basic_constraints		87

-#define OBJ_basic_constraints		OBJ_id_ce,19L

-#define SN_crl_number			"crlNumber"

-#define LN_crl_number			"X509v3 CRL Number"

-#define NID_crl_number			88

-#define OBJ_crl_number			OBJ_id_ce,20L

-#define SN_certificate_policies		"certificatePolicies"

-#define LN_certificate_policies		"X509v3 Certificate Policies"

-#define NID_certificate_policies	89

-#define OBJ_certificate_policies	OBJ_id_ce,32L

-#define SN_authority_key_identifier	"authorityKeyIdentifier"

-#define LN_authority_key_identifier	"X509v3 Authority Key Identifier"

-#define NID_authority_key_identifier	90

-#define OBJ_authority_key_identifier	OBJ_id_ce,35L

-#define SN_bf_cbc			"BF-CBC"

-#define LN_bf_cbc			"bf-cbc"

-#define NID_bf_cbc			91

-#define OBJ_bf_cbc			1L,3L,6L,1L,4L,1L,3029L,1L,2L

-#define SN_bf_ecb			"BF-ECB"

-#define LN_bf_ecb			"bf-ecb"

-#define NID_bf_ecb			92

-#define SN_bf_cfb64			"BF-CFB"

-#define LN_bf_cfb64			"bf-cfb"

-#define NID_bf_cfb64			93

-#define SN_bf_ofb64			"BF-OFB"

-#define LN_bf_ofb64			"bf-ofb"

-#define NID_bf_ofb64			94

-#define SN_mdc2				"MDC2"

-#define LN_mdc2				"mdc2"

-#define NID_mdc2			95

-#define OBJ_mdc2			2L,5L,8L,3L,101L

-/* An alternative?			1L,3L,14L,3L,2L,19L */

-#define SN_mdc2WithRSA			"RSA-MDC2"

-#define LN_mdc2WithRSA			"mdc2withRSA"

-#define NID_mdc2WithRSA			96

-#define OBJ_mdc2WithRSA			2L,5L,8L,3L,100L

-#define SN_rc4_40			"RC4-40"

-#define LN_rc4_40			"rc4-40"

-#define NID_rc4_40			97

-#define SN_rc2_40_cbc			"RC2-40-CBC"

-#define LN_rc2_40_cbc			"rc2-40-cbc"

-#define NID_rc2_40_cbc			98

-#define SN_givenName			"G"

-#define LN_givenName			"givenName"

-#define NID_givenName			99

-#define OBJ_givenName			OBJ_X509,42L

-#define SN_surname			"S"

-#define LN_surname			"surname"

-#define NID_surname			100

-#define OBJ_surname			OBJ_X509,4L

-#define SN_initials			"I"

-#define LN_initials			"initials"

-#define NID_initials			101

-#define OBJ_initials			OBJ_X509,43L

-#define SN_uniqueIdentifier		"UID"

-#define LN_uniqueIdentifier		"uniqueIdentifier"

-#define NID_uniqueIdentifier		102

-#define OBJ_uniqueIdentifier		OBJ_X509,45L

-#define SN_crl_distribution_points	"crlDistributionPoints"

-#define LN_crl_distribution_points	"X509v3 CRL Distribution Points"

-#define NID_crl_distribution_points	103

-#define OBJ_crl_distribution_points	OBJ_id_ce,31L

-#define SN_md5WithRSA			"RSA-NP-MD5"

-#define LN_md5WithRSA			"md5WithRSA"

-#define NID_md5WithRSA			104

-#define OBJ_md5WithRSA			OBJ_algorithm,3L

-#define SN_serialNumber			"SN"

-#define LN_serialNumber			"serialNumber"

-#define NID_serialNumber		105

-#define OBJ_serialNumber		OBJ_X509,5L

-#define SN_title			"T"

-#define LN_title			"title"

-#define NID_title			106

-#define OBJ_title			OBJ_X509,12L

-#define SN_description			"D"

-#define LN_description			"description"

-#define NID_description			107

-#define OBJ_description			OBJ_X509,13L

-/* CAST5 is CAST-128, I'm just sticking with the documentation */

-#define SN_cast5_cbc			"CAST5-CBC"

-#define LN_cast5_cbc			"cast5-cbc"

-#define NID_cast5_cbc			108

-#define OBJ_cast5_cbc			1L,2L,840L,113533L,7L,66L,10L

-#define SN_cast5_ecb			"CAST5-ECB"

-#define LN_cast5_ecb			"cast5-ecb"

-#define NID_cast5_ecb			109

-#define SN_cast5_cfb64			"CAST5-CFB"

-#define LN_cast5_cfb64			"cast5-cfb"

-#define NID_cast5_cfb64			110

-#define SN_cast5_ofb64			"CAST5-OFB"

-#define LN_cast5_ofb64			"cast5-ofb"

-#define NID_cast5_ofb64			111

-#define LN_pbeWithMD5AndCast5_CBC	"pbeWithMD5AndCast5CBC"

-#define NID_pbeWithMD5AndCast5_CBC	112

-#define OBJ_pbeWithMD5AndCast5_CBC	1L,2L,840L,113533L,7L,66L,12L

-/* This is one sun will soon be using :-(

- * id-dsa-with-sha1 ID  ::= {

- *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }

- */

-#define SN_dsaWithSHA1			"DSA-SHA1"

-#define LN_dsaWithSHA1			"dsaWithSHA1"

-#define NID_dsaWithSHA1			113

-#define OBJ_dsaWithSHA1			1L,2L,840L,10040L,4L,3L

-#define NID_md5_sha1			114

-#define SN_md5_sha1			"MD5-SHA1"

-#define LN_md5_sha1			"md5-sha1"

-#define SN_sha1WithRSA			"RSA-SHA1-2"

-#define LN_sha1WithRSA			"sha1WithRSA"

-#define NID_sha1WithRSA			115

-#define OBJ_sha1WithRSA			OBJ_algorithm,29L

-#define SN_dsa				"DSA"

-#define LN_dsa				"dsaEncryption"

-#define NID_dsa				116

-#define OBJ_dsa				1L,2L,840L,10040L,4L,1L

-#define SN_ripemd160			"RIPEMD160"

-#define LN_ripemd160			"ripemd160"

-#define NID_ripemd160			117

-#define OBJ_ripemd160			1L,3L,36L,3L,2L,1L

-/* The name should actually be rsaSignatureWithripemd160, but I'm going

- * to continue using the convention I'm using with the other ciphers */

-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"

-#define LN_ripemd160WithRSA		"ripemd160WithRSA"

-#define NID_ripemd160WithRSA		119

-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L

-/* Taken from rfc2040

- *  RC5_CBC_Parameters ::= SEQUENCE {

- *	version           INTEGER (v1_0(16)),

- *	rounds            INTEGER (8..127),

- *	blockSizeInBits   INTEGER (64, 128),

- *	iv                OCTET STRING OPTIONAL

- *	}

- */

-#define SN_rc5_cbc			"RC5-CBC"

-#define LN_rc5_cbc			"rc5-cbc"

-#define NID_rc5_cbc			120

-#define OBJ_rc5_cbc			OBJ_rsadsi,3L,8L

-#define SN_rc5_ecb			"RC5-ECB"

-#define LN_rc5_ecb			"rc5-ecb"

-#define NID_rc5_ecb			121

-#define SN_rc5_cfb64			"RC5-CFB"

-#define LN_rc5_cfb64			"rc5-cfb"

-#define NID_rc5_cfb64			122

-#define SN_rc5_ofb64			"RC5-OFB"

-#define LN_rc5_ofb64			"rc5-ofb"

-#define NID_rc5_ofb64			123

-#define SN_rle_compression		"RLE"

-#define LN_rle_compression		"run length compression"

-#define NID_rle_compression		124

-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L

-#define SN_zlib_compression		"ZLIB"

-#define LN_zlib_compression		"zlib compression"

-#define NID_zlib_compression		125

-#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L

-#define SN_ext_key_usage		"extendedKeyUsage"

-#define LN_ext_key_usage		"X509v3 Extended Key Usage"

-#define NID_ext_key_usage		126

-#define OBJ_ext_key_usage		OBJ_id_ce,37

-#define SN_id_pkix			"PKIX"

-#define NID_id_pkix			127

-#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L

-#define SN_id_kp			"id-kp"

-#define NID_id_kp			128

-#define OBJ_id_kp			OBJ_id_pkix,3L

-/* PKIX extended key usage OIDs */

-#define SN_server_auth			"serverAuth"

-#define LN_server_auth			"TLS Web Server Authentication"

-#define NID_server_auth			129

-#define OBJ_server_auth			OBJ_id_kp,1L

-#define SN_client_auth			"clientAuth"

-#define LN_client_auth			"TLS Web Client Authentication"

-#define NID_client_auth			130

-#define OBJ_client_auth			OBJ_id_kp,2L

-#define SN_code_sign			"codeSigning"

-#define LN_code_sign			"Code Signing"

-#define NID_code_sign			131

-#define OBJ_code_sign			OBJ_id_kp,3L

-#define SN_email_protect		"emailProtection"

-#define LN_email_protect		"E-mail Protection"

-#define NID_email_protect		132

-#define OBJ_email_protect		OBJ_id_kp,4L

-#define SN_time_stamp			"timeStamping"

-#define LN_time_stamp			"Time Stamping"

-#define NID_time_stamp			133

-#define OBJ_time_stamp			OBJ_id_kp,8L

-/* Additional extended key usage OIDs: Microsoft */

-#define SN_ms_code_ind			"msCodeInd"

-#define LN_ms_code_ind			"Microsoft Individual Code Signing"

-#define NID_ms_code_ind			134

-#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L

-#define SN_ms_code_com			"msCodeCom"

-#define LN_ms_code_com			"Microsoft Commercial Code Signing"

-#define NID_ms_code_com			135

-#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L

-#define SN_ms_ctl_sign			"msCTLSign"

-#define LN_ms_ctl_sign			"Microsoft Trust List Signing"

-#define NID_ms_ctl_sign			136

-#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L

-#define SN_ms_sgc			"msSGC"

-#define LN_ms_sgc			"Microsoft Server Gated Crypto"

-#define NID_ms_sgc			137

-#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L

-#define SN_ms_efs			"msEFS"

-#define LN_ms_efs			"Microsoft Encrypted File System"

-#define NID_ms_efs			138

-#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L

-/* Additional usage: Netscape */

-#define SN_ns_sgc			"nsSGC"

-#define LN_ns_sgc			"Netscape Server Gated Crypto"

-#define NID_ns_sgc			139

-#define OBJ_ns_sgc			OBJ_netscape,4L,1L

-#define SN_delta_crl			"deltaCRL"

-#define LN_delta_crl			"X509v3 Delta CRL Indicator"

-#define NID_delta_crl			140

-#define OBJ_delta_crl			OBJ_id_ce,27L

-#define SN_crl_reason			"CRLReason"

-#define LN_crl_reason			"CRL Reason Code"

-#define NID_crl_reason			141

-#define OBJ_crl_reason			OBJ_id_ce,21L

-#define SN_invalidity_date		"invalidityDate"

-#define LN_invalidity_date		"Invalidity Date"

-#define NID_invalidity_date		142

-#define OBJ_invalidity_date		OBJ_id_ce,24L

-#define SN_sxnet			"SXNetID"

-#define LN_sxnet			"Strong Extranet ID"

-#define NID_sxnet			143

-#define OBJ_sxnet			1L,3L,101L,1L,4L,1L

-/* PKCS12 and related OBJECT IDENTIFIERS */

-#define OBJ_pkcs12			OBJ_pkcs,12L

-#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1

-#define SN_pbe_WithSHA1And128BitRC4	"PBE-SHA1-RC4-128"

-#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"

-#define NID_pbe_WithSHA1And128BitRC4	144

-#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L

-#define SN_pbe_WithSHA1And40BitRC4	"PBE-SHA1-RC4-40"

-#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"

-#define NID_pbe_WithSHA1And40BitRC4	145

-#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L

-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC	"PBE-SHA1-3DES"

-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146

-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L

-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC	"PBE-SHA1-2DES"

-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147

-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L

-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"

-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"

-#define NID_pbe_WithSHA1And128BitRC2_CBC	148

-#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L

-#define SN_pbe_WithSHA1And40BitRC2_CBC	"PBE-SHA1-RC2-40"

-#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"

-#define NID_pbe_WithSHA1And40BitRC2_CBC	149

-#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L

-#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L

-#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L

-#define LN_keyBag		"keyBag"

-#define NID_keyBag		150

-#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L

-#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"

-#define NID_pkcs8ShroudedKeyBag	151

-#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L

-#define LN_certBag		"certBag"

-#define NID_certBag		152

-#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L

-#define LN_crlBag		"crlBag"

-#define NID_crlBag		153

-#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L

-#define LN_secretBag		"secretBag"

-#define NID_secretBag		154

-#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L

-#define LN_safeContentsBag	"safeContentsBag"

-#define NID_safeContentsBag	155

-#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L

-#define LN_friendlyName		"friendlyName"

-#define	NID_friendlyName	156

-#define OBJ_friendlyName	OBJ_pkcs9, 20L

-#define LN_localKeyID		"localKeyID"

-#define	NID_localKeyID		157

-#define OBJ_localKeyID		OBJ_pkcs9, 21L

-#define OBJ_certTypes		OBJ_pkcs9, 22L

-#define LN_x509Certificate	"x509Certificate"

-#define	NID_x509Certificate	158

-#define OBJ_x509Certificate	OBJ_certTypes, 1L

-#define LN_sdsiCertificate	"sdsiCertificate"

-#define	NID_sdsiCertificate	159

-#define OBJ_sdsiCertificate	OBJ_certTypes, 2L

-#define OBJ_crlTypes		OBJ_pkcs9, 23L

-#define LN_x509Crl		"x509Crl"

-#define	NID_x509Crl		160

-#define OBJ_x509Crl		OBJ_crlTypes, 1L

-/* PKCS#5 v2 OIDs */

-#define LN_pbes2		"PBES2"

-#define NID_pbes2		161

-#define OBJ_pbes2		OBJ_pkcs,5L,13L

-#define LN_pbmac1		"PBMAC1"

-#define NID_pbmac1		162

-#define OBJ_pbmac1		OBJ_pkcs,5L,14L

-#define LN_hmacWithSHA1		"hmacWithSHA1"

-#define NID_hmacWithSHA1	163

-#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L

-/* Policy Qualifier Ids */

-#define LN_id_qt_cps		"Policy Qualifier CPS"

-#define SN_id_qt_cps		"id-qt-cps"

-#define NID_id_qt_cps		164

-#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L

-#define LN_id_qt_unotice	"Policy Qualifier User Notice"

-#define SN_id_qt_unotice	"id-qt-unotice"

-#define NID_id_qt_unotice	165

-#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L

-#define SN_rc2_64_cbc			"RC2-64-CBC"

-#define LN_rc2_64_cbc			"rc2-64-cbc"

-#define NID_rc2_64_cbc			166

-#define SN_SMIMECapabilities		"SMIME-CAPS"

-#define LN_SMIMECapabilities		"S/MIME Capabilities"

-#define NID_SMIMECapabilities		167

-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L

-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"

-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"

-#define NID_pbeWithMD2AndRC2_CBC	168

-#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L

-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"

-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"

-#define NID_pbeWithMD5AndRC2_CBC	169

-#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L

-#define SN_pbeWithSHA1AndDES_CBC	"PBE-SHA1-DES"

-#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"

-#define NID_pbeWithSHA1AndDES_CBC	170

-#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L

-/* Extension request OIDs */

-#define LN_ms_ext_req			"Microsoft Extension Request"

-#define SN_ms_ext_req			"msExtReq"

-#define NID_ms_ext_req			171

-#define OBJ_ms_ext_req			1L,3L,6L,1L,4L,1L,311L,2L,1L,14L

-#define LN_ext_req			"Extension Request"

-#define SN_ext_req			"extReq"

-#define NID_ext_req			172

-#define OBJ_ext_req			OBJ_pkcs9,14L

-#define SN_name				"name"

-#define LN_name				"name"

-#define NID_name			173

-#define OBJ_name			OBJ_X509,41L

-#define SN_dnQualifier			"dnQualifier"

-#define LN_dnQualifier			"dnQualifier"

-#define NID_dnQualifier			174

-#define OBJ_dnQualifier			OBJ_X509,46L

-#define SN_id_pe			"id-pe"

-#define NID_id_pe			175

-#define OBJ_id_pe			OBJ_id_pkix,1L

-#define SN_id_ad			"id-ad"

-#define NID_id_ad			176

-#define OBJ_id_ad			OBJ_id_pkix,48L

-#define SN_info_access			"authorityInfoAccess"

-#define LN_info_access			"Authority Information Access"

-#define NID_info_access			177

-#define OBJ_info_access			OBJ_id_pe,1L

-#define SN_ad_OCSP			"OCSP"

-#define LN_ad_OCSP			"OCSP"

-#define NID_ad_OCSP			178

-#define OBJ_ad_OCSP			OBJ_id_ad,1L

-#define SN_ad_ca_issuers		"caIssuers"

-#define LN_ad_ca_issuers		"CA Issuers"

-#define NID_ad_ca_issuers		179

-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L

-#define SN_OCSP_sign			"OCSPSigning"

-#define LN_OCSP_sign			"OCSP Signing"

-#define NID_OCSP_sign			180

-#define OBJ_OCSP_sign			OBJ_id_kp,9L

-#endif /* USE_OBJ_MAC */

-#include <openssl/bio.h>

-#include <openssl/asn1.h>

-#define	OBJ_NAME_TYPE_UNDEF		0x00

-#define	OBJ_NAME_TYPE_MD_METH		0x01

-#define	OBJ_NAME_TYPE_CIPHER_METH	0x02

-#define	OBJ_NAME_TYPE_PKEY_METH		0x03

-#define	OBJ_NAME_TYPE_COMP_METH		0x04

-#define	OBJ_NAME_TYPE_NUM		0x05

-#define	OBJ_NAME_ALIAS			0x8000

-#define OBJ_BSEARCH_VALUE_ON_NOMATCH		0x01

-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH	0x02

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct obj_name_st

-	{

-	int type;

-	int alias;

-	const char *name;

-	const char *data;

-	} OBJ_NAME;

-#define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)

-int OBJ_NAME_init(void);

-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),

-		       int (*cmp_func)(const char *, const char *),

-		       void (*free_func)(const char *, int, const char *));

-const char *OBJ_NAME_get(const char *name,int type);

-int OBJ_NAME_add(const char *name,int type,const char *data);

-int OBJ_NAME_remove(const char *name,int type);

-void OBJ_NAME_cleanup(int type); /* -1 for everything */

-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),

-		     void *arg);

-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),

-			    void *arg);

-ASN1_OBJECT *	OBJ_dup(const ASN1_OBJECT *o);

-ASN1_OBJECT *	OBJ_nid2obj(int n);

-const char *	OBJ_nid2ln(int n);

-const char *	OBJ_nid2sn(int n);

-int		OBJ_obj2nid(const ASN1_OBJECT *o);

-ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);

-int	OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);

-int		OBJ_txt2nid(const char *s);

-int		OBJ_ln2nid(const char *s);

-int		OBJ_sn2nid(const char *s);

-int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);

-const char *	OBJ_bsearch(const char *key,const char *base,int num,int size,

-	int (*cmp)(const void *, const void *));

-const char *	OBJ_bsearch_ex(const char *key,const char *base,int num,

-	int size, int (*cmp)(const void *, const void *), int flags);

-int		OBJ_new_nid(int num);

-int		OBJ_add_object(const ASN1_OBJECT *obj);

-int		OBJ_create(const char *oid,const char *sn,const char *ln);

-void		OBJ_cleanup(void );

-int		OBJ_create_objects(BIO *in);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_OBJ_strings(void);

-/* Error codes for the OBJ functions. */

-/* Function codes. */

-#define OBJ_F_OBJ_ADD_OBJECT				 105

-#define OBJ_F_OBJ_CREATE				 100

-#define OBJ_F_OBJ_DUP					 101

-#define OBJ_F_OBJ_NAME_NEW_INDEX			 106

-#define OBJ_F_OBJ_NID2LN				 102

-#define OBJ_F_OBJ_NID2OBJ				 103

-#define OBJ_F_OBJ_NID2SN				 104

-/* Reason codes. */

-#define OBJ_R_MALLOC_FAILURE				 100

-#define OBJ_R_UNKNOWN_NID				 101

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ocsp.h

+++ /dev/null

@@ -1,614 +1,0 @@

-/* ocsp.h */

-/* Written by Tom Titchener <[email protected]> for the OpenSSL

- * project. */

-/* History:

-   This file was transfered to Richard Levitte from CertCo by Kathy

-   Weinhold in mid-spring 2000 to be included in OpenSSL or released

-   as a patch kit. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_OCSP_H

-#define HEADER_OCSP_H

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/safestack.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Various flags and values */

-#define OCSP_DEFAULT_NONCE_LENGTH	16

-#define OCSP_NOCERTS			0x1

-#define OCSP_NOINTERN			0x2

-#define OCSP_NOSIGS			0x4

-#define OCSP_NOCHAIN			0x8

-#define OCSP_NOVERIFY			0x10

-#define OCSP_NOEXPLICIT			0x20

-#define OCSP_NOCASIGN			0x40

-#define OCSP_NODELEGATED		0x80

-#define OCSP_NOCHECKS			0x100

-#define OCSP_TRUSTOTHER			0x200

-#define OCSP_RESPID_KEY			0x400

-#define OCSP_NOTIME			0x800

-/*   CertID ::= SEQUENCE {

- *       hashAlgorithm            AlgorithmIdentifier,

- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN

- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)

- *       serialNumber       CertificateSerialNumber }

- */

-typedef struct ocsp_cert_id_st

-	{

-	X509_ALGOR *hashAlgorithm;

-	ASN1_OCTET_STRING *issuerNameHash;

-	ASN1_OCTET_STRING *issuerKeyHash;

-	ASN1_INTEGER *serialNumber;

-	} OCSP_CERTID;

-DECLARE_STACK_OF(OCSP_CERTID)

-/*   Request ::=     SEQUENCE {

- *       reqCert                    CertID,

- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_one_request_st

-	{

-	OCSP_CERTID *reqCert;

-	STACK_OF(X509_EXTENSION) *singleRequestExtensions;

-	} OCSP_ONEREQ;

-DECLARE_STACK_OF(OCSP_ONEREQ)

-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)

-/*   TBSRequest      ::=     SEQUENCE {

- *       version             [0] EXPLICIT Version DEFAULT v1,

- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,

- *       requestList             SEQUENCE OF Request,

- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_req_info_st

-	{

-	ASN1_INTEGER *version;

-	GENERAL_NAME *requestorName;

-	STACK_OF(OCSP_ONEREQ) *requestList;

-	STACK_OF(X509_EXTENSION) *requestExtensions;

-	} OCSP_REQINFO;

-/*   Signature       ::=     SEQUENCE {

- *       signatureAlgorithm   AlgorithmIdentifier,

- *       signature            BIT STRING,

- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

- */

-typedef struct ocsp_signature_st

-	{

-	X509_ALGOR *signatureAlgorithm;

-	ASN1_BIT_STRING *signature;

-	STACK_OF(X509) *certs;

-	} OCSP_SIGNATURE;

-/*   OCSPRequest     ::=     SEQUENCE {

- *       tbsRequest                  TBSRequest,

- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }

- */

-typedef struct ocsp_request_st

-	{

-	OCSP_REQINFO *tbsRequest;

-	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */

-	} OCSP_REQUEST;

-/*   OCSPResponseStatus ::= ENUMERATED {

- *       successful            (0),      --Response has valid confirmations

- *       malformedRequest      (1),      --Illegal confirmation request

- *       internalError         (2),      --Internal error in issuer

- *       tryLater              (3),      --Try again later

- *                                       --(4) is not used

- *       sigRequired           (5),      --Must sign the request

- *       unauthorized          (6)       --Request unauthorized

- *   }

- */

-#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0

-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1

-#define OCSP_RESPONSE_STATUS_INTERNALERROR        2

-#define OCSP_RESPONSE_STATUS_TRYLATER             3

-#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5

-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6

-/*   ResponseBytes ::=       SEQUENCE {

- *       responseType   OBJECT IDENTIFIER,

- *       response       OCTET STRING }

- */

-typedef struct ocsp_resp_bytes_st

-	{

-	ASN1_OBJECT *responseType;

-	ASN1_OCTET_STRING *response;

-	} OCSP_RESPBYTES;

-/*   OCSPResponse ::= SEQUENCE {

- *      responseStatus         OCSPResponseStatus,

- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

- */

-typedef struct ocsp_response_st

-	{

-	ASN1_ENUMERATED *responseStatus;

-	OCSP_RESPBYTES  *responseBytes;

-	} OCSP_RESPONSE;

-/*   ResponderID ::= CHOICE {

- *      byName   [1] Name,

- *      byKey    [2] KeyHash }

- */

-#define V_OCSP_RESPID_NAME 0

-#define V_OCSP_RESPID_KEY  1

-typedef struct ocsp_responder_id_st

-	{

-	int type;

-	union   {

-		X509_NAME* byName;

-        	ASN1_OCTET_STRING *byKey;

-		} value;

-	} OCSP_RESPID;

-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key

- *                            --(excluding the tag and length fields)

- */

-/*   RevokedInfo ::= SEQUENCE {

- *       revocationTime              GeneralizedTime,

- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

- */

-typedef struct ocsp_revoked_info_st

-	{

-	ASN1_GENERALIZEDTIME *revocationTime;

-	ASN1_ENUMERATED *revocationReason;

-	} OCSP_REVOKEDINFO;

-/*   CertStatus ::= CHOICE {

- *       good                [0]     IMPLICIT NULL,

- *       revoked             [1]     IMPLICIT RevokedInfo,

- *       unknown             [2]     IMPLICIT UnknownInfo }

- */

-#define V_OCSP_CERTSTATUS_GOOD    0

-#define V_OCSP_CERTSTATUS_REVOKED 1

-#define V_OCSP_CERTSTATUS_UNKNOWN 2

-typedef struct ocsp_cert_status_st

-	{

-	int type;

-	union	{

-		ASN1_NULL *good;

-		OCSP_REVOKEDINFO *revoked;

-		ASN1_NULL *unknown;

-		} value;

-	} OCSP_CERTSTATUS;

-/*   SingleResponse ::= SEQUENCE {

- *      certID                       CertID,

- *      certStatus                   CertStatus,

- *      thisUpdate                   GeneralizedTime,

- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,

- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_single_response_st

-	{

-	OCSP_CERTID *certId;

-	OCSP_CERTSTATUS *certStatus;

-	ASN1_GENERALIZEDTIME *thisUpdate;

-	ASN1_GENERALIZEDTIME *nextUpdate;

-	STACK_OF(X509_EXTENSION) *singleExtensions;

-	} OCSP_SINGLERESP;

-DECLARE_STACK_OF(OCSP_SINGLERESP)

-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)

-/*   ResponseData ::= SEQUENCE {

- *      version              [0] EXPLICIT Version DEFAULT v1,

- *      responderID              ResponderID,

- *      producedAt               GeneralizedTime,

- *      responses                SEQUENCE OF SingleResponse,

- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_response_data_st

-	{

-	ASN1_INTEGER *version;

-	OCSP_RESPID  *responderId;

-	ASN1_GENERALIZEDTIME *producedAt;

-	STACK_OF(OCSP_SINGLERESP) *responses;

-	STACK_OF(X509_EXTENSION) *responseExtensions;

-	} OCSP_RESPDATA;

-/*   BasicOCSPResponse       ::= SEQUENCE {

- *      tbsResponseData      ResponseData,

- *      signatureAlgorithm   AlgorithmIdentifier,

- *      signature            BIT STRING,

- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

- */

-  /* Note 1:

-     The value for "signature" is specified in the OCSP rfc2560 as follows:

-     "The value for the signature SHALL be computed on the hash of the DER

-     encoding ResponseData."  This means that you must hash the DER-encoded

-     tbsResponseData, and then run it through a crypto-signing function, which

-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems

-     a bit odd, but that's the spec.  Also note that the data structures do not

-     leave anywhere to independently specify the algorithm used for the initial

-     hash. So, we look at the signature-specification algorithm, and try to do

-     something intelligent.	-- Kathy Weinhold, CertCo */

-  /* Note 2:

-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open

-     for interpretation.  I've done tests against another responder, and found

-     that it doesn't do the double hashing that the RFC seems to say one

-     should.  Therefore, all relevant functions take a flag saying which

-     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */

-typedef struct ocsp_basic_response_st

-	{

-	OCSP_RESPDATA *tbsResponseData;

-	X509_ALGOR *signatureAlgorithm;

-	ASN1_BIT_STRING *signature;

-	STACK_OF(X509) *certs;

-	} OCSP_BASICRESP;

-/*

- *   CRLReason ::= ENUMERATED {

- *        unspecified             (0),

- *        keyCompromise           (1),

- *        cACompromise            (2),

- *        affiliationChanged      (3),

- *        superseded              (4),

- *        cessationOfOperation    (5),

- *        certificateHold         (6),

- *        removeFromCRL           (8) }

- */

-#define OCSP_REVOKED_STATUS_NOSTATUS               -1

-#define OCSP_REVOKED_STATUS_UNSPECIFIED             0

-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1

-#define OCSP_REVOKED_STATUS_CACOMPROMISE            2

-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3

-#define OCSP_REVOKED_STATUS_SUPERSEDED              4

-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5

-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6

-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8

-/* CrlID ::= SEQUENCE {

- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,

- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,

- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }

- */

-typedef struct ocsp_crl_id_st

-        {

-	ASN1_IA5STRING *crlUrl;

-	ASN1_INTEGER *crlNum;

-	ASN1_GENERALIZEDTIME *crlTime;

-        } OCSP_CRLID;

-/* ServiceLocator ::= SEQUENCE {

- *      issuer    Name,

- *      locator   AuthorityInfoAccessSyntax OPTIONAL }

- */

-typedef struct ocsp_service_locator_st

-        {

-	X509_NAME* issuer;

-	STACK_OF(ACCESS_DESCRIPTION) *locator;

-        } OCSP_SERVICELOC;

-#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"

-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"

-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)

-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)

-#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \

-     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)

-#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\

-     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)

-#define PEM_write_bio_OCSP_REQUEST(bp,o) \

-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\

-			bp,(char *)o, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \

-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\

-			bp,(char *)o, NULL,NULL,0,NULL,NULL)

-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)

-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)

-#define OCSP_REQUEST_sign(o,pkey,md) \

-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\

-		o->optionalSignature->signatureAlgorithm,NULL,\

-	        o->optionalSignature->signature,o->tbsRequest,pkey,md)

-#define OCSP_BASICRESP_sign(o,pkey,md,d) \

-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\

-		o->signature,o->tbsResponseData,pkey,md)

-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\

-        a->optionalSignature->signatureAlgorithm,\

-	a->optionalSignature->signature,a->tbsRequest,r)

-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\

-	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)

-#define ASN1_BIT_STRING_digest(data,type,md,len) \

-	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)

-#define OCSP_CERTSTATUS_dup(cs)\

-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\

-		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))

-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);

-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);

-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,

-			      X509_NAME *issuerName,

-			      ASN1_BIT_STRING* issuerKey,

-			      ASN1_INTEGER *serialNumber);

-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);

-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);

-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);

-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);

-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);

-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

-int OCSP_request_sign(OCSP_REQUEST   *req,

-		      X509           *signer,

-		      EVP_PKEY       *key,

-		      const EVP_MD   *dgst,

-		      STACK_OF(X509) *certs,

-		      unsigned long flags);

-int OCSP_response_status(OCSP_RESPONSE *resp);

-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);

-int OCSP_resp_count(OCSP_BASICRESP *bs);

-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);

-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);

-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,

-				ASN1_GENERALIZEDTIME **revtime,

-				ASN1_GENERALIZEDTIME **thisupd,

-				ASN1_GENERALIZEDTIME **nextupd);

-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,

-				int *reason,

-				ASN1_GENERALIZEDTIME **revtime,

-				ASN1_GENERALIZEDTIME **thisupd,

-				ASN1_GENERALIZEDTIME **nextupd);

-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

-			ASN1_GENERALIZEDTIME *nextupd,

-			long sec, long maxsec);

-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);

-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);

-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

-int OCSP_request_onereq_count(OCSP_REQUEST *req);

-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);

-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,

-			ASN1_OCTET_STRING **pikeyHash,

-			ASN1_INTEGER **pserial, OCSP_CERTID *cid);

-int OCSP_request_is_signed(OCSP_REQUEST *req);

-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);

-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,

-						OCSP_CERTID *cid,

-						int status, int reason,

-						ASN1_TIME *revtime,

-					ASN1_TIME *thisupd, ASN1_TIME *nextupd);

-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);

-int OCSP_basic_sign(OCSP_BASICRESP *brsp,

-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,

-			STACK_OF(X509) *certs, unsigned long flags);

-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,

-				void *data, STACK_OF(ASN1_OBJECT) *sk);

-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \

-	ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)

-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);

-X509_EXTENSION *OCSP_accept_responses_new(char **oids);

-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);

-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);

-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);

-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);

-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);

-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);

-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);

-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);

-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);

-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);

-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);

-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);

-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);

-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);

-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);

-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);

-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);

-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);

-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);

-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);

-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);

-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);

-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);

-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);

-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);

-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);

-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)

-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)

-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)

-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)

-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)

-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)

-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)

-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)

-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)

-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)

-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)

-char *OCSP_response_status_str(long s);

-char *OCSP_cert_status_str(long s);

-char *OCSP_crl_reason_str(long s);

-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);

-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);

-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_OCSP_strings(void);

-/* Error codes for the OCSP functions. */

-/* Function codes. */

-#define OCSP_F_ASN1_STRING_ENCODE			 100

-#define OCSP_F_D2I_OCSP_NONCE				 102

-#define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103

-#define OCSP_F_OCSP_BASIC_SIGN				 104

-#define OCSP_F_OCSP_BASIC_VERIFY			 105

-#define OCSP_F_OCSP_CERT_ID_NEW				 101

-#define OCSP_F_OCSP_CHECK_DELEGATED			 106

-#define OCSP_F_OCSP_CHECK_IDS				 107

-#define OCSP_F_OCSP_CHECK_ISSUER			 108

-#define OCSP_F_OCSP_CHECK_VALIDITY			 115

-#define OCSP_F_OCSP_MATCH_ISSUERID			 109

-#define OCSP_F_OCSP_PARSE_URL				 114

-#define OCSP_F_OCSP_REQUEST_SIGN			 110

-#define OCSP_F_OCSP_REQUEST_VERIFY			 116

-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111

-#define OCSP_F_OCSP_SENDREQ_BIO				 112

-#define OCSP_F_REQUEST_VERIFY				 113

-/* Reason codes. */

-#define OCSP_R_BAD_DATA					 100

-#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101

-#define OCSP_R_DIGEST_ERR				 102

-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122

-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123

-#define OCSP_R_ERROR_PARSING_URL			 121

-#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103

-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124

-#define OCSP_R_NOT_BASIC_RESPONSE			 104

-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105

-#define OCSP_R_NO_CONTENT				 106

-#define OCSP_R_NO_PUBLIC_KEY				 107

-#define OCSP_R_NO_RESPONSE_DATA				 108

-#define OCSP_R_NO_REVOKED_TIME				 109

-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110

-#define OCSP_R_REQUEST_NOT_SIGNED			 128

-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111

-#define OCSP_R_ROOT_CA_NOT_TRUSTED			 112

-#define OCSP_R_SERVER_READ_ERROR			 113

-#define OCSP_R_SERVER_RESPONSE_ERROR			 114

-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115

-#define OCSP_R_SERVER_WRITE_ERROR			 116

-#define OCSP_R_SIGNATURE_FAILURE			 117

-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118

-#define OCSP_R_STATUS_EXPIRED				 125

-#define OCSP_R_STATUS_NOT_YET_VALID			 126

-#define OCSP_R_STATUS_TOO_OLD				 127

-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119

-#define OCSP_R_UNKNOWN_NID				 120

-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/opensslconf.h

+++ /dev/null

@@ -1,241 +1,0 @@

-/* opensslconf.h */

-/* OpenSSL was configured with the following options: */

-#ifndef OPENSSL_DOING_MAKEDEPEND

-/*

-#ifndef OPENSSL_NO_CAMELLIA

-# define OPENSSL_NO_CAMELLIA

-#endif

-*/

-#ifndef OPENSSL_NO_GMP

-# define OPENSSL_NO_GMP

-#endif

-#ifndef OPENSSL_NO_KRB5

-# define OPENSSL_NO_KRB5

-#endif

-/*

-#ifndef OPENSSL_NO_MDC2

-# define OPENSSL_NO_MDC2

-#endif

-*/

-/*

-#ifndef OPENSSL_NO_RC5

-# define OPENSSL_NO_RC5

-#endif

-*/

-/*

-#ifndef OPENSSL_NO_RFC3779

-# define OPENSSL_NO_RFC3779

-#endif

-*/

-/*

-#ifndef OPENSSL_NO_SEED

-# define OPENSSL_NO_SEED

-#endif

-*/

-/*

-#ifndef OPENSSL_NO_TLSEXT

-# define OPENSSL_NO_TLSEXT

-#endif

-*/

-#endif /* OPENSSL_DOING_MAKEDEPEND */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-# define OPENSSL_NO_DYNAMIC_ENGINE

-#endif

-/* The OPENSSL_NO_* macros are also defined as NO_* if the application

-   asks for it.  This is a transient feature that is provided for those

-   who haven't had the time to do the appropriate changes in their

-   applications.  */

-#ifdef OPENSSL_ALGORITHM_DEFINES

-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)

-#  define NO_CAMELLIA

-# endif

-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)

-#  define NO_GMP

-# endif

-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)

-#  define NO_KRB5

-# endif

-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)

-#  define NO_MDC2

-# endif

-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)

-#  define NO_RC5

-# endif

-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)

-#  define NO_RFC3779

-# endif

-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)

-#  define NO_SEED

-# endif

-# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT)

-#  define NO_TLSEXT

-# endif

-#endif

-/* crypto/opensslconf.h.in */

-/* Generate 80386 code? */

-#if defined(PLAN9) && defined(T386)

-#define I386_ONLY

-#endif

-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */

-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)

-#define ENGINESDIR "/sys/lib/ssl/engines"

-#define OPENSSLDIR "/sys/lib/ssl"

-#endif

-#endif

-#undef OPENSSL_UNISTD

-#define OPENSSL_UNISTD <unistd.h>

-#define OPENSSL_EXPORT_VAR_AS_FUNCTION

-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)

-#define IDEA_INT unsigned int

-#endif

-#if defined(HEADER_MD2_H) && !defined(MD2_INT)

-#define MD2_INT unsigned int

-#endif

-#if defined(HEADER_RC2_H) && !defined(RC2_INT)

-/* I need to put in a mod for the alpha - eay */

-#define RC2_INT unsigned int

-#endif

-#if defined(HEADER_RC4_H)

-#if !defined(RC4_INT)

-/* using int types make the structure larger but make the code faster

- * on most boxes I have tested - up to %20 faster. */

-/*

- * I don't know what does "most" mean, but declaring "int" is a must on:

- * - Intel P6 because partial register stalls are very expensive;

- * - elder Alpha because it lacks byte load/store instructions;

- */

-#define RC4_INT unsigned int

-#endif

-#if !defined(RC4_CHUNK)

-/*

- * This enables code handling data aligned at natural CPU word

- * boundary. See crypto/rc4/rc4_enc.c for further details.

- */

-#undef RC4_CHUNK

-#endif

-#endif

-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

- * %20 speed up (longs are 8 bytes, int's are 4). */

-#ifndef DES_LONG

-#define DES_LONG unsigned long

-#endif

-#endif

-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

-#define CONFIG_HEADER_BN_H

-#undef BN_LLONG

-/* Should we define BN_DIV2W here? */

-/* Only one for the following should be defined */

-/* The prime number generation stuff may not work when

- * EIGHT_BIT but I don't care since I've only used this mode

- * for debuging the bignum libraries */

-#undef SIXTY_FOUR_BIT_LONG

-#undef SIXTY_FOUR_BIT

-#define THIRTY_TWO_BIT

-#undef SIXTEEN_BIT

-#undef EIGHT_BIT

-#endif

-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)

-#define CONFIG_HEADER_RC4_LOCL_H

-/* if this is defined data[i] is used instead of *data, this is a %20

- * speedup on x86 */

-#undef RC4_INDEX

-#endif

-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)

-#define CONFIG_HEADER_BF_LOCL_H

-#undef BF_PTR

-#endif /* HEADER_BF_LOCL_H */

-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)

-#define CONFIG_HEADER_DES_LOCL_H

-#ifndef DES_DEFAULT_OPTIONS

-/* the following is tweaked from a config script, that is why it is a

- * protected undef/define */

-#ifndef DES_PTR

-#undef DES_PTR

-#endif

-/* This helps C compiler generate the correct code for multiple functional

- * units.  It reduces register dependancies at the expense of 2 more

- * registers */

-#ifndef DES_RISC1

-#undef DES_RISC1

-#endif

-#ifndef DES_RISC2

-#undef DES_RISC2

-#endif

-#if defined(DES_RISC1) && defined(DES_RISC2)

-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!

-#endif

-/* Unroll the inner loop, this sometimes helps, sometimes hinders.

- * Very mucy CPU dependant */

-#ifndef DES_UNROLL

-#undef DES_UNROLL

-#endif

-/* These default values were supplied by

- * Peter Gutman <[email protected]>

- * They are only used if nothing else has been defined */

-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)

-/* Special defines which change the way the code is built depending on the

-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find

-   even newer MIPS CPU's, but at the moment one size fits all for

-   optimization options.  Older Sparc's work better with only UNROLL, but

-   there's no way to tell at compile time what it is you're running on */

-#if defined( sun )		/* Newer Sparc's */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#elif defined( __ultrix )	/* Older MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined( __osf1__ )	/* Alpha */

-#  define DES_PTR

-#  define DES_RISC2

-#elif defined ( _AIX )		/* RS6000 */

-  /* Unknown */

-#elif defined( __hpux )		/* HP-PA */

-  /* Unknown */

-#elif defined( __aux )		/* 68K */

-  /* Unknown */

-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */

-#  define DES_UNROLL

-#elif defined( __sgi )		/* Newer MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#endif /* Systems-specific speed defines */

-#endif

-#endif /* DES_DEFAULT_OPTIONS */

-#endif /* HEADER_DES_LOCL_H */

--- a/sys/include/ape/openssl/opensslconf.h.in

+++ /dev/null

@@ -1,159 +1,0 @@

-/* crypto/opensslconf.h.in */

-/* Generate 80386 code? */

-#undef I386_ONLY

-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */

-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)

-#define ENGINESDIR "/usr/local/lib/engines"

-#define OPENSSLDIR "/usr/local/ssl"

-#endif

-#endif

-#undef OPENSSL_UNISTD

-#define OPENSSL_UNISTD <unistd.h>

-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)

-#define IDEA_INT unsigned int

-#endif

-#if defined(HEADER_MD2_H) && !defined(MD2_INT)

-#define MD2_INT unsigned int

-#endif

-#if defined(HEADER_RC2_H) && !defined(RC2_INT)

-/* I need to put in a mod for the alpha - eay */

-#define RC2_INT unsigned int

-#endif

-#if defined(HEADER_RC4_H)

-#if !defined(RC4_INT)

-/* using int types make the structure larger but make the code faster

- * on most boxes I have tested - up to %20 faster. */

-/*

- * I don't know what does "most" mean, but declaring "int" is a must on:

- * - Intel P6 because partial register stalls are very expensive;

- * - elder Alpha because it lacks byte load/store instructions;

- */

-#define RC4_INT unsigned int

-#endif

-#if !defined(RC4_CHUNK)

-/*

- * This enables code handling data aligned at natural CPU word

- * boundary. See crypto/rc4/rc4_enc.c for further details.

- */

-#undef RC4_CHUNK

-#endif

-#endif

-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

- * %20 speed up (longs are 8 bytes, int's are 4). */

-#ifndef DES_LONG

-#define DES_LONG unsigned long

-#endif

-#endif

-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

-#define CONFIG_HEADER_BN_H

-#undef BN_LLONG

-/* Should we define BN_DIV2W here? */

-/* Only one for the following should be defined */

-/* The prime number generation stuff may not work when

- * EIGHT_BIT but I don't care since I've only used this mode

- * for debuging the bignum libraries */

-#undef SIXTY_FOUR_BIT_LONG

-#undef SIXTY_FOUR_BIT

-#define THIRTY_TWO_BIT

-#undef SIXTEEN_BIT

-#undef EIGHT_BIT

-#endif

-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)

-#define CONFIG_HEADER_RC4_LOCL_H

-/* if this is defined data[i] is used instead of *data, this is a %20

- * speedup on x86 */

-#undef RC4_INDEX

-#endif

-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)

-#define CONFIG_HEADER_BF_LOCL_H

-#undef BF_PTR

-#endif /* HEADER_BF_LOCL_H */

-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)

-#define CONFIG_HEADER_DES_LOCL_H

-#ifndef DES_DEFAULT_OPTIONS

-/* the following is tweaked from a config script, that is why it is a

- * protected undef/define */

-#ifndef DES_PTR

-#undef DES_PTR

-#endif

-/* This helps C compiler generate the correct code for multiple functional

- * units.  It reduces register dependancies at the expense of 2 more

- * registers */

-#ifndef DES_RISC1

-#undef DES_RISC1

-#endif

-#ifndef DES_RISC2

-#undef DES_RISC2

-#endif

-#if defined(DES_RISC1) && defined(DES_RISC2)

-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!

-#endif

-/* Unroll the inner loop, this sometimes helps, sometimes hinders.

- * Very mucy CPU dependant */

-#ifndef DES_UNROLL

-#undef DES_UNROLL

-#endif

-/* These default values were supplied by

- * Peter Gutman <[email protected]>

- * They are only used if nothing else has been defined */

-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)

-/* Special defines which change the way the code is built depending on the

-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find

-   even newer MIPS CPU's, but at the moment one size fits all for

-   optimization options.  Older Sparc's work better with only UNROLL, but

-   there's no way to tell at compile time what it is you're running on */

-#if defined( sun )		/* Newer Sparc's */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#elif defined( __ultrix )	/* Older MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined( __osf1__ )	/* Alpha */

-#  define DES_PTR

-#  define DES_RISC2

-#elif defined ( _AIX )		/* RS6000 */

-  /* Unknown */

-#elif defined( __hpux )		/* HP-PA */

-  /* Unknown */

-#elif defined( __aux )		/* 68K */

-  /* Unknown */

-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */

-#  define DES_UNROLL

-#elif defined( __sgi )		/* Newer MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#endif /* Systems-specific speed defines */

-#endif

-#endif /* DES_DEFAULT_OPTIONS */

-#endif /* HEADER_DES_LOCL_H */

--- a/sys/include/ape/openssl/opensslv.h

+++ /dev/null

@@ -1,89 +1,0 @@

-#ifndef HEADER_OPENSSLV_H

-#define HEADER_OPENSSLV_H

-/* Numeric release version identifier:

- * MNNFFPPS: major minor fix patch status

- * The status nibble has one of the values 0 for development, 1 to e for betas

- * 1 to 14, and f for release.  The patch level is exactly that.

- * For example:

- * 0.9.3-dev	  0x00903000

- * 0.9.3-beta1	  0x00903001

- * 0.9.3-beta2-dev 0x00903002

- * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)

- * 0.9.3	  0x0090300f

- * 0.9.3a	  0x0090301f

- * 0.9.4	  0x0090400f

- * 1.2.3z	  0x102031af

- *

- * For continuity reasons (because 0.9.5 is already out, and is coded

- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level

- * part is slightly different, by setting the highest bit.  This means

- * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start

- * with 0x0090600S...

- *

- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)

- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for

- *  major minor fix final patch/beta)

- */

-#define OPENSSL_VERSION_NUMBER	0x0090807fL

-#ifdef OPENSSL_FIPS

-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8g-fips 19 Oct 2007"

-#else

-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8g 19 Oct 2007"

-#endif

-#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

-/* The macros below are to be used for shared library (.so, .dll, ...)

- * versioning.  That kind of versioning works a bit differently between

- * operating systems.  The most usual scheme is to set a major and a minor

- * number, and have the runtime loader check that the major number is equal

- * to what it was at application link time, while the minor number has to

- * be greater or equal to what it was at application link time.  With this

- * scheme, the version number is usually part of the file name, like this:

- *

- *	libcrypto.so.0.9

- *

- * Some unixen also make a softlink with the major verson number only:

- *

- *	libcrypto.so.0

- *

- * On Tru64 and IRIX 6.x it works a little bit differently.  There, the

- * shared library version is stored in the file, and is actually a series

- * of versions, separated by colons.  The rightmost version present in the

- * library when linking an application is stored in the application to be

- * matched at run time.  When the application is run, a check is done to

- * see if the library version stored in the application matches any of the

- * versions in the version string of the library itself.

- * This version string can be constructed in any way, depending on what

- * kind of matching is desired.  However, to implement the same scheme as

- * the one used in the other unixen, all compatible versions, from lowest

- * to highest, should be part of the string.  Consecutive builds would

- * give the following versions strings:

- *

- *	3.0

- *	3.0:3.1

- *	3.0:3.1:3.2

- *	4.0

- *	4.0:4.1

- *

- * Notice how version 4 is completely incompatible with version, and

- * therefore give the breach you can see.

- *

- * There may be other schemes as well that I haven't yet discovered.

- *

- * So, here's the way it works here: first of all, the library version

- * number doesn't need at all to match the overall OpenSSL version.

- * However, it's nice and more understandable if it actually does.

- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,

- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).

- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,

- * we need to keep a history of version numbers, which is done in the

- * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and

- * should only keep the versions that are binary compatible with the current.

- */

-#define SHLIB_VERSION_HISTORY ""

-#define SHLIB_VERSION_NUMBER "0.9.8"

-#endif /* HEADER_OPENSSLV_H */

--- a/sys/include/ape/openssl/ossl_typ.h

+++ /dev/null

@@ -1,174 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_OPENSSL_TYPES_H

-#define HEADER_OPENSSL_TYPES_H

-#include <openssl/e_os2.h>

-#ifdef NO_ASN1_TYPEDEFS

-#define ASN1_INTEGER		ASN1_STRING

-#define ASN1_ENUMERATED		ASN1_STRING

-#define ASN1_BIT_STRING		ASN1_STRING

-#define ASN1_OCTET_STRING	ASN1_STRING

-#define ASN1_PRINTABLESTRING	ASN1_STRING

-#define ASN1_T61STRING		ASN1_STRING

-#define ASN1_IA5STRING		ASN1_STRING

-#define ASN1_UTCTIME		ASN1_STRING

-#define ASN1_GENERALIZEDTIME	ASN1_STRING

-#define ASN1_TIME		ASN1_STRING

-#define ASN1_GENERALSTRING	ASN1_STRING

-#define ASN1_UNIVERSALSTRING	ASN1_STRING

-#define ASN1_BMPSTRING		ASN1_STRING

-#define ASN1_VISIBLESTRING	ASN1_STRING

-#define ASN1_UTF8STRING		ASN1_STRING

-#define ASN1_BOOLEAN		int

-#define ASN1_NULL		int

-#else

-typedef struct asn1_string_st ASN1_INTEGER;

-typedef struct asn1_string_st ASN1_ENUMERATED;

-typedef struct asn1_string_st ASN1_BIT_STRING;

-typedef struct asn1_string_st ASN1_OCTET_STRING;

-typedef struct asn1_string_st ASN1_PRINTABLESTRING;

-typedef struct asn1_string_st ASN1_T61STRING;

-typedef struct asn1_string_st ASN1_IA5STRING;

-typedef struct asn1_string_st ASN1_GENERALSTRING;

-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;

-typedef struct asn1_string_st ASN1_BMPSTRING;

-typedef struct asn1_string_st ASN1_UTCTIME;

-typedef struct asn1_string_st ASN1_TIME;

-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;

-typedef struct asn1_string_st ASN1_VISIBLESTRING;

-typedef struct asn1_string_st ASN1_UTF8STRING;

-typedef int ASN1_BOOLEAN;

-typedef int ASN1_NULL;

-#endif

-#ifdef OPENSSL_SYS_WIN32

-#undef X509_NAME

-#undef X509_CERT_PAIR

-#undef PKCS7_ISSUER_AND_SERIAL

-#endif

-#ifdef BIGNUM

-#undef BIGNUM

-#endif

-typedef struct bignum_st BIGNUM;

-typedef struct bignum_ctx BN_CTX;

-typedef struct bn_blinding_st BN_BLINDING;

-typedef struct bn_mont_ctx_st BN_MONT_CTX;

-typedef struct bn_recp_ctx_st BN_RECP_CTX;

-typedef struct bn_gencb_st BN_GENCB;

-typedef struct buf_mem_st BUF_MEM;

-typedef struct evp_cipher_st EVP_CIPHER;

-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;

-typedef struct env_md_st EVP_MD;

-typedef struct env_md_ctx_st EVP_MD_CTX;

-typedef struct evp_pkey_st EVP_PKEY;

-typedef struct dh_st DH;

-typedef struct dh_method DH_METHOD;

-typedef struct dsa_st DSA;

-typedef struct dsa_method DSA_METHOD;

-typedef struct rsa_st RSA;

-typedef struct rsa_meth_st RSA_METHOD;

-typedef struct rand_meth_st RAND_METHOD;

-typedef struct ecdh_method ECDH_METHOD;

-typedef struct ecdsa_method ECDSA_METHOD;

-typedef struct x509_st X509;

-typedef struct X509_algor_st X509_ALGOR;

-typedef struct X509_crl_st X509_CRL;

-typedef struct X509_name_st X509_NAME;

-typedef struct x509_store_st X509_STORE;

-typedef struct x509_store_ctx_st X509_STORE_CTX;

-typedef struct v3_ext_ctx X509V3_CTX;

-typedef struct conf_st CONF;

-typedef struct store_st STORE;

-typedef struct store_method_st STORE_METHOD;

-typedef struct ui_st UI;

-typedef struct ui_method_st UI_METHOD;

-typedef struct st_ERR_FNS ERR_FNS;

-typedef struct engine_st ENGINE;

-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;

-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;

-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;

-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;

-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */

-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */

-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */

-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;

-/* Callback types for crypto.h */

-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,

-					int idx, long argl, void *argp);

-#endif /* def HEADER_OPENSSL_TYPES_H */

--- a/sys/include/ape/openssl/pem.h

+++ /dev/null

@@ -1,776 +1,0 @@

-/* crypto/pem/pem.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_PEM_H

-#define HEADER_PEM_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifndef OPENSSL_NO_STACK

-#include <openssl/stack.h>

-#endif

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem2.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define PEM_BUFSIZE		1024

-#define PEM_OBJ_UNDEF		0

-#define PEM_OBJ_X509		1

-#define PEM_OBJ_X509_REQ	2

-#define PEM_OBJ_CRL		3

-#define PEM_OBJ_SSL_SESSION	4

-#define PEM_OBJ_PRIV_KEY	10

-#define PEM_OBJ_PRIV_RSA	11

-#define PEM_OBJ_PRIV_DSA	12

-#define PEM_OBJ_PRIV_DH		13

-#define PEM_OBJ_PUB_RSA		14

-#define PEM_OBJ_PUB_DSA		15

-#define PEM_OBJ_PUB_DH		16

-#define PEM_OBJ_DHPARAMS	17

-#define PEM_OBJ_DSAPARAMS	18

-#define PEM_OBJ_PRIV_RSA_PUBLIC	19

-#define PEM_OBJ_PRIV_ECDSA	20

-#define PEM_OBJ_PUB_ECDSA	21

-#define PEM_OBJ_ECPARAMETERS	22

-#define PEM_ERROR		30

-#define PEM_DEK_DES_CBC         40

-#define PEM_DEK_IDEA_CBC        45

-#define PEM_DEK_DES_EDE         50

-#define PEM_DEK_DES_ECB         60

-#define PEM_DEK_RSA             70

-#define PEM_DEK_RSA_MD2         80

-#define PEM_DEK_RSA_MD5         90

-#define PEM_MD_MD2		NID_md2

-#define PEM_MD_MD5		NID_md5

-#define PEM_MD_SHA		NID_sha

-#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption

-#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption

-#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption

-#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"

-#define PEM_STRING_X509		"CERTIFICATE"

-#define PEM_STRING_X509_PAIR	"CERTIFICATE PAIR"

-#define PEM_STRING_X509_TRUSTED	"TRUSTED CERTIFICATE"

-#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"

-#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"

-#define PEM_STRING_X509_CRL	"X509 CRL"

-#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"

-#define PEM_STRING_PUBLIC	"PUBLIC KEY"

-#define PEM_STRING_RSA		"RSA PRIVATE KEY"

-#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"

-#define PEM_STRING_DSA		"DSA PRIVATE KEY"

-#define PEM_STRING_DSA_PUBLIC	"DSA PUBLIC KEY"

-#define PEM_STRING_PKCS7	"PKCS7"

-#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"

-#define PEM_STRING_PKCS8INF	"PRIVATE KEY"

-#define PEM_STRING_DHPARAMS	"DH PARAMETERS"

-#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"

-#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"

-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"

-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"

-#define PEM_STRING_ECPRIVATEKEY	"EC PRIVATE KEY"

-  /* Note that this structure is initialised by PEM_SealInit and cleaned up

-     by PEM_SealFinal (at least for now) */

-typedef struct PEM_Encode_Seal_st

-	{

-	EVP_ENCODE_CTX encode;

-	EVP_MD_CTX md;

-	EVP_CIPHER_CTX cipher;

-	} PEM_ENCODE_SEAL_CTX;

-/* enc_type is one off */

-#define PEM_TYPE_ENCRYPTED      10

-#define PEM_TYPE_MIC_ONLY       20

-#define PEM_TYPE_MIC_CLEAR      30

-#define PEM_TYPE_CLEAR		40

-typedef struct pem_recip_st

-	{

-	char *name;

-	X509_NAME *dn;

-	int cipher;

-	int key_enc;

-	/*	char iv[8]; unused and wrong size */

-	} PEM_USER;

-typedef struct pem_ctx_st

-	{

-	int type;		/* what type of object */

-	struct	{

-		int version;

-		int mode;

-		} proc_type;

-	char *domain;

-	struct	{

-		int cipher;

-	/* unused, and wrong size

-	   unsigned char iv[8]; */

-		} DEK_info;

-	PEM_USER *originator;

-	int num_recipient;

-	PEM_USER **recipient;

-#ifndef OPENSSL_NO_STACK

-	STACK *x509_chain;	/* certificate chain */

-#else

-	char *x509_chain;	/* certificate chain */

-#endif

-	EVP_MD *md;		/* signature type */

-	int md_enc;		/* is the md encrypted or not? */

-	int md_len;		/* length of md_data */

-	char *md_data;		/* message digest, could be pkey encrypted */

-	EVP_CIPHER *dec;	/* date encryption cipher */

-	int key_len;		/* key length */

-	unsigned char *key;	/* key */

-	/* unused, and wrong size

-	   unsigned char iv[8]; */

-	int  data_enc;		/* is the data encrypted */

-	int data_len;

-	unsigned char *data;

-	} PEM_CTX;

-/* These macros make the PEM_read/PEM_write functions easier to maintain and

- * write. Now they are all implemented with either:

- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)

- */

-#ifdef OPENSSL_NO_FP_API

-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/

-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/

-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/

-#else

-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \

-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\

-{ \

-    return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \

-				str, fp, \

-				CHECKED_PPTR_OF(type, x), \

-				cb, u); \

-}

-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, type *x) \

-{ \

-    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \

-			  str, fp, \

-			  CHECKED_PTR_OF(type, x), \

-			  NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, const type *x) \

-{ \

-    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \

-			  str, fp, \

-			  CHECKED_PTR_OF(const type, x), \

-			  NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, \

-		  void *u) \

-	{ \

-	    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \

-				  str, fp, \

-				  CHECKED_PTR_OF(type, x), \

-				  enc, kstr, klen, cb, u); \

-	}

-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, \

-		  void *u) \

-	{ \

-	    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \

-				  str, fp, \

-				  CHECKED_PTR_OF(const type, x), \

-				  enc, kstr, klen, cb, u); \

-	}

-#endif

-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \

-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\

-{ \

-    return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \

-				    str, bp, \

-				    CHECKED_PPTR_OF(type, x), \

-				    cb, u); \

-}

-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, type *x) \

-{ \

-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \

-			      str, bp, \

-			      CHECKED_PTR_OF(type, x), \

-			      NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, const type *x) \

-{ \

-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \

-			      str, bp, \

-			      CHECKED_PTR_OF(const type, x), \

-			      NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \

-	{ \

-	    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \

-				      str, bp, \

-				      CHECKED_PTR_OF(type, x), \

-				      enc, kstr, klen, cb, u); \

-	}

-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \

-	{ \

-	    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \

-				      str, bp, \

-				      CHECKED_PTR_OF(const type, x), \

-				      enc, kstr, klen, cb, u); \

-	}

-#define IMPLEMENT_PEM_write(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_fp(name, type, str, asn1)

-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)

-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)

-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)

-#define IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \

-	IMPLEMENT_PEM_read_fp(name, type, str, asn1)

-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \

-	IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_write(name, type, str, asn1)

-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_const(name, type, str, asn1)

-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \

-	IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb(name, type, str, asn1)

-/* These are the same except they are for the declarations */

-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)

-#define DECLARE_PEM_read_fp(name, type) /**/

-#define DECLARE_PEM_write_fp(name, type) /**/

-#define DECLARE_PEM_write_cb_fp(name, type) /**/

-#else

-#define DECLARE_PEM_read_fp(name, type) \

-	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);

-#define DECLARE_PEM_write_fp(name, type) \

-	int PEM_write_##name(FILE *fp, type *x);

-#define DECLARE_PEM_write_fp_const(name, type) \

-	int PEM_write_##name(FILE *fp, const type *x);

-#define DECLARE_PEM_write_cb_fp(name, type) \

-	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);

-#endif

-#ifndef OPENSSL_NO_BIO

-#define DECLARE_PEM_read_bio(name, type) \

-	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);

-#define DECLARE_PEM_write_bio(name, type) \

-	int PEM_write_bio_##name(BIO *bp, type *x);

-#define DECLARE_PEM_write_bio_const(name, type) \

-	int PEM_write_bio_##name(BIO *bp, const type *x);

-#define DECLARE_PEM_write_cb_bio(name, type) \

-	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);

-#else

-#define DECLARE_PEM_read_bio(name, type) /**/

-#define DECLARE_PEM_write_bio(name, type) /**/

-#define DECLARE_PEM_write_cb_bio(name, type) /**/

-#endif

-#define DECLARE_PEM_write(name, type) \

-	DECLARE_PEM_write_bio(name, type) \

-	DECLARE_PEM_write_fp(name, type)

-#define DECLARE_PEM_write_const(name, type) \

-	DECLARE_PEM_write_bio_const(name, type) \

-	DECLARE_PEM_write_fp_const(name, type)

-#define DECLARE_PEM_write_cb(name, type) \

-	DECLARE_PEM_write_cb_bio(name, type) \

-	DECLARE_PEM_write_cb_fp(name, type)

-#define DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_read_bio(name, type) \

-	DECLARE_PEM_read_fp(name, type)

-#define DECLARE_PEM_rw(name, type) \

-	DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_write(name, type)

-#define DECLARE_PEM_rw_const(name, type) \

-	DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_write_const(name, type)

-#define DECLARE_PEM_rw_cb(name, type) \

-	DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_write_cb(name, type)

-#ifdef SSLEAY_MACROS

-#define PEM_write_SSL_SESSION(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \

-			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_X509(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \

-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \

-			NULL,NULL,0,NULL,NULL)

-#define PEM_write_X509_CRL(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \

-			fp,(char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\

-			(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_RSAPublicKey(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\

-			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\

-			(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write((int (*)())i2d_PrivateKey,\

-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define PEM_write_PKCS7(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_DHparams(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\

-			(char *)x,NULL,NULL,0,NULL,NULL)

-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \

-                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \

-			PEM_STRING_X509,fp, \

-                        (char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \

-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)

-#define	PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \

-	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)

-#define	PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \

-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)

-#define	PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \

-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)

-#define	PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \

-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)

-#define	PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \

-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)

-#define	PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \

-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)

-#define	PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \

-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)

-#define	PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \

-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)

-#define	PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \

-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)

-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \

-		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \

-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\

-							(char **)x,cb,u)

-#define PEM_write_bio_X509(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \

-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \

-			NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_X509_CRL(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\

-			bp,(char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_bio_RSAPublicKey(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \

-			PEM_STRING_RSA_PUBLIC,\

-			bp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\

-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define PEM_write_bio_PKCS7(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_DHparams(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\

-			bp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_DSAparams(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \

-			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \

-                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \

-			PEM_STRING_X509,bp, \

-                        (char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)

-#define	PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)

-#define	PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)

-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)

-#define	PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)

-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)

-#define	PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)

-#define	PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)

-#define	PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)

-#define	PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)

-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \

-		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \

-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\

-							(char **)x,cb,u)

-#endif

-#if 1

-/* "userdata": new with OpenSSL 0.9.4 */

-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);

-#else

-/* OpenSSL 0.9.3, 0.9.3a */

-typedef int pem_password_cb(char *buf, int size, int rwflag);

-#endif

-int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);

-int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,

-	pem_password_cb *callback,void *u);

-#ifndef OPENSSL_NO_BIO

-int	PEM_read_bio(BIO *bp, char **name, char **header,

-		unsigned char **data,long *len);

-int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,

-		long len);

-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,

-	     pem_password_cb *cb, void *u);

-void *	PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,

-			  void **x, pem_password_cb *cb, void *u);

-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \

-    ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \

-			      name, bp,			\

-			      CHECKED_PPTR_OF(type, x), \

-			      cb, u))

-int	PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,

-			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,

-			   pem_password_cb *cb, void *u);

-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \

-    (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \

-			name, bp,		   \

-			CHECKED_PTR_OF(type, x), \

-			enc, kstr, klen, cb, u))

-STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);

-int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,

-		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);

-#endif

-#ifndef OPENSSL_SYS_WIN16

-int	PEM_read(FILE *fp, char **name, char **header,

-		unsigned char **data,long *len);

-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);

-void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,

-		      pem_password_cb *cb, void *u);

-int	PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,

-		       char *x,const EVP_CIPHER *enc,unsigned char *kstr,

-		       int klen,pem_password_cb *callback, void *u);

-STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,

-	pem_password_cb *cb, void *u);

-#endif

-int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,

-		EVP_MD *md_type, unsigned char **ek, int *ekl,

-		unsigned char *iv, EVP_PKEY **pubk, int npubk);

-void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,

-		unsigned char *in, int inl);

-int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,

-		unsigned char *out, int *outl, EVP_PKEY *priv);

-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);

-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);

-int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,

-		unsigned int *siglen, EVP_PKEY *pkey);

-int	PEM_def_callback(char *buf, int num, int w, void *key);

-void	PEM_proc_type(char *buf, int type);

-void	PEM_dek_info(char *buf, const char *type, int len, char *str);

-#ifndef SSLEAY_MACROS

-#include <openssl/symhacks.h>

-DECLARE_PEM_rw(X509, X509)

-DECLARE_PEM_rw(X509_AUX, X509)

-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)

-DECLARE_PEM_rw(X509_REQ, X509_REQ)

-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)

-DECLARE_PEM_rw(X509_CRL, X509_CRL)

-DECLARE_PEM_rw(PKCS7, PKCS7)

-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)

-DECLARE_PEM_rw(PKCS8, X509_SIG)

-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)

-#ifndef OPENSSL_NO_RSA

-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)

-DECLARE_PEM_rw_const(RSAPublicKey, RSA)

-DECLARE_PEM_rw(RSA_PUBKEY, RSA)

-#endif

-#ifndef OPENSSL_NO_DSA

-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)

-DECLARE_PEM_rw(DSA_PUBKEY, DSA)

-DECLARE_PEM_rw_const(DSAparams, DSA)

-#endif

-#ifndef OPENSSL_NO_EC

-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)

-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)

-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)

-#endif

-#ifndef OPENSSL_NO_DH

-DECLARE_PEM_rw_const(DHparams, DH)

-#endif

-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)

-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)

-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,

-                                  char *, int, pem_password_cb *, void *);

-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);

-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);

-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,

-			      char *kstr,int klen, pem_password_cb *cd, void *u);

-#endif /* SSLEAY_MACROS */

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_PEM_strings(void);

-/* Error codes for the PEM functions. */

-/* Function codes. */

-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO			 120

-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP			 121

-#define PEM_F_DO_PK8PKEY				 126

-#define PEM_F_DO_PK8PKEY_FP				 125

-#define PEM_F_LOAD_IV					 101

-#define PEM_F_PEM_ASN1_READ				 102

-#define PEM_F_PEM_ASN1_READ_BIO				 103

-#define PEM_F_PEM_ASN1_WRITE				 104

-#define PEM_F_PEM_ASN1_WRITE_BIO			 105

-#define PEM_F_PEM_DEF_CALLBACK				 100

-#define PEM_F_PEM_DO_HEADER				 106

-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118

-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107

-#define PEM_F_PEM_PK8PKEY				 119

-#define PEM_F_PEM_READ					 108

-#define PEM_F_PEM_READ_BIO				 109

-#define PEM_F_PEM_READ_BIO_PRIVATEKEY			 123

-#define PEM_F_PEM_READ_PRIVATEKEY			 124

-#define PEM_F_PEM_SEALFINAL				 110

-#define PEM_F_PEM_SEALINIT				 111

-#define PEM_F_PEM_SIGNFINAL				 112

-#define PEM_F_PEM_WRITE					 113

-#define PEM_F_PEM_WRITE_BIO				 114

-#define PEM_F_PEM_X509_INFO_READ			 115

-#define PEM_F_PEM_X509_INFO_READ_BIO			 116

-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117

-/* Reason codes. */

-#define PEM_R_BAD_BASE64_DECODE				 100

-#define PEM_R_BAD_DECRYPT				 101

-#define PEM_R_BAD_END_LINE				 102

-#define PEM_R_BAD_IV_CHARS				 103

-#define PEM_R_BAD_PASSWORD_READ				 104

-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115

-#define PEM_R_NOT_DEK_INFO				 105

-#define PEM_R_NOT_ENCRYPTED				 106

-#define PEM_R_NOT_PROC_TYPE				 107

-#define PEM_R_NO_START_LINE				 108

-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109

-#define PEM_R_PUBLIC_KEY_NO_RSA				 110

-#define PEM_R_READ_KEY					 111

-#define PEM_R_SHORT_HEADER				 112

-#define PEM_R_UNSUPPORTED_CIPHER			 113

-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/pem2.h

+++ /dev/null

@@ -1,70 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

- * This header only exists to break a circular dependency between pem and err

- * Ben 30 Jan 1999.

- */

-#ifdef __cplusplus

-extern "C" {

-#endif

-#ifndef HEADER_PEM_H

-void ERR_load_PEM_strings(void);

-#endif

-#ifdef __cplusplus

-}

-#endif

--- a/sys/include/ape/openssl/pkcs12.h

+++ /dev/null

@@ -1,333 +1,0 @@

-/* pkcs12.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_PKCS12_H

-#define HEADER_PKCS12_H

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#ifdef __cplusplus

-extern "C" {

-#endif

-#define PKCS12_KEY_ID	1

-#define PKCS12_IV_ID	2

-#define PKCS12_MAC_ID	3

-/* Default iteration count */

-#ifndef PKCS12_DEFAULT_ITER

-#define PKCS12_DEFAULT_ITER	PKCS5_DEFAULT_ITER

-#endif

-#define PKCS12_MAC_KEY_LENGTH 20

-#define PKCS12_SALT_LEN	8

-/* Uncomment out next line for unicode password and names, otherwise ASCII */

-/*#define PBE_UNICODE*/

-#ifdef PBE_UNICODE

-#define PKCS12_key_gen PKCS12_key_gen_uni

-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni

-#else

-#define PKCS12_key_gen PKCS12_key_gen_asc

-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc

-#endif

-/* MS key usage constants */

-#define KEY_EX	0x10

-#define KEY_SIG 0x80

-typedef struct {

-X509_SIG *dinfo;

-ASN1_OCTET_STRING *salt;

-ASN1_INTEGER *iter;	/* defaults to 1 */

-} PKCS12_MAC_DATA;

-typedef struct {

-ASN1_INTEGER *version;

-PKCS12_MAC_DATA *mac;

-PKCS7 *authsafes;

-} PKCS12;

-PREDECLARE_STACK_OF(PKCS12_SAFEBAG)

-typedef struct {

-ASN1_OBJECT *type;

-union {

-	struct pkcs12_bag_st *bag; /* secret, crl and certbag */

-	struct pkcs8_priv_key_info_st	*keybag; /* keybag */

-	X509_SIG *shkeybag; /* shrouded key bag */

-	STACK_OF(PKCS12_SAFEBAG) *safes;

-	ASN1_TYPE *other;

-}value;

-STACK_OF(X509_ATTRIBUTE) *attrib;

-} PKCS12_SAFEBAG;

-DECLARE_STACK_OF(PKCS12_SAFEBAG)

-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)

-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)

-typedef struct pkcs12_bag_st {

-ASN1_OBJECT *type;

-union {

-	ASN1_OCTET_STRING *x509cert;

-	ASN1_OCTET_STRING *x509crl;

-	ASN1_OCTET_STRING *octet;

-	ASN1_IA5STRING *sdsicert;

-	ASN1_TYPE *other; /* Secret or other bag */

-}value;

-} PKCS12_BAGS;

-#define PKCS12_ERROR	0

-#define PKCS12_OK	1

-/* Compatibility macros */

-#define M_PKCS12_x5092certbag PKCS12_x5092certbag

-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag

-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509

-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl

-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data

-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes

-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes

-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata

-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey

-#define M_PKCS8_decrypt PKCS8_decrypt

-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)

-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)

-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type

-#define PKCS12_get_attr(bag, attr_nid) \

-			 PKCS12_get_attr_gen(bag->attrib, attr_nid)

-#define PKCS8_get_attr(p8, attr_nid) \

-		PKCS12_get_attr_gen(p8->attributes, attr_nid)

-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)

-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);

-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);

-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);

-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);

-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,

-	     int nid2);

-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);

-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);

-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,

-								int passlen);

-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,

-			const char *pass, int passlen,

-			unsigned char *salt, int saltlen, int iter,

-			PKCS8_PRIV_KEY_INFO *p8);

-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,

-				     int passlen, unsigned char *salt,

-				     int saltlen, int iter,

-				     PKCS8_PRIV_KEY_INFO *p8);

-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);

-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);

-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

-			     unsigned char *salt, int saltlen, int iter,

-			     STACK_OF(PKCS12_SAFEBAG) *bags);

-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);

-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);

-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);

-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);

-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,

-				int namelen);

-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,

-				int namelen);

-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,

-				int namelen);

-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);

-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);

-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);

-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,

-				int passlen, unsigned char *in, int inlen,

-				unsigned char **data, int *datalen, int en_de);

-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,

-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);

-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,

-				       const char *pass, int passlen,

-				       void *obj, int zbuf);

-PKCS12 *PKCS12_init(int mode);

-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

-		       int saltlen, int id, int iter, int n,

-		       unsigned char *out, const EVP_MD *md_type);

-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);

-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,

-			 int en_de);

-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,

-			 unsigned char *mac, unsigned int *maclen);

-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);

-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,

-		   unsigned char *salt, int saltlen, int iter,

-		   const EVP_MD *md_type);

-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,

-					 int saltlen, const EVP_MD *md_type);

-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);

-char *uni2asc(unsigned char *uni, int unilen);

-DECLARE_ASN1_FUNCTIONS(PKCS12)

-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)

-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)

-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)

-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)

-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)

-void PKCS12_PBE_add(void);

-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,

-		 STACK_OF(X509) **ca);

-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,

-			 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,

-						 int mac_iter, int keytype);

-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);

-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,

-						int key_usage, int iter,

-						int key_nid, char *pass);

-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,

-					int safe_nid, int iter, char *pass);

-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);

-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);

-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);

-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);

-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);

-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_PKCS12_strings(void);

-/* Error codes for the PKCS12 functions. */

-/* Function codes. */

-#define PKCS12_F_PARSE_BAG				 129

-#define PKCS12_F_PARSE_BAGS				 103

-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME		 100

-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC		 127

-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI		 102

-#define PKCS12_F_PKCS12_ADD_LOCALKEYID			 104

-#define PKCS12_F_PKCS12_CREATE				 105

-#define PKCS12_F_PKCS12_GEN_MAC				 107

-#define PKCS12_F_PKCS12_INIT				 109

-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I		 106

-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT		 108

-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG		 117

-#define PKCS12_F_PKCS12_KEY_GEN_ASC			 110

-#define PKCS12_F_PKCS12_KEY_GEN_UNI			 111

-#define PKCS12_F_PKCS12_MAKE_KEYBAG			 112

-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG			 113

-#define PKCS12_F_PKCS12_NEWPASS				 128

-#define PKCS12_F_PKCS12_PACK_P7DATA			 114

-#define PKCS12_F_PKCS12_PACK_P7ENCDATA			 115

-#define PKCS12_F_PKCS12_PARSE				 118

-#define PKCS12_F_PKCS12_PBE_CRYPT			 119

-#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120

-#define PKCS12_F_PKCS12_SETUP_MAC			 122

-#define PKCS12_F_PKCS12_SET_MAC				 123

-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES		 130

-#define PKCS12_F_PKCS12_UNPACK_P7DATA			 131

-#define PKCS12_F_PKCS12_VERIFY_MAC			 126

-#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124

-#define PKCS12_F_PKCS8_ENCRYPT				 125

-/* Reason codes. */

-#define PKCS12_R_CANT_PACK_STRUCTURE			 100

-#define PKCS12_R_CONTENT_TYPE_NOT_DATA			 121

-#define PKCS12_R_DECODE_ERROR				 101

-#define PKCS12_R_ENCODE_ERROR				 102

-#define PKCS12_R_ENCRYPT_ERROR				 103

-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120

-#define PKCS12_R_INVALID_NULL_ARGUMENT			 104

-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105

-#define PKCS12_R_IV_GEN_ERROR				 106

-#define PKCS12_R_KEY_GEN_ERROR				 107

-#define PKCS12_R_MAC_ABSENT				 108

-#define PKCS12_R_MAC_GENERATION_ERROR			 109

-#define PKCS12_R_MAC_SETUP_ERROR			 110

-#define PKCS12_R_MAC_STRING_SET_ERROR			 111

-#define PKCS12_R_MAC_VERIFY_ERROR			 112

-#define PKCS12_R_MAC_VERIFY_FAILURE			 113

-#define PKCS12_R_PARSE_ERROR				 114

-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR		 115

-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR		 116

-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR			 117

-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM		 118

-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE		 119

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/pkcs7.h

+++ /dev/null

@@ -1,464 +1,0 @@

-/* crypto/pkcs7/pkcs7.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_PKCS7_H

-#define HEADER_PKCS7_H

-#include <openssl/asn1.h>

-#include <openssl/bio.h>

-#include <openssl/e_os2.h>

-#include <openssl/symhacks.h>

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_SYS_WIN32

-/* Under Win32 thes are defined in wincrypt.h */

-#undef PKCS7_ISSUER_AND_SERIAL

-#undef PKCS7_SIGNER_INFO

-#endif

-/*

-Encryption_ID		DES-CBC

-Digest_ID		MD5

-Digest_Encryption_ID	rsaEncryption

-Key_Encryption_ID	rsaEncryption

-*/

-typedef struct pkcs7_issuer_and_serial_st

-	{

-	X509_NAME *issuer;

-	ASN1_INTEGER *serial;

-	} PKCS7_ISSUER_AND_SERIAL;

-typedef struct pkcs7_signer_info_st

-	{

-	ASN1_INTEGER 			*version;	/* version 1 */

-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;

-	X509_ALGOR			*digest_alg;

-	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */

-	X509_ALGOR			*digest_enc_alg;

-	ASN1_OCTET_STRING		*enc_digest;

-	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */

-	/* The private key to sign with */

-	EVP_PKEY			*pkey;

-	} PKCS7_SIGNER_INFO;

-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)

-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)

-typedef struct pkcs7_recip_info_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;

-	X509_ALGOR			*key_enc_algor;

-	ASN1_OCTET_STRING		*enc_key;

-	X509				*cert; /* get the pub-key from this */

-	} PKCS7_RECIP_INFO;

-DECLARE_STACK_OF(PKCS7_RECIP_INFO)

-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)

-typedef struct pkcs7_signed_st

-	{

-	ASN1_INTEGER			*version;	/* version 1 */

-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */

-	STACK_OF(X509)			*cert;		/* [ 0 ] */

-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */

-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;

-	struct pkcs7_st			*contents;

-	} PKCS7_SIGNED;

-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.

- * How about merging the two */

-typedef struct pkcs7_enc_content_st

-	{

-	ASN1_OBJECT			*content_type;

-	X509_ALGOR			*algorithm;

-	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */

-	const EVP_CIPHER		*cipher;

-	} PKCS7_ENC_CONTENT;

-typedef struct pkcs7_enveloped_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;

-	PKCS7_ENC_CONTENT		*enc_data;

-	} PKCS7_ENVELOPE;

-typedef struct pkcs7_signedandenveloped_st

-	{

-	ASN1_INTEGER			*version;	/* version 1 */

-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */

-	STACK_OF(X509)			*cert;		/* [ 0 ] */

-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */

-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;

-	PKCS7_ENC_CONTENT		*enc_data;

-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;

-	} PKCS7_SIGN_ENVELOPE;

-typedef struct pkcs7_digest_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	X509_ALGOR			*md;		/* md used */

-	struct pkcs7_st 		*contents;

-	ASN1_OCTET_STRING		*digest;

-	} PKCS7_DIGEST;

-typedef struct pkcs7_encrypted_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	PKCS7_ENC_CONTENT		*enc_data;

-	} PKCS7_ENCRYPT;

-typedef struct pkcs7_st

-	{

-	/* The following is non NULL if it contains ASN1 encoding of

-	 * this structure */

-	unsigned char *asn1;

-	long length;

-#define PKCS7_S_HEADER	0

-#define PKCS7_S_BODY	1

-#define PKCS7_S_TAIL	2

-	int state; /* used during processing */

-	int detached;

-	ASN1_OBJECT *type;

-	/* content as defined by the type */

-	/* all encryption/message digests are applied to the 'contents',

-	 * leaving out the 'type' field. */

-	union	{

-		char *ptr;

-		/* NID_pkcs7_data */

-		ASN1_OCTET_STRING *data;

-		/* NID_pkcs7_signed */

-		PKCS7_SIGNED *sign;

-		/* NID_pkcs7_enveloped */

-		PKCS7_ENVELOPE *enveloped;

-		/* NID_pkcs7_signedAndEnveloped */

-		PKCS7_SIGN_ENVELOPE *signed_and_enveloped;

-		/* NID_pkcs7_digest */

-		PKCS7_DIGEST *digest;

-		/* NID_pkcs7_encrypted */

-		PKCS7_ENCRYPT *encrypted;

-		/* Anything else */

-		ASN1_TYPE *other;

-		} d;

-	} PKCS7;

-DECLARE_STACK_OF(PKCS7)

-DECLARE_ASN1_SET_OF(PKCS7)

-DECLARE_PKCS12_STACK_OF(PKCS7)

-#define PKCS7_OP_SET_DETACHED_SIGNATURE	1

-#define PKCS7_OP_GET_DETACHED_SIGNATURE	2

-#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)

-#define PKCS7_get_attributes(si)	((si)->unauth_attr)

-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)

-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)

-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)

-#define PKCS7_type_is_signedAndEnveloped(a) \

-		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)

-#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)

-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)

-#define PKCS7_set_detached(p,v) \

-		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)

-#define PKCS7_get_detached(p) \

-		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)

-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))

-#ifdef SSLEAY_MACROS

-#ifndef PKCS7_ISSUER_AND_SERIAL_digest

-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \

-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\

-	                (char *)data,md,len)

-#endif

-#endif

-/* S/MIME related flags */

-#define PKCS7_TEXT		0x1

-#define PKCS7_NOCERTS		0x2

-#define PKCS7_NOSIGS		0x4

-#define PKCS7_NOCHAIN		0x8

-#define PKCS7_NOINTERN		0x10

-#define PKCS7_NOVERIFY		0x20

-#define PKCS7_DETACHED		0x40

-#define PKCS7_BINARY		0x80

-#define PKCS7_NOATTR		0x100

-#define	PKCS7_NOSMIMECAP	0x200

-#define PKCS7_NOOLDMIMETYPE	0x400

-#define PKCS7_CRLFEOL		0x800

-#define PKCS7_STREAM		0x1000

-#define PKCS7_NOCRL		0x2000

-/* Flags: for compatibility with older code */

-#define SMIME_TEXT	PKCS7_TEXT

-#define SMIME_NOCERTS	PKCS7_NOCERTS

-#define SMIME_NOSIGS	PKCS7_NOSIGS

-#define SMIME_NOCHAIN	PKCS7_NOCHAIN

-#define SMIME_NOINTERN	PKCS7_NOINTERN

-#define SMIME_NOVERIFY	PKCS7_NOVERIFY

-#define SMIME_DETACHED	PKCS7_DETACHED

-#define SMIME_BINARY	PKCS7_BINARY

-#define SMIME_NOATTR	PKCS7_NOATTR

-DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)

-#ifndef SSLEAY_MACROS

-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,

-	unsigned char *md,unsigned int *len);

-#ifndef OPENSSL_NO_FP_API

-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);

-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);

-#endif

-PKCS7 *PKCS7_dup(PKCS7 *p7);

-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);

-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);

-#endif

-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)

-DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)

-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)

-DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)

-DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)

-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)

-DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)

-DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)

-DECLARE_ASN1_FUNCTIONS(PKCS7)

-DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)

-DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)

-DECLARE_ASN1_NDEF_FUNCTION(PKCS7)

-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);

-int PKCS7_set_type(PKCS7 *p7, int type);

-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);

-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);

-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,

-	const EVP_MD *dgst);

-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);

-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);

-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);

-int PKCS7_content_new(PKCS7 *p7, int nid);

-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,

-	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);

-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,

-								X509 *x509);

-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);

-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);

-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);

-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,

-	EVP_PKEY *pkey, const EVP_MD *dgst);

-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);

-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);

-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);

-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);

-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);

-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);

-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);

-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);

-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);

-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,

-	void *data);

-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,

-	void *value);

-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);

-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);

-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,

-				STACK_OF(X509_ATTRIBUTE) *sk);

-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);

-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,

-							BIO *data, int flags);

-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,

-					BIO *indata, BIO *out, int flags);

-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);

-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,

-								int flags);

-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);

-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,

-			      STACK_OF(X509_ALGOR) *cap);

-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);

-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);

-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);

-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);

-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);

-int SMIME_text(BIO *in, BIO *out);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_PKCS7_strings(void);

-/* Error codes for the PKCS7 functions. */

-/* Function codes. */

-#define PKCS7_F_B64_READ_PKCS7				 120

-#define PKCS7_F_B64_WRITE_PKCS7				 121

-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP		 118

-#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100

-#define PKCS7_F_PKCS7_ADD_CRL				 101

-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102

-#define PKCS7_F_PKCS7_ADD_SIGNER			 103

-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST			 125

-#define PKCS7_F_PKCS7_CTRL				 104

-#define PKCS7_F_PKCS7_DATADECODE			 112

-#define PKCS7_F_PKCS7_DATAFINAL				 128

-#define PKCS7_F_PKCS7_DATAINIT				 105

-#define PKCS7_F_PKCS7_DATASIGN				 106

-#define PKCS7_F_PKCS7_DATAVERIFY			 107

-#define PKCS7_F_PKCS7_DECRYPT				 114

-#define PKCS7_F_PKCS7_ENCRYPT				 115

-#define PKCS7_F_PKCS7_FIND_DIGEST			 127

-#define PKCS7_F_PKCS7_GET0_SIGNERS			 124

-#define PKCS7_F_PKCS7_SET_CIPHER			 108

-#define PKCS7_F_PKCS7_SET_CONTENT			 109

-#define PKCS7_F_PKCS7_SET_DIGEST			 126

-#define PKCS7_F_PKCS7_SET_TYPE				 110

-#define PKCS7_F_PKCS7_SIGN				 116

-#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113

-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP			 119

-#define PKCS7_F_PKCS7_VERIFY				 117

-#define PKCS7_F_SMIME_READ_PKCS7			 122

-#define PKCS7_F_SMIME_TEXT				 123

-/* Reason codes. */

-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR		 117

-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 144

-#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116

-#define PKCS7_R_CONTENT_AND_DATA_PRESENT		 118

-#define PKCS7_R_DECODE_ERROR				 130

-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100

-#define PKCS7_R_DECRYPT_ERROR				 119

-#define PKCS7_R_DIGEST_FAILURE				 101

-#define PKCS7_R_ERROR_ADDING_RECIPIENT			 120

-#define PKCS7_R_ERROR_SETTING_CIPHER			 121

-#define PKCS7_R_INVALID_MIME_TYPE			 131

-#define PKCS7_R_INVALID_NULL_POINTER			 143

-#define PKCS7_R_MIME_NO_CONTENT_TYPE			 132

-#define PKCS7_R_MIME_PARSE_ERROR			 133

-#define PKCS7_R_MIME_SIG_PARSE_ERROR			 134

-#define PKCS7_R_MISSING_CERIPEND_INFO			 103

-#define PKCS7_R_NO_CONTENT				 122

-#define PKCS7_R_NO_CONTENT_TYPE				 135

-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE		 136

-#define PKCS7_R_NO_MULTIPART_BOUNDARY			 137

-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115

-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY		 146

-#define PKCS7_R_NO_SIGNATURES_ON_DATA			 123

-#define PKCS7_R_NO_SIGNERS				 142

-#define PKCS7_R_NO_SIG_CONTENT_TYPE			 138

-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104

-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR		 124

-#define PKCS7_R_PKCS7_DATAFINAL				 126

-#define PKCS7_R_PKCS7_DATAFINAL_ERROR			 125

-#define PKCS7_R_PKCS7_DATASIGN				 145

-#define PKCS7_R_PKCS7_PARSE_ERROR			 139

-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR			 140

-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 127

-#define PKCS7_R_SIGNATURE_FAILURE			 105

-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND		 128

-#define PKCS7_R_SIG_INVALID_MIME_TYPE			 141

-#define PKCS7_R_SMIME_TEXT_ERROR			 129

-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106

-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107

-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108

-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109

-#define PKCS7_R_UNKNOWN_OPERATION			 110

-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111

-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112

-#define PKCS7_R_WRONG_CONTENT_TYPE			 113

-#define PKCS7_R_WRONG_PKCS7_TYPE			 114

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/pq_compat.h

+++ /dev/null

@@ -1,147 +1,0 @@

-/* crypto/pqueue/pqueue_compat.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#include <openssl/bn.h>

-/*

- * The purpose of this header file is for supporting 64-bit integer

- * manipulation on 32-bit (and lower) machines.  Currently the only

- * such environment is VMS, Utrix and those with smaller default integer

- * sizes than 32 bits.  For all such environment, we fall back to using

- * BIGNUM.  We may need to fine tune the conditions for systems that

- * are incorrectly configured.

- *

- * The only clients of this code are (1) pqueue for priority, and

- * (2) DTLS, for sequence number manipulation.

- */

-#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)

-#define PQ_64BIT_IS_INTEGER 0

-#define PQ_64BIT_IS_BIGNUM 1

-#define PQ_64BIT     BIGNUM

-#define PQ_64BIT_CTX BN_CTX

-#define pq_64bit_init(x)           BN_init(x)

-#define pq_64bit_free(x)           BN_free(x)

-#define pq_64bit_ctx_new(ctx)      BN_CTX_new()

-#define pq_64bit_ctx_free(x)       BN_CTX_free(x)

-#define pq_64bit_assign(x, y)      BN_copy(x, y)

-#define pq_64bit_assign_word(x, y) BN_set_word(x, y)

-#define pq_64bit_gt(x, y)          BN_ucmp(x, y) >= 1 ? 1 : 0

-#define pq_64bit_eq(x, y)          BN_ucmp(x, y) == 0 ? 1 : 0

-#define pq_64bit_add_word(x, w)    BN_add_word(x, w)

-#define pq_64bit_sub(r, x, y)      BN_sub(r, x, y)

-#define pq_64bit_sub_word(x, w)    BN_sub_word(x, w)

-#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)

-#define pq_64bit_bin2num(bn, bytes, len)   BN_bin2bn(bytes, len, bn)

-#define pq_64bit_num2bin(bn, bytes)        BN_bn2bin(bn, bytes)

-#define pq_64bit_get_word(x)               BN_get_word(x)

-#define pq_64bit_is_bit_set(x, offset)     BN_is_bit_set(x, offset)

-#define pq_64bit_lshift(r, x, shift)       BN_lshift(r, x, shift)

-#define pq_64bit_set_bit(x, num)           BN_set_bit(x, num)

-#define pq_64bit_get_length(x)             BN_num_bits((x))

-#else

-#define PQ_64BIT_IS_INTEGER 1

-#define PQ_64BIT_IS_BIGNUM 0

-#if defined(SIXTY_FOUR_BIT)

-#define PQ_64BIT BN_ULONG

-#define PQ_64BIT_PRINT "%lld"

-#elif defined(SIXTY_FOUR_BIT_LONG)

-#define PQ_64BIT BN_ULONG

-#define PQ_64BIT_PRINT "%ld"

-#elif defined(THIRTY_TWO_BIT)

-#define PQ_64BIT BN_ULLONG

-#define PQ_64BIT_PRINT "%lld"

-#endif

-#define PQ_64BIT_CTX      void

-#define pq_64bit_init(x)

-#define pq_64bit_free(x)

-#define pq_64bit_ctx_new(ctx)        (ctx)

-#define pq_64bit_ctx_free(x)

-#define pq_64bit_assign(x, y)        (*(x) = *(y))

-#define pq_64bit_assign_word(x, y)   (*(x) = y)

-#define pq_64bit_gt(x, y)	         (*(x) > *(y))

-#define pq_64bit_eq(x, y)            (*(x) == *(y))

-#define pq_64bit_add_word(x, w)      (*(x) = (*(x) + (w)))

-#define pq_64bit_sub(r, x, y)        (*(r) = (*(x) - *(y)))

-#define pq_64bit_sub_word(x, w)      (*(x) = (*(x) - (w)))

-#define pq_64bit_mod(r, x, n, ctx)

-#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)

-#define pq_64bit_num2bin(num, bytes)      long_long_to_bytes(num, bytes)

-#define pq_64bit_get_word(x)              *(x)

-#define pq_64bit_lshift(r, x, shift)      (*(r) = (*(x) << (shift)))

-#define pq_64bit_set_bit(x, num)          do { \

-                                              PQ_64BIT mask = 1; \

-                                              mask = mask << (num); \

-                                              *(x) |= mask; \

-                                          } while(0)

-#endif /* OPENSSL_SYS_VMS */

--- a/sys/include/ape/openssl/pqueue.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/pqueue/pqueue.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_PQUEUE_H

-#define HEADER_PQUEUE_H

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/pq_compat.h>

-typedef struct _pqueue *pqueue;

-typedef struct _pitem

-	{

-	PQ_64BIT priority;

-	void *data;

-	struct _pitem *next;

-	} pitem;

-typedef struct _pitem *piterator;

-pitem *pitem_new(PQ_64BIT priority, void *data);

-void   pitem_free(pitem *item);

-pqueue pqueue_new(void);

-void   pqueue_free(pqueue pq);

-pitem *pqueue_insert(pqueue pq, pitem *item);

-pitem *pqueue_peek(pqueue pq);

-pitem *pqueue_pop(pqueue pq);

-pitem *pqueue_find(pqueue pq, PQ_64BIT priority);

-pitem *pqueue_iterator(pqueue pq);

-pitem *pqueue_next(piterator *iter);

-void   pqueue_print(pqueue pq);

-#endif /* ! HEADER_PQUEUE_H */

--- a/sys/include/ape/openssl/rand.h

+++ /dev/null

@@ -1,140 +1,0 @@

-/* crypto/rand/rand.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RAND_H

-#define HEADER_RAND_H

-#include <stdlib.h>

-#include <openssl/ossl_typ.h>

-#include <openssl/e_os2.h>

-#if defined(OPENSSL_SYS_WINDOWS)

-#include <windows.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#if defined(OPENSSL_FIPS)

-#define FIPS_RAND_SIZE_T size_t

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct rand_meth_st RAND_METHOD; */

-struct rand_meth_st

-	{

-	void (*seed)(const void *buf, int num);

-	int (*bytes)(unsigned char *buf, int num);

-	void (*cleanup)(void);

-	void (*add)(const void *buf, int num, double entropy);

-	int (*pseudorand)(unsigned char *buf, int num);

-	int (*status)(void);

-	};

-#ifdef BN_DEBUG

-extern int rand_predictable;

-#endif

-int RAND_set_rand_method(const RAND_METHOD *meth);

-const RAND_METHOD *RAND_get_rand_method(void);

-#ifndef OPENSSL_NO_ENGINE

-int RAND_set_rand_engine(ENGINE *engine);

-#endif

-RAND_METHOD *RAND_SSLeay(void);

-void RAND_cleanup(void );

-int  RAND_bytes(unsigned char *buf,int num);

-int  RAND_pseudo_bytes(unsigned char *buf,int num);

-void RAND_seed(const void *buf,int num);

-void RAND_add(const void *buf,int num,double entropy);

-int  RAND_load_file(const char *file,long max_bytes);

-int  RAND_write_file(const char *file);

-const char *RAND_file_name(char *file,size_t num);

-int RAND_status(void);

-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);

-int RAND_egd(const char *path);

-int RAND_egd_bytes(const char *path,int bytes);

-int RAND_poll(void);

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)

-void RAND_screen(void);

-int RAND_event(UINT, WPARAM, LPARAM);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_RAND_strings(void);

-/* Error codes for the RAND functions. */

-/* Function codes. */

-#define RAND_F_RAND_GET_RAND_METHOD			 101

-#define RAND_F_SSLEAY_RAND_BYTES			 100

-/* Reason codes. */

-#define RAND_R_PRNG_NOT_SEEDED				 100

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/rc2.h

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/rc2/rc2.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RC2_H

-#define HEADER_RC2_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */

-#ifdef OPENSSL_NO_RC2

-#error RC2 is disabled.

-#endif

-#define RC2_ENCRYPT	1

-#define RC2_DECRYPT	0

-#define RC2_BLOCK	8

-#define RC2_KEY_LENGTH	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct rc2_key_st

-	{

-	RC2_INT data[64];

-	} RC2_KEY;

-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);

-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,

-		     int enc);

-void RC2_encrypt(unsigned long *data,RC2_KEY *key);

-void RC2_decrypt(unsigned long *data,RC2_KEY *key);

-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	RC2_KEY *ks, unsigned char *iv, int enc);

-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, RC2_KEY *schedule, unsigned char *ivec,

-		       int *num, int enc);

-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, RC2_KEY *schedule, unsigned char *ivec,

-		       int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/rc4.h

+++ /dev/null

@@ -1,87 +1,0 @@

-/* crypto/rc4/rc4.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RC4_H

-#define HEADER_RC4_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */

-#ifdef OPENSSL_NO_RC4

-#error RC4 is disabled.

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct rc4_key_st

-	{

-	RC4_INT x,y;

-	RC4_INT data[256];

-	} RC4_KEY;

-const char *RC4_options(void);

-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);

-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,

-		unsigned char *outdata);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/rc5.h

+++ /dev/null

@@ -1,118 +1,0 @@

-/* crypto/rc5/rc5.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RC5_H

-#define HEADER_RC5_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC5 */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_RC5

-#error RC5 is disabled.

-#endif

-#define RC5_ENCRYPT	1

-#define RC5_DECRYPT	0

-/* 32 bit.  For Alpha, things may get weird */

-#define RC5_32_INT unsigned long

-#define RC5_32_BLOCK		8

-#define RC5_32_KEY_LENGTH	16 /* This is a default, max is 255 */

-/* This are the only values supported.  Tweak the code if you want more

- * The most supported modes will be

- * RC5-32/12/16

- * RC5-32/16/8

- */

-#define RC5_8_ROUNDS	8

-#define RC5_12_ROUNDS	12

-#define RC5_16_ROUNDS	16

-typedef struct rc5_key_st

-	{

-	/* Number of rounds */

-	int rounds;

-	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];

-	} RC5_32_KEY;

-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,

-	int rounds);

-void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,

-	int enc);

-void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);

-void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);

-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,

-			long length, RC5_32_KEY *ks, unsigned char *iv,

-			int enc);

-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			  long length, RC5_32_KEY *schedule,

-			  unsigned char *ivec, int *num, int enc);

-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			  long length, RC5_32_KEY *schedule,

-			  unsigned char *ivec, int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ripemd.h

+++ /dev/null

@@ -1,104 +1,0 @@

-/* crypto/ripemd/ripemd.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RIPEMD_H

-#define HEADER_RIPEMD_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_RIPEMD

-#error RIPEMD is disabled.

-#endif

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define RIPEMD160_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define RIPEMD160_LONG unsigned long

-#define RIPEMD160_LONG_LOG2 3

-#else

-#define RIPEMD160_LONG unsigned int

-#endif

-#define RIPEMD160_CBLOCK	64

-#define RIPEMD160_LBLOCK	(RIPEMD160_CBLOCK/4)

-#define RIPEMD160_DIGEST_LENGTH	20

-typedef struct RIPEMD160state_st

-	{

-	RIPEMD160_LONG A,B,C,D,E;

-	RIPEMD160_LONG Nl,Nh;

-	RIPEMD160_LONG data[RIPEMD160_LBLOCK];

-	unsigned int   num;

-	} RIPEMD160_CTX;

-int RIPEMD160_Init(RIPEMD160_CTX *c);

-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);

-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

-unsigned char *RIPEMD160(const unsigned char *d, size_t n,

-	unsigned char *md);

-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/rpc_des.h

+++ /dev/null

@@ -1,131 +1,0 @@

-/* crypto/des/rpc_des.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*  @(#)des.h	2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */

-/*

- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for

- * unrestricted use provided that this legend is included on all tape

- * media and as a part of the software program in whole or part.  Users

- * may copy or modify Sun RPC without charge, but are not authorized

- * to license or distribute it to anyone else except as part of a product or

- * program developed by the user.

- *

- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE

- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.

- *

- * Sun RPC is provided with no support and without any obligation on the

- * part of Sun Microsystems, Inc. to assist in its use, correction,

- * modification or enhancement.

- *

- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE

- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC

- * OR ANY PART THEREOF.

- *

- * In no event will Sun Microsystems, Inc. be liable for any lost revenue

- * or profits or other special, indirect and consequential damages, even if

- * Sun has been advised of the possibility of such damages.

- *

- * Sun Microsystems, Inc.

- * 2550 Garcia Avenue

- * Mountain View, California  94043

- */

-/*

- * Generic DES driver interface

- * Keep this file hardware independent!

- * Copyright (c) 1986 by Sun Microsystems, Inc.

- */

-#define DES_MAXLEN 	65536	/* maximum # of bytes to encrypt  */

-#define DES_QUICKLEN	16	/* maximum # of bytes to encrypt quickly */

-#ifdef HEADER_DES_H

-#undef ENCRYPT

-#undef DECRYPT

-#endif

-enum desdir { ENCRYPT, DECRYPT };

-enum desmode { CBC, ECB };

-/*

- * parameters to ioctl call

- */

-struct desparams {

-	unsigned char des_key[8];	/* key (with low bit parity) */

-	enum desdir des_dir;	/* direction */

-	enum desmode des_mode;	/* mode */

-	unsigned char des_ivec[8];	/* input vector */

-	unsigned des_len;	/* number of bytes to crypt */

-	union {

-		unsigned char UDES_data[DES_QUICKLEN];

-		unsigned char *UDES_buf;

-	} UDES;

-#	define des_data UDES.UDES_data	/* direct data here if quick */

-#	define des_buf	UDES.UDES_buf	/* otherwise, pointer to data */

-};

-/*

- * Encrypt an arbitrary sized buffer

- */

-#define	DESIOCBLOCK	_IOWR(d, 6, struct desparams)

-/*

- * Encrypt of small amount of data, quickly

- */

-#define DESIOCQUICK	_IOWR(d, 7, struct desparams)

--- a/sys/include/ape/openssl/rsa.h

+++ /dev/null

@@ -1,455 +1,0 @@

-/* crypto/rsa/rsa.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RSA_H

-#define HEADER_RSA_H

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/crypto.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef OPENSSL_NO_RSA

-#error RSA is disabled.

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Declared already in ossl_typ.h */

-/* typedef struct rsa_st RSA; */

-/* typedef struct rsa_meth_st RSA_METHOD; */

-struct rsa_meth_st

-	{

-	const char *name;

-	int (*rsa_pub_enc)(int flen,const unsigned char *from,

-			   unsigned char *to,

-			   RSA *rsa,int padding);

-	int (*rsa_pub_dec)(int flen,const unsigned char *from,

-			   unsigned char *to,

-			   RSA *rsa,int padding);

-	int (*rsa_priv_enc)(int flen,const unsigned char *from,

-			    unsigned char *to,

-			    RSA *rsa,int padding);

-	int (*rsa_priv_dec)(int flen,const unsigned char *from,

-			    unsigned char *to,

-			    RSA *rsa,int padding);

-	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */

-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx,

-			  BN_MONT_CTX *m_ctx); /* Can be null */

-	int (*init)(RSA *rsa);		/* called at new */

-	int (*finish)(RSA *rsa);	/* called at free */

-	int flags;			/* RSA_METHOD_FLAG_* things */

-	char *app_data;			/* may be needed! */

-/* New sign and verify functions: some libraries don't allow arbitrary data

- * to be signed/verified: this allows them to be used. Note: for this to work

- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used

- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards

- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER

- * option is set in 'flags'.

- */

-	int (*rsa_sign)(int type,

-		const unsigned char *m, unsigned int m_length,

-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);

-	int (*rsa_verify)(int dtype,

-		const unsigned char *m, unsigned int m_length,

-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);

-/* If this callback is NULL, the builtin software RSA key-gen will be used. This

- * is for behavioural compatibility whilst the code gets rewired, but one day

- * it would be nice to assume there are no such things as "builtin software"

- * implementations. */

-	int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);

-	};

-struct rsa_st

-	{

-	/* The first parameter is used to pickup errors where

-	 * this is passed instead of aEVP_PKEY, it is set to 0 */

-	int pad;

-	long version;

-	const RSA_METHOD *meth;

-	/* functional reference if 'meth' is ENGINE-provided */

-	ENGINE *engine;

-	BIGNUM *n;

-	BIGNUM *e;

-	BIGNUM *d;

-	BIGNUM *p;

-	BIGNUM *q;

-	BIGNUM *dmp1;

-	BIGNUM *dmq1;

-	BIGNUM *iqmp;

-	/* be careful using this if the RSA structure is shared */

-	CRYPTO_EX_DATA ex_data;

-	int references;

-	int flags;

-	/* Used to cache montgomery values */

-	BN_MONT_CTX *_method_mod_n;

-	BN_MONT_CTX *_method_mod_p;

-	BN_MONT_CTX *_method_mod_q;

-	/* all BIGNUM values are actually in the following data, if it is not

-	 * NULL */

-	char *bignum_data;

-	BN_BLINDING *blinding;

-	BN_BLINDING *mt_blinding;

-	};

-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS

-# define OPENSSL_RSA_MAX_MODULUS_BITS	16384

-#endif

-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS

-# define OPENSSL_RSA_SMALL_MODULUS_BITS	3072

-#endif

-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS

-# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */

-#endif

-#define RSA_3	0x3L

-#define RSA_F4	0x10001L

-#define RSA_METHOD_FLAG_NO_CHECK	0x0001 /* don't check pub/private match */

-#define RSA_FLAG_CACHE_PUBLIC		0x0002

-#define RSA_FLAG_CACHE_PRIVATE		0x0004

-#define RSA_FLAG_BLINDING		0x0008

-#define RSA_FLAG_THREAD_SAFE		0x0010

-/* This flag means the private key operations will be handled by rsa_mod_exp

- * and that they do not depend on the private key components being present:

- * for example a key stored in external hardware. Without this flag bn_mod_exp

- * gets called when private key components are absent.

- */

-#define RSA_FLAG_EXT_PKEY		0x0020

-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.

- */

-#define RSA_FLAG_SIGN_VER		0x0040

-#define RSA_FLAG_NO_BLINDING		0x0080 /* new with 0.9.6j and 0.9.7b; the built-in

-                                                * RSA implementation now uses blinding by

-                                                * default (ignoring RSA_FLAG_BLINDING),

-                                                * but other engines might not need it

-                                                */

-#define RSA_FLAG_NO_CONSTTIME		0x0100 /* new with 0.9.8f; the built-in RSA

-						* implementation now uses constant time

-						* operations by default in private key operations,

-						* e.g., constant time modular exponentiation,

-                                                * modular inverse without leaking branches,

-                                                * division without leaking branches. This

-                                                * flag disables these constant time

-                                                * operations and results in faster RSA

-                                                * private key operations.

-                                                */

-#ifndef OPENSSL_NO_DEPRECATED

-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/

-                                                /* new with 0.9.7h; the built-in RSA

-                                                * implementation now uses constant time

-                                                * modular exponentiation for secret exponents

-                                                * by default. This flag causes the

-                                                * faster variable sliding window method to

-                                                * be used for all exponents.

-                                                */

-#endif

-#define RSA_PKCS1_PADDING	1

-#define RSA_SSLV23_PADDING	2

-#define RSA_NO_PADDING		3

-#define RSA_PKCS1_OAEP_PADDING	4

-#define RSA_X931_PADDING	5

-#define RSA_PKCS1_PADDING_SIZE	11

-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)

-#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)

-RSA *	RSA_new(void);

-RSA *	RSA_new_method(ENGINE *engine);

-int	RSA_size(const RSA *);

-/* Deprecated version */

-#ifndef OPENSSL_NO_DEPRECATED

-RSA *	RSA_generate_key(int bits, unsigned long e,void

-		(*callback)(int,int,void *),void *cb_arg);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* New version */

-int	RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);

-int	RSA_check_key(const RSA *);

-	/* next 4 return -1 on error */

-int	RSA_public_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-int	RSA_private_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-int	RSA_public_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-int	RSA_private_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-void	RSA_free (RSA *r);

-/* "up" the RSA object's reference count */

-int	RSA_up_ref(RSA *r);

-int	RSA_flags(const RSA *r);

-void RSA_set_default_method(const RSA_METHOD *meth);

-const RSA_METHOD *RSA_get_default_method(void);

-const RSA_METHOD *RSA_get_method(const RSA *rsa);

-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);

-/* This function needs the memory locking malloc callbacks to be installed */

-int RSA_memory_lock(RSA *r);

-/* these are the actual SSLeay RSA functions */

-const RSA_METHOD *RSA_PKCS1_SSLeay(void);

-const RSA_METHOD *RSA_null_method(void);

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)

-#ifndef OPENSSL_NO_FP_API

-int	RSA_print_fp(FILE *fp, const RSA *r,int offset);

-#endif

-#ifndef OPENSSL_NO_BIO

-int	RSA_print(BIO *bp, const RSA *r,int offset);

-#endif

-int i2d_RSA_NET(const RSA *a, unsigned char **pp,

-		int (*cb)(char *buf, int len, const char *prompt, int verify),

-		int sgckey);

-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,

-		 int (*cb)(char *buf, int len, const char *prompt, int verify),

-		 int sgckey);

-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,

-		     int (*cb)(char *buf, int len, const char *prompt,

-			       int verify));

-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,

-		      int (*cb)(char *buf, int len, const char *prompt,

-				int verify));

-/* The following 2 functions sign and verify a X509_SIG ASN1 object

- * inside PKCS#1 padded RSA encryption */

-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,

-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);

-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,

-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

-/* The following 2 function sign and verify a ASN1_OCTET_STRING

- * object inside PKCS#1 padded RSA encryption */

-int RSA_sign_ASN1_OCTET_STRING(int type,

-	const unsigned char *m, unsigned int m_length,

-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);

-int RSA_verify_ASN1_OCTET_STRING(int type,

-	const unsigned char *m, unsigned int m_length,

-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);

-void RSA_blinding_off(RSA *rsa);

-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);

-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int PKCS1_MGF1(unsigned char *mask, long len,

-	const unsigned char *seed, long seedlen, const EVP_MD *dgst);

-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,

-	const unsigned char *p,int pl);

-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len,

-	const unsigned char *p,int pl);

-int RSA_padding_add_SSLv23(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_SSLv23(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_padding_add_none(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_none(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_padding_add_X931(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_X931(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_X931_hash_id(int nid);

-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,

-			const EVP_MD *Hash, const unsigned char *EM, int sLen);

-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,

-			const unsigned char *mHash,

-			const EVP_MD *Hash, int sLen);

-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int RSA_set_ex_data(RSA *r,int idx,void *arg);

-void *RSA_get_ex_data(const RSA *r, int idx);

-RSA *RSAPublicKey_dup(RSA *rsa);

-RSA *RSAPrivateKey_dup(RSA *rsa);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_RSA_strings(void);

-/* Error codes for the RSA functions. */

-/* Function codes. */

-#define RSA_F_MEMORY_LOCK				 100

-#define RSA_F_RSA_BUILTIN_KEYGEN			 129

-#define RSA_F_RSA_CHECK_KEY				 123

-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101

-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102

-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103

-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104

-#define RSA_F_RSA_GENERATE_KEY				 105

-#define RSA_F_RSA_MEMORY_LOCK				 130

-#define RSA_F_RSA_NEW_METHOD				 106

-#define RSA_F_RSA_NULL					 124

-#define RSA_F_RSA_NULL_MOD_EXP				 131

-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT			 132

-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT			 133

-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT			 134

-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT			 135

-#define RSA_F_RSA_PADDING_ADD_NONE			 107

-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121

-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125

-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108

-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109

-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110

-#define RSA_F_RSA_PADDING_ADD_X931			 127

-#define RSA_F_RSA_PADDING_CHECK_NONE			 111

-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122

-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112

-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113

-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114

-#define RSA_F_RSA_PADDING_CHECK_X931			 128

-#define RSA_F_RSA_PRINT					 115

-#define RSA_F_RSA_PRINT_FP				 116

-#define RSA_F_RSA_SETUP_BLINDING			 136

-#define RSA_F_RSA_SIGN					 117

-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118

-#define RSA_F_RSA_VERIFY				 119

-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120

-#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126

-/* Reason codes. */

-#define RSA_R_ALGORITHM_MISMATCH			 100

-#define RSA_R_BAD_E_VALUE				 101

-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102

-#define RSA_R_BAD_PAD_BYTE_COUNT			 103

-#define RSA_R_BAD_SIGNATURE				 104

-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106

-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107

-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108

-#define RSA_R_DATA_TOO_LARGE				 109

-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110

-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132

-#define RSA_R_DATA_TOO_SMALL				 111

-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122

-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112

-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124

-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125

-#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123

-#define RSA_R_FIRST_OCTET_INVALID			 133

-#define RSA_R_INVALID_HEADER				 137

-#define RSA_R_INVALID_MESSAGE_LENGTH			 131

-#define RSA_R_INVALID_PADDING				 138

-#define RSA_R_INVALID_TRAILER				 139

-#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126

-#define RSA_R_KEY_SIZE_TOO_SMALL			 120

-#define RSA_R_LAST_OCTET_INVALID			 134

-#define RSA_R_MODULUS_TOO_LARGE				 105

-#define RSA_R_NO_PUBLIC_EXPONENT			 140

-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113

-#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127

-#define RSA_R_OAEP_DECODING_ERROR			 121

-#define RSA_R_PADDING_CHECK_FAILED			 114

-#define RSA_R_P_NOT_PRIME				 128

-#define RSA_R_Q_NOT_PRIME				 129

-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130

-#define RSA_R_SLEN_CHECK_FAILED				 136

-#define RSA_R_SLEN_RECOVERY_FAILED			 135

-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115

-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116

-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117

-#define RSA_R_UNKNOWN_PADDING_TYPE			 118

-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/rsaref_err.h

+++ /dev/null

@@ -1,109 +1,0 @@

-/* rsaref_err.h */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_RSAREF_ERR_H

-#define HEADER_RSAREF_ERR_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_RSAREF_strings(void);

-static void ERR_unload_RSAREF_strings(void);

-static void ERR_RSAREF_error(int function, int reason, char *file, int line);

-#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the RSAREF functions. */

-/* Function codes. */

-#define RSAREF_F_BNREF_MOD_EXP				 100

-#define RSAREF_F_CIPHER_DES_CBC_CODE			 112

-#define RSAREF_F_RSAREF_BN2BIN				 101

-#define RSAREF_F_RSAREF_MOD_EXP				 102

-#define RSAREF_F_RSAREF_PRIVATE_DECRYPT			 103

-#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT			 104

-#define RSAREF_F_RSAREF_PUBLIC_DECRYPT			 105

-#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT			 106

-#define RSAREF_F_RSA_BN2BIN				 107

-#define RSAREF_F_RSA_PRIVATE_DECRYPT			 108

-#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 109

-#define RSAREF_F_RSA_PUBLIC_DECRYPT			 110

-#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 111

-/* Reason codes. */

-#define RSAREF_R_CONTENT_ENCODING			 100

-#define RSAREF_R_DATA					 101

-#define RSAREF_R_DIGEST_ALGORITHM			 102

-#define RSAREF_R_ENCODING				 103

-#define RSAREF_R_ENCRYPTION_ALGORITHM			 104

-#define RSAREF_R_KEY					 105

-#define RSAREF_R_KEY_ENCODING				 106

-#define RSAREF_R_LEN					 107

-#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED		 114

-#define RSAREF_R_MODULUS_LEN				 108

-#define RSAREF_R_NEED_RANDOM				 109

-#define RSAREF_R_PRIVATE_KEY				 110

-#define RSAREF_R_PUBLIC_KEY				 111

-#define RSAREF_R_SIGNATURE				 112

-#define RSAREF_R_SIGNATURE_ENCODING			 113

-#define RSAREF_R_UNKNOWN_FAULT				 115

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/safestack.h

+++ /dev/null

@@ -1,1854 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SAFESTACK_H

-#define HEADER_SAFESTACK_H

-#include <openssl/stack.h>

-#ifdef DEBUG_SAFESTACK

-#ifndef CHECKED_PTR_OF

-#define CHECKED_PTR_OF(type, p) \

-    ((void*) (1 ? p : (type*)0))

-#endif

-#define CHECKED_SK_FREE_FUNC(type, p) \

-    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))

-#define CHECKED_SK_CMP_FUNC(type, p) \

-    ((int (*)(const char * const *, const char * const *)) \

-	((1 ? p : (int (*)(const type * const *, const type * const *))0)))

-#define STACK_OF(type) struct stack_st_##type

-#define PREDECLARE_STACK_OF(type) STACK_OF(type);

-#define DECLARE_STACK_OF(type) \

-STACK_OF(type) \

-    { \

-    STACK stack; \

-    };

-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/

-/* SKM_sk_... stack macros are internal to safestack.h:

- * never use them directly, use sk_<type>_... instead */

-#define SKM_sk_new(type, cmp) \

-	((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))

-#define SKM_sk_new_null(type) \

-	((STACK_OF(type) *)sk_new_null())

-#define SKM_sk_free(type, st) \

-	sk_free(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_num(type, st) \

-	sk_num(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_value(type, st,i) \

-	((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))

-#define SKM_sk_set(type, st,i,val) \

-	sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))

-#define SKM_sk_zero(type, st) \

-	sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_push(type, st,val) \

-	sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))

-#define SKM_sk_unshift(type, st,val) \

-	sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))

-#define SKM_sk_find(type, st,val) \

-	sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))

-#define SKM_sk_delete(type, st,i) \

-	(type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)

-#define SKM_sk_delete_ptr(type, st,ptr) \

-	(type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))

-#define SKM_sk_insert(type, st,val,i) \

-	sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)

-#define SKM_sk_set_cmp_func(type, st,cmp) \

-	((int (*)(const type * const *,const type * const *)) \

-	sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))

-#define SKM_sk_dup(type, st) \

-	(STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_pop_free(type, st,free_func) \

-	sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))

-#define SKM_sk_shift(type, st) \

-	(type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_pop(type, st) \

-	(type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_sort(type, st) \

-	sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_is_sorted(type, st) \

-	sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))

-#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \

-				pp, length, \

-				CHECKED_D2I_OF(type, d2i_func), \

-				CHECKED_SK_FREE_FUNC(type, free_func), \

-				ex_tag, ex_class)

-#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \

-				CHECKED_I2D_OF(type, i2d_func), \

-				ex_tag, ex_class, is_set)

-#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \

-	ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \

-			CHECKED_I2D_OF(type, i2d_func), buf, len)

-#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \

-	(STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))

-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \

-				CHECKED_D2I_OF(type, d2i_func), \

-				CHECKED_SK_FREE_FUNC(type, free_func), \

-				pass, passlen, oct, seq)

-#else

-#define STACK_OF(type) STACK

-#define PREDECLARE_STACK_OF(type) /* nada */

-#define DECLARE_STACK_OF(type)    /* nada */

-#define IMPLEMENT_STACK_OF(type)  /* nada */

-#define SKM_sk_new(type, cmp) \

-	sk_new((int (*)(const char * const *, const char * const *))(cmp))

-#define SKM_sk_new_null(type) \

-	sk_new_null()

-#define SKM_sk_free(type, st) \

-	sk_free(st)

-#define SKM_sk_num(type, st) \

-	sk_num(st)

-#define SKM_sk_value(type, st,i) \

-	((type *)sk_value(st, i))

-#define SKM_sk_set(type, st,i,val) \

-	((type *)sk_set(st, i,(char *)val))

-#define SKM_sk_zero(type, st) \

-	sk_zero(st)

-#define SKM_sk_push(type, st,val) \

-	sk_push(st, (char *)val)

-#define SKM_sk_unshift(type, st,val) \

-	sk_unshift(st, val)

-#define SKM_sk_find(type, st,val) \

-	sk_find(st, (char *)val)

-#define SKM_sk_delete(type, st,i) \

-	((type *)sk_delete(st, i))

-#define SKM_sk_delete_ptr(type, st,ptr) \

-	((type *)sk_delete_ptr(st,(char *)ptr))

-#define SKM_sk_insert(type, st,val,i) \

-	sk_insert(st, (char *)val, i)

-#define SKM_sk_set_cmp_func(type, st,cmp) \

-	((int (*)(const type * const *,const type * const *)) \

-	sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))

-#define SKM_sk_dup(type, st) \

-	sk_dup(st)

-#define SKM_sk_pop_free(type, st,free_func) \

-	sk_pop_free(st, (void (*)(void *))free_func)

-#define SKM_sk_shift(type, st) \

-	((type *)sk_shift(st))

-#define SKM_sk_pop(type, st) \

-	((type *)sk_pop(st))

-#define SKM_sk_sort(type, st) \

-	sk_sort(st)

-#define SKM_sk_is_sorted(type, st) \

-	sk_is_sorted(st)

-#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)

-#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)

-#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \

-	ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)

-#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \

-	ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)

-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))

-#endif

-/* This block of defines is updated by util/mkstack.pl, please do not touch! */

-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)

-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))

-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))

-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))

-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))

-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))

-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))

-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)

-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))

-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))

-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))

-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)

-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))

-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))

-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))

-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))

-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))

-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))

-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))

-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))

-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))

-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)

-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))

-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))

-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))

-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))

-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))

-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)

-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))

-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))

-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))

-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))

-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))

-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))

-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)

-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))

-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)

-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))

-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))

-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))

-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))

-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))

-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))

-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)

-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))

-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))

-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)

-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))

-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))

-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))

-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))

-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))

-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))

-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)

-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))

-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))

-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)

-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))

-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))

-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))

-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))

-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))

-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))

-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)

-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))

-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)

-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))

-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))

-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))

-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))

-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))

-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))

-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)

-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))

-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))

-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)

-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))

-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))

-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))

-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))

-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))

-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))

-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)

-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))

-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))

-#define sk_BIO_new(st) SKM_sk_new(BIO, (st))

-#define sk_BIO_new_null() SKM_sk_new_null(BIO)

-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))

-#define sk_BIO_num(st) SKM_sk_num(BIO, (st))

-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))

-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))

-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))

-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))

-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))

-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))

-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))

-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))

-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))

-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))

-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))

-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)

-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))

-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))

-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))

-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))

-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))

-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)

-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))

-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))

-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))

-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))

-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))

-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))

-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)

-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))

-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))

-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))

-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)

-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))

-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))

-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))

-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))

-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))

-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))

-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))

-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))

-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))

-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)

-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))

-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))

-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))

-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))

-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))

-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))

-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)

-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))

-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))

-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))

-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))

-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))

-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))

-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))

-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))

-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))

-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)

-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))

-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))

-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))

-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))

-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)

-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))

-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))

-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))

-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))

-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))

-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)

-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))

-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)

-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))

-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))

-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))

-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))

-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))

-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))

-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)

-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))

-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))

-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))

-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)

-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))

-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))

-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))

-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))

-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))

-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))

-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))

-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))

-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))

-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)

-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))

-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))

-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))

-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))

-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))

-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))

-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)

-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))

-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))

-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))

-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))

-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))

-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))

-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))

-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))

-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))

-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))

-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))

-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))

-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))

-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)

-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))

-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))

-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))

-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))

-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))

-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)

-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))

-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))

-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))

-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))

-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))

-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))

-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)

-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))

-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))

-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)

-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))

-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))

-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))

-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))

-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))

-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))

-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)

-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))

-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))

-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)

-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))

-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))

-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))

-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))

-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))

-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))

-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)

-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))

-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))

-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))

-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)

-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))

-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))

-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))

-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))

-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))

-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))

-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))

-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))

-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))

-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)

-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))

-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))

-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))

-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))

-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))

-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)

-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))

-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))

-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))

-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))

-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))

-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))

-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)

-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))

-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))

-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)

-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))

-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))

-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))

-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))

-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))

-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))

-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)

-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))

-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))

-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)

-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))

-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))

-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))

-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))

-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))

-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))

-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)

-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))

-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)

-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))

-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))

-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))

-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))

-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))

-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))

-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)

-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))

-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)

-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))

-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))

-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))

-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))

-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))

-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))

-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)

-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))

-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))

-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)

-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))

-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))

-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))

-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))

-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))

-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))

-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)

-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))

-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)

-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))

-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))

-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))

-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))

-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))

-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))

-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)

-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))

-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))

-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)

-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))

-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))

-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))

-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))

-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))

-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))

-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)

-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))

-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))

-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)

-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))

-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))

-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))

-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))

-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))

-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))

-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)

-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))

-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))

-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))

-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)

-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))

-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))

-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))

-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))

-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))

-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))

-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))

-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))

-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))

-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)

-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))

-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))

-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))

-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))

-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))

-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))

-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)

-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))

-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))

-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))

-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))

-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))

-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))

-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))

-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))

-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))

-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)

-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))

-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))

-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))

-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))

-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))

-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)

-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))

-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))

-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))

-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))

-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))

-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))

-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)

-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))

-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))

-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)

-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))

-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))

-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))

-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))

-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))

-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))

-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)

-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))

-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))

-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)

-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))

-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))

-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))

-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))

-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))

-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))

-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)

-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))

-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))

-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)

-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))

-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))

-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))

-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))

-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))

-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))

-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)

-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))

-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))

-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)

-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))

-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))

-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))

-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))

-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))

-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))

-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)

-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))

-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))

-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))

-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)

-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))

-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))

-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))

-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))

-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))

-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))

-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))

-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))

-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))

-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))

-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))

-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))

-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))

-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)

-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))

-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))

-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))

-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))

-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))

-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)

-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))

-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))

-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))

-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))

-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))

-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))

-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)

-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))

-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)

-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))

-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))

-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))

-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))

-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))

-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))

-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)

-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))

-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))

-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))

-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)

-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))

-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))

-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))

-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))

-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))

-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))

-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))

-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))

-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))

-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)

-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))

-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))

-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))

-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))

-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))

-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)

-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))

-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))

-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))

-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))

-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))

-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))

-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)

-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))

-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))

-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)

-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))

-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))

-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))

-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))

-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))

-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))

-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)

-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))

-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))

-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)

-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))

-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))

-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))

-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))

-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))

-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))

-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)

-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))

-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))

-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))

-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)

-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))

-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))

-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))

-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))

-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))

-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))

-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))

-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))

-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))

-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)

-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))

-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))

-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))

-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))

-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))

-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)

-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))

-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))

-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))

-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))

-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))

-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))

-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)

-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))

-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))

-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))

-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)

-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))

-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))

-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))

-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))

-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))

-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))

-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))

-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))

-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))

-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))

-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))

-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))

-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))

-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)

-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))

-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))

-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))

-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))

-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))

-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))

-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)

-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))

-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))

-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))

-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))

-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))

-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))

-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))

-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))

-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))

-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))

-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))

-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))

-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))

-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)

-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))

-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))

-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))

-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))

-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))

-#define sk_X509_new(st) SKM_sk_new(X509, (st))

-#define sk_X509_new_null() SKM_sk_new_null(X509)

-#define sk_X509_free(st) SKM_sk_free(X509, (st))

-#define sk_X509_num(st) SKM_sk_num(X509, (st))

-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))

-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))

-#define sk_X509_zero(st) SKM_sk_zero(X509, (st))

-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))

-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))

-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))

-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))

-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))

-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))

-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))

-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))

-#define sk_X509_dup(st) SKM_sk_dup(X509, st)

-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))

-#define sk_X509_shift(st) SKM_sk_shift(X509, (st))

-#define sk_X509_pop(st) SKM_sk_pop(X509, (st))

-#define sk_X509_sort(st) SKM_sk_sort(X509, (st))

-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))

-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)

-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))

-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))

-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))

-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))

-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))

-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))

-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)

-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))

-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))

-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))

-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)

-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))

-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))

-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))

-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))

-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))

-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))

-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))

-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))

-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))

-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)

-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))

-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))

-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))

-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))

-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))

-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)

-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))

-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))

-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))

-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))

-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))

-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))

-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)

-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))

-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))

-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))

-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)

-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))

-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))

-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))

-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))

-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))

-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))

-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))

-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))

-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))

-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))

-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))

-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))

-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))

-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)

-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))

-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))

-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))

-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))

-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))

-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)

-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))

-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))

-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))

-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))

-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))

-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))

-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)

-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))

-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))

-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))

-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)

-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))

-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))

-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))

-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))

-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))

-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))

-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))

-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))

-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))

-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))

-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))

-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))

-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))

-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)

-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))

-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))

-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))

-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))

-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))

-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)

-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))

-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))

-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))

-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))

-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))

-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))

-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)

-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))

-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))

-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))

-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)

-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))

-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))

-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))

-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))

-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))

-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))

-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))

-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))

-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))

-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))

-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))

-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))

-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))

-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)

-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))

-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))

-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))

-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))

-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))

-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)

-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))

-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))

-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))

-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))

-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))

-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))

-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)

-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))

-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))

-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))

-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)

-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))

-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))

-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))

-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))

-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))

-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))

-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))

-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))

-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))

-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)

-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))

-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))

-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))

-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))

-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))

-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)

-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))

-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))

-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))

-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))

-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))

-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))

-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)

-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))

-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)

-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))

-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))

-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))

-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))

-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))

-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))

-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)

-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))

-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)

-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))

-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))

-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))

-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))

-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))

-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))

-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)

-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))

-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))

-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)

-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))

-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))

-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))

-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))

-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))

-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))

-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)

-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))

-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))

-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))

-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)

-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))

-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))

-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))

-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))

-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))

-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))

-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))

-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))

-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))

-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)

-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))

-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))

-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))

-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))

-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))

-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))

-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)

-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))

-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))

-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))

-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))

-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))

-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))

-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))

-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))

-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))

-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)

-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))

-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))

-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))

-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))

-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))

-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)

-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))

-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))

-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))

-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))

-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))

-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))

-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)

-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))

-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))

-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))

-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))

-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))

-/* End of util/mkstack.pl block, you may now edit :-) */

-#endif /* !defined HEADER_SAFESTACK_H */

--- a/sys/include/ape/openssl/seed.h

+++ /dev/null

@@ -1,135 +1,0 @@

-/*

- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Neither the name of author nor the names of its contributors may

- *    be used to endorse or promote products derived from this software

- *    without specific prior written permission.

- *

- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SEED_H

-#define HEADER_SEED_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_SEED

-#error SEED is disabled.

-#endif

-#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */

-# ifndef SEED_LONG

-#  define SEED_LONG 1

-# endif

-#endif

-#if !defined(NO_SYS_TYPES_H)

-# include <sys/types.h>

-#endif

-#define SEED_BLOCK_SIZE 16

-#define SEED_KEY_LENGTH	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct seed_key_st {

-#ifdef SEED_LONG

-    unsigned long data[32];

-#else

-    unsigned int data[32];

-#endif

-} SEED_KEY_SCHEDULE;

-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);

-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);

-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,

-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);

-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);

-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* HEADER_SEED_H */

--- a/sys/include/ape/openssl/sha.h

+++ /dev/null

@@ -1,200 +1,0 @@

-/* crypto/sha/sha.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_SHA_H

-#define HEADER_SHA_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))

-#error SHA is disabled.

-#endif

-#if defined(OPENSSL_FIPS)

-#define FIPS_SHA_SIZE_T size_t

-#endif

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! SHA_LONG_LOG2 has to be defined along.                        !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define SHA_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define SHA_LONG unsigned long

-#define SHA_LONG_LOG2 3

-#else

-#define SHA_LONG unsigned int

-#endif

-#define SHA_LBLOCK	16

-#define SHA_CBLOCK	(SHA_LBLOCK*4)	/* SHA treats input data as a

-					 * contiguous array of 32 bit

-					 * wide big-endian values. */

-#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)

-#define SHA_DIGEST_LENGTH 20

-typedef struct SHAstate_st

-	{

-	SHA_LONG h0,h1,h2,h3,h4;

-	SHA_LONG Nl,Nh;

-	SHA_LONG data[SHA_LBLOCK];

-	unsigned int num;

-	} SHA_CTX;

-#ifndef OPENSSL_NO_SHA0

-int SHA_Init(SHA_CTX *c);

-int SHA_Update(SHA_CTX *c, const void *data, size_t len);

-int SHA_Final(unsigned char *md, SHA_CTX *c);

-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);

-void SHA_Transform(SHA_CTX *c, const unsigned char *data);

-#endif

-#ifndef OPENSSL_NO_SHA1

-int SHA1_Init(SHA_CTX *c);

-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);

-int SHA1_Final(unsigned char *md, SHA_CTX *c);

-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);

-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);

-#endif

-#define SHA256_CBLOCK	(SHA_LBLOCK*4)	/* SHA-256 treats input data as a

-					 * contiguous array of 32 bit

-					 * wide big-endian values. */

-#define SHA224_DIGEST_LENGTH	28

-#define SHA256_DIGEST_LENGTH	32

-typedef struct SHA256state_st

-	{

-	SHA_LONG h[8];

-	SHA_LONG Nl,Nh;

-	SHA_LONG data[SHA_LBLOCK];

-	unsigned int num,md_len;

-	} SHA256_CTX;

-#ifndef OPENSSL_NO_SHA256

-int SHA224_Init(SHA256_CTX *c);

-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);

-int SHA224_Final(unsigned char *md, SHA256_CTX *c);

-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);

-int SHA256_Init(SHA256_CTX *c);

-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);

-int SHA256_Final(unsigned char *md, SHA256_CTX *c);

-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);

-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);

-#endif

-#define SHA384_DIGEST_LENGTH	48

-#define SHA512_DIGEST_LENGTH	64

-#ifndef OPENSSL_NO_SHA512

-/*

- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64

- * being exactly 64-bit wide. See Implementation Notes in sha512.c

- * for further details.

- */

-#define SHA512_CBLOCK	(SHA_LBLOCK*8)	/* SHA-512 treats input data as a

-					 * contiguous array of 64 bit

-					 * wide big-endian values. */

-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)

-#define SHA_LONG64 unsigned __int64

-#define U64(C)     C##UI64

-#elif defined(__arch64__)

-#define SHA_LONG64 unsigned long

-#define U64(C)     C##UL

-#else

-#define SHA_LONG64 unsigned long long

-#define U64(C)     C##ULL

-#endif

-typedef struct SHA512state_st

-	{

-	SHA_LONG64 h[8];

-	SHA_LONG64 Nl,Nh;

-	union {

-		SHA_LONG64	d[SHA_LBLOCK];

-		unsigned char	p[SHA512_CBLOCK];

-	} u;

-	unsigned int num,md_len;

-	} SHA512_CTX;

-#endif

-#ifndef OPENSSL_NO_SHA512

-int SHA384_Init(SHA512_CTX *c);

-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);

-int SHA384_Final(unsigned char *md, SHA512_CTX *c);

-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);

-int SHA512_Init(SHA512_CTX *c);

-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);

-int SHA512_Final(unsigned char *md, SHA512_CTX *c);

-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);

-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ssl.h

+++ /dev/null

@@ -1,2026 +1,0 @@

-/* ssl/ssl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_SSL_H

-#define HEADER_SSL_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_COMP

-#include <openssl/comp.h>

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#ifndef OPENSSL_NO_X509

-#include <openssl/x509.h>

-#endif

-#include <openssl/crypto.h>

-#include <openssl/lhash.h>

-#include <openssl/buffer.h>

-#endif

-#include <openssl/pem.h>

-#include <openssl/kssl.h>

-#include <openssl/safestack.h>

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* SSLeay version number for ASN.1 encoding of the session information */

-/* Version 0 - initial version

- * Version 1 - added the optional peer certificate

- */

-#define SSL_SESSION_ASN1_VERSION 0x0001

-/* text strings for the ciphers */

-#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5

-#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5

-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5

-#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5

-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5

-#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5

-#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5

-#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA

-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5

-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA

-/*    VRS Additional Kerberos5 entries

- */

-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA

-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA

-#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA

-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA

-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5

-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5

-#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5

-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5

-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA

-#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA

-#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA

-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5

-#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5

-#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5

-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA

-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5

-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA

-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5

-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA

-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5

-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256

-#define SSL_MAX_SSL_SESSION_ID_LENGTH		32

-#define SSL_MAX_SID_CTX_LENGTH			32

-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)

-#define SSL_MAX_KEY_ARG_LENGTH			8

-#define SSL_MAX_MASTER_KEY_LENGTH		48

-/* These are used to specify which ciphers to use and not to use */

-#define SSL_TXT_LOW		"LOW"

-#define SSL_TXT_MEDIUM		"MEDIUM"

-#define SSL_TXT_HIGH		"HIGH"

-#define SSL_TXT_kFZA		"kFZA"

-#define	SSL_TXT_aFZA		"aFZA"

-#define SSL_TXT_eFZA		"eFZA"

-#define SSL_TXT_FZA		"FZA"

-#define	SSL_TXT_aNULL		"aNULL"

-#define	SSL_TXT_eNULL		"eNULL"

-#define	SSL_TXT_NULL		"NULL"

-#define SSL_TXT_kKRB5     	"kKRB5"

-#define SSL_TXT_aKRB5     	"aKRB5"

-#define SSL_TXT_KRB5      	"KRB5"

-#define SSL_TXT_kRSA		"kRSA"

-#define SSL_TXT_kDHr		"kDHr"

-#define SSL_TXT_kDHd		"kDHd"

-#define SSL_TXT_kEDH		"kEDH"

-#define	SSL_TXT_aRSA		"aRSA"

-#define	SSL_TXT_aDSS		"aDSS"

-#define	SSL_TXT_aDH		"aDH"

-#define	SSL_TXT_DSS		"DSS"

-#define SSL_TXT_DH		"DH"

-#define SSL_TXT_EDH		"EDH"

-#define SSL_TXT_ADH		"ADH"

-#define SSL_TXT_RSA		"RSA"

-#define SSL_TXT_DES		"DES"

-#define SSL_TXT_3DES		"3DES"

-#define SSL_TXT_RC4		"RC4"

-#define SSL_TXT_RC2		"RC2"

-#define SSL_TXT_IDEA		"IDEA"

-#define SSL_TXT_SEED		"SEED"

-#define SSL_TXT_AES		"AES"

-#define SSL_TXT_CAMELLIA	"CAMELLIA"

-#define SSL_TXT_MD5		"MD5"

-#define SSL_TXT_SHA1		"SHA1"

-#define SSL_TXT_SHA		"SHA"

-#define SSL_TXT_EXP		"EXP"

-#define SSL_TXT_EXPORT		"EXPORT"

-#define SSL_TXT_EXP40		"EXPORT40"

-#define SSL_TXT_EXP56		"EXPORT56"

-#define SSL_TXT_SSLV2		"SSLv2"

-#define SSL_TXT_SSLV3		"SSLv3"

-#define SSL_TXT_TLSV1		"TLSv1"

-#define SSL_TXT_ALL		"ALL"

-#define SSL_TXT_ECC		"ECCdraft" /* ECC ciphersuites are not yet official */

-/*

- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)

- * ciphers normally not being used.

- * Example: "RC4" will activate all ciphers using RC4 including ciphers

- * without authentication, which would normally disabled by DEFAULT (due

- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"

- * will make sure that it is also disabled in the specific selection.

- * COMPLEMENTOF* identifiers are portable between version, as adjustments

- * to the default cipher setup will also be included here.

- *

- * COMPLEMENTOFDEFAULT does not experience the same special treatment that

- * DEFAULT gets, as only selection is being done and no sorting as needed

- * for DEFAULT.

- */

-#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"

-#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"

-/* The following cipher list is used by default.

- * It also is substituted when an application-defined cipher list string

- * starts with 'DEFAULT'. */

-#define SSL_DEFAULT_CIPHER_LIST	"AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */

-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */

-#define SSL_SENT_SHUTDOWN	1

-#define SSL_RECEIVED_SHUTDOWN	2

-#ifdef __cplusplus

-}

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)

-#define OPENSSL_NO_SSL2

-#endif

-#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1

-#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM

-/* This is needed to stop compilers complaining about the

- * 'struct ssl_st *' function parameters used to prototype callbacks

- * in SSL_CTX. */

-typedef struct ssl_st *ssl_crock_st;

-/* used to hold info on the particular ciphers used */

-typedef struct ssl_cipher_st

-	{

-	int valid;

-	const char *name;		/* text name */

-	unsigned long id;		/* id, 4 bytes, first is version */

-	unsigned long algorithms;	/* what ciphers are used */

-	unsigned long algo_strength;	/* strength and export flags */

-	unsigned long algorithm2;	/* Extra flags */

-	int strength_bits;		/* Number of bits really used */

-	int alg_bits;			/* Number of bits for algorithm */

-	unsigned long mask;		/* used for matching */

-	unsigned long mask_strength;	/* also used for matching */

-	} SSL_CIPHER;

-DECLARE_STACK_OF(SSL_CIPHER)

-typedef struct ssl_st SSL;

-typedef struct ssl_ctx_st SSL_CTX;

-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */

-typedef struct ssl_method_st

-	{

-	int version;

-	int (*ssl_new)(SSL *s);

-	void (*ssl_clear)(SSL *s);

-	void (*ssl_free)(SSL *s);

-	int (*ssl_accept)(SSL *s);

-	int (*ssl_connect)(SSL *s);

-	int (*ssl_read)(SSL *s,void *buf,int len);

-	int (*ssl_peek)(SSL *s,void *buf,int len);

-	int (*ssl_write)(SSL *s,const void *buf,int len);

-	int (*ssl_shutdown)(SSL *s);

-	int (*ssl_renegotiate)(SSL *s);

-	int (*ssl_renegotiate_check)(SSL *s);

-	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long

-		max, int *ok);

-	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,

-		int peek);

-	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);

-	int (*ssl_dispatch_alert)(SSL *s);

-	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);

-	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);

-	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);

-	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);

-	int (*ssl_pending)(const SSL *s);

-	int (*num_ciphers)(void);

-	SSL_CIPHER *(*get_cipher)(unsigned ncipher);

-	struct ssl_method_st *(*get_ssl_method)(int version);

-	long (*get_timeout)(void);

-	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */

-	int (*ssl_version)(void);

-	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));

-	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));

-	} SSL_METHOD;

-/* Lets make this into an ASN.1 type structure as follows

- * SSL_SESSION_ID ::= SEQUENCE {

- *	version 		INTEGER,	-- structure version number

- *	SSLversion 		INTEGER,	-- SSL version number

- *	Cipher 			OCTET_STRING,	-- the 3 byte cipher ID

- *	Session_ID 		OCTET_STRING,	-- the Session ID

- *	Master_key 		OCTET_STRING,	-- the master key

- *	KRB5_principal		OCTET_STRING	-- optional Kerberos principal

- *	Key_Arg [ 0 ] IMPLICIT	OCTET_STRING,	-- the optional Key argument

- *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time

- *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds

- *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate

- *	Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context

- *	Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'

- *	Compression [6] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX

- *	}

- * Look in ssl/ssl_asn1.c for more details

- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).

- */

-typedef struct ssl_session_st

-	{

-	int ssl_version;	/* what ssl version session info is

-				 * being kept in here? */

-	/* only really used in SSLv2 */

-	unsigned int key_arg_length;

-	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];

-	int master_key_length;

-	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

-	/* session_id - valid? */

-	unsigned int session_id_length;

-	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

-	/* this is used to determine whether the session is being reused in

-	 * the appropriate context. It is up to the application to set this,

-	 * via SSL_new */

-	unsigned int sid_ctx_length;

-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

-#ifndef OPENSSL_NO_KRB5

-        unsigned int krb5_client_princ_len;

-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];

-#endif /* OPENSSL_NO_KRB5 */

-	int not_resumable;

-	/* The cert is the certificate used to establish this connection */

-	struct sess_cert_st /* SESS_CERT */ *sess_cert;

-	/* This is the cert for the other end.

-	 * On clients, it will be the same as sess_cert->peer_key->x509

-	 * (the latter is not enough as sess_cert is not retained

-	 * in the external representation of sessions, see ssl_asn1.c). */

-	X509 *peer;

-	/* when app_verify_callback accepts a session where the peer's certificate

-	 * is not ok, we must remember the error for session reuse: */

-	long verify_result; /* only for servers */

-	int references;

-	long timeout;

-	long time;

-	int compress_meth;		/* Need to lookup the method */

-	SSL_CIPHER *cipher;

-	unsigned long cipher_id;	/* when ASN.1 loaded, this

-					 * needs to be used to load

-					 * the 'cipher' structure */

-	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */

-	CRYPTO_EX_DATA ex_data; /* application specific data */

-	/* These are used to make removal of session-ids more

-	 * efficient and to implement a maximum cache size. */

-	struct ssl_session_st *prev,*next;

-#ifndef OPENSSL_NO_TLSEXT

-	char *tlsext_hostname;

-	/* RFC4507 info */

-	unsigned char *tlsext_tick;	/* Session ticket */

-	size_t	tlsext_ticklen;		/* Session ticket length */

-	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */

-#endif

-	} SSL_SESSION;

-#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L

-#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L

-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L

-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L

-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L

-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */

-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L

-#define SSL_OP_TLS_D5_BUG				0x00000100L

-#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L

-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added

- * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)

- * the workaround is not needed.  Unfortunately some broken SSL/TLS

- * implementations cannot handle it at all, which is why we include

- * it in SSL_OP_ALL. */

-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */

-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.

- *             This used to be 0x000FFFFFL before 0.9.7. */

-#define SSL_OP_ALL					0x00000FFFL

-/* DTLS options */

-#define SSL_OP_NO_QUERY_MTU                 0x00001000L

-/* Turn on Cookie Exchange (on relevant for servers) */

-#define SSL_OP_COOKIE_EXCHANGE              0x00002000L

-/* Don't use RFC4507 ticket extension */

-#define SSL_OP_NO_TICKET	            0x00004000L

-/* As server, disallow session resumption on renegotiation */

-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L

-/* If set, always create a new key when using tmp_ecdh parameters */

-#define SSL_OP_SINGLE_ECDH_USE				0x00080000L

-/* If set, always create a new key when using tmp_dh parameters */

-#define SSL_OP_SINGLE_DH_USE				0x00100000L

-/* Set to always use the tmp_rsa key when doing RSA operations,

- * even when this violates protocol specs */

-#define SSL_OP_EPHEMERAL_RSA				0x00200000L

-/* Set on servers to choose the cipher according to the server's

- * preferences */

-#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L

-/* If set, a server will allow a client to issue a SSLv3.0 version number

- * as latest version supported in the premaster secret, even when TLSv1.0

- * (version 3.1) was announced in the client hello. Normally this is

- * forbidden to prevent version rollback attacks. */

-#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L

-#define SSL_OP_NO_SSLv2					0x01000000L

-#define SSL_OP_NO_SSLv3					0x02000000L

-#define SSL_OP_NO_TLSv1					0x04000000L

-/* The next flag deliberately changes the ciphertest, this is a check

- * for the PKCS#1 attack */

-#define SSL_OP_PKCS1_CHECK_1				0x08000000L

-#define SSL_OP_PKCS1_CHECK_2				0x10000000L

-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L

-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L

-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success

- * when just a single record has been written): */

-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L

-/* Make it possible to retry SSL_write() with changed buffer location

- * (buffer contents must stay the same!); this is not the default to avoid

- * the misconception that non-blocking SSL_write() behaves like

- * non-blocking write(): */

-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L

-/* Never bother the application with retries if the transport

- * is blocking: */

-#define SSL_MODE_AUTO_RETRY 0x00000004L

-/* Don't attempt to automatically build certificate chain */

-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L

-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,

- * they cannot be used to clear bits. */

-#define SSL_CTX_set_options(ctx,op) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)

-#define SSL_CTX_get_options(ctx) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)

-#define SSL_set_options(ssl,op) \

-	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)

-#define SSL_get_options(ssl) \

-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)

-#define SSL_CTX_set_mode(ctx,op) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)

-#define SSL_CTX_get_mode(ctx) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)

-#define SSL_set_mode(ssl,op) \

-	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)

-#define SSL_get_mode(ssl) \

-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)

-#define SSL_set_mtu(ssl, mtu) \

-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)

-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));

-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));

-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)

-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */

-#else

-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */

-#endif

-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)

-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set

- * them. It is used to override the generation of SSL/TLS session IDs in a

- * server. Return value should be zero on an error, non-zero to proceed. Also,

- * callbacks should themselves check if the id they generate is unique otherwise

- * the SSL handshake will fail with an error - callbacks can do this using the

- * 'ssl' value they're passed by;

- *      SSL_has_matching_session_id(ssl, id, *id_len)

- * The length value passed in is set at the maximum size the session ID can be.

- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback

- * can alter this length to be less if desired, but under SSLv2 session IDs are

- * supposed to be fixed at 16 bytes so the id will be padded after the callback

- * returns in this case. It is also an error for the callback to set the size to

- * zero. */

-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,

-				unsigned int *id_len);

-typedef struct ssl_comp_st

-	{

-	int id;

-	const char *name;

-#ifndef OPENSSL_NO_COMP

-	COMP_METHOD *method;

-#else

-	char *method;

-#endif

-	} SSL_COMP;

-DECLARE_STACK_OF(SSL_COMP)

-struct ssl_ctx_st

-	{

-	SSL_METHOD *method;

-	STACK_OF(SSL_CIPHER) *cipher_list;

-	/* same as above but sorted for lookup */

-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

-	struct x509_store_st /* X509_STORE */ *cert_store;

-	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSIONs */

-	/* Most session-ids that will be cached, default is

-	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */

-	unsigned long session_cache_size;

-	struct ssl_session_st *session_cache_head;

-	struct ssl_session_st *session_cache_tail;

-	/* This can have one of 2 values, ored together,

-	 * SSL_SESS_CACHE_CLIENT,

-	 * SSL_SESS_CACHE_SERVER,

-	 * Default is SSL_SESSION_CACHE_SERVER, which means only

-	 * SSL_accept which cache SSL_SESSIONS. */

-	int session_cache_mode;

-	/* If timeout is not 0, it is the default timeout value set

-	 * when SSL_new() is called.  This has been put in to make

-	 * life easier to set things up */

-	long session_timeout;

-	/* If this callback is not null, it will be called each

-	 * time a session id is added to the cache.  If this function

-	 * returns 1, it means that the callback will do a

-	 * SSL_SESSION_free() when it has finished using it.  Otherwise,

-	 * on 0, it means the callback has finished with it.

-	 * If remove_session_cb is not null, it will be called when

-	 * a session-id is removed from the cache.  After the call,

-	 * OpenSSL will SSL_SESSION_free() it. */

-	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);

-	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);

-	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,

-		unsigned char *data,int len,int *copy);

-	struct

-		{

-		int sess_connect;	/* SSL new conn - started */

-		int sess_connect_renegotiate;/* SSL reneg - requested */

-		int sess_connect_good;	/* SSL new conne/reneg - finished */

-		int sess_accept;	/* SSL new accept - started */

-		int sess_accept_renegotiate;/* SSL reneg - requested */

-		int sess_accept_good;	/* SSL accept/reneg - finished */

-		int sess_miss;		/* session lookup misses  */

-		int sess_timeout;	/* reuse attempt on timeouted session */

-		int sess_cache_full;	/* session removed due to full cache */

-		int sess_hit;		/* session reuse actually done */

-		int sess_cb_hit;	/* session-id that was not

-					 * in the cache was

-					 * passed back via the callback.  This

-					 * indicates that the application is

-					 * supplying session-id's from other

-					 * processes - spooky :-) */

-		} stats;

-	int references;

-	/* if defined, these override the X509_verify_cert() calls */

-	int (*app_verify_callback)(X509_STORE_CTX *, void *);

-	void *app_verify_arg;

-	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored

-	 * ('app_verify_callback' was called with just one argument) */

-	/* Default password callback. */

-	pem_password_cb *default_passwd_callback;

-	/* Default password callback user data. */

-	void *default_passwd_callback_userdata;

-	/* get client cert callback */

-	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

-    /* cookie generate callback */

-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,

-        unsigned int *cookie_len);

-    /* verify cookie callback */

-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,

-        unsigned int cookie_len);

-	CRYPTO_EX_DATA ex_data;

-	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */

-	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */

-	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */

-	STACK_OF(X509) *extra_certs;

-	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */

-	/* Default values used when no per-SSL value is defined follow */

-	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */

-	/* what we put in client cert requests */

-	STACK_OF(X509_NAME) *client_CA;

-	/* Default values to use in SSL structures follow (these are copied by SSL_new) */

-	unsigned long options;

-	unsigned long mode;

-	long max_cert_list;

-	struct cert_st /* CERT */ *cert;

-	int read_ahead;

-	/* callback that allows applications to peek at protocol messages */

-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);

-	void *msg_callback_arg;

-	int verify_mode;

-	unsigned int sid_ctx_length;

-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

-	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */

-	/* Default generate session ID callback. */

-	GEN_SESSION_CB generate_session_id;

-	X509_VERIFY_PARAM *param;

-#if 0

-	int purpose;		/* Purpose setting */

-	int trust;		/* Trust setting */

-#endif

-	int quiet_shutdown;

-#ifndef OPENSSL_NO_TLSEXT

-	/* TLS extensions servername callback */

-	int (*tlsext_servername_callback)(SSL*, int *, void *);

-	void *tlsext_servername_arg;

-	/* RFC 4507 session ticket keys */

-	unsigned char tlsext_tick_key_name[16];

-	unsigned char tlsext_tick_hmac_key[16];

-	unsigned char tlsext_tick_aes_key[16];

-#endif

-	};

-#define SSL_SESS_CACHE_OFF			0x0000

-#define SSL_SESS_CACHE_CLIENT			0x0001

-#define SSL_SESS_CACHE_SERVER			0x0002

-#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)

-#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080

-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */

-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100

-#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200

-#define SSL_SESS_CACHE_NO_INTERNAL \

-	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)

-  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);

-#define SSL_CTX_sess_number(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)

-#define SSL_CTX_sess_connect(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)

-#define SSL_CTX_sess_connect_good(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)

-#define SSL_CTX_sess_connect_renegotiate(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)

-#define SSL_CTX_sess_accept(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)

-#define SSL_CTX_sess_accept_renegotiate(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)

-#define SSL_CTX_sess_accept_good(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)

-#define SSL_CTX_sess_hits(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)

-#define SSL_CTX_sess_cb_hits(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)

-#define SSL_CTX_sess_misses(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)

-#define SSL_CTX_sess_timeouts(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)

-#define SSL_CTX_sess_cache_full(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)

-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));

-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);

-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));

-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);

-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));

-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);

-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));

-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);

-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));

-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));

-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));

-#define SSL_NOTHING	1

-#define SSL_WRITING	2

-#define SSL_READING	3

-#define SSL_X509_LOOKUP	4

-/* These will only be used when doing non-blocking IO */

-#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)

-#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)

-#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)

-#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)

-struct ssl_st

-	{

-	/* protocol version

-	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)

-	 */

-	int version;

-	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

-	SSL_METHOD *method; /* SSLv3 */

-	/* There are 2 BIO's even though they are normally both the

-	 * same.  This is so data can be read and written to different

-	 * handlers */

-#ifndef OPENSSL_NO_BIO

-	BIO *rbio; /* used by SSL_read */

-	BIO *wbio; /* used by SSL_write */

-	BIO *bbio; /* used during session-id reuse to concatenate

-		    * messages */

-#else

-	char *rbio; /* used by SSL_read */

-	char *wbio; /* used by SSL_write */

-	char *bbio;

-#endif

-	/* This holds a variable that indicates what we were doing

-	 * when a 0 or -1 is returned.  This is needed for

-	 * non-blocking IO so we know what request needs re-doing when

-	 * in SSL_accept or SSL_connect */

-	int rwstate;

-	/* true when we are actually in SSL_accept() or SSL_connect() */

-	int in_handshake;

-	int (*handshake_func)(SSL *);

-	/* Imagine that here's a boolean member "init" that is

-	 * switched as soon as SSL_set_{accept/connect}_state

-	 * is called for the first time, so that "state" and

-	 * "handshake_func" are properly initialized.  But as

-	 * handshake_func is == 0 until then, we use this

-	 * test instead of an "init" member.

-	 */

-	int server;	/* are we the server side? - mostly used by SSL_clear*/

-	int new_session;/* 1 if we are to use a new session.

-	                 * 2 if we are a server and are inside a handshake

-	                 *   (i.e. not just sending a HelloRequest)

-	                 * NB: For servers, the 'new' session may actually be a previously

-	                 * cached session or even the previous session unless

-	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */

-	int quiet_shutdown;/* don't send shutdown packets */

-	int shutdown;	/* we have shut things down, 0x01 sent, 0x02

-			 * for received */

-	int state;	/* where we are */

-	int rstate;	/* where we are when reading */

-	BUF_MEM *init_buf;	/* buffer used during init */

-	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */

-	int init_num;		/* amount read/written */

-	int init_off;		/* amount read/written */

-	/* used internally to point at a raw packet */

-	unsigned char *packet;

-	unsigned int packet_length;

-	struct ssl2_state_st *s2; /* SSLv2 variables */

-	struct ssl3_state_st *s3; /* SSLv3 variables */

-	struct dtls1_state_st *d1; /* DTLSv1 variables */

-	int read_ahead;		/* Read as many input bytes as possible

-	               	 	 * (for non-blocking reads) */

-	/* callback that allows applications to peek at protocol messages */

-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);

-	void *msg_callback_arg;

-	int hit;		/* reusing a previous session */

-	X509_VERIFY_PARAM *param;

-#if 0

-	int purpose;		/* Purpose setting */

-	int trust;		/* Trust setting */

-#endif

-	/* crypto */

-	STACK_OF(SSL_CIPHER) *cipher_list;

-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

-	/* These are the ones being used, the ones in SSL_SESSION are

-	 * the ones to be 'copied' into these ones */

-	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */

-	const EVP_MD *read_hash;		/* used for mac generation */

-#ifndef OPENSSL_NO_COMP

-	COMP_CTX *expand;			/* uncompress */

-#else

-	char *expand;

-#endif

-	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */

-	const EVP_MD *write_hash;		/* used for mac generation */

-#ifndef OPENSSL_NO_COMP

-	COMP_CTX *compress;			/* compression */

-#else

-	char *compress;

-#endif

-	/* session info */

-	/* client cert? */

-	/* This is used to hold the server certificate used */

-	struct cert_st /* CERT */ *cert;

-	/* the session_id_context is used to ensure sessions are only reused

-	 * in the appropriate context */

-	unsigned int sid_ctx_length;

-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

-	/* This can also be in the session once a session is established */

-	SSL_SESSION *session;

-	/* Default generate session ID callback. */

-	GEN_SESSION_CB generate_session_id;

-	/* Used in SSL2 and SSL3 */

-	int verify_mode;	/* 0 don't care about verify failure.

-				 * 1 fail if verify fails */

-	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */

-	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */

-	int error;		/* error bytes to be written */

-	int error_code;		/* actual code */

-#ifndef OPENSSL_NO_KRB5

-	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */

-#endif	/* OPENSSL_NO_KRB5 */

-	SSL_CTX *ctx;

-	/* set this flag to 1 and a sleep(1) is put into all SSL_read()

-	 * and SSL_write() calls, good for nbio debuging :-) */

-	int debug;

-	/* extra application data */

-	long verify_result;

-	CRYPTO_EX_DATA ex_data;

-	/* for server side, keep the list of CA_dn we can use */

-	STACK_OF(X509_NAME) *client_CA;

-	int references;

-	unsigned long options; /* protocol behaviour */

-	unsigned long mode; /* API behaviour */

-	long max_cert_list;

-	int first_packet;

-	int client_version;	/* what was passed, used for

-				 * SSLv3/TLS rollback check */

-#ifndef OPENSSL_NO_TLSEXT

-	/* TLS extension debug callback */

-	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,

-					unsigned char *data, int len,

-					void *arg);

-	void *tlsext_debug_arg;

-	char *tlsext_hostname;

-	int servername_done;   /* no further mod of servername

-	                          0 : call the servername extension callback.

-	                          1 : prepare 2, allow last ack just after in server callback.

-	                          2 : don't call servername callback, no ack in server hello

-	                       */

-	/* RFC4507 session ticket expected to be received or sent */

-	int tlsext_ticket_expected;

-	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

-#define session_ctx initial_ctx

-#else

-#define session_ctx ctx

-#endif

-	};

-#ifdef __cplusplus

-}

-#endif

-#include <openssl/ssl2.h>

-#include <openssl/ssl3.h>

-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */

-#include <openssl/dtls1.h> /* Datagram TLS */

-#include <openssl/ssl23.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* compatibility */

-#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))

-#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))

-#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))

-#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))

-#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))

-#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))

-/* The following are the possible values for ssl->state are are

- * used to indicate where we are up to in the SSL connection establishment.

- * The macros that follow are about the only things you should need to use

- * and even then, only when using non-blocking IO.

- * It can also be useful to work out where you were when the connection

- * failed */

-#define SSL_ST_CONNECT			0x1000

-#define SSL_ST_ACCEPT			0x2000

-#define SSL_ST_MASK			0x0FFF

-#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)

-#define SSL_ST_BEFORE			0x4000

-#define SSL_ST_OK			0x03

-#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)

-#define SSL_CB_LOOP			0x01

-#define SSL_CB_EXIT			0x02

-#define SSL_CB_READ			0x04

-#define SSL_CB_WRITE			0x08

-#define SSL_CB_ALERT			0x4000 /* used in callback */

-#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)

-#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)

-#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)

-#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)

-#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)

-#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)

-#define SSL_CB_HANDSHAKE_START		0x10

-#define SSL_CB_HANDSHAKE_DONE		0x20

-/* Is the SSL_connection established? */

-#define SSL_get_state(a)		SSL_state(a)

-#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)

-#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)

-#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)

-#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)

-#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)

-/* The following 2 states are kept in ssl->rstate when reads fail,

- * you should not need these */

-#define SSL_ST_READ_HEADER			0xF0

-#define SSL_ST_READ_BODY			0xF1

-#define SSL_ST_READ_DONE			0xF2

-/* Obtain latest Finished message

- *   -- that we sent (SSL_get_finished)

- *   -- that we expected from peer (SSL_get_peer_finished).

- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */

-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);

-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);

-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options

- * are 'ored' with SSL_VERIFY_PEER if they are desired */

-#define SSL_VERIFY_NONE			0x00

-#define SSL_VERIFY_PEER			0x01

-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02

-#define SSL_VERIFY_CLIENT_ONCE		0x04

-#define OpenSSL_add_ssl_algorithms()	SSL_library_init()

-#define SSLeay_add_ssl_algorithms()	SSL_library_init()

-/* this is for backward compatibility */

-#if 0 /* NEW_SSLEAY */

-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)

-#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)

-#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))

-#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))

-#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))

-#endif

-/* More backward compatibility */

-#define SSL_get_cipher(s) \

-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))

-#define SSL_get_cipher_bits(s,np) \

-		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)

-#define SSL_get_cipher_version(s) \

-		SSL_CIPHER_get_version(SSL_get_current_cipher(s))

-#define SSL_get_cipher_name(s) \

-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))

-#define SSL_get_time(a)		SSL_SESSION_get_time(a)

-#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))

-#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)

-#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))

-#if 1 /*SSLEAY_MACROS*/

-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)

-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)

-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \

-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)

-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)

-#define PEM_write_SSL_SESSION(fp,x) \

-	PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \

-		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_SSL_SESSION(bp,x) \

-	PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)

-#endif

-#define SSL_AD_REASON_OFFSET		1000

-/* These alert types are for SSLv3 and TLSv1 */

-#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY

-#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */

-#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */

-#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED

-#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW

-#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */

-#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */

-#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */

-#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE

-#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE

-#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED

-#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED

-#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN

-#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */

-#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */

-#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */

-#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */

-#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR

-#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */

-#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */

-#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */

-#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */

-#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED

-#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION

-#define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION

-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE

-#define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME

-#define SSL_ERROR_NONE			0

-#define SSL_ERROR_SSL			1

-#define SSL_ERROR_WANT_READ		2

-#define SSL_ERROR_WANT_WRITE		3

-#define SSL_ERROR_WANT_X509_LOOKUP	4

-#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */

-#define SSL_ERROR_ZERO_RETURN		6

-#define SSL_ERROR_WANT_CONNECT		7

-#define SSL_ERROR_WANT_ACCEPT		8

-#define SSL_CTRL_NEED_TMP_RSA			1

-#define SSL_CTRL_SET_TMP_RSA			2

-#define SSL_CTRL_SET_TMP_DH			3

-#define SSL_CTRL_SET_TMP_ECDH			4

-#define SSL_CTRL_SET_TMP_RSA_CB			5

-#define SSL_CTRL_SET_TMP_DH_CB			6

-#define SSL_CTRL_SET_TMP_ECDH_CB		7

-#define SSL_CTRL_GET_SESSION_REUSED		8

-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9

-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10

-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11

-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12

-#define SSL_CTRL_GET_FLAGS			13

-#define SSL_CTRL_EXTRA_CHAIN_CERT		14

-#define SSL_CTRL_SET_MSG_CALLBACK               15

-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16

-/* only applies to datagram connections */

-#define SSL_CTRL_SET_MTU                17

-/* Stats */

-#define SSL_CTRL_SESS_NUMBER			20

-#define SSL_CTRL_SESS_CONNECT			21

-#define SSL_CTRL_SESS_CONNECT_GOOD		22

-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23

-#define SSL_CTRL_SESS_ACCEPT			24

-#define SSL_CTRL_SESS_ACCEPT_GOOD		25

-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26

-#define SSL_CTRL_SESS_HIT			27

-#define SSL_CTRL_SESS_CB_HIT			28

-#define SSL_CTRL_SESS_MISSES			29

-#define SSL_CTRL_SESS_TIMEOUTS			30

-#define SSL_CTRL_SESS_CACHE_FULL		31

-#define SSL_CTRL_OPTIONS			32

-#define SSL_CTRL_MODE				33

-#define SSL_CTRL_GET_READ_AHEAD			40

-#define SSL_CTRL_SET_READ_AHEAD			41

-#define SSL_CTRL_SET_SESS_CACHE_SIZE		42

-#define SSL_CTRL_GET_SESS_CACHE_SIZE		43

-#define SSL_CTRL_SET_SESS_CACHE_MODE		44

-#define SSL_CTRL_GET_SESS_CACHE_MODE		45

-#define SSL_CTRL_GET_MAX_CERT_LIST		50

-#define SSL_CTRL_SET_MAX_CERT_LIST		51

-/* see tls1.h for macros based on these */

-#ifndef OPENSSL_NO_TLSEXT

-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB	53

-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54

-#define SSL_CTRL_SET_TLSEXT_HOSTNAME		55

-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB		56

-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG		57

-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58

-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59

-#endif

-#define SSL_session_reused(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)

-#define SSL_num_renegotiations(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)

-#define SSL_clear_num_renegotiations(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)

-#define SSL_total_renegotiations(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)

-#define SSL_CTX_need_tmp_RSA(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)

-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)

-#define SSL_CTX_set_tmp_dh(ctx,dh) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)

-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)

-#define SSL_need_tmp_RSA(ssl) \

-	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)

-#define SSL_set_tmp_rsa(ssl,rsa) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)

-#define SSL_set_tmp_dh(ssl,dh) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)

-#define SSL_set_tmp_ecdh(ssl,ecdh) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)

-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)

-#ifndef OPENSSL_NO_BIO

-BIO_METHOD *BIO_f_ssl(void);

-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);

-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);

-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);

-int BIO_ssl_copy_session_id(BIO *to,BIO *from);

-void BIO_ssl_shutdown(BIO *ssl_bio);

-#endif

-int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);

-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);

-void	SSL_CTX_free(SSL_CTX *);

-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);

-long SSL_CTX_get_timeout(const SSL_CTX *ctx);

-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);

-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);

-int SSL_want(const SSL *s);

-int	SSL_clear(SSL *s);

-void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);

-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);

-int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);

-char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);

-const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);

-int	SSL_get_fd(const SSL *s);

-int	SSL_get_rfd(const SSL *s);

-int	SSL_get_wfd(const SSL *s);

-const char  * SSL_get_cipher_list(const SSL *s,int n);

-char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);

-int	SSL_get_read_ahead(const SSL * s);

-int	SSL_pending(const SSL *s);

-#ifndef OPENSSL_NO_SOCK

-int	SSL_set_fd(SSL *s, int fd);

-int	SSL_set_rfd(SSL *s, int fd);

-int	SSL_set_wfd(SSL *s, int fd);

-#endif

-#ifndef OPENSSL_NO_BIO

-void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);

-BIO *	SSL_get_rbio(const SSL *s);

-BIO *	SSL_get_wbio(const SSL *s);

-#endif

-int	SSL_set_cipher_list(SSL *s, const char *str);

-void	SSL_set_read_ahead(SSL *s, int yes);

-int	SSL_get_verify_mode(const SSL *s);

-int	SSL_get_verify_depth(const SSL *s);

-int	(*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);

-void	SSL_set_verify(SSL *s, int mode,

-		       int (*callback)(int ok,X509_STORE_CTX *ctx));

-void	SSL_set_verify_depth(SSL *s, int depth);

-#ifndef OPENSSL_NO_RSA

-int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);

-#endif

-int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);

-int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);

-int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);

-int	SSL_use_certificate(SSL *ssl, X509 *x);

-int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);

-#ifndef OPENSSL_NO_STDIO

-int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);

-int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);

-int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);

-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);

-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);

-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);

-int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */

-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);

-int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,

-					    const char *file);

-#ifndef OPENSSL_SYS_VMS

-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */

-int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,

-					   const char *dir);

-#endif

-#endif

-#endif

-void	SSL_load_error_strings(void );

-const char *SSL_state_string(const SSL *s);

-const char *SSL_rstate_string(const SSL *s);

-const char *SSL_state_string_long(const SSL *s);

-const char *SSL_rstate_string_long(const SSL *s);

-long	SSL_SESSION_get_time(const SSL_SESSION *s);

-long	SSL_SESSION_set_time(SSL_SESSION *s, long t);

-long	SSL_SESSION_get_timeout(const SSL_SESSION *s);

-long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);

-void	SSL_copy_session_id(SSL *to,const SSL *from);

-SSL_SESSION *SSL_SESSION_new(void);

-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);

-int	SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);

-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);

-#ifndef OPENSSL_NO_FP_API

-int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);

-#endif

-#ifndef OPENSSL_NO_BIO

-int	SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);

-#endif

-void	SSL_SESSION_free(SSL_SESSION *ses);

-int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);

-int	SSL_set_session(SSL *to, SSL_SESSION *session);

-int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);

-int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);

-int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);

-int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);

-int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,

-					unsigned int id_len);

-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,

-			     long length);

-#ifdef HEADER_X509_H

-X509 *	SSL_get_peer_certificate(const SSL *s);

-#endif

-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);

-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);

-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);

-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);

-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,

-			int (*callback)(int, X509_STORE_CTX *));

-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);

-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);

-#ifndef OPENSSL_NO_RSA

-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);

-#endif

-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);

-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);

-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,

-	const unsigned char *d, long len);

-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);

-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);

-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);

-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

-int SSL_CTX_check_private_key(const SSL_CTX *ctx);

-int SSL_check_private_key(const SSL *ctx);

-int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,

-				       unsigned int sid_ctx_len);

-SSL *	SSL_new(SSL_CTX *ctx);

-int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,

-				   unsigned int sid_ctx_len);

-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);

-int SSL_set_purpose(SSL *s, int purpose);

-int SSL_CTX_set_trust(SSL_CTX *s, int trust);

-int SSL_set_trust(SSL *s, int trust);

-void	SSL_free(SSL *ssl);

-int 	SSL_accept(SSL *ssl);

-int 	SSL_connect(SSL *ssl);

-int 	SSL_read(SSL *ssl,void *buf,int num);

-int 	SSL_peek(SSL *ssl,void *buf,int num);

-int 	SSL_write(SSL *ssl,const void *buf,int num);

-long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);

-long	SSL_callback_ctrl(SSL *, int, void (*)(void));

-long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);

-long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));

-int	SSL_get_error(const SSL *s,int ret_code);

-const char *SSL_get_version(const SSL *s);

-/* This sets the 'default' SSL version that SSL_new() will create */

-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);

-SSL_METHOD *SSLv2_method(void);		/* SSLv2 */

-SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */

-SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */

-SSL_METHOD *SSLv3_method(void);		/* SSLv3 */

-SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */

-SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */

-SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */

-SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */

-SSL_METHOD *SSLv23_client_method(void);	/* SSLv3 but can rollback to v2 */

-SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */

-SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */

-SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */

-SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */

-SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */

-SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */

-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);

-int SSL_do_handshake(SSL *s);

-int SSL_renegotiate(SSL *s);

-int SSL_renegotiate_pending(SSL *s);

-int SSL_shutdown(SSL *s);

-SSL_METHOD *SSL_get_ssl_method(SSL *s);

-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);

-const char *SSL_alert_type_string_long(int value);

-const char *SSL_alert_type_string(int value);

-const char *SSL_alert_desc_string_long(int value);

-const char *SSL_alert_desc_string(int value);

-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);

-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);

-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);

-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);

-int SSL_add_client_CA(SSL *ssl,X509 *x);

-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);

-void SSL_set_connect_state(SSL *s);

-void SSL_set_accept_state(SSL *s);

-long SSL_get_default_timeout(const SSL *s);

-int SSL_library_init(void );

-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);

-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);

-SSL *SSL_dup(SSL *ssl);

-X509 *SSL_get_certificate(const SSL *ssl);

-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);

-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);

-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);

-void SSL_set_quiet_shutdown(SSL *ssl,int mode);

-int SSL_get_quiet_shutdown(const SSL *ssl);

-void SSL_set_shutdown(SSL *ssl,int mode);

-int SSL_get_shutdown(const SSL *ssl);

-int SSL_version(const SSL *ssl);

-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);

-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,

-	const char *CApath);

-#define SSL_get0_session SSL_get_session /* just peek at pointer */

-SSL_SESSION *SSL_get_session(const SSL *ssl);

-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */

-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);

-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);

-void SSL_set_info_callback(SSL *ssl,

-			   void (*cb)(const SSL *ssl,int type,int val));

-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);

-int SSL_state(const SSL *ssl);

-void SSL_set_verify_result(SSL *ssl,long v);

-long SSL_get_verify_result(const SSL *ssl);

-int SSL_set_ex_data(SSL *ssl,int idx,void *data);

-void *SSL_get_ex_data(const SSL *ssl,int idx);

-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);

-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);

-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);

-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);

-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_get_ex_data_X509_STORE_CTX_idx(void );

-#define SSL_CTX_sess_set_cache_size(ctx,t) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)

-#define SSL_CTX_sess_get_cache_size(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)

-#define SSL_CTX_set_session_cache_mode(ctx,m) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)

-#define SSL_CTX_get_session_cache_mode(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)

-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)

-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)

-#define SSL_CTX_get_read_ahead(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)

-#define SSL_CTX_set_read_ahead(ctx,m) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)

-#define SSL_CTX_get_max_cert_list(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)

-#define SSL_CTX_set_max_cert_list(ctx,m) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)

-#define SSL_get_max_cert_list(ssl) \

-	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)

-#define SSL_set_max_cert_list(ssl,m) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)

-     /* NB: the keylength is only applicable when is_export is true */

-#ifndef OPENSSL_NO_RSA

-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,

-				  RSA *(*cb)(SSL *ssl,int is_export,

-					     int keylength));

-void SSL_set_tmp_rsa_callback(SSL *ssl,

-				  RSA *(*cb)(SSL *ssl,int is_export,

-					     int keylength));

-#endif

-#ifndef OPENSSL_NO_DH

-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,

-				 DH *(*dh)(SSL *ssl,int is_export,

-					   int keylength));

-void SSL_set_tmp_dh_callback(SSL *ssl,

-				 DH *(*dh)(SSL *ssl,int is_export,

-					   int keylength));

-#endif

-#ifndef OPENSSL_NO_ECDH

-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,

-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,

-					   int keylength));

-void SSL_set_tmp_ecdh_callback(SSL *ssl,

-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,

-					   int keylength));

-#endif

-#ifndef OPENSSL_NO_COMP

-const COMP_METHOD *SSL_get_current_compression(SSL *s);

-const COMP_METHOD *SSL_get_current_expansion(SSL *s);

-const char *SSL_COMP_get_name(const COMP_METHOD *comp);

-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);

-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);

-#else

-const void *SSL_get_current_compression(SSL *s);

-const void *SSL_get_current_expansion(SSL *s);

-const char *SSL_COMP_get_name(const void *comp);

-void *SSL_COMP_get_compression_methods(void);

-int SSL_COMP_add_compression_method(int id,void *cm);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_SSL_strings(void);

-/* Error codes for the SSL functions. */

-/* Function codes. */

-#define SSL_F_CLIENT_CERTIFICATE			 100

-#define SSL_F_CLIENT_FINISHED				 167

-#define SSL_F_CLIENT_HELLO				 101

-#define SSL_F_CLIENT_MASTER_KEY				 102

-#define SSL_F_D2I_SSL_SESSION				 103

-#define SSL_F_DO_DTLS1_WRITE				 245

-#define SSL_F_DO_SSL3_WRITE				 104

-#define SSL_F_DTLS1_ACCEPT				 246

-#define SSL_F_DTLS1_BUFFER_RECORD			 247

-#define SSL_F_DTLS1_CLIENT_HELLO			 248

-#define SSL_F_DTLS1_CONNECT				 249

-#define SSL_F_DTLS1_ENC					 250

-#define SSL_F_DTLS1_GET_HELLO_VERIFY			 251

-#define SSL_F_DTLS1_GET_MESSAGE				 252

-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253

-#define SSL_F_DTLS1_GET_RECORD				 254

-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255

-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 277

-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256

-#define SSL_F_DTLS1_PROCESS_RECORD			 257

-#define SSL_F_DTLS1_READ_BYTES				 258

-#define SSL_F_DTLS1_READ_FAILED				 259

-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST		 260

-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE		 261

-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE		 262

-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY			 263

-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST		 264

-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE		 265

-#define SSL_F_DTLS1_SEND_SERVER_HELLO			 266

-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE		 267

-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES		 268

-#define SSL_F_GET_CLIENT_FINISHED			 105

-#define SSL_F_GET_CLIENT_HELLO				 106

-#define SSL_F_GET_CLIENT_MASTER_KEY			 107

-#define SSL_F_GET_SERVER_FINISHED			 108

-#define SSL_F_GET_SERVER_HELLO				 109

-#define SSL_F_GET_SERVER_VERIFY				 110

-#define SSL_F_I2D_SSL_SESSION				 111

-#define SSL_F_READ_N					 112

-#define SSL_F_REQUEST_CERTIFICATE			 113

-#define SSL_F_SERVER_FINISH				 239

-#define SSL_F_SERVER_HELLO				 114

-#define SSL_F_SERVER_VERIFY				 240

-#define SSL_F_SSL23_ACCEPT				 115

-#define SSL_F_SSL23_CLIENT_HELLO			 116

-#define SSL_F_SSL23_CONNECT				 117

-#define SSL_F_SSL23_GET_CLIENT_HELLO			 118

-#define SSL_F_SSL23_GET_SERVER_HELLO			 119

-#define SSL_F_SSL23_PEEK				 237

-#define SSL_F_SSL23_READ				 120

-#define SSL_F_SSL23_WRITE				 121

-#define SSL_F_SSL2_ACCEPT				 122

-#define SSL_F_SSL2_CONNECT				 123

-#define SSL_F_SSL2_ENC_INIT				 124

-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241

-#define SSL_F_SSL2_PEEK					 234

-#define SSL_F_SSL2_READ					 125

-#define SSL_F_SSL2_READ_INTERNAL			 236

-#define SSL_F_SSL2_SET_CERTIFICATE			 126

-#define SSL_F_SSL2_WRITE				 127

-#define SSL_F_SSL3_ACCEPT				 128

-#define SSL_F_SSL3_CALLBACK_CTRL			 233

-#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129

-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130

-#define SSL_F_SSL3_CLIENT_HELLO				 131

-#define SSL_F_SSL3_CONNECT				 132

-#define SSL_F_SSL3_CTRL					 213

-#define SSL_F_SSL3_CTX_CTRL				 133

-#define SSL_F_SSL3_ENC					 134

-#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238

-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135

-#define SSL_F_SSL3_GET_CERT_VERIFY			 136

-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137

-#define SSL_F_SSL3_GET_CLIENT_HELLO			 138

-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139

-#define SSL_F_SSL3_GET_FINISHED				 140

-#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141

-#define SSL_F_SSL3_GET_MESSAGE				 142

-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283

-#define SSL_F_SSL3_GET_RECORD				 143

-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144

-#define SSL_F_SSL3_GET_SERVER_DONE			 145

-#define SSL_F_SSL3_GET_SERVER_HELLO			 146

-#define SSL_F_SSL3_NEW_SESSION_TICKET			 284

-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147

-#define SSL_F_SSL3_PEEK					 235

-#define SSL_F_SSL3_READ_BYTES				 148

-#define SSL_F_SSL3_READ_N				 149

-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150

-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151

-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152

-#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153

-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154

-#define SSL_F_SSL3_SEND_SERVER_HELLO			 242

-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155

-#define SSL_F_SSL3_SETUP_BUFFERS			 156

-#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157

-#define SSL_F_SSL3_WRITE_BYTES				 158

-#define SSL_F_SSL3_WRITE_PENDING			 159

-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 272

-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215

-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216

-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 273

-#define SSL_F_SSL_BAD_METHOD				 160

-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161

-#define SSL_F_SSL_CERT_DUP				 221

-#define SSL_F_SSL_CERT_INST				 222

-#define SSL_F_SSL_CERT_INSTANTIATE			 214

-#define SSL_F_SSL_CERT_NEW				 162

-#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163

-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT		 274

-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230

-#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231

-#define SSL_F_SSL_CLEAR					 164

-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165

-#define SSL_F_SSL_CREATE_CIPHER_LIST			 166

-#define SSL_F_SSL_CTRL					 232

-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168

-#define SSL_F_SSL_CTX_NEW				 169

-#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 269

-#define SSL_F_SSL_CTX_SET_PURPOSE			 226

-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219

-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170

-#define SSL_F_SSL_CTX_SET_TRUST				 229

-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171

-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172

-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220

-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173

-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174

-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175

-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176

-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177

-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178

-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179

-#define SSL_F_SSL_DO_HANDSHAKE				 180

-#define SSL_F_SSL_GET_NEW_SESSION			 181

-#define SSL_F_SSL_GET_PREV_SESSION			 217

-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182

-#define SSL_F_SSL_GET_SIGN_PKEY				 183

-#define SSL_F_SSL_INIT_WBIO_BUFFER			 184

-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185

-#define SSL_F_SSL_NEW					 186

-#define SSL_F_SSL_PEEK					 270

-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 275

-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 276

-#define SSL_F_SSL_READ					 223

-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187

-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188

-#define SSL_F_SSL_SESSION_NEW				 189

-#define SSL_F_SSL_SESSION_PRINT_FP			 190

-#define SSL_F_SSL_SESS_CERT_NEW				 225

-#define SSL_F_SSL_SET_CERT				 191

-#define SSL_F_SSL_SET_CIPHER_LIST			 271

-#define SSL_F_SSL_SET_FD				 192

-#define SSL_F_SSL_SET_PKEY				 193

-#define SSL_F_SSL_SET_PURPOSE				 227

-#define SSL_F_SSL_SET_RFD				 194

-#define SSL_F_SSL_SET_SESSION				 195

-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218

-#define SSL_F_SSL_SET_TRUST				 228

-#define SSL_F_SSL_SET_WFD				 196

-#define SSL_F_SSL_SHUTDOWN				 224

-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243

-#define SSL_F_SSL_UNDEFINED_FUNCTION			 197

-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244

-#define SSL_F_SSL_USE_CERTIFICATE			 198

-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199

-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200

-#define SSL_F_SSL_USE_PRIVATEKEY			 201

-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202

-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203

-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204

-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205

-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206

-#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207

-#define SSL_F_SSL_WRITE					 208

-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209

-#define SSL_F_TLS1_ENC					 210

-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211

-#define SSL_F_WRITE_PENDING				 212

-/* Reason codes. */

-#define SSL_R_APP_DATA_IN_HANDSHAKE			 100

-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272

-#define SSL_R_BAD_ALERT_RECORD				 101

-#define SSL_R_BAD_AUTHENTICATION_TYPE			 102

-#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103

-#define SSL_R_BAD_CHECKSUM				 104

-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106

-#define SSL_R_BAD_DECOMPRESSION				 107

-#define SSL_R_BAD_DH_G_LENGTH				 108

-#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109

-#define SSL_R_BAD_DH_P_LENGTH				 110

-#define SSL_R_BAD_DIGEST_LENGTH				 111

-#define SSL_R_BAD_DSA_SIGNATURE				 112

-#define SSL_R_BAD_ECC_CERT				 304

-#define SSL_R_BAD_ECDSA_SIGNATURE			 305

-#define SSL_R_BAD_ECPOINT				 306

-#define SSL_R_BAD_HELLO_REQUEST				 105

-#define SSL_R_BAD_LENGTH				 271

-#define SSL_R_BAD_MAC_DECODE				 113

-#define SSL_R_BAD_MESSAGE_TYPE				 114

-#define SSL_R_BAD_PACKET_LENGTH				 115

-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116

-#define SSL_R_BAD_RESPONSE_ARGUMENT			 117

-#define SSL_R_BAD_RSA_DECRYPT				 118

-#define SSL_R_BAD_RSA_ENCRYPT				 119

-#define SSL_R_BAD_RSA_E_LENGTH				 120

-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121

-#define SSL_R_BAD_RSA_SIGNATURE				 122

-#define SSL_R_BAD_SIGNATURE				 123

-#define SSL_R_BAD_SSL_FILETYPE				 124

-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125

-#define SSL_R_BAD_STATE					 126

-#define SSL_R_BAD_WRITE_RETRY				 127

-#define SSL_R_BIO_NOT_SET				 128

-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129

-#define SSL_R_BN_LIB					 130

-#define SSL_R_CA_DN_LENGTH_MISMATCH			 131

-#define SSL_R_CA_DN_TOO_LONG				 132

-#define SSL_R_CCS_RECEIVED_EARLY			 133

-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134

-#define SSL_R_CERT_LENGTH_MISMATCH			 135

-#define SSL_R_CHALLENGE_IS_DIFFERENT			 136

-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137

-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138

-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139

-#define SSL_R_CLIENTHELLO_TLSEXT			 157

-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140

-#define SSL_R_COMPRESSION_FAILURE			 141

-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307

-#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142

-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143

-#define SSL_R_CONNECTION_TYPE_NOT_SET			 144

-#define SSL_R_COOKIE_MISMATCH				 308

-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145

-#define SSL_R_DATA_LENGTH_TOO_LONG			 146

-#define SSL_R_DECRYPTION_FAILED				 147

-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281

-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148

-#define SSL_R_DIGEST_CHECK_FAILED			 149

-#define SSL_R_DUPLICATE_COMPRESSION_ID			 309

-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310

-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150

-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282

-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151

-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152

-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153

-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154

-#define SSL_R_HTTPS_PROXY_REQUEST			 155

-#define SSL_R_HTTP_REQUEST				 156

-#define SSL_R_ILLEGAL_PADDING				 283

-#define SSL_R_INVALID_CHALLENGE_LENGTH			 158

-#define SSL_R_INVALID_COMMAND				 280

-#define SSL_R_INVALID_PURPOSE				 278

-#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 275

-#define SSL_R_INVALID_TRUST				 279

-#define SSL_R_KEY_ARG_TOO_LONG				 284

-#define SSL_R_KRB5					 285

-#define SSL_R_KRB5_C_CC_PRINC				 286

-#define SSL_R_KRB5_C_GET_CRED				 287

-#define SSL_R_KRB5_C_INIT				 288

-#define SSL_R_KRB5_C_MK_REQ				 289

-#define SSL_R_KRB5_S_BAD_TICKET				 290

-#define SSL_R_KRB5_S_INIT				 291

-#define SSL_R_KRB5_S_RD_REQ				 292

-#define SSL_R_KRB5_S_TKT_EXPIRED			 293

-#define SSL_R_KRB5_S_TKT_NYV				 294

-#define SSL_R_KRB5_S_TKT_SKEW				 295

-#define SSL_R_LENGTH_MISMATCH				 159

-#define SSL_R_LENGTH_TOO_SHORT				 160

-#define SSL_R_LIBRARY_BUG				 274

-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161

-#define SSL_R_MESSAGE_TOO_LONG				 296

-#define SSL_R_MISSING_DH_DSA_CERT			 162

-#define SSL_R_MISSING_DH_KEY				 163

-#define SSL_R_MISSING_DH_RSA_CERT			 164

-#define SSL_R_MISSING_DSA_SIGNING_CERT			 165

-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166

-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167

-#define SSL_R_MISSING_RSA_CERTIFICATE			 168

-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169

-#define SSL_R_MISSING_RSA_SIGNING_CERT			 170

-#define SSL_R_MISSING_TMP_DH_KEY			 171

-#define SSL_R_MISSING_TMP_ECDH_KEY			 311

-#define SSL_R_MISSING_TMP_RSA_KEY			 172

-#define SSL_R_MISSING_TMP_RSA_PKEY			 173

-#define SSL_R_MISSING_VERIFY_MESSAGE			 174

-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175

-#define SSL_R_NO_CERTIFICATES_RETURNED			 176

-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177

-#define SSL_R_NO_CERTIFICATE_RETURNED			 178

-#define SSL_R_NO_CERTIFICATE_SET			 179

-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180

-#define SSL_R_NO_CIPHERS_AVAILABLE			 181

-#define SSL_R_NO_CIPHERS_PASSED				 182

-#define SSL_R_NO_CIPHERS_SPECIFIED			 183

-#define SSL_R_NO_CIPHER_LIST				 184

-#define SSL_R_NO_CIPHER_MATCH				 185

-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186

-#define SSL_R_NO_COMPRESSION_SPECIFIED			 187

-#define SSL_R_NO_METHOD_SPECIFIED			 188

-#define SSL_R_NO_PRIVATEKEY				 189

-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190

-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191

-#define SSL_R_NO_PUBLICKEY				 192

-#define SSL_R_NO_SHARED_CIPHER				 193

-#define SSL_R_NO_VERIFY_CALLBACK			 194

-#define SSL_R_NULL_SSL_CTX				 195

-#define SSL_R_NULL_SSL_METHOD_PASSED			 196

-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197

-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297

-#define SSL_R_PACKET_LENGTH_TOO_LONG			 198

-#define SSL_R_PARSE_TLSEXT				 223

-#define SSL_R_PATH_TOO_LONG				 270

-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199

-#define SSL_R_PEER_ERROR				 200

-#define SSL_R_PEER_ERROR_CERTIFICATE			 201

-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202

-#define SSL_R_PEER_ERROR_NO_CIPHER			 203

-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204

-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205

-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206

-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207

-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208

-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209

-#define SSL_R_PUBLIC_KEY_NOT_RSA			 210

-#define SSL_R_READ_BIO_NOT_SET				 211

-#define SSL_R_READ_TIMEOUT_EXPIRED			 312

-#define SSL_R_READ_WRONG_PACKET_TYPE			 212

-#define SSL_R_RECORD_LENGTH_MISMATCH			 213

-#define SSL_R_RECORD_TOO_LARGE				 214

-#define SSL_R_RECORD_TOO_SMALL				 298

-#define SSL_R_REQUIRED_CIPHER_MISSING			 215

-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216

-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217

-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218

-#define SSL_R_SERVERHELLO_TLSEXT			 224

-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277

-#define SSL_R_SHORT_READ				 219

-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220

-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221

-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299

-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME		 225

-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE		 226

-#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 300

-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222

-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042

-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020

-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045

-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044

-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046

-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030

-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040

-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047

-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041

-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010

-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043

-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228

-#define SSL_R_SSL_HANDSHAKE_FAILURE			 229

-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230

-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301

-#define SSL_R_SSL_SESSION_ID_CONFLICT			 302

-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273

-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 303

-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231

-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049

-#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050

-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021

-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051

-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060

-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071

-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080

-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100

-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070

-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022

-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048

-#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090

-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232

-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 227

-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233

-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234

-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235

-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236

-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 313

-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237

-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238

-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 314

-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239

-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240

-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241

-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242

-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243

-#define SSL_R_UNEXPECTED_MESSAGE			 244

-#define SSL_R_UNEXPECTED_RECORD				 245

-#define SSL_R_UNINITIALIZED				 276

-#define SSL_R_UNKNOWN_ALERT_TYPE			 246

-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247

-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248

-#define SSL_R_UNKNOWN_CIPHER_TYPE			 249

-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250

-#define SSL_R_UNKNOWN_PKEY_TYPE				 251

-#define SSL_R_UNKNOWN_PROTOCOL				 252

-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253

-#define SSL_R_UNKNOWN_SSL_VERSION			 254

-#define SSL_R_UNKNOWN_STATE				 255

-#define SSL_R_UNSUPPORTED_CIPHER			 256

-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257

-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 315

-#define SSL_R_UNSUPPORTED_PROTOCOL			 258

-#define SSL_R_UNSUPPORTED_SSL_VERSION			 259

-#define SSL_R_WRITE_BIO_NOT_SET				 260

-#define SSL_R_WRONG_CIPHER_RETURNED			 261

-#define SSL_R_WRONG_MESSAGE_TYPE			 262

-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263

-#define SSL_R_WRONG_SIGNATURE_LENGTH			 264

-#define SSL_R_WRONG_SIGNATURE_SIZE			 265

-#define SSL_R_WRONG_SSL_VERSION				 266

-#define SSL_R_WRONG_VERSION_NUMBER			 267

-#define SSL_R_X509_LIB					 268

-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ssl2.h

+++ /dev/null

@@ -1,268 +1,0 @@

-/* ssl/ssl2.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_SSL2_H

-#define HEADER_SSL2_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Protocol Version Codes */

-#define SSL2_VERSION		0x0002

-#define SSL2_VERSION_MAJOR	0x00

-#define SSL2_VERSION_MINOR	0x02

-/* #define SSL2_CLIENT_VERSION	0x0002 */

-/* #define SSL2_SERVER_VERSION	0x0002 */

-/* Protocol Message Codes */

-#define SSL2_MT_ERROR			0

-#define SSL2_MT_CLIENT_HELLO		1

-#define SSL2_MT_CLIENT_MASTER_KEY	2

-#define SSL2_MT_CLIENT_FINISHED		3

-#define SSL2_MT_SERVER_HELLO		4

-#define SSL2_MT_SERVER_VERIFY		5

-#define SSL2_MT_SERVER_FINISHED		6

-#define SSL2_MT_REQUEST_CERTIFICATE	7

-#define SSL2_MT_CLIENT_CERTIFICATE	8

-/* Error Message Codes */

-#define SSL2_PE_UNDEFINED_ERROR		0x0000

-#define SSL2_PE_NO_CIPHER		0x0001

-#define SSL2_PE_NO_CERTIFICATE		0x0002

-#define SSL2_PE_BAD_CERTIFICATE		0x0004

-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006

-/* Cipher Kind Values */

-#define SSL2_CK_NULL_WITH_MD5			0x02000000 /* v3 */

-#define SSL2_CK_RC4_128_WITH_MD5		0x02010080

-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5	0x02020080

-#define SSL2_CK_RC2_128_CBC_WITH_MD5		0x02030080

-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x02040080

-#define SSL2_CK_IDEA_128_CBC_WITH_MD5		0x02050080

-#define SSL2_CK_DES_64_CBC_WITH_MD5		0x02060040

-#define SSL2_CK_DES_64_CBC_WITH_SHA		0x02060140 /* v3 */

-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5	0x020700c0

-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA	0x020701c0 /* v3 */

-#define SSL2_CK_RC4_64_WITH_MD5			0x02080080 /* MS hack */

-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1		0x02ff0800 /* SSLeay */

-#define SSL2_CK_NULL				0x02ff0810 /* SSLeay */

-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1	"DES-CFB-M1"

-#define SSL2_TXT_NULL_WITH_MD5			"NULL-MD5"

-#define SSL2_TXT_RC4_128_WITH_MD5		"RC4-MD5"

-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	"EXP-RC4-MD5"

-#define SSL2_TXT_RC2_128_CBC_WITH_MD5		"RC2-CBC-MD5"

-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	"EXP-RC2-CBC-MD5"

-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5		"IDEA-CBC-MD5"

-#define SSL2_TXT_DES_64_CBC_WITH_MD5		"DES-CBC-MD5"

-#define SSL2_TXT_DES_64_CBC_WITH_SHA		"DES-CBC-SHA"

-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	"DES-CBC3-MD5"

-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	"DES-CBC3-SHA"

-#define SSL2_TXT_RC4_64_WITH_MD5		"RC4-64-MD5"

-#define SSL2_TXT_NULL				"NULL"

-/* Flags for the SSL_CIPHER.algorithm2 field */

-#define SSL2_CF_5_BYTE_ENC			0x01

-#define SSL2_CF_8_BYTE_ENC			0x02

-/* Certificate Type Codes */

-#define SSL2_CT_X509_CERTIFICATE		0x01

-/* Authentication Type Code */

-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION		0x01

-#define SSL2_MAX_SSL_SESSION_ID_LENGTH		32

-/* Upper/Lower Bounds */

-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256

-#ifdef OPENSSL_SYS_MPE

-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u

-#else

-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */

-#endif

-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */

-#define SSL2_CHALLENGE_LENGTH	16

-/*#define SSL2_CHALLENGE_LENGTH	32 */

-#define SSL2_MIN_CHALLENGE_LENGTH	16

-#define SSL2_MAX_CHALLENGE_LENGTH	32

-#define SSL2_CONNECTION_ID_LENGTH	16

-#define SSL2_MAX_CONNECTION_ID_LENGTH	16

-#define SSL2_SSL_SESSION_ID_LENGTH	16

-#define SSL2_MAX_CERT_CHALLENGE_LENGTH	32

-#define SSL2_MIN_CERT_CHALLENGE_LENGTH	16

-#define SSL2_MAX_KEY_MATERIAL_LENGTH	24

-#ifndef HEADER_SSL_LOCL_H

-#define  CERT		char

-#endif

-typedef struct ssl2_state_st

-	{

-	int three_byte_header;

-	int clear_text;		/* clear text */

-	int escape;		/* not used in SSLv2 */

-	int ssl2_rollback;	/* used if SSLv23 rolled back to SSLv2 */

-	/* non-blocking io info, used to make sure the same

-	 * args were passwd */

-	unsigned int wnum;	/* number of bytes sent so far */

-	int wpend_tot;

-	const unsigned char *wpend_buf;

-	int wpend_off;	/* offset to data to write */

-	int wpend_len; 	/* number of bytes passwd to write */

-	int wpend_ret; 	/* number of bytes to return to caller */

-	/* buffer raw data */

-	int rbuf_left;

-	int rbuf_offs;

-	unsigned char *rbuf;

-	unsigned char *wbuf;

-	unsigned char *write_ptr;/* used to point to the start due to

-				  * 2/3 byte header. */

-	unsigned int padding;

-	unsigned int rlength; /* passed to ssl2_enc */

-	int ract_data_length; /* Set when things are encrypted. */

-	unsigned int wlength; /* passed to ssl2_enc */

-	int wact_data_length; /* Set when things are decrypted. */

-	unsigned char *ract_data;

-	unsigned char *wact_data;

-	unsigned char *mac_data;

-	unsigned char *read_key;

-	unsigned char *write_key;

-		/* Stuff specifically to do with this SSL session */

-	unsigned int challenge_length;

-	unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];

-	unsigned int conn_id_length;

-	unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];

-	unsigned int key_material_length;

-	unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];

-	unsigned long read_sequence;

-	unsigned long write_sequence;

-	struct	{

-		unsigned int conn_id_length;

-		unsigned int cert_type;

-		unsigned int cert_length;

-		unsigned int csl;

-		unsigned int clear;

-		unsigned int enc;

-		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];

-		unsigned int cipher_spec_length;

-		unsigned int session_id_length;

-		unsigned int clen;

-		unsigned int rlen;

-		} tmp;

-	} SSL2_STATE;

-/* SSLv2 */

-/* client */

-#define SSL2_ST_SEND_CLIENT_HELLO_A		(0x10|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_HELLO_B		(0x11|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_HELLO_A		(0x20|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_HELLO_B		(0x21|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A	(0x30|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B	(0x31|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_FINISHED_A		(0x40|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_FINISHED_B		(0x41|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A	(0x50|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B	(0x51|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C	(0x52|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D	(0x53|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_VERIFY_A		(0x60|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_VERIFY_B		(0x61|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_FINISHED_A		(0x70|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_FINISHED_B		(0x71|SSL_ST_CONNECT)

-#define SSL2_ST_CLIENT_START_ENCRYPTION		(0x80|SSL_ST_CONNECT)

-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE	(0x90|SSL_ST_CONNECT)

-/* server */

-#define SSL2_ST_GET_CLIENT_HELLO_A		(0x10|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_HELLO_B		(0x11|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_HELLO_C		(0x12|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_HELLO_A		(0x20|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_HELLO_B		(0x21|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A		(0x30|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B		(0x31|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_VERIFY_A		(0x40|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_VERIFY_B		(0x41|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_VERIFY_C		(0x42|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_FINISHED_A		(0x50|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_FINISHED_B		(0x51|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_FINISHED_A		(0x60|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_FINISHED_B		(0x61|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A	(0x70|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B	(0x71|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C	(0x72|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D	(0x73|SSL_ST_ACCEPT)

-#define SSL2_ST_SERVER_START_ENCRYPTION		(0x80|SSL_ST_ACCEPT)

-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE	(0x90|SSL_ST_ACCEPT)

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ssl23.h

+++ /dev/null

@@ -1,83 +1,0 @@

-/* ssl/ssl23.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_SSL23_H

-#define HEADER_SSL23_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*client */

-/* write to server */

-#define SSL23_ST_CW_CLNT_HELLO_A	(0x210|SSL_ST_CONNECT)

-#define SSL23_ST_CW_CLNT_HELLO_B	(0x211|SSL_ST_CONNECT)

-/* read from server */

-#define SSL23_ST_CR_SRVR_HELLO_A	(0x220|SSL_ST_CONNECT)

-#define SSL23_ST_CR_SRVR_HELLO_B	(0x221|SSL_ST_CONNECT)

-/* server */

-/* read from client */

-#define SSL23_ST_SR_CLNT_HELLO_A	(0x210|SSL_ST_ACCEPT)

-#define SSL23_ST_SR_CLNT_HELLO_B	(0x211|SSL_ST_ACCEPT)

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ssl3.h

+++ /dev/null

@@ -1,560 +1,0 @@

-/* ssl/ssl3.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_SSL3_H

-#define HEADER_SSL3_H

-#ifndef OPENSSL_NO_COMP

-#include <openssl/comp.h>

-#endif

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-#include <openssl/ssl.h>

-#include <openssl/pq_compat.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define SSL3_CK_RSA_NULL_MD5			0x03000001

-#define SSL3_CK_RSA_NULL_SHA			0x03000002

-#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003

-#define SSL3_CK_RSA_RC4_128_MD5			0x03000004

-#define SSL3_CK_RSA_RC4_128_SHA			0x03000005

-#define SSL3_CK_RSA_RC2_40_MD5			0x03000006

-#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007

-#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008

-#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009

-#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A

-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B

-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C

-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D

-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E

-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F

-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010

-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011

-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012

-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013

-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014

-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015

-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016

-#define SSL3_CK_ADH_RC4_40_MD5			0x03000017

-#define SSL3_CK_ADH_RC4_128_MD5			0x03000018

-#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019

-#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A

-#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B

-#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C

-#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D

-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe

-	 to remove according to David Hopwood <[email protected]>

-	 of the ietf-tls list */

-#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E

-#endif

-/*    VRS Additional Kerberos5 entries

- */

-#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E

-#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F

-#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020

-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021

-#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022

-#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023

-#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024

-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025

-#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026

-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027

-#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028

-#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029

-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A

-#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B

-#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"

-#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"

-#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"

-#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"

-#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"

-#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"

-#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"

-#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"

-#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"

-#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"

-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"

-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"

-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"

-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"

-#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"

-#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"

-#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"

-#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"

-#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"

-#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"

-#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"

-#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"

-#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"

-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"

-#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"

-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"

-#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"

-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"

-#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"

-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"

-#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"

-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"

-#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"

-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"

-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"

-#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"

-#define SSL3_SSL_SESSION_ID_LENGTH		32

-#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32

-#define SSL3_MASTER_SECRET_SIZE			48

-#define SSL3_RANDOM_SIZE			32

-#define SSL3_SESSION_ID_SIZE			32

-#define SSL3_RT_HEADER_LENGTH			5

-/* Due to MS stuffing up, this can change.... */

-#if defined(OPENSSL_SYS_WIN16) || \

-	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))

-#define SSL3_RT_MAX_EXTRA			(14000)

-#else

-#define SSL3_RT_MAX_EXTRA			(16384)

-#endif

-#define SSL3_RT_MAX_PLAIN_LENGTH		16384

-#ifdef OPENSSL_NO_COMP

-#define SSL3_RT_MAX_COMPRESSED_LENGTH	SSL3_RT_MAX_PLAIN_LENGTH

-#else

-#define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)

-#endif

-#define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)

-#define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)

-#define SSL3_RT_MAX_DATA_SIZE			(1024*1024)

-#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"

-#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"

-#define SSL3_VERSION			0x0300

-#define SSL3_VERSION_MAJOR		0x03

-#define SSL3_VERSION_MINOR		0x00

-#define SSL3_RT_CHANGE_CIPHER_SPEC	20

-#define SSL3_RT_ALERT			21

-#define SSL3_RT_HANDSHAKE		22

-#define SSL3_RT_APPLICATION_DATA	23

-#define SSL3_AL_WARNING			1

-#define SSL3_AL_FATAL			2

-#define SSL3_AD_CLOSE_NOTIFY		 0

-#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */

-#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */

-#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */

-#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */

-#define SSL3_AD_NO_CERTIFICATE		41

-#define SSL3_AD_BAD_CERTIFICATE		42

-#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43

-#define SSL3_AD_CERTIFICATE_REVOKED	44

-#define SSL3_AD_CERTIFICATE_EXPIRED	45

-#define SSL3_AD_CERTIFICATE_UNKNOWN	46

-#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */

-typedef struct ssl3_record_st

-	{

-/*r */	int type;               /* type of record */

-/*rw*/	unsigned int length;    /* How many bytes available */

-/*r */	unsigned int off;       /* read/write offset into 'buf' */

-/*rw*/	unsigned char *data;    /* pointer to the record data */

-/*rw*/	unsigned char *input;   /* where the decode bytes are */

-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */

-/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */

-/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */

-	} SSL3_RECORD;

-typedef struct ssl3_buffer_st

-	{

-	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,

-	                         * see ssl3_setup_buffers() */

-	size_t len;             /* buffer size */

-	int offset;             /* where to 'copy from' */

-	int left;               /* how many bytes left */

-	} SSL3_BUFFER;

-#define SSL3_CT_RSA_SIGN			1

-#define SSL3_CT_DSS_SIGN			2

-#define SSL3_CT_RSA_FIXED_DH			3

-#define SSL3_CT_DSS_FIXED_DH			4

-#define SSL3_CT_RSA_EPHEMERAL_DH		5

-#define SSL3_CT_DSS_EPHEMERAL_DH		6

-#define SSL3_CT_FORTEZZA_DMS			20

-/* SSL3_CT_NUMBER is used to size arrays and it must be large

- * enough to contain all of the cert types defined either for

- * SSLv3 and TLSv1.

- */

-#define SSL3_CT_NUMBER			7

-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001

-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002

-#define SSL3_FLAGS_POP_BUFFER			0x0004

-#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008

-typedef struct ssl3_state_st

-	{

-	long flags;

-	int delay_buf_pop_ret;

-	unsigned char read_sequence[8];

-	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];

-	unsigned char write_sequence[8];

-	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];

-	unsigned char server_random[SSL3_RANDOM_SIZE];

-	unsigned char client_random[SSL3_RANDOM_SIZE];

-	/* flags for countermeasure against known-IV weakness */

-	int need_empty_fragments;

-	int empty_fragment_done;

-	SSL3_BUFFER rbuf;	/* read IO goes into here */

-	SSL3_BUFFER wbuf;	/* write IO goes into here */

-	SSL3_RECORD rrec;	/* each decoded record goes in here */

-	SSL3_RECORD wrec;	/* goes out from here */

-	/* storage for Alert/Handshake protocol data received but not

-	 * yet processed by ssl3_read_bytes: */

-	unsigned char alert_fragment[2];

-	unsigned int alert_fragment_len;

-	unsigned char handshake_fragment[4];

-	unsigned int handshake_fragment_len;

-	/* partial write - check the numbers match */

-	unsigned int wnum;	/* number of bytes sent so far */

-	int wpend_tot;		/* number bytes written */

-	int wpend_type;

-	int wpend_ret;		/* number of bytes submitted */

-	const unsigned char *wpend_buf;

-	/* used during startup, digest all incoming/outgoing packets */

-	EVP_MD_CTX finish_dgst1;

-	EVP_MD_CTX finish_dgst2;

-	/* this is set whenerver we see a change_cipher_spec message

-	 * come in when we are not looking for one */

-	int change_cipher_spec;

-	int warn_alert;

-	int fatal_alert;

-	/* we allow one fatal and one warning alert to be outstanding,

-	 * send close alert via the warning alert */

-	int alert_dispatch;

-	unsigned char send_alert[2];

-	/* This flag is set when we should renegotiate ASAP, basically when

-	 * there is no more data in the read or write buffers */

-	int renegotiate;

-	int total_renegotiations;

-	int num_renegotiations;

-	int in_read_app_data;

-	struct	{

-		/* actually only needs to be 16+20 */

-		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

-		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */

-		unsigned char finish_md[EVP_MAX_MD_SIZE*2];

-		int finish_md_len;

-		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];

-		int peer_finish_md_len;

-		unsigned long message_size;

-		int message_type;

-		/* used to hold the new cipher we are going to use */

-		SSL_CIPHER *new_cipher;

-#ifndef OPENSSL_NO_DH

-		DH *dh;

-#endif

-#ifndef OPENSSL_NO_ECDH

-		EC_KEY *ecdh; /* holds short lived ECDH key */

-#endif

-		/* used when SSL_ST_FLUSH_DATA is entered */

-		int next_state;

-		int reuse_message;

-		/* used for certificate requests */

-		int cert_req;

-		int ctype_num;

-		char ctype[SSL3_CT_NUMBER];

-		STACK_OF(X509_NAME) *ca_names;

-		int use_rsa_tmp;

-		int key_block_length;

-		unsigned char *key_block;

-		const EVP_CIPHER *new_sym_enc;

-		const EVP_MD *new_hash;

-#ifndef OPENSSL_NO_COMP

-		const SSL_COMP *new_compression;

-#else

-		char *new_compression;

-#endif

-		int cert_request;

-		} tmp;

-	} SSL3_STATE;

-/* SSLv3 */

-/*client */

-/* extra state */

-#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)

-/* write to server */

-#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)

-/* read from server */

-#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)

-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)

-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)

-#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)

-#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)

-/* write to server */

-#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)

-#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)

-#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)

-#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)

-#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)

-/* read from server */

-#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)

-#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)

-#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SESSION_TICKET_A	(0x1E0|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SESSION_TICKET_B	(0x1E1|SSL_ST_CONNECT)

-/* server */

-/* extra state */

-#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)

-/* read from client */

-/* Do not change the number values, they do matter */

-#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)

-/* write to client */

-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)

-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)

-/* read from client */

-#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)

-/* write to client */

-#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SESSION_TICKET_A	(0x1F0|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SESSION_TICKET_B	(0x1F1|SSL_ST_ACCEPT)

-#define SSL3_MT_HELLO_REQUEST			0

-#define SSL3_MT_CLIENT_HELLO			1

-#define SSL3_MT_SERVER_HELLO			2

-#define	SSL3_MT_NEWSESSION_TICKET		4

-#define SSL3_MT_CERTIFICATE			11

-#define SSL3_MT_SERVER_KEY_EXCHANGE		12

-#define SSL3_MT_CERTIFICATE_REQUEST		13

-#define SSL3_MT_SERVER_DONE			14

-#define SSL3_MT_CERTIFICATE_VERIFY		15

-#define SSL3_MT_CLIENT_KEY_EXCHANGE		16

-#define SSL3_MT_FINISHED			20

-#define DTLS1_MT_HELLO_VERIFY_REQUEST    3

-#define SSL3_MT_CCS				1

-/* These are used when changing over to a new cipher */

-#define SSL3_CC_READ		0x01

-#define SSL3_CC_WRITE		0x02

-#define SSL3_CC_CLIENT		0x10

-#define SSL3_CC_SERVER		0x20

-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)

-#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)

-#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)

-#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/stack.h

+++ /dev/null

@@ -1,109 +1,0 @@

-/* crypto/stack/stack.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_STACK_H

-#define HEADER_STACK_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct stack_st

-	{

-	int num;

-	char **data;

-	int sorted;

-	int num_alloc;

-	int (*comp)(const char * const *, const char * const *);

-	} STACK;

-#define M_sk_num(sk)		((sk) ? (sk)->num:-1)

-#define M_sk_value(sk,n)	((sk) ? (sk)->data[n] : NULL)

-int sk_num(const STACK *);

-char *sk_value(const STACK *, int);

-char *sk_set(STACK *, int, char *);

-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));

-STACK *sk_new_null(void);

-void sk_free(STACK *);

-void sk_pop_free(STACK *st, void (*func)(void *));

-int sk_insert(STACK *sk,char *data,int where);

-char *sk_delete(STACK *st,int loc);

-char *sk_delete_ptr(STACK *st, char *p);

-int sk_find(STACK *st,char *data);

-int sk_find_ex(STACK *st,char *data);

-int sk_push(STACK *st,char *data);

-int sk_unshift(STACK *st,char *data);

-char *sk_shift(STACK *st);

-char *sk_pop(STACK *st);

-void sk_zero(STACK *st);

-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,

-			const char * const *)))

-			(const char * const *, const char * const *);

-STACK *sk_dup(STACK *st);

-void sk_sort(STACK *st);

-int sk_is_sorted(const STACK *st);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/store.h

+++ /dev/null

@@ -1,554 +1,0 @@

-/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_STORE_H

-#define HEADER_STORE_H

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#include <openssl/x509.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct store_st STORE; */

-/* typedef struct store_method_st STORE_METHOD; */

-/* All the following functions return 0, a negative number or NULL on error.

-   When everything is fine, they return a positive value or a non-NULL

-   pointer, all depending on their purpose. */

-/* Creators and destructor.   */

-STORE *STORE_new_method(const STORE_METHOD *method);

-STORE *STORE_new_engine(ENGINE *engine);

-void STORE_free(STORE *ui);

-/* Give a user interface parametrised control commands.  This can be used to

-   send down an integer, a data pointer or a function pointer, as well as

-   be used to get information from a STORE. */

-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));

-/* A control to set the directory with keys and certificates.  Used by the

-   built-in directory level method. */

-#define STORE_CTRL_SET_DIRECTORY	0x0001

-/* A control to set a file to load.  Used by the built-in file level method. */

-#define STORE_CTRL_SET_FILE		0x0002

-/* A control to set a configuration file to load.  Can be used by any method

-   that wishes to load a configuration file. */

-#define STORE_CTRL_SET_CONF_FILE	0x0003

-/* A control to set a the section of the loaded configuration file.  Can be

-   used by any method that wishes to load a configuration file. */

-#define STORE_CTRL_SET_CONF_SECTION	0x0004

-/* Some methods may use extra data */

-#define STORE_set_app_data(s,arg)	STORE_set_ex_data(s,0,arg)

-#define STORE_get_app_data(s)		STORE_get_ex_data(s,0)

-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int STORE_set_ex_data(STORE *r,int idx,void *arg);

-void *STORE_get_ex_data(STORE *r, int idx);

-/* Use specific methods instead of the built-in one */

-const STORE_METHOD *STORE_get_method(STORE *store);

-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);

-/* The standard OpenSSL methods. */

-/* This is the in-memory method.  It does everything except revoking and updating,

-   and is of course volatile.  It's used by other methods that have an in-memory

-   cache. */

-const STORE_METHOD *STORE_Memory(void);

-#if 0 /* Not yet implemented */

-/* This is the directory store.  It does everything except revoking and updating,

-   and uses STORE_Memory() to cache things in memory. */

-const STORE_METHOD *STORE_Directory(void);

-/* This is the file store.  It does everything except revoking and updating,

-   and uses STORE_Memory() to cache things in memory.  Certificates are added

-   to it with the store operation, and it will only get cached certificates. */

-const STORE_METHOD *STORE_File(void);

-#endif

-/* Store functions take a type code for the type of data they should store

-   or fetch */

-typedef enum STORE_object_types

-	{

-	STORE_OBJECT_TYPE_X509_CERTIFICATE=	0x01, /* X509 * */

-	STORE_OBJECT_TYPE_X509_CRL=		0x02, /* X509_CRL * */

-	STORE_OBJECT_TYPE_PRIVATE_KEY=		0x03, /* EVP_PKEY * */

-	STORE_OBJECT_TYPE_PUBLIC_KEY=		0x04, /* EVP_PKEY * */

-	STORE_OBJECT_TYPE_NUMBER=		0x05, /* BIGNUM * */

-	STORE_OBJECT_TYPE_ARBITRARY=		0x06, /* BUF_MEM * */

-	STORE_OBJECT_TYPE_NUM=			0x06  /* The amount of known

-							 object types */

-	} STORE_OBJECT_TYPES;

-/* List of text strings corresponding to the object types. */

-extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];

-/* Some store functions take a parameter list.  Those parameters come with

-   one of the following codes. The comments following the codes below indicate

-   what type the value should be a pointer to. */

-typedef enum STORE_params

-	{

-	STORE_PARAM_EVP_TYPE=			0x01, /* int */

-	STORE_PARAM_BITS=			0x02, /* size_t */

-	STORE_PARAM_KEY_PARAMETERS=		0x03, /* ??? */

-	STORE_PARAM_KEY_NO_PARAMETERS=		0x04, /* N/A */

-	STORE_PARAM_AUTH_PASSPHRASE=		0x05, /* char * */

-	STORE_PARAM_AUTH_KRB5_TICKET=		0x06, /* void * */

-	STORE_PARAM_TYPE_NUM=			0x06  /* The amount of known

-							 parameter types */

-	} STORE_PARAM_TYPES;

-/* Parameter value sizes.  -1 means unknown, anything else is the required size. */

-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];

-/* Store functions take attribute lists.  Those attributes come with codes.

-   The comments following the codes below indicate what type the value should

-   be a pointer to. */

-typedef enum STORE_attribs

-	{

-	STORE_ATTR_END=				0x00,

-	STORE_ATTR_FRIENDLYNAME=		0x01, /* C string */

-	STORE_ATTR_KEYID=			0x02, /* 160 bit string (SHA1) */

-	STORE_ATTR_ISSUERKEYID=			0x03, /* 160 bit string (SHA1) */

-	STORE_ATTR_SUBJECTKEYID=		0x04, /* 160 bit string (SHA1) */

-	STORE_ATTR_ISSUERSERIALHASH=		0x05, /* 160 bit string (SHA1) */

-	STORE_ATTR_ISSUER=			0x06, /* X509_NAME * */

-	STORE_ATTR_SERIAL=			0x07, /* BIGNUM * */

-	STORE_ATTR_SUBJECT=			0x08, /* X509_NAME * */

-	STORE_ATTR_CERTHASH=			0x09, /* 160 bit string (SHA1) */

-	STORE_ATTR_EMAIL=			0x0a, /* C string */

-	STORE_ATTR_FILENAME=			0x0b, /* C string */

-	STORE_ATTR_TYPE_NUM=			0x0b, /* The amount of known

-							 attribute types */

-	STORE_ATTR_OR=				0xff  /* This is a special

-							 separator, which

-							 expresses the OR

-							 operation.  */

-	} STORE_ATTR_TYPES;

-/* Attribute value sizes.  -1 means unknown, anything else is the required size. */

-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];

-typedef enum STORE_certificate_status

-	{

-	STORE_X509_VALID=			0x00,

-	STORE_X509_EXPIRED=			0x01,

-	STORE_X509_SUSPENDED=			0x02,

-	STORE_X509_REVOKED=			0x03

-	} STORE_CERTIFICATE_STATUS;

-/* Engine store functions will return a structure that contains all the necessary

- * information, including revokation status for certificates.  This is really not

- * needed for application authors, as the ENGINE framework functions will extract

- * the OpenSSL-specific information when at all possible.  However, for engine

- * authors, it's crucial to know this structure.  */

-typedef struct STORE_OBJECT_st

-	{

-	STORE_OBJECT_TYPES type;

-	union

-		{

-		struct

-			{

-			STORE_CERTIFICATE_STATUS status;

-			X509 *certificate;

-			} x509;

-		X509_CRL *crl;

-		EVP_PKEY *key;

-		BIGNUM *number;

-		BUF_MEM *arbitrary;

-		} data;

-	} STORE_OBJECT;

-DECLARE_STACK_OF(STORE_OBJECT)

-STORE_OBJECT *STORE_OBJECT_new(void);

-void STORE_OBJECT_free(STORE_OBJECT *data);

-/* The following functions handle the storage. They return 0, a negative number

-   or NULL on error, anything else on success. */

-X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-X509 *STORE_list_certificate_next(STORE *e, void *handle);

-int STORE_list_certificate_end(STORE *e, void *handle);

-int STORE_list_certificate_endp(STORE *e, void *handle);

-EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_private_key(STORE *e, EVP_PKEY *data,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);

-int STORE_list_private_key_end(STORE *e, void *handle);

-int STORE_list_private_key_endp(STORE *e, void *handle);

-EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);

-int STORE_list_public_key_end(STORE *e, void *handle);

-int STORE_list_public_key_endp(STORE *e, void *handle);

-X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-X509_CRL *STORE_list_crl_next(STORE *e, void *handle);

-int STORE_list_crl_end(STORE *e, void *handle);

-int STORE_list_crl_endp(STORE *e, void *handle);

-int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-/* Create and manipulate methods */

-STORE_METHOD *STORE_create_method(char *name);

-void STORE_destroy_method(STORE_METHOD *store_method);

-/* These callback types are use for store handlers */

-typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);

-typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);

-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);

-typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);

-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));

-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);

-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);

-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);

-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);

-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);

-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);

-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);

-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);

-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);

-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);

-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);

-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);

-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);

-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);

-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);

-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);

-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);

-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);

-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);

-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);

-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);

-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);

-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);

-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);

-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);

-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);

-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);

-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);

-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);

-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);

-/* Method helper structures and functions. */

-/* This structure is the result of parsing through the information in a list

-   of OPENSSL_ITEMs.  It stores all the necessary information in a structured

-   way.*/

-typedef struct STORE_attr_info_st STORE_ATTR_INFO;

-/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.

-   Note that we do this in the list form, since the list of OPENSSL_ITEMs can

-   come in blocks separated with STORE_ATTR_OR.  Note that the value returned

-   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */

-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);

-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);

-int STORE_parse_attrs_end(void *handle);

-int STORE_parse_attrs_endp(void *handle);

-/* Creator and destructor */

-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);

-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);

-/* Manipulators */

-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);

-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,

-	STORE_ATTR_TYPES code);

-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);

-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);

-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	char *cstr, size_t cstr_size);

-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	unsigned char *sha1str, size_t sha1str_size);

-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	X509_NAME *dn);

-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	BIGNUM *number);

-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	char *cstr, size_t cstr_size);

-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	unsigned char *sha1str, size_t sha1str_size);

-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	X509_NAME *dn);

-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	BIGNUM *number);

-/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values

-   in each contained attribute. */

-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* Check if the set of attributes in a is within the range of attributes

-   set in b. */

-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* Check if the set of attributes in a are also set in b. */

-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */

-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_STORE_strings(void);

-/* Error codes for the STORE functions. */

-/* Function codes. */

-#define STORE_F_MEM_DELETE				 134

-#define STORE_F_MEM_GENERATE				 135

-#define STORE_F_MEM_LIST_END				 168

-#define STORE_F_MEM_LIST_NEXT				 136

-#define STORE_F_MEM_LIST_START				 137

-#define STORE_F_MEM_MODIFY				 169

-#define STORE_F_MEM_STORE				 138

-#define STORE_F_STORE_ATTR_INFO_GET0_CSTR		 139

-#define STORE_F_STORE_ATTR_INFO_GET0_DN			 140

-#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER		 141

-#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR		 142

-#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR		 143

-#define STORE_F_STORE_ATTR_INFO_MODIFY_DN		 144

-#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER		 145

-#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR		 146

-#define STORE_F_STORE_ATTR_INFO_SET_CSTR		 147

-#define STORE_F_STORE_ATTR_INFO_SET_DN			 148

-#define STORE_F_STORE_ATTR_INFO_SET_NUMBER		 149

-#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR		 150

-#define STORE_F_STORE_CERTIFICATE			 170

-#define STORE_F_STORE_CTRL				 161

-#define STORE_F_STORE_DELETE_ARBITRARY			 158

-#define STORE_F_STORE_DELETE_CERTIFICATE		 102

-#define STORE_F_STORE_DELETE_CRL			 103

-#define STORE_F_STORE_DELETE_NUMBER			 104

-#define STORE_F_STORE_DELETE_PRIVATE_KEY		 105

-#define STORE_F_STORE_DELETE_PUBLIC_KEY			 106

-#define STORE_F_STORE_GENERATE_CRL			 107

-#define STORE_F_STORE_GENERATE_KEY			 108

-#define STORE_F_STORE_GET_ARBITRARY			 159

-#define STORE_F_STORE_GET_CERTIFICATE			 109

-#define STORE_F_STORE_GET_CRL				 110

-#define STORE_F_STORE_GET_NUMBER			 111

-#define STORE_F_STORE_GET_PRIVATE_KEY			 112

-#define STORE_F_STORE_GET_PUBLIC_KEY			 113

-#define STORE_F_STORE_LIST_CERTIFICATE_END		 114

-#define STORE_F_STORE_LIST_CERTIFICATE_ENDP		 153

-#define STORE_F_STORE_LIST_CERTIFICATE_NEXT		 115

-#define STORE_F_STORE_LIST_CERTIFICATE_START		 116

-#define STORE_F_STORE_LIST_CRL_END			 117

-#define STORE_F_STORE_LIST_CRL_ENDP			 154

-#define STORE_F_STORE_LIST_CRL_NEXT			 118

-#define STORE_F_STORE_LIST_CRL_START			 119

-#define STORE_F_STORE_LIST_PRIVATE_KEY_END		 120

-#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP		 155

-#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT		 121

-#define STORE_F_STORE_LIST_PRIVATE_KEY_START		 122

-#define STORE_F_STORE_LIST_PUBLIC_KEY_END		 123

-#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP		 156

-#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT		 124

-#define STORE_F_STORE_LIST_PUBLIC_KEY_START		 125

-#define STORE_F_STORE_MODIFY_ARBITRARY			 162

-#define STORE_F_STORE_MODIFY_CERTIFICATE		 163

-#define STORE_F_STORE_MODIFY_CRL			 164

-#define STORE_F_STORE_MODIFY_NUMBER			 165

-#define STORE_F_STORE_MODIFY_PRIVATE_KEY		 166

-#define STORE_F_STORE_MODIFY_PUBLIC_KEY			 167

-#define STORE_F_STORE_NEW_ENGINE			 133

-#define STORE_F_STORE_NEW_METHOD			 132

-#define STORE_F_STORE_PARSE_ATTRS_END			 151

-#define STORE_F_STORE_PARSE_ATTRS_ENDP			 172

-#define STORE_F_STORE_PARSE_ATTRS_NEXT			 152

-#define STORE_F_STORE_PARSE_ATTRS_START			 171

-#define STORE_F_STORE_REVOKE_CERTIFICATE		 129

-#define STORE_F_STORE_REVOKE_PRIVATE_KEY		 130

-#define STORE_F_STORE_REVOKE_PUBLIC_KEY			 131

-#define STORE_F_STORE_STORE_ARBITRARY			 157

-#define STORE_F_STORE_STORE_CERTIFICATE			 100

-#define STORE_F_STORE_STORE_CRL				 101

-#define STORE_F_STORE_STORE_NUMBER			 126

-#define STORE_F_STORE_STORE_PRIVATE_KEY			 127

-#define STORE_F_STORE_STORE_PUBLIC_KEY			 128

-/* Reason codes. */

-#define STORE_R_ALREADY_HAS_A_VALUE			 127

-#define STORE_R_FAILED_DELETING_ARBITRARY		 132

-#define STORE_R_FAILED_DELETING_CERTIFICATE		 100

-#define STORE_R_FAILED_DELETING_KEY			 101

-#define STORE_R_FAILED_DELETING_NUMBER			 102

-#define STORE_R_FAILED_GENERATING_CRL			 103

-#define STORE_R_FAILED_GENERATING_KEY			 104

-#define STORE_R_FAILED_GETTING_ARBITRARY		 133

-#define STORE_R_FAILED_GETTING_CERTIFICATE		 105

-#define STORE_R_FAILED_GETTING_KEY			 106

-#define STORE_R_FAILED_GETTING_NUMBER			 107

-#define STORE_R_FAILED_LISTING_CERTIFICATES		 108

-#define STORE_R_FAILED_LISTING_KEYS			 109

-#define STORE_R_FAILED_MODIFYING_ARBITRARY		 138

-#define STORE_R_FAILED_MODIFYING_CERTIFICATE		 139

-#define STORE_R_FAILED_MODIFYING_CRL			 140

-#define STORE_R_FAILED_MODIFYING_NUMBER			 141

-#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY		 142

-#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY		 143

-#define STORE_R_FAILED_REVOKING_CERTIFICATE		 110

-#define STORE_R_FAILED_REVOKING_KEY			 111

-#define STORE_R_FAILED_STORING_ARBITRARY		 134

-#define STORE_R_FAILED_STORING_CERTIFICATE		 112

-#define STORE_R_FAILED_STORING_KEY			 113

-#define STORE_R_FAILED_STORING_NUMBER			 114

-#define STORE_R_NOT_IMPLEMENTED				 128

-#define STORE_R_NO_CONTROL_FUNCTION			 144

-#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION		 135

-#define STORE_R_NO_DELETE_NUMBER_FUNCTION		 115

-#define STORE_R_NO_DELETE_OBJECT_FUNCTION		 116

-#define STORE_R_NO_GENERATE_CRL_FUNCTION		 117

-#define STORE_R_NO_GENERATE_OBJECT_FUNCTION		 118

-#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION	 136

-#define STORE_R_NO_GET_OBJECT_FUNCTION			 119

-#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION		 120

-#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION		 131

-#define STORE_R_NO_LIST_OBJECT_END_FUNCTION		 121

-#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION		 122

-#define STORE_R_NO_LIST_OBJECT_START_FUNCTION		 123

-#define STORE_R_NO_MODIFY_OBJECT_FUNCTION		 145

-#define STORE_R_NO_REVOKE_OBJECT_FUNCTION		 124

-#define STORE_R_NO_STORE				 129

-#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION	 137

-#define STORE_R_NO_STORE_OBJECT_FUNCTION		 125

-#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION		 126

-#define STORE_R_NO_VALUE				 130

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/symhacks.h

+++ /dev/null

@@ -1,383 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SYMHACKS_H

-#define HEADER_SYMHACKS_H

-#include <openssl/e_os2.h>

-/* Hacks to solve the problem with linkers incapable of handling very long

-   symbol names.  In the case of VMS, the limit is 31 characters on VMS for

-   VAX. */

-#ifdef OPENSSL_SYS_VMS

-/* Hack a long name in crypto/ex_data.c */

-#undef CRYPTO_get_ex_data_implementation

-#define CRYPTO_get_ex_data_implementation	CRYPTO_get_ex_data_impl

-#undef CRYPTO_set_ex_data_implementation

-#define CRYPTO_set_ex_data_implementation	CRYPTO_set_ex_data_impl

-/* Hack a long name in crypto/asn1/a_mbstr.c */

-#undef ASN1_STRING_set_default_mask_asc

-#define ASN1_STRING_set_default_mask_asc	ASN1_STRING_set_def_mask_asc

-#if 0 /* No longer needed, since safestack macro magic does the job */

-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */

-#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO

-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF

-#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO

-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF

-#endif

-#if 0 /* No longer needed, since safestack macro magic does the job */

-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */

-#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO

-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO	i2d_ASN1_SET_OF_PKCS7_RECINF

-#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO

-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO	d2i_ASN1_SET_OF_PKCS7_RECINF

-#endif

-#if 0 /* No longer needed, since safestack macro magic does the job */

-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */

-#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION

-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION	i2d_ASN1_SET_OF_ACC_DESC

-#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION

-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION	d2i_ASN1_SET_OF_ACC_DESC

-#endif

-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */

-#undef PEM_read_NETSCAPE_CERT_SEQUENCE

-#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQ

-#undef PEM_write_NETSCAPE_CERT_SEQUENCE

-#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQ

-#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE

-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQ

-#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE

-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQ

-#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE

-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQ

-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */

-#undef PEM_read_PKCS8_PRIV_KEY_INFO

-#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO

-#undef PEM_write_PKCS8_PRIV_KEY_INFO

-#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO

-#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO

-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO

-#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO

-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO

-#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO

-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_wrt_cb_bio_P8_PRIV_KEY_INFO

-/* Hack other PEM names */

-#undef PEM_write_bio_PKCS8PrivateKey_nid

-#define PEM_write_bio_PKCS8PrivateKey_nid	PEM_write_bio_PKCS8PrivKey_nid

-/* Hack some long X509 names */

-#undef X509_REVOKED_get_ext_by_critical

-#define X509_REVOKED_get_ext_by_critical	X509_REVOKED_get_ext_by_critic

-#undef X509_policy_tree_get0_user_policies

-#define X509_policy_tree_get0_user_policies	X509_pcy_tree_get0_usr_policies

-#undef X509_policy_node_get0_qualifiers

-#define X509_policy_node_get0_qualifiers	X509_pcy_node_get0_qualifiers

-#undef X509_STORE_CTX_get_explicit_policy

-#define X509_STORE_CTX_get_explicit_policy	X509_STORE_CTX_get_expl_policy

-/* Hack some long CRYPTO names */

-#undef CRYPTO_set_dynlock_destroy_callback

-#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb

-#undef CRYPTO_set_dynlock_create_callback

-#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb

-#undef CRYPTO_set_dynlock_lock_callback

-#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb

-#undef CRYPTO_get_dynlock_lock_callback

-#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb

-#undef CRYPTO_get_dynlock_destroy_callback

-#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb

-#undef CRYPTO_get_dynlock_create_callback

-#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb

-#undef CRYPTO_set_locked_mem_ex_functions

-#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs

-#undef CRYPTO_get_locked_mem_ex_functions

-#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs

-/* Hack some long SSL names */

-#undef SSL_CTX_set_default_verify_paths

-#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths

-#undef SSL_get_ex_data_X509_STORE_CTX_idx

-#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx

-#undef SSL_add_file_cert_subjects_to_stack

-#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk

-#undef SSL_add_dir_cert_subjects_to_stack

-#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk

-#undef SSL_CTX_use_certificate_chain_file

-#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file

-#undef SSL_CTX_set_cert_verify_callback

-#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb

-#undef SSL_CTX_set_default_passwd_cb_userdata

-#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud

-#undef SSL_COMP_get_compression_methods

-#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods

-/* Hack some long ENGINE names */

-#undef ENGINE_get_default_BN_mod_exp_crt

-#define ENGINE_get_default_BN_mod_exp_crt	ENGINE_get_def_BN_mod_exp_crt

-#undef ENGINE_set_default_BN_mod_exp_crt

-#define ENGINE_set_default_BN_mod_exp_crt	ENGINE_set_def_BN_mod_exp_crt

-#undef ENGINE_set_load_privkey_function

-#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn

-#undef ENGINE_get_load_privkey_function

-#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn

-/* Hack some long OCSP names */

-#undef OCSP_REQUEST_get_ext_by_critical

-#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit

-#undef OCSP_BASICRESP_get_ext_by_critical

-#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit

-#undef OCSP_SINGLERESP_get_ext_by_critical

-#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit

-/* Hack some long DES names */

-#undef _ossl_old_des_ede3_cfb64_encrypt

-#define _ossl_old_des_ede3_cfb64_encrypt	_ossl_odes_ede3_cfb64_encrypt

-#undef _ossl_old_des_ede3_ofb64_encrypt

-#define _ossl_old_des_ede3_ofb64_encrypt	_ossl_odes_ede3_ofb64_encrypt

-/* Hack some long EVP names */

-#undef OPENSSL_add_all_algorithms_noconf

-#define OPENSSL_add_all_algorithms_noconf	OPENSSL_add_all_algo_noconf

-#undef OPENSSL_add_all_algorithms_conf

-#define OPENSSL_add_all_algorithms_conf		OPENSSL_add_all_algo_conf

-/* Hack some long EC names */

-#undef EC_GROUP_set_point_conversion_form

-#define EC_GROUP_set_point_conversion_form	EC_GROUP_set_point_conv_form

-#undef EC_GROUP_get_point_conversion_form

-#define EC_GROUP_get_point_conversion_form	EC_GROUP_get_point_conv_form

-#undef EC_GROUP_clear_free_all_extra_data

-#define EC_GROUP_clear_free_all_extra_data	EC_GROUP_clr_free_all_xtra_data

-#undef EC_POINT_set_Jprojective_coordinates_GFp

-#define EC_POINT_set_Jprojective_coordinates_GFp \

-                                                EC_POINT_set_Jproj_coords_GFp

-#undef EC_POINT_get_Jprojective_coordinates_GFp

-#define EC_POINT_get_Jprojective_coordinates_GFp \

-                                                EC_POINT_get_Jproj_coords_GFp

-#undef EC_POINT_set_affine_coordinates_GFp

-#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp

-#undef EC_POINT_get_affine_coordinates_GFp

-#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp

-#undef EC_POINT_set_compressed_coordinates_GFp

-#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp

-#undef EC_POINT_set_affine_coordinates_GF2m

-#define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m

-#undef EC_POINT_get_affine_coordinates_GF2m

-#define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m

-#undef EC_POINT_set_compressed_coordinates_GF2m

-#define EC_POINT_set_compressed_coordinates_GF2m \

-                                                EC_POINT_set_compr_coords_GF2m

-#undef ec_GF2m_simple_group_clear_finish

-#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish

-#undef ec_GF2m_simple_group_check_discriminant

-#define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim

-#undef ec_GF2m_simple_point_clear_finish

-#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish

-#undef ec_GF2m_simple_point_set_to_infinity

-#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf

-#undef ec_GF2m_simple_points_make_affine

-#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine

-#undef ec_GF2m_simple_point_set_affine_coordinates

-#define ec_GF2m_simple_point_set_affine_coordinates \

-                                                ec_GF2m_smp_pt_set_af_coords

-#undef ec_GF2m_simple_point_get_affine_coordinates

-#define ec_GF2m_simple_point_get_affine_coordinates \

-                                                ec_GF2m_smp_pt_get_af_coords

-#undef ec_GF2m_simple_set_compressed_coordinates

-#define ec_GF2m_simple_set_compressed_coordinates \

-                                                ec_GF2m_smp_set_compr_coords

-#undef ec_GFp_simple_group_set_curve_GFp

-#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp

-#undef ec_GFp_simple_group_get_curve_GFp

-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp

-#undef ec_GFp_simple_group_clear_finish

-#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish

-#undef ec_GFp_simple_group_set_generator

-#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator

-#undef ec_GFp_simple_group_get0_generator

-#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator

-#undef ec_GFp_simple_group_get_cofactor

-#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor

-#undef ec_GFp_simple_point_clear_finish

-#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish

-#undef ec_GFp_simple_point_set_to_infinity

-#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf

-#undef ec_GFp_simple_points_make_affine

-#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine

-#undef ec_GFp_simple_group_get_curve_GFp

-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp

-#undef ec_GFp_simple_set_Jprojective_coordinates_GFp

-#define ec_GFp_simple_set_Jprojective_coordinates_GFp \

-                                                ec_GFp_smp_set_Jproj_coords_GFp

-#undef ec_GFp_simple_get_Jprojective_coordinates_GFp

-#define ec_GFp_simple_get_Jprojective_coordinates_GFp \

-                                                ec_GFp_smp_get_Jproj_coords_GFp

-#undef ec_GFp_simple_point_set_affine_coordinates_GFp

-#define ec_GFp_simple_point_set_affine_coordinates_GFp \

-                                                ec_GFp_smp_pt_set_af_coords_GFp

-#undef ec_GFp_simple_point_get_affine_coordinates_GFp

-#define ec_GFp_simple_point_get_affine_coordinates_GFp \

-                                                ec_GFp_smp_pt_get_af_coords_GFp

-#undef ec_GFp_simple_set_compressed_coordinates_GFp

-#define ec_GFp_simple_set_compressed_coordinates_GFp \

-                                                ec_GFp_smp_set_compr_coords_GFp

-#undef ec_GFp_simple_point_set_affine_coordinates

-#define ec_GFp_simple_point_set_affine_coordinates \

-                                                ec_GFp_smp_pt_set_af_coords

-#undef ec_GFp_simple_point_get_affine_coordinates

-#define ec_GFp_simple_point_get_affine_coordinates \

-                                                ec_GFp_smp_pt_get_af_coords

-#undef ec_GFp_simple_set_compressed_coordinates

-#define ec_GFp_simple_set_compressed_coordinates \

-                                                ec_GFp_smp_set_compr_coords

-#undef ec_GFp_simple_group_check_discriminant

-#define ec_GFp_simple_group_check_discriminant	ec_GFp_simple_grp_chk_discrim

-/* Hack som long STORE names */

-#undef STORE_method_set_initialise_function

-#define STORE_method_set_initialise_function	STORE_meth_set_initialise_fn

-#undef STORE_method_set_cleanup_function

-#define STORE_method_set_cleanup_function	STORE_meth_set_cleanup_fn

-#undef STORE_method_set_generate_function

-#define STORE_method_set_generate_function	STORE_meth_set_generate_fn

-#undef STORE_method_set_modify_function

-#define STORE_method_set_modify_function	STORE_meth_set_modify_fn

-#undef STORE_method_set_revoke_function

-#define STORE_method_set_revoke_function	STORE_meth_set_revoke_fn

-#undef STORE_method_set_delete_function

-#define STORE_method_set_delete_function	STORE_meth_set_delete_fn

-#undef STORE_method_set_list_start_function

-#define STORE_method_set_list_start_function	STORE_meth_set_list_start_fn

-#undef STORE_method_set_list_next_function

-#define STORE_method_set_list_next_function	STORE_meth_set_list_next_fn

-#undef STORE_method_set_list_end_function

-#define STORE_method_set_list_end_function	STORE_meth_set_list_end_fn

-#undef STORE_method_set_update_store_function

-#define STORE_method_set_update_store_function	STORE_meth_set_update_store_fn

-#undef STORE_method_set_lock_store_function

-#define STORE_method_set_lock_store_function	STORE_meth_set_lock_store_fn

-#undef STORE_method_set_unlock_store_function

-#define STORE_method_set_unlock_store_function	STORE_meth_set_unlock_store_fn

-#undef STORE_method_get_initialise_function

-#define STORE_method_get_initialise_function	STORE_meth_get_initialise_fn

-#undef STORE_method_get_cleanup_function

-#define STORE_method_get_cleanup_function	STORE_meth_get_cleanup_fn

-#undef STORE_method_get_generate_function

-#define STORE_method_get_generate_function	STORE_meth_get_generate_fn

-#undef STORE_method_get_modify_function

-#define STORE_method_get_modify_function	STORE_meth_get_modify_fn

-#undef STORE_method_get_revoke_function

-#define STORE_method_get_revoke_function	STORE_meth_get_revoke_fn

-#undef STORE_method_get_delete_function

-#define STORE_method_get_delete_function	STORE_meth_get_delete_fn

-#undef STORE_method_get_list_start_function

-#define STORE_method_get_list_start_function	STORE_meth_get_list_start_fn

-#undef STORE_method_get_list_next_function

-#define STORE_method_get_list_next_function	STORE_meth_get_list_next_fn

-#undef STORE_method_get_list_end_function

-#define STORE_method_get_list_end_function	STORE_meth_get_list_end_fn

-#undef STORE_method_get_update_store_function

-#define STORE_method_get_update_store_function	STORE_meth_get_update_store_fn

-#undef STORE_method_get_lock_store_function

-#define STORE_method_get_lock_store_function	STORE_meth_get_lock_store_fn

-#undef STORE_method_get_unlock_store_function

-#define STORE_method_get_unlock_store_function	STORE_meth_get_unlock_store_fn

-#endif /* defined OPENSSL_SYS_VMS */

-/* Case insensiteve linking causes problems.... */

-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)

-#undef ERR_load_CRYPTO_strings

-#define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings

-#undef OCSP_crlID_new

-#define OCSP_crlID_new                          OCSP_crlID2_new

-#undef d2i_ECPARAMETERS

-#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS

-#undef i2d_ECPARAMETERS

-#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS

-#undef d2i_ECPKPARAMETERS

-#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS

-#undef i2d_ECPKPARAMETERS

-#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS

-/* These functions do not seem to exist!  However, I'm paranoid...

-   Original command in x509v3.h:

-   These functions are being redefined in another directory,

-   and clash when the linker is case-insensitive, so let's

-   hide them a little, by giving them an extra 'o' at the

-   beginning of the name... */

-#undef X509v3_cleanup_extensions

-#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions

-#undef X509v3_add_extension

-#define X509v3_add_extension                    oX509v3_add_extension

-#undef X509v3_add_netscape_extensions

-#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions

-#undef X509v3_add_standard_extensions

-#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions

-#endif

-#endif /* ! defined HEADER_VMS_IDHACKS_H */

--- a/sys/include/ape/openssl/testdsa.h

+++ /dev/null

@@ -1,217 +1,0 @@

-/* NOCW */

-/* used by apps/speed.c */

-DSA *get_dsa512(void );

-DSA *get_dsa1024(void );

-DSA *get_dsa2048(void );

-static unsigned char dsa512_priv[] = {

-	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,

-	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,

-	};

-static unsigned char dsa512_pub[] = {

-	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,

-	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,

-	0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,

-	0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,

-	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,

-	0xbe,0xba,0x0a,0x6b,0xc8,

-	};

-static unsigned char dsa512_p[]={

-	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,

-	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,

-	0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,

-	0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,

-	0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,

-	0xA2,0x76,0x7D,0x31,

-	};

-static unsigned char dsa512_q[]={

-	0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,

-	0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,

-	};

-static unsigned char dsa512_g[]={

-	0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,

-	0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,

-	0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,

-	0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,

-	0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,

-	0xA2,0x03,0x9D,0x20,

-	};

-DSA *get_dsa512()

-	{

-	DSA *dsa;

-	if ((dsa=DSA_new()) == NULL) return(NULL);

-	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);

-	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);

-	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);

-	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);

-	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);

-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||

-				(dsa->q == NULL) || (dsa->g == NULL))

-		return(NULL);

-	return(dsa);

-	}

-static unsigned char dsa1024_priv[]={

-	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,

-	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,

-	};

-static unsigned char dsa1024_pub[]={

-	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,

-	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,

-	0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,

-	0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,

-	0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,

-	0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,

-	0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,

-	0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,

-	0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,

-	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,

-	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b

-	};

-static unsigned char dsa1024_p[]={

-	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,

-	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,

-	0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,

-	0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,

-	0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,

-	0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,

-	0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,

-	0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,

-	0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,

-	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,

-	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,

-	};

-static unsigned char dsa1024_q[]={

-	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,

-	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,

-	};

-static unsigned char dsa1024_g[]={

-	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,

-	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,

-	0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,

-	0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,

-	0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,

-	0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,

-	0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,

-	0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,

-	0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,

-	0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,

-	0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,

-	};

-DSA *get_dsa1024()

-	{

-	DSA *dsa;

-	if ((dsa=DSA_new()) == NULL) return(NULL);

-	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);

-	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);

-	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);

-	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);

-	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);

-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||

-				(dsa->q == NULL) || (dsa->g == NULL))

-		return(NULL);

-	return(dsa);

-	}

-static unsigned char dsa2048_priv[]={

-	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,

-	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,

-	};

-static unsigned char dsa2048_pub[]={

-	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,

-	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,

-	0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,

-	0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,

-	0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,

-	0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,

-	0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,

-	0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,

-	0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,

-	0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,

-	0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,

-	0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,

-	0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,

-	0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,

-	0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,

-	0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,

-	0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,

-	0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,

-	0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,

-	0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,

-	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,

-	0x8b,0x33,0xb7,0xce,

-	};

-static unsigned char dsa2048_p[]={

-	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,

-	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,

-	0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,

-	0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,

-	0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,

-	0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,

-	0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,

-	0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,

-	0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,

-	0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,

-	0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,

-	0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,

-	0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,

-	0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,

-	0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,

-	0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,

-	0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,

-	0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,

-	0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,

-	0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,

-	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,

-	0xF8,0x68,0xCF,0x9B,

-	};

-static unsigned char dsa2048_q[]={

-	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,

-	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,

-	};

-static unsigned char dsa2048_g[]={

-	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,

-	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,

-	0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,

-	0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,

-	0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,

-	0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,

-	0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,

-	0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,

-	0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,

-	0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,

-	0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,

-	0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,

-	0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,

-	0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,

-	0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,

-	0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,

-	0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,

-	0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,

-	0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,

-	0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,

-	0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,

-	0xF8,0xB2,0xE5,0x38,

-	};

-DSA *get_dsa2048()

-	{

-	DSA *dsa;

-	if ((dsa=DSA_new()) == NULL) return(NULL);

-	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);

-	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);

-	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);

-	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);

-	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);

-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||

-				(dsa->q == NULL) || (dsa->g == NULL))

-		return(NULL);

-	return(dsa);

-	}

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-static int rnd_fake = 0;

--- a/sys/include/ape/openssl/testrsa.h

+++ /dev/null

@@ -1,518 +1,0 @@

-/* apps/testrsa.h */

-/* used by apps/speed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-static unsigned char test512[]={

-	0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,

-	0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,

-	0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,

-	0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,

-	0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,

-	0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,

-	0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,

-	0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,

-	0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,

-	0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,

-	0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,

-	0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,

-	0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,

-	0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,

-	0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,

-	0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,

-	0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,

-	0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,

-	0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,

-	0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,

-	0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,

-	0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,

-	0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,

-	0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,

-	0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,

-	0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,

-	0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,

-	0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,

-	0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,

-	0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,

-	0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,

-	0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,

-	};

-static unsigned char test1024[]={

-	0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,

-	0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,

-	0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,

-	0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,

-	0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,

-	0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,

-	0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,

-	0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,

-	0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,

-	0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,

-	0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,

-	0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,

-	0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,

-	0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,

-	0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,

-	0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,

-	0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,

-	0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,

-	0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,

-	0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,

-	0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,

-	0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,

-	0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,

-	0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,

-	0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,

-	0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,

-	0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,

-	0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,

-	0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,

-	0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,

-	0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,

-	0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,

-	0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,

-	0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,

-	0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,

-	0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,

-	0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,

-	0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,

-	0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,

-	0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,

-	0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,

-	0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,

-	0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,

-	0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,

-	0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,

-	0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,

-	0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,

-	0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,

-	0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,

-	0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,

-	0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,

-	0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,

-	0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,

-	0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,

-	0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,

-	0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,

-	0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,

-	0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,

-	0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,

-	0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,

-	0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,

-	};

-static unsigned char test2048[]={

-	0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,

-	0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,

-	0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,

-	0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,

-	0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,

-	0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,

-	0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,

-	0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,

-	0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,

-	0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,

-	0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,

-	0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,

-	0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,

-	0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,

-	0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,

-	0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,

-	0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,

-	0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,

-	0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,

-	0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,

-	0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,

-	0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,

-	0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,

-	0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,

-	0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,

-	0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,

-	0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,

-	0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,

-	0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,

-	0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,

-	0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,

-	0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,

-	0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,

-	0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,

-	0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,

-	0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,

-	0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,

-	0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,

-	0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,

-	0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,

-	0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,

-	0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,

-	0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,

-	0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,

-	0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,

-	0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,

-	0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,

-	0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,

-	0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,

-	0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,

-	0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,

-	0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,

-	0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,

-	0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,

-	0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,

-	0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,

-	0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,

-	0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,

-	0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,

-	0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,

-	0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,

-	0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,

-	0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,

-	0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,

-	0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,

-	0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,

-	0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,

-	0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,

-	0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,

-	0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,

-	0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,

-	0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,

-	0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,

-	0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,

-	0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,

-	0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,

-	0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,

-	0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,

-	0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,

-	0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,

-	0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,

-	0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,

-	0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,

-	0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,

-	0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,

-	0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,

-	0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,

-	0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,

-	0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,

-	0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,

-	0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,

-	0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,

-	0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,

-	0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,

-	0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,

-	0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,

-	0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,

-	0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,

-	0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,

-	0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,

-	0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,

-	0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,

-	0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,

-	0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,

-	0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,

-	0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,

-	0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,

-	0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,

-	0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,

-	0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,

-	0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,

-	0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,

-	0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,

-	0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,

-	0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,

-	0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,

-	0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,

-	0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,

-	0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,

-	0x95,

-	};

-static unsigned char test4096[]={

-	0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,

-	0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,

-	0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,

-	0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,

-	0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,

-	0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,

-	0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,

-	0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,

-	0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,

-	0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,

-	0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,

-	0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,

-	0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,

-	0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,

-	0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,

-	0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,

-	0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,

-	0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,

-	0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,

-	0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,

-	0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,

-	0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,

-	0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,

-	0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,

-	0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,

-	0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,

-	0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,

-	0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,

-	0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,

-	0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,

-	0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,

-	0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,

-	0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,

-	0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,

-	0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,

-	0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,

-	0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,

-	0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,

-	0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,

-	0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,

-	0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,

-	0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,

-	0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,

-	0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,

-	0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,

-	0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,

-	0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,

-	0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,

-	0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,

-	0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,

-	0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,

-	0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,

-	0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,

-	0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,

-	0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,

-	0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,

-	0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,

-	0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,

-	0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,

-	0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,

-	0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,

-	0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,

-	0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,

-	0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,

-	0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,

-	0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,

-	0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,

-	0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,

-	0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,

-	0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,

-	0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,

-	0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,

-	0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,

-	0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,

-	0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,

-	0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,

-	0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,

-	0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,

-	0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,

-	0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,

-	0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,

-	0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,

-	0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,

-	0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,

-	0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,

-	0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,

-	0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,

-	0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,

-	0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,

-	0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,

-	0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,

-	0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,

-	0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,

-	0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,

-	0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,

-	0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,

-	0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,

-	0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,

-	0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,

-	0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,

-	0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,

-	0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,

-	0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,

-	0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,

-	0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,

-	0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,

-	0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,

-	0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,

-	0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,

-	0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,

-	0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,

-	0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,

-	0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,

-	0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,

-	0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,

-	0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,

-	0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,

-	0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,

-	0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,

-	0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,

-	0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,

-	0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,

-	0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,

-	0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,

-	0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,

-	0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,

-	0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,

-	0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,

-	0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,

-	0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,

-	0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,

-	0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,

-	0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,

-	0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,

-	0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,

-	0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,

-	0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,

-	0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,

-	0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,

-	0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,

-	0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,

-	0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,

-	0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,

-	0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,

-	0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,

-	0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,

-	0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,

-	0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,

-	0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,

-	0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,

-	0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,

-	0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,

-	0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,

-	0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,

-	0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,

-	0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,

-	0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,

-	0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,

-	0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,

-	0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,

-	0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,

-	0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,

-	0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,

-	0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,

-	0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,

-	0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,

-	0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,

-	0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,

-	0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,

-	0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,

-	0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,

-	0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,

-	0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,

-	0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,

-	0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,

-	0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,

-	0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,

-	0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,

-	0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,

-	0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,

-	0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,

-	0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,

-	0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,

-	0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,

-	0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,

-	0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,

-	0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,

-	0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,

-	0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,

-	0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,

-	0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,

-	0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,

-	0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,

-	0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,

-	0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,

-	0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,

-	0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,

-	0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,

-	0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,

-	0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,

-	0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,

-	0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,

-	0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,

-	0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,

-	0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,

-	0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,

-	0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,

-	0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,

-	0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,

-	0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,

-	0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,

-	0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,

-	0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,

-	0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,

-	0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,

-	0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,

-	0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,

-	0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,

-	0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,

-	0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,

-	0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,

-	0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,

-	0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,

-	0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,

-	0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,

-	0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,

-	0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,

-	0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,

-	0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,

-	0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,

-	0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,

-	0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,

-	0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,

-	0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,

-	0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,

-	};

--- a/sys/include/ape/openssl/tls1.h

+++ /dev/null

@@ -1,374 +1,0 @@

-/* ssl/tls1.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * ECC cipher suite support in OpenSSL originally written by

- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

- *

- */

-#ifndef HEADER_TLS1_H

-#define HEADER_TLS1_H

-#include <openssl/buffer.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0

-#define TLS1_VERSION			0x0301

-#define TLS1_VERSION_MAJOR		0x03

-#define TLS1_VERSION_MINOR		0x01

-#define TLS1_AD_DECRYPTION_FAILED	21

-#define TLS1_AD_RECORD_OVERFLOW		22

-#define TLS1_AD_UNKNOWN_CA		48	/* fatal */

-#define TLS1_AD_ACCESS_DENIED		49	/* fatal */

-#define TLS1_AD_DECODE_ERROR		50	/* fatal */

-#define TLS1_AD_DECRYPT_ERROR		51

-#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */

-#define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */

-#define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */

-#define TLS1_AD_INTERNAL_ERROR		80	/* fatal */

-#define TLS1_AD_USER_CANCELLED		90

-#define TLS1_AD_NO_RENEGOTIATION	100

-/* codes 110-114 are from RFC3546 */

-#define TLS1_AD_UNSUPPORTED_EXTENSION	110

-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111

-#define TLS1_AD_UNRECOGNIZED_NAME 	112

-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113

-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114

-#define TLS1_AD_UNKNOWN_PSK_IDENTITY	115	/* fatal */

-/* ExtensionType values from RFC 3546 */

-#define TLSEXT_TYPE_server_name			0

-#define TLSEXT_TYPE_max_fragment_length		1

-#define TLSEXT_TYPE_client_certificate_url	2

-#define TLSEXT_TYPE_trusted_ca_keys		3

-#define TLSEXT_TYPE_truncated_hmac		4

-#define TLSEXT_TYPE_status_request		5

-#define TLSEXT_TYPE_elliptic_curves		10

-#define TLSEXT_TYPE_ec_point_formats		11

-#define TLSEXT_TYPE_session_ticket		35

-/* NameType value from RFC 3546 */

-#define TLSEXT_NAMETYPE_host_name 0

-#ifndef OPENSSL_NO_TLSEXT

-#define TLSEXT_MAXLEN_host_name 255

-const char *SSL_get_servername(const SSL *s, const int type) ;

-int SSL_get_servername_type(const SSL *s) ;

-#define SSL_set_tlsext_host_name(s,name) \

-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)

-#define SSL_set_tlsext_debug_callback(ssl, cb) \

-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)

-#define SSL_set_tlsext_debug_arg(ssl, arg) \

-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)

-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \

-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)

-#define SSL_TLSEXT_ERR_OK 0

-#define SSL_TLSEXT_ERR_ALERT_WARNING 1

-#define SSL_TLSEXT_ERR_ALERT_FATAL 2

-#define SSL_TLSEXT_ERR_NOACK 3

-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \

-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)

-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))

-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))

-#endif

-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt

- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see

- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably

- * shouldn't. */

-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060

-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061

-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062

-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063

-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064

-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065

-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066

-/* AES ciphersuites from RFC3268 */

-#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F

-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030

-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031

-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032

-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033

-#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034

-#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035

-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036

-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037

-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038

-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039

-#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A

-/* Camellia ciphersuites from RFC4132 */

-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA		0x03000041

-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000042

-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000043

-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000044

-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000045

-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA		0x03000046

-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA		0x03000084

-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000085

-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000086

-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000087

-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000088

-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA		0x03000089

-/* SEED ciphersuites from RFC4162 */

-#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096

-#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097

-#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098

-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099

-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A

-#define TLS1_CK_ADH_WITH_SEED_SHA                	0x0300009B

-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */

-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001

-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002

-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003

-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004

-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005

-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006

-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007

-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008

-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009

-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A

-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B

-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C

-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D

-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E

-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F

-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010

-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011

-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012

-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013

-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014

-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015

-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016

-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017

-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018

-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019

-/* XXX

- * Inconsistency alert:

- * The OpenSSL names of ciphers with ephemeral DH here include the string

- * "DHE", while elsewhere it has always been "EDH".

- * (The alias for the list of all such ciphers also is "EDH".)

- * The specifications speak of "EDH"; maybe we should allow both forms

- * for everything. */

-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"

-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"

-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"

-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"

-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"

-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"

-/* AES ciphersuites from RFC3268 */

-#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"

-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"

-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"

-#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"

-#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"

-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"

-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"

-#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"

-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */

-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"

-/* Camellia ciphersuites from RFC4132 */

-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA		"CAMELLIA128-SHA"

-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	"DH-DSS-CAMELLIA128-SHA"

-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	"DH-RSA-CAMELLIA128-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	"DHE-DSS-CAMELLIA128-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	"DHE-RSA-CAMELLIA128-SHA"

-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA		"ADH-CAMELLIA128-SHA"

-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA		"CAMELLIA256-SHA"

-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	"DH-DSS-CAMELLIA256-SHA"

-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	"DH-RSA-CAMELLIA256-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	"DHE-DSS-CAMELLIA256-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	"DHE-RSA-CAMELLIA256-SHA"

-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA		"ADH-CAMELLIA256-SHA"

-/* SEED ciphersuites from RFC4162 */

-#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"

-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"

-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"

-#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"

-#define TLS_CT_RSA_SIGN			1

-#define TLS_CT_DSS_SIGN			2

-#define TLS_CT_RSA_FIXED_DH		3

-#define TLS_CT_DSS_FIXED_DH		4

-#define TLS_CT_ECDSA_SIGN		64

-#define TLS_CT_RSA_FIXED_ECDH		65

-#define TLS_CT_ECDSA_FIXED_ECDH 	66

-#define TLS_CT_NUMBER			7

-#define TLS1_FINISH_MAC_LENGTH		12

-#define TLS_MD_MAX_CONST_SIZE			20

-#define TLS_MD_CLIENT_FINISH_CONST		"client finished"

-#define TLS_MD_CLIENT_FINISH_CONST_SIZE		15

-#define TLS_MD_SERVER_FINISH_CONST		"server finished"

-#define TLS_MD_SERVER_FINISH_CONST_SIZE		15

-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"

-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16

-#define TLS_MD_KEY_EXPANSION_CONST		"key expansion"

-#define TLS_MD_KEY_EXPANSION_CONST_SIZE		13

-#define TLS_MD_CLIENT_WRITE_KEY_CONST		"client write key"

-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE	16

-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"

-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16

-#define TLS_MD_IV_BLOCK_CONST			"IV block"

-#define TLS_MD_IV_BLOCK_CONST_SIZE		8

-#define TLS_MD_MASTER_SECRET_CONST		"master secret"

-#define TLS_MD_MASTER_SECRET_CONST_SIZE		13

-#ifdef CHARSET_EBCDIC

-#undef TLS_MD_CLIENT_FINISH_CONST

-#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/

-#undef TLS_MD_SERVER_FINISH_CONST

-#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/

-#undef TLS_MD_SERVER_WRITE_KEY_CONST

-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/

-#undef TLS_MD_KEY_EXPANSION_CONST

-#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/

-#undef TLS_MD_CLIENT_WRITE_KEY_CONST

-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/

-#undef TLS_MD_SERVER_WRITE_KEY_CONST

-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/

-#undef TLS_MD_IV_BLOCK_CONST

-#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/

-#undef TLS_MD_MASTER_SECRET_CONST

-#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/tmdiff.h

+++ /dev/null

@@ -1,93 +1,0 @@

-/* crypto/tmdiff.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Header for dynamic hash table routines

- * Author - Eric Young

- */

-/* ... erm yeah, "dynamic hash tables" you say?

- *

- * And what would dynamic hash tables have to do with any of this code *now*?

- * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused

- * file that I doubt compiles any more. speed.c is the only thing that could

- * use this (and it has nothing to do with hash tables), yet it instead has its

- * own duplication of all this stuff and looks, if anything, more complete. See

- * the corresponding note in apps/speed.c.

- * The Bemused - Geoff

- */

-#ifndef HEADER_TMDIFF_H

-#define HEADER_TMDIFF_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct ms_tm MS_TM;

-MS_TM *ms_time_new(void );

-void ms_time_free(MS_TM *a);

-void ms_time_get(MS_TM *a);

-double ms_time_diff(MS_TM *start, MS_TM *end);

-int ms_time_cmp(const MS_TM *ap, const MS_TM *bp);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/txt_db.h

+++ /dev/null

@@ -1,109 +1,0 @@

-/* crypto/txt_db/txt_db.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_TXT_DB_H

-#define HEADER_TXT_DB_H

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/lhash.h>

-#define DB_ERROR_OK			0

-#define DB_ERROR_MALLOC			1

-#define DB_ERROR_INDEX_CLASH    	2

-#define DB_ERROR_INDEX_OUT_OF_RANGE	3

-#define DB_ERROR_NO_INDEX		4

-#define DB_ERROR_INSERT_INDEX_CLASH    	5

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct txt_db_st

-	{

-	int num_fields;

-	STACK /* char ** */ *data;

-	LHASH **index;

-	int (**qual)(char **);

-	long error;

-	long arg1;

-	long arg2;

-	char **arg_row;

-	} TXT_DB;

-#ifndef OPENSSL_NO_BIO

-TXT_DB *TXT_DB_read(BIO *in, int num);

-long TXT_DB_write(BIO *out, TXT_DB *db);

-#else

-TXT_DB *TXT_DB_read(char *in, int num);

-long TXT_DB_write(char *out, TXT_DB *db);

-#endif

-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),

-		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);

-void TXT_DB_free(TXT_DB *db);

-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);

-int TXT_DB_insert(TXT_DB *db,char **value);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ui.h

+++ /dev/null

@@ -1,381 +1,0 @@

-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UI_H

-#define HEADER_UI_H

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/crypto.h>

-#endif

-#include <openssl/safestack.h>

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Declared already in ossl_typ.h */

-/* typedef struct ui_st UI; */

-/* typedef struct ui_method_st UI_METHOD; */

-/* All the following functions return -1 or NULL on error and in some cases

-   (UI_process()) -2 if interrupted or in some other way cancelled.

-   When everything is fine, they return 0, a positive value or a non-NULL

-   pointer, all depending on their purpose. */

-/* Creators and destructor.   */

-UI *UI_new(void);

-UI *UI_new_method(const UI_METHOD *method);

-void UI_free(UI *ui);

-/* The following functions are used to add strings to be printed and prompt

-   strings to prompt for data.  The names are UI_{add,dup}_<function>_string

-   and UI_{add,dup}_input_boolean.

-   UI_{add,dup}_<function>_string have the following meanings:

-	add	add a text or prompt string.  The pointers given to these

-		functions are used verbatim, no copying is done.

-	dup	make a copy of the text or prompt string, then add the copy

-		to the collection of strings in the user interface.

-	<function>

-		The function is a name for the functionality that the given

-		string shall be used for.  It can be one of:

-			input	use the string as data prompt.

-			verify	use the string as verification prompt.  This

-				is used to verify a previous input.

-			info	use the string for informational output.

-			error	use the string for error output.

-   Honestly, there's currently no difference between info and error for the

-   moment.

-   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",

-   and are typically used when one wants to prompt for a yes/no response.

-   All of the functions in this group take a UI and a prompt string.

-   The string input and verify addition functions also take a flag argument,

-   a buffer for the result to end up with, a minimum input size and a maximum

-   input size (the result buffer MUST be large enough to be able to contain

-   the maximum number of characters).  Additionally, the verify addition

-   functions takes another buffer to compare the result against.

-   The boolean input functions take an action description string (which should

-   be safe to ignore if the expected user action is obvious, for example with

-   a dialog box with an OK button and a Cancel button), a string of acceptable

-   characters to mean OK and to mean Cancel.  The two last strings are checked

-   to make sure they don't have common characters.  Additionally, the same

-   flag argument as for the string input is taken, as well as a result buffer.

-   The result buffer is required to be at least one byte long.  Depending on

-   the answer, the first character from the OK or the Cancel character strings

-   will be stored in the first byte of the result buffer.  No NUL will be

-   added, so the result is *not* a string.

-   On success, the all return an index of the added information.  That index

-   is usefull when retrieving results with UI_get0_result(). */

-int UI_add_input_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize);

-int UI_dup_input_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize);

-int UI_add_verify_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf);

-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf);

-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int flags, char *result_buf);

-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int flags, char *result_buf);

-int UI_add_info_string(UI *ui, const char *text);

-int UI_dup_info_string(UI *ui, const char *text);

-int UI_add_error_string(UI *ui, const char *text);

-int UI_dup_error_string(UI *ui, const char *text);

-/* These are the possible flags.  They can be or'ed together. */

-/* Use to have echoing of input */

-#define UI_INPUT_FLAG_ECHO		0x01

-/* Use a default password.  Where that password is found is completely

-   up to the application, it might for example be in the user data set

-   with UI_add_user_data().  It is not recommended to have more than

-   one input in each UI being marked with this flag, or the application

-   might get confused. */

-#define UI_INPUT_FLAG_DEFAULT_PWD	0x02

-/* The user of these routines may want to define flags of their own.  The core

-   UI won't look at those, but will pass them on to the method routines.  They

-   must use higher bits so they don't get confused with the UI bits above.

-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good

-   example of use is this:

-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)

-*/

-#define UI_INPUT_FLAG_USER_BASE	16

-/* The following function helps construct a prompt.  object_desc is a

-   textual short description of the object, for example "pass phrase",

-   and object_name is the name of the object (might be a card name or

-   a file name.

-   The returned string shall always be allocated on the heap with

-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().

-   If the ui_method doesn't contain a pointer to a user-defined prompt

-   constructor, a default string is built, looking like this:

-	"Enter {object_desc} for {object_name}:"

-   So, if object_desc has the value "pass phrase" and object_name has

-   the value "foo.key", the resulting string is:

-	"Enter pass phrase for foo.key:"

-*/

-char *UI_construct_prompt(UI *ui_method,

-	const char *object_desc, const char *object_name);

-/* The following function is used to store a pointer to user-specific data.

-   Any previous such pointer will be returned and replaced.

-   For callback purposes, this function makes a lot more sense than using

-   ex_data, since the latter requires that different parts of OpenSSL or

-   applications share the same ex_data index.

-   Note that the UI_OpenSSL() method completely ignores the user data.

-   Other methods may not, however.  */

-void *UI_add_user_data(UI *ui, void *user_data);

-/* We need a user data retrieving function as well.  */

-void *UI_get0_user_data(UI *ui);

-/* Return the result associated with a prompt given with the index i. */

-const char *UI_get0_result(UI *ui, int i);

-/* When all strings have been added, process the whole thing. */

-int UI_process(UI *ui);

-/* Give a user interface parametrised control commands.  This can be used to

-   send down an integer, a data pointer or a function pointer, as well as

-   be used to get information from a UI. */

-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void));

-/* The commands */

-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the

-   OpenSSL error stack before printing any info or added error messages and

-   before any prompting. */

-#define UI_CTRL_PRINT_ERRORS		1

-/* Check if a UI_process() is possible to do again with the same instance of

-   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0

-   if not. */

-#define UI_CTRL_IS_REDOABLE		2

-/* Some methods may use extra data */

-#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)

-#define UI_get_app_data(s)             UI_get_ex_data(s,0)

-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int UI_set_ex_data(UI *r,int idx,void *arg);

-void *UI_get_ex_data(UI *r, int idx);

-/* Use specific methods instead of the built-in one */

-void UI_set_default_method(const UI_METHOD *meth);

-const UI_METHOD *UI_get_default_method(void);

-const UI_METHOD *UI_get_method(UI *ui);

-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);

-/* The method with all the built-in thingies */

-UI_METHOD *UI_OpenSSL(void);

-/* ---------- For method writers ---------- */

-/* A method contains a number of functions that implement the low level

-   of the User Interface.  The functions are:

-	an opener	This function starts a session, maybe by opening

-			a channel to a tty, or by opening a window.

-	a writer	This function is called to write a given string,

-			maybe to the tty, maybe as a field label in a

-			window.

-	a flusher	This function is called to flush everything that

-			has been output so far.  It can be used to actually

-			display a dialog box after it has been built.

-	a reader	This function is called to read a given prompt,

-			maybe from the tty, maybe from a field in a

-			window.  Note that it's called wth all string

-			structures, not only the prompt ones, so it must

-			check such things itself.

-	a closer	This function closes the session, maybe by closing

-			the channel to the tty, or closing the window.

-   All these functions are expected to return:

-	0	on error.

-	1	on success.

-	-1	on out-of-band events, for example if some prompting has

-		been canceled (by pressing Ctrl-C, for example).  This is

-		only checked when returned by the flusher or the reader.

-   The way this is used, the opener is first called, then the writer for all

-   strings, then the flusher, then the reader for all strings and finally the

-   closer.  Note that if you want to prompt from a terminal or other command

-   line interface, the best is to have the reader also write the prompts

-   instead of having the writer do it.  If you want to prompt from a dialog

-   box, the writer can be used to build up the contents of the box, and the

-   flusher to actually display the box and run the event loop until all data

-   has been given, after which the reader only grabs the given data and puts

-   them back into the UI strings.

-   All method functions take a UI as argument.  Additionally, the writer and

-   the reader take a UI_STRING.

-*/

-/* The UI_STRING type is the data structure that contains all the needed info

-   about a string or a prompt, including test data for a verification prompt.

-*/

-DECLARE_STACK_OF(UI_STRING)

-typedef struct ui_string_st UI_STRING;

-/* The different types of strings that are currently supported.

-   This is only needed by method authors. */

-enum UI_string_types

-	{

-	UIT_NONE=0,

-	UIT_PROMPT,		/* Prompt for a string */

-	UIT_VERIFY,		/* Prompt for a string and verify */

-	UIT_BOOLEAN,		/* Prompt for a yes/no response */

-	UIT_INFO,		/* Send info to the user */

-	UIT_ERROR		/* Send an error message to the user */

-	};

-/* Create and manipulate methods */

-UI_METHOD *UI_create_method(char *name);

-void UI_destroy_method(UI_METHOD *ui_method);

-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));

-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));

-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));

-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));

-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));

-int (*UI_method_get_opener(UI_METHOD *method))(UI*);

-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);

-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);

-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);

-int (*UI_method_get_closer(UI_METHOD *method))(UI*);

-/* The following functions are helpers for method writers to access relevant

-   data from a UI_STRING. */

-/* Return type of the UI_STRING */

-enum UI_string_types UI_get_string_type(UI_STRING *uis);

-/* Return input flags of the UI_STRING */

-int UI_get_input_flags(UI_STRING *uis);

-/* Return the actual string to output (the prompt, info or error) */

-const char *UI_get0_output_string(UI_STRING *uis);

-/* Return the optional action string to output (the boolean promtp instruction) */

-const char *UI_get0_action_string(UI_STRING *uis);

-/* Return the result of a prompt */

-const char *UI_get0_result_string(UI_STRING *uis);

-/* Return the string to test the result against.  Only useful with verifies. */

-const char *UI_get0_test_string(UI_STRING *uis);

-/* Return the required minimum size of the result */

-int UI_get_result_minsize(UI_STRING *uis);

-/* Return the required maximum size of the result */

-int UI_get_result_maxsize(UI_STRING *uis);

-/* Set the result of a UI_STRING. */

-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);

-/* A couple of popular utility functions */

-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);

-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_UI_strings(void);

-/* Error codes for the UI functions. */

-/* Function codes. */

-#define UI_F_GENERAL_ALLOCATE_BOOLEAN			 108

-#define UI_F_GENERAL_ALLOCATE_PROMPT			 109

-#define UI_F_GENERAL_ALLOCATE_STRING			 100

-#define UI_F_UI_CTRL					 111

-#define UI_F_UI_DUP_ERROR_STRING			 101

-#define UI_F_UI_DUP_INFO_STRING				 102

-#define UI_F_UI_DUP_INPUT_BOOLEAN			 110

-#define UI_F_UI_DUP_INPUT_STRING			 103

-#define UI_F_UI_DUP_VERIFY_STRING			 106

-#define UI_F_UI_GET0_RESULT				 107

-#define UI_F_UI_NEW_METHOD				 104

-#define UI_F_UI_SET_RESULT				 105

-/* Reason codes. */

-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS		 104

-#define UI_R_INDEX_TOO_LARGE				 102

-#define UI_R_INDEX_TOO_SMALL				 103

-#define UI_R_NO_RESULT_BUFFER				 105

-#define UI_R_RESULT_TOO_LARGE				 100

-#define UI_R_RESULT_TOO_SMALL				 101

-#define UI_R_UNKNOWN_CONTROL_COMMAND			 106

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/ui_compat.h

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UI_COMPAT_H

-#define HEADER_UI_COMPAT_H

-#include <openssl/opensslconf.h>

-#include <openssl/ui.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* The following functions were previously part of the DES section,

-   and are provided here for backward compatibility reasons. */

-#define des_read_pw_string(b,l,p,v) \

-	_ossl_old_des_read_pw_string((b),(l),(p),(v))

-#define des_read_pw(b,bf,s,p,v) \

-	_ossl_old_des_read_pw((b),(bf),(s),(p),(v))

-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);

-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/x509.h

+++ /dev/null

@@ -1,1344 +1,0 @@

-/* crypto/x509/x509.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_X509_H

-#define HEADER_X509_H

-#include <openssl/e_os2.h>

-#include <openssl/symhacks.h>

-#ifndef OPENSSL_NO_BUFFER

-#include <openssl/buffer.h>

-#endif

-#ifndef OPENSSL_NO_EVP

-#include <openssl/evp.h>

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/asn1.h>

-#include <openssl/safestack.h>

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#include <openssl/ecdsa.h>

-#endif

-#ifndef OPENSSL_NO_ECDH

-#include <openssl/ecdh.h>

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#endif

-#ifndef OPENSSL_NO_SHA

-#include <openssl/sha.h>

-#endif

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_SYS_WIN32

-/* Under Win32 these are defined in wincrypt.h */

-#undef X509_NAME

-#undef X509_CERT_PAIR

-#endif

-#define X509_FILETYPE_PEM	1

-#define X509_FILETYPE_ASN1	2

-#define X509_FILETYPE_DEFAULT	3

-#define X509v3_KU_DIGITAL_SIGNATURE	0x0080

-#define X509v3_KU_NON_REPUDIATION	0x0040

-#define X509v3_KU_KEY_ENCIPHERMENT	0x0020

-#define X509v3_KU_DATA_ENCIPHERMENT	0x0010

-#define X509v3_KU_KEY_AGREEMENT		0x0008

-#define X509v3_KU_KEY_CERT_SIGN		0x0004

-#define X509v3_KU_CRL_SIGN		0x0002

-#define X509v3_KU_ENCIPHER_ONLY		0x0001

-#define X509v3_KU_DECIPHER_ONLY		0x8000

-#define X509v3_KU_UNDEF			0xffff

-typedef struct X509_objects_st

-	{

-	int nid;

-	int (*a2i)(void);

-	int (*i2a)(void);

-	} X509_OBJECTS;

-struct X509_algor_st

-	{

-	ASN1_OBJECT *algorithm;

-	ASN1_TYPE *parameter;

-	} /* X509_ALGOR */;

-DECLARE_STACK_OF(X509_ALGOR)

-DECLARE_ASN1_SET_OF(X509_ALGOR)

-typedef struct X509_val_st

-	{

-	ASN1_TIME *notBefore;

-	ASN1_TIME *notAfter;

-	} X509_VAL;

-typedef struct X509_pubkey_st

-	{

-	X509_ALGOR *algor;

-	ASN1_BIT_STRING *public_key;

-	EVP_PKEY *pkey;

-	} X509_PUBKEY;

-typedef struct X509_sig_st

-	{

-	X509_ALGOR *algor;

-	ASN1_OCTET_STRING *digest;

-	} X509_SIG;

-typedef struct X509_name_entry_st

-	{

-	ASN1_OBJECT *object;

-	ASN1_STRING *value;

-	int set;

-	int size; 	/* temp variable */

-	} X509_NAME_ENTRY;

-DECLARE_STACK_OF(X509_NAME_ENTRY)

-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)

-/* we always keep X509_NAMEs in 2 forms. */

-struct X509_name_st

-	{

-	STACK_OF(X509_NAME_ENTRY) *entries;

-	int modified;	/* true if 'bytes' needs to be built */

-#ifndef OPENSSL_NO_BUFFER

-	BUF_MEM *bytes;

-#else

-	char *bytes;

-#endif

-	unsigned long hash; /* Keep the hash around for lookups */

-	} /* X509_NAME */;

-DECLARE_STACK_OF(X509_NAME)

-#define X509_EX_V_NETSCAPE_HACK		0x8000

-#define X509_EX_V_INIT			0x0001

-typedef struct X509_extension_st

-	{

-	ASN1_OBJECT *object;

-	ASN1_BOOLEAN critical;

-	ASN1_OCTET_STRING *value;

-	} X509_EXTENSION;

-DECLARE_STACK_OF(X509_EXTENSION)

-DECLARE_ASN1_SET_OF(X509_EXTENSION)

-/* a sequence of these are used */

-typedef struct x509_attributes_st

-	{

-	ASN1_OBJECT *object;

-	int single; /* 0 for a set, 1 for a single item (which is wrong) */

-	union	{

-		char		*ptr;

-/* 0 */		STACK_OF(ASN1_TYPE) *set;

-/* 1 */		ASN1_TYPE	*single;

-		} value;

-	} X509_ATTRIBUTE;

-DECLARE_STACK_OF(X509_ATTRIBUTE)

-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)

-typedef struct X509_req_info_st

-	{

-	ASN1_ENCODING enc;

-	ASN1_INTEGER *version;

-	X509_NAME *subject;

-	X509_PUBKEY *pubkey;

-	/*  d=2 hl=2 l=  0 cons: cont: 00 */

-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */

-	} X509_REQ_INFO;

-typedef struct X509_req_st

-	{

-	X509_REQ_INFO *req_info;

-	X509_ALGOR *sig_alg;

-	ASN1_BIT_STRING *signature;

-	int references;

-	} X509_REQ;

-typedef struct x509_cinf_st

-	{

-	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */

-	ASN1_INTEGER *serialNumber;

-	X509_ALGOR *signature;

-	X509_NAME *issuer;

-	X509_VAL *validity;

-	X509_NAME *subject;

-	X509_PUBKEY *key;

-	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */

-	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */

-	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */

-	} X509_CINF;

-/* This stuff is certificate "auxiliary info"

- * it contains details which are useful in certificate

- * stores and databases. When used this is tagged onto

- * the end of the certificate itself

- */

-typedef struct x509_cert_aux_st

-	{

-	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */

-	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */

-	ASN1_UTF8STRING *alias;			/* "friendly name" */

-	ASN1_OCTET_STRING *keyid;		/* key id of private key */

-	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */

-	} X509_CERT_AUX;

-struct x509_st

-	{

-	X509_CINF *cert_info;

-	X509_ALGOR *sig_alg;

-	ASN1_BIT_STRING *signature;

-	int valid;

-	int references;

-	char *name;

-	CRYPTO_EX_DATA ex_data;

-	/* These contain copies of various extension values */

-	long ex_pathlen;

-	long ex_pcpathlen;

-	unsigned long ex_flags;

-	unsigned long ex_kusage;

-	unsigned long ex_xkusage;

-	unsigned long ex_nscert;

-	ASN1_OCTET_STRING *skid;

-	struct AUTHORITY_KEYID_st *akid;

-	X509_POLICY_CACHE *policy_cache;

-#ifndef OPENSSL_NO_RFC3779

-	STACK_OF(IPAddressFamily) *rfc3779_addr;

-	struct ASIdentifiers_st *rfc3779_asid;

-#endif

-#ifndef OPENSSL_NO_SHA

-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];

-#endif

-	X509_CERT_AUX *aux;

-	} /* X509 */;

-DECLARE_STACK_OF(X509)

-DECLARE_ASN1_SET_OF(X509)

-/* This is used for a table of trust checking functions */

-typedef struct x509_trust_st {

-	int trust;

-	int flags;

-	int (*check_trust)(struct x509_trust_st *, X509 *, int);

-	char *name;

-	int arg1;

-	void *arg2;

-} X509_TRUST;

-DECLARE_STACK_OF(X509_TRUST)

-typedef struct x509_cert_pair_st {

-	X509 *forward;

-	X509 *reverse;

-} X509_CERT_PAIR;

-/* standard trust ids */

-#define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */

-#define X509_TRUST_COMPAT	1

-#define X509_TRUST_SSL_CLIENT	2

-#define X509_TRUST_SSL_SERVER	3

-#define X509_TRUST_EMAIL	4

-#define X509_TRUST_OBJECT_SIGN	5

-#define X509_TRUST_OCSP_SIGN	6

-#define X509_TRUST_OCSP_REQUEST	7

-/* Keep these up to date! */

-#define X509_TRUST_MIN		1

-#define X509_TRUST_MAX		7

-/* trust_flags values */

-#define	X509_TRUST_DYNAMIC 	1

-#define	X509_TRUST_DYNAMIC_NAME	2

-/* check_trust return codes */

-#define X509_TRUST_TRUSTED	1

-#define X509_TRUST_REJECTED	2

-#define X509_TRUST_UNTRUSTED	3

-/* Flags for X509_print_ex() */

-#define	X509_FLAG_COMPAT		0

-#define	X509_FLAG_NO_HEADER		1L

-#define	X509_FLAG_NO_VERSION		(1L << 1)

-#define	X509_FLAG_NO_SERIAL		(1L << 2)

-#define	X509_FLAG_NO_SIGNAME		(1L << 3)

-#define	X509_FLAG_NO_ISSUER		(1L << 4)

-#define	X509_FLAG_NO_VALIDITY		(1L << 5)

-#define	X509_FLAG_NO_SUBJECT		(1L << 6)

-#define	X509_FLAG_NO_PUBKEY		(1L << 7)

-#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)

-#define	X509_FLAG_NO_SIGDUMP		(1L << 9)

-#define	X509_FLAG_NO_AUX		(1L << 10)

-#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)

-/* Flags specific to X509_NAME_print_ex() */

-/* The field separator information */

-#define XN_FLAG_SEP_MASK	(0xf << 16)

-#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */

-#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */

-#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */

-#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */

-#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */

-#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */

-/* How the field name is shown */

-#define XN_FLAG_FN_MASK		(0x3 << 21)

-#define XN_FLAG_FN_SN		0		/* Object short name */

-#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */

-#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */

-#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */

-#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */

-/* This determines if we dump fields we don't recognise:

- * RFC2253 requires this.

- */

-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)

-#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */

-/* Complete set of RFC2253 flags */

-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \

-			XN_FLAG_SEP_COMMA_PLUS | \

-			XN_FLAG_DN_REV | \

-			XN_FLAG_FN_SN | \

-			XN_FLAG_DUMP_UNKNOWN_FIELDS)

-/* readable oneline form */

-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \

-			ASN1_STRFLGS_ESC_QUOTE | \

-			XN_FLAG_SEP_CPLUS_SPC | \

-			XN_FLAG_SPC_EQ | \

-			XN_FLAG_FN_SN)

-/* readable multiline form */

-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \

-			ASN1_STRFLGS_ESC_MSB | \

-			XN_FLAG_SEP_MULTILINE | \

-			XN_FLAG_SPC_EQ | \

-			XN_FLAG_FN_LN | \

-			XN_FLAG_FN_ALIGN)

-typedef struct X509_revoked_st

-	{

-	ASN1_INTEGER *serialNumber;

-	ASN1_TIME *revocationDate;

-	STACK_OF(X509_EXTENSION) /* optional */ *extensions;

-	int sequence; /* load sequence */

-	} X509_REVOKED;

-DECLARE_STACK_OF(X509_REVOKED)

-DECLARE_ASN1_SET_OF(X509_REVOKED)

-typedef struct X509_crl_info_st

-	{

-	ASN1_INTEGER *version;

-	X509_ALGOR *sig_alg;

-	X509_NAME *issuer;

-	ASN1_TIME *lastUpdate;

-	ASN1_TIME *nextUpdate;

-	STACK_OF(X509_REVOKED) *revoked;

-	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;

-	ASN1_ENCODING enc;

-	} X509_CRL_INFO;

-struct X509_crl_st

-	{

-	/* actual signature */

-	X509_CRL_INFO *crl;

-	X509_ALGOR *sig_alg;

-	ASN1_BIT_STRING *signature;

-	int references;

-	} /* X509_CRL */;

-DECLARE_STACK_OF(X509_CRL)

-DECLARE_ASN1_SET_OF(X509_CRL)

-typedef struct private_key_st

-	{

-	int version;

-	/* The PKCS#8 data types */

-	X509_ALGOR *enc_algor;

-	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */

-	/* When decrypted, the following will not be NULL */

-	EVP_PKEY *dec_pkey;

-	/* used to encrypt and decrypt */

-	int key_length;

-	char *key_data;

-	int key_free;	/* true if we should auto free key_data */

-	/* expanded version of 'enc_algor' */

-	EVP_CIPHER_INFO cipher;

-	int references;

-	} X509_PKEY;

-#ifndef OPENSSL_NO_EVP

-typedef struct X509_info_st

-	{

-	X509 *x509;

-	X509_CRL *crl;

-	X509_PKEY *x_pkey;

-	EVP_CIPHER_INFO enc_cipher;

-	int enc_len;

-	char *enc_data;

-	int references;

-	} X509_INFO;

-DECLARE_STACK_OF(X509_INFO)

-#endif

-/* The next 2 structures and their 8 routines were sent to me by

- * Pat Richard <[email protected]> and are used to manipulate

- * Netscapes spki structures - useful if you are writing a CA web page

- */

-typedef struct Netscape_spkac_st

-	{

-	X509_PUBKEY *pubkey;

-	ASN1_IA5STRING *challenge;	/* challenge sent in atlas >= PR2 */

-	} NETSCAPE_SPKAC;

-typedef struct Netscape_spki_st

-	{

-	NETSCAPE_SPKAC *spkac;	/* signed public key and challenge */

-	X509_ALGOR *sig_algor;

-	ASN1_BIT_STRING *signature;

-	} NETSCAPE_SPKI;

-/* Netscape certificate sequence structure */

-typedef struct Netscape_certificate_sequence

-	{

-	ASN1_OBJECT *type;

-	STACK_OF(X509) *certs;

-	} NETSCAPE_CERT_SEQUENCE;

-/* Unused (and iv length is wrong)

-typedef struct CBCParameter_st

-	{

-	unsigned char iv[8];

-	} CBC_PARAM;

-*/

-/* Password based encryption structure */

-typedef struct PBEPARAM_st {

-ASN1_OCTET_STRING *salt;

-ASN1_INTEGER *iter;

-} PBEPARAM;

-/* Password based encryption V2 structures */

-typedef struct PBE2PARAM_st {

-X509_ALGOR *keyfunc;

-X509_ALGOR *encryption;

-} PBE2PARAM;

-typedef struct PBKDF2PARAM_st {

-ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */

-ASN1_INTEGER *iter;

-ASN1_INTEGER *keylength;

-X509_ALGOR *prf;

-} PBKDF2PARAM;

-/* PKCS#8 private key info structure */

-typedef struct pkcs8_priv_key_info_st

-        {

-        int broken;     /* Flag for various broken formats */

-#define PKCS8_OK		0

-#define PKCS8_NO_OCTET		1

-#define PKCS8_EMBEDDED_PARAM	2

-#define PKCS8_NS_DB		3

-        ASN1_INTEGER *version;

-        X509_ALGOR *pkeyalg;

-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */

-        STACK_OF(X509_ATTRIBUTE) *attributes;

-        } PKCS8_PRIV_KEY_INFO;

-#ifdef  __cplusplus

-}

-#endif

-#include <openssl/x509_vfy.h>

-#include <openssl/pkcs7.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef SSLEAY_MACROS

-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\

-	a->signature,(char *)a->cert_info,r)

-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \

-	a->sig_alg,a->signature,(char *)a->req_info,r)

-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \

-	a->sig_alg, a->signature,(char *)a->crl,r)

-#define X509_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \

-		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)

-#define X509_REQ_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \

-		x->signature, (char *)x->req_info,pkey,md)

-#define X509_CRL_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \

-		x->signature, (char *)x->crl,pkey,md)

-#define NETSCAPE_SPKI_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \

-		x->signature, (char *)x->spkac,pkey,md)

-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \

-		(char *(*)())d2i_X509,(char *)x509)

-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\

-		(int (*)())i2d_X509_ATTRIBUTE, \

-		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)

-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \

-		(int (*)())i2d_X509_EXTENSION, \

-		(char *(*)())d2i_X509_EXTENSION,(char *)ex)

-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \

-		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509))

-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)

-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \

-		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509))

-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)

-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \

-		(char *(*)())d2i_X509_CRL,(char *)crl)

-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \

-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\

-		(unsigned char **)(crl))

-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\

-		(unsigned char *)crl)

-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \

-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\

-		(unsigned char **)(crl))

-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\

-		(unsigned char *)crl)

-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \

-		(char *(*)())d2i_PKCS7,(char *)p7)

-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \

-		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\

-		(unsigned char **)(p7))

-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\

-		(unsigned char *)p7)

-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \

-		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\

-		(unsigned char **)(p7))

-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\

-		(unsigned char *)p7)

-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \

-		(char *(*)())d2i_X509_REQ,(char *)req)

-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\

-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\

-		(unsigned char **)(req))

-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\

-		(unsigned char *)req)

-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\

-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\

-		(unsigned char **)(req))

-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\

-		(unsigned char *)req)

-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \

-		(char *(*)())d2i_RSAPublicKey,(char *)rsa)

-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \

-		(char *(*)())d2i_RSAPrivateKey,(char *)rsa)

-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \

-		(unsigned char *)rsa)

-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \

-		(unsigned char *)rsa)

-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \

-		(unsigned char *)rsa)

-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \

-		(unsigned char *)rsa)

-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\

-		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \

-		(unsigned char **)(dsa))

-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \

-		(unsigned char *)dsa)

-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\

-		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \

-		(unsigned char **)(dsa))

-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \

-		(unsigned char *)dsa)

-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\

-		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \

-		(unsigned char **)(ecdsa))

-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \

-		(unsigned char *)ecdsa)

-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\

-		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \

-		(unsigned char **)(ecdsa))

-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \

-		(unsigned char *)ecdsa)

-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\

-		(char *(*)())d2i_X509_ALGOR,(char *)xn)

-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \

-		(char *(*)())d2i_X509_NAME,(char *)xn)

-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \

-		(int (*)())i2d_X509_NAME_ENTRY, \

-		(char *(*)())d2i_X509_NAME_ENTRY,\

-		(char *)ne)

-#define X509_digest(data,type,md,len) \

-	ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)

-#define X509_NAME_digest(data,type,md,len) \

-	ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)

-#ifndef PKCS7_ISSUER_AND_SERIAL_digest

-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \

-	ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\

-		(char *)data,md,len)

-#endif

-#endif

-#define X509_EXT_PACK_UNKNOWN	1

-#define X509_EXT_PACK_STRING	2

-#define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)

-/* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */

-#define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)

-#define		X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)

-#define		X509_extract_key(x)	X509_get_pubkey(x) /*****/

-#define		X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)

-#define		X509_REQ_get_subject_name(x) ((x)->req_info->subject)

-#define		X509_REQ_extract_key(a)	X509_REQ_get_pubkey(a)

-#define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))

-#define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))

-#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)

-#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)

-#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)

-#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)

-#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)

-/* This one is only used so that a binary form can output, as in

- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */

-#define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)

-const char *X509_verify_cert_error_string(long n);

-#ifndef SSLEAY_MACROS

-#ifndef OPENSSL_NO_EVP

-int X509_verify(X509 *a, EVP_PKEY *r);

-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);

-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);

-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);

-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);

-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);

-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);

-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);

-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);

-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);

-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);

-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);

-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);

-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);

-int X509_pubkey_digest(const X509 *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_digest(const X509 *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-#endif

-#ifndef OPENSSL_NO_FP_API

-X509 *d2i_X509_fp(FILE *fp, X509 **x509);

-int i2d_X509_fp(FILE *fp,X509 *x509);

-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);

-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);

-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);

-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);

-#ifndef OPENSSL_NO_RSA

-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);

-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);

-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);

-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);

-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);

-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);

-#endif

-#ifndef OPENSSL_NO_DSA

-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);

-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);

-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);

-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);

-#endif

-#ifndef OPENSSL_NO_EC

-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);

-int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);

-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);

-int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);

-#endif

-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);

-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);

-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,

-						PKCS8_PRIV_KEY_INFO **p8inf);

-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);

-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);

-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);

-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);

-#endif

-#ifndef OPENSSL_NO_BIO

-X509 *d2i_X509_bio(BIO *bp,X509 **x509);

-int i2d_X509_bio(BIO *bp,X509 *x509);

-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);

-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);

-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);

-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);

-#ifndef OPENSSL_NO_RSA

-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);

-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);

-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);

-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);

-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);

-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);

-#endif

-#ifndef OPENSSL_NO_DSA

-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);

-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);

-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);

-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);

-#endif

-#ifndef OPENSSL_NO_EC

-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);

-int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);

-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);

-int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);

-#endif

-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);

-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);

-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,

-						PKCS8_PRIV_KEY_INFO **p8inf);

-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);

-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);

-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);

-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);

-#endif

-X509 *X509_dup(X509 *x509);

-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);

-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);

-X509_CRL *X509_CRL_dup(X509_CRL *crl);

-X509_REQ *X509_REQ_dup(X509_REQ *req);

-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);

-X509_NAME *X509_NAME_dup(X509_NAME *xn);

-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);

-#endif /* !SSLEAY_MACROS */

-int		X509_cmp_time(ASN1_TIME *s, time_t *t);

-int		X509_cmp_current_time(ASN1_TIME *s);

-ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);

-ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);

-const char *	X509_get_default_cert_area(void );

-const char *	X509_get_default_cert_dir(void );

-const char *	X509_get_default_cert_file(void );

-const char *	X509_get_default_cert_dir_env(void );

-const char *	X509_get_default_cert_file_env(void );

-const char *	X509_get_default_private_dir(void );

-X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);

-X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);

-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)

-DECLARE_ASN1_FUNCTIONS(X509_VAL)

-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)

-int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);

-EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);

-int		X509_get_pubkey_parameters(EVP_PKEY *pkey,

-					   STACK_OF(X509) *chain);

-int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);

-EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,

-			long length);

-#ifndef OPENSSL_NO_RSA

-int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);

-RSA *		d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,

-			long length);

-#endif

-#ifndef OPENSSL_NO_DSA

-int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);

-DSA *		d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,

-			long length);

-#endif

-#ifndef OPENSSL_NO_EC

-int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);

-EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,

-			long length);

-#endif

-DECLARE_ASN1_FUNCTIONS(X509_SIG)

-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)

-DECLARE_ASN1_FUNCTIONS(X509_REQ)

-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)

-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);

-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)

-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)

-DECLARE_ASN1_FUNCTIONS(X509_NAME)

-int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);

-DECLARE_ASN1_FUNCTIONS(X509_CINF)

-DECLARE_ASN1_FUNCTIONS(X509)

-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)

-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)

-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int X509_set_ex_data(X509 *r, int idx, void *arg);

-void *X509_get_ex_data(X509 *r, int idx);

-int		i2d_X509_AUX(X509 *a,unsigned char **pp);

-X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);

-int X509_alias_set1(X509 *x, unsigned char *name, int len);

-int X509_keyid_set1(X509 *x, unsigned char *id, int len);

-unsigned char * X509_alias_get0(X509 *x, int *len);

-unsigned char * X509_keyid_get0(X509 *x, int *len);

-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);

-int X509_TRUST_set(int *t, int trust);

-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);

-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);

-void X509_trust_clear(X509 *x);

-void X509_reject_clear(X509 *x);

-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)

-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)

-DECLARE_ASN1_FUNCTIONS(X509_CRL)

-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);

-X509_PKEY *	X509_PKEY_new(void );

-void		X509_PKEY_free(X509_PKEY *a);

-int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);

-X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)

-#ifndef OPENSSL_NO_EVP

-X509_INFO *	X509_INFO_new(void);

-void		X509_INFO_free(X509_INFO *a);

-char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);

-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,

-		ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);

-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,

-		unsigned char *md,unsigned int *len);

-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,

-	      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,

-	      char *data,EVP_PKEY *pkey, const EVP_MD *type);

-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,

-	unsigned char *md,unsigned int *len);

-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,

-	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);

-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,

-	ASN1_BIT_STRING *signature,

-	void *data, EVP_PKEY *pkey, const EVP_MD *type);

-#endif

-int 		X509_set_version(X509 *x,long version);

-int 		X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);

-ASN1_INTEGER *	X509_get_serialNumber(X509 *x);

-int 		X509_set_issuer_name(X509 *x, X509_NAME *name);

-X509_NAME *	X509_get_issuer_name(X509 *a);

-int 		X509_set_subject_name(X509 *x, X509_NAME *name);

-X509_NAME *	X509_get_subject_name(X509 *a);

-int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);

-int 		X509_set_notAfter(X509 *x, ASN1_TIME *tm);

-int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);

-EVP_PKEY *	X509_get_pubkey(X509 *x);

-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);

-int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);

-int		X509_REQ_set_version(X509_REQ *x,long version);

-int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);

-int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);

-EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);

-int		X509_REQ_extension_nid(int nid);

-int *		X509_REQ_get_extension_nids(void);

-void		X509_REQ_set_extension_nids(int *nids);

-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);

-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,

-				int nid);

-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);

-int X509_REQ_get_attr_count(const X509_REQ *req);

-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,

-			  int lastpos);

-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,

-			  int lastpos);

-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);

-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);

-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);

-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len);

-int X509_REQ_add1_attr_by_NID(X509_REQ *req,

-			int nid, int type,

-			const unsigned char *bytes, int len);

-int X509_REQ_add1_attr_by_txt(X509_REQ *req,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len);

-int X509_CRL_set_version(X509_CRL *x, long version);

-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);

-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);

-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);

-int X509_CRL_sort(X509_CRL *crl);

-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);

-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);

-int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);

-int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);

-int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);

-unsigned long	X509_issuer_and_serial_hash(X509 *a);

-int		X509_issuer_name_cmp(const X509 *a, const X509 *b);

-unsigned long	X509_issuer_name_hash(X509 *a);

-int		X509_subject_name_cmp(const X509 *a, const X509 *b);

-unsigned long	X509_subject_name_hash(X509 *x);

-int		X509_cmp(const X509 *a, const X509 *b);

-int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);

-unsigned long	X509_NAME_hash(X509_NAME *x);

-int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);

-#ifndef OPENSSL_NO_FP_API

-int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);

-int		X509_print_fp(FILE *bp,X509 *x);

-int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);

-int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);

-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);

-#endif

-#ifndef OPENSSL_NO_BIO

-int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);

-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);

-int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);

-int		X509_print(BIO *bp,X509 *x);

-int		X509_ocspid_print(BIO *bp,X509 *x);

-int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);

-int		X509_CRL_print(BIO *bp,X509_CRL *x);

-int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);

-int		X509_REQ_print(BIO *bp,X509_REQ *req);

-#endif

-int 		X509_NAME_entry_count(X509_NAME *name);

-int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,

-			char *buf,int len);

-int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,

-			char *buf,int len);

-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use

- * lastpos, search after that position on. */

-int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);

-int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,

-			int lastpos);

-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);

-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);

-int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,

-			int loc, int set);

-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,

-			unsigned char *bytes, int len, int loc, int set);

-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,

-			unsigned char *bytes, int len, int loc, int set);

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,

-		const char *field, int type, const unsigned char *bytes, int len);

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,

-			int type,unsigned char *bytes, int len);

-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,

-			const unsigned char *bytes, int len, int loc, int set);

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,

-			ASN1_OBJECT *obj, int type,const unsigned char *bytes,

-			int len);

-int 		X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,

-			ASN1_OBJECT *obj);

-int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,

-			const unsigned char *bytes, int len);

-ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);

-ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);

-int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);

-int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,

-				      int nid, int lastpos);

-int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,

-				      ASN1_OBJECT *obj,int lastpos);

-int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,

-					   int crit, int lastpos);

-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);

-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);

-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,

-					 X509_EXTENSION *ex, int loc);

-int		X509_get_ext_count(X509 *x);

-int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);

-int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);

-int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);

-X509_EXTENSION *X509_get_ext(X509 *x, int loc);

-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);

-int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);

-void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);

-int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,

-							unsigned long flags);

-int		X509_CRL_get_ext_count(X509_CRL *x);

-int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);

-int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);

-int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);

-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);

-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);

-int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);

-void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);

-int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,

-							unsigned long flags);

-int		X509_REVOKED_get_ext_count(X509_REVOKED *x);

-int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);

-int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);

-int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);

-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);

-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);

-int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);

-void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);

-int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,

-							unsigned long flags);

-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,

-			int nid, int crit, ASN1_OCTET_STRING *data);

-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,

-			ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);

-int		X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);

-int		X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);

-int		X509_EXTENSION_set_data(X509_EXTENSION *ex,

-			ASN1_OCTET_STRING *data);

-ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);

-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);

-int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);

-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);

-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,

-			  int lastpos);

-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,

-			  int lastpos);

-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);

-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,

-					 X509_ATTRIBUTE *attr);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,

-			int nid, int type,

-			const unsigned char *bytes, int len);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len);

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,

-	     int atrtype, const void *data, int len);

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,

-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,

-		const char *atrname, int type, const unsigned char *bytes, int len);

-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);

-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);

-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,

-					int atrtype, void *data);

-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);

-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);

-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);

-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);

-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,

-			  int lastpos);

-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,

-			  int lastpos);

-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);

-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);

-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);

-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len);

-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,

-			int nid, int type,

-			const unsigned char *bytes, int len);

-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len);

-int		X509_verify_cert(X509_STORE_CTX *ctx);

-/* lookup a cert from a X509 STACK */

-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,

-				     ASN1_INTEGER *serial);

-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);

-DECLARE_ASN1_FUNCTIONS(PBEPARAM)

-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)

-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)

-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);

-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,

-					 unsigned char *salt, int saltlen);

-/* PKCS#8 utilities */

-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)

-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);

-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);

-int X509_check_trust(X509 *x, int id, int flags);

-int X509_TRUST_get_count(void);

-X509_TRUST * X509_TRUST_get0(int idx);

-int X509_TRUST_get_by_id(int id);

-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),

-					char *name, int arg1, void *arg2);

-void X509_TRUST_cleanup(void);

-int X509_TRUST_get_flags(X509_TRUST *xp);

-char *X509_TRUST_get0_name(X509_TRUST *xp);

-int X509_TRUST_get_trust(X509_TRUST *xp);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_X509_strings(void);

-/* Error codes for the X509 functions. */

-/* Function codes. */

-#define X509_F_ADD_CERT_DIR				 100

-#define X509_F_BY_FILE_CTRL				 101

-#define X509_F_CHECK_POLICY				 145

-#define X509_F_DIR_CTRL					 102

-#define X509_F_GET_CERT_BY_SUBJECT			 103

-#define X509_F_NETSCAPE_SPKI_B64_DECODE			 129

-#define X509_F_NETSCAPE_SPKI_B64_ENCODE			 130

-#define X509_F_X509AT_ADD1_ATTR				 135

-#define X509_F_X509V3_ADD_EXT				 104

-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID		 136

-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ		 137

-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT		 140

-#define X509_F_X509_ATTRIBUTE_GET0_DATA			 139

-#define X509_F_X509_ATTRIBUTE_SET1_DATA			 138

-#define X509_F_X509_CHECK_PRIVATE_KEY			 128

-#define X509_F_X509_CRL_PRINT_FP			 147

-#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108

-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109

-#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110

-#define X509_F_X509_LOAD_CERT_CRL_FILE			 132

-#define X509_F_X509_LOAD_CERT_FILE			 111

-#define X509_F_X509_LOAD_CRL_FILE			 112

-#define X509_F_X509_NAME_ADD_ENTRY			 113

-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114

-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT		 131

-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115

-#define X509_F_X509_NAME_ONELINE			 116

-#define X509_F_X509_NAME_PRINT				 117

-#define X509_F_X509_PRINT_EX_FP				 118

-#define X509_F_X509_PUBKEY_GET				 119

-#define X509_F_X509_PUBKEY_SET				 120

-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY		 144

-#define X509_F_X509_REQ_PRINT_EX			 121

-#define X509_F_X509_REQ_PRINT_FP			 122

-#define X509_F_X509_REQ_TO_X509				 123

-#define X509_F_X509_STORE_ADD_CERT			 124

-#define X509_F_X509_STORE_ADD_CRL			 125

-#define X509_F_X509_STORE_CTX_GET1_ISSUER		 146

-#define X509_F_X509_STORE_CTX_INIT			 143

-#define X509_F_X509_STORE_CTX_NEW			 142

-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT		 134

-#define X509_F_X509_TO_X509_REQ				 126

-#define X509_F_X509_TRUST_ADD				 133

-#define X509_F_X509_TRUST_SET				 141

-#define X509_F_X509_VERIFY_CERT				 127

-/* Reason codes. */

-#define X509_R_BAD_X509_FILETYPE			 100

-#define X509_R_BASE64_DECODE_ERROR			 118

-#define X509_R_CANT_CHECK_DH_KEY			 114

-#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101

-#define X509_R_ERR_ASN1_LIB				 102

-#define X509_R_INVALID_DIRECTORY			 113

-#define X509_R_INVALID_FIELD_NAME			 119

-#define X509_R_INVALID_TRUST				 123

-#define X509_R_KEY_TYPE_MISMATCH			 115

-#define X509_R_KEY_VALUES_MISMATCH			 116

-#define X509_R_LOADING_CERT_DIR				 103

-#define X509_R_LOADING_DEFAULTS				 104

-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105

-#define X509_R_SHOULD_RETRY				 106

-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107

-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108

-#define X509_R_UNKNOWN_KEY_TYPE				 117

-#define X509_R_UNKNOWN_NID				 109

-#define X509_R_UNKNOWN_PURPOSE_ID			 121

-#define X509_R_UNKNOWN_TRUST_ID				 120

-#define X509_R_UNSUPPORTED_ALGORITHM			 111

-#define X509_R_WRONG_LOOKUP_TYPE			 112

-#define X509_R_WRONG_TYPE				 122

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/x509_vfy.h

+++ /dev/null

@@ -1,531 +1,0 @@

-/* crypto/x509/x509_vfy.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_X509_H

-#include <openssl/x509.h>

-/* openssl/x509.h ends up #include-ing this file at about the only

- * appropriate moment. */

-#endif

-#ifndef HEADER_X509_VFY_H

-#define HEADER_X509_VFY_H

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_LHASH

-#include <openssl/lhash.h>

-#endif

-#include <openssl/bio.h>

-#include <openssl/crypto.h>

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Outer object */

-typedef struct x509_hash_dir_st

-	{

-	int num_dirs;

-	char **dirs;

-	int *dirs_type;

-	int num_dirs_alloced;

-	} X509_HASH_DIR_CTX;

-typedef struct x509_file_st

-	{

-	int num_paths;	/* number of paths to files or directories */

-	int num_alloced;

-	char **paths;	/* the list of paths or directories */

-	int *path_type;

-	} X509_CERT_FILE_CTX;

-/*******************************/

-/*

-SSL_CTX -> X509_STORE

-		-> X509_LOOKUP

-			->X509_LOOKUP_METHOD

-		-> X509_LOOKUP

-			->X509_LOOKUP_METHOD

-SSL	-> X509_STORE_CTX

-		->X509_STORE

-The X509_STORE holds the tables etc for verification stuff.

-A X509_STORE_CTX is used while validating a single certificate.

-The X509_STORE has X509_LOOKUPs for looking up certs.

-The X509_STORE then calls a function to actually verify the

-certificate chain.

-*/

-#define X509_LU_RETRY		-1

-#define X509_LU_FAIL		0

-#define X509_LU_X509		1

-#define X509_LU_CRL		2

-#define X509_LU_PKEY		3

-typedef struct x509_object_st

-	{

-	/* one of the above types */

-	int type;

-	union	{

-		char *ptr;

-		X509 *x509;

-		X509_CRL *crl;

-		EVP_PKEY *pkey;

-		} data;

-	} X509_OBJECT;

-typedef struct x509_lookup_st X509_LOOKUP;

-DECLARE_STACK_OF(X509_LOOKUP)

-DECLARE_STACK_OF(X509_OBJECT)

-/* This is a static that defines the function interface */

-typedef struct x509_lookup_method_st

-	{

-	const char *name;

-	int (*new_item)(X509_LOOKUP *ctx);

-	void (*free)(X509_LOOKUP *ctx);

-	int (*init)(X509_LOOKUP *ctx);

-	int (*shutdown)(X509_LOOKUP *ctx);

-	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,

-			char **ret);

-	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,

-			      X509_OBJECT *ret);

-	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,

-				    ASN1_INTEGER *serial,X509_OBJECT *ret);

-	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,

-				  unsigned char *bytes,int len,

-				  X509_OBJECT *ret);

-	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,

-			    X509_OBJECT *ret);

-	} X509_LOOKUP_METHOD;

-/* This structure hold all parameters associated with a verify operation

- * by including an X509_VERIFY_PARAM structure in related structures the

- * parameters used can be customized

- */

-typedef struct X509_VERIFY_PARAM_st

-	{

-	char *name;

-	time_t check_time;	/* Time to use */

-	unsigned long inh_flags; /* Inheritance flags */

-	unsigned long flags;	/* Various verify flags */

-	int purpose;		/* purpose to check untrusted certificates */

-	int trust;		/* trust setting to check */

-	int depth;		/* Verify depth */

-	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */

-	} X509_VERIFY_PARAM;

-DECLARE_STACK_OF(X509_VERIFY_PARAM)

-/* This is used to hold everything.  It is used for all certificate

- * validation.  Once we have a certificate chain, the 'verify'

- * function is then called to actually check the cert chain. */

-struct x509_store_st

-	{

-	/* The following is a cache of trusted certs */

-	int cache; 	/* if true, stash any hits */

-	STACK_OF(X509_OBJECT) *objs;	/* Cache of all objects */

-	/* These are external lookup methods */

-	STACK_OF(X509_LOOKUP) *get_cert_methods;

-	X509_VERIFY_PARAM *param;

-	/* Callbacks for various operations */

-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */

-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */

-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */

-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */

-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */

-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */

-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */

-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */

-	int (*cleanup)(X509_STORE_CTX *ctx);

-	CRYPTO_EX_DATA ex_data;

-	int references;

-	} /* X509_STORE */;

-int X509_STORE_set_depth(X509_STORE *store, int depth);

-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))

-#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))

-/* This is the functions plus an instance of the local variables. */

-struct x509_lookup_st

-	{

-	int init;			/* have we been started */

-	int skip;			/* don't use us. */

-	X509_LOOKUP_METHOD *method;	/* the functions */

-	char *method_data;		/* method data */

-	X509_STORE *store_ctx;	/* who owns us */

-	} /* X509_LOOKUP */;

-/* This is a used when verifying cert chains.  Since the

- * gathering of the cert chain can take some time (and have to be

- * 'retried', this needs to be kept and passed around. */

-struct x509_store_ctx_st      /* X509_STORE_CTX */

-	{

-	X509_STORE *ctx;

-	int current_method;	/* used when looking up certs */

-	/* The following are set by the caller */

-	X509 *cert;		/* The cert to check */

-	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */

-	STACK_OF(X509_CRL) *crls;	/* set of CRLs passed in */

-	X509_VERIFY_PARAM *param;

-	void *other_ctx;	/* Other info for use with get_issuer() */

-	/* Callbacks for various operations */

-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */

-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */

-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */

-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */

-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */

-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */

-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */

-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */

-	int (*check_policy)(X509_STORE_CTX *ctx);

-	int (*cleanup)(X509_STORE_CTX *ctx);

-	/* The following is built up */

-	int valid;		/* if 0, rebuild chain */

-	int last_untrusted;	/* index of last untrusted cert */

-	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */

-	X509_POLICY_TREE *tree;	/* Valid policy tree */

-	int explicit_policy;	/* Require explicit policy value */

-	/* When something goes wrong, this is why */

-	int error_depth;

-	int error;

-	X509 *current_cert;

-	X509 *current_issuer;	/* cert currently being tested as valid issuer */

-	X509_CRL *current_crl;	/* current CRL */

-	CRYPTO_EX_DATA ex_data;

-	} /* X509_STORE_CTX */;

-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);

-#define X509_STORE_CTX_set_app_data(ctx,data) \

-	X509_STORE_CTX_set_ex_data(ctx,0,data)

-#define X509_STORE_CTX_get_app_data(ctx) \

-	X509_STORE_CTX_get_ex_data(ctx,0)

-#define X509_L_FILE_LOAD	1

-#define X509_L_ADD_DIR		2

-#define X509_LOOKUP_load_file(x,name,type) \

-		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)

-#define X509_LOOKUP_add_dir(x,name,type) \

-		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)

-#define		X509_V_OK					0

-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */

-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2

-#define		X509_V_ERR_UNABLE_TO_GET_CRL			3

-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4

-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5

-#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6

-#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7

-#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8

-#define		X509_V_ERR_CERT_NOT_YET_VALID			9

-#define		X509_V_ERR_CERT_HAS_EXPIRED			10

-#define		X509_V_ERR_CRL_NOT_YET_VALID			11

-#define		X509_V_ERR_CRL_HAS_EXPIRED			12

-#define		X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD	13

-#define		X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD	14

-#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD	15

-#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD	16

-#define		X509_V_ERR_OUT_OF_MEM				17

-#define		X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT		18

-#define		X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN		19

-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY	20

-#define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21

-#define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22

-#define		X509_V_ERR_CERT_REVOKED				23

-#define		X509_V_ERR_INVALID_CA				24

-#define		X509_V_ERR_PATH_LENGTH_EXCEEDED			25

-#define		X509_V_ERR_INVALID_PURPOSE			26

-#define		X509_V_ERR_CERT_UNTRUSTED			27

-#define		X509_V_ERR_CERT_REJECTED			28

-/* These are 'informational' when looking for issuer cert */

-#define		X509_V_ERR_SUBJECT_ISSUER_MISMATCH		29

-#define		X509_V_ERR_AKID_SKID_MISMATCH			30

-#define		X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH		31

-#define		X509_V_ERR_KEYUSAGE_NO_CERTSIGN			32

-#define		X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER		33

-#define		X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION		34

-#define		X509_V_ERR_KEYUSAGE_NO_CRL_SIGN			35

-#define		X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION	36

-#define		X509_V_ERR_INVALID_NON_CA			37

-#define		X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED		38

-#define		X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE	39

-#define		X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED	40

-#define		X509_V_ERR_INVALID_EXTENSION			41

-#define		X509_V_ERR_INVALID_POLICY_EXTENSION		42

-#define		X509_V_ERR_NO_EXPLICIT_POLICY			43

-#define		X509_V_ERR_UNNESTED_RESOURCE			44

-/* The application is not happy */

-#define		X509_V_ERR_APPLICATION_VERIFICATION		50

-/* Certificate verify flags */

-/* Send issuer+subject checks to verify_cb */

-#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1

-/* Use check time instead of current time */

-#define	X509_V_FLAG_USE_CHECK_TIME		0x2

-/* Lookup CRLs */

-#define	X509_V_FLAG_CRL_CHECK			0x4

-/* Lookup CRLs for whole chain */

-#define	X509_V_FLAG_CRL_CHECK_ALL		0x8

-/* Ignore unhandled critical extensions */

-#define	X509_V_FLAG_IGNORE_CRITICAL		0x10

-/* Disable workarounds for broken certificates */

-#define	X509_V_FLAG_X509_STRICT			0x20

-/* Enable proxy certificate validation */

-#define	X509_V_FLAG_ALLOW_PROXY_CERTS		0x40

-/* Enable policy checking */

-#define X509_V_FLAG_POLICY_CHECK		0x80

-/* Policy variable require-explicit-policy */

-#define X509_V_FLAG_EXPLICIT_POLICY		0x100

-/* Policy variable inhibit-any-policy */

-#define	X509_V_FLAG_INHIBIT_ANY			0x200

-/* Policy variable inhibit-policy-mapping */

-#define X509_V_FLAG_INHIBIT_MAP			0x400

-/* Notify callback that policy is OK */

-#define X509_V_FLAG_NOTIFY_POLICY		0x800

-#define X509_VP_FLAG_DEFAULT			0x1

-#define X509_VP_FLAG_OVERWRITE			0x2

-#define X509_VP_FLAG_RESET_FLAGS		0x4

-#define X509_VP_FLAG_LOCKED			0x8

-#define X509_VP_FLAG_ONCE			0x10

-/* Internal use: mask of policy related options */

-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \

-				| X509_V_FLAG_EXPLICIT_POLICY \

-				| X509_V_FLAG_INHIBIT_ANY \

-				| X509_V_FLAG_INHIBIT_MAP)

-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,

-	     X509_NAME *name);

-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);

-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);

-void X509_OBJECT_up_ref_count(X509_OBJECT *a);

-void X509_OBJECT_free_contents(X509_OBJECT *a);

-X509_STORE *X509_STORE_new(void );

-void X509_STORE_free(X509_STORE *v);

-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);

-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);

-int X509_STORE_set_trust(X509_STORE *ctx, int trust);

-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);

-X509_STORE_CTX *X509_STORE_CTX_new(void);

-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);

-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);

-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,

-			 X509 *x509, STACK_OF(X509) *chain);

-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);

-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);

-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);

-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);

-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);

-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);

-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);

-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,

-	X509_OBJECT *ret);

-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,

-	long argl, char **ret);

-#ifndef OPENSSL_NO_STDIO

-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);

-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);

-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);

-#endif

-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);

-void X509_LOOKUP_free(X509_LOOKUP *ctx);

-int X509_LOOKUP_init(X509_LOOKUP *ctx);

-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,

-	X509_OBJECT *ret);

-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,

-	ASN1_INTEGER *serial, X509_OBJECT *ret);

-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,

-	unsigned char *bytes, int len, X509_OBJECT *ret);

-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,

-	int len, X509_OBJECT *ret);

-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);

-#ifndef OPENSSL_NO_STDIO

-int	X509_STORE_load_locations (X509_STORE *ctx,

-		const char *file, const char *dir);

-int	X509_STORE_set_default_paths(X509_STORE *ctx);

-#endif

-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);

-void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);

-int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);

-void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);

-int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);

-X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);

-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);

-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);

-void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);

-void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);

-void	X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);

-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);

-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);

-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

-				int purpose, int trust);

-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);

-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,

-								time_t t);

-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,

-				  int (*verify_cb)(int, X509_STORE_CTX *));

-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);

-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);

-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);

-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);

-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);

-/* X509_VERIFY_PARAM functions */

-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);

-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);

-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,

-						const X509_VERIFY_PARAM *from);

-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,

-						const X509_VERIFY_PARAM *from);

-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);

-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);

-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,

-							unsigned long flags);

-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);

-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);

-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);

-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);

-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);

-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,

-						ASN1_OBJECT *policy);

-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,

-					STACK_OF(ASN1_OBJECT) *policies);

-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);

-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);

-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);

-void X509_VERIFY_PARAM_table_cleanup(void);

-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,

-			STACK_OF(X509) *certs,

-			STACK_OF(ASN1_OBJECT) *policy_oids,

-			unsigned int flags);

-void X509_policy_tree_free(X509_POLICY_TREE *tree);

-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);

-X509_POLICY_LEVEL *

-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);

-STACK_OF(X509_POLICY_NODE) *

-	X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);

-STACK_OF(X509_POLICY_NODE) *

-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);

-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);

-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);

-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);

-STACK_OF(POLICYQUALINFO) *

-	X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);

-const X509_POLICY_NODE *

-	X509_policy_node_get0_parent(const X509_POLICY_NODE *node);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/include/ape/openssl/x509v3.h

+++ /dev/null

@@ -1,919 +1,0 @@

-/* x509v3.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_X509V3_H

-#define HEADER_X509V3_H

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#include <openssl/conf.h>

-#ifdef __cplusplus

-extern "C" {

-#endif

-/* Forward reference */

-struct v3_ext_method;

-struct v3_ext_ctx;

-/* Useful typedefs */

-typedef void * (*X509V3_EXT_NEW)(void);

-typedef void (*X509V3_EXT_FREE)(void *);

-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);

-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);

-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);

-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);

-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);

-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);

-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);

-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);

-/* V3 extension structure */

-struct v3_ext_method {

-int ext_nid;

-int ext_flags;

-/* If this is set the following four fields are ignored */

-ASN1_ITEM_EXP *it;

-/* Old style ASN1 calls */

-X509V3_EXT_NEW ext_new;

-X509V3_EXT_FREE ext_free;

-X509V3_EXT_D2I d2i;

-X509V3_EXT_I2D i2d;

-/* The following pair is used for string extensions */

-X509V3_EXT_I2S i2s;

-X509V3_EXT_S2I s2i;

-/* The following pair is used for multi-valued extensions */

-X509V3_EXT_I2V i2v;

-X509V3_EXT_V2I v2i;

-/* The following are used for raw extensions */

-X509V3_EXT_I2R i2r;

-X509V3_EXT_R2I r2i;

-void *usr_data;	/* Any extension specific data */

-};

-typedef struct X509V3_CONF_METHOD_st {

-char * (*get_string)(void *db, char *section, char *value);

-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);

-void (*free_string)(void *db, char * string);

-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);

-} X509V3_CONF_METHOD;

-/* Context specific info */

-struct v3_ext_ctx {

-#define CTX_TEST 0x1

-int flags;

-X509 *issuer_cert;

-X509 *subject_cert;

-X509_REQ *subject_req;

-X509_CRL *crl;

-X509V3_CONF_METHOD *db_meth;

-void *db;

-/* Maybe more here */

-};

-typedef struct v3_ext_method X509V3_EXT_METHOD;

-DECLARE_STACK_OF(X509V3_EXT_METHOD)

-/* ext_flags values */

-#define X509V3_EXT_DYNAMIC	0x1

-#define X509V3_EXT_CTX_DEP	0x2

-#define X509V3_EXT_MULTILINE	0x4

-typedef BIT_STRING_BITNAME ENUMERATED_NAMES;

-typedef struct BASIC_CONSTRAINTS_st {

-int ca;

-ASN1_INTEGER *pathlen;

-} BASIC_CONSTRAINTS;

-typedef struct PKEY_USAGE_PERIOD_st {

-ASN1_GENERALIZEDTIME *notBefore;

-ASN1_GENERALIZEDTIME *notAfter;

-} PKEY_USAGE_PERIOD;

-typedef struct otherName_st {

-ASN1_OBJECT *type_id;

-ASN1_TYPE *value;

-} OTHERNAME;

-typedef struct EDIPartyName_st {

-	ASN1_STRING *nameAssigner;

-	ASN1_STRING *partyName;

-} EDIPARTYNAME;

-typedef struct GENERAL_NAME_st {

-#define GEN_OTHERNAME	0

-#define GEN_EMAIL	1

-#define GEN_DNS		2

-#define GEN_X400	3

-#define GEN_DIRNAME	4

-#define GEN_EDIPARTY	5

-#define GEN_URI		6

-#define GEN_IPADD	7

-#define GEN_RID		8

-int type;

-union {

-	char *ptr;

-	OTHERNAME *otherName; /* otherName */

-	ASN1_IA5STRING *rfc822Name;

-	ASN1_IA5STRING *dNSName;

-	ASN1_TYPE *x400Address;

-	X509_NAME *directoryName;

-	EDIPARTYNAME *ediPartyName;

-	ASN1_IA5STRING *uniformResourceIdentifier;

-	ASN1_OCTET_STRING *iPAddress;

-	ASN1_OBJECT *registeredID;

-	/* Old names */

-	ASN1_OCTET_STRING *ip; /* iPAddress */

-	X509_NAME *dirn;		/* dirn */

-	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */

-	ASN1_OBJECT *rid; /* registeredID */

-	ASN1_TYPE *other; /* x400Address */

-} d;

-} GENERAL_NAME;

-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;

-typedef struct ACCESS_DESCRIPTION_st {

-	ASN1_OBJECT *method;

-	GENERAL_NAME *location;

-} ACCESS_DESCRIPTION;

-typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;

-typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;

-DECLARE_STACK_OF(GENERAL_NAME)

-DECLARE_ASN1_SET_OF(GENERAL_NAME)

-DECLARE_STACK_OF(ACCESS_DESCRIPTION)

-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)

-typedef struct DIST_POINT_NAME_st {

-int type;

-union {

-	GENERAL_NAMES *fullname;

-	STACK_OF(X509_NAME_ENTRY) *relativename;

-} name;

-} DIST_POINT_NAME;

-typedef struct DIST_POINT_st {

-DIST_POINT_NAME	*distpoint;

-ASN1_BIT_STRING *reasons;

-GENERAL_NAMES *CRLissuer;

-} DIST_POINT;

-typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;

-DECLARE_STACK_OF(DIST_POINT)

-DECLARE_ASN1_SET_OF(DIST_POINT)

-typedef struct AUTHORITY_KEYID_st {

-ASN1_OCTET_STRING *keyid;

-GENERAL_NAMES *issuer;

-ASN1_INTEGER *serial;

-} AUTHORITY_KEYID;

-/* Strong extranet structures */

-typedef struct SXNET_ID_st {

-	ASN1_INTEGER *zone;

-	ASN1_OCTET_STRING *user;

-} SXNETID;

-DECLARE_STACK_OF(SXNETID)

-DECLARE_ASN1_SET_OF(SXNETID)

-typedef struct SXNET_st {

-	ASN1_INTEGER *version;

-	STACK_OF(SXNETID) *ids;

-} SXNET;

-typedef struct NOTICEREF_st {

-	ASN1_STRING *organization;

-	STACK_OF(ASN1_INTEGER) *noticenos;

-} NOTICEREF;

-typedef struct USERNOTICE_st {

-	NOTICEREF *noticeref;

-	ASN1_STRING *exptext;

-} USERNOTICE;

-typedef struct POLICYQUALINFO_st {

-	ASN1_OBJECT *pqualid;

-	union {

-		ASN1_IA5STRING *cpsuri;

-		USERNOTICE *usernotice;

-		ASN1_TYPE *other;

-	} d;

-} POLICYQUALINFO;

-DECLARE_STACK_OF(POLICYQUALINFO)

-DECLARE_ASN1_SET_OF(POLICYQUALINFO)

-typedef struct POLICYINFO_st {

-	ASN1_OBJECT *policyid;

-	STACK_OF(POLICYQUALINFO) *qualifiers;

-} POLICYINFO;

-typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;

-DECLARE_STACK_OF(POLICYINFO)

-DECLARE_ASN1_SET_OF(POLICYINFO)

-typedef struct POLICY_MAPPING_st {

-	ASN1_OBJECT *issuerDomainPolicy;

-	ASN1_OBJECT *subjectDomainPolicy;

-} POLICY_MAPPING;

-DECLARE_STACK_OF(POLICY_MAPPING)

-typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;

-typedef struct GENERAL_SUBTREE_st {

-	GENERAL_NAME *base;

-	ASN1_INTEGER *minimum;

-	ASN1_INTEGER *maximum;

-} GENERAL_SUBTREE;

-DECLARE_STACK_OF(GENERAL_SUBTREE)

-typedef struct NAME_CONSTRAINTS_st {

-	STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;

-	STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;

-} NAME_CONSTRAINTS;

-typedef struct POLICY_CONSTRAINTS_st {

-	ASN1_INTEGER *requireExplicitPolicy;

-	ASN1_INTEGER *inhibitPolicyMapping;

-} POLICY_CONSTRAINTS;

-/* Proxy certificate structures, see RFC 3820 */

-typedef struct PROXY_POLICY_st

-	{

-	ASN1_OBJECT *policyLanguage;

-	ASN1_OCTET_STRING *policy;

-	} PROXY_POLICY;

-typedef struct PROXY_CERT_INFO_EXTENSION_st

-	{

-	ASN1_INTEGER *pcPathLengthConstraint;

-	PROXY_POLICY *proxyPolicy;

-	} PROXY_CERT_INFO_EXTENSION;

-DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)

-DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)

-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \

-",name:", val->name, ",value:", val->value);

-#define X509V3_set_ctx_test(ctx) \

-			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)

-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;

-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \

-			0,0,0,0, \

-			0,0, \

-			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \

-			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \

-			NULL, NULL, \

-			table}

-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \

-			0,0,0,0, \

-			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \

-			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \

-			0,0,0,0, \

-			NULL}

-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}

-/* X509_PURPOSE stuff */

-#define EXFLAG_BCONS		0x1

-#define EXFLAG_KUSAGE		0x2

-#define EXFLAG_XKUSAGE		0x4

-#define EXFLAG_NSCERT		0x8

-#define EXFLAG_CA		0x10

-#define EXFLAG_SS		0x20

-#define EXFLAG_V1		0x40

-#define EXFLAG_INVALID		0x80

-#define EXFLAG_SET		0x100

-#define EXFLAG_CRITICAL		0x200

-#define EXFLAG_PROXY		0x400

-#define EXFLAG_INVALID_POLICY	0x400

-#define KU_DIGITAL_SIGNATURE	0x0080

-#define KU_NON_REPUDIATION	0x0040

-#define KU_KEY_ENCIPHERMENT	0x0020

-#define KU_DATA_ENCIPHERMENT	0x0010

-#define KU_KEY_AGREEMENT	0x0008

-#define KU_KEY_CERT_SIGN	0x0004

-#define KU_CRL_SIGN		0x0002

-#define KU_ENCIPHER_ONLY	0x0001

-#define KU_DECIPHER_ONLY	0x8000

-#define NS_SSL_CLIENT		0x80

-#define NS_SSL_SERVER		0x40

-#define NS_SMIME		0x20

-#define NS_OBJSIGN		0x10

-#define NS_SSL_CA		0x04

-#define NS_SMIME_CA		0x02

-#define NS_OBJSIGN_CA		0x01

-#define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)

-#define XKU_SSL_SERVER		0x1

-#define XKU_SSL_CLIENT		0x2

-#define XKU_SMIME		0x4

-#define XKU_CODE_SIGN		0x8

-#define XKU_SGC			0x10

-#define XKU_OCSP_SIGN		0x20

-#define XKU_TIMESTAMP		0x40

-#define XKU_DVCS		0x80

-#define X509_PURPOSE_DYNAMIC	0x1

-#define X509_PURPOSE_DYNAMIC_NAME	0x2

-typedef struct x509_purpose_st {

-	int purpose;

-	int trust;		/* Default trust ID */

-	int flags;

-	int (*check_purpose)(const struct x509_purpose_st *,

-				const X509 *, int);

-	char *name;

-	char *sname;

-	void *usr_data;

-} X509_PURPOSE;

-#define X509_PURPOSE_SSL_CLIENT		1

-#define X509_PURPOSE_SSL_SERVER		2

-#define X509_PURPOSE_NS_SSL_SERVER	3

-#define X509_PURPOSE_SMIME_SIGN		4

-#define X509_PURPOSE_SMIME_ENCRYPT	5

-#define X509_PURPOSE_CRL_SIGN		6

-#define X509_PURPOSE_ANY		7

-#define X509_PURPOSE_OCSP_HELPER	8

-#define X509_PURPOSE_MIN		1

-#define X509_PURPOSE_MAX		8

-/* Flags for X509V3_EXT_print() */

-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)

-/* Return error for unknown extensions */

-#define X509V3_EXT_DEFAULT		0

-/* Print error for unknown extensions */

-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)

-/* ASN1 parse unknown extensions */

-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)

-/* BIO_dump unknown extensions */

-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)

-/* Flags for X509V3_add1_i2d */

-#define X509V3_ADD_OP_MASK		0xfL

-#define X509V3_ADD_DEFAULT		0L

-#define X509V3_ADD_APPEND		1L

-#define X509V3_ADD_REPLACE		2L

-#define X509V3_ADD_REPLACE_EXISTING	3L

-#define X509V3_ADD_KEEP_EXISTING	4L

-#define X509V3_ADD_DELETE		5L

-#define X509V3_ADD_SILENT		0x10

-DECLARE_STACK_OF(X509_PURPOSE)

-DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)

-DECLARE_ASN1_FUNCTIONS(SXNET)

-DECLARE_ASN1_FUNCTIONS(SXNETID)

-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);

-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);

-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);

-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);

-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);

-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);

-DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)

-DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)

-DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)

-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,

-				ASN1_BIT_STRING *bits,

-				STACK_OF(CONF_VALUE) *extlist);

-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);

-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);

-DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)

-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,

-		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);

-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-DECLARE_ASN1_FUNCTIONS(OTHERNAME)

-DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)

-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);

-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);

-DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)

-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);

-DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)

-DECLARE_ASN1_FUNCTIONS(POLICYINFO)

-DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)

-DECLARE_ASN1_FUNCTIONS(USERNOTICE)

-DECLARE_ASN1_FUNCTIONS(NOTICEREF)

-DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)

-DECLARE_ASN1_FUNCTIONS(DIST_POINT)

-DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)

-DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)

-DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)

-DECLARE_ASN1_ITEM(POLICY_MAPPING)

-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)

-DECLARE_ASN1_ITEM(POLICY_MAPPINGS)

-DECLARE_ASN1_ITEM(GENERAL_SUBTREE)

-DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)

-DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)

-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)

-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)

-DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)

-#ifdef HEADER_CONF_H

-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

-							CONF_VALUE *cnf);

-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);

-void X509V3_conf_free(CONF_VALUE *val);

-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);

-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);

-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);

-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);

-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);

-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);

-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);

-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);

-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);

-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);

-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);

-int X509V3_add_value_bool_nf(char *name, int asn1_bool,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);

-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);

-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);

-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);

-#endif

-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);

-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);

-void X509V3_string_free(X509V3_CTX *ctx, char *str);

-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);

-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,

-				 X509_REQ *req, X509_CRL *crl, int flags);

-int X509V3_add_value(const char *name, const char *value,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_add_value_uchar(const char *name, const unsigned char *value,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_add_value_bool(const char *name, int asn1_bool,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,

-						STACK_OF(CONF_VALUE) **extlist);

-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);

-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);

-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);

-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);

-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);

-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);

-int X509V3_EXT_add_alias(int nid_to, int nid_from);

-void X509V3_EXT_cleanup(void);

-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);

-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);

-int X509V3_add_standard_extensions(void);

-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);

-void *X509V3_EXT_d2i(X509_EXTENSION *ext);

-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);

-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);

-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);

-char *hex_to_string(unsigned char *buffer, long len);

-unsigned char *string_to_hex(char *str, long *len);

-int name_cmp(const char *name, const char *cmp);

-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,

-								 int ml);

-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);

-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);

-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);

-int X509_check_ca(X509 *x);

-int X509_check_purpose(X509 *x, int id, int ca);

-int X509_supported_extension(X509_EXTENSION *ex);

-int X509_PURPOSE_set(int *p, int purpose);

-int X509_check_issued(X509 *issuer, X509 *subject);

-int X509_PURPOSE_get_count(void);

-X509_PURPOSE * X509_PURPOSE_get0(int idx);

-int X509_PURPOSE_get_by_sname(char *sname);

-int X509_PURPOSE_get_by_id(int id);

-int X509_PURPOSE_add(int id, int trust, int flags,

-			int (*ck)(const X509_PURPOSE *, const X509 *, int),

-				char *name, char *sname, void *arg);

-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);

-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);

-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);

-void X509_PURPOSE_cleanup(void);

-int X509_PURPOSE_get_id(X509_PURPOSE *);

-STACK *X509_get1_email(X509 *x);

-STACK *X509_REQ_get1_email(X509_REQ *x);

-void X509_email_free(STACK *sk);

-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);

-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);

-int a2i_ipadd(unsigned char *ipout, const char *ipasc);

-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,

-						unsigned long chtype);

-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);

-#ifndef OPENSSL_NO_RFC3779

-typedef struct ASRange_st {

-  ASN1_INTEGER *min, *max;

-} ASRange;

-#define	ASIdOrRange_id		0

-#define	ASIdOrRange_range	1

-typedef struct ASIdOrRange_st {

-  int type;

-  union {

-    ASN1_INTEGER *id;

-    ASRange      *range;

-  } u;

-} ASIdOrRange;

-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;

-DECLARE_STACK_OF(ASIdOrRange)

-#define	ASIdentifierChoice_inherit		0

-#define	ASIdentifierChoice_asIdsOrRanges	1

-typedef struct ASIdentifierChoice_st {

-  int type;

-  union {

-    ASN1_NULL    *inherit;

-    ASIdOrRanges *asIdsOrRanges;

-  } u;

-} ASIdentifierChoice;

-typedef struct ASIdentifiers_st {

-  ASIdentifierChoice *asnum, *rdi;

-} ASIdentifiers;

-DECLARE_ASN1_FUNCTIONS(ASRange)

-DECLARE_ASN1_FUNCTIONS(ASIdOrRange)

-DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)

-DECLARE_ASN1_FUNCTIONS(ASIdentifiers)

-typedef struct IPAddressRange_st {

-  ASN1_BIT_STRING	*min, *max;

-} IPAddressRange;

-#define	IPAddressOrRange_addressPrefix	0

-#define	IPAddressOrRange_addressRange	1

-typedef struct IPAddressOrRange_st {

-  int type;

-  union {

-    ASN1_BIT_STRING	*addressPrefix;

-    IPAddressRange	*addressRange;

-  } u;

-} IPAddressOrRange;

-typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;

-DECLARE_STACK_OF(IPAddressOrRange)

-#define	IPAddressChoice_inherit			0

-#define	IPAddressChoice_addressesOrRanges	1

-typedef struct IPAddressChoice_st {

-  int type;

-  union {

-    ASN1_NULL		*inherit;

-    IPAddressOrRanges	*addressesOrRanges;

-  } u;

-} IPAddressChoice;

-typedef struct IPAddressFamily_st {

-  ASN1_OCTET_STRING	*addressFamily;

-  IPAddressChoice	*ipAddressChoice;

-} IPAddressFamily;

-typedef STACK_OF(IPAddressFamily) IPAddrBlocks;

-DECLARE_STACK_OF(IPAddressFamily)

-DECLARE_ASN1_FUNCTIONS(IPAddressRange)

-DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)

-DECLARE_ASN1_FUNCTIONS(IPAddressChoice)

-DECLARE_ASN1_FUNCTIONS(IPAddressFamily)

-/*

- * API tag for elements of the ASIdentifer SEQUENCE.

- */

-#define	V3_ASID_ASNUM	0

-#define	V3_ASID_RDI	1

-/*

- * AFI values, assigned by IANA.  It'd be nice to make the AFI

- * handling code totally generic, but there are too many little things

- * that would need to be defined for other address families for it to

- * be worth the trouble.

- */

-#define	IANA_AFI_IPV4	1

-#define	IANA_AFI_IPV6	2

-/*

- * Utilities to construct and extract values from RFC3779 extensions,

- * since some of the encodings (particularly for IP address prefixes

- * and ranges) are a bit tedious to work with directly.

- */

-int v3_asid_add_inherit(ASIdentifiers *asid, int which);

-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,

-			    ASN1_INTEGER *min, ASN1_INTEGER *max);

-int v3_addr_add_inherit(IPAddrBlocks *addr,

-			const unsigned afi, const unsigned *safi);

-int v3_addr_add_prefix(IPAddrBlocks *addr,

-		       const unsigned afi, const unsigned *safi,

-		       unsigned char *a, const int prefixlen);

-int v3_addr_add_range(IPAddrBlocks *addr,

-		      const unsigned afi, const unsigned *safi,

-		      unsigned char *min, unsigned char *max);

-unsigned v3_addr_get_afi(const IPAddressFamily *f);

-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,

-		      unsigned char *min, unsigned char *max,

-		      const int length);

-/*

- * Canonical forms.

- */

-int v3_asid_is_canonical(ASIdentifiers *asid);

-int v3_addr_is_canonical(IPAddrBlocks *addr);

-int v3_asid_canonize(ASIdentifiers *asid);

-int v3_addr_canonize(IPAddrBlocks *addr);

-/*

- * Tests for inheritance and containment.

- */

-int v3_asid_inherits(ASIdentifiers *asid);

-int v3_addr_inherits(IPAddrBlocks *addr);

-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);

-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);

-/*

- * Check whether RFC 3779 extensions nest properly in chains.

- */

-int v3_asid_validate_path(X509_STORE_CTX *);

-int v3_addr_validate_path(X509_STORE_CTX *);

-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,

-				  ASIdentifiers *ext,

-				  int allow_inheritance);

-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,

-				  IPAddrBlocks *ext,

-				  int allow_inheritance);

-#endif /* OPENSSL_NO_RFC3779 */

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_X509V3_strings(void);

-/* Error codes for the X509V3 functions. */

-/* Function codes. */

-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE		 156

-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL	 157

-#define X509V3_F_COPY_EMAIL				 122

-#define X509V3_F_COPY_ISSUER				 123

-#define X509V3_F_DO_DIRNAME				 144

-#define X509V3_F_DO_EXT_CONF				 124

-#define X509V3_F_DO_EXT_I2D				 135

-#define X509V3_F_DO_EXT_NCONF				 151

-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS		 148

-#define X509V3_F_HEX_TO_STRING				 111

-#define X509V3_F_I2S_ASN1_ENUMERATED			 121

-#define X509V3_F_I2S_ASN1_IA5STRING			 149

-#define X509V3_F_I2S_ASN1_INTEGER			 120

-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138

-#define X509V3_F_NOTICE_SECTION				 132

-#define X509V3_F_NREF_NOS				 133

-#define X509V3_F_POLICY_SECTION				 131

-#define X509V3_F_PROCESS_PCI_VALUE			 150

-#define X509V3_F_R2I_CERTPOL				 130

-#define X509V3_F_R2I_PCI				 155

-#define X509V3_F_S2I_ASN1_IA5STRING			 100

-#define X509V3_F_S2I_ASN1_INTEGER			 108

-#define X509V3_F_S2I_ASN1_OCTET_STRING			 112

-#define X509V3_F_S2I_ASN1_SKEY_ID			 114

-#define X509V3_F_S2I_SKEY_ID				 115

-#define X509V3_F_STRING_TO_HEX				 113

-#define X509V3_F_SXNET_ADD_ID_ASC			 125

-#define X509V3_F_SXNET_ADD_ID_INTEGER			 126

-#define X509V3_F_SXNET_ADD_ID_ULONG			 127

-#define X509V3_F_SXNET_GET_ID_ASC			 128

-#define X509V3_F_SXNET_GET_ID_ULONG			 129

-#define X509V3_F_V2I_ASIDENTIFIERS			 158

-#define X509V3_F_V2I_ASN1_BIT_STRING			 101

-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS		 139

-#define X509V3_F_V2I_AUTHORITY_KEYID			 119

-#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102

-#define X509V3_F_V2I_CRLD				 134

-#define X509V3_F_V2I_EXTENDED_KEY_USAGE			 103

-#define X509V3_F_V2I_GENERAL_NAMES			 118

-#define X509V3_F_V2I_GENERAL_NAME_EX			 117

-#define X509V3_F_V2I_IPADDRBLOCKS			 159

-#define X509V3_F_V2I_ISSUER_ALT				 153

-#define X509V3_F_V2I_NAME_CONSTRAINTS			 147

-#define X509V3_F_V2I_POLICY_CONSTRAINTS			 146

-#define X509V3_F_V2I_POLICY_MAPPINGS			 145

-#define X509V3_F_V2I_SUBJECT_ALT			 154

-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL		 160

-#define X509V3_F_V3_GENERIC_EXTENSION			 116

-#define X509V3_F_X509V3_ADD1_I2D			 140

-#define X509V3_F_X509V3_ADD_VALUE			 105

-#define X509V3_F_X509V3_EXT_ADD				 104

-#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106

-#define X509V3_F_X509V3_EXT_CONF			 107

-#define X509V3_F_X509V3_EXT_I2D				 136

-#define X509V3_F_X509V3_EXT_NCONF			 152

-#define X509V3_F_X509V3_GET_SECTION			 142

-#define X509V3_F_X509V3_GET_STRING			 143

-#define X509V3_F_X509V3_GET_VALUE_BOOL			 110

-#define X509V3_F_X509V3_PARSE_LIST			 109

-#define X509V3_F_X509_PURPOSE_ADD			 137

-#define X509V3_F_X509_PURPOSE_SET			 141

-/* Reason codes. */

-#define X509V3_R_BAD_IP_ADDRESS				 118

-#define X509V3_R_BAD_OBJECT				 119

-#define X509V3_R_BN_DEC2BN_ERROR			 100

-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101

-#define X509V3_R_DIRNAME_ERROR				 149

-#define X509V3_R_DUPLICATE_ZONE_ID			 133

-#define X509V3_R_ERROR_CONVERTING_ZONE			 131

-#define X509V3_R_ERROR_CREATING_EXTENSION		 144

-#define X509V3_R_ERROR_IN_EXTENSION			 128

-#define X509V3_R_EXPECTED_A_SECTION_NAME		 137

-#define X509V3_R_EXTENSION_EXISTS			 145

-#define X509V3_R_EXTENSION_NAME_ERROR			 115

-#define X509V3_R_EXTENSION_NOT_FOUND			 102

-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103

-#define X509V3_R_EXTENSION_VALUE_ERROR			 116

-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION		 151

-#define X509V3_R_ILLEGAL_HEX_DIGIT			 113

-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG		 152

-#define X509V3_R_INVALID_ASNUMBER			 160

-#define X509V3_R_INVALID_ASRANGE			 161

-#define X509V3_R_INVALID_BOOLEAN_STRING			 104

-#define X509V3_R_INVALID_EXTENSION_STRING		 105

-#define X509V3_R_INVALID_INHERITANCE			 162

-#define X509V3_R_INVALID_IPADDRESS			 163

-#define X509V3_R_INVALID_NAME				 106

-#define X509V3_R_INVALID_NULL_ARGUMENT			 107

-#define X509V3_R_INVALID_NULL_NAME			 108

-#define X509V3_R_INVALID_NULL_VALUE			 109

-#define X509V3_R_INVALID_NUMBER				 140

-#define X509V3_R_INVALID_NUMBERS			 141

-#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110

-#define X509V3_R_INVALID_OPTION				 138

-#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134

-#define X509V3_R_INVALID_PROXY_POLICY_SETTING		 153

-#define X509V3_R_INVALID_PURPOSE			 146

-#define X509V3_R_INVALID_SAFI				 164

-#define X509V3_R_INVALID_SECTION			 135

-#define X509V3_R_INVALID_SYNTAX				 143

-#define X509V3_R_ISSUER_DECODE_ERROR			 126

-#define X509V3_R_MISSING_VALUE				 124

-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142

-#define X509V3_R_NO_CONFIG_DATABASE			 136

-#define X509V3_R_NO_ISSUER_CERTIFICATE			 121

-#define X509V3_R_NO_ISSUER_DETAILS			 127

-#define X509V3_R_NO_POLICY_IDENTIFIER			 139

-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED	 154

-#define X509V3_R_NO_PUBLIC_KEY				 114

-#define X509V3_R_NO_SUBJECT_DETAILS			 125

-#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112

-#define X509V3_R_OPERATION_NOT_DEFINED			 148

-#define X509V3_R_OTHERNAME_ERROR			 147

-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED	 155

-#define X509V3_R_POLICY_PATH_LENGTH			 156

-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED	 157

-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED	 158

-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159

-#define X509V3_R_SECTION_NOT_FOUND			 150

-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122

-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123

-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111

-#define X509V3_R_UNKNOWN_EXTENSION			 129

-#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130

-#define X509V3_R_UNKNOWN_OPTION				 120

-#define X509V3_R_UNSUPPORTED_OPTION			 117

-#define X509V3_R_USER_TOO_LONG				 132

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/CHANGES

+++ /dev/null

@@ -1,8047 +1,0 @@

- OpenSSL CHANGES

- _______________

- Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]

-  *) Fix various bugs:

-     + Binary incompatibility of ssl_ctx_st structure

-     + DTLS interoperation with non-compliant servers

-     + Don't call get_session_cb() without proposed session

-     + Fix ia64 assembler code

-     [Andy Polyakov, Steve Henson]

- Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]

-  *) DTLS Handshake overhaul. There were longstanding issues with

-     OpenSSL DTLS implementation, which were making it impossible for

-     RFC 4347 compliant client to communicate with OpenSSL server.

-     Unfortunately just fixing these incompatibilities would "cut off"

-     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e

-     server keeps tolerating non RFC compliant syntax. The opposite is

-     not true, 0.9.8f client can not communicate with earlier server.

-     This update even addresses CVE-2007-4995.

-     [Andy Polyakov]

-  *) Changes to avoid need for function casts in OpenSSL: some compilers

-     (gcc 4.2 and later) reject their use.

-     [Kurt Roeckx <[email protected]>, Peter Hartley <[email protected]>,

-      Steve Henson]

-  *) Add RFC4507 support to OpenSSL. This includes the corrections in

-     RFC4507bis. The encrypted ticket format is an encrypted encoded

-     SSL_SESSION structure, that way new session features are automatically

-     supported.

-     If a client application caches session in an SSL_SESSION structure

-     support is transparent because tickets are now stored in the encoded

-     SSL_SESSION.

-     The SSL_CTX structure automatically generates keys for ticket

-     protection in servers so again support should be possible

-     with no application modification.

-     If a client or server wishes to disable RFC4507 support then the option

-     SSL_OP_NO_TICKET can be set.

-     Add a TLS extension debugging callback to allow the contents of any client

-     or server extensions to be examined.

-     This work was sponsored by Google.

-     [Steve Henson]

-  *) Add initial support for TLS extensions, specifically for the server_name

-     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now

-     have new members for a host name.  The SSL data structure has an

-     additional member SSL_CTX *initial_ctx so that new sessions can be

-     stored in that context to allow for session resumption, even after the

-     SSL has been switched to a new SSL_CTX in reaction to a client's

-     server_name extension.

-     New functions (subject to change):

-         SSL_get_servername()

-         SSL_get_servername_type()

-         SSL_set_SSL_CTX()

-     New CTRL codes and macros (subject to change):

-         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB

-                                 - SSL_CTX_set_tlsext_servername_callback()

-         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG

-                                      - SSL_CTX_set_tlsext_servername_arg()

-         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()

-     openssl s_client has a new '-servername ...' option.

-     openssl s_server has new options '-servername_host ...', '-cert2 ...',

-     '-key2 ...', '-servername_fatal' (subject to change).  This allows

-     testing the HostName extension for a specific single host name ('-cert'

-     and '-key' remain fallbacks for handshakes without HostName

-     negotiation).  If the unrecogninzed_name alert has to be sent, this by

-     default is a warning; it becomes fatal with the '-servername_fatal'

-     option.

-     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]

-  *) Add AES and SSE2 assembly language support to VC++ build.

-     [Steve Henson]

-  *) Mitigate attack on final subtraction in Montgomery reduction.

-     [Andy Polyakov]

-  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0

-     (which previously caused an internal error).

-     [Bodo Moeller]

-  *) Squeeze another 10% out of IGE mode when in != out.

-     [Ben Laurie]

-  *) AES IGE mode speedup.

-     [Dean Gaudet (Google)]

-  *) Add the Korean symmetric 128-bit cipher SEED (see

-     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and

-     add SEED ciphersuites from RFC 4162:

-        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"

-        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"

-        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"

-        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"

-     To minimize changes between patchlevels in the OpenSSL 0.9.8

-     series, SEED remains excluded from compilation unless OpenSSL

-     is configured with 'enable-seed'.

-     [KISA, Bodo Moeller]

-  *) Mitigate branch prediction attacks, which can be practical if a

-     single processor is shared, allowing a spy process to extract

-     information.  For detailed background information, see

-     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,

-     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL

-     and Necessary Software Countermeasures").  The core of the change

-     are new versions BN_div_no_branch() and

-     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),

-     respectively, which are slower, but avoid the security-relevant

-     conditional branches.  These are automatically called by BN_div()

-     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one

-     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to

-     remove a conditional branch.

-     BN_FLG_CONSTTIME is the new name for the previous

-     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just

-     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag

-     in the exponent causes BN_mod_exp_mont() to use the alternative

-     implementation in BN_mod_exp_mont_consttime().)  The old name

-     remains as a deprecated alias.

-     Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general

-     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses

-     constant-time implementations for more than just exponentiation.

-     Here too the old name is kept as a deprecated alias.

-     BN_BLINDING_new() will now use BN_dup() for the modulus so that

-     the BN_BLINDING structure gets an independent copy of the

-     modulus.  This means that the previous "BIGNUM *m" argument to

-     BN_BLINDING_new() and to BN_BLINDING_create_param() now

-     essentially becomes "const BIGNUM *m", although we can't actually

-     change this in the header file before 0.9.9.  It allows

-     RSA_setup_blinding() to use BN_with_flags() on the modulus to

-     enable BN_FLG_CONSTTIME.

-     [Matthew D Wood (Intel Corp)]

-  *) In the SSL/TLS server implementation, be strict about session ID

-     context matching (which matters if an application uses a single

-     external cache for different purposes).  Previously,

-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was

-     set.  This did ensure strict client verification, but meant that,

-     with applications using a single external cache for quite

-     different requirements, clients could circumvent ciphersuite

-     restrictions for a given session ID context by starting a session

-     in a different context.

-     [Bodo Moeller]

-  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that

-     a ciphersuite string such as "DEFAULT:RSA" cannot enable

-     authentication-only ciphersuites.

-     [Bodo Moeller]

- Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]

-  *) Since AES128 and AES256 (and similarly Camellia128 and

-     Camellia256) share a single mask bit in the logic of

-     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

-     kludge to work properly if AES128 is available and AES256 isn't

-     (or if Camellia128 is available and Camellia256 isn't).

-     [Victor Duchovni]

-  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c

-     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):

-     When a point or a seed is encoded in a BIT STRING, we need to

-     prevent the removal of trailing zero bits to get the proper DER

-     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case

-     of a NamedBitList, for which trailing 0 bits need to be removed.)

-     [Bodo Moeller]

-  *) Have SSL/TLS server implementation tolerate "mismatched" record

-     protocol version while receiving ClientHello even if the

-     ClientHello is fragmented.  (The server can't insist on the

-     particular protocol version it has chosen before the ServerHello

-     message has informed the client about his choice.)

-     [Bodo Moeller]

-  *) Add RFC 3779 support.

-     [Rob Austein for ARIN, Ben Laurie]

-  *) Load error codes if they are not already present instead of using a

-     static variable. This allows them to be cleanly unloaded and reloaded.

-     Improve header file function name parsing.

-     [Steve Henson]

-  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO

-     or CAPABILITY handshake as required by RFCs.

-     [Goetz Babin-Ebell]

- Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]

-  *) Introduce limits to prevent malicious keys being able to

-     cause a denial of service.  (CVE-2006-2940)

-     [Steve Henson, Bodo Moeller]

-  *) Fix ASN.1 parsing of certain invalid structures that can result

-     in a denial of service.  (CVE-2006-2937)  [Steve Henson]

-  *) Fix buffer overflow in SSL_get_shared_ciphers() function.

-     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

-  *) Fix SSL client code which could crash if connecting to a

-     malicious SSLv2 server.  (CVE-2006-4343)

-     [Tavis Ormandy and Will Drewry, Google Security Team]

-  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites

-     match only those.  Before that, "AES256-SHA" would be interpreted

-     as a pattern and match "AES128-SHA" too (since AES128-SHA got

-     the same strength classification in 0.9.7h) as we currently only

-     have a single AES bit in the ciphersuite description bitmap.

-     That change, however, also applied to ciphersuite strings such as

-     "RC4-MD5" that intentionally matched multiple ciphersuites --

-     namely, SSL 2.0 ciphersuites in addition to the more common ones

-     from SSL 3.0/TLS 1.0.

-     So we change the selection algorithm again: Naming an explicit

-     ciphersuite selects this one ciphersuite, and any other similar

-     ciphersuite (same bitmap) from *other* protocol versions.

-     Thus, "RC4-MD5" again will properly select both the SSL 2.0

-     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.

-     Since SSL 2.0 does not have any ciphersuites for which the

-     128/256 bit distinction would be relevant, this works for now.

-     The proper fix will be to use different bits for AES128 and

-     AES256, which would have avoided the problems from the beginning;

-     however, bits are scarce, so we can only do this in a new release

-     (not just a patchlevel) when we can change the SSL_CIPHER

-     definition to split the single 'unsigned long mask' bitmap into

-     multiple values to extend the available space.

-     [Bodo Moeller]

- Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]

-  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher

-     (CVE-2006-4339)  [Ben Laurie and Google Security Team]

-  *) Add AES IGE and biIGE modes.

-     [Ben Laurie]

-  *) Change the Unix randomness entropy gathering to use poll() when

-     possible instead of select(), since the latter has some

-     undesirable limitations.

-     [Darryl Miles via Richard Levitte and Bodo Moeller]

-  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special

-     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites

-     cannot be implicitly activated as part of, e.g., the "AES" alias.

-     However, please upgrade to OpenSSL 0.9.9[-dev] for

-     non-experimental use of the ECC ciphersuites to get TLS extension

-     support, which is required for curve and point format negotiation

-     to avoid potential handshake problems.

-     [Bodo Moeller]

-  *) Disable rogue ciphersuites:

-      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")

-      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")

-      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")

-     The latter two were purportedly from

-     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really

-     appear there.

-     Also deactivate the remaining ciphersuites from

-     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as

-     unofficial, and the ID has long expired.

-     [Bodo Moeller]

-  *) Fix RSA blinding Heisenbug (problems sometimes occured on

-     dual-core machines) and other potential thread-safety issues.

-     [Bodo Moeller]

-  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key

-     versions), which is now available for royalty-free use

-     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).

-     Also, add Camellia TLS ciphersuites from RFC 4132.

-     To minimize changes between patchlevels in the OpenSSL 0.9.8

-     series, Camellia remains excluded from compilation unless OpenSSL

-     is configured with 'enable-camellia'.

-     [NTT]

-  *) Disable the padding bug check when compression is in use. The padding

-     bug check assumes the first packet is of even length, this is not

-     necessarily true if compresssion is enabled and can result in false

-     positives causing handshake failure. The actual bug test is ancient

-     code so it is hoped that implementations will either have fixed it by

-     now or any which still have the bug do not support compression.

-     [Steve Henson]

- Changes between 0.9.8a and 0.9.8b  [04 May 2006]

-  *) When applying a cipher rule check to see if string match is an explicit

-     cipher suite and only match that one cipher suite if it is.

-     [Steve Henson]

-  *) Link in manifests for VC++ if needed.

-     [Austin Ziegler <[email protected]>]

-  *) Update support for ECC-based TLS ciphersuites according to

-     draft-ietf-tls-ecc-12.txt with proposed changes (but without

-     TLS extensions, which are supported starting with the 0.9.9

-     branch, not in the OpenSSL 0.9.8 branch).

-     [Douglas Stebila]

-  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support

-     opaque EVP_CIPHER_CTX handling.

-     [Steve Henson]

-  *) Fixes and enhancements to zlib compression code. We now only use

-     "zlib1.dll" and use the default __cdecl calling convention on Win32

-     to conform with the standards mentioned here:

-           http://www.zlib.net/DLL_FAQ.txt

-     Static zlib linking now works on Windows and the new --with-zlib-include

-     --with-zlib-lib options to Configure can be used to supply the location

-     of the headers and library. Gracefully handle case where zlib library

-     can't be loaded.

-     [Steve Henson]

-  *) Several fixes and enhancements to the OID generation code. The old code

-     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't

-     handle numbers larger than ULONG_MAX, truncated printing and had a

-     non standard OBJ_obj2txt() behaviour.

-     [Steve Henson]

-  *) Add support for building of engines under engine/ as shared libraries

-     under VC++ build system.

-     [Steve Henson]

-  *) Corrected the numerous bugs in the Win32 path splitter in DSO.

-     Hopefully, we will not see any false combination of paths any more.

-     [Richard Levitte]

- Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]

-  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING

-     (part of SSL_OP_ALL).  This option used to disable the

-     countermeasure against man-in-the-middle protocol-version

-     rollback in the SSL 2.0 server implementation, which is a bad

-     idea.  (CVE-2005-2969)

-     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center

-     for Information Security, National Institute of Advanced Industrial

-     Science and Technology [AIST], Japan)]

-  *) Add two function to clear and return the verify parameter flags.

-     [Steve Henson]

-  *) Keep cipherlists sorted in the source instead of sorting them at

-     runtime, thus removing the need for a lock.

-     [Nils Larsch]

-  *) Avoid some small subgroup attacks in Diffie-Hellman.

-     [Nick Mathewson and Ben Laurie]

-  *) Add functions for well-known primes.

-     [Nick Mathewson]

-  *) Extended Windows CE support.

-     [Satoshi Nakamura and Andy Polyakov]

-  *) Initialize SSL_METHOD structures at compile time instead of during

-     runtime, thus removing the need for a lock.

-     [Steve Henson]

-  *) Make PKCS7_decrypt() work even if no certificate is supplied by

-     attempting to decrypt each encrypted key in turn. Add support to

-     smime utility.

-     [Steve Henson]

- Changes between 0.9.7h and 0.9.8  [05 Jul 2005]

-  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after

-  OpenSSL 0.9.8.]

-  *) Add libcrypto.pc and libssl.pc for those who feel they need them.

-     [Richard Levitte]

-  *) Change CA.sh and CA.pl so they don't bundle the CSR and the private

-     key into the same file any more.

-     [Richard Levitte]

-  *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.

-     [Andy Polyakov]

-  *) Add -utf8 command line and config file option to 'ca'.

-     [Stefan <[email protected]]

-  *) Removed the macro des_crypt(), as it seems to conflict with some

-     libraries.  Use DES_crypt().

-     [Richard Levitte]

-  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This

-     involves renaming the source and generated shared-libs for

-     both. The engines will accept the corrected or legacy ids

-     ('ncipher' and '4758_cca' respectively) when binding. NB,

-     this only applies when building 'shared'.

-     [Corinna Vinschen <[email protected]> and Geoff Thorpe]

-  *) Add attribute functions to EVP_PKEY structure. Modify

-     PKCS12_create() to recognize a CSP name attribute and

-     use it. Make -CSP option work again in pkcs12 utility.

-     [Steve Henson]

-  *) Add new functionality to the bn blinding code:

-     - automatic re-creation of the BN_BLINDING parameters after

-       a fixed number of uses (currently 32)

-     - add new function for parameter creation

-     - introduce flags to control the update behaviour of the

-       BN_BLINDING parameters

-     - hide BN_BLINDING structure

-     Add a second BN_BLINDING slot to the RSA structure to improve

-     performance when a single RSA object is shared among several

-     threads.

-     [Nils Larsch]

-  *) Add support for DTLS.

-     [Nagendra Modadugu <[email protected]> and Ben Laurie]

-  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)

-     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()

-     [Walter Goulet]

-  *) Remove buggy and incompletet DH cert support from

-     ssl/ssl_rsa.c and ssl/s3_both.c

-     [Nils Larsch]

-  *) Use SHA-1 instead of MD5 as the default digest algorithm for

-     the apps/openssl applications.

-     [Nils Larsch]

-  *) Compile clean with "-Wall -Wmissing-prototypes

-     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently

-     DEBUG_SAFESTACK must also be set.

-     [Ben Laurie]

-  *) Change ./Configure so that certain algorithms can be disabled by default.

-     The new counterpiece to "no-xxx" is "enable-xxx".

-     The patented RC5 and MDC2 algorithms will now be disabled unless

-     "enable-rc5" and "enable-mdc2", respectively, are specified.

-     (IDEA remains enabled despite being patented.  This is because IDEA

-     is frequently required for interoperability, and there is no license

-     fee for non-commercial use.  As before, "no-idea" can be used to

-     avoid this algorithm.)

-     [Bodo Moeller]

-  *) Add processing of proxy certificates (see RFC 3820).  This work was

-     sponsored by KTH (The Royal Institute of Technology in Stockholm) and

-     EGEE (Enabling Grids for E-science in Europe).

-     [Richard Levitte]

-  *) RC4 performance overhaul on modern architectures/implementations, such

-     as Intel P4, IA-64 and AMD64.

-     [Andy Polyakov]

-  *) New utility extract-section.pl. This can be used specify an alternative

-     section number in a pod file instead of having to treat each file as

-     a separate case in Makefile. This can be done by adding two lines to the

-     pod file:

-     =for comment openssl_section:XXX

-     The blank line is mandatory.

-     [Steve Henson]

-  *) New arguments -certform, -keyform and -pass for s_client and s_server

-     to allow alternative format key and certificate files and passphrase

-     sources.

-     [Steve Henson]

-  *) New structure X509_VERIFY_PARAM which combines current verify parameters,

-     update associated structures and add various utility functions.

-     Add new policy related verify parameters, include policy checking in

-     standard verify code. Enhance 'smime' application with extra parameters

-     to support policy checking and print out.

-     [Steve Henson]

-  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3

-     Nehemiah processors. These extensions support AES encryption in hardware

-     as well as RNG (though RNG support is currently disabled).

-     [Michal Ludvig <[email protected]>, with help from Andy Polyakov]

-  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).

-     [Geoff Thorpe]

-  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.

-     [Andy Polyakov and a number of other people]

-  *) Improved PowerPC platform support. Most notably BIGNUM assembler

-     implementation contributed by IBM.

-     [Suresh Chari, Peter Waltenberg, Andy Polyakov]

-  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public

-     exponent rather than 'unsigned long'. There is a corresponding change to

-     the new 'rsa_keygen' element of the RSA_METHOD structure.

-     [Jelte Jansen, Geoff Thorpe]

-  *) Functionality for creating the initial serial number file is now

-     moved from CA.pl to the 'ca' utility with a new option -create_serial.

-     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial

-     number file to 1, which is bound to cause problems.  To avoid

-     the problems while respecting compatibility between different 0.9.7

-     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in

-     CA.pl for serial number initialization.  With the new release 0.9.8,

-     we can fix the problem directly in the 'ca' utility.)

-     [Steve Henson]

-  *) Reduced header interdepencies by declaring more opaque objects in

-     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will

-     give fewer recursive includes, which could break lazy source code - so

-     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,

-     developers should define this symbol when building and using openssl to

-     ensure they track the recommended behaviour, interfaces, [etc], but

-     backwards-compatible behaviour prevails when this isn't defined.

-     [Geoff Thorpe]

-  *) New function X509_POLICY_NODE_print() which prints out policy nodes.

-     [Steve Henson]

-  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.

-     This will generate a random key of the appropriate length based on the

-     cipher context. The EVP_CIPHER can provide its own random key generation

-     routine to support keys of a specific form. This is used in the des and

-     3des routines to generate a key of the correct parity. Update S/MIME

-     code to use new functions and hence generate correct parity DES keys.

-     Add EVP_CHECK_DES_KEY #define to return an error if the key is not

-     valid (weak or incorrect parity).

-     [Steve Henson]

-  *) Add a local set of CRLs that can be used by X509_verify_cert() as well

-     as looking them up. This is useful when the verified structure may contain

-     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs

-     present unless the new PKCS7_NO_CRL flag is asserted.

-     [Steve Henson]

-  *) Extend ASN1 oid configuration module. It now additionally accepts the

-     syntax:

-     shortName = some long name, 1.2.3.4

-     [Steve Henson]

-  *) Reimplemented the BN_CTX implementation. There is now no more static

-     limitation on the number of variables it can handle nor the depth of the

-     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack

-     information can now expand as required, and rather than having a single

-     static array of bignums, BN_CTX now uses a linked-list of such arrays

-     allowing it to expand on demand whilst maintaining the usefulness of

-     BN_CTX's "bundling".

-     [Geoff Thorpe]

-  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD

-     to allow all RSA operations to function using a single BN_CTX.

-     [Geoff Thorpe]

-  *) Preliminary support for certificate policy evaluation and checking. This

-     is initially intended to pass the tests outlined in "Conformance Testing

-     of Relying Party Client Certificate Path Processing Logic" v1.07.

-     [Steve Henson]

-  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and

-     remained unused and not that useful. A variety of other little bignum

-     tweaks and fixes have also been made continuing on from the audit (see

-     below).

-     [Geoff Thorpe]

-  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with

-     associated ASN1, EVP and SSL functions and old ASN1 macros.

-     [Richard Levitte]

-  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,

-     and this should never fail. So the return value from the use of

-     BN_set_word() (which can fail due to needless expansion) is now deprecated;

-     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.

-     [Geoff Thorpe]

-  *) BN_CTX_get() should return zero-valued bignums, providing the same

-     initialised value as BN_new().

-     [Geoff Thorpe, suggested by Ulf M�ller]

-  *) Support for inhibitAnyPolicy certificate extension.

-     [Steve Henson]

-  *) An audit of the BIGNUM code is underway, for which debugging code is

-     enabled when BN_DEBUG is defined. This makes stricter enforcements on what

-     is considered valid when processing BIGNUMs, and causes execution to

-     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,

-     further steps are taken to deliberately pollute unused data in BIGNUM

-     structures to try and expose faulty code further on. For now, openssl will

-     (in its default mode of operation) continue to tolerate the inconsistent

-     forms that it has tolerated in the past, but authors and packagers should

-     consider trying openssl and their own applications when compiled with

-     these debugging symbols defined. It will help highlight potential bugs in

-     their own code, and will improve the test coverage for OpenSSL itself. At

-     some point, these tighter rules will become openssl's default to improve

-     maintainability, though the assert()s and other overheads will remain only

-     in debugging configurations. See bn.h for more details.

-     [Geoff Thorpe, Nils Larsch, Ulf M�ller]

-  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure

-     that can only be obtained through BN_CTX_new() (which implicitly

-     initialises it). The presence of this function only made it possible

-     to overwrite an existing structure (and cause memory leaks).

-     [Geoff Thorpe]

-  *) Because of the callback-based approach for implementing LHASH as a

-     template type, lh_insert() adds opaque objects to hash-tables and

-     lh_doall() or lh_doall_arg() are typically used with a destructor callback

-     to clean up those corresponding objects before destroying the hash table

-     (and losing the object pointers). So some over-zealous constifications in

-     LHASH have been relaxed so that lh_insert() does not take (nor store) the

-     objects as "const" and the lh_doall[_arg] callback wrappers are not

-     prototyped to have "const" restrictions on the object pointers they are

-     given (and so aren't required to cast them away any more).

-     [Geoff Thorpe]

-  *) The tmdiff.h API was so ugly and minimal that our own timing utility

-     (speed) prefers to use its own implementation. The two implementations

-     haven't been consolidated as yet (volunteers?) but the tmdiff API has had

-     its object type properly exposed (MS_TM) instead of casting to/from "char

-     *". This may still change yet if someone realises MS_TM and "ms_time_***"

-     aren't necessarily the greatest nomenclatures - but this is what was used

-     internally to the implementation so I've used that for now.

-     [Geoff Thorpe]

-  *) Ensure that deprecated functions do not get compiled when

-     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of

-     the self-tests were still using deprecated key-generation functions so

-     these have been updated also.

-     [Geoff Thorpe]

-  *) Reorganise PKCS#7 code to separate the digest location functionality

-     into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().

-     New function PKCS7_set_digest() to set the digest type for PKCS#7

-     digestedData type. Add additional code to correctly generate the

-     digestedData type and add support for this type in PKCS7 initialization

-     functions.

-     [Steve Henson]

-  *) New function PKCS7_set0_type_other() this initializes a PKCS7

-     structure of type "other".

-     [Steve Henson]

-  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making

-     sure the loop does correctly stop and breaking ("division by zero")

-     modulus operations are not performed. The (pre-generated) prime

-     table crypto/bn/bn_prime.h was already correct, but it could not be

-     re-generated on some platforms because of the "division by zero"

-     situation in the script.

-     [Ralf S. Engelschall]

-  *) Update support for ECC-based TLS ciphersuites according to

-     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with

-     SHA-1 now is only used for "small" curves (where the

-     representation of a field element takes up to 24 bytes); for

-     larger curves, the field element resulting from ECDH is directly

-     used as premaster secret.

-     [Douglas Stebila (Sun Microsystems Laboratories)]

-  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2

-     curve secp160r1 to the tests.

-     [Douglas Stebila (Sun Microsystems Laboratories)]

-  *) Add the possibility to load symbols globally with DSO.

-     [G�tz Babin-Ebell <[email protected]> via Richard Levitte]

-  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better

-     control of the error stack.

-     [Richard Levitte]

-  *) Add support for STORE in ENGINE.

-     [Richard Levitte]

-  *) Add the STORE type.  The intention is to provide a common interface

-     to certificate and key stores, be they simple file-based stores, or

-     HSM-type store, or LDAP stores, or...

-     NOTE: The code is currently UNTESTED and isn't really used anywhere.

-     [Richard Levitte]

-  *) Add a generic structure called OPENSSL_ITEM.  This can be used to

-     pass a list of arguments to any function as well as provide a way

-     for a function to pass data back to the caller.

-     [Richard Levitte]

-  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()

-     works like BUF_strdup() but can be used to duplicate a portion of

-     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates

-     a memory area.

-     [Richard Levitte]

-  *) Add the function sk_find_ex() which works like sk_find(), but will

-     return an index to an element even if an exact match couldn't be

-     found.  The index is guaranteed to point at the element where the

-     searched-for key would be inserted to preserve sorting order.

-     [Richard Levitte]

-  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but

-     takes an extra flags argument for optional functionality.  Currently,

-     the following flags are defined:

-	OBJ_BSEARCH_VALUE_ON_NOMATCH

-	This one gets OBJ_bsearch_ex() to return a pointer to the first

-	element where the comparing function returns a negative or zero

-	number.

-	OBJ_BSEARCH_FIRST_VALUE_ON_MATCH

-	This one gets OBJ_bsearch_ex() to return a pointer to the first

-	element where the comparing function returns zero.  This is useful

-	if there are more than one element where the comparing function

-	returns zero.

-     [Richard Levitte]

-  *) Make it possible to create self-signed certificates with 'openssl ca'

-     in such a way that the self-signed certificate becomes part of the

-     CA database and uses the same mechanisms for serial number generation

-     as all other certificate signing.  The new flag '-selfsign' enables

-     this functionality.  Adapt CA.sh and CA.pl.in.

-     [Richard Levitte]

-  *) Add functionality to check the public key of a certificate request

-     against a given private.  This is useful to check that a certificate

-     request can be signed by that key (self-signing).

-     [Richard Levitte]

-  *) Make it possible to have multiple active certificates with the same

-     subject in the CA index file.  This is done only if the keyword

-     'unique_subject' is set to 'no' in the main CA section (default

-     if 'CA_default') of the configuration file.  The value is saved

-     with the database itself in a separate index attribute file,

-     named like the index file with '.attr' appended to the name.

-     [Richard Levitte]

-  *) Generate muti valued AVAs using '+' notation in config files for

-     req and dirName.

-     [Steve Henson]

-  *) Support for nameConstraints certificate extension.

-     [Steve Henson]

-  *) Support for policyConstraints certificate extension.

-     [Steve Henson]

-  *) Support for policyMappings certificate extension.

-     [Steve Henson]

-  *) Make sure the default DSA_METHOD implementation only uses its

-     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,

-     and change its own handlers to be NULL so as to remove unnecessary

-     indirection. This lets alternative implementations fallback to the

-     default implementation more easily.

-     [Geoff Thorpe]

-  *) Support for directoryName in GeneralName related extensions

-     in config files.

-     [Steve Henson]

-  *) Make it possible to link applications using Makefile.shared.

-     Make that possible even when linking against static libraries!

-     [Richard Levitte]

-  *) Support for single pass processing for S/MIME signing. This now

-     means that S/MIME signing can be done from a pipe, in addition

-     cleartext signing (multipart/signed type) is effectively streaming

-     and the signed data does not need to be all held in memory.

-     This is done with a new flag PKCS7_STREAM. When this flag is set

-     PKCS7_sign() only initializes the PKCS7 structure and the actual signing

-     is done after the data is output (and digests calculated) in

-     SMIME_write_PKCS7().

-     [Steve Henson]

-  *) Add full support for -rpath/-R, both in shared libraries and

-     applications, at least on the platforms where it's known how

-     to do it.

-     [Richard Levitte]

-  *) In crypto/ec/ec_mult.c, implement fast point multiplication with

-     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()

-     will now compute a table of multiples of the generator that

-     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()

-     faster (notably in the case of a single point multiplication,

-     scalar * generator).

-     [Nils Larsch, Bodo Moeller]

-  *) IPv6 support for certificate extensions. The various extensions

-     which use the IP:a.b.c.d can now take IPv6 addresses using the

-     formats of RFC1884 2.2 . IPv6 addresses are now also displayed

-     correctly.

-     [Steve Henson]

-  *) Added an ENGINE that implements RSA by performing private key

-     exponentiations with the GMP library. The conversions to and from

-     GMP's mpz_t format aren't optimised nor are any montgomery forms

-     cached, and on x86 it appears OpenSSL's own performance has caught up.

-     However there are likely to be other architectures where GMP could

-     provide a boost. This ENGINE is not built in by default, but it can be

-     specified at Configure time and should be accompanied by the necessary

-     linker additions, eg;

-         ./config -DOPENSSL_USE_GMP -lgmp

-     [Geoff Thorpe]

-  *) "openssl engine" will not display ENGINE/DSO load failure errors when

-     testing availability of engines with "-t" - the old behaviour is

-     produced by increasing the feature's verbosity with "-tt".

-     [Geoff Thorpe]

-  *) ECDSA routines: under certain error conditions uninitialized BN objects

-     could be freed. Solution: make sure initialization is performed early

-     enough. (Reported and fix supplied by Nils Larsch <[email protected]>

-     via PR#459)

-     [Lutz Jaenicke]

-  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD

-     and DH_METHOD (eg. by ENGINE implementations) to override the normal

-     software implementations. For DSA and DH, parameter generation can

-     also be overriden by providing the appropriate method callbacks.

-     [Geoff Thorpe]

-  *) Change the "progress" mechanism used in key-generation and

-     primality testing to functions that take a new BN_GENCB pointer in

-     place of callback/argument pairs. The new API functions have "_ex"

-     postfixes and the older functions are reimplemented as wrappers for

-     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide

-     declarations of the old functions to help (graceful) attempts to

-     migrate to the new functions. Also, the new key-generation API

-     functions operate on a caller-supplied key-structure and return

-     success/failure rather than returning a key or NULL - this is to

-     help make "keygen" another member function of RSA_METHOD etc.

-     Example for using the new callback interface:

-          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;

-          void *my_arg = ...;

-          BN_GENCB my_cb;

-          BN_GENCB_set(&my_cb, my_callback, my_arg);

-          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);

-          /* For the meaning of a, b in calls to my_callback(), see the

-           * documentation of the function that calls the callback.

-           * cb will point to my_cb; my_arg can be retrieved as cb->arg.

-           * my_callback should return 1 if it wants BN_is_prime_ex()

-           * to continue, or 0 to stop.

-           */

-     [Geoff Thorpe]

-  *) Change the ZLIB compression method to be stateful, and make it

-     available to TLS with the number defined in

-     draft-ietf-tls-compression-04.txt.

-     [Richard Levitte]

-  *) Add the ASN.1 structures and functions for CertificatePair, which

-     is defined as follows (according to X.509_4thEditionDraftV6.pdf):

-     CertificatePair ::= SEQUENCE {

-        forward		[0]	Certificate OPTIONAL,

-        reverse		[1]	Certificate OPTIONAL,

-        -- at least one of the pair shall be present -- }

-     Also implement the PEM functions to read and write certificate

-     pairs, and defined the PEM tag as "CERTIFICATE PAIR".

-     This needed to be defined, mostly for the sake of the LDAP

-     attribute crossCertificatePair, but may prove useful elsewhere as

-     well.

-     [Richard Levitte]

-  *) Make it possible to inhibit symlinking of shared libraries in

-     Makefile.shared, for Cygwin's sake.

-     [Richard Levitte]

-  *) Extend the BIGNUM API by creating a function

-          void BN_set_negative(BIGNUM *a, int neg);

-     and a macro that behave like

-          int  BN_is_negative(const BIGNUM *a);

-     to avoid the need to access 'a->neg' directly in applications.

-     [Nils Larsch]

-  *) Implement fast modular reduction for pseudo-Mersenne primes

-     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).

-     EC_GROUP_new_curve_GFp() will now automatically use this

-     if applicable.

-     [Nils Larsch <[email protected]>]

-  *) Add new lock type (CRYPTO_LOCK_BN).

-     [Bodo Moeller]

-  *) Change the ENGINE framework to automatically load engines

-     dynamically from specific directories unless they could be

-     found to already be built in or loaded.  Move all the

-     current engines except for the cryptodev one to a new

-     directory engines/.

-     The engines in engines/ are built as shared libraries if

-     the "shared" options was given to ./Configure or ./config.

-     Otherwise, they are inserted in libcrypto.a.

-     /usr/local/ssl/engines is the default directory for dynamic

-     engines, but that can be overriden at configure time through

-     the usual use of --prefix and/or --openssldir, and at run

-     time with the environment variable OPENSSL_ENGINES.

-     [Geoff Thorpe and Richard Levitte]

-  *) Add Makefile.shared, a helper makefile to build shared

-     libraries.  Addapt Makefile.org.

-     [Richard Levitte]

-  *) Add version info to Win32 DLLs.

-     [Peter 'Luna' Runestig" <[email protected]>]

-  *) Add new 'medium level' PKCS#12 API. Certificates and keys

-     can be added using this API to created arbitrary PKCS#12

-     files while avoiding the low level API.

-     New options to PKCS12_create(), key or cert can be NULL and

-     will then be omitted from the output file. The encryption

-     algorithm NIDs can be set to -1 for no encryption, the mac

-     iteration count can be set to 0 to omit the mac.

-     Enhance pkcs12 utility by making the -nokeys and -nocerts

-     options work when creating a PKCS#12 file. New option -nomac

-     to omit the mac, NONE can be set for an encryption algorithm.

-     New code is modified to use the enhanced PKCS12_create()

-     instead of the low level API.

-     [Steve Henson]

-  *) Extend ASN1 encoder to support indefinite length constructed

-     encoding. This can output sequences tags and octet strings in

-     this form. Modify pk7_asn1.c to support indefinite length

-     encoding. This is experimental and needs additional code to

-     be useful, such as an ASN1 bio and some enhanced streaming

-     PKCS#7 code.

-     Extend template encode functionality so that tagging is passed

-     down to the template encoder.

-     [Steve Henson]

-  *) Let 'openssl req' fail if an argument to '-newkey' is not

-     recognized instead of using RSA as a default.

-     [Bodo Moeller]

-  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.

-     As these are not official, they are not included in "ALL";

-     the "ECCdraft" ciphersuite group alias can be used to select them.

-     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]

-  *) Add ECDH engine support.

-     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]

-  *) Add ECDH in new directory crypto/ecdh/.

-     [Douglas Stebila (Sun Microsystems Laboratories)]

-  *) Let BN_rand_range() abort with an error after 100 iterations

-     without success (which indicates a broken PRNG).

-     [Bodo Moeller]

-  *) Change BN_mod_sqrt() so that it verifies that the input value

-     is really the square of the return value.  (Previously,

-     BN_mod_sqrt would show GIGO behaviour.)

-     [Bodo Moeller]

-  *) Add named elliptic curves over binary fields from X9.62, SECG,

-     and WAP/WTLS; add OIDs that were still missing.

-     [Sheueling Chang Shantz and Douglas Stebila

-     (Sun Microsystems Laboratories)]

-  *) Extend the EC library for elliptic curves over binary fields

-     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).

-     New EC_METHOD:

-          EC_GF2m_simple_method

-     New API functions:

-          EC_GROUP_new_curve_GF2m

-          EC_GROUP_set_curve_GF2m

-          EC_GROUP_get_curve_GF2m

-          EC_POINT_set_affine_coordinates_GF2m

-          EC_POINT_get_affine_coordinates_GF2m

-          EC_POINT_set_compressed_coordinates_GF2m

-     Point compression for binary fields is disabled by default for

-     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to

-     enable it).

-     As binary polynomials are represented as BIGNUMs, various members

-     of the EC_GROUP and EC_POINT data structures can be shared

-     between the implementations for prime fields and binary fields;

-     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)

-     are essentially identical to their ..._GFp counterparts.

-     (For simplicity, the '..._GFp' prefix has been dropped from

-     various internal method names.)

-     An internal 'field_div' method (similar to 'field_mul' and

-     'field_sqr') has been added; this is used only for binary fields.

-     [Sheueling Chang Shantz and Douglas Stebila

-     (Sun Microsystems Laboratories)]

-  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()

-     through methods ('mul', 'precompute_mult').

-     The generic implementations (now internally called 'ec_wNAF_mul'

-     and 'ec_wNAF_precomputed_mult') remain the default if these

-     methods are undefined.

-     [Sheueling Chang Shantz and Douglas Stebila

-     (Sun Microsystems Laboratories)]

-  *) New function EC_GROUP_get_degree, which is defined through

-     EC_METHOD.  For curves over prime fields, this returns the bit

-     length of the modulus.

-     [Sheueling Chang Shantz and Douglas Stebila

-     (Sun Microsystems Laboratories)]

-  *) New functions EC_GROUP_dup, EC_POINT_dup.

-     (These simply call ..._new  and ..._copy).

-     [Sheueling Chang Shantz and Douglas Stebila

-     (Sun Microsystems Laboratories)]

-  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.

-     Polynomials are represented as BIGNUMs (where the sign bit is not

-     used) in the following functions [macros]:

-          BN_GF2m_add

-          BN_GF2m_sub             [= BN_GF2m_add]

-          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]

-          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]

-          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]

-          BN_GF2m_mod_inv

-          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]

-          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]

-          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]

-          BN_GF2m_cmp             [= BN_ucmp]

-     (Note that only the 'mod' functions are actually for fields GF(2^m).

-     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)

-     For some functions, an the irreducible polynomial defining a

-     field can be given as an 'unsigned int[]' with strictly

-     decreasing elements giving the indices of those bits that are set;

-     i.e., p[] represents the polynomial

-          f(t) = t^p[0] + t^p[1] + ... + t^p[k]

-     where

-          p[0] > p[1] > ... > p[k] = 0.

-     This applies to the following functions:

-          BN_GF2m_mod_arr

-          BN_GF2m_mod_mul_arr

-          BN_GF2m_mod_sqr_arr

-          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]

-          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]

-          BN_GF2m_mod_exp_arr

-          BN_GF2m_mod_sqrt_arr

-          BN_GF2m_mod_solve_quad_arr

-          BN_GF2m_poly2arr

-          BN_GF2m_arr2poly

-     Conversion can be performed by the following functions:

-          BN_GF2m_poly2arr

-          BN_GF2m_arr2poly

-     bntest.c has additional tests for binary polynomial arithmetic.

-     Two implementations for BN_GF2m_mod_div() are available.

-     The default algorithm simply uses BN_GF2m_mod_inv() and

-     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only

-     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the

-     copyright notice in crypto/bn/bn_gf2m.c before enabling it).

-     [Sheueling Chang Shantz and Douglas Stebila

-     (Sun Microsystems Laboratories)]

-  *) Add new error code 'ERR_R_DISABLED' that can be used when some

-     functionality is disabled at compile-time.

-     [Douglas Stebila <[email protected]>]

-  *) Change default behaviour of 'openssl asn1parse' so that more

-     information is visible when viewing, e.g., a certificate:

-     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'

-     mode the content of non-printable OCTET STRINGs is output in a

-     style similar to INTEGERs, but with '[HEX DUMP]' prepended to

-     avoid the appearance of a printable string.

-     [Nils Larsch <[email protected]>]

-  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access

-     functions

-          EC_GROUP_set_asn1_flag()

-          EC_GROUP_get_asn1_flag()

-          EC_GROUP_set_point_conversion_form()

-          EC_GROUP_get_point_conversion_form()

-     These control ASN1 encoding details:

-     - Curves (i.e., groups) are encoded explicitly unless asn1_flag

-       has been set to OPENSSL_EC_NAMED_CURVE.

-     - Points are encoded in uncompressed form by default; options for

-       asn1_for are as for point2oct, namely

-          POINT_CONVERSION_COMPRESSED

-          POINT_CONVERSION_UNCOMPRESSED

-          POINT_CONVERSION_HYBRID

-     Also add 'seed' and 'seed_len' members to EC_GROUP with access

-     functions

-          EC_GROUP_set_seed()

-          EC_GROUP_get0_seed()

-          EC_GROUP_get_seed_len()

-     This is used only for ASN1 purposes (so far).

-     [Nils Larsch <[email protected]>]

-  *) Add 'field_type' member to EC_METHOD, which holds the NID

-     of the appropriate field type OID.  The new function

-     EC_METHOD_get_field_type() returns this value.

-     [Nils Larsch <[email protected]>]

-  *) Add functions

-          EC_POINT_point2bn()

-          EC_POINT_bn2point()

-          EC_POINT_point2hex()

-          EC_POINT_hex2point()

-     providing useful interfaces to EC_POINT_point2oct() and

-     EC_POINT_oct2point().

-     [Nils Larsch <[email protected]>]

-  *) Change internals of the EC library so that the functions

-          EC_GROUP_set_generator()

-          EC_GROUP_get_generator()

-          EC_GROUP_get_order()

-          EC_GROUP_get_cofactor()

-     are implemented directly in crypto/ec/ec_lib.c and not dispatched

-     to methods, which would lead to unnecessary code duplication when

-     adding different types of curves.

-     [Nils Larsch <[email protected]> with input by Bodo Moeller]

-  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM

-     arithmetic, and such that modified wNAFs are generated

-     (which avoid length expansion in many cases).

-     [Bodo Moeller]

-  *) Add a function EC_GROUP_check_discriminant() (defined via

-     EC_METHOD) that verifies that the curve discriminant is non-zero.

-     Add a function EC_GROUP_check() that makes some sanity tests

-     on a EC_GROUP, its generator and order.  This includes

-     EC_GROUP_check_discriminant().

-     [Nils Larsch <[email protected]>]

-  *) Add ECDSA in new directory crypto/ecdsa/.

-     Add applications 'openssl ecparam' and 'openssl ecdsa'

-     (these are based on 'openssl dsaparam' and 'openssl dsa').

-     ECDSA support is also included in various other files across the

-     library.  Most notably,

-     - 'openssl req' now has a '-newkey ecdsa:file' option;

-     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;

-     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and

-       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make

-       them suitable for ECDSA where domain parameters must be

-       extracted before the specific public key;

-     - ECDSA engine support has been added.

-     [Nils Larsch <[email protected]>]

-  *) Include some named elliptic curves, and add OIDs from X9.62,

-     SECG, and WAP/WTLS.  Each curve can be obtained from the new

-     function

-          EC_GROUP_new_by_curve_name(),

-     and the list of available named curves can be obtained with

-          EC_get_builtin_curves().

-     Also add a 'curve_name' member to EC_GROUP objects, which can be

-     accessed via

-         EC_GROUP_set_curve_name()

-         EC_GROUP_get_curve_name()

-     [Nils Larsch <[email protected], Bodo Moeller]

-  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there

-     was actually never needed) and in BN_mul().  The removal in BN_mul()

-     required a small change in bn_mul_part_recursive() and the addition

-     of the functions bn_cmp_part_words(), bn_sub_part_words() and

-     bn_add_part_words(), which do the same thing as bn_cmp_words(),

-     bn_sub_words() and bn_add_words() except they take arrays with

-     differing sizes.

-     [Richard Levitte]

- Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]

-  *) In the SSL/TLS server implementation, be strict about session ID

-     context matching (which matters if an application uses a single

-     external cache for different purposes).  Previously,

-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was

-     set.  This did ensure strict client verification, but meant that,

-     with applications using a single external cache for quite

-     different requirements, clients could circumvent ciphersuite

-     restrictions for a given session ID context by starting a session

-     in a different context.

-     [Bodo Moeller]

- Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]

-  *) Cleanse PEM buffers before freeing them since they may contain

-     sensitive data.

-     [Benjamin Bennett <[email protected]>]

-  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that

-     a ciphersuite string such as "DEFAULT:RSA" cannot enable

-     authentication-only ciphersuites.

-     [Bodo Moeller]

-  *) Since AES128 and AES256 share a single mask bit in the logic of

-     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

-     kludge to work properly if AES128 is available and AES256 isn't.

-     [Victor Duchovni]

-  *) Expand security boundary to match 1.1.1 module.

-     [Steve Henson]

-  *) Remove redundant features: hash file source, editing of test vectors

-     modify fipsld to use external fips_premain.c signature.

-     [Steve Henson]

-  *) New perl script mkfipsscr.pl to create shell scripts or batch files to

-     run algorithm test programs.

-     [Steve Henson]

-  *) Make algorithm test programs more tolerant of whitespace.

-     [Steve Henson]

-  *) Have SSL/TLS server implementation tolerate "mismatched" record

-     protocol version while receiving ClientHello even if the

-     ClientHello is fragmented.  (The server can't insist on the

-     particular protocol version it has chosen before the ServerHello

-     message has informed the client about his choice.)

-     [Bodo Moeller]

-  *) Load error codes if they are not already present instead of using a

-     static variable. This allows them to be cleanly unloaded and reloaded.

-     [Steve Henson]

- Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]

-  *) Introduce limits to prevent malicious keys being able to

-     cause a denial of service.  (CVE-2006-2940)

-     [Steve Henson, Bodo Moeller]

-  *) Fix ASN.1 parsing of certain invalid structures that can result

-     in a denial of service.  (CVE-2006-2937)  [Steve Henson]

-  *) Fix buffer overflow in SSL_get_shared_ciphers() function.

-     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

-  *) Fix SSL client code which could crash if connecting to a

-     malicious SSLv2 server.  (CVE-2006-4343)

-     [Tavis Ormandy and Will Drewry, Google Security Team]

-  *) Change ciphersuite string processing so that an explicit

-     ciphersuite selects this one ciphersuite (so that "AES256-SHA"

-     will no longer include "AES128-SHA"), and any other similar

-     ciphersuite (same bitmap) from *other* protocol versions (so that

-     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the

-     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining

-     changes from 0.9.8b and 0.9.8d.

-     [Bodo Moeller]

- Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]

-  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher

-     (CVE-2006-4339)  [Ben Laurie and Google Security Team]

-  *) Change the Unix randomness entropy gathering to use poll() when

-     possible instead of select(), since the latter has some

-     undesirable limitations.

-     [Darryl Miles via Richard Levitte and Bodo Moeller]

-  *) Disable rogue ciphersuites:

-      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")

-      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")

-      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")

-     The latter two were purportedly from

-     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really

-     appear there.

-     Also deactive the remaining ciphersuites from

-     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as

-     unofficial, and the ID has long expired.

-     [Bodo Moeller]

-  *) Fix RSA blinding Heisenbug (problems sometimes occured on

-     dual-core machines) and other potential thread-safety issues.

-     [Bodo Moeller]

- Changes between 0.9.7i and 0.9.7j  [04 May 2006]

-  *) Adapt fipsld and the build system to link against the validated FIPS

-     module in FIPS mode.

-     [Steve Henson]

-  *) Fixes for VC++ 2005 build under Windows.

-     [Steve Henson]

-  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make

-     from a Windows bash shell such as MSYS. It is autodetected from the

-     "config" script when run from a VC++ environment. Modify standard VC++

-     build to use fipscanister.o from the GNU make build.

-     [Steve Henson]

- Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]

-  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.

-     The value now differs depending on if you build for FIPS or not.

-     BEWARE!  A program linked with a shared FIPSed libcrypto can't be

-     safely run with a non-FIPSed libcrypto, as it may crash because of

-     the difference induced by this change.

-     [Andy Polyakov]

- Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]

-  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING

-     (part of SSL_OP_ALL).  This option used to disable the

-     countermeasure against man-in-the-middle protocol-version

-     rollback in the SSL 2.0 server implementation, which is a bad

-     idea.  (CVE-2005-2969)

-     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center

-     for Information Security, National Institute of Advanced Industrial

-     Science and Technology [AIST], Japan)]

-  *) Minimal support for X9.31 signatures and PSS padding modes. This is

-     mainly for FIPS compliance and not fully integrated at this stage.

-     [Steve Henson]

-  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform

-     the exponentiation using a fixed-length exponent.  (Otherwise,

-     the information leaked through timing could expose the secret key

-     after many signatures; cf. Bleichenbacher's attack on DSA with

-     biased k.)

-     [Bodo Moeller]

-  *) Make a new fixed-window mod_exp implementation the default for

-     RSA, DSA, and DH private-key operations so that the sequence of

-     squares and multiplies and the memory access pattern are

-     independent of the particular secret key.  This will mitigate

-     cache-timing and potential related attacks.

-     BN_mod_exp_mont_consttime() is the new exponentiation implementation,

-     and this is automatically used by BN_mod_exp_mont() if the new flag

-     BN_FLG_EXP_CONSTTIME is set for the exponent.  RSA, DSA, and DH

-     will use this BN flag for private exponents unless the flag

-     RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or

-     DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.

-     [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]

-  *) Change the client implementation for SSLv23_method() and

-     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0

-     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.

-     (Previously, the SSL 2.0 backwards compatible Client Hello

-     message format would be used even with SSL_OP_NO_SSLv2.)

-     [Bodo Moeller]

-  *) Add support for smime-type MIME parameter in S/MIME messages which some

-     clients need.

-     [Steve Henson]

-  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in

-     a threadsafe manner. Modify rsa code to use new function and add calls

-     to dsa and dh code (which had race conditions before).

-     [Steve Henson]

-  *) Include the fixed error library code in the C error file definitions

-     instead of fixing them up at runtime. This keeps the error code

-     structures constant.

-     [Steve Henson]

- Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]

-  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after

-  OpenSSL 0.9.8.]

-  *) Fixes for newer kerberos headers. NB: the casts are needed because

-     the 'length' field is signed on one version and unsigned on another

-     with no (?) obvious way to tell the difference, without these VC++

-     complains. Also the "definition" of FAR (blank) is no longer included

-     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up

-     some needed definitions.

-     [Steve Henson]

-  *) Undo Cygwin change.

-     [Ulf M�ller]

-  *) Added support for proxy certificates according to RFC 3820.

-     Because they may be a security thread to unaware applications,

-     they must be explicitely allowed in run-time.  See

-     docs/HOWTO/proxy_certificates.txt for further information.

-     [Richard Levitte]

- Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]

-  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating

-     server and client random values. Previously

-     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in

-     less random data when sizeof(time_t) > 4 (some 64 bit platforms).

-     This change has negligible security impact because:

-     1. Server and client random values still have 24 bytes of pseudo random

-        data.

-     2. Server and client random values are sent in the clear in the initial

-        handshake.

-     3. The master secret is derived using the premaster secret (48 bytes in

-        size for static RSA ciphersuites) as well as client server and random

-        values.

-     The OpenSSL team would like to thank the UK NISCC for bringing this issue

-     to our attention.

-     [Stephen Henson, reported by UK NISCC]

-  *) Use Windows randomness collection on Cygwin.

-     [Ulf M�ller]

-  *) Fix hang in EGD/PRNGD query when communication socket is closed

-     prematurely by EGD/PRNGD.

-     [Darren Tucker <[email protected]> via Lutz J�nicke, resolves #1014]

-  *) Prompt for pass phrases when appropriate for PKCS12 input format.

-     [Steve Henson]

-  *) Back-port of selected performance improvements from development

-     branch, as well as improved support for PowerPC platforms.

-     [Andy Polyakov]

-  *) Add lots of checks for memory allocation failure, error codes to indicate

-     failure and freeing up memory if a failure occurs.

-     [Nauticus Networks SSL Team <[email protected]>, Steve Henson]

-  *) Add new -passin argument to dgst.

-     [Steve Henson]

-  *) Perform some character comparisons of different types in X509_NAME_cmp:

-     this is needed for some certificates that reencode DNs into UTF8Strings

-     (in violation of RFC3280) and can't or wont issue name rollover

-     certificates.

-     [Steve Henson]

-  *) Make an explicit check during certificate validation to see that

-     the CA setting in each certificate on the chain is correct.  As a

-     side effect always do the following basic checks on extensions,

-     not just when there's an associated purpose to the check:

-      - if there is an unhandled critical extension (unless the user

-        has chosen to ignore this fault)

-      - if the path length has been exceeded (if one is set at all)

-      - that certain extensions fit the associated purpose (if one has

-        been given)

-     [Richard Levitte]

- Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]

-  *) Avoid a race condition when CRLs are checked in a multi threaded

-     environment. This would happen due to the reordering of the revoked

-     entries during signature checking and serial number lookup. Now the

-     encoding is cached and the serial number sort performed under a lock.

-     Add new STACK function sk_is_sorted().

-     [Steve Henson]

-  *) Add Delta CRL to the extension code.

-     [Steve Henson]

-  *) Various fixes to s3_pkt.c so alerts are sent properly.

-     [David Holmes <[email protected]>]

-  *) Reduce the chances of duplicate issuer name and serial numbers (in

-     violation of RFC3280) using the OpenSSL certificate creation utilities.

-     This is done by creating a random 64 bit value for the initial serial

-     number when a serial number file is created or when a self signed

-     certificate is created using 'openssl req -x509'. The initial serial

-     number file is created using 'openssl x509 -next_serial' in CA.pl

-     rather than being initialized to 1.

-     [Steve Henson]

- Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]

-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed

-     by using the Codenomicon TLS Test Tool (CVE-2004-0079)

-     [Joe Orton, Steve Henson]

-  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites

-     (CVE-2004-0112)

-     [Joe Orton, Steve Henson]

-  *) Make it possible to have multiple active certificates with the same

-     subject in the CA index file.  This is done only if the keyword

-     'unique_subject' is set to 'no' in the main CA section (default

-     if 'CA_default') of the configuration file.  The value is saved

-     with the database itself in a separate index attribute file,

-     named like the index file with '.attr' appended to the name.

-     [Richard Levitte]

-  *) X509 verify fixes. Disable broken certificate workarounds when

-     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if

-     keyUsage extension present. Don't accept CRLs with unhandled critical

-     extensions: since verify currently doesn't process CRL extensions this

-     rejects a CRL with *any* critical extensions. Add new verify error codes

-     for these cases.

-     [Steve Henson]

-  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.

-     A clarification of RFC2560 will require the use of OCTET STRINGs and

-     some implementations cannot handle the current raw format. Since OpenSSL

-     copies and compares OCSP nonces as opaque blobs without any attempt at

-     parsing them this should not create any compatibility issues.

-     [Steve Henson]

-  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when

-     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without

-     this HMAC (and other) operations are several times slower than OpenSSL

-     < 0.9.7.

-     [Steve Henson]

-  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().

-     [Peter Sylvester <[email protected]>]

-  *) Use the correct content when signing type "other".

-     [Steve Henson]

- Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]

-  *) Fix various bugs revealed by running the NISCC test suite:

-     Stop out of bounds reads in the ASN1 code when presented with

-     invalid tags (CVE-2003-0543 and CVE-2003-0544).

-     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).

-     If verify callback ignores invalid public key errors don't try to check

-     certificate signature with the NULL public key.

-     [Steve Henson]

-  *) New -ignore_err option in ocsp application to stop the server

-     exiting on the first error in a request.

-     [Steve Henson]

-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate

-     if the server requested one: as stated in TLS 1.0 and SSL 3.0

-     specifications.

-     [Steve Henson]

-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional

-     extra data after the compression methods not only for TLS 1.0

-     but also for SSL 3.0 (as required by the specification).

-     [Bodo Moeller; problem pointed out by Matthias Loepfe]

-  *) Change X509_certificate_type() to mark the key as exported/exportable

-     when it's 512 *bits* long, not 512 bytes.

-     [Richard Levitte]

-  *) Change AES_cbc_encrypt() so it outputs exact multiple of

-     blocks during encryption.

-     [Richard Levitte]

-  *) Various fixes to base64 BIO and non blocking I/O. On write

-     flushes were not handled properly if the BIO retried. On read

-     data was not being buffered properly and had various logic bugs.

-     This also affects blocking I/O when the data being decoded is a

-     certain size.

-     [Steve Henson]

-  *) Various S/MIME bugfixes and compatibility changes:

-     output correct application/pkcs7 MIME type if

-     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.

-     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening

-     of files as .eml work). Correctly handle very long lines in MIME

-     parser.

-     [Steve Henson]

- Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]

-  *) Countermeasure against the Klima-Pokorny-Rosa extension of

-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat

-     a protocol version number mismatch like a decryption error

-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).

-     [Bodo Moeller]

-  *) Turn on RSA blinding by default in the default implementation

-     to avoid a timing attack. Applications that don't want it can call

-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.

-     They would be ill-advised to do so in most cases.

-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]

-  *) Change RSA blinding code so that it works when the PRNG is not

-     seeded (in this case, the secret RSA exponent is abused as

-     an unpredictable seed -- if it is not unpredictable, there

-     is no point in blinding anyway).  Make RSA blinding thread-safe

-     by remembering the creator's thread ID in rsa->blinding and

-     having all other threads use local one-time blinding factors

-     (this requires more computation than sharing rsa->blinding, but

-     avoids excessive locking; and if an RSA object is not shared

-     between threads, blinding will still be very fast).

-     [Bodo Moeller]

-  *) Fixed a typo bug that would cause ENGINE_set_default() to set an

-     ENGINE as defaults for all supported algorithms irrespective of

-     the 'flags' parameter. 'flags' is now honoured, so applications

-     should make sure they are passing it correctly.

-     [Geoff Thorpe]

-  *) Target "mingw" now allows native Windows code to be generated in

-     the Cygwin environment as well as with the MinGW compiler.

-     [Ulf Moeller]

- Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]

-  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

-     via timing by performing a MAC computation even if incorrrect

-     block cipher padding has been found.  This is a countermeasure

-     against active attacks where the attacker has to distinguish

-     between bad padding and a MAC verification error. (CVE-2003-0078)

-     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),

-     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and

-     Martin Vuagnoux (EPFL, Ilion)]

-  *) Make the no-err option work as intended.  The intention with no-err

-     is not to have the whole error stack handling routines removed from

-     libcrypto, it's only intended to remove all the function name and

-     reason texts, thereby removing some of the footprint that may not

-     be interesting if those errors aren't displayed anyway.

-     NOTE: it's still possible for any application or module to have it's

-     own set of error texts inserted.  The routines are there, just not

-     used by default when no-err is given.

-     [Richard Levitte]

-  *) Add support for FreeBSD on IA64.

-     [[email protected] via Richard Levitte, resolves #454]

-  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT

-     Kerberos function mit_des_cbc_cksum().  Before this change,

-     the value returned by DES_cbc_cksum() was like the one from

-     mit_des_cbc_cksum(), except the bytes were swapped.

-     [Kevin Greaney <[email protected]> and Richard Levitte]

-  *) Allow an application to disable the automatic SSL chain building.

-     Before this a rather primitive chain build was always performed in

-     ssl3_output_cert_chain(): an application had no way to send the

-     correct chain if the automatic operation produced an incorrect result.

-     Now the chain builder is disabled if either:

-     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().

-     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.

-     The reasoning behind this is that an application would not want the

-     auto chain building to take place if extra chain certificates are

-     present and it might also want a means of sending no additional

-     certificates (for example the chain has two certificates and the

-     root is omitted).

-     [Steve Henson]

-  *) Add the possibility to build without the ENGINE framework.

-     [Steven Reddie <[email protected]> via Richard Levitte]

-  *) Under Win32 gmtime() can return NULL: check return value in

-     OPENSSL_gmtime(). Add error code for case where gmtime() fails.

-     [Steve Henson]

-  *) DSA routines: under certain error conditions uninitialized BN objects

-     could be freed. Solution: make sure initialization is performed early

-     enough. (Reported and fix supplied by Ivan D Nestlerode <[email protected]>,

-     Nils Larsch <[email protected]> via PR#459)

-     [Lutz Jaenicke]

-  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly

-     checked on reconnect on the client side, therefore session resumption

-     could still fail with a "ssl session id is different" error. This

-     behaviour is masked when SSL_OP_ALL is used due to

-     SSL_OP_MICROSOFT_SESS_ID_BUG being set.

-     Behaviour observed by Crispin Flowerday <[email protected]> as

-     followup to PR #377.

-     [Lutz Jaenicke]

-  *) IA-32 assembler support enhancements: unified ELF targets, support

-     for SCO/Caldera platforms, fix for Cygwin shared build.

-     [Andy Polyakov]

-  *) Add support for FreeBSD on sparc64.  As a consequence, support for

-     FreeBSD on non-x86 processors is separate from x86 processors on

-     the config script, much like the NetBSD support.

-     [Richard Levitte & Kris Kennaway <[email protected]>]

- Changes between 0.9.6h and 0.9.7  [31 Dec 2002]

-  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after

-  OpenSSL 0.9.7.]

-  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED

-     code (06) was taken as the first octet of the session ID and the last

-     octet was ignored consequently. As a result SSLv2 client side session

-     caching could not have worked due to the session ID mismatch between

-     client and server.

-     Behaviour observed by Crispin Flowerday <[email protected]> as

-     PR #377.

-     [Lutz Jaenicke]

-  *) Change the declaration of needed Kerberos libraries to use EX_LIBS

-     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is

-     removed entirely.

-     [Richard Levitte]

-  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it

-     seems that in spite of existing for more than a year, many application

-     author have done nothing to provide the necessary callbacks, which

-     means that this particular engine will not work properly anywhere.

-     This is a very unfortunate situation which forces us, in the name

-     of usability, to give the hw_ncipher.c a static lock, which is part

-     of libcrypto.

-     NOTE: This is for the 0.9.7 series ONLY.  This hack will never

-     appear in 0.9.8 or later.  We EXPECT application authors to have

-     dealt properly with this when 0.9.8 is released (unless we actually

-     make such changes in the libcrypto locking code that changes will

-     have to be made anyway).

-     [Richard Levitte]

-  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content

-     octets have been read, EOF or an error occurs. Without this change

-     some truncated ASN1 structures will not produce an error.

-     [Steve Henson]

-  *) Disable Heimdal support, since it hasn't been fully implemented.

-     Still give the possibility to force the use of Heimdal, but with

-     warnings and a request that patches get sent to openssl-dev.

-     [Richard Levitte]

-  *) Add the VC-CE target, introduce the WINCE sysname, and add

-     INSTALL.WCE and appropriate conditionals to make it build.

-     [Steven Reddie <[email protected]> via Richard Levitte]

-  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and

-     cygssl-x.y.z.dll, where x, y and z are the major, minor and

-     edit numbers of the version.

-     [Corinna Vinschen <[email protected]> and Richard Levitte]

-  *) Introduce safe string copy and catenation functions

-     (BUF_strlcpy() and BUF_strlcat()).

-     [Ben Laurie (CHATS) and Richard Levitte]

-  *) Avoid using fixed-size buffers for one-line DNs.

-     [Ben Laurie (CHATS)]

-  *) Add BUF_MEM_grow_clean() to avoid information leakage when

-     resizing buffers containing secrets, and use where appropriate.

-     [Ben Laurie (CHATS)]

-  *) Avoid using fixed size buffers for configuration file location.

-     [Ben Laurie (CHATS)]

-  *) Avoid filename truncation for various CA files.

-     [Ben Laurie (CHATS)]

-  *) Use sizeof in preference to magic numbers.

-     [Ben Laurie (CHATS)]

-  *) Avoid filename truncation in cert requests.

-     [Ben Laurie (CHATS)]

-  *) Add assertions to check for (supposedly impossible) buffer

-     overflows.

-     [Ben Laurie (CHATS)]

-  *) Don't cache truncated DNS entries in the local cache (this could

-     potentially lead to a spoofing attack).

-     [Ben Laurie (CHATS)]

-  *) Fix various buffers to be large enough for hex/decimal

-     representations in a platform independent manner.

-     [Ben Laurie (CHATS)]

-  *) Add CRYPTO_realloc_clean() to avoid information leakage when

-     resizing buffers containing secrets, and use where appropriate.

-     [Ben Laurie (CHATS)]

-  *) Add BIO_indent() to avoid much slightly worrying code to do

-     indents.

-     [Ben Laurie (CHATS)]

-  *) Convert sprintf()/BIO_puts() to BIO_printf().

-     [Ben Laurie (CHATS)]

-  *) buffer_gets() could terminate with the buffer only half

-     full. Fixed.

-     [Ben Laurie (CHATS)]

-  *) Add assertions to prevent user-supplied crypto functions from

-     overflowing internal buffers by having large block sizes, etc.

-     [Ben Laurie (CHATS)]

-  *) New OPENSSL_assert() macro (similar to assert(), but enabled

-     unconditionally).

-     [Ben Laurie (CHATS)]

-  *) Eliminate unused copy of key in RC4.

-     [Ben Laurie (CHATS)]

-  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.

-     [Ben Laurie (CHATS)]

-  *) Fix off-by-one error in EGD path.

-     [Ben Laurie (CHATS)]

-  *) If RANDFILE path is too long, ignore instead of truncating.

-     [Ben Laurie (CHATS)]

-  *) Eliminate unused and incorrectly sized X.509 structure

-     CBCParameter.

-     [Ben Laurie (CHATS)]

-  *) Eliminate unused and dangerous function knumber().

-     [Ben Laurie (CHATS)]

-  *) Eliminate unused and dangerous structure, KSSL_ERR.

-     [Ben Laurie (CHATS)]

-  *) Protect against overlong session ID context length in an encoded

-     session object. Since these are local, this does not appear to be

-     exploitable.

-     [Ben Laurie (CHATS)]

-  *) Change from security patch (see 0.9.6e below) that did not affect

-     the 0.9.6 release series:

-     Remote buffer overflow in SSL3 protocol - an attacker could

-     supply an oversized master key in Kerberos-enabled versions.

-     (CVE-2002-0657)

-     [Ben Laurie (CHATS)]

-  *) Change the SSL kerb5 codes to match RFC 2712.

-     [Richard Levitte]

-  *) Make -nameopt work fully for req and add -reqopt switch.

-     [Michael Bell <[email protected]>, Steve Henson]

-  *) The "block size" for block ciphers in CFB and OFB mode should be 1.

-     [Steve Henson, reported by Yngve Nysaeter Pettersen <[email protected]>]

-  *) Make sure tests can be performed even if the corresponding algorithms

-     have been removed entirely.  This was also the last step to make

-     OpenSSL compilable with DJGPP under all reasonable conditions.

-     [Richard Levitte, Doug Kaufman <[email protected]>]

-  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT

-     to allow version independent disabling of normally unselected ciphers,

-     which may be activated as a side-effect of selecting a single cipher.

-     (E.g., cipher list string "RSA" enables ciphersuites that are left

-     out of "ALL" because they do not provide symmetric encryption.

-     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)

-     [Lutz Jaenicke, Bodo Moeller]

-  *) Add appropriate support for separate platform-dependent build

-     directories.  The recommended way to make a platform-dependent

-     build directory is the following (tested on Linux), maybe with

-     some local tweaks:

-	# Place yourself outside of the OpenSSL source tree.  In

-	# this example, the environment variable OPENSSL_SOURCE

-	# is assumed to contain the absolute OpenSSL source directory.

-	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"

-	cd objtree/"`uname -s`-`uname -r`-`uname -m`"

-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do

-		mkdir -p `dirname $F`

-		ln -s $OPENSSL_SOURCE/$F $F

-	done

-     To be absolutely sure not to disturb the source tree, a "make clean"

-     is a good thing.  If it isn't successfull, don't worry about it,

-     it probably means the source directory is very clean.

-     [Richard Levitte]

-  *) Make sure any ENGINE control commands make local copies of string

-     pointers passed to them whenever necessary. Otherwise it is possible

-     the caller may have overwritten (or deallocated) the original string

-     data when a later ENGINE operation tries to use the stored values.

-     [G�tz Babin-Ebell <[email protected]>]

-  *) Improve diagnostics in file reading and command-line digests.

-     [Ben Laurie aided and abetted by Solar Designer <[email protected]>]

-  *) Add AES modes CFB and OFB to the object database.  Correct an

-     error in AES-CFB decryption.

-     [Richard Levitte]

-  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this

-     allows existing EVP_CIPHER_CTX structures to be reused after

-     calling EVP_*Final(). This behaviour is used by encryption

-     BIOs and some applications. This has the side effect that

-     applications must explicitly clean up cipher contexts with

-     EVP_CIPHER_CTX_cleanup() or they will leak memory.

-     [Steve Henson]

-  *) Check the values of dna and dnb in bn_mul_recursive before calling

-     bn_mul_comba (a non zero value means the a or b arrays do not contain

-     n2 elements) and fallback to bn_mul_normal if either is not zero.

-     [Steve Henson]

-  *) Fix escaping of non-ASCII characters when using the -subj option

-     of the "openssl req" command line tool. (Robert Joop <[email protected]>)

-     [Lutz Jaenicke]

-  *) Make object definitions compliant to LDAP (RFC2256): SN is the short

-     form for "surname", serialNumber has no short form.

-     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;

-     therefore remove "mail" short name for "internet 7".

-     The OID for unique identifiers in X509 certificates is

-     x500UniqueIdentifier, not uniqueIdentifier.

-     Some more OID additions. (Michael Bell <[email protected]>)

-     [Lutz Jaenicke]

-  *) Add an "init" command to the ENGINE config module and auto initialize

-     ENGINEs. Without any "init" command the ENGINE will be initialized

-     after all ctrl commands have been executed on it. If init=1 the

-     ENGINE is initailized at that point (ctrls before that point are run

-     on the uninitialized ENGINE and after on the initialized one). If

-     init=0 then the ENGINE will not be iniatialized at all.

-     [Steve Henson]

-  *) Fix the 'app_verify_callback' interface so that the user-defined

-     argument is actually passed to the callback: In the

-     SSL_CTX_set_cert_verify_callback() prototype, the callback

-     declaration has been changed from

-          int (*cb)()

-     into

-          int (*cb)(X509_STORE_CTX *,void *);

-     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call

-          i=s->ctx->app_verify_callback(&ctx)

-     has been changed into

-          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).

-     To update applications using SSL_CTX_set_cert_verify_callback(),

-     a dummy argument can be added to their callback functions.

-     [D. K. Smetters <[email protected]>]

-  *) Added the '4758cca' ENGINE to support IBM 4758 cards.

-     [Maurice Gittens <[email protected]>, touchups by Geoff Thorpe]

-  *) Add and OPENSSL_LOAD_CONF define which will cause

-     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.

-     This allows older applications to transparently support certain

-     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.

-     Two new functions OPENSSL_add_all_algorithms_noconf() which will never

-     load the config file and OPENSSL_add_all_algorithms_conf() which will

-     always load it have also been added.

-     [Steve Henson]

-  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.

-     Adjust NIDs and EVP layer.

-     [Stephen Sprunk <[email protected]> and Richard Levitte]

-  *) Config modules support in openssl utility.

-     Most commands now load modules from the config file,

-     though in a few (such as version) this isn't done

-     because it couldn't be used for anything.

-     In the case of ca and req the config file used is

-     the same as the utility itself: that is the -config

-     command line option can be used to specify an

-     alternative file.

-     [Steve Henson]

-  *) Move default behaviour from OPENSSL_config(). If appname is NULL

-     use "openssl_conf" if filename is NULL use default openssl config file.

-     [Steve Henson]

-  *) Add an argument to OPENSSL_config() to allow the use of an alternative

-     config section name. Add a new flag to tolerate a missing config file

-     and move code to CONF_modules_load_file().

-     [Steve Henson]

-  *) Support for crypto accelerator cards from Accelerated Encryption

-     Processing, www.aep.ie.  (Use engine 'aep')

-     The support was copied from 0.9.6c [engine] and adapted/corrected

-     to work with the new engine framework.

-     [AEP Inc. and Richard Levitte]

-  *) Support for SureWare crypto accelerator cards from Baltimore

-     Technologies.  (Use engine 'sureware')

-     The support was copied from 0.9.6c [engine] and adapted

-     to work with the new engine framework.

-     [Richard Levitte]

-  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually

-     make the newer ENGINE framework commands for the CHIL engine work.

-     [Toomas Kiisk <[email protected]> and Richard Levitte]

-  *) Make it possible to produce shared libraries on ReliantUNIX.

-     [Robert Dahlem <[email protected]> via Richard Levitte]

-  *) Add the configuration target debug-linux-ppro.

-     Make 'openssl rsa' use the general key loading routines

-     implemented in apps.c, and make those routines able to

-     handle the key format FORMAT_NETSCAPE and the variant

-     FORMAT_IISSGC.

-     [Toomas Kiisk <[email protected]> via Richard Levitte]

- *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().

-     [Toomas Kiisk <[email protected]> via Richard Levitte]

-  *) Add -keyform to rsautl, and document -engine.

-     [Richard Levitte, inspired by Toomas Kiisk <[email protected]>]

-  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new

-     BIO_R_NO_SUCH_FILE error code rather than the generic

-     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.

-     [Ben Laurie]

-  *) Add new functions

-          ERR_peek_last_error

-          ERR_peek_last_error_line

-          ERR_peek_last_error_line_data.

-     These are similar to

-          ERR_peek_error

-          ERR_peek_error_line

-          ERR_peek_error_line_data,

-     but report on the latest error recorded rather than the first one

-     still in the error queue.

-     [Ben Laurie, Bodo Moeller]

-  *) default_algorithms option in ENGINE config module. This allows things

-     like:

-     default_algorithms = ALL

-     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS

-     [Steve Henson]

-  *) Prelminary ENGINE config module.

-     [Steve Henson]

-  *) New experimental application configuration code.

-     [Steve Henson]

-  *) Change the AES code to follow the same name structure as all other

-     symmetric ciphers, and behave the same way.  Move everything to

-     the directory crypto/aes, thereby obsoleting crypto/rijndael.

-     [Stephen Sprunk <[email protected]> and Richard Levitte]

-  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.

-     [Ben Laurie and Theo de Raadt]

-  *) Add option to output public keys in req command.

-     [Massimiliano Pala [email protected]]

-  *) Use wNAFs in EC_POINTs_mul() for improved efficiency

-     (up to about 10% better than before for P-192 and P-224).

-     [Bodo Moeller]

-  *) New functions/macros

-          SSL_CTX_set_msg_callback(ctx, cb)

-          SSL_CTX_set_msg_callback_arg(ctx, arg)

-          SSL_set_msg_callback(ssl, cb)

-          SSL_set_msg_callback_arg(ssl, arg)

-     to request calling a callback function

-          void cb(int write_p, int version, int content_type,

-                  const void *buf, size_t len, SSL *ssl, void *arg)

-     whenever a protocol message has been completely received

-     (write_p == 0) or sent (write_p == 1).  Here 'version' is the

-     protocol version  according to which the SSL library interprets

-     the current protocol message (SSL2_VERSION, SSL3_VERSION, or

-     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or

-     the content type as defined in the SSL 3.0/TLS 1.0 protocol

-     specification (change_cipher_spec(20), alert(21), handshake(22)).

-     'buf' and 'len' point to the actual message, 'ssl' to the

-     SSL object, and 'arg' is the application-defined value set by

-     SSL[_CTX]_set_msg_callback_arg().

-     'openssl s_client' and 'openssl s_server' have new '-msg' options

-     to enable a callback that displays all protocol messages.

-     [Bodo Moeller]

-  *) Change the shared library support so shared libraries are built as

-     soon as the corresponding static library is finished, and thereby get

-     openssl and the test programs linked against the shared library.

-     This still only happens when the keyword "shard" has been given to

-     the configuration scripts.

-     NOTE: shared library support is still an experimental thing, and

-     backward binary compatibility is still not guaranteed.

-     ["Maciej W. Rozycki" <[email protected]> and Richard Levitte]

-  *) Add support for Subject Information Access extension.

-     [Peter Sylvester <[email protected]>]

-  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero

-     additional bytes when new memory had to be allocated, not just

-     when reusing an existing buffer.

-     [Bodo Moeller]

-  *) New command line and configuration option 'utf8' for the req command.

-     This allows field values to be specified as UTF8 strings.

-     [Steve Henson]

-  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel

-     runs for the former and machine-readable output for the latter.

-     [Ben Laurie]

-  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion

-     of the e-mail address in the DN (i.e., it will go into a certificate

-     extension only).  The new configuration file option 'email_in_dn = no'

-     has the same effect.

-     [Massimiliano Pala [email protected]]

-  *) Change all functions with names starting with des_ to be starting

-     with DES_ instead.  Add wrappers that are compatible with libdes,

-     but are named _ossl_old_des_*.  Finally, add macros that map the

-     des_* symbols to the corresponding _ossl_old_des_* if libdes

-     compatibility is desired.  If OpenSSL 0.9.6c compatibility is

-     desired, the des_* symbols will be mapped to DES_*, with one

-     exception.

-     Since we provide two compatibility mappings, the user needs to

-     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes

-     compatibility is desired.  The default (i.e., when that macro

-     isn't defined) is OpenSSL 0.9.6c compatibility.

-     There are also macros that enable and disable the support of old

-     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT

-     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those

-     are defined, the default will apply: to support the old des routines.

-     In either case, one must include openssl/des.h to get the correct

-     definitions.  Do not try to just include openssl/des_old.h, that

-     won't work.

-     NOTE: This is a major break of an old API into a new one.  Software

-     authors are encouraged to switch to the DES_ style functions.  Some

-     time in the future, des_old.h and the libdes compatibility functions

-     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the

-     default), and then completely removed.

-     [Richard Levitte]

-  *) Test for certificates which contain unsupported critical extensions.

-     If such a certificate is found during a verify operation it is

-     rejected by default: this behaviour can be overridden by either

-     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or

-     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function

-     X509_supported_extension() has also been added which returns 1 if a

-     particular extension is supported.

-     [Steve Henson]

-  *) Modify the behaviour of EVP cipher functions in similar way to digests

-     to retain compatibility with existing code.

-     [Steve Henson]

-  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain

-     compatibility with existing code. In particular the 'ctx' parameter does

-     not have to be to be initialized before the call to EVP_DigestInit() and

-     it is tidied up after a call to EVP_DigestFinal(). New function

-     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function

-     EVP_MD_CTX_copy() changed to not require the destination to be

-     initialized valid and new function EVP_MD_CTX_copy_ex() added which

-     requires the destination to be valid.

-     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),

-     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().

-     [Steve Henson]

-  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it

-     so that complete 'Handshake' protocol structures are kept in memory

-     instead of overwriting 'msg_type' and 'length' with 'body' data.

-     [Bodo Moeller]

-  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.

-     [Massimo Santin via Richard Levitte]

-  *) Major restructuring to the underlying ENGINE code. This includes

-     reduction of linker bloat, separation of pure "ENGINE" manipulation

-     (initialisation, etc) from functionality dealing with implementations

-     of specific crypto iterfaces. This change also introduces integrated

-     support for symmetric ciphers and digest implementations - so ENGINEs

-     can now accelerate these by providing EVP_CIPHER and EVP_MD

-     implementations of their own. This is detailed in crypto/engine/README

-     as it couldn't be adequately described here. However, there are a few

-     API changes worth noting - some RSA, DSA, DH, and RAND functions that

-     were changed in the original introduction of ENGINE code have now

-     reverted back - the hooking from this code to ENGINE is now a good

-     deal more passive and at run-time, operations deal directly with

-     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than

-     dereferencing through an ENGINE pointer any more. Also, the ENGINE

-     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -

-     they were not being used by the framework as there is no concept of a

-     BIGNUM_METHOD and they could not be generalised to the new

-     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,

-     ENGINE_cpy() has been removed as it cannot be consistently defined in

-     the new code.

-     [Geoff Thorpe]

-  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.

-     [Steve Henson]

-  *) Change mkdef.pl to sort symbols that get the same entry number,

-     and make sure the automatically generated functions ERR_load_*

-     become part of libeay.num as well.

-     [Richard Levitte]

-  *) New function SSL_renegotiate_pending().  This returns true once

-     renegotiation has been requested (either SSL_renegotiate() call

-     or HelloRequest/ClientHello receveived from the peer) and becomes

-     false once a handshake has been completed.

-     (For servers, SSL_renegotiate() followed by SSL_do_handshake()

-     sends a HelloRequest, but does not ensure that a handshake takes

-     place.  SSL_renegotiate_pending() is useful for checking if the

-     client has followed the request.)

-     [Bodo Moeller]

-  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.

-     By default, clients may request session resumption even during

-     renegotiation (if session ID contexts permit); with this option,

-     session resumption is possible only in the first handshake.

-     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes

-     more bits available for options that should not be part of

-     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).

-     [Bodo Moeller]

-  *) Add some demos for certificate and certificate request creation.

-     [Steve Henson]

-  *) Make maximum certificate chain size accepted from the peer application

-     settable (SSL*_get/set_max_cert_list()), as proposed by

-     "Douglas E. Engert" <[email protected]>.

-     [Lutz Jaenicke]

-  *) Add support for shared libraries for Unixware-7

-     (Boyd Lynn Gerber <[email protected]>).

-     [Lutz Jaenicke]

-  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to

-     be done prior to destruction. Use this to unload error strings from

-     ENGINEs that load their own error strings. NB: This adds two new API

-     functions to "get" and "set" this destroy handler in an ENGINE.

-     [Geoff Thorpe]

-  *) Alter all existing ENGINE implementations (except "openssl" and

-     "openbsd") to dynamically instantiate their own error strings. This

-     makes them more flexible to be built both as statically-linked ENGINEs

-     and self-contained shared-libraries loadable via the "dynamic" ENGINE.

-     Also, add stub code to each that makes building them as self-contained

-     shared-libraries easier (see README.ENGINE).

-     [Geoff Thorpe]

-  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE

-     implementations into applications that are completely implemented in

-     self-contained shared-libraries. The "dynamic" ENGINE exposes control

-     commands that can be used to configure what shared-library to load and

-     to control aspects of the way it is handled. Also, made an update to

-     the README.ENGINE file that brings its information up-to-date and

-     provides some information and instructions on the "dynamic" ENGINE

-     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).

-     [Geoff Thorpe]

-  *) Make it possible to unload ranges of ERR strings with a new

-     "ERR_unload_strings" function.

-     [Geoff Thorpe]

-  *) Add a copy() function to EVP_MD.

-     [Ben Laurie]

-  *) Make EVP_MD routines take a context pointer instead of just the

-     md_data void pointer.

-     [Ben Laurie]

-  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates

-     that the digest can only process a single chunk of data

-     (typically because it is provided by a piece of

-     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application

-     is only going to provide a single chunk of data, and hence the

-     framework needn't accumulate the data for oneshot drivers.

-     [Ben Laurie]

-  *) As with "ERR", make it possible to replace the underlying "ex_data"

-     functions. This change also alters the storage and management of global

-     ex_data state - it's now all inside ex_data.c and all "class" code (eg.

-     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class

-     index counters. The API functions that use this state have been changed

-     to take a "class_index" rather than pointers to the class's local STACK

-     and counter, and there is now an API function to dynamically create new

-     classes. This centralisation allows us to (a) plug a lot of the

-     thread-safety problems that existed, and (b) makes it possible to clean

-     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)

-     such data would previously have always leaked in application code and

-     workarounds were in place to make the memory debugging turn a blind eye

-     to it. Application code that doesn't use this new function will still

-     leak as before, but their memory debugging output will announce it now

-     rather than letting it slide.

-     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change

-     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now

-     has a return value to indicate success or failure.

-     [Geoff Thorpe]

-  *) Make it possible to replace the underlying "ERR" functions such that the

-     global state (2 LHASH tables and 2 locks) is only used by the "default"

-     implementation. This change also adds two functions to "get" and "set"

-     the implementation prior to it being automatically set the first time

-     any other ERR function takes place. Ie. an application can call "get",

-     pass the return value to a module it has just loaded, and that module

-     can call its own "set" function using that value. This means the

-     module's "ERR" operations will use (and modify) the error state in the

-     application and not in its own statically linked copy of OpenSSL code.

-     [Geoff Thorpe]

-  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment

-     reference counts. This performs normal REF_PRINT/REF_CHECK macros on

-     the operation, and provides a more encapsulated way for external code

-     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code

-     to use these functions rather than manually incrementing the counts.

-     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".

-     [Geoff Thorpe]

-  *) Add EVP test program.

-     [Ben Laurie]

-  *) Add symmetric cipher support to ENGINE. Expect the API to change!

-     [Ben Laurie]

-  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()

-     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),

-     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().

-     These allow a CRL to be built without having to access X509_CRL fields

-     directly. Modify 'ca' application to use new functions.

-     [Steve Henson]

-  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended

-     bug workarounds. Rollback attack detection is a security feature.

-     The problem will only arise on OpenSSL servers when TLSv1 is not

-     available (sslv3_server_method() or SSL_OP_NO_TLSv1).

-     Software authors not wanting to support TLSv1 will have special reasons

-     for their choice and can explicitly enable this option.

-     [Bodo Moeller, Lutz Jaenicke]

-  *) Rationalise EVP so it can be extended: don't include a union of

-     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX

-     (similar to those existing for EVP_CIPHER_CTX).

-     Usage example:

-         EVP_MD_CTX md;

-         EVP_MD_CTX_init(&md);             /* new function call */

-         EVP_DigestInit(&md, EVP_sha1());

-         EVP_DigestUpdate(&md, in, len);

-         EVP_DigestFinal(&md, out, NULL);

-         EVP_MD_CTX_cleanup(&md);          /* new function call */

-     [Ben Laurie]

-  *) Make DES key schedule conform to the usual scheme, as well as

-     correcting its structure. This means that calls to DES functions

-     now have to pass a pointer to a des_key_schedule instead of a

-     plain des_key_schedule (which was actually always a pointer

-     anyway): E.g.,

-         des_key_schedule ks;

-	 des_set_key_checked(..., &ks);

-	 des_ncbc_encrypt(..., &ks, ...);

-     (Note that a later change renames 'des_...' into 'DES_...'.)

-     [Ben Laurie]

-  *) Initial reduction of linker bloat: the use of some functions, such as

-     PEM causes large amounts of unused functions to be linked in due to

-     poor organisation. For example pem_all.c contains every PEM function

-     which has a knock on effect of linking in large amounts of (unused)

-     ASN1 code. Grouping together similar functions and splitting unrelated

-     functions prevents this.

-     [Steve Henson]

-  *) Cleanup of EVP macros.

-     [Ben Laurie]

-  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the

-     correct _ecb suffix.

-     [Ben Laurie]

-  *) Add initial OCSP responder support to ocsp application. The

-     revocation information is handled using the text based index

-     use by the ca application. The responder can either handle

-     requests generated internally, supplied in files (for example

-     via a CGI script) or using an internal minimal server.

-     [Steve Henson]

-  *) Add configuration choices to get zlib compression for TLS.

-     [Richard Levitte]

-  *) Changes to Kerberos SSL for RFC 2712 compliance:

-     1.  Implemented real KerberosWrapper, instead of just using

-         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <[email protected]>]

-     2.  Implemented optional authenticator field of KerberosWrapper.

-     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,

-     and authenticator structs; see crypto/krb5/.

-     Generalized Kerberos calls to support multiple Kerberos libraries.

-     [Vern Staats <[email protected]>,

-      Jeffrey Altman <[email protected]>

-      via Richard Levitte]

-  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it

-     already does with RSA. testdsa.h now has 'priv_key/pub_key'

-     values for each of the key sizes rather than having just

-     parameters (and 'speed' generating keys each time).

-     [Geoff Thorpe]

-  *) Speed up EVP routines.

-     Before:

-encrypt

-type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes

-des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k

-des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k

-des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k

-decrypt

-des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k

-des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k

-des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k

-     After:

-encrypt

-des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k

-decrypt

-des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k

-     [Ben Laurie]

-  *) Added the OS2-EMX target.

-     ["Brian Havard" <[email protected]> and Richard Levitte]

-  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions

-     to support NCONF routines in extension code. New function CONF_set_nconf()

-     to allow functions which take an NCONF to also handle the old LHASH

-     structure: this means that the old CONF compatible routines can be

-     retained (in particular wrt extensions) without having to duplicate the

-     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.

-     [Steve Henson]

-  *) Enhance the general user interface with mechanisms for inner control

-     and with possibilities to have yes/no kind of prompts.

-     [Richard Levitte]

-  *) Change all calls to low level digest routines in the library and

-     applications to use EVP. Add missing calls to HMAC_cleanup() and

-     don't assume HMAC_CTX can be copied using memcpy().

-     [Verdon Walker <[email protected]>, Steve Henson]

-  *) Add the possibility to control engines through control names but with

-     arbitrary arguments instead of just a string.

-     Change the key loaders to take a UI_METHOD instead of a callback

-     function pointer.  NOTE: this breaks binary compatibility with earlier

-     versions of OpenSSL [engine].

-     Adapt the nCipher code for these new conditions and add a card insertion

-     callback.

-     [Richard Levitte]

-  *) Enhance the general user interface with mechanisms to better support

-     dialog box interfaces, application-defined prompts, the possibility

-     to use defaults (for example default passwords from somewhere else)

-     and interrupts/cancellations.

-     [Richard Levitte]

-  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name

-     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.

-     [Steve Henson]

-  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also

-     tidy up some unnecessarily weird code in 'sk_new()').

-     [Geoff, reported by Diego Tartara <[email protected]>]

-  *) Change the key loading routines for ENGINEs to use the same kind

-     callback (pem_password_cb) as all other routines that need this

-     kind of callback.

-     [Richard Levitte]

-  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with

-     256 bit (=32 byte) keys. Of course seeding with more entropy bytes

-     than this minimum value is recommended.

-     [Lutz Jaenicke]

-  *) New random seeder for OpenVMS, using the system process statistics

-     that are easily reachable.

-     [Richard Levitte]

-  *) Windows apparently can't transparently handle global

-     variables defined in DLLs. Initialisations such as:

-        const ASN1_ITEM *it = &ASN1_INTEGER_it;

-     wont compile. This is used by the any applications that need to

-     declare their own ASN1 modules. This was fixed by adding the option

-     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly

-     needed for static libraries under Win32.

-     [Steve Henson]

-  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle

-     setting of purpose and trust fields. New X509_STORE trust and

-     purpose functions and tidy up setting in other SSL functions.

-     [Steve Henson]

-  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE

-     structure. These are inherited by X509_STORE_CTX when it is

-     initialised. This allows various defaults to be set in the

-     X509_STORE structure (such as flags for CRL checking and custom

-     purpose or trust settings) for functions which only use X509_STORE_CTX

-     internally such as S/MIME.

-     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and

-     trust settings if they are not set in X509_STORE. This allows X509_STORE

-     purposes and trust (in S/MIME for example) to override any set by default.

-     Add command line options for CRL checking to smime, s_client and s_server

-     applications.

-     [Steve Henson]

-  *) Initial CRL based revocation checking. If the CRL checking flag(s)

-     are set then the CRL is looked up in the X509_STORE structure and

-     its validity and signature checked, then if the certificate is found

-     in the CRL the verify fails with a revoked error.

-     Various new CRL related callbacks added to X509_STORE_CTX structure.

-     Command line options added to 'verify' application to support this.

-     This needs some additional work, such as being able to handle multiple

-     CRLs with different times, extension based lookup (rather than just

-     by subject name) and ultimately more complete V2 CRL extension

-     handling.

-     [Steve Henson]

-  *) Add a general user interface API (crypto/ui/).  This is designed

-     to replace things like des_read_password and friends (backward

-     compatibility functions using this new API are provided).

-     The purpose is to remove prompting functions from the DES code

-     section as well as provide for prompting through dialog boxes in

-     a window system and the like.

-     [Richard Levitte]

-  *) Add "ex_data" support to ENGINE so implementations can add state at a

-     per-structure level rather than having to store it globally.

-     [Geoff]

-  *) Make it possible for ENGINE structures to be copied when retrieved by

-     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.

-     This causes the "original" ENGINE structure to act like a template,

-     analogous to the RSA vs. RSA_METHOD type of separation. Because of this

-     operational state can be localised to each ENGINE structure, despite the

-     fact they all share the same "methods". New ENGINE structures returned in

-     this case have no functional references and the return value is the single

-     structural reference. This matches the single structural reference returned

-     by ENGINE_by_id() normally, when it is incremented on the pre-existing

-     ENGINE structure.

-     [Geoff]

-  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this

-     needs to match any other type at all we need to manually clear the

-     tag cache.

-     [Steve Henson]

-  *) Changes to the "openssl engine" utility to include;

-     - verbosity levels ('-v', '-vv', and '-vvv') that provide information

-       about an ENGINE's available control commands.

-     - executing control commands from command line arguments using the

-       '-pre' and '-post' switches. '-post' is only used if '-t' is

-       specified and the ENGINE is successfully initialised. The syntax for

-       the individual commands are colon-separated, for example;

-	 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so

-     [Geoff]

-  *) New dynamic control command support for ENGINEs. ENGINEs can now

-     declare their own commands (numbers), names (strings), descriptions,

-     and input types for run-time discovery by calling applications. A

-     subset of these commands are implicitly classed as "executable"

-     depending on their input type, and only these can be invoked through

-     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this

-     can be based on user input, config files, etc). The distinction is

-     that "executable" commands cannot return anything other than a boolean

-     result and can only support numeric or string input, whereas some

-     discoverable commands may only be for direct use through

-     ENGINE_ctrl(), eg. supporting the exchange of binary data, function

-     pointers, or other custom uses. The "executable" commands are to

-     support parameterisations of ENGINE behaviour that can be

-     unambiguously defined by ENGINEs and used consistently across any

-     OpenSSL-based application. Commands have been added to all the

-     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow

-     control over shared-library paths without source code alterations.

-     [Geoff]

-  *) Changed all ENGINE implementations to dynamically allocate their

-     ENGINEs rather than declaring them statically. Apart from this being

-     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,

-     this also allows the implementations to compile without using the

-     internal engine_int.h header.

-     [Geoff]

-  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a

-     'const' value. Any code that should be able to modify a RAND_METHOD

-     should already have non-const pointers to it (ie. they should only

-     modify their own ones).

-     [Geoff]

-  *) Made a variety of little tweaks to the ENGINE code.

-     - "atalla" and "ubsec" string definitions were moved from header files

-       to C code. "nuron" string definitions were placed in variables

-       rather than hard-coded - allowing parameterisation of these values

-       later on via ctrl() commands.

-     - Removed unused "#if 0"'d code.

-     - Fixed engine list iteration code so it uses ENGINE_free() to release

-       structural references.

-     - Constified the RAND_METHOD element of ENGINE structures.

-     - Constified various get/set functions as appropriate and added

-       missing functions (including a catch-all ENGINE_cpy that duplicates

-       all ENGINE values onto a new ENGINE except reference counts/state).

-     - Removed NULL parameter checks in get/set functions. Setting a method

-       or function to NULL is a way of cancelling out a previously set

-       value.  Passing a NULL ENGINE parameter is just plain stupid anyway

-       and doesn't justify the extra error symbols and code.

-     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for

-       flags from engine_int.h to engine.h.

-     - Changed prototypes for ENGINE handler functions (init(), finish(),

-       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.

-     [Geoff]

-  *) Implement binary inversion algorithm for BN_mod_inverse in addition

-     to the algorithm using long division.  The binary algorithm can be

-     used only if the modulus is odd.  On 32-bit systems, it is faster

-     only for relatively small moduli (roughly 20-30% for 128-bit moduli,

-     roughly 5-15% for 256-bit moduli), so we use it only for moduli

-     up to 450 bits.  In 64-bit environments, the binary algorithm

-     appears to be advantageous for much longer moduli; here we use it

-     for moduli up to 2048 bits.

-     [Bodo Moeller]

-  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code

-     could not support the combine flag in choice fields.

-     [Steve Henson]

-  *) Add a 'copy_extensions' option to the 'ca' utility. This copies

-     extensions from a certificate request to the certificate.

-     [Steve Henson]

-  *) Allow multiple 'certopt' and 'nameopt' options to be separated

-     by commas. Add 'namopt' and 'certopt' options to the 'ca' config

-     file: this allows the display of the certificate about to be

-     signed to be customised, to allow certain fields to be included

-     or excluded and extension details. The old system didn't display

-     multicharacter strings properly, omitted fields not in the policy

-     and couldn't display additional details such as extensions.

-     [Steve Henson]

-  *) Function EC_POINTs_mul for multiple scalar multiplication

-     of an arbitrary number of elliptic curve points

-          \sum scalars[i]*points[i],

-     optionally including the generator defined for the EC_GROUP:

-          scalar*generator +  \sum scalars[i]*points[i].

-     EC_POINT_mul is a simple wrapper function for the typical case

-     that the point list has just one item (besides the optional

-     generator).

-     [Bodo Moeller]

-  *) First EC_METHODs for curves over GF(p):

-     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr

-     operations and provides various method functions that can also

-     operate with faster implementations of modular arithmetic.

-     EC_GFp_mont_method() reuses most functions that are part of

-     EC_GFp_simple_method, but uses Montgomery arithmetic.

-     [Bodo Moeller; point addition and point doubling

-     implementation directly derived from source code provided by

-     Lenka Fibikova <[email protected]>]

-  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,

-     crypto/ec/ec_lib.c):

-     Curves are EC_GROUP objects (with an optional group generator)

-     based on EC_METHODs that are built into the library.

-     Points are EC_POINT objects based on EC_GROUP objects.

-     Most of the framework would be able to handle curves over arbitrary

-     finite fields, but as there are no obvious types for fields other

-     than GF(p), some functions are limited to that for now.

-     [Bodo Moeller]

-  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires

-     that the file contains a complete HTTP response.

-     [Richard Levitte]

-  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl

-     change the def and num file printf format specifier from "%-40sXXX"

-     to "%-39s XXX". The latter will always guarantee a space after the

-     field while the former will cause them to run together if the field

-     is 40 of more characters long.

-     [Steve Henson]

-  *) Constify the cipher and digest 'method' functions and structures

-     and modify related functions to take constant EVP_MD and EVP_CIPHER

-     pointers.

-     [Steve Henson]

-  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them

-     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.

-     [Bodo Moeller]

-  *) Modify EVP_Digest*() routines so they now return values. Although the

-     internal software routines can never fail additional hardware versions

-     might.

-     [Steve Henson]

-  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:

-     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7

-     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.

-     ASN1 error codes

-          ERR_R_NESTED_ASN1_ERROR

-          ...

-          ERR_R_MISSING_ASN1_EOS

-     were 4 .. 9, conflicting with

-          ERR_LIB_RSA (= ERR_R_RSA_LIB)

-          ...

-          ERR_LIB_PEM (= ERR_R_PEM_LIB).

-     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).

-     Add new error code 'ERR_R_INTERNAL_ERROR'.

-     [Bodo Moeller]

-  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock

-     suffices.

-     [Bodo Moeller]

-  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This

-     sets the subject name for a new request or supersedes the

-     subject name in a given request. Formats that can be parsed are

-          'CN=Some Name, OU=myOU, C=IT'

-     and

-          'CN=Some Name/OU=myOU/C=IT'.

-     Add options '-batch' and '-verbose' to 'openssl req'.

-     [Massimiliano Pala <[email protected]>]

-  *) Introduce the possibility to access global variables through

-     functions on platform were that's the best way to handle exporting

-     global variables in shared libraries.  To enable this functionality,

-     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro

-     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter

-     is normally done by Configure or something similar).

-     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL

-     in the source file (foo.c) like this:

-	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;

-	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

-     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL

-     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

-	OPENSSL_DECLARE_GLOBAL(int,foo);

-	#define foo OPENSSL_GLOBAL_REF(foo)

-	OPENSSL_DECLARE_GLOBAL(double,bar);

-	#define bar OPENSSL_GLOBAL_REF(bar)

-     The #defines are very important, and therefore so is including the

-     header file everywhere where the defined globals are used.

-     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition

-     of ASN.1 items, but that structure is a bit different.

-     The largest change is in util/mkdef.pl which has been enhanced with

-     better and easier to understand logic to choose which symbols should

-     go into the Windows .def files as well as a number of fixes and code

-     cleanup (among others, algorithm keywords are now sorted

-     lexicographically to avoid constant rewrites).

-     [Richard Levitte]

-  *) In BN_div() keep a copy of the sign of 'num' before writing the

-     result to 'rm' because if rm==num the value will be overwritten

-     and produce the wrong result if 'num' is negative: this caused

-     problems with BN_mod() and BN_nnmod().

-     [Steve Henson]

-  *) Function OCSP_request_verify(). This checks the signature on an

-     OCSP request and verifies the signer certificate. The signer

-     certificate is just checked for a generic purpose and OCSP request

-     trust settings.

-     [Steve Henson]

-  *) Add OCSP_check_validity() function to check the validity of OCSP

-     responses. OCSP responses are prepared in real time and may only

-     be a few seconds old. Simply checking that the current time lies

-     between thisUpdate and nextUpdate max reject otherwise valid responses

-     caused by either OCSP responder or client clock inaccuracy. Instead

-     we allow thisUpdate and nextUpdate to fall within a certain period of

-     the current time. The age of the response can also optionally be

-     checked. Two new options -validity_period and -status_age added to

-     ocsp utility.

-     [Steve Henson]

-  *) If signature or public key algorithm is unrecognized print out its

-     OID rather that just UNKNOWN.

-     [Steve Henson]

-  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and

-     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate

-     ID to be generated from the issuer certificate alone which can then be

-     passed to OCSP_id_issuer_cmp().

-     [Steve Henson]

-  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new

-     ASN1 modules to export functions returning ASN1_ITEM pointers

-     instead of the ASN1_ITEM structures themselves. This adds several

-     new macros which allow the underlying ASN1 function/structure to

-     be accessed transparently. As a result code should not use ASN1_ITEM

-     references directly (such as &X509_it) but instead use the relevant

-     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow

-     use of the new ASN1 code on platforms where exporting structures

-     is problematical (for example in shared libraries) but exporting

-     functions returning pointers to structures is not.

-     [Steve Henson]

-  *) Add support for overriding the generation of SSL/TLS session IDs.

-     These callbacks can be registered either in an SSL_CTX or per SSL.

-     The purpose of this is to allow applications to control, if they wish,

-     the arbitrary values chosen for use as session IDs, particularly as it

-     can be useful for session caching in multiple-server environments. A

-     command-line switch for testing this (and any client code that wishes

-     to use such a feature) has been added to "s_server".

-     [Geoff Thorpe, Lutz Jaenicke]

-  *) Modify mkdef.pl to recognise and parse preprocessor conditionals

-     of the form '#if defined(...) || defined(...) || ...' and

-     '#if !defined(...) && !defined(...) && ...'.  This also avoids

-     the growing number of special cases it was previously handling.

-     [Richard Levitte]

-  *) Make all configuration macros available for application by making

-     sure they are available in opensslconf.h, by giving them names starting

-     with "OPENSSL_" to avoid conflicts with other packages and by making

-     sure e_os2.h will cover all platform-specific cases together with

-     opensslconf.h.

-     Additionally, it is now possible to define configuration/platform-

-     specific names (called "system identities").  In the C code, these

-     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another

-     macro with the name beginning with "OPENSSL_SYS_", which is determined

-     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on

-     what is available.

-     [Richard Levitte]

-  *) New option -set_serial to 'req' and 'x509' this allows the serial

-     number to use to be specified on the command line. Previously self

-     signed certificates were hard coded with serial number 0 and the

-     CA options of 'x509' had to use a serial number in a file which was

-     auto incremented.

-     [Steve Henson]

-  *) New options to 'ca' utility to support V2 CRL entry extensions.

-     Currently CRL reason, invalidity date and hold instruction are

-     supported. Add new CRL extensions to V3 code and some new objects.

-     [Steve Henson]

-  *) New function EVP_CIPHER_CTX_set_padding() this is used to

-     disable standard block padding (aka PKCS#5 padding) in the EVP

-     API, which was previously mandatory. This means that the data is

-     not padded in any way and so the total length much be a multiple

-     of the block size, otherwise an error occurs.

-     [Steve Henson]

-  *) Initial (incomplete) OCSP SSL support.

-     [Steve Henson]

-  *) New function OCSP_parse_url(). This splits up a URL into its host,

-     port and path components: primarily to parse OCSP URLs. New -url

-     option to ocsp utility.

-     [Steve Henson]

-  *) New nonce behavior. The return value of OCSP_check_nonce() now

-     reflects the various checks performed. Applications can decide

-     whether to tolerate certain situations such as an absent nonce

-     in a response when one was present in a request: the ocsp application

-     just prints out a warning. New function OCSP_add1_basic_nonce()

-     this is to allow responders to include a nonce in a response even if

-     the request is nonce-less.

-     [Steve Henson]

-  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are

-     skipped when using openssl x509 multiple times on a single input file,

-     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".

-     [Bodo Moeller]

-  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()

-     set string type: to handle setting ASN1_TIME structures. Fix ca

-     utility to correctly initialize revocation date of CRLs.

-     [Steve Henson]

-  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override

-     the clients preferred ciphersuites and rather use its own preferences.

-     Should help to work around M$ SGC (Server Gated Cryptography) bug in

-     Internet Explorer by ensuring unchanged hash method during stepup.

-     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)

-     [Lutz Jaenicke]

-  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael

-     to aes and add a new 'exist' option to print out symbols that don't

-     appear to exist.

-     [Steve Henson]

-  *) Additional options to ocsp utility to allow flags to be set and

-     additional certificates supplied.

-     [Steve Henson]

-  *) Add the option -VAfile to 'openssl ocsp', so the user can give the

-     OCSP client a number of certificate to only verify the response

-     signature against.

-     [Richard Levitte]

-  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to

-     handle the new API. Currently only ECB, CBC modes supported. Add new

-     AES OIDs.

-     Add TLS AES ciphersuites as described in RFC3268, "Advanced

-     Encryption Standard (AES) Ciphersuites for Transport Layer

-     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were

-     not enabled by default and were not part of the "ALL" ciphersuite

-     alias because they were not yet official; they could be

-     explicitly requested by specifying the "AESdraft" ciphersuite

-     group alias.  In the final release of OpenSSL 0.9.7, the group

-     alias is called "AES" and is part of "ALL".)

-     [Ben Laurie, Steve  Henson, Bodo Moeller]

-  *) New function OCSP_copy_nonce() to copy nonce value (if present) from

-     request to response.

-     [Steve Henson]

-  *) Functions for OCSP responders. OCSP_request_onereq_count(),

-     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()

-     extract information from a certificate request. OCSP_response_create()

-     creates a response and optionally adds a basic response structure.

-     OCSP_basic_add1_status() adds a complete single response to a basic

-     response and returns the OCSP_SINGLERESP structure just added (to allow

-     extensions to be included for example). OCSP_basic_add1_cert() adds a

-     certificate to a basic response and OCSP_basic_sign() signs a basic

-     response with various flags. New helper functions ASN1_TIME_check()

-     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()

-     (converts ASN1_TIME to GeneralizedTime).

-     [Steve Henson]

-  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()

-     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key

-     structure from a certificate. X509_pubkey_digest() digests the public_key

-     contents: this is used in various key identifiers.

-     [Steve Henson]

-  *) Make sk_sort() tolerate a NULL argument.

-     [Steve Henson reported by Massimiliano Pala <[email protected]>]

-  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates

-     passed by the function are trusted implicitly. If any of them signed the

-     response then it is assumed to be valid and is not verified.

-     [Steve Henson]

-  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT

-     to data. This was previously part of the PKCS7 ASN1 code. This

-     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.

-     [Steve Henson, reported by Kenneth R. Robinette

-				<[email protected]>]

-  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1

-     routines: without these tracing memory leaks is very painful.

-     Fix leaks in PKCS12 and PKCS7 routines.

-     [Steve Henson]

-  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().

-     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which

-     effectively meant GeneralizedTime would never be used. Now it

-     is initialised to -1 but X509_time_adj() now has to check the value

-     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or

-     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.

-     [Steve Henson, reported by Kenneth R. Robinette

-				<[email protected]>]

-  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously

-     result in a zero length in the ASN1_INTEGER structure which was

-     not consistent with the structure when d2i_ASN1_INTEGER() was used

-     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()

-     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()

-     where it did not print out a minus for negative ASN1_INTEGER.

-     [Steve Henson]

-  *) Add summary printout to ocsp utility. The various functions which

-     convert status values to strings have been renamed to:

-     OCSP_response_status_str(), OCSP_cert_status_str() and

-     OCSP_crl_reason_str() and are no longer static. New options

-     to verify nonce values and to disable verification. OCSP response

-     printout format cleaned up.

-     [Steve Henson]

-  *) Add additional OCSP certificate checks. These are those specified

-     in RFC2560. This consists of two separate checks: the CA of the

-     certificate being checked must either be the OCSP signer certificate

-     or the issuer of the OCSP signer certificate. In the latter case the

-     OCSP signer certificate must contain the OCSP signing extended key

-     usage. This check is performed by attempting to match the OCSP

-     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash

-     in the OCSP_CERTID structures of the response.

-     [Steve Henson]

-  *) Initial OCSP certificate verification added to OCSP_basic_verify()

-     and related routines. This uses the standard OpenSSL certificate

-     verify routines to perform initial checks (just CA validity) and

-     to obtain the certificate chain. Then additional checks will be

-     performed on the chain. Currently the root CA is checked to see

-     if it is explicitly trusted for OCSP signing. This is used to set

-     a root CA as a global signing root: that is any certificate that

-     chains to that CA is an acceptable OCSP signing certificate.

-     [Steve Henson]

-  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3

-     extensions from a separate configuration file.

-     As when reading extensions from the main configuration file,

-     the '-extensions ...' option may be used for specifying the

-     section to use.

-     [Massimiliano Pala <[email protected]>]

-  *) New OCSP utility. Allows OCSP requests to be generated or

-     read. The request can be sent to a responder and the output

-     parsed, outputed or printed in text form. Not complete yet:

-     still needs to check the OCSP response validity.

-     [Steve Henson]

-  *) New subcommands for 'openssl ca':

-     'openssl ca -status <serial>' prints the status of the cert with

-     the given serial number (according to the index file).

-     'openssl ca -updatedb' updates the expiry status of certificates

-     in the index file.

-     [Massimiliano Pala <[email protected]>]

-  *) New '-newreq-nodes' command option to CA.pl.  This is like

-     '-newreq', but calls 'openssl req' with the '-nodes' option

-     so that the resulting key is not encrypted.

-     [Damien Miller <[email protected]>]

-  *) New configuration for the GNU Hurd.

-     [Jonathan Bartlett <[email protected]> via Richard Levitte]

-  *) Initial code to implement OCSP basic response verify. This

-     is currently incomplete. Currently just finds the signer's

-     certificate and verifies the signature on the response.

-     [Steve Henson]

-  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in

-     value of OPENSSLDIR.  This is available via the new '-d' option

-     to 'openssl version', and is also included in 'openssl version -a'.

-     [Bodo Moeller]

-  *) Allowing defining memory allocation callbacks that will be given

-     file name and line number information in additional arguments

-     (a const char* and an int).  The basic functionality remains, as

-     well as the original possibility to just replace malloc(),

-     realloc() and free() by functions that do not know about these

-     additional arguments.  To register and find out the current

-     settings for extended allocation functions, the following

-     functions are provided:

-	CRYPTO_set_mem_ex_functions

-	CRYPTO_set_locked_mem_ex_functions

-	CRYPTO_get_mem_ex_functions

-	CRYPTO_get_locked_mem_ex_functions

-     These work the same way as CRYPTO_set_mem_functions and friends.

-     CRYPTO_get_[locked_]mem_functions now writes 0 where such an

-     extended allocation function is enabled.

-     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where

-     a conventional allocation function is enabled.

-     [Richard Levitte, Bodo Moeller]

-  *) Finish off removing the remaining LHASH function pointer casts.

-     There should no longer be any prototype-casting required when using

-     the LHASH abstraction, and any casts that remain are "bugs". See

-     the callback types and macros at the head of lhash.h for details

-     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).

-     [Geoff Thorpe]

-  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.

-     If /dev/[u]random devices are not available or do not return enough

-     entropy, EGD style sockets (served by EGD or PRNGD) will automatically

-     be queried.

-     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and

-     /etc/entropy will be queried once each in this sequence, quering stops

-     when enough entropy was collected without querying more sockets.

-     [Lutz Jaenicke]

-  *) Change the Unix RAND_poll() variant to be able to poll several

-     random devices, as specified by DEVRANDOM, until a sufficient amount

-     of data has been collected.   We spend at most 10 ms on each file

-     (select timeout) and read in non-blocking mode.  DEVRANDOM now

-     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"

-     (previously it was just the string "/dev/urandom"), so on typical

-     platforms the 10 ms delay will never occur.

-     Also separate out the Unix variant to its own file, rand_unix.c.

-     For VMS, there's a currently-empty rand_vms.c.

-     [Richard Levitte]

-  *) Move OCSP client related routines to ocsp_cl.c. These

-     provide utility functions which an application needing

-     to issue a request to an OCSP responder and analyse the

-     response will typically need: as opposed to those which an

-     OCSP responder itself would need which will be added later.

-     OCSP_request_sign() signs an OCSP request with an API similar

-     to PKCS7_sign(). OCSP_response_status() returns status of OCSP

-     response. OCSP_response_get1_basic() extracts basic response

-     from response. OCSP_resp_find_status(): finds and extracts status

-     information from an OCSP_CERTID structure (which will be created

-     when the request structure is built). These are built from lower

-     level functions which work on OCSP_SINGLERESP structures but

-     wont normally be used unless the application wishes to examine

-     extensions in the OCSP response for example.

-     Replace nonce routines with a pair of functions.

-     OCSP_request_add1_nonce() adds a nonce value and optionally

-     generates a random value. OCSP_check_nonce() checks the

-     validity of the nonce in an OCSP response.

-     [Steve Henson]

-  *) Change function OCSP_request_add() to OCSP_request_add0_id().

-     This doesn't copy the supplied OCSP_CERTID and avoids the

-     need to free up the newly created id. Change return type

-     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.

-     This can then be used to add extensions to the request.

-     Deleted OCSP_request_new(), since most of its functionality

-     is now in OCSP_REQUEST_new() (and the case insensitive name

-     clash) apart from the ability to set the request name which

-     will be added elsewhere.

-     [Steve Henson]

-  *) Update OCSP API. Remove obsolete extensions argument from

-     various functions. Extensions are now handled using the new

-     OCSP extension code. New simple OCSP HTTP function which

-     can be used to send requests and parse the response.

-     [Steve Henson]

-  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new

-     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN

-     uses the special reorder version of SET OF to sort the attributes

-     and reorder them to match the encoded order. This resolves a long

-     standing problem: a verify on a PKCS7 structure just after signing

-     it used to fail because the attribute order did not match the

-     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:

-     it uses the received order. This is necessary to tolerate some broken

-     software that does not order SET OF. This is handled by encoding

-     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)

-     to produce the required SET OF.

-     [Steve Henson]

-  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and

-     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header

-     files to get correct declarations of the ASN.1 item variables.

-     [Richard Levitte]

-  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many

-     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:

-     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was

-     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().

-     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant

-     ASN1_ITEM and no wrapper functions.

-     [Steve Henson]

-  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These

-     replace the old function pointer based I/O routines. Change most of

-     the *_d2i_bio() and *_d2i_fp() functions to use these.

-     [Steve Henson]

-  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor

-     lines, recognice more "algorithms" that can be deselected, and make

-     it complain about algorithm deselection that isn't recognised.

-     [Richard Levitte]

-  *) New ASN1 functions to handle dup, sign, verify, digest, pack and

-     unpack operations in terms of ASN1_ITEM. Modify existing wrappers

-     to use new functions. Add NO_ASN1_OLD which can be set to remove

-     some old style ASN1 functions: this can be used to determine if old

-     code will still work when these eventually go away.

-     [Steve Henson]

-  *) New extension functions for OCSP structures, these follow the

-     same conventions as certificates and CRLs.

-     [Steve Henson]

-  *) New function X509V3_add1_i2d(). This automatically encodes and

-     adds an extension. Its behaviour can be customised with various

-     flags to append, replace or delete. Various wrappers added for

-     certifcates and CRLs.

-     [Steve Henson]

-  *) Fix to avoid calling the underlying ASN1 print routine when

-     an extension cannot be parsed. Correct a typo in the

-     OCSP_SERVICELOC extension. Tidy up print OCSP format.

-     [Steve Henson]

-  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate

-     entries for variables.

-     [Steve Henson]

-  *) Add functionality to apps/openssl.c for detecting locking

-     problems: As the program is single-threaded, all we have

-     to do is register a locking callback using an array for

-     storing which locks are currently held by the program.

-     [Bodo Moeller]

-  *) Use a lock around the call to CRYPTO_get_ex_new_index() in

-     SSL_get_ex_data_X509_STORE_idx(), which is used in

-     ssl_verify_cert_chain() and thus can be called at any time

-     during TLS/SSL handshakes so that thread-safety is essential.

-     Unfortunately, the ex_data design is not at all suited

-     for multi-threaded use, so it probably should be abolished.

-     [Bodo Moeller]

-  *) Added Broadcom "ubsec" ENGINE to OpenSSL.

-     [Broadcom, tweaked and integrated by Geoff Thorpe]

-  *) Move common extension printing code to new function

-     X509V3_print_extensions(). Reorganise OCSP print routines and

-     implement some needed OCSP ASN1 functions. Add OCSP extensions.

-     [Steve Henson]

-  *) New function X509_signature_print() to remove duplication in some

-     print routines.

-     [Steve Henson]

-  *) Add a special meaning when SET OF and SEQUENCE OF flags are both

-     set (this was treated exactly the same as SET OF previously). This

-     is used to reorder the STACK representing the structure to match the

-     encoding. This will be used to get round a problem where a PKCS7

-     structure which was signed could not be verified because the STACK

-     order did not reflect the encoded order.

-     [Steve Henson]

-  *) Reimplement the OCSP ASN1 module using the new code.

-     [Steve Henson]

-  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure

-     for its ASN1 operations. The old style function pointers still exist

-     for now but they will eventually go away.

-     [Steve Henson]

-  *) Merge in replacement ASN1 code from the ASN1 branch. This almost

-     completely replaces the old ASN1 functionality with a table driven

-     encoder and decoder which interprets an ASN1_ITEM structure describing

-     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is

-     largely maintained. Almost all of the old asn1_mac.h macro based ASN1

-     has also been converted to the new form.

-     [Steve Henson]

-  *) Change BN_mod_exp_recp so that negative moduli are tolerated

-     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set

-     so that BN_mod_exp_mont and BN_mod_exp_mont_word work

-     for negative moduli.

-     [Bodo Moeller]

-  *) Fix BN_uadd and BN_usub: Always return non-negative results instead

-     of not touching the result's sign bit.

-     [Bodo Moeller]

-  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be

-     set.

-     [Bodo Moeller]

-  *) Changed the LHASH code to use prototypes for callbacks, and created

-     macros to declare and implement thin (optionally static) functions

-     that provide type-safety and avoid function pointer casting for the

-     type-specific callbacks.

-     [Geoff Thorpe]

-  *) Added Kerberos Cipher Suites to be used with TLS, as written in

-     RFC 2712.

-     [Veers Staats <[email protected]>,

-      Jeffrey Altman <[email protected]>, via Richard Levitte]

-  *) Reformat the FAQ so the different questions and answers can be divided

-     in sections depending on the subject.

-     [Richard Levitte]

-  *) Have the zlib compression code load ZLIB.DLL dynamically under

-     Windows.

-     [Richard Levitte]

-  *) New function BN_mod_sqrt for computing square roots modulo a prime

-     (using the probabilistic Tonelli-Shanks algorithm unless

-     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can

-     be handled deterministically).

-     [Lenka Fibikova <[email protected]>, Bodo Moeller]

-  *) Make BN_mod_inverse faster by explicitly handling small quotients

-     in the Euclid loop. (Speed gain about 20% for small moduli [256 or

-     512 bits], about 30% for larger ones [1024 or 2048 bits].)

-     [Bodo Moeller]

-  *) New function BN_kronecker.

-     [Bodo Moeller]

-  *) Fix BN_gcd so that it works on negative inputs; the result is

-     positive unless both parameters are zero.

-     Previously something reasonably close to an infinite loop was

-     possible because numbers could be growing instead of shrinking

-     in the implementation of Euclid's algorithm.

-     [Bodo Moeller]

-  *) Fix BN_is_word() and BN_is_one() macros to take into account the

-     sign of the number in question.

-     Fix BN_is_word(a,w) to work correctly for w == 0.

-     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)

-     because its test if the absolute value of 'a' equals 'w'.

-     Note that BN_abs_is_word does *not* handle w == 0 reliably;

-     it exists mostly for use in the implementations of BN_is_zero(),

-     BN_is_one(), and BN_is_word().

-     [Bodo Moeller]

-  *) New function BN_swap.

-     [Bodo Moeller]

-  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that

-     the exponentiation functions are more likely to produce reasonable

-     results on negative inputs.

-     [Bodo Moeller]

-  *) Change BN_mod_mul so that the result is always non-negative.

-     Previously, it could be negative if one of the factors was negative;

-     I don't think anyone really wanted that behaviour.

-     [Bodo Moeller]

-  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c

-     (except for exponentiation, which stays in crypto/bn/bn_exp.c,

-     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)

-     and add new functions:

-          BN_nnmod

-          BN_mod_sqr

-          BN_mod_add

-          BN_mod_add_quick

-          BN_mod_sub

-          BN_mod_sub_quick

-          BN_mod_lshift1

-          BN_mod_lshift1_quick

-          BN_mod_lshift

-          BN_mod_lshift_quick

-     These functions always generate non-negative results.

-     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r

-     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).

-     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as

-     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]

-     be reduced modulo  m.

-     [Lenka Fibikova <[email protected]>, Bodo Moeller]

-#if 0

-     The following entry accidentily appeared in the CHANGES file

-     distributed with OpenSSL 0.9.7.  The modifications described in

-     it do *not* apply to OpenSSL 0.9.7.

-  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there

-     was actually never needed) and in BN_mul().  The removal in BN_mul()

-     required a small change in bn_mul_part_recursive() and the addition

-     of the functions bn_cmp_part_words(), bn_sub_part_words() and

-     bn_add_part_words(), which do the same thing as bn_cmp_words(),

-     bn_sub_words() and bn_add_words() except they take arrays with

-     differing sizes.

-     [Richard Levitte]

-#endif

-  *) In 'openssl passwd', verify passwords read from the terminal

-     unless the '-salt' option is used (which usually means that

-     verification would just waste user's time since the resulting

-     hash is going to be compared with some given password hash)

-     or the new '-noverify' option is used.

-     This is an incompatible change, but it does not affect

-     non-interactive use of 'openssl passwd' (passwords on the command

-     line, '-stdin' option, '-in ...' option) and thus should not

-     cause any problems.

-     [Bodo Moeller]

-  *) Remove all references to RSAref, since there's no more need for it.

-     [Richard Levitte]

-  *) Make DSO load along a path given through an environment variable

-     (SHLIB_PATH) with shl_load().

-     [Richard Levitte]

-  *) Constify the ENGINE code as a result of BIGNUM constification.

-     Also constify the RSA code and most things related to it.  In a

-     few places, most notable in the depth of the ASN.1 code, ugly

-     casts back to non-const were required (to be solved at a later

-     time)

-     [Richard Levitte]

-  *) Make it so the openssl application has all engines loaded by default.

-     [Richard Levitte]

-  *) Constify the BIGNUM routines a little more.

-     [Richard Levitte]

-  *) Add the following functions:

-	ENGINE_load_cswift()

-	ENGINE_load_chil()

-	ENGINE_load_atalla()

-	ENGINE_load_nuron()

-	ENGINE_load_builtin_engines()

-     That way, an application can itself choose if external engines that

-     are built-in in OpenSSL shall ever be used or not.  The benefit is

-     that applications won't have to be linked with libdl or other dso

-     libraries unless it's really needed.

-     Changed 'openssl engine' to load all engines on demand.

-     Changed the engine header files to avoid the duplication of some

-     declarations (they differed!).

-     [Richard Levitte]

-  *) 'openssl engine' can now list capabilities.

-     [Richard Levitte]

-  *) Better error reporting in 'openssl engine'.

-     [Richard Levitte]

-  *) Never call load_dh_param(NULL) in s_server.

-     [Bodo Moeller]

-  *) Add engine application.  It can currently list engines by name and

-     identity, and test if they are actually available.

-     [Richard Levitte]

-  *) Improve RPM specification file by forcing symbolic linking and making

-     sure the installed documentation is also owned by root.root.

-     [Damien Miller <[email protected]>]

-  *) Give the OpenSSL applications more possibilities to make use of

-     keys (public as well as private) handled by engines.

-     [Richard Levitte]

-  *) Add OCSP code that comes from CertCo.

-     [Richard Levitte]

-  *) Add VMS support for the Rijndael code.

-     [Richard Levitte]

-  *) Added untested support for Nuron crypto accelerator.

-     [Ben Laurie]

-  *) Add support for external cryptographic devices.  This code was

-     previously distributed separately as the "engine" branch.

-     [Geoff Thorpe, Richard Levitte]

-  *) Rework the filename-translation in the DSO code. It is now possible to

-     have far greater control over how a "name" is turned into a filename

-     depending on the operating environment and any oddities about the

-     different shared library filenames on each system.

-     [Geoff Thorpe]

-  *) Support threads on FreeBSD-elf in Configure.

-     [Richard Levitte]

-  *) Fix for SHA1 assembly problem with MASM: it produces

-     warnings about corrupt line number information when assembling

-     with debugging information. This is caused by the overlapping

-     of two sections.

-     [Bernd Matthes <[email protected]>, Steve Henson]

-  *) NCONF changes.

-     NCONF_get_number() has no error checking at all.  As a replacement,

-     NCONF_get_number_e() is defined (_e for "error checking") and is

-     promoted strongly.  The old NCONF_get_number is kept around for

-     binary backward compatibility.

-     Make it possible for methods to load from something other than a BIO,

-     by providing a function pointer that is given a name instead of a BIO.

-     For example, this could be used to load configuration data from an

-     LDAP server.

-     [Richard Levitte]

-  *) Fix for non blocking accept BIOs. Added new I/O special reason

-     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs

-     with non blocking I/O was not possible because no retry code was

-     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover

-     this case.

-     [Steve Henson]

-  *) Added the beginnings of Rijndael support.

-     [Ben Laurie]

-  *) Fix for bug in DirectoryString mask setting. Add support for

-     X509_NAME_print_ex() in 'req' and X509_print_ex() function

-     to allow certificate printing to more controllable, additional

-     'certopt' option to 'x509' to allow new printing options to be

-     set.

-     [Steve Henson]

-  *) Clean old EAY MD5 hack from e_os.h.

-     [Richard Levitte]

- Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]

-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed

-     by using the Codenomicon TLS Test Tool (CVE-2004-0079)

-     [Joe Orton, Steve Henson]

- Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]

-  *) Fix additional bug revealed by the NISCC test suite:

-     Stop bug triggering large recursion when presented with

-     certain ASN.1 tags (CVE-2003-0851)

-     [Steve Henson]

- Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]

-  *) Fix various bugs revealed by running the NISCC test suite:

-     Stop out of bounds reads in the ASN1 code when presented with

-     invalid tags (CVE-2003-0543 and CVE-2003-0544).

-     If verify callback ignores invalid public key errors don't try to check

-     certificate signature with the NULL public key.

-     [Steve Henson]

-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate

-     if the server requested one: as stated in TLS 1.0 and SSL 3.0

-     specifications.

-     [Steve Henson]

-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional

-     extra data after the compression methods not only for TLS 1.0

-     but also for SSL 3.0 (as required by the specification).

-     [Bodo Moeller; problem pointed out by Matthias Loepfe]

-  *) Change X509_certificate_type() to mark the key as exported/exportable

-     when it's 512 *bits* long, not 512 bytes.

-     [Richard Levitte]

- Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]

-  *) Countermeasure against the Klima-Pokorny-Rosa extension of

-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat

-     a protocol version number mismatch like a decryption error

-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).

-     [Bodo Moeller]

-  *) Turn on RSA blinding by default in the default implementation

-     to avoid a timing attack. Applications that don't want it can call

-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.

-     They would be ill-advised to do so in most cases.

-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]

-  *) Change RSA blinding code so that it works when the PRNG is not

-     seeded (in this case, the secret RSA exponent is abused as

-     an unpredictable seed -- if it is not unpredictable, there

-     is no point in blinding anyway).  Make RSA blinding thread-safe

-     by remembering the creator's thread ID in rsa->blinding and

-     having all other threads use local one-time blinding factors

-     (this requires more computation than sharing rsa->blinding, but

-     avoids excessive locking; and if an RSA object is not shared

-     between threads, blinding will still be very fast).

-     [Bodo Moeller]

- Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]

-  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

-     via timing by performing a MAC computation even if incorrrect

-     block cipher padding has been found.  This is a countermeasure

-     against active attacks where the attacker has to distinguish

-     between bad padding and a MAC verification error. (CVE-2003-0078)

-     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),

-     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and

-     Martin Vuagnoux (EPFL, Ilion)]

- Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]

-  *) New function OPENSSL_cleanse(), which is used to cleanse a section of

-     memory from it's contents.  This is done with a counter that will

-     place alternating values in each byte.  This can be used to solve

-     two issues: 1) the removal of calls to memset() by highly optimizing

-     compilers, and 2) cleansing with other values than 0, since those can

-     be read through on certain media, for example a swap space on disk.

-     [Geoff Thorpe]

-  *) Bugfix: client side session caching did not work with external caching,

-     because the session->cipher setting was not restored when reloading

-     from the external cache. This problem was masked, when

-     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.

-     (Found by Steve Haslam <[email protected]>.)

-     [Lutz Jaenicke]

-  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total

-     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.

-     [Zeev Lieber <[email protected]>]

-  *) Undo an undocumented change introduced in 0.9.6e which caused

-     repeated calls to OpenSSL_add_all_ciphers() and

-     OpenSSL_add_all_digests() to be ignored, even after calling

-     EVP_cleanup().

-     [Richard Levitte]

-  *) Change the default configuration reader to deal with last line not

-     being properly terminated.

-     [Richard Levitte]

-  *) Change X509_NAME_cmp() so it applies the special rules on handling

-     DN values that are of type PrintableString, as well as RDNs of type

-     emailAddress where the value has the type ia5String.

-     [[email protected] via Richard Levitte]

-  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half

-     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently

-     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be

-     the bitwise-OR of the two for use by the majority of applications

-     wanting this behaviour, and update the docs. The documented

-     behaviour and actual behaviour were inconsistent and had been

-     changing anyway, so this is more a bug-fix than a behavioural

-     change.

-     [Geoff Thorpe, diagnosed by Nadav Har'El]

-  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c

-     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).

-     [Bodo Moeller]

-  *) Fix initialization code race conditions in

-        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),

-        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),

-        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),

-        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),

-        ssl2_get_cipher_by_char(),

-        ssl3_get_cipher_by_char().

-     [Patrick McCormick <[email protected]>, Bodo Moeller]

-  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after

-     the cached sessions are flushed, as the remove_cb() might use ex_data

-     contents. Bug found by Sam Varshavchik <[email protected]>

-     (see [openssl.org #212]).

-     [Geoff Thorpe, Lutz Jaenicke]

-  *) Fix typo in OBJ_txt2obj which incorrectly passed the content

-     length, instead of the encoding length to d2i_ASN1_OBJECT.

-     [Steve Henson]

- Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]

-  *) [In 0.9.6g-engine release:]

-     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').

-     [Lynn Gazis <[email protected]>]

- Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]

-  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX

-     and get fix the header length calculation.

-     [Florian Weimer <[email protected]>,

-	Alon Kantor <[email protected]> (and others),

-	Steve Henson]

-  *) Use proper error handling instead of 'assertions' in buffer

-     overflow checks added in 0.9.6e.  This prevents DoS (the

-     assertions could call abort()).

-     [Arne Ansper <[email protected]>, Bodo Moeller]

- Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]

-  *) Add various sanity checks to asn1_get_length() to reject

-     the ASN1 length bytes if they exceed sizeof(long), will appear

-     negative or the content length exceeds the length of the

-     supplied buffer.

-     [Steve Henson, Adi Stav <[email protected]>, James Yonan <[email protected]>]

-  *) Fix cipher selection routines: ciphers without encryption had no flags

-     for the cipher strength set and where therefore not handled correctly

-     by the selection routines (PR #130).

-     [Lutz Jaenicke]

-  *) Fix EVP_dsa_sha macro.

-     [Nils Larsch]

-  *) New option

-          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

-     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure

-     that was added in OpenSSL 0.9.6d.

-     As the countermeasure turned out to be incompatible with some

-     broken SSL implementations, the new option is part of SSL_OP_ALL.

-     SSL_OP_ALL is usually employed when compatibility with weird SSL

-     implementations is desired (e.g. '-bugs' option to 's_client' and

-     's_server'), so the new option is automatically set in many

-     applications.

-     [Bodo Moeller]

-  *) Changes in security patch:

-     Changes marked "(CHATS)" were sponsored by the Defense Advanced

-     Research Projects Agency (DARPA) and Air Force Research Laboratory,

-     Air Force Materiel Command, USAF, under agreement number

-     F30602-01-2-0537.

-  *) Add various sanity checks to asn1_get_length() to reject

-     the ASN1 length bytes if they exceed sizeof(long), will appear

-     negative or the content length exceeds the length of the

-     supplied buffer. (CVE-2002-0659)

-     [Steve Henson, Adi Stav <[email protected]>, James Yonan <[email protected]>]

-  *) Assertions for various potential buffer overflows, not known to

-     happen in practice.

-     [Ben Laurie (CHATS)]

-  *) Various temporary buffers to hold ASCII versions of integers were

-     too small for 64 bit platforms. (CVE-2002-0655)

-     [Matthew Byng-Maddick <[email protected]> and Ben Laurie (CHATS)>

-  *) Remote buffer overflow in SSL3 protocol - an attacker could

-     supply an oversized session ID to a client. (CVE-2002-0656)

-     [Ben Laurie (CHATS)]

-  *) Remote buffer overflow in SSL2 protocol - an attacker could

-     supply an oversized client master key. (CVE-2002-0656)

-     [Ben Laurie (CHATS)]

- Changes between 0.9.6c and 0.9.6d  [9 May 2002]

-  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not

-     encoded as NULL) with id-dsa-with-sha1.

-     [Nils Larsch <[email protected]>; problem pointed out by Bodo Moeller]

-  *) Check various X509_...() return values in apps/req.c.

-     [Nils Larsch <[email protected]>]

-  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:

-     an end-of-file condition would erronously be flagged, when the CRLF

-     was just at the end of a processed block. The bug was discovered when

-     processing data through a buffering memory BIO handing the data to a

-     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov

-     <[email protected]> and Nedelcho Stanev.

-     [Lutz Jaenicke]

-  *) Implement a countermeasure against a vulnerability recently found

-     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment

-     before application data chunks to avoid the use of known IVs

-     with data potentially chosen by the attacker.

-     [Bodo Moeller]

-  *) Fix length checks in ssl3_get_client_hello().

-     [Bodo Moeller]

-  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently

-     to prevent ssl3_read_internal() from incorrectly assuming that

-     ssl3_read_bytes() found application data while handshake

-     processing was enabled when in fact s->s3->in_read_app_data was

-     merely automatically cleared during the initial handshake.

-     [Bodo Moeller; problem pointed out by Arne Ansper <[email protected]>]

-  *) Fix object definitions for Private and Enterprise: they were not

-     recognized in their shortname (=lowercase) representation. Extend

-     obj_dat.pl to issue an error when using undefined keywords instead

-     of silently ignoring the problem (Svenning Sorensen

-     <[email protected]>).

-     [Lutz Jaenicke]

-  *) Fix DH_generate_parameters() so that it works for 'non-standard'

-     generators, i.e. generators other than 2 and 5.  (Previously, the

-     code did not properly initialise the 'add' and 'rem' values to

-     BN_generate_prime().)

-     In the new general case, we do not insist that 'generator' is

-     actually a primitive root: This requirement is rather pointless;

-     a generator of the order-q subgroup is just as good, if not

-     better.

-     [Bodo Moeller]

-  *) Map new X509 verification errors to alerts. Discovered and submitted by

-     Tom Wu <[email protected]>.

-     [Lutz Jaenicke]

-  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from

-     returning non-zero before the data has been completely received

-     when using non-blocking I/O.

-     [Bodo Moeller; problem pointed out by John Hughes]

-  *) Some of the ciphers missed the strength entry (SSL_LOW etc).

-     [Ben Laurie, Lutz Jaenicke]

-  *) Fix bug in SSL_clear(): bad sessions were not removed (found by

-     Yoram Zahavi <[email protected]>).

-     [Lutz Jaenicke]

-  *) Add information about CygWin 1.3 and on, and preserve proper

-     configuration for the versions before that.

-     [Corinna Vinschen <[email protected]> and Richard Levitte]

-  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:

-     check whether we deal with a copy of a session and do not delete from

-     the cache in this case. Problem reported by "Izhar Shoshani Levi"

-     <[email protected]>.

-     [Lutz Jaenicke]

-  *) Do not store session data into the internal session cache, if it

-     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP

-     flag is set). Proposed by Aslam <[email protected]>.

-     [Lutz Jaenicke]

-  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested

-     value is 0.

-     [Richard Levitte]

-  *) [In 0.9.6d-engine release:]

-     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().

-     [Toomas Kiisk <[email protected]> via Richard Levitte]

-  *) Add the configuration target linux-s390x.

-     [Neale Ferguson <[email protected]> via Richard Levitte]

-  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of

-     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag

-     variable as an indication that a ClientHello message has been

-     received.  As the flag value will be lost between multiple

-     invocations of ssl3_accept when using non-blocking I/O, the

-     function may not be aware that a handshake has actually taken

-     place, thus preventing a new session from being added to the

-     session cache.

-     To avoid this problem, we now set s->new_session to 2 instead of

-     using a local variable.

-     [Lutz Jaenicke, Bodo Moeller]

-  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)

-     if the SSL_R_LENGTH_MISMATCH error is detected.

-     [Geoff Thorpe, Bodo Moeller]

-  *) New 'shared_ldflag' column in Configure platform table.

-     [Richard Levitte]

-  *) Fix EVP_CIPHER_mode macro.

-     ["Dan S. Camper" <[email protected]>]

-  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown

-     type, we must throw them away by setting rr->length to 0.

-     [D P Chang <[email protected]>]

- Changes between 0.9.6b and 0.9.6c  [21 dec 2001]

-  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl

-     <[email protected]>.  (The previous implementation

-     worked incorrectly for those cases where  range = 10..._2  and

-     3*range  is two bits longer than  range.)

-     [Bodo Moeller]

-  *) Only add signing time to PKCS7 structures if it is not already

-     present.

-     [Steve Henson]

-  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",

-     OBJ_ld_ce should be OBJ_id_ce.

-     Also some ip-pda OIDs in crypto/objects/objects.txt were

-     incorrect (cf. RFC 3039).

-     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]

-  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()

-     returns early because it has nothing to do.

-     [Andy Schneider <[email protected]>]

-  *) [In 0.9.6c-engine release:]

-     Fix mutex callback return values in crypto/engine/hw_ncipher.c.

-     [Andy Schneider <[email protected]>]

-  *) [In 0.9.6c-engine release:]

-     Add support for Cryptographic Appliance's keyserver technology.

-     (Use engine 'keyclient')

-     [Cryptographic Appliances and Geoff Thorpe]

-  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'

-     is called via tools/c89.sh because arguments have to be

-     rearranged (all '-L' options must appear before the first object

-     modules).

-     [Richard Shapiro <[email protected]>]

-  *) [In 0.9.6c-engine release:]

-     Add support for Broadcom crypto accelerator cards, backported

-     from 0.9.7.

-     [Broadcom, Nalin Dahyabhai <[email protected]>, Mark Cox]

-  *) [In 0.9.6c-engine release:]

-     Add support for SureWare crypto accelerator cards from

-     Baltimore Technologies.  (Use engine 'sureware')

-     [Baltimore Technologies and Mark Cox]

-  *) [In 0.9.6c-engine release:]

-     Add support for crypto accelerator cards from Accelerated

-     Encryption Processing, www.aep.ie.  (Use engine 'aep')

-     [AEP Inc. and Mark Cox]

-  *) Add a configuration entry for gcc on UnixWare.

-     [Gary Benson <[email protected]>]

-  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake

-     messages are stored in a single piece (fixed-length part and

-     variable-length part combined) and fix various bugs found on the way.

-     [Bodo Moeller]

-  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()

-     instead.  BIO_gethostbyname() does not know what timeouts are

-     appropriate, so entries would stay in cache even when they have

-     become invalid.

-     [Bodo Moeller; problem pointed out by Rich Salz <[email protected]>

-  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when

-     faced with a pathologically small ClientHello fragment that does

-     not contain client_version: Instead of aborting with an error,

-     simply choose the highest available protocol version (i.e.,

-     TLS 1.0 unless it is disabled).  In practice, ClientHello

-     messages are never sent like this, but this change gives us

-     strictly correct behaviour at least for TLS.

-     [Bodo Moeller]

-  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()

-     never resets s->method to s->ctx->method when called from within

-     one of the SSL handshake functions.

-     [Bodo Moeller; problem pointed out by Niko Baric]

-  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert

-     (sent using the client's version number) if client_version is

-     smaller than the protocol version in use.  Also change

-     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if

-     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then

-     the client will at least see that alert.

-     [Bodo Moeller]

-  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation

-     correctly.

-     [Bodo Moeller]

-  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a

-     client receives HelloRequest while in a handshake.

-     [Bodo Moeller; bug noticed by Andy Schneider <[email protected]>]

-  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C

-     should end in 'break', not 'goto end' which circuments various

-     cleanups done in state SSL_ST_OK.   But session related stuff

-     must be disabled for SSL_ST_OK in the case that we just sent a

-     HelloRequest.

-     Also avoid some overhead by not calling ssl_init_wbio_buffer()

-     before just sending a HelloRequest.

-     [Bodo Moeller, Eric Rescorla <[email protected]>]

-  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't

-     reveal whether illegal block cipher padding was found or a MAC

-     verification error occured.  (Neither SSLerr() codes nor alerts

-     are directly visible to potential attackers, but the information

-     may leak via logfiles.)

-     Similar changes are not required for the SSL 2.0 implementation

-     because the number of padding bytes is sent in clear for SSL 2.0,

-     and the extra bytes are just ignored.  However ssl/s2_pkt.c

-     failed to verify that the purported number of padding bytes is in

-     the legal range.

-     [Bodo Moeller]

-  *) Add OpenUNIX-8 support including shared libraries

-     (Boyd Lynn Gerber <[email protected]>).

-     [Lutz Jaenicke]

-  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid

-     'wristwatch attack' using huge encoding parameters (cf.

-     James H. Manger's CRYPTO 2001 paper).  Note that the

-     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use

-     encoding parameters and hence was not vulnerable.

-     [Bodo Moeller]

-  *) BN_sqr() bug fix.

-     [Ulf M�ller, reported by Jim Ellis <[email protected]>]

-  *) Rabin-Miller test analyses assume uniformly distributed witnesses,

-     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()

-     followed by modular reduction.

-     [Bodo Moeller; pointed out by Adam Young <[email protected]>]

-  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()

-     equivalent based on BN_pseudo_rand() instead of BN_rand().

-     [Bodo Moeller]

-  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).

-     This function was broken, as the check for a new client hello message

-     to handle SGC did not allow these large messages.

-     (Tracked down by "Douglas E. Engert" <[email protected]>.)

-     [Lutz Jaenicke]

-  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().

-     [Lutz Jaenicke]

-  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()

-     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <[email protected]>).

-     [Lutz Jaenicke]

-  *) Rework the configuration and shared library support for Tru64 Unix.

-     The configuration part makes use of modern compiler features and

-     still retains old compiler behavior for those that run older versions

-     of the OS.  The shared library support part includes a variant that

-     uses the RPATH feature, and is available through the special

-     configuration target "alpha-cc-rpath", which will never be selected

-     automatically.

-     [Tim Mooney <[email protected]> via Richard Levitte]

-  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()

-     with the same message size as in ssl3_get_certificate_request().

-     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest

-     messages might inadvertently be reject as too long.

-     [Petr Lampa <[email protected]>]

-  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).

-     [Andy Polyakov]

-  *) Modified SSL library such that the verify_callback that has been set

-     specificly for an SSL object with SSL_set_verify() is actually being

-     used. Before the change, a verify_callback set with this function was

-     ignored and the verify_callback() set in the SSL_CTX at the time of

-     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced

-     to allow the necessary settings.

-     [Lutz Jaenicke]

-  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c

-     explicitly to NULL, as at least on Solaris 8 this seems not always to be

-     done automatically (in contradiction to the requirements of the C

-     standard). This made problems when used from OpenSSH.

-     [Lutz Jaenicke]

-  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored

-     dh->length and always used

-          BN_rand_range(priv_key, dh->p).

-     BN_rand_range() is not necessary for Diffie-Hellman, and this

-     specific range makes Diffie-Hellman unnecessarily inefficient if

-     dh->length (recommended exponent length) is much smaller than the

-     length of dh->p.  We could use BN_rand_range() if the order of

-     the subgroup was stored in the DH structure, but we only have

-     dh->length.

-     So switch back to

-          BN_rand(priv_key, l, ...)

-     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1

-     otherwise.

-     [Bodo Moeller]

-  *) In

-          RSA_eay_public_encrypt

-          RSA_eay_private_decrypt

-          RSA_eay_private_encrypt (signing)

-          RSA_eay_public_decrypt (signature verification)

-     (default implementations for RSA_public_encrypt,

-     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),

-     always reject numbers >= n.

-     [Bodo Moeller]

-  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2

-     to synchronize access to 'locking_thread'.  This is necessary on

-     systems where access to 'locking_thread' (an 'unsigned long'

-     variable) is not atomic.

-     [Bodo Moeller]

-  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID

-     *before* setting the 'crypto_lock_rand' flag.  The previous code had

-     a race condition if 0 is a valid thread ID.

-     [Travis Vitek <[email protected]>]

-  *) Add support for shared libraries under Irix.

-     [Albert Chin-A-Young <[email protected]>]

-  *) Add configuration option to build on Linux on both big-endian and

-     little-endian MIPS.

-     [Ralf Baechle <[email protected]>]

-  *) Add the possibility to create shared libraries on HP-UX.

-     [Richard Levitte]

- Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]

-  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)

-     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by

-     Markku-Juhani O. Saarinen <[email protected]>:

-     PRNG state recovery was possible based on the output of

-     one PRNG request appropriately sized to gain knowledge on

-     'md' followed by enough consecutive 1-byte PRNG requests

-     to traverse all of 'state'.

-     1. When updating 'md_local' (the current thread's copy of 'md')

-        during PRNG output generation, hash all of the previous

-        'md_local' value, not just the half used for PRNG output.

-     2. Make the number of bytes from 'state' included into the hash

-        independent from the number of PRNG bytes requested.

-     The first measure alone would be sufficient to avoid

-     Markku-Juhani's attack.  (Actually it had never occurred

-     to me that the half of 'md_local' used for chaining was the

-     half from which PRNG output bytes were taken -- I had always

-     assumed that the secret half would be used.)  The second

-     measure makes sure that additional data from 'state' is never

-     mixed into 'md_local' in small portions; this heuristically

-     further strengthens the PRNG.

-     [Bodo Moeller]

-  *) Fix crypto/bn/asm/mips3.s.

-     [Andy Polyakov]

-  *) When only the key is given to "enc", the IV is undefined. Print out

-     an error message in this case.

-     [Lutz Jaenicke]

-  *) Handle special case when X509_NAME is empty in X509 printing routines.

-     [Steve Henson]

-  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are

-     positive and less than q.

-     [Bodo Moeller]

-  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is

-     used: it isn't thread safe and the add_lock_callback should handle

-     that itself.

-     [Paul Rose <[email protected]>]

-  *) Verify that incoming data obeys the block size in

-     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).

-     [Bodo Moeller]

-  *) Fix OAEP check.

-     [Ulf M�ller, Bodo M�ller]

-  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5

-     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5

-     when fixing the server behaviour for backwards-compatible 'client

-     hello' messages.  (Note that the attack is impractical against

-     SSL 3.0 and TLS 1.0 anyway because length and version checking

-     means that the probability of guessing a valid ciphertext is

-     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98

-     paper.)

-     Before 0.9.5, the countermeasure (hide the error by generating a

-     random 'decryption result') did not work properly because

-     ERR_clear_error() was missing, meaning that SSL_get_error() would

-     detect the supposedly ignored error.

-     Both problems are now fixed.

-     [Bodo Moeller]

-  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096

-     (previously it was 1024).

-     [Bodo Moeller]

-  *) Fix for compatibility mode trust settings: ignore trust settings

-     unless some valid trust or reject settings are present.

-     [Steve Henson]

-  *) Fix for blowfish EVP: its a variable length cipher.

-     [Steve Henson]

-  *) Fix various bugs related to DSA S/MIME verification. Handle missing

-     parameters in DSA public key structures and return an error in the

-     DSA routines if parameters are absent.

-     [Steve Henson]

-  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"

-     in the current directory if neither $RANDFILE nor $HOME was set.

-     RAND_file_name() in 0.9.6a returned NULL in this case.  This has

-     caused some confusion to Windows users who haven't defined $HOME.

-     Thus RAND_file_name() is changed again: e_os.h can define a

-     DEFAULT_HOME, which will be used if $HOME is not set.

-     For Windows, we use "C:"; on other platforms, we still require

-     environment variables.

-  *) Move 'if (!initialized) RAND_poll()' into regions protected by

-     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids

-     having multiple threads call RAND_poll() concurrently.

-     [Bodo Moeller]

-  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a

-     combination of a flag and a thread ID variable.

-     Otherwise while one thread is in ssleay_rand_bytes (which sets the

-     flag), *other* threads can enter ssleay_add_bytes without obeying

-     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock

-     that they do not hold after the first thread unsets add_do_not_lock).

-     [Bodo Moeller]

-  *) Change bctest again: '-x' expressions are not available in all

-     versions of 'test'.

-     [Bodo Moeller]

- Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]

-  *) Fix a couple of memory leaks in PKCS7_dataDecode()

-     [Steve Henson, reported by Heyun Zheng <[email protected]>]

-  *) Change Configure and Makefiles to provide EXE_EXT, which will contain

-     the default extension for executables, if any.  Also, make the perl

-     scripts that use symlink() to test if it really exists and use "cp"

-     if it doesn't.  All this made OpenSSL compilable and installable in

-     CygWin.

-     [Richard Levitte]

-  *) Fix for asn1_GetSequence() for indefinite length constructed data.

-     If SEQUENCE is length is indefinite just set c->slen to the total

-     amount of data available.

-     [Steve Henson, reported by [email protected]]

-     [This change does not apply to 0.9.7.]

-  *) Change bctest to avoid here-documents inside command substitution

-     (workaround for FreeBSD /bin/sh bug).

-     For compatibility with Ultrix, avoid shell functions (introduced

-     in the bctest version that searches along $PATH).

-     [Bodo Moeller]

-  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes

-     with des_encrypt() defined on some operating systems, like Solaris

-     and UnixWare.

-     [Richard Levitte]

-  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:

-     On the Importance of Eliminating Errors in Cryptographic

-     Computations, J. Cryptology 14 (2001) 2, 101-119,

-     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).

-     [Ulf Moeller]

-  *) MIPS assembler BIGNUM division bug fix.

-     [Andy Polyakov]

-  *) Disabled incorrect Alpha assembler code.

-     [Richard Levitte]

-  *) Fix PKCS#7 decode routines so they correctly update the length

-     after reading an EOC for the EXPLICIT tag.

-     [Steve Henson]

-     [This change does not apply to 0.9.7.]

-  *) Fix bug in PKCS#12 key generation routines. This was triggered

-     if a 3DES key was generated with a 0 initial byte. Include

-     PKCS12_BROKEN_KEYGEN compilation option to retain the old

-     (but broken) behaviour.

-     [Steve Henson]

-  *) Enhance bctest to search for a working bc along $PATH and print

-     it when found.

-     [Tim Rice <[email protected]> via Richard Levitte]

-  *) Fix memory leaks in err.c: free err_data string if necessary;

-     don't write to the wrong index in ERR_set_error_data.

-     [Bodo Moeller]

-  *) Implement ssl23_peek (analogous to ssl23_read), which previously

-     did not exist.

-     [Bodo Moeller]

-  *) Replace rdtsc with _emit statements for VC++ version 5.

-     [Jeremy Cooper <[email protected]>]

-  *) Make it possible to reuse SSLv2 sessions.

-     [Richard Levitte]

-  *) In copy_email() check for >= 0 as a return value for

-     X509_NAME_get_index_by_NID() since 0 is a valid index.

-     [Steve Henson reported by Massimiliano Pala <[email protected]>]

-  *) Avoid coredump with unsupported or invalid public keys by checking if

-     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when

-     PKCS7_verify() fails with non detached data.

-     [Steve Henson]

-  *) Don't use getenv in library functions when run as setuid/setgid.

-     New function OPENSSL_issetugid().

-     [Ulf Moeller]

-  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)

-     due to incorrect handling of multi-threading:

-     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().

-     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().

-     3. Count how many times MemCheck_off() has been called so that

-        nested use can be treated correctly.  This also avoids

-        inband-signalling in the previous code (which relied on the

-        assumption that thread ID 0 is impossible).

-     [Bodo Moeller]

-  *) Add "-rand" option also to s_client and s_server.

-     [Lutz Jaenicke]

-  *) Fix CPU detection on Irix 6.x.

-     [Kurt Hockenbury <[email protected]> and

-      "Bruce W. Forsberg" <[email protected]>]

-  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME

-     was empty.

-     [Steve Henson]

-     [This change does not apply to 0.9.7.]

-  *) Use the cached encoding of an X509_NAME structure rather than

-     copying it. This is apparently the reason for the libsafe "errors"

-     but the code is actually correct.

-     [Steve Henson]

-  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent

-     Bleichenbacher's DSA attack.

-     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits

-     to be set and top=0 forces the highest bit to be set; top=-1 is new

-     and leaves the highest bit random.

-     [Ulf Moeller, Bodo Moeller]

-  *) In the NCONF_...-based implementations for CONF_... queries

-     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using

-     a temporary CONF structure with the data component set to NULL

-     (which gives segmentation faults in lh_retrieve).

-     Instead, use NULL for the CONF pointer in CONF_get_string and

-     CONF_get_number (which may use environment variables) and directly

-     return NULL from CONF_get_section.

-     [Bodo Moeller]

-  *) Fix potential buffer overrun for EBCDIC.

-     [Ulf Moeller]

-  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign

-     keyUsage if basicConstraints absent for a CA.

-     [Steve Henson]

-  *) Make SMIME_write_PKCS7() write mail header values with a format that

-     is more generally accepted (no spaces before the semicolon), since

-     some programs can't parse those values properly otherwise.  Also make

-     sure BIO's that break lines after each write do not create invalid

-     headers.

-     [Richard Levitte]

-  *) Make the CRL encoding routines work with empty SEQUENCE OF. The

-     macros previously used would not encode an empty SEQUENCE OF

-     and break the signature.

-     [Steve Henson]

-     [This change does not apply to 0.9.7.]

-  *) Zero the premaster secret after deriving the master secret in

-     DH ciphersuites.

-     [Steve Henson]

-  *) Add some EVP_add_digest_alias registrations (as found in

-     OpenSSL_add_all_digests()) to SSL_library_init()

-     aka OpenSSL_add_ssl_algorithms().  This provides improved

-     compatibility with peers using X.509 certificates

-     with unconventional AlgorithmIdentifier OIDs.

-     [Bodo Moeller]

-  *) Fix for Irix with NO_ASM.

-     ["Bruce W. Forsberg" <[email protected]>]

-  *) ./config script fixes.

-     [Ulf Moeller, Richard Levitte]

-  *) Fix 'openssl passwd -1'.

-     [Bodo Moeller]

-  *) Change PKCS12_key_gen_asc() so it can cope with non null

-     terminated strings whose length is passed in the passlen

-     parameter, for example from PEM callbacks. This was done

-     by adding an extra length parameter to asc2uni().

-     [Steve Henson, reported by <[email protected]>]

-  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn

-     call failed, free the DSA structure.

-     [Bodo Moeller]

-  *) Fix to uni2asc() to cope with zero length Unicode strings.

-     These are present in some PKCS#12 files.

-     [Steve Henson]

-  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).

-     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits

-     when writing a 32767 byte record.

-     [Bodo Moeller; problem reported by Eric Day <[email protected]>]

-  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),

-     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.

-     (RSA objects have a reference count access to which is protected

-     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],

-     so they are meant to be shared between threads.)

-     [Bodo Moeller, Geoff Thorpe; original patch submitted by

-     "Reddie, Steven" <[email protected]>]

-  *) Fix a deadlock in CRYPTO_mem_leaks().

-     [Bodo Moeller]

-  *) Use better test patterns in bntest.

-     [Ulf M�ller]

-  *) rand_win.c fix for Borland C.

-     [Ulf M�ller]

-  *) BN_rshift bugfix for n == 0.

-     [Bodo Moeller]

-  *) Add a 'bctest' script that checks for some known 'bc' bugs

-     so that 'make test' does not abort just because 'bc' is broken.

-     [Bodo Moeller]

-  *) Store verify_result within SSL_SESSION also for client side to

-     avoid potential security hole. (Re-used sessions on the client side

-     always resulted in verify_result==X509_V_OK, not using the original

-     result of the server certificate verification.)

-     [Lutz Jaenicke]

-  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type

-     SSL3_RT_APPLICATION_DATA, return 0.

-     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.

-     [Bodo Moeller]

-  *) Fix SSL_peek:

-     Both ssl2_peek and ssl3_peek, which were totally broken in earlier

-     releases, have been re-implemented by renaming the previous

-     implementations of ssl2_read and ssl3_read to ssl2_read_internal

-     and ssl3_read_internal, respectively, and adding 'peek' parameters

-     to them.  The new ssl[23]_{read,peek} functions are calls to

-     ssl[23]_read_internal with the 'peek' flag set appropriately.

-     A 'peek' parameter has also been added to ssl3_read_bytes, which

-     does the actual work for ssl3_read_internal.

-     [Bodo Moeller]

-  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling

-     the method-specific "init()" handler. Also clean up ex_data after

-     calling the method-specific "finish()" handler. Previously, this was

-     happening the other way round.

-     [Geoff Thorpe]

-  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.

-     The previous value, 12, was not always sufficient for BN_mod_exp().

-     [Bodo Moeller]

-  *) Make sure that shared libraries get the internal name engine with

-     the full version number and not just 0.  This should mark the

-     shared libraries as not backward compatible.  Of course, this should

-     be changed again when we can guarantee backward binary compatibility.

-     [Richard Levitte]

-  *) Fix typo in get_cert_by_subject() in by_dir.c

-     [Jean-Marc Desperrier <[email protected]>]

-  *) Rework the system to generate shared libraries:

-     - Make note of the expected extension for the shared libraries and

-       if there is a need for symbolic links from for example libcrypto.so.0

-       to libcrypto.so.0.9.7.  There is extended info in Configure for

-       that.

-     - Make as few rebuilds of the shared libraries as possible.

-     - Still avoid linking the OpenSSL programs with the shared libraries.

-     - When installing, install the shared libraries separately from the

-       static ones.

-     [Richard Levitte]

-  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.

-     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new

-     and not in SSL_clear because the latter is also used by the

-     accept/connect functions; previously, the settings made by

-     SSL_set_read_ahead would be lost during the handshake.

-     [Bodo Moeller; problems reported by Anders Gertz <[email protected]>]

-  *) Correct util/mkdef.pl to be selective about disabled algorithms.

-     Previously, it would create entries for disableed algorithms no

-     matter what.

-     [Richard Levitte]

-  *) Added several new manual pages for SSL_* function.

-     [Lutz Jaenicke]

- Changes between 0.9.5a and 0.9.6  [24 Sep 2000]

-  *) In ssl23_get_client_hello, generate an error message when faced

-     with an initial SSL 3.0/TLS record that is too small to contain the

-     first two bytes of the ClientHello message, i.e. client_version.

-     (Note that this is a pathologic case that probably has never happened

-     in real life.)  The previous approach was to use the version number

-     from the record header as a substitute; but our protocol choice

-     should not depend on that one because it is not authenticated

-     by the Finished messages.

-     [Bodo Moeller]

-  *) More robust randomness gathering functions for Windows.

-     [Jeffrey Altman <[email protected]>]

-  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is

-     not set then we don't setup the error code for issuer check errors

-     to avoid possibly overwriting other errors which the callback does

-     handle. If an application does set the flag then we assume it knows

-     what it is doing and can handle the new informational codes

-     appropriately.

-     [Steve Henson]

-  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for

-     a general "ANY" type, as such it should be able to decode anything

-     including tagged types. However it didn't check the class so it would

-     wrongly interpret tagged types in the same way as their universal

-     counterpart and unknown types were just rejected. Changed so that the

-     tagged and unknown types are handled in the same way as a SEQUENCE:

-     that is the encoding is stored intact. There is also a new type

-     "V_ASN1_OTHER" which is used when the class is not universal, in this

-     case we have no idea what the actual type is so we just lump them all

-     together.

-     [Steve Henson]

-  *) On VMS, stdout may very well lead to a file that is written to

-     in a record-oriented fashion.  That means that every write() will

-     write a separate record, which will be read separately by the

-     programs trying to read from it.  This can be very confusing.

-     The solution is to put a BIO filter in the way that will buffer

-     text until a linefeed is reached, and then write everything a

-     line at a time, so every record written will be an actual line,

-     not chunks of lines and not (usually doesn't happen, but I've

-     seen it once) several lines in one record.  BIO_f_linebuffer() is

-     the answer.

-     Currently, it's a VMS-only method, because that's where it has

-     been tested well enough.

-     [Richard Levitte]

-  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,

-     it can return incorrect results.

-     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,

-     but it was in 0.9.6-beta[12].)

-     [Bodo Moeller]

-  *) Disable the check for content being present when verifying detached

-     signatures in pk7_smime.c. Some versions of Netscape (wrongly)

-     include zero length content when signing messages.

-     [Steve Henson]

-  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR

-     BIO_ctrl (for BIO pairs).

-     [Bodo M�ller]

-  *) Add DSO method for VMS.

-     [Richard Levitte]

-  *) Bug fix: Montgomery multiplication could produce results with the

-     wrong sign.

-     [Ulf M�ller]

-  *) Add RPM specification openssl.spec and modify it to build three

-     packages.  The default package contains applications, application

-     documentation and run-time libraries.  The devel package contains

-     include files, static libraries and function documentation.  The

-     doc package contains the contents of the doc directory.  The original

-     openssl.spec was provided by Damien Miller <[email protected]>.

-     [Richard Levitte]

-  *) Add a large number of documentation files for many SSL routines.

-     [Lutz Jaenicke <[email protected]>]

-  *) Add a configuration entry for Sony News 4.

-     [NAKAJI Hiroyuki <[email protected]>]

-  *) Don't set the two most significant bits to one when generating a

-     random number < q in the DSA library.

-     [Ulf M�ller]

-  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default

-     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if

-     the underlying transport is blocking) if a handshake took place.

-     (The default behaviour is needed by applications such as s_client

-     and s_server that use select() to determine when to use SSL_read;

-     but for applications that know in advance when to expect data, it

-     just makes things more complicated.)

-     [Bodo Moeller]

-  *) Add RAND_egd_bytes(), which gives control over the number of bytes read

-     from EGD.

-     [Ben Laurie]

-  *) Add a few more EBCDIC conditionals that make `req' and `x509'

-     work better on such systems.

-     [Martin Kraemer <[email protected]>]

-  *) Add two demo programs for PKCS12_parse() and PKCS12_create().

-     Update PKCS12_parse() so it copies the friendlyName and the

-     keyid to the certificates aux info.

-     [Steve Henson]

-  *) Fix bug in PKCS7_verify() which caused an infinite loop

-     if there was more than one signature.

-     [Sven Uszpelkat <[email protected]>]

-  *) Major change in util/mkdef.pl to include extra information

-     about each symbol, as well as presentig variables as well

-     as functions.  This change means that there's n more need

-     to rebuild the .num files when some algorithms are excluded.

-     [Richard Levitte]

-  *) Allow the verify time to be set by an application,

-     rather than always using the current time.

-     [Steve Henson]

-  *) Phase 2 verify code reorganisation. The certificate

-     verify code now looks up an issuer certificate by a

-     number of criteria: subject name, authority key id

-     and key usage. It also verifies self signed certificates

-     by the same criteria. The main comparison function is

-     X509_check_issued() which performs these checks.

-     Lot of changes were necessary in order to support this

-     without completely rewriting the lookup code.

-     Authority and subject key identifier are now cached.

-     The LHASH 'certs' is X509_STORE has now been replaced

-     by a STACK_OF(X509_OBJECT). This is mainly because an

-     LHASH can't store or retrieve multiple objects with

-     the same hash value.

-     As a result various functions (which were all internal

-     use only) have changed to handle the new X509_STORE

-     structure. This will break anything that messed round

-     with X509_STORE internally.

-     The functions X509_STORE_add_cert() now checks for an

-     exact match, rather than just subject name.

-     The X509_STORE API doesn't directly support the retrieval

-     of multiple certificates matching a given criteria, however

-     this can be worked round by performing a lookup first

-     (which will fill the cache with candidate certificates)

-     and then examining the cache for matches. This is probably

-     the best we can do without throwing out X509_LOOKUP

-     entirely (maybe later...).

-     The X509_VERIFY_CTX structure has been enhanced considerably.

-     All certificate lookup operations now go via a get_issuer()

-     callback. Although this currently uses an X509_STORE it

-     can be replaced by custom lookups. This is a simple way

-     to bypass the X509_STORE hackery necessary to make this

-     work and makes it possible to use more efficient techniques

-     in future. A very simple version which uses a simple

-     STACK for its trusted certificate store is also provided

-     using X509_STORE_CTX_trusted_stack().

-     The verify_cb() and verify() callbacks now have equivalents

-     in the X509_STORE_CTX structure.

-     X509_STORE_CTX also has a 'flags' field which can be used

-     to customise the verify behaviour.

-     [Steve Henson]

-  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which

-     excludes S/MIME capabilities.

-     [Steve Henson]

-  *) When a certificate request is read in keep a copy of the

-     original encoding of the signed data and use it when outputing

-     again. Signatures then use the original encoding rather than

-     a decoded, encoded version which may cause problems if the

-     request is improperly encoded.

-     [Steve Henson]

-  *) For consistency with other BIO_puts implementations, call

-     buffer_write(b, ...) directly in buffer_puts instead of calling

-     BIO_write(b, ...).

-     In BIO_puts, increment b->num_write as in BIO_write.

-     [[email protected]]

-  *) Fix BN_mul_word for the case where the word is 0. (We have to use

-     BN_zero, we may not return a BIGNUM with an array consisting of

-     words set to zero.)

-     [Bodo Moeller]

-  *) Avoid calling abort() from within the library when problems are

-     detected, except if preprocessor symbols have been defined

-     (such as REF_CHECK, BN_DEBUG etc.).

-     [Bodo Moeller]

-  *) New openssl application 'rsautl'. This utility can be

-     used for low level RSA operations. DER public key

-     BIO/fp routines also added.

-     [Steve Henson]

-  *) New Configure entry and patches for compiling on QNX 4.

-     [Andreas Schneider <[email protected]>]

-  *) A demo state-machine implementation was sponsored by

-     Nuron (http://www.nuron.com/) and is now available in

-     demos/state_machine.

-     [Ben Laurie]

-  *) New options added to the 'dgst' utility for signature

-     generation and verification.

-     [Steve Henson]

-  *) Unrecognized PKCS#7 content types are now handled via a

-     catch all ASN1_TYPE structure. This allows unsupported

-     types to be stored as a "blob" and an application can

-     encode and decode it manually.

-     [Steve Henson]

-  *) Fix various signed/unsigned issues to make a_strex.c

-     compile under VC++.

-     [Oscar Jacobsson <[email protected]>]

-  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct

-     length if passed a buffer. ASN1_INTEGER_to_BN failed

-     if passed a NULL BN and its argument was negative.

-     [Steve Henson, pointed out by Sven Heiberg <[email protected]>]

-  *) Modification to PKCS#7 encoding routines to output definite

-     length encoding. Since currently the whole structures are in

-     memory there's not real point in using indefinite length

-     constructed encoding. However if OpenSSL is compiled with

-     the flag PKCS7_INDEFINITE_ENCODING the old form is used.

-     [Steve Henson]

-  *) Added BIO_vprintf() and BIO_vsnprintf().

-     [Richard Levitte]

-  *) Added more prefixes to parse for in the the strings written

-     through a logging bio, to cover all the levels that are available

-     through syslog.  The prefixes are now:

-	PANIC, EMERG, EMR	=>	LOG_EMERG

-	ALERT, ALR		=>	LOG_ALERT

-	CRIT, CRI		=>	LOG_CRIT

-	ERROR, ERR		=>	LOG_ERR

-	WARNING, WARN, WAR	=>	LOG_WARNING

-	NOTICE, NOTE, NOT	=>	LOG_NOTICE

-	INFO, INF		=>	LOG_INFO

-	DEBUG, DBG		=>	LOG_DEBUG

-     and as before, if none of those prefixes are present at the

-     beginning of the string, LOG_ERR is chosen.

-     On Win32, the LOG_* levels are mapped according to this:

-	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE

-	LOG_WARNING				=> EVENTLOG_WARNING_TYPE

-	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE

-     [Richard Levitte]

-  *) Made it possible to reconfigure with just the configuration

-     argument "reconf" or "reconfigure".  The command line arguments

-     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,

-     and are retrieved from there when reconfiguring.

-     [Richard Levitte]

-  *) MD4 implemented.

-     [Assar Westerlund <[email protected]>, Richard Levitte]

-  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.

-     [Richard Levitte]

-  *) The obj_dat.pl script was messing up the sorting of object

-     names. The reason was that it compared the quoted version

-     of strings as a result "OCSP" > "OCSP Signing" because

-     " > SPACE. Changed script to store unquoted versions of

-     names and add quotes on output. It was also omitting some

-     names from the lookup table if they were given a default

-     value (that is if SN is missing it is given the same

-     value as LN and vice versa), these are now added on the

-     grounds that if an object has a name we should be able to

-     look it up. Finally added warning output when duplicate

-     short or long names are found.

-     [Steve Henson]

-  *) Changes needed for Tandem NSK.

-     [Scott Uroff <[email protected]>]

-  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in

-     RSA_padding_check_SSLv23(), special padding was never detected

-     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol

-     version rollback attacks was not effective.

-     In s23_clnt.c, don't use special rollback-attack detection padding

-     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the

-     client; similarly, in s23_srvr.c, don't do the rollback check if

-     SSL 2.0 is the only protocol enabled in the server.

-     [Bodo Moeller]

-  *) Make it possible to get hexdumps of unprintable data with 'openssl

-     asn1parse'.  By implication, the functions ASN1_parse_dump() and

-     BIO_dump_indent() are added.

-     [Richard Levitte]

-  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()

-     these print out strings and name structures based on various

-     flags including RFC2253 support and proper handling of

-     multibyte characters. Added options to the 'x509' utility

-     to allow the various flags to be set.

-     [Steve Henson]

-  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.

-     Also change the functions X509_cmp_current_time() and

-     X509_gmtime_adj() work with an ASN1_TIME structure,

-     this will enable certificates using GeneralizedTime in validity

-     dates to be checked.

-     [Steve Henson]

-  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid

-     negative public key encodings) on by default,

-     NO_NEG_PUBKEY_BUG can be set to disable it.

-     [Steve Henson]

-  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT

-     content octets. An i2c_ASN1_OBJECT is unnecessary because

-     the encoding can be trivially obtained from the structure.

-     [Steve Henson]

-  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),

-     not read locks (CRYPTO_r_[un]lock).

-     [Bodo Moeller]

-  *) A first attempt at creating official support for shared

-     libraries through configuration.  I've kept it so the

-     default is static libraries only, and the OpenSSL programs

-     are always statically linked for now, but there are

-     preparations for dynamic linking in place.

-     This has been tested on Linux and Tru64.

-     [Richard Levitte]

-  *) Randomness polling function for Win9x, as described in:

-     Peter Gutmann, Software Generation of Practically Strong

-     Random Numbers.

-     [Ulf M�ller]

-  *) Fix so PRNG is seeded in req if using an already existing

-     DSA key.

-     [Steve Henson]

-  *) New options to smime application. -inform and -outform

-     allow alternative formats for the S/MIME message including

-     PEM and DER. The -content option allows the content to be

-     specified separately. This should allow things like Netscape

-     form signing output easier to verify.

-     [Steve Henson]

-  *) Fix the ASN1 encoding of tags using the 'long form'.

-     [Steve Henson]

-  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT

-     STRING types. These convert content octets to and from the

-     underlying type. The actual tag and length octets are

-     already assumed to have been read in and checked. These

-     are needed because all other string types have virtually

-     identical handling apart from the tag. By having versions

-     of the ASN1 functions that just operate on content octets

-     IMPLICIT tagging can be handled properly. It also allows

-     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED

-     and ASN1_INTEGER are identical apart from the tag.

-     [Steve Henson]

-  *) Change the handling of OID objects as follows:

-     - New object identifiers are inserted in objects.txt, following

-       the syntax given in objects.README.

-     - objects.pl is used to process obj_mac.num and create a new

-       obj_mac.h.

-     - obj_dat.pl is used to create a new obj_dat.h, using the data in

-       obj_mac.h.

-     This is currently kind of a hack, and the perl code in objects.pl

-     isn't very elegant, but it works as I intended.  The simplest way

-     to check that it worked correctly is to look in obj_dat.h and

-     check the array nid_objs and make sure the objects haven't moved

-     around (this is important!).  Additions are OK, as well as

-     consistent name changes.

-     [Richard Levitte]

-  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').

-     [Bodo Moeller]

-  *) Addition of the command line parameter '-rand file' to 'openssl req'.

-     The given file adds to whatever has already been seeded into the

-     random pool through the RANDFILE configuration file option or

-     environment variable, or the default random state file.

-     [Richard Levitte]

-  *) mkstack.pl now sorts each macro group into lexical order.

-     Previously the output order depended on the order the files

-     appeared in the directory, resulting in needless rewriting

-     of safestack.h .

-     [Steve Henson]

-  *) Patches to make OpenSSL compile under Win32 again. Mostly

-     work arounds for the VC++ problem that it treats func() as

-     func(void). Also stripped out the parts of mkdef.pl that

-     added extra typesafe functions: these no longer exist.

-     [Steve Henson]

-  *) Reorganisation of the stack code. The macros are now all

-     collected in safestack.h . Each macro is defined in terms of

-     a "stack macro" of the form SKM_<name>(type, a, b). The

-     DEBUG_SAFESTACK is now handled in terms of function casts,

-     this has the advantage of retaining type safety without the

-     use of additional functions. If DEBUG_SAFESTACK is not defined

-     then the non typesafe macros are used instead. Also modified the

-     mkstack.pl script to handle the new form. Needs testing to see

-     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK

-     the default if no major problems. Similar behaviour for ASN1_SET_OF

-     and PKCS12_STACK_OF.

-     [Steve Henson]

-  *) When some versions of IIS use the 'NET' form of private key the

-     key derivation algorithm is different. Normally MD5(password) is

-     used as a 128 bit RC4 key. In the modified case

-     MD5(MD5(password) + "SGCKEYSALT")  is used insted. Added some

-     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same

-     as the old Netscape_RSA functions except they have an additional

-     'sgckey' parameter which uses the modified algorithm. Also added

-     an -sgckey command line option to the rsa utility. Thanks to

-     Adrian Peck <[email protected]> for posting details of the modified

-     algorithm to openssl-dev.

-     [Steve Henson]

-  *) The evp_local.h macros were using 'c.##kname' which resulted in

-     invalid expansion on some systems (SCO 5.0.5 for example).

-     Corrected to 'c.kname'.

-     [Phillip Porch <[email protected]>]

-  *) New X509_get1_email() and X509_REQ_get1_email() functions that return

-     a STACK of email addresses from a certificate or request, these look

-     in the subject name and the subject alternative name extensions and

-     omit any duplicate addresses.

-     [Steve Henson]

-  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.

-     This makes DSA verification about 2 % faster.

-     [Bodo Moeller]

-  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5

-     (meaning that now 2^5 values will be precomputed, which is only 4 KB

-     plus overhead for 1024 bit moduli).

-     This makes exponentiations about 0.5 % faster for 1024 bit

-     exponents (as measured by "openssl speed rsa2048").

-     [Bodo Moeller]

-  *) Rename memory handling macros to avoid conflicts with other

-     software:

-          Malloc         =>  OPENSSL_malloc

-          Malloc_locked  =>  OPENSSL_malloc_locked

-          Realloc        =>  OPENSSL_realloc

-          Free           =>  OPENSSL_free

-     [Richard Levitte]

-  *) New function BN_mod_exp_mont_word for small bases (roughly 15%

-     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).

-     [Bodo Moeller]

-  *) CygWin32 support.

-     [John Jarvie <[email protected]>]

-  *) The type-safe stack code has been rejigged. It is now only compiled

-     in when OpenSSL is configured with the DEBUG_SAFESTACK option and

-     by default all type-specific stack functions are "#define"d back to

-     standard stack functions. This results in more streamlined output

-     but retains the type-safety checking possibilities of the original

-     approach.

-     [Geoff Thorpe]

-  *) The STACK code has been cleaned up, and certain type declarations

-     that didn't make a lot of sense have been brought in line. This has

-     also involved a cleanup of sorts in safestack.h to more correctly

-     map type-safe stack functions onto their plain stack counterparts.

-     This work has also resulted in a variety of "const"ifications of

-     lots of the code, especially "_cmp" operations which should normally

-     be prototyped with "const" parameters anyway.

-     [Geoff Thorpe]

-  *) When generating bytes for the first time in md_rand.c, 'stir the pool'

-     by seeding with STATE_SIZE dummy bytes (with zero entropy count).

-     (The PRNG state consists of two parts, the large pool 'state' and 'md',

-     where all of 'md' is used each time the PRNG is used, but 'state'

-     is used only indexed by a cyclic counter. As entropy may not be

-     well distributed from the beginning, 'md' is important as a

-     chaining variable. However, the output function chains only half

-     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains

-     all of 'md', and seeding with STATE_SIZE dummy bytes will result

-     in all of 'state' being rewritten, with the new values depending

-     on virtually all of 'md'.  This overcomes the 80 bit limitation.)

-     [Bodo Moeller]

-  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when

-     the handshake is continued after ssl_verify_cert_chain();

-     otherwise, if SSL_VERIFY_NONE is set, remaining error codes

-     can lead to 'unexplainable' connection aborts later.

-     [Bodo Moeller; problem tracked down by Lutz Jaenicke]

-  *) Major EVP API cipher revision.

-     Add hooks for extra EVP features. This allows various cipher

-     parameters to be set in the EVP interface. Support added for variable

-     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and

-     setting of RC2 and RC5 parameters.

-     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length

-     ciphers.

-     Remove lots of duplicated code from the EVP library. For example *every*

-     cipher init() function handles the 'iv' in the same way according to the

-     cipher mode. They also all do nothing if the 'key' parameter is NULL and

-     for CFB and OFB modes they zero ctx->num.

-     New functionality allows removal of S/MIME code RC2 hack.

-     Most of the routines have the same form and so can be declared in terms

-     of macros.

-     By shifting this to the top level EVP_CipherInit() it can be removed from

-     all individual ciphers. If the cipher wants to handle IVs or keys

-     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT

-     flags.

-     Change lots of functions like EVP_EncryptUpdate() to now return a

-     value: although software versions of the algorithms cannot fail

-     any installed hardware versions can.

-     [Steve Henson]

-  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if

-     this option is set, tolerate broken clients that send the negotiated

-     protocol version number instead of the requested protocol version

-     number.

-     [Bodo Moeller]

-  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;

-     i.e. non-zero for export ciphersuites, zero otherwise.

-     Previous versions had this flag inverted, inconsistent with

-     rsa_tmp_cb (..._TMP_RSA_CB).

-     [Bodo Moeller; problem reported by Amit Chopra]

-  *) Add missing DSA library text string. Work around for some IIS

-     key files with invalid SEQUENCE encoding.

-     [Steve Henson]

-  *) Add a document (doc/standards.txt) that list all kinds of standards

-     and so on that are implemented in OpenSSL.

-     [Richard Levitte]

-  *) Enhance c_rehash script. Old version would mishandle certificates

-     with the same subject name hash and wouldn't handle CRLs at all.

-     Added -fingerprint option to crl utility, to support new c_rehash

-     features.

-     [Steve Henson]

-  *) Eliminate non-ANSI declarations in crypto.h and stack.h.

-     [Ulf M�ller]

-  *) Fix for SSL server purpose checking. Server checking was

-     rejecting certificates which had extended key usage present

-     but no ssl client purpose.

-     [Steve Henson, reported by Rene Grosser <[email protected]>]

-  *) Make PKCS#12 code work with no password. The PKCS#12 spec

-     is a little unclear about how a blank password is handled.

-     Since the password in encoded as a BMPString with terminating

-     double NULL a zero length password would end up as just the

-     double NULL. However no password at all is different and is

-     handled differently in the PKCS#12 key generation code. NS

-     treats a blank password as zero length. MSIE treats it as no

-     password on export: but it will try both on import. We now do

-     the same: PKCS12_parse() tries zero length and no password if

-     the password is set to "" or NULL (NULL is now a valid password:

-     it wasn't before) as does the pkcs12 application.

-     [Steve Henson]

-  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use

-     perror when PEM_read_bio_X509_REQ fails, the error message must

-     be obtained from the error queue.

-     [Bodo Moeller]

-  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing

-     it in ERR_remove_state if appropriate, and change ERR_get_state

-     accordingly to avoid race conditions (this is necessary because

-     thread_hash is no longer constant once set).

-     [Bodo Moeller]

-  *) Bugfix for linux-elf makefile.one.

-     [Ulf M�ller]

-  *) RSA_get_default_method() will now cause a default

-     RSA_METHOD to be chosen if one doesn't exist already.

-     Previously this was only set during a call to RSA_new()

-     or RSA_new_method(NULL) meaning it was possible for

-     RSA_get_default_method() to return NULL.

-     [Geoff Thorpe]

-  *) Added native name translation to the existing DSO code

-     that will convert (if the flag to do so is set) filenames

-     that are sufficiently small and have no path information

-     into a canonical native form. Eg. "blah" converted to

-     "libblah.so" or "blah.dll" etc.

-     [Geoff Thorpe]

-  *) New function ERR_error_string_n(e, buf, len) which is like

-     ERR_error_string(e, buf), but writes at most 'len' bytes

-     including the 0 terminator.  For ERR_error_string_n, 'buf'

-     may not be NULL.

-     [Damien Miller <[email protected]>, Bodo Moeller]

-  *) CONF library reworked to become more general.  A new CONF

-     configuration file reader "class" is implemented as well as a

-     new functions (NCONF_*, for "New CONF") to handle it.  The now

-     old CONF_* functions are still there, but are reimplemented to

-     work in terms of the new functions.  Also, a set of functions

-     to handle the internal storage of the configuration data is

-     provided to make it easier to write new configuration file

-     reader "classes" (I can definitely see something reading a

-     configuration file in XML format, for example), called _CONF_*,

-     or "the configuration storage API"...

-     The new configuration file reading functions are:

-        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,

-        NCONF_get_section, NCONF_get_string, NCONF_get_numbre

-        NCONF_default, NCONF_WIN32

-        NCONF_dump_fp, NCONF_dump_bio

-     NCONF_default and NCONF_WIN32 are method (or "class") choosers,

-     NCONF_new creates a new CONF object.  This works in the same way

-     as other interfaces in OpenSSL, like the BIO interface.

-     NCONF_dump_* dump the internal storage of the configuration file,

-     which is useful for debugging.  All other functions take the same

-     arguments as the old CONF_* functions wth the exception of the

-     first that must be a `CONF *' instead of a `LHASH *'.

-     To make it easer to use the new classes with the old CONF_* functions,

-     the function CONF_set_default_method is provided.

-     [Richard Levitte]

-  *) Add '-tls1' option to 'openssl ciphers', which was already

-     mentioned in the documentation but had not been implemented.

-     (This option is not yet really useful because even the additional

-     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)

-     [Bodo Moeller]

-  *) Initial DSO code added into libcrypto for letting OpenSSL (and

-     OpenSSL-based applications) load shared libraries and bind to

-     them in a portable way.

-     [Geoff Thorpe, with contributions from Richard Levitte]

- Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]

-  *) Make sure _lrotl and _lrotr are only used with MSVC.

-  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status

-     (the default implementation of RAND_status).

-  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,

-     to '-clrext' (= clear extensions), as intended and documented.

-     [Bodo Moeller; inconsistency pointed out by Michael Attili

-     <[email protected]>]

-  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length

-     was larger than the MD block size.

-     [Steve Henson, pointed out by Yost William <[email protected]>]

-  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument

-     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()

-     using the passed key: if the passed key was a private key the result

-     of X509_print(), for example, would be to print out all the private key

-     components.

-     [Steve Henson]

-  *) des_quad_cksum() byte order bug fix.

-     [Ulf M�ller, using the problem description in krb4-0.9.7, where

-      the solution is attributed to Derrick J Brashear <[email protected]>]

-  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly

-     discouraged.

-     [Steve Henson, pointed out by Brian Korver <[email protected]>]

-  *) For easily testing in shell scripts whether some command

-     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'

-     returns with exit code 0 iff no command of the given name is available.

-     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,

-     the output goes to stdout and nothing is printed to stderr.

-     Additional arguments are always ignored.

-     Since for each cipher there is a command of the same name,

-     the 'no-cipher' compilation switches can be tested this way.

-     ('openssl no-XXX' is not able to detect pseudo-commands such

-     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)

-     [Bodo Moeller]

-  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.

-     [Bodo Moeller]

-  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE

-     is set; it will be thrown away anyway because each handshake creates

-     its own key.

-     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition

-     to parameters -- in previous versions (since OpenSSL 0.9.3) the

-     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining

-     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.

-     [Bodo Moeller]

-  *) New s_client option -ign_eof: EOF at stdin is ignored, and

-     'Q' and 'R' lose their special meanings (quit/renegotiate).

-     This is part of what -quiet does; unlike -quiet, -ign_eof

-     does not suppress any output.

-     [Richard Levitte]

-  *) Add compatibility options to the purpose and trust code. The

-     purpose X509_PURPOSE_ANY is "any purpose" which automatically

-     accepts a certificate or CA, this was the previous behaviour,

-     with all the associated security issues.

-     X509_TRUST_COMPAT is the old trust behaviour: only and

-     automatically trust self signed roots in certificate store. A

-     new trust setting X509_TRUST_DEFAULT is used to specify that

-     a purpose has no associated trust setting and it should instead

-     use the value in the default purpose.

-     [Steve Henson]

-  *) Fix the PKCS#8 DSA private key code so it decodes keys again

-     and fix a memory leak.

-     [Steve Henson]

-  *) In util/mkerr.pl (which implements 'make errors'), preserve

-     reason strings from the previous version of the .c file, as

-     the default to have only downcase letters (and digits) in

-     automatically generated reasons codes is not always appropriate.

-     [Bodo Moeller]

-  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table

-     using strerror.  Previously, ERR_reason_error_string() returned

-     library names as reason strings for SYSerr; but SYSerr is a special

-     case where small numbers are errno values, not library numbers.

-     [Bodo Moeller]

-  *) Add '-dsaparam' option to 'openssl dhparam' application.  This

-     converts DSA parameters into DH parameters. (When creating parameters,

-     DSA_generate_parameters is used.)

-     [Bodo Moeller]

-  *) Include 'length' (recommended exponent length) in C code generated

-     by 'openssl dhparam -C'.

-     [Bodo Moeller]

-  *) The second argument to set_label in perlasm was already being used

-     so couldn't be used as a "file scope" flag. Moved to third argument

-     which was free.

-     [Steve Henson]

-  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes

-     instead of RAND_bytes for encryption IVs and salts.

-     [Bodo Moeller]

-  *) Include RAND_status() into RAND_METHOD instead of implementing

-     it only for md_rand.c  Otherwise replacing the PRNG by calling

-     RAND_set_rand_method would be impossible.

-     [Bodo Moeller]

-  *) Don't let DSA_generate_key() enter an infinite loop if the random

-     number generation fails.

-     [Bodo Moeller]

-  *) New 'rand' application for creating pseudo-random output.

-     [Bodo Moeller]

-  *) Added configuration support for Linux/IA64

-     [Rolf Haberrecker <[email protected]>]

-  *) Assembler module support for Mingw32.

-     [Ulf M�ller]

-  *) Shared library support for HPUX (in shlib/).

-     [Lutz Jaenicke <[email protected]> and Anonymous]

-  *) Shared library support for Solaris gcc.

-     [Lutz Behnke <[email protected]>]

- Changes between 0.9.4 and 0.9.5  [28 Feb 2000]

-  *) PKCS7_encrypt() was adding text MIME headers twice because they

-     were added manually and by SMIME_crlf_copy().

-     [Steve Henson]

-  *) In bntest.c don't call BN_rand with zero bits argument.

-     [Steve Henson, pointed out by Andrew W. Gray <[email protected]>]

-  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]

-     case was implemented. This caused BN_div_recp() to fail occasionally.

-     [Ulf M�ller]

-  *) Add an optional second argument to the set_label() in the perl

-     assembly language builder. If this argument exists and is set

-     to 1 it signals that the assembler should use a symbol whose

-     scope is the entire file, not just the current function. This

-     is needed with MASM which uses the format label:: for this scope.

-     [Steve Henson, pointed out by Peter Runestig <[email protected]>]

-  *) Change the ASN1 types so they are typedefs by default. Before

-     almost all types were #define'd to ASN1_STRING which was causing

-     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)

-     for example.

-     [Steve Henson]

-  *) Change names of new functions to the new get1/get0 naming

-     convention: After 'get1', the caller owns a reference count

-     and has to call ..._free; 'get0' returns a pointer to some

-     data structure without incrementing reference counters.

-     (Some of the existing 'get' functions increment a reference

-     counter, some don't.)

-     Similarly, 'set1' and 'add1' functions increase reference

-     counters or duplicate objects.

-     [Steve Henson]

-  *) Allow for the possibility of temp RSA key generation failure:

-     the code used to assume it always worked and crashed on failure.

-     [Steve Henson]

-  *) Fix potential buffer overrun problem in BIO_printf().

-     [Ulf M�ller, using public domain code by Patrick Powell; problem

-      pointed out by David Sacerdote <[email protected]>]

-  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions

-     RAND_egd() and RAND_status().  In the command line application,

-     the EGD socket can be specified like a seed file using RANDFILE

-     or -rand.

-     [Ulf M�ller]

-  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.

-     Some CAs (e.g. Verisign) distribute certificates in this form.

-     [Steve Henson]

-  *) Remove the SSL_ALLOW_ADH compile option and set the default cipher

-     list to exclude them. This means that no special compilation option

-     is needed to use anonymous DH: it just needs to be included in the

-     cipher list.

-     [Steve Henson]

-  *) Change the EVP_MD_CTX_type macro so its meaning consistent with

-     EVP_MD_type. The old functionality is available in a new macro called

-     EVP_MD_md(). Change code that uses it and update docs.

-     [Steve Henson]

-  *) ..._ctrl functions now have corresponding ..._callback_ctrl functions

-     where the 'void *' argument is replaced by a function pointer argument.

-     Previously 'void *' was abused to point to functions, which works on

-     many platforms, but is not correct.  As these functions are usually

-     called by macros defined in OpenSSL header files, most source code

-     should work without changes.

-     [Richard Levitte]

-  *) <openssl/opensslconf.h> (which is created by Configure) now contains

-     sections with information on -D... compiler switches used for

-     compiling the library so that applications can see them.  To enable

-     one of these sections, a pre-processor symbol OPENSSL_..._DEFINES

-     must be defined.  E.g.,

-        #define OPENSSL_ALGORITHM_DEFINES

-        #include <openssl/opensslconf.h>

-     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.

-     [Richard Levitte, Ulf and Bodo M�ller]

-  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS

-     record layer.

-     [Bodo Moeller]

-  *) Change the 'other' type in certificate aux info to a STACK_OF

-     X509_ALGOR. Although not an AlgorithmIdentifier as such it has

-     the required ASN1 format: arbitrary types determined by an OID.

-     [Steve Henson]

-  *) Add some PEM_write_X509_REQ_NEW() functions and a command line

-     argument to 'req'. This is not because the function is newer or

-     better than others it just uses the work 'NEW' in the certificate

-     request header lines. Some software needs this.

-     [Steve Henson]

-  *) Reorganise password command line arguments: now passwords can be

-     obtained from various sources. Delete the PEM_cb function and make

-     it the default behaviour: i.e. if the callback is NULL and the

-     usrdata argument is not NULL interpret it as a null terminated pass

-     phrase. If usrdata and the callback are NULL then the pass phrase

-     is prompted for as usual.

-     [Steve Henson]

-  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,

-     the support is automatically enabled. The resulting binaries will

-     autodetect the card and use it if present.

-     [Ben Laurie and Compaq Inc.]

-  *) Work around for Netscape hang bug. This sends certificate request

-     and server done in one record. Since this is perfectly legal in the

-     SSL/TLS protocol it isn't a "bug" option and is on by default. See

-     the bugs/SSLv3 entry for more info.

-     [Steve Henson]

-  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.

-     [Andy Polyakov]

-  *) Add -rand argument to smime and pkcs12 applications and read/write

-     of seed file.

-     [Steve Henson]

-  *) New 'passwd' tool for crypt(3) and apr1 password hashes.

-     [Bodo Moeller]

-  *) Add command line password options to the remaining applications.

-     [Steve Henson]

-  *) Bug fix for BN_div_recp() for numerators with an even number of

-     bits.

-     [Ulf M�ller]

-  *) More tests in bntest.c, and changed test_bn output.

-     [Ulf M�ller]

-  *) ./config recognizes MacOS X now.

-     [Andy Polyakov]

-  *) Bug fix for BN_div() when the first words of num and divsor are

-     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).

-     [Ulf M�ller]

-  *) Add support for various broken PKCS#8 formats, and command line

-     options to produce them.

-     [Steve Henson]

-  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to

-     get temporary BIGNUMs from a BN_CTX.

-     [Ulf M�ller]

-  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()

-     for p == 0.

-     [Ulf M�ller]

-  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and

-     include a #define from the old name to the new. The original intent

-     was that statically linked binaries could for example just call

-     SSLeay_add_all_ciphers() to just add ciphers to the table and not

-     link with digests. This never worked becayse SSLeay_add_all_digests()

-     and SSLeay_add_all_ciphers() were in the same source file so calling

-     one would link with the other. They are now in separate source files.

-     [Steve Henson]

-  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.

-     [Steve Henson]

-  *) Use a less unusual form of the Miller-Rabin primality test (it used

-     a binary algorithm for exponentiation integrated into the Miller-Rabin

-     loop, our standard modexp algorithms are faster).

-     [Bodo Moeller]

-  *) Support for the EBCDIC character set completed.

-     [Martin Kraemer <[email protected]>]

-  *) Source code cleanups: use const where appropriate, eliminate casts,

-     use void * instead of char * in lhash.

-     [Ulf M�ller]

-  *) Bugfix: ssl3_send_server_key_exchange was not restartable

-     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of

-     this the server could overwrite ephemeral keys that the client

-     has already seen).

-     [Bodo Moeller]

-  *) Turn DSA_is_prime into a macro that calls BN_is_prime,

-     using 50 iterations of the Rabin-Miller test.

-     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50

-     iterations of the Rabin-Miller test as required by the appendix

-     to FIPS PUB 186[-1]) instead of DSA_is_prime.

-     As BN_is_prime_fasttest includes trial division, DSA parameter

-     generation becomes much faster.

-     This implies a change for the callback functions in DSA_is_prime

-     and DSA_generate_parameters: The callback function is called once

-     for each positive witness in the Rabin-Miller test, not just

-     occasionally in the inner loop; and the parameters to the

-     callback function now provide an iteration count for the outer

-     loop rather than for the current invocation of the inner loop.

-     DSA_generate_parameters additionally can call the callback

-     function with an 'iteration count' of -1, meaning that a

-     candidate has passed the trial division test (when q is generated

-     from an application-provided seed, trial division is skipped).

-     [Bodo Moeller]

-  *) New function BN_is_prime_fasttest that optionally does trial

-     division before starting the Rabin-Miller test and has

-     an additional BN_CTX * argument (whereas BN_is_prime always

-     has to allocate at least one BN_CTX).

-     'callback(1, -1, cb_arg)' is called when a number has passed the

-     trial division stage.

-     [Bodo Moeller]

-  *) Fix for bug in CRL encoding. The validity dates weren't being handled

-     as ASN1_TIME.

-     [Steve Henson]

-  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.

-     [Steve Henson]

-  *) New function BN_pseudo_rand().

-     [Ulf M�ller]

-  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)

-     bignum version of BN_from_montgomery() with the working code from

-     SSLeay 0.9.0 (the word based version is faster anyway), and clean up

-     the comments.

-     [Ulf M�ller]

-  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that

-     made it impossible to use the same SSL_SESSION data structure in

-     SSL2 clients in multiple threads.

-     [Bodo Moeller]

-  *) The return value of RAND_load_file() no longer counts bytes obtained

-     by stat().  RAND_load_file(..., -1) is new and uses the complete file

-     to seed the PRNG (previously an explicit byte count was required).

-     [Ulf M�ller, Bodo M�ller]

-  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes

-     used (char *) instead of (void *) and had casts all over the place.

-     [Steve Henson]

-  *) Make BN_generate_prime() return NULL on error if ret!=NULL.

-     [Ulf M�ller]

-  *) Retain source code compatibility for BN_prime_checks macro:

-     BN_is_prime(..., BN_prime_checks, ...) now uses

-     BN_prime_checks_for_size to determine the appropriate number of

-     Rabin-Miller iterations.

-     [Ulf M�ller]

-  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to

-     DH_CHECK_P_NOT_SAFE_PRIME.

-     (Check if this is true? OpenPGP calls them "strong".)

-     [Ulf M�ller]

-  *) Merge the functionality of "dh" and "gendh" programs into a new program

-     "dhparam". The old programs are retained for now but will handle DH keys

-     (instead of parameters) in future.

-     [Steve Henson]

-  *) Make the ciphers, s_server and s_client programs check the return values

-     when a new cipher list is set.

-     [Steve Henson]

-  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit

-     ciphers. Before when the 56bit ciphers were enabled the sorting was

-     wrong.

-     The syntax for the cipher sorting has been extended to support sorting by

-     cipher-strength (using the strength_bits hard coded in the tables).

-     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).

-     Fix a bug in the cipher-command parser: when supplying a cipher command

-     string with an "undefined" symbol (neither command nor alphanumeric

-     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now

-     an error is flagged.

-     Due to the strength-sorting extension, the code of the

-     ssl_create_cipher_list() function was completely rearranged. I hope that

-     the readability was also increased :-)

-     [Lutz Jaenicke <[email protected]>]

-  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1

-     for the first serial number and places 2 in the serial number file. This

-     avoids problems when the root CA is created with serial number zero and

-     the first user certificate has the same issuer name and serial number

-     as the root CA.

-     [Steve Henson]

-  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses

-     the new code. Add documentation for this stuff.

-     [Steve Henson]

-  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from

-     X509_*() to X509at_*() on the grounds that they don't handle X509

-     structures and behave in an analagous way to the X509v3 functions:

-     they shouldn't be called directly but wrapper functions should be used

-     instead.

-     So we also now have some wrapper functions that call the X509at functions

-     when passed certificate requests. (TO DO: similar things can be done with

-     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other

-     things. Some of these need some d2i or i2d and print functionality

-     because they handle more complex structures.)

-     [Steve Henson]

-  *) Add missing #ifndefs that caused missing symbols when building libssl

-     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of

-     NO_RSA in ssl/s2*.c.

-     [Kris Kennaway <[email protected]>, modified by Ulf M�ller]

-  *) Precautions against using the PRNG uninitialized: RAND_bytes() now

-     has a return value which indicates the quality of the random data

-     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's

-     error queue. New function RAND_pseudo_bytes() generates output that is

-     guaranteed to be unique but not unpredictable. RAND_add is like

-     RAND_seed, but takes an extra argument for an entropy estimate

-     (RAND_seed always assumes full entropy).

-     [Ulf M�ller]

-  *) Do more iterations of Rabin-Miller probable prime test (specifically,

-     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes

-     instead of only 2 for all lengths; see BN_prime_checks_for_size definition

-     in crypto/bn/bn_prime.c for the complete table).  This guarantees a

-     false-positive rate of at most 2^-80 for random input.

-     [Bodo Moeller]

-  *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.

-     [Bodo Moeller]

-  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain

-     in the 0.9.5 release), this returns the chain

-     from an X509_CTX structure with a dup of the stack and all

-     the X509 reference counts upped: so the stack will exist

-     after X509_CTX_cleanup() has been called. Modify pkcs12.c

-     to use this.

-     Also make SSL_SESSION_print() print out the verify return

-     code.

-     [Steve Henson]

-  *) Add manpage for the pkcs12 command. Also change the default

-     behaviour so MAC iteration counts are used unless the new

-     -nomaciter option is used. This improves file security and

-     only older versions of MSIE (4.0 for example) need it.

-     [Steve Henson]

-  *) Honor the no-xxx Configure options when creating .DEF files.

-     [Ulf M�ller]

-  *) Add PKCS#10 attributes to field table: challengePassword,

-     unstructuredName and unstructuredAddress. These are taken from

-     draft PKCS#9 v2.0 but are compatible with v1.2 provided no

-     international characters are used.

-     More changes to X509_ATTRIBUTE code: allow the setting of types

-     based on strings. Remove the 'loc' parameter when adding

-     attributes because these will be a SET OF encoding which is sorted

-     in ASN1 order.

-     [Steve Henson]

-  *) Initial changes to the 'req' utility to allow request generation

-     automation. This will allow an application to just generate a template

-     file containing all the field values and have req construct the

-     request.

-     Initial support for X509_ATTRIBUTE handling. Stacks of these are

-     used all over the place including certificate requests and PKCS#7

-     structures. They are currently handled manually where necessary with

-     some primitive wrappers for PKCS#7. The new functions behave in a

-     manner analogous to the X509 extension functions: they allow

-     attributes to be looked up by NID and added.

-     Later something similar to the X509V3 code would be desirable to

-     automatically handle the encoding, decoding and printing of the

-     more complex types. The string types like challengePassword can

-     be handled by the string table functions.

-     Also modified the multi byte string table handling. Now there is

-     a 'global mask' which masks out certain types. The table itself

-     can use the flag STABLE_NO_MASK to ignore the mask setting: this

-     is useful when for example there is only one permissible type

-     (as in countryName) and using the mask might result in no valid

-     types at all.

-     [Steve Henson]

-  *) Clean up 'Finished' handling, and add functions SSL_get_finished and

-     SSL_get_peer_finished to allow applications to obtain the latest

-     Finished messages sent to the peer or expected from the peer,

-     respectively.  (SSL_get_peer_finished is usually the Finished message

-     actually received from the peer, otherwise the protocol will be aborted.)

-     As the Finished message are message digests of the complete handshake

-     (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can

-     be used for external authentication procedures when the authentication

-     provided by SSL/TLS is not desired or is not enough.

-     [Bodo Moeller]

-  *) Enhanced support for Alpha Linux is added. Now ./config checks if

-     the host supports BWX extension and if Compaq C is present on the

-     $PATH. Just exploiting of the BWX extension results in 20-30%

-     performance kick for some algorithms, e.g. DES and RC4 to mention

-     a couple. Compaq C in turn generates ~20% faster code for MD5 and

-     SHA1.

-     [Andy Polyakov]

-  *) Add support for MS "fast SGC". This is arguably a violation of the

-     SSL3/TLS protocol. Netscape SGC does two handshakes: the first with

-     weak crypto and after checking the certificate is SGC a second one

-     with strong crypto. MS SGC stops the first handshake after receiving

-     the server certificate message and sends a second client hello. Since

-     a server will typically do all the time consuming operations before

-     expecting any further messages from the client (server key exchange

-     is the most expensive) there is little difference between the two.

-     To get OpenSSL to support MS SGC we have to permit a second client

-     hello message after we have sent server done. In addition we have to

-     reset the MAC if we do get this second client hello.

-     [Steve Henson]

-  *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide

-     if a DER encoded private key is RSA or DSA traditional format. Changed

-     d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"

-     format DER encoded private key. Newer code should use PKCS#8 format which

-     has the key type encoded in the ASN1 structure. Added DER private key

-     support to pkcs8 application.

-     [Steve Henson]

-  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous

-     ciphersuites has been selected (as required by the SSL 3/TLS 1

-     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT

-     is set, we interpret this as a request to violate the specification

-     (the worst that can happen is a handshake failure, and 'correct'

-     behaviour would result in a handshake failure anyway).

-     [Bodo Moeller]

-  *) In SSL_CTX_add_session, take into account that there might be multiple

-     SSL_SESSION structures with the same session ID (e.g. when two threads

-     concurrently obtain them from an external cache).

-     The internal cache can handle only one SSL_SESSION with a given ID,

-     so if there's a conflict, we now throw out the old one to achieve

-     consistency.

-     [Bodo Moeller]

-  *) Add OIDs for idea and blowfish in CBC mode. This will allow both

-     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to

-     some routines that use cipher OIDs: some ciphers do not have OIDs

-     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for

-     example.

-     [Steve Henson]

-  *) Simplify the trust setting structure and code. Now we just have

-     two sequences of OIDs for trusted and rejected settings. These will

-     typically have values the same as the extended key usage extension

-     and any application specific purposes.

-     The trust checking code now has a default behaviour: it will just

-     check for an object with the same NID as the passed id. Functions can

-     be provided to override either the default behaviour or the behaviour

-     for a given id. SSL client, server and email already have functions

-     in place for compatibility: they check the NID and also return "trusted"

-     if the certificate is self signed.

-     [Steve Henson]

-  *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the

-     traditional format into an EVP_PKEY structure.

-     [Steve Henson]

-  *) Add a password callback function PEM_cb() which either prompts for

-     a password if usr_data is NULL or otherwise assumes it is a null

-     terminated password. Allow passwords to be passed on command line

-     environment or config files in a few more utilities.

-     [Steve Henson]

-  *) Add a bunch of DER and PEM functions to handle PKCS#8 format private

-     keys. Add some short names for PKCS#8 PBE algorithms and allow them

-     to be specified on the command line for the pkcs8 and pkcs12 utilities.

-     Update documentation.

-     [Steve Henson]

-  *) Support for ASN1 "NULL" type. This could be handled before by using

-     ASN1_TYPE but there wasn't any function that would try to read a NULL

-     and produce an error if it couldn't. For compatibility we also have

-     ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and

-     don't allocate anything because they don't need to.

-     [Steve Henson]

-  *) Initial support for MacOS is now provided. Examine INSTALL.MacOS

-     for details.

-     [Andy Polyakov, Roy Woods <[email protected]>]

-  *) Rebuild of the memory allocation routines used by OpenSSL code and

-     possibly others as well.  The purpose is to make an interface that

-     provide hooks so anyone can build a separate set of allocation and

-     deallocation routines to be used by OpenSSL, for example memory

-     pool implementations, or something else, which was previously hard

-     since Malloc(), Realloc() and Free() were defined as macros having

-     the values malloc, realloc and free, respectively (except for Win32

-     compilations).  The same is provided for memory debugging code.

-     OpenSSL already comes with functionality to find memory leaks, but

-     this gives people a chance to debug other memory problems.

-     With these changes, a new set of functions and macros have appeared:

-       CRYPTO_set_mem_debug_functions()	        [F]

-       CRYPTO_get_mem_debug_functions()         [F]

-       CRYPTO_dbg_set_options()	                [F]

-       CRYPTO_dbg_get_options()                 [F]

-       CRYPTO_malloc_debug_init()               [M]

-     The memory debug functions are NULL by default, unless the library

-     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone

-     wants to debug memory anyway, CRYPTO_malloc_debug_init() (which

-     gives the standard debugging functions that come with OpenSSL) or

-     CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions

-     provided by the library user) must be used.  When the standard

-     debugging functions are used, CRYPTO_dbg_set_options can be used to

-     request additional information:

-     CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting

-     the CRYPTO_MDEBUG_xxx macro when compiling the library.

-     Also, things like CRYPTO_set_mem_functions will always give the

-     expected result (the new set of functions is used for allocation

-     and deallocation) at all times, regardless of platform and compiler

-     options.

-     To finish it up, some functions that were never use in any other

-     way than through macros have a new API and new semantic:

-       CRYPTO_dbg_malloc()

-       CRYPTO_dbg_realloc()

-       CRYPTO_dbg_free()

-     All macros of value have retained their old syntax.

-     [Richard Levitte and Bodo Moeller]

-  *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the

-     ordering of SMIMECapabilities wasn't in "strength order" and there

-     was a missing NULL in the AlgorithmIdentifier for the SHA1 signature

-     algorithm.

-     [Steve Henson]

-  *) Some ASN1 types with illegal zero length encoding (INTEGER,

-     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.

-     [Frans Heymans <[email protected]>, modified by Steve Henson]

-  *) Merge in my S/MIME library for OpenSSL. This provides a simple

-     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough

-     functionality to handle multipart/signed properly) and a utility

-     called 'smime' to call all this stuff. This is based on code I

-     originally wrote for Celo who have kindly allowed it to be

-     included in OpenSSL.

-     [Steve Henson]

-  *) Add variants des_set_key_checked and des_set_key_unchecked of

-     des_set_key (aka des_key_sched).  Global variable des_check_key

-     decides which of these is called by des_set_key; this way

-     des_check_key behaves as it always did, but applications and

-     the library itself, which was buggy for des_check_key == 1,

-     have a cleaner way to pick the version they need.

-     [Bodo Moeller]

-  *) New function PKCS12_newpass() which changes the password of a

-     PKCS12 structure.

-     [Steve Henson]

-  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and

-     dynamic mix. In both cases the ids can be used as an index into the

-     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()

-     functions so they accept a list of the field values and the

-     application doesn't need to directly manipulate the X509_TRUST

-     structure.

-     [Steve Henson]

-  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't

-     need initialising.

-     [Steve Henson]

-  *) Modify the way the V3 extension code looks up extensions. This now

-     works in a similar way to the object code: we have some "standard"

-     extensions in a static table which is searched with OBJ_bsearch()

-     and the application can add dynamic ones if needed. The file

-     crypto/x509v3/ext_dat.h now has the info: this file needs to be

-     updated whenever a new extension is added to the core code and kept

-     in ext_nid order. There is a simple program 'tabtest.c' which checks

-     this. New extensions are not added too often so this file can readily

-     be maintained manually.

-     There are two big advantages in doing things this way. The extensions

-     can be looked up immediately and no longer need to be "added" using

-     X509V3_add_standard_extensions(): this function now does nothing.

-     [Side note: I get *lots* of email saying the extension code doesn't

-      work because people forget to call this function]

-     Also no dynamic allocation is done unless new extensions are added:

-     so if we don't add custom extensions there is no need to call

-     X509V3_EXT_cleanup().

-     [Steve Henson]

-  *) Modify enc utility's salting as follows: make salting the default. Add a

-     magic header, so unsalted files fail gracefully instead of just decrypting

-     to garbage. This is because not salting is a big security hole, so people

-     should be discouraged from doing it.

-     [Ben Laurie]

-  *) Fixes and enhancements to the 'x509' utility. It allowed a message

-     digest to be passed on the command line but it only used this

-     parameter when signing a certificate. Modified so all relevant

-     operations are affected by the digest parameter including the

-     -fingerprint and -x509toreq options. Also -x509toreq choked if a

-     DSA key was used because it didn't fix the digest.

-     [Steve Henson]

-  *) Initial certificate chain verify code. Currently tests the untrusted

-     certificates for consistency with the verify purpose (which is set

-     when the X509_STORE_CTX structure is set up) and checks the pathlength.

-     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:

-     this is because it will reject chains with invalid extensions whereas

-     every previous version of OpenSSL and SSLeay made no checks at all.

-     Trust code: checks the root CA for the relevant trust settings. Trust

-     settings have an initial value consistent with the verify purpose: e.g.

-     if the verify purpose is for SSL client use it expects the CA to be

-     trusted for SSL client use. However the default value can be changed to

-     permit custom trust settings: one example of this would be to only trust

-     certificates from a specific "secure" set of CAs.

-     Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions

-     which should be used for version portability: especially since the

-     verify structure is likely to change more often now.

-     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions

-     to set them. If not set then assume SSL clients will verify SSL servers

-     and vice versa.

-     Two new options to the verify program: -untrusted allows a set of

-     untrusted certificates to be passed in and -purpose which sets the

-     intended purpose of the certificate. If a purpose is set then the

-     new chain verify code is used to check extension consistency.

-     [Steve Henson]

-  *) Support for the authority information access extension.

-     [Steve Henson]

-  *) Modify RSA and DSA PEM read routines to transparently handle

-     PKCS#8 format private keys. New *_PUBKEY_* functions that handle

-     public keys in a format compatible with certificate

-     SubjectPublicKeyInfo structures. Unfortunately there were already

-     functions called *_PublicKey_* which used various odd formats so

-     these are retained for compatibility: however the DSA variants were

-     never in a public release so they have been deleted. Changed dsa/rsa

-     utilities to handle the new format: note no releases ever handled public

-     keys so we should be OK.

-     The primary motivation for this change is to avoid the same fiasco

-     that dogs private keys: there are several incompatible private key

-     formats some of which are standard and some OpenSSL specific and

-     require various evil hacks to allow partial transparent handling and

-     even then it doesn't work with DER formats. Given the option anything

-     other than PKCS#8 should be dumped: but the other formats have to

-     stay in the name of compatibility.

-     With public keys and the benefit of hindsight one standard format

-     is used which works with EVP_PKEY, RSA or DSA structures: though

-     it clearly returns an error if you try to read the wrong kind of key.

-     Added a -pubkey option to the 'x509' utility to output the public key.

-     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()

-     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add

-     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())

-     that do the same as the EVP_PKEY_assign_*() except they up the

-     reference count of the added key (they don't "swallow" the

-     supplied key).

-     [Steve Henson]

-  *) Fixes to crypto/x509/by_file.c the code to read in certificates and

-     CRLs would fail if the file contained no certificates or no CRLs:

-     added a new function to read in both types and return the number

-     read: this means that if none are read it will be an error. The

-     DER versions of the certificate and CRL reader would always fail

-     because it isn't possible to mix certificates and CRLs in DER format

-     without choking one or the other routine. Changed this to just read

-     a certificate: this is the best we can do. Also modified the code

-     in apps/verify.c to take notice of return codes: it was previously

-     attempting to read in certificates from NULL pointers and ignoring

-     any errors: this is one reason why the cert and CRL reader seemed

-     to work. It doesn't check return codes from the default certificate

-     routines: these may well fail if the certificates aren't installed.

-     [Steve Henson]

-  *) Code to support otherName option in GeneralName.

-     [Steve Henson]

-  *) First update to verify code. Change the verify utility

-     so it warns if it is passed a self signed certificate:

-     for consistency with the normal behaviour. X509_verify

-     has been modified to it will now verify a self signed

-     certificate if *exactly* the same certificate appears

-     in the store: it was previously impossible to trust a

-     single self signed certificate. This means that:

-     openssl verify ss.pem

-     now gives a warning about a self signed certificate but

-     openssl verify -CAfile ss.pem ss.pem

-     is OK.

-     [Steve Henson]

-  *) For servers, store verify_result in SSL_SESSION data structure

-     (and add it to external session representation).

-     This is needed when client certificate verifications fails,

-     but an application-provided verification callback (set by

-     SSL_CTX_set_cert_verify_callback) allows accepting the session

-     anyway (i.e. leaves x509_store_ctx->error != X509_V_OK

-     but returns 1): When the session is reused, we have to set

-     ssl->verify_result to the appropriate error code to avoid

-     security holes.

-     [Bodo Moeller, problem pointed out by Lutz Jaenicke]

-  *) Fix a bug in the new PKCS#7 code: it didn't consider the

-     case in PKCS7_dataInit() where the signed PKCS7 structure

-     didn't contain any existing data because it was being created.

-     [Po-Cheng Chen <[email protected]>, slightly modified by Steve Henson]

-  *) Add a salt to the key derivation routines in enc.c. This

-     forms the first 8 bytes of the encrypted file. Also add a

-     -S option to allow a salt to be input on the command line.

-     [Steve Henson]

-  *) New function X509_cmp(). Oddly enough there wasn't a function

-     to compare two certificates. We do this by working out the SHA1

-     hash and comparing that. X509_cmp() will be needed by the trust

-     code.

-     [Steve Henson]

-  *) SSL_get1_session() is like SSL_get_session(), but increments

-     the reference count in the SSL_SESSION returned.

-     [Geoff Thorpe <[email protected]>]

-  *) Fix for 'req': it was adding a null to request attributes.

-     Also change the X509_LOOKUP and X509_INFO code to handle

-     certificate auxiliary information.

-     [Steve Henson]

-  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document

-     the 'enc' command.

-     [Steve Henson]

-  *) Add the possibility to add extra information to the memory leak

-     detecting output, to form tracebacks, showing from where each

-     allocation was originated: CRYPTO_push_info("constant string") adds

-     the string plus current file name and line number to a per-thread

-     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()

-     is like calling CYRPTO_pop_info() until the stack is empty.

-     Also updated memory leak detection code to be multi-thread-safe.

-     [Richard Levitte]

-  *) Add options -text and -noout to pkcs7 utility and delete the

-     encryption options which never did anything. Update docs.

-     [Steve Henson]

-  *) Add options to some of the utilities to allow the pass phrase

-     to be included on either the command line (not recommended on

-     OSes like Unix) or read from the environment. Update the

-     manpages and fix a few bugs.

-     [Steve Henson]

-  *) Add a few manpages for some of the openssl commands.

-     [Steve Henson]

-  *) Fix the -revoke option in ca. It was freeing up memory twice,

-     leaking and not finding already revoked certificates.

-     [Steve Henson]

-  *) Extensive changes to support certificate auxiliary information.

-     This involves the use of X509_CERT_AUX structure and X509_AUX

-     functions. An X509_AUX function such as PEM_read_X509_AUX()

-     can still read in a certificate file in the usual way but it

-     will also read in any additional "auxiliary information". By

-     doing things this way a fair degree of compatibility can be

-     retained: existing certificates can have this information added

-     using the new 'x509' options.

-     Current auxiliary information includes an "alias" and some trust

-     settings. The trust settings will ultimately be used in enhanced

-     certificate chain verification routines: currently a certificate

-     can only be trusted if it is self signed and then it is trusted

-     for all purposes.

-     [Steve Henson]

-  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).

-     The problem was that one of the replacement routines had not been working

-     since SSLeay releases.  For now the offending routine has been replaced

-     with non-optimised assembler.  Even so, this now gives around 95%

-     performance improvement for 1024 bit RSA signs.

-     [Mark Cox]

-  *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2

-     handling. Most clients have the effective key size in bits equal to

-     the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.

-     A few however don't do this and instead use the size of the decrypted key

-     to determine the RC2 key length and the AlgorithmIdentifier to determine

-     the effective key length. In this case the effective key length can still

-     be 40 bits but the key length can be 168 bits for example. This is fixed

-     by manually forcing an RC2 key into the EVP_PKEY structure because the

-     EVP code can't currently handle unusual RC2 key sizes: it always assumes

-     the key length and effective key length are equal.

-     [Steve Henson]

-  *) Add a bunch of functions that should simplify the creation of

-     X509_NAME structures. Now you should be able to do:

-     X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);

-     and have it automatically work out the correct field type and fill in

-     the structures. The more adventurous can try:

-     X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);

-     and it will (hopefully) work out the correct multibyte encoding.

-     [Steve Henson]

-  *) Change the 'req' utility to use the new field handling and multibyte

-     copy routines. Before the DN field creation was handled in an ad hoc

-     way in req, ca, and x509 which was rather broken and didn't support

-     BMPStrings or UTF8Strings. Since some software doesn't implement

-     BMPStrings or UTF8Strings yet, they can be enabled using the config file

-     using the dirstring_type option. See the new comment in the default

-     openssl.cnf for more info.

-     [Steve Henson]

-  *) Make crypto/rand/md_rand.c more robust:

-     - Assure unique random numbers after fork().

-     - Make sure that concurrent threads access the global counter and

-       md serializably so that we never lose entropy in them

-       or use exactly the same state in multiple threads.

-       Access to the large state is not always serializable because

-       the additional locking could be a performance killer, and

-       md should be large enough anyway.

-     [Bodo Moeller]

-  *) New file apps/app_rand.c with commonly needed functionality

-     for handling the random seed file.

-     Use the random seed file in some applications that previously did not:

-          ca,

-          dsaparam -genkey (which also ignored its '-rand' option),

-          s_client,

-          s_server,

-          x509 (when signing).

-     Except on systems with /dev/urandom, it is crucial to have a random

-     seed file at least for key creation, DSA signing, and for DH exchanges;

-     for RSA signatures we could do without one.

-     gendh and gendsa (unlike genrsa) used to read only the first byte

-     of each file listed in the '-rand' option.  The function as previously

-     found in genrsa is now in app_rand.c and is used by all programs

-     that support '-rand'.

-     [Bodo Moeller]

-  *) In RAND_write_file, use mode 0600 for creating files;

-     don't just chmod when it may be too late.

-     [Bodo Moeller]

-  *) Report an error from X509_STORE_load_locations

-     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.

-     [Bill Perry]

-  *) New function ASN1_mbstring_copy() this copies a string in either

-     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format

-     into an ASN1_STRING type. A mask of permissible types is passed

-     and it chooses the "minimal" type to use or an error if not type

-     is suitable.

-     [Steve Henson]

-  *) Add function equivalents to the various macros in asn1.h. The old

-     macros are retained with an M_ prefix. Code inside the library can

-     use the M_ macros. External code (including the openssl utility)

-     should *NOT* in order to be "shared library friendly".

-     [Steve Henson]

-  *) Add various functions that can check a certificate's extensions

-     to see if it usable for various purposes such as SSL client,

-     server or S/MIME and CAs of these types. This is currently

-     VERY EXPERIMENTAL but will ultimately be used for certificate chain

-     verification. Also added a -purpose flag to x509 utility to

-     print out all the purposes.

-     [Steve Henson]

-  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated

-     functions.

-     [Steve Henson]

-  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search

-     for, obtain and decode and extension and obtain its critical flag.

-     This allows all the necessary extension code to be handled in a

-     single function call.

-     [Steve Henson]

-  *) RC4 tune-up featuring 30-40% performance improvement on most RISC

-     platforms. See crypto/rc4/rc4_enc.c for further details.

-     [Andy Polyakov]

-  *) New -noout option to asn1parse. This causes no output to be produced

-     its main use is when combined with -strparse and -out to extract data

-     from a file (which may not be in ASN.1 format).

-     [Steve Henson]

-  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer

-     when producing the local key id.

-     [Richard Levitte <[email protected]>]

-  *) New option -dhparam in s_server. This allows a DH parameter file to be

-     stated explicitly. If it is not stated then it tries the first server

-     certificate file. The previous behaviour hard coded the filename

-     "server.pem".

-     [Steve Henson]

-  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow

-     a public key to be input or output. For example:

-     openssl rsa -in key.pem -pubout -out pubkey.pem

-     Also added necessary DSA public key functions to handle this.

-     [Steve Henson]

-  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained

-     in the message. This was handled by allowing

-     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.

-     [Steve Henson, reported by Sampo Kellomaki <[email protected]>]

-  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null

-     to the end of the strings whereas this didn't. This would cause problems

-     if strings read with d2i_ASN1_bytes() were later modified.

-     [Steve Henson, reported by Arne Ansper <[email protected]>]

-  *) Fix for base64 decode bug. When a base64 bio reads only one line of

-     data and it contains EOF it will end up returning an error. This is

-     caused by input 46 bytes long. The cause is due to the way base64

-     BIOs find the start of base64 encoded data. They do this by trying a

-     trial decode on each line until they find one that works. When they

-     do a flag is set and it starts again knowing it can pass all the

-     data directly through the decoder. Unfortunately it doesn't reset

-     the context it uses. This means that if EOF is reached an attempt

-     is made to pass two EOFs through the context and this causes the

-     resulting error. This can also cause other problems as well. As is

-     usual with these problems it takes *ages* to find and the fix is

-     trivial: move one line.

-     [Steve Henson, reported by [email protected] (Ivan Nejgebauer) ]

-  *) Ugly workaround to get s_client and s_server working under Windows. The

-     old code wouldn't work because it needed to select() on sockets and the

-     tty (for keypresses and to see if data could be written). Win32 only

-     supports select() on sockets so we select() with a 1s timeout on the

-     sockets and then see if any characters are waiting to be read, if none

-     are present then we retry, we also assume we can always write data to

-     the tty. This isn't nice because the code then blocks until we've

-     received a complete line of data and it is effectively polling the

-     keyboard at 1s intervals: however it's quite a bit better than not

-     working at all :-) A dedicated Windows application might handle this

-     with an event loop for example.

-     [Steve Henson]

-  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign

-     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions

-     will be called when RSA_sign() and RSA_verify() are used. This is useful

-     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.

-     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()

-     should *not* be used: RSA_sign() and RSA_verify() must be used instead.

-     This necessitated the support of an extra signature type NID_md5_sha1

-     for SSL signatures and modifications to the SSL library to use it instead

-     of calling RSA_public_decrypt() and RSA_private_encrypt().

-     [Steve Henson]

-  *) Add new -verify -CAfile and -CApath options to the crl program, these

-     will lookup a CRL issuers certificate and verify the signature in a

-     similar way to the verify program. Tidy up the crl program so it

-     no longer accesses structures directly. Make the ASN1 CRL parsing a bit

-     less strict. It will now permit CRL extensions even if it is not

-     a V2 CRL: this will allow it to tolerate some broken CRLs.

-     [Steve Henson]

-  *) Initialize all non-automatic variables each time one of the openssl

-     sub-programs is started (this is necessary as they may be started

-     multiple times from the "OpenSSL>" prompt).

-     [Lennart Bang, Bodo Moeller]

-  *) Preliminary compilation option RSA_NULL which disables RSA crypto without

-     removing all other RSA functionality (this is what NO_RSA does). This

-     is so (for example) those in the US can disable those operations covered

-     by the RSA patent while allowing storage and parsing of RSA keys and RSA

-     key generation.

-     [Steve Henson]

-  *) Non-copying interface to BIO pairs.

-     (still largely untested)

-     [Bodo Moeller]

-  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive

-     ASCII string. This was handled independently in various places before.

-     [Steve Henson]

-  *) New functions UTF8_getc() and UTF8_putc() that parse and generate

-     UTF8 strings a character at a time.

-     [Steve Henson]

-  *) Use client_version from client hello to select the protocol

-     (s23_srvr.c) and for RSA client key exchange verification

-     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.

-     [Bodo Moeller]

-  *) Add various utility functions to handle SPKACs, these were previously

-     handled by poking round in the structure internals. Added new function

-     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to

-     print, verify and generate SPKACs. Based on an original idea from

-     Massimiliano Pala <[email protected]> but extensively modified.

-     [Steve Henson]

-  *) RIPEMD160 is operational on all platforms and is back in 'make test'.

-     [Andy Polyakov]

-  *) Allow the config file extension section to be overwritten on the

-     command line. Based on an original idea from Massimiliano Pala

-     <[email protected]>. The new option is called -extensions

-     and can be applied to ca, req and x509. Also -reqexts to override

-     the request extensions in req and -crlexts to override the crl extensions

-     in ca.

-     [Steve Henson]

-  *) Add new feature to the SPKAC handling in ca.  Now you can include

-     the same field multiple times by preceding it by "XXXX." for example:

-     1.OU="Unit name 1"

-     2.OU="Unit name 2"

-     this is the same syntax as used in the req config file.

-     [Steve Henson]

-  *) Allow certificate extensions to be added to certificate requests. These

-     are specified in a 'req_extensions' option of the req section of the

-     config file. They can be printed out with the -text option to req but

-     are otherwise ignored at present.

-     [Steve Henson]

-  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first

-     data read consists of only the final block it would not decrypted because

-     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.

-     A misplaced 'break' also meant the decrypted final block might not be

-     copied until the next read.

-     [Steve Henson]

-  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added

-     a few extra parameters to the DH structure: these will be useful if

-     for example we want the value of 'q' or implement X9.42 DH.

-     [Steve Henson]

-  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and

-     provides hooks that allow the default DSA functions or functions on a

-     "per key" basis to be replaced. This allows hardware acceleration and

-     hardware key storage to be handled without major modification to the

-     library. Also added low level modexp hooks and CRYPTO_EX structure and

-     associated functions.

-     [Steve Henson]

-  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO

-     as "read only": it can't be written to and the buffer it points to will

-     not be freed. Reading from a read only BIO is much more efficient than

-     a normal memory BIO. This was added because there are several times when

-     an area of memory needs to be read from a BIO. The previous method was

-     to create a memory BIO and write the data to it, this results in two

-     copies of the data and an O(n^2) reading algorithm. There is a new

-     function BIO_new_mem_buf() which creates a read only memory BIO from

-     an area of memory. Also modified the PKCS#7 routines to use read only

-     memory BIOs.

-     [Steve Henson]

-  *) Bugfix: ssl23_get_client_hello did not work properly when called in

-     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of

-     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,

-     but a retry condition occured while trying to read the rest.

-     [Bodo Moeller]

-  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as

-     NID_pkcs7_encrypted by default: this was wrong since this should almost

-     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle

-     the encrypted data type: this is a more sensible place to put it and it

-     allows the PKCS#12 code to be tidied up that duplicated this

-     functionality.

-     [Steve Henson]

-  *) Changed obj_dat.pl script so it takes its input and output files on

-     the command line. This should avoid shell escape redirection problems

-     under Win32.

-     [Steve Henson]

-  *) Initial support for certificate extension requests, these are included

-     in things like Xenroll certificate requests. Included functions to allow

-     extensions to be obtained and added.

-     [Steve Henson]

-  *) -crlf option to s_client and s_server for sending newlines as

-     CRLF (as required by many protocols).

-     [Bodo Moeller]

- Changes between 0.9.3a and 0.9.4  [09 Aug 1999]

-  *) Install libRSAglue.a when OpenSSL is built with RSAref.

-     [Ralf S. Engelschall]

-  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.

-     [Andrija Antonijevic <[email protected]>]

-  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'

-     program.

-     [Steve Henson]

-  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as

-     DH parameters/keys (q is lost during that conversion, but the resulting

-     DH parameters contain its length).

-     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is

-     much faster than DH_generate_parameters (which creates parameters

-     where p = 2*q + 1), and also the smaller q makes DH computations

-     much more efficient (160-bit exponentiation instead of 1024-bit

-     exponentiation); so this provides a convenient way to support DHE

-     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of

-     utter importance to use

-         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);

-     or

-         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);

-     when such DH parameters are used, because otherwise small subgroup

-     attacks may become possible!

-     [Bodo Moeller]

-  *) Avoid memory leak in i2d_DHparams.

-     [Bodo Moeller]

-  *) Allow the -k option to be used more than once in the enc program:

-     this allows the same encrypted message to be read by multiple recipients.

-     [Steve Henson]

-  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts

-     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then

-     it will always use the numerical form of the OID, even if it has a short

-     or long name.

-     [Steve Henson]

-  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp

-     method only got called if p,q,dmp1,dmq1,iqmp components were present,

-     otherwise bn_mod_exp was called. In the case of hardware keys for example

-     no private key components need be present and it might store extra data

-     in the RSA structure, which cannot be accessed from bn_mod_exp.

-     By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for

-     private key operations.

-     [Steve Henson]

-  *) Added support for SPARC Linux.

-     [Andy Polyakov]

-  *) pem_password_cb function type incompatibly changed from

-          typedef int pem_password_cb(char *buf, int size, int rwflag);

-     to

-          ....(char *buf, int size, int rwflag, void *userdata);

-     so that applications can pass data to their callbacks:

-     The PEM[_ASN1]_{read,write}... functions and macros now take an

-     additional void * argument, which is just handed through whenever

-     the password callback is called.

-     [Damien Miller <[email protected]>; tiny changes by Bodo Moeller]

-     New function SSL_CTX_set_default_passwd_cb_userdata.

-     Compatibility note: As many C implementations push function arguments

-     onto the stack in reverse order, the new library version is likely to

-     interoperate with programs that have been compiled with the old

-     pem_password_cb definition (PEM_whatever takes some data that

-     happens to be on the stack as its last argument, and the callback

-     just ignores this garbage); but there is no guarantee whatsoever that

-     this will work.

-  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...

-     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused

-     problems not only on Windows, but also on some Unix platforms.

-     To avoid problematic command lines, these definitions are now in an

-     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl

-     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).

-     [Bodo Moeller]

-  *) MIPS III/IV assembler module is reimplemented.

-     [Andy Polyakov]

-  *) More DES library cleanups: remove references to srand/rand and

-     delete an unused file.

-     [Ulf M�ller]

-  *) Add support for the the free Netwide assembler (NASM) under Win32,

-     since not many people have MASM (ml) and it can be hard to obtain.

-     This is currently experimental but it seems to work OK and pass all

-     the tests. Check out INSTALL.W32 for info.

-     [Steve Henson]

-  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections

-     without temporary keys kept an extra copy of the server key,

-     and connections with temporary keys did not free everything in case

-     of an error.

-     [Bodo Moeller]

-  *) New function RSA_check_key and new openssl rsa option -check

-     for verifying the consistency of RSA keys.

-     [Ulf Moeller, Bodo Moeller]

-  *) Various changes to make Win32 compile work:

-     1. Casts to avoid "loss of data" warnings in p5_crpt2.c

-     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned

-        comparison" warnings.

-     3. Add sk_<TYPE>_sort to DEF file generator and do make update.

-     [Steve Henson]

-  *) Add a debugging option to PKCS#5 v2 key generation function: when

-     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and

-     derived keys are printed to stderr.

-     [Steve Henson]

-  *) Copy the flags in ASN1_STRING_dup().

-     [Roman E. Pavlov <[email protected]>]

-  *) The x509 application mishandled signing requests containing DSA

-     keys when the signing key was also DSA and the parameters didn't match.

-     It was supposed to omit the parameters when they matched the signing key:

-     the verifying software was then supposed to automatically use the CA's

-     parameters if they were absent from the end user certificate.

-     Omitting parameters is no longer recommended. The test was also

-     the wrong way round! This was probably due to unusual behaviour in

-     EVP_cmp_parameters() which returns 1 if the parameters match.

-     This meant that parameters were omitted when they *didn't* match and

-     the certificate was useless. Certificates signed with 'ca' didn't have

-     this bug.

-     [Steve Henson, reported by Doug Erickson <[email protected]>]

-  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.

-     The interface is as follows:

-     Applications can use

-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),

-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();

-     "off" is now the default.

-     The library internally uses

-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),

-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()

-     to disable memory-checking temporarily.

-     Some inconsistent states that previously were possible (and were

-     even the default) are now avoided.

-     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time

-     with each memory chunk allocated; this is occasionally more helpful

-     than just having a counter.

-     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.

-     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future

-     extensions.

-     [Bodo Moeller]

-  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),

-     which largely parallels "options", but is for changing API behaviour,

-     whereas "options" are about protocol behaviour.

-     Initial "mode" flags are:

-     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when

-                                     a single record has been written.

-     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write

-                                     retries use the same buffer location.

-                                     (But all of the contents must be

-                                     copied!)

-     [Bodo Moeller]

-  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options

-     worked.

-  *) Fix problems with no-hmac etc.

-     [Ulf M�ller, pointed out by Brian Wellington <[email protected]>]

-  *) New functions RSA_get_default_method(), RSA_set_method() and

-     RSA_get_method(). These allows replacement of RSA_METHODs without having

-     to mess around with the internals of an RSA structure.

-     [Steve Henson]

-  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.

-     Also really enable memory leak checks in openssl.c and in some

-     test programs.

-     [Chad C. Mulligan, Bodo Moeller]

-  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess

-     up the length of negative integers. This has now been simplified to just

-     store the length when it is first determined and use it later, rather

-     than trying to keep track of where data is copied and updating it to

-     point to the end.

-     [Steve Henson, reported by Brien Wheeler

-      <[email protected]>]

-  *) Add a new function PKCS7_signatureVerify. This allows the verification

-     of a PKCS#7 signature but with the signing certificate passed to the

-     function itself. This contrasts with PKCS7_dataVerify which assumes the

-     certificate is present in the PKCS#7 structure. This isn't always the

-     case: certificates can be omitted from a PKCS#7 structure and be

-     distributed by "out of band" means (such as a certificate database).

-     [Steve Henson]

-  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the

-     function prototypes in pem.h, also change util/mkdef.pl to add the

-     necessary function names.

-     [Steve Henson]

-  *) mk1mf.pl (used by Windows builds) did not properly read the

-     options set by Configure in the top level Makefile, and Configure

-     was not even able to write more than one option correctly.

-     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.

-     [Bodo Moeller]

-  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config

-     file to be loaded from a BIO or FILE pointer. The BIO version will

-     for example allow memory BIOs to contain config info.

-     [Steve Henson]

-  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.

-     Whoever hopes to achieve shared-library compatibility across versions

-     must use this, not the compile-time macro.

-     (Exercise 0.9.4: Which is the minimum library version required by

-     such programs?)

-     Note: All this applies only to multi-threaded programs, others don't

-     need locks.

-     [Bodo Moeller]

-  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests

-     through a BIO pair triggered the default case, i.e.

-     SSLerr(...,SSL_R_UNKNOWN_STATE).

-     [Bodo Moeller]

-  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications

-     can use the SSL library even if none of the specific BIOs is

-     appropriate.

-     [Bodo Moeller]

-  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value

-     for the encoded length.

-     [Jeon KyoungHo <[email protected]>]

-  *) Add initial documentation of the X509V3 functions.

-     [Steve Henson]

-  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and

-     PEM_write_bio_PKCS8PrivateKey() that are equivalent to

-     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more

-     secure PKCS#8 private key format with a high iteration count.

-     [Steve Henson]

-  *) Fix determination of Perl interpreter: A perl or perl5

-     _directory_ in $PATH was also accepted as the interpreter.

-     [Ralf S. Engelschall]

-  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking

-     wrong with it but it was very old and did things like calling

-     PEM_ASN1_read() directly and used MD5 for the hash not to mention some

-     unusual formatting.

-     [Steve Henson]

-  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed

-     to use the new extension code.

-     [Steve Henson]

-  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c

-     with macros. This should make it easier to change their form, add extra

-     arguments etc. Fix a few PEM prototypes which didn't have cipher as a

-     constant.

-     [Steve Henson]

-  *) Add to configuration table a new entry that can specify an alternative

-     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,

-     according to Mark Crispin <[email protected]>.

-     [Bodo Moeller]

-#if 0

-  *) DES CBC did not update the IV. Weird.

-     [Ben Laurie]

-#else

-     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.

-     Changing the behaviour of the former might break existing programs --

-     where IV updating is needed, des_ncbc_encrypt can be used.

-#endif

-  *) When bntest is run from "make test" it drives bc to check its

-     calculations, as well as internally checking them. If an internal check

-     fails, it needs to cause bc to give a non-zero result or make test carries

-     on without noticing the failure. Fixed.

-     [Ben Laurie]

-  *) DES library cleanups.

-     [Ulf M�ller]

-  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be

-     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit

-     ciphers. NOTE: although the key derivation function has been verified

-     against some published test vectors it has not been extensively tested

-     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use

-     of v2.0.

-     [Steve Henson]

-  *) Instead of "mkdir -p", which is not fully portable, use new

-     Perl script "util/mkdir-p.pl".

-     [Bodo Moeller]

-  *) Rewrite the way password based encryption (PBE) is handled. It used to

-     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter

-     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms

-     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now

-     the 'parameter' field of the AlgorithmIdentifier is passed to the

-     underlying key generation function so it must do its own ASN1 parsing.

-     This has also changed the EVP_PBE_CipherInit() function which now has a

-     'parameter' argument instead of literal salt and iteration count values

-     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.

-     [Steve Henson]

-  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms

-     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.

-     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE

-     KEY" because this clashed with PKCS#8 unencrypted string. Since this

-     value was just used as a "magic string" and not used directly its

-     value doesn't matter.

-     [Steve Henson]

-  *) Introduce some semblance of const correctness to BN. Shame C doesn't

-     support mutable.

-     [Ben Laurie]

-  *) "linux-sparc64" configuration (ultrapenguin).

-     [Ray Miller <[email protected]>]

-     "linux-sparc" configuration.

-     [Christian Forster <[email protected]>]

-  *) config now generates no-xxx options for missing ciphers.

-     [Ulf M�ller]

-  *) Support the EBCDIC character set (work in progress).

-     File ebcdic.c not yet included because it has a different license.

-     [Martin Kraemer <[email protected]>]

-  *) Support BS2000/OSD-POSIX.

-     [Martin Kraemer <[email protected]>]

-  *) Make callbacks for key generation use void * instead of char *.

-     [Ben Laurie]

-  *) Make S/MIME samples compile (not yet tested).

-     [Ben Laurie]

-  *) Additional typesafe stacks.

-     [Ben Laurie]

-  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).

-     [Bodo Moeller]

- Changes between 0.9.3 and 0.9.3a  [29 May 1999]

-  *) New configuration variant "sco5-gcc".

-  *) Updated some demos.

-     [Sean O Riordain, Wade Scholine]

-  *) Add missing BIO_free at exit of pkcs12 application.

-     [Wu Zhigang]

-  *) Fix memory leak in conf.c.

-     [Steve Henson]

-  *) Updates for Win32 to assembler version of MD5.

-     [Steve Henson]

-  *) Set #! path to perl in apps/der_chop to where we found it

-     instead of using a fixed path.

-     [Bodo Moeller]

-  *) SHA library changes for irix64-mips4-cc.

-     [Andy Polyakov]

-  *) Improvements for VMS support.

-     [Richard Levitte]

- Changes between 0.9.2b and 0.9.3  [24 May 1999]

-  *) Bignum library bug fix. IRIX 6 passes "make test" now!

-     This also avoids the problems with SC4.2 and unpatched SC5.

-     [Andy Polyakov <[email protected]>]

-  *) New functions sk_num, sk_value and sk_set to replace the previous macros.

-     These are required because of the typesafe stack would otherwise break

-     existing code. If old code used a structure member which used to be STACK

-     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with

-     sk_num or sk_value it would produce an error because the num, data members

-     are not present in STACK_OF. Now it just produces a warning. sk_set

-     replaces the old method of assigning a value to sk_value

-     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code

-     that does this will no longer work (and should use sk_set instead) but

-     this could be regarded as a "questionable" behaviour anyway.

-     [Steve Henson]

-  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now

-     correctly handle encrypted S/MIME data.

-     [Steve Henson]

-  *) Change type of various DES function arguments from des_cblock

-     (which means, in function argument declarations, pointer to char)

-     to des_cblock * (meaning pointer to array with 8 char elements),

-     which allows the compiler to do more typechecking; it was like

-     that back in SSLeay, but with lots of ugly casts.

-     Introduce new type const_des_cblock.

-     [Bodo Moeller]

-  *) Reorganise the PKCS#7 library and get rid of some of the more obvious

-     problems: find RecipientInfo structure that matches recipient certificate

-     and initialise the ASN1 structures properly based on passed cipher.

-     [Steve Henson]

-  *) Belatedly make the BN tests actually check the results.

-     [Ben Laurie]

-  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion

-     to and from BNs: it was completely broken. New compilation option

-     NEG_PUBKEY_BUG to allow for some broken certificates that encode public

-     key elements as negative integers.

-     [Steve Henson]

-  *) Reorganize and speed up MD5.

-     [Andy Polyakov <[email protected]>]

-  *) VMS support.

-     [Richard Levitte <[email protected]>]

-  *) New option -out to asn1parse to allow the parsed structure to be

-     output to a file. This is most useful when combined with the -strparse

-     option to examine the output of things like OCTET STRINGS.

-     [Steve Henson]

-  *) Make SSL library a little more fool-proof by not requiring any longer

-     that SSL_set_{accept,connect}_state be called before

-     SSL_{accept,connect} may be used (SSL_set_..._state is omitted

-     in many applications because usually everything *appeared* to work as

-     intended anyway -- now it really works as intended).

-     [Bodo Moeller]

-  *) Move openssl.cnf out of lib/.

-     [Ulf M�ller]

-  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall

-     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes

-     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+

-     [Ralf S. Engelschall]

-  *) Various fixes to the EVP and PKCS#7 code. It may now be able to

-     handle PKCS#7 enveloped data properly.

-     [Sebastian Akerman <[email protected]>, modified by Steve]

-  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of

-     copying pointers.  The cert_st handling is changed by this in

-     various ways (and thus what used to be known as ctx->default_cert

-     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert

-     any longer when s->cert does not give us what we need).

-     ssl_cert_instantiate becomes obsolete by this change.

-     As soon as we've got the new code right (possibly it already is?),

-     we have solved a couple of bugs of the earlier code where s->cert

-     was used as if it could not have been shared with other SSL structures.

-     Note that using the SSL API in certain dirty ways now will result

-     in different behaviour than observed with earlier library versions:

-     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)

-     does not influence s as it used to.

-     In order to clean up things more thoroughly, inside SSL_SESSION

-     we don't use CERT any longer, but a new structure SESS_CERT

-     that holds per-session data (if available); currently, this is

-     the peer's certificate chain and, for clients, the server's certificate

-     and temporary key.  CERT holds only those values that can have

-     meaningful defaults in an SSL_CTX.

-     [Bodo Moeller]

-  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure

-     from the internal representation. Various PKCS#7 fixes: remove some

-     evil casts and set the enc_dig_alg field properly based on the signing

-     key type.

-     [Steve Henson]

-  *) Allow PKCS#12 password to be set from the command line or the

-     environment. Let 'ca' get its config file name from the environment

-     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'

-     and 'x509').

-     [Steve Henson]

-  *) Allow certificate policies extension to use an IA5STRING for the

-     organization field. This is contrary to the PKIX definition but

-     VeriSign uses it and IE5 only recognises this form. Document 'x509'

-     extension option.

-     [Steve Henson]

-  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,

-     without disallowing inline assembler and the like for non-pedantic builds.

-     [Ben Laurie]

-  *) Support Borland C++ builder.

-     [Janez Jere <[email protected]>, modified by Ulf M�ller]

-  *) Support Mingw32.

-     [Ulf M�ller]

-  *) SHA-1 cleanups and performance enhancements.

-     [Andy Polyakov <[email protected]>]

-  *) Sparc v8plus assembler for the bignum library.

-     [Andy Polyakov <[email protected]>]

-  *) Accept any -xxx and +xxx compiler options in Configure.

-     [Ulf M�ller]

-  *) Update HPUX configuration.

-     [Anonymous]

-  *) Add missing sk_<type>_unshift() function to safestack.h

-     [Ralf S. Engelschall]

-  *) New function SSL_CTX_use_certificate_chain_file that sets the

-     "extra_cert"s in addition to the certificate.  (This makes sense

-     only for "PEM" format files, as chains as a whole are not

-     DER-encoded.)

-     [Bodo Moeller]

-  *) Support verify_depth from the SSL API.

-     x509_vfy.c had what can be considered an off-by-one-error:

-     Its depth (which was not part of the external interface)

-     was actually counting the number of certificates in a chain;

-     now it really counts the depth.

-     [Bodo Moeller]

-  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used

-     instead of X509err, which often resulted in confusing error

-     messages since the error codes are not globally unique

-     (e.g. an alleged error in ssl3_accept when a certificate

-     didn't match the private key).

-  *) New function SSL_CTX_set_session_id_context that allows to set a default

-     value (so that you don't need SSL_set_session_id_context for each

-     connection using the SSL_CTX).

-     [Bodo Moeller]

-  *) OAEP decoding bug fix.

-     [Ulf M�ller]

-  *) Support INSTALL_PREFIX for package builders, as proposed by

-     David Harris.

-     [Bodo Moeller]

-  *) New Configure options "threads" and "no-threads".  For systems

-     where the proper compiler options are known (currently Solaris

-     and Linux), "threads" is the default.

-     [Bodo Moeller]

-  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.

-     [Bodo Moeller]

-  *) Install various scripts to $(OPENSSLDIR)/misc, not to

-     $(INSTALLTOP)/bin -- they shouldn't clutter directories

-     such as /usr/local/bin.

-     [Bodo Moeller]

-  *) "make linux-shared" to build shared libraries.

-     [Niels Poppe <[email protected]>]

-  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).

-     [Ulf M�ller]

-  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for

-     extension adding in x509 utility.

-     [Steve Henson]

-  *) Remove NOPROTO sections and error code comments.

-     [Ulf M�ller]

-  *) Partial rewrite of the DEF file generator to now parse the ANSI

-     prototypes.

-     [Steve Henson]

-  *) New Configure options --prefix=DIR and --openssldir=DIR.

-     [Ulf M�ller]

-  *) Complete rewrite of the error code script(s). It is all now handled

-     by one script at the top level which handles error code gathering,

-     header rewriting and C source file generation. It should be much better

-     than the old method: it now uses a modified version of Ulf's parser to

-     read the ANSI prototypes in all header files (thus the old K&R definitions

-     aren't needed for error creation any more) and do a better job of

-     translating function codes into names. The old 'ASN1 error code imbedded

-     in a comment' is no longer necessary and it doesn't use .err files which

-     have now been deleted. Also the error code call doesn't have to appear all

-     on one line (which resulted in some large lines...).

-     [Steve Henson]

-  *) Change #include filenames from <foo.h> to <openssl/foo.h>.

-     [Bodo Moeller]

-  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return

-     0 (which usually indicates a closed connection), but continue reading.

-     [Bodo Moeller]

-  *) Fix some race conditions.

-     [Bodo Moeller]

-  *) Add support for CRL distribution points extension. Add Certificate

-     Policies and CRL distribution points documentation.

-     [Steve Henson]

-  *) Move the autogenerated header file parts to crypto/opensslconf.h.

-     [Ulf M�ller]

-  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of

-     8 of keying material. Merlin has also confirmed interop with this fix

-     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.

-     [Merlin Hughes <[email protected]>]

-  *) Fix lots of warnings.

-     [Richard Levitte <[email protected]>]

-  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if

-     the directory spec didn't end with a LIST_SEPARATOR_CHAR.

-     [Richard Levitte <[email protected]>]

-  *) Fix problems with sizeof(long) == 8.

-     [Andy Polyakov <[email protected]>]

-  *) Change functions to ANSI C.

-     [Ulf M�ller]

-  *) Fix typos in error codes.

-     [Martin Kraemer <[email protected]>, Ulf M�ller]

-  *) Remove defunct assembler files from Configure.

-     [Ulf M�ller]

-  *) SPARC v8 assembler BIGNUM implementation.

-     [Andy Polyakov <[email protected]>]

-  *) Support for Certificate Policies extension: both print and set.

-     Various additions to support the r2i method this uses.

-     [Steve Henson]

-  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could

-     return a const string when you are expecting an allocated buffer.

-     [Ben Laurie]

-  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE

-     types DirectoryString and DisplayText.

-     [Steve Henson]

-  *) Add code to allow r2i extensions to access the configuration database,

-     add an LHASH database driver and add several ctx helper functions.

-     [Steve Henson]

-  *) Fix an evil bug in bn_expand2() which caused various BN functions to

-     fail when they extended the size of a BIGNUM.

-     [Steve Henson]

-  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to

-     support typesafe stack.

-     [Steve Henson]

-  *) Fix typo in SSL_[gs]et_options().

-     [Nils Frostberg <[email protected]>]

-  *) Delete various functions and files that belonged to the (now obsolete)

-     old X509V3 handling code.

-     [Steve Henson]

-  *) New Configure option "rsaref".

-     [Ulf M�ller]

-  *) Don't auto-generate pem.h.

-     [Bodo Moeller]

-  *) Introduce type-safe ASN.1 SETs.

-     [Ben Laurie]

-  *) Convert various additional casted stacks to type-safe STACK_OF() variants.

-     [Ben Laurie, Ralf S. Engelschall, Steve Henson]

-  *) Introduce type-safe STACKs. This will almost certainly break lots of code

-     that links with OpenSSL (well at least cause lots of warnings), but fear

-     not: the conversion is trivial, and it eliminates loads of evil casts. A

-     few STACKed things have been converted already. Feel free to convert more.

-     In the fullness of time, I'll do away with the STACK type altogether.

-     [Ben Laurie]

-  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate

-     specified in <certfile> by updating the entry in the index.txt file.

-     This way one no longer has to edit the index.txt file manually for

-     revoking a certificate. The -revoke option does the gory details now.

-     [Massimiliano Pala <[email protected]>, Ralf S. Engelschall]

-  *) Fix `openssl crl -noout -text' combination where `-noout' killed the

-     `-text' option at all and this way the `-noout -text' combination was

-     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.

-     [Ralf S. Engelschall]

-  *) Make sure a corresponding plain text error message exists for the

-     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a

-     verify callback function determined that a certificate was revoked.

-     [Ralf S. Engelschall]

-  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for

-     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test

-     all available cipers including rc5, which was forgotten until now.

-     In order to let the testing shell script know which algorithms

-     are available, a new (up to now undocumented) command

-     "openssl list-cipher-commands" is used.

-     [Bodo Moeller]

-  *) Bugfix: s_client occasionally would sleep in select() when

-     it should have checked SSL_pending() first.

-     [Bodo Moeller]

-  *) New functions DSA_do_sign and DSA_do_verify to provide access to

-     the raw DSA values prior to ASN.1 encoding.

-     [Ulf M�ller]

-  *) Tweaks to Configure

-     [Niels Poppe <[email protected]>]

-  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,

-     yet...

-     [Steve Henson]

-  *) New variables $(RANLIB) and $(PERL) in the Makefiles.

-     [Ulf M�ller]

-  *) New config option to avoid instructions that are illegal on the 80386.

-     The default code is faster, but requires at least a 486.

-     [Ulf M�ller]

-  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and

-     SSL2_SERVER_VERSION (not used at all) macros, which are now the

-     same as SSL2_VERSION anyway.

-     [Bodo Moeller]

-  *) New "-showcerts" option for s_client.

-     [Bodo Moeller]

-  *) Still more PKCS#12 integration. Add pkcs12 application to openssl

-     application. Various cleanups and fixes.

-     [Steve Henson]

-  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and

-     modify error routines to work internally. Add error codes and PBE init

-     to library startup routines.

-     [Steve Henson]

-  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and

-     packing functions to asn1 and evp. Changed function names and error

-     codes along the way.

-     [Steve Henson]

-  *) PKCS12 integration: and so it begins... First of several patches to

-     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12

-     objects to objects.h

-     [Steve Henson]

-  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1

-     and display support for Thawte strong extranet extension.

-     [Steve Henson]

-  *) Add LinuxPPC support.

-     [Jeff Dubrule <[email protected]>]

-  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to

-     bn_div_words in alpha.s.

-     [Hannes Reinecke <[email protected]> and Ben Laurie]

-  *) Make sure the RSA OAEP test is skipped under -DRSAref because

-     OAEP isn't supported when OpenSSL is built with RSAref.

-     [Ulf Moeller <[email protected]>]

-  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h

-     so they no longer are missing under -DNOPROTO.

-     [Soren S. Jorvang <[email protected]>]

- Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]

-  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still

-     doesn't work when the session is reused. Coming soon!

-     [Ben Laurie]

-  *) Fix a security hole, that allows sessions to be reused in the wrong

-     context thus bypassing client cert protection! All software that uses

-     client certs and session caches in multiple contexts NEEDS PATCHING to

-     allow session reuse! A fuller solution is in the works.

-     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]

-  *) Some more source tree cleanups (removed obsolete files

-     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed

-     permission on "config" script to be executable) and a fix for the INSTALL

-     document.

-     [Ulf Moeller <[email protected]>]

-  *) Remove some legacy and erroneous uses of malloc, free instead of

-     Malloc, Free.

-     [Lennart Bang <[email protected]>, with minor changes by Steve]

-  *) Make rsa_oaep_test return non-zero on error.

-     [Ulf Moeller <[email protected]>]

-  *) Add support for native Solaris shared libraries. Configure

-     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice

-     if someone would make that last step automatic.

-     [Matthias Loepfe <[email protected]>]

-  *) ctx_size was not built with the right compiler during "make links". Fixed.

-     [Ben Laurie]

-  *) Change the meaning of 'ALL' in the cipher list. It now means "everything

-     except NULL ciphers". This means the default cipher list will no longer

-     enable NULL ciphers. They need to be specifically enabled e.g. with

-     the string "DEFAULT:eNULL".

-     [Steve Henson]

-  *) Fix to RSA private encryption routines: if p < q then it would

-     occasionally produce an invalid result. This will only happen with

-     externally generated keys because OpenSSL (and SSLeay) ensure p > q.

-     [Steve Henson]

-  *) Be less restrictive and allow also `perl util/perlpath.pl

-     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',

-     because this way one can also use an interpreter named `perl5' (which is

-     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still

-     installed as `perl').

-     [Matthias Loepfe <[email protected]>]

-  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.

-     [Matthias Loepfe <[email protected]>]

-  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add

-     advapi32.lib to Win32 build and change the pem test comparision

-     to fc.exe (thanks to Ulrich Kroener <[email protected]> for the

-     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h

-     and crypto/des/ede_cbcm_enc.c.

-     [Steve Henson]

-  *) DES quad checksum was broken on big-endian architectures. Fixed.

-     [Ben Laurie]

-  *) Comment out two functions in bio.h that aren't implemented. Fix up the

-     Win32 test batch file so it (might) work again. The Win32 test batch file

-     is horrible: I feel ill....

-     [Steve Henson]

-  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected

-     in e_os.h. Audit of header files to check ANSI and non ANSI

-     sections: 10 functions were absent from non ANSI section and not exported

-     from Windows DLLs. Fixed up libeay.num for new functions.

-     [Steve Henson]

-  *) Make `openssl version' output lines consistent.

-     [Ralf S. Engelschall]

-  *) Fix Win32 symbol export lists for BIO functions: Added

-     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data

-     to ms/libeay{16,32}.def.

-     [Ralf S. Engelschall]

-  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled

-     fine under Unix and passes some trivial tests I've now added. But the

-     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was

-     added to make sure no one expects that this stuff really works in the

-     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources

-     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and

-     openssl_bio.xs.

-     [Ralf S. Engelschall]

-  *) Fix the generation of two part addresses in perl.

-     [Kenji Miyake <[email protected]>, integrated by Ben Laurie]

-  *) Add config entry for Linux on MIPS.

-     [John Tobey <[email protected]>]

-  *) Make links whenever Configure is run, unless we are on Windoze.

-     [Ben Laurie]

-  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.

-     Currently only issuerAltName and AuthorityKeyIdentifier make any sense

-     in CRLs.

-     [Steve Henson]

-  *) Add a useful kludge to allow package maintainers to specify compiler and

-     other platforms details on the command line without having to patch the

-     Configure script everytime: One now can use ``perl Configure

-     <id>:<details>'', i.e. platform ids are allowed to have details appended

-     to them (seperated by colons). This is treated as there would be a static

-     pre-configured entry in Configure's %table under key <id> with value

-     <details> and ``perl Configure <id>'' is called.  So, when you want to

-     perform a quick test-compile under FreeBSD 3.1 with pgcc and without

-     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''

-     now, which overrides the FreeBSD-elf entry on-the-fly.

-     [Ralf S. Engelschall]

-  *) Disable new TLS1 ciphersuites by default: they aren't official yet.

-     [Ben Laurie]

-  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified

-     on the `perl Configure ...' command line. This way one can compile

-     OpenSSL libraries with Position Independent Code (PIC) which is needed

-     for linking it into DSOs.

-     [Ralf S. Engelschall]

-  *) Remarkably, export ciphers were totally broken and no-one had noticed!

-     Fixed.

-     [Ben Laurie]

-  *) Cleaned up the LICENSE document: The official contact for any license

-     questions now is the OpenSSL core team under [email protected].

-     And add a paragraph about the dual-license situation to make sure people

-     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply

-     to the OpenSSL toolkit.

-     [Ralf S. Engelschall]

-  *) General source tree makefile cleanups: Made `making xxx in yyy...'

-     display consistent in the source tree and replaced `/bin/rm' by `rm'.

-     Additonally cleaned up the `make links' target: Remove unnecessary

-     semicolons, subsequent redundant removes, inline point.sh into mklink.sh

-     to speed processing and no longer clutter the display with confusing

-     stuff. Instead only the actually done links are displayed.

-     [Ralf S. Engelschall]

-  *) Permit null encryption ciphersuites, used for authentication only. It used

-     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.

-     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null

-     encryption.

-     [Ben Laurie]

-  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder

-     signed attributes when verifying signatures (this would break them),

-     the detached data encoding was wrong and public keys obtained using

-     X509_get_pubkey() weren't freed.

-     [Steve Henson]

-  *) Add text documentation for the BUFFER functions. Also added a work around

-     to a Win95 console bug. This was triggered by the password read stuff: the

-     last character typed gets carried over to the next fread(). If you were

-     generating a new cert request using 'req' for example then the last

-     character of the passphrase would be CR which would then enter the first

-     field as blank.

-     [Steve Henson]

-  *) Added the new `Includes OpenSSL Cryptography Software' button as

-     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay

-     button and can be used by applications based on OpenSSL to show the

-     relationship to the OpenSSL project.

-     [Ralf S. Engelschall]

-  *) Remove confusing variables in function signatures in files

-     ssl/ssl_lib.c and ssl/ssl.h.

-     [Lennart Bong <[email protected]>]

-  *) Don't install bss_file.c under PREFIX/include/

-     [Lennart Bong <[email protected]>]

-  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle

-     functions that return function pointers and has support for NT specific

-     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various

-     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from

-     unsigned to signed types: this was killing the Win32 compile.

-     [Steve Henson]

-  *) Add new certificate file to stack functions,

-     SSL_add_dir_cert_subjects_to_stack() and

-     SSL_add_file_cert_subjects_to_stack().  These largely supplant

-     SSL_load_client_CA_file(), and can be used to add multiple certs easily

-     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).

-     This means that Apache-SSL and similar packages don't have to mess around

-     to add as many CAs as they want to the preferred list.

-     [Ben Laurie]

-  *) Experiment with doxygen documentation. Currently only partially applied to

-     ssl/ssl_lib.c.

-     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with

-     openssl.doxy as the configuration file.

-     [Ben Laurie]

-  *) Get rid of remaining C++-style comments which strict C compilers hate.

-     [Ralf S. Engelschall, pointed out by Carlos Amengual]

-  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not

-     compiled in by default: it has problems with large keys.

-     [Steve Henson]

-  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and

-     DH private keys and/or callback functions which directly correspond to

-     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This

-     is needed for applications which have to configure certificates on a

-     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis

-     (e.g. s_server).

-        For the RSA certificate situation is makes no difference, but

-     for the DSA certificate situation this fixes the "no shared cipher"

-     problem where the OpenSSL cipher selection procedure failed because the

-     temporary keys were not overtaken from the context and the API provided

-     no way to reconfigure them.

-        The new functions now let applications reconfigure the stuff and they

-     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,

-     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new

-     non-public-API function ssl_cert_instantiate() is used as a helper

-     function and also to reduce code redundancy inside ssl_rsa.c.

-     [Ralf S. Engelschall]

-  *) Move s_server -dcert and -dkey options out of the undocumented feature

-     area because they are useful for the DSA situation and should be

-     recognized by the users.

-     [Ralf S. Engelschall]

-  *) Fix the cipher decision scheme for export ciphers: the export bits are

-     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within

-     SSL_EXP_MASK.  So, the original variable has to be used instead of the

-     already masked variable.

-     [Richard Levitte <[email protected]>]

-  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c

-     [Richard Levitte <[email protected]>]

-  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()

-     from `int' to `unsigned int' because it's a length and initialized by

-     EVP_DigestFinal() which expects an `unsigned int *'.

-     [Richard Levitte <[email protected]>]

-  *) Don't hard-code path to Perl interpreter on shebang line of Configure

-     script. Instead use the usual Shell->Perl transition trick.

-     [Ralf S. Engelschall]

-  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates

-     (in addition to RSA certificates) to match the behaviour of `openssl dsa

-     -noout -modulus' as it's already the case for `openssl rsa -noout

-     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA

-     currently the public key is printed (a decision which was already done by

-     `openssl dsa -modulus' in the past) which serves a similar purpose.

-     Additionally the NO_RSA no longer completely removes the whole -modulus

-     option; it now only avoids using the RSA stuff. Same applies to NO_DSA

-     now, too.

-     [Ralf S.  Engelschall]

-  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested

-     BIO. See the source (crypto/evp/bio_ok.c) for more info.

-     [Arne Ansper <[email protected]>]

-  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs

-     to be added. Now both 'req' and 'ca' can use new objects defined in the

-     config file.

-     [Steve Henson]

-  *) Add cool BIO that does syslog (or event log on NT).

-     [Arne Ansper <[email protected]>, integrated by Ben Laurie]

-  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,

-     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and

-     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher

-     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.

-     [Ben Laurie]

-  *) Add preliminary config info for new extension code.

-     [Steve Henson]

-  *) Make RSA_NO_PADDING really use no padding.

-     [Ulf Moeller <[email protected]>]

-  *) Generate errors when private/public key check is done.

-     [Ben Laurie]

-  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support

-     for some CRL extensions and new objects added.

-     [Steve Henson]

-  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private

-     key usage extension and fuller support for authority key id.

-     [Steve Henson]

-  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved

-     padding method for RSA, which is recommended for new applications in PKCS

-     #1 v2.0 (RFC 2437, October 1998).

-     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical

-     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure

-     against Bleichbacher's attack on RSA.

-     [Ulf Moeller <[email protected]>, reformatted, corrected and integrated by

-      Ben Laurie]

-  *) Updates to the new SSL compression code

-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

-  *) Fix so that the version number in the master secret, when passed

-     via RSA, checks that if TLS was proposed, but we roll back to SSLv3

-     (because the server will not accept higher), that the version number

-     is 0x03,0x01, not 0x03,0x00

-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

-  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory

-     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes

-     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c

-     [Steve Henson]

-  *) Support for RAW extensions where an arbitrary extension can be

-     created by including its DER encoding. See apps/openssl.cnf for

-     an example.

-     [Steve Henson]

-  *) Make sure latest Perl versions don't interpret some generated C array

-     code as Perl array code in the crypto/err/err_genc.pl script.

-     [Lars Weber <[email protected]>]

-  *) Modify ms/do_ms.bat to not generate assembly language makefiles since

-     not many people have the assembler. Various Win32 compilation fixes and

-     update to the INSTALL.W32 file with (hopefully) more accurate Win32

-     build instructions.

-     [Steve Henson]

-  *) Modify configure script 'Configure' to automatically create crypto/date.h

-     file under Win32 and also build pem.h from pem.org. New script

-     util/mkfiles.pl to create the MINFO file on environments that can't do a

-     'make files': perl util/mkfiles.pl >MINFO should work.

-     [Steve Henson]

-  *) Major rework of DES function declarations, in the pursuit of correctness

-     and purity. As a result, many evil casts evaporated, and some weirdness,

-     too. You may find this causes warnings in your code. Zapping your evil

-     casts will probably fix them. Mostly.

-     [Ben Laurie]

-  *) Fix for a typo in asn1.h. Bug fix to object creation script

-     obj_dat.pl. It considered a zero in an object definition to mean

-     "end of object": none of the objects in objects.h have any zeros

-     so it wasn't spotted.

-     [Steve Henson, reported by Erwann ABALEA <[email protected]>]

-  *) Add support for Triple DES Cipher Block Chaining with Output Feedback

-     Masking (CBCM). In the absence of test vectors, the best I have been able

-     to do is check that the decrypt undoes the encrypt, so far. Send me test

-     vectors if you have them.

-     [Ben Laurie]

-  *) Correct calculation of key length for export ciphers (too much space was

-     allocated for null ciphers). This has not been tested!

-     [Ben Laurie]

-  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage

-     message is now correct (it understands "crypto" and "ssl" on its

-     command line). There is also now an "update" option. This will update

-     the util/ssleay.num and util/libeay.num files with any new functions.

-     If you do a:

-     perl util/mkdef.pl crypto ssl update

-     it will update them.

-     [Steve Henson]

-  *) Overhauled the Perl interface (perl/*):

-     - ported BN stuff to OpenSSL's different BN library

-     - made the perl/ source tree CVS-aware

-     - renamed the package from SSLeay to OpenSSL (the files still contain

-       their history because I've copied them in the repository)

-     - removed obsolete files (the test scripts will be replaced

-       by better Test::Harness variants in the future)

-     [Ralf S. Engelschall]

-  *) First cut for a very conservative source tree cleanup:

-     1. merge various obsolete readme texts into doc/ssleay.txt

-     where we collect the old documents and readme texts.

-     2. remove the first part of files where I'm already sure that we no

-     longer need them because of three reasons: either they are just temporary

-     files which were left by Eric or they are preserved original files where

-     I've verified that the diff is also available in the CVS via "cvs diff

-     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for

-     the crypto/md/ stuff).

-     [Ralf S. Engelschall]

-  *) More extension code. Incomplete support for subject and issuer alt

-     name, issuer and authority key id. Change the i2v function parameters

-     and add an extra 'crl' parameter in the X509V3_CTX structure: guess

-     what that's for :-) Fix to ASN1 macro which messed up

-     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.

-     [Steve Henson]

-  *) Preliminary support for ENUMERATED type. This is largely copied from the

-     INTEGER code.

-     [Steve Henson]

-  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.

-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

-  *) Make sure `make rehash' target really finds the `openssl' program.

-     [Ralf S. Engelschall, Matthias Loepfe <[email protected]>]

-  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd

-     like to hear about it if this slows down other processors.

-     [Ben Laurie]

-  *) Add CygWin32 platform information to Configure script.

-     [Alan Batie <[email protected]>]

-  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'

-     [Rainer W. Gerling <[email protected]>]

-  *) New program nseq to manipulate netscape certificate sequences

-     [Steve Henson]

-  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a

-     few typos.

-     [Steve Henson]

-  *) Fixes to BN code.  Previously the default was to define BN_RECURSION

-     but the BN code had some problems that would cause failures when

-     doing certificate verification and some other functions.

-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

-  *) Add ASN1 and PEM code to support netscape certificate sequences.

-     [Steve Henson]

-  *) Add ASN1 and PEM code to support netscape certificate sequences.

-     [Steve Henson]

-  *) Add several PKIX and private extended key usage OIDs.

-     [Steve Henson]

-  *) Modify the 'ca' program to handle the new extension code. Modify

-     openssl.cnf for new extension format, add comments.

-     [Steve Henson]

-  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'

-     and add a sample to openssl.cnf so req -x509 now adds appropriate

-     CA extensions.

-     [Steve Henson]

-  *) Continued X509 V3 changes. Add to other makefiles, integrate with the

-     error code, add initial support to X509_print() and x509 application.

-     [Steve Henson]

-  *) Takes a deep breath and start addding X509 V3 extension support code. Add

-     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this

-     stuff is currently isolated and isn't even compiled yet.

-     [Steve Henson]

-  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL

-     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.

-     Removed the versions check from X509 routines when loading extensions:

-     this allows certain broken certificates that don't set the version

-     properly to be processed.

-     [Steve Henson]

-  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another

-     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which

-     can still be regenerated with "make depend".

-     [Ben Laurie]

-  *) Spelling mistake in C version of CAST-128.

-     [Ben Laurie, reported by Jeremy Hylton <[email protected]>]

-  *) Changes to the error generation code. The perl script err-code.pl

-     now reads in the old error codes and retains the old numbers, only

-     adding new ones if necessary. It also only changes the .err files if new

-     codes are added. The makefiles have been modified to only insert errors

-     when needed (to avoid needlessly modifying header files). This is done

-     by only inserting errors if the .err file is newer than the auto generated

-     C file. To rebuild all the error codes from scratch (the old behaviour)

-     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl

-     or delete all the .err files.

-     [Steve Henson]

-  *) CAST-128 was incorrectly implemented for short keys. The C version has

-     been fixed, but is untested. The assembler versions are also fixed, but

-     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing

-     to regenerate it if needed.

-     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun

-      Hagino <[email protected]>]

-  *) File was opened incorrectly in randfile.c.

-     [Ulf M�ller <[email protected]>]

-  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print

-     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or

-     GeneralizedTime. ASN1_TIME is the proper type used in certificates et

-     al: it's just almost always a UTCTime. Note this patch adds new error

-     codes so do a "make errors" if there are problems.

-     [Steve Henson]

-  *) Correct Linux 1 recognition in config.

-     [Ulf M�ller <[email protected]>]

-  *) Remove pointless MD5 hash when using DSA keys in ca.

-     [Anonymous <[email protected]>]

-  *) Generate an error if given an empty string as a cert directory. Also

-     generate an error if handed NULL (previously returned 0 to indicate an

-     error, but didn't set one).

-     [Ben Laurie, reported by Anonymous <[email protected]>]

-  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.

-     [Ben Laurie]

-  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct

-     parameters. This was causing a warning which killed off the Win32 compile.

-     [Steve Henson]

-  *) Remove C++ style comments from crypto/bn/bn_local.h.

-     [Neil Costigan <[email protected]>]

-  *) The function OBJ_txt2nid was broken. It was supposed to return a nid

-     based on a text string, looking up short and long names and finally

-     "dot" format. The "dot" format stuff didn't work. Added new function

-     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote

-     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the

-     OID is not part of the table.

-     [Steve Henson]

-  *) Add prototypes to X509 lookup/verify methods, fixing a bug in

-     X509_LOOKUP_by_alias().

-     [Ben Laurie]

-  *) Sort openssl functions by name.

-     [Ben Laurie]

-  *) Get the gendsa program working (hopefully) and add it to app list. Remove

-     encryption from sample DSA keys (in case anyone is interested the password

-     was "1234").

-     [Steve Henson]

-  *) Make _all_ *_free functions accept a NULL pointer.

-     [Frans Heymans <[email protected]>]

-  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use

-     NULL pointers.

-     [Anonymous <[email protected]>]

-  *) s_server should send the CAfile as acceptable CAs, not its own cert.

-     [Bodo Moeller <[email protected]>]

-  *) Don't blow it for numeric -newkey arguments to apps/req.

-     [Bodo Moeller <[email protected]>]

-  *) Temp key "for export" tests were wrong in s3_srvr.c.

-     [Anonymous <[email protected]>]

-  *) Add prototype for temp key callback functions

-     SSL_CTX_set_tmp_{rsa,dh}_callback().

-     [Ben Laurie]

-  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and

-     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().

-     [Steve Henson]

-  *) X509_name_add_entry() freed the wrong thing after an error.

-     [Arne Ansper <[email protected]>]

-  *) rsa_eay.c would attempt to free a NULL context.

-     [Arne Ansper <[email protected]>]

-  *) BIO_s_socket() had a broken should_retry() on Windoze.

-     [Arne Ansper <[email protected]>]

-  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.

-     [Arne Ansper <[email protected]>]

-  *) Make sure the already existing X509_STORE->depth variable is initialized

-     in X509_STORE_new(), but document the fact that this variable is still

-     unused in the certificate verification process.

-     [Ralf S. Engelschall]

-  *) Fix the various library and apps files to free up pkeys obtained from

-     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.

-     [Steve Henson]

-  *) Fix reference counting in X509_PUBKEY_get(). This makes

-     demos/maurice/example2.c work, amongst others, probably.

-     [Steve Henson and Ben Laurie]

-  *) First cut of a cleanup for apps/. First the `ssleay' program is now named

-     `openssl' and second, the shortcut symlinks for the `openssl <command>'

-     are no longer created. This way we have a single and consistent command

-     line interface `openssl <command>', similar to `cvs <command>'.

-     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]

-  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey

-     BIT STRING wrapper always have zero unused bits.

-     [Steve Henson]

-  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.

-     [Steve Henson]

-  *) Make the top-level INSTALL documentation easier to understand.

-     [Paul Sutton]

-  *) Makefiles updated to exit if an error occurs in a sub-directory

-     make (including if user presses ^C) [Paul Sutton]

-  *) Make Montgomery context stuff explicit in RSA data structure.

-     [Ben Laurie]

-  *) Fix build order of pem and err to allow for generated pem.h.

-     [Ben Laurie]

-  *) Fix renumbering bug in X509_NAME_delete_entry().

-     [Ben Laurie]

-  *) Enhanced the err-ins.pl script so it makes the error library number

-     global and can add a library name. This is needed for external ASN1 and

-     other error libraries.

-     [Steve Henson]

-  *) Fixed sk_insert which never worked properly.

-     [Steve Henson]

-  *) Fix ASN1 macros so they can handle indefinite length construted

-     EXPLICIT tags. Some non standard certificates use these: they can now

-     be read in.

-     [Steve Henson]

-  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)

-     into a single doc/ssleay.txt bundle. This way the information is still

-     preserved but no longer messes up this directory. Now it's new room for

-     the new set of documenation files.

-     [Ralf S. Engelschall]

-  *) SETs were incorrectly DER encoded. This was a major pain, because they

-     shared code with SEQUENCEs, which aren't coded the same. This means that

-     almost everything to do with SETs or SEQUENCEs has either changed name or

-     number of arguments.

-     [Ben Laurie, based on a partial fix by GP Jayan <[email protected]>]

-  *) Fix test data to work with the above.

-     [Ben Laurie]

-  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but

-     was already fixed by Eric for 0.9.1 it seems.

-     [Ben Laurie - pointed out by Ulf M�ller <[email protected]>]

-  *) Autodetect FreeBSD3.

-     [Ben Laurie]

-  *) Fix various bugs in Configure. This affects the following platforms:

-     nextstep

-     ncr-scde

-     unixware-2.0

-     unixware-2.0-pentium

-     sco5-cc.

-     [Ben Laurie]

-  *) Eliminate generated files from CVS. Reorder tests to regenerate files

-     before they are needed.

-     [Ben Laurie]

-  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).

-     [Ben Laurie]

- Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]

-  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and

-     changed SSLeay to OpenSSL in version strings.

-     [Ralf S. Engelschall]

-  *) Some fixups to the top-level documents.

-     [Paul Sutton]

-  *) Fixed the nasty bug where rsaref.h was not found under compile-time

-     because the symlink to include/ was missing.

-     [Ralf S. Engelschall]

-  *) Incorporated the popular no-RSA/DSA-only patches

-     which allow to compile a RSA-free SSLeay.

-     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]

-  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'

-     when "ssleay" is still not found.

-     [Ralf S. Engelschall]

-  *) Added more platforms to Configure: Cray T3E, HPUX 11,

-     [Ralf S. Engelschall, Beckmann <[email protected]>]

-  *) Updated the README file.

-     [Ralf S. Engelschall]

-  *) Added various .cvsignore files in the CVS repository subdirs

-     to make a "cvs update" really silent.

-     [Ralf S. Engelschall]

-  *) Recompiled the error-definition header files and added

-     missing symbols to the Win32 linker tables.

-     [Ralf S. Engelschall]

-  *) Cleaned up the top-level documents;

-     o new files: CHANGES and LICENSE

-     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay

-     o merged COPYRIGHT into LICENSE

-     o removed obsolete TODO file

-     o renamed MICROSOFT to INSTALL.W32

-     [Ralf S. Engelschall]

-  *) Removed dummy files from the 0.9.1b source tree:

-     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi

-     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f

-     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f

-     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f

-     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f

-     [Ralf S. Engelschall]

-  *) Added various platform portability fixes.

-     [Mark J. Cox]

-  *) The Genesis of the OpenSSL rpject:

-     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.

-     Young and Tim J. Hudson created while they were working for C2Net until

-     summer 1998.

-     [The OpenSSL Project]

- Changes between 0.9.0b and 0.9.1b  [not released]

-  *) Updated a few CA certificates under certs/

-     [Eric A. Young]

-  *) Changed some BIGNUM api stuff.

-     [Eric A. Young]

-  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,

-     DGUX x86, Linux Alpha, etc.

-     [Eric A. Young]

-  *) New COMP library [crypto/comp/] for SSL Record Layer Compression:

-     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is

-     available).

-     [Eric A. Young]

-  *) Add -strparse option to asn1pars program which parses nested

-     binary structures

-     [Dr Stephen Henson <[email protected]>]

-  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.

-     [Eric A. Young]

-  *) DSA fix for "ca" program.

-     [Eric A. Young]

-  *) Added "-genkey" option to "dsaparam" program.

-     [Eric A. Young]

-  *) Added RIPE MD160 (rmd160) message digest.

-     [Eric A. Young]

-  *) Added -a (all) option to "ssleay version" command.

-     [Eric A. Young]

-  *) Added PLATFORM define which is the id given to Configure.

-     [Eric A. Young]

-  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.

-     [Eric A. Young]

-  *) Extended the ASN.1 parser routines.

-     [Eric A. Young]

-  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.

-     [Eric A. Young]

-  *) Added a BN_CTX to the BN library.

-     [Eric A. Young]

-  *) Fixed the weak key values in DES library

-     [Eric A. Young]

-  *) Changed API in EVP library for cipher aliases.

-     [Eric A. Young]

-  *) Added support for RC2/64bit cipher.

-     [Eric A. Young]

-  *) Converted the lhash library to the crypto/mem.c functions.

-     [Eric A. Young]

-  *) Added more recognized ASN.1 object ids.

-     [Eric A. Young]

-  *) Added more RSA padding checks for SSL/TLS.

-     [Eric A. Young]

-  *) Added BIO proxy/filter functionality.

-     [Eric A. Young]

-  *) Added extra_certs to SSL_CTX which can be used

-     send extra CA certificates to the client in the CA cert chain sending

-     process. It can be configured with SSL_CTX_add_extra_chain_cert().

-     [Eric A. Young]

-  *) Now Fortezza is denied in the authentication phase because

-     this is key exchange mechanism is not supported by SSLeay at all.

-     [Eric A. Young]

-  *) Additional PKCS1 checks.

-     [Eric A. Young]

-  *) Support the string "TLSv1" for all TLS v1 ciphers.

-     [Eric A. Young]

-  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the

-     ex_data index of the SSL context in the X509_STORE_CTX ex_data.

-     [Eric A. Young]

-  *) Fixed a few memory leaks.

-     [Eric A. Young]

-  *) Fixed various code and comment typos.

-     [Eric A. Young]

-  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0

-     bytes sent in the client random.

-     [Edward Bishop <[email protected]>]

--- a/sys/src/ape/lib/openssl/CHANGES.SSLeay

+++ /dev/null

@@ -1,968 +1,0 @@

-This file contains the changes for the SSLeay library up to version

-0.9.0b. For later changes, see the file "CHANGES".

-  SSLeay CHANGES

-  ______________

-Changes between 0.8.x and 0.9.0b

-10-Apr-1998

-I said the next version would go out at easter, and so it shall.

-I expect a 0.9.1 will follow with portability fixes in the next few weeks.

-This is a quick, meet the deadline.  Look to ssl-users for comments on what

-is new etc.

-eric (about to go bushwalking for the 4 day easter break :-)

-16-Mar-98

-    - Patch for Cray T90 from Wayne Schroeder <[email protected]>

-    - Lots and lots of changes

-29-Jan-98

-    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from

-      Goetz Babin-Ebell <[email protected]>.

-    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or

-      TLS1_VERSION.

-7-Jan-98

-    - Finally reworked the cipher string to ciphers again, so it

-      works correctly

-    - All the app_data stuff is now ex_data with funcion calls to access.

-      The index is supplied by a function and 'methods' can be setup

-      for the types that are called on XXX_new/XXX_free.  This lets

-      applications get notified on creation and destruction.  Some of

-      the RSA methods could be implemented this way and I may do so.

-    - Oh yes, SSL under perl5 is working at the basic level.

-15-Dec-97

-    - Warning - the gethostbyname cache is not fully thread safe,

-      but it should work well enough.

-    - Major internal reworking of the app_data stuff.  More functions

-      but if you were accessing ->app_data directly, things will

-      stop working.

-    - The perlv5 stuff is working.  Currently on message digests,

-      ciphers and the bignum library.

-9-Dec-97

-    - Modified re-negotiation so that server initated re-neg

-      will cause a SSL_read() to return -1 should retry.

-      The danger otherwise was that the server and the

-      client could end up both trying to read when using non-blocking

-      sockets.

-4-Dec-97

-    - Lots of small changes

-    - Fix for binaray mode in Windows for the FILE BIO, thanks to

-      Bob Denny <[email protected]>

-17-Nov-97

-    - Quite a few internal cleanups, (removal of errno, and using macros

-      defined in e_os.h).

-    - A bug in ca.c, pointed out by [email protected], where

-      the automactic naming out output files was being stuffed up.

-29-Oct-97

-    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember

-      for x86.

-21-Oct-97

-    - Fixed a bug in the BIO_gethostbyname() cache.

-15-Oct-97

-    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm

-      has also been improved.  At this point in time, on the pentium,

-      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,

-      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc

-      is %62 faster.

-12-Oct-97

-    - MEM_BUF_grow() has been fixed so that it always sets the buf->length

-      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the

-      way to set the length value correctly.

-10-Oct-97

-    - I now hash for certificate lookup on the raw DER encoded RDN (md5).

-      This breaks things again :-(.  This is efficent since I cache

-      the DER encoding of the RDN.

-    - The text DN now puts in the numeric OID instead of UNKNOWN.

-    - req can now process arbitary OIDs in the config file.

-    - I've been implementing md5 in x86 asm, much faster :-).

-    - Started sha1 in x86 asm, needs more work.

-    - Quite a few speedups in the BN stuff.  RSA public operation

-      has been made faster by caching the BN_MONT_CTX structure.

-      The calulating of the Ai where A*Ai === 1 mod m was rather

-      expensive.  Basically a 40-50% speedup on public operations.

-      The RSA speedup is now 15% on pentiums and %20 on pentium

-      pro.

-30-Sep-97

-    - After doing some profiling, I added x86 adm for bn_add_words(),

-      which just adds 2 arrays of longs together.  A %10 speedup

-      for 512 and 1024 bit RSA on the pentium pro.

-29-Sep-97

-    - Converted the x86 bignum assembler to us the perl scripts

-      for generation.

-23-Sep-97

-    - If SSL_set_session() is passed a NULL session, it now clears the

-      current session-id.

-22-Sep-97

-    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned

-      certificates.

-    - Bug in crypto/evp/encode.c where by decoding of 65 base64

-      encoded lines, one line at a time (via a memory BIO) would report

-      EOF after the first line was decoded.

-    - Fix in X509_find_by_issuer_and_serial() from

-      Dr Stephen Henson <[email protected]>

-19-Sep-97

-    - NO_FP_API and NO_STDIO added.

-    - Put in sh config command.  It auto runs Configure with the correct

-      parameters.

-18-Sep-97

-    - Fix x509.c so if a DSA cert has different parameters to its parent,

-      they are left in place.  Not tested yet.

-16-Sep-97

-    - ssl_create_cipher_list() had some bugs, fixes from

-      Patrick Eisenacher <[email protected]>

-    - Fixed a bug in the Base64 BIO, where it would return 1 instead

-      of -1 when end of input was encountered but should retry.

-      Basically a Base64/Memory BIO interaction problem.

-    - Added a HMAC set of functions in preporarion for TLS work.

-15-Sep-97

-    - Top level makefile tweak - Cameron Simpson <[email protected]>

-    - Prime generation spead up %25 (512 bit prime, pentium pro linux)

-      by using montgomery multiplication in the prime number test.

-11-Sep-97

-    - Ugly bug in ssl3_write_bytes().  Basically if application land

-      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code

-      did not check the size and tried to copy the entire buffer.

-      This would tend to cause memory overwrites since SSLv3 has

-      a maximum packet size of 16k.  If your program uses

-      buffers <= 16k, you would probably never see this problem.

-    - Fixed a new errors that were cause by malloc() not returning

-      0 initialised memory..

-    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using

-      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing

-      since this flags stops SSLeay being able to handle client

-      cert requests correctly.

-08-Sep-97

-    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched

-      on, the SSL server routines will not use a SSL_SESSION that is

-      held in it's cache.  This in intended to be used with the session-id

-      callbacks so that while the session-ids are still stored in the

-      cache, the decision to use them and how to look them up can be

-      done by the callbacks.  The are the 'new', 'get' and 'remove'

-      callbacks.  This can be used to determine the session-id

-      to use depending on information like which port/host the connection

-      is coming from.  Since the are also SSL_SESSION_set_app_data() and

-      SSL_SESSION_get_app_data() functions, the application can hold

-      information against the session-id as well.

-03-Sep-97

-    - Added lookup of CRLs to the by_dir method,

-      X509_load_crl_file() also added.  Basically it means you can

-      lookup CRLs via the same system used to lookup certificates.

-    - Changed things so that the X509_NAME structure can contain

-      ASN.1 BIT_STRINGS which is required for the unique

-      identifier OID.

-    - Fixed some problems with the auto flushing of the session-id

-      cache.  It was not occuring on the server side.

-02-Sep-97

-    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)

-      which is the maximum number of entries allowed in the

-      session-id cache.  This is enforced with a simple FIFO list.

-      The default size is 20*1024 entries which is rather large :-).

-      The Timeout code is still always operating.

-01-Sep-97

-    - Added an argument to all the 'generate private key/prime`

-      callbacks.  It is the last parameter so this should not

-      break existing code but it is needed for C++.

-    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()

-      BIO.  This lets the BIO read and write base64 encoded data

-      without inserting or looking for '\n' characters.  The '-A'

-      flag turns this on when using apps/enc.c.

-    - RSA_NO_PADDING added to help BSAFE functionality.  This is a

-      very dangerous thing to use, since RSA private key

-      operations without random padding bytes (as PKCS#1 adds) can

-      be attacked such that the private key can be revealed.

-    - ASN.1 bug and rc2-40-cbc and rc4-40 added by

-      Dr Stephen Henson <[email protected]>

-31-Aug-97 (stuff added while I was away)

-    - Linux pthreads by Tim Hudson ([email protected]).

-    - RSA_flags() added allowing bypass of pub/priv match check

-      in ssl/ssl_rsa.c - Tim Hudson.

-    - A few minor bugs.

-SSLeay 0.8.1 released.

-19-Jul-97

-    - Server side initated dynamic renegotiation is broken.  I will fix

-      it when I get back from holidays.

-15-Jul-97

-    - Quite a few small changes.

-    - INVALID_SOCKET usage cleanups from Alex Kiernan <[email protected]>

-09-Jul-97

-    - Added 2 new values to the SSL info callback.

-      SSL_CB_START which is passed when the SSL protocol is started

-      and SSL_CB_DONE when it has finished sucsessfully.

-08-Jul-97

-    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c

-      that related to DSA public/private keys.

-    - Added all the relevent PEM and normal IO functions to support

-      reading and writing RSAPublic keys.

-    - Changed makefiles to use ${AR} instead of 'ar r'

-07-Jul-97

-    - Error in ERR_remove_state() that would leave a dangling reference

-      to a free()ed location - thanks to Alex Kiernan <[email protected]>

-    - s_client now prints the X509_NAMEs passed from the server

-      when requesting a client cert.

-    - Added a ssl->type, which is one of SSL_ST_CONNECT or

-      SSL_ST_ACCEPT.  I had to add it so I could tell if I was

-      a connect or an accept after the handshake had finished.

-    - SSL_get_client_CA_list(SSL *s) now returns the CA names

-      passed by the server if called by a client side SSL.

-05-Jul-97

-    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index

-      0, not -1 :-(  Fix from Tim Hudson ([email protected]).

-04-Jul-97

-    - Fixed some things in X509_NAME_add_entry(), thanks to

-      Matthew Donald <[email protected]>.

-    - I had a look at the cipher section and though that it was a

-      bit confused, so I've changed it.

-    - I was not setting up the RC4-64-MD5 cipher correctly.  It is

-      a MS special that appears in exported MS Money.

-    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3

-      spec.  I was missing the two byte length header for the

-      ClientDiffieHellmanPublic value.  This is a packet sent from

-      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG

-      option will enable SSLeay server side SSLv3 accept either

-      the correct or my 080 packet format.

-    - Fixed a few typos in crypto/pem.org.

-02-Jul-97

-    - Alias mapping for EVP_get_(digest|cipher)byname is now

-      performed before a lookup for actual cipher.  This means

-      that an alias can be used to 're-direct' a cipher or a

-      digest.

-    - ASN1_read_bio() had a bug that only showed up when using a

-      memory BIO.  When EOF is reached in the memory BIO, it is

-      reported as a -1 with BIO_should_retry() set to true.

-01-Jul-97

-    - Fixed an error in X509_verify_cert() caused by my

-      miss-understanding how 'do { contine } while(0);' works.

-      Thanks to Emil Sit <[email protected]> for educating me :-)

-30-Jun-97

-    - Base64 decoding error.  If the last data line did not end with

-      a '=', sometimes extra data would be returned.

-    - Another 'cut and paste' bug in x509.c related to setting up the

-      STDout BIO.

-27-Jun-97

-    - apps/ciphers.c was not printing due to an editing error.

-    - Alex Kiernan <[email protected]> send in a nice fix for

-      a library build error in util/mk1mf.pl

-26-Jun-97

-    - Still did not have the auto 'experimental' code removal

-      script correct.

-    - A few header tweaks for Watcom 11.0 under Win32 from

-      Rolf Lindemann <[email protected]>

-    - 0 length OCTET_STRING bug in asn1_parse

-    - A minor fix with an non-existent function in the MS .def files.

-    - A few changes to the PKCS7 stuff.

-25-Jun-97

-    SSLeay 0.8.0 finally it gets released.

-24-Jun-97

-    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to

-    use a temporary RSA key.  This is experimental and needs some more work.

-    Fixed a few Win16 build problems.

-23-Jun-97

-    SSLv3 bug. I was not doing the 'lookup' of the CERT structure

-    correctly. I was taking the SSL->ctx->default_cert when I should

-    have been using SSL->cert. The bug was in ssl/s3_srvr.c

-20-Jun-97

-    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the

-    rest of the library. Even though I had the code required to do

-    it correctly, apps/req.c was doing the wrong thing.  I have fixed

-    and tested everything.

-    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.

-19-Jun-97

-    Fixed a bug in the SSLv2 server side first packet handling. When

-    using the non-blocking test BIO, the ssl->s2->first_packet flag

-    was being reset when a would-block failure occurred when reading

-    the first 5 bytes of the first packet. This caused the checking

-    logic to run at the wrong time and cause an error.

-    Fixed a problem with specifying cipher. If RC4-MD5 were used,

-    only the SSLv3 version would be picked up.  Now this will pick

-    up both SSLv2 and SSLv3 versions. This required changing the

-    SSL_CIPHER->mask values so that they only mask the ciphers,

-    digests, authentication, export type and key-exchange algorithms.

-    I found that when a SSLv23 session is established, a reused

-    session, of type SSLv3 was attempting to write the SSLv2

-    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char

-    method has been modified so it will only write out cipher which

-    that method knows about.

- Changes between 0.8.0 and 0.8.1

-  *) Mostly bug fixes.

-     There is an Ephemeral DH cipher problem which is fixed.

- SSLeay 0.8.0

-This version of SSLeay has quite a lot of things different from the

-previous version.

-Basically check all callback parameters, I will be producing documentation

-about how to use things in th future.  Currently I'm just getting 080 out

-the door.  Please not that there are several ways to do everything, and

-most of the applications in the apps directory are hybrids, some using old

-methods and some using new methods.

-Have a look in demos/bio for some very simple programs and

-apps/s_client.c and apps/s_server.c for some more advanced versions.

-Notes are definitly needed but they are a week or so away.

-Anyway, some quick nots from Tim Hudson ([email protected])

----

-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to

-get those people that want to move to using the new code base off to

-a quick start.

-Note that Eric has tidied up a lot of the areas of the API that were

-less than desirable and renamed quite a few things (as he had to break

-the API in lots of places anyrate). There are a whole pile of additional

-functions for making dealing with (and creating) certificates a lot

-cleaner.

-01-Jul-97

-Tim Hudson

[email protected]

----8<---

-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could

-use something like the following (assuming you #include "crypto.h" which

-is something that you really should be doing).

-#if SSLEAY_VERSION_NUMBER >= 0x0800

-#define SSLEAY8

-#endif

-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h

-            too if you are working with BIO internal stuff (as distinct

-        from simply using the interface in an opaque manner)

-#include "bio.h"    - required along with "buffer.h" if you write

-              your own BIO routines as the buffer and bio

-              stuff that was intermixed has been separated

-              out

-envelope.h -> evp.h  (which should have been done ages ago)

-Initialisation ... don't forget these or you end up with code that

-is missing the bits required to do useful things (like ciphers):

-SSLeay_add_ssl_algorithms()

-(probably also want SSL_load_error_strings() too but you should have

- already had that call in place)

-SSL_CTX_new()   - requires an extra method parameter

-              SSL_CTX_new(SSLv23_method())

-              SSL_CTX_new(SSLv2_method())

-              SSL_CTX_new(SSLv3_method())

-          OR to only have the server or the client code

-              SSL_CTX_new(SSLv23_server_method())

-              SSL_CTX_new(SSLv2_server_method())

-              SSL_CTX_new(SSLv3_server_method())

-          or

-              SSL_CTX_new(SSLv23_client_method())

-              SSL_CTX_new(SSLv2_client_method())

-              SSL_CTX_new(SSLv3_client_method())

-SSL_set_default_verify_paths() ... renamed to the more appropriate

-SSL_CTX_set_default_verify_paths()

-If you want to use client certificates then you have to add in a bit

-of extra stuff in that a SSLv3 server sends a list of those CAs that

-it will accept certificates from ... so you have to provide a list to

-SSLeay otherwise certain browsers will not send client certs.

-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));

-X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)

-               or provide a buffer and size to copy the

-               result into

-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the

-          notes on X509_NAME structure changes too)

-VERIFICATION CODE

-=================

-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to

-more accurately reflect things.

-The verification callback args are now packaged differently so that

-extra fields for verification can be added easily in future without

-having to break things by adding extra parameters each release :-)

-X509_cert_verify_error_string -> X509_verify_cert_error_string

-BIO INTERNALS

-=============

-Eric has fixed things so that extra flags can be introduced in

-the BIO layer in future without having to play with all the BIO

-modules by adding in some macros.

-The ugly stuff using

-    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)

-becomes

-    BIO_clear_retry_flags(b)

-    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)

-becomes

-    BIO_set_retry_read(b)

-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)

-OTHER THINGS

-============

-X509_NAME has been altered so that it isn't just a STACK ... the STACK

-is now in the "entries" field ... and there are a pile of nice functions

-for getting at the details in a much cleaner manner.

-SSL_CTX has been altered ... "cert" is no longer a direct member of this

-structure ... things are now down under "cert_store" (see x509_vfy.h) and

-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.

-If your code "knows" about this level of detail then it will need some

-surgery.

-If you depending on the incorrect spelling of a number of the error codes

-then you will have to change your code as these have been fixed.

-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually

-has been all along so this makes things clearer.

-ify_cert_error_string(ctx->error));

-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST

-            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO

- Changes between 0.7.x and 0.8.0

-  *) There have been lots of changes, mostly the addition of SSLv3.

-     There have been many additions from people and amongst

-     others, C2Net has assisted greatly.

- Changes between 0.7.x and 0.7.x

-  *) Internal development version only

-SSLeay 0.6.6 13-Jan-1997

-The main additions are

-- assember for x86 DES improvments.

-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner

-  loop and the IP/FP modifications are from

-  Svend Olaf Mikkelsen <[email protected]>.  Many thanks for his

-  contribution.

-- The 'DES macros' introduced in 0.6.5 now have 3 types.

-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which

-  is best and there is a summery of mine in crypto/des/options.txt

-- A few bug fixes.

-- Added blowfish.  It is not used by SSL but all the other stuff that

-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.

-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.

-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in

-  the 'Configure' script.

-- There is now a 'get client certificate' callback which can be

-  'non-blocking'.  If more details are required, let me know.  It will

-  documented more in SSLv3 when I finish it.

-- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'

-  now tests the ca program.

-- Lots of little things modified and tweaked.

- SSLeay 0.6.5

-After quite some time (3 months), the new release.  I have been very busy

-for the last few months and so this is mostly bug fixes and improvments.

-The main additions are

-- assember for x86 DES.  For all those gcc based systems, this is a big

-  improvement.  From 117,000 DES operation a second on a pentium 100,

-  I now get 191,000.  I have also reworked the C version so it

-  now gives 148,000 DESs per second.

-- As mentioned above, the inner DES macros now have some more variant that

-  sometimes help, sometimes hinder performance.  There are now 3 options

-  DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)

-  and DES_RISC (a more register intensive version of the inner macro).

-  The crypto/des/des_opts.c program, when compiled and run, will give

-  an indication of the correct options to use.

-- The BIO stuff has been improved.  Read doc/bio.doc.  There are now

-  modules for encryption and base64 encoding and a BIO_printf() function.

-- The CA program will accept simple one line X509v3 extensions in the

-  ssleay.cnf file.  Have a look at the example.  Currently this just

-  puts the text into the certificate as an OCTET_STRING so currently

-  the more advanced X509v3 data types are not handled but this is enough

-  for the netscape extensions.

-- There is the start of a nicer higher level interface to the X509

-  strucutre.

-- Quite a lot of bug fixes.

-- CRYPTO_malloc_init()  (or CRYPTO_set_mem_functions()) can be used

-  to define the malloc(), free() and realloc() routines to use

-  (look in crypto/crypto.h).  This is mostly needed for Windows NT/95 when

-  using DLLs and mixing CRT libraries.

-In general, read the 'VERSION' file for changes and be aware that some of

-the new stuff may not have been tested quite enough yet, so don't just plonk

-in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.

-SSLeay 0.6.4 30/08/96 eay

-I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,

-Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).

-The main changes in this release

-- Thread safe.  have a read of doc/threads.doc and play in the mt directory.

-  For anyone using 0.6.3 with threads, I found 2 major errors so consider

-  moving to 0.6.4.  I have a test program that builds under NT and

-  solaris.

-- The get session-id callback has changed.  Have a read of doc/callback.doc.

-- The X509_cert_verify callback (the SSL_verify callback) now

-  has another argument.  Have a read of doc/callback.doc

-- 'ca -preserve', sign without re-ordering the DN.  Not tested much.

-- VMS support.

-- Compile time memory leak detection can now be built into SSLeay.

-  Read doc/memory.doc

-- CONF routines now understand '\', '\n', '\r' etc.  What this means is that

-  the  SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.

-- 'ssleay ciphers' added, lists the default cipher list for SSLeay.

-- RC2 key setup is now compatable with Netscape.

-- Modifed server side of SSL implementation, big performance difference when

-      using session-id reuse.

-0.6.3

-Bug fixes and the addition of some nice stuff to the 'ca' program.

-Have a read of doc/ns-ca.doc for how hit has been modified so

-it can be driven from a CGI script.  The CGI script is not provided,

-but that is just being left as an excersize for the reader :-).

-0.6.2

-This is most bug fixes and functionality improvements.

-Additions are

-- More thread debugging patches, the thread stuff is still being

-  tested, but for those keep to play with stuff, have a look in

-  crypto/cryptlib.c.  The application needs to define 1 (or optionaly

-  a second) callback that is used to implement locking.  Compiling

-  with LOCK_DEBUG spits out lots of locking crud :-).

-  This is what I'm currently working on.

-- SSL_CTX_set_default_passwd_cb() can be used to define the callback

-  function used in the SSL*_file() functions used to load keys.  I was

-  always of the opinion that people should call

-  PEM_read_RSAPrivateKey() and pass the callback they want to use, but

-  it appears they just want to use the SSL_*_file() function() :-(.

-- 'enc' now has a -kfile so a key can be read from a file.  This is

-  mostly used so that the passwd does not appear when using 'ps',

-  which appears imposible to stop under solaris.

-- X509v3 certificates now work correctly.  I even have more examples

-  in my tests :-).  There is now a X509_EXTENSION type that is used in

-  X509v3 certificates and CRLv2.

-- Fixed that signature type error :-(

-- Fixed quite a few potential memory leaks and problems when reusing

-  X509, CRL and REQ structures.

-- EVP_set_pw_prompt() now sets the library wide default password

-  prompt.

-- The 'pkcs7' command will now, given the -print_certs flag, output in

-  pem format, all certificates and CRL contained within.  This is more

-  of a pre-emtive thing for the new verisign distribution method.  I

-  should also note, that this also gives and example in code, of how

-  to do this :-), or for that matter, what is involved in going the

-  other way (list of certs and crl -> pkcs7).

-- Added RSA's DESX to the DES library.  It is also available via the

-  EVP_desx_cbc() method and via 'enc desx'.

-SSLeay 0.6.1

-The main functional changes since 0.6.0 are as follows

-- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is

-  that from now on, I'll keep the .def numbers the same so they will be.

-- RSA private key operations are about 2 times faster that 0.6.0

-- The SSL_CTX now has more fields so default values can be put against

-  it.  When an SSL structure is created, these default values are used

-  but can be overwritten.  There are defaults for cipher, certificate,

-  private key, verify mode and callback.  This means SSL session

-  creation can now be

-  ssl=SSL_new()

-  SSL_set_fd(ssl,sock);

-  SSL_accept(ssl)

-  ....

-  All the other uglyness with having to keep a global copy of the

-  private key and certificate/verify mode in the server is now gone.

-- ssl/ssltest.c - one process talking SSL to its self for testing.

-- Storage of Session-id's can be controled via a session_cache_mode

-  flag.  There is also now an automatic default flushing of

-  old session-id's.

-- The X509_cert_verify() function now has another parameter, this

-  should not effect most people but it now means that the reason for

-  the failure to verify is now available via SSL_get_verify_result(ssl).

-  You don't have to use a global variable.

-- SSL_get_app_data() and SSL_set_app_data() can be used to keep some

-  application data against the SSL structure.  It is upto the application

-  to free the data.  I don't use it, but it is available.

-- SSL_CTX_set_cert_verify_callback() can be used to specify a

-  verify callback function that completly replaces my certificate

-  verification code.  Xcert should be able to use this :-).

-  The callback is of the form int app_verify_callback(arg,ssl,cert).

-  This needs to be documented more.

-- I have started playing with shared library builds, have a look in

-  the shlib directory.  It is very simple.  If you need a numbered

-  list of functions, have a look at misc/crypto.num and misc/ssl.num.

-- There is some stuff to do locking to make the library thread safe.

-  I have only started this stuff and have not finished.  If anyone is

-  keen to do so, please send me the patches when finished.

-So I have finally made most of the additions to the SSL interface that

-I thought were needed.

-There will probably be a pause before I make any non-bug/documentation

-related changes to SSLeay since I'm feeling like a bit of a break.

-eric - 12 Jul 1996

-I saw recently a comment by some-one that we now seem to be entering

-the age of perpetual Beta software.

-Pioneered by packages like linux but refined to an art form by

-netscape.

-I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).

-There are quite a large number of sections that are 'works in

-progress' in this package.  I will also list the major changes and

-what files you should read.

-BIO - this is the new IO structure being used everywhere in SSLeay.  I

-started out developing this because of microsoft, I wanted a mechanism

-to callback to the application for all IO, so Windows 3.1 DLL

-perversion could be hidden from me and the 15 different ways to write

-to a file under NT would also not be dictated by me at library build

-time.  What the 'package' is is an API for a data structure containing

-functions.  IO interfaces can be written to conform to the

-specification.  This in not intended to hide the underlying data type

-from the application, but to hide it from SSLeay :-).

-I have only really finished testing the FILE * and socket/fd modules.

-There are also 'filter' BIO's.  Currently I have only implemented

-message digests, and it is in use in the dgst application.  This

-functionality will allow base64/encrypto/buffering modules to be

-'push' into a BIO without it affecting the semantics.  I'm also

-working on an SSL BIO which will hide the SSL_accept()/SLL_connet()

-from an event loop which uses the interface.

-It is also possible to 'attach' callbacks to a BIO so they get called

-before and after each operation, alowing extensive debug output

-to be generated (try running dgst with -d).

-Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few

-functions that used to take FILE *, now take BIO *.

-The wrappers are easy to write

-function_fp(fp,x)

-FILE *fp;

-    {

-    BIO *b;

-    int ret;

-    if ((b=BIO_new(BIO_s_file())) == NULL) error.....

-    BIO_set_fp(b,fp,BIO_NOCLOSE);

-    ret=function_bio(b,x);

-    BIO_free(b);

-    return(ret);

-    }

-Remember, there are no functions that take FILE * in SSLeay when

-compiled for Windows 3.1 DLL's.

-I have added a general EVP_PKEY type that can hold a public/private

-key.  This is now what is used by the EVP_ functions and is passed

-around internally.  I still have not done the PKCS#8 stuff, but

-X509_PKEY is defined and waiting :-)

-For a full function name listings, have a look at ms/crypt32.def and

-ms/ssl32.def.  These are auto-generated but are complete.

-Things like ASN1_INTEGER_get() have been added and are in here if you

-look.  I have renamed a few things, again, have a look through the

-function list and you will probably find what you are after.  I intend

-to at least put a one line descrition for each one.....

-Microsoft - thats what this release is about, read the MICROSOFT file.

-Multi-threading support.  I have started hunting through the code and

-flaging where things need to be done.  In a state of work but high on

-the list.

-For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)

-be be you random data device, otherwise 'RFILE' in e_os.h

-will be used, in your home directory.  It will be updated

-periodically.  The environment variable RANDFILE will override this

-choice and read/write to that file instead.  DEVRANDOM is used in

-conjunction to the RFILE/RANDFILE.  If you wish to 'seed' the random

-number generator, pick on one of these files.

-The list of things to read and do

-dgst -d

-s_client -state (this uses a callback placed in the SSL state loop and

-        will be used else-where to help debug/monitor what

-        is happening.)

-doc/why.doc

-doc/bio.doc <- hmmm, needs lots of work.

-doc/bss_file.doc <- one that is working :-)

-doc/session.doc <- it has changed

-doc/speed.doc

- also play with ssleay version -a.  I have now added a SSLeay()

- function that returns a version number, eg 0600 for this release

- which is primarily to be used to check DLL version against the

- application.

-util/*  Quite a few will not interest people, but some may, like

- mk1mf.pl, mkdef.pl,

-util/do_ms.sh

-try

-cc -Iinclude -Icrypto -c crypto/crypto.c

-cc -Iinclude -Issl -c ssl/ssl.c

-You have just built the SSLeay libraries as 2 object files :-)

-Have a general rummage around in the bin stall directory and look at

-what is in there, like CA.sh and c_rehash

-There are lots more things but it is 12:30am on a Friday night and I'm

-heading home :-).

-eric 22-Jun-1996

-This version has quite a few major bug fixes and improvements.  It DOES NOT

-do SSLv3 yet.

-The main things changed

-- A Few days ago I added the s_mult application to ssleay which is

-  a demo of an SSL server running in an event loop type thing.

-  It supports non-blocking IO, I have finally gotten it right, SSL_accept()

-  can operate in non-blocking IO mode, look at the code to see how :-).

-  Have a read of doc/s_mult as well.  This program leaks memory and

-  file descriptors everywhere but I have not cleaned it up yet.

-  This is a demo of how to do non-blocking IO.

-- The SSL session management has been 'worked over' and there is now

-  quite an expansive set of functions to manipulate them.  Have a read of

-  doc/session.doc for some-things I quickly whipped up about how it now works.

-  This assume you know the SSLv2 protocol :-)

-- I can now read/write the netscape certificate format, use the

-  -inform/-outform  'net' options to the x509 command.  I have not put support

-  for this type in the other demo programs, but it would be easy to add.

-- asn1parse and 'enc' have been modified so that when reading base64

-  encoded files (pem format), they do not require '-----BEGIN' header lines.

-  The 'enc' program had a buffering bug fixed, it can be used as a general

-  base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'

-  respecivly.  Leaving out the '-a' flag in this case makes the 'enc' command

-  into a form of 'cat'.

-- The 'x509' and 'req' programs have been fixed and modified a little so

-  that they generate self-signed certificates correctly.  The test

-  script actually generates a 'CA' certificate and then 'signs' a

-  'user' certificate.  Have a look at this shell script (test/sstest)

-  to see how things work, it tests most possible combinations of what can

-  be done.

-- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name

-  of SSL_set_cipher_list() is now the correct API (stops confusion :-).

-  If this function is used in the client, only the specified ciphers can

-  be used, with preference given to the order the ciphers were listed.

-  For the server, if this is used, only the specified ciphers will be used

-  to accept connections.  If this 'option' is not used, a default set of

-  ciphers will be used.  The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this

-  list for all ciphers started against the SSL_CTX.  So the order is

-  SSL cipher_list, if not present, SSL_CTX cipher list, if not

-  present, then the library default.

-  What this means is that normally ciphers like

-  NULL-MD5 will never be used.  The only way this cipher can be used

-  for both ends to specify to use it.

-  To enable or disable ciphers in the library at build time, modify the

-  first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.

-  This file also contains the 'pref_cipher' list which is the default

-  cipher preference order.

-- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'

-  options work.  They should, and they enable loading and writing the

-  netscape rsa private key format.  I will be re-working this section of

-  SSLeay for the next version.  What is currently in place is a quick and

-  dirty hack.

-- I've re-written parts of the bignum library.  This gives speedups

-  for all platforms.  I now provide assembler for use under Windows NT.

-  I have not tested the Windows 3.1 assembler but it is quite simple code.

-  This gives RSAprivate_key operation encryption times of 0.047s (512bit key)

-  and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.

-  Basically the times available under linux/solaris x86 can be achieve under

-  Windows NT.  I still don't know how these times compare to RSA's BSAFE

-  library but I have been emailing with people and with their help, I should

-  be able to get my library's quite a bit faster still (more algorithm changes).

-  The object file crypto/bn/asm/x86-32.obj should be used when linking

-  under NT.

-- 'make makefile.one' in the top directory will generate a single makefile

-  called 'makefile.one'  This makefile contains no perl references and

-  will build the SSLeay library into the 'tmp' and 'out' directories.

-  util/mk1mf.pl >makefile.one is how this makefile is

-  generated.  The mk1mf.pl command take several option to generate the

-  makefile for use with cc, gcc, Visual C++ and Borland C++.  This is

-  still under development.  I have only build .lib's for NT and MSDOS

-  I will be working on this more.  I still need to play with the

-  correct compiler setups for these compilers and add some more stuff but

-  basically if you just want to compile the library

-  on a 'non-unix' platform, this is a very very good file to start with :-).

-  Have a look in the 'microsoft' directory for my current makefiles.

-  I have not yet modified things to link with sockets under Windows NT.

-  You guys should be able to do this since this is actually outside of the

-  SSLeay scope :-).  I will be doing it for myself soon.

-  util/mk1mf.pl takes quite a few options including no-rc, rsaref  and no-sock

-  to build without RC2/RC4, to require RSAref for linking, and to

-  build with no socket code.

-- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher

-  that was posted to sci.crypt has been added to the library and SSL.

-  I take the view that if RC2 is going to be included in a standard,

-  I'll include the cipher to make my package complete.

-  There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers

-  at compile time.  I have not tested this recently but it should all work

-  and if you are in the USA and don't want RSA threatening to sue you,

-  you could probably remove the RC4/RC2 code inside these sections.

-  I may in the future include a perl script that does this code

-  removal automatically for those in the USA :-).

-- I have removed all references to sed in the makefiles.  So basically,

-  the development environment requires perl and sh.  The build environment

-  does not (use the makefile.one makefile).

-  The Configure script still requires perl, this will probably stay that way

-  since I have perl for Windows NT :-).

-eric (03-May-1996)

-PS Have a look in the VERSION file for more details on the changes and

-   bug fixes.

-I have fixed a few bugs, added alpha and x86 assembler and generally cleaned

-things up.  This version will be quite stable, mostly because I'm on

-holidays until 10-March-1996.  For any problems in the interum, send email

-to Tim Hudson <[email protected]>.

-SSLeay 0.5.0

-12-12-95

-This is going out before it should really be released.

-I leave for 11 weeks holidays on the 22-12-95 and so I either sit on

-this for 11 weeks or get things out.  It is still going to change a

-lot in the next week so if you do grab this version, please test and

-give me feed back ASAP, inculuding questions on how to do things with

-the library.  This will prompt me to write documentation so I don't

-have to answer the same question again :-).

-This 'pre' release version is for people who are interested in the

-library.  The applications will have to be changed to use

-the new version of the SSL interface.  I intend to finish more

-documentation before I leave but until then, look at the programs in

-the apps directory.  As far as code goes, it is much much nicer than

-the old version.

-The current library works, has no memory leaks (as far as I can tell)

-and is far more bug free that 0.4.5d.  There are no global variable of

-consequence (I believe) and I will produce some documentation that

-tell where to look for those people that do want to do multi-threaded

-stuff.

-There should be more documentation.  Have a look in the

-doc directory.  I'll be adding more before I leave, it is a start

-by mostly documents the crypto library.  Tim Hudson will update

-the web page ASAP.  The spelling and grammar are crap but

-it is better than nothing :-)

-Reasons to start playing with version 0.5.0

-- All the programs in the apps directory build into one ssleay binary.

-- There is a new version of the 'req' program that generates certificate

-  requests, there is even documentation for this one :-)

-- There is a demo certification authorithy program.  Currently it will

-  look at the simple database and update it.  It will generate CRL from

-  the data base.  You need to edit the database by hand to revoke a

-  certificate, it is my aim to use perl5/Tk but I don't have time to do

-  this right now.  It will generate the certificates but the management

-  scripts still need to be written.  This is not a hard task.

-- Things have been cleaned up alot.

-- Have a look at the enc and dgst programs in the apps directory.

-- It supports v3 of x509 certiticates.

-Major things missing.

-- I have been working on (and thinging about) the distributed x509

-  hierachy problem.  I have not had time to put my solution in place.

-  It will have to wait until I come back.

-- I have not put in CRL checking in the certificate verification but

-  it would not be hard to do.  I was waiting until I could generate my

-  own CRL (which has only been in the last week) and I don't have time

-  to put it in correctly.

-- Montgomery multiplication need to be implemented.  I know the

-  algorithm, just ran out of time.

-- PKCS#7.  I can load and write the DER version.  I need to re-work

-  things to support BER (if that means nothing, read the ASN1 spec :-).

-- Testing of the higher level digital envelope routines.  I have not

-  played with the *_seal() and *_open() type functions.  They are

-  written but need testing.  The *_sign() and *_verify() functions are

-  rock solid.

-- PEM.  Doing this and PKCS#7 have been dependant on the distributed

-  x509 heirachy problem.  I started implementing my ideas, got

-  distracted writing a CA program and then ran out of time.  I provide

-  the functionality of RSAref at least.

-- Re work the asm. code for the x86.  I've changed by low level bignum

-  interface again, so I really need to tweak the x86 stuff.  gcc is

-  good enough for the other boxes.

--- a/sys/src/ape/lib/openssl/FAQ

+++ /dev/null

@@ -1,909 +1,0 @@

-OpenSSL  -  Frequently Asked Questions

---------------------------------------

-[MISC] Miscellaneous questions

-* Which is the current version of OpenSSL?

-* Where is the documentation?

-* How can I contact the OpenSSL developers?

-* Where can I get a compiled version of OpenSSL?

-* Why aren't tools like 'autoconf' and 'libtool' used?

-* What is an 'engine' version?

-* How do I check the authenticity of the OpenSSL distribution?

-[LEGAL] Legal questions

-* Do I need patent licenses to use OpenSSL?

-* Can I use OpenSSL with GPL software?

-[USER] Questions on using the OpenSSL applications

-* Why do I get a "PRNG not seeded" error message?

-* Why do I get an "unable to write 'random state'" error message?

-* How do I create certificates or certificate requests?

-* Why can't I create certificate requests?

-* Why does <SSL program> fail with a certificate verify error?

-* Why can I only use weak ciphers when I connect to a server using OpenSSL?

-* How can I create DSA certificates?

-* Why can't I make an SSL connection using a DSA certificate?

-* How can I remove the passphrase on a private key?

-* Why can't I use OpenSSL certificates with SSL client authentication?

-* Why does my browser give a warning about a mismatched hostname?

-* How do I install a CA certificate into a browser?

-* Why is OpenSSL x509 DN output not conformant to RFC2253?

-* What is a "128 bit certificate"? Can I create one with OpenSSL?

-[BUILD] Questions about building and testing OpenSSL

-* Why does the linker complain about undefined symbols?

-* Why does the OpenSSL test fail with "bc: command not found"?

-* Why does the OpenSSL test fail with "bc: 1 no implemented"?

-* Why does the OpenSSL test fail with "bc: stack empty"?

-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?

-* Why does the OpenSSL compilation fail with "ar: command not found"?

-* Why does the OpenSSL compilation fail on Win32 with VC++?

-* What is special about OpenSSL on Redhat?

-* Why does the OpenSSL compilation fail on MacOS X?

-* Why does the OpenSSL test suite fail on MacOS X?

-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?

-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?

-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?

-* Why does compiler fail to compile sha512.c?

-* Test suite still fails, what to do?

-[PROG] Questions about programming with OpenSSL

-* Is OpenSSL thread-safe?

-* I've compiled a program under Windows and it crashes: why?

-* How do I read or write a DER encoded buffer using the ASN1 functions?

-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?

-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?

-* I've called <some function> and it fails, why?

-* I just get a load of numbers for the error output, what do they mean?

-* Why do I get errors about unknown algorithms?

-* Why can't the OpenSSH configure script detect OpenSSL?

-* Can I use OpenSSL's SSL library with non-blocking I/O?

-* Why doesn't my server application receive a client certificate?

-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?

-* I think I've detected a memory leak, is this a bug?

-* Why does Valgrind complain about the use of uninitialized data?

-===============================================================================

-[MISC] ========================================================================

-* Which is the current version of OpenSSL?

-The current version is available from <URL: http://www.openssl.org>.

-OpenSSL 0.9.8g was released on October 19th, 2007.

-In addition to the current stable release, you can also access daily

-snapshots of the OpenSSL development version at <URL:

-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.

-* Where is the documentation?

-OpenSSL is a library that provides cryptographic functionality to

-applications such as secure web servers.  Be sure to read the

-documentation of the application you want to use.  The INSTALL file

-explains how to install this library.

-OpenSSL includes a command line utility that can be used to perform a

-variety of cryptographic functions.  It is described in the openssl(1)

-manpage.  Documentation for developers is currently being written.  A

-few manual pages already are available; overviews over libcrypto and

-libssl are given in the crypto(3) and ssl(3) manpages.

-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a

-different directory if you specified one as described in INSTALL).

-In addition, you can read the most current versions at

-<URL: http://www.openssl.org/docs/>.

-For information on parts of libcrypto that are not yet documented, you

-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's

-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much

-of this still applies to OpenSSL.

-There is some documentation about certificate extensions and PKCS#12

-in doc/openssl.txt

-The original SSLeay documentation is included in OpenSSL as

-doc/ssleay.txt.  It may be useful when none of the other resources

-help, but please note that it reflects the obsolete version SSLeay

-0.6.6.

-* How can I contact the OpenSSL developers?

-The README file describes how to submit bug reports and patches to

-OpenSSL.  Information on the OpenSSL mailing lists is available from

-<URL: http://www.openssl.org>.

-* Where can I get a compiled version of OpenSSL?

-You can finder pointers to binary distributions in

-http://www.openssl.org/related/binaries.html .

-Some applications that use OpenSSL are distributed in binary form.

-When using such an application, you don't need to install OpenSSL

-yourself; the application will include the required parts (e.g. DLLs).

-If you want to build OpenSSL on a Windows system and you don't have

-a C compiler, read the "Mingw32" section of INSTALL.W32 for information

-on how to obtain and install the free GNU C compiler.

-A number of Linux and *BSD distributions include OpenSSL.

-* Why aren't tools like 'autoconf' and 'libtool' used?

-autoconf will probably be used in future OpenSSL versions. If it was

-less Unix-centric, it might have been used much earlier.

-* What is an 'engine' version?

-With version 0.9.6 OpenSSL was extended to interface to external crypto

-hardware. This was realized in a special release '0.9.6-engine'. With

-version 0.9.7 the changes were merged into the main development line,

-so that the special release is no longer necessary.

-* How do I check the authenticity of the OpenSSL distribution?

-We provide MD5 digests and ASC signatures of each tarball.

-Use MD5 to check that a tarball from a mirror site is identical:

-   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5

-You can check authenticity using pgp or gpg. You need the OpenSSL team

-member public key used to sign it (download it from a key server, see a

-list of keys at <URL: http://www.openssl.org/about/>). Then

-just do:

-   pgp TARBALL.asc

-[LEGAL] =======================================================================

-* Do I need patent licenses to use OpenSSL?

-The patents section of the README file lists patents that may apply to

-you if you want to use OpenSSL.  For information on intellectual

-property rights, please consult a lawyer.  The OpenSSL team does not

-offer legal advice.

-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using

- ./config no-idea no-mdc2 no-rc5

-* Can I use OpenSSL with GPL software?

-On many systems including the major Linux and BSD distributions, yes (the

-GPL does not place restrictions on using libraries that are part of the

-normal operating system distribution).

-On other systems, the situation is less clear. Some GPL software copyright

-holders claim that you infringe on their rights if you use OpenSSL with

-their software on operating systems that don't normally include OpenSSL.

-If you develop open source software that uses OpenSSL, you may find it

-useful to choose an other license than the GPL, or state explicitly that

-"This program is released under the GPL with the additional exemption that

-compiling, linking, and/or using OpenSSL is allowed."  If you are using

-GPL software developed by others, you may want to ask the copyright holder

-for permission to use their software with OpenSSL.

-[USER] ========================================================================

-* Why do I get a "PRNG not seeded" error message?

-Cryptographic software needs a source of unpredictable data to work

-correctly.  Many open source operating systems provide a "randomness

-device" (/dev/urandom or /dev/random) that serves this purpose.

-All OpenSSL versions try to use /dev/urandom by default; starting with

-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not

-available.

-On other systems, applications have to call the RAND_add() or

-RAND_seed() function with appropriate data before generating keys or

-performing public key encryption. (These functions initialize the

-pseudo-random number generator, PRNG.)  Some broken applications do

-not do this.  As of version 0.9.5, the OpenSSL functions that need

-randomness report an error if the random number generator has not been

-seeded with at least 128 bits of randomness.  If this error occurs and

-is not discussed in the documentation of the application you are

-using, please contact the author of that application; it is likely

-that it never worked correctly.  OpenSSL 0.9.5 and later make the

-error visible by refusing to perform potentially insecure encryption.

-If you are using Solaris 8, you can add /dev/urandom and /dev/random

-devices by installing patch 112438 (Sparc) or 112439 (x86), which are

-available via the Patchfinder at <URL: http://sunsolve.sun.com>

-(Solaris 9 includes these devices by default). For /dev/random support

-for earlier Solaris versions, see Sun's statement at

-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>

-(the SUNWski package is available in patch 105710).

-On systems without /dev/urandom and /dev/random, it is a good idea to

-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for

-details.  Starting with version 0.9.7, OpenSSL will automatically look

-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and

-/etc/entropy.

-Most components of the openssl command line utility automatically try

-to seed the random number generator from a file.  The name of the

-default seeding file is determined as follows: If environment variable

-RANDFILE is set, then it names the seeding file.  Otherwise if

-environment variable HOME is set, then the seeding file is $HOME/.rnd.

-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will

-use file .rnd in the current directory while OpenSSL 0.9.6a uses no

-default seeding file at all.  OpenSSL 0.9.6b and later will behave

-similarly to 0.9.6a, but will use a default of "C:\" for HOME on

-Windows systems if the environment variable has not been set.

-If the default seeding file does not exist or is too short, the "PRNG

-not seeded" error message may occur.

-The openssl command line utility will write back a new state to the

-default seeding file (and create this file if necessary) unless

-there was no sufficient seeding.

-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.

-Use the "-rand" option of the OpenSSL command line tools instead.

-The $RANDFILE environment variable and $HOME/.rnd are only used by the

-OpenSSL command line tools. Applications using the OpenSSL library

-provide their own configuration options to specify the entropy source,

-please check out the documentation coming the with application.

-* Why do I get an "unable to write 'random state'" error message?

-Sometimes the openssl command line utility does not abort with

-a "PRNG not seeded" error message, but complains that it is

-"unable to write 'random state'".  This message refers to the

-default seeding file (see previous answer).  A possible reason

-is that no default filename is known because neither RANDFILE

-nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the

-current directory in this case, but this has changed with 0.9.6a.)

-* How do I create certificates or certificate requests?

-Check out the CA.pl(1) manual page. This provides a simple wrapper round

-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check

-out the manual pages for the individual utilities and the certificate

-extensions documentation (currently in doc/openssl.txt).

-* Why can't I create certificate requests?

-You typically get the error:

-	unable to find 'distinguished_name' in config

-	problems making Certificate Request

-This is because it can't find the configuration file. Check out the

-DIAGNOSTICS section of req(1) for more information.

-* Why does <SSL program> fail with a certificate verify error?

-This problem is usually indicated by log messages saying something like

-"unable to get local issuer certificate" or "self signed certificate".

-When a certificate is verified its root CA must be "trusted" by OpenSSL

-this typically means that the CA certificate must be placed in a directory

-or file and the relevant program configured to read it. The OpenSSL program

-'verify' behaves in a similar way and issues similar error messages: check

-the verify(1) program manual page for more information.

-* Why can I only use weak ciphers when I connect to a server using OpenSSL?

-This is almost certainly because you are using an old "export grade" browser

-which only supports weak encryption. Upgrade your browser to support 128 bit

-ciphers.

-* How can I create DSA certificates?

-Check the CA.pl(1) manual page for a DSA certificate example.

-* Why can't I make an SSL connection to a server using a DSA certificate?

-Typically you'll see a message saying there are no shared ciphers when

-the same setup works fine with an RSA certificate. There are two possible

-causes. The client may not support connections to DSA servers most web

-browsers (including Netscape and MSIE) only support connections to servers

-supporting RSA cipher suites. The other cause is that a set of DH parameters

-has not been supplied to the server. DH parameters can be created with the

-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:

-check the source to s_server in apps/s_server.c for an example.

-* How can I remove the passphrase on a private key?

-Firstly you should be really *really* sure you want to do this. Leaving

-a private key unencrypted is a major security risk. If you decide that

-you do have to do this check the EXAMPLES sections of the rsa(1) and

-dsa(1) manual pages.

-* Why can't I use OpenSSL certificates with SSL client authentication?

-What will typically happen is that when a server requests authentication

-it will either not include your certificate or tell you that you have

-no client certificates (Netscape) or present you with an empty list box

-(MSIE). The reason for this is that when a server requests a client

-certificate it includes a list of CAs names which it will accept. Browsers

-will only let you select certificates from the list on the grounds that

-there is little point presenting a certificate which the server will

-reject.

-The solution is to add the relevant CA certificate to your servers "trusted

-CA list". How you do this depends on the server software in uses. You can

-print out the servers list of acceptable CAs using the OpenSSL s_client tool:

-openssl s_client -connect www.some.host:443 -prexit

-If your server only requests certificates on certain URLs then you may need

-to manually issue an HTTP GET command to get the list when s_client connects:

-GET /some/page/needing/a/certificate.html

-If your CA does not appear in the list then this confirms the problem.

-* Why does my browser give a warning about a mismatched hostname?

-Browsers expect the server's hostname to match the value in the commonName

-(CN) field of the certificate. If it does not then you get a warning.

-* How do I install a CA certificate into a browser?

-The usual way is to send the DER encoded certificate to the browser as

-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate

-link. On MSIE certain extensions such as .der or .cacert may also work, or you

-can import the certificate using the certificate import wizard.

-You can convert a certificate to DER form using the command:

-openssl x509 -in ca.pem -outform DER -out ca.der

-Occasionally someone suggests using a command such as:

-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem

-DO NOT DO THIS! This command will give away your CAs private key and

-reduces its security to zero: allowing anyone to forge certificates in

-whatever name they choose.

-* Why is OpenSSL x509 DN output not conformant to RFC2253?

-The ways to print out the oneline format of the DN (Distinguished Name) have

-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()

-interface, the "-nameopt" option could be introduded. See the manual

-page of the "openssl x509" commandline tool for details. The old behaviour

-has however been left as default for the sake of compatibility.

-* What is a "128 bit certificate"? Can I create one with OpenSSL?

-The term "128 bit certificate" is a highly misleading marketing term. It does

-*not* refer to the size of the public key in the certificate! A certificate

-containing a 128 bit RSA key would have negligible security.

-There were various other names such as "magic certificates", "SGC

-certificates", "step up certificates" etc.

-You can't generally create such a certificate using OpenSSL but there is no

-need to any more. Nowadays web browsers using unrestricted strong encryption

-are generally available.

-When there were tight export restrictions on the export of strong encryption

-software from the US only weak encryption algorithms could be freely exported

-(initially 40 bit and then 56 bit). It was widely recognised that this was

-inadequate. A relaxation the rules allowed the use of strong encryption but

-only to an authorised server.

-Two slighly different techniques were developed to support this, one used by

-Netscape was called "step up", the other used by MSIE was called "Server Gated

-Cryptography" (SGC). When a browser initially connected to a server it would

-check to see if the certificate contained certain extensions and was issued by

-an authorised authority. If these test succeeded it would reconnect using

-strong encryption.

-Only certain (initially one) certificate authorities could issue the

-certificates and they generally cost more than ordinary certificates.

-Although OpenSSL can create certificates containing the appropriate extensions

-the certificate would not come from a permitted authority and so would not

-be recognized.

-The export laws were later changed to allow almost unrestricted use of strong

-encryption so these certificates are now obsolete.

-[BUILD] =======================================================================

-* Why does the linker complain about undefined symbols?

-Maybe the compilation was interrupted, and make doesn't notice that

-something is missing.  Run "make clean; make".

-If you used ./Configure instead of ./config, make sure that you

-selected the right target.  File formats may differ slightly between

-OS versions (for example sparcv8/sparcv9, or a.out/elf).

-In case you get errors about the following symbols, use the config

-option "no-asm", as described in INSTALL:

- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,

- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,

- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,

- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,

- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,

- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,

- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order

-If none of these helps, you may want to try using the current snapshot.

-If the problem persists, please submit a bug report.

-* Why does the OpenSSL test fail with "bc: command not found"?

-You didn't install "bc", the Unix calculator.  If you want to run the

-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.

-* Why does the OpenSSL test fail with "bc: 1 no implemented"?

-On some SCO installations or versions, bc has a bug that gets triggered

-when you run the test suite (using "make test").  The message returned is

-"bc: 1 not implemented".

-The best way to deal with this is to find another implementation of bc

-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html

-for download instructions) can be safely used, for example.

-* Why does the OpenSSL test fail with "bc: stack empty"?

-On some DG/ux versions, bc seems to have a too small stack for calculations

-that the OpenSSL bntest throws at it.  This gets triggered when you run the

-test suite (using "make test").  The message returned is "bc: stack empty".

-The best way to deal with this is to find another implementation of bc

-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html

-for download instructions) can be safely used, for example.

-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?

-On some Alpha installations running Tru64 Unix and Compaq C, the compilation

-of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual

-memory to continue compilation.'  As far as the tests have shown, this may be

-a compiler bug.  What happens is that it eats up a lot of resident memory

-to build something, probably a table.  The problem is clearly in the

-optimization code, because if one eliminates optimization completely (-O0),

-the compilation goes through (and the compiler consumes about 2MB of resident

-memory instead of 240MB or whatever one's limit is currently).

-There are three options to solve this problem:

-1. set your current data segment size soft limit higher.  Experience shows

-that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do

-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of

-kbytes to set the limit to.

-2. If you have a hard limit that is lower than what you need and you can't

-get it changed, you can compile all of OpenSSL with -O0 as optimization

-level.  This is however not a very nice thing to do for those who expect to

-get the best result from OpenSSL.  A bit more complicated solution is the

-following:

------ snip:start -----

-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \

-       sed -e 's/ -O[0-9] / -O0 /'`"

-  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`

-  make

------ snip:end -----

-This will only compile sha_dgst.c with -O0, the rest with the optimization

-level chosen by the configuration process.  When the above is done, do the

-test and installation and you're set.

-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It

-should not be used and is not used in SSL/TLS nor any other recognized

-protocol in either case.

-* Why does the OpenSSL compilation fail with "ar: command not found"?

-Getting this message is quite usual on Solaris 2, because Sun has hidden

-away 'ar' and other development commands in directories that aren't in

-$PATH by default.  One of those directories is '/usr/ccs/bin'.  The

-quickest way to fix this is to do the following (it assumes you use sh

-or any sh-compatible shell):

------ snip:start -----

-  PATH=${PATH}:/usr/ccs/bin; export PATH

------ snip:end -----

-and then redo the compilation.  What you should really do is make sure

-'/usr/ccs/bin' is permanently in your $PATH, for example through your

-'.profile' (again, assuming you use a sh-compatible shell).

-* Why does the OpenSSL compilation fail on Win32 with VC++?

-Sometimes, you may get reports from VC++ command line (cl) that it

-can't find standard include files like stdio.h and other weirdnesses.

-One possible cause is that the environment isn't correctly set up.

-To solve that problem for VC++ versions up to 6, one should run

-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++

-installation directory (somewhere under 'Program Files').  For VC++

-version 7 (and up?), which is also called VS.NET, the file is called

-VSVARS32.BAT instead.

-This needs to be done prior to running NMAKE, and the changes are only

-valid for the current DOS session.

-* What is special about OpenSSL on Redhat?

-Red Hat Linux (release 7.0 and later) include a preinstalled limited

-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2

-is disabled in this version. The same may apply to other Linux distributions.

-Users may therefore wish to install more or all of the features left out.

-To do this you MUST ensure that you do not overwrite the openssl that is in

-/usr/bin on your Red Hat machine. Several packages depend on this file,

-including sendmail and ssh. /usr/local/bin is a good alternative choice. The

-libraries that come with Red Hat 7.0 onwards have different names and so are

-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and

-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and

-/lib/libcrypto.so.2 respectively).

-Please note that we have been advised by Red Hat attempting to recompile the

-openssl rpm with all the cryptography enabled will not work. All other

-packages depend on the original Red Hat supplied openssl package. It is also

-worth noting that due to the way Red Hat supplies its packages, updates to

-openssl on each distribution never change the package version, only the

-build number. For example, on Red Hat 7.1, the latest openssl package has

-version number 0.9.6 and build number 9 even though it contains all the

-relevant updates in packages up to and including 0.9.6b.

-A possible way around this is to persuade Red Hat to produce a non-US

-version of Red Hat Linux.

-FYI: Patent numbers and expiry dates of US patents:

-MDC-2: 4,908,861 13/03/2007

-IDEA:  5,214,703 25/05/2010

-RC5:   5,724,428 03/03/2015

-* Why does the OpenSSL compilation fail on MacOS X?

-If the failure happens when trying to build the "openssl" binary, with

-a large number of undefined symbols, it's very probable that you have

-OpenSSL 0.9.6b delivered with the operating system (you can find out by

-running '/usr/bin/openssl version') and that you were trying to build

-OpenSSL 0.9.7 or newer.  The problem is that the loader ('ld') in

-MacOS X has a misfeature that's quite difficult to go around.

-Look in the file PROBLEMS for a more detailed explanation and for possible

-solutions.

-* Why does the OpenSSL test suite fail on MacOS X?

-If the failure happens when running 'make test' and the RC4 test fails,

-it's very probable that you have OpenSSL 0.9.6b delivered with the

-operating system (you can find out by running '/usr/bin/openssl version')

-and that you were trying to build OpenSSL 0.9.6d.  The problem is that

-the loader ('ld') in MacOS X has a misfeature that's quite difficult to

-go around and has linked the programs "openssl" and the test programs

-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the

-libraries you just built.

-Look in the file PROBLEMS for a more detailed explanation and for possible

-solutions.

-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?

-Failure in BN_sqr test is most likely caused by a failure to configure the

-toolkit for current platform or lack of support for the platform in question.

-Run './config -t' and './apps/openssl version -p'. Do these platform

-identifiers match? If they don't, then you most likely failed to run

-./config and you're hereby advised to do so before filing a bug report.

-If ./config itself fails to run, then it's most likely problem with your

-local environment and you should turn to your system administrator (or

-similar). If identifiers match (and/or no alternative identifier is

-suggested by ./config script), then the platform is unsupported. There might

-or might not be a workaround. Most notably on SPARC64 platforms with GNU

-C compiler you should be able to produce a working build by running

-'./config -m32'. I understand that -m32 might not be what you want/need,

-but the build should be operational. For further details turn to

-<[email protected]>.

-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?

-As of 0.9.7 assembler routines were overhauled for position independence

-of the machine code, which is essential for shared library support. For

-some reason OpenBSD is equipped with an out-of-date GNU assembler which

-finds the new code offensive. To work around the problem, configure with

-no-asm (and sacrifice a great deal of performance) or patch your assembler

-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.

-For your convenience a pre-compiled replacement binary is provided at

-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.

-Reportedly elder *BSD a.out platforms also suffer from this problem and

-remedy should be same. Provided binary is statically linked and should be

-working across wider range of *BSD branches, not just OpenBSD.

-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?

-If the test program in question fails withs SIGILL, Illegal Instruction

-exception, then you more than likely to run SSE2-capable CPU, such as

-Intel P4, under control of kernel which does not support SSE2

-instruction extentions. See accompanying INSTALL file and

-OPENSSL_ia32cap(3) documentation page for further information.

-* Why does compiler fail to compile sha512.c?

-OpenSSL SHA-512 implementation depends on compiler support for 64-bit

-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a

-couple] lack support for this and therefore are incapable of compiling

-the module in question. The recommendation is to disable SHA-512 by

-adding no-sha512 to ./config [or ./Configure] command line. Another

-possible alternative might be to switch to GCC.

-* Test suite still fails, what to do?

-Another common reason for failure to complete some particular test is

-simply bad code generated by a buggy component in toolchain or deficiency

-in run-time environment. There are few cases documented in PROBLEMS file,

-consult it for possible workaround before you beat the drum. Even if you

-don't find solution or even mention there, do reserve for possibility of

-a compiler bug. Compiler bugs might appear in rather bizarre ways, they

-never make sense, and tend to emerge when you least expect them. In order

-to identify one, drop optimization level, e.g. by editing CFLAG line in

-top-level Makefile, recompile and re-run the test.

-[PROG] ========================================================================

-* Is OpenSSL thread-safe?

-Yes (with limitations: an SSL connection may not concurrently be used

-by multiple threads).  On Windows and many Unix systems, OpenSSL

-automatically uses the multi-threaded versions of the standard

-libraries.  If your platform is not one of these, consult the INSTALL

-file.

-Multi-threaded applications must provide two callback functions to

-OpenSSL by calling CRYPTO_set_locking_callback() and

-CRYPTO_set_id_callback().  This is described in the threads(3)

-manpage.

-* I've compiled a program under Windows and it crashes: why?

-This is usually because you've missed the comment in INSTALL.W32.

-Your application must link against the same version of the Win32

-C-Runtime against which your openssl libraries were linked.  The

-default version for OpenSSL is /MD - "Multithreaded DLL".

-If you are using Microsoft Visual C++'s IDE (Visual Studio), in

-many cases, your new project most likely defaulted to "Debug

-Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your

-program will crash, typically on the first BIO related read or write

-operation.

-For each of the six possible link stage configurations within Win32,

-your application must link  against the same by which OpenSSL was

-built.  If you are using MS Visual C++ (Studio) this can be changed

-by:

- 1. Select Settings... from the Project Menu.

- 2. Select the C/C++ Tab.

- 3. Select "Code Generation from the "Category" drop down list box

- 4. Select the Appropriate library (see table below) from the "Use

-    run-time library" drop down list box.  Perform this step for both

-    your debug and release versions of your application (look at the

-    top left of the settings panel to change between the two)

-    Single Threaded           /ML        -  MS VC++ often defaults to

-                                            this for the release

-                                            version of a new project.

-    Debug Single Threaded     /MLd       -  MS VC++ often defaults to

-                                            this for the debug version

-                                            of a new project.

-    Multithreaded             /MT

-    Debug Multithreaded       /MTd

-    Multithreaded DLL         /MD        -  OpenSSL defaults to this.

-    Debug Multithreaded DLL   /MDd

-Note that debug and release libraries are NOT interchangeable.  If you

-built OpenSSL with /MD your application must use /MD and cannot use /MDd.

-As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL

-.DLLs compiled with some specific run-time option [we insist on the

-default /MD] can be deployed with application compiled with different

-option or even different compiler. But there is a catch! Instead of

-re-compiling OpenSSL toolkit, as you would have to with prior versions,

-you have to compile small C snippet with compiler and/or options of

-your choice. The snippet gets installed as

-<install-root>/include/openssl/applink.c and should be either added to

-your application project or simply #include-d in one [and only one]

-of your application source files. Failure to link this shim module

-into your application manifests itself as fatal "no OPENSSL_Applink"

-run-time error. An explicit reminder is due that in this situation

-[mixing compiler options] it is as important to add CRYPTO_malloc_init

-prior first call to OpenSSL.

-* How do I read or write a DER encoded buffer using the ASN1 functions?

-You have two options. You can either use a memory BIO in conjunction

-with the i2d_*_bio() or d2i_*_bio() functions or you can use the

-i2d_*(), d2i_*() functions directly. Since these are often the

-cause of grief here are some code fragments using PKCS7 as an example:

- unsigned char *buf, *p;

- int len;

- len = i2d_PKCS7(p7, NULL);

- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */

- p = buf;

- i2d_PKCS7(p7, &p);

-At this point buf contains the len bytes of the DER encoding of

-p7.

-The opposite assumes we already have len bytes in buf:

- unsigned char *p;

- p = buf;

- p7 = d2i_PKCS7(NULL, &p, len);

-At this point p7 contains a valid PKCS7 structure of NULL if an error

-occurred. If an error occurred ERR_print_errors(bio) should give more

-information.

-The reason for the temporary variable 'p' is that the ASN1 functions

-increment the passed pointer so it is ready to read or write the next

-structure. This is often a cause of problems: without the temporary

-variable the buffer pointer is changed to point just after the data

-that has been read or written. This may well be uninitialized data

-and attempts to free the buffer will have unpredictable results

-because it no longer points to the same address.

-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?

-The short answer is yes, because DER is a special case of BER and OpenSSL

-ASN1 decoders can process BER.

-The longer answer is that ASN1 structures can be encoded in a number of

-different ways. One set of ways is the Basic Encoding Rules (BER) with various

-permissible encodings. A restriction of BER is the Distinguished Encoding

-Rules (DER): these uniquely specify how a given structure is encoded.

-Therefore, because DER is a special case of BER, DER is an acceptable encoding

-for BER.

-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?

-This usually happens when you try compiling something using the PKCS#12

-macros with a C++ compiler. There is hardly ever any need to use the

-PKCS#12 macros in a program, it is much easier to parse and create

-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions

-documented in doc/openssl.txt and with examples in demos/pkcs12. The

-'pkcs12' application has to use the macros because it prints out

-debugging information.

-* I've called <some function> and it fails, why?

-Before submitting a report or asking in one of the mailing lists, you

-should try to determine the cause. In particular, you should call

-ERR_print_errors() or ERR_print_errors_fp() after the failed call

-and see if the message helps. Note that the problem may occur earlier

-than you think -- you should check for errors after every call where

-it is possible, otherwise the actual problem may be hidden because

-some OpenSSL functions clear the error state.

-* I just get a load of numbers for the error output, what do they mean?

-The actual format is described in the ERR_print_errors() manual page.

-You should call the function ERR_load_crypto_strings() before hand and

-the message will be output in text form. If you can't do this (for example

-it is a pre-compiled binary) you can use the errstr utility on the error

-code itself (the hex digits after the second colon).

-* Why do I get errors about unknown algorithms?

-This can happen under several circumstances such as reading in an

-encrypted private key or attempting to decrypt a PKCS#12 file. The cause

-is forgetting to load OpenSSL's table of algorithms with

-OpenSSL_add_all_algorithms(). See the manual page for more information.

-* Why can't the OpenSSH configure script detect OpenSSL?

-Several reasons for problems with the automatic detection exist.

-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.

-Sometimes the distribution has installed an older version in the system

-locations that is detected instead of a new one installed. The OpenSSL

-library might have been compiled for another CPU or another mode (32/64 bits).

-Permissions might be wrong.

-The general answer is to check the config.log file generated when running

-the OpenSSH configure script. It should contain the detailed information

-on why the OpenSSL library was not detected or considered incompatible.

-* Can I use OpenSSL's SSL library with non-blocking I/O?

-Yes; make sure to read the SSL_get_error(3) manual page!

-A pitfall to avoid: Don't assume that SSL_read() will just read from

-the underlying transport or that SSL_write() will just write to it --

-it is also possible that SSL_write() cannot do any useful work until

-there is data to read, or that SSL_read() cannot do anything until it

-is possible to send data.  One reason for this is that the peer may

-request a new TLS/SSL handshake at any time during the protocol,

-requiring a bi-directional message exchange; both SSL_read() and

-SSL_write() will try to continue any pending handshake.

-* Why doesn't my server application receive a client certificate?

-Due to the TLS protocol definition, a client will only send a certificate,

-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the

-SSL_CTX_set_verify() function to enable the use of client certificates.

-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?

-For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier

-versions, uniqueIdentifier was incorrectly used for X.509 certificates.

-The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.

-Change your code to use the new name when compiling against OpenSSL 0.9.7.

-* I think I've detected a memory leak, is this a bug?

-In most cases the cause of an apparent memory leak is an OpenSSL internal table

-that is allocated when an application starts up. Since such tables do not grow

-in size over time they are harmless.

-These internal tables can be freed up when an application closes using various

-functions.  Currently these include following:

-Thread-local cleanup functions:

-  ERR_remove_state()

-Application-global cleanup functions that are aware of usage (and therefore

-thread-safe):

-  ENGINE_cleanup() and CONF_modules_unload()

-"Brutal" (thread-unsafe) Application-global cleanup functions:

-  ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().

-* Why does Valgrind complain about the use of uninitialized data?

-When OpenSSL's PRNG routines are called to generate random numbers the supplied

-buffer contents are mixed into the entropy pool: so it technically does not

-matter whether the buffer is initialized at this point or not.  Valgrind (and

-other test tools) will complain about this. When using Valgrind, make sure the

-OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)

-to get rid of these warnings.

-===============================================================================

--- a/sys/src/ape/lib/openssl/INSTALL

+++ /dev/null

@@ -1,350 +1,0 @@

- INSTALLATION ON THE UNIX PLATFORM

- ---------------------------------

- [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)

-  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,

-  INSTALL.MacOS and INSTALL.NW.

-  This document describes installation on operating systems in the Unix

-  family.]

- To install OpenSSL, you will need:

-  * make

-  * Perl 5

-  * an ANSI C compiler

-  * a development environment in form of development libraries and C

-    header files

-  * a supported Unix operating system

- Quick Start

- -----------

- If you want to just get on with it, do:

-  $ ./config

-  $ make

-  $ make test

-  $ make install

- [If any of these steps fails, see section Installation in Detail below.]

- This will build and install OpenSSL in the default location, which is (for

- historical reasons) /usr/local/ssl. If you want to install it anywhere else,

- run config like this:

-  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl

- Configuration Options

- ---------------------

- There are several options to ./config (or ./Configure) to customize

- the build:

-  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.

-	        Configuration files used by OpenSSL will be in DIR/ssl

-                or the directory specified by --openssldir.

-  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,

-                the library files and binaries are also installed there.

-  no-threads    Don't try to build with support for multi-threaded

-                applications.

-  threads       Build with support for multi-threaded applications.

-                This will usually require additional system-dependent options!

-                See "Note on multi-threading" below.

-  no-zlib       Don't try to build with support for zlib compression and

-                decompression.

-  zlib          Build with support for zlib compression/decompression.

-  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically

-                when needed.  This is only supported on systems where loading

-                of shared libraries is supported.  This is the default choice.

-  no-shared     Don't try to create shared libraries.

-  shared        In addition to the usual static libraries, create shared

-                libraries on platforms where it's supported.  See "Note on

-                shared libraries" below.

-  no-asm        Do not use assembler code.

-  386           Use the 80386 instruction set only (the default x86 code is

-                more efficient, but requires at least a 486). Note: Use

-                compiler flags for any other CPU specific configuration,

-                e.g. "-m32" to build x86 code on an x64 system.

-  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is

-		detected at run-time, but the decision whether or not the

-		machine code will be executed is taken solely on CPU

-		capability vector. This means that if you happen to run OS

-		kernel which does not support SSE2 extension on Intel P4

-		processor, then your application might be exposed to

-		"illegal instruction" exception. There might be a way

-		to enable support in kernel, e.g. FreeBSD kernel can be

-		compiled with CPU_ENABLE_SSE, and there is a way to

-		disengage SSE2 code pathes upon application start-up,

-		but if you aim for wider "audience" running such kernel,

-		consider no-sse2. Both 386 and no-asm options above imply

-		no-sse2.

-  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,

-                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).

-                The crypto/<cipher> directory can be removed after running

-                "make depend".

-  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will

-                be passed through to the compiler to allow you to

-                define preprocessor symbols, specify additional libraries,

-                library directories or other compiler options.

- Installation in Detail

- ----------------------

- 1a. Configure OpenSSL for your operation system automatically:

-       $ ./config [options]

-     This guesses at your operating system (and compiler, if necessary) and

-     configures OpenSSL based on this guess. Run ./config -t to see

-     if it guessed correctly. If you want to use a different compiler, you

-     are cross-compiling for another platform, or the ./config guess was

-     wrong for other reasons, go to step 1b. Otherwise go to step 2.

-     On some systems, you can include debugging information as follows:

-       $ ./config -d [options]

- 1b. Configure OpenSSL for your operating system manually

-     OpenSSL knows about a range of different operating system, hardware and

-     compiler combinations. To see the ones it knows about, run

-       $ ./Configure

-     Pick a suitable name from the list that matches your system. For most

-     operating systems there is a choice between using "cc" or "gcc".  When

-     you have identified your system (and if necessary compiler) use this name

-     as the argument to ./Configure. For example, a "linux-elf" user would

-     run:

-       $ ./Configure linux-elf [options]

-     If your system is not available, you will have to edit the Configure

-     program and add the correct configuration for your system. The

-     generic configurations "cc" or "gcc" should usually work on 32 bit

-     systems.

-     Configure creates the file Makefile.ssl from Makefile.org and

-     defines various macros in crypto/opensslconf.h (generated from

-     crypto/opensslconf.h.in).

-  2. Build OpenSSL by running:

-       $ make

-     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the

-     OpenSSL binary ("openssl"). The libraries will be built in the top-level

-     directory, and the binary will be in the "apps" directory.

-     If "make" fails, look at the output.  There may be reasons for

-     the failure that aren't problems in OpenSSL itself (like missing

-     standard headers).  If it is a problem with OpenSSL itself, please

-     report the problem to <[email protected]> (note that your

-     message will be recorded in the request tracker publicly readable

-     via http://www.openssl.org/support/rt2.html and will be forwarded to a

-     public mailing list). Include the output of "make report" in your message.

-     Please check out the request tracker. Maybe the bug was already

-     reported or has already been fixed.

-     [If you encounter assembler error messages, try the "no-asm"

-     configuration option as an immediate fix.]

-     Compiling parts of OpenSSL with gcc and others with the system

-     compiler will result in unresolved symbols on some systems.

-  3. After a successful build, the libraries should be tested. Run:

-       $ make test

-     If a test fails, look at the output.  There may be reasons for

-     the failure that isn't a problem in OpenSSL itself (like a missing

-     or malfunctioning bc).  If it is a problem with OpenSSL itself,

-     try removing any compiler optimization flags from the CFLAG line

-     in Makefile.ssl and run "make clean; make". Please send a bug

-     report to <[email protected]>, including the output of

-     "make report" in order to be added to the request tracker at

-     http://www.openssl.org/support/rt2.html.

-  4. If everything tests ok, install OpenSSL with

-       $ make install

-     This will create the installation directory (if it does not exist) and

-     then the following subdirectories:

-       certs           Initially empty, this is the default location

-                       for certificate files.

-       man/man1        Manual pages for the 'openssl' command line tool

-       man/man3        Manual pages for the libraries (very incomplete)

-       misc            Various scripts.

-       private         Initially empty, this is the default location

-                       for private key files.

-     If you didn't choose a different installation prefix, the

-     following additional subdirectories will be created:

-       bin             Contains the openssl binary and a few other

-                       utility programs.

-       include/openssl Contains the header files needed if you want to

-                       compile programs with libcrypto or libssl.

-       lib             Contains the OpenSSL library files themselves.

-     Package builders who want to configure the library for standard

-     locations, but have the package installed somewhere else so that

-     it can easily be packaged, can use

-       $ make INSTALL_PREFIX=/tmp/package-root install

-     (or specify "--install_prefix=/tmp/package-root" as a configure

-     option).  The specified prefix will be prepended to all

-     installation target filenames.

-  NOTE: The header files used to reside directly in the include

-  directory, but have now been moved to include/openssl so that

-  OpenSSL can co-exist with other libraries which use some of the

-  same filenames.  This means that applications that use OpenSSL

-  should now use C preprocessor directives of the form

-       #include <openssl/ssl.h>

-  instead of "#include <ssl.h>", which was used with library versions

-  up to OpenSSL 0.9.2b.

-  If you install a new version of OpenSSL over an old library version,

-  you should delete the old header files in the include directory.

-  Compatibility issues:

-  *  COMPILING existing applications

-     To compile an application that uses old filenames -- e.g.

-     "#include <ssl.h>" --, it will usually be enough to find

-     the CFLAGS definition in the application's Makefile and

-     add a C option such as

-          -I/usr/local/ssl/include/openssl

-     to it.

-     But don't delete the existing -I option that points to

-     the ..../include directory!  Otherwise, OpenSSL header files

-     could not #include each other.

-  *  WRITING applications

-     To write an application that is able to handle both the new

-     and the old directory layout, so that it can still be compiled

-     with library versions up to OpenSSL 0.9.2b without bothering

-     the user, you can proceed as follows:

-     -  Always use the new filename of OpenSSL header files,

-        e.g. #include <openssl/ssl.h>.

-     -  Create a directory "incl" that contains only a symbolic

-        link named "openssl", which points to the "include" directory

-        of OpenSSL.

-        For example, your application's Makefile might contain the

-        following rule, if OPENSSLDIR is a pathname (absolute or

-        relative) of the directory where OpenSSL resides:

-        incl/openssl:

-        	-mkdir incl

-        	cd $(OPENSSLDIR) # Check whether the directory really exists

-        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl

-        You will have to add "incl/openssl" to the dependencies

-        of those C files that include some OpenSSL header file.

-     -  Add "-Iincl" to your CFLAGS.

-     With these additions, the OpenSSL header files will be available

-     under both name variants if an old library version is used:

-     Your application can reach them under names like <openssl/foo.h>,

-     while the header files still are able to #include each other

-     with names of the form <foo.h>.

- Note on multi-threading

- -----------------------

- For some systems, the OpenSSL Configure script knows what compiler options

- are needed to generate a library that is suitable for multi-threaded

- applications.  On these systems, support for multi-threading is enabled

- by default; use the "no-threads" option to disable (this should never be

- necessary).

- On other systems, to enable support for multi-threading, you will have

- to specify at least two options: "threads", and a system-dependent option.

- (The latter is "-D_REENTRANT" on various systems.)  The default in this

- case, obviously, is not to include support for multi-threading (but

- you can still use "no-threads" to suppress an annoying warning message

- from the Configure script.)

- Note on shared libraries

- ------------------------

- Shared libraries have certain caveats.  Binary backward compatibility

- can't be guaranteed before OpenSSL version 1.0.  The only reason to

- use them would be to conserve memory on systems where several programs

- are using OpenSSL.

- For some systems, the OpenSSL Configure script knows what is needed to

- build shared libraries for libcrypto and libssl.  On these systems,

- the shared libraries are currently not created by default, but giving

- the option "shared" will get them created.  This method supports Makefile

- targets for shared library creation, like linux-shared.  Those targets

- can currently be used on their own just as well, but this is expected

- to change in future versions of OpenSSL.

- Note on random number generation

- --------------------------------

- Availability of cryptographically secure random numbers is required for

- secret key generation. OpenSSL provides several options to seed the

- internal PRNG. If not properly seeded, the internal PRNG will refuse

- to deliver random bytes and a "PRNG not seeded error" will occur.

- On systems without /dev/urandom (or similar) device, it may be necessary

- to install additional support software to obtain random seed.

- Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),

- and the FAQ for more information.

- Note on support for multiple builds

- -----------------------------------

- OpenSSL is usually built in its source tree.  Unfortunately, this doesn't

- support building for multiple platforms from the same source tree very well.

- It is however possible to build in a separate tree through the use of lots

- of symbolic links, which should be prepared like this:

-	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"

-	cd objtree/"`uname -s`-`uname -r`-`uname -m`"

-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do

-		mkdir -p `dirname $F`

-		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F

-		echo $F '->' $OPENSSL_SOURCE/$F

-	done

-	make -f Makefile.org clean

- OPENSSL_SOURCE is an environment variable that contains the absolute (this

- is important!) path to the OpenSSL source tree.

- Also, operations like 'make update' should still be made in the source tree.

--- a/sys/src/ape/lib/openssl/LICENSE

+++ /dev/null

@@ -1,127 +1,0 @@

-  LICENSE ISSUES

-  ==============

-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of

-  the OpenSSL License and the original SSLeay license apply to the toolkit.

-  See below for the actual license texts. Actually both licenses are BSD-style

-  Open Source licenses. In case of any license issues related to OpenSSL

-  please contact [email protected].

-  OpenSSL License

-  ---------------

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

- Original SSLeay License

- -----------------------

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

--- a/sys/src/ape/lib/openssl/Makefile

+++ /dev/null

@@ -1,590 +1,0 @@

-### Generated automatically from Makefile.org by Configure.

-##

-## Makefile for OpenSSL

-##

-VERSION=0.9.8g

-MAJOR=0

-MINOR=9.8

-SHLIB_VERSION_NUMBER=0.9.8

-SHLIB_VERSION_HISTORY=

-SHLIB_MAJOR=0

-SHLIB_MINOR=9.8

-SHLIB_EXT=

-PLATFORM=dist

-OPTIONS= no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic

-CONFIGURE_ARGS=dist

-SHLIB_TARGET=

-# HERE indicates where this Makefile lives.  This can be used to indicate

-# where sub-Makefiles are expected to be.  Currently has very limited usage,

-# and should probably not be bothered with at all.

-HERE=.

-# INSTALL_PREFIX is for package builders so that they can configure

-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.

-# Normally it is left empty.

-INSTALL_PREFIX=

-INSTALLTOP=/usr/local/ssl

-# Do not edit this manually. Use Configure --openssldir=DIR do change this!

-OPENSSLDIR=/usr/local/ssl

-# NO_IDEA - Define to build without the IDEA algorithm

-# NO_RC4  - Define to build without the RC4 algorithm

-# NO_RC2  - Define to build without the RC2 algorithm

-# THREADS - Define when building with threads, you will probably also need any

-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]

-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.

-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.

-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).

-# DEVRANDOM - Give this the value of the 'random device' if your OS supports

-#           one.  32 bytes will be read from this when the random

-#           number generator is initalised.

-# SSL_FORBID_ENULL - define if you want the server to be not able to use the

-#           NULL encryption ciphers.

-#

-# LOCK_DEBUG - turns on lots of lock debug output :-)

-# REF_CHECK - turn on some xyz_free() assertions.

-# REF_PRINT - prints some stuff on structure free.

-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff

-# MFUNC - Make all Malloc/Free/Realloc calls call

-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to

-#       call application defined callbacks via CRYPTO_set_mem_functions()

-# MD5_ASM needs to be defined to use the x86 assembler for MD5

-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1

-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160

-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must

-# equal 4.

-# PKCS1_CHECK - pkcs1 tests.

-CC= cc

-CFLAG= -O

-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT

-PEX_LIBS=

-EX_LIBS=

-EXE_EXT=

-ARFLAGS=

-AR=ar $(ARFLAGS) r

-RANLIB= /usr/bin/ranlib

-PERL= /usr/bin/perl

-TAR= tar

-TARFLAGS= --no-recursion

-MAKEDEPPROG=makedepend

-# We let the C compiler driver to take care of .s files. This is done in

-# order to be excused from maintaining a separate set of architecture

-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC

-# gcc, then the driver will automatically translate it to -xarch=v8plus

-# and pass it down to assembler.

-AS=$(CC) -c

-ASFLAG=$(CFLAG)

-# For x86 assembler: Set PROCESSOR to 386 if you want to support

-# the 80386.

-PROCESSOR=

-# CPUID module collects small commonly used assembler snippets

-CPUID_OBJ=

-BN_ASM= bn_asm.o

-DES_ENC= des_enc.o fcrypt_b.o

-AES_ASM_OBJ= aes_core.o aes_cbc.o

-BF_ENC= bf_enc.o

-CAST_ENC= c_enc.o

-RC4_ENC= rc4_enc.o

-RC5_ENC= rc5_enc.o

-MD5_ASM_OBJ=

-SHA1_ASM_OBJ=

-RMD160_ASM_OBJ=

-# KRB5 stuff

-KRB5_INCLUDES=

-LIBKRB5=

-# Zlib stuff

-ZLIB_INCLUDE=

-LIBZLIB=

-DIRS=   crypto ssl engines apps test tools

-SHLIBDIRS= crypto ssl

-# dirs in crypto to build

-SDIRS=  \

-	objects \

-	md2 md4 md5 sha hmac ripemd \

-	des aes rc2 rc4 idea bf cast \

-	bn ec rsa dsa ecdsa dh ecdh dso engine \

-	buffer bio stack lhash rand err \

-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \

-	store pqueue

-# keep in mind that the above list is adjusted by ./Configure

-# according to no-xxx arguments...

-# tests to perform.  "alltests" is a special word indicating that all tests

-# should be performed.

-TESTS = alltests

-MAKEFILE= Makefile

-MANDIR=$(OPENSSLDIR)/man

-MAN1=1

-MAN3=3

-MANSUFFIX=

-SHELL=/bin/sh

-TOP=    .

-ONEDIRS=out tmp

-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS

-WDIRS=  windows

-LIBS=   libcrypto.a libssl.a

-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)

-SHARED_SSL=libssl$(SHLIB_EXT)

-SHARED_LIBS=

-SHARED_LIBS_LINK_EXTS=

-SHARED_LDFLAGS=

-GENERAL=        Makefile

-BASENAME=       openssl

-NAME=           $(BASENAME)-$(VERSION)

-TARFILE=        $(NAME).tar

-WTARFILE=       $(NAME)-win.tar

-EXHEADER=       e_os2.h

-HEADER=         e_os.h

-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc

-# as we stick to -e, CLEARENV ensures that local variables in lower

-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn

-# shell, which [annoyingly enough] terminates unset with error if VAR

-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,

-# which terminates unset with error if no variable was present:-(

-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\

-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\

-		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\

-		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\

-		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\

-		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\

-		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\

-		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS}		\

-		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\

-		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}

-BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \

-		CC='${CC}' CFLAG='${CFLAG}' 			\

-		AS='${CC}' ASFLAG='${CFLAG} -c'			\

-		AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'	\

-		SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'	\

-		INSTALL_PREFIX='${INSTALL_PREFIX}'		\

-		INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'	\

-		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \

-		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\

-		MAKEDEPPROG='${MAKEDEPPROG}'			\

-		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\

-		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\

-		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\

-		SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}'	\

-		PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}'	\

-		CPUID_OBJ='${CPUID_OBJ}'			\

-		BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' 	\

-		AES_ASM_OBJ='${AES_ASM_OBJ}'			\

-		BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}'	\

-		RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}'	\

-		SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'			\

-		MD5_ASM_OBJ='${MD5_ASM_OBJ}'			\

-		RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'		\

-		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=

-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,

-# which in turn eliminates ambiguities in variable treatment with -e.

-# BUILD_CMD is a generic macro to build a given target in a given

-# subdirectory.  The target must be given through the shell variable

-# `target' and the subdirectory to build in must be given through `dir'.

-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or

-# BUILD_ONE_CMD instead.

-#

-# BUILD_ONE_CMD is a macro to build a given target in a given

-# subdirectory if that subdirectory is part of $(DIRS).  It requires

-# exactly the same shell variables as BUILD_CMD.

-#

-# RECURSIVE_BUILD_CMD is a macro to build a given target in all

-# subdirectories defined in $(DIRS).  It requires that the target

-# is given through the shell variable `target'.

-BUILD_CMD=  if [ -d "$$dir" ]; then \

-	    (	cd $$dir && echo "making $$target in $$dir..." && \

-		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \

-	    ) || exit 1; \

-	    fi

-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done

-BUILD_ONE_CMD=\

-	if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \

-		$(BUILD_CMD); \

-	fi

-reflect:

-	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

-sub_all: build_all

-build_all: build_libs build_apps build_tests build_tools

-build_libs: build_crypto build_ssl build_engines

-build_crypto:

-	@dir=crypto; target=all; $(BUILD_ONE_CMD)

-build_ssl:

-	@dir=ssl; target=all; $(BUILD_ONE_CMD)

-build_engines:

-	@dir=engines; target=all; $(BUILD_ONE_CMD)

-build_apps:

-	@dir=apps; target=all; $(BUILD_ONE_CMD)

-build_tests:

-	@dir=test; target=all; $(BUILD_ONE_CMD)

-build_tools:

-	@dir=tools; target=all; $(BUILD_ONE_CMD)

-all_testapps: build_libs build_testapps

-build_testapps:

-	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)

-libcrypto$(SHLIB_EXT): libcrypto.a

-	@if [ "$(SHLIB_TARGET)" != "" ]; then \

-		$(MAKE) SHLIBDIRS=crypto build-shared; \

-	else \

-		echo "There's no support for shared libraries on this platform" >&2; \

-		exit 1; \

-	fi

-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a

-	@if [ "$(SHLIB_TARGET)" != "" ]; then \

-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \

-	else \

-		echo "There's no support for shared libraries on this platform" >&2; \

-		exit 1; \

-	fi

-clean-shared:

-	@set -e; for i in $(SHLIBDIRS); do \

-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \

-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \

-			for j in $${tmp:-x}; do \

-				( set -x; rm -f lib$$i$$j ); \

-			done; \

-		fi; \

-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \

-		if [ "$(PLATFORM)" = "Cygwin" ]; then \

-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \

-		fi; \

-	done

-link-shared:

-	@ set -e; for i in ${SHLIBDIRS}; do \

-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \

-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \

-			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \

-			symlink.$(SHLIB_TARGET); \

-		libs="$$libs -l$$i"; \

-	done

-build-shared: do_$(SHLIB_TARGET) link-shared

-do_$(SHLIB_TARGET):

-	@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \

-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \

-			libs="$(LIBKRB5) $$libs"; \

-		fi; \

-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \

-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \

-			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \

-			LIBDEPS="$$libs $(EX_LIBS)" \

-			link_a.$(SHLIB_TARGET); \

-		libs="-l$$i $$libs"; \

-	done

-libcrypto.pc: Makefile

-	@ ( echo 'prefix=$(INSTALLTOP)'; \

-	    echo 'exec_prefix=$${prefix}'; \

-	    echo 'libdir=$${exec_prefix}/lib'; \

-	    echo 'includedir=$${prefix}/include'; \

-	    echo ''; \

-	    echo 'Name: OpenSSL-libcrypto'; \

-	    echo 'Description: OpenSSL cryptography library'; \

-	    echo 'Version: '$(VERSION); \

-	    echo 'Requires: '; \

-	    echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \

-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc

-libssl.pc: Makefile

-	@ ( echo 'prefix=$(INSTALLTOP)'; \

-	    echo 'exec_prefix=$${prefix}'; \

-	    echo 'libdir=$${exec_prefix}/lib'; \

-	    echo 'includedir=$${prefix}/include'; \

-	    echo ''; \

-	    echo 'Name: OpenSSL'; \

-	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \

-	    echo 'Version: '$(VERSION); \

-	    echo 'Requires: '; \

-	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \

-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc

-openssl.pc: Makefile

-	@ ( echo 'prefix=$(INSTALLTOP)'; \

-	    echo 'exec_prefix=$${prefix}'; \

-	    echo 'libdir=$${exec_prefix}/lib'; \

-	    echo 'includedir=$${prefix}/include'; \

-	    echo ''; \

-	    echo 'Name: OpenSSL'; \

-	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \

-	    echo 'Version: '$(VERSION); \

-	    echo 'Requires: '; \

-	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \

-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc

-Makefile: Makefile.org Configure config

-	@echo "Makefile is older than Makefile.org, Configure or config."

-	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."

-	@false

-libclean:

-	rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib

-clean:	libclean

-	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c

-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)

-	rm -f $(LIBS)

-	rm -f openssl.pc libssl.pc libcrypto.pc

-	rm -f speed.* .pure

-	rm -f $(TARFILE)

-	@set -e; for i in $(ONEDIRS) ;\

-	do \

-	rm -fr $$i/*; \

-	done

-makefile.one: files

-	$(PERL) util/mk1mf.pl >makefile.one; \

-	sh util/do_ms.sh

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO

-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)

-links:

-	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl

-	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)

-	@set -e; target=links; $(RECURSIVE_BUILD_CMD)

-gentests:

-	@(cd test && echo "generating dummy tests (if needed)..." && \

-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );

-dclean:

-	rm -f *.bak

-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)

-rehash: rehash.time

-rehash.time: certs

-	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \

-	  OPENSSL_DEBUG_MEMORY=on; \

-	  export OPENSSL OPENSSL_DEBUG_MEMORY; \

-	  $(PERL) tools/c_rehash certs)

-	touch rehash.time

-test:   tests

-tests: rehash

-	@(cd test && echo "testing..." && \

-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );

-	util/opensslwrap.sh version -a

-report:

-	@$(PERL) util/selftest.pl

-depend:

-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)

-lint:

-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)

-tags:

-	rm -f TAGS

-	find . -name '[^.]*.[ch]' | xargs etags -a

-errors:

-	$(PERL) util/mkerr.pl -recurse -write

-	(cd engines; $(MAKE) PERL=$(PERL) errors)

-	$(PERL) util/ck_errf.pl */*.c */*/*.c

-stacks:

-	$(PERL) util/mkstack.pl -write

-util/libeay.num::

-	$(PERL) util/mkdef.pl crypto update

-util/ssleay.num::

-	$(PERL) util/mkdef.pl ssl update

-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h

-	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h

-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num

-	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h

-apps/openssl-vms.cnf: apps/openssl.cnf

-	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf

-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl

-	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h

-TABLE: Configure

-	(echo 'Output of `Configure TABLE'"':"; \

-	$(PERL) Configure TABLE) > TABLE

-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend

-# Build distribution tar-file. As the list of files returned by "find" is

-# pretty long, on several platforms a "too many arguments" error or similar

-# would occur. Therefore the list of files is temporarily stored into a file

-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal

-# tar does not support the --files-from option.

-tar:

-	find . -type d -print | xargs chmod 755

-	find . -type f -print | xargs chmod a+r

-	find . -type f -perm -0100 -print | xargs chmod a+x

-	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \

-	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \

-	tardy --user_number=0  --user_name=openssl \

-	      --group_number=0 --group_name=openssl \

-	      --prefix=openssl-$(VERSION) - |\

-	gzip --best >../$(TARFILE).gz; \

-	rm -f ../$(TARFILE).list; \

-	ls -l ../$(TARFILE).gz

-tar-snap:

-	@$(TAR) $(TARFLAGS) -cvf - \

-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\

-	tardy --user_number=0  --user_name=openssl \

-	      --group_number=0 --group_name=openssl \

-	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\

-	ls -l ../$(TARFILE)

-dist:

-	$(PERL) Configure dist

-	@$(MAKE) dist_pem_h

-	@$(MAKE) SDIRS='${SDIRS}' clean

-	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar

-dist_pem_h:

-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)

-install: all install_docs install_sw

-install_sw:

-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \

-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \

-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \

-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \

-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \

-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \

-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \

-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private

-	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\

-	do \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)

-	@set -e; for i in $(LIBS) ;\

-	do \

-		if [ -f "$$i" ]; then \

-		(       echo installing $$i; \

-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \

-		fi; \

-	done;

-	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \

-		tmp="$(SHARED_LIBS)"; \

-		for i in $${tmp:-x}; \

-		do \

-			if [ -f "$$i" -o -f "$$i.a" ]; then \

-			(       echo installing $$i; \

-				if [ "$(PLATFORM)" != "Cygwin" ]; then \

-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \

-				else \

-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \

-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \

-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \

-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \

-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \

-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \

-				fi ); \

-			fi; \

-		done; \

-		(	here="`pwd`"; \

-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \

-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \

-		if [ "$(INSTALLTOP)" != "/usr" ]; then \

-			echo 'OpenSSL shared libraries have been installed in:'; \

-			echo '  $(INSTALLTOP)'; \

-			echo ''; \

-			sed -e '1,/^$$/d' doc/openssl-shared.txt; \

-		fi; \

-	fi

-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc

-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc

-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc

-install_docs:

-	@$(PERL) $(TOP)/util/mkdir-p.pl \

-		$(INSTALL_PREFIX)$(MANDIR)/man1 \

-		$(INSTALL_PREFIX)$(MANDIR)/man3 \

-		$(INSTALL_PREFIX)$(MANDIR)/man5 \

-		$(INSTALL_PREFIX)$(MANDIR)/man7

-	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \

-	here="`pwd`"; \

-	filecase=; \

-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \

-		filecase=-i; \

-	fi; \

-	set -e; for i in doc/apps/*.pod; do \

-		fn=`basename $$i .pod`; \

-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \

-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \

-		(cd `$(PERL) util/dirname.pl $$i`; \

-		sh -c "$$pod2man \

-			--section=$$sec --center=OpenSSL \

-			--release=$(VERSION) `basename $$i`") \

-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \

-		$(PERL) util/extract-names.pl < $$i | \

-			(grep -v $$filecase "^$$fn\$$"; true) | \

-			(grep -v "[	]"; true) | \

-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \

-			 while read n; do \

-				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \

-			 done); \

-	done; \

-	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \

-		fn=`basename $$i .pod`; \

-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \

-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \

-		(cd `$(PERL) util/dirname.pl $$i`; \

-		sh -c "$$pod2man \

-			--section=$$sec --center=OpenSSL \

-			--release=$(VERSION) `basename $$i`") \

-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \

-		$(PERL) util/extract-names.pl < $$i | \

-			(grep -v $$filecase "^$$fn\$$"; true) | \

-			(grep -v "[	]"; true) | \

-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \

-			 while read n; do \

-				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \

-			 done); \

-	done

-# DO NOT DELETE THIS LINE -- make depend depends on it.

--- a/sys/src/ape/lib/openssl/NEWS

+++ /dev/null

@@ -1,477 +1,0 @@

-  NEWS

-  ====

-  This file gives a brief overview of the major changes between each OpenSSL

-  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:

-      o Fixes for bugs introduced with 0.9.8f.

-  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:

-      o Add gcc 4.2 support.

-      o Add support for AES and SSE2 assembly lanugauge optimization

-        for VC++ build.

-      o Support for RFC4507bis and server name extensions if explicitly

-        selected at compile time.

-      o DTLS improvements.

-      o RFC4507bis support.

-      o TLS Extensions support.

-  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:

-      o Various ciphersuite selection fixes.

-      o RFC3779 support.

-  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:

-      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)

-      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)

-      o Changes to ciphersuite selection algorithm

-  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:

-      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339

-      o New cipher Camellia

-  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:

-      o Cipher string fixes.

-      o Fixes for VC++ 2005.

-      o Updated ECC cipher suite support.

-      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().

-      o Zlib compression usage fixes.

-      o Built in dynamic engine compilation support on Win32.

-      o Fixes auto dynamic engine loading in Win32.

-  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:

-      o Fix potential SSL 2.0 rollback, CVE-2005-2969

-      o Extended Windows CE support

-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:

-      o Major work on the BIGNUM library for higher efficiency and to

-        make operations more streamlined and less contradictory.  This

-        is the result of a major audit of the BIGNUM library.

-      o Addition of BIGNUM functions for fields GF(2^m) and NIST

-        curves, to support the Elliptic Crypto functions.

-      o Major work on Elliptic Crypto; ECDH and ECDSA added, including

-        the use through EVP, X509 and ENGINE.

-      o New ASN.1 mini-compiler that's usable through the OpenSSL

-        configuration file.

-      o Added support for ASN.1 indefinite length constructed encoding.

-      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.

-      o Complete rework of shared library construction and linking

-        programs with shared or static libraries, through a separate

-        Makefile.shared.

-      o Rework of the passing of parameters from one Makefile to another.

-      o Changed ENGINE framework to load dynamic engine modules

-        automatically from specifically given directories.

-      o New structure and ASN.1 functions for CertificatePair.

-      o Changed the ZLIB compression method to be stateful.

-      o Changed the key-generation and primality testing "progress"

-        mechanism to take a structure that contains the ticker

-        function and an argument.

-      o New engine module: GMP (performs private key exponentiation).

-      o New engine module: VIA PadLOck ACE extension in VIA C3

-        Nehemiah processors.

-      o Added support for IPv6 addresses in certificate extensions.

-        See RFC 1884, section 2.2.

-      o Added support for certificate policy mappings, policy

-        constraints and name constraints.

-      o Added support for multi-valued AVAs in the OpenSSL

-        configuration file.

-      o Added support for multiple certificates with the same subject

-        in the 'openssl ca' index file.

-      o Make it possible to create self-signed certificates using

-        'openssl ca -selfsign'.

-      o Make it possible to generate a serial number file with

-        'openssl ca -create_serial'.

-      o New binary search functions with extended functionality.

-      o New BUF functions.

-      o New STORE structure and library to provide an interface to all

-        sorts of data repositories.  Supports storage of public and

-        private keys, certificates, CRLs, numbers and arbitrary blobs.

-	This library is unfortunately unfinished and unused withing

-	OpenSSL.

-      o New control functions for the error stack.

-      o Changed the PKCS#7 library to support one-pass S/MIME

-        processing.

-      o Added the possibility to compile without old deprecated

-        functionality with the OPENSSL_NO_DEPRECATED macro or the

-        'no-deprecated' argument to the config and Configure scripts.

-      o Constification of all ASN.1 conversion functions, and other

-        affected functions.

-      o Improved platform support for PowerPC.

-      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).

-      o New X509_VERIFY_PARAM structure to support parametrisation

-        of X.509 path validation.

-      o Major overhaul of RC4 performance on Intel P4, IA-64 and

-        AMD64.

-      o Changed the Configure script to have some algorithms disabled

-        by default.  Those can be explicitely enabled with the new

-        argument form 'enable-xxx'.

-      o Change the default digest in 'openssl' commands from MD5 to

-        SHA-1.

-      o Added support for DTLS.

-      o New BIGNUM blinding.

-      o Added support for the RSA-PSS encryption scheme

-      o Added support for the RSA X.931 padding.

-      o Added support for BSD sockets on NetWare.

-      o Added support for files larger than 2GB.

-      o Added initial support for Win64.

-      o Added alternate pkg-config files.

-  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:

-      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)

-      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)

-  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:

-      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339

-  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:

-      o Visual C++ 2005 fixes.

-      o Update Windows build system for FIPS.

-  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:

-      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.

-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:

-      o Fix SSL 2.0 Rollback, CVE-2005-2969

-      o Allow use of fixed-length exponent on DSA signing

-      o Default fixed-window RSA, DSA, DH private-key operations

-  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:

-      o More compilation issues fixed.

-      o Adaptation to more modern Kerberos API.

-      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.

-      o Enhanced x86_64 assembler BIGNUM module.

-      o More constification.

-      o Added processing of proxy certificates (RFC 3820).

-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:

-      o Several compilation issues fixed.

-      o Many memory allocation failure checks added.

-      o Improved comparison of X509 Name type.

-      o Mandatory basic checks on certificates.

-      o Performance improvements.

-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:

-      o Fix race condition in CRL checking code.

-      o Fixes to PKCS#7 (S/MIME) code.

-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:

-      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug

-      o Security: Fix null-pointer assignment in do_change_cipher_spec()

-      o Allow multiple active certificates with same subject in CA index

-      o Multiple X509 verification fixes

-      o Speed up HMAC and other operations

-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:

-      o Security: fix various ASN1 parsing bugs.

-      o New -ignore_err option to OCSP utility.

-      o Various interop and bug fixes in S/MIME code.

-      o SSL/TLS protocol fix for unrequested client certificates.

-  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:

-      o Security: counter the Klima-Pokorny-Rosa extension of

-        Bleichbacher's attack

-      o Security: make RSA blinding default.

-      o Configuration: Irix fixes, AIX fixes, better mingw support.

-      o Support for new platforms: linux-ia64-ecc.

-      o Build: shared library support fixes.

-      o ASN.1: treat domainComponent correctly.

-      o Documentation: fixes and additions.

-  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:

-      o Security: Important security related bugfixes.

-      o Enhanced compatibility with MIT Kerberos.

-      o Can be built without the ENGINE framework.

-      o IA32 assembler enhancements.

-      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.

-      o Configuration: the no-err option now works properly.

-      o SSL/TLS: now handles manual certificate chain building.

-      o SSL/TLS: certain session ID malfunctions corrected.

-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:

-      o New library section OCSP.

-      o Complete rewrite of ASN1 code.

-      o CRL checking in verify code and openssl utility.

-      o Extension copying in 'ca' utility.

-      o Flexible display options in 'ca' utility.

-      o Provisional support for international characters with UTF8.

-      o Support for external crypto devices ('engine') is no longer

-        a separate distribution.

-      o New elliptic curve library section.

-      o New AES (Rijndael) library section.

-      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,

-        Linux x86_64, Linux 64-bit on Sparc v9

-      o Extended support for some platforms: VxWorks

-      o Enhanced support for shared libraries.

-      o Now only builds PIC code when shared library support is requested.

-      o Support for pkg-config.

-      o Lots of new manuals.

-      o Makes symbolic links to or copies of manuals to cover all described

-        functions.

-      o Change DES API to clean up the namespace (some applications link also

-        against libdes providing similar functions having the same name).

-        Provide macros for backward compatibility (will be removed in the

-        future).

-      o Unify handling of cryptographic algorithms (software and engine)

-        to be available via EVP routines for asymmetric and symmetric ciphers.

-      o NCONF: new configuration handling routines.

-      o Change API to use more 'const' modifiers to improve error checking

-        and help optimizers.

-      o Finally remove references to RSAref.

-      o Reworked parts of the BIGNUM code.

-      o Support for new engines: Broadcom ubsec, Accelerated Encryption

-        Processing, IBM 4758.

-      o A few new engines added in the demos area.

-      o Extended and corrected OID (object identifier) table.

-      o PRNG: query at more locations for a random device, automatic query for

-        EGD style random sources at several locations.

-      o SSL/TLS: allow optional cipher choice according to server's preference.

-      o SSL/TLS: allow server to explicitly set new session ids.

-      o SSL/TLS: support Kerberos cipher suites (RFC2712).

-	Only supports MIT Kerberos for now.

-      o SSL/TLS: allow more precise control of renegotiations and sessions.

-      o SSL/TLS: add callback to retrieve SSL/TLS messages.

-      o SSL/TLS: support AES cipher suites (RFC3268).

-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:

-      o Security: fix various ASN1 parsing bugs.

-      o SSL/TLS protocol fix for unrequested client certificates.

-  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:

-      o Security: counter the Klima-Pokorny-Rosa extension of

-        Bleichbacher's attack

-      o Security: make RSA blinding default.

-      o Build: shared library support fixes.

-  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:

-      o Important security related bugfixes.

-  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:

-      o New configuration targets for Tandem OSS and A/UX.

-      o New OIDs for Microsoft attributes.

-      o Better handling of SSL session caching.

-      o Better comparison of distinguished names.

-      o Better handling of shared libraries in a mixed GNU/non-GNU environment.

-      o Support assembler code with Borland C.

-      o Fixes for length problems.

-      o Fixes for uninitialised variables.

-      o Fixes for memory leaks, some unusual crashes and some race conditions.

-      o Fixes for smaller building problems.

-      o Updates of manuals, FAQ and other instructive documents.

-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:

-      o Important building fixes on Unix.

-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:

-      o Various important bugfixes.

-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:

-      o Important security related bugfixes.

-      o Various SSL/TLS library bugfixes.

-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:

-      o Various SSL/TLS library bugfixes.

-      o Fix DH parameter generation for 'non-standard' generators.

-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:

-      o Various SSL/TLS library bugfixes.

-      o BIGNUM library fixes.

-      o RSA OAEP and random number generation fixes.

-      o Object identifiers corrected and added.

-      o Add assembler BN routines for IA64.

-      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,

-        MIPS Linux; shared library support for Irix, HP-UX.

-      o Add crypto accelerator support for AEP, Baltimore SureWare,

-        Broadcom and Cryptographic Appliance's keyserver

-        [in 0.9.6c-engine release].

-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:

-      o Security fix: PRNG improvements.

-      o Security fix: RSA OAEP check.

-      o Security fix: Reinsert and fix countermeasure to Bleichbacher's

-        attack.

-      o MIPS bug fix in BIGNUM.

-      o Bug fix in "openssl enc".

-      o Bug fix in X.509 printing routine.

-      o Bug fix in DSA verification routine and DSA S/MIME verification.

-      o Bug fix to make PRNG thread-safe.

-      o Bug fix in RAND_file_name().

-      o Bug fix in compatibility mode trust settings.

-      o Bug fix in blowfish EVP.

-      o Increase default size for BIO buffering filter.

-      o Compatibility fixes in some scripts.

-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:

-      o Security fix: change behavior of OpenSSL to avoid using

-        environment variables when running as root.

-      o Security fix: check the result of RSA-CRT to reduce the

-        possibility of deducing the private key from an incorrectly

-        calculated signature.

-      o Security fix: prevent Bleichenbacher's DSA attack.

-      o Security fix: Zero the premaster secret after deriving the

-        master secret in DH ciphersuites.

-      o Reimplement SSL_peek(), which had various problems.

-      o Compatibility fix: the function des_encrypt() renamed to

-        des_encrypt1() to avoid clashes with some Unixen libc.

-      o Bug fixes for Win32, HP/UX and Irix.

-      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and

-        memory checking routines.

-      o Bug fixes for RSA operations in threaded environments.

-      o Bug fixes in misc. openssl applications.

-      o Remove a few potential memory leaks.

-      o Add tighter checks of BIGNUM routines.

-      o Shared library support has been reworked for generality.

-      o More documentation.

-      o New function BN_rand_range().

-      o Add "-rand" option to openssl s_client and s_server.

-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:

-      o Some documentation for BIO and SSL libraries.

-      o Enhanced chain verification using key identifiers.

-      o New sign and verify options to 'dgst' application.

-      o Support for DER and PEM encoded messages in 'smime' application.

-      o New 'rsautl' application, low level RSA utility.

-      o MD4 now included.

-      o Bugfix for SSL rollback padding check.

-      o Support for external crypto devices [1].

-      o Enhanced EVP interface.

-    [1] The support for external crypto devices is currently a separate

-        distribution.  See the file README.ENGINE.

-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:

-      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8

-      o Shared library support for HPUX and Solaris-gcc

-      o Support of Linux/IA64

-      o Assembler support for Mingw32

-      o New 'rand' application

-      o New way to check for existence of algorithms from scripts

-  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

-      o S/MIME support in new 'smime' command

-      o Documentation for the OpenSSL command line application

-      o Automation of 'req' application

-      o Fixes to make s_client, s_server work under Windows

-      o Support for multiple fieldnames in SPKACs

-      o New SPKAC command line utilty and associated library functions

-      o Options to allow passwords to be obtained from various sources

-      o New public key PEM format and options to handle it

-      o Many other fixes and enhancements to command line utilities

-      o Usable certificate chain verification

-      o Certificate purpose checking

-      o Certificate trust settings

-      o Support of authority information access extension

-      o Extensions in certificate requests

-      o Simplified X509 name and attribute routines

-      o Initial (incomplete) support for international character sets

-      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD

-      o Read only memory BIOs and simplified creation function

-      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0

-        record; allow fragmentation and interleaving of handshake and other

-        data

-      o TLS/SSL code now "tolerates" MS SGC

-      o Work around for Netscape client certificate hang bug

-      o RSA_NULL option that removes RSA patent code but keeps other

-        RSA functionality

-      o Memory leak detection now allows applications to add extra information

-        via a per-thread stack

-      o PRNG robustness improved

-      o EGD support

-      o BIGNUM library bug fixes

-      o Faster DSA parameter generation

-      o Enhanced support for Alpha Linux

-      o Experimental MacOS support

-  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:

-      o Transparent support for PKCS#8 format private keys: these are used

-        by several software packages and are more secure than the standard

-        form

-      o PKCS#5 v2.0 implementation

-      o Password callbacks have a new void * argument for application data

-      o Avoid various memory leaks

-      o New pipe-like BIO that allows using the SSL library when actual I/O

-        must be handled by the application (BIO pair)

-  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:

-      o Lots of enhancements and cleanups to the Configuration mechanism

-      o RSA OEAP related fixes

-      o Added `openssl ca -revoke' option for revoking a certificate

-      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs

-      o Source tree cleanups: removed lots of obsolete files

-      o Thawte SXNet, certificate policies and CRL distribution points

-        extension support

-      o Preliminary (experimental) S/MIME support

-      o Support for ASN.1 UTF8String and VisibleString

-      o Full integration of PKCS#12 code

-      o Sparc assembler bignum implementation, optimized hash functions

-      o Option to disable selected ciphers

-  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:

-      o Fixed a security hole related to session resumption

-      o Fixed RSA encryption routines for the p < q case

-      o "ALL" in cipher lists now means "everything except NULL ciphers"

-      o Support for Triple-DES CBCM cipher

-      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA

-      o First support for new TLSv1 ciphers

-      o Added a few new BIOs (syslog BIO, reliable BIO)

-      o Extended support for DSA certificate/keys.

-      o Extended support for Certificate Signing Requests (CSR)

-      o Initial support for X.509v3 extensions

-      o Extended support for compression inside the SSL record layer

-      o Overhauled Win32 builds

-      o Cleanups and fixes to the Big Number (BN) library

-      o Support for ASN.1 GeneralizedTime

-      o Splitted ASN.1 SETs from SEQUENCEs

-      o ASN1 and PEM support for Netscape Certificate Sequences

-      o Overhauled Perl interface

-      o Lots of source tree cleanups.

-      o Lots of memory leak fixes.

-      o Lots of bug fixes.

-  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:

-      o Integration of the popular NO_RSA/NO_DSA patches

-      o Initial support for compression inside the SSL record layer

-      o Added BIO proxy and filtering functionality

-      o Extended Big Number (BN) library

-      o Added RIPE MD160 message digest

-      o Addeed support for RC2/64bit cipher

-      o Extended ASN.1 parser routines

-      o Adjustations of the source tree for CVS

-      o Support for various new platforms

--- a/sys/src/ape/lib/openssl/PROBLEMS

+++ /dev/null

@@ -1,197 +1,0 @@

-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.

-    NOTE: The problem described here only applies when OpenSSL isn't built

-    with shared library support (i.e. without the "shared" configuration

-    option).  If you build with shared library support, you will have no

-    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.

-This is really a misfeature in ld, which seems to look for .dylib libraries

-along the whole library path before it bothers looking for .a libraries.  This

-means that -L switches won't matter unless OpenSSL is built with shared

-library support.

-The workaround may be to change the following lines in apps/Makefile and

-test/Makefile:

-  LIBCRYPTO=-L.. -lcrypto

-  LIBSSL=-L.. -lssl

-to:

-  LIBCRYPTO=../libcrypto.a

-  LIBSSL=../libssl.a

-It's possible that something similar is needed for shared library support

-as well.  That hasn't been well tested yet.

-Another solution that many seem to recommend is to move the libraries

-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different

-directory, build and install OpenSSL and anything that depends on your

-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their

-original places.  Note that the version numbers on those two libraries

-may differ on your machine.

-As long as Apple doesn't fix the problem with ld, this problem building

-OpenSSL will remain as is.

-* Parallell make leads to errors

-While running tests, running a parallell make is a bad idea.  Many test

-scripts use the same name for output and input files, which means different

-will interfere with each other and lead to test failure.

-The solution is simple for now: don't run parallell make when testing.

-* Bugs in gcc triggered

-- According to a problem report, there are bugs in gcc 3.0 that are

-  triggered by some of the code in OpenSSL, more specifically in

-  PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:

-	header+=11;

-	if (*header != '4') return(0); header++;

-	if (*header != ',') return(0); header++;

-  What happens is that gcc might optimize a little too agressively, and

-  you end up with an extra incrementation when *header != '4'.

-  We recommend that you upgrade gcc to as high a 3.x version as you can.

-- According to multiple problem reports, some of our message digest

-  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64

-  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while

-  latter - SHA one.

-  The recomendation is to upgrade your compiler. This naturally applies to

-  other similar cases.

-- There is a subtle Solaris x86-specific gcc run-time environment bug, which

-  "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug

-  manifests itself as Segmentation Fault upon early application start-up.

-  The problem can be worked around by patching the environment according to

-  http://www.openssl.org/~appro/values.c.

-* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.

-As subject suggests SHA-1 might perform poorly (4 times slower)

-if compiled with WorkShop 6 compiler and -xarch=v9. The cause for

-this seems to be the fact that compiler emits multiplication to

-perform shift operations:-( To work the problem around configure

-with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.

-* Problems with hp-parisc2-cc target when used with "no-asm" flag

-When using the hp-parisc2-cc target, wrong bignum code is generated.

-This is due to the SIXTY_FOUR_BIT build being compiled with the +O3

-aggressive optimization.

-The problem manifests itself by the BN_kronecker test hanging in an

-endless loop. Reason: the BN_kronecker test calls BN_generate_prime()

-which itself hangs. The reason could be tracked down to the bn_mul_comba8()

-function in bn_asm.c. At some occasions the higher 32bit value of r[7]

-is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,

-as no debugger support possible at +O3 and additional fprintf()'s

-introduced fixed the bug, therefore it is most likely a bug in the

-optimizer.

-The bug was found in the BN_kronecker test but may also lead to

-failures in other parts of the code.

-(See Ticket #426.)

-Workaround: modify the target to +O2 when building with no-asm.

-* Problems building shared libraries on SCO OpenServer Release 5.0.6

-  with gcc 2.95.3

-The symptoms appear when running the test suite, more specifically

-test/ectest, with the following result:

-OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest

-ectest.c:186: ABORT

-The cause of the problem seems to be that isxdigit(), called from

-BN_hex2bn(), returns 0 on a perfectly legitimate hex digit.  Further

-investigation shows that any of the isxxx() macros return 0 on any

-input.  A direct look in the information array that the isxxx() use,

-called __ctype, shows that it contains all zeroes...

-Taking a look at the newly created libcrypto.so with nm, one can see

-that the variable __ctype is defined in libcrypto's .bss (which

-explains why it is filled with zeroes):

-$ nm -Pg libcrypto.so | grep __ctype

-__ctype B 0011659c

-__ctype2 U

-Curiously, __ctype2 is undefined, in spite of being declared in

-/usr/include/ctype.h in exactly the same way as __ctype.

-Any information helping to solve this issue would be deeply

-appreciated.

-NOTE: building non-shared doesn't come with this problem.

-* ULTRIX build fails with shell errors, such as "bad substitution"

-  and "test: argument expected"

-The problem is caused by ULTRIX /bin/sh supporting only original

-Bourne shell syntax/semantics, and the trouble is that the vast

-majority is so accustomed to more modern syntax, that very few

-people [if any] would recognize the ancient syntax even as valid.

-This inevitably results in non-trivial scripts breaking on ULTRIX,

-and OpenSSL isn't an exclusion. Fortunately there is workaround,

-hire /bin/ksh to do the job /bin/sh fails to do.

-1. Trick make(1) to use /bin/ksh by setting up following environ-

-   ment variables *prior* you execute ./Configure and make:

-	PROG_ENV=POSIX

-	MAKESHELL=/bin/ksh

-	export PROG_ENV MAKESHELL

-   or if your shell is csh-compatible:

-	setenv PROG_ENV POSIX

-	setenv MAKESHELL /bin/ksh

-2. Trick /bin/sh to use alternative expression evaluator. Create

-   following 'test' script for example in /tmp:

-	#!/bin/ksh

-	${0##*/} "$@"

-   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*

-   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-

-   natively just replace system /bin/test and /bin/[ with the

-   above script.

-* hpux64-ia64-cc fails blowfish test.

-Compiler bug, presumably at particular patch level. It should be noted

-that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc

-target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.

-* no-engines generates errors.

-Unfortunately, the 'no-engines' configuration option currently doesn't

-work properly.  Use 'no-hw' and you'll will at least get no hardware

-support.  We'll see how we fix that on OpenSSL versions past 0.9.8.

-* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]

-  if elder GNU binutils were deployed to link shared libcrypto.so.

-As subject suggests the failure is caused by a bug in elder binutils,

-either as or ld, and was observed on FreeBSD and Linux. There are two

-options. First is naturally to upgrade binutils, the second one - to

-reconfigure with additional no-sse2 [or 386] option passed to ./config.

-* If configured with ./config no-dso, toolkit still gets linked with -ldl,

-  which most notably poses a problem when linking with dietlibc.

-We don't have framework to associate -ldl with no-dso, therefore the only

-way is to edit Makefile right after ./config no-dso and remove -ldl from

-EX_LIBS line.

--- a/sys/src/ape/lib/openssl/README

+++ /dev/null

@@ -1,201 +1,0 @@

- OpenSSL 0.9.8g

- Copyright (c) 1998-2007 The OpenSSL Project

- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

- All rights reserved.

- DESCRIPTION

- -----------

- The OpenSSL Project is a collaborative effort to develop a robust,

- commercial-grade, fully featured, and Open Source toolkit implementing the

- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)

- protocols as well as a full-strength general purpose cryptography library.

- The project is managed by a worldwide community of volunteers that use the

- Internet to communicate, plan, and develop the OpenSSL toolkit and its

- related documentation.

- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young

- and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the

- OpenSSL license plus the SSLeay license) situation, which basically means

- that you are free to get and use it for commercial and non-commercial

- purposes as long as you fulfill the conditions of both licenses.

- OVERVIEW

- --------

- The OpenSSL toolkit includes:

- libssl.a:

-     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support

-     both SSLv2, SSLv3 and TLSv1 in the one server and client.

- libcrypto.a:

-     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not

-     actually logically part of it. It includes routines for the following:

-     Ciphers

-        libdes - EAY's libdes DES encryption package which was floating

-                 around the net for a few years, and was then relicensed by

-                 him as part of SSLeay.  It includes 15 'modes/variations'

-                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;

-                 pcbc and a more general form of cfb and ofb) including desx

-                 in cbc mode, a fast crypt(3), and routines to read

-                 passwords from the keyboard.

-        RC4 encryption,

-        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.

-        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.

-        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.

-     Digests

-        MD5 and MD2 message digest algorithms, fast implementations,

-        SHA (SHA-0) and SHA-1 message digest algorithms,

-        MDC2 message digest. A DES based hash that is popular on smart cards.

-     Public Key

-        RSA encryption/decryption/generation.

-            There is no limit on the number of bits.

-        DSA encryption/decryption/generation.

-            There is no limit on the number of bits.

-        Diffie-Hellman key-exchange/key generation.

-            There is no limit on the number of bits.

-     X.509v3 certificates

-        X509 encoding/decoding into/from binary ASN1 and a PEM

-             based ASCII-binary encoding which supports encryption with a

-             private key.  Program to generate RSA and DSA certificate

-             requests and to generate RSA and DSA certificates.

-     Systems

-        The normal digital envelope routines and base64 encoding.  Higher

-        level access to ciphers and digests by name.  New ciphers can be

-        loaded at run time.  The BIO io system which is a simple non-blocking

-        IO abstraction.  Current methods supported are file descriptors,

-        sockets, socket accept, socket connect, memory buffer, buffering, SSL

-        client/server, file pointer, encryption, digest, non-blocking testing

-        and null.

-     Data structures

-        A dynamically growing hashing system

-        A simple stack.

-        A Configuration loader that uses a format similar to MS .ini files.

- openssl:

-     A command line tool that can be used for:

-        Creation of RSA, DH and DSA key parameters

-        Creation of X.509 certificates, CSRs and CRLs

-        Calculation of Message Digests

-        Encryption and Decryption with Ciphers

-        SSL/TLS Client and Server Tests

-        Handling of S/MIME signed or encrypted mail

- PATENTS

- -------

- Various companies hold various patents for various algorithms in various

- locations around the world. _YOU_ are responsible for ensuring that your use

- of any algorithms is legal by checking if there are any patents in your

- country.  The file contains some of the patents that we know about or are

- rumored to exist. This is not a definitive list.

- RSA Security holds software patents on the RC5 algorithm.  If you

- intend to use this cipher, you must contact RSA Security for

- licensing conditions. Their web page is http://www.rsasecurity.com/.

- RC4 is a trademark of RSA Security, so use of this label should perhaps

- only be used with RSA Security's permission.

- The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,

- Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They

- should be contacted if that algorithm is to be used; their web page is

- http://www.ascom.ch/.

- The MDC2 algorithm is patented by IBM.

- NTT and Mitsubishi have patents and pending patents on the Camellia

- algorithm, but allow use at no charge without requiring an explicit

- licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html

- INSTALLATION

- ------------

- To install this package under a Unix derivative, read the INSTALL file.  For

- a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read

- INSTALL.VMS.

- Read the documentation in the doc/ directory.  It is quite rough, but it

- lists the functions; you will probably have to look at the code to work out

- how to use them. Look at the example programs.

- PROBLEMS

- --------

- For some platforms, there are some known problems that may affect the user

- or application author.  We try to collect those in doc/PROBLEMS, with current

- thoughts on how they should be solved in a future of OpenSSL.

- SUPPORT

- -------

- If you have any problems with OpenSSL then please take the following steps

- first:

-    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/

-      to see if the problem has already been addressed

-    - Remove ASM versions of libraries

-    - Remove compiler optimisation flags

- If you wish to report a bug then please include the following information in

- any bug report:

-    - On Unix systems:

-        Self-test report generated by 'make report'

-    - On other systems:

-        OpenSSL version: output of 'openssl version -a'

-        OS Name, Version, Hardware platform

-        Compiler Details (name, version)

-    - Application Details (name, version)

-    - Problem Description (steps that will reproduce the problem, if known)

-    - Stack Traceback (if the application dumps core)

- Report the bug to the OpenSSL project via the Request Tracker

- (http://www.openssl.org/support/rt2.html) by mail to:

-    [email protected]

- Note that mail to [email protected] is recorded in the publicly

- readable request tracker database and is forwarded to a public

- mailing list. Confidential mail may be sent to [email protected]

- (PGP key available from the key servers).

- HOW TO CONTRIBUTE TO OpenSSL

- ----------------------------

- Development is coordinated on the openssl-dev mailing list (see

- http://www.openssl.org for information on subscribing). If you

- would like to submit a patch, send it to [email protected] with

- the string "[PATCH]" in the subject. Please be sure to include a

- textual explanation of what your patch does.

- Note: For legal reasons, contributions from the US can be accepted only

- if a TSU notification and a copy of the patch are sent to [email protected]

- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;

- please take some time to look at

-    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]

- and

-    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))

- for the details. If "your encryption source code is too large to serve as

- an email attachment", they are glad to receive it by fax instead; hope you

- have a cheap long-distance plan.

- Our preferred format for changes is "diff -u" output. You might

- generate it like this:

- # cd openssl-work

- # [your changes]

- # ./Configure dist; make clean

- # cd ..

- # diff -ur openssl-orig openssl-work > mydiffs.patch

--- a/sys/src/ape/lib/openssl/README.ASN1

+++ /dev/null

@@ -1,187 +1,0 @@

-OpenSSL ASN1 Revision

-=====================

-This document describes some of the issues relating to the new ASN1 code.

-Previous OpenSSL ASN1 problems

-=============================

-OK why did the OpenSSL ASN1 code need revising in the first place? Well

-there are lots of reasons some of which are included below...

-1. The code is difficult to read and write. For every single ASN1 structure

-(e.g. SEQUENCE) four functions need to be written for new, free, encode and

-decode operations. This is a very painful and error prone operation. Very few

-people have ever written any OpenSSL ASN1 and those that have usually wish

-they hadn't.

-2. Partly because of 1. the code is bloated and takes up a disproportionate

-amount of space. The SEQUENCE encoder is particularly bad: it essentially

-contains two copies of the same operation, one to compute the SEQUENCE length

-and the other to encode it.

-3. The code is memory based: that is it expects to be able to read the whole

-structure from memory. This is fine for small structures but if you have a

-(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...

-4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily

-changing the tag to the expected one, attempting to read it, then changing it

-back again. This means that decode buffers have to be writable even though they

-are ultimately unchanged. This gets in the way of constification.

-5. The handling of EXPLICIT isn't much better. It adds a chunk of code into

-the decoder and encoder for every EXPLICIT tag.

-6. APPLICATION and PRIVATE tags aren't even supported at all.

-7. Even IMPLICIT isn't complete: there is no support for implicitly tagged

-types that are not OPTIONAL.

-8. Much of the code assumes that a tag will fit in a single octet. This is

-only true if the tag is 30 or less (mercifully tags over 30 are rare).

-9. The ASN1 CHOICE type has to be largely handled manually, there aren't any

-macros that properly support it.

-10. Encoders have no concept of OPTIONAL and have no error checking. If the

-passed structure contains a NULL in a mandatory field it will not be encoded,

-resulting in an invalid structure.

-11. It is tricky to add ASN1 encoders and decoders to external applications.

-Template model

-==============

-One of the major problems with revision is the sheer volume of the ASN1 code.

-Attempts to change (for example) the IMPLICIT behaviour would result in a

-modification of *every* single decode function.

-I decided to adopt a template based approach. I'm using the term 'template'

-in a manner similar to SNACC templates: it has nothing to do with C++

-templates.

-A template is a description of an ASN1 module as several constant C structures.

-It describes in a machine readable way exactly how the ASN1 structure should

-behave. If this template contains enough detail then it is possible to write

-versions of new, free, encode, decode (and possibly others operations) that

-operate on templates.

-Instead of having to write code to handle each operation only a single

-template needs to be written. If new operations are needed (such as a 'print'

-operation) only a single new template based function needs to be written

-which will then automatically handle all existing templates.

-Plans for revision

-==================

-The revision will consist of the following steps. Other than the first two

-these can be handled in any order.

-o Design and write template new, free, encode and decode operations, initially

-memory based. *DONE*

-o Convert existing ASN1 code to template form. *IN PROGRESS*

-o Convert an existing ASN1 compiler (probably SNACC) to output templates

-in OpenSSL form.

-o Add support for BIO based ASN1 encoders and decoders to handle large

-structures, initially blocking I/O.

-o Add support for non blocking I/O: this is quite a bit harder than blocking

-I/O.

-o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute

-certificates etc etc.

-Description of major changes

-============================

-The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is

-absent. The meaning of absent depends on the context. If for example the

-boolean type is DEFAULT FALSE (as in the case of the critical flag for

-certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.

-Usually the value will only ever be read via an API which will hide this from

-an application.

-There is an evil bug in the old ASN1 code that mishandles OPTIONAL with

-SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The

-old code would omit the structure if the STACK was NULL (which is fine) or if

-it had zero elements (which is NOT OK). This causes problems because an empty

-SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when

-it is encoded it will be omitted resulting in different encodings. The new code

-only omits the encoding if the STACK is NULL, if it contains zero elements it

-is encoded and empty. There is an additional problem though: because an empty

-STACK was omitted, sometimes the corresponding *_new() function would

-initialize the STACK to empty so an application could immediately use it, if

-this is done with the new code (i.e. a NULL) it wont work. Therefore a new

-STACK should be allocated first. One instance of this is the X509_CRL list of

-revoked certificates: a helper function X509_CRL_add0_revoked() has been added

-for this purpose.

-The X509_ATTRIBUTE structure used to have an element called 'set' which took

-the value 1 if the attribute value was a SET OF or 0 if it was a single. Due

-to the behaviour of CHOICE in the new code this has been changed to a field

-called 'single' which is 0 for a SET OF and 1 for single. The old field has

-been deleted to deliberately break source compatibility. Since this structure

-is normally accessed via higher level functions this shouldn't break too much.

-The X509_REQ_INFO certificate request info structure no longer has a field

-called 'req_kludge'. This used to be set to 1 if the attributes field was

-(incorrectly) omitted. You can check to see if the field is omitted now by

-checking if the attributes field is NULL. Similarly if you need to omit

-the field then free attributes and set it to NULL.

-The top level 'detached' field in the PKCS7 structure is no longer set when

-a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.

-The behaviour of PKCS7_get_detached() is unaffected.

-The values of 'type' in the GENERAL_NAME structure have changed. This is

-because the old code use the ASN1 initial octet as the selector. The new

-code uses the index in the ASN1_CHOICE template.

-The DIST_POINT_NAME structure has changed to be a true CHOICE type.

-typedef struct DIST_POINT_NAME_st {

-int type;

-union {

-	STACK_OF(GENERAL_NAME) *fullname;

-	STACK_OF(X509_NAME_ENTRY) *relativename;

-} name;

-} DIST_POINT_NAME;

-This means that name.fullname or name.relativename should be set

-and type reflects the option. That is if name.fullname is set then

-type is 0 and if name.relativename is set type is 1.

-With the old code using the i2d functions would typically involve:

-unsigned char *buf, *p;

-int len;

-/* Find length of encoding */

-len = i2d_SOMETHING(x, NULL);

-/* Allocate buffer */

-buf = OPENSSL_malloc(len);

-if(buf == NULL) {

-	/* Malloc error */

-}

-/* Use temp variable because &p gets updated to point to end of

- * encoding.

- */

-p = buf;

-i2d_SOMETHING(x, &p);

-Using the new i2d you can also do:

-unsigned char *buf = NULL;

-int len;

-len = i2d_SOMETHING(x, &buf);

-if(len < 0) {

-	/* Malloc error */

-}

-and it will automatically allocate and populate a buffer with the

-encoding. After this call 'buf' will point to the start of the

-encoding which is len bytes long.

--- a/sys/src/ape/lib/openssl/README.ENGINE

+++ /dev/null

@@ -1,289 +1,0 @@

-  ENGINE

-  ======

-  With OpenSSL 0.9.6, a new component was added to support alternative

-  cryptography implementations, most commonly for interfacing with external

-  crypto devices (eg. accelerator cards). This component is called ENGINE,

-  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)

-  caused a little confusion as 0.9.6** releases were rolled in two

-  versions, a "standard" and an "engine" version. In development for 0.9.7,

-  the ENGINE code has been merged into the main branch and will be present

-  in the standard releases from 0.9.7 forwards.

-  There are currently built-in ENGINE implementations for the following

-  crypto devices:

-      o CryptoSwift

-      o Compaq Atalla

-      o nCipher CHIL

-      o Nuron

-      o Broadcom uBSec

-  In addition, dynamic binding to external ENGINE implementations is now

-  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"

-  section below for details.

-  At this stage, a number of things are still needed and are being worked on:

-      1 Integration of EVP support.

-      2 Configuration support.

-      3 Documentation!

-1 With respect to EVP, this relates to support for ciphers and digests in

-  the ENGINE model so that alternative implementations of existing

-  algorithms/modes (or previously unimplemented ones) can be provided by

-  ENGINE implementations.

-2 Configuration support currently exists in the ENGINE API itself, in the

-  form of "control commands". These allow an application to expose to the

-  user/admin the set of commands and parameter types a given ENGINE

-  implementation supports, and for an application to directly feed string

-  based input to those ENGINEs, in the form of name-value pairs. This is an

-  extensible way for ENGINEs to define their own "configuration" mechanisms

-  that are specific to a given ENGINE (eg. for a particular hardware

-  device) but that should be consistent across *all* OpenSSL-based

-  applications when they use that ENGINE. Work is in progress (or at least

-  in planning) for supporting these control commands from the CONF (or

-  NCONF) code so that applications using OpenSSL's existing configuration

-  file format can have ENGINE settings specified in much the same way.

-  Presently however, applications must use the ENGINE API itself to provide

-  such functionality. To see first hand the types of commands available

-  with the various compiled-in ENGINEs (see further down for dynamic

-  ENGINEs), use the "engine" openssl utility with full verbosity, ie;

-       openssl engine -vvvv

-3 Documentation? Volunteers welcome! The source code is reasonably well

-  self-documenting, but some summaries and usage instructions are needed -

-  moreover, they are needed in the same POD format the existing OpenSSL

-  documentation is provided in. Any complete or incomplete contributions

-  would help make this happen.

-  STABILITY & BUG-REPORTS

-  =======================

-  What already exists is fairly stable as far as it has been tested, but

-  the test base has been a bit small most of the time. For the most part,

-  the vendors of the devices these ENGINEs support have contributed to the

-  development and/or testing of the implementations, and *usually* (with no

-  guarantees) have experience in using the ENGINE support to drive their

-  devices from common OpenSSL-based applications. Bugs and/or inexplicable

-  behaviour in using a specific ENGINE implementation should be sent to the

-  author of that implementation (if it is mentioned in the corresponding C

-  file), and in the case of implementations for commercial hardware

-  devices, also through whatever vendor support channels are available.  If

-  none of this is possible, or the problem seems to be something about the

-  ENGINE API itself (ie. not necessarily specific to a particular ENGINE

-  implementation) then you should mail complete details to the relevant

-  OpenSSL mailing list. For a definition of "complete details", refer to

-  the OpenSSL "README" file. As for which list to send it to;

-     openssl-users: if you are *using* the ENGINE abstraction, either in an

-          pre-compiled application or in your own application code.

-     openssl-dev: if you are discussing problems with OpenSSL source code.

-  USAGE

-  =====

-  The default "openssl" ENGINE is always chosen when performing crypto

-  operations unless you specify otherwise. You must actively tell the

-  openssl utility commands to use anything else through a new command line

-  switch called "-engine". Also, if you want to use the ENGINE support in

-  your own code to do something similar, you must likewise explicitly

-  select the ENGINE implementation you want.

-  Depending on the type of hardware, system, and configuration, "settings"

-  may need to be applied to an ENGINE for it to function as expected/hoped.

-  The recommended way of doing this is for the application to support

-  ENGINE "control commands" so that each ENGINE implementation can provide

-  whatever configuration primitives it might require and the application

-  can allow the user/admin (and thus the hardware vendor's support desk

-  also) to provide any such input directly to the ENGINE implementation.

-  This way, applications do not need to know anything specific to any

-  device, they only need to provide the means to carry such user/admin

-  input through to the ENGINE in question. Ie. this connects *you* (and

-  your helpdesk) to the specific ENGINE implementation (and device), and

-  allows application authors to not get buried in hassle supporting

-  arbitrary devices they know (and care) nothing about.

-  A new "openssl" utility, "openssl engine", has been added in that allows

-  for testing and examination of ENGINE implementations. Basic usage

-  instructions are available by specifying the "-?" command line switch.

-  DYNAMIC ENGINES

-  ===============

-  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE

-  implementations that aren't pre-compiled and linked into OpenSSL-based

-  applications. This could be because existing compiled-in implementations

-  have known problems and you wish to use a newer version with an existing

-  application. It could equally be because the application (or OpenSSL

-  library) you are using simply doesn't have support for the ENGINE you

-  wish to use, and the ENGINE provider (eg. hardware vendor) is providing

-  you with a self-contained implementation in the form of a shared-library.

-  The other use-case for "dynamic" is with applications that wish to

-  maintain the smallest foot-print possible and so do not link in various

-  ENGINE implementations from OpenSSL, but instead leaves you to provide

-  them, if you want them, in the form of "dynamic"-loadable

-  shared-libraries. It should be possible for hardware vendors to provide

-  their own shared-libraries to support arbitrary hardware to work with

-  applications based on OpenSSL 0.9.7 or later. If you're using an

-  application based on 0.9.7 (or later) and the support you desire is only

-  announced for versions later than the one you need, ask the vendor to

-  backport their ENGINE to the version you need.

-  How does "dynamic" work?

-  ------------------------

-    The dynamic ENGINE has a special flag in its implementation such that

-    every time application code asks for the 'dynamic' ENGINE, it in fact

-    gets its own copy of it. As such, multi-threaded code (or code that

-    multiplexes multiple uses of 'dynamic' in a single application in any

-    way at all) does not get confused by 'dynamic' being used to do many

-    independent things. Other ENGINEs typically don't do this so there is

-    only ever 1 ENGINE structure of its type (and reference counts are used

-    to keep order). The dynamic ENGINE itself provides absolutely no

-    cryptographic functionality, and any attempt to "initialise" the ENGINE

-    automatically fails. All it does provide are a few "control commands"

-    that can be used to control how it will load an external ENGINE

-    implementation from a shared-library. To see these control commands,

-    use the command-line;

-       openssl engine -vvvv dynamic

-    The "SO_PATH" control command should be used to identify the

-    shared-library that contains the ENGINE implementation, and "NO_VCHECK"

-    might possibly be useful if there is a minor version conflict and you

-    (or a vendor helpdesk) is convinced you can safely ignore it.

-    "ID" is probably only needed if a shared-library implements

-    multiple ENGINEs, but if you know the engine id you expect to be using,

-    it doesn't hurt to specify it (and this provides a sanity check if

-    nothing else). "LIST_ADD" is only required if you actually wish the

-    loaded ENGINE to be discoverable by application code later on using the

-    ENGINE's "id". For most applications, this isn't necessary - but some

-    application authors may have nifty reasons for using it. The "LOAD"

-    command is the only one that takes no parameters and is the command

-    that uses the settings from any previous commands to actually *load*

-    the shared-library ENGINE implementation. If this command succeeds, the

-    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE

-    that has been loaded from the shared-library. As such, any control

-    commands supported by the loaded ENGINE could then be executed as per

-    normal. Eg. if ENGINE "foo" is implemented in the shared-library

-    "libfoo.so" and it supports some special control command "CMD_FOO", the

-    following code would load and use it (NB: obviously this code has no

-    error checking);

-       ENGINE *e = ENGINE_by_id("dynamic");

-       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);

-       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);

-       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);

-       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);

-    For testing, the "openssl engine" utility can be useful for this sort

-    of thing. For example the above code excerpt would achieve much the

-    same result as;

-       openssl engine dynamic \

-                 -pre SO_PATH:/lib/libfoo.so \

-                 -pre ID:foo \

-                 -pre LOAD \

-                 -pre "CMD_FOO:some input data"

-    Or to simply see the list of commands supported by the "foo" ENGINE;

-       openssl engine -vvvv dynamic \

-                 -pre SO_PATH:/lib/libfoo.so \

-                 -pre ID:foo \

-                 -pre LOAD

-    Applications that support the ENGINE API and more specifically, the

-    "control commands" mechanism, will provide some way for you to pass

-    such commands through to ENGINEs. As such, you would select "dynamic"

-    as the ENGINE to use, and the parameters/commands you pass would

-    control the *actual* ENGINE used. Each command is actually a name-value

-    pair and the value can sometimes be omitted (eg. the "LOAD" command).

-    Whilst the syntax demonstrated in "openssl engine" uses a colon to

-    separate the command name from the value, applications may provide

-    their own syntax for making that separation (eg. a win32 registry

-    key-value pair may be used by some applications). The reason for the

-    "-pre" syntax in the "openssl engine" utility is that some commands

-    might be issued to an ENGINE *after* it has been initialised for use.

-    Eg. if an ENGINE implementation requires a smart-card to be inserted

-    during initialisation (or a PIN to be typed, or whatever), there may be

-    a control command you can issue afterwards to "forget" the smart-card

-    so that additional initialisation is no longer possible. In

-    applications such as web-servers, where potentially volatile code may

-    run on the same host system, this may provide some arguable security

-    value. In such a case, the command would be passed to the ENGINE after

-    it has been initialised for use, and so the "-post" switch would be

-    used instead. Applications may provide a different syntax for

-    supporting this distinction, and some may simply not provide it at all

-    ("-pre" is almost always what you're after, in reality).

-  How do I build a "dynamic" ENGINE?

-  ----------------------------------

-    This question is trickier - currently OpenSSL bundles various ENGINE

-    implementations that are statically built in, and any application that

-    calls the "ENGINE_load_builtin_engines()" function will automatically

-    have all such ENGINEs available (and occupying memory). Applications

-    that don't call that function have no ENGINEs available like that and

-    would have to use "dynamic" to load any such ENGINE - but on the other

-    hand such applications would only have the memory footprint of any

-    ENGINEs explicitly loaded using user/admin provided control commands.

-    The main advantage of not statically linking ENGINEs and only using

-    "dynamic" for hardware support is that any installation using no

-    "external" ENGINE suffers no unnecessary memory footprint from unused

-    ENGINEs. Likewise, installations that do require an ENGINE incur the

-    overheads from only *that* ENGINE once it has been loaded.

-    Sounds good? Maybe, but currently building an ENGINE implementation as

-    a shared-library that can be loaded by "dynamic" isn't automated in

-    OpenSSL's build process. It can be done manually quite easily however.

-    Such a shared-library can either be built with any OpenSSL code it

-    needs statically linked in, or it can link dynamically against OpenSSL

-    if OpenSSL itself is built as a shared library. The instructions are

-    the same in each case, but in the former (statically linked any

-    dependencies on OpenSSL) you must ensure OpenSSL is built with

-    position-independent code ("PIC"). The default OpenSSL compilation may

-    already specify the relevant flags to do this, but you should consult

-    with your compiler documentation if you are in any doubt.

-    This example will show building the "atalla" ENGINE in the

-    crypto/engine/ directory as a shared-library for use via the "dynamic"

-    ENGINE.

-    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL

-       source tree.

-    2) Recompile at least one source file so you can see all the compiler

-       flags (and syntax) being used to build normally. Eg;

-           touch hw_atalla.c ; make

-       will rebuild "hw_atalla.o" using all such flags.

-    3) Manually enter the same compilation line to compile the

-       "hw_atalla.c" file but with the following two changes;

-         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,

-	 (b) change the output file from "hw_atalla.o" to something new,

-             eg. "tmp_atalla.o"

-    4) Link "tmp_atalla.o" into a shared-library using the top-level

-       OpenSSL libraries to resolve any dependencies. The syntax for doing

-       this depends heavily on your system/compiler and is a nightmare

-       known well to anyone who has worked with shared-library portability

-       before. 'gcc' on Linux, for example, would use the following syntax;

-          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto

-    5) Test your shared library using "openssl engine" as explained in the

-       previous section. Eg. from the top-level directory, you might try;

-          apps/openssl engine -vvvv dynamic \

-              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD

-       If the shared-library loads successfully, you will see both "-pre"

-       commands marked as "SUCCESS" and the list of control commands

-       displayed (because of "-vvvv") will be the control commands for the

-       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add

-       the "-t" switch to the utility if you want it to try and initialise

-       the atalla ENGINE for use to test any possible hardware/driver

-       issues.

-  PROBLEMS

-  ========

-  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.

-  A quick test done right before the release showed that trying "openssl speed

-  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made

-  to write at memory address 0x00000002.

--- a/sys/src/ape/lib/openssl/README.Plan9

+++ /dev/null

@@ -1,5 +1,0 @@

-OpenSSL 0.9.8g 19 Oct 2007 for APE.

-Federico G. Benavento

-January 2008

[email protected]

--- a/sys/src/ape/lib/openssl/apps/CA.pl

+++ /dev/null

@@ -1,189 +1,0 @@

-#!/usr/bin/perl

-#

-# CA - wrapper around ca to make it easier to use ... basically ca requires

-#      some setup stuff to be done before you can use it and this makes

-#      things easier between now and when Eric is convinced to fix it :-)

-#

-# CA -newca ... will setup the right stuff

-# CA -newreq[-nodes] ... will generate a certificate request

-# CA -sign ... will sign the generated request and output

-#

-# At the end of that grab newreq.pem and newcert.pem (one has the key

-# and the other the certificate) and cat them together and that is what

-# you want/need ... I'll make even this a little cleaner later.

-#

-#

-# 12-Jan-96 tjh    Added more things ... including CA -signcert which

-#                  converts a certificate to a request and then signs it.

-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG

-#		   environment variable so this can be driven from

-#		   a script.

-# 25-Jul-96 eay    Cleaned up filenames some more.

-# 11-Jun-96 eay    Fixed a few filename missmatches.

-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.

-# 18-Apr-96 tjh    Original hacking

-#

-# Tim Hudson

-# [email protected]

-#

-# 27-Apr-98 snh    Translation into perl, fix existing CA bug.

-#

-#

-# Steve Henson

-# [email protected]

-# default openssl.cnf file has setup as per the following

-# demoCA ... where everything is stored

-my $openssl;

-if(defined $ENV{OPENSSL}) {

-	$openssl = $ENV{OPENSSL};

-} else {

-	$openssl = "openssl";

-	$ENV{OPENSSL} = $openssl;

-}

-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};

-$DAYS="-days 365";	# 1 year

-$CADAYS="-days 1095";	# 3 years

-$REQ="$openssl req $SSLEAY_CONFIG";

-$CA="$openssl ca $SSLEAY_CONFIG";

-$VERIFY="$openssl verify";

-$X509="$openssl x509";

-$PKCS12="$openssl pkcs12";

-$CATOP="./demoCA";

-$CAKEY="cakey.pem";

-$CAREQ="careq.pem";

-$CACERT="cacert.pem";

-$DIRMODE = 0777;

-$RET = 0;

-foreach (@ARGV) {

-	if ( /^(-\?|-h|-help)$/ ) {

-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";

-	    exit 0;

-	} elsif (/^-newcert$/) {

-	    # create a certificate

-	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");

-	    $RET=$?;

-	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"

-	} elsif (/^-newreq$/) {

-	    # create a certificate request

-	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");

-	    $RET=$?;

-	    print "Request is in newreq.pem, private key is in newkey.pem\n";

-	} elsif (/^-newreq-nodes$/) {

-	    # create a certificate request

-	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");

-	    $RET=$?;

-	    print "Request is in newreq.pem, private key is in newkey.pem\n";

-	} elsif (/^-newca$/) {

-		# if explicitly asked for or it doesn't exist then setup the

-		# directory structure that Eric likes to manage things

-	    $NEW="1";

-	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {

-		# create the directory hierarchy

-		mkdir $CATOP, $DIRMODE;

-		mkdir "${CATOP}/certs", $DIRMODE;

-		mkdir "${CATOP}/crl", $DIRMODE ;

-		mkdir "${CATOP}/newcerts", $DIRMODE;

-		mkdir "${CATOP}/private", $DIRMODE;

-		open OUT, ">${CATOP}/index.txt";

-		close OUT;

-		open OUT, ">${CATOP}/crlnumber";

-		print OUT "01\n";

-		close OUT;

-	    }

-	    if ( ! -f "${CATOP}/private/$CAKEY" ) {

-		print "CA certificate filename (or enter to create)\n";

-		$FILE = <STDIN>;

-		chop $FILE;

-		# ask user for existing CA certificate

-		if ($FILE) {

-		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");

-		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");

-		    $RET=$?;

-		} else {

-		    print "Making CA certificate ...\n";

-		    system ("$REQ -new -keyout " .

-			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");

-		    system ("$CA -create_serial " .

-			"-out ${CATOP}/$CACERT $CADAYS -batch " .

-			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .

-			"-extensions v3_ca " .

-			"-infiles ${CATOP}/$CAREQ ");

-		    $RET=$?;

-		}

-	    }

-	} elsif (/^-pkcs12$/) {

-	    my $cname = $ARGV[1];

-	    $cname = "My Certificate" unless defined $cname;

-	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .

-			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .

-			"-export -name \"$cname\"");

-	    $RET=$?;

-	    print "PKCS #12 file is in newcert.p12\n";

-	    exit $RET;

-	} elsif (/^-xsign$/) {

-	    system ("$CA -policy policy_anything -infiles newreq.pem");

-	    $RET=$?;

-	} elsif (/^(-sign|-signreq)$/) {

-	    system ("$CA -policy policy_anything -out newcert.pem " .

-							"-infiles newreq.pem");

-	    $RET=$?;

-	    print "Signed certificate is in newcert.pem\n";

-	} elsif (/^(-signCA)$/) {

-	    system ("$CA -policy policy_anything -out newcert.pem " .

-					"-extensions v3_ca -infiles newreq.pem");

-	    $RET=$?;

-	    print "Signed CA certificate is in newcert.pem\n";

-	} elsif (/^-signcert$/) {

-	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .

-								"-out tmp.pem");

-	    system ("$CA -policy policy_anything -out newcert.pem " .

-							"-infiles tmp.pem");

-	    $RET = $?;

-	    print "Signed certificate is in newcert.pem\n";

-	} elsif (/^-verify$/) {

-	    if (shift) {

-		foreach $j (@ARGV) {

-		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");

-		    $RET=$? if ($? != 0);

-		}

-		exit $RET;

-	    } else {

-		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");

-		    $RET=$?;

-	    	    exit 0;

-	    }

-	} else {

-	    print STDERR "Unknown arg $_\n";

-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";

-	    exit 1;

-	}

-}

-exit $RET;

-sub cp_pem {

-my ($infile, $outfile, $bound) = @_;

-open IN, $infile;

-open OUT, ">$outfile";

-my $flag = 0;

-while (<IN>) {

-	$flag = 1 if (/^-----BEGIN.*$bound/) ;

-	print OUT $_ if ($flag);

-	if (/^-----END.*$bound/) {

-		close IN;

-		close OUT;

-		return;

-	}

-}

-}

--- a/sys/src/ape/lib/openssl/apps/CA.pl.in

+++ /dev/null

@@ -1,189 +1,0 @@

-#!/usr/local/bin/perl

-#

-# CA - wrapper around ca to make it easier to use ... basically ca requires

-#      some setup stuff to be done before you can use it and this makes

-#      things easier between now and when Eric is convinced to fix it :-)

-#

-# CA -newca ... will setup the right stuff

-# CA -newreq[-nodes] ... will generate a certificate request

-# CA -sign ... will sign the generated request and output

-#

-# At the end of that grab newreq.pem and newcert.pem (one has the key

-# and the other the certificate) and cat them together and that is what

-# you want/need ... I'll make even this a little cleaner later.

-#

-#

-# 12-Jan-96 tjh    Added more things ... including CA -signcert which

-#                  converts a certificate to a request and then signs it.

-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG

-#		   environment variable so this can be driven from

-#		   a script.

-# 25-Jul-96 eay    Cleaned up filenames some more.

-# 11-Jun-96 eay    Fixed a few filename missmatches.

-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.

-# 18-Apr-96 tjh    Original hacking

-#

-# Tim Hudson

-# [email protected]

-#

-# 27-Apr-98 snh    Translation into perl, fix existing CA bug.

-#

-#

-# Steve Henson

-# [email protected]

-# default openssl.cnf file has setup as per the following

-# demoCA ... where everything is stored

-my $openssl;

-if(defined $ENV{OPENSSL}) {

-	$openssl = $ENV{OPENSSL};

-} else {

-	$openssl = "openssl";

-	$ENV{OPENSSL} = $openssl;

-}

-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};

-$DAYS="-days 365";	# 1 year

-$CADAYS="-days 1095";	# 3 years

-$REQ="$openssl req $SSLEAY_CONFIG";

-$CA="$openssl ca $SSLEAY_CONFIG";

-$VERIFY="$openssl verify";

-$X509="$openssl x509";

-$PKCS12="$openssl pkcs12";

-$CATOP="./demoCA";

-$CAKEY="cakey.pem";

-$CAREQ="careq.pem";

-$CACERT="cacert.pem";

-$DIRMODE = 0777;

-$RET = 0;

-foreach (@ARGV) {

-	if ( /^(-\?|-h|-help)$/ ) {

-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";

-	    exit 0;

-	} elsif (/^-newcert$/) {

-	    # create a certificate

-	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");

-	    $RET=$?;

-	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"

-	} elsif (/^-newreq$/) {

-	    # create a certificate request

-	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");

-	    $RET=$?;

-	    print "Request is in newreq.pem, private key is in newkey.pem\n";

-	} elsif (/^-newreq-nodes$/) {

-	    # create a certificate request

-	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");

-	    $RET=$?;

-	    print "Request is in newreq.pem, private key is in newkey.pem\n";

-	} elsif (/^-newca$/) {

-		# if explicitly asked for or it doesn't exist then setup the

-		# directory structure that Eric likes to manage things

-	    $NEW="1";

-	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {

-		# create the directory hierarchy

-		mkdir $CATOP, $DIRMODE;

-		mkdir "${CATOP}/certs", $DIRMODE;

-		mkdir "${CATOP}/crl", $DIRMODE ;

-		mkdir "${CATOP}/newcerts", $DIRMODE;

-		mkdir "${CATOP}/private", $DIRMODE;

-		open OUT, ">${CATOP}/index.txt";

-		close OUT;

-		open OUT, ">${CATOP}/crlnumber";

-		print OUT "01\n";

-		close OUT;

-	    }

-	    if ( ! -f "${CATOP}/private/$CAKEY" ) {

-		print "CA certificate filename (or enter to create)\n";

-		$FILE = <STDIN>;

-		chop $FILE;

-		# ask user for existing CA certificate

-		if ($FILE) {

-		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");

-		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");

-		    $RET=$?;

-		} else {

-		    print "Making CA certificate ...\n";

-		    system ("$REQ -new -keyout " .

-			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");

-		    system ("$CA -create_serial " .

-			"-out ${CATOP}/$CACERT $CADAYS -batch " .

-			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .

-			"-extensions v3_ca " .

-			"-infiles ${CATOP}/$CAREQ ");

-		    $RET=$?;

-		}

-	    }

-	} elsif (/^-pkcs12$/) {

-	    my $cname = $ARGV[1];

-	    $cname = "My Certificate" unless defined $cname;

-	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .

-			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .

-			"-export -name \"$cname\"");

-	    $RET=$?;

-	    print "PKCS #12 file is in newcert.p12\n";

-	    exit $RET;

-	} elsif (/^-xsign$/) {

-	    system ("$CA -policy policy_anything -infiles newreq.pem");

-	    $RET=$?;

-	} elsif (/^(-sign|-signreq)$/) {

-	    system ("$CA -policy policy_anything -out newcert.pem " .

-							"-infiles newreq.pem");

-	    $RET=$?;

-	    print "Signed certificate is in newcert.pem\n";

-	} elsif (/^(-signCA)$/) {

-	    system ("$CA -policy policy_anything -out newcert.pem " .

-					"-extensions v3_ca -infiles newreq.pem");

-	    $RET=$?;

-	    print "Signed CA certificate is in newcert.pem\n";

-	} elsif (/^-signcert$/) {

-	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .

-								"-out tmp.pem");

-	    system ("$CA -policy policy_anything -out newcert.pem " .

-							"-infiles tmp.pem");

-	    $RET = $?;

-	    print "Signed certificate is in newcert.pem\n";

-	} elsif (/^-verify$/) {

-	    if (shift) {

-		foreach $j (@ARGV) {

-		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");

-		    $RET=$? if ($? != 0);

-		}

-		exit $RET;

-	    } else {

-		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");

-		    $RET=$?;

-	    	    exit 0;

-	    }

-	} else {

-	    print STDERR "Unknown arg $_\n";

-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";

-	    exit 1;

-	}

-}

-exit $RET;

-sub cp_pem {

-my ($infile, $outfile, $bound) = @_;

-open IN, $infile;

-open OUT, ">$outfile";

-my $flag = 0;

-while (<IN>) {

-	$flag = 1 if (/^-----BEGIN.*$bound/) ;

-	print OUT $_ if ($flag);

-	if (/^-----END.*$bound/) {

-		close IN;

-		close OUT;

-		return;

-	}

-}

-}

--- a/sys/src/ape/lib/openssl/apps/CA.sh

+++ /dev/null

@@ -1,139 +1,0 @@

-#!/bin/sh

-#

-# CA - wrapper around ca to make it easier to use ... basically ca requires

-#      some setup stuff to be done before you can use it and this makes

-#      things easier between now and when Eric is convinced to fix it :-)

-#

-# CA -newca ... will setup the right stuff

-# CA -newreq ... will generate a certificate request

-# CA -sign ... will sign the generated request and output

-#

-# At the end of that grab newreq.pem and newcert.pem (one has the key

-# and the other the certificate) and cat them together and that is what

-# you want/need ... I'll make even this a little cleaner later.

-#

-#

-# 12-Jan-96 tjh    Added more things ... including CA -signcert which

-#                  converts a certificate to a request and then signs it.

-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG

-#		   environment variable so this can be driven from

-#		   a script.

-# 25-Jul-96 eay    Cleaned up filenames some more.

-# 11-Jun-96 eay    Fixed a few filename missmatches.

-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.

-# 18-Apr-96 tjh    Original hacking

-#

-# Tim Hudson

-# [email protected]

-#

-# default openssl.cnf file has setup as per the following

-# demoCA ... where everything is stored

-if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi

-DAYS="-days 365"	# 1 year

-CADAYS="-days 1095"	# 3 years

-REQ="$OPENSSL req $SSLEAY_CONFIG"

-CA="$OPENSSL ca $SSLEAY_CONFIG"

-VERIFY="$OPENSSL verify"

-X509="$OPENSSL x509"

-CATOP=./demoCA

-CAKEY=./cakey.pem

-CAREQ=./careq.pem

-CACERT=./cacert.pem

-for i

-do

-case $i in

--\?|-h|-help)

-    echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2

-    exit 0

-    ;;

--newcert)

-    # create a certificate

-    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS

-    RET=$?

-    echo "Certificate is in newcert.pem, private key is in newkey.pem"

-    ;;

--newreq)

-    # create a certificate request

-    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS

-    RET=$?

-    echo "Request is in newreq.pem, private key is in newkey.pem"

-    ;;

--newca)

-    # if explicitly asked for or it doesn't exist then setup the directory

-    # structure that Eric likes to manage things

-    NEW="1"

-    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then

-	# create the directory hierarchy

-	mkdir ${CATOP}

-	mkdir ${CATOP}/certs

-	mkdir ${CATOP}/crl

-	mkdir ${CATOP}/newcerts

-	mkdir ${CATOP}/private

-	echo "00" > ${CATOP}/serial

-	touch ${CATOP}/index.txt

-    fi

-    if [ ! -f ${CATOP}/private/$CAKEY ]; then

-	echo "CA certificate filename (or enter to create)"

-	read FILE

-	# ask user for existing CA certificate

-	if [ "$FILE" ]; then

-	    cp $FILE ${CATOP}/private/$CAKEY

-	    RET=$?

-	else

-	    echo "Making CA certificate ..."

-	    $REQ -new -keyout ${CATOP}/private/$CAKEY \

-			   -out ${CATOP}/$CAREQ

-	    $CA -out ${CATOP}/$CACERT $CADAYS -batch \

-			   -keyfile ${CATOP}/private/$CAKEY -selfsign \

-			   -infiles ${CATOP}/$CAREQ

-	    RET=$?

-	fi

-    fi

-    ;;

--xsign)

-    $CA -policy policy_anything -infiles newreq.pem

-    RET=$?

-    ;;

--sign|-signreq)

-    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem

-    RET=$?

-    cat newcert.pem

-    echo "Signed certificate is in newcert.pem"

-    ;;

--signcert)

-    echo "Cert passphrase will be requested twice - bug?"

-    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem

-    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem

-    cat newcert.pem

-    echo "Signed certificate is in newcert.pem"

-    ;;

--verify)

-    shift

-    if [ -z "$1" ]; then

-	    $VERIFY -CAfile $CATOP/$CACERT newcert.pem

-	    RET=$?

-    else

-	for j

-	do

-	    $VERIFY -CAfile $CATOP/$CACERT $j

-	    if [ $? != 0 ]; then

-		    RET=$?

-	    fi

-	done

-    fi

-    exit 0

-    ;;

-*)

-    echo "Unknown arg $i";

-    exit 1

-    ;;

-esac

-done

-exit $RET

--- a/sys/src/ape/lib/openssl/apps/Makefile

+++ /dev/null

@@ -1,897 +1,0 @@

-#

-#  apps/Makefile

-#

-DIR=		apps

-TOP=		..

-CC=		cc

-INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)

-CFLAG=		-g -static

-MAKEFILE=	Makefile

-PERL=		perl

-RM=		rm -f

-# KRB5 stuff

-KRB5_INCLUDES=

-LIBKRB5=

-PEX_LIBS=

-EX_LIBS=

-EXE_EXT=

-SHLIB_TARGET=

-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)

-GENERAL=Makefile makeapps.com install.com

-DLIBCRYPTO=../libcrypto.a

-DLIBSSL=../libssl.a

-LIBCRYPTO=-L.. -lcrypto

-LIBSSL=-L.. -lssl

-PROGRAM= openssl

-SCRIPTS=CA.sh CA.pl

-EXE= $(PROGRAM)$(EXE_EXT)

-E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \

-	ca crl rsa rsautl dsa dsaparam ec ecparam \

-	x509 genrsa gendsa s_server s_client speed \

-	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \

-	pkcs8 spkac smime rand engine ocsp prime

-PROGS= $(PROGRAM).c

-A_OBJ=apps.o

-A_SRC=apps.c

-S_OBJ=	s_cb.o s_socket.o

-S_SRC=	s_cb.c s_socket.c

-RAND_OBJ=app_rand.o

-RAND_SRC=app_rand.c

-E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \

-	ca.o pkcs7.o crl2p7.o crl.o \

-	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \

-	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \

-	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \

-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \

-	ocsp.o prime.o

-E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \

-	pkcs7.c crl2p7.c crl.c \

-	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \

-	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \

-	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \

-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \

-	ocsp.c prime.c

-SRC=$(E_SRC)

-EXHEADER=

-HEADER=	apps.h progs.h s_apps.h \

-	testdsa.h testrsa.h \

-	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	@(cd ..; $(MAKE) DIRS=$(DIR) all)

-all:	exe

-exe:	$(EXE)

-req: sreq.o $(A_OBJ) $(DLIBCRYPTO)

-	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \

-		shlib_target="$(SHLIB_TARGET)"; \

-	fi; \

-	$(MAKE) -f $(TOP)/Makefile.shared -e \

-		APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \

-		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \

-		link_app.$${shlib_target}

-sreq.o: req.c

-	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@set -e; for i in $(EXE); \

-	do  \

-	(echo installing $$i; \

-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \

-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \

-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \

-	 done;

-	@set -e; for i in $(SCRIPTS); \

-	do  \

-	(echo installing $$i; \

-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \

-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \

-	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \

-	 done

-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \

-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \

-	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf

-tags:

-	ctags $(SRC)

-tests:

-links:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@if [ -z "$(THIS)" ]; then \

-	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \

-	else \

-	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \

-	fi

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)

-	rm -f req

-$(DLIBSSL):

-	(cd ..; $(MAKE) DIRS=ssl all)

-$(DLIBCRYPTO):

-	(cd ..; $(MAKE) DIRS=crypto all)

-$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)

-	$(RM) $(EXE)

-	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \

-		shlib_target="$(SHLIB_TARGET)"; \

-	fi; \

-	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \

-	$(MAKE) -f $(TOP)/Makefile.shared -e \

-		APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \

-		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \

-		link_app.$${shlib_target}

-	-(cd ..; \

-	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \

-	  $(PERL) tools/c_rehash certs)

-progs.h: progs.pl

-	$(PERL) progs.pl $(E_EXE) >progs.h

-	$(RM) $(PROGRAM).o

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h

-app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h

-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h

-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c

-app_rand.o: apps.h

-apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-apps.o: ../include/openssl/engine.h ../include/openssl/err.h

-apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h

-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h

-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h

-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-apps.o: ../include/openssl/x509v3.h apps.c apps.h

-asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h

-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h

-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-asn1pars.o: asn1pars.c

-ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-ca.o: ../include/openssl/engine.h ../include/openssl/err.h

-ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h

-ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h

-ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-ca.o: ../include/openssl/x509v3.h apps.h ca.c

-ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h

-ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h

-ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c

-crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-crl.o: ../include/openssl/err.h ../include/openssl/evp.h

-crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h

-crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-crl.o: ../include/openssl/x509v3.h apps.h crl.c

-crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h

-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h

-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-crl2p7.o: crl2p7.c

-dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h

-dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h

-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c

-dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h

-dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-dh.o: ../include/openssl/err.h ../include/openssl/evp.h

-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h

-dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c

-dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h

-dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h

-dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h

-dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c

-dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h

-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h

-dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h

-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h

-dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c

-ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-ec.o: ../include/openssl/err.h ../include/openssl/evp.h

-ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-ec.o: ../include/openssl/sha.h ../include/openssl/stack.h

-ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c

-ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h

-ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c

-enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-enc.o: ../include/openssl/err.h ../include/openssl/evp.h

-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h

-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-enc.o: ../include/openssl/x509_vfy.h apps.h enc.c

-engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h

-engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-engine.o: ../include/openssl/engine.h ../include/openssl/err.h

-engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-engine.o: ../include/openssl/x509_vfy.h apps.h engine.c

-errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h

-errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-errstr.o: ../include/openssl/engine.h ../include/openssl/err.h

-errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c

-gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h

-gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-gendh.o: ../include/openssl/engine.h ../include/openssl/err.h

-gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-gendh.o: ../include/openssl/stack.h ../include/openssl/store.h

-gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h

-gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c

-gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h

-gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h

-gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h

-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-gendsa.o: gendsa.c

-genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h

-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h

-genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h

-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h

-genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c

-nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-nseq.o: ../include/openssl/err.h ../include/openssl/evp.h

-nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h

-nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c

-ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h

-ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h

-ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h

-ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h

-ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h

-ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h

-ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h

-ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c

-openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h

-openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-openssl.o: ../include/openssl/engine.h ../include/openssl/err.h

-openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h

-passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h

-passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h

-passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-passwd.o: ../include/openssl/err.h ../include/openssl/evp.h

-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h

-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h

-passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h

-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h

-passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h

-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-passwd.o: passwd.c

-pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h

-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h

-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c

-pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h

-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h

-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c

-pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h

-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h

-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c

-prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-prime.o: ../include/openssl/engine.h ../include/openssl/evp.h

-prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h

-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c

-rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-rand.o: ../include/openssl/err.h ../include/openssl/evp.h

-rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h

-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-rand.o: ../include/openssl/x509_vfy.h apps.h rand.c

-req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-req.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-req.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-req.o: ../include/openssl/dh.h ../include/openssl/dsa.h

-req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-req.o: ../include/openssl/engine.h ../include/openssl/err.h

-req.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-req.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-req.o: ../include/openssl/stack.h ../include/openssl/store.h

-req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-req.o: ../include/openssl/ui.h ../include/openssl/x509.h

-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c

-rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-rsa.o: ../include/openssl/engine.h ../include/openssl/err.h

-rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h

-rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c

-rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h

-rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h

-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c

-s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h

-s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h

-s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c

-s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h

-s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-s_client.o: ../include/openssl/engine.h ../include/openssl/err.h

-s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h

-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h

-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h

-s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h

-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-s_client.o: s_apps.h s_client.c timeouts.h

-s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h

-s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h

-s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-s_server.o: ../include/openssl/engine.h ../include/openssl/err.h

-s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h

-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

-s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h

-s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h

-s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h

-s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h

-s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h

-s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h

-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h

-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h

-s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h

-s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h

-s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h

-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-s_socket.o: s_apps.h s_socket.c

-s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h

-s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-s_time.o: ../include/openssl/engine.h ../include/openssl/err.h

-s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c

-sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h

-sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h

-sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h

-sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h

-sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c

-smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-smime.o: ../include/openssl/err.h ../include/openssl/evp.h

-smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h

-smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-smime.o: ../include/openssl/x509v3.h apps.h smime.c

-speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h

-speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h

-speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-speed.o: ../include/openssl/cast.h ../include/openssl/conf.h

-speed.o: ../include/openssl/crypto.h ../include/openssl/des.h

-speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h

-speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-speed.o: ../include/openssl/engine.h ../include/openssl/err.h

-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h

-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h

-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h

-speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h

-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h

-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h

-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h

-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h

-speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h

-speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h

-spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h

-spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h

-spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c

-verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-verify.o: ../include/openssl/err.h ../include/openssl/evp.h

-verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h

-verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-verify.o: ../include/openssl/x509v3.h apps.h verify.c

-version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h

-version.o: ../include/openssl/buffer.h ../include/openssl/conf.h

-version.o: ../include/openssl/crypto.h ../include/openssl/des.h

-version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h

-version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-version.o: ../include/openssl/evp.h ../include/openssl/idea.h

-version.o: ../include/openssl/lhash.h ../include/openssl/md2.h

-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h

-version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h

-version.o: ../include/openssl/sha.h ../include/openssl/stack.h

-version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

-version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h

-version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h

-version.o: version.c

-x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h

-x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-x509.o: ../include/openssl/err.h ../include/openssl/evp.h

-x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h

-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c

--- a/sys/src/ape/lib/openssl/apps/app_rand.c

+++ /dev/null

@@ -1,218 +1,0 @@

-/* apps/app_rand.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#define NON_MAIN

-#include "apps.h"

-#undef NON_MAIN

-#include <openssl/bio.h>

-#include <openssl/rand.h>

-static int seeded = 0;

-static int egdsocket = 0;

-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)

-	{

-	int consider_randfile = (file == NULL);

-	char buffer[200];

-#ifdef OPENSSL_SYS_WINDOWS

-	BIO_printf(bio_e,"Loading 'screen' into random state -");

-	BIO_flush(bio_e);

-	RAND_screen();

-	BIO_printf(bio_e," done\n");

-#endif

-	if (file == NULL)

-		file = RAND_file_name(buffer, sizeof buffer);

-	else if (RAND_egd(file) > 0)

-		{

-		/* we try if the given filename is an EGD socket.

-		   if it is, we don't write anything back to the file. */

-		egdsocket = 1;

-		return 1;

-		}

-	if (file == NULL || !RAND_load_file(file, -1))

-		{

-		if (RAND_status() == 0)

-			{

-			if (!dont_warn)

-				{

-				BIO_printf(bio_e,"unable to load 'random state'\n");

-				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");

-				BIO_printf(bio_e,"with much random data.\n");

-				if (consider_randfile) /* explanation does not apply when a file is explicitly named */

-					{

-					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");

-					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");

-					}

-				}

-			return 0;

-			}

-		}

-	seeded = 1;

-	return 1;

-	}

-long app_RAND_load_files(char *name)

-	{

-	char *p,*n;

-	int last;

-	long tot=0;

-	int egd;

-	for (;;)

-		{

-		last=0;

-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);

-		if (*p == '\0') last=1;

-		*p='\0';

-		n=name;

-		name=p+1;

-		if (*n == '\0') break;

-		egd=RAND_egd(n);

-		if (egd > 0)

-			tot+=egd;

-		else

-			tot+=RAND_load_file(n,-1);

-		if (last) break;

-		}

-	if (tot > 512)

-		app_RAND_allow_write_file();

-	return(tot);

-	}

-int app_RAND_write_file(const char *file, BIO *bio_e)

-	{

-	char buffer[200];

-	if (egdsocket || !seeded)

-		/* If we did not manage to read the seed file,

-		 * we should not write a low-entropy seed file back --

-		 * it would suppress a crucial warning the next time

-		 * we want to use it. */

-		return 0;

-	if (file == NULL)

-		file = RAND_file_name(buffer, sizeof buffer);

-	if (file == NULL || !RAND_write_file(file))

-		{

-		BIO_printf(bio_e,"unable to write 'random state'\n");

-		return 0;

-		}

-	return 1;

-	}

-void app_RAND_allow_write_file(void)

-	{

-	seeded = 1;

-	}

--- a/sys/src/ape/lib/openssl/apps/apps.c

+++ /dev/null

@@ -1,2335 +1,0 @@

-/* apps/apps.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include <ctype.h>

-#include <openssl/err.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/pem.h>

-#include <openssl/pkcs12.h>

-#include <openssl/ui.h>

-#include <openssl/safestack.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#include <openssl/bn.h>

-#define NON_MAIN

-#include "apps.h"

-#undef NON_MAIN

-typedef struct {

-	const char *name;

-	unsigned long flag;

-	unsigned long mask;

-} NAME_EX_TBL;

-static UI_METHOD *ui_method = NULL;

-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);

-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);

-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)

-/* Looks like this stuff is worth moving into separate function */

-static EVP_PKEY *

-load_netscape_key(BIO *err, BIO *key, const char *file,

-		const char *key_descrip, int format);

-#endif

-int app_init(long mesgwin);

-#ifdef undef /* never finished - probably never will be :-) */

-int args_from_file(char *file, int *argc, char **argv[])

-	{

-	FILE *fp;

-	int num,i;

-	unsigned int len;

-	static char *buf=NULL;

-	static char **arg=NULL;

-	char *p;

-	struct stat stbuf;

-	if (stat(file,&stbuf) < 0) return(0);

-	fp=fopen(file,"r");

-	if (fp == NULL)

-		return(0);

-	*argc=0;

-	*argv=NULL;

-	len=(unsigned int)stbuf.st_size;

-	if (buf != NULL) OPENSSL_free(buf);

-	buf=(char *)OPENSSL_malloc(len+1);

-	if (buf == NULL) return(0);

-	len=fread(buf,1,len,fp);

-	if (len <= 1) return(0);

-	buf[len]='\0';

-	i=0;

-	for (p=buf; *p; p++)

-		if (*p == '\n') i++;

-	if (arg != NULL) OPENSSL_free(arg);

-	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));

-	*argv=arg;

-	num=0;

-	p=buf;

-	for (;;)

-		{

-		if (!*p) break;

-		if (*p == '#') /* comment line */

-			{

-			while (*p && (*p != '\n')) p++;

-			continue;

-			}

-		/* else we have a line */

-		*(arg++)=p;

-		num++;

-		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))

-			p++;

-		if (!*p) break;

-		if (*p == '\n')

-			{

-			*(p++)='\0';

-			continue;

-			}

-		/* else it is a tab or space */

-		p++;

-		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))

-			p++;

-		if (!*p) break;

-		if (*p == '\n')

-			{

-			p++;

-			continue;

-			}

-		*(arg++)=p++;

-		num++;

-		while (*p && (*p != '\n')) p++;

-		if (!*p) break;

-		/* else *p == '\n' */

-		*(p++)='\0';

-		}

-	*argc=num;

-	return(1);

-	}

-#endif

-int str2fmt(char *s)

-	{

-	if 	((*s == 'D') || (*s == 'd'))

-		return(FORMAT_ASN1);

-	else if ((*s == 'T') || (*s == 't'))

-		return(FORMAT_TEXT);

-	else if ((*s == 'P') || (*s == 'p'))

-		return(FORMAT_PEM);

-	else if ((*s == 'N') || (*s == 'n'))

-		return(FORMAT_NETSCAPE);

-	else if ((*s == 'S') || (*s == 's'))

-		return(FORMAT_SMIME);

-	else if ((*s == '1')

-		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)

-		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))

-		return(FORMAT_PKCS12);

-	else if ((*s == 'E') || (*s == 'e'))

-		return(FORMAT_ENGINE);

-	else

-		return(FORMAT_UNDEF);

-	}

-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)

-void program_name(char *in, char *out, int size)

-	{

-	int i,n;

-	char *p=NULL;

-	n=strlen(in);

-	/* find the last '/', '\' or ':' */

-	for (i=n-1; i>0; i--)

-		{

-		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))

-			{

-			p= &(in[i+1]);

-			break;

-			}

-		}

-	if (p == NULL)

-		p=in;

-	n=strlen(p);

-#if defined(OPENSSL_SYS_NETWARE)

-   /* strip off trailing .nlm if present. */

-   if ((n > 4) && (p[n-4] == '.') &&

-      ((p[n-3] == 'n') || (p[n-3] == 'N')) &&

-      ((p[n-2] == 'l') || (p[n-2] == 'L')) &&

-      ((p[n-1] == 'm') || (p[n-1] == 'M')))

-      n-=4;

-#else

-	/* strip off trailing .exe if present. */

-	if ((n > 4) && (p[n-4] == '.') &&

-		((p[n-3] == 'e') || (p[n-3] == 'E')) &&

-		((p[n-2] == 'x') || (p[n-2] == 'X')) &&

-		((p[n-1] == 'e') || (p[n-1] == 'E')))

-		n-=4;

-#endif

-	if (n > size-1)

-		n=size-1;

-	for (i=0; i<n; i++)

-		{

-		if ((p[i] >= 'A') && (p[i] <= 'Z'))

-			out[i]=p[i]-'A'+'a';

-		else

-			out[i]=p[i];

-		}

-	out[n]='\0';

-	}

-#else

-#ifdef OPENSSL_SYS_VMS

-void program_name(char *in, char *out, int size)

-	{

-	char *p=in, *q;

-	char *chars=":]>";

-	while(*chars != '\0')

-		{

-		q=strrchr(p,*chars);

-		if (q > p)

-			p = q + 1;

-		chars++;

-		}

-	q=strrchr(p,'.');

-	if (q == NULL)

-		q = p + strlen(p);

-	strncpy(out,p,size-1);

-	if (q-p >= size)

-		{

-		out[size-1]='\0';

-		}

-	else

-		{

-		out[q-p]='\0';

-		}

-	}

-#else

-void program_name(char *in, char *out, int size)

-	{

-	char *p;

-	p=strrchr(in,'/');

-	if (p != NULL)

-		p++;

-	else

-		p=in;

-	BUF_strlcpy(out,p,size);

-	}

-#endif

-#endif

-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])

-	{

-	int num,len,i;

-	char *p;

-	*argc=0;

-	*argv=NULL;

-	len=strlen(buf);

-	i=0;

-	if (arg->count == 0)

-		{

-		arg->count=20;

-		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);

-		}

-	for (i=0; i<arg->count; i++)

-		arg->data[i]=NULL;

-	num=0;

-	p=buf;

-	for (;;)

-		{

-		/* first scan over white space */

-		if (!*p) break;

-		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))

-			p++;

-		if (!*p) break;

-		/* The start of something good :-) */

-		if (num >= arg->count)

-			{

-			char **tmp_p;

-			int tlen = arg->count + 20;

-			tmp_p = (char **)OPENSSL_realloc(arg->data,

-				sizeof(char *)*tlen);

-			if (tmp_p == NULL)

-				return 0;

-			arg->data  = tmp_p;

-			arg->count = tlen;

-			/* initialize newly allocated data */

-			for (i = num; i < arg->count; i++)

-				arg->data[i] = NULL;

-			}

-		arg->data[num++]=p;

-		/* now look for the end of this */

-		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */

-			{

-			i= *(p++);

-			arg->data[num-1]++; /* jump over quote */

-			while (*p && (*p != i))

-				p++;

-			*p='\0';

-			}

-		else

-			{

-			while (*p && ((*p != ' ') &&

-				(*p != '\t') && (*p != '\n')))

-				p++;

-			if (*p == '\0')

-				p--;

-			else

-				*p='\0';

-			}

-		p++;

-		}

-	*argc=num;

-	*argv=arg->data;

-	return(1);

-	}

-#ifndef APP_INIT

-int app_init(long mesgwin)

-	{

-	return(1);

-	}

-#endif

-int dump_cert_text (BIO *out, X509 *x)

-{

-	char *p;

-	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);

-	BIO_puts(out,"subject=");

-	BIO_puts(out,p);

-	OPENSSL_free(p);

-	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);

-	BIO_puts(out,"\nissuer=");

-	BIO_puts(out,p);

-	BIO_puts(out,"\n");

-	OPENSSL_free(p);

-	return 0;

-}

-static int ui_open(UI *ui)

-	{

-	return UI_method_get_opener(UI_OpenSSL())(ui);

-	}

-static int ui_read(UI *ui, UI_STRING *uis)

-	{

-	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD

-		&& UI_get0_user_data(ui))

-		{

-		switch(UI_get_string_type(uis))

-			{

-		case UIT_PROMPT:

-		case UIT_VERIFY:

-			{

-			const char *password =

-				((PW_CB_DATA *)UI_get0_user_data(ui))->password;

-			if (password && password[0] != '\0')

-				{

-				UI_set_result(ui, uis, password);

-				return 1;

-				}

-			}

-		default:

-			break;

-			}

-		}

-	return UI_method_get_reader(UI_OpenSSL())(ui, uis);

-	}

-static int ui_write(UI *ui, UI_STRING *uis)

-	{

-	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD

-		&& UI_get0_user_data(ui))

-		{

-		switch(UI_get_string_type(uis))

-			{

-		case UIT_PROMPT:

-		case UIT_VERIFY:

-			{

-			const char *password =

-				((PW_CB_DATA *)UI_get0_user_data(ui))->password;

-			if (password && password[0] != '\0')

-				return 1;

-			}

-		default:

-			break;

-			}

-		}

-	return UI_method_get_writer(UI_OpenSSL())(ui, uis);

-	}

-static int ui_close(UI *ui)

-	{

-	return UI_method_get_closer(UI_OpenSSL())(ui);

-	}

-int setup_ui_method(void)

-	{

-	ui_method = UI_create_method("OpenSSL application user interface");

-	UI_method_set_opener(ui_method, ui_open);

-	UI_method_set_reader(ui_method, ui_read);

-	UI_method_set_writer(ui_method, ui_write);

-	UI_method_set_closer(ui_method, ui_close);

-	return 0;

-	}

-void destroy_ui_method(void)

-	{

-	if(ui_method)

-		{

-		UI_destroy_method(ui_method);

-		ui_method = NULL;

-		}

-	}

-int password_callback(char *buf, int bufsiz, int verify,

-	PW_CB_DATA *cb_tmp)

-	{

-	UI *ui = NULL;

-	int res = 0;

-	const char *prompt_info = NULL;

-	const char *password = NULL;

-	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;

-	if (cb_data)

-		{

-		if (cb_data->password)

-			password = cb_data->password;

-		if (cb_data->prompt_info)

-			prompt_info = cb_data->prompt_info;

-		}

-	if (password)

-		{

-		res = strlen(password);

-		if (res > bufsiz)

-			res = bufsiz;

-		memcpy(buf, password, res);

-		return res;

-		}

-	ui = UI_new_method(ui_method);

-	if (ui)

-		{

-		int ok = 0;

-		char *buff = NULL;

-		int ui_flags = 0;

-		char *prompt = NULL;

-		prompt = UI_construct_prompt(ui, "pass phrase",

-			prompt_info);

-		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;

-		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);

-		if (ok >= 0)

-			ok = UI_add_input_string(ui,prompt,ui_flags,buf,

-				PW_MIN_LENGTH,BUFSIZ-1);

-		if (ok >= 0 && verify)

-			{

-			buff = (char *)OPENSSL_malloc(bufsiz);

-			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,

-				PW_MIN_LENGTH,BUFSIZ-1, buf);

-			}

-		if (ok >= 0)

-			do

-				{

-				ok = UI_process(ui);

-				}

-			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));

-		if (buff)

-			{

-			OPENSSL_cleanse(buff,(unsigned int)bufsiz);

-			OPENSSL_free(buff);

-			}

-		if (ok >= 0)

-			res = strlen(buf);

-		if (ok == -1)

-			{

-			BIO_printf(bio_err, "User interface error\n");

-			ERR_print_errors(bio_err);

-			OPENSSL_cleanse(buf,(unsigned int)bufsiz);

-			res = 0;

-			}

-		if (ok == -2)

-			{

-			BIO_printf(bio_err,"aborted!\n");

-			OPENSSL_cleanse(buf,(unsigned int)bufsiz);

-			res = 0;

-			}

-		UI_free(ui);

-		OPENSSL_free(prompt);

-		}

-	return res;

-	}

-static char *app_get_pass(BIO *err, char *arg, int keepbio);

-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)

-{

-	int same;

-	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;

-	else same = 1;

-	if(arg1) {

-		*pass1 = app_get_pass(err, arg1, same);

-		if(!*pass1) return 0;

-	} else if(pass1) *pass1 = NULL;

-	if(arg2) {

-		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);

-		if(!*pass2) return 0;

-	} else if(pass2) *pass2 = NULL;

-	return 1;

-}

-static char *app_get_pass(BIO *err, char *arg, int keepbio)

-{

-	char *tmp, tpass[APP_PASS_LEN];

-	static BIO *pwdbio = NULL;

-	int i;

-	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);

-	if(!strncmp(arg, "env:", 4)) {

-		tmp = getenv(arg + 4);

-		if(!tmp) {

-			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);

-			return NULL;

-		}

-		return BUF_strdup(tmp);

-	}

-	if(!keepbio || !pwdbio) {

-		if(!strncmp(arg, "file:", 5)) {

-			pwdbio = BIO_new_file(arg + 5, "r");

-			if(!pwdbio) {

-				BIO_printf(err, "Can't open file %s\n", arg + 5);

-				return NULL;

-			}

-		} else if(!strncmp(arg, "fd:", 3)) {

-			BIO *btmp;

-			i = atoi(arg + 3);

-			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);

-			if((i < 0) || !pwdbio) {

-				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);

-				return NULL;

-			}

-			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */

-			btmp = BIO_new(BIO_f_buffer());

-			pwdbio = BIO_push(btmp, pwdbio);

-		} else if(!strcmp(arg, "stdin")) {

-			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);

-			if(!pwdbio) {

-				BIO_printf(err, "Can't open BIO for stdin\n");

-				return NULL;

-			}

-		} else {

-			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);

-			return NULL;

-		}

-	}

-	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);

-	if(keepbio != 1) {

-		BIO_free_all(pwdbio);

-		pwdbio = NULL;

-	}

-	if(i <= 0) {

-		BIO_printf(err, "Error reading password from BIO\n");

-		return NULL;

-	}

-	tmp = strchr(tpass, '\n');

-	if(tmp) *tmp = 0;

-	return BUF_strdup(tpass);

-}

-int add_oid_section(BIO *err, CONF *conf)

-{

-	char *p;

-	STACK_OF(CONF_VALUE) *sktmp;

-	CONF_VALUE *cnf;

-	int i;

-	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))

-		{

-		ERR_clear_error();

-		return 1;

-		}

-	if(!(sktmp = NCONF_get_section(conf, p))) {

-		BIO_printf(err, "problem loading oid section %s\n", p);

-		return 0;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {

-		cnf = sk_CONF_VALUE_value(sktmp, i);

-		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {

-			BIO_printf(err, "problem creating object %s=%s\n",

-							 cnf->name, cnf->value);

-			return 0;

-		}

-	}

-	return 1;

-}

-static int load_pkcs12(BIO *err, BIO *in, const char *desc,

-		pem_password_cb *pem_cb,  void *cb_data,

-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)

-	{

- 	const char *pass;

-	char tpass[PEM_BUFSIZE];

-	int len, ret = 0;

-	PKCS12 *p12;

-	p12 = d2i_PKCS12_bio(in, NULL);

-	if (p12 == NULL)

-		{

-		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);

-		goto die;

-		}

-	/* See if an empty password will do */

-	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))

-		pass = "";

-	else

-		{

-		if (!pem_cb)

-			pem_cb = (pem_password_cb *)password_callback;

-		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);

-		if (len < 0)

-			{

-			BIO_printf(err, "Passpharse callback error for %s\n",

-					desc);

-			goto die;

-			}

-		if (len < PEM_BUFSIZE)

-			tpass[len] = 0;

-		if (!PKCS12_verify_mac(p12, tpass, len))

-			{

-			BIO_printf(err,

-	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);

-			goto die;

-			}

-		pass = tpass;

-		}

-	ret = PKCS12_parse(p12, pass, pkey, cert, ca);

-	die:

-	if (p12)

-		PKCS12_free(p12);

-	return ret;

-	}

-X509 *load_cert(BIO *err, const char *file, int format,

-	const char *pass, ENGINE *e, const char *cert_descrip)

-	{

-	ASN1_HEADER *ah=NULL;

-	BUF_MEM *buf=NULL;

-	X509 *x=NULL;

-	BIO *cert;

-	if ((cert=BIO_new(BIO_s_file())) == NULL)

-		{

-		ERR_print_errors(err);

-		goto end;

-		}

-	if (file == NULL)

-		{

-		setvbuf(stdin, NULL, _IONBF, 0);

-		BIO_set_fp(cert,stdin,BIO_NOCLOSE);

-		}

-	else

-		{

-		if (BIO_read_filename(cert,file) <= 0)

-			{

-			BIO_printf(err, "Error opening %s %s\n",

-				cert_descrip, file);

-			ERR_print_errors(err);

-			goto end;

-			}

-		}

-	if 	(format == FORMAT_ASN1)

-		x=d2i_X509_bio(cert,NULL);

-	else if (format == FORMAT_NETSCAPE)

-		{

-		const unsigned char *p,*op;

-		int size=0,i;

-		/* We sort of have to do it this way because it is sort of nice

-		 * to read the header first and check it, then

-		 * try to read the certificate */

-		buf=BUF_MEM_new();

-		for (;;)

-			{

-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))

-				goto end;

-			i=BIO_read(cert,&(buf->data[size]),1024*10);

-			size+=i;

-			if (i == 0) break;

-			if (i < 0)

-				{

-				perror("reading certificate");

-				goto end;

-				}

-			}

-		p=(unsigned char *)buf->data;

-		op=p;

-		/* First load the header */

-		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)

-			goto end;

-		if ((ah->header == NULL) || (ah->header->data == NULL) ||

-			(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,

-			ah->header->length) != 0))

-			{

-			BIO_printf(err,"Error reading header on certificate\n");

-			goto end;

-			}

-		/* header is ok, so now read the object */

-		p=op;

-		ah->meth=X509_asn1_meth();

-		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)

-			goto end;

-		x=(X509 *)ah->data;

-		ah->data=NULL;

-		}

-	else if (format == FORMAT_PEM)

-		x=PEM_read_bio_X509_AUX(cert,NULL,

-			(pem_password_cb *)password_callback, NULL);

-	else if (format == FORMAT_PKCS12)

-		{

-		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,

-					NULL, &x, NULL))

-			goto end;

-		}

-	else	{

-		BIO_printf(err,"bad input format specified for %s\n",

-			cert_descrip);

-		goto end;

-		}

-end:

-	if (x == NULL)

-		{

-		BIO_printf(err,"unable to load certificate\n");

-		ERR_print_errors(err);

-		}

-	if (ah != NULL) ASN1_HEADER_free(ah);

-	if (cert != NULL) BIO_free(cert);

-	if (buf != NULL) BUF_MEM_free(buf);

-	return(x);

-	}

-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,

-	const char *pass, ENGINE *e, const char *key_descrip)

-	{

-	BIO *key=NULL;

-	EVP_PKEY *pkey=NULL;

-	PW_CB_DATA cb_data;

-	cb_data.password = pass;

-	cb_data.prompt_info = file;

-	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))

-		{

-		BIO_printf(err,"no keyfile specified\n");

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-	if (format == FORMAT_ENGINE)

-		{

-		if (!e)

-			BIO_printf(bio_err,"no engine specified\n");

-		else

-			pkey = ENGINE_load_private_key(e, file,

-				ui_method, &cb_data);

-		goto end;

-		}

-#endif

-	key=BIO_new(BIO_s_file());

-	if (key == NULL)

-		{

-		ERR_print_errors(err);

-		goto end;

-		}

-	if (file == NULL && maybe_stdin)

-		{

-		setvbuf(stdin, NULL, _IONBF, 0);

-		BIO_set_fp(key,stdin,BIO_NOCLOSE);

-		}

-	else

-		if (BIO_read_filename(key,file) <= 0)

-			{

-			BIO_printf(err, "Error opening %s %s\n",

-				key_descrip, file);

-			ERR_print_errors(err);

-			goto end;

-			}

-	if (format == FORMAT_ASN1)

-		{

-		pkey=d2i_PrivateKey_bio(key, NULL);

-		}

-	else if (format == FORMAT_PEM)

-		{

-		pkey=PEM_read_bio_PrivateKey(key,NULL,

-			(pem_password_cb *)password_callback, &cb_data);

-		}

-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)

-	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)

-		pkey = load_netscape_key(err, key, file, key_descrip, format);

-#endif

-	else if (format == FORMAT_PKCS12)

-		{

-		if (!load_pkcs12(err, key, key_descrip,

-				(pem_password_cb *)password_callback, &cb_data,

-				&pkey, NULL, NULL))

-			goto end;

-		}

-	else

-		{

-		BIO_printf(err,"bad input format specified for key file\n");

-		goto end;

-		}

- end:

-	if (key != NULL) BIO_free(key);

-	if (pkey == NULL)

-		BIO_printf(err,"unable to load %s\n", key_descrip);

-	return(pkey);

-	}

-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,

-	const char *pass, ENGINE *e, const char *key_descrip)

-	{

-	BIO *key=NULL;

-	EVP_PKEY *pkey=NULL;

-	PW_CB_DATA cb_data;

-	cb_data.password = pass;

-	cb_data.prompt_info = file;

-	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))

-		{

-		BIO_printf(err,"no keyfile specified\n");

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-	if (format == FORMAT_ENGINE)

-		{

-		if (!e)

-			BIO_printf(bio_err,"no engine specified\n");

-		else

-			pkey = ENGINE_load_public_key(e, file,

-				ui_method, &cb_data);

-		goto end;

-		}

-#endif

-	key=BIO_new(BIO_s_file());

-	if (key == NULL)

-		{

-		ERR_print_errors(err);

-		goto end;

-		}

-	if (file == NULL && maybe_stdin)

-		{

-		setvbuf(stdin, NULL, _IONBF, 0);

-		BIO_set_fp(key,stdin,BIO_NOCLOSE);

-		}

-	else

-		if (BIO_read_filename(key,file) <= 0)

-			{

-			BIO_printf(err, "Error opening %s %s\n",

-				key_descrip, file);

-			ERR_print_errors(err);

-			goto end;

-		}

-	if (format == FORMAT_ASN1)

-		{

-		pkey=d2i_PUBKEY_bio(key, NULL);

-		}

-	else if (format == FORMAT_PEM)

-		{

-		pkey=PEM_read_bio_PUBKEY(key,NULL,

-			(pem_password_cb *)password_callback, &cb_data);

-		}

-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)

-	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)

-		pkey = load_netscape_key(err, key, file, key_descrip, format);

-#endif

-	else

-		{

-		BIO_printf(err,"bad input format specified for key file\n");

-		goto end;

-		}

- end:

-	if (key != NULL) BIO_free(key);

-	if (pkey == NULL)

-		BIO_printf(err,"unable to load %s\n", key_descrip);

-	return(pkey);

-	}

-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)

-static EVP_PKEY *

-load_netscape_key(BIO *err, BIO *key, const char *file,

-		const char *key_descrip, int format)

-	{

-	EVP_PKEY *pkey;

-	BUF_MEM *buf;

-	RSA	*rsa;

-	const unsigned char *p;

-	int size, i;

-	buf=BUF_MEM_new();

-	pkey = EVP_PKEY_new();

-	size = 0;

-	if (buf == NULL || pkey == NULL)

-		goto error;

-	for (;;)

-		{

-		if (!BUF_MEM_grow_clean(buf,size+1024*10))

-			goto error;

-		i = BIO_read(key, &(buf->data[size]), 1024*10);

-		size += i;

-		if (i == 0)

-			break;

-		if (i < 0)

-			{

-				BIO_printf(err, "Error reading %s %s",

-					key_descrip, file);

-				goto error;

-			}

-		}

-	p=(unsigned char *)buf->data;

-	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,

-		(format == FORMAT_IISSGC ? 1 : 0));

-	if (rsa == NULL)

-		goto error;

-	BUF_MEM_free(buf);

-	EVP_PKEY_set1_RSA(pkey, rsa);

-	return pkey;

-error:

-	BUF_MEM_free(buf);

-	EVP_PKEY_free(pkey);

-	return NULL;

-	}

-#endif /* ndef OPENSSL_NO_RC4 */

-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,

-	const char *pass, ENGINE *e, const char *cert_descrip)

-	{

-	BIO *certs;

-	int i;

-	STACK_OF(X509) *othercerts = NULL;

-	STACK_OF(X509_INFO) *allcerts = NULL;

-	X509_INFO *xi;

-	PW_CB_DATA cb_data;

-	cb_data.password = pass;

-	cb_data.prompt_info = file;

-	if((certs = BIO_new(BIO_s_file())) == NULL)

-		{

-		ERR_print_errors(err);

-		goto end;

-		}

-	if (file == NULL)

-		BIO_set_fp(certs,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(certs,file) <= 0)

-			{

-			BIO_printf(err, "Error opening %s %s\n",

-				cert_descrip, file);

-			ERR_print_errors(err);

-			goto end;

-			}

-		}

-	if      (format == FORMAT_PEM)

-		{

-		othercerts = sk_X509_new_null();

-		if(!othercerts)

-			{

-			sk_X509_free(othercerts);

-			othercerts = NULL;

-			goto end;

-			}

-		allcerts = PEM_X509_INFO_read_bio(certs, NULL,

-				(pem_password_cb *)password_callback, &cb_data);

-		for(i = 0; i < sk_X509_INFO_num(allcerts); i++)

-			{

-			xi = sk_X509_INFO_value (allcerts, i);

-			if (xi->x509)

-				{

-				sk_X509_push(othercerts, xi->x509);

-				xi->x509 = NULL;

-				}

-			}

-		goto end;

-		}

-	else	{

-		BIO_printf(err,"bad input format specified for %s\n",

-			cert_descrip);

-		goto end;

-		}

-end:

-	if (othercerts == NULL)

-		{

-		BIO_printf(err,"unable to load certificates\n");

-		ERR_print_errors(err);

-		}

-	if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);

-	if (certs != NULL) BIO_free(certs);

-	return(othercerts);

-	}

-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)

-/* Return error for unknown extensions */

-#define X509V3_EXT_DEFAULT		0

-/* Print error for unknown extensions */

-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)

-/* ASN1 parse unknown extensions */

-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)

-/* BIO_dump unknown extensions */

-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)

-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \

-			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)

-int set_cert_ex(unsigned long *flags, const char *arg)

-{

-	static const NAME_EX_TBL cert_tbl[] = {

-		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},

-		{ "ca_default", X509_FLAG_CA, 0xffffffffl},

-		{ "no_header", X509_FLAG_NO_HEADER, 0},

-		{ "no_version", X509_FLAG_NO_VERSION, 0},

-		{ "no_serial", X509_FLAG_NO_SERIAL, 0},

-		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},

-		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},

-		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},

-		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},

-		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},

-		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},

-		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},

-		{ "no_aux", X509_FLAG_NO_AUX, 0},

-		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},

-		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},

-		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},

-		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},

-		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},

-		{ NULL, 0, 0}

-	};

-	return set_multi_opts(flags, arg, cert_tbl);

-}

-int set_name_ex(unsigned long *flags, const char *arg)

-{

-	static const NAME_EX_TBL ex_tbl[] = {

-		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},

-		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},

-		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},

-		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},

-		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},

-		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},

-		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},

-		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},

-		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},

-		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},

-		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},

-		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},

-		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},

-		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},

-		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},

-		{ "dn_rev", XN_FLAG_DN_REV, 0},

-		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},

-		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},

-		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},

-		{ "align", XN_FLAG_FN_ALIGN, 0},

-		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},

-		{ "space_eq", XN_FLAG_SPC_EQ, 0},

-		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},

-		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},

-		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},

-		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},

-		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},

-		{ NULL, 0, 0}

-	};

-	return set_multi_opts(flags, arg, ex_tbl);

-}

-int set_ext_copy(int *copy_type, const char *arg)

-{

-	if (!strcasecmp(arg, "none"))

-		*copy_type = EXT_COPY_NONE;

-	else if (!strcasecmp(arg, "copy"))

-		*copy_type = EXT_COPY_ADD;

-	else if (!strcasecmp(arg, "copyall"))

-		*copy_type = EXT_COPY_ALL;

-	else

-		return 0;

-	return 1;

-}

-int copy_extensions(X509 *x, X509_REQ *req, int copy_type)

-{

-	STACK_OF(X509_EXTENSION) *exts = NULL;

-	X509_EXTENSION *ext, *tmpext;

-	ASN1_OBJECT *obj;

-	int i, idx, ret = 0;

-	if (!x || !req || (copy_type == EXT_COPY_NONE))

-		return 1;

-	exts = X509_REQ_get_extensions(req);

-	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {

-		ext = sk_X509_EXTENSION_value(exts, i);

-		obj = X509_EXTENSION_get_object(ext);

-		idx = X509_get_ext_by_OBJ(x, obj, -1);

-		/* Does extension exist? */

-		if (idx != -1) {

-			/* If normal copy don't override existing extension */

-			if (copy_type == EXT_COPY_ADD)

-				continue;

-			/* Delete all extensions of same type */

-			do {

-				tmpext = X509_get_ext(x, idx);

-				X509_delete_ext(x, idx);

-				X509_EXTENSION_free(tmpext);

-				idx = X509_get_ext_by_OBJ(x, obj, -1);

-			} while (idx != -1);

-		}

-		if (!X509_add_ext(x, ext, -1))

-			goto end;

-	}

-	ret = 1;

-	end:

-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

-	return ret;

-}

-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)

-{

-	STACK_OF(CONF_VALUE) *vals;

-	CONF_VALUE *val;

-	int i, ret = 1;

-	if(!arg) return 0;

-	vals = X509V3_parse_list(arg);

-	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {

-		val = sk_CONF_VALUE_value(vals, i);

-		if (!set_table_opts(flags, val->name, in_tbl))

-			ret = 0;

-	}

-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

-	return ret;

-}

-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)

-{

-	char c;

-	const NAME_EX_TBL *ptbl;

-	c = arg[0];

-	if(c == '-') {

-		c = 0;

-		arg++;

-	} else if (c == '+') {

-		c = 1;

-		arg++;

-	} else c = 1;

-	for(ptbl = in_tbl; ptbl->name; ptbl++) {

-		if(!strcasecmp(arg, ptbl->name)) {

-			*flags &= ~ptbl->mask;

-			if(c) *flags |= ptbl->flag;

-			else *flags &= ~ptbl->flag;

-			return 1;

-		}

-	}

-	return 0;

-}

-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)

-{

-	char *buf;

-	char mline = 0;

-	int indent = 0;

-	if(title) BIO_puts(out, title);

-	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {

-		mline = 1;

-		indent = 4;

-	}

-	if(lflags == XN_FLAG_COMPAT) {

-		buf = X509_NAME_oneline(nm, 0, 0);

-		BIO_puts(out, buf);

-		BIO_puts(out, "\n");

-		OPENSSL_free(buf);

-	} else {

-		if(mline) BIO_puts(out, "\n");

-		X509_NAME_print_ex(out, nm, indent, lflags);

-		BIO_puts(out, "\n");

-	}

-}

-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)

-{

-	X509_STORE *store;

-	X509_LOOKUP *lookup;

-	if(!(store = X509_STORE_new())) goto end;

-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());

-	if (lookup == NULL) goto end;

-	if (CAfile) {

-		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {

-			BIO_printf(bp, "Error loading file %s\n", CAfile);

-			goto end;

-		}

-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);

-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());

-	if (lookup == NULL) goto end;

-	if (CApath) {

-		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {

-			BIO_printf(bp, "Error loading directory %s\n", CApath);

-			goto end;

-		}

-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

-	ERR_clear_error();

-	return store;

-	end:

-	X509_STORE_free(store);

-	return NULL;

-}

-#ifndef OPENSSL_NO_ENGINE

-/* Try to load an engine in a shareable library */

-static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)

-	{

-	ENGINE *e = ENGINE_by_id("dynamic");

-	if (e)

-		{

-		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)

-			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))

-			{

-			ENGINE_free(e);

-			e = NULL;

-			}

-		}

-	return e;

-	}

-ENGINE *setup_engine(BIO *err, const char *engine, int debug)

-        {

-        ENGINE *e = NULL;

-        if (engine)

-                {

-		if(strcmp(engine, "auto") == 0)

-			{

-			BIO_printf(err,"enabling auto ENGINE support\n");

-			ENGINE_register_all_complete();

-			return NULL;

-			}

-		if((e = ENGINE_by_id(engine)) == NULL

-			&& (e = try_load_engine(err, engine, debug)) == NULL)

-			{

-			BIO_printf(err,"invalid engine \"%s\"\n", engine);

-			ERR_print_errors(err);

-			return NULL;

-			}

-		if (debug)

-			{

-			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,

-				0, err, 0);

-			}

-                ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);

-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))

-			{

-			BIO_printf(err,"can't use that engine\n");

-			ERR_print_errors(err);

-			ENGINE_free(e);

-			return NULL;

-			}

-		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));

-		/* Free our "structural" reference. */

-		ENGINE_free(e);

-		}

-        return e;

-        }

-#endif

-int load_config(BIO *err, CONF *cnf)

-	{

-	if (!cnf)

-		cnf = config;

-	if (!cnf)

-		return 1;

-	OPENSSL_load_builtin_modules();

-	if (CONF_modules_load(cnf, NULL, 0) <= 0)

-		{

-		BIO_printf(err, "Error configuring OpenSSL\n");

-		ERR_print_errors(err);

-		return 0;

-		}

-	return 1;

-	}

-char *make_config_name()

-	{

-	const char *t=X509_get_default_cert_area();

-	size_t len;

-	char *p;

-	len=strlen(t)+strlen(OPENSSL_CONF)+2;

-	p=OPENSSL_malloc(len);

-	BUF_strlcpy(p,t,len);

-#ifndef OPENSSL_SYS_VMS

-	BUF_strlcat(p,"/",len);

-#endif

-	BUF_strlcat(p,OPENSSL_CONF,len);

-	return p;

-	}

-static unsigned long index_serial_hash(const char **a)

-	{

-	const char *n;

-	n=a[DB_serial];

-	while (*n == '0') n++;

-	return(lh_strhash(n));

-	}

-static int index_serial_cmp(const char **a, const char **b)

-	{

-	const char *aa,*bb;

-	for (aa=a[DB_serial]; *aa == '0'; aa++);

-	for (bb=b[DB_serial]; *bb == '0'; bb++);

-	return(strcmp(aa,bb));

-	}

-static int index_name_qual(char **a)

-	{ return(a[0][0] == 'V'); }

-static unsigned long index_name_hash(const char **a)

-	{ return(lh_strhash(a[DB_name])); }

-int index_name_cmp(const char **a, const char **b)

-	{ return(strcmp(a[DB_name],

-	     b[DB_name])); }

-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)

-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)

-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)

-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)

-#undef BSIZE

-#define BSIZE 256

-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)

-	{

-	BIO *in=NULL;

-	BIGNUM *ret=NULL;

-	MS_STATIC char buf[1024];

-	ASN1_INTEGER *ai=NULL;

-	ai=ASN1_INTEGER_new();

-	if (ai == NULL) goto err;

-	if ((in=BIO_new(BIO_s_file())) == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	if (BIO_read_filename(in,serialfile) <= 0)

-		{

-		if (!create)

-			{

-			perror(serialfile);

-			goto err;

-			}

-		else

-			{

-			ret=BN_new();

-			if (ret == NULL || !rand_serial(ret, ai))

-				BIO_printf(bio_err, "Out of memory\n");

-			}

-		}

-	else

-		{

-		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))

-			{

-			BIO_printf(bio_err,"unable to load number from %s\n",

-				serialfile);

-			goto err;

-			}

-		ret=ASN1_INTEGER_to_BN(ai,NULL);

-		if (ret == NULL)

-			{

-			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");

-			goto err;

-			}

-		}

-	if (ret && retai)

-		{

-		*retai = ai;

-		ai = NULL;

-		}

- err:

-	if (in != NULL) BIO_free(in);

-	if (ai != NULL) ASN1_INTEGER_free(ai);

-	return(ret);

-	}

-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)

-	{

-	char buf[1][BSIZE];

-	BIO *out = NULL;

-	int ret=0;

-	ASN1_INTEGER *ai=NULL;

-	int j;

-	if (suffix == NULL)

-		j = strlen(serialfile);

-	else

-		j = strlen(serialfile) + strlen(suffix) + 1;

-	if (j >= BSIZE)

-		{

-		BIO_printf(bio_err,"file name too long\n");

-		goto err;

-		}

-	if (suffix == NULL)

-		BUF_strlcpy(buf[0], serialfile, BSIZE);

-	else

-		{

-#ifndef OPENSSL_SYS_VMS

-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);

-#else

-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);

-#endif

-		}

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);

-#endif

-	out=BIO_new(BIO_s_file());

-	if (out == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	if (BIO_write_filename(out,buf[0]) <= 0)

-		{

-		perror(serialfile);

-		goto err;

-		}

-	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)

-		{

-		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");

-		goto err;

-		}

-	i2a_ASN1_INTEGER(out,ai);

-	BIO_puts(out,"\n");

-	ret=1;

-	if (retai)

-		{

-		*retai = ai;

-		ai = NULL;

-		}

-err:

-	if (out != NULL) BIO_free_all(out);

-	if (ai != NULL) ASN1_INTEGER_free(ai);

-	return(ret);

-	}

-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)

-	{

-	char buf[5][BSIZE];

-	int i,j;

-	struct stat sb;

-	i = strlen(serialfile) + strlen(old_suffix);

-	j = strlen(serialfile) + strlen(new_suffix);

-	if (i > j) j = i;

-	if (j + 1 >= BSIZE)

-		{

-		BIO_printf(bio_err,"file name too long\n");

-		goto err;

-		}

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",

-		serialfile, new_suffix);

-#else

-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",

-		serialfile, new_suffix);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",

-		serialfile, old_suffix);

-#else

-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",

-		serialfile, old_suffix);

-#endif

-	if (stat(serialfile,&sb) < 0)

-		{

-		if (errno != ENOENT

-#ifdef ENOTDIR

-			&& errno != ENOTDIR

-#endif

-		   )

-			goto err;

-		}

-	else

-		{

-#ifdef RL_DEBUG

-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",

-			serialfile, buf[1]);

-#endif

-		if (rename(serialfile,buf[1]) < 0)

-			{

-			BIO_printf(bio_err,

-				"unable to rename %s to %s\n",

-				serialfile, buf[1]);

-			perror("reason");

-			goto err;

-			}

-		}

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",

-		buf[0],serialfile);

-#endif

-	if (rename(buf[0],serialfile) < 0)

-		{

-		BIO_printf(bio_err,

-			"unable to rename %s to %s\n",

-			buf[0],serialfile);

-		perror("reason");

-		rename(buf[1],serialfile);

-		goto err;

-		}

-	return 1;

- err:

-	return 0;

-	}

-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)

-	{

-	BIGNUM *btmp;

-	int ret = 0;

-	if (b)

-		btmp = b;

-	else

-		btmp = BN_new();

-	if (!btmp)

-		return 0;

-	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))

-		goto error;

-	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))

-		goto error;

-	ret = 1;

-	error:

-	if (!b)

-		BN_free(btmp);

-	return ret;

-	}

-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)

-	{

-	CA_DB *retdb = NULL;

-	TXT_DB *tmpdb = NULL;

-	BIO *in = BIO_new(BIO_s_file());

-	CONF *dbattr_conf = NULL;

-	char buf[1][BSIZE];

-	long errorline= -1;

-	if (in == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	if (BIO_read_filename(in,dbfile) <= 0)

-		{

-		perror(dbfile);

-		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);

-		goto err;

-		}

-	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)

-		{

-		if (tmpdb != NULL) TXT_DB_free(tmpdb);

-		goto err;

-		}

-#ifndef OPENSSL_SYS_VMS

-	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);

-#else

-	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);

-#endif

-	dbattr_conf = NCONF_new(NULL);

-	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)

-		{

-		if (errorline > 0)

-			{

-			BIO_printf(bio_err,

-				"error on line %ld of db attribute file '%s'\n"

-				,errorline,buf[0]);

-			goto err;

-			}

-		else

-			{

-			NCONF_free(dbattr_conf);

-			dbattr_conf = NULL;

-			}

-		}

-	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)

-		{

-		fprintf(stderr, "Out of memory\n");

-		goto err;

-		}

-	retdb->db = tmpdb;

-	tmpdb = NULL;

-	if (db_attr)

-		retdb->attributes = *db_attr;

-	else

-		{

-		retdb->attributes.unique_subject = 1;

-		}

-	if (dbattr_conf)

-		{

-		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");

-		if (p)

-			{

-#ifdef RL_DEBUG

-			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);

-#endif

-			retdb->attributes.unique_subject = parse_yesno(p,1);

-			}

-		}

- err:

-	if (dbattr_conf) NCONF_free(dbattr_conf);

-	if (tmpdb) TXT_DB_free(tmpdb);

-	if (in) BIO_free_all(in);

-	return retdb;

-	}

-int index_index(CA_DB *db)

-	{

-	if (!TXT_DB_create_index(db->db, DB_serial, NULL,

-				LHASH_HASH_FN(index_serial_hash),

-				LHASH_COMP_FN(index_serial_cmp)))

-		{

-		BIO_printf(bio_err,

-		  "error creating serial number index:(%ld,%ld,%ld)\n",

-		  			db->db->error,db->db->arg1,db->db->arg2);

-			return 0;

-		}

-	if (db->attributes.unique_subject

-		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,

-			LHASH_HASH_FN(index_name_hash),

-			LHASH_COMP_FN(index_name_cmp)))

-		{

-		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",

-			db->db->error,db->db->arg1,db->db->arg2);

-		return 0;

-		}

-	return 1;

-	}

-int save_index(const char *dbfile, const char *suffix, CA_DB *db)

-	{

-	char buf[3][BSIZE];

-	BIO *out = BIO_new(BIO_s_file());

-	int j;

-	if (out == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	j = strlen(dbfile) + strlen(suffix);

-	if (j + 6 >= BSIZE)

-		{

-		BIO_printf(bio_err,"file name too long\n");

-		goto err;

-		}

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);

-#else

-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);

-#else

-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);

-#else

-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);

-#endif

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);

-#endif

-	if (BIO_write_filename(out,buf[0]) <= 0)

-		{

-		perror(dbfile);

-		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);

-		goto err;

-		}

-	j=TXT_DB_write(out,db->db);

-	if (j <= 0) goto err;

-	BIO_free(out);

-	out = BIO_new(BIO_s_file());

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);

-#endif

-	if (BIO_write_filename(out,buf[1]) <= 0)

-		{

-		perror(buf[2]);

-		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);

-		goto err;

-		}

-	BIO_printf(out,"unique_subject = %s\n",

-		db->attributes.unique_subject ? "yes" : "no");

-	BIO_free(out);

-	return 1;

- err:

-	return 0;

-	}

-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)

-	{

-	char buf[5][BSIZE];

-	int i,j;

-	struct stat sb;

-	i = strlen(dbfile) + strlen(old_suffix);

-	j = strlen(dbfile) + strlen(new_suffix);

-	if (i > j) j = i;

-	if (j + 6 >= BSIZE)

-		{

-		BIO_printf(bio_err,"file name too long\n");

-		goto err;

-		}

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);

-#else

-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",

-		dbfile, new_suffix);

-#else

-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",

-		dbfile, new_suffix);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",

-		dbfile, new_suffix);

-#else

-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",

-		dbfile, new_suffix);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",

-		dbfile, old_suffix);

-#else

-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",

-		dbfile, old_suffix);

-#endif

-#ifndef OPENSSL_SYS_VMS

-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",

-		dbfile, old_suffix);

-#else

-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",

-		dbfile, old_suffix);

-#endif

-	if (stat(dbfile,&sb) < 0)

-		{

-		if (errno != ENOENT

-#ifdef ENOTDIR

-			&& errno != ENOTDIR

-#endif

-		   )

-			goto err;

-		}

-	else

-		{

-#ifdef RL_DEBUG

-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",

-			dbfile, buf[1]);

-#endif

-		if (rename(dbfile,buf[1]) < 0)

-			{

-			BIO_printf(bio_err,

-				"unable to rename %s to %s\n",

-				dbfile, buf[1]);

-			perror("reason");

-			goto err;

-			}

-		}

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",

-		buf[0],dbfile);

-#endif

-	if (rename(buf[0],dbfile) < 0)

-		{

-		BIO_printf(bio_err,

-			"unable to rename %s to %s\n",

-			buf[0],dbfile);

-		perror("reason");

-		rename(buf[1],dbfile);

-		goto err;

-		}

-	if (stat(buf[4],&sb) < 0)

-		{

-		if (errno != ENOENT

-#ifdef ENOTDIR

-			&& errno != ENOTDIR

-#endif

-		   )

-			goto err;

-		}

-	else

-		{

-#ifdef RL_DEBUG

-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",

-			buf[4],buf[3]);

-#endif

-		if (rename(buf[4],buf[3]) < 0)

-			{

-			BIO_printf(bio_err,

-				"unable to rename %s to %s\n",

-				buf[4], buf[3]);

-			perror("reason");

-			rename(dbfile,buf[0]);

-			rename(buf[1],dbfile);

-			goto err;

-			}

-		}

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",

-		buf[2],buf[4]);

-#endif

-	if (rename(buf[2],buf[4]) < 0)

-		{

-		BIO_printf(bio_err,

-			"unable to rename %s to %s\n",

-			buf[2],buf[4]);

-		perror("reason");

-		rename(buf[3],buf[4]);

-		rename(dbfile,buf[0]);

-		rename(buf[1],dbfile);

-		goto err;

-		}

-	return 1;

- err:

-	return 0;

-	}

-void free_index(CA_DB *db)

-	{

-	if (db)

-		{

-		if (db->db) TXT_DB_free(db->db);

-		OPENSSL_free(db);

-		}

-	}

-int parse_yesno(const char *str, int def)

-	{

-	int ret = def;

-	if (str)

-		{

-		switch (*str)

-			{

-		case 'f': /* false */

-		case 'F': /* FALSE */

-		case 'n': /* no */

-		case 'N': /* NO */

-		case '0': /* 0 */

-			ret = 0;

-			break;

-		case 't': /* true */

-		case 'T': /* TRUE */

-		case 'y': /* yes */

-		case 'Y': /* YES */

-		case '1': /* 1 */

-			ret = 0;

-			break;

-		default:

-			ret = def;

-			break;

-			}

-		}

-	return ret;

-	}

-/*

- * subject is expected to be in the format /type0=value0/type1=value1/type2=...

- * where characters may be escaped by \

- */

-X509_NAME *parse_name(char *subject, long chtype, int multirdn)

-	{

-	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */

-	char *buf = OPENSSL_malloc(buflen);

-	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */

-	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));

-	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));

-	int *mval = OPENSSL_malloc (max_ne * sizeof (int));

-	char *sp = subject, *bp = buf;

-	int i, ne_num = 0;

-	X509_NAME *n = NULL;

-	int nid;

-	if (!buf || !ne_types || !ne_values)

-		{

-		BIO_printf(bio_err, "malloc error\n");

-		goto error;

-		}

-	if (*subject != '/')

-		{

-		BIO_printf(bio_err, "Subject does not start with '/'.\n");

-		goto error;

-		}

-	sp++; /* skip leading / */

-	/* no multivalued RDN by default */

-	mval[ne_num] = 0;

-	while (*sp)

-		{

-		/* collect type */

-		ne_types[ne_num] = bp;

-		while (*sp)

-			{

-			if (*sp == '\\') /* is there anything to escape in the type...? */

-				{

-				if (*++sp)

-					*bp++ = *sp++;

-				else

-					{

-					BIO_printf(bio_err, "escape character at end of string\n");

-					goto error;

-					}

-				}

-			else if (*sp == '=')

-				{

-				sp++;

-				*bp++ = '\0';

-				break;

-				}

-			else

-				*bp++ = *sp++;

-			}

-		if (!*sp)

-			{

-			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);

-			goto error;

-			}

-		ne_values[ne_num] = bp;

-		while (*sp)

-			{

-			if (*sp == '\\')

-				{

-				if (*++sp)

-					*bp++ = *sp++;

-				else

-					{

-					BIO_printf(bio_err, "escape character at end of string\n");

-					goto error;

-					}

-				}

-			else if (*sp == '/')

-				{

-				sp++;

-				/* no multivalued RDN by default */

-				mval[ne_num+1] = 0;

-				break;

-				}

-			else if (*sp == '+' && multirdn)

-				{

-				/* a not escaped + signals a mutlivalued RDN */

-				sp++;

-				mval[ne_num+1] = -1;

-				break;

-				}

-			else

-				*bp++ = *sp++;

-			}

-		*bp++ = '\0';

-		ne_num++;

-		}

-	if (!(n = X509_NAME_new()))

-		goto error;

-	for (i = 0; i < ne_num; i++)

-		{

-		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)

-			{

-			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);

-			continue;

-			}

-		if (!*ne_values[i])

-			{

-			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);

-			continue;

-			}

-		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))

-			goto error;

-		}

-	OPENSSL_free(ne_values);

-	OPENSSL_free(ne_types);

-	OPENSSL_free(buf);

-	return n;

-error:

-	X509_NAME_free(n);

-	if (ne_values)

-		OPENSSL_free(ne_values);

-	if (ne_types)

-		OPENSSL_free(ne_types);

-	if (buf)

-		OPENSSL_free(buf);

-	return NULL;

-}

-/* This code MUST COME AFTER anything that uses rename() */

-#ifdef OPENSSL_SYS_WIN32

-int WIN32_rename(const char *from, const char *to)

-	{

-#ifndef OPENSSL_SYS_WINCE

-	/* Windows rename gives an error if 'to' exists, so delete it

-	 * first and ignore file not found errror

-	 */

-	if((remove(to) != 0) && (errno != ENOENT))

-		return -1;

-#undef rename

-	return rename(from, to);

-#else

-	/* convert strings to UNICODE */

-	{

-	BOOL result = FALSE;

-	WCHAR* wfrom;

-	WCHAR* wto;

-	int i;

-	wfrom = malloc((strlen(from)+1)*2);

-	wto = malloc((strlen(to)+1)*2);

-	if (wfrom != NULL && wto != NULL)

-		{

-		for (i=0; i<(int)strlen(from)+1; i++)

-			wfrom[i] = (short)from[i];

-		for (i=0; i<(int)strlen(to)+1; i++)

-			wto[i] = (short)to[i];

-		result = MoveFile(wfrom, wto);

-		}

-	if (wfrom != NULL)

-		free(wfrom);

-	if (wto != NULL)

-		free(wto);

-	return result;

-	}

-#endif

-	}

-#endif

-int args_verify(char ***pargs, int *pargc,

-			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)

-	{

-	ASN1_OBJECT *otmp = NULL;

-	unsigned long flags = 0;

-	int i;

-	int purpose = 0;

-	char **oldargs = *pargs;

-	char *arg = **pargs, *argn = (*pargs)[1];

-	if (!strcmp(arg, "-policy"))

-		{

-		if (!argn)

-			*badarg = 1;

-		else

-			{

-			otmp = OBJ_txt2obj(argn, 0);

-			if (!otmp)

-				{

-				BIO_printf(err, "Invalid Policy \"%s\"\n",

-									argn);

-				*badarg = 1;

-				}

-			}

-		(*pargs)++;

-		}

-	else if (strcmp(arg,"-purpose") == 0)

-		{

-		X509_PURPOSE *xptmp;

-		if (!argn)

-			*badarg = 1;

-		else

-			{

-			i = X509_PURPOSE_get_by_sname(argn);

-			if(i < 0)

-				{

-				BIO_printf(err, "unrecognized purpose\n");

-				*badarg = 1;

-				}

-			else

-				{

-				xptmp = X509_PURPOSE_get0(i);

-				purpose = X509_PURPOSE_get_id(xptmp);

-				}

-			}

-		(*pargs)++;

-		}

-	else if (!strcmp(arg, "-ignore_critical"))

-		flags |= X509_V_FLAG_IGNORE_CRITICAL;

-	else if (!strcmp(arg, "-issuer_checks"))

-		flags |= X509_V_FLAG_CB_ISSUER_CHECK;

-	else if (!strcmp(arg, "-crl_check"))

-		flags |=  X509_V_FLAG_CRL_CHECK;

-	else if (!strcmp(arg, "-crl_check_all"))

-		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

-	else if (!strcmp(arg, "-policy_check"))

-		flags |= X509_V_FLAG_POLICY_CHECK;

-	else if (!strcmp(arg, "-explicit_policy"))

-		flags |= X509_V_FLAG_EXPLICIT_POLICY;

-	else if (!strcmp(arg, "-x509_strict"))

-		flags |= X509_V_FLAG_X509_STRICT;

-	else if (!strcmp(arg, "-policy_print"))

-		flags |= X509_V_FLAG_NOTIFY_POLICY;

-	else

-		return 0;

-	if (*badarg)

-		{

-		if (*pm)

-			X509_VERIFY_PARAM_free(*pm);

-		*pm = NULL;

-		goto end;

-		}

-	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))

-		{

-		*badarg = 1;

-		goto end;

-		}

-	if (otmp)

-		X509_VERIFY_PARAM_add0_policy(*pm, otmp);

-	if (flags)

-		X509_VERIFY_PARAM_set_flags(*pm, flags);

-	if (purpose)

-		X509_VERIFY_PARAM_set_purpose(*pm, purpose);

-	end:

-	(*pargs)++;

-	if (pargc)

-		*pargc -= *pargs - oldargs;

-	return 1;

-	}

-static void nodes_print(BIO *out, const char *name,

-	STACK_OF(X509_POLICY_NODE) *nodes)

-	{

-	X509_POLICY_NODE *node;

-	int i;

-	BIO_printf(out, "%s Policies:", name);

-	if (nodes)

-		{

-		BIO_puts(out, "\n");

-		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)

-			{

-			node = sk_X509_POLICY_NODE_value(nodes, i);

-			X509_POLICY_NODE_print(out, node, 2);

-			}

-		}

-	else

-		BIO_puts(out, " <empty>\n");

-	}

-void policies_print(BIO *out, X509_STORE_CTX *ctx)

-	{

-	X509_POLICY_TREE *tree;

-	int explicit_policy;

-	int free_out = 0;

-	if (out == NULL)

-		{

-		out = BIO_new_fp(stderr, BIO_NOCLOSE);

-		free_out = 1;

-		}

-	tree = X509_STORE_CTX_get0_policy_tree(ctx);

-	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);

-	BIO_printf(out, "Require explicit Policy: %s\n",

-				explicit_policy ? "True" : "False");

-	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));

-	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));

-	if (free_out)

-		BIO_free(out);

-	}

--- a/sys/src/ape/lib/openssl/apps/apps.h

+++ /dev/null

@@ -1,345 +1,0 @@

-/* apps/apps.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_APPS_H

-#define HEADER_APPS_H

-#include "e_os.h"

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#include <openssl/lhash.h>

-#include <openssl/conf.h>

-#include <openssl/txt_db.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/ossl_typ.h>

-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);

-int app_RAND_write_file(const char *file, BIO *bio_e);

-/* When `file' is NULL, use defaults.

- * `bio_e' is for error messages. */

-void app_RAND_allow_write_file(void);

-long app_RAND_load_files(char *file); /* `file' is a list of files to read,

-                                       * separated by LIST_SEPARATOR_CHAR

-                                       * (see e_os.h).  The string is

-                                       * destroyed! */

-#ifdef OPENSSL_SYS_WIN32

-#define rename(from,to) WIN32_rename((from),(to))

-int WIN32_rename(const char *oldname,const char *newname);

-#endif

-#ifndef MONOLITH

-#define MAIN(a,v)	main(a,v)

-#ifndef NON_MAIN

-CONF *config=NULL;

-BIO *bio_err=NULL;

-#else

-extern CONF *config;

-extern BIO *bio_err;

-#endif

-#else

-#define MAIN(a,v)	PROG(a,v)

-extern CONF *config;

-extern char *default_config_file;

-extern BIO *bio_err;

-#endif

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifdef SIGPIPE

-#define do_pipe_sig()	signal(SIGPIPE,SIG_IGN)

-#else

-#define do_pipe_sig()

-#endif

-#if defined(MONOLITH) && !defined(OPENSSL_C)

-#  define apps_startup() \

-		do_pipe_sig()

-#  define apps_shutdown()

-#else

-#  ifndef OPENSSL_NO_ENGINE

-#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \

-     defined(OPENSSL_SYS_WIN32)

-#      ifdef _O_BINARY

-#        define apps_startup() \

-			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \

-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \

-			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)

-#      else

-#        define apps_startup() \

-			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \

-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \

-			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)

-#      endif

-#    else

-#      define apps_startup() \

-			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \

-			ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \

-			setup_ui_method(); } while(0)

-#    endif

-#    define apps_shutdown() \

-			do { CONF_modules_unload(1); destroy_ui_method(); \

-			EVP_cleanup(); ENGINE_cleanup(); \

-			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \

-			ERR_free_strings(); } while(0)

-#  else

-#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \

-     defined(OPENSSL_SYS_WIN32)

-#      ifdef _O_BINARY

-#        define apps_startup() \

-			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \

-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \

-			setup_ui_method(); } while(0)

-#      else

-#        define apps_startup() \

-			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \

-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \

-			setup_ui_method(); } while(0)

-#      endif

-#    else

-#      define apps_startup() \

-			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \

-			ERR_load_crypto_strings(); \

-			setup_ui_method(); } while(0)

-#    endif

-#    define apps_shutdown() \

-			do { CONF_modules_unload(1); destroy_ui_method(); \

-			EVP_cleanup(); \

-			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \

-			ERR_free_strings(); } while(0)

-#  endif

-#endif

-typedef struct args_st

-	{

-	char **data;

-	int count;

-	} ARGS;

-#define PW_MIN_LENGTH 4

-typedef struct pw_cb_data

-	{

-	const void *password;

-	const char *prompt_info;

-	} PW_CB_DATA;

-int password_callback(char *buf, int bufsiz, int verify,

-	PW_CB_DATA *cb_data);

-int setup_ui_method(void);

-void destroy_ui_method(void);

-int should_retry(int i);

-int args_from_file(char *file, int *argc, char **argv[]);

-int str2fmt(char *s);

-void program_name(char *in,char *out,int size);

-int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);

-#ifdef HEADER_X509_H

-int dump_cert_text(BIO *out, X509 *x);

-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);

-#endif

-int set_cert_ex(unsigned long *flags, const char *arg);

-int set_name_ex(unsigned long *flags, const char *arg);

-int set_ext_copy(int *copy_type, const char *arg);

-int copy_extensions(X509 *x, X509_REQ *req, int copy_type);

-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);

-int add_oid_section(BIO *err, CONF *conf);

-X509 *load_cert(BIO *err, const char *file, int format,

-	const char *pass, ENGINE *e, const char *cert_descrip);

-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,

-	const char *pass, ENGINE *e, const char *key_descrip);

-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,

-	const char *pass, ENGINE *e, const char *key_descrip);

-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,

-	const char *pass, ENGINE *e, const char *cert_descrip);

-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);

-#ifndef OPENSSL_NO_ENGINE

-ENGINE *setup_engine(BIO *err, const char *engine, int debug);

-#endif

-int load_config(BIO *err, CONF *cnf);

-char *make_config_name(void);

-/* Functions defined in ca.c and also used in ocsp.c */

-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,

-			ASN1_GENERALIZEDTIME **pinvtm, const char *str);

-#define DB_type         0

-#define DB_exp_date     1

-#define DB_rev_date     2

-#define DB_serial       3       /* index - unique */

-#define DB_file         4

-#define DB_name         5       /* index - unique when active and not disabled */

-#define DB_NUMBER       6

-#define DB_TYPE_REV	'R'

-#define DB_TYPE_EXP	'E'

-#define DB_TYPE_VAL	'V'

-typedef struct db_attr_st

-	{

-	int unique_subject;

-	} DB_ATTR;

-typedef struct ca_db_st

-	{

-	DB_ATTR attributes;

-	TXT_DB *db;

-	} CA_DB;

-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);

-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);

-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);

-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);

-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);

-int index_index(CA_DB *db);

-int save_index(const char *dbfile, const char *suffix, CA_DB *db);

-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);

-void free_index(CA_DB *db);

-int index_name_cmp(const char **a, const char **b);

-int parse_yesno(const char *str, int def);

-X509_NAME *parse_name(char *str, long chtype, int multirdn);

-int args_verify(char ***pargs, int *pargc,

-			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);

-void policies_print(BIO *out, X509_STORE_CTX *ctx);

-#define FORMAT_UNDEF    0

-#define FORMAT_ASN1     1

-#define FORMAT_TEXT     2

-#define FORMAT_PEM      3

-#define FORMAT_NETSCAPE 4

-#define FORMAT_PKCS12   5

-#define FORMAT_SMIME    6

-#define FORMAT_ENGINE   7

-#define FORMAT_IISSGC	8	/* XXX this stupid macro helps us to avoid

-				 * adding yet another param to load_*key() */

-#define EXT_COPY_NONE	0

-#define EXT_COPY_ADD	1

-#define EXT_COPY_ALL	2

-#define NETSCAPE_CERT_HDR	"certificate"

-#define APP_PASS_LEN	1024

-#define SERIAL_RAND_BITS	64

-#endif

--- a/sys/src/ape/lib/openssl/apps/asn1pars.c

+++ /dev/null

@@ -1,444 +1,0 @@

-/* apps/asn1pars.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* A nice addition from Dr Stephen Henson <[email protected]> to

- * add the -strparse option which parses nested binary structures

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -in arg	- input file - default stdin

- * -i		- indent the details by depth

- * -offset	- where in the file to start

- * -length	- how many bytes to use

- * -oid file	- extra oid description file

- */

-#undef PROG

-#define PROG	asn1parse_main

-int MAIN(int, char **);

-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);

-int MAIN(int argc, char **argv)

-	{

-	int i,badops=0,offset=0,ret=1,j;

-	unsigned int length=0;

-	long num,tmplen;

-	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;

-	int informat,indent=0, noout = 0, dump = 0;

-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;

-	char *genstr=NULL, *genconf=NULL;

-	unsigned char *tmpbuf;

-	const unsigned char *ctmpbuf;

-	BUF_MEM *buf=NULL;

-	STACK *osk=NULL;

-	ASN1_TYPE *at=NULL;

-	informat=FORMAT_PEM;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	prog=argv[0];

-	argc--;

-	argv++;

-	if ((osk=sk_new_null()) == NULL)

-		{

-		BIO_printf(bio_err,"Memory allocation failure\n");

-		goto end;

-		}

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			derfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-i") == 0)

-			{

-			indent=1;

-			}

-		else if (strcmp(*argv,"-noout") == 0) noout = 1;

-		else if (strcmp(*argv,"-oid") == 0)

-			{

-			if (--argc < 1) goto bad;

-			oidfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-offset") == 0)

-			{

-			if (--argc < 1) goto bad;

-			offset= atoi(*(++argv));

-			}

-		else if (strcmp(*argv,"-length") == 0)

-			{

-			if (--argc < 1) goto bad;

-			length= atoi(*(++argv));

-			if (length == 0) goto bad;

-			}

-		else if (strcmp(*argv,"-dump") == 0)

-			{

-			dump= -1;

-			}

-		else if (strcmp(*argv,"-dlimit") == 0)

-			{

-			if (--argc < 1) goto bad;

-			dump= atoi(*(++argv));

-			if (dump <= 0) goto bad;

-			}

-		else if (strcmp(*argv,"-strparse") == 0)

-			{

-			if (--argc < 1) goto bad;

-			sk_push(osk,*(++argv));

-			}

-		else if (strcmp(*argv,"-genstr") == 0)

-			{

-			if (--argc < 1) goto bad;

-			genstr= *(++argv);

-			}

-		else if (strcmp(*argv,"-genconf") == 0)

-			{

-			if (--argc < 1) goto bad;

-			genconf= *(++argv);

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");

-		BIO_printf(bio_err," -in arg       input file\n");

-		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");

-		BIO_printf(bio_err," -noout arg    don't produce any output\n");

-		BIO_printf(bio_err," -offset arg   offset into file\n");

-		BIO_printf(bio_err," -length arg   length of section in file\n");

-		BIO_printf(bio_err," -i            indent entries\n");

-		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");

-		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");

-		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");

-		BIO_printf(bio_err," -strparse offset\n");

-		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");

-		BIO_printf(bio_err,"               ASN1 blob wrappings\n");

-		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");

-		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);

-#ifdef OPENSSL_SYS_VMS

-	{

-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	out = BIO_push(tmpbio, out);

-	}

-#endif

-	if (oidfile != NULL)

-		{

-		if (BIO_read_filename(in,oidfile) <= 0)

-			{

-			BIO_printf(bio_err,"problems opening %s\n",oidfile);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		OBJ_create_objects(in);

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if (derfile) {

-		if(!(derout = BIO_new_file(derfile, "wb"))) {

-			BIO_printf(bio_err,"problems opening %s\n",derfile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	}

-	if ((buf=BUF_MEM_new()) == NULL) goto end;

-	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */

-	if (genstr || genconf)

-		{

-		num = do_generate(bio_err, genstr, genconf, buf);

-		if (num < 0)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	else

-		{

-		if (informat == FORMAT_PEM)

-			{

-			BIO *tmp;

-			if ((b64=BIO_new(BIO_f_base64())) == NULL)

-				goto end;

-			BIO_push(b64,in);

-			tmp=in;

-			in=b64;

-			b64=tmp;

-			}

-		num=0;

-		for (;;)

-			{

-			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;

-			i=BIO_read(in,&(buf->data[num]),BUFSIZ);

-			if (i <= 0) break;

-			num+=i;

-			}

-		}

-	str=buf->data;

-	/* If any structs to parse go through in sequence */

-	if (sk_num(osk))

-		{

-		tmpbuf=(unsigned char *)str;

-		tmplen=num;

-		for (i=0; i<sk_num(osk); i++)

-			{

-			ASN1_TYPE *atmp;

-			int typ;

-			j=atoi(sk_value(osk,i));

-			if (j == 0)

-				{

-				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));

-				continue;

-				}

-			tmpbuf+=j;

-			tmplen-=j;

-			atmp = at;

-			ctmpbuf = tmpbuf;

-			at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);

-			ASN1_TYPE_free(atmp);

-			if(!at)

-				{

-				BIO_printf(bio_err,"Error parsing structure\n");

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			typ = ASN1_TYPE_get(at);

-			if ((typ == V_ASN1_OBJECT)

-				|| (typ == V_ASN1_NULL))

-				{

-				BIO_printf(bio_err, "Can't parse %s type\n",

-					typ == V_ASN1_NULL ? "NULL" : "OBJECT");

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			/* hmm... this is a little evil but it works */

-			tmpbuf=at->value.asn1_string->data;

-			tmplen=at->value.asn1_string->length;

-			}

-		str=(char *)tmpbuf;

-		num=tmplen;

-		}

-	if (offset >= num)

-		{

-		BIO_printf(bio_err, "Error: offset too large\n");

-		goto end;

-		}

-	num -= offset;

-	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;

-	if(derout) {

-		if(BIO_write(derout, str + offset, length) != (int)length) {

-			BIO_printf(bio_err, "Error writing output\n");

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	}

-	if (!noout &&

-	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,

-		    indent,dump))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	ret=0;

-end:

-	BIO_free(derout);

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (b64 != NULL) BIO_free(b64);

-	if (ret != 0)

-		ERR_print_errors(bio_err);

-	if (buf != NULL) BUF_MEM_free(buf);

-	if (at != NULL) ASN1_TYPE_free(at);

-	if (osk != NULL) sk_free(osk);

-	OBJ_cleanup();

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)

-	{

-	CONF *cnf = NULL;

-	int len;

-	long errline;

-	unsigned char *p;

-	ASN1_TYPE *atyp = NULL;

-	if (genconf)

-		{

-		cnf = NCONF_new(NULL);

-		if (!NCONF_load(cnf, genconf, &errline))

-			goto conferr;

-		if (!genstr)

-			genstr = NCONF_get_string(cnf, "default", "asn1");

-		if (!genstr)

-			{

-			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);

-			goto err;

-			}

-		}

-	atyp = ASN1_generate_nconf(genstr, cnf);

-	NCONF_free(cnf);

-	if (!atyp)

-		return -1;

-	len = i2d_ASN1_TYPE(atyp, NULL);

-	if (len <= 0)

-		goto err;

-	if (!BUF_MEM_grow(buf,len))

-		goto err;

-	p=(unsigned char *)buf->data;

-	i2d_ASN1_TYPE(atyp, &p);

-	ASN1_TYPE_free(atyp);

-	return len;

-	conferr:

-	if (errline > 0)

-		BIO_printf(bio, "Error on line %ld of config file '%s'\n",

-							errline, genconf);

-	else

-		BIO_printf(bio, "Error loading config file '%s'\n", genconf);

-	err:

-	NCONF_free(cnf);

-	ASN1_TYPE_free(atyp);

-	return -1;

-	}

--- a/sys/src/ape/lib/openssl/apps/ca-cert.srl

+++ /dev/null

@@ -1,1 +1,0 @@

-07

--- a/sys/src/ape/lib/openssl/apps/ca-key.pem

+++ /dev/null

@@ -1,15 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425

-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd

-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB

-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6

-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2

-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs

-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL

-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s

-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz

-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa

-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb

-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2

-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/ca-req.pem

+++ /dev/null

@@ -1,11 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx

-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx

-MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy

-bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d

-FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe

-cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7

-cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR

-5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW

-kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/apps/ca.c

+++ /dev/null

@@ -1,3003 +1,0 @@

-/* apps/ca.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* The PPKI stuff has been donated by Jeff Barber <[email protected]> */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <ctype.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include <openssl/conf.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/txt_db.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/objects.h>

-#include <openssl/ocsp.h>

-#include <openssl/pem.h>

-#ifndef W_OK

-#  ifdef OPENSSL_SYS_VMS

-#    if defined(__DECC)

-#      include <unistd.h>

-#    else

-#      include <unixlib.h>

-#    endif

-#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(PLAN9)

-#    include <sys/file.h>

-#  endif

-#endif

-#include "apps.h"

-#ifndef W_OK

-#  define F_OK 0

-#  define X_OK 1

-#  define W_OK 2

-#  define R_OK 4

-#endif

-#undef PROG

-#define PROG ca_main

-#define BASE_SECTION	"ca"

-#define CONFIG_FILE "openssl.cnf"

-#define ENV_DEFAULT_CA		"default_ca"

-#define STRING_MASK	"string_mask"

-#define UTF8_IN			"utf8"

-#define ENV_DIR			"dir"

-#define ENV_CERTS		"certs"

-#define ENV_CRL_DIR		"crl_dir"

-#define ENV_CA_DB		"CA_DB"

-#define ENV_NEW_CERTS_DIR	"new_certs_dir"

-#define ENV_CERTIFICATE 	"certificate"

-#define ENV_SERIAL		"serial"

-#define ENV_CRLNUMBER		"crlnumber"

-#define ENV_CRL			"crl"

-#define ENV_PRIVATE_KEY		"private_key"

-#define ENV_RANDFILE		"RANDFILE"

-#define ENV_DEFAULT_DAYS 	"default_days"

-#define ENV_DEFAULT_STARTDATE 	"default_startdate"

-#define ENV_DEFAULT_ENDDATE 	"default_enddate"

-#define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"

-#define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"

-#define ENV_DEFAULT_MD		"default_md"

-#define ENV_DEFAULT_EMAIL_DN	"email_in_dn"

-#define ENV_PRESERVE		"preserve"

-#define ENV_POLICY      	"policy"

-#define ENV_EXTENSIONS      	"x509_extensions"

-#define ENV_CRLEXT      	"crl_extensions"

-#define ENV_MSIE_HACK		"msie_hack"

-#define ENV_NAMEOPT		"name_opt"

-#define ENV_CERTOPT		"cert_opt"

-#define ENV_EXTCOPY		"copy_extensions"

-#define ENV_UNIQUE_SUBJECT	"unique_subject"

-#define ENV_DATABASE		"database"

-/* Additional revocation information types */

-#define REV_NONE		0	/* No addditional information */

-#define REV_CRL_REASON		1	/* Value is CRL reason code */

-#define REV_HOLD		2	/* Value is hold instruction */

-#define REV_KEY_COMPROMISE	3	/* Value is cert key compromise time */

-#define REV_CA_COMPROMISE	4	/* Value is CA key compromise time */

-static const char *ca_usage[]={

-"usage: ca args\n",

-"\n",

-" -verbose        - Talk alot while doing things\n",

-" -config file    - A config file\n",

-" -name arg       - The particular CA definition to use\n",

-" -gencrl         - Generate a new CRL\n",

-" -crldays days   - Days is when the next CRL is due\n",

-" -crlhours hours - Hours is when the next CRL is due\n",

-" -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",

-" -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",

-" -days arg       - number of days to certify the certificate for\n",

-" -md arg         - md to use, one of md2, md5, sha or sha1\n",

-" -policy arg     - The CA 'policy' to support\n",

-" -keyfile arg    - private key file\n",

-" -keyform arg    - private key file format (PEM or ENGINE)\n",

-" -key arg        - key to decode the private key if it is encrypted\n",

-" -cert file      - The CA certificate\n",

-" -selfsign       - sign a certificate with the key associated with it\n",

-" -in file        - The input PEM encoded certificate request(s)\n",

-" -out file       - Where to put the output file(s)\n",

-" -outdir dir     - Where to put output certificates\n",

-" -infiles ....   - The last argument, requests to process\n",

-" -spkac file     - File contains DN and signed public key and challenge\n",

-" -ss_cert file   - File contains a self signed cert to sign\n",

-" -preserveDN     - Don't re-order the DN\n",

-" -noemailDN      - Don't add the EMAIL field into certificate' subject\n",

-" -batch          - Don't ask questions\n",

-" -msie_hack      - msie modifications to handle all those universal strings\n",

-" -revoke file    - Revoke a certificate (given in file)\n",

-" -subj arg       - Use arg instead of request's subject\n",

-" -utf8           - input characters are UTF8 (default ASCII)\n",

-" -multivalue-rdn - enable support for multivalued RDNs\n",

-" -extensions ..  - Extension section (override value in config file)\n",

-" -extfile file   - Configuration file with X509v3 extentions to add\n",

-" -crlexts ..     - CRL extension section (override value in config file)\n",

-#ifndef OPENSSL_NO_ENGINE

-" -engine e       - use engine e, possibly a hardware device.\n",

-#endif

-" -status serial  - Shows certificate status given the serial number\n",

-" -updatedb       - Updates db for expired certificates\n",

-NULL

-};

-#ifdef EFENCE

-extern int EF_PROTECT_FREE;

-extern int EF_PROTECT_BELOW;

-extern int EF_ALIGNMENT;

-#endif

-static void lookup_fail(const char *name, const char *tag);

-static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

-		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,

-		   BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,

-		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,

-		   int verbose, unsigned long certopt, unsigned long nameopt,

-		   int default_op, int ext_copy, int selfsign);

-static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

-			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,

-			CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,

-			char *startdate, char *enddate, long days, int batch,

-			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,

-			unsigned long nameopt, int default_op, int ext_copy,

-			ENGINE *e);

-static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

-			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,

-			 CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,

-			 char *startdate, char *enddate, long days, char *ext_sect,

-			 CONF *conf, int verbose, unsigned long certopt,

-			 unsigned long nameopt, int default_op, int ext_copy);

-static int fix_data(int nid, int *type);

-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);

-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,

-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,

-	int email_dn, char *startdate, char *enddate, long days, int batch,

-       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,

-	unsigned long certopt, unsigned long nameopt, int default_op,

-	int ext_copy, int selfsign);

-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);

-static int get_certificate_status(const char *ser_status, CA_DB *db);

-static int do_updatedb(CA_DB *db);

-static int check_time_format(char *str);

-char *make_revocation_str(int rev_type, char *rev_arg);

-int make_revoked(X509_REVOKED *rev, const char *str);

-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);

-static CONF *conf=NULL;

-static CONF *extconf=NULL;

-static char *section=NULL;

-static int preserve=0;

-static int msie_hack=0;

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	char *key=NULL,*passargin=NULL;

-	int create_ser = 0;

-	int free_key = 0;

-	int total=0;

-	int total_done=0;

-	int badops=0;

-	int ret=1;

-	int email_dn=1;

-	int req=0;

-	int verbose=0;

-	int gencrl=0;

-	int dorevoke=0;

-	int doupdatedb=0;

-	long crldays=0;

-	long crlhours=0;

-	long errorline= -1;

-	char *configfile=NULL;

-	char *md=NULL;

-	char *policy=NULL;

-	char *keyfile=NULL;

-	char *certfile=NULL;

-	int keyform=FORMAT_PEM;

-	char *infile=NULL;

-	char *spkac_file=NULL;

-	char *ss_cert_file=NULL;

-	char *ser_status=NULL;

-	EVP_PKEY *pkey=NULL;

-	int output_der = 0;

-	char *outfile=NULL;

-	char *outdir=NULL;

-	char *serialfile=NULL;

-	char *crlnumberfile=NULL;

-	char *extensions=NULL;

-	char *extfile=NULL;

-	char *subj=NULL;

-	unsigned long chtype = MBSTRING_ASC;

-	int multirdn = 0;

-	char *tmp_email_dn=NULL;

-	char *crl_ext=NULL;

-	int rev_type = REV_NONE;

-	char *rev_arg = NULL;

-	BIGNUM *serial=NULL;

-	BIGNUM *crlnumber=NULL;

-	char *startdate=NULL;

-	char *enddate=NULL;

-	long days=0;

-	int batch=0;

-	int notext=0;

-	unsigned long nameopt = 0, certopt = 0;

-	int default_op = 1;

-	int ext_copy = EXT_COPY_NONE;

-	int selfsign = 0;

-	X509 *x509=NULL, *x509p = NULL;

-	X509 *x=NULL;

-	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;

-	char *dbfile=NULL;

-	CA_DB *db=NULL;

-	X509_CRL *crl=NULL;

-	X509_REVOKED *r=NULL;

-	ASN1_TIME *tmptm;

-	ASN1_INTEGER *tmpser;

-	char *f;

-	const char *p, **pp;

-	int i,j;

-	const EVP_MD *dgst=NULL;

-	STACK_OF(CONF_VALUE) *attribs=NULL;

-	STACK_OF(X509) *cert_sk=NULL;

-#undef BSIZE

-#define BSIZE 256

-	MS_STATIC char buf[3][BSIZE];

-	char *randfile=NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine = NULL;

-#endif

-	char *tofree=NULL;

-	DB_ATTR db_attr;

-#ifdef EFENCE

-EF_PROTECT_FREE=1;

-EF_PROTECT_BELOW=1;

-EF_ALIGNMENT=0;

-#endif

-	apps_startup();

-	conf = NULL;

-	key = NULL;

-	section = NULL;

-	preserve=0;

-	msie_hack=0;

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	(strcmp(*argv,"-verbose") == 0)

-			verbose=1;

-		else if	(strcmp(*argv,"-config") == 0)

-			{

-			if (--argc < 1) goto bad;

-			configfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-name") == 0)

-			{

-			if (--argc < 1) goto bad;

-			section= *(++argv);

-			}

-		else if (strcmp(*argv,"-subj") == 0)

-			{

-			if (--argc < 1) goto bad;

-			subj= *(++argv);

-			/* preserve=1; */

-			}

-		else if (strcmp(*argv,"-utf8") == 0)

-			chtype = MBSTRING_UTF8;

-		else if (strcmp(*argv,"-create_serial") == 0)

-			create_ser = 1;

-		else if (strcmp(*argv,"-multivalue-rdn") == 0)

-			multirdn=1;

-		else if (strcmp(*argv,"-startdate") == 0)

-			{

-			if (--argc < 1) goto bad;

-			startdate= *(++argv);

-			}

-		else if (strcmp(*argv,"-enddate") == 0)

-			{

-			if (--argc < 1) goto bad;

-			enddate= *(++argv);

-			}

-		else if (strcmp(*argv,"-days") == 0)

-			{

-			if (--argc < 1) goto bad;

-			days=atoi(*(++argv));

-			}

-		else if (strcmp(*argv,"-md") == 0)

-			{

-			if (--argc < 1) goto bad;

-			md= *(++argv);

-			}

-		else if (strcmp(*argv,"-policy") == 0)

-			{

-			if (--argc < 1) goto bad;

-			policy= *(++argv);

-			}

-		else if (strcmp(*argv,"-keyfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-keyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyform=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			key= *(++argv);

-			}

-		else if (strcmp(*argv,"-cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			certfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-selfsign") == 0)

-			selfsign=1;

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			req=1;

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-outdir") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outdir= *(++argv);

-			}

-		else if (strcmp(*argv,"-notext") == 0)

-			notext=1;

-		else if (strcmp(*argv,"-batch") == 0)

-			batch=1;

-		else if (strcmp(*argv,"-preserveDN") == 0)

-			preserve=1;

-		else if (strcmp(*argv,"-noemailDN") == 0)

-			email_dn=0;

-		else if (strcmp(*argv,"-gencrl") == 0)

-			gencrl=1;

-		else if (strcmp(*argv,"-msie_hack") == 0)

-			msie_hack=1;

-		else if (strcmp(*argv,"-crldays") == 0)

-			{

-			if (--argc < 1) goto bad;

-			crldays= atol(*(++argv));

-			}

-		else if (strcmp(*argv,"-crlhours") == 0)

-			{

-			if (--argc < 1) goto bad;

-			crlhours= atol(*(++argv));

-			}

-		else if (strcmp(*argv,"-infiles") == 0)

-			{

-			argc--;

-			argv++;

-			req=1;

-			break;

-			}

-		else if (strcmp(*argv, "-ss_cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			ss_cert_file = *(++argv);

-			req=1;

-			}

-		else if (strcmp(*argv, "-spkac") == 0)

-			{

-			if (--argc < 1) goto bad;

-			spkac_file = *(++argv);

-			req=1;

-			}

-		else if (strcmp(*argv,"-revoke") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			dorevoke=1;

-			}

-		else if (strcmp(*argv,"-extensions") == 0)

-			{

-			if (--argc < 1) goto bad;

-			extensions= *(++argv);

-			}

-		else if (strcmp(*argv,"-extfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			extfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-status") == 0)

-			{

-			if (--argc < 1) goto bad;

-			ser_status= *(++argv);

-			}

-		else if (strcmp(*argv,"-updatedb") == 0)

-			{

-			doupdatedb=1;

-			}

-		else if (strcmp(*argv,"-crlexts") == 0)

-			{

-			if (--argc < 1) goto bad;

-			crl_ext= *(++argv);

-			}

-		else if (strcmp(*argv,"-crl_reason") == 0)

-			{

-			if (--argc < 1) goto bad;

-			rev_arg = *(++argv);

-			rev_type = REV_CRL_REASON;

-			}

-		else if (strcmp(*argv,"-crl_hold") == 0)

-			{

-			if (--argc < 1) goto bad;

-			rev_arg = *(++argv);

-			rev_type = REV_HOLD;

-			}

-		else if (strcmp(*argv,"-crl_compromise") == 0)

-			{

-			if (--argc < 1) goto bad;

-			rev_arg = *(++argv);

-			rev_type = REV_KEY_COMPROMISE;

-			}

-		else if (strcmp(*argv,"-crl_CA_compromise") == 0)

-			{

-			if (--argc < 1) goto bad;

-			rev_arg = *(++argv);

-			rev_type = REV_CA_COMPROMISE;

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else

-			{

-bad:

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-		for (pp=ca_usage; (*pp != NULL); pp++)

-			BIO_printf(bio_err,"%s",*pp);

-		goto err;

-		}

-	ERR_load_crypto_strings();

-	/*****************************************************************/

-	tofree=NULL;

-	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");

-	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");

-	if (configfile == NULL)

-		{

-		const char *s=X509_get_default_cert_area();

-		size_t len;

-#ifdef OPENSSL_SYS_VMS

-		len = strlen(s)+sizeof(CONFIG_FILE);

-		tofree=OPENSSL_malloc(len);

-		strcpy(tofree,s);

-#else

-		len = strlen(s)+sizeof(CONFIG_FILE)+1;

-		tofree=OPENSSL_malloc(len);

-		BUF_strlcpy(tofree,s,len);

-		BUF_strlcat(tofree,"/",len);

-#endif

-		BUF_strlcat(tofree,CONFIG_FILE,len);

-		configfile=tofree;

-		}

-	BIO_printf(bio_err,"Using configuration from %s\n",configfile);

-	conf = NCONF_new(NULL);

-	if (NCONF_load(conf,configfile,&errorline) <= 0)

-		{

-		if (errorline <= 0)

-			BIO_printf(bio_err,"error loading the config file '%s'\n",

-				configfile);

-		else

-			BIO_printf(bio_err,"error on line %ld of config file '%s'\n"

-				,errorline,configfile);

-		goto err;

-		}

-	if(tofree)

-		{

-		OPENSSL_free(tofree);

-		tofree = NULL;

-		}

-	if (!load_config(bio_err, conf))

-		goto err;

-#ifndef OPENSSL_NO_ENGINE

-	e = setup_engine(bio_err, engine, 0);

-#endif

-	/* Lets get the config section we are using */

-	if (section == NULL)

-		{

-		section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);

-		if (section == NULL)

-			{

-			lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);

-			goto err;

-			}

-		}

-	if (conf != NULL)

-		{

-		p=NCONF_get_string(conf,NULL,"oid_file");

-		if (p == NULL)

-			ERR_clear_error();

-		if (p != NULL)

-			{

-			BIO *oid_bio;

-			oid_bio=BIO_new_file(p,"r");

-			if (oid_bio == NULL)

-				{

-				/*

-				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);

-				ERR_print_errors(bio_err);

-				*/

-				ERR_clear_error();

-				}

-			else

-				{

-				OBJ_create_objects(oid_bio);

-				BIO_free(oid_bio);

-				}

-			}

-		if (!add_oid_section(bio_err,conf))

-			{

-			ERR_print_errors(bio_err);

-			goto err;

-			}

-		}

-	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");

-	if (randfile == NULL)

-		ERR_clear_error();

-	app_RAND_load_file(randfile, bio_err, 0);

-	f = NCONF_get_string(conf, section, STRING_MASK);

-	if (!f)

-		ERR_clear_error();

-	if(f && !ASN1_STRING_set_default_mask_asc(f)) {

-		BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);

-		goto err;

-	}

-	if (chtype != MBSTRING_UTF8){

-		f = NCONF_get_string(conf, section, UTF8_IN);

-		if (!f)

-			ERR_clear_error();

-		else if (!strcmp(f, "yes"))

-			chtype = MBSTRING_UTF8;

-	}

-	db_attr.unique_subject = 1;

-	p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);

-	if (p)

-		{

-#ifdef RL_DEBUG

-		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);

-#endif

-		db_attr.unique_subject = parse_yesno(p,1);

-		}

-	else

-		ERR_clear_error();

-#ifdef RL_DEBUG

-	if (!p)

-		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);

-#endif

-#ifdef RL_DEBUG

-	BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",

-		db_attr.unique_subject);

-#endif

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	Sout=BIO_new(BIO_s_file());

-	Cout=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	/*****************************************************************/

-	/* report status of cert with serial number given on command line */

-	if (ser_status)

-	{

-		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)

-			{

-			lookup_fail(section,ENV_DATABASE);

-			goto err;

-			}

-		db = load_index(dbfile,&db_attr);

-		if (db == NULL) goto err;

-		if (!index_index(db)) goto err;

-		if (get_certificate_status(ser_status,db) != 1)

-			BIO_printf(bio_err,"Error verifying serial %s!\n",

-				 ser_status);

-		goto err;

-	}

-	/*****************************************************************/

-	/* we definitely need a private key, so let's get it */

-	if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,

-		section,ENV_PRIVATE_KEY)) == NULL))

-		{

-		lookup_fail(section,ENV_PRIVATE_KEY);

-		goto err;

-		}

-	if (!key)

-		{

-		free_key = 1;

-		if (!app_passwd(bio_err, passargin, NULL, &key, NULL))

-			{

-			BIO_printf(bio_err,"Error getting password\n");

-			goto err;

-			}

-		}

-	pkey = load_key(bio_err, keyfile, keyform, 0, key, e,

-		"CA private key");

-	if (key) OPENSSL_cleanse(key,strlen(key));

-	if (pkey == NULL)

-		{

-		/* load_key() has already printed an appropriate message */

-		goto err;

-		}

-	/*****************************************************************/

-	/* we need a certificate */

-	if (!selfsign || spkac_file || ss_cert_file || gencrl)

-		{

-		if ((certfile == NULL)

-			&& ((certfile=NCONF_get_string(conf,

-				     section,ENV_CERTIFICATE)) == NULL))

-			{

-			lookup_fail(section,ENV_CERTIFICATE);

-			goto err;

-			}

-		x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,

-			"CA certificate");

-		if (x509 == NULL)

-			goto err;

-		if (!X509_check_private_key(x509,pkey))

-			{

-			BIO_printf(bio_err,"CA certificate and CA private key do not match\n");

-			goto err;

-			}

-		}

-	if (!selfsign) x509p = x509;

-	f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);

-	if (f == NULL)

-		ERR_clear_error();

-	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))

-		preserve=1;

-	f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);

-	if (f == NULL)

-		ERR_clear_error();

-	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))

-		msie_hack=1;

-	f=NCONF_get_string(conf,section,ENV_NAMEOPT);

-	if (f)

-		{

-		if (!set_name_ex(&nameopt, f))

-			{

-			BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);

-			goto err;

-			}

-		default_op = 0;

-		}

-	else

-		ERR_clear_error();

-	f=NCONF_get_string(conf,section,ENV_CERTOPT);

-	if (f)

-		{

-		if (!set_cert_ex(&certopt, f))

-			{

-			BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);

-			goto err;

-			}

-		default_op = 0;

-		}

-	else

-		ERR_clear_error();

-	f=NCONF_get_string(conf,section,ENV_EXTCOPY);

-	if (f)

-		{

-		if (!set_ext_copy(&ext_copy, f))

-			{

-			BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);

-			goto err;

-			}

-		}

-	else

-		ERR_clear_error();

-	/*****************************************************************/

-	/* lookup where to write new certificates */

-	if ((outdir == NULL) && (req))

-		{

-		struct stat sb;

-		if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))

-			== NULL)

-			{

-			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");

-			goto err;

-			}

-#ifndef OPENSSL_SYS_VMS

-	    /* outdir is a directory spec, but access() for VMS demands a

-	       filename.  In any case, stat(), below, will catch the problem

-	       if outdir is not a directory spec, and the fopen() or open()

-	       will catch an error if there is no write access.

-	       Presumably, this problem could also be solved by using the DEC

-	       C routines to convert the directory syntax to Unixly, and give

-	       that to access().  However, time's too short to do that just

-	       now.

-	    */

-		if (access(outdir,R_OK|W_OK|X_OK) != 0)

-			{

-			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);

-			perror(outdir);

-			goto err;

-			}

-		if (stat(outdir,&sb) != 0)

-			{

-			BIO_printf(bio_err,"unable to stat(%s)\n",outdir);

-			perror(outdir);

-			goto err;

-			}

-#ifdef S_IFDIR

-		if (!(sb.st_mode & S_IFDIR))

-			{

-			BIO_printf(bio_err,"%s need to be a directory\n",outdir);

-			perror(outdir);

-			goto err;

-			}

-#endif

-#endif

-		}

-	/*****************************************************************/

-	/* we need to load the database file */

-	if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)

-		{

-		lookup_fail(section,ENV_DATABASE);

-		goto err;

-		}

-	db = load_index(dbfile, &db_attr);

-	if (db == NULL) goto err;

-	/* Lets check some fields */

-	for (i=0; i<sk_num(db->db->data); i++)

-		{

-		pp=(const char **)sk_value(db->db->data,i);

-		if ((pp[DB_type][0] != DB_TYPE_REV) &&

-			(pp[DB_rev_date][0] != '\0'))

-			{

-			BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);

-			goto err;

-			}

-		if ((pp[DB_type][0] == DB_TYPE_REV) &&

-			!make_revoked(NULL, pp[DB_rev_date]))

-			{

-			BIO_printf(bio_err," in entry %d\n", i+1);

-			goto err;

-			}

-		if (!check_time_format((char *)pp[DB_exp_date]))

-			{

-			BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);

-			goto err;

-			}

-		p=pp[DB_serial];

-		j=strlen(p);

-		if (*p == '-')

-			{

-			p++;

-			j--;

-			}

-		if ((j&1) || (j < 2))

-			{

-			BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);

-			goto err;

-			}

-		while (*p)

-			{

-			if (!(	((*p >= '0') && (*p <= '9')) ||

-				((*p >= 'A') && (*p <= 'F')) ||

-				((*p >= 'a') && (*p <= 'f')))  )

-				{

-				BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);

-				goto err;

-				}

-			p++;

-			}

-		}

-	if (verbose)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		TXT_DB_write(out,db->db);

-		BIO_printf(bio_err,"%d entries loaded from the database\n",

-			db->db->data->num);

-		BIO_printf(bio_err,"generating index\n");

-		}

-	if (!index_index(db)) goto err;

-	/*****************************************************************/

-	/* Update the db file for expired certificates */

-	if (doupdatedb)

-		{

-		if (verbose)

-			BIO_printf(bio_err, "Updating %s ...\n",

-							dbfile);

-		i = do_updatedb(db);

-		if (i == -1)

-			{

-			BIO_printf(bio_err,"Malloc failure\n");

-			goto err;

-			}

-		else if (i == 0)

-			{

-			if (verbose) BIO_printf(bio_err,

-					"No entries found to mark expired\n");

-			}

-	    	else

-			{

-			if (!save_index(dbfile,"new",db)) goto err;

-			if (!rotate_index(dbfile,"new","old")) goto err;

-			if (verbose) BIO_printf(bio_err,

-				"Done. %d entries marked as expired\n",i);

-	      		}

-	  	}

- 	/*****************************************************************/

-	/* Read extentions config file                                   */

-	if (extfile)

-		{

-		extconf = NCONF_new(NULL);

-		if (NCONF_load(extconf,extfile,&errorline) <= 0)

-			{

-			if (errorline <= 0)

-				BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",

-					extfile);

-			else

-				BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",

-					errorline,extfile);

-			ret = 1;

-			goto err;

-			}

-		if (verbose)

-			BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);

-		/* We can have sections in the ext file */

-		if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))

-			extensions = "default";

-		}

-	/*****************************************************************/

-	if (req || gencrl)

-		{

-		if (outfile != NULL)

-			{

-			if (BIO_write_filename(Sout,outfile) <= 0)

-				{

-				perror(outfile);

-				goto err;

-				}

-			}

-		else

-			{

-			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			Sout = BIO_push(tmpbio, Sout);

-			}

-#endif

-			}

-		}

-	if ((md == NULL) && ((md=NCONF_get_string(conf,

-		section,ENV_DEFAULT_MD)) == NULL))

-		{

-		lookup_fail(section,ENV_DEFAULT_MD);

-		goto err;

-		}

-	if ((dgst=EVP_get_digestbyname(md)) == NULL)

-		{

-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);

-		goto err;

-		}

-	if (req)

-		{

-		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,

-			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))

-			{

-			if(strcmp(tmp_email_dn,"no") == 0)

-				email_dn=0;

-			}

-		if (verbose)

-			BIO_printf(bio_err,"message digest is %s\n",

-				OBJ_nid2ln(dgst->type));

-		if ((policy == NULL) && ((policy=NCONF_get_string(conf,

-			section,ENV_POLICY)) == NULL))

-			{

-			lookup_fail(section,ENV_POLICY);

-			goto err;

-			}

-		if (verbose)

-			BIO_printf(bio_err,"policy is %s\n",policy);

-		if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))

-			== NULL)

-			{

-			lookup_fail(section,ENV_SERIAL);

-			goto err;

-			}

-		if (!extconf)

-			{

-			/* no '-extfile' option, so we look for extensions

-			 * in the main configuration file */

-			if (!extensions)

-				{

-				extensions=NCONF_get_string(conf,section,

-								ENV_EXTENSIONS);

-				if (!extensions)

-					ERR_clear_error();

-				}

-			if (extensions)

-				{

-				/* Check syntax of file */

-				X509V3_CTX ctx;

-				X509V3_set_ctx_test(&ctx);

-				X509V3_set_nconf(&ctx, conf);

-				if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,

-								NULL))

-					{

-					BIO_printf(bio_err,

-				 	"Error Loading extension section %s\n",

-								 extensions);

-					ret = 1;

-					goto err;

-					}

-				}

-			}

-		if (startdate == NULL)

-			{

-			startdate=NCONF_get_string(conf,section,

-				ENV_DEFAULT_STARTDATE);

-			if (startdate == NULL)

-				ERR_clear_error();

-			}

-		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))

-			{

-			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");

-			goto err;

-			}

-		if (startdate == NULL) startdate="today";

-		if (enddate == NULL)

-			{

-			enddate=NCONF_get_string(conf,section,

-				ENV_DEFAULT_ENDDATE);

-			if (enddate == NULL)

-				ERR_clear_error();

-			}

-		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))

-			{

-			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");

-			goto err;

-			}

-		if (days == 0)

-			{

-			if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))

-				days = 0;

-			}

-		if (!enddate && (days == 0))

-			{

-			BIO_printf(bio_err,"cannot lookup how many days to certify for\n");

-			goto err;

-			}

-		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)

-			{

-			BIO_printf(bio_err,"error while loading serial number\n");

-			goto err;

-			}

-		if (verbose)

-			{

-			if (BN_is_zero(serial))

-				BIO_printf(bio_err,"next serial number is 00\n");

-			else

-				{

-				if ((f=BN_bn2hex(serial)) == NULL) goto err;

-				BIO_printf(bio_err,"next serial number is %s\n",f);

-				OPENSSL_free(f);

-				}

-			}

-		if ((attribs=NCONF_get_section(conf,policy)) == NULL)

-			{

-			BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);

-			goto err;

-			}

-		if ((cert_sk=sk_X509_new_null()) == NULL)

-			{

-			BIO_printf(bio_err,"Memory allocation failure\n");

-			goto err;

-			}

-		if (spkac_file != NULL)

-			{

-			total++;

-			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,

-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,

-				conf,verbose,certopt,nameopt,default_op,ext_copy);

-			if (j < 0) goto err;

-			if (j > 0)

-				{

-				total_done++;

-				BIO_printf(bio_err,"\n");

-				if (!BN_add_word(serial,1)) goto err;

-				if (!sk_X509_push(cert_sk,x))

-					{

-					BIO_printf(bio_err,"Memory allocation failure\n");

-					goto err;

-					}

-				if (outfile)

-					{

-					output_der = 1;

-					batch = 1;

-					}

-				}

-			}

-		if (ss_cert_file != NULL)

-			{

-			total++;

-			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,

-				db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,

-				extensions,conf,verbose, certopt, nameopt,

-				default_op, ext_copy, e);

-			if (j < 0) goto err;

-			if (j > 0)

-				{

-				total_done++;

-				BIO_printf(bio_err,"\n");

-				if (!BN_add_word(serial,1)) goto err;

-				if (!sk_X509_push(cert_sk,x))

-					{

-					BIO_printf(bio_err,"Memory allocation failure\n");

-					goto err;

-					}

-				}

-			}

-		if (infile != NULL)

-			{

-			total++;

-			j=certify(&x,infile,pkey,x509p,dgst,attribs,db,

-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,

-				extensions,conf,verbose, certopt, nameopt,

-				default_op, ext_copy, selfsign);

-			if (j < 0) goto err;

-			if (j > 0)

-				{

-				total_done++;

-				BIO_printf(bio_err,"\n");

-				if (!BN_add_word(serial,1)) goto err;

-				if (!sk_X509_push(cert_sk,x))

-					{

-					BIO_printf(bio_err,"Memory allocation failure\n");

-					goto err;

-					}

-				}

-			}

-		for (i=0; i<argc; i++)

-			{

-			total++;

-			j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,

-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,

-				extensions,conf,verbose, certopt, nameopt,

-				default_op, ext_copy, selfsign);

-			if (j < 0) goto err;

-			if (j > 0)

-				{

-				total_done++;

-				BIO_printf(bio_err,"\n");

-				if (!BN_add_word(serial,1)) goto err;

-				if (!sk_X509_push(cert_sk,x))

-					{

-					BIO_printf(bio_err,"Memory allocation failure\n");

-					goto err;

-					}

-				}

-			}

-		/* we have a stack of newly certified certificates

-		 * and a data base and serial number that need

-		 * updating */

-		if (sk_X509_num(cert_sk) > 0)

-			{

-			if (!batch)

-				{

-				BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);

-				(void)BIO_flush(bio_err);

-				buf[0][0]='\0';

-				fgets(buf[0],10,stdin);

-				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))

-					{

-					BIO_printf(bio_err,"CERTIFICATION CANCELED\n");

-					ret=0;

-					goto err;

-					}

-				}

-			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));

-			if (!save_serial(serialfile,"new",serial,NULL)) goto err;

-			if (!save_index(dbfile, "new", db)) goto err;

-			}

-		if (verbose)

-			BIO_printf(bio_err,"writing new certificates\n");

-		for (i=0; i<sk_X509_num(cert_sk); i++)

-			{

-			int k;

-			char *n;

-			x=sk_X509_value(cert_sk,i);

-			j=x->cert_info->serialNumber->length;

-			p=(const char *)x->cert_info->serialNumber->data;

-			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))

-				{

-				BIO_printf(bio_err,"certificate file name too long\n");

-				goto err;

-				}

-			strcpy(buf[2],outdir);

-#ifndef OPENSSL_SYS_VMS

-			BUF_strlcat(buf[2],"/",sizeof(buf[2]));

-#endif

-			n=(char *)&(buf[2][strlen(buf[2])]);

-			if (j > 0)

-				{

-				for (k=0; k<j; k++)

-					{

-					if (n >= &(buf[2][sizeof(buf[2])]))

-						break;

-					BIO_snprintf(n,

-						     &buf[2][0] + sizeof(buf[2]) - n,

-						     "%02X",(unsigned char)*(p++));

-					n+=2;

-					}

-				}

-			else

-				{

-				*(n++)='0';

-				*(n++)='0';

-				}

-			*(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';

-			*n='\0';

-			if (verbose)

-				BIO_printf(bio_err,"writing %s\n",buf[2]);

-			if (BIO_write_filename(Cout,buf[2]) <= 0)

-				{

-				perror(buf[2]);

-				goto err;

-				}

-			write_new_certificate(Cout,x, 0, notext);

-			write_new_certificate(Sout,x, output_der, notext);

-			}

-		if (sk_X509_num(cert_sk))

-			{

-			/* Rename the database and the serial file */

-			if (!rotate_serial(serialfile,"new","old")) goto err;

-			if (!rotate_index(dbfile,"new","old")) goto err;

-			BIO_printf(bio_err,"Data Base Updated\n");

-			}

-		}

-	/*****************************************************************/

-	if (gencrl)

-		{

-		int crl_v2 = 0;

-		if (!crl_ext)

-			{

-			crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);

-			if (!crl_ext)

-				ERR_clear_error();

-			}

-		if (crl_ext)

-			{

-			/* Check syntax of file */

-			X509V3_CTX ctx;

-			X509V3_set_ctx_test(&ctx);

-			X509V3_set_nconf(&ctx, conf);

-			if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))

-				{

-				BIO_printf(bio_err,

-				 "Error Loading CRL extension section %s\n",

-								 crl_ext);

-				ret = 1;

-				goto err;

-				}

-			}

-		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))

-			!= NULL)

-			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)

-				{

-				BIO_printf(bio_err,"error while loading CRL number\n");

-				goto err;

-				}

-		if (!crldays && !crlhours)

-			{

-			if (!NCONF_get_number(conf,section,

-				ENV_DEFAULT_CRL_DAYS, &crldays))

-				crldays = 0;

-			if (!NCONF_get_number(conf,section,

-				ENV_DEFAULT_CRL_HOURS, &crlhours))

-				crlhours = 0;

-			}

-		if ((crldays == 0) && (crlhours == 0))

-			{

-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");

-			goto err;

-			}

-		if (verbose) BIO_printf(bio_err,"making CRL\n");

-		if ((crl=X509_CRL_new()) == NULL) goto err;

-		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;

-		tmptm = ASN1_TIME_new();

-		if (!tmptm) goto err;

-		X509_gmtime_adj(tmptm,0);

-		X509_CRL_set_lastUpdate(crl, tmptm);

-		X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);

-		X509_CRL_set_nextUpdate(crl, tmptm);

-		ASN1_TIME_free(tmptm);

-		for (i=0; i<sk_num(db->db->data); i++)

-			{

-			pp=(const char **)sk_value(db->db->data,i);

-			if (pp[DB_type][0] == DB_TYPE_REV)

-				{

-				if ((r=X509_REVOKED_new()) == NULL) goto err;

-				j = make_revoked(r, pp[DB_rev_date]);

-				if (!j) goto err;

-				if (j == 2) crl_v2 = 1;

-				if (!BN_hex2bn(&serial, pp[DB_serial]))

-					goto err;

-				tmpser = BN_to_ASN1_INTEGER(serial, NULL);

-				BN_free(serial);

-				serial = NULL;

-				if (!tmpser)

-					goto err;

-				X509_REVOKED_set_serialNumber(r, tmpser);

-				ASN1_INTEGER_free(tmpser);

-				X509_CRL_add0_revoked(crl,r);

-				}

-			}

-		/* sort the data so it will be written in serial

-		 * number order */

-		X509_CRL_sort(crl);

-		/* we now have a CRL */

-		if (verbose) BIO_printf(bio_err,"signing CRL\n");

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-			dgst=EVP_dss1();

-		else

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		if (pkey->type == EVP_PKEY_EC)

-			dgst=EVP_ecdsa();

-#endif

-		/* Add any extensions asked for */

-		if (crl_ext || crlnumberfile != NULL)

-			{

-			X509V3_CTX crlctx;

-			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);

-			X509V3_set_nconf(&crlctx, conf);

-			if (crl_ext)

-				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,

-					crl_ext, crl)) goto err;

-			if (crlnumberfile != NULL)

-				{

-				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);

-				if (!tmpser) goto err;

-				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);

-				ASN1_INTEGER_free(tmpser);

-				crl_v2 = 1;

-				if (!BN_add_word(crlnumber,1)) goto err;

-				}

-			}

-		if (crl_ext || crl_v2)

-			{

-			if (!X509_CRL_set_version(crl, 1))

-				goto err; /* version 2 CRL */

-			}

-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */

-			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;

-		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;

-		PEM_write_bio_X509_CRL(Sout,crl);

-		if (crlnumberfile != NULL)	/* Rename the crlnumber file */

-			if (!rotate_serial(crlnumberfile,"new","old")) goto err;

-		}

-	/*****************************************************************/

-	if (dorevoke)

-		{

-		if (infile == NULL)

-			{

-			BIO_printf(bio_err,"no input files\n");

-			goto err;

-			}

-		else

-			{

-			X509 *revcert;

-			revcert=load_cert(bio_err, infile, FORMAT_PEM,

-				NULL, e, infile);

-			if (revcert == NULL)

-				goto err;

-			j=do_revoke(revcert,db, rev_type, rev_arg);

-			if (j <= 0) goto err;

-			X509_free(revcert);

-			if (!save_index(dbfile, "new", db)) goto err;

-			if (!rotate_index(dbfile, "new", "old")) goto err;

-			BIO_printf(bio_err,"Data Base Updated\n");

-			}

-		}

-	/*****************************************************************/

-	ret=0;

-err:

-	if(tofree)

-		OPENSSL_free(tofree);

-	BIO_free_all(Cout);

-	BIO_free_all(Sout);

-	BIO_free_all(out);

-	BIO_free_all(in);

-	if (cert_sk)

-		sk_X509_pop_free(cert_sk,X509_free);

-	if (ret) ERR_print_errors(bio_err);

-	app_RAND_write_file(randfile, bio_err);

-	if (free_key && key)

-		OPENSSL_free(key);

-	BN_free(serial);

-	free_index(db);

-	EVP_PKEY_free(pkey);

-	if (x509) X509_free(x509);

-	X509_CRL_free(crl);

-	NCONF_free(conf);

-	NCONF_free(extconf);

-	OBJ_cleanup();

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static void lookup_fail(const char *name, const char *tag)

-	{

-	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);

-	}

-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,

-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,

-	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,

-	     unsigned long certopt, unsigned long nameopt, int default_op,

-	     int ext_copy, int selfsign)

-	{

-	X509_REQ *req=NULL;

-	BIO *in=NULL;

-	EVP_PKEY *pktmp=NULL;

-	int ok= -1,i;

-	in=BIO_new(BIO_s_file());

-	if (BIO_read_filename(in,infile) <= 0)

-		{

-		perror(infile);

-		goto err;

-		}

-	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)

-		{

-		BIO_printf(bio_err,"Error reading certificate request in %s\n",

-			infile);

-		goto err;

-		}

-	if (verbose)

-		X509_REQ_print(bio_err,req);

-	BIO_printf(bio_err,"Check that the request matches the signature\n");

-	if (selfsign && !X509_REQ_check_private_key(req,pkey))

-		{

-		BIO_printf(bio_err,"Certificate request and CA private key do not match\n");

-		ok=0;

-		goto err;

-		}

-	if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)

-		{

-		BIO_printf(bio_err,"error unpacking public key\n");

-		goto err;

-		}

-	i=X509_REQ_verify(req,pktmp);

-	EVP_PKEY_free(pktmp);

-	if (i < 0)

-		{

-		ok=0;

-		BIO_printf(bio_err,"Signature verification problems....\n");

-		goto err;

-		}

-	if (i == 0)

-		{

-		ok=0;

-		BIO_printf(bio_err,"Signature did not match the certificate request\n");

-		goto err;

-		}

-	else

-		BIO_printf(bio_err,"Signature ok\n");

-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,

-		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,

-		certopt, nameopt, default_op, ext_copy, selfsign);

-err:

-	if (req != NULL) X509_REQ_free(req);

-	if (in != NULL) BIO_free(in);

-	return(ok);

-	}

-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,

-	     BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,

-	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,

-	     unsigned long certopt, unsigned long nameopt, int default_op,

-	     int ext_copy, ENGINE *e)

-	{

-	X509 *req=NULL;

-	X509_REQ *rreq=NULL;

-	EVP_PKEY *pktmp=NULL;

-	int ok= -1,i;

-	if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)

-		goto err;

-	if (verbose)

-		X509_print(bio_err,req);

-	BIO_printf(bio_err,"Check that the request matches the signature\n");

-	if ((pktmp=X509_get_pubkey(req)) == NULL)

-		{

-		BIO_printf(bio_err,"error unpacking public key\n");

-		goto err;

-		}

-	i=X509_verify(req,pktmp);

-	EVP_PKEY_free(pktmp);

-	if (i < 0)

-		{

-		ok=0;

-		BIO_printf(bio_err,"Signature verification problems....\n");

-		goto err;

-		}

-	if (i == 0)

-		{

-		ok=0;

-		BIO_printf(bio_err,"Signature did not match the certificate\n");

-		goto err;

-		}

-	else

-		BIO_printf(bio_err,"Signature ok\n");

-	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)

-		goto err;

-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,

-		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,

-		ext_copy, 0);

-err:

-	if (rreq != NULL) X509_REQ_free(rreq);

-	if (req != NULL) X509_free(req);

-	return(ok);

-	}

-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,

-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,

-	     unsigned long chtype, int multirdn,

-	     int email_dn, char *startdate, char *enddate, long days, int batch,

-	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,

-	     unsigned long certopt, unsigned long nameopt, int default_op,

-	     int ext_copy, int selfsign)

-	{

-	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;

-	ASN1_UTCTIME *tm,*tmptm;

-	ASN1_STRING *str,*str2;

-	ASN1_OBJECT *obj;

-	X509 *ret=NULL;

-	X509_CINF *ci;

-	X509_NAME_ENTRY *ne;

-	X509_NAME_ENTRY *tne,*push;

-	EVP_PKEY *pktmp;

-	int ok= -1,i,j,last,nid;

-	const char *p;

-	CONF_VALUE *cv;

-	char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;

-	char buf[25];

-	tmptm=ASN1_UTCTIME_new();

-	if (tmptm == NULL)

-		{

-		BIO_printf(bio_err,"malloc error\n");

-		return(0);

-		}

-	for (i=0; i<DB_NUMBER; i++)

-		row[i]=NULL;

-	if (subj)

-		{

-		X509_NAME *n = parse_name(subj, chtype, multirdn);

-		if (!n)

-			{

-			ERR_print_errors(bio_err);

-			goto err;

-			}

-		X509_REQ_set_subject_name(req,n);

-		req->req_info->enc.modified = 1;

-		X509_NAME_free(n);

-		}

-	if (default_op)

-		BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");

-	name=X509_REQ_get_subject_name(req);

-	for (i=0; i<X509_NAME_entry_count(name); i++)

-		{

-		ne= X509_NAME_get_entry(name,i);

-		str=X509_NAME_ENTRY_get_data(ne);

-		obj=X509_NAME_ENTRY_get_object(ne);

-		if (msie_hack)

-			{

-			/* assume all type should be strings */

-			nid=OBJ_obj2nid(ne->object);

-			if (str->type == V_ASN1_UNIVERSALSTRING)

-				ASN1_UNIVERSALSTRING_to_string(str);

-			if ((str->type == V_ASN1_IA5STRING) &&

-				(nid != NID_pkcs9_emailAddress))

-				str->type=V_ASN1_T61STRING;

-			if ((nid == NID_pkcs9_emailAddress) &&

-				(str->type == V_ASN1_PRINTABLESTRING))

-				str->type=V_ASN1_IA5STRING;

-			}

-		/* If no EMAIL is wanted in the subject */

-		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))

-			continue;

-		/* check some things */

-		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&

-			(str->type != V_ASN1_IA5STRING))

-			{

-			BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");

-			goto err;

-			}

-		if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))

-			{

-			j=ASN1_PRINTABLE_type(str->data,str->length);

-			if (	((j == V_ASN1_T61STRING) &&

-				 (str->type != V_ASN1_T61STRING)) ||

-				((j == V_ASN1_IA5STRING) &&

-				 (str->type == V_ASN1_PRINTABLESTRING)))

-				{

-				BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");

-				goto err;

-				}

-			}

-		if (default_op)

-			old_entry_print(bio_err, obj, str);

-		}

-	/* Ok, now we check the 'policy' stuff. */

-	if ((subject=X509_NAME_new()) == NULL)

-		{

-		BIO_printf(bio_err,"Memory allocation failure\n");

-		goto err;

-		}

-	/* take a copy of the issuer name before we mess with it. */

-	if (selfsign)

-		CAname=X509_NAME_dup(name);

-	else

-		CAname=X509_NAME_dup(x509->cert_info->subject);

-	if (CAname == NULL) goto err;

-	str=str2=NULL;

-	for (i=0; i<sk_CONF_VALUE_num(policy); i++)

-		{

-		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */

-		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)

-			{

-			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);

-			goto err;

-			}

-		obj=OBJ_nid2obj(j);

-		last= -1;

-		for (;;)

-			{

-			/* lookup the object in the supplied name list */

-			j=X509_NAME_get_index_by_OBJ(name,obj,last);

-			if (j < 0)

-				{

-				if (last != -1) break;

-				tne=NULL;

-				}

-			else

-				{

-				tne=X509_NAME_get_entry(name,j);

-				}

-			last=j;

-			/* depending on the 'policy', decide what to do. */

-			push=NULL;

-			if (strcmp(cv->value,"optional") == 0)

-				{

-				if (tne != NULL)

-					push=tne;

-				}

-			else if (strcmp(cv->value,"supplied") == 0)

-				{

-				if (tne == NULL)

-					{

-					BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);

-					goto err;

-					}

-				else

-					push=tne;

-				}

-			else if (strcmp(cv->value,"match") == 0)

-				{

-				int last2;

-				if (tne == NULL)

-					{

-					BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);

-					goto err;

-					}

-				last2= -1;

-again2:

-				j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);

-				if ((j < 0) && (last2 == -1))

-					{

-					BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);

-					goto err;

-					}

-				if (j >= 0)

-					{

-					push=X509_NAME_get_entry(CAname,j);

-					str=X509_NAME_ENTRY_get_data(tne);

-					str2=X509_NAME_ENTRY_get_data(push);

-					last2=j;

-					if (ASN1_STRING_cmp(str,str2) != 0)

-						goto again2;

-					}

-				if (j < 0)

-					{

-					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));

-					goto err;

-					}

-				}

-			else

-				{

-				BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);

-				goto err;

-				}

-			if (push != NULL)

-				{

-				if (!X509_NAME_add_entry(subject,push, -1, 0))

-					{

-					if (push != NULL)

-						X509_NAME_ENTRY_free(push);

-					BIO_printf(bio_err,"Memory allocation failure\n");

-					goto err;

-					}

-				}

-			if (j < 0) break;

-			}

-		}

-	if (preserve)

-		{

-		X509_NAME_free(subject);

-		/* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */

-		subject=X509_NAME_dup(name);

-		if (subject == NULL) goto err;

-		}

-	if (verbose)

-		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");

-	/* Build the correct Subject if no e-mail is wanted in the subject */

-	/* and add it later on because of the method extensions are added (altName) */

-	if (email_dn)

-		dn_subject = subject;

-	else

-		{

-		X509_NAME_ENTRY *tmpne;

-		/* Its best to dup the subject DN and then delete any email

-		 * addresses because this retains its structure.

-		 */

-		if (!(dn_subject = X509_NAME_dup(subject)))

-			{

-			BIO_printf(bio_err,"Memory allocation failure\n");

-			goto err;

-			}

-		while((i = X509_NAME_get_index_by_NID(dn_subject,

-					NID_pkcs9_emailAddress, -1)) >= 0)

-			{

-			tmpne = X509_NAME_get_entry(dn_subject, i);

-			X509_NAME_delete_entry(dn_subject, i);

-			X509_NAME_ENTRY_free(tmpne);

-			}

-		}

-	if (BN_is_zero(serial))

-		row[DB_serial]=BUF_strdup("00");

-	else

-		row[DB_serial]=BN_bn2hex(serial);

-	if (row[DB_serial] == NULL)

-		{

-		BIO_printf(bio_err,"Memory allocation failure\n");

-		goto err;

-		}

-	if (db->attributes.unique_subject)

-		{

-		rrow=TXT_DB_get_by_index(db->db,DB_name,row);

-		if (rrow != NULL)

-			{

-			BIO_printf(bio_err,

-				"ERROR:There is already a certificate for %s\n",

-				row[DB_name]);

-			}

-		}

-	if (rrow == NULL)

-		{

-		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);

-		if (rrow != NULL)

-			{

-			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",

-				row[DB_serial]);

-			BIO_printf(bio_err,"      check the database/serial_file for corruption\n");

-			}

-		}

-	if (rrow != NULL)

-		{

-		BIO_printf(bio_err,

-			"The matching entry has the following details\n");

-		if (rrow[DB_type][0] == 'E')

-			p="Expired";

-		else if (rrow[DB_type][0] == 'R')

-			p="Revoked";

-		else if (rrow[DB_type][0] == 'V')

-			p="Valid";

-		else

-			p="\ninvalid type, Data base error\n";

-		BIO_printf(bio_err,"Type	  :%s\n",p);;

-		if (rrow[DB_type][0] == 'R')

-			{

-			p=rrow[DB_exp_date]; if (p == NULL) p="undef";

-			BIO_printf(bio_err,"Was revoked on:%s\n",p);

-			}

-		p=rrow[DB_exp_date]; if (p == NULL) p="undef";

-		BIO_printf(bio_err,"Expires on    :%s\n",p);

-		p=rrow[DB_serial]; if (p == NULL) p="undef";

-		BIO_printf(bio_err,"Serial Number :%s\n",p);

-		p=rrow[DB_file]; if (p == NULL) p="undef";

-		BIO_printf(bio_err,"File name     :%s\n",p);

-		p=rrow[DB_name]; if (p == NULL) p="undef";

-		BIO_printf(bio_err,"Subject Name  :%s\n",p);

-		ok= -1; /* This is now a 'bad' error. */

-		goto err;

-		}

-	/* We are now totally happy, lets make and sign the certificate */

-	if (verbose)

-		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");

-	if ((ret=X509_new()) == NULL) goto err;

-	ci=ret->cert_info;

-#ifdef X509_V3

-	/* Make it an X509 v3 certificate. */

-	if (!X509_set_version(ret,2)) goto err;

-#endif

-	if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)

-		goto err;

-	if (selfsign)

-		{

-		if (!X509_set_issuer_name(ret,subject))

-			goto err;

-		}

-	else

-		{

-		if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))

-			goto err;

-		}

-	if (strcmp(startdate,"today") == 0)

-		X509_gmtime_adj(X509_get_notBefore(ret),0);

-	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);

-	if (enddate == NULL)

-		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);

-	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);

-	if (!X509_set_subject_name(ret,subject)) goto err;

-	pktmp=X509_REQ_get_pubkey(req);

-	i = X509_set_pubkey(ret,pktmp);

-	EVP_PKEY_free(pktmp);

-	if (!i) goto err;

-	/* Lets add the extensions, if there are any */

-	if (ext_sect)

-		{

-		X509V3_CTX ctx;

-		if (ci->version == NULL)

-			if ((ci->version=ASN1_INTEGER_new()) == NULL)

-				goto err;

-		ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */

-		/* Free the current entries if any, there should not

-		 * be any I believe */

-		if (ci->extensions != NULL)

-			sk_X509_EXTENSION_pop_free(ci->extensions,

-						   X509_EXTENSION_free);

-		ci->extensions = NULL;

-		/* Initialize the context structure */

-		if (selfsign)

-			X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);

-		else

-			X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);

-		if (extconf)

-			{

-			if (verbose)

-				BIO_printf(bio_err, "Extra configuration file found\n");

-			/* Use the extconf configuration db LHASH */

-			X509V3_set_nconf(&ctx, extconf);

-			/* Test the structure (needed?) */

-			/* X509V3_set_ctx_test(&ctx); */

-			/* Adds exts contained in the configuration file */

-			if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))

-				{

-				BIO_printf(bio_err,

-				    "ERROR: adding extensions in section %s\n",

-								ext_sect);

-				ERR_print_errors(bio_err);

-				goto err;

-				}

-			if (verbose)

-				BIO_printf(bio_err, "Successfully added extensions from file.\n");

-			}

-		else if (ext_sect)

-			{

-			/* We found extensions to be set from config file */

-			X509V3_set_nconf(&ctx, lconf);

-			if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))

-				{

-				BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);

-				ERR_print_errors(bio_err);

-				goto err;

-				}

-			if (verbose)

-				BIO_printf(bio_err, "Successfully added extensions from config\n");

-			}

-		}

-	/* Copy extensions from request (if any) */

-	if (!copy_extensions(ret, req, ext_copy))

-		{

-		BIO_printf(bio_err, "ERROR: adding extensions from request\n");

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	/* Set the right value for the noemailDN option */

-	if( email_dn == 0 )

-		{

-		if (!X509_set_subject_name(ret,dn_subject)) goto err;

-		}

-	if (!default_op)

-		{

-		BIO_printf(bio_err, "Certificate Details:\n");

-		/* Never print signature details because signature not present */

-		certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;

-		X509_print_ex(bio_err, ret, nameopt, certopt);

-		}

-	BIO_printf(bio_err,"Certificate is to be certified until ");

-	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));

-	if (days) BIO_printf(bio_err," (%ld days)",days);

-	BIO_printf(bio_err, "\n");

-	if (!batch)

-		{

-		BIO_printf(bio_err,"Sign the certificate? [y/n]:");

-		(void)BIO_flush(bio_err);

-		buf[0]='\0';

-		fgets(buf,sizeof(buf)-1,stdin);

-		if (!((buf[0] == 'y') || (buf[0] == 'Y')))

-			{

-			BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");

-			ok=0;

-			goto err;

-			}

-		}

-#ifndef OPENSSL_NO_DSA

-	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();

-	pktmp=X509_get_pubkey(ret);

-	if (EVP_PKEY_missing_parameters(pktmp) &&

-		!EVP_PKEY_missing_parameters(pkey))

-		EVP_PKEY_copy_parameters(pktmp,pkey);

-	EVP_PKEY_free(pktmp);

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	if (pkey->type == EVP_PKEY_EC)

-		dgst = EVP_ecdsa();

-	pktmp = X509_get_pubkey(ret);

-	if (EVP_PKEY_missing_parameters(pktmp) &&

-		!EVP_PKEY_missing_parameters(pkey))

-		EVP_PKEY_copy_parameters(pktmp, pkey);

-	EVP_PKEY_free(pktmp);

-#endif

-	if (!X509_sign(ret,pkey,dgst))

-		goto err;

-	/* We now just add it to the database */

-	row[DB_type]=(char *)OPENSSL_malloc(2);

-	tm=X509_get_notAfter(ret);

-	row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);

-	memcpy(row[DB_exp_date],tm->data,tm->length);

-	row[DB_exp_date][tm->length]='\0';

-	row[DB_rev_date]=NULL;

-	/* row[DB_serial] done already */

-	row[DB_file]=(char *)OPENSSL_malloc(8);

-	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);

-	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||

-		(row[DB_file] == NULL) || (row[DB_name] == NULL))

-		{

-		BIO_printf(bio_err,"Memory allocation failure\n");

-		goto err;

-		}

-	BUF_strlcpy(row[DB_file],"unknown",8);

-	row[DB_type][0]='V';

-	row[DB_type][1]='\0';

-	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)

-		{

-		BIO_printf(bio_err,"Memory allocation failure\n");

-		goto err;

-		}

-	for (i=0; i<DB_NUMBER; i++)

-		{

-		irow[i]=row[i];

-		row[i]=NULL;

-		}

-	irow[DB_NUMBER]=NULL;

-	if (!TXT_DB_insert(db->db,irow))

-		{

-		BIO_printf(bio_err,"failed to update database\n");

-		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);

-		goto err;

-		}

-	ok=1;

-err:

-	for (i=0; i<DB_NUMBER; i++)

-		if (row[i] != NULL) OPENSSL_free(row[i]);

-	if (CAname != NULL)

-		X509_NAME_free(CAname);

-	if (subject != NULL)

-		X509_NAME_free(subject);

-	if ((dn_subject != NULL) && !email_dn)

-		X509_NAME_free(dn_subject);

-	if (tmptm != NULL)

-		ASN1_UTCTIME_free(tmptm);

-	if (ok <= 0)

-		{

-		if (ret != NULL) X509_free(ret);

-		ret=NULL;

-		}

-	else

-		*xret=ret;

-	return(ok);

-	}

-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)

-	{

-	if (output_der)

-		{

-		(void)i2d_X509_bio(bp,x);

-		return;

-		}

-#if 0

-	/* ??? Not needed since X509_print prints all this stuff anyway */

-	f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);

-	BIO_printf(bp,"issuer :%s\n",f);

-	f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);

-	BIO_printf(bp,"subject:%s\n",f);

-	BIO_puts(bp,"serial :");

-	i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);

-	BIO_puts(bp,"\n\n");

-#endif

-	if (!notext)X509_print(bp,x);

-	PEM_write_bio_X509(bp,x);

-	}

-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,

-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,

-	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,

-	     unsigned long nameopt, int default_op, int ext_copy)

-	{

-	STACK_OF(CONF_VALUE) *sk=NULL;

-	LHASH *parms=NULL;

-	X509_REQ *req=NULL;

-	CONF_VALUE *cv=NULL;

-	NETSCAPE_SPKI *spki = NULL;

-	X509_REQ_INFO *ri;

-	char *type,*buf;

-	EVP_PKEY *pktmp=NULL;

-	X509_NAME *n=NULL;

-	X509_NAME_ENTRY *ne=NULL;

-	int ok= -1,i,j;

-	long errline;

-	int nid;

-	/*

-	 * Load input file into a hash table.  (This is just an easy

-	 * way to read and parse the file, then put it into a convenient

-	 * STACK format).

-	 */

-	parms=CONF_load(NULL,infile,&errline);

-	if (parms == NULL)

-		{

-		BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	sk=CONF_get_section(parms, "default");

-	if (sk_CONF_VALUE_num(sk) == 0)

-		{

-		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);

-		CONF_free(parms);

-		goto err;

-		}

-	/*

-	 * Now create a dummy X509 request structure.  We don't actually

-	 * have an X509 request, but we have many of the components

-	 * (a public key, various DN components).  The idea is that we

-	 * put these components into the right X509 request structure

-	 * and we can use the same code as if you had a real X509 request.

-	 */

-	req=X509_REQ_new();

-	if (req == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	/*

-	 * Build up the subject name set.

-	 */

-	ri=req->req_info;

-	n = ri->subject;

-	for (i = 0; ; i++)

-		{

-		if (sk_CONF_VALUE_num(sk) <= i) break;

-		cv=sk_CONF_VALUE_value(sk,i);

-		type=cv->name;

-		/* Skip past any leading X. X: X, etc to allow for

-		 * multiple instances

-		 */

-		for (buf = cv->name; *buf ; buf++)

-			if ((*buf == ':') || (*buf == ',') || (*buf == '.'))

-				{

-				buf++;

-				if (*buf) type = buf;

-				break;

-				}

-		buf=cv->value;

-		if ((nid=OBJ_txt2nid(type)) == NID_undef)

-			{

-			if (strcmp(type, "SPKAC") == 0)

-				{

-				spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);

-				if (spki == NULL)

-					{

-					BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");

-					ERR_print_errors(bio_err);

-					goto err;

-					}

-				}

-			continue;

-			}

-		/*

-		if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))

-			continue;

-		*/

-		j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);

-		if (fix_data(nid, &j) == 0)

-			{

-			BIO_printf(bio_err,

-				"invalid characters in string %s\n",buf);

-			goto err;

-			}

-		if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,

-			(unsigned char *)buf,

-			strlen(buf))) == NULL)

-			goto err;

-		if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;

-		}

-	if (spki == NULL)

-		{

-		BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",

-			infile);

-		goto err;

-		}

-	/*

-	 * Now extract the key from the SPKI structure.

-	 */

-	BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");

-	if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)

-		{

-		BIO_printf(bio_err,"error unpacking SPKAC public key\n");

-		goto err;

-		}

-	j = NETSCAPE_SPKI_verify(spki, pktmp);

-	if (j <= 0)

-		{

-		BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");

-		goto err;

-		}

-	BIO_printf(bio_err,"Signature ok\n");

-	X509_REQ_set_pubkey(req,pktmp);

-	EVP_PKEY_free(pktmp);

-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,

-		   days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,

-			ext_copy, 0);

-err:

-	if (req != NULL) X509_REQ_free(req);

-	if (parms != NULL) CONF_free(parms);

-	if (spki != NULL) NETSCAPE_SPKI_free(spki);

-	if (ne != NULL) X509_NAME_ENTRY_free(ne);

-	return(ok);

-	}

-static int fix_data(int nid, int *type)

-	{

-	if (nid == NID_pkcs9_emailAddress)

-		*type=V_ASN1_IA5STRING;

-	if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))

-		*type=V_ASN1_T61STRING;

-	if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))

-		*type=V_ASN1_T61STRING;

-	if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))

-		return(0);

-	if (nid == NID_pkcs9_unstructuredName)

-		*type=V_ASN1_IA5STRING;

-	return(1);

-	}

-static int check_time_format(char *str)

-	{

-	ASN1_UTCTIME tm;

-	tm.data=(unsigned char *)str;

-	tm.length=strlen(str);

-	tm.type=V_ASN1_UTCTIME;

-	return(ASN1_UTCTIME_check(&tm));

-	}

-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)

-	{

-	ASN1_UTCTIME *tm=NULL;

-	char *row[DB_NUMBER],**rrow,**irow;

-	char *rev_str = NULL;

-	BIGNUM *bn = NULL;

-	int ok=-1,i;

-	for (i=0; i<DB_NUMBER; i++)

-		row[i]=NULL;

-	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);

-	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);

-	if (BN_is_zero(bn))

-		row[DB_serial]=BUF_strdup("00");

-	else

-		row[DB_serial]=BN_bn2hex(bn);

-	BN_free(bn);

-	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))

-		{

-		BIO_printf(bio_err,"Memory allocation failure\n");

-		goto err;

-		}

-	/* We have to lookup by serial number because name lookup

-	 * skips revoked certs

- 	 */

-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);

-	if (rrow == NULL)

-		{

-		BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);

-		/* We now just add it to the database */

-		row[DB_type]=(char *)OPENSSL_malloc(2);

-		tm=X509_get_notAfter(x509);

-		row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);

-		memcpy(row[DB_exp_date],tm->data,tm->length);

-		row[DB_exp_date][tm->length]='\0';

-		row[DB_rev_date]=NULL;

-		/* row[DB_serial] done already */

-		row[DB_file]=(char *)OPENSSL_malloc(8);

-		/* row[DB_name] done already */

-		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||

-			(row[DB_file] == NULL))

-			{

-			BIO_printf(bio_err,"Memory allocation failure\n");

-			goto err;

-			}

-		BUF_strlcpy(row[DB_file],"unknown",8);

-		row[DB_type][0]='V';

-		row[DB_type][1]='\0';

-		if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)

-			{

-			BIO_printf(bio_err,"Memory allocation failure\n");

-			goto err;

-			}

-		for (i=0; i<DB_NUMBER; i++)

-			{

-			irow[i]=row[i];

-			row[i]=NULL;

-			}

-		irow[DB_NUMBER]=NULL;

-		if (!TXT_DB_insert(db->db,irow))

-			{

-			BIO_printf(bio_err,"failed to update database\n");

-			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);

-			goto err;

-			}

-		/* Revoke Certificate */

-		ok = do_revoke(x509,db, type, value);

-		goto err;

-		}

-	else if (index_name_cmp((const char **)row,(const char **)rrow))

-		{

-		BIO_printf(bio_err,"ERROR:name does not match %s\n",

-			   row[DB_name]);

-		goto err;

-		}

-	else if (rrow[DB_type][0]=='R')

-		{

-		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",

-			   row[DB_serial]);

-		goto err;

-		}

-	else

-		{

-		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);

-		rev_str = make_revocation_str(type, value);

-		if (!rev_str)

-			{

-			BIO_printf(bio_err, "Error in revocation arguments\n");

-			goto err;

-			}

-		rrow[DB_type][0]='R';

-		rrow[DB_type][1]='\0';

-		rrow[DB_rev_date] = rev_str;

-		}

-	ok=1;

-err:

-	for (i=0; i<DB_NUMBER; i++)

-		{

-		if (row[i] != NULL)

-			OPENSSL_free(row[i]);

-		}

-	return(ok);

-	}

-static int get_certificate_status(const char *serial, CA_DB *db)

-	{

-	char *row[DB_NUMBER],**rrow;

-	int ok=-1,i;

-	/* Free Resources */

-	for (i=0; i<DB_NUMBER; i++)

-		row[i]=NULL;

-	/* Malloc needed char spaces */

-	row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);

-	if (row[DB_serial] == NULL)

-		{

-		BIO_printf(bio_err,"Malloc failure\n");

-		goto err;

-		}

-	if (strlen(serial) % 2)

-		{

-		/* Set the first char to 0 */;

-		row[DB_serial][0]='0';

-		/* Copy String from serial to row[DB_serial] */

-		memcpy(row[DB_serial]+1, serial, strlen(serial));

-		row[DB_serial][strlen(serial)+1]='\0';

-		}

-	else

-		{

-		/* Copy String from serial to row[DB_serial] */

-		memcpy(row[DB_serial], serial, strlen(serial));

-		row[DB_serial][strlen(serial)]='\0';

-		}

-	/* Make it Upper Case */

-	for (i=0; row[DB_serial][i] != '\0'; i++)

-		row[DB_serial][i] = toupper(row[DB_serial][i]);

-	ok=1;

-	/* Search for the certificate */

-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);

-	if (rrow == NULL)

-		{

-		BIO_printf(bio_err,"Serial %s not present in db.\n",

-				 row[DB_serial]);

-		ok=-1;

-		goto err;

-		}

-	else if (rrow[DB_type][0]=='V')

-		{

-		BIO_printf(bio_err,"%s=Valid (%c)\n",

-			row[DB_serial], rrow[DB_type][0]);

-		goto err;

-		}

-	else if (rrow[DB_type][0]=='R')

-		{

-		BIO_printf(bio_err,"%s=Revoked (%c)\n",

-			row[DB_serial], rrow[DB_type][0]);

-		goto err;

-		}

-	else if (rrow[DB_type][0]=='E')

-		{

-		BIO_printf(bio_err,"%s=Expired (%c)\n",

-			row[DB_serial], rrow[DB_type][0]);

-		goto err;

-		}

-	else if (rrow[DB_type][0]=='S')

-		{

-		BIO_printf(bio_err,"%s=Suspended (%c)\n",

-			row[DB_serial], rrow[DB_type][0]);

-		goto err;

-		}

-	else

-		{

-		BIO_printf(bio_err,"%s=Unknown (%c).\n",

-			row[DB_serial], rrow[DB_type][0]);

-		ok=-1;

-		}

-err:

-	for (i=0; i<DB_NUMBER; i++)

-		{

-		if (row[i] != NULL)

-			OPENSSL_free(row[i]);

-		}

-	return(ok);

-	}

-static int do_updatedb (CA_DB *db)

-	{

-	ASN1_UTCTIME	*a_tm = NULL;

-	int i, cnt = 0;

-	int db_y2k, a_y2k;  /* flags = 1 if y >= 2000 */

-	char **rrow, *a_tm_s;

-	a_tm = ASN1_UTCTIME_new();

-	/* get actual time and make a string */

-	a_tm = X509_gmtime_adj(a_tm, 0);

-	a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);

-	if (a_tm_s == NULL)

-		{

-		cnt = -1;

-		goto err;

-		}

-	memcpy(a_tm_s, a_tm->data, a_tm->length);

-	a_tm_s[a_tm->length] = '\0';

-	if (strncmp(a_tm_s, "49", 2) <= 0)

-		a_y2k = 1;

-	else

-		a_y2k = 0;

-	for (i = 0; i < sk_num(db->db->data); i++)

-		{

-		rrow = (char **) sk_value(db->db->data, i);

-		if (rrow[DB_type][0] == 'V')

-		 	{

-			/* ignore entries that are not valid */

-			if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)

-				db_y2k = 1;

-			else

-				db_y2k = 0;

-			if (db_y2k == a_y2k)

-				{

-				/* all on the same y2k side */

-				if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)

-				       	{

-				       	rrow[DB_type][0]  = 'E';

-				       	rrow[DB_type][1]  = '\0';

-	  				cnt++;

-					BIO_printf(bio_err, "%s=Expired\n",

-							rrow[DB_serial]);

-					}

-				}

-			else if (db_y2k < a_y2k)

-				{

-		  		rrow[DB_type][0]  = 'E';

-		  		rrow[DB_type][1]  = '\0';

-	  			cnt++;

-				BIO_printf(bio_err, "%s=Expired\n",

-							rrow[DB_serial]);

-				}

-			}

-    		}

-err:

-	ASN1_UTCTIME_free(a_tm);

-	OPENSSL_free(a_tm_s);

-	return (cnt);

-	}

-static const char *crl_reasons[] = {

-	/* CRL reason strings */

-	"unspecified",

-	"keyCompromise",

-	"CACompromise",

-	"affiliationChanged",

-	"superseded",

-	"cessationOfOperation",

-	"certificateHold",

-	"removeFromCRL",

-	/* Additional pseudo reasons */

-	"holdInstruction",

-	"keyTime",

-	"CAkeyTime"

-};

-#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))

-/* Given revocation information convert to a DB string.

- * The format of the string is:

- * revtime[,reason,extra]. Where 'revtime' is the

- * revocation time (the current time). 'reason' is the

- * optional CRL reason and 'extra' is any additional

- * argument

- */

-char *make_revocation_str(int rev_type, char *rev_arg)

-	{

-	char *other = NULL, *str;

-	const char *reason = NULL;

-	ASN1_OBJECT *otmp;

-	ASN1_UTCTIME *revtm = NULL;

-	int i;

-	switch (rev_type)

-		{

-	case REV_NONE:

-		break;

-	case REV_CRL_REASON:

-		for (i = 0; i < 8; i++)

-			{

-			if (!strcasecmp(rev_arg, crl_reasons[i]))

-				{

-				reason = crl_reasons[i];

-				break;

-				}

-			}

-		if (reason == NULL)

-			{

-			BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);

-			return NULL;

-			}

-		break;

-	case REV_HOLD:

-		/* Argument is an OID */

-		otmp = OBJ_txt2obj(rev_arg, 0);

-		ASN1_OBJECT_free(otmp);

-		if (otmp == NULL)

-			{

-			BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);

-			return NULL;

-			}

-		reason = "holdInstruction";

-		other = rev_arg;

-		break;

-	case REV_KEY_COMPROMISE:

-	case REV_CA_COMPROMISE:

-		/* Argument is the key compromise time  */

-		if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))

-			{

-			BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);

-			return NULL;

-			}

-		other = rev_arg;

-		if (rev_type == REV_KEY_COMPROMISE)

-			reason = "keyTime";

-		else

-			reason = "CAkeyTime";

-		break;

-		}

-	revtm = X509_gmtime_adj(NULL, 0);

-	i = revtm->length + 1;

-	if (reason) i += strlen(reason) + 1;

-	if (other) i += strlen(other) + 1;

-	str = OPENSSL_malloc(i);

-	if (!str) return NULL;

-	BUF_strlcpy(str, (char *)revtm->data, i);

-	if (reason)

-		{

-		BUF_strlcat(str, ",", i);

-		BUF_strlcat(str, reason, i);

-		}

-	if (other)

-		{

-		BUF_strlcat(str, ",", i);

-		BUF_strlcat(str, other, i);

-		}

-	ASN1_UTCTIME_free(revtm);

-	return str;

-	}

-/* Convert revocation field to X509_REVOKED entry

- * return code:

- * 0 error

- * 1 OK

- * 2 OK and some extensions added (i.e. V2 CRL)

- */

-int make_revoked(X509_REVOKED *rev, const char *str)

-	{

-	char *tmp = NULL;

-	int reason_code = -1;

-	int i, ret = 0;

-	ASN1_OBJECT *hold = NULL;

-	ASN1_GENERALIZEDTIME *comp_time = NULL;

-	ASN1_ENUMERATED *rtmp = NULL;

-	ASN1_TIME *revDate = NULL;

-	i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);

-	if (i == 0)

-		goto err;

-	if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))

-		goto err;

-	if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))

-		{

-		rtmp = ASN1_ENUMERATED_new();

-		if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))

-			goto err;

-		if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))

-			goto err;

-		}

-	if (rev && comp_time)

-		{

-		if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))

-			goto err;

-		}

-	if (rev && hold)

-		{

-		if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))

-			goto err;

-		}

-	if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)

-		ret = 2;

-	else ret = 1;

-	err:

-	if (tmp) OPENSSL_free(tmp);

-	ASN1_OBJECT_free(hold);

-	ASN1_GENERALIZEDTIME_free(comp_time);

-	ASN1_ENUMERATED_free(rtmp);

-	ASN1_TIME_free(revDate);

-	return ret;

-	}

-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)

-	{

-	char buf[25],*pbuf, *p;

-	int j;

-	j=i2a_ASN1_OBJECT(bp,obj);

-	pbuf=buf;

-	for (j=22-j; j>0; j--)

-		*(pbuf++)=' ';

-	*(pbuf++)=':';

-	*(pbuf++)='\0';

-	BIO_puts(bp,buf);

-	if (str->type == V_ASN1_PRINTABLESTRING)

-		BIO_printf(bp,"PRINTABLE:'");

-	else if (str->type == V_ASN1_T61STRING)

-		BIO_printf(bp,"T61STRING:'");

-	else if (str->type == V_ASN1_IA5STRING)

-		BIO_printf(bp,"IA5STRING:'");

-	else if (str->type == V_ASN1_UNIVERSALSTRING)

-		BIO_printf(bp,"UNIVERSALSTRING:'");

-	else

-		BIO_printf(bp,"ASN.1 %2d:'",str->type);

-	p=(char *)str->data;

-	for (j=str->length; j>0; j--)

-		{

-		if ((*p >= ' ') && (*p <= '~'))

-			BIO_printf(bp,"%c",*p);

-		else if (*p & 0x80)

-			BIO_printf(bp,"\\0x%02X",*p);

-		else if ((unsigned char)*p == 0xf7)

-			BIO_printf(bp,"^?");

-		else	BIO_printf(bp,"^%c",*p+'@');

-		p++;

-		}

-	BIO_printf(bp,"'\n");

-	return 1;

-	}

-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)

-	{

-	char *tmp = NULL;

-	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;

-	int reason_code = -1;

-	int ret = 0;

-	unsigned int i;

-	ASN1_OBJECT *hold = NULL;

-	ASN1_GENERALIZEDTIME *comp_time = NULL;

-	tmp = BUF_strdup(str);

-	p = strchr(tmp, ',');

-	rtime_str = tmp;

-	if (p)

-		{

-		*p = '\0';

-		p++;

-		reason_str = p;

-		p = strchr(p, ',');

-		if (p)

-			{

-			*p = '\0';

-			arg_str = p + 1;

-			}

-		}

-	if (prevtm)

-		{

-		*prevtm = ASN1_UTCTIME_new();

-		if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))

-			{

-			BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);

-			goto err;

-			}

-		}

-	if (reason_str)

-		{

-		for (i = 0; i < NUM_REASONS; i++)

-			{

-			if(!strcasecmp(reason_str, crl_reasons[i]))

-				{

-				reason_code = i;

-				break;

-				}

-			}

-		if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)

-			{

-			BIO_printf(bio_err, "invalid reason code %s\n", reason_str);

-			goto err;

-			}

-		if (reason_code == 7)

-			reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;

-		else if (reason_code == 8)		/* Hold instruction */

-			{

-			if (!arg_str)

-				{

-				BIO_printf(bio_err, "missing hold instruction\n");

-				goto err;

-				}

-			reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;

-			hold = OBJ_txt2obj(arg_str, 0);

-			if (!hold)

-				{

-				BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);

-				goto err;

-				}

-			if (phold) *phold = hold;

-			}

-		else if ((reason_code == 9) || (reason_code == 10))

-			{

-			if (!arg_str)

-				{

-				BIO_printf(bio_err, "missing compromised time\n");

-				goto err;

-				}

-			comp_time = ASN1_GENERALIZEDTIME_new();

-			if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))

-				{

-				BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);

-				goto err;

-				}

-			if (reason_code == 9)

-				reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;

-			else

-				reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;

-			}

-		}

-	if (preason) *preason = reason_code;

-	if (pinvtm) *pinvtm = comp_time;

-	else ASN1_GENERALIZEDTIME_free(comp_time);

-	ret = 1;

-	err:

-	if (tmp) OPENSSL_free(tmp);

-	if (!phold) ASN1_OBJECT_free(hold);

-	if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/apps/cert.pem

+++ /dev/null

@@ -1,11 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD

-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa

-Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0

-YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT

-DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7

-tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q

-sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO

-19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/ciphers.c

+++ /dev/null

@@ -1,208 +1,0 @@

-/* apps/ciphers.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#include "apps.h"

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-#undef PROG

-#define PROG	ciphers_main

-static const char *ciphers_usage[]={

-"usage: ciphers args\n",

-" -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",

-" -ssl2       - SSL2 mode\n",

-" -ssl3       - SSL3 mode\n",

-" -tls1       - TLS1 mode\n",

-NULL

-};

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int ret=1,i;

-	int verbose=0;

-	const char **pp;

-	const char *p;

-	int badops=0;

-	SSL_CTX *ctx=NULL;

-	SSL *ssl=NULL;

-	char *ciphers=NULL;

-	SSL_METHOD *meth=NULL;

-	STACK_OF(SSL_CIPHER) *sk;

-	char buf[512];

-	BIO *STDout=NULL;

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-	meth=SSLv23_server_method();

-#elif !defined(OPENSSL_NO_SSL3)

-	meth=SSLv3_server_method();

-#elif !defined(OPENSSL_NO_SSL2)

-	meth=SSLv2_server_method();

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-	{

-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	STDout = BIO_push(tmpbio, STDout);

-	}

-#endif

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if (strcmp(*argv,"-v") == 0)

-			verbose=1;

-#ifndef OPENSSL_NO_SSL2

-		else if (strcmp(*argv,"-ssl2") == 0)

-			meth=SSLv2_client_method();

-#endif

-#ifndef OPENSSL_NO_SSL3

-		else if (strcmp(*argv,"-ssl3") == 0)

-			meth=SSLv3_client_method();

-#endif

-#ifndef OPENSSL_NO_TLS1

-		else if (strcmp(*argv,"-tls1") == 0)

-			meth=TLSv1_client_method();

-#endif

-		else if ((strncmp(*argv,"-h",2) == 0) ||

-			 (strcmp(*argv,"-?") == 0))

-			{

-			badops=1;

-			break;

-			}

-		else

-			{

-			ciphers= *argv;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-		for (pp=ciphers_usage; (*pp != NULL); pp++)

-			BIO_printf(bio_err,"%s",*pp);

-		goto end;

-		}

-	OpenSSL_add_ssl_algorithms();

-	ctx=SSL_CTX_new(meth);

-	if (ctx == NULL) goto err;

-	if (ciphers != NULL) {

-		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {

-			BIO_printf(bio_err, "Error in cipher list\n");

-			goto err;

-		}

-	}

-	ssl=SSL_new(ctx);

-	if (ssl == NULL) goto err;

-	if (!verbose)

-		{

-		for (i=0; ; i++)

-			{

-			p=SSL_get_cipher_list(ssl,i);

-			if (p == NULL) break;

-			if (i != 0) BIO_printf(STDout,":");

-			BIO_printf(STDout,"%s",p);

-			}

-		BIO_printf(STDout,"\n");

-		}

-	else

-		{

-		sk=SSL_get_ciphers(ssl);

-		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)

-			{

-			BIO_puts(STDout,SSL_CIPHER_description(

-				sk_SSL_CIPHER_value(sk,i),

-				buf,sizeof buf));

-			}

-		}

-	ret=0;

-	if (0)

-		{

-err:

-		SSL_load_error_strings();

-		ERR_print_errors(bio_err);

-		}

-end:

-	if (ctx != NULL) SSL_CTX_free(ctx);

-	if (ssl != NULL) SSL_free(ssl);

-	if (STDout != NULL) BIO_free_all(STDout);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/client.pem

+++ /dev/null

@@ -1,24 +1,0 @@

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)

------BEGIN CERTIFICATE-----

-MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD

-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5

-MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG

-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl

-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw

-Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt

-XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5

-NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3

-UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE

-9TKwhS4GlwbtCfxSKQ==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm

-q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko

-/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1

-HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0

-ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/

-nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw

-ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/crl.c

+++ /dev/null

@@ -1,429 +1,0 @@

-/* apps/crl.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	crl_main

-#undef POSTFIX

-#define	POSTFIX	".rvk"

-static const char *crl_usage[]={

-"usage: crl args\n",

-"\n",

-" -inform arg     - input format - default PEM (DER or PEM)\n",

-" -outform arg    - output format - default PEM\n",

-" -text           - print out a text format version\n",

-" -in arg         - input file - default stdin\n",

-" -out arg        - output file - default stdout\n",

-" -hash           - print hash value\n",

-" -fingerprint    - print the crl fingerprint\n",

-" -issuer         - print issuer DN\n",

-" -lastupdate     - lastUpdate field\n",

-" -nextupdate     - nextUpdate field\n",

-" -noout          - no CRL output\n",

-" -CAfile  name   - verify CRL using certificates in file \"name\"\n",

-" -CApath  dir    - verify CRL using certificates in \"dir\"\n",

-" -nameopt arg    - various certificate name options\n",

-NULL

-};

-static X509_CRL *load_crl(char *file, int format);

-static BIO *bio_out=NULL;

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	unsigned long nmflag = 0;

-	X509_CRL *x=NULL;

-	char *CAfile = NULL, *CApath = NULL;

-	int ret=1,i,num,badops=0;

-	BIO *out=NULL;

-	int informat,outformat;

-	char *infile=NULL,*outfile=NULL;

-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;

-	int fingerprint = 0;

-	const char **pp;

-	X509_STORE *store = NULL;

-	X509_STORE_CTX ctx;

-	X509_LOOKUP *lookup = NULL;

-	X509_OBJECT xobj;

-	EVP_PKEY *pkey;

-	int do_ver = 0;

-	const EVP_MD *md_alg,*digest=EVP_sha1();

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	if (bio_out == NULL)

-		if ((bio_out=BIO_new(BIO_s_file())) != NULL)

-			{

-			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			bio_out = BIO_push(tmpbio, bio_out);

-			}

-#endif

-			}

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	argc--;

-	argv++;

-	num=0;

-	while (argc >= 1)

-		{

-#ifdef undef

-		if	(strcmp(*argv,"-p") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/

-			}

-#endif

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-CApath") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CApath = *(++argv);

-			do_ver = 1;

-			}

-		else if (strcmp(*argv,"-CAfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAfile = *(++argv);

-			do_ver = 1;

-			}

-		else if (strcmp(*argv,"-verify") == 0)

-			do_ver = 1;

-		else if (strcmp(*argv,"-text") == 0)

-			text = 1;

-		else if (strcmp(*argv,"-hash") == 0)

-			hash= ++num;

-		else if (strcmp(*argv,"-nameopt") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;

-			}

-		else if (strcmp(*argv,"-issuer") == 0)

-			issuer= ++num;

-		else if (strcmp(*argv,"-lastupdate") == 0)

-			lastupdate= ++num;

-		else if (strcmp(*argv,"-nextupdate") == 0)

-			nextupdate= ++num;

-		else if (strcmp(*argv,"-noout") == 0)

-			noout= ++num;

-		else if (strcmp(*argv,"-fingerprint") == 0)

-			fingerprint= ++num;

-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))

-			{

-			/* ok */

-			digest=md_alg;

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		for (pp=crl_usage; (*pp != NULL); pp++)

-			BIO_printf(bio_err,"%s",*pp);

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	x=load_crl(infile,informat);

-	if (x == NULL) { goto end; }

-	if(do_ver) {

-		store = X509_STORE_new();

-		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());

-		if (lookup == NULL) goto end;

-		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))

-			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);

-		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());

-		if (lookup == NULL) goto end;

-		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))

-			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

-		ERR_clear_error();

-		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {

-			BIO_printf(bio_err,

-				"Error initialising X509 store\n");

-			goto end;

-		}

-		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,

-					X509_CRL_get_issuer(x), &xobj);

-		if(i <= 0) {

-			BIO_printf(bio_err,

-				"Error getting CRL issuer certificate\n");

-			goto end;

-		}

-		pkey = X509_get_pubkey(xobj.data.x509);

-		X509_OBJECT_free_contents(&xobj);

-		if(!pkey) {

-			BIO_printf(bio_err,

-				"Error getting CRL issuer public key\n");

-			goto end;

-		}

-		i = X509_CRL_verify(x, pkey);

-		EVP_PKEY_free(pkey);

-		if(i < 0) goto end;

-		if(i == 0) BIO_printf(bio_err, "verify failure\n");

-		else BIO_printf(bio_err, "verify OK\n");

-	}

-	if (num)

-		{

-		for (i=1; i<=num; i++)

-			{

-			if (issuer == i)

-				{

-				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);

-				}

-			if (hash == i)

-				{

-				BIO_printf(bio_out,"%08lx\n",

-					X509_NAME_hash(X509_CRL_get_issuer(x)));

-				}

-			if (lastupdate == i)

-				{

-				BIO_printf(bio_out,"lastUpdate=");

-				ASN1_TIME_print(bio_out,

-						X509_CRL_get_lastUpdate(x));

-				BIO_printf(bio_out,"\n");

-				}

-			if (nextupdate == i)

-				{

-				BIO_printf(bio_out,"nextUpdate=");

-				if (X509_CRL_get_nextUpdate(x))

-					ASN1_TIME_print(bio_out,

-						X509_CRL_get_nextUpdate(x));

-				else

-					BIO_printf(bio_out,"NONE");

-				BIO_printf(bio_out,"\n");

-				}

-			if (fingerprint == i)

-				{

-				int j;

-				unsigned int n;

-				unsigned char md[EVP_MAX_MD_SIZE];

-				if (!X509_CRL_digest(x,digest,md,&n))

-					{

-					BIO_printf(bio_err,"out of memory\n");

-					goto end;

-					}

-				BIO_printf(bio_out,"%s Fingerprint=",

-						OBJ_nid2sn(EVP_MD_type(digest)));

-				for (j=0; j<(int)n; j++)

-					{

-					BIO_printf(bio_out,"%02X%c",md[j],

-						(j+1 == (int)n)

-						?'\n':':');

-					}

-				}

-			}

-		}

-	out=BIO_new(BIO_s_file());

-	if (out == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (text) X509_CRL_print(out, x);

-	if (noout)

-		{

-		ret = 0;

-		goto end;

-		}

-	if 	(outformat == FORMAT_ASN1)

-		i=(int)i2d_X509_CRL_bio(out,x);

-	else if (outformat == FORMAT_PEM)

-		i=PEM_write_bio_X509_CRL(out,x);

-	else

-		{

-		BIO_printf(bio_err,"bad output format specified for outfile\n");

-		goto end;

-		}

-	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }

-	ret=0;

-end:

-	BIO_free_all(out);

-	BIO_free_all(bio_out);

-	bio_out=NULL;

-	X509_CRL_free(x);

-	if(store) {

-		X509_STORE_CTX_cleanup(&ctx);

-		X509_STORE_free(store);

-	}

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static X509_CRL *load_crl(char *infile, int format)

-	{

-	X509_CRL *x=NULL;

-	BIO *in=NULL;

-	in=BIO_new(BIO_s_file());

-	if (in == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if 	(format == FORMAT_ASN1)

-		x=d2i_X509_CRL_bio(in,NULL);

-	else if (format == FORMAT_PEM)

-		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);

-	else	{

-		BIO_printf(bio_err,"bad input format specified for input crl\n");

-		goto end;

-		}

-	if (x == NULL)

-		{

-		BIO_printf(bio_err,"unable to load CRL\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-end:

-	BIO_free(in);

-	return(x);

-	}

--- a/sys/src/ape/lib/openssl/apps/crl2p7.c

+++ /dev/null

@@ -1,345 +1,0 @@

-/* apps/crl2p7.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* This was written by Gordon Chaffee <[email protected]>

- * and donated 'to the cause' along with lots and lots of other fixes to

- * the library. */

-#include <stdio.h>

-#include <string.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include "apps.h"

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-#include <openssl/pem.h>

-#include <openssl/objects.h>

-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);

-#undef PROG

-#define PROG	crl2pkcs7_main

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int i,badops=0;

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat;

-	char *infile,*outfile,*prog,*certfile;

-	PKCS7 *p7 = NULL;

-	PKCS7_SIGNED *p7s = NULL;

-	X509_CRL *crl=NULL;

-	STACK *certflst=NULL;

-	STACK_OF(X509_CRL) *crl_stack=NULL;

-	STACK_OF(X509) *cert_stack=NULL;

-	int ret=1,nocrl=0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-nocrl") == 0)

-			{

-			nocrl=1;

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-certfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if(!certflst) certflst = sk_new_null();

-			sk_push(certflst,*(++argv));

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");

-		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");

-		BIO_printf(bio_err," -in arg        input file\n");

-		BIO_printf(bio_err," -out arg       output file\n");

-		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");

-		BIO_printf(bio_err,"                (can be used more than once)\n");

-		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");

-		ret = 1;

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (!nocrl)

-		{

-		if (infile == NULL)

-			BIO_set_fp(in,stdin,BIO_NOCLOSE);

-		else

-			{

-			if (BIO_read_filename(in,infile) <= 0)

-				{

-				perror(infile);

-				goto end;

-				}

-			}

-		if 	(informat == FORMAT_ASN1)

-			crl=d2i_X509_CRL_bio(in,NULL);

-		else if (informat == FORMAT_PEM)

-			crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);

-		else	{

-			BIO_printf(bio_err,"bad input format specified for input crl\n");

-			goto end;

-			}

-		if (crl == NULL)

-			{

-			BIO_printf(bio_err,"unable to load CRL\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if ((p7=PKCS7_new()) == NULL) goto end;

-	if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;

-	p7->type=OBJ_nid2obj(NID_pkcs7_signed);

-	p7->d.sign=p7s;

-	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);

-	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;

-	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;

-	p7s->crl=crl_stack;

-	if (crl != NULL)

-		{

-		sk_X509_CRL_push(crl_stack,crl);

-		crl=NULL; /* now part of p7 for OPENSSL_freeing */

-		}

-	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;

-	p7s->cert=cert_stack;

-	if(certflst) for(i = 0; i < sk_num(certflst); i++) {

-		certfile = sk_value(certflst, i);

-		if (add_certs_from_file(cert_stack,certfile) < 0)

-			{

-			BIO_printf(bio_err, "error loading certificates\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-	}

-	sk_free(certflst);

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if 	(outformat == FORMAT_ASN1)

-		i=i2d_PKCS7_bio(out,p7);

-	else if (outformat == FORMAT_PEM)

-		i=PEM_write_bio_PKCS7(out,p7);

-	else	{

-		BIO_printf(bio_err,"bad output format specified for outfile\n");

-		goto end;

-		}

-	if (!i)

-		{

-		BIO_printf(bio_err,"unable to write pkcs7 object\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	ret=0;

-end:

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (p7 != NULL) PKCS7_free(p7);

-	if (crl != NULL) X509_CRL_free(crl);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-/*

- *----------------------------------------------------------------------

- * int add_certs_from_file

- *

- *	Read a list of certificates to be checked from a file.

- *

- * Results:

- *	number of certs added if successful, -1 if not.

- *----------------------------------------------------------------------

- */

-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)

-	{

-	struct stat st;

-	BIO *in=NULL;

-	int count=0;

-	int ret= -1;

-	STACK_OF(X509_INFO) *sk=NULL;

-	X509_INFO *xi;

-	if ((stat(certfile,&st) != 0))

-		{

-		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);

-		goto end;

-		}

-	in=BIO_new(BIO_s_file());

-	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))

-		{

-		BIO_printf(bio_err,"error opening the file, %s\n",certfile);

-		goto end;

-		}

-	/* This loads from a file, a stack of x509/crl/pkey sets */

-	sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);

-	if (sk == NULL) {

-		BIO_printf(bio_err,"error reading the file, %s\n",certfile);

-		goto end;

-	}

-	/* scan over it and pull out the CRL's */

-	while (sk_X509_INFO_num(sk))

-		{

-		xi=sk_X509_INFO_shift(sk);

-		if (xi->x509 != NULL)

-			{

-			sk_X509_push(stack,xi->x509);

-			xi->x509=NULL;

-			count++;

-			}

-		X509_INFO_free(xi);

-		}

-	ret=count;

-end:

- 	/* never need to OPENSSL_free x */

-	if (in != NULL) BIO_free(in);

-	if (sk != NULL) sk_X509_INFO_free(sk);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/demoCA/cacert.pem

+++ /dev/null

@@ -1,14 +1,0 @@

-subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server

-issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA

------BEGIN X509 CERTIFICATE-----

-MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV

-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz

-MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM

-RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV

-BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3

-LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb

-/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0

-DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn

-IMs6ZOZB

------END X509 CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/demoCA/index.txt

+++ /dev/null

@@ -1,39 +1,0 @@

-R	980705233205Z	951009233205Z	01	certs/00000001	/CN=Eric Young

-E	951009233205Z		02	certs/00000002	/CN=Duncan Young

-R	980705233205Z	951201010000Z	03	certs/00000003	/CN=Tim Hudson

-V	980705233205Z		04	certs/00000004	/CN=Eric Young4

-V	980705233205Z		05	certs/00000004	/CN=Eric Young5

-V	980705233205Z		06	certs/00000004	/CN=Eric Young6

-V	980705233205Z		07	certs/00000004	/CN=Eric Young7

-V	980705233205Z		08	certs/00000004	/CN=Eric Young8

-V	980705233205Z		09	certs/00000004	/CN=Eric Young9

-V	980705233205Z		0A	certs/00000004	/CN=Eric YoungA

-V	980705233205Z		0B	certs/00000004	/CN=Eric YoungB

-V	980705233205Z		0C	certs/00000004	/CN=Eric YoungC

-V	980705233205Z		0D	certs/00000004	/CN=Eric YoungD

-V	980705233205Z		0E	certs/00000004	/CN=Eric YoungE

-V	980705233205Z		0F	certs/00000004	/CN=Eric YoungF

-V	980705233205Z		10	certs/00000004	/CN=Eric Young10

-V	980705233205Z		11	certs/00000004	/CN=Eric Young11

-V	980705233205Z		12	certs/00000004	/CN=Eric Young12

-V	980705233205Z		13	certs/00000004	/CN=Eric Young13

-V	980705233205Z		14	certs/00000004	/CN=Eric Young14

-V	980705233205Z		15	certs/00000004	/CN=Eric Young15

-V	980705233205Z		16	certs/00000004	/CN=Eric Young16

-V	980705233205Z		17	certs/00000004	/CN=Eric Young17

-V	961206150305Z		010C	unknown	/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/[email protected]

-V	961206153245Z		010D	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/[email protected]

-V	970322074816Z		010E	unknown	/CN=Eric Young/[email protected]

-V	970322075152Z		010F	unknown	/CN=Eric Young

-V	970322075906Z		0110	unknown	/CN=Eric Youngg

-V	970324092238Z		0111	unknown	/C=AU/SP=Queensland/CN=Eric Young

-V	970324221931Z		0112	unknown	/CN=Fred

-V	970324224934Z		0113	unknown	/C=AU/CN=eay

-V	971001005237Z		0114	unknown	/C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test

-V	971001010331Z		0115	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3

-V	971001013945Z		0117	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test

-V	971014225415Z		0118	unknown	/C=AU/SP=Queensland/CN=test

-V	971015004448Z		0119	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2

-V	971016035001Z		011A	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64

-V	971016080129Z		011B	unknown	/C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/[email protected]

-V	971016224000Z		011D	unknown	/L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/[email protected]

--- a/sys/src/ape/lib/openssl/apps/demoCA/private/cakey.pem

+++ /dev/null

@@ -1,24 +1,0 @@

-issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA

-subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server

------BEGIN X509 CERTIFICATE-----

-MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV

-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz

-MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM

-RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV

-BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3

-LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb

-/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0

-DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn

-IMs6ZOZB

------END X509 CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe

-Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ

-hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG

-sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw

-tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq

-agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA

-g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/demoCA/serial

+++ /dev/null

@@ -1,1 +1,0 @@

-011E

--- a/sys/src/ape/lib/openssl/apps/dgst.c

+++ /dev/null

@@ -1,511 +1,0 @@

-/* apps/dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/hmac.h>

-#undef BUFSIZE

-#define BUFSIZE	1024*8

-#undef PROG

-#define PROG	dgst_main

-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

-	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,

-	  const char *file,BIO *bmd,const char *hmac_key);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	unsigned char *buf=NULL;

-	int i,err=0;

-	const EVP_MD *md=NULL,*m;

-	BIO *in=NULL,*inp;

-	BIO *bmd=NULL;

-	BIO *out = NULL;

-	const char *name;

-#define PROG_NAME_SIZE  39

-	char pname[PROG_NAME_SIZE+1];

-	int separator=0;

-	int debug=0;

-	int keyform=FORMAT_PEM;

-	const char *outfile = NULL, *keyfile = NULL;

-	const char *sigfile = NULL, *randfile = NULL;

-	int out_bin = -1, want_pub = 0, do_verify = 0;

-	EVP_PKEY *sigkey = NULL;

-	unsigned char *sigbuf = NULL;

-	int siglen = 0;

-	char *passargin = NULL, *passin = NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	char *hmac_key=NULL;

-	apps_startup();

-	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)

-		{

-		BIO_printf(bio_err,"out of memory\n");

-		goto end;

-		}

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	/* first check the program name */

-	program_name(argv[0],pname,sizeof pname);

-	md=EVP_get_digestbyname(pname);

-	argc--;

-	argv++;

-	while (argc > 0)

-		{

-		if ((*argv)[0] != '-') break;

-		if (strcmp(*argv,"-c") == 0)

-			separator=1;

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) break;

-			randfile=*(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) break;

-			outfile=*(++argv);

-			}

-		else if (strcmp(*argv,"-sign") == 0)

-			{

-			if (--argc < 1) break;

-			keyfile=*(++argv);

-			}

-		else if (!strcmp(*argv,"-passin"))

-			{

-			if (--argc < 1)

-				break;

-			passargin=*++argv;

-			}

-		else if (strcmp(*argv,"-verify") == 0)

-			{

-			if (--argc < 1) break;

-			keyfile=*(++argv);

-			want_pub = 1;

-			do_verify = 1;

-			}

-		else if (strcmp(*argv,"-prverify") == 0)

-			{

-			if (--argc < 1) break;

-			keyfile=*(++argv);

-			do_verify = 1;

-			}

-		else if (strcmp(*argv,"-signature") == 0)

-			{

-			if (--argc < 1) break;

-			sigfile=*(++argv);

-			}

-		else if (strcmp(*argv,"-keyform") == 0)

-			{

-			if (--argc < 1) break;

-			keyform=str2fmt(*(++argv));

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) break;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-hex") == 0)

-			out_bin = 0;

-		else if (strcmp(*argv,"-binary") == 0)

-			out_bin = 1;

-		else if (strcmp(*argv,"-d") == 0)

-			debug=1;

-		else if (!strcmp(*argv,"-hmac"))

-			{

-			if (--argc < 1)

-				break;

-			hmac_key=*++argv;

-			}

-		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)

-			md=m;

-		else

-			break;

-		argc--;

-		argv++;

-		}

-	if (md == NULL)

-		md=EVP_md5();

-	if(do_verify && !sigfile) {

-		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");

-		err = 1;

-		goto end;

-	}

-	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */

-		{

-		BIO_printf(bio_err,"unknown option '%s'\n",*argv);

-		BIO_printf(bio_err,"options are\n");

-		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");

-		BIO_printf(bio_err,"-d              to output debug info\n");

-		BIO_printf(bio_err,"-hex            output as hex dump\n");

-		BIO_printf(bio_err,"-binary         output in binary form\n");

-		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");

-		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");

-		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");

-		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");

-		BIO_printf(bio_err,"-signature file signature to verify\n");

-		BIO_printf(bio_err,"-binary         output in binary form\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",

-			LN_md5,LN_md5);

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_md4,LN_md4);

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_md2,LN_md2);

-#ifndef OPENSSL_NO_SHA

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_sha1,LN_sha1);

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_sha,LN_sha);

-#ifndef OPENSSL_NO_SHA256

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_sha224,LN_sha224);

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_sha256,LN_sha256);

-#endif

-#ifndef OPENSSL_NO_SHA512

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_sha384,LN_sha384);

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_sha512,LN_sha512);

-#endif

-#endif

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_mdc2,LN_mdc2);

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",

-			LN_ripemd160,LN_ripemd160);

-		err=1;

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	in=BIO_new(BIO_s_file());

-	bmd=BIO_new(BIO_f_md());

-	if (debug)

-		{

-		BIO_set_callback(in,BIO_debug_callback);

-		/* needed for windows 3.1 */

-		BIO_set_callback_arg(in,(char *)bio_err);

-		}

-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))

-		{

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-		}

-	if ((in == NULL) || (bmd == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if(out_bin == -1) {

-		if(keyfile) out_bin = 1;

-		else out_bin = 0;

-	}

-	if(randfile)

-		app_RAND_load_file(randfile, bio_err, 0);

-	if(outfile) {

-		if(out_bin)

-			out = BIO_new_file(outfile, "wb");

-		else    out = BIO_new_file(outfile, "w");

-	} else {

-		out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-	}

-	if(!out) {

-		BIO_printf(bio_err, "Error opening output file %s\n",

-					outfile ? outfile : "(stdout)");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	if(keyfile)

-		{

-		if (want_pub)

-			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,

-				e, "key file");

-		else

-			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,

-				e, "key file");

-		if (!sigkey)

-			{

-			/* load_[pub]key() has already printed an appropriate

-			   message */

-			goto end;

-			}

-		}

-	if(sigfile && sigkey) {

-		BIO *sigbio;

-		sigbio = BIO_new_file(sigfile, "rb");

-		siglen = EVP_PKEY_size(sigkey);

-		sigbuf = OPENSSL_malloc(siglen);

-		if(!sigbio) {

-			BIO_printf(bio_err, "Error opening signature file %s\n",

-								sigfile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-		siglen = BIO_read(sigbio, sigbuf, siglen);

-		BIO_free(sigbio);

-		if(siglen <= 0) {

-			BIO_printf(bio_err, "Error reading signature file %s\n",

-								sigfile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	}

-	/* we use md as a filter, reading from 'in' */

-	if (!BIO_set_md(bmd,md))

-		{

-		BIO_printf(bio_err, "Error setting digest %s\n", pname);

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	inp=BIO_push(bmd,in);

-	if (argc == 0)

-		{

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,

-			  siglen,"","(stdin)",bmd,hmac_key);

-		}

-	else

-		{

-		name=OBJ_nid2sn(md->type);

-		for (i=0; i<argc; i++)

-			{

-			char *tmp,*tofree=NULL;

-			int r;

-			if (BIO_read_filename(in,argv[i]) <= 0)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			if(!out_bin)

-				{

-				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;

-				tmp=tofree=OPENSSL_malloc(len);

-				BIO_snprintf(tmp,len,"%s%s(%s)= ",

-							 hmac_key ? "HMAC-" : "",name,argv[i]);

-				}

-			else

-				tmp="";

-			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,

-				siglen,tmp,argv[i],bmd,hmac_key);

-			if(r)

-			    err=r;

-			if(tofree)

-				OPENSSL_free(tofree);

-			(void)BIO_reset(bmd);

-			}

-		}

-end:

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,BUFSIZE);

-		OPENSSL_free(buf);

-		}

-	if (in != NULL) BIO_free(in);

-	if (passin)

-		OPENSSL_free(passin);

-	BIO_free_all(out);

-	EVP_PKEY_free(sigkey);

-	if(sigbuf) OPENSSL_free(sigbuf);

-	if (bmd != NULL) BIO_free(bmd);

-	apps_shutdown();

-	OPENSSL_EXIT(err);

-	}

-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

-	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,

-	  const char *file,BIO *bmd,const char *hmac_key)

-	{

-	unsigned int len;

-	int i;

-	EVP_MD_CTX *md_ctx;

-	HMAC_CTX hmac_ctx;

-	if (hmac_key)

-		{

-		EVP_MD *md;

-		BIO_get_md(bmd,&md);

-		HMAC_CTX_init(&hmac_ctx);

-		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);

-		BIO_get_md_ctx(bmd,&md_ctx);

-		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);

-		}

-	for (;;)

-		{

-		i=BIO_read(bp,(char *)buf,BUFSIZE);

-		if(i < 0)

-			{

-			BIO_printf(bio_err, "Read Error in %s\n",file);

-			ERR_print_errors(bio_err);

-			return 1;

-			}

-		if (i == 0) break;

-		}

-	if(sigin)

-		{

-		EVP_MD_CTX *ctx;

-		BIO_get_md_ctx(bp, &ctx);

-		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);

-		if(i > 0)

-			BIO_printf(out, "Verified OK\n");

-		else if(i == 0)

-			{

-			BIO_printf(out, "Verification Failure\n");

-			return 1;

-			}

-		else

-			{

-			BIO_printf(bio_err, "Error Verifying Data\n");

-			ERR_print_errors(bio_err);

-			return 1;

-			}

-		return 0;

-		}

-	if(key)

-		{

-		EVP_MD_CTX *ctx;

-		BIO_get_md_ctx(bp, &ctx);

-		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))

-			{

-			BIO_printf(bio_err, "Error Signing Data\n");

-			ERR_print_errors(bio_err);

-			return 1;

-			}

-		}

-	else if(hmac_key)

-		{

-		HMAC_Final(&hmac_ctx,buf,&len);

-		HMAC_CTX_cleanup(&hmac_ctx);

-		}

-	else

-		len=BIO_gets(bp,(char *)buf,BUFSIZE);

-	if(binout) BIO_write(out, buf, len);

-	else

-		{

-		BIO_write(out,title,strlen(title));

-		for (i=0; i<(int)len; i++)

-			{

-			if (sep && (i != 0))

-				BIO_printf(out, ":");

-			BIO_printf(out, "%02x",buf[i]);

-			}

-		BIO_printf(out, "\n");

-		}

-	if (hmac_key)

-		{

-		BIO_set_md_ctx(bmd,md_ctx);

-		}

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/apps/dh.c

+++ /dev/null

@@ -1,352 +1,0 @@

-/* apps/dh.c */

-/* obsoleted by dhparam.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */

-#ifndef OPENSSL_NO_DH

-#include <stdio.h>

-#include <stdlib.h>

-#include <time.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	dh_main

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -check	- check the parameters are ok

- * -noout

- * -text

- * -C

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	DH *dh=NULL;

-	int i,badops=0,text=0;

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat,check=0,noout=0,C=0,ret=1;

-	char *infile,*outfile,*prog;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine;

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-#ifndef OPENSSL_NO_ENGINE

-	engine=NULL;

-#endif

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-check") == 0)

-			check=1;

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-		else if (strcmp(*argv,"-C") == 0)

-			C=1;

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");

-		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");

-		BIO_printf(bio_err," -in arg       input file\n");

-		BIO_printf(bio_err," -out arg      output file\n");

-		BIO_printf(bio_err," -check        check the DH parameters\n");

-		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");

-		BIO_printf(bio_err," -C            Output C code\n");

-		BIO_printf(bio_err," -noout        no output\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");

-#endif

-		goto end;

-		}

-	ERR_load_crypto_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if	(informat == FORMAT_ASN1)

-		dh=d2i_DHparams_bio(in,NULL);

-	else if (informat == FORMAT_PEM)

-		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);

-	else

-		{

-		BIO_printf(bio_err,"bad input format specified\n");

-		goto end;

-		}

-	if (dh == NULL)

-		{

-		BIO_printf(bio_err,"unable to load DH parameters\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (text)

-		{

-		DHparams_print(out,dh);

-#ifdef undef

-		printf("p=");

-		BN_print(stdout,dh->p);

-		printf("\ng=");

-		BN_print(stdout,dh->g);

-		printf("\n");

-		if (dh->length != 0)

-			printf("recommended private length=%ld\n",dh->length);

-#endif

-		}

-	if (check)

-		{

-		if (!DH_check(dh,&i))

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (i & DH_CHECK_P_NOT_PRIME)

-			printf("p value is not prime\n");

-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)

-			printf("p value is not a safe prime\n");

-		if (i & DH_UNABLE_TO_CHECK_GENERATOR)

-			printf("unable to check the generator value\n");

-		if (i & DH_NOT_SUITABLE_GENERATOR)

-			printf("the g value is not a generator\n");

-		if (i == 0)

-			printf("DH parameters appear to be ok.\n");

-		}

-	if (C)

-		{

-		unsigned char *data;

-		int len,l,bits;

-		len=BN_num_bytes(dh->p);

-		bits=BN_num_bits(dh->p);

-		data=(unsigned char *)OPENSSL_malloc(len);

-		if (data == NULL)

-			{

-			perror("OPENSSL_malloc");

-			goto end;

-			}

-		l=BN_bn2bin(dh->p,data);

-		printf("static unsigned char dh%d_p[]={",bits);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t};\n");

-		l=BN_bn2bin(dh->g,data);

-		printf("static unsigned char dh%d_g[]={",bits);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t};\n\n");

-		printf("DH *get_dh%d()\n\t{\n",bits);

-		printf("\tDH *dh;\n\n");

-		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");

-		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",

-			bits,bits);

-		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",

-			bits,bits);

-		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");

-		printf("\t\treturn(NULL);\n");

-		printf("\treturn(dh);\n\t}\n");

-		OPENSSL_free(data);

-		}

-	if (!noout)

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_DHparams_bio(out,dh);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_DHparams(out,dh);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err,"unable to write DH parameters\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	ret=0;

-end:

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (dh != NULL) DH_free(dh);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/dh1024.pem

+++ /dev/null

@@ -1,10 +1,0 @@

------BEGIN DH PARAMETERS-----

-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY

-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6

-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC

------END DH PARAMETERS-----

-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"

-(http://www.skip-vpn.org/spec/numbers.html).

-See there for how they were generated.

-Note that g is not a generator, but this is not a problem since p is a safe prime.

--- a/sys/src/ape/lib/openssl/apps/dh2048.pem

+++ /dev/null

@@ -1,12 +1,0 @@

------BEGIN DH PARAMETERS-----

-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV

-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50

-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb

-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX

-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT

-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==

------END DH PARAMETERS-----

-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"

-(http://www.skip-vpn.org/spec/numbers.html).

-See there for how they were generated.

--- a/sys/src/ape/lib/openssl/apps/dh4096.pem

+++ /dev/null

@@ -1,18 +1,0 @@

------BEGIN DH PARAMETERS-----

-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ

-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt

-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS

-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98

-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc

-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM

-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9

-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte

-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH

-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL

-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=

------END DH PARAMETERS-----

-These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"

-(http://www.skip-vpn.org/spec/numbers.html).

-See there for how they were generated.

-Note that g is not a generator, but this is not a problem since p is a safe prime.

--- a/sys/src/ape/lib/openssl/apps/dh512.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN DH PARAMETERS-----

-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak

-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC

------END DH PARAMETERS-----

-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"

-(http://www.skip-vpn.org/spec/numbers.html).

-See there for how they were generated.

-Note that g is not a generator, but this is not a problem since p is a safe prime.

--- a/sys/src/ape/lib/openssl/apps/dhparam.c

+++ /dev/null

@@ -1,557 +1,0 @@

-/* apps/dhparam.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */

-#ifndef OPENSSL_NO_DH

-#include <stdio.h>

-#include <stdlib.h>

-#include <time.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#undef PROG

-#define PROG	dhparam_main

-#define DEFBITS	512

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -dsaparam  - read or generate DSA parameters, convert to DH

- * -check	- check the parameters are ok

- * -noout

- * -text

- * -C

- */

-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	DH *dh=NULL;

-	int i,badops=0,text=0;

-#ifndef OPENSSL_NO_DSA

-	int dsaparam=0;

-#endif

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat,check=0,noout=0,C=0,ret=1;

-	char *infile,*outfile,*prog;

-	char *inrand=NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	int num = 0, g = 0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-check") == 0)

-			check=1;

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-#ifndef OPENSSL_NO_DSA

-		else if (strcmp(*argv,"-dsaparam") == 0)

-			dsaparam=1;

-#endif

-		else if (strcmp(*argv,"-C") == 0)

-			C=1;

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-2") == 0)

-			g=2;

-		else if (strcmp(*argv,"-5") == 0)

-			g=5;

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))

-			goto bad;

-		argv++;

-		argc--;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] [numbits]\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");

-		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");

-		BIO_printf(bio_err," -in arg       input file\n");

-		BIO_printf(bio_err," -out arg      output file\n");

-#ifndef OPENSSL_NO_DSA

-		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");

-#endif

-		BIO_printf(bio_err," -check        check the DH parameters\n");

-		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");

-		BIO_printf(bio_err," -C            Output C code\n");

-		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");

-		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");

-		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");

-		BIO_printf(bio_err,"               the random number generator\n");

-		BIO_printf(bio_err," -noout        no output\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (g && !num)

-		num = DEFBITS;

-#ifndef OPENSSL_NO_DSA

-	if (dsaparam)

-		{

-		if (g)

-			{

-			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");

-			goto end;

-			}

-		}

-	else

-#endif

-		{

-		/* DH parameters */

-		if (num && !g)

-			g = 2;

-		}

-	if(num) {

-		BN_GENCB cb;

-		BN_GENCB_set(&cb, dh_cb, bio_err);

-		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)

-			{

-			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");

-			}

-		if (inrand != NULL)

-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-				app_RAND_load_files(inrand));

-#ifndef OPENSSL_NO_DSA

-		if (dsaparam)

-			{

-			DSA *dsa = DSA_new();

-			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);

-			if(!dsa || !DSA_generate_parameters_ex(dsa, num,

-						NULL, 0, NULL, NULL, &cb))

-				{

-				if(dsa) DSA_free(dsa);

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			dh = DSA_dup_DH(dsa);

-			DSA_free(dsa);

-			if (dh == NULL)

-				{

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			}

-		else

-#endif

-			{

-			dh = DH_new();

-			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);

-			BIO_printf(bio_err,"This is going to take a long time\n");

-			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))

-				{

-				if(dh) DH_free(dh);

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			}

-		app_RAND_write_file(NULL, bio_err);

-	} else {

-		in=BIO_new(BIO_s_file());

-		if (in == NULL)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (infile == NULL)

-			BIO_set_fp(in,stdin,BIO_NOCLOSE);

-		else

-			{

-			if (BIO_read_filename(in,infile) <= 0)

-				{

-				perror(infile);

-				goto end;

-				}

-			}

-		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)

-			{

-			BIO_printf(bio_err,"bad input format specified\n");

-			goto end;

-			}

-#ifndef OPENSSL_NO_DSA

-		if (dsaparam)

-			{

-			DSA *dsa;

-			if (informat == FORMAT_ASN1)

-				dsa=d2i_DSAparams_bio(in,NULL);

-			else /* informat == FORMAT_PEM */

-				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);

-			if (dsa == NULL)

-				{

-				BIO_printf(bio_err,"unable to load DSA parameters\n");

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			dh = DSA_dup_DH(dsa);

-			DSA_free(dsa);

-			if (dh == NULL)

-				{

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			}

-		else

-#endif

-			{

-			if (informat == FORMAT_ASN1)

-				dh=d2i_DHparams_bio(in,NULL);

-			else /* informat == FORMAT_PEM */

-				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);

-			if (dh == NULL)

-				{

-				BIO_printf(bio_err,"unable to load DH parameters\n");

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			}

-		/* dh != NULL */

-	}

-	out=BIO_new(BIO_s_file());

-	if (out == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (text)

-		{

-		DHparams_print(out,dh);

-		}

-	if (check)

-		{

-		if (!DH_check(dh,&i))

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (i & DH_CHECK_P_NOT_PRIME)

-			printf("p value is not prime\n");

-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)

-			printf("p value is not a safe prime\n");

-		if (i & DH_UNABLE_TO_CHECK_GENERATOR)

-			printf("unable to check the generator value\n");

-		if (i & DH_NOT_SUITABLE_GENERATOR)

-			printf("the g value is not a generator\n");

-		if (i == 0)

-			printf("DH parameters appear to be ok.\n");

-		}

-	if (C)

-		{

-		unsigned char *data;

-		int len,l,bits;

-		len=BN_num_bytes(dh->p);

-		bits=BN_num_bits(dh->p);

-		data=(unsigned char *)OPENSSL_malloc(len);

-		if (data == NULL)

-			{

-			perror("OPENSSL_malloc");

-			goto end;

-			}

-		printf("#ifndef HEADER_DH_H\n"

-		       "#include <openssl/dh.h>\n"

-		       "#endif\n");

-		printf("DH *get_dh%d()\n\t{\n",bits);

-		l=BN_bn2bin(dh->p,data);

-		printf("\tstatic unsigned char dh%d_p[]={",bits);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t\t};\n");

-		l=BN_bn2bin(dh->g,data);

-		printf("\tstatic unsigned char dh%d_g[]={",bits);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t\t};\n");

-		printf("\tDH *dh;\n\n");

-		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");

-		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",

-			bits,bits);

-		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",

-			bits,bits);

-		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");

-		printf("\t\t{ DH_free(dh); return(NULL); }\n");

-		if (dh->length)

-			printf("\tdh->length = %ld;\n", dh->length);

-		printf("\treturn(dh);\n\t}\n");

-		OPENSSL_free(data);

-		}

-	if (!noout)

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_DHparams_bio(out,dh);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_DHparams(out,dh);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err,"unable to write DH parameters\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	ret=0;

-end:

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (dh != NULL) DH_free(dh);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */

-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write(cb->arg,&c,1);

-	(void)BIO_flush(cb->arg);

-#ifdef LINT

-	p=n;

-#endif

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/dsa-ca.pem

+++ /dev/null

@@ -1,40 +1,0 @@

------BEGIN DSA PRIVATE KEY-----

-MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ

-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel

-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH

-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso

-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu

-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y

-Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4

-94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T

-tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77

-J6zsFbSEHaQGUmfSeoM=

------END DSA PRIVATE KEY-----

------BEGIN CERTIFICATE REQUEST-----

-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew

-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW

-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m

-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk

-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo

-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR

-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB

-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH

-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq

-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u

-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v

-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==

------END CERTIFICATE REQUEST-----

------BEGIN CERTIFICATE-----

-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww

-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw

-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu

-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE

-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi

-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh

-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD

-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa

-C1Q=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/dsa-pca.pem

+++ /dev/null

@@ -1,46 +1,0 @@

------BEGIN DSA PRIVATE KEY-----

-MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ

-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel

-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH

-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso

-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu

-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y

-Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk

-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A

-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz

-6TicfImU7UFRn9h00j0lJQ==

------END DSA PRIVATE KEY-----

------BEGIN CERTIFICATE REQUEST-----

-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB

-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G

-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O

-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR

-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl

-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6

-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als

-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe

-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ

-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0

-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB

-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==

------END CERTIFICATE REQUEST-----

------BEGIN CERTIFICATE-----

-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww

-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw

-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu

-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww

-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ

-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5

-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps

-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze

-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO

-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C

-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk

-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A

-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D

-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n

-5rKUjNBhSg==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/dsa.c

+++ /dev/null

@@ -1,345 +1,0 @@

-/* apps/dsa.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */

-#ifndef OPENSSL_NO_DSA

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <time.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/dsa.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/bn.h>

-#undef PROG

-#define PROG	dsa_main

-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -des		- encrypt output if PEM format with DES in cbc mode

- * -des3	- encrypt output if PEM format

- * -idea	- encrypt output if PEM format

- * -aes128	- encrypt output if PEM format

- * -aes192	- encrypt output if PEM format

- * -aes256	- encrypt output if PEM format

- * -camellia128 - encrypt output if PEM format

- * -camellia192 - encrypt output if PEM format

- * -camellia256 - encrypt output if PEM format

- * -seed        - encrypt output if PEM format

- * -text	- print a text version

- * -modulus	- print the DSA public key

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	int ret=1;

-	DSA *dsa=NULL;

-	int i,badops=0;

-	const EVP_CIPHER *enc=NULL;

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat,text=0,noout=0;

-	int pubin = 0, pubout = 0;

-	char *infile,*outfile,*prog;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine;

-#endif

-	char *passargin = NULL, *passargout = NULL;

-	char *passin = NULL, *passout = NULL;

-	int modulus=0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-#ifndef OPENSSL_NO_ENGINE

-	engine=NULL;

-#endif

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-passout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargout= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-		else if (strcmp(*argv,"-modulus") == 0)

-			modulus=1;

-		else if (strcmp(*argv,"-pubin") == 0)

-			pubin=1;

-		else if (strcmp(*argv,"-pubout") == 0)

-			pubout=1;

-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");

-		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");

-		BIO_printf(bio_err," -in arg         input file\n");

-		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");

-		BIO_printf(bio_err," -out arg        output file\n");

-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");

-		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");

-#ifndef OPENSSL_NO_IDEA

-		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");

-#endif

-#ifndef OPENSSL_NO_AES

-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");

-#endif

-#ifndef OPENSSL_NO_SEED

-		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");

-#endif

-		BIO_printf(bio_err," -text           print the key in text\n");

-		BIO_printf(bio_err," -noout          don't print key out\n");

-		BIO_printf(bio_err," -modulus        print the DSA public value\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {

-		BIO_printf(bio_err, "Error getting passwords\n");

-		goto end;

-	}

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	BIO_printf(bio_err,"read DSA key\n");

-	if	(informat == FORMAT_ASN1) {

-		if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);

-		else dsa=d2i_DSAPrivateKey_bio(in,NULL);

-	} else if (informat == FORMAT_PEM) {

-		if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);

-		else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);

-	} else

-		{

-		BIO_printf(bio_err,"bad input format specified for key\n");

-		goto end;

-		}

-	if (dsa == NULL)

-		{

-		BIO_printf(bio_err,"unable to load Key\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (text)

-		if (!DSA_print(out,dsa,0))

-			{

-			perror(outfile);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-	if (modulus)

-		{

-		fprintf(stdout,"Public Key=");

-		BN_print(out,dsa->pub_key);

-		fprintf(stdout,"\n");

-		}

-	if (noout) goto end;

-	BIO_printf(bio_err,"writing DSA key\n");

-	if 	(outformat == FORMAT_ASN1) {

-		if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);

-		else i=i2d_DSAPrivateKey_bio(out,dsa);

-	} else if (outformat == FORMAT_PEM) {

-		if(pubin || pubout)

-			i=PEM_write_bio_DSA_PUBKEY(out,dsa);

-		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,

-							NULL,0,NULL, passout);

-	} else {

-		BIO_printf(bio_err,"bad output format specified for outfile\n");

-		goto end;

-		}

-	if (!i)

-		{

-		BIO_printf(bio_err,"unable to write private key\n");

-		ERR_print_errors(bio_err);

-		}

-	else

-		ret=0;

-end:

-	if(in != NULL) BIO_free(in);

-	if(out != NULL) BIO_free_all(out);

-	if(dsa != NULL) DSA_free(dsa);

-	if(passin) OPENSSL_free(passin);

-	if(passout) OPENSSL_free(passout);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/dsa1024.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN DSA PARAMETERS-----

-MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx

-mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us

-OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36

-bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8

-3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH

-zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O

-Arg=

------END DSA PARAMETERS-----

--- a/sys/src/ape/lib/openssl/apps/dsa512.pem

+++ /dev/null

@@ -1,6 +1,0 @@

------BEGIN DSA PARAMETERS-----

-MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97

-TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA

-gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO

-L8wka5B33qJoplISogOdIA==

------END DSA PARAMETERS-----

--- a/sys/src/ape/lib/openssl/apps/dsap.pem

+++ /dev/null

@@ -1,6 +1,0 @@

------BEGIN DSA PARAMETERS-----

-MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya

-GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2

-t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD

-ADiRffvSdhrNw5dkqdql

------END DSA PARAMETERS-----

--- a/sys/src/ape/lib/openssl/apps/dsaparam.c

+++ /dev/null

@@ -1,478 +1,0 @@

-/* apps/dsaparam.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <time.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	dsaparam_main

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -noout

- * -text

- * -C

- * -noout

- * -genkey

- *  #ifdef GENCB_TEST

- * -timebomb n  - interrupt keygen after <n> seconds

- *  #endif

- */

-#ifdef GENCB_TEST

-static int stop_keygen_flag = 0;

-static void timebomb_sigalarm(int foo)

-	{

-	stop_keygen_flag = 1;

-	}

-#endif

-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	DSA *dsa=NULL;

-	int i,badops=0,text=0;

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat,noout=0,C=0,ret=1;

-	char *infile,*outfile,*prog,*inrand=NULL;

-	int numbits= -1,num,genkey=0;

-	int need_rand=0;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-#ifdef GENCB_TEST

-	int timebomb=0;

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if(strcmp(*argv, "-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine = *(++argv);

-			}

-#endif

-#ifdef GENCB_TEST

-		else if(strcmp(*argv, "-timebomb") == 0)

-			{

-			if (--argc < 1) goto bad;

-			timebomb = atoi(*(++argv));

-			}

-#endif

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-		else if (strcmp(*argv,"-C") == 0)

-			C=1;

-		else if (strcmp(*argv,"-genkey") == 0)

-			{

-			genkey=1;

-			need_rand=1;

-			}

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			need_rand=1;

-			}

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (sscanf(*argv,"%d",&num) == 1)

-			{

-			/* generate a key */

-			numbits=num;

-			need_rand=1;

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");

-		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");

-		BIO_printf(bio_err," -in arg       input file\n");

-		BIO_printf(bio_err," -out arg      output file\n");

-		BIO_printf(bio_err," -text         print as text\n");

-		BIO_printf(bio_err," -C            Output C code\n");

-		BIO_printf(bio_err," -noout        no output\n");

-		BIO_printf(bio_err," -genkey       generate a DSA key\n");

-		BIO_printf(bio_err," -rand         files to use for random number input\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");

-#endif

-#ifdef GENCB_TEST

-		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");

-#endif

-		BIO_printf(bio_err," number        number of bits to use for generating private key\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (need_rand)

-		{

-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));

-		if (inrand != NULL)

-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-				app_RAND_load_files(inrand));

-		}

-	if (numbits > 0)

-		{

-		BN_GENCB cb;

-		BN_GENCB_set(&cb, dsa_cb, bio_err);

-		assert(need_rand);

-		dsa = DSA_new();

-		if(!dsa)

-			{

-			BIO_printf(bio_err,"Error allocating DSA object\n");

-			goto end;

-			}

-		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);

-	        BIO_printf(bio_err,"This could take some time\n");

-#ifdef GENCB_TEST

-		if(timebomb > 0)

-	{

-		struct sigaction act;

-		act.sa_handler = timebomb_sigalarm;

-		act.sa_flags = 0;

-		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",

-				timebomb);

-		if(sigaction(SIGALRM, &act, NULL) != 0)

-			{

-			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");

-			goto end;

-			}

-		alarm(timebomb);

-	}

-#endif

-	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))

-			{

-#ifdef GENCB_TEST

-			if(stop_keygen_flag)

-				{

-				BIO_printf(bio_err,"DSA key generation time-stopped\n");

-				/* This is an asked-for behaviour! */

-				ret = 0;

-				goto end;

-				}

-#endif

-			BIO_printf(bio_err,"Error, DSA key generation failed\n");

-			goto end;

-			}

-		}

-	else if	(informat == FORMAT_ASN1)

-		dsa=d2i_DSAparams_bio(in,NULL);

-	else if (informat == FORMAT_PEM)

-		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);

-	else

-		{

-		BIO_printf(bio_err,"bad input format specified\n");

-		goto end;

-		}

-	if (dsa == NULL)

-		{

-		BIO_printf(bio_err,"unable to load DSA parameters\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (text)

-		{

-		DSAparams_print(out,dsa);

-		}

-	if (C)

-		{

-		unsigned char *data;

-		int l,len,bits_p,bits_q,bits_g;

-		len=BN_num_bytes(dsa->p);

-		bits_p=BN_num_bits(dsa->p);

-		bits_q=BN_num_bits(dsa->q);

-		bits_g=BN_num_bits(dsa->g);

-		data=(unsigned char *)OPENSSL_malloc(len+20);

-		if (data == NULL)

-			{

-			perror("OPENSSL_malloc");

-			goto end;

-			}

-		l=BN_bn2bin(dsa->p,data);

-		printf("static unsigned char dsa%d_p[]={",bits_p);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t};\n");

-		l=BN_bn2bin(dsa->q,data);

-		printf("static unsigned char dsa%d_q[]={",bits_p);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t};\n");

-		l=BN_bn2bin(dsa->g,data);

-		printf("static unsigned char dsa%d_g[]={",bits_p);

-		for (i=0; i<l; i++)

-			{

-			if ((i%12) == 0) printf("\n\t");

-			printf("0x%02X,",data[i]);

-			}

-		printf("\n\t};\n\n");

-		printf("DSA *get_dsa%d()\n\t{\n",bits_p);

-		printf("\tDSA *dsa;\n\n");

-		printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");

-		printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",

-			bits_p,bits_p);

-		printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",

-			bits_p,bits_p);

-		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",

-			bits_p,bits_p);

-		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");

-		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");

-		printf("\treturn(dsa);\n\t}\n");

-		}

-	if (!noout)

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_DSAparams_bio(out,dsa);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_DSAparams(out,dsa);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err,"unable to write DSA parameters\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (genkey)

-		{

-		DSA *dsakey;

-		assert(need_rand);

-		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;

-		if (!DSA_generate_key(dsakey)) goto end;

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_DSAPrivateKey_bio(out,dsakey);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		DSA_free(dsakey);

-		}

-	if (need_rand)

-		app_RAND_write_file(NULL, bio_err);

-	ret=0;

-end:

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (dsa != NULL) DSA_free(dsa);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write(cb->arg,&c,1);

-	(void)BIO_flush(cb->arg);

-#ifdef LINT

-	p=n;

-#endif

-#ifdef GENCB_TEST

-	if(stop_keygen_flag)

-		return 0;

-#endif

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/ec.c

+++ /dev/null

@@ -1,403 +1,0 @@

-/* apps/ec.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_EC

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	ec_main

-/* -inform arg    - input format - default PEM (one of DER, NET or PEM)

- * -outform arg   - output format - default PEM

- * -in arg        - input file - default stdin

- * -out arg       - output file - default stdout

- * -des           - encrypt output if PEM format with DES in cbc mode

- * -text          - print a text version

- * -param_out     - print the elliptic curve parameters

- * -conv_form arg - specifies the point encoding form

- * -param_enc arg - specifies the parameter encoding

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE 	*e = NULL;

-#endif

-	int 	ret = 1;

-	EC_KEY 	*eckey = NULL;

-	const EC_GROUP *group;

-	int 	i, badops = 0;

-	const EVP_CIPHER *enc = NULL;

-	BIO 	*in = NULL, *out = NULL;

-	int 	informat, outformat, text=0, noout=0;

-	int  	pubin = 0, pubout = 0, param_out = 0;

-	char 	*infile, *outfile, *prog, *engine;

-	char 	*passargin = NULL, *passargout = NULL;

-	char 	*passin = NULL, *passout = NULL;

-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;

-	int	new_form = 0;

-	int	asn1_flag = OPENSSL_EC_NAMED_CURVE;

-	int 	new_asn1_flag = 0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	engine = NULL;

-	infile = NULL;

-	outfile = NULL;

-	informat = FORMAT_PEM;

-	outformat = FORMAT_PEM;

-	prog = argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if (strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-passout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargout= *(++argv);

-			}

-		else if (strcmp(*argv, "-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-		else if (strcmp(*argv, "-noout") == 0)

-			noout = 1;

-		else if (strcmp(*argv, "-text") == 0)

-			text = 1;

-		else if (strcmp(*argv, "-conv_form") == 0)

-			{

-			if (--argc < 1)

-				goto bad;

-			++argv;

-			new_form = 1;

-			if (strcmp(*argv, "compressed") == 0)

-				form = POINT_CONVERSION_COMPRESSED;

-			else if (strcmp(*argv, "uncompressed") == 0)

-				form = POINT_CONVERSION_UNCOMPRESSED;

-			else if (strcmp(*argv, "hybrid") == 0)

-				form = POINT_CONVERSION_HYBRID;

-			else

-				goto bad;

-			}

-		else if (strcmp(*argv, "-param_enc") == 0)

-			{

-			if (--argc < 1)

-				goto bad;

-			++argv;

-			new_asn1_flag = 1;

-			if (strcmp(*argv, "named_curve") == 0)

-				asn1_flag = OPENSSL_EC_NAMED_CURVE;

-			else if (strcmp(*argv, "explicit") == 0)

-				asn1_flag = 0;

-			else

-				goto bad;

-			}

-		else if (strcmp(*argv, "-param_out") == 0)

-			param_out = 1;

-		else if (strcmp(*argv, "-pubin") == 0)

-			pubin=1;

-		else if (strcmp(*argv, "-pubout") == 0)

-			pubout=1;

-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)

-			{

-			BIO_printf(bio_err, "unknown option %s\n", *argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);

-		BIO_printf(bio_err, "where options are\n");

-		BIO_printf(bio_err, " -inform arg     input format - "

-				"DER or PEM\n");

-		BIO_printf(bio_err, " -outform arg    output format - "

-				"DER or PEM\n");

-		BIO_printf(bio_err, " -in arg         input file\n");

-		BIO_printf(bio_err, " -passin arg     input file pass "

-				"phrase source\n");

-		BIO_printf(bio_err, " -out arg        output file\n");

-		BIO_printf(bio_err, " -passout arg    output file pass "

-				"phrase source\n");

-		BIO_printf(bio_err, " -engine e       use engine e, "

-				"possibly a hardware device.\n");

-		BIO_printf(bio_err, " -des            encrypt PEM output, "

-				"instead of 'des' every other \n"

-				"                 cipher "

-				"supported by OpenSSL can be used\n");

-		BIO_printf(bio_err, " -text           print the key\n");

-		BIO_printf(bio_err, " -noout          don't print key out\n");

-		BIO_printf(bio_err, " -param_out      print the elliptic "

-				"curve parameters\n");

-		BIO_printf(bio_err, " -conv_form arg  specifies the "

-				"point conversion form \n");

-		BIO_printf(bio_err, "                 possible values:"

-				" compressed\n");

-		BIO_printf(bio_err, "                                 "

-				" uncompressed (default)\n");

-		BIO_printf(bio_err, "                                  "

-				" hybrid\n");

-		BIO_printf(bio_err, " -param_enc arg  specifies the way"

-				" the ec parameters are encoded\n");

-		BIO_printf(bio_err, "                 in the asn1 der "

-				"encoding\n");

-		BIO_printf(bio_err, "                 possilbe values:"

-				" named_curve (default)\n");

-		BIO_printf(bio_err,"                                  "

-				"explicit\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))

-		{

-		BIO_printf(bio_err, "Error getting passwords\n");

-		goto end;

-		}

-	in = BIO_new(BIO_s_file());

-	out = BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in, stdin, BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in, infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	BIO_printf(bio_err, "read EC key\n");

-	if (informat == FORMAT_ASN1)

-		{

-		if (pubin)

-			eckey = d2i_EC_PUBKEY_bio(in, NULL);

-		else

-			eckey = d2i_ECPrivateKey_bio(in, NULL);

-		}

-	else if (informat == FORMAT_PEM)

-		{

-		if (pubin)

-			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,

-				NULL);

-		else

-			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,

-				passin);

-		}

-	else

-		{

-		BIO_printf(bio_err, "bad input format specified for key\n");

-		goto end;

-		}

-	if (eckey == NULL)

-		{

-		BIO_printf(bio_err,"unable to load Key\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out, stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			out = BIO_push(tmpbio, out);

-			}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out, outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	group = EC_KEY_get0_group(eckey);

-	if (new_form)

-		EC_KEY_set_conv_form(eckey, form);

-	if (new_asn1_flag)

-		EC_KEY_set_asn1_flag(eckey, asn1_flag);

-	if (text)

-		if (!EC_KEY_print(out, eckey, 0))

-			{

-			perror(outfile);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-	if (noout)

-		{

-		ret = 0;

-		goto end;

-		}

-	BIO_printf(bio_err, "writing EC key\n");

-	if (outformat == FORMAT_ASN1)

-		{

-		if (param_out)

-			i = i2d_ECPKParameters_bio(out, group);

-		else if (pubin || pubout)

-			i = i2d_EC_PUBKEY_bio(out, eckey);

-		else

-			i = i2d_ECPrivateKey_bio(out, eckey);

-		}

-	else if (outformat == FORMAT_PEM)

-		{

-		if (param_out)

-			i = PEM_write_bio_ECPKParameters(out, group);

-		else if (pubin || pubout)

-			i = PEM_write_bio_EC_PUBKEY(out, eckey);

-		else

-			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,

-						NULL, 0, NULL, passout);

-		}

-	else

-		{

-		BIO_printf(bio_err, "bad output format specified for "

-			"outfile\n");

-		goto end;

-		}

-	if (!i)

-		{

-		BIO_printf(bio_err, "unable to write private key\n");

-		ERR_print_errors(bio_err);

-		}

-	else

-		ret=0;

-end:

-	if (in)

-		BIO_free(in);

-	if (out)

-		BIO_free_all(out);

-	if (eckey)

-		EC_KEY_free(eckey);

-	if (passin)

-		OPENSSL_free(passin);

-	if (passout)

-		OPENSSL_free(passout);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-}

-#endif

--- a/sys/src/ape/lib/openssl/apps/ecparam.c

+++ /dev/null

@@ -1,728 +1,0 @@

-/* apps/ecparam.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_EC

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <time.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/ec.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	ecparam_main

-/* -inform arg      - input format - default PEM (DER or PEM)

- * -outform arg     - output format - default PEM

- * -in  arg         - input file  - default stdin

- * -out arg         - output file - default stdout

- * -noout           - do not print the ec parameter

- * -text            - print the ec parameters in text form

- * -check           - validate the ec parameters

- * -C               - print a 'C' function creating the parameters

- * -name arg        - use the ec parameters with 'short name' name

- * -list_curves     - prints a list of all currently available curve 'short names'

- * -conv_form arg   - specifies the point conversion form

- *                  - possible values: compressed

- *                                     uncompressed (default)

- *                                     hybrid

- * -param_enc arg   - specifies the way the ec parameters are encoded

- *                    in the asn1 der encoding

- *                    possible values: named_curve (default)

- *                                     explicit

- * -no_seed         - if 'explicit' parameters are choosen do not use the seed

- * -genkey          - generate ec key

- * -rand file       - files to use for random number input

- * -engine e        - use engine e, possibly a hardware device

- */

-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	EC_GROUP *group = NULL;

-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;

-	int 	new_form = 0;

-	int 	asn1_flag = OPENSSL_EC_NAMED_CURVE;

-	int 	new_asn1_flag = 0;

-	char 	*curve_name = NULL, *inrand = NULL;

-	int	list_curves = 0, no_seed = 0, check = 0,

-		badops = 0, text = 0, i, need_rand = 0, genkey = 0;

-	char	*infile = NULL, *outfile = NULL, *prog;

-	BIO 	*in = NULL, *out = NULL;

-	int 	informat, outformat, noout = 0, C = 0, ret = 1;

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE	*e = NULL;

-#endif

-	char	*engine = NULL;

-	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,

-		*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;

-	unsigned char *buffer = NULL;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-text") == 0)

-			text = 1;

-		else if (strcmp(*argv,"-C") == 0)

-			C = 1;

-		else if (strcmp(*argv,"-check") == 0)

-			check = 1;

-		else if (strcmp (*argv, "-name") == 0)

-			{

-			if (--argc < 1)

-				goto bad;

-			curve_name = *(++argv);

-			}

-		else if (strcmp(*argv, "-list_curves") == 0)

-			list_curves = 1;

-		else if (strcmp(*argv, "-conv_form") == 0)

-			{

-			if (--argc < 1)

-				goto bad;

-			++argv;

-			new_form = 1;

-			if (strcmp(*argv, "compressed") == 0)

-				form = POINT_CONVERSION_COMPRESSED;

-			else if (strcmp(*argv, "uncompressed") == 0)

-				form = POINT_CONVERSION_UNCOMPRESSED;

-			else if (strcmp(*argv, "hybrid") == 0)

-				form = POINT_CONVERSION_HYBRID;

-			else

-				goto bad;

-			}

-		else if (strcmp(*argv, "-param_enc") == 0)

-			{

-			if (--argc < 1)

-				goto bad;

-			++argv;

-			new_asn1_flag = 1;

-			if (strcmp(*argv, "named_curve") == 0)

-				asn1_flag = OPENSSL_EC_NAMED_CURVE;

-			else if (strcmp(*argv, "explicit") == 0)

-				asn1_flag = 0;

-			else

-				goto bad;

-			}

-		else if (strcmp(*argv, "-no_seed") == 0)

-			no_seed = 1;

-		else if (strcmp(*argv, "-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-genkey") == 0)

-			{

-			genkey=1;

-			need_rand=1;

-			}

-		else if (strcmp(*argv, "-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			need_rand=1;

-			}

-		else if(strcmp(*argv, "-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine = *(++argv);

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err, "where options are\n");

-		BIO_printf(bio_err, " -inform arg       input format - "

-				"default PEM (DER or PEM)\n");

-		BIO_printf(bio_err, " -outform arg      output format - "

-				"default PEM\n");

-		BIO_printf(bio_err, " -in  arg          input file  - "

-				"default stdin\n");

-		BIO_printf(bio_err, " -out arg          output file - "

-				"default stdout\n");

-		BIO_printf(bio_err, " -noout            do not print the "

-				"ec parameter\n");

-		BIO_printf(bio_err, " -text             print the ec "

-				"parameters in text form\n");

-		BIO_printf(bio_err, " -check            validate the ec "

-				"parameters\n");

-		BIO_printf(bio_err, " -C                print a 'C' "

-				"function creating the parameters\n");

-		BIO_printf(bio_err, " -name arg         use the "

-				"ec parameters with 'short name' name\n");

-		BIO_printf(bio_err, " -list_curves      prints a list of "

-				"all currently available curve 'short names'\n");

-		BIO_printf(bio_err, " -conv_form arg    specifies the "

-				"point conversion form \n");

-		BIO_printf(bio_err, "                   possible values:"

-				" compressed\n");

-		BIO_printf(bio_err, "                                   "

-				" uncompressed (default)\n");

-		BIO_printf(bio_err, "                                   "

-				" hybrid\n");

-		BIO_printf(bio_err, " -param_enc arg    specifies the way"

-				" the ec parameters are encoded\n");

-		BIO_printf(bio_err, "                   in the asn1 der "

-				"encoding\n");

-		BIO_printf(bio_err, "                   possible values:"

-				" named_curve (default)\n");

-		BIO_printf(bio_err, "                                   "

-				" explicit\n");

-		BIO_printf(bio_err, " -no_seed          if 'explicit'"

-				" parameters are choosen do not"

-				" use the seed\n");

-		BIO_printf(bio_err, " -genkey           generate ec"

-				" key\n");

-		BIO_printf(bio_err, " -rand file        files to use for"

-				" random number input\n");

-		BIO_printf(bio_err, " -engine e         use engine e, "

-				"possibly a hardware device\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-#ifndef OPENSSL_NO_ENGINE

-	e = setup_engine(bio_err, engine, 0);

-#endif

-	if (list_curves)

-		{

-		EC_builtin_curve *curves = NULL;

-		size_t crv_len = 0;

-		size_t n = 0;

-		crv_len = EC_get_builtin_curves(NULL, 0);

-		curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));

-		if (curves == NULL)

-			goto end;

-		if (!EC_get_builtin_curves(curves, crv_len))

-			{

-			OPENSSL_free(curves);

-			goto end;

-			}

-		for (n = 0; n < crv_len; n++)

-			{

-			const char *comment;

-			const char *sname;

-			comment = curves[n].comment;

-			sname   = OBJ_nid2sn(curves[n].nid);

-			if (comment == NULL)

-				comment = "CURVE DESCRIPTION NOT AVAILABLE";

-			if (sname == NULL)

-				sname = "";

-			BIO_printf(out, "  %-10s: ", sname);

-			BIO_printf(out, "%s\n", comment);

-			}

-		OPENSSL_free(curves);

-		ret = 0;

-		goto end;

-		}

-	if (curve_name != NULL)

-		{

-		int nid;

-		/* workaround for the SECG curve names secp192r1

-		 * and secp256r1 (which are the same as the curves

-		 * prime192v1 and prime256v1 defined in X9.62)

-		 */

-		if (!strcmp(curve_name, "secp192r1"))

-			{

-			BIO_printf(bio_err, "using curve name prime192v1 "

-				"instead of secp192r1\n");

-			nid = NID_X9_62_prime192v1;

-			}

-		else if (!strcmp(curve_name, "secp256r1"))

-			{

-			BIO_printf(bio_err, "using curve name prime256v1 "

-				"instead of secp256r1\n");

-			nid = NID_X9_62_prime256v1;

-			}

-		else

-			nid = OBJ_sn2nid(curve_name);

-		if (nid == 0)

-			{

-			BIO_printf(bio_err, "unknown curve name (%s)\n",

-				curve_name);

-			goto end;

-			}

-		group = EC_GROUP_new_by_curve_name(nid);

-		if (group == NULL)

-			{

-			BIO_printf(bio_err, "unable to create curve (%s)\n",

-				curve_name);

-			goto end;

-			}

-		EC_GROUP_set_asn1_flag(group, asn1_flag);

-		EC_GROUP_set_point_conversion_form(group, form);

-		}

-	else if (informat == FORMAT_ASN1)

-		{

-		group = d2i_ECPKParameters_bio(in, NULL);

-		}

-	else if (informat == FORMAT_PEM)

-		{

-		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);

-		}

-	else

-		{

-		BIO_printf(bio_err, "bad input format specified\n");

-		goto end;

-		}

-	if (group == NULL)

-		{

-		BIO_printf(bio_err,

-			"unable to load elliptic curve parameters\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (new_form)

-		EC_GROUP_set_point_conversion_form(group, form);

-	if (new_asn1_flag)

-		EC_GROUP_set_asn1_flag(group, asn1_flag);

-	if (no_seed)

-		{

-		EC_GROUP_set_seed(group, NULL, 0);

-		}

-	if (text)

-		{

-		if (!ECPKParameters_print(out, group, 0))

-			goto end;

-		}

-	if (check)

-		{

-		if (group == NULL)

-			BIO_printf(bio_err, "no elliptic curve parameters\n");

-		BIO_printf(bio_err, "checking elliptic curve parameters: ");

-		if (!EC_GROUP_check(group, NULL))

-			{

-			BIO_printf(bio_err, "failed\n");

-			ERR_print_errors(bio_err);

-			}

-		else

-			BIO_printf(bio_err, "ok\n");

-		}

-	if (C)

-		{

-		size_t	buf_len = 0, tmp_len = 0;

-		const EC_POINT *point;

-		int	is_prime, len = 0;

-		const EC_METHOD *meth = EC_GROUP_method_of(group);

-		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||

-		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||

-		    (ec_order = BN_new()) == NULL ||

-		    (ec_cofactor = BN_new()) == NULL )

-			{

-			perror("OPENSSL_malloc");

-			goto end;

-			}

-		is_prime = (EC_METHOD_get_field_type(meth) ==

-			NID_X9_62_prime_field);

-		if (is_prime)

-			{

-			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,

-				ec_b, NULL))

-				goto end;

-			}

-		else

-			{

-			/* TODO */

-			goto end;

-			}

-		if ((point = EC_GROUP_get0_generator(group)) == NULL)

-			goto end;

-		if (!EC_POINT_point2bn(group, point,

-			EC_GROUP_get_point_conversion_form(group), ec_gen,

-			NULL))

-			goto end;

-		if (!EC_GROUP_get_order(group, ec_order, NULL))

-			goto end;

-		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))

-			goto end;

-		if (!ec_p || !ec_a || !ec_b || !ec_gen ||

-			!ec_order || !ec_cofactor)

-			goto end;

-		len = BN_num_bits(ec_order);

-		if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)

-			buf_len = tmp_len;

-		if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)

-			buf_len = tmp_len;

-		if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)

-			buf_len = tmp_len;

-		if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)

-			buf_len = tmp_len;

-		if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)

-			buf_len = tmp_len;

-		if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)

-			buf_len = tmp_len;

-		buffer = (unsigned char *)OPENSSL_malloc(buf_len);

-		if (buffer == NULL)

-			{

-			perror("OPENSSL_malloc");

-			goto end;

-			}

-		ecparam_print_var(out, ec_p, "ec_p", len, buffer);

-		ecparam_print_var(out, ec_a, "ec_a", len, buffer);

-		ecparam_print_var(out, ec_b, "ec_b", len, buffer);

-		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);

-		ecparam_print_var(out, ec_order, "ec_order", len, buffer);

-		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,

-			buffer);

-		BIO_printf(out, "\n\n");

-		BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);

-		BIO_printf(out, "\tint ok=0;\n");

-		BIO_printf(out, "\tEC_GROUP *group = NULL;\n");

-		BIO_printf(out, "\tEC_POINT *point = NULL;\n");

-		BIO_printf(out, "\tBIGNUM   *tmp_1 = NULL, *tmp_2 = NULL, "

-				"*tmp_3 = NULL;\n\n");

-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "

-				"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"

-				"goto err;\n", len, len);

-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "

-				"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"

-				"goto err;\n", len, len);

-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "

-				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"

-				"goto err;\n", len, len);

-		if (is_prime)

-			{

-			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"

-				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"

-				"\n\t\tgoto err;\n\n");

-			}

-		else

-			{

-			/* TODO */

-			goto end;

-			}

-		BIO_printf(out, "\t/* build generator */\n");

-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "

-				"sizeof(ec_gen_%d), tmp_1)) == NULL)"

-				"\n\t\tgoto err;\n", len, len);

-		BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "

-				"NULL, NULL);\n");

-		BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");

-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "

-				"sizeof(ec_order_%d), tmp_2)) == NULL)"

-				"\n\t\tgoto err;\n", len, len);

-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "

-				"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"

-				"\n\t\tgoto err;\n", len, len);

-		BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"

-				" tmp_2, tmp_3))\n\t\tgoto err;\n");

-		BIO_printf(out, "\n\tok=1;\n");

-		BIO_printf(out, "err:\n");

-		BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");

-		BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");

-		BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");

-		BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");

-		BIO_printf(out, "\tif (!ok)\n");

-		BIO_printf(out, "\t\t{\n");

-		BIO_printf(out, "\t\tEC_GROUP_free(group);\n");

-		BIO_printf(out, "\t\tgroup = NULL;\n");

-		BIO_printf(out, "\t\t}\n");

-		BIO_printf(out, "\treturn(group);\n\t}\n");

-	}

-	if (!noout)

-		{

-		if (outformat == FORMAT_ASN1)

-			i = i2d_ECPKParameters_bio(out, group);

-		else if (outformat == FORMAT_PEM)

-			i = PEM_write_bio_ECPKParameters(out, group);

-		else

-			{

-			BIO_printf(bio_err,"bad output format specified for"

-				" outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err, "unable to write elliptic "

-				"curve parameters\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (need_rand)

-		{

-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));

-		if (inrand != NULL)

-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-				app_RAND_load_files(inrand));

-		}

-	if (genkey)

-		{

-		EC_KEY *eckey = EC_KEY_new();

-		if (eckey == NULL)

-			goto end;

-		assert(need_rand);

-		if (EC_KEY_set_group(eckey, group) == 0)

-			goto end;

-		if (!EC_KEY_generate_key(eckey))

-			{

-			EC_KEY_free(eckey);

-			goto end;

-			}

-		if (outformat == FORMAT_ASN1)

-			i = i2d_ECPrivateKey_bio(out, eckey);

-		else if (outformat == FORMAT_PEM)

-			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,

-				NULL, 0, NULL, NULL);

-		else

-			{

-			BIO_printf(bio_err, "bad output format specified "

-				"for outfile\n");

-			EC_KEY_free(eckey);

-			goto end;

-			}

-		EC_KEY_free(eckey);

-		}

-	if (need_rand)

-		app_RAND_write_file(NULL, bio_err);

-	ret=0;

-end:

-	if (ec_p)

-		BN_free(ec_p);

-	if (ec_a)

-		BN_free(ec_a);

-	if (ec_b)

-		BN_free(ec_b);

-	if (ec_gen)

-		BN_free(ec_gen);

-	if (ec_order)

-		BN_free(ec_order);

-	if (ec_cofactor)

-		BN_free(ec_cofactor);

-	if (buffer)

-		OPENSSL_free(buffer);

-	if (in != NULL)

-		BIO_free(in);

-	if (out != NULL)

-		BIO_free_all(out);

-	if (group != NULL)

-		EC_GROUP_free(group);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-}

-static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,

-	int len, unsigned char *buffer)

-	{

-	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);

-	if (BN_is_zero(in))

-		BIO_printf(out, "\n\t0x00");

-	else

-		{

-		int i, l;

-		l = BN_bn2bin(in, buffer);

-		for (i=0; i<l-1; i++)

-			{

-			if ((i%12) == 0)

-				BIO_printf(out, "\n\t");

-			BIO_printf(out, "0x%02X,", buffer[i]);

-			}

-		if ((i%12) == 0)

-			BIO_printf(out, "\n\t");

-		BIO_printf(out, "0x%02X", buffer[i]);

-		}

-	BIO_printf(out, "\n\t};\n\n");

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/enc.c

+++ /dev/null

@@ -1,681 +1,0 @@

-/* apps/enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/rand.h>

-#include <openssl/pem.h>

-#include <ctype.h>

-int set_hex(char *in,unsigned char *out,int size);

-#undef SIZE

-#undef BSIZE

-#undef PROG

-#define SIZE	(512)

-#define BSIZE	(8*1024)

-#define	PROG	enc_main

-static void show_ciphers(const OBJ_NAME *name,void *bio_)

-	{

-	BIO *bio=bio_;

-	static int n;

-	if(!islower((unsigned char)*name->name))

-		return;

-	BIO_printf(bio,"-%-25s",name->name);

-	if(++n == 3)

-		{

-		BIO_printf(bio,"\n");

-		n=0;

-		}

-	else

-		BIO_printf(bio," ");

-	}

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	static const char magic[]="Salted__";

-	char mbuf[sizeof magic-1];

-	char *strbuf=NULL;

-	unsigned char *buff=NULL,*bufsize=NULL;

-	int bsize=BSIZE,verbose=0;

-	int ret=1,inl;

-	int nopad = 0;

-	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];

-	unsigned char salt[PKCS5_SALT_LEN];

-	char *str=NULL, *passarg = NULL, *pass = NULL;

-	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;

-	char *md=NULL;

-	int enc=1,printkey=0,i,base64=0;

-	int debug=0,olb64=0,nosalt=0;

-	const EVP_CIPHER *cipher=NULL,*c;

-	EVP_CIPHER_CTX *ctx = NULL;

-	char *inf=NULL,*outf=NULL;

-	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;

-#define PROG_NAME_SIZE  39

-	char pname[PROG_NAME_SIZE+1];

-#ifndef OPENSSL_NO_ENGINE

-	char *engine = NULL;

-#endif

-	const EVP_MD *dgst=NULL;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	/* first check the program name */

-	program_name(argv[0],pname,sizeof pname);

-	if (strcmp(pname,"base64") == 0)

-		base64=1;

-	cipher=EVP_get_cipherbyname(pname);

-	if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))

-		{

-		BIO_printf(bio_err,"%s is an unknown cipher\n",pname);

-		goto bad;

-		}

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	(strcmp(*argv,"-e") == 0)

-			enc=1;

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inf= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outf= *(++argv);

-			}

-		else if (strcmp(*argv,"-pass") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passarg= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if	(strcmp(*argv,"-d") == 0)

-			enc=0;

-		else if	(strcmp(*argv,"-p") == 0)

-			printkey=1;

-		else if	(strcmp(*argv,"-v") == 0)

-			verbose=1;

-		else if	(strcmp(*argv,"-nopad") == 0)

-			nopad=1;

-		else if	(strcmp(*argv,"-salt") == 0)

-			nosalt=0;

-		else if	(strcmp(*argv,"-nosalt") == 0)

-			nosalt=1;

-		else if	(strcmp(*argv,"-debug") == 0)

-			debug=1;

-		else if	(strcmp(*argv,"-P") == 0)

-			printkey=2;

-		else if	(strcmp(*argv,"-A") == 0)

-			olb64=1;

-		else if	(strcmp(*argv,"-a") == 0)

-			base64=1;

-		else if	(strcmp(*argv,"-base64") == 0)

-			base64=1;

-		else if (strcmp(*argv,"-bufsize") == 0)

-			{

-			if (--argc < 1) goto bad;

-			bufsize=(unsigned char *)*(++argv);

-			}

-		else if (strcmp(*argv,"-k") == 0)

-			{

-			if (--argc < 1) goto bad;

-			str= *(++argv);

-			}

-		else if (strcmp(*argv,"-kfile") == 0)

-			{

-			static char buf[128];

-			FILE *infile;

-			char *file;

-			if (--argc < 1) goto bad;

-			file= *(++argv);

-			infile=fopen(file,"r");

-			if (infile == NULL)

-				{

-				BIO_printf(bio_err,"unable to read key from '%s'\n",

-					file);

-				goto bad;

-				}

-			buf[0]='\0';

-			fgets(buf,sizeof buf,infile);

-			fclose(infile);

-			i=strlen(buf);

-			if ((i > 0) &&

-				((buf[i-1] == '\n') || (buf[i-1] == '\r')))

-				buf[--i]='\0';

-			if ((i > 0) &&

-				((buf[i-1] == '\n') || (buf[i-1] == '\r')))

-				buf[--i]='\0';

-			if (i < 1)

-				{

-				BIO_printf(bio_err,"zero length password\n");

-				goto bad;

-				}

-			str=buf;

-			}

-		else if (strcmp(*argv,"-K") == 0)

-			{

-			if (--argc < 1) goto bad;

-			hkey= *(++argv);

-			}

-		else if (strcmp(*argv,"-S") == 0)

-			{

-			if (--argc < 1) goto bad;

-			hsalt= *(++argv);

-			}

-		else if (strcmp(*argv,"-iv") == 0)

-			{

-			if (--argc < 1) goto bad;

-			hiv= *(++argv);

-			}

-		else if (strcmp(*argv,"-md") == 0)

-			{

-			if (--argc < 1) goto bad;

-			md= *(++argv);

-			}

-		else if	((argv[0][0] == '-') &&

-			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))

-			{

-			cipher=c;

-			}

-		else if (strcmp(*argv,"-none") == 0)

-			cipher=NULL;

-		else

-			{

-			BIO_printf(bio_err,"unknown option '%s'\n",*argv);

-bad:

-			BIO_printf(bio_err,"options are\n");

-			BIO_printf(bio_err,"%-14s input file\n","-in <file>");

-			BIO_printf(bio_err,"%-14s output file\n","-out <file>");

-			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");

-			BIO_printf(bio_err,"%-14s encrypt\n","-e");

-			BIO_printf(bio_err,"%-14s decrypt\n","-d");

-			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");

-			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");

-			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");

-			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");

-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");

-			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");

-			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");

-			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");

-#ifndef OPENSSL_NO_ENGINE

-			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");

-#endif

-			BIO_printf(bio_err,"Cipher Types\n");

-			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,

-					       show_ciphers,

-					       bio_err);

-			BIO_printf(bio_err,"\n");

-			goto end;

-			}

-		argc--;

-		argv++;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)

-		{

-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);

-		goto end;

-		}

-	if (dgst == NULL)

-		{

-		dgst = EVP_md5();

-		}

-	if (bufsize != NULL)

-		{

-		unsigned long n;

-		for (n=0; *bufsize; bufsize++)

-			{

-			i= *bufsize;

-			if ((i <= '9') && (i >= '0'))

-				n=n*10+i-'0';

-			else if (i == 'k')

-				{

-				n*=1024;

-				bufsize++;

-				break;

-				}

-			}

-		if (*bufsize != '\0')

-			{

-			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");

-			goto end;

-			}

-		/* It must be large enough for a base64 encoded line */

-		if (base64 && n < 80) n=80;

-		bsize=(int)n;

-		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);

-		}

-	strbuf=OPENSSL_malloc(SIZE);

-	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));

-	if ((buff == NULL) || (strbuf == NULL))

-		{

-		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));

-		goto end;

-		}

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (debug)

-		{

-		BIO_set_callback(in,BIO_debug_callback);

-		BIO_set_callback(out,BIO_debug_callback);

-		BIO_set_callback_arg(in,(char *)bio_err);

-		BIO_set_callback_arg(out,(char *)bio_err);

-		}

-	if (inf == NULL)

-	        {

-		if (bufsize != NULL)

-			setvbuf(stdin, (char *)NULL, _IONBF, 0);

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	        }

-	else

-		{

-		if (BIO_read_filename(in,inf) <= 0)

-			{

-			perror(inf);

-			goto end;

-			}

-		}

-	if(!str && passarg) {

-		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {

-			BIO_printf(bio_err, "Error getting password\n");

-			goto end;

-		}

-		str = pass;

-	}

-	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))

-		{

-		for (;;)

-			{

-			char buf[200];

-			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",

-				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),

-				     (enc)?"encryption":"decryption");

-			strbuf[0]='\0';

-			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);

-			if (i == 0)

-				{

-				if (strbuf[0] == '\0')

-					{

-					ret=1;

-					goto end;

-					}

-				str=strbuf;

-				break;

-				}

-			if (i < 0)

-				{

-				BIO_printf(bio_err,"bad password read\n");

-				goto end;

-				}

-			}

-		}

-	if (outf == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-		if (bufsize != NULL)

-			setvbuf(stdout, (char *)NULL, _IONBF, 0);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outf) <= 0)

-			{

-			perror(outf);

-			goto end;

-			}

-		}

-	rbio=in;

-	wbio=out;

-	if (base64)

-		{

-		if ((b64=BIO_new(BIO_f_base64())) == NULL)

-			goto end;

-		if (debug)

-			{

-			BIO_set_callback(b64,BIO_debug_callback);

-			BIO_set_callback_arg(b64,(char *)bio_err);

-			}

-		if (olb64)

-			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);

-		if (enc)

-			wbio=BIO_push(b64,wbio);

-		else

-			rbio=BIO_push(b64,rbio);

-		}

-	if (cipher != NULL)

-		{

-		/* Note that str is NULL if a key was passed on the command

-		 * line, so we get no salt in that case. Is this a bug?

-		 */

-		if (str != NULL)

-			{

-			/* Salt handling: if encrypting generate a salt and

-			 * write to output BIO. If decrypting read salt from

-			 * input BIO.

-			 */

-			unsigned char *sptr;

-			if(nosalt) sptr = NULL;

-			else {

-				if(enc) {

-					if(hsalt) {

-						if(!set_hex(hsalt,salt,sizeof salt)) {

-							BIO_printf(bio_err,

-								"invalid hex salt value\n");

-							goto end;

-						}

-					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)

-						goto end;

-					/* If -P option then don't bother writing */

-					if((printkey != 2)

-					   && (BIO_write(wbio,magic,

-							 sizeof magic-1) != sizeof magic-1

-					       || BIO_write(wbio,

-							    (char *)salt,

-							    sizeof salt) != sizeof salt)) {

-						BIO_printf(bio_err,"error writing output file\n");

-						goto end;

-					}

-				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf

-					  || BIO_read(rbio,

-						      (unsigned char *)salt,

-				    sizeof salt) != sizeof salt) {

-					BIO_printf(bio_err,"error reading input file\n");

-					goto end;

-				} else if(memcmp(mbuf,magic,sizeof magic-1)) {

-				    BIO_printf(bio_err,"bad magic number\n");

-				    goto end;

-				}

-				sptr = salt;

-			}

-			EVP_BytesToKey(cipher,dgst,sptr,

-				(unsigned char *)str,

-				strlen(str),1,key,iv);

-			/* zero the complete buffer or the string

-			 * passed from the command line

-			 * bug picked up by

-			 * Larry J. Hughes Jr. <[email protected]> */

-			if (str == strbuf)

-				OPENSSL_cleanse(str,SIZE);

-			else

-				OPENSSL_cleanse(str,strlen(str));

-			}

-		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))

-			{

-			BIO_printf(bio_err,"invalid hex iv value\n");

-			goto end;

-			}

-		if ((hiv == NULL) && (str == NULL))

-			{

-			/* No IV was explicitly set and no IV was generated

-			 * during EVP_BytesToKey. Hence the IV is undefined,

-			 * making correct decryption impossible. */

-			BIO_printf(bio_err, "iv undefined\n");

-			goto end;

-			}

-		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))

-			{

-			BIO_printf(bio_err,"invalid hex key value\n");

-			goto end;

-			}

-		if ((benc=BIO_new(BIO_f_cipher())) == NULL)

-			goto end;

-		/* Since we may be changing parameters work on the encryption

-		 * context rather than calling BIO_set_cipher().

-		 */

-		BIO_get_cipher_ctx(benc, &ctx);

-		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))

-			{

-			BIO_printf(bio_err, "Error setting cipher %s\n",

-				EVP_CIPHER_name(cipher));

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (nopad)

-			EVP_CIPHER_CTX_set_padding(ctx, 0);

-		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))

-			{

-			BIO_printf(bio_err, "Error setting cipher %s\n",

-				EVP_CIPHER_name(cipher));

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (debug)

-			{

-			BIO_set_callback(benc,BIO_debug_callback);

-			BIO_set_callback_arg(benc,(char *)bio_err);

-			}

-		if (printkey)

-			{

-			if (!nosalt)

-				{

-				printf("salt=");

-				for (i=0; i<(int)sizeof(salt); i++)

-					printf("%02X",salt[i]);

-				printf("\n");

-				}

-			if (cipher->key_len > 0)

-				{

-				printf("key=");

-				for (i=0; i<cipher->key_len; i++)

-					printf("%02X",key[i]);

-				printf("\n");

-				}

-			if (cipher->iv_len > 0)

-				{

-				printf("iv =");

-				for (i=0; i<cipher->iv_len; i++)

-					printf("%02X",iv[i]);

-				printf("\n");

-				}

-			if (printkey == 2)

-				{

-				ret=0;

-				goto end;

-				}

-			}

-		}

-	/* Only encrypt/decrypt as we write the file */

-	if (benc != NULL)

-		wbio=BIO_push(benc,wbio);

-	for (;;)

-		{

-		inl=BIO_read(rbio,(char *)buff,bsize);

-		if (inl <= 0) break;

-		if (BIO_write(wbio,(char *)buff,inl) != inl)

-			{

-			BIO_printf(bio_err,"error writing output file\n");

-			goto end;

-			}

-		}

-	if (!BIO_flush(wbio))

-		{

-		BIO_printf(bio_err,"bad decrypt\n");

-		goto end;

-		}

-	ret=0;

-	if (verbose)

-		{

-		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));

-		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));

-		}

-end:

-	ERR_print_errors(bio_err);

-	if (strbuf != NULL) OPENSSL_free(strbuf);

-	if (buff != NULL) OPENSSL_free(buff);

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (benc != NULL) BIO_free(benc);

-	if (b64 != NULL) BIO_free(b64);

-	if(pass) OPENSSL_free(pass);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-int set_hex(char *in, unsigned char *out, int size)

-	{

-	int i,n;

-	unsigned char j;

-	n=strlen(in);

-	if (n > (size*2))

-		{

-		BIO_printf(bio_err,"hex string is too long\n");

-		return(0);

-		}

-	memset(out,0,size);

-	for (i=0; i<n; i++)

-		{

-		j=(unsigned char)*in;

-		*(in++)='\0';

-		if (j == 0) break;

-		if ((j >= '0') && (j <= '9'))

-			j-='0';

-		else if ((j >= 'A') && (j <= 'F'))

-			j=j-'A'+10;

-		else if ((j >= 'a') && (j <= 'f'))

-			j=j-'a'+10;

-		else

-			{

-			BIO_printf(bio_err,"non-hex digit\n");

-			return(0);

-			}

-		if (i&1)

-			out[i/2]|=j;

-		else

-			out[i/2]=(j<<4);

-		}

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/apps/engine.c

+++ /dev/null

@@ -1,542 +1,0 @@

-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte <[email protected]> for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef OPENSSL_NO_ENGINE

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#include "apps.h"

-#include <openssl/err.h>

-#include <openssl/engine.h>

-#include <openssl/ssl.h>

-#undef PROG

-#define PROG	engine_main

-static const char *engine_usage[]={

-"usage: engine opts [engine ...]\n",

-" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",

-"               -vv will additionally display each command's description\n",

-"               -vvv will also add the input flags for each command\n",

-"               -vvvv will also show internal input flags\n",

-" -c          - for each engine, also list the capabilities\n",

-" -t[t]       - for each engine, check that they are really available\n",

-"               -tt will display error trace for unavailable engines\n",

-" -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",

-"               to load it (if -t is used)\n",

-" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",

-"               (only used if -t is also provided)\n",

-" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",

-" line, or all supported ENGINEs if none are specified.\n",

-" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",

-" argument \"/lib/libdriver.so\".\n",

-NULL

-};

-static void identity(void *ptr)

-	{

-	return;

-	}

-static int append_buf(char **buf, const char *s, int *size, int step)

-	{

-	int l = strlen(s);

-	if (*buf == NULL)

-		{

-		*size = step;

-		*buf = OPENSSL_malloc(*size);

-		if (*buf == NULL)

-			return 0;

-		**buf = '\0';

-		}

-	if (**buf != '\0')

-		l += 2;		/* ", " */

-	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)

-		{

-		*size += step;

-		*buf = OPENSSL_realloc(*buf, *size);

-		}

-	if (*buf == NULL)

-		return 0;

-	if (**buf != '\0')

-		BUF_strlcat(*buf, ", ", *size);

-	BUF_strlcat(*buf, s, *size);

-	return 1;

-	}

-static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)

-	{

-	int started = 0, err = 0;

-	/* Indent before displaying input flags */

-	BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);

-	if(flags == 0)

-		{

-		BIO_printf(bio_out, "<no flags>\n");

-		return 1;

-		}

-        /* If the object is internal, mark it in a way that shows instead of

-         * having it part of all the other flags, even if it really is. */

-	if(flags & ENGINE_CMD_FLAG_INTERNAL)

-		{

-		BIO_printf(bio_out, "[Internal] ");

-		}

-	if(flags & ENGINE_CMD_FLAG_NUMERIC)

-		{

-		if(started)

-			{

-			BIO_printf(bio_out, "|");

-			err = 1;

-			}

-		BIO_printf(bio_out, "NUMERIC");

-		started = 1;

-		}

-	/* Now we check that no combinations of the mutually exclusive NUMERIC,

-	 * STRING, and NO_INPUT flags have been used. Future flags that can be

-	 * OR'd together with these would need to added after these to preserve

-	 * the testing logic. */

-	if(flags & ENGINE_CMD_FLAG_STRING)

-		{

-		if(started)

-			{

-			BIO_printf(bio_out, "|");

-			err = 1;

-			}

-		BIO_printf(bio_out, "STRING");

-		started = 1;

-		}

-	if(flags & ENGINE_CMD_FLAG_NO_INPUT)

-		{

-		if(started)

-			{

-			BIO_printf(bio_out, "|");

-			err = 1;

-			}

-		BIO_printf(bio_out, "NO_INPUT");

-		started = 1;

-		}

-	/* Check for unknown flags */

-	flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &

-			~ENGINE_CMD_FLAG_STRING &

-			~ENGINE_CMD_FLAG_NO_INPUT &

-			~ENGINE_CMD_FLAG_INTERNAL;

-	if(flags)

-		{

-		if(started) BIO_printf(bio_out, "|");

-		BIO_printf(bio_out, "<0x%04X>", flags);

-		}

-	if(err)

-		BIO_printf(bio_out, "  <illegal flags!>");

-	BIO_printf(bio_out, "\n");

-	return 1;

-	}

-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)

-	{

-	static const int line_wrap = 78;

-	int num;

-	int ret = 0;

-	char *name = NULL;

-	char *desc = NULL;

-	int flags;

-	int xpos = 0;

-	STACK *cmds = NULL;

-	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||

-			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,

-					0, NULL, NULL)) <= 0))

-		{

-#if 0

-		BIO_printf(bio_out, "%s<no control commands>\n", indent);

-#endif

-		return 1;

-		}

-	cmds = sk_new_null();

-	if(!cmds)

-		goto err;

-	do {

-		int len;

-		/* Get the command input flags */

-		if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,

-					NULL, NULL)) < 0)

-			goto err;

-                if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)

-                        {

-                        /* Get the command name */

-                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,

-                                NULL, NULL)) <= 0)

-                                goto err;

-                        if((name = OPENSSL_malloc(len + 1)) == NULL)

-                                goto err;

-                        if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,

-                                NULL) <= 0)

-                                goto err;

-                        /* Get the command description */

-                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,

-                                NULL, NULL)) < 0)

-                                goto err;

-                        if(len > 0)

-                                {

-                                if((desc = OPENSSL_malloc(len + 1)) == NULL)

-                                        goto err;

-                                if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,

-                                        NULL) <= 0)

-                                        goto err;

-                                }

-                        /* Now decide on the output */

-                        if(xpos == 0)

-                                /* Do an indent */

-                                xpos = BIO_printf(bio_out, indent);

-                        else

-                                /* Otherwise prepend a ", " */

-                                xpos += BIO_printf(bio_out, ", ");

-                        if(verbose == 1)

-                                {

-                                /* We're just listing names, comma-delimited */

-                                if((xpos > (int)strlen(indent)) &&

-					(xpos + (int)strlen(name) > line_wrap))

-                                        {

-                                        BIO_printf(bio_out, "\n");

-                                        xpos = BIO_printf(bio_out, indent);

-                                        }

-                                xpos += BIO_printf(bio_out, "%s", name);

-                                }

-                        else

-                                {

-                                /* We're listing names plus descriptions */

-                                BIO_printf(bio_out, "%s: %s\n", name,

-                                        (desc == NULL) ? "<no description>" : desc);

-                                /* ... and sometimes input flags */

-                                if((verbose >= 3) && !util_flags(bio_out, flags,

-                                        indent))

-                                        goto err;

-                                xpos = 0;

-                                }

-                        }

-		OPENSSL_free(name); name = NULL;

-		if(desc) { OPENSSL_free(desc); desc = NULL; }

-		/* Move to the next command */

-		num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,

-					num, NULL, NULL);

-		} while(num > 0);

-	if(xpos > 0)

-		BIO_printf(bio_out, "\n");

-	ret = 1;

-err:

-	if(cmds) sk_pop_free(cmds, identity);

-	if(name) OPENSSL_free(name);

-	if(desc) OPENSSL_free(desc);

-	return ret;

-	}

-static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)

-	{

-	int loop, res, num = sk_num(cmds);

-	if(num < 0)

-		{

-		BIO_printf(bio_out, "[Error]: internal stack error\n");

-		return;

-		}

-	for(loop = 0; loop < num; loop++)

-		{

-		char buf[256];

-		const char *cmd, *arg;

-		cmd = sk_value(cmds, loop);

-		res = 1; /* assume success */

-		/* Check if this command has no ":arg" */

-		if((arg = strstr(cmd, ":")) == NULL)

-			{

-			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))

-				res = 0;

-			}

-		else

-			{

-			if((int)(arg - cmd) > 254)

-				{

-				BIO_printf(bio_out,"[Error]: command name too long\n");

-				return;

-				}

-			memcpy(buf, cmd, (int)(arg - cmd));

-			buf[arg-cmd] = '\0';

-			arg++; /* Move past the ":" */

-			/* Call the command with the argument */

-			if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))

-				res = 0;

-			}

-		if(res)

-			BIO_printf(bio_out, "[Success]: %s\n", cmd);

-		else

-			{

-			BIO_printf(bio_out, "[Failure]: %s\n", cmd);

-			ERR_print_errors(bio_out);

-			}

-		}

-	}

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int ret=1,i;

-	const char **pp;

-	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;

-	ENGINE *e;

-	STACK *engines = sk_new_null();

-	STACK *pre_cmds = sk_new_null();

-	STACK *post_cmds = sk_new_null();

-	int badops=1;

-	BIO *bio_out=NULL;

-	const char *indent = "     ";

-	apps_startup();

-	SSL_load_error_strings();

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-	{

-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	bio_out = BIO_push(tmpbio, bio_out);

-	}

-#endif

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if (strncmp(*argv,"-v",2) == 0)

-			{

-			if(strspn(*argv + 1, "v") < strlen(*argv + 1))

-				goto skip_arg_loop;

-			if((verbose=strlen(*argv + 1)) > 4)

-				goto skip_arg_loop;

-			}

-		else if (strcmp(*argv,"-c") == 0)

-			list_cap=1;

-		else if (strncmp(*argv,"-t",2) == 0)

-			{

-			test_avail=1;

-			if(strspn(*argv + 1, "t") < strlen(*argv + 1))

-				goto skip_arg_loop;

-			if((test_avail_noise = strlen(*argv + 1) - 1) > 1)

-				goto skip_arg_loop;

-			}

-		else if (strcmp(*argv,"-pre") == 0)

-			{

-			argc--; argv++;

-			if (argc == 0)

-				goto skip_arg_loop;

-			sk_push(pre_cmds,*argv);

-			}

-		else if (strcmp(*argv,"-post") == 0)

-			{

-			argc--; argv++;

-			if (argc == 0)

-				goto skip_arg_loop;

-			sk_push(post_cmds,*argv);

-			}

-		else if ((strncmp(*argv,"-h",2) == 0) ||

-				(strcmp(*argv,"-?") == 0))

-			goto skip_arg_loop;

-		else

-			sk_push(engines,*argv);

-		argc--;

-		argv++;

-		}

-	/* Looks like everything went OK */

-	badops = 0;

-skip_arg_loop:

-	if (badops)

-		{

-		for (pp=engine_usage; (*pp != NULL); pp++)

-			BIO_printf(bio_err,"%s",*pp);

-		goto end;

-		}

-	if (sk_num(engines) == 0)

-		{

-		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))

-			{

-			sk_push(engines,(char *)ENGINE_get_id(e));

-			}

-		}

-	for (i=0; i<sk_num(engines); i++)

-		{

-		const char *id = sk_value(engines,i);

-		if ((e = ENGINE_by_id(id)) != NULL)

-			{

-			const char *name = ENGINE_get_name(e);

-			/* Do "id" first, then "name". Easier to auto-parse. */

-			BIO_printf(bio_out, "(%s) %s\n", id, name);

-			util_do_cmds(e, pre_cmds, bio_out, indent);

-			if (strcmp(ENGINE_get_id(e), id) != 0)

-				{

-				BIO_printf(bio_out, "Loaded: (%s) %s\n",

-					ENGINE_get_id(e), ENGINE_get_name(e));

-				}

-			if (list_cap)

-				{

-				int cap_size = 256;

-				char *cap_buf = NULL;

-				int k,n;

-				const int *nids;

-				ENGINE_CIPHERS_PTR fn_c;

-				ENGINE_DIGESTS_PTR fn_d;

-				if (ENGINE_get_RSA(e) != NULL

-					&& !append_buf(&cap_buf, "RSA",

-						&cap_size, 256))

-					goto end;

-				if (ENGINE_get_DSA(e) != NULL

-					&& !append_buf(&cap_buf, "DSA",

-						&cap_size, 256))

-					goto end;

-				if (ENGINE_get_DH(e) != NULL

-					&& !append_buf(&cap_buf, "DH",

-						&cap_size, 256))

-					goto end;

-				if (ENGINE_get_RAND(e) != NULL

-					&& !append_buf(&cap_buf, "RAND",

-						&cap_size, 256))

-					goto end;

-				fn_c = ENGINE_get_ciphers(e);

-				if(!fn_c) goto skip_ciphers;

-				n = fn_c(e, NULL, &nids, 0);

-				for(k=0 ; k < n ; ++k)

-					if(!append_buf(&cap_buf,

-						       OBJ_nid2sn(nids[k]),

-						       &cap_size, 256))

-						goto end;

-skip_ciphers:

-				fn_d = ENGINE_get_digests(e);

-				if(!fn_d) goto skip_digests;

-				n = fn_d(e, NULL, &nids, 0);

-				for(k=0 ; k < n ; ++k)

-					if(!append_buf(&cap_buf,

-						       OBJ_nid2sn(nids[k]),

-						       &cap_size, 256))

-						goto end;

-skip_digests:

-				if (cap_buf && (*cap_buf != '\0'))

-					BIO_printf(bio_out, " [%s]\n", cap_buf);

-				OPENSSL_free(cap_buf);

-				}

-			if(test_avail)

-				{

-				BIO_printf(bio_out, "%s", indent);

-				if (ENGINE_init(e))

-					{

-					BIO_printf(bio_out, "[ available ]\n");

-					util_do_cmds(e, post_cmds, bio_out, indent);

-					ENGINE_finish(e);

-					}

-				else

-					{

-					BIO_printf(bio_out, "[ unavailable ]\n");

-					if(test_avail_noise)

-						ERR_print_errors_fp(stdout);

-					ERR_clear_error();

-					}

-				}

-			if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))

-				goto end;

-			ENGINE_free(e);

-			}

-		else

-			ERR_print_errors(bio_err);

-		}

-	ret=0;

-end:

-	ERR_print_errors(bio_err);

-	sk_pop_free(engines, identity);

-	sk_pop_free(pre_cmds, identity);

-	sk_pop_free(post_cmds, identity);

-	if (bio_out != NULL) BIO_free_all(bio_out);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-#else

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/apps/errstr.c

+++ /dev/null

@@ -1,126 +1,0 @@

-/* apps/errstr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/lhash.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-#undef PROG

-#define PROG	errstr_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int i,ret=0;

-	char buf[256];

-	unsigned long l;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	SSL_load_error_strings();

-	if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))

-		{

-		BIO *out=NULL;

-		out=BIO_new(BIO_s_file());

-		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))

-			{

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			out = BIO_push(tmpbio, out);

-			}

-#endif

-			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);

-			lh_stats_bio((LHASH *)ERR_get_string_table(),out);

-			lh_node_usage_stats_bio((LHASH *)

-				ERR_get_string_table(),out);

-			}

-		if (out != NULL) BIO_free_all(out);

-		argc--;

-		argv++;

-		}

-	for (i=1; i<argc; i++)

-		{

-		if (sscanf(argv[i],"%lx",&l))

-			{

-			ERR_error_string_n(l, buf, sizeof buf);

-			printf("%s\n",buf);

-			}

-		else

-			{

-			printf("%s: bad error code\n",argv[i]);

-			printf("usage: errstr [-stats] <errno> ...\n");

-			ret++;

-			}

-		}

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/gendh.c

+++ /dev/null

@@ -1,238 +1,0 @@

-/* apps/gendh.c */

-/* obsoleted by dhparam.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#ifndef OPENSSL_NO_DH

-#include <stdio.h>

-#include <string.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/rand.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#define DEFBITS	512

-#undef PROG

-#define PROG gendh_main

-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	BN_GENCB cb;

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	DH *dh=NULL;

-	int ret=1,num=DEFBITS;

-	int g=2;

-	char *outfile=NULL;

-	char *inrand=NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	BIO *out=NULL;

-	apps_startup();

-	BN_GENCB_set(&cb, dh_cb, bio_err);

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	argv++;

-	argc--;

-	for (;;)

-		{

-		if (argc <= 0) break;

-		if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-2") == 0)

-			g=2;

-	/*	else if (strcmp(*argv,"-3") == 0)

-			g=3; */

-		else if (strcmp(*argv,"-5") == 0)

-			g=5;

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-		else

-			break;

-		argv++;

-		argc--;

-		}

-	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))

-		{

-bad:

-		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");

-		BIO_printf(bio_err," -out file - output the key to 'file\n");

-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");

-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */

-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");

-		BIO_printf(bio_err,"             the random number generator\n");

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	out=BIO_new(BIO_s_file());

-	if (out == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)

-		{

-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");

-		}

-	if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);

-	BIO_printf(bio_err,"This is going to take a long time\n");

-	if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))

-		goto end;

-	app_RAND_write_file(NULL, bio_err);

-	if (!PEM_write_bio_DHparams(out,dh))

-		goto end;

-	ret=0;

-end:

-	if (ret != 0)

-		ERR_print_errors(bio_err);

-	if (out != NULL) BIO_free_all(out);

-	if (dh != NULL) DH_free(dh);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write(cb->arg,&c,1);

-	(void)BIO_flush(cb->arg);

-#ifdef LINT

-	p=n;

-#endif

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/gendsa.c

+++ /dev/null

@@ -1,282 +1,0 @@

-/* apps/gendsa.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */

-#ifndef OPENSSL_NO_DSA

-#include <stdio.h>

-#include <string.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#define DEFBITS	512

-#undef PROG

-#define PROG gendsa_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	DSA *dsa=NULL;

-	int ret=1;

-	char *outfile=NULL;

-	char *inrand=NULL,*dsaparams=NULL;

-	char *passargout = NULL, *passout = NULL;

-	BIO *out=NULL,*in=NULL;

-	const EVP_CIPHER *enc=NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	argv++;

-	argc--;

-	for (;;)

-		{

-		if (argc <= 0) break;

-		if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-passout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargout= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-		else if (strcmp(*argv,"-") == 0)

-			goto bad;

-#ifndef OPENSSL_NO_DES

-		else if (strcmp(*argv,"-des") == 0)

-			enc=EVP_des_cbc();

-		else if (strcmp(*argv,"-des3") == 0)

-			enc=EVP_des_ede3_cbc();

-#endif

-#ifndef OPENSSL_NO_IDEA

-		else if (strcmp(*argv,"-idea") == 0)

-			enc=EVP_idea_cbc();

-#endif

-#ifndef OPENSSL_NO_SEED

-		else if (strcmp(*argv,"-seed") == 0)

-			enc=EVP_seed_cbc();

-#endif

-#ifndef OPENSSL_NO_AES

-		else if (strcmp(*argv,"-aes128") == 0)

-			enc=EVP_aes_128_cbc();

-		else if (strcmp(*argv,"-aes192") == 0)

-			enc=EVP_aes_192_cbc();

-		else if (strcmp(*argv,"-aes256") == 0)

-			enc=EVP_aes_256_cbc();

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		else if (strcmp(*argv,"-camellia128") == 0)

-			enc=EVP_camellia_128_cbc();

-		else if (strcmp(*argv,"-camellia192") == 0)

-			enc=EVP_camellia_192_cbc();

-		else if (strcmp(*argv,"-camellia256") == 0)

-			enc=EVP_camellia_256_cbc();

-#endif

-		else if (**argv != '-' && dsaparams == NULL)

-			{

-			dsaparams = *argv;

-			}

-		else

-			goto bad;

-		argv++;

-		argc--;

-		}

-	if (dsaparams == NULL)

-		{

-bad:

-		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");

-		BIO_printf(bio_err," -out file - output the key to 'file'\n");

-#ifndef OPENSSL_NO_DES

-		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");

-		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");

-#endif

-#ifndef OPENSSL_NO_IDEA

-		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");

-#endif

-#ifndef OPENSSL_NO_SEED

-		BIO_printf(bio_err," -seed\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");

-#endif

-#ifndef OPENSSL_NO_AES

-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");

-#endif

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");

-		BIO_printf(bio_err,"             the random number generator\n");

-		BIO_printf(bio_err," dsaparam-file\n");

-		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-	}

-	in=BIO_new(BIO_s_file());

-	if (!(BIO_read_filename(in,dsaparams)))

-		{

-		perror(dsaparams);

-		goto end;

-		}

-	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)

-		{

-		BIO_printf(bio_err,"unable to load DSA parameter file\n");

-		goto end;

-		}

-	BIO_free(in);

-	in = NULL;

-	out=BIO_new(BIO_s_file());

-	if (out == NULL) goto end;

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)

-		{

-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");

-		}

-	if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-	BIO_printf(bio_err,"Generating DSA key, %d bits\n",

-							BN_num_bits(dsa->p));

-	if (!DSA_generate_key(dsa)) goto end;

-	app_RAND_write_file(NULL, bio_err);

-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))

-		goto end;

-	ret=0;

-end:

-	if (ret != 0)

-		ERR_print_errors(bio_err);

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	if (dsa != NULL) DSA_free(dsa);

-	if(passout) OPENSSL_free(passout);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/genrsa.c

+++ /dev/null

@@ -1,328 +1,0 @@

-/* apps/genrsa.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#ifndef OPENSSL_NO_RSA

-#include <stdio.h>

-#include <string.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/rand.h>

-#define DEFBITS	512

-#undef PROG

-#define PROG genrsa_main

-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	BN_GENCB cb;

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	int ret=1;

-	int i,num=DEFBITS;

-	long l;

-	const EVP_CIPHER *enc=NULL;

-	unsigned long f4=RSA_F4;

-	char *outfile=NULL;

-	char *passargout = NULL, *passout = NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	char *inrand=NULL;

-	BIO *out=NULL;

-	BIGNUM *bn = BN_new();

-	RSA *rsa = RSA_new();

-	if(!bn || !rsa) goto err;

-	apps_startup();

-	BN_GENCB_set(&cb, genrsa_cb, bio_err);

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto err;

-	if ((out=BIO_new(BIO_s_file())) == NULL)

-		{

-		BIO_printf(bio_err,"unable to create BIO for output\n");

-		goto err;

-		}

-	argv++;

-	argc--;

-	for (;;)

-		{

-		if (argc <= 0) break;

-		if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-3") == 0)

-			f4=3;

-		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)

-			f4=RSA_F4;

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-#ifndef OPENSSL_NO_DES

-		else if (strcmp(*argv,"-des") == 0)

-			enc=EVP_des_cbc();

-		else if (strcmp(*argv,"-des3") == 0)

-			enc=EVP_des_ede3_cbc();

-#endif

-#ifndef OPENSSL_NO_IDEA

-		else if (strcmp(*argv,"-idea") == 0)

-			enc=EVP_idea_cbc();

-#endif

-#ifndef OPENSSL_NO_SEED

-		else if (strcmp(*argv,"-seed") == 0)

-			enc=EVP_seed_cbc();

-#endif

-#ifndef OPENSSL_NO_AES

-		else if (strcmp(*argv,"-aes128") == 0)

-			enc=EVP_aes_128_cbc();

-		else if (strcmp(*argv,"-aes192") == 0)

-			enc=EVP_aes_192_cbc();

-		else if (strcmp(*argv,"-aes256") == 0)

-			enc=EVP_aes_256_cbc();

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		else if (strcmp(*argv,"-camellia128") == 0)

-			enc=EVP_camellia_128_cbc();

-		else if (strcmp(*argv,"-camellia192") == 0)

-			enc=EVP_camellia_192_cbc();

-		else if (strcmp(*argv,"-camellia256") == 0)

-			enc=EVP_camellia_256_cbc();

-#endif

-		else if (strcmp(*argv,"-passout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargout= *(++argv);

-			}

-		else

-			break;

-		argv++;

-		argc--;

-		}

-	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))

-		{

-bad:

-		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");

-		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");

-		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");

-#ifndef OPENSSL_NO_IDEA

-		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");

-#endif

-#ifndef OPENSSL_NO_SEED

-		BIO_printf(bio_err," -seed\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");

-#endif

-#ifndef OPENSSL_NO_AES

-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");

-#endif

-		BIO_printf(bio_err," -out file       output the key to 'file\n");

-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");

-		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");

-		BIO_printf(bio_err," -3              use 3 for the E value\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");

-		BIO_printf(bio_err,"                 the random number generator\n");

-		goto err;

-		}

-	ERR_load_crypto_strings();

-	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {

-		BIO_printf(bio_err, "Error getting password\n");

-		goto err;

-	}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto err;

-			}

-		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL

-		&& !RAND_status())

-		{

-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");

-		}

-	if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",

-		num);

-	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))

-		goto err;

-	app_RAND_write_file(NULL, bio_err);

-	/* We need to do the following for when the base number size is <

-	 * long, esp windows 3.1 :-(. */

-	l=0L;

-	for (i=0; i<rsa->e->top; i++)

-		{

-#ifndef SIXTY_FOUR_BIT

-		l<<=BN_BITS4;

-		l<<=BN_BITS4;

-#endif

-		l+=rsa->e->d[i];

-		}

-	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);

-	{

-	PW_CB_DATA cb_data;

-	cb_data.password = passout;

-	cb_data.prompt_info = outfile;

-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,

-		(pem_password_cb *)password_callback,&cb_data))

-		goto err;

-	}

-	ret=0;

-err:

-	if (bn) BN_free(bn);

-	if (rsa) RSA_free(rsa);

-	if (out) BIO_free_all(out);

-	if(passout) OPENSSL_free(passout);

-	if (ret != 0)

-		ERR_print_errors(bio_err);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write(cb->arg,&c,1);

-	(void)BIO_flush(cb->arg);

-#ifdef LINT

-	p=n;

-#endif

-	return 1;

-	}

-#else /* !OPENSSL_NO_RSA */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/apps/mkfile

+++ /dev/null

@@ -1,63 +1,0 @@

-APE=/sys/src/ape

-<$APE/config

-BIN=$APEBIN

-TARG=\

-	openssl\

-OFILES=\

-	app_rand.$O\

-	apps.$O\

-	asn1pars.$O\

-	ca.$O\

-	ciphers.$O\

-	crl.$O\

-	crl2p7.$O\

-	dgst.$O\

-	dh.$O\

-	dhparam.$O\

-	dsa.$O\

-	dsaparam.$O\

-	ec.$O\

-	ecparam.$O\

-	enc.$O\

-	engine.$O\

-	errstr.$O\

-	gendh.$O\

-	gendsa.$O\

-	genrsa.$O\

-	nseq.$O\

-	ocsp.$O\

-	openssl.$O\

-	passwd.$O\

-	pkcs12.$O\

-	pkcs7.$O\

-	pkcs8.$O\

-	prime.$O\

-	rand.$O\

-	req.$O\

-	rsa.$O\

-	rsautl.$O\

-	s_cb.$O\

-	s_client.$O\

-	s_server.$O\

-	s_socket.$O\

-	s_time.$O\

-	sess_id.$O\

-	smime.$O\

-	speed.$O\

-	spkac.$O\

-	verify.$O\

-	version.$O\

-	x509.$O\

-HFILES=\

-	../include/buildinf.h\

-	../include/e_os.h\

-LIB=/$objtype/lib/ape/libssl.a /$objtype/lib/ape/libcrypto.a

-</sys/src/cmd/mkone

-CFLAGS=-c -I../include -D_POSIX_SOURCE -D_BSD_EXTENSION -DPLAN9 -DT$objtype -DMONOLITH -DOPENSSL_NO_ECDH -DFLAT_INC

--- a/sys/src/ape/lib/openssl/apps/nseq.c

+++ /dev/null

@@ -1,167 +1,0 @@

-/* nseq.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#undef PROG

-#define PROG nseq_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-{

-	char **args, *infile = NULL, *outfile = NULL;

-	BIO *in = NULL, *out = NULL;

-	int toseq = 0;

-	X509 *x509 = NULL;

-	NETSCAPE_CERT_SEQUENCE *seq = NULL;

-	int i, ret = 1;

-	int badarg = 0;

-	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

-	ERR_load_crypto_strings();

-	args = argv + 1;

-	while (!badarg && *args && *args[0] == '-') {

-		if (!strcmp (*args, "-toseq")) toseq = 1;

-		else if (!strcmp (*args, "-in")) {

-			if (args[1]) {

-				args++;

-				infile = *args;

-			} else badarg = 1;

-		} else if (!strcmp (*args, "-out")) {

-			if (args[1]) {

-				args++;

-				outfile = *args;

-			} else badarg = 1;

-		} else badarg = 1;

-		args++;

-	}

-	if (badarg) {

-		BIO_printf (bio_err, "Netscape certificate sequence utility\n");

-		BIO_printf (bio_err, "Usage nseq [options]\n");

-		BIO_printf (bio_err, "where options are\n");

-		BIO_printf (bio_err, "-in file  input file\n");

-		BIO_printf (bio_err, "-out file output file\n");

-		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");

-		OPENSSL_EXIT(1);

-	}

-	if (infile) {

-		if (!(in = BIO_new_file (infile, "r"))) {

-			BIO_printf (bio_err,

-				 "Can't open input file %s\n", infile);

-			goto end;

-		}

-	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

-	if (outfile) {

-		if (!(out = BIO_new_file (outfile, "w"))) {

-			BIO_printf (bio_err,

-				 "Can't open output file %s\n", outfile);

-			goto end;

-		}

-	} else {

-		out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-	}

-	if (toseq) {

-		seq = NETSCAPE_CERT_SEQUENCE_new();

-		seq->certs = sk_X509_new_null();

-		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))

-		    sk_X509_push(seq->certs,x509);

-		if(!sk_X509_num(seq->certs))

-		{

-			BIO_printf (bio_err, "Error reading certs file %s\n", infile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);

-		ret = 0;

-		goto end;

-	}

-	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {

-		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	for(i = 0; i < sk_X509_num(seq->certs); i++) {

-		x509 = sk_X509_value(seq->certs, i);

-		dump_cert_text(out, x509);

-		PEM_write_bio_X509(out, x509);

-	}

-	ret = 0;

-end:

-	BIO_free(in);

-	BIO_free_all(out);

-	NETSCAPE_CERT_SEQUENCE_free(seq);

-	OPENSSL_EXIT(ret);

-}

--- a/sys/src/ape/lib/openssl/apps/ocsp.c

+++ /dev/null

@@ -1,1234 +1,0 @@

-/* ocsp.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef OPENSSL_NO_OCSP

-#include <stdio.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/pem.h>

-#include <openssl/ocsp.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-#include <openssl/bn.h>

-/* Maximum leeway in validity period: default 5 minutes */

-#define MAX_VALIDITY_PERIOD	(5 * 60)

-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,

-				STACK_OF(OCSP_CERTID) *ids);

-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,

-				STACK_OF(OCSP_CERTID) *ids);

-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,

-				STACK *names, STACK_OF(OCSP_CERTID) *ids,

-				long nsec, long maxage);

-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,

-			X509 *ca, X509 *rcert, EVP_PKEY *rkey,

-			STACK_OF(X509) *rother, unsigned long flags,

-			int nmin, int ndays);

-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);

-static BIO *init_responder(char *port);

-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);

-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);

-#undef PROG

-#define PROG ocsp_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	char **args;

-	char *host = NULL, *port = NULL, *path = "/";

-	char *reqin = NULL, *respin = NULL;

-	char *reqout = NULL, *respout = NULL;

-	char *signfile = NULL, *keyfile = NULL;

-	char *rsignfile = NULL, *rkeyfile = NULL;

-	char *outfile = NULL;

-	int add_nonce = 1, noverify = 0, use_ssl = -1;

-	OCSP_REQUEST *req = NULL;

-	OCSP_RESPONSE *resp = NULL;

-	OCSP_BASICRESP *bs = NULL;

-	X509 *issuer = NULL, *cert = NULL;

-	X509 *signer = NULL, *rsigner = NULL;

-	EVP_PKEY *key = NULL, *rkey = NULL;

-	BIO *acbio = NULL, *cbio = NULL;

-	BIO *derbio = NULL;

-	BIO *out = NULL;

-	int req_text = 0, resp_text = 0;

-	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;

-	char *CAfile = NULL, *CApath = NULL;

-	X509_STORE *store = NULL;

-	SSL_CTX *ctx = NULL;

-	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;

-	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;

-	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;

-	int ret = 1;

-	int accept_count = -1;

-	int badarg = 0;

-	int i;

-	int ignore_err = 0;

-	STACK *reqnames = NULL;

-	STACK_OF(OCSP_CERTID) *ids = NULL;

-	X509 *rca_cert = NULL;

-	char *ridx_filename = NULL;

-	char *rca_filename = NULL;

-	CA_DB *rdb = NULL;

-	int nmin = 0, ndays = -1;

-	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	SSL_load_error_strings();

-	OpenSSL_add_ssl_algorithms();

-	args = argv + 1;

-	reqnames = sk_new_null();

-	ids = sk_OCSP_CERTID_new_null();

-	while (!badarg && *args && *args[0] == '-')

-		{

-		if (!strcmp(*args, "-out"))

-			{

-			if (args[1])

-				{

-				args++;

-				outfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-url"))

-			{

-			if (args[1])

-				{

-				args++;

-				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))

-					{

-					BIO_printf(bio_err, "Error parsing URL\n");

-					badarg = 1;

-					}

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-host"))

-			{

-			if (args[1])

-				{

-				args++;

-				host = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-port"))

-			{

-			if (args[1])

-				{

-				args++;

-				port = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-ignore_err"))

-			ignore_err = 1;

-		else if (!strcmp(*args, "-noverify"))

-			noverify = 1;

-		else if (!strcmp(*args, "-nonce"))

-			add_nonce = 2;

-		else if (!strcmp(*args, "-no_nonce"))

-			add_nonce = 0;

-		else if (!strcmp(*args, "-resp_no_certs"))

-			rflags |= OCSP_NOCERTS;

-		else if (!strcmp(*args, "-resp_key_id"))

-			rflags |= OCSP_RESPID_KEY;

-		else if (!strcmp(*args, "-no_certs"))

-			sign_flags |= OCSP_NOCERTS;

-		else if (!strcmp(*args, "-no_signature_verify"))

-			verify_flags |= OCSP_NOSIGS;

-		else if (!strcmp(*args, "-no_cert_verify"))

-			verify_flags |= OCSP_NOVERIFY;

-		else if (!strcmp(*args, "-no_chain"))

-			verify_flags |= OCSP_NOCHAIN;

-		else if (!strcmp(*args, "-no_cert_checks"))

-			verify_flags |= OCSP_NOCHECKS;

-		else if (!strcmp(*args, "-no_explicit"))

-			verify_flags |= OCSP_NOEXPLICIT;

-		else if (!strcmp(*args, "-trust_other"))

-			verify_flags |= OCSP_TRUSTOTHER;

-		else if (!strcmp(*args, "-no_intern"))

-			verify_flags |= OCSP_NOINTERN;

-		else if (!strcmp(*args, "-text"))

-			{

-			req_text = 1;

-			resp_text = 1;

-			}

-		else if (!strcmp(*args, "-req_text"))

-			req_text = 1;

-		else if (!strcmp(*args, "-resp_text"))

-			resp_text = 1;

-		else if (!strcmp(*args, "-reqin"))

-			{

-			if (args[1])

-				{

-				args++;

-				reqin = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-respin"))

-			{

-			if (args[1])

-				{

-				args++;

-				respin = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-signer"))

-			{

-			if (args[1])

-				{

-				args++;

-				signfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-VAfile"))

-			{

-			if (args[1])

-				{

-				args++;

-				verify_certfile = *args;

-				verify_flags |= OCSP_TRUSTOTHER;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-sign_other"))

-			{

-			if (args[1])

-				{

-				args++;

-				sign_certfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-verify_other"))

-			{

-			if (args[1])

-				{

-				args++;

-				verify_certfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-CAfile"))

-			{

-			if (args[1])

-				{

-				args++;

-				CAfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-CApath"))

-			{

-			if (args[1])

-				{

-				args++;

-				CApath = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-validity_period"))

-			{

-			if (args[1])

-				{

-				args++;

-				nsec = atol(*args);

-				if (nsec < 0)

-					{

-					BIO_printf(bio_err,

-						"Illegal validity period %s\n",

-						*args);

-					badarg = 1;

-					}

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-status_age"))

-			{

-			if (args[1])

-				{

-				args++;

-				maxage = atol(*args);

-				if (maxage < 0)

-					{

-					BIO_printf(bio_err,

-						"Illegal validity age %s\n",

-						*args);

-					badarg = 1;

-					}

-				}

-			else badarg = 1;

-			}

-		 else if (!strcmp(*args, "-signkey"))

-			{

-			if (args[1])

-				{

-				args++;

-				keyfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-reqout"))

-			{

-			if (args[1])

-				{

-				args++;

-				reqout = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-respout"))

-			{

-			if (args[1])

-				{

-				args++;

-				respout = *args;

-				}

-			else badarg = 1;

-			}

-		 else if (!strcmp(*args, "-path"))

-			{

-			if (args[1])

-				{

-				args++;

-				path = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-issuer"))

-			{

-			if (args[1])

-				{

-				args++;

-				X509_free(issuer);

-				issuer = load_cert(bio_err, *args, FORMAT_PEM,

-					NULL, e, "issuer certificate");

-				if(!issuer) goto end;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-cert"))

-			{

-			if (args[1])

-				{

-				args++;

-				X509_free(cert);

-				cert = load_cert(bio_err, *args, FORMAT_PEM,

-					NULL, e, "certificate");

-				if(!cert) goto end;

-				if(!add_ocsp_cert(&req, cert, issuer, ids))

-					goto end;

-				if(!sk_push(reqnames, *args))

-					goto end;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-serial"))

-			{

-			if (args[1])

-				{

-				args++;

-				if(!add_ocsp_serial(&req, *args, issuer, ids))

-					goto end;

-				if(!sk_push(reqnames, *args))

-					goto end;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-index"))

-			{

-			if (args[1])

-				{

-				args++;

-				ridx_filename = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-CA"))

-			{

-			if (args[1])

-				{

-				args++;

-				rca_filename = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-nmin"))

-			{

-			if (args[1])

-				{

-				args++;

-				nmin = atol(*args);

-				if (nmin < 0)

-					{

-					BIO_printf(bio_err,

-						"Illegal update period %s\n",

-						*args);

-					badarg = 1;

-					}

-				}

-				if (ndays == -1)

-					ndays = 0;

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-nrequest"))

-			{

-			if (args[1])

-				{

-				args++;

-				accept_count = atol(*args);

-				if (accept_count < 0)

-					{

-					BIO_printf(bio_err,

-						"Illegal accept count %s\n",

-						*args);

-					badarg = 1;

-					}

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-ndays"))

-			{

-			if (args[1])

-				{

-				args++;

-				ndays = atol(*args);

-				if (ndays < 0)

-					{

-					BIO_printf(bio_err,

-						"Illegal update period %s\n",

-						*args);

-					badarg = 1;

-					}

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-rsigner"))

-			{

-			if (args[1])

-				{

-				args++;

-				rsignfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-rkey"))

-			{

-			if (args[1])

-				{

-				args++;

-				rkeyfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args, "-rother"))

-			{

-			if (args[1])

-				{

-				args++;

-				rcertfile = *args;

-				}

-			else badarg = 1;

-			}

-		else badarg = 1;

-		args++;

-		}

-	/* Have we anything to do? */

-	if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;

-	if (badarg)

-		{

-		BIO_printf (bio_err, "OCSP utility\n");

-		BIO_printf (bio_err, "Usage ocsp [options]\n");

-		BIO_printf (bio_err, "where options are\n");

-		BIO_printf (bio_err, "-out file          output filename\n");

-		BIO_printf (bio_err, "-issuer file       issuer certificate\n");

-		BIO_printf (bio_err, "-cert file         certificate to check\n");

-		BIO_printf (bio_err, "-serial n          serial number to check\n");

-		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");

-		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");

-		BIO_printf (bio_err, "-sign_other file   additional certificates to include in signed request\n");

-		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");

-		BIO_printf (bio_err, "-req_text          print text form of request\n");

-		BIO_printf (bio_err, "-resp_text         print text form of response\n");

-		BIO_printf (bio_err, "-text              print text form of request and response\n");

-		BIO_printf (bio_err, "-reqout file       write DER encoded OCSP request to \"file\"\n");

-		BIO_printf (bio_err, "-respout file      write DER encoded OCSP reponse to \"file\"\n");

-		BIO_printf (bio_err, "-reqin file        read DER encoded OCSP request from \"file\"\n");

-		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");

-		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");

-		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");

-		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");

-		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");

-		BIO_printf (bio_err, "-path              path to use in OCSP request\n");

-		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");

-		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");

-		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");

-		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");

-		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");

-		BIO_printf (bio_err, "-noverify          don't verify response at all\n");

-		BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");

-		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");

-		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");

-		BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");

-		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");

-		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");

-		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");

-		BIO_printf (bio_err, "-port num		 port to run responder on\n");

-		BIO_printf (bio_err, "-index file	 certificate status index file\n");

-		BIO_printf (bio_err, "-CA file		 CA certificate\n");

-		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign responses with\n");

-		BIO_printf (bio_err, "-rkey file	 responder key to sign responses with\n");

-		BIO_printf (bio_err, "-rother file	 other certificates to include in response\n");

-		BIO_printf (bio_err, "-resp_no_certs     don't include any certificates in response\n");

-		BIO_printf (bio_err, "-nmin n	 	 number of minutes before next update\n");

-		BIO_printf (bio_err, "-ndays n	 	 number of days before next update\n");

-		BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");

-		BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");

-		goto end;

-		}

-	if(outfile) out = BIO_new_file(outfile, "w");

-	else out = BIO_new_fp(stdout, BIO_NOCLOSE);

-	if(!out)

-		{

-		BIO_printf(bio_err, "Error opening output file\n");

-		goto end;

-		}

-	if (!req && (add_nonce != 2)) add_nonce = 0;

-	if (!req && reqin)

-		{

-		derbio = BIO_new_file(reqin, "rb");

-		if (!derbio)

-			{

-			BIO_printf(bio_err, "Error Opening OCSP request file\n");

-			goto end;

-			}

-		req = d2i_OCSP_REQUEST_bio(derbio, NULL);

-		BIO_free(derbio);

-		if(!req)

-			{

-			BIO_printf(bio_err, "Error reading OCSP request\n");

-			goto end;

-			}

-		}

-	if (!req && port)

-		{

-		acbio = init_responder(port);

-		if (!acbio)

-			goto end;

-		}

-	if (rsignfile && !rdb)

-		{

-		if (!rkeyfile) rkeyfile = rsignfile;

-		rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,

-			NULL, e, "responder certificate");

-		if (!rsigner)

-			{

-			BIO_printf(bio_err, "Error loading responder certificate\n");

-			goto end;

-			}

-		rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,

-			NULL, e, "CA certificate");

-		if (rcertfile)

-			{

-			rother = load_certs(bio_err, rcertfile, FORMAT_PEM,

-				NULL, e, "responder other certificates");

-			if (!rother) goto end;

-			}

-		rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,

-			"responder private key");

-		if (!rkey)

-			goto end;

-		}

-	if(acbio)

-		BIO_printf(bio_err, "Waiting for OCSP client connections...\n");

-	redo_accept:

-	if (acbio)

-		{

-		if (!do_responder(&req, &cbio, acbio, port))

-			goto end;

-		if (!req)

-			{

-			resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);

-			send_ocsp_response(cbio, resp);

-			goto done_resp;

-			}

-		}

-	if (!req && (signfile || reqout || host || add_nonce || ridx_filename))

-		{

-		BIO_printf(bio_err, "Need an OCSP request for this operation!\n");

-		goto end;

-		}

-	if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);

-	if (signfile)

-		{

-		if (!keyfile) keyfile = signfile;

-		signer = load_cert(bio_err, signfile, FORMAT_PEM,

-			NULL, e, "signer certificate");

-		if (!signer)

-			{

-			BIO_printf(bio_err, "Error loading signer certificate\n");

-			goto end;

-			}

-		if (sign_certfile)

-			{

-			sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,

-				NULL, e, "signer certificates");

-			if (!sign_other) goto end;

-			}

-		key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,

-			"signer private key");

-		if (!key)

-			goto end;

-		if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))

-			{

-			BIO_printf(bio_err, "Error signing OCSP request\n");

-			goto end;

-			}

-		}

-	if (req_text && req) OCSP_REQUEST_print(out, req, 0);

-	if (reqout)

-		{

-		derbio = BIO_new_file(reqout, "wb");

-		if(!derbio)

-			{

-			BIO_printf(bio_err, "Error opening file %s\n", reqout);

-			goto end;

-			}

-		i2d_OCSP_REQUEST_bio(derbio, req);

-		BIO_free(derbio);

-		}

-	if (ridx_filename && (!rkey || !rsigner || !rca_cert))

-		{

-		BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");

-		goto end;

-		}

-	if (ridx_filename && !rdb)

-		{

-		rdb = load_index(ridx_filename, NULL);

-		if (!rdb) goto end;

-		if (!index_index(rdb)) goto end;

-		}

-	if (rdb)

-		{

-		i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);

-		if (cbio)

-			send_ocsp_response(cbio, resp);

-		}

-	else if (host)

-		{

-#ifndef OPENSSL_NO_SOCK

-		cbio = BIO_new_connect(host);

-#else

-		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");

-		goto end;

-#endif

-		if (!cbio)

-			{

-			BIO_printf(bio_err, "Error creating connect BIO\n");

-			goto end;

-			}

-		if (port) BIO_set_conn_port(cbio, port);

-		if (use_ssl == 1)

-			{

-			BIO *sbio;

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-			ctx = SSL_CTX_new(SSLv23_client_method());

-#elif !defined(OPENSSL_NO_SSL3)

-			ctx = SSL_CTX_new(SSLv3_client_method());

-#elif !defined(OPENSSL_NO_SSL2)

-			ctx = SSL_CTX_new(SSLv2_client_method());

-#else

-			BIO_printf(bio_err, "SSL is disabled\n");

-			goto end;

-#endif

-			if (ctx == NULL)

-				{

-				BIO_printf(bio_err, "Error creating SSL context.\n");

-				goto end;

-				}

-			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

-			sbio = BIO_new_ssl(ctx, 1);

-			cbio = BIO_push(sbio, cbio);

-			}

-		if (BIO_do_connect(cbio) <= 0)

-			{

-			BIO_printf(bio_err, "Error connecting BIO\n");

-			goto end;

-			}

-		resp = OCSP_sendreq_bio(cbio, path, req);

-		BIO_free_all(cbio);

-		cbio = NULL;

-		if (!resp)

-			{

-			BIO_printf(bio_err, "Error querying OCSP responsder\n");

-			goto end;

-			}

-		}

-	else if (respin)

-		{

-		derbio = BIO_new_file(respin, "rb");

-		if (!derbio)

-			{

-			BIO_printf(bio_err, "Error Opening OCSP response file\n");

-			goto end;

-			}

-		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);

-		BIO_free(derbio);

-		if(!resp)

-			{

-			BIO_printf(bio_err, "Error reading OCSP response\n");

-			goto end;

-			}

-		}

-	else

-		{

-		ret = 0;

-		goto end;

-		}

-	done_resp:

-	if (respout)

-		{

-		derbio = BIO_new_file(respout, "wb");

-		if(!derbio)

-			{

-			BIO_printf(bio_err, "Error opening file %s\n", respout);

-			goto end;

-			}

-		i2d_OCSP_RESPONSE_bio(derbio, resp);

-		BIO_free(derbio);

-		}

-	i = OCSP_response_status(resp);

-	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)

-		{

-		BIO_printf(out, "Responder Error: %s (%d)\n",

-				OCSP_response_status_str(i), i);

-		if (ignore_err)

-			goto redo_accept;

-		ret = 0;

-		goto end;

-		}

-	if (resp_text) OCSP_RESPONSE_print(out, resp, 0);

-	/* If running as responder don't verify our own response */

-	if (cbio)

-		{

-		if (accept_count > 0)

-			accept_count--;

-		/* Redo if more connections needed */

-		if (accept_count)

-			{

-			BIO_free_all(cbio);

-			cbio = NULL;

-			OCSP_REQUEST_free(req);

-			req = NULL;

-			OCSP_RESPONSE_free(resp);

-			resp = NULL;

-			goto redo_accept;

-			}

-		goto end;

-		}

-	if (!store)

-		store = setup_verify(bio_err, CAfile, CApath);

-	if (!store)

-		goto end;

-	if (verify_certfile)

-		{

-		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,

-			NULL, e, "validator certificate");

-		if (!verify_other) goto end;

-		}

-	bs = OCSP_response_get1_basic(resp);

-	if (!bs)

-		{

-		BIO_printf(bio_err, "Error parsing response\n");

-		goto end;

-		}

-	if (!noverify)

-		{

-		if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))

-			{

-			if (i == -1)

-				BIO_printf(bio_err, "WARNING: no nonce in response\n");

-			else

-				{

-				BIO_printf(bio_err, "Nonce Verify error\n");

-				goto end;

-				}

-			}

-		i = OCSP_basic_verify(bs, verify_other, store, verify_flags);

-                if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);

-		if(i <= 0)

-			{

-			BIO_printf(bio_err, "Response Verify Failure\n");

-			ERR_print_errors(bio_err);

-			}

-		else

-			BIO_printf(bio_err, "Response verify OK\n");

-		}

-	if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))

-		goto end;

-	ret = 0;

-end:

-	ERR_print_errors(bio_err);

-	X509_free(signer);

-	X509_STORE_free(store);

-	EVP_PKEY_free(key);

-	EVP_PKEY_free(rkey);

-	X509_free(issuer);

-	X509_free(cert);

-	X509_free(rsigner);

-	X509_free(rca_cert);

-	free_index(rdb);

-	BIO_free_all(cbio);

-	BIO_free_all(acbio);

-	BIO_free(out);

-	OCSP_REQUEST_free(req);

-	OCSP_RESPONSE_free(resp);

-	OCSP_BASICRESP_free(bs);

-	sk_free(reqnames);

-	sk_OCSP_CERTID_free(ids);

-	sk_X509_pop_free(sign_other, X509_free);

-	sk_X509_pop_free(verify_other, X509_free);

-	if (use_ssl != -1)

-		{

-		OPENSSL_free(host);

-		OPENSSL_free(port);

-		OPENSSL_free(path);

-		SSL_CTX_free(ctx);

-		}

-	OPENSSL_EXIT(ret);

-}

-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,

-				STACK_OF(OCSP_CERTID) *ids)

-	{

-	OCSP_CERTID *id;

-	if(!issuer)

-		{

-		BIO_printf(bio_err, "No issuer certificate specified\n");

-		return 0;

-		}

-	if(!*req) *req = OCSP_REQUEST_new();

-	if(!*req) goto err;

-	id = OCSP_cert_to_id(NULL, cert, issuer);

-	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;

-	if(!OCSP_request_add0_id(*req, id)) goto err;

-	return 1;

-	err:

-	BIO_printf(bio_err, "Error Creating OCSP request\n");

-	return 0;

-	}

-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,

-				STACK_OF(OCSP_CERTID) *ids)

-	{

-	OCSP_CERTID *id;

-	X509_NAME *iname;

-	ASN1_BIT_STRING *ikey;

-	ASN1_INTEGER *sno;

-	if(!issuer)

-		{

-		BIO_printf(bio_err, "No issuer certificate specified\n");

-		return 0;

-		}

-	if(!*req) *req = OCSP_REQUEST_new();

-	if(!*req) goto err;

-	iname = X509_get_subject_name(issuer);

-	ikey = X509_get0_pubkey_bitstr(issuer);

-	sno = s2i_ASN1_INTEGER(NULL, serial);

-	if(!sno)

-		{

-		BIO_printf(bio_err, "Error converting serial number %s\n", serial);

-		return 0;

-		}

-	id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);

-	ASN1_INTEGER_free(sno);

-	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;

-	if(!OCSP_request_add0_id(*req, id)) goto err;

-	return 1;

-	err:

-	BIO_printf(bio_err, "Error Creating OCSP request\n");

-	return 0;

-	}

-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,

-					STACK *names, STACK_OF(OCSP_CERTID) *ids,

-					long nsec, long maxage)

-	{

-	OCSP_CERTID *id;

-	char *name;

-	int i;

-	int status, reason;

-	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;

-	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))

-		return 1;

-	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)

-		{

-		id = sk_OCSP_CERTID_value(ids, i);

-		name = sk_value(names, i);

-		BIO_printf(out, "%s: ", name);

-		if(!OCSP_resp_find_status(bs, id, &status, &reason,

-					&rev, &thisupd, &nextupd))

-			{

-			BIO_puts(out, "ERROR: No Status found.\n");

-			continue;

-			}

-		/* Check validity: if invalid write to output BIO so we

-		 * know which response this refers to.

-		 */

-		if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))

-			{

-			BIO_puts(out, "WARNING: Status times invalid.\n");

-			ERR_print_errors(out);

-			}

-		BIO_printf(out, "%s\n", OCSP_cert_status_str(status));

-		BIO_puts(out, "\tThis Update: ");

-		ASN1_GENERALIZEDTIME_print(out, thisupd);

-		BIO_puts(out, "\n");

-		if(nextupd)

-			{

-			BIO_puts(out, "\tNext Update: ");

-			ASN1_GENERALIZEDTIME_print(out, nextupd);

-			BIO_puts(out, "\n");

-			}

-		if (status != V_OCSP_CERTSTATUS_REVOKED)

-			continue;

-		if (reason != -1)

-			BIO_printf(out, "\tReason: %s\n",

-				OCSP_crl_reason_str(reason));

-		BIO_puts(out, "\tRevocation Time: ");

-		ASN1_GENERALIZEDTIME_print(out, rev);

-		BIO_puts(out, "\n");

-		}

-	return 1;

-	}

-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,

-			X509 *ca, X509 *rcert, EVP_PKEY *rkey,

-			STACK_OF(X509) *rother, unsigned long flags,

-			int nmin, int ndays)

-	{

-	ASN1_TIME *thisupd = NULL, *nextupd = NULL;

-	OCSP_CERTID *cid, *ca_id = NULL;

-	OCSP_BASICRESP *bs = NULL;

-	int i, id_count, ret = 1;

-	id_count = OCSP_request_onereq_count(req);

-	if (id_count <= 0)

-		{

-		*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);

-		goto end;

-		}

-	ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);

-	bs = OCSP_BASICRESP_new();

-	thisupd = X509_gmtime_adj(NULL, 0);

-	if (ndays != -1)

-		nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );

-	/* Examine each certificate id in the request */

-	for (i = 0; i < id_count; i++)

-		{

-		OCSP_ONEREQ *one;

-		ASN1_INTEGER *serial;

-		char **inf;

-		one = OCSP_request_onereq_get0(req, i);

-		cid = OCSP_onereq_get0_id(one);

-		/* Is this request about our CA? */

-		if (OCSP_id_issuer_cmp(ca_id, cid))

-			{

-			OCSP_basic_add1_status(bs, cid,

-						V_OCSP_CERTSTATUS_UNKNOWN,

-						0, NULL,

-						thisupd, nextupd);

-			continue;

-			}

-		OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);

-		inf = lookup_serial(db, serial);

-		if (!inf)

-			OCSP_basic_add1_status(bs, cid,

-						V_OCSP_CERTSTATUS_UNKNOWN,

-						0, NULL,

-						thisupd, nextupd);

-		else if (inf[DB_type][0] == DB_TYPE_VAL)

-			OCSP_basic_add1_status(bs, cid,

-						V_OCSP_CERTSTATUS_GOOD,

-						0, NULL,

-						thisupd, nextupd);

-		else if (inf[DB_type][0] == DB_TYPE_REV)

-			{

-			ASN1_OBJECT *inst = NULL;

-			ASN1_TIME *revtm = NULL;

-			ASN1_GENERALIZEDTIME *invtm = NULL;

-			OCSP_SINGLERESP *single;

-			int reason = -1;

-			unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);

-			single = OCSP_basic_add1_status(bs, cid,

-						V_OCSP_CERTSTATUS_REVOKED,

-						reason, revtm,

-						thisupd, nextupd);

-			if (invtm)

-				OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);

-			else if (inst)

-				OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);

-			ASN1_OBJECT_free(inst);

-			ASN1_TIME_free(revtm);

-			ASN1_GENERALIZEDTIME_free(invtm);

-			}

-		}

-	OCSP_copy_nonce(bs, req);

-	OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);

-	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);

-	end:

-	ASN1_TIME_free(thisupd);

-	ASN1_TIME_free(nextupd);

-	OCSP_CERTID_free(ca_id);

-	OCSP_BASICRESP_free(bs);

-	return ret;

-	}

-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)

-	{

-	int i;

-	BIGNUM *bn = NULL;

-	char *itmp, *row[DB_NUMBER],**rrow;

-	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;

-	bn = ASN1_INTEGER_to_BN(ser,NULL);

-	if (BN_is_zero(bn))

-		itmp = BUF_strdup("00");

-	else

-		itmp = BN_bn2hex(bn);

-	row[DB_serial] = itmp;

-	BN_free(bn);

-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);

-	OPENSSL_free(itmp);

-	return rrow;

-	}

-/* Quick and dirty OCSP server: read in and parse input request */

-static BIO *init_responder(char *port)

-	{

-	BIO *acbio = NULL, *bufbio = NULL;

-	bufbio = BIO_new(BIO_f_buffer());

-	if (!bufbio)

-		goto err;

-#ifndef OPENSSL_NO_SOCK

-	acbio = BIO_new_accept(port);

-#else

-	BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");

-#endif

-	if (!acbio)

-		goto err;

-	BIO_set_accept_bios(acbio, bufbio);

-	bufbio = NULL;

-	if (BIO_do_accept(acbio) <= 0)

-		{

-			BIO_printf(bio_err, "Error setting up accept BIO\n");

-			ERR_print_errors(bio_err);

-			goto err;

-		}

-	return acbio;

-	err:

-	BIO_free_all(acbio);

-	BIO_free(bufbio);

-	return NULL;

-	}

-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)

-	{

-	int have_post = 0, len;

-	OCSP_REQUEST *req = NULL;

-	char inbuf[1024];

-	BIO *cbio = NULL;

-	if (BIO_do_accept(acbio) <= 0)

-		{

-			BIO_printf(bio_err, "Error accepting connection\n");

-			ERR_print_errors(bio_err);

-			return 0;

-		}

-	cbio = BIO_pop(acbio);

-	*pcbio = cbio;

-	for(;;)

-		{

-		len = BIO_gets(cbio, inbuf, sizeof inbuf);

-		if (len <= 0)

-			return 1;

-		/* Look for "POST" signalling start of query */

-		if (!have_post)

-			{

-			if(strncmp(inbuf, "POST", 4))

-				{

-				BIO_printf(bio_err, "Invalid request\n");

-				return 1;

-				}

-			have_post = 1;

-			}

-		/* Look for end of headers */

-		if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))

-			break;

-		}

-	/* Try to read OCSP request */

-	req = d2i_OCSP_REQUEST_bio(cbio, NULL);

-	if (!req)

-		{

-		BIO_printf(bio_err, "Error parsing OCSP request\n");

-		ERR_print_errors(bio_err);

-		}

-	*preq = req;

-	return 1;

-	}

-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)

-	{

-	char http_resp[] =

-		"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"

-		"Content-Length: %d\r\n\r\n";

-	if (!cbio)

-		return 0;

-	BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));

-	i2d_OCSP_RESPONSE_bio(cbio, resp);

-	(void)BIO_flush(cbio);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/oid.cnf

+++ /dev/null

@@ -1,6 +1,0 @@

-2.99999.1       SET.ex1         SET x509v3 extension 1

-2.99999.2       SET.ex2         SET x509v3 extension 2

-2.99999.3       SET.ex3         SET x509v3 extension 3

-2.99999.4       SET.ex4         SET x509v3 extension 4

-2.99999.5       SET.ex5         SET x509v3 extension 5

-2.99999.6       SET.ex6         SET x509v3 extension 6

--- a/sys/src/ape/lib/openssl/apps/openssl-vms.cnf

+++ /dev/null

@@ -1,313 +1,0 @@

-#

-# OpenSSL example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# This definition stops the following lines choking if HOME isn't

-# defined.

-HOME			= .

-RANDFILE		= $ENV::HOME/.rnd

-# Extra OBJECT IDENTIFIER info:

-#oid_file		= $ENV::HOME/.oid

-oid_section		= new_oids

-# To use this configuration file with the "-extfile" option of the

-# "openssl x509" utility, name here the section containing the

-# X.509v3 extensions to use:

-# extensions		=

-# (Alternatively, use a configuration file that has only

-# X.509v3 extensions in its main [= default] section.)

-[ new_oids ]

-# We can add new OIDs in here for use by 'ca' and 'req'.

-# Add a simple OID like this:

-# testoid1=1.2.3.4

-# Or use config file substitution like this:

-# testoid2=${testoid1}.5.6

-####################################################################

-[ ca ]

-default_ca	= CA_default		# The default ca section

-####################################################################

-[ CA_default ]

-dir		= sys\$disk:[.demoCA		# Where everything is kept

-certs		= $dir.certs]		# Where the issued certs are kept

-crl_dir		= $dir.crl]		# Where the issued crl are kept

-database	= $dir]index.txt	# database index file.

-#unique_subject	= no			# Set to 'no' to allow creation of

-					# several ctificates with same subject.

-new_certs_dir	= $dir.newcerts]		# default place for new certs.

-certificate	= $dir]cacert.pem 	# The CA certificate

-serial		= $dir]serial. 		# The current serial number

-crlnumber	= $dir]crlnumber.	# the current crl number

-					# must be commented out to leave a V1 CRL

-crl		= $dir]crl.pem 		# The current CRL

-private_key	= $dir.private]cakey.pem# The private key

-RANDFILE	= $dir.private].rand	# private random number file

-x509_extensions	= usr_cert		# The extentions to add to the cert

-# Comment out the following two lines for the "traditional"

-# (and highly broken) format.

-name_opt 	= ca_default		# Subject Name options

-cert_opt 	= ca_default		# Certificate field options

-# Extension copying option: use with caution.

-# copy_extensions = copy

-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs

-# so this is commented out by default to leave a V1 CRL.

-# crlnumber must also be commented out to leave a V1 CRL.

-# crl_extensions	= crl_ext

-default_days	= 365			# how long to certify for

-default_crl_days= 30			# how long before next CRL

-default_md	= sha1			# which md to use.

-preserve	= no			# keep passed DN ordering

-# A few difference way of specifying how similar the request should look

-# For type CA, the listed attributes must be the same, and the optional

-# and supplied fields are just that :-)

-policy		= policy_match

-# For the CA policy

-[ policy_match ]

-countryName		= match

-stateOrProvinceName	= match

-organizationName	= match

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-# For the 'anything' policy

-# At this point in time, you must list all acceptable 'object'

-# types.

-[ policy_anything ]

-countryName		= optional

-stateOrProvinceName	= optional

-localityName		= optional

-organizationName	= optional

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-####################################################################

-[ req ]

-default_bits		= 1024

-default_keyfile 	= privkey.pem

-distinguished_name	= req_distinguished_name

-attributes		= req_attributes

-x509_extensions	= v3_ca	# The extentions to add to the self signed cert

-# Passwords for private keys if not present they will be prompted for

-# input_password = secret

-# output_password = secret

-# This sets a mask for permitted string types. There are several options.

-# default: PrintableString, T61String, BMPString.

-# pkix	 : PrintableString, BMPString.

-# utf8only: only UTF8Strings.

-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).

-# MASK:XXXX a literal mask value.

-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings

-# so use this option with caution!

-string_mask = nombstr

-# req_extensions = v3_req # The extensions to add to a certificate request

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_min			= 2

-countryName_max			= 2

-stateOrProvinceName		= State or Province Name (full name)

-stateOrProvinceName_default	= Some-State

-localityName			= Locality Name (eg, city)

-0.organizationName		= Organization Name (eg, company)

-0.organizationName_default	= Internet Widgits Pty Ltd

-# we can do this but it is not needed normally :-)

-#1.organizationName		= Second Organization Name (eg, company)

-#1.organizationName_default	= World Wide Web Pty Ltd

-organizationalUnitName		= Organizational Unit Name (eg, section)

-#organizationalUnitName_default	=

-commonName			= Common Name (eg, YOUR name)

-commonName_max			= 64

-emailAddress			= Email Address

-emailAddress_max		= 64

-# SET-ex3			= SET extension number 3

-[ req_attributes ]

-challengePassword		= A challenge password

-challengePassword_min		= 4

-challengePassword_max		= 20

-unstructuredName		= An optional company name

-[ usr_cert ]

-# These extensions are added when 'ca' signs a request.

-# This goes against PKIX guidelines but some CAs do it and some software

-# requires this to avoid interpreting an end user certificate as a CA.

-basicConstraints=CA:FALSE

-# Here are some examples of the usage of nsCertType. If it is omitted

-# the certificate can be used for anything *except* object signing.

-# This is OK for an SSL server.

-# nsCertType			= server

-# For an object signing certificate this would be used.

-# nsCertType = objsign

-# For normal client use this is typical

-# nsCertType = client, email

-# and for everything including object signing:

-# nsCertType = client, email, objsign

-# This is typical in keyUsage for a client certificate.

-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-# This will be displayed in Netscape's comment listbox.

-nsComment			= "OpenSSL Generated Certificate"

-# PKIX recommendations harmless if included in all certificates.

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer

-# This stuff is for subjectAltName and issuerAltname.

-# Import the email address.

-# subjectAltName=email:copy

-# An alternative to produce certificates that aren't

-# deprecated according to PKIX.

-# subjectAltName=email:move

-# Copy subject details

-# issuerAltName=issuer:copy

-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem

-#nsBaseUrl

-#nsRevocationUrl

-#nsRenewalUrl

-#nsCaPolicyUrl

-#nsSslServerName

-[ v3_req ]

-# Extensions to add to a certificate request

-basicConstraints = CA:FALSE

-keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-[ v3_ca ]

-# Extensions for a typical CA

-# PKIX recommendation.

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid:always,issuer:always

-# This is what PKIX recommends but some broken software chokes on critical

-# extensions.

-#basicConstraints = critical,CA:true

-# So we do this instead.

-basicConstraints = CA:true

-# Key usage: this is typical for a CA certificate. However since it will

-# prevent it being used as an test self-signed certificate it is best

-# left out by default.

-# keyUsage = cRLSign, keyCertSign

-# Some might want this also

-# nsCertType = sslCA, emailCA

-# Include email address in subject alt name: another PKIX recommendation

-# subjectAltName=email:copy

-# Copy issuer details

-# issuerAltName=issuer:copy

-# DER hex encoding of an extension: beware experts only!

-# obj=DER:02:03

-# Where 'obj' is a standard or added object

-# You can even override a supported extension:

-# basicConstraints= critical, DER:30:03:01:01:FF

-[ crl_ext ]

-# CRL extensions.

-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

-# issuerAltName=issuer:copy

-authorityKeyIdentifier=keyid:always,issuer:always

-[ proxy_cert_ext ]

-# These extensions should be added when creating a proxy certificate

-# This goes against PKIX guidelines but some CAs do it and some software

-# requires this to avoid interpreting an end user certificate as a CA.

-basicConstraints=CA:FALSE

-# Here are some examples of the usage of nsCertType. If it is omitted

-# the certificate can be used for anything *except* object signing.

-# This is OK for an SSL server.

-# nsCertType			= server

-# For an object signing certificate this would be used.

-# nsCertType = objsign

-# For normal client use this is typical

-# nsCertType = client, email

-# and for everything including object signing:

-# nsCertType = client, email, objsign

-# This is typical in keyUsage for a client certificate.

-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-# This will be displayed in Netscape's comment listbox.

-nsComment			= "OpenSSL Generated Certificate"

-# PKIX recommendations harmless if included in all certificates.

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer:always

-# This stuff is for subjectAltName and issuerAltname.

-# Import the email address.

-# subjectAltName=email:copy

-# An alternative to produce certificates that aren't

-# deprecated according to PKIX.

-# subjectAltName=email:move

-# Copy subject details

-# issuerAltName=issuer:copy

-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem

-#nsBaseUrl

-#nsRevocationUrl

-#nsRenewalUrl

-#nsCaPolicyUrl

-#nsSslServerName

-# This really needs to be in place for it to be a proxy certificate.

-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

--- a/sys/src/ape/lib/openssl/apps/openssl.c

+++ /dev/null

@@ -1,527 +1,0 @@

-/* apps/openssl.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/crypto.h>

-#include <openssl/lhash.h>

-#include <openssl/conf.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */

-#include "progs.h"

-#include "s_apps.h"

-#include <openssl/err.h>

-/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the

- * base prototypes (we cast each variable inside the function to the required

- * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper

- * functions. */

-/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */

-static unsigned long MS_CALLBACK hash(const void *a_void);

-/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */

-static int MS_CALLBACK cmp(const void *a_void,const void *b_void);

-static LHASH *prog_init(void );

-static int do_cmd(LHASH *prog,int argc,char *argv[]);

-char *default_config_file=NULL;

-/* Make sure there is only one when MONOLITH is defined */

-#ifdef MONOLITH

-CONF *config=NULL;

-BIO *bio_err=NULL;

-#endif

-static void lock_dbg_cb(int mode, int type, const char *file, int line)

-	{

-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */

-	const char *errstr = NULL;

-	int rw;

-	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);

-	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))

-		{

-		errstr = "invalid mode";

-		goto err;

-		}

-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)

-		{

-		errstr = "type out of bounds";

-		goto err;

-		}

-	if (mode & CRYPTO_LOCK)

-		{

-		if (modes[type])

-			{

-			errstr = "already locked";

-			/* must not happen in a single-threaded program

-			 * (would deadlock) */

-			goto err;

-			}

-		modes[type] = rw;

-		}

-	else if (mode & CRYPTO_UNLOCK)

-		{

-		if (!modes[type])

-			{

-			errstr = "not locked";

-			goto err;

-			}

-		if (modes[type] != rw)

-			{

-			errstr = (rw == CRYPTO_READ) ?

-				"CRYPTO_r_unlock on write lock" :

-				"CRYPTO_w_unlock on read lock";

-			}

-		modes[type] = 0;

-		}

-	else

-		{

-		errstr = "invalid mode";

-		goto err;

-		}

- err:

-	if (errstr)

-		{

-		/* we cannot use bio_err here */

-		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",

-			errstr, mode, type, file, line);

-		}

-	}

-int main(int Argc, char *Argv[])

-	{

-	ARGS arg;

-#define PROG_NAME_SIZE	39

-	char pname[PROG_NAME_SIZE+1];

-	FUNCTION f,*fp;

-	MS_STATIC const char *prompt;

-	MS_STATIC char buf[1024];

-	char *to_free=NULL;

-	int n,i,ret=0;

-	int argc;

-	char **argv,*p;

-	LHASH *prog=NULL;

-	long errline;

-	arg.data=NULL;

-	arg.count=0;

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */

-		{

-		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))

-			{

-			CRYPTO_malloc_debug_init();

-			CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);

-			}

-		else

-			{

-			/* OPENSSL_DEBUG_MEMORY=off */

-			CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);

-			}

-		}

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-#if 0

-	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)

-#endif

-		{

-		CRYPTO_set_locking_callback(lock_dbg_cb);

-		}

-	apps_startup();

-	/* Lets load up our environment a little */

-	p=getenv("OPENSSL_CONF");

-	if (p == NULL)

-		p=getenv("SSLEAY_CONF");

-	if (p == NULL)

-		p=to_free=make_config_name();

-	default_config_file=p;

-	config=NCONF_new(NULL);

-	i=NCONF_load(config,p,&errline);

-	if (i == 0)

-		{

-		NCONF_free(config);

-		config = NULL;

-		ERR_clear_error();

-		}

-	prog=prog_init();

-	/* first check the program name */

-	program_name(Argv[0],pname,sizeof pname);

-	f.name=pname;

-	fp=(FUNCTION *)lh_retrieve(prog,&f);

-	if (fp != NULL)

-		{

-		Argv[0]=pname;

-		ret=fp->func(Argc,Argv);

-		goto end;

-		}

-	/* ok, now check that there are not arguments, if there are,

-	 * run with them, shifting the ssleay off the front */

-	if (Argc != 1)

-		{

-		Argc--;

-		Argv++;

-		ret=do_cmd(prog,Argc,Argv);

-		if (ret < 0) ret=0;

-		goto end;

-		}

-	/* ok, lets enter the old 'OpenSSL>' mode */

-	for (;;)

-		{

-		ret=0;

-		p=buf;

-		n=sizeof buf;

-		i=0;

-		for (;;)

-			{

-			p[0]='\0';

-			if (i++)

-				prompt=">";

-			else	prompt="OpenSSL> ";

-			fputs(prompt,stdout);

-			fflush(stdout);

-			fgets(p,n,stdin);

-			if (p[0] == '\0') goto end;

-			i=strlen(p);

-			if (i <= 1) break;

-			if (p[i-2] != '\\') break;

-			i-=2;

-			p+=i;

-			n-=i;

-			}

-		if (!chopup_args(&arg,buf,&argc,&argv)) break;

-		ret=do_cmd(prog,argc,argv);

-		if (ret < 0)

-			{

-			ret=0;

-			goto end;

-			}

-		if (ret != 0)

-			BIO_printf(bio_err,"error in %s\n",argv[0]);

-		(void)BIO_flush(bio_err);

-		}

-	BIO_printf(bio_err,"bad exit\n");

-	ret=1;

-end:

-	if (to_free)

-		OPENSSL_free(to_free);

-	if (config != NULL)

-		{

-		NCONF_free(config);

-		config=NULL;

-		}

-	if (prog != NULL) lh_free(prog);

-	if (arg.data != NULL) OPENSSL_free(arg.data);

-	apps_shutdown();

-	CRYPTO_mem_leaks(bio_err);

-	if (bio_err != NULL)

-		{

-		BIO_free(bio_err);

-		bio_err=NULL;

-		}

-	OPENSSL_EXIT(ret);

-	return ret;

-}

-#define LIST_STANDARD_COMMANDS "list-standard-commands"

-#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"

-#define LIST_CIPHER_COMMANDS "list-cipher-commands"

-static int do_cmd(LHASH *prog, int argc, char *argv[])

-	{

-	FUNCTION f,*fp;

-	int i,ret=1,tp,nl;

-	if ((argc <= 0) || (argv[0] == NULL))

-		{ ret=0; goto end; }

-	f.name=argv[0];

-	fp=(FUNCTION *)lh_retrieve(prog,&f);

-	if (fp != NULL)

-		{

-		ret=fp->func(argc,argv);

-		}

-	else if ((strncmp(argv[0],"no-",3)) == 0)

-		{

-		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		bio_stdout = BIO_push(tmpbio, bio_stdout);

-		}

-#endif

-		f.name=argv[0]+3;

-		ret = (lh_retrieve(prog,&f) != NULL);

-		if (!ret)

-			BIO_printf(bio_stdout, "%s\n", argv[0]);

-		else

-			BIO_printf(bio_stdout, "%s\n", argv[0]+3);

-		BIO_free_all(bio_stdout);

-		goto end;

-		}

-	else if ((strcmp(argv[0],"quit") == 0) ||

-		(strcmp(argv[0],"q") == 0) ||

-		(strcmp(argv[0],"exit") == 0) ||

-		(strcmp(argv[0],"bye") == 0))

-		{

-		ret= -1;

-		goto end;

-		}

-	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||

-		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||

-		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))

-		{

-		int list_type;

-		BIO *bio_stdout;

-		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)

-			list_type = FUNC_TYPE_GENERAL;

-		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)

-			list_type = FUNC_TYPE_MD;

-		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */

-			list_type = FUNC_TYPE_CIPHER;

-		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		bio_stdout = BIO_push(tmpbio, bio_stdout);

-		}

-#endif

-		for (fp=functions; fp->name != NULL; fp++)

-			if (fp->type == list_type)

-				BIO_printf(bio_stdout, "%s\n", fp->name);

-		BIO_free_all(bio_stdout);

-		ret=0;

-		goto end;

-		}

-	else

-		{

-		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",

-			argv[0]);

-		BIO_printf(bio_err, "\nStandard commands");

-		i=0;

-		tp=0;

-		for (fp=functions; fp->name != NULL; fp++)

-			{

-			nl=0;

-#ifdef OPENSSL_NO_CAMELLIA

-			if (((i++) % 5) == 0)

-#else

-			if (((i++) % 4) == 0)

-#endif

-				{

-				BIO_printf(bio_err,"\n");

-				nl=1;

-				}

-			if (fp->type != tp)

-				{

-				tp=fp->type;

-				if (!nl) BIO_printf(bio_err,"\n");

-				if (tp == FUNC_TYPE_MD)

-					{

-					i=1;

-					BIO_printf(bio_err,

-						"\nMessage Digest commands (see the `dgst' command for more details)\n");

-					}

-				else if (tp == FUNC_TYPE_CIPHER)

-					{

-					i=1;

-					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");

-					}

-				}

-#ifdef OPENSSL_NO_CAMELLIA

-			BIO_printf(bio_err,"%-15s",fp->name);

-#else

-			BIO_printf(bio_err,"%-18s",fp->name);

-#endif

-			}

-		BIO_printf(bio_err,"\n\n");

-		ret=0;

-		}

-end:

-	return(ret);

-	}

-static int SortFnByName(const void *_f1,const void *_f2)

-    {

-    const FUNCTION *f1=_f1;

-    const FUNCTION *f2=_f2;

-    if(f1->type != f2->type)

-	return f1->type-f2->type;

-    return strcmp(f1->name,f2->name);

-    }

-static LHASH *prog_init(void)

-	{

-	LHASH *ret;

-	FUNCTION *f;

-	size_t i;

-	/* Purely so it looks nice when the user hits ? */

-	for(i=0,f=functions ; f->name != NULL ; ++f,++i)

-	    ;

-	qsort(functions,i,sizeof *functions,SortFnByName);

-	if ((ret=lh_new(hash, cmp)) == NULL)

-		return(NULL);

-	for (f=functions; f->name != NULL; f++)

-		lh_insert(ret,f);

-	return(ret);

-	}

-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */

-static int MS_CALLBACK cmp(const void *a_void, const void *b_void)

-	{

-	return(strncmp(((const FUNCTION *)a_void)->name,

-			((const FUNCTION *)b_void)->name,8));

-	}

-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */

-static unsigned long MS_CALLBACK hash(const void *a_void)

-	{

-	return(lh_strhash(((const FUNCTION *)a_void)->name));

-	}

--- a/sys/src/ape/lib/openssl/apps/openssl.cnf

+++ /dev/null

@@ -1,313 +1,0 @@

-#

-# OpenSSL example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# This definition stops the following lines choking if HOME isn't

-# defined.

-HOME			= .

-RANDFILE		= $ENV::HOME/.rnd

-# Extra OBJECT IDENTIFIER info:

-#oid_file		= $ENV::HOME/.oid

-oid_section		= new_oids

-# To use this configuration file with the "-extfile" option of the

-# "openssl x509" utility, name here the section containing the

-# X.509v3 extensions to use:

-# extensions		=

-# (Alternatively, use a configuration file that has only

-# X.509v3 extensions in its main [= default] section.)

-[ new_oids ]

-# We can add new OIDs in here for use by 'ca' and 'req'.

-# Add a simple OID like this:

-# testoid1=1.2.3.4

-# Or use config file substitution like this:

-# testoid2=${testoid1}.5.6

-####################################################################

-[ ca ]

-default_ca	= CA_default		# The default ca section

-####################################################################

-[ CA_default ]

-dir		= ./demoCA		# Where everything is kept

-certs		= $dir/certs		# Where the issued certs are kept

-crl_dir		= $dir/crl		# Where the issued crl are kept

-database	= $dir/index.txt	# database index file.

-#unique_subject	= no			# Set to 'no' to allow creation of

-					# several ctificates with same subject.

-new_certs_dir	= $dir/newcerts		# default place for new certs.

-certificate	= $dir/cacert.pem 	# The CA certificate

-serial		= $dir/serial 		# The current serial number

-crlnumber	= $dir/crlnumber	# the current crl number

-					# must be commented out to leave a V1 CRL

-crl		= $dir/crl.pem 		# The current CRL

-private_key	= $dir/private/cakey.pem# The private key

-RANDFILE	= $dir/private/.rand	# private random number file

-x509_extensions	= usr_cert		# The extentions to add to the cert

-# Comment out the following two lines for the "traditional"

-# (and highly broken) format.

-name_opt 	= ca_default		# Subject Name options

-cert_opt 	= ca_default		# Certificate field options

-# Extension copying option: use with caution.

-# copy_extensions = copy

-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs

-# so this is commented out by default to leave a V1 CRL.

-# crlnumber must also be commented out to leave a V1 CRL.

-# crl_extensions	= crl_ext

-default_days	= 365			# how long to certify for

-default_crl_days= 30			# how long before next CRL

-default_md	= sha1			# which md to use.

-preserve	= no			# keep passed DN ordering

-# A few difference way of specifying how similar the request should look

-# For type CA, the listed attributes must be the same, and the optional

-# and supplied fields are just that :-)

-policy		= policy_match

-# For the CA policy

-[ policy_match ]

-countryName		= match

-stateOrProvinceName	= match

-organizationName	= match

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-# For the 'anything' policy

-# At this point in time, you must list all acceptable 'object'

-# types.

-[ policy_anything ]

-countryName		= optional

-stateOrProvinceName	= optional

-localityName		= optional

-organizationName	= optional

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-####################################################################

-[ req ]

-default_bits		= 1024

-default_keyfile 	= privkey.pem

-distinguished_name	= req_distinguished_name

-attributes		= req_attributes

-x509_extensions	= v3_ca	# The extentions to add to the self signed cert

-# Passwords for private keys if not present they will be prompted for

-# input_password = secret

-# output_password = secret

-# This sets a mask for permitted string types. There are several options.

-# default: PrintableString, T61String, BMPString.

-# pkix	 : PrintableString, BMPString.

-# utf8only: only UTF8Strings.

-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).

-# MASK:XXXX a literal mask value.

-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings

-# so use this option with caution!

-string_mask = nombstr

-# req_extensions = v3_req # The extensions to add to a certificate request

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_min			= 2

-countryName_max			= 2

-stateOrProvinceName		= State or Province Name (full name)

-stateOrProvinceName_default	= Some-State

-localityName			= Locality Name (eg, city)

-0.organizationName		= Organization Name (eg, company)

-0.organizationName_default	= Internet Widgits Pty Ltd

-# we can do this but it is not needed normally :-)

-#1.organizationName		= Second Organization Name (eg, company)

-#1.organizationName_default	= World Wide Web Pty Ltd

-organizationalUnitName		= Organizational Unit Name (eg, section)

-#organizationalUnitName_default	=

-commonName			= Common Name (eg, YOUR name)

-commonName_max			= 64

-emailAddress			= Email Address

-emailAddress_max		= 64

-# SET-ex3			= SET extension number 3

-[ req_attributes ]

-challengePassword		= A challenge password

-challengePassword_min		= 4

-challengePassword_max		= 20

-unstructuredName		= An optional company name

-[ usr_cert ]

-# These extensions are added when 'ca' signs a request.

-# This goes against PKIX guidelines but some CAs do it and some software

-# requires this to avoid interpreting an end user certificate as a CA.

-basicConstraints=CA:FALSE

-# Here are some examples of the usage of nsCertType. If it is omitted

-# the certificate can be used for anything *except* object signing.

-# This is OK for an SSL server.

-# nsCertType			= server

-# For an object signing certificate this would be used.

-# nsCertType = objsign

-# For normal client use this is typical

-# nsCertType = client, email

-# and for everything including object signing:

-# nsCertType = client, email, objsign

-# This is typical in keyUsage for a client certificate.

-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-# This will be displayed in Netscape's comment listbox.

-nsComment			= "OpenSSL Generated Certificate"

-# PKIX recommendations harmless if included in all certificates.

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer

-# This stuff is for subjectAltName and issuerAltname.

-# Import the email address.

-# subjectAltName=email:copy

-# An alternative to produce certificates that aren't

-# deprecated according to PKIX.

-# subjectAltName=email:move

-# Copy subject details

-# issuerAltName=issuer:copy

-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem

-#nsBaseUrl

-#nsRevocationUrl

-#nsRenewalUrl

-#nsCaPolicyUrl

-#nsSslServerName

-[ v3_req ]

-# Extensions to add to a certificate request

-basicConstraints = CA:FALSE

-keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-[ v3_ca ]

-# Extensions for a typical CA

-# PKIX recommendation.

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid:always,issuer:always

-# This is what PKIX recommends but some broken software chokes on critical

-# extensions.

-#basicConstraints = critical,CA:true

-# So we do this instead.

-basicConstraints = CA:true

-# Key usage: this is typical for a CA certificate. However since it will

-# prevent it being used as an test self-signed certificate it is best

-# left out by default.

-# keyUsage = cRLSign, keyCertSign

-# Some might want this also

-# nsCertType = sslCA, emailCA

-# Include email address in subject alt name: another PKIX recommendation

-# subjectAltName=email:copy

-# Copy issuer details

-# issuerAltName=issuer:copy

-# DER hex encoding of an extension: beware experts only!

-# obj=DER:02:03

-# Where 'obj' is a standard or added object

-# You can even override a supported extension:

-# basicConstraints= critical, DER:30:03:01:01:FF

-[ crl_ext ]

-# CRL extensions.

-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

-# issuerAltName=issuer:copy

-authorityKeyIdentifier=keyid:always,issuer:always

-[ proxy_cert_ext ]

-# These extensions should be added when creating a proxy certificate

-# This goes against PKIX guidelines but some CAs do it and some software

-# requires this to avoid interpreting an end user certificate as a CA.

-basicConstraints=CA:FALSE

-# Here are some examples of the usage of nsCertType. If it is omitted

-# the certificate can be used for anything *except* object signing.

-# This is OK for an SSL server.

-# nsCertType			= server

-# For an object signing certificate this would be used.

-# nsCertType = objsign

-# For normal client use this is typical

-# nsCertType = client, email

-# and for everything including object signing:

-# nsCertType = client, email, objsign

-# This is typical in keyUsage for a client certificate.

-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-# This will be displayed in Netscape's comment listbox.

-nsComment			= "OpenSSL Generated Certificate"

-# PKIX recommendations harmless if included in all certificates.

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer:always

-# This stuff is for subjectAltName and issuerAltname.

-# Import the email address.

-# subjectAltName=email:copy

-# An alternative to produce certificates that aren't

-# deprecated according to PKIX.

-# subjectAltName=email:move

-# Copy subject details

-# issuerAltName=issuer:copy

-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem

-#nsBaseUrl

-#nsRevocationUrl

-#nsRenewalUrl

-#nsCaPolicyUrl

-#nsSslServerName

-# This really needs to be in place for it to be a proxy certificate.

-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

--- a/sys/src/ape/lib/openssl/apps/passwd.c

+++ /dev/null

@@ -1,512 +1,0 @@

-/* apps/passwd.c */

-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC

-# define NO_MD5CRYPT_1

-#endif

-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)

-#include <assert.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_DES

-# include <openssl/des.h>

-#endif

-#ifndef NO_MD5CRYPT_1

-# include <openssl/md5.h>

-#endif

-#undef PROG

-#define PROG passwd_main

-static unsigned const char cov_2char[64]={

-	/* from crypto/des/fcrypt.c */

-	0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,

-	0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,

-	0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,

-	0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,

-	0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,

-	0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,

-	0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,

-	0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A

-};

-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,

-	char *passwd, BIO *out, int quiet, int table, int reverse,

-	size_t pw_maxlen, int usecrypt, int use1, int useapr1);

-/* -crypt        - standard Unix password algorithm (default)

- * -1            - MD5-based password algorithm

- * -apr1         - MD5-based password algorithm, Apache variant

- * -salt string  - salt

- * -in file      - read passwords from file

- * -stdin        - read passwords from stdin

- * -noverify     - never verify when reading password from terminal

- * -quiet        - no warnings

- * -table        - format output as table

- * -reverse      - switch table columns

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int ret = 1;

-	char *infile = NULL;

-	int in_stdin = 0;

-	int in_noverify = 0;

-	char *salt = NULL, *passwd = NULL, **passwds = NULL;

-	char *salt_malloc = NULL, *passwd_malloc = NULL;

-	size_t passwd_malloc_size = 0;

-	int pw_source_defined = 0;

-	BIO *in = NULL, *out = NULL;

-	int i, badopt, opt_done;

-	int passed_salt = 0, quiet = 0, table = 0, reverse = 0;

-	int usecrypt = 0, use1 = 0, useapr1 = 0;

-	size_t pw_maxlen = 0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto err;

-	out = BIO_new(BIO_s_file());

-	if (out == NULL)

-		goto err;

-	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);

-#ifdef OPENSSL_SYS_VMS

-	{

-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	out = BIO_push(tmpbio, out);

-	}

-#endif

-	badopt = 0, opt_done = 0;

-	i = 0;

-	while (!badopt && !opt_done && argv[++i] != NULL)

-		{

-		if (strcmp(argv[i], "-crypt") == 0)

-			usecrypt = 1;

-		else if (strcmp(argv[i], "-1") == 0)

-			use1 = 1;

-		else if (strcmp(argv[i], "-apr1") == 0)

-			useapr1 = 1;

-		else if (strcmp(argv[i], "-salt") == 0)

-			{

-			if ((argv[i+1] != NULL) && (salt == NULL))

-				{

-				passed_salt = 1;

-				salt = argv[++i];

-				}

-			else

-				badopt = 1;

-			}

-		else if (strcmp(argv[i], "-in") == 0)

-			{

-			if ((argv[i+1] != NULL) && !pw_source_defined)

-				{

-				pw_source_defined = 1;

-				infile = argv[++i];

-				}

-			else

-				badopt = 1;

-			}

-		else if (strcmp(argv[i], "-stdin") == 0)

-			{

-			if (!pw_source_defined)

-				{

-				pw_source_defined = 1;

-				in_stdin = 1;

-				}

-			else

-				badopt = 1;

-			}

-		else if (strcmp(argv[i], "-noverify") == 0)

-			in_noverify = 1;

-		else if (strcmp(argv[i], "-quiet") == 0)

-			quiet = 1;

-		else if (strcmp(argv[i], "-table") == 0)

-			table = 1;

-		else if (strcmp(argv[i], "-reverse") == 0)

-			reverse = 1;

-		else if (argv[i][0] == '-')

-			badopt = 1;

-		else if (!pw_source_defined)

-			/* non-option arguments, use as passwords */

-			{

-			pw_source_defined = 1;

-			passwds = &argv[i];

-			opt_done = 1;

-			}

-		else

-			badopt = 1;

-		}

-	if (!usecrypt && !use1 && !useapr1) /* use default */

-		usecrypt = 1;

-	if (usecrypt + use1 + useapr1 > 1) /* conflict */

-		badopt = 1;

-	/* reject unsupported algorithms */

-#ifdef OPENSSL_NO_DES

-	if (usecrypt) badopt = 1;

-#endif

-#ifdef NO_MD5CRYPT_1

-	if (use1 || useapr1) badopt = 1;

-#endif

-	if (badopt)

-		{

-		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");

-		BIO_printf(bio_err, "where options are\n");

-#ifndef OPENSSL_NO_DES

-		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");

-#endif

-#ifndef NO_MD5CRYPT_1

-		BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");

-		BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");

-#endif

-		BIO_printf(bio_err, "-salt string       use provided salt\n");

-		BIO_printf(bio_err, "-in file           read passwords from file\n");

-		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");

-		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");

-		BIO_printf(bio_err, "-quiet             no warnings\n");

-		BIO_printf(bio_err, "-table             format output as table\n");

-		BIO_printf(bio_err, "-reverse           switch table columns\n");

-		goto err;

-		}

-	if ((infile != NULL) || in_stdin)

-		{

-		in = BIO_new(BIO_s_file());

-		if (in == NULL)

-			goto err;

-		if (infile != NULL)

-			{

-			assert(in_stdin == 0);

-			if (BIO_read_filename(in, infile) <= 0)

-				goto err;

-			}

-		else

-			{

-			assert(in_stdin);

-			BIO_set_fp(in, stdin, BIO_NOCLOSE);

-			}

-		}

-	if (usecrypt)

-		pw_maxlen = 8;

-	else if (use1 || useapr1)

-		pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */

-	if (passwds == NULL)

-		{

-		/* no passwords on the command line */

-		passwd_malloc_size = pw_maxlen + 2;

-		/* longer than necessary so that we can warn about truncation */

-		passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);

-		if (passwd_malloc == NULL)

-			goto err;

-		}

-	if ((in == NULL) && (passwds == NULL))

-		{

-		/* build a null-terminated list */

-		static char *passwds_static[2] = {NULL, NULL};

-		passwds = passwds_static;

-		if (in == NULL)

-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)

-				goto err;

-		passwds[0] = passwd_malloc;

-		}

-	if (in == NULL)

-		{

-		assert(passwds != NULL);

-		assert(*passwds != NULL);

-		do /* loop over list of passwords */

-			{

-			passwd = *passwds++;

-			if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,

-				quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))

-				goto err;

-			}

-		while (*passwds != NULL);

-		}

-	else

-		/* in != NULL */

-		{

-		int done;

-		assert (passwd != NULL);

-		do

-			{

-			int r = BIO_gets(in, passwd, pw_maxlen + 1);

-			if (r > 0)

-				{

-				char *c = (strchr(passwd, '\n')) ;

-				if (c != NULL)

-					*c = 0; /* truncate at newline */

-				else

-					{

-					/* ignore rest of line */

-					char trash[BUFSIZ];

-					do

-						r = BIO_gets(in, trash, sizeof trash);

-					while ((r > 0) && (!strchr(trash, '\n')));

-					}

-				if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,

-					quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))

-					goto err;

-				}

-			done = (r <= 0);

-			}

-		while (!done);

-		}

-	ret = 0;

-err:

-	ERR_print_errors(bio_err);

-	if (salt_malloc)

-		OPENSSL_free(salt_malloc);

-	if (passwd_malloc)

-		OPENSSL_free(passwd_malloc);

-	if (in)

-		BIO_free(in);

-	if (out)

-		BIO_free_all(out);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-#ifndef NO_MD5CRYPT_1

-/* MD5-based password algorithm (should probably be available as a library

- * function; then the static buffer would not be acceptable).

- * For magic string "1", this should be compatible to the MD5-based BSD

- * password algorithm.

- * For 'magic' string "apr1", this is compatible to the MD5-based Apache

- * password algorithm.

- * (Apparently, the Apache password algorithm is identical except that the

- * 'magic' string was changed -- the laziest application of the NIH principle

- * I've ever encountered.)

- */

-static char *md5crypt(const char *passwd, const char *magic, const char *salt)

-	{

-	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */

-	unsigned char buf[MD5_DIGEST_LENGTH];

-	char *salt_out;

-	int n;

-	unsigned int i;

-	EVP_MD_CTX md,md2;

-	size_t passwd_len, salt_len;

-	passwd_len = strlen(passwd);

-	out_buf[0] = '$';

-	out_buf[1] = 0;

-	assert(strlen(magic) <= 4); /* "1" or "apr1" */

-	strncat(out_buf, magic, 4);

-	strncat(out_buf, "$", 1);

-	strncat(out_buf, salt, 8);

-	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */

-	salt_out = out_buf + 2 + strlen(magic);

-	salt_len = strlen(salt_out);

-	assert(salt_len <= 8);

-	EVP_MD_CTX_init(&md);

-	EVP_DigestInit_ex(&md,EVP_md5(), NULL);

-	EVP_DigestUpdate(&md, passwd, passwd_len);

-	EVP_DigestUpdate(&md, "$", 1);

-	EVP_DigestUpdate(&md, magic, strlen(magic));

-	EVP_DigestUpdate(&md, "$", 1);

-	EVP_DigestUpdate(&md, salt_out, salt_len);

-	EVP_MD_CTX_init(&md2);

-	EVP_DigestInit_ex(&md2,EVP_md5(), NULL);

-	EVP_DigestUpdate(&md2, passwd, passwd_len);

-	EVP_DigestUpdate(&md2, salt_out, salt_len);

-	EVP_DigestUpdate(&md2, passwd, passwd_len);

-	EVP_DigestFinal_ex(&md2, buf, NULL);

-	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)

-		EVP_DigestUpdate(&md, buf, sizeof buf);

-	EVP_DigestUpdate(&md, buf, i);

-	n = passwd_len;

-	while (n)

-		{

-		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);

-		n >>= 1;

-		}

-	EVP_DigestFinal_ex(&md, buf, NULL);

-	for (i = 0; i < 1000; i++)

-		{

-		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);

-		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,

-		                       (i & 1) ? passwd_len : sizeof buf);

-		if (i % 3)

-			EVP_DigestUpdate(&md2, salt_out, salt_len);

-		if (i % 7)

-			EVP_DigestUpdate(&md2, passwd, passwd_len);

-		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,

-		                       (i & 1) ? sizeof buf : passwd_len);

-		EVP_DigestFinal_ex(&md2, buf, NULL);

-		}

-	EVP_MD_CTX_cleanup(&md2);

-	 {

-		/* transform buf into output string */

-		unsigned char buf_perm[sizeof buf];

-		int dest, source;

-		char *output;

-		/* silly output permutation */

-		for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)

-			buf_perm[dest] = buf[source];

-		buf_perm[14] = buf[5];

-		buf_perm[15] = buf[11];

-#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */

-		assert(16 == sizeof buf_perm);

-#endif

-		output = salt_out + salt_len;

-		assert(output == out_buf + strlen(out_buf));

-		*output++ = '$';

-		for (i = 0; i < 15; i += 3)

-			{

-			*output++ = cov_2char[buf_perm[i+2] & 0x3f];

-			*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |

-				                  (buf_perm[i+2] >> 6)];

-			*output++ = cov_2char[((buf_perm[i] & 3) << 4) |

-				                  (buf_perm[i+1] >> 4)];

-			*output++ = cov_2char[buf_perm[i] >> 2];

-			}

-		assert(i == 15);

-		*output++ = cov_2char[buf_perm[i] & 0x3f];

-		*output++ = cov_2char[buf_perm[i] >> 6];

-		*output = 0;

-		assert(strlen(out_buf) < sizeof(out_buf));

-	 }

-	EVP_MD_CTX_cleanup(&md);

-	return out_buf;

-	}

-#endif

-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,

-	char *passwd, BIO *out,	int quiet, int table, int reverse,

-	size_t pw_maxlen, int usecrypt, int use1, int useapr1)

-	{

-	char *hash = NULL;

-	assert(salt_p != NULL);

-	assert(salt_malloc_p != NULL);

-	/* first make sure we have a salt */

-	if (!passed_salt)

-		{

-#ifndef OPENSSL_NO_DES

-		if (usecrypt)

-			{

-			if (*salt_malloc_p == NULL)

-				{

-				*salt_p = *salt_malloc_p = OPENSSL_malloc(3);

-				if (*salt_malloc_p == NULL)

-					goto err;

-				}

-			if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)

-				goto err;

-			(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */

-			(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */

-			(*salt_p)[2] = 0;

-#ifdef CHARSET_EBCDIC

-			ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert

-			                                    * back to ASCII */

-#endif

-			}

-#endif /* !OPENSSL_NO_DES */

-#ifndef NO_MD5CRYPT_1

-		if (use1 || useapr1)

-			{

-			int i;

-			if (*salt_malloc_p == NULL)

-				{

-				*salt_p = *salt_malloc_p = OPENSSL_malloc(9);

-				if (*salt_malloc_p == NULL)

-					goto err;

-				}

-			if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)

-				goto err;

-			for (i = 0; i < 8; i++)

-				(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */

-			(*salt_p)[8] = 0;

-			}

-#endif /* !NO_MD5CRYPT_1 */

-		}

-	assert(*salt_p != NULL);

-	/* truncate password if necessary */

-	if ((strlen(passwd) > pw_maxlen))

-		{

-		if (!quiet)

-			/* XXX: really we should know how to print a size_t, not cast it */

-			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);

-		passwd[pw_maxlen] = 0;

-		}

-	assert(strlen(passwd) <= pw_maxlen);

-	/* now compute password hash */

-#ifndef OPENSSL_NO_DES

-	if (usecrypt)

-		hash = DES_crypt(passwd, *salt_p);

-#endif

-#ifndef NO_MD5CRYPT_1

-	if (use1 || useapr1)

-		hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);

-#endif

-	assert(hash != NULL);

-	if (table && !reverse)

-		BIO_printf(out, "%s\t%s\n", passwd, hash);

-	else if (table && reverse)

-		BIO_printf(out, "%s\t%s\n", hash, passwd);

-	else

-		BIO_printf(out, "%s\n", hash);

-	return 1;

-err:

-	return 0;

-	}

-#else

-int MAIN(int argc, char **argv)

-	{

-	fputs("Program not available.\n", stderr)

-	OPENSSL_EXIT(1);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/pca-cert.srl

+++ /dev/null

@@ -1,1 +1,0 @@

-07

--- a/sys/src/ape/lib/openssl/apps/pca-key.pem

+++ /dev/null

@@ -1,15 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg

-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ

-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB

-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc

-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz

-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7

-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD

-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS

-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj

-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG

-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL

-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q

-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/pca-req.pem

+++ /dev/null

@@ -1,11 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx

-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo

-MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj

-Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX

-MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3

-vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz

-IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv

-wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L

-Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/apps/pkcs12.c

+++ /dev/null

@@ -1,951 +1,0 @@

-/* pkcs12.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/pkcs12.h>

-#define PROG pkcs12_main

-const EVP_CIPHER *enc;

-#define NOKEYS		0x1

-#define NOCERTS 	0x2

-#define INFO		0x4

-#define CLCERTS		0x8

-#define CACERTS		0x10

-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);

-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);

-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,

-			  int passlen, int options, char *pempass);

-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);

-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);

-void hex_prin(BIO *out, unsigned char *buf, int len);

-int alg_print(BIO *x, X509_ALGOR *alg);

-int cert_load(BIO *in, STACK_OF(X509) *sk);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-{

-    ENGINE *e = NULL;

-    char *infile=NULL, *outfile=NULL, *keyname = NULL;

-    char *certfile=NULL;

-    BIO *in=NULL, *out = NULL;

-    char **args;

-    char *name = NULL;

-    char *csp_name = NULL;

-    PKCS12 *p12 = NULL;

-    char pass[50], macpass[50];

-    int export_cert = 0;

-    int options = 0;

-    int chain = 0;

-    int badarg = 0;

-    int iter = PKCS12_DEFAULT_ITER;

-    int maciter = PKCS12_DEFAULT_ITER;

-    int twopass = 0;

-    int keytype = 0;

-    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

-    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;

-    int ret = 1;

-    int macver = 1;

-    int noprompt = 0;

-    STACK *canames = NULL;

-    char *cpass = NULL, *mpass = NULL;

-    char *passargin = NULL, *passargout = NULL, *passarg = NULL;

-    char *passin = NULL, *passout = NULL;

-    char *inrand = NULL;

-    char *CApath = NULL, *CAfile = NULL;

-#ifndef OPENSSL_NO_ENGINE

-    char *engine=NULL;

-#endif

-    apps_startup();

-    enc = EVP_des_ede3_cbc();

-    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-    args = argv + 1;

-    while (*args) {

-	if (*args[0] == '-') {

-		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;

-		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;

-		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;

-		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;

-		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;

-		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;

-		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);

-		else if (!strcmp (*args, "-info")) options |= INFO;

-		else if (!strcmp (*args, "-chain")) chain = 1;

-		else if (!strcmp (*args, "-twopass")) twopass = 1;

-		else if (!strcmp (*args, "-nomacver")) macver = 0;

-		else if (!strcmp (*args, "-descert"))

-    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;

-		else if (!strcmp (*args, "-export")) export_cert = 1;

-		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();

-		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();

-#ifndef OPENSSL_NO_IDEA

-		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();

-#endif

-#ifndef OPENSSL_NO_SEED

-		else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();

-#endif

-#ifndef OPENSSL_NO_AES

-		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();

-		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();

-		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();

-		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();

-		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();

-#endif

-		else if (!strcmp (*args, "-noiter")) iter = 1;

-		else if (!strcmp (*args, "-maciter"))

-					 maciter = PKCS12_DEFAULT_ITER;

-		else if (!strcmp (*args, "-nomaciter"))

-					 maciter = 1;

-		else if (!strcmp (*args, "-nomac"))

-					 maciter = -1;

-		else if (!strcmp (*args, "-nodes")) enc=NULL;

-		else if (!strcmp (*args, "-certpbe")) {

-			if (args[1]) {

-				args++;

-				if (!strcmp(*args, "NONE"))

-					cert_pbe = -1;

-				else

-					cert_pbe=OBJ_txt2nid(*args);

-				if(cert_pbe == NID_undef) {

-					BIO_printf(bio_err,

-						 "Unknown PBE algorithm %s\n", *args);

-					badarg = 1;

-				}

-			} else badarg = 1;

-		} else if (!strcmp (*args, "-keypbe")) {

-			if (args[1]) {

-				args++;

-				if (!strcmp(*args, "NONE"))

-					key_pbe = -1;

-				else

-					key_pbe=OBJ_txt2nid(*args);

-				if(key_pbe == NID_undef) {

-					BIO_printf(bio_err,

-						 "Unknown PBE algorithm %s\n", *args);

-					badarg = 1;

-				}

-			} else badarg = 1;

-		} else if (!strcmp (*args, "-rand")) {

-		    if (args[1]) {

-			args++;

-			inrand = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-inkey")) {

-		    if (args[1]) {

-			args++;

-			keyname = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-certfile")) {

-		    if (args[1]) {

-			args++;

-			certfile = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-name")) {

-		    if (args[1]) {

-			args++;

-			name = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-CSP")) {

-		    if (args[1]) {

-			args++;

-			csp_name = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-caname")) {

-		    if (args[1]) {

-			args++;

-			if (!canames) canames = sk_new_null();

-			sk_push(canames, *args);

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-in")) {

-		    if (args[1]) {

-			args++;

-			infile = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-out")) {

-		    if (args[1]) {

-			args++;

-			outfile = *args;

-		    } else badarg = 1;

-		} else if (!strcmp(*args,"-passin")) {

-		    if (args[1]) {

-			args++;

-			passargin = *args;

-		    } else badarg = 1;

-		} else if (!strcmp(*args,"-passout")) {

-		    if (args[1]) {

-			args++;

-			passargout = *args;

-		    } else badarg = 1;

-		} else if (!strcmp (*args, "-password")) {

-		    if (args[1]) {

-			args++;

-			passarg = *args;

-		    	noprompt = 1;

-		    } else badarg = 1;

-		} else if (!strcmp(*args,"-CApath")) {

-		    if (args[1]) {

-			args++;

-			CApath = *args;

-		    } else badarg = 1;

-		} else if (!strcmp(*args,"-CAfile")) {

-		    if (args[1]) {

-			args++;

-			CAfile = *args;

-		    } else badarg = 1;

-#ifndef OPENSSL_NO_ENGINE

-		} else if (!strcmp(*args,"-engine")) {

-		    if (args[1]) {

-			args++;

-			engine = *args;

-		    } else badarg = 1;

-#endif

-		} else badarg = 1;

-	} else badarg = 1;

-	args++;

-    }

-    if (badarg) {

-	BIO_printf (bio_err, "Usage: pkcs12 [options]\n");

-	BIO_printf (bio_err, "where options are\n");

-	BIO_printf (bio_err, "-export       output PKCS12 file\n");

-	BIO_printf (bio_err, "-chain        add certificate chain\n");

-	BIO_printf (bio_err, "-inkey file   private key if not infile\n");

-	BIO_printf (bio_err, "-certfile f   add all certs in f\n");

-	BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");

-	BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");

-	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");

-	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");

-	BIO_printf (bio_err, "-in  infile   input filename\n");

-	BIO_printf (bio_err, "-out outfile  output filename\n");

-	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");

-	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");

-	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");

-	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");

-	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");

-	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");

-	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");

-	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");

-	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");

-#ifndef OPENSSL_NO_IDEA

-	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");

-#endif

-#ifndef OPENSSL_NO_SEED

-	BIO_printf (bio_err, "-seed         encrypt private keys with seed\n");

-#endif

-#ifndef OPENSSL_NO_AES

-	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");

-	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");

-	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");

-#endif

-	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");

-	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");

-	BIO_printf (bio_err, "-maciter      use MAC iteration\n");

-	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");

-	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");

-	BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");

-	BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");

-	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");

-	BIO_printf (bio_err, "-keysig       set MS key signature type\n");

-	BIO_printf (bio_err, "-password p   set import/export password source\n");

-	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");

-	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");

-#ifndef OPENSSL_NO_ENGINE

-	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");

-#endif

-	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");

-	BIO_printf(bio_err,  "              the random number generator\n");

-    	goto end;

-    }

-#ifndef OPENSSL_NO_ENGINE

-    e = setup_engine(bio_err, engine, 0);

-#endif

-    if(passarg) {

-	if(export_cert) passargout = passarg;

-	else passargin = passarg;

-    }

-    if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {

-	BIO_printf(bio_err, "Error getting passwords\n");

-	goto end;

-    }

-    if(!cpass) {

-    	if(export_cert) cpass = passout;

-    	else cpass = passin;

-    }

-    if(cpass) {

-	mpass = cpass;

-	noprompt = 1;

-    } else {

-	cpass = pass;

-	mpass = macpass;

-    }

-    if(export_cert || inrand) {

-    	app_RAND_load_file(NULL, bio_err, (inrand != NULL));

-        if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-    }

-    ERR_load_crypto_strings();

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_push_info("read files");

-#endif

-    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);

-    else in = BIO_new_file(infile, "rb");

-    if (!in) {

-	    BIO_printf(bio_err, "Error opening input file %s\n",

-						infile ? infile : "<stdin>");

-	    perror (infile);

-	    goto end;

-   }

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_pop_info();

-    CRYPTO_push_info("write files");

-#endif

-    if (!outfile) {

-	out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-	{

-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	    out = BIO_push(tmpbio, out);

-	}

-#endif

-    } else out = BIO_new_file(outfile, "wb");

-    if (!out) {

-	BIO_printf(bio_err, "Error opening output file %s\n",

-						outfile ? outfile : "<stdout>");

-	perror (outfile);

-	goto end;

-    }

-    if (twopass) {

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_push_info("read MAC password");

-#endif

-	if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))

-	{

-    	    BIO_printf (bio_err, "Can't read Password\n");

-    	    goto end;

-       	}

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_pop_info();

-#endif

-    }

-    if (export_cert) {

-	EVP_PKEY *key = NULL;

-	X509 *ucert = NULL, *x = NULL;

-	STACK_OF(X509) *certs=NULL;

-	unsigned char *catmp = NULL;

-	int i;

-	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))

-		{

-		BIO_printf(bio_err, "Nothing to do!\n");

-		goto export_end;

-		}

-	if (options & NOCERTS)

-		chain = 0;

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_push_info("process -export_cert");

-	CRYPTO_push_info("reading private key");

-#endif

-	if (!(options & NOKEYS))

-		{

-		key = load_key(bio_err, keyname ? keyname : infile,

-				FORMAT_PEM, 1, passin, e, "private key");

-		if (!key)

-			goto export_end;

-		}

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("reading certs from input");

-#endif

-	/* Load in all certs in input file */

-	if(!(options & NOCERTS))

-		{

-		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,

-							"certificates");

-		if (!certs)

-			goto export_end;

-		if (key)

-			{

-			/* Look for matching private key */

-			for(i = 0; i < sk_X509_num(certs); i++)

-				{

-				x = sk_X509_value(certs, i);

-				if(X509_check_private_key(x, key))

-					{

-					ucert = x;

-					/* Zero keyid and alias */

-					X509_keyid_set1(ucert, NULL, 0);

-					X509_alias_set1(ucert, NULL, 0);

-					/* Remove from list */

-					(void)sk_X509_delete(certs, i);

-					break;

-					}

-				}

-			if (!ucert)

-				{

-				BIO_printf(bio_err, "No certificate matches private key\n");

-				goto export_end;

-				}

-			}

-		}

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("reading certs from input 2");

-#endif

-	/* Add any more certificates asked for */

-	if(certfile)

-		{

-		STACK_OF(X509) *morecerts=NULL;

-		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,

-					    NULL, e,

-					    "certificates from certfile")))

-			goto export_end;

-		while(sk_X509_num(morecerts) > 0)

-			sk_X509_push(certs, sk_X509_shift(morecerts));

-		sk_X509_free(morecerts);

- 		}

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("reading certs from certfile");

-#endif

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("building chain");

-#endif

-	/* If chaining get chain from user cert */

-	if (chain) {

-        	int vret;

-		STACK_OF(X509) *chain2;

-		X509_STORE *store = X509_STORE_new();

-		if (!store)

-			{

-			BIO_printf (bio_err, "Memory allocation error\n");

-			goto export_end;

-			}

-		if (!X509_STORE_load_locations(store, CAfile, CApath))

-			X509_STORE_set_default_paths (store);

-		vret = get_cert_chain (ucert, store, &chain2);

-		X509_STORE_free(store);

-		if (!vret) {

-		    /* Exclude verified certificate */

-		    for (i = 1; i < sk_X509_num (chain2) ; i++)

-			sk_X509_push(certs, sk_X509_value (chain2, i));

-		    /* Free first certificate */

-		    X509_free(sk_X509_value(chain2, 0));

-		    sk_X509_free(chain2);

-		} else {

-			if (vret >= 0)

-				BIO_printf (bio_err, "Error %s getting chain.\n",

-					X509_verify_cert_error_string(vret));

-			else

-				ERR_print_errors(bio_err);

-			goto export_end;

-		}

-    	}

-	/* Add any CA names */

-	for (i = 0; i < sk_num(canames); i++)

-		{

-		catmp = (unsigned char *)sk_value(canames, i);

-		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);

-		}

-	if (csp_name && key)

-		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,

-				MBSTRING_ASC, (unsigned char *)csp_name, -1);

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("reading password");

-#endif

-	if(!noprompt &&

-		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))

-		{

-	    	BIO_printf (bio_err, "Can't read Password\n");

-	    	goto export_end;

-        	}

-	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("creating PKCS#12 structure");

-#endif

-	p12 = PKCS12_create(cpass, name, key, ucert, certs,

-				key_pbe, cert_pbe, iter, -1, keytype);

-	if (!p12)

-		{

-	    	ERR_print_errors (bio_err);

-		goto export_end;

-		}

-	if (maciter != -1)

-		PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_push_info("writing pkcs12");

-#endif

-	i2d_PKCS12_bio(out, p12);

-	ret = 0;

-    export_end:

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-	CRYPTO_pop_info();

-	CRYPTO_push_info("process -export_cert: freeing");

-#endif

-	if (key) EVP_PKEY_free(key);

-	if (certs) sk_X509_pop_free(certs, X509_free);

-	if (ucert) X509_free(ucert);

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-#endif

-	goto end;

-    }

-    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {

-	ERR_print_errors(bio_err);

-	goto end;

-    }

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_push_info("read import password");

-#endif

-    if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {

-	BIO_printf (bio_err, "Can't read Password\n");

-	goto end;

-    }

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_pop_info();

-#endif

-    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);

-    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);

-    if(macver) {

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_push_info("verify MAC");

-#endif

-	/* If we enter empty password try no password first */

-	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {

-		/* If mac and crypto pass the same set it to NULL too */

-		if(!twopass) cpass = NULL;

-	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {

-	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");

-	    ERR_print_errors (bio_err);

-	    goto end;

-	}

-	BIO_printf (bio_err, "MAC verified OK\n");

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_pop_info();

-#endif

-    }

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_push_info("output keys and certificates");

-#endif

-    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {

-	BIO_printf(bio_err, "Error outputting keys and certificates\n");

-	ERR_print_errors (bio_err);

-	goto end;

-    }

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_pop_info();

-#endif

-    ret = 0;

- end:

-    if (p12) PKCS12_free(p12);

-    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);

-#ifdef CRYPTO_MDEBUG

-    CRYPTO_remove_all_info();

-#endif

-    BIO_free(in);

-    BIO_free_all(out);

-    if (canames) sk_free(canames);

-    if(passin) OPENSSL_free(passin);

-    if(passout) OPENSSL_free(passout);

-    apps_shutdown();

-    OPENSSL_EXIT(ret);

-}

-int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,

-	     int passlen, int options, char *pempass)

-{

-	STACK_OF(PKCS7) *asafes = NULL;

-	STACK_OF(PKCS12_SAFEBAG) *bags;

-	int i, bagnid;

-	int ret = 0;

-	PKCS7 *p7;

-	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;

-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {

-		p7 = sk_PKCS7_value (asafes, i);

-		bagnid = OBJ_obj2nid (p7->type);

-		if (bagnid == NID_pkcs7_data) {

-			bags = PKCS12_unpack_p7data(p7);

-			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");

-		} else if (bagnid == NID_pkcs7_encrypted) {

-			if (options & INFO) {

-				BIO_printf(bio_err, "PKCS7 Encrypted data: ");

-				alg_print(bio_err,

-					p7->d.encrypted->enc_data->algorithm);

-			}

-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);

-		} else continue;

-		if (!bags) goto err;

-	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen,

-						 options, pempass)) {

-			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);

-			goto err;

-		}

-		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);

-		bags = NULL;

-	}

-	ret = 1;

-	err:

-	if (asafes)

-		sk_PKCS7_pop_free (asafes, PKCS7_free);

-	return ret;

-}

-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,

-			   char *pass, int passlen, int options, char *pempass)

-{

-	int i;

-	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {

-		if (!dump_certs_pkeys_bag (out,

-					   sk_PKCS12_SAFEBAG_value (bags, i),

-					   pass, passlen,

-					   options, pempass))

-		    return 0;

-	}

-	return 1;

-}

-int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,

-	     int passlen, int options, char *pempass)

-{

-	EVP_PKEY *pkey;

-	PKCS8_PRIV_KEY_INFO *p8;

-	X509 *x509;

-	switch (M_PKCS12_bag_type(bag))

-	{

-	case NID_keyBag:

-		if (options & INFO) BIO_printf (bio_err, "Key bag\n");

-		if (options & NOKEYS) return 1;

-		print_attribs (out, bag->attrib, "Bag Attributes");

-		p8 = bag->value.keybag;

-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;

-		print_attribs (out, p8->attributes, "Key Attributes");

-		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);

-		EVP_PKEY_free(pkey);

-	break;

-	case NID_pkcs8ShroudedKeyBag:

-		if (options & INFO) {

-			BIO_printf (bio_err, "Shrouded Keybag: ");

-			alg_print (bio_err, bag->value.shkeybag->algor);

-		}

-		if (options & NOKEYS) return 1;

-		print_attribs (out, bag->attrib, "Bag Attributes");

-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))

-				return 0;

-		if (!(pkey = EVP_PKCS82PKEY (p8))) {

-			PKCS8_PRIV_KEY_INFO_free(p8);

-			return 0;

-		}

-		print_attribs (out, p8->attributes, "Key Attributes");

-		PKCS8_PRIV_KEY_INFO_free(p8);

-		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);

-		EVP_PKEY_free(pkey);

-	break;

-	case NID_certBag:

-		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");

-		if (options & NOCERTS) return 1;

-                if (PKCS12_get_attr(bag, NID_localKeyID)) {

-			if (options & CACERTS) return 1;

-		} else if (options & CLCERTS) return 1;

-		print_attribs (out, bag->attrib, "Bag Attributes");

-		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )

-								 return 1;

-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;

-		dump_cert_text (out, x509);

-		PEM_write_bio_X509 (out, x509);

-		X509_free(x509);

-	break;

-	case NID_safeContentsBag:

-		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");

-		print_attribs (out, bag->attrib, "Bag Attributes");

-		return dump_certs_pkeys_bags (out, bag->value.safes, pass,

-							    passlen, options, pempass);

-	default:

-		BIO_printf (bio_err, "Warning unsupported bag type: ");

-		i2a_ASN1_OBJECT (bio_err, bag->type);

-		BIO_printf (bio_err, "\n");

-		return 1;

-	break;

-	}

-	return 1;

-}

-/* Given a single certificate return a verified chain or NULL if error */

-/* Hope this is OK .... */

-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)

-{

-	X509_STORE_CTX store_ctx;

-	STACK_OF(X509) *chn;

-	int i = 0;

-	/* FIXME: Should really check the return status of X509_STORE_CTX_init

-	 * for an error, but how that fits into the return value of this

-	 * function is less obvious. */

-	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);

-	if (X509_verify_cert(&store_ctx) <= 0) {

-		i = X509_STORE_CTX_get_error (&store_ctx);

-		if (i == 0)

-			/* avoid returning 0 if X509_verify_cert() did not

-			 * set an appropriate error value in the context */

-			i = -1;

-		chn = NULL;

-		goto err;

-	} else

-		chn = X509_STORE_CTX_get1_chain(&store_ctx);

-err:

-	X509_STORE_CTX_cleanup(&store_ctx);

-	*chain = chn;

-	return i;

-}

-int alg_print (BIO *x, X509_ALGOR *alg)

-{

-	PBEPARAM *pbe;

-	const unsigned char *p;

-	p = alg->parameter->value.sequence->data;

-	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);

-	if (!pbe)

-		return 1;

-	BIO_printf (bio_err, "%s, Iteration %ld\n",

-		OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),

-		ASN1_INTEGER_get(pbe->iter));

-	PBEPARAM_free (pbe);

-	return 1;

-}

-/* Load all certificates from a given file */

-int cert_load(BIO *in, STACK_OF(X509) *sk)

-{

-	int ret;

-	X509 *cert;

-	ret = 0;

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_push_info("cert_load(): reading one cert");

-#endif

-	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {

-#ifdef CRYPTO_MDEBUG

-		CRYPTO_pop_info();

-#endif

-		ret = 1;

-		sk_X509_push(sk, cert);

-#ifdef CRYPTO_MDEBUG

-		CRYPTO_push_info("cert_load(): reading one cert");

-#endif

-	}

-#ifdef CRYPTO_MDEBUG

-	CRYPTO_pop_info();

-#endif

-	if(ret) ERR_clear_error();

-	return ret;

-}

-/* Generalised attribute print: handle PKCS#8 and bag attributes */

-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)

-{

-	X509_ATTRIBUTE *attr;

-	ASN1_TYPE *av;

-	char *value;

-	int i, attr_nid;

-	if(!attrlst) {

-		BIO_printf(out, "%s: <No Attributes>\n", name);

-		return 1;

-	}

-	if(!sk_X509_ATTRIBUTE_num(attrlst)) {

-		BIO_printf(out, "%s: <Empty Attributes>\n", name);

-		return 1;

-	}

-	BIO_printf(out, "%s\n", name);

-	for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {

-		attr = sk_X509_ATTRIBUTE_value(attrlst, i);

-		attr_nid = OBJ_obj2nid(attr->object);

-		BIO_printf(out, "    ");

-		if(attr_nid == NID_undef) {

-			i2a_ASN1_OBJECT (out, attr->object);

-			BIO_printf(out, ": ");

-		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));

-		if(sk_ASN1_TYPE_num(attr->value.set)) {

-			av = sk_ASN1_TYPE_value(attr->value.set, 0);

-			switch(av->type) {

-				case V_ASN1_BMPSTRING:

-        			value = uni2asc(av->value.bmpstring->data,

-                                	       av->value.bmpstring->length);

-				BIO_printf(out, "%s\n", value);

-				OPENSSL_free(value);

-				break;

-				case V_ASN1_OCTET_STRING:

-				hex_prin(out, av->value.octet_string->data,

-					av->value.octet_string->length);

-				BIO_printf(out, "\n");

-				break;

-				case V_ASN1_BIT_STRING:

-				hex_prin(out, av->value.bit_string->data,

-					av->value.bit_string->length);

-				BIO_printf(out, "\n");

-				break;

-				default:

-					BIO_printf(out, "<Unsupported tag %d>\n", av->type);

-				break;

-			}

-		} else BIO_printf(out, "<No Values>\n");

-	}

-	return 1;

-}

-void hex_prin(BIO *out, unsigned char *buf, int len)

-{

-	int i;

-	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);

-}

-#endif

--- a/sys/src/ape/lib/openssl/apps/pkcs7.c

+++ /dev/null

@@ -1,318 +1,0 @@

-/* apps/pkcs7.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <time.h>

-#include "apps.h"

-#include <openssl/err.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	pkcs7_main

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -print_certs

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	PKCS7 *p7=NULL;

-	int i,badops=0;

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat;

-	char *infile,*outfile,*prog;

-	int print_certs=0,text=0,noout=0;

-	int ret=1;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-		else if (strcmp(*argv,"-print_certs") == 0)

-			print_certs=1;

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");

-		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");

-		BIO_printf(bio_err," -in arg       input file\n");

-		BIO_printf(bio_err," -out arg      output file\n");

-		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");

-		BIO_printf(bio_err," -text         print full details of certificates\n");

-		BIO_printf(bio_err," -noout        don't output encoded data\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");

-#endif

-		ret = 1;

-		goto end;

-		}

-	ERR_load_crypto_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-                goto end;

-                }

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-		if (in == NULL)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if	(informat == FORMAT_ASN1)

-		p7=d2i_PKCS7_bio(in,NULL);

-	else if (informat == FORMAT_PEM)

-		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);

-	else

-		{

-		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");

-		goto end;

-		}

-	if (p7 == NULL)

-		{

-		BIO_printf(bio_err,"unable to load PKCS7 object\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (print_certs)

-		{

-		STACK_OF(X509) *certs=NULL;

-		STACK_OF(X509_CRL) *crls=NULL;

-		i=OBJ_obj2nid(p7->type);

-		switch (i)

-			{

-		case NID_pkcs7_signed:

-			certs=p7->d.sign->cert;

-			crls=p7->d.sign->crl;

-			break;

-		case NID_pkcs7_signedAndEnveloped:

-			certs=p7->d.signed_and_enveloped->cert;

-			crls=p7->d.signed_and_enveloped->crl;

-			break;

-		default:

-			break;

-			}

-		if (certs != NULL)

-			{

-			X509 *x;

-			for (i=0; i<sk_X509_num(certs); i++)

-				{

-				x=sk_X509_value(certs,i);

-				if(text) X509_print(out, x);

-				else dump_cert_text(out, x);

-				if(!noout) PEM_write_bio_X509(out,x);

-				BIO_puts(out,"\n");

-				}

-			}

-		if (crls != NULL)

-			{

-			X509_CRL *crl;

-			for (i=0; i<sk_X509_CRL_num(crls); i++)

-				{

-				crl=sk_X509_CRL_value(crls,i);

-				X509_CRL_print(out, crl);

-				if(!noout)PEM_write_bio_X509_CRL(out,crl);

-				BIO_puts(out,"\n");

-				}

-			}

-		ret=0;

-		goto end;

-		}

-	if(!noout) {

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_PKCS7_bio(out,p7);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_PKCS7(out,p7);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err,"unable to write pkcs7 object\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-	}

-	ret=0;

-end:

-	if (p7 != NULL) PKCS7_free(p7);

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free_all(out);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/pkcs8.c

+++ /dev/null

@@ -1,460 +1,0 @@

-/* pkcs8.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999-2004.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/pkcs12.h>

-#define PROG pkcs8_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	char **args, *infile = NULL, *outfile = NULL;

-	char *passargin = NULL, *passargout = NULL;

-	BIO *in = NULL, *out = NULL;

-	int topk8 = 0;

-	int pbe_nid = -1;

-	const EVP_CIPHER *cipher = NULL;

-	int iter = PKCS12_DEFAULT_ITER;

-	int informat, outformat;

-	int p8_broken = PKCS8_OK;

-	int nocrypt = 0;

-	X509_SIG *p8;

-	PKCS8_PRIV_KEY_INFO *p8inf;

-	EVP_PKEY *pkey=NULL;

-	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;

-	int badarg = 0;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	ERR_load_crypto_strings();

-	OpenSSL_add_all_algorithms();

-	args = argv + 1;

-	while (!badarg && *args && *args[0] == '-')

-		{

-		if (!strcmp(*args,"-v2"))

-			{

-			if (args[1])

-				{

-				args++;

-				cipher=EVP_get_cipherbyname(*args);

-				if (!cipher)

-					{

-					BIO_printf(bio_err,

-						 "Unknown cipher %s\n", *args);

-					badarg = 1;

-					}

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp(*args,"-v1"))

-			{

-			if (args[1])

-				{

-				args++;

-				pbe_nid=OBJ_txt2nid(*args);

-				if (pbe_nid == NID_undef)

-					{

-					BIO_printf(bio_err,

-						 "Unknown PBE algorithm %s\n", *args);

-					badarg = 1;

-					}

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp(*args,"-inform"))

-			{

-			if (args[1])

-				{

-				args++;

-				informat=str2fmt(*args);

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp(*args,"-outform"))

-			{

-			if (args[1])

-				{

-				args++;

-				outformat=str2fmt(*args);

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-topk8"))

-			topk8 = 1;

-		else if (!strcmp (*args, "-noiter"))

-			iter = 1;

-		else if (!strcmp (*args, "-nocrypt"))

-			nocrypt = 1;

-		else if (!strcmp (*args, "-nooct"))

-			p8_broken = PKCS8_NO_OCTET;

-		else if (!strcmp (*args, "-nsdb"))

-			p8_broken = PKCS8_NS_DB;

-		else if (!strcmp (*args, "-embed"))

-			p8_broken = PKCS8_EMBEDDED_PARAM;

-		else if (!strcmp(*args,"-passin"))

-			{

-			if (!args[1]) goto bad;

-			passargin= *(++args);

-			}

-		else if (!strcmp(*args,"-passout"))

-			{

-			if (!args[1]) goto bad;

-			passargout= *(++args);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*args,"-engine") == 0)

-			{

-			if (!args[1]) goto bad;

-			engine= *(++args);

-			}

-#endif

-		else if (!strcmp (*args, "-in"))

-			{

-			if (args[1])

-				{

-				args++;

-				infile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-out"))

-			{

-			if (args[1])

-				{

-				args++;

-				outfile = *args;

-				}

-			else badarg = 1;

-			}

-		else badarg = 1;

-		args++;

-		}

-	if (badarg)

-		{

-		bad:

-		BIO_printf(bio_err, "Usage pkcs8 [options]\n");

-		BIO_printf(bio_err, "where options are\n");

-		BIO_printf(bio_err, "-in file        input file\n");

-		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");

-		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");

-		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");

-		BIO_printf(bio_err, "-out file       output file\n");

-		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");

-		BIO_printf(bio_err, "-topk8          output PKCS8 file\n");

-		BIO_printf(bio_err, "-nooct          use (nonstandard) no octet format\n");

-		BIO_printf(bio_err, "-embed          use (nonstandard) embedded DSA parameters format\n");

-		BIO_printf(bio_err, "-nsdb           use (nonstandard) DSA Netscape DB format\n");

-		BIO_printf(bio_err, "-noiter         use 1 as iteration count\n");

-		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");

-		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");

-		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");

-#endif

-		return 1;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))

-		{

-		BIO_printf(bio_err, "Error getting passwords\n");

-		return 1;

-		}

-	if ((pbe_nid == -1) && !cipher)

-		pbe_nid = NID_pbeWithMD5AndDES_CBC;

-	if (infile)

-		{

-		if (!(in = BIO_new_file(infile, "rb")))

-			{

-			BIO_printf(bio_err,

-				 "Can't open input file %s\n", infile);

-			return (1);

-			}

-		}

-	else

-		in = BIO_new_fp (stdin, BIO_NOCLOSE);

-	if (outfile)

-		{

-		if (!(out = BIO_new_file (outfile, "wb")))

-			{

-			BIO_printf(bio_err,

-				 "Can't open output file %s\n", outfile);

-			return (1);

-			}

-		}

-	else

-		{

-		out = BIO_new_fp (stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			out = BIO_push(tmpbio, out);

-			}

-#endif

-		}

-	if (topk8)

-		{

-		BIO_free(in); /* Not needed in this section */

-		pkey = load_key(bio_err, infile, informat, 1,

-			passin, e, "key");

-		if (!pkey)

-			{

-			BIO_free_all(out);

-			return 1;

-			}

-		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))

-			{

-			BIO_printf(bio_err, "Error converting key\n");

-			ERR_print_errors(bio_err);

-			EVP_PKEY_free(pkey);

-			BIO_free_all(out);

-			return 1;

-			}

-		if (nocrypt)

-			{

-			if (outformat == FORMAT_PEM)

-				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);

-			else if (outformat == FORMAT_ASN1)

-				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);

-			else

-				{

-				BIO_printf(bio_err, "Bad format specified for key\n");

-				PKCS8_PRIV_KEY_INFO_free(p8inf);

-				EVP_PKEY_free(pkey);

-				BIO_free_all(out);

-				return (1);

-				}

-			}

-		else

-			{

-			if (passout)

-				p8pass = passout;

-			else

-				{

-				p8pass = pass;

-				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))

-					{

-					PKCS8_PRIV_KEY_INFO_free(p8inf);

-					EVP_PKEY_free(pkey);

-					BIO_free_all(out);

-					return (1);

-					}

-				}

-			app_RAND_load_file(NULL, bio_err, 0);

-			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,

-					p8pass, strlen(p8pass),

-					NULL, 0, iter, p8inf)))

-				{

-				BIO_printf(bio_err, "Error encrypting key\n");

-				ERR_print_errors(bio_err);

-				PKCS8_PRIV_KEY_INFO_free(p8inf);

-				EVP_PKEY_free(pkey);

-				BIO_free_all(out);

-				return (1);

-				}

-			app_RAND_write_file(NULL, bio_err);

-			if (outformat == FORMAT_PEM)

-				PEM_write_bio_PKCS8(out, p8);

-			else if (outformat == FORMAT_ASN1)

-				i2d_PKCS8_bio(out, p8);

-			else

-				{

-				BIO_printf(bio_err, "Bad format specified for key\n");

-				PKCS8_PRIV_KEY_INFO_free(p8inf);

-				EVP_PKEY_free(pkey);

-				BIO_free_all(out);

-				return (1);

-				}

-			X509_SIG_free(p8);

-			}

-		PKCS8_PRIV_KEY_INFO_free (p8inf);

-		EVP_PKEY_free(pkey);

-		BIO_free_all(out);

-		if (passin)

-			OPENSSL_free(passin);

-		if (passout)

-			OPENSSL_free(passout);

-		return (0);

-		}

-	if (nocrypt)

-		{

-		if (informat == FORMAT_PEM)

-			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);

-		else if (informat == FORMAT_ASN1)

-			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);

-		else

-			{

-			BIO_printf(bio_err, "Bad format specified for key\n");

-			return (1);

-			}

-		}

-	else

-		{

-		if (informat == FORMAT_PEM)

-			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);

-		else if (informat == FORMAT_ASN1)

-			p8 = d2i_PKCS8_bio(in, NULL);

-		else

-			{

-			BIO_printf(bio_err, "Bad format specified for key\n");

-			return (1);

-			}

-		if (!p8)

-			{

-			BIO_printf (bio_err, "Error reading key\n");

-			ERR_print_errors(bio_err);

-			return (1);

-			}

-		if (passin)

-			p8pass = passin;

-		else

-			{

-			p8pass = pass;

-			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);

-			}

-		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));

-		X509_SIG_free(p8);

-		}

-	if (!p8inf)

-		{

-		BIO_printf(bio_err, "Error decrypting key\n");

-		ERR_print_errors(bio_err);

-		return (1);

-		}

-	if (!(pkey = EVP_PKCS82PKEY(p8inf)))

-		{

-		BIO_printf(bio_err, "Error converting key\n");

-		ERR_print_errors(bio_err);

-		return (1);

-		}

-	if (p8inf->broken)

-		{

-		BIO_printf(bio_err, "Warning: broken key encoding: ");

-		switch (p8inf->broken)

-			{

-			case PKCS8_NO_OCTET:

-			BIO_printf(bio_err, "No Octet String in PrivateKey\n");

-			break;

-			case PKCS8_EMBEDDED_PARAM:

-			BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");

-			break;

-			case PKCS8_NS_DB:

-			BIO_printf(bio_err, "DSA public key include in PrivateKey\n");

-			break;

-			default:

-			BIO_printf(bio_err, "Unknown broken type\n");

-			break;

-		}

-	}

-	PKCS8_PRIV_KEY_INFO_free(p8inf);

-	if (outformat == FORMAT_PEM)

-		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);

-	else if (outformat == FORMAT_ASN1)

-		i2d_PrivateKey_bio(out, pkey);

-	else

-		{

-		BIO_printf(bio_err, "Bad format specified for key\n");

-			return (1);

-		}

-	end:

-	EVP_PKEY_free(pkey);

-	BIO_free_all(out);

-	BIO_free(in);

-	if (passin)

-		OPENSSL_free(passin);

-	if (passout)

-		OPENSSL_free(passout);

-	return (0);

-	}

--- a/sys/src/ape/lib/openssl/apps/prime.c

+++ /dev/null

@@ -1,130 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- *

- */

-#include <string.h>

-#include "apps.h"

-#include <openssl/bn.h>

-#undef PROG

-#define PROG prime_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-    {

-    int hex=0;

-    int checks=20;

-    BIGNUM *bn=NULL;

-    BIO *bio_out;

-    apps_startup();

-    if (bio_err == NULL)

-	if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-    --argc;

-    ++argv;

-    while (argc >= 1 && **argv == '-')

-	{

-	if(!strcmp(*argv,"-hex"))

-	    hex=1;

-	else if(!strcmp(*argv,"-checks"))

-	    if(--argc < 1)

-		goto bad;

-	    else

-		checks=atoi(*++argv);

-	else

-	    {

-	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);

-	    goto bad;

-	    }

-	--argc;

-	++argv;

-	}

-    if (argv[0] == NULL)

-	{

-	BIO_printf(bio_err,"No prime specified\n");

-	goto bad;

-	}

-   if ((bio_out=BIO_new(BIO_s_file())) != NULL)

-	{

-	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-	    {

-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	    bio_out = BIO_push(tmpbio, bio_out);

-	    }

-#endif

-	}

-    if(hex)

-	BN_hex2bn(&bn,argv[0]);

-    else

-	BN_dec2bn(&bn,argv[0]);

-    BN_print(bio_out,bn);

-    BIO_printf(bio_out," is %sprime\n",

-	       BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");

-    BN_free(bn);

-    BIO_free_all(bio_out);

-    return 0;

-    bad:

-    BIO_printf(bio_err,"options are\n");

-    BIO_printf(bio_err,"%-14s hex\n","-hex");

-    BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");

-    return 1;

-    }

--- a/sys/src/ape/lib/openssl/apps/privkey.pem

+++ /dev/null

@@ -1,18 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-Proc-Type: 4,ENCRYPTED

-DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF

-6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9

-Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo

-F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3

-XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE

-jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy

-vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh

-JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf

-PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM

-POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS

-gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz

-8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v

-Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC

-dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/progs.h

+++ /dev/null

@@ -1,339 +1,0 @@

-/* apps/progs.h */

-/* automatically generated by progs.pl for openssl.c */

-extern int verify_main(int argc,char *argv[]);

-extern int asn1parse_main(int argc,char *argv[]);

-extern int req_main(int argc,char *argv[]);

-extern int dgst_main(int argc,char *argv[]);

-extern int dh_main(int argc,char *argv[]);

-extern int dhparam_main(int argc,char *argv[]);

-extern int enc_main(int argc,char *argv[]);

-extern int passwd_main(int argc,char *argv[]);

-extern int gendh_main(int argc,char *argv[]);

-extern int errstr_main(int argc,char *argv[]);

-extern int ca_main(int argc,char *argv[]);

-extern int crl_main(int argc,char *argv[]);

-extern int rsa_main(int argc,char *argv[]);

-extern int rsautl_main(int argc,char *argv[]);

-extern int dsa_main(int argc,char *argv[]);

-extern int dsaparam_main(int argc,char *argv[]);

-extern int ec_main(int argc,char *argv[]);

-extern int ecparam_main(int argc,char *argv[]);

-extern int x509_main(int argc,char *argv[]);

-extern int genrsa_main(int argc,char *argv[]);

-extern int gendsa_main(int argc,char *argv[]);

-extern int s_server_main(int argc,char *argv[]);

-extern int s_client_main(int argc,char *argv[]);

-extern int speed_main(int argc,char *argv[]);

-extern int s_time_main(int argc,char *argv[]);

-extern int version_main(int argc,char *argv[]);

-extern int pkcs7_main(int argc,char *argv[]);

-extern int crl2pkcs7_main(int argc,char *argv[]);

-extern int sess_id_main(int argc,char *argv[]);

-extern int ciphers_main(int argc,char *argv[]);

-extern int nseq_main(int argc,char *argv[]);

-extern int pkcs12_main(int argc,char *argv[]);

-extern int pkcs8_main(int argc,char *argv[]);

-extern int spkac_main(int argc,char *argv[]);

-extern int smime_main(int argc,char *argv[]);

-extern int rand_main(int argc,char *argv[]);

-extern int engine_main(int argc,char *argv[]);

-extern int ocsp_main(int argc,char *argv[]);

-extern int prime_main(int argc,char *argv[]);

-#define FUNC_TYPE_GENERAL	1

-#define FUNC_TYPE_MD		2

-#define FUNC_TYPE_CIPHER	3

-typedef struct {

-	int type;

-	const char *name;

-	int (*func)(int argc,char *argv[]);

-	} FUNCTION;

-FUNCTION functions[] = {

-	{FUNC_TYPE_GENERAL,"verify",verify_main},

-	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},

-	{FUNC_TYPE_GENERAL,"req",req_main},

-	{FUNC_TYPE_GENERAL,"dgst",dgst_main},

-#ifndef OPENSSL_NO_DH

-	{FUNC_TYPE_GENERAL,"dh",dh_main},

-#endif

-#ifndef OPENSSL_NO_DH

-	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},

-#endif

-	{FUNC_TYPE_GENERAL,"enc",enc_main},

-	{FUNC_TYPE_GENERAL,"passwd",passwd_main},

-#ifndef OPENSSL_NO_DH

-	{FUNC_TYPE_GENERAL,"gendh",gendh_main},

-#endif

-	{FUNC_TYPE_GENERAL,"errstr",errstr_main},

-	{FUNC_TYPE_GENERAL,"ca",ca_main},

-	{FUNC_TYPE_GENERAL,"crl",crl_main},

-#ifndef OPENSSL_NO_RSA

-	{FUNC_TYPE_GENERAL,"rsa",rsa_main},

-#endif

-#ifndef OPENSSL_NO_RSA

-	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},

-#endif

-#ifndef OPENSSL_NO_DSA

-	{FUNC_TYPE_GENERAL,"dsa",dsa_main},

-#endif

-#ifndef OPENSSL_NO_DSA

-	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},

-#endif

-#ifndef OPENSSL_NO_EC

-	{FUNC_TYPE_GENERAL,"ec",ec_main},

-#endif

-#ifndef OPENSSL_NO_EC

-	{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},

-#endif

-	{FUNC_TYPE_GENERAL,"x509",x509_main},

-#ifndef OPENSSL_NO_RSA

-	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},

-#endif

-#ifndef OPENSSL_NO_DSA

-	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},

-#endif

-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))

-	{FUNC_TYPE_GENERAL,"s_server",s_server_main},

-#endif

-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))

-	{FUNC_TYPE_GENERAL,"s_client",s_client_main},

-#endif

-#ifndef OPENSSL_NO_SPEED

-	{FUNC_TYPE_GENERAL,"speed",speed_main},

-#endif

-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))

-	{FUNC_TYPE_GENERAL,"s_time",s_time_main},

-#endif

-	{FUNC_TYPE_GENERAL,"version",version_main},

-	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},

-	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},

-	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},

-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))

-	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},

-#endif

-	{FUNC_TYPE_GENERAL,"nseq",nseq_main},

-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)

-	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},

-#endif

-	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},

-	{FUNC_TYPE_GENERAL,"spkac",spkac_main},

-	{FUNC_TYPE_GENERAL,"smime",smime_main},

-	{FUNC_TYPE_GENERAL,"rand",rand_main},

-#ifndef OPENSSL_NO_ENGINE

-	{FUNC_TYPE_GENERAL,"engine",engine_main},

-#endif

-	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},

-	{FUNC_TYPE_GENERAL,"prime",prime_main},

-#ifndef OPENSSL_NO_MD2

-	{FUNC_TYPE_MD,"md2",dgst_main},

-#endif

-#ifndef OPENSSL_NO_MD4

-	{FUNC_TYPE_MD,"md4",dgst_main},

-#endif

-#ifndef OPENSSL_NO_MD5

-	{FUNC_TYPE_MD,"md5",dgst_main},

-#endif

-#ifndef OPENSSL_NO_SHA

-	{FUNC_TYPE_MD,"sha",dgst_main},

-#endif

-#ifndef OPENSSL_NO_SHA1

-	{FUNC_TYPE_MD,"sha1",dgst_main},

-#endif

-#ifndef OPENSSL_NO_MDC2

-	{FUNC_TYPE_MD,"mdc2",dgst_main},

-#endif

-#ifndef OPENSSL_NO_RMD160

-	{FUNC_TYPE_MD,"rmd160",dgst_main},

-#endif

-#ifndef OPENSSL_NO_AES

-	{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_AES

-	{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_AES

-	{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_AES

-	{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_AES

-	{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_AES

-	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},

-#endif

-	{FUNC_TYPE_CIPHER,"base64",enc_main},

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des3",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"desx",enc_main},

-#endif

-#ifndef OPENSSL_NO_IDEA

-	{FUNC_TYPE_CIPHER,"idea",enc_main},

-#endif

-#ifndef OPENSSL_NO_SEED

-	{FUNC_TYPE_CIPHER,"seed",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC4

-	{FUNC_TYPE_CIPHER,"rc4",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC4

-	{FUNC_TYPE_CIPHER,"rc4-40",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2",enc_main},

-#endif

-#ifndef OPENSSL_NO_BF

-	{FUNC_TYPE_CIPHER,"bf",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAST

-	{FUNC_TYPE_CIPHER,"cast",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC5

-	{FUNC_TYPE_CIPHER,"rc5",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_DES

-	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_IDEA

-	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_IDEA

-	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_IDEA

-	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_IDEA

-	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_SEED

-	{FUNC_TYPE_CIPHER,"seed-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_SEED

-	{FUNC_TYPE_CIPHER,"seed-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_SEED

-	{FUNC_TYPE_CIPHER,"seed-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_SEED

-	{FUNC_TYPE_CIPHER,"seed-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC2

-	{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_BF

-	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_BF

-	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_BF

-	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_BF

-	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAST

-	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAST

-	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAST

-	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAST

-	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},

-#endif

-#ifndef OPENSSL_NO_CAST

-	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC5

-	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC5

-	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC5

-	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},

-#endif

-#ifndef OPENSSL_NO_RC5

-	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},

-#endif

-	{0,NULL,NULL}

-	};

--- a/sys/src/ape/lib/openssl/apps/progs.pl

+++ /dev/null

@@ -1,93 +1,0 @@

-#!/usr/local/bin/perl

-print "/* apps/progs.h */\n";

-print "/* automatically generated by progs.pl for openssl.c */\n\n";

-grep(s/^asn1pars$/asn1parse/,@ARGV);

-foreach (@ARGV)

-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }

-print <<'EOF';

-#define FUNC_TYPE_GENERAL	1

-#define FUNC_TYPE_MD		2

-#define FUNC_TYPE_CIPHER	3

-typedef struct {

-	int type;

-	const char *name;

-	int (*func)(int argc,char *argv[]);

-	} FUNCTION;

-FUNCTION functions[] = {

-EOF

-foreach (@ARGV)

-	{

-	push(@files,$_);

-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";

-	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))

-		{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }

-	elsif ( ($_ =~ /^speed$/))

-		{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }

-	elsif ( ($_ =~ /^engine$/))

-		{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }

-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))

-		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }

-	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))

-		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }

-	elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))

-		{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}

-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))

-		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }

-	elsif ( ($_ =~ /^pkcs12$/))

-		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }

-	else

-		{ print $str; }

-	}

-foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")

-	{

-	push(@files,$_);

-	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";

-	}

-foreach (

-	"aes-128-cbc", "aes-128-ecb",

-	"aes-192-cbc", "aes-192-ecb",

-	"aes-256-cbc", "aes-256-ecb",

-	"camellia-128-cbc", "camellia-128-ecb",

-	"camellia-192-cbc", "camellia-192-ecb",

-	"camellia-256-cbc", "camellia-256-ecb",

-	"base64",

-	"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",

-	"rc2", "bf", "cast", "rc5",

-	"des-ecb", "des-ede",    "des-ede3",

-	"des-cbc", "des-ede-cbc","des-ede3-cbc",

-	"des-cfb", "des-ede-cfb","des-ede3-cfb",

-	"des-ofb", "des-ede-ofb","des-ede3-ofb",

-	"idea-cbc","idea-ecb",    "idea-cfb", "idea-ofb",

-	"seed-cbc","seed-ecb",    "seed-cfb", "seed-ofb",

-	"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",

-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",

-	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",

-	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")

-	{

-	push(@files,$_);

-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);

-	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }

-	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }

-	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }

-	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }

-	elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }

-	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }

-	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }

-	elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }

-	elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }

-	elsif ($_ =~ /rc5/)  { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }

-	print $t;

-	}

-print "\t{0,NULL,NULL}\n\t};\n";

--- a/sys/src/ape/lib/openssl/apps/rand.c

+++ /dev/null

@@ -1,227 +1,0 @@

-/* apps/rand.c */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "apps.h"

-#include <ctype.h>

-#include <stdio.h>

-#include <string.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#undef PROG

-#define PROG rand_main

-/* -out file         - write to file

- * -rand file:file   - PRNG seed files

- * -base64           - encode output

- * num               - write 'num' bytes

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	int i, r, ret = 1;

-	int badopt;

-	char *outfile = NULL;

-	char *inrand = NULL;

-	int base64 = 0;

-	BIO *out = NULL;

-	int num = -1;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto err;

-	badopt = 0;

-	i = 0;

-	while (!badopt && argv[++i] != NULL)

-		{

-		if (strcmp(argv[i], "-out") == 0)

-			{

-			if ((argv[i+1] != NULL) && (outfile == NULL))

-				outfile = argv[++i];

-			else

-				badopt = 1;

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(argv[i], "-engine") == 0)

-			{

-			if ((argv[i+1] != NULL) && (engine == NULL))

-				engine = argv[++i];

-			else

-				badopt = 1;

-			}

-#endif

-		else if (strcmp(argv[i], "-rand") == 0)

-			{

-			if ((argv[i+1] != NULL) && (inrand == NULL))

-				inrand = argv[++i];

-			else

-				badopt = 1;

-			}

-		else if (strcmp(argv[i], "-base64") == 0)

-			{

-			if (!base64)

-				base64 = 1;

-			else

-				badopt = 1;

-			}

-		else if (isdigit((unsigned char)argv[i][0]))

-			{

-			if (num < 0)

-				{

-				r = sscanf(argv[i], "%d", &num);

-				if (r == 0 || num < 0)

-					badopt = 1;

-				}

-			else

-				badopt = 1;

-			}

-		else

-			badopt = 1;

-		}

-	if (num < 0)

-		badopt = 1;

-	if (badopt)

-		{

-		BIO_printf(bio_err, "Usage: rand [options] num\n");

-		BIO_printf(bio_err, "where options are\n");

-		BIO_printf(bio_err, "-out file             - write to file\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err, "-base64               - encode output\n");

-		goto err;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	app_RAND_load_file(NULL, bio_err, (inrand != NULL));

-	if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-	out = BIO_new(BIO_s_file());

-	if (out == NULL)

-		goto err;

-	if (outfile != NULL)

-		r = BIO_write_filename(out, outfile);

-	else

-		{

-		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	if (r <= 0)

-		goto err;

-	if (base64)

-		{

-		BIO *b64 = BIO_new(BIO_f_base64());

-		if (b64 == NULL)

-			goto err;

-		out = BIO_push(b64, out);

-		}

-	while (num > 0)

-		{

-		unsigned char buf[4096];

-		int chunk;

-		chunk = num;

-		if (chunk > (int)sizeof(buf))

-			chunk = sizeof buf;

-		r = RAND_bytes(buf, chunk);

-		if (r <= 0)

-			goto err;

-		BIO_write(out, buf, chunk);

-		num -= chunk;

-		}

-	(void)BIO_flush(out);

-	app_RAND_write_file(NULL, bio_err);

-	ret = 0;

-err:

-	ERR_print_errors(bio_err);

-	if (out)

-		BIO_free_all(out);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/req.c

+++ /dev/null

@@ -1,1686 +1,0 @@

-/* apps/req.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <time.h>

-#include <string.h>

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-#include <openssl/conf.h>

-#include <openssl/err.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/objects.h>

-#include <openssl/pem.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#define SECTION		"req"

-#define BITS		"default_bits"

-#define KEYFILE		"default_keyfile"

-#define PROMPT		"prompt"

-#define DISTINGUISHED_NAME	"distinguished_name"

-#define ATTRIBUTES	"attributes"

-#define V3_EXTENSIONS	"x509_extensions"

-#define REQ_EXTENSIONS	"req_extensions"

-#define STRING_MASK	"string_mask"

-#define UTF8_IN		"utf8"

-#define DEFAULT_KEY_LENGTH	512

-#define MIN_KEY_LENGTH		384

-#undef PROG

-#define PROG	req_main

-/* -inform arg	- input format - default PEM (DER or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -verify	- check request signature

- * -noout	- don't print stuff out.

- * -text	- print out human readable text.

- * -nodes	- no des encryption

- * -config file	- Load configuration file.

- * -key file	- make a request using key in file (or use it for verification).

- * -keyform arg	- key file format.

- * -rand file(s) - load the file(s) into the PRNG.

- * -newkey	- make a key and a request.

- * -modulus	- print RSA modulus.

- * -pubkey	- output Public Key.

- * -x509	- output a self signed X509 structure instead.

- * -asn1-kludge	- output new certificate request in a format that some CA's

- *		  require.  This format is wrong

- */

-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,

-		int attribs,unsigned long chtype);

-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,

-		int multirdn);

-static int prompt_info(X509_REQ *req,

-		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,

-		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,

-		unsigned long chtype);

-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,

-				STACK_OF(CONF_VALUE) *attr, int attribs,

-				unsigned long chtype);

-static int add_attribute_object(X509_REQ *req, char *text, const char *def,

-				char *value, int nid, int n_min,

-				int n_max, unsigned long chtype);

-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,

-	int nid,int n_min,int n_max, unsigned long chtype, int mval);

-#ifndef OPENSSL_NO_RSA

-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);

-#endif

-static int req_check_len(int len,int n_min,int n_max);

-static int check_end(const char *str, const char *end);

-#ifndef MONOLITH

-static char *default_config_file=NULL;

-#endif

-static CONF *req_conf=NULL;

-static int batch=0;

-#define TYPE_RSA	1

-#define TYPE_DSA	2

-#define TYPE_DH		3

-#define TYPE_EC		4

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-#ifndef OPENSSL_NO_DSA

-	DSA *dsa_params=NULL;

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	EC_KEY *ec_params = NULL;

-#endif

-	unsigned long nmflag = 0, reqflag = 0;

-	int ex=1,x509=0,days=30;

-	X509 *x509ss=NULL;

-	X509_REQ *req=NULL;

-	EVP_PKEY *pkey=NULL;

-	int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;

-	long newkey = -1;

-	BIO *in=NULL,*out=NULL;

-	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;

-	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;

-	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	char *extensions = NULL;

-	char *req_exts = NULL;

-	const EVP_CIPHER *cipher=NULL;

-	ASN1_INTEGER *serial = NULL;

-	int modulus=0;

-	char *inrand=NULL;

-	char *passargin = NULL, *passargout = NULL;

-	char *passin = NULL, *passout = NULL;

-	char *p;

-	char *subj = NULL;

-	int multirdn = 0;

-	const EVP_MD *md_alg=NULL,*digest=EVP_sha1();

-	unsigned long chtype = MBSTRING_ASC;

-#ifndef MONOLITH

-	char *to_free;

-	long errline;

-#endif

-	req_conf = NULL;

-#ifndef OPENSSL_NO_DES

-	cipher=EVP_des_ede3_cbc();

-#endif

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-pubkey") == 0)

-			{

-			pubkey=1;

-			}

-		else if (strcmp(*argv,"-new") == 0)

-			{

-			newreq=1;

-			}

-		else if (strcmp(*argv,"-config") == 0)

-			{

-			if (--argc < 1) goto bad;

-			template= *(++argv);

-			}

-		else if (strcmp(*argv,"-keyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyform=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-keyout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyout= *(++argv);

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-passout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargout= *(++argv);

-			}

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-		else if (strcmp(*argv,"-newkey") == 0)

-			{

-			int is_numeric;

-			if (--argc < 1) goto bad;

-			p= *(++argv);

-			is_numeric = p[0] >= '0' && p[0] <= '9';

-			if (strncmp("rsa:",p,4) == 0 || is_numeric)

-				{

-				pkey_type=TYPE_RSA;

-				if(!is_numeric)

-				    p+=4;

-				newkey= atoi(p);

-				}

-			else

-#ifndef OPENSSL_NO_DSA

-				if (strncmp("dsa:",p,4) == 0)

-				{

-				X509 *xtmp=NULL;

-				EVP_PKEY *dtmp;

-				pkey_type=TYPE_DSA;

-				p+=4;

-				if ((in=BIO_new_file(p,"r")) == NULL)

-					{

-					perror(p);

-					goto end;

-					}

-				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)

-					{

-					ERR_clear_error();

-					(void)BIO_reset(in);

-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)

-						{

-						BIO_printf(bio_err,"unable to load DSA parameters from file\n");

-						goto end;

-						}

-					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;

-					if (dtmp->type == EVP_PKEY_DSA)

-						dsa_params=DSAparams_dup(dtmp->pkey.dsa);

-					EVP_PKEY_free(dtmp);

-					X509_free(xtmp);

-					if (dsa_params == NULL)

-						{

-						BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");

-						goto end;

-						}

-					}

-				BIO_free(in);

-				in=NULL;

-				newkey=BN_num_bits(dsa_params->p);

-				}

-			else

-#endif

-#ifndef OPENSSL_NO_ECDSA

-				if (strncmp("ec:",p,3) == 0)

-				{

-				X509 *xtmp=NULL;

-				EVP_PKEY *dtmp;

-				EC_GROUP *group;

-				pkey_type=TYPE_EC;

-				p+=3;

-				if ((in=BIO_new_file(p,"r")) == NULL)

-					{

-					perror(p);

-					goto end;

-					}

-				if ((ec_params = EC_KEY_new()) == NULL)

-					goto end;

-				group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);

-				if (group == NULL)

-					{

-					EC_KEY_free(ec_params);

-					ERR_clear_error();

-					(void)BIO_reset(in);

-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)

-						{

-						BIO_printf(bio_err,"unable to load EC parameters from file\n");

-						goto end;

-						}

-					if ((dtmp=X509_get_pubkey(xtmp))==NULL)

-						goto end;

-					if (dtmp->type == EVP_PKEY_EC)

-						ec_params = EC_KEY_dup(dtmp->pkey.ec);

-					EVP_PKEY_free(dtmp);

-					X509_free(xtmp);

-					if (ec_params == NULL)

-						{

-						BIO_printf(bio_err,"Certificate does not contain EC parameters\n");

-						goto end;

-						}

-					}

-				else

-					{

-					if (EC_KEY_set_group(ec_params, group) == 0)

-						goto end;

-					EC_GROUP_free(group);

-					}

-				BIO_free(in);

-				in=NULL;

-				newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));

-				}

-			else

-#endif

-#ifndef OPENSSL_NO_DH

-				if (strncmp("dh:",p,3) == 0)

-				{

-				pkey_type=TYPE_DH;

-				p+=3;

-				}

-			else

-#endif

-				{

-				goto bad;

-				}

-			newreq=1;

-			}

-		else if (strcmp(*argv,"-batch") == 0)

-			batch=1;

-		else if (strcmp(*argv,"-newhdr") == 0)

-			newhdr=1;

-		else if (strcmp(*argv,"-modulus") == 0)

-			modulus=1;

-		else if (strcmp(*argv,"-verify") == 0)

-			verify=1;

-		else if (strcmp(*argv,"-nodes") == 0)

-			nodes=1;

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-verbose") == 0)

-			verbose=1;

-		else if (strcmp(*argv,"-utf8") == 0)

-			chtype = MBSTRING_UTF8;

-		else if (strcmp(*argv,"-nameopt") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;

-			}

-		else if (strcmp(*argv,"-reqopt") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!set_cert_ex(&reqflag, *(++argv))) goto bad;

-			}

-		else if (strcmp(*argv,"-subject") == 0)

-			subject=1;

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-		else if (strcmp(*argv,"-x509") == 0)

-			x509=1;

-		else if (strcmp(*argv,"-asn1-kludge") == 0)

-			kludge=1;

-		else if (strcmp(*argv,"-no-asn1-kludge") == 0)

-			kludge=0;

-		else if (strcmp(*argv,"-subj") == 0)

-			{

-			if (--argc < 1) goto bad;

-			subj= *(++argv);

-			}

-		else if (strcmp(*argv,"-multivalue-rdn") == 0)

-			multirdn=1;

-		else if (strcmp(*argv,"-days") == 0)

-			{

-			if (--argc < 1) goto bad;

-			days= atoi(*(++argv));

-			if (days == 0) days=30;

-			}

-		else if (strcmp(*argv,"-set_serial") == 0)

-			{

-			if (--argc < 1) goto bad;

-			serial = s2i_ASN1_INTEGER(NULL, *(++argv));

-			if (!serial) goto bad;

-			}

-		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)

-			{

-			/* ok */

-			digest=md_alg;

-			}

-		else if (strcmp(*argv,"-extensions") == 0)

-			{

-			if (--argc < 1) goto bad;

-			extensions = *(++argv);

-			}

-		else if (strcmp(*argv,"-reqexts") == 0)

-			{

-			if (--argc < 1) goto bad;

-			req_exts = *(++argv);

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options  are\n");

-		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");

-		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");

-		BIO_printf(bio_err," -in arg        input file\n");

-		BIO_printf(bio_err," -out arg       output file\n");

-		BIO_printf(bio_err," -text          text form of request\n");

-		BIO_printf(bio_err," -pubkey        output public key\n");

-		BIO_printf(bio_err," -noout         do not output REQ\n");

-		BIO_printf(bio_err," -verify        verify signature on REQ\n");

-		BIO_printf(bio_err," -modulus       RSA modulus\n");

-		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");

-#endif

-		BIO_printf(bio_err," -subject       output the request's subject\n");

-		BIO_printf(bio_err," -passin        private key password source\n");

-		BIO_printf(bio_err," -key file      use the private key contained in file\n");

-		BIO_printf(bio_err," -keyform arg   key file format\n");

-		BIO_printf(bio_err," -keyout arg    file to send the key to\n");

-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");

-		BIO_printf(bio_err,"                the random number generator\n");

-		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");

-		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");

-#ifndef OPENSSL_NO_ECDSA

-		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");

-#endif

-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");

-		BIO_printf(bio_err," -config file   request template file.\n");

-		BIO_printf(bio_err," -subj arg      set or modify request subject\n");

-		BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");

-		BIO_printf(bio_err," -new           new request.\n");

-		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");

-		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");

-		BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");

-		BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");

-		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");

-		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");

-		BIO_printf(bio_err,"                have been reported as requiring\n");

-		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");

-		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");

-		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");

-		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");

-		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {

-		BIO_printf(bio_err, "Error getting passwords\n");

-		goto end;

-	}

-#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */

-	/* Lets load up our environment a little */

-	p=getenv("OPENSSL_CONF");

-	if (p == NULL)

-		p=getenv("SSLEAY_CONF");

-	if (p == NULL)

-		p=to_free=make_config_name();

-	default_config_file=p;

-	config=NCONF_new(NULL);

-	i=NCONF_load(config, p, &errline);

-#endif

-	if (template != NULL)

-		{

-		long errline = -1;

-		if( verbose )

-			BIO_printf(bio_err,"Using configuration from %s\n",template);

-		req_conf=NCONF_new(NULL);

-		i=NCONF_load(req_conf,template,&errline);

-		if (i == 0)

-			{

-			BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);

-			goto end;

-			}

-		}

-	else

-		{

-		req_conf=config;

-		if (req_conf == NULL)

-			{

-			BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);

-			if (newreq)

-				goto end;

-			}

-		else if( verbose )

-			BIO_printf(bio_err,"Using configuration from %s\n",

-			default_config_file);

-		}

-	if (req_conf != NULL)

-		{

-		if (!load_config(bio_err, req_conf))

-			goto end;

-		p=NCONF_get_string(req_conf,NULL,"oid_file");

-		if (p == NULL)

-			ERR_clear_error();

-		if (p != NULL)

-			{

-			BIO *oid_bio;

-			oid_bio=BIO_new_file(p,"r");

-			if (oid_bio == NULL)

-				{

-				/*

-				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);

-				ERR_print_errors(bio_err);

-				*/

-				}

-			else

-				{

-				OBJ_create_objects(oid_bio);

-				BIO_free(oid_bio);

-				}

-			}

-		}

-	if(!add_oid_section(bio_err, req_conf)) goto end;

-	if (md_alg == NULL)

-		{

-		p=NCONF_get_string(req_conf,SECTION,"default_md");

-		if (p == NULL)

-			ERR_clear_error();

-		if (p != NULL)

-			{

-			if ((md_alg=EVP_get_digestbyname(p)) != NULL)

-				digest=md_alg;

-			}

-		}

-	if (!extensions)

-		{

-		extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);

-		if (!extensions)

-			ERR_clear_error();

-		}

-	if (extensions) {

-		/* Check syntax of file */

-		X509V3_CTX ctx;

-		X509V3_set_ctx_test(&ctx);

-		X509V3_set_nconf(&ctx, req_conf);

-		if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {

-			BIO_printf(bio_err,

-			 "Error Loading extension section %s\n", extensions);

-			goto end;

-		}

-	}

-	if(!passin)

-		{

-		passin = NCONF_get_string(req_conf, SECTION, "input_password");

-		if (!passin)

-			ERR_clear_error();

-		}

-	if(!passout)

-		{

-		passout = NCONF_get_string(req_conf, SECTION, "output_password");

-		if (!passout)

-			ERR_clear_error();

-		}

-	p = NCONF_get_string(req_conf, SECTION, STRING_MASK);

-	if (!p)

-		ERR_clear_error();

-	if(p && !ASN1_STRING_set_default_mask_asc(p)) {

-		BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);

-		goto end;

-	}

-	if (chtype != MBSTRING_UTF8)

-		{

-		p = NCONF_get_string(req_conf, SECTION, UTF8_IN);

-		if (!p)

-			ERR_clear_error();

-		else if (!strcmp(p, "yes"))

-			chtype = MBSTRING_UTF8;

-		}

-	if(!req_exts)

-		{

-		req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);

-		if (!req_exts)

-			ERR_clear_error();

-		}

-	if(req_exts) {

-		/* Check syntax of file */

-		X509V3_CTX ctx;

-		X509V3_set_ctx_test(&ctx);

-		X509V3_set_nconf(&ctx, req_conf);

-		if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {

-			BIO_printf(bio_err,

-			 "Error Loading request extension section %s\n",

-								req_exts);

-			goto end;

-		}

-	}

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		goto end;

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (keyfile != NULL)

-		{

-		pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,

-			"Private Key");

-		if (!pkey)

-			{

-			/* load_key() has already printed an appropriate

-			   message */

-			goto end;

-			}

-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA ||

-			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)

-			{

-			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");

-			if (randfile == NULL)

-				ERR_clear_error();

-			app_RAND_load_file(randfile, bio_err, 0);

-			}

-		}

-	if (newreq && (pkey == NULL))

-		{

-#ifndef OPENSSL_NO_RSA

-		BN_GENCB cb;

-#endif

-		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");

-		if (randfile == NULL)

-			ERR_clear_error();

-		app_RAND_load_file(randfile, bio_err, 0);

-		if (inrand)

-			app_RAND_load_files(inrand);

-		if (newkey <= 0)

-			{

-			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))

-				newkey=DEFAULT_KEY_LENGTH;

-			}

-		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))

-			{

-			BIO_printf(bio_err,"private key length is too short,\n");

-			BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);

-			goto end;

-			}

-		BIO_printf(bio_err,"Generating a %ld bit %s private key\n",

-			newkey,(pkey_type == TYPE_RSA)?"RSA":

-			(pkey_type == TYPE_DSA)?"DSA":"EC");

-		if ((pkey=EVP_PKEY_new()) == NULL) goto end;

-#ifndef OPENSSL_NO_RSA

-		BN_GENCB_set(&cb, req_cb, bio_err);

-		if (pkey_type == TYPE_RSA)

-			{

-			RSA *rsa = RSA_new();

-			BIGNUM *bn = BN_new();

-			if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||

-					!RSA_generate_key_ex(rsa, newkey, bn, &cb) ||

-					!EVP_PKEY_assign_RSA(pkey, rsa))

-				{

-				if(bn) BN_free(bn);

-				if(rsa) RSA_free(rsa);

-				goto end;

-				}

-			BN_free(bn);

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-			if (pkey_type == TYPE_DSA)

-			{

-			if (!DSA_generate_key(dsa_params)) goto end;

-			if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;

-			dsa_params=NULL;

-			}

-#endif

-#ifndef OPENSSL_NO_ECDSA

-			if (pkey_type == TYPE_EC)

-			{

-			if (!EC_KEY_generate_key(ec_params)) goto end;

-			if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))

-				goto end;

-			ec_params = NULL;

-			}

-#endif

-		app_RAND_write_file(randfile, bio_err);

-		if (pkey == NULL) goto end;

-		if (keyout == NULL)

-			{

-			keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);

-			if (keyout == NULL)

-				ERR_clear_error();

-			}

-		if (keyout == NULL)

-			{

-			BIO_printf(bio_err,"writing new private key to stdout\n");

-			BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			out = BIO_push(tmpbio, out);

-			}

-#endif

-			}

-		else

-			{

-			BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);

-			if (BIO_write_filename(out,keyout) <= 0)

-				{

-				perror(keyout);

-				goto end;

-				}

-			}

-		p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");

-		if (p == NULL)

-			{

-			ERR_clear_error();

-			p=NCONF_get_string(req_conf,SECTION,"encrypt_key");

-			if (p == NULL)

-				ERR_clear_error();

-			}

-		if ((p != NULL) && (strcmp(p,"no") == 0))

-			cipher=NULL;

-		if (nodes) cipher=NULL;

-		i=0;

-loop:

-		if (!PEM_write_bio_PrivateKey(out,pkey,cipher,

-			NULL,0,NULL,passout))

-			{

-			if ((ERR_GET_REASON(ERR_peek_error()) ==

-				PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))

-				{

-				ERR_clear_error();

-				i++;

-				goto loop;

-				}

-			goto end;

-			}

-		BIO_printf(bio_err,"-----\n");

-		}

-	if (!newreq)

-		{

-		/* Since we are using a pre-existing certificate

-		 * request, the kludge 'format' info should not be

-		 * changed. */

-		kludge= -1;

-		if (infile == NULL)

-			BIO_set_fp(in,stdin,BIO_NOCLOSE);

-		else

-			{

-			if (BIO_read_filename(in,infile) <= 0)

-				{

-				perror(infile);

-				goto end;

-				}

-			}

-		if	(informat == FORMAT_ASN1)

-			req=d2i_X509_REQ_bio(in,NULL);

-		else if (informat == FORMAT_PEM)

-			req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);

-		else

-			{

-			BIO_printf(bio_err,"bad input format specified for X509 request\n");

-			goto end;

-			}

-		if (req == NULL)

-			{

-			BIO_printf(bio_err,"unable to load X509 request\n");

-			goto end;

-			}

-		}

-	if (newreq || x509)

-		{

-		if (pkey == NULL)

-			{

-			BIO_printf(bio_err,"you need to specify a private key\n");

-			goto end;

-			}

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-			digest=EVP_dss1();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		if (pkey->type == EVP_PKEY_EC)

-			digest=EVP_ecdsa();

-#endif

-		if (req == NULL)

-			{

-			req=X509_REQ_new();

-			if (req == NULL)

-				{

-				goto end;

-				}

-			i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);

-			subj=NULL; /* done processing '-subj' option */

-			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))

-				{

-				sk_X509_ATTRIBUTE_free(req->req_info->attributes);

-				req->req_info->attributes = NULL;

-				}

-			if (!i)

-				{

-				BIO_printf(bio_err,"problems making Certificate Request\n");

-				goto end;

-				}

-			}

-		if (x509)

-			{

-			EVP_PKEY *tmppkey;

-			X509V3_CTX ext_ctx;

-			if ((x509ss=X509_new()) == NULL) goto end;

-			/* Set version to V3 */

-			if(extensions && !X509_set_version(x509ss, 2)) goto end;

-			if (serial)

-				{

-				if (!X509_set_serialNumber(x509ss, serial)) goto end;

-				}

-			else

-				{

-				if (!rand_serial(NULL,

-					X509_get_serialNumber(x509ss)))

-						goto end;

-				}

-			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;

-			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;

-			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;

-			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;

-			tmppkey = X509_REQ_get_pubkey(req);

-			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;

-			EVP_PKEY_free(tmppkey);

-			/* Set up V3 context struct */

-			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);

-			X509V3_set_nconf(&ext_ctx, req_conf);

-			/* Add extensions */

-			if(extensions && !X509V3_EXT_add_nconf(req_conf,

-				 	&ext_ctx, extensions, x509ss))

-				{

-				BIO_printf(bio_err,

-					"Error Loading extension section %s\n",

-					extensions);

-				goto end;

-				}

-			if (!(i=X509_sign(x509ss,pkey,digest)))

-				goto end;

-			}

-		else

-			{

-			X509V3_CTX ext_ctx;

-			/* Set up V3 context struct */

-			X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);

-			X509V3_set_nconf(&ext_ctx, req_conf);

-			/* Add extensions */

-			if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,

-				 	&ext_ctx, req_exts, req))

-				{

-				BIO_printf(bio_err,

-					"Error Loading extension section %s\n",

-					req_exts);

-				goto end;

-				}

-			if (!(i=X509_REQ_sign(req,pkey,digest)))

-				goto end;

-			}

-		}

-	if (subj && x509)

-		{

-		BIO_printf(bio_err, "Cannot modifiy certificate subject\n");

-		goto end;

-		}

-	if (subj && !x509)

-		{

-		if (verbose)

-			{

-			BIO_printf(bio_err, "Modifying Request's Subject\n");

-			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);

-			}

-		if (build_subject(req, subj, chtype, multirdn) == 0)

-			{

-			BIO_printf(bio_err, "ERROR: cannot modify subject\n");

-			ex=1;

-			goto end;

-			}

-		req->req_info->enc.modified = 1;

-		if (verbose)

-			{

-			print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);

-			}

-		}

-	if (verify && !x509)

-		{

-		int tmp=0;

-		if (pkey == NULL)

-			{

-			pkey=X509_REQ_get_pubkey(req);

-			tmp=1;

-			if (pkey == NULL) goto end;

-			}

-		i=X509_REQ_verify(req,pkey);

-		if (tmp) {

-			EVP_PKEY_free(pkey);

-			pkey=NULL;

-		}

-		if (i < 0)

-			{

-			goto end;

-			}

-		else if (i == 0)

-			{

-			BIO_printf(bio_err,"verify failure\n");

-			ERR_print_errors(bio_err);

-			}

-		else /* if (i > 0) */

-			BIO_printf(bio_err,"verify OK\n");

-		}

-	if (noout && !text && !modulus && !subject && !pubkey)

-		{

-		ex=0;

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))

-			i=(int)BIO_append_filename(out,outfile);

-		else

-			i=(int)BIO_write_filename(out,outfile);

-		if (!i)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (pubkey)

-		{

-		EVP_PKEY *tpubkey;

-		tpubkey=X509_REQ_get_pubkey(req);

-		if (tpubkey == NULL)

-			{

-			BIO_printf(bio_err,"Error getting public key\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		PEM_write_bio_PUBKEY(out, tpubkey);

-		EVP_PKEY_free(tpubkey);

-		}

-	if (text)

-		{

-		if (x509)

-			X509_print_ex(out, x509ss, nmflag, reqflag);

-		else

-			X509_REQ_print_ex(out, req, nmflag, reqflag);

-		}

-	if(subject)

-		{

-		if(x509)

-			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);

-		else

-			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);

-		}

-	if (modulus)

-		{

-		EVP_PKEY *tpubkey;

-		if (x509)

-			tpubkey=X509_get_pubkey(x509ss);

-		else

-			tpubkey=X509_REQ_get_pubkey(req);

-		if (tpubkey == NULL)

-			{

-			fprintf(stdout,"Modulus=unavailable\n");

-			goto end;

-			}

-		fprintf(stdout,"Modulus=");

-#ifndef OPENSSL_NO_RSA

-		if (tpubkey->type == EVP_PKEY_RSA)

-			BN_print(out,tpubkey->pkey.rsa->n);

-		else

-#endif

-			fprintf(stdout,"Wrong Algorithm type");

-		EVP_PKEY_free(tpubkey);

-		fprintf(stdout,"\n");

-		}

-	if (!noout && !x509)

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_X509_REQ_bio(out,req);

-		else if (outformat == FORMAT_PEM) {

-			if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);

-			else i=PEM_write_bio_X509_REQ(out,req);

-		} else {

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err,"unable to write X509 request\n");

-			goto end;

-			}

-		}

-	if (!noout && x509 && (x509ss != NULL))

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_X509_bio(out,x509ss);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_X509(out,x509ss);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i)

-			{

-			BIO_printf(bio_err,"unable to write X509 certificate\n");

-			goto end;

-			}

-		}

-	ex=0;

-end:

-#ifndef MONOLITH

-	if(to_free)

-		OPENSSL_free(to_free);

-#endif

-	if (ex)

-		{

-		ERR_print_errors(bio_err);

-		}

-	if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);

-	BIO_free(in);

-	BIO_free_all(out);

-	EVP_PKEY_free(pkey);

-	X509_REQ_free(req);

-	X509_free(x509ss);

-	ASN1_INTEGER_free(serial);

-	if(passargin && passin) OPENSSL_free(passin);

-	if(passargout && passout) OPENSSL_free(passout);

-	OBJ_cleanup();

-#ifndef OPENSSL_NO_DSA

-	if (dsa_params != NULL) DSA_free(dsa_params);

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	if (ec_params != NULL) EC_KEY_free(ec_params);

-#endif

-	apps_shutdown();

-	OPENSSL_EXIT(ex);

-	}

-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,

-			int attribs, unsigned long chtype)

-	{

-	int ret=0,i;

-	char no_prompt = 0;

-	STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;

-	char *tmp, *dn_sect,*attr_sect;

-	tmp=NCONF_get_string(req_conf,SECTION,PROMPT);

-	if (tmp == NULL)

-		ERR_clear_error();

-	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;

-	dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);

-	if (dn_sect == NULL)

-		{

-		BIO_printf(bio_err,"unable to find '%s' in config\n",

-			DISTINGUISHED_NAME);

-		goto err;

-		}

-	dn_sk=NCONF_get_section(req_conf,dn_sect);

-	if (dn_sk == NULL)

-		{

-		BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);

-		goto err;

-		}

-	attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);

-	if (attr_sect == NULL)

-		{

-		ERR_clear_error();

-		attr_sk=NULL;

-		}

-	else

-		{

-		attr_sk=NCONF_get_section(req_conf,attr_sect);

-		if (attr_sk == NULL)

-			{

-			BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);

-			goto err;

-			}

-		}

-	/* setup version number */

-	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */

-	if (no_prompt)

-		i = auto_info(req, dn_sk, attr_sk, attribs, chtype);

-	else

-		{

-		if (subj)

-			i = build_subject(req, subj, chtype, multirdn);

-		else

-			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);

-		}

-	if(!i) goto err;

-	if (!X509_REQ_set_pubkey(req,pkey)) goto err;

-	ret=1;

-err:

-	return(ret);

-	}

-/*

- * subject is expected to be in the format /type0=value0/type1=value1/type2=...

- * where characters may be escaped by \

- */

-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)

-	{

-	X509_NAME *n;

-	if (!(n = parse_name(subject, chtype, multirdn)))

-		return 0;

-	if (!X509_REQ_set_subject_name(req, n))

-		{

-		X509_NAME_free(n);

-		return 0;

-		}

-	X509_NAME_free(n);

-	return 1;

-}

-static int prompt_info(X509_REQ *req,

-		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,

-		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,

-		unsigned long chtype)

-	{

-	int i;

-	char *p,*q;

-	char buf[100];

-	int nid, mval;

-	long n_min,n_max;

-	char *type, *value;

-	const char *def;

-	CONF_VALUE *v;

-	X509_NAME *subj;

-	subj = X509_REQ_get_subject_name(req);

-	if(!batch)

-		{

-		BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");

-		BIO_printf(bio_err,"into your certificate request.\n");

-		BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");

-		BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");

-		BIO_printf(bio_err,"For some fields there will be a default value,\n");

-		BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");

-		BIO_printf(bio_err,"-----\n");

-		}

-	if (sk_CONF_VALUE_num(dn_sk))

-		{

-		i= -1;

-start:		for (;;)

-			{

-			i++;

-			if (sk_CONF_VALUE_num(dn_sk) <= i) break;

-			v=sk_CONF_VALUE_value(dn_sk,i);

-			p=q=NULL;

-			type=v->name;

-			if(!check_end(type,"_min") || !check_end(type,"_max") ||

-				!check_end(type,"_default") ||

-					 !check_end(type,"_value")) continue;

-			/* Skip past any leading X. X: X, etc to allow for

-			 * multiple instances

-			 */

-			for(p = v->name; *p ; p++)

-				if ((*p == ':') || (*p == ',') ||

-							 (*p == '.')) {

-					p++;

-					if(*p) type = p;

-					break;

-				}

-			if (*type == '+')

-				{

-				mval = -1;

-				type++;

-				}

-			else

-				mval = 0;

-			/* If OBJ not recognised ignore it */

-			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;

-			if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)

-				>= (int)sizeof(buf))

-			   {

-			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);

-			   return 0;

-			   }

-			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)

-				{

-				ERR_clear_error();

-				def="";

-				}

-			BIO_snprintf(buf,sizeof buf,"%s_value",v->name);

-			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)

-				{

-				ERR_clear_error();

-				value=NULL;

-				}

-			BIO_snprintf(buf,sizeof buf,"%s_min",v->name);

-			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))

-				{

-				ERR_clear_error();

-				n_min = -1;

-				}

-			BIO_snprintf(buf,sizeof buf,"%s_max",v->name);

-			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))

-				{

-				ERR_clear_error();

-				n_max = -1;

-				}

-			if (!add_DN_object(subj,v->value,def,value,nid,

-				n_min,n_max, chtype, mval))

-				return 0;

-			}

-		if (X509_NAME_entry_count(subj) == 0)

-			{

-			BIO_printf(bio_err,"error, no objects specified in config file\n");

-			return 0;

-			}

-		if (attribs)

-			{

-			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))

-				{

-				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");

-				BIO_printf(bio_err,"to be sent with your certificate request\n");

-				}

-			i= -1;

-start2:			for (;;)

-				{

-				i++;

-				if ((attr_sk == NULL) ||

-					    (sk_CONF_VALUE_num(attr_sk) <= i))

-					break;

-				v=sk_CONF_VALUE_value(attr_sk,i);

-				type=v->name;

-				if ((nid=OBJ_txt2nid(type)) == NID_undef)

-					goto start2;

-				if (BIO_snprintf(buf,sizeof buf,"%s_default",type)

-					>= (int)sizeof(buf))

-				   {

-				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);

-				   return 0;

-				   }

-				if ((def=NCONF_get_string(req_conf,attr_sect,buf))

-					== NULL)

-					{

-					ERR_clear_error();

-					def="";

-					}

-				BIO_snprintf(buf,sizeof buf,"%s_value",type);

-				if ((value=NCONF_get_string(req_conf,attr_sect,buf))

-					== NULL)

-					{

-					ERR_clear_error();

-					value=NULL;

-					}

-				BIO_snprintf(buf,sizeof buf,"%s_min",type);

-				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))

-					n_min = -1;

-				BIO_snprintf(buf,sizeof buf,"%s_max",type);

-				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))

-					n_max = -1;

-				if (!add_attribute_object(req,

-					v->value,def,value,nid,n_min,n_max, chtype))

-					return 0;

-				}

-			}

-		}

-	else

-		{

-		BIO_printf(bio_err,"No template, please set one up.\n");

-		return 0;

-		}

-	return 1;

-	}

-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,

-			STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)

-	{

-	int i;

-	char *p,*q;

-	char *type;

-	CONF_VALUE *v;

-	X509_NAME *subj;

-	subj = X509_REQ_get_subject_name(req);

-	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)

-		{

-		int mval;

-		v=sk_CONF_VALUE_value(dn_sk,i);

-		p=q=NULL;

-		type=v->name;

-		/* Skip past any leading X. X: X, etc to allow for

-		 * multiple instances

-		 */

-		for(p = v->name; *p ; p++)

-#ifndef CHARSET_EBCDIC

-			if ((*p == ':') || (*p == ',') || (*p == '.')) {

-#else

-			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {

-#endif

-				p++;

-				if(*p) type = p;

-				break;

-			}

-#ifndef CHARSET_EBCDIC

-		if (*p == '+')

-#else

-		if (*p == os_toascii['+'])

-#endif

-			{

-			p++;

-			mval = -1;

-			}

-		else

-			mval = 0;

-		if (!X509_NAME_add_entry_by_txt(subj,type, chtype,

-				(unsigned char *) v->value,-1,-1,mval)) return 0;

-		}

-		if (!X509_NAME_entry_count(subj))

-			{

-			BIO_printf(bio_err,"error, no objects specified in config file\n");

-			return 0;

-			}

-		if (attribs)

-			{

-			for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)

-				{

-				v=sk_CONF_VALUE_value(attr_sk,i);

-				if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,

-					(unsigned char *)v->value, -1)) return 0;

-				}

-			}

-	return 1;

-	}

-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,

-	     int nid, int n_min, int n_max, unsigned long chtype, int mval)

-	{

-	int i,ret=0;

-	MS_STATIC char buf[1024];

-start:

-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);

-	(void)BIO_flush(bio_err);

-	if(value != NULL)

-		{

-		BUF_strlcpy(buf,value,sizeof buf);

-		BUF_strlcat(buf,"\n",sizeof buf);

-		BIO_printf(bio_err,"%s\n",value);

-		}

-	else

-		{

-		buf[0]='\0';

-		if (!batch)

-			{

-			fgets(buf,sizeof buf,stdin);

-			}

-		else

-			{

-			buf[0] = '\n';

-			buf[1] = '\0';

-			}

-		}

-	if (buf[0] == '\0') return(0);

-	else if (buf[0] == '\n')

-		{

-		if ((def == NULL) || (def[0] == '\0'))

-			return(1);

-		BUF_strlcpy(buf,def,sizeof buf);

-		BUF_strlcat(buf,"\n",sizeof buf);

-		}

-	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

-	i=strlen(buf);

-	if (buf[i-1] != '\n')

-		{

-		BIO_printf(bio_err,"weird input :-(\n");

-		return(0);

-		}

-	buf[--i]='\0';

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(buf, buf, i);

-#endif

-	if(!req_check_len(i, n_min, n_max)) goto start;

-	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,

-				(unsigned char *) buf, -1,-1,mval)) goto err;

-	ret=1;

-err:

-	return(ret);

-	}

-static int add_attribute_object(X509_REQ *req, char *text, const char *def,

-				char *value, int nid, int n_min,

-				int n_max, unsigned long chtype)

-	{

-	int i;

-	static char buf[1024];

-start:

-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);

-	(void)BIO_flush(bio_err);

-	if (value != NULL)

-		{

-		BUF_strlcpy(buf,value,sizeof buf);

-		BUF_strlcat(buf,"\n",sizeof buf);

-		BIO_printf(bio_err,"%s\n",value);

-		}

-	else

-		{

-		buf[0]='\0';

-		if (!batch)

-			{

-			fgets(buf,sizeof buf,stdin);

-			}

-		else

-			{

-			buf[0] = '\n';

-			buf[1] = '\0';

-			}

-		}

-	if (buf[0] == '\0') return(0);

-	else if (buf[0] == '\n')

-		{

-		if ((def == NULL) || (def[0] == '\0'))

-			return(1);

-		BUF_strlcpy(buf,def,sizeof buf);

-		BUF_strlcat(buf,"\n",sizeof buf);

-		}

-	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

-	i=strlen(buf);

-	if (buf[i-1] != '\n')

-		{

-		BIO_printf(bio_err,"weird input :-(\n");

-		return(0);

-		}

-	buf[--i]='\0';

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(buf, buf, i);

-#endif

-	if(!req_check_len(i, n_min, n_max)) goto start;

-	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,

-					(unsigned char *)buf, -1)) {

-		BIO_printf(bio_err, "Error adding attribute\n");

-		ERR_print_errors(bio_err);

-		goto err;

-	}

-	return(1);

-err:

-	return(0);

-	}

-#ifndef OPENSSL_NO_RSA

-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write(cb->arg,&c,1);

-	(void)BIO_flush(cb->arg);

-#ifdef LINT

-	p=n;

-#endif

-	return 1;

-	}

-#endif

-static int req_check_len(int len, int n_min, int n_max)

-	{

-	if ((n_min > 0) && (len < n_min))

-		{

-		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);

-		return(0);

-		}

-	if ((n_max >= 0) && (len > n_max))

-		{

-		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",n_max);

-		return(0);

-		}

-	return(1);

-	}

-/* Check if the end of a string matches 'end' */

-static int check_end(const char *str, const char *end)

-{

-	int elen, slen;

-	const char *tmp;

-	elen = strlen(end);

-	slen = strlen(str);

-	if(elen > slen) return 1;

-	tmp = str + slen - elen;

-	return strcmp(tmp, end);

-}

--- a/sys/src/ape/lib/openssl/apps/req.pem

+++ /dev/null

@@ -1,11 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp

-YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ

-S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV

-AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg

-tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo

-84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38

-CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ

-Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/apps/rsa.c

+++ /dev/null

@@ -1,401 +1,0 @@

-/* apps/rsa.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_RSA

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <time.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/bn.h>

-#undef PROG

-#define PROG	rsa_main

-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)

- * -outform arg - output format - default PEM

- * -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- * -des		- encrypt output if PEM format with DES in cbc mode

- * -des3	- encrypt output if PEM format

- * -idea	- encrypt output if PEM format

- * -seed	- encrypt output if PEM format

- * -aes128	- encrypt output if PEM format

- * -aes192	- encrypt output if PEM format

- * -aes256	- encrypt output if PEM format

- * -camellia128 - encrypt output if PEM format

- * -camellia192 - encrypt output if PEM format

- * -camellia256 - encrypt output if PEM format

- * -text	- print a text version

- * -modulus	- print the RSA key modulus

- * -check	- verify key consistency

- * -pubin	- Expect a public key in input file.

- * -pubout	- Output a public key.

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	int ret=1;

-	RSA *rsa=NULL;

-	int i,badops=0, sgckey=0;

-	const EVP_CIPHER *enc=NULL;

-	BIO *out=NULL;

-	int informat,outformat,text=0,check=0,noout=0;

-	int pubin = 0, pubout = 0;

-	char *infile,*outfile,*prog;

-	char *passargin = NULL, *passargout = NULL;

-	char *passin = NULL, *passout = NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	int modulus=0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	infile=NULL;

-	outfile=NULL;

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-passout") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargout= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-sgckey") == 0)

-			sgckey=1;

-		else if (strcmp(*argv,"-pubin") == 0)

-			pubin=1;

-		else if (strcmp(*argv,"-pubout") == 0)

-			pubout=1;

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-text") == 0)

-			text=1;

-		else if (strcmp(*argv,"-modulus") == 0)

-			modulus=1;

-		else if (strcmp(*argv,"-check") == 0)

-			check=1;

-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");

-		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");

-		BIO_printf(bio_err," -in arg         input file\n");

-		BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");

-		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");

-		BIO_printf(bio_err," -out arg        output file\n");

-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");

-		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");

-		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");

-#ifndef OPENSSL_NO_IDEA

-		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");

-#endif

-#ifndef OPENSSL_NO_SEED

-		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");

-#endif

-#ifndef OPENSSL_NO_AES

-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");

-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");

-#endif

-		BIO_printf(bio_err," -text           print the key in text\n");

-		BIO_printf(bio_err," -noout          don't print key out\n");

-		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");

-		BIO_printf(bio_err," -check          verify key consistency\n");

-		BIO_printf(bio_err," -pubin          expect a public key in input file\n");

-		BIO_printf(bio_err," -pubout         output a public key\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");

-#endif

-		goto end;

-		}

-	ERR_load_crypto_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {

-		BIO_printf(bio_err, "Error getting passwords\n");

-		goto end;

-	}

-	if(check && pubin) {

-		BIO_printf(bio_err, "Only private keys can be checked\n");

-		goto end;

-	}

-	out=BIO_new(BIO_s_file());

-	{

-		EVP_PKEY	*pkey;

-		if (pubin)

-			pkey = load_pubkey(bio_err, infile,

-				(informat == FORMAT_NETSCAPE && sgckey ?

-					FORMAT_IISSGC : informat), 1,

-				passin, e, "Public Key");

-		else

-			pkey = load_key(bio_err, infile,

-				(informat == FORMAT_NETSCAPE && sgckey ?

-					FORMAT_IISSGC : informat), 1,

-				passin, e, "Private Key");

-		if (pkey != NULL)

-		rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);

-		EVP_PKEY_free(pkey);

-	}

-	if (rsa == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	else

-		{

-		if (BIO_write_filename(out,outfile) <= 0)

-			{

-			perror(outfile);

-			goto end;

-			}

-		}

-	if (text)

-		if (!RSA_print(out,rsa,0))

-			{

-			perror(outfile);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-	if (modulus)

-		{

-		BIO_printf(out,"Modulus=");

-		BN_print(out,rsa->n);

-		BIO_printf(out,"\n");

-		}

-	if (check)

-		{

-		int r = RSA_check_key(rsa);

-		if (r == 1)

-			BIO_printf(out,"RSA key ok\n");

-		else if (r == 0)

-			{

-			unsigned long err;

-			while ((err = ERR_peek_error()) != 0 &&

-				ERR_GET_LIB(err) == ERR_LIB_RSA &&

-				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&

-				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)

-				{

-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));

-				ERR_get_error(); /* remove e from error stack */

-				}

-			}

-		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (noout)

-		{

-		ret = 0;

-		goto end;

-		}

-	BIO_printf(bio_err,"writing RSA key\n");

-	if 	(outformat == FORMAT_ASN1) {

-		if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);

-		else i=i2d_RSAPrivateKey_bio(out,rsa);

-	}

-#ifndef OPENSSL_NO_RC4

-	else if (outformat == FORMAT_NETSCAPE)

-		{

-		unsigned char *p,*pp;

-		int size;

-		i=1;

-		size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);

-		if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)

-			{

-			BIO_printf(bio_err,"Memory allocation failure\n");

-			goto end;

-			}

-		pp=p;

-		i2d_RSA_NET(rsa,&p,NULL, sgckey);

-		BIO_write(out,(char *)pp,size);

-		OPENSSL_free(pp);

-		}

-#endif

-	else if (outformat == FORMAT_PEM) {

-		if(pubout || pubin)

-		    i=PEM_write_bio_RSA_PUBKEY(out,rsa);

-		else i=PEM_write_bio_RSAPrivateKey(out,rsa,

-						enc,NULL,0,NULL,passout);

-	} else	{

-		BIO_printf(bio_err,"bad output format specified for outfile\n");

-		goto end;

-		}

-	if (!i)

-		{

-		BIO_printf(bio_err,"unable to write key\n");

-		ERR_print_errors(bio_err);

-		}

-	else

-		ret=0;

-end:

-	if(out != NULL) BIO_free_all(out);

-	if(rsa != NULL) RSA_free(rsa);

-	if(passin) OPENSSL_free(passin);

-	if(passout) OPENSSL_free(passout);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-#else /* !OPENSSL_NO_RSA */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/apps/rsa8192.pem

+++ /dev/null

@@ -1,101 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ

-ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF

-MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY

-55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm

-yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3

-tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA

-LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE

-aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d

-PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59

-mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi

-71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z

-d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2

-wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0

-bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE

-Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa

-Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd

-pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS

-os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah

-mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx

-cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K

-LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ

-tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS

-PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9

-psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0

-9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6

-xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c

-ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW

-RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf

-1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI

-P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH

-77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4

-4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I

-/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg

-GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq

-HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB

-ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy

-AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT

-52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p

-5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr

-7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5

-KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h

-cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1

-dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/

-DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw

-Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr

-f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ

-J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+

-TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY

-fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c

-Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5

-mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC

-YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd

-mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ

-Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw

-c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w

-Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR

-WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh

-KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi

-JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo

-yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ

-kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9

-DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN

-22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU

-ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz

-D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP

-PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8

-dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ

-FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg

-6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz

-eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG

-bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz

-XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf

-7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w

-82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly

-beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr

-pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9

-70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM

-YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin

-ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy

-lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe

-4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P

-lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG

-LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3

-x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w

-O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD

-6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80

-Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz

-DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn

-Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R

-oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q

-nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H

-X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV

-QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg

-TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c

-46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE

-rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv

-I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/rsautl.c

+++ /dev/null

@@ -1,333 +1,0 @@

-/* rsautl.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_RSA

-#include "apps.h"

-#include <string.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/rsa.h>

-#define RSA_SIGN 	1

-#define RSA_VERIFY 	2

-#define RSA_ENCRYPT 	3

-#define RSA_DECRYPT 	4

-#define KEY_PRIVKEY	1

-#define KEY_PUBKEY	2

-#define KEY_CERT	3

-static void usage(void);

-#undef PROG

-#define PROG rsautl_main

-int MAIN(int argc, char **);

-int MAIN(int argc, char **argv)

-{

-	ENGINE *e = NULL;

-	BIO *in = NULL, *out = NULL;

-	char *infile = NULL, *outfile = NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine = NULL;

-#endif

-	char *keyfile = NULL;

-	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;

-	int keyform = FORMAT_PEM;

-	char need_priv = 0, badarg = 0, rev = 0;

-	char hexdump = 0, asn1parse = 0;

-	X509 *x;

-	EVP_PKEY *pkey = NULL;

-	RSA *rsa = NULL;

-	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;

-	char *passargin = NULL, *passin = NULL;

-	int rsa_inlen, rsa_outlen = 0;

-	int keysize;

-	int ret = 1;

-	argc--;

-	argv++;

-	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	ERR_load_crypto_strings();

-	OpenSSL_add_all_algorithms();

-	pad = RSA_PKCS1_PADDING;

-	while(argc >= 1)

-	{

-		if (!strcmp(*argv,"-in")) {

-			if (--argc < 1) badarg = 1;

-                        infile= *(++argv);

-		} else if (!strcmp(*argv,"-out")) {

-			if (--argc < 1) badarg = 1;

-			outfile= *(++argv);

-		} else if(!strcmp(*argv, "-inkey")) {

-			if (--argc < 1) badarg = 1;

-			keyfile = *(++argv);

-		} else if (!strcmp(*argv,"-passin")) {

-			if (--argc < 1) badarg = 1;

-			passargin= *(++argv);

-		} else if (strcmp(*argv,"-keyform") == 0) {

-			if (--argc < 1) badarg = 1;

-			keyform=str2fmt(*(++argv));

-#ifndef OPENSSL_NO_ENGINE

-		} else if(!strcmp(*argv, "-engine")) {

-			if (--argc < 1) badarg = 1;

-			engine = *(++argv);

-#endif

-		} else if(!strcmp(*argv, "-pubin")) {

-			key_type = KEY_PUBKEY;

-		} else if(!strcmp(*argv, "-certin")) {

-			key_type = KEY_CERT;

-		}

-		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;

-		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;

-		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;

-		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;

-		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;

-		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;

-		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;

-		else if(!strcmp(*argv, "-sign")) {

-			rsa_mode = RSA_SIGN;

-			need_priv = 1;

-		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;

-		else if(!strcmp(*argv, "-rev")) rev = 1;

-		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;

-		else if(!strcmp(*argv, "-decrypt")) {

-			rsa_mode = RSA_DECRYPT;

-			need_priv = 1;

-		} else badarg = 1;

-		if(badarg) {

-			usage();

-			goto end;

-		}

-		argc--;

-		argv++;

-	}

-	if(need_priv && (key_type != KEY_PRIVKEY)) {

-		BIO_printf(bio_err, "A private key is needed for this operation\n");

-		goto end;

-	}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-	}

-/* FIXME: seed PRNG only if needed */

-	app_RAND_load_file(NULL, bio_err, 0);

-	switch(key_type) {

-		case KEY_PRIVKEY:

-		pkey = load_key(bio_err, keyfile, keyform, 0,

-			passin, e, "Private Key");

-		break;

-		case KEY_PUBKEY:

-		pkey = load_pubkey(bio_err, keyfile, keyform, 0,

-			NULL, e, "Public Key");

-		break;

-		case KEY_CERT:

-		x = load_cert(bio_err, keyfile, keyform,

-			NULL, e, "Certificate");

-		if(x) {

-			pkey = X509_get_pubkey(x);

-			X509_free(x);

-		}

-		break;

-	}

-	if(!pkey) {

-		return 1;

-	}

-	rsa = EVP_PKEY_get1_RSA(pkey);

-	EVP_PKEY_free(pkey);

-	if(!rsa) {

-		BIO_printf(bio_err, "Error getting RSA key\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	if(infile) {

-		if(!(in = BIO_new_file(infile, "rb"))) {

-			BIO_printf(bio_err, "Error Reading Input File\n");

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

-	if(outfile) {

-		if(!(out = BIO_new_file(outfile, "wb"))) {

-			BIO_printf(bio_err, "Error Reading Output File\n");

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	} else {

-		out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		    out = BIO_push(tmpbio, out);

-		}

-#endif

-	}

-	keysize = RSA_size(rsa);

-	rsa_in = OPENSSL_malloc(keysize * 2);

-	rsa_out = OPENSSL_malloc(keysize);

-	/* Read the input data */

-	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);

-	if(rsa_inlen <= 0) {

-		BIO_printf(bio_err, "Error reading input Data\n");

-		exit(1);

-	}

-	if(rev) {

-		int i;

-		unsigned char ctmp;

-		for(i = 0; i < rsa_inlen/2; i++) {

-			ctmp = rsa_in[i];

-			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];

-			rsa_in[rsa_inlen - 1 - i] = ctmp;

-		}

-	}

-	switch(rsa_mode) {

-		case RSA_VERIFY:

-			rsa_outlen  = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

-		break;

-		case RSA_SIGN:

-			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

-		break;

-		case RSA_ENCRYPT:

-			rsa_outlen  = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

-		break;

-		case RSA_DECRYPT:

-			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

-		break;

-	}

-	if(rsa_outlen <= 0) {

-		BIO_printf(bio_err, "RSA operation error\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	ret = 0;

-	if(asn1parse) {

-		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {

-			ERR_print_errors(bio_err);

-		}

-	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);

-	else BIO_write(out, rsa_out, rsa_outlen);

-	end:

-	RSA_free(rsa);

-	BIO_free(in);

-	BIO_free_all(out);

-	if(rsa_in) OPENSSL_free(rsa_in);

-	if(rsa_out) OPENSSL_free(rsa_out);

-	if(passin) OPENSSL_free(passin);

-	return ret;

-}

-static void usage()

-{

-	BIO_printf(bio_err, "Usage: rsautl [options]\n");

-	BIO_printf(bio_err, "-in file        input file\n");

-	BIO_printf(bio_err, "-out file       output file\n");

-	BIO_printf(bio_err, "-inkey file     input key\n");

-	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");

-	BIO_printf(bio_err, "-pubin          input is an RSA public\n");

-	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");

-	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");

-	BIO_printf(bio_err, "-raw            use no padding\n");

-	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");

-	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");

-	BIO_printf(bio_err, "-sign           sign with private key\n");

-	BIO_printf(bio_err, "-verify         verify with public key\n");

-	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");

-	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");

-	BIO_printf(bio_err, "-hexdump        hex dump output\n");

-#ifndef OPENSSL_NO_ENGINE

-	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");

-	BIO_printf (bio_err, "-passin arg    pass phrase source\n");

-#endif

-}

-#endif

--- a/sys/src/ape/lib/openssl/apps/s1024key.pem

+++ /dev/null

@@ -1,15 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV

-S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP

-pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB

-AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0

-dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY

-bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E

-Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq

-zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM

-6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf

-QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD

-dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M

-0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv

-nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/s1024req.pem

+++ /dev/null

@@ -1,11 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx

-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz

-dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR

-9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo

-KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2

-RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE

-BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq

-nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil

-frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/apps/s512-key.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu

-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj

-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz

-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b

-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA

-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/apps/s512-req.pem

+++ /dev/null

@@ -1,8 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa

-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0

-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S

-MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E

-y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm

-5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/apps/s_apps.h

+++ /dev/null

@@ -1,173 +1,0 @@

-/* apps/s_apps.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */

-#include <sys/types.h>

-#endif

-#include <openssl/opensslconf.h>

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)

-#include <conio.h>

-#endif

-#ifdef OPENSSL_SYS_MSDOS

-#define _kbhit kbhit

-#endif

-#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)

-/* VAX C does not defined fd_set and friends, but it's actually quite simple */

-/* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */

-#define MAX_NOFILE	32

-#define	NBBY		 8		/* number of bits in a byte	*/

-#ifndef	FD_SETSIZE

-#define	FD_SETSIZE	MAX_NOFILE

-#endif	/* FD_SETSIZE */

-/* How many things we'll allow select to use. 0 if unlimited */

-#define MAXSELFD	MAX_NOFILE

-typedef int	fd_mask;	/* int here! VMS prototypes int, not long */

-#define NFDBITS	(sizeof(fd_mask) * NBBY)	/* bits per mask (power of 2!)*/

-#define NFDSHIFT 5				/* Shift based on above */

-typedef fd_mask fd_set;

-#define	FD_SET(n, p)	(*(p) |= (1 << ((n) % NFDBITS)))

-#define	FD_CLR(n, p)	(*(p) &= ~(1 << ((n) % NFDBITS)))

-#define	FD_ISSET(n, p)	(*(p) & (1 << ((n) % NFDBITS)))

-#define FD_ZERO(p)	memset((char *)(p), 0, sizeof(*(p)))

-#endif

-#define PORT            4433

-#define PORT_STR        "4433"

-#define PROTOCOL        "tcp"

-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);

-#ifdef HEADER_X509_H

-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);

-#endif

-#ifdef HEADER_SSL_H

-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);

-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);

-#endif

-int init_client(int *sock, char *server, int port, int type);

-int should_retry(int i);

-int extract_port(char *str, short *port_ptr);

-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);

-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,

-	int argi, long argl, long ret);

-#ifdef HEADER_SSL_H

-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);

-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);

-void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,

-					unsigned char *data, int len,

-					void *arg);

-#endif

--- a/sys/src/ape/lib/openssl/apps/s_cb.c

+++ /dev/null

@@ -1,636 +1,0 @@

-/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#define USE_SOCKETS

-#define NON_MAIN

-#include "apps.h"

-#undef NON_MAIN

-#undef USE_SOCKETS

-#include <openssl/err.h>

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include "s_apps.h"

-int verify_depth=0;

-int verify_error=X509_V_OK;

-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)

-	{

-	char buf[256];

-	X509 *err_cert;

-	int err,depth;

-	err_cert=X509_STORE_CTX_get_current_cert(ctx);

-	err=	X509_STORE_CTX_get_error(ctx);

-	depth=	X509_STORE_CTX_get_error_depth(ctx);

-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);

-	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);

-	if (!ok)

-		{

-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,

-			X509_verify_cert_error_string(err));

-		if (verify_depth >= depth)

-			{

-			ok=1;

-			verify_error=X509_V_OK;

-			}

-		else

-			{

-			ok=0;

-			verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;

-			}

-		}

-	switch (ctx->error)

-		{

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);

-		BIO_printf(bio_err,"issuer= %s\n",buf);

-		break;

-	case X509_V_ERR_CERT_NOT_YET_VALID:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

-		BIO_printf(bio_err,"notBefore=");

-		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));

-		BIO_printf(bio_err,"\n");

-		break;

-	case X509_V_ERR_CERT_HAS_EXPIRED:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

-		BIO_printf(bio_err,"notAfter=");

-		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));

-		BIO_printf(bio_err,"\n");

-		break;

-		}

-	BIO_printf(bio_err,"verify return:%d\n",ok);

-	return(ok);

-	}

-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)

-	{

-	if (cert_file != NULL)

-		{

-		/*

-		SSL *ssl;

-		X509 *x509;

-		*/

-		if (SSL_CTX_use_certificate_file(ctx,cert_file,

-			SSL_FILETYPE_PEM) <= 0)

-			{

-			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);

-			ERR_print_errors(bio_err);

-			return(0);

-			}

-		if (key_file == NULL) key_file=cert_file;

-		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,

-			SSL_FILETYPE_PEM) <= 0)

-			{

-			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);

-			ERR_print_errors(bio_err);

-			return(0);

-			}

-		/*

-		In theory this is no longer needed

-		ssl=SSL_new(ctx);

-		x509=SSL_get_certificate(ssl);

-		if (x509 != NULL) {

-			EVP_PKEY *pktmp;

-			pktmp = X509_get_pubkey(x509);

-			EVP_PKEY_copy_parameters(pktmp,

-						SSL_get_privatekey(ssl));

-			EVP_PKEY_free(pktmp);

-		}

-		SSL_free(ssl);

-		*/

-		/* If we are using DSA, we can copy the parameters from

-		 * the private key */

-		/* Now we know that a key and cert have been set against

-		 * the SSL context */

-		if (!SSL_CTX_check_private_key(ctx))

-			{

-			BIO_printf(bio_err,"Private key does not match the certificate public key\n");

-			return(0);

-			}

-		}

-	return(1);

-	}

-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)

-	{

-	if (cert ==  NULL)

-		return 1;

-	if (SSL_CTX_use_certificate(ctx,cert) <= 0)

-		{

-		BIO_printf(bio_err,"error setting certificate\n");

-		ERR_print_errors(bio_err);

-		return 0;

-		}

-	if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)

-		{

-		BIO_printf(bio_err,"error setting private key\n");

-		ERR_print_errors(bio_err);

-		return 0;

-		}

-		/* Now we know that a key and cert have been set against

-		 * the SSL context */

-	if (!SSL_CTX_check_private_key(ctx))

-		{

-		BIO_printf(bio_err,"Private key does not match the certificate public key\n");

-		return 0;

-		}

-	return 1;

-	}

-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,

-	int argi, long argl, long ret)

-	{

-	BIO *out;

-	out=(BIO *)BIO_get_callback_arg(bio);

-	if (out == NULL) return(ret);

-	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))

-		{

-		BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",

- 			(void *)bio,argp,argi,ret,ret);

-		BIO_dump(out,argp,(int)ret);

-		return(ret);

-		}

-	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))

-		{

-		BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",

-			(void *)bio,argp,argi,ret,ret);

-		BIO_dump(out,argp,(int)ret);

-		}

-	return(ret);

-	}

-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)

-	{

-	const char *str;

-	int w;

-	w=where& ~SSL_ST_MASK;

-	if (w & SSL_ST_CONNECT) str="SSL_connect";

-	else if (w & SSL_ST_ACCEPT) str="SSL_accept";

-	else str="undefined";

-	if (where & SSL_CB_LOOP)

-		{

-		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));

-		}

-	else if (where & SSL_CB_ALERT)

-		{

-		str=(where & SSL_CB_READ)?"read":"write";

-		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",

-			str,

-			SSL_alert_type_string_long(ret),

-			SSL_alert_desc_string_long(ret));

-		}

-	else if (where & SSL_CB_EXIT)

-		{

-		if (ret == 0)

-			BIO_printf(bio_err,"%s:failed in %s\n",

-				str,SSL_state_string_long(s));

-		else if (ret < 0)

-			{

-			BIO_printf(bio_err,"%s:error in %s\n",

-				str,SSL_state_string_long(s));

-			}

-		}

-	}

-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)

-	{

-	BIO *bio = arg;

-	const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";

-	str_write_p = write_p ? ">>>" : "<<<";

-	switch (version)

-		{

-	case SSL2_VERSION:

-		str_version = "SSL 2.0";

-		break;

-	case SSL3_VERSION:

-		str_version = "SSL 3.0 ";

-		break;

-	case TLS1_VERSION:

-		str_version = "TLS 1.0 ";

-		break;

-	default:

-		str_version = "???";

-		}

-	if (version == SSL2_VERSION)

-		{

-		str_details1 = "???";

-		if (len > 0)

-			{

-			switch (((const unsigned char*)buf)[0])

-				{

-				case 0:

-					str_details1 = ", ERROR:";

-					str_details2 = " ???";

-					if (len >= 3)

-						{

-						unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];

-						switch (err)

-							{

-						case 0x0001:

-							str_details2 = " NO-CIPHER-ERROR";

-							break;

-						case 0x0002:

-							str_details2 = " NO-CERTIFICATE-ERROR";

-							break;

-						case 0x0004:

-							str_details2 = " BAD-CERTIFICATE-ERROR";

-							break;

-						case 0x0006:

-							str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";

-							break;

-							}

-						}

-					break;

-				case 1:

-					str_details1 = ", CLIENT-HELLO";

-					break;

-				case 2:

-					str_details1 = ", CLIENT-MASTER-KEY";

-					break;

-				case 3:

-					str_details1 = ", CLIENT-FINISHED";

-					break;

-				case 4:

-					str_details1 = ", SERVER-HELLO";

-					break;

-				case 5:

-					str_details1 = ", SERVER-VERIFY";

-					break;

-				case 6:

-					str_details1 = ", SERVER-FINISHED";

-					break;

-				case 7:

-					str_details1 = ", REQUEST-CERTIFICATE";

-					break;

-				case 8:

-					str_details1 = ", CLIENT-CERTIFICATE";

-					break;

-				}

-			}

-		}

-	if (version == SSL3_VERSION || version == TLS1_VERSION)

-		{

-		switch (content_type)

-			{

-		case 20:

-			str_content_type = "ChangeCipherSpec";

-			break;

-		case 21:

-			str_content_type = "Alert";

-			break;

-		case 22:

-			str_content_type = "Handshake";

-			break;

-			}

-		if (content_type == 21) /* Alert */

-			{

-			str_details1 = ", ???";

-			if (len == 2)

-				{

-				switch (((const unsigned char*)buf)[0])

-					{

-				case 1:

-					str_details1 = ", warning";

-					break;

-				case 2:

-					str_details1 = ", fatal";

-					break;

-					}

-				str_details2 = " ???";

-				switch (((const unsigned char*)buf)[1])

-					{

-				case 0:

-					str_details2 = " close_notify";

-					break;

-				case 10:

-					str_details2 = " unexpected_message";

-					break;

-				case 20:

-					str_details2 = " bad_record_mac";

-					break;

-				case 21:

-					str_details2 = " decryption_failed";

-					break;

-				case 22:

-					str_details2 = " record_overflow";

-					break;

-				case 30:

-					str_details2 = " decompression_failure";

-					break;

-				case 40:

-					str_details2 = " handshake_failure";

-					break;

-				case 42:

-					str_details2 = " bad_certificate";

-					break;

-				case 43:

-					str_details2 = " unsupported_certificate";

-					break;

-				case 44:

-					str_details2 = " certificate_revoked";

-					break;

-				case 45:

-					str_details2 = " certificate_expired";

-					break;

-				case 46:

-					str_details2 = " certificate_unknown";

-					break;

-				case 47:

-					str_details2 = " illegal_parameter";

-					break;

-				case 48:

-					str_details2 = " unknown_ca";

-					break;

-				case 49:

-					str_details2 = " access_denied";

-					break;

-				case 50:

-					str_details2 = " decode_error";

-					break;

-				case 51:

-					str_details2 = " decrypt_error";

-					break;

-				case 60:

-					str_details2 = " export_restriction";

-					break;

-				case 70:

-					str_details2 = " protocol_version";

-					break;

-				case 71:

-					str_details2 = " insufficient_security";

-					break;

-				case 80:

-					str_details2 = " internal_error";

-					break;

-				case 90:

-					str_details2 = " user_canceled";

-					break;

-				case 100:

-					str_details2 = " no_renegotiation";

-					break;

-					}

-				}

-			}

-		if (content_type == 22) /* Handshake */

-			{

-			str_details1 = "???";

-			if (len > 0)

-				{

-				switch (((const unsigned char*)buf)[0])

-					{

-				case 0:

-					str_details1 = ", HelloRequest";

-					break;

-				case 1:

-					str_details1 = ", ClientHello";

-					break;

-				case 2:

-					str_details1 = ", ServerHello";

-					break;

-				case 11:

-					str_details1 = ", Certificate";

-					break;

-				case 12:

-					str_details1 = ", ServerKeyExchange";

-					break;

-				case 13:

-					str_details1 = ", CertificateRequest";

-					break;

-				case 14:

-					str_details1 = ", ServerHelloDone";

-					break;

-				case 15:

-					str_details1 = ", CertificateVerify";

-					break;

-				case 16:

-					str_details1 = ", ClientKeyExchange";

-					break;

-				case 20:

-					str_details1 = ", Finished";

-					break;

-					}

-				}

-			}

-		}

-	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);

-	if (len > 0)

-		{

-		size_t num, i;

-		BIO_printf(bio, "   ");

-		num = len;

-#if 0

-		if (num > 16)

-			num = 16;

-#endif

-		for (i = 0; i < num; i++)

-			{

-			if (i % 16 == 0 && i > 0)

-				BIO_printf(bio, "\n   ");

-			BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);

-			}

-		if (i < len)

-			BIO_printf(bio, " ...");

-		BIO_printf(bio, "\n");

-		}

-	(void)BIO_flush(bio);

-	}

-void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,

-					unsigned char *data, int len,

-					void *arg)

-	{

-	BIO *bio = arg;

-	char *extname;

-	switch(type)

-		{

-		case TLSEXT_TYPE_server_name:

-		extname = "server name";

-		break;

-		case TLSEXT_TYPE_max_fragment_length:

-		extname = "max fragment length";

-		break;

-		case TLSEXT_TYPE_client_certificate_url:

-		extname = "client certificate URL";

-		break;

-		case TLSEXT_TYPE_trusted_ca_keys:

-		extname = "trusted CA keys";

-		break;

-		case TLSEXT_TYPE_truncated_hmac:

-		extname = "truncated HMAC";

-		break;

-		case TLSEXT_TYPE_status_request:

-		extname = "status request";

-		break;

-		case TLSEXT_TYPE_elliptic_curves:

-		extname = "elliptic curves";

-		break;

-		case TLSEXT_TYPE_ec_point_formats:

-		extname = "EC point formats";

-		break;

-		case TLSEXT_TYPE_session_ticket:

-		extname = "server ticket";

-		break;

-		default:

-		extname = "unknown";

-		break;

-		}

-	BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",

-			client_server ? "server": "client",

-			extname, type, len);

-	BIO_dump(bio, (char *)data, len);

-	(void)BIO_flush(bio);

-	}

--- a/sys/src/ape/lib/openssl/apps/s_client.c

+++ /dev/null

@@ -1,1432 +1,0 @@

-/* apps/s_client.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-/* With IPv6, it looks like Digital has mixed up the proper order of

-   recursive header file inclusion, resulting in the compiler complaining

-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which

-   is needed to have fileno() declared correctly...  So let's define u_int */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)

-#define __U_INT

-typedef unsigned int u_int;

-#endif

-#define USE_SOCKETS

-#include "apps.h"

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/rand.h>

-#include "s_apps.h"

-#include "timeouts.h"

-#ifdef OPENSSL_SYS_WINCE

-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */

-#ifdef fileno

-#undef fileno

-#endif

-#define fileno(a) (int)_fileno(a)

-#endif

-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)

-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */

-#undef FIONBIO

-#endif

-#undef PROG

-#define PROG	s_client_main

-/*#define SSL_HOST_NAME	"www.netscape.com" */

-/*#define SSL_HOST_NAME	"193.118.187.102" */

-#define SSL_HOST_NAME	"localhost"

-/*#define TEST_CERT "client.pem" */ /* no default cert. */

-#undef BUFSIZZ

-#define BUFSIZZ 1024*8

-extern int verify_depth;

-extern int verify_error;

-#ifdef FIONBIO

-static int c_nbio=0;

-#endif

-static int c_Pause=0;

-static int c_debug=0;

-#ifndef OPENSSL_NO_TLSEXT

-static int c_tlsextdebug=0;

-#endif

-static int c_msg=0;

-static int c_showcerts=0;

-static void sc_usage(void);

-static void print_stuff(BIO *berr,SSL *con,int full);

-static BIO *bio_c_out=NULL;

-static int c_quiet=0;

-static int c_ign_eof=0;

-static void sc_usage(void)

-	{

-	BIO_printf(bio_err,"usage: s_client args\n");

-	BIO_printf(bio_err,"\n");

-	BIO_printf(bio_err," -host host     - use -connect instead\n");

-	BIO_printf(bio_err," -port port     - use -connect instead\n");

-	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);

-	BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");

-	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");

-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");

-	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");

-	BIO_printf(bio_err,"                 not specified but cert file is.\n");

-	BIO_printf(bio_err," -keyform arg  - key format (PEM or DER) PEM default\n");

-	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");

-	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");

-	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");

-	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");

-	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");

-	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");

-	BIO_printf(bio_err," -debug        - extra output\n");

-#ifdef WATT32

-	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");

-#endif

-	BIO_printf(bio_err," -msg          - Show protocol messages\n");

-	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");

-	BIO_printf(bio_err," -state        - print the 'ssl' states\n");

-#ifdef FIONBIO

-	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");

-#endif

-	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");

-	BIO_printf(bio_err," -quiet        - no s_client output\n");

-	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");

-	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");

-	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");

-	BIO_printf(bio_err," -tls1         - just use TLSv1\n");

-	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");

-	BIO_printf(bio_err," -mtu          - set the MTU\n");

-	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");

-	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");

-	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");

-	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");

-	BIO_printf(bio_err,"                 command to see what is available\n");

-	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");

-	BIO_printf(bio_err,"                 for those protocols that support it, where\n");

-	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");

-	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");

-#ifndef OPENSSL_NO_ENGINE

-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");

-#endif

-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-	BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");

-	BIO_printf(bio_err," -sess_in arg  - file to read SSL session from\n");

-#ifndef OPENSSL_NO_TLSEXT

-	BIO_printf(bio_err," -servername host  - Set TLS extension servername in ClientHello\n");

-	BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");

-	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");

-#endif

-	}

-#ifndef OPENSSL_NO_TLSEXT

-/* This is a context that we pass to callbacks */

-typedef struct tlsextctx_st {

-   BIO * biodebug;

-   int ack;

-} tlsextctx;

-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)

-	{

-	tlsextctx * p = (tlsextctx *) arg;

-	const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);

-	if (SSL_get_servername_type(s) != -1)

- 	        p->ack = !SSL_session_reused(s) && hn != NULL;

-	else

-		BIO_printf(bio_err,"Can't use SSL_get_servername\n");

-	return SSL_TLSEXT_ERR_OK;

-	}

-#endif

-enum

-{

-	PROTO_OFF	= 0,

-	PROTO_SMTP,

-	PROTO_POP3,

-	PROTO_IMAP,

-	PROTO_FTP

-};

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int off=0;

-	SSL *con=NULL,*con2=NULL;

-	X509_STORE *store = NULL;

-	int s,k,width,state=0;

-	char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;

-	int cbuf_len,cbuf_off;

-	int sbuf_len,sbuf_off;

-	fd_set readfds,writefds;

-	short port=PORT;

-	int full_log=1;

-	char *host=SSL_HOST_NAME;

-	char *cert_file=NULL,*key_file=NULL;

-	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;

-	char *passarg = NULL, *pass = NULL;

-	X509 *cert = NULL;

-	EVP_PKEY *key = NULL;

-	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;

-	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;

-	int crlf=0;

-	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;

-	SSL_CTX *ctx=NULL;

-	int ret=1,in_init=1,i,nbio_test=0;

-	int starttls_proto = PROTO_OFF;

-	int prexit = 0, vflags = 0;

-	SSL_METHOD *meth=NULL;

-#ifdef sock_type

-#undef sock_type

-#endif

-	int sock_type=SOCK_STREAM;

-	BIO *sbio;

-	char *inrand=NULL;

-	int mbuf_len=0;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine_id=NULL;

-	ENGINE *e=NULL;

-#endif

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)

-	struct timeval tv;

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-	char *servername = NULL;

-        tlsextctx tlsextcbp =

-        {NULL,0};

-#endif

-	char *sess_in = NULL;

-	char *sess_out = NULL;

-	struct sockaddr peer;

-	int peerlen = sizeof(peer);

-	int enable_timeouts = 0 ;

-	long mtu = 0;

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-	meth=SSLv23_client_method();

-#elif !defined(OPENSSL_NO_SSL3)

-	meth=SSLv3_client_method();

-#elif !defined(OPENSSL_NO_SSL2)

-	meth=SSLv2_client_method();

-#endif

-	apps_startup();

-	c_Pause=0;

-	c_quiet=0;

-	c_ign_eof=0;

-	c_debug=0;

-	c_msg=0;

-	c_showcerts=0;

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||

-		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||

-		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))

-		{

-		BIO_printf(bio_err,"out of memory\n");

-		goto end;

-		}

-	verify_depth=0;

-	verify_error=X509_V_OK;

-#ifdef FIONBIO

-	c_nbio=0;

-#endif

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	(strcmp(*argv,"-host") == 0)

-			{

-			if (--argc < 1) goto bad;

-			host= *(++argv);

-			}

-		else if	(strcmp(*argv,"-port") == 0)

-			{

-			if (--argc < 1) goto bad;

-			port=atoi(*(++argv));

-			if (port == 0) goto bad;

-			}

-		else if (strcmp(*argv,"-connect") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!extract_host_port(*(++argv),&host,NULL,&port))

-				goto bad;

-			}

-		else if	(strcmp(*argv,"-verify") == 0)

-			{

-			verify=SSL_VERIFY_PEER;

-			if (--argc < 1) goto bad;

-			verify_depth=atoi(*(++argv));

-			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

-			}

-		else if	(strcmp(*argv,"-cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			cert_file= *(++argv);

-			}

-		else if	(strcmp(*argv,"-sess_out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			sess_out = *(++argv);

-			}

-		else if	(strcmp(*argv,"-sess_in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			sess_in = *(++argv);

-			}

-		else if	(strcmp(*argv,"-certform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			cert_format = str2fmt(*(++argv));

-			}

-		else if	(strcmp(*argv,"-crl_check") == 0)

-			vflags |= X509_V_FLAG_CRL_CHECK;

-		else if	(strcmp(*argv,"-crl_check_all") == 0)

-			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

-		else if	(strcmp(*argv,"-prexit") == 0)

-			prexit=1;

-		else if	(strcmp(*argv,"-crlf") == 0)

-			crlf=1;

-		else if	(strcmp(*argv,"-quiet") == 0)

-			{

-			c_quiet=1;

-			c_ign_eof=1;

-			}

-		else if	(strcmp(*argv,"-ign_eof") == 0)

-			c_ign_eof=1;

-		else if	(strcmp(*argv,"-pause") == 0)

-			c_Pause=1;

-		else if	(strcmp(*argv,"-debug") == 0)

-			c_debug=1;

-#ifndef OPENSSL_NO_TLSEXT

-		else if	(strcmp(*argv,"-tlsextdebug") == 0)

-			c_tlsextdebug=1;

-#endif

-#ifdef WATT32

-		else if (strcmp(*argv,"-wdebug") == 0)

-			dbug_init();

-#endif

-		else if	(strcmp(*argv,"-msg") == 0)

-			c_msg=1;

-		else if	(strcmp(*argv,"-showcerts") == 0)

-			c_showcerts=1;

-		else if	(strcmp(*argv,"-nbio_test") == 0)

-			nbio_test=1;

-		else if	(strcmp(*argv,"-state") == 0)

-			state=1;

-#ifndef OPENSSL_NO_SSL2

-		else if	(strcmp(*argv,"-ssl2") == 0)

-			meth=SSLv2_client_method();

-#endif

-#ifndef OPENSSL_NO_SSL3

-		else if	(strcmp(*argv,"-ssl3") == 0)

-			meth=SSLv3_client_method();

-#endif

-#ifndef OPENSSL_NO_TLS1

-		else if	(strcmp(*argv,"-tls1") == 0)

-			meth=TLSv1_client_method();

-#endif

-#ifndef OPENSSL_NO_DTLS1

-		else if	(strcmp(*argv,"-dtls1") == 0)

-			{

-			meth=DTLSv1_client_method();

-			sock_type=SOCK_DGRAM;

-			}

-		else if (strcmp(*argv,"-timeout") == 0)

-			enable_timeouts=1;

-		else if (strcmp(*argv,"-mtu") == 0)

-			{

-			if (--argc < 1) goto bad;

-			mtu = atol(*(++argv));

-			}

-#endif

-		else if (strcmp(*argv,"-bugs") == 0)

-			bugs=1;

-		else if	(strcmp(*argv,"-keyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			key_format = str2fmt(*(++argv));

-			}

-		else if	(strcmp(*argv,"-pass") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passarg = *(++argv);

-			}

-		else if	(strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			key_file= *(++argv);

-			}

-		else if	(strcmp(*argv,"-reconnect") == 0)

-			{

-			reconnect=5;

-			}

-		else if	(strcmp(*argv,"-CApath") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CApath= *(++argv);

-			}

-		else if	(strcmp(*argv,"-CAfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-no_tls1") == 0)

-			off|=SSL_OP_NO_TLSv1;

-		else if (strcmp(*argv,"-no_ssl3") == 0)

-			off|=SSL_OP_NO_SSLv3;

-		else if (strcmp(*argv,"-no_ssl2") == 0)

-			off|=SSL_OP_NO_SSLv2;

-#ifndef OPENSSL_NO_TLSEXT

-		else if	(strcmp(*argv,"-no_ticket") == 0)

-			{ off|=SSL_OP_NO_TICKET; }

-#endif

-		else if (strcmp(*argv,"-serverpref") == 0)

-			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;

-		else if	(strcmp(*argv,"-cipher") == 0)

-			{

-			if (--argc < 1) goto bad;

-			cipher= *(++argv);

-			}

-#ifdef FIONBIO

-		else if (strcmp(*argv,"-nbio") == 0)

-			{ c_nbio=1; }

-#endif

-		else if	(strcmp(*argv,"-starttls") == 0)

-			{

-			if (--argc < 1) goto bad;

-			++argv;

-			if (strcmp(*argv,"smtp") == 0)

-				starttls_proto = PROTO_SMTP;

-			else if (strcmp(*argv,"pop3") == 0)

-				starttls_proto = PROTO_POP3;

-			else if (strcmp(*argv,"imap") == 0)

-				starttls_proto = PROTO_IMAP;

-			else if (strcmp(*argv,"ftp") == 0)

-				starttls_proto = PROTO_FTP;

-			else

-				goto bad;

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if	(strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine_id = *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-#ifndef OPENSSL_NO_TLSEXT

-		else if (strcmp(*argv,"-servername") == 0)

-			{

-			if (--argc < 1) goto bad;

-			servername= *(++argv);

-			/* meth=TLSv1_client_method(); */

-			}

-#endif

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badop=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badop)

-		{

-bad:

-		sc_usage();

-		goto end;

-		}

-	OpenSSL_add_ssl_algorithms();

-	SSL_load_error_strings();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine_id, 1);

-#endif

-	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))

-		{

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-		}

-	if (key_file == NULL)

-		key_file = cert_file;

-	if (key_file)

-		{

-		key = load_key(bio_err, key_file, key_format, 0, pass, e,

-			       "client certificate private key file");

-		if (!key)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (cert_file)

-		{

-		cert = load_cert(bio_err,cert_file,cert_format,

-				NULL, e, "client certificate file");

-		if (!cert)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL

-		&& !RAND_status())

-		{

-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");

-		}

-	if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-	if (bio_c_out == NULL)

-		{

-		if (c_quiet && !c_debug && !c_msg)

-			{

-			bio_c_out=BIO_new(BIO_s_null());

-			}

-		else

-			{

-			if (bio_c_out == NULL)

-				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);

-			}

-		}

-	ctx=SSL_CTX_new(meth);

-	if (ctx == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (bugs)

-		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);

-	else

-		SSL_CTX_set_options(ctx,off);

-	/* DTLS: partial reads end up discarding unread UDP bytes :-(

-	 * Setting read ahead solves this problem.

-	 */

-	if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

-	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);

-	if (cipher != NULL)

-		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {

-		BIO_printf(bio_err,"error setting cipher list\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-#if 0

-	else

-		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));

-#endif

-	SSL_CTX_set_verify(ctx,verify,verify_callback);

-	if (!set_cert_key_stuff(ctx,cert,key))

-		goto end;

-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(ctx)))

-		{

-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */

-		ERR_print_errors(bio_err);

-		/* goto end; */

-		}

-	store = SSL_CTX_get_cert_store(ctx);

-	X509_STORE_set_flags(store, vflags);

-#ifndef OPENSSL_NO_TLSEXT

-	if (servername != NULL)

-		{

-		tlsextcbp.biodebug = bio_err;

-		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

-		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);

-		}

-#endif

-	con=SSL_new(ctx);

-	if (sess_in)

-		{

-		SSL_SESSION *sess;

-		BIO *stmp = BIO_new_file(sess_in, "r");

-		if (!stmp)

-			{

-			BIO_printf(bio_err, "Can't open session file %s\n",

-						sess_in);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);

-		BIO_free(stmp);

-		if (!sess)

-			{

-			BIO_printf(bio_err, "Can't open session file %s\n",

-						sess_in);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		SSL_set_session(con, sess);

-		SSL_SESSION_free(sess);

-		}

-#ifndef OPENSSL_NO_TLSEXT

-	if (servername != NULL)

-		{

-		if (!SSL_set_tlsext_host_name(con,servername))

-			{

-			BIO_printf(bio_err,"Unable to set TLS servername extension.\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_KRB5

-	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)

-                {

-                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);

-		}

-#endif	/* OPENSSL_NO_KRB5  */

-/*	SSL_set_cipher_list(con,"RC4-MD5"); */

-re_start:

-	if (init_client(&s,host,port,sock_type) == 0)

-		{

-		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());

-		SHUTDOWN(s);

-		goto end;

-		}

-	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);

-#ifdef FIONBIO

-	if (c_nbio)

-		{

-		unsigned long l=1;

-		BIO_printf(bio_c_out,"turning on non blocking io\n");

-		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-#endif

-	if (c_Pause & 0x01) con->debug=1;

-	if ( SSL_version(con) == DTLS1_VERSION)

-		{

-		struct timeval timeout;

-		sbio=BIO_new_dgram(s,BIO_NOCLOSE);

-		if (getsockname(s, &peer, (void *)&peerlen) < 0)

-			{

-			BIO_printf(bio_err, "getsockname:errno=%d\n",

-				get_last_socket_error());

-			SHUTDOWN(s);

-			goto end;

-			}

-		(void)BIO_ctrl_set_connected(sbio, 1, &peer);

-		if ( enable_timeouts)

-			{

-			timeout.tv_sec = 0;

-			timeout.tv_usec = DGRAM_RCV_TIMEOUT;

-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);

-			timeout.tv_sec = 0;

-			timeout.tv_usec = DGRAM_SND_TIMEOUT;

-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);

-			}

-		if ( mtu > 0)

-			{

-			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);

-			SSL_set_mtu(con, mtu);

-			}

-		else

-			/* want to do MTU discovery */

-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);

-		}

-	else

-		sbio=BIO_new_socket(s,BIO_NOCLOSE);

-	if (nbio_test)

-		{

-		BIO *test;

-		test=BIO_new(BIO_f_nbio_test());

-		sbio=BIO_push(test,sbio);

-		}

-	if (c_debug)

-		{

-		con->debug=1;

-		BIO_set_callback(sbio,bio_dump_callback);

-		BIO_set_callback_arg(sbio,(char *)bio_c_out);

-		}

-	if (c_msg)

-		{

-		SSL_set_msg_callback(con, msg_cb);

-		SSL_set_msg_callback_arg(con, bio_c_out);

-		}

-#ifndef OPENSSL_NO_TLSEXT

-	if (c_tlsextdebug)

-		{

-		SSL_set_tlsext_debug_callback(con, tlsext_cb);

-		SSL_set_tlsext_debug_arg(con, bio_c_out);

-		}

-#endif

-	SSL_set_bio(con,sbio,sbio);

-	SSL_set_connect_state(con);

-	/* ok, lets connect */

-	width=SSL_get_fd(con)+1;

-	read_tty=1;

-	write_tty=0;

-	tty_on=0;

-	read_ssl=1;

-	write_ssl=1;

-	cbuf_len=0;

-	cbuf_off=0;

-	sbuf_len=0;

-	sbuf_off=0;

-	/* This is an ugly hack that does a lot of assumptions */

-	/* We do have to handle multi-line responses which may come

- 	   in a single packet or not. We therefore have to use

-	   BIO_gets() which does need a buffering BIO. So during

-	   the initial chitchat we do push a buffering BIO into the

-	   chain that is removed again later on to not disturb the

-	   rest of the s_client operation. */

-	if (starttls_proto == PROTO_SMTP)

-		{

-		int foundit=0;

-		BIO *fbio = BIO_new(BIO_f_buffer());

-		BIO_push(fbio, sbio);

-		/* wait for multi-line response to end from SMTP */

-		do

-			{

-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);

-			}

-		while (mbuf_len>3 && mbuf[3]=='-');

-		/* STARTTLS command requires EHLO... */

-		BIO_printf(fbio,"EHLO openssl.client.net\r\n");

-		(void)BIO_flush(fbio);

-		/* wait for multi-line response to end EHLO SMTP response */

-		do

-			{

-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);

-			if (strstr(mbuf,"STARTTLS"))

-				foundit=1;

-			}

-		while (mbuf_len>3 && mbuf[3]=='-');

-		(void)BIO_flush(fbio);

-		BIO_pop(fbio);

-		BIO_free(fbio);

-		if (!foundit)

-			BIO_printf(bio_err,

-				   "didn't found starttls in server response,"

-				   " try anyway...\n");

-		BIO_printf(sbio,"STARTTLS\r\n");

-		BIO_read(sbio,sbuf,BUFSIZZ);

-		}

-	else if (starttls_proto == PROTO_POP3)

-		{

-		BIO_read(sbio,mbuf,BUFSIZZ);

-		BIO_printf(sbio,"STLS\r\n");

-		BIO_read(sbio,sbuf,BUFSIZZ);

-		}

-	else if (starttls_proto == PROTO_IMAP)

-		{

-		int foundit=0;

-		BIO *fbio = BIO_new(BIO_f_buffer());

-		BIO_push(fbio, sbio);

-		BIO_gets(fbio,mbuf,BUFSIZZ);

-		/* STARTTLS command requires CAPABILITY... */

-		BIO_printf(fbio,". CAPABILITY\r\n");

-		(void)BIO_flush(fbio);

-		/* wait for multi-line CAPABILITY response */

-		do

-			{

-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);

-			if (strstr(mbuf,"STARTTLS"))

-				foundit=1;

-			}

-		while (mbuf_len>3 && mbuf[0]!='.');

-		(void)BIO_flush(fbio);

-		BIO_pop(fbio);

-		BIO_free(fbio);

-		if (!foundit)

-			BIO_printf(bio_err,

-				   "didn't found STARTTLS in server response,"

-				   " try anyway...\n");

-		BIO_printf(sbio,". STARTTLS\r\n");

-		BIO_read(sbio,sbuf,BUFSIZZ);

-		}

-	else if (starttls_proto == PROTO_FTP)

-		{

-		BIO *fbio = BIO_new(BIO_f_buffer());

-		BIO_push(fbio, sbio);

-		/* wait for multi-line response to end from FTP */

-		do

-			{

-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);

-			}

-		while (mbuf_len>3 && mbuf[3]=='-');

-		(void)BIO_flush(fbio);

-		BIO_pop(fbio);

-		BIO_free(fbio);

-		BIO_printf(sbio,"AUTH TLS\r\n");

-		BIO_read(sbio,sbuf,BUFSIZZ);

-		}

-	for (;;)

-		{

-		FD_ZERO(&readfds);

-		FD_ZERO(&writefds);

-		if (SSL_in_init(con) && !SSL_total_renegotiations(con))

-			{

-			in_init=1;

-			tty_on=0;

-			}

-		else

-			{

-			tty_on=1;

-			if (in_init)

-				{

-				in_init=0;

-				if (sess_out)

-					{

-					BIO *stmp = BIO_new_file(sess_out, "w");

-					if (stmp)

-						{

-						PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));

-						BIO_free(stmp);

-						}

-					else

-						BIO_printf(bio_err, "Error writing session file %s\n", sess_out);

-					}

-				print_stuff(bio_c_out,con,full_log);

-				if (full_log > 0) full_log--;

-				if (starttls_proto)

-					{

-					BIO_printf(bio_err,"%s",mbuf);

-					/* We don't need to know any more */

-					starttls_proto = PROTO_OFF;

-					}

-				if (reconnect)

-					{

-					reconnect--;

-					BIO_printf(bio_c_out,"drop connection and then reconnect\n");

-					SSL_shutdown(con);

-					SSL_set_connect_state(con);

-					SHUTDOWN(SSL_get_fd(con));

-					goto re_start;

-					}

-				}

-			}

-		ssl_pending = read_ssl && SSL_pending(con);

-		if (!ssl_pending)

-			{

-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)

-			if (tty_on)

-				{

-				if (read_tty)  FD_SET(fileno(stdin),&readfds);

-				if (write_tty) FD_SET(fileno(stdout),&writefds);

-				}

-			if (read_ssl)

-				FD_SET(SSL_get_fd(con),&readfds);

-			if (write_ssl)

-				FD_SET(SSL_get_fd(con),&writefds);

-#else

-			if(!tty_on || !write_tty) {

-				if (read_ssl)

-					FD_SET(SSL_get_fd(con),&readfds);

-				if (write_ssl)

-					FD_SET(SSL_get_fd(con),&writefds);

-			}

-#endif

-/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",

-				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/

-			/* Note: under VMS with SOCKETSHR the second parameter

-			 * is currently of type (int *) whereas under other

-			 * systems it is (void *) if you don't have a cast it

-			 * will choke the compiler: if you do have a cast then

-			 * you can either go for (int *) or (void *).

-			 */

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)

-                        /* Under Windows/DOS we make the assumption that we can

-			 * always write to the tty: therefore if we need to

-			 * write to the tty we just fall through. Otherwise

-			 * we timeout the select every second and see if there

-			 * are any keypresses. Note: this is a hack, in a proper

-			 * Windows application we wouldn't do this.

-			 */

-			i=0;

-			if(!write_tty) {

-				if(read_tty) {

-					tv.tv_sec = 1;

-					tv.tv_usec = 0;

-					i=select(width,(void *)&readfds,(void *)&writefds,

-						 NULL,&tv);

-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)

-					if(!i && (!_kbhit() || !read_tty) ) continue;

-#else

-					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;

-#endif

-				} else 	i=select(width,(void *)&readfds,(void *)&writefds,

-					 NULL,NULL);

-			}

-#elif defined(OPENSSL_SYS_NETWARE)

-			if(!write_tty) {

-				if(read_tty) {

-					tv.tv_sec = 1;

-					tv.tv_usec = 0;

-					i=select(width,(void *)&readfds,(void *)&writefds,

-						NULL,&tv);

-				} else 	i=select(width,(void *)&readfds,(void *)&writefds,

-					NULL,NULL);

-			}

-#else

-			i=select(width,(void *)&readfds,(void *)&writefds,

-				 NULL,NULL);

-#endif

-			if ( i < 0)

-				{

-				BIO_printf(bio_err,"bad select %d\n",

-				get_last_socket_error());

-				goto shut;

-				/* goto end; */

-				}

-			}

-		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))

-			{

-			k=SSL_write(con,&(cbuf[cbuf_off]),

-				(unsigned int)cbuf_len);

-			switch (SSL_get_error(con,k))

-				{

-			case SSL_ERROR_NONE:

-				cbuf_off+=k;

-				cbuf_len-=k;

-				if (k <= 0) goto end;

-				/* we have done a  write(con,NULL,0); */

-				if (cbuf_len <= 0)

-					{

-					read_tty=1;

-					write_ssl=0;

-					}

-				else /* if (cbuf_len > 0) */

-					{

-					read_tty=0;

-					write_ssl=1;

-					}

-				break;

-			case SSL_ERROR_WANT_WRITE:

-				BIO_printf(bio_c_out,"write W BLOCK\n");

-				write_ssl=1;

-				read_tty=0;

-				break;

-			case SSL_ERROR_WANT_READ:

-				BIO_printf(bio_c_out,"write R BLOCK\n");

-				write_tty=0;

-				read_ssl=1;

-				write_ssl=0;

-				break;

-			case SSL_ERROR_WANT_X509_LOOKUP:

-				BIO_printf(bio_c_out,"write X BLOCK\n");

-				break;

-			case SSL_ERROR_ZERO_RETURN:

-				if (cbuf_len != 0)

-					{

-					BIO_printf(bio_c_out,"shutdown\n");

-					goto shut;

-					}

-				else

-					{

-					read_tty=1;

-					write_ssl=0;

-					break;

-					}

-			case SSL_ERROR_SYSCALL:

-				if ((k != 0) || (cbuf_len != 0))

-					{

-					BIO_printf(bio_err,"write:errno=%d\n",

-						get_last_socket_error());

-					goto shut;

-					}

-				else

-					{

-					read_tty=1;

-					write_ssl=0;

-					}

-				break;

-			case SSL_ERROR_SSL:

-				ERR_print_errors(bio_err);

-				goto shut;

-				}

-			}

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)

-		/* Assume Windows/DOS can always write */

-		else if (!ssl_pending && write_tty)

-#else

-		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))

-#endif

-			{

-#ifdef CHARSET_EBCDIC

-			ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);

-#endif

-			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);

-			if (i <= 0)

-				{

-				BIO_printf(bio_c_out,"DONE\n");

-				goto shut;

-				/* goto end; */

-				}

-			sbuf_len-=i;;

-			sbuf_off+=i;

-			if (sbuf_len <= 0)

-				{

-				read_ssl=1;

-				write_tty=0;

-				}

-			}

-		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))

-			{

-#ifdef RENEG

-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }

-#endif

-#if 1

-			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );

-#else

-/* Demo for pending and peek :-) */

-			k=SSL_read(con,sbuf,16);

-{ char zbuf[10240];

-printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));

-}

-#endif

-			switch (SSL_get_error(con,k))

-				{

-			case SSL_ERROR_NONE:

-				if (k <= 0)

-					goto end;

-				sbuf_off=0;

-				sbuf_len=k;

-				read_ssl=0;

-				write_tty=1;

-				break;

-			case SSL_ERROR_WANT_WRITE:

-				BIO_printf(bio_c_out,"read W BLOCK\n");

-				write_ssl=1;

-				read_tty=0;

-				break;

-			case SSL_ERROR_WANT_READ:

-				BIO_printf(bio_c_out,"read R BLOCK\n");

-				write_tty=0;

-				read_ssl=1;

-				if ((read_tty == 0) && (write_ssl == 0))

-					write_ssl=1;

-				break;

-			case SSL_ERROR_WANT_X509_LOOKUP:

-				BIO_printf(bio_c_out,"read X BLOCK\n");

-				break;

-			case SSL_ERROR_SYSCALL:

-				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());

-				goto shut;

-			case SSL_ERROR_ZERO_RETURN:

-				BIO_printf(bio_c_out,"closed\n");

-				goto shut;

-			case SSL_ERROR_SSL:

-				ERR_print_errors(bio_err);

-				goto shut;

-				/* break; */

-				}

-			}

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)

-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)

-		else if (_kbhit())

-#else

-		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))

-#endif

-#elif defined (OPENSSL_SYS_NETWARE)

-        else if (_kbhit())

-#else

-		else if (FD_ISSET(fileno(stdin),&readfds))

-#endif

-			{

-			if (crlf)

-				{

-				int j, lf_num;

-				i=read(fileno(stdin),cbuf,BUFSIZZ/2);

-				lf_num = 0;

-				/* both loops are skipped when i <= 0 */

-				for (j = 0; j < i; j++)

-					if (cbuf[j] == '\n')

-						lf_num++;

-				for (j = i-1; j >= 0; j--)

-					{

-					cbuf[j+lf_num] = cbuf[j];

-					if (cbuf[j] == '\n')

-						{

-						lf_num--;

-						i++;

-						cbuf[j+lf_num] = '\r';

-						}

-					}

-				assert(lf_num == 0);

-				}

-			else

-				i=read(fileno(stdin),cbuf,BUFSIZZ);

-			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))

-				{

-				BIO_printf(bio_err,"DONE\n");

-				goto shut;

-				}

-			if ((!c_ign_eof) && (cbuf[0] == 'R'))

-				{

-				BIO_printf(bio_err,"RENEGOTIATING\n");

-				SSL_renegotiate(con);

-				cbuf_len=0;

-				}

-			else

-				{

-				cbuf_len=i;

-				cbuf_off=0;

-#ifdef CHARSET_EBCDIC

-				ebcdic2ascii(cbuf, cbuf, i);

-#endif

-				}

-			write_ssl=1;

-			read_tty=0;

-			}

-		}

-shut:

-	SSL_shutdown(con);

-	SHUTDOWN(SSL_get_fd(con));

-	ret=0;

-end:

-	if(prexit) print_stuff(bio_c_out,con,1);

-	if (con != NULL) SSL_free(con);

-	if (con2 != NULL) SSL_free(con2);

-	if (ctx != NULL) SSL_CTX_free(ctx);

-	if (cert)

-		X509_free(cert);

-	if (key)

-		EVP_PKEY_free(key);

-	if (pass)

-		OPENSSL_free(pass);

-	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }

-	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }

-	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }

-	if (bio_c_out != NULL)

-		{

-		BIO_free(bio_c_out);

-		bio_c_out=NULL;

-		}

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static void print_stuff(BIO *bio, SSL *s, int full)

-	{

-	X509 *peer=NULL;

-	char *p;

-	static const char *space="                ";

-	char buf[BUFSIZ];

-	STACK_OF(X509) *sk;

-	STACK_OF(X509_NAME) *sk2;

-	SSL_CIPHER *c;

-	X509_NAME *xn;

-	int j,i;

-#ifndef OPENSSL_NO_COMP

-	const COMP_METHOD *comp, *expansion;

-#endif

-	if (full)

-		{

-		int got_a_chain = 0;

-		sk=SSL_get_peer_cert_chain(s);

-		if (sk != NULL)

-			{

-			got_a_chain = 1; /* we don't have it for SSL2 (yet) */

-			BIO_printf(bio,"---\nCertificate chain\n");

-			for (i=0; i<sk_X509_num(sk); i++)

-				{

-				X509_NAME_oneline(X509_get_subject_name(

-					sk_X509_value(sk,i)),buf,sizeof buf);

-				BIO_printf(bio,"%2d s:%s\n",i,buf);

-				X509_NAME_oneline(X509_get_issuer_name(

-					sk_X509_value(sk,i)),buf,sizeof buf);

-				BIO_printf(bio,"   i:%s\n",buf);

-				if (c_showcerts)

-					PEM_write_bio_X509(bio,sk_X509_value(sk,i));

-				}

-			}

-		BIO_printf(bio,"---\n");

-		peer=SSL_get_peer_certificate(s);

-		if (peer != NULL)

-			{

-			BIO_printf(bio,"Server certificate\n");

-			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */

-				PEM_write_bio_X509(bio,peer);

-			X509_NAME_oneline(X509_get_subject_name(peer),

-				buf,sizeof buf);

-			BIO_printf(bio,"subject=%s\n",buf);

-			X509_NAME_oneline(X509_get_issuer_name(peer),

-				buf,sizeof buf);

-			BIO_printf(bio,"issuer=%s\n",buf);

-			}

-		else

-			BIO_printf(bio,"no peer certificate available\n");

-		sk2=SSL_get_client_CA_list(s);

-		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))

-			{

-			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");

-			for (i=0; i<sk_X509_NAME_num(sk2); i++)

-				{

-				xn=sk_X509_NAME_value(sk2,i);

-				X509_NAME_oneline(xn,buf,sizeof(buf));

-				BIO_write(bio,buf,strlen(buf));

-				BIO_write(bio,"\n",1);

-				}

-			}

-		else

-			{

-			BIO_printf(bio,"---\nNo client certificate CA names sent\n");

-			}

-		p=SSL_get_shared_ciphers(s,buf,sizeof buf);

-		if (p != NULL)

-			{

-			/* This works only for SSL 2.  In later protocol

-			 * versions, the client does not know what other

-			 * ciphers (in addition to the one to be used

-			 * in the current connection) the server supports. */

-			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");

-			j=i=0;

-			while (*p)

-				{

-				if (*p == ':')

-					{

-					BIO_write(bio,space,15-j%25);

-					i++;

-					j=0;

-					BIO_write(bio,((i%3)?" ":"\n"),1);

-					}

-				else

-					{

-					BIO_write(bio,p,1);

-					j++;

-					}

-				p++;

-				}

-			BIO_write(bio,"\n",1);

-			}

-		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",

-			BIO_number_read(SSL_get_rbio(s)),

-			BIO_number_written(SSL_get_wbio(s)));

-		}

-	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));

-	c=SSL_get_current_cipher(s);

-	BIO_printf(bio,"%s, Cipher is %s\n",

-		SSL_CIPHER_get_version(c),

-		SSL_CIPHER_get_name(c));

-	if (peer != NULL) {

-		EVP_PKEY *pktmp;

-		pktmp = X509_get_pubkey(peer);

-		BIO_printf(bio,"Server public key is %d bit\n",

-							 EVP_PKEY_bits(pktmp));

-		EVP_PKEY_free(pktmp);

-	}

-#ifndef OPENSSL_NO_COMP

-	comp=SSL_get_current_compression(s);

-	expansion=SSL_get_current_expansion(s);

-	BIO_printf(bio,"Compression: %s\n",

-		comp ? SSL_COMP_get_name(comp) : "NONE");

-	BIO_printf(bio,"Expansion: %s\n",

-		expansion ? SSL_COMP_get_name(expansion) : "NONE");

-#endif

-	SSL_SESSION_print(bio,SSL_get_session(s));

-	BIO_printf(bio,"---\n");

-	if (peer != NULL)

-		X509_free(peer);

-	/* flush, or debugging output gets mixed with http response */

-	(void)BIO_flush(bio);

-	}

--- a/sys/src/ape/lib/openssl/apps/s_server.c

+++ /dev/null

@@ -1,2289 +1,0 @@

-/* apps/s_server.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <sys/stat.h>

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */

-#include <sys/types.h>

-#endif

-/* With IPv6, it looks like Digital has mixed up the proper order of

-   recursive header file inclusion, resulting in the compiler complaining

-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which

-   is needed to have fileno() declared correctly...  So let's define u_int */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)

-#define __U_INT

-typedef unsigned int u_int;

-#endif

-#include <openssl/lhash.h>

-#include <openssl/bn.h>

-#define USE_SOCKETS

-#include "apps.h"

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#include "s_apps.h"

-#include "timeouts.h"

-#ifdef OPENSSL_SYS_WINCE

-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */

-#ifdef fileno

-#undef fileno

-#endif

-#define fileno(a) (int)_fileno(a)

-#endif

-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)

-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */

-#undef FIONBIO

-#endif

-#ifndef OPENSSL_NO_RSA

-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);

-#endif

-static int sv_body(char *hostname, int s, unsigned char *context);

-static int www_body(char *hostname, int s, unsigned char *context);

-static void close_accept_socket(void );

-static void sv_usage(void);

-static int init_ssl_connection(SSL *s);

-static void print_stats(BIO *bp,SSL_CTX *ctx);

-static int generate_session_id(const SSL *ssl, unsigned char *id,

-				unsigned int *id_len);

-#ifndef OPENSSL_NO_DH

-static DH *load_dh_param(const char *dhfile);

-static DH *get_dh512(void);

-#endif

-#ifdef MONOLITH

-static void s_server_init(void);

-#endif

-#ifndef S_ISDIR

-# if defined(_S_IFMT) && defined(_S_IFDIR)

-#  define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)

-# else

-#  define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)

-# endif

-#endif

-#ifndef OPENSSL_NO_DH

-static unsigned char dh512_p[]={

-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,

-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,

-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,

-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,

-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,

-	0x47,0x74,0xE8,0x33,

-	};

-static unsigned char dh512_g[]={

-	0x02,

-	};

-static DH *get_dh512(void)

-	{

-	DH *dh=NULL;

-	if ((dh=DH_new()) == NULL) return(NULL);

-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);

-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);

-	if ((dh->p == NULL) || (dh->g == NULL))

-		return(NULL);

-	return(dh);

-	}

-#endif

-/* static int load_CA(SSL_CTX *ctx, char *file);*/

-#undef BUFSIZZ

-#define BUFSIZZ	16*1024

-static int bufsize=BUFSIZZ;

-static int accept_socket= -1;

-#define TEST_CERT	"server.pem"

-#ifndef OPENSSL_NO_TLSEXT

-#define TEST_CERT2	"server2.pem"

-#endif

-#undef PROG

-#define PROG		s_server_main

-extern int verify_depth;

-static char *cipher=NULL;

-static int s_server_verify=SSL_VERIFY_NONE;

-static int s_server_session_id_context = 1; /* anything will do */

-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;

-#ifndef OPENSSL_NO_TLSEXT

-static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;

-#endif

-static char *s_dcert_file=NULL,*s_dkey_file=NULL;

-#ifdef FIONBIO

-static int s_nbio=0;

-#endif

-static int s_nbio_test=0;

-int s_crlf=0;

-static SSL_CTX *ctx=NULL;

-#ifndef OPENSSL_NO_TLSEXT

-static SSL_CTX *ctx2=NULL;

-#endif

-static int www=0;

-static BIO *bio_s_out=NULL;

-static int s_debug=0;

-#ifndef OPENSSL_NO_TLSEXT

-static int s_tlsextdebug=0;

-#endif

-static int s_msg=0;

-static int s_quiet=0;

-static int hack=0;

-#ifndef OPENSSL_NO_ENGINE

-static char *engine_id=NULL;

-#endif

-static const char *session_id_prefix=NULL;

-static int enable_timeouts = 0;

-#ifdef mtu

-#undef mtu

-#endif

-static long mtu;

-static int cert_chain = 0;

-#ifdef MONOLITH

-static void s_server_init(void)

-	{

-	accept_socket=-1;

-	cipher=NULL;

-	s_server_verify=SSL_VERIFY_NONE;

-	s_dcert_file=NULL;

-	s_dkey_file=NULL;

-	s_cert_file=TEST_CERT;

-	s_key_file=NULL;

-#ifndef OPENSSL_NO_TLSEXT

-	s_cert_file2=TEST_CERT2;

-	s_key_file2=NULL;

-	ctx2=NULL;

-#endif

-#ifdef FIONBIO

-	s_nbio=0;

-#endif

-	s_nbio_test=0;

-	ctx=NULL;

-	www=0;

-	bio_s_out=NULL;

-	s_debug=0;

-	s_msg=0;

-	s_quiet=0;

-	hack=0;

-#ifndef OPENSSL_NO_ENGINE

-	engine_id=NULL;

-#endif

-	}

-#endif

-static void sv_usage(void)

-	{

-	BIO_printf(bio_err,"usage: s_server [args ...]\n");

-	BIO_printf(bio_err,"\n");

-	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);

-	BIO_printf(bio_err," -context arg  - set session ID context\n");

-	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");

-	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");

-	BIO_printf(bio_err," -cert arg     - certificate file to use\n");

-	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);

-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");

-	BIO_printf(bio_err," -key arg      - Private Key file to use, in cert file if\n");

-	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);

-	BIO_printf(bio_err," -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");

-	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");

-	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");

-	BIO_printf(bio_err," -dcertform x  - second certificate format (PEM or DER) PEM default\n");

-	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");

-	BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");

-	BIO_printf(bio_err," -dpass arg    - second private key file pass phrase source\n");

-	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");

-	BIO_printf(bio_err,"                 or a default set of parameters is used\n");

-#ifndef OPENSSL_NO_ECDH

-	BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \

-	                   "                 Use \"openssl ecparam -list_curves\" for all names\n" \

-	                   "                 (default is sect163r2).\n");

-#endif

-#ifdef FIONBIO

-	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");

-#endif

-	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");

-	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");

-	BIO_printf(bio_err," -debug        - Print more output\n");

-	BIO_printf(bio_err," -msg          - Show protocol messages\n");

-	BIO_printf(bio_err," -state        - Print the SSL states\n");

-	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");

-	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");

-	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");

-	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");

-	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");

-	BIO_printf(bio_err," -quiet        - No server output\n");

-	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");

-	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");

-	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");

-	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");

-	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");

-	BIO_printf(bio_err," -timeout      - Enable timeouts\n");

-	BIO_printf(bio_err," -mtu          - Set MTU\n");

-	BIO_printf(bio_err," -chain        - Read a certificate chain\n");

-	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");

-	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");

-	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");

-#ifndef OPENSSL_NO_DH

-	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");

-#endif

-#ifndef OPENSSL_NO_ECDH

-	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");

-#endif

-	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");

-	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");

-	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");

-	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");

-        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");

-#ifndef OPENSSL_NO_ENGINE

-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");

-#endif

-	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");

-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-#ifndef OPENSSL_NO_TLSEXT

-	BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");

-	BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");

-	BIO_printf(bio_err," -cert2 arg    - certificate file to use for servername\n");

-	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT2);

-	BIO_printf(bio_err," -key2 arg     - Private Key file to use for servername, in cert file if\n");

-	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);

-	BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");

-	BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");

-#endif

-	}

-static int local_argc=0;

-static char **local_argv;

-#ifdef CHARSET_EBCDIC

-static int ebcdic_new(BIO *bi);

-static int ebcdic_free(BIO *a);

-static int ebcdic_read(BIO *b, char *out, int outl);

-static int ebcdic_write(BIO *b, const char *in, int inl);

-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);

-static int ebcdic_gets(BIO *bp, char *buf, int size);

-static int ebcdic_puts(BIO *bp, const char *str);

-#define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)

-static BIO_METHOD methods_ebcdic=

-	{

-	BIO_TYPE_EBCDIC_FILTER,

-	"EBCDIC/ASCII filter",

-	ebcdic_write,

-	ebcdic_read,

-	ebcdic_puts,

-	ebcdic_gets,

-	ebcdic_ctrl,

-	ebcdic_new,

-	ebcdic_free,

-	};

-typedef struct

-{

-	size_t	alloced;

-	char	buff[1];

-} EBCDIC_OUTBUFF;

-BIO_METHOD *BIO_f_ebcdic_filter()

-{

-	return(&methods_ebcdic);

-}

-static int ebcdic_new(BIO *bi)

-{

-	EBCDIC_OUTBUFF *wbuf;

-	wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);

-	wbuf->alloced = 1024;

-	wbuf->buff[0] = '\0';

-	bi->ptr=(char *)wbuf;

-	bi->init=1;

-	bi->flags=0;

-	return(1);

-}

-static int ebcdic_free(BIO *a)

-{

-	if (a == NULL) return(0);

-	if (a->ptr != NULL)

-		OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-}

-static int ebcdic_read(BIO *b, char *out, int outl)

-{

-	int ret=0;

-	if (out == NULL || outl == 0) return(0);

-	if (b->next_bio == NULL) return(0);

-	ret=BIO_read(b->next_bio,out,outl);

-	if (ret > 0)

-		ascii2ebcdic(out,out,ret);

-	return(ret);

-}

-static int ebcdic_write(BIO *b, const char *in, int inl)

-{

-	EBCDIC_OUTBUFF *wbuf;

-	int ret=0;

-	int num;

-	unsigned char n;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	if (b->next_bio == NULL) return(0);

-	wbuf=(EBCDIC_OUTBUFF *)b->ptr;

-	if (inl > (num = wbuf->alloced))

-	{

-		num = num + num;  /* double the size */

-		if (num < inl)

-			num = inl;

-		OPENSSL_free(wbuf);

-		wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);

-		wbuf->alloced = num;

-		wbuf->buff[0] = '\0';

-		b->ptr=(char *)wbuf;

-	}

-	ebcdic2ascii(wbuf->buff, in, inl);

-	ret=BIO_write(b->next_bio, wbuf->buff, inl);

-	return(ret);

-}

-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)

-{

-	long ret;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-	{

-	case BIO_CTRL_DUP:

-		ret=0L;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	}

-	return(ret);

-}

-static int ebcdic_gets(BIO *bp, char *buf, int size)

-{

-	int i, ret=0;

-	if (bp->next_bio == NULL) return(0);

-/*	return(BIO_gets(bp->next_bio,buf,size));*/

-	for (i=0; i<size-1; ++i)

-	{

-		ret = ebcdic_read(bp,&buf[i],1);

-		if (ret <= 0)

-			break;

-		else if (buf[i] == '\n')

-		{

-			++i;

-			break;

-		}

-	}

-	if (i < size)

-		buf[i] = '\0';

-	return (ret < 0 && i == 0) ? ret : i;

-}

-static int ebcdic_puts(BIO *bp, const char *str)

-{

-	if (bp->next_bio == NULL) return(0);

-	return ebcdic_write(bp, str, strlen(str));

-}

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-/* This is a context that we pass to callbacks */

-typedef struct tlsextctx_st {

-   char * servername;

-   BIO * biodebug;

-   int extension_error;

-} tlsextctx;

-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)

-	{

-	tlsextctx * p = (tlsextctx *) arg;

-	const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);

-        if (servername && p->biodebug)

-		BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);

-	if (!p->servername)

-		return SSL_TLSEXT_ERR_NOACK;

-	if (servername)

-		{

-    		if (strcmp(servername,p->servername))

-			return p->extension_error;

-		if (ctx2)

-			{

-			BIO_printf(p->biodebug,"Swiching server context.\n");

-			SSL_set_SSL_CTX(s,ctx2);

-			}

-		}

-	return SSL_TLSEXT_ERR_OK;

-}

-#endif

-int MAIN(int, char **);

-int MAIN(int argc, char *argv[])

-	{

-	X509_STORE *store = NULL;

-	int vflags = 0;

-	short port=PORT;

-	char *CApath=NULL,*CAfile=NULL;

-	unsigned char *context = NULL;

-	char *dhfile = NULL;

-#ifndef OPENSSL_NO_ECDH

-	char *named_curve = NULL;

-#endif

-	int badop=0,bugs=0;

-	int ret=1;

-	int off=0;

-	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;

-	int state=0;

-	SSL_METHOD *meth=NULL;

-        int socket_type=SOCK_STREAM;

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e=NULL;

-#endif

-	char *inrand=NULL;

-	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;

-	char *passarg = NULL, *pass = NULL;

-	char *dpassarg = NULL, *dpass = NULL;

-	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;

-	X509 *s_cert = NULL, *s_dcert = NULL;

-	EVP_PKEY *s_key = NULL, *s_dkey = NULL;

-#ifndef OPENSSL_NO_TLSEXT

-	EVP_PKEY *s_key2 = NULL;

-	X509 *s_cert2 = NULL;

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};

-#endif

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-	meth=SSLv23_server_method();

-#elif !defined(OPENSSL_NO_SSL3)

-	meth=SSLv3_server_method();

-#elif !defined(OPENSSL_NO_SSL2)

-	meth=SSLv2_server_method();

-#endif

-	local_argc=argc;

-	local_argv=argv;

-	apps_startup();

-#ifdef MONOLITH

-	s_server_init();

-#endif

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	verify_depth=0;

-#ifdef FIONBIO

-	s_nbio=0;

-#endif

-	s_nbio_test=0;

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	((strcmp(*argv,"-port") == 0) ||

-			 (strcmp(*argv,"-accept") == 0))

-			{

-			if (--argc < 1) goto bad;

-			if (!extract_port(*(++argv),&port))

-				goto bad;

-			}

-		else if	(strcmp(*argv,"-verify") == 0)

-			{

-			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;

-			if (--argc < 1) goto bad;

-			verify_depth=atoi(*(++argv));

-			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

-			}

-		else if	(strcmp(*argv,"-Verify") == 0)

-			{

-			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|

-				SSL_VERIFY_CLIENT_ONCE;

-			if (--argc < 1) goto bad;

-			verify_depth=atoi(*(++argv));

-			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);

-			}

-		else if	(strcmp(*argv,"-context") == 0)

-			{

-			if (--argc < 1) goto bad;

-			context= (unsigned char *)*(++argv);

-			}

-		else if	(strcmp(*argv,"-cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_cert_file= *(++argv);

-			}

-		else if	(strcmp(*argv,"-certform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_cert_format = str2fmt(*(++argv));

-			}

-		else if	(strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_key_file= *(++argv);

-			}

-		else if	(strcmp(*argv,"-keyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_key_format = str2fmt(*(++argv));

-			}

-		else if	(strcmp(*argv,"-pass") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passarg = *(++argv);

-			}

-		else if	(strcmp(*argv,"-dhparam") == 0)

-			{

-			if (--argc < 1) goto bad;

-			dhfile = *(++argv);

-			}

-#ifndef OPENSSL_NO_ECDH

-		else if	(strcmp(*argv,"-named_curve") == 0)

-			{

-			if (--argc < 1) goto bad;

-			named_curve = *(++argv);

-			}

-#endif

-		else if	(strcmp(*argv,"-dcertform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_dcert_format = str2fmt(*(++argv));

-			}

-		else if	(strcmp(*argv,"-dcert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_dcert_file= *(++argv);

-			}

-		else if	(strcmp(*argv,"-dkeyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_dkey_format = str2fmt(*(++argv));

-			}

-		else if	(strcmp(*argv,"-dpass") == 0)

-			{

-			if (--argc < 1) goto bad;

-			dpassarg = *(++argv);

-			}

-		else if	(strcmp(*argv,"-dkey") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_dkey_file= *(++argv);

-			}

-		else if (strcmp(*argv,"-nocert") == 0)

-			{

-			nocert=1;

-			}

-		else if	(strcmp(*argv,"-CApath") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CApath= *(++argv);

-			}

-		else if (strcmp(*argv,"-crl_check") == 0)

-			{

-			vflags |= X509_V_FLAG_CRL_CHECK;

-			}

-		else if (strcmp(*argv,"-crl_check") == 0)

-			{

-			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;

-			}

-		else if	(strcmp(*argv,"-serverpref") == 0)

-			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

-		else if	(strcmp(*argv,"-cipher") == 0)

-			{

-			if (--argc < 1) goto bad;

-			cipher= *(++argv);

-			}

-		else if	(strcmp(*argv,"-CAfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAfile= *(++argv);

-			}

-#ifdef FIONBIO

-		else if	(strcmp(*argv,"-nbio") == 0)

-			{ s_nbio=1; }

-#endif

-		else if	(strcmp(*argv,"-nbio_test") == 0)

-			{

-#ifdef FIONBIO

-			s_nbio=1;

-#endif

-			s_nbio_test=1;

-			}

-		else if	(strcmp(*argv,"-debug") == 0)

-			{ s_debug=1; }

-#ifndef OPENSSL_NO_TLSEXT

-		else if	(strcmp(*argv,"-tlsextdebug") == 0)

-			s_tlsextdebug=1;

-#endif

-		else if	(strcmp(*argv,"-msg") == 0)

-			{ s_msg=1; }

-		else if	(strcmp(*argv,"-hack") == 0)

-			{ hack=1; }

-		else if	(strcmp(*argv,"-state") == 0)

-			{ state=1; }

-		else if	(strcmp(*argv,"-crlf") == 0)

-			{ s_crlf=1; }

-		else if	(strcmp(*argv,"-quiet") == 0)

-			{ s_quiet=1; }

-		else if	(strcmp(*argv,"-bugs") == 0)

-			{ bugs=1; }

-		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)

-			{ no_tmp_rsa=1; }

-		else if	(strcmp(*argv,"-no_dhe") == 0)

-			{ no_dhe=1; }

-		else if	(strcmp(*argv,"-no_ecdhe") == 0)

-			{ no_ecdhe=1; }

-		else if	(strcmp(*argv,"-www") == 0)

-			{ www=1; }

-		else if	(strcmp(*argv,"-WWW") == 0)

-			{ www=2; }

-		else if	(strcmp(*argv,"-HTTP") == 0)

-			{ www=3; }

-		else if	(strcmp(*argv,"-no_ssl2") == 0)

-			{ off|=SSL_OP_NO_SSLv2; }

-		else if	(strcmp(*argv,"-no_ssl3") == 0)

-			{ off|=SSL_OP_NO_SSLv3; }

-		else if	(strcmp(*argv,"-no_tls1") == 0)

-			{ off|=SSL_OP_NO_TLSv1; }

-#ifndef OPENSSL_NO_TLSEXT

-		else if	(strcmp(*argv,"-no_ticket") == 0)

-			{ off|=SSL_OP_NO_TICKET; }

-#endif

-#ifndef OPENSSL_NO_SSL2

-		else if	(strcmp(*argv,"-ssl2") == 0)

-			{ meth=SSLv2_server_method(); }

-#endif

-#ifndef OPENSSL_NO_SSL3

-		else if	(strcmp(*argv,"-ssl3") == 0)

-			{ meth=SSLv3_server_method(); }

-#endif

-#ifndef OPENSSL_NO_TLS1

-		else if	(strcmp(*argv,"-tls1") == 0)

-			{ meth=TLSv1_server_method(); }

-#endif

-#ifndef OPENSSL_NO_DTLS1

-		else if	(strcmp(*argv,"-dtls1") == 0)

-			{

-			meth=DTLSv1_server_method();

-			socket_type = SOCK_DGRAM;

-			}

-		else if (strcmp(*argv,"-timeout") == 0)

-			enable_timeouts = 1;

-		else if (strcmp(*argv,"-mtu") == 0)

-			{

-			if (--argc < 1) goto bad;

-			mtu = atol(*(++argv));

-			}

-		else if (strcmp(*argv, "-chain") == 0)

-			cert_chain = 1;

-#endif

-		else if (strcmp(*argv, "-id_prefix") == 0)

-			{

-			if (--argc < 1) goto bad;

-			session_id_prefix = *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine_id= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-rand") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inrand= *(++argv);

-			}

-#ifndef OPENSSL_NO_TLSEXT

-		else if (strcmp(*argv,"-servername") == 0)

-			{

-			if (--argc < 1) goto bad;

-			tlsextcbp.servername= *(++argv);

-			}

-		else if (strcmp(*argv,"-servername_fatal") == 0)

-			{ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }

-		else if	(strcmp(*argv,"-cert2") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_cert_file2= *(++argv);

-			}

-		else if	(strcmp(*argv,"-key2") == 0)

-			{

-			if (--argc < 1) goto bad;

-			s_key_file2= *(++argv);

-			}

-#endif

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badop=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badop)

-		{

-bad:

-		sv_usage();

-		goto end;

-		}

-	SSL_load_error_strings();

-	OpenSSL_add_ssl_algorithms();

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine_id, 1);

-#endif

-	if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))

-		{

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-		}

-	if (s_key_file == NULL)

-		s_key_file = s_cert_file;

-#ifndef OPENSSL_NO_TLSEXT

-	if (s_key_file2 == NULL)

-		s_key_file2 = s_cert_file2;

-#endif

-	if (nocert == 0)

-		{

-		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,

-		       "server certificate private key file");

-		if (!s_key)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		s_cert = load_cert(bio_err,s_cert_file,s_cert_format,

-			NULL, e, "server certificate file");

-		if (!s_cert)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-#ifndef OPENSSL_NO_TLSEXT

-		if (tlsextcbp.servername)

-			{

-			s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,

-				"second server certificate private key file");

-			if (!s_key2)

-				{

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,

-				NULL, e, "second server certificate file");

-			if (!s_cert2)

-				{

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			}

-#endif

-		}

-	if (s_dcert_file)

-		{

-		if (s_dkey_file == NULL)

-			s_dkey_file = s_dcert_file;

-		s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,

-				0, dpass, e,

-			       "second certificate private key file");

-		if (!s_dkey)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,

-				NULL, e, "second server certificate file");

-		if (!s_dcert)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL

-		&& !RAND_status())

-		{

-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");

-		}

-	if (inrand != NULL)

-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-			app_RAND_load_files(inrand));

-	if (bio_s_out == NULL)

-		{

-		if (s_quiet && !s_debug && !s_msg)

-			{

-			bio_s_out=BIO_new(BIO_s_null());

-			}

-		else

-			{

-			if (bio_s_out == NULL)

-				bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);

-			}

-		}

-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)

-	if (nocert)

-#endif

-		{

-		s_cert_file=NULL;

-		s_key_file=NULL;

-		s_dcert_file=NULL;

-		s_dkey_file=NULL;

-#ifndef OPENSSL_NO_TLSEXT

-		s_cert_file2=NULL;

-		s_key_file2=NULL;

-#endif

-		}

-	ctx=SSL_CTX_new(meth);

-	if (ctx == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (session_id_prefix)

-		{

-		if(strlen(session_id_prefix) >= 32)

-			BIO_printf(bio_err,

-"warning: id_prefix is too long, only one new session will be possible\n");

-		else if(strlen(session_id_prefix) >= 16)

-			BIO_printf(bio_err,

-"warning: id_prefix is too long if you use SSLv2\n");

-		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))

-			{

-			BIO_printf(bio_err,"error setting 'id_prefix'\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);

-		}

-	SSL_CTX_set_quiet_shutdown(ctx,1);

-	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);

-	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);

-	SSL_CTX_set_options(ctx,off);

-	/* DTLS: partial reads end up discarding unread UDP bytes :-(

-	 * Setting read ahead solves this problem.

-	 */

-	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

-	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);

-	SSL_CTX_sess_set_cache_size(ctx,128);

-#if 0

-	if (cipher == NULL) cipher=getenv("SSL_CIPHER");

-#endif

-#if 0

-	if (s_cert_file == NULL)

-		{

-		BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");

-		goto end;

-		}

-#endif

-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(ctx)))

-		{

-		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */

-		ERR_print_errors(bio_err);

-		/* goto end; */

-		}

-	store = SSL_CTX_get_cert_store(ctx);

-	X509_STORE_set_flags(store, vflags);

-#ifndef OPENSSL_NO_TLSEXT

-	if (s_cert2)

-		{

-		ctx2=SSL_CTX_new(meth);

-		if (ctx2 == NULL)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (ctx2)

-		{

-		BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");

-		if (session_id_prefix)

-			{

-			if(strlen(session_id_prefix) >= 32)

-				BIO_printf(bio_err,

-					"warning: id_prefix is too long, only one new session will be possible\n");

-			else if(strlen(session_id_prefix) >= 16)

-				BIO_printf(bio_err,

-					"warning: id_prefix is too long if you use SSLv2\n");

-			if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))

-				{

-				BIO_printf(bio_err,"error setting 'id_prefix'\n");

-				ERR_print_errors(bio_err);

-				goto end;

-				}

-			BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);

-			}

-		SSL_CTX_set_quiet_shutdown(ctx2,1);

-		if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);

-		if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);

-		SSL_CTX_set_options(ctx2,off);

-		/* DTLS: partial reads end up discarding unread UDP bytes :-(

-		 * Setting read ahead solves this problem.

-		 */

-		if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);

-		if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);

-		SSL_CTX_sess_set_cache_size(ctx2,128);

-		if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||

-			(!SSL_CTX_set_default_verify_paths(ctx2)))

-			{

-			ERR_print_errors(bio_err);

-			}

-		store = SSL_CTX_get_cert_store(ctx2);

-		X509_STORE_set_flags(store, vflags);

-		}

-#endif

-#ifndef OPENSSL_NO_DH

-	if (!no_dhe)

-		{

-		DH *dh=NULL;

-		if (dhfile)

-			dh = load_dh_param(dhfile);

-		else if (s_cert_file)

-			dh = load_dh_param(s_cert_file);

-		if (dh != NULL)

-			{

-			BIO_printf(bio_s_out,"Setting temp DH parameters\n");

-			}

-		else

-			{

-			BIO_printf(bio_s_out,"Using default temp DH parameters\n");

-			dh=get_dh512();

-			}

-		(void)BIO_flush(bio_s_out);

-		SSL_CTX_set_tmp_dh(ctx,dh);

-#ifndef OPENSSL_NO_TLSEXT

-		if (ctx2)

-			{

-			if (!dhfile)

-				{

-				DH *dh2=load_dh_param(s_cert_file2);

-				if (dh2 != NULL)

-					{

-					BIO_printf(bio_s_out,"Setting temp DH parameters\n");

-					(void)BIO_flush(bio_s_out);

-					DH_free(dh);

-					dh = dh2;

-					}

-				}

-			SSL_CTX_set_tmp_dh(ctx2,dh);

-			}

-#endif

-		DH_free(dh);

-		}

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (!no_ecdhe)

-		{

-		EC_KEY *ecdh=NULL;

-		if (named_curve)

-			{

-			int nid = OBJ_sn2nid(named_curve);

-			if (nid == 0)

-				{

-				BIO_printf(bio_err, "unknown curve name (%s)\n",

-					named_curve);

-				goto end;

-				}

-			ecdh = EC_KEY_new_by_curve_name(nid);

-			if (ecdh == NULL)

-				{

-				BIO_printf(bio_err, "unable to create curve (%s)\n",

-					named_curve);

-				goto end;

-				}

-			}

-		if (ecdh != NULL)

-			{

-			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");

-			}

-		else

-			{

-			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");

-			ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);

-			if (ecdh == NULL)

-				{

-				BIO_printf(bio_err, "unable to create curve (sect163r2)\n");

-				goto end;

-				}

-			}

-		(void)BIO_flush(bio_s_out);

-		SSL_CTX_set_tmp_ecdh(ctx,ecdh);

-#ifndef OPENSSL_NO_TLSEXT

-		if (ctx2)

-			SSL_CTX_set_tmp_ecdh(ctx2,ecdh);

-#endif

-		EC_KEY_free(ecdh);

-		}

-#endif

-	if (!set_cert_key_stuff(ctx,s_cert,s_key))

-		goto end;

-#ifndef OPENSSL_NO_TLSEXT

-	if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))

-		goto end;

-#endif

-	if (s_dcert != NULL)

-		{

-		if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))

-			goto end;

-		}

-#ifndef OPENSSL_NO_RSA

-#if 1

-	if (!no_tmp_rsa)

-		{

-		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);

-#ifndef OPENSSL_NO_TLSEXT

-		if (ctx2)

-			SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);

-#endif

-		}

-#else

-	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))

-		{

-		RSA *rsa;

-		BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");

-		BIO_flush(bio_s_out);

-		rsa=RSA_generate_key(512,RSA_F4,NULL);

-		if (!SSL_CTX_set_tmp_rsa(ctx,rsa))

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-#ifndef OPENSSL_NO_TLSEXT

-			if (ctx2)

-				{

-				if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))

-					{

-					ERR_print_errors(bio_err);

-					goto end;

-					}

-				}

-#endif

-		RSA_free(rsa);

-		BIO_printf(bio_s_out,"\n");

-		}

-#endif

-#endif

-	if (cipher != NULL)

-		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {

-		BIO_printf(bio_err,"error setting cipher list\n");

-		ERR_print_errors(bio_err);

-		goto end;

-#ifndef OPENSSL_NO_TLSEXT

-		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))

-			{

-			BIO_printf(bio_err,"error setting cipher list\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-#endif

-	}

-	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);

-	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,

-		sizeof s_server_session_id_context);

-#ifndef OPENSSL_NO_TLSEXT

-	if (ctx2)

-		{

-		SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);

-		SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,

-			sizeof s_server_session_id_context);

-		tlsextcbp.biodebug = bio_s_out;

-		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);

-		SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);

-		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

-		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);

-		}

-#endif

-	if (CAfile != NULL)

-		{

-		SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));

-#ifndef OPENSSL_NO_TLSEXT

-		if (ctx2)

-			SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));

-#endif

-		}

-	BIO_printf(bio_s_out,"ACCEPT\n");

-	if (www)

-		do_server(port,socket_type,&accept_socket,www_body, context);

-	else

-		do_server(port,socket_type,&accept_socket,sv_body, context);

-	print_stats(bio_s_out,ctx);

-	ret=0;

-end:

-	if (ctx != NULL) SSL_CTX_free(ctx);

-	if (s_cert)

-		X509_free(s_cert);

-	if (s_dcert)

-		X509_free(s_dcert);

-	if (s_key)

-		EVP_PKEY_free(s_key);

-	if (s_dkey)

-		EVP_PKEY_free(s_dkey);

-	if (pass)

-		OPENSSL_free(pass);

-	if (dpass)

-		OPENSSL_free(dpass);

-#ifndef OPENSSL_NO_TLSEXT

-	if (ctx2 != NULL) SSL_CTX_free(ctx2);

-	if (s_cert2)

-		X509_free(s_cert2);

-	if (s_key2)

-		EVP_PKEY_free(s_key2);

-#endif

-	if (bio_s_out != NULL)

-		{

-        BIO_free(bio_s_out);

-		bio_s_out=NULL;

-		}

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)

-	{

-	BIO_printf(bio,"%4ld items in the session cache\n",

-		SSL_CTX_sess_number(ssl_ctx));

-	BIO_printf(bio,"%4ld client connects (SSL_connect())\n",

-		SSL_CTX_sess_connect(ssl_ctx));

-	BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",

-		SSL_CTX_sess_connect_renegotiate(ssl_ctx));

-	BIO_printf(bio,"%4ld client connects that finished\n",

-		SSL_CTX_sess_connect_good(ssl_ctx));

-	BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",

-		SSL_CTX_sess_accept(ssl_ctx));

-	BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",

-		SSL_CTX_sess_accept_renegotiate(ssl_ctx));

-	BIO_printf(bio,"%4ld server accepts that finished\n",

-		SSL_CTX_sess_accept_good(ssl_ctx));

-	BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));

-	BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));

-	BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));

-	BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));

-	BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",

-		SSL_CTX_sess_cache_full(ssl_ctx),

-		SSL_CTX_sess_get_cache_size(ssl_ctx));

-	}

-static int sv_body(char *hostname, int s, unsigned char *context)

-	{

-	char *buf=NULL;

-	fd_set readfds;

-	int ret=1,width;

-	int k,i;

-	unsigned long l;

-	SSL *con=NULL;

-	BIO *sbio;

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)

-	struct timeval tv;

-#endif

-	if ((buf=OPENSSL_malloc(bufsize)) == NULL)

-		{

-		BIO_printf(bio_err,"out of memory\n");

-		goto err;

-		}

-#ifdef FIONBIO

-	if (s_nbio)

-		{

-		unsigned long sl=1;

-		if (!s_quiet)

-			BIO_printf(bio_err,"turning on non blocking io\n");

-		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)

-			ERR_print_errors(bio_err);

-		}

-#endif

-	if (con == NULL) {

-		con=SSL_new(ctx);

-#ifndef OPENSSL_NO_TLSEXT

-	if (s_tlsextdebug)

-		{

-		SSL_set_tlsext_debug_callback(con, tlsext_cb);

-		SSL_set_tlsext_debug_arg(con, bio_s_out);

-		}

-#endif

-#ifndef OPENSSL_NO_KRB5

-		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)

-                        {

-                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,

-								KRB5SVC);

-                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,

-								KRB5KEYTAB);

-                        }

-#endif	/* OPENSSL_NO_KRB5 */

-		if(context)

-		      SSL_set_session_id_context(con, context,

-						 strlen((char *)context));

-	}

-	SSL_clear(con);

-	if (SSL_version(con) == DTLS1_VERSION)

-		{

-		struct timeval timeout;

-		sbio=BIO_new_dgram(s,BIO_NOCLOSE);

-		if ( enable_timeouts)

-			{

-			timeout.tv_sec = 0;

-			timeout.tv_usec = DGRAM_RCV_TIMEOUT;

-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);

-			timeout.tv_sec = 0;

-			timeout.tv_usec = DGRAM_SND_TIMEOUT;

-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);

-			}

-		if ( mtu > 0)

-			{

-			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);

-			SSL_set_mtu(con, mtu);

-			}

-		else

-			/* want to do MTU discovery */

-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);

-        /* turn on cookie exchange */

-        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);

-		}

-	else

-		sbio=BIO_new_socket(s,BIO_NOCLOSE);

-	if (s_nbio_test)

-		{

-		BIO *test;

-		test=BIO_new(BIO_f_nbio_test());

-		sbio=BIO_push(test,sbio);

-		}

-	SSL_set_bio(con,sbio,sbio);

-	SSL_set_accept_state(con);

-	/* SSL_set_fd(con,s); */

-	if (s_debug)

-		{

-		con->debug=1;

-		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);

-		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);

-		}

-	if (s_msg)

-		{

-		SSL_set_msg_callback(con, msg_cb);

-		SSL_set_msg_callback_arg(con, bio_s_out);

-		}

-#ifndef OPENSSL_NO_TLSEXT

-	if (s_tlsextdebug)

-		{

-		SSL_set_tlsext_debug_callback(con, tlsext_cb);

-		SSL_set_tlsext_debug_arg(con, bio_s_out);

-		}

-#endif

-	width=s+1;

-	for (;;)

-		{

-		int read_from_terminal;

-		int read_from_sslcon;

-		read_from_terminal = 0;

-		read_from_sslcon = SSL_pending(con);

-		if (!read_from_sslcon)

-			{

-			FD_ZERO(&readfds);

-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)

-			FD_SET(fileno(stdin),&readfds);

-#endif

-			FD_SET(s,&readfds);

-			/* Note: under VMS with SOCKETSHR the second parameter is

-			 * currently of type (int *) whereas under other systems

-			 * it is (void *) if you don't have a cast it will choke

-			 * the compiler: if you do have a cast then you can either

-			 * go for (int *) or (void *).

-			 */

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)

-                        /* Under DOS (non-djgpp) and Windows we can't select on stdin: only

-			 * on sockets. As a workaround we timeout the select every

-			 * second and check for any keypress. In a proper Windows

-			 * application we wouldn't do this because it is inefficient.

-			 */

-			tv.tv_sec = 1;

-			tv.tv_usec = 0;

-			i=select(width,(void *)&readfds,NULL,NULL,&tv);

-			if((i < 0) || (!i && !_kbhit() ) )continue;

-			if(_kbhit())

-				read_from_terminal = 1;

-#else

-			i=select(width,(void *)&readfds,NULL,NULL,NULL);

-			if (i <= 0) continue;

-			if (FD_ISSET(fileno(stdin),&readfds))

-				read_from_terminal = 1;

-#endif

-			if (FD_ISSET(s,&readfds))

-				read_from_sslcon = 1;

-			}

-		if (read_from_terminal)

-			{

-			if (s_crlf)

-				{

-				int j, lf_num;

-				i=read(fileno(stdin), buf, bufsize/2);

-				lf_num = 0;

-				/* both loops are skipped when i <= 0 */

-				for (j = 0; j < i; j++)

-					if (buf[j] == '\n')

-						lf_num++;

-				for (j = i-1; j >= 0; j--)

-					{

-					buf[j+lf_num] = buf[j];

-					if (buf[j] == '\n')

-						{

-						lf_num--;

-						i++;

-						buf[j+lf_num] = '\r';

-						}

-					}

-				assert(lf_num == 0);

-				}

-			else

-				i=read(fileno(stdin),buf,bufsize);

-			if (!s_quiet)

-				{

-				if ((i <= 0) || (buf[0] == 'Q'))

-					{

-					BIO_printf(bio_s_out,"DONE\n");

-					SHUTDOWN(s);

-					close_accept_socket();

-					ret= -11;

-					goto err;

-					}

-				if ((i <= 0) || (buf[0] == 'q'))

-					{

-					BIO_printf(bio_s_out,"DONE\n");

-					if (SSL_version(con) != DTLS1_VERSION)

-                        SHUTDOWN(s);

-	/*				close_accept_socket();

-					ret= -11;*/

-					goto err;

-					}

-				if ((buf[0] == 'r') &&

-					((buf[1] == '\n') || (buf[1] == '\r')))

-					{

-					SSL_renegotiate(con);

-					i=SSL_do_handshake(con);

-					printf("SSL_do_handshake -> %d\n",i);

-					i=0; /*13; */

-					continue;

-					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */

-					}

-				if ((buf[0] == 'R') &&

-					((buf[1] == '\n') || (buf[1] == '\r')))

-					{

-					SSL_set_verify(con,

-						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);

-					SSL_renegotiate(con);

-					i=SSL_do_handshake(con);

-					printf("SSL_do_handshake -> %d\n",i);

-					i=0; /* 13; */

-					continue;

-					/* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */

-					}

-				if (buf[0] == 'P')

-					{

-					static const char *str="Lets print some clear text\n";

-					BIO_write(SSL_get_wbio(con),str,strlen(str));

-					}

-				if (buf[0] == 'S')

-					{

-					print_stats(bio_s_out,SSL_get_SSL_CTX(con));

-					}

-				}

-#ifdef CHARSET_EBCDIC

-			ebcdic2ascii(buf,buf,i);

-#endif

-			l=k=0;

-			for (;;)

-				{

-				/* should do a select for the write */

-#ifdef RENEG

-{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }

-#endif

-				k=SSL_write(con,&(buf[l]),(unsigned int)i);

-				switch (SSL_get_error(con,k))

-					{

-				case SSL_ERROR_NONE:

-					break;

-				case SSL_ERROR_WANT_WRITE:

-				case SSL_ERROR_WANT_READ:

-				case SSL_ERROR_WANT_X509_LOOKUP:

-					BIO_printf(bio_s_out,"Write BLOCK\n");

-					break;

-				case SSL_ERROR_SYSCALL:

-				case SSL_ERROR_SSL:

-					BIO_printf(bio_s_out,"ERROR\n");

-					ERR_print_errors(bio_err);

-					ret=1;

-					goto err;

-					/* break; */

-				case SSL_ERROR_ZERO_RETURN:

-					BIO_printf(bio_s_out,"DONE\n");

-					ret=1;

-					goto err;

-					}

-				l+=k;

-				i-=k;

-				if (i <= 0) break;

-				}

-			}

-		if (read_from_sslcon)

-			{

-			if (!SSL_is_init_finished(con))

-				{

-				i=init_ssl_connection(con);

-				if (i < 0)

-					{

-					ret=0;

-					goto err;

-					}

-				else if (i == 0)

-					{

-					ret=1;

-					goto err;

-					}

-				}

-			else

-				{

-again:

-				i=SSL_read(con,(char *)buf,bufsize);

-				switch (SSL_get_error(con,i))

-					{

-				case SSL_ERROR_NONE:

-#ifdef CHARSET_EBCDIC

-					ascii2ebcdic(buf,buf,i);

-#endif

-					write(fileno(stdout),buf,

-						(unsigned int)i);

-					if (SSL_pending(con)) goto again;

-					break;

-				case SSL_ERROR_WANT_WRITE:

-				case SSL_ERROR_WANT_READ:

-				case SSL_ERROR_WANT_X509_LOOKUP:

-					BIO_printf(bio_s_out,"Read BLOCK\n");

-					break;

-				case SSL_ERROR_SYSCALL:

-				case SSL_ERROR_SSL:

-					BIO_printf(bio_s_out,"ERROR\n");

-					ERR_print_errors(bio_err);

-					ret=1;

-					goto err;

-				case SSL_ERROR_ZERO_RETURN:

-					BIO_printf(bio_s_out,"DONE\n");

-					ret=1;

-					goto err;

-					}

-				}

-			}

-		}

-err:

-	BIO_printf(bio_s_out,"shutting down SSL\n");

-#if 1

-	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-#else

-	SSL_shutdown(con);

-#endif

-	if (con != NULL) SSL_free(con);

-	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,bufsize);

-		OPENSSL_free(buf);

-		}

-	if (ret >= 0)

-		BIO_printf(bio_s_out,"ACCEPT\n");

-	return(ret);

-	}

-static void close_accept_socket(void)

-	{

-	BIO_printf(bio_err,"shutdown accept socket\n");

-	if (accept_socket >= 0)

-		{

-		SHUTDOWN2(accept_socket);

-		}

-	}

-static int init_ssl_connection(SSL *con)

-	{

-	int i;

-	const char *str;

-	X509 *peer;

-	long verify_error;

-	MS_STATIC char buf[BUFSIZ];

-	if ((i=SSL_accept(con)) <= 0)

-		{

-		if (BIO_sock_should_retry(i))

-			{

-			BIO_printf(bio_s_out,"DELAY\n");

-			return(1);

-			}

-		BIO_printf(bio_err,"ERROR\n");

-		verify_error=SSL_get_verify_result(con);

-		if (verify_error != X509_V_OK)

-			{

-			BIO_printf(bio_err,"verify error:%s\n",

-				X509_verify_cert_error_string(verify_error));

-			}

-		else

-			ERR_print_errors(bio_err);

-		return(0);

-		}

-	PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));

-	peer=SSL_get_peer_certificate(con);

-	if (peer != NULL)

-		{

-		BIO_printf(bio_s_out,"Client certificate\n");

-		PEM_write_bio_X509(bio_s_out,peer);

-		X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);

-		BIO_printf(bio_s_out,"subject=%s\n",buf);

-		X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);

-		BIO_printf(bio_s_out,"issuer=%s\n",buf);

-		X509_free(peer);

-		}

-	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)

-		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

-	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

-	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

-	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");

-	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &

-		TLS1_FLAGS_TLS_PADDING_BUG)

-		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");

-#ifndef OPENSSL_NO_KRB5

-	if (con->kssl_ctx->client_princ != NULL)

-		{

-		BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",

-			con->kssl_ctx->client_princ);

-		}

-#endif /* OPENSSL_NO_KRB5 */

-	return(1);

-	}

-#ifndef OPENSSL_NO_DH

-static DH *load_dh_param(const char *dhfile)

-	{

-	DH *ret=NULL;

-	BIO *bio;

-	if ((bio=BIO_new_file(dhfile,"r")) == NULL)

-		goto err;

-	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);

-err:

-	if (bio != NULL) BIO_free(bio);

-	return(ret);

-	}

-#endif

-#if 0

-static int load_CA(SSL_CTX *ctx, char *file)

-	{

-	FILE *in;

-	X509 *x=NULL;

-	if ((in=fopen(file,"r")) == NULL)

-		return(0);

-	for (;;)

-		{

-		if (PEM_read_X509(in,&x,NULL) == NULL)

-			break;

-		SSL_CTX_add_client_CA(ctx,x);

-		}

-	if (x != NULL) X509_free(x);

-	fclose(in);

-	return(1);

-	}

-#endif

-static int www_body(char *hostname, int s, unsigned char *context)

-	{

-	char *buf=NULL;

-	int ret=1;

-	int i,j,k,blank,dot;

-	struct stat st_buf;

-	SSL *con;

-	SSL_CIPHER *c;

-	BIO *io,*ssl_bio,*sbio;

-	long total_bytes;

-	buf=OPENSSL_malloc(bufsize);

-	if (buf == NULL) return(0);

-	io=BIO_new(BIO_f_buffer());

-	ssl_bio=BIO_new(BIO_f_ssl());

-	if ((io == NULL) || (ssl_bio == NULL)) goto err;

-#ifdef FIONBIO

-	if (s_nbio)

-		{

-		unsigned long sl=1;

-		if (!s_quiet)

-			BIO_printf(bio_err,"turning on non blocking io\n");

-		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)

-			ERR_print_errors(bio_err);

-		}

-#endif

-	/* lets make the output buffer a reasonable size */

-	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;

-	if ((con=SSL_new(ctx)) == NULL) goto err;

-#ifndef OPENSSL_NO_TLSEXT

-		if (s_tlsextdebug)

-			{

-			SSL_set_tlsext_debug_callback(con, tlsext_cb);

-			SSL_set_tlsext_debug_arg(con, bio_s_out);

-			}

-#endif

-#ifndef OPENSSL_NO_KRB5

-	if ((con->kssl_ctx = kssl_ctx_new()) != NULL)

-		{

-		kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);

-		kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);

-		}

-#endif	/* OPENSSL_NO_KRB5 */

-	if(context) SSL_set_session_id_context(con, context,

-					       strlen((char *)context));

-	sbio=BIO_new_socket(s,BIO_NOCLOSE);

-	if (s_nbio_test)

-		{

-		BIO *test;

-		test=BIO_new(BIO_f_nbio_test());

-		sbio=BIO_push(test,sbio);

-		}

-	SSL_set_bio(con,sbio,sbio);

-	SSL_set_accept_state(con);

-	/* SSL_set_fd(con,s); */

-	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);

-	BIO_push(io,ssl_bio);

-#ifdef CHARSET_EBCDIC

-	io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);

-#endif

-	if (s_debug)

-		{

-		con->debug=1;

-		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);

-		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);

-		}

-	if (s_msg)

-		{

-		SSL_set_msg_callback(con, msg_cb);

-		SSL_set_msg_callback_arg(con, bio_s_out);

-		}

-	blank=0;

-	for (;;)

-		{

-		if (hack)

-			{

-			i=SSL_accept(con);

-			switch (SSL_get_error(con,i))

-				{

-			case SSL_ERROR_NONE:

-				break;

-			case SSL_ERROR_WANT_WRITE:

-			case SSL_ERROR_WANT_READ:

-			case SSL_ERROR_WANT_X509_LOOKUP:

-				continue;

-			case SSL_ERROR_SYSCALL:

-			case SSL_ERROR_SSL:

-			case SSL_ERROR_ZERO_RETURN:

-				ret=1;

-				goto err;

-				/* break; */

-				}

-			SSL_renegotiate(con);

-			SSL_write(con,NULL,0);

-			}

-		i=BIO_gets(io,buf,bufsize-1);

-		if (i < 0) /* error */

-			{

-			if (!BIO_should_retry(io))

-				{

-				if (!s_quiet)

-					ERR_print_errors(bio_err);

-				goto err;

-				}

-			else

-				{

-				BIO_printf(bio_s_out,"read R BLOCK\n");

-#if defined(OPENSSL_SYS_NETWARE)

-            delay(1000);

-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)

-				sleep(1);

-#endif

-				continue;

-				}

-			}

-		else if (i == 0) /* end of input */

-			{

-			ret=1;

-			goto end;

-			}

-		/* else we have data */

-		if (	((www == 1) && (strncmp("GET ",buf,4) == 0)) ||

-			((www == 2) && (strncmp("GET /stats ",buf,11) == 0)))

-			{

-			char *p;

-			X509 *peer;

-			STACK_OF(SSL_CIPHER) *sk;

-			static const char *space="                          ";

-			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");

-			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");

-			BIO_puts(io,"<pre>\n");

-/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/

-			BIO_puts(io,"\n");

-			for (i=0; i<local_argc; i++)

-				{

-				BIO_puts(io,local_argv[i]);

-				BIO_write(io," ",1);

-				}

-			BIO_puts(io,"\n");

-			/* The following is evil and should not really

-			 * be done */

-			BIO_printf(io,"Ciphers supported in s_server binary\n");

-			sk=SSL_get_ciphers(con);

-			j=sk_SSL_CIPHER_num(sk);

-			for (i=0; i<j; i++)

-				{

-				c=sk_SSL_CIPHER_value(sk,i);

-				BIO_printf(io,"%-11s:%-25s",

-					SSL_CIPHER_get_version(c),

-					SSL_CIPHER_get_name(c));

-				if ((((i+1)%2) == 0) && (i+1 != j))

-					BIO_puts(io,"\n");

-				}

-			BIO_puts(io,"\n");

-			p=SSL_get_shared_ciphers(con,buf,bufsize);

-			if (p != NULL)

-				{

-				BIO_printf(io,"---\nCiphers common between both SSL end points:\n");

-				j=i=0;

-				while (*p)

-					{

-					if (*p == ':')

-						{

-						BIO_write(io,space,26-j);

-						i++;

-						j=0;

-						BIO_write(io,((i%3)?" ":"\n"),1);

-						}

-					else

-						{

-						BIO_write(io,p,1);

-						j++;

-						}

-					p++;

-					}

-				BIO_puts(io,"\n");

-				}

-			BIO_printf(io,((con->hit)

-				?"---\nReused, "

-				:"---\nNew, "));

-			c=SSL_get_current_cipher(con);

-			BIO_printf(io,"%s, Cipher is %s\n",

-				SSL_CIPHER_get_version(c),

-				SSL_CIPHER_get_name(c));

-			SSL_SESSION_print(io,SSL_get_session(con));

-			BIO_printf(io,"---\n");

-			print_stats(io,SSL_get_SSL_CTX(con));

-			BIO_printf(io,"---\n");

-			peer=SSL_get_peer_certificate(con);

-			if (peer != NULL)

-				{

-				BIO_printf(io,"Client certificate\n");

-				X509_print(io,peer);

-				PEM_write_bio_X509(io,peer);

-				}

-			else

-				BIO_puts(io,"no client certificate available\n");

-			BIO_puts(io,"</BODY></HTML>\r\n\r\n");

-			break;

-			}

-		else if ((www == 2 || www == 3)

-                         && (strncmp("GET /",buf,5) == 0))

-			{

-			BIO *file;

-			char *p,*e;

-			static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";

-			/* skip the '/' */

-			p= &(buf[5]);

-			dot = 1;

-			for (e=p; *e != '\0'; e++)

-				{

-				if (e[0] == ' ')

-					break;

-				switch (dot)

-					{

-				case 1:

-					dot = (e[0] == '.') ? 2 : 0;

-					break;

-				case 2:

-					dot = (e[0] == '.') ? 3 : 0;

-					break;

-				case 3:

-					dot = (e[0] == '/') ? -1 : 0;

-					break;

-					}

-				if (dot == 0)

-					dot = (e[0] == '/') ? 1 : 0;

-				}

-			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */

-			if (*e == '\0')

-				{

-				BIO_puts(io,text);

-				BIO_printf(io,"'%s' is an invalid file name\r\n",p);

-				break;

-				}

-			*e='\0';

-			if (dot)

-				{

-				BIO_puts(io,text);

-				BIO_printf(io,"'%s' contains '..' reference\r\n",p);

-				break;

-				}

-			if (*p == '/')

-				{

-				BIO_puts(io,text);

-				BIO_printf(io,"'%s' is an invalid path\r\n",p);

-				break;

-				}

-#if 0

-			/* append if a directory lookup */

-			if (e[-1] == '/')

-				strcat(p,"index.html");

-#endif

-			/* if a directory, do the index thang */

-			if (stat(p,&st_buf) < 0)

-				{

-				BIO_puts(io,text);

-				BIO_printf(io,"Error accessing '%s'\r\n",p);

-				ERR_print_errors(io);

-				break;

-				}

-			if (S_ISDIR(st_buf.st_mode))

-				{

-#if 0 /* must check buffer size */

-				strcat(p,"/index.html");

-#else

-				BIO_puts(io,text);

-				BIO_printf(io,"'%s' is a directory\r\n",p);

-				break;

-#endif

-				}

-			if ((file=BIO_new_file(p,"r")) == NULL)

-				{

-				BIO_puts(io,text);

-				BIO_printf(io,"Error opening '%s'\r\n",p);

-				ERR_print_errors(io);

-				break;

-				}

-			if (!s_quiet)

-				BIO_printf(bio_err,"FILE:%s\n",p);

-                        if (www == 2)

-                                {

-                                i=strlen(p);

-                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||

-                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||

-                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))

-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");

-                                else

-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");

-                                }

-			/* send the file */

-			total_bytes=0;

-			for (;;)

-				{

-				i=BIO_read(file,buf,bufsize);

-				if (i <= 0) break;

-#ifdef RENEG

-				total_bytes+=i;

-				fprintf(stderr,"%d\n",i);

-				if (total_bytes > 3*1024)

-					{

-					total_bytes=0;

-					fprintf(stderr,"RENEGOTIATE\n");

-					SSL_renegotiate(con);

-					}

-#endif

-				for (j=0; j<i; )

-					{

-#ifdef RENEG

-{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }

-#endif

-					k=BIO_write(io,&(buf[j]),i-j);

-					if (k <= 0)

-						{

-						if (!BIO_should_retry(io))

-							goto write_error;

-						else

-							{

-							BIO_printf(bio_s_out,"rwrite W BLOCK\n");

-							}

-						}

-					else

-						{

-						j+=k;

-						}

-					}

-				}

-write_error:

-			BIO_free(file);

-			break;

-			}

-		}

-	for (;;)

-		{

-		i=(int)BIO_flush(io);

-		if (i <= 0)

-			{

-			if (!BIO_should_retry(io))

-				break;

-			}

-		else

-			break;

-		}

-end:

-#if 1

-	/* make sure we re-use sessions */

-	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-#else

-	/* This kills performance */

-/*	SSL_shutdown(con); A shutdown gets sent in the

- *	BIO_free_all(io) procession */

-#endif

-err:

-	if (ret >= 0)

-		BIO_printf(bio_s_out,"ACCEPT\n");

-	if (buf != NULL) OPENSSL_free(buf);

-	if (io != NULL) BIO_free_all(io);

-/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/

-	return(ret);

-	}

-#ifndef OPENSSL_NO_RSA

-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)

-	{

-	BIGNUM *bn = NULL;

-	static RSA *rsa_tmp=NULL;

-	if (!rsa_tmp && ((bn = BN_new()) == NULL))

-		BIO_printf(bio_err,"Allocation error in generating RSA key\n");

-	if (!rsa_tmp && bn)

-		{

-		if (!s_quiet)

-			{

-			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);

-			(void)BIO_flush(bio_err);

-			}

-		if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||

-				!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))

-			{

-			if(rsa_tmp) RSA_free(rsa_tmp);

-			rsa_tmp = NULL;

-			}

-		if (!s_quiet)

-			{

-			BIO_printf(bio_err,"\n");

-			(void)BIO_flush(bio_err);

-			}

-		BN_free(bn);

-		}

-	return(rsa_tmp);

-	}

-#endif

-#define MAX_SESSION_ID_ATTEMPTS 10

-static int generate_session_id(const SSL *ssl, unsigned char *id,

-				unsigned int *id_len)

-	{

-	unsigned int count = 0;

-	do	{

-		RAND_pseudo_bytes(id, *id_len);

-		/* Prefix the session_id with the required prefix. NB: If our

-		 * prefix is too long, clip it - but there will be worse effects

-		 * anyway, eg. the server could only possibly create 1 session

-		 * ID (ie. the prefix!) so all future session negotiations will

-		 * fail due to conflicts. */

-		memcpy(id, session_id_prefix,

-			(strlen(session_id_prefix) < *id_len) ?

-			strlen(session_id_prefix) : *id_len);

-		}

-	while(SSL_has_matching_session_id(ssl, id, *id_len) &&

-		(++count < MAX_SESSION_ID_ATTEMPTS));

-	if(count >= MAX_SESSION_ID_ATTEMPTS)

-		return 0;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/apps/s_socket.c

+++ /dev/null

@@ -1,617 +1,0 @@

-/* apps/s_socket.c -  socket-related functions used by s_client and s_server */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include <signal.h>

-/* With IPv6, it looks like Digital has mixed up the proper order of

-   recursive header file inclusion, resulting in the compiler complaining

-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which

-   is needed to have fileno() declared correctly...  So let's define u_int */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)

-#define __U_INT

-typedef unsigned int u_int;

-#endif

-#define USE_SOCKETS

-#define NON_MAIN

-#include "apps.h"

-#undef USE_SOCKETS

-#undef NON_MAIN

-#include "s_apps.h"

-#include <openssl/ssl.h>

-#ifdef FLAT_INC

-#include "e_os.h"

-#else

-#include "../e_os.h"

-#endif

-#ifndef OPENSSL_NO_SOCK

-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)

-#include "netdb.h"

-#endif

-static struct hostent *GetHostByName(char *name);

-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))

-static void ssl_sock_cleanup(void);

-#endif

-static int ssl_sock_init(void);

-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);

-static int init_server(int *sock, int port, int type);

-static int init_server_long(int *sock, int port,char *ip, int type);

-static int do_accept(int acc_sock, int *sock, char **host);

-static int host_ip(char *str, unsigned char ip[4]);

-#ifdef OPENSSL_SYS_WIN16

-#define SOCKET_PROTOCOL	0 /* more microsoft stupidity */

-#else

-#define SOCKET_PROTOCOL	IPPROTO_TCP

-#endif

-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)

-static int wsa_init_done=0;

-#endif

-#ifdef OPENSSL_SYS_WINDOWS

-static struct WSAData wsa_state;

-static int wsa_init_done=0;

-#ifdef OPENSSL_SYS_WIN16

-static HWND topWnd=0;

-static FARPROC lpTopWndProc=NULL;

-static FARPROC lpTopHookProc=NULL;

-extern HINSTANCE _hInstance;  /* nice global CRT provides */

-static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,

-	     LPARAM lParam)

-	{

-	if (hwnd == topWnd)

-		{

-		switch(message)

-			{

-		case WM_DESTROY:

-		case WM_CLOSE:

-			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);

-			ssl_sock_cleanup();

-			break;

-			}

-		}

-	return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);

-	}

-static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)

-	{

-	topWnd=hwnd;

-	return(FALSE);

-	}

-#endif /* OPENSSL_SYS_WIN32 */

-#endif /* OPENSSL_SYS_WINDOWS */

-#ifdef OPENSSL_SYS_WINDOWS

-static void ssl_sock_cleanup(void)

-	{

-	if (wsa_init_done)

-		{

-		wsa_init_done=0;

-#ifndef OPENSSL_SYS_WINCE

-		WSACancelBlockingCall();

-#endif

-		WSACleanup();

-		}

-	}

-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)

-static void sock_cleanup(void)

-    {

-    if (wsa_init_done)

-        {

-        wsa_init_done=0;

-		WSACleanup();

-		}

-	}

-#endif

-static int ssl_sock_init(void)

-	{

-#ifdef WATT32

-	extern int _watt_do_exit;

-	_watt_do_exit = 0;

-	if (sock_init())

-		return (0);

-#elif defined(OPENSSL_SYS_WINDOWS)

-	if (!wsa_init_done)

-		{

-		int err;

-#ifdef SIGINT

-		signal(SIGINT,(void (*)(int))ssl_sock_cleanup);

-#endif

-		wsa_init_done=1;

-		memset(&wsa_state,0,sizeof(wsa_state));

-		if (WSAStartup(0x0101,&wsa_state)!=0)

-			{

-			err=WSAGetLastError();

-			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);

-			return(0);

-			}

-#ifdef OPENSSL_SYS_WIN16

-		EnumTaskWindows(GetCurrentTask(),enumproc,0L);

-		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);

-		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);

-		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);

-#endif /* OPENSSL_SYS_WIN16 */

-		}

-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)

-   WORD wVerReq;

-   WSADATA wsaData;

-   int err;

-   if (!wsa_init_done)

-      {

-# ifdef SIGINT

-      signal(SIGINT,(void (*)(int))sock_cleanup);

-# endif

-      wsa_init_done=1;

-      wVerReq = MAKEWORD( 2, 0 );

-      err = WSAStartup(wVerReq,&wsaData);

-      if (err != 0)

-         {

-         BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);

-         return(0);

-         }

-      }

-#endif /* OPENSSL_SYS_WINDOWS */

-	return(1);

-	}

-int init_client(int *sock, char *host, int port, int type)

-	{

-	unsigned char ip[4];

-	short p=0;

-	if (!host_ip(host,&(ip[0])))

-		{

-		return(0);

-		}

-	if (p != 0) port=p;

-	return(init_client_ip(sock,ip,port,type));

-	}

-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)

-	{

-	unsigned long addr;

-	struct sockaddr_in them;

-	int s,i;

-	if (!ssl_sock_init()) return(0);

-	memset((char *)&them,0,sizeof(them));

-	them.sin_family=AF_INET;

-	them.sin_port=htons((unsigned short)port);

-	addr=(unsigned long)

-		((unsigned long)ip[0]<<24L)|

-		((unsigned long)ip[1]<<16L)|

-		((unsigned long)ip[2]<< 8L)|

-		((unsigned long)ip[3]);

-	them.sin_addr.s_addr=htonl(addr);

-	if (type == SOCK_STREAM)

-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);

-	else /* ( type == SOCK_DGRAM) */

-		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);

-	if (s == INVALID_SOCKET) { perror("socket"); return(0); }

-#ifndef OPENSSL_SYS_MPE

-	if (type == SOCK_STREAM)

-		{

-		i=0;

-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));

-		if (i < 0) { perror("keepalive"); return(0); }

-		}

-#endif

-	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)

-		{ close(s); perror("connect"); return(0); }

-	*sock=s;

-	return(1);

-	}

-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)

-	{

-	int sock;

-	char *name = NULL;

-	int accept_socket;

-	int i;

-	if (!init_server(&accept_socket,port,type)) return(0);

-	if (ret != NULL)

-		{

-		*ret=accept_socket;

-		/* return(1);*/

-		}

-  	for (;;)

-  		{

-		if (type==SOCK_STREAM)

-			{

-			if (do_accept(accept_socket,&sock,&name) == 0)

-				{

-				SHUTDOWN(accept_socket);

-				return(0);

-				}

-			}

-		else

-			sock = accept_socket;

-		i=(*cb)(name,sock, context);

-		if (name != NULL) OPENSSL_free(name);

-		if (type==SOCK_STREAM)

-			SHUTDOWN2(sock);

-		if (i < 0)

-			{

-			SHUTDOWN2(accept_socket);

-			return(i);

-			}

-		}

-	}

-static int init_server_long(int *sock, int port, char *ip, int type)

-	{

-	int ret=0;

-	struct sockaddr_in server;

-	int s= -1,i;

-	if (!ssl_sock_init()) return(0);

-	memset((char *)&server,0,sizeof(server));

-	server.sin_family=AF_INET;

-	server.sin_port=htons((unsigned short)port);

-	if (ip == NULL)

-		server.sin_addr.s_addr=INADDR_ANY;

-	else

-/* Added for T3E, address-of fails on bit field ([email protected]) */

-#ifndef BIT_FIELD_LIMITS

-		memcpy(&server.sin_addr.s_addr,ip,4);

-#else

-		memcpy(&server.sin_addr,ip,4);

-#endif

-		if (type == SOCK_STREAM)

-			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);

-		else /* type == SOCK_DGRAM */

-			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);

-	if (s == INVALID_SOCKET) goto err;

-#if defined SOL_SOCKET && defined SO_REUSEADDR

-		{

-		int j = 1;

-		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,

-			   (void *) &j, sizeof j);

-		}

-#endif

-	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)

-		{

-#ifndef OPENSSL_SYS_WINDOWS

-		perror("bind");

-#endif

-		goto err;

-		}

-	/* Make it 128 for linux */

-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;

-	i=0;

-	*sock=s;

-	ret=1;

-err:

-	if ((ret == 0) && (s != -1))

-		{

-		SHUTDOWN(s);

-		}

-	return(ret);

-	}

-static int init_server(int *sock, int port, int type)

-	{

-	return(init_server_long(sock, port, NULL, type));

-	}

-static int do_accept(int acc_sock, int *sock, char **host)

-	{

-	int ret,i;

-	struct hostent *h1,*h2;

-	static struct sockaddr_in from;

-	int len;

-/*	struct linger ling; */

-	if (!ssl_sock_init()) return(0);

-#ifndef OPENSSL_SYS_WINDOWS

-redoit:

-#endif

-	memset((char *)&from,0,sizeof(from));

-	len=sizeof(from);

-	/* Note: under VMS with SOCKETSHR the fourth parameter is currently

-	 * of type (int *) whereas under other systems it is (void *) if

-	 * you don't have a cast it will choke the compiler: if you do

-	 * have a cast then you can either go for (int *) or (void *).

-	 */

-	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);

-	if (ret == INVALID_SOCKET)

-		{

-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))

-		i=WSAGetLastError();

-		BIO_printf(bio_err,"accept error %d\n",i);

-#else

-		if (errno == EINTR)

-			{

-			/*check_timeout(); */

-			goto redoit;

-			}

-		fprintf(stderr,"errno=%d ",errno);

-		perror("accept");

-#endif

-		return(0);

-		}

-/*

-	ling.l_onoff=1;

-	ling.l_linger=0;

-	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));

-	if (i < 0) { perror("linger"); return(0); }

-	i=0;

-	i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));

-	if (i < 0) { perror("keepalive"); return(0); }

-*/

-	if (host == NULL) goto end;

-#ifndef BIT_FIELD_LIMITS

-	/* I should use WSAAsyncGetHostByName() under windows */

-	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,

-		sizeof(from.sin_addr.s_addr),AF_INET);

-#else

-	h1=gethostbyaddr((char *)&from.sin_addr,

-		sizeof(struct in_addr),AF_INET);

-#endif

-	if (h1 == NULL)

-		{

-		BIO_printf(bio_err,"bad gethostbyaddr\n");

-		*host=NULL;

-		/* return(0); */

-		}

-	else

-		{

-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)

-			{

-			perror("OPENSSL_malloc");

-			return(0);

-			}

-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);

-		h2=GetHostByName(*host);

-		if (h2 == NULL)

-			{

-			BIO_printf(bio_err,"gethostbyname failure\n");

-			return(0);

-			}

-		i=0;

-		if (h2->h_addrtype != AF_INET)

-			{

-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");

-			return(0);

-			}

-		}

-end:

-	*sock=ret;

-	return(1);

-	}

-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

-	     short *port_ptr)

-	{

-	char *h,*p;

-	h=str;

-	p=strchr(str,':');

-	if (p == NULL)

-		{

-		BIO_printf(bio_err,"no port defined\n");

-		return(0);

-		}

-	*(p++)='\0';

-	if ((ip != NULL) && !host_ip(str,ip))

-		goto err;

-	if (host_ptr != NULL) *host_ptr=h;

-	if (!extract_port(p,port_ptr))

-		goto err;

-	return(1);

-err:

-	return(0);

-	}

-static int host_ip(char *str, unsigned char ip[4])

-	{

-	unsigned int in[4];

-	int i;

-	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)

-		{

-		for (i=0; i<4; i++)

-			if (in[i] > 255)

-				{

-				BIO_printf(bio_err,"invalid IP address\n");

-				goto err;

-				}

-		ip[0]=in[0];

-		ip[1]=in[1];

-		ip[2]=in[2];

-		ip[3]=in[3];

-		}

-	else

-		{ /* do a gethostbyname */

-		struct hostent *he;

-		if (!ssl_sock_init()) return(0);

-		he=GetHostByName(str);

-		if (he == NULL)

-			{

-			BIO_printf(bio_err,"gethostbyname failure\n");

-			goto err;

-			}

-		/* cast to short because of win16 winsock definition */

-		if ((short)he->h_addrtype != AF_INET)

-			{

-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");

-			return(0);

-			}

-		ip[0]=he->h_addr_list[0][0];

-		ip[1]=he->h_addr_list[0][1];

-		ip[2]=he->h_addr_list[0][2];

-		ip[3]=he->h_addr_list[0][3];

-		}

-	return(1);

-err:

-	return(0);

-	}

-int extract_port(char *str, short *port_ptr)

-	{

-	int i;

-	struct servent *s;

-	i=atoi(str);

-	if (i != 0)

-		*port_ptr=(unsigned short)i;

-	else

-		{

-		s=getservbyname(str,"tcp");

-		if (s == NULL)

-			{

-			BIO_printf(bio_err,"getservbyname failure for %s\n",str);

-			return(0);

-			}

-		*port_ptr=ntohs((unsigned short)s->s_port);

-		}

-	return(1);

-	}

-#define GHBN_NUM	4

-static struct ghbn_cache_st

-	{

-	char name[128];

-	struct hostent ent;

-	unsigned long order;

-	} ghbn_cache[GHBN_NUM];

-static unsigned long ghbn_hits=0L;

-static unsigned long ghbn_miss=0L;

-static struct hostent *GetHostByName(char *name)

-	{

-	struct hostent *ret;

-	int i,lowi=0;

-	unsigned long low= (unsigned long)-1;

-	for (i=0; i<GHBN_NUM; i++)

-		{

-		if (low > ghbn_cache[i].order)

-			{

-			low=ghbn_cache[i].order;

-			lowi=i;

-			}

-		if (ghbn_cache[i].order > 0)

-			{

-			if (strncmp(name,ghbn_cache[i].name,128) == 0)

-				break;

-			}

-		}

-	if (i == GHBN_NUM) /* no hit*/

-		{

-		ghbn_miss++;

-		ret=gethostbyname(name);

-		if (ret == NULL) return(NULL);

-		/* else add to cache */

-		if(strlen(name) < sizeof ghbn_cache[0].name)

-			{

-			strcpy(ghbn_cache[lowi].name,name);

-			memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));

-			ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;

-			}

-		return(ret);

-		}

-	else

-		{

-		ghbn_hits++;

-		ret= &(ghbn_cache[i].ent);

-		ghbn_cache[i].order=ghbn_miss+ghbn_hits;

-		return(ret);

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/apps/s_time.c

+++ /dev/null

@@ -1,735 +1,0 @@

-/* apps/s_time.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define NO_SHUTDOWN

-/*-----------------------------------------

-   s_time - SSL client connection timer program

-   Written and donated by Larry Streepy <[email protected]>

-  -----------------------------------------*/

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#define USE_SOCKETS

-#include "apps.h"

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include <openssl/pem.h>

-#include "s_apps.h"

-#include <openssl/err.h>

-#ifdef WIN32_STUFF

-#include "winmain.h"

-#include "wintext.h"

-#endif

-#if !defined(OPENSSL_SYS_MSDOS)

-#include OPENSSL_UNISTD

-#endif

-#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))

-#define TIMES

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-/* The following if from times(3) man page.  It may need to be changed

-*/

-#ifndef HZ

-# ifdef _SC_CLK_TCK

-#  define HZ ((double)sysconf(_SC_CLK_TCK))

-# else

-#  ifndef CLK_TCK

-#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */

-#    define HZ	100.0

-#   else /* _BSD_CLK_TCK_ */

-#    define HZ ((double)_BSD_CLK_TCK_)

-#   endif

-#  else /* CLK_TCK */

-#   define HZ ((double)CLK_TCK)

-#  endif

-# endif

-#endif

-#undef PROG

-#define PROG s_time_main

-#undef ioctl

-#define ioctl ioctlsocket

-#define SSL_CONNECT_NAME	"localhost:4433"

-/*#define TEST_CERT "client.pem" */ /* no default cert. */

-#undef BUFSIZZ

-#define BUFSIZZ 1024*10

-#define MYBUFSIZ 1024*8

-#undef min

-#undef max

-#define min(a,b) (((a) < (b)) ? (a) : (b))

-#define max(a,b) (((a) > (b)) ? (a) : (b))

-#undef SECONDS

-#define SECONDS	30

-extern int verify_depth;

-extern int verify_error;

-static void s_time_usage(void);

-static int parseArgs( int argc, char **argv );

-static SSL *doConnection( SSL *scon );

-static void s_time_init(void);

-/***********************************************************************

- * Static data declarations

- */

-/* static char *port=PORT_STR;*/

-static char *host=SSL_CONNECT_NAME;

-static char *t_cert_file=NULL;

-static char *t_key_file=NULL;

-static char *CApath=NULL;

-static char *CAfile=NULL;

-static char *tm_cipher=NULL;

-static int tm_verify = SSL_VERIFY_NONE;

-static int maxTime = SECONDS;

-static SSL_CTX *tm_ctx=NULL;

-static SSL_METHOD *s_time_meth=NULL;

-static char *s_www_path=NULL;

-static long bytes_read=0;

-static int st_bugs=0;

-static int perform=0;

-#ifdef FIONBIO

-static int t_nbio=0;

-#endif

-#ifdef OPENSSL_SYS_WIN32

-static int exitNow = 0;		/* Set when it's time to exit main */

-#endif

-static void s_time_init(void)

-	{

-	host=SSL_CONNECT_NAME;

-	t_cert_file=NULL;

-	t_key_file=NULL;

-	CApath=NULL;

-	CAfile=NULL;

-	tm_cipher=NULL;

-	tm_verify = SSL_VERIFY_NONE;

-	maxTime = SECONDS;

-	tm_ctx=NULL;

-	s_time_meth=NULL;

-	s_www_path=NULL;

-	bytes_read=0;

-	st_bugs=0;

-	perform=0;

-#ifdef FIONBIO

-	t_nbio=0;

-#endif

-#ifdef OPENSSL_SYS_WIN32

-	exitNow = 0;		/* Set when it's time to exit main */

-#endif

-	}

-/***********************************************************************

- * usage - display usage message

- */

-static void s_time_usage(void)

-{

-	static char umsg[] = "\

--time arg     - max number of seconds to collect data, default %d\n\

--verify arg   - turn on peer certificate verification, arg == depth\n\

--cert arg     - certificate file to use, PEM format assumed\n\

--key arg      - RSA file to use, PEM format assumed, key is in cert file\n\

-                file if not specified by this option\n\

--CApath arg   - PEM format directory of CA's\n\

--CAfile arg   - PEM format file of CA's\n\

--cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";

-	printf( "usage: s_time <args>\n\n" );

-	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);

-#ifdef FIONBIO

-	printf("-nbio         - Run with non-blocking IO\n");

-	printf("-ssl2         - Just use SSLv2\n");

-	printf("-ssl3         - Just use SSLv3\n");

-	printf("-bugs         - Turn on SSL bug compatibility\n");

-	printf("-new          - Just time new connections\n");

-	printf("-reuse        - Just time connection reuse\n");

-	printf("-www page     - Retrieve 'page' from the site\n");

-#endif

-	printf( umsg,SECONDS );

-}

-/***********************************************************************

- * parseArgs - Parse command line arguments and initialize data

- *

- * Returns 0 if ok, -1 on bad args

- */

-static int parseArgs(int argc, char **argv)

-{

-    int badop = 0;

-    verify_depth=0;

-    verify_error=X509_V_OK;

-    argc--;

-    argv++;

-    while (argc >= 1) {

-	if (strcmp(*argv,"-connect") == 0)

-		{

-		if (--argc < 1) goto bad;

-		host= *(++argv);

-		}

-#if 0

-	else if( strcmp(*argv,"-host") == 0)

-		{

-		if (--argc < 1) goto bad;

-		host= *(++argv);

-		}

-	else if( strcmp(*argv,"-port") == 0)

-		{

-		if (--argc < 1) goto bad;

-		port= *(++argv);

-		}

-#endif

-	else if (strcmp(*argv,"-reuse") == 0)

-		perform=2;

-	else if (strcmp(*argv,"-new") == 0)

-		perform=1;

-	else if( strcmp(*argv,"-verify") == 0) {

-	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;

-	    if (--argc < 1) goto bad;

-	    verify_depth=atoi(*(++argv));

-	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

-	} else if( strcmp(*argv,"-cert") == 0) {

-	    if (--argc < 1) goto bad;

-	    t_cert_file= *(++argv);

-	} else if( strcmp(*argv,"-key") == 0) {

-	    if (--argc < 1) goto bad;

-	    t_key_file= *(++argv);

-	} else if( strcmp(*argv,"-CApath") == 0) {

-	    if (--argc < 1) goto bad;

-	    CApath= *(++argv);

-	} else if( strcmp(*argv,"-CAfile") == 0) {

-	    if (--argc < 1) goto bad;

-	    CAfile= *(++argv);

-	} else if( strcmp(*argv,"-cipher") == 0) {

-	    if (--argc < 1) goto bad;

-	    tm_cipher= *(++argv);

-	}

-#ifdef FIONBIO

-	else if(strcmp(*argv,"-nbio") == 0) {

-	    t_nbio=1;

-	}

-#endif

-	else if(strcmp(*argv,"-www") == 0)

-		{

-		if (--argc < 1) goto bad;

-		s_www_path= *(++argv);

-		if(strlen(s_www_path) > MYBUFSIZ-100)

-			{

-			BIO_printf(bio_err,"-www option too long\n");

-			badop=1;

-			}

-		}

-	else if(strcmp(*argv,"-bugs") == 0)

-	    st_bugs=1;

-#ifndef OPENSSL_NO_SSL2

-	else if(strcmp(*argv,"-ssl2") == 0)

-	    s_time_meth=SSLv2_client_method();

-#endif

-#ifndef OPENSSL_NO_SSL3

-	else if(strcmp(*argv,"-ssl3") == 0)

-	    s_time_meth=SSLv3_client_method();

-#endif

-	else if( strcmp(*argv,"-time") == 0) {

-	    if (--argc < 1) goto bad;

-	    maxTime= atoi(*(++argv));

-	}

-	else {

-	    BIO_printf(bio_err,"unknown option %s\n",*argv);

-	    badop=1;

-	    break;

-	}

-	argc--;

-	argv++;

-    }

-    if (perform == 0) perform=3;

-    if(badop) {

-bad:

-		s_time_usage();

-		return -1;

-    }

-	return 0;			/* Valid args */

-}

-/***********************************************************************

- * TIME - time functions

- */

-#define START	0

-#define STOP	1

-static double tm_Time_F(int s)

-	{

-	static double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if(s == START) {

-		times(&tstart);

-		return(0);

-	} else {

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-	}

-#elif defined(OPENSSL_SYS_NETWARE)

-    static clock_t tstart,tend;

-    if (s == START)

-    {

-        tstart=clock();

-        return(0);

-    }

-    else

-    {

-        tend=clock();

-        ret=(double)((double)(tend)-(double)(tstart));

-        return((ret < 0.001)?0.001:ret);

-    }

-#elif defined(OPENSSL_SYS_VXWORKS)

-        {

-	static unsigned long tick_start, tick_end;

-	if( s == START )

-		{

-		tick_start = tickGet();

-		return 0;

-		}

-	else

-		{

-		tick_end = tickGet();

-		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();

-		return((ret == 0.0)?1e-6:ret);

-		}

-        }

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if(s == START) {

-		ftime(&tstart);

-		return(0);

-	} else {

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-		return((ret == 0.0)?1e-6:ret);

-	}

-#endif

-}

-/***********************************************************************

- * MAIN - main processing area for client

- *			real name depends on MONOLITH

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	double totalTime = 0.0;

-	int nConn = 0;

-	SSL *scon=NULL;

-	long finishtime=0;

-	int ret=1,i;

-	MS_STATIC char buf[1024*8];

-	int ver;

-	apps_startup();

-	s_time_init();

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-	s_time_meth=SSLv23_client_method();

-#elif !defined(OPENSSL_NO_SSL3)

-	s_time_meth=SSLv3_client_method();

-#elif !defined(OPENSSL_NO_SSL2)

-	s_time_meth=SSLv2_client_method();

-#endif

-	/* parse the command line arguments */

-	if( parseArgs( argc, argv ) < 0 )

-		goto end;

-	OpenSSL_add_ssl_algorithms();

-	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);

-	SSL_CTX_set_quiet_shutdown(tm_ctx,1);

-	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);

-	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);

-	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))

-		goto end;

-	SSL_load_error_strings();

-	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(tm_ctx)))

-		{

-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */

-		ERR_print_errors(bio_err);

-		/* goto end; */

-		}

-	if (tm_cipher == NULL)

-		tm_cipher = getenv("SSL_CIPHER");

-	if (tm_cipher == NULL ) {

-		fprintf( stderr, "No CIPHER specified\n" );

-	}

-	if (!(perform & 1)) goto next;

-	printf( "Collecting connection statistics for %d seconds\n", maxTime );

-	/* Loop and time how long it takes to make connections */

-	bytes_read=0;

-	finishtime=(long)time(NULL)+maxTime;

-	tm_Time_F(START);

-	for (;;)

-		{

-		if (finishtime < (long)time(NULL)) break;

-#ifdef WIN32_STUFF

-		if( flushWinMsgs(0) == -1 )

-			goto end;

-		if( waitingToDie || exitNow )		/* we're dead */

-			goto end;

-#endif

-		if( (scon = doConnection( NULL )) == NULL )

-			goto end;

-		if (s_www_path != NULL)

-			{

-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);

-			SSL_write(scon,buf,strlen(buf));

-			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)

-				bytes_read+=i;

-			}

-#ifdef NO_SHUTDOWN

-		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-#else

-		SSL_shutdown(scon);

-#endif

-		SHUTDOWN2(SSL_get_fd(scon));

-		nConn += 1;

-		if (SSL_session_reused(scon))

-			ver='r';

-		else

-			{

-			ver=SSL_version(scon);

-			if (ver == TLS1_VERSION)

-				ver='t';

-			else if (ver == SSL3_VERSION)

-				ver='3';

-			else if (ver == SSL2_VERSION)

-				ver='2';

-			else

-				ver='*';

-			}

-		fputc(ver,stdout);

-		fflush(stdout);

-		SSL_free( scon );

-		scon=NULL;

-		}

-	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */

-	i=(int)((long)time(NULL)-finishtime+maxTime);

-	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);

-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);

-	/* Now loop and time connections using the same session id over and over */

-next:

-	if (!(perform & 2)) goto end;

-	printf( "\n\nNow timing with session id reuse.\n" );

-	/* Get an SSL object so we can reuse the session id */

-	if( (scon = doConnection( NULL )) == NULL )

-		{

-		fprintf( stderr, "Unable to get connection\n" );

-		goto end;

-		}

-	if (s_www_path != NULL)

-		{

-		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);

-		SSL_write(scon,buf,strlen(buf));

-		while (SSL_read(scon,buf,sizeof(buf)) > 0)

-			;

-		}

-#ifdef NO_SHUTDOWN

-	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-#else

-	SSL_shutdown(scon);

-#endif

-	SHUTDOWN2(SSL_get_fd(scon));

-	nConn = 0;

-	totalTime = 0.0;

-	finishtime=(long)time(NULL)+maxTime;

-	printf( "starting\n" );

-	bytes_read=0;

-	tm_Time_F(START);

-	for (;;)

-		{

-		if (finishtime < (long)time(NULL)) break;

-#ifdef WIN32_STUFF

-		if( flushWinMsgs(0) == -1 )

-			goto end;

-		if( waitingToDie || exitNow )	/* we're dead */

-			goto end;

-#endif

-	 	if( (doConnection( scon )) == NULL )

-			goto end;

-		if (s_www_path)

-			{

-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);

-			SSL_write(scon,buf,strlen(buf));

-			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)

-				bytes_read+=i;

-			}

-#ifdef NO_SHUTDOWN

-		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-#else

-		SSL_shutdown(scon);

-#endif

-		SHUTDOWN2(SSL_get_fd(scon));

-		nConn += 1;

-		if (SSL_session_reused(scon))

-			ver='r';

-		else

-			{

-			ver=SSL_version(scon);

-			if (ver == TLS1_VERSION)

-				ver='t';

-			else if (ver == SSL3_VERSION)

-				ver='3';

-			else if (ver == SSL2_VERSION)

-				ver='2';

-			else

-				ver='*';

-			}

-		fputc(ver,stdout);

-		fflush(stdout);

-		}

-	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/

-	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);

-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);

-	ret=0;

-end:

-	if (scon != NULL) SSL_free(scon);

-	if (tm_ctx != NULL)

-		{

-		SSL_CTX_free(tm_ctx);

-		tm_ctx=NULL;

-		}

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-/***********************************************************************

- * doConnection - make a connection

- * Args:

- *		scon	= earlier ssl connection for session id, or NULL

- * Returns:

- *		SSL *	= the connection pointer.

- */

-static SSL *doConnection(SSL *scon)

-	{

-	BIO *conn;

-	SSL *serverCon;

-	int width, i;

-	fd_set readfds;

-	if ((conn=BIO_new(BIO_s_connect())) == NULL)

-		return(NULL);

-/*	BIO_set_conn_port(conn,port);*/

-	BIO_set_conn_hostname(conn,host);

-	if (scon == NULL)

-		serverCon=SSL_new(tm_ctx);

-	else

-		{

-		serverCon=scon;

-		SSL_set_connect_state(serverCon);

-		}

-	SSL_set_bio(serverCon,conn,conn);

-#if 0

-	if( scon != NULL )

-		SSL_set_session(serverCon,SSL_get_session(scon));

-#endif

-	/* ok, lets connect */

-	for(;;) {

-		i=SSL_connect(serverCon);

-		if (BIO_sock_should_retry(i))

-			{

-			BIO_printf(bio_err,"DELAY\n");

-			i=SSL_get_fd(serverCon);

-			width=i+1;

-			FD_ZERO(&readfds);

-			FD_SET(i,&readfds);

-			/* Note: under VMS with SOCKETSHR the 2nd parameter

-			 * is currently of type (int *) whereas under other

-			 * systems it is (void *) if you don't have a cast it

-			 * will choke the compiler: if you do have a cast then

-			 * you can either go for (int *) or (void *).

-			 */

-			select(width,(void *)&readfds,NULL,NULL,NULL);

-			continue;

-			}

-		break;

-		}

-	if(i <= 0)

-		{

-		BIO_printf(bio_err,"ERROR\n");

-		if (verify_error != X509_V_OK)

-			BIO_printf(bio_err,"verify error:%s\n",

-				X509_verify_cert_error_string(verify_error));

-		else

-			ERR_print_errors(bio_err);

-		if (scon == NULL)

-			SSL_free(serverCon);

-		return NULL;

-		}

-	return serverCon;

-	}

--- a/sys/src/ape/lib/openssl/apps/server.pem

+++ /dev/null

@@ -1,369 +1,0 @@

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

-subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)

------BEGIN CERTIFICATE-----

-MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD

-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0

-MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG

-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl

-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP

-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//

-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4

-GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM

-k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz

-itAE+OjGF+PFKbwX8Q==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu

-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj

-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz

-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b

-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA

-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=

------END RSA PRIVATE KEY-----

-subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA

-issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA

-notBefore=950413210656Z

-notAfter =970412210656Z

------BEGIN X509 CERTIFICATE-----

-MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV

-BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS

-ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ

-BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD

-VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA

-MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR

-3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM

-YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI

-hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5

-dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/

-zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=

------END X509 CERTIFICATE-----

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

------BEGIN CERTIFICATE-----

-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD

-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw

-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY

-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0

-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ

-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv

-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2

-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v

-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4

-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA

-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425

-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd

-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB

-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6

-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2

-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs

-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL

-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s

-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz

-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa

-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb

-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2

-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ

------END RSA PRIVATE KEY-----

------BEGIN X509 CERTIFICATE-----

-MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT

-LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ

-MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls

-b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG

-EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk

-bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL

-ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb

-hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/

-ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb

-bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3

-fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX

-R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR

-Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK

------END X509 CERTIFICATE-----

------BEGIN X509 CERTIFICATE-----

-MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK

-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x

-GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp

-bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE

-BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ

-BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+

-ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw

-ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI

-H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z

-WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE

-MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM

-LC7obsrHD8XAHG+ZRG==

------END X509 CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM

-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT

-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx

-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv

-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB

-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt

-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw

-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd

-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G

-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8

-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi

-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA

-S7ELuYGtmYgYm9NZOIr7yU0=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG

-A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0

-aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB

-LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB

-gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu

-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu

-dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD

-SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL

-bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a

-OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW

-GJNMJ4L0AJ/ac+SmHZc=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN

-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w

-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0

-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL

-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls

-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww

-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL

-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc

-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0

-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq

-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF

-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W

-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==

------END CERTIFICATE-----

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

------BEGIN CERTIFICATE-----

-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD

-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw

-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY

-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy

-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg

-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp

-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y

-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S

-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9

-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO

-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg

-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ

-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB

-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc

-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz

-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7

-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD

-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS

-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj

-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG

-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL

-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q

-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=

------END RSA PRIVATE KEY-----

-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority

-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority

-notBefore=941104185834Z

-notAfter =991103185834Z

------BEGIN X509 CERTIFICATE-----

-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw

-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy

-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05

-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT

-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u

-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o

-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/

-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE

-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j

-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI

-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb

-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=

------END X509 CERTIFICATE-----

-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-notBefore=941109235417Z

-notAfter =991231235417Z

------BEGIN X509 CERTIFICATE-----

-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw

-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl

-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda

-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0

-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB

-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12

-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc

-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A

-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7

-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h

-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=

------END X509 CERTIFICATE-----

-subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc

-	/OU=Certification Services Division/CN=Thawte Server CA

-	/[email protected]

-issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc

-	/OU=Certification Services Division/CN=Thawte Server CA

-	/[email protected]

------BEGIN CERTIFICATE-----

-MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD

-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU

-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy

-dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq

-hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1

-N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0

-ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv

-bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2

-aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW

-F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB

-iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1

-Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A

-KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG

-SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX

-7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM

-qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD

-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU

-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy

-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD

-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05

-NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG

-A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT

-FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl

-cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg

-Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w

-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c

-G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU

-c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH

-jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR

-w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2

-GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK

-3VZdLbCVIhNoEsysrxCpxcI=

------END CERTIFICATE-----

-Tims test GCI CA

------BEGIN CERTIFICATE-----

-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD

-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow

-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC

-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl

-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN

-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw

-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF

-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA

-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O

-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB

-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1

-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH

-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT

-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta

-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ

-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR

-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG

-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4

-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0

-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh

-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda

-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W

-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu

-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2

-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j

-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari

-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG

-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C

-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW

-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA

------END CERTIFICATE-----

- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber

- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber

------BEGIN CERTIFICATE-----

-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw

-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw

-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp

-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI

-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp

-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG

-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb

-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp

-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv

-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg

-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg

-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv

-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg

-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ

-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv

-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v

-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw

-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS

-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ

-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w

-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU

-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs

-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq

-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB

-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=

------END CERTIFICATE-----

- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

------BEGIN CERTIFICATE-----

-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw

-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg

-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa

-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln

-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ

-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma

-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga

-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF

-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ

-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6

-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==

------END CERTIFICATE-----

- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority

- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority

------BEGIN CERTIFICATE-----

-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw

-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg

-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa

-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln

-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1

-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj

-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd

-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF

-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ

-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am

-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/server.srl

+++ /dev/null

@@ -1,1 +1,0 @@

-01

--- a/sys/src/ape/lib/openssl/apps/server2.pem

+++ /dev/null

@@ -1,376 +1,0 @@

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)

------BEGIN CERTIFICATE-----

-MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD

-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5

-MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG

-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl

-cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm

-RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa

-6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf

-JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB

-gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6

-dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh

-8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV

-S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP

-pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB

-AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0

-dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY

-bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E

-Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq

-zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM

-6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf

-QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD

-dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M

-0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv

-nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==

------END RSA PRIVATE KEY-----

-subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA

-issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA

-notBefore=950413210656Z

-notAfter =970412210656Z

------BEGIN X509 CERTIFICATE-----

-MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV

-BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS

-ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ

-BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD

-VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA

-MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR

-3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM

-YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI

-hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5

-dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/

-zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=

------END X509 CERTIFICATE-----

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

------BEGIN CERTIFICATE-----

-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD

-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw

-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY

-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0

-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ

-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv

-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2

-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v

-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4

-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA

-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425

-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd

-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB

-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6

-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2

-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs

-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL

-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s

-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz

-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa

-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb

-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2

-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ

------END RSA PRIVATE KEY-----

------BEGIN X509 CERTIFICATE-----

-MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT

-LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ

-MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls

-b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG

-EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk

-bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL

-ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb

-hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/

-ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb

-bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3

-fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX

-R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR

-Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK

------END X509 CERTIFICATE-----

------BEGIN X509 CERTIFICATE-----

-MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK

-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x

-GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp

-bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE

-BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ

-BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+

-ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw

-ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI

-H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z

-WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE

-MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM

-LC7obsrHD8XAHG+ZRG==

------END X509 CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM

-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT

-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx

-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv

-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB

-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt

-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw

-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd

-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G

-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8

-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi

-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA

-S7ELuYGtmYgYm9NZOIr7yU0=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG

-A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0

-aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB

-LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB

-gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu

-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu

-dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD

-SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL

-bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a

-OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW

-GJNMJ4L0AJ/ac+SmHZc=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN

-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w

-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0

-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL

-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls

-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww

-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL

-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc

-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0

-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq

-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF

-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W

-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==

------END CERTIFICATE-----

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

------BEGIN CERTIFICATE-----

-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD

-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw

-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY

-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy

-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg

-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp

-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y

-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S

-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9

-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO

-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg

-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ

-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB

-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc

-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz

-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7

-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD

-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS

-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj

-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG

-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL

-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q

-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=

------END RSA PRIVATE KEY-----

-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority

-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority

-notBefore=941104185834Z

-notAfter =991103185834Z

------BEGIN X509 CERTIFICATE-----

-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw

-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy

-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05

-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT

-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u

-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o

-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/

-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE

-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j

-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI

-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb

-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=

------END X509 CERTIFICATE-----

-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-notBefore=941109235417Z

-notAfter =991231235417Z

------BEGIN X509 CERTIFICATE-----

-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw

-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl

-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda

-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0

-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB

-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12

-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc

-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A

-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7

-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h

-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=

------END X509 CERTIFICATE-----

-subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc

-	/OU=Certification Services Division/CN=Thawte Server CA

-	/[email protected]

-issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc

-	/OU=Certification Services Division/CN=Thawte Server CA

-	/[email protected]

------BEGIN CERTIFICATE-----

-MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD

-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU

-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy

-dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq

-hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1

-N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0

-ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv

-bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2

-aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW

-F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB

-iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1

-Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A

-KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG

-SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX

-7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM

-qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD

-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU

-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy

-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD

-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05

-NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG

-A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT

-FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl

-cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg

-Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w

-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c

-G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU

-c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH

-jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR

-w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2

-GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK

-3VZdLbCVIhNoEsysrxCpxcI=

------END CERTIFICATE-----

-Tims test GCI CA

------BEGIN CERTIFICATE-----

-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD

-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow

-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC

-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl

-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN

-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw

-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF

-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA

-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O

-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB

-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1

-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH

-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT

-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta

-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ

-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR

-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG

-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4

-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=

------END CERTIFICATE-----

------BEGIN CERTIFICATE-----

-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0

-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh

-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda

-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W

-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu

-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2

-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j

-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari

-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG

-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C

-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW

-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA

------END CERTIFICATE-----

- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber

- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber

------BEGIN CERTIFICATE-----

-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw

-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw

-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp

-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI

-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp

-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG

-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb

-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp

-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv

-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg

-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg

-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv

-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg

-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ

-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv

-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v

-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw

-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS

-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ

-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w

-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU

-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs

-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq

-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB

-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=

------END CERTIFICATE-----

- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

------BEGIN CERTIFICATE-----

-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw

-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg

-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa

-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln

-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ

-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma

-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga

-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF

-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ

-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6

-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==

------END CERTIFICATE-----

- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority

- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority

------BEGIN CERTIFICATE-----

-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw

-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg

-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa

-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln

-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1

-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj

-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd

-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF

-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ

-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am

-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/sess_id.c

+++ /dev/null

@@ -1,320 +1,0 @@

-/* apps/sess_id.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#undef PROG

-#define PROG	sess_id_main

-static const char *sess_id_usage[]={

-"usage: sess_id args\n",

-"\n",

-" -inform arg     - input format - default PEM (DER or PEM)\n",

-" -outform arg    - output format - default PEM\n",

-" -in arg         - input file - default stdin\n",

-" -out arg        - output file - default stdout\n",

-" -text           - print ssl session id details\n",

-" -cert           - output certificate \n",

-" -noout          - no CRL output\n",

-" -context arg    - set the session ID context\n",

-NULL

-};

-static SSL_SESSION *load_sess_id(char *file, int format);

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	SSL_SESSION *x=NULL;

-	int ret=1,i,num,badops=0;

-	BIO *out=NULL;

-	int informat,outformat;

-	char *infile=NULL,*outfile=NULL,*context=NULL;

-	int cert=0,noout=0,text=0;

-	const char **pp;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	argc--;

-	argv++;

-	num=0;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-text") == 0)

-			text= ++num;

-		else if (strcmp(*argv,"-cert") == 0)

-			cert= ++num;

-		else if (strcmp(*argv,"-noout") == 0)

-			noout= ++num;

-		else if (strcmp(*argv,"-context") == 0)

-		    {

-		    if(--argc < 1) goto bad;

-		    context=*++argv;

-		    }

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		for (pp=sess_id_usage; (*pp != NULL); pp++)

-			BIO_printf(bio_err,"%s",*pp);

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	x=load_sess_id(infile,informat);

-	if (x == NULL) { goto end; }

-	if(context)

-	    {

-	    x->sid_ctx_length=strlen(context);

-	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)

-		{

-		BIO_printf(bio_err,"Context too long\n");

-		goto end;

-		}

-	    memcpy(x->sid_ctx,context,x->sid_ctx_length);

-	    }

-#ifdef undef

-	/* just testing for memory leaks :-) */

-	{

-	SSL_SESSION *s;

-	char buf[1024*10],*p;

-	int i;

-	s=SSL_SESSION_new();

-	p= &buf;

-	i=i2d_SSL_SESSION(x,&p);

-	p= &buf;

-	d2i_SSL_SESSION(&s,&p,(long)i);

-	p= &buf;

-	d2i_SSL_SESSION(&s,&p,(long)i);

-	p= &buf;

-	d2i_SSL_SESSION(&s,&p,(long)i);

-	SSL_SESSION_free(s);

-	}

-#endif

-	if (!noout || text)

-		{

-		out=BIO_new(BIO_s_file());

-		if (out == NULL)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (outfile == NULL)

-			{

-			BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			out = BIO_push(tmpbio, out);

-			}

-#endif

-			}

-		else

-			{

-			if (BIO_write_filename(out,outfile) <= 0)

-				{

-				perror(outfile);

-				goto end;

-				}

-			}

-		}

-	if (text)

-		{

-		SSL_SESSION_print(out,x);

-		if (cert)

-			{

-			if (x->peer == NULL)

-				BIO_puts(out,"No certificate present\n");

-			else

-				X509_print(out,x->peer);

-			}

-		}

-	if (!noout && !cert)

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=i2d_SSL_SESSION_bio(out,x);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_SSL_SESSION(out,x);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i) {

-			BIO_printf(bio_err,"unable to write SSL_SESSION\n");

-			goto end;

-			}

-		}

-	else if (!noout && (x->peer != NULL)) /* just print the certificate */

-		{

-		if 	(outformat == FORMAT_ASN1)

-			i=(int)i2d_X509_bio(out,x->peer);

-		else if (outformat == FORMAT_PEM)

-			i=PEM_write_bio_X509(out,x->peer);

-		else	{

-			BIO_printf(bio_err,"bad output format specified for outfile\n");

-			goto end;

-			}

-		if (!i) {

-			BIO_printf(bio_err,"unable to write X509\n");

-			goto end;

-			}

-		}

-	ret=0;

-end:

-	if (out != NULL) BIO_free_all(out);

-	if (x != NULL) SSL_SESSION_free(x);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static SSL_SESSION *load_sess_id(char *infile, int format)

-	{

-	SSL_SESSION *x=NULL;

-	BIO *in=NULL;

-	in=BIO_new(BIO_s_file());

-	if (in == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (infile == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,infile) <= 0)

-			{

-			perror(infile);

-			goto end;

-			}

-		}

-	if 	(format == FORMAT_ASN1)

-		x=d2i_SSL_SESSION_bio(in,NULL);

-	else if (format == FORMAT_PEM)

-		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);

-	else	{

-		BIO_printf(bio_err,"bad input format specified for input crl\n");

-		goto end;

-		}

-	if (x == NULL)

-		{

-		BIO_printf(bio_err,"unable to load SSL_SESSION\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-end:

-	if (in != NULL) BIO_free(in);

-	return(x);

-	}

--- a/sys/src/ape/lib/openssl/apps/set/set-g-ca.pem

+++ /dev/null

@@ -1,21 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw

-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx

-MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw

-MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ

-Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w

-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1

-6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub

-vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/

-SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG

-EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7

-aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2

-MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG

-SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5

-BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3

-Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn

-ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2

-AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR

-9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x

-a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/set/set-m-ca.pem

+++ /dev/null

@@ -1,21 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw

-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx

-MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw

-MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN

-Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w

-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO

-7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35

-FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn

-SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG

-EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7

-aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2

-MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG

-SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5

-BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3

-Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn

-ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W

-GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS

-EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/

-x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/set/set_b_ca.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw

-DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx

-ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC

-VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy

-b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02

-9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj

-ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L

-3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh

-J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv

-mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud

-EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud

-IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG

-jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3

-NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52

-ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3

-DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5

-43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI

-9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV

-VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe

-WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw

-lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/set/set_c_ca.pem

+++ /dev/null

@@ -1,21 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw

-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx

-MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw

-MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD

-Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w

-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc

-Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp

-pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H

-RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG

-EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7

-aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2

-MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG

-SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5

-BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3

-Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn

-ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ

-u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7

-XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr

-+IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/set/set_d_ct.pem

+++ /dev/null

@@ -1,21 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw

-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx

-NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw

-MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC

-cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl

-MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3

-DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM

-/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV

-HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx

-IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii

-NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw

-IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN

-BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE

-ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4

-MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0

-c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD

-mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P

-ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV

-UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/set/set_root.pem

+++ /dev/null

@@ -1,21 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw

-DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx

-ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC

-VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A

-MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE

-zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q

-rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe

-/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2

-g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb

-ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE

-AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1

-OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB

-Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea

-y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9

-vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ

-O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l

-DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY

-vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO

-bxCrVJLd8tu9WgA=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/apps/smime.c

+++ /dev/null

@@ -1,801 +1,0 @@

-/* smime.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* S/MIME utility function */

-#include <stdio.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/crypto.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include <openssl/x509_vfy.h>

-#include <openssl/x509v3.h>

-#undef PROG

-#define PROG smime_main

-static int save_certs(char *signerfile, STACK_OF(X509) *signers);

-static int smime_cb(int ok, X509_STORE_CTX *ctx);

-#define SMIME_OP	0x10

-#define SMIME_ENCRYPT	(1 | SMIME_OP)

-#define SMIME_DECRYPT	2

-#define SMIME_SIGN	(3 | SMIME_OP)

-#define SMIME_VERIFY	4

-#define SMIME_PK7OUT	5

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	int operation = 0;

-	int ret = 0;

-	char **args;

-	const char *inmode = "r", *outmode = "w";

-	char *infile = NULL, *outfile = NULL;

-	char *signerfile = NULL, *recipfile = NULL;

-	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;

-	const EVP_CIPHER *cipher = NULL;

-	PKCS7 *p7 = NULL;

-	X509_STORE *store = NULL;

-	X509 *cert = NULL, *recip = NULL, *signer = NULL;

-	EVP_PKEY *key = NULL;

-	STACK_OF(X509) *encerts = NULL, *other = NULL;

-	BIO *in = NULL, *out = NULL, *indata = NULL;

-	int badarg = 0;

-	int flags = PKCS7_DETACHED;

-	char *to = NULL, *from = NULL, *subject = NULL;

-	char *CAfile = NULL, *CApath = NULL;

-	char *passargin = NULL, *passin = NULL;

-	char *inrand = NULL;

-	int need_rand = 0;

-	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;

-        int keyform = FORMAT_PEM;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	X509_VERIFY_PARAM *vpm = NULL;

-	args = argv + 1;

-	ret = 1;

-	apps_startup();

-	if (bio_err == NULL)

-		{

-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);

-		}

-	if (!load_config(bio_err, NULL))

-		goto end;

-	while (!badarg && *args && *args[0] == '-')

-		{

-		if (!strcmp (*args, "-encrypt"))

-			operation = SMIME_ENCRYPT;

-		else if (!strcmp (*args, "-decrypt"))

-			operation = SMIME_DECRYPT;

-		else if (!strcmp (*args, "-sign"))

-			operation = SMIME_SIGN;

-		else if (!strcmp (*args, "-verify"))

-			operation = SMIME_VERIFY;

-		else if (!strcmp (*args, "-pk7out"))

-			operation = SMIME_PK7OUT;

-#ifndef OPENSSL_NO_DES

-		else if (!strcmp (*args, "-des3"))

-				cipher = EVP_des_ede3_cbc();

-		else if (!strcmp (*args, "-des"))

-				cipher = EVP_des_cbc();

-#endif

-#ifndef OPENSSL_NO_SEED

-		else if (!strcmp (*args, "-seed"))

-				cipher = EVP_seed_cbc();

-#endif

-#ifndef OPENSSL_NO_RC2

-		else if (!strcmp (*args, "-rc2-40"))

-				cipher = EVP_rc2_40_cbc();

-		else if (!strcmp (*args, "-rc2-128"))

-				cipher = EVP_rc2_cbc();

-		else if (!strcmp (*args, "-rc2-64"))

-				cipher = EVP_rc2_64_cbc();

-#endif

-#ifndef OPENSSL_NO_AES

-		else if (!strcmp(*args,"-aes128"))

-				cipher = EVP_aes_128_cbc();

-		else if (!strcmp(*args,"-aes192"))

-				cipher = EVP_aes_192_cbc();

-		else if (!strcmp(*args,"-aes256"))

-				cipher = EVP_aes_256_cbc();

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		else if (!strcmp(*args,"-camellia128"))

-				cipher = EVP_camellia_128_cbc();

-		else if (!strcmp(*args,"-camellia192"))

-				cipher = EVP_camellia_192_cbc();

-		else if (!strcmp(*args,"-camellia256"))

-				cipher = EVP_camellia_256_cbc();

-#endif

-		else if (!strcmp (*args, "-text"))

-				flags |= PKCS7_TEXT;

-		else if (!strcmp (*args, "-nointern"))

-				flags |= PKCS7_NOINTERN;

-		else if (!strcmp (*args, "-noverify"))

-				flags |= PKCS7_NOVERIFY;

-		else if (!strcmp (*args, "-nochain"))

-				flags |= PKCS7_NOCHAIN;

-		else if (!strcmp (*args, "-nocerts"))

-				flags |= PKCS7_NOCERTS;

-		else if (!strcmp (*args, "-noattr"))

-				flags |= PKCS7_NOATTR;

-		else if (!strcmp (*args, "-nodetach"))

-				flags &= ~PKCS7_DETACHED;

-		else if (!strcmp (*args, "-nosmimecap"))

-				flags |= PKCS7_NOSMIMECAP;

-		else if (!strcmp (*args, "-binary"))

-				flags |= PKCS7_BINARY;

-		else if (!strcmp (*args, "-nosigs"))

-				flags |= PKCS7_NOSIGS;

-		else if (!strcmp (*args, "-nooldmime"))

-				flags |= PKCS7_NOOLDMIMETYPE;

-		else if (!strcmp (*args, "-crlfeol"))

-				flags |= PKCS7_CRLFEOL;

-		else if (!strcmp(*args,"-rand"))

-			{

-			if (args[1])

-				{

-				args++;

-				inrand = *args;

-				}

-			else

-				badarg = 1;

-			need_rand = 1;

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (!strcmp(*args,"-engine"))

-			{

-			if (args[1])

-				{

-				args++;

-				engine = *args;

-				}

-			else badarg = 1;

-			}

-#endif

-		else if (!strcmp(*args,"-passin"))

-			{

-			if (args[1])

-				{

-				args++;

-				passargin = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-to"))

-			{

-			if (args[1])

-				{

-				args++;

-				to = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-from"))

-			{

-			if (args[1])

-				{

-				args++;

-				from = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-subject"))

-			{

-			if (args[1])

-				{

-				args++;

-				subject = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-signer"))

-			{

-			if (args[1])

-				{

-				args++;

-				signerfile = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-recip"))

-			{

-			if (args[1])

-				{

-				args++;

-				recipfile = *args;

-				}

-			else badarg = 1;

-			}

-		else if (!strcmp (*args, "-inkey"))

-			{

-			if (args[1])

-				{

-				args++;

-				keyfile = *args;

-				}

-			else

-				badarg = 1;

-		}

-		else if (!strcmp (*args, "-keyform"))

-			{

-			if (args[1])

-				{

-				args++;

-				keyform = str2fmt(*args);

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-certfile"))

-			{

-			if (args[1])

-				{

-				args++;

-				certfile = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-CAfile"))

-			{

-			if (args[1])

-				{

-				args++;

-				CAfile = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-CApath"))

-			{

-			if (args[1])

-				{

-				args++;

-				CApath = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-in"))

-			{

-			if (args[1])

-				{

-				args++;

-				infile = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-inform"))

-			{

-			if (args[1])

-				{

-				args++;

-				informat = str2fmt(*args);

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-outform"))

-			{

-			if (args[1])

-				{

-				args++;

-				outformat = str2fmt(*args);

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-out"))

-			{

-			if (args[1])

-				{

-				args++;

-				outfile = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (!strcmp (*args, "-content"))

-			{

-			if (args[1])

-				{

-				args++;

-				contfile = *args;

-				}

-			else

-				badarg = 1;

-			}

-		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))

-			continue;

-		else

-			badarg = 1;

-		args++;

-		}

-	if (operation == SMIME_SIGN)

-		{

-		if (!signerfile)

-			{

-			BIO_printf(bio_err, "No signer certificate specified\n");

-			badarg = 1;

-			}

-		need_rand = 1;

-		}

-	else if (operation == SMIME_DECRYPT)

-		{

-		if (!recipfile && !keyfile)

-			{

-			BIO_printf(bio_err, "No recipient certificate or key specified\n");

-			badarg = 1;

-			}

-		}

-	else if (operation == SMIME_ENCRYPT)

-		{

-		if (!*args)

-			{

-			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");

-			badarg = 1;

-			}

-		need_rand = 1;

-		}

-	else if (!operation)

-		badarg = 1;

-	if (badarg)

-		{

-		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");

-		BIO_printf (bio_err, "where options are\n");

-		BIO_printf (bio_err, "-encrypt       encrypt message\n");

-		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");

-		BIO_printf (bio_err, "-sign          sign message\n");

-		BIO_printf (bio_err, "-verify        verify signed message\n");

-		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");

-#ifndef OPENSSL_NO_DES

-		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");

-		BIO_printf (bio_err, "-des           encrypt with DES\n");

-#endif

-#ifndef OPENSSL_NO_SEED

-		BIO_printf (bio_err, "-seed          encrypt with SEED\n");

-#endif

-#ifndef OPENSSL_NO_RC2

-		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");

-		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");

-		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");

-#endif

-#ifndef OPENSSL_NO_AES

-		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");

-		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");

-		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");

-#endif

-		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");

-		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");

-		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");

-		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");

-		BIO_printf (bio_err, "-nodetach      use opaque signing\n");

-		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");

-		BIO_printf (bio_err, "-binary        don't translate message to text\n");

-		BIO_printf (bio_err, "-certfile file other certificates file\n");

-		BIO_printf (bio_err, "-signer file   signer certificate file\n");

-		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");

-		BIO_printf (bio_err, "-in file       input file\n");

-		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");

-		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");

-		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");

-		BIO_printf (bio_err, "-out file      output file\n");

-		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");

-		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");

-		BIO_printf (bio_err, "-to addr       to address\n");

-		BIO_printf (bio_err, "-from ad       from address\n");

-		BIO_printf (bio_err, "-subject s     subject\n");

-		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");

-		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");

-		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");

-		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");

-		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");

-#endif

-		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");

-		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

-		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");

-		BIO_printf(bio_err,  "               the random number generator\n");

-		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))

-		{

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-		}

-	if (need_rand)

-		{

-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));

-		if (inrand != NULL)

-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

-				app_RAND_load_files(inrand));

-		}

-	ret = 2;

-	if (operation != SMIME_SIGN)

-		flags &= ~PKCS7_DETACHED;

-	if (operation & SMIME_OP)

-		{

-		if (flags & PKCS7_BINARY)

-			inmode = "rb";

-		if (outformat == FORMAT_ASN1)

-			outmode = "wb";

-		}

-	else

-		{

-		if (flags & PKCS7_BINARY)

-			outmode = "wb";

-		if (informat == FORMAT_ASN1)

-			inmode = "rb";

-		}

-	if (operation == SMIME_ENCRYPT)

-		{

-		if (!cipher)

-			{

-#ifndef OPENSSL_NO_RC2

-			cipher = EVP_rc2_40_cbc();

-#else

-			BIO_printf(bio_err, "No cipher selected\n");

-			goto end;

-#endif

-			}

-		encerts = sk_X509_new_null();

-		while (*args)

-			{

-			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,

-				NULL, e, "recipient certificate file")))

-				{

-#if 0				/* An appropriate message is already printed */

-				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);

-#endif

-				goto end;

-				}

-			sk_X509_push(encerts, cert);

-			cert = NULL;

-			args++;

-			}

-		}

-	if (signerfile && (operation == SMIME_SIGN))

-		{

-		if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,

-			e, "signer certificate")))

-			{

-#if 0			/* An appropri message has already been printed */

-			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);

-#endif

-			goto end;

-			}

-		}

-	if (certfile)

-		{

-		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,

-			e, "certificate file")))

-			{

-#if 0			/* An appropriate message has already been printed */

-			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);

-#endif

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (recipfile && (operation == SMIME_DECRYPT))

-		{

-		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,

-			e, "recipient certificate file")))

-			{

-#if 0			/* An appropriate message has alrady been printed */

-			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);

-#endif

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (operation == SMIME_DECRYPT)

-		{

-		if (!keyfile)

-			keyfile = recipfile;

-		}

-	else if (operation == SMIME_SIGN)

-		{

-		if (!keyfile)

-			keyfile = signerfile;

-		}

-	else keyfile = NULL;

-	if (keyfile)

-		{

-		key = load_key(bio_err, keyfile, keyform, 0, passin, e,

-			       "signing key file");

-		if (!key)

-			goto end;

-		}

-	if (infile)

-		{

-		if (!(in = BIO_new_file(infile, inmode)))

-			{

-			BIO_printf (bio_err,

-				 "Can't open input file %s\n", infile);

-			goto end;

-			}

-		}

-	else

-		in = BIO_new_fp(stdin, BIO_NOCLOSE);

-	if (outfile)

-		{

-		if (!(out = BIO_new_file(outfile, outmode)))

-			{

-			BIO_printf (bio_err,

-				 "Can't open output file %s\n", outfile);

-			goto end;

-			}

-		}

-	else

-		{

-		out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		    out = BIO_push(tmpbio, out);

-		}

-#endif

-		}

-	if (operation == SMIME_VERIFY)

-		{

-		if (!(store = setup_verify(bio_err, CAfile, CApath)))

-			goto end;

-		X509_STORE_set_verify_cb_func(store, smime_cb);

-		if (vpm)

-			X509_STORE_set1_param(store, vpm);

-		}

-	ret = 3;

-	if (operation == SMIME_ENCRYPT)

-		p7 = PKCS7_encrypt(encerts, in, cipher, flags);

-	else if (operation == SMIME_SIGN)

-		{

-		/* If detached data and SMIME output enable partial

-		 * signing.

-		 */

-		if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))

-			flags |= PKCS7_STREAM;

-		p7 = PKCS7_sign(signer, key, other, in, flags);

-		}

-	else

-		{

-		if (informat == FORMAT_SMIME)

-			p7 = SMIME_read_PKCS7(in, &indata);

-		else if (informat == FORMAT_PEM)

-			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);

-		else if (informat == FORMAT_ASN1)

-			p7 = d2i_PKCS7_bio(in, NULL);

-		else

-			{

-			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");

-			goto end;

-			}

-		if (!p7)

-			{

-			BIO_printf(bio_err, "Error reading S/MIME message\n");

-			goto end;

-			}

-		if (contfile)

-			{

-			BIO_free(indata);

-			if (!(indata = BIO_new_file(contfile, "rb")))

-				{

-				BIO_printf(bio_err, "Can't read content file %s\n", contfile);

-				goto end;

-				}

-			}

-		}

-	if (!p7)

-		{

-		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");

-		goto end;

-		}

-	ret = 4;

-	if (operation == SMIME_DECRYPT)

-		{

-		if (!PKCS7_decrypt(p7, key, recip, out, flags))

-			{

-			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");

-			goto end;

-			}

-		}

-	else if (operation == SMIME_VERIFY)

-		{

-		STACK_OF(X509) *signers;

-		if (PKCS7_verify(p7, other, store, indata, out, flags))

-			BIO_printf(bio_err, "Verification successful\n");

-		else

-			{

-			BIO_printf(bio_err, "Verification failure\n");

-			goto end;

-			}

-		signers = PKCS7_get0_signers(p7, other, flags);

-		if (!save_certs(signerfile, signers))

-			{

-			BIO_printf(bio_err, "Error writing signers to %s\n",

-								signerfile);

-			ret = 5;

-			goto end;

-			}

-		sk_X509_free(signers);

-		}

-	else if (operation == SMIME_PK7OUT)

-		PEM_write_bio_PKCS7(out, p7);

-	else

-		{

-		if (to)

-			BIO_printf(out, "To: %s\n", to);

-		if (from)

-			BIO_printf(out, "From: %s\n", from);

-		if (subject)

-			BIO_printf(out, "Subject: %s\n", subject);

-		if (outformat == FORMAT_SMIME)

-			SMIME_write_PKCS7(out, p7, in, flags);

-		else if (outformat == FORMAT_PEM)

-			PEM_write_bio_PKCS7(out,p7);

-		else if (outformat == FORMAT_ASN1)

-			i2d_PKCS7_bio(out,p7);

-		else

-			{

-			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");

-			goto end;

-			}

-		}

-	ret = 0;

-end:

-	if (need_rand)

-		app_RAND_write_file(NULL, bio_err);

-	if (ret) ERR_print_errors(bio_err);

-	sk_X509_pop_free(encerts, X509_free);

-	sk_X509_pop_free(other, X509_free);

-	if (vpm)

-		X509_VERIFY_PARAM_free(vpm);

-	X509_STORE_free(store);

-	X509_free(cert);

-	X509_free(recip);

-	X509_free(signer);

-	EVP_PKEY_free(key);

-	PKCS7_free(p7);

-	BIO_free(in);

-	BIO_free(indata);

-	BIO_free_all(out);

-	if (passin) OPENSSL_free(passin);

-	return (ret);

-}

-static int save_certs(char *signerfile, STACK_OF(X509) *signers)

-	{

-	int i;

-	BIO *tmp;

-	if (!signerfile)

-		return 1;

-	tmp = BIO_new_file(signerfile, "w");

-	if (!tmp) return 0;

-	for(i = 0; i < sk_X509_num(signers); i++)

-		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));

-	BIO_free(tmp);

-	return 1;

-	}

-/* Minimal callback just to output policy info (if any) */

-static int smime_cb(int ok, X509_STORE_CTX *ctx)

-	{

-	int error;

-	error = X509_STORE_CTX_get_error(ctx);

-	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)

-		&& ((error != X509_V_OK) || (ok != 2)))

-		return ok;

-	policies_print(NULL, ctx);

-	return ok;

-	}

--- a/sys/src/ape/lib/openssl/apps/speed.c

+++ /dev/null

@@ -1,2929 +1,0 @@

-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The ECDH and ECDSA speed test software is originally written by

- * Sumit Gupta of Sun Microsystems Laboratories.

- *

- */

-/* most of this code has been pilfered from my libdes speed.c program */

-#ifndef OPENSSL_NO_SPEED

-#undef SECONDS

-#define SECONDS		3

-#define RSA_SECONDS	10

-#define DSA_SECONDS	10

-#define ECDSA_SECONDS   10

-#define ECDH_SECONDS    10

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#undef PROG

-#define PROG speed_main

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <math.h>

-#include "apps.h"

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#include <openssl/crypto.h>

-#include <openssl/rand.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#if !defined(OPENSSL_SYS_MSDOS)

-#include OPENSSL_UNISTD

-#endif

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)

-# define USE_TOD

-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))

-# define TIMES

-#endif

-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) && !defined(PLAN9) /* FIXME */

-# define TIMEB

-#endif

-#if defined(OPENSSL_SYS_NETWARE)

-#undef TIMES

-#undef TIMEB

-#include <time.h>

-#endif

-#ifndef _IRIX

-# include <time.h>

-#endif

-#ifdef TIMES

-# include <sys/types.h>

-# include <sys/times.h>

-#endif

-#ifdef USE_TOD

-# include <sys/time.h>

-# include <sys/resource.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifdef TIMEB

-#include <sys/timeb.h>

-#endif

-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)

-#error "It seems neither struct tms nor struct timeb is supported in this platform!"

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_DES

-#include <openssl/des.h>

-#endif

-#ifndef OPENSSL_NO_AES

-#include <openssl/aes.h>

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-#include <openssl/camellia.h>

-#endif

-#ifndef OPENSSL_NO_MD2

-#include <openssl/md2.h>

-#endif

-#ifndef OPENSSL_NO_MDC2

-#include <openssl/mdc2.h>

-#endif

-#ifndef OPENSSL_NO_MD4

-#include <openssl/md4.h>

-#endif

-#ifndef OPENSSL_NO_MD5

-#include <openssl/md5.h>

-#endif

-#ifndef OPENSSL_NO_HMAC

-#include <openssl/hmac.h>

-#endif

-#include <openssl/evp.h>

-#ifndef OPENSSL_NO_SHA

-#include <openssl/sha.h>

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-#include <openssl/ripemd.h>

-#endif

-#ifndef OPENSSL_NO_RC4

-#include <openssl/rc4.h>

-#endif

-#ifndef OPENSSL_NO_RC5

-#include <openssl/rc5.h>

-#endif

-#ifndef OPENSSL_NO_RC2

-#include <openssl/rc2.h>

-#endif

-#ifndef OPENSSL_NO_IDEA

-#include <openssl/idea.h>

-#endif

-#ifndef OPENSSL_NO_SEED

-#include <openssl/seed.h>

-#endif

-#ifndef OPENSSL_NO_BF

-#include <openssl/blowfish.h>

-#endif

-#ifndef OPENSSL_NO_CAST

-#include <openssl/cast.h>

-#endif

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#include "./testrsa.h"

-#endif

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#include "./testdsa.h"

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#include <openssl/ecdsa.h>

-#endif

-#ifndef OPENSSL_NO_ECDH

-#include <openssl/ecdh.h>

-#endif

-/*

- * The following "HZ" timing stuff should be sync'd up with the code in

- * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think

- * this code is more up to date than libcrypto's so there may be features to

- * migrate over first. This is used in two places further down AFAICS.

- * The point is that nothing in openssl actually *uses* that tmdiff stuff, so

- * either speed.c should be using it or it should go because it's obviously not

- * useful enough. Anyone want to do a janitorial job on this?

- */

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# if defined(_SC_CLK_TCK) \

-     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)

-#  define HZ sysconf(_SC_CLK_TCK)

-# else

-#  ifndef CLK_TCK

-#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */

-#    define HZ	100.0

-#   else /* _BSD_CLK_TCK_ */

-#    define HZ ((double)_BSD_CLK_TCK_)

-#   endif

-#  else /* CLK_TCK */

-#   define HZ ((double)CLK_TCK)

-#  endif

-# endif

-#endif

-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)

-# define HAVE_FORK 1

-#endif

-#undef BUFSIZE

-#define BUFSIZE	((long)1024*8+1)

-int run=0;

-static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;

-static int mr=0;

-static int usertime=1;

-static double Time_F(int s);

-static void print_message(const char *s,long num,int length);

-static void pkey_print_message(const char *str, const char *str2,

-	long num, int bits, int sec);

-static void print_result(int alg,int run_no,int count,double time_used);

-#ifdef HAVE_FORK

-static int do_multi(int multi);

-#endif

-#define ALGOR_NUM	28

-#define SIZE_NUM	5

-#define RSA_NUM		4

-#define DSA_NUM		3

-#define EC_NUM       16

-#define MAX_ECDH_SIZE 256

-static const char *names[ALGOR_NUM]={

-  "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",

-  "des cbc","des ede3","idea cbc","seed cbc",

-  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",

-  "aes-128 cbc","aes-192 cbc","aes-256 cbc",

-  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",

-  "evp","sha256","sha512",

-  "aes-128 ige","aes-192 ige","aes-256 ige"};

-static double results[ALGOR_NUM][SIZE_NUM];

-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};

-static double rsa_results[RSA_NUM][2];

-static double dsa_results[DSA_NUM][2];

-#ifndef OPENSSL_NO_ECDSA

-static double ecdsa_results[EC_NUM][2];

-#endif

-#ifndef OPENSSL_NO_ECDH

-static double ecdh_results[EC_NUM][1];

-#endif

-#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-static int rnd_fake = 0;

-#endif

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-static SIGRETTYPE sig_done(int sig);

-static SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-#if defined(OPENSSL_SYS_NETWARE)

-   /* for NetWare the best we can do is use clock() which returns the

-    * time, in hundredths of a second, since the NLM began executing

-   */

-static double Time_F(int s)

-	{

-	double ret;

-   static clock_t tstart,tend;

-   if (s == START)

-   {

-      tstart=clock();

-      return(0);

-   }

-   else

-   {

-      tend=clock();

-      ret=(double)((double)(tend)-(double)(tstart));

-      return((ret < 0.001)?0.001:ret);

-   }

-   }

-#else

-static double Time_F(int s)

-	{

-	double ret;

-#ifdef USE_TOD

-	if(usertime)

-		{

-		static struct rusage tstart,tend;

-		getrusage_used = 1;

-		if (s == START)

-			{

-			getrusage(RUSAGE_SELF,&tstart);

-			return(0);

-			}

-		else

-			{

-			long i;

-			getrusage(RUSAGE_SELF,&tend);

-			i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;

-			ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))

-			  +((double)i)/1000000.0;

-			return((ret < 0.001)?0.001:ret);

-			}

-		}

-	else

-		{

-		static struct timeval tstart,tend;

-		long i;

-		gettimeofday_used = 1;

-		if (s == START)

-			{

-			gettimeofday(&tstart,NULL);

-			return(0);

-			}

-		else

-			{

-			gettimeofday(&tend,NULL);

-			i=(long)tend.tv_usec-(long)tstart.tv_usec;

-			ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;

-			return((ret < 0.001)?0.001:ret);

-			}

-		}

-#else  /* ndef USE_TOD */

-# ifdef TIMES

-	if (usertime)

-		{

-		static struct tms tstart,tend;

-		times_used = 1;

-		if (s == START)

-			{

-			times(&tstart);

-			return(0);

-			}

-		else

-			{

-			times(&tend);

-			ret = HZ;

-			ret=(double)(tend.tms_utime-tstart.tms_utime) / ret;

-			return((ret < 1e-3)?1e-3:ret);

-			}

-		}

-# endif /* times() */

-# if defined(TIMES) && defined(TIMEB)

-	else

-# endif

-# ifdef OPENSSL_SYS_VXWORKS

-                {

-		static unsigned long tick_start, tick_end;

-		if( s == START )

-			{

-			tick_start = tickGet();

-			return 0;

-			}

-		else

-			{

-			tick_end = tickGet();

-			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();

-			return((ret < 0.001)?0.001:ret);

-			}

-                }

-# elif defined(TIMEB)

-		{

-		static struct timeb tstart,tend;

-		long i;

-		ftime_used = 1;

-		if (s == START)

-			{

-			ftime(&tstart);

-			return(0);

-			}

-		else

-			{

-			ftime(&tend);

-			i=(long)tend.millitm-(long)tstart.millitm;

-			ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-			return((ret < 0.001)?0.001:ret);

-			}

-		}

-# endif

-#endif

-		return 0;

-	}

-#endif /* if defined(OPENSSL_SYS_NETWARE) */

-#ifndef OPENSSL_NO_ECDH

-static const int KDF1_SHA1_len = 20;

-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)

-	{

-#ifndef OPENSSL_NO_SHA

-	if (*outlen < SHA_DIGEST_LENGTH)

-		return NULL;

-	else

-		*outlen = SHA_DIGEST_LENGTH;

-	return SHA1(in, inlen, out);

-#else

-	return NULL;

-#endif	/* OPENSSL_NO_SHA */

-	}

-#endif	/* OPENSSL_NO_ECDH */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE *e = NULL;

-#endif

-	unsigned char *buf=NULL,*buf2=NULL;

-	int mret=1;

-	long count=0,save_count=0;

-	int i,j,k;

-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)

-	long rsa_count;

-#endif

-#ifndef OPENSSL_NO_RSA

-	unsigned rsa_num;

-#endif

-	unsigned char md[EVP_MAX_MD_SIZE];

-#ifndef OPENSSL_NO_MD2

-	unsigned char md2[MD2_DIGEST_LENGTH];

-#endif

-#ifndef OPENSSL_NO_MDC2

-	unsigned char mdc2[MDC2_DIGEST_LENGTH];

-#endif

-#ifndef OPENSSL_NO_MD4

-	unsigned char md4[MD4_DIGEST_LENGTH];

-#endif

-#ifndef OPENSSL_NO_MD5

-	unsigned char md5[MD5_DIGEST_LENGTH];

-	unsigned char hmac[MD5_DIGEST_LENGTH];

-#endif

-#ifndef OPENSSL_NO_SHA

-	unsigned char sha[SHA_DIGEST_LENGTH];

-#ifndef OPENSSL_NO_SHA256

-	unsigned char sha256[SHA256_DIGEST_LENGTH];

-#endif

-#ifndef OPENSSL_NO_SHA512

-	unsigned char sha512[SHA512_DIGEST_LENGTH];

-#endif

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];

-#endif

-#ifndef OPENSSL_NO_RC4

-	RC4_KEY rc4_ks;

-#endif

-#ifndef OPENSSL_NO_RC5

-	RC5_32_KEY rc5_ks;

-#endif

-#ifndef OPENSSL_NO_RC2

-	RC2_KEY rc2_ks;

-#endif

-#ifndef OPENSSL_NO_IDEA

-	IDEA_KEY_SCHEDULE idea_ks;

-#endif

-#ifndef OPENSSL_NO_SEED

-	SEED_KEY_SCHEDULE seed_ks;

-#endif

-#ifndef OPENSSL_NO_BF

-	BF_KEY bf_ks;

-#endif

-#ifndef OPENSSL_NO_CAST

-	CAST_KEY cast_ks;

-#endif

-	static const unsigned char key16[16]=

-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};

-#ifndef OPENSSL_NO_AES

-	static const unsigned char key24[24]=

-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,

-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};

-	static const unsigned char key32[32]=

-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,

-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,

-		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	static const unsigned char ckey24[24]=

-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,

-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};

-	static const unsigned char ckey32[32]=

-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,

-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,

-		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};

-#endif

-#ifndef OPENSSL_NO_AES

-#define MAX_BLOCK_SIZE 128

-#else

-#define MAX_BLOCK_SIZE 64

-#endif

-	unsigned char DES_iv[8];

-	unsigned char iv[MAX_BLOCK_SIZE/8];

-#ifndef OPENSSL_NO_DES

-	DES_cblock *buf_as_des_cblock = NULL;

-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};

-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};

-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};

-	DES_key_schedule sch;

-	DES_key_schedule sch2;

-	DES_key_schedule sch3;

-#endif

-#ifndef OPENSSL_NO_AES

-	AES_KEY aes_ks1, aes_ks2, aes_ks3;

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;

-#endif

-#define	D_MD2		0

-#define	D_MDC2		1

-#define	D_MD4		2

-#define	D_MD5		3

-#define	D_HMAC		4

-#define	D_SHA1		5

-#define D_RMD160	6

-#define	D_RC4		7

-#define	D_CBC_DES	8

-#define	D_EDE3_DES	9

-#define	D_CBC_IDEA	10

-#define	D_CBC_SEED	11

-#define	D_CBC_RC2	12

-#define	D_CBC_RC5	13

-#define	D_CBC_BF	14

-#define	D_CBC_CAST	15

-#define D_CBC_128_AES	16

-#define D_CBC_192_AES	17

-#define D_CBC_256_AES	18

-#define D_CBC_128_CML   19

-#define D_CBC_192_CML   20

-#define D_CBC_256_CML   21

-#define D_EVP		22

-#define D_SHA256	23

-#define D_SHA512	24

-#define D_IGE_128_AES   25

-#define D_IGE_192_AES   26

-#define D_IGE_256_AES   27

-	double d=0.0;

-	long c[ALGOR_NUM][SIZE_NUM];

-#define	R_DSA_512	0

-#define	R_DSA_1024	1

-#define	R_DSA_2048	2

-#define	R_RSA_512	0

-#define	R_RSA_1024	1

-#define	R_RSA_2048	2

-#define	R_RSA_4096	3

-#define R_EC_P160    0

-#define R_EC_P192    1

-#define R_EC_P224    2

-#define R_EC_P256    3

-#define R_EC_P384    4

-#define R_EC_P521    5

-#define R_EC_K163    6

-#define R_EC_K233    7

-#define R_EC_K283    8

-#define R_EC_K409    9

-#define R_EC_K571    10

-#define R_EC_B163    11

-#define R_EC_B233    12

-#define R_EC_B283    13

-#define R_EC_B409    14

-#define R_EC_B571    15

-#ifndef OPENSSL_NO_RSA

-	RSA *rsa_key[RSA_NUM];

-	long rsa_c[RSA_NUM][2];

-	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};

-	static unsigned char *rsa_data[RSA_NUM]=

-		{test512,test1024,test2048,test4096};

-	static int rsa_data_length[RSA_NUM]={

-		sizeof(test512),sizeof(test1024),

-		sizeof(test2048),sizeof(test4096)};

-#endif

-#ifndef OPENSSL_NO_DSA

-	DSA *dsa_key[DSA_NUM];

-	long dsa_c[DSA_NUM][2];

-	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};

-#endif

-#ifndef OPENSSL_NO_EC

-	/* We only test over the following curves as they are representative,

-	 * To add tests over more curves, simply add the curve NID

-	 * and curve name to the following arrays and increase the

-	 * EC_NUM value accordingly.

-	 */

-	static unsigned int test_curves[EC_NUM] =

-	{

-	/* Prime Curves */

-	NID_secp160r1,

-	NID_X9_62_prime192v1,

-	NID_secp224r1,

-	NID_X9_62_prime256v1,

-	NID_secp384r1,

-	NID_secp521r1,

-	/* Binary Curves */

-	NID_sect163k1,

-	NID_sect233k1,

-	NID_sect283k1,

-	NID_sect409k1,

-	NID_sect571k1,

-	NID_sect163r2,

-	NID_sect233r1,

-	NID_sect283r1,

-	NID_sect409r1,

-	NID_sect571r1

-	};

-	static const char * test_curves_names[EC_NUM] =

-	{

-	/* Prime Curves */

-	"secp160r1",

-	"nistp192",

-	"nistp224",

-	"nistp256",

-	"nistp384",

-	"nistp521",

-	/* Binary Curves */

-	"nistk163",

-	"nistk233",

-	"nistk283",

-	"nistk409",

-	"nistk571",

-	"nistb163",

-	"nistb233",

-	"nistb283",

-	"nistb409",

-	"nistb571"

-	};

-	static int test_curves_bits[EC_NUM] =

-        {

-        160, 192, 224, 256, 384, 521,

-        163, 233, 283, 409, 571,

-        163, 233, 283, 409, 571

-        };

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	unsigned char ecdsasig[256];

-	unsigned int ecdsasiglen;

-	EC_KEY *ecdsa[EC_NUM];

-	long ecdsa_c[EC_NUM][2];

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];

-	unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];

-	int secret_size_a, secret_size_b;

-	int ecdh_checks = 0;

-	int secret_idx = 0;

-	long ecdh_c[EC_NUM][2];

-#endif

-	int rsa_doit[RSA_NUM];

-	int dsa_doit[DSA_NUM];

-#ifndef OPENSSL_NO_ECDSA

-	int ecdsa_doit[EC_NUM];

-#endif

-#ifndef OPENSSL_NO_ECDH

-        int ecdh_doit[EC_NUM];

-#endif

-	int doit[ALGOR_NUM];

-	int pr_header=0;

-	const EVP_CIPHER *evp_cipher=NULL;

-	const EVP_MD *evp_md=NULL;

-	int decrypt=0;

-#ifdef HAVE_FORK

-	int multi=0;

-#endif

-#ifndef TIMES

-	usertime=-1;

-#endif

-	apps_startup();

-	memset(results, 0, sizeof(results));

-#ifndef OPENSSL_NO_DSA

-	memset(dsa_key,0,sizeof(dsa_key));

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	for (i=0; i<EC_NUM; i++)

-		{

-		ecdh_a[i] = NULL;

-		ecdh_b[i] = NULL;

-		}

-#endif

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-#ifndef OPENSSL_NO_RSA

-	memset(rsa_key,0,sizeof(rsa_key));

-	for (i=0; i<RSA_NUM; i++)

-		rsa_key[i]=NULL;

-#endif

-	if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)

-		{

-		BIO_printf(bio_err,"out of memory\n");

-		goto end;

-		}

-#ifndef OPENSSL_NO_DES

-	buf_as_des_cblock = (DES_cblock *)buf;

-#endif

-	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)

-		{

-		BIO_printf(bio_err,"out of memory\n");

-		goto end;

-		}

-	memset(c,0,sizeof(c));

-	memset(DES_iv,0,sizeof(DES_iv));

-	memset(iv,0,sizeof(iv));

-	for (i=0; i<ALGOR_NUM; i++)

-		doit[i]=0;

-	for (i=0; i<RSA_NUM; i++)

-		rsa_doit[i]=0;

-	for (i=0; i<DSA_NUM; i++)

-		dsa_doit[i]=0;

-#ifndef OPENSSL_NO_ECDSA

-	for (i=0; i<EC_NUM; i++)

-		ecdsa_doit[i]=0;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	for (i=0; i<EC_NUM; i++)

-		ecdh_doit[i]=0;

-#endif

-	j=0;

-	argc--;

-	argv++;

-	while (argc)

-		{

-		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))

-			{

-			usertime = 0;

-			j--;	/* Otherwise, -elapsed gets confused with

-				   an algorithm. */

-			}

-		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))

-			{

-			argc--;

-			argv++;

-			if(argc == 0)

-				{

-				BIO_printf(bio_err,"no EVP given\n");

-				goto end;

-				}

-			evp_cipher=EVP_get_cipherbyname(*argv);

-			if(!evp_cipher)

-				{

-				evp_md=EVP_get_digestbyname(*argv);

-				}

-			if(!evp_cipher && !evp_md)

-				{

-				BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);

-				goto end;

-				}

-			doit[D_EVP]=1;

-			}

-		else if (argc > 0 && !strcmp(*argv,"-decrypt"))

-			{

-			decrypt=1;

-			j--;	/* Otherwise, -elapsed gets confused with

-				   an algorithm. */

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))

-			{

-			argc--;

-			argv++;

-			if(argc == 0)

-				{

-				BIO_printf(bio_err,"no engine given\n");

-				goto end;

-				}

-                        e = setup_engine(bio_err, *argv, 0);

-			/* j will be increased again further down.  We just

-			   don't want speed to confuse an engine with an

-			   algorithm, especially when none is given (which

-			   means all of them should be run) */

-			j--;

-			}

-#endif

-#ifdef HAVE_FORK

-		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))

-			{

-			argc--;

-			argv++;

-			if(argc == 0)

-				{

-				BIO_printf(bio_err,"no multi count given\n");

-				goto end;

-				}

-			multi=atoi(argv[0]);

-			if(multi <= 0)

-			    {

-				BIO_printf(bio_err,"bad multi count\n");

-				goto end;

-				}

-			j--;	/* Otherwise, -mr gets confused with

-				   an algorithm. */

-			}

-#endif

-		else if (argc > 0 && !strcmp(*argv,"-mr"))

-			{

-			mr=1;

-			j--;	/* Otherwise, -mr gets confused with

-				   an algorithm. */

-			}

-		else

-#ifndef OPENSSL_NO_MD2

-		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_MDC2

-			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_MD4

-			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_MD5

-			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_MD5

-			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_SHA

-			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;

-		else

-			if (strcmp(*argv,"sha") == 0)	doit[D_SHA1]=1,

-							doit[D_SHA256]=1,

-							doit[D_SHA512]=1;

-		else

-#ifndef OPENSSL_NO_SHA256

-			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_SHA512

-			if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;

-		else

-#endif

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;

-		else

-			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;

-		else

-			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_RC4

-			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_DES

-			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;

-		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_AES

-			if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;

-		else	if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;

-		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;

-		else    if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;

-		else	if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;

-		else	if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;

-                else

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-			if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;

-		else    if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;

-		else    if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_RSA

-#if 0 /* was: #ifdef RSAref */

-			if (strcmp(*argv,"rsaref") == 0)

-			{

-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());

-			j--;

-			}

-		else

-#endif

-#ifndef RSA_NULL

-			if (strcmp(*argv,"openssl") == 0)

-			{

-			RSA_set_default_method(RSA_PKCS1_SSLeay());

-			j--;

-			}

-		else

-#endif

-#endif /* !OPENSSL_NO_RSA */

-		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;

-		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;

-		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;

-		else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;

-		else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;

-		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;

-		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;

-		else

-#ifndef OPENSSL_NO_RC2

-		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;

-		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_RC5

-		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;

-		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_IDEA

-		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;

-		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_SEED

-		     if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;

-		else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_BF

-		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;

-		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;

-		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_CAST

-		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;

-		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;

-		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;

-		else

-#endif

-#ifndef OPENSSL_NO_DES

-			if (strcmp(*argv,"des") == 0)

-			{

-			doit[D_CBC_DES]=1;

-			doit[D_EDE3_DES]=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_AES

-			if (strcmp(*argv,"aes") == 0)

-			{

-			doit[D_CBC_128_AES]=1;

-			doit[D_CBC_192_AES]=1;

-			doit[D_CBC_256_AES]=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-			if (strcmp(*argv,"camellia") == 0)

-			{

-			doit[D_CBC_128_CML]=1;

-			doit[D_CBC_192_CML]=1;

-			doit[D_CBC_256_CML]=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_RSA

-			if (strcmp(*argv,"rsa") == 0)

-			{

-			rsa_doit[R_RSA_512]=1;

-			rsa_doit[R_RSA_1024]=1;

-			rsa_doit[R_RSA_2048]=1;

-			rsa_doit[R_RSA_4096]=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-			if (strcmp(*argv,"dsa") == 0)

-			{

-			dsa_doit[R_DSA_512]=1;

-			dsa_doit[R_DSA_1024]=1;

-			dsa_doit[R_DSA_2048]=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;

-		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;

-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;

-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;

-		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;

-		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;

-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;

-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;

-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;

-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;

-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;

-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;

-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;

-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;

-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;

-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;

-		else if (strcmp(*argv,"ecdsa") == 0)

-			{

-			for (i=0; i < EC_NUM; i++)

-				ecdsa_doit[i]=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_ECDH

-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;

-		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;

-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;

-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;

-		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;

-		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;

-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;

-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;

-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;

-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;

-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;

-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;

-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;

-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;

-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;

-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;

-		else if (strcmp(*argv,"ecdh") == 0)

-			{

-			for (i=0; i < EC_NUM; i++)

-				ecdh_doit[i]=1;

-			}

-		else

-#endif

-			{

-			BIO_printf(bio_err,"Error: bad option or value\n");

-			BIO_printf(bio_err,"\n");

-			BIO_printf(bio_err,"Available values:\n");

-#ifndef OPENSSL_NO_MD2

-			BIO_printf(bio_err,"md2      ");

-#endif

-#ifndef OPENSSL_NO_MDC2

-			BIO_printf(bio_err,"mdc2     ");

-#endif

-#ifndef OPENSSL_NO_MD4

-			BIO_printf(bio_err,"md4      ");

-#endif

-#ifndef OPENSSL_NO_MD5

-			BIO_printf(bio_err,"md5      ");

-#ifndef OPENSSL_NO_HMAC

-			BIO_printf(bio_err,"hmac     ");

-#endif

-#endif

-#ifndef OPENSSL_NO_SHA1

-			BIO_printf(bio_err,"sha1     ");

-#endif

-#ifndef OPENSSL_NO_SHA256

-			BIO_printf(bio_err,"sha256   ");

-#endif

-#ifndef OPENSSL_NO_SHA512

-			BIO_printf(bio_err,"sha512   ");

-#endif

-#ifndef OPENSSL_NO_RIPEMD160

-			BIO_printf(bio_err,"rmd160");

-#endif

-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \

-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \

-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)

-			BIO_printf(bio_err,"\n");

-#endif

-#ifndef OPENSSL_NO_IDEA

-			BIO_printf(bio_err,"idea-cbc ");

-#endif

-#ifndef OPENSSL_NO_SEED

-			BIO_printf(bio_err,"seed-cbc ");

-#endif

-#ifndef OPENSSL_NO_RC2

-			BIO_printf(bio_err,"rc2-cbc  ");

-#endif

-#ifndef OPENSSL_NO_RC5

-			BIO_printf(bio_err,"rc5-cbc  ");

-#endif

-#ifndef OPENSSL_NO_BF

-			BIO_printf(bio_err,"bf-cbc");

-#endif

-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \

-    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)

-			BIO_printf(bio_err,"\n");

-#endif

-#ifndef OPENSSL_NO_DES

-			BIO_printf(bio_err,"des-cbc  des-ede3 ");

-#endif

-#ifndef OPENSSL_NO_AES

-			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");

-			BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-			BIO_printf(bio_err,"\n");

-			BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");

-#endif

-#ifndef OPENSSL_NO_RC4

-			BIO_printf(bio_err,"rc4");

-#endif

-			BIO_printf(bio_err,"\n");

-#ifndef OPENSSL_NO_RSA

-			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");

-#endif

-#ifndef OPENSSL_NO_DSA

-			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");

-#endif

-#ifndef OPENSSL_NO_ECDSA

-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");

-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");

-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");

-			BIO_printf(bio_err,"ecdsa\n");

-#endif

-#ifndef OPENSSL_NO_ECDH

-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");

-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");

-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");

-			BIO_printf(bio_err,"ecdh\n");

-#endif

-#ifndef OPENSSL_NO_IDEA

-			BIO_printf(bio_err,"idea     ");

-#endif

-#ifndef OPENSSL_NO_SEED

-			BIO_printf(bio_err,"seed     ");

-#endif

-#ifndef OPENSSL_NO_RC2

-			BIO_printf(bio_err,"rc2      ");

-#endif

-#ifndef OPENSSL_NO_DES

-			BIO_printf(bio_err,"des      ");

-#endif

-#ifndef OPENSSL_NO_AES

-			BIO_printf(bio_err,"aes      ");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-			BIO_printf(bio_err,"camellia ");

-#endif

-#ifndef OPENSSL_NO_RSA

-			BIO_printf(bio_err,"rsa      ");

-#endif

-#ifndef OPENSSL_NO_BF

-			BIO_printf(bio_err,"blowfish");

-#endif

-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \

-    !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \

-    !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \

-    !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)

-			BIO_printf(bio_err,"\n");

-#endif

-			BIO_printf(bio_err,"\n");

-			BIO_printf(bio_err,"Available options:\n");

-#if defined(TIMES) || defined(USE_TOD)

-			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");

-#endif

-#ifndef OPENSSL_NO_ENGINE

-			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");

-#endif

-			BIO_printf(bio_err,"-evp e          use EVP e.\n");

-			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");

-			BIO_printf(bio_err,"-mr             produce machine readable output.\n");

-#ifdef HAVE_FORK

-			BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");

-#endif

-			goto end;

-			}

-		argc--;

-		argv++;

-		j++;

-		}

-#ifdef HAVE_FORK

-	if(multi && do_multi(multi))

-		goto show_res;

-#endif

-	if (j == 0)

-		{

-		for (i=0; i<ALGOR_NUM; i++)

-			{

-			if (i != D_EVP)

-				doit[i]=1;

-			}

-		for (i=0; i<RSA_NUM; i++)

-			rsa_doit[i]=1;

-		for (i=0; i<DSA_NUM; i++)

-			dsa_doit[i]=1;

-		}

-	for (i=0; i<ALGOR_NUM; i++)

-		if (doit[i]) pr_header++;

-	if (usertime == 0 && !mr)

-		BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");

-	if (usertime <= 0 && !mr)

-		{

-		BIO_printf(bio_err,"To get the most accurate results, try to run this\n");

-		BIO_printf(bio_err,"program when this computer is idle.\n");

-		}

-#ifndef OPENSSL_NO_RSA

-	for (i=0; i<RSA_NUM; i++)

-		{

-		const unsigned char *p;

-		p=rsa_data[i];

-		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);

-		if (rsa_key[i] == NULL)

-			{

-			BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);

-			goto end;

-			}

-#if 0

-		else

-			{

-			BIO_printf(bio_err,mr ? "+RK:%d:"

-				   : "Loaded RSA key, %d bit modulus and e= 0x",

-				   BN_num_bits(rsa_key[i]->n));

-			BN_print(bio_err,rsa_key[i]->e);

-			BIO_printf(bio_err,"\n");

-			}

-#endif

-		}

-#endif

-#ifndef OPENSSL_NO_DSA

-	dsa_key[0]=get_dsa512();

-	dsa_key[1]=get_dsa1024();

-	dsa_key[2]=get_dsa2048();

-#endif

-#ifndef OPENSSL_NO_DES

-	DES_set_key_unchecked(&key,&sch);

-	DES_set_key_unchecked(&key2,&sch2);

-	DES_set_key_unchecked(&key3,&sch3);

-#endif

-#ifndef OPENSSL_NO_AES

-	AES_set_encrypt_key(key16,128,&aes_ks1);

-	AES_set_encrypt_key(key24,192,&aes_ks2);

-	AES_set_encrypt_key(key32,256,&aes_ks3);

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	Camellia_set_key(key16,128,&camellia_ks1);

-	Camellia_set_key(ckey24,192,&camellia_ks2);

-	Camellia_set_key(ckey32,256,&camellia_ks3);

-#endif

-#ifndef OPENSSL_NO_IDEA

-	idea_set_encrypt_key(key16,&idea_ks);

-#endif

-#ifndef OPENSSL_NO_SEED

-	SEED_set_key(key16,&seed_ks);

-#endif

-#ifndef OPENSSL_NO_RC4

-	RC4_set_key(&rc4_ks,16,key16);

-#endif

-#ifndef OPENSSL_NO_RC2

-	RC2_set_key(&rc2_ks,16,key16,128);

-#endif

-#ifndef OPENSSL_NO_RC5

-	RC5_32_set_key(&rc5_ks,16,key16,12);

-#endif

-#ifndef OPENSSL_NO_BF

-	BF_set_key(&bf_ks,16,key16);

-#endif

-#ifndef OPENSSL_NO_CAST

-	CAST_set_key(&cast_ks,16,key16);

-#endif

-#ifndef OPENSSL_NO_RSA

-	memset(rsa_c,0,sizeof(rsa_c));

-#endif

-#ifndef SIGALRM

-#ifndef OPENSSL_NO_DES

-	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");

-	count=10;

-	do	{

-		long it;

-		count*=2;

-		Time_F(START);

-		for (it=count; it; it--)

-			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,

-				&sch,DES_ENCRYPT);

-		d=Time_F(STOP);

-		} while (d <3);

-	save_count=count;

-	c[D_MD2][0]=count/10;

-	c[D_MDC2][0]=count/10;

-	c[D_MD4][0]=count;

-	c[D_MD5][0]=count;

-	c[D_HMAC][0]=count;

-	c[D_SHA1][0]=count;

-	c[D_RMD160][0]=count;

-	c[D_RC4][0]=count*5;

-	c[D_CBC_DES][0]=count;

-	c[D_EDE3_DES][0]=count/3;

-	c[D_CBC_IDEA][0]=count;

-	c[D_CBC_SEED][0]=count;

-	c[D_CBC_RC2][0]=count;

-	c[D_CBC_RC5][0]=count;

-	c[D_CBC_BF][0]=count;

-	c[D_CBC_CAST][0]=count;

-	c[D_CBC_128_AES][0]=count;

-	c[D_CBC_192_AES][0]=count;

-	c[D_CBC_256_AES][0]=count;

-	c[D_CBC_128_CML][0]=count;

-	c[D_CBC_192_CML][0]=count;

-	c[D_CBC_256_CML][0]=count;

-	c[D_SHA256][0]=count;

-	c[D_SHA512][0]=count;

-	c[D_IGE_128_AES][0]=count;

-	c[D_IGE_192_AES][0]=count;

-	c[D_IGE_256_AES][0]=count;

-	for (i=1; i<SIZE_NUM; i++)

-		{

-		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];

-		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];

-		c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];

-		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];

-		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];

-		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];

-		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];

-		c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];

-		c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];

-		}

-	for (i=1; i<SIZE_NUM; i++)

-		{

-		long l0,l1;

-		l0=(long)lengths[i-1];

-		l1=(long)lengths[i];

-		c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;

-		c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;

-		c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;

-		c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;

-		c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;

-		c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;

-		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;

-		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;

-		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;

-		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;

-		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;

-		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;

- 		c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;

-		c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;

-		c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;

-		c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;

-		c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;

-		c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;

-		}

-#ifndef OPENSSL_NO_RSA

-	rsa_c[R_RSA_512][0]=count/2000;

-	rsa_c[R_RSA_512][1]=count/400;

-	for (i=1; i<RSA_NUM; i++)

-		{

-		rsa_c[i][0]=rsa_c[i-1][0]/8;

-		rsa_c[i][1]=rsa_c[i-1][1]/4;

-		if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))

-			rsa_doit[i]=0;

-		else

-			{

-			if (rsa_c[i][0] == 0)

-				{

-				rsa_c[i][0]=1;

-				rsa_c[i][1]=20;

-				}

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_DSA

-	dsa_c[R_DSA_512][0]=count/1000;

-	dsa_c[R_DSA_512][1]=count/1000/2;

-	for (i=1; i<DSA_NUM; i++)

-		{

-		dsa_c[i][0]=dsa_c[i-1][0]/4;

-		dsa_c[i][1]=dsa_c[i-1][1]/4;

-		if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))

-			dsa_doit[i]=0;

-		else

-			{

-			if (dsa_c[i] == 0)

-				{

-				dsa_c[i][0]=1;

-				dsa_c[i][1]=1;

-				}

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	ecdsa_c[R_EC_P160][0]=count/1000;

-	ecdsa_c[R_EC_P160][1]=count/1000/2;

-	for (i=R_EC_P192; i<=R_EC_P521; i++)

-		{

-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;

-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;

-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))

-			ecdsa_doit[i]=0;

-		else

-			{

-			if (ecdsa_c[i] == 0)

-				{

-				ecdsa_c[i][0]=1;

-				ecdsa_c[i][1]=1;

-				}

-			}

-		}

-	ecdsa_c[R_EC_K163][0]=count/1000;

-	ecdsa_c[R_EC_K163][1]=count/1000/2;

-	for (i=R_EC_K233; i<=R_EC_K571; i++)

-		{

-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;

-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;

-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))

-			ecdsa_doit[i]=0;

-		else

-			{

-			if (ecdsa_c[i] == 0)

-				{

-				ecdsa_c[i][0]=1;

-				ecdsa_c[i][1]=1;

-				}

-			}

-		}

-	ecdsa_c[R_EC_B163][0]=count/1000;

-	ecdsa_c[R_EC_B163][1]=count/1000/2;

-	for (i=R_EC_B233; i<=R_EC_B571; i++)

-		{

-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;

-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;

-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))

-			ecdsa_doit[i]=0;

-		else

-			{

-			if (ecdsa_c[i] == 0)

-				{

-				ecdsa_c[i][0]=1;

-				ecdsa_c[i][1]=1;

-				}

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_ECDH

-	ecdh_c[R_EC_P160][0]=count/1000;

-	ecdh_c[R_EC_P160][1]=count/1000;

-	for (i=R_EC_P192; i<=R_EC_P521; i++)

-		{

-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;

-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;

-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))

-			ecdh_doit[i]=0;

-		else

-			{

-			if (ecdh_c[i] == 0)

-				{

-				ecdh_c[i][0]=1;

-				ecdh_c[i][1]=1;

-				}

-			}

-		}

-	ecdh_c[R_EC_K163][0]=count/1000;

-	ecdh_c[R_EC_K163][1]=count/1000;

-	for (i=R_EC_K233; i<=R_EC_K571; i++)

-		{

-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;

-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;

-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))

-			ecdh_doit[i]=0;

-		else

-			{

-			if (ecdh_c[i] == 0)

-				{

-				ecdh_c[i][0]=1;

-				ecdh_c[i][1]=1;

-				}

-			}

-		}

-	ecdh_c[R_EC_B163][0]=count/1000;

-	ecdh_c[R_EC_B163][1]=count/1000;

-	for (i=R_EC_B233; i<=R_EC_B571; i++)

-		{

-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;

-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;

-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))

-			ecdh_doit[i]=0;

-		else

-			{

-			if (ecdh_c[i] == 0)

-				{

-				ecdh_c[i][0]=1;

-				ecdh_c[i][1]=1;

-				}

-			}

-		}

-#endif

-#define COND(d)	(count < (d))

-#define COUNT(d) (d)

-#else

-/* not worth fixing */

-# error "You cannot disable DES on systems without SIGALRM."

-#endif /* OPENSSL_NO_DES */

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-#endif /* SIGALRM */

-#ifndef OPENSSL_NO_MD2

-	if (doit[D_MD2])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_MD2][j]); count++)

-				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);

-			d=Time_F(STOP);

-			print_result(D_MD2,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_MDC2

-	if (doit[D_MDC2])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_MDC2][j]); count++)

-				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);

-			d=Time_F(STOP);

-			print_result(D_MDC2,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_MD4

-	if (doit[D_MD4])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_MD4][j]); count++)

-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);

-			d=Time_F(STOP);

-			print_result(D_MD4,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_MD5

-	if (doit[D_MD5])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_MD5][j]); count++)

-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);

-			d=Time_F(STOP);

-			print_result(D_MD5,j,count,d);

-			}

-		}

-#endif

-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)

-	if (doit[D_HMAC])

-		{

-		HMAC_CTX hctx;

-		HMAC_CTX_init(&hctx);

-		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",

-			16,EVP_md5(), NULL);

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_HMAC][j]); count++)

-				{

-				HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);

-				HMAC_Update(&hctx,buf,lengths[j]);

-				HMAC_Final(&hctx,&(hmac[0]),NULL);

-				}

-			d=Time_F(STOP);

-			print_result(D_HMAC,j,count,d);

-			}

-		HMAC_CTX_cleanup(&hctx);

-		}

-#endif

-#ifndef OPENSSL_NO_SHA

-	if (doit[D_SHA1])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_SHA1][j]); count++)

-				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);

-			d=Time_F(STOP);

-			print_result(D_SHA1,j,count,d);

-			}

-		}

-#ifndef OPENSSL_NO_SHA256

-	if (doit[D_SHA256])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_SHA256][j]); count++)

-				SHA256(buf,lengths[j],sha256);

-			d=Time_F(STOP);

-			print_result(D_SHA256,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_SHA512

-	if (doit[D_SHA512])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_SHA512][j]); count++)

-				SHA512(buf,lengths[j],sha512);

-			d=Time_F(STOP);

-			print_result(D_SHA512,j,count,d);

-			}

-		}

-#endif

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-	if (doit[D_RMD160])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_RMD160][j]); count++)

-				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);

-			d=Time_F(STOP);

-			print_result(D_RMD160,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_RC4

-	if (doit[D_RC4])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_RC4],c[D_RC4][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_RC4][j]); count++)

-				RC4(&rc4_ks,(unsigned int)lengths[j],

-					buf,buf);

-			d=Time_F(STOP);

-			print_result(D_RC4,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_DES

-	if (doit[D_CBC_DES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)

-				DES_ncbc_encrypt(buf,buf,lengths[j],&sch,

-						 &DES_iv,DES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_DES,j,count,d);

-			}

-		}

-	if (doit[D_EDE3_DES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)

-				DES_ede3_cbc_encrypt(buf,buf,lengths[j],

-						     &sch,&sch2,&sch3,

-						     &DES_iv,DES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_EDE3_DES,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_AES

-	if (doit[D_CBC_128_AES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)

-				AES_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&aes_ks1,

-					iv,AES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_128_AES,j,count,d);

-			}

-		}

-	if (doit[D_CBC_192_AES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)

-				AES_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&aes_ks2,

-					iv,AES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_192_AES,j,count,d);

-			}

-		}

-	if (doit[D_CBC_256_AES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)

-				AES_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&aes_ks3,

-					iv,AES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_256_AES,j,count,d);

-			}

-		}

-	if (doit[D_IGE_128_AES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)

-				AES_ige_encrypt(buf,buf2,

-					(unsigned long)lengths[j],&aes_ks1,

-					iv,AES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_IGE_128_AES,j,count,d);

-			}

-		}

-	if (doit[D_IGE_192_AES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)

-				AES_ige_encrypt(buf,buf2,

-					(unsigned long)lengths[j],&aes_ks2,

-					iv,AES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_IGE_192_AES,j,count,d);

-			}

-		}

-	if (doit[D_IGE_256_AES])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)

-				AES_ige_encrypt(buf,buf2,

-					(unsigned long)lengths[j],&aes_ks3,

-					iv,AES_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_IGE_256_AES,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	if (doit[D_CBC_128_CML])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)

-				Camellia_cbc_encrypt(buf,buf,

-				        (unsigned long)lengths[j],&camellia_ks1,

-				        iv,CAMELLIA_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_128_CML,j,count,d);

-			}

-		}

-	if (doit[D_CBC_192_CML])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)

-				Camellia_cbc_encrypt(buf,buf,

-				        (unsigned long)lengths[j],&camellia_ks2,

-				        iv,CAMELLIA_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_192_CML,j,count,d);

-			}

-		}

-	if (doit[D_CBC_256_CML])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)

-				Camellia_cbc_encrypt(buf,buf,

-				        (unsigned long)lengths[j],&camellia_ks3,

-				        iv,CAMELLIA_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_256_CML,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_IDEA

-	if (doit[D_CBC_IDEA])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)

-				idea_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&idea_ks,

-					iv,IDEA_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_IDEA,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_SEED

-	if (doit[D_CBC_SEED])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)

-				SEED_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&seed_ks,iv,1);

-			d=Time_F(STOP);

-			print_result(D_CBC_SEED,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_RC2

-	if (doit[D_CBC_RC2])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)

-				RC2_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&rc2_ks,

-					iv,RC2_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_RC2,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_RC5

-	if (doit[D_CBC_RC5])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)

-				RC5_32_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&rc5_ks,

-					iv,RC5_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_RC5,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_BF

-	if (doit[D_CBC_BF])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)

-				BF_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&bf_ks,

-					iv,BF_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_BF,j,count,d);

-			}

-		}

-#endif

-#ifndef OPENSSL_NO_CAST

-	if (doit[D_CBC_CAST])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);

-			Time_F(START);

-			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)

-				CAST_cbc_encrypt(buf,buf,

-					(unsigned long)lengths[j],&cast_ks,

-					iv,CAST_ENCRYPT);

-			d=Time_F(STOP);

-			print_result(D_CBC_CAST,j,count,d);

-			}

-		}

-#endif

-	if (doit[D_EVP])

-		{

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			if (evp_cipher)

-				{

-				EVP_CIPHER_CTX ctx;

-				int outl;

-				names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);

-				/* -O3 -fschedule-insns messes up an

-				 * optimization here!  names[D_EVP]

-				 * somehow becomes NULL */

-				print_message(names[D_EVP],save_count,

-					lengths[j]);

-				EVP_CIPHER_CTX_init(&ctx);

-				if(decrypt)

-					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);

-				else

-					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);

-				EVP_CIPHER_CTX_set_padding(&ctx, 0);

-				Time_F(START);

-				if(decrypt)

-					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)

-						EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);

-				else

-					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)

-						EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);

-				if(decrypt)

-					EVP_DecryptFinal_ex(&ctx,buf,&outl);

-				else

-					EVP_EncryptFinal_ex(&ctx,buf,&outl);

-				d=Time_F(STOP);

-				EVP_CIPHER_CTX_cleanup(&ctx);

-				}

-			if (evp_md)

-				{

-				names[D_EVP]=OBJ_nid2ln(evp_md->type);

-				print_message(names[D_EVP],save_count,

-					lengths[j]);

-				Time_F(START);

-				for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)

-					EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);

-				d=Time_F(STOP);

-				}

-			print_result(D_EVP,j,count,d);

-			}

-		}

-	RAND_pseudo_bytes(buf,36);

-#ifndef OPENSSL_NO_RSA

-	for (j=0; j<RSA_NUM; j++)

-		{

-		int ret;

-		if (!rsa_doit[j]) continue;

-		ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);

-		if (ret == 0)

-			{

-			BIO_printf(bio_err,"RSA sign failure.  No RSA sign will be done.\n");

-			ERR_print_errors(bio_err);

-			rsa_count=1;

-			}

-		else

-			{

-			pkey_print_message("private","rsa",

-				rsa_c[j][0],rsa_bits[j],

-				RSA_SECONDS);

-/*			RSA_blinding_on(rsa_key[j],NULL); */

-			Time_F(START);

-			for (count=0,run=1; COND(rsa_c[j][0]); count++)

-				{

-				ret=RSA_sign(NID_md5_sha1, buf,36, buf2,

-					&rsa_num, rsa_key[j]);

-				if (ret == 0)

-					{

-					BIO_printf(bio_err,

-						"RSA sign failure\n");

-					ERR_print_errors(bio_err);

-					count=1;

-					break;

-					}

-				}

-			d=Time_F(STOP);

-			BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"

-				   : "%ld %d bit private RSA's in %.2fs\n",

-				   count,rsa_bits[j],d);

-			rsa_results[j][0]=d/(double)count;

-			rsa_count=count;

-			}

-#if 1

-		ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);

-		if (ret <= 0)

-			{

-			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");

-			ERR_print_errors(bio_err);

-			rsa_doit[j] = 0;

-			}

-		else

-			{

-			pkey_print_message("public","rsa",

-				rsa_c[j][1],rsa_bits[j],

-				RSA_SECONDS);

-			Time_F(START);

-			for (count=0,run=1; COND(rsa_c[j][1]); count++)

-				{

-				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,

-					rsa_num, rsa_key[j]);

-				if (ret == 0)

-					{

-					BIO_printf(bio_err,

-						"RSA verify failure\n");

-					ERR_print_errors(bio_err);

-					count=1;

-					break;

-					}

-				}

-			d=Time_F(STOP);

-			BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"

-				   : "%ld %d bit public RSA's in %.2fs\n",

-				   count,rsa_bits[j],d);

-			rsa_results[j][1]=d/(double)count;

-			}

-#endif

-		if (rsa_count <= 1)

-			{

-			/* if longer than 10s, don't do any more */

-			for (j++; j<RSA_NUM; j++)

-				rsa_doit[j]=0;

-			}

-		}

-#endif

-	RAND_pseudo_bytes(buf,20);

-#ifndef OPENSSL_NO_DSA

-	if (RAND_status() != 1)

-		{

-		RAND_seed(rnd_seed, sizeof rnd_seed);

-		rnd_fake = 1;

-		}

-	for (j=0; j<DSA_NUM; j++)

-		{

-		unsigned int kk;

-		int ret;

-		if (!dsa_doit[j]) continue;

-/*		DSA_generate_key(dsa_key[j]); */

-/*		DSA_sign_setup(dsa_key[j],NULL); */

-		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,

-			&kk,dsa_key[j]);

-		if (ret == 0)

-			{

-			BIO_printf(bio_err,"DSA sign failure.  No DSA sign will be done.\n");

-			ERR_print_errors(bio_err);

-			rsa_count=1;

-			}

-		else

-			{

-			pkey_print_message("sign","dsa",

-				dsa_c[j][0],dsa_bits[j],

-				DSA_SECONDS);

-			Time_F(START);

-			for (count=0,run=1; COND(dsa_c[j][0]); count++)

-				{

-				ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,

-					&kk,dsa_key[j]);

-				if (ret == 0)

-					{

-					BIO_printf(bio_err,

-						"DSA sign failure\n");

-					ERR_print_errors(bio_err);

-					count=1;

-					break;

-					}

-				}

-			d=Time_F(STOP);

-			BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"

-				   : "%ld %d bit DSA signs in %.2fs\n",

-				   count,dsa_bits[j],d);

-			dsa_results[j][0]=d/(double)count;

-			rsa_count=count;

-			}

-		ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,

-			kk,dsa_key[j]);

-		if (ret <= 0)

-			{

-			BIO_printf(bio_err,"DSA verify failure.  No DSA verify will be done.\n");

-			ERR_print_errors(bio_err);

-			dsa_doit[j] = 0;

-			}

-		else

-			{

-			pkey_print_message("verify","dsa",

-				dsa_c[j][1],dsa_bits[j],

-				DSA_SECONDS);

-			Time_F(START);

-			for (count=0,run=1; COND(dsa_c[j][1]); count++)

-				{

-				ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,

-					kk,dsa_key[j]);

-				if (ret <= 0)

-					{

-					BIO_printf(bio_err,

-						"DSA verify failure\n");

-					ERR_print_errors(bio_err);

-					count=1;

-					break;

-					}

-				}

-			d=Time_F(STOP);

-			BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"

-				   : "%ld %d bit DSA verify in %.2fs\n",

-				   count,dsa_bits[j],d);

-			dsa_results[j][1]=d/(double)count;

-			}

-		if (rsa_count <= 1)

-			{

-			/* if longer than 10s, don't do any more */

-			for (j++; j<DSA_NUM; j++)

-				dsa_doit[j]=0;

-			}

-		}

-	if (rnd_fake) RAND_cleanup();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	if (RAND_status() != 1)

-		{

-		RAND_seed(rnd_seed, sizeof rnd_seed);

-		rnd_fake = 1;

-		}

-	for (j=0; j<EC_NUM; j++)

-		{

-		int ret;

-		if (!ecdsa_doit[j]) continue; /* Ignore Curve */

-		ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);

-		if (ecdsa[j] == NULL)

-			{

-			BIO_printf(bio_err,"ECDSA failure.\n");

-			ERR_print_errors(bio_err);

-			rsa_count=1;

-			}

-		else

-			{

-#if 1

-			EC_KEY_precompute_mult(ecdsa[j], NULL);

-#endif

-			/* Perform ECDSA signature test */

-			EC_KEY_generate_key(ecdsa[j]);

-			ret = ECDSA_sign(0, buf, 20, ecdsasig,

-				&ecdsasiglen, ecdsa[j]);

-			if (ret == 0)

-				{

-				BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");

-				ERR_print_errors(bio_err);

-				rsa_count=1;

-				}

-			else

-				{

-				pkey_print_message("sign","ecdsa",

-					ecdsa_c[j][0],

-					test_curves_bits[j],

-					ECDSA_SECONDS);

-				Time_F(START);

-				for (count=0,run=1; COND(ecdsa_c[j][0]);

-					count++)

-					{

-					ret=ECDSA_sign(0, buf, 20,

-						ecdsasig, &ecdsasiglen,

-						ecdsa[j]);

-					if (ret == 0)

-						{

-						BIO_printf(bio_err, "ECDSA sign failure\n");

-						ERR_print_errors(bio_err);

-						count=1;

-						break;

-						}

-					}

-				d=Time_F(STOP);

-				BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :

-					"%ld %d bit ECDSA signs in %.2fs \n",

-					count, test_curves_bits[j], d);

-				ecdsa_results[j][0]=d/(double)count;

-				rsa_count=count;

-				}

-			/* Perform ECDSA verification test */

-			ret=ECDSA_verify(0, buf, 20, ecdsasig,

-				ecdsasiglen, ecdsa[j]);

-			if (ret != 1)

-				{

-				BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");

-				ERR_print_errors(bio_err);

-				ecdsa_doit[j] = 0;

-				}

-			else

-				{

-				pkey_print_message("verify","ecdsa",

-				ecdsa_c[j][1],

-				test_curves_bits[j],

-				ECDSA_SECONDS);

-				Time_F(START);

-				for (count=0,run=1; COND(ecdsa_c[j][1]); count++)

-					{

-					ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);

-					if (ret != 1)

-						{

-						BIO_printf(bio_err, "ECDSA verify failure\n");

-						ERR_print_errors(bio_err);

-						count=1;

-						break;

-						}

-					}

-				d=Time_F(STOP);

-				BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"

-						: "%ld %d bit ECDSA verify in %.2fs\n",

-				count, test_curves_bits[j], d);

-				ecdsa_results[j][1]=d/(double)count;

-				}

-			if (rsa_count <= 1)

-				{

-				/* if longer than 10s, don't do any more */

-				for (j++; j<EC_NUM; j++)

-				ecdsa_doit[j]=0;

-				}

-			}

-		}

-	if (rnd_fake) RAND_cleanup();

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (RAND_status() != 1)

-		{

-		RAND_seed(rnd_seed, sizeof rnd_seed);

-		rnd_fake = 1;

-		}

-	for (j=0; j<EC_NUM; j++)

-		{

-		if (!ecdh_doit[j]) continue;

-		ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);

-		ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);

-		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))

-			{

-			BIO_printf(bio_err,"ECDH failure.\n");

-			ERR_print_errors(bio_err);

-			rsa_count=1;

-			}

-		else

-			{

-			/* generate two ECDH key pairs */

-			if (!EC_KEY_generate_key(ecdh_a[j]) ||

-				!EC_KEY_generate_key(ecdh_b[j]))

-				{

-				BIO_printf(bio_err,"ECDH key generation failure.\n");

-				ERR_print_errors(bio_err);

-				rsa_count=1;

-				}

-			else

-				{

-				/* If field size is not more than 24 octets, then use SHA-1 hash of result;

-				 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).

-				 */

-				int field_size, outlen;

-				void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);

-				field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));

-				if (field_size <= 24 * 8)

-					{

-					outlen = KDF1_SHA1_len;

-					kdf = KDF1_SHA1;

-					}

-				else

-					{

-					outlen = (field_size+7)/8;

-					kdf = NULL;

-					}

-				secret_size_a = ECDH_compute_key(secret_a, outlen,

-					EC_KEY_get0_public_key(ecdh_b[j]),

-					ecdh_a[j], kdf);

-				secret_size_b = ECDH_compute_key(secret_b, outlen,

-					EC_KEY_get0_public_key(ecdh_a[j]),

-					ecdh_b[j], kdf);

-				if (secret_size_a != secret_size_b)

-					ecdh_checks = 0;

-				else

-					ecdh_checks = 1;

-				for (secret_idx = 0;

-				    (secret_idx < secret_size_a)

-					&& (ecdh_checks == 1);

-				    secret_idx++)

-					{

-					if (secret_a[secret_idx] != secret_b[secret_idx])

-					ecdh_checks = 0;

-					}

-				if (ecdh_checks == 0)

-					{

-					BIO_printf(bio_err,"ECDH computations don't match.\n");

-					ERR_print_errors(bio_err);

-					rsa_count=1;

-					}

-				pkey_print_message("","ecdh",

-				ecdh_c[j][0],

-				test_curves_bits[j],

-				ECDH_SECONDS);

-				Time_F(START);

-				for (count=0,run=1; COND(ecdh_c[j][0]); count++)

-					{

-					ECDH_compute_key(secret_a, outlen,

-					EC_KEY_get0_public_key(ecdh_b[j]),

-					ecdh_a[j], kdf);

-					}

-				d=Time_F(STOP);

-				BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",

-				count, test_curves_bits[j], d);

-				ecdh_results[j][0]=d/(double)count;

-				rsa_count=count;

-				}

-			}

-		if (rsa_count <= 1)

-			{

-			/* if longer than 10s, don't do any more */

-			for (j++; j<EC_NUM; j++)

-			ecdh_doit[j]=0;

-			}

-		}

-	if (rnd_fake) RAND_cleanup();

-#endif

-#ifdef HAVE_FORK

-show_res:

-#endif

-	if(!mr)

-		{

-		fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));

-        fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));

-		printf("options:");

-		printf("%s ",BN_options());

-#ifndef OPENSSL_NO_MD2

-		printf("%s ",MD2_options());

-#endif

-#ifndef OPENSSL_NO_RC4

-		printf("%s ",RC4_options());

-#endif

-#ifndef OPENSSL_NO_DES

-		printf("%s ",DES_options());

-#endif

-#ifndef OPENSSL_NO_AES

-		printf("%s ",AES_options());

-#endif

-#ifndef OPENSSL_NO_IDEA

-		printf("%s ",idea_options());

-#endif

-#ifndef OPENSSL_NO_BF

-		printf("%s ",BF_options());

-#endif

-		fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));

-		printf("available timing options: ");

-#ifdef TIMES

-		printf("TIMES ");

-#endif

-#ifdef TIMEB

-		printf("TIMEB ");

-#endif

-#ifdef USE_TOD

-		printf("USE_TOD ");

-#endif

-#ifdef HZ

-#define as_string(s) (#s)

-		{

-		double dbl = HZ;

-		printf("HZ=%g", dbl);

-		}

-# ifdef _SC_CLK_TCK

-		printf(" [sysconf value]");

-# endif

-#endif

-		printf("\n");

-		printf("timing function used: %s%s%s%s%s%s%s\n",

-		       (ftime_used ? "ftime" : ""),

-		       (ftime_used + times_used > 1 ? "," : ""),

-		       (times_used ? "times" : ""),

-		       (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),

-		       (gettimeofday_used ? "gettimeofday" : ""),

-		       (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),

-		       (getrusage_used ? "getrusage" : ""));

-		}

-	if (pr_header)

-		{

-		if(mr)

-			fprintf(stdout,"+H");

-		else

-			{

-			fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");

-			fprintf(stdout,"type        ");

-			}

-		for (j=0;  j<SIZE_NUM; j++)

-			fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);

-		fprintf(stdout,"\n");

-		}

-	for (k=0; k<ALGOR_NUM; k++)

-		{

-		if (!doit[k]) continue;

-		if(mr)

-			fprintf(stdout,"+F:%d:%s",k,names[k]);

-		else

-			fprintf(stdout,"%-13s",names[k]);

-		for (j=0; j<SIZE_NUM; j++)

-			{

-			if (results[k][j] > 10000 && !mr)

-				fprintf(stdout," %11.2fk",results[k][j]/1e3);

-			else

-				fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);

-			}

-		fprintf(stdout,"\n");

-		}

-#ifndef OPENSSL_NO_RSA

-	j=1;

-	for (k=0; k<RSA_NUM; k++)

-		{

-		if (!rsa_doit[k]) continue;

-		if (j && !mr)

-			{

-			printf("%18ssign    verify    sign/s verify/s\n"," ");

-			j=0;

-			}

-		if(mr)

-			fprintf(stdout,"+F2:%u:%u:%f:%f\n",

-				k,rsa_bits[k],rsa_results[k][0],

-				rsa_results[k][1]);

-		else

-			fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",

-				rsa_bits[k],rsa_results[k][0],rsa_results[k][1],

-				1.0/rsa_results[k][0],1.0/rsa_results[k][1]);

-		}

-#endif

-#ifndef OPENSSL_NO_DSA

-	j=1;

-	for (k=0; k<DSA_NUM; k++)

-		{

-		if (!dsa_doit[k]) continue;

-		if (j && !mr)

-			{

-			printf("%18ssign    verify    sign/s verify/s\n"," ");

-			j=0;

-			}

-		if(mr)

-			fprintf(stdout,"+F3:%u:%u:%f:%f\n",

-				k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);

-		else

-			fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",

-				dsa_bits[k],dsa_results[k][0],dsa_results[k][1],

-				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);

-		}

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	j=1;

-	for (k=0; k<EC_NUM; k++)

-		{

-		if (!ecdsa_doit[k]) continue;

-		if (j && !mr)

-			{

-			printf("%30ssign    verify    sign/s verify/s\n"," ");

-			j=0;

-			}

-		if (mr)

-			fprintf(stdout,"+F4:%u:%u:%f:%f\n",

-				k, test_curves_bits[k],

-				ecdsa_results[k][0],ecdsa_results[k][1]);

-		else

-			fprintf(stdout,

-				"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",

-				test_curves_bits[k],

-				test_curves_names[k],

-				ecdsa_results[k][0],ecdsa_results[k][1],

-				1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);

-		}

-#endif

-#ifndef OPENSSL_NO_ECDH

-	j=1;

-	for (k=0; k<EC_NUM; k++)

-		{

-		if (!ecdh_doit[k]) continue;

-		if (j && !mr)

-			{

-			printf("%30sop      op/s\n"," ");

-			j=0;

-			}

-		if (mr)

-			fprintf(stdout,"+F5:%u:%u:%f:%f\n",

-				k, test_curves_bits[k],

-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);

-		else

-			fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",

-				test_curves_bits[k],

-				test_curves_names[k],

-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);

-		}

-#endif

-	mret=0;

-end:

-	ERR_print_errors(bio_err);

-	if (buf != NULL) OPENSSL_free(buf);

-	if (buf2 != NULL) OPENSSL_free(buf2);

-#ifndef OPENSSL_NO_RSA

-	for (i=0; i<RSA_NUM; i++)

-		if (rsa_key[i] != NULL)

-			RSA_free(rsa_key[i]);

-#endif

-#ifndef OPENSSL_NO_DSA

-	for (i=0; i<DSA_NUM; i++)

-		if (dsa_key[i] != NULL)

-			DSA_free(dsa_key[i]);

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	for (i=0; i<EC_NUM; i++)

-		if (ecdsa[i] != NULL)

-			EC_KEY_free(ecdsa[i]);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	for (i=0; i<EC_NUM; i++)

-	{

-		if (ecdh_a[i] != NULL)

-			EC_KEY_free(ecdh_a[i]);

-		if (ecdh_b[i] != NULL)

-			EC_KEY_free(ecdh_b[i]);

-	}

-#endif

-	apps_shutdown();

-	OPENSSL_EXIT(mret);

-	}

-static void print_message(const char *s, long num, int length)

-	{

-#ifdef SIGALRM

-	BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"

-		   : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);

-	(void)BIO_flush(bio_err);

-	alarm(SECONDS);

-#else

-	BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"

-		   : "Doing %s %ld times on %d size blocks: ",s,num,length);

-	(void)BIO_flush(bio_err);

-#endif

-#ifdef LINT

-	num=num;

-#endif

-	}

-static void pkey_print_message(const char *str, const char *str2, long num,

-	int bits, int tm)

-	{

-#ifdef SIGALRM

-	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"

-			   : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);

-	(void)BIO_flush(bio_err);

-	alarm(RSA_SECONDS);

-#else

-	BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"

-			   : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);

-	(void)BIO_flush(bio_err);

-#endif

-#ifdef LINT

-	num=num;

-#endif

-	}

-static void print_result(int alg,int run_no,int count,double time_used)

-	{

-	BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"

-		   : "%d %s's in %.2fs\n",count,names[alg],time_used);

-	results[alg][run_no]=((double)count)/time_used*lengths[run_no];

-	}

-#ifdef HAVE_FORK

-static char *sstrsep(char **string, const char *delim)

-    {

-    char isdelim[256];

-    char *token = *string;

-    if (**string == 0)

-        return NULL;

-    memset(isdelim, 0, sizeof isdelim);

-    isdelim[0] = 1;

-    while (*delim)

-        {

-        isdelim[(unsigned char)(*delim)] = 1;

-        delim++;

-        }

-    while (!isdelim[(unsigned char)(**string)])

-        {

-        (*string)++;

-        }

-    if (**string)

-        {

-        **string = 0;

-        (*string)++;

-        }

-    return token;

-    }

-static int do_multi(int multi)

-	{

-	int n;

-	int fd[2];

-	int *fds;

-	static char sep[]=":";

-	fds=malloc(multi*sizeof *fds);

-	for(n=0 ; n < multi ; ++n)

-		{

-		pipe(fd);

-		if(fork())

-			{

-			close(fd[1]);

-			fds[n]=fd[0];

-			}

-		else

-			{

-			close(fd[0]);

-			close(1);

-			dup(fd[1]);

-			close(fd[1]);

-			mr=1;

-			usertime=0;

-			return 0;

-			}

-		printf("Forked child %d\n",n);

-		}

-	/* for now, assume the pipe is long enough to take all the output */

-	for(n=0 ; n < multi ; ++n)

-		{

-		FILE *f;

-		char buf[1024];

-		char *p;

-		f=fdopen(fds[n],"r");

-		while(fgets(buf,sizeof buf,f))

-			{

-			p=strchr(buf,'\n');

-			if(p)

-				*p='\0';

-			if(buf[0] != '+')

-				{

-				fprintf(stderr,"Don't understand line '%s' from child %d\n",

-						buf,n);

-				continue;

-				}

-			printf("Got: %s from %d\n",buf,n);

-			if(!strncmp(buf,"+F:",3))

-				{

-				int alg;

-				int j;

-				p=buf+3;

-				alg=atoi(sstrsep(&p,sep));

-				sstrsep(&p,sep);

-				for(j=0 ; j < SIZE_NUM ; ++j)

-					results[alg][j]+=atof(sstrsep(&p,sep));

-				}

-			else if(!strncmp(buf,"+F2:",4))

-				{

-				int k;

-				double d;

-				p=buf+4;

-				k=atoi(sstrsep(&p,sep));

-				sstrsep(&p,sep);

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);

-				else

-					rsa_results[k][0]=d;

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);

-				else

-					rsa_results[k][1]=d;

-				}

-			else if(!strncmp(buf,"+F2:",4))

-				{

-				int k;

-				double d;

-				p=buf+4;

-				k=atoi(sstrsep(&p,sep));

-				sstrsep(&p,sep);

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);

-				else

-					rsa_results[k][0]=d;

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);

-				else

-					rsa_results[k][1]=d;

-				}

-			else if(!strncmp(buf,"+F3:",4))

-				{

-				int k;

-				double d;

-				p=buf+4;

-				k=atoi(sstrsep(&p,sep));

-				sstrsep(&p,sep);

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);

-				else

-					dsa_results[k][0]=d;

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);

-				else

-					dsa_results[k][1]=d;

-				}

-#ifndef OPENSSL_NO_ECDSA

-			else if(!strncmp(buf,"+F4:",4))

-				{

-				int k;

-				double d;

-				p=buf+4;

-				k=atoi(sstrsep(&p,sep));

-				sstrsep(&p,sep);

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);

-				else

-					ecdsa_results[k][0]=d;

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);

-				else

-					ecdsa_results[k][1]=d;

-				}

-#endif

-#ifndef OPENSSL_NO_ECDH

-			else if(!strncmp(buf,"+F5:",4))

-				{

-				int k;

-				double d;

-				p=buf+4;

-				k=atoi(sstrsep(&p,sep));

-				sstrsep(&p,sep);

-				d=atof(sstrsep(&p,sep));

-				if(n)

-					ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);

-				else

-					ecdh_results[k][0]=d;

-				}

-#endif

-			else if(!strncmp(buf,"+H:",3))

-				{

-				}

-			else

-				fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);

-			}

-		}

-	return 1;

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/apps/spkac.c

+++ /dev/null

@@ -1,308 +1,0 @@

-/* apps/spkac.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999. Based on an original idea by Massimiliano Pala

- * ([email protected]).

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <time.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/conf.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/lhash.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	spkac_main

-/* -in arg	- input file - default stdin

- * -out arg	- output file - default stdout

- */

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	int i,badops=0, ret = 1;

-	BIO *in = NULL,*out = NULL;

-	int verify=0,noout=0,pubkey=0;

-	char *infile = NULL,*outfile = NULL,*prog;

-	char *passargin = NULL, *passin = NULL;

-	const char *spkac = "SPKAC", *spksect = "default";

-	char *spkstr = NULL;

-	char *challenge = NULL, *keyfile = NULL;

-	CONF *conf = NULL;

-	NETSCAPE_SPKI *spki = NULL;

-	EVP_PKEY *pkey = NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	apps_startup();

-	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	prog=argv[0];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-challenge") == 0)

-			{

-			if (--argc < 1) goto bad;

-			challenge= *(++argv);

-			}

-		else if (strcmp(*argv,"-spkac") == 0)

-			{

-			if (--argc < 1) goto bad;

-			spkac= *(++argv);

-			}

-		else if (strcmp(*argv,"-spksect") == 0)

-			{

-			if (--argc < 1) goto bad;

-			spksect= *(++argv);

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-noout") == 0)

-			noout=1;

-		else if (strcmp(*argv,"-pubkey") == 0)

-			pubkey=1;

-		else if (strcmp(*argv,"-verify") == 0)

-			verify=1;

-		else badops = 1;

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		BIO_printf(bio_err,"%s [options]\n",prog);

-		BIO_printf(bio_err,"where options are\n");

-		BIO_printf(bio_err," -in arg        input file\n");

-		BIO_printf(bio_err," -out arg       output file\n");

-		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");

-		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");

-		BIO_printf(bio_err," -challenge arg challenge string\n");

-		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");

-		BIO_printf(bio_err," -noout         don't print SPKAC\n");

-		BIO_printf(bio_err," -pubkey        output public key\n");

-		BIO_printf(bio_err," -verify        verify SPKAC signature\n");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");

-#endif

-		goto end;

-		}

-	ERR_load_crypto_strings();

-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-	}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if(keyfile) {

-		pkey = load_key(bio_err,

-				strcmp(keyfile, "-") ? keyfile : NULL,

-				FORMAT_PEM, 1, passin, e, "private key");

-		if(!pkey) {

-			goto end;

-		}

-		spki = NETSCAPE_SPKI_new();

-		if(challenge) ASN1_STRING_set(spki->spkac->challenge,

-						 challenge, (int)strlen(challenge));

-		NETSCAPE_SPKI_set_pubkey(spki, pkey);

-		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());

-		spkstr = NETSCAPE_SPKI_b64_encode(spki);

-		if (outfile) out = BIO_new_file(outfile, "w");

-		else {

-			out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			    out = BIO_push(tmpbio, out);

-			}

-#endif

-		}

-		if(!out) {

-			BIO_printf(bio_err, "Error opening output file\n");

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-		BIO_printf(out, "SPKAC=%s\n", spkstr);

-		OPENSSL_free(spkstr);

-		ret = 0;

-		goto end;

-	}

-	if (infile) in = BIO_new_file(infile, "r");

-	else in = BIO_new_fp(stdin, BIO_NOCLOSE);

-	if(!in) {

-		BIO_printf(bio_err, "Error opening input file\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	conf = NCONF_new(NULL);

-	i = NCONF_load_bio(conf, in, NULL);

-	if(!i) {

-		BIO_printf(bio_err, "Error parsing config file\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	spkstr = NCONF_get_string(conf, spksect, spkac);

-	if(!spkstr) {

-		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);

-	if(!spki) {

-		BIO_printf(bio_err, "Error loading SPKAC\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	if (outfile) out = BIO_new_file(outfile, "w");

-	else {

-		out = BIO_new_fp(stdout, BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-		{

-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-		    out = BIO_push(tmpbio, out);

-		}

-#endif

-	}

-	if(!out) {

-		BIO_printf(bio_err, "Error opening output file\n");

-		ERR_print_errors(bio_err);

-		goto end;

-	}

-	if(!noout) NETSCAPE_SPKI_print(out, spki);

-	pkey = NETSCAPE_SPKI_get_pubkey(spki);

-	if(verify) {

-		i = NETSCAPE_SPKI_verify(spki, pkey);

-		if(i) BIO_printf(bio_err, "Signature OK\n");

-		else {

-			BIO_printf(bio_err, "Signature Failure\n");

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	}

-	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);

-	ret = 0;

-end:

-	NCONF_free(conf);

-	NETSCAPE_SPKI_free(spki);

-	BIO_free(in);

-	BIO_free_all(out);

-	EVP_PKEY_free(pkey);

-	if(passin) OPENSSL_free(passin);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/testCA.pem

+++ /dev/null

@@ -1,8 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX

-MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq

-hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL

-VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI

-hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S

-uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/apps/testdsa.h

+++ /dev/null

@@ -1,217 +1,0 @@

-/* NOCW */

-/* used by apps/speed.c */

-DSA *get_dsa512(void );

-DSA *get_dsa1024(void );

-DSA *get_dsa2048(void );

-static unsigned char dsa512_priv[] = {

-	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,

-	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,

-	};

-static unsigned char dsa512_pub[] = {

-	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,

-	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,

-	0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,

-	0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,

-	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,

-	0xbe,0xba,0x0a,0x6b,0xc8,

-	};

-static unsigned char dsa512_p[]={

-	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,

-	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,

-	0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,

-	0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,

-	0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,

-	0xA2,0x76,0x7D,0x31,

-	};

-static unsigned char dsa512_q[]={

-	0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,

-	0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,

-	};

-static unsigned char dsa512_g[]={

-	0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,

-	0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,

-	0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,

-	0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,

-	0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,

-	0xA2,0x03,0x9D,0x20,

-	};

-DSA *get_dsa512()

-	{

-	DSA *dsa;

-	if ((dsa=DSA_new()) == NULL) return(NULL);

-	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);

-	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);

-	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);

-	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);

-	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);

-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||

-				(dsa->q == NULL) || (dsa->g == NULL))

-		return(NULL);

-	return(dsa);

-	}

-static unsigned char dsa1024_priv[]={

-	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,

-	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,

-	};

-static unsigned char dsa1024_pub[]={

-	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,

-	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,

-	0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,

-	0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,

-	0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,

-	0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,

-	0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,

-	0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,

-	0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,

-	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,

-	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b

-	};

-static unsigned char dsa1024_p[]={

-	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,

-	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,

-	0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,

-	0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,

-	0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,

-	0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,

-	0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,

-	0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,

-	0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,

-	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,

-	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,

-	};

-static unsigned char dsa1024_q[]={

-	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,

-	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,

-	};

-static unsigned char dsa1024_g[]={

-	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,

-	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,

-	0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,

-	0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,

-	0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,

-	0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,

-	0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,

-	0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,

-	0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,

-	0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,

-	0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,

-	};

-DSA *get_dsa1024()

-	{

-	DSA *dsa;

-	if ((dsa=DSA_new()) == NULL) return(NULL);

-	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);

-	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);

-	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);

-	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);

-	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);

-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||

-				(dsa->q == NULL) || (dsa->g == NULL))

-		return(NULL);

-	return(dsa);

-	}

-static unsigned char dsa2048_priv[]={

-	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,

-	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,

-	};

-static unsigned char dsa2048_pub[]={

-	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,

-	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,

-	0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,

-	0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,

-	0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,

-	0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,

-	0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,

-	0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,

-	0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,

-	0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,

-	0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,

-	0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,

-	0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,

-	0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,

-	0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,

-	0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,

-	0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,

-	0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,

-	0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,

-	0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,

-	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,

-	0x8b,0x33,0xb7,0xce,

-	};

-static unsigned char dsa2048_p[]={

-	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,

-	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,

-	0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,

-	0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,

-	0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,

-	0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,

-	0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,

-	0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,

-	0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,

-	0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,

-	0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,

-	0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,

-	0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,

-	0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,

-	0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,

-	0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,

-	0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,

-	0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,

-	0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,

-	0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,

-	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,

-	0xF8,0x68,0xCF,0x9B,

-	};

-static unsigned char dsa2048_q[]={

-	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,

-	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,

-	};

-static unsigned char dsa2048_g[]={

-	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,

-	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,

-	0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,

-	0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,

-	0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,

-	0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,

-	0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,

-	0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,

-	0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,

-	0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,

-	0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,

-	0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,

-	0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,

-	0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,

-	0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,

-	0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,

-	0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,

-	0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,

-	0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,

-	0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,

-	0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,

-	0xF8,0xB2,0xE5,0x38,

-	};

-DSA *get_dsa2048()

-	{

-	DSA *dsa;

-	if ((dsa=DSA_new()) == NULL) return(NULL);

-	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);

-	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);

-	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);

-	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);

-	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);

-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||

-				(dsa->q == NULL) || (dsa->g == NULL))

-		return(NULL);

-	return(dsa);

-	}

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-static int rnd_fake = 0;

--- a/sys/src/ape/lib/openssl/apps/testrsa.h

+++ /dev/null

@@ -1,518 +1,0 @@

-/* apps/testrsa.h */

-/* used by apps/speed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-static unsigned char test512[]={

-	0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,

-	0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,

-	0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,

-	0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,

-	0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,

-	0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,

-	0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,

-	0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,

-	0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,

-	0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,

-	0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,

-	0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,

-	0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,

-	0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,

-	0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,

-	0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,

-	0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,

-	0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,

-	0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,

-	0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,

-	0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,

-	0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,

-	0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,

-	0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,

-	0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,

-	0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,

-	0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,

-	0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,

-	0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,

-	0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,

-	0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,

-	0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,

-	};

-static unsigned char test1024[]={

-	0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,

-	0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,

-	0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,

-	0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,

-	0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,

-	0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,

-	0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,

-	0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,

-	0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,

-	0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,

-	0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,

-	0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,

-	0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,

-	0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,

-	0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,

-	0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,

-	0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,

-	0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,

-	0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,

-	0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,

-	0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,

-	0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,

-	0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,

-	0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,

-	0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,

-	0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,

-	0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,

-	0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,

-	0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,

-	0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,

-	0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,

-	0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,

-	0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,

-	0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,

-	0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,

-	0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,

-	0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,

-	0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,

-	0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,

-	0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,

-	0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,

-	0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,

-	0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,

-	0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,

-	0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,

-	0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,

-	0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,

-	0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,

-	0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,

-	0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,

-	0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,

-	0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,

-	0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,

-	0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,

-	0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,

-	0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,

-	0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,

-	0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,

-	0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,

-	0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,

-	0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,

-	};

-static unsigned char test2048[]={

-	0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,

-	0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,

-	0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,

-	0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,

-	0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,

-	0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,

-	0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,

-	0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,

-	0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,

-	0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,

-	0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,

-	0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,

-	0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,

-	0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,

-	0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,

-	0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,

-	0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,

-	0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,

-	0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,

-	0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,

-	0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,

-	0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,

-	0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,

-	0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,

-	0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,

-	0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,

-	0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,

-	0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,

-	0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,

-	0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,

-	0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,

-	0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,

-	0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,

-	0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,

-	0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,

-	0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,

-	0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,

-	0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,

-	0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,

-	0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,

-	0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,

-	0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,

-	0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,

-	0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,

-	0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,

-	0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,

-	0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,

-	0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,

-	0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,

-	0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,

-	0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,

-	0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,

-	0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,

-	0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,

-	0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,

-	0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,

-	0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,

-	0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,

-	0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,

-	0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,

-	0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,

-	0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,

-	0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,

-	0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,

-	0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,

-	0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,

-	0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,

-	0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,

-	0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,

-	0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,

-	0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,

-	0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,

-	0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,

-	0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,

-	0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,

-	0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,

-	0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,

-	0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,

-	0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,

-	0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,

-	0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,

-	0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,

-	0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,

-	0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,

-	0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,

-	0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,

-	0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,

-	0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,

-	0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,

-	0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,

-	0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,

-	0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,

-	0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,

-	0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,

-	0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,

-	0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,

-	0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,

-	0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,

-	0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,

-	0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,

-	0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,

-	0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,

-	0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,

-	0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,

-	0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,

-	0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,

-	0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,

-	0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,

-	0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,

-	0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,

-	0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,

-	0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,

-	0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,

-	0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,

-	0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,

-	0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,

-	0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,

-	0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,

-	0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,

-	0x95,

-	};

-static unsigned char test4096[]={

-	0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,

-	0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,

-	0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,

-	0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,

-	0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,

-	0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,

-	0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,

-	0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,

-	0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,

-	0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,

-	0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,

-	0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,

-	0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,

-	0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,

-	0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,

-	0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,

-	0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,

-	0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,

-	0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,

-	0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,

-	0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,

-	0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,

-	0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,

-	0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,

-	0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,

-	0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,

-	0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,

-	0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,

-	0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,

-	0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,

-	0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,

-	0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,

-	0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,

-	0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,

-	0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,

-	0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,

-	0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,

-	0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,

-	0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,

-	0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,

-	0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,

-	0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,

-	0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,

-	0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,

-	0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,

-	0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,

-	0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,

-	0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,

-	0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,

-	0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,

-	0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,

-	0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,

-	0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,

-	0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,

-	0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,

-	0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,

-	0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,

-	0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,

-	0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,

-	0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,

-	0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,

-	0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,

-	0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,

-	0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,

-	0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,

-	0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,

-	0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,

-	0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,

-	0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,

-	0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,

-	0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,

-	0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,

-	0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,

-	0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,

-	0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,

-	0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,

-	0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,

-	0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,

-	0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,

-	0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,

-	0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,

-	0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,

-	0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,

-	0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,

-	0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,

-	0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,

-	0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,

-	0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,

-	0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,

-	0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,

-	0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,

-	0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,

-	0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,

-	0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,

-	0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,

-	0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,

-	0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,

-	0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,

-	0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,

-	0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,

-	0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,

-	0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,

-	0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,

-	0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,

-	0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,

-	0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,

-	0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,

-	0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,

-	0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,

-	0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,

-	0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,

-	0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,

-	0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,

-	0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,

-	0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,

-	0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,

-	0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,

-	0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,

-	0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,

-	0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,

-	0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,

-	0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,

-	0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,

-	0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,

-	0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,

-	0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,

-	0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,

-	0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,

-	0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,

-	0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,

-	0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,

-	0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,

-	0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,

-	0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,

-	0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,

-	0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,

-	0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,

-	0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,

-	0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,

-	0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,

-	0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,

-	0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,

-	0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,

-	0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,

-	0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,

-	0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,

-	0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,

-	0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,

-	0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,

-	0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,

-	0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,

-	0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,

-	0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,

-	0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,

-	0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,

-	0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,

-	0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,

-	0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,

-	0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,

-	0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,

-	0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,

-	0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,

-	0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,

-	0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,

-	0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,

-	0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,

-	0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,

-	0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,

-	0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,

-	0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,

-	0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,

-	0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,

-	0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,

-	0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,

-	0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,

-	0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,

-	0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,

-	0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,

-	0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,

-	0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,

-	0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,

-	0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,

-	0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,

-	0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,

-	0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,

-	0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,

-	0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,

-	0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,

-	0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,

-	0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,

-	0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,

-	0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,

-	0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,

-	0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,

-	0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,

-	0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,

-	0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,

-	0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,

-	0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,

-	0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,

-	0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,

-	0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,

-	0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,

-	0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,

-	0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,

-	0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,

-	0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,

-	0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,

-	0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,

-	0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,

-	0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,

-	0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,

-	0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,

-	0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,

-	0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,

-	0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,

-	0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,

-	0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,

-	0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,

-	0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,

-	0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,

-	0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,

-	0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,

-	0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,

-	0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,

-	0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,

-	0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,

-	0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,

-	0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,

-	0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,

-	0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,

-	0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,

-	0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,

-	0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,

-	0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,

-	};

--- a/sys/src/ape/lib/openssl/apps/timeouts.h

+++ /dev/null

@@ -1,67 +1,0 @@

-/* apps/timeouts.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef INCLUDED_TIMEOUTS_H

-#define INCLUDED_TIMEOUTS_H

-/* numbers in us */

-#define DGRAM_RCV_TIMEOUT         250000

-#define DGRAM_SND_TIMEOUT         250000

-#endif /* ! INCLUDED_TIMEOUTS_H */

--- a/sys/src/ape/lib/openssl/apps/verify.c

+++ /dev/null

@@ -1,370 +1,0 @@

-/* apps/verify.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/pem.h>

-#undef PROG

-#define PROG	verify_main

-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);

-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);

-static STACK_OF(X509) *load_untrusted(char *file);

-static int v_verbose=0, vflags = 0;

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	int i,ret=1, badarg = 0;

-	int purpose = -1;

-	char *CApath=NULL,*CAfile=NULL;

-	char *untfile = NULL, *trustfile = NULL;

-	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;

-	X509_STORE *cert_ctx=NULL;

-	X509_LOOKUP *lookup=NULL;

-	X509_VERIFY_PARAM *vpm = NULL;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	cert_ctx=X509_STORE_new();

-	if (cert_ctx == NULL) goto end;

-	X509_STORE_set_verify_cb_func(cert_ctx,cb);

-	ERR_load_crypto_strings();

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	argc--;

-	argv++;

-	for (;;)

-		{

-		if (argc >= 1)

-			{

-			if (strcmp(*argv,"-CApath") == 0)

-				{

-				if (argc-- < 1) goto end;

-				CApath= *(++argv);

-				}

-			else if (strcmp(*argv,"-CAfile") == 0)

-				{

-				if (argc-- < 1) goto end;

-				CAfile= *(++argv);

-				}

-			else if (args_verify(&argv, &argc, &badarg, bio_err,

-									&vpm))

-				{

-				if (badarg)

-					goto end;

-				continue;

-				}

-			else if (strcmp(*argv,"-untrusted") == 0)

-				{

-				if (argc-- < 1) goto end;

-				untfile= *(++argv);

-				}

-			else if (strcmp(*argv,"-trusted") == 0)

-				{

-				if (argc-- < 1) goto end;

-				trustfile= *(++argv);

-				}

-#ifndef OPENSSL_NO_ENGINE

-			else if (strcmp(*argv,"-engine") == 0)

-				{

-				if (--argc < 1) goto end;

-				engine= *(++argv);

-				}

-#endif

-			else if (strcmp(*argv,"-help") == 0)

-				goto end;

-			else if (strcmp(*argv,"-verbose") == 0)

-				v_verbose=1;

-			else if (argv[0][0] == '-')

-				goto end;

-			else

-				break;

-			argc--;

-			argv++;

-			}

-		else

-			break;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (vpm)

-		X509_STORE_set1_param(cert_ctx, vpm);

-	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());

-	if (lookup == NULL) abort();

-	if (CAfile) {

-		i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);

-		if(!i) {

-			BIO_printf(bio_err, "Error loading file %s\n", CAfile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);

-	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());

-	if (lookup == NULL) abort();

-	if (CApath) {

-		i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);

-		if(!i) {

-			BIO_printf(bio_err, "Error loading directory %s\n", CApath);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

-	ERR_clear_error();

-	if(untfile) {

-		if(!(untrusted = load_untrusted(untfile))) {

-			BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	}

-	if(trustfile) {

-		if(!(trusted = load_untrusted(trustfile))) {

-			BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);

-			ERR_print_errors(bio_err);

-			goto end;

-		}

-	}

-	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);

-	else

-		for (i=0; i<argc; i++)

-			check(cert_ctx,argv[i], untrusted, trusted, purpose, e);

-	ret=0;

-end:

-	if (ret == 1) {

-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");

-#ifndef OPENSSL_NO_ENGINE

-		BIO_printf(bio_err," [-engine e]");

-#endif

-		BIO_printf(bio_err," cert1 cert2 ...\n");

-		BIO_printf(bio_err,"recognized usages:\n");

-		for(i = 0; i < X509_PURPOSE_get_count(); i++) {

-			X509_PURPOSE *ptmp;

-			ptmp = X509_PURPOSE_get0(i);

-			BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),

-								X509_PURPOSE_get0_name(ptmp));

-		}

-	}

-	if (vpm) X509_VERIFY_PARAM_free(vpm);

-	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);

-	sk_X509_pop_free(untrusted, X509_free);

-	sk_X509_pop_free(trusted, X509_free);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)

-	{

-	X509 *x=NULL;

-	int i=0,ret=0;

-	X509_STORE_CTX *csc;

-	x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");

-	if (x == NULL)

-		goto end;

-	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);

-	csc = X509_STORE_CTX_new();

-	if (csc == NULL)

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	X509_STORE_set_flags(ctx, vflags);

-	if(!X509_STORE_CTX_init(csc,ctx,x,uchain))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);

-	if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);

-	i=X509_verify_cert(csc);

-	X509_STORE_CTX_free(csc);

-	ret=0;

-end:

-	if (i)

-		{

-		fprintf(stdout,"OK\n");

-		ret=1;

-		}

-	else

-		ERR_print_errors(bio_err);

-	if (x != NULL) X509_free(x);

-	return(ret);

-	}

-static STACK_OF(X509) *load_untrusted(char *certfile)

-{

-	STACK_OF(X509_INFO) *sk=NULL;

-	STACK_OF(X509) *stack=NULL, *ret=NULL;

-	BIO *in=NULL;

-	X509_INFO *xi;

-	if(!(stack = sk_X509_new_null())) {

-		BIO_printf(bio_err,"memory allocation failure\n");

-		goto end;

-	}

-	if(!(in=BIO_new_file(certfile, "r"))) {

-		BIO_printf(bio_err,"error opening the file, %s\n",certfile);

-		goto end;

-	}

-	/* This loads from a file, a stack of x509/crl/pkey sets */

-	if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {

-		BIO_printf(bio_err,"error reading the file, %s\n",certfile);

-		goto end;

-	}

-	/* scan over it and pull out the certs */

-	while (sk_X509_INFO_num(sk))

-		{

-		xi=sk_X509_INFO_shift(sk);

-		if (xi->x509 != NULL)

-			{

-			sk_X509_push(stack,xi->x509);

-			xi->x509=NULL;

-			}

-		X509_INFO_free(xi);

-		}

-	if(!sk_X509_num(stack)) {

-		BIO_printf(bio_err,"no certificates in file, %s\n",certfile);

-		sk_X509_free(stack);

-		goto end;

-	}

-	ret=stack;

-end:

-	BIO_free(in);

-	sk_X509_INFO_free(sk);

-	return(ret);

-	}

-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)

-	{

-	char buf[256];

-	if (!ok)

-		{

-		if (ctx->current_cert)

-			{

-			X509_NAME_oneline(

-				X509_get_subject_name(ctx->current_cert),buf,

-				sizeof buf);

-			printf("%s\n",buf);

-			}

-		printf("error %d at %d depth lookup:%s\n",ctx->error,

-			ctx->error_depth,

-			X509_verify_cert_error_string(ctx->error));

-		if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;

-		/* since we are just checking the certificates, it is

-		 * ok if they are self signed. But we should still warn

-		 * the user.

- 		 */

-		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;

-		/* Continue after extension errors too */

-		if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;

-		if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;

-		if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;

-		if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;

-		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;

-		if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;

-		if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;

-		if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;

-		if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)

-			policies_print(NULL, ctx);

-		return ok;

-		}

-	if ((ctx->error == X509_V_OK) && (ok == 2))

-		policies_print(NULL, ctx);

-	if (!v_verbose)

-		ERR_clear_error();

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/apps/version.c

+++ /dev/null

@@ -1,217 +1,0 @@

-/* apps/version.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "apps.h"

-#include <openssl/evp.h>

-#include <openssl/crypto.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_MD2

-# include <openssl/md2.h>

-#endif

-#ifndef OPENSSL_NO_RC4

-# include <openssl/rc4.h>

-#endif

-#ifndef OPENSSL_NO_DES

-# include <openssl/des.h>

-#endif

-#ifndef OPENSSL_NO_IDEA

-# include <openssl/idea.h>

-#endif

-#ifndef OPENSSL_NO_BF

-# include <openssl/blowfish.h>

-#endif

-#undef PROG

-#define PROG	version_main

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	int i,ret=0;

-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (argc == 1) version=1;

-	for (i=1; i<argc; i++)

-		{

-		if (strcmp(argv[i],"-v") == 0)

-			version=1;

-		else if (strcmp(argv[i],"-b") == 0)

-			date=1;

-		else if (strcmp(argv[i],"-f") == 0)

-			cflags=1;

-		else if (strcmp(argv[i],"-o") == 0)

-			options=1;

-		else if (strcmp(argv[i],"-p") == 0)

-			platform=1;

-		else if (strcmp(argv[i],"-d") == 0)

-			dir=1;

-		else if (strcmp(argv[i],"-a") == 0)

-			date=version=cflags=options=platform=dir=1;

-		else

-			{

-			BIO_printf(bio_err,"usage:version -[avbofp]\n");

-			ret=1;

-			goto end;

-			}

-		}

-	if (version)

-		{

-		if (SSLeay() == SSLEAY_VERSION_NUMBER)

-			{

-			printf("%s\n",SSLeay_version(SSLEAY_VERSION));

-			}

-		else

-			{

-			printf("%s (Library: %s)\n",

-				OPENSSL_VERSION_TEXT,

-				SSLeay_version(SSLEAY_VERSION));

-			}

-		}

-	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));

-	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));

-	if (options)

-		{

-		printf("options:  ");

-		printf("%s ",BN_options());

-#ifndef OPENSSL_NO_MD2

-		printf("%s ",MD2_options());

-#endif

-#ifndef OPENSSL_NO_RC4

-		printf("%s ",RC4_options());

-#endif

-#ifndef OPENSSL_NO_DES

-		printf("%s ",DES_options());

-#endif

-#ifndef OPENSSL_NO_IDEA

-		printf("%s ",idea_options());

-#endif

-#ifndef OPENSSL_NO_BF

-		printf("%s ",BF_options());

-#endif

-		printf("\n");

-		}

-	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));

-	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));

-end:

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/apps/winrand.c

+++ /dev/null

@@ -1,148 +1,0 @@

-/* apps/winrand.c */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Usage: winrand [filename]

- *

- * Collects entropy from mouse movements and other events and writes

- * random data to filename or .rnd

- */

-#include <windows.h>

-#include <openssl/opensslv.h>

-#include <openssl/rand.h>

-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);

-const char *filename;

-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,

-        PSTR cmdline, int iCmdShow)

-	{

-	static char appname[] = "OpenSSL";

-	HWND hwnd;

-	MSG msg;

-	WNDCLASSEX wndclass;

-        char buffer[200];

-        if (cmdline[0] == '\0')

-                filename = RAND_file_name(buffer, sizeof buffer);

-        else

-                filename = cmdline;

-        RAND_load_file(filename, -1);

-	wndclass.cbSize = sizeof(wndclass);

-	wndclass.style = CS_HREDRAW | CS_VREDRAW;

-	wndclass.lpfnWndProc = WndProc;

-	wndclass.cbClsExtra = 0;

-	wndclass.cbWndExtra = 0;

-	wndclass.hInstance = hInstance;

-	wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);

-	wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);

-	wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);

-	wndclass.lpszMenuName = NULL;

-        wndclass.lpszClassName = appname;

-	wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);

-	RegisterClassEx(&wndclass);

-        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,

-		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,

-		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);

-	ShowWindow(hwnd, iCmdShow);

-	UpdateWindow(hwnd);

-	while (GetMessage(&msg, NULL, 0, 0))

-		{

-		TranslateMessage(&msg);

-		DispatchMessage(&msg);

-		}

-	return msg.wParam;

-	}

-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)

-	{

-        HDC hdc;

-	PAINTSTRUCT ps;

-        RECT rect;

-        static int seeded = 0;

-	switch (iMsg)

-		{

-	case WM_PAINT:

-		hdc = BeginPaint(hwnd, &ps);

-		GetClientRect(hwnd, &rect);

-                DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,

-			&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);

-		EndPaint(hwnd, &ps);

-		return 0;

-        case WM_DESTROY:

-                PostQuitMessage(0);

-                return 0;

-                }

-        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)

-                {

-                seeded = 1;

-                if (RAND_write_file(filename) <= 0)

-                        MessageBox(hwnd, "Couldn't write random file!",

-				"OpenSSL", MB_OK | MB_ICONERROR);

-                PostQuitMessage(0);

-                }

-	return DefWindowProc(hwnd, iMsg, wParam, lParam);

-	}

--- a/sys/src/ape/lib/openssl/apps/x509.c

+++ /dev/null

@@ -1,1278 +1,0 @@

-/* apps/x509.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#ifdef OPENSSL_NO_STDIO

-#define APPS_WIN16

-#endif

-#include "apps.h"

-#include <openssl/bio.h>

-#include <openssl/asn1.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/objects.h>

-#include <openssl/pem.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#undef PROG

-#define PROG x509_main

-#undef POSTFIX

-#define	POSTFIX	".srl"

-#define DEF_DAYS	30

-static const char *x509_usage[]={

-"usage: x509 args\n",

-" -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",

-" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",

-" -keyform arg    - private key format - default PEM\n",

-" -CAform arg     - CA format - default PEM\n",

-" -CAkeyform arg  - CA key format - default PEM\n",

-" -in arg         - input file - default stdin\n",

-" -out arg        - output file - default stdout\n",

-" -passin arg     - private key password source\n",

-" -serial         - print serial number value\n",

-" -subject_hash   - print subject hash value\n",

-" -issuer_hash    - print issuer hash value\n",

-" -hash           - synonym for -subject_hash\n",

-" -subject        - print subject DN\n",

-" -issuer         - print issuer DN\n",

-" -email          - print email address(es)\n",

-" -startdate      - notBefore field\n",

-" -enddate        - notAfter field\n",

-" -purpose        - print out certificate purposes\n",

-" -dates          - both Before and After dates\n",

-" -modulus        - print the RSA key modulus\n",

-" -pubkey         - output the public key\n",

-" -fingerprint    - print the certificate fingerprint\n",

-" -alias          - output certificate alias\n",

-" -noout          - no certificate output\n",

-" -ocspid         - print OCSP hash values for the subject name and public key\n",

-" -trustout       - output a \"trusted\" certificate\n",

-" -clrtrust       - clear all trusted purposes\n",

-" -clrreject      - clear all rejected purposes\n",

-" -addtrust arg   - trust certificate for a given purpose\n",

-" -addreject arg  - reject certificate for a given purpose\n",

-" -setalias arg   - set certificate alias\n",

-" -days arg       - How long till expiry of a signed certificate - def 30 days\n",

-" -checkend arg   - check whether the cert expires in the next arg seconds\n",

-"                   exit 1 if so, 0 if not\n",

-" -signkey arg    - self sign cert with arg\n",

-" -x509toreq      - output a certification request object\n",

-" -req            - input is a certificate request, sign and output.\n",

-" -CA arg         - set the CA certificate, must be PEM format.\n",

-" -CAkey arg      - set the CA key, must be PEM format\n",

-"                   missing, it is assumed to be in the CA file.\n",

-" -CAcreateserial - create serial number file if it does not exist\n",

-" -CAserial arg   - serial file\n",

-" -set_serial     - serial number to use\n",

-" -text           - print the certificate in text form\n",

-" -C              - print out C code forms\n",

-" -md2/-md5/-sha1/-mdc2 - digest to use\n",

-" -extfile        - configuration file with X509V3 extensions to add\n",

-" -extensions     - section from config file with X509V3 extensions to add\n",

-" -clrext         - delete extensions before signing and input certificate\n",

-" -nameopt arg    - various certificate name options\n",

-#ifndef OPENSSL_NO_ENGINE

-" -engine e       - use engine e, possibly a hardware device.\n",

-#endif

-" -certopt arg    - various certificate text options\n",

-NULL

-};

-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);

-static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,

-						CONF *conf, char *section);

-static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,

-			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,

-			 int create,int days, int clrext, CONF *conf, char *section,

-						ASN1_INTEGER *sno);

-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);

-static int reqfile=0;

-int MAIN(int, char **);

-int MAIN(int argc, char **argv)

-	{

-	ENGINE *e = NULL;

-	int ret=1;

-	X509_REQ *req=NULL;

-	X509 *x=NULL,*xca=NULL;

-	ASN1_OBJECT *objtmp;

-	EVP_PKEY *Upkey=NULL,*CApkey=NULL;

-	ASN1_INTEGER *sno = NULL;

-	int i,num,badops=0;

-	BIO *out=NULL;

-	BIO *STDout=NULL;

-	STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;

-	int informat,outformat,keyformat,CAformat,CAkeyformat;

-	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;

-	char *CAkeyfile=NULL,*CAserial=NULL;

-	char *alias=NULL;

-	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;

-	int next_serial=0;

-	int subject_hash=0,issuer_hash=0,ocspid=0;

-	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;

-	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;

-	int C=0;

-	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;

-	int pprint = 0;

-	const char **pp;

-	X509_STORE *ctx=NULL;

-	X509_REQ *rq=NULL;

-	int fingerprint=0;

-	char buf[256];

-	const EVP_MD *md_alg,*digest=EVP_sha1();

-	CONF *extconf = NULL;

-	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;

-	int need_rand = 0;

-	int checkend=0,checkoffset=0;

-	unsigned long nmflag = 0, certflag = 0;

-#ifndef OPENSSL_NO_ENGINE

-	char *engine=NULL;

-#endif

-	reqfile=0;

-	apps_startup();

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	if (!load_config(bio_err, NULL))

-		goto end;

-	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-	{

-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-	STDout = BIO_push(tmpbio, STDout);

-	}

-#endif

-	informat=FORMAT_PEM;

-	outformat=FORMAT_PEM;

-	keyformat=FORMAT_PEM;

-	CAformat=FORMAT_PEM;

-	CAkeyformat=FORMAT_PEM;

-	ctx=X509_STORE_new();

-	if (ctx == NULL) goto end;

-	X509_STORE_set_verify_cb_func(ctx,callb);

-	argc--;

-	argv++;

-	num=0;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-inform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			informat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-outform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-keyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-req") == 0)

-			{

-			reqfile=1;

-			need_rand = 1;

-			}

-		else if (strcmp(*argv,"-CAform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-CAkeyform") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAkeyformat=str2fmt(*(++argv));

-			}

-		else if (strcmp(*argv,"-days") == 0)

-			{

-			if (--argc < 1) goto bad;

-			days=atoi(*(++argv));

-			if (days == 0)

-				{

-				BIO_printf(STDout,"bad number of days\n");

-				goto bad;

-				}

-			}

-		else if (strcmp(*argv,"-passin") == 0)

-			{

-			if (--argc < 1) goto bad;

-			passargin= *(++argv);

-			}

-		else if (strcmp(*argv,"-extfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			extfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-extensions") == 0)

-			{

-			if (--argc < 1) goto bad;

-			extsect= *(++argv);

-			}

-		else if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-signkey") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keyfile= *(++argv);

-			sign_flag= ++num;

-			need_rand = 1;

-			}

-		else if (strcmp(*argv,"-CA") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAfile= *(++argv);

-			CA_flag= ++num;

-			need_rand = 1;

-			}

-		else if (strcmp(*argv,"-CAkey") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAkeyfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-CAserial") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAserial= *(++argv);

-			}

-		else if (strcmp(*argv,"-set_serial") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))

-				goto bad;

-			}

-		else if (strcmp(*argv,"-addtrust") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))

-				{

-				BIO_printf(bio_err,

-					"Invalid trust object value %s\n", *argv);

-				goto bad;

-				}

-			if (!trust) trust = sk_ASN1_OBJECT_new_null();

-			sk_ASN1_OBJECT_push(trust, objtmp);

-			trustout = 1;

-			}

-		else if (strcmp(*argv,"-addreject") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))

-				{

-				BIO_printf(bio_err,

-					"Invalid reject object value %s\n", *argv);

-				goto bad;

-				}

-			if (!reject) reject = sk_ASN1_OBJECT_new_null();

-			sk_ASN1_OBJECT_push(reject, objtmp);

-			trustout = 1;

-			}

-		else if (strcmp(*argv,"-setalias") == 0)

-			{

-			if (--argc < 1) goto bad;

-			alias= *(++argv);

-			trustout = 1;

-			}

-		else if (strcmp(*argv,"-certopt") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!set_cert_ex(&certflag, *(++argv))) goto bad;

-			}

-		else if (strcmp(*argv,"-nameopt") == 0)

-			{

-			if (--argc < 1) goto bad;

-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;

-			}

-#ifndef OPENSSL_NO_ENGINE

-		else if (strcmp(*argv,"-engine") == 0)

-			{

-			if (--argc < 1) goto bad;

-			engine= *(++argv);

-			}

-#endif

-		else if (strcmp(*argv,"-C") == 0)

-			C= ++num;

-		else if (strcmp(*argv,"-email") == 0)

-			email= ++num;

-		else if (strcmp(*argv,"-serial") == 0)

-			serial= ++num;

-		else if (strcmp(*argv,"-next_serial") == 0)

-			next_serial= ++num;

-		else if (strcmp(*argv,"-modulus") == 0)

-			modulus= ++num;

-		else if (strcmp(*argv,"-pubkey") == 0)

-			pubkey= ++num;

-		else if (strcmp(*argv,"-x509toreq") == 0)

-			x509req= ++num;

-		else if (strcmp(*argv,"-text") == 0)

-			text= ++num;

-		else if (strcmp(*argv,"-hash") == 0

-			|| strcmp(*argv,"-subject_hash") == 0)

-			subject_hash= ++num;

-		else if (strcmp(*argv,"-issuer_hash") == 0)

-			issuer_hash= ++num;

-		else if (strcmp(*argv,"-subject") == 0)

-			subject= ++num;

-		else if (strcmp(*argv,"-issuer") == 0)

-			issuer= ++num;

-		else if (strcmp(*argv,"-fingerprint") == 0)

-			fingerprint= ++num;

-		else if (strcmp(*argv,"-dates") == 0)

-			{

-			startdate= ++num;

-			enddate= ++num;

-			}

-		else if (strcmp(*argv,"-purpose") == 0)

-			pprint= ++num;

-		else if (strcmp(*argv,"-startdate") == 0)

-			startdate= ++num;

-		else if (strcmp(*argv,"-enddate") == 0)

-			enddate= ++num;

-		else if (strcmp(*argv,"-checkend") == 0)

-			{

-			if (--argc < 1) goto bad;

-			checkoffset=atoi(*(++argv));

-			checkend=1;

-			}

-		else if (strcmp(*argv,"-noout") == 0)

-			noout= ++num;

-		else if (strcmp(*argv,"-trustout") == 0)

-			trustout= 1;

-		else if (strcmp(*argv,"-clrtrust") == 0)

-			clrtrust= ++num;

-		else if (strcmp(*argv,"-clrreject") == 0)

-			clrreject= ++num;

-		else if (strcmp(*argv,"-alias") == 0)

-			aliasout= ++num;

-		else if (strcmp(*argv,"-CAcreateserial") == 0)

-			CA_createserial= ++num;

-		else if (strcmp(*argv,"-clrext") == 0)

-			clrext = 1;

-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */

-		else if (strcmp(*argv,"-crlext") == 0)

-			{

-			BIO_printf(bio_err,"use -clrext instead of -crlext\n");

-			clrext = 1;

-			}

-#endif

-		else if (strcmp(*argv,"-ocspid") == 0)

-			ocspid= ++num;

-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))

-			{

-			/* ok */

-			digest=md_alg;

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		for (pp=x509_usage; (*pp != NULL); pp++)

-			BIO_printf(bio_err,"%s",*pp);

-		goto end;

-		}

-#ifndef OPENSSL_NO_ENGINE

-        e = setup_engine(bio_err, engine, 0);

-#endif

-	if (need_rand)

-		app_RAND_load_file(NULL, bio_err, 0);

-	ERR_load_crypto_strings();

-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))

-		{

-		BIO_printf(bio_err, "Error getting password\n");

-		goto end;

-		}

-	if (!X509_STORE_set_default_paths(ctx))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))

-		{ CAkeyfile=CAfile; }

-	else if ((CA_flag) && (CAkeyfile == NULL))

-		{

-		BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");

-		goto end;

-		}

-	if (extfile)

-		{

-		long errorline = -1;

-		X509V3_CTX ctx2;

-		extconf = NCONF_new(NULL);

-		if (!NCONF_load(extconf, extfile,&errorline))

-			{

-			if (errorline <= 0)

-				BIO_printf(bio_err,

-					"error loading the config file '%s'\n",

-								extfile);

-                	else

-                        	BIO_printf(bio_err,

-				       "error on line %ld of config file '%s'\n"

-							,errorline,extfile);

-			goto end;

-			}

-		if (!extsect)

-			{

-			extsect = NCONF_get_string(extconf, "default", "extensions");

-			if (!extsect)

-				{

-				ERR_clear_error();

-				extsect = "default";

-				}

-			}

-		X509V3_set_ctx_test(&ctx2);

-		X509V3_set_nconf(&ctx2, extconf);

-		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))

-			{

-			BIO_printf(bio_err,

-				"Error Loading extension section %s\n",

-								 extsect);

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		}

-	if (reqfile)

-		{

-		EVP_PKEY *pkey;

-		X509_CINF *ci;

-		BIO *in;

-		if (!sign_flag && !CA_flag)

-			{

-			BIO_printf(bio_err,"We need a private key to sign with\n");

-			goto end;

-			}

-		in=BIO_new(BIO_s_file());

-		if (in == NULL)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (infile == NULL)

-			BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);

-		else

-			{

-			if (BIO_read_filename(in,infile) <= 0)

-				{

-				perror(infile);

-				BIO_free(in);

-				goto end;

-				}

-			}

-		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);

-		BIO_free(in);

-		if (req == NULL)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (	(req->req_info == NULL) ||

-			(req->req_info->pubkey == NULL) ||

-			(req->req_info->pubkey->public_key == NULL) ||

-			(req->req_info->pubkey->public_key->data == NULL))

-			{

-			BIO_printf(bio_err,"The certificate request appears to corrupted\n");

-			BIO_printf(bio_err,"It does not contain a public key\n");

-			goto end;

-			}

-		if ((pkey=X509_REQ_get_pubkey(req)) == NULL)

-	                {

-	                BIO_printf(bio_err,"error unpacking public key\n");

-	                goto end;

-	                }

-		i=X509_REQ_verify(req,pkey);

-		EVP_PKEY_free(pkey);

-		if (i < 0)

-			{

-			BIO_printf(bio_err,"Signature verification error\n");

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-	        if (i == 0)

-			{

-			BIO_printf(bio_err,"Signature did not match the certificate request\n");

-			goto end;

-			}

-		else

-			BIO_printf(bio_err,"Signature ok\n");

-		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);

-		if ((x=X509_new()) == NULL) goto end;

-		ci=x->cert_info;

-		if (sno == NULL)

-			{

-			sno = ASN1_INTEGER_new();

-			if (!sno || !rand_serial(NULL, sno))

-				goto end;

-			if (!X509_set_serialNumber(x, sno))

-				goto end;

-			ASN1_INTEGER_free(sno);

-			sno = NULL;

-			}

-		else if (!X509_set_serialNumber(x, sno))

-			goto end;

-		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;

-		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;

-		X509_gmtime_adj(X509_get_notBefore(x),0);

-	        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);

-		pkey = X509_REQ_get_pubkey(req);

-		X509_set_pubkey(x,pkey);

-		EVP_PKEY_free(pkey);

-		}

-	else

-		x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");

-	if (x == NULL) goto end;

-	if (CA_flag)

-		{

-		xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");

-		if (xca == NULL) goto end;

-		}

-	if (!noout || text || next_serial)

-		{

-		OBJ_create("2.99999.3",

-			"SET.ex3","SET x509v3 extension 3");

-		out=BIO_new(BIO_s_file());

-		if (out == NULL)

-			{

-			ERR_print_errors(bio_err);

-			goto end;

-			}

-		if (outfile == NULL)

-			{

-			BIO_set_fp(out,stdout,BIO_NOCLOSE);

-#ifdef OPENSSL_SYS_VMS

-			{

-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());

-			out = BIO_push(tmpbio, out);

-			}

-#endif

-			}

-		else

-			{

-			if (BIO_write_filename(out,outfile) <= 0)

-				{

-				perror(outfile);

-				goto end;

-				}

-			}

-		}

-	if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);

-	if (clrtrust) X509_trust_clear(x);

-	if (clrreject) X509_reject_clear(x);

-	if (trust)

-		{

-		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)

-			{

-			objtmp = sk_ASN1_OBJECT_value(trust, i);

-			X509_add1_trust_object(x, objtmp);

-			}

-		}

-	if (reject)

-		{

-		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)

-			{

-			objtmp = sk_ASN1_OBJECT_value(reject, i);

-			X509_add1_reject_object(x, objtmp);

-			}

-		}

-	if (num)

-		{

-		for (i=1; i<=num; i++)

-			{

-			if (issuer == i)

-				{

-				print_name(STDout, "issuer= ",

-					X509_get_issuer_name(x), nmflag);

-				}

-			else if (subject == i)

-				{

-				print_name(STDout, "subject= ",

-					X509_get_subject_name(x), nmflag);

-				}

-			else if (serial == i)

-				{

-				BIO_printf(STDout,"serial=");

-				i2a_ASN1_INTEGER(STDout,

-					X509_get_serialNumber(x));

-				BIO_printf(STDout,"\n");

-				}

-			else if (next_serial == i)

-				{

-				BIGNUM *bnser;

-				ASN1_INTEGER *ser;

-				ser = X509_get_serialNumber(x);

-				bnser = ASN1_INTEGER_to_BN(ser, NULL);

-				if (!bnser)

-					goto end;

-				if (!BN_add_word(bnser, 1))

-					goto end;

-				ser = BN_to_ASN1_INTEGER(bnser, NULL);

-				if (!ser)

-					goto end;

-				BN_free(bnser);

-				i2a_ASN1_INTEGER(out, ser);

-				ASN1_INTEGER_free(ser);

-				BIO_puts(out, "\n");

-				}

-			else if (email == i)

-				{

-				int j;

-				STACK *emlst;

-				emlst = X509_get1_email(x);

-				for (j = 0; j < sk_num(emlst); j++)

-					BIO_printf(STDout, "%s\n", sk_value(emlst, j));

-				X509_email_free(emlst);

-				}

-			else if (aliasout == i)

-				{

-				unsigned char *alstr;

-				alstr = X509_alias_get0(x, NULL);

-				if (alstr) BIO_printf(STDout,"%s\n", alstr);

-				else BIO_puts(STDout,"<No Alias>\n");

-				}

-			else if (subject_hash == i)

-				{

-				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));

-				}

-			else if (issuer_hash == i)

-				{

-				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));

-				}

-			else if (pprint == i)

-				{

-				X509_PURPOSE *ptmp;

-				int j;

-				BIO_printf(STDout, "Certificate purposes:\n");

-				for (j = 0; j < X509_PURPOSE_get_count(); j++)

-					{

-					ptmp = X509_PURPOSE_get0(j);

-					purpose_print(STDout, x, ptmp);

-					}

-				}

-			else

-				if (modulus == i)

-				{

-				EVP_PKEY *pkey;

-				pkey=X509_get_pubkey(x);

-				if (pkey == NULL)

-					{

-					BIO_printf(bio_err,"Modulus=unavailable\n");

-					ERR_print_errors(bio_err);

-					goto end;

-					}

-				BIO_printf(STDout,"Modulus=");

-#ifndef OPENSSL_NO_RSA

-				if (pkey->type == EVP_PKEY_RSA)

-					BN_print(STDout,pkey->pkey.rsa->n);

-				else

-#endif

-#ifndef OPENSSL_NO_DSA

-				if (pkey->type == EVP_PKEY_DSA)

-					BN_print(STDout,pkey->pkey.dsa->pub_key);

-				else

-#endif

-					BIO_printf(STDout,"Wrong Algorithm type");

-				BIO_printf(STDout,"\n");

-				EVP_PKEY_free(pkey);

-				}

-			else

-				if (pubkey == i)

-				{

-				EVP_PKEY *pkey;

-				pkey=X509_get_pubkey(x);

-				if (pkey == NULL)

-					{

-					BIO_printf(bio_err,"Error getting public key\n");

-					ERR_print_errors(bio_err);

-					goto end;

-					}

-				PEM_write_bio_PUBKEY(STDout, pkey);

-				EVP_PKEY_free(pkey);

-				}

-			else

-				if (C == i)

-				{

-				unsigned char *d;

-				char *m;

-				int y,z;

-				X509_NAME_oneline(X509_get_subject_name(x),

-					buf,sizeof buf);

-				BIO_printf(STDout,"/* subject:%s */\n",buf);

-				m=X509_NAME_oneline(

-					X509_get_issuer_name(x),buf,

-					sizeof buf);

-				BIO_printf(STDout,"/* issuer :%s */\n",buf);

-				z=i2d_X509(x,NULL);

-				m=OPENSSL_malloc(z);

-				d=(unsigned char *)m;

-				z=i2d_X509_NAME(X509_get_subject_name(x),&d);

-				BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);

-				d=(unsigned char *)m;

-				for (y=0; y<z; y++)

-					{

-					BIO_printf(STDout,"0x%02X,",d[y]);

-					if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");

-					}

-				if (y%16 != 0) BIO_printf(STDout,"\n");

-				BIO_printf(STDout,"};\n");

-				z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);

-				BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);

-				d=(unsigned char *)m;

-				for (y=0; y<z; y++)

-					{

-					BIO_printf(STDout,"0x%02X,",d[y]);

-					if ((y & 0x0f) == 0x0f)

-						BIO_printf(STDout,"\n");

-					}

-				if (y%16 != 0) BIO_printf(STDout,"\n");

-				BIO_printf(STDout,"};\n");

-				z=i2d_X509(x,&d);

-				BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);

-				d=(unsigned char *)m;

-				for (y=0; y<z; y++)

-					{

-					BIO_printf(STDout,"0x%02X,",d[y]);

-					if ((y & 0x0f) == 0x0f)

-						BIO_printf(STDout,"\n");

-					}

-				if (y%16 != 0) BIO_printf(STDout,"\n");

-				BIO_printf(STDout,"};\n");

-				OPENSSL_free(m);

-				}

-			else if (text == i)

-				{

-				X509_print_ex(out,x,nmflag, certflag);

-				}

-			else if (startdate == i)

-				{

-				BIO_puts(STDout,"notBefore=");

-				ASN1_TIME_print(STDout,X509_get_notBefore(x));

-				BIO_puts(STDout,"\n");

-				}

-			else if (enddate == i)

-				{

-				BIO_puts(STDout,"notAfter=");

-				ASN1_TIME_print(STDout,X509_get_notAfter(x));

-				BIO_puts(STDout,"\n");

-				}

-			else if (fingerprint == i)

-				{

-				int j;

-				unsigned int n;

-				unsigned char md[EVP_MAX_MD_SIZE];

-				if (!X509_digest(x,digest,md,&n))

-					{

-					BIO_printf(bio_err,"out of memory\n");

-					goto end;

-					}

-				BIO_printf(STDout,"%s Fingerprint=",

-						OBJ_nid2sn(EVP_MD_type(digest)));

-				for (j=0; j<(int)n; j++)

-					{

-					BIO_printf(STDout,"%02X%c",md[j],

-						(j+1 == (int)n)

-						?'\n':':');

-					}

-				}

-			/* should be in the library */

-			else if ((sign_flag == i) && (x509req == 0))

-				{

-				BIO_printf(bio_err,"Getting Private key\n");

-				if (Upkey == NULL)

-					{

-					Upkey=load_key(bio_err,

-						keyfile, keyformat, 0,

-						passin, e, "Private key");

-					if (Upkey == NULL) goto end;

-					}

-#ifndef OPENSSL_NO_DSA

-		                if (Upkey->type == EVP_PKEY_DSA)

-		                        digest=EVP_dss1();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-				if (Upkey->type == EVP_PKEY_EC)

-					digest=EVP_ecdsa();

-#endif

-				assert(need_rand);

-				if (!sign(x,Upkey,days,clrext,digest,

-						 extconf, extsect)) goto end;

-				}

-			else if (CA_flag == i)

-				{

-				BIO_printf(bio_err,"Getting CA Private Key\n");

-				if (CAkeyfile != NULL)

-					{

-					CApkey=load_key(bio_err,

-						CAkeyfile, CAkeyformat,

-						0, passin, e,

-						"CA Private Key");

-					if (CApkey == NULL) goto end;

-					}

-#ifndef OPENSSL_NO_DSA

-		                if (CApkey->type == EVP_PKEY_DSA)

-		                        digest=EVP_dss1();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-				if (CApkey->type == EVP_PKEY_EC)

-					digest = EVP_ecdsa();

-#endif

-				assert(need_rand);

-				if (!x509_certify(ctx,CAfile,digest,x,xca,

-					CApkey, CAserial,CA_createserial,days, clrext,

-					extconf, extsect, sno))

-					goto end;

-				}

-			else if (x509req == i)

-				{

-				EVP_PKEY *pk;

-				BIO_printf(bio_err,"Getting request Private Key\n");

-				if (keyfile == NULL)

-					{

-					BIO_printf(bio_err,"no request key file specified\n");

-					goto end;

-					}

-				else

-					{

-					pk=load_key(bio_err,

-						keyfile, FORMAT_PEM, 0,

-						passin, e, "request key");

-					if (pk == NULL) goto end;

-					}

-				BIO_printf(bio_err,"Generating certificate request\n");

-#ifndef OPENSSL_NO_DSA

-		                if (pk->type == EVP_PKEY_DSA)

-		                        digest=EVP_dss1();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-				if (pk->type == EVP_PKEY_EC)

-					digest=EVP_ecdsa();

-#endif

-				rq=X509_to_X509_REQ(x,pk,digest);

-				EVP_PKEY_free(pk);

-				if (rq == NULL)

-					{

-					ERR_print_errors(bio_err);

-					goto end;

-					}

-				if (!noout)

-					{

-					X509_REQ_print(out,rq);

-					PEM_write_bio_X509_REQ(out,rq);

-					}

-				noout=1;

-				}

-			else if (ocspid == i)

-				{

-				X509_ocspid_print(out, x);

-				}

-			}

-		}

-	if (checkend)

-		{

-		time_t tcheck=time(NULL) + checkoffset;

-		if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)

-			{

-			BIO_printf(out,"Certificate will expire\n");

-			ret=1;

-			}

-		else

-			{

-			BIO_printf(out,"Certificate will not expire\n");

-			ret=0;

-			}

-		goto end;

-		}

-	if (noout)

-		{

-		ret=0;

-		goto end;

-		}

-	if 	(outformat == FORMAT_ASN1)

-		i=i2d_X509_bio(out,x);

-	else if (outformat == FORMAT_PEM)

-		{

-		if (trustout) i=PEM_write_bio_X509_AUX(out,x);

-		else i=PEM_write_bio_X509(out,x);

-		}

-	else if (outformat == FORMAT_NETSCAPE)

-		{

-		ASN1_HEADER ah;

-		ASN1_OCTET_STRING os;

-		os.data=(unsigned char *)NETSCAPE_CERT_HDR;

-		os.length=strlen(NETSCAPE_CERT_HDR);

-		ah.header= &os;

-		ah.data=(char *)x;

-		ah.meth=X509_asn1_meth();

-		i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);

-		}

-	else	{

-		BIO_printf(bio_err,"bad output format specified for outfile\n");

-		goto end;

-		}

-	if (!i)

-		{

-		BIO_printf(bio_err,"unable to write certificate\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	ret=0;

-end:

-	if (need_rand)

-		app_RAND_write_file(NULL, bio_err);

-	OBJ_cleanup();

-	NCONF_free(extconf);

-	BIO_free_all(out);

-	BIO_free_all(STDout);

-	X509_STORE_free(ctx);

-	X509_REQ_free(req);

-	X509_free(x);

-	X509_free(xca);

-	EVP_PKEY_free(Upkey);

-	EVP_PKEY_free(CApkey);

-	X509_REQ_free(rq);

-	ASN1_INTEGER_free(sno);

-	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);

-	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);

-	if (passin) OPENSSL_free(passin);

-	apps_shutdown();

-	OPENSSL_EXIT(ret);

-	}

-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)

-	{

-	char *buf = NULL, *p;

-	ASN1_INTEGER *bs = NULL;

-	BIGNUM *serial = NULL;

-	size_t len;

-	len = ((serialfile == NULL)

-		?(strlen(CAfile)+strlen(POSTFIX)+1)

-		:(strlen(serialfile)))+1;

-	buf=OPENSSL_malloc(len);

-	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }

-	if (serialfile == NULL)

-		{

-		BUF_strlcpy(buf,CAfile,len);

-		for (p=buf; *p; p++)

-			if (*p == '.')

-				{

-				*p='\0';

-				break;

-				}

-		BUF_strlcat(buf,POSTFIX,len);

-		}

-	else

-		BUF_strlcpy(buf,serialfile,len);

-	serial = load_serial(buf, create, NULL);

-	if (serial == NULL) goto end;

-	if (!BN_add_word(serial,1))

-		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }

-	if (!save_serial(buf, NULL, serial, &bs)) goto end;

- end:

-	if (buf) OPENSSL_free(buf);

-	BN_free(serial);

-	return bs;

-	}

-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,

-	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,

-	     int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)

-	{

-	int ret=0;

-	ASN1_INTEGER *bs=NULL;

-	X509_STORE_CTX xsc;

-	EVP_PKEY *upkey;

-	upkey = X509_get_pubkey(xca);

-	EVP_PKEY_copy_parameters(upkey,pkey);

-	EVP_PKEY_free(upkey);

-	if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))

-		{

-		BIO_printf(bio_err,"Error initialising X509 store\n");

-		goto end;

-		}

-	if (sno) bs = sno;

-	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))

-		goto end;

-/*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/

-	/* NOTE: this certificate can/should be self signed, unless it was

-	 * a certificate request in which case it is not. */

-	X509_STORE_CTX_set_cert(&xsc,x);

-	if (!reqfile && !X509_verify_cert(&xsc))

-		goto end;

-	if (!X509_check_private_key(xca,pkey))

-		{

-		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");

-		goto end;

-		}

-	if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;

-	if (!X509_set_serialNumber(x,bs)) goto end;

-	if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)

-		goto end;

-	/* hardwired expired */

-	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)

-		goto end;

-	if (clrext)

-		{

-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);

-		}

-	if (conf)

-		{

-		X509V3_CTX ctx2;

-		X509_set_version(x,2); /* version 3 certificate */

-                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);

-                X509V3_set_nconf(&ctx2, conf);

-                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;

-		}

-	if (!X509_sign(x,pkey,digest)) goto end;

-	ret=1;

-end:

-	X509_STORE_CTX_cleanup(&xsc);

-	if (!ret)

-		ERR_print_errors(bio_err);

-	if (!sno) ASN1_INTEGER_free(bs);

-	return ret;

-	}

-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)

-	{

-	int err;

-	X509 *err_cert;

-	/* it is ok to use a self signed certificate

-	 * This case will catch both the initial ok == 0 and the

-	 * final ok == 1 calls to this function */

-	err=X509_STORE_CTX_get_error(ctx);

-	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)

-		return 1;

-	/* BAD we should have gotten an error.  Normally if everything

-	 * worked X509_STORE_CTX_get_error(ctx) will still be set to

-	 * DEPTH_ZERO_SELF_.... */

-	if (ok)

-		{

-		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");

-		return 0;

-		}

-	else

-		{

-		err_cert=X509_STORE_CTX_get_current_cert(ctx);

-		print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);

-		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",

-			err,X509_STORE_CTX_get_error_depth(ctx),

-			X509_verify_cert_error_string(err));

-		return 1;

-		}

-	}

-/* self sign */

-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,

-						CONF *conf, char *section)

-	{

-	EVP_PKEY *pktmp;

-	pktmp = X509_get_pubkey(x);

-	EVP_PKEY_copy_parameters(pktmp,pkey);

-	EVP_PKEY_save_parameters(pktmp,1);

-	EVP_PKEY_free(pktmp);

-	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;

-	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;

-	/* Lets just make it 12:00am GMT, Jan 1 1970 */

-	/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */

-	/* 28 days to be certified */

-	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)

-		goto err;

-	if (!X509_set_pubkey(x,pkey)) goto err;

-	if (clrext)

-		{

-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);

-		}

-	if (conf)

-		{

-		X509V3_CTX ctx;

-		X509_set_version(x,2); /* version 3 certificate */

-                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);

-                X509V3_set_nconf(&ctx, conf);

-                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;

-		}

-	if (!X509_sign(x,pkey,digest)) goto err;

-	return 1;

-err:

-	ERR_print_errors(bio_err);

-	return 0;

-	}

-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)

-{

-	int id, i, idret;

-	char *pname;

-	id = X509_PURPOSE_get_id(pt);

-	pname = X509_PURPOSE_get0_name(pt);

-	for (i = 0; i < 2; i++)

-		{

-		idret = X509_check_purpose(cert, id, i);

-		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");

-		if (idret == 1) BIO_printf(bio, "Yes\n");

-		else if (idret == 0) BIO_printf(bio, "No\n");

-		else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);

-		}

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/bugs/MS

+++ /dev/null

@@ -1,7 +1,0 @@

-If you use the function that does an fopen inside the DLL, it's malloc

-will be used and when the function is then written inside, more

-hassles

-....

-think about it.

--- a/sys/src/ape/lib/openssl/bugs/SSLv3

+++ /dev/null

@@ -1,49 +1,0 @@

-So far...

-ssl3.netscape.com:443 does not support client side dynamic

-session-renegotiation.

-ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN

-in an invalid format (the outer sequence is removed).

-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte

-challenge but then appears to only use 16 bytes when generating the

-encryption keys.  Using 16 bytes is ok but it should be ok to use 32.

-According to the SSLv3 spec, one should use 32 bytes for the challenge

-when opperating in SSLv2/v3 compatablity mode, but as mentioned above,

-this breaks this server so 16 bytes is the way to go.

-www.microsoft.com - when talking SSLv2, if session-id reuse is

-performed, the session-id passed back in the server-finished message

-is different from the one decided upon.

-ssl3.netscape.com:443, first a connection is established with RC4-MD5.

-If it is then resumed, we end up using DES-CBC3-SHA.  It should be

-RC4-MD5 according to 7.6.1.3, 'cipher_suite'.

-Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.

-It only really shows up when connecting via SSLv2/v3 then reconnecting

-via SSLv3. The cipher list changes....

-NEW INFORMATION.  Try connecting with a cipher list of just

-DES-CBC-SHA:RC4-MD5.  For some weird reason, each new connection uses

-RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when

-doing a re-connect, always takes the first cipher in the cipher list.

-If we accept a netscape connection, demand a client cert, have a

-non-self-signed CA which does not have it's CA in netscape, and the

-browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta

-Netscape browsers do not really notice the server sending a

-close notify message.  I was sending one, and then some invalid data.

-netscape complained of an invalid mac. (a fork()ed child doing a

-SSL_shutdown() and still sharing the socket with its parent).

-Netscape, when using export ciphers, will accept a 1024 bit temporary

-RSA key.  It is supposed to only accept 512.

-If Netscape connects to a server which requests a client certificate

-it will frequently hang after the user has selected one and never

-complete the connection. Hitting "Stop" and reload fixes this and

-all subsequent connections work fine. This appears to be because

-Netscape wont read any new records in when it is awaiting a server

-done message at this point. The fix is to send the certificate request

-and server done messages in one record.

--- a/sys/src/ape/lib/openssl/bugs/alpha.c

+++ /dev/null

@@ -1,91 +1,0 @@

-/* bugs/alpha.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* while not exactly a bug (ASN1 C leaves this undefined) it is

- * something to watch out for.  This was fine on linux/NT/Solaris but not

- * Alpha */

-/* it is basically an example of

- * func(*(a++),*(a++))

- * which parameter is evaluated first?  It is not defined in ASN1 C.

- */

-#include <stdio.h>

-#define TYPE    unsigned int

-void func(a,b)

-TYPE *a;

-TYPE b;

-        {

-        printf("%ld -1 == %ld\n",a[0],b);

-        }

-main()

-        {

-        TYPE data[5]={1L,2L,3L,4L,5L};

-        TYPE *p;

-        int i;

-        p=data;

-        for (i=0; i<4; i++)

-                {

-                func(p,*(p++));

-                }

-        }

--- a/sys/src/ape/lib/openssl/bugs/dggccbug.c

+++ /dev/null

@@ -1,45 +1,0 @@

-/* NOCW */

-/* dggccbug.c */

-/* bug found by Eric Young ([email protected]) - May 1995 */

-#include <stdio.h>

-/* There is a bug in

- * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)

- * as shipped with DGUX 5.4R3.10 that can be bypassed by defining

- * DG_GCC_BUG in my code.

- * The bug manifests itself by the vaule of a pointer that is

- * used only by reference, not having it's value change when it is used

- * to check for exiting the loop.  Probably caused by there being 2

- * copies of the valiable, one in a register and one being an address

- * that is passed. */

-/* compare the out put from

- * gcc dggccbug.c; ./a.out

- * and

- * gcc -O dggccbug.c; ./a.out

- * compile with -DFIXBUG to remove the bug when optimising.

- */

-void inc(a)

-int *a;

-	{

-	(*a)++;

-	}

-main()

-	{

-	int p=0;

-#ifdef FIXBUG

-	int dummy;

-#endif

-	while (p<3)

-		{

-		fprintf(stderr,"%08X\n",p);

-		inc(&p);

-#ifdef FIXBUG

-		dummy+=p;

-#endif

-		}

-	}

--- a/sys/src/ape/lib/openssl/bugs/sgiccbug.c

+++ /dev/null

@@ -1,57 +1,0 @@

-/* NOCW */

-/* sgibug.c */

-/* bug found by Eric Young ([email protected]) May 95 */

-#include <stdio.h>

-/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are

- * the only versions of IRIX I have access to.

- * defining FIXBUG removes the bug.

- * (bug is still present in IRIX 6.3 according to

- * Gage <[email protected]>

- */

-/* Compare the output from

- * cc sgiccbug.c; ./a.out

- * and

- * cc -O sgiccbug.c; ./a.out

- */

-static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};

-static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};

-static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};

-main()

-	{

-	unsigned long r[4];

-	sub(r,a,b);

-	fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);

-	fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);

-	fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);

-	fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);

-	}

-int sub(r,a,b)

-unsigned long *r,*a,*b;

-	{

-	register unsigned long t1,t2,*ap,*bp,*rp;

-	int i,carry;

-#ifdef FIXBUG

-	unsigned long dummy;

-#endif

-	ap=a;

-	bp=b;

-	rp=r;

-	carry=0;

-	for (i=0; i<4; i++)

-		{

-		t1= *(ap++);

-		t2= *(bp++);

-		t1=(t1-t2);

-#ifdef FIXBUG

-		dummy=t1;

-#endif

-		*(rp++)=t1&0xffffffff;

-		}

-	}

--- a/sys/src/ape/lib/openssl/bugs/sslref.dif

+++ /dev/null

@@ -1,26 +1,0 @@

-The February 9th, 1995 version of the SSL document differs from

-https://www.netscape.com in the following ways.

-=====

-The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is

-KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]

-not

-KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]

-as specified in the documentation.

-=====

-From the section 2.6 Server Only Protocol Messages

-If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,

-CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero.

-This is not true for https://www.netscape.com.  The CERTIFICATE-TYPE

-is returned as 1.

-=====

-I have not tested the following but it is reported by [email protected].

-SSLref clients wait to recieve a server-verify before they send a

-client-finished.  Besides this not being evident from the examples in

-2.2.1, it makes more sense to always send all packets you can before

-reading.  SSLeay was waiting in the server to recieve a client-finish

-before sending the server-verify :-).  I have changed SSLeay to send a

-server-verify before trying to read the client-finished.

--- a/sys/src/ape/lib/openssl/bugs/stream.c

+++ /dev/null

@@ -1,131 +1,0 @@

-/* bugs/stream.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/rc4.h>

-#ifdef OPENSSL_NO_DES

-#include <des.h>

-#else

-#include <openssl/des.h>

-#endif

-/* show how stream ciphers are not very good.  The mac has no affect

- * on RC4 while it does for cfb DES

- */

-main()

-	{

-	fprintf(stderr,"rc4\n");

-	rc4();

-	fprintf(stderr,"cfb des\n");

-	des();

-	}

-int des()

-	{

-	des_key_schedule ks;

-	des_cblock iv,key;

-	int num;

-	static char *keystr="01234567";

-	static char *in1="0123456789ABCEDFdata 12345";

-	static char *in2="9876543210abcdefdata 12345";

-	unsigned char out[100];

-	int i;

-	des_set_key((des_cblock *)keystr,ks);

-	num=0;

-	memset(iv,0,8);

-	des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);

-	for (i=0; i<26; i++)

-		fprintf(stderr,"%02X ",out[i]);

-	fprintf(stderr,"\n");

-	num=0;

-	memset(iv,0,8);

-	des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);

-	for (i=0; i<26; i++)

-		fprintf(stderr,"%02X ",out[i]);

-	fprintf(stderr,"\n");

-	}

-int rc4()

-	{

-	static char *keystr="0123456789abcdef";

-	RC4_KEY key;

-	unsigned char in[100],out[100];

-	int i;

-	RC4_set_key(&key,16,keystr);

-	in[0]='\0';

-	strcpy(in,"0123456789ABCEDFdata 12345");

-	RC4(key,26,in,out);

-	for (i=0; i<26; i++)

-		fprintf(stderr,"%02X ",out[i]);

-	fprintf(stderr,"\n");

-	RC4_set_key(&key,16,keystr);

-	in[0]='\0';

-	strcpy(in,"9876543210abcdefdata 12345");

-	RC4(key,26,in,out);

-	for (i=0; i<26; i++)

-		fprintf(stderr,"%02X ",out[i]);

-	fprintf(stderr,"\n");

-	}

--- a/sys/src/ape/lib/openssl/bugs/ultrixcc.c

+++ /dev/null

@@ -1,45 +1,0 @@

-#include <stdio.h>

-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.

- * What happens is that the compiler, due to the (a)&7,

- * does

- * i=a&7;

- * i--;

- * i*=4;

- * Then uses i as the offset into a jump table.

- * The problem is that a value of 0 generates an offset of

- * 0xfffffffc.

- */

-main()

-	{

-	f(5);

-	f(0);

-	}

-int f(a)

-int a;

-	{

-	switch(a&7)

-		{

-	case 7:

-		printf("7\n");

-	case 6:

-		printf("6\n");

-	case 5:

-		printf("5\n");

-	case 4:

-		printf("4\n");

-	case 3:

-		printf("3\n");

-	case 2:

-		printf("2\n");

-	case 1:

-		printf("1\n");

-#ifdef FIX_BUG

-	case 0:

-		;

-#endif

-		}

-	}

--- a/sys/src/ape/lib/openssl/certs/RegTP-5R.pem

+++ /dev/null

@@ -1,19 +1,0 @@

-issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE

-notBefore=Mar 22 08:55:51 2000 GMT

-notAfter=Mar 22 08:55:51 2005 GMT

-subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE

------BEGIN CERTIFICATE-----

-MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w

-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0

-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w

-IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC

-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11

-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg

-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS

-vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs

-HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG

-CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG

-KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6

-b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS

-P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/RegTP-6R.pem

+++ /dev/null

@@ -1,19 +1,0 @@

-issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE

-notBefore=Feb  1 09:52:17 2001 GMT

-notAfter=Jun  1 09:52:17 2005 GMT

-subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE

------BEGIN CERTIFICATE-----

-MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w

-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0

-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w

-IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC

-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11

-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg

-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2

-wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf

-mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P

-ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG

-KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe

-IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn

-XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/aol1.pem

+++ /dev/null

@@ -1,22 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc

-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP

-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2

-MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft

-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg

-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP

-ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk

-hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym

-1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW

-OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb

-2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko

-O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw

-AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU

-AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB

-BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF

-Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb

-LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir

-oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C

-MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds

-sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/aol2.pem

+++ /dev/null

@@ -1,33 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc

-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP

-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2

-MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft

-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg

-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP

-ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC

-206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci

-KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2

-JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9

-BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e

-Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B

-PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67

-Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq

-Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ

-o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3

-+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj

-YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj

-FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE

-AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn

-xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2

-LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc

-obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8

-CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe

-IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA

-DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F

-AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX

-Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb

-AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl

-Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw

-RY8mkaKO/qk=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/aoltw1.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx

-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh

-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0

-aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1

-MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg

-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M

-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw

-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U

-0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI

-TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf

-RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF

-zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh

-BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA

-AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY

-PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/

-BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn

-9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT

-Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF

-Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX

-n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW

-H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/aoltw2.pem

+++ /dev/null

@@ -1,34 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx

-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh

-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0

-aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz

-NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg

-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M

-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw

-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ

-7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb

-m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY

-xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ

-YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq

-JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx

-I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz

-kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh

-EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S

-Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM

-gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu

-rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE

-FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO

-1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu

-h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP

-yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q

-7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT

-RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/

-ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB

-M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ

-my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO

-AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT

-9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H

-hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5

-fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/argena.pem

+++ /dev/null

@@ -1,39 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx

-EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH

-RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl

-MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP

-QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe

-Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ

-MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF

-IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw

-IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B

-LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB

-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679

-tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM

-e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2

-4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ

-W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6

-2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID

-AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV

-HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG

-EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK

-EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0

-aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD

-VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0

-LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G

-CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD

-CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq

-KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0

-aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h

-LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m

-b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93

-d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt

-Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF

-BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK

-Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG

-HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW

-3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW

-msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG

-J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/argeng.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx

-EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn

-ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu

-c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx

-MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD

-VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0

-ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0

-ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG

-9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1

-XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb

-Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3

-NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB

-xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG

-A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG

-A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm

-dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu

-LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE

-AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV

-AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA

-x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3

-US0spjsDPQ==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/demo/ca-cert.pem

+++ /dev/null

@@ -1,33 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET

-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx

-HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN

-MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu

-ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg

-KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p

-yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF

-b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM

-5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA

-U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW

-R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG

-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0

-IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL

-6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35

-3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK

-sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425

-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd

-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB

-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6

-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2

-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs

-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL

-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s

-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz

-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa

-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb

-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2

-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/certs/demo/dsa-ca.pem

+++ /dev/null

@@ -1,43 +1,0 @@

------BEGIN DSA PRIVATE KEY-----

-Proc-Type: 4,ENCRYPTED

-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0

-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0

-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl

-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/

-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr

-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO

-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5

-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx

-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4

-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827

-MVqOsYxGCb+kez0FoDSTgw==

------END DSA PRIVATE KEY-----

------BEGIN CERTIFICATE REQUEST-----

-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew

-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW

-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m

-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk

-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo

-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR

-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB

-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH

-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq

-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u

-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v

-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==

------END CERTIFICATE REQUEST-----

------BEGIN CERTIFICATE-----

-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww

-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw

-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu

-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE

-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi

-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh

-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD

-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa

-C1Q=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/demo/dsa-pca.pem

+++ /dev/null

@@ -1,49 +1,0 @@

------BEGIN DSA PRIVATE KEY-----

-Proc-Type: 4,ENCRYPTED

-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4

-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS

-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt

-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr

-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX

-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd

-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1

-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn

-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h

-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf

-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7

------END DSA PRIVATE KEY-----

------BEGIN CERTIFICATE REQUEST-----

-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB

-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G

-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O

-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR

-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl

-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6

-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als

-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe

-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ

-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0

-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB

-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==

------END CERTIFICATE REQUEST-----

------BEGIN CERTIFICATE-----

-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww

-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw

-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu

-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww

-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ

-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5

-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps

-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze

-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO

-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C

-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk

-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A

-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D

-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n

-5rKUjNBhSg==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/demo/nortelCA.pem

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN CERTIFICATE-----

-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN

-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w

-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0

-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL

-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls

-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww

-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL

-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc

-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0

-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq

-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF

-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W

-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/demo/pca-cert.pem

+++ /dev/null

@@ -1,33 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET

-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx

-HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN

-MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu

-ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB

-ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy

-V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6

-JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S

-S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R

-aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E

-1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY

-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy

-NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho

-+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ

-JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0

-Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg

-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ

-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB

-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc

-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz

-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7

-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD

-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS

-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj

-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG

-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL

-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q

-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/certs/demo/timCA.pem

+++ /dev/null

@@ -1,16 +1,0 @@

-Tims test GCI CA

------BEGIN CERTIFICATE-----

-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD

-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow

-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC

-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl

-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN

-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw

-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF

-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA

-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/demo/tjhCA.pem

+++ /dev/null

@@ -1,15 +1,0 @@

------BEGIN CERTIFICATE-----

-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O

-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB

-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1

-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH

-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT

-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta

-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ

-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR

-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG

-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4

-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/demo/vsigntca.pem

+++ /dev/null

@@ -1,18 +1,0 @@

-subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997

-notBefore=Mar  4 00:00:00 1997 GMT

-notAfter=Mar  4 23:59:59 2025 GMT

------BEGIN CERTIFICATE-----

-MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU

-BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v

-cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw

-RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v

-IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz

-NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52

-ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM

-aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0

-aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB

-BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s

-cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB

-ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW

-ToLEMaUojc3DuNXHG21PDG8=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/eng1.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex

-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9CYW5rRW5n

-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz

-aW9uMRMwEQYDVQQDEwpiYW5rZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBiYW5r

-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw

-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV

-BAoTD0JhbmtFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo

-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmJhbmtlbmdpbmUxIDAeBgkqhkiG9w0B

-CQEWEWNhQGJhbmtlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB

-CgKCAQEA14LoTUAl1/hEy+Kh1kLHiBdW2zD3V4IhM7xxTVKsYsIH56nr69ATTIxU

-P36eRzeZ137qt1AxHFjDCidk3m1Ul6l59ProPexdslLLM2npM3f2cteg+toyiYiS

-EJKjyzIu1xF1j9qzGkymSY/4DsXLZNk9FaczxMk/Ooc6Os1M3AverL4VG4rYIb6f

-eR32cIKJ9Q1fGuyKk7ipq1XQfPW8a8TgZdbHbe7U9Gk3iasGMHHvpR9Ep3mGbgdT

-uQ98SBEuIwe1BUCGg/MXpVy48MNXfAMotBgGw4pl9yqSjMni2FB+E9Q9DHFs2RgX

-MqzKuo8zcPxKx2kZ6Arj8+27dw2clQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G

-CSqGSIb3DQEBBQUAA4IBAQBauupHX9EhpC/r57d6b5kkeWvognxIP9//TO4iw3qb

-zIXEkPXmJmwVzlzoKJWqiya+aw19SP0+G6CzsFOBo/9ehmz+hZ8bhYX4MjlWzX5u

-Tnkhz172j9fOBUmrTVPkcRIs6zjCD5PQAGoBPP1/Zdy2N36lZ0U7lg07Opirj/yJ

-PSJeM2j0fwIFAroiVckvdT0BVwB6S/cPaAQGPghbbr1YGSmYrMriSv825ILJUfxz

-rJYunGR9FiY9Ob7+jwJwiZMS4CxSPktutxr/3hOvr1+ALS7IcVakhhA3PuZAJbdH

-FRclR9qMM8aBnBZmf+Uv3K3uhT+UBzzY654U9Yi1JYnA

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/eng2.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex

-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9DZXJ0RW5n

-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz

-aW9uMRMwEQYDVQQDEwpjZXJ0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBjZXJ0

-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw

-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV

-BAoTD0NlcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo

-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmNlcnRlbmdpbmUxIDAeBgkqhkiG9w0B

-CQEWEWNhQGNlcnRlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB

-CgKCAQEA7aTXURShaeVt9u/dP3Q2dVib3jTCZvEyc6yfpGgaYWewXWuP4HOSfI4h

-GZblbpl+dzJc6RjhR+pguIRtbT5FJB8SJGjRqoujBEOQOxtVtc2fjM9Dqh0iOvMW

-WS6buxHG55GVrHAQaO5HXEScKQBa9ZyNmpSXPTEBrDMej1OAGOkc524/TZrgFPF4

-AiJLLkxCcP8NuzUKlW3WzNMSSoCtjkUKy4wjSLlAWCFM0T9Df6/+Z8ZUQTzHoKCD

-ncH5Qnynd7DlOwKQ2JwwxRhYGiGVTUN0GUq7qA11kW3+vnbFesKQXoF6o2PVx9s2

-YXviI2NXXUjZ0pVnsnFCc45Pm8XojwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G

-CSqGSIb3DQEBBQUAA4IBAQBP/aHOKJ00Akzc9HWM1X30hlWZFBaQi4pqD4Uhk8+p

-KzzwFP5DRLBOz8TYBbtdXrS6hxVMr2sqWmhVkuyepWhHZazKGyHY/y0FbOXsewAV

-1QxxSyx7ve89pCKv4/w0rQcP916iHc8Y/TCpmz7eITa3GId+8H/XTaBi8GBp9X9O

-w8m25FmEB1NT+eJwefvfdKowjy4tSorKdW/eJspxNuTSRGmUy8G71W5dYvgpAlx6

-mdnHyzxEGvRYNNI2bS0ifXgbEFNWqSas9q34ea5KOpkJu8T/KyXfSb6rPOsBSb0t

-wMowwGtCVH2C4Lw/8zo0EjhMpTOsPaub408PrZ+NQ2bl

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/eng3.pem

+++ /dev/null

@@ -1,34 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIF3TCCA8WgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex

-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9Gb3J0RW5n

-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz

-aW9uMRMwEQYDVQQDEwpmb3J0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBmb3J0

-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw

-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV

-BAoTD0ZvcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo

-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmZvcnRlbmdpbmUxIDAeBgkqhkiG9w0B

-CQEWEWNhQGZvcnRlbmdpbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC

-CgKCAgEAyr7GbpwDxx1v3EYbo0gcO+ligEhlDqG2e7u/AbWGoVAqc8+q6auUJUtz

-4i7oh0yNadu1o9kpXW+znkgO0zlrgjGskqqMO1ooppzTJdFy/P8gR6x1Iuv3kWtX

-OuzwPPEjv09LWlhyJsN+oU4ztTVf07I0Q9zYupcoDQ58XKRheI9KdDB2DYSmxywA

-WSLQwIeG0Qa7gvokeQlpkgkEC7viEecJ3752KXBJHnh7As51mxnlpmG6sDy67Eli

-HDw5tHETRqbtnscGBjskGQBqR5xt7+QnnthZrN8HJHDoa9zgGephwizhkL44lXLF

-YK9W5XhFbblw2c+mAcHkokRiwD7CPeIoyD2a/Jcw3n5hegKTlNhd4BFGVF6JR7gF

-OFk2QfHXit5uthsij9Xhl7WAgQUqLgggD9MphqPf4nY66OZUJV9ZsmB+Qfp8UizB

-0WAOegactKVyRqHtRa+KIEXQXNtZgjcmMk9CYkP0nIbKtgKXaH6+9VMHNOryCnFE

-7pSsuPUkypncFWCHGSeiFO3w4w4J4csltxBADQzxfRu5KZnlToQN7bVpI/Q31tVX

-E5bjrJcq6Oj/OTqZ3ID+OqbkUdAg0ggjRKcTgxnLHd/AbMzJ6PsclDDf7cLs0WSl

-xMxQR/z5bNST1rNtT9rsiv2TOhfvCBxO9AOjBioO8PLO032HTNECAwEAAaMQMA4w

-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAVyBpPWfT2VOyvVpslGKx

-8h0+CWP8cilygGRtZJ5dAJzc//1REAHdvK+TgZ4Foz3dqHhXI+RNN0FpzuWaYMjW

-ZTS0kAmcOQuGY1Oo4PGlPHI21pNz29oFDTJr0ZmLBJ4JKVsE2soJg55jdk9MZHA7

-K//7HH9RsmrWZOE5DZDlrxp6+naixhMwnlPKKisIy9GNZUPqGdUWABMdB/BUVVNl

-NU5TtWpIXUClMd8a+eoKcItBeYXowkHOBpinPkDX3clFDIUfWiw0Ro08s8SrrFqR

-8Szwbrj52Xv1RM56oGqCjnkvJctxihODV7NcpxoAFjIZokDom0q6zPrrTUsLFQov

-Plovc3w5hmALiDMshaTvE1nm3Psn4yQ+FlRE8epTZrQiIGypZkZC6lcz0mYawueW

-cThYWGFhVG4ktQzOjjNRsNxopW+W7cF1zQTxiWUDnxIKSj7gtdQ2jiubxEEhfVag

-r8DMtAccNVTZVURpGi56TptOOuotrTqqC+2GviW4hlxvdvmuQN0OlXlUwzz2Trxc

-FamNnuA54lZw/8arLtxsFmHrcnPw53+1spumLD0S5UkxHNu40h6LIVpZz3H+0rLz

-uFofTfiyMjcfK2AyHQTgUCbsrvgNuLDQUbyFGVchdFUkhztX3DhEVnxnnrpY4BVj

-QdTqWIvw7lGlSuDCjxEQAOc=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/eng4.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex

-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9NYWlsRW5n

-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz

-aW9uMRMwEQYDVQQDEwptYWlsZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBtYWls

-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw

-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV

-BAoTD01haWxFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo

-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCm1haWxlbmdpbmUxIDAeBgkqhkiG9w0B

-CQEWEWNhQG1haWxlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB

-CgKCAQEAqXmfsU+lx+NFmn6tN17RTOyaddHqLnr/3rzEDIyT9TN+tF9TG7jmK7lJ

-Jrj5arQ3nTFaLF8JuND2U1z/cLPw6/TX+1tE3v3CNUDSjaisyUDiUyp3TE8hMMMz

-zfZQn0JsGgNhhWxqyzjhRQGtKL4+xtn8VsF/8zGgZYke7nlmVKz/FslDFTnNoodL

-BAEGiu9JQS9qqpbSs20NdZ6LXPL2A4iTjnsNFBW3jIMVIn/JVVyaycU7ue2oFviD

-vLNpkVZcR7A+jjIdIumOc5VSF0y7y74cQC5YwkR2mLK7UBYDK6NCY3ta/C4M8NsM

-0FpmvRl0+A1ivZtVwqI98dxDtp7HeQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G

-CSqGSIb3DQEBBQUAA4IBAQAjfNn5BCzxylBDakFQGWKE/P43PRibMOEzfd7+DzbY

-WIekoz3i00DwoH3b6j4gwlDJRAOq4dF6/Pt/uBOHDo/op+ef+9ErmKPd+ehXN9h3

-7QbccTgz7DtVwA4iRlDRLru+JuXzT+OsCHuFZMOLJ+KD2JAGh3W68JjdcLkrlcpt

-AU0wc5aOHPPfEBdIah8y8QtNzXRVzoBt8zzvgCARkXxTS2u/9QaXR1hML0JtDgQS

-SdZ6Kd8SN6yzqxD+buYD5sOfJmjBF/n3lqFHNMHnnGXy2TAXZtIAWzffU3A0cGPB

-N6FZ026a86HbF1X4k+xszhbJu/ikczyuWnCJIg3fTYSD

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/eng5.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID6TCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCQ0Ex

-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRowGAYDVQQKExFUcmFkZXJF

-bmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRGl2

-aXNpb24xFTATBgNVBAMTDHRyYWRlcmVuZ2luZTEiMCAGCSqGSIb3DQEJARYTY2FA

-dHJhZGVyZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBa

-MIGuMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x

-GjAYBgNVBAoTEVRyYWRlckVuZ2luZSBJbmMuMSkwJwYDVQQLEyBDZXJ0aWZpY2F0

-aW9uIEF1dGhvcml0eSBEaXZpc2lvbjEVMBMGA1UEAxMMdHJhZGVyZW5naW5lMSIw

-IAYJKoZIhvcNAQkBFhNjYUB0cmFkZXJlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0B

-AQEFAAOCAQ8AMIIBCgKCAQEAzyX5QE+5SN+zgNn1v3zp9HmP4hQOWW8WuEVItZVP

-9bt/xj5NeJd1kyPL/SqnF2qHcL3o/74r0Ga55aKHniwKYgQTlp5ELGfQ568QQeN9

-xNIHtUXeStI9zCNZyZC+4YqObdMR/ivKA/WsLfUVMl2lV5JzJJz1BOE0gKEYiEyz

-gIq5oLzkP/mOXoHRvWSZD2D0eHYIO7ovV2epVFK7g7p+dC4QoeIUEli+GF/Myg88

-dV/qmi+Sybck2RLPXa8Nh27/ETVQ7kE1Eafmx7EyCqIhG+5lwJAy3HwHUBwAYuzj

-iuZz5lD8aQmr8SKuvy3eOH9SVN5wh3YBlrNGwTStkESVLwIDAQABoxAwDjAMBgNV

-HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAWOPAUhZd3x9EQiFJcuxFTMd9q

-axgcriCzJsM6D96sYGko9xTeLhX/lr1bliVYI5AlupoLXAdMzGHJkOgaTirKjQXr

-F9nymDdUWKe3TmwGob5016nQlH7qRKvGO3hka0rOGRK2U/2JT/4Qp8iH/DFi6cyM

-uP0q8n64SAkxZXLzUuFQXqf7U/SNjzb9XJQEIAdjp7eYd3Qb4jDsDcX0FrKMF1aV

-r0dCDnS7am7WTXPYCDGdSkPgEHEtLYIYH3lZp5sKdVZ9wl4F0WNFkRWRUr7AXPjw

-50uLmUNmKCd8JZLMGA1TRNSTi7U9EcrWt0OkMWm74T2WVnAgNsDv2WrWsGfj

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/ICE-CA.pem

+++ /dev/null

@@ -1,59 +1,0 @@

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1 (0x1)

-        Signature Algorithm: md5WithRSAEncryption

-        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority

-        Validity

-            Not Before: Apr  2 17:35:53 1997 GMT

-            Not After : Apr  2 17:35:53 1998 GMT

-        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt

-        Subject Public Key Info:

-            Public Key Algorithm: rsa

-            RSA Public Key: (512 bit)

-                Modulus (512 bit):

-                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:

-                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:

-                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:

-                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:

-                    49:11:a5:c9:45

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            X509v3 Authority Key Identifier:

-                0.........z.."p......e..

-            X509v3 Subject Key Identifier:

-                ..~r..:..B.44fu......3

-            X509v3 Key Usage: critical

-                ....

-            X509v3 Certificate Policies: critical

-                0.0...*...

-            X509v3 Subject Alternative Name:

-                [email protected]

-            X509v3 Issuer Alternative Name:

-                [email protected].*http://www.darmstadt.gmd.de/ice-tel/euroca

-            X509v3 Basic Constraints: critical

-                0....

-            X509v3 CRL Distribution Points:

-                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca

-    Signature Algorithm: md5WithRSAEncryption

-        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:

-        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:

-        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:

-        88:73:cd:60:28:79:a3:fc:48:7a

------BEGIN CERTIFICATE-----

-MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv

-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g

-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G

-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0

-aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB

-AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC

-BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud

-IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0

-NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF

-MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD

-VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3

-LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB

-/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv

-aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m

-7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/ICE-root.pem

+++ /dev/null

@@ -1,48 +1,0 @@

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 0 (0x0)

-        Signature Algorithm: md5WithRSAEncryption

-        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority

-        Validity

-            Not Before: Apr  2 17:33:36 1997 GMT

-            Not After : Apr  2 17:33:36 1998 GMT

-        Subject: O=European ICE-TEL project, OU=V3-Certification Authority

-        Subject Public Key Info:

-            Public Key Algorithm: rsa

-            RSA Public Key: (512 bit)

-                Modulus (512 bit):

-                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:

-                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:

-                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:

-                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:

-                    e7:c7:9f:41:cd

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            X509v3 Subject Key Identifier:

-                ........z.."p......e..

-            X509v3 Key Usage: critical

-                ....

-            X509v3 Subject Alternative Name:

-                0I.*http://www.darmstadt.gmd.de/ice-tel/[email protected]

-            X509v3 Basic Constraints: critical

-                0....

-    Signature Algorithm: md5WithRSAEncryption

-        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:

-        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:

-        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:

-        7e:22:9f:25:06:60:bd:79:30:3d

------BEGIN CERTIFICATE-----

-MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv

-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g

-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G

-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0

-aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+

-EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU

-0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs

-ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z

-dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0

-LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP

-iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4

-fiKfJQZgvXkwPQ==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/ICE-user.pem

+++ /dev/null

@@ -1,63 +1,0 @@

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1 (0x1)

-        Signature Algorithm: md5WithRSAEncryption

-        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt

-        Validity

-            Not Before: Apr  2 17:35:59 1997 GMT

-            Not After : Apr  2 17:35:59 1998 GMT

-        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER

-        Subject Public Key Info:

-            Public Key Algorithm: rsa

-            RSA Public Key: (512 bit)

-                Modulus (512 bit):

-                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:

-                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:

-                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:

-                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:

-                    be:3e:a4:61:8b

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            X509v3 Authority Key Identifier:

-                0...~r..:..B.44fu......3

-            X509v3 Subject Key Identifier:

-                ...... .*...1.*.......

-            X509v3 Key Usage: critical

-                ....

-            X509v3 Certificate Policies: critical

-                0.0...*...0.......

-            X509v3 Subject Alternative Name:

-                0:[email protected].!http://www.darmstadt.gmd.de/~user

-            X509v3 Issuer Alternative Name:

-                [email protected]://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.

-..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26

-            X509v3 Basic Constraints: critical

-                0.

-            X509v3 CRL Distribution Points:

-                [email protected]

-    Signature Algorithm: md5WithRSAEncryption

-        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:

-        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:

-        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:

-        9a:f7:6f:63:9b:94:99:83:d6:a4

------BEGIN CERTIFICATE-----

-MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv

-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g

-QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN

-OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl

-Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH

-EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA

-qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e

-BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG

-nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G

-A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV

-HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0

-YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0

-dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD

-VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp

-ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42

-Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k

-ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW

-DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/ICE.crl

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN X509 CRL-----

-MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut

-VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05

-NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0

-WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/

-i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO

-KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1

-mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh

------END X509 CRL-----

--- a/sys/src/ape/lib/openssl/certs/expired/RegTP-4R.pem

+++ /dev/null

@@ -1,19 +1,0 @@

-issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE

-notBefore=Jan 21 16:04:53 1999 GMT

-notAfter=Jan 21 16:04:53 2004 GMT

-subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE

------BEGIN CERTIFICATE-----

-MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9

-MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth

-dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO

-MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT

-AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t

-dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB

-IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso

-aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs

-jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h

-5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr

-JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX

-Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re

-JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/factory.pem

+++ /dev/null

@@ -1,15 +1,0 @@

------BEGIN CERTIFICATE-----

-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM

-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT

-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx

-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv

-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB

-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt

-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw

-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd

-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G

-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8

-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi

-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA

-S7ELuYGtmYgYm9NZOIr7yU0=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/rsa-cca.pem

+++ /dev/null

@@ -1,19 +1,0 @@

-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority

-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority

-notBefore=941104185834Z

-notAfter =991103185834Z

------BEGIN X509 CERTIFICATE-----

-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw

-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy

-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05

-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT

-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u

-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o

-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/

-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE

-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j

-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI

-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb

-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=

------END X509 CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/rsa-ssca.pem

+++ /dev/null

@@ -1,19 +1,0 @@

-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-notBefore=941109235417Z

-notAfter =991231235417Z

------BEGIN X509 CERTIFICATE-----

-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw

-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl

-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda

-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0

-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp

-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB

-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12

-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc

-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A

-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7

-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h

-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=

------END X509 CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/vsign2.pem

+++ /dev/null

@@ -1,18 +1,0 @@

-subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority

-notBefore=Jan 29 00:00:00 1996 GMT

-notAfter=Jan  7 23:59:59 2004 GMT

------BEGIN CERTIFICATE-----

-MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ

-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh

-c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05

-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD

-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp

-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB

-jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18

-oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED

-uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN

-BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML

-v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd

-G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9

-1Q==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/expired/vsign3.pem

+++ /dev/null

@@ -1,18 +1,0 @@

-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

-notBefore=Jan 29 00:00:00 1996 GMT

-notAfter=Jan  7 23:59:59 2004 GMT

------BEGIN CERTIFICATE-----

-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ

-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh

-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05

-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD

-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp

-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB

-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo

-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4

-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN

-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp

-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH

-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ

-pA==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/thawteCb.pem

+++ /dev/null

@@ -1,19 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx

-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD

-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv

-biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm

-MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx

-MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT

-DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3

-dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl

-cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3

-DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD

-gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91

-yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX

-L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj

-EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG

-7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e

-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ

-qdq5snUb9kLy78fyGPmJvKP/iiMucEc=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/thawteCp.pem

+++ /dev/null

@@ -1,19 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx

-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD

-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv

-biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy

-dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t

-MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB

-MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG

-A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp

-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl

-cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv

-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE

-VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ

-ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR

-uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG

-9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI

-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM

-pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/vsign1.pem

+++ /dev/null

@@ -1,17 +1,0 @@

-subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority

-notBefore=Jan 29 00:00:00 1996 GMT

-notAfter=Jan  7 23:59:59 2020 GMT

------BEGIN CERTIFICATE-----

-MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG

-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

-MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt

-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f

-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi

-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G

-CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ

-mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM

-VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/vsign3.pem

+++ /dev/null

@@ -1,17 +1,0 @@

-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

-notBefore=Jan 29 00:00:00 1996 GMT

-notAfter=Aug  1 23:59:59 2028 GMT

------BEGIN CERTIFICATE-----

-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/vsignss.pem

+++ /dev/null

@@ -1,17 +1,0 @@

-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

-notBefore=Nov  9 00:00:00 1994 GMT

-notAfter=Jan  7 23:59:59 2010 GMT

------BEGIN CERTIFICATE-----

-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG

-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD

-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0

-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV

-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy

-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ

-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII

-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI

-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI

-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3

-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc

-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/certs/wellsfgo.pem

+++ /dev/null

@@ -1,23 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC

-VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD

-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v

-dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0

-MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww

-KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G

-A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi

-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13

-5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE

-SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O

-JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu

-ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE

-AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB

-AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB

-CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw

-b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo

-7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/

-0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7

-nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx

-x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ

-33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/crypto/LPdir_nyi.c

+++ /dev/null

@@ -1,42 +1,0 @@

-/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- */

-#ifndef LPDIR_H

-#include "LPdir.h"

-#endif

-struct LP_dir_context_st { void *dummy; };

-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

-	{

-	errno = EINVAL;

-	return 0;

-	}

-int LP_find_file_end(LP_DIR_CTX **ctx)

-	{

-	errno = EINVAL;

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/LPdir_unix.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#include <stddef.h>

-#include <stdlib.h>

-#include <limits.h>

-#include <string.h>

-#include <sys/types.h>

-#include <dirent.h>

-#include <errno.h>

-#ifndef LPDIR_H

-#include "LPdir.h"

-#endif

-/* The POSIXly macro for the maximum number of characters in a file path

-   is NAME_MAX.  However, some operating systems use PATH_MAX instead.

-   Therefore, it seems natural to first check for PATH_MAX and use that,

-   and if it doesn't exist, use NAME_MAX. */

-#if defined(PATH_MAX)

-# define LP_ENTRY_SIZE PATH_MAX

-#elif defined(NAME_MAX)

-# define LP_ENTRY_SIZE NAME_MAX

-#endif

-/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX

-   exist.  It's also possible that NAME_MAX exists but is define to a

-   very small value (HP-UX offers 14), so we need to check if we got a

-   result, and if it meets a minimum standard, and create or change it

-   if not. */

-#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255

-# undef LP_ENTRY_SIZE

-# define LP_ENTRY_SIZE 255

-#endif

-struct LP_dir_context_st

-{

-  DIR *dir;

-  char entry_name[LP_ENTRY_SIZE+1];

-};

-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

-{

-  struct dirent *direntry = NULL;

-  if (ctx == NULL || directory == NULL)

-    {

-      errno = EINVAL;

-      return 0;

-    }

-  errno = 0;

-  if (*ctx == NULL)

-    {

-      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));

-      if (*ctx == NULL)

-	{

-	  errno = ENOMEM;

-	  return 0;

-	}

-      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

-      (*ctx)->dir = opendir(directory);

-      if ((*ctx)->dir == NULL)

-	{

-	  int save_errno = errno; /* Probably not needed, but I'm paranoid */

-	  free(*ctx);

-	  *ctx = NULL;

-	  errno = save_errno;

-	  return 0;

-	}

-    }

-  direntry = readdir((*ctx)->dir);

-  if (direntry == NULL)

-    {

-      return 0;

-    }

-  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);

-  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';

-  return (*ctx)->entry_name;

-}

-int LP_find_file_end(LP_DIR_CTX **ctx)

-{

-  if (ctx != NULL && *ctx != NULL)

-    {

-      int ret = closedir((*ctx)->dir);

-      free(*ctx);

-      switch (ret)

-	{

-	case 0:

-	  return 1;

-	case -1:

-	  return 0;

-	default:

-	  break;

-	}

-    }

-  errno = EINVAL;

-  return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/LPdir_vms.c

+++ /dev/null

@@ -1,199 +1,0 @@

-/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#include <stddef.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include <descrip.h>

-#include <namdef.h>

-#include <rmsdef.h>

-#include <libfildef.h>

-#include <lib$routines.h>

-#include <strdef.h>

-#include <str$routines.h>

-#include <stsdef.h>

-#ifndef LPDIR_H

-#include "LPdir.h"

-#endif

-/* Because some compiler options hide this macor */

-#ifndef EVMSERR

-#define EVMSERR		65535  /* error for non-translatable VMS errors */

-#endif

-struct LP_dir_context_st

-{

-  unsigned long VMS_context;

-#ifdef NAML$C_MAXRSS

-  char filespec[NAML$C_MAXRSS+1];

-  char result[NAML$C_MAXRSS+1];

-#else

-  char filespec[256];

-  char result[256];

-#endif

-  struct dsc$descriptor_d filespec_dsc;

-  struct dsc$descriptor_d result_dsc;

-};

-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

-{

-  int status;

-  char *p, *r;

-  size_t l;

-  unsigned long flags = 0;

-#ifdef NAML$C_MAXRSS

-  flags |= LIB$M_FIL_LONG_NAMES;

-#endif

-  if (ctx == NULL || directory == NULL)

-    {

-      errno = EINVAL;

-      return 0;

-    }

-  errno = 0;

-  if (*ctx == NULL)

-    {

-      size_t filespeclen = strlen(directory);

-      char *filespec = NULL;

-      /* MUST be a VMS directory specification!  Let's estimate if it is. */

-      if (directory[filespeclen-1] != ']'

-	  && directory[filespeclen-1] != '>'

-	  && directory[filespeclen-1] != ':')

-	{

-	  errno = EINVAL;

-	  return 0;

-	}

-      filespeclen += 4;		/* "*.*;" */

-      if (filespeclen >

-#ifdef NAML$C_MAXRSS

-	  NAML$C_MAXRSS

-#else

-	  255

-#endif

-	  )

-	{

-	  errno = ENAMETOOLONG;

-	  return 0;

-	}

-      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));

-      if (*ctx == NULL)

-	{

-	  errno = ENOMEM;

-	  return 0;

-	}

-      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

-      strcpy((*ctx)->filespec,directory);

-      strcat((*ctx)->filespec,"*.*;");

-      (*ctx)->filespec_dsc.dsc$w_length = filespeclen;

-      (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-      (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;

-      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;

-      (*ctx)->result_dsc.dsc$w_length = 0;

-      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;

-      (*ctx)->result_dsc.dsc$a_pointer = 0;

-    }

-  (*ctx)->result_dsc.dsc$w_length = 0;

-  (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-  (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;

-  (*ctx)->result_dsc.dsc$a_pointer = 0;

-  status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,

-			 &(*ctx)->VMS_context, 0, 0, 0, &flags);

-  if (status == RMS$_NMF)

-    {

-      errno = 0;

-      vaxc$errno = status;

-      return NULL;

-    }

-  if(!$VMS_STATUS_SUCCESS(status))

-    {

-      errno = EVMSERR;

-      vaxc$errno = status;

-      return NULL;

-    }

-  /* Quick, cheap and dirty way to discard any device and directory,

-     since we only want file names */

-  l = (*ctx)->result_dsc.dsc$w_length;

-  p = (*ctx)->result_dsc.dsc$a_pointer;

-  r = p;

-  for (; *p; p++)

-    {

-      if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */

-	{

-	  p++;

-	}

-      else if (*p == ':' || *p == '>' || *p == ']')

-	{

-	  l -= p + 1 - r;

-	  r = p + 1;

-	}

-      else if (*p == ';')

-	{

-	  l = p - r;

-	  break;

-	}

-    }

-  strncpy((*ctx)->result, r, l);

-  (*ctx)->result[l] = '\0';

-  str$free1_dx(&(*ctx)->result_dsc);

-  return (*ctx)->result;

-}

-int LP_find_file_end(LP_DIR_CTX **ctx)

-{

-  if (ctx != NULL && *ctx != NULL)

-    {

-      int status = lib$find_file_end(&(*ctx)->VMS_context);

-      free(*ctx);

-      if(!$VMS_STATUS_SUCCESS(status))

-	{

-	  errno = EVMSERR;

-	  vaxc$errno = status;

-	  return 0;

-	}

-      return 1;

-    }

-  errno = EINVAL;

-  return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/LPdir_win.c

+++ /dev/null

@@ -1,155 +1,0 @@

-/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#include <windows.h>

-#include <tchar.h>

-#ifndef LPDIR_H

-#include "LPdir.h"

-#endif

-/* We're most likely overcautious here, but let's reserve for

-    broken WinCE headers and explicitly opt for UNICODE call.

-    Keep in mind that our WinCE builds are compiled with -DUNICODE

-    [as well as -D_UNICODE]. */

-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)

-# define FindFirstFile FindFirstFileW

-#endif

-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)

-# define FindNextFile FindNextFileW

-#endif

-#ifndef NAME_MAX

-#define NAME_MAX 255

-#endif

-struct LP_dir_context_st

-{

-  WIN32_FIND_DATA ctx;

-  HANDLE handle;

-  char entry_name[NAME_MAX+1];

-};

-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

-{

-  struct dirent *direntry = NULL;

-  if (ctx == NULL || directory == NULL)

-    {

-      errno = EINVAL;

-      return 0;

-    }

-  errno = 0;

-  if (*ctx == NULL)

-    {

-      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));

-      if (*ctx == NULL)

-	{

-	  errno = ENOMEM;

-	  return 0;

-	}

-      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

-      if (sizeof(TCHAR) != sizeof(char))

-	{

-	  TCHAR *wdir = NULL;

-	  /* len_0 denotes string length *with* trailing 0 */

-	  size_t index = 0,len_0 = strlen(directory) + 1;

-	  wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));

-	  if (wdir == NULL)

-	    {

-	      free(*ctx);

-	      *ctx = NULL;

-	      errno = ENOMEM;

-	      return 0;

-	    }

-#ifdef LP_MULTIBYTE_AVAILABLE

-	  if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))

-#endif

-	    for (index = 0; index < len_0; index++)

-	      wdir[index] = (TCHAR)directory[index];

-	  (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);

-	  free(wdir);

-	}

-      else

-	(*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);

-      if ((*ctx)->handle == INVALID_HANDLE_VALUE)

-	{

-	  free(*ctx);

-	  *ctx = NULL;

-	  errno = EINVAL;

-	  return 0;

-	}

-    }

-  else

-    {

-      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)

-	{

-	  return 0;

-	}

-    }

-  if (sizeof(TCHAR) != sizeof(char))

-    {

-      TCHAR *wdir = (*ctx)->ctx.cFileName;

-      size_t index, len_0 = 0;

-      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;

-      len_0++;

-#ifdef LP_MULTIBYTE_AVAILABLE

-      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,

-			       sizeof((*ctx)->entry_name), NULL, 0))

-#endif

-	for (index = 0; index < len_0; index++)

-	  (*ctx)->entry_name[index] = (char)wdir[index];

-    }

-  else

-    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,

-	    sizeof((*ctx)->entry_name)-1);

-  (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';

-  return (*ctx)->entry_name;

-}

-int LP_find_file_end(LP_DIR_CTX **ctx)

-{

-  if (ctx != NULL && *ctx != NULL)

-    {

-      FindClose((*ctx)->handle);

-      free(*ctx);

-      *ctx = NULL;

-      return 1;

-    }

-  errno = EINVAL;

-  return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/LPdir_win32.c

+++ /dev/null

@@ -1,30 +1,0 @@

-/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#define LP_SYS_WIN32

-#define LP_MULTIBYTE_AVAILABLE

-#include "LPdir_win.c"

--- a/sys/src/ape/lib/openssl/crypto/LPdir_wince.c

+++ /dev/null

@@ -1,31 +1,0 @@

-/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#define LP_SYS_WINCE

-/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently

-   under investigation what the exact conditions would be */

-#include "LPdir_win.c"

--- a/sys/src/ape/lib/openssl/crypto/Makefile

+++ /dev/null

@@ -1,204 +1,0 @@

-#

-# OpenSSL/crypto/Makefile

-#

-DIR=		crypto

-TOP=		..

-CC=		cc

-INCLUDE=	-I. -I$(TOP) -I../include

-# INCLUDES targets sudbirs!

-INCLUDES=	-I.. -I../.. -I../../include

-CFLAG=		-g

-MAKEDEPPROG=	makedepend

-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)

-MAKEFILE=       Makefile

-RM=             rm -f

-AR=		ar r

-RECURSIVE_MAKE=	[ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \

-		    (cd $$i && echo "making $$target in $(DIR)/$$i..." && \

-		    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \

-		done;

-PEX_LIBS=

-EX_LIBS=

-CFLAGS= $(INCLUDE) $(CFLAG)

-ASFLAGS= $(INCLUDE) $(ASFLAG)

-AFLAGS=$(ASFLAGS)

-LIBS=

-GENERAL=Makefile README crypto-lib.com install.com

-LIB= $(TOP)/libcrypto.a

-SHARED_LIB= libcrypto$(SHLIB_EXT)

-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c

-LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)

-SRC= $(LIBSRC)

-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \

-	ossl_typ.h

-HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	@(cd ..; $(MAKE) DIRS=$(DIR) all)

-all: shared

-buildinf.h: ../Makefile

-	( echo "#ifndef MK1MF_BUILD"; \

-	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \

-	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \

-	echo '  #define PLATFORM "$(PLATFORM)"'; \

-	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \

-	echo '#endif' ) >buildinf.h

-x86cpuid-elf.s:	x86cpuid.pl perlasm/x86asm.pl

-	$(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@

-x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl

-	$(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@

-x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl

-	$(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@

-uplink.o:	../ms/uplink.c

-	$(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c

-uplink-cof.s:	../ms/uplink.pl

-	$(PERL) ../ms/uplink.pl coff > $@

-x86_64cpuid.s: x86_64cpuid.pl

-	$(PERL) x86_64cpuid.pl $@

-ia64cpuid.s: ia64cpuid.S

-	$(CC) $(CFLAGS) -E ia64cpuid.S > $@

-testapps:

-	[ -z "$(THIS)" ] || (	if echo ${SDIRS} | fgrep ' des '; \

-				then cd des && $(MAKE) -e des; fi )

-	[ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );

-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

-subdirs:

-	@target=all; $(RECURSIVE_MAKE)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-	@target=files; $(RECURSIVE_MAKE)

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)

-	@target=links; $(RECURSIVE_MAKE)

-# lib: and $(LIB): are splitted to avoid end-less loop

-lib:	$(LIB)

-	@touch lib

-$(LIB):	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-shared: buildinf.h lib subdirs

-	if [ -n "$(SHARED_LIBS)" ]; then \

-		(cd ..; $(MAKE) $(SHARED_LIB)); \

-	fi

-libs:

-	@target=lib; $(RECURSIVE_MAKE)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ;\

-	do \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-	@target=install; $(RECURSIVE_MAKE)

-lint:

-	@target=lint; $(RECURSIVE_MAKE)

-depend:

-	@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist

-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-	@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h

-	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )

-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

-clean:

-	rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-	@target=clean; $(RECURSIVE_MAKE)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-	@target=dclean; $(RECURSIVE_MAKE)

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h

-cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h

-cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h

-cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-cpt_err.o: ../include/openssl/symhacks.h cpt_err.c

-cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

-cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h

-cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c

-cryptlib.o: cryptlib.h

-cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

-cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h

-cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h

-cversion.o: cryptlib.h cversion.c

-ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c

-ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

-ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h

-ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h

-ex_data.o: ex_data.c

-mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

-mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-mem.o: ../include/openssl/err.h ../include/openssl/lhash.h

-mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h

-mem.o: mem.c

-mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c

-mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

-mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h

-mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h

-mem_dbg.o: mem_dbg.c

-o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

-o_dir.o: LPdir_unix.c o_dir.c o_dir.h

-o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

-o_str.o: o_str.c o_str.h

-o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c

-o_time.o: o_time.h

-tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h

-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c

-uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c

--- a/sys/src/ape/lib/openssl/crypto/aes/Makefile

+++ /dev/null

@@ -1,119 +1,0 @@

-#

-# crypto/aes/Makefile

-#

-DIR=	aes

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-AES_ASM_OBJ=aes_core.o aes_cbc.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-#TEST=aestest.c

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \

-       aes_ctr.c aes_ige.c

-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \

-       $(AES_ASM_OBJ)

-SRC= $(LIBSRC)

-EXHEADER= aes.h

-HEADER= aes_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-$(LIBOBJ): $(LIBSRC)

-aes-ia64.s: asm/aes-ia64.S

-	$(CC) $(CFLAGS) -E asm/aes-ia64.S > $@

-ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)

-ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)

-ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

-aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h

-aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h

-aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-aes_cfb.o: aes_cfb.c aes_locl.h

-aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

-aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h

-aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

-aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h

-aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

-aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h

-aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h

-aes_ige.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-aes_ige.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h

-aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

-aes_misc.o: ../../include/openssl/opensslconf.h

-aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c

-aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

-aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c

--- a/sys/src/ape/lib/openssl/crypto/aes/README

+++ /dev/null

@@ -1,3 +1,0 @@

-This is an OpenSSL-compatible version of AES (also called Rijndael).

-aes_core.c is basically the same as rijndael-alg-fst.c but with an

-API that looks like the rest of the OpenSSL symmetric cipher suite.

--- a/sys/src/ape/lib/openssl/crypto/aes/aes.h

+++ /dev/null

@@ -1,138 +1,0 @@

-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef HEADER_AES_H

-#define HEADER_AES_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_AES

-#error AES is disabled.

-#endif

-#define AES_ENCRYPT	1

-#define AES_DECRYPT	0

-/* Because array size can't be a const in C, the following two are macros.

-   Both sizes are in bytes. */

-#define AES_MAXNR 14

-#define AES_BLOCK_SIZE 16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* This should be a hidden type, but EVP requires that the size be known */

-struct aes_key_st {

-#ifdef AES_LONG

-    unsigned long rd_key[4 *(AES_MAXNR + 1)];

-#else

-    unsigned int rd_key[4 *(AES_MAXNR + 1)];

-#endif

-    int rounds;

-};

-typedef struct aes_key_st AES_KEY;

-const char *AES_options(void);

-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,

-	AES_KEY *key);

-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,

-	AES_KEY *key);

-void AES_encrypt(const unsigned char *in, unsigned char *out,

-	const AES_KEY *key);

-void AES_decrypt(const unsigned char *in, unsigned char *out,

-	const AES_KEY *key);

-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const AES_KEY *key, const int enc);

-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, const int enc);

-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,

-			    const int nbits,const AES_KEY *key,

-			    unsigned char *ivec,const int enc);

-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num);

-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char ivec[AES_BLOCK_SIZE],

-	unsigned char ecount_buf[AES_BLOCK_SIZE],

-	unsigned int *num);

-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */

-/* NB: the IV is _two_ blocks long */

-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,

-		     const unsigned long length, const AES_KEY *key,

-		     unsigned char *ivec, const int enc);

-/* NB: the IV is _four_ blocks long */

-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,

-			const unsigned long length, const AES_KEY *key,

-			const AES_KEY *key2, const unsigned char *ivec,

-			const int enc);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* !HEADER_AES_H */

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_cbc.c

+++ /dev/null

@@ -1,131 +1,0 @@

-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef AES_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,

-		     const unsigned long length, const AES_KEY *key,

-		     unsigned char *ivec, const int enc) {

-	unsigned long n;

-	unsigned long len = length;

-	unsigned char tmp[AES_BLOCK_SIZE];

-	const unsigned char *iv = ivec;

-	assert(in && out && key && ivec);

-	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));

-	if (AES_ENCRYPT == enc) {

-		while (len >= AES_BLOCK_SIZE) {

-			for(n=0; n < AES_BLOCK_SIZE; ++n)

-				out[n] = in[n] ^ iv[n];

-			AES_encrypt(out, out, key);

-			iv = out;

-			len -= AES_BLOCK_SIZE;

-			in += AES_BLOCK_SIZE;

-			out += AES_BLOCK_SIZE;

-		}

-		if (len) {

-			for(n=0; n < len; ++n)

-				out[n] = in[n] ^ iv[n];

-			for(n=len; n < AES_BLOCK_SIZE; ++n)

-				out[n] = iv[n];

-			AES_encrypt(out, out, key);

-			iv = out;

-		}

-		memcpy(ivec,iv,AES_BLOCK_SIZE);

-	} else if (in != out) {

-		while (len >= AES_BLOCK_SIZE) {

-			AES_decrypt(in, out, key);

-			for(n=0; n < AES_BLOCK_SIZE; ++n)

-				out[n] ^= iv[n];

-			iv = in;

-			len -= AES_BLOCK_SIZE;

-			in  += AES_BLOCK_SIZE;

-			out += AES_BLOCK_SIZE;

-		}

-		if (len) {

-			AES_decrypt(in,tmp,key);

-			for(n=0; n < len; ++n)

-				out[n] = tmp[n] ^ iv[n];

-			iv = in;

-		}

-		memcpy(ivec,iv,AES_BLOCK_SIZE);

-	} else {

-		while (len >= AES_BLOCK_SIZE) {

-			memcpy(tmp, in, AES_BLOCK_SIZE);

-			AES_decrypt(in, out, key);

-			for(n=0; n < AES_BLOCK_SIZE; ++n)

-				out[n] ^= ivec[n];

-			memcpy(ivec, tmp, AES_BLOCK_SIZE);

-			len -= AES_BLOCK_SIZE;

-			in += AES_BLOCK_SIZE;

-			out += AES_BLOCK_SIZE;

-		}

-		if (len) {

-			memcpy(tmp, in, AES_BLOCK_SIZE);

-			AES_decrypt(tmp, out, key);

-			for(n=0; n < len; ++n)

-				out[n] ^= ivec[n];

-			for(n=len; n < AES_BLOCK_SIZE; ++n)

-				out[n] = tmp[n];

-			memcpy(ivec, tmp, AES_BLOCK_SIZE);

-		}

-	}

-}

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_cfb.c

+++ /dev/null

@@ -1,225 +1,0 @@

-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef AES_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-#include "e_os.h"

-/* The input and output encrypted as though 128bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 128bit block we have used is contained in *num;

- */

-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num, const int enc) {

-	unsigned int n;

-	unsigned long l = length;

-	unsigned char c;

-	assert(in && out && key && ivec && num);

-	n = *num;

-	if (enc) {

-		while (l--) {

-			if (n == 0) {

-				AES_encrypt(ivec, ivec, key);

-			}

-			ivec[n] = *(out++) = *(in++) ^ ivec[n];

-			n = (n+1) % AES_BLOCK_SIZE;

-		}

-	} else {

-		while (l--) {

-			if (n == 0) {

-				AES_encrypt(ivec, ivec, key);

-			}

-			c = *(in);

-			*(out++) = *(in++) ^ ivec[n];

-			ivec[n] = c;

-			n = (n+1) % AES_BLOCK_SIZE;

-		}

-	}

-	*num=n;

-}

-/* This expects a single block of size nbits for both in and out. Note that

-   it corrupts any extra bits in the last byte of out */

-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,

-			    const int nbits,const AES_KEY *key,

-			    unsigned char *ivec,const int enc)

-    {

-    int n,rem,num;

-    unsigned char ovec[AES_BLOCK_SIZE*2];

-    if (nbits<=0 || nbits>128) return;

-	/* fill in the first half of the new IV with the current IV */

-	memcpy(ovec,ivec,AES_BLOCK_SIZE);

-	/* construct the new IV */

-	AES_encrypt(ivec,ivec,key);

-	num = (nbits+7)/8;

-	if (enc)	/* encrypt the input */

-	    for(n=0 ; n < num ; ++n)

-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);

-	else		/* decrypt the input */

-	    for(n=0 ; n < num ; ++n)

-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];

-	/* shift ovec left... */

-	rem = nbits%8;

-	num = nbits/8;

-	if(rem==0)

-	    memcpy(ivec,ovec+num,AES_BLOCK_SIZE);

-	else

-	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-		ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);

-    /* it is not necessary to cleanse ovec, since the IV is not secret */

-    }

-/* N.B. This expects the input to be packed, MS bit first */

-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,

-		      const unsigned long length, const AES_KEY *key,

-		      unsigned char *ivec, int *num, const int enc)

-    {

-    unsigned int n;

-    unsigned char c[1],d[1];

-    assert(in && out && key && ivec && num);

-    assert(*num == 0);

-    memset(out,0,(length+7)/8);

-    for(n=0 ; n < length ; ++n)

-	{

-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;

-	AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);

-	out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));

-	}

-    }

-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,

-		      const unsigned long length, const AES_KEY *key,

-		      unsigned char *ivec, int *num, const int enc)

-    {

-    unsigned int n;

-    assert(in && out && key && ivec && num);

-    assert(*num == 0);

-    for(n=0 ; n < length ; ++n)

-	AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);

-    }

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_core.c

+++ /dev/null

@@ -1,1159 +1,0 @@

-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */

-/**

- * rijndael-alg-fst.c

- *

- * @version 3.0 (December 2000)

- *

- * Optimised ANSI C code for the Rijndael cipher (now AES)

- *

- * @author Vincent Rijmen <[email protected]>

- * @author Antoon Bosselaers <[email protected]>

- * @author Paulo Barreto <[email protected]>

- *

- * This code is hereby placed in the public domain.

- *

- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS

- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE

- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE

- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,

- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-/* Note: rewritten a little bit to provide error control and an OpenSSL-

-   compatible API */

-#ifndef AES_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <stdlib.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-/*

-Te0[x] = S [x].[02, 01, 01, 03];

-Te1[x] = S [x].[03, 02, 01, 01];

-Te2[x] = S [x].[01, 03, 02, 01];

-Te3[x] = S [x].[01, 01, 03, 02];

-Td0[x] = Si[x].[0e, 09, 0d, 0b];

-Td1[x] = Si[x].[0b, 0e, 09, 0d];

-Td2[x] = Si[x].[0d, 0b, 0e, 09];

-Td3[x] = Si[x].[09, 0d, 0b, 0e];

-Td4[x] = Si[x].[01];

-*/

-static const u32 Te0[256] = {

-    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,

-    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,

-    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,

-    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,

-    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,

-    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,

-    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,

-    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,

-    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,

-    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,

-    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,

-    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,

-    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,

-    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,

-    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,

-    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,

-    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,

-    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,

-    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,

-    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,

-    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,

-    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,

-    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,

-    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,

-    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,

-    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,

-    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,

-    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,

-    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,

-    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,

-    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,

-    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,

-    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,

-    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,

-    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,

-    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,

-    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,

-    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,

-    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,

-    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,

-    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,

-    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,

-    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,

-    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,

-    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,

-    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,

-    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,

-    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,

-    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,

-    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,

-    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,

-    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,

-    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,

-    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,

-    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,

-    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,

-    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,

-    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,

-    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,

-    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,

-    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,

-    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,

-    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,

-    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,

-};

-static const u32 Te1[256] = {

-    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,

-    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,

-    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,

-    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,

-    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,

-    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,

-    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,

-    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,

-    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,

-    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,

-    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,

-    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,

-    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,

-    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,

-    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,

-    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,

-    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,

-    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,

-    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,

-    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,

-    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,

-    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,

-    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,

-    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,

-    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,

-    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,

-    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,

-    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,

-    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,

-    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,

-    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,

-    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,

-    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,

-    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,

-    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,

-    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,

-    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,

-    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,

-    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,

-    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,

-    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,

-    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,

-    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,

-    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,

-    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,

-    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,

-    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,

-    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,

-    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,

-    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,

-    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,

-    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,

-    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,

-    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,

-    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,

-    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,

-    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,

-    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,

-    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,

-    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,

-    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,

-    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,

-    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,

-    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,

-};

-static const u32 Te2[256] = {

-    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,

-    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,

-    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,

-    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,

-    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,

-    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,

-    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,

-    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,

-    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,

-    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,

-    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,

-    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,

-    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,

-    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,

-    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,

-    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,

-    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,

-    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,

-    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,

-    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,

-    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,

-    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,

-    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,

-    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,

-    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,

-    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,

-    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,

-    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,

-    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,

-    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,

-    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,

-    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,

-    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,

-    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,

-    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,

-    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,

-    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,

-    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,

-    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,

-    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,

-    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,

-    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,

-    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,

-    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,

-    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,

-    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,

-    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,

-    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,

-    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,

-    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,

-    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,

-    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,

-    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,

-    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,

-    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,

-    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,

-    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,

-    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,

-    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,

-    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,

-    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,

-    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,

-    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,

-    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,

-};

-static const u32 Te3[256] = {

-    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,

-    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,

-    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,

-    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,

-    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,

-    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,

-    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,

-    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,

-    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,

-    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,

-    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,

-    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,

-    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,

-    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,

-    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,

-    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,

-    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,

-    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,

-    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,

-    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,

-    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,

-    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,

-    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,

-    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,

-    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,

-    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,

-    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,

-    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,

-    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,

-    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,

-    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,

-    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,

-    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,

-    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,

-    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,

-    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,

-    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,

-    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,

-    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,

-    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,

-    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,

-    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,

-    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,

-    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,

-    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,

-    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,

-    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,

-    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,

-    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,

-    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,

-    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,

-    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,

-    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,

-    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,

-    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,

-    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,

-    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,

-    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,

-    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,

-    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,

-    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,

-    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,

-    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,

-    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,

-};

-static const u32 Td0[256] = {

-    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,

-    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,

-    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,

-    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,

-    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,

-    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,

-    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,

-    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,

-    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,

-    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,

-    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,

-    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,

-    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,

-    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,

-    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,

-    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,

-    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,

-    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,

-    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,

-    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,

-    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,

-    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,

-    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,

-    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,

-    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,

-    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,

-    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,

-    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,

-    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,

-    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,

-    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,

-    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,

-    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,

-    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,

-    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,

-    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,

-    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,

-    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,

-    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,

-    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,

-    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,

-    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,

-    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,

-    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,

-    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,

-    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,

-    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,

-    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,

-    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,

-    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,

-    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,

-    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,

-    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,

-    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,

-    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,

-    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,

-    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,

-    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,

-    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,

-    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,

-    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,

-    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,

-    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,

-    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,

-};

-static const u32 Td1[256] = {

-    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,

-    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,

-    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,

-    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,

-    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,

-    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,

-    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,

-    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,

-    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,

-    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,

-    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,

-    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,

-    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,

-    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,

-    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,

-    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,

-    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,

-    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,

-    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,

-    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,

-    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,

-    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,

-    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,

-    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,

-    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,

-    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,

-    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,

-    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,

-    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,

-    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,

-    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,

-    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,

-    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,

-    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,

-    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,

-    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,

-    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,

-    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,

-    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,

-    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,

-    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,

-    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,

-    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,

-    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,

-    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,

-    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,

-    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,

-    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,

-    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,

-    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,

-    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,

-    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,

-    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,

-    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,

-    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,

-    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,

-    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,

-    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,

-    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,

-    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,

-    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,

-    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,

-    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,

-    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,

-};

-static const u32 Td2[256] = {

-    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,

-    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,

-    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,

-    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,

-    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,

-    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,

-    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,

-    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,

-    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,

-    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,

-    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,

-    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,

-    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,

-    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,

-    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,

-    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,

-    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,

-    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,

-    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,

-    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,

-    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,

-    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,

-    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,

-    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,

-    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,

-    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,

-    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,

-    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,

-    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,

-    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,

-    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,

-    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,

-    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,

-    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,

-    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,

-    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,

-    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,

-    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,

-    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,

-    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,

-    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,

-    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,

-    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,

-    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,

-    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,

-    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,

-    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,

-    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,

-    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,

-    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,

-    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,

-    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,

-    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,

-    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,

-    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,

-    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,

-    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,

-    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,

-    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,

-    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,

-    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,

-    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,

-    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,

-    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,

-};

-static const u32 Td3[256] = {

-    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,

-    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,

-    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,

-    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,

-    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,

-    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,

-    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,

-    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,

-    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,

-    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,

-    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,

-    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,

-    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,

-    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,

-    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,

-    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,

-    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,

-    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,

-    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,

-    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,

-    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,

-    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,

-    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,

-    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,

-    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,

-    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,

-    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,

-    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,

-    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,

-    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,

-    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,

-    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,

-    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,

-    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,

-    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,

-    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,

-    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,

-    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,

-    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,

-    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,

-    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,

-    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,

-    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,

-    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,

-    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,

-    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,

-    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,

-    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,

-    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,

-    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,

-    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,

-    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,

-    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,

-    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,

-    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,

-    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,

-    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,

-    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,

-    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,

-    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,

-    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,

-    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,

-    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,

-    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,

-};

-static const u8 Td4[256] = {

-    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,

-    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,

-    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,

-    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,

-    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,

-    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,

-    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,

-    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,

-    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,

-    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,

-    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,

-    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,

-    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,

-    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,

-    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,

-    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,

-    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,

-    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,

-    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,

-    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,

-    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,

-    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,

-    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,

-    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,

-    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,

-    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,

-    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,

-    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,

-    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,

-    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,

-    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,

-    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,

-};

-static const u32 rcon[] = {

-	0x01000000, 0x02000000, 0x04000000, 0x08000000,

-	0x10000000, 0x20000000, 0x40000000, 0x80000000,

-	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */

-};

-/**

- * Expand the cipher key into the encryption key schedule.

- */

-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,

-			AES_KEY *key) {

-	u32 *rk;

-   	int i = 0;

-	u32 temp;

-	if (!userKey || !key)

-		return -1;

-	if (bits != 128 && bits != 192 && bits != 256)

-		return -2;

-	rk = key->rd_key;

-	if (bits==128)

-		key->rounds = 10;

-	else if (bits==192)

-		key->rounds = 12;

-	else

-		key->rounds = 14;

-	rk[0] = GETU32(userKey     );

-	rk[1] = GETU32(userKey +  4);

-	rk[2] = GETU32(userKey +  8);

-	rk[3] = GETU32(userKey + 12);

-	if (bits == 128) {

-		while (1) {

-			temp  = rk[3];

-			rk[4] = rk[0] ^

-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^

-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^

-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^

-				(Te1[(temp >> 24)       ] & 0x000000ff) ^

-				rcon[i];

-			rk[5] = rk[1] ^ rk[4];

-			rk[6] = rk[2] ^ rk[5];

-			rk[7] = rk[3] ^ rk[6];

-			if (++i == 10) {

-				return 0;

-			}

-			rk += 4;

-		}

-	}

-	rk[4] = GETU32(userKey + 16);

-	rk[5] = GETU32(userKey + 20);

-	if (bits == 192) {

-		while (1) {

-			temp = rk[ 5];

-			rk[ 6] = rk[ 0] ^

-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^

-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^

-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^

-				(Te1[(temp >> 24)       ] & 0x000000ff) ^

-				rcon[i];

-			rk[ 7] = rk[ 1] ^ rk[ 6];

-			rk[ 8] = rk[ 2] ^ rk[ 7];

-			rk[ 9] = rk[ 3] ^ rk[ 8];

-			if (++i == 8) {

-				return 0;

-			}

-			rk[10] = rk[ 4] ^ rk[ 9];

-			rk[11] = rk[ 5] ^ rk[10];

-			rk += 6;

-		}

-	}

-	rk[6] = GETU32(userKey + 24);

-	rk[7] = GETU32(userKey + 28);

-	if (bits == 256) {

-		while (1) {

-			temp = rk[ 7];

-			rk[ 8] = rk[ 0] ^

-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^

-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^

-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^

-				(Te1[(temp >> 24)       ] & 0x000000ff) ^

-				rcon[i];

-			rk[ 9] = rk[ 1] ^ rk[ 8];

-			rk[10] = rk[ 2] ^ rk[ 9];

-			rk[11] = rk[ 3] ^ rk[10];

-			if (++i == 7) {

-				return 0;

-			}

-			temp = rk[11];

-			rk[12] = rk[ 4] ^

-				(Te2[(temp >> 24)       ] & 0xff000000) ^

-				(Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^

-				(Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^

-				(Te1[(temp      ) & 0xff] & 0x000000ff);

-			rk[13] = rk[ 5] ^ rk[12];

-			rk[14] = rk[ 6] ^ rk[13];

-			rk[15] = rk[ 7] ^ rk[14];

-			rk += 8;

-        	}

-	}

-	return 0;

-}

-/**

- * Expand the cipher key into the decryption key schedule.

- */

-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,

-			 AES_KEY *key) {

-        u32 *rk;

-	int i, j, status;

-	u32 temp;

-	/* first, start with an encryption schedule */

-	status = AES_set_encrypt_key(userKey, bits, key);

-	if (status < 0)

-		return status;

-	rk = key->rd_key;

-	/* invert the order of the round keys: */

-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {

-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;

-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;

-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;

-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;

-	}

-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */

-	for (i = 1; i < (key->rounds); i++) {

-		rk += 4;

-		rk[0] =

-			Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^

-			Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^

-			Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^

-			Td3[Te1[(rk[0]      ) & 0xff] & 0xff];

-		rk[1] =

-			Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^

-			Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^

-			Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^

-			Td3[Te1[(rk[1]      ) & 0xff] & 0xff];

-		rk[2] =

-			Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^

-			Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^

-			Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^

-			Td3[Te1[(rk[2]      ) & 0xff] & 0xff];

-		rk[3] =

-			Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^

-			Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^

-			Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^

-			Td3[Te1[(rk[3]      ) & 0xff] & 0xff];

-	}

-	return 0;

-}

-#ifndef AES_ASM

-/*

- * Encrypt a single block

- * in and out can overlap

- */

-void AES_encrypt(const unsigned char *in, unsigned char *out,

-		 const AES_KEY *key) {

-	const u32 *rk;

-	u32 s0, s1, s2, s3, t0, t1, t2, t3;

-#ifndef FULL_UNROLL

-	int r;

-#endif /* ?FULL_UNROLL */

-	assert(in && out && key);

-	rk = key->rd_key;

-	/*

-	 * map byte array block to cipher state

-	 * and add initial round key:

-	 */

-	s0 = GETU32(in     ) ^ rk[0];

-	s1 = GETU32(in +  4) ^ rk[1];

-	s2 = GETU32(in +  8) ^ rk[2];

-	s3 = GETU32(in + 12) ^ rk[3];

-#ifdef FULL_UNROLL

-	/* round 1: */

-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];

-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];

-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];

-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];

-   	/* round 2: */

-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];

-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];

-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];

-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];

-	/* round 3: */

-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];

-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];

-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];

-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];

-   	/* round 4: */

-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];

-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];

-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];

-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];

-	/* round 5: */

-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];

-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];

-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];

-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];

-   	/* round 6: */

-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];

-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];

-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];

-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];

-	/* round 7: */

-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];

-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];

-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];

-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];

-   	/* round 8: */

-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];

-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];

-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];

-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];

-	/* round 9: */

-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];

-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];

-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];

-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];

-    if (key->rounds > 10) {

-        /* round 10: */

-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];

-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];

-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];

-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];

-        /* round 11: */

-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];

-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];

-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];

-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];

-        if (key->rounds > 12) {

-            /* round 12: */

-            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];

-            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];

-            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];

-            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];

-            /* round 13: */

-            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];

-            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];

-            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];

-            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];

-        }

-    }

-    rk += key->rounds << 2;

-#else  /* !FULL_UNROLL */

-    /*

-     * Nr - 1 full rounds:

-     */

-    r = key->rounds >> 1;

-    for (;;) {

-        t0 =

-            Te0[(s0 >> 24)       ] ^

-            Te1[(s1 >> 16) & 0xff] ^

-            Te2[(s2 >>  8) & 0xff] ^

-            Te3[(s3      ) & 0xff] ^

-            rk[4];

-        t1 =

-            Te0[(s1 >> 24)       ] ^

-            Te1[(s2 >> 16) & 0xff] ^

-            Te2[(s3 >>  8) & 0xff] ^

-            Te3[(s0      ) & 0xff] ^

-            rk[5];

-        t2 =

-            Te0[(s2 >> 24)       ] ^

-            Te1[(s3 >> 16) & 0xff] ^

-            Te2[(s0 >>  8) & 0xff] ^

-            Te3[(s1      ) & 0xff] ^

-            rk[6];

-        t3 =

-            Te0[(s3 >> 24)       ] ^

-            Te1[(s0 >> 16) & 0xff] ^

-            Te2[(s1 >>  8) & 0xff] ^

-            Te3[(s2      ) & 0xff] ^

-            rk[7];

-        rk += 8;

-        if (--r == 0) {

-            break;

-        }

-        s0 =

-            Te0[(t0 >> 24)       ] ^

-            Te1[(t1 >> 16) & 0xff] ^

-            Te2[(t2 >>  8) & 0xff] ^

-            Te3[(t3      ) & 0xff] ^

-            rk[0];

-        s1 =

-            Te0[(t1 >> 24)       ] ^

-            Te1[(t2 >> 16) & 0xff] ^

-            Te2[(t3 >>  8) & 0xff] ^

-            Te3[(t0      ) & 0xff] ^

-            rk[1];

-        s2 =

-            Te0[(t2 >> 24)       ] ^

-            Te1[(t3 >> 16) & 0xff] ^

-            Te2[(t0 >>  8) & 0xff] ^

-            Te3[(t1      ) & 0xff] ^

-            rk[2];

-        s3 =

-            Te0[(t3 >> 24)       ] ^

-            Te1[(t0 >> 16) & 0xff] ^

-            Te2[(t1 >>  8) & 0xff] ^

-            Te3[(t2      ) & 0xff] ^

-            rk[3];

-    }

-#endif /* ?FULL_UNROLL */

-    /*

-	 * apply last round and

-	 * map cipher state to byte array block:

-	 */

-	s0 =

-		(Te2[(t0 >> 24)       ] & 0xff000000) ^

-		(Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^

-		(Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^

-		(Te1[(t3      ) & 0xff] & 0x000000ff) ^

-		rk[0];

-	PUTU32(out     , s0);

-	s1 =

-		(Te2[(t1 >> 24)       ] & 0xff000000) ^

-		(Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^

-		(Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^

-		(Te1[(t0      ) & 0xff] & 0x000000ff) ^

-		rk[1];

-	PUTU32(out +  4, s1);

-	s2 =

-		(Te2[(t2 >> 24)       ] & 0xff000000) ^

-		(Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^

-		(Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^

-		(Te1[(t1      ) & 0xff] & 0x000000ff) ^

-		rk[2];

-	PUTU32(out +  8, s2);

-	s3 =

-		(Te2[(t3 >> 24)       ] & 0xff000000) ^

-		(Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^

-		(Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^

-		(Te1[(t2      ) & 0xff] & 0x000000ff) ^

-		rk[3];

-	PUTU32(out + 12, s3);

-}

-/*

- * Decrypt a single block

- * in and out can overlap

- */

-void AES_decrypt(const unsigned char *in, unsigned char *out,

-		 const AES_KEY *key) {

-	const u32 *rk;

-	u32 s0, s1, s2, s3, t0, t1, t2, t3;

-#ifndef FULL_UNROLL

-	int r;

-#endif /* ?FULL_UNROLL */

-	assert(in && out && key);

-	rk = key->rd_key;

-	/*

-	 * map byte array block to cipher state

-	 * and add initial round key:

-	 */

-    s0 = GETU32(in     ) ^ rk[0];

-    s1 = GETU32(in +  4) ^ rk[1];

-    s2 = GETU32(in +  8) ^ rk[2];

-    s3 = GETU32(in + 12) ^ rk[3];

-#ifdef FULL_UNROLL

-    /* round 1: */

-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];

-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];

-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];

-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];

-    /* round 2: */

-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];

-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];

-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];

-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];

-    /* round 3: */

-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];

-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];

-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];

-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];

-    /* round 4: */

-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];

-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];

-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];

-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];

-    /* round 5: */

-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];

-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];

-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];

-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];

-    /* round 6: */

-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];

-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];

-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];

-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];

-    /* round 7: */

-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];

-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];

-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];

-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];

-    /* round 8: */

-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];

-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];

-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];

-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];

-    /* round 9: */

-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];

-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];

-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];

-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];

-    if (key->rounds > 10) {

-        /* round 10: */

-        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];

-        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];

-        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];

-        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];

-        /* round 11: */

-        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];

-        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];

-        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];

-        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];

-        if (key->rounds > 12) {

-            /* round 12: */

-            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];

-            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];

-            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];

-            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];

-            /* round 13: */

-            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];

-            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];

-            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];

-            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];

-        }

-    }

-	rk += key->rounds << 2;

-#else  /* !FULL_UNROLL */

-    /*

-     * Nr - 1 full rounds:

-     */

-    r = key->rounds >> 1;

-    for (;;) {

-        t0 =

-            Td0[(s0 >> 24)       ] ^

-            Td1[(s3 >> 16) & 0xff] ^

-            Td2[(s2 >>  8) & 0xff] ^

-            Td3[(s1      ) & 0xff] ^

-            rk[4];

-        t1 =

-            Td0[(s1 >> 24)       ] ^

-            Td1[(s0 >> 16) & 0xff] ^

-            Td2[(s3 >>  8) & 0xff] ^

-            Td3[(s2      ) & 0xff] ^

-            rk[5];

-        t2 =

-            Td0[(s2 >> 24)       ] ^

-            Td1[(s1 >> 16) & 0xff] ^

-            Td2[(s0 >>  8) & 0xff] ^

-            Td3[(s3      ) & 0xff] ^

-            rk[6];

-        t3 =

-            Td0[(s3 >> 24)       ] ^

-            Td1[(s2 >> 16) & 0xff] ^

-            Td2[(s1 >>  8) & 0xff] ^

-            Td3[(s0      ) & 0xff] ^

-            rk[7];

-        rk += 8;

-        if (--r == 0) {

-            break;

-        }

-        s0 =

-            Td0[(t0 >> 24)       ] ^

-            Td1[(t3 >> 16) & 0xff] ^

-            Td2[(t2 >>  8) & 0xff] ^

-            Td3[(t1      ) & 0xff] ^

-            rk[0];

-        s1 =

-            Td0[(t1 >> 24)       ] ^

-            Td1[(t0 >> 16) & 0xff] ^

-            Td2[(t3 >>  8) & 0xff] ^

-            Td3[(t2      ) & 0xff] ^

-            rk[1];

-        s2 =

-            Td0[(t2 >> 24)       ] ^

-            Td1[(t1 >> 16) & 0xff] ^

-            Td2[(t0 >>  8) & 0xff] ^

-            Td3[(t3      ) & 0xff] ^

-            rk[2];

-        s3 =

-            Td0[(t3 >> 24)       ] ^

-            Td1[(t2 >> 16) & 0xff] ^

-            Td2[(t1 >>  8) & 0xff] ^

-            Td3[(t0      ) & 0xff] ^

-            rk[3];

-    }

-#endif /* ?FULL_UNROLL */

-    /*

-	 * apply last round and

-	 * map cipher state to byte array block:

-	 */

-   	s0 =

-   		(Td4[(t0 >> 24)       ] << 24) ^

-   		(Td4[(t3 >> 16) & 0xff] << 16) ^

-   		(Td4[(t2 >>  8) & 0xff] <<  8) ^

-   		(Td4[(t1      ) & 0xff])       ^

-   		rk[0];

-	PUTU32(out     , s0);

-   	s1 =

-   		(Td4[(t1 >> 24)       ] << 24) ^

-   		(Td4[(t0 >> 16) & 0xff] << 16) ^

-   		(Td4[(t3 >>  8) & 0xff] <<  8) ^

-   		(Td4[(t2      ) & 0xff])       ^

-   		rk[1];

-	PUTU32(out +  4, s1);

-   	s2 =

-   		(Td4[(t2 >> 24)       ] << 24) ^

-   		(Td4[(t1 >> 16) & 0xff] << 16) ^

-   		(Td4[(t0 >>  8) & 0xff] <<  8) ^

-   		(Td4[(t3      ) & 0xff])       ^

-   		rk[2];

-	PUTU32(out +  8, s2);

-   	s3 =

-   		(Td4[(t3 >> 24)       ] << 24) ^

-   		(Td4[(t2 >> 16) & 0xff] << 16) ^

-   		(Td4[(t1 >>  8) & 0xff] <<  8) ^

-   		(Td4[(t0      ) & 0xff])       ^

-   		rk[3];

-	PUTU32(out + 12, s3);

-}

-#endif /* AES_ASM */

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_ctr.c

+++ /dev/null

@@ -1,139 +1,0 @@

-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef AES_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code

- * is endian-neutral. */

-/* increment counter (128-bit int) by 1 */

-static void AES_ctr128_inc(unsigned char *counter) {

-	unsigned long c;

-	/* Grab bottom dword of counter and increment */

-	c = GETU32(counter + 12);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter + 12, c);

-	/* if no overflow, we're done */

-	if (c)

-		return;

-	/* Grab 1st dword of counter and increment */

-	c = GETU32(counter +  8);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter +  8, c);

-	/* if no overflow, we're done */

-	if (c)

-		return;

-	/* Grab 2nd dword of counter and increment */

-	c = GETU32(counter +  4);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter +  4, c);

-	/* if no overflow, we're done */

-	if (c)

-		return;

-	/* Grab top dword of counter and increment */

-	c = GETU32(counter +  0);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter +  0, c);

-}

-/* The input encrypted as though 128bit counter mode is being

- * used.  The extra state information to record how much of the

- * 128bit block we have used is contained in *num, and the

- * encrypted counter is kept in ecount_buf.  Both *num and

- * ecount_buf must be initialised with zeros before the first

- * call to AES_ctr128_encrypt().

- *

- * This algorithm assumes that the counter is in the x lower bits

- * of the IV (ivec), and that the application has full control over

- * overflow and the rest of the IV.  This implementation takes NO

- * responsability for checking that the counter doesn't overflow

- * into the rest of the IV when incremented.

- */

-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char ivec[AES_BLOCK_SIZE],

-	unsigned char ecount_buf[AES_BLOCK_SIZE],

-	unsigned int *num) {

-	unsigned int n;

-	unsigned long l=length;

-	assert(in && out && key && counter && num);

-	assert(*num < AES_BLOCK_SIZE);

-	n = *num;

-	while (l--) {

-		if (n == 0) {

-			AES_encrypt(ivec, ecount_buf, key);

- 			AES_ctr128_inc(ivec);

-		}

-		*(out++) = *(in++) ^ ecount_buf[n];

-		n = (n+1) % AES_BLOCK_SIZE;

-	}

-	*num=n;

-}

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_ecb.c

+++ /dev/null

@@ -1,73 +1,0 @@

-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef AES_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,

-		     const AES_KEY *key, const int enc) {

-        assert(in && out && key);

-	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));

-	if (AES_ENCRYPT == enc)

-		AES_encrypt(in, out, key);

-	else

-		AES_decrypt(in, out, key);

-}

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_ige.c

+++ /dev/null

@@ -1,323 +1,0 @@

-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include "cryptlib.h"

-#include <openssl/aes.h>

-#include "aes_locl.h"

-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))

-typedef struct {

-        unsigned long data[N_WORDS];

-} aes_block_t;

-/* XXX: probably some better way to do this */

-#if defined(__i386__) || defined(__x86_64__)

-#define UNALIGNED_MEMOPS_ARE_FAST 1

-#else

-#define UNALIGNED_MEMOPS_ARE_FAST 0

-#endif

-#if UNALIGNED_MEMOPS_ARE_FAST

-#define load_block(d, s)        (d) = *(const aes_block_t *)(s)

-#define store_block(d, s)       *(aes_block_t *)(d) = (s)

-#else

-#define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)

-#define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)

-#endif

-/* N.B. The IV for this mode is _twice_ the block size */

-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,

-					 const unsigned long length, const AES_KEY *key,

-					 unsigned char *ivec, const int enc)

-	{

-	unsigned long n;

-	unsigned long len;

-	OPENSSL_assert(in && out && key && ivec);

-	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));

-	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);

-	len = length / AES_BLOCK_SIZE;

-	if (AES_ENCRYPT == enc)

-		{

-		if (in != out &&

-		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))

-			{

-			aes_block_t *ivp = (aes_block_t *)ivec;

-			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);

-			while (len)

-				{

-				aes_block_t *inp = (aes_block_t *)in;

-				aes_block_t *outp = (aes_block_t *)out;

-				for(n=0 ; n < N_WORDS; ++n)

-					outp->data[n] = inp->data[n] ^ ivp->data[n];

-				AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);

-				for(n=0 ; n < N_WORDS; ++n)

-					outp->data[n] ^= iv2p->data[n];

-				ivp = outp;

-				iv2p = inp;

-				--len;

-				in += AES_BLOCK_SIZE;

-				out += AES_BLOCK_SIZE;

-				}

-			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);

-			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);

-			}

-		else

-			{

-			aes_block_t tmp, tmp2;

-			aes_block_t iv;

-			aes_block_t iv2;

-			load_block(iv, ivec);

-			load_block(iv2, ivec + AES_BLOCK_SIZE);

-			while (len)

-				{

-				load_block(tmp, in);

-				for(n=0 ; n < N_WORDS; ++n)

-					tmp2.data[n] = tmp.data[n] ^ iv.data[n];

-				AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);

-				for(n=0 ; n < N_WORDS; ++n)

-					tmp2.data[n] ^= iv2.data[n];

-				store_block(out, tmp2);

-				iv = tmp2;

-				iv2 = tmp;

-				--len;

-				in += AES_BLOCK_SIZE;

-				out += AES_BLOCK_SIZE;

-				}

-			memcpy(ivec, iv.data, AES_BLOCK_SIZE);

-			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);

-			}

-		}

-	else

-		{

-		if (in != out &&

-		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))

-			{

-			aes_block_t *ivp = (aes_block_t *)ivec;

-			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);

-			while (len)

-				{

-				aes_block_t tmp;

-				aes_block_t *inp = (aes_block_t *)in;

-				aes_block_t *outp = (aes_block_t *)out;

-				for(n=0 ; n < N_WORDS; ++n)

-					tmp.data[n] = inp->data[n] ^ iv2p->data[n];

-				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);

-				for(n=0 ; n < N_WORDS; ++n)

-					outp->data[n] ^= ivp->data[n];

-				ivp = inp;

-				iv2p = outp;

-				--len;

-				in += AES_BLOCK_SIZE;

-				out += AES_BLOCK_SIZE;

-				}

-			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);

-			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);

-			}

-		else

-			{

-			aes_block_t tmp, tmp2;

-			aes_block_t iv;

-			aes_block_t iv2;

-			load_block(iv, ivec);

-			load_block(iv2, ivec + AES_BLOCK_SIZE);

-			while (len)

-				{

-				load_block(tmp, in);

-				tmp2 = tmp;

-				for(n=0 ; n < N_WORDS; ++n)

-					tmp.data[n] ^= iv2.data[n];

-				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);

-				for(n=0 ; n < N_WORDS; ++n)

-					tmp.data[n] ^= iv.data[n];

-				store_block(out, tmp);

-				iv = tmp2;

-				iv2 = tmp;

-				--len;

-				in += AES_BLOCK_SIZE;

-				out += AES_BLOCK_SIZE;

-				}

-			memcpy(ivec, iv.data, AES_BLOCK_SIZE);

-			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);

-			}

-		}

-	}

-/*

- * Note that its effectively impossible to do biIGE in anything other

- * than a single pass, so no provision is made for chaining.

- */

-/* N.B. The IV for this mode is _four times_ the block size */

-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,

-						const unsigned long length, const AES_KEY *key,

-						const AES_KEY *key2, const unsigned char *ivec,

-						const int enc)

-	{

-	unsigned long n;

-	unsigned long len = length;

-	unsigned char tmp[AES_BLOCK_SIZE];

-	unsigned char tmp2[AES_BLOCK_SIZE];

-	unsigned char tmp3[AES_BLOCK_SIZE];

-	unsigned char prev[AES_BLOCK_SIZE];

-	const unsigned char *iv;

-	const unsigned char *iv2;

-	OPENSSL_assert(in && out && key && ivec);

-	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));

-	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);

-	if (AES_ENCRYPT == enc)

-		{

-		/* XXX: Do a separate case for when in != out (strictly should

-		   check for overlap, too) */

-		/* First the forward pass */

-		iv = ivec;

-		iv2 = ivec + AES_BLOCK_SIZE;

-		while (len >= AES_BLOCK_SIZE)

-			{

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				out[n] = in[n] ^ iv[n];

-			AES_encrypt(out, out, key);

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				out[n] ^= iv2[n];

-			iv = out;

-			memcpy(prev, in, AES_BLOCK_SIZE);

-			iv2 = prev;

-			len -= AES_BLOCK_SIZE;

-			in += AES_BLOCK_SIZE;

-			out += AES_BLOCK_SIZE;

-			}

-		/* And now backwards */

-		iv = ivec + AES_BLOCK_SIZE*2;

-		iv2 = ivec + AES_BLOCK_SIZE*3;

-		len = length;

-		while(len >= AES_BLOCK_SIZE)

-			{

-			out -= AES_BLOCK_SIZE;

-			/* XXX: reduce copies by alternating between buffers */

-			memcpy(tmp, out, AES_BLOCK_SIZE);

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				out[n] ^= iv[n];

-			/*			hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */

-			AES_encrypt(out, out, key);

-			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */

-			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				out[n] ^= iv2[n];

-			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */

-			iv = out;

-			memcpy(prev, tmp, AES_BLOCK_SIZE);

-			iv2 = prev;

-			len -= AES_BLOCK_SIZE;

-			}

-		}

-	else

-		{

-		/* First backwards */

-		iv = ivec + AES_BLOCK_SIZE*2;

-		iv2 = ivec + AES_BLOCK_SIZE*3;

-		in += length;

-		out += length;

-		while (len >= AES_BLOCK_SIZE)

-			{

-			in -= AES_BLOCK_SIZE;

-			out -= AES_BLOCK_SIZE;

-			memcpy(tmp, in, AES_BLOCK_SIZE);

-			memcpy(tmp2, in, AES_BLOCK_SIZE);

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				tmp[n] ^= iv2[n];

-			AES_decrypt(tmp, out, key);

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				out[n] ^= iv[n];

-			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);

-			iv = tmp3;

-			iv2 = out;

-			len -= AES_BLOCK_SIZE;

-			}

-		/* And now forwards */

-		iv = ivec;

-		iv2 = ivec + AES_BLOCK_SIZE;

-		len = length;

-		while (len >= AES_BLOCK_SIZE)

-			{

-			memcpy(tmp, out, AES_BLOCK_SIZE);

-			memcpy(tmp2, out, AES_BLOCK_SIZE);

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				tmp[n] ^= iv2[n];

-			AES_decrypt(tmp, out, key);

-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)

-				out[n] ^= iv[n];

-			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);

-			iv = tmp3;

-			iv2 = out;

-			len -= AES_BLOCK_SIZE;

-			in += AES_BLOCK_SIZE;

-			out += AES_BLOCK_SIZE;

-			}

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_locl.h

+++ /dev/null

@@ -1,89 +1,0 @@

-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef HEADER_AES_LOCL_H

-#define HEADER_AES_LOCL_H

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_AES

-#error AES is disabled.

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))

-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)

-# define GETU32(p) SWAP(*((u32 *)(p)))

-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }

-#else

-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))

-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }

-#endif

-#ifdef AES_LONG

-typedef unsigned long u32;

-#else

-typedef unsigned int u32;

-#endif

-typedef unsigned short u16;

-typedef unsigned char u8;

-#define MAXKC   (256/32)

-#define MAXKB   (256/8)

-#define MAXNR   14

-/* This controls loop-unrolling in aes_core.c */

-#undef FULL_UNROLL

-#endif /* !HEADER_AES_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_misc.c

+++ /dev/null

@@ -1,64 +1,0 @@

-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include <openssl/opensslv.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;

-const char *AES_options(void) {

-#ifdef FULL_UNROLL

-        return "aes(full)";

-#else

-        return "aes(partial)";

-#endif

-}

--- a/sys/src/ape/lib/openssl/crypto/aes/aes_ofb.c

+++ /dev/null

@@ -1,142 +1,0 @@

-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef AES_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/aes.h>

-#include "aes_locl.h"

-/* The input and output encrypted as though 128bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 128bit block we have used is contained in *num;

- */

-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const AES_KEY *key,

-	unsigned char *ivec, int *num) {

-	unsigned int n;

-	unsigned long l=length;

-	assert(in && out && key && ivec && num);

-	n = *num;

-	while (l--) {

-		if (n == 0) {

-			AES_encrypt(ivec, ivec, key);

-		}

-		*(out++) = *(in++) ^ ivec[n];

-		n = (n+1) % AES_BLOCK_SIZE;

-	}

-	*num=n;

-}

--- a/sys/src/ape/lib/openssl/crypto/aes/asm/aes-586.pl

+++ /dev/null

@@ -1,1532 +1,0 @@

-#!/usr/bin/env perl

-#

-# ====================================================================

-# Written by Andy Polyakov <[email protected]> for the OpenSSL

-# project. Rights for redistribution and usage in source and binary

-# forms are granted according to the OpenSSL license.

-# ====================================================================

-#

-# Version 3.6.

-#

-# You might fail to appreciate this module performance from the first

-# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered

-# to be *the* best Intel C compiler without -KPIC, performance appears

-# to be virtually identical... But try to re-configure with shared

-# library support... Aha! Intel compiler "suddenly" lags behind by 30%

-# [on P4, more on others]:-) And if compared to position-independent

-# code generated by GNU C, this code performs *more* than *twice* as

-# fast! Yes, all this buzz about PIC means that unlike other hand-

-# coded implementations, this one was explicitly designed to be safe

-# to use even in shared library context... This also means that this

-# code isn't necessarily absolutely fastest "ever," because in order

-# to achieve position independence an extra register has to be

-# off-loaded to stack, which affects the benchmark result.

-#

-# Special note about instruction choice. Do you recall RC4_INT code

-# performing poorly on P4? It might be the time to figure out why.

-# RC4_INT code implies effective address calculations in base+offset*4

-# form. Trouble is that it seems that offset scaling turned to be

-# critical path... At least eliminating scaling resulted in 2.8x RC4

-# performance improvement [as you might recall]. As AES code is hungry

-# for scaling too, I [try to] avoid the latter by favoring off-by-2

-# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.

-#

-# As was shown by Dean Gaudet <[email protected]>, the above note turned

-# void. Performance improvement with off-by-2 shifts was observed on

-# intermediate implementation, which was spilling yet another register

-# to stack... Final offset*4 code below runs just a tad faster on P4,

-# but exhibits up to 10% improvement on other cores.

-#

-# Second version is "monolithic" replacement for aes_core.c, which in

-# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.

-# This made it possible to implement little-endian variant of the

-# algorithm without modifying the base C code. Motivating factor for

-# the undertaken effort was that it appeared that in tight IA-32

-# register window little-endian flavor could achieve slightly higher

-# Instruction Level Parallelism, and it indeed resulted in up to 15%

-# better performance on most recent �-archs...

-#

-# Third version adds AES_cbc_encrypt implementation, which resulted in

-# up to 40% performance imrovement of CBC benchmark results. 40% was

-# observed on P4 core, where "overall" imrovement coefficient, i.e. if

-# compared to PIC generated by GCC and in CBC mode, was observed to be

-# as large as 4x:-) CBC performance is virtually identical to ECB now

-# and on some platforms even better, e.g. 17.6 "small" cycles/byte on

-# Opteron, because certain function prologues and epilogues are

-# effectively taken out of the loop...

-#

-# Version 3.2 implements compressed tables and prefetch of these tables

-# in CBC[!] mode. Former means that 3/4 of table references are now

-# misaligned, which unfortunately has negative impact on elder IA-32

-# implementations, Pentium suffered 30% penalty, PIII - 10%.

-#

-# Version 3.3 avoids L1 cache aliasing between stack frame and

-# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The

-# latter is achieved by copying the key schedule to controlled place in

-# stack. This unfortunately has rather strong impact on small block CBC

-# performance, ~2x deterioration on 16-byte block if compared to 3.3.

-#

-# Version 3.5 checks if there is L1 cache aliasing between user-supplied

-# key schedule and S-boxes and abstains from copying the former if

-# there is no. This allows end-user to consciously retain small block

-# performance by aligning key schedule in specific manner.

-#

-# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.

-#

-# Current ECB performance numbers for 128-bit key in CPU cycles per

-# processed byte [measure commonly used by AES benchmarkers] are:

-#

-#		small footprint		fully unrolled

-# P4		24			22

-# AMD K8	20			19

-# PIII		25			23

-# Pentium	81			78

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");

-$s0="eax";

-$s1="ebx";

-$s2="ecx";

-$s3="edx";

-$key="edi";

-$acc="esi";

-$compromise=0;		# $compromise=128 abstains from copying key

-			# schedule to stack when encrypting inputs

-			# shorter than 128 bytes at the cost of

-			# risksing aliasing with S-boxes. In return

-			# you get way better, up to +70%, small block

-			# performance.

-$small_footprint=1;	# $small_footprint=1 code is ~5% slower [on

-			# recent �-archs], but ~5 times smaller!

-			# I favor compact code to minimize cache

-			# contention and in hope to "collect" 5% back

-			# in real-life applications...

-$vertical_spin=0;	# shift "verticaly" defaults to 0, because of

-			# its proof-of-concept status...

-# Note that there is no decvert(), as well as last encryption round is

-# performed with "horizontal" shifts. This is because this "vertical"

-# implementation [one which groups shifts on a given $s[i] to form a

-# "column," unlike "horizontal" one, which groups shifts on different

-# $s[i] to form a "row"] is work in progress. It was observed to run

-# few percents faster on Intel cores, but not AMD. On AMD K8 core it's

-# whole 12% slower:-( So we face a trade-off... Shall it be resolved

-# some day? Till then the code is considered experimental and by

-# default remains dormant...

-sub encvert()

-{ my ($te,@s) = @_;

-  my $v0 = $acc, $v1 = $key;

-	&mov	($v0,$s[3]);				# copy s3

-	&mov	(&DWP(4,"esp"),$s[2]);			# save s2

-	&mov	($v1,$s[0]);				# copy s0

-	&mov	(&DWP(8,"esp"),$s[1]);			# save s1

-	&movz	($s[2],&HB($s[0]));

-	&and	($s[0],0xFF);

-	&mov	($s[0],&DWP(0,$te,$s[0],8));		# s0>>0

-	&shr	($v1,16);

-	&mov	($s[3],&DWP(3,$te,$s[2],8));		# s0>>8

-	&movz	($s[1],&HB($v1));

-	&and	($v1,0xFF);

-	&mov	($s[2],&DWP(2,$te,$v1,8));		# s0>>16

-	 &mov	($v1,$v0);

-	&mov	($s[1],&DWP(1,$te,$s[1],8));		# s0>>24

-	&and	($v0,0xFF);

-	&xor	($s[3],&DWP(0,$te,$v0,8));		# s3>>0

-	&movz	($v0,&HB($v1));

-	&shr	($v1,16);

-	&xor	($s[2],&DWP(3,$te,$v0,8));		# s3>>8

-	&movz	($v0,&HB($v1));

-	&and	($v1,0xFF);

-	&xor	($s[1],&DWP(2,$te,$v1,8));		# s3>>16

-	 &mov	($v1,&DWP(4,"esp"));			# restore s2

-	&xor	($s[0],&DWP(1,$te,$v0,8));		# s3>>24

-	&mov	($v0,$v1);

-	&and	($v1,0xFF);

-	&xor	($s[2],&DWP(0,$te,$v1,8));		# s2>>0

-	&movz	($v1,&HB($v0));

-	&shr	($v0,16);

-	&xor	($s[1],&DWP(3,$te,$v1,8));		# s2>>8

-	&movz	($v1,&HB($v0));

-	&and	($v0,0xFF);

-	&xor	($s[0],&DWP(2,$te,$v0,8));		# s2>>16

-	 &mov	($v0,&DWP(8,"esp"));			# restore s1

-	&xor	($s[3],&DWP(1,$te,$v1,8));		# s2>>24

-	&mov	($v1,$v0);

-	&and	($v0,0xFF);

-	&xor	($s[1],&DWP(0,$te,$v0,8));		# s1>>0

-	&movz	($v0,&HB($v1));

-	&shr	($v1,16);

-	&xor	($s[0],&DWP(3,$te,$v0,8));		# s1>>8

-	&movz	($v0,&HB($v1));

-	&and	($v1,0xFF);

-	&xor	($s[3],&DWP(2,$te,$v1,8));		# s1>>16

-	 &mov	($key,&DWP(12,"esp"));			# reincarnate v1 as key

-	&xor	($s[2],&DWP(1,$te,$v0,8));		# s1>>24

-}

-sub encstep()

-{ my ($i,$te,@s) = @_;

-  my $tmp = $key;

-  my $out = $i==3?$s[0]:$acc;

-	# lines marked with #%e?x[i] denote "reordered" instructions...

-	if ($i==3)  {	&mov	($key,&DWP(12,"esp"));		}##%edx

-	else        {	&mov	($out,$s[0]);

-			&and	($out,0xFF);			}

-	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]

-	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]

-			&mov	($out,&DWP(0,$te,$out,8));

-	if ($i==3)  {	$tmp=$s[1];				}##%eax

-			&movz	($tmp,&HB($s[1]));

-			&xor	($out,&DWP(3,$te,$tmp,8));

-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],&DWP(4,"esp"));	}##%ebx

-	else        {	&mov	($tmp,$s[2]);

-			&shr	($tmp,16);			}

-	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]

-			&and	($tmp,0xFF);

-			&xor	($out,&DWP(2,$te,$tmp,8));

-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],&DWP(8,"esp"));	}##%ecx

-	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]

-	else        {	&mov	($tmp,$s[3]);

-			&shr	($tmp,24)			}

-			&xor	($out,&DWP(1,$te,$tmp,8));

-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}

-	if ($i==3)  {	&mov	($s[3],$acc);			}

-			&comment();

-}

-sub enclast()

-{ my ($i,$te,@s)=@_;

-  my $tmp = $key;

-  my $out = $i==3?$s[0]:$acc;

-	if ($i==3)  {	&mov	($key,&DWP(12,"esp"));		}##%edx

-	else        {	&mov	($out,$s[0]);			}

-			&and	($out,0xFF);

-	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]

-	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]

-			&mov	($out,&DWP(2,$te,$out,8));

-			&and	($out,0x000000ff);

-	if ($i==3)  {	$tmp=$s[1];				}##%eax

-			&movz	($tmp,&HB($s[1]));

-			&mov	($tmp,&DWP(0,$te,$tmp,8));

-			&and	($tmp,0x0000ff00);

-			&xor	($out,$tmp);

-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],&DWP(4,"esp"));	}##%ebx

-	else        {	mov	($tmp,$s[2]);

-			&shr	($tmp,16);			}

-	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]

-			&and	($tmp,0xFF);

-			&mov	($tmp,&DWP(0,$te,$tmp,8));

-			&and	($tmp,0x00ff0000);

-			&xor	($out,$tmp);

-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],&DWP(8,"esp"));	}##%ecx

-	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]

-	else        {	&mov	($tmp,$s[3]);

-			&shr	($tmp,24);			}

-			&mov	($tmp,&DWP(2,$te,$tmp,8));

-			&and	($tmp,0xff000000);

-			&xor	($out,$tmp);

-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}

-	if ($i==3)  {	&mov	($s[3],$acc);			}

-}

-sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }

-&public_label("AES_Te");

-&function_begin_B("_x86_AES_encrypt");

-	if ($vertical_spin) {

-		# I need high parts of volatile registers to be accessible...

-		&exch	($s1="edi",$key="ebx");

-		&mov	($s2="esi",$acc="ecx");

-	}

-	# note that caller is expected to allocate stack frame for me!

-	&mov	(&DWP(12,"esp"),$key);		# save key

-	&xor	($s0,&DWP(0,$key));		# xor with key

-	&xor	($s1,&DWP(4,$key));

-	&xor	($s2,&DWP(8,$key));

-	&xor	($s3,&DWP(12,$key));

-	&mov	($acc,&DWP(240,$key));		# load key->rounds

-	if ($small_footprint) {

-	    &lea	($acc,&DWP(-2,$acc,$acc));

-	    &lea	($acc,&DWP(0,$key,$acc,8));

-	    &mov	(&DWP(16,"esp"),$acc);	# end of key schedule

-	    &align	(4);

-	    &set_label("loop");

-		if ($vertical_spin) {

-		    &encvert("ebp",$s0,$s1,$s2,$s3);

-		} else {

-		    &encstep(0,"ebp",$s0,$s1,$s2,$s3);

-		    &encstep(1,"ebp",$s1,$s2,$s3,$s0);

-		    &encstep(2,"ebp",$s2,$s3,$s0,$s1);

-		    &encstep(3,"ebp",$s3,$s0,$s1,$s2);

-		}

-		&add	($key,16);		# advance rd_key

-		&xor	($s0,&DWP(0,$key));

-		&xor	($s1,&DWP(4,$key));

-		&xor	($s2,&DWP(8,$key));

-		&xor	($s3,&DWP(12,$key));

-	    &cmp	($key,&DWP(16,"esp"));

-	    &mov	(&DWP(12,"esp"),$key);

-	    &jb		(&label("loop"));

-	}

-	else {

-	    &cmp	($acc,10);

-	    &jle	(&label("10rounds"));

-	    &cmp	($acc,12);

-	    &jle	(&label("12rounds"));

-	&set_label("14rounds");

-	    for ($i=1;$i<3;$i++) {

-		if ($vertical_spin) {

-		    &encvert("ebp",$s0,$s1,$s2,$s3);

-		} else {

-		    &encstep(0,"ebp",$s0,$s1,$s2,$s3);

-		    &encstep(1,"ebp",$s1,$s2,$s3,$s0);

-		    &encstep(2,"ebp",$s2,$s3,$s0,$s1);

-		    &encstep(3,"ebp",$s3,$s0,$s1,$s2);

-		}

-		&xor	($s0,&DWP(16*$i+0,$key));

-		&xor	($s1,&DWP(16*$i+4,$key));

-		&xor	($s2,&DWP(16*$i+8,$key));

-		&xor	($s3,&DWP(16*$i+12,$key));

-	    }

-	    &add	($key,32);

-	    &mov	(&DWP(12,"esp"),$key);	# advance rd_key

-	&set_label("12rounds");

-	    for ($i=1;$i<3;$i++) {

-		if ($vertical_spin) {

-		    &encvert("ebp",$s0,$s1,$s2,$s3);

-		} else {

-		    &encstep(0,"ebp",$s0,$s1,$s2,$s3);

-		    &encstep(1,"ebp",$s1,$s2,$s3,$s0);

-		    &encstep(2,"ebp",$s2,$s3,$s0,$s1);

-		    &encstep(3,"ebp",$s3,$s0,$s1,$s2);

-		}

-		&xor	($s0,&DWP(16*$i+0,$key));

-		&xor	($s1,&DWP(16*$i+4,$key));

-		&xor	($s2,&DWP(16*$i+8,$key));

-		&xor	($s3,&DWP(16*$i+12,$key));

-	    }

-	    &add	($key,32);

-	    &mov	(&DWP(12,"esp"),$key);	# advance rd_key

-	&set_label("10rounds");

-	    for ($i=1;$i<10;$i++) {

-		if ($vertical_spin) {

-		    &encvert("ebp",$s0,$s1,$s2,$s3);

-		} else {

-		    &encstep(0,"ebp",$s0,$s1,$s2,$s3);

-		    &encstep(1,"ebp",$s1,$s2,$s3,$s0);

-		    &encstep(2,"ebp",$s2,$s3,$s0,$s1);

-		    &encstep(3,"ebp",$s3,$s0,$s1,$s2);

-		}

-		&xor	($s0,&DWP(16*$i+0,$key));

-		&xor	($s1,&DWP(16*$i+4,$key));

-		&xor	($s2,&DWP(16*$i+8,$key));

-		&xor	($s3,&DWP(16*$i+12,$key));

-	    }

-	}

-	if ($vertical_spin) {

-	    # "reincarnate" some registers for "horizontal" spin...

-	    &mov	($s1="ebx",$key="edi");

-	    &mov	($s2="ecx",$acc="esi");

-	}

-	&enclast(0,"ebp",$s0,$s1,$s2,$s3);

-	&enclast(1,"ebp",$s1,$s2,$s3,$s0);

-	&enclast(2,"ebp",$s2,$s3,$s0,$s1);

-	&enclast(3,"ebp",$s3,$s0,$s1,$s2);

-	&add	($key,$small_footprint?16:160);

-	&xor	($s0,&DWP(0,$key));

-	&xor	($s1,&DWP(4,$key));

-	&xor	($s2,&DWP(8,$key));

-	&xor	($s3,&DWP(12,$key));

-	&ret	();

-&set_label("AES_Te",64);	# Yes! I keep it in the code segment!

-	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);

-	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);

-	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);

-	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);

-	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);

-	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);

-	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);

-	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);

-	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);

-	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);

-	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);

-	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);

-	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);

-	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);

-	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);

-	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);

-	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);

-	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);

-	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);

-	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);

-	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);

-	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);

-	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);

-	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);

-	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);

-	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);

-	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);

-	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);

-	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);

-	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);

-	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);

-	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);

-	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);

-	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);

-	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);

-	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);

-	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);

-	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);

-	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);

-	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);

-	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);

-	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);

-	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);

-	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);

-	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);

-	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);

-	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);

-	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);

-	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);

-	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);

-	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);

-	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);

-	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);

-	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);

-	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);

-	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);

-	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);

-	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);

-	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);

-	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);

-	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);

-	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);

-	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);

-	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);

-#rcon:

-	&data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);

-	&data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);

-	&data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0);

-&function_end_B("_x86_AES_encrypt");

-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);

-&public_label("AES_Te");

-&function_begin("AES_encrypt");

-	&mov	($acc,&wparam(0));		# load inp

-	&mov	($key,&wparam(2));		# load key

-	&mov	($s0,"esp");

-	&sub	("esp",24);

-	&and	("esp",-64);

-	&add	("esp",4);

-	&mov	(&DWP(16,"esp"),$s0);

-	&call   (&label("pic_point"));          # make it PIC!

-	&set_label("pic_point");

-	&blindpop("ebp");

-	&lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));

-	&mov	($s0,&DWP(0,$acc));		# load input data

-	&mov	($s1,&DWP(4,$acc));

-	&mov	($s2,&DWP(8,$acc));

-	&mov	($s3,&DWP(12,$acc));

-	&call	("_x86_AES_encrypt");

-	&mov	("esp",&DWP(16,"esp"));

-	&mov	($acc,&wparam(1));		# load out

-	&mov	(&DWP(0,$acc),$s0);		# write output data

-	&mov	(&DWP(4,$acc),$s1);

-	&mov	(&DWP(8,$acc),$s2);

-	&mov	(&DWP(12,$acc),$s3);

-&function_end("AES_encrypt");

-#------------------------------------------------------------------#

-sub decstep()

-{ my ($i,$td,@s) = @_;

-  my $tmp = $key;

-  my $out = $i==3?$s[0]:$acc;

-	# no instructions are reordered, as performance appears

-	# optimal... or rather that all attempts to reorder didn't

-	# result in better performance [which by the way is not a

-	# bit lower than ecryption].

-	if($i==3)   {	&mov	($key,&DWP(12,"esp"));		}

-	else        {	&mov	($out,$s[0]);			}

-			&and	($out,0xFF);

-			&mov	($out,&DWP(0,$td,$out,8));

-	if ($i==3)  {	$tmp=$s[1];				}

-			&movz	($tmp,&HB($s[1]));

-			&xor	($out,&DWP(3,$td,$tmp,8));

-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}

-	else        {	&mov	($tmp,$s[2]);			}

-			&shr	($tmp,16);

-			&and	($tmp,0xFF);

-			&xor	($out,&DWP(2,$td,$tmp,8));

-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],&DWP(8,"esp"));	}

-	else        {	&mov	($tmp,$s[3]);			}

-			&shr	($tmp,24);

-			&xor	($out,&DWP(1,$td,$tmp,8));

-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}

-	if ($i==3)  {	&mov	($s[3],&DWP(4,"esp"));		}

-			&comment();

-}

-sub declast()

-{ my ($i,$td,@s)=@_;

-  my $tmp = $key;

-  my $out = $i==3?$s[0]:$acc;

-	if($i==3)   {	&mov	($key,&DWP(12,"esp"));		}

-	else        {	&mov	($out,$s[0]);			}

-			&and	($out,0xFF);

-			&movz	($out,&BP(2048,$td,$out,1));

-	if ($i==3)  {	$tmp=$s[1];				}

-			&movz	($tmp,&HB($s[1]));

-			&movz	($tmp,&BP(2048,$td,$tmp,1));

-			&shl	($tmp,8);

-			&xor	($out,$tmp);

-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}

-	else        {	mov	($tmp,$s[2]);			}

-			&shr	($tmp,16);

-			&and	($tmp,0xFF);

-			&movz	($tmp,&BP(2048,$td,$tmp,1));

-			&shl	($tmp,16);

-			&xor	($out,$tmp);

-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],&DWP(8,"esp"));	}

-	else        {	&mov	($tmp,$s[3]);			}

-			&shr	($tmp,24);

-			&movz	($tmp,&BP(2048,$td,$tmp,1));

-			&shl	($tmp,24);

-			&xor	($out,$tmp);

-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}

-	if ($i==3)  {	&mov	($s[3],&DWP(4,"esp"));		}

-}

-&public_label("AES_Td");

-&function_begin_B("_x86_AES_decrypt");

-	# note that caller is expected to allocate stack frame for me!

-	&mov	(&DWP(12,"esp"),$key);		# save key

-	&xor	($s0,&DWP(0,$key));		# xor with key

-	&xor	($s1,&DWP(4,$key));

-	&xor	($s2,&DWP(8,$key));

-	&xor	($s3,&DWP(12,$key));

-	&mov	($acc,&DWP(240,$key));		# load key->rounds

-	if ($small_footprint) {

-	    &lea	($acc,&DWP(-2,$acc,$acc));

-	    &lea	($acc,&DWP(0,$key,$acc,8));

-	    &mov	(&DWP(16,"esp"),$acc);	# end of key schedule

-	    &align	(4);

-	    &set_label("loop");

-		&decstep(0,"ebp",$s0,$s3,$s2,$s1);

-		&decstep(1,"ebp",$s1,$s0,$s3,$s2);

-		&decstep(2,"ebp",$s2,$s1,$s0,$s3);

-		&decstep(3,"ebp",$s3,$s2,$s1,$s0);

-		&add	($key,16);		# advance rd_key

-		&xor	($s0,&DWP(0,$key));

-		&xor	($s1,&DWP(4,$key));

-		&xor	($s2,&DWP(8,$key));

-		&xor	($s3,&DWP(12,$key));

-	    &cmp	($key,&DWP(16,"esp"));

-	    &mov	(&DWP(12,"esp"),$key);

-	    &jb		(&label("loop"));

-	}

-	else {

-	    &cmp	($acc,10);

-	    &jle	(&label("10rounds"));

-	    &cmp	($acc,12);

-	    &jle	(&label("12rounds"));

-	&set_label("14rounds");

-	    for ($i=1;$i<3;$i++) {

-		&decstep(0,"ebp",$s0,$s3,$s2,$s1);

-		&decstep(1,"ebp",$s1,$s0,$s3,$s2);

-		&decstep(2,"ebp",$s2,$s1,$s0,$s3);

-		&decstep(3,"ebp",$s3,$s2,$s1,$s0);

-		&xor	($s0,&DWP(16*$i+0,$key));

-		&xor	($s1,&DWP(16*$i+4,$key));

-		&xor	($s2,&DWP(16*$i+8,$key));

-		&xor	($s3,&DWP(16*$i+12,$key));

-	    }

-	    &add	($key,32);

-	    &mov	(&DWP(12,"esp"),$key);	# advance rd_key

-	&set_label("12rounds");

-	    for ($i=1;$i<3;$i++) {

-		&decstep(0,"ebp",$s0,$s3,$s2,$s1);

-		&decstep(1,"ebp",$s1,$s0,$s3,$s2);

-		&decstep(2,"ebp",$s2,$s1,$s0,$s3);

-		&decstep(3,"ebp",$s3,$s2,$s1,$s0);

-		&xor	($s0,&DWP(16*$i+0,$key));

-		&xor	($s1,&DWP(16*$i+4,$key));

-		&xor	($s2,&DWP(16*$i+8,$key));

-		&xor	($s3,&DWP(16*$i+12,$key));

-	    }

-	    &add	($key,32);

-	    &mov	(&DWP(12,"esp"),$key);	# advance rd_key

-	&set_label("10rounds");

-	    for ($i=1;$i<10;$i++) {

-		&decstep(0,"ebp",$s0,$s3,$s2,$s1);

-		&decstep(1,"ebp",$s1,$s0,$s3,$s2);

-		&decstep(2,"ebp",$s2,$s1,$s0,$s3);

-		&decstep(3,"ebp",$s3,$s2,$s1,$s0);

-		&xor	($s0,&DWP(16*$i+0,$key));

-		&xor	($s1,&DWP(16*$i+4,$key));

-		&xor	($s2,&DWP(16*$i+8,$key));

-		&xor	($s3,&DWP(16*$i+12,$key));

-	    }

-	}

-	&declast(0,"ebp",$s0,$s3,$s2,$s1);

-	&declast(1,"ebp",$s1,$s0,$s3,$s2);

-	&declast(2,"ebp",$s2,$s1,$s0,$s3);

-	&declast(3,"ebp",$s3,$s2,$s1,$s0);

-	&add	($key,$small_footprint?16:160);

-	&xor	($s0,&DWP(0,$key));

-	&xor	($s1,&DWP(4,$key));

-	&xor	($s2,&DWP(8,$key));

-	&xor	($s3,&DWP(12,$key));

-	&ret	();

-&set_label("AES_Td",64);	# Yes! I keep it in the code segment!

-	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);

-	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);

-	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);

-	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);

-	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);

-	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);

-	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);

-	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);

-	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);

-	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);

-	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);

-	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);

-	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);

-	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);

-	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);

-	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);

-	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);

-	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);

-	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);

-	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);

-	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);

-	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);

-	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);

-	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);

-	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);

-	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);

-	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);

-	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);

-	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);

-	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);

-	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);

-	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);

-	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);

-	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);

-	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);

-	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);

-	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);

-	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);

-	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);

-	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);

-	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);

-	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);

-	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);

-	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);

-	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);

-	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);

-	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);

-	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);

-	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);

-	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);

-	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);

-	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);

-	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);

-	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);

-	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);

-	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);

-	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);

-	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);

-	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);

-	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);

-	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);

-	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);

-	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);

-	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);

-#Td4:

-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);

-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);

-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);

-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);

-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);

-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);

-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);

-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);

-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);

-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);

-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);

-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);

-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);

-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);

-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);

-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);

-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);

-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);

-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);

-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);

-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);

-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);

-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);

-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);

-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);

-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);

-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);

-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);

-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);

-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);

-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);

-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);

-&function_end_B("_x86_AES_decrypt");

-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);

-&public_label("AES_Td");

-&function_begin("AES_decrypt");

-	&mov	($acc,&wparam(0));		# load inp

-	&mov	($key,&wparam(2));		# load key

-	&mov	($s0,"esp");

-	&sub	("esp",24);

-	&and	("esp",-64);

-	&add	("esp",4);

-	&mov	(&DWP(16,"esp"),$s0);

-	&call   (&label("pic_point"));          # make it PIC!

-	&set_label("pic_point");

-	&blindpop("ebp");

-	&lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));

-	# prefetch Td4

-	&lea	("ebp",&DWP(2048+128,"ebp"));

-	&mov	($s0,&DWP(0-128,"ebp"));

-	&mov	($s1,&DWP(32-128,"ebp"));

-	&mov	($s2,&DWP(64-128,"ebp"));

-	&mov	($s3,&DWP(96-128,"ebp"));

-	&mov	($s0,&DWP(128-128,"ebp"));

-	&mov	($s1,&DWP(160-128,"ebp"));

-	&mov	($s2,&DWP(192-128,"ebp"));

-	&mov	($s3,&DWP(224-128,"ebp"));

-	&lea	("ebp",&DWP(-2048-128,"ebp"));

-	&mov	($s0,&DWP(0,$acc));		# load input data

-	&mov	($s1,&DWP(4,$acc));

-	&mov	($s2,&DWP(8,$acc));

-	&mov	($s3,&DWP(12,$acc));

-	&call	("_x86_AES_decrypt");

-	&mov	("esp",&DWP(16,"esp"));

-	&mov	($acc,&wparam(1));		# load out

-	&mov	(&DWP(0,$acc),$s0);		# write output data

-	&mov	(&DWP(4,$acc),$s1);

-	&mov	(&DWP(8,$acc),$s2);

-	&mov	(&DWP(12,$acc),$s3);

-&function_end("AES_decrypt");

-# void AES_cbc_encrypt (const void char *inp, unsigned char *out,

-#			size_t length, const AES_KEY *key,

-#			unsigned char *ivp,const int enc);

-{

-# stack frame layout

-# -4(%esp)	0(%esp)		return address

-# 0(%esp)	4(%esp)		tmp1

-# 4(%esp)	8(%esp)		tmp2

-# 8(%esp)	12(%esp)	key

-# 12(%esp)	16(%esp)	end of key schedule

-my $_esp=&DWP(16,"esp");	#saved %esp

-my $_inp=&DWP(20,"esp");	#copy of wparam(0)

-my $_out=&DWP(24,"esp");	#copy of wparam(1)

-my $_len=&DWP(28,"esp");	#copy of wparam(2)

-my $_key=&DWP(32,"esp");	#copy of wparam(3)

-my $_ivp=&DWP(36,"esp");	#copy of wparam(4)

-my $_tmp=&DWP(40,"esp");	#volatile variable

-my $ivec=&DWP(44,"esp");	#ivec[16]

-my $aes_key=&DWP(60,"esp");	#copy of aes_key

-my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds

-&public_label("AES_Te");

-&public_label("AES_Td");

-&function_begin("AES_cbc_encrypt");

-	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len

-	&cmp	($s2,0);

-	&je	(&label("enc_out"));

-	&call   (&label("pic_point"));		# make it PIC!

-	&set_label("pic_point");

-	&blindpop("ebp");

-	&pushf	();

-	&cld	();

-	&cmp	(&wparam(5),0);

-	&je	(&label("DECRYPT"));

-	&lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));

-	# allocate aligned stack frame...

-	&lea	($key,&DWP(-64-244,"esp"));

-	&and	($key,-64);

-	# ... and make sure it doesn't alias with AES_Te modulo 4096

-	&mov	($s0,"ebp");

-	&lea	($s1,&DWP(2048,"ebp"));

-	&mov	($s3,$key);

-	&and	($s0,0xfff);		# s = %ebp&0xfff

-	&and	($s1,0xfff);		# e = (%ebp+2048)&0xfff

-	&and	($s3,0xfff);		# p = %esp&0xfff

-	&cmp	($s3,$s1);		# if (p>=e) %esp =- (p-e);

-	&jb	(&label("te_break_out"));

-	&sub	($s3,$s1);

-	&sub	($key,$s3);

-	&jmp	(&label("te_ok"));

-	&set_label("te_break_out");	# else %esp -= (p-s)&0xfff + framesz;

-	&sub	($s3,$s0);

-	&and	($s3,0xfff);

-	&add	($s3,64+256);

-	&sub	($key,$s3);

-	&align	(4);

-	&set_label("te_ok");

-	&mov	($s0,&wparam(0));	# load inp

-	&mov	($s1,&wparam(1));	# load out

-	&mov	($s3,&wparam(3));	# load key

-	&mov	($acc,&wparam(4));	# load ivp

-	&exch	("esp",$key);

-	&add	("esp",4);		# reserve for return address!

-	&mov	($_esp,$key);		# save %esp

-	&mov	($_inp,$s0);		# save copy of inp

-	&mov	($_out,$s1);		# save copy of out

-	&mov	($_len,$s2);		# save copy of len

-	&mov	($_key,$s3);		# save copy of key

-	&mov	($_ivp,$acc);		# save copy of ivp

-	&mov	($mark,0);		# copy of aes_key->rounds = 0;

-	if ($compromise) {

-		&cmp	($s2,$compromise);

-		&jb	(&label("skip_ecopy"));

-	}

-	# do we copy key schedule to stack?

-	&mov	($s1 eq "ebx" ? $s1 : "",$s3);

-	&mov	($s2 eq "ecx" ? $s2 : "",244/4);

-	&sub	($s1,"ebp");

-	&mov	("esi",$s3);

-	&and	($s1,0xfff);

-	&lea	("edi",$aes_key);

-	&cmp	($s1,2048);

-	&jb	(&label("do_ecopy"));

-	&cmp	($s1,4096-244);

-	&jb	(&label("skip_ecopy"));

-	&align	(4);

-	&set_label("do_ecopy");

-		&mov	($_key,"edi");

-		&data_word(0xA5F3F689);	# rep movsd

-	&set_label("skip_ecopy");

-	&mov	($acc,$s0);

-	&mov	($key,16);

-	&align	(4);

-	&set_label("prefetch_te");

-		&mov	($s0,&DWP(0,"ebp"));

-		&mov	($s1,&DWP(32,"ebp"));

-		&mov	($s2,&DWP(64,"ebp"));

-		&mov	($s3,&DWP(96,"ebp"));

-		&lea	("ebp",&DWP(128,"ebp"));

-		&dec	($key);

-	&jnz	(&label("prefetch_te"));

-	&sub	("ebp",2048);

-	&mov	($s2,$_len);

-	&mov	($key,$_ivp);

-	&test	($s2,0xFFFFFFF0);

-	&jz	(&label("enc_tail"));		# short input...

-	&mov	($s0,&DWP(0,$key));		# load iv

-	&mov	($s1,&DWP(4,$key));

-	&align	(4);

-	&set_label("enc_loop");

-		&mov	($s2,&DWP(8,$key));

-		&mov	($s3,&DWP(12,$key));

-		&xor	($s0,&DWP(0,$acc));	# xor input data

-		&xor	($s1,&DWP(4,$acc));

-		&xor	($s2,&DWP(8,$acc));

-		&xor	($s3,&DWP(12,$acc));

-		&mov	($key,$_key);		# load key

-		&call	("_x86_AES_encrypt");

-		&mov	($acc,$_inp);		# load inp

-		&mov	($key,$_out);		# load out

-		&mov	(&DWP(0,$key),$s0);	# save output data

-		&mov	(&DWP(4,$key),$s1);

-		&mov	(&DWP(8,$key),$s2);

-		&mov	(&DWP(12,$key),$s3);

-		&mov	($s2,$_len);		# load len

-		&lea	($acc,&DWP(16,$acc));

-		&mov	($_inp,$acc);		# save inp

-		&lea	($s3,&DWP(16,$key));

-		&mov	($_out,$s3);		# save out

-		&sub	($s2,16);

-		&test	($s2,0xFFFFFFF0);

-		&mov	($_len,$s2);		# save len

-	&jnz	(&label("enc_loop"));

-	&test	($s2,15);

-	&jnz	(&label("enc_tail"));

-	&mov	($acc,$_ivp);		# load ivp

-	&mov	($s2,&DWP(8,$key));	# restore last dwords

-	&mov	($s3,&DWP(12,$key));

-	&mov	(&DWP(0,$acc),$s0);	# save ivec

-	&mov	(&DWP(4,$acc),$s1);

-	&mov	(&DWP(8,$acc),$s2);

-	&mov	(&DWP(12,$acc),$s3);

-	&cmp	($mark,0);		# was the key schedule copied?

-	&mov	("edi",$_key);

-	&je	(&label("skip_ezero"));

-	# zero copy of key schedule

-	&mov	("ecx",240/4);

-	&xor	("eax","eax");

-	&align	(4);

-	&data_word(0xABF3F689);	# rep stosd

-	&set_label("skip_ezero")

-	&mov	("esp",$_esp);

-	&popf	();

-    &set_label("enc_out");

-	&function_end_A();

-	&pushf	();			# kludge, never executed

-    &align	(4);

-    &set_label("enc_tail");

-	&push	($key eq "edi" ? $key : "");	# push ivp

-	&mov	($key,$_out);			# load out

-	&mov	($s1,16);

-	&sub	($s1,$s2);

-	&cmp	($key,$acc);			# compare with inp

-	&je	(&label("enc_in_place"));

-	&align	(4);

-	&data_word(0xA4F3F689);	# rep movsb	# copy input

-	&jmp	(&label("enc_skip_in_place"));

-    &set_label("enc_in_place");

-	&lea	($key,&DWP(0,$key,$s2));

-    &set_label("enc_skip_in_place");

-	&mov	($s2,$s1);

-	&xor	($s0,$s0);

-	&align	(4);

-	&data_word(0xAAF3F689);	# rep stosb	# zero tail

-	&pop	($key);				# pop ivp

-	&mov	($acc,$_out);			# output as input

-	&mov	($s0,&DWP(0,$key));

-	&mov	($s1,&DWP(4,$key));

-	&mov	($_len,16);			# len=16

-	&jmp	(&label("enc_loop"));		# one more spin...

-#----------------------------- DECRYPT -----------------------------#

-&align	(4);

-&set_label("DECRYPT");

-	&lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));

-	# allocate aligned stack frame...

-	&lea	($key,&DWP(-64-244,"esp"));

-	&and	($key,-64);

-	# ... and make sure it doesn't alias with AES_Td modulo 4096

-	&mov	($s0,"ebp");

-	&lea	($s1,&DWP(2048+256,"ebp"));

-	&mov	($s3,$key);

-	&and	($s0,0xfff);		# s = %ebp&0xfff

-	&and	($s1,0xfff);		# e = (%ebp+2048+256)&0xfff

-	&and	($s3,0xfff);		# p = %esp&0xfff

-	&cmp	($s3,$s1);		# if (p>=e) %esp =- (p-e);

-	&jb	(&label("td_break_out"));

-	&sub	($s3,$s1);

-	&sub	($key,$s3);

-	&jmp	(&label("td_ok"));

-	&set_label("td_break_out");	# else %esp -= (p-s)&0xfff + framesz;

-	&sub	($s3,$s0);

-	&and	($s3,0xfff);

-	&add	($s3,64+256);

-	&sub	($key,$s3);

-	&align	(4);

-	&set_label("td_ok");

-	&mov	($s0,&wparam(0));	# load inp

-	&mov	($s1,&wparam(1));	# load out

-	&mov	($s3,&wparam(3));	# load key

-	&mov	($acc,&wparam(4));	# load ivp

-	&exch	("esp",$key);

-	&add	("esp",4);		# reserve for return address!

-	&mov	($_esp,$key);		# save %esp

-	&mov	($_inp,$s0);		# save copy of inp

-	&mov	($_out,$s1);		# save copy of out

-	&mov	($_len,$s2);		# save copy of len

-	&mov	($_key,$s3);		# save copy of key

-	&mov	($_ivp,$acc);		# save copy of ivp

-	&mov	($mark,0);		# copy of aes_key->rounds = 0;

-	if ($compromise) {

-		&cmp	($s2,$compromise);

-		&jb	(&label("skip_dcopy"));

-	}

-	# do we copy key schedule to stack?

-	&mov	($s1 eq "ebx" ? $s1 : "",$s3);

-	&mov	($s2 eq "ecx" ? $s2 : "",244/4);

-	&sub	($s1,"ebp");

-	&mov	("esi",$s3);

-	&and	($s1,0xfff);

-	&lea	("edi",$aes_key);

-	&cmp	($s1,2048+256);

-	&jb	(&label("do_dcopy"));

-	&cmp	($s1,4096-244);

-	&jb	(&label("skip_dcopy"));

-	&align	(4);

-	&set_label("do_dcopy");

-		&mov	($_key,"edi");

-		&data_word(0xA5F3F689);	# rep movsd

-	&set_label("skip_dcopy");

-	&mov	($acc,$s0);

-	&mov	($key,18);

-	&align	(4);

-	&set_label("prefetch_td");

-		&mov	($s0,&DWP(0,"ebp"));

-		&mov	($s1,&DWP(32,"ebp"));

-		&mov	($s2,&DWP(64,"ebp"));

-		&mov	($s3,&DWP(96,"ebp"));

-		&lea	("ebp",&DWP(128,"ebp"));

-		&dec	($key);

-	&jnz	(&label("prefetch_td"));

-	&sub	("ebp",2048+256);

-	&cmp	($acc,$_out);

-	&je	(&label("dec_in_place"));	# in-place processing...

-	&mov	($key,$_ivp);		# load ivp

-	&mov	($_tmp,$key);

-	&align	(4);

-	&set_label("dec_loop");

-		&mov	($s0,&DWP(0,$acc));	# read input

-		&mov	($s1,&DWP(4,$acc));

-		&mov	($s2,&DWP(8,$acc));

-		&mov	($s3,&DWP(12,$acc));

-		&mov	($key,$_key);		# load key

-		&call	("_x86_AES_decrypt");

-		&mov	($key,$_tmp);		# load ivp

-		&mov	($acc,$_len);		# load len

-		&xor	($s0,&DWP(0,$key));	# xor iv

-		&xor	($s1,&DWP(4,$key));

-		&xor	($s2,&DWP(8,$key));

-		&xor	($s3,&DWP(12,$key));

-		&sub	($acc,16);

-		&jc	(&label("dec_partial"));

-		&mov	($_len,$acc);		# save len

-		&mov	($acc,$_inp);		# load inp

-		&mov	($key,$_out);		# load out

-		&mov	(&DWP(0,$key),$s0);	# write output

-		&mov	(&DWP(4,$key),$s1);

-		&mov	(&DWP(8,$key),$s2);

-		&mov	(&DWP(12,$key),$s3);

-		&mov	($_tmp,$acc);		# save ivp

-		&lea	($acc,&DWP(16,$acc));

-		&mov	($_inp,$acc);		# save inp

-		&lea	($key,&DWP(16,$key));

-		&mov	($_out,$key);		# save out

-	&jnz	(&label("dec_loop"));

-	&mov	($key,$_tmp);		# load temp ivp

-    &set_label("dec_end");

-	&mov	($acc,$_ivp);		# load user ivp

-	&mov	($s0,&DWP(0,$key));	# load iv

-	&mov	($s1,&DWP(4,$key));

-	&mov	($s2,&DWP(8,$key));

-	&mov	($s3,&DWP(12,$key));

-	&mov	(&DWP(0,$acc),$s0);	# copy back to user

-	&mov	(&DWP(4,$acc),$s1);

-	&mov	(&DWP(8,$acc),$s2);

-	&mov	(&DWP(12,$acc),$s3);

-	&jmp	(&label("dec_out"));

-    &align	(4);

-    &set_label("dec_partial");

-	&lea	($key,$ivec);

-	&mov	(&DWP(0,$key),$s0);	# dump output to stack

-	&mov	(&DWP(4,$key),$s1);

-	&mov	(&DWP(8,$key),$s2);

-	&mov	(&DWP(12,$key),$s3);

-	&lea	($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));

-	&mov	($acc eq "esi" ? $acc : "",$key);

-	&mov	($key eq "edi" ? $key : "",$_out);	# load out

-	&data_word(0xA4F3F689);	# rep movsb		# copy output

-	&mov	($key,$_inp);				# use inp as temp ivp

-	&jmp	(&label("dec_end"));

-    &align	(4);

-    &set_label("dec_in_place");

-	&set_label("dec_in_place_loop");

-		&lea	($key,$ivec);

-		&mov	($s0,&DWP(0,$acc));	# read input

-		&mov	($s1,&DWP(4,$acc));

-		&mov	($s2,&DWP(8,$acc));

-		&mov	($s3,&DWP(12,$acc));

-		&mov	(&DWP(0,$key),$s0);	# copy to temp

-		&mov	(&DWP(4,$key),$s1);

-		&mov	(&DWP(8,$key),$s2);

-		&mov	(&DWP(12,$key),$s3);

-		&mov	($key,$_key);		# load key

-		&call	("_x86_AES_decrypt");

-		&mov	($key,$_ivp);		# load ivp

-		&mov	($acc,$_out);		# load out

-		&xor	($s0,&DWP(0,$key));	# xor iv

-		&xor	($s1,&DWP(4,$key));

-		&xor	($s2,&DWP(8,$key));

-		&xor	($s3,&DWP(12,$key));

-		&mov	(&DWP(0,$acc),$s0);	# write output

-		&mov	(&DWP(4,$acc),$s1);

-		&mov	(&DWP(8,$acc),$s2);

-		&mov	(&DWP(12,$acc),$s3);

-		&lea	($acc,&DWP(16,$acc));

-		&mov	($_out,$acc);		# save out

-		&lea	($acc,$ivec);

-		&mov	($s0,&DWP(0,$acc));	# read temp

-		&mov	($s1,&DWP(4,$acc));

-		&mov	($s2,&DWP(8,$acc));

-		&mov	($s3,&DWP(12,$acc));

-		&mov	(&DWP(0,$key),$s0);	# copy iv

-		&mov	(&DWP(4,$key),$s1);

-		&mov	(&DWP(8,$key),$s2);

-		&mov	(&DWP(12,$key),$s3);

-		&mov	($acc,$_inp);		# load inp

-		&lea	($acc,&DWP(16,$acc));

-		&mov	($_inp,$acc);		# save inp

-		&mov	($s2,$_len);		# load len

-		&sub	($s2,16);

-		&jc	(&label("dec_in_place_partial"));

-		&mov	($_len,$s2);		# save len

-	&jnz	(&label("dec_in_place_loop"));

-	&jmp	(&label("dec_out"));

-    &align	(4);

-    &set_label("dec_in_place_partial");

-	# one can argue if this is actually required...

-	&mov	($key eq "edi" ? $key : "",$_out);

-	&lea	($acc eq "esi" ? $acc : "",$ivec);

-	&lea	($key,&DWP(0,$key,$s2));

-	&lea	($acc,&DWP(16,$acc,$s2));

-	&neg	($s2 eq "ecx" ? $s2 : "");

-	&data_word(0xA4F3F689);	# rep movsb	# restore tail

-    &align	(4);

-    &set_label("dec_out");

-    &cmp	($mark,0);		# was the key schedule copied?

-    &mov	("edi",$_key);

-    &je		(&label("skip_dzero"));

-    # zero copy of key schedule

-    &mov	("ecx",240/4);

-    &xor	("eax","eax");

-    &align	(4);

-    &data_word(0xABF3F689);	# rep stosd

-    &set_label("skip_dzero")

-    &mov	("esp",$_esp);

-    &popf	();

-&function_end("AES_cbc_encrypt");

-}

-#------------------------------------------------------------------#

-sub enckey()

-{

-	&movz	("esi",&LB("edx"));		# rk[i]>>0

-	&mov	("ebx",&DWP(2,"ebp","esi",8));

-	&movz	("esi",&HB("edx"));		# rk[i]>>8

-	&and	("ebx",0xFF000000);

-	&xor	("eax","ebx");

-	&mov	("ebx",&DWP(2,"ebp","esi",8));

-	&shr	("edx",16);

-	&and	("ebx",0x000000FF);

-	&movz	("esi",&LB("edx"));		# rk[i]>>16

-	&xor	("eax","ebx");

-	&mov	("ebx",&DWP(0,"ebp","esi",8));

-	&movz	("esi",&HB("edx"));		# rk[i]>>24

-	&and	("ebx",0x0000FF00);

-	&xor	("eax","ebx");

-	&mov	("ebx",&DWP(0,"ebp","esi",8));

-	&and	("ebx",0x00FF0000);

-	&xor	("eax","ebx");

-	&xor	("eax",&DWP(2048,"ebp","ecx",4));	# rcon

-}

-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,

-#                        AES_KEY *key)

-&public_label("AES_Te");

-&function_begin("AES_set_encrypt_key");

-	&mov	("esi",&wparam(0));		# user supplied key

-	&mov	("edi",&wparam(2));		# private key schedule

-	&test	("esi",-1);

-	&jz	(&label("badpointer"));

-	&test	("edi",-1);

-	&jz	(&label("badpointer"));

-	&call	(&label("pic_point"));

-	&set_label("pic_point");

-	&blindpop("ebp");

-	&lea	("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));

-	&mov	("ecx",&wparam(1));		# number of bits in key

-	&cmp	("ecx",128);

-	&je	(&label("10rounds"));

-	&cmp	("ecx",192);

-	&je	(&label("12rounds"));

-	&cmp	("ecx",256);

-	&je	(&label("14rounds"));

-	&mov	("eax",-2);			# invalid number of bits

-	&jmp	(&label("exit"));

-    &set_label("10rounds");

-	&mov	("eax",&DWP(0,"esi"));		# copy first 4 dwords

-	&mov	("ebx",&DWP(4,"esi"));

-	&mov	("ecx",&DWP(8,"esi"));

-	&mov	("edx",&DWP(12,"esi"));

-	&mov	(&DWP(0,"edi"),"eax");

-	&mov	(&DWP(4,"edi"),"ebx");

-	&mov	(&DWP(8,"edi"),"ecx");

-	&mov	(&DWP(12,"edi"),"edx");

-	&xor	("ecx","ecx");

-	&jmp	(&label("10shortcut"));

-	&align	(4);

-	&set_label("10loop");

-		&mov	("eax",&DWP(0,"edi"));		# rk[0]

-		&mov	("edx",&DWP(12,"edi"));		# rk[3]

-	&set_label("10shortcut");

-		&enckey	();

-		&mov	(&DWP(16,"edi"),"eax");		# rk[4]

-		&xor	("eax",&DWP(4,"edi"));

-		&mov	(&DWP(20,"edi"),"eax");		# rk[5]

-		&xor	("eax",&DWP(8,"edi"));

-		&mov	(&DWP(24,"edi"),"eax");		# rk[6]

-		&xor	("eax",&DWP(12,"edi"));

-		&mov	(&DWP(28,"edi"),"eax");		# rk[7]

-		&inc	("ecx");

-		&add	("edi",16);

-		&cmp	("ecx",10);

-	&jl	(&label("10loop"));

-	&mov	(&DWP(80,"edi"),10);		# setup number of rounds

-	&xor	("eax","eax");

-	&jmp	(&label("exit"));

-    &set_label("12rounds");

-	&mov	("eax",&DWP(0,"esi"));		# copy first 6 dwords

-	&mov	("ebx",&DWP(4,"esi"));

-	&mov	("ecx",&DWP(8,"esi"));

-	&mov	("edx",&DWP(12,"esi"));

-	&mov	(&DWP(0,"edi"),"eax");

-	&mov	(&DWP(4,"edi"),"ebx");

-	&mov	(&DWP(8,"edi"),"ecx");

-	&mov	(&DWP(12,"edi"),"edx");

-	&mov	("ecx",&DWP(16,"esi"));

-	&mov	("edx",&DWP(20,"esi"));

-	&mov	(&DWP(16,"edi"),"ecx");

-	&mov	(&DWP(20,"edi"),"edx");

-	&xor	("ecx","ecx");

-	&jmp	(&label("12shortcut"));

-	&align	(4);

-	&set_label("12loop");

-		&mov	("eax",&DWP(0,"edi"));		# rk[0]

-		&mov	("edx",&DWP(20,"edi"));		# rk[5]

-	&set_label("12shortcut");

-		&enckey	();

-		&mov	(&DWP(24,"edi"),"eax");		# rk[6]

-		&xor	("eax",&DWP(4,"edi"));

-		&mov	(&DWP(28,"edi"),"eax");		# rk[7]

-		&xor	("eax",&DWP(8,"edi"));

-		&mov	(&DWP(32,"edi"),"eax");		# rk[8]

-		&xor	("eax",&DWP(12,"edi"));

-		&mov	(&DWP(36,"edi"),"eax");		# rk[9]

-		&cmp	("ecx",7);

-		&je	(&label("12break"));

-		&inc	("ecx");

-		&xor	("eax",&DWP(16,"edi"));

-		&mov	(&DWP(40,"edi"),"eax");		# rk[10]

-		&xor	("eax",&DWP(20,"edi"));

-		&mov	(&DWP(44,"edi"),"eax");		# rk[11]

-		&add	("edi",24);

-	&jmp	(&label("12loop"));

-	&set_label("12break");

-	&mov	(&DWP(72,"edi"),12);		# setup number of rounds

-	&xor	("eax","eax");

-	&jmp	(&label("exit"));

-    &set_label("14rounds");

-	&mov	("eax",&DWP(0,"esi"));		# copy first 8 dwords

-	&mov	("ebx",&DWP(4,"esi"));

-	&mov	("ecx",&DWP(8,"esi"));

-	&mov	("edx",&DWP(12,"esi"));

-	&mov	(&DWP(0,"edi"),"eax");

-	&mov	(&DWP(4,"edi"),"ebx");

-	&mov	(&DWP(8,"edi"),"ecx");

-	&mov	(&DWP(12,"edi"),"edx");

-	&mov	("eax",&DWP(16,"esi"));

-	&mov	("ebx",&DWP(20,"esi"));

-	&mov	("ecx",&DWP(24,"esi"));

-	&mov	("edx",&DWP(28,"esi"));

-	&mov	(&DWP(16,"edi"),"eax");

-	&mov	(&DWP(20,"edi"),"ebx");

-	&mov	(&DWP(24,"edi"),"ecx");

-	&mov	(&DWP(28,"edi"),"edx");

-	&xor	("ecx","ecx");

-	&jmp	(&label("14shortcut"));

-	&align	(4);

-	&set_label("14loop");

-		&mov	("edx",&DWP(28,"edi"));		# rk[7]

-	&set_label("14shortcut");

-		&mov	("eax",&DWP(0,"edi"));		# rk[0]

-		&enckey	();

-		&mov	(&DWP(32,"edi"),"eax");		# rk[8]

-		&xor	("eax",&DWP(4,"edi"));

-		&mov	(&DWP(36,"edi"),"eax");		# rk[9]

-		&xor	("eax",&DWP(8,"edi"));

-		&mov	(&DWP(40,"edi"),"eax");		# rk[10]

-		&xor	("eax",&DWP(12,"edi"));

-		&mov	(&DWP(44,"edi"),"eax");		# rk[11]

-		&cmp	("ecx",6);

-		&je	(&label("14break"));

-		&inc	("ecx");

-		&mov	("edx","eax");

-		&mov	("eax",&DWP(16,"edi"));		# rk[4]

-		&movz	("esi",&LB("edx"));		# rk[11]>>0

-		&mov	("ebx",&DWP(2,"ebp","esi",8));

-		&movz	("esi",&HB("edx"));		# rk[11]>>8

-		&and	("ebx",0x000000FF);

-		&xor	("eax","ebx");

-		&mov	("ebx",&DWP(0,"ebp","esi",8));

-		&shr	("edx",16);

-		&and	("ebx",0x0000FF00);

-		&movz	("esi",&LB("edx"));		# rk[11]>>16

-		&xor	("eax","ebx");

-		&mov	("ebx",&DWP(0,"ebp","esi",8));

-		&movz	("esi",&HB("edx"));		# rk[11]>>24

-		&and	("ebx",0x00FF0000);

-		&xor	("eax","ebx");

-		&mov	("ebx",&DWP(2,"ebp","esi",8));

-		&and	("ebx",0xFF000000);

-		&xor	("eax","ebx");

-		&mov	(&DWP(48,"edi"),"eax");		# rk[12]

-		&xor	("eax",&DWP(20,"edi"));

-		&mov	(&DWP(52,"edi"),"eax");		# rk[13]

-		&xor	("eax",&DWP(24,"edi"));

-		&mov	(&DWP(56,"edi"),"eax");		# rk[14]

-		&xor	("eax",&DWP(28,"edi"));

-		&mov	(&DWP(60,"edi"),"eax");		# rk[15]

-		&add	("edi",32);

-	&jmp	(&label("14loop"));

-	&set_label("14break");

-	&mov	(&DWP(48,"edi"),14);		# setup number of rounds

-	&xor	("eax","eax");

-	&jmp	(&label("exit"));

-    &set_label("badpointer");

-	&mov	("eax",-1);

-    &set_label("exit");

-&function_end("AES_set_encrypt_key");

-sub deckey()

-{ my ($i,$ptr,$te,$td) = @_;

-	&mov	("eax",&DWP($i,$ptr));

-	&mov	("edx","eax");

-	&movz	("ebx",&HB("eax"));

-	&shr	("edx",16);

-	&and	("eax",0xFF);

-	&movz	("eax",&BP(2,$te,"eax",8));

-	&movz	("ebx",&BP(2,$te,"ebx",8));

-	&mov	("eax",&DWP(0,$td,"eax",8));

-	&xor	("eax",&DWP(3,$td,"ebx",8));

-	&movz	("ebx",&HB("edx"));

-	&and	("edx",0xFF);

-	&movz	("edx",&BP(2,$te,"edx",8));

-	&movz	("ebx",&BP(2,$te,"ebx",8));

-	&xor	("eax",&DWP(2,$td,"edx",8));

-	&xor	("eax",&DWP(1,$td,"ebx",8));

-	&mov	(&DWP($i,$ptr),"eax");

-}

-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,

-#                        AES_KEY *key)

-&public_label("AES_Td");

-&public_label("AES_Te");

-&function_begin_B("AES_set_decrypt_key");

-	&mov	("eax",&wparam(0));

-	&mov	("ecx",&wparam(1));

-	&mov	("edx",&wparam(2));

-	&sub	("esp",12);

-	&mov	(&DWP(0,"esp"),"eax");

-	&mov	(&DWP(4,"esp"),"ecx");

-	&mov	(&DWP(8,"esp"),"edx");

-	&call	("AES_set_encrypt_key");

-	&add	("esp",12);

-	&cmp	("eax",0);

-	&je	(&label("proceed"));

-	&ret	();

-    &set_label("proceed");

-	&push	("ebp");

-	&push	("ebx");

-	&push	("esi");

-	&push	("edi");

-	&mov	("esi",&wparam(2));

-	&mov	("ecx",&DWP(240,"esi"));	# pull number of rounds

-	&lea	("ecx",&DWP(0,"","ecx",4));

-	&lea	("edi",&DWP(0,"esi","ecx",4));	# pointer to last chunk

-	&align	(4);

-	&set_label("invert");			# invert order of chunks

-		&mov	("eax",&DWP(0,"esi"));

-		&mov	("ebx",&DWP(4,"esi"));

-		&mov	("ecx",&DWP(0,"edi"));

-		&mov	("edx",&DWP(4,"edi"));

-		&mov	(&DWP(0,"edi"),"eax");

-		&mov	(&DWP(4,"edi"),"ebx");

-		&mov	(&DWP(0,"esi"),"ecx");

-		&mov	(&DWP(4,"esi"),"edx");

-		&mov	("eax",&DWP(8,"esi"));

-		&mov	("ebx",&DWP(12,"esi"));

-		&mov	("ecx",&DWP(8,"edi"));

-		&mov	("edx",&DWP(12,"edi"));

-		&mov	(&DWP(8,"edi"),"eax");

-		&mov	(&DWP(12,"edi"),"ebx");

-		&mov	(&DWP(8,"esi"),"ecx");

-		&mov	(&DWP(12,"esi"),"edx");

-		&add	("esi",16);

-		&sub	("edi",16);

-		&cmp	("esi","edi");

-	&jne	(&label("invert"));

-	&call	(&label("pic_point"));

-	&set_label("pic_point");

-	blindpop("ebp");

-	&lea	("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));

-	&lea	("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));

-	&mov	("esi",&wparam(2));

-	&mov	("ecx",&DWP(240,"esi"));	# pull number of rounds

-	&dec	("ecx");

-	&align	(4);

-	&set_label("permute");			# permute the key schedule

-		&add	("esi",16);

-		&deckey	(0,"esi","ebp","edi");

-		&deckey	(4,"esi","ebp","edi");

-		&deckey	(8,"esi","ebp","edi");

-		&deckey	(12,"esi","ebp","edi");

-		&dec	("ecx");

-	&jnz	(&label("permute"));

-	&xor	("eax","eax");			# return success

-&function_end("AES_set_decrypt_key");

-&asm_finish();

--- a/sys/src/ape/lib/openssl/crypto/aes/asm/aes-ia64.S

+++ /dev/null

@@ -1,1123 +1,0 @@

-// ====================================================================

-// Written by Andy Polyakov <[email protected]> for the OpenSSL

-// project. Rights for redistribution and usage in source and binary

-// forms are granted according to the OpenSSL license.

-// ====================================================================

-//

-// What's wrong with compiler generated code? Compiler never uses

-// variable 'shr' which is pairable with 'extr'/'dep' instructions.

-// Then it uses 'zxt' which is an I-type, but can be replaced with

-// 'and' which in turn can be assigned to M-port [there're double as

-// much M-ports as there're I-ports on Itanium 2]. By sacrificing few

-// registers for small constants (255, 24 and 16) to be used with

-// 'shr' and 'and' instructions I can achieve better ILP, Intruction

-// Level Parallelism, and performance. This code outperforms GCC 3.3

-// generated code by over factor of 2 (two), GCC 3.4 - by 70% and

-// HP C - by 40%. Measured best-case scenario, i.e. aligned

-// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)

-// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.

-// Version 1.2 mitigates the hazard of cache-timing attacks by

-// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling

-// references to S-boxes for L2 cache latency, c) prefetching T[ed]4

-// prior last round. As result performance dropped to (26 + 15*rounds)

-// ticks per block or 11 cycles per byte processed with 128-bit key.

-// This is ~16% deterioration. For reference Itanium 2 L1 cache has

-// 64 bytes line size and L2 - 128 bytes...

-.ident	"aes-ia64.S, version 1.2"

-.ident	"IA-64 ISA artwork by Andy Polyakov <[email protected]>"

-.explicit

-.text

-rk0=r8;     rk1=r9;

-pfssave=r2;

-lcsave=r10;

-prsave=r3;

-maskff=r11;

-twenty4=r14;

-sixteen=r15;

-te00=r16;   te11=r17;   te22=r18;   te33=r19;

-te01=r20;   te12=r21;   te23=r22;   te30=r23;

-te02=r24;   te13=r25;   te20=r26;   te31=r27;

-te03=r28;   te10=r29;   te21=r30;   te32=r31;

-// these are rotating...

-t0=r32;     s0=r33;

-t1=r34;     s1=r35;

-t2=r36;     s2=r37;

-t3=r38;     s3=r39;

-te0=r40;    te1=r41;    te2=r42;    te3=r43;

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-# define ADDP	addp4

-#else

-# define ADDP	add

-#endif

-// Offsets from Te0

-#define TE0	0

-#define TE2	2

-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)

-#define TE1	3

-#define TE3	1

-#else

-#define TE1	1

-#define TE3	3

-#endif

-// This implies that AES_KEY comprises 32-bit key schedule elements

-// even on LP64 platforms.

-#ifndef	KSZ

-# define KSZ	4

-# define LDKEY	ld4

-#endif

-.proc	_ia64_AES_encrypt#

-// Input:	rk0-rk1

-//		te0

-//		te3	as AES_KEY->rounds!!!

-//		s0-s3

-//		maskff,twenty4,sixteen

-// Output:	r16,r20,r24,r28 as s0-s3

-// Clobber:	r16-r31,rk0-rk1,r32-r43

-.align	32

-_ia64_AES_encrypt:

-	.prologue

-	.altrp	b6

-	.body

-{ .mmi;	alloc	r16=ar.pfs,12,0,0,8

-	LDKEY	t0=[rk0],2*KSZ

-	mov	pr.rot=1<<16	}

-{ .mmi;	LDKEY	t1=[rk1],2*KSZ

-	add	te1=TE1,te0

-	add	te3=-3,te3	};;

-{ .mib;	LDKEY	t2=[rk0],2*KSZ

-	mov	ar.ec=2		}

-{ .mib;	LDKEY	t3=[rk1],2*KSZ

-	add	te2=TE2,te0

-	brp.loop.imp	.Le_top,.Le_end-16	};;

-{ .mmi;	xor	s0=s0,t0

-	xor	s1=s1,t1

-	mov	ar.lc=te3	}

-{ .mmi;	xor	s2=s2,t2

-	xor	s3=s3,t3

-	add	te3=TE3,te0	};;

-.align	32

-.Le_top:

-{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]

-	(p0)	and	te33=s3,maskff		// 0/0:s3&0xff

-	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff

-{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]

-	(p0)	and	te30=s0,maskff		// 0/1:s0&0xff

-	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24

-{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]

-	(p0)	shladd	te33=te33,3,te3		// 1/0:te0+s0>>24

-	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff

-{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]

-	(p0)	shladd	te30=te30,3,te3		// 1/1:te3+s0

-	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24

-{ .mmi;	(p0)	ld4	te33=[te33]		// 2/0:te3[s3&0xff]

-	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff

-	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff

-{ .mmi;	(p0)	ld4	te30=[te30]		// 2/1:te3[s0]

-	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8

-	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24

-{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]

-	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8

-	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff

-{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]

-	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24

-	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24

-{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]

-	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2

-	(p0)	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff

-{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]

-	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24

-	(p0)	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16

-{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]

-	(p0)	shladd	te11=te11,3,te1		// 5/0:te1+s1>>16

-	(p0)	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff

-{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]

-	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24

-	(p0)	and	te31=s1,maskff	};;	// 5/2:s1&0xff

-{ .mmi;	(p0)	ld4	te11=[te11]		// 6/0:te1[s1>>16]

-	(p0)	shladd	te12=te12,3,te1		// 6/1:te1+s2>>16

-	(p0)	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff

-{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]

-	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16

-	(p0)	and	te32=s2,maskff	};;	// 6/3:s2&0xff

-{ .mmi;	(p0)	ld4	te12=[te12]		// 7/1:te1[s2>>16]

-	(p0)	shladd	te31=te31,3,te3		// 7/2:te3+s1&0xff

-	(p0)	and	te13=te13,maskff}	// 7/2:s3>>16&0xff

-{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]

-	(p0)	shladd	te32=te32,3,te3		// 7/3:te3+s2

-	(p0)	xor	t0=t0,te33	};;	// 7/0:

-{ .mmi;	(p0)	ld4	te31=[te31]		// 8/2:te3[s1]

-	(p0)	shladd	te13=te13,3,te1		// 8/2:te1+s3>>16

-	(p0)	xor	t0=t0,te22	}	// 8/0:

-{ .mmi;	(p0)	ld4	te32=[te32]		// 8/3:te3[s2]

-	(p0)	shladd	te10=te10,3,te1		// 8/3:te1+s0>>16

-	(p0)	xor	t1=t1,te30	};;	// 8/1:

-{ .mmi;	(p0)	ld4	te13=[te13]		// 9/2:te1[s3>>16]

-	(p0)	ld4	te10=[te10]		// 9/3:te1[s0>>16]

-	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling

-{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:

-	(p0)	xor	t2=t2,te20		// 10[9]/2:

-	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:

-{ .mmi;	(p0)	xor	t0=t0,te11		// 11[10]/0:done!

-	(p0)	xor	t1=t1,te01		// 11[10]/1:

-	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling

-{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:

-	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)

-{ .mmi;	(p0)	xor	t1=t1,te12		// 13[11]/1:done!

-	(p0)	xor	t2=t2,te31		// 13[11]/2:

-	(p0)	xor	t3=t3,te32	}	// 13[11]/3:

-{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/

-	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/

-{ .mib;	(p0)	xor	t2=t2,te13		// 14[12]/2:done!

-	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/

-{ .mib;	(p0)	xor	t3=t3,te10		// 14[12]/3:done!

-	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/

-	br.ctop.sptk	.Le_top		};;

-.Le_end:

-{ .mmi;	ld8	te12=[te0]		// prefetch Te4

-	ld8	te31=[te1]	}

-{ .mmi;	ld8	te10=[te2]

-	ld8	te32=[te3]	}

-{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]

-	and	te33=s3,maskff		// 0/0:s3&0xff

-	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff

-{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]

-	and	te30=s0,maskff		// 0/1:s0&0xff

-	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24

-{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]

-	add	te33=te33,te0		// 1/0:te0+s0>>24

-	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff

-{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]

-	add	te30=te30,te0		// 1/1:te0+s0

-	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24

-{ .mmi;	ld1	te33=[te33]		// 2/0:te0[s3&0xff]

-	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff

-	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff

-{ .mmi;	ld1	te30=[te30]		// 2/1:te0[s0]

-	add	te23=te23,te0		// 2/1:te0+s3>>8

-	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24

-{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]

-	add	te20=te20,te0		// 3/2:te0+s0>>8

-	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff

-{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]

-	add	te00=te00,te0		// 3/0:te0+s0>>24

-	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24

-{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]

-	add	te21=te21,te0		// 4/3:te0+s2

-	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff

-{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]

-	add	te01=te01,te0		// 4/1:te0+s1>>24

-	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16

-{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]

-	add	te11=te11,te0		// 5/0:te0+s1>>16

-	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff

-{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]

-	add	te02=te02,te0		// 5/2:te0+s2>>24

-	and	te31=s1,maskff	};;	// 5/2:s1&0xff

-{ .mmi;	ld1	te11=[te11]		// 6/0:te0[s1>>16]

-	add	te12=te12,te0		// 6/1:te0+s2>>16

-	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff

-{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]

-	add	te03=te03,te0		// 6/3:te0+s0>>16

-	and	te32=s2,maskff	};;	// 6/3:s2&0xff

-{ .mmi;	ld1	te12=[te12]		// 7/1:te0[s2>>16]

-	add	te31=te31,te0		// 7/2:te0+s1&0xff

-	dep	te33=te22,te33,8,8}	// 7/0:

-{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]

-	add	te32=te32,te0		// 7/3:te0+s2

-	and	te13=te13,maskff};;	// 7/2:s3>>16&0xff

-{ .mmi;	ld1	te31=[te31]		// 8/2:te0[s1]

-	add	te13=te13,te0		// 8/2:te0+s3>>16

-	dep	te30=te23,te30,8,8}	// 8/1:

-{ .mmi;	ld1	te32=[te32]		// 8/3:te0[s2]

-	add	te10=te10,te0		// 8/3:te0+s0>>16

-	shl	te00=te00,twenty4};;	// 8/0:

-{ .mii;	ld1	te13=[te13]		// 9/2:te0[s3>>16]

-	dep	te33=te11,te33,16,8	// 9/0:

-	shl	te01=te01,twenty4};;	// 9/1:

-{ .mii;	ld1	te10=[te10]		// 10/3:te0[s0>>16]

-	dep	te31=te20,te31,8,8	// 10/2:

-	shl	te02=te02,twenty4};;	// 10/2:

-{ .mii;	xor	t0=t0,te33		// 11/0:

-	dep	te32=te21,te32,8,8	// 11/3:

-	shl	te12=te12,sixteen};;	// 11/1:

-{ .mii;	xor	r16=t0,te00		// 12/0:done!

-	dep	te31=te13,te31,16,8	// 12/2:

-	shl	te03=te03,twenty4};;	// 12/3:

-{ .mmi;	xor	t1=t1,te01		// 13/1:

-	xor	t2=t2,te02		// 13/2:

-	dep	te32=te10,te32,16,8};;	// 13/3:

-{ .mmi;	xor	t1=t1,te30		// 14/1:

-	xor	r24=t2,te31		// 14/2:done!

-	xor	t3=t3,te32	};;	// 14/3:

-{ .mib;	xor	r20=t1,te12		// 15/1:done!

-	xor	r28=t3,te03		// 15/3:done!

-	br.ret.sptk	b6	};;

-.endp	_ia64_AES_encrypt#

-// void AES_encrypt (const void *in,void *out,const AES_KEY *key);

-.global	AES_encrypt#

-.proc	AES_encrypt#

-.align	32

-AES_encrypt:

-	.prologue

-	.save	ar.pfs,pfssave

-{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0

-	and	out0=3,in0

-	mov	r3=ip			}

-{ .mmi;	ADDP	in0=0,in0

-	mov	loc0=psr.um

-	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds

-{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds

-	add	out8=(AES_Te#-AES_encrypt#),r3	// Te0

-	.save	pr,prsave

-	mov	prsave=pr		}

-{ .mmi;	rum	1<<3				// clear um.ac

-	.save	ar.lc,lcsave

-	mov	lcsave=ar.lc		};;

-	.body

-#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...

-{ .mib; cmp.ne	p6,p0=out0,r0

-	add	out0=4,in0

-(p6)	br.dpnt.many	.Le_i_unaligned	};;

-{ .mmi;	ld4	out1=[in0],8		// s0

-	and	out9=3,in1

-	mov	twenty4=24		}

-{ .mmi;	ld4	out3=[out0],8		// s1

-	ADDP	rk0=0,in2

-	mov	sixteen=16		};;

-{ .mmi;	ld4	out5=[in0]		// s2

-	cmp.ne	p6,p0=out9,r0

-	mov	maskff=0xff		}

-{ .mmb;	ld4	out7=[out0]		// s3

-	ADDP	rk1=KSZ,in2

-	br.call.sptk.many	b6=_ia64_AES_encrypt	};;

-{ .mib;	ADDP	in0=4,in1

-	ADDP	in1=0,in1

-(p6)	br.spnt	.Le_o_unaligned		};;

-{ .mii;	mov	psr.um=loc0

-	mov	ar.pfs=pfssave

-	mov	ar.lc=lcsave		};;

-{ .mmi;	st4	[in1]=r16,8		// s0

-	st4	[in0]=r20,8		// s1

-	mov	pr=prsave,0x1ffff	};;

-{ .mmb;	st4	[in1]=r24		// s2

-	st4	[in0]=r28		// s3

-	br.ret.sptk.many	b0	};;

-#endif

-.align	32

-.Le_i_unaligned:

-{ .mmi;	add	out0=1,in0

-	add	out2=2,in0

-	add	out4=3,in0	};;

-{ .mmi;	ld1	r16=[in0],4

-	ld1	r17=[out0],4	}//;;

-{ .mmi;	ld1	r18=[out2],4

-	ld1	out1=[out4],4	};;	// s0

-{ .mmi;	ld1	r20=[in0],4

-	ld1	r21=[out0],4	}//;;

-{ .mmi;	ld1	r22=[out2],4

-	ld1	out3=[out4],4	};;	// s1

-{ .mmi;	ld1	r24=[in0],4

-	ld1	r25=[out0],4	}//;;

-{ .mmi;	ld1	r26=[out2],4

-	ld1	out5=[out4],4	};;	// s2

-{ .mmi;	ld1	r28=[in0]

-	ld1	r29=[out0]	}//;;

-{ .mmi;	ld1	r30=[out2]

-	ld1	out7=[out4]	};;	// s3

-{ .mii;

-	dep	out1=r16,out1,24,8	//;;

-	dep	out3=r20,out3,24,8	}//;;

-{ .mii;	ADDP	rk0=0,in2

-	dep	out5=r24,out5,24,8	//;;

-	dep	out7=r28,out7,24,8	};;

-{ .mii;	ADDP	rk1=KSZ,in2

-	dep	out1=r17,out1,16,8	//;;

-	dep	out3=r21,out3,16,8	}//;;

-{ .mii;	mov	twenty4=24

-	dep	out5=r25,out5,16,8	//;;

-	dep	out7=r29,out7,16,8	};;

-{ .mii;	mov	sixteen=16

-	dep	out1=r18,out1,8,8	//;;

-	dep	out3=r22,out3,8,8	}//;;

-{ .mii;	mov	maskff=0xff

-	dep	out5=r26,out5,8,8	//;;

-	dep	out7=r30,out7,8,8	};;

-{ .mib;	br.call.sptk.many	b6=_ia64_AES_encrypt	};;

-.Le_o_unaligned:

-{ .mii;	ADDP	out0=0,in1

-	extr.u	r17=r16,8,8			// s0

-	shr.u	r19=r16,twenty4		}//;;

-{ .mii;	ADDP	out1=1,in1

-	extr.u	r18=r16,16,8

-	shr.u	r23=r20,twenty4		}//;;	// s1

-{ .mii;	ADDP	out2=2,in1

-	extr.u	r21=r20,8,8

-	shr.u	r22=r20,sixteen		}//;;

-{ .mii;	ADDP	out3=3,in1

-	extr.u	r25=r24,8,8			// s2

-	shr.u	r27=r24,twenty4		};;

-{ .mii;	st1	[out3]=r16,4

-	extr.u	r26=r24,16,8

-	shr.u	r31=r28,twenty4		}//;;	// s3

-{ .mii;	st1	[out2]=r17,4

-	extr.u	r29=r28,8,8

-	shr.u	r30=r28,sixteen		}//;;

-{ .mmi;	st1	[out1]=r18,4

-	st1	[out0]=r19,4		};;

-{ .mmi;	st1	[out3]=r20,4

-	st1	[out2]=r21,4		}//;;

-{ .mmi;	st1	[out1]=r22,4

-	st1	[out0]=r23,4		};;

-{ .mmi;	st1	[out3]=r24,4

-	st1	[out2]=r25,4

-	mov	pr=prsave,0x1ffff	}//;;

-{ .mmi;	st1	[out1]=r26,4

-	st1	[out0]=r27,4

-	mov	ar.pfs=pfssave		};;

-{ .mmi;	st1	[out3]=r28

-	st1	[out2]=r29

-	mov	ar.lc=lcsave		}//;;

-{ .mmi;	st1	[out1]=r30

-	st1	[out0]=r31		}

-{ .mfb;	mov	psr.um=loc0			// restore user mask

-	br.ret.sptk.many	b0	};;

-.endp	AES_encrypt#

-// *AES_decrypt are autogenerated by the following script:

-#if 0

-#!/usr/bin/env perl

-print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n";

-open(PROG,'<'.$0); while(<PROG>) { print; } close(PROG);

-print "#endif\n";

-while(<>) {

-	$process=1	if (/\.proc\s+_ia64_AES_encrypt/);

-	next		if (!$process);

-	#s/te00=s0/td00=s0/;	s/te00/td00/g;

-	s/te11=s1/td13=s3/;	s/te11/td13/g;

-	#s/te22=s2/td22=s2/;	s/te22/td22/g;

-	s/te33=s3/td31=s1/;	s/te33/td31/g;

-	#s/te01=s1/td01=s1/;	s/te01/td01/g;

-	s/te12=s2/td10=s0/;	s/te12/td10/g;

-	#s/te23=s3/td23=s3/;	s/te23/td23/g;

-	s/te30=s0/td32=s2/;	s/te30/td32/g;

-	#s/te02=s2/td02=s2/;	s/te02/td02/g;

-	s/te13=s3/td11=s1/;	s/te13/td11/g;

-	#s/te20=s0/td20=s0/;	s/te20/td20/g;

-	s/te31=s1/td33=s3/;	s/te31/td33/g;

-	#s/te03=s3/td03=s3/;	s/te03/td03/g;

-	s/te10=s0/td12=s2/;	s/te10/td12/g;

-	#s/te21=s1/td21=s1/;	s/te21/td21/g;

-	s/te32=s2/td30=s0/;	s/te32/td30/g;

-	s/td/te/g;

-	s/AES_encrypt/AES_decrypt/g;

-	s/\.Le_/.Ld_/g;

-	s/AES_Te#/AES_Td#/g;

-	print;

-	exit		if (/\.endp\s+AES_decrypt/);

-}

-#endif

-.proc	_ia64_AES_decrypt#

-// Input:	rk0-rk1

-//		te0

-//		te3	as AES_KEY->rounds!!!

-//		s0-s3

-//		maskff,twenty4,sixteen

-// Output:	r16,r20,r24,r28 as s0-s3

-// Clobber:	r16-r31,rk0-rk1,r32-r43

-.align	32

-_ia64_AES_decrypt:

-	.prologue

-	.altrp	b6

-	.body

-{ .mmi;	alloc	r16=ar.pfs,12,0,0,8

-	LDKEY	t0=[rk0],2*KSZ

-	mov	pr.rot=1<<16	}

-{ .mmi;	LDKEY	t1=[rk1],2*KSZ

-	add	te1=TE1,te0

-	add	te3=-3,te3	};;

-{ .mib;	LDKEY	t2=[rk0],2*KSZ

-	mov	ar.ec=2		}

-{ .mib;	LDKEY	t3=[rk1],2*KSZ

-	add	te2=TE2,te0

-	brp.loop.imp	.Ld_top,.Ld_end-16	};;

-{ .mmi;	xor	s0=s0,t0

-	xor	s1=s1,t1

-	mov	ar.lc=te3	}

-{ .mmi;	xor	s2=s2,t2

-	xor	s3=s3,t3

-	add	te3=TE3,te0	};;

-.align	32

-.Ld_top:

-{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]

-	(p0)	and	te31=s1,maskff		// 0/0:s3&0xff

-	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff

-{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]

-	(p0)	and	te32=s2,maskff		// 0/1:s0&0xff

-	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24

-{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]

-	(p0)	shladd	te31=te31,3,te3		// 1/0:te0+s0>>24

-	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff

-{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]

-	(p0)	shladd	te32=te32,3,te3		// 1/1:te3+s0

-	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24

-{ .mmi;	(p0)	ld4	te31=[te31]		// 2/0:te3[s3&0xff]

-	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff

-	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff

-{ .mmi;	(p0)	ld4	te32=[te32]		// 2/1:te3[s0]

-	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8

-	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24

-{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]

-	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8

-	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff

-{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]

-	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24

-	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24

-{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]

-	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2

-	(p0)	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff

-{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]

-	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24

-	(p0)	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16

-{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]

-	(p0)	shladd	te13=te13,3,te1		// 5/0:te1+s1>>16

-	(p0)	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff

-{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]

-	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24

-	(p0)	and	te33=s3,maskff	};;	// 5/2:s1&0xff

-{ .mmi;	(p0)	ld4	te13=[te13]		// 6/0:te1[s1>>16]

-	(p0)	shladd	te10=te10,3,te1		// 6/1:te1+s2>>16

-	(p0)	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff

-{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]

-	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16

-	(p0)	and	te30=s0,maskff	};;	// 6/3:s2&0xff

-{ .mmi;	(p0)	ld4	te10=[te10]		// 7/1:te1[s2>>16]

-	(p0)	shladd	te33=te33,3,te3		// 7/2:te3+s1&0xff

-	(p0)	and	te11=te11,maskff}	// 7/2:s3>>16&0xff

-{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]

-	(p0)	shladd	te30=te30,3,te3		// 7/3:te3+s2

-	(p0)	xor	t0=t0,te31	};;	// 7/0:

-{ .mmi;	(p0)	ld4	te33=[te33]		// 8/2:te3[s1]

-	(p0)	shladd	te11=te11,3,te1		// 8/2:te1+s3>>16

-	(p0)	xor	t0=t0,te22	}	// 8/0:

-{ .mmi;	(p0)	ld4	te30=[te30]		// 8/3:te3[s2]

-	(p0)	shladd	te12=te12,3,te1		// 8/3:te1+s0>>16

-	(p0)	xor	t1=t1,te32	};;	// 8/1:

-{ .mmi;	(p0)	ld4	te11=[te11]		// 9/2:te1[s3>>16]

-	(p0)	ld4	te12=[te12]		// 9/3:te1[s0>>16]

-	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling

-{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:

-	(p0)	xor	t2=t2,te20		// 10[9]/2:

-	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:

-{ .mmi;	(p0)	xor	t0=t0,te13		// 11[10]/0:done!

-	(p0)	xor	t1=t1,te01		// 11[10]/1:

-	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling

-{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:

-	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)

-{ .mmi;	(p0)	xor	t1=t1,te10		// 13[11]/1:done!

-	(p0)	xor	t2=t2,te33		// 13[11]/2:

-	(p0)	xor	t3=t3,te30	}	// 13[11]/3:

-{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/

-	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/

-{ .mib;	(p0)	xor	t2=t2,te11		// 14[12]/2:done!

-	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/

-{ .mib;	(p0)	xor	t3=t3,te12		// 14[12]/3:done!

-	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/

-	br.ctop.sptk	.Ld_top		};;

-.Ld_end:

-{ .mmi;	ld8	te10=[te0]		// prefetch Td4

-	ld8	te33=[te1]	}

-{ .mmi;	ld8	te12=[te2]

-	ld8	te30=[te3]	}

-{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]

-	and	te31=s1,maskff		// 0/0:s3&0xff

-	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff

-{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]

-	and	te32=s2,maskff		// 0/1:s0&0xff

-	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24

-{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]

-	add	te31=te31,te0		// 1/0:te0+s0>>24

-	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff

-{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]

-	add	te32=te32,te0		// 1/1:te0+s0

-	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24

-{ .mmi;	ld1	te31=[te31]		// 2/0:te0[s3&0xff]

-	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff

-	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff

-{ .mmi;	ld1	te32=[te32]		// 2/1:te0[s0]

-	add	te23=te23,te0		// 2/1:te0+s3>>8

-	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24

-{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]

-	add	te20=te20,te0		// 3/2:te0+s0>>8

-	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff

-{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]

-	add	te00=te00,te0		// 3/0:te0+s0>>24

-	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24

-{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]

-	add	te21=te21,te0		// 4/3:te0+s2

-	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff

-{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]

-	add	te01=te01,te0		// 4/1:te0+s1>>24

-	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16

-{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]

-	add	te13=te13,te0		// 5/0:te0+s1>>16

-	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff

-{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]

-	add	te02=te02,te0		// 5/2:te0+s2>>24

-	and	te33=s3,maskff	};;	// 5/2:s1&0xff

-{ .mmi;	ld1	te13=[te13]		// 6/0:te0[s1>>16]

-	add	te10=te10,te0		// 6/1:te0+s2>>16

-	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff

-{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]

-	add	te03=te03,te0		// 6/3:te0+s0>>16

-	and	te30=s0,maskff	};;	// 6/3:s2&0xff

-{ .mmi;	ld1	te10=[te10]		// 7/1:te0[s2>>16]

-	add	te33=te33,te0		// 7/2:te0+s1&0xff

-	dep	te31=te22,te31,8,8}	// 7/0:

-{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]

-	add	te30=te30,te0		// 7/3:te0+s2

-	and	te11=te11,maskff};;	// 7/2:s3>>16&0xff

-{ .mmi;	ld1	te33=[te33]		// 8/2:te0[s1]

-	add	te11=te11,te0		// 8/2:te0+s3>>16

-	dep	te32=te23,te32,8,8}	// 8/1:

-{ .mmi;	ld1	te30=[te30]		// 8/3:te0[s2]

-	add	te12=te12,te0		// 8/3:te0+s0>>16

-	shl	te00=te00,twenty4};;	// 8/0:

-{ .mii;	ld1	te11=[te11]		// 9/2:te0[s3>>16]

-	dep	te31=te13,te31,16,8	// 9/0:

-	shl	te01=te01,twenty4};;	// 9/1:

-{ .mii;	ld1	te12=[te12]		// 10/3:te0[s0>>16]

-	dep	te33=te20,te33,8,8	// 10/2:

-	shl	te02=te02,twenty4};;	// 10/2:

-{ .mii;	xor	t0=t0,te31		// 11/0:

-	dep	te30=te21,te30,8,8	// 11/3:

-	shl	te10=te10,sixteen};;	// 11/1:

-{ .mii;	xor	r16=t0,te00		// 12/0:done!

-	dep	te33=te11,te33,16,8	// 12/2:

-	shl	te03=te03,twenty4};;	// 12/3:

-{ .mmi;	xor	t1=t1,te01		// 13/1:

-	xor	t2=t2,te02		// 13/2:

-	dep	te30=te12,te30,16,8};;	// 13/3:

-{ .mmi;	xor	t1=t1,te32		// 14/1:

-	xor	r24=t2,te33		// 14/2:done!

-	xor	t3=t3,te30	};;	// 14/3:

-{ .mib;	xor	r20=t1,te10		// 15/1:done!

-	xor	r28=t3,te03		// 15/3:done!

-	br.ret.sptk	b6	};;

-.endp	_ia64_AES_decrypt#

-// void AES_decrypt (const void *in,void *out,const AES_KEY *key);

-.global	AES_decrypt#

-.proc	AES_decrypt#

-.align	32

-AES_decrypt:

-	.prologue

-	.save	ar.pfs,pfssave

-{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0

-	and	out0=3,in0

-	mov	r3=ip			}

-{ .mmi;	ADDP	in0=0,in0

-	mov	loc0=psr.um

-	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds

-{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds

-	add	out8=(AES_Td#-AES_decrypt#),r3	// Te0

-	.save	pr,prsave

-	mov	prsave=pr		}

-{ .mmi;	rum	1<<3				// clear um.ac

-	.save	ar.lc,lcsave

-	mov	lcsave=ar.lc		};;

-	.body

-#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...

-{ .mib; cmp.ne	p6,p0=out0,r0

-	add	out0=4,in0

-(p6)	br.dpnt.many	.Ld_i_unaligned	};;

-{ .mmi;	ld4	out1=[in0],8		// s0

-	and	out9=3,in1

-	mov	twenty4=24		}

-{ .mmi;	ld4	out3=[out0],8		// s1

-	ADDP	rk0=0,in2

-	mov	sixteen=16		};;

-{ .mmi;	ld4	out5=[in0]		// s2

-	cmp.ne	p6,p0=out9,r0

-	mov	maskff=0xff		}

-{ .mmb;	ld4	out7=[out0]		// s3

-	ADDP	rk1=KSZ,in2

-	br.call.sptk.many	b6=_ia64_AES_decrypt	};;

-{ .mib;	ADDP	in0=4,in1

-	ADDP	in1=0,in1

-(p6)	br.spnt	.Ld_o_unaligned		};;

-{ .mii;	mov	psr.um=loc0

-	mov	ar.pfs=pfssave

-	mov	ar.lc=lcsave		};;

-{ .mmi;	st4	[in1]=r16,8		// s0

-	st4	[in0]=r20,8		// s1

-	mov	pr=prsave,0x1ffff	};;

-{ .mmb;	st4	[in1]=r24		// s2

-	st4	[in0]=r28		// s3

-	br.ret.sptk.many	b0	};;

-#endif

-.align	32

-.Ld_i_unaligned:

-{ .mmi;	add	out0=1,in0

-	add	out2=2,in0

-	add	out4=3,in0	};;

-{ .mmi;	ld1	r16=[in0],4

-	ld1	r17=[out0],4	}//;;

-{ .mmi;	ld1	r18=[out2],4

-	ld1	out1=[out4],4	};;	// s0

-{ .mmi;	ld1	r20=[in0],4

-	ld1	r21=[out0],4	}//;;

-{ .mmi;	ld1	r22=[out2],4

-	ld1	out3=[out4],4	};;	// s1

-{ .mmi;	ld1	r24=[in0],4

-	ld1	r25=[out0],4	}//;;

-{ .mmi;	ld1	r26=[out2],4

-	ld1	out5=[out4],4	};;	// s2

-{ .mmi;	ld1	r28=[in0]

-	ld1	r29=[out0]	}//;;

-{ .mmi;	ld1	r30=[out2]

-	ld1	out7=[out4]	};;	// s3

-{ .mii;

-	dep	out1=r16,out1,24,8	//;;

-	dep	out3=r20,out3,24,8	}//;;

-{ .mii;	ADDP	rk0=0,in2

-	dep	out5=r24,out5,24,8	//;;

-	dep	out7=r28,out7,24,8	};;

-{ .mii;	ADDP	rk1=KSZ,in2

-	dep	out1=r17,out1,16,8	//;;

-	dep	out3=r21,out3,16,8	}//;;

-{ .mii;	mov	twenty4=24

-	dep	out5=r25,out5,16,8	//;;

-	dep	out7=r29,out7,16,8	};;

-{ .mii;	mov	sixteen=16

-	dep	out1=r18,out1,8,8	//;;

-	dep	out3=r22,out3,8,8	}//;;

-{ .mii;	mov	maskff=0xff

-	dep	out5=r26,out5,8,8	//;;

-	dep	out7=r30,out7,8,8	};;

-{ .mib;	br.call.sptk.many	b6=_ia64_AES_decrypt	};;

-.Ld_o_unaligned:

-{ .mii;	ADDP	out0=0,in1

-	extr.u	r17=r16,8,8			// s0

-	shr.u	r19=r16,twenty4		}//;;

-{ .mii;	ADDP	out1=1,in1

-	extr.u	r18=r16,16,8

-	shr.u	r23=r20,twenty4		}//;;	// s1

-{ .mii;	ADDP	out2=2,in1

-	extr.u	r21=r20,8,8

-	shr.u	r22=r20,sixteen		}//;;

-{ .mii;	ADDP	out3=3,in1

-	extr.u	r25=r24,8,8			// s2

-	shr.u	r27=r24,twenty4		};;

-{ .mii;	st1	[out3]=r16,4

-	extr.u	r26=r24,16,8

-	shr.u	r31=r28,twenty4		}//;;	// s3

-{ .mii;	st1	[out2]=r17,4

-	extr.u	r29=r28,8,8

-	shr.u	r30=r28,sixteen		}//;;

-{ .mmi;	st1	[out1]=r18,4

-	st1	[out0]=r19,4		};;

-{ .mmi;	st1	[out3]=r20,4

-	st1	[out2]=r21,4		}//;;

-{ .mmi;	st1	[out1]=r22,4

-	st1	[out0]=r23,4		};;

-{ .mmi;	st1	[out3]=r24,4

-	st1	[out2]=r25,4

-	mov	pr=prsave,0x1ffff	}//;;

-{ .mmi;	st1	[out1]=r26,4

-	st1	[out0]=r27,4

-	mov	ar.pfs=pfssave		};;

-{ .mmi;	st1	[out3]=r28

-	st1	[out2]=r29

-	mov	ar.lc=lcsave		}//;;

-{ .mmi;	st1	[out1]=r30

-	st1	[out0]=r31		}

-{ .mfb;	mov	psr.um=loc0			// restore user mask

-	br.ret.sptk.many	b0	};;

-.endp	AES_decrypt#

-// leave it in .text segment...

-.align	64

-.global	AES_Te#

-.type	AES_Te#,@object

-AES_Te:	data4	0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84

-	data4	0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d

-	data4	0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd

-	data4	0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554

-	data4	0x60303050,0x60303050, 0x02010103,0x02010103

-	data4	0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d

-	data4	0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762

-	data4	0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a

-	data4	0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d

-	data4	0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87

-	data4	0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb

-	data4	0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b

-	data4	0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467

-	data4	0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea

-	data4	0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7

-	data4	0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b

-	data4	0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c

-	data4	0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a

-	data4	0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41

-	data4	0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f

-	data4	0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4

-	data4	0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108

-	data4	0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873

-	data4	0x62313153,0x62313153, 0x2a15153f,0x2a15153f

-	data4	0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752

-	data4	0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e

-	data4	0x30181828,0x30181828, 0x379696a1,0x379696a1

-	data4	0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5

-	data4	0x0e070709,0x0e070709, 0x24121236,0x24121236

-	data4	0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d

-	data4	0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769

-	data4	0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f

-	data4	0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e

-	data4	0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e

-	data4	0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2

-	data4	0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb

-	data4	0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d

-	data4	0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce

-	data4	0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e

-	data4	0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497

-	data4	0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168

-	data4	0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c

-	data4	0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f

-	data4	0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed

-	data4	0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46

-	data4	0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b

-	data4	0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4

-	data4	0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a

-	data4	0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a

-	data4	0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16

-	data4	0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7

-	data4	0x66333355,0x66333355, 0x11858594,0x11858594

-	data4	0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910

-	data4	0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81

-	data4	0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44

-	data4	0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3

-	data4	0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe

-	data4	0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a

-	data4	0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc

-	data4	0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504

-	data4	0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1

-	data4	0xafdada75,0xafdada75, 0x42212163,0x42212163

-	data4	0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a

-	data4	0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d

-	data4	0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14

-	data4	0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f

-	data4	0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2

-	data4	0x884444cc,0x884444cc, 0x2e171739,0x2e171739

-	data4	0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2

-	data4	0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47

-	data4	0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7

-	data4	0x3219192b,0x3219192b, 0xe6737395,0xe6737395

-	data4	0xc06060a0,0xc06060a0, 0x19818198,0x19818198

-	data4	0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f

-	data4	0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e

-	data4	0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883

-	data4	0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29

-	data4	0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c

-	data4	0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2

-	data4	0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76

-	data4	0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256

-	data4	0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e

-	data4	0x924949db,0x924949db, 0x0c06060a,0x0c06060a

-	data4	0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4

-	data4	0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e

-	data4	0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6

-	data4	0x399191a8,0x399191a8, 0x319595a4,0x319595a4

-	data4	0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b

-	data4	0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843

-	data4	0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7

-	data4	0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564

-	data4	0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0

-	data4	0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa

-	data4	0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25

-	data4	0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e

-	data4	0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818

-	data4	0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888

-	data4	0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72

-	data4	0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1

-	data4	0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651

-	data4	0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c

-	data4	0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21

-	data4	0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc

-	data4	0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85

-	data4	0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42

-	data4	0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa

-	data4	0x904848d8,0x904848d8, 0x06030305,0x06030305

-	data4	0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12

-	data4	0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f

-	data4	0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0

-	data4	0x17868691,0x17868691, 0x99c1c158,0x99c1c158

-	data4	0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9

-	data4	0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813

-	data4	0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133

-	data4	0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970

-	data4	0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7

-	data4	0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22

-	data4	0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920

-	data4	0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff

-	data4	0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a

-	data4	0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8

-	data4	0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17

-	data4	0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631

-	data4	0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8

-	data4	0x824141c3,0x824141c3, 0x299999b0,0x299999b0

-	data4	0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11

-	data4	0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc

-	data4	0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a

-// Te4:

-	data1	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5

-	data1	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76

-	data1	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0

-	data1	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0

-	data1	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc

-	data1	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15

-	data1	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a

-	data1	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75

-	data1	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0

-	data1	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84

-	data1	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b

-	data1	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf

-	data1	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85

-	data1	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8

-	data1	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5

-	data1	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2

-	data1	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17

-	data1	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73

-	data1	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88

-	data1	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb

-	data1	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c

-	data1	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79

-	data1	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9

-	data1	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08

-	data1	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6

-	data1	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a

-	data1	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e

-	data1	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e

-	data1	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94

-	data1	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf

-	data1	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68

-	data1	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16

-.size	AES_Te#,2048+256	// HP-UX assembler fails to ".-AES_Te#"

-.align	64

-.global	AES_Td#

-.type	AES_Td#,@object

-AES_Td:	data4	0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553

-	data4	0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96

-	data4	0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1

-	data4	0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393

-	data4	0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6

-	data4	0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25

-	data4	0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7

-	data4	0x26354480,0x26354480, 0xb562a38f,0xb562a38f

-	data4	0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67

-	data4	0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1

-	data4	0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012

-	data4	0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6

-	data4	0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95

-	data4	0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da

-	data4	0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3

-	data4	0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844

-	data4	0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978

-	data4	0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd

-	data4	0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17

-	data4	0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4

-	data4	0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182

-	data4	0x97513360,0x97513360, 0x62537f45,0x62537f45

-	data4	0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84

-	data4	0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94

-	data4	0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19

-	data4	0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7

-	data4	0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2

-	data4	0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a

-	data4	0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203

-	data4	0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5

-	data4	0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2

-	data4	0x02036aba,0x02036aba, 0xed16825c,0xed16825c

-	data4	0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492

-	data4	0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1

-	data4	0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5

-	data4	0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a

-	data4	0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0

-	data4	0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75

-	data4	0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa

-	data4	0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051

-	data4	0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d

-	data4	0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46

-	data4	0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05

-	data4	0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff

-	data4	0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997

-	data4	0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77

-	data4	0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88

-	data4	0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb

-	data4	0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9

-	data4	0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000

-	data4	0x09808683,0x09808683, 0x322bed48,0x322bed48

-	data4	0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e

-	data4	0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856

-	data4	0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927

-	data4	0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621

-	data4	0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a

-	data4	0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f

-	data4	0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e

-	data4	0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2

-	data4	0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16

-	data4	0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5

-	data4	0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d

-	data4	0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad

-	data4	0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8

-	data4	0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c

-	data4	0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd

-	data4	0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc

-	data4	0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34

-	data4	0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc

-	data4	0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163

-	data4	0xd731dcca,0xd731dcca, 0x42638510,0x42638510

-	data4	0x13972240,0x13972240, 0x84c61120,0x84c61120

-	data4	0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8

-	data4	0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d

-	data4	0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3

-	data4	0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0

-	data4	0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999

-	data4	0x119448fa,0x119448fa, 0x47e96422,0x47e96422

-	data4	0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a

-	data4	0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef

-	data4	0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1

-	data4	0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36

-	data4	0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28

-	data4	0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4

-	data4	0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d

-	data4	0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662

-	data4	0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8

-	data4	0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5

-	data4	0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c

-	data4	0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3

-	data4	0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7

-	data4	0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b

-	data4	0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4

-	data4	0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8

-	data4	0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e

-	data4	0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6

-	data4	0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce

-	data4	0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6

-	data4	0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331

-	data4	0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0

-	data4	0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6

-	data4	0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815

-	data4	0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7

-	data4	0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f

-	data4	0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d

-	data4	0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df

-	data4	0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b

-	data4	0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f

-	data4	0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d

-	data4	0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e

-	data4	0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252

-	data4	0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713

-	data4	0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a

-	data4	0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89

-	data4	0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935

-	data4	0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c

-	data4	0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f

-	data4	0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf

-	data4	0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b

-	data4	0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86

-	data4	0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e

-	data4	0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f

-	data4	0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c

-	data4	0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541

-	data4	0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de

-	data4	0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190

-	data4	0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670

-	data4	0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742

-// Td4:

-	data1	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38

-	data1	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb

-	data1	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87

-	data1	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb

-	data1	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d

-	data1	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e

-	data1	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2

-	data1	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25

-	data1	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16

-	data1	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92

-	data1	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda

-	data1	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84

-	data1	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a

-	data1	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06

-	data1	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02

-	data1	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b

-	data1	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea

-	data1	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73

-	data1	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85

-	data1	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e

-	data1	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89

-	data1	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b

-	data1	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20

-	data1	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4

-	data1	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31

-	data1	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f

-	data1	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d

-	data1	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef

-	data1	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0

-	data1	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61

-	data1	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26

-	data1	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d

-.size	AES_Td#,2048+256	// HP-UX assembler fails to ".-AES_Td#"

--- a/sys/src/ape/lib/openssl/crypto/asn1/Makefile

+++ /dev/null

@@ -1,870 +1,0 @@

-#

-# OpenSSL/crypto/asn1/Makefile

-#

-DIR=	asn1

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \

-	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \

-	a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \

-	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \

-	x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \

-	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\

-	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \

-	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \

-	f_int.c f_string.c n_pkey.c \

-	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \

-	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \

-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c

-LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \

-	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \

-	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \

-	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \

-	x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \

-	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \

-	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \

-	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \

-	f_int.o f_string.o n_pkey.o \

-	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \

-	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \

-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o

-SRC= $(LIBSRC)

-EXHEADER=  asn1.h asn1_mac.h asn1t.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-test:	test.c

-	cc -g -I../../include -c test.c

-	cc -g -I../../include -o test test.o -L../.. -lcrypto

-pk:	pk.c

-	cc -g -I../../include -c pk.c

-	cc -g -I../../include -o pk pk.o -L../.. -lcrypto

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h

-a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_bitstr.o: ../../include/openssl/opensslconf.h

-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c

-a_bool.o: ../../e_os.h ../../include/openssl/asn1.h

-a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c

-a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h

-a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_bytes.o: ../cryptlib.h a_bytes.c

-a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h

-a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_d2i_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c

-a_digest.o: ../../e_os.h ../../include/openssl/asn1.h

-a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-a_digest.o: ../../include/openssl/opensslconf.h

-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c

-a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c

-a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_enum.o: ../cryptlib.h a_enum.c

-a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h

-a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c

-a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h

-a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c

-a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h

-a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_i2d_fp.o: ../../include/openssl/opensslconf.h

-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c

-a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_int.o: ../cryptlib.h a_int.c

-a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h

-a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_mbstr.o: ../cryptlib.h a_mbstr.c

-a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c

-a_object.o: ../../e_os.h ../../include/openssl/asn1.h

-a_object.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_object.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_object.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-a_object.o: ../../include/openssl/opensslconf.h

-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c

-a_octet.o: ../../e_os.h ../../include/openssl/asn1.h

-a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_octet.o: ../cryptlib.h a_octet.c

-a_print.o: ../../e_os.h ../../include/openssl/asn1.h

-a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_print.o: ../cryptlib.h a_print.c

-a_set.o: ../../e_os.h ../../include/openssl/asn1.h

-a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c

-a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-a_sign.o: ../cryptlib.h a_sign.c

-a_strex.o: ../../e_os.h ../../include/openssl/asn1.h

-a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-a_strex.o: ../cryptlib.h a_strex.c charmap.h

-a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h

-a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_strnid.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-a_strnid.o: ../../include/openssl/opensslconf.h

-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c

-a_time.o: ../../e_os.h ../../include/openssl/asn1.h

-a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_time.c

-a_type.o: ../../e_os.h ../../include/openssl/asn1.h

-a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_type.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c

-a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h

-a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-a_utctm.o: ../cryptlib.h ../o_time.h a_utctm.c

-a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c

-a_verify.o: ../../e_os.h ../../include/openssl/asn1.h

-a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c

-asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-asn1_err.o: ../../include/openssl/opensslconf.h

-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c

-asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h

-asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-asn1_gen.o: ../cryptlib.h asn1_gen.c

-asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c

-asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h

-asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-asn1_par.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-asn1_par.o: ../../include/openssl/opensslconf.h

-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c

-asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h

-asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-asn_moid.o: ../../include/openssl/opensslconf.h

-asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c

-asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h

-asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-asn_pack.o: ../../include/openssl/opensslconf.h

-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c

-d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-d2i_pr.o: ../cryptlib.h d2i_pr.c

-d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-d2i_pu.o: ../cryptlib.h d2i_pu.c

-evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c

-f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c

-f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c

-f_string.o: ../../e_os.h ../../include/openssl/asn1.h

-f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-f_string.o: ../../include/openssl/opensslconf.h

-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c

-i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-i2d_pr.o: ../cryptlib.h i2d_pr.c

-i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-i2d_pu.o: ../cryptlib.h i2d_pu.c

-n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h

-n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h

-n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c

-nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h

-nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c

-p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h

-p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p5_pbe.o: ../cryptlib.h p5_pbe.c

-p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h

-p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p5_pbev2.o: ../cryptlib.h p5_pbev2.c

-p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h

-p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c

-t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h

-t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-t_bitst.o: ../cryptlib.h t_bitst.c

-t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-t_crl.o: ../cryptlib.h t_crl.c

-t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

-t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h

-t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-t_pkey.o: ../cryptlib.h t_pkey.c

-t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-t_req.o: ../cryptlib.h t_req.c

-t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-t_spki.o: ../cryptlib.h t_spki.c

-t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-t_x509.o: ../cryptlib.h t_x509.c

-t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h

-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-t_x509a.o: ../cryptlib.h t_x509a.c

-tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-tasn_dec.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-tasn_dec.o: ../../include/openssl/opensslconf.h

-tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c

-tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h

-tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c

-tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

-tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c

-tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c

-tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c

-tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-tasn_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c

-x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h

-x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c

-x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h

-x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c

-x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h

-x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-x_bignum.o: ../../include/openssl/opensslconf.h

-x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c

-x_crl.o: ../../e_os.h ../../include/openssl/asn1.h

-x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c

-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h

-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c

-x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c

-x_long.o: ../../e_os.h ../../include/openssl/asn1.h

-x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-x_long.o: ../cryptlib.h x_long.c

-x_name.o: ../../e_os.h ../../include/openssl/asn1.h

-x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c

-x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h

-x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c

-x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h

-x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x_pubkey.o: ../../include/openssl/opensslconf.h

-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-x_pubkey.o: ../cryptlib.h x_pubkey.c

-x_req.o: ../../e_os.h ../../include/openssl/asn1.h

-x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c

-x_sig.o: ../../e_os.h ../../include/openssl/asn1.h

-x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c

-x_spki.o: ../../e_os.h ../../include/openssl/asn1.h

-x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c

-x_val.o: ../../e_os.h ../../include/openssl/asn1.h

-x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c

-x_x509.o: ../../e_os.h ../../include/openssl/asn1.h

-x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c

-x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h

-x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_bitstr.c

+++ /dev/null

@@ -1,225 +1,0 @@

-/* crypto/asn1/a_bitstr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)

-{ return M_ASN1_BIT_STRING_set(x, d, len); }

-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)

-	{

-	int ret,j,bits,len;

-	unsigned char *p,*d;

-	if (a == NULL) return(0);

-	len=a->length;

-	if (len > 0)

-		{

-		if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)

-			{

-			bits=(int)a->flags&0x07;

-			}

-		else

-			{

-			for ( ; len > 0; len--)

-				{

-				if (a->data[len-1]) break;

-				}

-			j=a->data[len-1];

-			if      (j & 0x01) bits=0;

-			else if (j & 0x02) bits=1;

-			else if (j & 0x04) bits=2;

-			else if (j & 0x08) bits=3;

-			else if (j & 0x10) bits=4;

-			else if (j & 0x20) bits=5;

-			else if (j & 0x40) bits=6;

-			else if (j & 0x80) bits=7;

-			else bits=0; /* should not happen */

-			}

-		}

-	else

-		bits=0;

-	ret=1+len;

-	if (pp == NULL) return(ret);

-	p= *pp;

-	*(p++)=(unsigned char)bits;

-	d=a->data;

-	memcpy(p,d,len);

-	p+=len;

-	if (len > 0) p[-1]&=(0xff<<bits);

-	*pp=p;

-	return(ret);

-	}

-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,

-	const unsigned char **pp, long len)

-	{

-	ASN1_BIT_STRING *ret=NULL;

-	const unsigned char *p;

-	unsigned char *s;

-	int i;

-	if (len < 1)

-		{

-		i=ASN1_R_STRING_TOO_SHORT;

-		goto err;

-		}

-	if ((a == NULL) || ((*a) == NULL))

-		{

-		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);

-		}

-	else

-		ret=(*a);

-	p= *pp;

-	i= *(p++);

-	/* We do this to preserve the settings.  If we modify

-	 * the settings, via the _set_bit function, we will recalculate

-	 * on output */

-	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */

-	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */

-	if (len-- > 1) /* using one because of the bits left byte */

-		{

-		s=(unsigned char *)OPENSSL_malloc((int)len);

-		if (s == NULL)

-			{

-			i=ERR_R_MALLOC_FAILURE;

-			goto err;

-			}

-		memcpy(s,p,(int)len);

-		s[len-1]&=(0xff<<i);

-		p+=len;

-		}

-	else

-		s=NULL;

-	ret->length=(int)len;

-	if (ret->data != NULL) OPENSSL_free(ret->data);

-	ret->data=s;

-	ret->type=V_ASN1_BIT_STRING;

-	if (a != NULL) (*a)=ret;

-	*pp=p;

-	return(ret);

-err:

-	ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		M_ASN1_BIT_STRING_free(ret);

-	return(NULL);

-	}

-/* These next 2 functions from Goetz Babin-Ebell <[email protected]>

- */

-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)

-	{

-	int w,v,iv;

-	unsigned char *c;

-	w=n/8;

-	v=1<<(7-(n&0x07));

-	iv= ~v;

-	if (!value) v=0;

-	if (a == NULL)

-		return 0;

-	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */

-	if ((a->length < (w+1)) || (a->data == NULL))

-		{

-		if (!value) return(1); /* Don't need to set */

-		if (a->data == NULL)

-			c=(unsigned char *)OPENSSL_malloc(w+1);

-		else

-			c=(unsigned char *)OPENSSL_realloc_clean(a->data,

-								 a->length,

-								 w+1);

-		if (c == NULL)

-			{

-			ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-  		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);

-		a->data=c;

-		a->length=w+1;

-	}

-	a->data[w]=((a->data[w])&iv)|v;

-	while ((a->length > 0) && (a->data[a->length-1] == 0))

-		a->length--;

-	return(1);

-	}

-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)

-	{

-	int w,v;

-	w=n/8;

-	v=1<<(7-(n&0x07));

-	if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))

-		return(0);

-	return((a->data[w]&v) != 0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_bool.c

+++ /dev/null

@@ -1,114 +1,0 @@

-/* crypto/asn1/a_bool.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)

-	{

-	int r;

-	unsigned char *p;

-	r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);

-	if (pp == NULL) return(r);

-	p= *pp;

-	ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);

-	*(p++)= (unsigned char)a;

-	*pp=p;

-	return(r);

-	}

-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)

-	{

-	int ret= -1;

-	const unsigned char *p;

-	long len;

-	int inf,tag,xclass;

-	int i=0;

-	p= *pp;

-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);

-	if (inf & 0x80)

-		{

-		i=ASN1_R_BAD_OBJECT_HEADER;

-		goto err;

-		}

-	if (tag != V_ASN1_BOOLEAN)

-		{

-		i=ASN1_R_EXPECTING_A_BOOLEAN;

-		goto err;

-		}

-	if (len != 1)

-		{

-		i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;

-		goto err;

-		}

-	ret= (int)*(p++);

-	if (a != NULL) (*a)=ret;

-	*pp=p;

-	return(ret);

-err:

-	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_bytes.c

+++ /dev/null

@@ -1,314 +1,0 @@

-/* crypto/asn1/a_bytes.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);

-/* type is a 'bitmap' of acceptable string types.

- */

-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,

-	     long length, int type)

-	{

-	ASN1_STRING *ret=NULL;

-	const unsigned char *p;

-	unsigned char *s;

-	long len;

-	int inf,tag,xclass;

-	int i=0;

-	p= *pp;

-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);

-	if (inf & 0x80) goto err;

-	if (tag >= 32)

-		{

-		i=ASN1_R_TAG_VALUE_TOO_HIGH;;

-		goto err;

-		}

-	if (!(ASN1_tag2bit(tag) & type))

-		{

-		i=ASN1_R_WRONG_TYPE;

-		goto err;

-		}

-	/* If a bit-string, exit early */

-	if (tag == V_ASN1_BIT_STRING)

-		return(d2i_ASN1_BIT_STRING(a,pp,length));

-	if ((a == NULL) || ((*a) == NULL))

-		{

-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);

-		}

-	else

-		ret=(*a);

-	if (len != 0)

-		{

-		s=(unsigned char *)OPENSSL_malloc((int)len+1);

-		if (s == NULL)

-			{

-			i=ERR_R_MALLOC_FAILURE;

-			goto err;

-			}

-		memcpy(s,p,(int)len);

-		s[len]='\0';

-		p+=len;

-		}

-	else

-		s=NULL;

-	if (ret->data != NULL) OPENSSL_free(ret->data);

-	ret->length=(int)len;

-	ret->data=s;

-	ret->type=tag;

-	if (a != NULL) (*a)=ret;

-	*pp=p;

-	return(ret);

-err:

-	ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		ASN1_STRING_free(ret);

-	return(NULL);

-	}

-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)

-	{

-	int ret,r,constructed;

-	unsigned char *p;

-	if (a == NULL)  return(0);

-	if (tag == V_ASN1_BIT_STRING)

-		return(i2d_ASN1_BIT_STRING(a,pp));

-	ret=a->length;

-	r=ASN1_object_size(0,ret,tag);

-	if (pp == NULL) return(r);

-	p= *pp;

-	if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))

-		constructed=1;

-	else

-		constructed=0;

-	ASN1_put_object(&p,constructed,ret,tag,xclass);

-	memcpy(p,a->data,a->length);

-	p+=a->length;

-	*pp= p;

-	return(r);

-	}

-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,

-	     long length, int Ptag, int Pclass)

-	{

-	ASN1_STRING *ret=NULL;

-	const unsigned char *p;

-	unsigned char *s;

-	long len;

-	int inf,tag,xclass;

-	int i=0;

-	if ((a == NULL) || ((*a) == NULL))

-		{

-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);

-		}

-	else

-		ret=(*a);

-	p= *pp;

-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);

-	if (inf & 0x80)

-		{

-		i=ASN1_R_BAD_OBJECT_HEADER;

-		goto err;

-		}

-	if (tag != Ptag)

-		{

-		i=ASN1_R_WRONG_TAG;

-		goto err;

-		}

-	if (inf & V_ASN1_CONSTRUCTED)

-		{

-		ASN1_const_CTX c;

-		c.pp=pp;

-		c.p=p;

-		c.inf=inf;

-		c.slen=len;

-		c.tag=Ptag;

-		c.xclass=Pclass;

-		c.max=(length == 0)?0:(p+length);

-		if (!asn1_collate_primitive(ret,&c))

-			goto err;

-		else

-			{

-			p=c.p;

-			}

-		}

-	else

-		{

-		if (len != 0)

-			{

-			if ((ret->length < len) || (ret->data == NULL))

-				{

-				if (ret->data != NULL) OPENSSL_free(ret->data);

-				s=(unsigned char *)OPENSSL_malloc((int)len + 1);

-				if (s == NULL)

-					{

-					i=ERR_R_MALLOC_FAILURE;

-					goto err;

-					}

-				}

-			else

-				s=ret->data;

-			memcpy(s,p,(int)len);

-			s[len] = '\0';

-			p+=len;

-			}

-		else

-			{

-			s=NULL;

-			if (ret->data != NULL) OPENSSL_free(ret->data);

-			}

-		ret->length=(int)len;

-		ret->data=s;

-		ret->type=Ptag;

-		}

-	if (a != NULL) (*a)=ret;

-	*pp=p;

-	return(ret);

-err:

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		ASN1_STRING_free(ret);

-	ASN1err(ASN1_F_D2I_ASN1_BYTES,i);

-	return(NULL);

-	}

-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse

- * them into the one structure that is then returned */

-/* There have been a few bug fixes for this function from

- * Paul Keogh <[email protected]>, many thanks to him */

-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)

-	{

-	ASN1_STRING *os=NULL;

-	BUF_MEM b;

-	int num;

-	b.length=0;

-	b.max=0;

-	b.data=NULL;

-	if (a == NULL)

-		{

-		c->error=ERR_R_PASSED_NULL_PARAMETER;

-		goto err;

-		}

-	num=0;

-	for (;;)

-		{

-		if (c->inf & 1)

-			{

-			c->eos=ASN1_const_check_infinite_end(&c->p,

-				(long)(c->max-c->p));

-			if (c->eos) break;

-			}

-		else

-			{

-			if (c->slen <= 0) break;

-			}

-		c->q=c->p;

-		if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)

-			== NULL)

-			{

-			c->error=ERR_R_ASN1_LIB;

-			goto err;

-			}

-		if (!BUF_MEM_grow_clean(&b,num+os->length))

-			{

-			c->error=ERR_R_BUF_LIB;

-			goto err;

-			}

-		memcpy(&(b.data[num]),os->data,os->length);

-		if (!(c->inf & 1))

-			c->slen-=(c->p-c->q);

-		num+=os->length;

-		}

-	if (!asn1_const_Finish(c)) goto err;

-	a->length=num;

-	if (a->data != NULL) OPENSSL_free(a->data);

-	a->data=(unsigned char *)b.data;

-	if (os != NULL) ASN1_STRING_free(os);

-	return(1);

-err:

-	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);

-	if (os != NULL) ASN1_STRING_free(os);

-	if (b.data != NULL) OPENSSL_free(b.data);

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_d2i_fp.c

+++ /dev/null

@@ -1,260 +1,0 @@

-/* crypto/asn1/a_d2i_fp.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1_mac.h>

-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);

-#ifndef NO_OLD_ASN1

-#ifndef OPENSSL_NO_FP_API

-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)

-        {

-        BIO *b;

-        void *ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);

-                return(NULL);

-		}

-        BIO_set_fp(b,in,BIO_NOCLOSE);

-        ret=ASN1_d2i_bio(xnew,d2i,b,x);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)

-	{

-	BUF_MEM *b = NULL;

-	const unsigned char *p;

-	void *ret=NULL;

-	int len;

-	len = asn1_d2i_read_bio(in, &b);

-	if(len < 0) goto err;

-	p=(unsigned char *)b->data;

-	ret=d2i(x,&p,len);

-err:

-	if (b != NULL) BUF_MEM_free(b);

-	return(ret);

-	}

-#endif

-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)

-	{

-	BUF_MEM *b = NULL;

-	const unsigned char *p;

-	void *ret=NULL;

-	int len;

-	len = asn1_d2i_read_bio(in, &b);

-	if(len < 0) goto err;

-	p=(const unsigned char *)b->data;

-	ret=ASN1_item_d2i(x,&p,len, it);

-err:

-	if (b != NULL) BUF_MEM_free(b);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_FP_API

-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)

-        {

-        BIO *b;

-        char *ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);

-                return(NULL);

-		}

-        BIO_set_fp(b,in,BIO_NOCLOSE);

-        ret=ASN1_item_d2i_bio(it,b,x);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-#define HEADER_SIZE   8

-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)

-	{

-	BUF_MEM *b;

-	unsigned char *p;

-	int i;

-	int ret=-1;

-	ASN1_const_CTX c;

-	int want=HEADER_SIZE;

-	int eos=0;

-#if defined(__GNUC__) && defined(__ia64)

-	/* pathetic compiler bug in all known versions as of Nov. 2002 */

-	long off=0;

-#else

-	int off=0;

-#endif

-	int len=0;

-	b=BUF_MEM_new();

-	if (b == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);

-		return -1;

-		}

-	ERR_clear_error();

-	for (;;)

-		{

-		if (want >= (len-off))

-			{

-			want-=(len-off);

-			if (!BUF_MEM_grow_clean(b,len+want))

-				{

-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			i=BIO_read(in,&(b->data[len]),want);

-			if ((i < 0) && ((len-off) == 0))

-				{

-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);

-				goto err;

-				}

-			if (i > 0)

-				len+=i;

-			}

-		/* else data already loaded */

-		p=(unsigned char *)&(b->data[off]);

-		c.p=p;

-		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),

-			len-off);

-		if (c.inf & 0x80)

-			{

-			unsigned long e;

-			e=ERR_GET_REASON(ERR_peek_error());

-			if (e != ASN1_R_TOO_LONG)

-				goto err;

-			else

-				ERR_clear_error(); /* clear error */

-			}

-		i=c.p-p;/* header length */

-		off+=i;	/* end of data */

-		if (c.inf & 1)

-			{

-			/* no data body so go round again */

-			eos++;

-			want=HEADER_SIZE;

-			}

-		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))

-			{

-			/* eos value, so go back and read another header */

-			eos--;

-			if (eos <= 0)

-				break;

-			else

-				want=HEADER_SIZE;

-			}

-		else

-			{

-			/* suck in c.slen bytes of data */

-			want=(int)c.slen;

-			if (want > (len-off))

-				{

-				want-=(len-off);

-				if (!BUF_MEM_grow_clean(b,len+want))

-					{

-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				while (want > 0)

-					{

-					i=BIO_read(in,&(b->data[len]),want);

-					if (i <= 0)

-						{

-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,

-						    ASN1_R_NOT_ENOUGH_DATA);

-						goto err;

-						}

-					len+=i;

-					want -= i;

-					}

-				}

-			off+=(int)c.slen;

-			if (eos <= 0)

-				{

-				break;

-				}

-			else

-				want=HEADER_SIZE;

-			}

-		}

-	*pb = b;

-	return off;

-err:

-	if (b != NULL) BUF_MEM_free(b);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_digest.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/asn1/a_digest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#ifndef NO_SYS_TYPES_H

-# include <sys/types.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/buffer.h>

-#include <openssl/x509.h>

-#ifndef NO_ASN1_OLD

-int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,

-		unsigned char *md, unsigned int *len)

-	{

-	int i;

-	unsigned char *str,*p;

-	i=i2d(data,NULL);

-	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	p=str;

-	i2d(data,&p);

-	EVP_Digest(str, i, md, len, type, NULL);

-	OPENSSL_free(str);

-	return(1);

-	}

-#endif

-int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,

-		unsigned char *md, unsigned int *len)

-	{

-	int i;

-	unsigned char *str = NULL;

-	i=ASN1_item_i2d(asn,&str, it);

-	if (!str) return(0);

-	EVP_Digest(str, i, md, len, type, NULL);

-	OPENSSL_free(str);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_dup.c

+++ /dev/null

@@ -1,109 +1,0 @@

-/* crypto/asn1/a_dup.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#ifndef NO_OLD_ASN1

-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)

-	{

-	unsigned char *b,*p;

-	const unsigned char *p2;

-	int i;

-	char *ret;

-	if (x == NULL) return(NULL);

-	i=i2d(x,NULL);

-	b=OPENSSL_malloc(i+10);

-	if (b == NULL)

-		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }

-	p= b;

-	i=i2d(x,&p);

-	p2= b;

-	ret=d2i(NULL,&p2,i);

-	OPENSSL_free(b);

-	return(ret);

-	}

-#endif

-/* ASN1_ITEM version of dup: this follows the model above except we don't need

- * to allocate the buffer. At some point this could be rewritten to directly dup

- * the underlying structure instead of doing and encode and decode.

- */

-void *ASN1_item_dup(const ASN1_ITEM *it, void *x)

-	{

-	unsigned char *b = NULL;

-	const unsigned char *p;

-	long i;

-	void *ret;

-	if (x == NULL) return(NULL);

-	i=ASN1_item_i2d(x,&b,it);

-	if (b == NULL)

-		{ ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }

-	p= b;

-	ret=ASN1_item_d2i(NULL,&p,i, it);

-	OPENSSL_free(b);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_enum.c

+++ /dev/null

@@ -1,182 +1,0 @@

-/* crypto/asn1/a_enum.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/bn.h>

-/*

- * Code for ENUMERATED type: identical to INTEGER apart from a different tag.

- * for comments on encoding see a_int.c

- */

-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)

-	{

-	int j,k;

-	unsigned int i;

-	unsigned char buf[sizeof(long)+1];

-	long d;

-	a->type=V_ASN1_ENUMERATED;

-	if (a->length < (int)(sizeof(long)+1))

-		{

-		if (a->data != NULL)

-			OPENSSL_free(a->data);

-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)

-			memset((char *)a->data,0,sizeof(long)+1);

-		}

-	if (a->data == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	d=v;

-	if (d < 0)

-		{

-		d= -d;

-		a->type=V_ASN1_NEG_ENUMERATED;

-		}

-	for (i=0; i<sizeof(long); i++)

-		{

-		if (d == 0) break;

-		buf[i]=(int)d&0xff;

-		d>>=8;

-		}

-	j=0;

-	for (k=i-1; k >=0; k--)

-		a->data[j++]=buf[k];

-	a->length=j;

-	return(1);

-	}

-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)

-	{

-	int neg=0,i;

-	long r=0;

-	if (a == NULL) return(0L);

-	i=a->type;

-	if (i == V_ASN1_NEG_ENUMERATED)

-		neg=1;

-	else if (i != V_ASN1_ENUMERATED)

-		return -1;

-	if (a->length > (int)sizeof(long))

-		{

-		/* hmm... a bit ugly */

-		return(0xffffffffL);

-		}

-	if (a->data == NULL)

-		return 0;

-	for (i=0; i<a->length; i++)

-		{

-		r<<=8;

-		r|=(unsigned char)a->data[i];

-		}

-	if (neg) r= -r;

-	return(r);

-	}

-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)

-	{

-	ASN1_ENUMERATED *ret;

-	int len,j;

-	if (ai == NULL)

-		ret=M_ASN1_ENUMERATED_new();

-	else

-		ret=ai;

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);

-		goto err;

-		}

-	if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;

-	else ret->type=V_ASN1_ENUMERATED;

-	j=BN_num_bits(bn);

-	len=((j == 0)?0:((j/8)+1));

-	if (ret->length < len+4)

-		{

-		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);

-		if (!new_data)

-			{

-			ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		ret->data=new_data;

-		}

-	ret->length=BN_bn2bin(bn,ret->data);

-	return(ret);

-err:

-	if (ret != ai) M_ASN1_ENUMERATED_free(ret);

-	return(NULL);

-	}

-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)

-	{

-	BIGNUM *ret;

-	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)

-		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);

-	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_gentm.c

+++ /dev/null

@@ -1,246 +1,0 @@

-/* crypto/asn1/a_gentm.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include "o_time.h"

-#include <openssl/asn1.h>

-#if 0

-int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)

-	{

-#ifdef CHARSET_EBCDIC

-	/* KLUDGE! We convert to ascii before writing DER */

-	int len;

-	char tmp[24];

-	ASN1_STRING tmpstr = *(ASN1_STRING *)a;

-	len = tmpstr.length;

-	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);

-	tmpstr.data = tmp;

-	a = (ASN1_GENERALIZEDTIME *) &tmpstr;

-#endif

-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,

-		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));

-	}

-ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,

-	     unsigned char **pp, long length)

-	{

-	ASN1_GENERALIZEDTIME *ret=NULL;

-	ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,

-		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);

-		return(NULL);

-		}

-#ifdef CHARSET_EBCDIC

-	ascii2ebcdic(ret->data, ret->data, ret->length);

-#endif

-	if (!ASN1_GENERALIZEDTIME_check(ret))

-		{

-		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);

-		goto err;

-		}

-	return(ret);

-err:

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		M_ASN1_GENERALIZEDTIME_free(ret);

-	return(NULL);

-	}

-#endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)

-	{

-	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};

-	static int max[9]={99, 99,12,31,23,59,59,12,59};

-	char *a;

-	int n,i,l,o;

-	if (d->type != V_ASN1_GENERALIZEDTIME) return(0);

-	l=d->length;

-	a=(char *)d->data;

-	o=0;

-	/* GENERALIZEDTIME is similar to UTCTIME except the year is

-         * represented as YYYY. This stuff treats everything as a two digit

-         * field so make first two fields 00 to 99

-         */

-	if (l < 13) goto err;

-	for (i=0; i<7; i++)

-		{

-		if ((i == 6) && ((a[o] == 'Z') ||

-			(a[o] == '+') || (a[o] == '-')))

-			{ i++; break; }

-		if ((a[o] < '0') || (a[o] > '9')) goto err;

-		n= a[o]-'0';

-		if (++o > l) goto err;

-		if ((a[o] < '0') || (a[o] > '9')) goto err;

-		n=(n*10)+ a[o]-'0';

-		if (++o > l) goto err;

-		if ((n < min[i]) || (n > max[i])) goto err;

-		}

-	/* Optional fractional seconds: decimal point followed by one

-	 * or more digits.

-	 */

-	if (a[o] == '.')

-		{

-		if (++o > l) goto err;

-		i = o;

-		while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))

-			o++;

-		/* Must have at least one digit after decimal point */

-		if (i == o) goto err;

-		}

-	if (a[o] == 'Z')

-		o++;

-	else if ((a[o] == '+') || (a[o] == '-'))

-		{

-		o++;

-		if (o+4 > l) goto err;

-		for (i=7; i<9; i++)

-			{

-			if ((a[o] < '0') || (a[o] > '9')) goto err;

-			n= a[o]-'0';

-			o++;

-			if ((a[o] < '0') || (a[o] > '9')) goto err;

-			n=(n*10)+ a[o]-'0';

-			if ((n < min[i]) || (n > max[i])) goto err;

-			o++;

-			}

-		}

-	return(o == l);

-err:

-	return(0);

-	}

-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)

-	{

-	ASN1_GENERALIZEDTIME t;

-	t.type=V_ASN1_GENERALIZEDTIME;

-	t.length=strlen(str);

-	t.data=(unsigned char *)str;

-	if (ASN1_GENERALIZEDTIME_check(&t))

-		{

-		if (s != NULL)

-			{

-			if (!ASN1_STRING_set((ASN1_STRING *)s,

-				(unsigned char *)str,t.length))

-				return 0;

-			s->type=V_ASN1_GENERALIZEDTIME;

-			}

-		return(1);

-		}

-	else

-		return(0);

-	}

-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,

-	     time_t t)

-	{

-	char *p;

-	struct tm *ts;

-	struct tm data;

-	size_t len = 20;

-	if (s == NULL)

-		s=M_ASN1_GENERALIZEDTIME_new();

-	if (s == NULL)

-		return(NULL);

-	ts=OPENSSL_gmtime(&t, &data);

-	if (ts == NULL)

-		return(NULL);

-	p=(char *)s->data;

-	if ((p == NULL) || ((size_t)s->length < len))

-		{

-		p=OPENSSL_malloc(len);

-		if (p == NULL)

-			{

-			ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		if (s->data != NULL)

-			OPENSSL_free(s->data);

-		s->data=(unsigned char *)p;

-		}

-	BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,

-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);

-	s->length=strlen(p);

-	s->type=V_ASN1_GENERALIZEDTIME;

-#ifdef CHARSET_EBCDIC_not

-	ebcdic2ascii(s->data, s->data, s->length);

-#endif

-	return(s);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_hdr.c

+++ /dev/null

@@ -1,119 +1,0 @@

-/* crypto/asn1/a_hdr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1_mac.h>

-#include <openssl/asn1.h>

-int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)

-	{

-	M_ASN1_I2D_vars(a);

-	M_ASN1_I2D_len(a->header,	i2d_ASN1_OCTET_STRING);

-	M_ASN1_I2D_len(a->data,		a->meth->i2d);

-	M_ASN1_I2D_seq_total();

-	M_ASN1_I2D_put(a->header,	i2d_ASN1_OCTET_STRING);

-	M_ASN1_I2D_put(a->data,		a->meth->i2d);

-	M_ASN1_I2D_finish();

-	}

-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,

-	     long length)

-	{

-	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);

-	M_ASN1_D2I_Init();

-        M_ASN1_D2I_start_sequence();

-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);

-	if (ret->meth != NULL)

-		{

-		M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);

-		}

-	else

-		{

-		if (a != NULL) (*a)=ret;

-		return(ret);

-		}

-        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);

-	}

-ASN1_HEADER *ASN1_HEADER_new(void)

-	{

-	ASN1_HEADER *ret=NULL;

-	ASN1_CTX c;

-	M_ASN1_New_Malloc(ret,ASN1_HEADER);

-	M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);

-	ret->meth=NULL;

-	ret->data=NULL;

-	return(ret);

-        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);

-	}

-void ASN1_HEADER_free(ASN1_HEADER *a)

-	{

-	if (a == NULL) return;

-	M_ASN1_OCTET_STRING_free(a->header);

-	if (a->meth != NULL)

-		a->meth->destroy(a->data);

-	OPENSSL_free(a);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_i2d_fp.c

+++ /dev/null

@@ -1,163 +1,0 @@

-/* crypto/asn1/a_i2d_fp.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-#ifndef NO_OLD_ASN1

-#ifndef OPENSSL_NO_FP_API

-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,out,BIO_NOCLOSE);

-        ret=ASN1_i2d_bio(i2d,b,x);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)

-	{

-	char *b;

-	unsigned char *p;

-	int i,j=0,n,ret=1;

-	n=i2d(x,NULL);

-	b=(char *)OPENSSL_malloc(n);

-	if (b == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	p=(unsigned char *)b;

-	i2d(x,&p);

-	for (;;)

-		{

-		i=BIO_write(out,&(b[j]),n);

-		if (i == n) break;

-		if (i <= 0)

-			{

-			ret=0;

-			break;

-			}

-		j+=i;

-		n-=i;

-		}

-	OPENSSL_free(b);

-	return(ret);

-	}

-#endif

-#ifndef OPENSSL_NO_FP_API

-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,out,BIO_NOCLOSE);

-        ret=ASN1_item_i2d_bio(it,b,x);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)

-	{

-	unsigned char *b = NULL;

-	int i,j=0,n,ret=1;

-	n = ASN1_item_i2d(x, &b, it);

-	if (b == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	for (;;)

-		{

-		i=BIO_write(out,&(b[j]),n);

-		if (i == n) break;

-		if (i <= 0)

-			{

-			ret=0;

-			break;

-			}

-		j+=i;

-		n-=i;

-		}

-	OPENSSL_free(b);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_int.c

+++ /dev/null

@@ -1,459 +1,0 @@

-/* crypto/asn1/a_int.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/bn.h>

-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)

-{ return M_ASN1_INTEGER_dup(x);}

-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)

-	{

-	int neg, ret;

-	/* Compare signs */

-	neg = x->type & V_ASN1_NEG;

-	if (neg != (y->type & V_ASN1_NEG))

-		{

-		if (neg)

-			return -1;

-		else

-			return 1;

-		}

-	ret = ASN1_STRING_cmp(x, y);

-	if (neg)

-		return -ret;

-	else

-		return ret;

-	}

-/*

- * This converts an ASN1 INTEGER into its content encoding.

- * The internal representation is an ASN1_STRING whose data is a big endian

- * representation of the value, ignoring the sign. The sign is determined by

- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.

- *

- * Positive integers are no problem: they are almost the same as the DER

- * encoding, except if the first byte is >= 0x80 we need to add a zero pad.

- *

- * Negative integers are a bit trickier...

- * The DER representation of negative integers is in 2s complement form.

- * The internal form is converted by complementing each octet and finally

- * adding one to the result. This can be done less messily with a little trick.

- * If the internal form has trailing zeroes then they will become FF by the

- * complement and 0 by the add one (due to carry) so just copy as many trailing

- * zeros to the destination as there are in the source. The carry will add one

- * to the last none zero octet: so complement this octet and add one and finally

- * complement any left over until you get to the start of the string.

- *

- * Padding is a little trickier too. If the first bytes is > 0x80 then we pad

- * with 0xff. However if the first byte is 0x80 and one of the following bytes

- * is non-zero we pad with 0xff. The reason for this distinction is that 0x80

- * followed by optional zeros isn't padded.

- */

-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)

-	{

-	int pad=0,ret,i,neg;

-	unsigned char *p,*n,pb=0;

-	if ((a == NULL) || (a->data == NULL)) return(0);

-	neg=a->type & V_ASN1_NEG;

-	if (a->length == 0)

-		ret=1;

-	else

-		{

-		ret=a->length;

-		i=a->data[0];

-		if (!neg && (i > 127)) {

-			pad=1;

-			pb=0;

-		} else if(neg) {

-			if(i>128) {

-				pad=1;

-				pb=0xFF;

-			} else if(i == 128) {

-			/*

-			 * Special case: if any other bytes non zero we pad:

-			 * otherwise we don't.

-			 */

-				for(i = 1; i < a->length; i++) if(a->data[i]) {

-						pad=1;

-						pb=0xFF;

-						break;

-				}

-			}

-		}

-		ret+=pad;

-		}

-	if (pp == NULL) return(ret);

-	p= *pp;

-	if (pad) *(p++)=pb;

-	if (a->length == 0) *(p++)=0;

-	else if (!neg) memcpy(p,a->data,(unsigned int)a->length);

-	else {

-		/* Begin at the end of the encoding */

-		n=a->data + a->length - 1;

-		p += a->length - 1;

-		i = a->length;

-		/* Copy zeros to destination as long as source is zero */

-		while(!*n) {

-			*(p--) = 0;

-			n--;

-			i--;

-		}

-		/* Complement and increment next octet */

-		*(p--) = ((*(n--)) ^ 0xff) + 1;

-		i--;

-		/* Complement any octets left */

-		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;

-	}

-	*pp+=ret;

-	return(ret);

-	}

-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */

-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,

-	     long len)

-	{

-	ASN1_INTEGER *ret=NULL;

-	const unsigned char *p, *pend;

-	unsigned char *to,*s;

-	int i;

-	if ((a == NULL) || ((*a) == NULL))

-		{

-		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);

-		ret->type=V_ASN1_INTEGER;

-		}

-	else

-		ret=(*a);

-	p= *pp;

-	pend = p + len;

-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it

-	 * signifies a missing NULL parameter. */

-	s=(unsigned char *)OPENSSL_malloc((int)len+1);

-	if (s == NULL)

-		{

-		i=ERR_R_MALLOC_FAILURE;

-		goto err;

-		}

-	to=s;

-	if(!len) {

-		/* Strictly speaking this is an illegal INTEGER but we

-		 * tolerate it.

-		 */

-		ret->type=V_ASN1_INTEGER;

-	} else if (*p & 0x80) /* a negative number */

-		{

-		ret->type=V_ASN1_NEG_INTEGER;

-		if ((*p == 0xff) && (len != 1)) {

-			p++;

-			len--;

-		}

-		i = len;

-		p += i - 1;

-		to += i - 1;

-		while((!*p) && i) {

-			*(to--) = 0;

-			i--;

-			p--;

-		}

-		/* Special case: if all zeros then the number will be of

-		 * the form FF followed by n zero bytes: this corresponds to

-		 * 1 followed by n zero bytes. We've already written n zeros

-		 * so we just append an extra one and set the first byte to

-		 * a 1. This is treated separately because it is the only case

-		 * where the number of bytes is larger than len.

-		 */

-		if(!i) {

-			*s = 1;

-			s[len] = 0;

-			len++;

-		} else {

-			*(to--) = (*(p--) ^ 0xff) + 1;

-			i--;

-			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;

-		}

-	} else {

-		ret->type=V_ASN1_INTEGER;

-		if ((*p == 0) && (len != 1))

-			{

-			p++;

-			len--;

-			}

-		memcpy(s,p,(int)len);

-	}

-	if (ret->data != NULL) OPENSSL_free(ret->data);

-	ret->data=s;

-	ret->length=(int)len;

-	if (a != NULL) (*a)=ret;

-	*pp=pend;

-	return(ret);

-err:

-	ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		M_ASN1_INTEGER_free(ret);

-	return(NULL);

-	}

-/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of

- * ASN1 integers: some broken software can encode a positive INTEGER

- * with its MSB set as negative (it doesn't add a padding zero).

- */

-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,

-	     long length)

-	{

-	ASN1_INTEGER *ret=NULL;

-	const unsigned char *p;

-	unsigned char *to,*s;

-	long len;

-	int inf,tag,xclass;

-	int i;

-	if ((a == NULL) || ((*a) == NULL))

-		{

-		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);

-		ret->type=V_ASN1_INTEGER;

-		}

-	else

-		ret=(*a);

-	p= *pp;

-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);

-	if (inf & 0x80)

-		{

-		i=ASN1_R_BAD_OBJECT_HEADER;

-		goto err;

-		}

-	if (tag != V_ASN1_INTEGER)

-		{

-		i=ASN1_R_EXPECTING_AN_INTEGER;

-		goto err;

-		}

-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it

-	 * signifies a missing NULL parameter. */

-	s=(unsigned char *)OPENSSL_malloc((int)len+1);

-	if (s == NULL)

-		{

-		i=ERR_R_MALLOC_FAILURE;

-		goto err;

-		}

-	to=s;

-	ret->type=V_ASN1_INTEGER;

-	if(len) {

-		if ((*p == 0) && (len != 1))

-			{

-			p++;

-			len--;

-			}

-		memcpy(s,p,(int)len);

-		p+=len;

-	}

-	if (ret->data != NULL) OPENSSL_free(ret->data);

-	ret->data=s;

-	ret->length=(int)len;

-	if (a != NULL) (*a)=ret;

-	*pp=p;

-	return(ret);

-err:

-	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		M_ASN1_INTEGER_free(ret);

-	return(NULL);

-	}

-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)

-	{

-	int j,k;

-	unsigned int i;

-	unsigned char buf[sizeof(long)+1];

-	long d;

-	a->type=V_ASN1_INTEGER;

-	if (a->length < (int)(sizeof(long)+1))

-		{

-		if (a->data != NULL)

-			OPENSSL_free(a->data);

-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)

-			memset((char *)a->data,0,sizeof(long)+1);

-		}

-	if (a->data == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	d=v;

-	if (d < 0)

-		{

-		d= -d;

-		a->type=V_ASN1_NEG_INTEGER;

-		}

-	for (i=0; i<sizeof(long); i++)

-		{

-		if (d == 0) break;

-		buf[i]=(int)d&0xff;

-		d>>=8;

-		}

-	j=0;

-	for (k=i-1; k >=0; k--)

-		a->data[j++]=buf[k];

-	a->length=j;

-	return(1);

-	}

-long ASN1_INTEGER_get(ASN1_INTEGER *a)

-	{

-	int neg=0,i;

-	long r=0;

-	if (a == NULL) return(0L);

-	i=a->type;

-	if (i == V_ASN1_NEG_INTEGER)

-		neg=1;

-	else if (i != V_ASN1_INTEGER)

-		return -1;

-	if (a->length > (int)sizeof(long))

-		{

-		/* hmm... a bit ugly */

-		return(0xffffffffL);

-		}

-	if (a->data == NULL)

-		return 0;

-	for (i=0; i<a->length; i++)

-		{

-		r<<=8;

-		r|=(unsigned char)a->data[i];

-		}

-	if (neg) r= -r;

-	return(r);

-	}

-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)

-	{

-	ASN1_INTEGER *ret;

-	int len,j;

-	if (ai == NULL)

-		ret=M_ASN1_INTEGER_new();

-	else

-		ret=ai;

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);

-		goto err;

-		}

-	if (BN_is_negative(bn))

-		ret->type = V_ASN1_NEG_INTEGER;

-	else ret->type=V_ASN1_INTEGER;

-	j=BN_num_bits(bn);

-	len=((j == 0)?0:((j/8)+1));

-	if (ret->length < len+4)

-		{

-		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);

-		if (!new_data)

-			{

-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		ret->data=new_data;

-		}

-	ret->length=BN_bn2bin(bn,ret->data);

-	/* Correct zero case */

-	if(!ret->length)

-		{

-		ret->data[0] = 0;

-		ret->length = 1;

-		}

-	return(ret);

-err:

-	if (ret != ai) M_ASN1_INTEGER_free(ret);

-	return(NULL);

-	}

-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)

-	{

-	BIGNUM *ret;

-	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)

-		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);

-	else if(ai->type == V_ASN1_NEG_INTEGER)

-		BN_set_negative(ret, 1);

-	return(ret);

-	}

-IMPLEMENT_STACK_OF(ASN1_INTEGER)

-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_mbstr.c

+++ /dev/null

@@ -1,400 +1,0 @@

-/* a_mbstr.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-static int traverse_string(const unsigned char *p, int len, int inform,

-		 int (*rfunc)(unsigned long value, void *in), void *arg);

-static int in_utf8(unsigned long value, void *arg);

-static int out_utf8(unsigned long value, void *arg);

-static int type_str(unsigned long value, void *arg);

-static int cpy_asc(unsigned long value, void *arg);

-static int cpy_bmp(unsigned long value, void *arg);

-static int cpy_univ(unsigned long value, void *arg);

-static int cpy_utf8(unsigned long value, void *arg);

-static int is_printable(unsigned long value);

-/* These functions take a string in UTF8, ASCII or multibyte form and

- * a mask of permissible ASN1 string types. It then works out the minimal

- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)

- * and creates a string of the correct type with the supplied data.

- * Yes this is horrible: it has to be :-(

- * The 'ncopy' form checks minimum and maximum size limits too.

- */

-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,

-					int inform, unsigned long mask)

-{

-	return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);

-}

-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,

-					int inform, unsigned long mask,

-					long minsize, long maxsize)

-{

-	int str_type;

-	int ret;

-	char free_out;

-	int outform, outlen;

-	ASN1_STRING *dest;

-	unsigned char *p;

-	int nchar;

-	char strbuf[32];

-	int (*cpyfunc)(unsigned long,void *) = NULL;

-	if(len == -1) len = strlen((const char *)in);

-	if(!mask) mask = DIRSTRING_TYPE;

-	/* First do a string check and work out the number of characters */

-	switch(inform) {

-		case MBSTRING_BMP:

-		if(len & 1) {

-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,

-					 ASN1_R_INVALID_BMPSTRING_LENGTH);

-			return -1;

-		}

-		nchar = len >> 1;

-		break;

-		case MBSTRING_UNIV:

-		if(len & 3) {

-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,

-					 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);

-			return -1;

-		}

-		nchar = len >> 2;

-		break;

-		case MBSTRING_UTF8:

-		nchar = 0;

-		/* This counts the characters and does utf8 syntax checking */

-		ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);

-		if(ret < 0) {

-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,

-						 ASN1_R_INVALID_UTF8STRING);

-			return -1;

-		}

-		break;

-		case MBSTRING_ASC:

-		nchar = len;

-		break;

-		default:

-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);

-		return -1;

-	}

-	if((minsize > 0) && (nchar < minsize)) {

-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);

-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);

-		ERR_add_error_data(2, "minsize=", strbuf);

-		return -1;

-	}

-	if((maxsize > 0) && (nchar > maxsize)) {

-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);

-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);

-		ERR_add_error_data(2, "maxsize=", strbuf);

-		return -1;

-	}

-	/* Now work out minimal type (if any) */

-	if(traverse_string(in, len, inform, type_str, &mask) < 0) {

-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);

-		return -1;

-	}

-	/* Now work out output format and string type */

-	outform = MBSTRING_ASC;

-	if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;

-	else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;

-	else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;

-	else if(mask & B_ASN1_BMPSTRING) {

-		str_type = V_ASN1_BMPSTRING;

-		outform = MBSTRING_BMP;

-	} else if(mask & B_ASN1_UNIVERSALSTRING) {

-		str_type = V_ASN1_UNIVERSALSTRING;

-		outform = MBSTRING_UNIV;

-	} else {

-		str_type = V_ASN1_UTF8STRING;

-		outform = MBSTRING_UTF8;

-	}

-	if(!out) return str_type;

-	if(*out) {

-		free_out = 0;

-		dest = *out;

-		if(dest->data) {

-			dest->length = 0;

-			OPENSSL_free(dest->data);

-			dest->data = NULL;

-		}

-		dest->type = str_type;

-	} else {

-		free_out = 1;

-		dest = ASN1_STRING_type_new(str_type);

-		if(!dest) {

-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,

-							ERR_R_MALLOC_FAILURE);

-			return -1;

-		}

-		*out = dest;

-	}

-	/* If both the same type just copy across */

-	if(inform == outform) {

-		if(!ASN1_STRING_set(dest, in, len)) {

-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);

-			return -1;

-		}

-		return str_type;

-	}

-	/* Work out how much space the destination will need */

-	switch(outform) {

-		case MBSTRING_ASC:

-		outlen = nchar;

-		cpyfunc = cpy_asc;

-		break;

-		case MBSTRING_BMP:

-		outlen = nchar << 1;

-		cpyfunc = cpy_bmp;

-		break;

-		case MBSTRING_UNIV:

-		outlen = nchar << 2;

-		cpyfunc = cpy_univ;

-		break;

-		case MBSTRING_UTF8:

-		outlen = 0;

-		traverse_string(in, len, inform, out_utf8, &outlen);

-		cpyfunc = cpy_utf8;

-		break;

-	}

-	if(!(p = OPENSSL_malloc(outlen + 1))) {

-		if(free_out) ASN1_STRING_free(dest);

-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);

-		return -1;

-	}

-	dest->length = outlen;

-	dest->data = p;

-	p[outlen] = 0;

-	traverse_string(in, len, inform, cpyfunc, &p);

-	return str_type;

-}

-/* This function traverses a string and passes the value of each character

- * to an optional function along with a void * argument.

- */

-static int traverse_string(const unsigned char *p, int len, int inform,

-		 int (*rfunc)(unsigned long value, void *in), void *arg)

-{

-	unsigned long value;

-	int ret;

-	while(len) {

-		if(inform == MBSTRING_ASC) {

-			value = *p++;

-			len--;

-		} else if(inform == MBSTRING_BMP) {

-			value = *p++ << 8;

-			value |= *p++;

-			len -= 2;

-		} else if(inform == MBSTRING_UNIV) {

-			value = ((unsigned long)*p++) << 24;

-			value |= ((unsigned long)*p++) << 16;

-			value |= *p++ << 8;

-			value |= *p++;

-			len -= 4;

-		} else {

-			ret = UTF8_getc(p, len, &value);

-			if(ret < 0) return -1;

-			len -= ret;

-			p += ret;

-		}

-		if(rfunc) {

-			ret = rfunc(value, arg);

-			if(ret <= 0) return ret;

-		}

-	}

-	return 1;

-}

-/* Various utility functions for traverse_string */

-/* Just count number of characters */

-static int in_utf8(unsigned long value, void *arg)

-{

-	int *nchar;

-	nchar = arg;

-	(*nchar)++;

-	return 1;

-}

-/* Determine size of output as a UTF8 String */

-static int out_utf8(unsigned long value, void *arg)

-{

-	int *outlen;

-	outlen = arg;

-	*outlen += UTF8_putc(NULL, -1, value);

-	return 1;

-}

-/* Determine the "type" of a string: check each character against a

- * supplied "mask".

- */

-static int type_str(unsigned long value, void *arg)

-{

-	unsigned long types;

-	types = *((unsigned long *)arg);

-	if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))

-					types &= ~B_ASN1_PRINTABLESTRING;

-	if((types & B_ASN1_IA5STRING) && (value > 127))

-					types &= ~B_ASN1_IA5STRING;

-	if((types & B_ASN1_T61STRING) && (value > 0xff))

-					types &= ~B_ASN1_T61STRING;

-	if((types & B_ASN1_BMPSTRING) && (value > 0xffff))

-					types &= ~B_ASN1_BMPSTRING;

-	if(!types) return -1;

-	*((unsigned long *)arg) = types;

-	return 1;

-}

-/* Copy one byte per character ASCII like strings */

-static int cpy_asc(unsigned long value, void *arg)

-{

-	unsigned char **p, *q;

-	p = arg;

-	q = *p;

-	*q = (unsigned char) value;

-	(*p)++;

-	return 1;

-}

-/* Copy two byte per character BMPStrings */

-static int cpy_bmp(unsigned long value, void *arg)

-{

-	unsigned char **p, *q;

-	p = arg;

-	q = *p;

-	*q++ = (unsigned char) ((value >> 8) & 0xff);

-	*q = (unsigned char) (value & 0xff);

-	*p += 2;

-	return 1;

-}

-/* Copy four byte per character UniversalStrings */

-static int cpy_univ(unsigned long value, void *arg)

-{

-	unsigned char **p, *q;

-	p = arg;

-	q = *p;

-	*q++ = (unsigned char) ((value >> 24) & 0xff);

-	*q++ = (unsigned char) ((value >> 16) & 0xff);

-	*q++ = (unsigned char) ((value >> 8) & 0xff);

-	*q = (unsigned char) (value & 0xff);

-	*p += 4;

-	return 1;

-}

-/* Copy to a UTF8String */

-static int cpy_utf8(unsigned long value, void *arg)

-{

-	unsigned char **p;

-	int ret;

-	p = arg;

-	/* We already know there is enough room so pass 0xff as the length */

-	ret = UTF8_putc(*p, 0xff, value);

-	*p += ret;

-	return 1;

-}

-/* Return 1 if the character is permitted in a PrintableString */

-static int is_printable(unsigned long value)

-{

-	int ch;

-	if(value > 0x7f) return 0;

-	ch = (int) value;

-	/* Note: we can't use 'isalnum' because certain accented

-	 * characters may count as alphanumeric in some environments.

-	 */

-#ifndef CHARSET_EBCDIC

-	if((ch >= 'a') && (ch <= 'z')) return 1;

-	if((ch >= 'A') && (ch <= 'Z')) return 1;

-	if((ch >= '0') && (ch <= '9')) return 1;

-	if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;

-#else /*CHARSET_EBCDIC*/

-	if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;

-	if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;

-	if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;

-	if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;

-#endif /*CHARSET_EBCDIC*/

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_meth.c

+++ /dev/null

@@ -1,84 +1,0 @@

-/* crypto/asn1/a_meth.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-static  ASN1_METHOD ia5string_meth={

-	(I2D_OF(void))	i2d_ASN1_IA5STRING,

-	(D2I_OF(void))	d2i_ASN1_IA5STRING,

-	(void *(*)(void))ASN1_STRING_new,

-	(void (*)(void *))ASN1_STRING_free};

-static  ASN1_METHOD bit_string_meth={

-	(I2D_OF(void))	i2d_ASN1_BIT_STRING,

-	(D2I_OF(void))	d2i_ASN1_BIT_STRING,

-	(void *(*)(void))ASN1_STRING_new,

-	(void (*)(void *))ASN1_STRING_free};

-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)

-	{

-	return(&ia5string_meth);

-	}

-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)

-	{

-	return(&bit_string_meth);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_object.c

+++ /dev/null

@@ -1,385 +1,0 @@

-/* crypto/asn1/a_object.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <limits.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)

-	{

-	unsigned char *p;

-	int objsize;

-	if ((a == NULL) || (a->data == NULL)) return(0);

-	objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);

-	if (pp == NULL) return objsize;

-	p= *pp;

-	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);

-	memcpy(p,a->data,a->length);

-	p+=a->length;

-	*pp=p;

-	return(objsize);

-	}

-int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)

-	{

-	int i,first,len=0,c, use_bn;

-	char ftmp[24], *tmp = ftmp;

-	int tmpsize = sizeof ftmp;

-	const char *p;

-	unsigned long l;

-	BIGNUM *bl = NULL;

-	if (num == 0)

-		return(0);

-	else if (num == -1)

-		num=strlen(buf);

-	p=buf;

-	c= *(p++);

-	num--;

-	if ((c >= '0') && (c <= '2'))

-		{

-		first= c-'0';

-		}

-	else

-		{

-		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);

-		goto err;

-		}

-	if (num <= 0)

-		{

-		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);

-		goto err;

-		}

-	c= *(p++);

-	num--;

-	for (;;)

-		{

-		if (num <= 0) break;

-		if ((c != '.') && (c != ' '))

-			{

-			ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);

-			goto err;

-			}

-		l=0;

-		use_bn = 0;

-		for (;;)

-			{

-			if (num <= 0) break;

-			num--;

-			c= *(p++);

-			if ((c == ' ') || (c == '.'))

-				break;

-			if ((c < '0') || (c > '9'))

-				{

-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);

-				goto err;

-				}

-			if (!use_bn && l > (ULONG_MAX / 10L))

-				{

-				use_bn = 1;

-				if (!bl)

-					bl = BN_new();

-				if (!bl || !BN_set_word(bl, l))

-					goto err;

-				}

-			if (use_bn)

-				{

-				if (!BN_mul_word(bl, 10L)

-					|| !BN_add_word(bl, c-'0'))

-					goto err;

-				}

-			else

-				l=l*10L+(long)(c-'0');

-			}

-		if (len == 0)

-			{

-			if ((first < 2) && (l >= 40))

-				{

-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);

-				goto err;

-				}

-			if (use_bn)

-				{

-				if (!BN_add_word(bl, first * 40))

-					goto err;

-				}

-			else

-				l+=(long)first*40;

-			}

-		i=0;

-		if (use_bn)

-			{

-			int blsize;

-			blsize = BN_num_bits(bl);

-			blsize = (blsize + 6)/7;

-			if (blsize > tmpsize)

-				{

-				if (tmp != ftmp)

-					OPENSSL_free(tmp);

-				tmpsize = blsize + 32;

-				tmp = OPENSSL_malloc(tmpsize);

-				if (!tmp)

-					goto err;

-				}

-			while(blsize--)

-				tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);

-			}

-		else

-			{

-			for (;;)

-				{

-				tmp[i++]=(unsigned char)l&0x7f;

-				l>>=7L;

-				if (l == 0L) break;

-				}

-			}

-		if (out != NULL)

-			{

-			if (len+i > olen)

-				{

-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);

-				goto err;

-				}

-			while (--i > 0)

-				out[len++]=tmp[i]|0x80;

-			out[len++]=tmp[0];

-			}

-		else

-			len+=i;

-		}

-	if (tmp != ftmp)

-		OPENSSL_free(tmp);

-	if (bl)

-		BN_free(bl);

-	return(len);

-err:

-	if (tmp != ftmp)

-		OPENSSL_free(tmp);

-	if (bl)

-		BN_free(bl);

-	return(0);

-	}

-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)

-{

-	return OBJ_obj2txt(buf, buf_len, a, 0);

-}

-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)

-	{

-	char buf[80], *p = buf;

-	int i;

-	if ((a == NULL) || (a->data == NULL))

-		return(BIO_write(bp,"NULL",4));

-	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);

-	if (i > (int)(sizeof(buf) - 1))

-		{

-		p = OPENSSL_malloc(i + 1);

-		if (!p)

-			return -1;

-		i2t_ASN1_OBJECT(p,i + 1,a);

-		}

-	if (i <= 0)

-		return BIO_write(bp, "<INVALID>", 9);

-	BIO_write(bp,p,i);

-	if (p != buf)

-		OPENSSL_free(p);

-	return(i);

-	}

-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,

-	     long length)

-{

-	const unsigned char *p;

-	long len;

-	int tag,xclass;

-	int inf,i;

-	ASN1_OBJECT *ret = NULL;

-	p= *pp;

-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);

-	if (inf & 0x80)

-		{

-		i=ASN1_R_BAD_OBJECT_HEADER;

-		goto err;

-		}

-	if (tag != V_ASN1_OBJECT)

-		{

-		i=ASN1_R_EXPECTING_AN_OBJECT;

-		goto err;

-		}

-	ret = c2i_ASN1_OBJECT(a, &p, len);

-	if(ret) *pp = p;

-	return ret;

-err:

-	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		ASN1_OBJECT_free(ret);

-	return(NULL);

-}

-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,

-	     long len)

-	{

-	ASN1_OBJECT *ret=NULL;

-	const unsigned char *p;

-	int i;

-	/* only the ASN1_OBJECTs from the 'table' will have values

-	 * for ->sn or ->ln */

-	if ((a == NULL) || ((*a) == NULL) ||

-		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))

-		{

-		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);

-		}

-	else	ret=(*a);

-	p= *pp;

-	if ((ret->data == NULL) || (ret->length < len))

-		{

-		if (ret->data != NULL) OPENSSL_free(ret->data);

-		ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);

-		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;

-		if (ret->data == NULL)

-			{ i=ERR_R_MALLOC_FAILURE; goto err; }

-		}

-	memcpy(ret->data,p,(int)len);

-	ret->length=(int)len;

-	ret->sn=NULL;

-	ret->ln=NULL;

-	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */

-	p+=len;

-	if (a != NULL) (*a)=ret;

-	*pp=p;

-	return(ret);

-err:

-	ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		ASN1_OBJECT_free(ret);

-	return(NULL);

-	}

-ASN1_OBJECT *ASN1_OBJECT_new(void)

-	{

-	ASN1_OBJECT *ret;

-	ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->length=0;

-	ret->data=NULL;

-	ret->nid=0;

-	ret->sn=NULL;

-	ret->ln=NULL;

-	ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;

-	return(ret);

-	}

-void ASN1_OBJECT_free(ASN1_OBJECT *a)

-	{

-	if (a == NULL) return;

-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)

-		{

-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */

-		if (a->sn != NULL) OPENSSL_free((void *)a->sn);

-		if (a->ln != NULL) OPENSSL_free((void *)a->ln);

-#endif

-		a->sn=a->ln=NULL;

-		}

-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)

-		{

-		if (a->data != NULL) OPENSSL_free(a->data);

-		a->data=NULL;

-		a->length=0;

-		}

-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)

-		OPENSSL_free(a);

-	}

-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,

-	     const char *sn, const char *ln)

-	{

-	ASN1_OBJECT o;

-	o.sn=sn;

-	o.ln=ln;

-	o.data=data;

-	o.nid=nid;

-	o.length=len;

-	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|

-		ASN1_OBJECT_FLAG_DYNAMIC_DATA;

-	return(OBJ_dup(&o));

-	}

-IMPLEMENT_STACK_OF(ASN1_OBJECT)

-IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_octet.c

+++ /dev/null

@@ -1,71 +1,0 @@

-/* crypto/asn1/a_octet.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)

-{ return M_ASN1_OCTET_STRING_dup(x); }

-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)

-{ return M_ASN1_OCTET_STRING_cmp(a, b); }

-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)

-{ return M_ASN1_OCTET_STRING_set(x, d, len); }

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_print.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/asn1/a_print.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-int ASN1_PRINTABLE_type(const unsigned char *s, int len)

-	{

-	int c;

-	int ia5=0;

-	int t61=0;

-	if (len <= 0) len= -1;

-	if (s == NULL) return(V_ASN1_PRINTABLESTRING);

-	while ((*s) && (len-- != 0))

-		{

-		c= *(s++);

-#ifndef CHARSET_EBCDIC

-		if (!(	((c >= 'a') && (c <= 'z')) ||

-			((c >= 'A') && (c <= 'Z')) ||

-			(c == ' ') ||

-			((c >= '0') && (c <= '9')) ||

-			(c == ' ') || (c == '\'') ||

-			(c == '(') || (c == ')') ||

-			(c == '+') || (c == ',') ||

-			(c == '-') || (c == '.') ||

-			(c == '/') || (c == ':') ||

-			(c == '=') || (c == '?')))

-			ia5=1;

-		if (c&0x80)

-			t61=1;

-#else

-		if (!isalnum(c) && (c != ' ') &&

-		    strchr("'()+,-./:=?", c) == NULL)

-			ia5=1;

-		if (os_toascii[c] & 0x80)

-			t61=1;

-#endif

-		}

-	if (t61) return(V_ASN1_T61STRING);

-	if (ia5) return(V_ASN1_IA5STRING);

-	return(V_ASN1_PRINTABLESTRING);

-	}

-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)

-	{

-	int i;

-	unsigned char *p;

-	if (s->type != V_ASN1_UNIVERSALSTRING) return(0);

-	if ((s->length%4) != 0) return(0);

-	p=s->data;

-	for (i=0; i<s->length; i+=4)

-		{

-		if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))

-			break;

-		else

-			p+=4;

-		}

-	if (i < s->length) return(0);

-	p=s->data;

-	for (i=3; i<s->length; i+=4)

-		{

-		*(p++)=s->data[i];

-		}

-	*(p)='\0';

-	s->length/=4;

-	s->type=ASN1_PRINTABLE_type(s->data,s->length);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_set.c

+++ /dev/null

@@ -1,238 +1,0 @@

-/* crypto/asn1/a_set.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1_mac.h>

-#ifndef NO_ASN1_OLD

-typedef struct

-    {

-    unsigned char *pbData;

-    int cbData;

-    } MYBLOB;

-/* SetBlobCmp

- * This function compares two elements of SET_OF block

- */

-static int SetBlobCmp(const void *elem1, const void *elem2 )

-    {

-    const MYBLOB *b1 = (const MYBLOB *)elem1;

-    const MYBLOB *b2 = (const MYBLOB *)elem2;

-    int r;

-    r = memcmp(b1->pbData, b2->pbData,

-	       b1->cbData < b2->cbData ? b1->cbData : b2->cbData);

-    if(r != 0)

-	return r;

-    return b1->cbData-b2->cbData;

-    }

-/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */

-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,

-		 int ex_class, int is_set)

-	{

-	int ret=0,r;

-	int i;

-	unsigned char *p;

-        unsigned char *pStart, *pTempMem;

-        MYBLOB *rgSetBlob;

-        int totSize;

-	if (a == NULL) return(0);

-	for (i=sk_num(a)-1; i>=0; i--)

-		ret+=i2d(sk_value(a,i),NULL);

-	r=ASN1_object_size(1,ret,ex_tag);

-	if (pp == NULL) return(r);

-	p= *pp;

-	ASN1_put_object(&p,1,ret,ex_tag,ex_class);

-/* Modified by [email protected] */

-	/* And then again by Ben */

-	/* And again by Steve */

-	if(!is_set || (sk_num(a) < 2))

-		{

-		for (i=0; i<sk_num(a); i++)

-                	i2d(sk_value(a,i),&p);

-		*pp=p;

-		return(r);

-		}

-        pStart  = p; /* Catch the beg of Setblobs*/

-		/* In this array we will store the SET blobs */

-		rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));

-		if (rgSetBlob == NULL)

-			{

-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-        for (i=0; i<sk_num(a); i++)

-	        {

-                rgSetBlob[i].pbData = p;  /* catch each set encode blob */

-                i2d(sk_value(a,i),&p);

-                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this

-SetBlob

-*/

-		}

-        *pp=p;

-        totSize = p - pStart; /* This is the total size of all set blobs */

- /* Now we have to sort the blobs. I am using a simple algo.

-    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/

-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);

-		if (!(pTempMem = OPENSSL_malloc(totSize)))

-			{

-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-/* Copy to temp mem */

-        p = pTempMem;

-        for(i=0; i<sk_num(a); ++i)

-		{

-                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);

-                p += rgSetBlob[i].cbData;

-		}

-/* Copy back to user mem*/

-        memcpy(pStart, pTempMem, totSize);

-        OPENSSL_free(pTempMem);

-        OPENSSL_free(rgSetBlob);

-        return(r);

-        }

-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,

-		    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,

-		    int ex_class)

-	{

-	ASN1_const_CTX c;

-	STACK *ret=NULL;

-	if ((a == NULL) || ((*a) == NULL))

-		{

-		if ((ret=sk_new_null()) == NULL)

-			{

-			ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	else

-		ret=(*a);

-	c.p= *pp;

-	c.max=(length == 0)?0:(c.p+length);

-	c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);

-	if (c.inf & 0x80) goto err;

-	if (ex_class != c.xclass)

-		{

-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);

-		goto err;

-		}

-	if (ex_tag != c.tag)

-		{

-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);

-		goto err;

-		}

-	if ((c.slen+c.p) > c.max)

-		{

-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);

-		goto err;

-		}

-	/* check for infinite constructed - it can be as long

-	 * as the amount of data passed to us */

-	if (c.inf == (V_ASN1_CONSTRUCTED+1))

-		c.slen=length+ *pp-c.p;

-	c.max=c.p+c.slen;

-	while (c.p < c.max)

-		{

-		char *s;

-		if (M_ASN1_D2I_end_sequence()) break;

-		/* XXX: This was called with 4 arguments, incorrectly, it seems

-		   if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */

-		if ((s=d2i(NULL,&c.p,c.slen)) == NULL)

-			{

-			ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);

-			asn1_add_error(*pp,(int)(c.q- *pp));

-			goto err;

-			}

-		if (!sk_push(ret,s)) goto err;

-		}

-	if (a != NULL) (*a)=ret;

-	*pp=c.p;

-	return(ret);

-err:

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		{

-		if (free_func != NULL)

-			sk_pop_free(ret,free_func);

-		else

-			sk_free(ret);

-		}

-	return(NULL);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_sign.c

+++ /dev/null

@@ -1,295 +1,0 @@

-/* crypto/asn1/a_sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#ifndef NO_SYS_TYPES_H

-# include <sys/types.h>

-#endif

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-#ifndef NO_ASN1_OLD

-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,

-	      ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,

-	      const EVP_MD *type)

-	{

-	EVP_MD_CTX ctx;

-	unsigned char *p,*buf_in=NULL,*buf_out=NULL;

-	int i,inl=0,outl=0,outll=0;

-	X509_ALGOR *a;

-	EVP_MD_CTX_init(&ctx);

-	for (i=0; i<2; i++)

-		{

-		if (i == 0)

-			a=algor1;

-		else

-			a=algor2;

-		if (a == NULL) continue;

-                if (type->pkey_type == NID_dsaWithSHA1)

-			{

-			/* special case: RFC 2459 tells us to omit 'parameters'

-			 * with id-dsa-with-sha1 */

-			ASN1_TYPE_free(a->parameter);

-			a->parameter = NULL;

-			}

-		else if ((a->parameter == NULL) ||

-			(a->parameter->type != V_ASN1_NULL))

-			{

-			ASN1_TYPE_free(a->parameter);

-			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;

-			a->parameter->type=V_ASN1_NULL;

-			}

-		ASN1_OBJECT_free(a->algorithm);

-		a->algorithm=OBJ_nid2obj(type->pkey_type);

-		if (a->algorithm == NULL)

-			{

-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);

-			goto err;

-			}

-		if (a->algorithm->length == 0)

-			{

-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

-			goto err;

-			}

-		}

-	inl=i2d(data,NULL);

-	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);

-	outll=outl=EVP_PKEY_size(pkey);

-	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);

-	if ((buf_in == NULL) || (buf_out == NULL))

-		{

-		outl=0;

-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	p=buf_in;

-	i2d(data,&p);

-	EVP_SignInit_ex(&ctx,type, NULL);

-	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);

-	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,

-			(unsigned int *)&outl,pkey))

-		{

-		outl=0;

-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);

-		goto err;

-		}

-	if (signature->data != NULL) OPENSSL_free(signature->data);

-	signature->data=buf_out;

-	buf_out=NULL;

-	signature->length=outl;

-	/* In the interests of compatibility, I'll make sure that

-	 * the bit string has a 'not-used bits' value of 0

-	 */

-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;

-err:

-	EVP_MD_CTX_cleanup(&ctx);

-	if (buf_in != NULL)

-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }

-	if (buf_out != NULL)

-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }

-	return(outl);

-	}

-#endif

-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,

-	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,

-	     const EVP_MD *type)

-	{

-	EVP_MD_CTX ctx;

-	unsigned char *buf_in=NULL,*buf_out=NULL;

-	int i,inl=0,outl=0,outll=0;

-	X509_ALGOR *a;

-	EVP_MD_CTX_init(&ctx);

-	for (i=0; i<2; i++)

-		{

-		if (i == 0)

-			a=algor1;

-		else

-			a=algor2;

-		if (a == NULL) continue;

-                if (type->pkey_type == NID_dsaWithSHA1 ||

-			type->pkey_type == NID_ecdsa_with_SHA1)

-			{

-			/* special case: RFC 3279 tells us to omit 'parameters'

-			 * with id-dsa-with-sha1 and ecdsa-with-SHA1 */

-			ASN1_TYPE_free(a->parameter);

-			a->parameter = NULL;

-			}

-		else if ((a->parameter == NULL) ||

-			(a->parameter->type != V_ASN1_NULL))

-			{

-			ASN1_TYPE_free(a->parameter);

-			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;

-			a->parameter->type=V_ASN1_NULL;

-			}

-		ASN1_OBJECT_free(a->algorithm);

-		a->algorithm=OBJ_nid2obj(type->pkey_type);

-		if (a->algorithm == NULL)

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);

-			goto err;

-			}

-		if (a->algorithm->length == 0)

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

-			goto err;

-			}

-		}

-	inl=ASN1_item_i2d(asn,&buf_in, it);

-	outll=outl=EVP_PKEY_size(pkey);

-	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);

-	if ((buf_in == NULL) || (buf_out == NULL))

-		{

-		outl=0;

-		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	EVP_SignInit_ex(&ctx,type, NULL);

-	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);

-	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,

-			(unsigned int *)&outl,pkey))

-		{

-		outl=0;

-		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);

-		goto err;

-		}

-	if (signature->data != NULL) OPENSSL_free(signature->data);

-	signature->data=buf_out;

-	buf_out=NULL;

-	signature->length=outl;

-	/* In the interests of compatibility, I'll make sure that

-	 * the bit string has a 'not-used bits' value of 0

-	 */

-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;

-err:

-	EVP_MD_CTX_cleanup(&ctx);

-	if (buf_in != NULL)

-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }

-	if (buf_out != NULL)

-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }

-	return(outl);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_strex.c

+++ /dev/null

@@ -1,567 +1,0 @@

-/* a_strex.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/crypto.h>

-#include <openssl/x509.h>

-#include <openssl/asn1.h>

-#include "charmap.h"

-/* ASN1_STRING_print_ex() and X509_NAME_print_ex().

- * Enhanced string and name printing routines handling

- * multibyte characters, RFC2253 and a host of other

- * options.

- */

-#define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)

-/* Three IO functions for sending data to memory, a BIO and

- * and a FILE pointer.

- */

-#if 0				/* never used */

-static int send_mem_chars(void *arg, const void *buf, int len)

-{

-	unsigned char **out = arg;

-	if(!out) return 1;

-	memcpy(*out, buf, len);

-	*out += len;

-	return 1;

-}

-#endif

-static int send_bio_chars(void *arg, const void *buf, int len)

-{

-	if(!arg) return 1;

-	if(BIO_write(arg, buf, len) != len) return 0;

-	return 1;

-}

-static int send_fp_chars(void *arg, const void *buf, int len)

-{

-	if(!arg) return 1;

-	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;

-	return 1;

-}

-typedef int char_io(void *arg, const void *buf, int len);

-/* This function handles display of

- * strings, one character at a time.

- * It is passed an unsigned long for each

- * character because it could come from 2 or even

- * 4 byte forms.

- */

-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)

-{

-	unsigned char chflgs, chtmp;

-	char tmphex[HEX_SIZE(long)+3];

-	if(c > 0xffffffffL)

-		return -1;

-	if(c > 0xffff) {

-		BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);

-		if(!io_ch(arg, tmphex, 10)) return -1;

-		return 10;

-	}

-	if(c > 0xff) {

-		BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);

-		if(!io_ch(arg, tmphex, 6)) return -1;

-		return 6;

-	}

-	chtmp = (unsigned char)c;

-	if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;

-	else chflgs = char_type[chtmp] & flags;

-	if(chflgs & CHARTYPE_BS_ESC) {

-		/* If we don't escape with quotes, signal we need quotes */

-		if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {

-			if(do_quotes) *do_quotes = 1;

-			if(!io_ch(arg, &chtmp, 1)) return -1;

-			return 1;

-		}

-		if(!io_ch(arg, "\\", 1)) return -1;

-		if(!io_ch(arg, &chtmp, 1)) return -1;

-		return 2;

-	}

-	if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {

-		BIO_snprintf(tmphex, 11, "\\%02X", chtmp);

-		if(!io_ch(arg, tmphex, 3)) return -1;

-		return 3;

-	}

-	if(!io_ch(arg, &chtmp, 1)) return -1;

-	return 1;

-}

-#define BUF_TYPE_WIDTH_MASK	0x7

-#define BUF_TYPE_CONVUTF8	0x8

-/* This function sends each character in a buffer to

- * do_esc_char(). It interprets the content formats

- * and converts to or from UTF8 as appropriate.

- */

-static int do_buf(unsigned char *buf, int buflen,

-			int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)

-{

-	int i, outlen, len;

-	unsigned char orflags, *p, *q;

-	unsigned long c;

-	p = buf;

-	q = buf + buflen;

-	outlen = 0;

-	while(p != q) {

-		if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;

-		else orflags = 0;

-		switch(type & BUF_TYPE_WIDTH_MASK) {

-			case 4:

-			c = ((unsigned long)*p++) << 24;

-			c |= ((unsigned long)*p++) << 16;

-			c |= ((unsigned long)*p++) << 8;

-			c |= *p++;

-			break;

-			case 2:

-			c = ((unsigned long)*p++) << 8;

-			c |= *p++;

-			break;

-			case 1:

-			c = *p++;

-			break;

-			case 0:

-			i = UTF8_getc(p, buflen, &c);

-			if(i < 0) return -1;	/* Invalid UTF8String */

-			p += i;

-			break;

-			default:

-			return -1;	/* invalid width */

-		}

-		if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;

-		if(type & BUF_TYPE_CONVUTF8) {

-			unsigned char utfbuf[6];

-			int utflen;

-			utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);

-			for(i = 0; i < utflen; i++) {

-				/* We don't need to worry about setting orflags correctly

-				 * because if utflen==1 its value will be correct anyway

-				 * otherwise each character will be > 0x7f and so the

-				 * character will never be escaped on first and last.

-				 */

-				len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);

-				if(len < 0) return -1;

-				outlen += len;

-			}

-		} else {

-			len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);

-			if(len < 0) return -1;

-			outlen += len;

-		}

-	}

-	return outlen;

-}

-/* This function hex dumps a buffer of characters */

-static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)

-{

-	static const char hexdig[] = "0123456789ABCDEF";

-	unsigned char *p, *q;

-	char hextmp[2];

-	if(arg) {

-		p = buf;

-		q = buf + buflen;

-		while(p != q) {

-			hextmp[0] = hexdig[*p >> 4];

-			hextmp[1] = hexdig[*p & 0xf];

-			if(!io_ch(arg, hextmp, 2)) return -1;

-			p++;

-		}

-	}

-	return buflen << 1;

-}

-/* "dump" a string. This is done when the type is unknown,

- * or the flags request it. We can either dump the content

- * octets or the entire DER encoding. This uses the RFC2253

- * #01234 format.

- */

-static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)

-{

-	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows

-	 * the DER encoding to readily obtained

-	 */

-	ASN1_TYPE t;

-	unsigned char *der_buf, *p;

-	int outlen, der_len;

-	if(!io_ch(arg, "#", 1)) return -1;

-	/* If we don't dump DER encoding just dump content octets */

-	if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {

-		outlen = do_hex_dump(io_ch, arg, str->data, str->length);

-		if(outlen < 0) return -1;

-		return outlen + 1;

-	}

-	t.type = str->type;

-	t.value.ptr = (char *)str;

-	der_len = i2d_ASN1_TYPE(&t, NULL);

-	der_buf = OPENSSL_malloc(der_len);

-	if(!der_buf) return -1;

-	p = der_buf;

-	i2d_ASN1_TYPE(&t, &p);

-	outlen = do_hex_dump(io_ch, arg, der_buf, der_len);

-	OPENSSL_free(der_buf);

-	if(outlen < 0) return -1;

-	return outlen + 1;

-}

-/* Lookup table to convert tags to character widths,

- * 0 = UTF8 encoded, -1 is used for non string types

- * otherwise it is the number of bytes per character

- */

-static const signed char tag2nbyte[] = {

-	-1, -1, -1, -1, -1,	/* 0-4 */

-	-1, -1, -1, -1, -1,	/* 5-9 */

-	-1, -1, 0, -1,		/* 10-13 */

-	-1, -1, -1, -1,		/* 15-17 */

-	-1, 1, 1,		/* 18-20 */

-	-1, 1, 1, 1,		/* 21-24 */

-	-1, 1, -1,		/* 25-27 */

-	4, -1, 2		/* 28-30 */

-};

-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \

-		  ASN1_STRFLGS_ESC_QUOTE | \

-		  ASN1_STRFLGS_ESC_CTRL | \

-		  ASN1_STRFLGS_ESC_MSB)

-/* This is the main function, print out an

- * ASN1_STRING taking note of various escape

- * and display options. Returns number of

- * characters written or -1 if an error

- * occurred.

- */

-static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)

-{

-	int outlen, len;

-	int type;

-	char quotes;

-	unsigned char flags;

-	quotes = 0;

-	/* Keep a copy of escape flags */

-	flags = (unsigned char)(lflags & ESC_FLAGS);

-	type = str->type;

-	outlen = 0;

-	if(lflags & ASN1_STRFLGS_SHOW_TYPE) {

-		const char *tagname;

-		tagname = ASN1_tag2str(type);

-		outlen += strlen(tagname);

-		if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1;

-		outlen++;

-	}

-	/* Decide what to do with type, either dump content or display it */

-	/* Dump everything */

-	if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;

-	/* Ignore the string type */

-	else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;

-	else {

-		/* Else determine width based on type */

-		if((type > 0) && (type < 31)) type = tag2nbyte[type];

-		else type = -1;

-		if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;

-	}

-	if(type == -1) {

-		len = do_dump(lflags, io_ch, arg, str);

-		if(len < 0) return -1;

-		outlen += len;

-		return outlen;

-	}

-	if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {

-		/* Note: if string is UTF8 and we want

-		 * to convert to UTF8 then we just interpret

-		 * it as 1 byte per character to avoid converting

-		 * twice.

-		 */

-		if(!type) type = 1;

-		else type |= BUF_TYPE_CONVUTF8;

-	}

-	len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);

-	if(len < 0) return -1;

-	outlen += len;

-	if(quotes) outlen += 2;

-	if(!arg) return outlen;

-	if(quotes && !io_ch(arg, "\"", 1)) return -1;

-	if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)

-		return -1;

-	if(quotes && !io_ch(arg, "\"", 1)) return -1;

-	return outlen;

-}

-/* Used for line indenting: print 'indent' spaces */

-static int do_indent(char_io *io_ch, void *arg, int indent)

-{

-	int i;

-	for(i = 0; i < indent; i++)

-			if(!io_ch(arg, " ", 1)) return 0;

-	return 1;

-}

-#define FN_WIDTH_LN	25

-#define FN_WIDTH_SN	10

-static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,

-				int indent, unsigned long flags)

-{

-	int i, prev = -1, orflags, cnt;

-	int fn_opt, fn_nid;

-	ASN1_OBJECT *fn;

-	ASN1_STRING *val;

-	X509_NAME_ENTRY *ent;

-	char objtmp[80];

-	const char *objbuf;

-	int outlen, len;

-	char *sep_dn, *sep_mv, *sep_eq;

-	int sep_dn_len, sep_mv_len, sep_eq_len;

-	if(indent < 0) indent = 0;

-	outlen = indent;

-	if(!do_indent(io_ch, arg, indent)) return -1;

-	switch (flags & XN_FLAG_SEP_MASK)

-	{

-		case XN_FLAG_SEP_MULTILINE:

-		sep_dn = "\n";

-		sep_dn_len = 1;

-		sep_mv = " + ";

-		sep_mv_len = 3;

-		break;

-		case XN_FLAG_SEP_COMMA_PLUS:

-		sep_dn = ",";

-		sep_dn_len = 1;

-		sep_mv = "+";

-		sep_mv_len = 1;

-		indent = 0;

-		break;

-		case XN_FLAG_SEP_CPLUS_SPC:

-		sep_dn = ", ";

-		sep_dn_len = 2;

-		sep_mv = " + ";

-		sep_mv_len = 3;

-		indent = 0;

-		break;

-		case XN_FLAG_SEP_SPLUS_SPC:

-		sep_dn = "; ";

-		sep_dn_len = 2;

-		sep_mv = " + ";

-		sep_mv_len = 3;

-		indent = 0;

-		break;

-		default:

-		return -1;

-	}

-	if(flags & XN_FLAG_SPC_EQ) {

-		sep_eq = " = ";

-		sep_eq_len = 3;

-	} else {

-		sep_eq = "=";

-		sep_eq_len = 1;

-	}

-	fn_opt = flags & XN_FLAG_FN_MASK;

-	cnt = X509_NAME_entry_count(n);

-	for(i = 0; i < cnt; i++) {

-		if(flags & XN_FLAG_DN_REV)

-				ent = X509_NAME_get_entry(n, cnt - i - 1);

-		else ent = X509_NAME_get_entry(n, i);

-		if(prev != -1) {

-			if(prev == ent->set) {

-				if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;

-				outlen += sep_mv_len;

-			} else {

-				if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;

-				outlen += sep_dn_len;

-				if(!do_indent(io_ch, arg, indent)) return -1;

-				outlen += indent;

-			}

-		}

-		prev = ent->set;

-		fn = X509_NAME_ENTRY_get_object(ent);

-		val = X509_NAME_ENTRY_get_data(ent);

-		fn_nid = OBJ_obj2nid(fn);

-		if(fn_opt != XN_FLAG_FN_NONE) {

-			int objlen, fld_len;

-			if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {

-				OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);

-				fld_len = 0; /* XXX: what should this be? */

-				objbuf = objtmp;

-			} else {

-				if(fn_opt == XN_FLAG_FN_SN) {

-					fld_len = FN_WIDTH_SN;

-					objbuf = OBJ_nid2sn(fn_nid);

-				} else if(fn_opt == XN_FLAG_FN_LN) {

-					fld_len = FN_WIDTH_LN;

-					objbuf = OBJ_nid2ln(fn_nid);

-				} else {

-					fld_len = 0; /* XXX: what should this be? */

-					objbuf = "";

-				}

-			}

-			objlen = strlen(objbuf);

-			if(!io_ch(arg, objbuf, objlen)) return -1;

-			if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {

-				if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;

-				outlen += fld_len - objlen;

-			}

-			if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;

-			outlen += objlen + sep_eq_len;

-		}

-		/* If the field name is unknown then fix up the DER dump

-		 * flag. We might want to limit this further so it will

- 		 * DER dump on anything other than a few 'standard' fields.

-		 */

-		if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))

-					orflags = ASN1_STRFLGS_DUMP_ALL;

-		else orflags = 0;

-		len = do_print_ex(io_ch, arg, flags | orflags, val);

-		if(len < 0) return -1;

-		outlen += len;

-	}

-	return outlen;

-}

-/* Wrappers round the main functions */

-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)

-{

-	if(flags == XN_FLAG_COMPAT)

-		return X509_NAME_print(out, nm, indent);

-	return do_name_ex(send_bio_chars, out, nm, indent, flags);

-}

-#ifndef OPENSSL_NO_FP_API

-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)

-{

-	if(flags == XN_FLAG_COMPAT)

-		{

-		BIO *btmp;

-		int ret;

-		btmp = BIO_new_fp(fp, BIO_NOCLOSE);

-		if(!btmp) return -1;

-		ret = X509_NAME_print(btmp, nm, indent);

-		BIO_free(btmp);

-		return ret;

-		}

-	return do_name_ex(send_fp_chars, fp, nm, indent, flags);

-}

-#endif

-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)

-{

-	return do_print_ex(send_bio_chars, out, flags, str);

-}

-#ifndef OPENSSL_NO_FP_API

-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)

-{

-	return do_print_ex(send_fp_chars, fp, flags, str);

-}

-#endif

-/* Utility function: convert any string type to UTF8, returns number of bytes

- * in output string or a negative error code

- */

-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)

-{

-	ASN1_STRING stmp, *str = &stmp;

-	int mbflag, type, ret;

-	if(!in) return -1;

-	type = in->type;

-	if((type < 0) || (type > 30)) return -1;

-	mbflag = tag2nbyte[type];

-	if(mbflag == -1) return -1;

-	mbflag |= MBSTRING_FLAG;

-	stmp.data = NULL;

-	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);

-	if(ret < 0) return ret;

-	*out = stmp.data;

-	return stmp.length;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_strnid.c

+++ /dev/null

@@ -1,290 +1,0 @@

-/* a_strnid.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;

-static void st_free(ASN1_STRING_TABLE *tbl);

-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,

-			const ASN1_STRING_TABLE * const *b);

-static int table_cmp(const void *a, const void *b);

-/* This is the global mask for the mbstring functions: this is use to

- * mask out certain types (such as BMPString and UTF8String) because

- * certain software (e.g. Netscape) has problems with them.

- */

-static unsigned long global_mask = 0xFFFFFFFFL;

-void ASN1_STRING_set_default_mask(unsigned long mask)

-{

-	global_mask = mask;

-}

-unsigned long ASN1_STRING_get_default_mask(void)

-{

-	return global_mask;

-}

-/* This function sets the default to various "flavours" of configuration.

- * based on an ASCII string. Currently this is:

- * MASK:XXXX : a numerical mask value.

- * nobmp : Don't use BMPStrings (just Printable, T61).

- * pkix : PKIX recommendation in RFC2459.

- * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).

- * default:   the default value, Printable, T61, BMP.

- */

-int ASN1_STRING_set_default_mask_asc(char *p)

-{

-	unsigned long mask;

-	char *end;

-	if(!strncmp(p, "MASK:", 5)) {

-		if(!p[5]) return 0;

-		mask = strtoul(p + 5, &end, 0);

-		if(*end) return 0;

-	} else if(!strcmp(p, "nombstr"))

-			 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));

-	else if(!strcmp(p, "pkix"))

-			mask = ~((unsigned long)B_ASN1_T61STRING);

-	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;

-	else if(!strcmp(p, "default"))

-	    mask = 0xFFFFFFFFL;

-	else return 0;

-	ASN1_STRING_set_default_mask(mask);

-	return 1;

-}

-/* The following function generates an ASN1_STRING based on limits in a table.

- * Frequently the types and length of an ASN1_STRING are restricted by a

- * corresponding OID. For example certificates and certificate requests.

- */

-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,

-					int inlen, int inform, int nid)

-{

-	ASN1_STRING_TABLE *tbl;

-	ASN1_STRING *str = NULL;

-	unsigned long mask;

-	int ret;

-	if(!out) out = &str;

-	tbl = ASN1_STRING_TABLE_get(nid);

-	if(tbl) {

-		mask = tbl->mask;

-		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;

-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,

-					tbl->minsize, tbl->maxsize);

-	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);

-	if(ret <= 0) return NULL;

-	return *out;

-}

-/* Now the tables and helper functions for the string table:

- */

-/* size limits: this stuff is taken straight from RFC3280 */

-#define ub_name				32768

-#define ub_common_name			64

-#define ub_locality_name		128

-#define ub_state_name			128

-#define ub_organization_name		64

-#define ub_organization_unit_name	64

-#define ub_title			64

-#define ub_email_address		128

-#define ub_serial_number		64

-/* This table must be kept in NID order */

-static ASN1_STRING_TABLE tbl_standard[] = {

-{NID_commonName,		1, ub_common_name, DIRSTRING_TYPE, 0},

-{NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},

-{NID_localityName,		1, ub_locality_name, DIRSTRING_TYPE, 0},

-{NID_stateOrProvinceName,	1, ub_state_name, DIRSTRING_TYPE, 0},

-{NID_organizationName,		1, ub_organization_name, DIRSTRING_TYPE, 0},

-{NID_organizationalUnitName,	1, ub_organization_unit_name, DIRSTRING_TYPE, 0},

-{NID_pkcs9_emailAddress,	1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},

-{NID_pkcs9_unstructuredName,	1, -1, PKCS9STRING_TYPE, 0},

-{NID_pkcs9_challengePassword,	1, -1, PKCS9STRING_TYPE, 0},

-{NID_pkcs9_unstructuredAddress,	1, -1, DIRSTRING_TYPE, 0},

-{NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},

-{NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},

-{NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},

-{NID_serialNumber,		1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},

-{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},

-{NID_name,			1, ub_name, DIRSTRING_TYPE, 0},

-{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},

-{NID_domainComponent,		1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},

-{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}

-};

-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,

-			const ASN1_STRING_TABLE * const *b)

-{

-	return (*a)->nid - (*b)->nid;

-}

-static int table_cmp(const void *a, const void *b)

-{

-	const ASN1_STRING_TABLE *sa = a, *sb = b;

-	return sa->nid - sb->nid;

-}

-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)

-{

-	int idx;

-	ASN1_STRING_TABLE *ttmp;

-	ASN1_STRING_TABLE fnd;

-	fnd.nid = nid;

-	ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,

-					(char *)tbl_standard,

-			sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),

-			sizeof(ASN1_STRING_TABLE), table_cmp);

-	if(ttmp) return ttmp;

-	if(!stable) return NULL;

-	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);

-	if(idx < 0) return NULL;

-	return sk_ASN1_STRING_TABLE_value(stable, idx);

-}

-int ASN1_STRING_TABLE_add(int nid,

-		 long minsize, long maxsize, unsigned long mask,

-				unsigned long flags)

-{

-	ASN1_STRING_TABLE *tmp;

-	char new_nid = 0;

-	flags &= ~STABLE_FLAGS_MALLOC;

-	if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);

-	if(!stable) {

-		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	if(!(tmp = ASN1_STRING_TABLE_get(nid))) {

-		tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));

-		if(!tmp) {

-			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,

-							ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		tmp->flags = flags | STABLE_FLAGS_MALLOC;

-		tmp->nid = nid;

-		new_nid = 1;

-	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;

-	if(minsize != -1) tmp->minsize = minsize;

-	if(maxsize != -1) tmp->maxsize = maxsize;

-	tmp->mask = mask;

-	if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);

-	return 1;

-}

-void ASN1_STRING_TABLE_cleanup(void)

-{

-	STACK_OF(ASN1_STRING_TABLE) *tmp;

-	tmp = stable;

-	if(!tmp) return;

-	stable = NULL;

-	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);

-}

-static void st_free(ASN1_STRING_TABLE *tbl)

-{

-	if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);

-}

-IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)

-#ifdef STRING_TABLE_TEST

-main()

-{

-	ASN1_STRING_TABLE *tmp;

-	int i, last_nid = -1;

-	for (tmp = tbl_standard, i = 0;

-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)

-		{

-			if (tmp->nid < last_nid)

-				{

-				last_nid = 0;

-				break;

-				}

-			last_nid = tmp->nid;

-		}

-	if (last_nid != 0)

-		{

-		printf("Table order OK\n");

-		exit(0);

-		}

-	for (tmp = tbl_standard, i = 0;

-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)

-			printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,

-							OBJ_nid2ln(tmp->nid));

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_time.c

+++ /dev/null

@@ -1,164 +1,0 @@

-/* crypto/asn1/a_time.c */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* This is an implementation of the ASN1 Time structure which is:

- *    Time ::= CHOICE {

- *      utcTime        UTCTime,

- *      generalTime    GeneralizedTime }

- * written by Steve Henson.

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include "o_time.h"

-#include <openssl/asn1t.h>

-IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)

-#if 0

-int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)

-	{

-#ifdef CHARSET_EBCDIC

-	/* KLUDGE! We convert to ascii before writing DER */

-	char tmp[24];

-	ASN1_STRING tmpstr;

-	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {

-	    int len;

-	    tmpstr = *(ASN1_STRING *)a;

-	    len = tmpstr.length;

-	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);

-	    tmpstr.data = tmp;

-	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;

-	}

-#endif

-	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)

-				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,

-				     a->type ,V_ASN1_UNIVERSAL));

-	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);

-	return -1;

-	}

-#endif

-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)

-	{

-	struct tm *ts;

-	struct tm data;

-	ts=OPENSSL_gmtime(&t,&data);

-	if (ts == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);

-		return NULL;

-		}

-	if((ts->tm_year >= 50) && (ts->tm_year < 150))

-					return ASN1_UTCTIME_set(s, t);

-	return ASN1_GENERALIZEDTIME_set(s,t);

-	}

-int ASN1_TIME_check(ASN1_TIME *t)

-	{

-	if (t->type == V_ASN1_GENERALIZEDTIME)

-		return ASN1_GENERALIZEDTIME_check(t);

-	else if (t->type == V_ASN1_UTCTIME)

-		return ASN1_UTCTIME_check(t);

-	return 0;

-	}

-/* Convert an ASN1_TIME structure to GeneralizedTime */

-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)

-	{

-	ASN1_GENERALIZEDTIME *ret;

-	char *str;

-	int newlen;

-	if (!ASN1_TIME_check(t)) return NULL;

-	if (!out || !*out)

-		{

-		if (!(ret = ASN1_GENERALIZEDTIME_new ()))

-			return NULL;

-		if (out) *out = ret;

-		}

-	else ret = *out;

-	/* If already GeneralizedTime just copy across */

-	if (t->type == V_ASN1_GENERALIZEDTIME)

-		{

-		if(!ASN1_STRING_set(ret, t->data, t->length))

-			return NULL;

-		return ret;

-		}

-	/* grow the string */

-	if (!ASN1_STRING_set(ret, NULL, t->length + 2))

-		return NULL;

-	/* ASN1_STRING_set() allocated 'len + 1' bytes. */

-	newlen = t->length + 2 + 1;

-	str = (char *)ret->data;

-	/* Work out the century and prepend */

-	if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);

-	else BUF_strlcpy(str, "20", newlen);

-	BUF_strlcat(str, (char *)t->data, newlen);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_type.c

+++ /dev/null

@@ -1,84 +1,0 @@

-/* crypto/asn1/a_type.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-int ASN1_TYPE_get(ASN1_TYPE *a)

-	{

-	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))

-		return(a->type);

-	else

-		return(0);

-	}

-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)

-	{

-	if (a->value.ptr != NULL)

-		{

-		ASN1_TYPE **tmp_a = &a;

-		ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);

-		}

-	a->type=type;

-	a->value.ptr=value;

-	}

-IMPLEMENT_STACK_OF(ASN1_TYPE)

-IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_utctm.c

+++ /dev/null

@@ -1,303 +1,0 @@

-/* crypto/asn1/a_utctm.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include "o_time.h"

-#include <openssl/asn1.h>

-#if 0

-int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)

-	{

-#ifndef CHARSET_EBCDIC

-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,

-		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));

-#else

-	/* KLUDGE! We convert to ascii before writing DER */

-	int len;

-	char tmp[24];

-	ASN1_STRING x = *(ASN1_STRING *)a;

-	len = x.length;

-	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);

-	x.data = tmp;

-	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);

-#endif

-	}

-ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,

-	     long length)

-	{

-	ASN1_UTCTIME *ret=NULL;

-	ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,

-		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);

-		return(NULL);

-		}

-#ifdef CHARSET_EBCDIC

-	ascii2ebcdic(ret->data, ret->data, ret->length);

-#endif

-	if (!ASN1_UTCTIME_check(ret))

-		{

-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);

-		goto err;

-		}

-	return(ret);

-err:

-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))

-		M_ASN1_UTCTIME_free(ret);

-	return(NULL);

-	}

-#endif

-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)

-	{

-	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};

-	static int max[8]={99,12,31,23,59,59,12,59};

-	char *a;

-	int n,i,l,o;

-	if (d->type != V_ASN1_UTCTIME) return(0);

-	l=d->length;

-	a=(char *)d->data;

-	o=0;

-	if (l < 11) goto err;

-	for (i=0; i<6; i++)

-		{

-		if ((i == 5) && ((a[o] == 'Z') ||

-			(a[o] == '+') || (a[o] == '-')))

-			{ i++; break; }

-		if ((a[o] < '0') || (a[o] > '9')) goto err;

-		n= a[o]-'0';

-		if (++o > l) goto err;

-		if ((a[o] < '0') || (a[o] > '9')) goto err;

-		n=(n*10)+ a[o]-'0';

-		if (++o > l) goto err;

-		if ((n < min[i]) || (n > max[i])) goto err;

-		}

-	if (a[o] == 'Z')

-		o++;

-	else if ((a[o] == '+') || (a[o] == '-'))

-		{

-		o++;

-		if (o+4 > l) goto err;

-		for (i=6; i<8; i++)

-			{

-			if ((a[o] < '0') || (a[o] > '9')) goto err;

-			n= a[o]-'0';

-			o++;

-			if ((a[o] < '0') || (a[o] > '9')) goto err;

-			n=(n*10)+ a[o]-'0';

-			if ((n < min[i]) || (n > max[i])) goto err;

-			o++;

-			}

-		}

-	return(o == l);

-err:

-	return(0);

-	}

-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)

-	{

-	ASN1_UTCTIME t;

-	t.type=V_ASN1_UTCTIME;

-	t.length=strlen(str);

-	t.data=(unsigned char *)str;

-	if (ASN1_UTCTIME_check(&t))

-		{

-		if (s != NULL)

-			{

-			if (!ASN1_STRING_set((ASN1_STRING *)s,

-				(unsigned char *)str,t.length))

-				return 0;

-			s->type = V_ASN1_UTCTIME;

-			}

-		return(1);

-		}

-	else

-		return(0);

-	}

-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)

-	{

-	char *p;

-	struct tm *ts;

-	struct tm data;

-	size_t len = 20;

-	if (s == NULL)

-		s=M_ASN1_UTCTIME_new();

-	if (s == NULL)

-		return(NULL);

-	ts=OPENSSL_gmtime(&t, &data);

-	if (ts == NULL)

-		return(NULL);

-	p=(char *)s->data;

-	if ((p == NULL) || ((size_t)s->length < len))

-		{

-		p=OPENSSL_malloc(len);

-		if (p == NULL)

-			{

-			ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		if (s->data != NULL)

-			OPENSSL_free(s->data);

-		s->data=(unsigned char *)p;

-		}

-	BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,

-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);

-	s->length=strlen(p);

-	s->type=V_ASN1_UTCTIME;

-#ifdef CHARSET_EBCDIC_not

-	ebcdic2ascii(s->data, s->data, s->length);

-#endif

-	return(s);

-	}

-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

-	{

-	struct tm *tm;

-	struct tm data;

-	int offset;

-	int year;

-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')

-	if (s->data[12] == 'Z')

-		offset=0;

-	else

-		{

-		offset = g2(s->data+13)*60+g2(s->data+15);

-		if (s->data[12] == '-')

-			offset = -offset;

-		}

-	t -= offset*60; /* FIXME: may overflow in extreme cases */

-	tm = OPENSSL_gmtime(&t, &data);

-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1

-	year = g2(s->data);

-	if (year < 50)

-		year += 100;

-	return_cmp(year,              tm->tm_year);

-	return_cmp(g2(s->data+2) - 1, tm->tm_mon);

-	return_cmp(g2(s->data+4),     tm->tm_mday);

-	return_cmp(g2(s->data+6),     tm->tm_hour);

-	return_cmp(g2(s->data+8),     tm->tm_min);

-	return_cmp(g2(s->data+10),    tm->tm_sec);

-#undef g2

-#undef return_cmp

-	return 0;

-	}

-#if 0

-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)

-	{

-	struct tm tm;

-	int offset;

-	memset(&tm,'\0',sizeof tm);

-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')

-	tm.tm_year=g2(s->data);

-	if(tm.tm_year < 50)

-		tm.tm_year+=100;

-	tm.tm_mon=g2(s->data+2)-1;

-	tm.tm_mday=g2(s->data+4);

-	tm.tm_hour=g2(s->data+6);

-	tm.tm_min=g2(s->data+8);

-	tm.tm_sec=g2(s->data+10);

-	if(s->data[12] == 'Z')

-		offset=0;

-	else

-		{

-		offset=g2(s->data+13)*60+g2(s->data+15);

-		if(s->data[12] == '-')

-			offset= -offset;

-		}

-#undef g2

-	return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone

-	                               * instead of UTC, and unless we rewrite OpenSSL

-				       * in Lisp we cannot locally change the timezone

-				       * without possibly interfering with other parts

-	                               * of the program. timegm, which uses UTC, is

-				       * non-standard.

-	                               * Also time_t is inappropriate for general

-	                               * UTC times because it may a 32 bit type. */

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_utf8.c

+++ /dev/null

@@ -1,211 +1,0 @@

-/* crypto/asn1/a_utf8.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-/* UTF8 utilities */

-/* This parses a UTF8 string one character at a time. It is passed a pointer

- * to the string and the length of the string. It sets 'value' to the value of

- * the current character. It returns the number of characters read or a

- * negative error code:

- * -1 = string too short

- * -2 = illegal character

- * -3 = subsequent characters not of the form 10xxxxxx

- * -4 = character encoded incorrectly (not minimal length).

- */

-int UTF8_getc(const unsigned char *str, int len, unsigned long *val)

-{

-	const unsigned char *p;

-	unsigned long value;

-	int ret;

-	if(len <= 0) return 0;

-	p = str;

-	/* Check syntax and work out the encoded value (if correct) */

-	if((*p & 0x80) == 0) {

-		value = *p++ & 0x7f;

-		ret = 1;

-	} else if((*p & 0xe0) == 0xc0) {

-		if(len < 2) return -1;

-		if((p[1] & 0xc0) != 0x80) return -3;

-		value = (*p++ & 0x1f) << 6;

-		value |= *p++ & 0x3f;

-		if(value < 0x80) return -4;

-		ret = 2;

-	} else if((*p & 0xf0) == 0xe0) {

-		if(len < 3) return -1;

-		if( ((p[1] & 0xc0) != 0x80)

-		   || ((p[2] & 0xc0) != 0x80) ) return -3;

-		value = (*p++ & 0xf) << 12;

-		value |= (*p++ & 0x3f) << 6;

-		value |= *p++ & 0x3f;

-		if(value < 0x800) return -4;

-		ret = 3;

-	} else if((*p & 0xf8) == 0xf0) {

-		if(len < 4) return -1;

-		if( ((p[1] & 0xc0) != 0x80)

-		   || ((p[2] & 0xc0) != 0x80)

-		   || ((p[3] & 0xc0) != 0x80) ) return -3;

-		value = ((unsigned long)(*p++ & 0x7)) << 18;

-		value |= (*p++ & 0x3f) << 12;

-		value |= (*p++ & 0x3f) << 6;

-		value |= *p++ & 0x3f;

-		if(value < 0x10000) return -4;

-		ret = 4;

-	} else if((*p & 0xfc) == 0xf8) {

-		if(len < 5) return -1;

-		if( ((p[1] & 0xc0) != 0x80)

-		   || ((p[2] & 0xc0) != 0x80)

-		   || ((p[3] & 0xc0) != 0x80)

-		   || ((p[4] & 0xc0) != 0x80) ) return -3;

-		value = ((unsigned long)(*p++ & 0x3)) << 24;

-		value |= ((unsigned long)(*p++ & 0x3f)) << 18;

-		value |= ((unsigned long)(*p++ & 0x3f)) << 12;

-		value |= (*p++ & 0x3f) << 6;

-		value |= *p++ & 0x3f;

-		if(value < 0x200000) return -4;

-		ret = 5;

-	} else if((*p & 0xfe) == 0xfc) {

-		if(len < 6) return -1;

-		if( ((p[1] & 0xc0) != 0x80)

-		   || ((p[2] & 0xc0) != 0x80)

-		   || ((p[3] & 0xc0) != 0x80)

-		   || ((p[4] & 0xc0) != 0x80)

-		   || ((p[5] & 0xc0) != 0x80) ) return -3;

-		value = ((unsigned long)(*p++ & 0x1)) << 30;

-		value |= ((unsigned long)(*p++ & 0x3f)) << 24;

-		value |= ((unsigned long)(*p++ & 0x3f)) << 18;

-		value |= ((unsigned long)(*p++ & 0x3f)) << 12;

-		value |= (*p++ & 0x3f) << 6;

-		value |= *p++ & 0x3f;

-		if(value < 0x4000000) return -4;

-		ret = 6;

-	} else return -2;

-	*val = value;

-	return ret;

-}

-/* This takes a character 'value' and writes the UTF8 encoded value in

- * 'str' where 'str' is a buffer containing 'len' characters. Returns

- * the number of characters written or -1 if 'len' is too small. 'str' can

- * be set to NULL in which case it just returns the number of characters.

- * It will need at most 6 characters.

- */

-int UTF8_putc(unsigned char *str, int len, unsigned long value)

-{

-	if(!str) len = 6;	/* Maximum we will need */

-	else if(len <= 0) return -1;

-	if(value < 0x80) {

-		if(str) *str = (unsigned char)value;

-		return 1;

-	}

-	if(value < 0x800) {

-		if(len < 2) return -1;

-		if(str) {

-			*str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);

-			*str = (unsigned char)((value & 0x3f) | 0x80);

-		}

-		return 2;

-	}

-	if(value < 0x10000) {

-		if(len < 3) return -1;

-		if(str) {

-			*str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);

-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);

-			*str = (unsigned char)((value & 0x3f) | 0x80);

-		}

-		return 3;

-	}

-	if(value < 0x200000) {

-		if(len < 4) return -1;

-		if(str) {

-			*str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);

-			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);

-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);

-			*str = (unsigned char)((value & 0x3f) | 0x80);

-		}

-		return 4;

-	}

-	if(value < 0x4000000) {

-		if(len < 5) return -1;

-		if(str) {

-			*str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);

-			*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);

-			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);

-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);

-			*str = (unsigned char)((value & 0x3f) | 0x80);

-		}

-		return 5;

-	}

-	if(len < 6) return -1;

-	if(str) {

-		*str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);

-		*str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);

-		*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);

-		*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);

-		*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);

-		*str = (unsigned char)((value & 0x3f) | 0x80);

-	}

-	return 6;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/a_verify.c

+++ /dev/null

@@ -1,181 +1,0 @@

-/* crypto/asn1/a_verify.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#ifndef NO_SYS_TYPES_H

-# include <sys/types.h>

-#endif

-#include <openssl/bn.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-#ifndef NO_ASN1_OLD

-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,

-		char *data, EVP_PKEY *pkey)

-	{

-	EVP_MD_CTX ctx;

-	const EVP_MD *type;

-	unsigned char *p,*buf_in=NULL;

-	int ret= -1,i,inl;

-	EVP_MD_CTX_init(&ctx);

-	i=OBJ_obj2nid(a->algorithm);

-	type=EVP_get_digestbyname(OBJ_nid2sn(i));

-	if (type == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);

-		goto err;

-		}

-	inl=i2d(data,NULL);

-	buf_in=OPENSSL_malloc((unsigned int)inl);

-	if (buf_in == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	p=buf_in;

-	i2d(data,&p);

-	EVP_VerifyInit_ex(&ctx,type, NULL);

-	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);

-	OPENSSL_cleanse(buf_in,(unsigned int)inl);

-	OPENSSL_free(buf_in);

-	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,

-			(unsigned int)signature->length,pkey) <= 0)

-		{

-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);

-		ret=0;

-		goto err;

-		}

-	/* we don't need to zero the 'ctx' because we just checked

-	 * public information */

-	/* memset(&ctx,0,sizeof(ctx)); */

-	ret=1;

-err:

-	EVP_MD_CTX_cleanup(&ctx);

-	return(ret);

-	}

-#endif

-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,

-	     void *asn, EVP_PKEY *pkey)

-	{

-	EVP_MD_CTX ctx;

-	const EVP_MD *type;

-	unsigned char *buf_in=NULL;

-	int ret= -1,i,inl;

-	EVP_MD_CTX_init(&ctx);

-	i=OBJ_obj2nid(a->algorithm);

-	type=EVP_get_digestbyname(OBJ_nid2sn(i));

-	if (type == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);

-		goto err;

-		}

-	if (!EVP_VerifyInit_ex(&ctx,type, NULL))

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);

-		ret=0;

-		goto err;

-		}

-	inl = ASN1_item_i2d(asn, &buf_in, it);

-	if (buf_in == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);

-	OPENSSL_cleanse(buf_in,(unsigned int)inl);

-	OPENSSL_free(buf_in);

-	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,

-			(unsigned int)signature->length,pkey) <= 0)

-		{

-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);

-		ret=0;

-		goto err;

-		}

-	/* we don't need to zero the 'ctx' because we just checked

-	 * public information */

-	/* memset(&ctx,0,sizeof(ctx)); */

-	ret=1;

-err:

-	EVP_MD_CTX_cleanup(&ctx);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1.h

+++ /dev/null

@@ -1,1278 +1,0 @@

-/* crypto/asn1/asn1.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ASN1_H

-#define HEADER_ASN1_H

-#include <time.h>

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/safestack.h>

-#include <openssl/symhacks.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define V_ASN1_UNIVERSAL		0x00

-#define	V_ASN1_APPLICATION		0x40

-#define V_ASN1_CONTEXT_SPECIFIC		0x80

-#define V_ASN1_PRIVATE			0xc0

-#define V_ASN1_CONSTRUCTED		0x20

-#define V_ASN1_PRIMITIVE_TAG		0x1f

-#define V_ASN1_PRIMATIVE_TAG		0x1f

-#define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */

-#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */

-#define V_ASN1_ANY			-4	/* used in ASN1 template code */

-#define V_ASN1_NEG			0x100	/* negative flag */

-#define V_ASN1_UNDEF			-1

-#define V_ASN1_EOC			0

-#define V_ASN1_BOOLEAN			1	/**/

-#define V_ASN1_INTEGER			2

-#define V_ASN1_NEG_INTEGER		(2 | V_ASN1_NEG)

-#define V_ASN1_BIT_STRING		3

-#define V_ASN1_OCTET_STRING		4

-#define V_ASN1_NULL			5

-#define V_ASN1_OBJECT			6

-#define V_ASN1_OBJECT_DESCRIPTOR	7

-#define V_ASN1_EXTERNAL			8

-#define V_ASN1_REAL			9

-#define V_ASN1_ENUMERATED		10

-#define V_ASN1_NEG_ENUMERATED		(10 | V_ASN1_NEG)

-#define V_ASN1_UTF8STRING		12

-#define V_ASN1_SEQUENCE			16

-#define V_ASN1_SET			17

-#define V_ASN1_NUMERICSTRING		18	/**/

-#define V_ASN1_PRINTABLESTRING		19

-#define V_ASN1_T61STRING		20

-#define V_ASN1_TELETEXSTRING		20	/* alias */

-#define V_ASN1_VIDEOTEXSTRING		21	/**/

-#define V_ASN1_IA5STRING		22

-#define V_ASN1_UTCTIME			23

-#define V_ASN1_GENERALIZEDTIME		24	/**/

-#define V_ASN1_GRAPHICSTRING		25	/**/

-#define V_ASN1_ISO64STRING		26	/**/

-#define V_ASN1_VISIBLESTRING		26	/* alias */

-#define V_ASN1_GENERALSTRING		27	/**/

-#define V_ASN1_UNIVERSALSTRING		28	/**/

-#define V_ASN1_BMPSTRING		30

-/* For use with d2i_ASN1_type_bytes() */

-#define B_ASN1_NUMERICSTRING	0x0001

-#define B_ASN1_PRINTABLESTRING	0x0002

-#define B_ASN1_T61STRING	0x0004

-#define B_ASN1_TELETEXSTRING	0x0004

-#define B_ASN1_VIDEOTEXSTRING	0x0008

-#define B_ASN1_IA5STRING	0x0010

-#define B_ASN1_GRAPHICSTRING	0x0020

-#define B_ASN1_ISO64STRING	0x0040

-#define B_ASN1_VISIBLESTRING	0x0040

-#define B_ASN1_GENERALSTRING	0x0080

-#define B_ASN1_UNIVERSALSTRING	0x0100

-#define B_ASN1_OCTET_STRING	0x0200

-#define B_ASN1_BIT_STRING	0x0400

-#define B_ASN1_BMPSTRING	0x0800

-#define B_ASN1_UNKNOWN		0x1000

-#define B_ASN1_UTF8STRING	0x2000

-#define B_ASN1_UTCTIME		0x4000

-#define B_ASN1_GENERALIZEDTIME	0x8000

-#define B_ASN1_SEQUENCE		0x10000

-/* For use with ASN1_mbstring_copy() */

-#define MBSTRING_FLAG		0x1000

-#define MBSTRING_UTF8		(MBSTRING_FLAG)

-#define MBSTRING_ASC		(MBSTRING_FLAG|1)

-#define MBSTRING_BMP		(MBSTRING_FLAG|2)

-#define MBSTRING_UNIV		(MBSTRING_FLAG|4)

-struct X509_algor_st;

-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */

-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */

-/* We MUST make sure that, except for constness, asn1_ctx_st and

-   asn1_const_ctx are exactly the same.  Fortunately, as soon as

-   the old ASN1 parsing macros are gone, we can throw this away

-   as well... */

-typedef struct asn1_ctx_st

-	{

-	unsigned char *p;/* work char pointer */

-	int eos;	/* end of sequence read for indefinite encoding */

-	int error;	/* error code to use when returning an error */

-	int inf;	/* constructed if 0x20, indefinite is 0x21 */

-	int tag;	/* tag from last 'get object' */

-	int xclass;	/* class from last 'get object' */

-	long slen;	/* length of last 'get object' */

-	unsigned char *max; /* largest value of p allowed */

-	unsigned char *q;/* temporary variable */

-	unsigned char **pp;/* variable */

-	int line;	/* used in error processing */

-	} ASN1_CTX;

-typedef struct asn1_const_ctx_st

-	{

-	const unsigned char *p;/* work char pointer */

-	int eos;	/* end of sequence read for indefinite encoding */

-	int error;	/* error code to use when returning an error */

-	int inf;	/* constructed if 0x20, indefinite is 0x21 */

-	int tag;	/* tag from last 'get object' */

-	int xclass;	/* class from last 'get object' */

-	long slen;	/* length of last 'get object' */

-	const unsigned char *max; /* largest value of p allowed */

-	const unsigned char *q;/* temporary variable */

-	const unsigned char **pp;/* variable */

-	int line;	/* used in error processing */

-	} ASN1_const_CTX;

-/* These are used internally in the ASN1_OBJECT to keep track of

- * whether the names and data need to be free()ed */

-#define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */

-#define ASN1_OBJECT_FLAG_CRITICAL	 0x02	/* critical x509v3 object id */

-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04	/* internal use */

-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */

-typedef struct asn1_object_st

-	{

-	const char *sn,*ln;

-	int nid;

-	int length;

-	unsigned char *data;

-	int flags;	/* Should we free this one */

-	} ASN1_OBJECT;

-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */

-/* This indicates that the ASN1_STRING is not a real value but just a place

- * holder for the location where indefinite length constructed data should

- * be inserted in the memory buffer

- */

-#define ASN1_STRING_FLAG_NDEF 0x010

-/* This is the base type that holds just about everything :-) */

-typedef struct asn1_string_st

-	{

-	int length;

-	int type;

-	unsigned char *data;

-	/* The value of the following field depends on the type being

-	 * held.  It is mostly being used for BIT_STRING so if the

-	 * input data has a non-zero 'unused bits' value, it will be

-	 * handled correctly */

-	long flags;

-	} ASN1_STRING;

-/* ASN1_ENCODING structure: this is used to save the received

- * encoding of an ASN1 type. This is useful to get round

- * problems with invalid encodings which can break signatures.

- */

-typedef struct ASN1_ENCODING_st

-	{

-	unsigned char *enc;	/* DER encoding */

-	long len;		/* Length of encoding */

-	int modified;		 /* set to 1 if 'enc' is invalid */

-	} ASN1_ENCODING;

-/* Used with ASN1 LONG type: if a long is set to this it is omitted */

-#define ASN1_LONG_UNDEF	0x7fffffffL

-#define STABLE_FLAGS_MALLOC	0x01

-#define STABLE_NO_MASK		0x02

-#define DIRSTRING_TYPE	\

- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)

-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)

-typedef struct asn1_string_table_st {

-	int nid;

-	long minsize;

-	long maxsize;

-	unsigned long mask;

-	unsigned long flags;

-} ASN1_STRING_TABLE;

-DECLARE_STACK_OF(ASN1_STRING_TABLE)

-/* size limits: this stuff is taken straight from RFC2459 */

-#define ub_name				32768

-#define ub_common_name			64

-#define ub_locality_name		128

-#define ub_state_name			128

-#define ub_organization_name		64

-#define ub_organization_unit_name	64

-#define ub_title			64

-#define ub_email_address		128

-/* Declarations for template structures: for full definitions

- * see asn1t.h

- */

-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;

-typedef struct ASN1_ITEM_st ASN1_ITEM;

-typedef struct ASN1_TLC_st ASN1_TLC;

-/* This is just an opaque pointer */

-typedef struct ASN1_VALUE_st ASN1_VALUE;

-/* Declare ASN1 functions: the implement macro in in asn1t.h */

-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)

-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \

-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)

-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \

-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \

-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)

-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \

-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \

-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)

-#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \

-	type *d2i_##name(type **a, const unsigned char **in, long len); \

-	int i2d_##name(type *a, unsigned char **out); \

-	DECLARE_ASN1_ITEM(itname)

-#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \

-	type *d2i_##name(type **a, const unsigned char **in, long len); \

-	int i2d_##name(const type *a, unsigned char **out); \

-	DECLARE_ASN1_ITEM(name)

-#define	DECLARE_ASN1_NDEF_FUNCTION(name) \

-	int i2d_##name##_NDEF(name *a, unsigned char **out);

-#define DECLARE_ASN1_FUNCTIONS_const(name) \

-	name *name##_new(void); \

-	void name##_free(name *a);

-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \

-	type *name##_new(void); \

-	void name##_free(type *a);

-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)

-#define I2D_OF(type) int (*)(type *,unsigned char **)

-#define I2D_OF_const(type) int (*)(const type *,unsigned char **)

-#define CHECKED_D2I_OF(type, d2i) \

-    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))

-#define CHECKED_I2D_OF(type, i2d) \

-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))

-#define CHECKED_NEW_OF(type, xnew) \

-    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))

-#define CHECKED_PTR_OF(type, p) \

-    ((void*) (1 ? p : (type*)0))

-#define CHECKED_PPTR_OF(type, p) \

-    ((void**) (1 ? p : (type**)0))

-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)

-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)

-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)

-TYPEDEF_D2I2D_OF(void);

-/* The following macros and typedefs allow an ASN1_ITEM

- * to be embedded in a structure and referenced. Since

- * the ASN1_ITEM pointers need to be globally accessible

- * (possibly from shared libraries) they may exist in

- * different forms. On platforms that support it the

- * ASN1_ITEM structure itself will be globally exported.

- * Other platforms will export a function that returns

- * an ASN1_ITEM pointer.

- *

- * To handle both cases transparently the macros below

- * should be used instead of hard coding an ASN1_ITEM

- * pointer in a structure.

- *

- * The structure will look like this:

- *

- * typedef struct SOMETHING_st {

- *      ...

- *      ASN1_ITEM_EXP *iptr;

- *      ...

- * } SOMETHING;

- *

- * It would be initialised as e.g.:

- *

- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};

- *

- * and the actual pointer extracted with:

- *

- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);

- *

- * Finally an ASN1_ITEM pointer can be extracted from an

- * appropriate reference with: ASN1_ITEM_rptr(X509). This

- * would be used when a function takes an ASN1_ITEM * argument.

- *

- */

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-/* ASN1_ITEM pointer exported type */

-typedef const ASN1_ITEM ASN1_ITEM_EXP;

-/* Macro to obtain ASN1_ITEM pointer from exported type */

-#define ASN1_ITEM_ptr(iptr) (iptr)

-/* Macro to include ASN1_ITEM pointer from base type */

-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))

-#define ASN1_ITEM_rptr(ref) (&(ref##_it))

-#define DECLARE_ASN1_ITEM(name) \

-	OPENSSL_EXTERN const ASN1_ITEM name##_it;

-#else

-/* Platforms that can't easily handle shared global variables are declared

- * as functions returning ASN1_ITEM pointers.

- */

-/* ASN1_ITEM pointer exported type */

-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);

-/* Macro to obtain ASN1_ITEM pointer from exported type */

-#define ASN1_ITEM_ptr(iptr) (iptr())

-/* Macro to include ASN1_ITEM pointer from base type */

-#define ASN1_ITEM_ref(iptr) (iptr##_it)

-#define ASN1_ITEM_rptr(ref) (ref##_it())

-#define DECLARE_ASN1_ITEM(name) \

-	const ASN1_ITEM * name##_it(void);

-#endif

-/* Parameters used by ASN1_STRING_print_ex() */

-/* These determine which characters to escape:

- * RFC2253 special characters, control characters and

- * MSB set characters

- */

-#define ASN1_STRFLGS_ESC_2253		1

-#define ASN1_STRFLGS_ESC_CTRL		2

-#define ASN1_STRFLGS_ESC_MSB		4

-/* This flag determines how we do escaping: normally

- * RC2253 backslash only, set this to use backslash and

- * quote.

- */

-#define ASN1_STRFLGS_ESC_QUOTE		8

-/* These three flags are internal use only. */

-/* Character is a valid PrintableString character */

-#define CHARTYPE_PRINTABLESTRING	0x10

-/* Character needs escaping if it is the first character */

-#define CHARTYPE_FIRST_ESC_2253		0x20

-/* Character needs escaping if it is the last character */

-#define CHARTYPE_LAST_ESC_2253		0x40

-/* NB the internal flags are safely reused below by flags

- * handled at the top level.

- */

-/* If this is set we convert all character strings

- * to UTF8 first

- */

-#define ASN1_STRFLGS_UTF8_CONVERT	0x10

-/* If this is set we don't attempt to interpret content:

- * just assume all strings are 1 byte per character. This

- * will produce some pretty odd looking output!

- */

-#define ASN1_STRFLGS_IGNORE_TYPE	0x20

-/* If this is set we include the string type in the output */

-#define ASN1_STRFLGS_SHOW_TYPE		0x40

-/* This determines which strings to display and which to

- * 'dump' (hex dump of content octets or DER encoding). We can

- * only dump non character strings or everything. If we

- * don't dump 'unknown' they are interpreted as character

- * strings with 1 octet per character and are subject to

- * the usual escaping options.

- */

-#define ASN1_STRFLGS_DUMP_ALL		0x80

-#define ASN1_STRFLGS_DUMP_UNKNOWN	0x100

-/* These determine what 'dumping' does, we can dump the

- * content octets or the DER encoding: both use the

- * RFC2253 #XXXXX notation.

- */

-#define ASN1_STRFLGS_DUMP_DER		0x200

-/* All the string flags consistent with RFC2253,

- * escaping control characters isn't essential in

- * RFC2253 but it is advisable anyway.

- */

-#define ASN1_STRFLGS_RFC2253	(ASN1_STRFLGS_ESC_2253 | \

-				ASN1_STRFLGS_ESC_CTRL | \

-				ASN1_STRFLGS_ESC_MSB | \

-				ASN1_STRFLGS_UTF8_CONVERT | \

-				ASN1_STRFLGS_DUMP_UNKNOWN | \

-				ASN1_STRFLGS_DUMP_DER)

-DECLARE_STACK_OF(ASN1_INTEGER)

-DECLARE_ASN1_SET_OF(ASN1_INTEGER)

-DECLARE_STACK_OF(ASN1_GENERALSTRING)

-typedef struct asn1_type_st

-	{

-	int type;

-	union	{

-		char *ptr;

-		ASN1_BOOLEAN		boolean;

-		ASN1_STRING *		asn1_string;

-		ASN1_OBJECT *		object;

-		ASN1_INTEGER *		integer;

-		ASN1_ENUMERATED *	enumerated;

-		ASN1_BIT_STRING *	bit_string;

-		ASN1_OCTET_STRING *	octet_string;

-		ASN1_PRINTABLESTRING *	printablestring;

-		ASN1_T61STRING *	t61string;

-		ASN1_IA5STRING *	ia5string;

-		ASN1_GENERALSTRING *	generalstring;

-		ASN1_BMPSTRING *	bmpstring;

-		ASN1_UNIVERSALSTRING *	universalstring;

-		ASN1_UTCTIME *		utctime;

-		ASN1_GENERALIZEDTIME *	generalizedtime;

-		ASN1_VISIBLESTRING *	visiblestring;

-		ASN1_UTF8STRING *	utf8string;

-		/* set and sequence are left complete and still

-		 * contain the set or sequence bytes */

-		ASN1_STRING *		set;

-		ASN1_STRING *		sequence;

-		} value;

-	} ASN1_TYPE;

-DECLARE_STACK_OF(ASN1_TYPE)

-DECLARE_ASN1_SET_OF(ASN1_TYPE)

-typedef struct asn1_method_st

-	{

-	i2d_of_void *i2d;

-	d2i_of_void *d2i;

-	void *(*create)(void);

-	void (*destroy)(void *);

-	} ASN1_METHOD;

-/* This is used when parsing some Netscape objects */

-typedef struct asn1_header_st

-	{

-	ASN1_OCTET_STRING *header;

-	void *data;

-	ASN1_METHOD *meth;

-	} ASN1_HEADER;

-/* This is used to contain a list of bit names */

-typedef struct BIT_STRING_BITNAME_st {

-	int bitnum;

-	const char *lname;

-	const char *sname;

-} BIT_STRING_BITNAME;

-#define M_ASN1_STRING_length(x)	((x)->length)

-#define M_ASN1_STRING_length_set(x, n)	((x)->length = (n))

-#define M_ASN1_STRING_type(x)	((x)->type)

-#define M_ASN1_STRING_data(x)	((x)->data)

-/* Macros for string operations */

-#define M_ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\

-		ASN1_STRING_type_new(V_ASN1_BIT_STRING)

-#define M_ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\

-		ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)

-#define M_ASN1_INTEGER_new()	(ASN1_INTEGER *)\

-		ASN1_STRING_type_new(V_ASN1_INTEGER)

-#define M_ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\

-		ASN1_STRING_type_new(V_ASN1_ENUMERATED)

-#define M_ASN1_ENUMERATED_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\

-		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)

-#define M_ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\

-		ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\

-		(ASN1_STRING *)a,(ASN1_STRING *)b)

-#define M_ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)

-#define M_ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)

-#define M_i2d_ASN1_OCTET_STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\

-		V_ASN1_UNIVERSAL)

-#define B_ASN1_TIME \

-			B_ASN1_UTCTIME | \

-			B_ASN1_GENERALIZEDTIME

-#define B_ASN1_PRINTABLE \

-			B_ASN1_PRINTABLESTRING| \

-			B_ASN1_T61STRING| \

-			B_ASN1_IA5STRING| \

-			B_ASN1_BIT_STRING| \

-			B_ASN1_UNIVERSALSTRING|\

-			B_ASN1_BMPSTRING|\

-			B_ASN1_UTF8STRING|\

-			B_ASN1_SEQUENCE|\

-			B_ASN1_UNKNOWN

-#define B_ASN1_DIRECTORYSTRING \

-			B_ASN1_PRINTABLESTRING| \

-			B_ASN1_TELETEXSTRING|\

-			B_ASN1_BMPSTRING|\

-			B_ASN1_UNIVERSALSTRING|\

-			B_ASN1_UTF8STRING

-#define B_ASN1_DISPLAYTEXT \

-			B_ASN1_IA5STRING| \

-			B_ASN1_VISIBLESTRING| \

-			B_ASN1_BMPSTRING|\

-			B_ASN1_UTF8STRING

-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)

-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\

-		pp,a->type,V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \

-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \

-			B_ASN1_PRINTABLE)

-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)

-#define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\

-						pp,a->type,V_ASN1_UNIVERSAL)

-#define M_d2i_DIRECTORYSTRING(a,pp,l) \

-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \

-			B_ASN1_DIRECTORYSTRING)

-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)

-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\

-						pp,a->type,V_ASN1_UNIVERSAL)

-#define M_d2i_DISPLAYTEXT(a,pp,l) \

-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \

-			B_ASN1_DISPLAYTEXT)

-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\

-		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)

-#define M_ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\

-		V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \

-		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)

-#define M_ASN1_T61STRING_new()	(ASN1_T61STRING *)\

-		ASN1_STRING_type_new(V_ASN1_T61STRING)

-#define M_ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_T61STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\

-		V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_T61STRING(a,pp,l) \

-		(ASN1_T61STRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)

-#define M_ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\

-		ASN1_STRING_type_new(V_ASN1_IA5STRING)

-#define M_ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_IA5STRING_dup(a)	\

-			(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_i2d_ASN1_IA5STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_IA5STRING(a,pp,l) \

-		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\

-			B_ASN1_IA5STRING)

-#define M_ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\

-		ASN1_STRING_type_new(V_ASN1_UTCTIME)

-#define M_ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\

-		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)

-#define M_ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\

-	(ASN1_STRING *)a)

-#define M_ASN1_TIME_new()	(ASN1_TIME *)\

-		ASN1_STRING_type_new(V_ASN1_UTCTIME)

-#define M_ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)

-#define M_ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\

-		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)

-#define M_ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_GENERALSTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \

-		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)

-#define M_ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\

-		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)

-#define M_ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \

-		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)

-#define M_ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\

-		ASN1_STRING_type_new(V_ASN1_BMPSTRING)

-#define M_ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_BMPSTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \

-		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)

-#define M_ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\

-		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)

-#define M_ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \

-		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)

-#define M_ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\

-		ASN1_STRING_type_new(V_ASN1_UTF8STRING)

-#define M_ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)

-#define M_i2d_ASN1_UTF8STRING(a,pp) \

-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\

-			V_ASN1_UNIVERSAL)

-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \

-		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\

-		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)

-  /* for the is_set parameter to i2d_ASN1_SET */

-#define IS_SEQUENCE	0

-#define IS_SET		1

-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)

-int ASN1_TYPE_get(ASN1_TYPE *a);

-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);

-ASN1_OBJECT *	ASN1_OBJECT_new(void );

-void		ASN1_OBJECT_free(ASN1_OBJECT *a);

-int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);

-ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,

-			long length);

-ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,

-			long length);

-DECLARE_ASN1_ITEM(ASN1_OBJECT)

-DECLARE_STACK_OF(ASN1_OBJECT)

-DECLARE_ASN1_SET_OF(ASN1_OBJECT)

-ASN1_STRING *	ASN1_STRING_new(void);

-void		ASN1_STRING_free(ASN1_STRING *a);

-ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);

-ASN1_STRING *	ASN1_STRING_type_new(int type );

-int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);

-  /* Since this is used to store all sorts of things, via macros, for now, make

-     its data void * */

-int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);

-int ASN1_STRING_length(ASN1_STRING *x);

-void ASN1_STRING_length_set(ASN1_STRING *x, int n);

-int ASN1_STRING_type(ASN1_STRING *x);

-unsigned char * ASN1_STRING_data(ASN1_STRING *x);

-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)

-int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);

-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,

-			long length);

-int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,

-			int length );

-int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);

-int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);

-#ifndef OPENSSL_NO_BIO

-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,

-				BIT_STRING_BITNAME *tbl, int indent);

-#endif

-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);

-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,

-				BIT_STRING_BITNAME *tbl);

-int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);

-int 		d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);

-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)

-int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);

-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,

-			long length);

-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,

-			long length);

-ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);

-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);

-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);

-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);

-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);

-#if 0

-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);

-#endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);

-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);

-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);

-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)

-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);

-int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);

-int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);

-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)

-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)

-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);

-int UTF8_putc(unsigned char *str, int len, unsigned long value);

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)

-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)

-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)

-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)

-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)

-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);

-int ASN1_TIME_check(ASN1_TIME *t);

-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

-int i2d_ASN1_SET(STACK *a, unsigned char **pp,

-		 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);

-STACK *	d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,

-		     d2i_of_void *d2i, void (*free_func)(void *),

-		     int ex_tag, int ex_class);

-#ifndef OPENSSL_NO_BIO

-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);

-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);

-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);

-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);

-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);

-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);

-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);

-#endif

-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);

-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);

-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,

-	const char *sn, const char *ln);

-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);

-long ASN1_INTEGER_get(ASN1_INTEGER *a);

-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);

-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);

-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);

-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);

-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);

-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);

-/* General */

-/* given a string, return the correct type, max is the maximum length */

-int ASN1_PRINTABLE_type(const unsigned char *s, int max);

-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);

-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,

-	long length, int Ptag, int Pclass);

-unsigned long ASN1_tag2bit(int tag);

-/* type is one or more of the B_ASN1_ values. */

-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,

-		long length,int type);

-/* PARSING */

-int asn1_Finish(ASN1_CTX *c);

-int asn1_const_Finish(ASN1_const_CTX *c);

-/* SPECIALS */

-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,

-	int *pclass, long omax);

-int ASN1_check_infinite_end(unsigned char **p,long len);

-int ASN1_const_check_infinite_end(const unsigned char **p,long len);

-void ASN1_put_object(unsigned char **pp, int constructed, int length,

-	int tag, int xclass);

-int ASN1_put_eoc(unsigned char **pp);

-int ASN1_object_size(int constructed, int length, int tag);

-/* Used to implement other functions */

-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);

-#define ASN1_dup_of(type,i2d,d2i,x) \

-    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \

-		     CHECKED_D2I_OF(type, d2i), \

-		     CHECKED_PTR_OF(type, x)))

-#define ASN1_dup_of_const(type,i2d,d2i,x) \

-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \

-		     CHECKED_D2I_OF(type, d2i), \

-		     CHECKED_PTR_OF(const type, x)))

-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);

-#ifndef OPENSSL_NO_FP_API

-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);

-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \

-    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \

-			CHECKED_D2I_OF(type, d2i), \

-			in, \

-			CHECKED_PPTR_OF(type, x)))

-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);

-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);

-#define ASN1_i2d_fp_of(type,i2d,out,x) \

-    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \

-		 out, \

-		 CHECKED_PTR_OF(type, x)))

-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \

-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \

-		 out, \

-		 CHECKED_PTR_OF(const type, x)))

-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);

-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);

-#endif

-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);

-#ifndef OPENSSL_NO_BIO

-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);

-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \

-    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \

-			  CHECKED_D2I_OF(type, d2i), \

-			  in, \

-			  CHECKED_PPTR_OF(type, x)))

-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);

-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);

-#define ASN1_i2d_bio_of(type,i2d,out,x) \

-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \

-		  out, \

-		  CHECKED_PTR_OF(type, x)))

-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \

-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \

-		  out, \

-		  CHECKED_PTR_OF(const type, x)))

-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);

-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);

-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);

-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);

-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);

-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);

-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);

-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);

-#endif

-const char *ASN1_tag2str(int tag);

-/* Used to load and write netscape format cert/key */

-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);

-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);

-ASN1_HEADER *ASN1_HEADER_new(void );

-void ASN1_HEADER_free(ASN1_HEADER *a);

-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);

-/* Not used that much at this point, except for the first two */

-ASN1_METHOD *X509_asn1_meth(void);

-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);

-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);

-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);

-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,

-	unsigned char *data, int len);

-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,

-	unsigned char *data, int max_len);

-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,

-	unsigned char *data, int len);

-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,

-	unsigned char *data, int max_len);

-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,

-		       d2i_of_void *d2i, void (*free_func)(void *));

-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,

-			     unsigned char **buf, int *len );

-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);

-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);

-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,

-			      ASN1_OCTET_STRING **oct);

-#define ASN1_pack_string_of(type,obj,i2d,oct) \

-    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \

-		      CHECKED_I2D_OF(type, i2d), \

-		      oct))

-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);

-void ASN1_STRING_set_default_mask(unsigned long mask);

-int ASN1_STRING_set_default_mask_asc(char *p);

-unsigned long ASN1_STRING_get_default_mask(void);

-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,

-					int inform, unsigned long mask);

-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,

-					int inform, unsigned long mask,

-					long minsize, long maxsize);

-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,

-		const unsigned char *in, int inlen, int inform, int nid);

-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);

-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);

-void ASN1_STRING_TABLE_cleanup(void);

-/* ASN1 template functions */

-/* Old API compatible functions */

-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);

-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);

-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);

-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);

-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);

-void ASN1_add_oid_module(void);

-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);

-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ASN1_strings(void);

-/* Error codes for the ASN1 functions. */

-/* Function codes. */

-#define ASN1_F_A2D_ASN1_OBJECT				 100

-#define ASN1_F_A2I_ASN1_ENUMERATED			 101

-#define ASN1_F_A2I_ASN1_INTEGER				 102

-#define ASN1_F_A2I_ASN1_STRING				 103

-#define ASN1_F_APPEND_EXP				 176

-#define ASN1_F_ASN1_BIT_STRING_SET_BIT			 183

-#define ASN1_F_ASN1_CB					 177

-#define ASN1_F_ASN1_CHECK_TLEN				 104

-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105

-#define ASN1_F_ASN1_COLLECT				 106

-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108

-#define ASN1_F_ASN1_D2I_FP				 109

-#define ASN1_F_ASN1_D2I_READ_BIO			 107

-#define ASN1_F_ASN1_DIGEST				 184

-#define ASN1_F_ASN1_DO_ADB				 110

-#define ASN1_F_ASN1_DUP					 111

-#define ASN1_F_ASN1_ENUMERATED_SET			 112

-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113

-#define ASN1_F_ASN1_EX_C2I				 204

-#define ASN1_F_ASN1_FIND_END				 190

-#define ASN1_F_ASN1_GENERALIZEDTIME_SET			 185

-#define ASN1_F_ASN1_GENERATE_V3				 178

-#define ASN1_F_ASN1_GET_OBJECT				 114

-#define ASN1_F_ASN1_HEADER_NEW				 115

-#define ASN1_F_ASN1_I2D_BIO				 116

-#define ASN1_F_ASN1_I2D_FP				 117

-#define ASN1_F_ASN1_INTEGER_SET				 118

-#define ASN1_F_ASN1_INTEGER_TO_BN			 119

-#define ASN1_F_ASN1_ITEM_D2I_FP				 206

-#define ASN1_F_ASN1_ITEM_DUP				 191

-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW			 121

-#define ASN1_F_ASN1_ITEM_EX_D2I				 120

-#define ASN1_F_ASN1_ITEM_I2D_BIO			 192

-#define ASN1_F_ASN1_ITEM_I2D_FP				 193

-#define ASN1_F_ASN1_ITEM_PACK				 198

-#define ASN1_F_ASN1_ITEM_SIGN				 195

-#define ASN1_F_ASN1_ITEM_UNPACK				 199

-#define ASN1_F_ASN1_ITEM_VERIFY				 197

-#define ASN1_F_ASN1_MBSTRING_NCOPY			 122

-#define ASN1_F_ASN1_OBJECT_NEW				 123

-#define ASN1_F_ASN1_PACK_STRING				 124

-#define ASN1_F_ASN1_PCTX_NEW				 205

-#define ASN1_F_ASN1_PKCS5_PBE_SET			 125

-#define ASN1_F_ASN1_SEQ_PACK				 126

-#define ASN1_F_ASN1_SEQ_UNPACK				 127

-#define ASN1_F_ASN1_SIGN				 128

-#define ASN1_F_ASN1_STR2TYPE				 179

-#define ASN1_F_ASN1_STRING_SET				 186

-#define ASN1_F_ASN1_STRING_TABLE_ADD			 129

-#define ASN1_F_ASN1_STRING_TYPE_NEW			 130

-#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132

-#define ASN1_F_ASN1_TEMPLATE_NEW			 133

-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I			 131

-#define ASN1_F_ASN1_TIME_SET				 175

-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134

-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135

-#define ASN1_F_ASN1_UNPACK_STRING			 136

-#define ASN1_F_ASN1_UTCTIME_SET				 187

-#define ASN1_F_ASN1_VERIFY				 137

-#define ASN1_F_BITSTR_CB				 180

-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138

-#define ASN1_F_BN_TO_ASN1_INTEGER			 139

-#define ASN1_F_C2I_ASN1_BIT_STRING			 189

-#define ASN1_F_C2I_ASN1_INTEGER				 194

-#define ASN1_F_C2I_ASN1_OBJECT				 196

-#define ASN1_F_COLLECT_DATA				 140

-#define ASN1_F_D2I_ASN1_BIT_STRING			 141

-#define ASN1_F_D2I_ASN1_BOOLEAN				 142

-#define ASN1_F_D2I_ASN1_BYTES				 143

-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144

-#define ASN1_F_D2I_ASN1_HEADER				 145

-#define ASN1_F_D2I_ASN1_INTEGER				 146

-#define ASN1_F_D2I_ASN1_OBJECT				 147

-#define ASN1_F_D2I_ASN1_SET				 148

-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149

-#define ASN1_F_D2I_ASN1_UINTEGER			 150

-#define ASN1_F_D2I_ASN1_UTCTIME				 151

-#define ASN1_F_D2I_NETSCAPE_RSA				 152

-#define ASN1_F_D2I_NETSCAPE_RSA_2			 153

-#define ASN1_F_D2I_PRIVATEKEY				 154

-#define ASN1_F_D2I_PUBLICKEY				 155

-#define ASN1_F_D2I_RSA_NET				 200

-#define ASN1_F_D2I_RSA_NET_2				 201

-#define ASN1_F_D2I_X509					 156

-#define ASN1_F_D2I_X509_CINF				 157

-#define ASN1_F_D2I_X509_PKEY				 159

-#define ASN1_F_I2D_ASN1_SET				 188

-#define ASN1_F_I2D_ASN1_TIME				 160

-#define ASN1_F_I2D_DSA_PUBKEY				 161

-#define ASN1_F_I2D_EC_PUBKEY				 181

-#define ASN1_F_I2D_PRIVATEKEY				 163

-#define ASN1_F_I2D_PUBLICKEY				 164

-#define ASN1_F_I2D_RSA_NET				 162

-#define ASN1_F_I2D_RSA_PUBKEY				 165

-#define ASN1_F_LONG_C2I					 166

-#define ASN1_F_OID_MODULE_INIT				 174

-#define ASN1_F_PARSE_TAGGING				 182

-#define ASN1_F_PKCS5_PBE2_SET				 167

-#define ASN1_F_PKCS5_PBE_SET				 202

-#define ASN1_F_X509_CINF_NEW				 168

-#define ASN1_F_X509_CRL_ADD0_REVOKED			 169

-#define ASN1_F_X509_INFO_NEW				 170

-#define ASN1_F_X509_NAME_ENCODE				 203

-#define ASN1_F_X509_NAME_EX_D2I				 158

-#define ASN1_F_X509_NAME_EX_NEW				 171

-#define ASN1_F_X509_NEW					 172

-#define ASN1_F_X509_PKEY_NEW				 173

-/* Reason codes. */

-#define ASN1_R_ADDING_OBJECT				 171

-#define ASN1_R_AUX_ERROR				 100

-#define ASN1_R_BAD_CLASS				 101

-#define ASN1_R_BAD_OBJECT_HEADER			 102

-#define ASN1_R_BAD_PASSWORD_READ			 103

-#define ASN1_R_BAD_TAG					 104

-#define ASN1_R_BN_LIB					 105

-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106

-#define ASN1_R_BUFFER_TOO_SMALL				 107

-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108

-#define ASN1_R_DATA_IS_WRONG				 109

-#define ASN1_R_DECODE_ERROR				 110

-#define ASN1_R_DECODING_ERROR				 111

-#define ASN1_R_DEPTH_EXCEEDED				 174

-#define ASN1_R_ENCODE_ERROR				 112

-#define ASN1_R_ERROR_GETTING_TIME			 173

-#define ASN1_R_ERROR_LOADING_SECTION			 172

-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113

-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114

-#define ASN1_R_EXPECTING_AN_INTEGER			 115

-#define ASN1_R_EXPECTING_AN_OBJECT			 116

-#define ASN1_R_EXPECTING_A_BOOLEAN			 117

-#define ASN1_R_EXPECTING_A_TIME				 118

-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119

-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120

-#define ASN1_R_FIELD_MISSING				 121

-#define ASN1_R_FIRST_NUM_TOO_LARGE			 122

-#define ASN1_R_HEADER_TOO_LONG				 123

-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 175

-#define ASN1_R_ILLEGAL_BOOLEAN				 176

-#define ASN1_R_ILLEGAL_CHARACTERS			 124

-#define ASN1_R_ILLEGAL_FORMAT				 177

-#define ASN1_R_ILLEGAL_HEX				 178

-#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 179

-#define ASN1_R_ILLEGAL_INTEGER				 180

-#define ASN1_R_ILLEGAL_NESTED_TAGGING			 181

-#define ASN1_R_ILLEGAL_NULL				 125

-#define ASN1_R_ILLEGAL_NULL_VALUE			 182

-#define ASN1_R_ILLEGAL_OBJECT				 183

-#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126

-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170

-#define ASN1_R_ILLEGAL_TAGGED_ANY			 127

-#define ASN1_R_ILLEGAL_TIME_VALUE			 184

-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185

-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128

-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129

-#define ASN1_R_INVALID_DIGIT				 130

-#define ASN1_R_INVALID_MODIFIER				 186

-#define ASN1_R_INVALID_NUMBER				 187

-#define ASN1_R_INVALID_SEPARATOR			 131

-#define ASN1_R_INVALID_TIME_FORMAT			 132

-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133

-#define ASN1_R_INVALID_UTF8STRING			 134

-#define ASN1_R_IV_TOO_LARGE				 135

-#define ASN1_R_LENGTH_ERROR				 136

-#define ASN1_R_LIST_ERROR				 188

-#define ASN1_R_MISSING_EOC				 137

-#define ASN1_R_MISSING_SECOND_NUMBER			 138

-#define ASN1_R_MISSING_VALUE				 189

-#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139

-#define ASN1_R_MSTRING_WRONG_TAG			 140

-#define ASN1_R_NESTED_ASN1_STRING			 197

-#define ASN1_R_NON_HEX_CHARACTERS			 141

-#define ASN1_R_NOT_ASCII_FORMAT				 190

-#define ASN1_R_NOT_ENOUGH_DATA				 142

-#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143

-#define ASN1_R_NULL_IS_WRONG_LENGTH			 144

-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 191

-#define ASN1_R_ODD_NUMBER_OF_CHARS			 145

-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146

-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147

-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148

-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149

-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 192

-#define ASN1_R_SHORT_LINE				 150

-#define ASN1_R_STRING_TOO_LONG				 151

-#define ASN1_R_STRING_TOO_SHORT				 152

-#define ASN1_R_TAG_VALUE_TOO_HIGH			 153

-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154

-#define ASN1_R_TIME_NOT_ASCII_FORMAT			 193

-#define ASN1_R_TOO_LONG					 155

-#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156

-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157

-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158

-#define ASN1_R_UNEXPECTED_EOC				 159

-#define ASN1_R_UNKNOWN_FORMAT				 160

-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161

-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162

-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163

-#define ASN1_R_UNKNOWN_TAG				 194

-#define ASN1_R_UNKOWN_FORMAT				 195

-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164

-#define ASN1_R_UNSUPPORTED_CIPHER			 165

-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166

-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167

-#define ASN1_R_UNSUPPORTED_TYPE				 196

-#define ASN1_R_WRONG_TAG				 168

-#define ASN1_R_WRONG_TYPE				 169

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1_err.c

+++ /dev/null

@@ -1,298 +1,0 @@

-/* crypto/asn1/asn1_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/asn1.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)

-static ERR_STRING_DATA ASN1_str_functs[]=

-	{

-{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT),	"a2d_ASN1_OBJECT"},

-{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),	"a2i_ASN1_ENUMERATED"},

-{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),	"a2i_ASN1_INTEGER"},

-{ERR_FUNC(ASN1_F_A2I_ASN1_STRING),	"a2i_ASN1_STRING"},

-{ERR_FUNC(ASN1_F_APPEND_EXP),	"APPEND_EXP"},

-{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),	"ASN1_BIT_STRING_set_bit"},

-{ERR_FUNC(ASN1_F_ASN1_CB),	"ASN1_CB"},

-{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),	"ASN1_CHECK_TLEN"},

-{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),	"ASN1_COLLATE_PRIMITIVE"},

-{ERR_FUNC(ASN1_F_ASN1_COLLECT),	"ASN1_COLLECT"},

-{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),	"ASN1_D2I_EX_PRIMITIVE"},

-{ERR_FUNC(ASN1_F_ASN1_D2I_FP),	"ASN1_d2i_fp"},

-{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO),	"ASN1_D2I_READ_BIO"},

-{ERR_FUNC(ASN1_F_ASN1_DIGEST),	"ASN1_digest"},

-{ERR_FUNC(ASN1_F_ASN1_DO_ADB),	"ASN1_DO_ADB"},

-{ERR_FUNC(ASN1_F_ASN1_DUP),	"ASN1_dup"},

-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),	"ASN1_ENUMERATED_set"},

-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),	"ASN1_ENUMERATED_to_BN"},

-{ERR_FUNC(ASN1_F_ASN1_EX_C2I),	"ASN1_EX_C2I"},

-{ERR_FUNC(ASN1_F_ASN1_FIND_END),	"ASN1_FIND_END"},

-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),	"ASN1_GENERALIZEDTIME_set"},

-{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),	"ASN1_generate_v3"},

-{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),	"ASN1_get_object"},

-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),	"ASN1_HEADER_new"},

-{ERR_FUNC(ASN1_F_ASN1_I2D_BIO),	"ASN1_i2d_bio"},

-{ERR_FUNC(ASN1_F_ASN1_I2D_FP),	"ASN1_i2d_fp"},

-{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),	"ASN1_INTEGER_set"},

-{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),	"ASN1_INTEGER_to_BN"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP),	"ASN1_item_d2i_fp"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP),	"ASN1_item_dup"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW),	"ASN1_ITEM_EX_COMBINE_NEW"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),	"ASN1_ITEM_EX_D2I"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO),	"ASN1_item_i2d_bio"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP),	"ASN1_item_i2d_fp"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK),	"ASN1_item_pack"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN),	"ASN1_item_sign"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK),	"ASN1_item_unpack"},

-{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),	"ASN1_item_verify"},

-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),	"ASN1_mbstring_ncopy"},

-{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),	"ASN1_OBJECT_new"},

-{ERR_FUNC(ASN1_F_ASN1_PACK_STRING),	"ASN1_pack_string"},

-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),	"ASN1_PCTX_NEW"},

-{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),	"ASN1_PKCS5_PBE_SET"},

-{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),	"ASN1_seq_pack"},

-{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),	"ASN1_seq_unpack"},

-{ERR_FUNC(ASN1_F_ASN1_SIGN),	"ASN1_sign"},

-{ERR_FUNC(ASN1_F_ASN1_STR2TYPE),	"ASN1_STR2TYPE"},

-{ERR_FUNC(ASN1_F_ASN1_STRING_SET),	"ASN1_STRING_set"},

-{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),	"ASN1_STRING_TABLE_add"},

-{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW),	"ASN1_STRING_type_new"},

-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),	"ASN1_TEMPLATE_EX_D2I"},

-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),	"ASN1_TEMPLATE_NEW"},

-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),	"ASN1_TEMPLATE_NOEXP_D2I"},

-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_set"},

-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),	"ASN1_TYPE_get_int_octetstring"},

-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),	"ASN1_TYPE_get_octetstring"},

-{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},

-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),	"ASN1_UTCTIME_set"},

-{ERR_FUNC(ASN1_F_ASN1_VERIFY),	"ASN1_verify"},

-{ERR_FUNC(ASN1_F_BITSTR_CB),	"BITSTR_CB"},

-{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),	"BN_to_ASN1_ENUMERATED"},

-{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),	"BN_to_ASN1_INTEGER"},

-{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING),	"c2i_ASN1_BIT_STRING"},

-{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER),	"c2i_ASN1_INTEGER"},

-{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT),	"c2i_ASN1_OBJECT"},

-{ERR_FUNC(ASN1_F_COLLECT_DATA),	"COLLECT_DATA"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),	"D2I_ASN1_BIT_STRING"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),	"d2i_ASN1_BOOLEAN"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),	"d2i_ASN1_bytes"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),	"D2I_ASN1_GENERALIZEDTIME"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),	"d2i_ASN1_HEADER"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),	"D2I_ASN1_INTEGER"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),	"d2i_ASN1_OBJECT"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_SET),	"d2i_ASN1_SET"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),	"d2i_ASN1_type_bytes"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),	"d2i_ASN1_UINTEGER"},

-{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),	"D2I_ASN1_UTCTIME"},

-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),	"d2i_Netscape_RSA"},

-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),	"D2I_NETSCAPE_RSA_2"},

-{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),	"d2i_PrivateKey"},

-{ERR_FUNC(ASN1_F_D2I_PUBLICKEY),	"d2i_PublicKey"},

-{ERR_FUNC(ASN1_F_D2I_RSA_NET),	"d2i_RSA_NET"},

-{ERR_FUNC(ASN1_F_D2I_RSA_NET_2),	"D2I_RSA_NET_2"},

-{ERR_FUNC(ASN1_F_D2I_X509),	"D2I_X509"},

-{ERR_FUNC(ASN1_F_D2I_X509_CINF),	"D2I_X509_CINF"},

-{ERR_FUNC(ASN1_F_D2I_X509_PKEY),	"d2i_X509_PKEY"},

-{ERR_FUNC(ASN1_F_I2D_ASN1_SET),	"i2d_ASN1_SET"},

-{ERR_FUNC(ASN1_F_I2D_ASN1_TIME),	"I2D_ASN1_TIME"},

-{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),	"i2d_DSA_PUBKEY"},

-{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY),	"i2d_EC_PUBKEY"},

-{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),	"i2d_PrivateKey"},

-{ERR_FUNC(ASN1_F_I2D_PUBLICKEY),	"i2d_PublicKey"},

-{ERR_FUNC(ASN1_F_I2D_RSA_NET),	"i2d_RSA_NET"},

-{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),	"i2d_RSA_PUBKEY"},

-{ERR_FUNC(ASN1_F_LONG_C2I),	"LONG_C2I"},

-{ERR_FUNC(ASN1_F_OID_MODULE_INIT),	"OID_MODULE_INIT"},

-{ERR_FUNC(ASN1_F_PARSE_TAGGING),	"PARSE_TAGGING"},

-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),	"PKCS5_pbe2_set"},

-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},

-{ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},

-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},

-{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},

-{ERR_FUNC(ASN1_F_X509_NAME_ENCODE),	"X509_NAME_ENCODE"},

-{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),	"X509_NAME_EX_D2I"},

-{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),	"X509_NAME_EX_NEW"},

-{ERR_FUNC(ASN1_F_X509_NEW),	"X509_NEW"},

-{ERR_FUNC(ASN1_F_X509_PKEY_NEW),	"X509_PKEY_new"},

-{0,NULL}

-	};

-static ERR_STRING_DATA ASN1_str_reasons[]=

-	{

-{ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},

-{ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},

-{ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},

-{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},

-{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},

-{ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},

-{ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},

-{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},

-{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},

-{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},

-{ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},

-{ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},

-{ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},

-{ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},

-{ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},

-{ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},

-{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},

-{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},

-{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},

-{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},

-{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT)  ,"expecting an object"},

-{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN)  ,"expecting a boolean"},

-{ERR_REASON(ASN1_R_EXPECTING_A_TIME)     ,"expecting a time"},

-{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},

-{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},

-{ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},

-{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},

-{ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},

-{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},

-{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN)      ,"illegal boolean"},

-{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},

-{ERR_REASON(ASN1_R_ILLEGAL_FORMAT)       ,"illegal format"},

-{ERR_REASON(ASN1_R_ILLEGAL_HEX)          ,"illegal hex"},

-{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},

-{ERR_REASON(ASN1_R_ILLEGAL_INTEGER)      ,"illegal integer"},

-{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},

-{ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},

-{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE)   ,"illegal null value"},

-{ERR_REASON(ASN1_R_ILLEGAL_OBJECT)       ,"illegal object"},

-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},

-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},

-{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},

-{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},

-{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},

-{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},

-{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},

-{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},

-{ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},

-{ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},

-{ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},

-{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},

-{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},

-{ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},

-{ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},

-{ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},

-{ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},

-{ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},

-{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},

-{ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},

-{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},

-{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},

-{ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},

-{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},

-{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},

-{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},

-{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},

-{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},

-{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},

-{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},

-{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},

-{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},

-{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},

-{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},

-{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},

-{ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},

-{ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},

-{ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},

-{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},

-{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},

-{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},

-{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},

-{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},

-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},

-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},

-{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},

-{ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},

-{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},

-{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},

-{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},

-{ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},

-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},

-{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},

-{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},

-{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},

-{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},

-{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},

-{ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},

-{ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},

-{0,NULL}

-	};

-#endif

-void ERR_load_ASN1_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,ASN1_str_functs);

-		ERR_load_strings(0,ASN1_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1_gen.c

+++ /dev/null

@@ -1,848 +1,0 @@

-/* asn1_gen.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2002.

- */

-/* ====================================================================

- * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/x509v3.h>

-#define ASN1_GEN_FLAG		0x10000

-#define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)

-#define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)

-#define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)

-#define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)

-#define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)

-#define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)

-#define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)

-#define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)

-#define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}

-#define ASN1_FLAG_EXP_MAX	20

-/* Input formats */

-/* ASCII: default */

-#define ASN1_GEN_FORMAT_ASCII	1

-/* UTF8 */

-#define ASN1_GEN_FORMAT_UTF8	2

-/* Hex */

-#define ASN1_GEN_FORMAT_HEX	3

-/* List of bits */

-#define ASN1_GEN_FORMAT_BITLIST	4

-struct tag_name_st

-	{

-	const char *strnam;

-	int len;

-	int tag;

-	};

-typedef struct

-	{

-	int exp_tag;

-	int exp_class;

-	int exp_constructed;

-	int exp_pad;

-	long exp_len;

-	} tag_exp_type;

-typedef struct

-	{

-	int imp_tag;

-	int imp_class;

-	int utype;

-	int format;

-	const char *str;

-	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

-	int exp_count;

-	} tag_exp_arg;

-static int bitstr_cb(const char *elem, int len, void *bitstr);

-static int asn1_cb(const char *elem, int len, void *bitstr);

-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);

-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);

-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);

-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

-static int asn1_str2tag(const char *tagstr, int len);

-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

-	{

-	X509V3_CTX cnf;

-	if (!nconf)

-		return ASN1_generate_v3(str, NULL);

-	X509V3_set_nconf(&cnf, nconf);

-	return ASN1_generate_v3(str, &cnf);

-	}

-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

-	{

-	ASN1_TYPE *ret;

-	tag_exp_arg asn1_tags;

-	tag_exp_type *etmp;

-	int i, len;

-	unsigned char *orig_der = NULL, *new_der = NULL;

-	const unsigned char *cpy_start;

-	unsigned char *p;

-	const unsigned char *cp;

-	int cpy_len;

-	long hdr_len;

-	int hdr_constructed = 0, hdr_tag, hdr_class;

-	int r;

-	asn1_tags.imp_tag = -1;

-	asn1_tags.imp_class = -1;

-	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

-	asn1_tags.exp_count = 0;

-	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)

-		return NULL;

-	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))

-		{

-		if (!cnf)

-			{

-			ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);

-			return NULL;

-			}

-		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);

-		}

-	else

-		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

-	if (!ret)

-		return NULL;

-	/* If no tagging return base type */

-	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

-		return ret;

-	/* Generate the encoding */

-	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

-	ASN1_TYPE_free(ret);

-	ret = NULL;

-	/* Set point to start copying for modified encoding */

-	cpy_start = orig_der;

-	/* Do we need IMPLICIT tagging? */

-	if (asn1_tags.imp_tag != -1)

-		{

-		/* If IMPLICIT we will replace the underlying tag */

-		/* Skip existing tag+len */

-		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);

-		if (r & 0x80)

-			goto err;

-		/* Update copy length */

-		cpy_len -= cpy_start - orig_der;

-		/* For IMPLICIT tagging the length should match the

-		 * original length and constructed flag should be

-		 * consistent.

-		 */

-		if (r & 0x1)

-			{

-			/* Indefinite length constructed */

-			hdr_constructed = 2;

-			hdr_len = 0;

-			}

-		else

-			/* Just retain constructed flag */

-			hdr_constructed = r & V_ASN1_CONSTRUCTED;

-		/* Work out new length with IMPLICIT tag: ignore constructed

-		 * because it will mess up if indefinite length

-		 */

-		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

-		}

-	else

-		len = cpy_len;

-	/* Work out length in any EXPLICIT, starting from end */

-	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)

-		{

-		/* Content length: number of content octets + any padding */

-		len += etmp->exp_pad;

-		etmp->exp_len = len;

-		/* Total object length: length including new header */

-		len = ASN1_object_size(0, len, etmp->exp_tag);

-		}

-	/* Allocate buffer for new encoding */

-	new_der = OPENSSL_malloc(len);

-	/* Generate tagged encoding */

-	p = new_der;

-	/* Output explicit tags first */

-	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)

-		{

-		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

-					etmp->exp_tag, etmp->exp_class);

-		if (etmp->exp_pad)

-			*p++ = 0;

-		}

-	/* If IMPLICIT, output tag */

-	if (asn1_tags.imp_tag != -1)

-		ASN1_put_object(&p, hdr_constructed, hdr_len,

-					asn1_tags.imp_tag, asn1_tags.imp_class);

-	/* Copy across original encoding */

-	memcpy(p, cpy_start, cpy_len);

-	cp = new_der;

-	/* Obtain new ASN1_TYPE structure */

-	ret = d2i_ASN1_TYPE(NULL, &cp, len);

-	err:

-	if (orig_der)

-		OPENSSL_free(orig_der);

-	if (new_der)

-		OPENSSL_free(new_der);

-	return ret;

-	}

-static int asn1_cb(const char *elem, int len, void *bitstr)

-	{

-	tag_exp_arg *arg = bitstr;

-	int i;

-	int utype;

-	int vlen = 0;

-	const char *p, *vstart = NULL;

-	int tmp_tag, tmp_class;

-	for(i = 0, p = elem; i < len; p++, i++)

-		{

-		/* Look for the ':' in name value pairs */

-		if (*p == ':')

-			{

-			vstart = p + 1;

-			vlen = len - (vstart - elem);

-			len = p - elem;

-			break;

-			}

-		}

-	utype = asn1_str2tag(elem, len);

-	if (utype == -1)

-		{

-		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);

-		ERR_add_error_data(2, "tag=", elem);

-		return -1;

-		}

-	/* If this is not a modifier mark end of string and exit */

-	if (!(utype & ASN1_GEN_FLAG))

-		{

-		arg->utype = utype;

-		arg->str = vstart;

-		/* If no value and not end of string, error */

-		if (!vstart && elem[len])

-			{

-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);

-			return -1;

-			}

-		return 0;

-		}

-	switch(utype)

-		{

-		case ASN1_GEN_FLAG_IMP:

-		/* Check for illegal multiple IMPLICIT tagging */

-		if (arg->imp_tag != -1)

-			{

-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);

-			return -1;

-			}

-		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

-			return -1;

-		break;

-		case ASN1_GEN_FLAG_EXP:

-		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

-			return -1;

-		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

-			return -1;

-		break;

-		case ASN1_GEN_FLAG_SEQWRAP:

-		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

-			return -1;

-		break;

-		case ASN1_GEN_FLAG_SETWRAP:

-		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

-			return -1;

-		break;

-		case ASN1_GEN_FLAG_BITWRAP:

-		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

-			return -1;

-		break;

-		case ASN1_GEN_FLAG_OCTWRAP:

-		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

-			return -1;

-		break;

-		case ASN1_GEN_FLAG_FORMAT:

-		if (!strncmp(vstart, "ASCII", 5))

-			arg->format = ASN1_GEN_FORMAT_ASCII;

-		else if (!strncmp(vstart, "UTF8", 4))

-			arg->format = ASN1_GEN_FORMAT_UTF8;

-		else if (!strncmp(vstart, "HEX", 3))

-			arg->format = ASN1_GEN_FORMAT_HEX;

-		else if (!strncmp(vstart, "BITLIST", 3))

-			arg->format = ASN1_GEN_FORMAT_BITLIST;

-		else

-			{

-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);

-			return -1;

-			}

-		break;

-		}

-	return 1;

-	}

-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

-	{

-	char erch[2];

-	long tag_num;

-	char *eptr;

-	if (!vstart)

-		return 0;

-	tag_num = strtoul(vstart, &eptr, 10);

-	/* Check we haven't gone past max length: should be impossible */

-	if (eptr && *eptr && (eptr > vstart + vlen))

-		return 0;

-	if (tag_num < 0)

-		{

-		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);

-		return 0;

-		}

-	*ptag = tag_num;

-	/* If we have non numeric characters, parse them */

-	if (eptr)

-		vlen -= eptr - vstart;

-	else

-		vlen = 0;

-	if (vlen)

-		{

-		switch (*eptr)

-			{

-			case 'U':

-			*pclass = V_ASN1_UNIVERSAL;

-			break;

-			case 'A':

-			*pclass = V_ASN1_APPLICATION;

-			break;

-			case 'P':

-			*pclass = V_ASN1_PRIVATE;

-			break;

-			case 'C':

-			*pclass = V_ASN1_CONTEXT_SPECIFIC;

-			break;

-			default:

-			erch[0] = *eptr;

-			erch[1] = 0;

-			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);

-			ERR_add_error_data(2, "Char=", erch);

-			return 0;

-			break;

-			}

-		}

-	else

-		*pclass = V_ASN1_CONTEXT_SPECIFIC;

-	return 1;

-	}

-/* Handle multiple types: SET and SEQUENCE */

-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)

-	{

-	ASN1_TYPE *ret = NULL, *typ = NULL;

-	STACK_OF(ASN1_TYPE) *sk = NULL;

-	STACK_OF(CONF_VALUE) *sect = NULL;

-	unsigned char *der = NULL, *p;

-	int derlen;

-	int i, is_set;

-	sk = sk_ASN1_TYPE_new_null();

-	if (section)

-		{

-		if (!cnf)

-			goto bad;

-		sect = X509V3_get_section(cnf, (char *)section);

-		if (!sect)

-			goto bad;

-		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)

-			{

-			typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);

-			if (!typ)

-				goto bad;

-			sk_ASN1_TYPE_push(sk, typ);

-			typ = NULL;

-			}

-		}

-	/* Now we has a STACK of the components, convert to the correct form */

-	if (utype == V_ASN1_SET)

-		is_set = 1;

-	else

-		is_set = 0;

-	derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,

-					   V_ASN1_UNIVERSAL, is_set);

-	der = OPENSSL_malloc(derlen);

-	p = der;

-	i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,

-				  V_ASN1_UNIVERSAL, is_set);

-	if (!(ret = ASN1_TYPE_new()))

-		goto bad;

-	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

-		goto bad;

-	ret->type = utype;

-	ret->value.asn1_string->data = der;

-	ret->value.asn1_string->length = derlen;

-	der = NULL;

-	bad:

-	if (der)

-		OPENSSL_free(der);

-	if (sk)

-		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

-	if (typ)

-		ASN1_TYPE_free(typ);

-	if (sect)

-		X509V3_section_free(cnf, sect);

-	return ret;

-	}

-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)

-	{

-	tag_exp_type *exp_tmp;

-	/* Can only have IMPLICIT if permitted */

-	if ((arg->imp_tag != -1) && !imp_ok)

-		{

-		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);

-		return 0;

-		}

-	if (arg->exp_count == ASN1_FLAG_EXP_MAX)

-		{

-		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);

-		return 0;

-		}

-	exp_tmp = &arg->exp_list[arg->exp_count++];

-	/* If IMPLICIT set tag to implicit value then

-	 * reset implicit tag since it has been used.

-	 */

-	if (arg->imp_tag != -1)

-		{

-		exp_tmp->exp_tag = arg->imp_tag;

-		exp_tmp->exp_class = arg->imp_class;

-		arg->imp_tag = -1;

-		arg->imp_class = -1;

-		}

-	else

-		{

-		exp_tmp->exp_tag = exp_tag;

-		exp_tmp->exp_class = exp_class;

-		}

-	exp_tmp->exp_constructed = exp_constructed;

-	exp_tmp->exp_pad = exp_pad;

-	return 1;

-	}

-static int asn1_str2tag(const char *tagstr, int len)

-	{

-	unsigned int i;

-	static struct tag_name_st *tntmp, tnst [] = {

-		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

-		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

-		ASN1_GEN_STR("NULL", V_ASN1_NULL),

-		ASN1_GEN_STR("INT", V_ASN1_INTEGER),

-		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

-		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

-		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

-		ASN1_GEN_STR("OID", V_ASN1_OBJECT),

-		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

-		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

-		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

-		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

-		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

-		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

-		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

-		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

-		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

-		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

-		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

-		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

-		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

-		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

-		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

-		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

-		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

-		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

-		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

-		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

-		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

-		ASN1_GEN_STR("T61", V_ASN1_T61STRING),

-		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

-		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

-		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

-		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

-		/* Special cases */

-		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

-		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

-		ASN1_GEN_STR("SET", V_ASN1_SET),

-		/* type modifiers */

-		/* Explicit tag */

-		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

-		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

-		/* Implicit tag */

-		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

-		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

-		/* OCTET STRING wrapper */

-		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

-		/* SEQUENCE wrapper */

-		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

-		/* SET wrapper */

-		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

-		/* BIT STRING wrapper */

-		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

-		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

-		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

-	};

-	if (len == -1)

-		len = strlen(tagstr);

-	tntmp = tnst;

-	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)

-		{

-		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

-			return tntmp->tag;

-		}

-	return -1;

-	}

-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

-	{

-	ASN1_TYPE *atmp = NULL;

-	CONF_VALUE vtmp;

-	unsigned char *rdata;

-	long rdlen;

-	int no_unused = 1;

-	if (!(atmp = ASN1_TYPE_new()))

-		{

-		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	if (!str)

-		str = "";

-	switch(utype)

-		{

-		case V_ASN1_NULL:

-		if (str && *str)

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);

-			goto bad_form;

-			}

-		break;

-		case V_ASN1_BOOLEAN:

-		if (format != ASN1_GEN_FORMAT_ASCII)

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);

-			goto bad_form;

-			}

-		vtmp.name = NULL;

-		vtmp.section = NULL;

-		vtmp.value = (char *)str;

-		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);

-			goto bad_str;

-			}

-		break;

-		case V_ASN1_INTEGER:

-		case V_ASN1_ENUMERATED:

-		if (format != ASN1_GEN_FORMAT_ASCII)

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

-			goto bad_form;

-			}

-		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);

-			goto bad_str;

-			}

-		break;

-		case V_ASN1_OBJECT:

-		if (format != ASN1_GEN_FORMAT_ASCII)

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

-			goto bad_form;

-			}

-		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);

-			goto bad_str;

-			}

-		break;

-		case V_ASN1_UTCTIME:

-		case V_ASN1_GENERALIZEDTIME:

-		if (format != ASN1_GEN_FORMAT_ASCII)

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);

-			goto bad_form;

-			}

-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);

-			goto bad_str;

-			}

-		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);

-			goto bad_str;

-			}

-		atmp->value.asn1_string->type = utype;

-		if (!ASN1_TIME_check(atmp->value.asn1_string))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);

-			goto bad_str;

-			}

-		break;

-		case V_ASN1_BMPSTRING:

-		case V_ASN1_PRINTABLESTRING:

-		case V_ASN1_IA5STRING:

-		case V_ASN1_T61STRING:

-		case V_ASN1_UTF8STRING:

-		case V_ASN1_VISIBLESTRING:

-		case V_ASN1_UNIVERSALSTRING:

-		case V_ASN1_GENERALSTRING:

-		if (format == ASN1_GEN_FORMAT_ASCII)

-			format = MBSTRING_ASC;

-		else if (format == ASN1_GEN_FORMAT_UTF8)

-			format = MBSTRING_UTF8;

-		else

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);

-			goto bad_form;

-			}

-		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

-						-1, format, ASN1_tag2bit(utype)) <= 0)

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);

-			goto bad_str;

-			}

-		break;

-		case V_ASN1_BIT_STRING:

-		case V_ASN1_OCTET_STRING:

-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);

-			goto bad_form;

-			}

-		if (format == ASN1_GEN_FORMAT_HEX)

-			{

-			if (!(rdata = string_to_hex((char *)str, &rdlen)))

-				{

-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);

-				goto bad_str;

-				}

-			atmp->value.asn1_string->data = rdata;

-			atmp->value.asn1_string->length = rdlen;

-			atmp->value.asn1_string->type = utype;

-			}

-		else if (format == ASN1_GEN_FORMAT_ASCII)

-			ASN1_STRING_set(atmp->value.asn1_string, str, -1);

-		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))

-			{

-			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))

-				{

-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);

-				goto bad_str;

-				}

-			no_unused = 0;

-			}

-		else

-			{

-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

-			goto bad_form;

-			}

-		if ((utype == V_ASN1_BIT_STRING) && no_unused)

-			{

-			atmp->value.asn1_string->flags

-				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

-        		atmp->value.asn1_string->flags

-				|= ASN1_STRING_FLAG_BITS_LEFT;

-			}

-		break;

-		default:

-		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);

-		goto bad_str;

-		break;

-		}

-	atmp->type = utype;

-	return atmp;

-	bad_str:

-	ERR_add_error_data(2, "string=", str);

-	bad_form:

-	ASN1_TYPE_free(atmp);

-	return NULL;

-	}

-static int bitstr_cb(const char *elem, int len, void *bitstr)

-	{

-	long bitnum;

-	char *eptr;

-	if (!elem)

-		return 0;

-	bitnum = strtoul(elem, &eptr, 10);

-	if (eptr && *eptr && (eptr != elem + len))

-		return 0;

-	if (bitnum < 0)

-		{

-		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);

-		return 0;

-		}

-	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))

-		{

-		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1_lib.c

+++ /dev/null

@@ -1,462 +1,0 @@

-/* crypto/asn1/asn1_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <limits.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/asn1_mac.h>

-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);

-static void asn1_put_length(unsigned char **pp, int length);

-const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;

-static int _asn1_check_infinite_end(const unsigned char **p, long len)

-	{

-	/* If there is 0 or 1 byte left, the length check should pick

-	 * things up */

-	if (len <= 0)

-		return(1);

-	else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))

-		{

-		(*p)+=2;

-		return(1);

-		}

-	return(0);

-	}

-int ASN1_check_infinite_end(unsigned char **p, long len)

-	{

-	return _asn1_check_infinite_end((const unsigned char **)p, len);

-	}

-int ASN1_const_check_infinite_end(const unsigned char **p, long len)

-	{

-	return _asn1_check_infinite_end(p, len);

-	}

-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,

-	int *pclass, long omax)

-	{

-	int i,ret;

-	long l;

-	const unsigned char *p= *pp;

-	int tag,xclass,inf;

-	long max=omax;

-	if (!max) goto err;

-	ret=(*p&V_ASN1_CONSTRUCTED);

-	xclass=(*p&V_ASN1_PRIVATE);

-	i= *p&V_ASN1_PRIMITIVE_TAG;

-	if (i == V_ASN1_PRIMITIVE_TAG)

-		{		/* high-tag */

-		p++;

-		if (--max == 0) goto err;

-		l=0;

-		while (*p&0x80)

-			{

-			l<<=7L;

-			l|= *(p++)&0x7f;

-			if (--max == 0) goto err;

-			if (l > (INT_MAX >> 7L)) goto err;

-			}

-		l<<=7L;

-		l|= *(p++)&0x7f;

-		tag=(int)l;

-		if (--max == 0) goto err;

-		}

-	else

-		{

-		tag=i;

-		p++;

-		if (--max == 0) goto err;

-		}

-	*ptag=tag;

-	*pclass=xclass;

-	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;

-#if 0

-	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",

-		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),

-		(int)(omax+ *pp));

-#endif

-	if (*plength > (omax - (p - *pp)))

-		{

-		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);

-		/* Set this so that even if things are not long enough

-		 * the values are set correctly */

-		ret|=0x80;

-		}

-	*pp=p;

-	return(ret|inf);

-err:

-	ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);

-	return(0x80);

-	}

-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)

-	{

-	const unsigned char *p= *pp;

-	unsigned long ret=0;

-	unsigned int i;

-	if (max-- < 1) return(0);

-	if (*p == 0x80)

-		{

-		*inf=1;

-		ret=0;

-		p++;

-		}

-	else

-		{

-		*inf=0;

-		i= *p&0x7f;

-		if (*(p++) & 0x80)

-			{

-			if (i > sizeof(long))

-				return 0;

-			if (max-- == 0) return(0);

-			while (i-- > 0)

-				{

-				ret<<=8L;

-				ret|= *(p++);

-				if (max-- == 0) return(0);

-				}

-			}

-		else

-			ret=i;

-		}

-	if (ret > LONG_MAX)

-		return 0;

-	*pp=p;

-	*rl=(long)ret;

-	return(1);

-	}

-/* class 0 is constructed

- * constructed == 2 for indefinite length constructed */

-void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,

-	     int xclass)

-	{

-	unsigned char *p= *pp;

-	int i, ttag;

-	i=(constructed)?V_ASN1_CONSTRUCTED:0;

-	i|=(xclass&V_ASN1_PRIVATE);

-	if (tag < 31)

-		*(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);

-	else

-		{

-		*(p++)=i|V_ASN1_PRIMITIVE_TAG;

-		for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;

-		ttag = i;

-		while(i-- > 0)

-			{

-			p[i] = tag & 0x7f;

-			if(i != (ttag - 1)) p[i] |= 0x80;

-			tag >>= 7;

-			}

-		p += ttag;

-		}

-	if (constructed == 2)

-		*(p++)=0x80;

-	else

-		asn1_put_length(&p,length);

-	*pp=p;

-	}

-int ASN1_put_eoc(unsigned char **pp)

-	{

-	unsigned char *p = *pp;

-	*p++ = 0;

-	*p++ = 0;

-	*pp = p;

-	return 2;

-	}

-static void asn1_put_length(unsigned char **pp, int length)

-	{

-	unsigned char *p= *pp;

-	int i,l;

-	if (length <= 127)

-		*(p++)=(unsigned char)length;

-	else

-		{

-		l=length;

-		for (i=0; l > 0; i++)

-			l>>=8;

-		*(p++)=i|0x80;

-		l=i;

-		while (i-- > 0)

-			{

-			p[i]=length&0xff;

-			length>>=8;

-			}

-		p+=l;

-		}

-	*pp=p;

-	}

-int ASN1_object_size(int constructed, int length, int tag)

-	{

-	int ret;

-	ret=length;

-	ret++;

-	if (tag >= 31)

-		{

-		while (tag > 0)

-			{

-			tag>>=7;

-			ret++;

-			}

-		}

-	if (constructed == 2)

-		return ret + 3;

-	ret++;

-	if (length > 127)

-		{

-		while (length > 0)

-			{

-			length>>=8;

-			ret++;

-			}

-		}

-	return(ret);

-	}

-static int _asn1_Finish(ASN1_const_CTX *c)

-	{

-	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))

-		{

-		if (!ASN1_const_check_infinite_end(&c->p,c->slen))

-			{

-			c->error=ERR_R_MISSING_ASN1_EOS;

-			return(0);

-			}

-		}

-	if (	((c->slen != 0) && !(c->inf & 1)) ||

-		((c->slen < 0) && (c->inf & 1)))

-		{

-		c->error=ERR_R_ASN1_LENGTH_MISMATCH;

-		return(0);

-		}

-	return(1);

-	}

-int asn1_Finish(ASN1_CTX *c)

-	{

-	return _asn1_Finish((ASN1_const_CTX *)c);

-	}

-int asn1_const_Finish(ASN1_const_CTX *c)

-	{

-	return _asn1_Finish(c);

-	}

-int asn1_GetSequence(ASN1_const_CTX *c, long *length)

-	{

-	const unsigned char *q;

-	q=c->p;

-	c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),

-		*length);

-	if (c->inf & 0x80)

-		{

-		c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;

-		return(0);

-		}

-	if (c->tag != V_ASN1_SEQUENCE)

-		{

-		c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;

-		return(0);

-		}

-	(*length)-=(c->p-q);

-	if (c->max && (*length < 0))

-		{

-		c->error=ERR_R_ASN1_LENGTH_MISMATCH;

-		return(0);

-		}

-	if (c->inf == (1|V_ASN1_CONSTRUCTED))

-		c->slen= *length+ *(c->pp)-c->p;

-	c->eos=0;

-	return(1);

-	}

-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)

-	{

-	ASN1_STRING *ret;

-	if (str == NULL) return(NULL);

-	if ((ret=ASN1_STRING_type_new(str->type)) == NULL)

-		return(NULL);

-	if (!ASN1_STRING_set(ret,str->data,str->length))

-		{

-		ASN1_STRING_free(ret);

-		return(NULL);

-		}

-	ret->flags = str->flags;

-	return(ret);

-	}

-int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)

-	{

-	unsigned char *c;

-	const char *data=_data;

-	if (len < 0)

-		{

-		if (data == NULL)

-			return(0);

-		else

-			len=strlen(data);

-		}

-	if ((str->length < len) || (str->data == NULL))

-		{

-		c=str->data;

-		if (c == NULL)

-			str->data=OPENSSL_malloc(len+1);

-		else

-			str->data=OPENSSL_realloc(c,len+1);

-		if (str->data == NULL)

-			{

-			ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);

-			str->data=c;

-			return(0);

-			}

-		}

-	str->length=len;

-	if (data != NULL)

-		{

-		memcpy(str->data,data,len);

-		/* an allowance for strings :-) */

-		str->data[len]='\0';

-		}

-	return(1);

-	}

-ASN1_STRING *ASN1_STRING_new(void)

-	{

-	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));

-	}

-ASN1_STRING *ASN1_STRING_type_new(int type)

-	{

-	ASN1_STRING *ret;

-	ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->length=0;

-	ret->type=type;

-	ret->data=NULL;

-	ret->flags=0;

-	return(ret);

-	}

-void ASN1_STRING_free(ASN1_STRING *a)

-	{

-	if (a == NULL) return;

-	if (a->data != NULL) OPENSSL_free(a->data);

-	OPENSSL_free(a);

-	}

-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)

-	{

-	int i;

-	i=(a->length-b->length);

-	if (i == 0)

-		{

-		i=memcmp(a->data,b->data,a->length);

-		if (i == 0)

-			return(a->type-b->type);

-		else

-			return(i);

-		}

-	else

-		return(i);

-	}

-void asn1_add_error(const unsigned char *address, int offset)

-	{

-	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];

-	BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);

-	BIO_snprintf(buf2,sizeof buf2,"%d",offset);

-	ERR_add_error_data(4,"address=",buf1," offset=",buf2);

-	}

-int ASN1_STRING_length(ASN1_STRING *x)

-{ return M_ASN1_STRING_length(x); }

-void ASN1_STRING_length_set(ASN1_STRING *x, int len)

-{ M_ASN1_STRING_length_set(x, len); return; }

-int ASN1_STRING_type(ASN1_STRING *x)

-{ return M_ASN1_STRING_type(x); }

-unsigned char * ASN1_STRING_data(ASN1_STRING *x)

-{ return M_ASN1_STRING_data(x); }

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1_mac.h

+++ /dev/null

@@ -1,571 +1,0 @@

-/* crypto/asn1/asn1_mac.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ASN1_MAC_H

-#define HEADER_ASN1_MAC_H

-#include <openssl/asn1.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifndef ASN1_MAC_ERR_LIB

-#define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1

-#endif

-#define ASN1_MAC_H_err(f,r,line) \

-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))

-#define M_ASN1_D2I_vars(a,type,func) \

-	ASN1_const_CTX c; \

-	type ret=NULL; \

-	\

-	c.pp=(const unsigned char **)pp; \

-	c.q= *(const unsigned char **)pp; \

-	c.error=ERR_R_NESTED_ASN1_ERROR; \

-	if ((a == NULL) || ((*a) == NULL)) \

-		{ if ((ret=(type)func()) == NULL) \

-			{ c.line=__LINE__; goto err; } } \

-	else	ret=(*a);

-#define M_ASN1_D2I_Init() \

-	c.p= *(const unsigned char **)pp; \

-	c.max=(length == 0)?0:(c.p+length);

-#define M_ASN1_D2I_Finish_2(a) \

-	if (!asn1_const_Finish(&c)) \

-		{ c.line=__LINE__; goto err; } \

-	*(const unsigned char **)pp=c.p; \

-	if (a != NULL) (*a)=ret; \

-	return(ret);

-#define M_ASN1_D2I_Finish(a,func,e) \

-	M_ASN1_D2I_Finish_2(a); \

-err:\

-	ASN1_MAC_H_err((e),c.error,c.line); \

-	asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \

-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \

-	return(NULL)

-#define M_ASN1_D2I_start_sequence() \

-	if (!asn1_GetSequence(&c,&length)) \

-		{ c.line=__LINE__; goto err; }

-/* Begin reading ASN1 without a surrounding sequence */

-#define M_ASN1_D2I_begin() \

-	c.slen = length;

-/* End reading ASN1 with no check on length */

-#define M_ASN1_D2I_Finish_nolen(a, func, e) \

-	*pp=c.p; \

-	if (a != NULL) (*a)=ret; \

-	return(ret); \

-err:\

-	ASN1_MAC_H_err((e),c.error,c.line); \

-	asn1_add_error(*pp,(int)(c.q- *pp)); \

-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \

-	return(NULL)

-#define M_ASN1_D2I_end_sequence() \

-	(((c.inf&1) == 0)?(c.slen <= 0): \

-		(c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))

-/* Don't use this with d2i_ASN1_BOOLEAN() */

-#define M_ASN1_D2I_get(b, func) \

-	c.q=c.p; \

-	if (func(&(b),&c.p,c.slen) == NULL) \

-		{c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-/* Don't use this with d2i_ASN1_BOOLEAN() */

-#define M_ASN1_D2I_get_x(type,b,func) \

-	c.q=c.p; \

-	if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \

-		{c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-/* use this instead () */

-#define M_ASN1_D2I_get_int(b,func) \

-	c.q=c.p; \

-	if (func(&(b),&c.p,c.slen) < 0) \

-		{c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_opt(b,func,type) \

-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \

-		== (V_ASN1_UNIVERSAL|(type)))) \

-		{ \

-		M_ASN1_D2I_get(b,func); \

-		}

-#define M_ASN1_D2I_get_imp(b,func, type) \

-	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \

-	c.q=c.p; \

-	if (func(&(b),&c.p,c.slen) == NULL) \

-		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \

-	c.slen-=(c.p-c.q);\

-	M_ASN1_next_prev=_tmp;

-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \

-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \

-		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \

-		{ \

-		unsigned char _tmp = M_ASN1_next; \

-		M_ASN1_D2I_get_imp(b,func, type);\

-		}

-#define M_ASN1_D2I_get_set(r,func,free_func) \

-		M_ASN1_D2I_get_imp_set(r,func,free_func, \

-			V_ASN1_SET,V_ASN1_UNIVERSAL);

-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \

-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \

-			V_ASN1_SET,V_ASN1_UNIVERSAL);

-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\

-		{ M_ASN1_D2I_get_set(r,func,free_func); }

-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\

-		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }

-#define M_ASN1_I2D_len_SET_opt(a,f) \

-	if ((a != NULL) && (sk_num(a) != 0)) \

-		M_ASN1_I2D_len_SET(a,f);

-#define M_ASN1_I2D_put_SET_opt(a,f) \

-	if ((a != NULL) && (sk_num(a) != 0)) \

-		M_ASN1_I2D_put_SET(a,f);

-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \

-	if ((a != NULL) && (sk_num(a) != 0)) \

-		M_ASN1_I2D_put_SEQUENCE(a,f);

-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \

-	if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);

-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \

-	if ((c.slen != 0) && \

-		(M_ASN1_next == \

-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\

-		{ \

-		M_ASN1_D2I_get_imp_set(b,func,free_func,\

-			tag,V_ASN1_CONTEXT_SPECIFIC); \

-		}

-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \

-	if ((c.slen != 0) && \

-		(M_ASN1_next == \

-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\

-		{ \

-		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\

-			tag,V_ASN1_CONTEXT_SPECIFIC); \

-		}

-#define M_ASN1_D2I_get_seq(r,func,free_func) \

-		M_ASN1_D2I_get_imp_set(r,func,free_func,\

-			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);

-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \

-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\

-					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)

-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\

-		{ M_ASN1_D2I_get_seq(r,func,free_func); }

-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \

-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \

-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\

-		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }

-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \

-		M_ASN1_D2I_get_imp_set(r,func,free_func,\

-			x,V_ASN1_CONTEXT_SPECIFIC);

-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \

-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\

-			x,V_ASN1_CONTEXT_SPECIFIC);

-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \

-	c.q=c.p; \

-	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\

-		(void (*)())free_func,a,b) == NULL) \

-		{ c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \

-	c.q=c.p; \

-	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\

-				   free_func,a,b) == NULL) \

-		{ c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \

-	c.q=c.p; \

-	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \

-		{ c.line=__LINE__; goto err; } \

-	c.slen-=(c.p-c.q);

-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \

-	if ((c.slen != 0L) && (M_ASN1_next == \

-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \

-		{ \

-		int Tinf,Ttag,Tclass; \

-		long Tlen; \

-		\

-		c.q=c.p; \

-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \

-		if (Tinf & 0x80) \

-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \

-			c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \

-					Tlen = c.slen - (c.p - c.q) - 2; \

-		if (func(&(r),&c.p,Tlen) == NULL) \

-			{ c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \

-			Tlen = c.slen - (c.p - c.q); \

-			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \

-				{ c.error=ERR_R_MISSING_ASN1_EOS; \

-				c.line=__LINE__; goto err; } \

-		}\

-		c.slen-=(c.p-c.q); \

-		}

-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \

-	if ((c.slen != 0) && (M_ASN1_next == \

-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \

-		{ \

-		int Tinf,Ttag,Tclass; \

-		long Tlen; \

-		\

-		c.q=c.p; \

-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \

-		if (Tinf & 0x80) \

-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \

-			c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \

-					Tlen = c.slen - (c.p - c.q) - 2; \

-		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \

-			(void (*)())free_func, \

-			b,V_ASN1_UNIVERSAL) == NULL) \

-			{ c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \

-			Tlen = c.slen - (c.p - c.q); \

-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \

-				{ c.error=ERR_R_MISSING_ASN1_EOS; \

-				c.line=__LINE__; goto err; } \

-		}\

-		c.slen-=(c.p-c.q); \

-		}

-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \

-	if ((c.slen != 0) && (M_ASN1_next == \

-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \

-		{ \

-		int Tinf,Ttag,Tclass; \

-		long Tlen; \

-		\

-		c.q=c.p; \

-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \

-		if (Tinf & 0x80) \

-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \

-			c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \

-					Tlen = c.slen - (c.p - c.q) - 2; \

-		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \

-			free_func,b,V_ASN1_UNIVERSAL) == NULL) \

-			{ c.line=__LINE__; goto err; } \

-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \

-			Tlen = c.slen - (c.p - c.q); \

-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \

-				{ c.error=ERR_R_MISSING_ASN1_EOS; \

-				c.line=__LINE__; goto err; } \

-		}\

-		c.slen-=(c.p-c.q); \

-		}

-/* New macros */

-#define M_ASN1_New_Malloc(ret,type) \

-	if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \

-		{ c.line=__LINE__; goto err2; }

-#define M_ASN1_New(arg,func) \

-	if (((arg)=func()) == NULL) return(NULL)

-#define M_ASN1_New_Error(a) \

-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \

-		return(NULL);*/ \

-	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \

-		return(NULL)

-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,

-   some macros that use ASN1_const_CTX still insist on writing in the input

-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.

-   Please?						-- Richard Levitte */

-#define M_ASN1_next		(*((unsigned char *)(c.p)))

-#define M_ASN1_next_prev	(*((unsigned char *)(c.q)))

-/*************************************************/

-#define M_ASN1_I2D_vars(a)	int r=0,ret=0; \

-				unsigned char *p; \

-				if (a == NULL) return(0)

-/* Length Macros */

-#define M_ASN1_I2D_len(a,f)	ret+=f(a,NULL)

-#define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)

-#define M_ASN1_I2D_len_SET(a,f) \

-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);

-#define M_ASN1_I2D_len_SET_type(type,a,f) \

-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \

-					    V_ASN1_UNIVERSAL,IS_SET);

-#define M_ASN1_I2D_len_SEQUENCE(a,f) \

-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \

-				  IS_SEQUENCE);

-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \

-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \

-					    V_ASN1_UNIVERSAL,IS_SEQUENCE)

-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			M_ASN1_I2D_len_SEQUENCE(a,f);

-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);

-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \

-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);

-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \

-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \

-					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);

-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-					  IS_SET);

-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \

-					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);

-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \

-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-				  IS_SEQUENCE);

-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-					  IS_SEQUENCE);

-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \

-						    V_ASN1_CONTEXT_SPECIFIC, \

-						    IS_SEQUENCE);

-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \

-		if (a != NULL)\

-			{ \

-			v=f(a,NULL); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0))\

-			{ \

-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0))\

-			{ \

-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \

-				       IS_SEQUENCE); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0))\

-			{ \

-			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \

-						 V_ASN1_UNIVERSAL, \

-						 IS_SEQUENCE); \

-			ret+=ASN1_object_size(1,v,mtag); \

-			}

-/* Put Macros */

-#define M_ASN1_I2D_put(a,f)	f(a,&p)

-#define M_ASN1_I2D_put_IMP_opt(a,f,t)	\

-		if (a != NULL) \

-			{ \

-			unsigned char *q=p; \

-			f(a,&p); \

-			*q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\

-			}

-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\

-			V_ASN1_UNIVERSAL,IS_SET)

-#define M_ASN1_I2D_put_SET_type(type,a,f) \

-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)

-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\

-			V_ASN1_CONTEXT_SPECIFIC,IS_SET)

-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \

-     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)

-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\

-			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)

-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\

-					     V_ASN1_UNIVERSAL,IS_SEQUENCE)

-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \

-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \

-			    IS_SEQUENCE)

-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			M_ASN1_I2D_put_SEQUENCE(a,f);

-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-				       IS_SET); }

-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \

-						 V_ASN1_CONTEXT_SPECIFIC, \

-						 IS_SET); }

-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \

-				       IS_SEQUENCE); }

-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \

-						 V_ASN1_CONTEXT_SPECIFIC, \

-						 IS_SEQUENCE); }

-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \

-		if (a != NULL) \

-			{ \

-			ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \

-			f(a,&p); \

-			}

-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ \

-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \

-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \

-			}

-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_num(a) != 0)) \

-			{ \

-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \

-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \

-			}

-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \

-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \

-			{ \

-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \

-			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \

-					       IS_SEQUENCE); \

-			}

-#define M_ASN1_I2D_seq_total() \

-		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \

-		if (pp == NULL) return(r); \

-		p= *pp; \

-		ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)

-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \

-		*(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \

-		*(p++)=0x80

-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00

-#define M_ASN1_I2D_finish()	*pp=p; \

-				return(r);

-int asn1_GetSequence(ASN1_const_CTX *c, long *length);

-void asn1_add_error(const unsigned char *address,int offset);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1_par.c

+++ /dev/null

@@ -1,442 +1,0 @@

-/* crypto/asn1/asn1_par.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/asn1.h>

-static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,

-	int indent);

-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,

-	int offset, int depth, int indent, int dump);

-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,

-	     int indent)

-	{

-	static const char fmt[]="%-18s";

-	static const char fmt2[]="%2d %-15s";

-	char str[128];

-	const char *p,*p2=NULL;

-	if (constructed & V_ASN1_CONSTRUCTED)

-		p="cons: ";

-	else

-		p="prim: ";

-	if (BIO_write(bp,p,6) < 6) goto err;

-	BIO_indent(bp,indent,128);

-	p=str;

-	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)

-		BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);

-	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)

-		BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);

-	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)

-		BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);

-	else if (tag > 30)

-		BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);

-	else

-		p = ASN1_tag2str(tag);

-	if (p2 != NULL)

-		{

-		if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;

-		}

-	else

-		{

-		if (BIO_printf(bp,fmt,p) <= 0) goto err;

-		}

-	return(1);

-err:

-	return(0);

-	}

-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)

-	{

-	return(asn1_parse2(bp,&pp,len,0,0,indent,0));

-	}

-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)

-	{

-	return(asn1_parse2(bp,&pp,len,0,0,indent,dump));

-	}

-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,

-	     int depth, int indent, int dump)

-	{

-	const unsigned char *p,*ep,*tot,*op,*opp;

-	long len;

-	int tag,xclass,ret=0;

-	int nl,hl,j,r;

-	ASN1_OBJECT *o=NULL;

-	ASN1_OCTET_STRING *os=NULL;

-	/* ASN1_BMPSTRING *bmp=NULL;*/

-	int dump_indent;

-#if 0

-	dump_indent = indent;

-#else

-	dump_indent = 6;	/* Because we know BIO_dump_indent() */

-#endif

-	p= *pp;

-	tot=p+length;

-	op=p-1;

-	while ((p < tot) && (op < p))

-		{

-		op=p;

-		j=ASN1_get_object(&p,&len,&tag,&xclass,length);

-#ifdef LINT

-		j=j;

-#endif

-		if (j & 0x80)

-			{

-			if (BIO_write(bp,"Error in encoding\n",18) <= 0)

-				goto end;

-			ret=0;

-			goto end;

-			}

-		hl=(p-op);

-		length-=hl;

-		/* if j == 0x21 it is a constructed indefinite length object */

-		if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))

-			<= 0) goto end;

-		if (j != (V_ASN1_CONSTRUCTED | 1))

-			{

-			if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",

-				depth,(long)hl,len) <= 0)

-				goto end;

-			}

-		else

-			{

-			if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",

-				depth,(long)hl) <= 0)

-				goto end;

-			}

-		if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))

-			goto end;

-		if (j & V_ASN1_CONSTRUCTED)

-			{

-			ep=p+len;

-			if (BIO_write(bp,"\n",1) <= 0) goto end;

-			if (len > length)

-				{

-				BIO_printf(bp,

-					"length is greater than %ld\n",length);

-				ret=0;

-				goto end;

-				}

-			if ((j == 0x21) && (len == 0))

-				{

-				for (;;)

-					{

-					r=asn1_parse2(bp,&p,(long)(tot-p),

-						offset+(p - *pp),depth+1,

-						indent,dump);

-					if (r == 0) { ret=0; goto end; }

-					if ((r == 2) || (p >= tot)) break;

-					}

-				}

-			else

-				while (p < ep)

-					{

-					r=asn1_parse2(bp,&p,(long)len,

-						offset+(p - *pp),depth+1,

-						indent,dump);

-					if (r == 0) { ret=0; goto end; }

-					}

-			}

-		else if (xclass != 0)

-			{

-			p+=len;

-			if (BIO_write(bp,"\n",1) <= 0) goto end;

-			}

-		else

-			{

-			nl=0;

-			if (	(tag == V_ASN1_PRINTABLESTRING) ||

-				(tag == V_ASN1_T61STRING) ||

-				(tag == V_ASN1_IA5STRING) ||

-				(tag == V_ASN1_VISIBLESTRING) ||

-				(tag == V_ASN1_UTCTIME) ||

-				(tag == V_ASN1_GENERALIZEDTIME))

-				{

-				if (BIO_write(bp,":",1) <= 0) goto end;

-				if ((len > 0) &&

-					BIO_write(bp,(const char *)p,(int)len)

-					!= (int)len)

-					goto end;

-				}

-			else if (tag == V_ASN1_OBJECT)

-				{

-				opp=op;

-				if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)

-					{

-					if (BIO_write(bp,":",1) <= 0) goto end;

-					i2a_ASN1_OBJECT(bp,o);

-					}

-				else

-					{

-					if (BIO_write(bp,":BAD OBJECT",11) <= 0)

-						goto end;

-					}

-				}

-			else if (tag == V_ASN1_BOOLEAN)

-				{

-				int ii;

-				opp=op;

-				ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);

-				if (ii < 0)

-					{

-					if (BIO_write(bp,"Bad boolean\n",12))

-						goto end;

-					}

-				BIO_printf(bp,":%d",ii);

-				}

-			else if (tag == V_ASN1_BMPSTRING)

-				{

-				/* do the BMP thang */

-				}

-			else if (tag == V_ASN1_OCTET_STRING)

-				{

-				int i,printable=1;

-				opp=op;

-				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);

-				if (os != NULL && os->length > 0)

-					{

-					opp = os->data;

-					/* testing whether the octet string is

-					 * printable */

-					for (i=0; i<os->length; i++)

-						{

-						if ((	(opp[i] < ' ') &&

-							(opp[i] != '\n') &&

-							(opp[i] != '\r') &&

-							(opp[i] != '\t')) ||

-							(opp[i] > '~'))

-							{

-							printable=0;

-							break;

-							}

-						}

-					if (printable)

-					/* printable string */

-						{

-						if (BIO_write(bp,":",1) <= 0)

-							goto end;

-						if (BIO_write(bp,(const char *)opp,

-							os->length) <= 0)

-							goto end;

-						}

-					else if (!dump)

-					/* not printable => print octet string

-					 * as hex dump */

-						{

-						if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)

-							goto end;

-						for (i=0; i<os->length; i++)

-							{

-							if (BIO_printf(bp,"%02X"

-								, opp[i]) <= 0)

-								goto end;

-							}

-						}

-					else

-					/* print the normal dump */

-						{

-						if (!nl)

-							{

-							if (BIO_write(bp,"\n",1) <= 0)

-								goto end;

-							}

-						if (BIO_dump_indent(bp,

-							(const char *)opp,

-							((dump == -1 || dump >

-							os->length)?os->length:dump),

-							dump_indent) <= 0)

-							goto end;

-						nl=1;

-						}

-					}

-				if (os != NULL)

-					{

-					M_ASN1_OCTET_STRING_free(os);

-					os=NULL;

-					}

-				}

-			else if (tag == V_ASN1_INTEGER)

-				{

-				ASN1_INTEGER *bs;

-				int i;

-				opp=op;

-				bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);

-				if (bs != NULL)

-					{

-					if (BIO_write(bp,":",1) <= 0) goto end;

-					if (bs->type == V_ASN1_NEG_INTEGER)

-						if (BIO_write(bp,"-",1) <= 0)

-							goto end;

-					for (i=0; i<bs->length; i++)

-						{

-						if (BIO_printf(bp,"%02X",

-							bs->data[i]) <= 0)

-							goto end;

-						}

-					if (bs->length == 0)

-						{

-						if (BIO_write(bp,"00",2) <= 0)

-							goto end;

-						}

-					}

-				else

-					{

-					if (BIO_write(bp,"BAD INTEGER",11) <= 0)

-						goto end;

-					}

-				M_ASN1_INTEGER_free(bs);

-				}

-			else if (tag == V_ASN1_ENUMERATED)

-				{

-				ASN1_ENUMERATED *bs;

-				int i;

-				opp=op;

-				bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);

-				if (bs != NULL)

-					{

-					if (BIO_write(bp,":",1) <= 0) goto end;

-					if (bs->type == V_ASN1_NEG_ENUMERATED)

-						if (BIO_write(bp,"-",1) <= 0)

-							goto end;

-					for (i=0; i<bs->length; i++)

-						{

-						if (BIO_printf(bp,"%02X",

-							bs->data[i]) <= 0)

-							goto end;

-						}

-					if (bs->length == 0)

-						{

-						if (BIO_write(bp,"00",2) <= 0)

-							goto end;

-						}

-					}

-				else

-					{

-					if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)

-						goto end;

-					}

-				M_ASN1_ENUMERATED_free(bs);

-				}

-			else if (len > 0 && dump)

-				{

-				if (!nl)

-					{

-					if (BIO_write(bp,"\n",1) <= 0)

-						goto end;

-					}

-				if (BIO_dump_indent(bp,(const char *)p,

-					((dump == -1 || dump > len)?len:dump),

-					dump_indent) <= 0)

-					goto end;

-				nl=1;

-				}

-			if (!nl)

-				{

-				if (BIO_write(bp,"\n",1) <= 0) goto end;

-				}

-			p+=len;

-			if ((tag == V_ASN1_EOC) && (xclass == 0))

-				{

-				ret=2; /* End of sequence */

-				goto end;

-				}

-			}

-		length-=len;

-		}

-	ret=1;

-end:

-	if (o != NULL) ASN1_OBJECT_free(o);

-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);

-	*pp=p;

-	return(ret);

-	}

-const char *ASN1_tag2str(int tag)

-{

-	static const char *tag2str[] = {

-	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */

-	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */

-	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */

-	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", 		    /* 15-17 */

-	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",	    /* 18-20 */

-	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */

-	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",	    /* 25-27 */

-	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"		    /* 28-30 */

-	};

-	if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))

-							tag &= ~0x100;

-	if(tag < 0 || tag > 30) return "(unknown)";

-	return tag2str[tag];

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn1t.h

+++ /dev/null

@@ -1,886 +1,0 @@

-/* asn1t.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ASN1T_H

-#define HEADER_ASN1T_H

-#include <stddef.h>

-#include <openssl/e_os2.h>

-#include <openssl/asn1.h>

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-/* ASN1 template defines, structures and functions */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */

-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))

-/* Macros for start and end of ASN1_ITEM definition */

-#define ASN1_ITEM_start(itname) \

-	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {

-#define ASN1_ITEM_end(itname) \

-		};

-#else

-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */

-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))

-/* Macros for start and end of ASN1_ITEM definition */

-#define ASN1_ITEM_start(itname) \

-	const ASN1_ITEM * itname##_it(void) \

-	{ \

-		static const ASN1_ITEM local_it = {

-#define ASN1_ITEM_end(itname) \

-		}; \

-	return &local_it; \

-	}

-#endif

-/* Macros to aid ASN1 template writing */

-#define ASN1_ITEM_TEMPLATE(tname) \

-	static const ASN1_TEMPLATE tname##_item_tt

-#define ASN1_ITEM_TEMPLATE_END(tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_PRIMITIVE,\

-		-1,\

-		&tname##_item_tt,\

-		0,\

-		NULL,\

-		0,\

-		#tname \

-	ASN1_ITEM_end(tname)

-/* This is a ASN1 type which just embeds a template */

-/* This pair helps declare a SEQUENCE. We can do:

- *

- * 	ASN1_SEQUENCE(stname) = {

- * 		... SEQUENCE components ...

- * 	} ASN1_SEQUENCE_END(stname)

- *

- * 	This will produce an ASN1_ITEM called stname_it

- *	for a structure called stname.

- *

- * 	If you want the same structure but a different

- *	name then use:

- *

- * 	ASN1_SEQUENCE(itname) = {

- * 		... SEQUENCE components ...

- * 	} ASN1_SEQUENCE_END_name(stname, itname)

- *

- *	This will create an item called itname_it using

- *	a structure called stname.

- */

-#define ASN1_SEQUENCE(tname) \

-	static const ASN1_TEMPLATE tname##_seq_tt[]

-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)

-#define ASN1_SEQUENCE_END_name(stname, tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_SEQUENCE,\

-		V_ASN1_SEQUENCE,\

-		tname##_seq_tt,\

-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\

-		NULL,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-#define ASN1_NDEF_SEQUENCE(tname) \

-	ASN1_SEQUENCE(tname)

-#define ASN1_SEQUENCE_cb(tname, cb) \

-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_BROKEN_SEQUENCE(tname) \

-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_SEQUENCE_ref(tname, cb, lck) \

-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_SEQUENCE_enc(tname, enc, cb) \

-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \

-	ASN1_SEQUENCE(tname)

-#define ASN1_NDEF_SEQUENCE_END(tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_NDEF_SEQUENCE,\

-		V_ASN1_SEQUENCE,\

-		tname##_seq_tt,\

-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\

-		NULL,\

-		sizeof(tname),\

-		#tname \

-	ASN1_ITEM_end(tname)

-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)

-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)

-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)

-#define ASN1_SEQUENCE_END_ref(stname, tname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_SEQUENCE,\

-		V_ASN1_SEQUENCE,\

-		tname##_seq_tt,\

-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\

-		&tname##_aux,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-/* This pair helps declare a CHOICE type. We can do:

- *

- * 	ASN1_CHOICE(chname) = {

- * 		... CHOICE options ...

- * 	ASN1_CHOICE_END(chname)

- *

- * 	This will produce an ASN1_ITEM called chname_it

- *	for a structure called chname. The structure

- *	definition must look like this:

- *	typedef struct {

- *		int type;

- *		union {

- *			ASN1_SOMETHING *opt1;

- *			ASN1_SOMEOTHER *opt2;

- *		} value;

- *	} chname;

- *

- *	the name of the selector must be 'type'.

- * 	to use an alternative selector name use the

- *      ASN1_CHOICE_END_selector() version.

- */

-#define ASN1_CHOICE(tname) \

-	static const ASN1_TEMPLATE tname##_ch_tt[]

-#define ASN1_CHOICE_cb(tname, cb) \

-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \

-	ASN1_CHOICE(tname)

-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)

-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)

-#define ASN1_CHOICE_END_selector(stname, tname, selname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_CHOICE,\

-		offsetof(stname,selname) ,\

-		tname##_ch_tt,\

-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\

-		NULL,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-#define ASN1_CHOICE_END_cb(stname, tname, selname) \

-	;\

-	ASN1_ITEM_start(tname) \

-		ASN1_ITYPE_CHOICE,\

-		offsetof(stname,selname) ,\

-		tname##_ch_tt,\

-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\

-		&tname##_aux,\

-		sizeof(stname),\

-		#stname \

-	ASN1_ITEM_end(tname)

-/* This helps with the template wrapper form of ASN1_ITEM */

-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \

-	(flags), (tag), 0,\

-	#name, ASN1_ITEM_ref(type) }

-/* These help with SEQUENCE or CHOICE components */

-/* used to declare other types */

-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \

-	(flags), (tag), offsetof(stname, field),\

-	#field, ASN1_ITEM_ref(type) }

-/* used when the structure is combined with the parent */

-#define ASN1_EX_COMBINE(flags, tag, type) { \

-	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }

-/* implicit and explicit helper macros */

-#define ASN1_IMP_EX(stname, field, type, tag, ex) \

-		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)

-#define ASN1_EXP_EX(stname, field, type, tag, ex) \

-		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)

-/* Any defined by macros: the field used is in the table itself */

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }

-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }

-#else

-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }

-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }

-#endif

-/* Plain simple type */

-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)

-/* OPTIONAL simple type */

-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)

-/* IMPLICIT tagged simple type */

-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)

-/* IMPLICIT tagged OPTIONAL simple type */

-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)

-/* Same as above but EXPLICIT */

-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)

-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)

-/* SEQUENCE OF type */

-#define ASN1_SEQUENCE_OF(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)

-/* OPTIONAL SEQUENCE OF */

-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)

-/* Same as above but for SET OF */

-#define ASN1_SET_OF(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)

-#define ASN1_SET_OF_OPT(stname, field, type) \

-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)

-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */

-#define ASN1_IMP_SET_OF(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)

-#define ASN1_EXP_SET_OF(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)

-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)

-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)

-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)

-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \

-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)

-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)

-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)

-/* EXPLICIT OPTIONAL using indefinite length constructed form */

-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \

-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)

-/* Macros for the ASN1_ADB structure */

-#define ASN1_ADB(name) \

-	static const ASN1_ADB_TABLE name##_adbtbl[]

-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \

-	;\

-	static const ASN1_ADB name##_adb = {\

-		flags,\

-		offsetof(name, field),\

-		app_table,\

-		name##_adbtbl,\

-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\

-		def,\

-		none\

-	}

-#else

-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \

-	;\

-	static const ASN1_ITEM *name##_adb(void) \

-	{ \

-	static const ASN1_ADB internal_adb = \

-		{\

-		flags,\

-		offsetof(name, field),\

-		app_table,\

-		name##_adbtbl,\

-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\

-		def,\

-		none\

-		}; \

-		return (const ASN1_ITEM *) &internal_adb; \

-	} \

-	void dummy_function(void)

-#endif

-#define ADB_ENTRY(val, template) {val, template}

-#define ASN1_ADB_TEMPLATE(name) \

-	static const ASN1_TEMPLATE name##_tt

-/* This is the ASN1 template structure that defines

- * a wrapper round the actual type. It determines the

- * actual position of the field in the value structure,

- * various flags such as OPTIONAL and the field name.

- */

-struct ASN1_TEMPLATE_st {

-unsigned long flags;		/* Various flags */

-long tag;			/* tag, not used if no tagging */

-unsigned long offset;		/* Offset of this field in structure */

-#ifndef NO_ASN1_FIELD_NAMES

-const char *field_name;		/* Field name */

-#endif

-ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */

-};

-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */

-#define ASN1_TEMPLATE_item(t) (t->item_ptr)

-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)

-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;

-typedef struct ASN1_ADB_st ASN1_ADB;

-struct ASN1_ADB_st {

-	unsigned long flags;	/* Various flags */

-	unsigned long offset;	/* Offset of selector field */

-	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */

-	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */

-	long tblcount;		/* Number of entries in tbl */

-	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */

-	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */

-};

-struct ASN1_ADB_TABLE_st {

-	long value;		/* NID for an object or value for an int */

-	const ASN1_TEMPLATE tt;		/* item for this value */

-};

-/* template flags */

-/* Field is optional */

-#define ASN1_TFLG_OPTIONAL	(0x1)

-/* Field is a SET OF */

-#define ASN1_TFLG_SET_OF	(0x1 << 1)

-/* Field is a SEQUENCE OF */

-#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)

-/* Special case: this refers to a SET OF that

- * will be sorted into DER order when encoded *and*

- * the corresponding STACK will be modified to match

- * the new order.

- */

-#define ASN1_TFLG_SET_ORDER	(0x3 << 1)

-/* Mask for SET OF or SEQUENCE OF */

-#define ASN1_TFLG_SK_MASK	(0x3 << 1)

-/* These flags mean the tag should be taken from the

- * tag field. If EXPLICIT then the underlying type

- * is used for the inner tag.

- */

-/* IMPLICIT tagging */

-#define ASN1_TFLG_IMPTAG	(0x1 << 3)

-/* EXPLICIT tagging, inner tag from underlying type */

-#define ASN1_TFLG_EXPTAG	(0x2 << 3)

-#define ASN1_TFLG_TAG_MASK	(0x3 << 3)

-/* context specific IMPLICIT */

-#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT

-/* context specific EXPLICIT */

-#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT

-/* If tagging is in force these determine the

- * type of tag to use. Otherwise the tag is

- * determined by the underlying type. These

- * values reflect the actual octet format.

- */

-/* Universal tag */

-#define ASN1_TFLG_UNIVERSAL	(0x0<<6)

-/* Application tag */

-#define ASN1_TFLG_APPLICATION	(0x1<<6)

-/* Context specific tag */

-#define ASN1_TFLG_CONTEXT	(0x2<<6)

-/* Private tag */

-#define ASN1_TFLG_PRIVATE	(0x3<<6)

-#define ASN1_TFLG_TAG_CLASS	(0x3<<6)

-/* These are for ANY DEFINED BY type. In this case

- * the 'item' field points to an ASN1_ADB structure

- * which contains a table of values to decode the

- * relevant type

- */

-#define ASN1_TFLG_ADB_MASK	(0x3<<8)

-#define ASN1_TFLG_ADB_OID	(0x1<<8)

-#define ASN1_TFLG_ADB_INT	(0x1<<9)

-/* This flag means a parent structure is passed

- * instead of the field: this is useful is a

- * SEQUENCE is being combined with a CHOICE for

- * example. Since this means the structure and

- * item name will differ we need to use the

- * ASN1_CHOICE_END_name() macro for example.

- */

-#define ASN1_TFLG_COMBINE	(0x1<<10)

-/* This flag when present in a SEQUENCE OF, SET OF

- * or EXPLICIT causes indefinite length constructed

- * encoding to be used if required.

- */

-#define ASN1_TFLG_NDEF		(0x1<<11)

-/* This is the actual ASN1 item itself */

-struct ASN1_ITEM_st {

-char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */

-long utype;			/* underlying type */

-const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */

-long tcount;			/* Number of templates if SEQUENCE or CHOICE */

-const void *funcs;		/* functions that handle this type */

-long size;			/* Structure size (usually)*/

-#ifndef NO_ASN1_FIELD_NAMES

-const char *sname;		/* Structure name */

-#endif

-};

-/* These are values for the itype field and

- * determine how the type is interpreted.

- *

- * For PRIMITIVE types the underlying type

- * determines the behaviour if items is NULL.

- *

- * Otherwise templates must contain a single

- * template and the type is treated in the

- * same way as the type specified in the template.

- *

- * For SEQUENCE types the templates field points

- * to the members, the size field is the

- * structure size.

- *

- * For CHOICE types the templates field points

- * to each possible member (typically a union)

- * and the 'size' field is the offset of the

- * selector.

- *

- * The 'funcs' field is used for application

- * specific functions.

- *

- * For COMPAT types the funcs field gives a

- * set of functions that handle this type, this

- * supports the old d2i, i2d convention.

- *

- * The EXTERN type uses a new style d2i/i2d.

- * The new style should be used where possible

- * because it avoids things like the d2i IMPLICIT

- * hack.

- *

- * MSTRING is a multiple string type, it is used

- * for a CHOICE of character strings where the

- * actual strings all occupy an ASN1_STRING

- * structure. In this case the 'utype' field

- * has a special meaning, it is used as a mask

- * of acceptable types using the B_ASN1 constants.

- *

- * NDEF_SEQUENCE is the same as SEQUENCE except

- * that it will use indefinite length constructed

- * encoding if requested.

- *

- */

-#define ASN1_ITYPE_PRIMITIVE		0x0

-#define ASN1_ITYPE_SEQUENCE		0x1

-#define ASN1_ITYPE_CHOICE		0x2

-#define ASN1_ITYPE_COMPAT		0x3

-#define ASN1_ITYPE_EXTERN		0x4

-#define ASN1_ITYPE_MSTRING		0x5

-#define ASN1_ITYPE_NDEF_SEQUENCE	0x6

-/* Cache for ASN1 tag and length, so we

- * don't keep re-reading it for things

- * like CHOICE

- */

-struct ASN1_TLC_st{

-	char valid;	/* Values below are valid */

-	int ret;	/* return value */

-	long plen;	/* length */

-	int ptag;	/* class value */

-	int pclass;	/* class value */

-	int hdrlen;	/* header length */

-};

-/* Typedefs for ASN1 function pointers */

-typedef ASN1_VALUE * ASN1_new_func(void);

-typedef void ASN1_free_func(ASN1_VALUE *a);

-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);

-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);

-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,

-					int tag, int aclass, char opt, ASN1_TLC *ctx);

-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);

-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);

-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);

-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);

-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);

-typedef struct ASN1_COMPAT_FUNCS_st {

-	ASN1_new_func *asn1_new;

-	ASN1_free_func *asn1_free;

-	ASN1_d2i_func *asn1_d2i;

-	ASN1_i2d_func *asn1_i2d;

-} ASN1_COMPAT_FUNCS;

-typedef struct ASN1_EXTERN_FUNCS_st {

-	void *app_data;

-	ASN1_ex_new_func *asn1_ex_new;

-	ASN1_ex_free_func *asn1_ex_free;

-	ASN1_ex_free_func *asn1_ex_clear;

-	ASN1_ex_d2i *asn1_ex_d2i;

-	ASN1_ex_i2d *asn1_ex_i2d;

-} ASN1_EXTERN_FUNCS;

-typedef struct ASN1_PRIMITIVE_FUNCS_st {

-	void *app_data;

-	unsigned long flags;

-	ASN1_ex_new_func *prim_new;

-	ASN1_ex_free_func *prim_free;

-	ASN1_ex_free_func *prim_clear;

-	ASN1_primitive_c2i *prim_c2i;

-	ASN1_primitive_i2c *prim_i2c;

-} ASN1_PRIMITIVE_FUNCS;

-/* This is the ASN1_AUX structure: it handles various

- * miscellaneous requirements. For example the use of

- * reference counts and an informational callback.

- *

- * The "informational callback" is called at various

- * points during the ASN1 encoding and decoding. It can

- * be used to provide minor customisation of the structures

- * used. This is most useful where the supplied routines

- * *almost* do the right thing but need some extra help

- * at a few points. If the callback returns zero then

- * it is assumed a fatal error has occurred and the

- * main operation should be abandoned.

- *

- * If major changes in the default behaviour are required

- * then an external type is more appropriate.

- */

-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);

-typedef struct ASN1_AUX_st {

-	void *app_data;

-	int flags;

-	int ref_offset;		/* Offset of reference value */

-	int ref_lock;		/* Lock type to use */

-	ASN1_aux_cb *asn1_cb;

-	int enc_offset;		/* Offset of ASN1_ENCODING structure */

-} ASN1_AUX;

-/* Flags in ASN1_AUX */

-/* Use a reference count */

-#define ASN1_AFLG_REFCOUNT	1

-/* Save the encoding of structure (useful for signatures) */

-#define ASN1_AFLG_ENCODING	2

-/* The Sequence length is invalid */

-#define ASN1_AFLG_BROKEN	4

-/* operation values for asn1_cb */

-#define ASN1_OP_NEW_PRE		0

-#define ASN1_OP_NEW_POST	1

-#define ASN1_OP_FREE_PRE	2

-#define ASN1_OP_FREE_POST	3

-#define ASN1_OP_D2I_PRE		4

-#define ASN1_OP_D2I_POST	5

-#define ASN1_OP_I2D_PRE		6

-#define ASN1_OP_I2D_POST	7

-/* Macro to implement a primitive type */

-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)

-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \

-				ASN1_ITEM_start(itname) \

-					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \

-				ASN1_ITEM_end(itname)

-/* Macro to implement a multi string type */

-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \

-				ASN1_ITEM_start(itname) \

-					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \

-				ASN1_ITEM_end(itname)

-/* Macro to implement an ASN1_ITEM in terms of old style funcs */

-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)

-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \

-	static const ASN1_COMPAT_FUNCS sname##_ff = { \

-		(ASN1_new_func *)sname##_new, \

-		(ASN1_free_func *)sname##_free, \

-		(ASN1_d2i_func *)d2i_##sname, \

-		(ASN1_i2d_func *)i2d_##sname, \

-	}; \

-	ASN1_ITEM_start(sname) \

-		ASN1_ITYPE_COMPAT, \

-		tag, \

-		NULL, \

-		0, \

-		&sname##_ff, \

-		0, \

-		#sname \

-	ASN1_ITEM_end(sname)

-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \

-	ASN1_ITEM_start(sname) \

-		ASN1_ITYPE_EXTERN, \

-		tag, \

-		NULL, \

-		0, \

-		&fptrs, \

-		0, \

-		#sname \

-	ASN1_ITEM_end(sname)

-/* Macro to implement standard functions in terms of ASN1_ITEM structures */

-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)

-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)

-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \

-			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)

-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \

-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)

-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \

-	stname *fname##_new(void) \

-	{ \

-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \

-	} \

-	void fname##_free(stname *a) \

-	{ \

-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \

-	}

-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)

-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \

-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \

-	{ \

-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\

-	} \

-	int i2d_##fname(stname *a, unsigned char **out) \

-	{ \

-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\

-	}

-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \

-	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \

-	{ \

-		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\

-	}

-/* This includes evil casts to remove const: they will go away when full

- * ASN1 constification is done.

- */

-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \

-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \

-	{ \

-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\

-	} \

-	int i2d_##fname(const stname *a, unsigned char **out) \

-	{ \

-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\

-	}

-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \

-	stname * stname##_dup(stname *x) \

-        { \

-        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \

-        }

-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \

-		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)

-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \

-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)

-/* external definitions for primitive types */

-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)

-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)

-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)

-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)

-DECLARE_ASN1_ITEM(CBIGNUM)

-DECLARE_ASN1_ITEM(BIGNUM)

-DECLARE_ASN1_ITEM(LONG)

-DECLARE_ASN1_ITEM(ZLONG)

-DECLARE_STACK_OF(ASN1_VALUE)

-/* Functions used internally by the ASN1 code */

-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);

-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,

-				int tag, int aclass, char opt, ASN1_TLC *ctx);

-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);

-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);

-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);

-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);

-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);

-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);

-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);

-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);

-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);

-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn_moid.c

+++ /dev/null

@@ -1,160 +1,0 @@

-/* asn_moid.c */

-/* Written by Stephen Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <ctype.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/dso.h>

-#include <openssl/x509.h>

-/* Simple ASN1 OID module: add all objects in a given section */

-static int do_create(char *value, char *name);

-static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)

-	{

-	int i;

-	const char *oid_section;

-	STACK_OF(CONF_VALUE) *sktmp;

-	CONF_VALUE *oval;

-	oid_section = CONF_imodule_get_value(md);

-	if(!(sktmp = NCONF_get_section(cnf, oid_section)))

-		{

-		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);

-		return 0;

-		}

-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)

-		{

-		oval = sk_CONF_VALUE_value(sktmp, i);

-		if(!do_create(oval->value, oval->name))

-			{

-			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);

-			return 0;

-			}

-		}

-	return 1;

-	}

-static void oid_module_finish(CONF_IMODULE *md)

-	{

-	OBJ_cleanup();

-	}

-void ASN1_add_oid_module(void)

-	{

-	CONF_module_add("oid_section", oid_module_init, oid_module_finish);

-	}

-/* Create an OID based on a name value pair. Accept two formats.

- * shortname = 1.2.3.4

- * shortname = some long name, 1.2.3.4

- */

-static int do_create(char *value, char *name)

-	{

-	int nid;

-	ASN1_OBJECT *oid;

-	char *ln, *ostr, *p, *lntmp;

-	p = strrchr(value, ',');

-	if (!p)

-		{

-		ln = name;

-		ostr = value;

-		}

-	else

-		{

-		ln = NULL;

-		ostr = p + 1;

-		if (!*ostr)

-			return 0;

-		while(isspace((unsigned char)*ostr)) ostr++;

-		}

-	nid = OBJ_create(ostr, name, ln);

-	if (nid == NID_undef)

-		return 0;

-	if (p)

-		{

-		ln = value;

-		while(isspace((unsigned char)*ln)) ln++;

-		p--;

-		while(isspace((unsigned char)*p))

-			{

-			if (p == ln)

-				return 0;

-			p--;

-			}

-		p++;

-		lntmp = OPENSSL_malloc((p - ln) + 1);

-		if (lntmp == NULL)

-			return 0;

-		memcpy(lntmp, ln, p - ln);

-		lntmp[p - ln] = 0;

-		oid = OBJ_nid2obj(nid);

-		oid->ln = lntmp;

-		}

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/asn_pack.c

+++ /dev/null

@@ -1,191 +1,0 @@

-/* asn_pack.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#ifndef NO_ASN1_OLD

-/* ASN1 packing and unpacking functions */

-/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */

-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,

-		       d2i_of_void *d2i,void (*free_func)(void *))

-{

-    STACK *sk;

-    const unsigned char *pbuf;

-    pbuf =  buf;

-    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,

-					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))

-		 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);

-    return sk;

-}

-/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a

- * OPENSSL_malloc'ed buffer

- */

-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,

-			     unsigned char **buf, int *len)

-{

-	int safelen;

-	unsigned char *safe, *p;

-	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,

-					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {

-		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);

-		return NULL;

-	}

-	if (!(safe = OPENSSL_malloc (safelen))) {

-		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	p = safe;

-	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,

-								 IS_SEQUENCE);

-	if (len) *len = safelen;

-	if (buf) *buf = safe;

-	return safe;

-}

-/* Extract an ASN1 object from an ASN1_STRING */

-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)

-{

-	const unsigned char *p;

-	char *ret;

-	p = oct->data;

-	if(!(ret = d2i(NULL, &p, oct->length)))

-		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);

-	return ret;

-}

-/* Pack an ASN1 object into an ASN1_STRING */

-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)

-{

-	unsigned char *p;

-	ASN1_STRING *octmp;

-	if (!oct || !*oct) {

-		if (!(octmp = ASN1_STRING_new ())) {

-			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);

-			return NULL;

-		}

-		if (oct) *oct = octmp;

-	} else octmp = *oct;

-	if (!(octmp->length = i2d(obj, NULL))) {

-		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);

-		return NULL;

-	}

-	if (!(p = OPENSSL_malloc (octmp->length))) {

-		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	octmp->data = p;

-	i2d (obj, &p);

-	return octmp;

-}

-#endif

-/* ASN1_ITEM versions of the above */

-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)

-{

-	ASN1_STRING *octmp;

-	if (!oct || !*oct) {

-		if (!(octmp = ASN1_STRING_new ())) {

-			ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);

-			return NULL;

-		}

-		if (oct) *oct = octmp;

-	} else octmp = *oct;

-	if(octmp->data) {

-		OPENSSL_free(octmp->data);

-		octmp->data = NULL;

-	}

-	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {

-		ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);

-		return NULL;

-	}

-	if (!octmp->data) {

-		ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	return octmp;

-}

-/* Extract an ASN1 object from an ASN1_STRING */

-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)

-{

-	const unsigned char *p;

-	void *ret;

-	p = oct->data;

-	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))

-		ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);

-	return ret;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/charmap.h

+++ /dev/null

@@ -1,15 +1,0 @@

-/* Auto generated with chartype.pl script.

- * Mask of various character properties

- */

-static unsigned char char_type[] = {

- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,

- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,

-120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,

-16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,

- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,

-16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,

- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,

-16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2

-};

--- a/sys/src/ape/lib/openssl/crypto/asn1/charmap.pl

+++ /dev/null

@@ -1,80 +1,0 @@

-#!/usr/local/bin/perl -w

-use strict;

-my ($i, @arr);

-# Set up an array with the type of ASCII characters

-# Each set bit represents a character property.

-# RFC2253 character properties

-my $RFC2253_ESC = 1;	# Character escaped with \

-my $ESC_CTRL	= 2;	# Escaped control character

-# These are used with RFC1779 quoting using "

-my $NOESC_QUOTE	= 8;	# Not escaped if quoted

-my $PSTRING_CHAR = 0x10;	# Valid PrintableString character

-my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character

-my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character

-for($i = 0; $i < 128; $i++) {

-	# Set the RFC2253 escape characters (control)

-	$arr[$i] = 0;

-	if(($i < 32) || ($i > 126)) {

-		$arr[$i] |= $ESC_CTRL;

-	}

-	# Some PrintableString characters

-	if(		   ( ( $i >= ord("a")) && ( $i <= ord("z")) )

-			|| (  ( $i >= ord("A")) && ( $i <= ord("Z")) )

-			|| (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {

-		$arr[$i] |= $PSTRING_CHAR;

-	}

-}

-# Now setup the rest

-# Remaining RFC2253 escaped characters

-$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;

-$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;

-$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;

-$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;

-$arr[ord("\"")] |= $RFC2253_ESC;

-$arr[ord("\\")] |= $RFC2253_ESC;

-$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;

-$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;

-$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;

-# Remaining PrintableString characters

-$arr[ord(" ")] |= $PSTRING_CHAR;

-$arr[ord("'")] |= $PSTRING_CHAR;

-$arr[ord("(")] |= $PSTRING_CHAR;

-$arr[ord(")")] |= $PSTRING_CHAR;

-$arr[ord("+")] |= $PSTRING_CHAR;

-$arr[ord(",")] |= $PSTRING_CHAR;

-$arr[ord("-")] |= $PSTRING_CHAR;

-$arr[ord(".")] |= $PSTRING_CHAR;

-$arr[ord("/")] |= $PSTRING_CHAR;

-$arr[ord(":")] |= $PSTRING_CHAR;

-$arr[ord("=")] |= $PSTRING_CHAR;

-$arr[ord("?")] |= $PSTRING_CHAR;

-# Now generate the C code

-print <<EOF;

-/* Auto generated with chartype.pl script.

- * Mask of various character properties

- */

-static unsigned char char_type[] = {

-EOF

-for($i = 0; $i < 128; $i++) {

-	print("\n") if($i && (($i % 16) == 0));

-	printf("%2d", $arr[$i]);

-	print(",") if ($i != 127);

-}

-print("\n};\n\n");

--- a/sys/src/ape/lib/openssl/crypto/asn1/d2i_pr.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* crypto/asn1/d2i_pr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,

-	     long length)

-	{

-	EVP_PKEY *ret;

-	if ((a == NULL) || (*a == NULL))

-		{

-		if ((ret=EVP_PKEY_new()) == NULL)

-			{

-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);

-			return(NULL);

-			}

-		}

-	else	ret= *a;

-	ret->save_type=type;

-	ret->type=EVP_PKEY_type(type);

-	switch (ret->type)

-		{

-#ifndef OPENSSL_NO_RSA

-	case EVP_PKEY_RSA:

-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,

-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */

-			{

-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-	case EVP_PKEY_DSA:

-		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,

-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */

-			{

-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		break;

-#endif

-#ifndef OPENSSL_NO_EC

-	case EVP_PKEY_EC:

-		if ((ret->pkey.ec = d2i_ECPrivateKey(NULL,

-			(const unsigned char **)pp, length)) == NULL)

-			{

-			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		break;

-#endif

-	default:

-		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);

-		goto err;

-		/* break; */

-		}

-	if (a != NULL) (*a)=ret;

-	return(ret);

-err:

-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);

-	return(NULL);

-	}

-/* This works like d2i_PrivateKey() except it automatically works out the type */

-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,

-	     long length)

-{

-	STACK_OF(ASN1_TYPE) *inkey;

-	const unsigned char *p;

-	int keytype;

-	p = *pp;

-	/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):

-	 * by analyzing it we can determine the passed structure: this

-	 * assumes the input is surrounded by an ASN1 SEQUENCE.

-	 */

-	inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,

-			ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);

-	/* Since we only need to discern "traditional format" RSA and DSA

-	 * keys we can just count the elements.

-         */

-	if(sk_ASN1_TYPE_num(inkey) == 6)

-		keytype = EVP_PKEY_DSA;

-	else if (sk_ASN1_TYPE_num(inkey) == 4)

-		keytype = EVP_PKEY_EC;

-	else keytype = EVP_PKEY_RSA;

-	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);

-	return d2i_PrivateKey(keytype, a, pp, length);

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/d2i_pu.c

+++ /dev/null

@@ -1,135 +1,0 @@

-/* crypto/asn1/d2i_pu.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,

-	     long length)

-	{

-	EVP_PKEY *ret;

-	if ((a == NULL) || (*a == NULL))

-		{

-		if ((ret=EVP_PKEY_new()) == NULL)

-			{

-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);

-			return(NULL);

-			}

-		}

-	else	ret= *a;

-	ret->save_type=type;

-	ret->type=EVP_PKEY_type(type);

-	switch (ret->type)

-		{

-#ifndef OPENSSL_NO_RSA

-	case EVP_PKEY_RSA:

-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,

-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */

-			{

-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-	case EVP_PKEY_DSA:

-		if (!d2i_DSAPublicKey(&(ret->pkey.dsa),

-			(const unsigned char **)pp,length)) /* TMP UGLY CAST */

-			{

-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		break;

-#endif

-#ifndef OPENSSL_NO_EC

-	case EVP_PKEY_EC:

-		if (!o2i_ECPublicKey(&(ret->pkey.ec),

-				     (const unsigned char **)pp, length))

-			{

-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);

-			goto err;

-			}

-	break;

-#endif

-	default:

-		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);

-		goto err;

-		/* break; */

-		}

-	if (a != NULL) (*a)=ret;

-	return(ret);

-err:

-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);

-	return(NULL);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/evp_asn1.c

+++ /dev/null

@@ -1,189 +1,0 @@

-/* crypto/asn1/evp_asn1.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/asn1_mac.h>

-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)

-	{

-	ASN1_STRING *os;

-	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);

-	if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);

-	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);

-	return(1);

-	}

-/* int max_len:  for returned value    */

-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,

-	     int max_len)

-	{

-	int ret,num;

-	unsigned char *p;

-	if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))

-		{

-		ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);

-		return(-1);

-		}

-	p=M_ASN1_STRING_data(a->value.octet_string);

-	ret=M_ASN1_STRING_length(a->value.octet_string);

-	if (ret < max_len)

-		num=ret;

-	else

-		num=max_len;

-	memcpy(data,p,num);

-	return(ret);

-	}

-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,

-	     int len)

-	{

-	int n,size;

-	ASN1_OCTET_STRING os,*osp;

-	ASN1_INTEGER in;

-	unsigned char *p;

-	unsigned char buf[32]; /* when they have 256bit longs,

-				* I'll be in trouble */

-	in.data=buf;

-	in.length=32;

-	os.data=data;

-	os.type=V_ASN1_OCTET_STRING;

-	os.length=len;

-	ASN1_INTEGER_set(&in,num);

-	n =  i2d_ASN1_INTEGER(&in,NULL);

-	n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);

-	size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);

-	if ((osp=ASN1_STRING_new()) == NULL) return(0);

-	/* Grow the 'string' */

-	if (!ASN1_STRING_set(osp,NULL,size))

-		{

-		ASN1_STRING_free(osp);

-		return(0);

-		}

-	M_ASN1_STRING_length_set(osp, size);

-	p=M_ASN1_STRING_data(osp);

-	ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);

-	  i2d_ASN1_INTEGER(&in,&p);

-	M_i2d_ASN1_OCTET_STRING(&os,&p);

-	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);

-	return(1);

-	}

-/* we return the actual length..., num may be missing, in which

- * case, set it to zero */

-/* int max_len:  for returned value    */

-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,

-	     int max_len)

-	{

-	int ret= -1,n;

-	ASN1_INTEGER *ai=NULL;

-	ASN1_OCTET_STRING *os=NULL;

-	const unsigned char *p;

-	long length;

-	ASN1_const_CTX c;

-	if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))

-		{

-		goto err;

-		}

-	p=M_ASN1_STRING_data(a->value.sequence);

-	length=M_ASN1_STRING_length(a->value.sequence);

-	c.pp= &p;

-	c.p=p;

-	c.max=p+length;

-	c.error=ASN1_R_DATA_IS_WRONG;

-	M_ASN1_D2I_start_sequence();

-	c.q=c.p;

-	if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;

-        c.slen-=(c.p-c.q);

-	c.q=c.p;

-	if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;

-        c.slen-=(c.p-c.q);

-	if (!M_ASN1_D2I_end_sequence()) goto err;

-	if (num != NULL)

-		*num=ASN1_INTEGER_get(ai);

-	ret=M_ASN1_STRING_length(os);

-	if (max_len > ret)

-		n=ret;

-	else

-		n=max_len;

-	if (data != NULL)

-		memcpy(data,M_ASN1_STRING_data(os),n);

-	if (0)

-		{

-err:

-		ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);

-		}

-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);

-	if (ai != NULL) M_ASN1_INTEGER_free(ai);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/f_enum.c

+++ /dev/null

@@ -1,207 +1,0 @@

-/* crypto/asn1/f_enum.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-/* Based on a_int.c: equivalent ENUMERATED functions */

-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)

-	{

-	int i,n=0;

-	static const char *h="0123456789ABCDEF";

-	char buf[2];

-	if (a == NULL) return(0);

-	if (a->length == 0)

-		{

-		if (BIO_write(bp,"00",2) != 2) goto err;

-		n=2;

-		}

-	else

-		{

-		for (i=0; i<a->length; i++)

-			{

-			if ((i != 0) && (i%35 == 0))

-				{

-				if (BIO_write(bp,"\\\n",2) != 2) goto err;

-				n+=2;

-				}

-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];

-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];

-			if (BIO_write(bp,buf,2) != 2) goto err;

-			n+=2;

-			}

-		}

-	return(n);

-err:

-	return(-1);

-	}

-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)

-	{

-	int ret=0;

-	int i,j,k,m,n,again,bufsize;

-	unsigned char *s=NULL,*sp;

-	unsigned char *bufp;

-	int num=0,slen=0,first=1;

-	bs->type=V_ASN1_ENUMERATED;

-	bufsize=BIO_gets(bp,buf,size);

-	for (;;)

-		{

-		if (bufsize < 1) goto err_sl;

-		i=bufsize;

-		if (buf[i-1] == '\n') buf[--i]='\0';

-		if (i == 0) goto err_sl;

-		if (buf[i-1] == '\r') buf[--i]='\0';

-		if (i == 0) goto err_sl;

-		again=(buf[i-1] == '\\');

-		for (j=0; j<i; j++)

-			{

-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||

-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||

-				((buf[j] >= 'A') && (buf[j] <= 'F'))))

-				{

-				i=j;

-				break;

-				}

-			}

-		buf[i]='\0';

-		/* We have now cleared all the crap off the end of the

-		 * line */

-		if (i < 2) goto err_sl;

-		bufp=(unsigned char *)buf;

-		if (first)

-			{

-			first=0;

-			if ((bufp[0] == '0') && (buf[1] == '0'))

-				{

-				bufp+=2;

-				i-=2;

-				}

-			}

-		k=0;

-		i-=again;

-		if (i%2 != 0)

-			{

-			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);

-			goto err;

-			}

-		i/=2;

-		if (num+i > slen)

-			{

-			if (s == NULL)

-				sp=(unsigned char *)OPENSSL_malloc(

-					(unsigned int)num+i*2);

-			else

-				sp=(unsigned char *)OPENSSL_realloc(s,

-					(unsigned int)num+i*2);

-			if (sp == NULL)

-				{

-				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);

-				if (s != NULL) OPENSSL_free(s);

-				goto err;

-				}

-			s=sp;

-			slen=num+i*2;

-			}

-		for (j=0; j<i; j++,k+=2)

-			{

-			for (n=0; n<2; n++)

-				{

-				m=bufp[k+n];

-				if ((m >= '0') && (m <= '9'))

-					m-='0';

-				else if ((m >= 'a') && (m <= 'f'))

-					m=m-'a'+10;

-				else if ((m >= 'A') && (m <= 'F'))

-					m=m-'A'+10;

-				else

-					{

-					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);

-					goto err;

-					}

-				s[num+j]<<=4;

-				s[num+j]|=m;

-				}

-			}

-		num+=i;

-		if (again)

-			bufsize=BIO_gets(bp,buf,size);

-		else

-			break;

-		}

-	bs->length=num;

-	bs->data=s;

-	ret=1;

-err:

-	if (0)

-		{

-err_sl:

-		ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/f_int.c

+++ /dev/null

@@ -1,219 +1,0 @@

-/* crypto/asn1/f_int.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)

-	{

-	int i,n=0;

-	static const char *h="0123456789ABCDEF";

-	char buf[2];

-	if (a == NULL) return(0);

-	if (a->type & V_ASN1_NEG)

-		{

-		if (BIO_write(bp, "-", 1) != 1) goto err;

-		n = 1;

-		}

-	if (a->length == 0)

-		{

-		if (BIO_write(bp,"00",2) != 2) goto err;

-		n += 2;

-		}

-	else

-		{

-		for (i=0; i<a->length; i++)

-			{

-			if ((i != 0) && (i%35 == 0))

-				{

-				if (BIO_write(bp,"\\\n",2) != 2) goto err;

-				n+=2;

-				}

-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];

-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];

-			if (BIO_write(bp,buf,2) != 2) goto err;

-			n+=2;

-			}

-		}

-	return(n);

-err:

-	return(-1);

-	}

-int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)

-	{

-	int ret=0;

-	int i,j,k,m,n,again,bufsize;

-	unsigned char *s=NULL,*sp;

-	unsigned char *bufp;

-	int num=0,slen=0,first=1;

-	bs->type=V_ASN1_INTEGER;

-	bufsize=BIO_gets(bp,buf,size);

-	for (;;)

-		{

-		if (bufsize < 1) goto err_sl;

-		i=bufsize;

-		if (buf[i-1] == '\n') buf[--i]='\0';

-		if (i == 0) goto err_sl;

-		if (buf[i-1] == '\r') buf[--i]='\0';

-		if (i == 0) goto err_sl;

-		again=(buf[i-1] == '\\');

-		for (j=0; j<i; j++)

-			{

-#ifndef CHARSET_EBCDIC

-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||

-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||

-				((buf[j] >= 'A') && (buf[j] <= 'F'))))

-#else

-			/* This #ifdef is not strictly necessary, since

-			 * the characters A...F a...f 0...9 are contiguous

-			 * (yes, even in EBCDIC - but not the whole alphabet).

-			 * Nevertheless, isxdigit() is faster.

-			 */

-			if (!isxdigit(buf[j]))

-#endif

-				{

-				i=j;

-				break;

-				}

-			}

-		buf[i]='\0';

-		/* We have now cleared all the crap off the end of the

-		 * line */

-		if (i < 2) goto err_sl;

-		bufp=(unsigned char *)buf;

-		if (first)

-			{

-			first=0;

-			if ((bufp[0] == '0') && (buf[1] == '0'))

-				{

-				bufp+=2;

-				i-=2;

-				}

-			}

-		k=0;

-		i-=again;

-		if (i%2 != 0)

-			{

-			ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);

-			goto err;

-			}

-		i/=2;

-		if (num+i > slen)

-			{

-			if (s == NULL)

-				sp=(unsigned char *)OPENSSL_malloc(

-					(unsigned int)num+i*2);

-			else

-				sp=OPENSSL_realloc_clean(s,slen,num+i*2);

-			if (sp == NULL)

-				{

-				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);

-				if (s != NULL) OPENSSL_free(s);

-				goto err;

-				}

-			s=sp;

-			slen=num+i*2;

-			}

-		for (j=0; j<i; j++,k+=2)

-			{

-			for (n=0; n<2; n++)

-				{

-				m=bufp[k+n];

-				if ((m >= '0') && (m <= '9'))

-					m-='0';

-				else if ((m >= 'a') && (m <= 'f'))

-					m=m-'a'+10;

-				else if ((m >= 'A') && (m <= 'F'))

-					m=m-'A'+10;

-				else

-					{

-					ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);

-					goto err;

-					}

-				s[num+j]<<=4;

-				s[num+j]|=m;

-				}

-			}

-		num+=i;

-		if (again)

-			bufsize=BIO_gets(bp,buf,size);

-		else

-			break;

-		}

-	bs->length=num;

-	bs->data=s;

-	ret=1;

-err:

-	if (0)

-		{

-err_sl:

-		ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/f_string.c

+++ /dev/null

@@ -1,212 +1,0 @@

-/* crypto/asn1/f_string.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)

-	{

-	int i,n=0;

-	static const char *h="0123456789ABCDEF";

-	char buf[2];

-	if (a == NULL) return(0);

-	if (a->length == 0)

-		{

-		if (BIO_write(bp,"0",1) != 1) goto err;

-		n=1;

-		}

-	else

-		{

-		for (i=0; i<a->length; i++)

-			{

-			if ((i != 0) && (i%35 == 0))

-				{

-				if (BIO_write(bp,"\\\n",2) != 2) goto err;

-				n+=2;

-				}

-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];

-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];

-			if (BIO_write(bp,buf,2) != 2) goto err;

-			n+=2;

-			}

-		}

-	return(n);

-err:

-	return(-1);

-	}

-int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)

-	{

-	int ret=0;

-	int i,j,k,m,n,again,bufsize;

-	unsigned char *s=NULL,*sp;

-	unsigned char *bufp;

-	int num=0,slen=0,first=1;

-	bufsize=BIO_gets(bp,buf,size);

-	for (;;)

-		{

-		if (bufsize < 1)

-			{

-			if (first)

-				break;

-			else

-				goto err_sl;

-			}

-		first=0;

-		i=bufsize;

-		if (buf[i-1] == '\n') buf[--i]='\0';

-		if (i == 0) goto err_sl;

-		if (buf[i-1] == '\r') buf[--i]='\0';

-		if (i == 0) goto err_sl;

-		again=(buf[i-1] == '\\');

-		for (j=i-1; j>0; j--)

-			{

-#ifndef CHARSET_EBCDIC

-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||

-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||

-				((buf[j] >= 'A') && (buf[j] <= 'F'))))

-#else

-			/* This #ifdef is not strictly necessary, since

-			 * the characters A...F a...f 0...9 are contiguous

-			 * (yes, even in EBCDIC - but not the whole alphabet).

-			 * Nevertheless, isxdigit() is faster.

-			 */

-			if (!isxdigit(buf[j]))

-#endif

-				{

-				i=j;

-				break;

-				}

-			}

-		buf[i]='\0';

-		/* We have now cleared all the crap off the end of the

-		 * line */

-		if (i < 2) goto err_sl;

-		bufp=(unsigned char *)buf;

-		k=0;

-		i-=again;

-		if (i%2 != 0)

-			{

-			ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);

-			goto err;

-			}

-		i/=2;

-		if (num+i > slen)

-			{

-			if (s == NULL)

-				sp=(unsigned char *)OPENSSL_malloc(

-					(unsigned int)num+i*2);

-			else

-				sp=(unsigned char *)OPENSSL_realloc(s,

-					(unsigned int)num+i*2);

-			if (sp == NULL)

-				{

-				ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);

-				if (s != NULL) OPENSSL_free(s);

-				goto err;

-				}

-			s=sp;

-			slen=num+i*2;

-			}

-		for (j=0; j<i; j++,k+=2)

-			{

-			for (n=0; n<2; n++)

-				{

-				m=bufp[k+n];

-				if ((m >= '0') && (m <= '9'))

-					m-='0';

-				else if ((m >= 'a') && (m <= 'f'))

-					m=m-'a'+10;

-				else if ((m >= 'A') && (m <= 'F'))

-					m=m-'A'+10;

-				else

-					{

-					ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);

-					goto err;

-					}

-				s[num+j]<<=4;

-				s[num+j]|=m;

-				}

-			}

-		num+=i;

-		if (again)

-			bufsize=BIO_gets(bp,buf,size);

-		else

-			break;

-		}

-	bs->length=num;

-	bs->data=s;

-	ret=1;

-err:

-	if (0)

-		{

-err_sl:

-		ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/i2d_pr.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* crypto/asn1/i2d_pr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)

-	{

-#ifndef OPENSSL_NO_RSA

-	if (a->type == EVP_PKEY_RSA)

-		{

-		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));

-		}

-	else

-#endif

-#ifndef OPENSSL_NO_DSA

-	if (a->type == EVP_PKEY_DSA)

-		{

-		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	if (a->type == EVP_PKEY_EC)

-		{

-		return(i2d_ECPrivateKey(a->pkey.ec, pp));

-		}

-#endif

-	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

-	return(-1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/i2d_pu.c

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/asn1/i2d_pu.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)

-	{

-	switch (a->type)

-		{

-#ifndef OPENSSL_NO_RSA

-	case EVP_PKEY_RSA:

-		return(i2d_RSAPublicKey(a->pkey.rsa,pp));

-#endif

-#ifndef OPENSSL_NO_DSA

-	case EVP_PKEY_DSA:

-		return(i2d_DSAPublicKey(a->pkey.dsa,pp));

-#endif

-#ifndef OPENSSL_NO_EC

-	case EVP_PKEY_EC:

-		return(i2o_ECPublicKey(a->pkey.ec, pp));

-#endif

-	default:

-		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

-		return(-1);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/n_pkey.c

+++ /dev/null

@@ -1,344 +1,0 @@

-/* crypto/asn1/n_pkey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#include <openssl/objects.h>

-#include <openssl/asn1t.h>

-#include <openssl/asn1_mac.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RC4

-typedef struct netscape_pkey_st

-	{

-	long version;

-	X509_ALGOR *algor;

-	ASN1_OCTET_STRING *private_key;

-	} NETSCAPE_PKEY;

-typedef struct netscape_encrypted_pkey_st

-	{

-	ASN1_OCTET_STRING *os;

-	/* This is the same structure as DigestInfo so use it:

-	 * although this isn't really anything to do with

-	 * digests.

-	 */

-	X509_SIG *enckey;

-	} NETSCAPE_ENCRYPTED_PKEY;

-ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {

-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)

-} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)

-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)

-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)

-ASN1_SEQUENCE(NETSCAPE_PKEY) = {

-	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),

-	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),

-	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(NETSCAPE_PKEY)

-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)

-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)

-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,

-			  int (*cb)(char *buf, int len, const char *prompt,

-				    int verify),

-			  int sgckey);

-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,

-		     int (*cb)(char *buf, int len, const char *prompt,

-			       int verify))

-{

-	return i2d_RSA_NET(a, pp, cb, 0);

-}

-int i2d_RSA_NET(const RSA *a, unsigned char **pp,

-		int (*cb)(char *buf, int len, const char *prompt, int verify),

-		int sgckey)

-	{

-	int i, j, ret = 0;

-	int rsalen, pkeylen, olen;

-	NETSCAPE_PKEY *pkey = NULL;

-	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;

-	unsigned char buf[256],*zz;

-	unsigned char key[EVP_MAX_KEY_LENGTH];

-	EVP_CIPHER_CTX ctx;

-	if (a == NULL) return(0);

-	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;

-	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;

-	pkey->version = 0;

-	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);

-	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;

-	pkey->algor->parameter->type=V_ASN1_NULL;

-	rsalen = i2d_RSAPrivateKey(a, NULL);

-	/* Fake some octet strings just for the initial length

-	 * calculation.

- 	 */

-	pkey->private_key->length=rsalen;

-	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);

-	enckey->enckey->digest->length = pkeylen;

-	enckey->os->length = 11;	/* "private-key" */

-	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);

-	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;

-	enckey->enckey->algor->parameter->type=V_ASN1_NULL;

-	if (pp == NULL)

-		{

-		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);

-		NETSCAPE_PKEY_free(pkey);

-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);

-		return olen;

-		}

-	/* Since its RC4 encrypted length is actual length */

-	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)

-		{

-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	pkey->private_key->data = zz;

-	/* Write out private key encoding */

-	i2d_RSAPrivateKey(a,&zz);

-	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)

-		{

-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!ASN1_STRING_set(enckey->os, "private-key", -1))

-		{

-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	enckey->enckey->digest->data = zz;

-	i2d_NETSCAPE_PKEY(pkey,&zz);

-	/* Wipe the private key encoding */

-	OPENSSL_cleanse(pkey->private_key->data, rsalen);

-	if (cb == NULL)

-		cb=EVP_read_pw_string;

-	i=cb((char *)buf,256,"Enter Private Key password:",1);

-	if (i != 0)

-		{

-		ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);

-		goto err;

-		}

-	i = strlen((char *)buf);

-	/* If the key is used for SGC the algorithm is modified a little. */

-	if(sgckey) {

-		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);

-		memcpy(buf + 16, "SGCKEYSALT", 10);

-		i = 26;

-	}

-	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);

-	OPENSSL_cleanse(buf,256);

-	/* Encrypt private key in place */

-	zz = enckey->enckey->digest->data;

-	EVP_CIPHER_CTX_init(&ctx);

-	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);

-	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);

-	EVP_EncryptFinal_ex(&ctx,zz + i,&j);

-	EVP_CIPHER_CTX_cleanup(&ctx);

-	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);

-err:

-	NETSCAPE_ENCRYPTED_PKEY_free(enckey);

-	NETSCAPE_PKEY_free(pkey);

-	return(ret);

-	}

-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,

-		      int (*cb)(char *buf, int len, const char *prompt,

-				int verify))

-{

-	return d2i_RSA_NET(a, pp, length, cb, 0);

-}

-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,

-		 int (*cb)(char *buf, int len, const char *prompt, int verify),

-		 int sgckey)

-	{

-	RSA *ret=NULL;

-	const unsigned char *p, *kp;

-	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;

-	p = *pp;

-	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);

-	if(!enckey) {

-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);

-		return NULL;

-	}

-	if ((enckey->os->length != 11) || (strncmp("private-key",

-		(char *)enckey->os->data,11) != 0))

-		{

-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);

-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);

-		return NULL;

-		}

-	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)

-		{

-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);

-		goto err;

-	}

-	kp = enckey->enckey->digest->data;

-	if (cb == NULL)

-		cb=EVP_read_pw_string;

-	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;

-	*pp = p;

-	err:

-	NETSCAPE_ENCRYPTED_PKEY_free(enckey);

-	return ret;

-	}

-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,

-			  int (*cb)(char *buf, int len, const char *prompt,

-				    int verify), int sgckey)

-	{

-	NETSCAPE_PKEY *pkey=NULL;

-	RSA *ret=NULL;

-	int i,j;

-	unsigned char buf[256];

-	const unsigned char *zz;

-	unsigned char key[EVP_MAX_KEY_LENGTH];

-	EVP_CIPHER_CTX ctx;

-	i=cb((char *)buf,256,"Enter Private Key password:",0);

-	if (i != 0)

-		{

-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);

-		goto err;

-		}

-	i = strlen((char *)buf);

-	if(sgckey){

-		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);

-		memcpy(buf + 16, "SGCKEYSALT", 10);

-		i = 26;

-	}

-	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);

-	OPENSSL_cleanse(buf,256);

-	EVP_CIPHER_CTX_init(&ctx);

-	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);

-	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);

-	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);

-	EVP_CIPHER_CTX_cleanup(&ctx);

-	os->length=i+j;

-	zz=os->data;

-	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)

-		{

-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);

-		goto err;

-		}

-	zz=pkey->private_key->data;

-	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)

-		{

-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);

-		goto err;

-		}

-err:

-	NETSCAPE_PKEY_free(pkey);

-	return(ret);

-	}

-#endif /* OPENSSL_NO_RC4 */

-#else /* !OPENSSL_NO_RSA */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/nsseq.c

+++ /dev/null

@@ -1,82 +1,0 @@

-/* nsseq.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_NEW_POST) {

-		NETSCAPE_CERT_SEQUENCE *nsseq;

-		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;

-		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);

-	}

-	return 1;

-}

-/* Netscape certificate sequence structure */

-ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {

-	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),

-	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)

-} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)

-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)

--- a/sys/src/ape/lib/openssl/crypto/asn1/p5_pbe.c

+++ /dev/null

@@ -1,131 +1,0 @@

-/* p5_pbe.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-#include <openssl/rand.h>

-/* PKCS#5 password based encryption structure */

-ASN1_SEQUENCE(PBEPARAM) = {

-	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(PBEPARAM)

-IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)

-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */

-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,

-	     int saltlen)

-{

-	PBEPARAM *pbe=NULL;

-	ASN1_OBJECT *al;

-	X509_ALGOR *algor;

-	ASN1_TYPE *astype=NULL;

-	if (!(pbe = PBEPARAM_new ())) {

-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;

-	if (!ASN1_INTEGER_set(pbe->iter, iter)) {

-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if (!saltlen) saltlen = PKCS5_SALT_LEN;

-	if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {

-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	pbe->salt->length = saltlen;

-	if (salt) memcpy (pbe->salt->data, salt, saltlen);

-	else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)

-		goto err;

-	if (!(astype = ASN1_TYPE_new())) {

-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	astype->type = V_ASN1_SEQUENCE;

-	if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,

-				&astype->value.sequence)) {

-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	PBEPARAM_free (pbe);

-	pbe = NULL;

-	al = OBJ_nid2obj(alg); /* never need to free al */

-	if (!(algor = X509_ALGOR_new())) {

-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	ASN1_OBJECT_free(algor->algorithm);

-	algor->algorithm = al;

-	algor->parameter = astype;

-	return (algor);

-err:

-	if (pbe != NULL) PBEPARAM_free(pbe);

-	if (astype != NULL) ASN1_TYPE_free(astype);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/p5_pbev2.c

+++ /dev/null

@@ -1,205 +1,0 @@

-/* p5_pbev2.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999-2004.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-#include <openssl/rand.h>

-/* PKCS#5 v2.0 password based encryption structures */

-ASN1_SEQUENCE(PBE2PARAM) = {

-	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),

-	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)

-} ASN1_SEQUENCE_END(PBE2PARAM)

-IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)

-ASN1_SEQUENCE(PBKDF2PARAM) = {

-	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),

-	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),

-	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),

-	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)

-} ASN1_SEQUENCE_END(PBKDF2PARAM)

-IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)

-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:

- * yes I know this is horrible!

- */

-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,

-				 unsigned char *salt, int saltlen)

-{

-	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;

-	int alg_nid;

-	EVP_CIPHER_CTX ctx;

-	unsigned char iv[EVP_MAX_IV_LENGTH];

-	PBKDF2PARAM *kdf = NULL;

-	PBE2PARAM *pbe2 = NULL;

-	ASN1_OCTET_STRING *osalt = NULL;

-	ASN1_OBJECT *obj;

-	alg_nid = EVP_CIPHER_type(cipher);

-	if(alg_nid == NID_undef) {

-		ASN1err(ASN1_F_PKCS5_PBE2_SET,

-				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);

-		goto err;

-	}

-	obj = OBJ_nid2obj(alg_nid);

-	if(!(pbe2 = PBE2PARAM_new())) goto merr;

-	/* Setup the AlgorithmIdentifier for the encryption scheme */

-	scheme = pbe2->encryption;

-	scheme->algorithm = obj;

-	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;

-	/* Create random IV */

-	if (EVP_CIPHER_iv_length(cipher) &&

-		RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)

-  		goto err;

-	EVP_CIPHER_CTX_init(&ctx);

-	/* Dummy cipherinit to just setup the IV */

-	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);

-	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {

-		ASN1err(ASN1_F_PKCS5_PBE2_SET,

-					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);

-		EVP_CIPHER_CTX_cleanup(&ctx);

-		goto err;

-	}

-	EVP_CIPHER_CTX_cleanup(&ctx);

-	if(!(kdf = PBKDF2PARAM_new())) goto merr;

-	if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;

-	if (!saltlen) saltlen = PKCS5_SALT_LEN;

-	if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;

-	osalt->length = saltlen;

-	if (salt) memcpy (osalt->data, salt, saltlen);

-	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;

-	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;

-	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;

-	/* Now include salt in kdf structure */

-	kdf->salt->value.octet_string = osalt;

-	kdf->salt->type = V_ASN1_OCTET_STRING;

-	osalt = NULL;

-	/* If its RC2 then we'd better setup the key length */

-	if(alg_nid == NID_rc2_cbc) {

-		if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;

-		if(!ASN1_INTEGER_set (kdf->keylength,

-				 EVP_CIPHER_key_length(cipher))) goto merr;

-	}

-	/* prf can stay NULL because we are using hmacWithSHA1 */

-	/* Now setup the PBE2PARAM keyfunc structure */

-	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);

-	/* Encode PBKDF2PARAM into parameter of pbe2 */

-	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;

-	if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,

-			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;

-	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;

-	PBKDF2PARAM_free(kdf);

-	kdf = NULL;

-	/* Now set up top level AlgorithmIdentifier */

-	if(!(ret = X509_ALGOR_new())) goto merr;

-	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;

-	ret->algorithm = OBJ_nid2obj(NID_pbes2);

-	/* Encode PBE2PARAM into parameter */

-	if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,

-				 &ret->parameter->value.sequence)) goto merr;

-	ret->parameter->type = V_ASN1_SEQUENCE;

-	PBE2PARAM_free(pbe2);

-	pbe2 = NULL;

-	return ret;

-	merr:

-	ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);

-	err:

-	PBE2PARAM_free(pbe2);

-	/* Note 'scheme' is freed as part of pbe2 */

-	M_ASN1_OCTET_STRING_free(osalt);

-	PBKDF2PARAM_free(kdf);

-	X509_ALGOR_free(kalg);

-	X509_ALGOR_free(ret);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/p8_key.c

+++ /dev/null

@@ -1,131 +1,0 @@

-/* crypto/asn1/p8_key.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1_mac.h>

-#include <openssl/objects.h>

-int i2d_X509_KEY(X509 *a, unsigned char **pp)

-	{

-	M_ASN1_I2D_vars(a);

-	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);

-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);

-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);

-	M_ASN1_I2D_seq_total();

-	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);

-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);

-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);

-	M_ASN1_I2D_finish();

-	}

-X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)

-	{

-	M_ASN1_D2I_vars(a,X509 *,X509_new);

-	M_ASN1_D2I_Init();

-	M_ASN1_D2I_start_sequence();

-	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);

-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);

-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);

-	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);

-	}

-X509 *X509_KEY_new(void)

-	{

-	X509_KEY *ret=NULL;

-	M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);

-	ret->references=1;

-	ret->type=NID

-	M_ASN1_New(ret->cert_info,X509_CINF_new);

-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);

-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);

-	return(ret);

-	M_ASN1_New_Error(ASN1_F_X509_NEW);

-	}

-void X509_KEY_free(X509 *a)

-	{

-	int i;

-	if (a == NULL) return;

-	i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);

-#ifdef REF_PRINT

-	REF_PRINT("X509_KEY",a);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"X509_KEY_free, bad reference count\n");

-		abort();

-		}

-#endif

-	X509_CINF_free(a->cert_info);

-	X509_ALGOR_free(a->sig_alg);

-	ASN1_BIT_STRING_free(a->signature);

-	OPENSSL_free(a);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/p8_pkey.c

+++ /dev/null

@@ -1,84 +1,0 @@

-/* p8_pkey.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-/* Minor tweak to operation: zero private key data */

-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	/* Since the structure must still be valid use ASN1_OP_FREE_PRE */

-	if(operation == ASN1_OP_FREE_PRE) {

-		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;

-		if (key->pkey->value.octet_string)

-		OPENSSL_cleanse(key->pkey->value.octet_string->data,

-			key->pkey->value.octet_string->length);

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {

-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),

-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),

-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),

-	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)

-} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_bitst.c

+++ /dev/null

@@ -1,102 +1,0 @@

-/* t_bitst.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,

-				BIT_STRING_BITNAME *tbl, int indent)

-{

-	BIT_STRING_BITNAME *bnam;

-	char first = 1;

-	BIO_printf(out, "%*s", indent, "");

-	for(bnam = tbl; bnam->lname; bnam++) {

-		if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {

-			if(!first) BIO_puts(out, ", ");

-			BIO_puts(out, bnam->lname);

-			first = 0;

-		}

-	}

-	BIO_puts(out, "\n");

-	return 1;

-}

-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,

-				BIT_STRING_BITNAME *tbl)

-{

-	int bitnum;

-	bitnum = ASN1_BIT_STRING_num_asc(name, tbl);

-	if(bitnum < 0) return 0;

-	if(bs) {

-		if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))

-			return 0;

-	}

-	return 1;

-}

-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)

-{

-	BIT_STRING_BITNAME *bnam;

-	for(bnam = tbl; bnam->lname; bnam++) {

-		if(!strcmp(bnam->sname, name) ||

-			!strcmp(bnam->lname, name) ) return bnam->bitnum;

-	}

-	return -1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_crl.c

+++ /dev/null

@@ -1,134 +1,0 @@

-/* t_crl.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/bn.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_FP_API

-int X509_CRL_print_fp(FILE *fp, X509_CRL *x)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=X509_CRL_print(b, x);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int X509_CRL_print(BIO *out, X509_CRL *x)

-{

-	STACK_OF(X509_REVOKED) *rev;

-	X509_REVOKED *r;

-	long l;

-	int i, n;

-	char *p;

-	BIO_printf(out, "Certificate Revocation List (CRL):\n");

-	l = X509_CRL_get_version(x);

-	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);

-	i = OBJ_obj2nid(x->sig_alg->algorithm);

-	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",

-				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));

-	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);

-	BIO_printf(out,"%8sIssuer: %s\n","",p);

-	OPENSSL_free(p);

-	BIO_printf(out,"%8sLast Update: ","");

-	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));

-	BIO_printf(out,"\n%8sNext Update: ","");

-	if (X509_CRL_get_nextUpdate(x))

-		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));

-	else BIO_printf(out,"NONE");

-	BIO_printf(out,"\n");

-	n=X509_CRL_get_ext_count(x);

-	X509V3_extensions_print(out, "CRL extensions",

-						x->crl->extensions, 0, 8);

-	rev = X509_CRL_get_REVOKED(x);

-	if(sk_X509_REVOKED_num(rev) > 0)

-	    BIO_printf(out, "Revoked Certificates:\n");

-	else BIO_printf(out, "No Revoked Certificates.\n");

-	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {

-		r = sk_X509_REVOKED_value(rev, i);

-		BIO_printf(out,"    Serial Number: ");

-		i2a_ASN1_INTEGER(out,r->serialNumber);

-		BIO_printf(out,"\n        Revocation Date: ");

-		ASN1_TIME_print(out,r->revocationDate);

-		BIO_printf(out,"\n");

-		X509V3_extensions_print(out, "CRL entry extensions",

-						r->extensions, 0, 8);

-	}

-	X509_signature_print(out, x->sig_alg, x->signature);

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_pkey.c

+++ /dev/null

@@ -1,839 +1,0 @@

-/* crypto/asn1/t_pkey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Binary polynomial ECC support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-static int print(BIO *fp,const char *str, const BIGNUM *num,

-		unsigned char *buf,int off);

-#ifndef OPENSSL_NO_EC

-static int print_bin(BIO *fp, const char *str, const unsigned char *num,

-		size_t len, int off);

-#endif

-#ifndef OPENSSL_NO_RSA

-#ifndef OPENSSL_NO_FP_API

-int RSA_print_fp(FILE *fp, const RSA *x, int off)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);

-		return(0);

-		}

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	ret=RSA_print(b,x,off);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int RSA_print(BIO *bp, const RSA *x, int off)

-	{

-	char str[128];

-	const char *s;

-	unsigned char *m=NULL;

-	int ret=0, mod_len = 0;

-	size_t buf_len=0, i;

-	if (x->n)

-		buf_len = (size_t)BN_num_bytes(x->n);

-	if (x->e)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))

-			buf_len = i;

-	if (x->d)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))

-			buf_len = i;

-	if (x->p)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))

-			buf_len = i;

-	if (x->q)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))

-			buf_len = i;

-	if (x->dmp1)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))

-			buf_len = i;

-	if (x->dmq1)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))

-			buf_len = i;

-	if (x->iqmp)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))

-			buf_len = i;

-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);

-	if (m == NULL)

-		{

-		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (x->n != NULL)

-		mod_len = BN_num_bits(x->n);

-	if (x->d != NULL)

-		{

-		if(!BIO_indent(bp,off,128))

-		   goto err;

-		if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)

-			<= 0) goto err;

-		}

-	if (x->d == NULL)

-		BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);

-	else

-		BUF_strlcpy(str,"modulus:",sizeof str);

-	if (!print(bp,str,x->n,m,off)) goto err;

-	s=(x->d == NULL)?"Exponent:":"publicExponent:";

-	if ((x->e != NULL) && !print(bp,s,x->e,m,off))

-		goto err;

-	if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))

-		goto err;

-	if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))

-		goto err;

-	if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))

-		goto err;

-	if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))

-		goto err;

-	if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))

-		goto err;

-	if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))

-		goto err;

-	ret=1;

-err:

-	if (m != NULL) OPENSSL_free(m);

-	return(ret);

-	}

-#endif /* OPENSSL_NO_RSA */

-#ifndef OPENSSL_NO_DSA

-#ifndef OPENSSL_NO_FP_API

-int DSA_print_fp(FILE *fp, const DSA *x, int off)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);

-		return(0);

-		}

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	ret=DSA_print(b,x,off);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int DSA_print(BIO *bp, const DSA *x, int off)

-	{

-	unsigned char *m=NULL;

-	int ret=0;

-	size_t buf_len=0,i;

-	if (x->p)

-		buf_len = (size_t)BN_num_bytes(x->p);

-	else

-		{

-		DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);

-		goto err;

-		}

-	if (x->q)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))

-			buf_len = i;

-	if (x->g)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))

-			buf_len = i;

-	if (x->priv_key)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))

-			buf_len = i;

-	if (x->pub_key)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))

-			buf_len = i;

-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);

-	if (m == NULL)

-		{

-		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (x->priv_key != NULL)

-		{

-		if(!BIO_indent(bp,off,128))

-		   goto err;

-		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))

-			<= 0) goto err;

-		}

-	if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))

-		goto err;

-	if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))

-		goto err;

-	if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;

-	if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;

-	if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;

-	ret=1;

-err:

-	if (m != NULL) OPENSSL_free(m);

-	return(ret);

-	}

-#endif /* !OPENSSL_NO_DSA */

-#ifndef OPENSSL_NO_EC

-#ifndef OPENSSL_NO_FP_API

-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);

-		return(0);

-		}

-	BIO_set_fp(b, fp, BIO_NOCLOSE);

-	ret = ECPKParameters_print(b, x, off);

-	BIO_free(b);

-	return(ret);

-	}

-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);

-		return(0);

-		}

-	BIO_set_fp(b, fp, BIO_NOCLOSE);

-	ret = EC_KEY_print(b, x, off);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)

-	{

-	unsigned char *buffer=NULL;

-	size_t	buf_len=0, i;

-	int     ret=0, reason=ERR_R_BIO_LIB;

-	BN_CTX  *ctx=NULL;

-	const EC_POINT *point=NULL;

-	BIGNUM	*p=NULL, *a=NULL, *b=NULL, *gen=NULL,

-		*order=NULL, *cofactor=NULL;

-	const unsigned char *seed;

-	size_t	seed_len=0;

-	static const char *gen_compressed = "Generator (compressed):";

-	static const char *gen_uncompressed = "Generator (uncompressed):";

-	static const char *gen_hybrid = "Generator (hybrid):";

-	if (!x)

-		{

-		reason = ERR_R_PASSED_NULL_PARAMETER;

-		goto err;

-		}

-	if (EC_GROUP_get_asn1_flag(x))

-		{

-		/* the curve parameter are given by an asn1 OID */

-		int nid;

-		if (!BIO_indent(bp, off, 128))

-			goto err;

-		nid = EC_GROUP_get_curve_name(x);

-		if (nid == 0)

-			goto err;

-		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)

-			goto err;

-		if (BIO_printf(bp, "\n") <= 0)

-			goto err;

-		}

-	else

-		{

-		/* explicit parameters */

-		int is_char_two = 0;

-		point_conversion_form_t form;

-		int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));

-		if (tmp_nid == NID_X9_62_characteristic_two_field)

-			is_char_two = 1;

-		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||

-			(b = BN_new()) == NULL || (order = BN_new()) == NULL ||

-			(cofactor = BN_new()) == NULL)

-			{

-			reason = ERR_R_MALLOC_FAILURE;

-			goto err;

-			}

-		if (is_char_two)

-			{

-			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))

-				{

-				reason = ERR_R_EC_LIB;

-				goto err;

-				}

-			}

-		else /* prime field */

-			{

-			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))

-				{

-				reason = ERR_R_EC_LIB;

-				goto err;

-				}

-			}

-		if ((point = EC_GROUP_get0_generator(x)) == NULL)

-			{

-			reason = ERR_R_EC_LIB;

-			goto err;

-			}

-		if (!EC_GROUP_get_order(x, order, NULL) ||

-            		!EC_GROUP_get_cofactor(x, cofactor, NULL))

-			{

-			reason = ERR_R_EC_LIB;

-			goto err;

-			}

-		form = EC_GROUP_get_point_conversion_form(x);

-		if ((gen = EC_POINT_point2bn(x, point,

-				form, NULL, ctx)) == NULL)

-			{

-			reason = ERR_R_EC_LIB;

-			goto err;

-			}

-		buf_len = (size_t)BN_num_bytes(p);

-		if (buf_len < (i = (size_t)BN_num_bytes(a)))

-			buf_len = i;

-		if (buf_len < (i = (size_t)BN_num_bytes(b)))

-			buf_len = i;

-		if (buf_len < (i = (size_t)BN_num_bytes(gen)))

-			buf_len = i;

-		if (buf_len < (i = (size_t)BN_num_bytes(order)))

-			buf_len = i;

-		if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))

-			buf_len = i;

-		if ((seed = EC_GROUP_get0_seed(x)) != NULL)

-			seed_len = EC_GROUP_get_seed_len(x);

-		buf_len += 10;

-		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)

-			{

-			reason = ERR_R_MALLOC_FAILURE;

-			goto err;

-			}

-		if (!BIO_indent(bp, off, 128))

-			goto err;

-		/* print the 'short name' of the field type */

-		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))

-			<= 0)

-			goto err;

-		if (is_char_two)

-			{

-			/* print the 'short name' of the base type OID */

-			int basis_type = EC_GROUP_get_basis_type(x);

-			if (basis_type == 0)

-				goto err;

-			if (!BIO_indent(bp, off, 128))

-				goto err;

-			if (BIO_printf(bp, "Basis Type: %s\n",

-				OBJ_nid2sn(basis_type)) <= 0)

-				goto err;

-			/* print the polynomial */

-			if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,

-				off))

-				goto err;

-			}

-		else

-			{

-			if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))

-				goto err;

-			}

-		if ((a != NULL) && !print(bp, "A:   ", a, buffer, off))

-			goto err;

-		if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))

-			goto err;

-		if (form == POINT_CONVERSION_COMPRESSED)

-			{

-			if ((gen != NULL) && !print(bp, gen_compressed, gen,

-				buffer, off))

-				goto err;

-			}

-		else if (form == POINT_CONVERSION_UNCOMPRESSED)

-			{

-			if ((gen != NULL) && !print(bp, gen_uncompressed, gen,

-				buffer, off))

-				goto err;

-			}

-		else /* form == POINT_CONVERSION_HYBRID */

-			{

-			if ((gen != NULL) && !print(bp, gen_hybrid, gen,

-				buffer, off))

-				goto err;

-			}

-		if ((order != NULL) && !print(bp, "Order: ", order,

-			buffer, off)) goto err;

-		if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor,

-			buffer, off)) goto err;

-		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))

-			goto err;

-		}

-	ret=1;

-err:

-	if (!ret)

- 		ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);

-	if (p)

-		BN_free(p);

-	if (a)

-		BN_free(a);

-	if (b)

-		BN_free(b);

-	if (gen)

-		BN_free(gen);

-	if (order)

-		BN_free(order);

-	if (cofactor)

-		BN_free(cofactor);

-	if (ctx)

-		BN_CTX_free(ctx);

-	if (buffer != NULL)

-		OPENSSL_free(buffer);

-	return(ret);

-	}

-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)

-	{

-	unsigned char *buffer=NULL;

-	size_t	buf_len=0, i;

-	int     ret=0, reason=ERR_R_BIO_LIB;

-	BIGNUM  *pub_key=NULL, *order=NULL;

-	BN_CTX  *ctx=NULL;

-	const EC_GROUP *group;

-	const EC_POINT *public_key;

-	const BIGNUM *priv_key;

-	if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)

-		{

-		reason = ERR_R_PASSED_NULL_PARAMETER;

-		goto err;

-		}

-	public_key = EC_KEY_get0_public_key(x);

-	if ((pub_key = EC_POINT_point2bn(group, public_key,

-		EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)

-		{

-		reason = ERR_R_EC_LIB;

-		goto err;

-		}

-	buf_len = (size_t)BN_num_bytes(pub_key);

-	priv_key = EC_KEY_get0_private_key(x);

-	if (priv_key != NULL)

-		{

-		if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)

-			buf_len = i;

-		}

-	buf_len += 10;

-	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)

-		{

-		reason = ERR_R_MALLOC_FAILURE;

-		goto err;

-		}

-	if (priv_key != NULL)

-		{

-		if (!BIO_indent(bp, off, 128))

-			goto err;

-		if ((order = BN_new()) == NULL)

-			goto err;

-		if (!EC_GROUP_get_order(group, order, NULL))

-			goto err;

-		if (BIO_printf(bp, "Private-Key: (%d bit)\n",

-			BN_num_bits(order)) <= 0) goto err;

-		}

-	if ((priv_key != NULL) && !print(bp, "priv:", priv_key,

-		buffer, off))

-		goto err;

-	if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,

-		buffer, off))

-		goto err;

-	if (!ECPKParameters_print(bp, group, off))

-		goto err;

-	ret=1;

-err:

-	if (!ret)

- 		ECerr(EC_F_EC_KEY_PRINT, reason);

-	if (pub_key)

-		BN_free(pub_key);

-	if (order)

-		BN_free(order);

-	if (ctx)

-		BN_CTX_free(ctx);

-	if (buffer != NULL)

-		OPENSSL_free(buffer);

-	return(ret);

-	}

-#endif /* OPENSSL_NO_EC */

-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,

-	     int off)

-	{

-	int n,i;

-	const char *neg;

-	if (num == NULL) return(1);

-	neg = (BN_is_negative(num))?"-":"";

-	if(!BIO_indent(bp,off,128))

-		return 0;

-	if (BN_is_zero(num))

-		{

-		if (BIO_printf(bp, "%s 0\n", number) <= 0)

-			return 0;

-		return 1;

-		}

-	if (BN_num_bytes(num) <= BN_BYTES)

-		{

-		if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,

-			(unsigned long)num->d[0],neg,(unsigned long)num->d[0])

-			<= 0) return(0);

-		}

-	else

-		{

-		buf[0]=0;

-		if (BIO_printf(bp,"%s%s",number,

-			(neg[0] == '-')?" (Negative)":"") <= 0)

-			return(0);

-		n=BN_bn2bin(num,&buf[1]);

-		if (buf[1] & 0x80)

-			n++;

-		else	buf++;

-		for (i=0; i<n; i++)

-			{

-			if ((i%15) == 0)

-				{

-				if(BIO_puts(bp,"\n") <= 0

-				   || !BIO_indent(bp,off+4,128))

-				    return 0;

-				}

-			if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")

-				<= 0) return(0);

-			}

-		if (BIO_write(bp,"\n",1) <= 0) return(0);

-		}

-	return(1);

-	}

-#ifndef OPENSSL_NO_EC

-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,

-		size_t len, int off)

-	{

-	size_t i;

-	char str[128];

-	if (buf == NULL)

-		return 1;

-	if (off)

-		{

-		if (off > 128)

-			off=128;

-		memset(str,' ',off);

-		if (BIO_write(fp, str, off) <= 0)

-			return 0;

-		}

-	if (BIO_printf(fp,"%s", name) <= 0)

-		return 0;

-	for (i=0; i<len; i++)

-		{

-		if ((i%15) == 0)

-			{

-			str[0]='\n';

-			memset(&(str[1]),' ',off+4);

-			if (BIO_write(fp, str, off+1+4) <= 0)

-				return 0;

-			}

-		if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)

-			return 0;

-		}

-	if (BIO_write(fp,"\n",1) <= 0)

-		return 0;

-	return 1;

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-#ifndef OPENSSL_NO_FP_API

-int DHparams_print_fp(FILE *fp, const DH *x)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);

-		return(0);

-		}

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	ret=DHparams_print(b, x);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int DHparams_print(BIO *bp, const DH *x)

-	{

-	unsigned char *m=NULL;

-	int reason=ERR_R_BUF_LIB,ret=0;

-	size_t buf_len=0, i;

-	if (x->p)

-		buf_len = (size_t)BN_num_bytes(x->p);

-	else

-		{

-		reason = ERR_R_PASSED_NULL_PARAMETER;

-		goto err;

-		}

-	if (x->g)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))

-			buf_len = i;

-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);

-	if (m == NULL)

-		{

-		reason=ERR_R_MALLOC_FAILURE;

-		goto err;

-		}

-	if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",

-		BN_num_bits(x->p)) <= 0)

-		goto err;

-	if (!print(bp,"prime:",x->p,m,4)) goto err;

-	if (!print(bp,"generator:",x->g,m,4)) goto err;

-	if (x->length != 0)

-		{

-		if (BIO_printf(bp,"    recommended-private-length: %d bits\n",

-			(int)x->length) <= 0) goto err;

-		}

-	ret=1;

-	if (0)

-		{

-err:

-		DHerr(DH_F_DHPARAMS_PRINT,reason);

-		}

-	if (m != NULL) OPENSSL_free(m);

-	return(ret);

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-#ifndef OPENSSL_NO_FP_API

-int DSAparams_print_fp(FILE *fp, const DSA *x)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);

-		return(0);

-		}

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	ret=DSAparams_print(b, x);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int DSAparams_print(BIO *bp, const DSA *x)

-	{

-	unsigned char *m=NULL;

-	int ret=0;

-	size_t buf_len=0,i;

-	if (x->p)

-		buf_len = (size_t)BN_num_bytes(x->p);

-	else

-		{

-		DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);

-		goto err;

-		}

-	if (x->q)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))

-			buf_len = i;

-	if (x->g)

-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))

-			buf_len = i;

-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);

-	if (m == NULL)

-		{

-		DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",

-		BN_num_bits(x->p)) <= 0)

-		goto err;

-	if (!print(bp,"p:",x->p,m,4)) goto err;

-	if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;

-	if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;

-	ret=1;

-err:

-	if (m != NULL) OPENSSL_free(m);

-	return(ret);

-	}

-#endif /* !OPENSSL_NO_DSA */

-#ifndef OPENSSL_NO_EC

-#ifndef OPENSSL_NO_FP_API

-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);

-		return(0);

-		}

-	BIO_set_fp(b, fp, BIO_NOCLOSE);

-	ret = ECParameters_print(b, x);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int ECParameters_print(BIO *bp, const EC_KEY *x)

-	{

-	int     reason=ERR_R_EC_LIB, ret=0;

-	BIGNUM	*order=NULL;

-	const EC_GROUP *group;

-	if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)

-		{

-		reason = ERR_R_PASSED_NULL_PARAMETER;;

-		goto err;

-		}

-	if ((order = BN_new()) == NULL)

-		{

-		reason = ERR_R_MALLOC_FAILURE;

-		goto err;

-		}

-	if (!EC_GROUP_get_order(group, order, NULL))

-		{

-		reason = ERR_R_EC_LIB;

-		goto err;

-		}

-	if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n",

-		BN_num_bits(order)) <= 0)

-		goto err;

-	if (!ECPKParameters_print(bp, group, 4))

-		goto err;

-	ret=1;

-err:

-	if (order)

-		BN_free(order);

-	ECerr(EC_F_ECPARAMETERS_PRINT, reason);

-	return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_req.c

+++ /dev/null

@@ -1,290 +1,0 @@

-/* crypto/asn1/t_req.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/bn.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_FP_API

-int X509_REQ_print_fp(FILE *fp, X509_REQ *x)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=X509_REQ_print(b, x);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)

-	{

-	unsigned long l;

-	int i;

-	const char *neg;

-	X509_REQ_INFO *ri;

-	EVP_PKEY *pkey;

-	STACK_OF(X509_ATTRIBUTE) *sk;

-	STACK_OF(X509_EXTENSION) *exts;

-	char mlch = ' ';

-	int nmindent = 0;

-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {

-		mlch = '\n';

-		nmindent = 12;

-	}

-	if(nmflags == X509_FLAG_COMPAT)

-		nmindent = 16;

-	ri=x->req_info;

-	if(!(cflag & X509_FLAG_NO_HEADER))

-		{

-		if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;

-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_VERSION))

-		{

-		neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";

-		l=0;

-		for (i=0; i<ri->version->length; i++)

-			{ l<<=8; l+=ri->version->data[i]; }

-		if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,

-			      l) <= 0)

-		    goto err;

-		}

-        if(!(cflag & X509_FLAG_NO_SUBJECT))

-                {

-                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;

-                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;

-                if (BIO_write(bp,"\n",1) <= 0) goto err;

-                }

-	if(!(cflag & X509_FLAG_NO_PUBKEY))

-		{

-		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)

-			goto err;

-		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)

-			goto err;

-		if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)

-			goto err;

-		if (BIO_puts(bp, "\n") <= 0)

-			goto err;

-		pkey=X509_REQ_get_pubkey(x);

-		if (pkey == NULL)

-			{

-			BIO_printf(bp,"%12sUnable to load Public Key\n","");

-			ERR_print_errors(bp);

-			}

-		else

-#ifndef OPENSSL_NO_RSA

-		if (pkey->type == EVP_PKEY_RSA)

-			{

-			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",

-			BN_num_bits(pkey->pkey.rsa->n));

-			RSA_print(bp,pkey->pkey.rsa,16);

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-			{

-			BIO_printf(bp,"%12sDSA Public Key:\n","");

-			DSA_print(bp,pkey->pkey.dsa,16);

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_EC

-		if (pkey->type == EVP_PKEY_EC)

-		{

-			BIO_printf(bp, "%12sEC Public Key: \n","");

-			EC_KEY_print(bp, pkey->pkey.ec, 16);

-		}

-	else

-#endif

-			BIO_printf(bp,"%12sUnknown Public Key:\n","");

-		EVP_PKEY_free(pkey);

-		}

-	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))

-		{

-		/* may not be */

-		if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)

-		    goto err;

-		sk=x->req_info->attributes;

-		if (sk_X509_ATTRIBUTE_num(sk) == 0)

-			{

-			if(BIO_printf(bp,"%12sa0:00\n","") <= 0)

-			    goto err;

-			}

-		else

-			{

-			for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)

-				{

-				ASN1_TYPE *at;

-				X509_ATTRIBUTE *a;

-				ASN1_BIT_STRING *bs=NULL;

-				ASN1_TYPE *t;

-				int j,type=0,count=1,ii=0;

-				a=sk_X509_ATTRIBUTE_value(sk,i);

-				if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))

-									continue;

-				if(BIO_printf(bp,"%12s","") <= 0)

-				    goto err;

-				if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)

-				{

-				if (a->single)

-					{

-					t=a->value.single;

-					type=t->type;

-					bs=t->value.bit_string;

-					}

-				else

-					{

-					ii=0;

-					count=sk_ASN1_TYPE_num(a->value.set);

-get_next:

-					at=sk_ASN1_TYPE_value(a->value.set,ii);

-					type=at->type;

-					bs=at->value.asn1_string;

-					}

-				}

-				for (j=25-j; j>0; j--)

-					if (BIO_write(bp," ",1) != 1) goto err;

-				if (BIO_puts(bp,":") <= 0) goto err;

-				if (	(type == V_ASN1_PRINTABLESTRING) ||

-					(type == V_ASN1_T61STRING) ||

-					(type == V_ASN1_IA5STRING))

-					{

-					if (BIO_write(bp,(char *)bs->data,bs->length)

-						!= bs->length)

-						goto err;

-					BIO_puts(bp,"\n");

-					}

-				else

-					{

-					BIO_puts(bp,"unable to print attribute\n");

-					}

-				if (++ii < count) goto get_next;

-				}

-			}

-		}

-	if(!(cflag & X509_FLAG_NO_EXTENSIONS))

-		{

-		exts = X509_REQ_get_extensions(x);

-		if(exts)

-			{

-			BIO_printf(bp,"%8sRequested Extensions:\n","");

-			for (i=0; i<sk_X509_EXTENSION_num(exts); i++)

-				{

-				ASN1_OBJECT *obj;

-				X509_EXTENSION *ex;

-				int j;

-				ex=sk_X509_EXTENSION_value(exts, i);

-				if (BIO_printf(bp,"%12s","") <= 0) goto err;

-				obj=X509_EXTENSION_get_object(ex);

-				i2a_ASN1_OBJECT(bp,obj);

-				j=X509_EXTENSION_get_critical(ex);

-				if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)

-					goto err;

-				if(!X509V3_EXT_print(bp, ex, cflag, 16))

-					{

-					BIO_printf(bp, "%16s", "");

-					M_ASN1_OCTET_STRING_print(bp,ex->value);

-					}

-				if (BIO_write(bp,"\n",1) <= 0) goto err;

-				}

-			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

-			}

-		}

-	if(!(cflag & X509_FLAG_NO_SIGDUMP))

-		{

-		if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;

-		}

-	return(1);

-err:

-	X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);

-	return(0);

-	}

-int X509_REQ_print(BIO *bp, X509_REQ *x)

-	{

-	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_spki.c

+++ /dev/null

@@ -1,132 +1,0 @@

-/* t_spki.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#include <openssl/bn.h>

-/* Print out an SPKI */

-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)

-{

-	EVP_PKEY *pkey;

-	ASN1_IA5STRING *chal;

-	int i, n;

-	char *s;

-	BIO_printf(out, "Netscape SPKI:\n");

-	i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);

-	BIO_printf(out,"  Public Key Algorithm: %s\n",

-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));

-	pkey = X509_PUBKEY_get(spki->spkac->pubkey);

-	if(!pkey) BIO_printf(out, "  Unable to load public key\n");

-	else {

-#ifndef OPENSSL_NO_RSA

-		if (pkey->type == EVP_PKEY_RSA)

-			{

-			BIO_printf(out,"  RSA Public Key: (%d bit)\n",

-				BN_num_bits(pkey->pkey.rsa->n));

-			RSA_print(out,pkey->pkey.rsa,2);

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-		{

-		BIO_printf(out,"  DSA Public Key:\n");

-		DSA_print(out,pkey->pkey.dsa,2);

-		}

-		else

-#endif

-#ifndef OPENSSL_NO_EC

-		if (pkey->type == EVP_PKEY_EC)

-		{

-			BIO_printf(out, "  EC Public Key:\n");

-			EC_KEY_print(out, pkey->pkey.ec,2);

-		}

-		else

-#endif

-			BIO_printf(out,"  Unknown Public Key:\n");

-		EVP_PKEY_free(pkey);

-	}

-	chal = spki->spkac->challenge;

-	if(chal->length)

-		BIO_printf(out, "  Challenge String: %s\n", chal->data);

-	i=OBJ_obj2nid(spki->sig_algor->algorithm);

-	BIO_printf(out,"  Signature Algorithm: %s",

-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));

-	n=spki->signature->length;

-	s=(char *)spki->signature->data;

-	for (i=0; i<n; i++)

-		{

-		if ((i%18) == 0) BIO_write(out,"\n      ",7);

-		BIO_printf(out,"%02x%s",(unsigned char)s[i],

-						((i+1) == n)?"":":");

-		}

-	BIO_write(out,"\n",1);

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_x509.c

+++ /dev/null

@@ -1,505 +1,0 @@

-/* crypto/asn1/t_x509.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_FP_API

-int X509_print_fp(FILE *fp, X509 *x)

-	{

-	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

-	}

-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=X509_print_ex(b, x, nmflag, cflag);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int X509_print(BIO *bp, X509 *x)

-{

-	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

-}

-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)

-	{

-	long l;

-	int ret=0,i;

-	char *m=NULL,mlch = ' ';

-	int nmindent = 0;

-	X509_CINF *ci;

-	ASN1_INTEGER *bs;

-	EVP_PKEY *pkey=NULL;

-	const char *neg;

-	ASN1_STRING *str=NULL;

-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {

-			mlch = '\n';

-			nmindent = 12;

-	}

-	if(nmflags == X509_FLAG_COMPAT)

-		nmindent = 16;

-	ci=x->cert_info;

-	if(!(cflag & X509_FLAG_NO_HEADER))

-		{

-		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;

-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_VERSION))

-		{

-		l=X509_get_version(x);

-		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_SERIAL))

-		{

-		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;

-		bs=X509_get_serialNumber(x);

-		if (bs->length <= 4)

-			{

-			l=ASN1_INTEGER_get(bs);

-			if (l < 0)

-				{

-				l= -l;

-				neg="-";

-				}

-			else

-				neg="";

-			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)

-				goto err;

-			}

-		else

-			{

-			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";

-			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;

-			for (i=0; i<bs->length; i++)

-				{

-				if (BIO_printf(bp,"%02x%c",bs->data[i],

-					((i+1 == bs->length)?'\n':':')) <= 0)

-					goto err;

-				}

-			}

-		}

-	if(!(cflag & X509_FLAG_NO_SIGNAME))

-		{

-		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0)

-			goto err;

-		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)

-			goto err;

-		if (BIO_puts(bp, "\n") <= 0)

-			goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_ISSUER))

-		{

-		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;

-		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;

-		if (BIO_write(bp,"\n",1) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_VALIDITY))

-		{

-		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;

-		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;

-		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;

-		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;

-		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;

-		if (BIO_write(bp,"\n",1) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_SUBJECT))

-		{

-		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;

-		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;

-		if (BIO_write(bp,"\n",1) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_PUBKEY))

-		{

-		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)

-			goto err;

-		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)

-			goto err;

-		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)

-			goto err;

-		if (BIO_puts(bp, "\n") <= 0)

-			goto err;

-		pkey=X509_get_pubkey(x);

-		if (pkey == NULL)

-			{

-			BIO_printf(bp,"%12sUnable to load Public Key\n","");

-			ERR_print_errors(bp);

-			}

-		else

-#ifndef OPENSSL_NO_RSA

-		if (pkey->type == EVP_PKEY_RSA)

-			{

-			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",

-			BN_num_bits(pkey->pkey.rsa->n));

-			RSA_print(bp,pkey->pkey.rsa,16);

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-			{

-			BIO_printf(bp,"%12sDSA Public Key:\n","");

-			DSA_print(bp,pkey->pkey.dsa,16);

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_EC

-		if (pkey->type == EVP_PKEY_EC)

-			{

-			BIO_printf(bp, "%12sEC Public Key:\n","");

-			EC_KEY_print(bp, pkey->pkey.ec, 16);

-			}

-		else

-#endif

-			BIO_printf(bp,"%12sUnknown Public Key:\n","");

-		EVP_PKEY_free(pkey);

-		}

-	if (!(cflag & X509_FLAG_NO_EXTENSIONS))

-		X509V3_extensions_print(bp, "X509v3 extensions",

-					ci->extensions, cflag, 8);

-	if(!(cflag & X509_FLAG_NO_SIGDUMP))

-		{

-		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;

-		}

-	if(!(cflag & X509_FLAG_NO_AUX))

-		{

-		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;

-		}

-	ret=1;

-err:

-	if (str != NULL) ASN1_STRING_free(str);

-	if (m != NULL) OPENSSL_free(m);

-	return(ret);

-	}

-int X509_ocspid_print (BIO *bp, X509 *x)

-	{

-	unsigned char *der=NULL ;

-	unsigned char *dertmp;

-	int derlen;

-	int i;

-	unsigned char SHA1md[SHA_DIGEST_LENGTH];

-	/* display the hash of the subject as it would appear

-	   in OCSP requests */

-	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)

-		goto err;

-	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);

-	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)

-		goto err;

-	i2d_X509_NAME(x->cert_info->subject, &dertmp);

-	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);

-	for (i=0; i < SHA_DIGEST_LENGTH; i++)

-		{

-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;

-		}

-	OPENSSL_free (der);

-	der=NULL;

-	/* display the hash of the public key as it would appear

-	   in OCSP requests */

-	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)

-		goto err;

-	EVP_Digest(x->cert_info->key->public_key->data,

-		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);

-	for (i=0; i < SHA_DIGEST_LENGTH; i++)

-		{

-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)

-			goto err;

-		}

-	BIO_printf(bp,"\n");

-	return (1);

-err:

-	if (der != NULL) OPENSSL_free(der);

-	return(0);

-	}

-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)

-{

-	unsigned char *s;

-	int i, n;

-	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;

-	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;

-	n=sig->length;

-	s=sig->data;

-	for (i=0; i<n; i++)

-		{

-		if ((i%18) == 0)

-			if (BIO_write(bp,"\n        ",9) <= 0) return 0;

-			if (BIO_printf(bp,"%02x%s",s[i],

-				((i+1) == n)?"":":") <= 0) return 0;

-		}

-	if (BIO_write(bp,"\n",1) != 1) return 0;

-	return 1;

-}

-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)

-	{

-	int i,n;

-	char buf[80],*p;;

-	if (v == NULL) return(0);

-	n=0;

-	p=(char *)v->data;

-	for (i=0; i<v->length; i++)

-		{

-		if ((p[i] > '~') || ((p[i] < ' ') &&

-			(p[i] != '\n') && (p[i] != '\r')))

-			buf[n]='.';

-		else

-			buf[n]=p[i];

-		n++;

-		if (n >= 80)

-			{

-			if (BIO_write(bp,buf,n) <= 0)

-				return(0);

-			n=0;

-			}

-		}

-	if (n > 0)

-		if (BIO_write(bp,buf,n) <= 0)

-			return(0);

-	return(1);

-	}

-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)

-{

-	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);

-	if(tm->type == V_ASN1_GENERALIZEDTIME)

-				return ASN1_GENERALIZEDTIME_print(bp, tm);

-	BIO_write(bp,"Bad time value",14);

-	return(0);

-}

-static const char *mon[12]=

-    {

-    "Jan","Feb","Mar","Apr","May","Jun",

-    "Jul","Aug","Sep","Oct","Nov","Dec"

-    };

-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)

-	{

-	char *v;

-	int gmt=0;

-	int i;

-	int y=0,M=0,d=0,h=0,m=0,s=0;

-	i=tm->length;

-	v=(char *)tm->data;

-	if (i < 12) goto err;

-	if (v[i-1] == 'Z') gmt=1;

-	for (i=0; i<12; i++)

-		if ((v[i] > '9') || (v[i] < '0')) goto err;

-	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');

-	M= (v[4]-'0')*10+(v[5]-'0');

-	if ((M > 12) || (M < 1)) goto err;

-	d= (v[6]-'0')*10+(v[7]-'0');

-	h= (v[8]-'0')*10+(v[9]-'0');

-	m=  (v[10]-'0')*10+(v[11]-'0');

-	if (	(v[12] >= '0') && (v[12] <= '9') &&

-		(v[13] >= '0') && (v[13] <= '9'))

-		s=  (v[12]-'0')*10+(v[13]-'0');

-	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",

-		mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)

-		return(0);

-	else

-		return(1);

-err:

-	BIO_write(bp,"Bad time value",14);

-	return(0);

-	}

-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)

-	{

-	char *v;

-	int gmt=0;

-	int i;

-	int y=0,M=0,d=0,h=0,m=0,s=0;

-	i=tm->length;

-	v=(char *)tm->data;

-	if (i < 10) goto err;

-	if (v[i-1] == 'Z') gmt=1;

-	for (i=0; i<10; i++)

-		if ((v[i] > '9') || (v[i] < '0')) goto err;

-	y= (v[0]-'0')*10+(v[1]-'0');

-	if (y < 50) y+=100;

-	M= (v[2]-'0')*10+(v[3]-'0');

-	if ((M > 12) || (M < 1)) goto err;

-	d= (v[4]-'0')*10+(v[5]-'0');

-	h= (v[6]-'0')*10+(v[7]-'0');

-	m=  (v[8]-'0')*10+(v[9]-'0');

-	if (	(v[10] >= '0') && (v[10] <= '9') &&

-		(v[11] >= '0') && (v[11] <= '9'))

-		s=  (v[10]-'0')*10+(v[11]-'0');

-	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",

-		mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)

-		return(0);

-	else

-		return(1);

-err:

-	BIO_write(bp,"Bad time value",14);

-	return(0);

-	}

-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)

-	{

-	char *s,*c,*b;

-	int ret=0,l,i;

-	l=80-2-obase;

-	b=s=X509_NAME_oneline(name,NULL,0);

-	if (!*s)

-		{

-		OPENSSL_free(b);

-		return 1;

-		}

-	s++; /* skip the first slash */

-	c=s;

-	for (;;)

-		{

-#ifndef CHARSET_EBCDIC

-		if (	((*s == '/') &&

-				((s[1] >= 'A') && (s[1] <= 'Z') && (

-					(s[2] == '=') ||

-					((s[2] >= 'A') && (s[2] <= 'Z') &&

-					(s[3] == '='))

-				 ))) ||

-			(*s == '\0'))

-#else

-		if (	((*s == '/') &&

-				(isupper(s[1]) && (

-					(s[2] == '=') ||

-					(isupper(s[2]) &&

-					(s[3] == '='))

-				 ))) ||

-			(*s == '\0'))

-#endif

-			{

-			i=s-c;

-			if (BIO_write(bp,c,i) != i) goto err;

-			c+=i;

-			c++;

-			if (*s != '\0')

-				{

-				if (BIO_write(bp,", ",2) != 2) goto err;

-				}

-			l--;

-			}

-		if (*s == '\0') break;

-		s++;

-		l--;

-		}

-	ret=1;

-	if (0)

-		{

-err:

-		X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);

-		}

-	OPENSSL_free(b);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/t_x509a.c

+++ /dev/null

@@ -1,110 +1,0 @@

-/* t_x509a.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-/* X509_CERT_AUX and string set routines

- */

-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)

-{

-	char oidstr[80], first;

-	int i;

-	if(!aux) return 1;

-	if(aux->trust) {

-		first = 1;

-		BIO_printf(out, "%*sTrusted Uses:\n%*s",

-						indent, "", indent + 2, "");

-		for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {

-			if(!first) BIO_puts(out, ", ");

-			else first = 0;

-			OBJ_obj2txt(oidstr, sizeof oidstr,

-				sk_ASN1_OBJECT_value(aux->trust, i), 0);

-			BIO_puts(out, oidstr);

-		}

-		BIO_puts(out, "\n");

-	} else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");

-	if(aux->reject) {

-		first = 1;

-		BIO_printf(out, "%*sRejected Uses:\n%*s",

-						indent, "", indent + 2, "");

-		for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {

-			if(!first) BIO_puts(out, ", ");

-			else first = 0;

-			OBJ_obj2txt(oidstr, sizeof oidstr,

-				sk_ASN1_OBJECT_value(aux->reject, i), 0);

-			BIO_puts(out, oidstr);

-		}

-		BIO_puts(out, "\n");

-	} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");

-	if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",

-							aux->alias->data);

-	if(aux->keyid) {

-		BIO_printf(out, "%*sKey Id: ", indent, "");

-		for(i = 0; i < aux->keyid->length; i++)

-			BIO_printf(out, "%s%02X",

-				i ? ":" : "",

-				aux->keyid->data[i]);

-		BIO_write(out,"\n",1);

-	}

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_dec.c

+++ /dev/null

@@ -1,1322 +1,0 @@

-/* tasn_dec.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <string.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-#include <openssl/err.h>

-static int asn1_check_eoc(const unsigned char **in, long len);

-static int asn1_find_end(const unsigned char **in, long len, char inf);

-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,

-				char inf, int tag, int aclass);

-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);

-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,

-				char *inf, char *cst,

-				const unsigned char **in, long len,

-				int exptag, int expclass, char opt,

-				ASN1_TLC *ctx);

-static int asn1_template_ex_d2i(ASN1_VALUE **pval,

-				const unsigned char **in, long len,

-				const ASN1_TEMPLATE *tt, char opt,

-				ASN1_TLC *ctx);

-static int asn1_template_noexp_d2i(ASN1_VALUE **val,

-				const unsigned char **in, long len,

-				const ASN1_TEMPLATE *tt, char opt,

-				ASN1_TLC *ctx);

-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,

-				const unsigned char **in, long len,

-				const ASN1_ITEM *it,

-				int tag, int aclass, char opt, ASN1_TLC *ctx);

-/* Table to convert tags to bit values, used for MSTRING type */

-static const unsigned long tag2bit[32] = {

-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */

-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */

-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */

-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */

-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */

-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */

-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */

-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */

-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */

-	};

-unsigned long ASN1_tag2bit(int tag)

-	{

-	if ((tag < 0) || (tag > 30)) return 0;

-	return tag2bit[tag];

-	}

-/* Macro to initialize and invalidate the cache */

-#define asn1_tlc_clear(c)	if (c) (c)->valid = 0

-/* Decode an ASN1 item, this currently behaves just

- * like a standard 'd2i' function. 'in' points to

- * a buffer to read the data from, in future we will

- * have more advanced versions that can input data

- * a piece at a time and this will simply be a special

- * case.

- */

-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,

-		const unsigned char **in, long len, const ASN1_ITEM *it)

-	{

-	ASN1_TLC c;

-	ASN1_VALUE *ptmpval = NULL;

-	if (!pval)

-		pval = &ptmpval;

-	c.valid = 0;

-	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)

-		return *pval;

-	return NULL;

-	}

-int ASN1_template_d2i(ASN1_VALUE **pval,

-		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)

-	{

-	ASN1_TLC c;

-	c.valid = 0;

-	return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);

-	}

-/* Decode an item, taking care of IMPLICIT tagging, if any.

- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL

- */

-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,

-			const ASN1_ITEM *it,

-			int tag, int aclass, char opt, ASN1_TLC *ctx)

-	{

-	const ASN1_TEMPLATE *tt, *errtt = NULL;

-	const ASN1_COMPAT_FUNCS *cf;

-	const ASN1_EXTERN_FUNCS *ef;

-	const ASN1_AUX *aux = it->funcs;

-	ASN1_aux_cb *asn1_cb;

-	const unsigned char *p = NULL, *q;

-	unsigned char *wp=NULL;	/* BIG FAT WARNING!  BREAKS CONST WHERE USED */

-	unsigned char imphack = 0, oclass;

-	char seq_eoc, seq_nolen, cst, isopt;

-	long tmplen;

-	int i;

-	int otag;

-	int ret = 0;

-	ASN1_VALUE *pchval, **pchptr, *ptmpval;

-	if (!pval)

-		return 0;

-	if (aux && aux->asn1_cb)

-		asn1_cb = aux->asn1_cb;

-	else asn1_cb = 0;

-	switch(it->itype)

-		{

-		case ASN1_ITYPE_PRIMITIVE:

-		if (it->templates)

-			{

-			/* tagging or OPTIONAL is currently illegal on an item

-			 * template because the flags can't get passed down.

-			 * In practice this isn't a problem: we include the

-			 * relevant flags from the item template in the

-			 * template itself.

-			 */

-			if ((tag != -1) || opt)

-				{

-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-				ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);

-				goto err;

-				}

-			return asn1_template_ex_d2i(pval, in, len,

-					it->templates, opt, ctx);

-		}

-		return asn1_d2i_ex_primitive(pval, in, len, it,

-						tag, aclass, opt, ctx);

-		break;

-		case ASN1_ITYPE_MSTRING:

-		p = *in;

-		/* Just read in tag and class */

-		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,

-						&p, len, -1, 0, 1, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		/* Must be UNIVERSAL class */

-		if (oclass != V_ASN1_UNIVERSAL)

-			{

-			/* If OPTIONAL, assume this is OK */

-			if (opt) return -1;

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ASN1_R_MSTRING_NOT_UNIVERSAL);

-			goto err;

-			}

-		/* Check tag matches bit map */

-		if (!(ASN1_tag2bit(otag) & it->utype))

-			{

-			/* If OPTIONAL, assume this is OK */

-			if (opt)

-				return -1;

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ASN1_R_MSTRING_WRONG_TAG);

-			goto err;

-			}

-		return asn1_d2i_ex_primitive(pval, in, len,

-						it, otag, 0, 0, ctx);

-		case ASN1_ITYPE_EXTERN:

-		/* Use new style d2i */

-		ef = it->funcs;

-		return ef->asn1_ex_d2i(pval, in, len,

-						it, tag, aclass, opt, ctx);

-		case ASN1_ITYPE_COMPAT:

-		/* we must resort to old style evil hackery */

-		cf = it->funcs;

-		/* If OPTIONAL see if it is there */

-		if (opt)

-			{

-			int exptag;

-			p = *in;

-			if (tag == -1)

-				exptag = it->utype;

-			else exptag = tag;

-			/* Don't care about anything other than presence

-			 * of expected tag */

-			ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,

-					&p, len, exptag, aclass, 1, ctx);

-			if (!ret)

-				{

-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-				goto err;

-				}

-			if (ret == -1)

-				return -1;

-			}

-		/* This is the old style evil hack IMPLICIT handling:

-		 * since the underlying code is expecting a tag and

-		 * class other than the one present we change the

-		 * buffer temporarily then change it back afterwards.

-		 * This doesn't and never did work for tags > 30.

-		 *

-		 * Yes this is *horrible* but it is only needed for

-		 * old style d2i which will hopefully not be around

-		 * for much longer.

-		 * FIXME: should copy the buffer then modify it so

-		 * the input buffer can be const: we should *always*

-		 * copy because the old style d2i might modify the

-		 * buffer.

-		 */

-		if (tag != -1)

-			{

-			wp = *(unsigned char **)in;

-			imphack = *wp;

-			if (p == NULL)

-				{

-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-				goto err;

-				}

-			*wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)

-								| it->utype);

-			}

-		ptmpval = cf->asn1_d2i(pval, in, len);

-		if (tag != -1)

-			*wp = imphack;

-		if (ptmpval)

-			return 1;

-		ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);

-		goto err;

-		case ASN1_ITYPE_CHOICE:

-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))

-				goto auxerr;

-		/* Allocate structure */

-		if (!*pval && !ASN1_item_ex_new(pval, it))

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-						ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		/* CHOICE type, try each possibility in turn */

-		pchval = NULL;

-		p = *in;

-		for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)

-			{

-			pchptr = asn1_get_field_ptr(pval, tt);

-			/* We mark field as OPTIONAL so its absence

-			 * can be recognised.

-			 */

-			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);

-			/* If field not present, try the next one */

-			if (ret == -1)

-				continue;

-			/* If positive return, read OK, break loop */

-			if (ret > 0)

-				break;

-			/* Otherwise must be an ASN1 parsing error */

-			errtt = tt;

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-						ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		/* Did we fall off the end without reading anything? */

-		if (i == it->tcount)

-			{

-			/* If OPTIONAL, this is OK */

-			if (opt)

-				{

-				/* Free and zero it */

-				ASN1_item_ex_free(pval, it);

-				return -1;

-				}

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ASN1_R_NO_MATCHING_CHOICE_TYPE);

-			goto err;

-			}

-		asn1_set_choice_selector(pval, i, it);

-		*in = p;

-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))

-				goto auxerr;

-		return 1;

-		case ASN1_ITYPE_NDEF_SEQUENCE:

-		case ASN1_ITYPE_SEQUENCE:

-		p = *in;

-		tmplen = len;

-		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */

-		if (tag == -1)

-			{

-			tag = V_ASN1_SEQUENCE;

-			aclass = V_ASN1_UNIVERSAL;

-			}

-		/* Get SEQUENCE length and update len, p */

-		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,

-					&p, len, tag, aclass, opt, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		else if (ret == -1)

-			return -1;

-		if (aux && (aux->flags & ASN1_AFLG_BROKEN))

-			{

-			len = tmplen - (p - *in);

-			seq_nolen = 1;

-			}

-		/* If indefinite we don't do a length check */

-		else seq_nolen = seq_eoc;

-		if (!cst)

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-				ASN1_R_SEQUENCE_NOT_CONSTRUCTED);

-			goto err;

-			}

-		if (!*pval && !ASN1_item_ex_new(pval, it))

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-				ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))

-				goto auxerr;

-		/* Get each field entry */

-		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)

-			{

-			const ASN1_TEMPLATE *seqtt;

-			ASN1_VALUE **pseqval;

-			seqtt = asn1_do_adb(pval, tt, 1);

-			if (!seqtt)

-				goto err;

-			pseqval = asn1_get_field_ptr(pval, seqtt);

-			/* Have we ran out of data? */

-			if (!len)

-				break;

-			q = p;

-			if (asn1_check_eoc(&p, len))

-				{

-				if (!seq_eoc)

-					{

-					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-							ASN1_R_UNEXPECTED_EOC);

-					goto err;

-					}

-				len -= p - q;

-				seq_eoc = 0;

-				q = p;

-				break;

-				}

-			/* This determines the OPTIONAL flag value. The field

-			 * cannot be omitted if it is the last of a SEQUENCE

-			 * and there is still data to be read. This isn't

-			 * strictly necessary but it increases efficiency in

-			 * some cases.

-			 */

-			if (i == (it->tcount - 1))

-				isopt = 0;

-			else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);

-			/* attempt to read in field, allowing each to be

-			 * OPTIONAL */

-			ret = asn1_template_ex_d2i(pseqval, &p, len,

-							seqtt, isopt, ctx);

-			if (!ret)

-				{

-				errtt = seqtt;

-				goto err;

-				}

-			else if (ret == -1)

-				{

-				/* OPTIONAL component absent.

-				 * Free and zero the field.

-				 */

-				ASN1_template_free(pseqval, seqtt);

-				continue;

-				}

-			/* Update length */

-			len -= p - q;

-			}

-		/* Check for EOC if expecting one */

-		if (seq_eoc && !asn1_check_eoc(&p, len))

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);

-			goto err;

-			}

-		/* Check all data read */

-		if (!seq_nolen && len)

-			{

-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-					ASN1_R_SEQUENCE_LENGTH_MISMATCH);

-			goto err;

-			}

-		/* If we get here we've got no more data in the SEQUENCE,

-		 * however we may not have read all fields so check all

-		 * remaining are OPTIONAL and clear any that are.

-		 */

-		for (; i < it->tcount; tt++, i++)

-			{

-			const ASN1_TEMPLATE *seqtt;

-			seqtt = asn1_do_adb(pval, tt, 1);

-			if (!seqtt)

-				goto err;

-			if (seqtt->flags & ASN1_TFLG_OPTIONAL)

-				{

-				ASN1_VALUE **pseqval;

-				pseqval = asn1_get_field_ptr(pval, seqtt);

-				ASN1_template_free(pseqval, seqtt);

-				}

-			else

-				{

-				errtt = seqtt;

-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

-							ASN1_R_FIELD_MISSING);

-				goto err;

-				}

-			}

-		/* Save encoding */

-		if (!asn1_enc_save(pval, *in, p - *in, it))

-			goto auxerr;

-		*in = p;

-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))

-				goto auxerr;

-		return 1;

-		default:

-		return 0;

-		}

-	auxerr:

-	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);

-	err:

-	ASN1_item_ex_free(pval, it);

-	if (errtt)

-		ERR_add_error_data(4, "Field=", errtt->field_name,

-					", Type=", it->sname);

-	else

-		ERR_add_error_data(2, "Type=", it->sname);

-	return 0;

-	}

-/* Templates are handled with two separate functions.

- * One handles any EXPLICIT tag and the other handles the rest.

- */

-static int asn1_template_ex_d2i(ASN1_VALUE **val,

-				const unsigned char **in, long inlen,

-				const ASN1_TEMPLATE *tt, char opt,

-							ASN1_TLC *ctx)

-	{

-	int flags, aclass;

-	int ret;

-	long len;

-	const unsigned char *p, *q;

-	char exp_eoc;

-	if (!val)

-		return 0;

-	flags = tt->flags;

-	aclass = flags & ASN1_TFLG_TAG_CLASS;

-	p = *in;

-	/* Check if EXPLICIT tag expected */

-	if (flags & ASN1_TFLG_EXPTAG)

-		{

-		char cst;

-		/* Need to work out amount of data available to the inner

-		 * content and where it starts: so read in EXPLICIT header to

-		 * get the info.

-		 */

-		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,

-					&p, inlen, tt->tag, aclass, opt, ctx);

-		q = p;

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-			return 0;

-			}

-		else if (ret == -1)

-			return -1;

-		if (!cst)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,

-					ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);

-			return 0;

-			}

-		/* We've found the field so it can't be OPTIONAL now */

-		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-			return 0;

-			}

-		/* We read the field in OK so update length */

-		len -= p - q;

-		if (exp_eoc)

-			{

-			/* If NDEF we must have an EOC here */

-			if (!asn1_check_eoc(&p, len))

-				{

-				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,

-						ASN1_R_MISSING_EOC);

-				goto err;

-				}

-			}

-		else

-			{

-			/* Otherwise we must hit the EXPLICIT tag end or its

-			 * an error */

-			if (len)

-				{

-				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,

-					ASN1_R_EXPLICIT_LENGTH_MISMATCH);

-				goto err;

-				}

-			}

-		}

-		else

-			return asn1_template_noexp_d2i(val, in, inlen,

-								tt, opt, ctx);

-	*in = p;

-	return 1;

-	err:

-	ASN1_template_free(val, tt);

-	*val = NULL;

-	return 0;

-	}

-static int asn1_template_noexp_d2i(ASN1_VALUE **val,

-				const unsigned char **in, long len,

-				const ASN1_TEMPLATE *tt, char opt,

-				ASN1_TLC *ctx)

-	{

-	int flags, aclass;

-	int ret;

-	const unsigned char *p, *q;

-	if (!val)

-		return 0;

-	flags = tt->flags;

-	aclass = flags & ASN1_TFLG_TAG_CLASS;

-	p = *in;

-	q = p;

-	if (flags & ASN1_TFLG_SK_MASK)

-		{

-		/* SET OF, SEQUENCE OF */

-		int sktag, skaclass;

-		char sk_eoc;

-		/* First work out expected inner tag value */

-		if (flags & ASN1_TFLG_IMPTAG)

-			{

-			sktag = tt->tag;

-			skaclass = aclass;

-			}

-		else

-			{

-			skaclass = V_ASN1_UNIVERSAL;

-			if (flags & ASN1_TFLG_SET_OF)

-				sktag = V_ASN1_SET;

-			else

-				sktag = V_ASN1_SEQUENCE;

-			}

-		/* Get the tag */

-		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,

-					&p, len, sktag, skaclass, opt, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-						ERR_R_NESTED_ASN1_ERROR);

-			return 0;

-			}

-		else if (ret == -1)

-			return -1;

-		if (!*val)

-			*val = (ASN1_VALUE *)sk_new_null();

-		else

-			{

-			/* We've got a valid STACK: free up any items present */

-			STACK *sktmp = (STACK *)*val;

-			ASN1_VALUE *vtmp;

-			while(sk_num(sktmp) > 0)

-				{

-				vtmp = (ASN1_VALUE *)sk_pop(sktmp);

-				ASN1_item_ex_free(&vtmp,

-						ASN1_ITEM_ptr(tt->item));

-				}

-			}

-		if (!*val)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-						ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		/* Read as many items as we can */

-		while(len > 0)

-			{

-			ASN1_VALUE *skfield;

-			q = p;

-			/* See if EOC found */

-			if (asn1_check_eoc(&p, len))

-				{

-				if (!sk_eoc)

-					{

-					ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-							ASN1_R_UNEXPECTED_EOC);

-					goto err;

-					}

-				len -= p - q;

-				sk_eoc = 0;

-				break;

-				}

-			skfield = NULL;

-			if (!ASN1_item_ex_d2i(&skfield, &p, len,

-						ASN1_ITEM_ptr(tt->item),

-						-1, 0, 0, ctx))

-				{

-				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-				goto err;

-				}

-			len -= p - q;

-			if (!sk_push((STACK *)*val, (char *)skfield))

-				{

-				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-						ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			}

-		if (sk_eoc)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);

-			goto err;

-			}

-		}

-	else if (flags & ASN1_TFLG_IMPTAG)

-		{

-		/* IMPLICIT tagging */

-		ret = ASN1_item_ex_d2i(val, &p, len,

-			ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-						ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		else if (ret == -1)

-			return -1;

-		}

-	else

-		{

-		/* Nothing special */

-		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),

-							-1, 0, opt, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,

-					ERR_R_NESTED_ASN1_ERROR);

-			goto err;

-			}

-		else if (ret == -1)

-			return -1;

-		}

-	*in = p;

-	return 1;

-	err:

-	ASN1_template_free(val, tt);

-	*val = NULL;

-	return 0;

-	}

-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,

-				const unsigned char **in, long inlen,

-				const ASN1_ITEM *it,

-				int tag, int aclass, char opt, ASN1_TLC *ctx)

-	{

-	int ret = 0, utype;

-	long plen;

-	char cst, inf, free_cont = 0;

-	const unsigned char *p;

-	BUF_MEM buf;

-	const unsigned char *cont = NULL;

-	long len;

-	if (!pval)

-		{

-		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);

-		return 0; /* Should never happen */

-		}

-	if (it->itype == ASN1_ITYPE_MSTRING)

-		{

-		utype = tag;

-		tag = -1;

-		}

-	else

-		utype = it->utype;

-	if (utype == V_ASN1_ANY)

-		{

-		/* If type is ANY need to figure out type from tag */

-		unsigned char oclass;

-		if (tag >= 0)

-			{

-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,

-					ASN1_R_ILLEGAL_TAGGED_ANY);

-			return 0;

-			}

-		if (opt)

-			{

-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,

-					ASN1_R_ILLEGAL_OPTIONAL_ANY);

-			return 0;

-			}

-		p = *in;

-		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,

-					&p, inlen, -1, 0, 0, ctx);

-		if (!ret)

-			{

-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,

-					ERR_R_NESTED_ASN1_ERROR);

-			return 0;

-			}

-		if (oclass != V_ASN1_UNIVERSAL)

-			utype = V_ASN1_OTHER;

-		}

-	if (tag == -1)

-		{

-		tag = utype;

-		aclass = V_ASN1_UNIVERSAL;

-		}

-	p = *in;

-	/* Check header */

-	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,

-				&p, inlen, tag, aclass, opt, ctx);

-	if (!ret)

-		{

-		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);

-		return 0;

-		}

-	else if (ret == -1)

-		return -1;

-        ret = 0;

-	/* SEQUENCE, SET and "OTHER" are left in encoded form */

-	if ((utype == V_ASN1_SEQUENCE)

-		|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))

-		{

-		/* Clear context cache for type OTHER because the auto clear

-		 * when we have a exact match wont work

-		 */

-		if (utype == V_ASN1_OTHER)

-			{

-			asn1_tlc_clear(ctx);

-			}

-		/* SEQUENCE and SET must be constructed */

-		else if (!cst)

-			{

-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,

-				ASN1_R_TYPE_NOT_CONSTRUCTED);

-			return 0;

-			}

-		cont = *in;

-		/* If indefinite length constructed find the real end */

-		if (inf)

-			{

-			if (!asn1_find_end(&p, plen, inf))

-				 goto err;

-			len = p - cont;

-			}

-		else

-			{

-			len = p - cont + plen;

-			p += plen;

-			buf.data = NULL;

-			}

-		}

-	else if (cst)

-		{

-		buf.length = 0;

-		buf.max = 0;

-		buf.data = NULL;

-		/* Should really check the internal tags are correct but

-		 * some things may get this wrong. The relevant specs

-		 * say that constructed string types should be OCTET STRINGs

-		 * internally irrespective of the type. So instead just check

-		 * for UNIVERSAL class and ignore the tag.

-		 */

-		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))

-			{

-			free_cont = 1;

-			goto err;

-			}

-		len = buf.length;

-		/* Append a final null to string */

-		if (!BUF_MEM_grow_clean(&buf, len + 1))

-			{

-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,

-						ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		buf.data[len] = 0;

-		cont = (const unsigned char *)buf.data;

-		free_cont = 1;

-		}

-	else

-		{

-		cont = p;

-		len = plen;

-		p += plen;

-		}

-	/* We now have content length and type: translate into a structure */

-	if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))

-		goto err;

-	*in = p;

-	ret = 1;

-	err:

-	if (free_cont && buf.data) OPENSSL_free(buf.data);

-	return ret;

-	}

-/* Translate ASN1 content octets into a structure */

-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,

-			int utype, char *free_cont, const ASN1_ITEM *it)

-	{

-	ASN1_VALUE **opval = NULL;

-	ASN1_STRING *stmp;

-	ASN1_TYPE *typ = NULL;

-	int ret = 0;

-	const ASN1_PRIMITIVE_FUNCS *pf;

-	ASN1_INTEGER **tint;

-	pf = it->funcs;

-	if (pf && pf->prim_c2i)

-		return pf->prim_c2i(pval, cont, len, utype, free_cont, it);

-	/* If ANY type clear type and set pointer to internal value */

-	if (it->utype == V_ASN1_ANY)

-		{

-		if (!*pval)

-			{

-			typ = ASN1_TYPE_new();

-			if (typ == NULL)

-				goto err;

-			*pval = (ASN1_VALUE *)typ;

-			}

-		else

-			typ = (ASN1_TYPE *)*pval;

-		if (utype != typ->type)

-			ASN1_TYPE_set(typ, utype, NULL);

-		opval = pval;

-		pval = (ASN1_VALUE **)&typ->value.ptr;

-		}

-	switch(utype)

-		{

-		case V_ASN1_OBJECT:

-		if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))

-			goto err;

-		break;

-		case V_ASN1_NULL:

-		if (len)

-			{

-			ASN1err(ASN1_F_ASN1_EX_C2I,

-						ASN1_R_NULL_IS_WRONG_LENGTH);

-			goto err;

-			}

-		*pval = (ASN1_VALUE *)1;

-		break;

-		case V_ASN1_BOOLEAN:

-		if (len != 1)

-			{

-			ASN1err(ASN1_F_ASN1_EX_C2I,

-						ASN1_R_BOOLEAN_IS_WRONG_LENGTH);

-			goto err;

-			}

-		else

-			{

-			ASN1_BOOLEAN *tbool;

-			tbool = (ASN1_BOOLEAN *)pval;

-			*tbool = *cont;

-			}

-		break;

-		case V_ASN1_BIT_STRING:

-		if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))

-			goto err;

-		break;

-		case V_ASN1_INTEGER:

-		case V_ASN1_NEG_INTEGER:

-		case V_ASN1_ENUMERATED:

-		case V_ASN1_NEG_ENUMERATED:

-		tint = (ASN1_INTEGER **)pval;

-		if (!c2i_ASN1_INTEGER(tint, &cont, len))

-			goto err;

-		/* Fixup type to match the expected form */

-		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);

-		break;

-		case V_ASN1_OCTET_STRING:

-		case V_ASN1_NUMERICSTRING:

-		case V_ASN1_PRINTABLESTRING:

-		case V_ASN1_T61STRING:

-		case V_ASN1_VIDEOTEXSTRING:

-		case V_ASN1_IA5STRING:

-		case V_ASN1_UTCTIME:

-		case V_ASN1_GENERALIZEDTIME:

-		case V_ASN1_GRAPHICSTRING:

-		case V_ASN1_VISIBLESTRING:

-		case V_ASN1_GENERALSTRING:

-		case V_ASN1_UNIVERSALSTRING:

-		case V_ASN1_BMPSTRING:

-		case V_ASN1_UTF8STRING:

-		case V_ASN1_OTHER:

-		case V_ASN1_SET:

-		case V_ASN1_SEQUENCE:

-		default:

-		/* All based on ASN1_STRING and handled the same */

-		if (!*pval)

-			{

-			stmp = ASN1_STRING_type_new(utype);

-			if (!stmp)

-				{

-				ASN1err(ASN1_F_ASN1_EX_C2I,

-							ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			*pval = (ASN1_VALUE *)stmp;

-			}

-		else

-			{

-			stmp = (ASN1_STRING *)*pval;

-			stmp->type = utype;

-			}

-		/* If we've already allocated a buffer use it */

-		if (*free_cont)

-			{

-			if (stmp->data)

-				OPENSSL_free(stmp->data);

-			stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */

-			stmp->length = len;

-			*free_cont = 0;

-			}

-		else

-			{

-			if (!ASN1_STRING_set(stmp, cont, len))

-				{

-				ASN1err(ASN1_F_ASN1_EX_C2I,

-							ERR_R_MALLOC_FAILURE);

-				ASN1_STRING_free(stmp);

-				*pval = NULL;

-				goto err;

-				}

-			}

-		break;

-		}

-	/* If ASN1_ANY and NULL type fix up value */

-	if (typ && (utype == V_ASN1_NULL))

-		 typ->value.ptr = NULL;

-	ret = 1;

-	err:

-	if (!ret)

-		{

-		ASN1_TYPE_free(typ);

-		if (opval)

-			*opval = NULL;

-		}

-	return ret;

-	}

-/* This function finds the end of an ASN1 structure when passed its maximum

- * length, whether it is indefinite length and a pointer to the content.

- * This is more efficient than calling asn1_collect because it does not

- * recurse on each indefinite length header.

- */

-static int asn1_find_end(const unsigned char **in, long len, char inf)

-	{

-	int expected_eoc;

-	long plen;

-	const unsigned char *p = *in, *q;

-	/* If not indefinite length constructed just add length */

-	if (inf == 0)

-		{

-		*in += len;

-		return 1;

-		}

-	expected_eoc = 1;

-	/* Indefinite length constructed form. Find the end when enough EOCs

-	 * are found. If more indefinite length constructed headers

-	 * are encountered increment the expected eoc count otherwise just

-	 * skip to the end of the data.

-	 */

-	while (len > 0)

-		{

-		if(asn1_check_eoc(&p, len))

-			{

-			expected_eoc--;

-			if (expected_eoc == 0)

-				break;

-			len -= 2;

-			continue;

-			}

-		q = p;

-		/* Just read in a header: only care about the length */

-		if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,

-				-1, 0, 0, NULL))

-			{

-			ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);

-			return 0;

-			}

-		if (inf)

-			expected_eoc++;

-		else

-			p += plen;

-		len -= p - q;

-		}

-	if (expected_eoc)

-		{

-		ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);

-		return 0;

-		}

-	*in = p;

-	return 1;

-	}

-/* This function collects the asn1 data from a constructred string

- * type into a buffer. The values of 'in' and 'len' should refer

- * to the contents of the constructed type and 'inf' should be set

- * if it is indefinite length.

- */

-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,

-				char inf, int tag, int aclass)

-	{

-	const unsigned char *p, *q;

-	long plen;

-	char cst, ininf;

-	p = *in;

-	inf &= 1;

-	/* If no buffer and not indefinite length constructed just pass over

-	 * the encoded data */

-	if (!buf && !inf)

-		{

-		*in += len;

-		return 1;

-		}

-	while(len > 0)

-		{

-		q = p;

-		/* Check for EOC */

-		if (asn1_check_eoc(&p, len))

-			{

-			/* EOC is illegal outside indefinite length

-			 * constructed form */

-			if (!inf)

-				{

-				ASN1err(ASN1_F_ASN1_COLLECT,

-					ASN1_R_UNEXPECTED_EOC);

-				return 0;

-				}

-			inf = 0;

-			break;

-			}

-		if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,

-					len, tag, aclass, 0, NULL))

-			{

-			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);

-			return 0;

-			}

-		/* If indefinite length constructed update max length */

-		if (cst)

-			{

-#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS

-			if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))

-				return 0;

-#else

-			ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);

-			return 0;

-#endif

-			}

-		else if (plen && !collect_data(buf, &p, plen))

-			return 0;

-		len -= p - q;

-		}

-	if (inf)

-		{

-		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);

-		return 0;

-		}

-	*in = p;

-	return 1;

-	}

-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)

-	{

-	int len;

-	if (buf)

-		{

-		len = buf->length;

-		if (!BUF_MEM_grow_clean(buf, len + plen))

-			{

-			ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		memcpy(buf->data + len, *p, plen);

-		}

-	*p += plen;

-	return 1;

-	}

-/* Check for ASN1 EOC and swallow it if found */

-static int asn1_check_eoc(const unsigned char **in, long len)

-	{

-	const unsigned char *p;

-	if (len < 2) return 0;

-	p = *in;

-	if (!p[0] && !p[1])

-		{

-		*in += 2;

-		return 1;

-		}

-	return 0;

-	}

-/* Check an ASN1 tag and length: a bit like ASN1_get_object

- * but it sets the length for indefinite length constructed

- * form, we don't know the exact length but we can set an

- * upper bound to the amount of data available minus the

- * header length just read.

- */

-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,

-				char *inf, char *cst,

-				const unsigned char **in, long len,

-				int exptag, int expclass, char opt,

-				ASN1_TLC *ctx)

-	{

-	int i;

-	int ptag, pclass;

-	long plen;

-	const unsigned char *p, *q;

-	p = *in;

-	q = p;

-	if (ctx && ctx->valid)

-		{

-		i = ctx->ret;

-		plen = ctx->plen;

-		pclass = ctx->pclass;

-		ptag = ctx->ptag;

-		p += ctx->hdrlen;

-		}

-	else

-		{

-		i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);

-		if (ctx)

-			{

-			ctx->ret = i;

-			ctx->plen = plen;

-			ctx->pclass = pclass;

-			ctx->ptag = ptag;

-			ctx->hdrlen = p - q;

-			ctx->valid = 1;

-			/* If definite length, and no error, length +

-			 * header can't exceed total amount of data available.

-			 */

-			if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))

-				{

-				ASN1err(ASN1_F_ASN1_CHECK_TLEN,

-							ASN1_R_TOO_LONG);

-				asn1_tlc_clear(ctx);

-				return 0;

-				}

-			}

-		}

-	if (i & 0x80)

-		{

-		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);

-		asn1_tlc_clear(ctx);

-		return 0;

-		}

-	if (exptag >= 0)

-		{

-		if ((exptag != ptag) || (expclass != pclass))

-			{

-			/* If type is OPTIONAL, not an error:

-			 * indicate missing type.

-			 */

-			if (opt) return -1;

-			asn1_tlc_clear(ctx);

-			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);

-			return 0;

-			}

-		/* We have a tag and class match:

-		 * assume we are going to do something with it */

-		asn1_tlc_clear(ctx);

-		}

-	if (i & 1)

-		plen = len - (p - q);

-	if (inf)

-		*inf = i & 1;

-	if (cst)

-		*cst = i & V_ASN1_CONSTRUCTED;

-	if (olen)

-		*olen = plen;

-	if (oclass)

-		*oclass = pclass;

-	if (otag)

-		*otag = ptag;

-	*in = p;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_enc.c

+++ /dev/null

@@ -1,690 +1,0 @@

-/* tasn_enc.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/objects.h>

-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,

-					const ASN1_ITEM *it,

-					int tag, int aclass);

-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,

-					int skcontlen, const ASN1_ITEM *item,

-					int do_sort, int iclass);

-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,

-					const ASN1_TEMPLATE *tt,

-					int tag, int aclass);

-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,

-					const ASN1_ITEM *it, int flags);

-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder

- * to use indefinite length constructed encoding, where appropriate

- */

-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,

-						const ASN1_ITEM *it)

-	{

-	return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);

-	}

-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)

-	{

-	return asn1_item_flags_i2d(val, out, it, 0);

-	}

-/* Encode an ASN1 item, this is use by the

- * standard 'i2d' function. 'out' points to

- * a buffer to output the data to.

- *

- * The new i2d has one additional feature. If the output

- * buffer is NULL (i.e. *out == NULL) then a buffer is

- * allocated and populated with the encoding.

- */

-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,

-					const ASN1_ITEM *it, int flags)

-	{

-	if (out && !*out)

-		{

-		unsigned char *p, *buf;

-		int len;

-		len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);

-		if (len <= 0)

-			return len;

-		buf = OPENSSL_malloc(len);

-		if (!buf)

-			return -1;

-		p = buf;

-		ASN1_item_ex_i2d(&val, &p, it, -1, flags);

-		*out = buf;

-		return len;

-		}

-	return ASN1_item_ex_i2d(&val, out, it, -1, flags);

-	}

-/* Encode an item, taking care of IMPLICIT tagging (if any).

- * This function performs the normal item handling: it can be

- * used in external types.

- */

-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,

-			const ASN1_ITEM *it, int tag, int aclass)

-	{

-	const ASN1_TEMPLATE *tt = NULL;

-	unsigned char *p = NULL;

-	int i, seqcontlen, seqlen, ndef = 1;

-	const ASN1_COMPAT_FUNCS *cf;

-	const ASN1_EXTERN_FUNCS *ef;

-	const ASN1_AUX *aux = it->funcs;

-	ASN1_aux_cb *asn1_cb = 0;

-	if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)

-		return 0;

-	if (aux && aux->asn1_cb)

-		 asn1_cb = aux->asn1_cb;

-	switch(it->itype)

-		{

-		case ASN1_ITYPE_PRIMITIVE:

-		if (it->templates)

-			return asn1_template_ex_i2d(pval, out, it->templates,

-								tag, aclass);

-		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);

-		break;

-		case ASN1_ITYPE_MSTRING:

-		return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);

-		case ASN1_ITYPE_CHOICE:

-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))

-				return 0;

-		i = asn1_get_choice_selector(pval, it);

-		if ((i >= 0) && (i < it->tcount))

-			{

-			ASN1_VALUE **pchval;

-			const ASN1_TEMPLATE *chtt;

-			chtt = it->templates + i;

-			pchval = asn1_get_field_ptr(pval, chtt);

-			return asn1_template_ex_i2d(pchval, out, chtt,

-								-1, aclass);

-			}

-		/* Fixme: error condition if selector out of range */

-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))

-				return 0;

-		break;

-		case ASN1_ITYPE_EXTERN:

-		/* If new style i2d it does all the work */

-		ef = it->funcs;

-		return ef->asn1_ex_i2d(pval, out, it, tag, aclass);

-		case ASN1_ITYPE_COMPAT:

-		/* old style hackery... */

-		cf = it->funcs;

-		if (out)

-			p = *out;

-		i = cf->asn1_i2d(*pval, out);

-		/* Fixup for IMPLICIT tag: note this messes up for tags > 30,

-		 * but so did the old code. Tags > 30 are very rare anyway.

-		 */

-		if (out && (tag != -1))

-			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);

-		return i;

-		case ASN1_ITYPE_NDEF_SEQUENCE:

-		/* Use indefinite length constructed if requested */

-		if (aclass & ASN1_TFLG_NDEF) ndef = 2;

-		/* fall through */

-		case ASN1_ITYPE_SEQUENCE:

-		i = asn1_enc_restore(&seqcontlen, out, pval, it);

-		/* An error occurred */

-		if (i < 0)

-			return 0;

-		/* We have a valid cached encoding... */

-		if (i > 0)

-			return seqcontlen;

-		/* Otherwise carry on */

-		seqcontlen = 0;

-		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */

-		if (tag == -1)

-			{

-			tag = V_ASN1_SEQUENCE;

-			/* Retain any other flags in aclass */

-			aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)

-					| V_ASN1_UNIVERSAL;

-			}

-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))

-				return 0;

-		/* First work out sequence content length */

-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)

-			{

-			const ASN1_TEMPLATE *seqtt;

-			ASN1_VALUE **pseqval;

-			seqtt = asn1_do_adb(pval, tt, 1);

-			if (!seqtt)

-				return 0;

-			pseqval = asn1_get_field_ptr(pval, seqtt);

-			/* FIXME: check for errors in enhanced version */

-			seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,

-								-1, aclass);

-			}

-		seqlen = ASN1_object_size(ndef, seqcontlen, tag);

-		if (!out)

-			return seqlen;

-		/* Output SEQUENCE header */

-		ASN1_put_object(out, ndef, seqcontlen, tag, aclass);

-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)

-			{

-			const ASN1_TEMPLATE *seqtt;

-			ASN1_VALUE **pseqval;

-			seqtt = asn1_do_adb(pval, tt, 1);

-			if (!seqtt)

-				return 0;

-			pseqval = asn1_get_field_ptr(pval, seqtt);

-			/* FIXME: check for errors in enhanced version */

-			asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);

-			}

-		if (ndef == 2)

-			ASN1_put_eoc(out);

-		if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))

-				return 0;

-		return seqlen;

-		default:

-		return 0;

-		}

-	return 0;

-	}

-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,

-							const ASN1_TEMPLATE *tt)

-	{

-	return asn1_template_ex_i2d(pval, out, tt, -1, 0);

-	}

-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,

-				const ASN1_TEMPLATE *tt, int tag, int iclass)

-	{

-	int i, ret, flags, ttag, tclass, ndef;

-	flags = tt->flags;

-	/* Work out tag and class to use: tagging may come

-	 * either from the template or the arguments, not both

-	 * because this would create ambiguity. Additionally

-	 * the iclass argument may contain some additional flags

-	 * which should be noted and passed down to other levels.

-	 */

-	if (flags & ASN1_TFLG_TAG_MASK)

-		{

-		/* Error if argument and template tagging */

-		if (tag != -1)

-			/* FIXME: error code here */

-			return -1;

-		/* Get tagging from template */

-		ttag = tt->tag;

-		tclass = flags & ASN1_TFLG_TAG_CLASS;

-		}

-	else if (tag != -1)

-		{

-		/* No template tagging, get from arguments */

-		ttag = tag;

-		tclass = iclass & ASN1_TFLG_TAG_CLASS;

-		}

-	else

-		{

-		ttag = -1;

-		tclass = 0;

-		}

-	/*

-	 * Remove any class mask from iflag.

-	 */

-	iclass &= ~ASN1_TFLG_TAG_CLASS;

-	/* At this point 'ttag' contains the outer tag to use,

-	 * 'tclass' is the class and iclass is any flags passed

-	 * to this function.

-	 */

-	/* if template and arguments require ndef, use it */

-	if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))

-		ndef = 2;

-	else ndef = 1;

-	if (flags & ASN1_TFLG_SK_MASK)

-		{

-		/* SET OF, SEQUENCE OF */

-		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;

-		int isset, sktag, skaclass;

-		int skcontlen, sklen;

-		ASN1_VALUE *skitem;

-		if (!*pval)

-			return 0;

-		if (flags & ASN1_TFLG_SET_OF)

-			{

-			isset = 1;

-			/* 2 means we reorder */

-			if (flags & ASN1_TFLG_SEQUENCE_OF)

-				isset = 2;

-			}

-		else isset = 0;

-		/* Work out inner tag value: if EXPLICIT

-		 * or no tagging use underlying type.

-		 */

-		if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))

-			{

-			sktag = ttag;

-			skaclass = tclass;

-			}

-		else

-			{

-			skaclass = V_ASN1_UNIVERSAL;

-			if (isset)

-				sktag = V_ASN1_SET;

-			else sktag = V_ASN1_SEQUENCE;

-			}

-		/* Determine total length of items */

-		skcontlen = 0;

-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)

-			{

-			skitem = sk_ASN1_VALUE_value(sk, i);

-			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,

-						ASN1_ITEM_ptr(tt->item),

-							-1, iclass);

-			}

-		sklen = ASN1_object_size(ndef, skcontlen, sktag);

-		/* If EXPLICIT need length of surrounding tag */

-		if (flags & ASN1_TFLG_EXPTAG)

-			ret = ASN1_object_size(ndef, sklen, ttag);

-		else ret = sklen;

-		if (!out)

-			return ret;

-		/* Now encode this lot... */

-		/* EXPLICIT tag */

-		if (flags & ASN1_TFLG_EXPTAG)

-			ASN1_put_object(out, ndef, sklen, ttag, tclass);

-		/* SET or SEQUENCE and IMPLICIT tag */

-		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);

-		/* And the stuff itself */

-		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),

-								isset, iclass);

-		if (ndef == 2)

-			{

-			ASN1_put_eoc(out);

-			if (flags & ASN1_TFLG_EXPTAG)

-				ASN1_put_eoc(out);

-			}

-		return ret;

-		}

-	if (flags & ASN1_TFLG_EXPTAG)

-		{

-		/* EXPLICIT tagging */

-		/* Find length of tagged item */

-		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),

-								-1, iclass);

-		if (!i)

-			return 0;

-		/* Find length of EXPLICIT tag */

-		ret = ASN1_object_size(ndef, i, ttag);

-		if (out)

-			{

-			/* Output tag and item */

-			ASN1_put_object(out, ndef, i, ttag, tclass);

-			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),

-								-1, iclass);

-			if (ndef == 2)

-				ASN1_put_eoc(out);

-			}

-		return ret;

-		}

-	/* Either normal or IMPLICIT tagging: combine class and flags */

-	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),

-						ttag, tclass | iclass);

-}

-/* Temporary structure used to hold DER encoding of items for SET OF */

-typedef	struct {

-	unsigned char *data;

-	int length;

-	ASN1_VALUE *field;

-} DER_ENC;

-static int der_cmp(const void *a, const void *b)

-	{

-	const DER_ENC *d1 = a, *d2 = b;

-	int cmplen, i;

-	cmplen = (d1->length < d2->length) ? d1->length : d2->length;

-	i = memcmp(d1->data, d2->data, cmplen);

-	if (i)

-		return i;

-	return d1->length - d2->length;

-	}

-/* Output the content octets of SET OF or SEQUENCE OF */

-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,

-					int skcontlen, const ASN1_ITEM *item,

-					int do_sort, int iclass)

-	{

-	int i;

-	ASN1_VALUE *skitem;

-	unsigned char *tmpdat = NULL, *p = NULL;

-	DER_ENC *derlst = NULL, *tder;

-	if (do_sort)

-		 {

-		/* Don't need to sort less than 2 items */

-		if (sk_ASN1_VALUE_num(sk) < 2)

-			do_sort = 0;

-		else

-			{

-			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)

-						* sizeof(*derlst));

-			tmpdat = OPENSSL_malloc(skcontlen);

-			if (!derlst || !tmpdat)

-				return 0;

-			}

-		}

-	/* If not sorting just output each item */

-	if (!do_sort)

-		{

-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)

-			{

-			skitem = sk_ASN1_VALUE_value(sk, i);

-			ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);

-			}

-		return 1;

-		}

-	p = tmpdat;

-	/* Doing sort: build up a list of each member's DER encoding */

-	for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)

-		{

-		skitem = sk_ASN1_VALUE_value(sk, i);

-		tder->data = p;

-		tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);

-		tder->field = skitem;

-		}

-	/* Now sort them */

-	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);

-	/* Output sorted DER encoding */

-	p = *out;

-	for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)

-		{

-		memcpy(p, tder->data, tder->length);

-		p += tder->length;

-		}

-	*out = p;

-	/* If do_sort is 2 then reorder the STACK */

-	if (do_sort == 2)

-		{

-		for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);

-							i++, tder++)

-			(void)sk_ASN1_VALUE_set(sk, i, tder->field);

-		}

-	OPENSSL_free(derlst);

-	OPENSSL_free(tmpdat);

-	return 1;

-	}

-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,

-				const ASN1_ITEM *it, int tag, int aclass)

-	{

-	int len;

-	int utype;

-	int usetag;

-	int ndef = 0;

-	utype = it->utype;

-	/* Get length of content octets and maybe find

-	 * out the underlying type.

-	 */

-	len = asn1_ex_i2c(pval, NULL, &utype, it);

-	/* If SEQUENCE, SET or OTHER then header is

-	 * included in pseudo content octets so don't

-	 * include tag+length. We need to check here

-	 * because the call to asn1_ex_i2c() could change

-	 * utype.

-	 */

-	if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||

-	   (utype == V_ASN1_OTHER))

-		usetag = 0;

-	else usetag = 1;

-	/* -1 means omit type */

-	if (len == -1)

-		return 0;

-	/* -2 return is special meaning use ndef */

-	if (len == -2)

-		{

-		ndef = 2;

-		len = 0;

-		}

-	/* If not implicitly tagged get tag from underlying type */

-	if (tag == -1) tag = utype;

-	/* Output tag+length followed by content octets */

-	if (out)

-		{

-		if (usetag)

-			ASN1_put_object(out, ndef, len, tag, aclass);

-		asn1_ex_i2c(pval, *out, &utype, it);

-		if (ndef)

-			ASN1_put_eoc(out);

-		else

-			*out += len;

-		}

-	if (usetag)

-		return ASN1_object_size(ndef, len, tag);

-	return len;

-	}

-/* Produce content octets from a structure */

-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,

-				const ASN1_ITEM *it)

-	{

-	ASN1_BOOLEAN *tbool = NULL;

-	ASN1_STRING *strtmp;

-	ASN1_OBJECT *otmp;

-	int utype;

-	unsigned char *cont, c;

-	int len;

-	const ASN1_PRIMITIVE_FUNCS *pf;

-	pf = it->funcs;

-	if (pf && pf->prim_i2c)

-		return pf->prim_i2c(pval, cout, putype, it);

-	/* Should type be omitted? */

-	if ((it->itype != ASN1_ITYPE_PRIMITIVE)

-		|| (it->utype != V_ASN1_BOOLEAN))

-		{

-		if (!*pval) return -1;

-		}

-	if (it->itype == ASN1_ITYPE_MSTRING)

-		{

-		/* If MSTRING type set the underlying type */

-		strtmp = (ASN1_STRING *)*pval;

-		utype = strtmp->type;

-		*putype = utype;

-		}

-	else if (it->utype == V_ASN1_ANY)

-		{

-		/* If ANY set type and pointer to value */

-		ASN1_TYPE *typ;

-		typ = (ASN1_TYPE *)*pval;

-		utype = typ->type;

-		*putype = utype;

-		pval = (ASN1_VALUE **)&typ->value.ptr;

-		}

-	else utype = *putype;

-	switch(utype)

-		{

-		case V_ASN1_OBJECT:

-		otmp = (ASN1_OBJECT *)*pval;

-		cont = otmp->data;

-		len = otmp->length;

-		break;

-		case V_ASN1_NULL:

-		cont = NULL;

-		len = 0;

-		break;

-		case V_ASN1_BOOLEAN:

-		tbool = (ASN1_BOOLEAN *)pval;

-		if (*tbool == -1)

-			return -1;

-		if (it->utype != V_ASN1_ANY)

-			{

-			/* Default handling if value == size field then omit */

-			if (*tbool && (it->size > 0))

-				return -1;

-			if (!*tbool && !it->size)

-				return -1;

-			}

-		c = (unsigned char)*tbool;

-		cont = &c;

-		len = 1;

-		break;

-		case V_ASN1_BIT_STRING:

-		return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,

-							cout ? &cout : NULL);

-		break;

-		case V_ASN1_INTEGER:

-		case V_ASN1_NEG_INTEGER:

-		case V_ASN1_ENUMERATED:

-		case V_ASN1_NEG_ENUMERATED:

-		/* These are all have the same content format

-		 * as ASN1_INTEGER

-		 */

-		return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,

-							cout ? &cout : NULL);

-		break;

-		case V_ASN1_OCTET_STRING:

-		case V_ASN1_NUMERICSTRING:

-		case V_ASN1_PRINTABLESTRING:

-		case V_ASN1_T61STRING:

-		case V_ASN1_VIDEOTEXSTRING:

-		case V_ASN1_IA5STRING:

-		case V_ASN1_UTCTIME:

-		case V_ASN1_GENERALIZEDTIME:

-		case V_ASN1_GRAPHICSTRING:

-		case V_ASN1_VISIBLESTRING:

-		case V_ASN1_GENERALSTRING:

-		case V_ASN1_UNIVERSALSTRING:

-		case V_ASN1_BMPSTRING:

-		case V_ASN1_UTF8STRING:

-		case V_ASN1_SEQUENCE:

-		case V_ASN1_SET:

-		default:

-		/* All based on ASN1_STRING and handled the same */

-		strtmp = (ASN1_STRING *)*pval;

-		/* Special handling for NDEF */

-		if ((it->size == ASN1_TFLG_NDEF)

-			&& (strtmp->flags & ASN1_STRING_FLAG_NDEF))

-			{

-			if (cout)

-				{

-				strtmp->data = cout;

-				strtmp->length = 0;

-				}

-			/* Special return code */

-			return -2;

-			}

-		cont = strtmp->data;

-		len = strtmp->length;

-		break;

-		}

-	if (cout && len)

-		memcpy(cout, cont, len);

-	return len;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_fre.c

+++ /dev/null

@@ -1,268 +1,0 @@

-/* tasn_fre.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/objects.h>

-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);

-/* Free up an ASN1 structure */

-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)

-	{

-	asn1_item_combine_free(&val, it, 0);

-	}

-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	asn1_item_combine_free(pval, it, 0);

-	}

-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)

-	{

-	const ASN1_TEMPLATE *tt = NULL, *seqtt;

-	const ASN1_EXTERN_FUNCS *ef;

-	const ASN1_COMPAT_FUNCS *cf;

-	const ASN1_AUX *aux = it->funcs;

-	ASN1_aux_cb *asn1_cb;

-	int i;

-	if (!pval)

-		return;

-	if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)

-		return;

-	if (aux && aux->asn1_cb)

-		asn1_cb = aux->asn1_cb;

-	else

-		asn1_cb = 0;

-	switch(it->itype)

-		{

-		case ASN1_ITYPE_PRIMITIVE:

-		if (it->templates)

-			ASN1_template_free(pval, it->templates);

-		else

-			ASN1_primitive_free(pval, it);

-		break;

-		case ASN1_ITYPE_MSTRING:

-		ASN1_primitive_free(pval, it);

-		break;

-		case ASN1_ITYPE_CHOICE:

-		if (asn1_cb)

-			{

-			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);

-			if (i == 2)

-				return;

-			}

-		i = asn1_get_choice_selector(pval, it);

-		if (asn1_cb)

-			asn1_cb(ASN1_OP_FREE_PRE, pval, it);

-		if ((i >= 0) && (i < it->tcount))

-			{

-			ASN1_VALUE **pchval;

-			tt = it->templates + i;

-			pchval = asn1_get_field_ptr(pval, tt);

-			ASN1_template_free(pchval, tt);

-			}

-		if (asn1_cb)

-			asn1_cb(ASN1_OP_FREE_POST, pval, it);

-		if (!combine)

-			{

-			OPENSSL_free(*pval);

-			*pval = NULL;

-			}

-		break;

-		case ASN1_ITYPE_COMPAT:

-		cf = it->funcs;

-		if (cf && cf->asn1_free)

-			cf->asn1_free(*pval);

-		break;

-		case ASN1_ITYPE_EXTERN:

-		ef = it->funcs;

-		if (ef && ef->asn1_ex_free)

-			ef->asn1_ex_free(pval, it);

-		break;

-		case ASN1_ITYPE_NDEF_SEQUENCE:

-		case ASN1_ITYPE_SEQUENCE:

-		if (asn1_do_lock(pval, -1, it) > 0)

-			return;

-		if (asn1_cb)

-			{

-			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);

-			if (i == 2)

-				return;

-			}

-		asn1_enc_free(pval, it);

-		/* If we free up as normal we will invalidate any

-		 * ANY DEFINED BY field and we wont be able to

-		 * determine the type of the field it defines. So

-		 * free up in reverse order.

-		 */

-		tt = it->templates + it->tcount - 1;

-		for (i = 0; i < it->tcount; tt--, i++)

-			{

-			ASN1_VALUE **pseqval;

-			seqtt = asn1_do_adb(pval, tt, 0);

-			if (!seqtt)

-				continue;

-			pseqval = asn1_get_field_ptr(pval, seqtt);

-			ASN1_template_free(pseqval, seqtt);

-			}

-		if (asn1_cb)

-			asn1_cb(ASN1_OP_FREE_POST, pval, it);

-		if (!combine)

-			{

-			OPENSSL_free(*pval);

-			*pval = NULL;

-			}

-		break;

-		}

-	}

-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)

-	{

-	int i;

-	if (tt->flags & ASN1_TFLG_SK_MASK)

-		{

-		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;

-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)

-			{

-			ASN1_VALUE *vtmp;

-			vtmp = sk_ASN1_VALUE_value(sk, i);

-			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),

-									0);

-			}

-		sk_ASN1_VALUE_free(sk);

-		*pval = NULL;

-		}

-	else

-		asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),

-						tt->flags & ASN1_TFLG_COMBINE);

-	}

-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	int utype;

-	if (it)

-		{

-		const ASN1_PRIMITIVE_FUNCS *pf;

-		pf = it->funcs;

-		if (pf && pf->prim_free)

-			{

-			pf->prim_free(pval, it);

-			return;

-			}

-		}

-	/* Special case: if 'it' is NULL free contents of ASN1_TYPE */

-	if (!it)

-		{

-		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;

-		utype = typ->type;

-		pval = (ASN1_VALUE **)&typ->value.ptr;

-		if (!*pval)

-			return;

-		}

-	else if (it->itype == ASN1_ITYPE_MSTRING)

-		{

-		utype = -1;

-		if (!*pval)

-			return;

-		}

-	else

-		{

-		utype = it->utype;

-		if ((utype != V_ASN1_BOOLEAN) && !*pval)

-			return;

-		}

-	switch(utype)

-		{

-		case V_ASN1_OBJECT:

-		ASN1_OBJECT_free((ASN1_OBJECT *)*pval);

-		break;

-		case V_ASN1_BOOLEAN:

-		if (it)

-			*(ASN1_BOOLEAN *)pval = it->size;

-		else

-			*(ASN1_BOOLEAN *)pval = -1;

-		return;

-		case V_ASN1_NULL:

-		break;

-		case V_ASN1_ANY:

-		ASN1_primitive_free(pval, NULL);

-		OPENSSL_free(*pval);

-		break;

-		default:

-		ASN1_STRING_free((ASN1_STRING *)*pval);

-		*pval = NULL;

-		break;

-		}

-	*pval = NULL;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_new.c

+++ /dev/null

@@ -1,395 +1,0 @@

-/* tasn_new.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/err.h>

-#include <openssl/asn1t.h>

-#include <string.h>

-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,

-								int combine);

-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);

-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);

-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);

-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)

-	{

-	ASN1_VALUE *ret = NULL;

-	if (ASN1_item_ex_new(&ret, it) > 0)

-		return ret;

-	return NULL;

-	}

-/* Allocate an ASN1 structure */

-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	return asn1_item_ex_combine_new(pval, it, 0);

-	}

-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,

-								int combine)

-	{

-	const ASN1_TEMPLATE *tt = NULL;

-	const ASN1_COMPAT_FUNCS *cf;

-	const ASN1_EXTERN_FUNCS *ef;

-	const ASN1_AUX *aux = it->funcs;

-	ASN1_aux_cb *asn1_cb;

-	ASN1_VALUE **pseqval;

-	int i;

-	if (aux && aux->asn1_cb)

-		asn1_cb = aux->asn1_cb;

-	else

-		asn1_cb = 0;

-	if (!combine) *pval = NULL;

-#ifdef CRYPTO_MDEBUG

-	if (it->sname)

-		CRYPTO_push_info(it->sname);

-#endif

-	switch(it->itype)

-		{

-		case ASN1_ITYPE_EXTERN:

-		ef = it->funcs;

-		if (ef && ef->asn1_ex_new)

-			{

-			if (!ef->asn1_ex_new(pval, it))

-				goto memerr;

-			}

-		break;

-		case ASN1_ITYPE_COMPAT:

-		cf = it->funcs;

-		if (cf && cf->asn1_new) {

-			*pval = cf->asn1_new();

-			if (!*pval)

-				goto memerr;

-		}

-		break;

-		case ASN1_ITYPE_PRIMITIVE:

-		if (it->templates)

-			{

-			if (!ASN1_template_new(pval, it->templates))

-				goto memerr;

-			}

-		else if (!ASN1_primitive_new(pval, it))

-				goto memerr;

-		break;

-		case ASN1_ITYPE_MSTRING:

-		if (!ASN1_primitive_new(pval, it))

-				goto memerr;

-		break;

-		case ASN1_ITYPE_CHOICE:

-		if (asn1_cb)

-			{

-			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);

-			if (!i)

-				goto auxerr;

-			if (i==2)

-				{

-#ifdef CRYPTO_MDEBUG

-				if (it->sname)

-					CRYPTO_pop_info();

-#endif

-				return 1;

-				}

-			}

-		if (!combine)

-			{

-			*pval = OPENSSL_malloc(it->size);

-			if (!*pval)

-				goto memerr;

-			memset(*pval, 0, it->size);

-			}

-		asn1_set_choice_selector(pval, -1, it);

-		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))

-				goto auxerr;

-		break;

-		case ASN1_ITYPE_NDEF_SEQUENCE:

-		case ASN1_ITYPE_SEQUENCE:

-		if (asn1_cb)

-			{

-			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);

-			if (!i)

-				goto auxerr;

-			if (i==2)

-				{

-#ifdef CRYPTO_MDEBUG

-				if (it->sname)

-					CRYPTO_pop_info();

-#endif

-				return 1;

-				}

-			}

-		if (!combine)

-			{

-			*pval = OPENSSL_malloc(it->size);

-			if (!*pval)

-				goto memerr;

-			memset(*pval, 0, it->size);

-			asn1_do_lock(pval, 0, it);

-			asn1_enc_init(pval, it);

-			}

-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)

-			{

-			pseqval = asn1_get_field_ptr(pval, tt);

-			if (!ASN1_template_new(pseqval, tt))

-				goto memerr;

-			}

-		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))

-				goto auxerr;

-		break;

-	}

-#ifdef CRYPTO_MDEBUG

-	if (it->sname) CRYPTO_pop_info();

-#endif

-	return 1;

-	memerr:

-	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);

-#ifdef CRYPTO_MDEBUG

-	if (it->sname) CRYPTO_pop_info();

-#endif

-	return 0;

-	auxerr:

-	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);

-	ASN1_item_ex_free(pval, it);

-#ifdef CRYPTO_MDEBUG

-	if (it->sname) CRYPTO_pop_info();

-#endif

-	return 0;

-	}

-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	const ASN1_EXTERN_FUNCS *ef;

-	switch(it->itype)

-		{

-		case ASN1_ITYPE_EXTERN:

-		ef = it->funcs;

-		if (ef && ef->asn1_ex_clear)

-			ef->asn1_ex_clear(pval, it);

-		else *pval = NULL;

-		break;

-		case ASN1_ITYPE_PRIMITIVE:

-		if (it->templates)

-			asn1_template_clear(pval, it->templates);

-		else

-			asn1_primitive_clear(pval, it);

-		break;

-		case ASN1_ITYPE_MSTRING:

-		asn1_primitive_clear(pval, it);

-		break;

-		case ASN1_ITYPE_COMPAT:

-		case ASN1_ITYPE_CHOICE:

-		case ASN1_ITYPE_SEQUENCE:

-		case ASN1_ITYPE_NDEF_SEQUENCE:

-		*pval = NULL;

-		break;

-		}

-	}

-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)

-	{

-	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);

-	int ret;

-	if (tt->flags & ASN1_TFLG_OPTIONAL)

-		{

-		asn1_template_clear(pval, tt);

-		return 1;

-		}

-	/* If ANY DEFINED BY nothing to do */

-	if (tt->flags & ASN1_TFLG_ADB_MASK)

-		{

-		*pval = NULL;

-		return 1;

-		}

-#ifdef CRYPTO_MDEBUG

-	if (tt->field_name)

-		CRYPTO_push_info(tt->field_name);

-#endif

-	/* If SET OF or SEQUENCE OF, its a STACK */

-	if (tt->flags & ASN1_TFLG_SK_MASK)

-		{

-		STACK_OF(ASN1_VALUE) *skval;

-		skval = sk_ASN1_VALUE_new_null();

-		if (!skval)

-			{

-			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);

-			ret = 0;

-			goto done;

-			}

-		*pval = (ASN1_VALUE *)skval;

-		ret = 1;

-		goto done;

-		}

-	/* Otherwise pass it back to the item routine */

-	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);

-	done:

-#ifdef CRYPTO_MDEBUG

-	if (it->sname)

-		CRYPTO_pop_info();

-#endif

-	return ret;

-	}

-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)

-	{

-	/* If ADB or STACK just NULL the field */

-	if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK))

-		*pval = NULL;

-	else

-		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));

-	}

-/* NB: could probably combine most of the real XXX_new() behaviour and junk

- * all the old functions.

- */

-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	ASN1_TYPE *typ;

-	int utype;

-	if (it && it->funcs)

-		{

-		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;

-		if (pf->prim_new)

-			return pf->prim_new(pval, it);

-		}

-	if (!it || (it->itype == ASN1_ITYPE_MSTRING))

-		utype = -1;

-	else

-		utype = it->utype;

-	switch(utype)

-		{

-		case V_ASN1_OBJECT:

-		*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);

-		return 1;

-		case V_ASN1_BOOLEAN:

-		if (it)

-			*(ASN1_BOOLEAN *)pval = it->size;

-		else

-			*(ASN1_BOOLEAN *)pval = -1;

-		return 1;

-		case V_ASN1_NULL:

-		*pval = (ASN1_VALUE *)1;

-		return 1;

-		case V_ASN1_ANY:

-		typ = OPENSSL_malloc(sizeof(ASN1_TYPE));

-		if (!typ)

-			return 0;

-		typ->value.ptr = NULL;

-		typ->type = -1;

-		*pval = (ASN1_VALUE *)typ;

-		break;

-		default:

-		*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);

-		break;

-		}

-	if (*pval)

-		return 1;

-	return 0;

-	}

-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	int utype;

-	if (it && it->funcs)

-		{

-		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;

-		if (pf->prim_clear)

-			pf->prim_clear(pval, it);

-		else

-			*pval = NULL;

-		return;

-		}

-	if (!it || (it->itype == ASN1_ITYPE_MSTRING))

-		utype = -1;

-	else

-		utype = it->utype;

-	if (utype == V_ASN1_BOOLEAN)

-		*(ASN1_BOOLEAN *)pval = it->size;

-	else *pval = NULL;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_prn.c

+++ /dev/null

@@ -1,198 +1,0 @@

-/* tasn_prn.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-#include <openssl/err.h>

-#include <openssl/nasn.h>

-/* Print routines. Print out a whole structure from a template.

- */

-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);

-int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)

-{

-	return asn1_item_print_nm(out, fld, indent, it, it->sname);

-}

-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)

-{

-	ASN1_STRING *str;

-	const ASN1_TEMPLATE *tt;

-	void *tmpfld;

-	int i;

-	if(!fld) {

-		BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);

-		return 1;

-	}

-	switch(it->itype) {

-		case ASN1_ITYPE_PRIMITIVE:

-		if(it->templates)

-			return ASN1_template_print(out, fld, indent, it->templates);

-		return asn1_primitive_print(out, fld, it->utype, indent, name);

-		break;

-		case ASN1_ITYPE_MSTRING:

-		str = fld;

-		return asn1_primitive_print(out, fld, str->type, indent, name);

-		case ASN1_ITYPE_EXTERN:

-		BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");

-		return 1;

-		case ASN1_ITYPE_COMPAT:

-		BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");

-		return 1;

-		case ASN1_ITYPE_CHOICE:

-		/* CHOICE type, get selector */

-		i = asn1_get_choice_selector(fld, it);

-		/* This should never happen... */

-		if((i < 0) || (i >= it->tcount)) {

-			BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);

-			return 1;

-		}

-		tt = it->templates + i;

-		tmpfld = asn1_get_field(fld, tt);

-		return ASN1_template_print(out, tmpfld, indent, tt);

-		case ASN1_ITYPE_SEQUENCE:

-		BIO_printf(out, "%*s%s {\n", indent, "", name);

-		/* Get each field entry */

-		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {

-			tmpfld = asn1_get_field(fld, tt);

-			ASN1_template_print(out, tmpfld, indent + 2, tt);

-		}

-		BIO_printf(out, "%*s}\n", indent, "");

-		return 1;

-		default:

-		return 0;

-	}

-}

-int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)

-{

-	int i, flags;

-#if 0

-	if(!fld) return 0;

-#endif

-	flags = tt->flags;

-	if(flags & ASN1_TFLG_SK_MASK) {

-		char *tname;

-		void *skitem;

-		/* SET OF, SEQUENCE OF */

-		if(flags & ASN1_TFLG_SET_OF) tname = "SET";

-		else tname = "SEQUENCE";

-		if(fld) {

-			BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);

-			for(i = 0; i < sk_num(fld); i++) {

-				skitem = sk_value(fld, i);

-				asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");

-			}

-			BIO_printf(out, "%*s}\n", indent, "");

-		} else

-			BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);

-		return 1;

-	}

-	return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);

-}

-static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)

-{

-	ASN1_STRING *str = fld;

-	if(fld) {

-		if(utype == V_ASN1_BOOLEAN) {

-			int *bool = fld;

-if(*bool == -1) printf("BOOL MISSING\n");

-			BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");

-		} else if((utype == V_ASN1_INTEGER)

-			  || (utype == V_ASN1_ENUMERATED)) {

-			char *s, *nm;

-			s = i2s_ASN1_INTEGER(NULL, fld);

-			if(utype == V_ASN1_INTEGER) nm = "INTEGER";

-			else nm = "ENUMERATED";

-			BIO_printf(out, "%*s%s:%s", indent, "", nm, s);

-			OPENSSL_free(s);

-		} else if(utype == V_ASN1_NULL) {

-			BIO_printf(out, "%*s%s", indent, "", "NULL");

-		} else if(utype == V_ASN1_UTCTIME) {

-			BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");

-			ASN1_UTCTIME_print(out, str);

-		} else if(utype == V_ASN1_GENERALIZEDTIME) {

-			BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");

-			ASN1_GENERALIZEDTIME_print(out, str);

-		} else if(utype == V_ASN1_OBJECT) {

-			char objbuf[80], *ln;

-			ln = OBJ_nid2ln(OBJ_obj2nid(fld));

-			if(!ln) ln = "";

-			OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);

-			BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);

-		} else {

-			BIO_printf(out, "%*s%s:", indent, "", name);

-			ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);

-		}

-		BIO_printf(out, "\n");

-	} else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_typ.c

+++ /dev/null

@@ -1,137 +1,0 @@

-/* tasn_typ.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-/* Declarations for string types */

-IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)

-IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)

-IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)

-IMPLEMENT_ASN1_TYPE(ASN1_NULL)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)

-IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)

-IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)

-IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)

-IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)

-IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)

-IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)

-IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)

-IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)

-IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)

-IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)

-IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)

-IMPLEMENT_ASN1_TYPE(ASN1_ANY)

-/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */

-IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)

-IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)

-/* Multistring types */

-IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)

-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)

-IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)

-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)

-IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)

-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)

-/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */

-IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)

-IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)

-IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)

-/* Special, OCTET STRING with indefinite length constructed support */

-IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)

--- a/sys/src/ape/lib/openssl/crypto/asn1/tasn_utl.c

+++ /dev/null

@@ -1,279 +1,0 @@

-/* tasn_utl.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <string.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/objects.h>

-#include <openssl/err.h>

-/* Utility functions for manipulating fields and offsets */

-/* Add 'offset' to 'addr' */

-#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)

-/* Given an ASN1_ITEM CHOICE type return

- * the selector value

- */

-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	int *sel = offset2ptr(*pval, it->utype);

-	return *sel;

-	}

-/* Given an ASN1_ITEM CHOICE type set

- * the selector value, return old value.

- */

-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)

-	{

-	int *sel, ret;

-	sel = offset2ptr(*pval, it->utype);

-	ret = *sel;

-	*sel = value;

-	return ret;

-	}

-/* Do reference counting. The value 'op' decides what to do.

- * if it is +1 then the count is incremented. If op is 0 count is

- * set to 1. If op is -1 count is decremented and the return value

- * is the current refrence count or 0 if no reference count exists.

- */

-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)

-	{

-	const ASN1_AUX *aux;

-	int *lck, ret;

-	if ((it->itype != ASN1_ITYPE_SEQUENCE)

-	   && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))

-		return 0;

-	aux = it->funcs;

-	if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))

-		return 0;

-	lck = offset2ptr(*pval, aux->ref_offset);

-	if (op == 0)

-		{

-		*lck = 1;

-		return 1;

-		}

-	ret = CRYPTO_add(lck, op, aux->ref_lock);

-#ifdef REF_PRINT

-	fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);

-#endif

-#ifdef REF_CHECK

-	if (ret < 0)

-		fprintf(stderr, "%s, bad reference count\n", it->sname);

-#endif

-	return ret;

-	}

-static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	const ASN1_AUX *aux;

-	if (!pval || !*pval)

-		return NULL;

-	aux = it->funcs;

-	if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))

-		return NULL;

-	return offset2ptr(*pval, aux->enc_offset);

-	}

-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	ASN1_ENCODING *enc;

-	enc = asn1_get_enc_ptr(pval, it);

-	if (enc)

-		{

-		enc->enc = NULL;

-		enc->len = 0;

-		enc->modified = 1;

-		}

-	}

-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	ASN1_ENCODING *enc;

-	enc = asn1_get_enc_ptr(pval, it);

-	if (enc)

-		{

-		if (enc->enc)

-			OPENSSL_free(enc->enc);

-		enc->enc = NULL;

-		enc->len = 0;

-		enc->modified = 1;

-		}

-	}

-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,

-							 const ASN1_ITEM *it)

-	{

-	ASN1_ENCODING *enc;

-	enc = asn1_get_enc_ptr(pval, it);

-	if (!enc)

-		return 1;

-	if (enc->enc)

-		OPENSSL_free(enc->enc);

-	enc->enc = OPENSSL_malloc(inlen);

-	if (!enc->enc)

-		return 0;

-	memcpy(enc->enc, in, inlen);

-	enc->len = inlen;

-	enc->modified = 0;

-	return 1;

-	}

-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,

-							const ASN1_ITEM *it)

-	{

-	ASN1_ENCODING *enc;

-	enc = asn1_get_enc_ptr(pval, it);

-	if (!enc || enc->modified)

-		return 0;

-	if (out)

-		{

-		memcpy(*out, enc->enc, enc->len);

-		*out += enc->len;

-		}

-	if (len)

-		*len = enc->len;

-	return 1;

-	}

-/* Given an ASN1_TEMPLATE get a pointer to a field */

-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)

-	{

-	ASN1_VALUE **pvaltmp;

-	if (tt->flags & ASN1_TFLG_COMBINE)

-		return pval;

-	pvaltmp = offset2ptr(*pval, tt->offset);

-	/* NOTE for BOOLEAN types the field is just a plain

- 	 * int so we can't return int **, so settle for

-	 * (int *).

-	 */

-	return pvaltmp;

-	}

-/* Handle ANY DEFINED BY template, find the selector, look up

- * the relevant ASN1_TEMPLATE in the table and return it.

- */

-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,

-								int nullerr)

-	{

-	const ASN1_ADB *adb;

-	const ASN1_ADB_TABLE *atbl;

-	long selector;

-	ASN1_VALUE **sfld;

-	int i;

-	if (!(tt->flags & ASN1_TFLG_ADB_MASK))

-		return tt;

-	/* Else ANY DEFINED BY ... get the table */

-	adb = ASN1_ADB_ptr(tt->item);

-	/* Get the selector field */

-	sfld = offset2ptr(*pval, adb->offset);

-	/* Check if NULL */

-	if (!sfld)

-		{

-		if (!adb->null_tt)

-			goto err;

-		return adb->null_tt;

-		}

-	/* Convert type to a long:

-	 * NB: don't check for NID_undef here because it

-	 * might be a legitimate value in the table

-	 */

-	if (tt->flags & ASN1_TFLG_ADB_OID)

-		selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);

-	else

-		selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);

-	/* Try to find matching entry in table

-	 * Maybe should check application types first to

-	 * allow application override? Might also be useful

-	 * to have a flag which indicates table is sorted and

-	 * we can do a binary search. For now stick to a

-	 * linear search.

-	 */

-	for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)

-		if (atbl->value == selector)

-			return &atbl->tt;

-	/* FIXME: need to search application table too */

-	/* No match, return default type */

-	if (!adb->default_tt)

-		goto err;

-	return adb->default_tt;

-	err:

-	/* FIXME: should log the value or OID of unsupported type */

-	if (nullerr)

-		ASN1err(ASN1_F_ASN1_DO_ADB,

-			ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);

-	return NULL;

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_algor.c

+++ /dev/null

@@ -1,73 +1,0 @@

-/* x_algor.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <openssl/x509.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-ASN1_SEQUENCE(X509_ALGOR) = {

-	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),

-	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)

-} ASN1_SEQUENCE_END(X509_ALGOR)

-IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)

-IMPLEMENT_STACK_OF(X509_ALGOR)

-IMPLEMENT_ASN1_SET_OF(X509_ALGOR)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_attrib.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* crypto/asn1/x_attrib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/objects.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-/* X509_ATTRIBUTE: this has the following form:

- *

- * typedef struct x509_attributes_st

- *	{

- *	ASN1_OBJECT *object;

- *	int single;

- *	union	{

- *		char		*ptr;

- * 		STACK_OF(ASN1_TYPE) *set;

- * 		ASN1_TYPE	*single;

- *		} value;

- *	} X509_ATTRIBUTE;

- *

- * this needs some extra thought because the CHOICE type is

- * merged with the main structure and because the value can

- * be anything at all we *must* try the SET OF first because

- * the ASN1_ANY type will swallow anything including the whole

- * SET OF structure.

- */

-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {

-	ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),

-	ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)

-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)

-ASN1_SEQUENCE(X509_ATTRIBUTE) = {

-	ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),

-	/* CHOICE type merged with parent */

-	ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)

-} ASN1_SEQUENCE_END(X509_ATTRIBUTE)

-IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)

-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)

-	{

-	X509_ATTRIBUTE *ret=NULL;

-	ASN1_TYPE *val=NULL;

-	if ((ret=X509_ATTRIBUTE_new()) == NULL)

-		return(NULL);

-	ret->object=OBJ_nid2obj(nid);

-	ret->single=0;

-	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;

-	if ((val=ASN1_TYPE_new()) == NULL) goto err;

-	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;

-	ASN1_TYPE_set(val,atrtype,value);

-	return(ret);

-err:

-	if (ret != NULL) X509_ATTRIBUTE_free(ret);

-	if (val != NULL) ASN1_TYPE_free(val);

-	return(NULL);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_bignum.c

+++ /dev/null

@@ -1,139 +1,0 @@

-/* x_bignum.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/bn.h>

-/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a

- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all

- * BIGNUMs used are non negative and anything that looks negative is normally due

- * to an encoding error.

- */

-#define BN_SENSITIVE	1

-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);

-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);

-static ASN1_PRIMITIVE_FUNCS bignum_pf = {

-	NULL, 0,

-	bn_new,

-	bn_free,

-	0,

-	bn_c2i,

-	bn_i2c

-};

-ASN1_ITEM_start(BIGNUM)

-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"

-ASN1_ITEM_end(BIGNUM)

-ASN1_ITEM_start(CBIGNUM)

-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"

-ASN1_ITEM_end(CBIGNUM)

-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	*pval = (ASN1_VALUE *)BN_new();

-	if(*pval) return 1;

-	else return 0;

-}

-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(!*pval) return;

-	if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);

-	else BN_free((BIGNUM *)*pval);

-	*pval = NULL;

-}

-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)

-{

-	BIGNUM *bn;

-	int pad;

-	if(!*pval) return -1;

-	bn = (BIGNUM *)*pval;

-	/* If MSB set in an octet we need a padding byte */

-	if(BN_num_bits(bn) & 0x7) pad = 0;

-	else pad = 1;

-	if(cont) {

-		if(pad) *cont++ = 0;

-		BN_bn2bin(bn, cont);

-	}

-	return pad + BN_num_bytes(bn);

-}

-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,

-		  int utype, char *free_cont, const ASN1_ITEM *it)

-{

-	BIGNUM *bn;

-	if(!*pval) bn_new(pval, it);

-	bn  = (BIGNUM *)*pval;

-	if(!BN_bin2bn(cont, len, bn)) {

-		bn_free(pval, it);

-		return 0;

-	}

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_crl.c

+++ /dev/null

@@ -1,140 +1,0 @@

-/* crypto/asn1/x_crl.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,

-				const X509_REVOKED * const *b);

-ASN1_SEQUENCE(X509_REVOKED) = {

-	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),

-	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),

-	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)

-} ASN1_SEQUENCE_END(X509_REVOKED)

-/* The X509_CRL_INFO structure needs a bit of customisation.

- * Since we cache the original encoding the signature wont be affected by

- * reordering of the revoked field.

- */

-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;

-	if(!a || !a->revoked) return 1;

-	switch(operation) {

-		/* Just set cmp function here. We don't sort because that

-		 * would affect the output of X509_CRL_print().

-		 */

-		case ASN1_OP_D2I_POST:

-		(void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);

-		break;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {

-	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),

-	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),

-	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),

-	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),

-	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),

-	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),

-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)

-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)

-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {

-	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),

-	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),

-	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)

-IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)

-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)

-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)

-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,

-			const X509_REVOKED * const *b)

-	{

-	return(ASN1_STRING_cmp(

-		(ASN1_STRING *)(*a)->serialNumber,

-		(ASN1_STRING *)(*b)->serialNumber));

-	}

-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)

-{

-	X509_CRL_INFO *inf;

-	inf = crl->crl;

-	if(!inf->revoked)

-		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);

-	if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {

-		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	inf->enc.modified = 1;

-	return 1;

-}

-IMPLEMENT_STACK_OF(X509_REVOKED)

-IMPLEMENT_ASN1_SET_OF(X509_REVOKED)

-IMPLEMENT_STACK_OF(X509_CRL)

-IMPLEMENT_ASN1_SET_OF(X509_CRL)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_exten.c

+++ /dev/null

@@ -1,71 +1,0 @@

-/* x_exten.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stddef.h>

-#include <openssl/x509.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-ASN1_SEQUENCE(X509_EXTENSION) = {

-	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),

-	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),

-	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(X509_EXTENSION)

-IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_info.c

+++ /dev/null

@@ -1,114 +1,0 @@

-/* crypto/asn1/x_info.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-X509_INFO *X509_INFO_new(void)

-	{

-	X509_INFO *ret=NULL;

-	ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));

-	if (ret == NULL)

-		{

-		ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-        ret->enc_cipher.cipher=NULL;

-        ret->enc_len=0;

-        ret->enc_data=NULL;

-	ret->references=1;

-	ret->x509=NULL;

-	ret->crl=NULL;

-	ret->x_pkey=NULL;

-	return(ret);

-	}

-void X509_INFO_free(X509_INFO *x)

-	{

-	int i;

-	if (x == NULL) return;

-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);

-#ifdef REF_PRINT

-	REF_PRINT("X509_INFO",x);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"X509_INFO_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if (x->x509 != NULL) X509_free(x->x509);

-	if (x->crl != NULL) X509_CRL_free(x->crl);

-	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);

-	if (x->enc_data != NULL) OPENSSL_free(x->enc_data);

-	OPENSSL_free(x);

-	}

-IMPLEMENT_STACK_OF(X509_INFO)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_long.c

+++ /dev/null

@@ -1,171 +1,0 @@

-/* x_long.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/bn.h>

-/* Custom primitive type for long handling. This converts between an ASN1_INTEGER

- * and a long directly.

- */

-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);

-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);

-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);

-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);

-static ASN1_PRIMITIVE_FUNCS long_pf = {

-	NULL, 0,

-	long_new,

-	long_free,

-	long_free,	/* Clear should set to initial value */

-	long_c2i,

-	long_i2c

-};

-ASN1_ITEM_start(LONG)

-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"

-ASN1_ITEM_end(LONG)

-ASN1_ITEM_start(ZLONG)

-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"

-ASN1_ITEM_end(ZLONG)

-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	*(long *)pval = it->size;

-	return 1;

-}

-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	*(long *)pval = it->size;

-}

-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)

-{

-	long ltmp;

-	unsigned long utmp;

-	int clen, pad, i;

-	/* this exists to bypass broken gcc optimization */

-	char *cp = (char *)pval;

-	/* use memcpy, because we may not be long aligned */

-	memcpy(&ltmp, cp, sizeof(long));

-	if(ltmp == it->size) return -1;

-	/* Convert the long to positive: we subtract one if negative so

-	 * we can cleanly handle the padding if only the MSB of the leading

-	 * octet is set.

-	 */

-	if(ltmp < 0) utmp = -ltmp - 1;

-	else utmp = ltmp;

-	clen = BN_num_bits_word(utmp);

-	/* If MSB of leading octet set we need to pad */

-	if(!(clen & 0x7)) pad = 1;

-	else pad = 0;

-	/* Convert number of bits to number of octets */

-	clen = (clen + 7) >> 3;

-	if(cont) {

-		if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;

-		for(i = clen - 1; i >= 0; i--) {

-			cont[i] = (unsigned char)(utmp & 0xff);

-			if(ltmp < 0) cont[i] ^= 0xff;

-			utmp >>= 8;

-		}

-	}

-	return clen + pad;

-}

-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,

-		    int utype, char *free_cont, const ASN1_ITEM *it)

-{

-	int neg, i;

-	long ltmp;

-	unsigned long utmp = 0;

-	char *cp = (char *)pval;

-	if(len > (int)sizeof(long)) {

-		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

-		return 0;

-	}

-	/* Is it negative? */

-	if(len && (cont[0] & 0x80)) neg = 1;

-	else neg = 0;

-	utmp = 0;

-	for(i = 0; i < len; i++) {

-		utmp <<= 8;

-		if(neg) utmp |= cont[i] ^ 0xff;

-		else utmp |= cont[i];

-	}

-	ltmp = (long)utmp;

-	if(neg) {

-		ltmp++;

-		ltmp = -ltmp;

-	}

-	if(ltmp == it->size) {

-		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

-		return 0;

-	}

-	memcpy(cp, &ltmp, sizeof(long));

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_name.c

+++ /dev/null

@@ -1,275 +1,0 @@

-/* crypto/asn1/x_name.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,

-					int tag, int aclass, char opt, ASN1_TLC *ctx);

-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);

-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);

-static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);

-static int x509_name_encode(X509_NAME *a);

-ASN1_SEQUENCE(X509_NAME_ENTRY) = {

-	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),

-	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)

-} ASN1_SEQUENCE_END(X509_NAME_ENTRY)

-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)

-/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }

- * so declare two template wrappers for this

- */

-ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)

-ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)

-ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)

-ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)

-/* Normally that's where it would end: we'd have two nested STACK structures

- * representing the ASN1. Unfortunately X509_NAME uses a completely different

- * form and caches encodings so we have to process the internal form and convert

- * to the external form.

- */

-const ASN1_EXTERN_FUNCS x509_name_ff = {

-	NULL,

-	x509_name_ex_new,

-	x509_name_ex_free,

-	0,	/* Default clear behaviour is OK */

-	x509_name_ex_d2i,

-	x509_name_ex_i2d

-};

-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)

-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)

-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)

-{

-	X509_NAME *ret = NULL;

-	ret = OPENSSL_malloc(sizeof(X509_NAME));

-	if(!ret) goto memerr;

-	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)

-		goto memerr;

-	if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;

-	ret->modified=1;

-	*val = (ASN1_VALUE *)ret;

-	return 1;

- memerr:

-	ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);

-	if (ret)

-		{

-		if (ret->entries)

-			sk_X509_NAME_ENTRY_free(ret->entries);

-		OPENSSL_free(ret);

-		}

-	return 0;

-}

-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	X509_NAME *a;

-	if(!pval || !*pval)

-	    return;

-	a = (X509_NAME *)*pval;

-	BUF_MEM_free(a->bytes);

-	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);

-	OPENSSL_free(a);

-	*pval = NULL;

-}

-/* Used with sk_pop_free() to free up the internal representation.

- * NB: we only free the STACK and not its contents because it is

- * already present in the X509_NAME structure.

- */

-static void sk_internal_free(void *a)

-{

-	sk_free(a);

-}

-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,

-					int tag, int aclass, char opt, ASN1_TLC *ctx)

-{

-	const unsigned char *p = *in, *q;

-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};

-	union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};

-	int i, j, ret;

-	STACK_OF(X509_NAME_ENTRY) *entries;

-	X509_NAME_ENTRY *entry;

-	q = p;

-	/* Get internal representation of Name */

-	ret = ASN1_item_ex_d2i(&intname.a,

-			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),

-			       tag, aclass, opt, ctx);

-	if(ret <= 0) return ret;

-	if(*val) x509_name_ex_free(val, NULL);

-	if(!x509_name_ex_new(&nm.a, NULL)) goto err;

-	/* We've decoded it: now cache encoding */

-	if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;

-	memcpy(nm.x->bytes->data, q, p - q);

-	/* Convert internal representation to X509_NAME structure */

-	for(i = 0; i < sk_num(intname.s); i++) {

-		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);

-		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {

-			entry = sk_X509_NAME_ENTRY_value(entries, j);

-			entry->set = i;

-			if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))

-				goto err;

-		}

-		sk_X509_NAME_ENTRY_free(entries);

-	}

-	sk_free(intname.s);

-	nm.x->modified = 0;

-	*val = nm.a;

-	*in = p;

-	return ret;

-	err:

-	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);

-	return 0;

-}

-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)

-{

-	int ret;

-	X509_NAME *a = (X509_NAME *)*val;

-	if(a->modified) {

-		ret = x509_name_encode((X509_NAME *)a);

-		if(ret < 0) return ret;

-	}

-	ret = a->bytes->length;

-	if(out != NULL) {

-		memcpy(*out,a->bytes->data,ret);

-		*out+=ret;

-	}

-	return ret;

-}

-static int x509_name_encode(X509_NAME *a)

-{

-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};

-	int len;

-	unsigned char *p;

-	STACK_OF(X509_NAME_ENTRY) *entries = NULL;

-	X509_NAME_ENTRY *entry;

-	int i, set = -1;

-	intname.s = sk_new_null();

-	if(!intname.s) goto memerr;

-	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {

-		entry = sk_X509_NAME_ENTRY_value(a->entries, i);

-		if(entry->set != set) {

-			entries = sk_X509_NAME_ENTRY_new_null();

-			if(!entries) goto memerr;

-			if(!sk_push(intname.s, (char *)entries)) goto memerr;

-			set = entry->set;

-		}

-		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;

-	}

-	len = ASN1_item_ex_i2d(&intname.a, NULL,

-			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);

-	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;

-	p=(unsigned char *)a->bytes->data;

-	ASN1_item_ex_i2d(&intname.a,

-			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);

-	sk_pop_free(intname.s, sk_internal_free);

-	a->modified = 0;

-	return len;

-	memerr:

-	sk_pop_free(intname.s, sk_internal_free);

-	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);

-	return -1;

-}

-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)

-	{

-	X509_NAME *in;

-	if (!xn || !name) return(0);

-	if (*xn != name)

-		{

-		in=X509_NAME_dup(name);

-		if (in != NULL)

-			{

-			X509_NAME_free(*xn);

-			*xn=in;

-			}

-		}

-	return(*xn != NULL);

-	}

-IMPLEMENT_STACK_OF(X509_NAME_ENTRY)

-IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_pkey.c

+++ /dev/null

@@ -1,151 +1,0 @@

-/* crypto/asn1/x_pkey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/asn1_mac.h>

-#include <openssl/x509.h>

-/* need to implement */

-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)

-	{

-	return(0);

-	}

-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)

-	{

-	int i;

-	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);

-	M_ASN1_D2I_Init();

-	M_ASN1_D2I_start_sequence();

-	M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);

-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);

-	ret->cipher.cipher=EVP_get_cipherbyname(

-		OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));

-	if (ret->cipher.cipher == NULL)

-		{

-		c.error=ASN1_R_UNSUPPORTED_CIPHER;

-		c.line=__LINE__;

-		goto err;

-		}

-	if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING)

-		{

-		i=ret->enc_algor->parameter->value.octet_string->length;

-		if (i > EVP_MAX_IV_LENGTH)

-			{

-			c.error=ASN1_R_IV_TOO_LARGE;

-			c.line=__LINE__;

-			goto err;

-			}

-		memcpy(ret->cipher.iv,

-			ret->enc_algor->parameter->value.octet_string->data,i);

-		}

-	else

-		memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);

-	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);

-	}

-X509_PKEY *X509_PKEY_new(void)

-	{

-	X509_PKEY *ret=NULL;

-	ASN1_CTX c;

-	M_ASN1_New_Malloc(ret,X509_PKEY);

-	ret->version=0;

-	M_ASN1_New(ret->enc_algor,X509_ALGOR_new);

-	M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);

-	ret->dec_pkey=NULL;

-	ret->key_length=0;

-	ret->key_data=NULL;

-	ret->key_free=0;

-	ret->cipher.cipher=NULL;

-	memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);

-	ret->references=1;

-	return(ret);

-	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);

-	}

-void X509_PKEY_free(X509_PKEY *x)

-	{

-	int i;

-	if (x == NULL) return;

-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("X509_PKEY",x);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"X509_PKEY_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);

-	if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);

-	if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);

-	if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);

-	OPENSSL_free(x);

-	}

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_pubkey.c

+++ /dev/null

@@ -1,531 +1,0 @@

-/* crypto/asn1/x_pubkey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-/* Minor tweak to operation: free up EVP_PKEY */

-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-	{

-	if (operation == ASN1_OP_FREE_POST)

-		{

-		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;

-		EVP_PKEY_free(pubkey->pkey);

-		}

-	return 1;

-	}

-ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {

-	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),

-	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)

-IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)

-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)

-	{

-	X509_PUBKEY *pk=NULL;

-	X509_ALGOR *a;

-	ASN1_OBJECT *o;

-	unsigned char *s,*p = NULL;

-	int i;

-	if (x == NULL) return(0);

-	if ((pk=X509_PUBKEY_new()) == NULL) goto err;

-	a=pk->algor;

-	/* set the algorithm id */

-	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;

-	ASN1_OBJECT_free(a->algorithm);

-	a->algorithm=o;

-	/* Set the parameter list */

-	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))

-		{

-		if ((a->parameter == NULL) ||

-			(a->parameter->type != V_ASN1_NULL))

-			{

-			ASN1_TYPE_free(a->parameter);

-			if (!(a->parameter=ASN1_TYPE_new()))

-				{

-				X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			a->parameter->type=V_ASN1_NULL;

-			}

-		}

-#ifndef OPENSSL_NO_DSA

-	else if (pkey->type == EVP_PKEY_DSA)

-		{

-		unsigned char *pp;

-		DSA *dsa;

-		dsa=pkey->pkey.dsa;

-		dsa->write_params=0;

-		ASN1_TYPE_free(a->parameter);

-		if ((i=i2d_DSAparams(dsa,NULL)) <= 0)

-			goto err;

-		if (!(p=(unsigned char *)OPENSSL_malloc(i)))

-			{

-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		pp=p;

-		i2d_DSAparams(dsa,&pp);

-		if (!(a->parameter=ASN1_TYPE_new()))

-			{

-			OPENSSL_free(p);

-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		a->parameter->type=V_ASN1_SEQUENCE;

-		if (!(a->parameter->value.sequence=ASN1_STRING_new()))

-			{

-			OPENSSL_free(p);

-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))

-			{

-			OPENSSL_free(p);

-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		OPENSSL_free(p);

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	else if (pkey->type == EVP_PKEY_EC)

-		{

-		int nid=0;

-		unsigned char *pp;

-		EC_KEY *ec_key;

-		const EC_GROUP *group;

-		ec_key = pkey->pkey.ec;

-		ASN1_TYPE_free(a->parameter);

-		if ((a->parameter = ASN1_TYPE_new()) == NULL)

-			{

-			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		group = EC_KEY_get0_group(ec_key);

-		if (EC_GROUP_get_asn1_flag(group)

-                     && (nid = EC_GROUP_get_curve_name(group)))

-			{

-			/* just set the OID */

-			a->parameter->type = V_ASN1_OBJECT;

-			a->parameter->value.object = OBJ_nid2obj(nid);

-			}

-		else /* explicit parameters */

-			{

-			if ((i = i2d_ECParameters(ec_key, NULL)) == 0)

-				{

-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);

-				goto err;

-				}

-			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)

-				{

-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			pp = p;

-			if (!i2d_ECParameters(ec_key, &pp))

-				{

-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);

-				OPENSSL_free(p);

-				goto err;

-				}

-			a->parameter->type = V_ASN1_SEQUENCE;

-			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)

-				{

-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);

-				OPENSSL_free(p);

-				goto err;

-				}

-			ASN1_STRING_set(a->parameter->value.sequence, p, i);

-			OPENSSL_free(p);

-			}

-		}

-#endif

-	else if (1)

-		{

-		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);

-		goto err;

-		}

-	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;

-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)

-		{

-		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	p=s;

-	i2d_PublicKey(pkey,&p);

-	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))

-		{

-		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-  	/* Set number of unused bits to zero */

-	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

-	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;

-	OPENSSL_free(s);

-#if 0

-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);

-	pk->pkey=pkey;

-#endif

-	if (*x != NULL)

-		X509_PUBKEY_free(*x);

-	*x=pk;

-	return 1;

-err:

-	if (pk != NULL) X509_PUBKEY_free(pk);

-	return 0;

-	}

-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)

-	{

-	EVP_PKEY *ret=NULL;

-	long j;

-	int type;

-	const unsigned char *p;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)

-	const unsigned char *cp;

-	X509_ALGOR *a;

-#endif

-	if (key == NULL) goto err;

-	if (key->pkey != NULL)

-		{

-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);

-		return(key->pkey);

-		}

-	if (key->public_key == NULL) goto err;

-	type=OBJ_obj2nid(key->algor->algorithm);

-	if ((ret = EVP_PKEY_new()) == NULL)

-		{

-		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	ret->type = EVP_PKEY_type(type);

-	/* the parameters must be extracted before the public key (ECDSA!) */

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)

-	a=key->algor;

-#endif

-	if (0)

-		;

-#ifndef OPENSSL_NO_DSA

-	else if (ret->type == EVP_PKEY_DSA)

-		{

-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))

-			{

-			if ((ret->pkey.dsa = DSA_new()) == NULL)

-				{

-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			ret->pkey.dsa->write_params=0;

-			cp=p=a->parameter->value.sequence->data;

-			j=a->parameter->value.sequence->length;

-			if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))

-				goto err;

-			}

-		ret->save_parameters=1;

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	else if (ret->type == EVP_PKEY_EC)

-		{

-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))

-			{

-			/* type == V_ASN1_SEQUENCE => we have explicit parameters

-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )

-			 */

-			if ((ret->pkey.ec= EC_KEY_new()) == NULL)

-				{

-				X509err(X509_F_X509_PUBKEY_GET,

-					ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			cp = p = a->parameter->value.sequence->data;

-			j = a->parameter->value.sequence->length;

-			if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))

-				{

-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);

-				goto err;

-				}

-			}

-		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))

-			{

-			/* type == V_ASN1_OBJECT => the parameters are given

-			 * by an asn1 OID

-			 */

-			EC_KEY   *ec_key;

-			EC_GROUP *group;

-			if (ret->pkey.ec == NULL)

-				ret->pkey.ec = EC_KEY_new();

-			ec_key = ret->pkey.ec;

-			if (ec_key == NULL)

-				goto err;

-			group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));

-			if (group == NULL)

-				goto err;

-			EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);

-			if (EC_KEY_set_group(ec_key, group) == 0)

-				goto err;

-			EC_GROUP_free(group);

-			}

-			/* the case implicitlyCA is currently not implemented */

-		ret->save_parameters = 1;

-		}

-#endif

-	p=key->public_key->data;

-        j=key->public_key->length;

-        if (!d2i_PublicKey(type, &ret, &p, (long)j))

-		{

-		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);

-		goto err;

-		}

-	key->pkey = ret;

-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);

-	return(ret);

-err:

-	if (ret != NULL)

-		EVP_PKEY_free(ret);

-	return(NULL);

-	}

-/* Now two pseudo ASN1 routines that take an EVP_PKEY structure

- * and encode or decode as X509_PUBKEY

- */

-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,

-	     long length)

-	{

-	X509_PUBKEY *xpk;

-	EVP_PKEY *pktmp;

-	xpk = d2i_X509_PUBKEY(NULL, pp, length);

-	if(!xpk) return NULL;

-	pktmp = X509_PUBKEY_get(xpk);

-	X509_PUBKEY_free(xpk);

-	if(!pktmp) return NULL;

-	if(a)

-		{

-		EVP_PKEY_free(*a);

-		*a = pktmp;

-		}

-	return pktmp;

-	}

-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)

-	{

-	X509_PUBKEY *xpk=NULL;

-	int ret;

-	if(!a) return 0;

-	if(!X509_PUBKEY_set(&xpk, a)) return 0;

-	ret = i2d_X509_PUBKEY(xpk, pp);

-	X509_PUBKEY_free(xpk);

-	return ret;

-	}

-/* The following are equivalents but which return RSA and DSA

- * keys

- */

-#ifndef OPENSSL_NO_RSA

-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,

-	     long length)

-	{

-	EVP_PKEY *pkey;

-	RSA *key;

-	const unsigned char *q;

-	q = *pp;

-	pkey = d2i_PUBKEY(NULL, &q, length);

-	if (!pkey) return NULL;

-	key = EVP_PKEY_get1_RSA(pkey);

-	EVP_PKEY_free(pkey);

-	if (!key) return NULL;

-	*pp = q;

-	if (a)

-		{

-		RSA_free(*a);

-		*a = key;

-		}

-	return key;

-	}

-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)

-	{

-	EVP_PKEY *pktmp;

-	int ret;

-	if (!a) return 0;

-	pktmp = EVP_PKEY_new();

-	if (!pktmp)

-		{

-		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	EVP_PKEY_set1_RSA(pktmp, a);

-	ret = i2d_PUBKEY(pktmp, pp);

-	EVP_PKEY_free(pktmp);

-	return ret;

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,

-	     long length)

-	{

-	EVP_PKEY *pkey;

-	DSA *key;

-	const unsigned char *q;

-	q = *pp;

-	pkey = d2i_PUBKEY(NULL, &q, length);

-	if (!pkey) return NULL;

-	key = EVP_PKEY_get1_DSA(pkey);

-	EVP_PKEY_free(pkey);

-	if (!key) return NULL;

-	*pp = q;

-	if (a)

-		{

-		DSA_free(*a);

-		*a = key;

-		}

-	return key;

-	}

-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)

-	{

-	EVP_PKEY *pktmp;

-	int ret;

-	if(!a) return 0;

-	pktmp = EVP_PKEY_new();

-	if(!pktmp)

-		{

-		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	EVP_PKEY_set1_DSA(pktmp, a);

-	ret = i2d_PUBKEY(pktmp, pp);

-	EVP_PKEY_free(pktmp);

-	return ret;

-	}

-#endif

-#ifndef OPENSSL_NO_EC

-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)

-	{

-	EVP_PKEY *pkey;

-	EC_KEY *key;

-	const unsigned char *q;

-	q = *pp;

-	pkey = d2i_PUBKEY(NULL, &q, length);

-	if (!pkey) return(NULL);

-	key = EVP_PKEY_get1_EC_KEY(pkey);

-	EVP_PKEY_free(pkey);

-	if (!key)  return(NULL);

-	*pp = q;

-	if (a)

-		{

-		EC_KEY_free(*a);

-		*a = key;

-		}

-	return(key);

-	}

-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)

-	{

-	EVP_PKEY *pktmp;

-	int ret;

-	if (!a)	return(0);

-	if ((pktmp = EVP_PKEY_new()) == NULL)

-		{

-		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	EVP_PKEY_set1_EC_KEY(pktmp, a);

-	ret = i2d_PUBKEY(pktmp, pp);

-	EVP_PKEY_free(pktmp);

-	return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_req.c

+++ /dev/null

@@ -1,112 +1,0 @@

-/* crypto/asn1/x_req.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-/* X509_REQ_INFO is handled in an unusual way to get round

- * invalid encodings. Some broken certificate requests don't

- * encode the attributes field if it is empty. This is in

- * violation of PKCS#10 but we need to tolerate it. We do

- * this by making the attributes field OPTIONAL then using

- * the callback to initialise it to an empty STACK.

- *

- * This means that the field will be correctly encoded unless

- * we NULL out the field.

- *

- * As a result we no longer need the req_kludge field because

- * the information is now contained in the attributes field:

- * 1. If it is NULL then it's the invalid omission.

- * 2. If it is empty it is the correct encoding.

- * 3. If it is not empty then some attributes are present.

- *

- */

-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;

-	if(operation == ASN1_OP_NEW_POST) {

-		rinf->attributes = sk_X509_ATTRIBUTE_new_null();

-		if(!rinf->attributes) return 0;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {

-	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),

-	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),

-	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),

-	/* This isn't really OPTIONAL but it gets round invalid

-	 * encodings

-	 */

-	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)

-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)

-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)

-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {

-	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),

-	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),

-	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)

-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_sig.c

+++ /dev/null

@@ -1,69 +1,0 @@

-/* crypto/asn1/x_sig.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-ASN1_SEQUENCE(X509_SIG) = {

-	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),

-	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(X509_SIG)

-IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_spki.c

+++ /dev/null

@@ -1,81 +1,0 @@

-/* crypto/asn1/x_spki.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

- /* This module was send to me my Pat Richards <[email protected]> who

-  * wrote it.  It is under my Copyright with his permission

-  */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/asn1t.h>

-ASN1_SEQUENCE(NETSCAPE_SPKAC) = {

-	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),

-	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)

-} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)

-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)

-ASN1_SEQUENCE(NETSCAPE_SPKI) = {

-	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),

-	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),

-	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END(NETSCAPE_SPKI)

-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_val.c

+++ /dev/null

@@ -1,69 +1,0 @@

-/* crypto/asn1/x_val.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-ASN1_SEQUENCE(X509_VAL) = {

-	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),

-	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)

-} ASN1_SEQUENCE_END(X509_VAL)

-IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_x509.c

+++ /dev/null

@@ -1,202 +1,0 @@

-/* crypto/asn1/x_x509.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-ASN1_SEQUENCE(X509_CINF) = {

-	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),

-	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),

-	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),

-	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),

-	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),

-	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),

-	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),

-	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),

-	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),

-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)

-} ASN1_SEQUENCE_END(X509_CINF)

-IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)

-/* X509 top level structure needs a bit of customisation */

-extern void policy_cache_free(X509_POLICY_CACHE *cache);

-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	X509 *ret = (X509 *)*pval;

-	switch(operation) {

-		case ASN1_OP_NEW_POST:

-		ret->valid=0;

-		ret->name = NULL;

-		ret->ex_flags = 0;

-		ret->ex_pathlen = -1;

-		ret->skid = NULL;

-		ret->akid = NULL;

-#ifndef OPENSSL_NO_RFC3779

-		ret->rfc3779_addr = NULL;

-		ret->rfc3779_asid = NULL;

-#endif

-		ret->aux = NULL;

-		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);

-		break;

-		case ASN1_OP_D2I_POST:

-		if (ret->name != NULL) OPENSSL_free(ret->name);

-		ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);

-		break;

-		case ASN1_OP_FREE_POST:

-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);

-		X509_CERT_AUX_free(ret->aux);

-		ASN1_OCTET_STRING_free(ret->skid);

-		AUTHORITY_KEYID_free(ret->akid);

-		policy_cache_free(ret->policy_cache);

-#ifndef OPENSSL_NO_RFC3779

-		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);

-		ASIdentifiers_free(ret->rfc3779_asid);

-#endif

-		if (ret->name != NULL) OPENSSL_free(ret->name);

-		break;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {

-	ASN1_SIMPLE(X509, cert_info, X509_CINF),

-	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),

-	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END_ref(X509, X509)

-IMPLEMENT_ASN1_FUNCTIONS(X509)

-IMPLEMENT_ASN1_DUP_FUNCTION(X509)

-static ASN1_METHOD meth=

-    {

-    (I2D_OF(void))  i2d_X509,

-    (D2I_OF(void)) d2i_X509,

-    (void *(*)(void))X509_new,

-    (void (*)(void *)) X509_free

-    };

-ASN1_METHOD *X509_asn1_meth(void)

-	{

-	return(&meth);

-	}

-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-        {

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,

-				new_func, dup_func, free_func);

-        }

-int X509_set_ex_data(X509 *r, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));

-	}

-void *X509_get_ex_data(X509 *r, int idx)

-	{

-	return(CRYPTO_get_ex_data(&r->ex_data,idx));

-	}

-/* X509_AUX ASN1 routines. X509_AUX is the name given to

- * a certificate with extra info tagged on the end. Since these

- * functions set how a certificate is trusted they should only

- * be used when the certificate comes from a reliable source

- * such as local storage.

- *

- */

-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)

-{

-	const unsigned char *q;

-	X509 *ret;

-	/* Save start position */

-	q = *pp;

-	ret = d2i_X509(a, pp, length);

-	/* If certificate unreadable then forget it */

-	if(!ret) return NULL;

-	/* update length */

-	length -= *pp - q;

-	if(!length) return ret;

-	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;

-	return ret;

-	err:

-	X509_free(ret);

-	return NULL;

-}

-int i2d_X509_AUX(X509 *a, unsigned char **pp)

-{

-	int length;

-	length = i2d_X509(a, pp);

-	if(a) length += i2d_X509_CERT_AUX(a->aux, pp);

-	return length;

-}

--- a/sys/src/ape/lib/openssl/crypto/asn1/x_x509a.c

+++ /dev/null

@@ -1,180 +1,0 @@

-/* a_x509a.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509.h>

-/* X509_CERT_AUX routines. These are used to encode additional

- * user modifiable data about a certificate. This data is

- * appended to the X509 encoding when the *_X509_AUX routines

- * are used. This means that the "traditional" X509 routines

- * will simply ignore the extra data.

- */

-static X509_CERT_AUX *aux_get(X509 *x);

-ASN1_SEQUENCE(X509_CERT_AUX) = {

-	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),

-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),

-	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),

-	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),

-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)

-} ASN1_SEQUENCE_END(X509_CERT_AUX)

-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)

-static X509_CERT_AUX *aux_get(X509 *x)

-{

-	if(!x) return NULL;

-	if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;

-	return x->aux;

-}

-int X509_alias_set1(X509 *x, unsigned char *name, int len)

-{

-	X509_CERT_AUX *aux;

-	if (!name)

-		{

-		if (!x || !x->aux || !x->aux->alias)

-			return 1;

-		ASN1_UTF8STRING_free(x->aux->alias);

-		x->aux->alias = NULL;

-		return 1;

-		}

-	if(!(aux = aux_get(x))) return 0;

-	if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;

-	return ASN1_STRING_set(aux->alias, name, len);

-}

-int X509_keyid_set1(X509 *x, unsigned char *id, int len)

-{

-	X509_CERT_AUX *aux;

-	if (!id)

-		{

-		if (!x || !x->aux || !x->aux->keyid)

-			return 1;

-		ASN1_OCTET_STRING_free(x->aux->keyid);

-		x->aux->keyid = NULL;

-		return 1;

-		}

-	if(!(aux = aux_get(x))) return 0;

-	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;

-	return ASN1_STRING_set(aux->keyid, id, len);

-}

-unsigned char *X509_alias_get0(X509 *x, int *len)

-{

-	if(!x->aux || !x->aux->alias) return NULL;

-	if(len) *len = x->aux->alias->length;

-	return x->aux->alias->data;

-}

-unsigned char *X509_keyid_get0(X509 *x, int *len)

-{

-	if(!x->aux || !x->aux->keyid) return NULL;

-	if(len) *len = x->aux->keyid->length;

-	return x->aux->keyid->data;

-}

-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)

-{

-	X509_CERT_AUX *aux;

-	ASN1_OBJECT *objtmp;

-	if(!(objtmp = OBJ_dup(obj))) return 0;

-	if(!(aux = aux_get(x))) return 0;

-	if(!aux->trust

-		&& !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;

-	return sk_ASN1_OBJECT_push(aux->trust, objtmp);

-}

-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)

-{

-	X509_CERT_AUX *aux;

-	ASN1_OBJECT *objtmp;

-	if(!(objtmp = OBJ_dup(obj))) return 0;

-	if(!(aux = aux_get(x))) return 0;

-	if(!aux->reject

-		&& !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;

-	return sk_ASN1_OBJECT_push(aux->reject, objtmp);

-}

-void X509_trust_clear(X509 *x)

-{

-	if(x->aux && x->aux->trust) {

-		sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);

-		x->aux->trust = NULL;

-	}

-}

-void X509_reject_clear(X509 *x)

-{

-	if(x->aux && x->aux->reject) {

-		sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);

-		x->aux->reject = NULL;

-	}

-}

-ASN1_SEQUENCE(X509_CERT_PAIR) = {

-	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),

-	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)

-} ASN1_SEQUENCE_END(X509_CERT_PAIR)

-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)

--- a/sys/src/ape/lib/openssl/crypto/bf/COPYRIGHT

+++ /dev/null

@@ -1,46 +1,0 @@

-Copyright (C) 1995-1997 Eric Young ([email protected])

-All rights reserved.

-This package is an Blowfish implementation written

-by Eric Young ([email protected]).

-This library is free for commercial and non-commercial use as long as

-the following conditions are aheared to.  The following conditions

-apply to all code found in this distribution.

-Copyright remains Eric Young's, and as such any Copyright notices in

-the code are not to be removed.

-Redistribution and use in source and binary forms, with or without

-modification, are permitted provided that the following conditions

-are met:

-1. Redistributions of source code must retain the copyright

-   notice, this list of conditions and the following disclaimer.

-2. Redistributions in binary form must reproduce the above copyright

-   notice, this list of conditions and the following disclaimer in the

-   documentation and/or other materials provided with the distribution.

-3. All advertising materials mentioning features or use of this software

-   must display the following acknowledgement:

-   This product includes software developed by Eric Young ([email protected])

-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

-SUCH DAMAGE.

-The license and distribution terms for any publically available version or

-derivative of this code cannot be changed.  i.e. this code cannot simply be

-copied and put under another distrubution license

-[including the GNU Public License.]

-The reason behind this being stated in this direct manner is past

-experience in code simply being copied and the attribution removed

-from it and then being distributed as part of other packages. This

-implementation was a non-trivial and unpaid effort.

--- a/sys/src/ape/lib/openssl/crypto/bf/INSTALL

+++ /dev/null

@@ -1,14 +1,0 @@

-This Eric Young's blowfish implementation, taken from his SSLeay library

-and made available as a separate library.

-The version number (0.7.2m) is the SSLeay version that this library was

-taken from.

-To build, just unpack and type make.

-If you are not using gcc, edit the Makefile.

-If you are compiling for an x86 box, try the assembler (it needs improving).

-There are also some compile time options that can improve performance,

-these are documented in the Makefile.

-eric 15-Apr-1997

--- a/sys/src/ape/lib/openssl/crypto/bf/Makefile

+++ /dev/null

@@ -1,107 +1,0 @@

-#

-# OpenSSL/crypto/blowfish/Makefile

-#

-DIR=	bf

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-BF_ENC=		bf_enc.o

-# or use

-#DES_ENC=	bx86-elf.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=bftest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c

-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o

-SRC= $(LIBSRC)

-EXHEADER= blowfish.h

-HEADER=	bf_pi.h bf_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)

-# COFF

-bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)

-# a.out

-bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-# We need to use force because 'install' matches 'INSTALL' on case

-# insensitive systems

-FRC.install:

-install: FRC.install

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h

-bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h

-bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h

-bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-bf_ecb.o: bf_ecb.c bf_locl.h

-bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h

-bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h

-bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h

-bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c

-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h

-bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c

--- a/sys/src/ape/lib/openssl/crypto/bf/README

+++ /dev/null

@@ -1,8 +1,0 @@

-This is a quick packaging up of my blowfish code into a library.

-It has been lifted from SSLeay.

-The copyright notices seem a little harsh because I have not spent the

-time to rewrite the conditions from the normal SSLeay ones.

-Basically if you just want to play with the library, not a problem.

-eric 15-Apr-1997

--- a/sys/src/ape/lib/openssl/crypto/bf/VERSION

+++ /dev/null

@@ -1,6 +1,0 @@

-The version numbers will follow my SSL implementation

-0.7.2r - Some reasonable default compiler options from

-	Peter Gutman <[email protected]>

-0.7.2m - the first release

--- a/sys/src/ape/lib/openssl/crypto/bf/asm/bf-586.pl

+++ /dev/null

@@ -1,136 +1,0 @@

-#!/usr/local/bin/perl

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-require "cbc.pl";

-&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");

-$BF_ROUNDS=16;

-$BF_OFF=($BF_ROUNDS+2)*4;

-$L="edi";

-$R="esi";

-$P="ebp";

-$tmp1="eax";

-$tmp2="ebx";

-$tmp3="ecx";

-$tmp4="edx";

-&BF_encrypt("BF_encrypt",1);

-&BF_encrypt("BF_decrypt",0);

-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);

-&asm_finish();

-sub BF_encrypt

-	{

-	local($name,$enc)=@_;

-	&function_begin_B($name,"");

-	&comment("");

-	&push("ebp");

-	&push("ebx");

-	&mov($tmp2,&wparam(0));

-	&mov($P,&wparam(1));

-	&push("esi");

-	&push("edi");

-	&comment("Load the 2 words");

-	&mov($L,&DWP(0,$tmp2,"",0));

-	&mov($R,&DWP(4,$tmp2,"",0));

-	&xor(	$tmp1,	$tmp1);

-	# encrypting part

-	if ($enc)

-		{

-		 &mov($tmp2,&DWP(0,$P,"",0));

-		&xor(	$tmp3,	$tmp3);

-		&xor($L,$tmp2);

-		for ($i=0; $i<$BF_ROUNDS; $i+=2)

-			{

-			&comment("");

-			&comment("Round $i");

-			&BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);

-			&comment("");

-			&comment("Round ".sprintf("%d",$i+1));

-			&BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);

-			}

-		# &mov($tmp1,&wparam(0)); In last loop

-		&mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));

-		}

-	else

-		{

-		 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));

-		&xor(	$tmp3,	$tmp3);

-		&xor($L,$tmp2);

-		for ($i=$BF_ROUNDS; $i>0; $i-=2)

-			{

-			&comment("");

-			&comment("Round $i");

-			&BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);

-			&comment("");

-			&comment("Round ".sprintf("%d",$i-1));

-			&BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);

-			}

-		# &mov($tmp1,&wparam(0)); In last loop

-		&mov($tmp4,&DWP(0,$P,"",0));

-		}

-	&xor($R,$tmp4);

-	&mov(&DWP(4,$tmp1,"",0),$L);

-	&mov(&DWP(0,$tmp1,"",0),$R);

-	&function_end($name);

-	}

-sub BF_ENCRYPT

-	{

-	local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;

-	&mov(	$tmp4,		&DWP(&n2a($i*4),$P,"",0)); # for next round

-	&mov(	$tmp2,		$R);

-	&xor(	$L,		$tmp4);

-	&shr(	$tmp2,		16);

-	&mov(	$tmp4,		$R);

-	&movb(	&LB($tmp1),	&HB($tmp2));	# A

-	&and(	$tmp2,		0xff);		# B

-	&movb(	&LB($tmp3),	&HB($tmp4));	# C

-	&and(	$tmp4,		0xff);		# D

-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));

-	&mov(	$tmp2,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));

-	&add(	$tmp2,		$tmp1);

-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));

-	&xor(	$tmp2,		$tmp1);

-	&mov(	$tmp4,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));

-	&add(	$tmp2,		$tmp4);

-	if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))

-		{ &xor(	$tmp1,		$tmp1); }

-	else

-		{

-		&comment("Load parameter 0 ($i) enc=$enc");

-		&mov($tmp1,&wparam(0));

-		} # In last loop

-	&xor(	$L,		$tmp2);

-	# delay

-	}

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/asm/bf-686.pl

+++ /dev/null

@@ -1,127 +1,0 @@

-#!/usr/local/bin/perl

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-require "cbc.pl";

-&asm_init($ARGV[0],"bf-686.pl");

-$BF_ROUNDS=16;

-$BF_OFF=($BF_ROUNDS+2)*4;

-$L="ecx";

-$R="edx";

-$P="edi";

-$tot="esi";

-$tmp1="eax";

-$tmp2="ebx";

-$tmp3="ebp";

-&des_encrypt("BF_encrypt",1);

-&des_encrypt("BF_decrypt",0);

-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);

-&asm_finish();

-&file_end();

-sub des_encrypt

-	{

-	local($name,$enc)=@_;

-	&function_begin($name,"");

-	&comment("");

-	&comment("Load the 2 words");

-	&mov("eax",&wparam(0));

-	&mov($L,&DWP(0,"eax","",0));

-	&mov($R,&DWP(4,"eax","",0));

-	&comment("");

-	&comment("P pointer, s and enc flag");

-	&mov($P,&wparam(1));

-	&xor(	$tmp1,	$tmp1);

-	&xor(	$tmp2,	$tmp2);

-	# encrypting part

-	if ($enc)

-		{

-		&xor($L,&DWP(0,$P,"",0));

-		for ($i=0; $i<$BF_ROUNDS; $i+=2)

-			{

-			&comment("");

-			&comment("Round $i");

-			&BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);

-			&comment("");

-			&comment("Round ".sprintf("%d",$i+1));

-			&BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);

-			}

-		&xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));

-		&mov("eax",&wparam(0));

-		&mov(&DWP(0,"eax","",0),$R);

-		&mov(&DWP(4,"eax","",0),$L);

-		&function_end_A($name);

-		}

-	else

-		{

-		&xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));

-		for ($i=$BF_ROUNDS; $i>0; $i-=2)

-			{

-			&comment("");

-			&comment("Round $i");

-			&BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);

-			&comment("");

-			&comment("Round ".sprintf("%d",$i-1));

-			&BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);

-			}

-		&xor($R,&DWP(0,$P,"",0));

-		&mov("eax",&wparam(0));

-		&mov(&DWP(0,"eax","",0),$R);

-		&mov(&DWP(4,"eax","",0),$L);

-		&function_end_A($name);

-		}

-	&function_end_B($name);

-	}

-sub BF_ENCRYPT

-	{

-	local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;

-	&rotr(	$R,		16);

-	&mov(	$tot,		&DWP(&n2a($i*4),$P,"",0));

-	&movb(	&LB($tmp1),	&HB($R));

-	&movb(	&LB($tmp2),	&LB($R));

-	&rotr(	$R,		16);

-	&xor(	$L,		$tot);

-	&mov(	$tot,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));

-	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));

-	&movb(	&LB($tmp1),	&HB($R));

-	&movb(	&LB($tmp2),	&LB($R));

-	&add(	$tot,		$tmp3);

-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay

-	&xor(	$tot,		$tmp1);

-	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));

-	&add(	$tot,		$tmp3);

-	&xor(	$tmp1,		$tmp1);

-	&xor(	$L,		$tot);

-	# delay

-	}

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/asm/readme

+++ /dev/null

@@ -1,10 +1,0 @@

-There are blowfish assembler generation scripts.

-bf-586.pl version is for the pentium and

-bf-686.pl is my original version, which is faster on the pentium pro.

-When using a bf-586.pl, the pentium pro/II is %8 slower than using

-bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower

-than bf-586.pl

-So the default is bf-586.pl

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_cbc.c

+++ /dev/null

@@ -1,143 +1,0 @@

-/* crypto/bf/bf_cbc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/blowfish.h>

-#include "bf_locl.h"

-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)

-	{

-	register BF_LONG tin0,tin1;

-	register BF_LONG tout0,tout1,xor0,xor1;

-	register long l=length;

-	BF_LONG tin[2];

-	if (encrypt)

-		{

-		n2l(ivec,tout0);

-		n2l(ivec,tout1);

-		ivec-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_encrypt(tin,schedule);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2n(tout0,out);

-			l2n(tout1,out);

-			}

-		if (l != -8)

-			{

-			n2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_encrypt(tin,schedule);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2n(tout0,out);

-			l2n(tout1,out);

-			}

-		l2n(tout0,ivec);

-		l2n(tout1,ivec);

-		}

-	else

-		{

-		n2l(ivec,xor0);

-		n2l(ivec,xor1);

-		ivec-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_decrypt(tin,schedule);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2n(tout0,out);

-			l2n(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_decrypt(tin,schedule);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2nn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		l2n(xor0,ivec);

-		l2n(xor1,ivec);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_cfb64.c

+++ /dev/null

@@ -1,121 +1,0 @@

-/* crypto/bf/bf_cfb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/blowfish.h>

-#include "bf_locl.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)

-	{

-	register BF_LONG v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	BF_LONG ti[2];

-	unsigned char *iv,c,cc;

-	iv=(unsigned char *)ivec;

-	if (encrypt)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				n2l(iv,v0); ti[0]=v0;

-				n2l(iv,v1); ti[1]=v1;

-				BF_encrypt((BF_LONG *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2n(t,iv);

-				t=ti[1]; l2n(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				n2l(iv,v0); ti[0]=v0;

-				n2l(iv,v1); ti[1]=v1;

-				BF_encrypt((BF_LONG *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2n(t,iv);

-				t=ti[1]; l2n(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=t=c=cc=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_ecb.c

+++ /dev/null

@@ -1,96 +1,0 @@

-/* crypto/bf/bf_ecb.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/blowfish.h>

-#include "bf_locl.h"

-#include <openssl/opensslv.h>

-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'

- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,

- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)

- */

-const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;

-const char *BF_options(void)

-	{

-#ifdef BF_PTR

-	return("blowfish(ptr)");

-#elif defined(BF_PTR2)

-	return("blowfish(ptr2)");

-#else

-	return("blowfish(idx)");

-#endif

-	}

-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	     const BF_KEY *key, int encrypt)

-	{

-	BF_LONG l,d[2];

-	n2l(in,l); d[0]=l;

-	n2l(in,l); d[1]=l;

-	if (encrypt)

-		BF_encrypt(d,key);

-	else

-		BF_decrypt(d,key);

-	l=d[0]; l2n(l,out);

-	l=d[1]; l2n(l,out);

-	l=d[0]=d[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_enc.c

+++ /dev/null

@@ -1,306 +1,0 @@

-/* crypto/bf/bf_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/blowfish.h>

-#include "bf_locl.h"

-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'

- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,

- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)

- */

-#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)

-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \

-to modify the code.

-#endif

-void BF_encrypt(BF_LONG *data, const BF_KEY *key)

-	{

-#ifndef BF_PTR2

-	register BF_LONG l,r;

-	register const BF_LONG *p,*s;

-	p=key->P;

-	s= &(key->S[0]);

-	l=data[0];

-	r=data[1];

-	l^=p[0];

-	BF_ENC(r,l,s,p[ 1]);

-	BF_ENC(l,r,s,p[ 2]);

-	BF_ENC(r,l,s,p[ 3]);

-	BF_ENC(l,r,s,p[ 4]);

-	BF_ENC(r,l,s,p[ 5]);

-	BF_ENC(l,r,s,p[ 6]);

-	BF_ENC(r,l,s,p[ 7]);

-	BF_ENC(l,r,s,p[ 8]);

-	BF_ENC(r,l,s,p[ 9]);

-	BF_ENC(l,r,s,p[10]);

-	BF_ENC(r,l,s,p[11]);

-	BF_ENC(l,r,s,p[12]);

-	BF_ENC(r,l,s,p[13]);

-	BF_ENC(l,r,s,p[14]);

-	BF_ENC(r,l,s,p[15]);

-	BF_ENC(l,r,s,p[16]);

-#if BF_ROUNDS == 20

-	BF_ENC(r,l,s,p[17]);

-	BF_ENC(l,r,s,p[18]);

-	BF_ENC(r,l,s,p[19]);

-	BF_ENC(l,r,s,p[20]);

-#endif

-	r^=p[BF_ROUNDS+1];

-	data[1]=l&0xffffffffL;

-	data[0]=r&0xffffffffL;

-#else

-	register BF_LONG l,r,t,*k;

-	l=data[0];

-	r=data[1];

-	k=(BF_LONG*)key;

-	l^=k[0];

-	BF_ENC(r,l,k, 1);

-	BF_ENC(l,r,k, 2);

-	BF_ENC(r,l,k, 3);

-	BF_ENC(l,r,k, 4);

-	BF_ENC(r,l,k, 5);

-	BF_ENC(l,r,k, 6);

-	BF_ENC(r,l,k, 7);

-	BF_ENC(l,r,k, 8);

-	BF_ENC(r,l,k, 9);

-	BF_ENC(l,r,k,10);

-	BF_ENC(r,l,k,11);

-	BF_ENC(l,r,k,12);

-	BF_ENC(r,l,k,13);

-	BF_ENC(l,r,k,14);

-	BF_ENC(r,l,k,15);

-	BF_ENC(l,r,k,16);

-#if BF_ROUNDS == 20

-	BF_ENC(r,l,k,17);

-	BF_ENC(l,r,k,18);

-	BF_ENC(r,l,k,19);

-	BF_ENC(l,r,k,20);

-#endif

-	r^=k[BF_ROUNDS+1];

-	data[1]=l&0xffffffffL;

-	data[0]=r&0xffffffffL;

-#endif

-	}

-#ifndef BF_DEFAULT_OPTIONS

-void BF_decrypt(BF_LONG *data, const BF_KEY *key)

-	{

-#ifndef BF_PTR2

-	register BF_LONG l,r;

-	register const BF_LONG *p,*s;

-	p=key->P;

-	s= &(key->S[0]);

-	l=data[0];

-	r=data[1];

-	l^=p[BF_ROUNDS+1];

-#if BF_ROUNDS == 20

-	BF_ENC(r,l,s,p[20]);

-	BF_ENC(l,r,s,p[19]);

-	BF_ENC(r,l,s,p[18]);

-	BF_ENC(l,r,s,p[17]);

-#endif

-	BF_ENC(r,l,s,p[16]);

-	BF_ENC(l,r,s,p[15]);

-	BF_ENC(r,l,s,p[14]);

-	BF_ENC(l,r,s,p[13]);

-	BF_ENC(r,l,s,p[12]);

-	BF_ENC(l,r,s,p[11]);

-	BF_ENC(r,l,s,p[10]);

-	BF_ENC(l,r,s,p[ 9]);

-	BF_ENC(r,l,s,p[ 8]);

-	BF_ENC(l,r,s,p[ 7]);

-	BF_ENC(r,l,s,p[ 6]);

-	BF_ENC(l,r,s,p[ 5]);

-	BF_ENC(r,l,s,p[ 4]);

-	BF_ENC(l,r,s,p[ 3]);

-	BF_ENC(r,l,s,p[ 2]);

-	BF_ENC(l,r,s,p[ 1]);

-	r^=p[0];

-	data[1]=l&0xffffffffL;

-	data[0]=r&0xffffffffL;

-#else

-	register BF_LONG l,r,t,*k;

-	l=data[0];

-	r=data[1];

-	k=(BF_LONG *)key;

-	l^=k[BF_ROUNDS+1];

-#if BF_ROUNDS == 20

-	BF_ENC(r,l,k,20);

-	BF_ENC(l,r,k,19);

-	BF_ENC(r,l,k,18);

-	BF_ENC(l,r,k,17);

-#endif

-	BF_ENC(r,l,k,16);

-	BF_ENC(l,r,k,15);

-	BF_ENC(r,l,k,14);

-	BF_ENC(l,r,k,13);

-	BF_ENC(r,l,k,12);

-	BF_ENC(l,r,k,11);

-	BF_ENC(r,l,k,10);

-	BF_ENC(l,r,k, 9);

-	BF_ENC(r,l,k, 8);

-	BF_ENC(l,r,k, 7);

-	BF_ENC(r,l,k, 6);

-	BF_ENC(l,r,k, 5);

-	BF_ENC(r,l,k, 4);

-	BF_ENC(l,r,k, 3);

-	BF_ENC(r,l,k, 2);

-	BF_ENC(l,r,k, 1);

-	r^=k[0];

-	data[1]=l&0xffffffffL;

-	data[0]=r&0xffffffffL;

-#endif

-	}

-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)

-	{

-	register BF_LONG tin0,tin1;

-	register BF_LONG tout0,tout1,xor0,xor1;

-	register long l=length;

-	BF_LONG tin[2];

-	if (encrypt)

-		{

-		n2l(ivec,tout0);

-		n2l(ivec,tout1);

-		ivec-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_encrypt(tin,schedule);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2n(tout0,out);

-			l2n(tout1,out);

-			}

-		if (l != -8)

-			{

-			n2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_encrypt(tin,schedule);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2n(tout0,out);

-			l2n(tout1,out);

-			}

-		l2n(tout0,ivec);

-		l2n(tout1,ivec);

-		}

-	else

-		{

-		n2l(ivec,xor0);

-		n2l(ivec,xor1);

-		ivec-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_decrypt(tin,schedule);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2n(tout0,out);

-			l2n(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin[0]=tin0;

-			tin[1]=tin1;

-			BF_decrypt(tin,schedule);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2nn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		l2n(xor0,ivec);

-		l2n(xor1,ivec);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_locl.h

+++ /dev/null

@@ -1,219 +1,0 @@

-/* crypto/bf/bf_locl.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BF_LOCL_H

-#define HEADER_BF_LOCL_H

-#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */

-#undef c2l

-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \

-			 l|=((unsigned long)(*((c)++)))<< 8L, \

-			 l|=((unsigned long)(*((c)++)))<<16L, \

-			 l|=((unsigned long)(*((c)++)))<<24L)

-/* NOTE - c is not incremented as per c2l */

-#undef c2ln

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \

-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \

-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \

-			case 5: l2|=((unsigned long)(*(--(c))));     \

-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \

-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \

-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \

-			case 1: l1|=((unsigned long)(*(--(c))));     \

-				} \

-			}

-#undef l2c

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

-/* NOTE - c is not incremented as per l2c */

-#undef l2cn

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \

-				} \

-			}

-/* NOTE - c is not incremented as per n2l */

-#define n2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))    ; \

-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \

-			case 4: l1 =((unsigned long)(*(--(c))))    ; \

-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \

-				} \

-			}

-/* NOTE - c is not incremented as per l2n */

-#define l2nn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-				} \

-			}

-#undef n2l

-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \

-                         l|=((unsigned long)(*((c)++)))<<16L, \

-                         l|=((unsigned long)(*((c)++)))<< 8L, \

-                         l|=((unsigned long)(*((c)++))))

-#undef l2n

-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)     )&0xff))

-/* This is actually a big endian algorithm, the most significant byte

- * is used to lookup array 0 */

-#if defined(BF_PTR2)

-/*

- * This is basically a special Intel version. Point is that Intel

- * doesn't have many registers, but offers a reach choice of addressing

- * modes. So we spare some registers by directly traversing BF_KEY

- * structure and hiring the most decorated addressing mode. The code

- * generated by EGCS is *perfectly* competitive with assembler

- * implementation!

- */

-#define BF_ENC(LL,R,KEY,Pi) (\

-	LL^=KEY[Pi], \

-	t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \

-	t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \

-	t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \

-	t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \

-	LL^=t \

-	)

-#elif defined(BF_PTR)

-#ifndef BF_LONG_LOG2

-#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */

-#endif

-#define BF_M  (0xFF<<BF_LONG_LOG2)

-#define BF_0  (24-BF_LONG_LOG2)

-#define BF_1  (16-BF_LONG_LOG2)

-#define BF_2  ( 8-BF_LONG_LOG2)

-#define BF_3  BF_LONG_LOG2 /* left shift */

-/*

- * This is normally very good on RISC platforms where normally you

- * have to explicitly "multiply" array index by sizeof(BF_LONG)

- * in order to calculate the effective address. This implementation

- * excuses CPU from this extra work. Power[PC] uses should have most

- * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely

- * rlwinm. So let'em double-check if their compiler does it.

- */

-#define BF_ENC(LL,R,S,P) ( \

-	LL^=P, \

-	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \

-		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \

-		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \

-		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \

-	)

-#else

-/*

- * This is a *generic* version. Seem to perform best on platforms that

- * offer explicit support for extraction of 8-bit nibbles preferably

- * complemented with "multiplying" of array index by sizeof(BF_LONG).

- * For the moment of this writing the list comprises Alpha CPU featuring

- * extbl and s[48]addq instructions.

- */

-#define BF_ENC(LL,R,S,P) ( \

-	LL^=P, \

-	LL^=(((	S[       ((int)(R>>24)&0xff)] + \

-		S[0x0100+((int)(R>>16)&0xff)])^ \

-		S[0x0200+((int)(R>> 8)&0xff)])+ \

-		S[0x0300+((int)(R    )&0xff)])&0xffffffffL \

-	)

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_ofb64.c

+++ /dev/null

@@ -1,110 +1,0 @@

-/* crypto/bf/bf_ofb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/blowfish.h>

-#include "bf_locl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     const BF_KEY *schedule, unsigned char *ivec, int *num)

-	{

-	register BF_LONG v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned char d[8];

-	register char *dp;

-	BF_LONG ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv=(unsigned char *)ivec;

-	n2l(iv,v0);

-	n2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=(char *)d;

-	l2n(v0,dp);

-	l2n(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			BF_encrypt((BF_LONG *)ti,schedule);

-			dp=(char *)d;

-			t=ti[0]; l2n(t,dp);

-			t=ti[1]; l2n(t,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-		v0=ti[0];

-		v1=ti[1];

-		iv=(unsigned char *)ivec;

-		l2n(v0,iv);

-		l2n(v1,iv);

-		}

-	t=v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_opts.c

+++ /dev/null

@@ -1,331 +1,0 @@

-/* crypto/bf/bf_opts.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.

- * This is for machines with 64k code segment size restrictions. */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/blowfish.h>

-#define BF_DEFAULT_OPTIONS

-#undef BF_ENC

-#define BF_encrypt  BF_encrypt_normal

-#undef HEADER_BF_LOCL_H

-#include "bf_enc.c"

-#define BF_PTR

-#undef BF_PTR2

-#undef BF_ENC

-#undef BF_encrypt

-#define BF_encrypt  BF_encrypt_ptr

-#undef HEADER_BF_LOCL_H

-#include "bf_enc.c"

-#undef BF_PTR

-#define BF_PTR2

-#undef BF_ENC

-#undef BF_encrypt

-#define BF_encrypt  BF_encrypt_ptr2

-#undef HEADER_BF_LOCL_H

-#include "bf_enc.c"

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# ifndef CLK_TCK

-#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */

-#   define HZ	100.0

-#  else /* _BSD_CLK_TCK_ */

-#   define HZ ((double)_BSD_CLK_TCK_)

-#  endif

-# else /* CLK_TCK */

-#  define HZ ((double)CLK_TCK)

-# endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-#ifdef SIGALRM

-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);

-#else

-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);

-#endif

-#define time_it(func,name,index) \

-	print_name(name); \

-	Time_F(START); \

-	for (count=0,run=1; COND(cb); count+=4) \

-		{ \

-		unsigned long d[2]; \

-		func(d,&sch); \

-		func(d,&sch); \

-		func(d,&sch); \

-		func(d,&sch); \

-		} \

-	tm[index]=Time_F(STOP); \

-	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \

-	tm[index]=((double)COUNT(cb))/tm[index];

-#define print_it(name,index) \

-	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \

-		tm[index]*8,1.0e6/tm[index]);

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static char key[16]={	0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-				0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};

-	BF_KEY sch;

-	double d,tm[16],max=0;

-	int rank[16];

-	char *str[16];

-	int max_idx=0,i,num=0,j;

-#ifndef SIGALARM

-	long ca,cb,cc,cd,ce;

-#endif

-	for (i=0; i<12; i++)

-		{

-		tm[i]=0.0;

-		rank[i]=0;

-		}

-#ifndef TIMES

-	fprintf(stderr,"To get the most accurate results, try to run this\n");

-	fprintf(stderr,"program when this computer is idle.\n");

-#endif

-	BF_set_key(&sch,16,key);

-#ifndef SIGALRM

-	fprintf(stderr,"First we calculate the approximate speed ...\n");

-	count=10;

-	do	{

-		long i;

-		unsigned long data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			BF_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count;

-	cb=count*3;

-	cc=count*3*8/BUFSIZE+1;

-	cd=count*8/BUFSIZE+1;

-	ce=count/20+1;

-#define COND(d) (count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c) (run)

-#define COUNT(d) (count)

-        signal(SIGALRM,sig_done);

-        alarm(10);

-#endif

-	time_it(BF_encrypt_normal,	"BF_encrypt_normal ", 0);

-	time_it(BF_encrypt_ptr,		"BF_encrypt_ptr    ", 1);

-	time_it(BF_encrypt_ptr2,	"BF_encrypt_ptr2   ", 2);

-	num+=3;

-	str[0]="<nothing>";

-	print_it("BF_encrypt_normal ",0);

-	max=tm[0];

-	max_idx=0;

-	str[1]="ptr      ";

-	print_it("BF_encrypt_ptr ",1);

-	if (max < tm[1]) { max=tm[1]; max_idx=1; }

-	str[2]="ptr2     ";

-	print_it("BF_encrypt_ptr2 ",2);

-	if (max < tm[2]) { max=tm[2]; max_idx=2; }

-	printf("options    BF ecb/s\n");

-	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);

-	d=tm[max_idx];

-	tm[max_idx]= -2.0;

-	max= -1.0;

-	for (;;)

-		{

-		for (i=0; i<3; i++)

-			{

-			if (max < tm[i]) { max=tm[i]; j=i; }

-			}

-		if (max < 0.0) break;

-		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);

-		tm[j]= -2.0;

-		max= -1.0;

-		}

-	switch (max_idx)

-		{

-	case 0:

-		printf("-DBF_DEFAULT_OPTIONS\n");

-		break;

-	case 1:

-		printf("-DBF_PTR\n");

-		break;

-	case 2:

-		printf("-DBF_PTR2\n");

-		break;

-		}

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_pi.h

+++ /dev/null

@@ -1,325 +1,0 @@

-/* crypto/bf/bf_pi.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-static const BF_KEY bf_init= {

-	{

-	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,

-	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,

-	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,

-	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,

-	0x9216d5d9L, 0x8979fb1b

-	},{

-	0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,

-	0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,

-	0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,

-	0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,

-	0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,

-	0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,

-	0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,

-	0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,

-	0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,

-	0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,

-	0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,

-	0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,

-	0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,

-	0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,

-	0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,

-	0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,

-	0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,

-	0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,

-	0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,

-	0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,

-	0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,

-	0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,

-	0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,

-	0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,

-	0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,

-	0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,

-	0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,

-	0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,

-	0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,

-	0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,

-	0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,

-	0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,

-	0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,

-	0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,

-	0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,

-	0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,

-	0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,

-	0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,

-	0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,

-	0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,

-	0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,

-	0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,

-	0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,

-	0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,

-	0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,

-	0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,

-	0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,

-	0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,

-	0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,

-	0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,

-	0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,

-	0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,

-	0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,

-	0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,

-	0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,

-	0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,

-	0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,

-	0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,

-	0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,

-	0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,

-	0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,

-	0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,

-	0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,

-	0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,

-	0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,

-	0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,

-	0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,

-	0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,

-	0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,

-	0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,

-	0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,

-	0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,

-	0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,

-	0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,

-	0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,

-	0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,

-	0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,

-	0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,

-	0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,

-	0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,

-	0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,

-	0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,

-	0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,

-	0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,

-	0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,

-	0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,

-	0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,

-	0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,

-	0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,

-	0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,

-	0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,

-	0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,

-	0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,

-	0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,

-	0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,

-	0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,

-	0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,

-	0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,

-	0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,

-	0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,

-	0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,

-	0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,

-	0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,

-	0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,

-	0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,

-	0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,

-	0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,

-	0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,

-	0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,

-	0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,

-	0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,

-	0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,

-	0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,

-	0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,

-	0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,

-	0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,

-	0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,

-	0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,

-	0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,

-	0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,

-	0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,

-	0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,

-	0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,

-	0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,

-	0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,

-	0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,

-	0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,

-	0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,

-	0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,

-	0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,

-	0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,

-	0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,

-	0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,

-	0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,

-	0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,

-	0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,

-	0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,

-	0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,

-	0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,

-	0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,

-	0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,

-	0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,

-	0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,

-	0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,

-	0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,

-	0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,

-	0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,

-	0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,

-	0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,

-	0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,

-	0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,

-	0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,

-	0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,

-	0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,

-	0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,

-	0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,

-	0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,

-	0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,

-	0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,

-	0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,

-	0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,

-	0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,

-	0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,

-	0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,

-	0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,

-	0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,

-	0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,

-	0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,

-	0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,

-	0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,

-	0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,

-	0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,

-	0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,

-	0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,

-	0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,

-	0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,

-	0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,

-	0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,

-	0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,

-	0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,

-	0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,

-	0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,

-	0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,

-	0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,

-	0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,

-	0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,

-	0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,

-	0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,

-	0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,

-	0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,

-	0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,

-	0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,

-	0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,

-	0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,

-	0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,

-	0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,

-	0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,

-	0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,

-	0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,

-	0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,

-	0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,

-	0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,

-	0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,

-	0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,

-	0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,

-	0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,

-	0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,

-	0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,

-	0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,

-	0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,

-	0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,

-	0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,

-	0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,

-	0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,

-	0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,

-	0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,

-	0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,

-	0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,

-	0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,

-	0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,

-	0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,

-	0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,

-	0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,

-	0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,

-	0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,

-	0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,

-	0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,

-	0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,

-	0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,

-	0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,

-	0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,

-	0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,

-	0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,

-	0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,

-	0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,

-	0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,

-	0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,

-	0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,

-	0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,

-	0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,

-	0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,

-	0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,

-	0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,

-	0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,

-	0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,

-	0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,

-	0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,

-	0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,

-	0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,

-	0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,

-	0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,

-	0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,

-	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,

-	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,

-	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,

-	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,

-	}

-	};

--- a/sys/src/ape/lib/openssl/crypto/bf/bf_skey.c

+++ /dev/null

@@ -1,116 +1,0 @@

-/* crypto/bf/bf_skey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/blowfish.h>

-#include "bf_locl.h"

-#include "bf_pi.h"

-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)

-	{

-	int i;

-	BF_LONG *p,ri,in[2];

-	const unsigned char *d,*end;

-	memcpy(key,&bf_init,sizeof(BF_KEY));

-	p=key->P;

-	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;

-	d=data;

-	end= &(data[len]);

-	for (i=0; i<(BF_ROUNDS+2); i++)

-		{

-		ri= *(d++);

-		if (d >= end) d=data;

-		ri<<=8;

-		ri|= *(d++);

-		if (d >= end) d=data;

-		ri<<=8;

-		ri|= *(d++);

-		if (d >= end) d=data;

-		ri<<=8;

-		ri|= *(d++);

-		if (d >= end) d=data;

-		p[i]^=ri;

-		}

-	in[0]=0L;

-	in[1]=0L;

-	for (i=0; i<(BF_ROUNDS+2); i+=2)

-		{

-		BF_encrypt(in,key);

-		p[i  ]=in[0];

-		p[i+1]=in[1];

-		}

-	p=key->S;

-	for (i=0; i<4*256; i+=2)

-		{

-		BF_encrypt(in,key);

-		p[i  ]=in[0];

-		p[i+1]=in[1];

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bfs.cpp

+++ /dev/null

@@ -1,67 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/blowfish.h>

-void main(int argc,char *argv[])

-	{

-	BF_KEY key;

-	unsigned long s1,s2,e1,e2;

-	unsigned long data[2];

-	int i,j;

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<1000; i++) /**/

-			{

-			BF_encrypt(&data[0],&key);

-			GetTSC(s1);

-			BF_encrypt(&data[0],&key);

-			BF_encrypt(&data[0],&key);

-			BF_encrypt(&data[0],&key);

-			GetTSC(e1);

-			GetTSC(s2);

-			BF_encrypt(&data[0],&key);

-			BF_encrypt(&data[0],&key);

-			BF_encrypt(&data[0],&key);

-			BF_encrypt(&data[0],&key);

-			GetTSC(e2);

-			BF_encrypt(&data[0],&key);

-			}

-		printf("blowfish %d %d (%d)\n",

-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bfspeed.c

+++ /dev/null

@@ -1,277 +1,0 @@

-/* crypto/bf/bfspeed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/blowfish.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-#ifndef CLK_TCK

-#define HZ	100.0

-#else /* CLK_TCK */

-#define HZ ((double)CLK_TCK)

-#endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static unsigned char key[] ={

-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,

-			};

-	BF_KEY sch;

-	double a,b,c,d;

-#ifndef SIGALRM

-	long ca,cb,cc;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	BF_set_key(&sch,16,key);

-	count=10;

-	do	{

-		long i;

-		BF_LONG data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			BF_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count/512;

-	cb=count;

-	cc=count*8/BUFSIZE+1;

-	printf("Doing BF_set_key %ld times\n",ca);

-#define COND(d)	(count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing BF_set_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count+=4)

-		{

-		BF_set_key(&sch,16,key);

-		BF_set_key(&sch,16,key);

-		BF_set_key(&sch,16,key);

-		BF_set_key(&sch,16,key);

-		}

-	d=Time_F(STOP);

-	printf("%ld BF_set_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing BF_encrypt's for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing BF_encrypt %ld times\n",cb);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cb); count+=4)

-		{

-		BF_LONG data[2];

-		BF_encrypt(data,&sch);

-		BF_encrypt(data,&sch);

-		BF_encrypt(data,&sch);

-		BF_encrypt(data,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld BF_encrypt's in %.2f second\n",count,d);

-	b=((double)COUNT(cb)*8)/d;

-#ifdef SIGALRM

-	printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,

-			&(key[0]),BF_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-	printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);

-	printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);

-	printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/bf/bftest.c

+++ /dev/null

@@ -1,540 +1,0 @@

-/* crypto/bf/bftest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other

- * RC2 modes, more of the code will be uncommented. */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */

-#include "../e_os.h"

-#ifdef OPENSSL_NO_BF

-int main(int argc, char *argv[])

-{

-    printf("No BF support\n");

-    return(0);

-}

-#else

-#include <openssl/blowfish.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-static char *bf_key[2]={

-	"abcdefghijklmnopqrstuvwxyz",

-	"Who is John Galt?"

-	};

-/* big endian */

-static BF_LONG bf_plain[2][2]={

-	{0x424c4f57L,0x46495348L},

-	{0xfedcba98L,0x76543210L}

-	};

-static BF_LONG bf_cipher[2][2]={

-	{0x324ed0feL,0xf413a203L},

-	{0xcc91732bL,0x8022f684L}

-	};

-/************/

-/* Lets use the DES test vectors :-) */

-#define NUM_TESTS 34

-static unsigned char ecb_data[NUM_TESTS][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},

-	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},

-	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},

-	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},

-	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},

-	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},

-	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},

-	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},

-	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},

-	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},

-	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},

-	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},

-	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},

-	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},

-	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},

-	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},

-	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},

-	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},

-	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},

-	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},

-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},

-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},

-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};

-static unsigned char plain_data[NUM_TESTS][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},

-	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},

-	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},

-	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},

-	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},

-	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},

-	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},

-	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},

-	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},

-	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},

-	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},

-	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},

-	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},

-	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},

-	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},

-	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},

-	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},

-	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},

-	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};

-static unsigned char cipher_data[NUM_TESTS][8]={

-	{0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},

-	{0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},

-	{0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},

-	{0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},

-	{0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},

-	{0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},

-	{0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},

-	{0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},

-	{0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},

-	{0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},

-	{0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},

-	{0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},

-	{0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},

-	{0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},

-	{0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},

-	{0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},

-	{0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},

-	{0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},

-	{0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},

-	{0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},

-	{0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},

-	{0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},

-	{0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},

-	{0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},

-	{0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},

-	{0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},

-	{0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},

-	{0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},

-	{0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},

-	{0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},

-	{0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},

-	{0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},

-	{0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},

-	{0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},

-	};

-static unsigned char cbc_key [16]={

-	0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,

-	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};

-static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};

-static char cbc_data[40]="7654321 Now is the time for ";

-static unsigned char cbc_ok[32]={

-	0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,

-	0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,

-	0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,

-	0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};

-static unsigned char cfb64_ok[]={

-	0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,

-	0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,

-	0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,

-	0x51,0x9D,0x57,0xA6,0xC3};

-static unsigned char ofb64_ok[]={

-	0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,

-	0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,

-	0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,

-	0x63,0xC2,0xCF,0x80,0xDA};

-#define KEY_TEST_NUM	25

-static unsigned char key_test[KEY_TEST_NUM]={

-	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,

-	0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,

-	0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,

-	0x88};

-static unsigned char key_data[8]=

-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};

-static unsigned char key_out[KEY_TEST_NUM][8]={

-	{0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},

-	{0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},

-	{0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},

-	{0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},

-	{0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},

-	{0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},

-	{0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},

-	{0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},

-	{0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},

-	{0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},

-	{0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},

-	{0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},

-	{0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},

-	{0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},

-	{0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},

-	{0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},

-	{0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},

-	{0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},

-	{0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},

-	{0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},

-	{0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},

-	{0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},

-	{0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},

-	{0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},

-	};

-static int test(void );

-static int print_test_data(void );

-int main(int argc, char *argv[])

-	{

-	int ret;

-	if (argc > 1)

-		ret=print_test_data();

-	else

-		ret=test();

-#ifdef OPENSSL_SYS_NETWARE

-    if (ret) printf("ERROR: %d\n", ret);

-#endif

-	EXIT(ret);

-	return(0);

-	}

-static int print_test_data(void)

-	{

-	unsigned int i,j;

-	printf("ecb test data\n");

-	printf("key bytes\t\tclear bytes\t\tcipher bytes\n");

-	for (i=0; i<NUM_TESTS; i++)

-		{

-		for (j=0; j<8; j++)

-			printf("%02X",ecb_data[i][j]);

-		printf("\t");

-		for (j=0; j<8; j++)

-			printf("%02X",plain_data[i][j]);

-		printf("\t");

-		for (j=0; j<8; j++)

-			printf("%02X",cipher_data[i][j]);

-		printf("\n");

-		}

-	printf("set_key test data\n");

-	printf("data[8]= ");

-	for (j=0; j<8; j++)

-		printf("%02X",key_data[j]);

-	printf("\n");

-	for (i=0; i<KEY_TEST_NUM-1; i++)

-		{

-		printf("c=");

-		for (j=0; j<8; j++)

-			printf("%02X",key_out[i][j]);

-		printf(" k[%2u]=",i+1);

-		for (j=0; j<i+1; j++)

-			printf("%02X",key_test[j]);

-		printf("\n");

-		}

-	printf("\nchaining mode test data\n");

-	printf("key[16]   = ");

-	for (j=0; j<16; j++)

-		printf("%02X",cbc_key[j]);

-	printf("\niv[8]     = ");

-	for (j=0; j<8; j++)

-		printf("%02X",cbc_iv[j]);

-	printf("\ndata[%d]  = '%s'",(int)strlen(cbc_data)+1,cbc_data);

-	printf("\ndata[%d]  = ",(int)strlen(cbc_data)+1);

-	for (j=0; j<strlen(cbc_data)+1; j++)

-		printf("%02X",cbc_data[j]);

-	printf("\n");

-	printf("cbc cipher text\n");

-	printf("cipher[%d]= ",32);

-	for (j=0; j<32; j++)

-		printf("%02X",cbc_ok[j]);

-	printf("\n");

-	printf("cfb64 cipher text\n");

-	printf("cipher[%d]= ",(int)strlen(cbc_data)+1);

-	for (j=0; j<strlen(cbc_data)+1; j++)

-		printf("%02X",cfb64_ok[j]);

-	printf("\n");

-	printf("ofb64 cipher text\n");

-	printf("cipher[%d]= ",(int)strlen(cbc_data)+1);

-	for (j=0; j<strlen(cbc_data)+1; j++)

-		printf("%02X",ofb64_ok[j]);

-	printf("\n");

-	return(0);

-	}

-static int test(void)

-	{

-	unsigned char cbc_in[40],cbc_out[40],iv[8];

-	int i,n,err=0;

-	BF_KEY key;

-	BF_LONG data[2];

-	unsigned char out[8];

-	BF_LONG len;

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));

-#endif

-	printf("testing blowfish in raw ecb mode\n");

-	for (n=0; n<2; n++)

-		{

-#ifdef CHARSET_EBCDIC

-		ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));

-#endif

-		BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);

-		data[0]=bf_plain[n][0];

-		data[1]=bf_plain[n][1];

-		BF_encrypt(data,&key);

-		if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)

-			{

-			printf("BF_encrypt error encrypting\n");

-			printf("got     :");

-			for (i=0; i<2; i++)

-				printf("%08lX ",(unsigned long)data[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<2; i++)

-				printf("%08lX ",(unsigned long)bf_cipher[n][i]);

-			err=1;

-			printf("\n");

-			}

-		BF_decrypt(&(data[0]),&key);

-		if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)

-			{

-			printf("BF_encrypt error decrypting\n");

-			printf("got     :");

-			for (i=0; i<2; i++)

-				printf("%08lX ",(unsigned long)data[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<2; i++)

-				printf("%08lX ",(unsigned long)bf_plain[n][i]);

-			printf("\n");

-			err=1;

-			}

-		}

-	printf("testing blowfish in ecb mode\n");

-	for (n=0; n<NUM_TESTS; n++)

-		{

-		BF_set_key(&key,8,ecb_data[n]);

-		BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);

-		if (memcmp(&(cipher_data[n][0]),out,8) != 0)

-			{

-			printf("BF_ecb_encrypt blowfish error encrypting\n");

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",out[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",cipher_data[n][i]);

-			err=1;

-			printf("\n");

-			}

-		BF_ecb_encrypt(out,out,&key,BF_DECRYPT);

-		if (memcmp(&(plain_data[n][0]),out,8) != 0)

-			{

-			printf("BF_ecb_encrypt error decrypting\n");

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",out[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",plain_data[n][i]);

-			printf("\n");

-			err=1;

-			}

-		}

-	printf("testing blowfish set_key\n");

-	for (n=1; n<KEY_TEST_NUM; n++)

-		{

-		BF_set_key(&key,n,key_test);

-		BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);

-		/* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */

-		if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)

-			{

-			printf("blowfish setkey error\n");

-			err=1;

-			}

-		}

-	printf("testing blowfish in cbc mode\n");

-	len=strlen(cbc_data)+1;

-	BF_set_key(&key,16,cbc_key);

-	memset(cbc_in,0,sizeof cbc_in);

-	memset(cbc_out,0,sizeof cbc_out);

-	memcpy(iv,cbc_iv,sizeof iv);

-	BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,

-		&key,iv,BF_ENCRYPT);

-	if (memcmp(cbc_out,cbc_ok,32) != 0)

-		{

-		err=1;

-		printf("BF_cbc_encrypt encrypt error\n");

-		for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);

-		}

-	memcpy(iv,cbc_iv,8);

-	BF_cbc_encrypt(cbc_out,cbc_in,len,

-		&key,iv,BF_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)

-		{

-		printf("BF_cbc_encrypt decrypt error\n");

-		err=1;

-		}

-	printf("testing blowfish in cfb64 mode\n");

-	BF_set_key(&key,16,cbc_key);

-	memset(cbc_in,0,40);

-	memset(cbc_out,0,40);

-	memcpy(iv,cbc_iv,8);

-	n=0;

-	BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,

-		&key,iv,&n,BF_ENCRYPT);

-	BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,

-		&key,iv,&n,BF_ENCRYPT);

-	if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)

-		{

-		err=1;

-		printf("BF_cfb64_encrypt encrypt error\n");

-		for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);

-		}

-	n=0;

-	memcpy(iv,cbc_iv,8);

-	BF_cfb64_encrypt(cbc_out,cbc_in,17,

-		&key,iv,&n,BF_DECRYPT);

-	BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,

-		&key,iv,&n,BF_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,(int)len) != 0)

-		{

-		printf("BF_cfb64_encrypt decrypt error\n");

-		err=1;

-		}

-	printf("testing blowfish in ofb64\n");

-	BF_set_key(&key,16,cbc_key);

-	memset(cbc_in,0,40);

-	memset(cbc_out,0,40);

-	memcpy(iv,cbc_iv,8);

-	n=0;

-	BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);

-	BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),

-		&(cbc_out[13]),len-13,&key,iv,&n);

-	if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)

-		{

-		err=1;

-		printf("BF_ofb64_encrypt encrypt error\n");

-		for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);

-		}

-	n=0;

-	memcpy(iv,cbc_iv,8);

-	BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);

-	BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);

-	if (memcmp(cbc_in,cbc_data,(int)len) != 0)

-		{

-		printf("BF_ofb64_encrypt decrypt error\n");

-		err=1;

-		}

-	return(err);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bf/blowfish.h

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/bf/blowfish.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BLOWFISH_H

-#define HEADER_BLOWFISH_H

-#include <openssl/e_os2.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_BF

-#error BF is disabled.

-#endif

-#define BF_ENCRYPT	1

-#define BF_DECRYPT	0

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! BF_LONG_LOG2 has to be defined along.                        !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define BF_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define BF_LONG unsigned long

-#define BF_LONG_LOG2 3

-/*

- * _CRAY note. I could declare short, but I have no idea what impact

- * does it have on performance on none-T3E machines. I could declare

- * int, but at least on C90 sizeof(int) can be chosen at compile time.

- * So I've chosen long...

- *					<[email protected]>

- */

-#else

-#define BF_LONG unsigned int

-#endif

-#define BF_ROUNDS	16

-#define BF_BLOCK	8

-typedef struct bf_key_st

-	{

-	BF_LONG P[BF_ROUNDS+2];

-	BF_LONG S[4*256];

-	} BF_KEY;

-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);

-void BF_encrypt(BF_LONG *data,const BF_KEY *key);

-void BF_decrypt(BF_LONG *data,const BF_KEY *key);

-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const BF_KEY *key, int enc);

-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	const BF_KEY *schedule, unsigned char *ivec, int enc);

-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,

-	const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);

-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,

-	const BF_KEY *schedule, unsigned char *ivec, int *num);

-const char *BF_options(void);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bio/Makefile

+++ /dev/null

@@ -1,221 +1,0 @@

-#

-# OpenSSL/crypto/bio/Makefile

-#

-DIR=	bio

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= bio_lib.c bio_cb.c bio_err.c \

-	bss_mem.c bss_null.c bss_fd.c \

-	bss_file.c bss_sock.c bss_conn.c \

-	bf_null.c bf_buff.c b_print.c b_dump.c \

-	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \

-	bss_dgram.c

-#	bf_lbuf.c

-LIBOBJ= bio_lib.o bio_cb.o bio_err.o \

-	bss_mem.o bss_null.o bss_fd.o \

-	bss_file.o bss_sock.o bss_conn.o \

-	bf_null.o bf_buff.o b_print.o b_dump.o \

-	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o \

-	bss_dgram.o

-#	bf_lbuf.o

-SRC= $(LIBSRC)

-EXHEADER= bio.h

-HEADER=	bio_lcl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-b_dump.o: ../../e_os.h ../../include/openssl/bio.h

-b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h

-b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c

-b_sock.o: ../../e_os.h ../../include/openssl/bio.h

-b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c

-bf_buff.o: ../../e_os.h ../../include/openssl/bio.h

-bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_buff.c

-bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h

-bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bf_nbio.o: ../cryptlib.h bf_nbio.c

-bf_null.o: ../../e_os.h ../../include/openssl/bio.h

-bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_null.c

-bio_cb.o: ../../e_os.h ../../include/openssl/bio.h

-bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bio_cb.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_cb.c

-bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bio_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bio_err.o: ../../include/openssl/symhacks.h bio_err.c

-bio_lib.o: ../../e_os.h ../../include/openssl/bio.h

-bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bio_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lib.c

-bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h

-bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_acpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_acpt.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_acpt.c

-bss_bio.o: ../../e_os.h ../../include/openssl/bio.h

-bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-bss_bio.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-bss_bio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bss_bio.o: bss_bio.c

-bss_conn.o: ../../e_os.h ../../include/openssl/bio.h

-bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_conn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_conn.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_conn.c

-bss_dgram.o: ../../e_os.h ../../include/openssl/bio.h

-bss_dgram.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_dgram.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_dgram.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_dgram.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_dgram.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_dgram.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_dgram.c

-bss_fd.o: ../../e_os.h ../../include/openssl/bio.h

-bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c

-bss_file.o: ../../e_os.h ../../include/openssl/bio.h

-bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c

-bss_log.o: ../../e_os.h ../../include/openssl/bio.h

-bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_log.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_log.c

-bss_mem.o: ../../e_os.h ../../include/openssl/bio.h

-bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_mem.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_mem.c

-bss_null.o: ../../e_os.h ../../include/openssl/bio.h

-bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_null.c

-bss_sock.o: ../../e_os.h ../../include/openssl/bio.h

-bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bss_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bss_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_sock.c

--- a/sys/src/ape/lib/openssl/crypto/bio/b_dump.c

+++ /dev/null

@@ -1,187 +1,0 @@

-/* crypto/bio/b_dump.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*

- * Stolen from tjh's ssl/ssl_trc.c stuff.

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bio_lcl.h"

-#define TRUNCATE

-#define DUMP_WIDTH	16

-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))

-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),

-	void *u, const char *s, int len)

-	{

-	return BIO_dump_indent_cb(cb, u, s, len, 0);

-	}

-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),

-	void *u, const char *s, int len, int indent)

-	{

-	int ret=0;

-	char buf[288+1],tmp[20],str[128+1];

-	int i,j,rows,trc;

-	unsigned char ch;

-	int dump_width;

-	trc=0;

-#ifdef TRUNCATE

-	for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)

-		trc++;

-#endif

-	if (indent < 0)

-		indent = 0;

-	if (indent)

-		{

-		if (indent > 128) indent=128;

-		memset(str,' ',indent);

-		}

-	str[indent]='\0';

-	dump_width=DUMP_WIDTH_LESS_INDENT(indent);

-	rows=(len/dump_width);

-	if ((rows*dump_width)<len)

-		rows++;

-	for(i=0;i<rows;i++)

-		{

-		buf[0]='\0';	/* start with empty string */

-		BUF_strlcpy(buf,str,sizeof buf);

-		BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);

-		BUF_strlcat(buf,tmp,sizeof buf);

-		for(j=0;j<dump_width;j++)

-			{

-			if (((i*dump_width)+j)>=len)

-				{

-				BUF_strlcat(buf,"   ",sizeof buf);

-				}

-			else

-				{

-				ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;

-				BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,

-					j==7?'-':' ');

-				BUF_strlcat(buf,tmp,sizeof buf);

-				}

-			}

-		BUF_strlcat(buf,"  ",sizeof buf);

-		for(j=0;j<dump_width;j++)

-			{

-			if (((i*dump_width)+j)>=len)

-				break;

-			ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;

-#ifndef CHARSET_EBCDIC

-			BIO_snprintf(tmp,sizeof tmp,"%c",

-				((ch>=' ')&&(ch<='~'))?ch:'.');

-#else

-			BIO_snprintf(tmp,sizeof tmp,"%c",

-				((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))

-				? os_toebcdic[ch]

-				: '.');

-#endif

-			BUF_strlcat(buf,tmp,sizeof buf);

-			}

-		BUF_strlcat(buf,"\n",sizeof buf);

-		/* if this is the last call then update the ddt_dump thing so

-		 * that we will move the selection point in the debug window

-		 */

-		ret+=cb((void *)buf,strlen(buf),u);

-		}

-#ifdef TRUNCATE

-	if (trc > 0)

-		{

-		BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,

-			len+trc);

-		ret+=cb((void *)buf,strlen(buf),u);

-		}

-#endif

-	return(ret);

-	}

-#ifndef OPENSSL_NO_FP_API

-static int write_fp(const void *data, size_t len, void *fp)

-	{

-	return UP_fwrite(data, len, 1, fp);

-	}

-int BIO_dump_fp(FILE *fp, const char *s, int len)

-	{

-	return BIO_dump_cb(write_fp, fp, s, len);

-	}

-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)

-	{

-	return BIO_dump_indent_cb(write_fp, fp, s, len, indent);

-	}

-#endif

-static int write_bio(const void *data, size_t len, void *bp)

-	{

-	return BIO_write((BIO *)bp, (const char *)data, len);

-	}

-int BIO_dump(BIO *bp, const char *s, int len)

-	{

-	return BIO_dump_cb(write_bio, bp, s, len);

-	}

-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)

-	{

-	return BIO_dump_indent_cb(write_bio, bp, s, len, indent);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/b_print.c

+++ /dev/null

@@ -1,842 +1,0 @@

-/* crypto/bio/b_print.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* disable assert() unless BIO_DEBUG has been defined */

-#ifndef BIO_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-/*

- * Stolen from tjh's ssl/ssl_trc.c stuff.

- */

-#include <stdio.h>

-#include <string.h>

-#include <ctype.h>

-#include <assert.h>

-#include <limits.h>

-#include "cryptlib.h"

-#ifndef NO_SYS_TYPES_H

-#include <sys/types.h>

-#endif

-#include <openssl/bn.h>         /* To get BN_LLONG properly defined */

-#include <openssl/bio.h>

-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)

-# ifndef HAVE_LONG_LONG

-#  define HAVE_LONG_LONG 1

-# endif

-#endif

-/***************************************************************************/

-/*

- * Copyright Patrick Powell 1995

- * This code is based on code written by Patrick Powell <[email protected]>

- * It may be used for any purpose as long as this notice remains intact

- * on all source code distributions.

- */

-/*

- * This code contains numerious changes and enhancements which were

- * made by lots of contributors over the last years to Patrick Powell's

- * original code:

- *

- * o Patrick Powell <[email protected]>      (1995)

- * o Brandon Long <[email protected]>          (1996, for Mutt)

- * o Thomas Roessler <[email protected]>        (1998, for Mutt)

- * o Michael Elkins <[email protected]>            (1998, for Mutt)

- * o Andrew Tridgell <[email protected]>        (1998, for Samba)

- * o Luke Mewburn <[email protected]>           (1999, for LukemFTP)

- * o Ralf S. Engelschall <[email protected]> (1999, for Pth)

- * o ...                                       (for OpenSSL)

- */

-#ifdef HAVE_LONG_DOUBLE

-#define LDOUBLE long double

-#else

-#define LDOUBLE double

-#endif

-#if HAVE_LONG_LONG

-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)

-# define LLONG __int64

-# else

-# define LLONG long long

-# endif

-#else

-#define LLONG long

-#endif

-static void fmtstr     (char **, char **, size_t *, size_t *,

-			const char *, int, int, int);

-static void fmtint     (char **, char **, size_t *, size_t *,

-			LLONG, int, int, int, int);

-static void fmtfp      (char **, char **, size_t *, size_t *,

-			LDOUBLE, int, int, int);

-static void doapr_outch (char **, char **, size_t *, size_t *, int);

-static void _dopr(char **sbuffer, char **buffer,

-		  size_t *maxlen, size_t *retlen, int *truncated,

-		  const char *format, va_list args);

-/* format read states */

-#define DP_S_DEFAULT    0

-#define DP_S_FLAGS      1

-#define DP_S_MIN        2

-#define DP_S_DOT        3

-#define DP_S_MAX        4

-#define DP_S_MOD        5

-#define DP_S_CONV       6

-#define DP_S_DONE       7

-/* format flags - Bits */

-#define DP_F_MINUS      (1 << 0)

-#define DP_F_PLUS       (1 << 1)

-#define DP_F_SPACE      (1 << 2)

-#define DP_F_NUM        (1 << 3)

-#define DP_F_ZERO       (1 << 4)

-#define DP_F_UP         (1 << 5)

-#define DP_F_UNSIGNED   (1 << 6)

-/* conversion flags */

-#define DP_C_SHORT      1

-#define DP_C_LONG       2

-#define DP_C_LDOUBLE    3

-#define DP_C_LLONG      4

-/* some handy macros */

-#define char_to_int(p) (p - '0')

-#define OSSL_MAX(p,q) ((p >= q) ? p : q)

-static void

-_dopr(

-    char **sbuffer,

-    char **buffer,

-    size_t *maxlen,

-    size_t *retlen,

-    int *truncated,

-    const char *format,

-    va_list args)

-{

-    char ch;

-    LLONG value;

-    LDOUBLE fvalue;

-    char *strvalue;

-    int min;

-    int max;

-    int state;

-    int flags;

-    int cflags;

-    size_t currlen;

-    state = DP_S_DEFAULT;

-    flags = currlen = cflags = min = 0;

-    max = -1;

-    ch = *format++;

-    while (state != DP_S_DONE) {

-        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))

-            state = DP_S_DONE;

-        switch (state) {

-        case DP_S_DEFAULT:

-            if (ch == '%')

-                state = DP_S_FLAGS;

-            else

-                doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);

-            ch = *format++;

-            break;

-        case DP_S_FLAGS:

-            switch (ch) {

-            case '-':

-                flags |= DP_F_MINUS;

-                ch = *format++;

-                break;

-            case '+':

-                flags |= DP_F_PLUS;

-                ch = *format++;

-                break;

-            case ' ':

-                flags |= DP_F_SPACE;

-                ch = *format++;

-                break;

-            case '#':

-                flags |= DP_F_NUM;

-                ch = *format++;

-                break;

-            case '0':

-                flags |= DP_F_ZERO;

-                ch = *format++;

-                break;

-            default:

-                state = DP_S_MIN;

-                break;

-            }

-            break;

-        case DP_S_MIN:

-            if (isdigit((unsigned char)ch)) {

-                min = 10 * min + char_to_int(ch);

-                ch = *format++;

-            } else if (ch == '*') {

-                min = va_arg(args, int);

-                ch = *format++;

-                state = DP_S_DOT;

-            } else

-                state = DP_S_DOT;

-            break;

-        case DP_S_DOT:

-            if (ch == '.') {

-                state = DP_S_MAX;

-                ch = *format++;

-            } else

-                state = DP_S_MOD;

-            break;

-        case DP_S_MAX:

-            if (isdigit((unsigned char)ch)) {

-                if (max < 0)

-                    max = 0;

-                max = 10 * max + char_to_int(ch);

-                ch = *format++;

-            } else if (ch == '*') {

-                max = va_arg(args, int);

-                ch = *format++;

-                state = DP_S_MOD;

-            } else

-                state = DP_S_MOD;

-            break;

-        case DP_S_MOD:

-            switch (ch) {

-            case 'h':

-                cflags = DP_C_SHORT;

-                ch = *format++;

-                break;

-            case 'l':

-                if (*format == 'l') {

-                    cflags = DP_C_LLONG;

-                    format++;

-                } else

-                    cflags = DP_C_LONG;

-                ch = *format++;

-                break;

-            case 'q':

-                cflags = DP_C_LLONG;

-                ch = *format++;

-                break;

-            case 'L':

-                cflags = DP_C_LDOUBLE;

-                ch = *format++;

-                break;

-            default:

-                break;

-            }

-            state = DP_S_CONV;

-            break;

-        case DP_S_CONV:

-            switch (ch) {

-            case 'd':

-            case 'i':

-                switch (cflags) {

-                case DP_C_SHORT:

-                    value = (short int)va_arg(args, int);

-                    break;

-                case DP_C_LONG:

-                    value = va_arg(args, long int);

-                    break;

-                case DP_C_LLONG:

-                    value = va_arg(args, LLONG);

-                    break;

-                default:

-                    value = va_arg(args, int);

-                    break;

-                }

-                fmtint(sbuffer, buffer, &currlen, maxlen,

-                       value, 10, min, max, flags);

-                break;

-            case 'X':

-                flags |= DP_F_UP;

-                /* FALLTHROUGH */

-            case 'x':

-            case 'o':

-            case 'u':

-                flags |= DP_F_UNSIGNED;

-                switch (cflags) {

-                case DP_C_SHORT:

-                    value = (unsigned short int)va_arg(args, unsigned int);

-                    break;

-                case DP_C_LONG:

-                    value = (LLONG) va_arg(args,

-                        unsigned long int);

-                    break;

-                case DP_C_LLONG:

-                    value = va_arg(args, unsigned LLONG);

-                    break;

-                default:

-                    value = (LLONG) va_arg(args,

-                        unsigned int);

-                    break;

-                }

-                fmtint(sbuffer, buffer, &currlen, maxlen, value,

-                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),

-                       min, max, flags);

-                break;

-            case 'f':

-                if (cflags == DP_C_LDOUBLE)

-                    fvalue = va_arg(args, LDOUBLE);

-                else

-                    fvalue = va_arg(args, double);

-                fmtfp(sbuffer, buffer, &currlen, maxlen,

-                      fvalue, min, max, flags);

-                break;

-            case 'E':

-                flags |= DP_F_UP;

-            case 'e':

-                if (cflags == DP_C_LDOUBLE)

-                    fvalue = va_arg(args, LDOUBLE);

-                else

-                    fvalue = va_arg(args, double);

-                break;

-            case 'G':

-                flags |= DP_F_UP;

-            case 'g':

-                if (cflags == DP_C_LDOUBLE)

-                    fvalue = va_arg(args, LDOUBLE);

-                else

-                    fvalue = va_arg(args, double);

-                break;

-            case 'c':

-                doapr_outch(sbuffer, buffer, &currlen, maxlen,

-                    va_arg(args, int));

-                break;

-            case 's':

-                strvalue = va_arg(args, char *);

-                if (max < 0) {

-		    if (buffer)

-			max = INT_MAX;

-		    else

-			max = *maxlen;

-		}

-                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,

-                       flags, min, max);

-                break;

-            case 'p':

-                value = (long)va_arg(args, void *);

-                fmtint(sbuffer, buffer, &currlen, maxlen,

-                    value, 16, min, max, flags|DP_F_NUM);

-                break;

-            case 'n': /* XXX */

-                if (cflags == DP_C_SHORT) {

-                    short int *num;

-                    num = va_arg(args, short int *);

-                    *num = currlen;

-                } else if (cflags == DP_C_LONG) { /* XXX */

-                    long int *num;

-                    num = va_arg(args, long int *);

-                    *num = (long int) currlen;

-                } else if (cflags == DP_C_LLONG) { /* XXX */

-                    LLONG *num;

-                    num = va_arg(args, LLONG *);

-                    *num = (LLONG) currlen;

-                } else {

-                    int    *num;

-                    num = va_arg(args, int *);

-                    *num = currlen;

-                }

-                break;

-            case '%':

-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);

-                break;

-            case 'w':

-                /* not supported yet, treat as next char */

-                ch = *format++;

-                break;

-            default:

-                /* unknown, skip */

-                break;

-            }

-            ch = *format++;

-            state = DP_S_DEFAULT;

-            flags = cflags = min = 0;

-            max = -1;

-            break;

-        case DP_S_DONE:

-            break;

-        default:

-            break;

-        }

-    }

-    *truncated = (currlen > *maxlen - 1);

-    if (*truncated)

-        currlen = *maxlen - 1;

-    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');

-    *retlen = currlen - 1;

-    return;

-}

-static void

-fmtstr(

-    char **sbuffer,

-    char **buffer,

-    size_t *currlen,

-    size_t *maxlen,

-    const char *value,

-    int flags,

-    int min,

-    int max)

-{

-    int padlen, strln;

-    int cnt = 0;

-    if (value == 0)

-        value = "<NULL>";

-    for (strln = 0; value[strln]; ++strln)

-        ;

-    padlen = min - strln;

-    if (padlen < 0)

-        padlen = 0;

-    if (flags & DP_F_MINUS)

-        padlen = -padlen;

-    while ((padlen > 0) && (cnt < max)) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');

-        --padlen;

-        ++cnt;

-    }

-    while (*value && (cnt < max)) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);

-        ++cnt;

-    }

-    while ((padlen < 0) && (cnt < max)) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');

-        ++padlen;

-        ++cnt;

-    }

-}

-static void

-fmtint(

-    char **sbuffer,

-    char **buffer,

-    size_t *currlen,

-    size_t *maxlen,

-    LLONG value,

-    int base,

-    int min,

-    int max,

-    int flags)

-{

-    int signvalue = 0;

-    const char *prefix = "";

-    unsigned LLONG uvalue;

-    char convert[DECIMAL_SIZE(value)+3];

-    int place = 0;

-    int spadlen = 0;

-    int zpadlen = 0;

-    int caps = 0;

-    if (max < 0)

-        max = 0;

-    uvalue = value;

-    if (!(flags & DP_F_UNSIGNED)) {

-        if (value < 0) {

-            signvalue = '-';

-            uvalue = -value;

-        } else if (flags & DP_F_PLUS)

-            signvalue = '+';

-        else if (flags & DP_F_SPACE)

-            signvalue = ' ';

-    }

-    if (flags & DP_F_NUM) {

-	if (base == 8) prefix = "0";

-	if (base == 16) prefix = "0x";

-    }

-    if (flags & DP_F_UP)

-        caps = 1;

-    do {

-        convert[place++] =

-            (caps ? "0123456789ABCDEF" : "0123456789abcdef")

-            [uvalue % (unsigned) base];

-        uvalue = (uvalue / (unsigned) base);

-    } while (uvalue && (place < (int)sizeof(convert)));

-    if (place == sizeof(convert))

-        place--;

-    convert[place] = 0;

-    zpadlen = max - place;

-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);

-    if (zpadlen < 0)

-        zpadlen = 0;

-    if (spadlen < 0)

-        spadlen = 0;

-    if (flags & DP_F_ZERO) {

-        zpadlen = OSSL_MAX(zpadlen, spadlen);

-        spadlen = 0;

-    }

-    if (flags & DP_F_MINUS)

-        spadlen = -spadlen;

-    /* spaces */

-    while (spadlen > 0) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');

-        --spadlen;

-    }

-    /* sign */

-    if (signvalue)

-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);

-    /* prefix */

-    while (*prefix) {

-	doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);

-	prefix++;

-    }

-    /* zeros */

-    if (zpadlen > 0) {

-        while (zpadlen > 0) {

-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');

-            --zpadlen;

-        }

-    }

-    /* digits */

-    while (place > 0)

-        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);

-    /* left justified spaces */

-    while (spadlen < 0) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');

-        ++spadlen;

-    }

-    return;

-}

-static LDOUBLE

-abs_val(LDOUBLE value)

-{

-    LDOUBLE result = value;

-    if (value < 0)

-        result = -value;

-    return result;

-}

-static LDOUBLE

-pow_10(int in_exp)

-{

-    LDOUBLE result = 1;

-    while (in_exp) {

-        result *= 10;

-        in_exp--;

-    }

-    return result;

-}

-static long

-roundv(LDOUBLE value)

-{

-    long intpart;

-    intpart = (long) value;

-    value = value - intpart;

-    if (value >= 0.5)

-        intpart++;

-    return intpart;

-}

-static void

-fmtfp(

-    char **sbuffer,

-    char **buffer,

-    size_t *currlen,

-    size_t *maxlen,

-    LDOUBLE fvalue,

-    int min,

-    int max,

-    int flags)

-{

-    int signvalue = 0;

-    LDOUBLE ufvalue;

-    char iconvert[20];

-    char fconvert[20];

-    int iplace = 0;

-    int fplace = 0;

-    int padlen = 0;

-    int zpadlen = 0;

-    int caps = 0;

-    long intpart;

-    long fracpart;

-    long max10;

-    if (max < 0)

-        max = 6;

-    ufvalue = abs_val(fvalue);

-    if (fvalue < 0)

-        signvalue = '-';

-    else if (flags & DP_F_PLUS)

-        signvalue = '+';

-    else if (flags & DP_F_SPACE)

-        signvalue = ' ';

-    intpart = (long)ufvalue;

-    /* sorry, we only support 9 digits past the decimal because of our

-       conversion method */

-    if (max > 9)

-        max = 9;

-    /* we "cheat" by converting the fractional part to integer by

-       multiplying by a factor of 10 */

-    max10 = roundv(pow_10(max));

-    fracpart = roundv(pow_10(max) * (ufvalue - intpart));

-    if (fracpart >= max10) {

-        intpart++;

-        fracpart -= max10;

-    }

-    /* convert integer part */

-    do {

-        iconvert[iplace++] =

-            (caps ? "0123456789ABCDEF"

-              : "0123456789abcdef")[intpart % 10];

-        intpart = (intpart / 10);

-    } while (intpart && (iplace < (int)sizeof(iconvert)));

-    if (iplace == sizeof iconvert)

-        iplace--;

-    iconvert[iplace] = 0;

-    /* convert fractional part */

-    do {

-        fconvert[fplace++] =

-            (caps ? "0123456789ABCDEF"

-              : "0123456789abcdef")[fracpart % 10];

-        fracpart = (fracpart / 10);

-    } while (fplace < max);

-    if (fplace == sizeof fconvert)

-        fplace--;

-    fconvert[fplace] = 0;

-    /* -1 for decimal point, another -1 if we are printing a sign */

-    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);

-    zpadlen = max - fplace;

-    if (zpadlen < 0)

-        zpadlen = 0;

-    if (padlen < 0)

-        padlen = 0;

-    if (flags & DP_F_MINUS)

-        padlen = -padlen;

-    if ((flags & DP_F_ZERO) && (padlen > 0)) {

-        if (signvalue) {

-            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);

-            --padlen;

-            signvalue = 0;

-        }

-        while (padlen > 0) {

-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');

-            --padlen;

-        }

-    }

-    while (padlen > 0) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');

-        --padlen;

-    }

-    if (signvalue)

-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);

-    while (iplace > 0)

-        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);

-    /*

-     * Decimal point. This should probably use locale to find the correct

-     * char to print out.

-     */

-    if (max > 0 || (flags & DP_F_NUM)) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');

-        while (fplace > 0)

-            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);

-    }

-    while (zpadlen > 0) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');

-        --zpadlen;

-    }

-    while (padlen < 0) {

-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');

-        ++padlen;

-    }

-}

-static void

-doapr_outch(

-    char **sbuffer,

-    char **buffer,

-    size_t *currlen,

-    size_t *maxlen,

-    int c)

-{

-    /* If we haven't at least one buffer, someone has doe a big booboo */

-    assert(*sbuffer != NULL || buffer != NULL);

-    if (buffer) {

-	while (*currlen >= *maxlen) {

-	    if (*buffer == NULL) {

-		if (*maxlen == 0)

-		    *maxlen = 1024;

-		*buffer = OPENSSL_malloc(*maxlen);

-		if (*currlen > 0) {

-		    assert(*sbuffer != NULL);

-		    memcpy(*buffer, *sbuffer, *currlen);

-		}

-		*sbuffer = NULL;

-	    } else {

-		*maxlen += 1024;

-		*buffer = OPENSSL_realloc(*buffer, *maxlen);

-	    }

-	}

-	/* What to do if *buffer is NULL? */

-	assert(*sbuffer != NULL || *buffer != NULL);

-    }

-    if (*currlen < *maxlen) {

-	if (*sbuffer)

-	    (*sbuffer)[(*currlen)++] = (char)c;

-	else

-	    (*buffer)[(*currlen)++] = (char)c;

-    }

-    return;

-}

-/***************************************************************************/

-int BIO_printf (BIO *bio, const char *format, ...)

-	{

-	va_list args;

-	int ret;

-	va_start(args, format);

-	ret = BIO_vprintf(bio, format, args);

-	va_end(args);

-	return(ret);

-	}

-int BIO_vprintf (BIO *bio, const char *format, va_list args)

-	{

-	int ret;

-	size_t retlen;

-	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable

-				   in small-stack environments, like threads

-				   or DOS programs. */

-	char *hugebufp = hugebuf;

-	size_t hugebufsize = sizeof(hugebuf);

-	char *dynbuf = NULL;

-	int ignored;

-	dynbuf = NULL;

-	CRYPTO_push_info("doapr()");

-	_dopr(&hugebufp, &dynbuf, &hugebufsize,

-		&retlen, &ignored, format, args);

-	if (dynbuf)

-		{

-		ret=BIO_write(bio, dynbuf, (int)retlen);

-		OPENSSL_free(dynbuf);

-		}

-	else

-		{

-		ret=BIO_write(bio, hugebuf, (int)retlen);

-		}

-	CRYPTO_pop_info();

-	return(ret);

-	}

-/* As snprintf is not available everywhere, we provide our own implementation.

- * This function has nothing to do with BIOs, but it's closely related

- * to BIO_printf, and we need *some* name prefix ...

- * (XXX  the function should be renamed, but to what?) */

-int BIO_snprintf(char *buf, size_t n, const char *format, ...)

-	{

-	va_list args;

-	int ret;

-	va_start(args, format);

-	ret = BIO_vsnprintf(buf, n, format, args);

-	va_end(args);

-	return(ret);

-	}

-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)

-	{

-	size_t retlen;

-	int truncated;

-	_dopr(&buf, NULL, &n, &retlen, &truncated, format, args);

-	if (truncated)

-		/* In case of truncation, return -1 like traditional snprintf.

-		 * (Current drafts for ISO/IEC 9899 say snprintf should return

-		 * the number of characters that would have been written,

-		 * had the buffer been large enough.) */

-		return -1;

-	else

-		return (retlen <= INT_MAX) ? (int)retlen : -1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/b_sock.c

+++ /dev/null

@@ -1,778 +1,0 @@

-/* crypto/bio/b_sock.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)

-#include "netdb.h"

-#endif

-#ifndef OPENSSL_NO_SOCK

-#ifdef OPENSSL_SYS_WIN16

-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */

-#else

-#define SOCKET_PROTOCOL IPPROTO_TCP

-#endif

-#ifdef SO_MAXCONN

-#define MAX_LISTEN  SO_MAXCONN

-#elif defined(SOMAXCONN)

-#define MAX_LISTEN  SOMAXCONN

-#else

-#define MAX_LISTEN  32

-#endif

-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))

-static int wsa_init_done=0;

-#endif

-#if 0

-static unsigned long BIO_ghbn_hits=0L;

-static unsigned long BIO_ghbn_miss=0L;

-#define GHBN_NUM	4

-static struct ghbn_cache_st

-	{

-	char name[129];

-	struct hostent *ent;

-	unsigned long order;

-	} ghbn_cache[GHBN_NUM];

-#endif

-static int get_ip(const char *str,unsigned char *ip);

-#if 0

-static void ghbn_free(struct hostent *a);

-static struct hostent *ghbn_dup(struct hostent *a);

-#endif

-int BIO_get_host_ip(const char *str, unsigned char *ip)

-	{

-	int i;

-	int err = 1;

-	int locked = 0;

-	struct hostent *he;

-	i=get_ip(str,ip);

-	if (i < 0)

-		{

-		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);

-		goto err;

-		}

-	/* At this point, we have something that is most probably correct

-	   in some way, so let's init the socket. */

-	if (BIO_sock_init() != 1)

-		return 0; /* don't generate another error code here */

-	/* If the string actually contained an IP address, we need not do

-	   anything more */

-	if (i > 0) return(1);

-	/* do a gethostbyname */

-	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);

-	locked = 1;

-	he=BIO_gethostbyname(str);

-	if (he == NULL)

-		{

-		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);

-		goto err;

-		}

-	/* cast to short because of win16 winsock definition */

-	if ((short)he->h_addrtype != AF_INET)

-		{

-		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);

-		goto err;

-		}

-	for (i=0; i<4; i++)

-		ip[i]=he->h_addr_list[0][i];

-	err = 0;

- err:

-	if (locked)

-		CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);

-	if (err)

-		{

-		ERR_add_error_data(2,"host=",str);

-		return 0;

-		}

-	else

-		return 1;

-	}

-int BIO_get_port(const char *str, unsigned short *port_ptr)

-	{

-	int i;

-	struct servent *s;

-	if (str == NULL)

-		{

-		BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);

-		return(0);

-		}

-	i=atoi(str);

-	if (i != 0)

-		*port_ptr=(unsigned short)i;

-	else

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);

-		/* Note: under VMS with SOCKETSHR, it seems like the first

-		 * parameter is 'char *', instead of 'const char *'

-		 */

- 		s=getservbyname(

-#ifndef CONST_STRICT

-		    (char *)

-#endif

-		    str,"tcp");

-		if(s != NULL)

-			*port_ptr=ntohs((unsigned short)s->s_port);

-		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);

-		if(s == NULL)

-			{

-			if (strcmp(str,"http") == 0)

-				*port_ptr=80;

-			else if (strcmp(str,"telnet") == 0)

-				*port_ptr=23;

-			else if (strcmp(str,"socks") == 0)

-				*port_ptr=1080;

-			else if (strcmp(str,"https") == 0)

-				*port_ptr=443;

-			else if (strcmp(str,"ssl") == 0)

-				*port_ptr=443;

-			else if (strcmp(str,"ftp") == 0)

-				*port_ptr=21;

-			else if (strcmp(str,"gopher") == 0)

-				*port_ptr=70;

-#if 0

-			else if (strcmp(str,"wais") == 0)

-				*port_ptr=21;

-#endif

-			else

-				{

-				SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());

-				ERR_add_error_data(3,"service='",str,"'");

-				return(0);

-				}

-			}

-		}

-	return(1);

-	}

-int BIO_sock_error(int sock)

-	{

-	int j,i;

-	int size;

-	size=sizeof(int);

-	/* Note: under Windows the third parameter is of type (char *)

-	 * whereas under other systems it is (void *) if you don't have

-	 * a cast it will choke the compiler: if you do have a cast then

-	 * you can either go for (char *) or (void *).

-	 */

-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);

-	if (i < 0)

-		return(1);

-	else

-		return(j);

-	}

-#if 0

-long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)

-	{

-	int i;

-	char **p;

-	switch (cmd)

-		{

-	case BIO_GHBN_CTRL_HITS:

-		return(BIO_ghbn_hits);

-		/* break; */

-	case BIO_GHBN_CTRL_MISSES:

-		return(BIO_ghbn_miss);

-		/* break; */

-	case BIO_GHBN_CTRL_CACHE_SIZE:

-		return(GHBN_NUM);

-		/* break; */

-	case BIO_GHBN_CTRL_GET_ENTRY:

-		if ((iarg >= 0) && (iarg <GHBN_NUM) &&

-			(ghbn_cache[iarg].order > 0))

-			{

-			p=(char **)parg;

-			if (p == NULL) return(0);

-			*p=ghbn_cache[iarg].name;

-			ghbn_cache[iarg].name[128]='\0';

-			return(1);

-			}

-		return(0);

-		/* break; */

-	case BIO_GHBN_CTRL_FLUSH:

-		for (i=0; i<GHBN_NUM; i++)

-			ghbn_cache[i].order=0;

-		break;

-	default:

-		return(0);

-		}

-	return(1);

-	}

-#endif

-#if 0

-static struct hostent *ghbn_dup(struct hostent *a)

-	{

-	struct hostent *ret;

-	int i,j;

-	MemCheck_off();

-	ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));

-	if (ret == NULL) return(NULL);

-	memset(ret,0,sizeof(struct hostent));

-	for (i=0; a->h_aliases[i] != NULL; i++)

-		;

-	i++;

-	ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));

-	if (ret->h_aliases == NULL)

-		goto err;

-	memset(ret->h_aliases, 0, i*sizeof(char *));

-	for (i=0; a->h_addr_list[i] != NULL; i++)

-		;

-	i++;

-	ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));

-	if (ret->h_addr_list == NULL)

-		goto err;

-	memset(ret->h_addr_list, 0, i*sizeof(char *));

-	j=strlen(a->h_name)+1;

-	if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;

-	memcpy((char *)ret->h_name,a->h_name,j);

-	for (i=0; a->h_aliases[i] != NULL; i++)

-		{

-		j=strlen(a->h_aliases[i])+1;

-		if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;

-		memcpy(ret->h_aliases[i],a->h_aliases[i],j);

-		}

-	ret->h_length=a->h_length;

-	ret->h_addrtype=a->h_addrtype;

-	for (i=0; a->h_addr_list[i] != NULL; i++)

-		{

-		if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)

-			goto err;

-		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);

-		}

-	if (0)

-		{

-err:

-		if (ret != NULL)

-			ghbn_free(ret);

-		ret=NULL;

-		}

-	MemCheck_on();

-	return(ret);

-	}

-static void ghbn_free(struct hostent *a)

-	{

-	int i;

-	if(a == NULL)

-	    return;

-	if (a->h_aliases != NULL)

-		{

-		for (i=0; a->h_aliases[i] != NULL; i++)

-			OPENSSL_free(a->h_aliases[i]);

-		OPENSSL_free(a->h_aliases);

-		}

-	if (a->h_addr_list != NULL)

-		{

-		for (i=0; a->h_addr_list[i] != NULL; i++)

-			OPENSSL_free(a->h_addr_list[i]);

-		OPENSSL_free(a->h_addr_list);

-		}

-	if (a->h_name != NULL) OPENSSL_free(a->h_name);

-	OPENSSL_free(a);

-	}

-#endif

-struct hostent *BIO_gethostbyname(const char *name)

-	{

-#if 1

-	/* Caching gethostbyname() results forever is wrong,

-	 * so we have to let the true gethostbyname() worry about this */

-	return gethostbyname(name);

-#else

-	struct hostent *ret;

-	int i,lowi=0,j;

-	unsigned long low= (unsigned long)-1;

-#  if 0

-	/* It doesn't make sense to use locking here: The function interface

-	 * is not thread-safe, because threads can never be sure when

-	 * some other thread destroys the data they were given a pointer to.

-	 */

-	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);

-#  endif

-	j=strlen(name);

-	if (j < 128)

-		{

-		for (i=0; i<GHBN_NUM; i++)

-			{

-			if (low > ghbn_cache[i].order)

-				{

-				low=ghbn_cache[i].order;

-				lowi=i;

-				}

-			if (ghbn_cache[i].order > 0)

-				{

-				if (strncmp(name,ghbn_cache[i].name,128) == 0)

-					break;

-				}

-			}

-		}

-	else

-		i=GHBN_NUM;

-	if (i == GHBN_NUM) /* no hit*/

-		{

-		BIO_ghbn_miss++;

-		/* Note: under VMS with SOCKETSHR, it seems like the first

-		 * parameter is 'char *', instead of 'const char *'

-		 */

-		ret=gethostbyname(

-#  ifndef CONST_STRICT

-		    (char *)

-#  endif

-		    name);

-		if (ret == NULL)

-			goto end;

-		if (j > 128) /* too big to cache */

-			{

-#  if 0

-			/* If we were trying to make this function thread-safe (which

-			 * is bound to fail), we'd have to give up in this case

-			 * (or allocate more memory). */

-			ret = NULL;

-#  endif

-			goto end;

-			}

-		/* else add to cache */

-		if (ghbn_cache[lowi].ent != NULL)

-			ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */

-		ghbn_cache[lowi].name[0] = '\0';

-		if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)

-			{

-			BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);

-			goto end;

-			}

-		strncpy(ghbn_cache[lowi].name,name,128);

-		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;

-		}

-	else

-		{

-		BIO_ghbn_hits++;

-		ret= ghbn_cache[i].ent;

-		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;

-		}

-end:

-#  if 0

-	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);

-#  endif

-	return(ret);

-#endif

-	}

-int BIO_sock_init(void)

-	{

-#ifdef OPENSSL_SYS_WINDOWS

-	static struct WSAData wsa_state;

-	if (!wsa_init_done)

-		{

-		int err;

-		wsa_init_done=1;

-		memset(&wsa_state,0,sizeof(wsa_state));

-		if (WSAStartup(0x0101,&wsa_state)!=0)

-			{

-			err=WSAGetLastError();

-			SYSerr(SYS_F_WSASTARTUP,err);

-			BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);

-			return(-1);

-			}

-		}

-#endif /* OPENSSL_SYS_WINDOWS */

-#ifdef WATT32

-	extern int _watt_do_exit;

-	_watt_do_exit = 0;    /* don't make sock_init() call exit() */

-	if (sock_init())

-		return (-1);

-#endif

-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)

-    WORD wVerReq;

-    WSADATA wsaData;

-    int err;

-    if (!wsa_init_done)

-    {

-        wsa_init_done=1;

-        wVerReq = MAKEWORD( 2, 0 );

-        err = WSAStartup(wVerReq,&wsaData);

-        if (err != 0)

-        {

-            SYSerr(SYS_F_WSASTARTUP,err);

-            BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);

-            return(-1);

-			}

-		}

-#endif

-	return(1);

-	}

-void BIO_sock_cleanup(void)

-	{

-#ifdef OPENSSL_SYS_WINDOWS

-	if (wsa_init_done)

-		{

-		wsa_init_done=0;

-#ifndef OPENSSL_SYS_WINCE

-		WSACancelBlockingCall();	/* Winsock 1.1 specific */

-#endif

-		WSACleanup();

-		}

-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)

-   if (wsa_init_done)

-        {

-        wsa_init_done=0;

-        WSACleanup();

-		}

-#endif

-	}

-#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000

-int BIO_socket_ioctl(int fd, long type, void *arg)

-	{

-	int i;

-#ifdef __DJGPP__

-	i=ioctlsocket(fd,type,(char *)arg);

-#else

-	i=ioctlsocket(fd,type,arg);

-#endif /* __DJGPP__ */

-	if (i < 0)

-		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());

-	return(i);

-	}

-#endif /* __VMS_VER */

-/* The reason I have implemented this instead of using sscanf is because

- * Visual C 1.52c gives an unresolved external when linking a DLL :-( */

-static int get_ip(const char *str, unsigned char ip[4])

-	{

-	unsigned int tmp[4];

-	int num=0,c,ok=0;

-	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;

-	for (;;)

-		{

-		c= *(str++);

-		if ((c >= '0') && (c <= '9'))

-			{

-			ok=1;

-			tmp[num]=tmp[num]*10+c-'0';

-			if (tmp[num] > 255) return(0);

-			}

-		else if (c == '.')

-			{

-			if (!ok) return(-1);

-			if (num == 3) return(0);

-			num++;

-			ok=0;

-			}

-		else if (c == '\0' && (num == 3) && ok)

-			break;

-		else

-			return(0);

-		}

-	ip[0]=tmp[0];

-	ip[1]=tmp[1];

-	ip[2]=tmp[2];

-	ip[3]=tmp[3];

-	return(1);

-	}

-int BIO_get_accept_socket(char *host, int bind_mode)

-	{

-	int ret=0;

-	struct sockaddr_in server,client;

-	int s=INVALID_SOCKET,cs;

-	unsigned char ip[4];

-	unsigned short port;

-	char *str=NULL,*e;

-	const char *h,*p;

-	unsigned long l;

-	int err_num;

-	if (BIO_sock_init() != 1) return(INVALID_SOCKET);

-	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);

-	h=p=NULL;

-	h=str;

-	for (e=str; *e; e++)

-		{

-		if (*e == ':')

-			{

-			p= &(e[1]);

-			*e='\0';

-			}

-		else if (*e == '/')

-			{

-			*e='\0';

-			break;

-			}

-		}

-	if (p == NULL)

-		{

-		p=h;

-		h="*";

-		}

-	if (!BIO_get_port(p,&port)) goto err;

-	memset((char *)&server,0,sizeof(server));

-	server.sin_family=AF_INET;

-	server.sin_port=htons(port);

-	if (strcmp(h,"*") == 0)

-		server.sin_addr.s_addr=INADDR_ANY;

-	else

-		{

-                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;

-		l=(unsigned long)

-			((unsigned long)ip[0]<<24L)|

-			((unsigned long)ip[1]<<16L)|

-			((unsigned long)ip[2]<< 8L)|

-			((unsigned long)ip[3]);

-		server.sin_addr.s_addr=htonl(l);

-		}

-again:

-	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);

-	if (s == INVALID_SOCKET)

-		{

-		SYSerr(SYS_F_SOCKET,get_last_socket_error());

-		ERR_add_error_data(3,"port='",host,"'");

-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);

-		goto err;

-		}

-#ifdef SO_REUSEADDR

-	if (bind_mode == BIO_BIND_REUSEADDR)

-		{

-		int i=1;

-		ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));

-		bind_mode=BIO_BIND_NORMAL;

-		}

-#endif

-	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)

-		{

-#ifdef SO_REUSEADDR

-		err_num=get_last_socket_error();

-		if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&

-			(err_num == EADDRINUSE))

-			{

-			memcpy((char *)&client,(char *)&server,sizeof(server));

-			if (strcmp(h,"*") == 0)

-				client.sin_addr.s_addr=htonl(0x7F000001);

-			cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);

-			if (cs != INVALID_SOCKET)

-				{

-				int ii;

-				ii=connect(cs,(struct sockaddr *)&client,

-					sizeof(client));

-				closesocket(cs);

-				if (ii == INVALID_SOCKET)

-					{

-					bind_mode=BIO_BIND_REUSEADDR;

-					closesocket(s);

-					goto again;

-					}

-				/* else error */

-				}

-			/* else error */

-			}

-#endif

-		SYSerr(SYS_F_BIND,err_num);

-		ERR_add_error_data(3,"port='",host,"'");

-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);

-		goto err;

-		}

-	if (listen(s,MAX_LISTEN) == -1)

-		{

-		SYSerr(SYS_F_BIND,get_last_socket_error());

-		ERR_add_error_data(3,"port='",host,"'");

-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);

-		goto err;

-		}

-	ret=1;

-err:

-	if (str != NULL) OPENSSL_free(str);

-	if ((ret == 0) && (s != INVALID_SOCKET))

-		{

-		closesocket(s);

-		s= INVALID_SOCKET;

-		}

-	return(s);

-	}

-int BIO_accept(int sock, char **addr)

-	{

-	int ret=INVALID_SOCKET;

-	static struct sockaddr_in from;

-	unsigned long l;

-	unsigned short port;

-	int len;

-	char *p;

-	memset((char *)&from,0,sizeof(from));

-	len=sizeof(from);

-	/* Note: under VMS with SOCKETSHR the fourth parameter is currently

-	 * of type (int *) whereas under other systems it is (void *) if

-	 * you don't have a cast it will choke the compiler: if you do

-	 * have a cast then you can either go for (int *) or (void *).

-	 */

-	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);

-	if (ret == INVALID_SOCKET)

-		{

-		if(BIO_sock_should_retry(ret)) return -2;

-		SYSerr(SYS_F_ACCEPT,get_last_socket_error());

-		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);

-		goto end;

-		}

-	if (addr == NULL) goto end;

-	l=ntohl(from.sin_addr.s_addr);

-	port=ntohs(from.sin_port);

-	if (*addr == NULL)

-		{

-		if ((p=OPENSSL_malloc(24)) == NULL)

-			{

-			BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);

-			goto end;

-			}

-		*addr=p;

-		}

-	BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",

-		     (unsigned char)(l>>24L)&0xff,

-		     (unsigned char)(l>>16L)&0xff,

-		     (unsigned char)(l>> 8L)&0xff,

-		     (unsigned char)(l     )&0xff,

-		     port);

-end:

-	return(ret);

-	}

-int BIO_set_tcp_ndelay(int s, int on)

-	{

-	int ret=0;

-#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))

-	int opt;

-#ifdef SOL_TCP

-	opt=SOL_TCP;

-#else

-#ifdef IPPROTO_TCP

-	opt=IPPROTO_TCP;

-#endif

-#endif

-	ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));

-#endif

-	return(ret == 0);

-	}

-#endif

-int BIO_socket_nbio(int s, int mode)

-	{

-	int ret= -1;

-	int l;

-	l=mode;

-#ifdef FIONBIO

-	ret=BIO_socket_ioctl(s,FIONBIO,&l);

-#endif

-	return(ret == 0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bf_buff.c

+++ /dev/null

@@ -1,511 +1,0 @@

-/* crypto/bio/bf_buff.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-static int buffer_write(BIO *h, const char *buf,int num);

-static int buffer_read(BIO *h, char *buf, int size);

-static int buffer_puts(BIO *h, const char *str);

-static int buffer_gets(BIO *h, char *str, int size);

-static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int buffer_new(BIO *h);

-static int buffer_free(BIO *data);

-static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);

-#define DEFAULT_BUFFER_SIZE	4096

-static BIO_METHOD methods_buffer=

-	{

-	BIO_TYPE_BUFFER,

-	"buffer",

-	buffer_write,

-	buffer_read,

-	buffer_puts,

-	buffer_gets,

-	buffer_ctrl,

-	buffer_new,

-	buffer_free,

-	buffer_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_buffer(void)

-	{

-	return(&methods_buffer);

-	}

-static int buffer_new(BIO *bi)

-	{

-	BIO_F_BUFFER_CTX *ctx;

-	ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));

-	if (ctx == NULL) return(0);

-	ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);

-	if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }

-	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);

-	if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }

-	ctx->ibuf_size=DEFAULT_BUFFER_SIZE;

-	ctx->obuf_size=DEFAULT_BUFFER_SIZE;

-	ctx->ibuf_len=0;

-	ctx->ibuf_off=0;

-	ctx->obuf_len=0;

-	ctx->obuf_off=0;

-	bi->init=1;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int buffer_free(BIO *a)

-	{

-	BIO_F_BUFFER_CTX *b;

-	if (a == NULL) return(0);

-	b=(BIO_F_BUFFER_CTX *)a->ptr;

-	if (b->ibuf != NULL) OPENSSL_free(b->ibuf);

-	if (b->obuf != NULL) OPENSSL_free(b->obuf);

-	OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int buffer_read(BIO *b, char *out, int outl)

-	{

-	int i,num=0;

-	BIO_F_BUFFER_CTX *ctx;

-	if (out == NULL) return(0);

-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	num=0;

-	BIO_clear_retry_flags(b);

-start:

-	i=ctx->ibuf_len;

-	/* If there is stuff left over, grab it */

-	if (i != 0)

-		{

-		if (i > outl) i=outl;

-		memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);

-		ctx->ibuf_off+=i;

-		ctx->ibuf_len-=i;

-		num+=i;

-		if (outl == i)  return(num);

-		outl-=i;

-		out+=i;

-		}

-	/* We may have done a partial read. try to do more.

-	 * We have nothing in the buffer.

-	 * If we get an error and have read some data, just return it

-	 * and let them retry to get the error again.

-	 * copy direct to parent address space */

-	if (outl > ctx->ibuf_size)

-		{

-		for (;;)

-			{

-			i=BIO_read(b->next_bio,out,outl);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				if (i < 0) return((num > 0)?num:i);

-				if (i == 0) return(num);

-				}

-			num+=i;

-			if (outl == i) return(num);

-			out+=i;

-			outl-=i;

-			}

-		}

-	/* else */

-	/* we are going to be doing some buffering */

-	i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);

-	if (i <= 0)

-		{

-		BIO_copy_next_retry(b);

-		if (i < 0) return((num > 0)?num:i);

-		if (i == 0) return(num);

-		}

-	ctx->ibuf_off=0;

-	ctx->ibuf_len=i;

-	/* Lets re-read using ourselves :-) */

-	goto start;

-	}

-static int buffer_write(BIO *b, const char *in, int inl)

-	{

-	int i,num=0;

-	BIO_F_BUFFER_CTX *ctx;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	BIO_clear_retry_flags(b);

-start:

-	i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);

-	/* add to buffer and return */

-	if (i >= inl)

-		{

-		memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);

-		ctx->obuf_len+=inl;

-		return(num+inl);

-		}

-	/* else */

-	/* stuff already in buffer, so add to it first, then flush */

-	if (ctx->obuf_len != 0)

-		{

-		if (i > 0) /* lets fill it up if we can */

-			{

-			memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);

-			in+=i;

-			inl-=i;

-			num+=i;

-			ctx->obuf_len+=i;

-			}

-		/* we now have a full buffer needing flushing */

-		for (;;)

-			{

-			i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),

-				ctx->obuf_len);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				if (i < 0) return((num > 0)?num:i);

-				if (i == 0) return(num);

-				}

-			ctx->obuf_off+=i;

-			ctx->obuf_len-=i;

-			if (ctx->obuf_len == 0) break;

-			}

-		}

-	/* we only get here if the buffer has been flushed and we

-	 * still have stuff to write */

-	ctx->obuf_off=0;

-	/* we now have inl bytes to write */

-	while (inl >= ctx->obuf_size)

-		{

-		i=BIO_write(b->next_bio,in,inl);

-		if (i <= 0)

-			{

-			BIO_copy_next_retry(b);

-			if (i < 0) return((num > 0)?num:i);

-			if (i == 0) return(num);

-			}

-		num+=i;

-		in+=i;

-		inl-=i;

-		if (inl == 0) return(num);

-		}

-	/* copy the rest into the buffer since we have only a small

-	 * amount left */

-	goto start;

-	}

-static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO *dbio;

-	BIO_F_BUFFER_CTX *ctx;

-	long ret=1;

-	char *p1,*p2;

-	int r,i,*ip;

-	int ibs,obs;

-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ctx->ibuf_off=0;

-		ctx->ibuf_len=0;

-		ctx->obuf_off=0;

-		ctx->obuf_len=0;

-		if (b->next_bio == NULL) return(0);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_INFO:

-		ret=(long)ctx->obuf_len;

-		break;

-	case BIO_C_GET_BUFF_NUM_LINES:

-		ret=0;

-		p1=ctx->ibuf;

-		for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)

-			{

-			if (p1[i] == '\n') ret++;

-			}

-		break;

-	case BIO_CTRL_WPENDING:

-		ret=(long)ctx->obuf_len;

-		if (ret == 0)

-			{

-			if (b->next_bio == NULL) return(0);

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-			}

-		break;

-	case BIO_CTRL_PENDING:

-		ret=(long)ctx->ibuf_len;

-		if (ret == 0)

-			{

-			if (b->next_bio == NULL) return(0);

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-			}

-		break;

-	case BIO_C_SET_BUFF_READ_DATA:

-		if (num > ctx->ibuf_size)

-			{

-			p1=OPENSSL_malloc((int)num);

-			if (p1 == NULL) goto malloc_error;

-			if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);

-			ctx->ibuf=p1;

-			}

-		ctx->ibuf_off=0;

-		ctx->ibuf_len=(int)num;

-		memcpy(ctx->ibuf,ptr,(int)num);

-		ret=1;

-		break;

-	case BIO_C_SET_BUFF_SIZE:

-		if (ptr != NULL)

-			{

-			ip=(int *)ptr;

-			if (*ip == 0)

-				{

-				ibs=(int)num;

-				obs=ctx->obuf_size;

-				}

-			else /* if (*ip == 1) */

-				{

-				ibs=ctx->ibuf_size;

-				obs=(int)num;

-				}

-			}

-		else

-			{

-			ibs=(int)num;

-			obs=(int)num;

-			}

-		p1=ctx->ibuf;

-		p2=ctx->obuf;

-		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))

-			{

-			p1=(char *)OPENSSL_malloc((int)num);

-			if (p1 == NULL) goto malloc_error;

-			}

-		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))

-			{

-			p2=(char *)OPENSSL_malloc((int)num);

-			if (p2 == NULL)

-				{

-				if (p1 != ctx->ibuf) OPENSSL_free(p1);

-				goto malloc_error;

-				}

-			}

-		if (ctx->ibuf != p1)

-			{

-			OPENSSL_free(ctx->ibuf);

-			ctx->ibuf=p1;

-			ctx->ibuf_off=0;

-			ctx->ibuf_len=0;

-			ctx->ibuf_size=ibs;

-			}

-		if (ctx->obuf != p2)

-			{

-			OPENSSL_free(ctx->obuf);

-			ctx->obuf=p2;

-			ctx->obuf_off=0;

-			ctx->obuf_len=0;

-			ctx->obuf_size=obs;

-			}

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		if (b->next_bio == NULL) return(0);

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_FLUSH:

-		if (b->next_bio == NULL) return(0);

-		if (ctx->obuf_len <= 0)

-			{

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-			break;

-			}

-		for (;;)

-			{

-			BIO_clear_retry_flags(b);

-			if (ctx->obuf_len > ctx->obuf_off)

-				{

-				r=BIO_write(b->next_bio,

-					&(ctx->obuf[ctx->obuf_off]),

-					ctx->obuf_len-ctx->obuf_off);

-#if 0

-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);

-#endif

-				BIO_copy_next_retry(b);

-				if (r <= 0) return((long)r);

-				ctx->obuf_off+=r;

-				}

-			else

-				{

-				ctx->obuf_len=0;

-				ctx->obuf_off=0;

-				ret=1;

-				break;

-				}

-			}

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_DUP:

-		dbio=(BIO *)ptr;

-		if (	!BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||

-			!BIO_set_write_buffer_size(dbio,ctx->obuf_size))

-			ret=0;

-		break;

-	default:

-		if (b->next_bio == NULL) return(0);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-malloc_error:

-	BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

-static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static int buffer_gets(BIO *b, char *buf, int size)

-	{

-	BIO_F_BUFFER_CTX *ctx;

-	int num=0,i,flag;

-	char *p;

-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;

-	size--; /* reserve space for a '\0' */

-	BIO_clear_retry_flags(b);

-	for (;;)

-		{

-		if (ctx->ibuf_len > 0)

-			{

-			p= &(ctx->ibuf[ctx->ibuf_off]);

-			flag=0;

-			for (i=0; (i<ctx->ibuf_len) && (i<size); i++)

-				{

-				*(buf++)=p[i];

-				if (p[i] == '\n')

-					{

-					flag=1;

-					i++;

-					break;

-					}

-				}

-			num+=i;

-			size-=i;

-			ctx->ibuf_len-=i;

-			ctx->ibuf_off+=i;

-			if (flag || size == 0)

-				{

-				*buf='\0';

-				return(num);

-				}

-			}

-		else	/* read another chunk */

-			{

-			i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				*buf='\0';

-				if (i < 0) return((num > 0)?num:i);

-				if (i == 0) return(num);

-				}

-			ctx->ibuf_len=i;

-			ctx->ibuf_off=0;

-			}

-		}

-	}

-static int buffer_puts(BIO *b, const char *str)

-	{

-	return(buffer_write(b,str,strlen(str)));

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bf_lbuf.c

+++ /dev/null

@@ -1,397 +1,0 @@

-/* crypto/bio/bf_buff.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-static int linebuffer_write(BIO *h, const char *buf,int num);

-static int linebuffer_read(BIO *h, char *buf, int size);

-static int linebuffer_puts(BIO *h, const char *str);

-static int linebuffer_gets(BIO *h, char *str, int size);

-static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int linebuffer_new(BIO *h);

-static int linebuffer_free(BIO *data);

-static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);

-/* A 10k maximum should be enough for most purposes */

-#define DEFAULT_LINEBUFFER_SIZE	1024*10

-/* #define DEBUG */

-static BIO_METHOD methods_linebuffer=

-	{

-	BIO_TYPE_LINEBUFFER,

-	"linebuffer",

-	linebuffer_write,

-	linebuffer_read,

-	linebuffer_puts,

-	linebuffer_gets,

-	linebuffer_ctrl,

-	linebuffer_new,

-	linebuffer_free,

-	linebuffer_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_linebuffer(void)

-	{

-	return(&methods_linebuffer);

-	}

-typedef struct bio_linebuffer_ctx_struct

-	{

-	char *obuf;		/* the output char array */

-	int obuf_size;		/* how big is the output buffer */

-	int obuf_len;		/* how many bytes are in it */

-	} BIO_LINEBUFFER_CTX;

-static int linebuffer_new(BIO *bi)

-	{

-	BIO_LINEBUFFER_CTX *ctx;

-	ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));

-	if (ctx == NULL) return(0);

-	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);

-	if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }

-	ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;

-	ctx->obuf_len=0;

-	bi->init=1;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int linebuffer_free(BIO *a)

-	{

-	BIO_LINEBUFFER_CTX *b;

-	if (a == NULL) return(0);

-	b=(BIO_LINEBUFFER_CTX *)a->ptr;

-	if (b->obuf != NULL) OPENSSL_free(b->obuf);

-	OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int linebuffer_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	if (out == NULL) return(0);

-	if (b->next_bio == NULL) return(0);

-	ret=BIO_read(b->next_bio,out,outl);

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static int linebuffer_write(BIO *b, const char *in, int inl)

-	{

-	int i,num=0,foundnl;

-	BIO_LINEBUFFER_CTX *ctx;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	BIO_clear_retry_flags(b);

-	do

-		{

-		const char *p;

-		for(p = in; p < in + inl && *p != '\n'; p++)

-			;

-		if (*p == '\n')

-			{

-			p++;

-			foundnl = 1;

-			}

-		else

-			foundnl = 0;

-		/* If a NL was found and we already have text in the save

-		   buffer, concatenate them and write */

-		while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)

-			&& ctx->obuf_len > 0)

-			{

-			int orig_olen = ctx->obuf_len;

-			i = ctx->obuf_size - ctx->obuf_len;

-			if (p - in > 0)

-				{

-				if (i >= p - in)

-					{

-					memcpy(&(ctx->obuf[ctx->obuf_len]),

-						in,p - in);

-					ctx->obuf_len += p - in;

-					inl -= p - in;

-					num += p - in;

-					in = p;

-					}

-				else

-					{

-					memcpy(&(ctx->obuf[ctx->obuf_len]),

-						in,i);

-					ctx->obuf_len += i;

-					inl -= i;

-					in += i;

-					num += i;

-					}

-				}

-#if 0

-BIO_write(b->next_bio, "<*<", 3);

-#endif

-			i=BIO_write(b->next_bio,

-				ctx->obuf, ctx->obuf_len);

-			if (i <= 0)

-				{

-				ctx->obuf_len = orig_olen;

-				BIO_copy_next_retry(b);

-#if 0

-BIO_write(b->next_bio, ">*>", 3);

-#endif

-				if (i < 0) return((num > 0)?num:i);

-				if (i == 0) return(num);

-				}

-#if 0

-BIO_write(b->next_bio, ">*>", 3);

-#endif

-			if (i < ctx->obuf_len)

-				memmove(ctx->obuf, ctx->obuf + i,

-					ctx->obuf_len - i);

-			ctx->obuf_len-=i;

-			}

-		/* Now that the save buffer is emptied, let's write the input

-		   buffer if a NL was found and there is anything to write. */

-		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)

-			{

-#if 0

-BIO_write(b->next_bio, "<*<", 3);

-#endif

-			i=BIO_write(b->next_bio,in,p - in);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-#if 0

-BIO_write(b->next_bio, ">*>", 3);

-#endif

-				if (i < 0) return((num > 0)?num:i);

-				if (i == 0) return(num);

-				}

-#if 0

-BIO_write(b->next_bio, ">*>", 3);

-#endif

-			num+=i;

-			in+=i;

-			inl-=i;

-			}

-		}

-	while(foundnl && inl > 0);

-	/* We've written as much as we can.  The rest of the input buffer, if

-	   any, is text that doesn't and with a NL and therefore needs to be

-	   saved for the next trip. */

-	if (inl > 0)

-		{

-		memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);

-		ctx->obuf_len += inl;

-		num += inl;

-		}

-	return num;

-	}

-static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO *dbio;

-	BIO_LINEBUFFER_CTX *ctx;

-	long ret=1;

-	char *p;

-	int r;

-	int obs;

-	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ctx->obuf_len=0;

-		if (b->next_bio == NULL) return(0);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_INFO:

-		ret=(long)ctx->obuf_len;

-		break;

-	case BIO_CTRL_WPENDING:

-		ret=(long)ctx->obuf_len;

-		if (ret == 0)

-			{

-			if (b->next_bio == NULL) return(0);

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-			}

-		break;

-	case BIO_C_SET_BUFF_SIZE:

-		obs=(int)num;

-		p=ctx->obuf;

-		if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))

-			{

-			p=(char *)OPENSSL_malloc((int)num);

-			if (p == NULL)

-				goto malloc_error;

-			}

-		if (ctx->obuf != p)

-			{

-			if (ctx->obuf_len > obs)

-				{

-				ctx->obuf_len = obs;

-				}

-			memcpy(p, ctx->obuf, ctx->obuf_len);

-			OPENSSL_free(ctx->obuf);

-			ctx->obuf=p;

-			ctx->obuf_size=obs;

-			}

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		if (b->next_bio == NULL) return(0);

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_FLUSH:

-		if (b->next_bio == NULL) return(0);

-		if (ctx->obuf_len <= 0)

-			{

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-			break;

-			}

-		for (;;)

-			{

-			BIO_clear_retry_flags(b);

-			if (ctx->obuf_len > 0)

-				{

-				r=BIO_write(b->next_bio,

-					ctx->obuf, ctx->obuf_len);

-#if 0

-fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);

-#endif

-				BIO_copy_next_retry(b);

-				if (r <= 0) return((long)r);

-				if (r < ctx->obuf_len)

-					memmove(ctx->obuf, ctx->obuf + r,

-						ctx->obuf_len - r);

-				ctx->obuf_len-=r;

-				}

-			else

-				{

-				ctx->obuf_len=0;

-				ret=1;

-				break;

-				}

-			}

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_DUP:

-		dbio=(BIO *)ptr;

-		if (	!BIO_set_write_buffer_size(dbio,ctx->obuf_size))

-			ret=0;

-		break;

-	default:

-		if (b->next_bio == NULL) return(0);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-malloc_error:

-	BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

-static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static int linebuffer_gets(BIO *b, char *buf, int size)

-	{

-	if (b->next_bio == NULL) return(0);

-	return(BIO_gets(b->next_bio,buf,size));

-	}

-static int linebuffer_puts(BIO *b, const char *str)

-	{

-	return(linebuffer_write(b,str,strlen(str)));

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bf_nbio.c

+++ /dev/null

@@ -1,255 +1,0 @@

-/* crypto/bio/bf_nbio.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include <openssl/bio.h>

-/* BIO_put and BIO_get both add to the digest,

- * BIO_gets returns the digest */

-static int nbiof_write(BIO *h,const char *buf,int num);

-static int nbiof_read(BIO *h,char *buf,int size);

-static int nbiof_puts(BIO *h,const char *str);

-static int nbiof_gets(BIO *h,char *str,int size);

-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);

-static int nbiof_new(BIO *h);

-static int nbiof_free(BIO *data);

-static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);

-typedef struct nbio_test_st

-	{

-	/* only set if we sent a 'should retry' error */

-	int lrn;

-	int lwn;

-	} NBIO_TEST;

-static BIO_METHOD methods_nbiof=

-	{

-	BIO_TYPE_NBIO_TEST,

-	"non-blocking IO test filter",

-	nbiof_write,

-	nbiof_read,

-	nbiof_puts,

-	nbiof_gets,

-	nbiof_ctrl,

-	nbiof_new,

-	nbiof_free,

-	nbiof_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_nbio_test(void)

-	{

-	return(&methods_nbiof);

-	}

-static int nbiof_new(BIO *bi)

-	{

-	NBIO_TEST *nt;

-	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);

-	nt->lrn= -1;

-	nt->lwn= -1;

-	bi->ptr=(char *)nt;

-	bi->init=1;

-	bi->flags=0;

-	return(1);

-	}

-static int nbiof_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	if (a->ptr != NULL)

-		OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int nbiof_read(BIO *b, char *out, int outl)

-	{

-	NBIO_TEST *nt;

-	int ret=0;

-#if 1

-	int num;

-	unsigned char n;

-#endif

-	if (out == NULL) return(0);

-	if (b->next_bio == NULL) return(0);

-	nt=(NBIO_TEST *)b->ptr;

-	BIO_clear_retry_flags(b);

-#if 1

-	RAND_pseudo_bytes(&n,1);

-	num=(n&0x07);

-	if (outl > num) outl=num;

-	if (num == 0)

-		{

-		ret= -1;

-		BIO_set_retry_read(b);

-		}

-	else

-#endif

-		{

-		ret=BIO_read(b->next_bio,out,outl);

-		if (ret < 0)

-			BIO_copy_next_retry(b);

-		}

-	return(ret);

-	}

-static int nbiof_write(BIO *b, const char *in, int inl)

-	{

-	NBIO_TEST *nt;

-	int ret=0;

-	int num;

-	unsigned char n;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	if (b->next_bio == NULL) return(0);

-	nt=(NBIO_TEST *)b->ptr;

-	BIO_clear_retry_flags(b);

-#if 1

-	if (nt->lwn > 0)

-		{

-		num=nt->lwn;

-		nt->lwn=0;

-		}

-	else

-		{

-		RAND_pseudo_bytes(&n,1);

-		num=(n&7);

-		}

-	if (inl > num) inl=num;

-	if (num == 0)

-		{

-		ret= -1;

-		BIO_set_retry_write(b);

-		}

-	else

-#endif

-		{

-		ret=BIO_write(b->next_bio,in,inl);

-		if (ret < 0)

-			{

-			BIO_copy_next_retry(b);

-			nt->lwn=inl;

-			}

-		}

-	return(ret);

-	}

-static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-        case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_DUP:

-		ret=0L;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static int nbiof_gets(BIO *bp, char *buf, int size)

-	{

-	if (bp->next_bio == NULL) return(0);

-	return(BIO_gets(bp->next_bio,buf,size));

-	}

-static int nbiof_puts(BIO *bp, const char *str)

-	{

-	if (bp->next_bio == NULL) return(0);

-	return(BIO_puts(bp->next_bio,str));

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bf_null.c

+++ /dev/null

@@ -1,183 +1,0 @@

-/* crypto/bio/bf_null.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-/* BIO_put and BIO_get both add to the digest,

- * BIO_gets returns the digest */

-static int nullf_write(BIO *h, const char *buf, int num);

-static int nullf_read(BIO *h, char *buf, int size);

-static int nullf_puts(BIO *h, const char *str);

-static int nullf_gets(BIO *h, char *str, int size);

-static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int nullf_new(BIO *h);

-static int nullf_free(BIO *data);

-static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);

-static BIO_METHOD methods_nullf=

-	{

-	BIO_TYPE_NULL_FILTER,

-	"NULL filter",

-	nullf_write,

-	nullf_read,

-	nullf_puts,

-	nullf_gets,

-	nullf_ctrl,

-	nullf_new,

-	nullf_free,

-	nullf_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_null(void)

-	{

-	return(&methods_nullf);

-	}

-static int nullf_new(BIO *bi)

-	{

-	bi->init=1;

-	bi->ptr=NULL;

-	bi->flags=0;

-	return(1);

-	}

-static int nullf_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-/*	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;*/

-	return(1);

-	}

-static int nullf_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	if (out == NULL) return(0);

-	if (b->next_bio == NULL) return(0);

-	ret=BIO_read(b->next_bio,out,outl);

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static int nullf_write(BIO *b, const char *in, int inl)

-	{

-	int ret=0;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	if (b->next_bio == NULL) return(0);

-	ret=BIO_write(b->next_bio,in,inl);

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret;

-	if (b->next_bio == NULL) return(0);

-	switch(cmd)

-		{

-        case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_DUP:

-		ret=0L;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		}

-	return(ret);

-	}

-static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static int nullf_gets(BIO *bp, char *buf, int size)

-	{

-	if (bp->next_bio == NULL) return(0);

-	return(BIO_gets(bp->next_bio,buf,size));

-	}

-static int nullf_puts(BIO *bp, const char *str)

-	{

-	if (bp->next_bio == NULL) return(0);

-	return(BIO_puts(bp->next_bio,str));

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bio.h

+++ /dev/null

@@ -1,775 +1,0 @@

-/* crypto/bio/bio.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BIO_H

-#define HEADER_BIO_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-# include <stdio.h>

-#endif

-#include <stdarg.h>

-#include <openssl/crypto.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* These are the 'types' of BIOs */

-#define BIO_TYPE_NONE		0

-#define BIO_TYPE_MEM		(1|0x0400)

-#define BIO_TYPE_FILE		(2|0x0400)

-#define BIO_TYPE_FD		(4|0x0400|0x0100)

-#define BIO_TYPE_SOCKET		(5|0x0400|0x0100)

-#define BIO_TYPE_NULL		(6|0x0400)

-#define BIO_TYPE_SSL		(7|0x0200)

-#define BIO_TYPE_MD		(8|0x0200)		/* passive filter */

-#define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */

-#define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */

-#define BIO_TYPE_BASE64		(11|0x0200)		/* filter */

-#define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */

-#define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */

-#define BIO_TYPE_PROXY_CLIENT	(14|0x0200)		/* client proxy BIO */

-#define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */

-#define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */

-#define BIO_TYPE_NULL_FILTER	(17|0x0200)

-#define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */

-#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */

-#define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */

-#define BIO_TYPE_DGRAM		(21|0x0400|0x0100)

-#define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */

-#define BIO_TYPE_FILTER		0x0200

-#define BIO_TYPE_SOURCE_SINK	0x0400

-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.

- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */

-#define BIO_NOCLOSE		0x00

-#define BIO_CLOSE		0x01

-/* These are used in the following macros and are passed to

- * BIO_ctrl() */

-#define BIO_CTRL_RESET		1  /* opt - rewind/zero etc */

-#define BIO_CTRL_EOF		2  /* opt - are we at the eof */

-#define BIO_CTRL_INFO		3  /* opt - extra tit-bits */

-#define BIO_CTRL_SET		4  /* man - set the 'IO' type */

-#define BIO_CTRL_GET		5  /* man - get the 'IO' type */

-#define BIO_CTRL_PUSH		6  /* opt - internal, used to signify change */

-#define BIO_CTRL_POP		7  /* opt - internal, used to signify change */

-#define BIO_CTRL_GET_CLOSE	8  /* man - set the 'close' on free */

-#define BIO_CTRL_SET_CLOSE	9  /* man - set the 'close' on free */

-#define BIO_CTRL_PENDING	10  /* opt - is their more data buffered */

-#define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */

-#define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */

-#define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */

-/* callback is int cb(BIO *bio,state,ret); */

-#define BIO_CTRL_SET_CALLBACK	14  /* opt - set callback function */

-#define BIO_CTRL_GET_CALLBACK	15  /* opt - set callback function */

-#define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */

-/* dgram BIO stuff */

-#define BIO_CTRL_DGRAM_CONNECT       31  /* BIO dgram special */

-#define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally

-					  * connected socket to be

-					  * passed in */

-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */

-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */

-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */

-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */

-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */

-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */

-/* #ifdef IP_MTU_DISCOVER */

-#define BIO_CTRL_DGRAM_MTU_DISCOVER       39 /* set DF bit on egress packets */

-/* #endif */

-#define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */

-#define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */

-#define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for

-					      * MTU. want to use this

-					      * if asking the kernel

-					      * fails */

-#define BIO_CTRL_DGRAM_MTU_EXCEEDED       43 /* check whether the MTU

-					      * was exceed in the

-					      * previous write

-					      * operation */

-#define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */

-/* modifiers */

-#define BIO_FP_READ		0x02

-#define BIO_FP_WRITE		0x04

-#define BIO_FP_APPEND		0x08

-#define BIO_FP_TEXT		0x10

-#define BIO_FLAGS_READ		0x01

-#define BIO_FLAGS_WRITE		0x02

-#define BIO_FLAGS_IO_SPECIAL	0x04

-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)

-#define BIO_FLAGS_SHOULD_RETRY	0x08

-#ifndef	BIO_FLAGS_UPLINK

-/* "UPLINK" flag denotes file descriptors provided by application.

-   It defaults to 0, as most platforms don't require UPLINK interface. */

-#define	BIO_FLAGS_UPLINK	0

-#endif

-/* Used in BIO_gethostbyname() */

-#define BIO_GHBN_CTRL_HITS		1

-#define BIO_GHBN_CTRL_MISSES		2

-#define BIO_GHBN_CTRL_CACHE_SIZE	3

-#define BIO_GHBN_CTRL_GET_ENTRY		4

-#define BIO_GHBN_CTRL_FLUSH		5

-/* Mostly used in the SSL BIO */

-/* Not used anymore

- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10

- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20

- * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40

- */

-#define BIO_FLAGS_BASE64_NO_NL	0x100

-/* This is used with memory BIOs: it means we shouldn't free up or change the

- * data in any way.

- */

-#define BIO_FLAGS_MEM_RDONLY	0x200

-typedef struct bio_st BIO;

-void BIO_set_flags(BIO *b, int flags);

-int  BIO_test_flags(const BIO *b, int flags);

-void BIO_clear_flags(BIO *b, int flags);

-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))

-#define BIO_set_retry_special(b) \

-		BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))

-#define BIO_set_retry_read(b) \

-		BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))

-#define BIO_set_retry_write(b) \

-		BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))

-/* These are normally used internally in BIOs */

-#define BIO_clear_retry_flags(b) \

-		BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))

-#define BIO_get_retry_flags(b) \

-		BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))

-/* These should be used by the application to tell why we should retry */

-#define BIO_should_read(a)		BIO_test_flags(a, BIO_FLAGS_READ)

-#define BIO_should_write(a)		BIO_test_flags(a, BIO_FLAGS_WRITE)

-#define BIO_should_io_special(a)	BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)

-#define BIO_retry_type(a)		BIO_test_flags(a, BIO_FLAGS_RWS)

-#define BIO_should_retry(a)		BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)

-/* The next three are used in conjunction with the

- * BIO_should_io_special() condition.  After this returns true,

- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO

- * stack and return the 'reason' for the special and the offending BIO.

- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */

-/* Returned from the SSL bio when the certificate retrieval code had an error */

-#define BIO_RR_SSL_X509_LOOKUP		0x01

-/* Returned from the connect BIO when a connect would have blocked */

-#define BIO_RR_CONNECT			0x02

-/* Returned from the accept BIO when an accept would have blocked */

-#define BIO_RR_ACCEPT			0x03

-/* These are passed by the BIO callback */

-#define BIO_CB_FREE	0x01

-#define BIO_CB_READ	0x02

-#define BIO_CB_WRITE	0x03

-#define BIO_CB_PUTS	0x04

-#define BIO_CB_GETS	0x05

-#define BIO_CB_CTRL	0x06

-/* The callback is called before and after the underling operation,

- * The BIO_CB_RETURN flag indicates if it is after the call */

-#define BIO_CB_RETURN	0x80

-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))

-#define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))

-#define BIO_cb_post(a)	((a)&BIO_CB_RETURN)

-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);

-void BIO_set_callback(BIO *b,

-	long (*callback)(struct bio_st *,int,const char *,int, long,long));

-char *BIO_get_callback_arg(const BIO *b);

-void BIO_set_callback_arg(BIO *b, char *arg);

-const char * BIO_method_name(const BIO *b);

-int BIO_method_type(const BIO *b);

-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);

-#ifndef OPENSSL_SYS_WIN16

-typedef struct bio_method_st

-	{

-	int type;

-	const char *name;

-	int (*bwrite)(BIO *, const char *, int);

-	int (*bread)(BIO *, char *, int);

-	int (*bputs)(BIO *, const char *);

-	int (*bgets)(BIO *, char *, int);

-	long (*ctrl)(BIO *, int, long, void *);

-	int (*create)(BIO *);

-	int (*destroy)(BIO *);

-        long (*callback_ctrl)(BIO *, int, bio_info_cb *);

-	} BIO_METHOD;

-#else

-typedef struct bio_method_st

-	{

-	int type;

-	const char *name;

-	int (_far *bwrite)();

-	int (_far *bread)();

-	int (_far *bputs)();

-	int (_far *bgets)();

-	long (_far *ctrl)();

-	int (_far *create)();

-	int (_far *destroy)();

-	long (_far *callback_ctrl)();

-	} BIO_METHOD;

-#endif

-struct bio_st

-	{

-	BIO_METHOD *method;

-	/* bio, mode, argp, argi, argl, ret */

-	long (*callback)(struct bio_st *,int,const char *,int, long,long);

-	char *cb_arg; /* first argument for the callback */

-	int init;

-	int shutdown;

-	int flags;	/* extra storage */

-	int retry_reason;

-	int num;

-	void *ptr;

-	struct bio_st *next_bio;	/* used by filter BIOs */

-	struct bio_st *prev_bio;	/* used by filter BIOs */

-	int references;

-	unsigned long num_read;

-	unsigned long num_write;

-	CRYPTO_EX_DATA ex_data;

-	};

-DECLARE_STACK_OF(BIO)

-typedef struct bio_f_buffer_ctx_struct

-	{

-	/* BIO *bio; */ /* this is now in the BIO struct */

-	int ibuf_size;	/* how big is the input buffer */

-	int obuf_size;	/* how big is the output buffer */

-	char *ibuf;		/* the char array */

-	int ibuf_len;		/* how many bytes are in it */

-	int ibuf_off;		/* write/read offset */

-	char *obuf;		/* the char array */

-	int obuf_len;		/* how many bytes are in it */

-	int obuf_off;		/* write/read offset */

-	} BIO_F_BUFFER_CTX;

-/* connect BIO stuff */

-#define BIO_CONN_S_BEFORE		1

-#define BIO_CONN_S_GET_IP		2

-#define BIO_CONN_S_GET_PORT		3

-#define BIO_CONN_S_CREATE_SOCKET	4

-#define BIO_CONN_S_CONNECT		5

-#define BIO_CONN_S_OK			6

-#define BIO_CONN_S_BLOCKED_CONNECT	7

-#define BIO_CONN_S_NBIO			8

-/*#define BIO_CONN_get_param_hostname	BIO_ctrl */

-#define BIO_C_SET_CONNECT			100

-#define BIO_C_DO_STATE_MACHINE			101

-#define BIO_C_SET_NBIO				102

-#define BIO_C_SET_PROXY_PARAM			103

-#define BIO_C_SET_FD				104

-#define BIO_C_GET_FD				105

-#define BIO_C_SET_FILE_PTR			106

-#define BIO_C_GET_FILE_PTR			107

-#define BIO_C_SET_FILENAME			108

-#define BIO_C_SET_SSL				109

-#define BIO_C_GET_SSL				110

-#define BIO_C_SET_MD				111

-#define BIO_C_GET_MD				112

-#define BIO_C_GET_CIPHER_STATUS			113

-#define BIO_C_SET_BUF_MEM			114

-#define BIO_C_GET_BUF_MEM_PTR			115

-#define BIO_C_GET_BUFF_NUM_LINES		116

-#define BIO_C_SET_BUFF_SIZE			117

-#define BIO_C_SET_ACCEPT			118

-#define BIO_C_SSL_MODE				119

-#define BIO_C_GET_MD_CTX			120

-#define BIO_C_GET_PROXY_PARAM			121

-#define BIO_C_SET_BUFF_READ_DATA		122 /* data to read first */

-#define BIO_C_GET_CONNECT			123

-#define BIO_C_GET_ACCEPT			124

-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125

-#define BIO_C_GET_SSL_NUM_RENEGOTIATES		126

-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127

-#define BIO_C_FILE_SEEK				128

-#define BIO_C_GET_CIPHER_CTX			129

-#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/

-#define BIO_C_SET_BIND_MODE			131

-#define BIO_C_GET_BIND_MODE			132

-#define BIO_C_FILE_TELL				133

-#define BIO_C_GET_SOCKS				134

-#define BIO_C_SET_SOCKS				135

-#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */

-#define BIO_C_GET_WRITE_BUF_SIZE		137

-#define BIO_C_MAKE_BIO_PAIR			138

-#define BIO_C_DESTROY_BIO_PAIR			139

-#define BIO_C_GET_WRITE_GUARANTEE		140

-#define BIO_C_GET_READ_REQUEST			141

-#define BIO_C_SHUTDOWN_WR			142

-#define BIO_C_NREAD0				143

-#define BIO_C_NREAD				144

-#define BIO_C_NWRITE0				145

-#define BIO_C_NWRITE				146

-#define BIO_C_RESET_READ_REQUEST		147

-#define BIO_C_SET_MD_CTX			148

-#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,arg)

-#define BIO_get_app_data(s)		BIO_get_ex_data(s,0)

-/* BIO_s_connect() and BIO_s_socks4a_connect() */

-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)

-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)

-#define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)

-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)

-#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)

-#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)

-#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)

-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)

-#define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)

-/* BIO_s_accept_socket() */

-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)

-#define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)

-/* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */

-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)

-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)

-#define BIO_BIND_NORMAL			0

-#define BIO_BIND_REUSEADDR_IF_UNUSED	1

-#define BIO_BIND_REUSEADDR		2

-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)

-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)

-#define BIO_do_connect(b)	BIO_do_handshake(b)

-#define BIO_do_accept(b)	BIO_do_handshake(b)

-#define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)

-/* BIO_s_proxy_client() */

-#define BIO_set_url(b,url)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))

-#define BIO_set_proxies(b,p)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))

-/* BIO_set_nbio(b,n) */

-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))

-/* BIO *BIO_get_filter_bio(BIO *bio); */

-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))

-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)

-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)

-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)

-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))

-#define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))

-#define BIO_get_no_connect_return(b)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)

-#define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)

-#define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)

-#define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)

-#define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)

-#define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)

-#define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)

-/* name is cast to lose const, but might be better to route through a function

-   so we can do it safely */

-#ifdef CONST_STRICT

-/* If you are wondering why this isn't defined, its because CONST_STRICT is

- * purely a compile-time kludge to allow const to be checked.

- */

-int BIO_read_filename(BIO *b,const char *name);

-#else

-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_READ,(char *)name)

-#endif

-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_WRITE,name)

-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_APPEND,name)

-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \

-		BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)

-/* WARNING WARNING, this ups the reference count on the read bio of the

- * SSL structure.  This is because the ssl read BIO is now pointed to by

- * the next_bio field in the bio.  So when you free the BIO, make sure

- * you are doing a BIO_free_all() to catch the underlying BIO. */

-#define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)

-#define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)

-#define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)

-#define BIO_set_ssl_renegotiate_bytes(b,num) \

-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);

-#define BIO_get_num_renegotiates(b) \

-	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);

-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \

-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);

-/* defined in evp.h */

-/* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */

-#define BIO_get_mem_data(b,pp)	BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)

-#define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)

-#define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)

-#define BIO_set_mem_eof_return(b,v) \

-				BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)

-/* For the BIO_f_buffer() type */

-#define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)

-#define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)

-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)

-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)

-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)

-/* Don't use the next one unless you know what you are doing :-) */

-#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))

-#define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)

-#define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)

-#define BIO_set_close(b,c)	(int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)

-#define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)

-#define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)

-#define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)

-/* ...pending macros have inappropriate return type */

-size_t BIO_ctrl_pending(BIO *b);

-size_t BIO_ctrl_wpending(BIO *b);

-#define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)

-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \

-						   cbp)

-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)

-/* For the BIO_f_buffer() type */

-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)

-/* For BIO_s_bio() */

-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)

-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)

-#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)

-#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)

-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)

-/* macros with inappropriate type -- but ...pending macros use int too: */

-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)

-#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)

-size_t BIO_ctrl_get_write_guarantee(BIO *b);

-size_t BIO_ctrl_get_read_request(BIO *b);

-int BIO_ctrl_reset_read_request(BIO *b);

-/* ctrl macros for dgram */

-#define BIO_ctrl_dgram_connect(b,peer)  \

-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)

-#define BIO_ctrl_set_connected(b, state, peer) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)

-#define BIO_dgram_recv_timedout(b) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)

-#define BIO_dgram_send_timedout(b) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)

-#define BIO_dgram_set_peer(b,peer) \

-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)

-/* These two aren't currently implemented */

-/* int BIO_get_ex_num(BIO *bio); */

-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */

-int BIO_set_ex_data(BIO *bio,int idx,void *data);

-void *BIO_get_ex_data(BIO *bio,int idx);

-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-unsigned long BIO_number_read(BIO *bio);

-unsigned long BIO_number_written(BIO *bio);

-# ifndef OPENSSL_NO_FP_API

-#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)

-BIO_METHOD *BIO_s_file_internal(void);

-BIO *BIO_new_file_internal(char *filename, char *mode);

-BIO *BIO_new_fp_internal(FILE *stream, int close_flag);

-#    define BIO_s_file	BIO_s_file_internal

-#    define BIO_new_file	BIO_new_file_internal

-#    define BIO_new_fp	BIO_new_fp_internal

-#  else /* FP_API */

-BIO_METHOD *BIO_s_file(void );

-BIO *BIO_new_file(const char *filename, const char *mode);

-BIO *BIO_new_fp(FILE *stream, int close_flag);

-#    define BIO_s_file_internal		BIO_s_file

-#    define BIO_new_file_internal	BIO_new_file

-#    define BIO_new_fp_internal		BIO_s_file

-#  endif /* FP_API */

-# endif

-BIO *	BIO_new(BIO_METHOD *type);

-int	BIO_set(BIO *a,BIO_METHOD *type);

-int	BIO_free(BIO *a);

-void	BIO_vfree(BIO *a);

-int	BIO_read(BIO *b, void *data, int len);

-int	BIO_gets(BIO *bp,char *buf, int size);

-int	BIO_write(BIO *b, const void *data, int len);

-int	BIO_puts(BIO *bp,const char *buf);

-int	BIO_indent(BIO *b,int indent,int max);

-long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);

-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));

-char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);

-long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);

-BIO *	BIO_push(BIO *b,BIO *append);

-BIO *	BIO_pop(BIO *b);

-void	BIO_free_all(BIO *a);

-BIO *	BIO_find_type(BIO *b,int bio_type);

-BIO *	BIO_next(BIO *b);

-BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);

-int	BIO_get_retry_reason(BIO *bio);

-BIO *	BIO_dup_chain(BIO *in);

-int BIO_nread0(BIO *bio, char **buf);

-int BIO_nread(BIO *bio, char **buf, int num);

-int BIO_nwrite0(BIO *bio, char **buf);

-int BIO_nwrite(BIO *bio, char **buf, int num);

-#ifndef OPENSSL_SYS_WIN16

-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,

-	long argl,long ret);

-#else

-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,

-	long argl,long ret);

-#endif

-BIO_METHOD *BIO_s_mem(void);

-BIO *BIO_new_mem_buf(void *buf, int len);

-BIO_METHOD *BIO_s_socket(void);

-BIO_METHOD *BIO_s_connect(void);

-BIO_METHOD *BIO_s_accept(void);

-BIO_METHOD *BIO_s_fd(void);

-#ifndef OPENSSL_SYS_OS2

-BIO_METHOD *BIO_s_log(void);

-#endif

-BIO_METHOD *BIO_s_bio(void);

-BIO_METHOD *BIO_s_null(void);

-BIO_METHOD *BIO_f_null(void);

-BIO_METHOD *BIO_f_buffer(void);

-#ifdef OPENSSL_SYS_VMS

-BIO_METHOD *BIO_f_linebuffer(void);

-#endif

-BIO_METHOD *BIO_f_nbio_test(void);

-#ifndef OPENSSL_NO_DGRAM

-BIO_METHOD *BIO_s_datagram(void);

-#endif

-/* BIO_METHOD *BIO_f_ber(void); */

-int BIO_sock_should_retry(int i);

-int BIO_sock_non_fatal_error(int error);

-int BIO_dgram_non_fatal_error(int error);

-int BIO_fd_should_retry(int i);

-int BIO_fd_non_fatal_error(int error);

-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),

-		void *u, const char *s, int len);

-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),

-		       void *u, const char *s, int len, int indent);

-int BIO_dump(BIO *b,const char *bytes,int len);

-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);

-#ifndef OPENSSL_NO_FP_API

-int BIO_dump_fp(FILE *fp, const char *s, int len);

-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);

-#endif

-struct hostent *BIO_gethostbyname(const char *name);

-/* We might want a thread-safe interface too:

- * struct hostent *BIO_gethostbyname_r(const char *name,

- *     struct hostent *result, void *buffer, size_t buflen);

- * or something similar (caller allocates a struct hostent,

- * pointed to by "result", and additional buffer space for the various

- * substructures; if the buffer does not suffice, NULL is returned

- * and an appropriate error code is set).

- */

-int BIO_sock_error(int sock);

-int BIO_socket_ioctl(int fd, long type, void *arg);

-int BIO_socket_nbio(int fd,int mode);

-int BIO_get_port(const char *str, unsigned short *port_ptr);

-int BIO_get_host_ip(const char *str, unsigned char *ip);

-int BIO_get_accept_socket(char *host_port,int mode);

-int BIO_accept(int sock,char **ip_port);

-int BIO_sock_init(void );

-void BIO_sock_cleanup(void);

-int BIO_set_tcp_ndelay(int sock,int turn_on);

-BIO *BIO_new_socket(int sock, int close_flag);

-BIO *BIO_new_dgram(int fd, int close_flag);

-BIO *BIO_new_fd(int fd, int close_flag);

-BIO *BIO_new_connect(char *host_port);

-BIO *BIO_new_accept(char *host_port);

-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,

-	BIO **bio2, size_t writebuf2);

-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.

- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.

- * Size 0 uses default value.

- */

-void BIO_copy_next_retry(BIO *b);

-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/

-#ifdef __GNUC__

-#  define __bio_h__attr__ __attribute__

-#else

-#  define __bio_h__attr__(x)

-#endif

-int BIO_printf(BIO *bio, const char *format, ...)

-	__bio_h__attr__((__format__(__printf__,2,3)));

-int BIO_vprintf(BIO *bio, const char *format, va_list args)

-	__bio_h__attr__((__format__(__printf__,2,0)));

-int BIO_snprintf(char *buf, size_t n, const char *format, ...)

-	__bio_h__attr__((__format__(__printf__,3,4)));

-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)

-	__bio_h__attr__((__format__(__printf__,3,0)));

-#undef __bio_h__attr__

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_BIO_strings(void);

-/* Error codes for the BIO functions. */

-/* Function codes. */

-#define BIO_F_ACPT_STATE				 100

-#define BIO_F_BIO_ACCEPT				 101

-#define BIO_F_BIO_BER_GET_HEADER			 102

-#define BIO_F_BIO_CALLBACK_CTRL				 131

-#define BIO_F_BIO_CTRL					 103

-#define BIO_F_BIO_GETHOSTBYNAME				 120

-#define BIO_F_BIO_GETS					 104

-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105

-#define BIO_F_BIO_GET_HOST_IP				 106

-#define BIO_F_BIO_GET_PORT				 107

-#define BIO_F_BIO_MAKE_PAIR				 121

-#define BIO_F_BIO_NEW					 108

-#define BIO_F_BIO_NEW_FILE				 109

-#define BIO_F_BIO_NEW_MEM_BUF				 126

-#define BIO_F_BIO_NREAD					 123

-#define BIO_F_BIO_NREAD0				 124

-#define BIO_F_BIO_NWRITE				 125

-#define BIO_F_BIO_NWRITE0				 122

-#define BIO_F_BIO_PUTS					 110

-#define BIO_F_BIO_READ					 111

-#define BIO_F_BIO_SOCK_INIT				 112

-#define BIO_F_BIO_WRITE					 113

-#define BIO_F_BUFFER_CTRL				 114

-#define BIO_F_CONN_CTRL					 127

-#define BIO_F_CONN_STATE				 115

-#define BIO_F_FILE_CTRL					 116

-#define BIO_F_FILE_READ					 130

-#define BIO_F_LINEBUFFER_CTRL				 129

-#define BIO_F_MEM_READ					 128

-#define BIO_F_MEM_WRITE					 117

-#define BIO_F_SSL_NEW					 118

-#define BIO_F_WSASTARTUP				 119

-/* Reason codes. */

-#define BIO_R_ACCEPT_ERROR				 100

-#define BIO_R_BAD_FOPEN_MODE				 101

-#define BIO_R_BAD_HOSTNAME_LOOKUP			 102

-#define BIO_R_BROKEN_PIPE				 124

-#define BIO_R_CONNECT_ERROR				 103

-#define BIO_R_EOF_ON_MEMORY_BIO				 127

-#define BIO_R_ERROR_SETTING_NBIO			 104

-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105

-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106

-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107

-#define BIO_R_INVALID_ARGUMENT				 125

-#define BIO_R_INVALID_IP_ADDRESS			 108

-#define BIO_R_IN_USE					 123

-#define BIO_R_KEEPALIVE					 109

-#define BIO_R_NBIO_CONNECT_ERROR			 110

-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111

-#define BIO_R_NO_HOSTNAME_SPECIFIED			 112

-#define BIO_R_NO_PORT_DEFINED				 113

-#define BIO_R_NO_PORT_SPECIFIED				 114

-#define BIO_R_NO_SUCH_FILE				 128

-#define BIO_R_NULL_PARAMETER				 115

-#define BIO_R_TAG_MISMATCH				 116

-#define BIO_R_UNABLE_TO_BIND_SOCKET			 117

-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118

-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119

-#define BIO_R_UNINITIALIZED				 120

-#define BIO_R_UNSUPPORTED_METHOD			 121

-#define BIO_R_WRITE_TO_READ_ONLY_BIO			 126

-#define BIO_R_WSASTARTUP				 122

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bio/bio_cb.c

+++ /dev/null

@@ -1,139 +1,0 @@

-/* crypto/bio/bio_cb.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <openssl/err.h>

-long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,

-	     int argi, long argl, long ret)

-	{

-	BIO *b;

-	MS_STATIC char buf[256];

-	char *p;

-	long r=1;

-	size_t p_maxlen;

-	if (BIO_CB_RETURN & cmd)

-		r=ret;

-	BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);

-	p= &(buf[14]);

-	p_maxlen = sizeof buf - 14;

-	switch (cmd)

-		{

-	case BIO_CB_FREE:

-		BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);

-		break;

-	case BIO_CB_READ:

-		if (bio->method->type & BIO_TYPE_DESCRIPTOR)

-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",

-				 bio->num,argi,bio->method->name,bio->num);

-		else

-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",

-				 bio->num,argi,bio->method->name);

-		break;

-	case BIO_CB_WRITE:

-		if (bio->method->type & BIO_TYPE_DESCRIPTOR)

-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",

-				 bio->num,argi,bio->method->name,bio->num);

-		else

-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",

-				 bio->num,argi,bio->method->name);

-		break;

-	case BIO_CB_PUTS:

-		BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);

-		break;

-	case BIO_CB_GETS:

-		BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);

-		break;

-	case BIO_CB_CTRL:

-		BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);

-		break;

-	case BIO_CB_RETURN|BIO_CB_READ:

-		BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);

-		break;

-	case BIO_CB_RETURN|BIO_CB_WRITE:

-		BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);

-		break;

-	case BIO_CB_RETURN|BIO_CB_GETS:

-		BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);

-		break;

-	case BIO_CB_RETURN|BIO_CB_PUTS:

-		BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);

-		break;

-	case BIO_CB_RETURN|BIO_CB_CTRL:

-		BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);

-		break;

-	default:

-		BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);

-		break;

-		}

-	b=(BIO *)bio->cb_arg;

-	if (b != NULL)

-		BIO_write(b,buf,strlen(buf));

-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)

-	else

-		fputs(buf,stderr);

-#endif

-	return(r);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bio_err.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* crypto/bio/bio_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/bio.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)

-static ERR_STRING_DATA BIO_str_functs[]=

-	{

-{ERR_FUNC(BIO_F_ACPT_STATE),	"ACPT_STATE"},

-{ERR_FUNC(BIO_F_BIO_ACCEPT),	"BIO_accept"},

-{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),	"BIO_BER_GET_HEADER"},

-{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL),	"BIO_callback_ctrl"},

-{ERR_FUNC(BIO_F_BIO_CTRL),	"BIO_ctrl"},

-{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),	"BIO_gethostbyname"},

-{ERR_FUNC(BIO_F_BIO_GETS),	"BIO_gets"},

-{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET),	"BIO_get_accept_socket"},

-{ERR_FUNC(BIO_F_BIO_GET_HOST_IP),	"BIO_get_host_ip"},

-{ERR_FUNC(BIO_F_BIO_GET_PORT),	"BIO_get_port"},

-{ERR_FUNC(BIO_F_BIO_MAKE_PAIR),	"BIO_MAKE_PAIR"},

-{ERR_FUNC(BIO_F_BIO_NEW),	"BIO_new"},

-{ERR_FUNC(BIO_F_BIO_NEW_FILE),	"BIO_new_file"},

-{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF),	"BIO_new_mem_buf"},

-{ERR_FUNC(BIO_F_BIO_NREAD),	"BIO_nread"},

-{ERR_FUNC(BIO_F_BIO_NREAD0),	"BIO_nread0"},

-{ERR_FUNC(BIO_F_BIO_NWRITE),	"BIO_nwrite"},

-{ERR_FUNC(BIO_F_BIO_NWRITE0),	"BIO_nwrite0"},

-{ERR_FUNC(BIO_F_BIO_PUTS),	"BIO_puts"},

-{ERR_FUNC(BIO_F_BIO_READ),	"BIO_read"},

-{ERR_FUNC(BIO_F_BIO_SOCK_INIT),	"BIO_sock_init"},

-{ERR_FUNC(BIO_F_BIO_WRITE),	"BIO_write"},

-{ERR_FUNC(BIO_F_BUFFER_CTRL),	"BUFFER_CTRL"},

-{ERR_FUNC(BIO_F_CONN_CTRL),	"CONN_CTRL"},

-{ERR_FUNC(BIO_F_CONN_STATE),	"CONN_STATE"},

-{ERR_FUNC(BIO_F_FILE_CTRL),	"FILE_CTRL"},

-{ERR_FUNC(BIO_F_FILE_READ),	"FILE_READ"},

-{ERR_FUNC(BIO_F_LINEBUFFER_CTRL),	"LINEBUFFER_CTRL"},

-{ERR_FUNC(BIO_F_MEM_READ),	"MEM_READ"},

-{ERR_FUNC(BIO_F_MEM_WRITE),	"MEM_WRITE"},

-{ERR_FUNC(BIO_F_SSL_NEW),	"SSL_new"},

-{ERR_FUNC(BIO_F_WSASTARTUP),	"WSASTARTUP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA BIO_str_reasons[]=

-	{

-{ERR_REASON(BIO_R_ACCEPT_ERROR)          ,"accept error"},

-{ERR_REASON(BIO_R_BAD_FOPEN_MODE)        ,"bad fopen mode"},

-{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP)   ,"bad hostname lookup"},

-{ERR_REASON(BIO_R_BROKEN_PIPE)           ,"broken pipe"},

-{ERR_REASON(BIO_R_CONNECT_ERROR)         ,"connect error"},

-{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO)     ,"EOF on memory BIO"},

-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO)    ,"error setting nbio"},

-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},

-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},

-{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},

-{ERR_REASON(BIO_R_INVALID_ARGUMENT)      ,"invalid argument"},

-{ERR_REASON(BIO_R_INVALID_IP_ADDRESS)    ,"invalid ip address"},

-{ERR_REASON(BIO_R_IN_USE)                ,"in use"},

-{ERR_REASON(BIO_R_KEEPALIVE)             ,"keepalive"},

-{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR)    ,"nbio connect error"},

-{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},

-{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},

-{ERR_REASON(BIO_R_NO_PORT_DEFINED)       ,"no port defined"},

-{ERR_REASON(BIO_R_NO_PORT_SPECIFIED)     ,"no port specified"},

-{ERR_REASON(BIO_R_NO_SUCH_FILE)          ,"no such file"},

-{ERR_REASON(BIO_R_NULL_PARAMETER)        ,"null parameter"},

-{ERR_REASON(BIO_R_TAG_MISMATCH)          ,"tag mismatch"},

-{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},

-{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},

-{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},

-{ERR_REASON(BIO_R_UNINITIALIZED)         ,"uninitialized"},

-{ERR_REASON(BIO_R_UNSUPPORTED_METHOD)    ,"unsupported method"},

-{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},

-{ERR_REASON(BIO_R_WSASTARTUP)            ,"WSAStartup"},

-{0,NULL}

-	};

-#endif

-void ERR_load_BIO_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,BIO_str_functs);

-		ERR_load_strings(0,BIO_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bio_lcl.h

+++ /dev/null

@@ -1,28 +1,0 @@

-#include <openssl/bio.h>

-#if BIO_FLAGS_UPLINK==0

-/* Shortcut UPLINK calls on most platforms... */

-#define	UP_stdin	stdin

-#define	UP_stdout	stdout

-#define	UP_stderr	stderr

-#define	UP_fprintf	fprintf

-#define	UP_fgets	fgets

-#define	UP_fread	fread

-#define	UP_fwrite	fwrite

-#undef	UP_fsetmod

-#define	UP_feof		feof

-#define	UP_fclose	fclose

-#define	UP_fopen	fopen

-#define	UP_fseek	fseek

-#define	UP_ftell	ftell

-#define	UP_fflush	fflush

-#define	UP_ferror	ferror

-#define	UP_fileno	fileno

-#define	UP_open		open

-#define	UP_read		read

-#define	UP_write	write

-#define	UP_lseek	lseek

-#define	UP_close	close

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bio/bio_lib.c

+++ /dev/null

@@ -1,602 +1,0 @@

-/* crypto/bio/bio_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <openssl/stack.h>

-BIO *BIO_new(BIO_METHOD *method)

-	{

-	BIO *ret=NULL;

-	ret=(BIO *)OPENSSL_malloc(sizeof(BIO));

-	if (ret == NULL)

-		{

-		BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	if (!BIO_set(ret,method))

-		{

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-int BIO_set(BIO *bio, BIO_METHOD *method)

-	{

-	bio->method=method;

-	bio->callback=NULL;

-	bio->cb_arg=NULL;

-	bio->init=0;

-	bio->shutdown=1;

-	bio->flags=0;

-	bio->retry_reason=0;

-	bio->num=0;

-	bio->ptr=NULL;

-	bio->prev_bio=NULL;

-	bio->next_bio=NULL;

-	bio->references=1;

-	bio->num_read=0L;

-	bio->num_write=0L;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);

-	if (method->create != NULL)

-		if (!method->create(bio))

-			{

-			CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,

-					&bio->ex_data);

-			return(0);

-			}

-	return(1);

-	}

-int BIO_free(BIO *a)

-	{

-	int ret=0,i;

-	if (a == NULL) return(0);

-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);

-#ifdef REF_PRINT

-	REF_PRINT("BIO",a);

-#endif

-	if (i > 0) return(1);

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"BIO_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if ((a->callback != NULL) &&

-		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))

-			return(i);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);

-	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);

-	ret=a->method->destroy(a);

-	OPENSSL_free(a);

-	return(1);

-	}

-void BIO_vfree(BIO *a)

-    { BIO_free(a); }

-void BIO_clear_flags(BIO *b, int flags)

-	{

-	b->flags &= ~flags;

-	}

-int	BIO_test_flags(const BIO *b, int flags)

-	{

-	return (b->flags & flags);

-	}

-void	BIO_set_flags(BIO *b, int flags)

-	{

-	b->flags |= flags;

-	}

-long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)

-	{

-	return b->callback;

-	}

-void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))

-	{

-	b->callback = cb;

-	}

-void BIO_set_callback_arg(BIO *b, char *arg)

-	{

-	b->cb_arg = arg;

-	}

-char * BIO_get_callback_arg(const BIO *b)

-	{

-	return b->cb_arg;

-	}

-const char * BIO_method_name(const BIO *b)

-	{

-	return b->method->name;

-	}

-int BIO_method_type(const BIO *b)

-	{

-	return b->method->type;

-	}

-int BIO_read(BIO *b, void *out, int outl)

-	{

-	int i;

-	long (*cb)(BIO *,int,const char *,int,long,long);

-	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))

-		{

-		BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);

-		return(-2);

-		}

-	cb=b->callback;

-	if ((cb != NULL) &&

-		((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))

-			return(i);

-	if (!b->init)

-		{

-		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);

-		return(-2);

-		}

-	i=b->method->bread(b,out,outl);

-	if (i > 0) b->num_read+=(unsigned long)i;

-	if (cb != NULL)

-		i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,

-			0L,(long)i);

-	return(i);

-	}

-int BIO_write(BIO *b, const void *in, int inl)

-	{

-	int i;

-	long (*cb)(BIO *,int,const char *,int,long,long);

-	if (b == NULL)

-		return(0);

-	cb=b->callback;

-	if ((b->method == NULL) || (b->method->bwrite == NULL))

-		{

-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);

-		return(-2);

-		}

-	if ((cb != NULL) &&

-		((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))

-			return(i);

-	if (!b->init)

-		{

-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);

-		return(-2);

-		}

-	i=b->method->bwrite(b,in,inl);

-	if (i > 0) b->num_write+=(unsigned long)i;

-	if (cb != NULL)

-		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,

-			0L,(long)i);

-	return(i);

-	}

-int BIO_puts(BIO *b, const char *in)

-	{

-	int i;

-	long (*cb)(BIO *,int,const char *,int,long,long);

-	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))

-		{

-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);

-		return(-2);

-		}

-	cb=b->callback;

-	if ((cb != NULL) &&

-		((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))

-			return(i);

-	if (!b->init)

-		{

-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);

-		return(-2);

-		}

-	i=b->method->bputs(b,in);

-	if (i > 0) b->num_write+=(unsigned long)i;

-	if (cb != NULL)

-		i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,

-			0L,(long)i);

-	return(i);

-	}

-int BIO_gets(BIO *b, char *in, int inl)

-	{

-	int i;

-	long (*cb)(BIO *,int,const char *,int,long,long);

-	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))

-		{

-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);

-		return(-2);

-		}

-	cb=b->callback;

-	if ((cb != NULL) &&

-		((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))

-			return(i);

-	if (!b->init)

-		{

-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);

-		return(-2);

-		}

-	i=b->method->bgets(b,in,inl);

-	if (cb != NULL)

-		i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,

-			0L,(long)i);

-	return(i);

-	}

-int BIO_indent(BIO *b,int indent,int max)

-	{

-	if(indent < 0)

-		indent=0;

-	if(indent > max)

-		indent=max;

-	while(indent--)

-		if(BIO_puts(b," ") != 1)

-			return 0;

-	return 1;

-	}

-long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)

-	{

-	int i;

-	i=iarg;

-	return(BIO_ctrl(b,cmd,larg,(char *)&i));

-	}

-char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)

-	{

-	char *p=NULL;

-	if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)

-		return(NULL);

-	else

-		return(p);

-	}

-long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)

-	{

-	long ret;

-	long (*cb)(BIO *,int,const char *,int,long,long);

-	if (b == NULL) return(0);

-	if ((b->method == NULL) || (b->method->ctrl == NULL))

-		{

-		BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);

-		return(-2);

-		}

-	cb=b->callback;

-	if ((cb != NULL) &&

-		((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))

-		return(ret);

-	ret=b->method->ctrl(b,cmd,larg,parg);

-	if (cb != NULL)

-		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,

-			larg,ret);

-	return(ret);

-	}

-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))

-	{

-	long ret;

-	long (*cb)(BIO *,int,const char *,int,long,long);

-	if (b == NULL) return(0);

-	if ((b->method == NULL) || (b->method->callback_ctrl == NULL))

-		{

-		BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD);

-		return(-2);

-		}

-	cb=b->callback;

-	if ((cb != NULL) &&

-		((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))

-		return(ret);

-	ret=b->method->callback_ctrl(b,cmd,fp);

-	if (cb != NULL)

-		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,

-			0,ret);

-	return(ret);

-	}

-/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros

- * do; but those macros have inappropriate return type, and for interfacing

- * from other programming languages, C macros aren't much of a help anyway. */

-size_t BIO_ctrl_pending(BIO *bio)

-	{

-	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);

-	}

-size_t BIO_ctrl_wpending(BIO *bio)

-	{

-	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);

-	}

-/* put the 'bio' on the end of b's list of operators */

-BIO *BIO_push(BIO *b, BIO *bio)

-	{

-	BIO *lb;

-	if (b == NULL) return(bio);

-	lb=b;

-	while (lb->next_bio != NULL)

-		lb=lb->next_bio;

-	lb->next_bio=bio;

-	if (bio != NULL)

-		bio->prev_bio=lb;

-	/* called to do internal processing */

-	BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);

-	return(b);

-	}

-/* Remove the first and return the rest */

-BIO *BIO_pop(BIO *b)

-	{

-	BIO *ret;

-	if (b == NULL) return(NULL);

-	ret=b->next_bio;

-	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);

-	if (b->prev_bio != NULL)

-		b->prev_bio->next_bio=b->next_bio;

-	if (b->next_bio != NULL)

-		b->next_bio->prev_bio=b->prev_bio;

-	b->next_bio=NULL;

-	b->prev_bio=NULL;

-	return(ret);

-	}

-BIO *BIO_get_retry_BIO(BIO *bio, int *reason)

-	{

-	BIO *b,*last;

-	b=last=bio;

-	for (;;)

-		{

-		if (!BIO_should_retry(b)) break;

-		last=b;

-		b=b->next_bio;

-		if (b == NULL) break;

-		}

-	if (reason != NULL) *reason=last->retry_reason;

-	return(last);

-	}

-int BIO_get_retry_reason(BIO *bio)

-	{

-	return(bio->retry_reason);

-	}

-BIO *BIO_find_type(BIO *bio, int type)

-	{

-	int mt,mask;

-	if(!bio) return NULL;

-	mask=type&0xff;

-	do	{

-		if (bio->method != NULL)

-			{

-			mt=bio->method->type;

-			if (!mask)

-				{

-				if (mt & type) return(bio);

-				}

-			else if (mt == type)

-				return(bio);

-			}

-		bio=bio->next_bio;

-		} while (bio != NULL);

-	return(NULL);

-	}

-BIO *BIO_next(BIO *b)

-	{

-	if(!b) return NULL;

-	return b->next_bio;

-	}

-void BIO_free_all(BIO *bio)

-	{

-	BIO *b;

-	int ref;

-	while (bio != NULL)

-		{

-		b=bio;

-		ref=b->references;

-		bio=bio->next_bio;

-		BIO_free(b);

-		/* Since ref count > 1, don't free anyone else. */

-		if (ref > 1) break;

-		}

-	}

-BIO *BIO_dup_chain(BIO *in)

-	{

-	BIO *ret=NULL,*eoc=NULL,*bio,*new;

-	for (bio=in; bio != NULL; bio=bio->next_bio)

-		{

-		if ((new=BIO_new(bio->method)) == NULL) goto err;

-		new->callback=bio->callback;

-		new->cb_arg=bio->cb_arg;

-		new->init=bio->init;

-		new->shutdown=bio->shutdown;

-		new->flags=bio->flags;

-		/* This will let SSL_s_sock() work with stdin/stdout */

-		new->num=bio->num;

-		if (!BIO_dup_state(bio,(char *)new))

-			{

-			BIO_free(new);

-			goto err;

-			}

-		/* copy app data */

-		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,

-					&bio->ex_data))

-			goto err;

-		if (ret == NULL)

-			{

-			eoc=new;

-			ret=eoc;

-			}

-		else

-			{

-			BIO_push(eoc,new);

-			eoc=new;

-			}

-		}

-	return(ret);

-err:

-	if (ret != NULL)

-		BIO_free(ret);

-	return(NULL);

-	}

-void BIO_copy_next_retry(BIO *b)

-	{

-	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));

-	b->retry_reason=b->next_bio->retry_reason;

-	}

-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-	{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,

-				new_func, dup_func, free_func);

-	}

-int BIO_set_ex_data(BIO *bio, int idx, void *data)

-	{

-	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));

-	}

-void *BIO_get_ex_data(BIO *bio, int idx)

-	{

-	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));

-	}

-unsigned long BIO_number_read(BIO *bio)

-{

-	if(bio) return bio->num_read;

-	return 0;

-}

-unsigned long BIO_number_written(BIO *bio)

-{

-	if(bio) return bio->num_write;

-	return 0;

-}

-IMPLEMENT_STACK_OF(BIO)

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_acpt.c

+++ /dev/null

@@ -1,479 +1,0 @@

-/* crypto/bio/bss_acpt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#ifndef OPENSSL_NO_SOCK

-#ifdef OPENSSL_SYS_WIN16

-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */

-#else

-#define SOCKET_PROTOCOL IPPROTO_TCP

-#endif

-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)

-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */

-#undef FIONBIO

-#endif

-typedef struct bio_accept_st

-	{

-	int state;

-	char *param_addr;

-	int accept_sock;

-	int accept_nbio;

-	char *addr;

-	int nbio;

-	/* If 0, it means normal, if 1, do a connect on bind failure,

-	 * and if there is no-one listening, bind with SO_REUSEADDR.

-	 * If 2, always use SO_REUSEADDR. */

-	int bind_mode;

-	BIO *bio_chain;

-	} BIO_ACCEPT;

-static int acpt_write(BIO *h, const char *buf, int num);

-static int acpt_read(BIO *h, char *buf, int size);

-static int acpt_puts(BIO *h, const char *str);

-static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int acpt_new(BIO *h);

-static int acpt_free(BIO *data);

-static int acpt_state(BIO *b, BIO_ACCEPT *c);

-static void acpt_close_socket(BIO *data);

-BIO_ACCEPT *BIO_ACCEPT_new(void );

-void BIO_ACCEPT_free(BIO_ACCEPT *a);

-#define ACPT_S_BEFORE			1

-#define ACPT_S_GET_ACCEPT_SOCKET	2

-#define ACPT_S_OK			3

-static BIO_METHOD methods_acceptp=

-	{

-	BIO_TYPE_ACCEPT,

-	"socket accept",

-	acpt_write,

-	acpt_read,

-	acpt_puts,

-	NULL, /* connect_gets, */

-	acpt_ctrl,

-	acpt_new,

-	acpt_free,

-	NULL,

-	};

-BIO_METHOD *BIO_s_accept(void)

-	{

-	return(&methods_acceptp);

-	}

-static int acpt_new(BIO *bi)

-	{

-	BIO_ACCEPT *ba;

-	bi->init=0;

-	bi->num=INVALID_SOCKET;

-	bi->flags=0;

-	if ((ba=BIO_ACCEPT_new()) == NULL)

-		return(0);

-	bi->ptr=(char *)ba;

-	ba->state=ACPT_S_BEFORE;

-	bi->shutdown=1;

-	return(1);

-	}

-BIO_ACCEPT *BIO_ACCEPT_new(void)

-	{

-	BIO_ACCEPT *ret;

-	if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)

-		return(NULL);

-	memset(ret,0,sizeof(BIO_ACCEPT));

-	ret->accept_sock=INVALID_SOCKET;

-	ret->bind_mode=BIO_BIND_NORMAL;

-	return(ret);

-	}

-void BIO_ACCEPT_free(BIO_ACCEPT *a)

-	{

-	if(a == NULL)

-	    return;

-	if (a->param_addr != NULL) OPENSSL_free(a->param_addr);

-	if (a->addr != NULL) OPENSSL_free(a->addr);

-	if (a->bio_chain != NULL) BIO_free(a->bio_chain);

-	OPENSSL_free(a);

-	}

-static void acpt_close_socket(BIO *bio)

-	{

-	BIO_ACCEPT *c;

-	c=(BIO_ACCEPT *)bio->ptr;

-	if (c->accept_sock != INVALID_SOCKET)

-		{

-		shutdown(c->accept_sock,2);

-		closesocket(c->accept_sock);

-		c->accept_sock=INVALID_SOCKET;

-		bio->num=INVALID_SOCKET;

-		}

-	}

-static int acpt_free(BIO *a)

-	{

-	BIO_ACCEPT *data;

-	if (a == NULL) return(0);

-	data=(BIO_ACCEPT *)a->ptr;

-	if (a->shutdown)

-		{

-		acpt_close_socket(a);

-		BIO_ACCEPT_free(data);

-		a->ptr=NULL;

-		a->flags=0;

-		a->init=0;

-		}

-	return(1);

-	}

-static int acpt_state(BIO *b, BIO_ACCEPT *c)

-	{

-	BIO *bio=NULL,*dbio;

-	int s= -1;

-	int i;

-again:

-	switch (c->state)

-		{

-	case ACPT_S_BEFORE:

-		if (c->param_addr == NULL)

-			{

-			BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);

-			return(-1);

-			}

-		s=BIO_get_accept_socket(c->param_addr,c->bind_mode);

-		if (s == INVALID_SOCKET)

-			return(-1);

-		if (c->accept_nbio)

-			{

-			if (!BIO_socket_nbio(s,1))

-				{

-				closesocket(s);

-				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);

-				return(-1);

-				}

-			}

-		c->accept_sock=s;

-		b->num=s;

-		c->state=ACPT_S_GET_ACCEPT_SOCKET;

-		return(1);

-		/* break; */

-	case ACPT_S_GET_ACCEPT_SOCKET:

-		if (b->next_bio != NULL)

-			{

-			c->state=ACPT_S_OK;

-			goto again;

-			}

-		BIO_clear_retry_flags(b);

-		b->retry_reason=0;

-		i=BIO_accept(c->accept_sock,&(c->addr));

-		/* -2 return means we should retry */

-		if(i == -2)

-			{

-			BIO_set_retry_special(b);

-			b->retry_reason=BIO_RR_ACCEPT;

-			return -1;

-			}

-		if (i < 0) return(i);

-		bio=BIO_new_socket(i,BIO_CLOSE);

-		if (bio == NULL) goto err;

-		BIO_set_callback(bio,BIO_get_callback(b));

-		BIO_set_callback_arg(bio,BIO_get_callback_arg(b));

-		if (c->nbio)

-			{

-			if (!BIO_socket_nbio(i,1))

-				{

-				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);

-				goto err;

-				}

-			}

-		/* If the accept BIO has an bio_chain, we dup it and

-		 * put the new socket at the end. */

-		if (c->bio_chain != NULL)

-			{

-			if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)

-				goto err;

-			if (!BIO_push(dbio,bio)) goto err;

-			bio=dbio;

-			}

-		if (BIO_push(b,bio) == NULL) goto err;

-		c->state=ACPT_S_OK;

-		return(1);

-err:

-		if (bio != NULL)

-			BIO_free(bio);

-		else if (s >= 0)

-			closesocket(s);

-		return(0);

-		/* break; */

-	case ACPT_S_OK:

-		if (b->next_bio == NULL)

-			{

-			c->state=ACPT_S_GET_ACCEPT_SOCKET;

-			goto again;

-			}

-		return(1);

-		/* break; */

-	default:

-		return(0);

-		/* break; */

-		}

-	}

-static int acpt_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	BIO_ACCEPT *data;

-	BIO_clear_retry_flags(b);

-	data=(BIO_ACCEPT *)b->ptr;

-	while (b->next_bio == NULL)

-		{

-		ret=acpt_state(b,data);

-		if (ret <= 0) return(ret);

-		}

-	ret=BIO_read(b->next_bio,out,outl);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static int acpt_write(BIO *b, const char *in, int inl)

-	{

-	int ret;

-	BIO_ACCEPT *data;

-	BIO_clear_retry_flags(b);

-	data=(BIO_ACCEPT *)b->ptr;

-	while (b->next_bio == NULL)

-		{

-		ret=acpt_state(b,data);

-		if (ret <= 0) return(ret);

-		}

-	ret=BIO_write(b->next_bio,in,inl);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO *dbio;

-	int *ip;

-	long ret=1;

-	BIO_ACCEPT *data;

-	char **pp;

-	data=(BIO_ACCEPT *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ret=0;

-		data->state=ACPT_S_BEFORE;

-		acpt_close_socket(b);

-		b->flags=0;

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		/* use this one to start the connection */

-		ret=(long)acpt_state(b,data);

-		break;

-	case BIO_C_SET_ACCEPT:

-		if (ptr != NULL)

-			{

-			if (num == 0)

-				{

-				b->init=1;

-				if (data->param_addr != NULL)

-					OPENSSL_free(data->param_addr);

-				data->param_addr=BUF_strdup(ptr);

-				}

-			else if (num == 1)

-				{

-				data->accept_nbio=(ptr != NULL);

-				}

-			else if (num == 2)

-				{

-				if (data->bio_chain != NULL)

-					BIO_free(data->bio_chain);

-				data->bio_chain=(BIO *)ptr;

-				}

-			}

-		break;

-	case BIO_C_SET_NBIO:

-		data->nbio=(int)num;

-		break;

-	case BIO_C_SET_FD:

-		b->init=1;

-		b->num= *((int *)ptr);

-		data->accept_sock=b->num;

-		data->state=ACPT_S_GET_ACCEPT_SOCKET;

-		b->shutdown=(int)num;

-		b->init=1;

-		break;

-	case BIO_C_GET_FD:

-		if (b->init)

-			{

-			ip=(int *)ptr;

-			if (ip != NULL)

-				*ip=data->accept_sock;

-			ret=data->accept_sock;

-			}

-		else

-			ret= -1;

-		break;

-	case BIO_C_GET_ACCEPT:

-		if (b->init)

-			{

-			if (ptr != NULL)

-				{

-				pp=(char **)ptr;

-				*pp=data->param_addr;

-				}

-			else

-				ret= -1;

-			}

-		else

-			ret= -1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-		ret=0;

-		break;

-	case BIO_CTRL_FLUSH:

-		break;

-	case BIO_C_SET_BIND_MODE:

-		data->bind_mode=(int)num;

-		break;

-	case BIO_C_GET_BIND_MODE:

-		ret=(long)data->bind_mode;

-		break;

-	case BIO_CTRL_DUP:

-		dbio=(BIO *)ptr;

-/*		if (data->param_port) EAY EAY

-			BIO_set_port(dbio,data->param_port);

-		if (data->param_hostname)

-			BIO_set_hostname(dbio,data->param_hostname);

-		BIO_set_nbio(dbio,data->nbio); */

-		break;

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int acpt_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=acpt_write(bp,str,n);

-	return(ret);

-	}

-BIO *BIO_new_accept(char *str)

-	{

-	BIO *ret;

-	ret=BIO_new(BIO_s_accept());

-	if (ret == NULL) return(NULL);

-	if (BIO_set_accept_port(ret,str))

-		return(ret);

-	else

-		{

-		BIO_free(ret);

-		return(NULL);

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_bio.c

+++ /dev/null

@@ -1,924 +1,0 @@

-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Special method for a BIO where the other endpoint is also a BIO

- * of this kind, handled by the same thread (i.e. the "peer" is actually

- * ourselves, wearing a different hat).

- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces

- * for which no specific BIO method is available.

- * See ssl/ssltest.c for some hints on how this can be used. */

-/* BIO_DEBUG implies BIO_PAIR_DEBUG */

-#ifdef BIO_DEBUG

-# ifndef BIO_PAIR_DEBUG

-#  define BIO_PAIR_DEBUG

-# endif

-#endif

-/* disable assert() unless BIO_PAIR_DEBUG has been defined */

-#ifndef BIO_PAIR_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <limits.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/crypto.h>

-#include "e_os.h"

-/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */

-#if defined(OPENSSL_SYS_VXWORKS)

-# undef SSIZE_MAX

-#endif

-#ifndef SSIZE_MAX

-# define SSIZE_MAX INT_MAX

-#endif

-static int bio_new(BIO *bio);

-static int bio_free(BIO *bio);

-static int bio_read(BIO *bio, char *buf, int size);

-static int bio_write(BIO *bio, const char *buf, int num);

-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);

-static int bio_puts(BIO *bio, const char *str);

-static int bio_make_pair(BIO *bio1, BIO *bio2);

-static void bio_destroy_pair(BIO *bio);

-static BIO_METHOD methods_biop =

-{

-	BIO_TYPE_BIO,

-	"BIO pair",

-	bio_write,

-	bio_read,

-	bio_puts,

-	NULL /* no bio_gets */,

-	bio_ctrl,

-	bio_new,

-	bio_free,

-	NULL /* no bio_callback_ctrl */

-};

-BIO_METHOD *BIO_s_bio(void)

-	{

-	return &methods_biop;

-	}

-struct bio_bio_st

-{

-	BIO *peer;     /* NULL if buf == NULL.

-	                * If peer != NULL, then peer->ptr is also a bio_bio_st,

-	                * and its "peer" member points back to us.

-	                * peer != NULL iff init != 0 in the BIO. */

-	/* This is for what we write (i.e. reading uses peer's struct): */

-	int closed;     /* valid iff peer != NULL */

-	size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */

-	size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */

-	size_t size;

-	char *buf;      /* "size" elements (if != NULL) */

-	size_t request; /* valid iff peer != NULL; 0 if len != 0,

-	                 * otherwise set by peer to number of bytes

-	                 * it (unsuccessfully) tried to read,

-	                 * never more than buffer space (size-len) warrants. */

-};

-static int bio_new(BIO *bio)

-	{

-	struct bio_bio_st *b;

-	b = OPENSSL_malloc(sizeof *b);

-	if (b == NULL)

-		return 0;

-	b->peer = NULL;

-	b->size = 17*1024; /* enough for one TLS record (just a default) */

-	b->buf = NULL;

-	bio->ptr = b;

-	return 1;

-	}

-static int bio_free(BIO *bio)

-	{

-	struct bio_bio_st *b;

-	if (bio == NULL)

-		return 0;

-	b = bio->ptr;

-	assert(b != NULL);

-	if (b->peer)

-		bio_destroy_pair(bio);

-	if (b->buf != NULL)

-		{

-		OPENSSL_free(b->buf);

-		}

-	OPENSSL_free(b);

-	return 1;

-	}

-static int bio_read(BIO *bio, char *buf, int size_)

-	{

-	size_t size = size_;

-	size_t rest;

-	struct bio_bio_st *b, *peer_b;

-	BIO_clear_retry_flags(bio);

-	if (!bio->init)

-		return 0;

-	b = bio->ptr;

-	assert(b != NULL);

-	assert(b->peer != NULL);

-	peer_b = b->peer->ptr;

-	assert(peer_b != NULL);

-	assert(peer_b->buf != NULL);

-	peer_b->request = 0; /* will be set in "retry_read" situation */

-	if (buf == NULL || size == 0)

-		return 0;

-	if (peer_b->len == 0)

-		{

-		if (peer_b->closed)

-			return 0; /* writer has closed, and no data is left */

-		else

-			{

-			BIO_set_retry_read(bio); /* buffer is empty */

-			if (size <= peer_b->size)

-				peer_b->request = size;

-			else

-				/* don't ask for more than the peer can

-				 * deliver in one write */

-				peer_b->request = peer_b->size;

-			return -1;

-			}

-		}

-	/* we can read */

-	if (peer_b->len < size)

-		size = peer_b->len;

-	/* now read "size" bytes */

-	rest = size;

-	assert(rest > 0);

-	do /* one or two iterations */

-		{

-		size_t chunk;

-		assert(rest <= peer_b->len);

-		if (peer_b->offset + rest <= peer_b->size)

-			chunk = rest;

-		else

-			/* wrap around ring buffer */

-			chunk = peer_b->size - peer_b->offset;

-		assert(peer_b->offset + chunk <= peer_b->size);

-		memcpy(buf, peer_b->buf + peer_b->offset, chunk);

-		peer_b->len -= chunk;

-		if (peer_b->len)

-			{

-			peer_b->offset += chunk;

-			assert(peer_b->offset <= peer_b->size);

-			if (peer_b->offset == peer_b->size)

-				peer_b->offset = 0;

-			buf += chunk;

-			}

-		else

-			{

-			/* buffer now empty, no need to advance "buf" */

-			assert(chunk == rest);

-			peer_b->offset = 0;

-			}

-		rest -= chunk;

-		}

-	while (rest);

-	return size;

-	}

-/* non-copying interface: provide pointer to available data in buffer

- *    bio_nread0:  return number of available bytes

- *    bio_nread:   also advance index

- * (example usage:  bio_nread0(), read from buffer, bio_nread()

- *  or just         bio_nread(), read from buffer)

- */

-/* WARNING: The non-copying interface is largely untested as of yet

- * and may contain bugs. */

-static ssize_t bio_nread0(BIO *bio, char **buf)

-	{

-	struct bio_bio_st *b, *peer_b;

-	ssize_t num;

-	BIO_clear_retry_flags(bio);

-	if (!bio->init)

-		return 0;

-	b = bio->ptr;

-	assert(b != NULL);

-	assert(b->peer != NULL);

-	peer_b = b->peer->ptr;

-	assert(peer_b != NULL);

-	assert(peer_b->buf != NULL);

-	peer_b->request = 0;

-	if (peer_b->len == 0)

-		{

-		char dummy;

-		/* avoid code duplication -- nothing available for reading */

-		return bio_read(bio, &dummy, 1); /* returns 0 or -1 */

-		}

-	num = peer_b->len;

-	if (peer_b->size < peer_b->offset + num)

-		/* no ring buffer wrap-around for non-copying interface */

-		num = peer_b->size - peer_b->offset;

-	assert(num > 0);

-	if (buf != NULL)

-		*buf = peer_b->buf + peer_b->offset;

-	return num;

-	}

-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)

-	{

-	struct bio_bio_st *b, *peer_b;

-	ssize_t num, available;

-	if (num_ > SSIZE_MAX)

-		num = SSIZE_MAX;

-	else

-		num = (ssize_t)num_;

-	available = bio_nread0(bio, buf);

-	if (num > available)

-		num = available;

-	if (num <= 0)

-		return num;

-	b = bio->ptr;

-	peer_b = b->peer->ptr;

-	peer_b->len -= num;

-	if (peer_b->len)

-		{

-		peer_b->offset += num;

-		assert(peer_b->offset <= peer_b->size);

-		if (peer_b->offset == peer_b->size)

-			peer_b->offset = 0;

-		}

-	else

-		peer_b->offset = 0;

-	return num;

-	}

-static int bio_write(BIO *bio, const char *buf, int num_)

-	{

-	size_t num = num_;

-	size_t rest;

-	struct bio_bio_st *b;

-	BIO_clear_retry_flags(bio);

-	if (!bio->init || buf == NULL || num == 0)

-		return 0;

-	b = bio->ptr;

-	assert(b != NULL);

-	assert(b->peer != NULL);

-	assert(b->buf != NULL);

-	b->request = 0;

-	if (b->closed)

-		{

-		/* we already closed */

-		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);

-		return -1;

-		}

-	assert(b->len <= b->size);

-	if (b->len == b->size)

-		{

-		BIO_set_retry_write(bio); /* buffer is full */

-		return -1;

-		}

-	/* we can write */

-	if (num > b->size - b->len)

-		num = b->size - b->len;

-	/* now write "num" bytes */

-	rest = num;

-	assert(rest > 0);

-	do /* one or two iterations */

-		{

-		size_t write_offset;

-		size_t chunk;

-		assert(b->len + rest <= b->size);

-		write_offset = b->offset + b->len;

-		if (write_offset >= b->size)

-			write_offset -= b->size;

-		/* b->buf[write_offset] is the first byte we can write to. */

-		if (write_offset + rest <= b->size)

-			chunk = rest;

-		else

-			/* wrap around ring buffer */

-			chunk = b->size - write_offset;

-		memcpy(b->buf + write_offset, buf, chunk);

-		b->len += chunk;

-		assert(b->len <= b->size);

-		rest -= chunk;

-		buf += chunk;

-		}

-	while (rest);

-	return num;

-	}

-/* non-copying interface: provide pointer to region to write to

- *   bio_nwrite0:  check how much space is available

- *   bio_nwrite:   also increase length

- * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()

- *  or just         bio_nwrite(), write to buffer)

- */

-static ssize_t bio_nwrite0(BIO *bio, char **buf)

-	{

-	struct bio_bio_st *b;

-	size_t num;

-	size_t write_offset;

-	BIO_clear_retry_flags(bio);

-	if (!bio->init)

-		return 0;

-	b = bio->ptr;

-	assert(b != NULL);

-	assert(b->peer != NULL);

-	assert(b->buf != NULL);

-	b->request = 0;

-	if (b->closed)

-		{

-		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);

-		return -1;

-		}

-	assert(b->len <= b->size);

-	if (b->len == b->size)

-		{

-		BIO_set_retry_write(bio);

-		return -1;

-		}

-	num = b->size - b->len;

-	write_offset = b->offset + b->len;

-	if (write_offset >= b->size)

-		write_offset -= b->size;

-	if (write_offset + num > b->size)

-		/* no ring buffer wrap-around for non-copying interface

-		 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,

-		 * BIO_nwrite may have to be called twice) */

-		num = b->size - write_offset;

-	if (buf != NULL)

-		*buf = b->buf + write_offset;

-	assert(write_offset + num <= b->size);

-	return num;

-	}

-static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)

-	{

-	struct bio_bio_st *b;

-	ssize_t num, space;

-	if (num_ > SSIZE_MAX)

-		num = SSIZE_MAX;

-	else

-		num = (ssize_t)num_;

-	space = bio_nwrite0(bio, buf);

-	if (num > space)

-		num = space;

-	if (num <= 0)

-		return num;

-	b = bio->ptr;

-	assert(b != NULL);

-	b->len += num;

-	assert(b->len <= b->size);

-	return num;

-	}

-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)

-	{

-	long ret;

-	struct bio_bio_st *b = bio->ptr;

-	assert(b != NULL);

-	switch (cmd)

-		{

-	/* specific CTRL codes */

-	case BIO_C_SET_WRITE_BUF_SIZE:

-		if (b->peer)

-			{

-			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);

-			ret = 0;

-			}

-		else if (num == 0)

-			{

-			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);

-			ret = 0;

-			}

-		else

-			{

-			size_t new_size = num;

-			if (b->size != new_size)

-				{

-				if (b->buf)

-					{

-					OPENSSL_free(b->buf);

-					b->buf = NULL;

-					}

-				b->size = new_size;

-				}

-			ret = 1;

-			}

-		break;

-	case BIO_C_GET_WRITE_BUF_SIZE:

-		ret = (long) b->size;

-		break;

-	case BIO_C_MAKE_BIO_PAIR:

-		{

-		BIO *other_bio = ptr;

-		if (bio_make_pair(bio, other_bio))

-			ret = 1;

-		else

-			ret = 0;

-		}

-		break;

-	case BIO_C_DESTROY_BIO_PAIR:

-		/* Affects both BIOs in the pair -- call just once!

-		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */

-		bio_destroy_pair(bio);

-		ret = 1;

-		break;

-	case BIO_C_GET_WRITE_GUARANTEE:

-		/* How many bytes can the caller feed to the next write

-		 * without having to keep any? */

-		if (b->peer == NULL || b->closed)

-			ret = 0;

-		else

-			ret = (long) b->size - b->len;

-		break;

-	case BIO_C_GET_READ_REQUEST:

-		/* If the peer unsuccessfully tried to read, how many bytes

-		 * were requested?  (As with BIO_CTRL_PENDING, that number

-		 * can usually be treated as boolean.) */

-		ret = (long) b->request;

-		break;

-	case BIO_C_RESET_READ_REQUEST:

-		/* Reset request.  (Can be useful after read attempts

-		 * at the other side that are meant to be non-blocking,

-		 * e.g. when probing SSL_read to see if any data is

-		 * available.) */

-		b->request = 0;

-		ret = 1;

-		break;

-	case BIO_C_SHUTDOWN_WR:

-		/* similar to shutdown(..., SHUT_WR) */

-		b->closed = 1;

-		ret = 1;

-		break;

-	case BIO_C_NREAD0:

-		/* prepare for non-copying read */

-		ret = (long) bio_nread0(bio, ptr);

-		break;

-	case BIO_C_NREAD:

-		/* non-copying read */

-		ret = (long) bio_nread(bio, ptr, (size_t) num);

-		break;

-	case BIO_C_NWRITE0:

-		/* prepare for non-copying write */

-		ret = (long) bio_nwrite0(bio, ptr);

-		break;

-	case BIO_C_NWRITE:

-		/* non-copying write */

-		ret = (long) bio_nwrite(bio, ptr, (size_t) num);

-		break;

-	/* standard CTRL codes follow */

-	case BIO_CTRL_RESET:

-		if (b->buf != NULL)

-			{

-			b->len = 0;

-			b->offset = 0;

-			}

-		ret = 0;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret = bio->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		bio->shutdown = (int) num;

-		ret = 1;

-		break;

-	case BIO_CTRL_PENDING:

-		if (b->peer != NULL)

-			{

-			struct bio_bio_st *peer_b = b->peer->ptr;

-			ret = (long) peer_b->len;

-			}

-		else

-			ret = 0;

-		break;

-	case BIO_CTRL_WPENDING:

-		if (b->buf != NULL)

-			ret = (long) b->len;

-		else

-			ret = 0;

-		break;

-	case BIO_CTRL_DUP:

-		/* See BIO_dup_chain for circumstances we have to expect. */

-		{

-		BIO *other_bio = ptr;

-		struct bio_bio_st *other_b;

-		assert(other_bio != NULL);

-		other_b = other_bio->ptr;

-		assert(other_b != NULL);

-		assert(other_b->buf == NULL); /* other_bio is always fresh */

-		other_b->size = b->size;

-		}

-		ret = 1;

-		break;

-	case BIO_CTRL_FLUSH:

-		ret = 1;

-		break;

-	case BIO_CTRL_EOF:

-		{

-		BIO *other_bio = ptr;

-		if (other_bio)

-			{

-			struct bio_bio_st *other_b = other_bio->ptr;

-			assert(other_b != NULL);

-			ret = other_b->len == 0 && other_b->closed;

-			}

-		else

-			ret = 1;

-		}

-		break;

-	default:

-		ret = 0;

-		}

-	return ret;

-	}

-static int bio_puts(BIO *bio, const char *str)

-	{

-	return bio_write(bio, str, strlen(str));

-	}

-static int bio_make_pair(BIO *bio1, BIO *bio2)

-	{

-	struct bio_bio_st *b1, *b2;

-	assert(bio1 != NULL);

-	assert(bio2 != NULL);

-	b1 = bio1->ptr;

-	b2 = bio2->ptr;

-	if (b1->peer != NULL || b2->peer != NULL)

-		{

-		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);

-		return 0;

-		}

-	if (b1->buf == NULL)

-		{

-		b1->buf = OPENSSL_malloc(b1->size);

-		if (b1->buf == NULL)

-			{

-			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		b1->len = 0;

-		b1->offset = 0;

-		}

-	if (b2->buf == NULL)

-		{

-		b2->buf = OPENSSL_malloc(b2->size);

-		if (b2->buf == NULL)

-			{

-			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		b2->len = 0;

-		b2->offset = 0;

-		}

-	b1->peer = bio2;

-	b1->closed = 0;

-	b1->request = 0;

-	b2->peer = bio1;

-	b2->closed = 0;

-	b2->request = 0;

-	bio1->init = 1;

-	bio2->init = 1;

-	return 1;

-	}

-static void bio_destroy_pair(BIO *bio)

-	{

-	struct bio_bio_st *b = bio->ptr;

-	if (b != NULL)

-		{

-		BIO *peer_bio = b->peer;

-		if (peer_bio != NULL)

-			{

-			struct bio_bio_st *peer_b = peer_bio->ptr;

-			assert(peer_b != NULL);

-			assert(peer_b->peer == bio);

-			peer_b->peer = NULL;

-			peer_bio->init = 0;

-			assert(peer_b->buf != NULL);

-			peer_b->len = 0;

-			peer_b->offset = 0;

-			b->peer = NULL;

-			bio->init = 0;

-			assert(b->buf != NULL);

-			b->len = 0;

-			b->offset = 0;

-			}

-		}

-	}

-/* Exported convenience functions */

-int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,

-	BIO **bio2_p, size_t writebuf2)

-	 {

-	 BIO *bio1 = NULL, *bio2 = NULL;

-	 long r;

-	 int ret = 0;

-	 bio1 = BIO_new(BIO_s_bio());

-	 if (bio1 == NULL)

-		 goto err;

-	 bio2 = BIO_new(BIO_s_bio());

-	 if (bio2 == NULL)

-		 goto err;

-	 if (writebuf1)

-		 {

-		 r = BIO_set_write_buf_size(bio1, writebuf1);

-		 if (!r)

-			 goto err;

-		 }

-	 if (writebuf2)

-		 {

-		 r = BIO_set_write_buf_size(bio2, writebuf2);

-		 if (!r)

-			 goto err;

-		 }

-	 r = BIO_make_bio_pair(bio1, bio2);

-	 if (!r)

-		 goto err;

-	 ret = 1;

- err:

-	 if (ret == 0)

-		 {

-		 if (bio1)

-			 {

-			 BIO_free(bio1);

-			 bio1 = NULL;

-			 }

-		 if (bio2)

-			 {

-			 BIO_free(bio2);

-			 bio2 = NULL;

-			 }

-		 }

-	 *bio1_p = bio1;

-	 *bio2_p = bio2;

-	 return ret;

-	 }

-size_t BIO_ctrl_get_write_guarantee(BIO *bio)

-	{

-	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);

-	}

-size_t BIO_ctrl_get_read_request(BIO *bio)

-	{

-	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);

-	}

-int BIO_ctrl_reset_read_request(BIO *bio)

-	{

-	return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);

-	}

-/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now

- * (conceivably some other BIOs could allow non-copying reads and writes too.)

- */

-int BIO_nread0(BIO *bio, char **buf)

-	{

-	long ret;

-	if (!bio->init)

-		{

-		BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);

-		return -2;

-		}

-	ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);

-	if (ret > INT_MAX)

-		return INT_MAX;

-	else

-		return (int) ret;

-	}

-int BIO_nread(BIO *bio, char **buf, int num)

-	{

-	int ret;

-	if (!bio->init)

-		{

-		BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);

-		return -2;

-		}

-	ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);

-	if (ret > 0)

-		bio->num_read += ret;

-	return ret;

-	}

-int BIO_nwrite0(BIO *bio, char **buf)

-	{

-	long ret;

-	if (!bio->init)

-		{

-		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);

-		return -2;

-		}

-	ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);

-	if (ret > INT_MAX)

-		return INT_MAX;

-	else

-		return (int) ret;

-	}

-int BIO_nwrite(BIO *bio, char **buf, int num)

-	{

-	int ret;

-	if (!bio->init)

-		{

-		BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);

-		return -2;

-		}

-	ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);

-	if (ret > 0)

-		bio->num_read += ret;

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_conn.c

+++ /dev/null

@@ -1,652 +1,0 @@

-/* crypto/bio/bss_conn.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#ifndef OPENSSL_NO_SOCK

-#ifdef OPENSSL_SYS_WIN16

-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */

-#else

-#define SOCKET_PROTOCOL IPPROTO_TCP

-#endif

-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)

-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */

-#undef FIONBIO

-#endif

-typedef struct bio_connect_st

-	{

-	int state;

-	char *param_hostname;

-	char *param_port;

-	int nbio;

-	unsigned char ip[4];

-	unsigned short port;

-	struct sockaddr_in them;

-	/* int socket; this will be kept in bio->num so that it is

-	 * compatible with the bss_sock bio */

-	/* called when the connection is initially made

-	 *  callback(BIO,state,ret);  The callback should return

-	 * 'ret'.  state is for compatibility with the ssl info_callback */

-	int (*info_callback)(const BIO *bio,int state,int ret);

-	} BIO_CONNECT;

-static int conn_write(BIO *h, const char *buf, int num);

-static int conn_read(BIO *h, char *buf, int size);

-static int conn_puts(BIO *h, const char *str);

-static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int conn_new(BIO *h);

-static int conn_free(BIO *data);

-static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);

-static int conn_state(BIO *b, BIO_CONNECT *c);

-static void conn_close_socket(BIO *data);

-BIO_CONNECT *BIO_CONNECT_new(void );

-void BIO_CONNECT_free(BIO_CONNECT *a);

-static BIO_METHOD methods_connectp=

-	{

-	BIO_TYPE_CONNECT,

-	"socket connect",

-	conn_write,

-	conn_read,

-	conn_puts,

-	NULL, /* connect_gets, */

-	conn_ctrl,

-	conn_new,

-	conn_free,

-	conn_callback_ctrl,

-	};

-static int conn_state(BIO *b, BIO_CONNECT *c)

-	{

-	int ret= -1,i;

-	unsigned long l;

-	char *p,*q;

-	int (*cb)(const BIO *,int,int)=NULL;

-	if (c->info_callback != NULL)

-		cb=c->info_callback;

-	for (;;)

-		{

-		switch (c->state)

-			{

-		case BIO_CONN_S_BEFORE:

-			p=c->param_hostname;

-			if (p == NULL)

-				{

-				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);

-				goto exit_loop;

-				}

-			for ( ; *p != '\0'; p++)

-				{

-				if ((*p == ':') || (*p == '/')) break;

-				}

-			i= *p;

-			if ((i == ':') || (i == '/'))

-				{

-				*(p++)='\0';

-				if (i == ':')

-					{

-					for (q=p; *q; q++)

-						if (*q == '/')

-							{

-							*q='\0';

-							break;

-							}

-					if (c->param_port != NULL)

-						OPENSSL_free(c->param_port);

-					c->param_port=BUF_strdup(p);

-					}

-				}

-			if (c->param_port == NULL)

-				{

-				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);

-				ERR_add_error_data(2,"host=",c->param_hostname);

-				goto exit_loop;

-				}

-			c->state=BIO_CONN_S_GET_IP;

-			break;

-		case BIO_CONN_S_GET_IP:

-			if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)

-				goto exit_loop;

-			c->state=BIO_CONN_S_GET_PORT;

-			break;

-		case BIO_CONN_S_GET_PORT:

-			if (c->param_port == NULL)

-				{

-				/* abort(); */

-				goto exit_loop;

-				}

-			else if (BIO_get_port(c->param_port,&c->port) <= 0)

-				goto exit_loop;

-			c->state=BIO_CONN_S_CREATE_SOCKET;

-			break;

-		case BIO_CONN_S_CREATE_SOCKET:

-			/* now setup address */

-			memset((char *)&c->them,0,sizeof(c->them));

-			c->them.sin_family=AF_INET;

-			c->them.sin_port=htons((unsigned short)c->port);

-			l=(unsigned long)

-				((unsigned long)c->ip[0]<<24L)|

-				((unsigned long)c->ip[1]<<16L)|

-				((unsigned long)c->ip[2]<< 8L)|

-				((unsigned long)c->ip[3]);

-			c->them.sin_addr.s_addr=htonl(l);

-			c->state=BIO_CONN_S_CREATE_SOCKET;

-			ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);

-			if (ret == INVALID_SOCKET)

-				{

-				SYSerr(SYS_F_SOCKET,get_last_socket_error());

-				ERR_add_error_data(4,"host=",c->param_hostname,

-					":",c->param_port);

-				BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);

-				goto exit_loop;

-				}

-			b->num=ret;

-			c->state=BIO_CONN_S_NBIO;

-			break;

-		case BIO_CONN_S_NBIO:

-			if (c->nbio)

-				{

-				if (!BIO_socket_nbio(b->num,1))

-					{

-					BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);

-					ERR_add_error_data(4,"host=",

-						c->param_hostname,

-						":",c->param_port);

-					goto exit_loop;

-					}

-				}

-			c->state=BIO_CONN_S_CONNECT;

-#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)

-			i=1;

-			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));

-			if (i < 0)

-				{

-				SYSerr(SYS_F_SOCKET,get_last_socket_error());

-				ERR_add_error_data(4,"host=",c->param_hostname,

-					":",c->param_port);

-				BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);

-				goto exit_loop;

-				}

-#endif

-			break;

-		case BIO_CONN_S_CONNECT:

-			BIO_clear_retry_flags(b);

-			ret=connect(b->num,

-				(struct sockaddr *)&c->them,

-				sizeof(c->them));

-			b->retry_reason=0;

-			if (ret < 0)

-				{

-				if (BIO_sock_should_retry(ret))

-					{

-					BIO_set_retry_special(b);

-					c->state=BIO_CONN_S_BLOCKED_CONNECT;

-					b->retry_reason=BIO_RR_CONNECT;

-					}

-				else

-					{

-					SYSerr(SYS_F_CONNECT,get_last_socket_error());

-					ERR_add_error_data(4,"host=",

-						c->param_hostname,

-						":",c->param_port);

-					BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);

-					}

-				goto exit_loop;

-				}

-			else

-				c->state=BIO_CONN_S_OK;

-			break;

-		case BIO_CONN_S_BLOCKED_CONNECT:

-			i=BIO_sock_error(b->num);

-			if (i)

-				{

-				BIO_clear_retry_flags(b);

-				SYSerr(SYS_F_CONNECT,i);

-				ERR_add_error_data(4,"host=",

-					c->param_hostname,

-					":",c->param_port);

-				BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);

-				ret=0;

-				goto exit_loop;

-				}

-			else

-				c->state=BIO_CONN_S_OK;

-			break;

-		case BIO_CONN_S_OK:

-			ret=1;

-			goto exit_loop;

-		default:

-			/* abort(); */

-			goto exit_loop;

-			}

-		if (cb != NULL)

-			{

-			if (!(ret=cb((BIO *)b,c->state,ret)))

-				goto end;

-			}

-		}

-	/* Loop does not exit */

-exit_loop:

-	if (cb != NULL)

-		ret=cb((BIO *)b,c->state,ret);

-end:

-	return(ret);

-	}

-BIO_CONNECT *BIO_CONNECT_new(void)

-	{

-	BIO_CONNECT *ret;

-	if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)

-		return(NULL);

-	ret->state=BIO_CONN_S_BEFORE;

-	ret->param_hostname=NULL;

-	ret->param_port=NULL;

-	ret->info_callback=NULL;

-	ret->nbio=0;

-	ret->ip[0]=0;

-	ret->ip[1]=0;

-	ret->ip[2]=0;

-	ret->ip[3]=0;

-	ret->port=0;

-	memset((char *)&ret->them,0,sizeof(ret->them));

-	return(ret);

-	}

-void BIO_CONNECT_free(BIO_CONNECT *a)

-	{

-	if(a == NULL)

-	    return;

-	if (a->param_hostname != NULL)

-		OPENSSL_free(a->param_hostname);

-	if (a->param_port != NULL)

-		OPENSSL_free(a->param_port);

-	OPENSSL_free(a);

-	}

-BIO_METHOD *BIO_s_connect(void)

-	{

-	return(&methods_connectp);

-	}

-static int conn_new(BIO *bi)

-	{

-	bi->init=0;

-	bi->num=INVALID_SOCKET;

-	bi->flags=0;

-	if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)

-		return(0);

-	else

-		return(1);

-	}

-static void conn_close_socket(BIO *bio)

-	{

-	BIO_CONNECT *c;

-	c=(BIO_CONNECT *)bio->ptr;

-	if (bio->num != INVALID_SOCKET)

-		{

-		/* Only do a shutdown if things were established */

-		if (c->state == BIO_CONN_S_OK)

-			shutdown(bio->num,2);

-		closesocket(bio->num);

-		bio->num=INVALID_SOCKET;

-		}

-	}

-static int conn_free(BIO *a)

-	{

-	BIO_CONNECT *data;

-	if (a == NULL) return(0);

-	data=(BIO_CONNECT *)a->ptr;

-	if (a->shutdown)

-		{

-		conn_close_socket(a);

-		BIO_CONNECT_free(data);

-		a->ptr=NULL;

-		a->flags=0;

-		a->init=0;

-		}

-	return(1);

-	}

-static int conn_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	BIO_CONNECT *data;

-	data=(BIO_CONNECT *)b->ptr;

-	if (data->state != BIO_CONN_S_OK)

-		{

-		ret=conn_state(b,data);

-		if (ret <= 0)

-				return(ret);

-		}

-	if (out != NULL)

-		{

-		clear_socket_error();

-		ret=readsocket(b->num,out,outl);

-		BIO_clear_retry_flags(b);

-		if (ret <= 0)

-			{

-			if (BIO_sock_should_retry(ret))

-				BIO_set_retry_read(b);

-			}

-		}

-	return(ret);

-	}

-static int conn_write(BIO *b, const char *in, int inl)

-	{

-	int ret;

-	BIO_CONNECT *data;

-	data=(BIO_CONNECT *)b->ptr;

-	if (data->state != BIO_CONN_S_OK)

-		{

-		ret=conn_state(b,data);

-		if (ret <= 0) return(ret);

-		}

-	clear_socket_error();

-	ret=writesocket(b->num,in,inl);

-	BIO_clear_retry_flags(b);

-	if (ret <= 0)

-		{

-		if (BIO_sock_should_retry(ret))

-			BIO_set_retry_write(b);

-		}

-	return(ret);

-	}

-static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO *dbio;

-	int *ip;

-	const char **pptr;

-	long ret=1;

-	BIO_CONNECT *data;

-	data=(BIO_CONNECT *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ret=0;

-		data->state=BIO_CONN_S_BEFORE;

-		conn_close_socket(b);

-		b->flags=0;

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		/* use this one to start the connection */

-		if (data->state != BIO_CONN_S_OK)

-			ret=(long)conn_state(b,data);

-		else

-			ret=1;

-		break;

-	case BIO_C_GET_CONNECT:

-		if (ptr != NULL)

-			{

-			pptr=(const char **)ptr;

-			if (num == 0)

-				{

-				*pptr=data->param_hostname;

-				}

-			else if (num == 1)

-				{

-				*pptr=data->param_port;

-				}

-			else if (num == 2)

-				{

-				*pptr= (char *)&(data->ip[0]);

-				}

-			else if (num == 3)

-				{

-				*((int *)ptr)=data->port;

-				}

-			if ((!b->init) || (ptr == NULL))

-				*pptr="not initialized";

-			ret=1;

-			}

-		break;

-	case BIO_C_SET_CONNECT:

-		if (ptr != NULL)

-			{

-			b->init=1;

-			if (num == 0)

-				{

-				if (data->param_hostname != NULL)

-					OPENSSL_free(data->param_hostname);

-				data->param_hostname=BUF_strdup(ptr);

-				}

-			else if (num == 1)

-				{

-				if (data->param_port != NULL)

-					OPENSSL_free(data->param_port);

-				data->param_port=BUF_strdup(ptr);

-				}

-			else if (num == 2)

-				{

-				char buf[16];

-				unsigned char *p = ptr;

-				BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",

-					     p[0],p[1],p[2],p[3]);

-				if (data->param_hostname != NULL)

-					OPENSSL_free(data->param_hostname);

-				data->param_hostname=BUF_strdup(buf);

-				memcpy(&(data->ip[0]),ptr,4);

-				}

-			else if (num == 3)

-				{

-				char buf[DECIMAL_SIZE(int)+1];

-				BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);

-				if (data->param_port != NULL)

-					OPENSSL_free(data->param_port);

-				data->param_port=BUF_strdup(buf);

-				data->port= *(int *)ptr;

-				}

-			}

-		break;

-	case BIO_C_SET_NBIO:

-		data->nbio=(int)num;

-		break;

-	case BIO_C_GET_FD:

-		if (b->init)

-			{

-			ip=(int *)ptr;

-			if (ip != NULL)

-				*ip=b->num;

-			ret=b->num;

-			}

-		else

-			ret= -1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-		ret=0;

-		break;

-	case BIO_CTRL_FLUSH:

-		break;

-	case BIO_CTRL_DUP:

-		{

-		dbio=(BIO *)ptr;

-		if (data->param_port)

-			BIO_set_conn_port(dbio,data->param_port);

-		if (data->param_hostname)

-			BIO_set_conn_hostname(dbio,data->param_hostname);

-		BIO_set_nbio(dbio,data->nbio);

-		/* FIXME: the cast of the function seems unlikely to be a good idea */

-                (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);

-		}

-		break;

-	case BIO_CTRL_SET_CALLBACK:

-		{

-#if 0 /* FIXME: Should this be used?  -- Richard Levitte */

-		BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		ret = -1;

-#else

-		ret=0;

-#endif

-		}

-		break;

-	case BIO_CTRL_GET_CALLBACK:

-		{

-		int (**fptr)(const BIO *bio,int state,int xret);

-		fptr=(int (**)(const BIO *bio,int state,int xret))ptr;

-		*fptr=data->info_callback;

-		}

-		break;

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	BIO_CONNECT *data;

-	data=(BIO_CONNECT *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_SET_CALLBACK:

-		{

-		data->info_callback=(int (*)(const struct bio_st *, int, int))fp;

-		}

-		break;

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int conn_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=conn_write(bp,str,n);

-	return(ret);

-	}

-BIO *BIO_new_connect(char *str)

-	{

-	BIO *ret;

-	ret=BIO_new(BIO_s_connect());

-	if (ret == NULL) return(NULL);

-	if (BIO_set_conn_hostname(ret,str))

-		return(ret);

-	else

-		{

-		BIO_free(ret);

-		return(NULL);

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_dgram.c

+++ /dev/null

@@ -1,484 +1,0 @@

-/* crypto/bio/bio_dgram.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef OPENSSL_NO_DGRAM

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#define IP_MTU      14 /* linux is lame */

-#ifdef WATT32

-#define sock_write SockWrite  /* Watt-32 uses same names */

-#define sock_read  SockRead

-#define sock_puts  SockPuts

-#endif

-static int dgram_write(BIO *h, const char *buf, int num);

-static int dgram_read(BIO *h, char *buf, int size);

-static int dgram_puts(BIO *h, const char *str);

-static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int dgram_new(BIO *h);

-static int dgram_free(BIO *data);

-static int dgram_clear(BIO *bio);

-int BIO_dgram_should_retry(int s);

-static BIO_METHOD methods_dgramp=

-	{

-	BIO_TYPE_DGRAM,

-	"datagram socket",

-	dgram_write,

-	dgram_read,

-	dgram_puts,

-	NULL, /* dgram_gets, */

-	dgram_ctrl,

-	dgram_new,

-	dgram_free,

-	NULL,

-	};

-typedef struct bio_dgram_data_st

-	{

-	struct sockaddr peer;

-	unsigned int connected;

-	unsigned int _errno;

-	unsigned int mtu;

-	} bio_dgram_data;

-BIO_METHOD *BIO_s_datagram(void)

-	{

-	return(&methods_dgramp);

-	}

-BIO *BIO_new_dgram(int fd, int close_flag)

-	{

-	BIO *ret;

-	ret=BIO_new(BIO_s_datagram());

-	if (ret == NULL) return(NULL);

-	BIO_set_fd(ret,fd,close_flag);

-	return(ret);

-	}

-static int dgram_new(BIO *bi)

-	{

-	bio_dgram_data *data = NULL;

-	bi->init=0;

-	bi->num=0;

-	data = OPENSSL_malloc(sizeof(bio_dgram_data));

-	if (data == NULL)

-		return 0;

-	memset(data, 0x00, sizeof(bio_dgram_data));

-    bi->ptr = data;

-	bi->flags=0;

-	return(1);

-	}

-static int dgram_free(BIO *a)

-	{

-	bio_dgram_data *data;

-	if (a == NULL) return(0);

-	if ( ! dgram_clear(a))

-		return 0;

-	data = (bio_dgram_data *)a->ptr;

-	if(data != NULL) OPENSSL_free(data);

-	return(1);

-	}

-static int dgram_clear(BIO *a)

-	{

-	if (a == NULL) return(0);

-	if (a->shutdown)

-		{

-		if (a->init)

-			{

-			SHUTDOWN2(a->num);

-			}

-		a->init=0;

-		a->flags=0;

-		}

-	return(1);

-	}

-static int dgram_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;

-	struct sockaddr peer;

-	int peerlen = sizeof(peer);

-	if (out != NULL)

-		{

-		clear_socket_error();

-		memset(&peer, 0x00, peerlen);

-		/* Last arg in recvfrom is signed on some platforms and

-		 * unsigned on others. It is of type socklen_t on some

-		 * but this is not universal. Cast to (void *) to avoid

-		 * compiler warnings.

-		 */

-		ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);

-		if ( ! data->connected  && ret > 0)

-			BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);

-		BIO_clear_retry_flags(b);

-		if (ret <= 0)

-			{

-			if (BIO_dgram_should_retry(ret))

-				{

-				BIO_set_retry_read(b);

-				data->_errno = get_last_socket_error();

-				}

-			}

-		}

-	return(ret);

-	}

-static int dgram_write(BIO *b, const char *in, int inl)

-	{

-	int ret;

-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;

-	clear_socket_error();

-    if ( data->connected )

-        ret=send(b->num,in,inl,0);

-    else

-        ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));

-	BIO_clear_retry_flags(b);

-	if (ret <= 0)

-		{

-		if (BIO_sock_should_retry(ret))

-			{

-			BIO_set_retry_write(b);

-			data->_errno = get_last_socket_error();

-#if 0 /* higher layers are responsible for querying MTU, if necessary */

-			if ( data->_errno == EMSGSIZE)

-				/* retrieve the new MTU */

-				BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

-#endif

-			}

-		}

-	return(ret);

-	}

-static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	int *ip;

-	struct sockaddr *to = NULL;

-	bio_dgram_data *data = NULL;

-	long sockopt_val = 0;

-	int sockopt_len = 0;

-	data = (bio_dgram_data *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		num=0;

-	case BIO_C_FILE_SEEK:

-		ret=0;

-		break;

-	case BIO_C_FILE_TELL:

-	case BIO_CTRL_INFO:

-		ret=0;

-		break;

-	case BIO_C_SET_FD:

-		dgram_clear(b);

-		b->num= *((int *)ptr);

-		b->shutdown=(int)num;

-		b->init=1;

-		break;

-	case BIO_C_GET_FD:

-		if (b->init)

-			{

-			ip=(int *)ptr;

-			if (ip != NULL) *ip=b->num;

-			ret=b->num;

-			}

-		else

-			ret= -1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-		ret=0;

-		break;

-	case BIO_CTRL_DUP:

-	case BIO_CTRL_FLUSH:

-		ret=1;

-		break;

-	case BIO_CTRL_DGRAM_CONNECT:

-		to = (struct sockaddr *)ptr;

-#if 0

-		if (connect(b->num, to, sizeof(struct sockaddr)) < 0)

-			{ perror("connect"); ret = 0; }

-		else

-			{

-#endif

-			memcpy(&(data->peer),to, sizeof(struct sockaddr));

-#if 0

-			}

-#endif

-		break;

-		/* (Linux)kernel sets DF bit on outgoing IP packets */

-#ifdef IP_MTU_DISCOVER

-	case BIO_CTRL_DGRAM_MTU_DISCOVER:

-		sockopt_val = IP_PMTUDISC_DO;

-		if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,

-			&sockopt_val, sizeof(sockopt_val))) < 0)

-			perror("setsockopt");

-		break;

-#endif

-	case BIO_CTRL_DGRAM_QUERY_MTU:

-         sockopt_len = sizeof(sockopt_val);

-		if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,

-			&sockopt_len)) < 0 || sockopt_val < 0)

-			{ ret = 0; }

-		else

-			{

-			data->mtu = sockopt_val;

-			ret = data->mtu;

-			}

-		break;

-	case BIO_CTRL_DGRAM_GET_MTU:

-		return data->mtu;

-		break;

-	case BIO_CTRL_DGRAM_SET_MTU:

-		data->mtu = num;

-		ret = num;

-		break;

-	case BIO_CTRL_DGRAM_SET_CONNECTED:

-		to = (struct sockaddr *)ptr;

-		if ( to != NULL)

-			{

-			data->connected = 1;

-			memcpy(&(data->peer),to, sizeof(struct sockaddr));

-			}

-		else

-			{

-			data->connected = 0;

-			memset(&(data->peer), 0x00, sizeof(struct sockaddr));

-			}

-		break;

-    case BIO_CTRL_DGRAM_SET_PEER:

-        to = (struct sockaddr *) ptr;

-        memcpy(&(data->peer), to, sizeof(struct sockaddr));

-        break;

-	case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:

-		if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,

-			sizeof(struct timeval)) < 0)

-			{ perror("setsockopt");	ret = -1; }

-		break;

-	case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:

-		if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,

-			ptr, (void *)&ret) < 0)

-			{ perror("getsockopt"); ret = -1; }

-		break;

-	case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:

-		if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,

-			sizeof(struct timeval)) < 0)

-			{ perror("setsockopt");	ret = -1; }

-		break;

-	case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:

-		if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,

-			ptr, (void *)&ret) < 0)

-			{ perror("getsockopt"); ret = -1; }

-		break;

-	case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:

-		/* fall-through */

-	case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:

-		if ( data->_errno == EAGAIN)

-			{

-			ret = 1;

-			data->_errno = 0;

-			}

-		else

-			ret = 0;

-		break;

-#ifdef EMSGSIZE

-	case BIO_CTRL_DGRAM_MTU_EXCEEDED:

-		if ( data->_errno == EMSGSIZE)

-			{

-			ret = 1;

-			data->_errno = 0;

-			}

-		else

-			ret = 0;

-		break;

-#endif

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int dgram_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=dgram_write(bp,str,n);

-	return(ret);

-	}

-int BIO_dgram_should_retry(int i)

-	{

-	int err;

-	if ((i == 0) || (i == -1))

-		{

-		err=get_last_socket_error();

-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */

-		if ((i == -1) && (err == 0))

-			return(1);

-#endif

-		return(BIO_dgram_non_fatal_error(err));

-		}

-	return(0);

-	}

-int BIO_dgram_non_fatal_error(int err)

-	{

-	switch (err)

-		{

-#if defined(OPENSSL_SYS_WINDOWS)

-# if defined(WSAEWOULDBLOCK)

-	case WSAEWOULDBLOCK:

-# endif

-# if 0 /* This appears to always be an error */

-#  if defined(WSAENOTCONN)

-	case WSAENOTCONN:

-#  endif

-# endif

-#endif

-#ifdef EWOULDBLOCK

-# ifdef WSAEWOULDBLOCK

-#  if WSAEWOULDBLOCK != EWOULDBLOCK

-	case EWOULDBLOCK:

-#  endif

-# else

-	case EWOULDBLOCK:

-# endif

-#endif

-#if defined(ENOTCONN)

-	case ENOTCONN:

-#endif

-#ifdef EINTR

-	case EINTR:

-#endif

-#ifdef EAGAIN

-#if EWOULDBLOCK != EAGAIN

-	case EAGAIN:

-# endif

-#endif

-#ifdef EPROTO

-	case EPROTO:

-#endif

-#ifdef EINPROGRESS

-	case EINPROGRESS:

-#endif

-#ifdef EALREADY

-	case EALREADY:

-#endif

-/* DF bit set, and packet larger than MTU */

-#ifdef EMSGSIZE

-	case EMSGSIZE:

-#endif

-		return(1);

-		/* break; */

-	default:

-		break;

-		}

-	return(0);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_fd.c

+++ /dev/null

@@ -1,294 +1,0 @@

-/* crypto/bio/bss_fd.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "cryptlib.h"

-/*

- * As for unconditional usage of "UPLINK" interface in this module.

- * Trouble is that unlike Unix file descriptors [which are indexes

- * in kernel-side per-process table], corresponding descriptors on

- * platforms which require "UPLINK" interface seem to be indexes

- * in a user-land, non-global table. Well, in fact they are indexes

- * in stdio _iob[], and recall that _iob[] was the very reason why

- * "UPLINK" interface was introduced in first place. But one way on

- * another. Neither libcrypto or libssl use this BIO meaning that

- * file descriptors can only be provided by application. Therefore

- * "UPLINK" calls are due...

- */

-#include "bio_lcl.h"

-static int fd_write(BIO *h, const char *buf, int num);

-static int fd_read(BIO *h, char *buf, int size);

-static int fd_puts(BIO *h, const char *str);

-static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int fd_new(BIO *h);

-static int fd_free(BIO *data);

-int BIO_fd_should_retry(int s);

-static BIO_METHOD methods_fdp=

-	{

-	BIO_TYPE_FD,"file descriptor",

-	fd_write,

-	fd_read,

-	fd_puts,

-	NULL, /* fd_gets, */

-	fd_ctrl,

-	fd_new,

-	fd_free,

-	NULL,

-	};

-BIO_METHOD *BIO_s_fd(void)

-	{

-	return(&methods_fdp);

-	}

-BIO *BIO_new_fd(int fd,int close_flag)

-	{

-	BIO *ret;

-	ret=BIO_new(BIO_s_fd());

-	if (ret == NULL) return(NULL);

-	BIO_set_fd(ret,fd,close_flag);

-	return(ret);

-	}

-static int fd_new(BIO *bi)

-	{

-	bi->init=0;

-	bi->num=-1;

-	bi->ptr=NULL;

-	bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */

-	return(1);

-	}

-static int fd_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	if (a->shutdown)

-		{

-		if (a->init)

-			{

-			UP_close(a->num);

-			}

-		a->init=0;

-		a->flags=BIO_FLAGS_UPLINK;

-		}

-	return(1);

-	}

-static int fd_read(BIO *b, char *out,int outl)

-	{

-	int ret=0;

-	if (out != NULL)

-		{

-		clear_sys_error();

-		ret=UP_read(b->num,out,outl);

-		BIO_clear_retry_flags(b);

-		if (ret <= 0)

-			{

-			if (BIO_fd_should_retry(ret))

-				BIO_set_retry_read(b);

-			}

-		}

-	return(ret);

-	}

-static int fd_write(BIO *b, const char *in, int inl)

-	{

-	int ret;

-	clear_sys_error();

-	ret=UP_write(b->num,in,inl);

-	BIO_clear_retry_flags(b);

-	if (ret <= 0)

-		{

-		if (BIO_fd_should_retry(ret))

-			BIO_set_retry_write(b);

-		}

-	return(ret);

-	}

-static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	int *ip;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		num=0;

-	case BIO_C_FILE_SEEK:

-		ret=(long)UP_lseek(b->num,num,0);

-		break;

-	case BIO_C_FILE_TELL:

-	case BIO_CTRL_INFO:

-		ret=(long)UP_lseek(b->num,0,1);

-		break;

-	case BIO_C_SET_FD:

-		fd_free(b);

-		b->num= *((int *)ptr);

-		b->shutdown=(int)num;

-		b->init=1;

-		break;

-	case BIO_C_GET_FD:

-		if (b->init)

-			{

-			ip=(int *)ptr;

-			if (ip != NULL) *ip=b->num;

-			ret=b->num;

-			}

-		else

-			ret= -1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-		ret=0;

-		break;

-	case BIO_CTRL_DUP:

-	case BIO_CTRL_FLUSH:

-		ret=1;

-		break;

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int fd_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=fd_write(bp,str,n);

-	return(ret);

-	}

-int BIO_fd_should_retry(int i)

-	{

-	int err;

-	if ((i == 0) || (i == -1))

-		{

-		err=get_last_sys_error();

-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */

-		if ((i == -1) && (err == 0))

-			return(1);

-#endif

-		return(BIO_fd_non_fatal_error(err));

-		}

-	return(0);

-	}

-int BIO_fd_non_fatal_error(int err)

-	{

-	switch (err)

-		{

-#ifdef EWOULDBLOCK

-# ifdef WSAEWOULDBLOCK

-#  if WSAEWOULDBLOCK != EWOULDBLOCK

-	case EWOULDBLOCK:

-#  endif

-# else

-	case EWOULDBLOCK:

-# endif

-#endif

-#if defined(ENOTCONN)

-	case ENOTCONN:

-#endif

-#ifdef EINTR

-	case EINTR:

-#endif

-#ifdef EAGAIN

-#if EWOULDBLOCK != EAGAIN

-	case EAGAIN:

-# endif

-#endif

-#ifdef EPROTO

-	case EPROTO:

-#endif

-#ifdef EINPROGRESS

-	case EINPROGRESS:

-#endif

-#ifdef EALREADY

-	case EALREADY:

-#endif

-		return(1);

-		/* break; */

-	default:

-		break;

-		}

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_file.c

+++ /dev/null

@@ -1,424 +1,0 @@

-/* crypto/bio/bss_file.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*

- * 03-Dec-1997	[email protected]  Fix bug preventing use of stdin/stdout

- *		with binary data (e.g. asn1parse -inform DER < xxx) under

- *		Windows

- */

-#ifndef HEADER_BSS_FILE_C

-#define HEADER_BSS_FILE_C

-#if defined(__linux) || defined(__sun) || defined(__hpux)

-/* Following definition aliases fopen to fopen64 on above mentioned

- * platforms. This makes it possible to open and sequentially access

- * files larger than 2GB from 32-bit application. It does not allow to

- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*

- * 32-bit platform permits that, not with fseek/ftell. Not to mention

- * that breaking 2GB limit for seeking would require surgery to *our*

- * API. But sequential access suffices for practical cases when you

- * can run into large files, such as fingerprinting, so we can let API

- * alone. For reference, the list of 32-bit platforms which allow for

- * sequential access of large files without extra "magic" comprise *BSD,

- * Darwin, IRIX...

- */

-#ifndef _FILE_OFFSET_BITS

-#define _FILE_OFFSET_BITS 64

-#endif

-#endif

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include "bio_lcl.h"

-#include <openssl/err.h>

-#if !defined(OPENSSL_NO_STDIO)

-static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);

-static int MS_CALLBACK file_read(BIO *h, char *buf, int size);

-static int MS_CALLBACK file_puts(BIO *h, const char *str);

-static int MS_CALLBACK file_gets(BIO *h, char *str, int size);

-static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int MS_CALLBACK file_new(BIO *h);

-static int MS_CALLBACK file_free(BIO *data);

-static BIO_METHOD methods_filep=

-	{

-	BIO_TYPE_FILE,

-	"FILE pointer",

-	file_write,

-	file_read,

-	file_puts,

-	file_gets,

-	file_ctrl,

-	file_new,

-	file_free,

-	NULL,

-	};

-BIO *BIO_new_file(const char *filename, const char *mode)

-	{

-	BIO *ret;

-	FILE *file;

-	if ((file=fopen(filename,mode)) == NULL)

-		{

-		SYSerr(SYS_F_FOPEN,get_last_sys_error());

-		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");

-		if (errno == ENOENT)

-			BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);

-		else

-			BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);

-		return(NULL);

-		}

-	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)

-		{

-		fclose(file);

-		return(NULL);

-		}

-	BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */

-	BIO_set_fp(ret,file,BIO_CLOSE);

-	return(ret);

-	}

-BIO *BIO_new_fp(FILE *stream, int close_flag)

-	{

-	BIO *ret;

-	if ((ret=BIO_new(BIO_s_file())) == NULL)

-		return(NULL);

-	BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */

-	BIO_set_fp(ret,stream,close_flag);

-	return(ret);

-	}

-BIO_METHOD *BIO_s_file(void)

-	{

-	return(&methods_filep);

-	}

-static int MS_CALLBACK file_new(BIO *bi)

-	{

-	bi->init=0;

-	bi->num=0;

-	bi->ptr=NULL;

-	bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */

-	return(1);

-	}

-static int MS_CALLBACK file_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	if (a->shutdown)

-		{

-		if ((a->init) && (a->ptr != NULL))

-			{

-			if (a->flags&BIO_FLAGS_UPLINK)

-				UP_fclose (a->ptr);

-			else

-				fclose (a->ptr);

-			a->ptr=NULL;

-			a->flags=BIO_FLAGS_UPLINK;

-			}

-		a->init=0;

-		}

-	return(1);

-	}

-static int MS_CALLBACK file_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	if (b->init && (out != NULL))

-		{

-		if (b->flags&BIO_FLAGS_UPLINK)

-			ret=UP_fread(out,1,(int)outl,b->ptr);

-		else

-			ret=fread(out,1,(int)outl,(FILE *)b->ptr);

-		if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr))

-			{

-			SYSerr(SYS_F_FREAD,get_last_sys_error());

-			BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);

-			ret=-1;

-			}

-		}

-	return(ret);

-	}

-static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)

-	{

-	int ret=0;

-	if (b->init && (in != NULL))

-		{

-		if (b->flags&BIO_FLAGS_UPLINK)

-			ret=UP_fwrite(in,(int)inl,1,b->ptr);

-		else

-			ret=fwrite(in,(int)inl,1,(FILE *)b->ptr);

-		if (ret)

-			ret=inl;

-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */

-		/* according to Tim Hudson <[email protected]>, the commented

-		 * out version above can cause 'inl' write calls under

-		 * some stupid stdio implementations (VMS) */

-		}

-	return(ret);

-	}

-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	FILE *fp=(FILE *)b->ptr;

-	FILE **fpp;

-	char p[4];

-	switch (cmd)

-		{

-	case BIO_C_FILE_SEEK:

-	case BIO_CTRL_RESET:

-		if (b->flags&BIO_FLAGS_UPLINK)

-			ret=(long)UP_fseek(b->ptr,num,0);

-		else

-			ret=(long)fseek(fp,num,0);

-		break;

-	case BIO_CTRL_EOF:

-		if (b->flags&BIO_FLAGS_UPLINK)

-			ret=(long)UP_feof(fp);

-		else

-			ret=(long)feof(fp);

-		break;

-	case BIO_C_FILE_TELL:

-	case BIO_CTRL_INFO:

-		if (b->flags&BIO_FLAGS_UPLINK)

-			ret=UP_ftell(b->ptr);

-		else

-			ret=ftell(fp);

-		break;

-	case BIO_C_SET_FILE_PTR:

-		file_free(b);

-		b->shutdown=(int)num&BIO_CLOSE;

-		b->ptr=ptr;

-		b->init=1;

-#if BIO_FLAGS_UPLINK!=0

-#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)

-#define _IOB_ENTRIES 20

-#endif

-#if defined(_IOB_ENTRIES)

-		/* Safety net to catch purely internal BIO_set_fp calls */

-		if ((size_t)ptr >= (size_t)stdin &&

-		    (size_t)ptr <  (size_t)(stdin+_IOB_ENTRIES))

-			BIO_clear_flags(b,BIO_FLAGS_UPLINK);

-#endif

-#endif

-#ifdef UP_fsetmode

-		if (b->flags&BIO_FLAGS_UPLINK)

-			UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b');

-		else

-#endif

-		{

-#if defined(OPENSSL_SYS_WINDOWS)

-		int fd = fileno((FILE*)ptr);

-		if (num & BIO_FP_TEXT)

-			_setmode(fd,_O_TEXT);

-		else

-			_setmode(fd,_O_BINARY);

-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)

-		int fd = fileno((FILE*)ptr);

-         /* Under CLib there are differences in file modes

-         */

-		if (num & BIO_FP_TEXT)

-			_setmode(fd,O_TEXT);

-		else

-			_setmode(fd,O_BINARY);

-#elif defined(OPENSSL_SYS_MSDOS)

-		int fd = fileno((FILE*)ptr);

-		/* Set correct text/binary mode */

-		if (num & BIO_FP_TEXT)

-			_setmode(fd,_O_TEXT);

-		/* Dangerous to set stdin/stdout to raw (unless redirected) */

-		else

-			{

-			if (fd == STDIN_FILENO || fd == STDOUT_FILENO)

-				{

-				if (isatty(fd) <= 0)

-					_setmode(fd,_O_BINARY);

-				}

-			else

-				_setmode(fd,_O_BINARY);

-			}

-#elif defined(OPENSSL_SYS_OS2)

-		int fd = fileno((FILE*)ptr);

-		if (num & BIO_FP_TEXT)

-			setmode(fd, O_TEXT);

-		else

-			setmode(fd, O_BINARY);

-#endif

-		}

-		break;

-	case BIO_C_SET_FILENAME:

-		file_free(b);

-		b->shutdown=(int)num&BIO_CLOSE;

-		if (num & BIO_FP_APPEND)

-			{

-			if (num & BIO_FP_READ)

-				BUF_strlcpy(p,"a+",sizeof p);

-			else	BUF_strlcpy(p,"a",sizeof p);

-			}

-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))

-			BUF_strlcpy(p,"r+",sizeof p);

-		else if (num & BIO_FP_WRITE)

-			BUF_strlcpy(p,"w",sizeof p);

-		else if (num & BIO_FP_READ)

-			BUF_strlcpy(p,"r",sizeof p);

-		else

-			{

-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);

-			ret=0;

-			break;

-			}

-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)

-		if (!(num & BIO_FP_TEXT))

-			strcat(p,"b");

-		else

-			strcat(p,"t");

-#endif

-#if defined(OPENSSL_SYS_NETWARE)

-		if (!(num & BIO_FP_TEXT))

-			strcat(p,"b");

-		else

-			strcat(p,"t");

-#endif

-		fp=fopen(ptr,p);

-		if (fp == NULL)

-			{

-			SYSerr(SYS_F_FOPEN,get_last_sys_error());

-			ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");

-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);

-			ret=0;

-			break;

-			}

-		b->ptr=fp;

-		b->init=1;

-		BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */

-		break;

-	case BIO_C_GET_FILE_PTR:

-		/* the ptr parameter is actually a FILE ** in this case. */

-		if (ptr != NULL)

-			{

-			fpp=(FILE **)ptr;

-			*fpp=(FILE *)b->ptr;

-			}

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=(long)b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_FLUSH:

-		if (b->flags&BIO_FLAGS_UPLINK)

-			UP_fflush(b->ptr);

-		else

-			fflush((FILE *)b->ptr);

-		break;

-	case BIO_CTRL_DUP:

-		ret=1;

-		break;

-	case BIO_CTRL_WPENDING:

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_PUSH:

-	case BIO_CTRL_POP:

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)

-	{

-	int ret=0;

-	buf[0]='\0';

-	if (bp->flags&BIO_FLAGS_UPLINK)

-		UP_fgets(buf,size,bp->ptr);

-	else

-		fgets(buf,size,(FILE *)bp->ptr);

-	if (buf[0] != '\0')

-		ret=strlen(buf);

-	return(ret);

-	}

-static int MS_CALLBACK file_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=file_write(bp,str,n);

-	return(ret);

-	}

-#endif /* OPENSSL_NO_STDIO */

-#endif /* HEADER_BSS_FILE_C */

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_log.c

+++ /dev/null

@@ -1,402 +1,0 @@

-/* crypto/bio/bss_log.c */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

-	Why BIO_s_log?

-	BIO_s_log is useful for system daemons (or services under NT).

-	It is one-way BIO, it sends all stuff to syslogd (on system that

-	commonly use that), or event log (on NT), or OPCOM (on OpenVMS).

-*/

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#if defined(OPENSSL_SYS_WINCE)

-#elif defined(OPENSSL_SYS_WIN32)

-#  include <process.h>

-#elif defined(OPENSSL_SYS_VMS)

-#  include <opcdef.h>

-#  include <descrip.h>

-#  include <lib$routines.h>

-#  include <starlet.h>

-#elif defined(__ultrix)

-#  include <sys/syslog.h>

-#elif defined(OPENSSL_SYS_NETWARE)

-#  define NO_SYSLOG

-#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)

-#  include <syslog.h>

-#endif

-#include <openssl/buffer.h>

-#include <openssl/err.h>

-#ifndef NO_SYSLOG

-#if defined(OPENSSL_SYS_WIN32)

-#define LOG_EMERG	0

-#define LOG_ALERT	1

-#define LOG_CRIT	2

-#define LOG_ERR		3

-#define LOG_WARNING	4

-#define LOG_NOTICE	5

-#define LOG_INFO	6

-#define LOG_DEBUG	7

-#define LOG_DAEMON	(3<<3)

-#elif defined(OPENSSL_SYS_VMS)

-/* On VMS, we don't really care about these, but we need them to compile */

-#define LOG_EMERG	0

-#define LOG_ALERT	1

-#define LOG_CRIT	2

-#define LOG_ERR		3

-#define LOG_WARNING	4

-#define LOG_NOTICE	5

-#define LOG_INFO	6

-#define LOG_DEBUG	7

-#define LOG_DAEMON	OPC$M_NM_NTWORK

-#endif

-static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);

-static int MS_CALLBACK slg_puts(BIO *h, const char *str);

-static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int MS_CALLBACK slg_new(BIO *h);

-static int MS_CALLBACK slg_free(BIO *data);

-static void xopenlog(BIO* bp, char* name, int level);

-static void xsyslog(BIO* bp, int priority, const char* string);

-static void xcloselog(BIO* bp);

-#ifdef OPENSSL_SYS_WIN32

-LONG	(WINAPI *go_for_advapi)()	= RegOpenKeyEx;

-HANDLE	(WINAPI *register_event_source)()	= NULL;

-BOOL	(WINAPI *deregister_event_source)()	= NULL;

-BOOL	(WINAPI *report_event)()	= NULL;

-#define DL_PROC(m,f)	(GetProcAddress( m, f ))

-#ifdef UNICODE

-#define DL_PROC_X(m,f) DL_PROC( m, f "W" )

-#else

-#define DL_PROC_X(m,f) DL_PROC( m, f "A" )

-#endif

-#endif

-static BIO_METHOD methods_slg=

-	{

-	BIO_TYPE_MEM,"syslog",

-	slg_write,

-	NULL,

-	slg_puts,

-	NULL,

-	slg_ctrl,

-	slg_new,

-	slg_free,

-	NULL,

-	};

-BIO_METHOD *BIO_s_log(void)

-	{

-	return(&methods_slg);

-	}

-static int MS_CALLBACK slg_new(BIO *bi)

-	{

-	bi->init=1;

-	bi->num=0;

-	bi->ptr=NULL;

-	xopenlog(bi, "application", LOG_DAEMON);

-	return(1);

-	}

-static int MS_CALLBACK slg_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	xcloselog(a);

-	return(1);

-	}

-static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)

-	{

-	int ret= inl;

-	char* buf;

-	char* pp;

-	int priority, i;

-	static struct

-		{

-		int strl;

-		char str[10];

-		int log_level;

-		}

-	mapping[] =

-		{

-		{ 6, "PANIC ", LOG_EMERG },

-		{ 6, "EMERG ", LOG_EMERG },

-		{ 4, "EMR ", LOG_EMERG },

-		{ 6, "ALERT ", LOG_ALERT },

-		{ 4, "ALR ", LOG_ALERT },

-		{ 5, "CRIT ", LOG_CRIT },

-		{ 4, "CRI ", LOG_CRIT },

-		{ 6, "ERROR ", LOG_ERR },

-		{ 4, "ERR ", LOG_ERR },

-		{ 8, "WARNING ", LOG_WARNING },

-		{ 5, "WARN ", LOG_WARNING },

-		{ 4, "WAR ", LOG_WARNING },

-		{ 7, "NOTICE ", LOG_NOTICE },

-		{ 5, "NOTE ", LOG_NOTICE },

-		{ 4, "NOT ", LOG_NOTICE },

-		{ 5, "INFO ", LOG_INFO },

-		{ 4, "INF ", LOG_INFO },

-		{ 6, "DEBUG ", LOG_DEBUG },

-		{ 4, "DBG ", LOG_DEBUG },

-		{ 0, "", LOG_ERR } /* The default */

-		};

-	if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){

-		return(0);

-	}

-	strncpy(buf, in, inl);

-	buf[inl]= '\0';

-	i = 0;

-	while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;

-	priority = mapping[i].log_level;

-	pp = buf + mapping[i].strl;

-	xsyslog(b, priority, pp);

-	OPENSSL_free(buf);

-	return(ret);

-	}

-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	switch (cmd)

-		{

-	case BIO_CTRL_SET:

-		xcloselog(b);

-		xopenlog(b, ptr, num);

-		break;

-	default:

-		break;

-		}

-	return(0);

-	}

-static int MS_CALLBACK slg_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=slg_write(bp,str,n);

-	return(ret);

-	}

-#if defined(OPENSSL_SYS_WIN32)

-static void xopenlog(BIO* bp, char* name, int level)

-{

-	if ( !register_event_source )

-		{

-		HANDLE	advapi;

-		if ( !(advapi = GetModuleHandle("advapi32")) )

-			return;

-		register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,

-			"RegisterEventSource" );

-		deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,

-			"DeregisterEventSource");

-		report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,

-			"ReportEvent" );

-		if ( !(register_event_source && deregister_event_source &&

-				report_event) )

-			{

-			register_event_source = NULL;

-			deregister_event_source = NULL;

-			report_event = NULL;

-			return;

-			}

-		}

-	bp->ptr= (char *)register_event_source(NULL, name);

-}

-static void xsyslog(BIO *bp, int priority, const char *string)

-{

-	LPCSTR lpszStrings[2];

-	WORD evtype= EVENTLOG_ERROR_TYPE;

-	int pid = _getpid();

-	char pidbuf[DECIMAL_SIZE(pid)+4];

-	switch (priority)

-		{

-	case LOG_EMERG:

-	case LOG_ALERT:

-	case LOG_CRIT:

-	case LOG_ERR:

-		evtype = EVENTLOG_ERROR_TYPE;

-		break;

-	case LOG_WARNING:

-		evtype = EVENTLOG_WARNING_TYPE;

-		break;

-	case LOG_NOTICE:

-	case LOG_INFO:

-	case LOG_DEBUG:

-		evtype = EVENTLOG_INFORMATION_TYPE;

-		break;

-	default:		/* Should never happen, but set it

-				   as error anyway. */

-		evtype = EVENTLOG_ERROR_TYPE;

-		break;

-		}

-	sprintf(pidbuf, "[%d] ", pid);

-	lpszStrings[0] = pidbuf;

-	lpszStrings[1] = string;

-	if(report_event && bp->ptr)

-		report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,

-				lpszStrings, NULL);

-}

-static void xcloselog(BIO* bp)

-{

-	if(deregister_event_source && bp->ptr)

-		deregister_event_source((HANDLE)(bp->ptr));

-	bp->ptr= NULL;

-}

-#elif defined(OPENSSL_SYS_VMS)

-static int VMS_OPC_target = LOG_DAEMON;

-static void xopenlog(BIO* bp, char* name, int level)

-{

-	VMS_OPC_target = level;

-}

-static void xsyslog(BIO *bp, int priority, const char *string)

-{

-	struct dsc$descriptor_s opc_dsc;

-	struct opcdef *opcdef_p;

-	char buf[10240];

-	unsigned int len;

-        struct dsc$descriptor_s buf_dsc;

-	$DESCRIPTOR(fao_cmd, "!AZ: !AZ");

-	char *priority_tag;

-	switch (priority)

-	  {

-	  case LOG_EMERG: priority_tag = "Emergency"; break;

-	  case LOG_ALERT: priority_tag = "Alert"; break;

-	  case LOG_CRIT: priority_tag = "Critical"; break;

-	  case LOG_ERR: priority_tag = "Error"; break;

-	  case LOG_WARNING: priority_tag = "Warning"; break;

-	  case LOG_NOTICE: priority_tag = "Notice"; break;

-	  case LOG_INFO: priority_tag = "Info"; break;

-	  case LOG_DEBUG: priority_tag = "DEBUG"; break;

-	  }

-	buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-	buf_dsc.dsc$b_class = DSC$K_CLASS_S;

-	buf_dsc.dsc$a_pointer = buf;

-	buf_dsc.dsc$w_length = sizeof(buf) - 1;

-	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);

-	/* we know there's an 8 byte header.  That's documented */

-	opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);

-	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;

-	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);

-	opcdef_p->opc$l_ms_rqstid = 0;

-	memcpy(&opcdef_p->opc$l_ms_text, buf, len);

-	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-	opc_dsc.dsc$b_class = DSC$K_CLASS_S;

-	opc_dsc.dsc$a_pointer = (char *)opcdef_p;

-	opc_dsc.dsc$w_length = len + 8;

-	sys$sndopr(opc_dsc, 0);

-	OPENSSL_free(opcdef_p);

-}

-static void xcloselog(BIO* bp)

-{

-}

-#else /* Unix/Watt32 */

-static void xopenlog(BIO* bp, char* name, int level)

-{

-#ifdef WATT32   /* djgpp/DOS */

-	openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);

-#else

-	openlog(name, LOG_PID|LOG_CONS, level);

-#endif

-}

-static void xsyslog(BIO *bp, int priority, const char *string)

-{

-	syslog(priority, "%s", string);

-}

-static void xcloselog(BIO* bp)

-{

-	closelog();

-}

-#endif /* Unix */

-#endif /* NO_SYSLOG */

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_mem.c

+++ /dev/null

@@ -1,321 +1,0 @@

-/* crypto/bio/bss_mem.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-static int mem_write(BIO *h, const char *buf, int num);

-static int mem_read(BIO *h, char *buf, int size);

-static int mem_puts(BIO *h, const char *str);

-static int mem_gets(BIO *h, char *str, int size);

-static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int mem_new(BIO *h);

-static int mem_free(BIO *data);

-static BIO_METHOD mem_method=

-	{

-	BIO_TYPE_MEM,

-	"memory buffer",

-	mem_write,

-	mem_read,

-	mem_puts,

-	mem_gets,

-	mem_ctrl,

-	mem_new,

-	mem_free,

-	NULL,

-	};

-/* bio->num is used to hold the value to return on 'empty', if it is

- * 0, should_retry is not set */

-BIO_METHOD *BIO_s_mem(void)

-	{

-	return(&mem_method);

-	}

-BIO *BIO_new_mem_buf(void *buf, int len)

-{

-	BIO *ret;

-	BUF_MEM *b;

-	if (!buf) {

-		BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);

-		return NULL;

-	}

-	if(len == -1) len = strlen(buf);

-	if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;

-	b = (BUF_MEM *)ret->ptr;

-	b->data = buf;

-	b->length = len;

-	b->max = len;

-	ret->flags |= BIO_FLAGS_MEM_RDONLY;

-	/* Since this is static data retrying wont help */

-	ret->num = 0;

-	return ret;

-}

-static int mem_new(BIO *bi)

-	{

-	BUF_MEM *b;

-	if ((b=BUF_MEM_new()) == NULL)

-		return(0);

-	bi->shutdown=1;

-	bi->init=1;

-	bi->num= -1;

-	bi->ptr=(char *)b;

-	return(1);

-	}

-static int mem_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	if (a->shutdown)

-		{

-		if ((a->init) && (a->ptr != NULL))

-			{

-			BUF_MEM *b;

-			b = (BUF_MEM *)a->ptr;

-			if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;

-			BUF_MEM_free(b);

-			a->ptr=NULL;

-			}

-		}

-	return(1);

-	}

-static int mem_read(BIO *b, char *out, int outl)

-	{

-	int ret= -1;

-	BUF_MEM *bm;

-	int i;

-	char *from,*to;

-	bm=(BUF_MEM *)b->ptr;

-	BIO_clear_retry_flags(b);

-	ret=(outl > bm->length)?bm->length:outl;

-	if ((out != NULL) && (ret > 0)) {

-		memcpy(out,bm->data,ret);

-		bm->length-=ret;

-		/* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */

-		if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;

-		else {

-			from=(char *)&(bm->data[ret]);

-			to=(char *)&(bm->data[0]);

-			for (i=0; i<bm->length; i++)

-				to[i]=from[i];

-		}

-	} else if (bm->length == 0)

-		{

-		ret = b->num;

-		if (ret != 0)

-			BIO_set_retry_read(b);

-		}

-	return(ret);

-	}

-static int mem_write(BIO *b, const char *in, int inl)

-	{

-	int ret= -1;

-	int blen;

-	BUF_MEM *bm;

-	bm=(BUF_MEM *)b->ptr;

-	if (in == NULL)

-		{

-		BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);

-		goto end;

-		}

-	if(b->flags & BIO_FLAGS_MEM_RDONLY) {

-		BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);

-		goto end;

-	}

-	BIO_clear_retry_flags(b);

-	blen=bm->length;

-	if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))

-		goto end;

-	memcpy(&(bm->data[blen]),in,inl);

-	ret=inl;

-end:

-	return(ret);

-	}

-static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	char **pptr;

-	BUF_MEM *bm=(BUF_MEM *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		if (bm->data != NULL)

-			{

-			/* For read only case reset to the start again */

-			if(b->flags & BIO_FLAGS_MEM_RDONLY)

-				{

-				bm->data -= bm->max - bm->length;

-				bm->length = bm->max;

-				}

-			else

-				{

-				memset(bm->data,0,bm->max);

-				bm->length=0;

-				}

-			}

-		break;

-	case BIO_CTRL_EOF:

-		ret=(long)(bm->length == 0);

-		break;

-	case BIO_C_SET_BUF_MEM_EOF_RETURN:

-		b->num=(int)num;

-		break;

-	case BIO_CTRL_INFO:

-		ret=(long)bm->length;

-		if (ptr != NULL)

-			{

-			pptr=(char **)ptr;

-			*pptr=(char *)&(bm->data[0]);

-			}

-		break;

-	case BIO_C_SET_BUF_MEM:

-		mem_free(b);

-		b->shutdown=(int)num;

-		b->ptr=ptr;

-		break;

-	case BIO_C_GET_BUF_MEM_PTR:

-		if (ptr != NULL)

-			{

-			pptr=(char **)ptr;

-			*pptr=(char *)bm;

-			}

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=(long)b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_WPENDING:

-		ret=0L;

-		break;

-	case BIO_CTRL_PENDING:

-		ret=(long)bm->length;

-		break;

-	case BIO_CTRL_DUP:

-	case BIO_CTRL_FLUSH:

-		ret=1;

-		break;

-	case BIO_CTRL_PUSH:

-	case BIO_CTRL_POP:

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int mem_gets(BIO *bp, char *buf, int size)

-	{

-	int i,j;

-	int ret= -1;

-	char *p;

-	BUF_MEM *bm=(BUF_MEM *)bp->ptr;

-	BIO_clear_retry_flags(bp);

-	j=bm->length;

-	if (j <= 0)

-		{

-		*buf='\0';

-		return 0;

-		}

-	p=bm->data;

-	for (i=0; i<j; i++)

-		{

-		if (p[i] == '\n') break;

-		}

-	if (i == j)

-		{

-		BIO_set_retry_read(bp);

-		/* return(-1);  change the semantics 0.6.6a */

-		}

-	else

-		i++;

-	/* i is the max to copy */

-	if ((size-1) < i) i=size-1;

-	i=mem_read(bp,buf,i);

-	if (i > 0) buf[i]='\0';

-	ret=i;

-	return(ret);

-	}

-static int mem_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=mem_write(bp,str,n);

-	/* memory semantics is that it will always work */

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_null.c

+++ /dev/null

@@ -1,150 +1,0 @@

-/* crypto/bio/bss_null.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-static int null_write(BIO *h, const char *buf, int num);

-static int null_read(BIO *h, char *buf, int size);

-static int null_puts(BIO *h, const char *str);

-static int null_gets(BIO *h, char *str, int size);

-static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int null_new(BIO *h);

-static int null_free(BIO *data);

-static BIO_METHOD null_method=

-	{

-	BIO_TYPE_NULL,

-	"NULL",

-	null_write,

-	null_read,

-	null_puts,

-	null_gets,

-	null_ctrl,

-	null_new,

-	null_free,

-	NULL,

-	};

-BIO_METHOD *BIO_s_null(void)

-	{

-	return(&null_method);

-	}

-static int null_new(BIO *bi)

-	{

-	bi->init=1;

-	bi->num=0;

-	bi->ptr=(NULL);

-	return(1);

-	}

-static int null_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	return(1);

-	}

-static int null_read(BIO *b, char *out, int outl)

-	{

-	return(0);

-	}

-static int null_write(BIO *b, const char *in, int inl)

-	{

-	return(inl);

-	}

-static long null_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-	case BIO_CTRL_EOF:

-	case BIO_CTRL_SET:

-	case BIO_CTRL_SET_CLOSE:

-	case BIO_CTRL_FLUSH:

-	case BIO_CTRL_DUP:

-		ret=1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-	case BIO_CTRL_INFO:

-	case BIO_CTRL_GET:

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int null_gets(BIO *bp, char *buf, int size)

-	{

-	return(0);

-	}

-static int null_puts(BIO *bp, const char *str)

-	{

-	if (str == NULL) return(0);

-	return(strlen(str));

-	}

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_rtcp.c

+++ /dev/null

@@ -1,294 +1,0 @@

-/* crypto/bio/bss_rtcp.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Written by David L. Jones <[email protected]>

- * Date:   22-JUL-1996

- * Revised: 25-SEP-1997		Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD

- */

-/* VMS */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <iodef.h>		/* VMS IO$_ definitions */

-#include <starlet.h>

-typedef unsigned short io_channel;

-/*************************************************************************/

-struct io_status { short status, count; long flags; };

-struct rpc_msg {		/* Should have member alignment inhibited */

-   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */

-   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */

-   unsigned short int length;	/* Amount of data returned or max to return */

-   char data[4092];		/* variable data */

-};

-#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)

-struct rpc_ctx {

-    int filled, pos;

-    struct rpc_msg msg;

-};

-static int rtcp_write(BIO *h,const char *buf,int num);

-static int rtcp_read(BIO *h,char *buf,int size);

-static int rtcp_puts(BIO *h,const char *str);

-static int rtcp_gets(BIO *h,char *str,int size);

-static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);

-static int rtcp_new(BIO *h);

-static int rtcp_free(BIO *data);

-static BIO_METHOD rtcp_method=

-	{

-	BIO_TYPE_FD,

-	"RTCP",

-	rtcp_write,

-	rtcp_read,

-	rtcp_puts,

-	rtcp_gets,

-	rtcp_ctrl,

-	rtcp_new,

-	rtcp_free,

-	NULL,

-	};

-BIO_METHOD *BIO_s_rtcp(void)

-	{

-	return(&rtcp_method);

-	}

-/*****************************************************************************/

-/* Decnet I/O routines.

- */

-#ifdef __DECC

-#pragma message save

-#pragma message disable DOLLARID

-#endif

-static int get ( io_channel chan, char *buffer, int maxlen, int *length )

-{

-    int status;

-    struct io_status iosb;

-    status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,

-	buffer, maxlen, 0, 0, 0, 0 );

-    if ( (status&1) == 1 ) status = iosb.status;

-    if ( (status&1) == 1 ) *length = iosb.count;

-    return status;

-}

-static int put ( io_channel chan, char *buffer, int length )

-{

-    int status;

-    struct io_status iosb;

-    status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,

-	buffer, length, 0, 0, 0, 0 );

-    if ( (status&1) == 1 ) status = iosb.status;

-    return status;

-}

-#ifdef __DECC

-#pragma message restore

-#endif

-/***************************************************************************/

-static int rtcp_new(BIO *bi)

-{

-    struct rpc_ctx *ctx;

-	bi->init=1;

-	bi->num=0;

-	bi->flags = 0;

-	bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));

-	ctx = (struct rpc_ctx *) bi->ptr;

-	ctx->filled = 0;

-	ctx->pos = 0;

-	return(1);

-}

-static int rtcp_free(BIO *a)

-{

-	if (a == NULL) return(0);

-	if ( a->ptr ) OPENSSL_free ( a->ptr );

-	a->ptr = NULL;

-	return(1);

-}

-static int rtcp_read(BIO *b, char *out, int outl)

-{

-    int status, length;

-    struct rpc_ctx *ctx;

-    /*

-     * read data, return existing.

-     */

-    ctx = (struct rpc_ctx *) b->ptr;

-    if ( ctx->pos < ctx->filled ) {

-	length = ctx->filled - ctx->pos;

-	if ( length > outl ) length = outl;

-	memmove ( out, &ctx->msg.data[ctx->pos], length );

-	ctx->pos += length;

-	return length;

-    }

-    /*

-     * Requst more data from R channel.

-     */

-    ctx->msg.channel = 'R';

-    ctx->msg.function = 'G';

-    ctx->msg.length = sizeof(ctx->msg.data);

-    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );

-    if ( (status&1) == 0 ) {

-	return -1;

-    }

-    /*

-     * Read.

-     */

-    ctx->pos = ctx->filled = 0;

-    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );

-    if ( (status&1) == 0 ) length = -1;

-    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {

-	length = -1;

-    }

-    ctx->filled = length - RPC_HDR_SIZE;

-    if ( ctx->pos < ctx->filled ) {

-	length = ctx->filled - ctx->pos;

-	if ( length > outl ) length = outl;

-	memmove ( out, ctx->msg.data, length );

-	ctx->pos += length;

-	return length;

-    }

-    return length;

-}

-static int rtcp_write(BIO *b, const char *in, int inl)

-{

-    int status, i, segment, length;

-    struct rpc_ctx *ctx;

-    /*

-     * Output data, send in chunks no larger that sizeof(ctx->msg.data).

-     */

-    ctx = (struct rpc_ctx *) b->ptr;

-    for ( i = 0; i < inl; i += segment ) {

-	segment = inl - i;

-	if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);

-	ctx->msg.channel = 'R';

-	ctx->msg.function = 'P';

-	ctx->msg.length = segment;

-	memmove ( ctx->msg.data, &in[i], segment );

-	status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );

-	if ((status&1) == 0 ) { i = -1; break; }

-	status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );

-	if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }

-	if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {

-	   printf("unexpected response when confirming put %c %c\n",

-		ctx->msg.channel, ctx->msg.function );

-	}

-    }

-    return(i);

-}

-static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-	case BIO_CTRL_EOF:

-		ret = 1;

-		break;

-	case BIO_C_SET_FD:

-		b->num = num;

-		ret = 1;

-	 	break;

-	case BIO_CTRL_SET_CLOSE:

-	case BIO_CTRL_FLUSH:

-	case BIO_CTRL_DUP:

-		ret=1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-	case BIO_CTRL_INFO:

-	case BIO_CTRL_GET:

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int rtcp_gets(BIO *bp, char *buf, int size)

-	{

-	return(0);

-	}

-static int rtcp_puts(BIO *bp, const char *str)

-{

-    int length;

-    if (str == NULL) return(0);

-    length = strlen ( str );

-    if ( length == 0 ) return (0);

-    return rtcp_write ( bp,str, length );

-}

--- a/sys/src/ape/lib/openssl/crypto/bio/bss_sock.c

+++ /dev/null

@@ -1,302 +1,0 @@

-/* crypto/bio/bss_sock.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#ifdef WATT32

-#define sock_write SockWrite  /* Watt-32 uses same names */

-#define sock_read  SockRead

-#define sock_puts  SockPuts

-#endif

-static int sock_write(BIO *h, const char *buf, int num);

-static int sock_read(BIO *h, char *buf, int size);

-static int sock_puts(BIO *h, const char *str);

-static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int sock_new(BIO *h);

-static int sock_free(BIO *data);

-int BIO_sock_should_retry(int s);

-static BIO_METHOD methods_sockp=

-	{

-	BIO_TYPE_SOCKET,

-	"socket",

-	sock_write,

-	sock_read,

-	sock_puts,

-	NULL, /* sock_gets, */

-	sock_ctrl,

-	sock_new,

-	sock_free,

-	NULL,

-	};

-BIO_METHOD *BIO_s_socket(void)

-	{

-	return(&methods_sockp);

-	}

-BIO *BIO_new_socket(int fd, int close_flag)

-	{

-	BIO *ret;

-	ret=BIO_new(BIO_s_socket());

-	if (ret == NULL) return(NULL);

-	BIO_set_fd(ret,fd,close_flag);

-	return(ret);

-	}

-static int sock_new(BIO *bi)

-	{

-	bi->init=0;

-	bi->num=0;

-	bi->ptr=NULL;

-	bi->flags=0;

-	return(1);

-	}

-static int sock_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	if (a->shutdown)

-		{

-		if (a->init)

-			{

-			SHUTDOWN2(a->num);

-			}

-		a->init=0;

-		a->flags=0;

-		}

-	return(1);

-	}

-static int sock_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	if (out != NULL)

-		{

-		clear_socket_error();

-		ret=readsocket(b->num,out,outl);

-		BIO_clear_retry_flags(b);

-		if (ret <= 0)

-			{

-			if (BIO_sock_should_retry(ret))

-				BIO_set_retry_read(b);

-			}

-		}

-	return(ret);

-	}

-static int sock_write(BIO *b, const char *in, int inl)

-	{

-	int ret;

-	clear_socket_error();

-	ret=writesocket(b->num,in,inl);

-	BIO_clear_retry_flags(b);

-	if (ret <= 0)

-		{

-		if (BIO_sock_should_retry(ret))

-			BIO_set_retry_write(b);

-		}

-	return(ret);

-	}

-static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	long ret=1;

-	int *ip;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		num=0;

-	case BIO_C_FILE_SEEK:

-		ret=0;

-		break;

-	case BIO_C_FILE_TELL:

-	case BIO_CTRL_INFO:

-		ret=0;

-		break;

-	case BIO_C_SET_FD:

-		sock_free(b);

-		b->num= *((int *)ptr);

-		b->shutdown=(int)num;

-		b->init=1;

-		break;

-	case BIO_C_GET_FD:

-		if (b->init)

-			{

-			ip=(int *)ptr;

-			if (ip != NULL) *ip=b->num;

-			ret=b->num;

-			}

-		else

-			ret= -1;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_PENDING:

-	case BIO_CTRL_WPENDING:

-		ret=0;

-		break;

-	case BIO_CTRL_DUP:

-	case BIO_CTRL_FLUSH:

-		ret=1;

-		break;

-	default:

-		ret=0;

-		break;

-		}

-	return(ret);

-	}

-static int sock_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=sock_write(bp,str,n);

-	return(ret);

-	}

-int BIO_sock_should_retry(int i)

-	{

-	int err;

-	if ((i == 0) || (i == -1))

-		{

-		err=get_last_socket_error();

-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */

-		if ((i == -1) && (err == 0))

-			return(1);

-#endif

-		return(BIO_sock_non_fatal_error(err));

-		}

-	return(0);

-	}

-int BIO_sock_non_fatal_error(int err)

-	{

-	switch (err)

-		{

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)

-# if defined(WSAEWOULDBLOCK)

-	case WSAEWOULDBLOCK:

-# endif

-# if 0 /* This appears to always be an error */

-#  if defined(WSAENOTCONN)

-	case WSAENOTCONN:

-#  endif

-# endif

-#endif

-#ifdef EWOULDBLOCK

-# ifdef WSAEWOULDBLOCK

-#  if WSAEWOULDBLOCK != EWOULDBLOCK

-	case EWOULDBLOCK:

-#  endif

-# else

-	case EWOULDBLOCK:

-# endif

-#endif

-#if defined(ENOTCONN)

-	case ENOTCONN:

-#endif

-#ifdef EINTR

-	case EINTR:

-#endif

-#ifdef EAGAIN

-# if EWOULDBLOCK != EAGAIN

-	case EAGAIN:

-# endif

-#endif

-#ifdef EPROTO

-	case EPROTO:

-#endif

-#ifdef EINPROGRESS

-	case EINPROGRESS:

-#endif

-#ifdef EALREADY

-	case EALREADY:

-#endif

-		return(1);

-		/* break; */

-	default:

-		break;

-		}

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/Makefile

+++ /dev/null

@@ -1,343 +1,0 @@

-#

-# OpenSSL/crypto/bn/Makefile

-#

-DIR=	bn

-TOP=	../..

-CC=	cc

-CPP=    $(CC) -E

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-BN_ASM=		bn_asm.o

-# or use

-#BN_ASM=	bn86-elf.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=bntest.c exptest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \

-	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \

-	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \

-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \

-	bn_depr.c bn_const.c

-LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \

-	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \

-	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \

-	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \

-	bn_depr.o bn_const.o

-SRC= $(LIBSRC)

-EXHEADER= bn.h

-HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-bn_prime.h: bn_prime.pl

-	$(PERL) bn_prime.pl >bn_prime.h

-divtest: divtest.c ../../libcrypto.a

-	cc -I../../include divtest.c -o divtest ../../libcrypto.a

-bnbug: bnbug.c ../../libcrypto.a top

-	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-bn86-elf.s:	asm/bn-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)

-co86-elf.s:	asm/co-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)

-# COFF

-bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)

-co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)

-# a.out

-bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)

-co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)

-sparcv8.o:	asm/sparcv8.S

-	$(CC) $(CFLAGS) -c asm/sparcv8.S

-sparcv8plus.o:	asm/sparcv8plus.S

-	$(CC) $(CFLAGS) -c asm/sparcv8plus.S

-bn-mips3.o:	asm/mips3.s

-	@if [ "$(CC)" = "gcc" ]; then \

-		ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \

-		as -$$ABI -O -o $@ asm/mips3.s; \

-	else	$(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi

-x86_64-gcc.o:	asm/x86_64-gcc.c

-	$(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c

-bn-ia64.s:	asm/ia64.S

-	$(CC) $(CFLAGS) -E asm/ia64.S > $@

-# GNU assembler fails to compile PA-RISC2 modules, insist on calling

-# vendor assembler...

-pa-risc2W.o: asm/pa-risc2W.s

-	/usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s

-pa-risc2.o: asm/pa-risc2.s

-	/usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s

-# ppc - AIX, Linux, MacOS X...

-linux_ppc32.s: asm/ppc.pl;	$(PERL) $< $@

-linux_ppc64.s: asm/ppc.pl;	$(PERL) $< $@

-aix_ppc32.s: asm/ppc.pl;	$(PERL) asm/ppc.pl $@

-aix_ppc64.s: asm/ppc.pl;	$(PERL) asm/ppc.pl $@

-osx_ppc32.s: asm/ppc.pl;	$(PERL) $< $@

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-exptest:

-	rm -f exptest

-	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a

-div:

-	rm -f a.out

-	gcc -I.. -g div.c ../../libcrypto.a

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h

-bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h

-bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h

-bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c

-bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h

-bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h

-bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h

-bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bn_err.o: bn_err.c

-bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h

-bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h

-bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h

-bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h

-bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h

-bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c

-bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c

-bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c

-bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c

-bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c

-bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c

-bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h

-bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c

-bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c

-bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c

-bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c

-bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c

-bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c

-bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/README

+++ /dev/null

@@ -1,27 +1,0 @@

-<OBSOLETE>

-All assember in this directory are just version of the file

-crypto/bn/bn_asm.c.

-Quite a few of these files are just the assember output from gcc since on

-quite a few machines they are 2 times faster than the system compiler.

-For the x86, I have hand written assember because of the bad job all

-compilers seem to do on it.  This normally gives a 2 time speed up in the RSA

-routines.

-For the DEC alpha, I also hand wrote the assember (except the division which

-is just the output from the C compiler pasted on the end of the file).

-On the 2 alpha C compilers I had access to, it was not possible to do

-64b x 64b -> 128b calculations (both long and the long long data types

-were 64 bits).  So the hand assember gives access to the 128 bit result and

-a 2 times speedup :-).

-There are 3 versions of assember for the HP PA-RISC.

-pa-risc.s is the origional one which works fine and generated using gcc :-)

-pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations

-by Chris Ruemmler from HP (with some help from the HP C compiler).

-</OBSOLETE>

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/bn-586.pl

+++ /dev/null

@@ -1,675 +1,0 @@

-#!/usr/local/bin/perl

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],$0);

-$sse2=0;

-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }

-&external_label("OPENSSL_ia32cap_P") if ($sse2);

-&bn_mul_add_words("bn_mul_add_words");

-&bn_mul_words("bn_mul_words");

-&bn_sqr_words("bn_sqr_words");

-&bn_div_words("bn_div_words");

-&bn_add_words("bn_add_words");

-&bn_sub_words("bn_sub_words");

-&bn_sub_part_words("bn_sub_part_words");

-&asm_finish();

-sub bn_mul_add_words

-	{

-	local($name)=@_;

-	&function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");

-	&comment("");

-	$Low="eax";

-	$High="edx";

-	$a="ebx";

-	$w="ebp";

-	$r="edi";

-	$c="esi";

-	&xor($c,$c);		# clear carry

-	&mov($r,&wparam(0));	#

-	&mov("ecx",&wparam(2));	#

-	&mov($a,&wparam(1));	#

-	&and("ecx",0xfffffff8);	# num / 8

-	&mov($w,&wparam(3));	#

-	&push("ecx");		# Up the stack for a tmp variable

-	&jz(&label("maw_finish"));

-	if ($sse2) {

-		&picmeup("eax","OPENSSL_ia32cap_P");

-		&bt(&DWP(0,"eax"),26);

-		&jnc(&label("maw_loop"));

-		&movd("mm0",$w);		# mm0 = w

-		&pxor("mm1","mm1");		# mm1 = carry_in

-		&set_label("maw_sse2_loop",0);

-		&movd("mm3",&DWP(0,$r,"",0));	# mm3 = r[0]

-		&paddq("mm1","mm3");		# mm1 = carry_in + r[0]

-		&movd("mm2",&DWP(0,$a,"",0));	# mm2 = a[0]

-		&pmuludq("mm2","mm0");		# mm2 = w*a[0]

-		&movd("mm4",&DWP(4,$a,"",0));	# mm4 = a[1]

-		&pmuludq("mm4","mm0");		# mm4 = w*a[1]

-		&movd("mm6",&DWP(8,$a,"",0));	# mm6 = a[2]

-		&pmuludq("mm6","mm0");		# mm6 = w*a[2]

-		&movd("mm7",&DWP(12,$a,"",0));	# mm7 = a[3]

-		&pmuludq("mm7","mm0");		# mm7 = w*a[3]

-		&paddq("mm1","mm2");		# mm1 = carry_in + r[0] + w*a[0]

-		&movd("mm3",&DWP(4,$r,"",0));	# mm3 = r[1]

-		&paddq("mm3","mm4");		# mm3 = r[1] + w*a[1]

-		&movd("mm5",&DWP(8,$r,"",0));	# mm5 = r[2]

-		&paddq("mm5","mm6");		# mm5 = r[2] + w*a[2]

-		&movd("mm4",&DWP(12,$r,"",0));	# mm4 = r[3]

-		&paddq("mm7","mm4");		# mm7 = r[3] + w*a[3]

-		&movd(&DWP(0,$r,"",0),"mm1");

-		&movd("mm2",&DWP(16,$a,"",0));	# mm2 = a[4]

-		&pmuludq("mm2","mm0");		# mm2 = w*a[4]

-		&psrlq("mm1",32);		# mm1 = carry0

-		&movd("mm4",&DWP(20,$a,"",0));	# mm4 = a[5]

-		&pmuludq("mm4","mm0");		# mm4 = w*a[5]

-		&paddq("mm1","mm3");		# mm1 = carry0 + r[1] + w*a[1]

-		&movd("mm6",&DWP(24,$a,"",0));	# mm6 = a[6]

-		&pmuludq("mm6","mm0");		# mm6 = w*a[6]

-		&movd(&DWP(4,$r,"",0),"mm1");

-		&psrlq("mm1",32);		# mm1 = carry1

-		&movd("mm3",&DWP(28,$a,"",0));	# mm3 = a[7]

-		&add($a,32);

-		&pmuludq("mm3","mm0");		# mm3 = w*a[7]

-		&paddq("mm1","mm5");		# mm1 = carry1 + r[2] + w*a[2]

-		&movd("mm5",&DWP(16,$r,"",0));	# mm5 = r[4]

-		&paddq("mm2","mm5");		# mm2 = r[4] + w*a[4]

-		&movd(&DWP(8,$r,"",0),"mm1");

-		&psrlq("mm1",32);		# mm1 = carry2

-		&paddq("mm1","mm7");		# mm1 = carry2 + r[3] + w*a[3]

-		&movd("mm5",&DWP(20,$r,"",0));	# mm5 = r[5]

-		&paddq("mm4","mm5");		# mm4 = r[5] + w*a[5]

-		&movd(&DWP(12,$r,"",0),"mm1");

-		&psrlq("mm1",32);		# mm1 = carry3

-		&paddq("mm1","mm2");		# mm1 = carry3 + r[4] + w*a[4]

-		&movd("mm5",&DWP(24,$r,"",0));	# mm5 = r[6]

-		&paddq("mm6","mm5");		# mm6 = r[6] + w*a[6]

-		&movd(&DWP(16,$r,"",0),"mm1");

-		&psrlq("mm1",32);		# mm1 = carry4

-		&paddq("mm1","mm4");		# mm1 = carry4 + r[5] + w*a[5]

-		&movd("mm5",&DWP(28,$r,"",0));	# mm5 = r[7]

-		&paddq("mm3","mm5");		# mm3 = r[7] + w*a[7]

-		&movd(&DWP(20,$r,"",0),"mm1");

-		&psrlq("mm1",32);		# mm1 = carry5

-		&paddq("mm1","mm6");		# mm1 = carry5 + r[6] + w*a[6]

-		&movd(&DWP(24,$r,"",0),"mm1");

-		&psrlq("mm1",32);		# mm1 = carry6

-		&paddq("mm1","mm3");		# mm1 = carry6 + r[7] + w*a[7]

-		&movd(&DWP(28,$r,"",0),"mm1");

-		&add($r,32);

-		&psrlq("mm1",32);		# mm1 = carry_out

-		&sub("ecx",8);

-		&jnz(&label("maw_sse2_loop"));

-		&movd($c,"mm1");		# c = carry_out

-		&emms();

-		&jmp(&label("maw_finish"));

-	}

-	&set_label("maw_loop",0);

-	&mov(&swtmp(0),"ecx");	#

-	for ($i=0; $i<32; $i+=4)

-		{

-		&comment("Round $i");

-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);		# L(t)+= *r

-		 &mov($c,&DWP($i,$r,"",0));	# L(t)+= *r

-		&adc("edx",0);			# H(t)+=carry

-		 &add("eax",$c);		# L(t)+=c

-		&adc("edx",0);			# H(t)+=carry

-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);

-		&mov($c,"edx");			# c=  H(t);

-		}

-	&comment("");

-	&mov("ecx",&swtmp(0));	#

-	&add($a,32);

-	&add($r,32);

-	&sub("ecx",8);

-	&jnz(&label("maw_loop"));

-	&set_label("maw_finish",0);

-	&mov("ecx",&wparam(2));	# get num

-	&and("ecx",7);

-	&jnz(&label("maw_finish2"));	# helps branch prediction

-	&jmp(&label("maw_end"));

-	&set_label("maw_finish2",1);

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		 &mov("eax",&DWP($i*4,$a,"",0));# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);			# L(t)+=c

-		 &mov($c,&DWP($i*4,$r,"",0));	# L(t)+= *r

-		&adc("edx",0);			# H(t)+=carry

-		 &add("eax",$c);

-		&adc("edx",0);			# H(t)+=carry

-		 &dec("ecx") if ($i != 7-1);

-		&mov(&DWP($i*4,$r,"",0),"eax");	# *r= L(t);

-		 &mov($c,"edx");			# c=  H(t);

-		&jz(&label("maw_end")) if ($i != 7-1);

-		}

-	&set_label("maw_end",0);

-	&mov("eax",$c);

-	&pop("ecx");	# clear variable from

-	&function_end($name);

-	}

-sub bn_mul_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$Low="eax";

-	$High="edx";

-	$a="ebx";

-	$w="ecx";

-	$r="edi";

-	$c="esi";

-	$num="ebp";

-	&xor($c,$c);		# clear carry

-	&mov($r,&wparam(0));	#

-	&mov($a,&wparam(1));	#

-	&mov($num,&wparam(2));	#

-	&mov($w,&wparam(3));	#

-	&and($num,0xfffffff8);	# num / 8

-	&jz(&label("mw_finish"));

-	&set_label("mw_loop",0);

-	for ($i=0; $i<32; $i+=4)

-		{

-		&comment("Round $i");

-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);			# L(t)+=c

-		 # XXX

-		&adc("edx",0);			# H(t)+=carry

-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);

-		&mov($c,"edx");			# c=  H(t);

-		}

-	&comment("");

-	&add($a,32);

-	&add($r,32);

-	&sub($num,8);

-	&jz(&label("mw_finish"));

-	&jmp(&label("mw_loop"));

-	&set_label("mw_finish",0);

-	&mov($num,&wparam(2));	# get num

-	&and($num,7);

-	&jnz(&label("mw_finish2"));

-	&jmp(&label("mw_end"));

-	&set_label("mw_finish2",1);

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		 &mov("eax",&DWP($i*4,$a,"",0));# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);			# L(t)+=c

-		 # XXX

-		&adc("edx",0);			# H(t)+=carry

-		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);

-		&mov($c,"edx");			# c=  H(t);

-		 &dec($num) if ($i != 7-1);

-		&jz(&label("mw_end")) if ($i != 7-1);

-		}

-	&set_label("mw_end",0);

-	&mov("eax",$c);

-	&function_end($name);

-	}

-sub bn_sqr_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$r="esi";

-	$a="edi";

-	$num="ebx";

-	&mov($r,&wparam(0));	#

-	&mov($a,&wparam(1));	#

-	&mov($num,&wparam(2));	#

-	&and($num,0xfffffff8);	# num / 8

-	&jz(&label("sw_finish"));

-	&set_label("sw_loop",0);

-	for ($i=0; $i<32; $i+=4)

-		{

-		&comment("Round $i");

-		&mov("eax",&DWP($i,$a,"",0)); 	# *a

-		 # XXX

-		&mul("eax");			# *a * *a

-		&mov(&DWP($i*2,$r,"",0),"eax");	#

-		 &mov(&DWP($i*2+4,$r,"",0),"edx");#

-		}

-	&comment("");

-	&add($a,32);

-	&add($r,64);

-	&sub($num,8);

-	&jnz(&label("sw_loop"));

-	&set_label("sw_finish",0);

-	&mov($num,&wparam(2));	# get num

-	&and($num,7);

-	&jz(&label("sw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov("eax",&DWP($i*4,$a,"",0));	# *a

-		 # XXX

-		&mul("eax");			# *a * *a

-		&mov(&DWP($i*8,$r,"",0),"eax");	#

-		 &dec($num) if ($i != 7-1);

-		&mov(&DWP($i*8+4,$r,"",0),"edx");

-		 &jz(&label("sw_end")) if ($i != 7-1);

-		}

-	&set_label("sw_end",0);

-	&function_end($name);

-	}

-sub bn_div_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&mov("edx",&wparam(0));	#

-	&mov("eax",&wparam(1));	#

-	&mov("ebx",&wparam(2));	#

-	&div("ebx");

-	&function_end($name);

-	}

-sub bn_add_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$a="esi";

-	$b="edi";

-	$c="eax";

-	$r="ebx";

-	$tmp1="ecx";

-	$tmp2="edx";

-	$num="ebp";

-	&mov($r,&wparam(0));	# get r

-	 &mov($a,&wparam(1));	# get a

-	&mov($b,&wparam(2));	# get b

-	 &mov($num,&wparam(3));	# get num

-	&xor($c,$c);		# clear carry

-	 &and($num,0xfffffff8);	# num / 8

-	&jz(&label("aw_finish"));

-	&set_label("aw_loop",0);

-	for ($i=0; $i<8; $i++)

-		{

-		&comment("Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b

-		&add($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &add($tmp1,$tmp2);

-		&adc($c,0);

-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r

-		}

-	&comment("");

-	&add($a,32);

-	 &add($b,32);

-	&add($r,32);

-	 &sub($num,8);

-	&jnz(&label("aw_loop"));

-	&set_label("aw_finish",0);

-	&mov($num,&wparam(3));	# get num

-	&and($num,7);

-	 &jz(&label("aw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b

-		&add($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &add($tmp1,$tmp2);

-		&adc($c,0);

-		 &dec($num) if ($i != 6);

-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-		 &jz(&label("aw_end")) if ($i != 6);

-		}

-	&set_label("aw_end",0);

-#	&mov("eax",$c);		# $c is "eax"

-	&function_end($name);

-	}

-sub bn_sub_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$a="esi";

-	$b="edi";

-	$c="eax";

-	$r="ebx";

-	$tmp1="ecx";

-	$tmp2="edx";

-	$num="ebp";

-	&mov($r,&wparam(0));	# get r

-	 &mov($a,&wparam(1));	# get a

-	&mov($b,&wparam(2));	# get b

-	 &mov($num,&wparam(3));	# get num

-	&xor($c,$c);		# clear carry

-	 &and($num,0xfffffff8);	# num / 8

-	&jz(&label("aw_finish"));

-	&set_label("aw_loop",0);

-	for ($i=0; $i<8; $i++)

-		{

-		&comment("Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b

-		&sub($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &sub($tmp1,$tmp2);

-		&adc($c,0);

-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r

-		}

-	&comment("");

-	&add($a,32);

-	 &add($b,32);

-	&add($r,32);

-	 &sub($num,8);

-	&jnz(&label("aw_loop"));

-	&set_label("aw_finish",0);

-	&mov($num,&wparam(3));	# get num

-	&and($num,7);

-	 &jz(&label("aw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b

-		&sub($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &sub($tmp1,$tmp2);

-		&adc($c,0);

-		 &dec($num) if ($i != 6);

-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-		 &jz(&label("aw_end")) if ($i != 6);

-		}

-	&set_label("aw_end",0);

-#	&mov("eax",$c);		# $c is "eax"

-	&function_end($name);

-	}

-sub bn_sub_part_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$a="esi";

-	$b="edi";

-	$c="eax";

-	$r="ebx";

-	$tmp1="ecx";

-	$tmp2="edx";

-	$num="ebp";

-	&mov($r,&wparam(0));	# get r

-	 &mov($a,&wparam(1));	# get a

-	&mov($b,&wparam(2));	# get b

-	 &mov($num,&wparam(3));	# get num

-	&xor($c,$c);		# clear carry

-	 &and($num,0xfffffff8);	# num / 8

-	&jz(&label("aw_finish"));

-	&set_label("aw_loop",0);

-	for ($i=0; $i<8; $i++)

-		{

-		&comment("Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b

-		&sub($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &sub($tmp1,$tmp2);

-		&adc($c,0);

-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r

-		}

-	&comment("");

-	&add($a,32);

-	 &add($b,32);

-	&add($r,32);

-	 &sub($num,8);

-	&jnz(&label("aw_loop"));

-	&set_label("aw_finish",0);

-	&mov($num,&wparam(3));	# get num

-	&and($num,7);

-	 &jz(&label("aw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov($tmp1,&DWP(0,$a,"",0));	# *a

-		 &mov($tmp2,&DWP(0,$b,"",0));# *b

-		&sub($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &sub($tmp1,$tmp2);

-		&adc($c,0);

-		&mov(&DWP(0,$r,"",0),$tmp1);	# *r

-		&add($a, 4);

-		&add($b, 4);

-		&add($r, 4);

-		 &dec($num) if ($i != 6);

-		 &jz(&label("aw_end")) if ($i != 6);

-		}

-	&set_label("aw_end",0);

-	&cmp(&wparam(4),0);

-	&je(&label("pw_end"));

-	&mov($num,&wparam(4));	# get dl

-	&cmp($num,0);

-	&je(&label("pw_end"));

-	&jge(&label("pw_pos"));

-	&comment("pw_neg");

-	&mov($tmp2,0);

-	&sub($tmp2,$num);

-	&mov($num,$tmp2);

-	&and($num,0xfffffff8);	# num / 8

-	&jz(&label("pw_neg_finish"));

-	&set_label("pw_neg_loop",0);

-	for ($i=0; $i<8; $i++)

-	{

-	    &comment("dl<0 Round $i");

-	    &mov($tmp1,0);

-	    &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b

-	    &sub($tmp1,$c);

-	    &mov($c,0);

-	    &adc($c,$c);

-	    &sub($tmp1,$tmp2);

-	    &adc($c,0);

-	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r

-	}

-	&comment("");

-	&add($b,32);

-	&add($r,32);

-	&sub($num,8);

-	&jnz(&label("pw_neg_loop"));

-	&set_label("pw_neg_finish",0);

-	&mov($tmp2,&wparam(4));	# get dl

-	&mov($num,0);

-	&sub($num,$tmp2);

-	&and($num,7);

-	&jz(&label("pw_end"));

-	for ($i=0; $i<7; $i++)

-	{

-	    &comment("dl<0 Tail Round $i");

-	    &mov($tmp1,0);

-	    &mov($tmp2,&DWP($i*4,$b,"",0));# *b

-	    &sub($tmp1,$c);

-	    &mov($c,0);

-	    &adc($c,$c);

-	    &sub($tmp1,$tmp2);

-	    &adc($c,0);

-	    &dec($num) if ($i != 6);

-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-	    &jz(&label("pw_end")) if ($i != 6);

-	}

-	&jmp(&label("pw_end"));

-	&set_label("pw_pos",0);

-	&and($num,0xfffffff8);	# num / 8

-	&jz(&label("pw_pos_finish"));

-	&set_label("pw_pos_loop",0);

-	for ($i=0; $i<8; $i++)

-	{

-	    &comment("dl>0 Round $i");

-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-	    &sub($tmp1,$c);

-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-	    &jnc(&label("pw_nc".$i));

-	}

-	&comment("");

-	&add($a,32);

-	&add($r,32);

-	&sub($num,8);

-	&jnz(&label("pw_pos_loop"));

-	&set_label("pw_pos_finish",0);

-	&mov($num,&wparam(4));	# get dl

-	&and($num,7);

-	&jz(&label("pw_end"));

-	for ($i=0; $i<7; $i++)

-	{

-	    &comment("dl>0 Tail Round $i");

-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-	    &sub($tmp1,$c);

-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-	    &jnc(&label("pw_tail_nc".$i));

-	    &dec($num) if ($i != 6);

-	    &jz(&label("pw_end")) if ($i != 6);

-	}

-	&mov($c,1);

-	&jmp(&label("pw_end"));

-	&set_label("pw_nc_loop",0);

-	for ($i=0; $i<8; $i++)

-	{

-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-	    &set_label("pw_nc".$i,0);

-	}

-	&comment("");

-	&add($a,32);

-	&add($r,32);

-	&sub($num,8);

-	&jnz(&label("pw_nc_loop"));

-	&mov($num,&wparam(4));	# get dl

-	&and($num,7);

-	&jz(&label("pw_nc_end"));

-	for ($i=0; $i<7; $i++)

-	{

-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r

-	    &set_label("pw_tail_nc".$i,0);

-	    &dec($num) if ($i != 6);

-	    &jz(&label("pw_nc_end")) if ($i != 6);

-	}

-	&set_label("pw_nc_end",0);

-	&mov($c,0);

-	&set_label("pw_end",0);

-#	&mov("eax",$c);		# $c is "eax"

-	&function_end($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/co-586.pl

+++ /dev/null

@@ -1,286 +1,0 @@

-#!/usr/local/bin/perl

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],$0);

-&bn_mul_comba("bn_mul_comba8",8);

-&bn_mul_comba("bn_mul_comba4",4);

-&bn_sqr_comba("bn_sqr_comba8",8);

-&bn_sqr_comba("bn_sqr_comba4",4);

-&asm_finish();

-sub mul_add_c

-	{

-	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;

-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next

-	# words, and 1 if load return value

-	&comment("mul a[$ai]*b[$bi]");

-	# "eax" and "edx" will always be pre-loaded.

-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;

-	# &mov("edx",&DWP($bi*4,$b,"",0));

-	&mul("edx");

-	&add($c0,"eax");

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a

-	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]

-	 ###

-	&adc($c1,"edx");

-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b

-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b

-	 ###

-	&adc($c2,0);

-	 # is pos > 1, it means it is the last loop

-	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];

-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a

-	}

-sub sqr_add_c

-	{

-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;

-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next

-	# words, and 1 if load return value

-	&comment("sqr a[$ai]*a[$bi]");

-	# "eax" and "edx" will always be pre-loaded.

-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;

-	# &mov("edx",&DWP($bi*4,$b,"",0));

-	if ($ai == $bi)

-		{ &mul("eax");}

-	else

-		{ &mul("edx");}

-	&add($c0,"eax");

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a

-	 ###

-	&adc($c1,"edx");

-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);

-	 ###

-	&adc($c2,0);

-	 # is pos > 1, it means it is the last loop

-	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];

-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b

-	}

-sub sqr_add_c2

-	{

-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;

-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next

-	# words, and 1 if load return value

-	&comment("sqr a[$ai]*a[$bi]");

-	# "eax" and "edx" will always be pre-loaded.

-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;

-	# &mov("edx",&DWP($bi*4,$a,"",0));

-	if ($ai == $bi)

-		{ &mul("eax");}

-	else

-		{ &mul("edx");}

-	&add("eax","eax");

-	 ###

-	&adc("edx","edx");

-	 ###

-	&adc($c2,0);

-	 &add($c0,"eax");

-	&adc($c1,"edx");

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b

-	&adc($c2,0);

-	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];

-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);

-	 ###

-	}

-sub bn_mul_comba

-	{

-	local($name,$num)=@_;

-	local($a,$b,$c0,$c1,$c2);

-	local($i,$as,$ae,$bs,$be,$ai,$bi);

-	local($tot,$end);

-	&function_begin_B($name,"");

-	$c0="ebx";

-	$c1="ecx";

-	$c2="ebp";

-	$a="esi";

-	$b="edi";

-	$as=0;

-	$ae=0;

-	$bs=0;

-	$be=0;

-	$tot=$num+$num-1;

-	&push("esi");

-	 &mov($a,&wparam(1));

-	&push("edi");

-	 &mov($b,&wparam(2));

-	&push("ebp");

-	 &push("ebx");

-	&xor($c0,$c0);

-	 &mov("eax",&DWP(0,$a,"",0));	# load the first word

-	&xor($c1,$c1);

-	 &mov("edx",&DWP(0,$b,"",0));	# load the first second

-	for ($i=0; $i<$tot; $i++)

-		{

-		$ai=$as;

-		$bi=$bs;

-		$end=$be+1;

-		&comment("################## Calculate word $i");

-		for ($j=$bs; $j<$end; $j++)

-			{

-			&xor($c2,$c2) if ($j == $bs);

-			if (($j+1) == $end)

-				{

-				$v=1;

-				$v=2 if (($i+1) == $tot);

-				}

-			else

-				{ $v=0; }

-			if (($j+1) != $end)

-				{

-				$na=($ai-1);

-				$nb=($bi+1);

-				}

-			else

-				{

-				$na=$as+($i < ($num-1));

-				$nb=$bs+($i >= ($num-1));

-				}

-#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";

-			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);

-			if ($v)

-				{

-				&comment("saved r[$i]");

-				# &mov("eax",&wparam(0));

-				# &mov(&DWP($i*4,"eax","",0),$c0);

-				($c0,$c1,$c2)=($c1,$c2,$c0);

-				}

-			$ai--;

-			$bi++;

-			}

-		$as++ if ($i < ($num-1));

-		$ae++ if ($i >= ($num-1));

-		$bs++ if ($i >= ($num-1));

-		$be++ if ($i < ($num-1));

-		}

-	&comment("save r[$i]");

-	# &mov("eax",&wparam(0));

-	&mov(&DWP($i*4,"eax","",0),$c0);

-	&pop("ebx");

-	&pop("ebp");

-	&pop("edi");

-	&pop("esi");

-	&ret();

-	&function_end_B($name);

-	}

-sub bn_sqr_comba

-	{

-	local($name,$num)=@_;

-	local($r,$a,$c0,$c1,$c2)=@_;

-	local($i,$as,$ae,$bs,$be,$ai,$bi);

-	local($b,$tot,$end,$half);

-	&function_begin_B($name,"");

-	$c0="ebx";

-	$c1="ecx";

-	$c2="ebp";

-	$a="esi";

-	$r="edi";

-	&push("esi");

-	 &push("edi");

-	&push("ebp");

-	 &push("ebx");

-	&mov($r,&wparam(0));

-	 &mov($a,&wparam(1));

-	&xor($c0,$c0);

-	 &xor($c1,$c1);

-	&mov("eax",&DWP(0,$a,"",0)); # load the first word

-	$as=0;

-	$ae=0;

-	$bs=0;

-	$be=0;

-	$tot=$num+$num-1;

-	for ($i=0; $i<$tot; $i++)

-		{

-		$ai=$as;

-		$bi=$bs;

-		$end=$be+1;

-		&comment("############### Calculate word $i");

-		for ($j=$bs; $j<$end; $j++)

-			{

-			&xor($c2,$c2) if ($j == $bs);

-			if (($ai-1) < ($bi+1))

-				{

-				$v=1;

-				$v=2 if ($i+1) == $tot;

-				}

-			else

-				{ $v=0; }

-			if (!$v)

-				{

-				$na=$ai-1;

-				$nb=$bi+1;

-				}

-			else

-				{

-				$na=$as+($i < ($num-1));

-				$nb=$bs+($i >= ($num-1));

-				}

-			if ($ai == $bi)

-				{

-				&sqr_add_c($r,$a,$ai,$bi,

-					$c0,$c1,$c2,$v,$i,$na,$nb);

-				}

-			else

-				{

-				&sqr_add_c2($r,$a,$ai,$bi,

-					$c0,$c1,$c2,$v,$i,$na,$nb);

-				}

-			if ($v)

-				{

-				&comment("saved r[$i]");

-				#&mov(&DWP($i*4,$r,"",0),$c0);

-				($c0,$c1,$c2)=($c1,$c2,$c0);

-				last;

-				}

-			$ai--;

-			$bi++;

-			}

-		$as++ if ($i < ($num-1));

-		$ae++ if ($i >= ($num-1));

-		$bs++ if ($i >= ($num-1));

-		$be++ if ($i < ($num-1));

-		}

-	&mov(&DWP($i*4,$r,"",0),$c0);

-	&pop("ebx");

-	&pop("ebp");

-	&pop("edi");

-	&pop("esi");

-	&ret();

-	&function_end_B($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/ia64.S

+++ /dev/null

@@ -1,1555 +1,0 @@

-.explicit

-.text

-.ident	"ia64.S, Version 2.1"

-.ident	"IA-64 ISA artwork by Andy Polyakov <[email protected]>"

-//

-// ====================================================================

-// Written by Andy Polyakov <[email protected]> for the OpenSSL

-// project.

-//

-// Rights for redistribution and usage in source and binary forms are

-// granted according to the OpenSSL license. Warranty of any kind is

-// disclaimed.

-// ====================================================================

-//

-// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is

-// different from Itanium to this module viewpoint. Most notably, is it

-// "wider" than Itanium? Can you experience loop scalability as

-// discussed in commentary sections? Not really:-( Itanium2 has 6

-// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to

-// spin twice as fast, as I need 8 IALU ports. Amount of floating point

-// ports is the same, i.e. 2, while I need 4. In other words, to this

-// module Itanium2 remains effectively as "wide" as Itanium. Yet it's

-// essentially different in respect to this module, and a re-tune was

-// required. Well, because some intruction latencies has changed. Most

-// noticeably those intensively used:

-//

-//			Itanium	Itanium2

-//	ldf8		9	6		L2 hit

-//	ld8		2	1		L1 hit

-//	getf		2	5

-//	xma[->getf]	7[+1]	4[+0]

-//	add[->st8]	1[+1]	1[+0]

-//

-// What does it mean? You might ratiocinate that the original code

-// should run just faster... Because sum of latencies is smaller...

-// Wrong! Note that getf latency increased. This means that if a loop is

-// scheduled for lower latency (as they were), then it will suffer from

-// stall condition and the code will therefore turn anti-scalable, e.g.

-// original bn_mul_words spun at 5*n or 2.5 times slower than expected

-// on Itanium2! What to do? Reschedule loops for Itanium2? But then

-// Itanium would exhibit anti-scalability. So I've chosen to reschedule

-// for worst latency for every instruction aiming for best *all-round*

-// performance.

-// Q.	How much faster does it get?

-// A.	Here is the output from 'openssl speed rsa dsa' for vanilla

-//	0.9.6a compiled with gcc version 2.96 20000731 (Red Hat

-//	Linux 7.1 2.96-81):

-//

-//	                  sign    verify    sign/s verify/s

-//	rsa  512 bits   0.0036s   0.0003s    275.3   2999.2

-//	rsa 1024 bits   0.0203s   0.0011s     49.3    894.1

-//	rsa 2048 bits   0.1331s   0.0040s      7.5    250.9

-//	rsa 4096 bits   0.9270s   0.0147s      1.1     68.1

-//	                  sign    verify    sign/s verify/s

-//	dsa  512 bits   0.0035s   0.0043s    288.3    234.8

-//	dsa 1024 bits   0.0111s   0.0135s     90.0     74.2

-//

-//	And here is similar output but for this assembler

-//	implementation:-)

-//

-//	                  sign    verify    sign/s verify/s

-//	rsa  512 bits   0.0021s   0.0001s    549.4   9638.5

-//	rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1

-//	rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3

-//	rsa 4096 bits   0.1295s   0.0018s      7.7    561.5

-//	                  sign    verify    sign/s verify/s

-//	dsa  512 bits   0.0012s   0.0013s    891.9    756.6

-//	dsa 1024 bits   0.0023s   0.0028s    440.4    376.2

-//

-//	Yes, you may argue that it's not fair comparison as it's

-//	possible to craft the C implementation with BN_UMULT_HIGH

-//	inline assembler macro. But of course! Here is the output

-//	with the macro:

-//

-//	                  sign    verify    sign/s verify/s

-//	rsa  512 bits   0.0020s   0.0002s    495.0   6561.0

-//	rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7

-//	rsa 2048 bits   0.0519s   0.0015s     19.3    667.3

-//	rsa 4096 bits   0.3464s   0.0053s      2.9    187.7

-//	                  sign    verify    sign/s verify/s

-//	dsa  512 bits   0.0016s   0.0020s    613.1    510.5

-//	dsa 1024 bits   0.0045s   0.0054s    221.0    183.9

-//

-//	My code is still way faster, huh:-) And I believe that even

-//	higher performance can be achieved. Note that as keys get

-//	longer, performance gain is larger. Why? According to the

-//	profiler there is another player in the field, namely

-//	BN_from_montgomery consuming larger and larger portion of CPU

-//	time as keysize decreases. I therefore consider putting effort

-//	to assembler implementation of the following routine:

-//

-//	void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)

-//	{

-//	int      i,j;

-//	BN_ULONG v;

-//

-//	for (i=0; i<nl; i++)

-//		{

-//		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);

-//		nrp++;

-//		rp++;

-//		if (((nrp[-1]+=v)&BN_MASK2) < v)

-//			for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;

-//		}

-//	}

-//

-//	It might as well be beneficial to implement even combaX

-//	variants, as it appears as it can literally unleash the

-//	performance (see comment section to bn_mul_comba8 below).

-//

-//	And finally for your reference the output for 0.9.6a compiled

-//	with SGIcc version 0.01.0-12 (keep in mind that for the moment

-//	of this writing it's not possible to convince SGIcc to use

-//	BN_UMULT_HIGH inline assembler macro, yet the code is fast,

-//	i.e. for a compiler generated one:-):

-//

-//	                  sign    verify    sign/s verify/s

-//	rsa  512 bits   0.0022s   0.0002s    452.7   5894.3

-//	rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9

-//	rsa 2048 bits   0.0578s   0.0017s     17.3    600.2

-//	rsa 4096 bits   0.3838s   0.0061s      2.6    164.5

-//	                  sign    verify    sign/s verify/s

-//	dsa  512 bits   0.0018s   0.0022s    547.3    459.6

-//	dsa 1024 bits   0.0051s   0.0062s    196.6    161.3

-//

-//	Oh! Benchmarks were performed on 733MHz Lion-class Itanium

-//	system running Redhat Linux 7.1 (very special thanks to Ray

-//	McCaffity of Williams Communications for providing an account).

-//

-// Q.	What's the heck with 'rum 1<<5' at the end of every function?

-// A.	Well, by clearing the "upper FP registers written" bit of the

-//	User Mask I want to excuse the kernel from preserving upper

-//	(f32-f128) FP register bank over process context switch, thus

-//	minimizing bus bandwidth consumption during the switch (i.e.

-//	after PKI opration completes and the program is off doing

-//	something else like bulk symmetric encryption). Having said

-//	this, I also want to point out that it might be good idea

-//	to compile the whole toolkit (as well as majority of the

-//	programs for that matter) with -mfixed-range=f32-f127 command

-//	line option. No, it doesn't prevent the compiler from writing

-//	to upper bank, but at least discourages to do so. If you don't

-//	like the idea you have the option to compile the module with

-//	-Drum=nop.m in command line.

-//

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-#define	ADDP	addp4

-#else

-#define	ADDP	add

-#endif

-#if 1

-//

-// bn_[add|sub]_words routines.

-//

-// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the

-// data reside in L1 cache, i.e. 2 ticks away). It's possible to

-// compress the epilogue and get down to 2*n+6, but at the cost of

-// scalability (the neat feature of this implementation is that it

-// shall automagically spin in n+5 on "wider" IA-64 implementations:-)

-// I consider that the epilogue is short enough as it is to trade tiny

-// performance loss on Itanium for scalability.

-//

-// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)

-//

-.global	bn_add_words#

-.proc	bn_add_words#

-.align	64

-.skip	32	// makes the loop body aligned at 64-byte boundary

-bn_add_words:

-	.prologue

-	.save	ar.pfs,r2

-{ .mii;	alloc		r2=ar.pfs,4,12,0,16

-	cmp4.le		p6,p0=r35,r0	};;

-{ .mfb;	mov		r8=r0			// return value

-(p6)	br.ret.spnt.many	b0	};;

-{ .mib;	sub		r10=r35,r0,1

-	.save	ar.lc,r3

-	mov		r3=ar.lc

-	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16

-					}

-{ .mib;	ADDP		r14=0,r32		// rp

-	.save	pr,r9

-	mov		r9=pr		};;

-	.body

-{ .mii;	ADDP		r15=0,r33		// ap

-	mov		ar.lc=r10

-	mov		ar.ec=6		}

-{ .mib;	ADDP		r16=0,r34		// bp

-	mov		pr.rot=1<<16	};;

-.L_bn_add_words_ctop:

-{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)

-	(p18)	add		r39=r37,r34

-	(p19)	cmp.ltu.unc	p56,p0=r40,r38	}

-{ .mfb;	(p0)	nop.m		0x0

-	(p0)	nop.f		0x0

-	(p0)	nop.b		0x0		}

-{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)

-	(p58)	cmp.eq.or	p57,p0=-1,r41	  // (p20)

-	(p58)	add		r41=1,r41	} // (p20)

-{ .mfb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r

-	(p0)	nop.f		0x0

-	br.ctop.sptk	.L_bn_add_words_ctop	};;

-.L_bn_add_words_cend:

-{ .mii;

-(p59)	add		r8=1,r8		// return value

-	mov		pr=r9,0x1ffff

-	mov		ar.lc=r3	}

-{ .mbb;	nop.b		0x0

-	br.ret.sptk.many	b0	};;

-.endp	bn_add_words#

-//

-// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)

-//

-.global	bn_sub_words#

-.proc	bn_sub_words#

-.align	64

-.skip	32	// makes the loop body aligned at 64-byte boundary

-bn_sub_words:

-	.prologue

-	.save	ar.pfs,r2

-{ .mii;	alloc		r2=ar.pfs,4,12,0,16

-	cmp4.le		p6,p0=r35,r0	};;

-{ .mfb;	mov		r8=r0			// return value

-(p6)	br.ret.spnt.many	b0	};;

-{ .mib;	sub		r10=r35,r0,1

-	.save	ar.lc,r3

-	mov		r3=ar.lc

-	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16

-					}

-{ .mib;	ADDP		r14=0,r32		// rp

-	.save	pr,r9

-	mov		r9=pr		};;

-	.body

-{ .mii;	ADDP		r15=0,r33		// ap

-	mov		ar.lc=r10

-	mov		ar.ec=6		}

-{ .mib;	ADDP		r16=0,r34		// bp

-	mov		pr.rot=1<<16	};;

-.L_bn_sub_words_ctop:

-{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)

-	(p18)	sub		r39=r37,r34

-	(p19)	cmp.gtu.unc	p56,p0=r40,r38	}

-{ .mfb;	(p0)	nop.m		0x0

-	(p0)	nop.f		0x0

-	(p0)	nop.b		0x0		}

-{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)

-	(p58)	cmp.eq.or	p57,p0=0,r41	  // (p20)

-	(p58)	add		r41=-1,r41	} // (p20)

-{ .mbb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r

-	(p0)	nop.b		0x0

-	br.ctop.sptk	.L_bn_sub_words_ctop	};;

-.L_bn_sub_words_cend:

-{ .mii;

-(p59)	add		r8=1,r8		// return value

-	mov		pr=r9,0x1ffff

-	mov		ar.lc=r3	}

-{ .mbb;	nop.b		0x0

-	br.ret.sptk.many	b0	};;

-.endp	bn_sub_words#

-#endif

-#if 0

-#define XMA_TEMPTATION

-#endif

-#if 1

-//

-// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-//

-.global	bn_mul_words#

-.proc	bn_mul_words#

-.align	64

-.skip	32	// makes the loop body aligned at 64-byte boundary

-bn_mul_words:

-	.prologue

-	.save	ar.pfs,r2

-#ifdef XMA_TEMPTATION

-{ .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;

-#else

-{ .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;

-#endif

-{ .mib;	mov		r8=r0			// return value

-	cmp4.le		p6,p0=r34,r0

-(p6)	br.ret.spnt.many	b0		};;

-{ .mii;	sub	r10=r34,r0,1

-	.save	ar.lc,r3

-	mov	r3=ar.lc

-	.save	pr,r9

-	mov	r9=pr			};;

-	.body

-{ .mib;	setf.sig	f8=r35	// w

-	mov		pr.rot=0x800001<<16

-			// ------^----- serves as (p50) at first (p27)

-	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16

-					}

-#ifndef XMA_TEMPTATION

-{ .mmi;	ADDP		r14=0,r32	// rp

-	ADDP		r15=0,r33	// ap

-	mov		ar.lc=r10	}

-{ .mmi;	mov		r40=0		// serves as r35 at first (p27)

-	mov		ar.ec=13	};;

-// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium

-// L2 cache (i.e. 9 ticks away) as floating point load/store instructions

-// bypass L1 cache and L2 latency is actually best-case scenario for

-// ldf8. The loop is not scalable and shall run in 2*(n+12) even on

-// "wider" IA-64 implementations. It's a trade-off here. n+24 loop

-// would give us ~5% in *overall* performance improvement on "wider"

-// IA-64, but would hurt Itanium for about same because of longer

-// epilogue. As it's a matter of few percents in either case I've

-// chosen to trade the scalability for development time (you can see

-// this very instruction sequence in bn_mul_add_words loop which in

-// turn is scalable).

-.L_bn_mul_words_ctop:

-{ .mfi;	(p25)	getf.sig	r36=f52			// low

-	(p21)	xmpy.lu		f48=f37,f8

-	(p28)	cmp.ltu		p54,p50=r41,r39	}

-{ .mfi;	(p16)	ldf8		f32=[r15],8

-	(p21)	xmpy.hu		f40=f37,f8

-	(p0)	nop.i		0x0		};;

-{ .mii;	(p25)	getf.sig	r32=f44			// high

-	.pred.rel	"mutex",p50,p54

-	(p50)	add		r40=r38,r35		// (p27)

-	(p54)	add		r40=r38,r35,1	}	// (p27)

-{ .mfb;	(p28)	st8		[r14]=r41,8

-	(p0)	nop.f		0x0

-	br.ctop.sptk	.L_bn_mul_words_ctop	};;

-.L_bn_mul_words_cend:

-{ .mii;	nop.m		0x0

-.pred.rel	"mutex",p51,p55

-(p51)	add		r8=r36,r0

-(p55)	add		r8=r36,r0,1	}

-{ .mfb;	nop.m	0x0

-	nop.f	0x0

-	nop.b	0x0			}

-#else	// XMA_TEMPTATION

-	setf.sig	f37=r0	// serves as carry at (p18) tick

-	mov		ar.lc=r10

-	mov		ar.ec=5;;

-// Most of you examining this code very likely wonder why in the name

-// of Intel the following loop is commented out? Indeed, it looks so

-// neat that you find it hard to believe that it's something wrong

-// with it, right? The catch is that every iteration depends on the

-// result from previous one and the latter isn't available instantly.

-// The loop therefore spins at the latency of xma minus 1, or in other

-// words at 6*(n+4) ticks:-( Compare to the "production" loop above

-// that runs in 2*(n+11) where the low latency problem is worked around

-// by moving the dependency to one-tick latent interger ALU. Note that

-// "distance" between ldf8 and xma is not latency of ldf8, but the

-// *difference* between xma and ldf8 latencies.

-.L_bn_mul_words_ctop:

-{ .mfi;	(p16)	ldf8		f32=[r33],8

-	(p18)	xma.hu		f38=f34,f8,f39	}

-{ .mfb;	(p20)	stf8		[r32]=f37,8

-	(p18)	xma.lu		f35=f34,f8,f39

-	br.ctop.sptk	.L_bn_mul_words_ctop	};;

-.L_bn_mul_words_cend:

-	getf.sig	r8=f41		// the return value

-#endif	// XMA_TEMPTATION

-{ .mii;	nop.m		0x0

-	mov		pr=r9,0x1ffff

-	mov		ar.lc=r3	}

-{ .mfb;	rum		1<<5		// clear um.mfh

-	nop.f		0x0

-	br.ret.sptk.many	b0	};;

-.endp	bn_mul_words#

-#endif

-#if 1

-//

-// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-//

-.global	bn_mul_add_words#

-.proc	bn_mul_add_words#

-.align	64

-.skip	48	// makes the loop body aligned at 64-byte boundary

-bn_mul_add_words:

-	.prologue

-	.save	ar.pfs,r2

-{ .mmi;	alloc		r2=ar.pfs,4,4,0,8

-	cmp4.le		p6,p0=r34,r0

-	.save	ar.lc,r3

-	mov		r3=ar.lc	};;

-{ .mib;	mov		r8=r0		// return value

-	sub		r10=r34,r0,1

-(p6)	br.ret.spnt.many	b0	};;

-{ .mib;	setf.sig	f8=r35		// w

-	.save	pr,r9

-	mov		r9=pr

-	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16

-					}

-	.body

-{ .mmi;	ADDP		r14=0,r32	// rp

-	ADDP		r15=0,r33	// ap

-	mov		ar.lc=r10	}

-{ .mii;	ADDP		r16=0,r32	// rp copy

-	mov		pr.rot=0x2001<<16

-			// ------^----- serves as (p40) at first (p27)

-	mov		ar.ec=11	};;

-// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on

-// Itanium 2. Yes, unlike previous versions it scales:-) Previous

-// version was peforming *all* additions in IALU and was starving

-// for those even on Itanium 2. In this version one addition is

-// moved to FPU and is folded with multiplication. This is at cost

-// of propogating the result from previous call to this subroutine

-// to L2 cache... In other words negligible even for shorter keys.

-// *Overall* performance improvement [over previous version] varies

-// from 11 to 22 percent depending on key length.

-.L_bn_mul_add_words_ctop:

-.pred.rel	"mutex",p40,p42

-{ .mfi;	(p23)	getf.sig	r36=f45			// low

-	(p20)	xma.lu		f42=f36,f8,f50		// low

-	(p40)	add		r39=r39,r35	}	// (p27)

-{ .mfi;	(p16)	ldf8		f32=[r15],8		// *(ap++)

-	(p20)	xma.hu		f36=f36,f8,f50		// high

-	(p42)	add		r39=r39,r35,1	};;	// (p27)

-{ .mmi;	(p24)	getf.sig	r32=f40			// high

-	(p16)	ldf8		f46=[r16],8		// *(rp1++)

-	(p40)	cmp.ltu		p41,p39=r39,r35	}	// (p27)

-{ .mib;	(p26)	st8		[r14]=r39,8		// *(rp2++)

-	(p42)	cmp.leu		p41,p39=r39,r35		// (p27)

-	br.ctop.sptk	.L_bn_mul_add_words_ctop};;

-.L_bn_mul_add_words_cend:

-{ .mmi;	.pred.rel	"mutex",p40,p42

-(p40)	add		r8=r35,r0

-(p42)	add		r8=r35,r0,1

-	mov		pr=r9,0x1ffff	}

-{ .mib;	rum		1<<5		// clear um.mfh

-	mov		ar.lc=r3

-	br.ret.sptk.many	b0	};;

-.endp	bn_mul_add_words#

-#endif

-#if 1

-//

-// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)

-//

-.global	bn_sqr_words#

-.proc	bn_sqr_words#

-.align	64

-.skip	32	// makes the loop body aligned at 64-byte boundary

-bn_sqr_words:

-	.prologue

-	.save	ar.pfs,r2

-{ .mii;	alloc		r2=ar.pfs,3,0,0,0

-	sxt4		r34=r34		};;

-{ .mii;	cmp.le		p6,p0=r34,r0

-	mov		r8=r0		}	// return value

-{ .mfb;	ADDP		r32=0,r32

-	nop.f		0x0

-(p6)	br.ret.spnt.many	b0	};;

-{ .mii;	sub	r10=r34,r0,1

-	.save	ar.lc,r3

-	mov	r3=ar.lc

-	.save	pr,r9

-	mov	r9=pr			};;

-	.body

-{ .mib;	ADDP		r33=0,r33

-	mov		pr.rot=1<<16

-	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16

-					}

-{ .mii;	add		r34=8,r32

-	mov		ar.lc=r10

-	mov		ar.ec=18	};;

-// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's

-// possible to compress the epilogue (I'm getting tired to write this

-// comment over and over) and get down to 2*n+16 at the cost of

-// scalability. The decision will very likely be reconsidered after the

-// benchmark program is profiled. I.e. if perfomance gain on Itanium

-// will appear larger than loss on "wider" IA-64, then the loop should

-// be explicitely split and the epilogue compressed.

-.L_bn_sqr_words_ctop:

-{ .mfi;	(p16)	ldf8		f32=[r33],8

-	(p25)	xmpy.lu		f42=f41,f41

-	(p0)	nop.i		0x0		}

-{ .mib;	(p33)	stf8		[r32]=f50,16

-	(p0)	nop.i		0x0

-	(p0)	nop.b		0x0		}

-{ .mfi;	(p0)	nop.m		0x0

-	(p25)	xmpy.hu		f52=f41,f41

-	(p0)	nop.i		0x0		}

-{ .mib;	(p33)	stf8		[r34]=f60,16

-	(p0)	nop.i		0x0

-	br.ctop.sptk	.L_bn_sqr_words_ctop	};;

-.L_bn_sqr_words_cend:

-{ .mii;	nop.m		0x0

-	mov		pr=r9,0x1ffff

-	mov		ar.lc=r3	}

-{ .mfb;	rum		1<<5		// clear um.mfh

-	nop.f		0x0

-	br.ret.sptk.many	b0	};;

-.endp	bn_sqr_words#

-#endif

-#if 1

-// Apparently we win nothing by implementing special bn_sqr_comba8.

-// Yes, it is possible to reduce the number of multiplications by

-// almost factor of two, but then the amount of additions would

-// increase by factor of two (as we would have to perform those

-// otherwise performed by xma ourselves). Normally we would trade

-// anyway as multiplications are way more expensive, but not this

-// time... Multiplication kernel is fully pipelined and as we drain

-// one 128-bit multiplication result per clock cycle multiplications

-// are effectively as inexpensive as additions. Special implementation

-// might become of interest for "wider" IA-64 implementation as you'll

-// be able to get through the multiplication phase faster (there won't

-// be any stall issues as discussed in the commentary section below and

-// you therefore will be able to employ all 4 FP units)... But these

-// Itanium days it's simply too hard to justify the effort so I just

-// drop down to bn_mul_comba8 code:-)

-//

-// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)

-//

-.global	bn_sqr_comba8#

-.proc	bn_sqr_comba8#

-.align	64

-bn_sqr_comba8:

-	.prologue

-	.save	ar.pfs,r2

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-{ .mii;	alloc	r2=ar.pfs,2,1,0,0

-	addp4	r33=0,r33

-	addp4	r32=0,r32		};;

-{ .mii;

-#else

-{ .mii;	alloc	r2=ar.pfs,2,1,0,0

-#endif

-	mov	r34=r33

-	add	r14=8,r33		};;

-	.body

-{ .mii;	add	r17=8,r34

-	add	r15=16,r33

-	add	r18=16,r34		}

-{ .mfb;	add	r16=24,r33

-	br	.L_cheat_entry_point8	};;

-.endp	bn_sqr_comba8#

-#endif

-#if 1

-// I've estimated this routine to run in ~120 ticks, but in reality

-// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra

-// cycles consumed for instructions fetch? Or did I misinterpret some

-// clause in Itanium �-architecture manual? Comments are welcomed and

-// highly appreciated.

-//

-// On Itanium 2 it takes ~190 ticks. This is because of stalls on

-// result from getf.sig. I do nothing about it at this point for

-// reasons depicted below.

-//

-// However! It should be noted that even 160 ticks is darn good result

-// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the

-// C version (compiled with gcc with inline assembler). I really

-// kicked compiler's butt here, didn't I? Yeah! This brings us to the

-// following statement. It's damn shame that this routine isn't called

-// very often nowadays! According to the profiler most CPU time is

-// consumed by bn_mul_add_words called from BN_from_montgomery. In

-// order to estimate what we're missing, I've compared the performance

-// of this routine against "traditional" implementation, i.e. against

-// following routine:

-//

-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-// {	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);

-//	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);

-//	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);

-//	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);

-//	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);

-//	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);

-//	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);

-//	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);

-// }

-//

-// The one below is over 8 times faster than the one above:-( Even

-// more reasons to "combafy" bn_mul_add_mont...

-//

-// And yes, this routine really made me wish there were an optimizing

-// assembler! It also feels like it deserves a dedication.

-//

-//	To my wife for being there and to my kids...

-//

-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-//

-#define	carry1	r14

-#define	carry2	r15

-#define	carry3	r34

-.global	bn_mul_comba8#

-.proc	bn_mul_comba8#

-.align	64

-bn_mul_comba8:

-	.prologue

-	.save	ar.pfs,r2

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-{ .mii;	alloc	r2=ar.pfs,3,0,0,0

-	addp4	r33=0,r33

-	addp4	r34=0,r34		};;

-{ .mii;	addp4	r32=0,r32

-#else

-{ .mii;	alloc   r2=ar.pfs,3,0,0,0

-#endif

-	add	r14=8,r33

-	add	r17=8,r34		}

-	.body

-{ .mii;	add	r15=16,r33

-	add	r18=16,r34

-	add	r16=24,r33		}

-.L_cheat_entry_point8:

-{ .mmi;	add	r19=24,r34

-	ldf8	f32=[r33],32		};;

-{ .mmi;	ldf8	f120=[r34],32

-	ldf8	f121=[r17],32		}

-{ .mmi;	ldf8	f122=[r18],32

-	ldf8	f123=[r19],32		};;

-{ .mmi;	ldf8	f124=[r34]

-	ldf8	f125=[r17]		}

-{ .mmi;	ldf8	f126=[r18]

-	ldf8	f127=[r19]		}

-{ .mmi;	ldf8	f33=[r14],32

-	ldf8	f34=[r15],32		}

-{ .mmi;	ldf8	f35=[r16],32;;

-	ldf8	f36=[r33]		}

-{ .mmi;	ldf8	f37=[r14]

-	ldf8	f38=[r15]		}

-{ .mfi;	ldf8	f39=[r16]

-// -------\ Entering multiplier's heaven /-------

-// ------------\                    /------------

-// -----------------\          /-----------------

-// ----------------------\/----------------------

-		xma.hu	f41=f32,f120,f0		}

-{ .mfi;		xma.lu	f40=f32,f120,f0		};; // (*)

-{ .mfi;		xma.hu	f51=f32,f121,f0		}

-{ .mfi;		xma.lu	f50=f32,f121,f0		};;

-{ .mfi;		xma.hu	f61=f32,f122,f0		}

-{ .mfi;		xma.lu	f60=f32,f122,f0		};;

-{ .mfi;		xma.hu	f71=f32,f123,f0		}

-{ .mfi;		xma.lu	f70=f32,f123,f0		};;

-{ .mfi;		xma.hu	f81=f32,f124,f0		}

-{ .mfi;		xma.lu	f80=f32,f124,f0		};;

-{ .mfi;		xma.hu	f91=f32,f125,f0		}

-{ .mfi;		xma.lu	f90=f32,f125,f0		};;

-{ .mfi;		xma.hu	f101=f32,f126,f0	}

-{ .mfi;		xma.lu	f100=f32,f126,f0	};;

-{ .mfi;		xma.hu	f111=f32,f127,f0	}

-{ .mfi;		xma.lu	f110=f32,f127,f0	};;//

-// (*)	You can argue that splitting at every second bundle would

-//	prevent "wider" IA-64 implementations from achieving the peak

-//	performance. Well, not really... The catch is that if you

-//	intend to keep 4 FP units busy by splitting at every fourth

-//	bundle and thus perform these 16 multiplications in 4 ticks,

-//	the first bundle *below* would stall because the result from

-//	the first xma bundle *above* won't be available for another 3

-//	ticks (if not more, being an optimist, I assume that "wider"

-//	implementation will have same latency:-). This stall will hold

-//	you back and the performance would be as if every second bundle

-//	were split *anyway*...

-{ .mfi;	getf.sig	r16=f40

-		xma.hu	f42=f33,f120,f41

-	add		r33=8,r32		}

-{ .mfi;		xma.lu	f41=f33,f120,f41	};;

-{ .mfi;	getf.sig	r24=f50

-		xma.hu	f52=f33,f121,f51	}

-{ .mfi;		xma.lu	f51=f33,f121,f51	};;

-{ .mfi;	st8		[r32]=r16,16

-		xma.hu	f62=f33,f122,f61	}

-{ .mfi;		xma.lu	f61=f33,f122,f61	};;

-{ .mfi;		xma.hu	f72=f33,f123,f71	}

-{ .mfi;		xma.lu	f71=f33,f123,f71	};;

-{ .mfi;		xma.hu	f82=f33,f124,f81	}

-{ .mfi;		xma.lu	f81=f33,f124,f81	};;

-{ .mfi;		xma.hu	f92=f33,f125,f91	}

-{ .mfi;		xma.lu	f91=f33,f125,f91	};;

-{ .mfi;		xma.hu	f102=f33,f126,f101	}

-{ .mfi;		xma.lu	f101=f33,f126,f101	};;

-{ .mfi;		xma.hu	f112=f33,f127,f111	}

-{ .mfi;		xma.lu	f111=f33,f127,f111	};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r25=f41

-		xma.hu	f43=f34,f120,f42	}

-{ .mfi;		xma.lu	f42=f34,f120,f42	};;

-{ .mfi;	getf.sig	r16=f60

-		xma.hu	f53=f34,f121,f52	}

-{ .mfi;		xma.lu	f52=f34,f121,f52	};;

-{ .mfi;	getf.sig	r17=f51

-		xma.hu	f63=f34,f122,f62

-	add		r25=r25,r24		}

-{ .mfi;		xma.lu	f62=f34,f122,f62

-	mov		carry1=0		};;

-{ .mfi;	cmp.ltu		p6,p0=r25,r24

-		xma.hu	f73=f34,f123,f72	}

-{ .mfi;		xma.lu	f72=f34,f123,f72	};;

-{ .mfi;	st8		[r33]=r25,16

-		xma.hu	f83=f34,f124,f82

-(p6)	add		carry1=1,carry1		}

-{ .mfi;		xma.lu	f82=f34,f124,f82	};;

-{ .mfi;		xma.hu	f93=f34,f125,f92	}

-{ .mfi;		xma.lu	f92=f34,f125,f92	};;

-{ .mfi;		xma.hu	f103=f34,f126,f102	}

-{ .mfi;		xma.lu	f102=f34,f126,f102	};;

-{ .mfi;		xma.hu	f113=f34,f127,f112	}

-{ .mfi;		xma.lu	f112=f34,f127,f112	};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r18=f42

-		xma.hu	f44=f35,f120,f43

-	add		r17=r17,r16		}

-{ .mfi;		xma.lu	f43=f35,f120,f43	};;

-{ .mfi;	getf.sig	r24=f70

-		xma.hu	f54=f35,f121,f53	}

-{ .mfi;	mov		carry2=0

-		xma.lu	f53=f35,f121,f53	};;

-{ .mfi;	getf.sig	r25=f61

-		xma.hu	f64=f35,f122,f63

-	cmp.ltu		p7,p0=r17,r16		}

-{ .mfi;	add		r18=r18,r17

-		xma.lu	f63=f35,f122,f63	};;

-{ .mfi;	getf.sig	r26=f52

-		xma.hu	f74=f35,f123,f73

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r18,r17

-		xma.lu	f73=f35,f123,f73

-	add		r18=r18,carry1		};;

-{ .mfi;

-		xma.hu	f84=f35,f124,f83

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r18,carry1

-		xma.lu	f83=f35,f124,f83	};;

-{ .mfi;	st8		[r32]=r18,16

-		xma.hu	f94=f35,f125,f93

-(p7)	add		carry2=1,carry2		}

-{ .mfi;		xma.lu	f93=f35,f125,f93	};;

-{ .mfi;		xma.hu	f104=f35,f126,f103	}

-{ .mfi;		xma.lu	f103=f35,f126,f103	};;

-{ .mfi;		xma.hu	f114=f35,f127,f113	}

-{ .mfi;	mov		carry1=0

-		xma.lu	f113=f35,f127,f113

-	add		r25=r25,r24		};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r27=f43

-		xma.hu	f45=f36,f120,f44

-	cmp.ltu		p6,p0=r25,r24		}

-{ .mfi;		xma.lu	f44=f36,f120,f44

-	add		r26=r26,r25		};;

-{ .mfi;	getf.sig	r16=f80

-		xma.hu	f55=f36,f121,f54

-(p6)	add		carry1=1,carry1		}

-{ .mfi;		xma.lu	f54=f36,f121,f54	};;

-{ .mfi;	getf.sig	r17=f71

-		xma.hu	f65=f36,f122,f64

-	cmp.ltu		p6,p0=r26,r25		}

-{ .mfi;		xma.lu	f64=f36,f122,f64

-	add		r27=r27,r26		};;

-{ .mfi;	getf.sig	r18=f62

-		xma.hu	f75=f36,f123,f74

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	cmp.ltu		p6,p0=r27,r26

-		xma.lu	f74=f36,f123,f74

-	add		r27=r27,carry2		};;

-{ .mfi;	getf.sig	r19=f53

-		xma.hu	f85=f36,f124,f84

-(p6)	add		carry1=1,carry1		}

-{ .mfi;		xma.lu	f84=f36,f124,f84

-	cmp.ltu		p6,p0=r27,carry2	};;

-{ .mfi;	st8		[r33]=r27,16

-		xma.hu	f95=f36,f125,f94

-(p6)	add		carry1=1,carry1		}

-{ .mfi;		xma.lu	f94=f36,f125,f94	};;

-{ .mfi;		xma.hu	f105=f36,f126,f104	}

-{ .mfi;	mov		carry2=0

-		xma.lu	f104=f36,f126,f104

-	add		r17=r17,r16		};;

-{ .mfi;		xma.hu	f115=f36,f127,f114

-	cmp.ltu		p7,p0=r17,r16		}

-{ .mfi;		xma.lu	f114=f36,f127,f114

-	add		r18=r18,r17		};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r20=f44

-		xma.hu	f46=f37,f120,f45

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r18,r17

-		xma.lu	f45=f37,f120,f45

-	add		r19=r19,r18		};;

-{ .mfi;	getf.sig	r24=f90

-		xma.hu	f56=f37,f121,f55	}

-{ .mfi;		xma.lu	f55=f37,f121,f55	};;

-{ .mfi;	getf.sig	r25=f81

-		xma.hu	f66=f37,f122,f65

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r19,r18

-		xma.lu	f65=f37,f122,f65

-	add		r20=r20,r19		};;

-{ .mfi;	getf.sig	r26=f72

-		xma.hu	f76=f37,f123,f75

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r20,r19

-		xma.lu	f75=f37,f123,f75

-	add		r20=r20,carry1		};;

-{ .mfi;	getf.sig	r27=f63

-		xma.hu	f86=f37,f124,f85

-(p7)	add		carry2=1,carry2		}

-{ .mfi;		xma.lu	f85=f37,f124,f85

-	cmp.ltu		p7,p0=r20,carry1	};;

-{ .mfi;	getf.sig	r28=f54

-		xma.hu	f96=f37,f125,f95

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	st8		[r32]=r20,16

-		xma.lu	f95=f37,f125,f95	};;

-{ .mfi;		xma.hu	f106=f37,f126,f105	}

-{ .mfi;	mov		carry1=0

-		xma.lu	f105=f37,f126,f105

-	add		r25=r25,r24		};;

-{ .mfi;		xma.hu	f116=f37,f127,f115

-	cmp.ltu		p6,p0=r25,r24		}

-{ .mfi;		xma.lu	f115=f37,f127,f115

-	add		r26=r26,r25		};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r29=f45

-		xma.hu	f47=f38,f120,f46

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	cmp.ltu		p6,p0=r26,r25

-		xma.lu	f46=f38,f120,f46

-	add		r27=r27,r26		};;

-{ .mfi;	getf.sig	r16=f100

-		xma.hu	f57=f38,f121,f56

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	cmp.ltu		p6,p0=r27,r26

-		xma.lu	f56=f38,f121,f56

-	add		r28=r28,r27		};;

-{ .mfi;	getf.sig	r17=f91

-		xma.hu	f67=f38,f122,f66

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	cmp.ltu		p6,p0=r28,r27

-		xma.lu	f66=f38,f122,f66

-	add		r29=r29,r28		};;

-{ .mfi;	getf.sig	r18=f82

-		xma.hu	f77=f38,f123,f76

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	cmp.ltu		p6,p0=r29,r28

-		xma.lu	f76=f38,f123,f76

-	add		r29=r29,carry2		};;

-{ .mfi;	getf.sig	r19=f73

-		xma.hu	f87=f38,f124,f86

-(p6)	add		carry1=1,carry1		}

-{ .mfi;		xma.lu	f86=f38,f124,f86

-	cmp.ltu		p6,p0=r29,carry2	};;

-{ .mfi;	getf.sig	r20=f64

-		xma.hu	f97=f38,f125,f96

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	st8		[r33]=r29,16

-		xma.lu	f96=f38,f125,f96	};;

-{ .mfi;	getf.sig	r21=f55

-		xma.hu	f107=f38,f126,f106	}

-{ .mfi;	mov		carry2=0

-		xma.lu	f106=f38,f126,f106

-	add		r17=r17,r16		};;

-{ .mfi;		xma.hu	f117=f38,f127,f116

-	cmp.ltu		p7,p0=r17,r16		}

-{ .mfi;		xma.lu	f116=f38,f127,f116

-	add		r18=r18,r17		};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r22=f46

-		xma.hu	f48=f39,f120,f47

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r18,r17

-		xma.lu	f47=f39,f120,f47

-	add		r19=r19,r18		};;

-{ .mfi;	getf.sig	r24=f110

-		xma.hu	f58=f39,f121,f57

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r19,r18

-		xma.lu	f57=f39,f121,f57

-	add		r20=r20,r19		};;

-{ .mfi;	getf.sig	r25=f101

-		xma.hu	f68=f39,f122,f67

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r20,r19

-		xma.lu	f67=f39,f122,f67

-	add		r21=r21,r20		};;

-{ .mfi;	getf.sig	r26=f92

-		xma.hu	f78=f39,f123,f77

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r21,r20

-		xma.lu	f77=f39,f123,f77

-	add		r22=r22,r21		};;

-{ .mfi;	getf.sig	r27=f83

-		xma.hu	f88=f39,f124,f87

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	cmp.ltu		p7,p0=r22,r21

-		xma.lu	f87=f39,f124,f87

-	add		r22=r22,carry1		};;

-{ .mfi;	getf.sig	r28=f74

-		xma.hu	f98=f39,f125,f97

-(p7)	add		carry2=1,carry2		}

-{ .mfi;		xma.lu	f97=f39,f125,f97

-	cmp.ltu		p7,p0=r22,carry1	};;

-{ .mfi;	getf.sig	r29=f65

-		xma.hu	f108=f39,f126,f107

-(p7)	add		carry2=1,carry2		}

-{ .mfi;	st8		[r32]=r22,16

-		xma.lu	f107=f39,f126,f107	};;

-{ .mfi;	getf.sig	r30=f56

-		xma.hu	f118=f39,f127,f117	}

-{ .mfi;		xma.lu	f117=f39,f127,f117	};;//

-//-------------------------------------------------//

-// Leaving muliplier's heaven... Quite a ride, huh?

-{ .mii;	getf.sig	r31=f47

-	add		r25=r25,r24

-	mov		carry1=0		};;

-{ .mii;		getf.sig	r16=f111

-	cmp.ltu		p6,p0=r25,r24

-	add		r26=r26,r25		};;

-{ .mfb;		getf.sig	r17=f102	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,r25

-	add		r27=r27,r26		};;

-{ .mfb;	nop.m	0x0				}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r27,r26

-	add		r28=r28,r27		};;

-{ .mii;		getf.sig	r18=f93

-		add		r17=r17,r16

-		mov		carry3=0	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r28,r27

-	add		r29=r29,r28		};;

-{ .mii;		getf.sig	r19=f84

-		cmp.ltu		p7,p0=r17,r16	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r29,r28

-	add		r30=r30,r29		};;

-{ .mii;		getf.sig	r20=f75

-		add		r18=r18,r17	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r30,r29

-	add		r31=r31,r30		};;

-{ .mfb;		getf.sig	r21=f66		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r18,r17

-		add		r19=r19,r18	}

-{ .mfb;	nop.m	0x0				}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r31,r30

-	add		r31=r31,carry2		};;

-{ .mfb;		getf.sig	r22=f57		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r19,r18

-		add		r20=r20,r19	}

-{ .mfb;	nop.m	0x0				}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r31,carry2	};;

-{ .mfb;		getf.sig	r23=f48		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r20,r19

-		add		r21=r21,r20	}

-{ .mii;

-(p6)	add		carry1=1,carry1		}

-{ .mfb;	st8		[r33]=r31,16		};;

-{ .mfb;	getf.sig	r24=f112		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r21,r20

-		add		r22=r22,r21	};;

-{ .mfb;	getf.sig	r25=f103		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r22,r21

-		add		r23=r23,r22	};;

-{ .mfb;	getf.sig	r26=f94			}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r23,r22

-		add		r23=r23,carry1	};;

-{ .mfb;	getf.sig	r27=f85			}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p8=r23,carry1};;

-{ .mii;	getf.sig	r28=f76

-	add		r25=r25,r24

-	mov		carry1=0		}

-{ .mii;		st8		[r32]=r23,16

-	(p7)	add		carry2=1,carry3

-	(p8)	add		carry2=0,carry3	};;

-{ .mfb;	nop.m	0x0				}

-{ .mii;	getf.sig	r29=f67

-	cmp.ltu		p6,p0=r25,r24

-	add		r26=r26,r25		};;

-{ .mfb;	getf.sig	r30=f58			}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,r25

-	add		r27=r27,r26		};;

-{ .mfb;		getf.sig	r16=f113	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r27,r26

-	add		r28=r28,r27		};;

-{ .mfb;		getf.sig	r17=f104	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r28,r27

-	add		r29=r29,r28		};;

-{ .mfb;		getf.sig	r18=f95		}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r29,r28

-	add		r30=r30,r29		};;

-{ .mii;		getf.sig	r19=f86

-		add		r17=r17,r16

-		mov		carry3=0	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r30,r29

-	add		r30=r30,carry2		};;

-{ .mii;		getf.sig	r20=f77

-		cmp.ltu		p7,p0=r17,r16

-		add		r18=r18,r17	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r30,carry2	};;

-{ .mfb;		getf.sig	r21=f68		}

-{ .mii;	st8		[r33]=r30,16

-(p6)	add		carry1=1,carry1		};;

-{ .mfb;	getf.sig	r24=f114		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r18,r17

-		add		r19=r19,r18	};;

-{ .mfb;	getf.sig	r25=f105		}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r19,r18

-		add		r20=r20,r19	};;

-{ .mfb;	getf.sig	r26=f96			}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r20,r19

-		add		r21=r21,r20	};;

-{ .mfb;	getf.sig	r27=f87			}

-{ .mii;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p0=r21,r20

-		add		r21=r21,carry1	};;

-{ .mib;	getf.sig	r28=f78

-	add		r25=r25,r24		}

-{ .mib;	(p7)	add		carry3=1,carry3

-		cmp.ltu		p7,p8=r21,carry1};;

-{ .mii;		st8		[r32]=r21,16

-	(p7)	add		carry2=1,carry3

-	(p8)	add		carry2=0,carry3	}

-{ .mii;	mov		carry1=0

-	cmp.ltu		p6,p0=r25,r24

-	add		r26=r26,r25		};;

-{ .mfb;		getf.sig	r16=f115	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,r25

-	add		r27=r27,r26		};;

-{ .mfb;		getf.sig	r17=f106	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r27,r26

-	add		r28=r28,r27		};;

-{ .mfb;		getf.sig	r18=f97		}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r28,r27

-	add		r28=r28,carry2		};;

-{ .mib;		getf.sig	r19=f88

-		add		r17=r17,r16	}

-{ .mib;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r28,carry2	};;

-{ .mii;	st8		[r33]=r28,16

-(p6)	add		carry1=1,carry1		}

-{ .mii;		mov		carry2=0

-		cmp.ltu		p7,p0=r17,r16

-		add		r18=r18,r17	};;

-{ .mfb;	getf.sig	r24=f116		}

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r18,r17

-		add		r19=r19,r18	};;

-{ .mfb;	getf.sig	r25=f107		}

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r19,r18

-		add		r19=r19,carry1	};;

-{ .mfb;	getf.sig	r26=f98			}

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r19,carry1};;

-{ .mii;		st8		[r32]=r19,16

-	(p7)	add		carry2=1,carry2	}

-{ .mfb;	add		r25=r25,r24		};;

-{ .mfb;		getf.sig	r16=f117	}

-{ .mii;	mov		carry1=0

-	cmp.ltu		p6,p0=r25,r24

-	add		r26=r26,r25		};;

-{ .mfb;		getf.sig	r17=f108	}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,r25

-	add		r26=r26,carry2		};;

-{ .mfb;	nop.m	0x0				}

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,carry2	};;

-{ .mii;	st8		[r33]=r26,16

-(p6)	add		carry1=1,carry1		}

-{ .mfb;		add		r17=r17,r16	};;

-{ .mfb;	getf.sig	r24=f118		}

-{ .mii;		mov		carry2=0

-		cmp.ltu		p7,p0=r17,r16

-		add		r17=r17,carry1	};;

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r17,carry1};;

-{ .mii;		st8		[r32]=r17

-	(p7)	add		carry2=1,carry2	};;

-{ .mfb;	add		r24=r24,carry2		};;

-{ .mib;	st8		[r33]=r24		}

-{ .mib;	rum		1<<5		// clear um.mfh

-	br.ret.sptk.many	b0	};;

-.endp	bn_mul_comba8#

-#undef	carry3

-#undef	carry2

-#undef	carry1

-#endif

-#if 1

-// It's possible to make it faster (see comment to bn_sqr_comba8), but

-// I reckon it doesn't worth the effort. Basically because the routine

-// (actually both of them) practically never called... So I just play

-// same trick as with bn_sqr_comba8.

-//

-// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)

-//

-.global	bn_sqr_comba4#

-.proc	bn_sqr_comba4#

-.align	64

-bn_sqr_comba4:

-	.prologue

-	.save	ar.pfs,r2

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-{ .mii;	alloc   r2=ar.pfs,2,1,0,0

-	addp4	r32=0,r32

-	addp4	r33=0,r33		};;

-{ .mii;

-#else

-{ .mii;	alloc	r2=ar.pfs,2,1,0,0

-#endif

-	mov	r34=r33

-	add	r14=8,r33		};;

-	.body

-{ .mii;	add	r17=8,r34

-	add	r15=16,r33

-	add	r18=16,r34		}

-{ .mfb;	add	r16=24,r33

-	br	.L_cheat_entry_point4	};;

-.endp	bn_sqr_comba4#

-#endif

-#if 1

-// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...

-//

-// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-//

-#define	carry1	r14

-#define	carry2	r15

-.global	bn_mul_comba4#

-.proc	bn_mul_comba4#

-.align	64

-bn_mul_comba4:

-	.prologue

-	.save	ar.pfs,r2

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-{ .mii;	alloc   r2=ar.pfs,3,0,0,0

-	addp4	r33=0,r33

-	addp4	r34=0,r34		};;

-{ .mii;	addp4	r32=0,r32

-#else

-{ .mii;	alloc	r2=ar.pfs,3,0,0,0

-#endif

-	add	r14=8,r33

-	add	r17=8,r34		}

-	.body

-{ .mii;	add	r15=16,r33

-	add	r18=16,r34

-	add	r16=24,r33		};;

-.L_cheat_entry_point4:

-{ .mmi;	add	r19=24,r34

-	ldf8	f32=[r33]		}

-{ .mmi;	ldf8	f120=[r34]

-	ldf8	f121=[r17]		};;

-{ .mmi;	ldf8	f122=[r18]

-	ldf8	f123=[r19]		}

-{ .mmi;	ldf8	f33=[r14]

-	ldf8	f34=[r15]		}

-{ .mfi;	ldf8	f35=[r16]

-		xma.hu	f41=f32,f120,f0		}

-{ .mfi;		xma.lu	f40=f32,f120,f0		};;

-{ .mfi;		xma.hu	f51=f32,f121,f0		}

-{ .mfi;		xma.lu	f50=f32,f121,f0		};;

-{ .mfi;		xma.hu	f61=f32,f122,f0		}

-{ .mfi;		xma.lu	f60=f32,f122,f0		};;

-{ .mfi;		xma.hu	f71=f32,f123,f0		}

-{ .mfi;		xma.lu	f70=f32,f123,f0		};;//

-// Major stall takes place here, and 3 more places below. Result from

-// first xma is not available for another 3 ticks.

-{ .mfi;	getf.sig	r16=f40

-		xma.hu	f42=f33,f120,f41

-	add		r33=8,r32		}

-{ .mfi;		xma.lu	f41=f33,f120,f41	};;

-{ .mfi;	getf.sig	r24=f50

-		xma.hu	f52=f33,f121,f51	}

-{ .mfi;		xma.lu	f51=f33,f121,f51	};;

-{ .mfi;	st8		[r32]=r16,16

-		xma.hu	f62=f33,f122,f61	}

-{ .mfi;		xma.lu	f61=f33,f122,f61	};;

-{ .mfi;		xma.hu	f72=f33,f123,f71	}

-{ .mfi;		xma.lu	f71=f33,f123,f71	};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r25=f41

-		xma.hu	f43=f34,f120,f42	}

-{ .mfi;		xma.lu	f42=f34,f120,f42	};;

-{ .mfi;	getf.sig	r16=f60

-		xma.hu	f53=f34,f121,f52	}

-{ .mfi;		xma.lu	f52=f34,f121,f52	};;

-{ .mfi;	getf.sig	r17=f51

-		xma.hu	f63=f34,f122,f62

-	add		r25=r25,r24		}

-{ .mfi;	mov		carry1=0

-		xma.lu	f62=f34,f122,f62	};;

-{ .mfi;	st8		[r33]=r25,16

-		xma.hu	f73=f34,f123,f72

-	cmp.ltu		p6,p0=r25,r24		}

-{ .mfi;		xma.lu	f72=f34,f123,f72	};;//

-//-------------------------------------------------//

-{ .mfi;	getf.sig	r18=f42

-		xma.hu	f44=f35,f120,f43

-(p6)	add		carry1=1,carry1		}

-{ .mfi;	add		r17=r17,r16

-		xma.lu	f43=f35,f120,f43

-	mov		carry2=0		};;

-{ .mfi;	getf.sig	r24=f70

-		xma.hu	f54=f35,f121,f53

-	cmp.ltu		p7,p0=r17,r16		}

-{ .mfi;		xma.lu	f53=f35,f121,f53	};;

-{ .mfi;	getf.sig	r25=f61

-		xma.hu	f64=f35,f122,f63

-	add		r18=r18,r17		}

-{ .mfi;		xma.lu	f63=f35,f122,f63

-(p7)	add		carry2=1,carry2		};;

-{ .mfi;	getf.sig	r26=f52

-		xma.hu	f74=f35,f123,f73

-	cmp.ltu		p7,p0=r18,r17		}

-{ .mfi;		xma.lu	f73=f35,f123,f73

-	add		r18=r18,carry1		};;

-//-------------------------------------------------//

-{ .mii;	st8		[r32]=r18,16

-(p7)	add		carry2=1,carry2

-	cmp.ltu		p7,p0=r18,carry1	};;

-{ .mfi;	getf.sig	r27=f43	// last major stall

-(p7)	add		carry2=1,carry2		};;

-{ .mii;		getf.sig	r16=f71

-	add		r25=r25,r24

-	mov		carry1=0		};;

-{ .mii;		getf.sig	r17=f62

-	cmp.ltu		p6,p0=r25,r24

-	add		r26=r26,r25		};;

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,r25

-	add		r27=r27,r26		};;

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r27,r26

-	add		r27=r27,carry2		};;

-{ .mii;		getf.sig	r18=f53

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r27,carry2	};;

-{ .mfi;	st8		[r33]=r27,16

-(p6)	add		carry1=1,carry1		}

-{ .mii;		getf.sig	r19=f44

-		add		r17=r17,r16

-		mov		carry2=0	};;

-{ .mii;	getf.sig	r24=f72

-		cmp.ltu		p7,p0=r17,r16

-		add		r18=r18,r17	};;

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r18,r17

-		add		r19=r19,r18	};;

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r19,r18

-		add		r19=r19,carry1	};;

-{ .mii;	getf.sig	r25=f63

-	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r19,carry1};;

-{ .mii;		st8		[r32]=r19,16

-	(p7)	add		carry2=1,carry2	}

-{ .mii;	getf.sig	r26=f54

-	add		r25=r25,r24

-	mov		carry1=0		};;

-{ .mii;		getf.sig	r16=f73

-	cmp.ltu		p6,p0=r25,r24

-	add		r26=r26,r25		};;

-{ .mii;

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,r25

-	add		r26=r26,carry2		};;

-{ .mii;		getf.sig	r17=f64

-(p6)	add		carry1=1,carry1

-	cmp.ltu		p6,p0=r26,carry2	};;

-{ .mii;	st8		[r33]=r26,16

-(p6)	add		carry1=1,carry1		}

-{ .mii;	getf.sig	r24=f74

-		add		r17=r17,r16

-		mov		carry2=0	};;

-{ .mii;		cmp.ltu		p7,p0=r17,r16

-		add		r17=r17,carry1	};;

-{ .mii;	(p7)	add		carry2=1,carry2

-		cmp.ltu		p7,p0=r17,carry1};;

-{ .mii;		st8		[r32]=r17,16

-	(p7)	add		carry2=1,carry2	};;

-{ .mii;	add		r24=r24,carry2		};;

-{ .mii;	st8		[r33]=r24		}

-{ .mib;	rum		1<<5		// clear um.mfh

-	br.ret.sptk.many	b0	};;

-.endp	bn_mul_comba4#

-#undef	carry2

-#undef	carry1

-#endif

-#if 1

-//

-// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)

-//

-// In the nutshell it's a port of my MIPS III/IV implementation.

-//

-#define	AT	r14

-#define	H	r16

-#define	HH	r20

-#define	L	r17

-#define	D	r18

-#define	DH	r22

-#define	I	r21

-#if 0

-// Some preprocessors (most notably HP-UX) appear to be allergic to

-// macros enclosed to parenthesis [as these three were].

-#define	cont	p16

-#define	break	p0	// p20

-#define	equ	p24

-#else

-cont=p16

-break=p0

-equ=p24

-#endif

-.global	abort#

-.global	bn_div_words#

-.proc	bn_div_words#

-.align	64

-bn_div_words:

-	.prologue

-	.save	ar.pfs,r2

-{ .mii;	alloc		r2=ar.pfs,3,5,0,8

-	.save	b0,r3

-	mov		r3=b0

-	.save	pr,r10

-	mov		r10=pr		};;

-{ .mmb;	cmp.eq		p6,p0=r34,r0

-	mov		r8=-1

-(p6)	br.ret.spnt.many	b0	};;

-	.body

-{ .mii;	mov		H=r32		// save h

-	mov		ar.ec=0		// don't rotate at exit

-	mov		pr.rot=0	}

-{ .mii;	mov		L=r33		// save l

-	mov		r36=r0		};;

-.L_divw_shift:	// -vv- note signed comparison

-{ .mfi;	(p0)	cmp.lt		p16,p0=r0,r34	// d

-	(p0)	shladd		r33=r34,1,r0	}

-{ .mfb;	(p0)	add		r35=1,r36

-	(p0)	nop.f		0x0

-(p16)	br.wtop.dpnt		.L_divw_shift	};;

-{ .mii;	mov		D=r34

-	shr.u		DH=r34,32

-	sub		r35=64,r36		};;

-{ .mii;	setf.sig	f7=DH

-	shr.u		AT=H,r35

-	mov		I=r36			};;

-{ .mib;	cmp.ne		p6,p0=r0,AT

-	shl		H=H,r36

-(p6)	br.call.spnt.clr	b0=abort	};;	// overflow, die...

-{ .mfi;	fcvt.xuf.s1	f7=f7

-	shr.u		AT=L,r35		};;

-{ .mii;	shl		L=L,r36

-	or		H=H,AT			};;

-{ .mii;	nop.m		0x0

-	cmp.leu		p6,p0=D,H;;

-(p6)	sub		H=H,D			}

-{ .mlx;	setf.sig	f14=D

-	movl		AT=0xffffffff		};;

-///////////////////////////////////////////////////////////

-{ .mii;	setf.sig	f6=H

-	shr.u		HH=H,32;;

-	cmp.eq		p6,p7=HH,DH		};;

-{ .mfb;

-(p6)	setf.sig	f8=AT

-(p7)	fcvt.xuf.s1	f6=f6

-(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;

-{ .mfi;	getf.sig	r33=f8				// q

-	xmpy.lu		f9=f8,f14		}

-{ .mfi;	xmpy.hu		f10=f8,f14

-	shrp		H=H,L,32		};;

-{ .mmi;	getf.sig	r35=f9				// tl

-	getf.sig	r31=f10			};;	// th

-.L_divw_1st_iter:

-{ .mii;	(p0)	add		r32=-1,r33

-	(p0)	cmp.eq		equ,cont=HH,r31		};;

-{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D

-	(p0)	sub		r34=r35,D

-	(equ)	cmp.leu		break,cont=r35,H	};;

-{ .mib;	(cont)	cmp.leu		cont,break=HH,r31

-	(p8)	add		r31=-1,r31

-(cont)	br.wtop.spnt		.L_divw_1st_iter	};;

-///////////////////////////////////////////////////////////

-{ .mii;	sub		H=H,r35

-	shl		r8=r33,32

-	shl		L=L,32			};;

-///////////////////////////////////////////////////////////

-{ .mii;	setf.sig	f6=H

-	shr.u		HH=H,32;;

-	cmp.eq		p6,p7=HH,DH		};;

-{ .mfb;

-(p6)	setf.sig	f8=AT

-(p7)	fcvt.xuf.s1	f6=f6

-(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;

-{ .mfi;	getf.sig	r33=f8				// q

-	xmpy.lu		f9=f8,f14		}

-{ .mfi;	xmpy.hu		f10=f8,f14

-	shrp		H=H,L,32		};;

-{ .mmi;	getf.sig	r35=f9				// tl

-	getf.sig	r31=f10			};;	// th

-.L_divw_2nd_iter:

-{ .mii;	(p0)	add		r32=-1,r33

-	(p0)	cmp.eq		equ,cont=HH,r31		};;

-{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D

-	(p0)	sub		r34=r35,D

-	(equ)	cmp.leu		break,cont=r35,H	};;

-{ .mib;	(cont)	cmp.leu		cont,break=HH,r31

-	(p8)	add		r31=-1,r31

-(cont)	br.wtop.spnt		.L_divw_2nd_iter	};;

-///////////////////////////////////////////////////////////

-{ .mii;	sub	H=H,r35

-	or	r8=r8,r33

-	mov	ar.pfs=r2		};;

-{ .mii;	shr.u	r9=H,I			// remainder if anybody wants it

-	mov	pr=r10,0x1ffff		}

-{ .mfb;	br.ret.sptk.many	b0	};;

-// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division

-// procedure.

-//

-// inputs:	f6 = (double)a, f7 = (double)b

-// output:	f8 = (int)(a/b)

-// clobbered:	f8,f9,f10,f11,pred

-pred=p15

-// One can argue that this snippet is copyrighted to Intel

-// Corporation, as it's essentially identical to one of those

-// found in "Divide, Square Root and Remainder" section at

-// http://www.intel.com/software/products/opensource/libraries/num.htm.

-// Yes, I admit that the referred code was used as template,

-// but after I realized that there hardly is any other instruction

-// sequence which would perform this operation. I mean I figure that

-// any independent attempt to implement high-performance division

-// will result in code virtually identical to the Intel code. It

-// should be noted though that below division kernel is 1 cycle

-// faster than Intel one (note commented splits:-), not to mention

-// original prologue (rather lack of one) and epilogue.

-.align	32

-.skip	16

-.L_udiv64_32_b6:

-	frcpa.s1	f8,pred=f6,f7;;		// [0]  y0 = 1 / b

-(pred)	fnma.s1		f9=f7,f8,f1		// [5]  e0 = 1 - b * y0

-(pred)	fmpy.s1		f10=f6,f8;;		// [5]  q0 = a * y0

-(pred)	fmpy.s1		f11=f9,f9		// [10] e1 = e0 * e0

-(pred)	fma.s1		f10=f9,f10,f10;;	// [10] q1 = q0 + e0 * q0

-(pred)	fma.s1		f8=f9,f8,f8	//;;	// [15] y1 = y0 + e0 * y0

-(pred)	fma.s1		f9=f11,f10,f10;;	// [15] q2 = q1 + e1 * q1

-(pred)	fma.s1		f8=f11,f8,f8	//;;	// [20] y2 = y1 + e1 * y1

-(pred)	fnma.s1		f10=f7,f9,f6;;		// [20] r2 = a - b * q2

-(pred)	fma.s1		f8=f10,f8,f9;;		// [25] q3 = q2 + r2 * y2

-	fcvt.fxu.trunc.s1	f8=f8		// [30] q = trunc(q3)

-	br.ret.sptk.many	b6;;

-.endp	bn_div_words#

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/mips3.s

+++ /dev/null

@@ -1,2201 +1,0 @@

-.rdata

-.asciiz	"mips3.s, Version 1.1"

-.asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <[email protected]>"

-/*

- * ====================================================================

- * Written by Andy Polyakov <[email protected]> for the OpenSSL

- * project.

- *

- * Rights for redistribution and usage in source and binary forms are

- * granted according to the OpenSSL license. Warranty of any kind is

- * disclaimed.

- * ====================================================================

- */

-/*

- * This is my modest contributon to the OpenSSL project (see

- * http://www.openssl.org/ for more information about it) and is

- * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c

- * module. For updates see http://fy.chalmers.se/~appro/hpe/.

- *

- * The module is designed to work with either of the "new" MIPS ABI(5),

- * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under

- * IRIX 5.x not only because it doesn't support new ABIs but also

- * because 5.x kernels put R4x00 CPU into 32-bit mode and all those

- * 64-bit instructions (daddu, dmultu, etc.) found below gonna only

- * cause illegal instruction exception:-(

- *

- * In addition the code depends on preprocessor flags set up by MIPSpro

- * compiler driver (either as or cc) and therefore (probably?) can't be

- * compiled by the GNU assembler. GNU C driver manages fine though...

- * I mean as long as -mmips-as is specified or is the default option,

- * because then it simply invokes /usr/bin/as which in turn takes

- * perfect care of the preprocessor definitions. Another neat feature

- * offered by the MIPSpro assembler is an optimization pass. This gave

- * me the opportunity to have the code looking more regular as all those

- * architecture dependent instruction rescheduling details were left to

- * the assembler. Cool, huh?

- *

- * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'

- * goes way over 3 times faster!

- *

- *					<[email protected]>

- */

-#include <asm.h>

-#include <regdef.h>

-#if _MIPS_ISA>=4

-#define	MOVNZ(cond,dst,src)	\

-	movn	dst,src,cond

-#else

-#define	MOVNZ(cond,dst,src)	\

-	.set	noreorder;	\

-	bnezl	cond,.+8;	\

-	move	dst,src;	\

-	.set	reorder

-#endif

-.text

-.set	noat

-.set	reorder

-#define	MINUS4	v1

-.align	5

-LEAF(bn_mul_add_words)

-	.set	noreorder

-	bgtzl	a2,.L_bn_mul_add_words_proceed

-	ld	t0,0(a1)

-	jr	ra

-	move	v0,zero

-	.set	reorder

-.L_bn_mul_add_words_proceed:

-	li	MINUS4,-4

-	and	ta0,a2,MINUS4

-	move	v0,zero

-	beqz	ta0,.L_bn_mul_add_words_tail

-.L_bn_mul_add_words_loop:

-	dmultu	t0,a3

-	ld	t1,0(a0)

-	ld	t2,8(a1)

-	ld	t3,8(a0)

-	ld	ta0,16(a1)

-	ld	ta1,16(a0)

-	daddu	t1,v0

-	sltu	v0,t1,v0	/* All manuals say it "compares 32-bit

-				 * values", but it seems to work fine

-				 * even on 64-bit registers. */

-	mflo	AT

-	mfhi	t0

-	daddu	t1,AT

-	daddu	v0,t0

-	sltu	AT,t1,AT

-	sd	t1,0(a0)

-	daddu	v0,AT

-	dmultu	t2,a3

-	ld	ta2,24(a1)

-	ld	ta3,24(a0)

-	daddu	t3,v0

-	sltu	v0,t3,v0

-	mflo	AT

-	mfhi	t2

-	daddu	t3,AT

-	daddu	v0,t2

-	sltu	AT,t3,AT

-	sd	t3,8(a0)

-	daddu	v0,AT

-	dmultu	ta0,a3

-	subu	a2,4

-	PTR_ADD	a0,32

-	PTR_ADD	a1,32

-	daddu	ta1,v0

-	sltu	v0,ta1,v0

-	mflo	AT

-	mfhi	ta0

-	daddu	ta1,AT

-	daddu	v0,ta0

-	sltu	AT,ta1,AT

-	sd	ta1,-16(a0)

-	daddu	v0,AT

-	dmultu	ta2,a3

-	and	ta0,a2,MINUS4

-	daddu	ta3,v0

-	sltu	v0,ta3,v0

-	mflo	AT

-	mfhi	ta2

-	daddu	ta3,AT

-	daddu	v0,ta2

-	sltu	AT,ta3,AT

-	sd	ta3,-8(a0)

-	daddu	v0,AT

-	.set	noreorder

-	bgtzl	ta0,.L_bn_mul_add_words_loop

-	ld	t0,0(a1)

-	bnezl	a2,.L_bn_mul_add_words_tail

-	ld	t0,0(a1)

-	.set	reorder

-.L_bn_mul_add_words_return:

-	jr	ra

-.L_bn_mul_add_words_tail:

-	dmultu	t0,a3

-	ld	t1,0(a0)

-	subu	a2,1

-	daddu	t1,v0

-	sltu	v0,t1,v0

-	mflo	AT

-	mfhi	t0

-	daddu	t1,AT

-	daddu	v0,t0

-	sltu	AT,t1,AT

-	sd	t1,0(a0)

-	daddu	v0,AT

-	beqz	a2,.L_bn_mul_add_words_return

-	ld	t0,8(a1)

-	dmultu	t0,a3

-	ld	t1,8(a0)

-	subu	a2,1

-	daddu	t1,v0

-	sltu	v0,t1,v0

-	mflo	AT

-	mfhi	t0

-	daddu	t1,AT

-	daddu	v0,t0

-	sltu	AT,t1,AT

-	sd	t1,8(a0)

-	daddu	v0,AT

-	beqz	a2,.L_bn_mul_add_words_return

-	ld	t0,16(a1)

-	dmultu	t0,a3

-	ld	t1,16(a0)

-	daddu	t1,v0

-	sltu	v0,t1,v0

-	mflo	AT

-	mfhi	t0

-	daddu	t1,AT

-	daddu	v0,t0

-	sltu	AT,t1,AT

-	sd	t1,16(a0)

-	daddu	v0,AT

-	jr	ra

-END(bn_mul_add_words)

-.align	5

-LEAF(bn_mul_words)

-	.set	noreorder

-	bgtzl	a2,.L_bn_mul_words_proceed

-	ld	t0,0(a1)

-	jr	ra

-	move	v0,zero

-	.set	reorder

-.L_bn_mul_words_proceed:

-	li	MINUS4,-4

-	and	ta0,a2,MINUS4

-	move	v0,zero

-	beqz	ta0,.L_bn_mul_words_tail

-.L_bn_mul_words_loop:

-	dmultu	t0,a3

-	ld	t2,8(a1)

-	ld	ta0,16(a1)

-	ld	ta2,24(a1)

-	mflo	AT

-	mfhi	t0

-	daddu	v0,AT

-	sltu	t1,v0,AT

-	sd	v0,0(a0)

-	daddu	v0,t1,t0

-	dmultu	t2,a3

-	subu	a2,4

-	PTR_ADD	a0,32

-	PTR_ADD	a1,32

-	mflo	AT

-	mfhi	t2

-	daddu	v0,AT

-	sltu	t3,v0,AT

-	sd	v0,-24(a0)

-	daddu	v0,t3,t2

-	dmultu	ta0,a3

-	mflo	AT

-	mfhi	ta0

-	daddu	v0,AT

-	sltu	ta1,v0,AT

-	sd	v0,-16(a0)

-	daddu	v0,ta1,ta0

-	dmultu	ta2,a3

-	and	ta0,a2,MINUS4

-	mflo	AT

-	mfhi	ta2

-	daddu	v0,AT

-	sltu	ta3,v0,AT

-	sd	v0,-8(a0)

-	daddu	v0,ta3,ta2

-	.set	noreorder

-	bgtzl	ta0,.L_bn_mul_words_loop

-	ld	t0,0(a1)

-	bnezl	a2,.L_bn_mul_words_tail

-	ld	t0,0(a1)

-	.set	reorder

-.L_bn_mul_words_return:

-	jr	ra

-.L_bn_mul_words_tail:

-	dmultu	t0,a3

-	subu	a2,1

-	mflo	AT

-	mfhi	t0

-	daddu	v0,AT

-	sltu	t1,v0,AT

-	sd	v0,0(a0)

-	daddu	v0,t1,t0

-	beqz	a2,.L_bn_mul_words_return

-	ld	t0,8(a1)

-	dmultu	t0,a3

-	subu	a2,1

-	mflo	AT

-	mfhi	t0

-	daddu	v0,AT

-	sltu	t1,v0,AT

-	sd	v0,8(a0)

-	daddu	v0,t1,t0

-	beqz	a2,.L_bn_mul_words_return

-	ld	t0,16(a1)

-	dmultu	t0,a3

-	mflo	AT

-	mfhi	t0

-	daddu	v0,AT

-	sltu	t1,v0,AT

-	sd	v0,16(a0)

-	daddu	v0,t1,t0

-	jr	ra

-END(bn_mul_words)

-.align	5

-LEAF(bn_sqr_words)

-	.set	noreorder

-	bgtzl	a2,.L_bn_sqr_words_proceed

-	ld	t0,0(a1)

-	jr	ra

-	move	v0,zero

-	.set	reorder

-.L_bn_sqr_words_proceed:

-	li	MINUS4,-4

-	and	ta0,a2,MINUS4

-	move	v0,zero

-	beqz	ta0,.L_bn_sqr_words_tail

-.L_bn_sqr_words_loop:

-	dmultu	t0,t0

-	ld	t2,8(a1)

-	ld	ta0,16(a1)

-	ld	ta2,24(a1)

-	mflo	t1

-	mfhi	t0

-	sd	t1,0(a0)

-	sd	t0,8(a0)

-	dmultu	t2,t2

-	subu	a2,4

-	PTR_ADD	a0,64

-	PTR_ADD	a1,32

-	mflo	t3

-	mfhi	t2

-	sd	t3,-48(a0)

-	sd	t2,-40(a0)

-	dmultu	ta0,ta0

-	mflo	ta1

-	mfhi	ta0

-	sd	ta1,-32(a0)

-	sd	ta0,-24(a0)

-	dmultu	ta2,ta2

-	and	ta0,a2,MINUS4

-	mflo	ta3

-	mfhi	ta2

-	sd	ta3,-16(a0)

-	sd	ta2,-8(a0)

-	.set	noreorder

-	bgtzl	ta0,.L_bn_sqr_words_loop

-	ld	t0,0(a1)

-	bnezl	a2,.L_bn_sqr_words_tail

-	ld	t0,0(a1)

-	.set	reorder

-.L_bn_sqr_words_return:

-	move	v0,zero

-	jr	ra

-.L_bn_sqr_words_tail:

-	dmultu	t0,t0

-	subu	a2,1

-	mflo	t1

-	mfhi	t0

-	sd	t1,0(a0)

-	sd	t0,8(a0)

-	beqz	a2,.L_bn_sqr_words_return

-	ld	t0,8(a1)

-	dmultu	t0,t0

-	subu	a2,1

-	mflo	t1

-	mfhi	t0

-	sd	t1,16(a0)

-	sd	t0,24(a0)

-	beqz	a2,.L_bn_sqr_words_return

-	ld	t0,16(a1)

-	dmultu	t0,t0

-	mflo	t1

-	mfhi	t0

-	sd	t1,32(a0)

-	sd	t0,40(a0)

-	jr	ra

-END(bn_sqr_words)

-.align	5

-LEAF(bn_add_words)

-	.set	noreorder

-	bgtzl	a3,.L_bn_add_words_proceed

-	ld	t0,0(a1)

-	jr	ra

-	move	v0,zero

-	.set	reorder

-.L_bn_add_words_proceed:

-	li	MINUS4,-4

-	and	AT,a3,MINUS4

-	move	v0,zero

-	beqz	AT,.L_bn_add_words_tail

-.L_bn_add_words_loop:

-	ld	ta0,0(a2)

-	subu	a3,4

-	ld	t1,8(a1)

-	and	AT,a3,MINUS4

-	ld	t2,16(a1)

-	PTR_ADD	a2,32

-	ld	t3,24(a1)

-	PTR_ADD	a0,32

-	ld	ta1,-24(a2)

-	PTR_ADD	a1,32

-	ld	ta2,-16(a2)

-	ld	ta3,-8(a2)

-	daddu	ta0,t0

-	sltu	t8,ta0,t0

-	daddu	t0,ta0,v0

-	sltu	v0,t0,ta0

-	sd	t0,-32(a0)

-	daddu	v0,t8

-	daddu	ta1,t1

-	sltu	t9,ta1,t1

-	daddu	t1,ta1,v0

-	sltu	v0,t1,ta1

-	sd	t1,-24(a0)

-	daddu	v0,t9

-	daddu	ta2,t2

-	sltu	t8,ta2,t2

-	daddu	t2,ta2,v0

-	sltu	v0,t2,ta2

-	sd	t2,-16(a0)

-	daddu	v0,t8

-	daddu	ta3,t3

-	sltu	t9,ta3,t3

-	daddu	t3,ta3,v0

-	sltu	v0,t3,ta3

-	sd	t3,-8(a0)

-	daddu	v0,t9

-	.set	noreorder

-	bgtzl	AT,.L_bn_add_words_loop

-	ld	t0,0(a1)

-	bnezl	a3,.L_bn_add_words_tail

-	ld	t0,0(a1)

-	.set	reorder

-.L_bn_add_words_return:

-	jr	ra

-.L_bn_add_words_tail:

-	ld	ta0,0(a2)

-	daddu	ta0,t0

-	subu	a3,1

-	sltu	t8,ta0,t0

-	daddu	t0,ta0,v0

-	sltu	v0,t0,ta0

-	sd	t0,0(a0)

-	daddu	v0,t8

-	beqz	a3,.L_bn_add_words_return

-	ld	t1,8(a1)

-	ld	ta1,8(a2)

-	daddu	ta1,t1

-	subu	a3,1

-	sltu	t9,ta1,t1

-	daddu	t1,ta1,v0

-	sltu	v0,t1,ta1

-	sd	t1,8(a0)

-	daddu	v0,t9

-	beqz	a3,.L_bn_add_words_return

-	ld	t2,16(a1)

-	ld	ta2,16(a2)

-	daddu	ta2,t2

-	sltu	t8,ta2,t2

-	daddu	t2,ta2,v0

-	sltu	v0,t2,ta2

-	sd	t2,16(a0)

-	daddu	v0,t8

-	jr	ra

-END(bn_add_words)

-.align	5

-LEAF(bn_sub_words)

-	.set	noreorder

-	bgtzl	a3,.L_bn_sub_words_proceed

-	ld	t0,0(a1)

-	jr	ra

-	move	v0,zero

-	.set	reorder

-.L_bn_sub_words_proceed:

-	li	MINUS4,-4

-	and	AT,a3,MINUS4

-	move	v0,zero

-	beqz	AT,.L_bn_sub_words_tail

-.L_bn_sub_words_loop:

-	ld	ta0,0(a2)

-	subu	a3,4

-	ld	t1,8(a1)

-	and	AT,a3,MINUS4

-	ld	t2,16(a1)

-	PTR_ADD	a2,32

-	ld	t3,24(a1)

-	PTR_ADD	a0,32

-	ld	ta1,-24(a2)

-	PTR_ADD	a1,32

-	ld	ta2,-16(a2)

-	ld	ta3,-8(a2)

-	sltu	t8,t0,ta0

-	dsubu	t0,ta0

-	dsubu	ta0,t0,v0

-	sd	ta0,-32(a0)

-	MOVNZ	(t0,v0,t8)

-	sltu	t9,t1,ta1

-	dsubu	t1,ta1

-	dsubu	ta1,t1,v0

-	sd	ta1,-24(a0)

-	MOVNZ	(t1,v0,t9)

-	sltu	t8,t2,ta2

-	dsubu	t2,ta2

-	dsubu	ta2,t2,v0

-	sd	ta2,-16(a0)

-	MOVNZ	(t2,v0,t8)

-	sltu	t9,t3,ta3

-	dsubu	t3,ta3

-	dsubu	ta3,t3,v0

-	sd	ta3,-8(a0)

-	MOVNZ	(t3,v0,t9)

-	.set	noreorder

-	bgtzl	AT,.L_bn_sub_words_loop

-	ld	t0,0(a1)

-	bnezl	a3,.L_bn_sub_words_tail

-	ld	t0,0(a1)

-	.set	reorder

-.L_bn_sub_words_return:

-	jr	ra

-.L_bn_sub_words_tail:

-	ld	ta0,0(a2)

-	subu	a3,1

-	sltu	t8,t0,ta0

-	dsubu	t0,ta0

-	dsubu	ta0,t0,v0

-	MOVNZ	(t0,v0,t8)

-	sd	ta0,0(a0)

-	beqz	a3,.L_bn_sub_words_return

-	ld	t1,8(a1)

-	subu	a3,1

-	ld	ta1,8(a2)

-	sltu	t9,t1,ta1

-	dsubu	t1,ta1

-	dsubu	ta1,t1,v0

-	MOVNZ	(t1,v0,t9)

-	sd	ta1,8(a0)

-	beqz	a3,.L_bn_sub_words_return

-	ld	t2,16(a1)

-	ld	ta2,16(a2)

-	sltu	t8,t2,ta2

-	dsubu	t2,ta2

-	dsubu	ta2,t2,v0

-	MOVNZ	(t2,v0,t8)

-	sd	ta2,16(a0)

-	jr	ra

-END(bn_sub_words)

-#undef	MINUS4

-.align 5

-LEAF(bn_div_3_words)

-	.set	reorder

-	move	a3,a0		/* we know that bn_div_words doesn't

-				 * touch a3, ta2, ta3 and preserves a2

-				 * so that we can save two arguments

-				 * and return address in registers

-				 * instead of stack:-)

-				 */

-	ld	a0,(a3)

-	move	ta2,a1

-	ld	a1,-8(a3)

-	bne	a0,a2,.L_bn_div_3_words_proceed

-	li	v0,-1

-	jr	ra

-.L_bn_div_3_words_proceed:

-	move	ta3,ra

-	bal	bn_div_words

-	move	ra,ta3

-	dmultu	ta2,v0

-	ld	t2,-16(a3)

-	move	ta0,zero

-	mfhi	t1

-	mflo	t0

-	sltu	t8,t1,v1

-.L_bn_div_3_words_inner_loop:

-	bnez	t8,.L_bn_div_3_words_inner_loop_done

-	sgeu	AT,t2,t0

-	seq	t9,t1,v1

-	and	AT,t9

-	sltu	t3,t0,ta2

-	daddu	v1,a2

-	dsubu	t1,t3

-	dsubu	t0,ta2

-	sltu	t8,t1,v1

-	sltu	ta0,v1,a2

-	or	t8,ta0

-	.set	noreorder

-	beqzl	AT,.L_bn_div_3_words_inner_loop

-	dsubu	v0,1

-	.set	reorder

-.L_bn_div_3_words_inner_loop_done:

-	jr	ra

-END(bn_div_3_words)

-.align	5

-LEAF(bn_div_words)

-	.set	noreorder

-	bnezl	a2,.L_bn_div_words_proceed

-	move	v1,zero

-	jr	ra

-	li	v0,-1		/* I'd rather signal div-by-zero

-				 * which can be done with 'break 7' */

-.L_bn_div_words_proceed:

-	bltz	a2,.L_bn_div_words_body

-	move	t9,v1

-	dsll	a2,1

-	bgtz	a2,.-4

-	addu	t9,1

-	.set	reorder

-	negu	t1,t9

-	li	t2,-1

-	dsll	t2,t1

-	and	t2,a0

-	dsrl	AT,a1,t1

-	.set	noreorder

-	bnezl	t2,.+8

-	break	6		/* signal overflow */

-	.set	reorder

-	dsll	a0,t9

-	dsll	a1,t9

-	or	a0,AT

-#define	QT	ta0

-#define	HH	ta1

-#define	DH	v1

-.L_bn_div_words_body:

-	dsrl	DH,a2,32

-	sgeu	AT,a0,a2

-	.set	noreorder

-	bnezl	AT,.+8

-	dsubu	a0,a2

-	.set	reorder

-	li	QT,-1

-	dsrl	HH,a0,32

-	dsrl	QT,32	/* q=0xffffffff */

-	beq	DH,HH,.L_bn_div_words_skip_div1

-	ddivu	zero,a0,DH

-	mflo	QT

-.L_bn_div_words_skip_div1:

-	dmultu	a2,QT

-	dsll	t3,a0,32

-	dsrl	AT,a1,32

-	or	t3,AT

-	mflo	t0

-	mfhi	t1

-.L_bn_div_words_inner_loop1:

-	sltu	t2,t3,t0

-	seq	t8,HH,t1

-	sltu	AT,HH,t1

-	and	t2,t8

-	sltu	v0,t0,a2

-	or	AT,t2

-	.set	noreorder

-	beqz	AT,.L_bn_div_words_inner_loop1_done

-	dsubu	t1,v0

-	dsubu	t0,a2

-	b	.L_bn_div_words_inner_loop1

-	dsubu	QT,1

-	.set	reorder

-.L_bn_div_words_inner_loop1_done:

-	dsll	a1,32

-	dsubu	a0,t3,t0

-	dsll	v0,QT,32

-	li	QT,-1

-	dsrl	HH,a0,32

-	dsrl	QT,32	/* q=0xffffffff */

-	beq	DH,HH,.L_bn_div_words_skip_div2

-	ddivu	zero,a0,DH

-	mflo	QT

-.L_bn_div_words_skip_div2:

-#undef	DH

-	dmultu	a2,QT

-	dsll	t3,a0,32

-	dsrl	AT,a1,32

-	or	t3,AT

-	mflo	t0

-	mfhi	t1

-.L_bn_div_words_inner_loop2:

-	sltu	t2,t3,t0

-	seq	t8,HH,t1

-	sltu	AT,HH,t1

-	and	t2,t8

-	sltu	v1,t0,a2

-	or	AT,t2

-	.set	noreorder

-	beqz	AT,.L_bn_div_words_inner_loop2_done

-	dsubu	t1,v1

-	dsubu	t0,a2

-	b	.L_bn_div_words_inner_loop2

-	dsubu	QT,1

-	.set	reorder

-.L_bn_div_words_inner_loop2_done:

-#undef	HH

-	dsubu	a0,t3,t0

-	or	v0,QT

-	dsrl	v1,a0,t9	/* v1 contains remainder if anybody wants it */

-	dsrl	a2,t9		/* restore a2 */

-	jr	ra

-#undef	QT

-END(bn_div_words)

-#define	a_0	t0

-#define	a_1	t1

-#define	a_2	t2

-#define	a_3	t3

-#define	b_0	ta0

-#define	b_1	ta1

-#define	b_2	ta2

-#define	b_3	ta3

-#define	a_4	s0

-#define	a_5	s2

-#define	a_6	s4

-#define	a_7	a1	/* once we load a[7] we don't need a anymore */

-#define	b_4	s1

-#define	b_5	s3

-#define	b_6	s5

-#define	b_7	a2	/* once we load b[7] we don't need b anymore */

-#define	t_1	t8

-#define	t_2	t9

-#define	c_1	v0

-#define	c_2	v1

-#define	c_3	a3

-#define	FRAME_SIZE	48

-.align	5

-LEAF(bn_mul_comba8)

-	.set	noreorder

-	PTR_SUB	sp,FRAME_SIZE

-	.frame	sp,64,ra

-	.set	reorder

-	ld	a_0,0(a1)	/* If compiled with -mips3 option on

-				 * R5000 box assembler barks on this

-				 * line with "shouldn't have mult/div

-				 * as last instruction in bb (R10K

-				 * bug)" warning. If anybody out there

-				 * has a clue about how to circumvent

-				 * this do send me a note.

-				 *		<[email protected]>

-				 */

-	ld	b_0,0(a2)

-	ld	a_1,8(a1)

-	ld	a_2,16(a1)

-	ld	a_3,24(a1)

-	ld	b_1,8(a2)

-	ld	b_2,16(a2)

-	ld	b_3,24(a2)

-	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */

-	sd	s0,0(sp)

-	sd	s1,8(sp)

-	sd	s2,16(sp)

-	sd	s3,24(sp)

-	sd	s4,32(sp)

-	sd	s5,40(sp)

-	mflo	c_1

-	mfhi	c_2

-	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */

-	ld	a_4,32(a1)

-	ld	a_5,40(a1)

-	ld	a_6,48(a1)

-	ld	a_7,56(a1)

-	ld	b_4,32(a2)

-	ld	b_5,40(a2)

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	c_3,t_2,AT

-	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */

-	ld	b_6,48(a2)

-	ld	b_7,56(a2)

-	sd	c_1,0(a0)	/* r[0]=c1; */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	sd	c_2,8(a0)	/* r[1]=c2; */

-	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	c_2,c_1,t_2

-	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,16(a0)	/* r[2]=c3; */

-	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	c_3,c_2,t_2

-	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,24(a0)	/* r[3]=c1; */

-	dmultu	a_4,b_0		/* mul_add_c(a[4],b[0],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_0,b_4		/* mul_add_c(a[0],b[4],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,32(a0)	/* r[4]=c2; */

-	dmultu	a_0,b_5		/* mul_add_c(a[0],b[5],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	c_2,c_1,t_2

-	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_4,b_1		/* mul_add_c(a[4],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_5,b_0		/* mul_add_c(a[5],b[0],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,40(a0)	/* r[5]=c3; */

-	dmultu	a_6,b_0		/* mul_add_c(a[6],b[0],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	c_3,c_2,t_2

-	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_2,b_4		/* mul_add_c(a[2],b[4],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_1,b_5		/* mul_add_c(a[1],b[5],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_0,b_6		/* mul_add_c(a[0],b[6],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,48(a0)	/* r[6]=c1; */

-	dmultu	a_0,b_7		/* mul_add_c(a[0],b[7],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_3,b_4		/* mul_add_c(a[3],b[4],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_4,b_3		/* mul_add_c(a[4],b[3],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_5,b_2		/* mul_add_c(a[5],b[2],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_6,b_1		/* mul_add_c(a[6],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_7,b_0		/* mul_add_c(a[7],b[0],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,56(a0)	/* r[7]=c2; */

-	dmultu	a_7,b_1		/* mul_add_c(a[7],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	c_2,c_1,t_2

-	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_4,b_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_3,b_5		/* mul_add_c(a[3],b[5],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_2,b_6		/* mul_add_c(a[2],b[6],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_1,b_7		/* mul_add_c(a[1],b[7],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,64(a0)	/* r[8]=c3; */

-	dmultu	a_2,b_7		/* mul_add_c(a[2],b[7],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	c_3,c_2,t_2

-	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_5,b_4		/* mul_add_c(a[5],b[4],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_6,b_3		/* mul_add_c(a[6],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_7,b_2		/* mul_add_c(a[7],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,72(a0)	/* r[9]=c1; */

-	dmultu	a_7,b_3		/* mul_add_c(a[7],b[3],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_4,b_6		/* mul_add_c(a[4],b[6],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_3,b_7		/* mul_add_c(a[3],b[7],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,80(a0)	/* r[10]=c2; */

-	dmultu	a_4,b_7		/* mul_add_c(a[4],b[7],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	c_2,c_1,t_2

-	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_7,b_4		/* mul_add_c(a[7],b[4],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,88(a0)	/* r[11]=c3; */

-	dmultu	a_7,b_5		/* mul_add_c(a[7],b[5],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	c_3,c_2,t_2

-	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,96(a0)	/* r[12]=c1; */

-	dmultu	a_6,b_7		/* mul_add_c(a[6],b[7],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,104(a0)	/* r[13]=c2; */

-	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */

-	ld	s0,0(sp)

-	ld	s1,8(sp)

-	ld	s2,16(sp)

-	ld	s3,24(sp)

-	ld	s4,32(sp)

-	ld	s5,40(sp)

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sd	c_3,112(a0)	/* r[14]=c3; */

-	sd	c_1,120(a0)	/* r[15]=c1; */

-	PTR_ADD	sp,FRAME_SIZE

-	jr	ra

-END(bn_mul_comba8)

-.align	5

-LEAF(bn_mul_comba4)

-	.set	reorder

-	ld	a_0,0(a1)

-	ld	b_0,0(a2)

-	ld	a_1,8(a1)

-	ld	a_2,16(a1)

-	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */

-	ld	a_3,24(a1)

-	ld	b_1,8(a2)

-	ld	b_2,16(a2)

-	ld	b_3,24(a2)

-	mflo	c_1

-	mfhi	c_2

-	sd	c_1,0(a0)

-	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	c_3,t_2,AT

-	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	sd	c_2,8(a0)

-	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	c_2,c_1,t_2

-	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,16(a0)

-	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	c_3,c_2,t_2

-	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,24(a0)

-	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	c_1,c_3,t_2

-	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,32(a0)

-	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	c_2,c_1,t_2

-	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,40(a0)

-	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sd	c_1,48(a0)

-	sd	c_2,56(a0)

-	jr	ra

-END(bn_mul_comba4)

-#undef	a_4

-#undef	a_5

-#undef	a_6

-#undef	a_7

-#define	a_4	b_0

-#define	a_5	b_1

-#define	a_6	b_2

-#define	a_7	b_3

-.align	5

-LEAF(bn_sqr_comba8)

-	.set	reorder

-	ld	a_0,0(a1)

-	ld	a_1,8(a1)

-	ld	a_2,16(a1)

-	ld	a_3,24(a1)

-	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */

-	ld	a_4,32(a1)

-	ld	a_5,40(a1)

-	ld	a_6,48(a1)

-	ld	a_7,56(a1)

-	mflo	c_1

-	mfhi	c_2

-	sd	c_1,0(a0)

-	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	c_3,t_2,AT

-	sd	c_2,8(a0)

-	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_2,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,16(a0)

-	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_3,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_3,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,24(a0)

-	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_1,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,32(a0)

-	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_2,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_2,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_2,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,40(a0)

-	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_3,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_3,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_3,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,48(a0)

-	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_1,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_1,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_1,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,56(a0)

-	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_2,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_2,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_2,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_4,a_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,64(a0)

-	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_3,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_3,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_3,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,72(a0)

-	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_1,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_5,a_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,80(a0)

-	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_2,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_2,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,88(a0)

-	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_3,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,96(a0)

-	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,104(a0)

-	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sd	c_3,112(a0)

-	sd	c_1,120(a0)

-	jr	ra

-END(bn_sqr_comba8)

-.align	5

-LEAF(bn_sqr_comba4)

-	.set	reorder

-	ld	a_0,0(a1)

-	ld	a_1,8(a1)

-	ld	a_2,16(a1)

-	ld	a_3,24(a1)

-	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */

-	mflo	c_1

-	mfhi	c_2

-	sd	c_1,0(a0)

-	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	c_3,t_2,AT

-	sd	c_2,8(a0)

-	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_2,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,16(a0)

-	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_3,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	slt	AT,t_2,zero

-	daddu	c_3,AT

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sltu	AT,c_2,t_2

-	daddu	c_3,AT

-	sd	c_1,24(a0)

-	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_1,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_2,t_1

-	sltu	AT,c_2,t_1

-	daddu	t_2,AT

-	daddu	c_3,t_2

-	sltu	AT,c_3,t_2

-	daddu	c_1,AT

-	sd	c_2,32(a0)

-	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */

-	mflo	t_1

-	mfhi	t_2

-	slt	c_2,t_2,zero

-	dsll	t_2,1

-	slt	a2,t_1,zero

-	daddu	t_2,a2

-	dsll	t_1,1

-	daddu	c_3,t_1

-	sltu	AT,c_3,t_1

-	daddu	t_2,AT

-	daddu	c_1,t_2

-	sltu	AT,c_1,t_2

-	daddu	c_2,AT

-	sd	c_3,40(a0)

-	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */

-	mflo	t_1

-	mfhi	t_2

-	daddu	c_1,t_1

-	sltu	AT,c_1,t_1

-	daddu	t_2,AT

-	daddu	c_2,t_2

-	sd	c_1,48(a0)

-	sd	c_2,56(a0)

-	jr	ra

-END(bn_sqr_comba4)

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/pa-risc2.s

+++ /dev/null

@@ -1,1618 +1,0 @@

-;

-; PA-RISC 2.0 implementation of bn_asm code, based on the

-; 64-bit version of the code.  This code is effectively the

-; same as the 64-bit version except the register model is

-; slightly different given all values must be 32-bit between

-; function calls.  Thus the 64-bit return values are returned

-; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit

-;

-;

-; This code is approximately 2x faster than the C version

-; for RSA/DSA.

-;

-; See http://devresource.hp.com/  for more details on the PA-RISC

-; architecture.  Also see the book "PA-RISC 2.0 Architecture"

-; by Gerry Kane for information on the instruction set architecture.

-;

-; Code written by Chris Ruemmler (with some help from the HP C

-; compiler).

-;

-; The code compiles with HP's assembler

-;

-	.level	2.0N

-	.space	$TEXT$

-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY

-;

-; Global Register definitions used for the routines.

-;

-; Some information about HP's runtime architecture for 32-bits.

-;

-; "Caller save" means the calling function must save the register

-; if it wants the register to be preserved.

-; "Callee save" means if a function uses the register, it must save

-; the value before using it.

-;

-; For the floating point registers

-;

-;    "caller save" registers: fr4-fr11, fr22-fr31

-;    "callee save" registers: fr12-fr21

-;    "special" registers: fr0-fr3 (status and exception registers)

-;

-; For the integer registers

-;     value zero             :  r0

-;     "caller save" registers: r1,r19-r26

-;     "callee save" registers: r3-r18

-;     return register        :  r2  (rp)

-;     return values          ; r28,r29  (ret0,ret1)

-;     Stack pointer          ; r30  (sp)

-;     millicode return ptr   ; r31  (also a caller save register)

-;

-; Arguments to the routines

-;

-r_ptr       .reg %r26

-a_ptr       .reg %r25

-b_ptr       .reg %r24

-num         .reg %r24

-n           .reg %r23

-;

-; Note that the "w" argument for bn_mul_add_words and bn_mul_words

-; is passed on the stack at a delta of -56 from the top of stack

-; as the routine is entered.

-;

-;

-; Globals used in some routines

-;

-top_overflow .reg %r23

-high_mask    .reg %r22    ; value 0xffffffff80000000L

-;------------------------------------------------------------------------------

-;

-; bn_mul_add_words

-;

-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr,

-;								int num, BN_ULONG w)

-;

-; arg0 = r_ptr

-; arg1 = a_ptr

-; arg3 = num

-; -56(sp) =  w

-;

-; Local register definitions

-;

-fm1          .reg %fr22

-fm           .reg %fr23

-ht_temp      .reg %fr24

-ht_temp_1    .reg %fr25

-lt_temp      .reg %fr26

-lt_temp_1    .reg %fr27

-fm1_1        .reg %fr28

-fm_1         .reg %fr29

-fw_h         .reg %fr7L

-fw_l         .reg %fr7R

-fw           .reg %fr7

-fht_0        .reg %fr8L

-flt_0        .reg %fr8R

-t_float_0    .reg %fr8

-fht_1        .reg %fr9L

-flt_1        .reg %fr9R

-t_float_1    .reg %fr9

-tmp_0        .reg %r31

-tmp_1        .reg %r21

-m_0          .reg %r20

-m_1          .reg %r19

-ht_0         .reg %r1

-ht_1         .reg %r3

-lt_0         .reg %r4

-lt_1         .reg %r5

-m1_0         .reg %r6

-m1_1         .reg %r7

-rp_val       .reg %r8

-rp_val_1     .reg %r9

-bn_mul_add_words

-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN

-	.proc

-	.callinfo frame=128

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-	NOP                         ; Needed to make the loop 16-byte aligned

-	NOP                         ; needed to make the loop 16-byte aligned

-    STD     %r5,16(%sp)         ; save r5

-	NOP

-    STD     %r6,24(%sp)         ; save r6

-    STD     %r7,32(%sp)         ; save r7

-    STD     %r8,40(%sp)         ; save r8

-    STD     %r9,48(%sp)         ; save r9

-    COPY    %r0,%ret1           ; return 0 by default

-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32

-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit

-	LDO     128(%sp),%sp        ; bump stack

-	;

-	; The loop is unrolled twice, so if there is only 1 number

-    ; then go straight to the cleanup code.

-	;

-	CMPIB,= 1,num,bn_mul_add_words_single_top

-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus

-    ; two 32-bit mutiplies can be issued per cycle.

-    ;

-bn_mul_add_words_unroll2

-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    LDD     0(r_ptr),rp_val          ; rp[0]

-    LDD     8(r_ptr),rp_val_1        ; rp[1]

-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l

-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l

-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]

-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]

-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h

-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h

-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]

-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]

-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h

-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h

-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp

-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1

-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l

-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp

-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1

-    LDD     -8(%sp),m_0              ; m[0]

-    LDD     -40(%sp),m_1             ; m[1]

-    LDD     -16(%sp),m1_0            ; m1[0]

-    LDD     -48(%sp),m1_1            ; m1[1]

-    LDD     -24(%sp),ht_0            ; ht[0]

-    LDD     -56(%sp),ht_1            ; ht[1]

-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0];

-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1];

-    LDD     -32(%sp),lt_0

-    LDD     -64(%sp),lt_1

-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])

-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)

-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])

-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32

-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32

-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32

-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32

-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)

-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)

-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];

-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++

-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];

-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++

-    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;

-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++

-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]

-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++

-	LDO    -2(num),num               ; num = num - 2;

-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);

-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++

-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]

-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]

-    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++

-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2

-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]

-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do

-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2

-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one

-	;

-	; Top of loop aligned on 64-byte boundary

-	;

-bn_mul_add_words_single_top

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    LDD     0(r_ptr),rp_val           ; rp[0]

-    LDO     8(a_ptr),a_ptr            ; a_ptr++

-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l

-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1

-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h

-    FSTD    fm,-8(%sp)                ; -8(sp) = m

-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h

-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht

-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt

-    LDD     -8(%sp),m_0

-    LDD    -16(%sp),m1_0              ; m1 = temp1

-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1;

-    LDD     -24(%sp),ht_0

-    LDD     -32(%sp),lt_0

-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)

-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0           ; m>>32

-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32

-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)

-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]

-    ADD,DC  ht_0,%r0,%ret1            ; ht++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-bn_mul_add_words_exit

-    .EXIT

-    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1

-    LDD     -80(%sp),%r9              ; restore r9

-    LDD     -88(%sp),%r8              ; restore r8

-    LDD     -96(%sp),%r7              ; restore r7

-    LDD     -104(%sp),%r6             ; restore r6

-    LDD     -112(%sp),%r5             ; restore r5

-    LDD     -120(%sp),%r4             ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3             ; restore r3

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-;

-; arg0 = rp

-; arg1 = ap

-; arg3 = num

-; w on stack at -56(sp)

-bn_mul_words

-	.proc

-	.callinfo frame=128

-    .entry

-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-	NOP

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    STD     %r7,32(%sp)         ; save r7

-    COPY    %r0,%ret1           ; return 0 by default

-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32

-    CMPIB,>= 0,num,bn_mul_words_exit

-	LDO     128(%sp),%sp    ; bump stack

-	;

-	; See if only 1 word to do, thus just do cleanup

-	;

-	CMPIB,= 1,num,bn_mul_words_single_top

-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus

-    ; two 32-bit mutiplies can be issued per cycle.

-    ;

-bn_mul_words_unroll2

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l

-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l

-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1

-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1

-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h

-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h

-    FSTD    fm,-8(%sp)                ; -8(sp) = m

-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m

-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h

-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h

-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht

-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht

-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l

-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt

-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt

-    LDD     -8(%sp),m_0

-    LDD     -40(%sp),m_1

-    LDD    -16(%sp),m1_0

-    LDD    -48(%sp),m1_1

-    LDD     -24(%sp),ht_0

-    LDD     -56(%sp),ht_1

-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1;

-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1;

-    LDD     -32(%sp),lt_0

-    LDD     -64(%sp),lt_1

-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)

-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)

-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)

-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0           ; m>>32

-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32

-    EXTRD,U tmp_1,31,32,m_1           ; m>>32

-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32

-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)

-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)

-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;

-	ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;

-    ADD,DC  ht_1,%r0,ht_1             ; ht++

-    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);

-	ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)

-    ADD,DC  ht_1,%r0,ht_1             ; ht++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-    STD     lt_1,8(r_ptr)             ; rp[1] = lt

-	COPY    ht_1,%ret1                ; carry = ht

-	LDO    -2(num),num                ; num = num - 2;

-    LDO     16(a_ptr),a_ptr           ; ap += 2

-	CMPIB,<= 2,num,bn_mul_words_unroll2

-    LDO     16(r_ptr),r_ptr           ; rp++

-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?

-	;

-	; Top of loop aligned on 64-byte boundary

-	;

-bn_mul_words_single_top

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l

-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1

-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h

-    FSTD    fm,-8(%sp)                ; -8(sp) = m

-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h

-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht

-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt

-    LDD     -8(%sp),m_0

-    LDD    -16(%sp),m1_0

-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1;

-    LDD     -24(%sp),ht_0

-    LDD     -32(%sp),lt_0

-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)

-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0           ; m>>32

-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32

-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)

-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    COPY    ht_0,%ret1                ; copy carry

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-bn_mul_words_exit

-    .EXIT

-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1

-    LDD     -96(%sp),%r7              ; restore r7

-    LDD     -104(%sp),%r6             ; restore r6

-    LDD     -112(%sp),%r5             ; restore r5

-    LDD     -120(%sp),%r4             ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3             ; restore r3

-	.PROCEND

-;----------------------------------------------------------------------------

-;

-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = num

-;

-bn_sqr_words

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-	NOP

-    STD     %r5,16(%sp)         ; save r5

-    CMPIB,>= 0,num,bn_sqr_words_exit

-	LDO     128(%sp),%sp       ; bump stack

-	;

-	; If only 1, the goto straight to cleanup

-	;

-	CMPIB,= 1,num,bn_sqr_words_single_top

-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-bn_sqr_words_unroll2

-    FLDD    0(a_ptr),t_float_0        ; a[0]

-    FLDD    8(a_ptr),t_float_1        ; a[1]

-    XMPYU   fht_0,flt_0,fm            ; m[0]

-    XMPYU   fht_1,flt_1,fm_1          ; m[1]

-    FSTD    fm,-24(%sp)               ; store m[0]

-    FSTD    fm_1,-56(%sp)             ; store m[1]

-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]

-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]

-    FSTD    lt_temp,-16(%sp)          ; store lt[0]

-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]

-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]

-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]

-    FSTD    ht_temp,-8(%sp)           ; store ht[0]

-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]

-    LDD     -24(%sp),m_0

-    LDD     -56(%sp),m_1

-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask

-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask

-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1

-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1

-    LDD     -16(%sp),lt_0

-    LDD     -48(%sp),lt_1

-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1

-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1

-    LDD     -8(%sp),ht_0

-    LDD     -40(%sp),ht_1

-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0

-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1

-    ADD     lt_0,m_0,lt_0             ; lt = lt+m

-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]

-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]

-    ADD     lt_1,m_1,lt_1             ; lt = lt+m

-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++

-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]

-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]

-	LDO    -2(num),num                ; num = num - 2;

-    LDO     16(a_ptr),a_ptr           ; ap += 2

-	CMPIB,<= 2,num,bn_sqr_words_unroll2

-    LDO     32(r_ptr),r_ptr           ; rp += 4

-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?

-	;

-	; Top of loop aligned on 64-byte boundary

-	;

-bn_sqr_words_single_top

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    XMPYU   fht_0,flt_0,fm            ; m

-    FSTD    fm,-24(%sp)               ; store m

-    XMPYU   flt_0,flt_0,lt_temp       ; lt

-    FSTD    lt_temp,-16(%sp)          ; store lt

-    XMPYU   fht_0,fht_0,ht_temp       ; ht

-    FSTD    ht_temp,-8(%sp)           ; store ht

-    LDD     -24(%sp),m_0              ; load m

-    AND     m_0,high_mask,tmp_0       ; m & Mask

-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1

-    LDD     -16(%sp),lt_0             ; lt

-    LDD     -8(%sp),ht_0              ; ht

-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1

-    ADD     m_0,lt_0,lt_0             ; lt = lt+m

-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-    STD     ht_0,8(r_ptr)             ; rp[1] = ht

-bn_sqr_words_exit

-    .EXIT

-    LDD     -112(%sp),%r5       ; restore r5

-    LDD     -120(%sp),%r4       ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = bp

-; arg3 = n

-t  .reg %r22

-b  .reg %r21

-l  .reg %r20

-bn_add_words

-	.proc

-    .entry

-	.callinfo

-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-	.align 64

-    CMPIB,>= 0,n,bn_add_words_exit

-    COPY    %r0,%ret1           ; return 0 by default

-	;

-	; If 2 or more numbers do the loop

-	;

-	CMPIB,= 1,n,bn_add_words_single_top

-	NOP

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-bn_add_words_unroll2

-	LDD     0(a_ptr),t

-	LDD     0(b_ptr),b

-	ADD     t,%ret1,t                    ; t = t+c;

-	ADD,DC  %r0,%r0,%ret1                ; set c to carry

-	ADD     t,b,l                        ; l = t + b[0]

-	ADD,DC  %ret1,%r0,%ret1              ; c+= carry

-	STD     l,0(r_ptr)

-	LDD     8(a_ptr),t

-	LDD     8(b_ptr),b

-	ADD     t,%ret1,t                     ; t = t+c;

-	ADD,DC  %r0,%r0,%ret1                 ; set c to carry

-	ADD     t,b,l                         ; l = t + b[0]

-	ADD,DC  %ret1,%r0,%ret1               ; c+= carry

-	STD     l,8(r_ptr)

-	LDO     -2(n),n

-	LDO     16(a_ptr),a_ptr

-	LDO     16(b_ptr),b_ptr

-	CMPIB,<= 2,n,bn_add_words_unroll2

-	LDO     16(r_ptr),r_ptr

-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?

-bn_add_words_single_top

-	LDD     0(a_ptr),t

-	LDD     0(b_ptr),b

-	ADD     t,%ret1,t                 ; t = t+c;

-	ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)

-	ADD     t,b,l                     ; l = t + b[0]

-	ADD,DC  %ret1,%r0,%ret1           ; c+= carry

-	STD     l,0(r_ptr)

-bn_add_words_exit

-    .EXIT

-    BVE     (%rp)

-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = bp

-; arg3 = n

-t1       .reg %r22

-t2       .reg %r21

-sub_tmp1 .reg %r20

-sub_tmp2 .reg %r19

-bn_sub_words

-	.proc

-	.callinfo

-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    CMPIB,>=  0,n,bn_sub_words_exit

-    COPY    %r0,%ret1           ; return 0 by default

-	;

-	; If 2 or more numbers do the loop

-	;

-	CMPIB,= 1,n,bn_sub_words_single_top

-	NOP

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-bn_sub_words_unroll2

-	LDD     0(a_ptr),t1

-	LDD     0(b_ptr),t2

-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2;

-	SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c;

-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2

-	LDO      1(%r0),sub_tmp2

-	CMPCLR,*= t1,t2,%r0

-	COPY    sub_tmp2,%ret1

-	STD     sub_tmp1,0(r_ptr)

-	LDD     8(a_ptr),t1

-	LDD     8(b_ptr),t2

-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2;

-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c;

-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2

-	LDO      1(%r0),sub_tmp2

-	CMPCLR,*= t1,t2,%r0

-	COPY    sub_tmp2,%ret1

-	STD     sub_tmp1,8(r_ptr)

-	LDO     -2(n),n

-	LDO     16(a_ptr),a_ptr

-	LDO     16(b_ptr),b_ptr

-	CMPIB,<= 2,n,bn_sub_words_unroll2

-	LDO     16(r_ptr),r_ptr

-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?

-bn_sub_words_single_top

-	LDD     0(a_ptr),t1

-	LDD     0(b_ptr),t2

-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2;

-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c;

-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2

-	LDO      1(%r0),sub_tmp2

-	CMPCLR,*= t1,t2,%r0

-	COPY    sub_tmp2,%ret1

-	STD     sub_tmp1,0(r_ptr)

-bn_sub_words_exit

-    .EXIT

-    BVE     (%rp)

-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;------------------------------------------------------------------------------

-;

-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)

-;

-; arg0 = h

-; arg1 = l

-; arg2 = d

-;

-; This is mainly just output from the HP C compiler.

-;

-;------------------------------------------------------------------------------

-bn_div_words

-	.PROC

-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN

-	.IMPORT	BN_num_bits_word,CODE

-	;--- not PIC	.IMPORT	__iob,DATA

-	;--- not PIC	.IMPORT	fprintf,CODE

-	.IMPORT	abort,CODE

-	.IMPORT	$$div2U,MILLICODE

-	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE

-        .ENTRY

-        STW     %r2,-20(%r30)   ;offset 0x8ec

-        STW,MA  %r3,192(%r30)   ;offset 0x8f0

-        STW     %r4,-188(%r30)  ;offset 0x8f4

-        DEPD    %r5,31,32,%r6   ;offset 0x8f8

-        STD     %r6,-184(%r30)  ;offset 0x8fc

-        DEPD    %r7,31,32,%r8   ;offset 0x900

-        STD     %r8,-176(%r30)  ;offset 0x904

-        STW     %r9,-168(%r30)  ;offset 0x908

-        LDD     -248(%r30),%r3  ;offset 0x90c

-        COPY    %r26,%r4        ;offset 0x910

-        COPY    %r24,%r5        ;offset 0x914

-        DEPD    %r25,31,32,%r4  ;offset 0x918

-        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c

-        DEPD    %r23,31,32,%r5  ;offset 0x920

-        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924

-        EXTRD,U %r29,31,32,%r28 ;offset 0x928

-$0006002A

-        LDO     -1(%r29),%r29   ;offset 0x92c

-        SUB     %r23,%r7,%r23   ;offset 0x930

-$00060024

-        SUB     %r4,%r31,%r25   ;offset 0x934

-        AND     %r25,%r19,%r26  ;offset 0x938

-        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c

-        DEPD,Z  %r25,31,32,%r20 ;offset 0x940

-        OR      %r20,%r24,%r21  ;offset 0x944

-        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948

-        SUB     %r31,%r2,%r31   ;offset 0x94c

-$00060046

-$0006002E

-        DEPD,Z  %r23,31,32,%r25 ;offset 0x950

-        EXTRD,U %r23,31,32,%r26 ;offset 0x954

-        AND     %r25,%r19,%r24  ;offset 0x958

-        ADD,L   %r31,%r26,%r31  ;offset 0x95c

-        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960

-        LDO     1(%r31),%r31    ;offset 0x964

-$00060032

-        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968

-        LDO     -1(%r29),%r29   ;offset 0x96c

-        ADD,L   %r4,%r3,%r4     ;offset 0x970

-$00060036

-        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974

-        SUB     %r5,%r24,%r28   ;offset 0x978

-$0006003A

-        SUB     %r4,%r31,%r24   ;offset 0x97c

-        SHRPD   %r24,%r28,32,%r4        ;offset 0x980

-        DEPD,Z  %r29,31,32,%r9  ;offset 0x984

-        DEPD,Z  %r28,31,32,%r5  ;offset 0x988

-$0006001C

-        EXTRD,U %r4,31,32,%r31  ;offset 0x98c

-        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990

-        MOVB,TR %r6,%r29,$D1    ;offset 0x994

-        STD     %r29,-152(%r30) ;offset 0x998

-$0006000C

-        EXTRD,U %r3,31,32,%r25  ;offset 0x99c

-        COPY    %r3,%r26        ;offset 0x9a0

-        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4

-        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8

-        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;

-        B,L     BN_num_bits_word,%r2    ;offset 0x9ac

-        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0

-        LDI     64,%r20 ;offset 0x9b4

-        DEPD    %r7,31,32,%r5   ;offset 0x9b8

-        DEPD    %r8,31,32,%r4   ;offset 0x9bc

-        DEPD    %r9,31,32,%r3   ;offset 0x9c0

-        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4

-        COPY    %r28,%r24       ;offset 0x9c8

-        MTSARCM %r24    ;offset 0x9cc

-        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0

-        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4

-$00060012

-        SUBI    64,%r24,%r31    ;offset 0x9d8

-        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc

-        SUB     %r4,%r3,%r4     ;offset 0x9e0

-$00060016

-        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4

-        COPY    %r0,%r9 ;offset 0x9e8

-        MTSARCM %r31    ;offset 0x9ec

-        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0

-        SUBI    64,%r31,%r26    ;offset 0x9f4

-        MTSAR   %r26    ;offset 0x9f8

-        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc

-        MTSARCM %r31    ;offset 0xa00

-        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04

-$0006001A

-        DEPDI,Z -1,31,32,%r19   ;offset 0xa08

-        AND     %r3,%r19,%r29   ;offset 0xa0c

-        EXTRD,U %r29,31,32,%r2  ;offset 0xa10

-        DEPDI,Z -1,63,32,%r6    ;offset 0xa14

-        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18

-        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c

-$D2

-        ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20

-        ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24

-        ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28

-        ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;

-        ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c

-        ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30

-        .CALL           ;

-        B,L     abort,%r2       ;offset 0xa34

-        NOP             ;offset 0xa38

-        B       $D3     ;offset 0xa3c

-        LDW     -212(%r30),%r2  ;offset 0xa40

-$00060020

-        COPY    %r4,%r26        ;offset 0xa44

-        EXTRD,U %r4,31,32,%r25  ;offset 0xa48

-        COPY    %r2,%r24        ;offset 0xa4c

-        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)

-        B,L     $$div2U,%r31    ;offset 0xa50

-        EXTRD,U %r2,31,32,%r23  ;offset 0xa54

-        DEPD    %r28,31,32,%r29 ;offset 0xa58

-$00060022

-        STD     %r29,-152(%r30) ;offset 0xa5c

-$D1

-        AND     %r5,%r19,%r24   ;offset 0xa60

-        EXTRD,U %r24,31,32,%r24 ;offset 0xa64

-        STW     %r2,-160(%r30)  ;offset 0xa68

-        STW     %r7,-128(%r30)  ;offset 0xa6c

-        FLDD    -152(%r30),%fr4 ;offset 0xa70

-        FLDD    -152(%r30),%fr7 ;offset 0xa74

-        FLDW    -160(%r30),%fr8L        ;offset 0xa78

-        FLDW    -128(%r30),%fr5L        ;offset 0xa7c

-        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80

-        FSTD    %fr10,-136(%r30)        ;offset 0xa84

-        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88

-        FSTD    %fr22,-144(%r30)        ;offset 0xa8c

-        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90

-        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94

-        FSTD    %fr11,-112(%r30)        ;offset 0xa98

-        FSTD    %fr23,-120(%r30)        ;offset 0xa9c

-        LDD     -136(%r30),%r28 ;offset 0xaa0

-        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4

-        LDD     -144(%r30),%r20 ;offset 0xaa8

-        ADD,L   %r20,%r31,%r31  ;offset 0xaac

-        LDD     -112(%r30),%r22 ;offset 0xab0

-        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4

-        LDD     -120(%r30),%r21 ;offset 0xab8

-        B       $00060024       ;offset 0xabc

-        ADD,L   %r21,%r22,%r23  ;offset 0xac0

-$D0

-        OR      %r9,%r29,%r29   ;offset 0xac4

-$00060040

-        EXTRD,U %r29,31,32,%r28 ;offset 0xac8

-$00060002

-$L2

-        LDW     -212(%r30),%r2  ;offset 0xacc

-$D3

-        LDW     -168(%r30),%r9  ;offset 0xad0

-        LDD     -176(%r30),%r8  ;offset 0xad4

-        EXTRD,U %r8,31,32,%r7   ;offset 0xad8

-        LDD     -184(%r30),%r6  ;offset 0xadc

-        EXTRD,U %r6,31,32,%r5   ;offset 0xae0

-        LDW     -188(%r30),%r4  ;offset 0xae4

-        BVE     (%r2)   ;offset 0xae8

-        .EXIT

-        LDW,MB  -192(%r30),%r3  ;offset 0xaec

-	.PROCEND	;in=23,25;out=28,29;fpin=105,107;

-;----------------------------------------------------------------------------

-;

-; Registers to hold 64-bit values to manipulate.  The "L" part

-; of the register corresponds to the upper 32-bits, while the "R"

-; part corresponds to the lower 32-bits

-;

-; Note, that when using b6 and b7, the code must save these before

-; using them because they are callee save registers

-;

-;

-; Floating point registers to use to save values that

-; are manipulated.  These don't collide with ftemp1-6 and

-; are all caller save registers

-;

-a0        .reg %fr22

-a0L       .reg %fr22L

-a0R       .reg %fr22R

-a1        .reg %fr23

-a1L       .reg %fr23L

-a1R       .reg %fr23R

-a2        .reg %fr24

-a2L       .reg %fr24L

-a2R       .reg %fr24R

-a3        .reg %fr25

-a3L       .reg %fr25L

-a3R       .reg %fr25R

-a4        .reg %fr26

-a4L       .reg %fr26L

-a4R       .reg %fr26R

-a5        .reg %fr27

-a5L       .reg %fr27L

-a5R       .reg %fr27R

-a6        .reg %fr28

-a6L       .reg %fr28L

-a6R       .reg %fr28R

-a7        .reg %fr29

-a7L       .reg %fr29L

-a7R       .reg %fr29R

-b0        .reg %fr30

-b0L       .reg %fr30L

-b0R       .reg %fr30R

-b1        .reg %fr31

-b1L       .reg %fr31L

-b1R       .reg %fr31R

-;

-; Temporary floating point variables, these are all caller save

-; registers

-;

-ftemp1    .reg %fr4

-ftemp2    .reg %fr5

-ftemp3    .reg %fr6

-ftemp4    .reg %fr7

-;

-; The B set of registers when used.

-;

-b2        .reg %fr8

-b2L       .reg %fr8L

-b2R       .reg %fr8R

-b3        .reg %fr9

-b3L       .reg %fr9L

-b3R       .reg %fr9R

-b4        .reg %fr10

-b4L       .reg %fr10L

-b4R       .reg %fr10R

-b5        .reg %fr11

-b5L       .reg %fr11L

-b5R       .reg %fr11R

-b6        .reg %fr12

-b6L       .reg %fr12L

-b6R       .reg %fr12R

-b7        .reg %fr13

-b7L       .reg %fr13L

-b7R       .reg %fr13R

-c1           .reg %r21   ; only reg

-temp1        .reg %r20   ; only reg

-temp2        .reg %r19   ; only reg

-temp3        .reg %r31   ; only reg

-m1           .reg %r28

-c2           .reg %r23

-high_one     .reg %r1

-ht           .reg %r6

-lt           .reg %r5

-m            .reg %r4

-c3           .reg %r3

-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3

-    XMPYU   A0L,A0R,ftemp1       ; m

-    FSTD    ftemp1,-24(%sp)      ; store m

-    XMPYU   A0R,A0R,ftemp2       ; lt

-    FSTD    ftemp2,-16(%sp)      ; store lt

-    XMPYU   A0L,A0L,ftemp3       ; ht

-    FSTD    ftemp3,-8(%sp)       ; store ht

-    LDD     -24(%sp),m           ; load m

-    AND     m,high_mask,temp2    ; m & Mask

-    DEPD,Z  m,30,31,temp3        ; m << 32+1

-    LDD     -16(%sp),lt          ; lt

-    LDD     -8(%sp),ht           ; ht

-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1

-    ADD     temp3,lt,lt          ; lt = lt+m

-    ADD,L   ht,temp1,ht          ; ht += temp1

-    ADD,DC  ht,%r0,ht            ; ht++

-    ADD     C1,lt,C1             ; c1=c1+lt

-    ADD,DC  ht,%r0,ht            ; ht++

-    ADD     C2,ht,C2             ; c2=c2+ht

-    ADD,DC  C3,%r0,C3            ; c3++

-.endm

-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3

-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht

-    FSTD    ftemp1,-16(%sp)         ;

-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt

-    FSTD    ftemp2,-8(%sp)          ;

-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt

-    FSTD    ftemp3,-32(%sp)

-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht

-    FSTD    ftemp4,-24(%sp)         ;

-    LDD     -8(%sp),m               ; r21 = m

-    LDD     -16(%sp),m1             ; r19 = m1

-    ADD,L   m,m1,m                  ; m+m1

-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)

-    LDD     -24(%sp),ht             ; r24 = ht

-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)

-    ADD,L   ht,high_one,ht          ; ht+=high_one

-    EXTRD,U m,31,32,temp1           ; m >> 32

-    LDD     -32(%sp),lt             ; lt

-    ADD,L   ht,temp1,ht             ; ht+= m>>32

-    ADD     lt,temp3,lt             ; lt = lt+m1

-    ADD,DC  ht,%r0,ht               ; ht++

-    ADD     ht,ht,ht                ; ht=ht+ht;

-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)

-    ADD     lt,lt,lt                ; lt=lt+lt;

-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)

-    ADD     C1,lt,C1                ; c1=c1+lt

-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)

-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise

-    ADD     C2,ht,C2                ; c2 = c2 + ht

-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)

-.endm

-;

-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)

-; arg0 = r_ptr

-; arg1 = a_ptr

-;

-bn_sqr_comba8

-	.PROC

-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .ENTRY

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD     0(a_ptr),a0

-    FLDD     8(a_ptr),a1

-    FLDD    16(a_ptr),a2

-    FLDD    24(a_ptr),a3

-    FLDD    32(a_ptr),a4

-    FLDD    40(a_ptr),a5

-    FLDD    48(a_ptr),a6

-    FLDD    56(a_ptr),a7

-	SQR_ADD_C a0L,a0R,c1,c2,c3

-	STD     c1,0(r_ptr)          ; r[0] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1

-	STD     c2,8(r_ptr)          ; r[1] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a1L,a1R,c3,c1,c2

-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2

-	STD     c3,16(r_ptr)            ; r[2] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3

-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3

-	STD     c1,24(r_ptr)           ; r[3] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C a2L,a2R,c2,c3,c1

-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1

-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1

-	STD     c2,32(r_ptr)          ; r[4] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2

-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2

-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2

-	STD     c3,40(r_ptr)          ; r[5] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C a3L,a3R,c1,c2,c3

-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3

-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3

-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3

-	STD     c1,48(r_ptr)          ; r[6] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1

-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1

-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1

-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1

-	STD     c2,56(r_ptr)          ; r[7] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a4L,a4R,c3,c1,c2

-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2

-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2

-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2

-	STD     c3,64(r_ptr)          ; r[8] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3

-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3

-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3

-	STD     c1,72(r_ptr)          ; r[9] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C a5L,a5R,c2,c3,c1

-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1

-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1

-	STD     c2,80(r_ptr)          ; r[10] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2

-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2

-	STD     c3,88(r_ptr)          ; r[11] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C a6L,a6R,c1,c2,c3

-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3

-	STD     c1,96(r_ptr)          ; r[12] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1

-	STD     c2,104(r_ptr)         ; r[13] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a7L,a7R,c3,c1,c2

-	STD     c3, 112(r_ptr)       ; r[14] = c3

-	STD     c1, 120(r_ptr)       ; r[15] = c1

-    .EXIT

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;-----------------------------------------------------------------------------

-;

-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)

-; arg0 = r_ptr

-; arg1 = a_ptr

-;

-bn_sqr_comba4

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD     0(a_ptr),a0

-    FLDD     8(a_ptr),a1

-    FLDD    16(a_ptr),a2

-    FLDD    24(a_ptr),a3

-    FLDD    32(a_ptr),a4

-    FLDD    40(a_ptr),a5

-    FLDD    48(a_ptr),a6

-    FLDD    56(a_ptr),a7

-	SQR_ADD_C a0L,a0R,c1,c2,c3

-	STD     c1,0(r_ptr)          ; r[0] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1

-	STD     c2,8(r_ptr)          ; r[1] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a1L,a1R,c3,c1,c2

-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2

-	STD     c3,16(r_ptr)            ; r[2] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3

-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3

-	STD     c1,24(r_ptr)           ; r[3] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C a2L,a2R,c2,c3,c1

-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1

-	STD     c2,32(r_ptr)           ; r[4] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2

-	STD     c3,40(r_ptr)           ; r[5] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C a3L,a3R,c1,c2,c3

-	STD     c1,48(r_ptr)           ; r[6] = c1;

-	STD     c2,56(r_ptr)           ; r[7] = c2;

-    .EXIT

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;---------------------------------------------------------------------------

-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3

-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht

-    FSTD    ftemp1,-16(%sp)       ;

-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt

-    FSTD    ftemp2,-8(%sp)        ;

-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt

-    FSTD    ftemp3,-32(%sp)

-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht

-    FSTD    ftemp4,-24(%sp)       ;

-    LDD     -8(%sp),m             ; r21 = m

-    LDD     -16(%sp),m1           ; r19 = m1

-    ADD,L   m,m1,m                ; m+m1

-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)

-    LDD     -24(%sp),ht           ; r24 = ht

-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)

-    ADD,L   ht,high_one,ht        ; ht+=high_one

-    EXTRD,U m,31,32,temp1         ; m >> 32

-    LDD     -32(%sp),lt           ; lt

-    ADD,L   ht,temp1,ht           ; ht+= m>>32

-    ADD     lt,temp3,lt           ; lt = lt+m1

-    ADD,DC  ht,%r0,ht             ; ht++

-    ADD     C1,lt,C1              ; c1=c1+lt

-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise

-    ADD     C2,ht,C2              ; c2 = c2 + ht

-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)

-.endm

-;

-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-; arg0 = r_ptr

-; arg1 = a_ptr

-; arg2 = b_ptr

-;

-bn_mul_comba8

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    FSTD    %fr12,32(%sp)       ; save r6

-    FSTD    %fr13,40(%sp)       ; save r7

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD      0(a_ptr),a0

-    FLDD      8(a_ptr),a1

-    FLDD     16(a_ptr),a2

-    FLDD     24(a_ptr),a3

-    FLDD     32(a_ptr),a4

-    FLDD     40(a_ptr),a5

-    FLDD     48(a_ptr),a6

-    FLDD     56(a_ptr),a7

-    FLDD      0(b_ptr),b0

-    FLDD      8(b_ptr),b1

-    FLDD     16(b_ptr),b2

-    FLDD     24(b_ptr),b3

-    FLDD     32(b_ptr),b4

-    FLDD     40(b_ptr),b5

-    FLDD     48(b_ptr),b6

-    FLDD     56(b_ptr),b7

-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3

-	STD       c1,0(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1

-	STD       c2,8(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2

-	STD       c3,16(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3

-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3

-	STD       c1,24(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1

-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1

-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1

-	STD       c2,32(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2

-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2

-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2

-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2

-	STD       c3,40(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3

-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3

-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3

-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3

-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3

-	STD       c1,48(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1

-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1

-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1

-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1

-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1

-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1

-	STD       c2,56(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2

-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2

-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2

-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2

-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2

-	STD       c3,64(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3

-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3

-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3

-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3

-	STD       c1,72(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1

-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1

-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1

-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1

-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1

-	STD       c2,80(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2

-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2

-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2

-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2

-	STD       c3,88(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3

-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3

-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3

-	STD       c1,96(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1

-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1

-	STD       c2,104(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2

-	STD       c3,112(r_ptr)

-	STD       c1,120(r_ptr)

-    .EXIT

-    FLDD    -88(%sp),%fr13

-    FLDD    -96(%sp),%fr12

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;-----------------------------------------------------------------------------

-;

-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-; arg0 = r_ptr

-; arg1 = a_ptr

-; arg2 = b_ptr

-;

-bn_mul_comba4

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    FSTD    %fr12,32(%sp)       ; save r6

-    FSTD    %fr13,40(%sp)       ; save r7

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD      0(a_ptr),a0

-    FLDD      8(a_ptr),a1

-    FLDD     16(a_ptr),a2

-    FLDD     24(a_ptr),a3

-    FLDD      0(b_ptr),b0

-    FLDD      8(b_ptr),b1

-    FLDD     16(b_ptr),b2

-    FLDD     24(b_ptr),b3

-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3

-	STD       c1,0(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1

-	STD       c2,8(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2

-	STD       c3,16(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3

-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3

-	STD       c1,24(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1

-	STD       c2,32(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2

-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2

-	STD       c3,40(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3

-	STD       c1,48(r_ptr)

-	STD       c2,56(r_ptr)

-    .EXIT

-    FLDD    -88(%sp),%fr13

-    FLDD    -96(%sp),%fr12

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;--- not PIC	.SPACE	$TEXT$

-;--- not PIC	.SUBSPA	$CODE$

-;--- not PIC	.SPACE	$PRIVATE$,SORT=16

-;--- not PIC	.IMPORT	$global$,DATA

-;--- not PIC	.SPACE	$TEXT$

-;--- not PIC	.SUBSPA	$CODE$

-;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c

-;--- not PIC	C$7

-;--- not PIC	.ALIGN	8

-;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"

-	.END

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/pa-risc2W.s

+++ /dev/null

@@ -1,1605 +1,0 @@

-;

-; PA-RISC 64-bit implementation of bn_asm code

-;

-; This code is approximately 2x faster than the C version

-; for RSA/DSA.

-;

-; See http://devresource.hp.com/  for more details on the PA-RISC

-; architecture.  Also see the book "PA-RISC 2.0 Architecture"

-; by Gerry Kane for information on the instruction set architecture.

-;

-; Code written by Chris Ruemmler (with some help from the HP C

-; compiler).

-;

-; The code compiles with HP's assembler

-;

-	.level	2.0W

-	.space	$TEXT$

-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY

-;

-; Global Register definitions used for the routines.

-;

-; Some information about HP's runtime architecture for 64-bits.

-;

-; "Caller save" means the calling function must save the register

-; if it wants the register to be preserved.

-; "Callee save" means if a function uses the register, it must save

-; the value before using it.

-;

-; For the floating point registers

-;

-;    "caller save" registers: fr4-fr11, fr22-fr31

-;    "callee save" registers: fr12-fr21

-;    "special" registers: fr0-fr3 (status and exception registers)

-;

-; For the integer registers

-;     value zero             :  r0

-;     "caller save" registers: r1,r19-r26

-;     "callee save" registers: r3-r18

-;     return register        :  r2  (rp)

-;     return values          ; r28  (ret0,ret1)

-;     Stack pointer          ; r30  (sp)

-;     global data pointer    ; r27  (dp)

-;     argument pointer       ; r29  (ap)

-;     millicode return ptr   ; r31  (also a caller save register)

-;

-; Arguments to the routines

-;

-r_ptr       .reg %r26

-a_ptr       .reg %r25

-b_ptr       .reg %r24

-num         .reg %r24

-w           .reg %r23

-n           .reg %r23

-;

-; Globals used in some routines

-;

-top_overflow .reg %r29

-high_mask    .reg %r22    ; value 0xffffffff80000000L

-;------------------------------------------------------------------------------

-;

-; bn_mul_add_words

-;

-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr,

-;								int num, BN_ULONG w)

-;

-; arg0 = r_ptr

-; arg1 = a_ptr

-; arg2 = num

-; arg3 = w

-;

-; Local register definitions

-;

-fm1          .reg %fr22

-fm           .reg %fr23

-ht_temp      .reg %fr24

-ht_temp_1    .reg %fr25

-lt_temp      .reg %fr26

-lt_temp_1    .reg %fr27

-fm1_1        .reg %fr28

-fm_1         .reg %fr29

-fw_h         .reg %fr7L

-fw_l         .reg %fr7R

-fw           .reg %fr7

-fht_0        .reg %fr8L

-flt_0        .reg %fr8R

-t_float_0    .reg %fr8

-fht_1        .reg %fr9L

-flt_1        .reg %fr9R

-t_float_1    .reg %fr9

-tmp_0        .reg %r31

-tmp_1        .reg %r21

-m_0          .reg %r20

-m_1          .reg %r19

-ht_0         .reg %r1

-ht_1         .reg %r3

-lt_0         .reg %r4

-lt_1         .reg %r5

-m1_0         .reg %r6

-m1_1         .reg %r7

-rp_val       .reg %r8

-rp_val_1     .reg %r9

-bn_mul_add_words

-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN

-	.proc

-	.callinfo frame=128

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-	NOP                         ; Needed to make the loop 16-byte aligned

-	NOP                         ; Needed to make the loop 16-byte aligned

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    STD     %r7,32(%sp)         ; save r7

-    STD     %r8,40(%sp)         ; save r8

-    STD     %r9,48(%sp)         ; save r9

-    COPY    %r0,%ret0           ; return 0 by default

-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32

-	STD     w,56(%sp)           ; store w on stack

-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit

-	LDO     128(%sp),%sp       ; bump stack

-	;

-	; The loop is unrolled twice, so if there is only 1 number

-    ; then go straight to the cleanup code.

-	;

-	CMPIB,= 1,num,bn_mul_add_words_single_top

-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus

-    ; two 32-bit mutiplies can be issued per cycle.

-    ;

-bn_mul_add_words_unroll2

-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    LDD     0(r_ptr),rp_val          ; rp[0]

-    LDD     8(r_ptr),rp_val_1        ; rp[1]

-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l

-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l

-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]

-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]

-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h

-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h

-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]

-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]

-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h

-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h

-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp

-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1

-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l

-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp

-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1

-    LDD     -8(%sp),m_0              ; m[0]

-    LDD     -40(%sp),m_1             ; m[1]

-    LDD     -16(%sp),m1_0            ; m1[0]

-    LDD     -48(%sp),m1_1            ; m1[1]

-    LDD     -24(%sp),ht_0            ; ht[0]

-    LDD     -56(%sp),ht_1            ; ht[1]

-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0];

-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1];

-    LDD     -32(%sp),lt_0

-    LDD     -64(%sp),lt_1

-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])

-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)

-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])

-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32

-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32

-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32

-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32

-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)

-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)

-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];

-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++

-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];

-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++

-    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;

-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++

-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]

-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++

-	LDO    -2(num),num               ; num = num - 2;

-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);

-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++

-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]

-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]

-    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++

-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2

-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]

-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do

-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2

-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one

-	;

-	; Top of loop aligned on 64-byte boundary

-	;

-bn_mul_add_words_single_top

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    LDD     0(r_ptr),rp_val           ; rp[0]

-    LDO     8(a_ptr),a_ptr            ; a_ptr++

-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l

-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1

-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h

-    FSTD    fm,-8(%sp)                ; -8(sp) = m

-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h

-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht

-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt

-    LDD     -8(%sp),m_0

-    LDD    -16(%sp),m1_0              ; m1 = temp1

-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1;

-    LDD     -24(%sp),ht_0

-    LDD     -32(%sp),lt_0

-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)

-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0           ; m>>32

-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32

-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)

-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]

-    ADD,DC  ht_0,%r0,%ret0            ; ht++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-bn_mul_add_words_exit

-    .EXIT

-    LDD     -80(%sp),%r9              ; restore r9

-    LDD     -88(%sp),%r8              ; restore r8

-    LDD     -96(%sp),%r7              ; restore r7

-    LDD     -104(%sp),%r6             ; restore r6

-    LDD     -112(%sp),%r5             ; restore r5

-    LDD     -120(%sp),%r4             ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3             ; restore r3

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = num

-; arg3 = w

-bn_mul_words

-	.proc

-	.callinfo frame=128

-    .entry

-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    STD     %r7,32(%sp)         ; save r7

-    COPY    %r0,%ret0           ; return 0 by default

-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32

-	STD     w,56(%sp)           ; w on stack

-    CMPIB,>= 0,num,bn_mul_words_exit

-	LDO     128(%sp),%sp       ; bump stack

-	;

-	; See if only 1 word to do, thus just do cleanup

-	;

-	CMPIB,= 1,num,bn_mul_words_single_top

-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus

-    ; two 32-bit mutiplies can be issued per cycle.

-    ;

-bn_mul_words_unroll2

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l

-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l

-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1

-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1

-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h

-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h

-    FSTD    fm,-8(%sp)                ; -8(sp) = m

-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m

-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h

-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h

-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht

-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht

-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l

-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt

-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt

-    LDD     -8(%sp),m_0

-    LDD     -40(%sp),m_1

-    LDD    -16(%sp),m1_0

-    LDD    -48(%sp),m1_1

-    LDD     -24(%sp),ht_0

-    LDD     -56(%sp),ht_1

-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1;

-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1;

-    LDD     -32(%sp),lt_0

-    LDD     -64(%sp),lt_1

-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)

-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)

-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)

-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0           ; m>>32

-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32

-    EXTRD,U tmp_1,31,32,m_1           ; m>>32

-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32

-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)

-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)

-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;

-	ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;

-    ADD,DC  ht_1,%r0,ht_1             ; ht++

-    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);

-	ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)

-    ADD,DC  ht_1,%r0,ht_1             ; ht++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-    STD     lt_1,8(r_ptr)             ; rp[1] = lt

-	COPY    ht_1,%ret0                ; carry = ht

-	LDO    -2(num),num                ; num = num - 2;

-    LDO     16(a_ptr),a_ptr           ; ap += 2

-	CMPIB,<= 2,num,bn_mul_words_unroll2

-    LDO     16(r_ptr),r_ptr           ; rp++

-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?

-	;

-	; Top of loop aligned on 64-byte boundary

-	;

-bn_mul_words_single_top

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l

-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1

-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h

-    FSTD    fm,-8(%sp)                ; -8(sp) = m

-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h

-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht

-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l

-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt

-    LDD     -8(%sp),m_0

-    LDD    -16(%sp),m1_0

-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1;

-    LDD     -24(%sp),ht_0

-    LDD     -32(%sp),lt_0

-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)

-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)

-    EXTRD,U tmp_0,31,32,m_0           ; m>>32

-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32

-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)

-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    COPY    ht_0,%ret0                ; copy carry

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-bn_mul_words_exit

-    .EXIT

-    LDD     -96(%sp),%r7              ; restore r7

-    LDD     -104(%sp),%r6             ; restore r6

-    LDD     -112(%sp),%r5             ; restore r5

-    LDD     -120(%sp),%r4             ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3             ; restore r3

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = num

-;

-bn_sqr_words

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-	NOP

-    STD     %r5,16(%sp)         ; save r5

-    CMPIB,>= 0,num,bn_sqr_words_exit

-	LDO     128(%sp),%sp       ; bump stack

-	;

-	; If only 1, the goto straight to cleanup

-	;

-	CMPIB,= 1,num,bn_sqr_words_single_top

-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-bn_sqr_words_unroll2

-    FLDD    0(a_ptr),t_float_0        ; a[0]

-    FLDD    8(a_ptr),t_float_1        ; a[1]

-    XMPYU   fht_0,flt_0,fm            ; m[0]

-    XMPYU   fht_1,flt_1,fm_1          ; m[1]

-    FSTD    fm,-24(%sp)               ; store m[0]

-    FSTD    fm_1,-56(%sp)             ; store m[1]

-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]

-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]

-    FSTD    lt_temp,-16(%sp)          ; store lt[0]

-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]

-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]

-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]

-    FSTD    ht_temp,-8(%sp)           ; store ht[0]

-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]

-    LDD     -24(%sp),m_0

-    LDD     -56(%sp),m_1

-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask

-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask

-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1

-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1

-    LDD     -16(%sp),lt_0

-    LDD     -48(%sp),lt_1

-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1

-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1

-    LDD     -8(%sp),ht_0

-    LDD     -40(%sp),ht_1

-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0

-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1

-    ADD     lt_0,m_0,lt_0             ; lt = lt+m

-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]

-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]

-    ADD     lt_1,m_1,lt_1             ; lt = lt+m

-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++

-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]

-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]

-	LDO    -2(num),num                ; num = num - 2;

-    LDO     16(a_ptr),a_ptr           ; ap += 2

-	CMPIB,<= 2,num,bn_sqr_words_unroll2

-    LDO     32(r_ptr),r_ptr           ; rp += 4

-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?

-	;

-	; Top of loop aligned on 64-byte boundary

-	;

-bn_sqr_words_single_top

-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)

-    XMPYU   fht_0,flt_0,fm            ; m

-    FSTD    fm,-24(%sp)               ; store m

-    XMPYU   flt_0,flt_0,lt_temp       ; lt

-    FSTD    lt_temp,-16(%sp)          ; store lt

-    XMPYU   fht_0,fht_0,ht_temp       ; ht

-    FSTD    ht_temp,-8(%sp)           ; store ht

-    LDD     -24(%sp),m_0              ; load m

-    AND     m_0,high_mask,tmp_0       ; m & Mask

-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1

-    LDD     -16(%sp),lt_0             ; lt

-    LDD     -8(%sp),ht_0              ; ht

-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1

-    ADD     m_0,lt_0,lt_0             ; lt = lt+m

-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0

-    ADD,DC  ht_0,%r0,ht_0             ; ht++

-    STD     lt_0,0(r_ptr)             ; rp[0] = lt

-    STD     ht_0,8(r_ptr)             ; rp[1] = ht

-bn_sqr_words_exit

-    .EXIT

-    LDD     -112(%sp),%r5       ; restore r5

-    LDD     -120(%sp),%r4       ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = bp

-; arg3 = n

-t  .reg %r22

-b  .reg %r21

-l  .reg %r20

-bn_add_words

-	.proc

-    .entry

-	.callinfo

-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-	.align 64

-    CMPIB,>= 0,n,bn_add_words_exit

-    COPY    %r0,%ret0           ; return 0 by default

-	;

-	; If 2 or more numbers do the loop

-	;

-	CMPIB,= 1,n,bn_add_words_single_top

-	NOP

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-bn_add_words_unroll2

-	LDD     0(a_ptr),t

-	LDD     0(b_ptr),b

-	ADD     t,%ret0,t                    ; t = t+c;

-	ADD,DC  %r0,%r0,%ret0                ; set c to carry

-	ADD     t,b,l                        ; l = t + b[0]

-	ADD,DC  %ret0,%r0,%ret0              ; c+= carry

-	STD     l,0(r_ptr)

-	LDD     8(a_ptr),t

-	LDD     8(b_ptr),b

-	ADD     t,%ret0,t                     ; t = t+c;

-	ADD,DC  %r0,%r0,%ret0                 ; set c to carry

-	ADD     t,b,l                         ; l = t + b[0]

-	ADD,DC  %ret0,%r0,%ret0               ; c+= carry

-	STD     l,8(r_ptr)

-	LDO     -2(n),n

-	LDO     16(a_ptr),a_ptr

-	LDO     16(b_ptr),b_ptr

-	CMPIB,<= 2,n,bn_add_words_unroll2

-	LDO     16(r_ptr),r_ptr

-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?

-bn_add_words_single_top

-	LDD     0(a_ptr),t

-	LDD     0(b_ptr),b

-	ADD     t,%ret0,t                 ; t = t+c;

-	ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)

-	ADD     t,b,l                     ; l = t + b[0]

-	ADD,DC  %ret0,%r0,%ret0           ; c+= carry

-	STD     l,0(r_ptr)

-bn_add_words_exit

-    .EXIT

-    BVE     (%rp)

-	NOP

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-;

-; arg0 = rp

-; arg1 = ap

-; arg2 = bp

-; arg3 = n

-t1       .reg %r22

-t2       .reg %r21

-sub_tmp1 .reg %r20

-sub_tmp2 .reg %r19

-bn_sub_words

-	.proc

-	.callinfo

-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    CMPIB,>=  0,n,bn_sub_words_exit

-    COPY    %r0,%ret0           ; return 0 by default

-	;

-	; If 2 or more numbers do the loop

-	;

-	CMPIB,= 1,n,bn_sub_words_single_top

-	NOP

-	;

-	; This loop is unrolled 2 times (64-byte aligned as well)

-	;

-bn_sub_words_unroll2

-	LDD     0(a_ptr),t1

-	LDD     0(b_ptr),t2

-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2;

-	SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c;

-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2

-	LDO      1(%r0),sub_tmp2

-	CMPCLR,*= t1,t2,%r0

-	COPY    sub_tmp2,%ret0

-	STD     sub_tmp1,0(r_ptr)

-	LDD     8(a_ptr),t1

-	LDD     8(b_ptr),t2

-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2;

-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c;

-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2

-	LDO      1(%r0),sub_tmp2

-	CMPCLR,*= t1,t2,%r0

-	COPY    sub_tmp2,%ret0

-	STD     sub_tmp1,8(r_ptr)

-	LDO     -2(n),n

-	LDO     16(a_ptr),a_ptr

-	LDO     16(b_ptr),b_ptr

-	CMPIB,<= 2,n,bn_sub_words_unroll2

-	LDO     16(r_ptr),r_ptr

-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?

-bn_sub_words_single_top

-	LDD     0(a_ptr),t1

-	LDD     0(b_ptr),t2

-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2;

-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c;

-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2

-	LDO      1(%r0),sub_tmp2

-	CMPCLR,*= t1,t2,%r0

-	COPY    sub_tmp2,%ret0

-	STD     sub_tmp1,0(r_ptr)

-bn_sub_words_exit

-    .EXIT

-    BVE     (%rp)

-	NOP

-	.PROCEND	;in=23,24,25,26,29;out=28;

-;------------------------------------------------------------------------------

-;

-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)

-;

-; arg0 = h

-; arg1 = l

-; arg2 = d

-;

-; This is mainly just modified assembly from the compiler, thus the

-; lack of variable names.

-;

-;------------------------------------------------------------------------------

-bn_div_words

-	.proc

-	.callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-	.IMPORT	BN_num_bits_word,CODE,NO_RELOCATION

-	.IMPORT	__iob,DATA

-	.IMPORT	fprintf,CODE,NO_RELOCATION

-	.IMPORT	abort,CODE,NO_RELOCATION

-	.IMPORT	$$div2U,MILLICODE

-    .entry

-    STD     %r2,-16(%r30)

-    STD,MA  %r3,352(%r30)

-    STD     %r4,-344(%r30)

-    STD     %r5,-336(%r30)

-    STD     %r6,-328(%r30)

-    STD     %r7,-320(%r30)

-    STD     %r8,-312(%r30)

-    STD     %r9,-304(%r30)

-    STD     %r10,-296(%r30)

-    STD     %r27,-288(%r30)             ; save gp

-    COPY    %r24,%r3           ; save d

-    COPY    %r26,%r4           ; save h (high 64-bits)

-    LDO      -1(%r0),%ret0     ; return -1 by default

-    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)

-    COPY    %r25,%r5           ; save l (low 64-bits)

-    LDO     -48(%r30),%r29     ; create ap

-    .CALL   ;in=26,29;out=28;

-    B,L     BN_num_bits_word,%r2

-    COPY    %r3,%r26

-    LDD     -288(%r30),%r27    ; restore gp

-    LDI     64,%r21

-    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward)

-    COPY    %ret0,%r24             ; i

-    MTSARCM %r24

-    DEPDI,Z -1,%sar,1,%r29

-    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward)

-$00000012

-    SUBI    64,%r24,%r31                       ; i = 64 - i;

-    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)

-    SUB     %r4,%r3,%r4                        ; h -= d

-    CMPB,=  %r31,%r0,$0000001A                 ; if (i)

-    COPY    %r0,%r10                           ; ret = 0

-    MTSARCM %r31                               ; i to shift

-    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;

-    SUBI    64,%r31,%r19                       ; 64 - i; redundent

-    MTSAR   %r19                               ; (64 -i) to shift

-    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)

-    MTSARCM %r31                               ; i to shift

-    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;

-$0000001A

-    DEPDI,Z -1,31,32,%r19

-    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32

-    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff

-    LDO     2(%r0),%r9

-    STD    %r3,-280(%r30)                      ; "d" to stack

-$0000001C

-    DEPDI,Z -1,63,32,%r29                      ;

-    EXTRD,U %r4,31,32,%r31                     ; h >> 32

-    CMPB,*=,N  %r31,%r6,$D2     	       ; if ((h>>32) != dh)(forward) div

-    COPY    %r4,%r26

-    EXTRD,U %r4,31,32,%r25

-    COPY    %r6,%r24

-    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)

-    B,L     $$div2U,%r2

-    EXTRD,U %r6,31,32,%r23

-    DEPD    %r28,31,32,%r29

-$D2

-    STD     %r29,-272(%r30)                   ; q

-    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;

-    EXTRD,U %r24,31,32,%r24                 ; ???

-    FLDD    -272(%r30),%fr7                 ; q

-    FLDD    -280(%r30),%fr8                 ; d

-    XMPYU   %fr8L,%fr7L,%fr10

-    FSTD    %fr10,-256(%r30)

-    XMPYU   %fr8L,%fr7R,%fr22

-    FSTD    %fr22,-264(%r30)

-    XMPYU   %fr8R,%fr7L,%fr11

-    XMPYU   %fr8R,%fr7R,%fr23

-    FSTD    %fr11,-232(%r30)

-    FSTD    %fr23,-240(%r30)

-    LDD     -256(%r30),%r28

-    DEPD,Z  %r28,31,32,%r2

-    LDD     -264(%r30),%r20

-    ADD,L   %r20,%r2,%r31

-    LDD     -232(%r30),%r22

-    DEPD,Z  %r22,31,32,%r22

-    LDD     -240(%r30),%r21

-    B       $00000024       ; enter loop

-    ADD,L   %r21,%r22,%r23

-$0000002A

-    LDO     -1(%r29),%r29

-    SUB     %r23,%r8,%r23

-$00000024

-    SUB     %r4,%r31,%r25

-    AND     %r25,%r19,%r26

-    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)

-    DEPD,Z  %r25,31,32,%r20

-    OR      %r20,%r24,%r21

-    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward)

-    SUB     %r31,%r6,%r31

-;-------------Break path---------------------

-$00000046

-    DEPD,Z  %r23,31,32,%r25              ;tl

-    EXTRD,U %r23,31,32,%r26              ;t

-    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L

-    ADD,L   %r31,%r26,%r31               ;th += t;

-    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)

-    LDO     1(%r31),%r31                 ; th++;

-    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)

-    LDO     -1(%r29),%r29                ;q--;

-    ADD,L   %r4,%r3,%r4                  ;h += d;

-$00000036

-    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward)

-    SUB     %r5,%r24,%r28                ; l -= tl;

-    SUB     %r4,%r31,%r24                ; h -= th;

-    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));

-    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32

-    b      $0000001C

-    DEPD,Z  %r28,31,32,%r5               ; l = l << 32

-$D1

-    OR      %r10,%r29,%r28           ; ret |= q

-$D3

-    LDD     -368(%r30),%r2

-$D0

-    LDD     -296(%r30),%r10

-    LDD     -304(%r30),%r9

-    LDD     -312(%r30),%r8

-    LDD     -320(%r30),%r7

-    LDD     -328(%r30),%r6

-    LDD     -336(%r30),%r5

-    LDD     -344(%r30),%r4

-    BVE     (%r2)

-        .EXIT

-    LDD,MB  -352(%r30),%r3

-bn_div_err_case

-    MFIA    %r6

-    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1

-    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6

-    ADDIL   LT'__iob,%r27,%r1

-    LDD     RT'__iob(%r1),%r26

-    ADDIL   L'C$4-bn_div_words,%r6,%r1

-    LDO     R'C$4-bn_div_words(%r1),%r25

-    LDO     64(%r26),%r26

-    .CALL           ;in=24,25,26,29;out=28;

-    B,L     fprintf,%r2

-    LDO     -48(%r30),%r29

-    LDD     -288(%r30),%r27

-    .CALL           ;in=29;

-    B,L     abort,%r2

-    LDO     -48(%r30),%r29

-    LDD     -288(%r30),%r27

-    B       $D0

-    LDD     -368(%r30),%r2

-	.PROCEND	;in=24,25,26,29;out=28;

-;----------------------------------------------------------------------------

-;

-; Registers to hold 64-bit values to manipulate.  The "L" part

-; of the register corresponds to the upper 32-bits, while the "R"

-; part corresponds to the lower 32-bits

-;

-; Note, that when using b6 and b7, the code must save these before

-; using them because they are callee save registers

-;

-;

-; Floating point registers to use to save values that

-; are manipulated.  These don't collide with ftemp1-6 and

-; are all caller save registers

-;

-a0        .reg %fr22

-a0L       .reg %fr22L

-a0R       .reg %fr22R

-a1        .reg %fr23

-a1L       .reg %fr23L

-a1R       .reg %fr23R

-a2        .reg %fr24

-a2L       .reg %fr24L

-a2R       .reg %fr24R

-a3        .reg %fr25

-a3L       .reg %fr25L

-a3R       .reg %fr25R

-a4        .reg %fr26

-a4L       .reg %fr26L

-a4R       .reg %fr26R

-a5        .reg %fr27

-a5L       .reg %fr27L

-a5R       .reg %fr27R

-a6        .reg %fr28

-a6L       .reg %fr28L

-a6R       .reg %fr28R

-a7        .reg %fr29

-a7L       .reg %fr29L

-a7R       .reg %fr29R

-b0        .reg %fr30

-b0L       .reg %fr30L

-b0R       .reg %fr30R

-b1        .reg %fr31

-b1L       .reg %fr31L

-b1R       .reg %fr31R

-;

-; Temporary floating point variables, these are all caller save

-; registers

-;

-ftemp1    .reg %fr4

-ftemp2    .reg %fr5

-ftemp3    .reg %fr6

-ftemp4    .reg %fr7

-;

-; The B set of registers when used.

-;

-b2        .reg %fr8

-b2L       .reg %fr8L

-b2R       .reg %fr8R

-b3        .reg %fr9

-b3L       .reg %fr9L

-b3R       .reg %fr9R

-b4        .reg %fr10

-b4L       .reg %fr10L

-b4R       .reg %fr10R

-b5        .reg %fr11

-b5L       .reg %fr11L

-b5R       .reg %fr11R

-b6        .reg %fr12

-b6L       .reg %fr12L

-b6R       .reg %fr12R

-b7        .reg %fr13

-b7L       .reg %fr13L

-b7R       .reg %fr13R

-c1           .reg %r21   ; only reg

-temp1        .reg %r20   ; only reg

-temp2        .reg %r19   ; only reg

-temp3        .reg %r31   ; only reg

-m1           .reg %r28

-c2           .reg %r23

-high_one     .reg %r1

-ht           .reg %r6

-lt           .reg %r5

-m            .reg %r4

-c3           .reg %r3

-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3

-    XMPYU   A0L,A0R,ftemp1       ; m

-    FSTD    ftemp1,-24(%sp)      ; store m

-    XMPYU   A0R,A0R,ftemp2       ; lt

-    FSTD    ftemp2,-16(%sp)      ; store lt

-    XMPYU   A0L,A0L,ftemp3       ; ht

-    FSTD    ftemp3,-8(%sp)       ; store ht

-    LDD     -24(%sp),m           ; load m

-    AND     m,high_mask,temp2    ; m & Mask

-    DEPD,Z  m,30,31,temp3        ; m << 32+1

-    LDD     -16(%sp),lt          ; lt

-    LDD     -8(%sp),ht           ; ht

-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1

-    ADD     temp3,lt,lt          ; lt = lt+m

-    ADD,L   ht,temp1,ht          ; ht += temp1

-    ADD,DC  ht,%r0,ht            ; ht++

-    ADD     C1,lt,C1             ; c1=c1+lt

-    ADD,DC  ht,%r0,ht            ; ht++

-    ADD     C2,ht,C2             ; c2=c2+ht

-    ADD,DC  C3,%r0,C3            ; c3++

-.endm

-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3

-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht

-    FSTD    ftemp1,-16(%sp)         ;

-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt

-    FSTD    ftemp2,-8(%sp)          ;

-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt

-    FSTD    ftemp3,-32(%sp)

-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht

-    FSTD    ftemp4,-24(%sp)         ;

-    LDD     -8(%sp),m               ; r21 = m

-    LDD     -16(%sp),m1             ; r19 = m1

-    ADD,L   m,m1,m                  ; m+m1

-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)

-    LDD     -24(%sp),ht             ; r24 = ht

-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)

-    ADD,L   ht,high_one,ht          ; ht+=high_one

-    EXTRD,U m,31,32,temp1           ; m >> 32

-    LDD     -32(%sp),lt             ; lt

-    ADD,L   ht,temp1,ht             ; ht+= m>>32

-    ADD     lt,temp3,lt             ; lt = lt+m1

-    ADD,DC  ht,%r0,ht               ; ht++

-    ADD     ht,ht,ht                ; ht=ht+ht;

-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)

-    ADD     lt,lt,lt                ; lt=lt+lt;

-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)

-    ADD     C1,lt,C1                ; c1=c1+lt

-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)

-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise

-    ADD     C2,ht,C2                ; c2 = c2 + ht

-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)

-.endm

-;

-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)

-; arg0 = r_ptr

-; arg1 = a_ptr

-;

-bn_sqr_comba8

-	.PROC

-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .ENTRY

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD     0(a_ptr),a0

-    FLDD     8(a_ptr),a1

-    FLDD    16(a_ptr),a2

-    FLDD    24(a_ptr),a3

-    FLDD    32(a_ptr),a4

-    FLDD    40(a_ptr),a5

-    FLDD    48(a_ptr),a6

-    FLDD    56(a_ptr),a7

-	SQR_ADD_C a0L,a0R,c1,c2,c3

-	STD     c1,0(r_ptr)          ; r[0] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1

-	STD     c2,8(r_ptr)          ; r[1] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a1L,a1R,c3,c1,c2

-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2

-	STD     c3,16(r_ptr)            ; r[2] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3

-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3

-	STD     c1,24(r_ptr)           ; r[3] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C a2L,a2R,c2,c3,c1

-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1

-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1

-	STD     c2,32(r_ptr)          ; r[4] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2

-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2

-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2

-	STD     c3,40(r_ptr)          ; r[5] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C a3L,a3R,c1,c2,c3

-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3

-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3

-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3

-	STD     c1,48(r_ptr)          ; r[6] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1

-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1

-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1

-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1

-	STD     c2,56(r_ptr)          ; r[7] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a4L,a4R,c3,c1,c2

-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2

-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2

-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2

-	STD     c3,64(r_ptr)          ; r[8] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3

-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3

-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3

-	STD     c1,72(r_ptr)          ; r[9] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C a5L,a5R,c2,c3,c1

-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1

-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1

-	STD     c2,80(r_ptr)          ; r[10] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2

-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2

-	STD     c3,88(r_ptr)          ; r[11] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C a6L,a6R,c1,c2,c3

-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3

-	STD     c1,96(r_ptr)          ; r[12] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1

-	STD     c2,104(r_ptr)         ; r[13] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a7L,a7R,c3,c1,c2

-	STD     c3, 112(r_ptr)       ; r[14] = c3

-	STD     c1, 120(r_ptr)       ; r[15] = c1

-    .EXIT

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;-----------------------------------------------------------------------------

-;

-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)

-; arg0 = r_ptr

-; arg1 = a_ptr

-;

-bn_sqr_comba4

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD     0(a_ptr),a0

-    FLDD     8(a_ptr),a1

-    FLDD    16(a_ptr),a2

-    FLDD    24(a_ptr),a3

-    FLDD    32(a_ptr),a4

-    FLDD    40(a_ptr),a5

-    FLDD    48(a_ptr),a6

-    FLDD    56(a_ptr),a7

-	SQR_ADD_C a0L,a0R,c1,c2,c3

-	STD     c1,0(r_ptr)          ; r[0] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1

-	STD     c2,8(r_ptr)          ; r[1] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C a1L,a1R,c3,c1,c2

-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2

-	STD     c3,16(r_ptr)            ; r[2] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3

-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3

-	STD     c1,24(r_ptr)           ; r[3] = c1;

-	COPY    %r0,c1

-	SQR_ADD_C a2L,a2R,c2,c3,c1

-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1

-	STD     c2,32(r_ptr)           ; r[4] = c2;

-	COPY    %r0,c2

-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2

-	STD     c3,40(r_ptr)           ; r[5] = c3;

-	COPY    %r0,c3

-	SQR_ADD_C a3L,a3R,c1,c2,c3

-	STD     c1,48(r_ptr)           ; r[6] = c1;

-	STD     c2,56(r_ptr)           ; r[7] = c2;

-    .EXIT

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;---------------------------------------------------------------------------

-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3

-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht

-    FSTD    ftemp1,-16(%sp)       ;

-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt

-    FSTD    ftemp2,-8(%sp)        ;

-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt

-    FSTD    ftemp3,-32(%sp)

-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht

-    FSTD    ftemp4,-24(%sp)       ;

-    LDD     -8(%sp),m             ; r21 = m

-    LDD     -16(%sp),m1           ; r19 = m1

-    ADD,L   m,m1,m                ; m+m1

-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)

-    LDD     -24(%sp),ht           ; r24 = ht

-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)

-    ADD,L   ht,high_one,ht        ; ht+=high_one

-    EXTRD,U m,31,32,temp1         ; m >> 32

-    LDD     -32(%sp),lt           ; lt

-    ADD,L   ht,temp1,ht           ; ht+= m>>32

-    ADD     lt,temp3,lt           ; lt = lt+m1

-    ADD,DC  ht,%r0,ht             ; ht++

-    ADD     C1,lt,C1              ; c1=c1+lt

-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise

-    ADD     C2,ht,C2              ; c2 = c2 + ht

-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)

-.endm

-;

-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-; arg0 = r_ptr

-; arg1 = a_ptr

-; arg2 = b_ptr

-;

-bn_mul_comba8

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    FSTD    %fr12,32(%sp)       ; save r6

-    FSTD    %fr13,40(%sp)       ; save r7

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD      0(a_ptr),a0

-    FLDD      8(a_ptr),a1

-    FLDD     16(a_ptr),a2

-    FLDD     24(a_ptr),a3

-    FLDD     32(a_ptr),a4

-    FLDD     40(a_ptr),a5

-    FLDD     48(a_ptr),a6

-    FLDD     56(a_ptr),a7

-    FLDD      0(b_ptr),b0

-    FLDD      8(b_ptr),b1

-    FLDD     16(b_ptr),b2

-    FLDD     24(b_ptr),b3

-    FLDD     32(b_ptr),b4

-    FLDD     40(b_ptr),b5

-    FLDD     48(b_ptr),b6

-    FLDD     56(b_ptr),b7

-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3

-	STD       c1,0(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1

-	STD       c2,8(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2

-	STD       c3,16(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3

-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3

-	STD       c1,24(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1

-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1

-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1

-	STD       c2,32(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2

-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2

-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2

-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2

-	STD       c3,40(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3

-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3

-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3

-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3

-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3

-	STD       c1,48(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1

-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1

-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1

-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1

-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1

-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1

-	STD       c2,56(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2

-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2

-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2

-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2

-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2

-	STD       c3,64(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3

-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3

-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3

-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3

-	STD       c1,72(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1

-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1

-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1

-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1

-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1

-	STD       c2,80(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2

-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2

-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2

-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2

-	STD       c3,88(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3

-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3

-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3

-	STD       c1,96(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1

-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1

-	STD       c2,104(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2

-	STD       c3,112(r_ptr)

-	STD       c1,120(r_ptr)

-    .EXIT

-    FLDD    -88(%sp),%fr13

-    FLDD    -96(%sp),%fr12

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-;-----------------------------------------------------------------------------

-;

-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-; arg0 = r_ptr

-; arg1 = a_ptr

-; arg2 = b_ptr

-;

-bn_mul_comba4

-	.proc

-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE

-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN

-    .entry

-	.align 64

-    STD     %r3,0(%sp)          ; save r3

-    STD     %r4,8(%sp)          ; save r4

-    STD     %r5,16(%sp)         ; save r5

-    STD     %r6,24(%sp)         ; save r6

-    FSTD    %fr12,32(%sp)       ; save r6

-    FSTD    %fr13,40(%sp)       ; save r7

-	;

-	; Zero out carries

-	;

-	COPY     %r0,c1

-	COPY     %r0,c2

-	COPY     %r0,c3

-	LDO      128(%sp),%sp       ; bump stack

-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32

-	;

-	; Load up all of the values we are going to use

-	;

-    FLDD      0(a_ptr),a0

-    FLDD      8(a_ptr),a1

-    FLDD     16(a_ptr),a2

-    FLDD     24(a_ptr),a3

-    FLDD      0(b_ptr),b0

-    FLDD      8(b_ptr),b1

-    FLDD     16(b_ptr),b2

-    FLDD     24(b_ptr),b3

-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3

-	STD       c1,0(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1

-	STD       c2,8(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2

-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2

-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2

-	STD       c3,16(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3

-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3

-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3

-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3

-	STD       c1,24(r_ptr)

-	COPY      %r0,c1

-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1

-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1

-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1

-	STD       c2,32(r_ptr)

-	COPY      %r0,c2

-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2

-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2

-	STD       c3,40(r_ptr)

-	COPY      %r0,c3

-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3

-	STD       c1,48(r_ptr)

-	STD       c2,56(r_ptr)

-    .EXIT

-    FLDD    -88(%sp),%fr13

-    FLDD    -96(%sp),%fr12

-    LDD     -104(%sp),%r6        ; restore r6

-    LDD     -112(%sp),%r5        ; restore r5

-    LDD     -120(%sp),%r4        ; restore r4

-    BVE     (%rp)

-    LDD,MB  -128(%sp),%r3

-	.PROCEND

-	.SPACE	$TEXT$

-	.SUBSPA	$CODE$

-	.SPACE	$PRIVATE$,SORT=16

-	.IMPORT	$global$,DATA

-	.SPACE	$TEXT$

-	.SUBSPA	$CODE$

-	.SUBSPA	$LIT$,ACCESS=0x2c

-C$4

-	.ALIGN	8

-	.STRINGZ	"Division would overflow (%d)\n"

-	.END

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/ppc.pl

+++ /dev/null

@@ -1,2078 +1,0 @@

-#!/usr/bin/env perl

-#

-# Implemented as a Perl wrapper as we want to support several different

-# architectures with single file. We pick up the target based on the

-# file name we are asked to generate.

-#

-# It should be noted though that this perl code is nothing like

-# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much

-# as pre-processor to cover for platform differences in name decoration,

-# linker tables, 32-/64-bit instruction sets...

-#

-# As you might know there're several PowerPC ABI in use. Most notably

-# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs

-# are similar enough to implement leaf(!) functions, which would be ABI

-# neutral. And that's what you find here: ABI neutral leaf functions.

-# In case you wonder what that is...

-#

-#       AIX performance

-#

-#	MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.

-#

-#	The following is the performance of 32-bit compiler

-#	generated code:

-#

-#	OpenSSL 0.9.6c 21 dec 2001

-#	built on: Tue Jun 11 11:06:51 EDT 2002

-#	options:bn(64,32) ...

-#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3

-#                  sign    verify    sign/s verify/s

-#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6

-#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5

-#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1

-#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4

-#dsa  512 bits   0.0087s   0.0106s    114.3     94.5

-#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0

-#

-#	Same bechmark with this assembler code:

-#

-#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2

-#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1

-#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2

-#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7

-#dsa  512 bits   0.0052s   0.0062s    191.6    162.0

-#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5

-#

-#	Number of operations increases by at almost 75%

-#

-#	Here are performance numbers for 64-bit compiler

-#	generated code:

-#

-#	OpenSSL 0.9.6g [engine] 9 Aug 2002

-#	built on: Fri Apr 18 16:59:20 EDT 2003

-#	options:bn(64,64) ...

-#	compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3

-#                  sign    verify    sign/s verify/s

-#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4

-#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7

-#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0

-#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1

-#dsa  512 bits   0.0026s   0.0032s    382.5    313.7

-#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6

-#

-#	Same benchmark with this assembler code:

-#

-#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7

-#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3

-#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5

-#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0

-#dsa  512 bits   0.0016s   0.0020s    610.7    507.1

-#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2

-#

-#	Again, performance increases by at about 75%

-#

-#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)

-#       OpenSSL 0.9.7c 30 Sep 2003

-#

-#       Original code.

-#

-#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5

-#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1

-#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4

-#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4

-#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5

-#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7

-#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6

-#

-#       Same benchmark with this assembler code:

-#

-#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9

-#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6

-#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5

-#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6

-#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2

-#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2

-#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8

-#

-#        Performance increase of ~60%

-#

-#	If you have comments or suggestions to improve code send

-#	me a note at [email protected]

-#

-$opf = shift;

-if ($opf =~ /32\.s/) {

-	$BITS=	32;

-	$BNSZ=	$BITS/8;

-	$ISA=	"\"ppc\"";

-	$LD=	"lwz";		# load

-	$LDU=	"lwzu";		# load and update

-	$ST=	"stw";		# store

-	$STU=	"stwu";		# store and update

-	$UMULL=	"mullw";	# unsigned multiply low

-	$UMULH=	"mulhwu";	# unsigned multiply high

-	$UDIV=	"divwu";	# unsigned divide

-	$UCMPI=	"cmplwi";	# unsigned compare with immediate

-	$UCMP=	"cmplw";	# unsigned compare

-	$CNTLZ=	"cntlzw";	# count leading zeros

-	$SHL=	"slw";		# shift left

-	$SHR=	"srw";		# unsigned shift right

-	$SHRI=	"srwi";		# unsigned shift right by immediate

-	$SHLI=	"slwi";		# shift left by immediate

-	$CLRU=	"clrlwi";	# clear upper bits

-	$INSR=	"insrwi";	# insert right

-	$ROTL=	"rotlwi";	# rotate left by immediate

-	$TR=	"tw";		# conditional trap

-} elsif ($opf =~ /64\.s/) {

-	$BITS=	64;

-	$BNSZ=	$BITS/8;

-	$ISA=	"\"ppc64\"";

-	# same as above, but 64-bit mnemonics...

-	$LD=	"ld";		# load

-	$LDU=	"ldu";		# load and update

-	$ST=	"std";		# store

-	$STU=	"stdu";		# store and update

-	$UMULL=	"mulld";	# unsigned multiply low

-	$UMULH=	"mulhdu";	# unsigned multiply high

-	$UDIV=	"divdu";	# unsigned divide

-	$UCMPI=	"cmpldi";	# unsigned compare with immediate

-	$UCMP=	"cmpld";	# unsigned compare

-	$CNTLZ=	"cntlzd";	# count leading zeros

-	$SHL=	"sld";		# shift left

-	$SHR=	"srd";		# unsigned shift right

-	$SHRI=	"srdi";		# unsigned shift right by immediate

-	$SHLI=	"sldi";		# shift left by immediate

-	$CLRU=	"clrldi";	# clear upper bits

-	$INSR=	"insrdi";	# insert right

-	$ROTL=	"rotldi";	# rotate left by immediate

-	$TR=	"td";		# conditional trap

-} else { die "nonsense $opf"; }

-( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";

-# function entry points from the AIX code

-#

-# There are other, more elegant, ways to handle this. We (IBM) chose

-# this approach as it plays well with scripts we run to 'namespace'

-# OpenSSL .i.e. we add a prefix to all the public symbols so we can

-# co-exist in the same process with other implementations of OpenSSL.

-# 'cleverer' ways of doing these substitutions tend to hide data we

-# need to be obvious.

-#

-my @items = ("bn_sqr_comba4",

-	     "bn_sqr_comba8",

-	     "bn_mul_comba4",

-	     "bn_mul_comba8",

-	     "bn_sub_words",

-	     "bn_add_words",

-	     "bn_div_words",

-	     "bn_sqr_words",

-	     "bn_mul_words",

-	     "bn_mul_add_words");

-if    ($opf =~ /linux/)	{  do_linux();	}

-elsif ($opf =~ /aix/)	{  do_aix();	}

-elsif ($opf =~ /osx/)	{  do_osx();	}

-else			{  do_bsd();	}

-sub do_linux {

-    $d=&data();

-    if ($BITS==64) {

-      foreach $t (@items) {

-        $d =~ s/\.$t:/\

-\t.section\t".opd","aw"\

-\t.align\t3\

-\t.globl\t$t\

-$t:\

-\t.quad\t.$t,.TOC.\@tocbase,0\

-\t.size\t$t,24\

-\t.previous\n\

-\t.type\t.$t,\@function\

-\t.globl\t.$t\

-.$t:/g;

-      }

-    }

-    else {

-      foreach $t (@items) {

-        $d=~s/\.$t/$t/g;

-      }

-    }

-    # hide internal labels to avoid pollution of name table...

-    $d=~s/Lppcasm_/.Lppcasm_/gm;

-    print $d;

-}

-sub do_aix {

-    # AIX assembler is smart enough to please the linker without

-    # making us do something special...

-    print &data();

-}

-# MacOSX 32 bit

-sub do_osx {

-    $d=&data();

-    # Change the bn symbol prefix from '.' to '_'

-    foreach $t (@items) {

-      $d=~s/\.$t/_$t/g;

-    }

-    # Change .machine to something OS X asm will accept

-    $d=~s/\.machine.*/.text/g;

-    $d=~s/\#/;/g; # change comment from '#' to ';'

-    print $d;

-}

-# BSD (Untested)

-sub do_bsd {

-    $d=&data();

-    foreach $t (@items) {

-      $d=~s/\.$t/_$t/g;

-    }

-    print $d;

-}

-sub data {

-	local($data)=<<EOF;

-#--------------------------------------------------------------------

-#

-#

-#

-#

-#	File:		ppc32.s

-#

-#	Created by:	Suresh Chari

-#			IBM Thomas J. Watson Research Library

-#			Hawthorne, NY

-#

-#

-#	Description:	Optimized assembly routines for OpenSSL crypto

-#			on the 32 bitPowerPC platform.

-#

-#

-#	Version History

-#

-#	2. Fixed bn_add,bn_sub and bn_div_words, added comments,

-#	   cleaned up code. Also made a single version which can

-#	   be used for both the AIX and Linux compilers. See NOTE

-#	   below.

-#				12/05/03		Suresh Chari

-#			(with lots of help from)        Andy Polyakov

-##

-#	1. Initial version	10/20/02		Suresh Chari

-#

-#

-#	The following file works for the xlc,cc

-#	and gcc compilers.

-#

-#	NOTE:	To get the file to link correctly with the gcc compiler

-#	        you have to change the names of the routines and remove

-#		the first .(dot) character. This should automatically

-#		be done in the build process.

-#

-#	Hand optimized assembly code for the following routines

-#

-#	bn_sqr_comba4

-#	bn_sqr_comba8

-#	bn_mul_comba4

-#	bn_mul_comba8

-#	bn_sub_words

-#	bn_add_words

-#	bn_div_words

-#	bn_sqr_words

-#	bn_mul_words

-#	bn_mul_add_words

-#

-#	NOTE:	It is possible to optimize this code more for

-#	specific PowerPC or Power architectures. On the Northstar

-#	architecture the optimizations in this file do

-#	 NOT provide much improvement.

-#

-#	If you have comments or suggestions to improve code send

-#	me a note at schari\@us.ibm.com

-#

-#--------------------------------------------------------------------------

-#

-#	Defines to be used in the assembly code.

-#

-.set r0,0	# we use it as storage for value of 0

-.set SP,1	# preserved

-.set RTOC,2	# preserved

-.set r3,3	# 1st argument/return value

-.set r4,4	# 2nd argument/volatile register

-.set r5,5	# 3rd argument/volatile register

-.set r6,6	# ...

-.set r7,7

-.set r8,8

-.set r9,9

-.set r10,10

-.set r11,11

-.set r12,12

-.set r13,13	# not used, nor any other "below" it...

-.set BO_IF_NOT,4

-.set BO_IF,12

-.set BO_dCTR_NZERO,16

-.set BO_dCTR_ZERO,18

-.set BO_ALWAYS,20

-.set CR0_LT,0;

-.set CR0_GT,1;

-.set CR0_EQ,2

-.set CR1_FX,4;

-.set CR1_FEX,5;

-.set CR1_VX,6

-.set LR,8

-#	Declare function names to be global

-#	NOTE:	For gcc these names MUST be changed to remove

-#	        the first . i.e. for example change ".bn_sqr_comba4"

-#		to "bn_sqr_comba4". This should be automatically done

-#		in the build.

-	.globl	.bn_sqr_comba4

-	.globl	.bn_sqr_comba8

-	.globl	.bn_mul_comba4

-	.globl	.bn_mul_comba8

-	.globl	.bn_sub_words

-	.globl	.bn_add_words

-	.globl	.bn_div_words

-	.globl	.bn_sqr_words

-	.globl	.bn_mul_words

-	.globl	.bn_mul_add_words

-# .text section

-	.machine	$ISA

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_sqr_comba4" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_sqr_comba4:

-#

-# Optimized version of bn_sqr_comba4.

-#

-# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)

-# r3 contains r

-# r4 contains a

-#

-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:

-#

-# r5,r6 are the two BN_ULONGs being multiplied.

-# r7,r8 are the results of the 32x32 giving 64 bit multiply.

-# r9,r10, r11 are the equivalents of c1,c2, c3.

-# Here's the assembly

-#

-#

-	xor		r0,r0,r0		# set r0 = 0. Used in the addze

-						# instructions below

-						#sqr_add_c(a,0,c1,c2,c3)

-	$LD		r5,`0*$BNSZ`(r4)

-	$UMULL		r9,r5,r5

-	$UMULH		r10,r5,r5		#in first iteration. No need

-						#to add since c1=c2=c3=0.

-						# Note c3(r11) is NOT set to 0

-						# but will be.

-	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;

-						# sqr_add_c2(a,1,0,c2,c3,c1);

-	$LD		r6,`1*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r7,r7,r7		# compute (r7,r8)=2*(r7,r8)

-	adde		r8,r8,r8

-	addze		r9,r0			# catch carry if any.

-						# r9= r0(=0) and carry

-	addc		r10,r7,r10		# now add to temp result.

-	addze		r11,r8                  # r8 added to r11 which is 0

-	addze		r9,r9

-	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2;

-						#sqr_add_c(a,1,c3,c1,c2)

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r0

-						#sqr_add_c2(a,2,0,c3,c1,c2)

-	$LD		r6,`2*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r7,r7,r7

-	adde		r8,r8,r8

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3

-						#sqr_add_c2(a,3,0,c1,c2,c3);

-	$LD		r6,`3*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r7,r7,r7

-	adde		r8,r8,r8

-	addze		r11,r0

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-						#sqr_add_c2(a,2,1,c1,c2,c3);

-	$LD		r5,`1*$BNSZ`(r4)

-	$LD		r6,`2*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r7,r7,r7

-	adde		r8,r8,r8

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1

-						#sqr_add_c(a,2,c2,c3,c1);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r0

-						#sqr_add_c2(a,3,1,c2,c3,c1);

-	$LD		r6,`3*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r7,r7,r7

-	adde		r8,r8,r8

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2

-						#sqr_add_c2(a,3,2,c3,c1,c2);

-	$LD		r5,`2*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r7,r7,r7

-	adde		r8,r8,r8

-	addze		r10,r0

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	$ST		r11,`5*$BNSZ`(r3)	#r[5] = c3

-						#sqr_add_c(a,3,c1,c2,c3);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1

-	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_sqr_comba8" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_sqr_comba8:

-#

-# This is an optimized version of the bn_sqr_comba8 routine.

-# Tightly uses the adde instruction

-#

-#

-# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)

-# r3 contains r

-# r4 contains a

-#

-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:

-#

-# r5,r6 are the two BN_ULONGs being multiplied.

-# r7,r8 are the results of the 32x32 giving 64 bit multiply.

-# r9,r10, r11 are the equivalents of c1,c2, c3.

-#

-# Possible optimization of loading all 8 longs of a into registers

-# doesnt provide any speedup

-#

-	xor		r0,r0,r0		#set r0 = 0.Used in addze

-						#instructions below.

-						#sqr_add_c(a,0,c1,c2,c3);

-	$LD		r5,`0*$BNSZ`(r4)

-	$UMULL		r9,r5,r5		#1st iteration:	no carries.

-	$UMULH		r10,r5,r5

-	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;

-						#sqr_add_c2(a,1,0,c2,c3,c1);

-	$LD		r6,`1*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10		#add the two register number

-	adde		r11,r8,r0 		# (r8,r7) to the three register

-	addze		r9,r0			# number (r9,r11,r10).NOTE:r0=0

-	addc		r10,r7,r10		#add the two register number

-	adde		r11,r8,r11 		# (r8,r7) to the three register

-	addze		r9,r9			# number (r9,r11,r10).

-	$ST		r10,`1*$BNSZ`(r3)	# r[1]=c2

-						#sqr_add_c(a,1,c3,c1,c2);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r0

-						#sqr_add_c2(a,2,0,c3,c1,c2);

-	$LD		r6,`2*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3

-						#sqr_add_c2(a,3,0,c1,c2,c3);

-	$LD		r6,`3*$BNSZ`(r4)	#r6 = a[3]. r5 is already a[0].

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r0

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-						#sqr_add_c2(a,2,1,c1,c2,c3);

-	$LD		r5,`1*$BNSZ`(r4)

-	$LD		r6,`2*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1;

-						#sqr_add_c(a,2,c2,c3,c1);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r0

-						#sqr_add_c2(a,3,1,c2,c3,c1);

-	$LD		r6,`3*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-						#sqr_add_c2(a,4,0,c2,c3,c1);

-	$LD		r5,`0*$BNSZ`(r4)

-	$LD		r6,`4*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2;

-						#sqr_add_c2(a,5,0,c3,c1,c2);

-	$LD		r6,`5*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r0

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-						#sqr_add_c2(a,4,1,c3,c1,c2);

-	$LD		r5,`1*$BNSZ`(r4)

-	$LD		r6,`4*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-						#sqr_add_c2(a,3,2,c3,c1,c2);

-	$LD		r5,`2*$BNSZ`(r4)

-	$LD		r6,`3*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	$ST		r11,`5*$BNSZ`(r3)	#r[5]=c3;

-						#sqr_add_c(a,3,c1,c2,c3);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r0

-						#sqr_add_c2(a,4,2,c1,c2,c3);

-	$LD		r6,`4*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-						#sqr_add_c2(a,5,1,c1,c2,c3);

-	$LD		r5,`1*$BNSZ`(r4)

-	$LD		r6,`5*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-						#sqr_add_c2(a,6,0,c1,c2,c3);

-	$LD		r5,`0*$BNSZ`(r4)

-	$LD		r6,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1;

-						#sqr_add_c2(a,7,0,c2,c3,c1);

-	$LD		r6,`7*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r0

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-						#sqr_add_c2(a,6,1,c2,c3,c1);

-	$LD		r5,`1*$BNSZ`(r4)

-	$LD		r6,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-						#sqr_add_c2(a,5,2,c2,c3,c1);

-	$LD		r5,`2*$BNSZ`(r4)

-	$LD		r6,`5*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-						#sqr_add_c2(a,4,3,c2,c3,c1);

-	$LD		r5,`3*$BNSZ`(r4)

-	$LD		r6,`4*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2;

-						#sqr_add_c(a,4,c3,c1,c2);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r0

-						#sqr_add_c2(a,5,3,c3,c1,c2);

-	$LD		r6,`5*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-						#sqr_add_c2(a,6,2,c3,c1,c2);

-	$LD		r5,`2*$BNSZ`(r4)

-	$LD		r6,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-						#sqr_add_c2(a,7,1,c3,c1,c2);

-	$LD		r5,`1*$BNSZ`(r4)

-	$LD		r6,`7*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	$ST		r11,`8*$BNSZ`(r3)	#r[8]=c3;

-						#sqr_add_c2(a,7,2,c1,c2,c3);

-	$LD		r5,`2*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r0

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-						#sqr_add_c2(a,6,3,c1,c2,c3);

-	$LD		r5,`3*$BNSZ`(r4)

-	$LD		r6,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-						#sqr_add_c2(a,5,4,c1,c2,c3);

-	$LD		r5,`4*$BNSZ`(r4)

-	$LD		r6,`5*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	$ST		r9,`9*$BNSZ`(r3)	#r[9]=c1;

-						#sqr_add_c(a,5,c2,c3,c1);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r0

-						#sqr_add_c2(a,6,4,c2,c3,c1);

-	$LD		r6,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-						#sqr_add_c2(a,7,3,c2,c3,c1);

-	$LD		r5,`3*$BNSZ`(r4)

-	$LD		r6,`7*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	$ST		r10,`10*$BNSZ`(r3)	#r[10]=c2;

-						#sqr_add_c2(a,7,4,c3,c1,c2);

-	$LD		r5,`4*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r0

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-						#sqr_add_c2(a,6,5,c3,c1,c2);

-	$LD		r5,`5*$BNSZ`(r4)

-	$LD		r6,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	addze		r10,r10

-	$ST		r11,`11*$BNSZ`(r3)	#r[11]=c3;

-						#sqr_add_c(a,6,c1,c2,c3);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r0

-						#sqr_add_c2(a,7,5,c1,c2,c3)

-	$LD		r6,`7*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	addc		r9,r7,r9

-	adde		r10,r8,r10

-	addze		r11,r11

-	$ST		r9,`12*$BNSZ`(r3)	#r[12]=c1;

-						#sqr_add_c2(a,7,6,c2,c3,c1)

-	$LD		r5,`6*$BNSZ`(r4)

-	$UMULL		r7,r5,r6

-	$UMULH		r8,r5,r6

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r0

-	addc		r10,r7,r10

-	adde		r11,r8,r11

-	addze		r9,r9

-	$ST		r10,`13*$BNSZ`(r3)	#r[13]=c2;

-						#sqr_add_c(a,7,c3,c1,c2);

-	$UMULL		r7,r6,r6

-	$UMULH		r8,r6,r6

-	addc		r11,r7,r11

-	adde		r9,r8,r9

-	$ST		r11,`14*$BNSZ`(r3)	#r[14]=c3;

-	$ST		r9, `15*$BNSZ`(r3)	#r[15]=c1;

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_mul_comba4" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_mul_comba4:

-#

-# This is an optimized version of the bn_mul_comba4 routine.

-#

-# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-# r3 contains r

-# r4 contains a

-# r5 contains b

-# r6, r7 are the 2 BN_ULONGs being multiplied.

-# r8, r9 are the results of the 32x32 giving 64 multiply.

-# r10, r11, r12 are the equivalents of c1, c2, and c3.

-#

-	xor	r0,r0,r0		#r0=0. Used in addze below.

-					#mul_add_c(a[0],b[0],c1,c2,c3);

-	$LD	r6,`0*$BNSZ`(r4)

-	$LD	r7,`0*$BNSZ`(r5)

-	$UMULL	r10,r6,r7

-	$UMULH	r11,r6,r7

-	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1

-					#mul_add_c(a[0],b[1],c2,c3,c1);

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r8,r11

-	adde	r12,r9,r0

-	addze	r10,r0

-					#mul_add_c(a[1],b[0],c2,c3,c1);

-	$LD	r6, `1*$BNSZ`(r4)

-	$LD	r7, `0*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r8,r11

-	adde	r12,r9,r12

-	addze	r10,r10

-	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2

-					#mul_add_c(a[2],b[0],c3,c1,c2);

-	$LD	r6,`2*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r8,r12

-	adde	r10,r9,r10

-	addze	r11,r0

-					#mul_add_c(a[1],b[1],c3,c1,c2);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r8,r12

-	adde	r10,r9,r10

-	addze	r11,r11

-					#mul_add_c(a[0],b[2],c3,c1,c2);

-	$LD	r6,`0*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r8,r12

-	adde	r10,r9,r10

-	addze	r11,r11

-	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3

-					#mul_add_c(a[0],b[3],c1,c2,c3);

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r8,r10

-	adde	r11,r9,r11

-	addze	r12,r0

-					#mul_add_c(a[1],b[2],c1,c2,c3);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r8,r10

-	adde	r11,r9,r11

-	addze	r12,r12

-					#mul_add_c(a[2],b[1],c1,c2,c3);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r8,r10

-	adde	r11,r9,r11

-	addze	r12,r12

-					#mul_add_c(a[3],b[0],c1,c2,c3);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`0*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r8,r10

-	adde	r11,r9,r11

-	addze	r12,r12

-	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1

-					#mul_add_c(a[3],b[1],c2,c3,c1);

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r8,r11

-	adde	r12,r9,r12

-	addze	r10,r0

-					#mul_add_c(a[2],b[2],c2,c3,c1);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r8,r11

-	adde	r12,r9,r12

-	addze	r10,r10

-					#mul_add_c(a[1],b[3],c2,c3,c1);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r8,r11

-	adde	r12,r9,r12

-	addze	r10,r10

-	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2

-					#mul_add_c(a[2],b[3],c3,c1,c2);

-	$LD	r6,`2*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r8,r12

-	adde	r10,r9,r10

-	addze	r11,r0

-					#mul_add_c(a[3],b[2],c3,c1,c2);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r8,r12

-	adde	r10,r9,r10

-	addze	r11,r11

-	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3

-					#mul_add_c(a[3],b[3],c1,c2,c3);

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r8,r10

-	adde	r11,r9,r11

-	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1

-	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_mul_comba8" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_mul_comba8:

-#

-# Optimized version of the bn_mul_comba8 routine.

-#

-# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-# r3 contains r

-# r4 contains a

-# r5 contains b

-# r6, r7 are the 2 BN_ULONGs being multiplied.

-# r8, r9 are the results of the 32x32 giving 64 multiply.

-# r10, r11, r12 are the equivalents of c1, c2, and c3.

-#

-	xor	r0,r0,r0		#r0=0. Used in addze below.

-					#mul_add_c(a[0],b[0],c1,c2,c3);

-	$LD	r6,`0*$BNSZ`(r4)	#a[0]

-	$LD	r7,`0*$BNSZ`(r5)	#b[0]

-	$UMULL	r10,r6,r7

-	$UMULH	r11,r6,r7

-	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1;

-					#mul_add_c(a[0],b[1],c2,c3,c1);

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	addze	r12,r9			# since we didnt set r12 to zero before.

-	addze	r10,r0

-					#mul_add_c(a[1],b[0],c2,c3,c1);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`0*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2;

-					#mul_add_c(a[2],b[0],c3,c1,c2);

-	$LD	r6,`2*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r0

-					#mul_add_c(a[1],b[1],c3,c1,c2);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[0],b[2],c3,c1,c2);

-	$LD	r6,`0*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3;

-					#mul_add_c(a[0],b[3],c1,c2,c3);

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r0

-					#mul_add_c(a[1],b[2],c1,c2,c3);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[2],b[1],c1,c2,c3);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[3],b[0],c1,c2,c3);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`0*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1;

-					#mul_add_c(a[4],b[0],c2,c3,c1);

-	$LD	r6,`4*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r0

-					#mul_add_c(a[3],b[1],c2,c3,c1);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[2],b[2],c2,c3,c1);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[1],b[3],c2,c3,c1);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[0],b[4],c2,c3,c1);

-	$LD	r6,`0*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2;

-					#mul_add_c(a[0],b[5],c3,c1,c2);

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r0

-					#mul_add_c(a[1],b[4],c3,c1,c2);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[2],b[3],c3,c1,c2);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[3],b[2],c3,c1,c2);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[4],b[1],c3,c1,c2);

-	$LD	r6,`4*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[5],b[0],c3,c1,c2);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`0*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3;

-					#mul_add_c(a[6],b[0],c1,c2,c3);

-	$LD	r6,`6*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r0

-					#mul_add_c(a[5],b[1],c1,c2,c3);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[4],b[2],c1,c2,c3);

-	$LD	r6,`4*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[3],b[3],c1,c2,c3);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[2],b[4],c1,c2,c3);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[1],b[5],c1,c2,c3);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[0],b[6],c1,c2,c3);

-	$LD	r6,`0*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1;

-					#mul_add_c(a[0],b[7],c2,c3,c1);

-	$LD	r7,`7*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r0

-					#mul_add_c(a[1],b[6],c2,c3,c1);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[2],b[5],c2,c3,c1);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[3],b[4],c2,c3,c1);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[4],b[3],c2,c3,c1);

-	$LD	r6,`4*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[5],b[2],c2,c3,c1);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[6],b[1],c2,c3,c1);

-	$LD	r6,`6*$BNSZ`(r4)

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[7],b[0],c2,c3,c1);

-	$LD	r6,`7*$BNSZ`(r4)

-	$LD	r7,`0*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2;

-					#mul_add_c(a[7],b[1],c3,c1,c2);

-	$LD	r7,`1*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r0

-					#mul_add_c(a[6],b[2],c3,c1,c2);

-	$LD	r6,`6*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[5],b[3],c3,c1,c2);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[4],b[4],c3,c1,c2);

-	$LD	r6,`4*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[3],b[5],c3,c1,c2);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[2],b[6],c3,c1,c2);

-	$LD	r6,`2*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[1],b[7],c3,c1,c2);

-	$LD	r6,`1*$BNSZ`(r4)

-	$LD	r7,`7*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-	$ST	r12,`8*$BNSZ`(r3)	#r[8]=c3;

-					#mul_add_c(a[2],b[7],c1,c2,c3);

-	$LD	r6,`2*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r0

-					#mul_add_c(a[3],b[6],c1,c2,c3);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[4],b[5],c1,c2,c3);

-	$LD	r6,`4*$BNSZ`(r4)

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[5],b[4],c1,c2,c3);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[6],b[3],c1,c2,c3);

-	$LD	r6,`6*$BNSZ`(r4)

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[7],b[2],c1,c2,c3);

-	$LD	r6,`7*$BNSZ`(r4)

-	$LD	r7,`2*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-	$ST	r10,`9*$BNSZ`(r3)	#r[9]=c1;

-					#mul_add_c(a[7],b[3],c2,c3,c1);

-	$LD	r7,`3*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r0

-					#mul_add_c(a[6],b[4],c2,c3,c1);

-	$LD	r6,`6*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[5],b[5],c2,c3,c1);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[4],b[6],c2,c3,c1);

-	$LD	r6,`4*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-					#mul_add_c(a[3],b[7],c2,c3,c1);

-	$LD	r6,`3*$BNSZ`(r4)

-	$LD	r7,`7*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-	$ST	r11,`10*$BNSZ`(r3)	#r[10]=c2;

-					#mul_add_c(a[4],b[7],c3,c1,c2);

-	$LD	r6,`4*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r0

-					#mul_add_c(a[5],b[6],c3,c1,c2);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[6],b[5],c3,c1,c2);

-	$LD	r6,`6*$BNSZ`(r4)

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-					#mul_add_c(a[7],b[4],c3,c1,c2);

-	$LD	r6,`7*$BNSZ`(r4)

-	$LD	r7,`4*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	addze	r11,r11

-	$ST	r12,`11*$BNSZ`(r3)	#r[11]=c3;

-					#mul_add_c(a[7],b[5],c1,c2,c3);

-	$LD	r7,`5*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r0

-					#mul_add_c(a[6],b[6],c1,c2,c3);

-	$LD	r6,`6*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-					#mul_add_c(a[5],b[7],c1,c2,c3);

-	$LD	r6,`5*$BNSZ`(r4)

-	$LD	r7,`7*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r10,r10,r8

-	adde	r11,r11,r9

-	addze	r12,r12

-	$ST	r10,`12*$BNSZ`(r3)	#r[12]=c1;

-					#mul_add_c(a[6],b[7],c2,c3,c1);

-	$LD	r6,`6*$BNSZ`(r4)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r0

-					#mul_add_c(a[7],b[6],c2,c3,c1);

-	$LD	r6,`7*$BNSZ`(r4)

-	$LD	r7,`6*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r11,r11,r8

-	adde	r12,r12,r9

-	addze	r10,r10

-	$ST	r11,`13*$BNSZ`(r3)	#r[13]=c2;

-					#mul_add_c(a[7],b[7],c3,c1,c2);

-	$LD	r7,`7*$BNSZ`(r5)

-	$UMULL	r8,r6,r7

-	$UMULH	r9,r6,r7

-	addc	r12,r12,r8

-	adde	r10,r10,r9

-	$ST	r12,`14*$BNSZ`(r3)	#r[14]=c3;

-	$ST	r10,`15*$BNSZ`(r3)	#r[15]=c1;

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_sub_words" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-#

-.align	4

-.bn_sub_words:

-#

-#	Handcoded version of bn_sub_words

-#

-#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-#

-#	r3 = r

-#	r4 = a

-#	r5 = b

-#	r6 = n

-#

-#       Note:	No loop unrolling done since this is not a performance

-#               critical loop.

-	xor	r0,r0,r0	#set r0 = 0

-#

-#	check for r6 = 0 AND set carry bit.

-#

-	subfc.	r7,r0,r6        # If r6 is 0 then result is 0.

-				# if r6 > 0 then result !=0

-				# In either case carry bit is set.

-	bc	BO_IF,CR0_EQ,Lppcasm_sub_adios

-	addi	r4,r4,-$BNSZ

-	addi	r3,r3,-$BNSZ

-	addi	r5,r5,-$BNSZ

-	mtctr	r6

-Lppcasm_sub_mainloop:

-	$LDU	r7,$BNSZ(r4)

-	$LDU	r8,$BNSZ(r5)

-	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)

-				# if carry = 1 this is r7-r8. Else it

-				# is r7-r8 -1 as we need.

-	$STU	r6,$BNSZ(r3)

-	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop

-Lppcasm_sub_adios:

-	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1

-	andi.	r3,r3,1         # keep only last bit.

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_add_words" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_add_words:

-#

-#	Handcoded version of bn_add_words

-#

-#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-#

-#	r3 = r

-#	r4 = a

-#	r5 = b

-#	r6 = n

-#

-#       Note:	No loop unrolling done since this is not a performance

-#               critical loop.

-	xor	r0,r0,r0

-#

-#	check for r6 = 0. Is this needed?

-#

-	addic.	r6,r6,0		#test r6 and clear carry bit.

-	bc	BO_IF,CR0_EQ,Lppcasm_add_adios

-	addi	r4,r4,-$BNSZ

-	addi	r3,r3,-$BNSZ

-	addi	r5,r5,-$BNSZ

-	mtctr	r6

-Lppcasm_add_mainloop:

-	$LDU	r7,$BNSZ(r4)

-	$LDU	r8,$BNSZ(r5)

-	adde	r8,r7,r8

-	$STU	r8,$BNSZ(r3)

-	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop

-Lppcasm_add_adios:

-	addze	r3,r0			#return carry bit.

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_div_words" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_div_words:

-#

-#	This is a cleaned up version of code generated by

-#	the AIX compiler. The only optimization is to use

-#	the PPC instruction to count leading zeros instead

-#	of call to num_bits_word. Since this was compiled

-#	only at level -O2 we can possibly squeeze it more?

-#

-#	r3 = h

-#	r4 = l

-#	r5 = d

-	$UCMPI	0,r5,0			# compare r5 and 0

-	bc	BO_IF_NOT,CR0_EQ,Lppcasm_div1	# proceed if d!=0

-	li	r3,-1			# d=0 return -1

-	bclr	BO_ALWAYS,CR0_LT

-Lppcasm_div1:

-	xor	r0,r0,r0		#r0=0

-	li	r8,$BITS

-	$CNTLZ.	r7,r5			#r7 = num leading 0s in d.

-	bc	BO_IF,CR0_EQ,Lppcasm_div2	#proceed if no leading zeros

-	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)

-	$SHR.	r9,r3,r8		#are there any bits above r8'th?

-	$TR	16,r9,r0		#if there're, signal to dump core...

-Lppcasm_div2:

-	$UCMP	0,r3,r5			#h>=d?

-	bc	BO_IF,CR0_LT,Lppcasm_div3	#goto Lppcasm_div3 if not

-	subf	r3,r5,r3		#h-=d ;

-Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i

-	cmpi	0,0,r7,0		# is (i == 0)?

-	bc	BO_IF,CR0_EQ,Lppcasm_div4

-	$SHL	r3,r3,r7		# h = (h<< i)

-	$SHR	r8,r4,r8		# r8 = (l >> BN_BITS2 -i)

-	$SHL	r5,r5,r7		# d<<=i

-	or	r3,r3,r8		# h = (h<<i)|(l>>(BN_BITS2-i))

-	$SHL	r4,r4,r7		# l <<=i

-Lppcasm_div4:

-	$SHRI	r9,r5,`$BITS/2`		# r9 = dh

-					# dl will be computed when needed

-					# as it saves registers.

-	li	r6,2			#r6=2

-	mtctr	r6			#counter will be in count.

-Lppcasm_divouterloop:

-	$SHRI	r8,r3,`$BITS/2`		#r8 = (h>>BN_BITS4)

-	$SHRI	r11,r4,`$BITS/2`	#r11= (l&BN_MASK2h)>>BN_BITS4

-					# compute here for innerloop.

-	$UCMP	0,r8,r9			# is (h>>BN_BITS4)==dh

-	bc	BO_IF_NOT,CR0_EQ,Lppcasm_div5	# goto Lppcasm_div5 if not

-	li	r8,-1

-	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l

-	b	Lppcasm_div6

-Lppcasm_div5:

-	$UDIV	r8,r3,r9		#q = h/dh

-Lppcasm_div6:

-	$UMULL	r12,r9,r8		#th = q*dh

-	$CLRU	r10,r5,`$BITS/2`	#r10=dl

-	$UMULL	r6,r8,r10		#tl = q*dl

-Lppcasm_divinnerloop:

-	subf	r10,r12,r3		#t = h -th

-	$SHRI	r7,r10,`$BITS/2`	#r7= (t &BN_MASK2H), sort of...

-	addic.	r7,r7,0			#test if r7 == 0. used below.

-					# now want to compute

-					# r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)

-					# the following 2 instructions do that

-	$SHLI	r7,r10,`$BITS/2`	# r7 = (t<<BN_BITS4)

-	or	r7,r7,r11		# r7|=((l&BN_MASK2h)>>BN_BITS4)

-	$UCMP	1,r6,r7			# compare (tl <= r7)

-	bc	BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit

-	bc	BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit

-	addi	r8,r8,-1		#q--

-	subf	r12,r9,r12		#th -=dh

-	$CLRU	r10,r5,`$BITS/2`	#r10=dl. t is no longer needed in loop.

-	subf	r6,r10,r6		#tl -=dl

-	b	Lppcasm_divinnerloop

-Lppcasm_divinnerexit:

-	$SHRI	r10,r6,`$BITS/2`	#t=(tl>>BN_BITS4)

-	$SHLI	r11,r6,`$BITS/2`	#tl=(tl<<BN_BITS4)&BN_MASK2h;

-	$UCMP	1,r4,r11		# compare l and tl

-	add	r12,r12,r10		# th+=t

-	bc	BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7

-	addi	r12,r12,1		# th++

-Lppcasm_div7:

-	subf	r11,r11,r4		#r11=l-tl

-	$UCMP	1,r3,r12		#compare h and th

-	bc	BO_IF_NOT,CR1_FX,Lppcasm_div8	#if (h>=th) goto Lppcasm_div8

-	addi	r8,r8,-1		# q--

-	add	r3,r5,r3		# h+=d

-Lppcasm_div8:

-	subf	r12,r12,r3		#r12 = h-th

-	$SHLI	r4,r11,`$BITS/2`	#l=(l&BN_MASK2l)<<BN_BITS4

-					# want to compute

-					# h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2

-					# the following 2 instructions will do this.

-	$INSR	r11,r12,`$BITS/2`,`$BITS/2`	# r11 is the value we want rotated $BITS/2.

-	$ROTL	r3,r11,`$BITS/2`	# rotate by $BITS/2 and store in r3

-	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;

-	$SHLI	r0,r8,`$BITS/2`		#ret =q<<BN_BITS4

-	b	Lppcasm_divouterloop

-Lppcasm_div9:

-	or	r3,r8,r0

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_sqr_words" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_sqr_words:

-#

-#	Optimized version of bn_sqr_words

-#

-#	void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)

-#

-#	r3 = r

-#	r4 = a

-#	r5 = n

-#

-#	r6 = a[i].

-#	r7,r8 = product.

-#

-#	No unrolling done here. Not performance critical.

-	addic.	r5,r5,0			#test r5.

-	bc	BO_IF,CR0_EQ,Lppcasm_sqr_adios

-	addi	r4,r4,-$BNSZ

-	addi	r3,r3,-$BNSZ

-	mtctr	r5

-Lppcasm_sqr_mainloop:

-					#sqr(r[0],r[1],a[0]);

-	$LDU	r6,$BNSZ(r4)

-	$UMULL	r7,r6,r6

-	$UMULH  r8,r6,r6

-	$STU	r7,$BNSZ(r3)

-	$STU	r8,$BNSZ(r3)

-	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop

-Lppcasm_sqr_adios:

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_mul_words" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_mul_words:

-#

-# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-#

-# r3 = rp

-# r4 = ap

-# r5 = num

-# r6 = w

-	xor	r0,r0,r0

-	xor	r12,r12,r12		# used for carry

-	rlwinm.	r7,r5,30,2,31		# num >> 2

-	bc	BO_IF,CR0_EQ,Lppcasm_mw_REM

-	mtctr	r7

-Lppcasm_mw_LOOP:

-					#mul(rp[0],ap[0],w,c1);

-	$LD	r8,`0*$BNSZ`(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	addc	r9,r9,r12

-	#addze	r10,r10			#carry is NOT ignored.

-					#will be taken care of

-					#in second spin below

-					#using adde.

-	$ST	r9,`0*$BNSZ`(r3)

-					#mul(rp[1],ap[1],w,c1);

-	$LD	r8,`1*$BNSZ`(r4)

-	$UMULL	r11,r6,r8

-	$UMULH  r12,r6,r8

-	adde	r11,r11,r10

-	#addze	r12,r12

-	$ST	r11,`1*$BNSZ`(r3)

-					#mul(rp[2],ap[2],w,c1);

-	$LD	r8,`2*$BNSZ`(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	adde	r9,r9,r12

-	#addze	r10,r10

-	$ST	r9,`2*$BNSZ`(r3)

-					#mul_add(rp[3],ap[3],w,c1);

-	$LD	r8,`3*$BNSZ`(r4)

-	$UMULL	r11,r6,r8

-	$UMULH  r12,r6,r8

-	adde	r11,r11,r10

-	addze	r12,r12			#this spin we collect carry into

-					#r12

-	$ST	r11,`3*$BNSZ`(r3)

-	addi	r3,r3,`4*$BNSZ`

-	addi	r4,r4,`4*$BNSZ`

-	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP

-Lppcasm_mw_REM:

-	andi.	r5,r5,0x3

-	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER

-					#mul(rp[0],ap[0],w,c1);

-	$LD	r8,`0*$BNSZ`(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	addc	r9,r9,r12

-	addze	r10,r10

-	$ST	r9,`0*$BNSZ`(r3)

-	addi	r12,r10,0

-	addi	r5,r5,-1

-	cmpli	0,0,r5,0

-	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER

-					#mul(rp[1],ap[1],w,c1);

-	$LD	r8,`1*$BNSZ`(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	addc	r9,r9,r12

-	addze	r10,r10

-	$ST	r9,`1*$BNSZ`(r3)

-	addi	r12,r10,0

-	addi	r5,r5,-1

-	cmpli	0,0,r5,0

-	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER

-					#mul_add(rp[2],ap[2],w,c1);

-	$LD	r8,`2*$BNSZ`(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	addc	r9,r9,r12

-	addze	r10,r10

-	$ST	r9,`2*$BNSZ`(r3)

-	addi	r12,r10,0

-Lppcasm_mw_OVER:

-	addi	r3,r12,0

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-#

-#	NOTE:	The following label name should be changed to

-#		"bn_mul_add_words" i.e. remove the first dot

-#		for the gcc compiler. This should be automatically

-#		done in the build

-#

-.align	4

-.bn_mul_add_words:

-#

-# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-#

-# r3 = rp

-# r4 = ap

-# r5 = num

-# r6 = w

-#

-# empirical evidence suggests that unrolled version performs best!!

-#

-	xor	r0,r0,r0		#r0 = 0

-	xor	r12,r12,r12  		#r12 = 0 . used for carry

-	rlwinm.	r7,r5,30,2,31		# num >> 2

-	bc	BO_IF,CR0_EQ,Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover

-	mtctr	r7

-Lppcasm_maw_mainloop:

-					#mul_add(rp[0],ap[0],w,c1);

-	$LD	r8,`0*$BNSZ`(r4)

-	$LD	r11,`0*$BNSZ`(r3)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	addc	r9,r9,r12		#r12 is carry.

-	addze	r10,r10

-	addc	r9,r9,r11

-	#addze	r10,r10

-					#the above instruction addze

-					#is NOT needed. Carry will NOT

-					#be ignored. It's not affected

-					#by multiply and will be collected

-					#in the next spin

-	$ST	r9,`0*$BNSZ`(r3)

-					#mul_add(rp[1],ap[1],w,c1);

-	$LD	r8,`1*$BNSZ`(r4)

-	$LD	r9,`1*$BNSZ`(r3)

-	$UMULL	r11,r6,r8

-	$UMULH  r12,r6,r8

-	adde	r11,r11,r10		#r10 is carry.

-	addze	r12,r12

-	addc	r11,r11,r9

-	#addze	r12,r12

-	$ST	r11,`1*$BNSZ`(r3)

-					#mul_add(rp[2],ap[2],w,c1);

-	$LD	r8,`2*$BNSZ`(r4)

-	$UMULL	r9,r6,r8

-	$LD	r11,`2*$BNSZ`(r3)

-	$UMULH  r10,r6,r8

-	adde	r9,r9,r12

-	addze	r10,r10

-	addc	r9,r9,r11

-	#addze	r10,r10

-	$ST	r9,`2*$BNSZ`(r3)

-					#mul_add(rp[3],ap[3],w,c1);

-	$LD	r8,`3*$BNSZ`(r4)

-	$UMULL	r11,r6,r8

-	$LD	r9,`3*$BNSZ`(r3)

-	$UMULH  r12,r6,r8

-	adde	r11,r11,r10

-	addze	r12,r12

-	addc	r11,r11,r9

-	addze	r12,r12

-	$ST	r11,`3*$BNSZ`(r3)

-	addi	r3,r3,`4*$BNSZ`

-	addi	r4,r4,`4*$BNSZ`

-	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop

-Lppcasm_maw_leftover:

-	andi.	r5,r5,0x3

-	bc	BO_IF,CR0_EQ,Lppcasm_maw_adios

-	addi	r3,r3,-$BNSZ

-	addi	r4,r4,-$BNSZ

-					#mul_add(rp[0],ap[0],w,c1);

-	mtctr	r5

-	$LDU	r8,$BNSZ(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	$LDU	r11,$BNSZ(r3)

-	addc	r9,r9,r11

-	addze	r10,r10

-	addc	r9,r9,r12

-	addze	r12,r10

-	$ST	r9,0(r3)

-	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios

-					#mul_add(rp[1],ap[1],w,c1);

-	$LDU	r8,$BNSZ(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	$LDU	r11,$BNSZ(r3)

-	addc	r9,r9,r11

-	addze	r10,r10

-	addc	r9,r9,r12

-	addze	r12,r10

-	$ST	r9,0(r3)

-	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios

-					#mul_add(rp[2],ap[2],w,c1);

-	$LDU	r8,$BNSZ(r4)

-	$UMULL	r9,r6,r8

-	$UMULH  r10,r6,r8

-	$LDU	r11,$BNSZ(r3)

-	addc	r9,r9,r11

-	addze	r10,r10

-	addc	r9,r9,r12

-	addze	r12,r10

-	$ST	r9,0(r3)

-Lppcasm_maw_adios:

-	addi	r3,r12,0

-	bclr	BO_ALWAYS,CR0_LT

-	.long	0x00000000

-	.align	4

-EOF

-	$data =~ s/\`([^\`]*)\`/eval $1/gem;

-	# if some assembler chokes on some simplified mnemonic,

-	# this is the spot to fix it up, e.g.:

-	# GNU as doesn't seem to accept cmplw, 32-bit unsigned compare

-	$data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;

-	# assembler X doesn't accept li, load immediate value

-	#$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;

-	return($data);

-}

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/sparcv8.S

+++ /dev/null

@@ -1,1458 +1,0 @@

-.ident	"sparcv8.s, Version 1.4"

-.ident	"SPARC v8 ISA artwork by Andy Polyakov <[email protected]>"

-/*

- * ====================================================================

- * Written by Andy Polyakov <[email protected]> for the OpenSSL

- * project.

- *

- * Rights for redistribution and usage in source and binary forms are

- * granted according to the OpenSSL license. Warranty of any kind is

- * disclaimed.

- * ====================================================================

- */

-/*

- * This is my modest contributon to OpenSSL project (see

- * http://www.openssl.org/ for more information about it) and is

- * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c

- * module. For updates see http://fy.chalmers.se/~appro/hpe/.

- *

- * See bn_asm.sparc.v8plus.S for more details.

- */

-/*

- * Revision history.

- *

- * 1.1	- new loop unrolling model(*);

- * 1.2	- made gas friendly;

- * 1.3	- fixed problem with /usr/ccs/lib/cpp;

- * 1.4	- some retunes;

- *

- * (*)	see bn_asm.sparc.v8plus.S for details

- */

-.section	".text",#alloc,#execinstr

-.file		"bn_asm.sparc.v8.S"

-.align	32

-.global bn_mul_add_words

-/*

- * BN_ULONG bn_mul_add_words(rp,ap,num,w)

- * BN_ULONG *rp,*ap;

- * int num;

- * BN_ULONG w;

- */

-bn_mul_add_words:

-	cmp	%o2,0

-	bg,a	.L_bn_mul_add_words_proceed

-	ld	[%o1],%g2

-	retl

-	clr	%o0

-.L_bn_mul_add_words_proceed:

-	andcc	%o2,-4,%g0

-	bz	.L_bn_mul_add_words_tail

-	clr	%o5

-.L_bn_mul_add_words_loop:

-	ld	[%o0],%o4

-	ld	[%o1+4],%g3

-	umul	%o3,%g2,%g2

-	rd	%y,%g1

-	addcc	%o4,%o5,%o4

-	addx	%g1,0,%g1

-	addcc	%o4,%g2,%o4

-	st	%o4,[%o0]

-	addx	%g1,0,%o5

-	ld	[%o0+4],%o4

-	ld	[%o1+8],%g2

-	umul	%o3,%g3,%g3

-	dec	4,%o2

-	rd	%y,%g1

-	addcc	%o4,%o5,%o4

-	addx	%g1,0,%g1

-	addcc	%o4,%g3,%o4

-	st	%o4,[%o0+4]

-	addx	%g1,0,%o5

-	ld	[%o0+8],%o4

-	ld	[%o1+12],%g3

-	umul	%o3,%g2,%g2

-	inc	16,%o1

-	rd	%y,%g1

-	addcc	%o4,%o5,%o4

-	addx	%g1,0,%g1

-	addcc	%o4,%g2,%o4

-	st	%o4,[%o0+8]

-	addx	%g1,0,%o5

-	ld	[%o0+12],%o4

-	umul	%o3,%g3,%g3

-	inc	16,%o0

-	rd	%y,%g1

-	addcc	%o4,%o5,%o4

-	addx	%g1,0,%g1

-	addcc	%o4,%g3,%o4

-	st	%o4,[%o0-4]

-	addx	%g1,0,%o5

-	andcc	%o2,-4,%g0

-	bnz,a	.L_bn_mul_add_words_loop

-	ld	[%o1],%g2

-	tst	%o2

-	bnz,a	.L_bn_mul_add_words_tail

-	ld	[%o1],%g2

-.L_bn_mul_add_words_return:

-	retl

-	mov	%o5,%o0

-	nop

-.L_bn_mul_add_words_tail:

-	ld	[%o0],%o4

-	umul	%o3,%g2,%g2

-	addcc	%o4,%o5,%o4

-	rd	%y,%g1

-	addx	%g1,0,%g1

-	addcc	%o4,%g2,%o4

-	addx	%g1,0,%o5

-	deccc	%o2

-	bz	.L_bn_mul_add_words_return

-	st	%o4,[%o0]

-	ld	[%o1+4],%g2

-	ld	[%o0+4],%o4

-	umul	%o3,%g2,%g2

-	rd	%y,%g1

-	addcc	%o4,%o5,%o4

-	addx	%g1,0,%g1

-	addcc	%o4,%g2,%o4

-	addx	%g1,0,%o5

-	deccc	%o2

-	bz	.L_bn_mul_add_words_return

-	st	%o4,[%o0+4]

-	ld	[%o1+8],%g2

-	ld	[%o0+8],%o4

-	umul	%o3,%g2,%g2

-	rd	%y,%g1

-	addcc	%o4,%o5,%o4

-	addx	%g1,0,%g1

-	addcc	%o4,%g2,%o4

-	st	%o4,[%o0+8]

-	retl

-	addx	%g1,0,%o0

-.type	bn_mul_add_words,#function

-.size	bn_mul_add_words,(.-bn_mul_add_words)

-.align	32

-.global bn_mul_words

-/*

- * BN_ULONG bn_mul_words(rp,ap,num,w)

- * BN_ULONG *rp,*ap;

- * int num;

- * BN_ULONG w;

- */

-bn_mul_words:

-	cmp	%o2,0

-	bg,a	.L_bn_mul_words_proceeed

-	ld	[%o1],%g2

-	retl

-	clr	%o0

-.L_bn_mul_words_proceeed:

-	andcc	%o2,-4,%g0

-	bz	.L_bn_mul_words_tail

-	clr	%o5

-.L_bn_mul_words_loop:

-	ld	[%o1+4],%g3

-	umul	%o3,%g2,%g2

-	addcc	%g2,%o5,%g2

-	rd	%y,%g1

-	addx	%g1,0,%o5

-	st	%g2,[%o0]

-	ld	[%o1+8],%g2

-	umul	%o3,%g3,%g3

-	addcc	%g3,%o5,%g3

-	rd	%y,%g1

-	dec	4,%o2

-	addx	%g1,0,%o5

-	st	%g3,[%o0+4]

-	ld	[%o1+12],%g3

-	umul	%o3,%g2,%g2

-	addcc	%g2,%o5,%g2

-	rd	%y,%g1

-	inc	16,%o1

-	st	%g2,[%o0+8]

-	addx	%g1,0,%o5

-	umul	%o3,%g3,%g3

-	addcc	%g3,%o5,%g3

-	rd	%y,%g1

-	inc	16,%o0

-	addx	%g1,0,%o5

-	st	%g3,[%o0-4]

-	andcc	%o2,-4,%g0

-	nop

-	bnz,a	.L_bn_mul_words_loop

-	ld	[%o1],%g2

-	tst	%o2

-	bnz,a	.L_bn_mul_words_tail

-	ld	[%o1],%g2

-.L_bn_mul_words_return:

-	retl

-	mov	%o5,%o0

-	nop

-.L_bn_mul_words_tail:

-	umul	%o3,%g2,%g2

-	addcc	%g2,%o5,%g2

-	rd	%y,%g1

-	addx	%g1,0,%o5

-	deccc	%o2

-	bz	.L_bn_mul_words_return

-	st	%g2,[%o0]

-	nop

-	ld	[%o1+4],%g2

-	umul	%o3,%g2,%g2

-	addcc	%g2,%o5,%g2

-	rd	%y,%g1

-	addx	%g1,0,%o5

-	deccc	%o2

-	bz	.L_bn_mul_words_return

-	st	%g2,[%o0+4]

-	ld	[%o1+8],%g2

-	umul	%o3,%g2,%g2

-	addcc	%g2,%o5,%g2

-	rd	%y,%g1

-	st	%g2,[%o0+8]

-	retl

-	addx	%g1,0,%o0

-.type	bn_mul_words,#function

-.size	bn_mul_words,(.-bn_mul_words)

-.align  32

-.global	bn_sqr_words

-/*

- * void bn_sqr_words(r,a,n)

- * BN_ULONG *r,*a;

- * int n;

- */

-bn_sqr_words:

-	cmp	%o2,0

-	bg,a	.L_bn_sqr_words_proceeed

-	ld	[%o1],%g2

-	retl

-	clr	%o0

-.L_bn_sqr_words_proceeed:

-	andcc	%o2,-4,%g0

-	bz	.L_bn_sqr_words_tail

-	clr	%o5

-.L_bn_sqr_words_loop:

-	ld	[%o1+4],%g3

-	umul	%g2,%g2,%o4

-	st	%o4,[%o0]

-	rd	%y,%o5

-	st	%o5,[%o0+4]

-	ld	[%o1+8],%g2

-	umul	%g3,%g3,%o4

-	dec	4,%o2

-	st	%o4,[%o0+8]

-	rd	%y,%o5

-	st	%o5,[%o0+12]

-	nop

-	ld	[%o1+12],%g3

-	umul	%g2,%g2,%o4

-	st	%o4,[%o0+16]

-	rd	%y,%o5

-	inc	16,%o1

-	st	%o5,[%o0+20]

-	umul	%g3,%g3,%o4

-	inc	32,%o0

-	st	%o4,[%o0-8]

-	rd	%y,%o5

-	st	%o5,[%o0-4]

-	andcc	%o2,-4,%g2

-	bnz,a	.L_bn_sqr_words_loop

-	ld	[%o1],%g2

-	tst	%o2

-	nop

-	bnz,a	.L_bn_sqr_words_tail

-	ld	[%o1],%g2

-.L_bn_sqr_words_return:

-	retl

-	clr	%o0

-.L_bn_sqr_words_tail:

-	umul	%g2,%g2,%o4

-	st	%o4,[%o0]

-	deccc	%o2

-	rd	%y,%o5

-	bz	.L_bn_sqr_words_return

-	st	%o5,[%o0+4]

-	ld	[%o1+4],%g2

-	umul	%g2,%g2,%o4

-	st	%o4,[%o0+8]

-	deccc	%o2

-	rd	%y,%o5

-	nop

-	bz	.L_bn_sqr_words_return

-	st	%o5,[%o0+12]

-	ld	[%o1+8],%g2

-	umul	%g2,%g2,%o4

-	st	%o4,[%o0+16]

-	rd	%y,%o5

-	st	%o5,[%o0+20]

-	retl

-	clr	%o0

-.type	bn_sqr_words,#function

-.size	bn_sqr_words,(.-bn_sqr_words)

-.align	32

-.global bn_div_words

-/*

- * BN_ULONG bn_div_words(h,l,d)

- * BN_ULONG h,l,d;

- */

-bn_div_words:

-	wr	%o0,%y

-	udiv	%o1,%o2,%o0

-	retl

-	nop

-.type	bn_div_words,#function

-.size	bn_div_words,(.-bn_div_words)

-.align	32

-.global bn_add_words

-/*

- * BN_ULONG bn_add_words(rp,ap,bp,n)

- * BN_ULONG *rp,*ap,*bp;

- * int n;

- */

-bn_add_words:

-	cmp	%o3,0

-	bg,a	.L_bn_add_words_proceed

-	ld	[%o1],%o4

-	retl

-	clr	%o0

-.L_bn_add_words_proceed:

-	andcc	%o3,-4,%g0

-	bz	.L_bn_add_words_tail

-	clr	%g1

-	ba	.L_bn_add_words_warn_loop

-	addcc	%g0,0,%g0	! clear carry flag

-.L_bn_add_words_loop:

-	ld	[%o1],%o4

-.L_bn_add_words_warn_loop:

-	ld	[%o2],%o5

-	ld	[%o1+4],%g3

-	ld	[%o2+4],%g4

-	dec	4,%o3

-	addxcc	%o5,%o4,%o5

-	st	%o5,[%o0]

-	ld	[%o1+8],%o4

-	ld	[%o2+8],%o5

-	inc	16,%o1

-	addxcc	%g3,%g4,%g3

-	st	%g3,[%o0+4]

-	ld	[%o1-4],%g3

-	ld	[%o2+12],%g4

-	inc	16,%o2

-	addxcc	%o5,%o4,%o5

-	st	%o5,[%o0+8]

-	inc	16,%o0

-	addxcc	%g3,%g4,%g3

-	st	%g3,[%o0-4]

-	addx	%g0,0,%g1

-	andcc	%o3,-4,%g0

-	bnz,a	.L_bn_add_words_loop

-	addcc	%g1,-1,%g0

-	tst	%o3

-	bnz,a	.L_bn_add_words_tail

-	ld	[%o1],%o4

-.L_bn_add_words_return:

-	retl

-	mov	%g1,%o0

-.L_bn_add_words_tail:

-	addcc	%g1,-1,%g0

-	ld	[%o2],%o5

-	addxcc	%o5,%o4,%o5

-	addx	%g0,0,%g1

-	deccc	%o3

-	bz	.L_bn_add_words_return

-	st	%o5,[%o0]

-	ld	[%o1+4],%o4

-	addcc	%g1,-1,%g0

-	ld	[%o2+4],%o5

-	addxcc	%o5,%o4,%o5

-	addx	%g0,0,%g1

-	deccc	%o3

-	bz	.L_bn_add_words_return

-	st	%o5,[%o0+4]

-	ld	[%o1+8],%o4

-	addcc	%g1,-1,%g0

-	ld	[%o2+8],%o5

-	addxcc	%o5,%o4,%o5

-	st	%o5,[%o0+8]

-	retl

-	addx	%g0,0,%o0

-.type	bn_add_words,#function

-.size	bn_add_words,(.-bn_add_words)

-.align	32

-.global bn_sub_words

-/*

- * BN_ULONG bn_sub_words(rp,ap,bp,n)

- * BN_ULONG *rp,*ap,*bp;

- * int n;

- */

-bn_sub_words:

-	cmp	%o3,0

-	bg,a	.L_bn_sub_words_proceed

-	ld	[%o1],%o4

-	retl

-	clr	%o0

-.L_bn_sub_words_proceed:

-	andcc	%o3,-4,%g0

-	bz	.L_bn_sub_words_tail

-	clr	%g1

-	ba	.L_bn_sub_words_warm_loop

-	addcc	%g0,0,%g0	! clear carry flag

-.L_bn_sub_words_loop:

-	ld	[%o1],%o4

-.L_bn_sub_words_warm_loop:

-	ld	[%o2],%o5

-	ld	[%o1+4],%g3

-	ld	[%o2+4],%g4

-	dec	4,%o3

-	subxcc	%o4,%o5,%o5

-	st	%o5,[%o0]

-	ld	[%o1+8],%o4

-	ld	[%o2+8],%o5

-	inc	16,%o1

-	subxcc	%g3,%g4,%g4

-	st	%g4,[%o0+4]

-	ld	[%o1-4],%g3

-	ld	[%o2+12],%g4

-	inc	16,%o2

-	subxcc	%o4,%o5,%o5

-	st	%o5,[%o0+8]

-	inc	16,%o0

-	subxcc	%g3,%g4,%g4

-	st	%g4,[%o0-4]

-	addx	%g0,0,%g1

-	andcc	%o3,-4,%g0

-	bnz,a	.L_bn_sub_words_loop

-	addcc	%g1,-1,%g0

-	tst	%o3

-	nop

-	bnz,a	.L_bn_sub_words_tail

-	ld	[%o1],%o4

-.L_bn_sub_words_return:

-	retl

-	mov	%g1,%o0

-.L_bn_sub_words_tail:

-	addcc	%g1,-1,%g0

-	ld	[%o2],%o5

-	subxcc	%o4,%o5,%o5

-	addx	%g0,0,%g1

-	deccc	%o3

-	bz	.L_bn_sub_words_return

-	st	%o5,[%o0]

-	nop

-	ld	[%o1+4],%o4

-	addcc	%g1,-1,%g0

-	ld	[%o2+4],%o5

-	subxcc	%o4,%o5,%o5

-	addx	%g0,0,%g1

-	deccc	%o3

-	bz	.L_bn_sub_words_return

-	st	%o5,[%o0+4]

-	ld	[%o1+8],%o4

-	addcc	%g1,-1,%g0

-	ld	[%o2+8],%o5

-	subxcc	%o4,%o5,%o5

-	st	%o5,[%o0+8]

-	retl

-	addx	%g0,0,%o0

-.type	bn_sub_words,#function

-.size	bn_sub_words,(.-bn_sub_words)

-#define FRAME_SIZE	-96

-/*

- * Here is register usage map for *all* routines below.

- */

-#define t_1	%o0

-#define	t_2	%o1

-#define c_1	%o2

-#define c_2	%o3

-#define c_3	%o4

-#define ap(I)	[%i1+4*I]

-#define bp(I)	[%i2+4*I]

-#define rp(I)	[%i0+4*I]

-#define	a_0	%l0

-#define	a_1	%l1

-#define	a_2	%l2

-#define	a_3	%l3

-#define	a_4	%l4

-#define	a_5	%l5

-#define	a_6	%l6

-#define	a_7	%l7

-#define	b_0	%i3

-#define	b_1	%i4

-#define	b_2	%i5

-#define	b_3	%o5

-#define	b_4	%g1

-#define	b_5	%g2

-#define	b_6	%g3

-#define	b_7	%g4

-.align	32

-.global bn_mul_comba8

-/*

- * void bn_mul_comba8(r,a,b)

- * BN_ULONG *r,*a,*b;

- */

-bn_mul_comba8:

-	save	%sp,FRAME_SIZE,%sp

-	ld	ap(0),a_0

-	ld	bp(0),b_0

-	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);

-	ld	bp(1),b_1

-	rd	%y,c_2

-	st	c_1,rp(0)	!r[0]=c1;

-	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);

-	ld	ap(1),a_1

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	%g0,t_2,c_3	!=

-	addx	%g0,%g0,c_1

-	ld	ap(2),a_2

-	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	st	c_2,rp(1)	!r[1]=c2;

-	addx	c_1,%g0,c_1	!=

-	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	%g0,%g0,c_2

-	ld	bp(2),b_2

-	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	ld	bp(3),b_3

-	addx	c_2,%g0,c_2	!=

-	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	st	c_3,rp(2)	!r[2]=c3;

-	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	%g0,%g0,c_3

-	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	ld	ap(3),a_3

-	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2		!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	ld	ap(4),a_4

-	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(3)	!r[3]=c1;

-	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	ld	bp(4),b_4

-	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	ld	bp(5),b_5

-	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	st	c_2,rp(4)	!r[4]=c2;

-	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2

-	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	ld	ap(5),a_5

-	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	ld	ap(6),a_6

-	addx	c_2,%g0,c_2	!=

-	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	st	c_3,rp(5)	!r[5]=c3;

-	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	%g0,%g0,c_3

-	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2		!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	ld	bp(6),b_6

-	addx	c_3,%g0,c_3	!=

-	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	ld	bp(7),b_7

-	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	st	c_1,rp(6)	!r[6]=c1;

-	addx	c_3,%g0,c_3	!=

-	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	%g0,%g0,c_1

-	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	ld	ap(7),a_7

-	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	st	c_2,rp(7)	!r[7]=c2;

-	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2

-	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!

-	addx	c_2,%g0,c_2

-	st	c_3,rp(8)	!r[8]=c3;

-	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	%g0,%g0,c_3

-	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2		!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(9)	!r[9]=c1;

-	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	st	c_2,rp(10)	!r[10]=c2;

-	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2	!=

-	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	st	c_3,rp(11)	!r[11]=c3;

-	addx	c_2,%g0,c_2	!=

-	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	%g0,%g0,c_3

-	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2		!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	st	c_1,rp(12)	!r[12]=c1;

-	addx	c_3,%g0,c_3	!=

-	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	%g0,%g0,c_1

-	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	st	c_2,rp(13)	!r[13]=c2;

-	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	nop			!=

-	st	c_3,rp(14)	!r[14]=c3;

-	st	c_1,rp(15)	!r[15]=c1;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_mul_comba8,#function

-.size	bn_mul_comba8,(.-bn_mul_comba8)

-.align	32

-.global bn_mul_comba4

-/*

- * void bn_mul_comba4(r,a,b)

- * BN_ULONG *r,*a,*b;

- */

-bn_mul_comba4:

-	save	%sp,FRAME_SIZE,%sp

-	ld	ap(0),a_0

-	ld	bp(0),b_0

-	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);

-	ld	bp(1),b_1

-	rd	%y,c_2

-	st	c_1,rp(0)	!r[0]=c1;

-	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);

-	ld	ap(1),a_1

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	%g0,t_2,c_3

-	addx	%g0,%g0,c_1

-	ld	ap(2),a_2

-	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	st	c_2,rp(1)	!r[1]=c2;

-	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2

-	ld	bp(2),b_2

-	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	ld	bp(3),b_3

-	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	st	c_3,rp(2)	!r[2]=c3;

-	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	%g0,%g0,c_3	!=

-	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	ld	ap(3),a_3

-	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(3)	!r[3]=c1;

-	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	st	c_2,rp(4)	!r[4]=c2;

-	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2

-	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	st	c_3,rp(5)	!r[5]=c3;

-	addx	c_2,%g0,c_2	!=

-	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	st	c_1,rp(6)	!r[6]=c1;

-	st	c_2,rp(7)	!r[7]=c2;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_mul_comba4,#function

-.size	bn_mul_comba4,(.-bn_mul_comba4)

-.align	32

-.global bn_sqr_comba8

-bn_sqr_comba8:

-	save	%sp,FRAME_SIZE,%sp

-	ld	ap(0),a_0

-	ld	ap(1),a_1

-	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);

-	rd	%y,c_2

-	st	c_1,rp(0)	!r[0]=c1;

-	ld	ap(2),a_2

-	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	%g0,t_2,c_3

-	addx	%g0,%g0,c_1	!=

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3

-	st	c_2,rp(1)	!r[1]=c2;

-	addx	c_1,%g0,c_1	!=

-	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	%g0,%g0,c_2

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	ld	ap(3),a_3

-	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	st	c_3,rp(2)	!r[2]=c3;

-	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	%g0,%g0,c_3	!=

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	ld	ap(4),a_4

-	addx	c_3,%g0,c_3	!=

-	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(3)	!r[3]=c1;

-	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	ld	ap(5),a_5

-	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	st	c_2,rp(4)	!r[4]=c2;

-	addx	c_1,%g0,c_1	!=

-	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	%g0,%g0,c_2

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	ld	ap(6),a_6

-	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	st	c_3,rp(5)	!r[5]=c3;

-	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	%g0,%g0,c_3

-	addcc	c_1,t_1,c_1	!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	addcc	c_1,t_1,c_1	!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);

-	addcc	c_1,t_1,c_1	!=

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	addcc	c_1,t_1,c_1	!=

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3

-	ld	ap(7),a_7

-	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(6)	!r[6]=c1;

-	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	st	c_2,rp(7)	!r[7]=c2;

-	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2

-	addcc	c_3,t_1,c_3	!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	addcc	c_3,t_1,c_3	!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	addcc	c_3,t_1,c_3	!=

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	st	c_3,rp(8)	!r[8]=c3;

-	addx	c_2,%g0,c_2	!=

-	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	%g0,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(9)	!r[9]=c1;

-	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	st	c_2,rp(10)	!r[10]=c2;

-	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2	!=

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2

-	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	c_2,%g0,c_2	!=

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1

-	st	c_3,rp(11)	!r[11]=c3;

-	addx	c_2,%g0,c_2	!=

-	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	%g0,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	st	c_1,rp(12)	!r[12]=c1;

-	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);

-	addcc	c_2,t_1,c_2	!=

-	rd	%y,t_2

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	addcc	c_2,t_1,c_2	!=

-	addxcc	c_3,t_2,c_3

-	st	c_2,rp(13)	!r[13]=c2;

-	addx	c_1,%g0,c_1	!=

-	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1	!=

-	st	c_3,rp(14)	!r[14]=c3;

-	st	c_1,rp(15)	!r[15]=c1;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_sqr_comba8,#function

-.size	bn_sqr_comba8,(.-bn_sqr_comba8)

-.align	32

-.global bn_sqr_comba4

-/*

- * void bn_sqr_comba4(r,a)

- * BN_ULONG *r,*a;

- */

-bn_sqr_comba4:

-	save	%sp,FRAME_SIZE,%sp

-	ld	ap(0),a_0

-	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);

-	ld	ap(1),a_1	!=

-	rd	%y,c_2

-	st	c_1,rp(0)	!r[0]=c1;

-	ld	ap(2),a_2

-	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2

-	addxcc	%g0,t_2,c_3

-	addx	%g0,%g0,c_1	!=

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1	!=

-	st	c_2,rp(1)	!r[1]=c2;

-	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2		!=

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1	!=

-	addx	c_2,%g0,c_2

-	ld	ap(3),a_3

-	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);

-	addcc	c_3,t_1,c_3	!=

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	st	c_3,rp(2)	!r[2]=c3;

-	addx	c_2,%g0,c_2	!=

-	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	%g0,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	addx	c_3,%g0,c_3

-	addcc	c_1,t_1,c_1

-	addxcc	c_2,t_2,c_2

-	addx	c_3,%g0,c_3	!=

-	st	c_1,rp(3)	!r[3]=c1;

-	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	%g0,%g0,c_1

-	addcc	c_2,t_1,c_2

-	addxcc	c_3,t_2,c_3	!=

-	addx	c_1,%g0,c_1

-	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);

-	addcc	c_2,t_1,c_2

-	rd	%y,t_2		!=

-	addxcc	c_3,t_2,c_3

-	addx	c_1,%g0,c_1

-	st	c_2,rp(4)	!r[4]=c2;

-	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);

-	addcc	c_3,t_1,c_3

-	rd	%y,t_2

-	addxcc	c_1,t_2,c_1

-	addx	%g0,%g0,c_2	!=

-	addcc	c_3,t_1,c_3

-	addxcc	c_1,t_2,c_1

-	st	c_3,rp(5)	!r[5]=c3;

-	addx	c_2,%g0,c_2	!=

-	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);

-	addcc	c_1,t_1,c_1

-	rd	%y,t_2

-	addxcc	c_2,t_2,c_2	!=

-	st	c_1,rp(6)	!r[6]=c1;

-	st	c_2,rp(7)	!r[7]=c2;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_sqr_comba4,#function

-.size	bn_sqr_comba4,(.-bn_sqr_comba4)

-.align	32

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/sparcv8plus.S

+++ /dev/null

@@ -1,1547 +1,0 @@

-.ident	"sparcv8plus.s, Version 1.4"

-.ident	"SPARC v9 ISA artwork by Andy Polyakov <[email protected]>"

-/*

- * ====================================================================

- * Written by Andy Polyakov <[email protected]> for the OpenSSL

- * project.

- *

- * Rights for redistribution and usage in source and binary forms are

- * granted according to the OpenSSL license. Warranty of any kind is

- * disclaimed.

- * ====================================================================

- */

-/*

- * This is my modest contributon to OpenSSL project (see

- * http://www.openssl.org/ for more information about it) and is

- * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c

- * module. For updates see http://fy.chalmers.se/~appro/hpe/.

- *

- * Questions-n-answers.

- *

- * Q. How to compile?

- * A. With SC4.x/SC5.x:

- *

- *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o

- *

- *    and with gcc:

- *

- *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o

- *

- *    or if above fails (it does if you have gas installed):

- *

- *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o

- *

- *    Quick-n-dirty way to fuse the module into the library.

- *    Provided that the library is already configured and built

- *    (in 0.9.2 case with no-asm option):

- *

- *	# cd crypto/bn

- *	# cp /some/place/bn_asm.sparc.v8plus.S .

- *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o

- *	# make

- *	# cd ../..

- *	# make; make test

- *

- *    Quick-n-dirty way to get rid of it:

- *

- *	# cd crypto/bn

- *	# touch bn_asm.c

- *	# make

- *	# cd ../..

- *	# make; make test

- *

- * Q. V8plus achitecture? What kind of beast is that?

- * A. Well, it's rather a programming model than an architecture...

- *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under

- *    special conditions, namely when kernel doesn't preserve upper

- *    32 bits of otherwise 64-bit registers during a context switch.

- *

- * Q. Why just UltraSPARC? What about SuperSPARC?

- * A. Original release did target UltraSPARC only. Now SuperSPARC

- *    version is provided along. Both version share bn_*comba[48]

- *    implementations (see comment later in code for explanation).

- *    But what's so special about this UltraSPARC implementation?

- *    Why didn't I let compiler do the job? Trouble is that most of

- *    available compilers (well, SC5.0 is the only exception) don't

- *    attempt to take advantage of UltraSPARC's 64-bitness under

- *    32-bit kernels even though it's perfectly possible (see next

- *    question).

- *

- * Q. 64-bit registers under 32-bit kernels? Didn't you just say it

- *    doesn't work?

- * A. You can't adress *all* registers as 64-bit wide:-( The catch is

- *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully

- *    preserved if you're in a leaf function, i.e. such never calling

- *    any other functions. All functions in this module are leaf and

- *    10 registers is a handful. And as a matter of fact none-"comba"

- *    routines don't require even that much and I could even afford to

- *    not allocate own stack frame for 'em:-)

- *

- * Q. What about 64-bit kernels?

- * A. What about 'em? Just kidding:-) Pure 64-bit version is currently

- *    under evaluation and development...

- *

- * Q. What about shared libraries?

- * A. What about 'em? Kidding again:-) Code does *not* contain any

- *    code position dependencies and it's safe to include it into

- *    shared library as is.

- *

- * Q. How much faster does it go?

- * A. Do you have a good benchmark? In either case below is what I

- *    experience with crypto/bn/expspeed.c test program:

- *

- *	v8plus module on U10/300MHz against bn_asm.c compiled with:

- *

- *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%

- *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%

- *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%

- *

- *	v8 module on SS10/60MHz against bn_asm.c compiled with:

- *

- *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%

- *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%

- *	egcs-1.1.2 -mv8 -O3			+35-45%

- *

- *    As you can see it's damn hard to beat the new Sun C compiler

- *    and it's in first place GNU C users who will appreciate this

- *    assembler implementation:-)

- */

-/*

- * Revision history.

- *

- * 1.0	- initial release;

- * 1.1	- new loop unrolling model(*);

- *	- some more fine tuning;

- * 1.2	- made gas friendly;

- *	- updates to documentation concerning v9;

- *	- new performance comparison matrix;

- * 1.3	- fixed problem with /usr/ccs/lib/cpp;

- * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)

- *	  resulting in slight overall performance kick;

- *	- some retunes;

- *	- support for GNU as added;

- *

- * (*)	Originally unrolled loop looked like this:

- *	    for (;;) {

- *		op(p+0); if (--n==0) break;

- *		op(p+1); if (--n==0) break;

- *		op(p+2); if (--n==0) break;

- *		op(p+3); if (--n==0) break;

- *		p+=4;

- *	    }

- *	I unroll according to following:

- *	    while (n&~3) {

- *		op(p+0); op(p+1); op(p+2); op(p+3);

- *		p+=4; n=-4;

- *	    }

- *	    if (n) {

- *		op(p+0); if (--n==0) return;

- *		op(p+2); if (--n==0) return;

- *		op(p+3); return;

- *	    }

- */

-/*

- * GNU assembler can't stand stuw:-(

- */

-#define stuw st

-.section	".text",#alloc,#execinstr

-.file		"bn_asm.sparc.v8plus.S"

-.align	32

-.global bn_mul_add_words

-/*

- * BN_ULONG bn_mul_add_words(rp,ap,num,w)

- * BN_ULONG *rp,*ap;

- * int num;

- * BN_ULONG w;

- */

-bn_mul_add_words:

-	sra	%o2,%g0,%o2	! signx %o2

-	brgz,a	%o2,.L_bn_mul_add_words_proceed

-	lduw	[%o1],%g2

-	retl

-	clr	%o0

-	nop

-	nop

-	nop

-.L_bn_mul_add_words_proceed:

-	srl	%o3,%g0,%o3	! clruw	%o3

-	andcc	%o2,-4,%g0

-	bz,pn	%icc,.L_bn_mul_add_words_tail

-	clr	%o5

-.L_bn_mul_add_words_loop:	! wow! 32 aligned!

-	lduw	[%o0],%g1

-	lduw	[%o1+4],%g3

-	mulx	%o3,%g2,%g2

-	add	%g1,%o5,%o4

-	nop

-	add	%o4,%g2,%o4

-	stuw	%o4,[%o0]

-	srlx	%o4,32,%o5

-	lduw	[%o0+4],%g1

-	lduw	[%o1+8],%g2

-	mulx	%o3,%g3,%g3

-	add	%g1,%o5,%o4

-	dec	4,%o2

-	add	%o4,%g3,%o4

-	stuw	%o4,[%o0+4]

-	srlx	%o4,32,%o5

-	lduw	[%o0+8],%g1

-	lduw	[%o1+12],%g3

-	mulx	%o3,%g2,%g2

-	add	%g1,%o5,%o4

-	inc	16,%o1

-	add	%o4,%g2,%o4

-	stuw	%o4,[%o0+8]

-	srlx	%o4,32,%o5

-	lduw	[%o0+12],%g1

-	mulx	%o3,%g3,%g3

-	add	%g1,%o5,%o4

-	inc	16,%o0

-	add	%o4,%g3,%o4

-	andcc	%o2,-4,%g0

-	stuw	%o4,[%o0-4]

-	srlx	%o4,32,%o5

-	bnz,a,pt	%icc,.L_bn_mul_add_words_loop

-	lduw	[%o1],%g2

-	brnz,a,pn	%o2,.L_bn_mul_add_words_tail

-	lduw	[%o1],%g2

-.L_bn_mul_add_words_return:

-	retl

-	mov	%o5,%o0

-.L_bn_mul_add_words_tail:

-	lduw	[%o0],%g1

-	mulx	%o3,%g2,%g2

-	add	%g1,%o5,%o4

-	dec	%o2

-	add	%o4,%g2,%o4

-	srlx	%o4,32,%o5

-	brz,pt	%o2,.L_bn_mul_add_words_return

-	stuw	%o4,[%o0]

-	lduw	[%o1+4],%g2

-	lduw	[%o0+4],%g1

-	mulx	%o3,%g2,%g2

-	add	%g1,%o5,%o4

-	dec	%o2

-	add	%o4,%g2,%o4

-	srlx	%o4,32,%o5

-	brz,pt	%o2,.L_bn_mul_add_words_return

-	stuw	%o4,[%o0+4]

-	lduw	[%o1+8],%g2

-	lduw	[%o0+8],%g1

-	mulx	%o3,%g2,%g2

-	add	%g1,%o5,%o4

-	add	%o4,%g2,%o4

-	stuw	%o4,[%o0+8]

-	retl

-	srlx	%o4,32,%o0

-.type	bn_mul_add_words,#function

-.size	bn_mul_add_words,(.-bn_mul_add_words)

-.align	32

-.global bn_mul_words

-/*

- * BN_ULONG bn_mul_words(rp,ap,num,w)

- * BN_ULONG *rp,*ap;

- * int num;

- * BN_ULONG w;

- */

-bn_mul_words:

-	sra	%o2,%g0,%o2	! signx %o2

-	brgz,a	%o2,.L_bn_mul_words_proceeed

-	lduw	[%o1],%g2

-	retl

-	clr	%o0

-	nop

-	nop

-	nop

-.L_bn_mul_words_proceeed:

-	srl	%o3,%g0,%o3	! clruw	%o3

-	andcc	%o2,-4,%g0

-	bz,pn	%icc,.L_bn_mul_words_tail

-	clr	%o5

-.L_bn_mul_words_loop:		! wow! 32 aligned!

-	lduw	[%o1+4],%g3

-	mulx	%o3,%g2,%g2

-	add	%g2,%o5,%o4

-	nop

-	stuw	%o4,[%o0]

-	srlx	%o4,32,%o5

-	lduw	[%o1+8],%g2

-	mulx	%o3,%g3,%g3

-	add	%g3,%o5,%o4

-	dec	4,%o2

-	stuw	%o4,[%o0+4]

-	srlx	%o4,32,%o5

-	lduw	[%o1+12],%g3

-	mulx	%o3,%g2,%g2

-	add	%g2,%o5,%o4

-	inc	16,%o1

-	stuw	%o4,[%o0+8]

-	srlx	%o4,32,%o5

-	mulx	%o3,%g3,%g3

-	add	%g3,%o5,%o4

-	inc	16,%o0

-	stuw	%o4,[%o0-4]

-	srlx	%o4,32,%o5

-	andcc	%o2,-4,%g0

-	bnz,a,pt	%icc,.L_bn_mul_words_loop

-	lduw	[%o1],%g2

-	nop

-	nop

-	brnz,a,pn	%o2,.L_bn_mul_words_tail

-	lduw	[%o1],%g2

-.L_bn_mul_words_return:

-	retl

-	mov	%o5,%o0

-.L_bn_mul_words_tail:

-	mulx	%o3,%g2,%g2

-	add	%g2,%o5,%o4

-	dec	%o2

-	srlx	%o4,32,%o5

-	brz,pt	%o2,.L_bn_mul_words_return

-	stuw	%o4,[%o0]

-	lduw	[%o1+4],%g2

-	mulx	%o3,%g2,%g2

-	add	%g2,%o5,%o4

-	dec	%o2

-	srlx	%o4,32,%o5

-	brz,pt	%o2,.L_bn_mul_words_return

-	stuw	%o4,[%o0+4]

-	lduw	[%o1+8],%g2

-	mulx	%o3,%g2,%g2

-	add	%g2,%o5,%o4

-	stuw	%o4,[%o0+8]

-	retl

-	srlx	%o4,32,%o0

-.type	bn_mul_words,#function

-.size	bn_mul_words,(.-bn_mul_words)

-.align  32

-.global	bn_sqr_words

-/*

- * void bn_sqr_words(r,a,n)

- * BN_ULONG *r,*a;

- * int n;

- */

-bn_sqr_words:

-	sra	%o2,%g0,%o2	! signx %o2

-	brgz,a	%o2,.L_bn_sqr_words_proceeed

-	lduw	[%o1],%g2

-	retl

-	clr	%o0

-	nop

-	nop

-	nop

-.L_bn_sqr_words_proceeed:

-	andcc	%o2,-4,%g0

-	nop

-	bz,pn	%icc,.L_bn_sqr_words_tail

-	nop

-.L_bn_sqr_words_loop:		! wow! 32 aligned!

-	lduw	[%o1+4],%g3

-	mulx	%g2,%g2,%o4

-	stuw	%o4,[%o0]

-	srlx	%o4,32,%o5

-	stuw	%o5,[%o0+4]

-	nop

-	lduw	[%o1+8],%g2

-	mulx	%g3,%g3,%o4

-	dec	4,%o2

-	stuw	%o4,[%o0+8]

-	srlx	%o4,32,%o5

-	stuw	%o5,[%o0+12]

-	lduw	[%o1+12],%g3

-	mulx	%g2,%g2,%o4

-	srlx	%o4,32,%o5

-	stuw	%o4,[%o0+16]

-	inc	16,%o1

-	stuw	%o5,[%o0+20]

-	mulx	%g3,%g3,%o4

-	inc	32,%o0

-	stuw	%o4,[%o0-8]

-	srlx	%o4,32,%o5

-	andcc	%o2,-4,%g2

-	stuw	%o5,[%o0-4]

-	bnz,a,pt	%icc,.L_bn_sqr_words_loop

-	lduw	[%o1],%g2

-	nop

-	brnz,a,pn	%o2,.L_bn_sqr_words_tail

-	lduw	[%o1],%g2

-.L_bn_sqr_words_return:

-	retl

-	clr	%o0

-.L_bn_sqr_words_tail:

-	mulx	%g2,%g2,%o4

-	dec	%o2

-	stuw	%o4,[%o0]

-	srlx	%o4,32,%o5

-	brz,pt	%o2,.L_bn_sqr_words_return

-	stuw	%o5,[%o0+4]

-	lduw	[%o1+4],%g2

-	mulx	%g2,%g2,%o4

-	dec	%o2

-	stuw	%o4,[%o0+8]

-	srlx	%o4,32,%o5

-	brz,pt	%o2,.L_bn_sqr_words_return

-	stuw	%o5,[%o0+12]

-	lduw	[%o1+8],%g2

-	mulx	%g2,%g2,%o4

-	srlx	%o4,32,%o5

-	stuw	%o4,[%o0+16]

-	stuw	%o5,[%o0+20]

-	retl

-	clr	%o0

-.type	bn_sqr_words,#function

-.size	bn_sqr_words,(.-bn_sqr_words)

-.align	32

-.global bn_div_words

-/*

- * BN_ULONG bn_div_words(h,l,d)

- * BN_ULONG h,l,d;

- */

-bn_div_words:

-	sllx	%o0,32,%o0

-	or	%o0,%o1,%o0

-	udivx	%o0,%o2,%o0

-	retl

-	srl	%o0,%g0,%o0	! clruw	%o0

-.type	bn_div_words,#function

-.size	bn_div_words,(.-bn_div_words)

-.align	32

-.global bn_add_words

-/*

- * BN_ULONG bn_add_words(rp,ap,bp,n)

- * BN_ULONG *rp,*ap,*bp;

- * int n;

- */

-bn_add_words:

-	sra	%o3,%g0,%o3	! signx %o3

-	brgz,a	%o3,.L_bn_add_words_proceed

-	lduw	[%o1],%o4

-	retl

-	clr	%o0

-.L_bn_add_words_proceed:

-	andcc	%o3,-4,%g0

-	bz,pn	%icc,.L_bn_add_words_tail

-	addcc	%g0,0,%g0	! clear carry flag

-.L_bn_add_words_loop:		! wow! 32 aligned!

-	dec	4,%o3

-	lduw	[%o2],%o5

-	lduw	[%o1+4],%g1

-	lduw	[%o2+4],%g2

-	lduw	[%o1+8],%g3

-	lduw	[%o2+8],%g4

-	addccc	%o5,%o4,%o5

-	stuw	%o5,[%o0]

-	lduw	[%o1+12],%o4

-	lduw	[%o2+12],%o5

-	inc	16,%o1

-	addccc	%g1,%g2,%g1

-	stuw	%g1,[%o0+4]

-	inc	16,%o2

-	addccc	%g3,%g4,%g3

-	stuw	%g3,[%o0+8]

-	inc	16,%o0

-	addccc	%o5,%o4,%o5

-	stuw	%o5,[%o0-4]

-	and	%o3,-4,%g1

-	brnz,a,pt	%g1,.L_bn_add_words_loop

-	lduw	[%o1],%o4

-	brnz,a,pn	%o3,.L_bn_add_words_tail

-	lduw	[%o1],%o4

-.L_bn_add_words_return:

-	clr	%o0

-	retl

-	movcs	%icc,1,%o0

-	nop

-.L_bn_add_words_tail:

-	lduw	[%o2],%o5

-	dec	%o3

-	addccc	%o5,%o4,%o5

-	brz,pt	%o3,.L_bn_add_words_return

-	stuw	%o5,[%o0]

-	lduw	[%o1+4],%o4

-	lduw	[%o2+4],%o5

-	dec	%o3

-	addccc	%o5,%o4,%o5

-	brz,pt	%o3,.L_bn_add_words_return

-	stuw	%o5,[%o0+4]

-	lduw	[%o1+8],%o4

-	lduw	[%o2+8],%o5

-	addccc	%o5,%o4,%o5

-	stuw	%o5,[%o0+8]

-	clr	%o0

-	retl

-	movcs	%icc,1,%o0

-.type	bn_add_words,#function

-.size	bn_add_words,(.-bn_add_words)

-.global bn_sub_words

-/*

- * BN_ULONG bn_sub_words(rp,ap,bp,n)

- * BN_ULONG *rp,*ap,*bp;

- * int n;

- */

-bn_sub_words:

-	sra	%o3,%g0,%o3	! signx %o3

-	brgz,a	%o3,.L_bn_sub_words_proceed

-	lduw	[%o1],%o4

-	retl

-	clr	%o0

-.L_bn_sub_words_proceed:

-	andcc	%o3,-4,%g0

-	bz,pn	%icc,.L_bn_sub_words_tail

-	addcc	%g0,0,%g0	! clear carry flag

-.L_bn_sub_words_loop:		! wow! 32 aligned!

-	dec	4,%o3

-	lduw	[%o2],%o5

-	lduw	[%o1+4],%g1

-	lduw	[%o2+4],%g2

-	lduw	[%o1+8],%g3

-	lduw	[%o2+8],%g4

-	subccc	%o4,%o5,%o5

-	stuw	%o5,[%o0]

-	lduw	[%o1+12],%o4

-	lduw	[%o2+12],%o5

-	inc	16,%o1

-	subccc	%g1,%g2,%g2

-	stuw	%g2,[%o0+4]

-	inc	16,%o2

-	subccc	%g3,%g4,%g4

-	stuw	%g4,[%o0+8]

-	inc	16,%o0

-	subccc	%o4,%o5,%o5

-	stuw	%o5,[%o0-4]

-	and	%o3,-4,%g1

-	brnz,a,pt	%g1,.L_bn_sub_words_loop

-	lduw	[%o1],%o4

-	brnz,a,pn	%o3,.L_bn_sub_words_tail

-	lduw	[%o1],%o4

-.L_bn_sub_words_return:

-	clr	%o0

-	retl

-	movcs	%icc,1,%o0

-	nop

-.L_bn_sub_words_tail:		! wow! 32 aligned!

-	lduw	[%o2],%o5

-	dec	%o3

-	subccc	%o4,%o5,%o5

-	brz,pt	%o3,.L_bn_sub_words_return

-	stuw	%o5,[%o0]

-	lduw	[%o1+4],%o4

-	lduw	[%o2+4],%o5

-	dec	%o3

-	subccc	%o4,%o5,%o5

-	brz,pt	%o3,.L_bn_sub_words_return

-	stuw	%o5,[%o0+4]

-	lduw	[%o1+8],%o4

-	lduw	[%o2+8],%o5

-	subccc	%o4,%o5,%o5

-	stuw	%o5,[%o0+8]

-	clr	%o0

-	retl

-	movcs	%icc,1,%o0

-.type	bn_sub_words,#function

-.size	bn_sub_words,(.-bn_sub_words)

-/*

- * Code below depends on the fact that upper parts of the %l0-%l7

- * and %i0-%i7 are zeroed by kernel after context switch. In

- * previous versions this comment stated that "the trouble is that

- * it's not feasible to implement the mumbo-jumbo in less V9

- * instructions:-(" which apparently isn't true thanks to

- * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement

- * results not from the shorter code, but from elimination of

- * multicycle none-pairable 'rd %y,%rd' instructions.

- *

- *							Andy.

- */

-#define FRAME_SIZE	-96

-/*

- * Here is register usage map for *all* routines below.

- */

-#define t_1	%o0

-#define	t_2	%o1

-#define c_12	%o2

-#define c_3	%o3

-#define ap(I)	[%i1+4*I]

-#define bp(I)	[%i2+4*I]

-#define rp(I)	[%i0+4*I]

-#define	a_0	%l0

-#define	a_1	%l1

-#define	a_2	%l2

-#define	a_3	%l3

-#define	a_4	%l4

-#define	a_5	%l5

-#define	a_6	%l6

-#define	a_7	%l7

-#define	b_0	%i3

-#define	b_1	%i4

-#define	b_2	%i5

-#define	b_3	%o4

-#define	b_4	%o5

-#define	b_5	%o7

-#define	b_6	%g1

-#define	b_7	%g4

-.align	32

-.global bn_mul_comba8

-/*

- * void bn_mul_comba8(r,a,b)

- * BN_ULONG *r,*a,*b;

- */

-bn_mul_comba8:

-	save	%sp,FRAME_SIZE,%sp

-	mov	1,t_2

-	lduw	ap(0),a_0

-	sllx	t_2,32,t_2

-	lduw	bp(0),b_0	!=

-	lduw	bp(1),b_1

-	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(0)	!=!r[0]=c1;

-	lduw	ap(1),a_1

-	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3		!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(2),a_2

-	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(1)	!r[1]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);

-	addcc	c_12,t_1,c_12	!=

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	bp(2),b_2	!=

-	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	lduw	bp(3),b_3

-	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(2)	!r[2]=c3;

-	or	c_12,c_3,c_12	!=

-	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	lduw	ap(3),a_3

-	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);

-	addcc	c_12,t_1,c_12	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(4),a_4

-	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(3)	!r[3]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);

-	addcc	c_12,t_1,c_12	!=

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	bp(4),b_4	!=

-	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	lduw	bp(5),b_5

-	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(4)	!r[4]=c2;

-	or	c_12,c_3,c_12	!=

-	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	lduw	ap(5),a_5

-	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);

-	addcc	c_12,t_1,c_12	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(6),a_6

-	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(5)	!r[5]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);

-	addcc	c_12,t_1,c_12	!=

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	bp(6),b_6	!=

-	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	lduw	bp(7),b_7

-	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(6)	!r[6]=c1;

-	or	c_12,c_3,c_12	!=

-	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	lduw	ap(7),a_7

-	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(7)	!r[7]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(8)	!r[8]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(9)	!r[9]=c1;

-	or	c_12,c_3,c_12	!=

-	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(10)	!r[10]=c2;

-	or	c_12,c_3,c_12	!=

-	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(11)	!r[11]=c3;

-	or	c_12,c_3,c_12	!=

-	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(12)	!r[12]=c1;

-	or	c_12,c_3,c_12	!=

-	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	st	t_1,rp(13)	!r[13]=c2;

-	or	c_12,c_3,c_12	!=

-	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(14)	!r[14]=c3;

-	stuw	c_12,rp(15)	!r[15]=c1;

-	ret

-	restore	%g0,%g0,%o0	!=

-.type	bn_mul_comba8,#function

-.size	bn_mul_comba8,(.-bn_mul_comba8)

-.align	32

-.global bn_mul_comba4

-/*

- * void bn_mul_comba4(r,a,b)

- * BN_ULONG *r,*a,*b;

- */

-bn_mul_comba4:

-	save	%sp,FRAME_SIZE,%sp

-	lduw	ap(0),a_0

-	mov	1,t_2

-	lduw	bp(0),b_0

-	sllx	t_2,32,t_2	!=

-	lduw	bp(1),b_1

-	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(0)	!=!r[0]=c1;

-	lduw	ap(1),a_1

-	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3		!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(2),a_2

-	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(1)	!r[1]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);

-	addcc	c_12,t_1,c_12	!=

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	bp(2),b_2	!=

-	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3	!=

-	lduw	bp(3),b_3

-	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(2)	!r[2]=c3;

-	or	c_12,c_3,c_12	!=

-	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8	!=

-	add	c_3,t_2,c_3

-	lduw	ap(3),a_3

-	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);

-	addcc	c_12,t_1,c_12	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=

-	addcc	c_12,t_1,t_1	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(3)	!=!r[3]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3		!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);

-	addcc	c_12,t_1,c_12	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);

-	addcc	c_12,t_1,t_1	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(4)	!=!r[4]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3		!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);

-	addcc	c_12,t_1,t_1	!=

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(5)	!=!r[5]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	srlx	t_1,32,c_12	!=

-	stuw	t_1,rp(6)	!r[6]=c1;

-	stuw	c_12,rp(7)	!r[7]=c2;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_mul_comba4,#function

-.size	bn_mul_comba4,(.-bn_mul_comba4)

-.align	32

-.global bn_sqr_comba8

-bn_sqr_comba8:

-	save	%sp,FRAME_SIZE,%sp

-	mov	1,t_2

-	lduw	ap(0),a_0

-	sllx	t_2,32,t_2

-	lduw	ap(1),a_1

-	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(0)	!r[0]=c1;

-	lduw	ap(2),a_2

-	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(1)	!r[1]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(3),a_3

-	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(2)	!r[2]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(4),a_4

-	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	st	t_1,rp(3)	!r[3]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(5),a_5

-	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(4)	!r[4]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(6),a_6

-	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(5)	!r[5]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(7),a_7

-	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(6)	!r[6]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(7)	!r[7]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(8)	!r[8]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(9)	!r[9]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(10)	!r[10]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(11)	!r[11]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(12)	!r[12]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(13)	!r[13]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(14)	!r[14]=c3;

-	stuw	c_12,rp(15)	!r[15]=c1;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_sqr_comba8,#function

-.size	bn_sqr_comba8,(.-bn_sqr_comba8)

-.align	32

-.global bn_sqr_comba4

-/*

- * void bn_sqr_comba4(r,a)

- * BN_ULONG *r,*a;

- */

-bn_sqr_comba4:

-	save	%sp,FRAME_SIZE,%sp

-	mov	1,t_2

-	lduw	ap(0),a_0

-	sllx	t_2,32,t_2

-	lduw	ap(1),a_1

-	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(0)	!r[0]=c1;

-	lduw	ap(2),a_2

-	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(1)	!r[1]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	lduw	ap(3),a_3

-	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(2)	!r[2]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(3)	!r[3]=c1;

-	or	c_12,c_3,c_12

-	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,c_12

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(4)	!r[4]=c2;

-	or	c_12,c_3,c_12

-	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);

-	addcc	c_12,t_1,c_12

-	clr	c_3

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	addcc	c_12,t_1,t_1

-	bcs,a	%xcc,.+8

-	add	c_3,t_2,c_3

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(5)	!r[5]=c3;

-	or	c_12,c_3,c_12

-	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);

-	addcc	c_12,t_1,t_1

-	srlx	t_1,32,c_12

-	stuw	t_1,rp(6)	!r[6]=c1;

-	stuw	c_12,rp(7)	!r[7]=c2;

-	ret

-	restore	%g0,%g0,%o0

-.type	bn_sqr_comba4,#function

-.size	bn_sqr_comba4,(.-bn_sqr_comba4)

-.align	32

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/vms.mar

+++ /dev/null

@@ -1,6440 +1,0 @@

-	.title	vax_bn_mul_add_words  unsigned multiply & add, 32*32+32+32=>64

-;

-; w.j.m. 15-jan-1999

-;

-; it's magic ...

-;

-; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {

-;	ULONG c = 0;

-;	int i;

-;	for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;

-;	return c;

-; }

-r=4 ;(AP)

-a=8 ;(AP)

-n=12 ;(AP)	n	by value (input)

-w=16 ;(AP)	w	by value (input)

-	.psect	code,nowrt

-.entry	bn_mul_add_words,^m<r2,r3,r4,r5,r6>

-	moval	@r(ap),r2

-	moval	@a(ap),r3

-	movl	n(ap),r4	; assumed >0 by C code

-	movl	w(ap),r5

-	clrl	r6		; c

-0$:

-	emul	r5,(r3),(r2),r0		; w, a[], r[] considered signed

-	; fixup for "negative" r[]

-	tstl	(r2)

-	bgeq	10$

-	incl	r1

-10$:

-	; add in c

-	addl2	r6,r0

-	adwc	#0,r1

-	; combined fixup for "negative" w, a[]

-	tstl	r5

-	bgeq	20$

-	addl2	(r3),r1

-20$:

-	tstl	(r3)

-	bgeq	30$

-	addl2	r5,r1

-30$:

-	movl	r0,(r2)+		; store lo result in r[] & advance

-	addl	#4,r3			; advance a[]

-	movl	r1,r6			; store hi result => c

-	sobgtr	r4,0$

-	movl	r6,r0			; return c

-	ret

-	.title	vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64

-;

-; w.j.m. 15-jan-1999

-;

-; it's magic ...

-;

-; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {

-;	ULONG c = 0;

-;	int i;

-;	for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;

-;	return(c);

-; }

-r=4 ;(AP)

-a=8 ;(AP)

-n=12 ;(AP)	n	by value (input)

-w=16 ;(AP)	w	by value (input)

-	.psect	code,nowrt

-.entry	bn_mul_words,^m<r2,r3,r4,r5,r6>

-	moval	@r(ap),r2	; r2 -> r[]

-	moval	@a(ap),r3	; r3 -> a[]

-	movl	n(ap),r4	; r4 = loop count (assumed >0 by C code)

-	movl	w(ap),r5	; r5 = w

-	clrl	r6		; r6 = c

-0$:

-	; <r1,r0> := w * a[] + c

-	emul	r5,(r3),r6,r0		; w, a[], c considered signed

-	; fixup for "negative" c

-	tstl	r6			; c

-	bgeq	10$

-	incl	r1

-10$:

-	; combined fixup for "negative" w, a[]

-	tstl	r5			; w

-	bgeq	20$

-	addl2	(r3),r1			; a[]

-20$:

-	tstl	(r3)			; a[]

-	bgeq	30$

-	addl2	r5,r1			; w

-30$:

-	movl	r0,(r2)+		; store lo result in r[] & advance

-	addl	#4,r3			; advance a[]

-	movl	r1,r6			; store hi result => c

-	sobgtr	r4,0$

-	movl	r6,r0			; return c

-	ret

-	.title	vax_bn_sqr_words  unsigned square, 32*32=>64

-;

-; w.j.m. 15-jan-1999

-;

-; it's magic ...

-;

-; void bn_sqr_words(ULONG r[],ULONG a[],int n) {

-;	int i;

-;	for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;

-; }

-r=4 ;(AP)

-a=8 ;(AP)

-n=12 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	bn_sqr_words,^m<r2,r3,r4,r5>

-	moval	@r(ap),r2	; r2 -> r[]

-	moval	@a(ap),r3	; r3 -> a[]

-	movl	n(ap),r4	; r4 = n (assumed >0 by C code)

-0$:

-	movl	(r3)+,r5		; r5 = a[] & advance

-	; <r1,r0> := a[] * a[]

-	emul	r5,r5,#0,r0		; a[] considered signed

-	; fixup for "negative" a[]

-	tstl	r5			; a[]

-	bgeq	30$

-	addl2	r5,r1			; a[]

-	addl2	r5,r1			; a[]

-30$:

-	movl	r0,(r2)+		; store lo result in r[] & advance

-	movl	r1,(r2)+		; store hi result in r[] & advance

-	sobgtr	r4,0$

-	movl	#1,r0			; return SS$_NORMAL

-	ret

-	.title	vax_bn_div_words  unsigned divide

-;

-; Richard Levitte 20-Nov-2000

-;

-; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)

-; {

-;	return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);

-; }

-;

-; Using EDIV would be very easy, if it didn't do signed calculations.

-; Any time any of the input numbers are signed, there are problems,

-; usually with integer overflow, at which point it returns useless

-; data (the quotient gets the value of l, and the remainder becomes 0).

-;

-; If it was just for the dividend, it would be very easy, just divide

-; it by 2 (unsigned), do the division, multiply the resulting quotient

-; and remainder by 2, add the bit that was dropped when dividing by 2

-; to the remainder, and do some adjustment so the remainder doesn't

-; end up larger than the divisor.  For some cases when the divisor is

-; negative (from EDIV's point of view, i.e. when the highest bit is set),

-; dividing the dividend by 2 isn't enough, and since some operations

-; might generate integer overflows even when the dividend is divided by

-; 4 (when the high part of the shifted down dividend ends up being exactly

-; half of the divisor, the result is the quotient 0x80000000, which is

-; negative...) it needs to be divided by 8.  Furthermore, the divisor needs

-; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.

-; In this case, a little extra fiddling with the remainder is required.

-;

-; So, the simplest way to handle this is always to divide the dividend

-; by 8, and to divide the divisor by 2 if it's highest bit is set.

-; After EDIV has been used, the quotient gets multiplied by 8 if the

-; original divisor was positive, otherwise 4.  The remainder, oddly

-; enough, is *always* multiplied by 8.

-; NOTE: in the case mentioned above, where the high part of the shifted

-; down dividend ends up being exactly half the shifted down divisor, we

-; end up with a 33 bit quotient.  That's no problem however, it usually

-; means we have ended up with a too large remainder as well, and the

-; problem is fixed by the last part of the algorithm (next paragraph).

-;

-; The routine ends with comparing the resulting remainder with the

-; original divisor and if the remainder is larger, subtract the

-; original divisor from it, and increase the quotient by 1.  This is

-; done until the remainder is smaller than the divisor.

-;

-; The complete algorithm looks like this:

-;

-; d'    = d

-; l'    = l & 7

-; [h,l] = [h,l] >> 3

-; [q,r] = floor([h,l] / d)	# This is the EDIV operation

-; if (q < 0) q = -q		# I doubt this is necessary any more

-;

-; r'    = r >> 29

-; if (d' >= 0)

-;   q'  = q >> 29

-;   q   = q << 3

-; else

-;   q'  = q >> 30

-;   q   = q << 2

-; r     = (r << 3) + l'

-;

-; if (d' < 0)

-;   {

-;     [r',r] = [r',r] - q

-;     while ([r',r] < 0)

-;       {

-;         [r',r] = [r',r] + d

-;         [q',q] = [q',q] - 1

-;       }

-;   }

-;

-; while ([r',r] >= d')

-;   {

-;     [r',r] = [r',r] - d'

-;     [q',q] = [q',q] + 1

-;   }

-;

-; return q

-h=4 ;(AP)	h	by value (input)

-l=8 ;(AP)	l	by value (input)

-d=12 ;(AP)	d	by value (input)

-;r2 = l, q

-;r3 = h, r

-;r4 = d

-;r5 = l'

-;r6 = r'

-;r7 = d'

-;r8 = q'

-	.psect	code,nowrt

-.entry	bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>

-	movl	l(ap),r2

-	movl	h(ap),r3

-	movl	d(ap),r4

-	bicl3	#^XFFFFFFF8,r2,r5 ; l' = l & 7

-	bicl3	#^X00000007,r2,r2

-	bicl3	#^XFFFFFFF8,r3,r6

-	bicl3	#^X00000007,r3,r3

-	addl	r6,r2

-	rotl	#-3,r2,r2	; l = l >> 3

-	rotl	#-3,r3,r3	; h = h >> 3

-	movl	r4,r7		; d' = d

-	movl	#0,r6		; r' = 0

-	movl	#0,r8		; q' = 0

-	tstl	r4

-	beql	666$		; Uh-oh, the divisor is 0...

-	bgtr	1$

-	rotl	#-1,r4,r4	; If d is negative, shift it right.

-	bicl2	#^X80000000,r4	; Since d is then a large number, the

-				; lowest bit is insignificant

-				; (contradict that, and I'll fix the problem!)

-1$:

-	ediv	r4,r2,r2,r3	; Do the actual division

-	tstl	r2

-	bgeq	3$

-	mnegl	r2,r2		; if q < 0, negate it

-3$:

-	tstl	r7

-	blss	4$

-	rotl	#3,r2,r2	;   q = q << 3

-	bicl3	#^XFFFFFFF8,r2,r8 ;    q' gets the high bits from q

-	bicl3	#^X00000007,r2,r2

-	bsb	41$

-4$:				; else

-	rotl	#2,r2,r2	;   q = q << 2

-	bicl3	#^XFFFFFFFC,r2,r8 ;   q' gets the high bits from q

-	bicl3	#^X00000003,r2,r2

-41$:

-	rotl	#3,r3,r3	; r = r << 3

-	bicl3	#^XFFFFFFF8,r3,r6 ; r' gets the high bits from r

-	bicl3	#^X00000007,r3,r3

-	addl	r5,r3		; r = r + l'

-	tstl	r7

-	bgeq	5$

-	bitl	#1,r7

-	beql	5$		; if d' < 0 && d' & 1

-	subl	r2,r3		;   [r',r] = [r',r] - [q',q]

-	sbwc	r8,r6

-45$:

-	bgeq	5$		;   while r < 0

-	decl	r2		;     [q',q] = [q',q] - 1

-	sbwc	#0,r8

-	addl	r7,r3		;     [r',r] = [r',r] + d'

-	adwc	#0,r6

-	brb	45$

-; The return points are placed in the middle to keep a short distance from

-; all the branch points

-42$:

-;	movl	r3,r1

-	movl	r2,r0

-	ret

-666$:

-	movl	#^XFFFFFFFF,r0

-	ret

-5$:

-	tstl	r6

-	bneq	6$

-	cmpl	r3,r7

-	blssu	42$		; while [r',r] >= d'

-6$:

-	subl	r7,r3		;   [r',r] = [r',r] - d'

-	sbwc	#0,r6

-	incl	r2		;   [q',q] = [q',q] + 1

-	adwc	#0,r8

-	brb	5$

-	.title	vax_bn_add_words  unsigned add of two arrays

-;

-; Richard Levitte 20-Nov-2000

-;

-; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {

-;	ULONG c = 0;

-;	int i;

-;	for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;

-;	return(c);

-; }

-r=4 ;(AP)	r	by reference (output)

-a=8 ;(AP)	a	by reference (input)

-b=12 ;(AP)	b	by reference (input)

-n=16 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	bn_add_words,^m<r2,r3,r4,r5,r6>

-	moval	@r(ap),r2

-	moval	@a(ap),r3

-	moval	@b(ap),r4

-	movl	n(ap),r5	; assumed >0 by C code

-	clrl	r0		; c

-	tstl	r5		; carry = 0

-	bleq	666$

-0$:

-	movl	(r3)+,r6	; carry untouched

-	adwc	(r4)+,r6	; carry used and touched

-	movl	r6,(r2)+	; carry untouched

-	sobgtr	r5,0$		; carry untouched

-	adwc	#0,r0

-666$:

-	ret

-	.title	vax_bn_sub_words  unsigned add of two arrays

-;

-; Richard Levitte 20-Nov-2000

-;

-; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {

-;	ULONG c = 0;

-;	int i;

-;	for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;

-;	return(c);

-; }

-r=4 ;(AP)	r	by reference (output)

-a=8 ;(AP)	a	by reference (input)

-b=12 ;(AP)	b	by reference (input)

-n=16 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	bn_sub_words,^m<r2,r3,r4,r5,r6>

-	moval	@r(ap),r2

-	moval	@a(ap),r3

-	moval	@b(ap),r4

-	movl	n(ap),r5	; assumed >0 by C code

-	clrl	r0		; c

-	tstl	r5		; carry = 0

-	bleq	666$

-0$:

-	movl	(r3)+,r6	; carry untouched

-	sbwc	(r4)+,r6	; carry used and touched

-	movl	r6,(r2)+	; carry untouched

-	sobgtr	r5,0$		; carry untouched

-	adwc	#0,r0

-666$:

-	ret

-;r=4 ;(AP)

-;a=8 ;(AP)

-;b=12 ;(AP)

-;n=16 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>

-	movab	-924(sp),sp

-	clrq	r8

-	clrl	r10

-	movl	8(ap),r6

-	movzwl	2(r6),r3

-	movl	12(ap),r7

-	bicl3	#-65536,(r7),r2

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-12(fp)

-	bicl3	#-65536,r3,-16(fp)

-	mull3	r0,-12(fp),-4(fp)

-	mull2	r2,-12(fp)

-	mull3	r2,-16(fp),-8(fp)

-	mull2	r0,-16(fp)

-	addl3	-4(fp),-8(fp),r0

-	bicl3	#0,r0,-4(fp)

-	cmpl	-4(fp),-8(fp)

-	bgequ	noname.45

-	addl2	#65536,-16(fp)

-noname.45:

-	movzwl	-2(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-16(fp)

-	bicl3	#-65536,-4(fp),r0

-	ashl	#16,r0,-8(fp)

-	addl3	-8(fp),-12(fp),r0

-	bicl3	#0,r0,-12(fp)

-	cmpl	-12(fp),-8(fp)

-	bgequ	noname.46

-	incl	-16(fp)

-noname.46:

-	movl	-12(fp),r1

-	movl	-16(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.47

-	incl	r2

-noname.47:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.48

-	incl	r10

-noname.48:

-	movl	4(ap),r11

-	movl	r9,(r11)

-	clrl	r9

-	movzwl	2(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-28(fp)

-	bicl3	#-65536,r2,-32(fp)

-	mull3	r0,-28(fp),-20(fp)

-	mull2	r3,-28(fp)

-	mull3	r3,-32(fp),-24(fp)

-	mull2	r0,-32(fp)

-	addl3	-20(fp),-24(fp),r0

-	bicl3	#0,r0,-20(fp)

-	cmpl	-20(fp),-24(fp)

-	bgequ	noname.49

-	addl2	#65536,-32(fp)

-noname.49:

-	movzwl	-18(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-32(fp)

-	bicl3	#-65536,-20(fp),r0

-	ashl	#16,r0,-24(fp)

-	addl3	-24(fp),-28(fp),r0

-	bicl3	#0,r0,-28(fp)

-	cmpl	-28(fp),-24(fp)

-	bgequ	noname.50

-	incl	-32(fp)

-noname.50:

-	movl	-28(fp),r1

-	movl	-32(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.51

-	incl	r2

-noname.51:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.52

-	incl	r9

-noname.52:

-	movzwl	6(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-44(fp)

-	bicl3	#-65536,r2,-48(fp)

-	mull3	r0,-44(fp),-36(fp)

-	mull2	r3,-44(fp)

-	mull3	r3,-48(fp),-40(fp)

-	mull2	r0,-48(fp)

-	addl3	-36(fp),-40(fp),r0

-	bicl3	#0,r0,-36(fp)

-	cmpl	-36(fp),-40(fp)

-	bgequ	noname.53

-	addl2	#65536,-48(fp)

-noname.53:

-	movzwl	-34(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-48(fp)

-	bicl3	#-65536,-36(fp),r0

-	ashl	#16,r0,-40(fp)

-	addl3	-40(fp),-44(fp),r0

-	bicl3	#0,r0,-44(fp)

-	cmpl	-44(fp),-40(fp)

-	bgequ	noname.54

-	incl	-48(fp)

-noname.54:

-	movl	-44(fp),r1

-	movl	-48(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.55

-	incl	r2

-noname.55:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.56

-	incl	r9

-noname.56:

-	movl	r8,4(r11)

-	clrl	r8

-	movzwl	10(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-60(fp)

-	bicl3	#-65536,r2,-64(fp)

-	mull3	r0,-60(fp),-52(fp)

-	mull2	r3,-60(fp)

-	mull3	r3,-64(fp),-56(fp)

-	mull2	r0,-64(fp)

-	addl3	-52(fp),-56(fp),r0

-	bicl3	#0,r0,-52(fp)

-	cmpl	-52(fp),-56(fp)

-	bgequ	noname.57

-	addl2	#65536,-64(fp)

-noname.57:

-	movzwl	-50(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-64(fp)

-	bicl3	#-65536,-52(fp),r0

-	ashl	#16,r0,-56(fp)

-	addl3	-56(fp),-60(fp),r0

-	bicl3	#0,r0,-60(fp)

-	cmpl	-60(fp),-56(fp)

-	bgequ	noname.58

-	incl	-64(fp)

-noname.58:

-	movl	-60(fp),r1

-	movl	-64(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.59

-	incl	r2

-noname.59:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.60

-	incl	r8

-noname.60:

-	movzwl	6(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-76(fp)

-	bicl3	#-65536,r2,-80(fp)

-	mull3	r0,-76(fp),-68(fp)

-	mull2	r3,-76(fp)

-	mull3	r3,-80(fp),-72(fp)

-	mull2	r0,-80(fp)

-	addl3	-68(fp),-72(fp),r0

-	bicl3	#0,r0,-68(fp)

-	cmpl	-68(fp),-72(fp)

-	bgequ	noname.61

-	addl2	#65536,-80(fp)

-noname.61:

-	movzwl	-66(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-80(fp)

-	bicl3	#-65536,-68(fp),r0

-	ashl	#16,r0,-72(fp)

-	addl3	-72(fp),-76(fp),r0

-	bicl3	#0,r0,-76(fp)

-	cmpl	-76(fp),-72(fp)

-	bgequ	noname.62

-	incl	-80(fp)

-noname.62:

-	movl	-76(fp),r1

-	movl	-80(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.63

-	incl	r2

-noname.63:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.64

-	incl	r8

-noname.64:

-	movzwl	2(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-92(fp)

-	bicl3	#-65536,r2,-96(fp)

-	mull3	r0,-92(fp),-84(fp)

-	mull2	r3,-92(fp)

-	mull3	r3,-96(fp),-88(fp)

-	mull2	r0,-96(fp)

-	addl3	-84(fp),-88(fp),r0

-	bicl3	#0,r0,-84(fp)

-	cmpl	-84(fp),-88(fp)

-	bgequ	noname.65

-	addl2	#65536,-96(fp)

-noname.65:

-	movzwl	-82(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-96(fp)

-	bicl3	#-65536,-84(fp),r0

-	ashl	#16,r0,-88(fp)

-	addl3	-88(fp),-92(fp),r0

-	bicl3	#0,r0,-92(fp)

-	cmpl	-92(fp),-88(fp)

-	bgequ	noname.66

-	incl	-96(fp)

-noname.66:

-	movl	-92(fp),r1

-	movl	-96(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.67

-	incl	r2

-noname.67:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.68

-	incl	r8

-noname.68:

-	movl	r10,8(r11)

-	clrl	r10

-	movzwl	2(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-108(fp)

-	bicl3	#-65536,r2,-112(fp)

-	mull3	r0,-108(fp),-100(fp)

-	mull2	r3,-108(fp)

-	mull3	r3,-112(fp),-104(fp)

-	mull2	r0,-112(fp)

-	addl3	-100(fp),-104(fp),r0

-	bicl3	#0,r0,-100(fp)

-	cmpl	-100(fp),-104(fp)

-	bgequ	noname.69

-	addl2	#65536,-112(fp)

-noname.69:

-	movzwl	-98(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-112(fp)

-	bicl3	#-65536,-100(fp),r0

-	ashl	#16,r0,-104(fp)

-	addl3	-104(fp),-108(fp),r0

-	bicl3	#0,r0,-108(fp)

-	cmpl	-108(fp),-104(fp)

-	bgequ	noname.70

-	incl	-112(fp)

-noname.70:

-	movl	-108(fp),r1

-	movl	-112(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.71

-	incl	r2

-noname.71:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.72

-	incl	r10

-noname.72:

-	movzwl	6(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-124(fp)

-	bicl3	#-65536,r2,-128(fp)

-	mull3	r0,-124(fp),-116(fp)

-	mull2	r3,-124(fp)

-	mull3	r3,-128(fp),-120(fp)

-	mull2	r0,-128(fp)

-	addl3	-116(fp),-120(fp),r0

-	bicl3	#0,r0,-116(fp)

-	cmpl	-116(fp),-120(fp)

-	bgequ	noname.73

-	addl2	#65536,-128(fp)

-noname.73:

-	movzwl	-114(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-128(fp)

-	bicl3	#-65536,-116(fp),r0

-	ashl	#16,r0,-120(fp)

-	addl3	-120(fp),-124(fp),r0

-	bicl3	#0,r0,-124(fp)

-	cmpl	-124(fp),-120(fp)

-	bgequ	noname.74

-	incl	-128(fp)

-noname.74:

-	movl	-124(fp),r1

-	movl	-128(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.75

-	incl	r2

-noname.75:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.76

-	incl	r10

-noname.76:

-	movzwl	10(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-140(fp)

-	bicl3	#-65536,r2,-144(fp)

-	mull3	r0,-140(fp),-132(fp)

-	mull2	r3,-140(fp)

-	mull3	r3,-144(fp),-136(fp)

-	mull2	r0,-144(fp)

-	addl3	-132(fp),-136(fp),r0

-	bicl3	#0,r0,-132(fp)

-	cmpl	-132(fp),-136(fp)

-	bgequ	noname.77

-	addl2	#65536,-144(fp)

-noname.77:

-	movzwl	-130(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-144(fp)

-	bicl3	#-65536,-132(fp),r0

-	ashl	#16,r0,-136(fp)

-	addl3	-136(fp),-140(fp),r0

-	bicl3	#0,r0,-140(fp)

-	cmpl	-140(fp),-136(fp)

-	bgequ	noname.78

-	incl	-144(fp)

-noname.78:

-	movl	-140(fp),r1

-	movl	-144(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.79

-	incl	r2

-noname.79:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.80

-	incl	r10

-noname.80:

-	movzwl	14(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-156(fp)

-	bicl3	#-65536,r2,-160(fp)

-	mull3	r0,-156(fp),-148(fp)

-	mull2	r3,-156(fp)

-	mull3	r3,-160(fp),-152(fp)

-	mull2	r0,-160(fp)

-	addl3	-148(fp),-152(fp),r0

-	bicl3	#0,r0,-148(fp)

-	cmpl	-148(fp),-152(fp)

-	bgequ	noname.81

-	addl2	#65536,-160(fp)

-noname.81:

-	movzwl	-146(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-160(fp)

-	bicl3	#-65536,-148(fp),r0

-	ashl	#16,r0,-152(fp)

-	addl3	-152(fp),-156(fp),r0

-	bicl3	#0,r0,-156(fp)

-	cmpl	-156(fp),-152(fp)

-	bgequ	noname.82

-	incl	-160(fp)

-noname.82:

-	movl	-156(fp),r1

-	movl	-160(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.83

-	incl	r2

-noname.83:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.84

-	incl	r10

-noname.84:

-	movl	r9,12(r11)

-	clrl	r9

-	movzwl	18(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r6),-172(fp)

-	bicl3	#-65536,r2,-176(fp)

-	mull3	r0,-172(fp),-164(fp)

-	mull2	r3,-172(fp)

-	mull3	r3,-176(fp),-168(fp)

-	mull2	r0,-176(fp)

-	addl3	-164(fp),-168(fp),r0

-	bicl3	#0,r0,-164(fp)

-	cmpl	-164(fp),-168(fp)

-	bgequ	noname.85

-	addl2	#65536,-176(fp)

-noname.85:

-	movzwl	-162(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-176(fp)

-	bicl3	#-65536,-164(fp),r0

-	ashl	#16,r0,-168(fp)

-	addl3	-168(fp),-172(fp),r0

-	bicl3	#0,r0,-172(fp)

-	cmpl	-172(fp),-168(fp)

-	bgequ	noname.86

-	incl	-176(fp)

-noname.86:

-	movl	-172(fp),r1

-	movl	-176(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.87

-	incl	r2

-noname.87:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.88

-	incl	r9

-noname.88:

-	movzwl	14(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-188(fp)

-	bicl3	#-65536,r2,-192(fp)

-	mull3	r0,-188(fp),-180(fp)

-	mull2	r3,-188(fp)

-	mull3	r3,-192(fp),-184(fp)

-	mull2	r0,-192(fp)

-	addl3	-180(fp),-184(fp),r0

-	bicl3	#0,r0,-180(fp)

-	cmpl	-180(fp),-184(fp)

-	bgequ	noname.89

-	addl2	#65536,-192(fp)

-noname.89:

-	movzwl	-178(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-192(fp)

-	bicl3	#-65536,-180(fp),r0

-	ashl	#16,r0,-184(fp)

-	addl3	-184(fp),-188(fp),r0

-	bicl3	#0,r0,-188(fp)

-	cmpl	-188(fp),-184(fp)

-	bgequ	noname.90

-	incl	-192(fp)

-noname.90:

-	movl	-188(fp),r1

-	movl	-192(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.91

-	incl	r2

-noname.91:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.92

-	incl	r9

-noname.92:

-	movzwl	10(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-204(fp)

-	bicl3	#-65536,r2,-208(fp)

-	mull3	r0,-204(fp),-196(fp)

-	mull2	r3,-204(fp)

-	mull3	r3,-208(fp),-200(fp)

-	mull2	r0,-208(fp)

-	addl3	-196(fp),-200(fp),r0

-	bicl3	#0,r0,-196(fp)

-	cmpl	-196(fp),-200(fp)

-	bgequ	noname.93

-	addl2	#65536,-208(fp)

-noname.93:

-	movzwl	-194(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-208(fp)

-	bicl3	#-65536,-196(fp),r0

-	ashl	#16,r0,-200(fp)

-	addl3	-200(fp),-204(fp),r0

-	bicl3	#0,r0,-204(fp)

-	cmpl	-204(fp),-200(fp)

-	bgequ	noname.94

-	incl	-208(fp)

-noname.94:

-	movl	-204(fp),r1

-	movl	-208(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.95

-	incl	r2

-noname.95:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.96

-	incl	r9

-noname.96:

-	movzwl	6(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-220(fp)

-	bicl3	#-65536,r2,-224(fp)

-	mull3	r0,-220(fp),-212(fp)

-	mull2	r3,-220(fp)

-	mull3	r3,-224(fp),-216(fp)

-	mull2	r0,-224(fp)

-	addl3	-212(fp),-216(fp),r0

-	bicl3	#0,r0,-212(fp)

-	cmpl	-212(fp),-216(fp)

-	bgequ	noname.97

-	addl2	#65536,-224(fp)

-noname.97:

-	movzwl	-210(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-224(fp)

-	bicl3	#-65536,-212(fp),r0

-	ashl	#16,r0,-216(fp)

-	addl3	-216(fp),-220(fp),r0

-	bicl3	#0,r0,-220(fp)

-	cmpl	-220(fp),-216(fp)

-	bgequ	noname.98

-	incl	-224(fp)

-noname.98:

-	movl	-220(fp),r1

-	movl	-224(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.99

-	incl	r2

-noname.99:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.100

-	incl	r9

-noname.100:

-	movzwl	2(r6),r2

-	bicl3	#-65536,16(r7),r3

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-236(fp)

-	bicl3	#-65536,r2,-240(fp)

-	mull3	r0,-236(fp),-228(fp)

-	mull2	r3,-236(fp)

-	mull3	r3,-240(fp),-232(fp)

-	mull2	r0,-240(fp)

-	addl3	-228(fp),-232(fp),r0

-	bicl3	#0,r0,-228(fp)

-	cmpl	-228(fp),-232(fp)

-	bgequ	noname.101

-	addl2	#65536,-240(fp)

-noname.101:

-	movzwl	-226(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-240(fp)

-	bicl3	#-65536,-228(fp),r0

-	ashl	#16,r0,-232(fp)

-	addl3	-232(fp),-236(fp),r0

-	bicl3	#0,r0,-236(fp)

-	cmpl	-236(fp),-232(fp)

-	bgequ	noname.102

-	incl	-240(fp)

-noname.102:

-	movl	-236(fp),r1

-	movl	-240(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.103

-	incl	r2

-noname.103:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.104

-	incl	r9

-noname.104:

-	movl	r8,16(r11)

-	clrl	r8

-	movzwl	2(r6),r2

-	bicl3	#-65536,20(r7),r3

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-252(fp)

-	bicl3	#-65536,r2,-256(fp)

-	mull3	r0,-252(fp),-244(fp)

-	mull2	r3,-252(fp)

-	mull3	r3,-256(fp),-248(fp)

-	mull2	r0,-256(fp)

-	addl3	-244(fp),-248(fp),r0

-	bicl3	#0,r0,-244(fp)

-	cmpl	-244(fp),-248(fp)

-	bgequ	noname.105

-	addl2	#65536,-256(fp)

-noname.105:

-	movzwl	-242(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-256(fp)

-	bicl3	#-65536,-244(fp),r0

-	ashl	#16,r0,-248(fp)

-	addl3	-248(fp),-252(fp),r0

-	bicl3	#0,r0,-252(fp)

-	cmpl	-252(fp),-248(fp)

-	bgequ	noname.106

-	incl	-256(fp)

-noname.106:

-	movl	-252(fp),r1

-	movl	-256(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.107

-	incl	r2

-noname.107:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.108

-	incl	r8

-noname.108:

-	movzwl	6(r6),r2

-	bicl3	#-65536,16(r7),r3

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-268(fp)

-	bicl3	#-65536,r2,-272(fp)

-	mull3	r0,-268(fp),-260(fp)

-	mull2	r3,-268(fp)

-	mull3	r3,-272(fp),-264(fp)

-	mull2	r0,-272(fp)

-	addl3	-260(fp),-264(fp),r0

-	bicl3	#0,r0,-260(fp)

-	cmpl	-260(fp),-264(fp)

-	bgequ	noname.109

-	addl2	#65536,-272(fp)

-noname.109:

-	movzwl	-258(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-272(fp)

-	bicl3	#-65536,-260(fp),r0

-	ashl	#16,r0,-264(fp)

-	addl3	-264(fp),-268(fp),r0

-	bicl3	#0,r0,-268(fp)

-	cmpl	-268(fp),-264(fp)

-	bgequ	noname.110

-	incl	-272(fp)

-noname.110:

-	movl	-268(fp),r1

-	movl	-272(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.111

-	incl	r2

-noname.111:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.112

-	incl	r8

-noname.112:

-	movzwl	10(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-284(fp)

-	bicl3	#-65536,r2,-288(fp)

-	mull3	r0,-284(fp),-276(fp)

-	mull2	r3,-284(fp)

-	mull3	r3,-288(fp),-280(fp)

-	mull2	r0,-288(fp)

-	addl3	-276(fp),-280(fp),r0

-	bicl3	#0,r0,-276(fp)

-	cmpl	-276(fp),-280(fp)

-	bgequ	noname.113

-	addl2	#65536,-288(fp)

-noname.113:

-	movzwl	-274(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-288(fp)

-	bicl3	#-65536,-276(fp),r0

-	ashl	#16,r0,-280(fp)

-	addl3	-280(fp),-284(fp),r0

-	bicl3	#0,r0,-284(fp)

-	cmpl	-284(fp),-280(fp)

-	bgequ	noname.114

-	incl	-288(fp)

-noname.114:

-	movl	-284(fp),r1

-	movl	-288(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.115

-	incl	r2

-noname.115:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.116

-	incl	r8

-noname.116:

-	movzwl	14(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-300(fp)

-	bicl3	#-65536,r2,-304(fp)

-	mull3	r0,-300(fp),-292(fp)

-	mull2	r3,-300(fp)

-	mull3	r3,-304(fp),-296(fp)

-	mull2	r0,-304(fp)

-	addl3	-292(fp),-296(fp),r0

-	bicl3	#0,r0,-292(fp)

-	cmpl	-292(fp),-296(fp)

-	bgequ	noname.117

-	addl2	#65536,-304(fp)

-noname.117:

-	movzwl	-290(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-304(fp)

-	bicl3	#-65536,-292(fp),r0

-	ashl	#16,r0,-296(fp)

-	addl3	-296(fp),-300(fp),r0

-	bicl3	#0,r0,-300(fp)

-	cmpl	-300(fp),-296(fp)

-	bgequ	noname.118

-	incl	-304(fp)

-noname.118:

-	movl	-300(fp),r1

-	movl	-304(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.119

-	incl	r2

-noname.119:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.120

-	incl	r8

-noname.120:

-	movzwl	18(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r6),-316(fp)

-	bicl3	#-65536,r2,-320(fp)

-	mull3	r0,-316(fp),-308(fp)

-	mull2	r3,-316(fp)

-	mull3	r3,-320(fp),-312(fp)

-	mull2	r0,-320(fp)

-	addl3	-308(fp),-312(fp),r0

-	bicl3	#0,r0,-308(fp)

-	cmpl	-308(fp),-312(fp)

-	bgequ	noname.121

-	addl2	#65536,-320(fp)

-noname.121:

-	movzwl	-306(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-320(fp)

-	bicl3	#-65536,-308(fp),r0

-	ashl	#16,r0,-312(fp)

-	addl3	-312(fp),-316(fp),r0

-	bicl3	#0,r0,-316(fp)

-	cmpl	-316(fp),-312(fp)

-	bgequ	noname.122

-	incl	-320(fp)

-noname.122:

-	movl	-316(fp),r1

-	movl	-320(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.123

-	incl	r2

-noname.123:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.124

-	incl	r8

-noname.124:

-	movzwl	22(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,20(r6),-332(fp)

-	bicl3	#-65536,r2,-336(fp)

-	mull3	r0,-332(fp),-324(fp)

-	mull2	r3,-332(fp)

-	mull3	r3,-336(fp),-328(fp)

-	mull2	r0,-336(fp)

-	addl3	-324(fp),-328(fp),r0

-	bicl3	#0,r0,-324(fp)

-	cmpl	-324(fp),-328(fp)

-	bgequ	noname.125

-	addl2	#65536,-336(fp)

-noname.125:

-	movzwl	-322(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-336(fp)

-	bicl3	#-65536,-324(fp),r0

-	ashl	#16,r0,-328(fp)

-	addl3	-328(fp),-332(fp),r0

-	bicl3	#0,r0,-332(fp)

-	cmpl	-332(fp),-328(fp)

-	bgequ	noname.126

-	incl	-336(fp)

-noname.126:

-	movl	-332(fp),r1

-	movl	-336(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.127

-	incl	r2

-noname.127:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.128

-	incl	r8

-noname.128:

-	movl	r10,20(r11)

-	clrl	r10

-	movzwl	26(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,24(r6),-348(fp)

-	bicl3	#-65536,r2,-352(fp)

-	mull3	r0,-348(fp),-340(fp)

-	mull2	r3,-348(fp)

-	mull3	r3,-352(fp),-344(fp)

-	mull2	r0,-352(fp)

-	addl3	-340(fp),-344(fp),r0

-	bicl3	#0,r0,-340(fp)

-	cmpl	-340(fp),-344(fp)

-	bgequ	noname.129

-	addl2	#65536,-352(fp)

-noname.129:

-	movzwl	-338(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-352(fp)

-	bicl3	#-65536,-340(fp),r0

-	ashl	#16,r0,-344(fp)

-	addl3	-344(fp),-348(fp),r0

-	bicl3	#0,r0,-348(fp)

-	cmpl	-348(fp),-344(fp)

-	bgequ	noname.130

-	incl	-352(fp)

-noname.130:

-	movl	-348(fp),r1

-	movl	-352(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.131

-	incl	r2

-noname.131:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.132

-	incl	r10

-noname.132:

-	movzwl	22(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,20(r6),-364(fp)

-	bicl3	#-65536,r2,-368(fp)

-	mull3	r0,-364(fp),-356(fp)

-	mull2	r3,-364(fp)

-	mull3	r3,-368(fp),-360(fp)

-	mull2	r0,-368(fp)

-	addl3	-356(fp),-360(fp),r0

-	bicl3	#0,r0,-356(fp)

-	cmpl	-356(fp),-360(fp)

-	bgequ	noname.133

-	addl2	#65536,-368(fp)

-noname.133:

-	movzwl	-354(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-368(fp)

-	bicl3	#-65536,-356(fp),r0

-	ashl	#16,r0,-360(fp)

-	addl3	-360(fp),-364(fp),r0

-	bicl3	#0,r0,-364(fp)

-	cmpl	-364(fp),-360(fp)

-	bgequ	noname.134

-	incl	-368(fp)

-noname.134:

-	movl	-364(fp),r1

-	movl	-368(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.135

-	incl	r2

-noname.135:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.136

-	incl	r10

-noname.136:

-	movzwl	18(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r6),-380(fp)

-	bicl3	#-65536,r2,-384(fp)

-	mull3	r0,-380(fp),-372(fp)

-	mull2	r3,-380(fp)

-	mull3	r3,-384(fp),-376(fp)

-	mull2	r0,-384(fp)

-	addl3	-372(fp),-376(fp),r0

-	bicl3	#0,r0,-372(fp)

-	cmpl	-372(fp),-376(fp)

-	bgequ	noname.137

-	addl2	#65536,-384(fp)

-noname.137:

-	movzwl	-370(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-384(fp)

-	bicl3	#-65536,-372(fp),r0

-	ashl	#16,r0,-376(fp)

-	addl3	-376(fp),-380(fp),r0

-	bicl3	#0,r0,-380(fp)

-	cmpl	-380(fp),-376(fp)

-	bgequ	noname.138

-	incl	-384(fp)

-noname.138:

-	movl	-380(fp),r1

-	movl	-384(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.139

-	incl	r2

-noname.139:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.140

-	incl	r10

-noname.140:

-	movzwl	14(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-396(fp)

-	bicl3	#-65536,r2,-400(fp)

-	mull3	r0,-396(fp),-388(fp)

-	mull2	r3,-396(fp)

-	mull3	r3,-400(fp),-392(fp)

-	mull2	r0,-400(fp)

-	addl3	-388(fp),-392(fp),r0

-	bicl3	#0,r0,-388(fp)

-	cmpl	-388(fp),-392(fp)

-	bgequ	noname.141

-	addl2	#65536,-400(fp)

-noname.141:

-	movzwl	-386(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-400(fp)

-	bicl3	#-65536,-388(fp),r0

-	ashl	#16,r0,-392(fp)

-	addl3	-392(fp),-396(fp),r0

-	bicl3	#0,r0,-396(fp)

-	cmpl	-396(fp),-392(fp)

-	bgequ	noname.142

-	incl	-400(fp)

-noname.142:

-	movl	-396(fp),r1

-	movl	-400(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.143

-	incl	r2

-noname.143:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.144

-	incl	r10

-noname.144:

-	movzwl	10(r6),r2

-	bicl3	#-65536,16(r7),r3

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-412(fp)

-	bicl3	#-65536,r2,-416(fp)

-	mull3	r0,-412(fp),-404(fp)

-	mull2	r3,-412(fp)

-	mull3	r3,-416(fp),-408(fp)

-	mull2	r0,-416(fp)

-	addl3	-404(fp),-408(fp),r0

-	bicl3	#0,r0,-404(fp)

-	cmpl	-404(fp),-408(fp)

-	bgequ	noname.145

-	addl2	#65536,-416(fp)

-noname.145:

-	movzwl	-402(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-416(fp)

-	bicl3	#-65536,-404(fp),r0

-	ashl	#16,r0,-408(fp)

-	addl3	-408(fp),-412(fp),r0

-	bicl3	#0,r0,-412(fp)

-	cmpl	-412(fp),-408(fp)

-	bgequ	noname.146

-	incl	-416(fp)

-noname.146:

-	movl	-412(fp),r1

-	movl	-416(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.147

-	incl	r2

-noname.147:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.148

-	incl	r10

-noname.148:

-	movzwl	6(r6),r2

-	bicl3	#-65536,20(r7),r3

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-428(fp)

-	bicl3	#-65536,r2,-432(fp)

-	mull3	r0,-428(fp),-420(fp)

-	mull2	r3,-428(fp)

-	mull3	r3,-432(fp),-424(fp)

-	mull2	r0,-432(fp)

-	addl3	-420(fp),-424(fp),r0

-	bicl3	#0,r0,-420(fp)

-	cmpl	-420(fp),-424(fp)

-	bgequ	noname.149

-	addl2	#65536,-432(fp)

-noname.149:

-	movzwl	-418(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-432(fp)

-	bicl3	#-65536,-420(fp),r0

-	ashl	#16,r0,-424(fp)

-	addl3	-424(fp),-428(fp),r0

-	bicl3	#0,r0,-428(fp)

-	cmpl	-428(fp),-424(fp)

-	bgequ	noname.150

-	incl	-432(fp)

-noname.150:

-	movl	-428(fp),r1

-	movl	-432(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.151

-	incl	r2

-noname.151:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.152

-	incl	r10

-noname.152:

-	movzwl	2(r6),r2

-	bicl3	#-65536,24(r7),r3

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-444(fp)

-	bicl3	#-65536,r2,-448(fp)

-	mull3	r0,-444(fp),-436(fp)

-	mull2	r3,-444(fp)

-	mull3	r3,-448(fp),-440(fp)

-	mull2	r0,-448(fp)

-	addl3	-436(fp),-440(fp),r0

-	bicl3	#0,r0,-436(fp)

-	cmpl	-436(fp),-440(fp)

-	bgequ	noname.153

-	addl2	#65536,-448(fp)

-noname.153:

-	movzwl	-434(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-448(fp)

-	bicl3	#-65536,-436(fp),r0

-	ashl	#16,r0,-440(fp)

-	addl3	-440(fp),-444(fp),r0

-	bicl3	#0,r0,-444(fp)

-	cmpl	-444(fp),-440(fp)

-	bgequ	noname.154

-	incl	-448(fp)

-noname.154:

-	movl	-444(fp),r1

-	movl	-448(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.155

-	incl	r2

-noname.155:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.156

-	incl	r10

-noname.156:

-	movl	r9,24(r11)

-	clrl	r9

-	movzwl	2(r6),r2

-	bicl3	#-65536,28(r7),r3

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,(r6),-460(fp)

-	bicl3	#-65536,r2,-464(fp)

-	mull3	r0,-460(fp),-452(fp)

-	mull2	r3,-460(fp)

-	mull3	r3,-464(fp),-456(fp)

-	mull2	r0,-464(fp)

-	addl3	-452(fp),-456(fp),r0

-	bicl3	#0,r0,-452(fp)

-	cmpl	-452(fp),-456(fp)

-	bgequ	noname.157

-	addl2	#65536,-464(fp)

-noname.157:

-	movzwl	-450(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-464(fp)

-	bicl3	#-65536,-452(fp),r0

-	ashl	#16,r0,-456(fp)

-	addl3	-456(fp),-460(fp),r0

-	bicl3	#0,r0,-460(fp)

-	cmpl	-460(fp),-456(fp)

-	bgequ	noname.158

-	incl	-464(fp)

-noname.158:

-	movl	-460(fp),r1

-	movl	-464(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.159

-	incl	r2

-noname.159:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.160

-	incl	r9

-noname.160:

-	movzwl	6(r6),r2

-	bicl3	#-65536,24(r7),r3

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-476(fp)

-	bicl3	#-65536,r2,-480(fp)

-	mull3	r0,-476(fp),-468(fp)

-	mull2	r3,-476(fp)

-	mull3	r3,-480(fp),-472(fp)

-	mull2	r0,-480(fp)

-	addl3	-468(fp),-472(fp),r0

-	bicl3	#0,r0,-468(fp)

-	cmpl	-468(fp),-472(fp)

-	bgequ	noname.161

-	addl2	#65536,-480(fp)

-noname.161:

-	movzwl	-466(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-480(fp)

-	bicl3	#-65536,-468(fp),r0

-	ashl	#16,r0,-472(fp)

-	addl3	-472(fp),-476(fp),r0

-	bicl3	#0,r0,-476(fp)

-	cmpl	-476(fp),-472(fp)

-	bgequ	noname.162

-	incl	-480(fp)

-noname.162:

-	movl	-476(fp),r1

-	movl	-480(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.163

-	incl	r2

-noname.163:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.164

-	incl	r9

-noname.164:

-	movzwl	10(r6),r2

-	bicl3	#-65536,20(r7),r3

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-492(fp)

-	bicl3	#-65536,r2,-496(fp)

-	mull3	r0,-492(fp),-484(fp)

-	mull2	r3,-492(fp)

-	mull3	r3,-496(fp),-488(fp)

-	mull2	r0,-496(fp)

-	addl3	-484(fp),-488(fp),r0

-	bicl3	#0,r0,-484(fp)

-	cmpl	-484(fp),-488(fp)

-	bgequ	noname.165

-	addl2	#65536,-496(fp)

-noname.165:

-	movzwl	-482(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-496(fp)

-	bicl3	#-65536,-484(fp),r0

-	ashl	#16,r0,-488(fp)

-	addl3	-488(fp),-492(fp),r0

-	bicl3	#0,r0,-492(fp)

-	cmpl	-492(fp),-488(fp)

-	bgequ	noname.166

-	incl	-496(fp)

-noname.166:

-	movl	-492(fp),r1

-	movl	-496(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.167

-	incl	r2

-noname.167:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.168

-	incl	r9

-noname.168:

-	movzwl	14(r6),r2

-	bicl3	#-65536,16(r7),r3

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-508(fp)

-	bicl3	#-65536,r2,-512(fp)

-	mull3	r0,-508(fp),-500(fp)

-	mull2	r3,-508(fp)

-	mull3	r3,-512(fp),-504(fp)

-	mull2	r0,-512(fp)

-	addl3	-500(fp),-504(fp),r0

-	bicl3	#0,r0,-500(fp)

-	cmpl	-500(fp),-504(fp)

-	bgequ	noname.169

-	addl2	#65536,-512(fp)

-noname.169:

-	movzwl	-498(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-512(fp)

-	bicl3	#-65536,-500(fp),r0

-	ashl	#16,r0,-504(fp)

-	addl3	-504(fp),-508(fp),r0

-	bicl3	#0,r0,-508(fp)

-	cmpl	-508(fp),-504(fp)

-	bgequ	noname.170

-	incl	-512(fp)

-noname.170:

-	movl	-508(fp),r1

-	movl	-512(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.171

-	incl	r2

-noname.171:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.172

-	incl	r9

-noname.172:

-	movzwl	18(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r6),-524(fp)

-	bicl3	#-65536,r2,-528(fp)

-	mull3	r0,-524(fp),-516(fp)

-	mull2	r3,-524(fp)

-	mull3	r3,-528(fp),-520(fp)

-	mull2	r0,-528(fp)

-	addl3	-516(fp),-520(fp),r0

-	bicl3	#0,r0,-516(fp)

-	cmpl	-516(fp),-520(fp)

-	bgequ	noname.173

-	addl2	#65536,-528(fp)

-noname.173:

-	movzwl	-514(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-528(fp)

-	bicl3	#-65536,-516(fp),r0

-	ashl	#16,r0,-520(fp)

-	addl3	-520(fp),-524(fp),r0

-	bicl3	#0,r0,-524(fp)

-	cmpl	-524(fp),-520(fp)

-	bgequ	noname.174

-	incl	-528(fp)

-noname.174:

-	movl	-524(fp),r1

-	movl	-528(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.175

-	incl	r2

-noname.175:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.176

-	incl	r9

-noname.176:

-	movzwl	22(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,20(r6),-540(fp)

-	bicl3	#-65536,r2,-544(fp)

-	mull3	r0,-540(fp),-532(fp)

-	mull2	r3,-540(fp)

-	mull3	r3,-544(fp),-536(fp)

-	mull2	r0,-544(fp)

-	addl3	-532(fp),-536(fp),r0

-	bicl3	#0,r0,-532(fp)

-	cmpl	-532(fp),-536(fp)

-	bgequ	noname.177

-	addl2	#65536,-544(fp)

-noname.177:

-	movzwl	-530(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-544(fp)

-	bicl3	#-65536,-532(fp),r0

-	ashl	#16,r0,-536(fp)

-	addl3	-536(fp),-540(fp),r0

-	bicl3	#0,r0,-540(fp)

-	cmpl	-540(fp),-536(fp)

-	bgequ	noname.178

-	incl	-544(fp)

-noname.178:

-	movl	-540(fp),r1

-	movl	-544(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.179

-	incl	r2

-noname.179:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.180

-	incl	r9

-noname.180:

-	movzwl	26(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,24(r6),-556(fp)

-	bicl3	#-65536,r2,-560(fp)

-	mull3	r0,-556(fp),-548(fp)

-	mull2	r3,-556(fp)

-	mull3	r3,-560(fp),-552(fp)

-	mull2	r0,-560(fp)

-	addl3	-548(fp),-552(fp),r0

-	bicl3	#0,r0,-548(fp)

-	cmpl	-548(fp),-552(fp)

-	bgequ	noname.181

-	addl2	#65536,-560(fp)

-noname.181:

-	movzwl	-546(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-560(fp)

-	bicl3	#-65536,-548(fp),r0

-	ashl	#16,r0,-552(fp)

-	addl3	-552(fp),-556(fp),r0

-	bicl3	#0,r0,-556(fp)

-	cmpl	-556(fp),-552(fp)

-	bgequ	noname.182

-	incl	-560(fp)

-noname.182:

-	movl	-556(fp),r1

-	movl	-560(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.183

-	incl	r2

-noname.183:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.184

-	incl	r9

-noname.184:

-	movzwl	30(r6),r2

-	bicl3	#-65536,(r7),r3

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,28(r6),-572(fp)

-	bicl3	#-65536,r2,-576(fp)

-	mull3	r0,-572(fp),-564(fp)

-	mull2	r3,-572(fp)

-	mull3	r3,-576(fp),-568(fp)

-	mull2	r0,-576(fp)

-	addl3	-564(fp),-568(fp),r0

-	bicl3	#0,r0,-564(fp)

-	cmpl	-564(fp),-568(fp)

-	bgequ	noname.185

-	addl2	#65536,-576(fp)

-noname.185:

-	movzwl	-562(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-576(fp)

-	bicl3	#-65536,-564(fp),r0

-	ashl	#16,r0,-568(fp)

-	addl3	-568(fp),-572(fp),r0

-	bicl3	#0,r0,-572(fp)

-	cmpl	-572(fp),-568(fp)

-	bgequ	noname.186

-	incl	-576(fp)

-noname.186:

-	movl	-572(fp),r1

-	movl	-576(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.187

-	incl	r2

-noname.187:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.188

-	incl	r9

-noname.188:

-	movl	r8,28(r11)

-	clrl	r8

-	movzwl	30(r6),r2

-	bicl3	#-65536,4(r7),r3

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,28(r6),-588(fp)

-	bicl3	#-65536,r2,-592(fp)

-	mull3	r0,-588(fp),-580(fp)

-	mull2	r3,-588(fp)

-	mull3	r3,-592(fp),-584(fp)

-	mull2	r0,-592(fp)

-	addl3	-580(fp),-584(fp),r0

-	bicl3	#0,r0,-580(fp)

-	cmpl	-580(fp),-584(fp)

-	bgequ	noname.189

-	addl2	#65536,-592(fp)

-noname.189:

-	movzwl	-578(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-592(fp)

-	bicl3	#-65536,-580(fp),r0

-	ashl	#16,r0,-584(fp)

-	addl3	-584(fp),-588(fp),r0

-	bicl3	#0,r0,-588(fp)

-	cmpl	-588(fp),-584(fp)

-	bgequ	noname.190

-	incl	-592(fp)

-noname.190:

-	movl	-588(fp),r1

-	movl	-592(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.191

-	incl	r2

-noname.191:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.192

-	incl	r8

-noname.192:

-	movzwl	26(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,24(r6),-604(fp)

-	bicl3	#-65536,r2,-608(fp)

-	mull3	r0,-604(fp),-596(fp)

-	mull2	r3,-604(fp)

-	mull3	r3,-608(fp),-600(fp)

-	mull2	r0,-608(fp)

-	addl3	-596(fp),-600(fp),r0

-	bicl3	#0,r0,-596(fp)

-	cmpl	-596(fp),-600(fp)

-	bgequ	noname.193

-	addl2	#65536,-608(fp)

-noname.193:

-	movzwl	-594(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-608(fp)

-	bicl3	#-65536,-596(fp),r0

-	ashl	#16,r0,-600(fp)

-	addl3	-600(fp),-604(fp),r0

-	bicl3	#0,r0,-604(fp)

-	cmpl	-604(fp),-600(fp)

-	bgequ	noname.194

-	incl	-608(fp)

-noname.194:

-	movl	-604(fp),r1

-	movl	-608(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.195

-	incl	r2

-noname.195:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.196

-	incl	r8

-noname.196:

-	movzwl	22(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,20(r6),-620(fp)

-	bicl3	#-65536,r2,-624(fp)

-	mull3	r0,-620(fp),-612(fp)

-	mull2	r3,-620(fp)

-	mull3	r3,-624(fp),-616(fp)

-	mull2	r0,-624(fp)

-	addl3	-612(fp),-616(fp),r0

-	bicl3	#0,r0,-612(fp)

-	cmpl	-612(fp),-616(fp)

-	bgequ	noname.197

-	addl2	#65536,-624(fp)

-noname.197:

-	movzwl	-610(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-624(fp)

-	bicl3	#-65536,-612(fp),r0

-	ashl	#16,r0,-616(fp)

-	addl3	-616(fp),-620(fp),r0

-	bicl3	#0,r0,-620(fp)

-	cmpl	-620(fp),-616(fp)

-	bgequ	noname.198

-	incl	-624(fp)

-noname.198:

-	movl	-620(fp),r1

-	movl	-624(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.199

-	incl	r2

-noname.199:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.200

-	incl	r8

-noname.200:

-	movzwl	18(r6),r2

-	bicl3	#-65536,16(r7),r3

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r6),-636(fp)

-	bicl3	#-65536,r2,-640(fp)

-	mull3	r0,-636(fp),-628(fp)

-	mull2	r3,-636(fp)

-	mull3	r3,-640(fp),-632(fp)

-	mull2	r0,-640(fp)

-	addl3	-628(fp),-632(fp),r0

-	bicl3	#0,r0,-628(fp)

-	cmpl	-628(fp),-632(fp)

-	bgequ	noname.201

-	addl2	#65536,-640(fp)

-noname.201:

-	movzwl	-626(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-640(fp)

-	bicl3	#-65536,-628(fp),r0

-	ashl	#16,r0,-632(fp)

-	addl3	-632(fp),-636(fp),r0

-	bicl3	#0,r0,-636(fp)

-	cmpl	-636(fp),-632(fp)

-	bgequ	noname.202

-	incl	-640(fp)

-noname.202:

-	movl	-636(fp),r1

-	movl	-640(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.203

-	incl	r2

-noname.203:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.204

-	incl	r8

-noname.204:

-	movzwl	14(r6),r2

-	bicl3	#-65536,20(r7),r3

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-652(fp)

-	bicl3	#-65536,r2,-656(fp)

-	mull3	r0,-652(fp),-644(fp)

-	mull2	r3,-652(fp)

-	mull3	r3,-656(fp),-648(fp)

-	mull2	r0,-656(fp)

-	addl3	-644(fp),-648(fp),r0

-	bicl3	#0,r0,-644(fp)

-	cmpl	-644(fp),-648(fp)

-	bgequ	noname.205

-	addl2	#65536,-656(fp)

-noname.205:

-	movzwl	-642(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-656(fp)

-	bicl3	#-65536,-644(fp),r0

-	ashl	#16,r0,-648(fp)

-	addl3	-648(fp),-652(fp),r0

-	bicl3	#0,r0,-652(fp)

-	cmpl	-652(fp),-648(fp)

-	bgequ	noname.206

-	incl	-656(fp)

-noname.206:

-	movl	-652(fp),r1

-	movl	-656(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.207

-	incl	r2

-noname.207:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.208

-	incl	r8

-noname.208:

-	movzwl	10(r6),r2

-	bicl3	#-65536,24(r7),r3

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-668(fp)

-	bicl3	#-65536,r2,-672(fp)

-	mull3	r0,-668(fp),-660(fp)

-	mull2	r3,-668(fp)

-	mull3	r3,-672(fp),-664(fp)

-	mull2	r0,-672(fp)

-	addl3	-660(fp),-664(fp),r0

-	bicl3	#0,r0,-660(fp)

-	cmpl	-660(fp),-664(fp)

-	bgequ	noname.209

-	addl2	#65536,-672(fp)

-noname.209:

-	movzwl	-658(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-672(fp)

-	bicl3	#-65536,-660(fp),r0

-	ashl	#16,r0,-664(fp)

-	addl3	-664(fp),-668(fp),r0

-	bicl3	#0,r0,-668(fp)

-	cmpl	-668(fp),-664(fp)

-	bgequ	noname.210

-	incl	-672(fp)

-noname.210:

-	movl	-668(fp),r1

-	movl	-672(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.211

-	incl	r2

-noname.211:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.212

-	incl	r8

-noname.212:

-	movzwl	6(r6),r2

-	bicl3	#-65536,28(r7),r3

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-684(fp)

-	bicl3	#-65536,r2,-688(fp)

-	mull3	r0,-684(fp),-676(fp)

-	mull2	r3,-684(fp)

-	mull3	r3,-688(fp),-680(fp)

-	mull2	r0,-688(fp)

-	addl3	-676(fp),-680(fp),r0

-	bicl3	#0,r0,-676(fp)

-	cmpl	-676(fp),-680(fp)

-	bgequ	noname.213

-	addl2	#65536,-688(fp)

-noname.213:

-	movzwl	-674(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-688(fp)

-	bicl3	#-65536,-676(fp),r0

-	ashl	#16,r0,-680(fp)

-	addl3	-680(fp),-684(fp),r0

-	bicl3	#0,r0,-684(fp)

-	cmpl	-684(fp),-680(fp)

-	bgequ	noname.214

-	incl	-688(fp)

-noname.214:

-	movl	-684(fp),r1

-	movl	-688(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.215

-	incl	r2

-noname.215:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.216

-	incl	r8

-noname.216:

-	movl	r10,32(r11)

-	clrl	r10

-	movzwl	10(r6),r2

-	bicl3	#-65536,28(r7),r3

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r6),-700(fp)

-	bicl3	#-65536,r2,-704(fp)

-	mull3	r0,-700(fp),-692(fp)

-	mull2	r3,-700(fp)

-	mull3	r3,-704(fp),-696(fp)

-	mull2	r0,-704(fp)

-	addl3	-692(fp),-696(fp),r0

-	bicl3	#0,r0,-692(fp)

-	cmpl	-692(fp),-696(fp)

-	bgequ	noname.217

-	addl2	#65536,-704(fp)

-noname.217:

-	movzwl	-690(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-704(fp)

-	bicl3	#-65536,-692(fp),r0

-	ashl	#16,r0,-696(fp)

-	addl3	-696(fp),-700(fp),r0

-	bicl3	#0,r0,-700(fp)

-	cmpl	-700(fp),-696(fp)

-	bgequ	noname.218

-	incl	-704(fp)

-noname.218:

-	movl	-700(fp),r1

-	movl	-704(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.219

-	incl	r2

-noname.219:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.220

-	incl	r10

-noname.220:

-	movzwl	14(r6),r2

-	bicl3	#-65536,24(r7),r3

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-716(fp)

-	bicl3	#-65536,r2,-720(fp)

-	mull3	r0,-716(fp),-708(fp)

-	mull2	r3,-716(fp)

-	mull3	r3,-720(fp),-712(fp)

-	mull2	r0,-720(fp)

-	addl3	-708(fp),-712(fp),r0

-	bicl3	#0,r0,-708(fp)

-	cmpl	-708(fp),-712(fp)

-	bgequ	noname.221

-	addl2	#65536,-720(fp)

-noname.221:

-	movzwl	-706(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-720(fp)

-	bicl3	#-65536,-708(fp),r0

-	ashl	#16,r0,-712(fp)

-	addl3	-712(fp),-716(fp),r0

-	bicl3	#0,r0,-716(fp)

-	cmpl	-716(fp),-712(fp)

-	bgequ	noname.222

-	incl	-720(fp)

-noname.222:

-	movl	-716(fp),r1

-	movl	-720(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.223

-	incl	r2

-noname.223:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.224

-	incl	r10

-noname.224:

-	movzwl	18(r6),r2

-	bicl3	#-65536,20(r7),r3

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r6),-732(fp)

-	bicl3	#-65536,r2,-736(fp)

-	mull3	r0,-732(fp),-724(fp)

-	mull2	r3,-732(fp)

-	mull3	r3,-736(fp),-728(fp)

-	mull2	r0,-736(fp)

-	addl3	-724(fp),-728(fp),r0

-	bicl3	#0,r0,-724(fp)

-	cmpl	-724(fp),-728(fp)

-	bgequ	noname.225

-	addl2	#65536,-736(fp)

-noname.225:

-	movzwl	-722(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-736(fp)

-	bicl3	#-65536,-724(fp),r0

-	ashl	#16,r0,-728(fp)

-	addl3	-728(fp),-732(fp),r0

-	bicl3	#0,r0,-732(fp)

-	cmpl	-732(fp),-728(fp)

-	bgequ	noname.226

-	incl	-736(fp)

-noname.226:

-	movl	-732(fp),r1

-	movl	-736(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.227

-	incl	r2

-noname.227:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.228

-	incl	r10

-noname.228:

-	movzwl	22(r6),r2

-	bicl3	#-65536,16(r7),r3

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,20(r6),-748(fp)

-	bicl3	#-65536,r2,-752(fp)

-	mull3	r0,-748(fp),-740(fp)

-	mull2	r3,-748(fp)

-	mull3	r3,-752(fp),-744(fp)

-	mull2	r0,-752(fp)

-	addl3	-740(fp),-744(fp),r0

-	bicl3	#0,r0,-740(fp)

-	cmpl	-740(fp),-744(fp)

-	bgequ	noname.229

-	addl2	#65536,-752(fp)

-noname.229:

-	movzwl	-738(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-752(fp)

-	bicl3	#-65536,-740(fp),r0

-	ashl	#16,r0,-744(fp)

-	addl3	-744(fp),-748(fp),r0

-	bicl3	#0,r0,-748(fp)

-	cmpl	-748(fp),-744(fp)

-	bgequ	noname.230

-	incl	-752(fp)

-noname.230:

-	movl	-748(fp),r1

-	movl	-752(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.231

-	incl	r2

-noname.231:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.232

-	incl	r10

-noname.232:

-	movzwl	26(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,24(r6),-764(fp)

-	bicl3	#-65536,r2,-768(fp)

-	mull3	r0,-764(fp),-756(fp)

-	mull2	r3,-764(fp)

-	mull3	r3,-768(fp),-760(fp)

-	mull2	r0,-768(fp)

-	addl3	-756(fp),-760(fp),r0

-	bicl3	#0,r0,-756(fp)

-	cmpl	-756(fp),-760(fp)

-	bgequ	noname.233

-	addl2	#65536,-768(fp)

-noname.233:

-	movzwl	-754(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-768(fp)

-	bicl3	#-65536,-756(fp),r0

-	ashl	#16,r0,-760(fp)

-	addl3	-760(fp),-764(fp),r0

-	bicl3	#0,r0,-764(fp)

-	cmpl	-764(fp),-760(fp)

-	bgequ	noname.234

-	incl	-768(fp)

-noname.234:

-	movl	-764(fp),r1

-	movl	-768(fp),r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.235

-	incl	r2

-noname.235:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.236

-	incl	r10

-noname.236:

-	bicl3	#-65536,28(r6),r3

-	movzwl	30(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,8(r7),r2

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-772(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-776(fp)

-	mull2	r0,r4

-	addl3	-772(fp),-776(fp),r0

-	bicl3	#0,r0,-772(fp)

-	cmpl	-772(fp),-776(fp)

-	bgequ	noname.237

-	addl2	#65536,r4

-noname.237:

-	movzwl	-770(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-772(fp),r0

-	ashl	#16,r0,-776(fp)

-	addl2	-776(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-776(fp)

-	bgequ	noname.238

-	incl	r4

-noname.238:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.239

-	incl	r2

-noname.239:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.240

-	incl	r10

-noname.240:

-	movl	r9,36(r11)

-	clrl	r9

-	bicl3	#-65536,28(r6),r3

-	movzwl	30(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r7),r2

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-780(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-784(fp)

-	mull2	r0,r4

-	addl3	-780(fp),-784(fp),r0

-	bicl3	#0,r0,-780(fp)

-	cmpl	-780(fp),-784(fp)

-	bgequ	noname.241

-	addl2	#65536,r4

-noname.241:

-	movzwl	-778(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-780(fp),r0

-	ashl	#16,r0,-784(fp)

-	addl2	-784(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-784(fp)

-	bgequ	noname.242

-	incl	r4

-noname.242:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.243

-	incl	r2

-noname.243:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.244

-	incl	r9

-noname.244:

-	bicl3	#-65536,24(r6),r3

-	movzwl	26(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r7),r2

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-788(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-792(fp)

-	mull2	r0,r4

-	addl3	-788(fp),-792(fp),r0

-	bicl3	#0,r0,-788(fp)

-	cmpl	-788(fp),-792(fp)

-	bgequ	noname.245

-	addl2	#65536,r4

-noname.245:

-	movzwl	-786(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-788(fp),r0

-	ashl	#16,r0,-792(fp)

-	addl2	-792(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-792(fp)

-	bgequ	noname.246

-	incl	r4

-noname.246:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.247

-	incl	r2

-noname.247:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.248

-	incl	r9

-noname.248:

-	bicl3	#-65536,20(r6),r3

-	movzwl	22(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r7),r2

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-796(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-800(fp)

-	mull2	r0,r4

-	addl3	-796(fp),-800(fp),r0

-	bicl3	#0,r0,-796(fp)

-	cmpl	-796(fp),-800(fp)

-	bgequ	noname.249

-	addl2	#65536,r4

-noname.249:

-	movzwl	-794(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-796(fp),r0

-	ashl	#16,r0,-800(fp)

-	addl2	-800(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-800(fp)

-	bgequ	noname.250

-	incl	r4

-noname.250:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.251

-	incl	r2

-noname.251:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.252

-	incl	r9

-noname.252:

-	bicl3	#-65536,16(r6),r3

-	movzwl	18(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,24(r7),r2

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-804(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-808(fp)

-	mull2	r0,r4

-	addl3	-804(fp),-808(fp),r0

-	bicl3	#0,r0,-804(fp)

-	cmpl	-804(fp),-808(fp)

-	bgequ	noname.253

-	addl2	#65536,r4

-noname.253:

-	movzwl	-802(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-804(fp),r0

-	ashl	#16,r0,-808(fp)

-	addl2	-808(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-808(fp)

-	bgequ	noname.254

-	incl	r4

-noname.254:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.255

-	incl	r2

-noname.255:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.256

-	incl	r9

-noname.256:

-	bicl3	#-65536,12(r6),r3

-	movzwl	14(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,28(r7),r2

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-812(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-816(fp)

-	mull2	r0,r4

-	addl3	-812(fp),-816(fp),r0

-	bicl3	#0,r0,-812(fp)

-	cmpl	-812(fp),-816(fp)

-	bgequ	noname.257

-	addl2	#65536,r4

-noname.257:

-	movzwl	-810(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-812(fp),r0

-	ashl	#16,r0,-816(fp)

-	addl2	-816(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-816(fp)

-	bgequ	noname.258

-	incl	r4

-noname.258:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.259

-	incl	r2

-noname.259:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.260

-	incl	r9

-noname.260:

-	movl	r8,40(r11)

-	clrl	r8

-	bicl3	#-65536,16(r6),r3

-	movzwl	18(r6),r2

-	bicl3	#-65536,28(r7),r1

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r4

-	bicl3	#-65536,r2,-828(fp)

-	mull3	r0,r4,-820(fp)

-	mull2	r1,r4

-	mull3	r1,-828(fp),-824(fp)

-	mull2	r0,-828(fp)

-	addl3	-820(fp),-824(fp),r0

-	bicl3	#0,r0,-820(fp)

-	cmpl	-820(fp),-824(fp)

-	bgequ	noname.261

-	addl2	#65536,-828(fp)

-noname.261:

-	movzwl	-818(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-828(fp)

-	bicl3	#-65536,-820(fp),r0

-	ashl	#16,r0,-824(fp)

-	addl2	-824(fp),r4

-	bicl2	#0,r4

-	cmpl	r4,-824(fp)

-	bgequ	noname.262

-	incl	-828(fp)

-noname.262:

-	movl	r4,r1

-	movl	-828(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.263

-	incl	r2

-noname.263:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.264

-	incl	r8

-noname.264:

-	movzwl	22(r6),r2

-	bicl3	#-65536,24(r7),r3

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,20(r6),-840(fp)

-	bicl3	#-65536,r2,-844(fp)

-	mull3	r0,-840(fp),-832(fp)

-	mull2	r3,-840(fp)

-	mull3	r3,-844(fp),-836(fp)

-	mull2	r0,-844(fp)

-	addl3	-832(fp),-836(fp),r0

-	bicl3	#0,r0,-832(fp)

-	cmpl	-832(fp),-836(fp)

-	bgequ	noname.265

-	addl2	#65536,-844(fp)

-noname.265:

-	movzwl	-830(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-844(fp)

-	bicl3	#-65536,-832(fp),r0

-	ashl	#16,r0,-836(fp)

-	addl3	-836(fp),-840(fp),r0

-	bicl3	#0,r0,-840(fp)

-	cmpl	-840(fp),-836(fp)

-	bgequ	noname.266

-	incl	-844(fp)

-noname.266:

-	movl	-840(fp),r1

-	movl	-844(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.267

-	incl	r2

-noname.267:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.268

-	incl	r8

-noname.268:

-	bicl3	#-65536,24(r6),r3

-	movzwl	26(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r7),r2

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-848(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-852(fp)

-	mull2	r0,r4

-	addl3	-848(fp),-852(fp),r0

-	bicl3	#0,r0,-848(fp)

-	cmpl	-848(fp),-852(fp)

-	bgequ	noname.269

-	addl2	#65536,r4

-noname.269:

-	movzwl	-846(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-848(fp),r0

-	ashl	#16,r0,-852(fp)

-	addl2	-852(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-852(fp)

-	bgequ	noname.270

-	incl	r4

-noname.270:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.271

-	incl	r2

-noname.271:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.272

-	incl	r8

-noname.272:

-	bicl3	#-65536,28(r6),r3

-	movzwl	30(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r7),r2

-	movzwl	18(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-856(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-860(fp)

-	mull2	r0,r4

-	addl3	-856(fp),-860(fp),r0

-	bicl3	#0,r0,-856(fp)

-	cmpl	-856(fp),-860(fp)

-	bgequ	noname.273

-	addl2	#65536,r4

-noname.273:

-	movzwl	-854(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-856(fp),r0

-	ashl	#16,r0,-860(fp)

-	addl2	-860(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-860(fp)

-	bgequ	noname.274

-	incl	r4

-noname.274:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.275

-	incl	r2

-noname.275:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.276

-	incl	r8

-noname.276:

-	movl	r10,44(r11)

-	clrl	r10

-	bicl3	#-65536,28(r6),r3

-	movzwl	30(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r7),r2

-	movzwl	22(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-864(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-868(fp)

-	mull2	r0,r4

-	addl3	-864(fp),-868(fp),r0

-	bicl3	#0,r0,-864(fp)

-	cmpl	-864(fp),-868(fp)

-	bgequ	noname.277

-	addl2	#65536,r4

-noname.277:

-	movzwl	-862(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-864(fp),r0

-	ashl	#16,r0,-868(fp)

-	addl2	-868(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-868(fp)

-	bgequ	noname.278

-	incl	r4

-noname.278:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.279

-	incl	r2

-noname.279:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.280

-	incl	r10

-noname.280:

-	bicl3	#-65536,24(r6),r3

-	movzwl	26(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,24(r7),r2

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-872(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-876(fp)

-	mull2	r0,r4

-	addl3	-872(fp),-876(fp),r0

-	bicl3	#0,r0,-872(fp)

-	cmpl	-872(fp),-876(fp)

-	bgequ	noname.281

-	addl2	#65536,r4

-noname.281:

-	movzwl	-870(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-872(fp),r0

-	ashl	#16,r0,-876(fp)

-	addl2	-876(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-876(fp)

-	bgequ	noname.282

-	incl	r4

-noname.282:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.283

-	incl	r2

-noname.283:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.284

-	incl	r10

-noname.284:

-	bicl3	#-65536,20(r6),r3

-	movzwl	22(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,28(r7),r2

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-880(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-884(fp)

-	mull2	r0,r4

-	addl3	-880(fp),-884(fp),r0

-	bicl3	#0,r0,-880(fp)

-	cmpl	-880(fp),-884(fp)

-	bgequ	noname.285

-	addl2	#65536,r4

-noname.285:

-	movzwl	-878(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-880(fp),r0

-	ashl	#16,r0,-884(fp)

-	addl2	-884(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-884(fp)

-	bgequ	noname.286

-	incl	r4

-noname.286:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.287

-	incl	r2

-noname.287:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.288

-	incl	r10

-noname.288:

-	movl	r9,48(r11)

-	clrl	r9

-	bicl3	#-65536,24(r6),r3

-	movzwl	26(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,28(r7),r2

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-888(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-892(fp)

-	mull2	r0,r4

-	addl3	-888(fp),-892(fp),r0

-	bicl3	#0,r0,-888(fp)

-	cmpl	-888(fp),-892(fp)

-	bgequ	noname.289

-	addl2	#65536,r4

-noname.289:

-	movzwl	-886(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-888(fp),r0

-	ashl	#16,r0,-892(fp)

-	addl2	-892(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-892(fp)

-	bgequ	noname.290

-	incl	r4

-noname.290:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.291

-	incl	r2

-noname.291:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.292

-	incl	r9

-noname.292:

-	movzwl	30(r6),r2

-	bicl3	#-65536,24(r7),r3

-	movzwl	26(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,28(r6),-904(fp)

-	bicl3	#-65536,r2,-908(fp)

-	mull3	r0,-904(fp),-896(fp)

-	mull2	r3,-904(fp)

-	mull3	r3,-908(fp),-900(fp)

-	mull2	r0,-908(fp)

-	addl3	-896(fp),-900(fp),r0

-	bicl3	#0,r0,-896(fp)

-	cmpl	-896(fp),-900(fp)

-	bgequ	noname.293

-	addl2	#65536,-908(fp)

-noname.293:

-	movzwl	-894(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-908(fp)

-	bicl3	#-65536,-896(fp),r0

-	ashl	#16,r0,-900(fp)

-	addl3	-900(fp),-904(fp),r0

-	bicl3	#0,r0,-904(fp)

-	cmpl	-904(fp),-900(fp)

-	bgequ	noname.294

-	incl	-908(fp)

-noname.294:

-	movl	-904(fp),r1

-	movl	-908(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.295

-	incl	r2

-noname.295:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.296

-	incl	r9

-noname.296:

-	movl	r8,52(r11)

-	clrl	r8

-	movzwl	30(r6),r2

-	bicl3	#-65536,28(r7),r3

-	movzwl	30(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,28(r6),-920(fp)

-	bicl3	#-65536,r2,-924(fp)

-	mull3	r0,-920(fp),-912(fp)

-	mull2	r3,-920(fp)

-	mull3	r3,-924(fp),-916(fp)

-	mull2	r0,-924(fp)

-	addl3	-912(fp),-916(fp),r0

-	bicl3	#0,r0,-912(fp)

-	cmpl	-912(fp),-916(fp)

-	bgequ	noname.297

-	addl2	#65536,-924(fp)

-noname.297:

-	movzwl	-910(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-924(fp)

-	bicl3	#-65536,-912(fp),r0

-	ashl	#16,r0,-916(fp)

-	addl3	-916(fp),-920(fp),r0

-	bicl3	#0,r0,-920(fp)

-	cmpl	-920(fp),-916(fp)

-	bgequ	noname.298

-	incl	-924(fp)

-noname.298:

-	movl	-920(fp),r1

-	movl	-924(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.299

-	incl	r2

-noname.299:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.300

-	incl	r8

-noname.300:

-	movl	r10,56(r11)

-	movl	r9,60(r11)

-	ret

-;r=4 ;(AP)

-;a=8 ;(AP)

-;b=12 ;(AP)

-;n=16 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>

-	movab	-156(sp),sp

-	clrq	r9

-	clrl	r8

-	movl	8(ap),r6

-	bicl3	#-65536,(r6),r3

-	movzwl	2(r6),r2

-	bicl2	#-65536,r2

-	movl	12(ap),r7

-	bicl3	#-65536,(r7),r1

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r2,r4

-	mull3	r0,r5,-4(fp)

-	mull2	r1,r5

-	mull3	r1,r4,-8(fp)

-	mull2	r0,r4

-	addl3	-4(fp),-8(fp),r0

-	bicl3	#0,r0,-4(fp)

-	cmpl	-4(fp),-8(fp)

-	bgequ	noname.303

-	addl2	#65536,r4

-noname.303:

-	movzwl	-2(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-4(fp),r0

-	ashl	#16,r0,-8(fp)

-	addl2	-8(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-8(fp)

-	bgequ	noname.304

-	incl	r4

-noname.304:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.305

-	incl	r2

-noname.305:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.306

-	incl	r8

-noname.306:

-	movl	4(ap),r11

-	movl	r10,(r11)

-	clrl	r10

-	bicl3	#-65536,(r6),r3

-	movzwl	2(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r7),r2

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-12(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-16(fp)

-	mull2	r0,r4

-	addl3	-12(fp),-16(fp),r0

-	bicl3	#0,r0,-12(fp)

-	cmpl	-12(fp),-16(fp)

-	bgequ	noname.307

-	addl2	#65536,r4

-noname.307:

-	movzwl	-10(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-12(fp),r0

-	ashl	#16,r0,-16(fp)

-	addl2	-16(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-16(fp)

-	bgequ	noname.308

-	incl	r4

-noname.308:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.309

-	incl	r2

-noname.309:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.310

-	incl	r10

-noname.310:

-	bicl3	#-65536,4(r6),r3

-	movzwl	6(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,(r7),r2

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-20(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-24(fp)

-	mull2	r0,r4

-	addl3	-20(fp),-24(fp),r0

-	bicl3	#0,r0,-20(fp)

-	cmpl	-20(fp),-24(fp)

-	bgequ	noname.311

-	addl2	#65536,r4

-noname.311:

-	movzwl	-18(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-20(fp),r0

-	ashl	#16,r0,-24(fp)

-	addl2	-24(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-24(fp)

-	bgequ	noname.312

-	incl	r4

-noname.312:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.313

-	incl	r2

-noname.313:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.314

-	incl	r10

-noname.314:

-	movl	r9,4(r11)

-	clrl	r9

-	bicl3	#-65536,8(r6),r3

-	movzwl	10(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,(r7),r2

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-28(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-32(fp)

-	mull2	r0,r4

-	addl3	-28(fp),-32(fp),r0

-	bicl3	#0,r0,-28(fp)

-	cmpl	-28(fp),-32(fp)

-	bgequ	noname.315

-	addl2	#65536,r4

-noname.315:

-	movzwl	-26(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-28(fp),r0

-	ashl	#16,r0,-32(fp)

-	addl2	-32(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-32(fp)

-	bgequ	noname.316

-	incl	r4

-noname.316:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.317

-	incl	r2

-noname.317:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.318

-	incl	r9

-noname.318:

-	bicl3	#-65536,4(r6),r3

-	movzwl	6(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r7),r2

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-36(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-40(fp)

-	mull2	r0,r4

-	addl3	-36(fp),-40(fp),r0

-	bicl3	#0,r0,-36(fp)

-	cmpl	-36(fp),-40(fp)

-	bgequ	noname.319

-	addl2	#65536,r4

-noname.319:

-	movzwl	-34(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-36(fp),r0

-	ashl	#16,r0,-40(fp)

-	addl2	-40(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-40(fp)

-	bgequ	noname.320

-	incl	r4

-noname.320:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.321

-	incl	r2

-noname.321:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.322

-	incl	r9

-noname.322:

-	bicl3	#-65536,(r6),r3

-	movzwl	2(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,8(r7),r2

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-44(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-48(fp)

-	mull2	r0,r4

-	addl3	-44(fp),-48(fp),r0

-	bicl3	#0,r0,-44(fp)

-	cmpl	-44(fp),-48(fp)

-	bgequ	noname.323

-	addl2	#65536,r4

-noname.323:

-	movzwl	-42(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-44(fp),r0

-	ashl	#16,r0,-48(fp)

-	addl2	-48(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-48(fp)

-	bgequ	noname.324

-	incl	r4

-noname.324:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.325

-	incl	r2

-noname.325:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.326

-	incl	r9

-noname.326:

-	movl	r8,8(r11)

-	clrl	r8

-	bicl3	#-65536,(r6),r3

-	movzwl	2(r6),r2

-	bicl3	#-65536,12(r7),r1

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r4

-	bicl3	#-65536,r2,-60(fp)

-	mull3	r0,r4,-52(fp)

-	mull2	r1,r4

-	mull3	r1,-60(fp),-56(fp)

-	mull2	r0,-60(fp)

-	addl3	-52(fp),-56(fp),r0

-	bicl3	#0,r0,-52(fp)

-	cmpl	-52(fp),-56(fp)

-	bgequ	noname.327

-	addl2	#65536,-60(fp)

-noname.327:

-	movzwl	-50(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-60(fp)

-	bicl3	#-65536,-52(fp),r0

-	ashl	#16,r0,-56(fp)

-	addl2	-56(fp),r4

-	bicl2	#0,r4

-	cmpl	r4,-56(fp)

-	bgequ	noname.328

-	incl	-60(fp)

-noname.328:

-	movl	r4,r1

-	movl	-60(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.329

-	incl	r2

-noname.329:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.330

-	incl	r8

-noname.330:

-	movzwl	6(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r6),-72(fp)

-	bicl3	#-65536,r2,-76(fp)

-	mull3	r0,-72(fp),-64(fp)

-	mull2	r3,-72(fp)

-	mull3	r3,-76(fp),-68(fp)

-	mull2	r0,-76(fp)

-	addl3	-64(fp),-68(fp),r0

-	bicl3	#0,r0,-64(fp)

-	cmpl	-64(fp),-68(fp)

-	bgequ	noname.331

-	addl2	#65536,-76(fp)

-noname.331:

-	movzwl	-62(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-76(fp)

-	bicl3	#-65536,-64(fp),r0

-	ashl	#16,r0,-68(fp)

-	addl3	-68(fp),-72(fp),r0

-	bicl3	#0,r0,-72(fp)

-	cmpl	-72(fp),-68(fp)

-	bgequ	noname.332

-	incl	-76(fp)

-noname.332:

-	movl	-72(fp),r1

-	movl	-76(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.333

-	incl	r2

-noname.333:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.334

-	incl	r8

-noname.334:

-	bicl3	#-65536,8(r6),r3

-	movzwl	10(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r7),r2

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-80(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-84(fp)

-	mull2	r0,r4

-	addl3	-80(fp),-84(fp),r0

-	bicl3	#0,r0,-80(fp)

-	cmpl	-80(fp),-84(fp)

-	bgequ	noname.335

-	addl2	#65536,r4

-noname.335:

-	movzwl	-78(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-80(fp),r0

-	ashl	#16,r0,-84(fp)

-	addl2	-84(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-84(fp)

-	bgequ	noname.336

-	incl	r4

-noname.336:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.337

-	incl	r2

-noname.337:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.338

-	incl	r8

-noname.338:

-	bicl3	#-65536,12(r6),r3

-	movzwl	14(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,(r7),r2

-	movzwl	2(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-88(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-92(fp)

-	mull2	r0,r4

-	addl3	-88(fp),-92(fp),r0

-	bicl3	#0,r0,-88(fp)

-	cmpl	-88(fp),-92(fp)

-	bgequ	noname.339

-	addl2	#65536,r4

-noname.339:

-	movzwl	-86(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-88(fp),r0

-	ashl	#16,r0,-92(fp)

-	addl2	-92(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-92(fp)

-	bgequ	noname.340

-	incl	r4

-noname.340:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.341

-	incl	r2

-noname.341:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.342

-	incl	r8

-noname.342:

-	movl	r10,12(r11)

-	clrl	r10

-	bicl3	#-65536,12(r6),r3

-	movzwl	14(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r7),r2

-	movzwl	6(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-96(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-100(fp)

-	mull2	r0,r4

-	addl3	-96(fp),-100(fp),r0

-	bicl3	#0,r0,-96(fp)

-	cmpl	-96(fp),-100(fp)

-	bgequ	noname.343

-	addl2	#65536,r4

-noname.343:

-	movzwl	-94(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-96(fp),r0

-	ashl	#16,r0,-100(fp)

-	addl2	-100(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-100(fp)

-	bgequ	noname.344

-	incl	r4

-noname.344:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.345

-	incl	r2

-noname.345:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.346

-	incl	r10

-noname.346:

-	bicl3	#-65536,8(r6),r3

-	movzwl	10(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,8(r7),r2

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-104(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-108(fp)

-	mull2	r0,r4

-	addl3	-104(fp),-108(fp),r0

-	bicl3	#0,r0,-104(fp)

-	cmpl	-104(fp),-108(fp)

-	bgequ	noname.347

-	addl2	#65536,r4

-noname.347:

-	movzwl	-102(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-104(fp),r0

-	ashl	#16,r0,-108(fp)

-	addl2	-108(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-108(fp)

-	bgequ	noname.348

-	incl	r4

-noname.348:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.349

-	incl	r2

-noname.349:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.350

-	incl	r10

-noname.350:

-	bicl3	#-65536,4(r6),r3

-	movzwl	6(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r7),r2

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-112(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-116(fp)

-	mull2	r0,r4

-	addl3	-112(fp),-116(fp),r0

-	bicl3	#0,r0,-112(fp)

-	cmpl	-112(fp),-116(fp)

-	bgequ	noname.351

-	addl2	#65536,r4

-noname.351:

-	movzwl	-110(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-112(fp),r0

-	ashl	#16,r0,-116(fp)

-	addl2	-116(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-116(fp)

-	bgequ	noname.352

-	incl	r4

-noname.352:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.353

-	incl	r2

-noname.353:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.354

-	incl	r10

-noname.354:

-	movl	r9,16(r11)

-	clrl	r9

-	bicl3	#-65536,8(r6),r3

-	movzwl	10(r6),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r7),r2

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-120(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-124(fp)

-	mull2	r0,r4

-	addl3	-120(fp),-124(fp),r0

-	bicl3	#0,r0,-120(fp)

-	cmpl	-120(fp),-124(fp)

-	bgequ	noname.355

-	addl2	#65536,r4

-noname.355:

-	movzwl	-118(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-120(fp),r0

-	ashl	#16,r0,-124(fp)

-	addl2	-124(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-124(fp)

-	bgequ	noname.356

-	incl	r4

-noname.356:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.357

-	incl	r2

-noname.357:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.358

-	incl	r9

-noname.358:

-	movzwl	14(r6),r2

-	bicl3	#-65536,8(r7),r3

-	movzwl	10(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-136(fp)

-	bicl3	#-65536,r2,-140(fp)

-	mull3	r0,-136(fp),-128(fp)

-	mull2	r3,-136(fp)

-	mull3	r3,-140(fp),-132(fp)

-	mull2	r0,-140(fp)

-	addl3	-128(fp),-132(fp),r0

-	bicl3	#0,r0,-128(fp)

-	cmpl	-128(fp),-132(fp)

-	bgequ	noname.359

-	addl2	#65536,-140(fp)

-noname.359:

-	movzwl	-126(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-140(fp)

-	bicl3	#-65536,-128(fp),r0

-	ashl	#16,r0,-132(fp)

-	addl3	-132(fp),-136(fp),r0

-	bicl3	#0,r0,-136(fp)

-	cmpl	-136(fp),-132(fp)

-	bgequ	noname.360

-	incl	-140(fp)

-noname.360:

-	movl	-136(fp),r1

-	movl	-140(fp),r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.361

-	incl	r2

-noname.361:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.362

-	incl	r9

-noname.362:

-	movl	r8,20(r11)

-	clrl	r8

-	movzwl	14(r6),r2

-	bicl3	#-65536,12(r7),r3

-	movzwl	14(r7),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r6),-152(fp)

-	bicl3	#-65536,r2,-156(fp)

-	mull3	r0,-152(fp),-144(fp)

-	mull2	r3,-152(fp)

-	mull3	r3,-156(fp),-148(fp)

-	mull2	r0,-156(fp)

-	addl3	-144(fp),-148(fp),r0

-	bicl3	#0,r0,-144(fp)

-	cmpl	-144(fp),-148(fp)

-	bgequ	noname.363

-	addl2	#65536,-156(fp)

-noname.363:

-	movzwl	-142(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-156(fp)

-	bicl3	#-65536,-144(fp),r0

-	ashl	#16,r0,-148(fp)

-	addl3	-148(fp),-152(fp),r0

-	bicl3	#0,r0,-152(fp)

-	cmpl	-152(fp),-148(fp)

-	bgequ	noname.364

-	incl	-156(fp)

-noname.364:

-	movl	-152(fp),r1

-	movl	-156(fp),r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.365

-	incl	r2

-noname.365:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.366

-	incl	r8

-noname.366:

-	movl	r10,24(r11)

-	movl	r9,28(r11)

-	ret

-;r=4 ;(AP)

-;a=8 ;(AP)

-;b=12 ;(AP)

-;n=16 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>

-	movab	-444(sp),sp

-	clrq	r8

-	clrl	r7

-	movl	8(ap),r4

-	movl	(r4),r3

-	bicl3	#-65536,r3,-4(fp)

-	extzv	#16,#16,r3,r0

-	bicl3	#-65536,r0,r3

-	movl	-4(fp),r0

-	mull3	r0,r3,-8(fp)

-	mull3	r0,r0,-4(fp)

-	mull2	r3,r3

-	bicl3	#32767,-8(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r3

-	bicl3	#-65536,-8(fp),r0

-	ashl	#17,r0,-8(fp)

-	addl3	-4(fp),-8(fp),r0

-	bicl3	#0,r0,-4(fp)

-	cmpl	-4(fp),-8(fp)

-	bgequ	noname.369

-	incl	r3

-noname.369:

-	movl	-4(fp),r1

-	movl	r3,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.370

-	incl	r2

-noname.370:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.371

-	incl	r7

-noname.371:

-	movl	r9,@4(ap)

-	clrl	r9

-	movzwl	6(r4),r2

-	bicl3	#-65536,(r4),r3

-	movzwl	2(r4),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,4(r4),-20(fp)

-	bicl3	#-65536,r2,-24(fp)

-	mull3	r0,-20(fp),-12(fp)

-	mull2	r3,-20(fp)

-	mull3	r3,-24(fp),-16(fp)

-	mull2	r0,-24(fp)

-	addl3	-12(fp),-16(fp),r0

-	bicl3	#0,r0,-12(fp)

-	cmpl	-12(fp),-16(fp)

-	bgequ	noname.372

-	addl2	#65536,-24(fp)

-noname.372:

-	movzwl	-10(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-24(fp)

-	bicl3	#-65536,-12(fp),r0

-	ashl	#16,r0,-16(fp)

-	addl3	-16(fp),-20(fp),r0

-	bicl3	#0,r0,-20(fp)

-	cmpl	-20(fp),-16(fp)

-	bgequ	noname.373

-	incl	-24(fp)

-noname.373:

-	movl	-20(fp),r3

-	movl	-24(fp),r2

-	bbc	#31,r2,noname.374

-	incl	r9

-noname.374:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.375

-	incl	r2

-noname.375:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.376

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.376

-	incl	r9

-noname.376:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.377

-	incl	r9

-noname.377:

-	movl	4(ap),r0

-	movl	r8,4(r0)

-	clrl	r8

-	movl	8(ap),r4

-	movl	4(r4),r3

-	bicl3	#-65536,r3,-28(fp)

-	extzv	#16,#16,r3,r0

-	bicl3	#-65536,r0,r3

-	movl	-28(fp),r0

-	mull3	r0,r3,-32(fp)

-	mull3	r0,r0,-28(fp)

-	mull2	r3,r3

-	bicl3	#32767,-32(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r3

-	bicl3	#-65536,-32(fp),r0

-	ashl	#17,r0,-32(fp)

-	addl3	-28(fp),-32(fp),r0

-	bicl3	#0,r0,-28(fp)

-	cmpl	-28(fp),-32(fp)

-	bgequ	noname.378

-	incl	r3

-noname.378:

-	movl	-28(fp),r1

-	movl	r3,r2

-	addl2	r1,r7

-	bicl2	#0,r7

-	cmpl	r7,r1

-	bgequ	noname.379

-	incl	r2

-noname.379:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.380

-	incl	r8

-noname.380:

-	movzwl	10(r4),r2

-	bicl3	#-65536,(r4),r3

-	movzwl	2(r4),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,8(r4),-44(fp)

-	bicl3	#-65536,r2,-48(fp)

-	mull3	r0,-44(fp),-36(fp)

-	mull2	r3,-44(fp)

-	mull3	r3,-48(fp),-40(fp)

-	mull2	r0,-48(fp)

-	addl3	-36(fp),-40(fp),r0

-	bicl3	#0,r0,-36(fp)

-	cmpl	-36(fp),-40(fp)

-	bgequ	noname.381

-	addl2	#65536,-48(fp)

-noname.381:

-	movzwl	-34(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-48(fp)

-	bicl3	#-65536,-36(fp),r0

-	ashl	#16,r0,-40(fp)

-	addl3	-40(fp),-44(fp),r0

-	bicl3	#0,r0,-44(fp)

-	cmpl	-44(fp),-40(fp)

-	bgequ	noname.382

-	incl	-48(fp)

-noname.382:

-	movl	-44(fp),r3

-	movl	-48(fp),r2

-	bbc	#31,r2,noname.383

-	incl	r8

-noname.383:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.384

-	incl	r2

-noname.384:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.385

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.385

-	incl	r8

-noname.385:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.386

-	incl	r8

-noname.386:

-	movl	4(ap),r0

-	movl	r7,8(r0)

-	clrl	r7

-	movl	8(ap),r0

-	movzwl	14(r0),r2

-	bicl3	#-65536,(r0),r3

-	movzwl	2(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r0),-60(fp)

-	bicl3	#-65536,r2,-64(fp)

-	mull3	r1,-60(fp),-52(fp)

-	mull2	r3,-60(fp)

-	mull3	r3,-64(fp),-56(fp)

-	mull2	r1,-64(fp)

-	addl3	-52(fp),-56(fp),r0

-	bicl3	#0,r0,-52(fp)

-	cmpl	-52(fp),-56(fp)

-	bgequ	noname.387

-	addl2	#65536,-64(fp)

-noname.387:

-	movzwl	-50(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-64(fp)

-	bicl3	#-65536,-52(fp),r0

-	ashl	#16,r0,-56(fp)

-	addl3	-56(fp),-60(fp),r0

-	bicl3	#0,r0,-60(fp)

-	cmpl	-60(fp),-56(fp)

-	bgequ	noname.388

-	incl	-64(fp)

-noname.388:

-	movl	-60(fp),r3

-	movl	-64(fp),r2

-	bbc	#31,r2,noname.389

-	incl	r7

-noname.389:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.390

-	incl	r2

-noname.390:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.391

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.391

-	incl	r7

-noname.391:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.392

-	incl	r7

-noname.392:

-	movl	8(ap),r0

-	movzwl	10(r0),r2

-	bicl3	#-65536,4(r0),r3

-	movzwl	6(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,8(r0),-76(fp)

-	bicl3	#-65536,r2,-80(fp)

-	mull3	r1,-76(fp),-68(fp)

-	mull2	r3,-76(fp)

-	mull3	r3,-80(fp),-72(fp)

-	mull2	r1,-80(fp)

-	addl3	-68(fp),-72(fp),r0

-	bicl3	#0,r0,-68(fp)

-	cmpl	-68(fp),-72(fp)

-	bgequ	noname.393

-	addl2	#65536,-80(fp)

-noname.393:

-	movzwl	-66(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-80(fp)

-	bicl3	#-65536,-68(fp),r0

-	ashl	#16,r0,-72(fp)

-	addl3	-72(fp),-76(fp),r0

-	bicl3	#0,r0,-76(fp)

-	cmpl	-76(fp),-72(fp)

-	bgequ	noname.394

-	incl	-80(fp)

-noname.394:

-	movl	-76(fp),r3

-	movl	-80(fp),r2

-	bbc	#31,r2,noname.395

-	incl	r7

-noname.395:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.396

-	incl	r2

-noname.396:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.397

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.397

-	incl	r7

-noname.397:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.398

-	incl	r7

-noname.398:

-	movl	4(ap),r0

-	movl	r9,12(r0)

-	clrl	r9

-	movl	8(ap),r2

-	movl	8(r2),r4

-	bicl3	#-65536,r4,-84(fp)

-	extzv	#16,#16,r4,r0

-	bicl3	#-65536,r0,r4

-	movl	-84(fp),r0

-	mull3	r0,r4,-88(fp)

-	mull3	r0,r0,-84(fp)

-	mull2	r4,r4

-	bicl3	#32767,-88(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r4

-	bicl3	#-65536,-88(fp),r0

-	ashl	#17,r0,-88(fp)

-	addl3	-84(fp),-88(fp),r0

-	bicl3	#0,r0,-84(fp)

-	cmpl	-84(fp),-88(fp)

-	bgequ	noname.399

-	incl	r4

-noname.399:

-	movl	-84(fp),r1

-	movl	r4,r3

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.400

-	incl	r3

-noname.400:

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.401

-	incl	r9

-noname.401:

-	movzwl	14(r2),r3

-	bicl3	#-65536,4(r2),r1

-	movzwl	6(r2),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,12(r2),-100(fp)

-	bicl3	#-65536,r3,-104(fp)

-	mull3	r0,-100(fp),-92(fp)

-	mull2	r1,-100(fp)

-	mull3	r1,-104(fp),-96(fp)

-	mull2	r0,-104(fp)

-	addl3	-92(fp),-96(fp),r0

-	bicl3	#0,r0,-92(fp)

-	cmpl	-92(fp),-96(fp)

-	bgequ	noname.402

-	addl2	#65536,-104(fp)

-noname.402:

-	movzwl	-90(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-104(fp)

-	bicl3	#-65536,-92(fp),r0

-	ashl	#16,r0,-96(fp)

-	addl3	-96(fp),-100(fp),r0

-	bicl3	#0,r0,-100(fp)

-	cmpl	-100(fp),-96(fp)

-	bgequ	noname.403

-	incl	-104(fp)

-noname.403:

-	movl	-100(fp),r3

-	movl	-104(fp),r2

-	bbc	#31,r2,noname.404

-	incl	r9

-noname.404:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.405

-	incl	r2

-noname.405:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.406

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.406

-	incl	r9

-noname.406:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.407

-	incl	r9

-noname.407:

-	movl	8(ap),r0

-	movzwl	18(r0),r2

-	bicl3	#-65536,(r0),r3

-	movzwl	2(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r0),-116(fp)

-	bicl3	#-65536,r2,-120(fp)

-	mull3	r1,-116(fp),-108(fp)

-	mull2	r3,-116(fp)

-	mull3	r3,-120(fp),-112(fp)

-	mull2	r1,-120(fp)

-	addl3	-108(fp),-112(fp),r0

-	bicl3	#0,r0,-108(fp)

-	cmpl	-108(fp),-112(fp)

-	bgequ	noname.408

-	addl2	#65536,-120(fp)

-noname.408:

-	movzwl	-106(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-120(fp)

-	bicl3	#-65536,-108(fp),r0

-	ashl	#16,r0,-112(fp)

-	addl3	-112(fp),-116(fp),r0

-	bicl3	#0,r0,-116(fp)

-	cmpl	-116(fp),-112(fp)

-	bgequ	noname.409

-	incl	-120(fp)

-noname.409:

-	movl	-116(fp),r3

-	movl	-120(fp),r2

-	bbc	#31,r2,noname.410

-	incl	r9

-noname.410:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.411

-	incl	r2

-noname.411:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.412

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.412

-	incl	r9

-noname.412:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.413

-	incl	r9

-noname.413:

-	movl	4(ap),r0

-	movl	r8,16(r0)

-	clrl	r8

-	movl	8(ap),r0

-	movzwl	22(r0),r2

-	bicl3	#-65536,(r0),r3

-	movzwl	2(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r0),-132(fp)

-	bicl3	#-65536,r2,-136(fp)

-	mull3	r1,-132(fp),-124(fp)

-	mull2	r3,-132(fp)

-	mull3	r3,-136(fp),-128(fp)

-	mull2	r1,-136(fp)

-	addl3	-124(fp),-128(fp),r0

-	bicl3	#0,r0,-124(fp)

-	cmpl	-124(fp),-128(fp)

-	bgequ	noname.414

-	addl2	#65536,-136(fp)

-noname.414:

-	movzwl	-122(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-136(fp)

-	bicl3	#-65536,-124(fp),r0

-	ashl	#16,r0,-128(fp)

-	addl3	-128(fp),-132(fp),r0

-	bicl3	#0,r0,-132(fp)

-	cmpl	-132(fp),-128(fp)

-	bgequ	noname.415

-	incl	-136(fp)

-noname.415:

-	movl	-132(fp),r3

-	movl	-136(fp),r2

-	bbc	#31,r2,noname.416

-	incl	r8

-noname.416:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.417

-	incl	r2

-noname.417:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.418

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.418

-	incl	r8

-noname.418:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.419

-	incl	r8

-noname.419:

-	movl	8(ap),r0

-	movzwl	18(r0),r2

-	bicl3	#-65536,4(r0),r3

-	movzwl	6(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r0),-148(fp)

-	bicl3	#-65536,r2,-152(fp)

-	mull3	r1,-148(fp),-140(fp)

-	mull2	r3,-148(fp)

-	mull3	r3,-152(fp),-144(fp)

-	mull2	r1,-152(fp)

-	addl3	-140(fp),-144(fp),r0

-	bicl3	#0,r0,-140(fp)

-	cmpl	-140(fp),-144(fp)

-	bgequ	noname.420

-	addl2	#65536,-152(fp)

-noname.420:

-	movzwl	-138(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-152(fp)

-	bicl3	#-65536,-140(fp),r0

-	ashl	#16,r0,-144(fp)

-	addl3	-144(fp),-148(fp),r0

-	bicl3	#0,r0,-148(fp)

-	cmpl	-148(fp),-144(fp)

-	bgequ	noname.421

-	incl	-152(fp)

-noname.421:

-	movl	-148(fp),r3

-	movl	-152(fp),r2

-	bbc	#31,r2,noname.422

-	incl	r8

-noname.422:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.423

-	incl	r2

-noname.423:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.424

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.424

-	incl	r8

-noname.424:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.425

-	incl	r8

-noname.425:

-	movl	8(ap),r0

-	movzwl	14(r0),r2

-	bicl3	#-65536,8(r0),r3

-	movzwl	10(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r0),-164(fp)

-	bicl3	#-65536,r2,-168(fp)

-	mull3	r1,-164(fp),-156(fp)

-	mull2	r3,-164(fp)

-	mull3	r3,-168(fp),-160(fp)

-	mull2	r1,-168(fp)

-	addl3	-156(fp),-160(fp),r0

-	bicl3	#0,r0,-156(fp)

-	cmpl	-156(fp),-160(fp)

-	bgequ	noname.426

-	addl2	#65536,-168(fp)

-noname.426:

-	movzwl	-154(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-168(fp)

-	bicl3	#-65536,-156(fp),r0

-	ashl	#16,r0,-160(fp)

-	addl3	-160(fp),-164(fp),r0

-	bicl3	#0,r0,-164(fp)

-	cmpl	-164(fp),-160(fp)

-	bgequ	noname.427

-	incl	-168(fp)

-noname.427:

-	movl	-164(fp),r3

-	movl	-168(fp),r2

-	bbc	#31,r2,noname.428

-	incl	r8

-noname.428:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.429

-	incl	r2

-noname.429:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.430

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.430

-	incl	r8

-noname.430:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.431

-	incl	r8

-noname.431:

-	movl	4(ap),r0

-	movl	r7,20(r0)

-	clrl	r7

-	movl	8(ap),r2

-	movl	12(r2),r4

-	bicl3	#-65536,r4,-172(fp)

-	extzv	#16,#16,r4,r0

-	bicl3	#-65536,r0,r4

-	movl	-172(fp),r0

-	mull3	r0,r4,-176(fp)

-	mull3	r0,r0,-172(fp)

-	mull2	r4,r4

-	bicl3	#32767,-176(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r4

-	bicl3	#-65536,-176(fp),r0

-	ashl	#17,r0,-176(fp)

-	addl3	-172(fp),-176(fp),r0

-	bicl3	#0,r0,-172(fp)

-	cmpl	-172(fp),-176(fp)

-	bgequ	noname.432

-	incl	r4

-noname.432:

-	movl	-172(fp),r1

-	movl	r4,r3

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.433

-	incl	r3

-noname.433:

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.434

-	incl	r7

-noname.434:

-	movzwl	18(r2),r3

-	bicl3	#-65536,8(r2),r1

-	movzwl	10(r2),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,16(r2),-188(fp)

-	bicl3	#-65536,r3,-192(fp)

-	mull3	r0,-188(fp),-180(fp)

-	mull2	r1,-188(fp)

-	mull3	r1,-192(fp),-184(fp)

-	mull2	r0,-192(fp)

-	addl3	-180(fp),-184(fp),r0

-	bicl3	#0,r0,-180(fp)

-	cmpl	-180(fp),-184(fp)

-	bgequ	noname.435

-	addl2	#65536,-192(fp)

-noname.435:

-	movzwl	-178(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-192(fp)

-	bicl3	#-65536,-180(fp),r0

-	ashl	#16,r0,-184(fp)

-	addl3	-184(fp),-188(fp),r0

-	bicl3	#0,r0,-188(fp)

-	cmpl	-188(fp),-184(fp)

-	bgequ	noname.436

-	incl	-192(fp)

-noname.436:

-	movl	-188(fp),r3

-	movl	-192(fp),r2

-	bbc	#31,r2,noname.437

-	incl	r7

-noname.437:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.438

-	incl	r2

-noname.438:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.439

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.439

-	incl	r7

-noname.439:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.440

-	incl	r7

-noname.440:

-	movl	8(ap),r0

-	movzwl	22(r0),r2

-	bicl3	#-65536,4(r0),r3

-	movzwl	6(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r0),-204(fp)

-	bicl3	#-65536,r2,-208(fp)

-	mull3	r1,-204(fp),-196(fp)

-	mull2	r3,-204(fp)

-	mull3	r3,-208(fp),-200(fp)

-	mull2	r1,-208(fp)

-	addl3	-196(fp),-200(fp),r0

-	bicl3	#0,r0,-196(fp)

-	cmpl	-196(fp),-200(fp)

-	bgequ	noname.441

-	addl2	#65536,-208(fp)

-noname.441:

-	movzwl	-194(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-208(fp)

-	bicl3	#-65536,-196(fp),r0

-	ashl	#16,r0,-200(fp)

-	addl3	-200(fp),-204(fp),r0

-	bicl3	#0,r0,-204(fp)

-	cmpl	-204(fp),-200(fp)

-	bgequ	noname.442

-	incl	-208(fp)

-noname.442:

-	movl	-204(fp),r3

-	movl	-208(fp),r2

-	bbc	#31,r2,noname.443

-	incl	r7

-noname.443:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.444

-	incl	r2

-noname.444:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.445

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.445

-	incl	r7

-noname.445:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.446

-	incl	r7

-noname.446:

-	movl	8(ap),r0

-	movzwl	26(r0),r2

-	bicl3	#-65536,(r0),r3

-	movzwl	2(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,24(r0),-220(fp)

-	bicl3	#-65536,r2,-224(fp)

-	mull3	r1,-220(fp),-212(fp)

-	mull2	r3,-220(fp)

-	mull3	r3,-224(fp),-216(fp)

-	mull2	r1,-224(fp)

-	addl3	-212(fp),-216(fp),r0

-	bicl3	#0,r0,-212(fp)

-	cmpl	-212(fp),-216(fp)

-	bgequ	noname.447

-	addl2	#65536,-224(fp)

-noname.447:

-	movzwl	-210(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-224(fp)

-	bicl3	#-65536,-212(fp),r0

-	ashl	#16,r0,-216(fp)

-	addl3	-216(fp),-220(fp),r0

-	bicl3	#0,r0,-220(fp)

-	cmpl	-220(fp),-216(fp)

-	bgequ	noname.448

-	incl	-224(fp)

-noname.448:

-	movl	-220(fp),r3

-	movl	-224(fp),r2

-	bbc	#31,r2,noname.449

-	incl	r7

-noname.449:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.450

-	incl	r2

-noname.450:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.451

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.451

-	incl	r7

-noname.451:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.452

-	incl	r7

-noname.452:

-	movl	4(ap),r0

-	movl	r9,24(r0)

-	clrl	r9

-	movl	8(ap),r0

-	movzwl	30(r0),r2

-	bicl3	#-65536,(r0),r3

-	movzwl	2(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,28(r0),-236(fp)

-	bicl3	#-65536,r2,-240(fp)

-	mull3	r1,-236(fp),-228(fp)

-	mull2	r3,-236(fp)

-	mull3	r3,-240(fp),-232(fp)

-	mull2	r1,-240(fp)

-	addl3	-228(fp),-232(fp),r0

-	bicl3	#0,r0,-228(fp)

-	cmpl	-228(fp),-232(fp)

-	bgequ	noname.453

-	addl2	#65536,-240(fp)

-noname.453:

-	movzwl	-226(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-240(fp)

-	bicl3	#-65536,-228(fp),r0

-	ashl	#16,r0,-232(fp)

-	addl3	-232(fp),-236(fp),r0

-	bicl3	#0,r0,-236(fp)

-	cmpl	-236(fp),-232(fp)

-	bgequ	noname.454

-	incl	-240(fp)

-noname.454:

-	movl	-236(fp),r3

-	movl	-240(fp),r2

-	bbc	#31,r2,noname.455

-	incl	r9

-noname.455:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.456

-	incl	r2

-noname.456:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.457

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.457

-	incl	r9

-noname.457:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.458

-	incl	r9

-noname.458:

-	movl	8(ap),r0

-	movzwl	26(r0),r2

-	bicl3	#-65536,4(r0),r3

-	movzwl	6(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,24(r0),-252(fp)

-	bicl3	#-65536,r2,-256(fp)

-	mull3	r1,-252(fp),-244(fp)

-	mull2	r3,-252(fp)

-	mull3	r3,-256(fp),-248(fp)

-	mull2	r1,-256(fp)

-	addl3	-244(fp),-248(fp),r0

-	bicl3	#0,r0,-244(fp)

-	cmpl	-244(fp),-248(fp)

-	bgequ	noname.459

-	addl2	#65536,-256(fp)

-noname.459:

-	movzwl	-242(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-256(fp)

-	bicl3	#-65536,-244(fp),r0

-	ashl	#16,r0,-248(fp)

-	addl3	-248(fp),-252(fp),r0

-	bicl3	#0,r0,-252(fp)

-	cmpl	-252(fp),-248(fp)

-	bgequ	noname.460

-	incl	-256(fp)

-noname.460:

-	movl	-252(fp),r3

-	movl	-256(fp),r2

-	bbc	#31,r2,noname.461

-	incl	r9

-noname.461:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.462

-	incl	r2

-noname.462:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.463

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.463

-	incl	r9

-noname.463:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.464

-	incl	r9

-noname.464:

-	movl	8(ap),r0

-	movzwl	22(r0),r2

-	bicl3	#-65536,8(r0),r3

-	movzwl	10(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r0),-268(fp)

-	bicl3	#-65536,r2,-272(fp)

-	mull3	r1,-268(fp),-260(fp)

-	mull2	r3,-268(fp)

-	mull3	r3,-272(fp),-264(fp)

-	mull2	r1,-272(fp)

-	addl3	-260(fp),-264(fp),r0

-	bicl3	#0,r0,-260(fp)

-	cmpl	-260(fp),-264(fp)

-	bgequ	noname.465

-	addl2	#65536,-272(fp)

-noname.465:

-	movzwl	-258(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-272(fp)

-	bicl3	#-65536,-260(fp),r0

-	ashl	#16,r0,-264(fp)

-	addl3	-264(fp),-268(fp),r0

-	bicl3	#0,r0,-268(fp)

-	cmpl	-268(fp),-264(fp)

-	bgequ	noname.466

-	incl	-272(fp)

-noname.466:

-	movl	-268(fp),r3

-	movl	-272(fp),r2

-	bbc	#31,r2,noname.467

-	incl	r9

-noname.467:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.468

-	incl	r2

-noname.468:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.469

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.469

-	incl	r9

-noname.469:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.470

-	incl	r9

-noname.470:

-	movl	8(ap),r0

-	movzwl	18(r0),r2

-	bicl3	#-65536,12(r0),r3

-	movzwl	14(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r0),-284(fp)

-	bicl3	#-65536,r2,-288(fp)

-	mull3	r1,-284(fp),-276(fp)

-	mull2	r3,-284(fp)

-	mull3	r3,-288(fp),-280(fp)

-	mull2	r1,-288(fp)

-	addl3	-276(fp),-280(fp),r0

-	bicl3	#0,r0,-276(fp)

-	cmpl	-276(fp),-280(fp)

-	bgequ	noname.471

-	addl2	#65536,-288(fp)

-noname.471:

-	movzwl	-274(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-288(fp)

-	bicl3	#-65536,-276(fp),r0

-	ashl	#16,r0,-280(fp)

-	addl3	-280(fp),-284(fp),r0

-	bicl3	#0,r0,-284(fp)

-	cmpl	-284(fp),-280(fp)

-	bgequ	noname.472

-	incl	-288(fp)

-noname.472:

-	movl	-284(fp),r3

-	movl	-288(fp),r2

-	bbc	#31,r2,noname.473

-	incl	r9

-noname.473:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.474

-	incl	r2

-noname.474:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.475

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.475

-	incl	r9

-noname.475:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.476

-	incl	r9

-noname.476:

-	movl	4(ap),r0

-	movl	r8,28(r0)

-	clrl	r8

-	movl	8(ap),r3

-	movl	16(r3),r4

-	bicl3	#-65536,r4,r5

-	extzv	#16,#16,r4,r0

-	bicl3	#-65536,r0,r4

-	mull3	r5,r4,-292(fp)

-	mull2	r5,r5

-	mull2	r4,r4

-	bicl3	#32767,-292(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r4

-	bicl3	#-65536,-292(fp),r0

-	ashl	#17,r0,-292(fp)

-	addl2	-292(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-292(fp)

-	bgequ	noname.477

-	incl	r4

-noname.477:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r7

-	bicl2	#0,r7

-	cmpl	r7,r1

-	bgequ	noname.478

-	incl	r2

-noname.478:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.479

-	incl	r8

-noname.479:

-	bicl3	#-65536,20(r3),r4

-	movzwl	22(r3),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r3),r2

-	movzwl	14(r3),r0

-	bicl2	#-65536,r0

-	movl	r4,r6

-	movl	r1,r5

-	mull3	r0,r6,-296(fp)

-	mull2	r2,r6

-	mull3	r2,r5,-300(fp)

-	mull2	r0,r5

-	addl3	-296(fp),-300(fp),r0

-	bicl3	#0,r0,-296(fp)

-	cmpl	-296(fp),-300(fp)

-	bgequ	noname.480

-	addl2	#65536,r5

-noname.480:

-	movzwl	-294(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r5

-	bicl3	#-65536,-296(fp),r0

-	ashl	#16,r0,-300(fp)

-	addl2	-300(fp),r6

-	bicl2	#0,r6

-	cmpl	r6,-300(fp)

-	bgequ	noname.481

-	incl	r5

-noname.481:

-	movl	r6,r3

-	movl	r5,r2

-	bbc	#31,r2,noname.482

-	incl	r8

-noname.482:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.483

-	incl	r2

-noname.483:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.484

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.484

-	incl	r8

-noname.484:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.485

-	incl	r8

-noname.485:

-	movl	8(ap),r0

-	bicl3	#-65536,24(r0),r3

-	movzwl	26(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,8(r0),r2

-	movzwl	10(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-304(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-308(fp)

-	mull2	r0,r4

-	addl3	-304(fp),-308(fp),r0

-	bicl3	#0,r0,-304(fp)

-	cmpl	-304(fp),-308(fp)

-	bgequ	noname.486

-	addl2	#65536,r4

-noname.486:

-	movzwl	-302(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-304(fp),r0

-	ashl	#16,r0,-308(fp)

-	addl2	-308(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-308(fp)

-	bgequ	noname.487

-	incl	r4

-noname.487:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.488

-	incl	r8

-noname.488:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.489

-	incl	r2

-noname.489:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.490

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.490

-	incl	r8

-noname.490:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.491

-	incl	r8

-noname.491:

-	movl	8(ap),r0

-	bicl3	#-65536,28(r0),r3

-	movzwl	30(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r0),r2

-	movzwl	6(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-312(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-316(fp)

-	mull2	r0,r4

-	addl3	-312(fp),-316(fp),r0

-	bicl3	#0,r0,-312(fp)

-	cmpl	-312(fp),-316(fp)

-	bgequ	noname.492

-	addl2	#65536,r4

-noname.492:

-	movzwl	-310(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-312(fp),r0

-	ashl	#16,r0,-316(fp)

-	addl2	-316(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-316(fp)

-	bgequ	noname.493

-	incl	r4

-noname.493:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.494

-	incl	r8

-noname.494:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.495

-	incl	r2

-noname.495:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.496

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.496

-	incl	r8

-noname.496:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.497

-	incl	r8

-noname.497:

-	movl	4(ap),r0

-	movl	r7,32(r0)

-	clrl	r7

-	movl	8(ap),r0

-	bicl3	#-65536,28(r0),r3

-	movzwl	30(r0),r2

-	bicl3	#-65536,8(r0),r1

-	movzwl	10(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r4

-	bicl3	#-65536,r2,-328(fp)

-	mull3	r0,r4,-320(fp)

-	mull2	r1,r4

-	mull3	r1,-328(fp),-324(fp)

-	mull2	r0,-328(fp)

-	addl3	-320(fp),-324(fp),r0

-	bicl3	#0,r0,-320(fp)

-	cmpl	-320(fp),-324(fp)

-	bgequ	noname.498

-	addl2	#65536,-328(fp)

-noname.498:

-	movzwl	-318(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-328(fp)

-	bicl3	#-65536,-320(fp),r0

-	ashl	#16,r0,-324(fp)

-	addl2	-324(fp),r4

-	bicl2	#0,r4

-	cmpl	r4,-324(fp)

-	bgequ	noname.499

-	incl	-328(fp)

-noname.499:

-	movl	r4,r3

-	movl	-328(fp),r2

-	bbc	#31,r2,noname.500

-	incl	r7

-noname.500:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.501

-	incl	r2

-noname.501:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.502

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.502

-	incl	r7

-noname.502:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.503

-	incl	r7

-noname.503:

-	movl	8(ap),r0

-	movzwl	26(r0),r2

-	bicl3	#-65536,12(r0),r3

-	movzwl	14(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,24(r0),-340(fp)

-	bicl3	#-65536,r2,-344(fp)

-	mull3	r1,-340(fp),-332(fp)

-	mull2	r3,-340(fp)

-	mull3	r3,-344(fp),-336(fp)

-	mull2	r1,-344(fp)

-	addl3	-332(fp),-336(fp),r0

-	bicl3	#0,r0,-332(fp)

-	cmpl	-332(fp),-336(fp)

-	bgequ	noname.504

-	addl2	#65536,-344(fp)

-noname.504:

-	movzwl	-330(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-344(fp)

-	bicl3	#-65536,-332(fp),r0

-	ashl	#16,r0,-336(fp)

-	addl3	-336(fp),-340(fp),r0

-	bicl3	#0,r0,-340(fp)

-	cmpl	-340(fp),-336(fp)

-	bgequ	noname.505

-	incl	-344(fp)

-noname.505:

-	movl	-340(fp),r3

-	movl	-344(fp),r2

-	bbc	#31,r2,noname.506

-	incl	r7

-noname.506:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.507

-	incl	r2

-noname.507:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.508

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.508

-	incl	r7

-noname.508:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.509

-	incl	r7

-noname.509:

-	movl	8(ap),r0

-	movzwl	22(r0),r2

-	bicl3	#-65536,16(r0),r3

-	movzwl	18(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r0),-356(fp)

-	bicl3	#-65536,r2,-360(fp)

-	mull3	r1,-356(fp),-348(fp)

-	mull2	r3,-356(fp)

-	mull3	r3,-360(fp),-352(fp)

-	mull2	r1,-360(fp)

-	addl3	-348(fp),-352(fp),r0

-	bicl3	#0,r0,-348(fp)

-	cmpl	-348(fp),-352(fp)

-	bgequ	noname.510

-	addl2	#65536,-360(fp)

-noname.510:

-	movzwl	-346(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-360(fp)

-	bicl3	#-65536,-348(fp),r0

-	ashl	#16,r0,-352(fp)

-	addl3	-352(fp),-356(fp),r0

-	bicl3	#0,r0,-356(fp)

-	cmpl	-356(fp),-352(fp)

-	bgequ	noname.511

-	incl	-360(fp)

-noname.511:

-	movl	-356(fp),r3

-	movl	-360(fp),r2

-	bbc	#31,r2,noname.512

-	incl	r7

-noname.512:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.513

-	incl	r2

-noname.513:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.514

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.514

-	incl	r7

-noname.514:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.515

-	incl	r7

-noname.515:

-	movl	4(ap),r0

-	movl	r9,36(r0)

-	clrl	r9

-	movl	8(ap),r3

-	movl	20(r3),r4

-	bicl3	#-65536,r4,-364(fp)

-	extzv	#16,#16,r4,r0

-	bicl3	#-65536,r0,r4

-	movl	-364(fp),r0

-	mull3	r0,r4,-368(fp)

-	mull3	r0,r0,-364(fp)

-	mull2	r4,r4

-	bicl3	#32767,-368(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r4

-	bicl3	#-65536,-368(fp),r0

-	ashl	#17,r0,-368(fp)

-	addl3	-364(fp),-368(fp),r0

-	bicl3	#0,r0,-364(fp)

-	cmpl	-364(fp),-368(fp)

-	bgequ	noname.516

-	incl	r4

-noname.516:

-	movl	-364(fp),r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.517

-	incl	r2

-noname.517:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.518

-	incl	r9

-noname.518:

-	bicl3	#-65536,24(r3),r4

-	movzwl	26(r3),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r3),r2

-	movzwl	18(r3),r0

-	bicl2	#-65536,r0

-	movl	r4,r6

-	movl	r1,r5

-	mull3	r0,r6,-372(fp)

-	mull2	r2,r6

-	mull3	r2,r5,-376(fp)

-	mull2	r0,r5

-	addl3	-372(fp),-376(fp),r0

-	bicl3	#0,r0,-372(fp)

-	cmpl	-372(fp),-376(fp)

-	bgequ	noname.519

-	addl2	#65536,r5

-noname.519:

-	movzwl	-370(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r5

-	bicl3	#-65536,-372(fp),r0

-	ashl	#16,r0,-376(fp)

-	addl2	-376(fp),r6

-	bicl2	#0,r6

-	cmpl	r6,-376(fp)

-	bgequ	noname.520

-	incl	r5

-noname.520:

-	movl	r6,r3

-	movl	r5,r2

-	bbc	#31,r2,noname.521

-	incl	r9

-noname.521:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.522

-	incl	r2

-noname.522:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.523

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.523

-	incl	r9

-noname.523:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.524

-	incl	r9

-noname.524:

-	movl	8(ap),r0

-	bicl3	#-65536,28(r0),r3

-	movzwl	30(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,12(r0),r2

-	movzwl	14(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-380(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-384(fp)

-	mull2	r0,r4

-	addl3	-380(fp),-384(fp),r0

-	bicl3	#0,r0,-380(fp)

-	cmpl	-380(fp),-384(fp)

-	bgequ	noname.525

-	addl2	#65536,r4

-noname.525:

-	movzwl	-378(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-380(fp),r0

-	ashl	#16,r0,-384(fp)

-	addl2	-384(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-384(fp)

-	bgequ	noname.526

-	incl	r4

-noname.526:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.527

-	incl	r9

-noname.527:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.528

-	incl	r2

-noname.528:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.529

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.529

-	incl	r9

-noname.529:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.530

-	incl	r9

-noname.530:

-	movl	4(ap),r0

-	movl	r8,40(r0)

-	clrl	r8

-	movl	8(ap),r0

-	bicl3	#-65536,28(r0),r3

-	movzwl	30(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,16(r0),r2

-	movzwl	18(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-388(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-392(fp)

-	mull2	r0,r4

-	addl3	-388(fp),-392(fp),r0

-	bicl3	#0,r0,-388(fp)

-	cmpl	-388(fp),-392(fp)

-	bgequ	noname.531

-	addl2	#65536,r4

-noname.531:

-	movzwl	-386(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-388(fp),r0

-	ashl	#16,r0,-392(fp)

-	addl2	-392(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-392(fp)

-	bgequ	noname.532

-	incl	r4

-noname.532:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.533

-	incl	r8

-noname.533:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.534

-	incl	r2

-noname.534:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.535

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.535

-	incl	r8

-noname.535:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.536

-	incl	r8

-noname.536:

-	movl	8(ap),r0

-	bicl3	#-65536,24(r0),r3

-	movzwl	26(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,20(r0),r2

-	movzwl	22(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-396(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-400(fp)

-	mull2	r0,r4

-	addl3	-396(fp),-400(fp),r0

-	bicl3	#0,r0,-396(fp)

-	cmpl	-396(fp),-400(fp)

-	bgequ	noname.537

-	addl2	#65536,r4

-noname.537:

-	movzwl	-394(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-396(fp),r0

-	ashl	#16,r0,-400(fp)

-	addl2	-400(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-400(fp)

-	bgequ	noname.538

-	incl	r4

-noname.538:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.539

-	incl	r8

-noname.539:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.540

-	incl	r2

-noname.540:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r7

-	bicl2	#0,r7

-	cmpl	r7,r3

-	bgequ	noname.541

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.541

-	incl	r8

-noname.541:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.542

-	incl	r8

-noname.542:

-	movl	4(ap),r0

-	movl	r7,44(r0)

-	clrl	r7

-	movl	8(ap),r3

-	movl	24(r3),r4

-	bicl3	#-65536,r4,r5

-	extzv	#16,#16,r4,r0

-	bicl3	#-65536,r0,r4

-	mull3	r5,r4,-404(fp)

-	mull2	r5,r5

-	mull2	r4,r4

-	bicl3	#32767,-404(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r4

-	bicl3	#-65536,-404(fp),r0

-	ashl	#17,r0,-404(fp)

-	addl2	-404(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-404(fp)

-	bgequ	noname.543

-	incl	r4

-noname.543:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.544

-	incl	r2

-noname.544:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.545

-	incl	r7

-noname.545:

-	movzwl	30(r3),r2

-	bicl3	#-65536,20(r3),r1

-	movzwl	22(r3),r0

-	bicl2	#-65536,r0

-	bicl3	#-65536,28(r3),-416(fp)

-	bicl3	#-65536,r2,-420(fp)

-	mull3	r0,-416(fp),-408(fp)

-	mull2	r1,-416(fp)

-	mull3	r1,-420(fp),-412(fp)

-	mull2	r0,-420(fp)

-	addl3	-408(fp),-412(fp),r0

-	bicl3	#0,r0,-408(fp)

-	cmpl	-408(fp),-412(fp)

-	bgequ	noname.546

-	addl2	#65536,-420(fp)

-noname.546:

-	movzwl	-406(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-420(fp)

-	bicl3	#-65536,-408(fp),r0

-	ashl	#16,r0,-412(fp)

-	addl3	-412(fp),-416(fp),r0

-	bicl3	#0,r0,-416(fp)

-	cmpl	-416(fp),-412(fp)

-	bgequ	noname.547

-	incl	-420(fp)

-noname.547:

-	movl	-416(fp),r3

-	movl	-420(fp),r2

-	bbc	#31,r2,noname.548

-	incl	r7

-noname.548:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.549

-	incl	r2

-noname.549:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.550

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.550

-	incl	r7

-noname.550:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.551

-	incl	r7

-noname.551:

-	movl	4(ap),r0

-	movl	r9,48(r0)

-	clrl	r9

-	movl	8(ap),r0

-	movzwl	30(r0),r2

-	bicl3	#-65536,24(r0),r3

-	movzwl	26(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,28(r0),-432(fp)

-	bicl3	#-65536,r2,-436(fp)

-	mull3	r1,-432(fp),-424(fp)

-	mull2	r3,-432(fp)

-	mull3	r3,-436(fp),-428(fp)

-	mull2	r1,-436(fp)

-	addl3	-424(fp),-428(fp),r0

-	bicl3	#0,r0,-424(fp)

-	cmpl	-424(fp),-428(fp)

-	bgequ	noname.552

-	addl2	#65536,-436(fp)

-noname.552:

-	movzwl	-422(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,-436(fp)

-	bicl3	#-65536,-424(fp),r0

-	ashl	#16,r0,-428(fp)

-	addl3	-428(fp),-432(fp),r0

-	bicl3	#0,r0,-432(fp)

-	cmpl	-432(fp),-428(fp)

-	bgequ	noname.553

-	incl	-436(fp)

-noname.553:

-	movl	-432(fp),r3

-	movl	-436(fp),r2

-	bbc	#31,r2,noname.554

-	incl	r9

-noname.554:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.555

-	incl	r2

-noname.555:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.556

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.556

-	incl	r9

-noname.556:

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.557

-	incl	r9

-noname.557:

-	movl	4(ap),r4

-	movl	r8,52(r4)

-	clrl	r8

-	movl	8(ap),r0

-	movl	28(r0),r3

-	bicl3	#-65536,r3,-440(fp)

-	extzv	#16,#16,r3,r0

-	bicl3	#-65536,r0,r3

-	movl	-440(fp),r0

-	mull3	r0,r3,-444(fp)

-	mull3	r0,r0,-440(fp)

-	mull2	r3,r3

-	bicl3	#32767,-444(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r3

-	bicl3	#-65536,-444(fp),r0

-	ashl	#17,r0,-444(fp)

-	addl3	-440(fp),-444(fp),r0

-	bicl3	#0,r0,-440(fp)

-	cmpl	-440(fp),-444(fp)

-	bgequ	noname.558

-	incl	r3

-noname.558:

-	movl	-440(fp),r1

-	movl	r3,r2

-	addl2	r1,r7

-	bicl2	#0,r7

-	cmpl	r7,r1

-	bgequ	noname.559

-	incl	r2

-noname.559:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.560

-	incl	r8

-noname.560:

-	movl	r7,56(r4)

-	movl	r9,60(r4)

-	ret

-;r=4 ;(AP)

-;a=8 ;(AP)

-;b=12 ;(AP)

-;n=16 ;(AP)	n	by value (input)

-	.psect	code,nowrt

-.entry	BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>

-	subl2	#44,sp

-	clrq	r8

-	clrl	r10

-	movl	8(ap),r5

-	movl	(r5),r3

-	bicl3	#-65536,r3,r4

-	extzv	#16,#16,r3,r0

-	bicl3	#-65536,r0,r3

-	mull3	r4,r3,-4(fp)

-	mull2	r4,r4

-	mull2	r3,r3

-	bicl3	#32767,-4(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r3

-	bicl3	#-65536,-4(fp),r0

-	ashl	#17,r0,-4(fp)

-	addl2	-4(fp),r4

-	bicl2	#0,r4

-	cmpl	r4,-4(fp)

-	bgequ	noname.563

-	incl	r3

-noname.563:

-	movl	r4,r1

-	movl	r3,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.564

-	incl	r2

-noname.564:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.565

-	incl	r10

-noname.565:

-	movl	r9,@4(ap)

-	clrl	r9

-	bicl3	#-65536,4(r5),r3

-	movzwl	6(r5),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,(r5),r2

-	movzwl	2(r5),r0

-	bicl2	#-65536,r0

-	movl	r3,r6

-	movl	r1,r4

-	mull3	r0,r6,-8(fp)

-	mull2	r2,r6

-	mull2	r4,r2

-	mull2	r0,r4

-	addl3	-8(fp),r2,r0

-	bicl3	#0,r0,-8(fp)

-	cmpl	-8(fp),r2

-	bgequ	noname.566

-	addl2	#65536,r4

-noname.566:

-	movzwl	-6(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-8(fp),r0

-	ashl	#16,r0,r1

-	addl2	r1,r6

-	bicl2	#0,r6

-	cmpl	r6,r1

-	bgequ	noname.567

-	incl	r4

-noname.567:

-	movl	r6,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.568

-	incl	r9

-noname.568:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.569

-	incl	r2

-noname.569:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.570

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.570

-	incl	r9

-noname.570:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.571

-	incl	r9

-noname.571:

-	movl	4(ap),r0

-	movl	r8,4(r0)

-	clrl	r8

-	movl	8(ap),r4

-	movl	4(r4),r3

-	bicl3	#-65536,r3,r5

-	extzv	#16,#16,r3,r0

-	bicl3	#-65536,r0,r3

-	mull3	r5,r3,r1

-	mull2	r5,r5

-	mull2	r3,r3

-	bicl3	#32767,r1,r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r3

-	bicl2	#-65536,r1

-	ashl	#17,r1,r1

-	addl2	r1,r5

-	bicl2	#0,r5

-	cmpl	r5,r1

-	bgequ	noname.572

-	incl	r3

-noname.572:

-	movl	r5,r1

-	movl	r3,r2

-	addl2	r1,r10

-	bicl2	#0,r10

-	cmpl	r10,r1

-	bgequ	noname.573

-	incl	r2

-noname.573:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.574

-	incl	r8

-noname.574:

-	bicl3	#-65536,8(r4),r3

-	movzwl	10(r4),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,(r4),r2

-	movzwl	2(r4),r0

-	bicl2	#-65536,r0

-	movl	r3,r6

-	movl	r1,r5

-	mull3	r0,r6,r7

-	mull2	r2,r6

-	mull2	r5,r2

-	mull2	r0,r5

-	addl2	r2,r7

-	bicl2	#0,r7

-	cmpl	r7,r2

-	bgequ	noname.575

-	addl2	#65536,r5

-noname.575:

-	extzv	#16,#16,r7,r0

-	bicl2	#-65536,r0

-	addl2	r0,r5

-	bicl3	#-65536,r7,r0

-	ashl	#16,r0,r1

-	addl2	r1,r6

-	bicl2	#0,r6

-	cmpl	r6,r1

-	bgequ	noname.576

-	incl	r5

-noname.576:

-	movl	r6,r3

-	movl	r5,r2

-	bbc	#31,r2,noname.577

-	incl	r8

-noname.577:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.578

-	incl	r2

-noname.578:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r10

-	bicl2	#0,r10

-	cmpl	r10,r3

-	bgequ	noname.579

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.579

-	incl	r8

-noname.579:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.580

-	incl	r8

-noname.580:

-	movl	4(ap),r0

-	movl	r10,8(r0)

-	clrl	r10

-	movl	8(ap),r0

-	bicl3	#-65536,12(r0),r3

-	movzwl	14(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,(r0),r2

-	movzwl	2(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,r6

-	mull2	r2,r5

-	mull3	r2,r4,-12(fp)

-	mull2	r0,r4

-	addl2	-12(fp),r6

-	bicl2	#0,r6

-	cmpl	r6,-12(fp)

-	bgequ	noname.581

-	addl2	#65536,r4

-noname.581:

-	extzv	#16,#16,r6,r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,r6,r0

-	ashl	#16,r0,-12(fp)

-	addl2	-12(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-12(fp)

-	bgequ	noname.582

-	incl	r4

-noname.582:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.583

-	incl	r10

-noname.583:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.584

-	incl	r2

-noname.584:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.585

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.585

-	incl	r10

-noname.585:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.586

-	incl	r10

-noname.586:

-	movl	8(ap),r0

-	bicl3	#-65536,8(r0),r3

-	movzwl	10(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r0),r2

-	movzwl	6(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-16(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-20(fp)

-	mull2	r0,r4

-	addl3	-16(fp),-20(fp),r0

-	bicl3	#0,r0,-16(fp)

-	cmpl	-16(fp),-20(fp)

-	bgequ	noname.587

-	addl2	#65536,r4

-noname.587:

-	movzwl	-14(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-16(fp),r0

-	ashl	#16,r0,-20(fp)

-	addl2	-20(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-20(fp)

-	bgequ	noname.588

-	incl	r4

-noname.588:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.589

-	incl	r10

-noname.589:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.590

-	incl	r2

-noname.590:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r9

-	bicl2	#0,r9

-	cmpl	r9,r3

-	bgequ	noname.591

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.591

-	incl	r10

-noname.591:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.592

-	incl	r10

-noname.592:

-	movl	4(ap),r0

-	movl	r9,12(r0)

-	clrl	r9

-	movl	8(ap),r3

-	movl	8(r3),r4

-	bicl3	#-65536,r4,r5

-	extzv	#16,#16,r4,r0

-	bicl3	#-65536,r0,r4

-	mull3	r5,r4,-24(fp)

-	mull2	r5,r5

-	mull2	r4,r4

-	bicl3	#32767,-24(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r4

-	bicl3	#-65536,-24(fp),r0

-	ashl	#17,r0,-24(fp)

-	addl2	-24(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-24(fp)

-	bgequ	noname.593

-	incl	r4

-noname.593:

-	movl	r5,r1

-	movl	r4,r2

-	addl2	r1,r8

-	bicl2	#0,r8

-	cmpl	r8,r1

-	bgequ	noname.594

-	incl	r2

-noname.594:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.595

-	incl	r9

-noname.595:

-	bicl3	#-65536,12(r3),r4

-	movzwl	14(r3),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,4(r3),r2

-	movzwl	6(r3),r0

-	bicl2	#-65536,r0

-	movl	r4,r6

-	movl	r1,r5

-	mull3	r0,r6,-28(fp)

-	mull2	r2,r6

-	mull3	r2,r5,-32(fp)

-	mull2	r0,r5

-	addl3	-28(fp),-32(fp),r0

-	bicl3	#0,r0,-28(fp)

-	cmpl	-28(fp),-32(fp)

-	bgequ	noname.596

-	addl2	#65536,r5

-noname.596:

-	movzwl	-26(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r5

-	bicl3	#-65536,-28(fp),r0

-	ashl	#16,r0,-32(fp)

-	addl2	-32(fp),r6

-	bicl2	#0,r6

-	cmpl	r6,-32(fp)

-	bgequ	noname.597

-	incl	r5

-noname.597:

-	movl	r6,r3

-	movl	r5,r2

-	bbc	#31,r2,noname.598

-	incl	r9

-noname.598:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.599

-	incl	r2

-noname.599:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r8

-	bicl2	#0,r8

-	cmpl	r8,r3

-	bgequ	noname.600

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.600

-	incl	r9

-noname.600:

-	addl2	r2,r10

-	bicl2	#0,r10

-	cmpl	r10,r2

-	bgequ	noname.601

-	incl	r9

-noname.601:

-	movl	4(ap),r0

-	movl	r8,16(r0)

-	clrl	r8

-	movl	8(ap),r0

-	bicl3	#-65536,12(r0),r3

-	movzwl	14(r0),r1

-	bicl2	#-65536,r1

-	bicl3	#-65536,8(r0),r2

-	movzwl	10(r0),r0

-	bicl2	#-65536,r0

-	movl	r3,r5

-	movl	r1,r4

-	mull3	r0,r5,-36(fp)

-	mull2	r2,r5

-	mull3	r2,r4,-40(fp)

-	mull2	r0,r4

-	addl3	-36(fp),-40(fp),r0

-	bicl3	#0,r0,-36(fp)

-	cmpl	-36(fp),-40(fp)

-	bgequ	noname.602

-	addl2	#65536,r4

-noname.602:

-	movzwl	-34(fp),r0

-	bicl2	#-65536,r0

-	addl2	r0,r4

-	bicl3	#-65536,-36(fp),r0

-	ashl	#16,r0,-40(fp)

-	addl2	-40(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-40(fp)

-	bgequ	noname.603

-	incl	r4

-noname.603:

-	movl	r5,r3

-	movl	r4,r2

-	bbc	#31,r2,noname.604

-	incl	r8

-noname.604:

-	addl2	r2,r2

-	bicl2	#0,r2

-	bbc	#31,r3,noname.605

-	incl	r2

-noname.605:

-	addl2	r3,r3

-	bicl2	#0,r3

-	addl2	r3,r10

-	bicl2	#0,r10

-	cmpl	r10,r3

-	bgequ	noname.606

-	incl	r2

-	bicl3	#0,r2,r0

-	bneq	noname.606

-	incl	r8

-noname.606:

-	addl2	r2,r9

-	bicl2	#0,r9

-	cmpl	r9,r2

-	bgequ	noname.607

-	incl	r8

-noname.607:

-	movl	4(ap),r4

-	movl	r10,20(r4)

-	clrl	r10

-	movl	8(ap),r0

-	movl	12(r0),r3

-	bicl3	#-65536,r3,r5

-	extzv	#16,#16,r3,r0

-	bicl3	#-65536,r0,r3

-	mull3	r5,r3,-44(fp)

-	mull2	r5,r5

-	mull2	r3,r3

-	bicl3	#32767,-44(fp),r0

-	extzv	#15,#17,r0,r0

-	addl2	r0,r3

-	bicl3	#-65536,-44(fp),r0

-	ashl	#17,r0,-44(fp)

-	addl2	-44(fp),r5

-	bicl2	#0,r5

-	cmpl	r5,-44(fp)

-	bgequ	noname.608

-	incl	r3

-noname.608:

-	movl	r5,r1

-	movl	r3,r2

-	addl2	r1,r9

-	bicl2	#0,r9

-	cmpl	r9,r1

-	bgequ	noname.609

-	incl	r2

-noname.609:

-	addl2	r2,r8

-	bicl2	#0,r8

-	cmpl	r8,r2

-	bgequ	noname.610

-	incl	r10

-noname.610:

-	movl	r9,24(r4)

-	movl	r8,28(r4)

-	ret

-; For now, the code below doesn't work, so I end this prematurely.

-.end

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86.pl

+++ /dev/null

@@ -1,28 +1,0 @@

-#!/usr/local/bin/perl

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-require("x86/mul_add.pl");

-require("x86/mul.pl");

-require("x86/sqr.pl");

-require("x86/div.pl");

-require("x86/add.pl");

-require("x86/sub.pl");

-require("x86/comba.pl");

-&asm_init($ARGV[0],$0);

-&bn_mul_add_words("bn_mul_add_words");

-&bn_mul_words("bn_mul_words");

-&bn_sqr_words("bn_sqr_words");

-&bn_div_words("bn_div_words");

-&bn_add_words("bn_add_words");

-&bn_sub_words("bn_sub_words");

-&bn_mul_comba("bn_mul_comba8",8);

-&bn_mul_comba("bn_mul_comba4",4);

-&bn_sqr_comba("bn_sqr_comba8",8);

-&bn_sqr_comba("bn_sqr_comba4",4);

-&asm_finish();

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/add.pl

+++ /dev/null

@@ -1,76 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub bn_add_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$a="esi";

-	$b="edi";

-	$c="eax";

-	$r="ebx";

-	$tmp1="ecx";

-	$tmp2="edx";

-	$num="ebp";

-	&mov($r,&wparam(0));	# get r

-	 &mov($a,&wparam(1));	# get a

-	&mov($b,&wparam(2));	# get b

-	 &mov($num,&wparam(3));	# get num

-	&xor($c,$c);		# clear carry

-	 &and($num,0xfffffff8);	# num / 8

-	&jz(&label("aw_finish"));

-	&set_label("aw_loop",0);

-	for ($i=0; $i<8; $i++)

-		{

-		&comment("Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b

-		&add($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &add($tmp1,$tmp2);

-		&adc($c,0);

-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r

-		}

-	&comment("");

-	&add($a,32);

-	 &add($b,32);

-	&add($r,32);

-	 &sub($num,8);

-	&jnz(&label("aw_loop"));

-	&set_label("aw_finish",0);

-	&mov($num,&wparam(3));	# get num

-	&and($num,7);

-	 &jz(&label("aw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b

-		&add($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &add($tmp1,$tmp2);

-		&adc($c,0);

-		 &dec($num) if ($i != 6);

-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a

-		 &jz(&label("aw_end")) if ($i != 6);

-		}

-	&set_label("aw_end",0);

-#	&mov("eax",$c);		# $c is "eax"

-	&function_end($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/comba.pl

+++ /dev/null

@@ -1,277 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub mul_add_c

-	{

-	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;

-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next

-	# words, and 1 if load return value

-	&comment("mul a[$ai]*b[$bi]");

-	# "eax" and "edx" will always be pre-loaded.

-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;

-	# &mov("edx",&DWP($bi*4,$b,"",0));

-	&mul("edx");

-	&add($c0,"eax");

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a

-	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]

-	 ###

-	&adc($c1,"edx");

-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b

-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b

-	 ###

-	&adc($c2,0);

-	 # is pos > 1, it means it is the last loop

-	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];

-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a

-	}

-sub sqr_add_c

-	{

-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;

-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next

-	# words, and 1 if load return value

-	&comment("sqr a[$ai]*a[$bi]");

-	# "eax" and "edx" will always be pre-loaded.

-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;

-	# &mov("edx",&DWP($bi*4,$b,"",0));

-	if ($ai == $bi)

-		{ &mul("eax");}

-	else

-		{ &mul("edx");}

-	&add($c0,"eax");

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a

-	 ###

-	&adc($c1,"edx");

-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);

-	 ###

-	&adc($c2,0);

-	 # is pos > 1, it means it is the last loop

-	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];

-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b

-	}

-sub sqr_add_c2

-	{

-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;

-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next

-	# words, and 1 if load return value

-	&comment("sqr a[$ai]*a[$bi]");

-	# "eax" and "edx" will always be pre-loaded.

-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;

-	# &mov("edx",&DWP($bi*4,$a,"",0));

-	if ($ai == $bi)

-		{ &mul("eax");}

-	else

-		{ &mul("edx");}

-	&add("eax","eax");

-	 ###

-	&adc("edx","edx");

-	 ###

-	&adc($c2,0);

-	 &add($c0,"eax");

-	&adc($c1,"edx");

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a

-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b

-	&adc($c2,0);

-	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];

-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);

-	 ###

-	}

-sub bn_mul_comba

-	{

-	local($name,$num)=@_;

-	local($a,$b,$c0,$c1,$c2);

-	local($i,$as,$ae,$bs,$be,$ai,$bi);

-	local($tot,$end);

-	&function_begin_B($name,"");

-	$c0="ebx";

-	$c1="ecx";

-	$c2="ebp";

-	$a="esi";

-	$b="edi";

-	$as=0;

-	$ae=0;

-	$bs=0;

-	$be=0;

-	$tot=$num+$num-1;

-	&push("esi");

-	 &mov($a,&wparam(1));

-	&push("edi");

-	 &mov($b,&wparam(2));

-	&push("ebp");

-	 &push("ebx");

-	&xor($c0,$c0);

-	 &mov("eax",&DWP(0,$a,"",0));	# load the first word

-	&xor($c1,$c1);

-	 &mov("edx",&DWP(0,$b,"",0));	# load the first second

-	for ($i=0; $i<$tot; $i++)

-		{

-		$ai=$as;

-		$bi=$bs;

-		$end=$be+1;

-		&comment("################## Calculate word $i");

-		for ($j=$bs; $j<$end; $j++)

-			{

-			&xor($c2,$c2) if ($j == $bs);

-			if (($j+1) == $end)

-				{

-				$v=1;

-				$v=2 if (($i+1) == $tot);

-				}

-			else

-				{ $v=0; }

-			if (($j+1) != $end)

-				{

-				$na=($ai-1);

-				$nb=($bi+1);

-				}

-			else

-				{

-				$na=$as+($i < ($num-1));

-				$nb=$bs+($i >= ($num-1));

-				}

-#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";

-			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);

-			if ($v)

-				{

-				&comment("saved r[$i]");

-				# &mov("eax",&wparam(0));

-				# &mov(&DWP($i*4,"eax","",0),$c0);

-				($c0,$c1,$c2)=($c1,$c2,$c0);

-				}

-			$ai--;

-			$bi++;

-			}

-		$as++ if ($i < ($num-1));

-		$ae++ if ($i >= ($num-1));

-		$bs++ if ($i >= ($num-1));

-		$be++ if ($i < ($num-1));

-		}

-	&comment("save r[$i]");

-	# &mov("eax",&wparam(0));

-	&mov(&DWP($i*4,"eax","",0),$c0);

-	&pop("ebx");

-	&pop("ebp");

-	&pop("edi");

-	&pop("esi");

-	&ret();

-	&function_end_B($name);

-	}

-sub bn_sqr_comba

-	{

-	local($name,$num)=@_;

-	local($r,$a,$c0,$c1,$c2)=@_;

-	local($i,$as,$ae,$bs,$be,$ai,$bi);

-	local($b,$tot,$end,$half);

-	&function_begin_B($name,"");

-	$c0="ebx";

-	$c1="ecx";

-	$c2="ebp";

-	$a="esi";

-	$r="edi";

-	&push("esi");

-	 &push("edi");

-	&push("ebp");

-	 &push("ebx");

-	&mov($r,&wparam(0));

-	 &mov($a,&wparam(1));

-	&xor($c0,$c0);

-	 &xor($c1,$c1);

-	&mov("eax",&DWP(0,$a,"",0)); # load the first word

-	$as=0;

-	$ae=0;

-	$bs=0;

-	$be=0;

-	$tot=$num+$num-1;

-	for ($i=0; $i<$tot; $i++)

-		{

-		$ai=$as;

-		$bi=$bs;

-		$end=$be+1;

-		&comment("############### Calculate word $i");

-		for ($j=$bs; $j<$end; $j++)

-			{

-			&xor($c2,$c2) if ($j == $bs);

-			if (($ai-1) < ($bi+1))

-				{

-				$v=1;

-				$v=2 if ($i+1) == $tot;

-				}

-			else

-				{ $v=0; }

-			if (!$v)

-				{

-				$na=$ai-1;

-				$nb=$bi+1;

-				}

-			else

-				{

-				$na=$as+($i < ($num-1));

-				$nb=$bs+($i >= ($num-1));

-				}

-			if ($ai == $bi)

-				{

-				&sqr_add_c($r,$a,$ai,$bi,

-					$c0,$c1,$c2,$v,$i,$na,$nb);

-				}

-			else

-				{

-				&sqr_add_c2($r,$a,$ai,$bi,

-					$c0,$c1,$c2,$v,$i,$na,$nb);

-				}

-			if ($v)

-				{

-				&comment("saved r[$i]");

-				#&mov(&DWP($i*4,$r,"",0),$c0);

-				($c0,$c1,$c2)=($c1,$c2,$c0);

-				last;

-				}

-			$ai--;

-			$bi++;

-			}

-		$as++ if ($i < ($num-1));

-		$ae++ if ($i >= ($num-1));

-		$bs++ if ($i >= ($num-1));

-		$be++ if ($i < ($num-1));

-		}

-	&mov(&DWP($i*4,$r,"",0),$c0);

-	&pop("ebx");

-	&pop("ebp");

-	&pop("edi");

-	&pop("esi");

-	&ret();

-	&function_end_B($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/div.pl

+++ /dev/null

@@ -1,15 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub bn_div_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&mov("edx",&wparam(0));	#

-	&mov("eax",&wparam(1));	#

-	&mov("ebx",&wparam(2));	#

-	&div("ebx");

-	&function_end($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/f

+++ /dev/null

@@ -1,3 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/mul.pl

+++ /dev/null

@@ -1,77 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub bn_mul_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$Low="eax";

-	$High="edx";

-	$a="ebx";

-	$w="ecx";

-	$r="edi";

-	$c="esi";

-	$num="ebp";

-	&xor($c,$c);		# clear carry

-	&mov($r,&wparam(0));	#

-	&mov($a,&wparam(1));	#

-	&mov($num,&wparam(2));	#

-	&mov($w,&wparam(3));	#

-	&and($num,0xfffffff8);	# num / 8

-	&jz(&label("mw_finish"));

-	&set_label("mw_loop",0);

-	for ($i=0; $i<32; $i+=4)

-		{

-		&comment("Round $i");

-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);			# L(t)+=c

-		 # XXX

-		&adc("edx",0);			# H(t)+=carry

-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);

-		&mov($c,"edx");			# c=  H(t);

-		}

-	&comment("");

-	&add($a,32);

-	&add($r,32);

-	&sub($num,8);

-	&jz(&label("mw_finish"));

-	&jmp(&label("mw_loop"));

-	&set_label("mw_finish",0);

-	&mov($num,&wparam(2));	# get num

-	&and($num,7);

-	&jnz(&label("mw_finish2"));

-	&jmp(&label("mw_end"));

-	&set_label("mw_finish2",1);

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		 &mov("eax",&DWP($i*4,$a,"",0));# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);			# L(t)+=c

-		 # XXX

-		&adc("edx",0);			# H(t)+=carry

-		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);

-		&mov($c,"edx");			# c=  H(t);

-		 &dec($num) if ($i != 7-1);

-		&jz(&label("mw_end")) if ($i != 7-1);

-		}

-	&set_label("mw_end",0);

-	&mov("eax",$c);

-	&function_end($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/mul_add.pl

+++ /dev/null

@@ -1,87 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub bn_mul_add_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$Low="eax";

-	$High="edx";

-	$a="ebx";

-	$w="ebp";

-	$r="edi";

-	$c="esi";

-	&xor($c,$c);		# clear carry

-	&mov($r,&wparam(0));	#

-	&mov("ecx",&wparam(2));	#

-	&mov($a,&wparam(1));	#

-	&and("ecx",0xfffffff8);	# num / 8

-	&mov($w,&wparam(3));	#

-	&push("ecx");		# Up the stack for a tmp variable

-	&jz(&label("maw_finish"));

-	&set_label("maw_loop",0);

-	&mov(&swtmp(0),"ecx");	#

-	for ($i=0; $i<32; $i+=4)

-		{

-		&comment("Round $i");

-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);		# L(t)+= *r

-		 &mov($c,&DWP($i,$r,"",0));	# L(t)+= *r

-		&adc("edx",0);			# H(t)+=carry

-		 &add("eax",$c);		# L(t)+=c

-		&adc("edx",0);			# H(t)+=carry

-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);

-		&mov($c,"edx");			# c=  H(t);

-		}

-	&comment("");

-	&mov("ecx",&swtmp(0));	#

-	&add($a,32);

-	&add($r,32);

-	&sub("ecx",8);

-	&jnz(&label("maw_loop"));

-	&set_label("maw_finish",0);

-	&mov("ecx",&wparam(2));	# get num

-	&and("ecx",7);

-	&jnz(&label("maw_finish2"));	# helps branch prediction

-	&jmp(&label("maw_end"));

-	&set_label("maw_finish2",1);

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		 &mov("eax",&DWP($i*4,$a,"",0));# *a

-		&mul($w);			# *a * w

-		&add("eax",$c);			# L(t)+=c

-		 &mov($c,&DWP($i*4,$r,"",0));	# L(t)+= *r

-		&adc("edx",0);			# H(t)+=carry

-		 &add("eax",$c);

-		&adc("edx",0);			# H(t)+=carry

-		 &dec("ecx") if ($i != 7-1);

-		&mov(&DWP($i*4,$r,"",0),"eax");	# *r= L(t);

-		 &mov($c,"edx");			# c=  H(t);

-		&jz(&label("maw_end")) if ($i != 7-1);

-		}

-	&set_label("maw_end",0);

-	&mov("eax",$c);

-	&pop("ecx");	# clear variable from

-	&function_end($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/sqr.pl

+++ /dev/null

@@ -1,60 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub bn_sqr_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$r="esi";

-	$a="edi";

-	$num="ebx";

-	&mov($r,&wparam(0));	#

-	&mov($a,&wparam(1));	#

-	&mov($num,&wparam(2));	#

-	&and($num,0xfffffff8);	# num / 8

-	&jz(&label("sw_finish"));

-	&set_label("sw_loop",0);

-	for ($i=0; $i<32; $i+=4)

-		{

-		&comment("Round $i");

-		&mov("eax",&DWP($i,$a,"",0)); 	# *a

-		 # XXX

-		&mul("eax");			# *a * *a

-		&mov(&DWP($i*2,$r,"",0),"eax");	#

-		 &mov(&DWP($i*2+4,$r,"",0),"edx");#

-		}

-	&comment("");

-	&add($a,32);

-	&add($r,64);

-	&sub($num,8);

-	&jnz(&label("sw_loop"));

-	&set_label("sw_finish",0);

-	&mov($num,&wparam(2));	# get num

-	&and($num,7);

-	&jz(&label("sw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov("eax",&DWP($i*4,$a,"",0));	# *a

-		 # XXX

-		&mul("eax");			# *a * *a

-		&mov(&DWP($i*8,$r,"",0),"eax");	#

-		 &dec($num) if ($i != 7-1);

-		&mov(&DWP($i*8+4,$r,"",0),"edx");

-		 &jz(&label("sw_end")) if ($i != 7-1);

-		}

-	&set_label("sw_end",0);

-	&function_end($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86/sub.pl

+++ /dev/null

@@ -1,76 +1,0 @@

-#!/usr/local/bin/perl

-# x86 assember

-sub bn_sub_words

-	{

-	local($name)=@_;

-	&function_begin($name,"");

-	&comment("");

-	$a="esi";

-	$b="edi";

-	$c="eax";

-	$r="ebx";

-	$tmp1="ecx";

-	$tmp2="edx";

-	$num="ebp";

-	&mov($r,&wparam(0));	# get r

-	 &mov($a,&wparam(1));	# get a

-	&mov($b,&wparam(2));	# get b

-	 &mov($num,&wparam(3));	# get num

-	&xor($c,$c);		# clear carry

-	 &and($num,0xfffffff8);	# num / 8

-	&jz(&label("aw_finish"));

-	&set_label("aw_loop",0);

-	for ($i=0; $i<8; $i++)

-		{

-		&comment("Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b

-		&sub($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &sub($tmp1,$tmp2);

-		&adc($c,0);

-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r

-		}

-	&comment("");

-	&add($a,32);

-	 &add($b,32);

-	&add($r,32);

-	 &sub($num,8);

-	&jnz(&label("aw_loop"));

-	&set_label("aw_finish",0);

-	&mov($num,&wparam(3));	# get num

-	&and($num,7);

-	 &jz(&label("aw_end"));

-	for ($i=0; $i<7; $i++)

-		{

-		&comment("Tail Round $i");

-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a

-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b

-		&sub($tmp1,$c);

-		 &mov($c,0);

-		&adc($c,$c);

-		 &sub($tmp1,$tmp2);

-		&adc($c,0);

-		 &dec($num) if ($i != 6);

-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a

-		 &jz(&label("aw_end")) if ($i != 6);

-		}

-	&set_label("aw_end",0);

-#	&mov("eax",$c);		# $c is "eax"

-	&function_end($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/bn/asm/x86_64-gcc.c

+++ /dev/null

@@ -1,597 +1,0 @@

-#ifdef __SUNPRO_C

-# include "../bn_asm.c"	/* kind of dirty hack for Sun Studio */

-#else

-/*

- * x86_64 BIGNUM accelerator version 0.1, December 2002.

- *

- * Implemented by Andy Polyakov <[email protected]> for the OpenSSL

- * project.

- *

- * Rights for redistribution and usage in source and binary forms are

- * granted according to the OpenSSL license. Warranty of any kind is

- * disclaimed.

- *

- * Q. Version 0.1? It doesn't sound like Andy, he used to assign real

- *    versions, like 1.0...

- * A. Well, that's because this code is basically a quick-n-dirty

- *    proof-of-concept hack. As you can see it's implemented with

- *    inline assembler, which means that you're bound to GCC and that

- *    there might be enough room for further improvement.

- *

- * Q. Why inline assembler?

- * A. x86_64 features own ABI which I'm not familiar with. This is

- *    why I decided to let the compiler take care of subroutine

- *    prologue/epilogue as well as register allocation. For reference.

- *    Win64 implements different ABI for AMD64, different from Linux.

- *

- * Q. How much faster does it get?

- * A. 'apps/openssl speed rsa dsa' output with no-asm:

- *

- *	                  sign    verify    sign/s verify/s

- *	rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2

- *	rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0

- *	rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8

- *	rsa 4096 bits   0.1155s   0.0018s      8.7    555.6

- *	                  sign    verify    sign/s verify/s

- *	dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3

- *	dsa 1024 bits   0.0014s   0.0018s    692.3    559.2

- *	dsa 2048 bits   0.0049s   0.0061s    204.7    165.0

- *

- *    'apps/openssl speed rsa dsa' output with this module:

- *

- *	                  sign    verify    sign/s verify/s

- *	rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9

- *	rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7

- *	rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0

- *	rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8

- *	                  sign    verify    sign/s verify/s

- *	dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3

- *	dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4

- *	dsa 2048 bits   0.0016s   0.0020s    620.4    504.6

- *

- *    For the reference. IA-32 assembler implementation performs

- *    very much like 64-bit code compiled with no-asm on the same

- *    machine.

- */

-#define BN_ULONG unsigned long

-/*

- * "m"(a), "+m"(r)	is the way to favor DirectPath �-code;

- * "g"(0)		let the compiler to decide where does it

- *			want to keep the value of zero;

- */

-#define mul_add(r,a,word,carry) do {	\

-	register BN_ULONG high,low;	\

-	asm ("mulq %3"			\

-		: "=a"(low),"=d"(high)	\

-		: "a"(word),"m"(a)	\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(carry),"+d"(high)\

-		: "a"(low),"g"(0)	\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+m"(r),"+d"(high)	\

-		: "r"(carry),"g"(0)	\

-		: "cc");		\

-	carry=high;			\

-	} while (0)

-#define mul(r,a,word,carry) do {	\

-	register BN_ULONG high,low;	\

-	asm ("mulq %3"			\

-		: "=a"(low),"=d"(high)	\

-		: "a"(word),"g"(a)	\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(carry),"+d"(high)\

-		: "a"(low),"g"(0)	\

-		: "cc");		\

-	(r)=carry, carry=high;		\

-	} while (0)

-#define sqr(r0,r1,a)			\

-	asm ("mulq %2"			\

-		: "=a"(r0),"=d"(r1)	\

-		: "a"(a)		\

-		: "cc");

-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-	{

-	BN_ULONG c1=0;

-	if (num <= 0) return(c1);

-	while (num&~3)

-		{

-		mul_add(rp[0],ap[0],w,c1);

-		mul_add(rp[1],ap[1],w,c1);

-		mul_add(rp[2],ap[2],w,c1);

-		mul_add(rp[3],ap[3],w,c1);

-		ap+=4; rp+=4; num-=4;

-		}

-	if (num)

-		{

-		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;

-		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;

-		mul_add(rp[2],ap[2],w,c1); return c1;

-		}

-	return(c1);

-	}

-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)

-	{

-	BN_ULONG c1=0;

-	if (num <= 0) return(c1);

-	while (num&~3)

-		{

-		mul(rp[0],ap[0],w,c1);

-		mul(rp[1],ap[1],w,c1);

-		mul(rp[2],ap[2],w,c1);

-		mul(rp[3],ap[3],w,c1);

-		ap+=4; rp+=4; num-=4;

-		}

-	if (num)

-		{

-		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;

-		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;

-		mul(rp[2],ap[2],w,c1);

-		}

-	return(c1);

-	}

-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)

-        {

-	if (n <= 0) return;

-	while (n&~3)

-		{

-		sqr(r[0],r[1],a[0]);

-		sqr(r[2],r[3],a[1]);

-		sqr(r[4],r[5],a[2]);

-		sqr(r[6],r[7],a[3]);

-		a+=4; r+=8; n-=4;

-		}

-	if (n)

-		{

-		sqr(r[0],r[1],a[0]); if (--n == 0) return;

-		sqr(r[2],r[3],a[1]); if (--n == 0) return;

-		sqr(r[4],r[5],a[2]);

-		}

-	}

-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)

-{	BN_ULONG ret,waste;

-	asm ("divq	%4"

-		: "=a"(ret),"=d"(waste)

-		: "a"(l),"d"(h),"g"(d)

-		: "cc");

-	return ret;

-}

-BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)

-{ BN_ULONG ret=0,i=0;

-	if (n <= 0) return 0;

-	asm (

-	"	subq	%2,%2		\n"

-	".align 16			\n"

-	"1:	movq	(%4,%2,8),%0	\n"

-	"	adcq	(%5,%2,8),%0	\n"

-	"	movq	%0,(%3,%2,8)	\n"

-	"	leaq	1(%2),%2	\n"

-	"	loop	1b		\n"

-	"	sbbq	%0,%0		\n"

-		: "=&a"(ret),"+c"(n),"=&r"(i)

-		: "r"(rp),"r"(ap),"r"(bp)

-		: "cc"

-	);

-  return ret&1;

-}

-#ifndef SIMICS

-BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)

-{ BN_ULONG ret=0,i=0;

-	if (n <= 0) return 0;

-	asm (

-	"	subq	%2,%2		\n"

-	".align 16			\n"

-	"1:	movq	(%4,%2,8),%0	\n"

-	"	sbbq	(%5,%2,8),%0	\n"

-	"	movq	%0,(%3,%2,8)	\n"

-	"	leaq	1(%2),%2	\n"

-	"	loop	1b		\n"

-	"	sbbq	%0,%0		\n"

-		: "=&a"(ret),"+c"(n),"=&r"(i)

-		: "r"(rp),"r"(ap),"r"(bp)

-		: "cc"

-	);

-  return ret&1;

-}

-#else

-/* Simics 1.4<7 has buggy sbbq:-( */

-#define BN_MASK2 0xffffffffffffffffL

-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-        {

-	BN_ULONG t1,t2;

-	int c=0;

-	if (n <= 0) return((BN_ULONG)0);

-	for (;;)

-		{

-		t1=a[0]; t2=b[0];

-		r[0]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		t1=a[1]; t2=b[1];

-		r[1]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		t1=a[2]; t2=b[2];

-		r[2]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		t1=a[3]; t2=b[3];

-		r[3]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		a+=4;

-		b+=4;

-		r+=4;

-		}

-	return(c);

-	}

-#endif

-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */

-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */

-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */

-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */

-#if 0

-/* original macros are kept for reference purposes */

-#define mul_add_c(a,b,c0,c1,c2) {	\

-	BN_ULONG ta=(a),tb=(b);		\

-	t1 = ta * tb;			\

-	t2 = BN_UMULT_HIGH(ta,tb);	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define mul_add_c2(a,b,c0,c1,c2) {	\

-	BN_ULONG ta=(a),tb=(b),t0;	\

-	t1 = BN_UMULT_HIGH(ta,tb);	\

-	t0 = ta * tb;			\

-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\

-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#else

-#define mul_add_c(a,b,c0,c1,c2)	do {	\

-	asm ("mulq %3"			\

-		: "=a"(t1),"=d"(t2)	\

-		: "a"(a),"m"(b)		\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(c0),"+d"(t2)	\

-		: "a"(t1),"g"(0)	\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(c1),"+r"(c2)	\

-		: "d"(t2),"g"(0)	\

-		: "cc");		\

-	} while (0)

-#define sqr_add_c(a,i,c0,c1,c2)	do {	\

-	asm ("mulq %2"			\

-		: "=a"(t1),"=d"(t2)	\

-		: "a"(a[i])		\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(c0),"+d"(t2)	\

-		: "a"(t1),"g"(0)	\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(c1),"+r"(c2)	\

-		: "d"(t2),"g"(0)	\

-		: "cc");		\

-	} while (0)

-#define mul_add_c2(a,b,c0,c1,c2) do {	\

-	asm ("mulq %3"			\

-		: "=a"(t1),"=d"(t2)	\

-		: "a"(a),"m"(b)		\

-		: "cc");		\

-	asm ("addq %0,%0; adcq %2,%1"	\

-		: "+d"(t2),"+r"(c2)	\

-		: "g"(0)		\

-		: "cc");		\

-	asm ("addq %0,%0; adcq %2,%1"	\

-		: "+a"(t1),"+d"(t2)	\

-		: "g"(0)		\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(c0),"+d"(t2)	\

-		: "a"(t1),"g"(0)	\

-		: "cc");		\

-	asm ("addq %2,%0; adcq %3,%1"	\

-		: "+r"(c1),"+r"(c2)	\

-		: "d"(t2),"g"(0)	\

-		: "cc");		\

-	} while (0)

-#endif

-#define sqr_add_c2(a,i,j,c0,c1,c2)	\

-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-	{

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	mul_add_c(a[0],b[0],c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	mul_add_c(a[0],b[1],c2,c3,c1);

-	mul_add_c(a[1],b[0],c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	mul_add_c(a[2],b[0],c3,c1,c2);

-	mul_add_c(a[1],b[1],c3,c1,c2);

-	mul_add_c(a[0],b[2],c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	mul_add_c(a[0],b[3],c1,c2,c3);

-	mul_add_c(a[1],b[2],c1,c2,c3);

-	mul_add_c(a[2],b[1],c1,c2,c3);

-	mul_add_c(a[3],b[0],c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	mul_add_c(a[4],b[0],c2,c3,c1);

-	mul_add_c(a[3],b[1],c2,c3,c1);

-	mul_add_c(a[2],b[2],c2,c3,c1);

-	mul_add_c(a[1],b[3],c2,c3,c1);

-	mul_add_c(a[0],b[4],c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	mul_add_c(a[0],b[5],c3,c1,c2);

-	mul_add_c(a[1],b[4],c3,c1,c2);

-	mul_add_c(a[2],b[3],c3,c1,c2);

-	mul_add_c(a[3],b[2],c3,c1,c2);

-	mul_add_c(a[4],b[1],c3,c1,c2);

-	mul_add_c(a[5],b[0],c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	mul_add_c(a[6],b[0],c1,c2,c3);

-	mul_add_c(a[5],b[1],c1,c2,c3);

-	mul_add_c(a[4],b[2],c1,c2,c3);

-	mul_add_c(a[3],b[3],c1,c2,c3);

-	mul_add_c(a[2],b[4],c1,c2,c3);

-	mul_add_c(a[1],b[5],c1,c2,c3);

-	mul_add_c(a[0],b[6],c1,c2,c3);

-	r[6]=c1;

-	c1=0;

-	mul_add_c(a[0],b[7],c2,c3,c1);

-	mul_add_c(a[1],b[6],c2,c3,c1);

-	mul_add_c(a[2],b[5],c2,c3,c1);

-	mul_add_c(a[3],b[4],c2,c3,c1);

-	mul_add_c(a[4],b[3],c2,c3,c1);

-	mul_add_c(a[5],b[2],c2,c3,c1);

-	mul_add_c(a[6],b[1],c2,c3,c1);

-	mul_add_c(a[7],b[0],c2,c3,c1);

-	r[7]=c2;

-	c2=0;

-	mul_add_c(a[7],b[1],c3,c1,c2);

-	mul_add_c(a[6],b[2],c3,c1,c2);

-	mul_add_c(a[5],b[3],c3,c1,c2);

-	mul_add_c(a[4],b[4],c3,c1,c2);

-	mul_add_c(a[3],b[5],c3,c1,c2);

-	mul_add_c(a[2],b[6],c3,c1,c2);

-	mul_add_c(a[1],b[7],c3,c1,c2);

-	r[8]=c3;

-	c3=0;

-	mul_add_c(a[2],b[7],c1,c2,c3);

-	mul_add_c(a[3],b[6],c1,c2,c3);

-	mul_add_c(a[4],b[5],c1,c2,c3);

-	mul_add_c(a[5],b[4],c1,c2,c3);

-	mul_add_c(a[6],b[3],c1,c2,c3);

-	mul_add_c(a[7],b[2],c1,c2,c3);

-	r[9]=c1;

-	c1=0;

-	mul_add_c(a[7],b[3],c2,c3,c1);

-	mul_add_c(a[6],b[4],c2,c3,c1);

-	mul_add_c(a[5],b[5],c2,c3,c1);

-	mul_add_c(a[4],b[6],c2,c3,c1);

-	mul_add_c(a[3],b[7],c2,c3,c1);

-	r[10]=c2;

-	c2=0;

-	mul_add_c(a[4],b[7],c3,c1,c2);

-	mul_add_c(a[5],b[6],c3,c1,c2);

-	mul_add_c(a[6],b[5],c3,c1,c2);

-	mul_add_c(a[7],b[4],c3,c1,c2);

-	r[11]=c3;

-	c3=0;

-	mul_add_c(a[7],b[5],c1,c2,c3);

-	mul_add_c(a[6],b[6],c1,c2,c3);

-	mul_add_c(a[5],b[7],c1,c2,c3);

-	r[12]=c1;

-	c1=0;

-	mul_add_c(a[6],b[7],c2,c3,c1);

-	mul_add_c(a[7],b[6],c2,c3,c1);

-	r[13]=c2;

-	c2=0;

-	mul_add_c(a[7],b[7],c3,c1,c2);

-	r[14]=c3;

-	r[15]=c1;

-	}

-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-	{

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	mul_add_c(a[0],b[0],c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	mul_add_c(a[0],b[1],c2,c3,c1);

-	mul_add_c(a[1],b[0],c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	mul_add_c(a[2],b[0],c3,c1,c2);

-	mul_add_c(a[1],b[1],c3,c1,c2);

-	mul_add_c(a[0],b[2],c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	mul_add_c(a[0],b[3],c1,c2,c3);

-	mul_add_c(a[1],b[2],c1,c2,c3);

-	mul_add_c(a[2],b[1],c1,c2,c3);

-	mul_add_c(a[3],b[0],c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	mul_add_c(a[3],b[1],c2,c3,c1);

-	mul_add_c(a[2],b[2],c2,c3,c1);

-	mul_add_c(a[1],b[3],c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	mul_add_c(a[2],b[3],c3,c1,c2);

-	mul_add_c(a[3],b[2],c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	mul_add_c(a[3],b[3],c1,c2,c3);

-	r[6]=c1;

-	r[7]=c2;

-	}

-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)

-	{

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	sqr_add_c(a,0,c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	sqr_add_c2(a,1,0,c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	sqr_add_c(a,1,c3,c1,c2);

-	sqr_add_c2(a,2,0,c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	sqr_add_c2(a,3,0,c1,c2,c3);

-	sqr_add_c2(a,2,1,c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	sqr_add_c(a,2,c2,c3,c1);

-	sqr_add_c2(a,3,1,c2,c3,c1);

-	sqr_add_c2(a,4,0,c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	sqr_add_c2(a,5,0,c3,c1,c2);

-	sqr_add_c2(a,4,1,c3,c1,c2);

-	sqr_add_c2(a,3,2,c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	sqr_add_c(a,3,c1,c2,c3);

-	sqr_add_c2(a,4,2,c1,c2,c3);

-	sqr_add_c2(a,5,1,c1,c2,c3);

-	sqr_add_c2(a,6,0,c1,c2,c3);

-	r[6]=c1;

-	c1=0;

-	sqr_add_c2(a,7,0,c2,c3,c1);

-	sqr_add_c2(a,6,1,c2,c3,c1);

-	sqr_add_c2(a,5,2,c2,c3,c1);

-	sqr_add_c2(a,4,3,c2,c3,c1);

-	r[7]=c2;

-	c2=0;

-	sqr_add_c(a,4,c3,c1,c2);

-	sqr_add_c2(a,5,3,c3,c1,c2);

-	sqr_add_c2(a,6,2,c3,c1,c2);

-	sqr_add_c2(a,7,1,c3,c1,c2);

-	r[8]=c3;

-	c3=0;

-	sqr_add_c2(a,7,2,c1,c2,c3);

-	sqr_add_c2(a,6,3,c1,c2,c3);

-	sqr_add_c2(a,5,4,c1,c2,c3);

-	r[9]=c1;

-	c1=0;

-	sqr_add_c(a,5,c2,c3,c1);

-	sqr_add_c2(a,6,4,c2,c3,c1);

-	sqr_add_c2(a,7,3,c2,c3,c1);

-	r[10]=c2;

-	c2=0;

-	sqr_add_c2(a,7,4,c3,c1,c2);

-	sqr_add_c2(a,6,5,c3,c1,c2);

-	r[11]=c3;

-	c3=0;

-	sqr_add_c(a,6,c1,c2,c3);

-	sqr_add_c2(a,7,5,c1,c2,c3);

-	r[12]=c1;

-	c1=0;

-	sqr_add_c2(a,7,6,c2,c3,c1);

-	r[13]=c2;

-	c2=0;

-	sqr_add_c(a,7,c3,c1,c2);

-	r[14]=c3;

-	r[15]=c1;

-	}

-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)

-	{

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	sqr_add_c(a,0,c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	sqr_add_c2(a,1,0,c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	sqr_add_c(a,1,c3,c1,c2);

-	sqr_add_c2(a,2,0,c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	sqr_add_c2(a,3,0,c1,c2,c3);

-	sqr_add_c2(a,2,1,c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	sqr_add_c(a,2,c2,c3,c1);

-	sqr_add_c2(a,3,1,c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	sqr_add_c2(a,3,2,c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	sqr_add_c(a,3,c1,c2,c3);

-	r[6]=c1;

-	r[7]=c2;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn.h

+++ /dev/null

@@ -1,839 +1,0 @@

-/* crypto/bn/bn.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the Eric Young open source

- * license provided above.

- *

- * The binary polynomial arithmetic software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#ifndef HEADER_BN_H

-#define HEADER_BN_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h> /* FILE */

-#endif

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* These preprocessor symbols control various aspects of the bignum headers and

- * library code. They're not defined by any "normal" configuration, as they are

- * intended for development and testing purposes. NB: defining all three can be

- * useful for debugging application code as well as openssl itself.

- *

- * BN_DEBUG - turn on various debugging alterations to the bignum code

- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up

- * mismanagement of bignum internals. You must also define BN_DEBUG.

- */

-/* #define BN_DEBUG */

-/* #define BN_DEBUG_RAND */

-#define BN_MUL_COMBA

-#define BN_SQR_COMBA

-#define BN_RECURSION

-/* This next option uses the C libraries (2 word)/(1 word) function.

- * If it is not defined, I use my C version (which is slower).

- * The reason for this flag is that when the particular C compiler

- * library routine is used, and the library is linked with a different

- * compiler, the library is missing.  This mostly happens when the

- * library is built with gcc and then linked using normal cc.  This would

- * be a common occurrence because gcc normally produces code that is

- * 2 times faster than system compilers for the big number stuff.

- * For machines with only one compiler (or shared libraries), this should

- * be on.  Again this in only really a problem on machines

- * using "long long's", are 32bit, and are not using my assembler code. */

-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \

-    defined(OPENSSL_SYS_WIN32) || defined(linux)

-# ifndef BN_DIV2W

-#  define BN_DIV2W

-# endif

-#endif

-/* assuming long is 64bit - this is the DEC Alpha

- * unsigned long long is only 64 bits :-(, don't define

- * BN_LLONG for the DEC Alpha */

-#ifdef SIXTY_FOUR_BIT_LONG

-#define BN_ULLONG	unsigned long long

-#define BN_ULONG	unsigned long

-#define BN_LONG		long

-#define BN_BITS		128

-#define BN_BYTES	8

-#define BN_BITS2	64

-#define BN_BITS4	32

-#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)

-#define BN_MASK2	(0xffffffffffffffffL)

-#define BN_MASK2l	(0xffffffffL)

-#define BN_MASK2h	(0xffffffff00000000L)

-#define BN_MASK2h1	(0xffffffff80000000L)

-#define BN_TBIT		(0x8000000000000000L)

-#define BN_DEC_CONV	(10000000000000000000UL)

-#define BN_DEC_FMT1	"%lu"

-#define BN_DEC_FMT2	"%019lu"

-#define BN_DEC_NUM	19

-#endif

-/* This is where the long long data type is 64 bits, but long is 32.

- * For machines where there are 64bit registers, this is the mode to use.

- * IRIX, on R4000 and above should use this mode, along with the relevant

- * assembler code :-).  Do NOT define BN_LLONG.

- */

-#ifdef SIXTY_FOUR_BIT

-#undef BN_LLONG

-#undef BN_ULLONG

-#define BN_ULONG	unsigned long long

-#define BN_LONG		long long

-#define BN_BITS		128

-#define BN_BYTES	8

-#define BN_BITS2	64

-#define BN_BITS4	32

-#define BN_MASK2	(0xffffffffffffffffLL)

-#define BN_MASK2l	(0xffffffffL)

-#define BN_MASK2h	(0xffffffff00000000LL)

-#define BN_MASK2h1	(0xffffffff80000000LL)

-#define BN_TBIT		(0x8000000000000000LL)

-#define BN_DEC_CONV	(10000000000000000000ULL)

-#define BN_DEC_FMT1	"%llu"

-#define BN_DEC_FMT2	"%019llu"

-#define BN_DEC_NUM	19

-#endif

-#ifdef THIRTY_TWO_BIT

-#ifdef BN_LLONG

-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)

-#  define BN_ULLONG	unsigned __int64

-# else

-#  define BN_ULLONG	unsigned long long

-# endif

-#endif

-#define BN_ULONG	unsigned long

-#define BN_LONG		long

-#define BN_BITS		64

-#define BN_BYTES	4

-#define BN_BITS2	32

-#define BN_BITS4	16

-#ifdef OPENSSL_SYS_WIN32

-/* VC++ doesn't like the LL suffix */

-#define BN_MASK		(0xffffffffffffffffL)

-#else

-#define BN_MASK		(0xffffffffffffffffLL)

-#endif

-#define BN_MASK2	(0xffffffffL)

-#define BN_MASK2l	(0xffff)

-#define BN_MASK2h1	(0xffff8000L)

-#define BN_MASK2h	(0xffff0000L)

-#define BN_TBIT		(0x80000000L)

-#define BN_DEC_CONV	(1000000000L)

-#define BN_DEC_FMT1	"%lu"

-#define BN_DEC_FMT2	"%09lu"

-#define BN_DEC_NUM	9

-#endif

-#ifdef SIXTEEN_BIT

-#ifndef BN_DIV2W

-#define BN_DIV2W

-#endif

-#define BN_ULLONG	unsigned long

-#define BN_ULONG	unsigned short

-#define BN_LONG		short

-#define BN_BITS		32

-#define BN_BYTES	2

-#define BN_BITS2	16

-#define BN_BITS4	8

-#define BN_MASK		(0xffffffff)

-#define BN_MASK2	(0xffff)

-#define BN_MASK2l	(0xff)

-#define BN_MASK2h1	(0xff80)

-#define BN_MASK2h	(0xff00)

-#define BN_TBIT		(0x8000)

-#define BN_DEC_CONV	(100000)

-#define BN_DEC_FMT1	"%u"

-#define BN_DEC_FMT2	"%05u"

-#define BN_DEC_NUM	5

-#endif

-#ifdef EIGHT_BIT

-#ifndef BN_DIV2W

-#define BN_DIV2W

-#endif

-#define BN_ULLONG	unsigned short

-#define BN_ULONG	unsigned char

-#define BN_LONG		char

-#define BN_BITS		16

-#define BN_BYTES	1

-#define BN_BITS2	8

-#define BN_BITS4	4

-#define BN_MASK		(0xffff)

-#define BN_MASK2	(0xff)

-#define BN_MASK2l	(0xf)

-#define BN_MASK2h1	(0xf8)

-#define BN_MASK2h	(0xf0)

-#define BN_TBIT		(0x80)

-#define BN_DEC_CONV	(100)

-#define BN_DEC_FMT1	"%u"

-#define BN_DEC_FMT2	"%02u"

-#define BN_DEC_NUM	2

-#endif

-#define BN_DEFAULT_BITS	1280

-#define BN_FLG_MALLOCED		0x01

-#define BN_FLG_STATIC_DATA	0x02

-#define BN_FLG_CONSTTIME	0x04 /* avoid leaking exponent information through timing,

-                                      * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,

-                                      * BN_div() will call BN_div_no_branch,

-                                      * BN_mod_inverse() will call BN_mod_inverse_no_branch.

-                                      */

-#ifndef OPENSSL_NO_DEPRECATED

-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */

-                                      /* avoid leaking exponent information through timings

-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#define BN_FLG_FREE		0x8000	/* used for debuging */

-#endif

-#define BN_set_flags(b,n)	((b)->flags|=(n))

-#define BN_get_flags(b,n)	((b)->flags&(n))

-/* get a clone of a BIGNUM with changed flags, for *temporary* use only

- * (the two BIGNUMs cannot not be used in parallel!) */

-#define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \

-                                  (dest)->top=(b)->top, \

-                                  (dest)->dmax=(b)->dmax, \

-                                  (dest)->neg=(b)->neg, \

-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \

-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \

-                                                 |  BN_FLG_STATIC_DATA \

-                                                 |  (n)))

-/* Already declared in ossl_typ.h */

-#if 0

-typedef struct bignum_st BIGNUM;

-/* Used for temp variables (declaration hidden in bn_lcl.h) */

-typedef struct bignum_ctx BN_CTX;

-typedef struct bn_blinding_st BN_BLINDING;

-typedef struct bn_mont_ctx_st BN_MONT_CTX;

-typedef struct bn_recp_ctx_st BN_RECP_CTX;

-typedef struct bn_gencb_st BN_GENCB;

-#endif

-struct bignum_st

-	{

-	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */

-	int top;	/* Index of last used d +1. */

-	/* The next are internal book keeping for bn_expand. */

-	int dmax;	/* Size of the d array. */

-	int neg;	/* one if the number is negative */

-	int flags;

-	};

-/* Used for montgomery multiplication */

-struct bn_mont_ctx_st

-	{

-	int ri;        /* number of bits in R */

-	BIGNUM RR;     /* used to convert to montgomery form */

-	BIGNUM N;      /* The modulus */

-	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1

-	                * (Ni is only stored for bignum algorithm) */

-	BN_ULONG n0;   /* least significant word of Ni */

-	int flags;

-	};

-/* Used for reciprocal division/mod functions

- * It cannot be shared between threads

- */

-struct bn_recp_ctx_st

-	{

-	BIGNUM N;	/* the divisor */

-	BIGNUM Nr;	/* the reciprocal */

-	int num_bits;

-	int shift;

-	int flags;

-	};

-/* Used for slow "generation" functions. */

-struct bn_gencb_st

-	{

-	unsigned int ver;	/* To handle binary (in)compatibility */

-	void *arg;		/* callback-specific data */

-	union

-		{

-		/* if(ver==1) - handles old style callbacks */

-		void (*cb_1)(int, int, void *);

-		/* if(ver==2) - new callback style */

-		int (*cb_2)(int, int, BN_GENCB *);

-		} cb;

-	};

-/* Wrapper function to make using BN_GENCB easier,  */

-int BN_GENCB_call(BN_GENCB *cb, int a, int b);

-/* Macro to populate a BN_GENCB structure with an "old"-style callback */

-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \

-		BN_GENCB *tmp_gencb = (gencb); \

-		tmp_gencb->ver = 1; \

-		tmp_gencb->arg = (cb_arg); \

-		tmp_gencb->cb.cb_1 = (callback); }

-/* Macro to populate a BN_GENCB structure with a "new"-style callback */

-#define BN_GENCB_set(gencb, callback, cb_arg) { \

-		BN_GENCB *tmp_gencb = (gencb); \

-		tmp_gencb->ver = 2; \

-		tmp_gencb->arg = (cb_arg); \

-		tmp_gencb->cb.cb_2 = (callback); }

-#define BN_prime_checks 0 /* default: select number of iterations

-			     based on the size of the number */

-/* number of Miller-Rabin iterations for an error rate  of less than 2^-80

- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook

- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];

- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates

- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */

-#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \

-                                (b) >=  850 ?  3 : \

-                                (b) >=  650 ?  4 : \

-                                (b) >=  550 ?  5 : \

-                                (b) >=  450 ?  6 : \

-                                (b) >=  400 ?  7 : \

-                                (b) >=  350 ?  8 : \

-                                (b) >=  300 ?  9 : \

-                                (b) >=  250 ? 12 : \

-                                (b) >=  200 ? 15 : \

-                                (b) >=  150 ? 18 : \

-                                /* b >= 100 */ 27)

-#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)

-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */

-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \

-				(((w) == 0) && ((a)->top == 0)))

-#define BN_is_zero(a)       ((a)->top == 0)

-#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)

-#define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))

-#define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))

-#define BN_one(a)	(BN_set_word((a),1))

-#define BN_zero_ex(a) \

-	do { \

-		BIGNUM *_tmp_bn = (a); \

-		_tmp_bn->top = 0; \

-		_tmp_bn->neg = 0; \

-	} while(0)

-#ifdef OPENSSL_NO_DEPRECATED

-#define BN_zero(a)	BN_zero_ex(a)

-#else

-#define BN_zero(a)	(BN_set_word((a),0))

-#endif

-const BIGNUM *BN_value_one(void);

-char *	BN_options(void);

-BN_CTX *BN_CTX_new(void);

-#ifndef OPENSSL_NO_DEPRECATED

-void	BN_CTX_init(BN_CTX *c);

-#endif

-void	BN_CTX_free(BN_CTX *c);

-void	BN_CTX_start(BN_CTX *ctx);

-BIGNUM *BN_CTX_get(BN_CTX *ctx);

-void	BN_CTX_end(BN_CTX *ctx);

-int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);

-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);

-int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);

-int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);

-int	BN_num_bits(const BIGNUM *a);

-int	BN_num_bits_word(BN_ULONG);

-BIGNUM *BN_new(void);

-void	BN_init(BIGNUM *);

-void	BN_clear_free(BIGNUM *a);

-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);

-void	BN_swap(BIGNUM *a, BIGNUM *b);

-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);

-int	BN_bn2bin(const BIGNUM *a, unsigned char *to);

-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);

-int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);

-int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

-int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);

-int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);

-/** BN_set_negative sets sign of a BIGNUM

- * \param  b  pointer to the BIGNUM object

- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise

- */

-void	BN_set_negative(BIGNUM *b, int n);

-/** BN_is_negative returns 1 if the BIGNUM is negative

- * \param  a  pointer to the BIGNUM object

- * \return 1 if a < 0 and 0 otherwise

- */

-#define BN_is_negative(a) ((a)->neg != 0)

-int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,

-	BN_CTX *ctx);

-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))

-int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);

-int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);

-int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);

-int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);

-int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);

-int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);

-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);

-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);

-int	BN_mul_word(BIGNUM *a, BN_ULONG w);

-int	BN_add_word(BIGNUM *a, BN_ULONG w);

-int	BN_sub_word(BIGNUM *a, BN_ULONG w);

-int	BN_set_word(BIGNUM *a, BN_ULONG w);

-BN_ULONG BN_get_word(const BIGNUM *a);

-int	BN_cmp(const BIGNUM *a, const BIGNUM *b);

-void	BN_free(BIGNUM *a);

-int	BN_is_bit_set(const BIGNUM *a, int n);

-int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);

-int	BN_lshift1(BIGNUM *r, const BIGNUM *a);

-int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);

-int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m,BN_CTX *ctx);

-int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);

-int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,

-	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,

-	BN_CTX *ctx,BN_MONT_CTX *m_ctx);

-int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m,BN_CTX *ctx);

-int	BN_mask_bits(BIGNUM *a,int n);

-#ifndef OPENSSL_NO_FP_API

-int	BN_print_fp(FILE *fp, const BIGNUM *a);

-#endif

-#ifdef HEADER_BIO_H

-int	BN_print(BIO *fp, const BIGNUM *a);

-#else

-int	BN_print(void *fp, const BIGNUM *a);

-#endif

-int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);

-int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);

-int	BN_rshift1(BIGNUM *r, const BIGNUM *a);

-void	BN_clear(BIGNUM *a);

-BIGNUM *BN_dup(const BIGNUM *a);

-int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);

-int	BN_set_bit(BIGNUM *a, int n);

-int	BN_clear_bit(BIGNUM *a, int n);

-char *	BN_bn2hex(const BIGNUM *a);

-char *	BN_bn2dec(const BIGNUM *a);

-int 	BN_hex2bn(BIGNUM **a, const char *str);

-int 	BN_dec2bn(BIGNUM **a, const char *str);

-int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);

-int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */

-BIGNUM *BN_mod_inverse(BIGNUM *ret,

-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);

-BIGNUM *BN_mod_sqrt(BIGNUM *ret,

-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);

-/* Deprecated versions */

-#ifndef OPENSSL_NO_DEPRECATED

-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,

-	const BIGNUM *add, const BIGNUM *rem,

-	void (*callback)(int,int,void *),void *cb_arg);

-int	BN_is_prime(const BIGNUM *p,int nchecks,

-	void (*callback)(int,int,void *),

-	BN_CTX *ctx,void *cb_arg);

-int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,

-	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,

-	int do_trial_division);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* Newer versions */

-int	BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,

-		const BIGNUM *rem, BN_GENCB *cb);

-int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);

-int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,

-		int do_trial_division, BN_GENCB *cb);

-BN_MONT_CTX *BN_MONT_CTX_new(void );

-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);

-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,

-	BN_MONT_CTX *mont, BN_CTX *ctx);

-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\

-	(r),(a),&((mont)->RR),(mont),(ctx))

-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,

-	BN_MONT_CTX *mont, BN_CTX *ctx);

-void BN_MONT_CTX_free(BN_MONT_CTX *mont);

-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);

-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);

-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,

-					const BIGNUM *mod, BN_CTX *ctx);

-/* BN_BLINDING flags */

-#define	BN_BLINDING_NO_UPDATE	0x00000001

-#define	BN_BLINDING_NO_RECREATE	0x00000002

-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);

-void BN_BLINDING_free(BN_BLINDING *b);

-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);

-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);

-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);

-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);

-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);

-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);

-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);

-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);

-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);

-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,

-	const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,

-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),

-	BN_MONT_CTX *m_ctx);

-#ifndef OPENSSL_NO_DEPRECATED

-void BN_set_params(int mul,int high,int low,int mont);

-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */

-#endif

-void	BN_RECP_CTX_init(BN_RECP_CTX *recp);

-BN_RECP_CTX *BN_RECP_CTX_new(void);

-void	BN_RECP_CTX_free(BN_RECP_CTX *recp);

-int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);

-int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,

-	BN_RECP_CTX *recp,BN_CTX *ctx);

-int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx);

-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,

-	BN_RECP_CTX *recp, BN_CTX *ctx);

-/* Functions for arithmetic over binary polynomials represented by BIGNUMs.

- *

- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is

- * ignored.

- *

- * Note that input arguments are not const so that their bit arrays can

- * be expanded to the appropriate size if needed.

- */

-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/

-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)

-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/

-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */

-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	BN_CTX *ctx); /* r = (a * a) mod p */

-int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,

-	BN_CTX *ctx); /* r = (1 / b) mod p */

-int	BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */

-int	BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */

-int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	BN_CTX *ctx); /* r = sqrt(a) mod p */

-int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	BN_CTX *ctx); /* r^2 + r = a mod p */

-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))

-/* Some functions allow for representation of the irreducible polynomials

- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:

- *     t^p[0] + t^p[1] + ... + t^p[k]

- * where m = p[0] > p[1] > ... > p[k] = 0.

- */

-int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);

-	/* r = a mod p */

-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */

-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],

-	BN_CTX *ctx); /* r = (a * a) mod p */

-int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],

-	BN_CTX *ctx); /* r = (1 / b) mod p */

-int	BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */

-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-	const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */

-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,

-	const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */

-int	BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,

-	const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */

-int	BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);

-int	BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);

-/* faster mod functions for the 'NIST primes'

- * 0 <= a < p^2 */

-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

-const BIGNUM *BN_get0_nist_prime_192(void);

-const BIGNUM *BN_get0_nist_prime_224(void);

-const BIGNUM *BN_get0_nist_prime_256(void);

-const BIGNUM *BN_get0_nist_prime_384(void);

-const BIGNUM *BN_get0_nist_prime_521(void);

-/* library internal functions */

-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\

-	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))

-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))

-BIGNUM *bn_expand2(BIGNUM *a, int words);

-#ifndef OPENSSL_NO_DEPRECATED

-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */

-#endif

-/* Bignum consistency macros

- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from

- * bignum data after direct manipulations on the data. There is also an

- * "internal" macro, bn_check_top(), for verifying that there are no leading

- * zeroes. Unfortunately, some auditing is required due to the fact that

- * bn_fix_top() has become an overabused duct-tape because bignum data is

- * occasionally passed around in an inconsistent state. So the following

- * changes have been made to sort this out;

- * - bn_fix_top()s implementation has been moved to bn_correct_top()

- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and

- *   bn_check_top() is as before.

- * - if BN_DEBUG *is* defined;

- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is

- *     consistent. (ed: only if BN_DEBUG_RAND is defined)

- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.

- * The idea is to have debug builds flag up inconsistent bignums when they

- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if

- * the use of bn_fix_top() was appropriate (ie. it follows directly after code

- * that manipulates the bignum) it is converted to bn_correct_top(), and if it

- * was not appropriate, we convert it permanently to bn_check_top() and track

- * down the cause of the bug. Eventually, no internal code should be using the

- * bn_fix_top() macro. External applications and libraries should try this with

- * their own code too, both in terms of building against the openssl headers

- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it

- * defined. This not only improves external code, it provides more test

- * coverage for openssl's own code.

- */

-#ifdef BN_DEBUG

-/* We only need assert() when debugging */

-#include <assert.h>

-#ifdef BN_DEBUG_RAND

-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */

-#ifndef RAND_pseudo_bytes

-int RAND_pseudo_bytes(unsigned char *buf,int num);

-#define BN_DEBUG_TRIX

-#endif

-#define bn_pollute(a) \

-	do { \

-		const BIGNUM *_bnum1 = (a); \

-		if(_bnum1->top < _bnum1->dmax) { \

-			unsigned char _tmp_char; \

-			/* We cast away const without the compiler knowing, any \

-			 * *genuinely* constant variables that aren't mutable \

-			 * wouldn't be constructed with top!=dmax. */ \

-			BN_ULONG *_not_const; \

-			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \

-			RAND_pseudo_bytes(&_tmp_char, 1); \

-			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \

-				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \

-		} \

-	} while(0)

-#ifdef BN_DEBUG_TRIX

-#undef RAND_pseudo_bytes

-#endif

-#else

-#define bn_pollute(a)

-#endif

-#define bn_check_top(a) \

-	do { \

-		const BIGNUM *_bnum2 = (a); \

-		if (_bnum2 != NULL) { \

-			assert((_bnum2->top == 0) || \

-				(_bnum2->d[_bnum2->top - 1] != 0)); \

-			bn_pollute(_bnum2); \

-		} \

-	} while(0)

-#define bn_fix_top(a)		bn_check_top(a)

-#else /* !BN_DEBUG */

-#define bn_pollute(a)

-#define bn_check_top(a)

-#define bn_fix_top(a)		bn_correct_top(a)

-#endif

-#define bn_correct_top(a) \

-        { \

-        BN_ULONG *ftl; \

-	if ((a)->top > 0) \

-		{ \

-		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \

-		if (*(ftl--)) break; \

-		} \

-	bn_pollute(a); \

-	}

-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);

-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);

-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);

-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);

-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);

-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);

-/* Primes from RFC 2409 */

-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);

-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);

-/* Primes from RFC 3526 */

-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);

-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);

-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_BN_strings(void);

-/* Error codes for the BN functions. */

-/* Function codes. */

-#define BN_F_BNRAND					 127

-#define BN_F_BN_BLINDING_CONVERT_EX			 100

-#define BN_F_BN_BLINDING_CREATE_PARAM			 128

-#define BN_F_BN_BLINDING_INVERT_EX			 101

-#define BN_F_BN_BLINDING_NEW				 102

-#define BN_F_BN_BLINDING_UPDATE				 103

-#define BN_F_BN_BN2DEC					 104

-#define BN_F_BN_BN2HEX					 105

-#define BN_F_BN_CTX_GET					 116

-#define BN_F_BN_CTX_NEW					 106

-#define BN_F_BN_CTX_START				 129

-#define BN_F_BN_DIV					 107

-#define BN_F_BN_DIV_NO_BRANCH				 138

-#define BN_F_BN_DIV_RECP				 130

-#define BN_F_BN_EXP					 123

-#define BN_F_BN_EXPAND2					 108

-#define BN_F_BN_EXPAND_INTERNAL				 120

-#define BN_F_BN_GF2M_MOD				 131

-#define BN_F_BN_GF2M_MOD_EXP				 132

-#define BN_F_BN_GF2M_MOD_MUL				 133

-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD			 134

-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR			 135

-#define BN_F_BN_GF2M_MOD_SQR				 136

-#define BN_F_BN_GF2M_MOD_SQRT				 137

-#define BN_F_BN_MOD_EXP2_MONT				 118

-#define BN_F_BN_MOD_EXP_MONT				 109

-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME			 124

-#define BN_F_BN_MOD_EXP_MONT_WORD			 117

-#define BN_F_BN_MOD_EXP_RECP				 125

-#define BN_F_BN_MOD_EXP_SIMPLE				 126

-#define BN_F_BN_MOD_INVERSE				 110

-#define BN_F_BN_MOD_INVERSE_NO_BRANCH			 139

-#define BN_F_BN_MOD_LSHIFT_QUICK			 119

-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111

-#define BN_F_BN_MOD_SQRT				 121

-#define BN_F_BN_MPI2BN					 112

-#define BN_F_BN_NEW					 113

-#define BN_F_BN_RAND					 114

-#define BN_F_BN_RAND_RANGE				 122

-#define BN_F_BN_USUB					 115

-/* Reason codes. */

-#define BN_R_ARG2_LT_ARG3				 100

-#define BN_R_BAD_RECIPROCAL				 101

-#define BN_R_BIGNUM_TOO_LONG				 114

-#define BN_R_CALLED_WITH_EVEN_MODULUS			 102

-#define BN_R_DIV_BY_ZERO				 103

-#define BN_R_ENCODING_ERROR				 104

-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105

-#define BN_R_INPUT_NOT_REDUCED				 110

-#define BN_R_INVALID_LENGTH				 106

-#define BN_R_INVALID_RANGE				 115

-#define BN_R_NOT_A_SQUARE				 111

-#define BN_R_NOT_INITIALIZED				 107

-#define BN_R_NO_INVERSE					 108

-#define BN_R_NO_SOLUTION				 116

-#define BN_R_P_IS_NOT_PRIME				 112

-#define BN_R_TOO_MANY_ITERATIONS			 113

-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn.mul

+++ /dev/null

@@ -1,19 +1,0 @@

-We need

-* bn_mul_comba8

-* bn_mul_comba4

-* bn_mul_normal

-* bn_mul_recursive

-* bn_sqr_comba8

-* bn_sqr_comba4

-bn_sqr_normal -> BN_sqr

-* bn_sqr_recursive

-* bn_mul_low_recursive

-* bn_mul_low_normal

-* bn_mul_high

-* bn_mul_part_recursive	# symetric but not power of 2

-bn_mul_asymetric_recursive # uneven, but do the chop up.

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_add.c

+++ /dev/null

@@ -1,313 +1,0 @@

-/* crypto/bn/bn_add.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* r can == a or b */

-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)

-	{

-	const BIGNUM *tmp;

-	int a_neg = a->neg, ret;

-	bn_check_top(a);

-	bn_check_top(b);

-	/*  a +  b	a+b

-	 *  a + -b	a-b

-	 * -a +  b	b-a

-	 * -a + -b	-(a+b)

-	 */

-	if (a_neg ^ b->neg)

-		{

-		/* only one is negative */

-		if (a_neg)

-			{ tmp=a; a=b; b=tmp; }

-		/* we are now a - b */

-		if (BN_ucmp(a,b) < 0)

-			{

-			if (!BN_usub(r,b,a)) return(0);

-			r->neg=1;

-			}

-		else

-			{

-			if (!BN_usub(r,a,b)) return(0);

-			r->neg=0;

-			}

-		return(1);

-		}

-	ret = BN_uadd(r,a,b);

-	r->neg = a_neg;

-	bn_check_top(r);

-	return ret;

-	}

-/* unsigned add of b to a */

-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)

-	{

-	int max,min,dif;

-	BN_ULONG *ap,*bp,*rp,carry,t1,t2;

-	const BIGNUM *tmp;

-	bn_check_top(a);

-	bn_check_top(b);

-	if (a->top < b->top)

-		{ tmp=a; a=b; b=tmp; }

-	max = a->top;

-	min = b->top;

-	dif = max - min;

-	if (bn_wexpand(r,max+1) == NULL)

-		return 0;

-	r->top=max;

-	ap=a->d;

-	bp=b->d;

-	rp=r->d;

-	carry=bn_add_words(rp,ap,bp,min);

-	rp+=min;

-	ap+=min;

-	bp+=min;

-	if (carry)

-		{

-		while (dif)

-			{

-			dif--;

-			t1 = *(ap++);

-			t2 = (t1+1) & BN_MASK2;

-			*(rp++) = t2;

-			if (t2)

-				{

-				carry=0;

-				break;

-				}

-			}

-		if (carry)

-			{

-			/* carry != 0 => dif == 0 */

-			*rp = 1;

-			r->top++;

-			}

-		}

-	if (dif && rp != ap)

-		while (dif--)

-			/* copy remaining words if ap != rp */

-			*(rp++) = *(ap++);

-	r->neg = 0;

-	bn_check_top(r);

-	return 1;

-	}

-/* unsigned subtraction of b from a, a must be larger than b. */

-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)

-	{

-	int max,min,dif;

-	register BN_ULONG t1,t2,*ap,*bp,*rp;

-	int i,carry;

-#if defined(IRIX_CC_BUG) && !defined(LINT)

-	int dummy;

-#endif

-	bn_check_top(a);

-	bn_check_top(b);

-	max = a->top;

-	min = b->top;

-	dif = max - min;

-	if (dif < 0)	/* hmm... should not be happening */

-		{

-		BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);

-		return(0);

-		}

-	if (bn_wexpand(r,max) == NULL) return(0);

-	ap=a->d;

-	bp=b->d;

-	rp=r->d;

-#if 1

-	carry=0;

-	for (i = min; i != 0; i--)

-		{

-		t1= *(ap++);

-		t2= *(bp++);

-		if (carry)

-			{

-			carry=(t1 <= t2);

-			t1=(t1-t2-1)&BN_MASK2;

-			}

-		else

-			{

-			carry=(t1 < t2);

-			t1=(t1-t2)&BN_MASK2;

-			}

-#if defined(IRIX_CC_BUG) && !defined(LINT)

-		dummy=t1;

-#endif

-		*(rp++)=t1&BN_MASK2;

-		}

-#else

-	carry=bn_sub_words(rp,ap,bp,min);

-	ap+=min;

-	bp+=min;

-	rp+=min;

-#endif

-	if (carry) /* subtracted */

-		{

-		if (!dif)

-			/* error: a < b */

-			return 0;

-		while (dif)

-			{

-			dif--;

-			t1 = *(ap++);

-			t2 = (t1-1)&BN_MASK2;

-			*(rp++) = t2;

-			if (t1)

-				break;

-			}

-		}

-#if 0

-	memcpy(rp,ap,sizeof(*rp)*(max-i));

-#else

-	if (rp != ap)

-		{

-		for (;;)

-			{

-			if (!dif--) break;

-			rp[0]=ap[0];

-			if (!dif--) break;

-			rp[1]=ap[1];

-			if (!dif--) break;

-			rp[2]=ap[2];

-			if (!dif--) break;

-			rp[3]=ap[3];

-			rp+=4;

-			ap+=4;

-			}

-		}

-#endif

-	r->top=max;

-	r->neg=0;

-	bn_correct_top(r);

-	return(1);

-	}

-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)

-	{

-	int max;

-	int add=0,neg=0;

-	const BIGNUM *tmp;

-	bn_check_top(a);

-	bn_check_top(b);

-	/*  a -  b	a-b

-	 *  a - -b	a+b

-	 * -a -  b	-(a+b)

-	 * -a - -b	b-a

-	 */

-	if (a->neg)

-		{

-		if (b->neg)

-			{ tmp=a; a=b; b=tmp; }

-		else

-			{ add=1; neg=1; }

-		}

-	else

-		{

-		if (b->neg) { add=1; neg=0; }

-		}

-	if (add)

-		{

-		if (!BN_uadd(r,a,b)) return(0);

-		r->neg=neg;

-		return(1);

-		}

-	/* We are actually doing a - b :-) */

-	max=(a->top > b->top)?a->top:b->top;

-	if (bn_wexpand(r,max) == NULL) return(0);

-	if (BN_ucmp(a,b) < 0)

-		{

-		if (!BN_usub(r,b,a)) return(0);

-		r->neg=1;

-		}

-	else

-		{

-		if (!BN_usub(r,a,b)) return(0);

-		r->neg=0;

-		}

-	bn_check_top(r);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_asm.c

+++ /dev/null

@@ -1,860 +1,0 @@

-/* crypto/bn/bn_asm.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef BN_DEBUG

-# undef NDEBUG /* avoid conflicting definitions */

-# define NDEBUG

-#endif

-#include <stdio.h>

-#include <assert.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)

-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)

-	{

-	BN_ULONG c1=0;

-	assert(num >= 0);

-	if (num <= 0) return(c1);

-	while (num&~3)

-		{

-		mul_add(rp[0],ap[0],w,c1);

-		mul_add(rp[1],ap[1],w,c1);

-		mul_add(rp[2],ap[2],w,c1);

-		mul_add(rp[3],ap[3],w,c1);

-		ap+=4; rp+=4; num-=4;

-		}

-	if (num)

-		{

-		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;

-		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;

-		mul_add(rp[2],ap[2],w,c1); return c1;

-		}

-	return(c1);

-	}

-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)

-	{

-	BN_ULONG c1=0;

-	assert(num >= 0);

-	if (num <= 0) return(c1);

-	while (num&~3)

-		{

-		mul(rp[0],ap[0],w,c1);

-		mul(rp[1],ap[1],w,c1);

-		mul(rp[2],ap[2],w,c1);

-		mul(rp[3],ap[3],w,c1);

-		ap+=4; rp+=4; num-=4;

-		}

-	if (num)

-		{

-		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;

-		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;

-		mul(rp[2],ap[2],w,c1);

-		}

-	return(c1);

-	}

-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)

-        {

-	assert(n >= 0);

-	if (n <= 0) return;

-	while (n&~3)

-		{

-		sqr(r[0],r[1],a[0]);

-		sqr(r[2],r[3],a[1]);

-		sqr(r[4],r[5],a[2]);

-		sqr(r[6],r[7],a[3]);

-		a+=4; r+=8; n-=4;

-		}

-	if (n)

-		{

-		sqr(r[0],r[1],a[0]); if (--n == 0) return;

-		sqr(r[2],r[3],a[1]); if (--n == 0) return;

-		sqr(r[4],r[5],a[2]);

-		}

-	}

-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */

-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)

-	{

-	BN_ULONG c=0;

-	BN_ULONG bl,bh;

-	assert(num >= 0);

-	if (num <= 0) return((BN_ULONG)0);

-	bl=LBITS(w);

-	bh=HBITS(w);

-	for (;;)

-		{

-		mul_add(rp[0],ap[0],bl,bh,c);

-		if (--num == 0) break;

-		mul_add(rp[1],ap[1],bl,bh,c);

-		if (--num == 0) break;

-		mul_add(rp[2],ap[2],bl,bh,c);

-		if (--num == 0) break;

-		mul_add(rp[3],ap[3],bl,bh,c);

-		if (--num == 0) break;

-		ap+=4;

-		rp+=4;

-		}

-	return(c);

-	}

-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)

-	{

-	BN_ULONG carry=0;

-	BN_ULONG bl,bh;

-	assert(num >= 0);

-	if (num <= 0) return((BN_ULONG)0);

-	bl=LBITS(w);

-	bh=HBITS(w);

-	for (;;)

-		{

-		mul(rp[0],ap[0],bl,bh,carry);

-		if (--num == 0) break;

-		mul(rp[1],ap[1],bl,bh,carry);

-		if (--num == 0) break;

-		mul(rp[2],ap[2],bl,bh,carry);

-		if (--num == 0) break;

-		mul(rp[3],ap[3],bl,bh,carry);

-		if (--num == 0) break;

-		ap+=4;

-		rp+=4;

-		}

-	return(carry);

-	}

-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)

-        {

-	assert(n >= 0);

-	if (n <= 0) return;

-	for (;;)

-		{

-		sqr64(r[0],r[1],a[0]);

-		if (--n == 0) break;

-		sqr64(r[2],r[3],a[1]);

-		if (--n == 0) break;

-		sqr64(r[4],r[5],a[2]);

-		if (--n == 0) break;

-		sqr64(r[6],r[7],a[3]);

-		if (--n == 0) break;

-		a+=4;

-		r+=8;

-		}

-	}

-#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */

-#if defined(BN_LLONG) && defined(BN_DIV2W)

-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)

-	{

-	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));

-	}

-#else

-/* Divide h,l by d and return the result. */

-/* I need to test this some more :-( */

-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)

-	{

-	BN_ULONG dh,dl,q,ret=0,th,tl,t;

-	int i,count=2;

-	if (d == 0) return(BN_MASK2);

-	i=BN_num_bits_word(d);

-	assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));

-	i=BN_BITS2-i;

-	if (h >= d) h-=d;

-	if (i)

-		{

-		d<<=i;

-		h=(h<<i)|(l>>(BN_BITS2-i));

-		l<<=i;

-		}

-	dh=(d&BN_MASK2h)>>BN_BITS4;

-	dl=(d&BN_MASK2l);

-	for (;;)

-		{

-		if ((h>>BN_BITS4) == dh)

-			q=BN_MASK2l;

-		else

-			q=h/dh;

-		th=q*dh;

-		tl=dl*q;

-		for (;;)

-			{

-			t=h-th;

-			if ((t&BN_MASK2h) ||

-				((tl) <= (

-					(t<<BN_BITS4)|

-					((l&BN_MASK2h)>>BN_BITS4))))

-				break;

-			q--;

-			th-=dh;

-			tl-=dl;

-			}

-		t=(tl>>BN_BITS4);

-		tl=(tl<<BN_BITS4)&BN_MASK2h;

-		th+=t;

-		if (l < tl) th++;

-		l-=tl;

-		if (h < th)

-			{

-			h+=d;

-			q--;

-			}

-		h-=th;

-		if (--count == 0) break;

-		ret=q<<BN_BITS4;

-		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;

-		l=(l&BN_MASK2l)<<BN_BITS4;

-		}

-	ret|=q;

-	return(ret);

-	}

-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */

-#ifdef BN_LLONG

-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)

-        {

-	BN_ULLONG ll=0;

-	assert(n >= 0);

-	if (n <= 0) return((BN_ULONG)0);

-	for (;;)

-		{

-		ll+=(BN_ULLONG)a[0]+b[0];

-		r[0]=(BN_ULONG)ll&BN_MASK2;

-		ll>>=BN_BITS2;

-		if (--n <= 0) break;

-		ll+=(BN_ULLONG)a[1]+b[1];

-		r[1]=(BN_ULONG)ll&BN_MASK2;

-		ll>>=BN_BITS2;

-		if (--n <= 0) break;

-		ll+=(BN_ULLONG)a[2]+b[2];

-		r[2]=(BN_ULONG)ll&BN_MASK2;

-		ll>>=BN_BITS2;

-		if (--n <= 0) break;

-		ll+=(BN_ULLONG)a[3]+b[3];

-		r[3]=(BN_ULONG)ll&BN_MASK2;

-		ll>>=BN_BITS2;

-		if (--n <= 0) break;

-		a+=4;

-		b+=4;

-		r+=4;

-		}

-	return((BN_ULONG)ll);

-	}

-#else /* !BN_LLONG */

-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)

-        {

-	BN_ULONG c,l,t;

-	assert(n >= 0);

-	if (n <= 0) return((BN_ULONG)0);

-	c=0;

-	for (;;)

-		{

-		t=a[0];

-		t=(t+c)&BN_MASK2;

-		c=(t < c);

-		l=(t+b[0])&BN_MASK2;

-		c+=(l < t);

-		r[0]=l;

-		if (--n <= 0) break;

-		t=a[1];

-		t=(t+c)&BN_MASK2;

-		c=(t < c);

-		l=(t+b[1])&BN_MASK2;

-		c+=(l < t);

-		r[1]=l;

-		if (--n <= 0) break;

-		t=a[2];

-		t=(t+c)&BN_MASK2;

-		c=(t < c);

-		l=(t+b[2])&BN_MASK2;

-		c+=(l < t);

-		r[2]=l;

-		if (--n <= 0) break;

-		t=a[3];

-		t=(t+c)&BN_MASK2;

-		c=(t < c);

-		l=(t+b[3])&BN_MASK2;

-		c+=(l < t);

-		r[3]=l;

-		if (--n <= 0) break;

-		a+=4;

-		b+=4;

-		r+=4;

-		}

-	return((BN_ULONG)c);

-	}

-#endif /* !BN_LLONG */

-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)

-        {

-	BN_ULONG t1,t2;

-	int c=0;

-	assert(n >= 0);

-	if (n <= 0) return((BN_ULONG)0);

-	for (;;)

-		{

-		t1=a[0]; t2=b[0];

-		r[0]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		t1=a[1]; t2=b[1];

-		r[1]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		t1=a[2]; t2=b[2];

-		r[2]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		t1=a[3]; t2=b[3];

-		r[3]=(t1-t2-c)&BN_MASK2;

-		if (t1 != t2) c=(t1 < t2);

-		if (--n <= 0) break;

-		a+=4;

-		b+=4;

-		r+=4;

-		}

-	return(c);

-	}

-#ifdef BN_MUL_COMBA

-#undef bn_mul_comba8

-#undef bn_mul_comba4

-#undef bn_sqr_comba8

-#undef bn_sqr_comba4

-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */

-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */

-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */

-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */

-#ifdef BN_LLONG

-#define mul_add_c(a,b,c0,c1,c2) \

-	t=(BN_ULLONG)a*b; \

-	t1=(BN_ULONG)Lw(t); \

-	t2=(BN_ULONG)Hw(t); \

-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \

-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define mul_add_c2(a,b,c0,c1,c2) \

-	t=(BN_ULLONG)a*b; \

-	tt=(t+t)&BN_MASK; \

-	if (tt < t) c2++; \

-	t1=(BN_ULONG)Lw(tt); \

-	t2=(BN_ULONG)Hw(tt); \

-	c0=(c0+t1)&BN_MASK2;  \

-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \

-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define sqr_add_c(a,i,c0,c1,c2) \

-	t=(BN_ULLONG)a[i]*a[i]; \

-	t1=(BN_ULONG)Lw(t); \

-	t2=(BN_ULONG)Hw(t); \

-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \

-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define sqr_add_c2(a,i,j,c0,c1,c2) \

-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

-#elif defined(BN_UMULT_LOHI)

-#define mul_add_c(a,b,c0,c1,c2)	{	\

-	BN_ULONG ta=(a),tb=(b);		\

-	BN_UMULT_LOHI(t1,t2,ta,tb);	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define mul_add_c2(a,b,c0,c1,c2) {	\

-	BN_ULONG ta=(a),tb=(b),t0;	\

-	BN_UMULT_LOHI(t0,t1,ta,tb);	\

-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\

-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define sqr_add_c(a,i,c0,c1,c2)	{	\

-	BN_ULONG ta=(a)[i];		\

-	BN_UMULT_LOHI(t1,t2,ta,ta);	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define sqr_add_c2(a,i,j,c0,c1,c2)	\

-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

-#elif defined(BN_UMULT_HIGH)

-#define mul_add_c(a,b,c0,c1,c2)	{	\

-	BN_ULONG ta=(a),tb=(b);		\

-	t1 = ta * tb;			\

-	t2 = BN_UMULT_HIGH(ta,tb);	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define mul_add_c2(a,b,c0,c1,c2) {	\

-	BN_ULONG ta=(a),tb=(b),t0;	\

-	t1 = BN_UMULT_HIGH(ta,tb);	\

-	t0 = ta * tb;			\

-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\

-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define sqr_add_c(a,i,c0,c1,c2)	{	\

-	BN_ULONG ta=(a)[i];		\

-	t1 = ta * ta;			\

-	t2 = BN_UMULT_HIGH(ta,ta);	\

-	c0 += t1; t2 += (c0<t1)?1:0;	\

-	c1 += t2; c2 += (c1<t2)?1:0;	\

-	}

-#define sqr_add_c2(a,i,j,c0,c1,c2)	\

-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

-#else /* !BN_LLONG */

-#define mul_add_c(a,b,c0,c1,c2) \

-	t1=LBITS(a); t2=HBITS(a); \

-	bl=LBITS(b); bh=HBITS(b); \

-	mul64(t1,t2,bl,bh); \

-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \

-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define mul_add_c2(a,b,c0,c1,c2) \

-	t1=LBITS(a); t2=HBITS(a); \

-	bl=LBITS(b); bh=HBITS(b); \

-	mul64(t1,t2,bl,bh); \

-	if (t2 & BN_TBIT) c2++; \

-	t2=(t2+t2)&BN_MASK2; \

-	if (t1 & BN_TBIT) t2++; \

-	t1=(t1+t1)&BN_MASK2; \

-	c0=(c0+t1)&BN_MASK2;  \

-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \

-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define sqr_add_c(a,i,c0,c1,c2) \

-	sqr64(t1,t2,(a)[i]); \

-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \

-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define sqr_add_c2(a,i,j,c0,c1,c2) \

-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

-#endif /* !BN_LLONG */

-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-	{

-#ifdef BN_LLONG

-	BN_ULLONG t;

-#else

-	BN_ULONG bl,bh;

-#endif

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	mul_add_c(a[0],b[0],c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	mul_add_c(a[0],b[1],c2,c3,c1);

-	mul_add_c(a[1],b[0],c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	mul_add_c(a[2],b[0],c3,c1,c2);

-	mul_add_c(a[1],b[1],c3,c1,c2);

-	mul_add_c(a[0],b[2],c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	mul_add_c(a[0],b[3],c1,c2,c3);

-	mul_add_c(a[1],b[2],c1,c2,c3);

-	mul_add_c(a[2],b[1],c1,c2,c3);

-	mul_add_c(a[3],b[0],c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	mul_add_c(a[4],b[0],c2,c3,c1);

-	mul_add_c(a[3],b[1],c2,c3,c1);

-	mul_add_c(a[2],b[2],c2,c3,c1);

-	mul_add_c(a[1],b[3],c2,c3,c1);

-	mul_add_c(a[0],b[4],c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	mul_add_c(a[0],b[5],c3,c1,c2);

-	mul_add_c(a[1],b[4],c3,c1,c2);

-	mul_add_c(a[2],b[3],c3,c1,c2);

-	mul_add_c(a[3],b[2],c3,c1,c2);

-	mul_add_c(a[4],b[1],c3,c1,c2);

-	mul_add_c(a[5],b[0],c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	mul_add_c(a[6],b[0],c1,c2,c3);

-	mul_add_c(a[5],b[1],c1,c2,c3);

-	mul_add_c(a[4],b[2],c1,c2,c3);

-	mul_add_c(a[3],b[3],c1,c2,c3);

-	mul_add_c(a[2],b[4],c1,c2,c3);

-	mul_add_c(a[1],b[5],c1,c2,c3);

-	mul_add_c(a[0],b[6],c1,c2,c3);

-	r[6]=c1;

-	c1=0;

-	mul_add_c(a[0],b[7],c2,c3,c1);

-	mul_add_c(a[1],b[6],c2,c3,c1);

-	mul_add_c(a[2],b[5],c2,c3,c1);

-	mul_add_c(a[3],b[4],c2,c3,c1);

-	mul_add_c(a[4],b[3],c2,c3,c1);

-	mul_add_c(a[5],b[2],c2,c3,c1);

-	mul_add_c(a[6],b[1],c2,c3,c1);

-	mul_add_c(a[7],b[0],c2,c3,c1);

-	r[7]=c2;

-	c2=0;

-	mul_add_c(a[7],b[1],c3,c1,c2);

-	mul_add_c(a[6],b[2],c3,c1,c2);

-	mul_add_c(a[5],b[3],c3,c1,c2);

-	mul_add_c(a[4],b[4],c3,c1,c2);

-	mul_add_c(a[3],b[5],c3,c1,c2);

-	mul_add_c(a[2],b[6],c3,c1,c2);

-	mul_add_c(a[1],b[7],c3,c1,c2);

-	r[8]=c3;

-	c3=0;

-	mul_add_c(a[2],b[7],c1,c2,c3);

-	mul_add_c(a[3],b[6],c1,c2,c3);

-	mul_add_c(a[4],b[5],c1,c2,c3);

-	mul_add_c(a[5],b[4],c1,c2,c3);

-	mul_add_c(a[6],b[3],c1,c2,c3);

-	mul_add_c(a[7],b[2],c1,c2,c3);

-	r[9]=c1;

-	c1=0;

-	mul_add_c(a[7],b[3],c2,c3,c1);

-	mul_add_c(a[6],b[4],c2,c3,c1);

-	mul_add_c(a[5],b[5],c2,c3,c1);

-	mul_add_c(a[4],b[6],c2,c3,c1);

-	mul_add_c(a[3],b[7],c2,c3,c1);

-	r[10]=c2;

-	c2=0;

-	mul_add_c(a[4],b[7],c3,c1,c2);

-	mul_add_c(a[5],b[6],c3,c1,c2);

-	mul_add_c(a[6],b[5],c3,c1,c2);

-	mul_add_c(a[7],b[4],c3,c1,c2);

-	r[11]=c3;

-	c3=0;

-	mul_add_c(a[7],b[5],c1,c2,c3);

-	mul_add_c(a[6],b[6],c1,c2,c3);

-	mul_add_c(a[5],b[7],c1,c2,c3);

-	r[12]=c1;

-	c1=0;

-	mul_add_c(a[6],b[7],c2,c3,c1);

-	mul_add_c(a[7],b[6],c2,c3,c1);

-	r[13]=c2;

-	c2=0;

-	mul_add_c(a[7],b[7],c3,c1,c2);

-	r[14]=c3;

-	r[15]=c1;

-	}

-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-	{

-#ifdef BN_LLONG

-	BN_ULLONG t;

-#else

-	BN_ULONG bl,bh;

-#endif

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	mul_add_c(a[0],b[0],c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	mul_add_c(a[0],b[1],c2,c3,c1);

-	mul_add_c(a[1],b[0],c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	mul_add_c(a[2],b[0],c3,c1,c2);

-	mul_add_c(a[1],b[1],c3,c1,c2);

-	mul_add_c(a[0],b[2],c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	mul_add_c(a[0],b[3],c1,c2,c3);

-	mul_add_c(a[1],b[2],c1,c2,c3);

-	mul_add_c(a[2],b[1],c1,c2,c3);

-	mul_add_c(a[3],b[0],c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	mul_add_c(a[3],b[1],c2,c3,c1);

-	mul_add_c(a[2],b[2],c2,c3,c1);

-	mul_add_c(a[1],b[3],c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	mul_add_c(a[2],b[3],c3,c1,c2);

-	mul_add_c(a[3],b[2],c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	mul_add_c(a[3],b[3],c1,c2,c3);

-	r[6]=c1;

-	r[7]=c2;

-	}

-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)

-	{

-#ifdef BN_LLONG

-	BN_ULLONG t,tt;

-#else

-	BN_ULONG bl,bh;

-#endif

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	sqr_add_c(a,0,c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	sqr_add_c2(a,1,0,c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	sqr_add_c(a,1,c3,c1,c2);

-	sqr_add_c2(a,2,0,c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	sqr_add_c2(a,3,0,c1,c2,c3);

-	sqr_add_c2(a,2,1,c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	sqr_add_c(a,2,c2,c3,c1);

-	sqr_add_c2(a,3,1,c2,c3,c1);

-	sqr_add_c2(a,4,0,c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	sqr_add_c2(a,5,0,c3,c1,c2);

-	sqr_add_c2(a,4,1,c3,c1,c2);

-	sqr_add_c2(a,3,2,c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	sqr_add_c(a,3,c1,c2,c3);

-	sqr_add_c2(a,4,2,c1,c2,c3);

-	sqr_add_c2(a,5,1,c1,c2,c3);

-	sqr_add_c2(a,6,0,c1,c2,c3);

-	r[6]=c1;

-	c1=0;

-	sqr_add_c2(a,7,0,c2,c3,c1);

-	sqr_add_c2(a,6,1,c2,c3,c1);

-	sqr_add_c2(a,5,2,c2,c3,c1);

-	sqr_add_c2(a,4,3,c2,c3,c1);

-	r[7]=c2;

-	c2=0;

-	sqr_add_c(a,4,c3,c1,c2);

-	sqr_add_c2(a,5,3,c3,c1,c2);

-	sqr_add_c2(a,6,2,c3,c1,c2);

-	sqr_add_c2(a,7,1,c3,c1,c2);

-	r[8]=c3;

-	c3=0;

-	sqr_add_c2(a,7,2,c1,c2,c3);

-	sqr_add_c2(a,6,3,c1,c2,c3);

-	sqr_add_c2(a,5,4,c1,c2,c3);

-	r[9]=c1;

-	c1=0;

-	sqr_add_c(a,5,c2,c3,c1);

-	sqr_add_c2(a,6,4,c2,c3,c1);

-	sqr_add_c2(a,7,3,c2,c3,c1);

-	r[10]=c2;

-	c2=0;

-	sqr_add_c2(a,7,4,c3,c1,c2);

-	sqr_add_c2(a,6,5,c3,c1,c2);

-	r[11]=c3;

-	c3=0;

-	sqr_add_c(a,6,c1,c2,c3);

-	sqr_add_c2(a,7,5,c1,c2,c3);

-	r[12]=c1;

-	c1=0;

-	sqr_add_c2(a,7,6,c2,c3,c1);

-	r[13]=c2;

-	c2=0;

-	sqr_add_c(a,7,c3,c1,c2);

-	r[14]=c3;

-	r[15]=c1;

-	}

-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)

-	{

-#ifdef BN_LLONG

-	BN_ULLONG t,tt;

-#else

-	BN_ULONG bl,bh;

-#endif

-	BN_ULONG t1,t2;

-	BN_ULONG c1,c2,c3;

-	c1=0;

-	c2=0;

-	c3=0;

-	sqr_add_c(a,0,c1,c2,c3);

-	r[0]=c1;

-	c1=0;

-	sqr_add_c2(a,1,0,c2,c3,c1);

-	r[1]=c2;

-	c2=0;

-	sqr_add_c(a,1,c3,c1,c2);

-	sqr_add_c2(a,2,0,c3,c1,c2);

-	r[2]=c3;

-	c3=0;

-	sqr_add_c2(a,3,0,c1,c2,c3);

-	sqr_add_c2(a,2,1,c1,c2,c3);

-	r[3]=c1;

-	c1=0;

-	sqr_add_c(a,2,c2,c3,c1);

-	sqr_add_c2(a,3,1,c2,c3,c1);

-	r[4]=c2;

-	c2=0;

-	sqr_add_c2(a,3,2,c3,c1,c2);

-	r[5]=c3;

-	c3=0;

-	sqr_add_c(a,3,c1,c2,c3);

-	r[6]=c1;

-	r[7]=c2;

-	}

-#else /* !BN_MUL_COMBA */

-/* hmm... is it faster just to do a multiply? */

-#undef bn_sqr_comba4

-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)

-	{

-	BN_ULONG t[8];

-	bn_sqr_normal(r,a,4,t);

-	}

-#undef bn_sqr_comba8

-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)

-	{

-	BN_ULONG t[16];

-	bn_sqr_normal(r,a,8,t);

-	}

-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-	{

-	r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);

-	r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);

-	r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);

-	r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);

-	}

-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)

-	{

-	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);

-	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);

-	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);

-	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);

-	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);

-	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);

-	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);

-	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);

-	}

-#endif /* !BN_MUL_COMBA */

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_blind.c

+++ /dev/null

@@ -1,365 +1,0 @@

-/* crypto/bn/bn_blind.c */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#define BN_BLINDING_COUNTER	32

-struct bn_blinding_st

-	{

-	BIGNUM *A;

-	BIGNUM *Ai;

-	BIGNUM *e;

-	BIGNUM *mod; /* just a reference */

-	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;

-				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */

-	unsigned int  counter;

-	unsigned long flags;

-	BN_MONT_CTX *m_ctx;

-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx,

-			  BN_MONT_CTX *m_ctx);

-	};

-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)

-	{

-	BN_BLINDING *ret=NULL;

-	bn_check_top(mod);

-	if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)

-		{

-		BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	memset(ret,0,sizeof(BN_BLINDING));

-	if (A != NULL)

-		{

-		if ((ret->A  = BN_dup(A))  == NULL) goto err;

-		}

-	if (Ai != NULL)

-		{

-		if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;

-		}

-	/* save a copy of mod in the BN_BLINDING structure */

-	if ((ret->mod = BN_dup(mod)) == NULL) goto err;

-	if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)

-		BN_set_flags(ret->mod, BN_FLG_CONSTTIME);

-	ret->counter = BN_BLINDING_COUNTER;

-	return(ret);

-err:

-	if (ret != NULL) BN_BLINDING_free(ret);

-	return(NULL);

-	}

-void BN_BLINDING_free(BN_BLINDING *r)

-	{

-	if(r == NULL)

-	    return;

-	if (r->A  != NULL) BN_free(r->A );

-	if (r->Ai != NULL) BN_free(r->Ai);

-	if (r->e  != NULL) BN_free(r->e );

-	if (r->mod != NULL) BN_free(r->mod);

-	OPENSSL_free(r);

-	}

-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)

-	{

-	int ret=0;

-	if ((b->A == NULL) || (b->Ai == NULL))

-		{

-		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);

-		goto err;

-		}

-	if (--(b->counter) == 0 && b->e != NULL &&

-		!(b->flags & BN_BLINDING_NO_RECREATE))

-		{

-		/* re-create blinding parameters */

-		if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))

-			goto err;

-		}

-	else if (!(b->flags & BN_BLINDING_NO_UPDATE))

-		{

-		if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;

-		if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;

-		}

-	ret=1;

-err:

-	if (b->counter == 0)

-		b->counter = BN_BLINDING_COUNTER;

-	return(ret);

-	}

-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)

-	{

-	return BN_BLINDING_convert_ex(n, NULL, b, ctx);

-	}

-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)

-	{

-	int ret = 1;

-	bn_check_top(n);

-	if ((b->A == NULL) || (b->Ai == NULL))

-		{

-		BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);

-		return(0);

-		}

-	if (r != NULL)

-		{

-		if (!BN_copy(r, b->Ai)) ret=0;

-		}

-	if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;

-	return ret;

-	}

-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)

-	{

-	return BN_BLINDING_invert_ex(n, NULL, b, ctx);

-	}

-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)

-	{

-	int ret;

-	bn_check_top(n);

-	if ((b->A == NULL) || (b->Ai == NULL))

-		{

-		BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);

-		return(0);

-		}

-	if (r != NULL)

-		ret = BN_mod_mul(n, n, r, b->mod, ctx);

-	else

-		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);

-	if (ret >= 0)

-		{

-		if (!BN_BLINDING_update(b,ctx))

-			return(0);

-		}

-	bn_check_top(n);

-	return(ret);

-	}

-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)

-	{

-	return b->thread_id;

-	}

-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)

-	{

-	b->thread_id = n;

-	}

-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)

-	{

-	return b->flags;

-	}

-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)

-	{

-	b->flags = flags;

-	}

-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,

-	const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,

-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),

-	BN_MONT_CTX *m_ctx)

-{

-	int    retry_counter = 32;

-	BN_BLINDING *ret = NULL;

-	if (b == NULL)

-		ret = BN_BLINDING_new(NULL, NULL, m);

-	else

-		ret = b;

-	if (ret == NULL)

-		goto err;

-	if (ret->A  == NULL && (ret->A  = BN_new()) == NULL)

-		goto err;

-	if (ret->Ai == NULL && (ret->Ai	= BN_new()) == NULL)

-		goto err;

-	if (e != NULL)

-		{

-		if (ret->e != NULL)

-			BN_free(ret->e);

-		ret->e = BN_dup(e);

-		}

-	if (ret->e == NULL)

-		goto err;

-	if (bn_mod_exp != NULL)

-		ret->bn_mod_exp = bn_mod_exp;

-	if (m_ctx != NULL)

-		ret->m_ctx = m_ctx;

-	do {

-		if (!BN_rand_range(ret->A, ret->mod)) goto err;

-		if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)

-			{

-			/* this should almost never happen for good RSA keys */

-			unsigned long error = ERR_peek_last_error();

-			if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)

-				{

-				if (retry_counter-- == 0)

-				{

-					BNerr(BN_F_BN_BLINDING_CREATE_PARAM,

-						BN_R_TOO_MANY_ITERATIONS);

-					goto err;

-				}

-				ERR_clear_error();

-				}

-			else

-				goto err;

-			}

-		else

-			break;

-	} while (1);

-	if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)

-		{

-		if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))

-			goto err;

-		}

-	else

-		{

-		if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))

-			goto err;

-		}

-	return ret;

-err:

-	if (b == NULL && ret != NULL)

-		{

-		BN_BLINDING_free(ret);

-		ret = NULL;

-		}

-	return ret;

-}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_const.c

+++ /dev/null

@@ -1,402 +1,0 @@

-/* crypto/bn/knownprimes.c */

-/* Insert boilerplate */

-#include "bn.h"

-/* "First Oakley Default Group" from RFC2409, section 6.1.

- *

- * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }

- *

- * RFC2409 specifies a generator of 2.

- * RFC2412 specifies a generator of of 22.

- */

-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)

-	{

-	static const unsigned char RFC2409_PRIME_768[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);

-	}

-/* "Second Oakley Default Group" from RFC2409, section 6.2.

- *

- * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.

- *

- * RFC2409 specifies a generator of 2.

- * RFC2412 specifies a generator of 22.

- */

-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)

-	{

-	static const unsigned char RFC2409_PRIME_1024[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);

-	}

-/* "1536-bit MODP Group" from RFC3526, Section 2.

- *

- * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }

- *

- * RFC3526 specifies a generator of 2.

- * RFC2312 specifies a generator of 22.

- */

-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)

-	{

-	static const unsigned char RFC3526_PRIME_1536[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,

-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,

-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,

-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,

-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,

-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,

-		0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);

-	}

-/* "2048-bit MODP Group" from RFC3526, Section 3.

- *

- * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }

- *

- * RFC3526 specifies a generator of 2.

- */

-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)

-	{

-	static const unsigned char RFC3526_PRIME_2048[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,

-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,

-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,

-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,

-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,

-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,

-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,

-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,

-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,

-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,

-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,

-		0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,

-		0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);

-	}

-/* "3072-bit MODP Group" from RFC3526, Section 4.

- *

- * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }

- *

- * RFC3526 specifies a generator of 2.

- */

-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)

-	{

-	static const unsigned char RFC3526_PRIME_3072[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,

-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,

-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,

-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,

-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,

-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,

-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,

-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,

-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,

-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,

-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,

-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,

-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,

-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,

-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,

-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,

-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,

-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,

-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,

-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,

-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,

-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,

-		0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);

-	}

-/* "4096-bit MODP Group" from RFC3526, Section 5.

- *

- * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }

- *

- * RFC3526 specifies a generator of 2.

- */

-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)

-	{

-	static const unsigned char RFC3526_PRIME_4096[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,

-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,

-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,

-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,

-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,

-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,

-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,

-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,

-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,

-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,

-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,

-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,

-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,

-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,

-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,

-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,

-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,

-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,

-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,

-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,

-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,

-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,

-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,

-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,

-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,

-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,

-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,

-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,

-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,

-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,

-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,

-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,

-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);

-	}

-/* "6144-bit MODP Group" from RFC3526, Section 6.

- *

- * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }

- *

- * RFC3526 specifies a generator of 2.

- */

-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)

-	{

-	static const unsigned char RFC3526_PRIME_6144[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,

-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,

-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,

-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,

-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,

-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,

-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,

-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,

-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,

-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,

-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,

-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,

-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,

-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,

-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,

-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,

-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,

-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,

-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,

-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,

-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,

-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,

-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,

-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,

-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,

-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,

-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,

-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,

-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,

-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,

-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,

-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,

-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,

-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,

-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,

-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,

-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,

-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,

-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,

-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,

-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,

-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,

-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,

-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,

-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,

-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,

-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,

-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,

-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,

-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,

-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,

-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,

-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,

-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,

-		0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);

-	}

-/* "8192-bit MODP Group" from RFC3526, Section 7.

- *

- * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }

- *

- * RFC3526 specifies a generator of 2.

- */

-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)

-	{

-	static const unsigned char RFC3526_PRIME_8192[]={

-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,

-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,

-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,

-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,

-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,

-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,

-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,

-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,

-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,

-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,

-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,

-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,

-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,

-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,

-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,

-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,

-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,

-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,

-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,

-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,

-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,

-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,

-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,

-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,

-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,

-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,

-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,

-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,

-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,

-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,

-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,

-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,

-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,

-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,

-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,

-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,

-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,

-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,

-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,

-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,

-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,

-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,

-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,

-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,

-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,

-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,

-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,

-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,

-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,

-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,

-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,

-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,

-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,

-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,

-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,

-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,

-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,

-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,

-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,

-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,

-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,

-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,

-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,

-		0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,

-		0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,

-		0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,

-		0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,

-		0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,

-		0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,

-		0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,

-		0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,

-		0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,

-		0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,

-		0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,

-		0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,

-		0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,

-		0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,

-		0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,

-		0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,

-		0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,

-		0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,

-		0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,

-		0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,

-		0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,

-		0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,

-		0xFF,0xFF,0xFF,0xFF,

-		};

-	return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_ctx.c

+++ /dev/null

@@ -1,454 +1,0 @@

-/* crypto/bn/bn_ctx.c */

-/* Written by Ulf Moeller for the OpenSSL project. */

-/* ====================================================================

- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)

-#ifndef NDEBUG

-#define NDEBUG

-#endif

-#endif

-#include <stdio.h>

-#include <assert.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* TODO list

- *

- * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and

- * check they can be safely removed.

- *  - Check +1 and other ugliness in BN_from_montgomery()

- *

- * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an

- * appropriate 'block' size that will be honoured by bn_expand_internal() to

- * prevent piddly little reallocations. OTOH, profiling bignum expansions in

- * BN_CTX doesn't show this to be a big issue.

- */

-/* How many bignums are in each "pool item"; */

-#define BN_CTX_POOL_SIZE	16

-/* The stack frame info is resizing, set a first-time expansion size; */

-#define BN_CTX_START_FRAMES	32

-/***********/

-/* BN_POOL */

-/***********/

-/* A bundle of bignums that can be linked with other bundles */

-typedef struct bignum_pool_item

-	{

-	/* The bignum values */

-	BIGNUM vals[BN_CTX_POOL_SIZE];

-	/* Linked-list admin */

-	struct bignum_pool_item *prev, *next;

-	} BN_POOL_ITEM;

-/* A linked-list of bignums grouped in bundles */

-typedef struct bignum_pool

-	{

-	/* Linked-list admin */

-	BN_POOL_ITEM *head, *current, *tail;

-	/* Stack depth and allocation size */

-	unsigned used, size;

-	} BN_POOL;

-static void		BN_POOL_init(BN_POOL *);

-static void		BN_POOL_finish(BN_POOL *);

-#ifndef OPENSSL_NO_DEPRECATED

-static void		BN_POOL_reset(BN_POOL *);

-#endif

-static BIGNUM *		BN_POOL_get(BN_POOL *);

-static void		BN_POOL_release(BN_POOL *, unsigned int);

-/************/

-/* BN_STACK */

-/************/

-/* A wrapper to manage the "stack frames" */

-typedef struct bignum_ctx_stack

-	{

-	/* Array of indexes into the bignum stack */

-	unsigned int *indexes;

-	/* Number of stack frames, and the size of the allocated array */

-	unsigned int depth, size;

-	} BN_STACK;

-static void		BN_STACK_init(BN_STACK *);

-static void		BN_STACK_finish(BN_STACK *);

-#ifndef OPENSSL_NO_DEPRECATED

-static void		BN_STACK_reset(BN_STACK *);

-#endif

-static int		BN_STACK_push(BN_STACK *, unsigned int);

-static unsigned int	BN_STACK_pop(BN_STACK *);

-/**********/

-/* BN_CTX */

-/**********/

-/* The opaque BN_CTX type */

-struct bignum_ctx

-	{

-	/* The bignum bundles */

-	BN_POOL pool;

-	/* The "stack frames", if you will */

-	BN_STACK stack;

-	/* The number of bignums currently assigned */

-	unsigned int used;

-	/* Depth of stack overflow */

-	int err_stack;

-	/* Block "gets" until an "end" (compatibility behaviour) */

-	int too_many;

-	};

-/* Enable this to find BN_CTX bugs */

-#ifdef BN_CTX_DEBUG

-static const char *ctxdbg_cur = NULL;

-static void ctxdbg(BN_CTX *ctx)

-	{

-	unsigned int bnidx = 0, fpidx = 0;

-	BN_POOL_ITEM *item = ctx->pool.head;

-	BN_STACK *stack = &ctx->stack;

-	fprintf(stderr,"(%08x): ", (unsigned int)ctx);

-	while(bnidx < ctx->used)

-		{

-		fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);

-		if(!(bnidx % BN_CTX_POOL_SIZE))

-			item = item->next;

-		}

-	fprintf(stderr,"\n");

-	bnidx = 0;

-	fprintf(stderr,"          : ");

-	while(fpidx < stack->depth)

-		{

-		while(bnidx++ < stack->indexes[fpidx])

-			fprintf(stderr,"   ");

-		fprintf(stderr,"^^ ");

-		bnidx++;

-		fpidx++;

-		}

-	fprintf(stderr,"\n");

-	}

-#define CTXDBG_ENTRY(str, ctx)	do { \

-				ctxdbg_cur = (str); \

-				fprintf(stderr,"Starting %s\n", ctxdbg_cur); \

-				ctxdbg(ctx); \

-				} while(0)

-#define CTXDBG_EXIT(ctx)	do { \

-				fprintf(stderr,"Ending %s\n", ctxdbg_cur); \

-				ctxdbg(ctx); \

-				} while(0)

-#define CTXDBG_RET(ctx,ret)

-#else

-#define CTXDBG_ENTRY(str, ctx)

-#define CTXDBG_EXIT(ctx)

-#define CTXDBG_RET(ctx,ret)

-#endif

-/* This function is an evil legacy and should not be used. This implementation

- * is WYSIWYG, though I've done my best. */

-#ifndef OPENSSL_NO_DEPRECATED

-void BN_CTX_init(BN_CTX *ctx)

-	{

-	/* Assume the caller obtained the context via BN_CTX_new() and so is

-	 * trying to reset it for use. Nothing else makes sense, least of all

-	 * binary compatibility from a time when they could declare a static

-	 * variable. */

-	BN_POOL_reset(&ctx->pool);

-	BN_STACK_reset(&ctx->stack);

-	ctx->used = 0;

-	ctx->err_stack = 0;

-	ctx->too_many = 0;

-	}

-#endif

-BN_CTX *BN_CTX_new(void)

-	{

-	BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));

-	if(!ret)

-		{

-		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	/* Initialise the structure */

-	BN_POOL_init(&ret->pool);

-	BN_STACK_init(&ret->stack);

-	ret->used = 0;

-	ret->err_stack = 0;

-	ret->too_many = 0;

-	return ret;

-	}

-void BN_CTX_free(BN_CTX *ctx)

-	{

-	if (ctx == NULL)

-		return;

-#ifdef BN_CTX_DEBUG

-	{

-	BN_POOL_ITEM *pool = ctx->pool.head;

-	fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",

-		ctx->stack.size, ctx->pool.size);

-	fprintf(stderr,"dmaxs: ");

-	while(pool) {

-		unsigned loop = 0;

-		while(loop < BN_CTX_POOL_SIZE)

-			fprintf(stderr,"%02x ", pool->vals[loop++].dmax);

-		pool = pool->next;

-	}

-	fprintf(stderr,"\n");

-	}

-#endif

-	BN_STACK_finish(&ctx->stack);

-	BN_POOL_finish(&ctx->pool);

-	OPENSSL_free(ctx);

-	}

-void BN_CTX_start(BN_CTX *ctx)

-	{

-	CTXDBG_ENTRY("BN_CTX_start", ctx);

-	/* If we're already overflowing ... */

-	if(ctx->err_stack || ctx->too_many)

-		ctx->err_stack++;

-	/* (Try to) get a new frame pointer */

-	else if(!BN_STACK_push(&ctx->stack, ctx->used))

-		{

-		BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);

-		ctx->err_stack++;

-		}

-	CTXDBG_EXIT(ctx);

-	}

-void BN_CTX_end(BN_CTX *ctx)

-	{

-	CTXDBG_ENTRY("BN_CTX_end", ctx);

-	if(ctx->err_stack)

-		ctx->err_stack--;

-	else

-		{

-		unsigned int fp = BN_STACK_pop(&ctx->stack);

-		/* Does this stack frame have anything to release? */

-		if(fp < ctx->used)

-			BN_POOL_release(&ctx->pool, ctx->used - fp);

-		ctx->used = fp;

-		/* Unjam "too_many" in case "get" had failed */

-		ctx->too_many = 0;

-		}

-	CTXDBG_EXIT(ctx);

-	}

-BIGNUM *BN_CTX_get(BN_CTX *ctx)

-	{

-	BIGNUM *ret;

-	CTXDBG_ENTRY("BN_CTX_get", ctx);

-	if(ctx->err_stack || ctx->too_many) return NULL;

-	if((ret = BN_POOL_get(&ctx->pool)) == NULL)

-		{

-		/* Setting too_many prevents repeated "get" attempts from

-		 * cluttering the error stack. */

-		ctx->too_many = 1;

-		BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);

-		return NULL;

-		}

-	/* OK, make sure the returned bignum is "zero" */

-	BN_zero(ret);

-	ctx->used++;

-	CTXDBG_RET(ctx, ret);

-	return ret;

-	}

-/************/

-/* BN_STACK */

-/************/

-static void BN_STACK_init(BN_STACK *st)

-	{

-	st->indexes = NULL;

-	st->depth = st->size = 0;

-	}

-static void BN_STACK_finish(BN_STACK *st)

-	{

-	if(st->size) OPENSSL_free(st->indexes);

-	}

-#ifndef OPENSSL_NO_DEPRECATED

-static void BN_STACK_reset(BN_STACK *st)

-	{

-	st->depth = 0;

-	}

-#endif

-static int BN_STACK_push(BN_STACK *st, unsigned int idx)

-	{

-	if(st->depth == st->size)

-		/* Need to expand */

-		{

-		unsigned int newsize = (st->size ?

-				(st->size * 3 / 2) : BN_CTX_START_FRAMES);

-		unsigned int *newitems = OPENSSL_malloc(newsize *

-						sizeof(unsigned int));

-		if(!newitems) return 0;

-		if(st->depth)

-			memcpy(newitems, st->indexes, st->depth *

-						sizeof(unsigned int));

-		if(st->size) OPENSSL_free(st->indexes);

-		st->indexes = newitems;

-		st->size = newsize;

-		}

-	st->indexes[(st->depth)++] = idx;

-	return 1;

-	}

-static unsigned int BN_STACK_pop(BN_STACK *st)

-	{

-	return st->indexes[--(st->depth)];

-	}

-/***********/

-/* BN_POOL */

-/***********/

-static void BN_POOL_init(BN_POOL *p)

-	{

-	p->head = p->current = p->tail = NULL;

-	p->used = p->size = 0;

-	}

-static void BN_POOL_finish(BN_POOL *p)

-	{

-	while(p->head)

-		{

-		unsigned int loop = 0;

-		BIGNUM *bn = p->head->vals;

-		while(loop++ < BN_CTX_POOL_SIZE)

-			{

-			if(bn->d) BN_clear_free(bn);

-			bn++;

-			}

-		p->current = p->head->next;

-		OPENSSL_free(p->head);

-		p->head = p->current;

-		}

-	}

-#ifndef OPENSSL_NO_DEPRECATED

-static void BN_POOL_reset(BN_POOL *p)

-	{

-	BN_POOL_ITEM *item = p->head;

-	while(item)

-		{

-		unsigned int loop = 0;

-		BIGNUM *bn = item->vals;

-		while(loop++ < BN_CTX_POOL_SIZE)

-			{

-			if(bn->d) BN_clear(bn);

-			bn++;

-			}

-		item = item->next;

-		}

-	p->current = p->head;

-	p->used = 0;

-	}

-#endif

-static BIGNUM *BN_POOL_get(BN_POOL *p)

-	{

-	if(p->used == p->size)

-		{

-		BIGNUM *bn;

-		unsigned int loop = 0;

-		BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));

-		if(!item) return NULL;

-		/* Initialise the structure */

-		bn = item->vals;

-		while(loop++ < BN_CTX_POOL_SIZE)

-			BN_init(bn++);

-		item->prev = p->tail;

-		item->next = NULL;

-		/* Link it in */

-		if(!p->head)

-			p->head = p->current = p->tail = item;

-		else

-			{

-			p->tail->next = item;

-			p->tail = item;

-			p->current = item;

-			}

-		p->size += BN_CTX_POOL_SIZE;

-		p->used++;

-		/* Return the first bignum from the new pool */

-		return item->vals;

-		}

-	if(!p->used)

-		p->current = p->head;

-	else if((p->used % BN_CTX_POOL_SIZE) == 0)

-		p->current = p->current->next;

-	return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);

-	}

-static void BN_POOL_release(BN_POOL *p, unsigned int num)

-	{

-	unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;

-	p->used -= num;

-	while(num--)

-		{

-		bn_check_top(p->current->vals + offset);

-		if(!offset)

-			{

-			offset = BN_CTX_POOL_SIZE - 1;

-			p->current = p->current->prev;

-			}

-		else

-			offset--;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_depr.c

+++ /dev/null

@@ -1,112 +1,0 @@

-/* crypto/bn/bn_depr.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Support for deprecated functions goes here - static linkage will only slurp

- * this code if applications are using them directly. */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#include <openssl/rand.h>

-static void *dummy=&dummy;

-#ifndef OPENSSL_NO_DEPRECATED

-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,

-	const BIGNUM *add, const BIGNUM *rem,

-	void (*callback)(int,int,void *), void *cb_arg)

-	{

-	BN_GENCB cb;

-	BIGNUM *rnd=NULL;

-	int found = 0;

-	BN_GENCB_set_old(&cb, callback, cb_arg);

-	if (ret == NULL)

-		{

-		if ((rnd=BN_new()) == NULL) goto err;

-		}

-	else

-		rnd=ret;

-	if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))

-		goto err;

-	/* we have a prime :-) */

-	found = 1;

-err:

-	if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);

-	return(found ? rnd : NULL);

-	}

-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),

-	BN_CTX *ctx_passed, void *cb_arg)

-	{

-	BN_GENCB cb;

-	BN_GENCB_set_old(&cb, callback, cb_arg);

-	return BN_is_prime_ex(a, checks, ctx_passed, &cb);

-	}

-int BN_is_prime_fasttest(const BIGNUM *a, int checks,

-		void (*callback)(int,int,void *),

-		BN_CTX *ctx_passed, void *cb_arg,

-		int do_trial_division)

-	{

-	BN_GENCB cb;

-	BN_GENCB_set_old(&cb, callback, cb_arg);

-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed,

-				do_trial_division, &cb);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_div.c

+++ /dev/null

@@ -1,632 +1,0 @@

-/* crypto/bn/bn_div.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/bn.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* The old slow way */

-#if 0

-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,

-	   BN_CTX *ctx)

-	{

-	int i,nm,nd;

-	int ret = 0;

-	BIGNUM *D;

-	bn_check_top(m);

-	bn_check_top(d);

-	if (BN_is_zero(d))

-		{

-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);

-		return(0);

-		}

-	if (BN_ucmp(m,d) < 0)

-		{

-		if (rem != NULL)

-			{ if (BN_copy(rem,m) == NULL) return(0); }

-		if (dv != NULL) BN_zero(dv);

-		return(1);

-		}

-	BN_CTX_start(ctx);

-	D = BN_CTX_get(ctx);

-	if (dv == NULL) dv = BN_CTX_get(ctx);

-	if (rem == NULL) rem = BN_CTX_get(ctx);

-	if (D == NULL || dv == NULL || rem == NULL)

-		goto end;

-	nd=BN_num_bits(d);

-	nm=BN_num_bits(m);

-	if (BN_copy(D,d) == NULL) goto end;

-	if (BN_copy(rem,m) == NULL) goto end;

-	/* The next 2 are needed so we can do a dv->d[0]|=1 later

-	 * since BN_lshift1 will only work once there is a value :-) */

-	BN_zero(dv);

-	bn_wexpand(dv,1);

-	dv->top=1;

-	if (!BN_lshift(D,D,nm-nd)) goto end;

-	for (i=nm-nd; i>=0; i--)

-		{

-		if (!BN_lshift1(dv,dv)) goto end;

-		if (BN_ucmp(rem,D) >= 0)

-			{

-			dv->d[0]|=1;

-			if (!BN_usub(rem,rem,D)) goto end;

-			}

-/* CAN IMPROVE (and have now :=) */

-		if (!BN_rshift1(D,D)) goto end;

-		}

-	rem->neg=BN_is_zero(rem)?0:m->neg;

-	dv->neg=m->neg^d->neg;

-	ret = 1;

- end:

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-#else

-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \

-    && !defined(PEDANTIC) && !defined(BN_DIV3W)

-# if defined(__GNUC__) && __GNUC__>=2

-#  if defined(__i386) || defined (__i386__)

-   /*

-    * There were two reasons for implementing this template:

-    * - GNU C generates a call to a function (__udivdi3 to be exact)

-    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to

-    *   understand why...);

-    * - divl doesn't only calculate quotient, but also leaves

-    *   remainder in %edx which we can definitely use here:-)

-    *

-    *					<[email protected]>

-    */

-#  define bn_div_words(n0,n1,d0)		\

-	({  asm volatile (			\

-		"divl	%4"			\

-		: "=a"(q), "=d"(rem)		\

-		: "a"(n1), "d"(n0), "g"(d0)	\

-		: "cc");			\

-	    q;					\

-	})

-#  define REMAINDER_IS_ALREADY_CALCULATED

-#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)

-   /*

-    * Same story here, but it's 128-bit by 64-bit division. Wow!

-    *					<[email protected]>

-    */

-#  define bn_div_words(n0,n1,d0)		\

-	({  asm volatile (			\

-		"divq	%4"			\

-		: "=a"(q), "=d"(rem)		\

-		: "a"(n1), "d"(n0), "g"(d0)	\

-		: "cc");			\

-	    q;					\

-	})

-#  define REMAINDER_IS_ALREADY_CALCULATED

-#  endif /* __<cpu> */

-# endif /* __GNUC__ */

-#endif /* OPENSSL_NO_ASM */

-/* BN_div[_no_branch] computes  dv := num / divisor,  rounding towards

- * zero, and sets up rm  such that  dv*divisor + rm = num  holds.

- * Thus:

- *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)

- *     rm->neg == num->neg                 (unless the remainder is zero)

- * If 'dv' or 'rm' is NULL, the respective value is not returned.

- */

-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,

-        const BIGNUM *divisor, BN_CTX *ctx);

-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,

-	   BN_CTX *ctx)

-	{

-	int norm_shift,i,loop;

-	BIGNUM *tmp,wnum,*snum,*sdiv,*res;

-	BN_ULONG *resp,*wnump;

-	BN_ULONG d0,d1;

-	int num_n,div_n;

-	if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))

-		{

-		return BN_div_no_branch(dv, rm, num, divisor, ctx);

-		}

-	bn_check_top(dv);

-	bn_check_top(rm);

-	bn_check_top(num);

-	bn_check_top(divisor);

-	if (BN_is_zero(divisor))

-		{

-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);

-		return(0);

-		}

-	if (BN_ucmp(num,divisor) < 0)

-		{

-		if (rm != NULL)

-			{ if (BN_copy(rm,num) == NULL) return(0); }

-		if (dv != NULL) BN_zero(dv);

-		return(1);

-		}

-	BN_CTX_start(ctx);

-	tmp=BN_CTX_get(ctx);

-	snum=BN_CTX_get(ctx);

-	sdiv=BN_CTX_get(ctx);

-	if (dv == NULL)

-		res=BN_CTX_get(ctx);

-	else	res=dv;

-	if (sdiv == NULL || res == NULL) goto err;

-	/* First we normalise the numbers */

-	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);

-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;

-	sdiv->neg=0;

-	norm_shift+=BN_BITS2;

-	if (!(BN_lshift(snum,num,norm_shift))) goto err;

-	snum->neg=0;

-	div_n=sdiv->top;

-	num_n=snum->top;

-	loop=num_n-div_n;

-	/* Lets setup a 'window' into snum

-	 * This is the part that corresponds to the current

-	 * 'area' being divided */

-	wnum.neg   = 0;

-	wnum.d     = &(snum->d[loop]);

-	wnum.top   = div_n;

-	/* only needed when BN_ucmp messes up the values between top and max */

-	wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */

-	/* Get the top 2 words of sdiv */

-	/* div_n=sdiv->top; */

-	d0=sdiv->d[div_n-1];

-	d1=(div_n == 1)?0:sdiv->d[div_n-2];

-	/* pointer to the 'top' of snum */

-	wnump= &(snum->d[num_n-1]);

-	/* Setup to 'res' */

-	res->neg= (num->neg^divisor->neg);

-	if (!bn_wexpand(res,(loop+1))) goto err;

-	res->top=loop;

-	resp= &(res->d[loop-1]);

-	/* space for temp */

-	if (!bn_wexpand(tmp,(div_n+1))) goto err;

-	if (BN_ucmp(&wnum,sdiv) >= 0)

-		{

-		/* If BN_DEBUG_RAND is defined BN_ucmp changes (via

-		 * bn_pollute) the const bignum arguments =>

-		 * clean the values between top and max again */

-		bn_clear_top2max(&wnum);

-		bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);

-		*resp=1;

-		}

-	else

-		res->top--;

-	/* if res->top == 0 then clear the neg value otherwise decrease

-	 * the resp pointer */

-	if (res->top == 0)

-		res->neg = 0;

-	else

-		resp--;

-	for (i=0; i<loop-1; i++, wnump--, resp--)

-		{

-		BN_ULONG q,l0;

-		/* the first part of the loop uses the top two words of

-		 * snum and sdiv to calculate a BN_ULONG q such that

-		 * | wnum - sdiv * q | < sdiv */

-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)

-		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);

-		q=bn_div_3_words(wnump,d1,d0);

-#else

-		BN_ULONG n0,n1,rem=0;

-		n0=wnump[0];

-		n1=wnump[-1];

-		if (n0 == d0)

-			q=BN_MASK2;

-		else 			/* n0 < d0 */

-			{

-#ifdef BN_LLONG

-			BN_ULLONG t2;

-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)

-			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);

-#else

-			q=bn_div_words(n0,n1,d0);

-#ifdef BN_DEBUG_LEVITTE

-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\

-X) -> 0x%08X\n",

-				n0, n1, d0, q);

-#endif

-#endif

-#ifndef REMAINDER_IS_ALREADY_CALCULATED

-			/*

-			 * rem doesn't have to be BN_ULLONG. The least we

-			 * know it's less that d0, isn't it?

-			 */

-			rem=(n1-q*d0)&BN_MASK2;

-#endif

-			t2=(BN_ULLONG)d1*q;

-			for (;;)

-				{

-				if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))

-					break;

-				q--;

-				rem += d0;

-				if (rem < d0) break; /* don't let rem overflow */

-				t2 -= d1;

-				}

-#else /* !BN_LLONG */

-			BN_ULONG t2l,t2h,ql,qh;

-			q=bn_div_words(n0,n1,d0);

-#ifdef BN_DEBUG_LEVITTE

-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\

-X) -> 0x%08X\n",

-				n0, n1, d0, q);

-#endif

-#ifndef REMAINDER_IS_ALREADY_CALCULATED

-			rem=(n1-q*d0)&BN_MASK2;

-#endif

-#if defined(BN_UMULT_LOHI)

-			BN_UMULT_LOHI(t2l,t2h,d1,q);

-#elif defined(BN_UMULT_HIGH)

-			t2l = d1 * q;

-			t2h = BN_UMULT_HIGH(d1,q);

-#else

-			t2l=LBITS(d1); t2h=HBITS(d1);

-			ql =LBITS(q);  qh =HBITS(q);

-			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */

-#endif

-			for (;;)

-				{

-				if ((t2h < rem) ||

-					((t2h == rem) && (t2l <= wnump[-2])))

-					break;

-				q--;

-				rem += d0;

-				if (rem < d0) break; /* don't let rem overflow */

-				if (t2l < d1) t2h--; t2l -= d1;

-				}

-#endif /* !BN_LLONG */

-			}

-#endif /* !BN_DIV3W */

-		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);

-		tmp->d[div_n]=l0;

-		wnum.d--;

-		/* ingore top values of the bignums just sub the two

-		 * BN_ULONG arrays with bn_sub_words */

-		if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))

-			{

-			/* Note: As we have considered only the leading

-			 * two BN_ULONGs in the calculation of q, sdiv * q

-			 * might be greater than wnum (but then (q-1) * sdiv

-			 * is less or equal than wnum)

-			 */

-			q--;

-			if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))

-				/* we can't have an overflow here (assuming

-				 * that q != 0, but if q == 0 then tmp is

-				 * zero anyway) */

-				(*wnump)++;

-			}

-		/* store part of the result */

-		*resp = q;

-		}

-	bn_correct_top(snum);

-	if (rm != NULL)

-		{

-		/* Keep a copy of the neg flag in num because if rm==num

-		 * BN_rshift() will overwrite it.

-		 */

-		int neg = num->neg;

-		BN_rshift(rm,snum,norm_shift);

-		if (!BN_is_zero(rm))

-			rm->neg = neg;

-		bn_check_top(rm);

-		}

-	BN_CTX_end(ctx);

-	return(1);

-err:

-	bn_check_top(rm);

-	BN_CTX_end(ctx);

-	return(0);

-	}

-/* BN_div_no_branch is a special version of BN_div. It does not contain

- * branches that may leak sensitive information.

- */

-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,

-	const BIGNUM *divisor, BN_CTX *ctx)

-	{

-	int norm_shift,i,loop;

-	BIGNUM *tmp,wnum,*snum,*sdiv,*res;

-	BN_ULONG *resp,*wnump;

-	BN_ULONG d0,d1;

-	int num_n,div_n;

-	bn_check_top(dv);

-	bn_check_top(rm);

-	bn_check_top(num);

-	bn_check_top(divisor);

-	if (BN_is_zero(divisor))

-		{

-		BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO);

-		return(0);

-		}

-	BN_CTX_start(ctx);

-	tmp=BN_CTX_get(ctx);

-	snum=BN_CTX_get(ctx);

-	sdiv=BN_CTX_get(ctx);

-	if (dv == NULL)

-		res=BN_CTX_get(ctx);

-	else	res=dv;

-	if (sdiv == NULL || res == NULL) goto err;

-	/* First we normalise the numbers */

-	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);

-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;

-	sdiv->neg=0;

-	norm_shift+=BN_BITS2;

-	if (!(BN_lshift(snum,num,norm_shift))) goto err;

-	snum->neg=0;

-	/* Since we don't know whether snum is larger than sdiv,

-	 * we pad snum with enough zeroes without changing its

-	 * value.

-	 */

-	if (snum->top <= sdiv->top+1)

-		{

-		if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;

-		for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;

-		snum->top = sdiv->top + 2;

-		}

-	else

-		{

-		if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;

-		snum->d[snum->top] = 0;

-		snum->top ++;

-		}

-	div_n=sdiv->top;

-	num_n=snum->top;

-	loop=num_n-div_n;

-	/* Lets setup a 'window' into snum

-	 * This is the part that corresponds to the current

-	 * 'area' being divided */

-	wnum.neg   = 0;

-	wnum.d     = &(snum->d[loop]);

-	wnum.top   = div_n;

-	/* only needed when BN_ucmp messes up the values between top and max */

-	wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */

-	/* Get the top 2 words of sdiv */

-	/* div_n=sdiv->top; */

-	d0=sdiv->d[div_n-1];

-	d1=(div_n == 1)?0:sdiv->d[div_n-2];

-	/* pointer to the 'top' of snum */

-	wnump= &(snum->d[num_n-1]);

-	/* Setup to 'res' */

-	res->neg= (num->neg^divisor->neg);

-	if (!bn_wexpand(res,(loop+1))) goto err;

-	res->top=loop-1;

-	resp= &(res->d[loop-1]);

-	/* space for temp */

-	if (!bn_wexpand(tmp,(div_n+1))) goto err;

-	/* if res->top == 0 then clear the neg value otherwise decrease

-	 * the resp pointer */

-	if (res->top == 0)

-		res->neg = 0;

-	else

-		resp--;

-	for (i=0; i<loop-1; i++, wnump--, resp--)

-		{

-		BN_ULONG q,l0;

-		/* the first part of the loop uses the top two words of

-		 * snum and sdiv to calculate a BN_ULONG q such that

-		 * | wnum - sdiv * q | < sdiv */

-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)

-		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);

-		q=bn_div_3_words(wnump,d1,d0);

-#else

-		BN_ULONG n0,n1,rem=0;

-		n0=wnump[0];

-		n1=wnump[-1];

-		if (n0 == d0)

-			q=BN_MASK2;

-		else 			/* n0 < d0 */

-			{

-#ifdef BN_LLONG

-			BN_ULLONG t2;

-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)

-			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);

-#else

-			q=bn_div_words(n0,n1,d0);

-#ifdef BN_DEBUG_LEVITTE

-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\

-X) -> 0x%08X\n",

-				n0, n1, d0, q);

-#endif

-#endif

-#ifndef REMAINDER_IS_ALREADY_CALCULATED

-			/*

-			 * rem doesn't have to be BN_ULLONG. The least we

-			 * know it's less that d0, isn't it?

-			 */

-			rem=(n1-q*d0)&BN_MASK2;

-#endif

-			t2=(BN_ULLONG)d1*q;

-			for (;;)

-				{

-				if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))

-					break;

-				q--;

-				rem += d0;

-				if (rem < d0) break; /* don't let rem overflow */

-				t2 -= d1;

-				}

-#else /* !BN_LLONG */

-			BN_ULONG t2l,t2h,ql,qh;

-			q=bn_div_words(n0,n1,d0);

-#ifdef BN_DEBUG_LEVITTE

-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\

-X) -> 0x%08X\n",

-				n0, n1, d0, q);

-#endif

-#ifndef REMAINDER_IS_ALREADY_CALCULATED

-			rem=(n1-q*d0)&BN_MASK2;

-#endif

-#if defined(BN_UMULT_LOHI)

-			BN_UMULT_LOHI(t2l,t2h,d1,q);

-#elif defined(BN_UMULT_HIGH)

-			t2l = d1 * q;

-			t2h = BN_UMULT_HIGH(d1,q);

-#else

-			t2l=LBITS(d1); t2h=HBITS(d1);

-			ql =LBITS(q);  qh =HBITS(q);

-			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */

-#endif

-			for (;;)

-				{

-				if ((t2h < rem) ||

-					((t2h == rem) && (t2l <= wnump[-2])))

-					break;

-				q--;

-				rem += d0;

-				if (rem < d0) break; /* don't let rem overflow */

-				if (t2l < d1) t2h--; t2l -= d1;

-				}

-#endif /* !BN_LLONG */

-			}

-#endif /* !BN_DIV3W */

-		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);

-		tmp->d[div_n]=l0;

-		wnum.d--;

-		/* ingore top values of the bignums just sub the two

-		 * BN_ULONG arrays with bn_sub_words */

-		if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))

-			{

-			/* Note: As we have considered only the leading

-			 * two BN_ULONGs in the calculation of q, sdiv * q

-			 * might be greater than wnum (but then (q-1) * sdiv

-			 * is less or equal than wnum)

-			 */

-			q--;

-			if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))

-				/* we can't have an overflow here (assuming

-				 * that q != 0, but if q == 0 then tmp is

-				 * zero anyway) */

-				(*wnump)++;

-			}

-		/* store part of the result */

-		*resp = q;

-		}

-	bn_correct_top(snum);

-	if (rm != NULL)

-		{

-		/* Keep a copy of the neg flag in num because if rm==num

-		 * BN_rshift() will overwrite it.

-		 */

-		int neg = num->neg;

-		BN_rshift(rm,snum,norm_shift);

-		if (!BN_is_zero(rm))

-			rm->neg = neg;

-		bn_check_top(rm);

-		}

-	bn_correct_top(res);

-	BN_CTX_end(ctx);

-	return(1);

-err:

-	bn_check_top(rm);

-	BN_CTX_end(ctx);

-	return(0);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_err.c

+++ /dev/null

@@ -1,150 +1,0 @@

-/* crypto/bn/bn_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)

-static ERR_STRING_DATA BN_str_functs[]=

-	{

-{ERR_FUNC(BN_F_BNRAND),	"BNRAND"},

-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX),	"BN_BLINDING_convert_ex"},

-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM),	"BN_BLINDING_create_param"},

-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX),	"BN_BLINDING_invert_ex"},

-{ERR_FUNC(BN_F_BN_BLINDING_NEW),	"BN_BLINDING_new"},

-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE),	"BN_BLINDING_update"},

-{ERR_FUNC(BN_F_BN_BN2DEC),	"BN_bn2dec"},

-{ERR_FUNC(BN_F_BN_BN2HEX),	"BN_bn2hex"},

-{ERR_FUNC(BN_F_BN_CTX_GET),	"BN_CTX_get"},

-{ERR_FUNC(BN_F_BN_CTX_NEW),	"BN_CTX_new"},

-{ERR_FUNC(BN_F_BN_CTX_START),	"BN_CTX_start"},

-{ERR_FUNC(BN_F_BN_DIV),	"BN_div"},

-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH),	"BN_div_no_branch"},

-{ERR_FUNC(BN_F_BN_DIV_RECP),	"BN_div_recp"},

-{ERR_FUNC(BN_F_BN_EXP),	"BN_exp"},

-{ERR_FUNC(BN_F_BN_EXPAND2),	"bn_expand2"},

-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),	"BN_EXPAND_INTERNAL"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD),	"BN_GF2m_mod"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),	"BN_GF2m_mod_exp"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),	"BN_GF2m_mod_mul"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD),	"BN_GF2m_mod_solve_quad"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR),	"BN_GF2m_mod_solve_quad_arr"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR),	"BN_GF2m_mod_sqr"},

-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT),	"BN_GF2m_mod_sqrt"},

-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),	"BN_mod_exp2_mont"},

-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT),	"BN_mod_exp_mont"},

-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),	"BN_mod_exp_mont_consttime"},

-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD),	"BN_mod_exp_mont_word"},

-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP),	"BN_mod_exp_recp"},

-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),	"BN_mod_exp_simple"},

-{ERR_FUNC(BN_F_BN_MOD_INVERSE),	"BN_mod_inverse"},

-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH),	"BN_mod_inverse_no_branch"},

-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),	"BN_mod_lshift_quick"},

-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),	"BN_mod_mul_reciprocal"},

-{ERR_FUNC(BN_F_BN_MOD_SQRT),	"BN_mod_sqrt"},

-{ERR_FUNC(BN_F_BN_MPI2BN),	"BN_mpi2bn"},

-{ERR_FUNC(BN_F_BN_NEW),	"BN_new"},

-{ERR_FUNC(BN_F_BN_RAND),	"BN_rand"},

-{ERR_FUNC(BN_F_BN_RAND_RANGE),	"BN_rand_range"},

-{ERR_FUNC(BN_F_BN_USUB),	"BN_usub"},

-{0,NULL}

-	};

-static ERR_STRING_DATA BN_str_reasons[]=

-	{

-{ERR_REASON(BN_R_ARG2_LT_ARG3)           ,"arg2 lt arg3"},

-{ERR_REASON(BN_R_BAD_RECIPROCAL)         ,"bad reciprocal"},

-{ERR_REASON(BN_R_BIGNUM_TOO_LONG)        ,"bignum too long"},

-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},

-{ERR_REASON(BN_R_DIV_BY_ZERO)            ,"div by zero"},

-{ERR_REASON(BN_R_ENCODING_ERROR)         ,"encoding error"},

-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},

-{ERR_REASON(BN_R_INPUT_NOT_REDUCED)      ,"input not reduced"},

-{ERR_REASON(BN_R_INVALID_LENGTH)         ,"invalid length"},

-{ERR_REASON(BN_R_INVALID_RANGE)          ,"invalid range"},

-{ERR_REASON(BN_R_NOT_A_SQUARE)           ,"not a square"},

-{ERR_REASON(BN_R_NOT_INITIALIZED)        ,"not initialized"},

-{ERR_REASON(BN_R_NO_INVERSE)             ,"no inverse"},

-{ERR_REASON(BN_R_NO_SOLUTION)            ,"no solution"},

-{ERR_REASON(BN_R_P_IS_NOT_PRIME)         ,"p is not prime"},

-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS)    ,"too many iterations"},

-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},

-{0,NULL}

-	};

-#endif

-void ERR_load_BN_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(BN_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,BN_str_functs);

-		ERR_load_strings(0,BN_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_exp.c

+++ /dev/null

@@ -1,990 +1,0 @@

-/* crypto/bn/bn_exp.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* maximum precomputation table size for *variable* sliding windows */

-#define TABLE_SIZE	32

-/* this one works - simple but works */

-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

-	{

-	int i,bits,ret=0;

-	BIGNUM *v,*rr;

-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)

-		{

-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

-		BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return -1;

-		}

-	BN_CTX_start(ctx);

-	if ((r == a) || (r == p))

-		rr = BN_CTX_get(ctx);

-	else

-		rr = r;

-	if ((v = BN_CTX_get(ctx)) == NULL) goto err;

-	if (BN_copy(v,a) == NULL) goto err;

-	bits=BN_num_bits(p);

-	if (BN_is_odd(p))

-		{ if (BN_copy(rr,a) == NULL) goto err; }

-	else	{ if (!BN_one(rr)) goto err; }

-	for (i=1; i<bits; i++)

-		{

-		if (!BN_sqr(v,v,ctx)) goto err;

-		if (BN_is_bit_set(p,i))

-			{

-			if (!BN_mul(rr,rr,v,ctx)) goto err;

-			}

-		}

-	ret=1;

-err:

-	if (r != rr) BN_copy(r,rr);

-	BN_CTX_end(ctx);

-	bn_check_top(r);

-	return(ret);

-	}

-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,

-	       BN_CTX *ctx)

-	{

-	int ret;

-	bn_check_top(a);

-	bn_check_top(p);

-	bn_check_top(m);

-	/* For even modulus  m = 2^k*m_odd,  it might make sense to compute

-	 * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery

-	 * exponentiation for the odd part), using appropriate exponent

-	 * reductions, and combine the results using the CRT.

-	 *

-	 * For now, we use Montgomery only if the modulus is odd; otherwise,

-	 * exponentiation using the reciprocal-based quick remaindering

-	 * algorithm is used.

-	 *

-	 * (Timing obtained with expspeed.c [computations  a^p mod m

-	 * where  a, p, m  are of the same length: 256, 512, 1024, 2048,

-	 * 4096, 8192 bits], compared to the running time of the

-	 * standard algorithm:

-	 *

-	 *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]

-         *                     55 .. 77 %  [UltraSparc processor, but

-	 *                                  debug-solaris-sparcv8-gcc conf.]

-	 *

-	 *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]

-	 *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]

-	 *

-	 * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont

-	 * at 2048 and more bits, but at 512 and 1024 bits, it was

-	 * slower even than the standard algorithm!

-	 *

-	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]

-	 * should be obtained when the new Montgomery reduction code

-	 * has been integrated into OpenSSL.)

-	 */

-#define MONT_MUL_MOD

-#define MONT_EXP_WORD

-#define RECP_MUL_MOD

-#ifdef MONT_MUL_MOD

-	/* I have finally been able to take out this pre-condition of

-	 * the top bit being set.  It was caused by an error in BN_div

-	 * with negatives.  There was also another problem when for a^b%m

-	 * a >= m.  eay 07-May-97 */

-/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */

-	if (BN_is_odd(m))

-		{

-#  ifdef MONT_EXP_WORD

-		if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))

-			{

-			BN_ULONG A = a->d[0];

-			ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);

-			}

-		else

-#  endif

-			ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);

-		}

-	else

-#endif

-#ifdef RECP_MUL_MOD

-		{ ret=BN_mod_exp_recp(r,a,p,m,ctx); }

-#else

-		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }

-#endif

-	bn_check_top(r);

-	return(ret);

-	}

-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		    const BIGNUM *m, BN_CTX *ctx)

-	{

-	int i,j,bits,ret=0,wstart,wend,window,wvalue;

-	int start=1;

-	BIGNUM *aa;

-	/* Table of variables obtained from 'ctx' */

-	BIGNUM *val[TABLE_SIZE];

-	BN_RECP_CTX recp;

-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)

-		{

-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

-		BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return -1;

-		}

-	bits=BN_num_bits(p);

-	if (bits == 0)

-		{

-		ret = BN_one(r);

-		return ret;

-		}

-	BN_CTX_start(ctx);

-	aa = BN_CTX_get(ctx);

-	val[0] = BN_CTX_get(ctx);

-	if(!aa || !val[0]) goto err;

-	BN_RECP_CTX_init(&recp);

-	if (m->neg)

-		{

-		/* ignore sign of 'm' */

-		if (!BN_copy(aa, m)) goto err;

-		aa->neg = 0;

-		if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;

-		}

-	else

-		{

-		if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;

-		}

-	if (!BN_nnmod(val[0],a,m,ctx)) goto err;		/* 1 */

-	if (BN_is_zero(val[0]))

-		{

-		BN_zero(r);

-		ret = 1;

-		goto err;

-		}

-	window = BN_window_bits_for_exponent_size(bits);

-	if (window > 1)

-		{

-		if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))

-			goto err;				/* 2 */

-		j=1<<(window-1);

-		for (i=1; i<j; i++)

-			{

-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||

-					!BN_mod_mul_reciprocal(val[i],val[i-1],

-						aa,&recp,ctx))

-				goto err;

-			}

-		}

-	start=1;	/* This is used to avoid multiplication etc

-			 * when there is only the value '1' in the

-			 * buffer. */

-	wvalue=0;	/* The 'value' of the window */

-	wstart=bits-1;	/* The top bit of the window */

-	wend=0;		/* The bottom bit of the window */

-	if (!BN_one(r)) goto err;

-	for (;;)

-		{

-		if (BN_is_bit_set(p,wstart) == 0)

-			{

-			if (!start)

-				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))

-				goto err;

-			if (wstart == 0) break;

-			wstart--;

-			continue;

-			}

-		/* We now have wstart on a 'set' bit, we now need to work out

-		 * how bit a window to do.  To do this we need to scan

-		 * forward until the last set bit before the end of the

-		 * window */

-		j=wstart;

-		wvalue=1;

-		wend=0;

-		for (i=1; i<window; i++)

-			{

-			if (wstart-i < 0) break;

-			if (BN_is_bit_set(p,wstart-i))

-				{

-				wvalue<<=(i-wend);

-				wvalue|=1;

-				wend=i;

-				}

-			}

-		/* wend is the size of the current window */

-		j=wend+1;

-		/* add the 'bytes above' */

-		if (!start)

-			for (i=0; i<j; i++)

-				{

-				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))

-					goto err;

-				}

-		/* wvalue will be an odd number < 2^window */

-		if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))

-			goto err;

-		/* move the 'window' down further */

-		wstart-=wend+1;

-		wvalue=0;

-		start=0;

-		if (wstart < 0) break;

-		}

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	BN_RECP_CTX_free(&recp);

-	bn_check_top(r);

-	return(ret);

-	}

-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,

-		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	int i,j,bits,ret=0,wstart,wend,window,wvalue;

-	int start=1;

-	BIGNUM *d,*r;

-	const BIGNUM *aa;

-	/* Table of variables obtained from 'ctx' */

-	BIGNUM *val[TABLE_SIZE];

-	BN_MONT_CTX *mont=NULL;

-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)

-		{

-		return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);

-		}

-	bn_check_top(a);

-	bn_check_top(p);

-	bn_check_top(m);

-	if (!BN_is_odd(m))

-		{

-		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);

-		return(0);

-		}

-	bits=BN_num_bits(p);

-	if (bits == 0)

-		{

-		ret = BN_one(rr);

-		return ret;

-		}

-	BN_CTX_start(ctx);

-	d = BN_CTX_get(ctx);

-	r = BN_CTX_get(ctx);

-	val[0] = BN_CTX_get(ctx);

-	if (!d || !r || !val[0]) goto err;

-	/* If this is not done, things will break in the montgomery

-	 * part */

-	if (in_mont != NULL)

-		mont=in_mont;

-	else

-		{

-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;

-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;

-		}

-	if (a->neg || BN_ucmp(a,m) >= 0)

-		{

-		if (!BN_nnmod(val[0],a,m,ctx))

-			goto err;

-		aa= val[0];

-		}

-	else

-		aa=a;

-	if (BN_is_zero(aa))

-		{

-		BN_zero(rr);

-		ret = 1;

-		goto err;

-		}

-	if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */

-	window = BN_window_bits_for_exponent_size(bits);

-	if (window > 1)

-		{

-		if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */

-		j=1<<(window-1);

-		for (i=1; i<j; i++)

-			{

-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||

-					!BN_mod_mul_montgomery(val[i],val[i-1],

-						d,mont,ctx))

-				goto err;

-			}

-		}

-	start=1;	/* This is used to avoid multiplication etc

-			 * when there is only the value '1' in the

-			 * buffer. */

-	wvalue=0;	/* The 'value' of the window */

-	wstart=bits-1;	/* The top bit of the window */

-	wend=0;		/* The bottom bit of the window */

-	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;

-	for (;;)

-		{

-		if (BN_is_bit_set(p,wstart) == 0)

-			{

-			if (!start)

-				{

-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))

-				goto err;

-				}

-			if (wstart == 0) break;

-			wstart--;

-			continue;

-			}

-		/* We now have wstart on a 'set' bit, we now need to work out

-		 * how bit a window to do.  To do this we need to scan

-		 * forward until the last set bit before the end of the

-		 * window */

-		j=wstart;

-		wvalue=1;

-		wend=0;

-		for (i=1; i<window; i++)

-			{

-			if (wstart-i < 0) break;

-			if (BN_is_bit_set(p,wstart-i))

-				{

-				wvalue<<=(i-wend);

-				wvalue|=1;

-				wend=i;

-				}

-			}

-		/* wend is the size of the current window */

-		j=wend+1;

-		/* add the 'bytes above' */

-		if (!start)

-			for (i=0; i<j; i++)

-				{

-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))

-					goto err;

-				}

-		/* wvalue will be an odd number < 2^window */

-		if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))

-			goto err;

-		/* move the 'window' down further */

-		wstart-=wend+1;

-		wvalue=0;

-		start=0;

-		if (wstart < 0) break;

-		}

-	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;

-	ret=1;

-err:

-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

-	BN_CTX_end(ctx);

-	bn_check_top(rr);

-	return(ret);

-	}

-/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout

- * so that accessing any of these table values shows the same access pattern as far

- * as cache lines are concerned.  The following functions are used to transfer a BIGNUM

- * from/to that table. */

-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)

-	{

-	size_t i, j;

-	if (bn_wexpand(b, top) == NULL)

-		return 0;

-	while (b->top < top)

-		{

-		b->d[b->top++] = 0;

-		}

-	for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)

-		{

-		buf[j] = ((unsigned char*)b->d)[i];

-		}

-	bn_correct_top(b);

-	return 1;

-	}

-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)

-	{

-	size_t i, j;

-	if (bn_wexpand(b, top) == NULL)

-		return 0;

-	for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)

-		{

-		((unsigned char*)b->d)[i] = buf[j];

-		}

-	b->top = top;

-	bn_correct_top(b);

-	return 1;

-	}

-/* Given a pointer value, compute the next address that is a cache line multiple. */

-#define MOD_EXP_CTIME_ALIGN(x_) \

-	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))

-/* This variant of BN_mod_exp_mont() uses fixed windows and the special

- * precomputation memory layout to limit data-dependency to a minimum

- * to protect secret exponents (cf. the hyper-threading timing attacks

- * pointed out by Colin Percival,

- * http://www.daemonology.net/hyperthreading-considered-harmful/)

- */

-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,

-		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	int i,bits,ret=0,idx,window,wvalue;

-	int top;

- 	BIGNUM *r;

-	const BIGNUM *aa;

-	BN_MONT_CTX *mont=NULL;

-	int numPowers;

-	unsigned char *powerbufFree=NULL;

-	int powerbufLen = 0;

-	unsigned char *powerbuf=NULL;

-	BIGNUM *computeTemp=NULL, *am=NULL;

-	bn_check_top(a);

-	bn_check_top(p);

-	bn_check_top(m);

-	top = m->top;

-	if (!(m->d[0] & 1))

-		{

-		BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);

-		return(0);

-		}

-	bits=BN_num_bits(p);

-	if (bits == 0)

-		{

-		ret = BN_one(rr);

-		return ret;

-		}

- 	/* Initialize BIGNUM context and allocate intermediate result */

-	BN_CTX_start(ctx);

-	r = BN_CTX_get(ctx);

-	if (r == NULL) goto err;

-	/* Allocate a montgomery context if it was not supplied by the caller.

-	 * If this is not done, things will break in the montgomery part.

- 	 */

-	if (in_mont != NULL)

-		mont=in_mont;

-	else

-		{

-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;

-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;

-		}

-	/* Get the window size to use with size of p. */

-	window = BN_window_bits_for_ctime_exponent_size(bits);

-	/* Allocate a buffer large enough to hold all of the pre-computed

-	 * powers of a.

-	 */

-	numPowers = 1 << window;

-	powerbufLen = sizeof(m->d[0])*top*numPowers;

-	if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)

-		goto err;

-	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);

-	memset(powerbuf, 0, powerbufLen);

- 	/* Initialize the intermediate result. Do this early to save double conversion,

-	 * once each for a^0 and intermediate result.

-	 */

- 	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;

-	if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;

-	/* Initialize computeTemp as a^1 with montgomery precalcs */

-	computeTemp = BN_CTX_get(ctx);

-	am = BN_CTX_get(ctx);

-	if (computeTemp==NULL || am==NULL) goto err;

-	if (a->neg || BN_ucmp(a,m) >= 0)

-		{

-		if (!BN_mod(am,a,m,ctx))

-			goto err;

-		aa= am;

-		}

-	else

-		aa=a;

-	if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;

-	if (!BN_copy(computeTemp, am)) goto err;

-	if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;

-	/* If the window size is greater than 1, then calculate

-	 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)

-	 * (even powers could instead be computed as (a^(i/2))^2

-	 * to use the slight performance advantage of sqr over mul).

-	 */

-	if (window > 1)

-		{

-		for (i=2; i<numPowers; i++)

-			{

-			/* Calculate a^i = a^(i-1) * a */

-			if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))

-				goto err;

-			if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;

-			}

-		}

- 	/* Adjust the number of bits up to a multiple of the window size.

- 	 * If the exponent length is not a multiple of the window size, then

- 	 * this pads the most significant bits with zeros to normalize the

- 	 * scanning loop to there's no special cases.

- 	 *

- 	 * * NOTE: Making the window size a power of two less than the native

-	 * * word size ensures that the padded bits won't go past the last

- 	 * * word in the internal BIGNUM structure. Going past the end will

- 	 * * still produce the correct result, but causes a different branch

- 	 * * to be taken in the BN_is_bit_set function.

- 	 */

- 	bits = ((bits+window-1)/window)*window;

- 	idx=bits-1;	/* The top bit of the window */

- 	/* Scan the exponent one window at a time starting from the most

- 	 * significant bits.

- 	 */

- 	while (idx >= 0)

-  		{

- 		wvalue=0; /* The 'value' of the window */

- 		/* Scan the window, squaring the result as we go */

- 		for (i=0; i<window; i++,idx--)

- 			{

-			if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))	goto err;

-			wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);

-  			}

-		/* Fetch the appropriate pre-computed value from the pre-buf */

-		if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;

- 		/* Multiply the result into the intermediate result */

- 		if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;

-  		}

- 	/* Convert the final result from montgomery to standard format */

-	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;

-	ret=1;

-err:

-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

-	if (powerbuf!=NULL)

-		{

-		OPENSSL_cleanse(powerbuf,powerbufLen);

-		OPENSSL_free(powerbufFree);

-		}

- 	if (am!=NULL) BN_clear(am);

- 	if (computeTemp!=NULL) BN_clear(computeTemp);

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,

-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	BN_MONT_CTX *mont = NULL;

-	int b, bits, ret=0;

-	int r_is_one;

-	BN_ULONG w, next_w;

-	BIGNUM *d, *r, *t;

-	BIGNUM *swap_tmp;

-#define BN_MOD_MUL_WORD(r, w, m) \

-		(BN_mul_word(r, (w)) && \

-		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \

-			(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))

-		/* BN_MOD_MUL_WORD is only used with 'w' large,

-		 * so the BN_ucmp test is probably more overhead

-		 * than always using BN_mod (which uses BN_copy if

-		 * a similar test returns true). */

-		/* We can use BN_mod and do not need BN_nnmod because our

-		 * accumulator is never negative (the result of BN_mod does

-		 * not depend on the sign of the modulus).

-		 */

-#define BN_TO_MONTGOMERY_WORD(r, w, mont) \

-		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))

-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)

-		{

-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

-		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return -1;

-		}

-	bn_check_top(p);

-	bn_check_top(m);

-	if (!BN_is_odd(m))

-		{

-		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);

-		return(0);

-		}

-	if (m->top == 1)

-		a %= m->d[0]; /* make sure that 'a' is reduced */

-	bits = BN_num_bits(p);

-	if (bits == 0)

-		{

-		ret = BN_one(rr);

-		return ret;

-		}

-	if (a == 0)

-		{

-		BN_zero(rr);

-		ret = 1;

-		return ret;

-		}

-	BN_CTX_start(ctx);

-	d = BN_CTX_get(ctx);

-	r = BN_CTX_get(ctx);

-	t = BN_CTX_get(ctx);

-	if (d == NULL || r == NULL || t == NULL) goto err;

-	if (in_mont != NULL)

-		mont=in_mont;

-	else

-		{

-		if ((mont = BN_MONT_CTX_new()) == NULL) goto err;

-		if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;

-		}

-	r_is_one = 1; /* except for Montgomery factor */

-	/* bits-1 >= 0 */

-	/* The result is accumulated in the product r*w. */

-	w = a; /* bit 'bits-1' of 'p' is always set */

-	for (b = bits-2; b >= 0; b--)

-		{

-		/* First, square r*w. */

-		next_w = w*w;

-		if ((next_w/w) != w) /* overflow */

-			{

-			if (r_is_one)

-				{

-				if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;

-				r_is_one = 0;

-				}

-			else

-				{

-				if (!BN_MOD_MUL_WORD(r, w, m)) goto err;

-				}

-			next_w = 1;

-			}

-		w = next_w;

-		if (!r_is_one)

-			{

-			if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;

-			}

-		/* Second, multiply r*w by 'a' if exponent bit is set. */

-		if (BN_is_bit_set(p, b))

-			{

-			next_w = w*a;

-			if ((next_w/a) != w) /* overflow */

-				{

-				if (r_is_one)

-					{

-					if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;

-					r_is_one = 0;

-					}

-				else

-					{

-					if (!BN_MOD_MUL_WORD(r, w, m)) goto err;

-					}

-				next_w = a;

-				}

-			w = next_w;

-			}

-		}

-	/* Finally, set r:=r*w. */

-	if (w != 1)

-		{

-		if (r_is_one)

-			{

-			if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;

-			r_is_one = 0;

-			}

-		else

-			{

-			if (!BN_MOD_MUL_WORD(r, w, m)) goto err;

-			}

-		}

-	if (r_is_one) /* can happen only if a == 1*/

-		{

-		if (!BN_one(rr)) goto err;

-		}

-	else

-		{

-		if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;

-		}

-	ret = 1;

-err:

-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

-	BN_CTX_end(ctx);

-	bn_check_top(rr);

-	return(ret);

-	}

-/* The old fallback, simple version :-) */

-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx)

-	{

-	int i,j,bits,ret=0,wstart,wend,window,wvalue;

-	int start=1;

-	BIGNUM *d;

-	/* Table of variables obtained from 'ctx' */

-	BIGNUM *val[TABLE_SIZE];

-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)

-		{

-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

-		BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return -1;

-		}

-	bits=BN_num_bits(p);

-	if (bits == 0)

-		{

-		ret = BN_one(r);

-		return ret;

-		}

-	BN_CTX_start(ctx);

-	d = BN_CTX_get(ctx);

-	val[0] = BN_CTX_get(ctx);

-	if(!d || !val[0]) goto err;

-	if (!BN_nnmod(val[0],a,m,ctx)) goto err;		/* 1 */

-	if (BN_is_zero(val[0]))

-		{

-		BN_zero(r);

-		ret = 1;

-		goto err;

-		}

-	window = BN_window_bits_for_exponent_size(bits);

-	if (window > 1)

-		{

-		if (!BN_mod_mul(d,val[0],val[0],m,ctx))

-			goto err;				/* 2 */

-		j=1<<(window-1);

-		for (i=1; i<j; i++)

-			{

-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||

-					!BN_mod_mul(val[i],val[i-1],d,m,ctx))

-				goto err;

-			}

-		}

-	start=1;	/* This is used to avoid multiplication etc

-			 * when there is only the value '1' in the

-			 * buffer. */

-	wvalue=0;	/* The 'value' of the window */

-	wstart=bits-1;	/* The top bit of the window */

-	wend=0;		/* The bottom bit of the window */

-	if (!BN_one(r)) goto err;

-	for (;;)

-		{

-		if (BN_is_bit_set(p,wstart) == 0)

-			{

-			if (!start)

-				if (!BN_mod_mul(r,r,r,m,ctx))

-				goto err;

-			if (wstart == 0) break;

-			wstart--;

-			continue;

-			}

-		/* We now have wstart on a 'set' bit, we now need to work out

-		 * how bit a window to do.  To do this we need to scan

-		 * forward until the last set bit before the end of the

-		 * window */

-		j=wstart;

-		wvalue=1;

-		wend=0;

-		for (i=1; i<window; i++)

-			{

-			if (wstart-i < 0) break;

-			if (BN_is_bit_set(p,wstart-i))

-				{

-				wvalue<<=(i-wend);

-				wvalue|=1;

-				wend=i;

-				}

-			}

-		/* wend is the size of the current window */

-		j=wend+1;

-		/* add the 'bytes above' */

-		if (!start)

-			for (i=0; i<j; i++)

-				{

-				if (!BN_mod_mul(r,r,r,m,ctx))

-					goto err;

-				}

-		/* wvalue will be an odd number < 2^window */

-		if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))

-			goto err;

-		/* move the 'window' down further */

-		wstart-=wend+1;

-		wvalue=0;

-		start=0;

-		if (wstart < 0) break;

-		}

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(r);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_exp2.c

+++ /dev/null

@@ -1,311 +1,0 @@

-/* crypto/bn/bn_exp2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#define TABLE_SIZE	32

-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,

-	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,

-	BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;

-	int r_is_one=1;

-	BIGNUM *d,*r;

-	const BIGNUM *a_mod_m;

-	/* Tables of variables obtained from 'ctx' */

-	BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];

-	BN_MONT_CTX *mont=NULL;

-	bn_check_top(a1);

-	bn_check_top(p1);

-	bn_check_top(a2);

-	bn_check_top(p2);

-	bn_check_top(m);

-	if (!(m->d[0] & 1))

-		{

-		BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);

-		return(0);

-		}

-	bits1=BN_num_bits(p1);

-	bits2=BN_num_bits(p2);

-	if ((bits1 == 0) && (bits2 == 0))

-		{

-		ret = BN_one(rr);

-		return ret;

-		}

-	bits=(bits1 > bits2)?bits1:bits2;

-	BN_CTX_start(ctx);

-	d = BN_CTX_get(ctx);

-	r = BN_CTX_get(ctx);

-	val1[0] = BN_CTX_get(ctx);

-	val2[0] = BN_CTX_get(ctx);

-	if(!d || !r || !val1[0] || !val2[0]) goto err;

-	if (in_mont != NULL)

-		mont=in_mont;

-	else

-		{

-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;

-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;

-		}

-	window1 = BN_window_bits_for_exponent_size(bits1);

-	window2 = BN_window_bits_for_exponent_size(bits2);

-	/*

-	 * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)

-	 */

-	if (a1->neg || BN_ucmp(a1,m) >= 0)

-		{

-		if (!BN_mod(val1[0],a1,m,ctx))

-			goto err;

-		a_mod_m = val1[0];

-		}

-	else

-		a_mod_m = a1;

-	if (BN_is_zero(a_mod_m))

-		{

-		BN_zero(rr);

-		ret = 1;

-		goto err;

-		}

-	if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;

-	if (window1 > 1)

-		{

-		if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;

-		j=1<<(window1-1);

-		for (i=1; i<j; i++)

-			{

-			if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||

-					!BN_mod_mul_montgomery(val1[i],val1[i-1],

-						d,mont,ctx))

-				goto err;

-			}

-		}

-	/*

-	 * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)

-	 */

-	if (a2->neg || BN_ucmp(a2,m) >= 0)

-		{

-		if (!BN_mod(val2[0],a2,m,ctx))

-			goto err;

-		a_mod_m = val2[0];

-		}

-	else

-		a_mod_m = a2;

-	if (BN_is_zero(a_mod_m))

-		{

-		BN_zero(rr);

-		ret = 1;

-		goto err;

-		}

-	if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;

-	if (window2 > 1)

-		{

-		if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;

-		j=1<<(window2-1);

-		for (i=1; i<j; i++)

-			{

-			if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||

-					!BN_mod_mul_montgomery(val2[i],val2[i-1],

-						d,mont,ctx))

-				goto err;

-			}

-		}

-	/* Now compute the power product, using independent windows. */

-	r_is_one=1;

-	wvalue1=0;  /* The 'value' of the first window */

-	wvalue2=0;  /* The 'value' of the second window */

-	wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */

-	wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */

-	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;

-	for (b=bits-1; b>=0; b--)

-		{

-		if (!r_is_one)

-			{

-			if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))

-				goto err;

-			}

-		if (!wvalue1)

-			if (BN_is_bit_set(p1, b))

-				{

-				/* consider bits b-window1+1 .. b for this window */

-				i = b-window1+1;

-				while (!BN_is_bit_set(p1, i)) /* works for i<0 */

-					i++;

-				wpos1 = i;

-				wvalue1 = 1;

-				for (i = b-1; i >= wpos1; i--)

-					{

-					wvalue1 <<= 1;

-					if (BN_is_bit_set(p1, i))

-						wvalue1++;

-					}

-				}

-		if (!wvalue2)

-			if (BN_is_bit_set(p2, b))

-				{

-				/* consider bits b-window2+1 .. b for this window */

-				i = b-window2+1;

-				while (!BN_is_bit_set(p2, i))

-					i++;

-				wpos2 = i;

-				wvalue2 = 1;

-				for (i = b-1; i >= wpos2; i--)

-					{

-					wvalue2 <<= 1;

-					if (BN_is_bit_set(p2, i))

-						wvalue2++;

-					}

-				}

-		if (wvalue1 && b == wpos1)

-			{

-			/* wvalue1 is odd and < 2^window1 */

-			if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))

-				goto err;

-			wvalue1 = 0;

-			r_is_one = 0;

-			}

-		if (wvalue2 && b == wpos2)

-			{

-			/* wvalue2 is odd and < 2^window2 */

-			if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))

-				goto err;

-			wvalue2 = 0;

-			r_is_one = 0;

-			}

-		}

-	BN_from_montgomery(rr,r,mont,ctx);

-	ret=1;

-err:

-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

-	BN_CTX_end(ctx);

-	bn_check_top(rr);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_gcd.c

+++ /dev/null

@@ -1,654 +1,0 @@

-/* crypto/bn/bn_gcd.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include "bn_lcl.h"

-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);

-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*t;

-	int ret=0;

-	bn_check_top(in_a);

-	bn_check_top(in_b);

-	BN_CTX_start(ctx);

-	a = BN_CTX_get(ctx);

-	b = BN_CTX_get(ctx);

-	if (a == NULL || b == NULL) goto err;

-	if (BN_copy(a,in_a) == NULL) goto err;

-	if (BN_copy(b,in_b) == NULL) goto err;

-	a->neg = 0;

-	b->neg = 0;

-	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }

-	t=euclid(a,b);

-	if (t == NULL) goto err;

-	if (BN_copy(r,t) == NULL) goto err;

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(r);

-	return(ret);

-	}

-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)

-	{

-	BIGNUM *t;

-	int shifts=0;

-	bn_check_top(a);

-	bn_check_top(b);

-	/* 0 <= b <= a */

-	while (!BN_is_zero(b))

-		{

-		/* 0 < b <= a */

-		if (BN_is_odd(a))

-			{

-			if (BN_is_odd(b))

-				{

-				if (!BN_sub(a,a,b)) goto err;

-				if (!BN_rshift1(a,a)) goto err;

-				if (BN_cmp(a,b) < 0)

-					{ t=a; a=b; b=t; }

-				}

-			else		/* a odd - b even */

-				{

-				if (!BN_rshift1(b,b)) goto err;

-				if (BN_cmp(a,b) < 0)

-					{ t=a; a=b; b=t; }

-				}

-			}

-		else			/* a is even */

-			{

-			if (BN_is_odd(b))

-				{

-				if (!BN_rshift1(a,a)) goto err;

-				if (BN_cmp(a,b) < 0)

-					{ t=a; a=b; b=t; }

-				}

-			else		/* a even - b even */

-				{

-				if (!BN_rshift1(a,a)) goto err;

-				if (!BN_rshift1(b,b)) goto err;

-				shifts++;

-				}

-			}

-		/* 0 <= b <= a */

-		}

-	if (shifts)

-		{

-		if (!BN_lshift(a,a,shifts)) goto err;

-		}

-	bn_check_top(a);

-	return(a);

-err:

-	return(NULL);

-	}

-/* solves ax == 1 (mod n) */

-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,

-        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);

-BIGNUM *BN_mod_inverse(BIGNUM *in,

-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)

-	{

-	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;

-	BIGNUM *ret=NULL;

-	int sign;

-	if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))

-		{

-		return BN_mod_inverse_no_branch(in, a, n, ctx);

-		}

-	bn_check_top(a);

-	bn_check_top(n);

-	BN_CTX_start(ctx);

-	A = BN_CTX_get(ctx);

-	B = BN_CTX_get(ctx);

-	X = BN_CTX_get(ctx);

-	D = BN_CTX_get(ctx);

-	M = BN_CTX_get(ctx);

-	Y = BN_CTX_get(ctx);

-	T = BN_CTX_get(ctx);

-	if (T == NULL) goto err;

-	if (in == NULL)

-		R=BN_new();

-	else

-		R=in;

-	if (R == NULL) goto err;

-	BN_one(X);

-	BN_zero(Y);

-	if (BN_copy(B,a) == NULL) goto err;

-	if (BN_copy(A,n) == NULL) goto err;

-	A->neg = 0;

-	if (B->neg || (BN_ucmp(B, A) >= 0))

-		{

-		if (!BN_nnmod(B, B, A, ctx)) goto err;

-		}

-	sign = -1;

-	/* From  B = a mod |n|,  A = |n|  it follows that

-	 *

-	 *      0 <= B < A,

-	 *     -sign*X*a  ==  B   (mod |n|),

-	 *      sign*Y*a  ==  A   (mod |n|).

-	 */

-	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))

-		{

-		/* Binary inversion algorithm; requires odd modulus.

-		 * This is faster than the general algorithm if the modulus

-		 * is sufficiently small (about 400 .. 500 bits on 32-bit

-		 * sytems, but much more on 64-bit systems) */

-		int shift;

-		while (!BN_is_zero(B))

-			{

-			/*

-			 *      0 < B < |n|,

-			 *      0 < A <= |n|,

-			 * (1) -sign*X*a  ==  B   (mod |n|),

-			 * (2)  sign*Y*a  ==  A   (mod |n|)

-			 */

-			/* Now divide  B  by the maximum possible power of two in the integers,

-			 * and divide  X  by the same value mod |n|.

-			 * When we're done, (1) still holds. */

-			shift = 0;

-			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */

-				{

-				shift++;

-				if (BN_is_odd(X))

-					{

-					if (!BN_uadd(X, X, n)) goto err;

-					}

-				/* now X is even, so we can easily divide it by two */

-				if (!BN_rshift1(X, X)) goto err;

-				}

-			if (shift > 0)

-				{

-				if (!BN_rshift(B, B, shift)) goto err;

-				}

-			/* Same for  A  and  Y.  Afterwards, (2) still holds. */

-			shift = 0;

-			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */

-				{

-				shift++;

-				if (BN_is_odd(Y))

-					{

-					if (!BN_uadd(Y, Y, n)) goto err;

-					}

-				/* now Y is even */

-				if (!BN_rshift1(Y, Y)) goto err;

-				}

-			if (shift > 0)

-				{

-				if (!BN_rshift(A, A, shift)) goto err;

-				}

-			/* We still have (1) and (2).

-			 * Both  A  and  B  are odd.

-			 * The following computations ensure that

-			 *

-			 *     0 <= B < |n|,

-			 *      0 < A < |n|,

-			 * (1) -sign*X*a  ==  B   (mod |n|),

-			 * (2)  sign*Y*a  ==  A   (mod |n|),

-			 *

-			 * and that either  A  or  B  is even in the next iteration.

-			 */

-			if (BN_ucmp(B, A) >= 0)

-				{

-				/* -sign*(X + Y)*a == B - A  (mod |n|) */

-				if (!BN_uadd(X, X, Y)) goto err;

-				/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that

-				 * actually makes the algorithm slower */

-				if (!BN_usub(B, B, A)) goto err;

-				}

-			else

-				{

-				/*  sign*(X + Y)*a == A - B  (mod |n|) */

-				if (!BN_uadd(Y, Y, X)) goto err;

-				/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */

-				if (!BN_usub(A, A, B)) goto err;

-				}

-			}

-		}

-	else

-		{

-		/* general inversion algorithm */

-		while (!BN_is_zero(B))

-			{

-			BIGNUM *tmp;

-			/*

-			 *      0 < B < A,

-			 * (*) -sign*X*a  ==  B   (mod |n|),

-			 *      sign*Y*a  ==  A   (mod |n|)

-			 */

-			/* (D, M) := (A/B, A%B) ... */

-			if (BN_num_bits(A) == BN_num_bits(B))

-				{

-				if (!BN_one(D)) goto err;

-				if (!BN_sub(M,A,B)) goto err;

-				}

-			else if (BN_num_bits(A) == BN_num_bits(B) + 1)

-				{

-				/* A/B is 1, 2, or 3 */

-				if (!BN_lshift1(T,B)) goto err;

-				if (BN_ucmp(A,T) < 0)

-					{

-					/* A < 2*B, so D=1 */

-					if (!BN_one(D)) goto err;

-					if (!BN_sub(M,A,B)) goto err;

-					}

-				else

-					{

-					/* A >= 2*B, so D=2 or D=3 */

-					if (!BN_sub(M,A,T)) goto err;

-					if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */

-					if (BN_ucmp(A,D) < 0)

-						{

-						/* A < 3*B, so D=2 */

-						if (!BN_set_word(D,2)) goto err;

-						/* M (= A - 2*B) already has the correct value */

-						}

-					else

-						{

-						/* only D=3 remains */

-						if (!BN_set_word(D,3)) goto err;

-						/* currently  M = A - 2*B,  but we need  M = A - 3*B */

-						if (!BN_sub(M,M,B)) goto err;

-						}

-					}

-				}

-			else

-				{

-				if (!BN_div(D,M,A,B,ctx)) goto err;

-				}

-			/* Now

-			 *      A = D*B + M;

-			 * thus we have

-			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).

-			 */

-			tmp=A; /* keep the BIGNUM object, the value does not matter */

-			/* (A, B) := (B, A mod B) ... */

-			A=B;

-			B=M;

-			/* ... so we have  0 <= B < A  again */

-			/* Since the former  M  is now  B  and the former  B  is now  A,

-			 * (**) translates into

-			 *       sign*Y*a  ==  D*A + B    (mod |n|),

-			 * i.e.

-			 *       sign*Y*a - D*A  ==  B    (mod |n|).

-			 * Similarly, (*) translates into

-			 *      -sign*X*a  ==  A          (mod |n|).

-			 *

-			 * Thus,

-			 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),

-			 * i.e.

-			 *        sign*(Y + D*X)*a  ==  B  (mod |n|).

-			 *

-			 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at

-			 *      -sign*X*a  ==  B   (mod |n|),

-			 *       sign*Y*a  ==  A   (mod |n|).

-			 * Note that  X  and  Y  stay non-negative all the time.

-			 */

-			/* most of the time D is very small, so we can optimize tmp := D*X+Y */

-			if (BN_is_one(D))

-				{

-				if (!BN_add(tmp,X,Y)) goto err;

-				}

-			else

-				{

-				if (BN_is_word(D,2))

-					{

-					if (!BN_lshift1(tmp,X)) goto err;

-					}

-				else if (BN_is_word(D,4))

-					{

-					if (!BN_lshift(tmp,X,2)) goto err;

-					}

-				else if (D->top == 1)

-					{

-					if (!BN_copy(tmp,X)) goto err;

-					if (!BN_mul_word(tmp,D->d[0])) goto err;

-					}

-				else

-					{

-					if (!BN_mul(tmp,D,X,ctx)) goto err;

-					}

-				if (!BN_add(tmp,tmp,Y)) goto err;

-				}

-			M=Y; /* keep the BIGNUM object, the value does not matter */

-			Y=X;

-			X=tmp;

-			sign = -sign;

-			}

-		}

-	/*

-	 * The while loop (Euclid's algorithm) ends when

-	 *      A == gcd(a,n);

-	 * we have

-	 *       sign*Y*a  ==  A  (mod |n|),

-	 * where  Y  is non-negative.

-	 */

-	if (sign < 0)

-		{

-		if (!BN_sub(Y,n,Y)) goto err;

-		}

-	/* Now  Y*a  ==  A  (mod |n|).  */

-	if (BN_is_one(A))

-		{

-		/* Y*a == 1  (mod |n|) */

-		if (!Y->neg && BN_ucmp(Y,n) < 0)

-			{

-			if (!BN_copy(R,Y)) goto err;

-			}

-		else

-			{

-			if (!BN_nnmod(R,Y,n,ctx)) goto err;

-			}

-		}

-	else

-		{

-		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);

-		goto err;

-		}

-	ret=R;

-err:

-	if ((ret == NULL) && (in == NULL)) BN_free(R);

-	BN_CTX_end(ctx);

-	bn_check_top(ret);

-	return(ret);

-	}

-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.

- * It does not contain branches that may leak sensitive information.

- */

-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,

-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)

-	{

-	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;

-	BIGNUM local_A, local_B;

-	BIGNUM *pA, *pB;

-	BIGNUM *ret=NULL;

-	int sign;

-	bn_check_top(a);

-	bn_check_top(n);

-	BN_CTX_start(ctx);

-	A = BN_CTX_get(ctx);

-	B = BN_CTX_get(ctx);

-	X = BN_CTX_get(ctx);

-	D = BN_CTX_get(ctx);

-	M = BN_CTX_get(ctx);

-	Y = BN_CTX_get(ctx);

-	T = BN_CTX_get(ctx);

-	if (T == NULL) goto err;

-	if (in == NULL)

-		R=BN_new();

-	else

-		R=in;

-	if (R == NULL) goto err;

-	BN_one(X);

-	BN_zero(Y);

-	if (BN_copy(B,a) == NULL) goto err;

-	if (BN_copy(A,n) == NULL) goto err;

-	A->neg = 0;

-	if (B->neg || (BN_ucmp(B, A) >= 0))

-		{

-		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,

-	 	 * BN_div_no_branch will be called eventually.

-	 	 */

-		pB = &local_B;

-		BN_with_flags(pB, B, BN_FLG_CONSTTIME);

-		if (!BN_nnmod(B, pB, A, ctx)) goto err;

-		}

-	sign = -1;

-	/* From  B = a mod |n|,  A = |n|  it follows that

-	 *

-	 *      0 <= B < A,

-	 *     -sign*X*a  ==  B   (mod |n|),

-	 *      sign*Y*a  ==  A   (mod |n|).

-	 */

-	while (!BN_is_zero(B))

-		{

-		BIGNUM *tmp;

-		/*

-		 *      0 < B < A,

-		 * (*) -sign*X*a  ==  B   (mod |n|),

-		 *      sign*Y*a  ==  A   (mod |n|)

-		 */

-		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,

-	 	 * BN_div_no_branch will be called eventually.

-	 	 */

-		pA = &local_A;

-		BN_with_flags(pA, A, BN_FLG_CONSTTIME);

-		/* (D, M) := (A/B, A%B) ... */

-		if (!BN_div(D,M,pA,B,ctx)) goto err;

-		/* Now

-		 *      A = D*B + M;

-		 * thus we have

-		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).

-		 */

-		tmp=A; /* keep the BIGNUM object, the value does not matter */

-		/* (A, B) := (B, A mod B) ... */

-		A=B;

-		B=M;

-		/* ... so we have  0 <= B < A  again */

-		/* Since the former  M  is now  B  and the former  B  is now  A,

-		 * (**) translates into

-		 *       sign*Y*a  ==  D*A + B    (mod |n|),

-		 * i.e.

-		 *       sign*Y*a - D*A  ==  B    (mod |n|).

-		 * Similarly, (*) translates into

-		 *      -sign*X*a  ==  A          (mod |n|).

-		 *

-		 * Thus,

-		 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),

-		 * i.e.

-		 *        sign*(Y + D*X)*a  ==  B  (mod |n|).

-		 *

-		 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at

-		 *      -sign*X*a  ==  B   (mod |n|),

-		 *       sign*Y*a  ==  A   (mod |n|).

-		 * Note that  X  and  Y  stay non-negative all the time.

-		 */

-		if (!BN_mul(tmp,D,X,ctx)) goto err;

-		if (!BN_add(tmp,tmp,Y)) goto err;

-		M=Y; /* keep the BIGNUM object, the value does not matter */

-		Y=X;

-		X=tmp;

-		sign = -sign;

-		}

-	/*

-	 * The while loop (Euclid's algorithm) ends when

-	 *      A == gcd(a,n);

-	 * we have

-	 *       sign*Y*a  ==  A  (mod |n|),

-	 * where  Y  is non-negative.

-	 */

-	if (sign < 0)

-		{

-		if (!BN_sub(Y,n,Y)) goto err;

-		}

-	/* Now  Y*a  ==  A  (mod |n|).  */

-	if (BN_is_one(A))

-		{

-		/* Y*a == 1  (mod |n|) */

-		if (!Y->neg && BN_ucmp(Y,n) < 0)

-			{

-			if (!BN_copy(R,Y)) goto err;

-			}

-		else

-			{

-			if (!BN_nnmod(R,Y,n,ctx)) goto err;

-			}

-		}

-	else

-		{

-		BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);

-		goto err;

-		}

-	ret=R;

-err:

-	if ((ret == NULL) && (in == NULL)) BN_free(R);

-	BN_CTX_end(ctx);

-	bn_check_top(ret);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_gf2m.c

+++ /dev/null

@@ -1,1091 +1,0 @@

-/* crypto/bn/bn_gf2m.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * In addition, Sun covenants to all licensees who provide a reciprocal

- * covenant with respect to their own patents if any, not to sue under

- * current and future patent claims necessarily infringed by the making,

- * using, practicing, selling, offering for sale and/or otherwise

- * disposing of the ECC Code as delivered hereunder (or portions thereof),

- * provided that such covenant shall not apply:

- *  1) for code that a licensee deletes from the ECC Code;

- *  2) separates from the ECC Code; or

- *  3) for infringements caused by:

- *       i) the modification of the ECC Code or

- *      ii) the combination of the ECC Code with other software or

- *          devices where such combination causes the infringement.

- *

- * The software is originally written by Sheueling Chang Shantz and

- * Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-/* NOTE: This file is licensed pursuant to the OpenSSL license below

- * and may be modified; but after modifications, the above covenant

- * may no longer apply!  In such cases, the corresponding paragraph

- * ["In addition, Sun covenants ... causes the infringement."] and

- * this note can be edited out; but please keep the Sun copyright

- * notice and attribution. */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <assert.h>

-#include <limits.h>

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */

-#define MAX_ITERATIONS 50

-static const BN_ULONG SQR_tb[16] =

-  {     0,     1,     4,     5,    16,    17,    20,    21,

-       64,    65,    68,    69,    80,    81,    84,    85 };

-/* Platform-specific macros to accelerate squaring. */

-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)

-#define SQR1(w) \

-    SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \

-    SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \

-    SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \

-    SQR_tb[(w) >> 36 & 0xF] <<  8 | SQR_tb[(w) >> 32 & 0xF]

-#define SQR0(w) \

-    SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \

-    SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \

-    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \

-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]

-#endif

-#ifdef THIRTY_TWO_BIT

-#define SQR1(w) \

-    SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \

-    SQR_tb[(w) >> 20 & 0xF] <<  8 | SQR_tb[(w) >> 16 & 0xF]

-#define SQR0(w) \

-    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \

-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]

-#endif

-#ifdef SIXTEEN_BIT

-#define SQR1(w) \

-    SQR_tb[(w) >> 12 & 0xF] <<  8 | SQR_tb[(w) >>  8 & 0xF]

-#define SQR0(w) \

-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]

-#endif

-#ifdef EIGHT_BIT

-#define SQR1(w) \

-    SQR_tb[(w) >>  4 & 0xF]

-#define SQR0(w) \

-    SQR_tb[(w)       & 15]

-#endif

-/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,

- * result is a polynomial r with degree < 2 * BN_BITS - 1

- * The caller MUST ensure that the variables have the right amount

- * of space allocated.

- */

-#ifdef EIGHT_BIT

-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)

-	{

-	register BN_ULONG h, l, s;

-	BN_ULONG tab[4], top1b = a >> 7;

-	register BN_ULONG a1, a2;

-	a1 = a & (0x7F); a2 = a1 << 1;

-	tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;

-	s = tab[b      & 0x3]; l  = s;

-	s = tab[b >> 2 & 0x3]; l ^= s << 2; h  = s >> 6;

-	s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4;

-	s = tab[b >> 6      ]; l ^= s << 6; h ^= s >> 2;

-	/* compensate for the top bit of a */

-	if (top1b & 01) { l ^= b << 7; h ^= b >> 1; }

-	*r1 = h; *r0 = l;

-	}

-#endif

-#ifdef SIXTEEN_BIT

-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)

-	{

-	register BN_ULONG h, l, s;

-	BN_ULONG tab[4], top1b = a >> 15;

-	register BN_ULONG a1, a2;

-	a1 = a & (0x7FFF); a2 = a1 << 1;

-	tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;

-	s = tab[b      & 0x3]; l  = s;

-	s = tab[b >> 2 & 0x3]; l ^= s <<  2; h  = s >> 14;

-	s = tab[b >> 4 & 0x3]; l ^= s <<  4; h ^= s >> 12;

-	s = tab[b >> 6 & 0x3]; l ^= s <<  6; h ^= s >> 10;

-	s = tab[b >> 8 & 0x3]; l ^= s <<  8; h ^= s >>  8;

-	s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >>  6;

-	s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >>  4;

-	s = tab[b >>14      ]; l ^= s << 14; h ^= s >>  2;

-	/* compensate for the top bit of a */

-	if (top1b & 01) { l ^= b << 15; h ^= b >> 1; }

-	*r1 = h; *r0 = l;

-	}

-#endif

-#ifdef THIRTY_TWO_BIT

-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)

-	{

-	register BN_ULONG h, l, s;

-	BN_ULONG tab[8], top2b = a >> 30;

-	register BN_ULONG a1, a2, a4;

-	a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;

-	tab[0] =  0; tab[1] = a1;    tab[2] = a2;    tab[3] = a1^a2;

-	tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;

-	s = tab[b       & 0x7]; l  = s;

-	s = tab[b >>  3 & 0x7]; l ^= s <<  3; h  = s >> 29;

-	s = tab[b >>  6 & 0x7]; l ^= s <<  6; h ^= s >> 26;

-	s = tab[b >>  9 & 0x7]; l ^= s <<  9; h ^= s >> 23;

-	s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;

-	s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;

-	s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;

-	s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;

-	s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >>  8;

-	s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >>  5;

-	s = tab[b >> 30      ]; l ^= s << 30; h ^= s >>  2;

-	/* compensate for the top two bits of a */

-	if (top2b & 01) { l ^= b << 30; h ^= b >> 2; }

-	if (top2b & 02) { l ^= b << 31; h ^= b >> 1; }

-	*r1 = h; *r0 = l;

-	}

-#endif

-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)

-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)

-	{

-	register BN_ULONG h, l, s;

-	BN_ULONG tab[16], top3b = a >> 61;

-	register BN_ULONG a1, a2, a4, a8;

-	a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;

-	tab[ 0] = 0;     tab[ 1] = a1;       tab[ 2] = a2;       tab[ 3] = a1^a2;

-	tab[ 4] = a4;    tab[ 5] = a1^a4;    tab[ 6] = a2^a4;    tab[ 7] = a1^a2^a4;

-	tab[ 8] = a8;    tab[ 9] = a1^a8;    tab[10] = a2^a8;    tab[11] = a1^a2^a8;

-	tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;

-	s = tab[b       & 0xF]; l  = s;

-	s = tab[b >>  4 & 0xF]; l ^= s <<  4; h  = s >> 60;

-	s = tab[b >>  8 & 0xF]; l ^= s <<  8; h ^= s >> 56;

-	s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;

-	s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;

-	s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;

-	s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;

-	s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;

-	s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;

-	s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;

-	s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;

-	s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;

-	s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;

-	s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;

-	s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >>  8;

-	s = tab[b >> 60      ]; l ^= s << 60; h ^= s >>  4;

-	/* compensate for the top three bits of a */

-	if (top3b & 01) { l ^= b << 61; h ^= b >> 3; }

-	if (top3b & 02) { l ^= b << 62; h ^= b >> 2; }

-	if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }

-	*r1 = h; *r0 = l;

-	}

-#endif

-/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,

- * result is a polynomial r with degree < 4 * BN_BITS2 - 1

- * The caller MUST ensure that the variables have the right amount

- * of space allocated.

- */

-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)

-	{

-	BN_ULONG m1, m0;

-	/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */

-	bn_GF2m_mul_1x1(r+3, r+2, a1, b1);

-	bn_GF2m_mul_1x1(r+1, r, a0, b0);

-	bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);

-	/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */

-	r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */

-	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */

-	}

-/* Add polynomials a and b and store result in r; r could be a or b, a and b

- * could be equal; r is the bitwise XOR of a and b.

- */

-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)

-	{

-	int i;

-	const BIGNUM *at, *bt;

-	bn_check_top(a);

-	bn_check_top(b);

-	if (a->top < b->top) { at = b; bt = a; }

-	else { at = a; bt = b; }

-	bn_wexpand(r, at->top);

-	for (i = 0; i < bt->top; i++)

-		{

-		r->d[i] = at->d[i] ^ bt->d[i];

-		}

-	for (; i < at->top; i++)

-		{

-		r->d[i] = at->d[i];

-		}

-	r->top = at->top;

-	bn_correct_top(r);

-	return 1;

-	}

-/* Some functions allow for representation of the irreducible polynomials

- * as an int[], say p.  The irreducible f(t) is then of the form:

- *     t^p[0] + t^p[1] + ... + t^p[k]

- * where m = p[0] > p[1] > ... > p[k] = 0.

- */

-/* Performs modular reduction of a and store result in r.  r could be a. */

-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])

-	{

-	int j, k;

-	int n, dN, d0, d1;

-	BN_ULONG zz, *z;

-	bn_check_top(a);

-	if (!p[0])

-		{

-		/* reduction mod 1 => return 0 */

-		BN_zero(r);

-		return 1;

-		}

-	/* Since the algorithm does reduction in the r value, if a != r, copy

-	 * the contents of a into r so we can do reduction in r.

-	 */

-	if (a != r)

-		{

-		if (!bn_wexpand(r, a->top)) return 0;

-		for (j = 0; j < a->top; j++)

-			{

-			r->d[j] = a->d[j];

-			}

-		r->top = a->top;

-		}

-	z = r->d;

-	/* start reduction */

-	dN = p[0] / BN_BITS2;

-	for (j = r->top - 1; j > dN;)

-		{

-		zz = z[j];

-		if (z[j] == 0) { j--; continue; }

-		z[j] = 0;

-		for (k = 1; p[k] != 0; k++)

-			{

-			/* reducing component t^p[k] */

-			n = p[0] - p[k];

-			d0 = n % BN_BITS2;  d1 = BN_BITS2 - d0;

-			n /= BN_BITS2;

-			z[j-n] ^= (zz>>d0);

-			if (d0) z[j-n-1] ^= (zz<<d1);

-			}

-		/* reducing component t^0 */

-		n = dN;

-		d0 = p[0] % BN_BITS2;

-		d1 = BN_BITS2 - d0;

-		z[j-n] ^= (zz >> d0);

-		if (d0) z[j-n-1] ^= (zz << d1);

-		}

-	/* final round of reduction */

-	while (j == dN)

-		{

-		d0 = p[0] % BN_BITS2;

-		zz = z[dN] >> d0;

-		if (zz == 0) break;

-		d1 = BN_BITS2 - d0;

-		if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */

-		z[0] ^= zz; /* reduction t^0 component */

-		for (k = 1; p[k] != 0; k++)

-			{

-			BN_ULONG tmp_ulong;

-			/* reducing component t^p[k]*/

-			n = p[k] / BN_BITS2;

-			d0 = p[k] % BN_BITS2;

-			d1 = BN_BITS2 - d0;

-			z[n] ^= (zz << d0);

-			tmp_ulong = zz >> d1;

-                        if (d0 && tmp_ulong)

-                                z[n+1] ^= tmp_ulong;

-			}

-		}

-	bn_correct_top(r);

-	return 1;

-	}

-/* Performs modular reduction of a by p and store result in r.  r could be a.

- *

- * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_arr function.

- */

-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)

-	{

-	int ret = 0;

-	const int max = BN_num_bits(p);

-	unsigned int *arr=NULL;

-	bn_check_top(a);

-	bn_check_top(p);

-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;

-	ret = BN_GF2m_poly2arr(p, arr, max);

-	if (!ret || ret > max)

-		{

-		BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);

-		goto err;

-		}

-	ret = BN_GF2m_mod_arr(r, a, arr);

-	bn_check_top(r);

-err:

-	if (arr) OPENSSL_free(arr);

-	return ret;

-	}

-/* Compute the product of two polynomials a and b, reduce modulo p, and store

- * the result in r.  r could be a or b; a could be b.

- */

-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)

-	{

-	int zlen, i, j, k, ret = 0;

-	BIGNUM *s;

-	BN_ULONG x1, x0, y1, y0, zz[4];

-	bn_check_top(a);

-	bn_check_top(b);

-	if (a == b)

-		{

-		return BN_GF2m_mod_sqr_arr(r, a, p, ctx);

-		}

-	BN_CTX_start(ctx);

-	if ((s = BN_CTX_get(ctx)) == NULL) goto err;

-	zlen = a->top + b->top + 4;

-	if (!bn_wexpand(s, zlen)) goto err;

-	s->top = zlen;

-	for (i = 0; i < zlen; i++) s->d[i] = 0;

-	for (j = 0; j < b->top; j += 2)

-		{

-		y0 = b->d[j];

-		y1 = ((j+1) == b->top) ? 0 : b->d[j+1];

-		for (i = 0; i < a->top; i += 2)

-			{

-			x0 = a->d[i];

-			x1 = ((i+1) == a->top) ? 0 : a->d[i+1];

-			bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);

-			for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];

-			}

-		}

-	bn_correct_top(s);

-	if (BN_GF2m_mod_arr(r, s, p))

-		ret = 1;

-	bn_check_top(r);

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Compute the product of two polynomials a and b, reduce modulo p, and store

- * the result in r.  r could be a or b; a could equal b.

- *

- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_mul_arr function.

- */

-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)

-	{

-	int ret = 0;

-	const int max = BN_num_bits(p);

-	unsigned int *arr=NULL;

-	bn_check_top(a);

-	bn_check_top(b);

-	bn_check_top(p);

-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;

-	ret = BN_GF2m_poly2arr(p, arr, max);

-	if (!ret || ret > max)

-		{

-		BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);

-		goto err;

-		}

-	ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);

-	bn_check_top(r);

-err:

-	if (arr) OPENSSL_free(arr);

-	return ret;

-	}

-/* Square a, reduce the result mod p, and store it in a.  r could be a. */

-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)

-	{

-	int i, ret = 0;

-	BIGNUM *s;

-	bn_check_top(a);

-	BN_CTX_start(ctx);

-	if ((s = BN_CTX_get(ctx)) == NULL) return 0;

-	if (!bn_wexpand(s, 2 * a->top)) goto err;

-	for (i = a->top - 1; i >= 0; i--)

-		{

-		s->d[2*i+1] = SQR1(a->d[i]);

-		s->d[2*i  ] = SQR0(a->d[i]);

-		}

-	s->top = 2 * a->top;

-	bn_correct_top(s);

-	if (!BN_GF2m_mod_arr(r, s, p)) goto err;

-	bn_check_top(r);

-	ret = 1;

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Square a, reduce the result mod p, and store it in a.  r could be a.

- *

- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_sqr_arr function.

- */

-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

-	{

-	int ret = 0;

-	const int max = BN_num_bits(p);

-	unsigned int *arr=NULL;

-	bn_check_top(a);

-	bn_check_top(p);

-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;

-	ret = BN_GF2m_poly2arr(p, arr, max);

-	if (!ret || ret > max)

-		{

-		BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);

-		goto err;

-		}

-	ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);

-	bn_check_top(r);

-err:

-	if (arr) OPENSSL_free(arr);

-	return ret;

-	}

-/* Invert a, reduce modulo p, and store the result in r. r could be a.

- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from

- *     Hankerson, D., Hernandez, J.L., and Menezes, A.  "Software Implementation

- *     of Elliptic Curve Cryptography Over Binary Fields".

- */

-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

-	{

-	BIGNUM *b, *c, *u, *v, *tmp;

-	int ret = 0;

-	bn_check_top(a);

-	bn_check_top(p);

-	BN_CTX_start(ctx);

-	b = BN_CTX_get(ctx);

-	c = BN_CTX_get(ctx);

-	u = BN_CTX_get(ctx);

-	v = BN_CTX_get(ctx);

-	if (v == NULL) goto err;

-	if (!BN_one(b)) goto err;

-	if (!BN_GF2m_mod(u, a, p)) goto err;

-	if (!BN_copy(v, p)) goto err;

-	if (BN_is_zero(u)) goto err;

-	while (1)

-		{

-		while (!BN_is_odd(u))

-			{

-			if (!BN_rshift1(u, u)) goto err;

-			if (BN_is_odd(b))

-				{

-				if (!BN_GF2m_add(b, b, p)) goto err;

-				}

-			if (!BN_rshift1(b, b)) goto err;

-			}

-		if (BN_abs_is_word(u, 1)) break;

-		if (BN_num_bits(u) < BN_num_bits(v))

-			{

-			tmp = u; u = v; v = tmp;

-			tmp = b; b = c; c = tmp;

-			}

-		if (!BN_GF2m_add(u, u, v)) goto err;

-		if (!BN_GF2m_add(b, b, c)) goto err;

-		}

-	if (!BN_copy(r, b)) goto err;

-	bn_check_top(r);

-	ret = 1;

-err:

-  	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Invert xx, reduce modulo p, and store the result in r. r could be xx.

- *

- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_inv function.

- */

-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)

-	{

-	BIGNUM *field;

-	int ret = 0;

-	bn_check_top(xx);

-	BN_CTX_start(ctx);

-	if ((field = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_GF2m_arr2poly(p, field)) goto err;

-	ret = BN_GF2m_mod_inv(r, xx, field, ctx);

-	bn_check_top(r);

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-#ifndef OPENSSL_SUN_GF2M_DIV

-/* Divide y by x, reduce modulo p, and store the result in r. r could be x

- * or y, x could equal y.

- */

-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)

-	{

-	BIGNUM *xinv = NULL;

-	int ret = 0;

-	bn_check_top(y);

-	bn_check_top(x);

-	bn_check_top(p);

-	BN_CTX_start(ctx);

-	xinv = BN_CTX_get(ctx);

-	if (xinv == NULL) goto err;

-	if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;

-	if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;

-	bn_check_top(r);

-	ret = 1;

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-#else

-/* Divide y by x, reduce modulo p, and store the result in r. r could be x

- * or y, x could equal y.

- * Uses algorithm Modular_Division_GF(2^m) from

- *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to

- *     the Great Divide".

- */

-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)

-	{

-	BIGNUM *a, *b, *u, *v;

-	int ret = 0;

-	bn_check_top(y);

-	bn_check_top(x);

-	bn_check_top(p);

-	BN_CTX_start(ctx);

-	a = BN_CTX_get(ctx);

-	b = BN_CTX_get(ctx);

-	u = BN_CTX_get(ctx);

-	v = BN_CTX_get(ctx);

-	if (v == NULL) goto err;

-	/* reduce x and y mod p */

-	if (!BN_GF2m_mod(u, y, p)) goto err;

-	if (!BN_GF2m_mod(a, x, p)) goto err;

-	if (!BN_copy(b, p)) goto err;

-	while (!BN_is_odd(a))

-		{

-		if (!BN_rshift1(a, a)) goto err;

-		if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;

-		if (!BN_rshift1(u, u)) goto err;

-		}

-	do

-		{

-		if (BN_GF2m_cmp(b, a) > 0)

-			{

-			if (!BN_GF2m_add(b, b, a)) goto err;

-			if (!BN_GF2m_add(v, v, u)) goto err;

-			do

-				{

-				if (!BN_rshift1(b, b)) goto err;

-				if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;

-				if (!BN_rshift1(v, v)) goto err;

-				} while (!BN_is_odd(b));

-			}

-		else if (BN_abs_is_word(a, 1))

-			break;

-		else

-			{

-			if (!BN_GF2m_add(a, a, b)) goto err;

-			if (!BN_GF2m_add(u, u, v)) goto err;

-			do

-				{

-				if (!BN_rshift1(a, a)) goto err;

-				if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;

-				if (!BN_rshift1(u, u)) goto err;

-				} while (!BN_is_odd(a));

-			}

-		} while (1);

-	if (!BN_copy(r, u)) goto err;

-	bn_check_top(r);

-	ret = 1;

-err:

-  	BN_CTX_end(ctx);

-	return ret;

-	}

-#endif

-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx

- * or yy, xx could equal yy.

- *

- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_div function.

- */

-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)

-	{

-	BIGNUM *field;

-	int ret = 0;

-	bn_check_top(yy);

-	bn_check_top(xx);

-	BN_CTX_start(ctx);

-	if ((field = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_GF2m_arr2poly(p, field)) goto err;

-	ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);

-	bn_check_top(r);

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Compute the bth power of a, reduce modulo p, and store

- * the result in r.  r could be a.

- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.

- */

-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)

-	{

-	int ret = 0, i, n;

-	BIGNUM *u;

-	bn_check_top(a);

-	bn_check_top(b);

-	if (BN_is_zero(b))

-		return(BN_one(r));

-	if (BN_abs_is_word(b, 1))

-		return (BN_copy(r, a) != NULL);

-	BN_CTX_start(ctx);

-	if ((u = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_GF2m_mod_arr(u, a, p)) goto err;

-	n = BN_num_bits(b) - 1;

-	for (i = n - 1; i >= 0; i--)

-		{

-		if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;

-		if (BN_is_bit_set(b, i))

-			{

-			if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;

-			}

-		}

-	if (!BN_copy(r, u)) goto err;

-	bn_check_top(r);

-	ret = 1;

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Compute the bth power of a, reduce modulo p, and store

- * the result in r.  r could be a.

- *

- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_exp_arr function.

- */

-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)

-	{

-	int ret = 0;

-	const int max = BN_num_bits(p);

-	unsigned int *arr=NULL;

-	bn_check_top(a);

-	bn_check_top(b);

-	bn_check_top(p);

-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;

-	ret = BN_GF2m_poly2arr(p, arr, max);

-	if (!ret || ret > max)

-		{

-		BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);

-		goto err;

-		}

-	ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);

-	bn_check_top(r);

-err:

-	if (arr) OPENSSL_free(arr);

-	return ret;

-	}

-/* Compute the square root of a, reduce modulo p, and store

- * the result in r.  r could be a.

- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.

- */

-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)

-	{

-	int ret = 0;

-	BIGNUM *u;

-	bn_check_top(a);

-	if (!p[0])

-		{

-		/* reduction mod 1 => return 0 */

-		BN_zero(r);

-		return 1;

-		}

-	BN_CTX_start(ctx);

-	if ((u = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_set_bit(u, p[0] - 1)) goto err;

-	ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);

-	bn_check_top(r);

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Compute the square root of a, reduce modulo p, and store

- * the result in r.  r could be a.

- *

- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_sqrt_arr function.

- */

-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

-	{

-	int ret = 0;

-	const int max = BN_num_bits(p);

-	unsigned int *arr=NULL;

-	bn_check_top(a);

-	bn_check_top(p);

-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;

-	ret = BN_GF2m_poly2arr(p, arr, max);

-	if (!ret || ret > max)

-		{

-		BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);

-		goto err;

-		}

-	ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);

-	bn_check_top(r);

-err:

-	if (arr) OPENSSL_free(arr);

-	return ret;

-	}

-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.

- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.

- */

-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)

-	{

-	int ret = 0, count = 0;

-	unsigned int j;

-	BIGNUM *a, *z, *rho, *w, *w2, *tmp;

-	bn_check_top(a_);

-	if (!p[0])

-		{

-		/* reduction mod 1 => return 0 */

-		BN_zero(r);

-		return 1;

-		}

-	BN_CTX_start(ctx);

-	a = BN_CTX_get(ctx);

-	z = BN_CTX_get(ctx);

-	w = BN_CTX_get(ctx);

-	if (w == NULL) goto err;

-	if (!BN_GF2m_mod_arr(a, a_, p)) goto err;

-	if (BN_is_zero(a))

-		{

-		BN_zero(r);

-		ret = 1;

-		goto err;

-		}

-	if (p[0] & 0x1) /* m is odd */

-		{

-		/* compute half-trace of a */

-		if (!BN_copy(z, a)) goto err;

-		for (j = 1; j <= (p[0] - 1) / 2; j++)

-			{

-			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;

-			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;

-			if (!BN_GF2m_add(z, z, a)) goto err;

-			}

-		}

-	else /* m is even */

-		{

-		rho = BN_CTX_get(ctx);

-		w2 = BN_CTX_get(ctx);

-		tmp = BN_CTX_get(ctx);

-		if (tmp == NULL) goto err;

-		do

-			{

-			if (!BN_rand(rho, p[0], 0, 0)) goto err;

-			if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;

-			BN_zero(z);

-			if (!BN_copy(w, rho)) goto err;

-			for (j = 1; j <= p[0] - 1; j++)

-				{

-				if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;

-				if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;

-				if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;

-				if (!BN_GF2m_add(z, z, tmp)) goto err;

-				if (!BN_GF2m_add(w, w2, rho)) goto err;

-				}

-			count++;

-			} while (BN_is_zero(w) && (count < MAX_ITERATIONS));

-		if (BN_is_zero(w))

-			{

-			BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);

-			goto err;

-			}

-		}

-	if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;

-	if (!BN_GF2m_add(w, z, w)) goto err;

-	if (BN_GF2m_cmp(w, a))

-		{

-		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);

-		goto err;

-		}

-	if (!BN_copy(r, z)) goto err;

-	bn_check_top(r);

-	ret = 1;

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.

- *

- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper

- * function is only provided for convenience; for best performance, use the

- * BN_GF2m_mod_solve_quad_arr function.

- */

-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

-	{

-	int ret = 0;

-	const int max = BN_num_bits(p);

-	unsigned int *arr=NULL;

-	bn_check_top(a);

-	bn_check_top(p);

-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *

-						max)) == NULL) goto err;

-	ret = BN_GF2m_poly2arr(p, arr, max);

-	if (!ret || ret > max)

-		{

-		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);

-		goto err;

-		}

-	ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);

-	bn_check_top(r);

-err:

-	if (arr) OPENSSL_free(arr);

-	return ret;

-	}

-/* Convert the bit-string representation of a polynomial

- * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array

- * of integers corresponding to the bits with non-zero coefficient.

- * Up to max elements of the array will be filled.  Return value is total

- * number of coefficients that would be extracted if array was large enough.

- */

-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)

-	{

-	int i, j, k = 0;

-	BN_ULONG mask;

-	if (BN_is_zero(a) || !BN_is_bit_set(a, 0))

-		/* a_0 == 0 => return error (the unsigned int array

-		 * must be terminated by 0)

-		 */

-		return 0;

-	for (i = a->top - 1; i >= 0; i--)

-		{

-		if (!a->d[i])

-			/* skip word if a->d[i] == 0 */

-			continue;

-		mask = BN_TBIT;

-		for (j = BN_BITS2 - 1; j >= 0; j--)

-			{

-			if (a->d[i] & mask)

-				{

-				if (k < max) p[k] = BN_BITS2 * i + j;

-				k++;

-				}

-			mask >>= 1;

-			}

-		}

-	return k;

-	}

-/* Convert the coefficient array representation of a polynomial to a

- * bit-string.  The array must be terminated by 0.

- */

-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)

-	{

-	int i;

-	bn_check_top(a);

-	BN_zero(a);

-	for (i = 0; p[i] != 0; i++)

-		{

-		if (BN_set_bit(a, p[i]) == 0)

-			return 0;

-		}

-	BN_set_bit(a, 0);

-	bn_check_top(a);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_kron.c

+++ /dev/null

@@ -1,184 +1,0 @@

-/* crypto/bn/bn_kron.c */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* least significant word */

-#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])

-/* Returns -2 for errors because both -1 and 0 are valid results. */

-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	int i;

-	int ret = -2; /* avoid 'uninitialized' warning */

-	int err = 0;

-	BIGNUM *A, *B, *tmp;

-	/* In 'tab', only odd-indexed entries are relevant:

-	 * For any odd BIGNUM n,

-	 *     tab[BN_lsw(n) & 7]

-	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).

-	 * Note that the sign of n does not matter.

-	 */

-	static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};

-	bn_check_top(a);

-	bn_check_top(b);

-	BN_CTX_start(ctx);

-	A = BN_CTX_get(ctx);

-	B = BN_CTX_get(ctx);

-	if (B == NULL) goto end;

-	err = !BN_copy(A, a);

-	if (err) goto end;

-	err = !BN_copy(B, b);

-	if (err) goto end;

-	/*

-	 * Kronecker symbol, imlemented according to Henri Cohen,

-	 * "A Course in Computational Algebraic Number Theory"

-	 * (algorithm 1.4.10).

-	 */

-	/* Cohen's step 1: */

-	if (BN_is_zero(B))

-		{

-		ret = BN_abs_is_word(A, 1);

-		goto end;

- 		}

-	/* Cohen's step 2: */

-	if (!BN_is_odd(A) && !BN_is_odd(B))

-		{

-		ret = 0;

-		goto end;

-		}

-	/* now  B  is non-zero */

-	i = 0;

-	while (!BN_is_bit_set(B, i))

-		i++;

-	err = !BN_rshift(B, B, i);

-	if (err) goto end;

-	if (i & 1)

-		{

-		/* i is odd */

-		/* (thus  B  was even, thus  A  must be odd!)  */

-		/* set 'ret' to $(-1)^{(A^2-1)/8}$ */

-		ret = tab[BN_lsw(A) & 7];

-		}

-	else

-		{

-		/* i is even */

-		ret = 1;

-		}

-	if (B->neg)

-		{

-		B->neg = 0;

-		if (A->neg)

-			ret = -ret;

-		}

-	/* now  B  is positive and odd, so what remains to be done is

-	 * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */

-	while (1)

-		{

-		/* Cohen's step 3: */

-		/*  B  is positive and odd */

-		if (BN_is_zero(A))

-			{

-			ret = BN_is_one(B) ? ret : 0;

-			goto end;

-			}

-		/* now  A  is non-zero */

-		i = 0;

-		while (!BN_is_bit_set(A, i))

-			i++;

-		err = !BN_rshift(A, A, i);

-		if (err) goto end;

-		if (i & 1)

-			{

-			/* i is odd */

-			/* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */

-			ret = ret * tab[BN_lsw(B) & 7];

-			}

-		/* Cohen's step 4: */

-		/* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */

-		if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)

-			ret = -ret;

-		/* (A, B) := (B mod |A|, |A|) */

-		err = !BN_nnmod(B, B, A, ctx);

-		if (err) goto end;

-		tmp = A; A = B; B = tmp;

-		tmp->neg = 0;

-		}

-end:

-	BN_CTX_end(ctx);

-	if (err)

-		return -2;

-	else

-		return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_lcl.h

+++ /dev/null

@@ -1,489 +1,0 @@

-/* crypto/bn/bn_lcl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_BN_LCL_H

-#define HEADER_BN_LCL_H

-#include <openssl/bn.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*

- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions

- *

- *

- * For window size 'w' (w >= 2) and a random 'b' bits exponent,

- * the number of multiplications is a constant plus on average

- *

- *    2^(w-1) + (b-w)/(w+1);

- *

- * here  2^(w-1)  is for precomputing the table (we actually need

- * entries only for windows that have the lowest bit set), and

- * (b-w)/(w+1)  is an approximation for the expected number of

- * w-bit windows, not counting the first one.

- *

- * Thus we should use

- *

- *    w >= 6  if        b > 671

- *     w = 5  if  671 > b > 239

- *     w = 4  if  239 > b >  79

- *     w = 3  if   79 > b >  23

- *    w <= 2  if   23 > b

- *

- * (with draws in between).  Very small exponents are often selected

- * with low Hamming weight, so we use  w = 1  for b <= 23.

- */

-#if 1

-#define BN_window_bits_for_exponent_size(b) \

-		((b) > 671 ? 6 : \

-		 (b) > 239 ? 5 : \

-		 (b) >  79 ? 4 : \

-		 (b) >  23 ? 3 : 1)

-#else

-/* Old SSLeay/OpenSSL table.

- * Maximum window size was 5, so this table differs for b==1024;

- * but it coincides for other interesting values (b==160, b==512).

- */

-#define BN_window_bits_for_exponent_size(b) \

-		((b) > 255 ? 5 : \

-		 (b) > 127 ? 4 : \

-		 (b) >  17 ? 3 : 1)

-#endif

-/* BN_mod_exp_mont_conttime is based on the assumption that the

- * L1 data cache line width of the target processor is at least

- * the following value.

- */

-#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH	( 64 )

-#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK	(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)

-/* Window sizes optimized for fixed window size modular exponentiation

- * algorithm (BN_mod_exp_mont_consttime).

- *

- * To achieve the security goals of BN_mode_exp_mont_consttime, the

- * maximum size of the window must not exceed

- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).

- *

- * Window size thresholds are defined for cache line sizes of 32 and 64,

- * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A

- * window size of 7 should only be used on processors that have a 128

- * byte or greater cache line size.

- */

-#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64

-#  define BN_window_bits_for_ctime_exponent_size(b) \

-		((b) > 937 ? 6 : \

-		 (b) > 306 ? 5 : \

-		 (b) >  89 ? 4 : \

-		 (b) >  22 ? 3 : 1)

-#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE	(6)

-#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32

-#  define BN_window_bits_for_ctime_exponent_size(b) \

-		((b) > 306 ? 5 : \

-		 (b) >  89 ? 4 : \

-		 (b) >  22 ? 3 : 1)

-#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE	(5)

-#endif

-/* Pentium pro 16,16,16,32,64 */

-/* Alpha       16,16,16,16.64 */

-#define BN_MULL_SIZE_NORMAL			(16) /* 32 */

-#define BN_MUL_RECURSIVE_SIZE_NORMAL		(16) /* 32 less than */

-#define BN_SQR_RECURSIVE_SIZE_NORMAL		(16) /* 32 */

-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */

-#define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */

-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)

-/*

- * BN_UMULT_HIGH section.

- *

- * No, I'm not trying to overwhelm you when stating that the

- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect

- * you to be impressed when I say that if the compiler doesn't

- * support 2*N integer type, then you have to replace every N*N

- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts

- * and additions which unavoidably results in severe performance

- * penalties. Of course provided that the hardware is capable of

- * producing 2*N result... That's when you normally start

- * considering assembler implementation. However! It should be

- * pointed out that some CPUs (most notably Alpha, PowerPC and

- * upcoming IA-64 family:-) provide *separate* instruction

- * calculating the upper half of the product placing the result

- * into a general purpose register. Now *if* the compiler supports

- * inline assembler, then it's not impossible to implement the

- * "bignum" routines (and have the compiler optimize 'em)

- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH

- * macro is about:-)

- *

- *					<[email protected]>

- */

-# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))

-#  if defined(__DECC)

-#   include <c_asm.h>

-#   define BN_UMULT_HIGH(a,b)	(BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))

-#  elif defined(__GNUC__)

-#   define BN_UMULT_HIGH(a,b)	({	\

-	register BN_ULONG ret;		\

-	asm ("umulh	%1,%2,%0"	\

-	     : "=r"(ret)		\

-	     : "r"(a), "r"(b));		\

-	ret;			})

-#  endif	/* compiler */

-# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)

-#  if defined(__GNUC__)

-#   define BN_UMULT_HIGH(a,b)	({	\

-	register BN_ULONG ret;		\

-	asm ("mulhdu	%0,%1,%2"	\

-	     : "=r"(ret)		\

-	     : "r"(a), "r"(b));		\

-	ret;			})

-#  endif	/* compiler */

-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)

-#  if defined(__GNUC__)

-#   define BN_UMULT_HIGH(a,b)	({	\

-	register BN_ULONG ret,discard;	\

-	asm ("mulq	%3"		\

-	     : "=a"(discard),"=d"(ret)	\

-	     : "a"(a), "g"(b)		\

-	     : "cc");			\

-	ret;			})

-#   define BN_UMULT_LOHI(low,high,a,b)	\

-	asm ("mulq	%3"		\

-		: "=a"(low),"=d"(high)	\

-		: "a"(a),"g"(b)		\

-		: "cc");

-#  endif

-# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)

-#  if defined(_MSC_VER) && _MSC_VER>=1400

-    unsigned __int64 __umulh	(unsigned __int64 a,unsigned __int64 b);

-    unsigned __int64 _umul128	(unsigned __int64 a,unsigned __int64 b,

-				 unsigned __int64 *h);

-#   pragma intrinsic(__umulh,_umul128)

-#   define BN_UMULT_HIGH(a,b)		__umulh((a),(b))

-#   define BN_UMULT_LOHI(low,high,a,b)	((low)=_umul128((a),(b),&(high)))

-#  endif

-# endif		/* cpu */

-#endif		/* OPENSSL_NO_ASM */

-/*************************************************************

- * Using the long long type

- */

-#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)

-#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)

-#ifdef BN_DEBUG_RAND

-#define bn_clear_top2max(a) \

-	{ \

-	int      ind = (a)->dmax - (a)->top; \

-	BN_ULONG *ftl = &(a)->d[(a)->top-1]; \

-	for (; ind != 0; ind--) \

-		*(++ftl) = 0x0; \

-	}

-#else

-#define bn_clear_top2max(a)

-#endif

-#ifdef BN_LLONG

-#define mul_add(r,a,w,c) { \

-	BN_ULLONG t; \

-	t=(BN_ULLONG)w * (a) + (r) + (c); \

-	(r)= Lw(t); \

-	(c)= Hw(t); \

-	}

-#define mul(r,a,w,c) { \

-	BN_ULLONG t; \

-	t=(BN_ULLONG)w * (a) + (c); \

-	(r)= Lw(t); \

-	(c)= Hw(t); \

-	}

-#define sqr(r0,r1,a) { \

-	BN_ULLONG t; \

-	t=(BN_ULLONG)(a)*(a); \

-	(r0)=Lw(t); \

-	(r1)=Hw(t); \

-	}

-#elif defined(BN_UMULT_LOHI)

-#define mul_add(r,a,w,c) {		\

-	BN_ULONG high,low,ret,tmp=(a);	\

-	ret =  (r);			\

-	BN_UMULT_LOHI(low,high,w,tmp);	\

-	ret += (c);			\

-	(c) =  (ret<(c))?1:0;		\

-	(c) += high;			\

-	ret += low;			\

-	(c) += (ret<low)?1:0;		\

-	(r) =  ret;			\

-	}

-#define mul(r,a,w,c)	{		\

-	BN_ULONG high,low,ret,ta=(a);	\

-	BN_UMULT_LOHI(low,high,w,ta);	\

-	ret =  low + (c);		\

-	(c) =  high;			\

-	(c) += (ret<low)?1:0;		\

-	(r) =  ret;			\

-	}

-#define sqr(r0,r1,a)	{		\

-	BN_ULONG tmp=(a);		\

-	BN_UMULT_LOHI(r0,r1,tmp,tmp);	\

-	}

-#elif defined(BN_UMULT_HIGH)

-#define mul_add(r,a,w,c) {		\

-	BN_ULONG high,low,ret,tmp=(a);	\

-	ret =  (r);			\

-	high=  BN_UMULT_HIGH(w,tmp);	\

-	ret += (c);			\

-	low =  (w) * tmp;		\

-	(c) =  (ret<(c))?1:0;		\

-	(c) += high;			\

-	ret += low;			\

-	(c) += (ret<low)?1:0;		\

-	(r) =  ret;			\

-	}

-#define mul(r,a,w,c)	{		\

-	BN_ULONG high,low,ret,ta=(a);	\

-	low =  (w) * ta;		\

-	high=  BN_UMULT_HIGH(w,ta);	\

-	ret =  low + (c);		\

-	(c) =  high;			\

-	(c) += (ret<low)?1:0;		\

-	(r) =  ret;			\

-	}

-#define sqr(r0,r1,a)	{		\

-	BN_ULONG tmp=(a);		\

-	(r0) = tmp * tmp;		\

-	(r1) = BN_UMULT_HIGH(tmp,tmp);	\

-	}

-#else

-/*************************************************************

- * No long long type

- */

-#define LBITS(a)	((a)&BN_MASK2l)

-#define HBITS(a)	(((a)>>BN_BITS4)&BN_MASK2l)

-#define	L2HBITS(a)	(((a)<<BN_BITS4)&BN_MASK2)

-#define LLBITS(a)	((a)&BN_MASKl)

-#define LHBITS(a)	(((a)>>BN_BITS2)&BN_MASKl)

-#define	LL2HBITS(a)	((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)

-#define mul64(l,h,bl,bh) \

-	{ \

-	BN_ULONG m,m1,lt,ht; \

- \

-	lt=l; \

-	ht=h; \

-	m =(bh)*(lt); \

-	lt=(bl)*(lt); \

-	m1=(bl)*(ht); \

-	ht =(bh)*(ht); \

-	m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \

-	ht+=HBITS(m); \

-	m1=L2HBITS(m); \

-	lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \

-	(l)=lt; \

-	(h)=ht; \

-	}

-#define sqr64(lo,ho,in) \

-	{ \

-	BN_ULONG l,h,m; \

- \

-	h=(in); \

-	l=LBITS(h); \

-	h=HBITS(h); \

-	m =(l)*(h); \

-	l*=l; \

-	h*=h; \

-	h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \

-	m =(m&BN_MASK2l)<<(BN_BITS4+1); \

-	l=(l+m)&BN_MASK2; if (l < m) h++; \

-	(lo)=l; \

-	(ho)=h; \

-	}

-#define mul_add(r,a,bl,bh,c) { \

-	BN_ULONG l,h; \

- \

-	h= (a); \

-	l=LBITS(h); \

-	h=HBITS(h); \

-	mul64(l,h,(bl),(bh)); \

- \

-	/* non-multiply part */ \

-	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \

-	(c)=(r); \

-	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \

-	(c)=h&BN_MASK2; \

-	(r)=l; \

-	}

-#define mul(r,a,bl,bh,c) { \

-	BN_ULONG l,h; \

- \

-	h= (a); \

-	l=LBITS(h); \

-	h=HBITS(h); \

-	mul64(l,h,(bl),(bh)); \

- \

-	/* non-multiply part */ \

-	l+=(c); if ((l&BN_MASK2) < (c)) h++; \

-	(c)=h&BN_MASK2; \

-	(r)=l&BN_MASK2; \

-	}

-#endif /* !BN_LLONG */

-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);

-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);

-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);

-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);

-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);

-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);

-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);

-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,

-	int cl, int dl);

-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,

-	int dna,int dnb,BN_ULONG *t);

-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,

-	int n,int tna,int tnb,BN_ULONG *t);

-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);

-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);

-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,

-	BN_ULONG *t);

-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,

-	BN_ULONG *t);

-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,

-	int cl, int dl);

-BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,

-	int cl, int dl);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_lib.c

+++ /dev/null

@@ -1,845 +1,0 @@

-/* crypto/bn/bn_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef BN_DEBUG

-# undef NDEBUG /* avoid conflicting definitions */

-# define NDEBUG

-#endif

-#include <assert.h>

-#include <limits.h>

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;

-/* This stuff appears to be completely unused, so is deprecated */

-#ifndef OPENSSL_NO_DEPRECATED

-/* For a 32 bit machine

- * 2 -   4 ==  128

- * 3 -   8 ==  256

- * 4 -  16 ==  512

- * 5 -  32 == 1024

- * 6 -  64 == 2048

- * 7 - 128 == 4096

- * 8 - 256 == 8192

- */

-static int bn_limit_bits=0;

-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */

-static int bn_limit_bits_low=0;

-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */

-static int bn_limit_bits_high=0;

-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */

-static int bn_limit_bits_mont=0;

-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */

-void BN_set_params(int mult, int high, int low, int mont)

-	{

-	if (mult >= 0)

-		{

-		if (mult > (int)(sizeof(int)*8)-1)

-			mult=sizeof(int)*8-1;

-		bn_limit_bits=mult;

-		bn_limit_num=1<<mult;

-		}

-	if (high >= 0)

-		{

-		if (high > (int)(sizeof(int)*8)-1)

-			high=sizeof(int)*8-1;

-		bn_limit_bits_high=high;

-		bn_limit_num_high=1<<high;

-		}

-	if (low >= 0)

-		{

-		if (low > (int)(sizeof(int)*8)-1)

-			low=sizeof(int)*8-1;

-		bn_limit_bits_low=low;

-		bn_limit_num_low=1<<low;

-		}

-	if (mont >= 0)

-		{

-		if (mont > (int)(sizeof(int)*8)-1)

-			mont=sizeof(int)*8-1;

-		bn_limit_bits_mont=mont;

-		bn_limit_num_mont=1<<mont;

-		}

-	}

-int BN_get_params(int which)

-	{

-	if      (which == 0) return(bn_limit_bits);

-	else if (which == 1) return(bn_limit_bits_high);

-	else if (which == 2) return(bn_limit_bits_low);

-	else if (which == 3) return(bn_limit_bits_mont);

-	else return(0);

-	}

-#endif

-const BIGNUM *BN_value_one(void)

-	{

-	static BN_ULONG data_one=1L;

-	static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};

-	return(&const_one);

-	}

-char *BN_options(void)

-	{

-	static int init=0;

-	static char data[16];

-	if (!init)

-		{

-		init++;

-#ifdef BN_LLONG

-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",

-			     (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);

-#else

-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",

-			     (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);

-#endif

-		}

-	return(data);

-	}

-int BN_num_bits_word(BN_ULONG l)

-	{

-	static const char bits[256]={

-		0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,

-		5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,

-		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,

-		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,

-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,

-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,

-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,

-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,

-		};

-#if defined(SIXTY_FOUR_BIT_LONG)

-	if (l & 0xffffffff00000000L)

-		{

-		if (l & 0xffff000000000000L)

-			{

-			if (l & 0xff00000000000000L)

-				{

-				return(bits[(int)(l>>56)]+56);

-				}

-			else	return(bits[(int)(l>>48)]+48);

-			}

-		else

-			{

-			if (l & 0x0000ff0000000000L)

-				{

-				return(bits[(int)(l>>40)]+40);

-				}

-			else	return(bits[(int)(l>>32)]+32);

-			}

-		}

-	else

-#else

-#ifdef SIXTY_FOUR_BIT

-	if (l & 0xffffffff00000000LL)

-		{

-		if (l & 0xffff000000000000LL)

-			{

-			if (l & 0xff00000000000000LL)

-				{

-				return(bits[(int)(l>>56)]+56);

-				}

-			else	return(bits[(int)(l>>48)]+48);

-			}

-		else

-			{

-			if (l & 0x0000ff0000000000LL)

-				{

-				return(bits[(int)(l>>40)]+40);

-				}

-			else	return(bits[(int)(l>>32)]+32);

-			}

-		}

-	else

-#endif

-#endif

-		{

-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)

-		if (l & 0xffff0000L)

-			{

-			if (l & 0xff000000L)

-				return(bits[(int)(l>>24L)]+24);

-			else	return(bits[(int)(l>>16L)]+16);

-			}

-		else

-#endif

-			{

-#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)

-			if (l & 0xff00L)

-				return(bits[(int)(l>>8)]+8);

-			else

-#endif

-				return(bits[(int)(l   )]  );

-			}

-		}

-	}

-int BN_num_bits(const BIGNUM *a)

-	{

-	int i = a->top - 1;

-	bn_check_top(a);

-	if (BN_is_zero(a)) return 0;

-	return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));

-	}

-void BN_clear_free(BIGNUM *a)

-	{

-	int i;

-	if (a == NULL) return;

-	bn_check_top(a);

-	if (a->d != NULL)

-		{

-		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));

-		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))

-			OPENSSL_free(a->d);

-		}

-	i=BN_get_flags(a,BN_FLG_MALLOCED);

-	OPENSSL_cleanse(a,sizeof(BIGNUM));

-	if (i)

-		OPENSSL_free(a);

-	}

-void BN_free(BIGNUM *a)

-	{

-	if (a == NULL) return;

-	bn_check_top(a);

-	if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))

-		OPENSSL_free(a->d);

-	if (a->flags & BN_FLG_MALLOCED)

-		OPENSSL_free(a);

-	else

-		{

-#ifndef OPENSSL_NO_DEPRECATED

-		a->flags|=BN_FLG_FREE;

-#endif

-		a->d = NULL;

-		}

-	}

-void BN_init(BIGNUM *a)

-	{

-	memset(a,0,sizeof(BIGNUM));

-	bn_check_top(a);

-	}

-BIGNUM *BN_new(void)

-	{

-	BIGNUM *ret;

-	if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)

-		{

-		BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->flags=BN_FLG_MALLOCED;

-	ret->top=0;

-	ret->neg=0;

-	ret->dmax=0;

-	ret->d=NULL;

-	bn_check_top(ret);

-	return(ret);

-	}

-/* This is used both by bn_expand2() and bn_dup_expand() */

-/* The caller MUST check that words > b->dmax before calling this */

-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)

-	{

-	BN_ULONG *A,*a = NULL;

-	const BN_ULONG *B;

-	int i;

-	bn_check_top(b);

-	if (words > (INT_MAX/(4*BN_BITS2)))

-		{

-		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);

-		return NULL;

-		}

-	if (BN_get_flags(b,BN_FLG_STATIC_DATA))

-		{

-		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);

-		return(NULL);

-		}

-	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);

-	if (A == NULL)

-		{

-		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-#if 1

-	B=b->d;

-	/* Check if the previous number needs to be copied */

-	if (B != NULL)

-		{

-		for (i=b->top>>2; i>0; i--,A+=4,B+=4)

-			{

-			/*

-			 * The fact that the loop is unrolled

-			 * 4-wise is a tribute to Intel. It's

-			 * the one that doesn't have enough

-			 * registers to accomodate more data.

-			 * I'd unroll it 8-wise otherwise:-)

-			 *

-			 *		<[email protected]>

-			 */

-			BN_ULONG a0,a1,a2,a3;

-			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];

-			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;

-			}

-		switch (b->top&3)

-			{

-		case 3:	A[2]=B[2];

-		case 2:	A[1]=B[1];

-		case 1:	A[0]=B[0];

-		case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does

-		         * the switch table by doing a=top&3; a--; goto jump_table[a];

-		         * which fails for top== 0 */

-			;

-			}

-		}

-#else

-	memset(A,0,sizeof(BN_ULONG)*words);

-	memcpy(A,b->d,sizeof(b->d[0])*b->top);

-#endif

-	return(a);

-	}

-/* This is an internal function that can be used instead of bn_expand2()

- * when there is a need to copy BIGNUMs instead of only expanding the

- * data part, while still expanding them.

- * Especially useful when needing to expand BIGNUMs that are declared

- * 'const' and should therefore not be changed.

- * The reason to use this instead of a BN_dup() followed by a bn_expand2()

- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()

- * will allocate new memory for the BIGNUM data twice, and free it once,

- * while bn_dup_expand() makes sure allocation is made only once.

- */

-#ifndef OPENSSL_NO_DEPRECATED

-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)

-	{

-	BIGNUM *r = NULL;

-	bn_check_top(b);

-	/* This function does not work if

-	 *      words <= b->dmax && top < words

-	 * because BN_dup() does not preserve 'dmax'!

-	 * (But bn_dup_expand() is not used anywhere yet.)

-	 */

-	if (words > b->dmax)

-		{

-		BN_ULONG *a = bn_expand_internal(b, words);

-		if (a)

-			{

-			r = BN_new();

-			if (r)

-				{

-				r->top = b->top;

-				r->dmax = words;

-				r->neg = b->neg;

-				r->d = a;

-				}

-			else

-				{

-				/* r == NULL, BN_new failure */

-				OPENSSL_free(a);

-				}

-			}

-		/* If a == NULL, there was an error in allocation in

-		   bn_expand_internal(), and NULL should be returned */

-		}

-	else

-		{

-		r = BN_dup(b);

-		}

-	bn_check_top(r);

-	return r;

-	}

-#endif

-/* This is an internal function that should not be used in applications.

- * It ensures that 'b' has enough room for a 'words' word number

- * and initialises any unused part of b->d with leading zeros.

- * It is mostly used by the various BIGNUM routines. If there is an error,

- * NULL is returned. If not, 'b' is returned. */

-BIGNUM *bn_expand2(BIGNUM *b, int words)

-	{

-	bn_check_top(b);

-	if (words > b->dmax)

-		{

-		BN_ULONG *a = bn_expand_internal(b, words);

-		if(!a) return NULL;

-		if(b->d) OPENSSL_free(b->d);

-		b->d=a;

-		b->dmax=words;

-		}

-/* None of this should be necessary because of what b->top means! */

-#if 0

-	/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */

-	if (b->top < b->dmax)

-		{

-		int i;

-		BN_ULONG *A = &(b->d[b->top]);

-		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)

-			{

-			A[0]=0; A[1]=0; A[2]=0; A[3]=0;

-			A[4]=0; A[5]=0; A[6]=0; A[7]=0;

-			}

-		for (i=(b->dmax - b->top)&7; i>0; i--,A++)

-			A[0]=0;

-		assert(A == &(b->d[b->dmax]));

-		}

-#endif

-	bn_check_top(b);

-	return b;

-	}

-BIGNUM *BN_dup(const BIGNUM *a)

-	{

-	BIGNUM *t;

-	if (a == NULL) return NULL;

-	bn_check_top(a);

-	t = BN_new();

-	if (t == NULL) return NULL;

-	if(!BN_copy(t, a))

-		{

-		BN_free(t);

-		return NULL;

-		}

-	bn_check_top(t);

-	return t;

-	}

-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)

-	{

-	int i;

-	BN_ULONG *A;

-	const BN_ULONG *B;

-	bn_check_top(b);

-	if (a == b) return(a);

-	if (bn_wexpand(a,b->top) == NULL) return(NULL);

-#if 1

-	A=a->d;

-	B=b->d;

-	for (i=b->top>>2; i>0; i--,A+=4,B+=4)

-		{

-		BN_ULONG a0,a1,a2,a3;

-		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];

-		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;

-		}

-	switch (b->top&3)

-		{

-		case 3: A[2]=B[2];

-		case 2: A[1]=B[1];

-		case 1: A[0]=B[0];

-		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */

-		}

-#else

-	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);

-#endif

-	a->top=b->top;

-	a->neg=b->neg;

-	bn_check_top(a);

-	return(a);

-	}

-void BN_swap(BIGNUM *a, BIGNUM *b)

-	{

-	int flags_old_a, flags_old_b;

-	BN_ULONG *tmp_d;

-	int tmp_top, tmp_dmax, tmp_neg;

-	bn_check_top(a);

-	bn_check_top(b);

-	flags_old_a = a->flags;

-	flags_old_b = b->flags;

-	tmp_d = a->d;

-	tmp_top = a->top;

-	tmp_dmax = a->dmax;

-	tmp_neg = a->neg;

-	a->d = b->d;

-	a->top = b->top;

-	a->dmax = b->dmax;

-	a->neg = b->neg;

-	b->d = tmp_d;

-	b->top = tmp_top;

-	b->dmax = tmp_dmax;

-	b->neg = tmp_neg;

-	a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);

-	b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);

-	bn_check_top(a);

-	bn_check_top(b);

-	}

-void BN_clear(BIGNUM *a)

-	{

-	bn_check_top(a);

-	if (a->d != NULL)

-		memset(a->d,0,a->dmax*sizeof(a->d[0]));

-	a->top=0;

-	a->neg=0;

-	}

-BN_ULONG BN_get_word(const BIGNUM *a)

-	{

-	if (a->top > 1)

-		return BN_MASK2;

-	else if (a->top == 1)

-		return a->d[0];

-	/* a->top == 0 */

-	return 0;

-	}

-int BN_set_word(BIGNUM *a, BN_ULONG w)

-	{

-	bn_check_top(a);

-	if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);

-	a->neg = 0;

-	a->d[0] = w;

-	a->top = (w ? 1 : 0);

-	bn_check_top(a);

-	return(1);

-	}

-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)

-	{

-	unsigned int i,m;

-	unsigned int n;

-	BN_ULONG l;

-	BIGNUM  *bn = NULL;

-	if (ret == NULL)

-		ret = bn = BN_new();

-	if (ret == NULL) return(NULL);

-	bn_check_top(ret);

-	l=0;

-	n=len;

-	if (n == 0)

-		{

-		ret->top=0;

-		return(ret);

-		}

-	i=((n-1)/BN_BYTES)+1;

-	m=((n-1)%(BN_BYTES));

-	if (bn_wexpand(ret, (int)i) == NULL)

-		{

-		if (bn) BN_free(bn);

-		return NULL;

-		}

-	ret->top=i;

-	ret->neg=0;

-	while (n--)

-		{

-		l=(l<<8L)| *(s++);

-		if (m-- == 0)

-			{

-			ret->d[--i]=l;

-			l=0;

-			m=BN_BYTES-1;

-			}

-		}

-	/* need to call this due to clear byte at top if avoiding

-	 * having the top bit set (-ve number) */

-	bn_correct_top(ret);

-	return(ret);

-	}

-/* ignore negative */

-int BN_bn2bin(const BIGNUM *a, unsigned char *to)

-	{

-	int n,i;

-	BN_ULONG l;

-	bn_check_top(a);

-	n=i=BN_num_bytes(a);

-	while (i--)

-		{

-		l=a->d[i/BN_BYTES];

-		*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;

-		}

-	return(n);

-	}

-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)

-	{

-	int i;

-	BN_ULONG t1,t2,*ap,*bp;

-	bn_check_top(a);

-	bn_check_top(b);

-	i=a->top-b->top;

-	if (i != 0) return(i);

-	ap=a->d;

-	bp=b->d;

-	for (i=a->top-1; i>=0; i--)

-		{

-		t1= ap[i];

-		t2= bp[i];

-		if (t1 != t2)

-			return((t1 > t2) ? 1 : -1);

-		}

-	return(0);

-	}

-int BN_cmp(const BIGNUM *a, const BIGNUM *b)

-	{

-	int i;

-	int gt,lt;

-	BN_ULONG t1,t2;

-	if ((a == NULL) || (b == NULL))

-		{

-		if (a != NULL)

-			return(-1);

-		else if (b != NULL)

-			return(1);

-		else

-			return(0);

-		}

-	bn_check_top(a);

-	bn_check_top(b);

-	if (a->neg != b->neg)

-		{

-		if (a->neg)

-			return(-1);

-		else	return(1);

-		}

-	if (a->neg == 0)

-		{ gt=1; lt= -1; }

-	else	{ gt= -1; lt=1; }

-	if (a->top > b->top) return(gt);

-	if (a->top < b->top) return(lt);

-	for (i=a->top-1; i>=0; i--)

-		{

-		t1=a->d[i];

-		t2=b->d[i];

-		if (t1 > t2) return(gt);

-		if (t1 < t2) return(lt);

-		}

-	return(0);

-	}

-int BN_set_bit(BIGNUM *a, int n)

-	{

-	int i,j,k;

-	if (n < 0)

-		return 0;

-	i=n/BN_BITS2;

-	j=n%BN_BITS2;

-	if (a->top <= i)

-		{

-		if (bn_wexpand(a,i+1) == NULL) return(0);

-		for(k=a->top; k<i+1; k++)

-			a->d[k]=0;

-		a->top=i+1;

-		}

-	a->d[i]|=(((BN_ULONG)1)<<j);

-	bn_check_top(a);

-	return(1);

-	}

-int BN_clear_bit(BIGNUM *a, int n)

-	{

-	int i,j;

-	bn_check_top(a);

-	if (n < 0) return 0;

-	i=n/BN_BITS2;

-	j=n%BN_BITS2;

-	if (a->top <= i) return(0);

-	a->d[i]&=(~(((BN_ULONG)1)<<j));

-	bn_correct_top(a);

-	return(1);

-	}

-int BN_is_bit_set(const BIGNUM *a, int n)

-	{

-	int i,j;

-	bn_check_top(a);

-	if (n < 0) return 0;

-	i=n/BN_BITS2;

-	j=n%BN_BITS2;

-	if (a->top <= i) return 0;

-	return(((a->d[i])>>j)&((BN_ULONG)1));

-	}

-int BN_mask_bits(BIGNUM *a, int n)

-	{

-	int b,w;

-	bn_check_top(a);

-	if (n < 0) return 0;

-	w=n/BN_BITS2;

-	b=n%BN_BITS2;

-	if (w >= a->top) return 0;

-	if (b == 0)

-		a->top=w;

-	else

-		{

-		a->top=w+1;

-		a->d[w]&= ~(BN_MASK2<<b);

-		}

-	bn_correct_top(a);

-	return(1);

-	}

-void BN_set_negative(BIGNUM *a, int b)

-	{

-	if (b && !BN_is_zero(a))

-		a->neg = 1;

-	else

-		a->neg = 0;

-	}

-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)

-	{

-	int i;

-	BN_ULONG aa,bb;

-	aa=a[n-1];

-	bb=b[n-1];

-	if (aa != bb) return((aa > bb)?1:-1);

-	for (i=n-2; i>=0; i--)

-		{

-		aa=a[i];

-		bb=b[i];

-		if (aa != bb) return((aa > bb)?1:-1);

-		}

-	return(0);

-	}

-/* Here follows a specialised variants of bn_cmp_words().  It has the

-   property of performing the operation on arrays of different sizes.

-   The sizes of those arrays is expressed through cl, which is the

-   common length ( basicall, min(len(a),len(b)) ), and dl, which is the

-   delta between the two lengths, calculated as len(a)-len(b).

-   All lengths are the number of BN_ULONGs...  */

-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,

-	int cl, int dl)

-	{

-	int n,i;

-	n = cl-1;

-	if (dl < 0)

-		{

-		for (i=dl; i<0; i++)

-			{

-			if (b[n-i] != 0)

-				return -1; /* a < b */

-			}

-		}

-	if (dl > 0)

-		{

-		for (i=dl; i>0; i--)

-			{

-			if (a[n+i] != 0)

-				return 1; /* a > b */

-			}

-		}

-	return bn_cmp_words(a,b,cl);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_mod.c

+++ /dev/null

@@ -1,301 +1,0 @@

-/* crypto/bn/bn_mod.c */

-/* Includes code written by Lenka Fibikova <[email protected]>

- * for the OpenSSL project. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#if 0 /* now just a #define */

-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)

-	{

-	return(BN_div(NULL,rem,m,d,ctx));

-	/* note that  rem->neg == m->neg  (unless the remainder is zero) */

-	}

-#endif

-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)

-	{

-	/* like BN_mod, but returns non-negative remainder

-	 * (i.e.,  0 <= r < |d|  always holds) */

-	if (!(BN_mod(r,m,d,ctx)))

-		return 0;

-	if (!r->neg)

-		return 1;

-	/* now   -|d| < r < 0,  so we have to set  r := r + |d| */

-	return (d->neg ? BN_sub : BN_add)(r, r, d);

-}

-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)

-	{

-	if (!BN_add(r, a, b)) return 0;

-	return BN_nnmod(r, r, m, ctx);

-	}

-/* BN_mod_add variant that may be used if both  a  and  b  are non-negative

- * and less than  m */

-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)

-	{

-	if (!BN_uadd(r, a, b)) return 0;

-	if (BN_ucmp(r, m) >= 0)

-		return BN_usub(r, r, m);

-	return 1;

-	}

-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)

-	{

-	if (!BN_sub(r, a, b)) return 0;

-	return BN_nnmod(r, r, m, ctx);

-	}

-/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative

- * and less than  m */

-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)

-	{

-	if (!BN_sub(r, a, b)) return 0;

-	if (r->neg)

-		return BN_add(r, r, m);

-	return 1;

-	}

-/* slow but works */

-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,

-	BN_CTX *ctx)

-	{

-	BIGNUM *t;

-	int ret=0;

-	bn_check_top(a);

-	bn_check_top(b);

-	bn_check_top(m);

-	BN_CTX_start(ctx);

-	if ((t = BN_CTX_get(ctx)) == NULL) goto err;

-	if (a == b)

-		{ if (!BN_sqr(t,a,ctx)) goto err; }

-	else

-		{ if (!BN_mul(t,a,b,ctx)) goto err; }

-	if (!BN_nnmod(r,t,m,ctx)) goto err;

-	bn_check_top(r);

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)

-	{

-	if (!BN_sqr(r, a, ctx)) return 0;

-	/* r->neg == 0,  thus we don't need BN_nnmod */

-	return BN_mod(r, r, m, ctx);

-	}

-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)

-	{

-	if (!BN_lshift1(r, a)) return 0;

-	bn_check_top(r);

-	return BN_nnmod(r, r, m, ctx);

-	}

-/* BN_mod_lshift1 variant that may be used if  a  is non-negative

- * and less than  m */

-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)

-	{

-	if (!BN_lshift1(r, a)) return 0;

-	bn_check_top(r);

-	if (BN_cmp(r, m) >= 0)

-		return BN_sub(r, r, m);

-	return 1;

-	}

-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)

-	{

-	BIGNUM *abs_m = NULL;

-	int ret;

-	if (!BN_nnmod(r, a, m, ctx)) return 0;

-	if (m->neg)

-		{

-		abs_m = BN_dup(m);

-		if (abs_m == NULL) return 0;

-		abs_m->neg = 0;

-		}

-	ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));

-	bn_check_top(r);

-	if (abs_m)

-		BN_free(abs_m);

-	return ret;

-	}

-/* BN_mod_lshift variant that may be used if  a  is non-negative

- * and less than  m */

-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)

-	{

-	if (r != a)

-		{

-		if (BN_copy(r, a) == NULL) return 0;

-		}

-	while (n > 0)

-		{

-		int max_shift;

-		/* 0 < r < m */

-		max_shift = BN_num_bits(m) - BN_num_bits(r);

-		/* max_shift >= 0 */

-		if (max_shift < 0)

-			{

-			BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);

-			return 0;

-			}

-		if (max_shift > n)

-			max_shift = n;

-		if (max_shift)

-			{

-			if (!BN_lshift(r, r, max_shift)) return 0;

-			n -= max_shift;

-			}

-		else

-			{

-			if (!BN_lshift1(r, r)) return 0;

-			--n;

-			}

-		/* BN_num_bits(r) <= BN_num_bits(m) */

-		if (BN_cmp(r, m) >= 0)

-			{

-			if (!BN_sub(r, r, m)) return 0;

-			}

-		}

-	bn_check_top(r);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_mont.c

+++ /dev/null

@@ -1,491 +1,0 @@

-/* crypto/bn/bn_mont.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

- * Details about Montgomery multiplication algorithms can be found at

- * http://security.ece.orst.edu/publications.html, e.g.

- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and

- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#define MONT_WORD /* use the faster word-based algorithm */

-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,

-			  BN_MONT_CTX *mont, BN_CTX *ctx)

-	{

-	BIGNUM *tmp;

-	int ret=0;

-	BN_CTX_start(ctx);

-	tmp = BN_CTX_get(ctx);

-	if (tmp == NULL) goto err;

-	bn_check_top(tmp);

-	if (a == b)

-		{

-		if (!BN_sqr(tmp,a,ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_mul(tmp,a,b,ctx)) goto err;

-		}

-	/* reduce from aRR to aR */

-	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;

-	bn_check_top(r);

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,

-	     BN_CTX *ctx)

-	{

-	int retn=0;

-#ifdef MONT_WORD

-	BIGNUM *n,*r;

-	BN_ULONG *ap,*np,*rp,n0,v,*nrp;

-	int al,nl,max,i,x,ri;

-	BN_CTX_start(ctx);

-	if ((r = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_copy(r,a)) goto err;

-	n= &(mont->N);

-	ap=a->d;

-	/* mont->ri is the size of mont->N in bits (rounded up

-	   to the word size) */

-	al=ri=mont->ri/BN_BITS2;

-	nl=n->top;

-	if ((al == 0) || (nl == 0)) { r->top=0; return(1); }

-	max=(nl+al+1); /* allow for overflow (no?) XXX */

-	if (bn_wexpand(r,max) == NULL) goto err;

-	r->neg=a->neg^n->neg;

-	np=n->d;

-	rp=r->d;

-	nrp= &(r->d[nl]);

-	/* clear the top words of T */

-#if 1

-	for (i=r->top; i<max; i++) /* memset? XXX */

-		r->d[i]=0;

-#else

-	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG));

-#endif

-	r->top=max;

-	n0=mont->n0;

-#ifdef BN_COUNT

-	fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);

-#endif

-	for (i=0; i<nl; i++)

-		{

-#ifdef __TANDEM

-                {

-                   long long t1;

-                   long long t2;

-                   long long t3;

-                   t1 = rp[0] * (n0 & 0177777);

-                   t2 = 037777600000l;

-                   t2 = n0 & t2;

-                   t3 = rp[0] & 0177777;

-                   t2 = (t3 * t2) & BN_MASK2;

-                   t1 = t1 + t2;

-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);

-                }

-#else

-		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);

-#endif

-		nrp++;

-		rp++;

-		if (((nrp[-1]+=v)&BN_MASK2) >= v)

-			continue;

-		else

-			{

-			if (((++nrp[0])&BN_MASK2) != 0) continue;

-			if (((++nrp[1])&BN_MASK2) != 0) continue;

-			for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;

-			}

-		}

-	bn_correct_top(r);

-	/* mont->ri will be a multiple of the word size and below code

-	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */

-	if (r->top <= ri)

-		{

-		ret->top=0;

-		retn=1;

-		goto err;

-		}

-	al=r->top-ri;

-# define BRANCH_FREE 1

-# if BRANCH_FREE

-	if (bn_wexpand(ret,ri) == NULL) goto err;

-	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);

-	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */

-	ret->neg=r->neg;

-	rp=ret->d;

-	ap=&(r->d[ri]);

-	{

-	size_t m1,m2;

-	v=bn_sub_words(rp,ap,np,ri);

-	/* this ----------------^^ works even in al<ri case

-	 * thanks to zealous zeroing of top of the vector in the

-	 * beginning. */

-	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */

-	/* in other words if subtraction result is real, then

-	 * trick unconditional memcpy below to perform in-place

-	 * "refresh" instead of actual copy. */

-	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */

-	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */

-	m1|=m2;			/* (al!=ri) */

-	m1|=(0-(size_t)v);	/* (al!=ri || v) */

-	m1&=~m2;		/* (al!=ri || v) && !al>ri */

-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));

-	}

-	/* 'i<ri' is chosen to eliminate dependency on input data, even

-	 * though it results in redundant copy in al<ri case. */

-	for (i=0,ri-=4; i<ri; i+=4)

-		{

-		BN_ULONG t1,t2,t3,t4;

-		t1=nrp[i+0];

-		t2=nrp[i+1];

-		t3=nrp[i+2];	ap[i+0]=0;

-		t4=nrp[i+3];	ap[i+1]=0;

-		rp[i+0]=t1;	ap[i+2]=0;

-		rp[i+1]=t2;	ap[i+3]=0;

-		rp[i+2]=t3;

-		rp[i+3]=t4;

-		}

-	for (ri+=4; i<ri; i++)

-		rp[i]=nrp[i], ap[i]=0;

-	bn_correct_top(r);

-	bn_correct_top(ret);

-# else

-	if (bn_wexpand(ret,al) == NULL) goto err;

-	ret->top=al;

-	ret->neg=r->neg;

-	rp=ret->d;

-	ap=&(r->d[ri]);

-	al-=4;

-	for (i=0; i<al; i+=4)

-		{

-		BN_ULONG t1,t2,t3,t4;

-		t1=ap[i+0];

-		t2=ap[i+1];

-		t3=ap[i+2];

-		t4=ap[i+3];

-		rp[i+0]=t1;

-		rp[i+1]=t2;

-		rp[i+2]=t3;

-		rp[i+3]=t4;

-		}

-	al+=4;

-	for (; i<al; i++)

-		rp[i]=ap[i];

-# endif

-#else /* !MONT_WORD */

-	BIGNUM *t1,*t2;

-	BN_CTX_start(ctx);

-	t1 = BN_CTX_get(ctx);

-	t2 = BN_CTX_get(ctx);

-	if (t1 == NULL || t2 == NULL) goto err;

-	if (!BN_copy(t1,a)) goto err;

-	BN_mask_bits(t1,mont->ri);

-	if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;

-	BN_mask_bits(t2,mont->ri);

-	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;

-	if (!BN_add(t2,a,t1)) goto err;

-	if (!BN_rshift(ret,t2,mont->ri)) goto err;

-#endif /* MONT_WORD */

-#if !defined(BRANCH_FREE) || BRANCH_FREE==0

-	if (BN_ucmp(ret, &(mont->N)) >= 0)

-		{

-		if (!BN_usub(ret,ret,&(mont->N))) goto err;

-		}

-#endif

-	retn=1;

-	bn_check_top(ret);

- err:

-	BN_CTX_end(ctx);

-	return(retn);

-	}

-BN_MONT_CTX *BN_MONT_CTX_new(void)

-	{

-	BN_MONT_CTX *ret;

-	if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)

-		return(NULL);

-	BN_MONT_CTX_init(ret);

-	ret->flags=BN_FLG_MALLOCED;

-	return(ret);

-	}

-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)

-	{

-	ctx->ri=0;

-	BN_init(&(ctx->RR));

-	BN_init(&(ctx->N));

-	BN_init(&(ctx->Ni));

-	ctx->flags=0;

-	}

-void BN_MONT_CTX_free(BN_MONT_CTX *mont)

-	{

-	if(mont == NULL)

-	    return;

-	BN_free(&(mont->RR));

-	BN_free(&(mont->N));

-	BN_free(&(mont->Ni));

-	if (mont->flags & BN_FLG_MALLOCED)

-		OPENSSL_free(mont);

-	}

-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BIGNUM *Ri,*R;

-	BN_CTX_start(ctx);

-	if((Ri = BN_CTX_get(ctx)) == NULL) goto err;

-	R= &(mont->RR);					/* grab RR as a temp */

-	if (!BN_copy(&(mont->N),mod)) goto err;		/* Set N */

-	mont->N.neg = 0;

-#ifdef MONT_WORD

-		{

-		BIGNUM tmod;

-		BN_ULONG buf[2];

-		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;

-		BN_zero(R);

-		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */

-		buf[0]=mod->d[0]; /* tmod = N mod word size */

-		buf[1]=0;

-		tmod.d=buf;

-		tmod.top = buf[0] != 0 ? 1 : 0;

-		tmod.dmax=2;

-		tmod.neg=0;

-							/* Ri = R^-1 mod N*/

-		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)

-			goto err;

-		if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */

-		if (!BN_is_zero(Ri))

-			{

-			if (!BN_sub_word(Ri,1)) goto err;

-			}

-		else /* if N mod word size == 1 */

-			{

-			if (!BN_set_word(Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */

-			}

-		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;

-		/* Ni = (R*Ri-1)/N,

-		 * keep only least significant word: */

-		mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;

-		}

-#else /* !MONT_WORD */

-		{ /* bignum version */

-		mont->ri=BN_num_bits(&mont->N);

-		BN_zero(R);

-		if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */

-		                                        /* Ri = R^-1 mod N*/

-		if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)

-			goto err;

-		if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */

-		if (!BN_sub_word(Ri,1)) goto err;

-							/* Ni = (R*Ri-1) / N */

-		if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;

-		}

-#endif

-	/* setup RR for conversions */

-	BN_zero(&(mont->RR));

-	if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;

-	if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;

-	ret = 1;

-err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)

-	{

-	if (to == from) return(to);

-	if (!BN_copy(&(to->RR),&(from->RR))) return NULL;

-	if (!BN_copy(&(to->N),&(from->N))) return NULL;

-	if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;

-	to->ri=from->ri;

-	to->n0=from->n0;

-	return(to);

-	}

-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,

-					const BIGNUM *mod, BN_CTX *ctx)

-	{

-	int got_write_lock = 0;

-	BN_MONT_CTX *ret;

-	CRYPTO_r_lock(lock);

-	if (!*pmont)

-		{

-		CRYPTO_r_unlock(lock);

-		CRYPTO_w_lock(lock);

-		got_write_lock = 1;

-		if (!*pmont)

-			{

-			ret = BN_MONT_CTX_new();

-			if (ret && !BN_MONT_CTX_set(ret, mod, ctx))

-				BN_MONT_CTX_free(ret);

-			else

-				*pmont = ret;

-			}

-		}

-	ret = *pmont;

-	if (got_write_lock)

-		CRYPTO_w_unlock(lock);

-	else

-		CRYPTO_r_unlock(lock);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_mpi.c

+++ /dev/null

@@ -1,130 +1,0 @@

-/* crypto/bn/bn_mpi.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)

-	{

-	int bits;

-	int num=0;

-	int ext=0;

-	long l;

-	bits=BN_num_bits(a);

-	num=(bits+7)/8;

-	if (bits > 0)

-		{

-		ext=((bits & 0x07) == 0);

-		}

-	if (d == NULL)

-		return(num+4+ext);

-	l=num+ext;

-	d[0]=(unsigned char)(l>>24)&0xff;

-	d[1]=(unsigned char)(l>>16)&0xff;

-	d[2]=(unsigned char)(l>> 8)&0xff;

-	d[3]=(unsigned char)(l    )&0xff;

-	if (ext) d[4]=0;

-	num=BN_bn2bin(a,&(d[4+ext]));

-	if (a->neg)

-		d[4]|=0x80;

-	return(num+4+ext);

-	}

-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)

-	{

-	long len;

-	int neg=0;

-	if (n < 4)

-		{

-		BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);

-		return(NULL);

-		}

-	len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];

-	if ((len+4) != n)

-		{

-		BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);

-		return(NULL);

-		}

-	if (a == NULL) a=BN_new();

-	if (a == NULL) return(NULL);

-	if (len == 0)

-		{

-		a->neg=0;

-		a->top=0;

-		return(a);

-		}

-	d+=4;

-	if ((*d) & 0x80)

-		neg=1;

-	if (BN_bin2bn(d,(int)len,a) == NULL)

-		return(NULL);

-	a->neg=neg;

-	if (neg)

-		{

-		BN_clear_bit(a,BN_num_bits(a)-1);

-		}

-	bn_check_top(a);

-	return(a);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_mul.c

+++ /dev/null

@@ -1,1164 +1,0 @@

-/* crypto/bn/bn_mul.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef BN_DEBUG

-# undef NDEBUG /* avoid conflicting definitions */

-# define NDEBUG

-#endif

-#include <stdio.h>

-#include <assert.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)

-/* Here follows specialised variants of bn_add_words() and

-   bn_sub_words().  They have the property performing operations on

-   arrays of different sizes.  The sizes of those arrays is expressed through

-   cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,

-   which is the delta between the two lengths, calculated as len(a)-len(b).

-   All lengths are the number of BN_ULONGs...  For the operations that require

-   a result array as parameter, it must have the length cl+abs(dl).

-   These functions should probably end up in bn_asm.c as soon as there are

-   assembler counterparts for the systems that use assembler files.  */

-BN_ULONG bn_sub_part_words(BN_ULONG *r,

-	const BN_ULONG *a, const BN_ULONG *b,

-	int cl, int dl)

-	{

-	BN_ULONG c, t;

-	assert(cl >= 0);

-	c = bn_sub_words(r, a, b, cl);

-	if (dl == 0)

-		return c;

-	r += cl;

-	a += cl;

-	b += cl;

-	if (dl < 0)

-		{

-#ifdef BN_COUNT

-		fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);

-#endif

-		for (;;)

-			{

-			t = b[0];

-			r[0] = (0-t-c)&BN_MASK2;

-			if (t != 0) c=1;

-			if (++dl >= 0) break;

-			t = b[1];

-			r[1] = (0-t-c)&BN_MASK2;

-			if (t != 0) c=1;

-			if (++dl >= 0) break;

-			t = b[2];

-			r[2] = (0-t-c)&BN_MASK2;

-			if (t != 0) c=1;

-			if (++dl >= 0) break;

-			t = b[3];

-			r[3] = (0-t-c)&BN_MASK2;

-			if (t != 0) c=1;

-			if (++dl >= 0) break;

-			b += 4;

-			r += 4;

-			}

-		}

-	else

-		{

-		int save_dl = dl;

-#ifdef BN_COUNT

-		fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);

-#endif

-		while(c)

-			{

-			t = a[0];

-			r[0] = (t-c)&BN_MASK2;

-			if (t != 0) c=0;

-			if (--dl <= 0) break;

-			t = a[1];

-			r[1] = (t-c)&BN_MASK2;

-			if (t != 0) c=0;

-			if (--dl <= 0) break;

-			t = a[2];

-			r[2] = (t-c)&BN_MASK2;

-			if (t != 0) c=0;

-			if (--dl <= 0) break;

-			t = a[3];

-			r[3] = (t-c)&BN_MASK2;

-			if (t != 0) c=0;

-			if (--dl <= 0) break;

-			save_dl = dl;

-			a += 4;

-			r += 4;

-			}

-		if (dl > 0)

-			{

-#ifdef BN_COUNT

-			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);

-#endif

-			if (save_dl > dl)

-				{

-				switch (save_dl - dl)

-					{

-				case 1:

-					r[1] = a[1];

-					if (--dl <= 0) break;

-				case 2:

-					r[2] = a[2];

-					if (--dl <= 0) break;

-				case 3:

-					r[3] = a[3];

-					if (--dl <= 0) break;

-					}

-				a += 4;

-				r += 4;

-				}

-			}

-		if (dl > 0)

-			{

-#ifdef BN_COUNT

-			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);

-#endif

-			for(;;)

-				{

-				r[0] = a[0];

-				if (--dl <= 0) break;

-				r[1] = a[1];

-				if (--dl <= 0) break;

-				r[2] = a[2];

-				if (--dl <= 0) break;

-				r[3] = a[3];

-				if (--dl <= 0) break;

-				a += 4;

-				r += 4;

-				}

-			}

-		}

-	return c;

-	}

-#endif

-BN_ULONG bn_add_part_words(BN_ULONG *r,

-	const BN_ULONG *a, const BN_ULONG *b,

-	int cl, int dl)

-	{

-	BN_ULONG c, l, t;

-	assert(cl >= 0);

-	c = bn_add_words(r, a, b, cl);

-	if (dl == 0)

-		return c;

-	r += cl;

-	a += cl;

-	b += cl;

-	if (dl < 0)

-		{

-		int save_dl = dl;

-#ifdef BN_COUNT

-		fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);

-#endif

-		while (c)

-			{

-			l=(c+b[0])&BN_MASK2;

-			c=(l < c);

-			r[0]=l;

-			if (++dl >= 0) break;

-			l=(c+b[1])&BN_MASK2;

-			c=(l < c);

-			r[1]=l;

-			if (++dl >= 0) break;

-			l=(c+b[2])&BN_MASK2;

-			c=(l < c);

-			r[2]=l;

-			if (++dl >= 0) break;

-			l=(c+b[3])&BN_MASK2;

-			c=(l < c);

-			r[3]=l;

-			if (++dl >= 0) break;

-			save_dl = dl;

-			b+=4;

-			r+=4;

-			}

-		if (dl < 0)

-			{

-#ifdef BN_COUNT

-			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);

-#endif

-			if (save_dl < dl)

-				{

-				switch (dl - save_dl)

-					{

-				case 1:

-					r[1] = b[1];

-					if (++dl >= 0) break;

-				case 2:

-					r[2] = b[2];

-					if (++dl >= 0) break;

-				case 3:

-					r[3] = b[3];

-					if (++dl >= 0) break;

-					}

-				b += 4;

-				r += 4;

-				}

-			}

-		if (dl < 0)

-			{

-#ifdef BN_COUNT

-			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);

-#endif

-			for(;;)

-				{

-				r[0] = b[0];

-				if (++dl >= 0) break;

-				r[1] = b[1];

-				if (++dl >= 0) break;

-				r[2] = b[2];

-				if (++dl >= 0) break;

-				r[3] = b[3];

-				if (++dl >= 0) break;

-				b += 4;

-				r += 4;

-				}

-			}

-		}

-	else

-		{

-		int save_dl = dl;

-#ifdef BN_COUNT

-		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);

-#endif

-		while (c)

-			{

-			t=(a[0]+c)&BN_MASK2;

-			c=(t < c);

-			r[0]=t;

-			if (--dl <= 0) break;

-			t=(a[1]+c)&BN_MASK2;

-			c=(t < c);

-			r[1]=t;

-			if (--dl <= 0) break;

-			t=(a[2]+c)&BN_MASK2;

-			c=(t < c);

-			r[2]=t;

-			if (--dl <= 0) break;

-			t=(a[3]+c)&BN_MASK2;

-			c=(t < c);

-			r[3]=t;

-			if (--dl <= 0) break;

-			save_dl = dl;

-			a+=4;

-			r+=4;

-			}

-#ifdef BN_COUNT

-		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);

-#endif

-		if (dl > 0)

-			{

-			if (save_dl > dl)

-				{

-				switch (save_dl - dl)

-					{

-				case 1:

-					r[1] = a[1];

-					if (--dl <= 0) break;

-				case 2:

-					r[2] = a[2];

-					if (--dl <= 0) break;

-				case 3:

-					r[3] = a[3];

-					if (--dl <= 0) break;

-					}

-				a += 4;

-				r += 4;

-				}

-			}

-		if (dl > 0)

-			{

-#ifdef BN_COUNT

-			fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);

-#endif

-			for(;;)

-				{

-				r[0] = a[0];

-				if (--dl <= 0) break;

-				r[1] = a[1];

-				if (--dl <= 0) break;

-				r[2] = a[2];

-				if (--dl <= 0) break;

-				r[3] = a[3];

-				if (--dl <= 0) break;

-				a += 4;

-				r += 4;

-				}

-			}

-		}

-	return c;

-	}

-#ifdef BN_RECURSION

-/* Karatsuba recursive multiplication algorithm

- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */

-/* r is 2*n2 words in size,

- * a and b are both n2 words in size.

- * n2 must be a power of 2.

- * We multiply and return the result.

- * t must be 2*n2 words in size

- * We calculate

- * a[0]*b[0]

- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])

- * a[1]*b[1]

- */

-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,

-	int dna, int dnb, BN_ULONG *t)

-	{

-	int n=n2/2,c1,c2;

-	int tna=n+dna, tnb=n+dnb;

-	unsigned int neg,zero;

-	BN_ULONG ln,lo,*p;

-# ifdef BN_COUNT

-	fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);

-# endif

-# ifdef BN_MUL_COMBA

-#  if 0

-	if (n2 == 4)

-		{

-		bn_mul_comba4(r,a,b);

-		return;

-		}

-#  endif

-	/* Only call bn_mul_comba 8 if n2 == 8 and the

-	 * two arrays are complete [steve]

-	 */

-	if (n2 == 8 && dna == 0 && dnb == 0)

-		{

-		bn_mul_comba8(r,a,b);

-		return;

-		}

-# endif /* BN_MUL_COMBA */

-	/* Else do normal multiply */

-	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)

-		{

-		bn_mul_normal(r,a,n2+dna,b,n2+dnb);

-		if ((dna + dnb) < 0)

-			memset(&r[2*n2 + dna + dnb], 0,

-				sizeof(BN_ULONG) * -(dna + dnb));

-		return;

-		}

-	/* r=(a[0]-a[1])*(b[1]-b[0]) */

-	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);

-	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);

-	zero=neg=0;

-	switch (c1*3+c2)

-		{

-	case -4:

-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */

-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */

-		break;

-	case -3:

-		zero=1;

-		break;

-	case -2:

-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */

-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */

-		neg=1;

-		break;

-	case -1:

-	case 0:

-	case 1:

-		zero=1;

-		break;

-	case 2:

-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */

-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */

-		neg=1;

-		break;

-	case 3:

-		zero=1;

-		break;

-	case 4:

-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);

-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);

-		break;

-		}

-# ifdef BN_MUL_COMBA

-	if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take

-					       extra args to do this well */

-		{

-		if (!zero)

-			bn_mul_comba4(&(t[n2]),t,&(t[n]));

-		else

-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));

-		bn_mul_comba4(r,a,b);

-		bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));

-		}

-	else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could

-						    take extra args to do this

-						    well */

-		{

-		if (!zero)

-			bn_mul_comba8(&(t[n2]),t,&(t[n]));

-		else

-			memset(&(t[n2]),0,16*sizeof(BN_ULONG));

-		bn_mul_comba8(r,a,b);

-		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));

-		}

-	else

-# endif /* BN_MUL_COMBA */

-		{

-		p= &(t[n2*2]);

-		if (!zero)

-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);

-		else

-			memset(&(t[n2]),0,n2*sizeof(BN_ULONG));

-		bn_mul_recursive(r,a,b,n,0,0,p);

-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);

-		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign

-	 * r[10] holds (a[0]*b[0])

-	 * r[32] holds (b[1]*b[1])

-	 */

-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));

-	if (neg) /* if t[32] is negative */

-		{

-		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));

-		}

-	else

-		{

-		/* Might have a carry */

-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));

-		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])

-	 * r[10] holds (a[0]*b[0])

-	 * r[32] holds (b[1]*b[1])

-	 * c1 holds the carry bits

-	 */

-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));

-	if (c1)

-		{

-		p= &(r[n+n2]);

-		lo= *p;

-		ln=(lo+c1)&BN_MASK2;

-		*p=ln;

-		/* The overflow will stop before we over write

-		 * words we should not overwrite */

-		if (ln < (BN_ULONG)c1)

-			{

-			do	{

-				p++;

-				lo= *p;

-				ln=(lo+1)&BN_MASK2;

-				*p=ln;

-				} while (ln == 0);

-			}

-		}

-	}

-/* n+tn is the word length

- * t needs to be n*4 is size, as does r */

-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,

-	     int tna, int tnb, BN_ULONG *t)

-	{

-	int i,j,n2=n*2;

-	int c1,c2,neg,zero;

-	BN_ULONG ln,lo,*p;

-# ifdef BN_COUNT

-	fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",

-		tna, n, tnb, n);

-# endif

-	if (n < 8)

-		{

-		bn_mul_normal(r,a,n+tna,b,n+tnb);

-		return;

-		}

-	/* r=(a[0]-a[1])*(b[1]-b[0]) */

-	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);

-	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);

-	zero=neg=0;

-	switch (c1*3+c2)

-		{

-	case -4:

-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */

-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */

-		break;

-	case -3:

-		zero=1;

-		/* break; */

-	case -2:

-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */

-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */

-		neg=1;

-		break;

-	case -1:

-	case 0:

-	case 1:

-		zero=1;

-		/* break; */

-	case 2:

-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */

-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */

-		neg=1;

-		break;

-	case 3:

-		zero=1;

-		/* break; */

-	case 4:

-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);

-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);

-		break;

-		}

-		/* The zero case isn't yet implemented here. The speedup

-		   would probably be negligible. */

-# if 0

-	if (n == 4)

-		{

-		bn_mul_comba4(&(t[n2]),t,&(t[n]));

-		bn_mul_comba4(r,a,b);

-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);

-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));

-		}

-	else

-# endif

-	if (n == 8)

-		{

-		bn_mul_comba8(&(t[n2]),t,&(t[n]));

-		bn_mul_comba8(r,a,b);

-		bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);

-		memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));

-		}

-	else

-		{

-		p= &(t[n2*2]);

-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);

-		bn_mul_recursive(r,a,b,n,0,0,p);

-		i=n/2;

-		/* If there is only a bottom half to the number,

-		 * just do it */

-		if (tna > tnb)

-			j = tna - i;

-		else

-			j = tnb - i;

-		if (j == 0)

-			{

-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),

-				i,tna-i,tnb-i,p);

-			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));

-			}

-		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */

-				{

-				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),

-					i,tna-i,tnb-i,p);

-				memset(&(r[n2+tna+tnb]),0,

-					sizeof(BN_ULONG)*(n2-tna-tnb));

-				}

-		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */

-			{

-			memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);

-			if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL

-				&& tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)

-				{

-				bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);

-				}

-			else

-				{

-				for (;;)

-					{

-					i/=2;

-					if (i <= tna && tna == tnb)

-						{

-						bn_mul_recursive(&(r[n2]),

-							&(a[n]),&(b[n]),

-							i,tna-i,tnb-i,p);

-						break;

-						}

-					else if (i < tna || i < tnb)

-						{

-						bn_mul_part_recursive(&(r[n2]),

-							&(a[n]),&(b[n]),

-							i,tna-i,tnb-i,p);

-						break;

-						}

-					}

-				}

-			}

-		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign

-	 * r[10] holds (a[0]*b[0])

-	 * r[32] holds (b[1]*b[1])

-	 */

-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));

-	if (neg) /* if t[32] is negative */

-		{

-		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));

-		}

-	else

-		{

-		/* Might have a carry */

-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));

-		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])

-	 * r[10] holds (a[0]*b[0])

-	 * r[32] holds (b[1]*b[1])

-	 * c1 holds the carry bits

-	 */

-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));

-	if (c1)

-		{

-		p= &(r[n+n2]);

-		lo= *p;

-		ln=(lo+c1)&BN_MASK2;

-		*p=ln;

-		/* The overflow will stop before we over write

-		 * words we should not overwrite */

-		if (ln < (BN_ULONG)c1)

-			{

-			do	{

-				p++;

-				lo= *p;

-				ln=(lo+1)&BN_MASK2;

-				*p=ln;

-				} while (ln == 0);

-			}

-		}

-	}

-/* a and b must be the same size, which is n2.

- * r needs to be n2 words and t needs to be n2*2

- */

-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,

-	     BN_ULONG *t)

-	{

-	int n=n2/2;

-# ifdef BN_COUNT

-	fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);

-# endif

-	bn_mul_recursive(r,a,b,n,0,0,&(t[0]));

-	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)

-		{

-		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));

-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);

-		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));

-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);

-		}

-	else

-		{

-		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);

-		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);

-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);

-		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);

-		}

-	}

-/* a and b must be the same size, which is n2.

- * r needs to be n2 words and t needs to be n2*2

- * l is the low words of the output.

- * t needs to be n2*3

- */

-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,

-	     BN_ULONG *t)

-	{

-	int i,n;

-	int c1,c2;

-	int neg,oneg,zero;

-	BN_ULONG ll,lc,*lp,*mp;

-# ifdef BN_COUNT

-	fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);

-# endif

-	n=n2/2;

-	/* Calculate (al-ah)*(bh-bl) */

-	neg=zero=0;

-	c1=bn_cmp_words(&(a[0]),&(a[n]),n);

-	c2=bn_cmp_words(&(b[n]),&(b[0]),n);

-	switch (c1*3+c2)

-		{

-	case -4:

-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);

-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);

-		break;

-	case -3:

-		zero=1;

-		break;

-	case -2:

-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);

-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);

-		neg=1;

-		break;

-	case -1:

-	case 0:

-	case 1:

-		zero=1;

-		break;

-	case 2:

-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);

-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);

-		neg=1;

-		break;

-	case 3:

-		zero=1;

-		break;

-	case 4:

-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);

-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);

-		break;

-		}

-	oneg=neg;

-	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */

-	/* r[10] = (a[1]*b[1]) */

-# ifdef BN_MUL_COMBA

-	if (n == 8)

-		{

-		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));

-		bn_mul_comba8(r,&(a[n]),&(b[n]));

-		}

-	else

-# endif

-		{

-		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));

-		bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));

-		}

-	/* s0 == low(al*bl)

-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)

-	 * We know s0 and s1 so the only unknown is high(al*bl)

-	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))

-	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])

-	 */

-	if (l != NULL)

-		{

-		lp= &(t[n2+n]);

-		c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));

-		}

-	else

-		{

-		c1=0;

-		lp= &(r[0]);

-		}

-	if (neg)

-		neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));

-	else

-		{

-		bn_add_words(&(t[n2]),lp,&(t[0]),n);

-		neg=0;

-		}

-	if (l != NULL)

-		{

-		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);

-		}

-	else

-		{

-		lp= &(t[n2+n]);

-		mp= &(t[n2]);

-		for (i=0; i<n; i++)

-			lp[i]=((~mp[i])+1)&BN_MASK2;

-		}

-	/* s[0] = low(al*bl)

-	 * t[3] = high(al*bl)

-	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign

-	 * r[10] = (a[1]*b[1])

-	 */

-	/* R[10] = al*bl

-	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])

-	 * R[32] = ah*bh

-	 */

-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)

-	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)

-	 * R[3]=r[1]+(carry/borrow)

-	 */

-	if (l != NULL)

-		{

-		lp= &(t[n2]);

-		c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));

-		}

-	else

-		{

-		lp= &(t[n2+n]);

-		c1=0;

-		}

-	c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));

-	if (oneg)

-		c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));

-	else

-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));

-	c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));

-	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));

-	if (oneg)

-		c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));

-	else

-		c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));

-	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */

-		{

-		i=0;

-		if (c1 > 0)

-			{

-			lc=c1;

-			do	{

-				ll=(r[i]+lc)&BN_MASK2;

-				r[i++]=ll;

-				lc=(lc > ll);

-				} while (lc);

-			}

-		else

-			{

-			lc= -c1;

-			do	{

-				ll=r[i];

-				r[i++]=(ll-lc)&BN_MASK2;

-				lc=(lc > ll);

-				} while (lc);

-			}

-		}

-	if (c2 != 0) /* Add starting at r[1] */

-		{

-		i=n;

-		if (c2 > 0)

-			{

-			lc=c2;

-			do	{

-				ll=(r[i]+lc)&BN_MASK2;

-				r[i++]=ll;

-				lc=(lc > ll);

-				} while (lc);

-			}

-		else

-			{

-			lc= -c2;

-			do	{

-				ll=r[i];

-				r[i++]=(ll-lc)&BN_MASK2;

-				lc=(lc > ll);

-				} while (lc);

-			}

-		}

-	}

-#endif /* BN_RECURSION */

-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	int ret=0;

-	int top,al,bl;

-	BIGNUM *rr;

-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)

-	int i;

-#endif

-#ifdef BN_RECURSION

-	BIGNUM *t=NULL;

-	int j=0,k;

-#endif

-#ifdef BN_COUNT

-	fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);

-#endif

-	bn_check_top(a);

-	bn_check_top(b);

-	bn_check_top(r);

-	al=a->top;

-	bl=b->top;

-	if ((al == 0) || (bl == 0))

-		{

-		BN_zero(r);

-		return(1);

-		}

-	top=al+bl;

-	BN_CTX_start(ctx);

-	if ((r == a) || (r == b))

-		{

-		if ((rr = BN_CTX_get(ctx)) == NULL) goto err;

-		}

-	else

-		rr = r;

-	rr->neg=a->neg^b->neg;

-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)

-	i = al-bl;

-#endif

-#ifdef BN_MUL_COMBA

-	if (i == 0)

-		{

-# if 0

-		if (al == 4)

-			{

-			if (bn_wexpand(rr,8) == NULL) goto err;

-			rr->top=8;

-			bn_mul_comba4(rr->d,a->d,b->d);

-			goto end;

-			}

-# endif

-		if (al == 8)

-			{

-			if (bn_wexpand(rr,16) == NULL) goto err;

-			rr->top=16;

-			bn_mul_comba8(rr->d,a->d,b->d);

-			goto end;

-			}

-		}

-#endif /* BN_MUL_COMBA */

-#ifdef BN_RECURSION

-	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))

-		{

-		if (i >= -1 && i <= 1)

-			{

-			int sav_j =0;

-			/* Find out the power of two lower or equal

-			   to the longest of the two numbers */

-			if (i >= 0)

-				{

-				j = BN_num_bits_word((BN_ULONG)al);

-				}

-			if (i == -1)

-				{

-				j = BN_num_bits_word((BN_ULONG)bl);

-				}

-			sav_j = j;

-			j = 1<<(j-1);

-			assert(j <= al || j <= bl);

-			k = j+j;

-			t = BN_CTX_get(ctx);

-			if (al > j || bl > j)

-				{

-				bn_wexpand(t,k*4);

-				bn_wexpand(rr,k*4);

-				bn_mul_part_recursive(rr->d,a->d,b->d,

-					j,al-j,bl-j,t->d);

-				}

-			else	/* al <= j || bl <= j */

-				{

-				bn_wexpand(t,k*2);

-				bn_wexpand(rr,k*2);

-				bn_mul_recursive(rr->d,a->d,b->d,

-					j,al-j,bl-j,t->d);

-				}

-			rr->top=top;

-			goto end;

-			}

-#if 0

-		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))

-			{

-			BIGNUM *tmp_bn = (BIGNUM *)b;

-			if (bn_wexpand(tmp_bn,al) == NULL) goto err;

-			tmp_bn->d[bl]=0;

-			bl++;

-			i--;

-			}

-		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))

-			{

-			BIGNUM *tmp_bn = (BIGNUM *)a;

-			if (bn_wexpand(tmp_bn,bl) == NULL) goto err;

-			tmp_bn->d[al]=0;

-			al++;

-			i++;

-			}

-		if (i == 0)

-			{

-			/* symmetric and > 4 */

-			/* 16 or larger */

-			j=BN_num_bits_word((BN_ULONG)al);

-			j=1<<(j-1);

-			k=j+j;

-			t = BN_CTX_get(ctx);

-			if (al == j) /* exact multiple */

-				{

-				if (bn_wexpand(t,k*2) == NULL) goto err;

-				if (bn_wexpand(rr,k*2) == NULL) goto err;

-				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);

-				}

-			else

-				{

-				if (bn_wexpand(t,k*4) == NULL) goto err;

-				if (bn_wexpand(rr,k*4) == NULL) goto err;

-				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);

-				}

-			rr->top=top;

-			goto end;

-			}

-#endif

-		}

-#endif /* BN_RECURSION */

-	if (bn_wexpand(rr,top) == NULL) goto err;

-	rr->top=top;

-	bn_mul_normal(rr->d,a->d,al,b->d,bl);

-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)

-end:

-#endif

-	bn_correct_top(rr);

-	if (r != rr) BN_copy(r,rr);

-	ret=1;

-err:

-	bn_check_top(r);

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)

-	{

-	BN_ULONG *rr;

-#ifdef BN_COUNT

-	fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);

-#endif

-	if (na < nb)

-		{

-		int itmp;

-		BN_ULONG *ltmp;

-		itmp=na; na=nb; nb=itmp;

-		ltmp=a;   a=b;   b=ltmp;

-		}

-	rr= &(r[na]);

-	if (nb <= 0)

-		{

-		(void)bn_mul_words(r,a,na,0);

-		return;

-		}

-	else

-		rr[0]=bn_mul_words(r,a,na,b[0]);

-	for (;;)

-		{

-		if (--nb <= 0) return;

-		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);

-		if (--nb <= 0) return;

-		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);

-		if (--nb <= 0) return;

-		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);

-		if (--nb <= 0) return;

-		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);

-		rr+=4;

-		r+=4;

-		b+=4;

-		}

-	}

-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)

-	{

-#ifdef BN_COUNT

-	fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);

-#endif

-	bn_mul_words(r,a,n,b[0]);

-	for (;;)

-		{

-		if (--n <= 0) return;

-		bn_mul_add_words(&(r[1]),a,n,b[1]);

-		if (--n <= 0) return;

-		bn_mul_add_words(&(r[2]),a,n,b[2]);

-		if (--n <= 0) return;

-		bn_mul_add_words(&(r[3]),a,n,b[3]);

-		if (--n <= 0) return;

-		bn_mul_add_words(&(r[4]),a,n,b[4]);

-		r+=4;

-		b+=4;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_nist.c

+++ /dev/null

@@ -1,775 +1,0 @@

-/* crypto/bn/bn_nist.c */

-/*

- * Written by Nils Larsch for the OpenSSL project

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "bn_lcl.h"

-#include "cryptlib.h"

-#define BN_NIST_192_TOP	(192+BN_BITS2-1)/BN_BITS2

-#define BN_NIST_224_TOP	(224+BN_BITS2-1)/BN_BITS2

-#define BN_NIST_256_TOP	(256+BN_BITS2-1)/BN_BITS2

-#define BN_NIST_384_TOP	(384+BN_BITS2-1)/BN_BITS2

-#define BN_NIST_521_TOP	(521+BN_BITS2-1)/BN_BITS2

-#if BN_BITS2 == 64

-static const BN_ULONG _nist_p_192[] =

-	{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,

-	0xFFFFFFFFFFFFFFFFULL};

-static const BN_ULONG _nist_p_224[] =

-	{0x0000000000000001ULL,0xFFFFFFFF00000000ULL,

-	0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL};

-static const BN_ULONG _nist_p_256[] =

-	{0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,

-	0x0000000000000000ULL,0xFFFFFFFF00000001ULL};

-static const BN_ULONG _nist_p_384[] =

-	{0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,

-	0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL,

-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL};

-static const BN_ULONG _nist_p_521[] =

-	{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,

-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,

-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,

-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,

-	0x00000000000001FFULL};

-#elif BN_BITS2 == 32

-static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,

-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};

-static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000,

-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};

-static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,

-	0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF};

-static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000,

-	0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,

-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};

-static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,

-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,

-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,

-	0xFFFFFFFF,0x000001FF};

-#elif BN_BITS2 == 16

-static const BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE,

-	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};

-static const BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000,

-	0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};

-static const BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,

-	0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF,

-	0xFFFF};

-static const BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000,

-	0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,

-	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};

-static const BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,

-	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,

-	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,

-	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF};

-#elif BN_BITS2 == 8

-static const BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF};

-static const BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};

-static const BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF};

-static const BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,

-	0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};

-static const BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0x01};

-#endif

-const BIGNUM *BN_get0_nist_prime_192(void)

-	{

-	static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192,

-		BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA };

-	return &const_nist_192;

-	}

-const BIGNUM *BN_get0_nist_prime_224(void)

-	{

-	static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224,

-		BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA };

-	return &const_nist_224;

-	}

-const BIGNUM *BN_get0_nist_prime_256(void)

-	{

-	static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256,

-		BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA };

-	return &const_nist_256;

-	}

-const BIGNUM *BN_get0_nist_prime_384(void)

-	{

-	static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384,

-		BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA };

-	return &const_nist_384;

-	}

-const BIGNUM *BN_get0_nist_prime_521(void)

-	{

-	static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521,

-		BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA };

-	return &const_nist_521;

-	}

-/* some misc internal functions */

-#if BN_BITS2 != 64

-static BN_ULONG _256_data[BN_NIST_256_TOP*6];

-static int _is_set_256_data = 0;

-static void _init_256_data(void);

-static BN_ULONG _384_data[BN_NIST_384_TOP*8];

-static int _is_set_384_data = 0;

-static void _init_384_data(void);

-#endif

-#define BN_NIST_ADD_ONE(a)	while (!(++(*(a)))) ++(a);

-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)

-        {

-	int i;

-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);

-        for (i = (top); i != 0; i--)

-                *_tmp1++ = *_tmp2++;

-        for (i = (max) - (top); i != 0; i--)

-                *_tmp1++ = (BN_ULONG) 0;

-        }

-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)

-        {

-	int i;

-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);

-        for (i = (top); i != 0; i--)

-                *_tmp1++ = *_tmp2++;

-        }

-#if BN_BITS2 == 64

-#define bn_cp_64(to, n, from, m)	(to)[n] = (from)[m];

-#define bn_64_set_0(to, n)		(to)[n] = (BN_ULONG)0;

-/* TBD */

-#define bn_cp_32(to, n, from, m)	(to)[n] = (from)[m];

-#define bn_32_set_0(to, n)		(to)[n] = (BN_ULONG)0;

-#else

-#define bn_cp_64(to, n, from, m) \

-	{ \

-	bn_cp_32(to, (n)*2, from, (m)*2); \

-	bn_cp_32(to, (n)*2+1, from, (m)*2+1); \

-	}

-#define bn_64_set_0(to, n) \

-	{ \

-	bn_32_set_0(to, (n)*2); \

-	bn_32_set_0(to, (n)*2+1); \

-	}

-#if BN_BITS2 == 32

-#define bn_cp_32(to, n, from, m)	(to)[n] = (from)[m];

-#define bn_32_set_0(to, n)		(to)[n] = (BN_ULONG)0;

-#elif BN_BITS2 == 16

-#define bn_cp_32(to, n, from, m) \

-	{ \

-	(to)[(n)*2]   = (from)[(m)*2];  \

-	(to)[(n)*2+1] = (from)[(m)*2+1];\

-	}

-#define bn_32_set_0(to, n) { (to)[(n)*2] = 0; (to)[(n)*2+1] = 0; }

-#elif BN_BITS2 == 8

-#define bn_cp_32(to, n, from, m) \

-	{ \

-	(to)[(n)*4]   = (from)[(m)*4];  \

-	(to)[(n)*4+1] = (from)[(m)*4+1];\

-	(to)[(n)*4+2] = (from)[(m)*4+2];\

-	(to)[(n)*4+3] = (from)[(m)*4+3];\

-	}

-#define bn_32_set_0(to, n) \

-	{ (to)[(n)*4]   = (BN_ULONG)0; (to)[(n)*4+1] = (BN_ULONG)0; \

-	  (to)[(n)*4+2] = (BN_ULONG)0; (to)[(n)*4+3] = (BN_ULONG)0; }

-#endif

-#endif /* BN_BITS2 != 64 */

-#define nist_set_192(to, from, a1, a2, a3) \

-	{ \

-	if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\

-	bn_cp_64(to, 1, from, (a2) - 3) \

-	if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\

-	}

-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,

-	BN_CTX *ctx)

-	{

-	int      top = a->top, i;

-	BN_ULONG carry = 0;

-	register BN_ULONG *r_d, *a_d = a->d;

-	BN_ULONG t_d[BN_NIST_192_TOP],

-	         buf[BN_NIST_192_TOP];

-	i = BN_ucmp(field, a);

-	if (i == 0)

-		{

-		BN_zero(r);

-		return 1;

-		}

-	else if (i > 0)

-		return (r == a) ? 1 : (BN_copy(r ,a) != NULL);

-	if (top == BN_NIST_192_TOP)

-		return BN_usub(r, a, field);

-	if (r != a)

-		{

-		if (!bn_wexpand(r, BN_NIST_192_TOP))

-			return 0;

-		r_d = r->d;

-		nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);

-		}

-	else

-		r_d = a_d;

-	nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);

-#if defined(OPENSSL_SYS_VMS) && defined(__DECC)

-# pragma message save

-# pragma message disable BADSUBSCRIPT

-#endif

-	nist_set_192(t_d, buf, 0, 3, 3);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))

-		++carry;

-	nist_set_192(t_d, buf, 4, 4, 0);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))

-		++carry;

-#if defined(OPENSSL_SYS_VMS) && defined(__DECC)

-# pragma message restore

-#endif

-	nist_set_192(t_d, buf, 5, 5, 5)

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))

-		++carry;

-	while (carry)

-		{

-		if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP))

-			--carry;

-		}

-	r->top = BN_NIST_192_TOP;

-	bn_correct_top(r);

-	if (BN_ucmp(r, field) >= 0)

-		{

-		bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP);

-		bn_correct_top(r);

-		}

-	bn_check_top(r);

-	return 1;

-	}

-#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \

-	{ \

-	if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\

-	if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\

-	if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\

-	if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\

-	if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\

-	if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\

-	if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\

-	}

-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,

-	BN_CTX *ctx)

-	{

-#if BN_BITS2 != 64

-	int	top = a->top, i;

-	int	carry = 0;

-	BN_ULONG *r_d, *a_d = a->d;

-	BN_ULONG t_d[BN_NIST_224_TOP],

-	         buf[BN_NIST_224_TOP];

-	i = BN_ucmp(field, a);

-	if (i == 0)

-		{

-		BN_zero(r);

-		return 1;

-		}

-	else if (i > 0)

-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);

-	if (top == BN_NIST_224_TOP)

-		return BN_usub(r, a, field);

-	if (r != a)

-		{

-		if (!bn_wexpand(r, BN_NIST_224_TOP))

-			return 0;

-		r_d = r->d;

-		nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);

-		}

-	else

-		r_d = a_d;

-	nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);

-	nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))

-		++carry;

-	nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))

-		++carry;

-	nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))

-		--carry;

-	nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))

-		--carry;

-	if (carry > 0)

-		while (carry)

-			{

-			if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))

-				--carry;

-			}

-	else if (carry < 0)

-		while (carry)

-			{

-			if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))

-				++carry;

-			}

-	r->top = BN_NIST_224_TOP;

-	bn_correct_top(r);

-	if (BN_ucmp(r, field) >= 0)

-		{

-		bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP);

-		bn_correct_top(r);

-		}

-	bn_check_top(r);

-	return 1;

-#else

-	return 0;

-#endif

-	}

-#if BN_BITS2 != 64

-static void _init_256_data(void)

-	{

-	int	i;

-	BN_ULONG *tmp1 = _256_data;

-	const BN_ULONG *tmp2 = tmp1;

-	memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG));

-	tmp1 += BN_NIST_256_TOP;

-	for (i=0; i<5; i++)

-		{

-		bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP);

-		tmp2  = tmp1;

-		tmp1 += BN_NIST_256_TOP;

-		}

-	_is_set_256_data = 1;

-	}

-#endif

-#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \

-	{ \

-	if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\

-	if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\

-	if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\

-	if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\

-	if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\

-	if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\

-	if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\

-	if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\

-	}

-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,

-	BN_CTX *ctx)

-	{

-#if BN_BITS2 != 64

-	int	i, top = a->top;

-	int	carry = 0;

-	register BN_ULONG *a_d = a->d, *r_d;

-	BN_ULONG t_d[BN_NIST_256_TOP],

-	         t_d2[BN_NIST_256_TOP],

-	         buf[BN_NIST_256_TOP];

-	if (!_is_set_256_data)

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_BN);

-		if (!_is_set_256_data)

-			_init_256_data();

-		CRYPTO_w_unlock(CRYPTO_LOCK_BN);

-		}

-	i = BN_ucmp(field, a);

-	if (i == 0)

-		{

-		BN_zero(r);

-		return 1;

-		}

-	else if (i > 0)

-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);

-	if (top == BN_NIST_256_TOP)

-		return BN_usub(r, a, field);

-	if (r != a)

-		{

-		if (!bn_wexpand(r, BN_NIST_256_TOP))

-			return 0;

-		r_d = r->d;

-		nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);

-		}

-	else

-		r_d = a_d;

-	nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);

-	/*S1*/

-	nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);

-	/*S2*/

-	nist_set_256(t_d2,buf, 0, 15, 14, 13, 12, 0, 0, 0);

-	if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP))

-		carry = 2;

-	/* left shift */

-		{

-		register BN_ULONG *ap,t,c;

-		ap = t_d;

-		c=0;

-		for (i = BN_NIST_256_TOP; i != 0; --i)

-			{

-			t= *ap;

-			*(ap++)=((t<<1)|c)&BN_MASK2;

-			c=(t & BN_TBIT)?1:0;

-			}

-		if (c)

-			++carry;

-		}

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		++carry;

-	/*S3*/

-	nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		++carry;

-	/*S4*/

-	nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		++carry;

-	/*D1*/

-	nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		--carry;

-	/*D2*/

-	nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		--carry;

-	/*D3*/

-	nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		--carry;

-	/*D4*/

-	nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))

-		--carry;

-	if (carry)

-		{

-		if (carry > 0)

-			bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP *

-				--carry, BN_NIST_256_TOP);

-		else

-			{

-			carry = -carry;

-			bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP *

-				--carry, BN_NIST_256_TOP);

-			}

-		}

-	r->top = BN_NIST_256_TOP;

-	bn_correct_top(r);

-	if (BN_ucmp(r, field) >= 0)

-		{

-		bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP);

-		bn_correct_top(r);

-		}

-	bn_check_top(r);

-	return 1;

-#else

-	return 0;

-#endif

-	}

-#if BN_BITS2 != 64

-static void _init_384_data(void)

-	{

-	int	i;

-	BN_ULONG *tmp1 = _384_data;

-	const BN_ULONG *tmp2 = tmp1;

-	memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG));

-	tmp1 += BN_NIST_384_TOP;

-	for (i=0; i<7; i++)

-		{

-		bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP);

-		tmp2  = tmp1;

-		tmp1 += BN_NIST_384_TOP;

-		}

-	_is_set_384_data = 1;

-	}

-#endif

-#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \

-	{ \

-	if (a12 != 0) bn_cp_32(to, 0, from,  (a12) - 12) else bn_32_set_0(to, 0)\

-	if (a11 != 0) bn_cp_32(to, 1, from,  (a11) - 12) else bn_32_set_0(to, 1)\

-	if (a10 != 0) bn_cp_32(to, 2, from,  (a10) - 12) else bn_32_set_0(to, 2)\

-	if (a9 != 0)  bn_cp_32(to, 3, from,  (a9) - 12)  else bn_32_set_0(to, 3)\

-	if (a8 != 0)  bn_cp_32(to, 4, from,  (a8) - 12)  else bn_32_set_0(to, 4)\

-	if (a7 != 0)  bn_cp_32(to, 5, from,  (a7) - 12)  else bn_32_set_0(to, 5)\

-	if (a6 != 0)  bn_cp_32(to, 6, from,  (a6) - 12)  else bn_32_set_0(to, 6)\

-	if (a5 != 0)  bn_cp_32(to, 7, from,  (a5) - 12)  else bn_32_set_0(to, 7)\

-	if (a4 != 0)  bn_cp_32(to, 8, from,  (a4) - 12)  else bn_32_set_0(to, 8)\

-	if (a3 != 0)  bn_cp_32(to, 9, from,  (a3) - 12)  else bn_32_set_0(to, 9)\

-	if (a2 != 0)  bn_cp_32(to, 10, from, (a2) - 12)  else bn_32_set_0(to, 10)\

-	if (a1 != 0)  bn_cp_32(to, 11, from, (a1) - 12)  else bn_32_set_0(to, 11)\

-	}

-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,

-	BN_CTX *ctx)

-	{

-#if BN_BITS2 != 64

-	int	i, top = a->top;

-	int	carry = 0;

-	register BN_ULONG *r_d, *a_d = a->d;

-	BN_ULONG t_d[BN_NIST_384_TOP],

-	         buf[BN_NIST_384_TOP];

-	if (!_is_set_384_data)

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_BN);

-		if (!_is_set_384_data)

-			_init_384_data();

-		CRYPTO_w_unlock(CRYPTO_LOCK_BN);

-		}

-	i = BN_ucmp(field, a);

-	if (i == 0)

-		{

-		BN_zero(r);

-		return 1;

-		}

-	else if (i > 0)

-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);

-	if (top == BN_NIST_384_TOP)

-		return BN_usub(r, a, field);

-	if (r != a)

-		{

-		if (!bn_wexpand(r, BN_NIST_384_TOP))

-			return 0;

-		r_d = r->d;

-		nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);

-		}

-	else

-		r_d = a_d;

-	nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);

-	/*S1*/

-	nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);

-		/* left shift */

-		{

-		register BN_ULONG *ap,t,c;

-		ap = t_d;

-		c=0;

-		for (i = BN_NIST_256_TOP; i != 0; --i)

-			{

-			t= *ap;

-			*(ap++)=((t<<1)|c)&BN_MASK2;

-			c=(t & BN_TBIT)?1:0;

-			}

-		}

-	if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),

-		t_d, BN_NIST_256_TOP))

-		++carry;

-	/*S2 */

-	if (bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP))

-		++carry;

-	/*S3*/

-	nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))

-		++carry;

-	/*S4*/

-	nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))

-		++carry;

-	/*S5*/

-	nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4);

-	if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),

-		t_d, BN_NIST_256_TOP))

-		++carry;

-	/*S6*/

-	nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);

-	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))

-		++carry;

-	/*D1*/

-	nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))

-		--carry;

-	/*D2*/

-	nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))

-		--carry;

-	/*D3*/

-	nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);

-	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))

-		--carry;

-	if (carry)

-		{

-		if (carry > 0)

-			bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP *

-				--carry, BN_NIST_384_TOP);

-		else

-			{

-			carry = -carry;

-			bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP *

-				--carry, BN_NIST_384_TOP);

-			}

-		}

-	r->top = BN_NIST_384_TOP;

-	bn_correct_top(r);

-	if (BN_ucmp(r, field) >= 0)

-		{

-		bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);

-		bn_correct_top(r);

-		}

-	bn_check_top(r);

-	return 1;

-#else

-	return 0;

-#endif

-	}

-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,

-	BN_CTX *ctx)

-	{

-#if BN_BITS2 == 64

-#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF

-#elif BN_BITS2 == 32

-#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF

-#elif BN_BITS2 == 16

-#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF

-#elif BN_BITS2 == 8

-#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1

-#endif

-	int	top, ret = 0;

-	BN_ULONG *r_d;

-	BIGNUM	*tmp;

-	/* check whether a reduction is necessary */

-	top = a->top;

-	if (top < BN_NIST_521_TOP  || ( top == BN_NIST_521_TOP &&

-           (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))

-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);

-	BN_CTX_start(ctx);

-	tmp = BN_CTX_get(ctx);

-	if (!tmp)

-		goto err;

-	if (!bn_wexpand(tmp, BN_NIST_521_TOP))

-		goto err;

-	nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP);

-	tmp->top = BN_NIST_521_TOP;

-        tmp->d[BN_NIST_521_TOP-1]  &= BN_NIST_521_TOP_MASK;

-	bn_correct_top(tmp);

-	if (!BN_rshift(r, a, 521))

-		goto err;

-	if (!BN_uadd(r, tmp, r))

-		goto err;

-	top = r->top;

-	r_d = r->d;

-	if (top == BN_NIST_521_TOP  &&

-           (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))

-		{

-		BN_NIST_ADD_ONE(r_d)

-		r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK;

-		}

-	bn_correct_top(r);

-	ret = 1;

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(r);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_prime.c

+++ /dev/null

@@ -1,494 +1,0 @@

-/* crypto/bn/bn_prime.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#include <openssl/rand.h>

-/* NB: these functions have been "upgraded", the deprecated versions (which are

- * compatibility wrappers using these functions) are in bn_depr.c.

- * - Geoff

- */

-/* The quick sieve algorithm approach to weeding out primes is

- * Philip Zimmermann's, as implemented in PGP.  I have had a read of

- * his comments and implemented my own version.

- */

-#include "bn_prime.h"

-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,

-	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);

-static int probable_prime(BIGNUM *rnd, int bits);

-static int probable_prime_dh(BIGNUM *rnd, int bits,

-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);

-static int probable_prime_dh_safe(BIGNUM *rnd, int bits,

-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);

-int BN_GENCB_call(BN_GENCB *cb, int a, int b)

-	{

-	/* No callback means continue */

-	if(!cb) return 1;

-	switch(cb->ver)

-		{

-	case 1:

-		/* Deprecated-style callbacks */

-		if(!cb->cb.cb_1)

-			return 1;

-		cb->cb.cb_1(a, b, cb->arg);

-		return 1;

-	case 2:

-		/* New-style callbacks */

-		return cb->cb.cb_2(a, b, cb);

-	default:

-		break;

-		}

-	/* Unrecognised callback type */

-	return 0;

-	}

-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,

-	const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)

-	{

-	BIGNUM *t;

-	int found=0;

-	int i,j,c1=0;

-	BN_CTX *ctx;

-	int checks = BN_prime_checks_for_size(bits);

-	ctx=BN_CTX_new();

-	if (ctx == NULL) goto err;

-	BN_CTX_start(ctx);

-	t = BN_CTX_get(ctx);

-	if(!t) goto err;

-loop:

-	/* make a random number and set the top and bottom bits */

-	if (add == NULL)

-		{

-		if (!probable_prime(ret,bits)) goto err;

-		}

-	else

-		{

-		if (safe)

-			{

-			if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))

-				 goto err;

-			}

-		else

-			{

-			if (!probable_prime_dh(ret,bits,add,rem,ctx))

-				goto err;

-			}

-		}

-	/* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */

-	if(!BN_GENCB_call(cb, 0, c1++))

-		/* aborted */

-		goto err;

-	if (!safe)

-		{

-		i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);

-		if (i == -1) goto err;

-		if (i == 0) goto loop;

-		}

-	else

-		{

-		/* for "safe prime" generation,

-		 * check that (p-1)/2 is prime.

-		 * Since a prime is odd, We just

-		 * need to divide by 2 */

-		if (!BN_rshift1(t,ret)) goto err;

-		for (i=0; i<checks; i++)

-			{

-			j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);

-			if (j == -1) goto err;

-			if (j == 0) goto loop;

-			j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);

-			if (j == -1) goto err;

-			if (j == 0) goto loop;

-			if(!BN_GENCB_call(cb, 2, c1-1))

-				goto err;

-			/* We have a safe prime test pass */

-			}

-		}

-	/* we have a prime :-) */

-	found = 1;

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	bn_check_top(ret);

-	return found;

-	}

-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)

-	{

-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);

-	}

-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,

-		int do_trial_division, BN_GENCB *cb)

-	{

-	int i, j, ret = -1;

-	int k;

-	BN_CTX *ctx = NULL;

-	BIGNUM *A1, *A1_odd, *check; /* taken from ctx */

-	BN_MONT_CTX *mont = NULL;

-	const BIGNUM *A = NULL;

-	if (BN_cmp(a, BN_value_one()) <= 0)

-		return 0;

-	if (checks == BN_prime_checks)

-		checks = BN_prime_checks_for_size(BN_num_bits(a));

-	/* first look for small factors */

-	if (!BN_is_odd(a))

-		/* a is even => a is prime if and only if a == 2 */

-		return BN_is_word(a, 2);

-	if (do_trial_division)

-		{

-		for (i = 1; i < NUMPRIMES; i++)

-			if (BN_mod_word(a, primes[i]) == 0)

-				return 0;

-		if(!BN_GENCB_call(cb, 1, -1))

-			goto err;

-		}

-	if (ctx_passed != NULL)

-		ctx = ctx_passed;

-	else

-		if ((ctx=BN_CTX_new()) == NULL)

-			goto err;

-	BN_CTX_start(ctx);

-	/* A := abs(a) */

-	if (a->neg)

-		{

-		BIGNUM *t;

-		if ((t = BN_CTX_get(ctx)) == NULL) goto err;

-		BN_copy(t, a);

-		t->neg = 0;

-		A = t;

-		}

-	else

-		A = a;

-	A1 = BN_CTX_get(ctx);

-	A1_odd = BN_CTX_get(ctx);

-	check = BN_CTX_get(ctx);

-	if (check == NULL) goto err;

-	/* compute A1 := A - 1 */

-	if (!BN_copy(A1, A))

-		goto err;

-	if (!BN_sub_word(A1, 1))

-		goto err;

-	if (BN_is_zero(A1))

-		{

-		ret = 0;

-		goto err;

-		}

-	/* write  A1  as  A1_odd * 2^k */

-	k = 1;

-	while (!BN_is_bit_set(A1, k))

-		k++;

-	if (!BN_rshift(A1_odd, A1, k))

-		goto err;

-	/* Montgomery setup for computations mod A */

-	mont = BN_MONT_CTX_new();

-	if (mont == NULL)

-		goto err;

-	if (!BN_MONT_CTX_set(mont, A, ctx))

-		goto err;

-	for (i = 0; i < checks; i++)

-		{

-		if (!BN_pseudo_rand_range(check, A1))

-			goto err;

-		if (!BN_add_word(check, 1))

-			goto err;

-		/* now 1 <= check < A */

-		j = witness(check, A, A1, A1_odd, k, ctx, mont);

-		if (j == -1) goto err;

-		if (j)

-			{

-			ret=0;

-			goto err;

-			}

-		if(!BN_GENCB_call(cb, 1, i))

-			goto err;

-		}

-	ret=1;

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		if (ctx_passed == NULL)

-			BN_CTX_free(ctx);

-		}

-	if (mont != NULL)

-		BN_MONT_CTX_free(mont);

-	return(ret);

-	}

-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,

-	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)

-	{

-	if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */

-		return -1;

-	if (BN_is_one(w))

-		return 0; /* probably prime */

-	if (BN_cmp(w, a1) == 0)

-		return 0; /* w == -1 (mod a),  'a' is probably prime */

-	while (--k)

-		{

-		if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */

-			return -1;

-		if (BN_is_one(w))

-			return 1; /* 'a' is composite, otherwise a previous 'w' would

-			           * have been == -1 (mod 'a') */

-		if (BN_cmp(w, a1) == 0)

-			return 0; /* w == -1 (mod a), 'a' is probably prime */

-		}

-	/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',

-	 * and it is neither -1 nor +1 -- so 'a' cannot be prime */

-	bn_check_top(w);

-	return 1;

-	}

-static int probable_prime(BIGNUM *rnd, int bits)

-	{

-	int i;

-	prime_t mods[NUMPRIMES];

-	BN_ULONG delta,maxdelta;

-again:

-	if (!BN_rand(rnd,bits,1,1)) return(0);

-	/* we now have a random number 'rand' to test. */

-	for (i=1; i<NUMPRIMES; i++)

-		mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);

-	maxdelta=BN_MASK2 - primes[NUMPRIMES-1];

-	delta=0;

-	loop: for (i=1; i<NUMPRIMES; i++)

-		{

-		/* check that rnd is not a prime and also

-		 * that gcd(rnd-1,primes) == 1 (except for 2) */

-		if (((mods[i]+delta)%primes[i]) <= 1)

-			{

-			delta+=2;

-			if (delta > maxdelta) goto again;

-			goto loop;

-			}

-		}

-	if (!BN_add_word(rnd,delta)) return(0);

-	bn_check_top(rnd);

-	return(1);

-	}

-static int probable_prime_dh(BIGNUM *rnd, int bits,

-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)

-	{

-	int i,ret=0;

-	BIGNUM *t1;

-	BN_CTX_start(ctx);

-	if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_rand(rnd,bits,0,1)) goto err;

-	/* we need ((rnd-rem) % add) == 0 */

-	if (!BN_mod(t1,rnd,add,ctx)) goto err;

-	if (!BN_sub(rnd,rnd,t1)) goto err;

-	if (rem == NULL)

-		{ if (!BN_add_word(rnd,1)) goto err; }

-	else

-		{ if (!BN_add(rnd,rnd,rem)) goto err; }

-	/* we now have a random number 'rand' to test. */

-	loop: for (i=1; i<NUMPRIMES; i++)

-		{

-		/* check that rnd is a prime */

-		if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)

-			{

-			if (!BN_add(rnd,rnd,add)) goto err;

-			goto loop;

-			}

-		}

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(rnd);

-	return(ret);

-	}

-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,

-	const BIGNUM *rem, BN_CTX *ctx)

-	{

-	int i,ret=0;

-	BIGNUM *t1,*qadd,*q;

-	bits--;

-	BN_CTX_start(ctx);

-	t1 = BN_CTX_get(ctx);

-	q = BN_CTX_get(ctx);

-	qadd = BN_CTX_get(ctx);

-	if (qadd == NULL) goto err;

-	if (!BN_rshift1(qadd,padd)) goto err;

-	if (!BN_rand(q,bits,0,1)) goto err;

-	/* we need ((rnd-rem) % add) == 0 */

-	if (!BN_mod(t1,q,qadd,ctx)) goto err;

-	if (!BN_sub(q,q,t1)) goto err;

-	if (rem == NULL)

-		{ if (!BN_add_word(q,1)) goto err; }

-	else

-		{

-		if (!BN_rshift1(t1,rem)) goto err;

-		if (!BN_add(q,q,t1)) goto err;

-		}

-	/* we now have a random number 'rand' to test. */

-	if (!BN_lshift1(p,q)) goto err;

-	if (!BN_add_word(p,1)) goto err;

-	loop: for (i=1; i<NUMPRIMES; i++)

-		{

-		/* check that p and q are prime */

-		/* check that for p and q

-		 * gcd(p-1,primes) == 1 (except for 2) */

-		if (	(BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||

-			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))

-			{

-			if (!BN_add(p,p,padd)) goto err;

-			if (!BN_add(q,q,qadd)) goto err;

-			goto loop;

-			}

-		}

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(p);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_prime.h

+++ /dev/null

@@ -1,327 +1,0 @@

-/* Auto generated by bn_prime.pl */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef EIGHT_BIT

-#define NUMPRIMES 2048

-typedef unsigned short prime_t;

-#else

-#define NUMPRIMES 54

-typedef unsigned char prime_t;

-#endif

-static const prime_t primes[NUMPRIMES]=

-	{

-	   2,   3,   5,   7,  11,  13,  17,  19,

-	  23,  29,  31,  37,  41,  43,  47,  53,

-	  59,  61,  67,  71,  73,  79,  83,  89,

-	  97, 101, 103, 107, 109, 113, 127, 131,

-	 137, 139, 149, 151, 157, 163, 167, 173,

-	 179, 181, 191, 193, 197, 199, 211, 223,

-	 227, 229, 233, 239, 241, 251,

-#ifndef EIGHT_BIT

-	 257, 263,

-	 269, 271, 277, 281, 283, 293, 307, 311,

-	 313, 317, 331, 337, 347, 349, 353, 359,

-	 367, 373, 379, 383, 389, 397, 401, 409,

-	 419, 421, 431, 433, 439, 443, 449, 457,

-	 461, 463, 467, 479, 487, 491, 499, 503,

-	 509, 521, 523, 541, 547, 557, 563, 569,

-	 571, 577, 587, 593, 599, 601, 607, 613,

-	 617, 619, 631, 641, 643, 647, 653, 659,

-	 661, 673, 677, 683, 691, 701, 709, 719,

-	 727, 733, 739, 743, 751, 757, 761, 769,

-	 773, 787, 797, 809, 811, 821, 823, 827,

-	 829, 839, 853, 857, 859, 863, 877, 881,

-	 883, 887, 907, 911, 919, 929, 937, 941,

-	 947, 953, 967, 971, 977, 983, 991, 997,

-	1009,1013,1019,1021,1031,1033,1039,1049,

-	1051,1061,1063,1069,1087,1091,1093,1097,

-	1103,1109,1117,1123,1129,1151,1153,1163,

-	1171,1181,1187,1193,1201,1213,1217,1223,

-	1229,1231,1237,1249,1259,1277,1279,1283,

-	1289,1291,1297,1301,1303,1307,1319,1321,

-	1327,1361,1367,1373,1381,1399,1409,1423,

-	1427,1429,1433,1439,1447,1451,1453,1459,

-	1471,1481,1483,1487,1489,1493,1499,1511,

-	1523,1531,1543,1549,1553,1559,1567,1571,

-	1579,1583,1597,1601,1607,1609,1613,1619,

-	1621,1627,1637,1657,1663,1667,1669,1693,

-	1697,1699,1709,1721,1723,1733,1741,1747,

-	1753,1759,1777,1783,1787,1789,1801,1811,

-	1823,1831,1847,1861,1867,1871,1873,1877,

-	1879,1889,1901,1907,1913,1931,1933,1949,

-	1951,1973,1979,1987,1993,1997,1999,2003,

-	2011,2017,2027,2029,2039,2053,2063,2069,

-	2081,2083,2087,2089,2099,2111,2113,2129,

-	2131,2137,2141,2143,2153,2161,2179,2203,

-	2207,2213,2221,2237,2239,2243,2251,2267,

-	2269,2273,2281,2287,2293,2297,2309,2311,

-	2333,2339,2341,2347,2351,2357,2371,2377,

-	2381,2383,2389,2393,2399,2411,2417,2423,

-	2437,2441,2447,2459,2467,2473,2477,2503,

-	2521,2531,2539,2543,2549,2551,2557,2579,

-	2591,2593,2609,2617,2621,2633,2647,2657,

-	2659,2663,2671,2677,2683,2687,2689,2693,

-	2699,2707,2711,2713,2719,2729,2731,2741,

-	2749,2753,2767,2777,2789,2791,2797,2801,

-	2803,2819,2833,2837,2843,2851,2857,2861,

-	2879,2887,2897,2903,2909,2917,2927,2939,

-	2953,2957,2963,2969,2971,2999,3001,3011,

-	3019,3023,3037,3041,3049,3061,3067,3079,

-	3083,3089,3109,3119,3121,3137,3163,3167,

-	3169,3181,3187,3191,3203,3209,3217,3221,

-	3229,3251,3253,3257,3259,3271,3299,3301,

-	3307,3313,3319,3323,3329,3331,3343,3347,

-	3359,3361,3371,3373,3389,3391,3407,3413,

-	3433,3449,3457,3461,3463,3467,3469,3491,

-	3499,3511,3517,3527,3529,3533,3539,3541,

-	3547,3557,3559,3571,3581,3583,3593,3607,

-	3613,3617,3623,3631,3637,3643,3659,3671,

-	3673,3677,3691,3697,3701,3709,3719,3727,

-	3733,3739,3761,3767,3769,3779,3793,3797,

-	3803,3821,3823,3833,3847,3851,3853,3863,

-	3877,3881,3889,3907,3911,3917,3919,3923,

-	3929,3931,3943,3947,3967,3989,4001,4003,

-	4007,4013,4019,4021,4027,4049,4051,4057,

-	4073,4079,4091,4093,4099,4111,4127,4129,

-	4133,4139,4153,4157,4159,4177,4201,4211,

-	4217,4219,4229,4231,4241,4243,4253,4259,

-	4261,4271,4273,4283,4289,4297,4327,4337,

-	4339,4349,4357,4363,4373,4391,4397,4409,

-	4421,4423,4441,4447,4451,4457,4463,4481,

-	4483,4493,4507,4513,4517,4519,4523,4547,

-	4549,4561,4567,4583,4591,4597,4603,4621,

-	4637,4639,4643,4649,4651,4657,4663,4673,

-	4679,4691,4703,4721,4723,4729,4733,4751,

-	4759,4783,4787,4789,4793,4799,4801,4813,

-	4817,4831,4861,4871,4877,4889,4903,4909,

-	4919,4931,4933,4937,4943,4951,4957,4967,

-	4969,4973,4987,4993,4999,5003,5009,5011,

-	5021,5023,5039,5051,5059,5077,5081,5087,

-	5099,5101,5107,5113,5119,5147,5153,5167,

-	5171,5179,5189,5197,5209,5227,5231,5233,

-	5237,5261,5273,5279,5281,5297,5303,5309,

-	5323,5333,5347,5351,5381,5387,5393,5399,

-	5407,5413,5417,5419,5431,5437,5441,5443,

-	5449,5471,5477,5479,5483,5501,5503,5507,

-	5519,5521,5527,5531,5557,5563,5569,5573,

-	5581,5591,5623,5639,5641,5647,5651,5653,

-	5657,5659,5669,5683,5689,5693,5701,5711,

-	5717,5737,5741,5743,5749,5779,5783,5791,

-	5801,5807,5813,5821,5827,5839,5843,5849,

-	5851,5857,5861,5867,5869,5879,5881,5897,

-	5903,5923,5927,5939,5953,5981,5987,6007,

-	6011,6029,6037,6043,6047,6053,6067,6073,

-	6079,6089,6091,6101,6113,6121,6131,6133,

-	6143,6151,6163,6173,6197,6199,6203,6211,

-	6217,6221,6229,6247,6257,6263,6269,6271,

-	6277,6287,6299,6301,6311,6317,6323,6329,

-	6337,6343,6353,6359,6361,6367,6373,6379,

-	6389,6397,6421,6427,6449,6451,6469,6473,

-	6481,6491,6521,6529,6547,6551,6553,6563,

-	6569,6571,6577,6581,6599,6607,6619,6637,

-	6653,6659,6661,6673,6679,6689,6691,6701,

-	6703,6709,6719,6733,6737,6761,6763,6779,

-	6781,6791,6793,6803,6823,6827,6829,6833,

-	6841,6857,6863,6869,6871,6883,6899,6907,

-	6911,6917,6947,6949,6959,6961,6967,6971,

-	6977,6983,6991,6997,7001,7013,7019,7027,

-	7039,7043,7057,7069,7079,7103,7109,7121,

-	7127,7129,7151,7159,7177,7187,7193,7207,

-	7211,7213,7219,7229,7237,7243,7247,7253,

-	7283,7297,7307,7309,7321,7331,7333,7349,

-	7351,7369,7393,7411,7417,7433,7451,7457,

-	7459,7477,7481,7487,7489,7499,7507,7517,

-	7523,7529,7537,7541,7547,7549,7559,7561,

-	7573,7577,7583,7589,7591,7603,7607,7621,

-	7639,7643,7649,7669,7673,7681,7687,7691,

-	7699,7703,7717,7723,7727,7741,7753,7757,

-	7759,7789,7793,7817,7823,7829,7841,7853,

-	7867,7873,7877,7879,7883,7901,7907,7919,

-	7927,7933,7937,7949,7951,7963,7993,8009,

-	8011,8017,8039,8053,8059,8069,8081,8087,

-	8089,8093,8101,8111,8117,8123,8147,8161,

-	8167,8171,8179,8191,8209,8219,8221,8231,

-	8233,8237,8243,8263,8269,8273,8287,8291,

-	8293,8297,8311,8317,8329,8353,8363,8369,

-	8377,8387,8389,8419,8423,8429,8431,8443,

-	8447,8461,8467,8501,8513,8521,8527,8537,

-	8539,8543,8563,8573,8581,8597,8599,8609,

-	8623,8627,8629,8641,8647,8663,8669,8677,

-	8681,8689,8693,8699,8707,8713,8719,8731,

-	8737,8741,8747,8753,8761,8779,8783,8803,

-	8807,8819,8821,8831,8837,8839,8849,8861,

-	8863,8867,8887,8893,8923,8929,8933,8941,

-	8951,8963,8969,8971,8999,9001,9007,9011,

-	9013,9029,9041,9043,9049,9059,9067,9091,

-	9103,9109,9127,9133,9137,9151,9157,9161,

-	9173,9181,9187,9199,9203,9209,9221,9227,

-	9239,9241,9257,9277,9281,9283,9293,9311,

-	9319,9323,9337,9341,9343,9349,9371,9377,

-	9391,9397,9403,9413,9419,9421,9431,9433,

-	9437,9439,9461,9463,9467,9473,9479,9491,

-	9497,9511,9521,9533,9539,9547,9551,9587,

-	9601,9613,9619,9623,9629,9631,9643,9649,

-	9661,9677,9679,9689,9697,9719,9721,9733,

-	9739,9743,9749,9767,9769,9781,9787,9791,

-	9803,9811,9817,9829,9833,9839,9851,9857,

-	9859,9871,9883,9887,9901,9907,9923,9929,

-	9931,9941,9949,9967,9973,10007,10009,10037,

-	10039,10061,10067,10069,10079,10091,10093,10099,

-	10103,10111,10133,10139,10141,10151,10159,10163,

-	10169,10177,10181,10193,10211,10223,10243,10247,

-	10253,10259,10267,10271,10273,10289,10301,10303,

-	10313,10321,10331,10333,10337,10343,10357,10369,

-	10391,10399,10427,10429,10433,10453,10457,10459,

-	10463,10477,10487,10499,10501,10513,10529,10531,

-	10559,10567,10589,10597,10601,10607,10613,10627,

-	10631,10639,10651,10657,10663,10667,10687,10691,

-	10709,10711,10723,10729,10733,10739,10753,10771,

-	10781,10789,10799,10831,10837,10847,10853,10859,

-	10861,10867,10883,10889,10891,10903,10909,10937,

-	10939,10949,10957,10973,10979,10987,10993,11003,

-	11027,11047,11057,11059,11069,11071,11083,11087,

-	11093,11113,11117,11119,11131,11149,11159,11161,

-	11171,11173,11177,11197,11213,11239,11243,11251,

-	11257,11261,11273,11279,11287,11299,11311,11317,

-	11321,11329,11351,11353,11369,11383,11393,11399,

-	11411,11423,11437,11443,11447,11467,11471,11483,

-	11489,11491,11497,11503,11519,11527,11549,11551,

-	11579,11587,11593,11597,11617,11621,11633,11657,

-	11677,11681,11689,11699,11701,11717,11719,11731,

-	11743,11777,11779,11783,11789,11801,11807,11813,

-	11821,11827,11831,11833,11839,11863,11867,11887,

-	11897,11903,11909,11923,11927,11933,11939,11941,

-	11953,11959,11969,11971,11981,11987,12007,12011,

-	12037,12041,12043,12049,12071,12073,12097,12101,

-	12107,12109,12113,12119,12143,12149,12157,12161,

-	12163,12197,12203,12211,12227,12239,12241,12251,

-	12253,12263,12269,12277,12281,12289,12301,12323,

-	12329,12343,12347,12373,12377,12379,12391,12401,

-	12409,12413,12421,12433,12437,12451,12457,12473,

-	12479,12487,12491,12497,12503,12511,12517,12527,

-	12539,12541,12547,12553,12569,12577,12583,12589,

-	12601,12611,12613,12619,12637,12641,12647,12653,

-	12659,12671,12689,12697,12703,12713,12721,12739,

-	12743,12757,12763,12781,12791,12799,12809,12821,

-	12823,12829,12841,12853,12889,12893,12899,12907,

-	12911,12917,12919,12923,12941,12953,12959,12967,

-	12973,12979,12983,13001,13003,13007,13009,13033,

-	13037,13043,13049,13063,13093,13099,13103,13109,

-	13121,13127,13147,13151,13159,13163,13171,13177,

-	13183,13187,13217,13219,13229,13241,13249,13259,

-	13267,13291,13297,13309,13313,13327,13331,13337,

-	13339,13367,13381,13397,13399,13411,13417,13421,

-	13441,13451,13457,13463,13469,13477,13487,13499,

-	13513,13523,13537,13553,13567,13577,13591,13597,

-	13613,13619,13627,13633,13649,13669,13679,13681,

-	13687,13691,13693,13697,13709,13711,13721,13723,

-	13729,13751,13757,13759,13763,13781,13789,13799,

-	13807,13829,13831,13841,13859,13873,13877,13879,

-	13883,13901,13903,13907,13913,13921,13931,13933,

-	13963,13967,13997,13999,14009,14011,14029,14033,

-	14051,14057,14071,14081,14083,14087,14107,14143,

-	14149,14153,14159,14173,14177,14197,14207,14221,

-	14243,14249,14251,14281,14293,14303,14321,14323,

-	14327,14341,14347,14369,14387,14389,14401,14407,

-	14411,14419,14423,14431,14437,14447,14449,14461,

-	14479,14489,14503,14519,14533,14537,14543,14549,

-	14551,14557,14561,14563,14591,14593,14621,14627,

-	14629,14633,14639,14653,14657,14669,14683,14699,

-	14713,14717,14723,14731,14737,14741,14747,14753,

-	14759,14767,14771,14779,14783,14797,14813,14821,

-	14827,14831,14843,14851,14867,14869,14879,14887,

-	14891,14897,14923,14929,14939,14947,14951,14957,

-	14969,14983,15013,15017,15031,15053,15061,15073,

-	15077,15083,15091,15101,15107,15121,15131,15137,

-	15139,15149,15161,15173,15187,15193,15199,15217,

-	15227,15233,15241,15259,15263,15269,15271,15277,

-	15287,15289,15299,15307,15313,15319,15329,15331,

-	15349,15359,15361,15373,15377,15383,15391,15401,

-	15413,15427,15439,15443,15451,15461,15467,15473,

-	15493,15497,15511,15527,15541,15551,15559,15569,

-	15581,15583,15601,15607,15619,15629,15641,15643,

-	15647,15649,15661,15667,15671,15679,15683,15727,

-	15731,15733,15737,15739,15749,15761,15767,15773,

-	15787,15791,15797,15803,15809,15817,15823,15859,

-	15877,15881,15887,15889,15901,15907,15913,15919,

-	15923,15937,15959,15971,15973,15991,16001,16007,

-	16033,16057,16061,16063,16067,16069,16073,16087,

-	16091,16097,16103,16111,16127,16139,16141,16183,

-	16187,16189,16193,16217,16223,16229,16231,16249,

-	16253,16267,16273,16301,16319,16333,16339,16349,

-	16361,16363,16369,16381,16411,16417,16421,16427,

-	16433,16447,16451,16453,16477,16481,16487,16493,

-	16519,16529,16547,16553,16561,16567,16573,16603,

-	16607,16619,16631,16633,16649,16651,16657,16661,

-	16673,16691,16693,16699,16703,16729,16741,16747,

-	16759,16763,16787,16811,16823,16829,16831,16843,

-	16871,16879,16883,16889,16901,16903,16921,16927,

-	16931,16937,16943,16963,16979,16981,16987,16993,

-	17011,17021,17027,17029,17033,17041,17047,17053,

-	17077,17093,17099,17107,17117,17123,17137,17159,

-	17167,17183,17189,17191,17203,17207,17209,17231,

-	17239,17257,17291,17293,17299,17317,17321,17327,

-	17333,17341,17351,17359,17377,17383,17387,17389,

-	17393,17401,17417,17419,17431,17443,17449,17467,

-	17471,17477,17483,17489,17491,17497,17509,17519,

-	17539,17551,17569,17573,17579,17581,17597,17599,

-	17609,17623,17627,17657,17659,17669,17681,17683,

-	17707,17713,17729,17737,17747,17749,17761,17783,

-	17789,17791,17807,17827,17837,17839,17851,17863,

-#endif

-	};

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_prime.pl

+++ /dev/null

@@ -1,119 +1,0 @@

-#!/usr/local/bin/perl

-# bn_prime.pl

-$num=2048;

-$num=$ARGV[0] if ($#ARGV >= 0);

-push(@primes,2);

-$p=1;

-loop: while ($#primes < $num-1)

-	{

-	$p+=2;

-	$s=int(sqrt($p));

-	for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++)

-		{

-		next loop if (($p%$primes[$i]) == 0);

-		}

-	push(@primes,$p);

-	}

-# print <<"EOF";

-# /* Auto generated by bn_prime.pl */

-# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).

-#  * All rights reserved.

-#  * Copyright remains Eric Young's, and as such any Copyright notices in

-#  * the code are not to be removed.

-#  * See the COPYRIGHT file in the SSLeay distribution for more details.

-#  */

-#

-# EOF

-print <<\EOF;

-/* Auto generated by bn_prime.pl */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-EOF

-for ($i=0; $i <= $#primes; $i++)

-	{

-	if ($primes[$i] > 256)

-		{

-		$eight=$i;

-		last;

-		}

-	}

-printf "#ifndef EIGHT_BIT\n";

-printf "#define NUMPRIMES %d\n",$num;

-printf "typedef unsigned short prime_t;\n";

-printf "#else\n";

-printf "#define NUMPRIMES %d\n",$eight;

-printf "typedef unsigned char prime_t;\n";

-printf "#endif\n";

-print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t";

-$init=0;

-for ($i=0; $i <= $#primes; $i++)

-	{

-	printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);

-	printf("\n\t") if (($i%8) == 0) && ($i != 0);

-	printf("%4d,",$primes[$i]);

-	}

-print "\n#endif\n\t};\n";

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_print.c

+++ /dev/null

@@ -1,338 +1,0 @@

-/* crypto/bn/bn_print.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include "bn_lcl.h"

-static const char Hex[]="0123456789ABCDEF";

-/* Must 'OPENSSL_free' the returned data */

-char *BN_bn2hex(const BIGNUM *a)

-	{

-	int i,j,v,z=0;

-	char *buf;

-	char *p;

-	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);

-	if (buf == NULL)

-		{

-		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	p=buf;

-	if (a->neg) *(p++)='-';

-	if (BN_is_zero(a)) *(p++)='0';

-	for (i=a->top-1; i >=0; i--)

-		{

-		for (j=BN_BITS2-8; j >= 0; j-=8)

-			{

-			/* strip leading zeros */

-			v=((int)(a->d[i]>>(long)j))&0xff;

-			if (z || (v != 0))

-				{

-				*(p++)=Hex[v>>4];

-				*(p++)=Hex[v&0x0f];

-				z=1;

-				}

-			}

-		}

-	*p='\0';

-err:

-	return(buf);

-	}

-/* Must 'OPENSSL_free' the returned data */

-char *BN_bn2dec(const BIGNUM *a)

-	{

-	int i=0,num, ok = 0;

-	char *buf=NULL;

-	char *p;

-	BIGNUM *t=NULL;

-	BN_ULONG *bn_data=NULL,*lp;

-	/* get an upper bound for the length of the decimal integer

-	 * num <= (BN_num_bits(a) + 1) * log(2)

-	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)

-	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1

-	 */

-	i=BN_num_bits(a)*3;

-	num=(i/10+i/1000+1)+1;

-	bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));

-	buf=(char *)OPENSSL_malloc(num+3);

-	if ((buf == NULL) || (bn_data == NULL))

-		{

-		BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if ((t=BN_dup(a)) == NULL) goto err;

-#define BUF_REMAIN (num+3 - (size_t)(p - buf))

-	p=buf;

-	lp=bn_data;

-	if (BN_is_zero(t))

-		{

-		*(p++)='0';

-		*(p++)='\0';

-		}

-	else

-		{

-		if (BN_is_negative(t))

-			*p++ = '-';

-		i=0;

-		while (!BN_is_zero(t))

-			{

-			*lp=BN_div_word(t,BN_DEC_CONV);

-			lp++;

-			}

-		lp--;

-		/* We now have a series of blocks, BN_DEC_NUM chars

-		 * in length, where the last one needs truncation.

-		 * The blocks need to be reversed in order. */

-		BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);

-		while (*p) p++;

-		while (lp != bn_data)

-			{

-			lp--;

-			BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);

-			while (*p) p++;

-			}

-		}

-	ok = 1;

-err:

-	if (bn_data != NULL) OPENSSL_free(bn_data);

-	if (t != NULL) BN_free(t);

-	if (!ok && buf)

-		{

-		OPENSSL_free(buf);

-		buf = NULL;

-		}

-	return(buf);

-	}

-int BN_hex2bn(BIGNUM **bn, const char *a)

-	{

-	BIGNUM *ret=NULL;

-	BN_ULONG l=0;

-	int neg=0,h,m,i,j,k,c;

-	int num;

-	if ((a == NULL) || (*a == '\0')) return(0);

-	if (*a == '-') { neg=1; a++; }

-	for (i=0; isxdigit((unsigned char) a[i]); i++)

-		;

-	num=i+neg;

-	if (bn == NULL) return(num);

-	/* a is the start of the hex digits, and it is 'i' long */

-	if (*bn == NULL)

-		{

-		if ((ret=BN_new()) == NULL) return(0);

-		}

-	else

-		{

-		ret= *bn;

-		BN_zero(ret);

-		}

-	/* i is the number of hex digests; */

-	if (bn_expand(ret,i*4) == NULL) goto err;

-	j=i; /* least significant 'hex' */

-	m=0;

-	h=0;

-	while (j > 0)

-		{

-		m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;

-		l=0;

-		for (;;)

-			{

-			c=a[j-m];

-			if ((c >= '0') && (c <= '9')) k=c-'0';

-			else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;

-			else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;

-			else k=0; /* paranoia */

-			l=(l<<4)|k;

-			if (--m <= 0)

-				{

-				ret->d[h++]=l;

-				break;

-				}

-			}

-		j-=(BN_BYTES*2);

-		}

-	ret->top=h;

-	bn_correct_top(ret);

-	ret->neg=neg;

-	*bn=ret;

-	bn_check_top(ret);

-	return(num);

-err:

-	if (*bn == NULL) BN_free(ret);

-	return(0);

-	}

-int BN_dec2bn(BIGNUM **bn, const char *a)

-	{

-	BIGNUM *ret=NULL;

-	BN_ULONG l=0;

-	int neg=0,i,j;

-	int num;

-	if ((a == NULL) || (*a == '\0')) return(0);

-	if (*a == '-') { neg=1; a++; }

-	for (i=0; isdigit((unsigned char) a[i]); i++)

-		;

-	num=i+neg;

-	if (bn == NULL) return(num);

-	/* a is the start of the digits, and it is 'i' long.

-	 * We chop it into BN_DEC_NUM digits at a time */

-	if (*bn == NULL)

-		{

-		if ((ret=BN_new()) == NULL) return(0);

-		}

-	else

-		{

-		ret= *bn;

-		BN_zero(ret);

-		}

-	/* i is the number of digests, a bit of an over expand; */

-	if (bn_expand(ret,i*4) == NULL) goto err;

-	j=BN_DEC_NUM-(i%BN_DEC_NUM);

-	if (j == BN_DEC_NUM) j=0;

-	l=0;

-	while (*a)

-		{

-		l*=10;

-		l+= *a-'0';

-		a++;

-		if (++j == BN_DEC_NUM)

-			{

-			BN_mul_word(ret,BN_DEC_CONV);

-			BN_add_word(ret,l);

-			l=0;

-			j=0;

-			}

-		}

-	ret->neg=neg;

-	bn_correct_top(ret);

-	*bn=ret;

-	bn_check_top(ret);

-	return(num);

-err:

-	if (*bn == NULL) BN_free(ret);

-	return(0);

-	}

-#ifndef OPENSSL_NO_BIO

-#ifndef OPENSSL_NO_FP_API

-int BN_print_fp(FILE *fp, const BIGNUM *a)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file())) == NULL)

-		return(0);

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	ret=BN_print(b,a);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int BN_print(BIO *bp, const BIGNUM *a)

-	{

-	int i,j,v,z=0;

-	int ret=0;

-	if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;

-	if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;

-	for (i=a->top-1; i >=0; i--)

-		{

-		for (j=BN_BITS2-4; j >= 0; j-=4)

-			{

-			/* strip leading zeros */

-			v=((int)(a->d[i]>>(long)j))&0x0f;

-			if (z || (v != 0))

-				{

-				if (BIO_write(bp,&(Hex[v]),1) != 1)

-					goto end;

-				z=1;

-				}

-			}

-		}

-	ret=1;

-end:

-	return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_rand.c

+++ /dev/null

@@ -1,305 +1,0 @@

-/* crypto/bn/bn_rand.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-#include <openssl/rand.h>

-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)

-	{

-	unsigned char *buf=NULL;

-	int ret=0,bit,bytes,mask;

-	time_t tim;

-	if (bits == 0)

-		{

-		BN_zero(rnd);

-		return 1;

-		}

-	bytes=(bits+7)/8;

-	bit=(bits-1)%8;

-	mask=0xff<<(bit+1);

-	buf=(unsigned char *)OPENSSL_malloc(bytes);

-	if (buf == NULL)

-		{

-		BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	/* make a random number and set the top and bottom bits */

-	time(&tim);

-	RAND_add(&tim,sizeof(tim),0.0);

-	if (pseudorand)

-		{

-		if (RAND_pseudo_bytes(buf, bytes) == -1)

-			goto err;

-		}

-	else

-		{

-		if (RAND_bytes(buf, bytes) <= 0)

-			goto err;

-		}

-#if 1

-	if (pseudorand == 2)

-		{

-		/* generate patterns that are more likely to trigger BN

-		   library bugs */

-		int i;

-		unsigned char c;

-		for (i = 0; i < bytes; i++)

-			{

-			RAND_pseudo_bytes(&c, 1);

-			if (c >= 128 && i > 0)

-				buf[i] = buf[i-1];

-			else if (c < 42)

-				buf[i] = 0;

-			else if (c < 84)

-				buf[i] = 255;

-			}

-		}

-#endif

-	if (top != -1)

-		{

-		if (top)

-			{

-			if (bit == 0)

-				{

-				buf[0]=1;

-				buf[1]|=0x80;

-				}

-			else

-				{

-				buf[0]|=(3<<(bit-1));

-				}

-			}

-		else

-			{

-			buf[0]|=(1<<bit);

-			}

-		}

-	buf[0] &= ~mask;

-	if (bottom) /* set bottom bit if requested */

-		buf[bytes-1]|=1;

-	if (!BN_bin2bn(buf,bytes,rnd)) goto err;

-	ret=1;

-err:

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,bytes);

-		OPENSSL_free(buf);

-		}

-	bn_check_top(rnd);

-	return(ret);

-	}

-int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)

-	{

-	return bnrand(0, rnd, bits, top, bottom);

-	}

-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)

-	{

-	return bnrand(1, rnd, bits, top, bottom);

-	}

-#if 1

-int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)

-	{

-	return bnrand(2, rnd, bits, top, bottom);

-	}

-#endif

-/* random number r:  0 <= r < range */

-static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)

-	{

-	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;

-	int n;

-	int count = 100;

-	if (range->neg || BN_is_zero(range))

-		{

-		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);

-		return 0;

-		}

-	n = BN_num_bits(range); /* n > 0 */

-	/* BN_is_bit_set(range, n - 1) always holds */

-	if (n == 1)

-		BN_zero(r);

-	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))

-		{

-		/* range = 100..._2,

-		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */

-		do

-			{

-			if (!bn_rand(r, n + 1, -1, 0)) return 0;

-			/* If  r < 3*range,  use  r := r MOD range

-			 * (which is either  r, r - range,  or  r - 2*range).

-			 * Otherwise, iterate once more.

-			 * Since  3*range = 11..._2, each iteration succeeds with

-			 * probability >= .75. */

-			if (BN_cmp(r ,range) >= 0)

-				{

-				if (!BN_sub(r, r, range)) return 0;

-				if (BN_cmp(r, range) >= 0)

-					if (!BN_sub(r, r, range)) return 0;

-				}

-			if (!--count)

-				{

-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);

-				return 0;

-				}

-			}

-		while (BN_cmp(r, range) >= 0);

-		}

-	else

-		{

-		do

-			{

-			/* range = 11..._2  or  range = 101..._2 */

-			if (!bn_rand(r, n, -1, 0)) return 0;

-			if (!--count)

-				{

-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);

-				return 0;

-				}

-			}

-		while (BN_cmp(r, range) >= 0);

-		}

-	bn_check_top(r);

-	return 1;

-	}

-int	BN_rand_range(BIGNUM *r, BIGNUM *range)

-	{

-	return bn_rand_range(0, r, range);

-	}

-int	BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)

-	{

-	return bn_rand_range(1, r, range);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_recp.c

+++ /dev/null

@@ -1,234 +1,0 @@

-/* crypto/bn/bn_recp.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-void BN_RECP_CTX_init(BN_RECP_CTX *recp)

-	{

-	BN_init(&(recp->N));

-	BN_init(&(recp->Nr));

-	recp->num_bits=0;

-	recp->flags=0;

-	}

-BN_RECP_CTX *BN_RECP_CTX_new(void)

-	{

-	BN_RECP_CTX *ret;

-	if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)

-		return(NULL);

-	BN_RECP_CTX_init(ret);

-	ret->flags=BN_FLG_MALLOCED;

-	return(ret);

-	}

-void BN_RECP_CTX_free(BN_RECP_CTX *recp)

-	{

-	if(recp == NULL)

-	    return;

-	BN_free(&(recp->N));

-	BN_free(&(recp->Nr));

-	if (recp->flags & BN_FLG_MALLOCED)

-		OPENSSL_free(recp);

-	}

-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)

-	{

-	if (!BN_copy(&(recp->N),d)) return 0;

-	BN_zero(&(recp->Nr));

-	recp->num_bits=BN_num_bits(d);

-	recp->shift=0;

-	return(1);

-	}

-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,

-	BN_RECP_CTX *recp, BN_CTX *ctx)

-	{

-	int ret=0;

-	BIGNUM *a;

-	const BIGNUM *ca;

-	BN_CTX_start(ctx);

-	if ((a = BN_CTX_get(ctx)) == NULL) goto err;

-	if (y != NULL)

-		{

-		if (x == y)

-			{ if (!BN_sqr(a,x,ctx)) goto err; }

-		else

-			{ if (!BN_mul(a,x,y,ctx)) goto err; }

-		ca = a;

-		}

-	else

-		ca=x; /* Just do the mod */

-	ret = BN_div_recp(NULL,r,ca,recp,ctx);

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(r);

-	return(ret);

-	}

-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,

-	BN_RECP_CTX *recp, BN_CTX *ctx)

-	{

-	int i,j,ret=0;

-	BIGNUM *a,*b,*d,*r;

-	BN_CTX_start(ctx);

-	a=BN_CTX_get(ctx);

-	b=BN_CTX_get(ctx);

-	if (dv != NULL)

-		d=dv;

-	else

-		d=BN_CTX_get(ctx);

-	if (rem != NULL)

-		r=rem;

-	else

-		r=BN_CTX_get(ctx);

-	if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;

-	if (BN_ucmp(m,&(recp->N)) < 0)

-		{

-		BN_zero(d);

-		if (!BN_copy(r,m)) return 0;

-		BN_CTX_end(ctx);

-		return(1);

-		}

-	/* We want the remainder

-	 * Given input of ABCDEF / ab

-	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab

-	 *

-	 */

-	/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */

-	i=BN_num_bits(m);

-	j=recp->num_bits<<1;

-	if (j>i) i=j;

-	/* Nr := round(2^i / N) */

-	if (i != recp->shift)

-		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),

-			i,ctx); /* BN_reciprocal returns i, or -1 for an error */

-	if (recp->shift == -1) goto err;

-	/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|

-	 *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|

-	 *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|

-	 *    = |m/N|

-	 */

-	if (!BN_rshift(a,m,recp->num_bits)) goto err;

-	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;

-	if (!BN_rshift(d,b,i-recp->num_bits)) goto err;

-	d->neg=0;

-	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;

-	if (!BN_usub(r,m,b)) goto err;

-	r->neg=0;

-#if 1

-	j=0;

-	while (BN_ucmp(r,&(recp->N)) >= 0)

-		{

-		if (j++ > 2)

-			{

-			BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);

-			goto err;

-			}

-		if (!BN_usub(r,r,&(recp->N))) goto err;

-		if (!BN_add_word(d,1)) goto err;

-		}

-#endif

-	r->neg=BN_is_zero(r)?0:m->neg;

-	d->neg=m->neg^recp->N.neg;

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	bn_check_top(dv);

-	bn_check_top(rem);

-	return(ret);

-	}

-/* len is the expected size of the result

- * We actually calculate with an extra word of precision, so

- * we can do faster division if the remainder is not required.

- */

-/* r := 2^len / m */

-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)

-	{

-	int ret= -1;

-	BIGNUM *t;

-	BN_CTX_start(ctx);

-	if((t = BN_CTX_get(ctx)) == NULL) goto err;

-	if (!BN_set_bit(t,len)) goto err;

-	if (!BN_div(r,NULL,t,m,ctx)) goto err;

-	ret=len;

-err:

-	bn_check_top(r);

-	BN_CTX_end(ctx);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_shift.c

+++ /dev/null

@@ -1,220 +1,0 @@

-/* crypto/bn/bn_shift.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-int BN_lshift1(BIGNUM *r, const BIGNUM *a)

-	{

-	register BN_ULONG *ap,*rp,t,c;

-	int i;

-	bn_check_top(r);

-	bn_check_top(a);

-	if (r != a)

-		{

-		r->neg=a->neg;

-		if (bn_wexpand(r,a->top+1) == NULL) return(0);

-		r->top=a->top;

-		}

-	else

-		{

-		if (bn_wexpand(r,a->top+1) == NULL) return(0);

-		}

-	ap=a->d;

-	rp=r->d;

-	c=0;

-	for (i=0; i<a->top; i++)

-		{

-		t= *(ap++);

-		*(rp++)=((t<<1)|c)&BN_MASK2;

-		c=(t & BN_TBIT)?1:0;

-		}

-	if (c)

-		{

-		*rp=1;

-		r->top++;

-		}

-	bn_check_top(r);

-	return(1);

-	}

-int BN_rshift1(BIGNUM *r, const BIGNUM *a)

-	{

-	BN_ULONG *ap,*rp,t,c;

-	int i;

-	bn_check_top(r);

-	bn_check_top(a);

-	if (BN_is_zero(a))

-		{

-		BN_zero(r);

-		return(1);

-		}

-	if (a != r)

-		{

-		if (bn_wexpand(r,a->top) == NULL) return(0);

-		r->top=a->top;

-		r->neg=a->neg;

-		}

-	ap=a->d;

-	rp=r->d;

-	c=0;

-	for (i=a->top-1; i>=0; i--)

-		{

-		t=ap[i];

-		rp[i]=((t>>1)&BN_MASK2)|c;

-		c=(t&1)?BN_TBIT:0;

-		}

-	bn_correct_top(r);

-	bn_check_top(r);

-	return(1);

-	}

-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)

-	{

-	int i,nw,lb,rb;

-	BN_ULONG *t,*f;

-	BN_ULONG l;

-	bn_check_top(r);

-	bn_check_top(a);

-	r->neg=a->neg;

-	nw=n/BN_BITS2;

-	if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);

-	lb=n%BN_BITS2;

-	rb=BN_BITS2-lb;

-	f=a->d;

-	t=r->d;

-	t[a->top+nw]=0;

-	if (lb == 0)

-		for (i=a->top-1; i>=0; i--)

-			t[nw+i]=f[i];

-	else

-		for (i=a->top-1; i>=0; i--)

-			{

-			l=f[i];

-			t[nw+i+1]|=(l>>rb)&BN_MASK2;

-			t[nw+i]=(l<<lb)&BN_MASK2;

-			}

-	memset(t,0,nw*sizeof(t[0]));

-/*	for (i=0; i<nw; i++)

-		t[i]=0;*/

-	r->top=a->top+nw+1;

-	bn_correct_top(r);

-	bn_check_top(r);

-	return(1);

-	}

-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)

-	{

-	int i,j,nw,lb,rb;

-	BN_ULONG *t,*f;

-	BN_ULONG l,tmp;

-	bn_check_top(r);

-	bn_check_top(a);

-	nw=n/BN_BITS2;

-	rb=n%BN_BITS2;

-	lb=BN_BITS2-rb;

-	if (nw > a->top || a->top == 0)

-		{

-		BN_zero(r);

-		return(1);

-		}

-	if (r != a)

-		{

-		r->neg=a->neg;

-		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);

-		}

-	else

-		{

-		if (n == 0)

-			return 1; /* or the copying loop will go berserk */

-		}

-	f= &(a->d[nw]);

-	t=r->d;

-	j=a->top-nw;

-	r->top=j;

-	if (rb == 0)

-		{

-		for (i=j; i != 0; i--)

-			*(t++)= *(f++);

-		}

-	else

-		{

-		l= *(f++);

-		for (i=j-1; i != 0; i--)

-			{

-			tmp =(l>>rb)&BN_MASK2;

-			l= *(f++);

-			*(t++) =(tmp|(l<<lb))&BN_MASK2;

-			}

-		*(t++) =(l>>rb)&BN_MASK2;

-		}

-	bn_correct_top(r);

-	bn_check_top(r);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_sqr.c

+++ /dev/null

@@ -1,294 +1,0 @@

-/* crypto/bn/bn_sqr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-/* r must not be a */

-/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */

-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

-	{

-	int max,al;

-	int ret = 0;

-	BIGNUM *tmp,*rr;

-#ifdef BN_COUNT

-	fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);

-#endif

-	bn_check_top(a);

-	al=a->top;

-	if (al <= 0)

-		{

-		r->top=0;

-		return 1;

-		}

-	BN_CTX_start(ctx);

-	rr=(a != r) ? r : BN_CTX_get(ctx);

-	tmp=BN_CTX_get(ctx);

-	if (!rr || !tmp) goto err;

-	max = 2 * al; /* Non-zero (from above) */

-	if (bn_wexpand(rr,max) == NULL) goto err;

-	if (al == 4)

-		{

-#ifndef BN_SQR_COMBA

-		BN_ULONG t[8];

-		bn_sqr_normal(rr->d,a->d,4,t);

-#else

-		bn_sqr_comba4(rr->d,a->d);

-#endif

-		}

-	else if (al == 8)

-		{

-#ifndef BN_SQR_COMBA

-		BN_ULONG t[16];

-		bn_sqr_normal(rr->d,a->d,8,t);

-#else

-		bn_sqr_comba8(rr->d,a->d);

-#endif

-		}

-	else

-		{

-#if defined(BN_RECURSION)

-		if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)

-			{

-			BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];

-			bn_sqr_normal(rr->d,a->d,al,t);

-			}

-		else

-			{

-			int j,k;

-			j=BN_num_bits_word((BN_ULONG)al);

-			j=1<<(j-1);

-			k=j+j;

-			if (al == j)

-				{

-				if (bn_wexpand(tmp,k*2) == NULL) goto err;

-				bn_sqr_recursive(rr->d,a->d,al,tmp->d);

-				}

-			else

-				{

-				if (bn_wexpand(tmp,max) == NULL) goto err;

-				bn_sqr_normal(rr->d,a->d,al,tmp->d);

-				}

-			}

-#else

-		if (bn_wexpand(tmp,max) == NULL) goto err;

-		bn_sqr_normal(rr->d,a->d,al,tmp->d);

-#endif

-		}

-	rr->neg=0;

-	/* If the most-significant half of the top word of 'a' is zero, then

-	 * the square of 'a' will max-1 words. */

-	if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))

-		rr->top = max - 1;

-	else

-		rr->top = max;

-	if (rr != r) BN_copy(r,rr);

-	ret = 1;

- err:

-	bn_check_top(rr);

-	bn_check_top(tmp);

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-/* tmp must have 2*n words */

-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)

-	{

-	int i,j,max;

-	const BN_ULONG *ap;

-	BN_ULONG *rp;

-	max=n*2;

-	ap=a;

-	rp=r;

-	rp[0]=rp[max-1]=0;

-	rp++;

-	j=n;

-	if (--j > 0)

-		{

-		ap++;

-		rp[j]=bn_mul_words(rp,ap,j,ap[-1]);

-		rp+=2;

-		}

-	for (i=n-2; i>0; i--)

-		{

-		j--;

-		ap++;

-		rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);

-		rp+=2;

-		}

-	bn_add_words(r,r,r,max);

-	/* There will not be a carry */

-	bn_sqr_words(tmp,a,n);

-	bn_add_words(r,r,tmp,max);

-	}

-#ifdef BN_RECURSION

-/* r is 2*n words in size,

- * a and b are both n words in size.    (There's not actually a 'b' here ...)

- * n must be a power of 2.

- * We multiply and return the result.

- * t must be 2*n words in size

- * We calculate

- * a[0]*b[0]

- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])

- * a[1]*b[1]

- */

-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)

-	{

-	int n=n2/2;

-	int zero,c1;

-	BN_ULONG ln,lo,*p;

-#ifdef BN_COUNT

-	fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);

-#endif

-	if (n2 == 4)

-		{

-#ifndef BN_SQR_COMBA

-		bn_sqr_normal(r,a,4,t);

-#else

-		bn_sqr_comba4(r,a);

-#endif

-		return;

-		}

-	else if (n2 == 8)

-		{

-#ifndef BN_SQR_COMBA

-		bn_sqr_normal(r,a,8,t);

-#else

-		bn_sqr_comba8(r,a);

-#endif

-		return;

-		}

-	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)

-		{

-		bn_sqr_normal(r,a,n2,t);

-		return;

-		}

-	/* r=(a[0]-a[1])*(a[1]-a[0]) */

-	c1=bn_cmp_words(a,&(a[n]),n);

-	zero=0;

-	if (c1 > 0)

-		bn_sub_words(t,a,&(a[n]),n);

-	else if (c1 < 0)

-		bn_sub_words(t,&(a[n]),a,n);

-	else

-		zero=1;

-	/* The result will always be negative unless it is zero */

-	p= &(t[n2*2]);

-	if (!zero)

-		bn_sqr_recursive(&(t[n2]),t,n,p);

-	else

-		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));

-	bn_sqr_recursive(r,a,n,p);

-	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);

-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero

-	 * r[10] holds (a[0]*b[0])

-	 * r[32] holds (b[1]*b[1])

-	 */

-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));

-	/* t[32] is negative */

-	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));

-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])

-	 * r[10] holds (a[0]*a[0])

-	 * r[32] holds (a[1]*a[1])

-	 * c1 holds the carry bits

-	 */

-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));

-	if (c1)

-		{

-		p= &(r[n+n2]);

-		lo= *p;

-		ln=(lo+c1)&BN_MASK2;

-		*p=ln;

-		/* The overflow will stop before we over write

-		 * words we should not overwrite */

-		if (ln < (BN_ULONG)c1)

-			{

-			do	{

-				p++;

-				lo= *p;

-				ln=(lo+1)&BN_MASK2;

-				*p=ln;

-				} while (ln == 0);

-			}

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_sqrt.c

+++ /dev/null

@@ -1,393 +1,0 @@

-/* crypto/bn/bn_sqrt.c */

-/* Written by Lenka Fibikova <[email protected]>

- * and Bodo Moeller for the OpenSSL project. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include "bn_lcl.h"

-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

-/* Returns 'ret' such that

- *      ret^2 == a (mod p),

- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course

- * in Algebraic Computational Number Theory", algorithm 1.5.1).

- * 'p' must be prime!

- */

-	{

-	BIGNUM *ret = in;

-	int err = 1;

-	int r;

-	BIGNUM *A, *b, *q, *t, *x, *y;

-	int e, i, j;

-	if (!BN_is_odd(p) || BN_abs_is_word(p, 1))

-		{

-		if (BN_abs_is_word(p, 2))

-			{

-			if (ret == NULL)

-				ret = BN_new();

-			if (ret == NULL)

-				goto end;

-			if (!BN_set_word(ret, BN_is_bit_set(a, 0)))

-				{

-				if (ret != in)

-					BN_free(ret);

-				return NULL;

-				}

-			bn_check_top(ret);

-			return ret;

-			}

-		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);

-		return(NULL);

-		}

-	if (BN_is_zero(a) || BN_is_one(a))

-		{

-		if (ret == NULL)

-			ret = BN_new();

-		if (ret == NULL)

-			goto end;

-		if (!BN_set_word(ret, BN_is_one(a)))

-			{

-			if (ret != in)

-				BN_free(ret);

-			return NULL;

-			}

-		bn_check_top(ret);

-		return ret;

-		}

-	BN_CTX_start(ctx);

-	A = BN_CTX_get(ctx);

-	b = BN_CTX_get(ctx);

-	q = BN_CTX_get(ctx);

-	t = BN_CTX_get(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	if (y == NULL) goto end;

-	if (ret == NULL)

-		ret = BN_new();

-	if (ret == NULL) goto end;

-	/* A = a mod p */

-	if (!BN_nnmod(A, a, p, ctx)) goto end;

-	/* now write  |p| - 1  as  2^e*q  where  q  is odd */

-	e = 1;

-	while (!BN_is_bit_set(p, e))

-		e++;

-	/* we'll set  q  later (if needed) */

-	if (e == 1)

-		{

-		/* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse

-		 * modulo  (|p|-1)/2,  and square roots can be computed

-		 * directly by modular exponentiation.

-		 * We have

-		 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),

-		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.

-		 */

-		if (!BN_rshift(q, p, 2)) goto end;

-		q->neg = 0;

-		if (!BN_add_word(q, 1)) goto end;

-		if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;

-		err = 0;

-		goto vrfy;

-		}

-	if (e == 2)

-		{

-		/* |p| == 5  (mod 8)

-		 *

-		 * In this case  2  is always a non-square since

-		 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.

-		 * So if  a  really is a square, then  2*a  is a non-square.

-		 * Thus for

-		 *      b := (2*a)^((|p|-5)/8),

-		 *      i := (2*a)*b^2

-		 * we have

-		 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)

-		 *         = (2*a)^((p-1)/2)

-		 *         = -1;

-		 * so if we set

-		 *      x := a*b*(i-1),

-		 * then

-		 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)

-		 *         = a^2 * b^2 * (-2*i)

-		 *         = a*(-i)*(2*a*b^2)

-		 *         = a*(-i)*i

-		 *         = a.

-		 *

-		 * (This is due to A.O.L. Atkin,

-		 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,

-		 * November 1992.)

-		 */

-		/* t := 2*a */

-		if (!BN_mod_lshift1_quick(t, A, p)) goto end;

-		/* b := (2*a)^((|p|-5)/8) */

-		if (!BN_rshift(q, p, 3)) goto end;

-		q->neg = 0;

-		if (!BN_mod_exp(b, t, q, p, ctx)) goto end;

-		/* y := b^2 */

-		if (!BN_mod_sqr(y, b, p, ctx)) goto end;

-		/* t := (2*a)*b^2 - 1*/

-		if (!BN_mod_mul(t, t, y, p, ctx)) goto end;

-		if (!BN_sub_word(t, 1)) goto end;

-		/* x = a*b*t */

-		if (!BN_mod_mul(x, A, b, p, ctx)) goto end;

-		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;

-		if (!BN_copy(ret, x)) goto end;

-		err = 0;

-		goto vrfy;

-		}

-	/* e > 2, so we really have to use the Tonelli/Shanks algorithm.

-	 * First, find some  y  that is not a square. */

-	if (!BN_copy(q, p)) goto end; /* use 'q' as temp */

-	q->neg = 0;

-	i = 2;

-	do

-		{

-		/* For efficiency, try small numbers first;

-		 * if this fails, try random numbers.

-		 */

-		if (i < 22)

-			{

-			if (!BN_set_word(y, i)) goto end;

-			}

-		else

-			{

-			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;

-			if (BN_ucmp(y, p) >= 0)

-				{

-				if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;

-				}

-			/* now 0 <= y < |p| */

-			if (BN_is_zero(y))

-				if (!BN_set_word(y, i)) goto end;

-			}

-		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */

-		if (r < -1) goto end;

-		if (r == 0)

-			{

-			/* m divides p */

-			BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);

-			goto end;

-			}

-		}

-	while (r == 1 && ++i < 82);

-	if (r != -1)

-		{

-		/* Many rounds and still no non-square -- this is more likely

-		 * a bug than just bad luck.

-		 * Even if  p  is not prime, we should have found some  y

-		 * such that r == -1.

-		 */

-		BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);

-		goto end;

-		}

-	/* Here's our actual 'q': */

-	if (!BN_rshift(q, q, e)) goto end;

-	/* Now that we have some non-square, we can find an element

-	 * of order  2^e  by computing its q'th power. */

-	if (!BN_mod_exp(y, y, q, p, ctx)) goto end;

-	if (BN_is_one(y))

-		{

-		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);

-		goto end;

-		}

-	/* Now we know that (if  p  is indeed prime) there is an integer

-	 * k,  0 <= k < 2^e,  such that

-	 *

-	 *      a^q * y^k == 1   (mod p).

-	 *

-	 * As  a^q  is a square and  y  is not,  k  must be even.

-	 * q+1  is even, too, so there is an element

-	 *

-	 *     X := a^((q+1)/2) * y^(k/2),

-	 *

-	 * and it satisfies

-	 *

-	 *     X^2 = a^q * a     * y^k

-	 *         = a,

-	 *

-	 * so it is the square root that we are looking for.

-	 */

-	/* t := (q-1)/2  (note that  q  is odd) */

-	if (!BN_rshift1(t, q)) goto end;

-	/* x := a^((q-1)/2) */

-	if (BN_is_zero(t)) /* special case: p = 2^e + 1 */

-		{

-		if (!BN_nnmod(t, A, p, ctx)) goto end;

-		if (BN_is_zero(t))

-			{

-			/* special case: a == 0  (mod p) */

-			BN_zero(ret);

-			err = 0;

-			goto end;

-			}

-		else

-			if (!BN_one(x)) goto end;

-		}

-	else

-		{

-		if (!BN_mod_exp(x, A, t, p, ctx)) goto end;

-		if (BN_is_zero(x))

-			{

-			/* special case: a == 0  (mod p) */

-			BN_zero(ret);

-			err = 0;

-			goto end;

-			}

-		}

-	/* b := a*x^2  (= a^q) */

-	if (!BN_mod_sqr(b, x, p, ctx)) goto end;

-	if (!BN_mod_mul(b, b, A, p, ctx)) goto end;

-	/* x := a*x    (= a^((q+1)/2)) */

-	if (!BN_mod_mul(x, x, A, p, ctx)) goto end;

-	while (1)

-		{

-		/* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E

-		 * where  E  refers to the original value of  e,  which we

-		 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).

-		 *

-		 * We have  a*b = x^2,

-		 *    y^2^(e-1) = -1,

-		 *    b^2^(e-1) = 1.

-		 */

-		if (BN_is_one(b))

-			{

-			if (!BN_copy(ret, x)) goto end;

-			err = 0;

-			goto vrfy;

-			}

-		/* find smallest  i  such that  b^(2^i) = 1 */

-		i = 1;

-		if (!BN_mod_sqr(t, b, p, ctx)) goto end;

-		while (!BN_is_one(t))

-			{

-			i++;

-			if (i == e)

-				{

-				BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);

-				goto end;

-				}

-			if (!BN_mod_mul(t, t, t, p, ctx)) goto end;

-			}

-		/* t := y^2^(e - i - 1) */

-		if (!BN_copy(t, y)) goto end;

-		for (j = e - i - 1; j > 0; j--)

-			{

-			if (!BN_mod_sqr(t, t, p, ctx)) goto end;

-			}

-		if (!BN_mod_mul(y, t, t, p, ctx)) goto end;

-		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;

-		if (!BN_mod_mul(b, b, y, p, ctx)) goto end;

-		e = i;

-		}

- vrfy:

-	if (!err)

-		{

-		/* verify the result -- the input might have been not a square

-		 * (test added in 0.9.8) */

-		if (!BN_mod_sqr(x, ret, p, ctx))

-			err = 1;

-		if (!err && 0 != BN_cmp(x, A))

-			{

-			BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);

-			err = 1;

-			}

-		}

- end:

-	if (err)

-		{

-		if (ret != NULL && ret != in)

-			{

-			BN_clear_free(ret);

-			}

-		ret = NULL;

-		}

-	BN_CTX_end(ctx);

-	bn_check_top(ret);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bn_word.c

+++ /dev/null

@@ -1,247 +1,0 @@

-/* crypto/bn/bn_word.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)

-	{

-#ifndef BN_LLONG

-	BN_ULONG ret=0;

-#else

-	BN_ULLONG ret=0;

-#endif

-	int i;

-	if (w == 0)

-		return (BN_ULONG)-1;

-	bn_check_top(a);

-	w&=BN_MASK2;

-	for (i=a->top-1; i>=0; i--)

-		{

-#ifndef BN_LLONG

-		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;

-		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;

-#else

-		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%

-			(BN_ULLONG)w);

-#endif

-		}

-	return((BN_ULONG)ret);

-	}

-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)

-	{

-	BN_ULONG ret = 0;

-	int i, j;

-	bn_check_top(a);

-	w &= BN_MASK2;

-	if (!w)

-		/* actually this an error (division by zero) */

-		return (BN_ULONG)-1;

-	if (a->top == 0)

-		return 0;

-	/* normalize input (so bn_div_words doesn't complain) */

-	j = BN_BITS2 - BN_num_bits_word(w);

-	w <<= j;

-	if (!BN_lshift(a, a, j))

-		return (BN_ULONG)-1;

-	for (i=a->top-1; i>=0; i--)

-		{

-		BN_ULONG l,d;

-		l=a->d[i];

-		d=bn_div_words(ret,l,w);

-		ret=(l-((d*w)&BN_MASK2))&BN_MASK2;

-		a->d[i]=d;

-		}

-	if ((a->top > 0) && (a->d[a->top-1] == 0))

-		a->top--;

-	ret >>= j;

-	bn_check_top(a);

-	return(ret);

-	}

-int BN_add_word(BIGNUM *a, BN_ULONG w)

-	{

-	BN_ULONG l;

-	int i;

-	bn_check_top(a);

-	w &= BN_MASK2;

-	/* degenerate case: w is zero */

-	if (!w) return 1;

-	/* degenerate case: a is zero */

-	if(BN_is_zero(a)) return BN_set_word(a, w);

-	/* handle 'a' when negative */

-	if (a->neg)

-		{

-		a->neg=0;

-		i=BN_sub_word(a,w);

-		if (!BN_is_zero(a))

-			a->neg=!(a->neg);

-		return(i);

-		}

-	/* Only expand (and risk failing) if it's possibly necessary */

-	if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&

-			(bn_wexpand(a,a->top+1) == NULL))

-		return(0);

-	i=0;

-	for (;;)

-		{

-		if (i >= a->top)

-			l=w;

-		else

-			l=(a->d[i]+w)&BN_MASK2;

-		a->d[i]=l;

-		if (w > l)

-			w=1;

-		else

-			break;

-		i++;

-		}

-	if (i >= a->top)

-		a->top++;

-	bn_check_top(a);

-	return(1);

-	}

-int BN_sub_word(BIGNUM *a, BN_ULONG w)

-	{

-	int i;

-	bn_check_top(a);

-	w &= BN_MASK2;

-	/* degenerate case: w is zero */

-	if (!w) return 1;

-	/* degenerate case: a is zero */

-	if(BN_is_zero(a))

-		{

-		i = BN_set_word(a,w);

-		if (i != 0)

-			BN_set_negative(a, 1);

-		return i;

-		}

-	/* handle 'a' when negative */

-	if (a->neg)

-		{

-		a->neg=0;

-		i=BN_add_word(a,w);

-		a->neg=1;

-		return(i);

-		}

-	if ((a->top == 1) && (a->d[0] < w))

-		{

-		a->d[0]=w-a->d[0];

-		a->neg=1;

-		return(1);

-		}

-	i=0;

-	for (;;)

-		{

-		if (a->d[i] >= w)

-			{

-			a->d[i]-=w;

-			break;

-			}

-		else

-			{

-			a->d[i]=(a->d[i]-w)&BN_MASK2;

-			i++;

-			w=1;

-			}

-		}

-	if ((a->d[i] == 0) && (i == (a->top-1)))

-		a->top--;

-	bn_check_top(a);

-	return(1);

-	}

-int BN_mul_word(BIGNUM *a, BN_ULONG w)

-	{

-	BN_ULONG ll;

-	bn_check_top(a);

-	w&=BN_MASK2;

-	if (a->top)

-		{

-		if (w == 0)

-			BN_zero(a);

-		else

-			{

-			ll=bn_mul_words(a->d,a->d,a->top,w);

-			if (ll)

-				{

-				if (bn_wexpand(a,a->top+1) == NULL) return(0);

-				a->d[a->top++]=ll;

-				}

-			}

-		}

-	bn_check_top(a);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bnspeed.c

+++ /dev/null

@@ -1,233 +1,0 @@

-/* unused */

-/* crypto/bn/bnspeed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* most of this code has been pilfered from my libdes speed.c program */

-#define BASENUM	1000000

-#undef PROG

-#define PROG bnspeed_main

-#include <stdio.h>

-#include <stdlib.h>

-#include <signal.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/bn.h>

-#include <openssl/x509.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# ifndef CLK_TCK

-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */

-#   define HZ	100.0

-#  else /* _BSD_CLK_TCK_ */

-#   define HZ ((double)_BSD_CLK_TCK_)

-#  endif

-# else /* CLK_TCK */

-#  define HZ ((double)CLK_TCK)

-# endif

-#endif

-#undef BUFSIZE

-#define BUFSIZE	((long)1024*8)

-int run=0;

-static double Time_F(int s);

-#define START	0

-#define STOP	1

-static double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret < 1e-3)?1e-3:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-		return((ret < 0.001)?0.001:ret);

-		}

-#endif

-	}

-#define NUM_SIZES	5

-static int sizes[NUM_SIZES]={128,256,512,1024,2048};

-/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */

-void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);

-int main(int argc, char **argv)

-	{

-	BN_CTX *ctx;

-	BIGNUM a,b,c;

-	ctx=BN_CTX_new();

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	do_mul(&a,&b,&c,ctx);

-	}

-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

-	{

-	int i,j,k;

-	double tm;

-	long num;

-	for (i=0; i<NUM_SIZES; i++)

-		{

-		num=BASENUM;

-		if (i) num/=(i*3);

-		BN_rand(a,sizes[i],1,0);

-		for (j=i; j<NUM_SIZES; j++)

-			{

-			BN_rand(b,sizes[j],1,0);

-			Time_F(START);

-			for (k=0; k<num; k++)

-				BN_mul(r,b,a,ctx);

-			tm=Time_F(STOP);

-			printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);

-			}

-		}

-	for (i=0; i<NUM_SIZES; i++)

-		{

-		num=BASENUM;

-		if (i) num/=(i*3);

-		BN_rand(a,sizes[i],1,0);

-		Time_F(START);

-		for (k=0; k<num; k++)

-			BN_sqr(r,a,ctx);

-		tm=Time_F(STOP);

-		printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);

-		}

-	for (i=0; i<NUM_SIZES; i++)

-		{

-		num=BASENUM/10;

-		if (i) num/=(i*3);

-		BN_rand(a,sizes[i]-1,1,0);

-		for (j=i; j<NUM_SIZES; j++)

-			{

-			BN_rand(b,sizes[j],1,0);

-			Time_F(START);

-			for (k=0; k<100000; k++)

-				BN_div(r, NULL, b, a,ctx);

-			tm=Time_F(STOP);

-			printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);

-			}

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/bntest.c

+++ /dev/null

@@ -1,2011 +1,0 @@

-/* crypto/bn/bntest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the Eric Young open source

- * license provided above.

- *

- * The binary polynomial arithmetic software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "e_os.h"

-#include <openssl/bio.h>

-#include <openssl/bn.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/err.h>

-const int num0 = 100; /* number of tests */

-const int num1 = 50;  /* additional tests for some functions */

-const int num2 = 5;   /* number of tests for slow functions */

-int test_add(BIO *bp);

-int test_sub(BIO *bp);

-int test_lshift1(BIO *bp);

-int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);

-int test_rshift1(BIO *bp);

-int test_rshift(BIO *bp,BN_CTX *ctx);

-int test_div(BIO *bp,BN_CTX *ctx);

-int test_div_word(BIO *bp);

-int test_div_recp(BIO *bp,BN_CTX *ctx);

-int test_mul(BIO *bp);

-int test_sqr(BIO *bp,BN_CTX *ctx);

-int test_mont(BIO *bp,BN_CTX *ctx);

-int test_mod(BIO *bp,BN_CTX *ctx);

-int test_mod_mul(BIO *bp,BN_CTX *ctx);

-int test_mod_exp(BIO *bp,BN_CTX *ctx);

-int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);

-int test_exp(BIO *bp,BN_CTX *ctx);

-int test_gf2m_add(BIO *bp);

-int test_gf2m_mod(BIO *bp);

-int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);

-int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);

-int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);

-int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);

-int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);

-int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);

-int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);

-int test_kron(BIO *bp,BN_CTX *ctx);

-int test_sqrt(BIO *bp,BN_CTX *ctx);

-int rand_neg(void);

-static int results=0;

-static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"

-"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-static void message(BIO *out, char *m)

-	{

-	fprintf(stderr, "test %s\n", m);

-	BIO_puts(out, "print \"test ");

-	BIO_puts(out, m);

-	BIO_puts(out, "\\n\"\n");

-	}

-int main(int argc, char *argv[])

-	{

-	BN_CTX *ctx;

-	BIO *out;

-	char *outfile=NULL;

-	results = 0;

-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if (strcmp(*argv,"-results") == 0)

-			results=1;

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) break;

-			outfile= *(++argv);

-			}

-		argc--;

-		argv++;

-		}

-	ctx=BN_CTX_new();

-	if (ctx == NULL) EXIT(1);

-	out=BIO_new(BIO_s_file());

-	if (out == NULL) EXIT(1);

-	if (outfile == NULL)

-		{

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-		}

-	else

-		{

-		if (!BIO_write_filename(out,outfile))

-			{

-			perror(outfile);

-			EXIT(1);

-			}

-		}

-	if (!results)

-		BIO_puts(out,"obase=16\nibase=16\n");

-	message(out,"BN_add");

-	if (!test_add(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_sub");

-	if (!test_sub(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_lshift1");

-	if (!test_lshift1(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_lshift (fixed)");

-	if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))

-	    goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_lshift");

-	if (!test_lshift(out,ctx,NULL)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_rshift1");

-	if (!test_rshift1(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_rshift");

-	if (!test_rshift(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_sqr");

-	if (!test_sqr(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mul");

-	if (!test_mul(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_div");

-	if (!test_div(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_div_word");

-	if (!test_div_word(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_div_recp");

-	if (!test_div_recp(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mod");

-	if (!test_mod(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mod_mul");

-	if (!test_mod_mul(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mont");

-	if (!test_mont(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mod_exp");

-	if (!test_mod_exp(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mod_exp_mont_consttime");

-	if (!test_mod_exp_mont_consttime(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_exp");

-	if (!test_exp(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_kronecker");

-	if (!test_kron(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_mod_sqrt");

-	if (!test_sqrt(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_add");

-	if (!test_gf2m_add(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod");

-	if (!test_gf2m_mod(out)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_mul");

-	if (!test_gf2m_mod_mul(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_sqr");

-	if (!test_gf2m_mod_sqr(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_inv");

-	if (!test_gf2m_mod_inv(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_div");

-	if (!test_gf2m_mod_div(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_exp");

-	if (!test_gf2m_mod_exp(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_sqrt");

-	if (!test_gf2m_mod_sqrt(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	message(out,"BN_GF2m_mod_solve_quad");

-	if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;

-	(void)BIO_flush(out);

-	BN_CTX_free(ctx);

-	BIO_free(out);

-/**/

-	EXIT(0);

-err:

-	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices

-	                      * the failure, see test_bn in test/Makefile.ssl*/

-	(void)BIO_flush(out);

-	ERR_load_crypto_strings();

-	ERR_print_errors_fp(stderr);

-	EXIT(1);

-	return(1);

-	}

-int test_add(BIO *bp)

-	{

-	BIGNUM a,b,c;

-	int i;

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	BN_bntest_rand(&a,512,0,0);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(&b,450+i,0,0);

-		a.neg=rand_neg();

-		b.neg=rand_neg();

-		BN_add(&c,&a,&b);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," + ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-		a.neg=!a.neg;

-		b.neg=!b.neg;

-		BN_add(&c,&c,&b);

-		BN_add(&c,&c,&a);

-		if(!BN_is_zero(&c))

-		    {

-		    fprintf(stderr,"Add test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	return(1);

-	}

-int test_sub(BIO *bp)

-	{

-	BIGNUM a,b,c;

-	int i;

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	for (i=0; i<num0+num1; i++)

-		{

-		if (i < num1)

-			{

-			BN_bntest_rand(&a,512,0,0);

-			BN_copy(&b,&a);

-			if (BN_set_bit(&a,i)==0) return(0);

-			BN_add_word(&b,i);

-			}

-		else

-			{

-			BN_bntest_rand(&b,400+i-num1,0,0);

-			a.neg=rand_neg();

-			b.neg=rand_neg();

-			}

-		BN_sub(&c,&a,&b);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," - ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-		BN_add(&c,&c,&b);

-		BN_sub(&c,&c,&a);

-		if(!BN_is_zero(&c))

-		    {

-		    fprintf(stderr,"Subtract test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	return(1);

-	}

-int test_div(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM a,b,c,d,e;

-	int i;

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	BN_init(&d);

-	BN_init(&e);

-	for (i=0; i<num0+num1; i++)

-		{

-		if (i < num1)

-			{

-			BN_bntest_rand(&a,400,0,0);

-			BN_copy(&b,&a);

-			BN_lshift(&a,&a,i);

-			BN_add_word(&a,i);

-			}

-		else

-			BN_bntest_rand(&b,50+3*(i-num1),0,0);

-		a.neg=rand_neg();

-		b.neg=rand_neg();

-		BN_div(&d,&c,&a,&b,ctx);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," / ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&d);

-			BIO_puts(bp,"\n");

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," % ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-		BN_mul(&e,&d,&b,ctx);

-		BN_add(&d,&e,&c);

-		BN_sub(&d,&d,&a);

-		if(!BN_is_zero(&d))

-		    {

-		    fprintf(stderr,"Division test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	BN_free(&d);

-	BN_free(&e);

-	return(1);

-	}

-static void print_word(BIO *bp,BN_ULONG w)

-	{

-#ifdef SIXTY_FOUR_BIT

-	if (sizeof(w) > sizeof(unsigned long))

-		{

-		unsigned long	h=(unsigned long)(w>>32),

-				l=(unsigned long)(w);

-		if (h)	BIO_printf(bp,"%lX%08lX",h,l);

-		else	BIO_printf(bp,"%lX",l);

-		return;

-		}

-#endif

-	BIO_printf(bp,"%lX",w);

-	}

-int test_div_word(BIO *bp)

-	{

-	BIGNUM   a,b;

-	BN_ULONG r,s;

-	int i;

-	BN_init(&a);

-	BN_init(&b);

-	for (i=0; i<num0; i++)

-		{

-		do {

-			BN_bntest_rand(&a,512,-1,0);

-			BN_bntest_rand(&b,BN_BITS2,-1,0);

-			s = b.d[0];

-		} while (!s);

-		BN_copy(&b, &a);

-		r = BN_div_word(&b, s);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," / ");

-				print_word(bp,s);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&b);

-			BIO_puts(bp,"\n");

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," % ");

-				print_word(bp,s);

-				BIO_puts(bp," - ");

-				}

-			print_word(bp,r);

-			BIO_puts(bp,"\n");

-			}

-		BN_mul_word(&b,s);

-		BN_add_word(&b,r);

-		BN_sub(&b,&a,&b);

-		if(!BN_is_zero(&b))

-		    {

-		    fprintf(stderr,"Division (word) test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&b);

-	return(1);

-	}

-int test_div_recp(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM a,b,c,d,e;

-	BN_RECP_CTX recp;

-	int i;

-	BN_RECP_CTX_init(&recp);

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	BN_init(&d);

-	BN_init(&e);

-	for (i=0; i<num0+num1; i++)

-		{

-		if (i < num1)

-			{

-			BN_bntest_rand(&a,400,0,0);

-			BN_copy(&b,&a);

-			BN_lshift(&a,&a,i);

-			BN_add_word(&a,i);

-			}

-		else

-			BN_bntest_rand(&b,50+3*(i-num1),0,0);

-		a.neg=rand_neg();

-		b.neg=rand_neg();

-		BN_RECP_CTX_set(&recp,&b,ctx);

-		BN_div_recp(&d,&c,&a,&recp,ctx);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," / ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&d);

-			BIO_puts(bp,"\n");

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," % ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-		BN_mul(&e,&d,&b,ctx);

-		BN_add(&d,&e,&c);

-		BN_sub(&d,&d,&a);

-		if(!BN_is_zero(&d))

-		    {

-		    fprintf(stderr,"Reciprocal division test failed!\n");

-		    fprintf(stderr,"a=");

-		    BN_print_fp(stderr,&a);

-		    fprintf(stderr,"\nb=");

-		    BN_print_fp(stderr,&b);

-		    fprintf(stderr,"\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	BN_free(&d);

-	BN_free(&e);

-	BN_RECP_CTX_free(&recp);

-	return(1);

-	}

-int test_mul(BIO *bp)

-	{

-	BIGNUM a,b,c,d,e;

-	int i;

-	BN_CTX *ctx;

-	ctx = BN_CTX_new();

-	if (ctx == NULL) EXIT(1);

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	BN_init(&d);

-	BN_init(&e);

-	for (i=0; i<num0+num1; i++)

-		{

-		if (i <= num1)

-			{

-			BN_bntest_rand(&a,100,0,0);

-			BN_bntest_rand(&b,100,0,0);

-			}

-		else

-			BN_bntest_rand(&b,i-num1,0,0);

-		a.neg=rand_neg();

-		b.neg=rand_neg();

-		BN_mul(&c,&a,&b,ctx);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," * ");

-				BN_print(bp,&b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-		BN_div(&d,&e,&c,&a,ctx);

-		BN_sub(&d,&d,&b);

-		if(!BN_is_zero(&d) || !BN_is_zero(&e))

-		    {

-		    fprintf(stderr,"Multiplication test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	BN_free(&d);

-	BN_free(&e);

-	BN_CTX_free(ctx);

-	return(1);

-	}

-int test_sqr(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM a,c,d,e;

-	int i;

-	BN_init(&a);

-	BN_init(&c);

-	BN_init(&d);

-	BN_init(&e);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(&a,40+i*10,0,0);

-		a.neg=rand_neg();

-		BN_sqr(&c,&a,ctx);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," * ");

-				BN_print(bp,&a);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-		BN_div(&d,&e,&c,&a,ctx);

-		BN_sub(&d,&d,&a);

-		if(!BN_is_zero(&d) || !BN_is_zero(&e))

-		    {

-		    fprintf(stderr,"Square test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(&a);

-	BN_free(&c);

-	BN_free(&d);

-	BN_free(&e);

-	return(1);

-	}

-int test_mont(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM a,b,c,d,A,B;

-	BIGNUM n;

-	int i;

-	BN_MONT_CTX *mont;

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	BN_init(&d);

-	BN_init(&A);

-	BN_init(&B);

-	BN_init(&n);

-	mont=BN_MONT_CTX_new();

-	BN_bntest_rand(&a,100,0,0); /**/

-	BN_bntest_rand(&b,100,0,0); /**/

-	for (i=0; i<num2; i++)

-		{

-		int bits = (200*(i+1))/num2;

-		if (bits == 0)

-			continue;

-		BN_bntest_rand(&n,bits,0,1);

-		BN_MONT_CTX_set(mont,&n,ctx);

-		BN_nnmod(&a,&a,&n,ctx);

-		BN_nnmod(&b,&b,&n,ctx);

-		BN_to_montgomery(&A,&a,mont,ctx);

-		BN_to_montgomery(&B,&b,mont,ctx);

-		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/

-		BN_from_montgomery(&A,&c,mont,ctx);/**/

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-#ifdef undef

-fprintf(stderr,"%d * %d %% %d\n",

-BN_num_bits(&a),

-BN_num_bits(&b),

-BN_num_bits(mont->N));

-#endif

-				BN_print(bp,&a);

-				BIO_puts(bp," * ");

-				BN_print(bp,&b);

-				BIO_puts(bp," % ");

-				BN_print(bp,&(mont->N));

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,&A);

-			BIO_puts(bp,"\n");

-			}

-		BN_mod_mul(&d,&a,&b,&n,ctx);

-		BN_sub(&d,&d,&A);

-		if(!BN_is_zero(&d))

-		    {

-		    fprintf(stderr,"Montgomery multiplication test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_MONT_CTX_free(mont);

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	BN_free(&d);

-	BN_free(&A);

-	BN_free(&B);

-	BN_free(&n);

-	return(1);

-	}

-int test_mod(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*c,*d,*e;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	BN_bntest_rand(a,1024,0,0); /**/

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(b,450+i*10,0,0); /**/

-		a->neg=rand_neg();

-		b->neg=rand_neg();

-		BN_mod(c,a,b,ctx);/**/

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," % ");

-				BN_print(bp,b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,c);

-			BIO_puts(bp,"\n");

-			}

-		BN_div(d,e,a,b,ctx);

-		BN_sub(e,e,c);

-		if(!BN_is_zero(e))

-		    {

-		    fprintf(stderr,"Modulo test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return(1);

-	}

-int test_mod_mul(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*c,*d,*e;

-	int i,j;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	for (j=0; j<3; j++) {

-	BN_bntest_rand(c,1024,0,0); /**/

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a,475+i*10,0,0); /**/

-		BN_bntest_rand(b,425+i*11,0,0); /**/

-		a->neg=rand_neg();

-		b->neg=rand_neg();

-		if (!BN_mod_mul(e,a,b,c,ctx))

-			{

-			unsigned long l;

-			while ((l=ERR_get_error()))

-				fprintf(stderr,"ERROR:%s\n",

-					ERR_error_string(l,NULL));

-			EXIT(1);

-			}

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," * ");

-				BN_print(bp,b);

-				BIO_puts(bp," % ");

-				BN_print(bp,c);

-				if ((a->neg ^ b->neg) && !BN_is_zero(e))

-					{

-					/* If  (a*b) % c  is negative,  c  must be added

-					 * in order to obtain the normalized remainder

-					 * (new with OpenSSL 0.9.7, previous versions of

-					 * BN_mod_mul could generate negative results)

-					 */

-					BIO_puts(bp," + ");

-					BN_print(bp,c);

-					}

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,e);

-			BIO_puts(bp,"\n");

-			}

-		BN_mul(d,a,b,ctx);

-		BN_sub(d,d,e);

-		BN_div(a,b,d,c,ctx);

-		if(!BN_is_zero(b))

-		    {

-		    fprintf(stderr,"Modulo multiply test failed!\n");

-		    ERR_print_errors_fp(stderr);

-		    return 0;

-		    }

-		}

-	}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return(1);

-	}

-int test_mod_exp(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*c,*d,*e;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */

-	for (i=0; i<num2; i++)

-		{

-		BN_bntest_rand(a,20+i*5,0,0); /**/

-		BN_bntest_rand(b,2+i,0,0); /**/

-		if (!BN_mod_exp(d,a,b,c,ctx))

-			return(00);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," ^ ");

-				BN_print(bp,b);

-				BIO_puts(bp," % ");

-				BN_print(bp,c);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,d);

-			BIO_puts(bp,"\n");

-			}

-		BN_exp(e,a,b,ctx);

-		BN_sub(e,e,d);

-		BN_div(a,b,e,c,ctx);

-		if(!BN_is_zero(b))

-		    {

-		    fprintf(stderr,"Modulo exponentiation test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return(1);

-	}

-int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*c,*d,*e;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */

-	for (i=0; i<num2; i++)

-		{

-		BN_bntest_rand(a,20+i*5,0,0); /**/

-		BN_bntest_rand(b,2+i,0,0); /**/

-		if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))

-			return(00);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," ^ ");

-				BN_print(bp,b);

-				BIO_puts(bp," % ");

-				BN_print(bp,c);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,d);

-			BIO_puts(bp,"\n");

-			}

-		BN_exp(e,a,b,ctx);

-		BN_sub(e,e,d);

-		BN_div(a,b,e,c,ctx);

-		if(!BN_is_zero(b))

-		    {

-		    fprintf(stderr,"Modulo exponentiation test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return(1);

-	}

-int test_exp(BIO *bp, BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*d,*e,*one;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	d=BN_new();

-	e=BN_new();

-	one=BN_new();

-	BN_one(one);

-	for (i=0; i<num2; i++)

-		{

-		BN_bntest_rand(a,20+i*5,0,0); /**/

-		BN_bntest_rand(b,2+i,0,0); /**/

-		if (!BN_exp(d,a,b,ctx))

-			return(00);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," ^ ");

-				BN_print(bp,b);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,d);

-			BIO_puts(bp,"\n");

-			}

-		BN_one(e);

-		for( ; !BN_is_zero(b) ; BN_sub(b,b,one))

-		    BN_mul(e,e,a,ctx);

-		BN_sub(e,e,d);

-		if(!BN_is_zero(e))

-		    {

-		    fprintf(stderr,"Exponentiation test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(d);

-	BN_free(e);

-	BN_free(one);

-	return(1);

-	}

-int test_gf2m_add(BIO *bp)

-	{

-	BIGNUM a,b,c;

-	int i, ret = 0;

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	for (i=0; i<num0; i++)

-		{

-		BN_rand(&a,512,0,0);

-		BN_copy(&b, BN_value_one());

-		a.neg=rand_neg();

-		b.neg=rand_neg();

-		BN_GF2m_add(&c,&a,&b);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,&a);

-				BIO_puts(bp," ^ ");

-				BN_print(bp,&b);

-				BIO_puts(bp," = ");

-				}

-			BN_print(bp,&c);

-			BIO_puts(bp,"\n");

-			}

-#endif

-		/* Test that two added values have the correct parity. */

-		if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))

-			{

-		    fprintf(stderr,"GF(2^m) addition test (a) failed!\n");

-			goto err;

-			}

-		BN_GF2m_add(&c,&c,&c);

-		/* Test that c + c = 0. */

-		if(!BN_is_zero(&c))

-		    {

-		    fprintf(stderr,"GF(2^m) addition test (b) failed!\n");

-			goto err;

-		    }

-		}

-	ret = 1;

-  err:

-	BN_free(&a);

-	BN_free(&b);

-	BN_free(&c);

-	return ret;

-	}

-int test_gf2m_mod(BIO *bp)

-	{

-	BIGNUM *a,*b[2],*c,*d,*e;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 1024, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod(c, a, b[j]);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,a);

-					BIO_puts(bp," % ");

-					BN_print(bp,b[j]);

-					BIO_puts(bp," - ");

-					BN_print(bp,c);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			BN_GF2m_add(d, a, c);

-			BN_GF2m_mod(e, d, b[j]);

-			/* Test that a + (a mod p) mod p == 0. */

-			if(!BN_is_zero(e))

-				{

-				fprintf(stderr,"GF(2^m) modulo test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return ret;

-	}

-int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	f=BN_new();

-	g=BN_new();

-	h=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 1024, 0, 0);

-		BN_bntest_rand(c, 1024, 0, 0);

-		BN_bntest_rand(d, 1024, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod_mul(e, a, c, b[j], ctx);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,a);

-					BIO_puts(bp," * ");

-					BN_print(bp,c);

-					BIO_puts(bp," % ");

-					BN_print(bp,b[j]);

-					BIO_puts(bp," - ");

-					BN_print(bp,e);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			BN_GF2m_add(f, a, d);

-			BN_GF2m_mod_mul(g, f, c, b[j], ctx);

-			BN_GF2m_mod_mul(h, d, c, b[j], ctx);

-			BN_GF2m_add(f, e, g);

-			BN_GF2m_add(f, f, h);

-			/* Test that (a+d)*c = a*c + d*c. */

-			if(!BN_is_zero(f))

-				{

-				fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	BN_free(f);

-	BN_free(g);

-	BN_free(h);

-	return ret;

-	}

-int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 1024, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod_sqr(c, a, b[j], ctx);

-			BN_copy(d, a);

-			BN_GF2m_mod_mul(d, a, d, b[j], ctx);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,a);

-					BIO_puts(bp," ^ 2 % ");

-					BN_print(bp,b[j]);

-					BIO_puts(bp, " = ");

-					BN_print(bp,c);

-					BIO_puts(bp,"; a * a = ");

-					BN_print(bp,d);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			BN_GF2m_add(d, c, d);

-			/* Test that a*a = a^2. */

-			if(!BN_is_zero(d))

-				{

-				fprintf(stderr,"GF(2^m) modular squaring test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	return ret;

-	}

-int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 512, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod_inv(c, a, b[j], ctx);

-			BN_GF2m_mod_mul(d, a, c, b[j], ctx);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,a);

-					BIO_puts(bp, " * ");

-					BN_print(bp,c);

-					BIO_puts(bp," - 1 % ");

-					BN_print(bp,b[j]);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			/* Test that ((1/a)*a) = 1. */

-			if(!BN_is_one(d))

-				{

-				fprintf(stderr,"GF(2^m) modular inversion test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	return ret;

-	}

-int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d,*e,*f;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	f=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 512, 0, 0);

-		BN_bntest_rand(c, 512, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod_div(d, a, c, b[j], ctx);

-			BN_GF2m_mod_mul(e, d, c, b[j], ctx);

-			BN_GF2m_mod_div(f, a, e, b[j], ctx);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,a);

-					BIO_puts(bp, " = ");

-					BN_print(bp,c);

-					BIO_puts(bp," * ");

-					BN_print(bp,d);

-					BIO_puts(bp, " % ");

-					BN_print(bp,b[j]);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			/* Test that ((a/c)*c)/a = 1. */

-			if(!BN_is_one(f))

-				{

-				fprintf(stderr,"GF(2^m) modular division test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	BN_free(f);

-	return ret;

-	}

-int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d,*e,*f;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	f=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 512, 0, 0);

-		BN_bntest_rand(c, 512, 0, 0);

-		BN_bntest_rand(d, 512, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod_exp(e, a, c, b[j], ctx);

-			BN_GF2m_mod_exp(f, a, d, b[j], ctx);

-			BN_GF2m_mod_mul(e, e, f, b[j], ctx);

-			BN_add(f, c, d);

-			BN_GF2m_mod_exp(f, a, f, b[j], ctx);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,a);

-					BIO_puts(bp, " ^ (");

-					BN_print(bp,c);

-					BIO_puts(bp," + ");

-					BN_print(bp,d);

-					BIO_puts(bp, ") = ");

-					BN_print(bp,e);

-					BIO_puts(bp, "; - ");

-					BN_print(bp,f);

-					BIO_puts(bp, " % ");

-					BN_print(bp,b[j]);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			BN_GF2m_add(f, e, f);

-			/* Test that a^(c+d)=a^c*a^d. */

-			if(!BN_is_zero(f))

-				{

-				fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	BN_free(f);

-	return ret;

-	}

-int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d,*e,*f;

-	int i, j, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	f=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 512, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			BN_GF2m_mod(c, a, b[j]);

-			BN_GF2m_mod_sqrt(d, a, b[j], ctx);

-			BN_GF2m_mod_sqr(e, d, b[j], ctx);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-			if (bp != NULL)

-				{

-				if (!results)

-					{

-					BN_print(bp,d);

-					BIO_puts(bp, " ^ 2 - ");

-					BN_print(bp,a);

-					BIO_puts(bp,"\n");

-					}

-				}

-#endif

-			BN_GF2m_add(f, c, e);

-			/* Test that d^2 = a, where d = sqrt(a). */

-			if(!BN_is_zero(f))

-				{

-				fprintf(stderr,"GF(2^m) modular square root test failed!\n");

-				goto err;

-				}

-			}

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	BN_free(f);

-	return ret;

-	}

-int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b[2],*c,*d,*e;

-	int i, j, s = 0, t, ret = 0;

-	unsigned int p0[] = {163,7,6,3,0};

-	unsigned int p1[] = {193,15,0};

-	a=BN_new();

-	b[0]=BN_new();

-	b[1]=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	BN_GF2m_arr2poly(p0, b[0]);

-	BN_GF2m_arr2poly(p1, b[1]);

-	for (i=0; i<num0; i++)

-		{

-		BN_bntest_rand(a, 512, 0, 0);

-		for (j=0; j < 2; j++)

-			{

-			t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);

-			if (t)

-				{

-				s++;

-				BN_GF2m_mod_sqr(d, c, b[j], ctx);

-				BN_GF2m_add(d, c, d);

-				BN_GF2m_mod(e, a, b[j]);

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-				if (bp != NULL)

-					{

-					if (!results)

-						{

-						BN_print(bp,c);

-						BIO_puts(bp, " is root of z^2 + z = ");

-						BN_print(bp,a);

-						BIO_puts(bp, " % ");

-						BN_print(bp,b[j]);

-						BIO_puts(bp, "\n");

-						}

-					}

-#endif

-				BN_GF2m_add(e, e, d);

-				/* Test that solution of quadratic c satisfies c^2 + c = a. */

-				if(!BN_is_zero(e))

-					{

-					fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");

-					goto err;

-					}

-				}

-			else

-				{

-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */

-				if (bp != NULL)

-					{

-					if (!results)

-						{

-						BIO_puts(bp, "There are no roots of z^2 + z = ");

-						BN_print(bp,a);

-						BIO_puts(bp, " % ");

-						BN_print(bp,b[j]);

-						BIO_puts(bp, "\n");

-						}

-					}

-#endif

-				}

-			}

-		}

-	if (s == 0)

-		{

-		fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);

-		fprintf(stderr,"this is very unlikely and probably indicates an error.\n");

-		goto err;

-		}

-	ret = 1;

-  err:

-	BN_free(a);

-	BN_free(b[0]);

-	BN_free(b[1]);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return ret;

-	}

-static int genprime_cb(int p, int n, BN_GENCB *arg)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	putc(c, stderr);

-	fflush(stderr);

-	return 1;

-	}

-int test_kron(BIO *bp, BN_CTX *ctx)

-	{

-	BN_GENCB cb;

-	BIGNUM *a,*b,*r,*t;

-	int i;

-	int legendre, kronecker;

-	int ret = 0;

-	a = BN_new();

-	b = BN_new();

-	r = BN_new();

-	t = BN_new();

-	if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;

-	BN_GENCB_set(&cb, genprime_cb, NULL);

-	/* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).

-	 * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)

-	 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).

-	 * So we generate a random prime  b  and compare these values

-	 * for a number of random  a's.  (That is, we run the Solovay-Strassen

-	 * primality test to confirm that  b  is prime, except that we

-	 * don't want to test whether  b  is prime but whether BN_kronecker

-	 * works.) */

-	if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;

-	b->neg = rand_neg();

-	putc('\n', stderr);

-	for (i = 0; i < num0; i++)

-		{

-		if (!BN_bntest_rand(a, 512, 0, 0)) goto err;

-		a->neg = rand_neg();

-		/* t := (|b|-1)/2  (note that b is odd) */

-		if (!BN_copy(t, b)) goto err;

-		t->neg = 0;

-		if (!BN_sub_word(t, 1)) goto err;

-		if (!BN_rshift1(t, t)) goto err;

-		/* r := a^t mod b */

-		b->neg=0;

-		if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;

-		b->neg=1;

-		if (BN_is_word(r, 1))

-			legendre = 1;

-		else if (BN_is_zero(r))

-			legendre = 0;

-		else

-			{

-			if (!BN_add_word(r, 1)) goto err;

-			if (0 != BN_ucmp(r, b))

-				{

-				fprintf(stderr, "Legendre symbol computation failed\n");

-				goto err;

-				}

-			legendre = -1;

-			}

-		kronecker = BN_kronecker(a, b, ctx);

-		if (kronecker < -1) goto err;

-		/* we actually need BN_kronecker(a, |b|) */

-		if (a->neg && b->neg)

-			kronecker = -kronecker;

-		if (legendre != kronecker)

-			{

-			fprintf(stderr, "legendre != kronecker; a = ");

-			BN_print_fp(stderr, a);

-			fprintf(stderr, ", b = ");

-			BN_print_fp(stderr, b);

-			fprintf(stderr, "\n");

-			goto err;

-			}

-		putc('.', stderr);

-		fflush(stderr);

-		}

-	putc('\n', stderr);

-	fflush(stderr);

-	ret = 1;

- err:

-	if (a != NULL) BN_free(a);

-	if (b != NULL) BN_free(b);

-	if (r != NULL) BN_free(r);

-	if (t != NULL) BN_free(t);

-	return ret;

-	}

-int test_sqrt(BIO *bp, BN_CTX *ctx)

-	{

-	BN_GENCB cb;

-	BIGNUM *a,*p,*r;

-	int i, j;

-	int ret = 0;

-	a = BN_new();

-	p = BN_new();

-	r = BN_new();

-	if (a == NULL || p == NULL || r == NULL) goto err;

-	BN_GENCB_set(&cb, genprime_cb, NULL);

-	for (i = 0; i < 16; i++)

-		{

-		if (i < 8)

-			{

-			unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };

-			if (!BN_set_word(p, primes[i])) goto err;

-			}

-		else

-			{

-			if (!BN_set_word(a, 32)) goto err;

-			if (!BN_set_word(r, 2*i + 1)) goto err;

-			if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;

-			putc('\n', stderr);

-			}

-		p->neg = rand_neg();

-		for (j = 0; j < num2; j++)

-			{

-			/* construct 'a' such that it is a square modulo p,

-			 * but in general not a proper square and not reduced modulo p */

-			if (!BN_bntest_rand(r, 256, 0, 3)) goto err;

-			if (!BN_nnmod(r, r, p, ctx)) goto err;

-			if (!BN_mod_sqr(r, r, p, ctx)) goto err;

-			if (!BN_bntest_rand(a, 256, 0, 3)) goto err;

-			if (!BN_nnmod(a, a, p, ctx)) goto err;

-			if (!BN_mod_sqr(a, a, p, ctx)) goto err;

-			if (!BN_mul(a, a, r, ctx)) goto err;

-			if (rand_neg())

-				if (!BN_sub(a, a, p)) goto err;

-			if (!BN_mod_sqrt(r, a, p, ctx)) goto err;

-			if (!BN_mod_sqr(r, r, p, ctx)) goto err;

-			if (!BN_nnmod(a, a, p, ctx)) goto err;

-			if (BN_cmp(a, r) != 0)

-				{

-				fprintf(stderr, "BN_mod_sqrt failed: a = ");

-				BN_print_fp(stderr, a);

-				fprintf(stderr, ", r = ");

-				BN_print_fp(stderr, r);

-				fprintf(stderr, ", p = ");

-				BN_print_fp(stderr, p);

-				fprintf(stderr, "\n");

-				goto err;

-				}

-			putc('.', stderr);

-			fflush(stderr);

-			}

-		putc('\n', stderr);

-		fflush(stderr);

-		}

-	ret = 1;

- err:

-	if (a != NULL) BN_free(a);

-	if (p != NULL) BN_free(p);

-	if (r != NULL) BN_free(r);

-	return ret;

-	}

-int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)

-	{

-	BIGNUM *a,*b,*c,*d;

-	int i;

-	b=BN_new();

-	c=BN_new();

-	d=BN_new();

-	BN_one(c);

-	if(a_)

-	    a=a_;

-	else

-	    {

-	    a=BN_new();

-	    BN_bntest_rand(a,200,0,0); /**/

-	    a->neg=rand_neg();

-	    }

-	for (i=0; i<num0; i++)

-		{

-		BN_lshift(b,a,i+1);

-		BN_add(c,c,c);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," * ");

-				BN_print(bp,c);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,b);

-			BIO_puts(bp,"\n");

-			}

-		BN_mul(d,a,c,ctx);

-		BN_sub(d,d,b);

-		if(!BN_is_zero(d))

-		    {

-		    fprintf(stderr,"Left shift test failed!\n");

-		    fprintf(stderr,"a=");

-		    BN_print_fp(stderr,a);

-		    fprintf(stderr,"\nb=");

-		    BN_print_fp(stderr,b);

-		    fprintf(stderr,"\nc=");

-		    BN_print_fp(stderr,c);

-		    fprintf(stderr,"\nd=");

-		    BN_print_fp(stderr,d);

-		    fprintf(stderr,"\n");

-		    return 0;

-		    }

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	BN_free(d);

-	return(1);

-	}

-int test_lshift1(BIO *bp)

-	{

-	BIGNUM *a,*b,*c;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	BN_bntest_rand(a,200,0,0); /**/

-	a->neg=rand_neg();

-	for (i=0; i<num0; i++)

-		{

-		BN_lshift1(b,a);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," * 2");

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,b);

-			BIO_puts(bp,"\n");

-			}

-		BN_add(c,a,a);

-		BN_sub(a,b,c);

-		if(!BN_is_zero(a))

-		    {

-		    fprintf(stderr,"Left shift one test failed!\n");

-		    return 0;

-		    }

-		BN_copy(a,b);

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	return(1);

-	}

-int test_rshift(BIO *bp,BN_CTX *ctx)

-	{

-	BIGNUM *a,*b,*c,*d,*e;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	d=BN_new();

-	e=BN_new();

-	BN_one(c);

-	BN_bntest_rand(a,200,0,0); /**/

-	a->neg=rand_neg();

-	for (i=0; i<num0; i++)

-		{

-		BN_rshift(b,a,i+1);

-		BN_add(c,c,c);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," / ");

-				BN_print(bp,c);

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,b);

-			BIO_puts(bp,"\n");

-			}

-		BN_div(d,e,a,c,ctx);

-		BN_sub(d,d,b);

-		if(!BN_is_zero(d))

-		    {

-		    fprintf(stderr,"Right shift test failed!\n");

-		    return 0;

-		    }

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	BN_free(d);

-	BN_free(e);

-	return(1);

-	}

-int test_rshift1(BIO *bp)

-	{

-	BIGNUM *a,*b,*c;

-	int i;

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	BN_bntest_rand(a,200,0,0); /**/

-	a->neg=rand_neg();

-	for (i=0; i<num0; i++)

-		{

-		BN_rshift1(b,a);

-		if (bp != NULL)

-			{

-			if (!results)

-				{

-				BN_print(bp,a);

-				BIO_puts(bp," / 2");

-				BIO_puts(bp," - ");

-				}

-			BN_print(bp,b);

-			BIO_puts(bp,"\n");

-			}

-		BN_sub(c,a,b);

-		BN_sub(c,c,b);

-		if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))

-		    {

-		    fprintf(stderr,"Right shift one test failed!\n");

-		    return 0;

-		    }

-		BN_copy(a,b);

-		}

-	BN_free(a);

-	BN_free(b);

-	BN_free(c);

-	return(1);

-	}

-int rand_neg(void)

-	{

-	static unsigned int neg=0;

-	static int sign[8]={0,0,0,1,1,0,1,1};

-	return(sign[(neg++)%8]);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/divtest.c

+++ /dev/null

@@ -1,41 +1,0 @@

-#include <openssl/bn.h>

-#include <openssl/rand.h>

-static int Rand(n)

-{

-    unsigned char x[2];

-    RAND_pseudo_bytes(x,2);

-    return (x[0] + 2*x[1]);

-}

-static void bug(char *m, BIGNUM *a, BIGNUM *b)

-{

-    printf("%s!\na=",m);

-    BN_print_fp(stdout, a);

-    printf("\nb=");

-    BN_print_fp(stdout, b);

-    printf("\n");

-    fflush(stdout);

-}

-main()

-{

-    BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),

-	*C=BN_new(), *D=BN_new();

-    BN_RECP_CTX *recp=BN_RECP_CTX_new();

-    BN_CTX *ctx=BN_CTX_new();

-    for(;;) {

-	BN_pseudo_rand(a,Rand(),0,0);

-	BN_pseudo_rand(b,Rand(),0,0);

-	if (BN_is_zero(b)) continue;

-	BN_RECP_CTX_set(recp,b,ctx);

-	if (BN_div(C,D,a,b,ctx) != 1)

-	    bug("BN_div failed",a,b);

-	if (BN_div_recp(c,d,a,recp,ctx) != 1)

-	    bug("BN_div_recp failed",a,b);

-	else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)

-	    bug("mismatch",a,b);

-    }

-}

--- a/sys/src/ape/lib/openssl/crypto/bn/exp.c

+++ /dev/null

@@ -1,62 +1,0 @@

-/* unused */

-#include <stdio.h>

-#include <openssl/tmdiff.h>

-#include "bn_lcl.h"

-#define SIZE	256

-#define NUM	(8*8*8)

-#define MOD	(8*8*8*8*8)

-main(argc,argv)

-int argc;

-char *argv[];

-	{

-	BN_CTX ctx;

-	BIGNUM a,b,c,r,rr,t,l;

-	int j,i,size=SIZE,num=NUM,mod=MOD;

-	char *start,*end;

-	BN_MONT_CTX mont;

-	double d,md;

-	BN_MONT_CTX_init(&mont);

-	BN_CTX_init(&ctx);

-	BN_init(&a);

-	BN_init(&b);

-	BN_init(&c);

-	BN_init(&r);

-	start=ms_time_new();

-	end=ms_time_new();

-	while (size <= 1024*8)

-		{

-		BN_rand(&a,size,0,0);

-		BN_rand(&b,size,1,0);

-		BN_rand(&c,size,0,1);

-		BN_mod(&a,&a,&c,&ctx);

-		ms_time_get(start);

-		for (i=0; i<10; i++)

-			BN_MONT_CTX_set(&mont,&c,&ctx);

-		ms_time_get(end);

-		md=ms_time_diff(start,end);

-		ms_time_get(start);

-		for (i=0; i<num; i++)

-			{

-			/* bn_mull(&r,&a,&b,&ctx); */

-			/* BN_sqr(&r,&a,&ctx); */

-			BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);

-			}

-		ms_time_get(end);

-		d=ms_time_diff(start,end)/* *50/33 */;

-		printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,

-			d,num,d/num,(int)((d/num)*mod),md/10.0);

-		num/=8;

-		mod/=8;

-		if (num <= 0) num=1;

-		size*=2;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/expspeed.c

+++ /dev/null

@@ -1,353 +1,0 @@

-/* unused */

-/* crypto/bn/expspeed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* most of this code has been pilfered from my libdes speed.c program */

-#define BASENUM	5000

-#define NUM_START 0

-/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,

- * modular inverse, or modular square roots */

-#define TEST_EXP

-#undef TEST_MUL

-#undef TEST_SQR

-#undef TEST_GCD

-#undef TEST_KRON

-#undef TEST_INV

-#undef TEST_SQRT

-#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */

-#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1

-#  error "choose one test"

-#endif

-#if defined(TEST_INV) || defined(TEST_SQRT)

-#  define C_PRIME

-static void genprime_cb(int p, int n, void *arg);

-#endif

-#undef PROG

-#define PROG bnspeed_main

-#include <stdio.h>

-#include <stdlib.h>

-#include <signal.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/bn.h>

-#include <openssl/x509.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# ifndef CLK_TCK

-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */

-#   define HZ	100.0

-#  else /* _BSD_CLK_TCK_ */

-#   define HZ ((double)_BSD_CLK_TCK_)

-#  endif

-# else /* CLK_TCK */

-#  define HZ ((double)CLK_TCK)

-# endif

-#endif

-#undef BUFSIZE

-#define BUFSIZE	((long)1024*8)

-int run=0;

-static double Time_F(int s);

-#define START	0

-#define STOP	1

-static double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret < 1e-3)?1e-3:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-		return((ret < 0.001)?0.001:ret);

-		}

-#endif

-	}

-#define NUM_SIZES	7

-#if NUM_START > NUM_SIZES

-#   error "NUM_START > NUM_SIZES"

-#endif

-static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};

-static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};

-/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */

-#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }

-void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx);

-int main(int argc, char **argv)

-	{

-	BN_CTX *ctx;

-	BIGNUM *a,*b,*c,*r;

-#if 1

-	if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))

-		abort();

-#endif

-	ctx=BN_CTX_new();

-	a=BN_new();

-	b=BN_new();

-	c=BN_new();

-	r=BN_new();

-	while (!RAND_status())

-		/* not enough bits */

-		RAND_SEED("I demand a manual recount!");

-	do_mul_exp(r,a,b,c,ctx);

-	return 0;

-	}

-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)

-	{

-	int i,k;

-	double tm;

-	long num;

-	num=BASENUM;

-	for (i=NUM_START; i<NUM_SIZES; i++)

-		{

-#ifdef C_PRIME

-#  ifdef TEST_SQRT

-		if (!BN_set_word(a, 64)) goto err;

-		if (!BN_set_word(b, P_MOD_64)) goto err;

-#    define ADD a

-#    define REM b

-#  else

-#    define ADD NULL

-#    define REM NULL

-#  endif

-		if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;

-		putc('\n', stderr);

-		fflush(stderr);

-#endif

-		for (k=0; k<num; k++)

-			{

-			if (k%50 == 0) /* Average over num/50 different choices of random numbers. */

-				{

-				if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;

-				if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;

-#ifndef C_PRIME

-				if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;

-#endif

-#ifdef TEST_SQRT

-				if (!BN_mod_sqr(a,a,c,ctx)) goto err;

-				if (!BN_mod_sqr(b,b,c,ctx)) goto err;

-#else

-				if (!BN_nnmod(a,a,c,ctx)) goto err;

-				if (!BN_nnmod(b,b,c,ctx)) goto err;

-#endif

-				if (k == 0)

-					Time_F(START);

-				}

-#if defined(TEST_EXP)

-			if (!BN_mod_exp(r,a,b,c,ctx)) goto err;

-#elif defined(TEST_MUL)

-			{

-			int i = 0;

-			for (i = 0; i < 50; i++)

-				if (!BN_mod_mul(r,a,b,c,ctx)) goto err;

-			}

-#elif defined(TEST_SQR)

-			{

-			int i = 0;

-			for (i = 0; i < 50; i++)

-				{

-				if (!BN_mod_sqr(r,a,c,ctx)) goto err;

-				if (!BN_mod_sqr(r,b,c,ctx)) goto err;

-				}

-			}

-#elif defined(TEST_GCD)

-			if (!BN_gcd(r,a,b,ctx)) goto err;

-			if (!BN_gcd(r,b,c,ctx)) goto err;

-			if (!BN_gcd(r,c,a,ctx)) goto err;

-#elif defined(TEST_KRON)

-			if (-2 == BN_kronecker(a,b,ctx)) goto err;

-			if (-2 == BN_kronecker(b,c,ctx)) goto err;

-			if (-2 == BN_kronecker(c,a,ctx)) goto err;

-#elif defined(TEST_INV)

-			if (!BN_mod_inverse(r,a,c,ctx)) goto err;

-			if (!BN_mod_inverse(r,b,c,ctx)) goto err;

-#else /* TEST_SQRT */

-			if (!BN_mod_sqrt(r,a,c,ctx)) goto err;

-			if (!BN_mod_sqrt(r,b,c,ctx)) goto err;

-#endif

-			}

-		tm=Time_F(STOP);

-		printf(

-#if defined(TEST_EXP)

-			"modexp %4d ^ %4d %% %4d"

-#elif defined(TEST_MUL)

-			"50*modmul %4d %4d %4d"

-#elif defined(TEST_SQR)

-			"100*modsqr %4d %4d %4d"

-#elif defined(TEST_GCD)

-			"3*gcd %4d %4d %4d"

-#elif defined(TEST_KRON)

-			"3*kronecker %4d %4d %4d"

-#elif defined(TEST_INV)

-			"2*inv %4d %4d mod %4d"

-#else /* TEST_SQRT */

-			"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"

-#endif

-			" -> %8.6fms %5.1f (%ld)\n",

-#ifdef TEST_SQRT

-			P_MOD_64,

-#endif

-			sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);

-		num/=7;

-		if (num <= 0) num=1;

-		}

-	return;

- err:

-	ERR_print_errors_fp(stderr);

-	}

-#ifdef C_PRIME

-static void genprime_cb(int p, int n, void *arg)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	putc(c, stderr);

-	fflush(stderr);

-	(void)n;

-	(void)arg;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/bn/exptest.c

+++ /dev/null

@@ -1,204 +1,0 @@

-/* crypto/bn/exptest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../e_os.h"

-#include <openssl/bio.h>

-#include <openssl/bn.h>

-#include <openssl/rand.h>

-#include <openssl/err.h>

-#define NUM_BITS	(BN_BITS*2)

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-int main(int argc, char *argv[])

-	{

-	BN_CTX *ctx;

-	BIO *out=NULL;

-	int i,ret;

-	unsigned char c;

-	BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;

-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't

-	                                       * even check its return value

-	                                       * (which we should) */

-	ERR_load_BN_strings();

-	ctx=BN_CTX_new();

-	if (ctx == NULL) EXIT(1);

-	r_mont=BN_new();

-	r_mont_const=BN_new();

-	r_recp=BN_new();

-	r_simple=BN_new();

-	a=BN_new();

-	b=BN_new();

-	m=BN_new();

-	if (	(r_mont == NULL) || (r_recp == NULL) ||

-		(a == NULL) || (b == NULL))

-		goto err;

-	out=BIO_new(BIO_s_file());

-	if (out == NULL) EXIT(1);

-	BIO_set_fp(out,stdout,BIO_NOCLOSE);

-	for (i=0; i<200; i++)

-		{

-		RAND_bytes(&c,1);

-		c=(c%BN_BITS)-BN_BITS2;

-		BN_rand(a,NUM_BITS+c,0,0);

-		RAND_bytes(&c,1);

-		c=(c%BN_BITS)-BN_BITS2;

-		BN_rand(b,NUM_BITS+c,0,0);

-		RAND_bytes(&c,1);

-		c=(c%BN_BITS)-BN_BITS2;

-		BN_rand(m,NUM_BITS+c,0,1);

-		BN_mod(a,a,m,ctx);

-		BN_mod(b,b,m,ctx);

-		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);

-		if (ret <= 0)

-			{

-			printf("BN_mod_exp_mont() problems\n");

-			ERR_print_errors(out);

-			EXIT(1);

-			}

-		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);

-		if (ret <= 0)

-			{

-			printf("BN_mod_exp_recp() problems\n");

-			ERR_print_errors(out);

-			EXIT(1);

-			}

-		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);

-		if (ret <= 0)

-			{

-			printf("BN_mod_exp_simple() problems\n");

-			ERR_print_errors(out);

-			EXIT(1);

-			}

-		ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);

-		if (ret <= 0)

-			{

-			printf("BN_mod_exp_mont_consttime() problems\n");

-			ERR_print_errors(out);

-			EXIT(1);

-			}

-		if (BN_cmp(r_simple, r_mont) == 0

-		    && BN_cmp(r_simple,r_recp) == 0

-			&& BN_cmp(r_simple,r_mont_const) == 0)

-			{

-			printf(".");

-			fflush(stdout);

-			}

-		else

-		  	{

-			if (BN_cmp(r_simple,r_mont) != 0)

-				printf("\nsimple and mont results differ\n");

-			if (BN_cmp(r_simple,r_mont) != 0)

-				printf("\nsimple and mont const time results differ\n");

-			if (BN_cmp(r_simple,r_recp) != 0)

-				printf("\nsimple and recp results differ\n");

-			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);

-			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);

-			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);

-			printf("\nsimple   =");	BN_print(out,r_simple);

-			printf("\nrecp     =");	BN_print(out,r_recp);

-			printf("\nmont     ="); BN_print(out,r_mont);

-			printf("\nmont_ct  ="); BN_print(out,r_mont_const);

-			printf("\n");

-			EXIT(1);

-			}

-		}

-	BN_free(r_mont);

-	BN_free(r_mont_const);

-	BN_free(r_recp);

-	BN_free(r_simple);

-	BN_free(a);

-	BN_free(b);

-	BN_free(m);

-	BN_CTX_free(ctx);

-	ERR_remove_state(0);

-	CRYPTO_mem_leaks(out);

-	BIO_free(out);

-	printf(" done\n");

-	EXIT(0);

-err:

-	ERR_load_crypto_strings();

-	ERR_print_errors(out);

-#ifdef OPENSSL_SYS_NETWARE

-    printf("ERROR\n");

-#endif

-	EXIT(1);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/bn/todo

+++ /dev/null

@@ -1,3 +1,0 @@

-Cache RECP_CTX values

-make the result argument independant of the inputs.

-split up the _exp_ functions

--- a/sys/src/ape/lib/openssl/crypto/bn/vms-helper.c

+++ /dev/null

@@ -1,68 +1,0 @@

-/* vms-helper.c */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include "bn_lcl.h"

-bn_div_words_abort(int i)

-{

-#ifdef BN_DEBUG

-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)

-	fprintf(stderr,"Division would overflow (%d)\n",i);

-#endif

-	abort();

-#endif

-}

--- a/sys/src/ape/lib/openssl/crypto/buffer/Makefile

+++ /dev/null

@@ -1,90 +1,0 @@

-#

-# OpenSSL/crypto/buffer/Makefile

-#

-DIR=	buffer

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= buffer.c buf_err.c

-LIBOBJ= buffer.o buf_err.o

-SRC= $(LIBSRC)

-EXHEADER= buffer.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-buf_err.o: buf_err.c

-buffer.o: ../../e_os.h ../../include/openssl/bio.h

-buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-buffer.o: ../../include/openssl/symhacks.h ../cryptlib.h buffer.c

--- a/sys/src/ape/lib/openssl/crypto/buffer/buf_err.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* crypto/buffer/buf_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/buffer.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)

-static ERR_STRING_DATA BUF_str_functs[]=

-	{

-{ERR_FUNC(BUF_F_BUF_MEMDUP),	"BUF_memdup"},

-{ERR_FUNC(BUF_F_BUF_MEM_GROW),	"BUF_MEM_grow"},

-{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN),	"BUF_MEM_grow_clean"},

-{ERR_FUNC(BUF_F_BUF_MEM_NEW),	"BUF_MEM_new"},

-{ERR_FUNC(BUF_F_BUF_STRDUP),	"BUF_strdup"},

-{ERR_FUNC(BUF_F_BUF_STRNDUP),	"BUF_strndup"},

-{0,NULL}

-	};

-static ERR_STRING_DATA BUF_str_reasons[]=

-	{

-{0,NULL}

-	};

-#endif

-void ERR_load_BUF_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,BUF_str_functs);

-		ERR_load_strings(0,BUF_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/buffer/buffer.c

+++ /dev/null

@@ -1,221 +1,0 @@

-/* crypto/buffer/buffer.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-BUF_MEM *BUF_MEM_new(void)

-	{

-	BUF_MEM *ret;

-	ret=OPENSSL_malloc(sizeof(BUF_MEM));

-	if (ret == NULL)

-		{

-		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->length=0;

-	ret->max=0;

-	ret->data=NULL;

-	return(ret);

-	}

-void BUF_MEM_free(BUF_MEM *a)

-	{

-	if(a == NULL)

-	    return;

-	if (a->data != NULL)

-		{

-		memset(a->data,0,(unsigned int)a->max);

-		OPENSSL_free(a->data);

-		}

-	OPENSSL_free(a);

-	}

-int BUF_MEM_grow(BUF_MEM *str, int len)

-	{

-	char *ret;

-	unsigned int n;

-	if (str->length >= len)

-		{

-		str->length=len;

-		return(len);

-		}

-	if (str->max >= len)

-		{

-		memset(&str->data[str->length],0,len-str->length);

-		str->length=len;

-		return(len);

-		}

-	n=(len+3)/3*4;

-	if (str->data == NULL)

-		ret=OPENSSL_malloc(n);

-	else

-		ret=OPENSSL_realloc(str->data,n);

-	if (ret == NULL)

-		{

-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);

-		len=0;

-		}

-	else

-		{

-		str->data=ret;

-		str->max=n;

-		memset(&str->data[str->length],0,len-str->length);

-		str->length=len;

-		}

-	return(len);

-	}

-int BUF_MEM_grow_clean(BUF_MEM *str, int len)

-	{

-	char *ret;

-	unsigned int n;

-	if (str->length >= len)

-		{

-		memset(&str->data[len],0,str->length-len);

-		str->length=len;

-		return(len);

-		}

-	if (str->max >= len)

-		{

-		memset(&str->data[str->length],0,len-str->length);

-		str->length=len;

-		return(len);

-		}

-	n=(len+3)/3*4;

-	if (str->data == NULL)

-		ret=OPENSSL_malloc(n);

-	else

-		ret=OPENSSL_realloc_clean(str->data,str->max,n);

-	if (ret == NULL)

-		{

-		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);

-		len=0;

-		}

-	else

-		{

-		str->data=ret;

-		str->max=n;

-		memset(&str->data[str->length],0,len-str->length);

-		str->length=len;

-		}

-	return(len);

-	}

-char *BUF_strdup(const char *str)

-	{

-	if (str == NULL) return(NULL);

-	return BUF_strndup(str, strlen(str));

-	}

-char *BUF_strndup(const char *str, size_t siz)

-	{

-	char *ret;

-	if (str == NULL) return(NULL);

-	ret=OPENSSL_malloc(siz+1);

-	if (ret == NULL)

-		{

-		BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	BUF_strlcpy(ret,str,siz+1);

-	return(ret);

-	}

-void *BUF_memdup(const void *data, size_t siz)

-	{

-	void *ret;

-	if (data == NULL) return(NULL);

-	ret=OPENSSL_malloc(siz);

-	if (ret == NULL)

-		{

-		BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	return memcpy(ret, data, siz);

-	}

-size_t BUF_strlcpy(char *dst, const char *src, size_t size)

-	{

-	size_t l = 0;

-	for(; size > 1 && *src; size--)

-		{

-		*dst++ = *src++;

-		l++;

-		}

-	if (size)

-		*dst = '\0';

-	return l + strlen(src);

-	}

-size_t BUF_strlcat(char *dst, const char *src, size_t size)

-	{

-	size_t l = 0;

-	for(; size > 0 && *dst; size--, dst++)

-		l++;

-	return l + BUF_strlcpy(dst, src, size);

-	}

--- a/sys/src/ape/lib/openssl/crypto/buffer/buffer.h

+++ /dev/null

@@ -1,118 +1,0 @@

-/* crypto/buffer/buffer.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_BUFFER_H

-#define HEADER_BUFFER_H

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#include <stddef.h>

-#if !defined(NO_SYS_TYPES_H)

-#include <sys/types.h>

-#endif

-/* Already declared in ossl_typ.h */

-/* typedef struct buf_mem_st BUF_MEM; */

-struct buf_mem_st

-	{

-	int length;	/* current number of bytes */

-	char *data;

-	int max;	/* size of buffer */

-	};

-BUF_MEM *BUF_MEM_new(void);

-void	BUF_MEM_free(BUF_MEM *a);

-int	BUF_MEM_grow(BUF_MEM *str, int len);

-int	BUF_MEM_grow_clean(BUF_MEM *str, int len);

-char *	BUF_strdup(const char *str);

-char *	BUF_strndup(const char *str, size_t siz);

-void *	BUF_memdup(const void *data, size_t siz);

-/* safe string functions */

-size_t BUF_strlcpy(char *dst,const char *src,size_t siz);

-size_t BUF_strlcat(char *dst,const char *src,size_t siz);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_BUF_strings(void);

-/* Error codes for the BUF functions. */

-/* Function codes. */

-#define BUF_F_BUF_MEMDUP				 103

-#define BUF_F_BUF_MEM_GROW				 100

-#define BUF_F_BUF_MEM_GROW_CLEAN			 105

-#define BUF_F_BUF_MEM_NEW				 101

-#define BUF_F_BUF_STRDUP				 102

-#define BUF_F_BUF_STRNDUP				 104

-/* Reason codes. */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/camellia/Makefile

+++ /dev/null

@@ -1,103 +1,0 @@

-#

-# crypto/camellia/Makefile

-#

-DIR= camellia

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CAMELLIA_ASM_OBJ=

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-#TEST=camelliatest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \

-	   cmll_cfb.c cmll_ctr.c

-LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \

-		cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ)

-SRC= $(LIBSRC)

-EXHEADER= camellia.h

-HEADER= cmll_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-$(LIBOBJ): $(LIBSRC)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-camellia.o: camellia.c camellia.h cmll_locl.h

-cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h

-cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h

-cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h

-cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-cmll_cfb.o: cmll_cfb.c cmll_locl.h

-cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h

-cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h

-cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h

-cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h

-cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h

-cmll_misc.o: ../../include/openssl/opensslconf.h

-cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c

-cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h

-cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c

--- a/sys/src/ape/lib/openssl/crypto/camellia/camellia.c

+++ /dev/null

@@ -1,1624 +1,0 @@

-/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .

- * ALL RIGHTS RESERVED.

- *

- * Intellectual Property information for Camellia:

- *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html

- *

- * News Release for Announcement of Camellia open source:

- *     http://www.ntt.co.jp/news/news06e/0604/060413a.html

- *

- * The Camellia Code included herein is developed by

- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed

- * to the OpenSSL project.

- *

- * The Camellia Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- */

-/* Algorithm Specification

-   http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html

-*/

-#include <string.h>

-#include <stdlib.h>

-#include "camellia.h"

-#include "cmll_locl.h"

-/* key constants */

-#define CAMELLIA_SIGMA1L (0xA09E667FL)

-#define CAMELLIA_SIGMA1R (0x3BCC908BL)

-#define CAMELLIA_SIGMA2L (0xB67AE858L)

-#define CAMELLIA_SIGMA2R (0x4CAA73B2L)

-#define CAMELLIA_SIGMA3L (0xC6EF372FL)

-#define CAMELLIA_SIGMA3R (0xE94F82BEL)

-#define CAMELLIA_SIGMA4L (0x54FF53A5L)

-#define CAMELLIA_SIGMA4R (0xF1D36F1CL)

-#define CAMELLIA_SIGMA5L (0x10E527FAL)

-#define CAMELLIA_SIGMA5R (0xDE682D1DL)

-#define CAMELLIA_SIGMA6L (0xB05688C2L)

-#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)

-/*

- *  macros

- */

-/* e is pointer of subkey */

-#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])

-#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])

-/* rotation right shift 1byte */

-#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))

-/* rotation left shift 1bit */

-#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))

-/* rotation left shift 1byte */

-#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))

-#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)	\

-do							\

-	{						\

-	w0 = ll;					\

-	ll = (ll << bits) + (lr >> (32 - bits));	\

-	lr = (lr << bits) + (rl >> (32 - bits));	\

-	rl = (rl << bits) + (rr >> (32 - bits));	\

-	rr = (rr << bits) + (w0 >> (32 - bits));	\

-	} while(0)

-#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits)	\

-do							\

-	{						\

-	w0 = ll;					\

-	w1 = lr;					\

-	ll = (lr << (bits - 32)) + (rl >> (64 - bits));	\

-	lr = (rl << (bits - 32)) + (rr >> (64 - bits));	\

-	rl = (rr << (bits - 32)) + (w0 >> (64 - bits));	\

-	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits));	\

-	} while(0)

-#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])

-#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])

-#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])

-#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])

-#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)		\

-do									\

-	{								\

-	il = xl ^ kl;							\

-	ir = xr ^ kr;							\

-	t0 = il >> 16;							\

-	t1 = ir >> 16;							\

-	yl = CAMELLIA_SP1110(ir & 0xff)					\

-		^ CAMELLIA_SP0222((t1 >> 8) & 0xff)			\

-		^ CAMELLIA_SP3033(t1 & 0xff)				\

-		^ CAMELLIA_SP4404((ir >> 8) & 0xff);			\

-	yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)				\

-		^ CAMELLIA_SP0222(t0 & 0xff)				\

-		^ CAMELLIA_SP3033((il >> 8) & 0xff)			\

-		^ CAMELLIA_SP4404(il & 0xff);				\

-	yl ^= yr;							\

-	yr = CAMELLIA_RR8(yr);						\

-	yr ^= yl;							\

-	} while(0)

-/*

- * for speed up

- *

- */

-#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \

-do									\

-	{								\

-	t0 = kll;							\

-	t0 &= ll;							\

-	lr ^= CAMELLIA_RL1(t0);						\

-	t1 = klr;							\

-	t1 |= lr;							\

-	ll ^= t1;							\

-									\

-	t2 = krr;							\

-	t2 |= rr;							\

-	rl ^= t2;							\

-	t3 = krl;							\

-	t3 &= rl;							\

-	rr ^= CAMELLIA_RL1(t3);						\

-	} while(0)

-#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)	\

-do									\

-	{								\

-	il = xl;							\

-	ir = xr;							\

-	t0 = il >> 16;							\

-	t1 = ir >> 16;							\

-	ir = CAMELLIA_SP1110(ir & 0xff)					\

-		^ CAMELLIA_SP0222((t1 >> 8) & 0xff)			\

-		^ CAMELLIA_SP3033(t1 & 0xff)				\

-		^ CAMELLIA_SP4404((ir >> 8) & 0xff);			\

-	il = CAMELLIA_SP1110((t0 >> 8) & 0xff)				\

-		^ CAMELLIA_SP0222(t0 & 0xff)				\

-		^ CAMELLIA_SP3033((il >> 8) & 0xff)			\

-		^ CAMELLIA_SP4404(il & 0xff);				\

-	il ^= kl;							\

-	ir ^= kr;							\

-	ir ^= il;							\

-	il = CAMELLIA_RR8(il);						\

-	il ^= ir;							\

-	yl ^= ir;							\

-	yr ^= il;							\

-	} while(0)

-static const u32 camellia_sp1110[256] =

-	{

-	0x70707000,0x82828200,0x2c2c2c00,0xececec00,

-	0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,

-	0xe4e4e400,0x85858500,0x57575700,0x35353500,

-	0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,

-	0x23232300,0xefefef00,0x6b6b6b00,0x93939300,

-	0x45454500,0x19191900,0xa5a5a500,0x21212100,

-	0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,

-	0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,

-	0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,

-	0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,

-	0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,

-	0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,

-	0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,

-	0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,

-	0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,

-	0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,

-	0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,

-	0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,

-	0x74747400,0x12121200,0x2b2b2b00,0x20202000,

-	0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,

-	0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,

-	0x34343400,0x7e7e7e00,0x76767600,0x05050500,

-	0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,

-	0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,

-	0x14141400,0x58585800,0x3a3a3a00,0x61616100,

-	0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,

-	0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,

-	0x53535300,0x18181800,0xf2f2f200,0x22222200,

-	0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,

-	0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,

-	0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,

-	0x60606000,0xfcfcfc00,0x69696900,0x50505000,

-	0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,

-	0xa1a1a100,0x89898900,0x62626200,0x97979700,

-	0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,

-	0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,

-	0x10101000,0xc4c4c400,0x00000000,0x48484800,

-	0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,

-	0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,

-	0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,

-	0x87878700,0x5c5c5c00,0x83838300,0x02020200,

-	0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,

-	0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,

-	0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,

-	0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,

-	0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,

-	0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,

-	0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,

-	0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,

-	0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,

-	0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,

-	0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,

-	0x78787800,0x98989800,0x06060600,0x6a6a6a00,

-	0xe7e7e700,0x46464600,0x71717100,0xbababa00,

-	0xd4d4d400,0x25252500,0xababab00,0x42424200,

-	0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,

-	0x72727200,0x07070700,0xb9b9b900,0x55555500,

-	0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,

-	0x36363600,0x49494900,0x2a2a2a00,0x68686800,

-	0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,

-	0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,

-	0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,

-	0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,

-	0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,

-	};

-static const u32 camellia_sp0222[256] =

-	{

-	0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,

-	0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,

-	0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,

-	0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,

-	0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,

-	0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,

-	0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,

-	0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,

-	0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,

-	0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,

-	0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,

-	0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,

-	0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,

-	0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,

-	0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,

-	0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,

-	0x00171717,0x001a1a1a,0x00353535,0x00cccccc,

-	0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,

-	0x00e8e8e8,0x00242424,0x00565656,0x00404040,

-	0x00e1e1e1,0x00636363,0x00090909,0x00333333,

-	0x00bfbfbf,0x00989898,0x00979797,0x00858585,

-	0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,

-	0x00dadada,0x006f6f6f,0x00535353,0x00626262,

-	0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,

-	0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,

-	0x00bdbdbd,0x00363636,0x00222222,0x00383838,

-	0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,

-	0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,

-	0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,

-	0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,

-	0x00484848,0x00101010,0x00d1d1d1,0x00515151,

-	0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,

-	0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,

-	0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,

-	0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,

-	0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,

-	0x00202020,0x00898989,0x00000000,0x00909090,

-	0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,

-	0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,

-	0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,

-	0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,

-	0x009b9b9b,0x00949494,0x00212121,0x00666666,

-	0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,

-	0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,

-	0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,

-	0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,

-	0x00030303,0x002d2d2d,0x00dedede,0x00969696,

-	0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,

-	0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,

-	0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,

-	0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,

-	0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,

-	0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,

-	0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,

-	0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,

-	0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,

-	0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,

-	0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,

-	0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,

-	0x00787878,0x00707070,0x00e3e3e3,0x00494949,

-	0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,

-	0x00777777,0x00939393,0x00868686,0x00838383,

-	0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,

-	0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,

-	};

-static const u32 camellia_sp3033[256] =

-	{

-	0x38003838,0x41004141,0x16001616,0x76007676,

-	0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,

-	0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,

-	0x75007575,0x06000606,0x57005757,0xa000a0a0,

-	0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,

-	0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,

-	0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,

-	0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,

-	0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,

-	0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,

-	0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,

-	0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,

-	0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,

-	0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,

-	0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,

-	0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,

-	0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,

-	0xfd00fdfd,0x66006666,0x58005858,0x96009696,

-	0x3a003a3a,0x09000909,0x95009595,0x10001010,

-	0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,

-	0xef00efef,0x26002626,0xe500e5e5,0x61006161,

-	0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,

-	0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,

-	0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,

-	0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,

-	0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,

-	0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,

-	0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,

-	0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,

-	0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,

-	0x12001212,0x04000404,0x74007474,0x54005454,

-	0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,

-	0x55005555,0x68006868,0x50005050,0xbe00bebe,

-	0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,

-	0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,

-	0x70007070,0xff00ffff,0x32003232,0x69006969,

-	0x08000808,0x62006262,0x00000000,0x24002424,

-	0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,

-	0x45004545,0x81008181,0x73007373,0x6d006d6d,

-	0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,

-	0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,

-	0xe600e6e6,0x25002525,0x48004848,0x99009999,

-	0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,

-	0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,

-	0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,

-	0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,

-	0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,

-	0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,

-	0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,

-	0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,

-	0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,

-	0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,

-	0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,

-	0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,

-	0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,

-	0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,

-	0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,

-	0x7c007c7c,0x77007777,0x56005656,0x05000505,

-	0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,

-	0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,

-	0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,

-	0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,

-	0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,

-	0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,

-	};

-static const u32 camellia_sp4404[256] =

-	{

-	0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,

-	0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,

-	0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,

-	0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,

-	0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,

-	0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,

-	0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,

-	0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,

-	0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,

-	0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,

-	0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,

-	0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,

-	0x14140014,0x3a3a003a,0xdede00de,0x11110011,

-	0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,

-	0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,

-	0x24240024,0xe8e800e8,0x60600060,0x69690069,

-	0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,

-	0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,

-	0x10100010,0x00000000,0xa3a300a3,0x75750075,

-	0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,

-	0x87870087,0x83830083,0xcdcd00cd,0x90900090,

-	0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,

-	0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,

-	0x81810081,0x6f6f006f,0x13130013,0x63630063,

-	0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,

-	0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,

-	0x78780078,0x06060006,0xe7e700e7,0x71710071,

-	0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,

-	0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,

-	0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,

-	0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,

-	0x15150015,0xadad00ad,0x77770077,0x80800080,

-	0x82820082,0xecec00ec,0x27270027,0xe5e500e5,

-	0x85850085,0x35350035,0x0c0c000c,0x41410041,

-	0xefef00ef,0x93930093,0x19190019,0x21210021,

-	0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,

-	0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,

-	0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,

-	0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,

-	0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,

-	0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,

-	0x12120012,0x20200020,0xb1b100b1,0x99990099,

-	0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,

-	0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,

-	0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,

-	0x0f0f000f,0x16160016,0x18180018,0x22220022,

-	0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,

-	0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,

-	0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,

-	0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,

-	0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,

-	0x03030003,0xdada00da,0x3f3f003f,0x94940094,

-	0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,

-	0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,

-	0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,

-	0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,

-	0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,

-	0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,

-	0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,

-	0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,

-	0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,

-	0x49490049,0x68680068,0x38380038,0xa4a400a4,

-	0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,

-	0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,

-	};

-/**

- * Stuff related to the Camellia key schedule

- */

-#define subl(x) subL[(x)]

-#define subr(x) subR[(x)]

-void camellia_setup128(const u8 *key, u32 *subkey)

-	{

-	u32 kll, klr, krl, krr;

-	u32 il, ir, t0, t1, w0, w1;

-	u32 kw4l, kw4r, dw, tl, tr;

-	u32 subL[26];

-	u32 subR[26];

-	/**

-	 *  k == kll || klr || krl || krr (|| is concatination)

-	 */

-	kll = GETU32(key     );

-	klr = GETU32(key +  4);

-	krl = GETU32(key +  8);

-	krr = GETU32(key + 12);

-	/**

-	 * generate KL dependent subkeys

-	 */

-	/* kw1 */

-	subl(0) = kll; subr(0) = klr;

-	/* kw2 */

-	subl(1) = krl; subr(1) = krr;

-	/* rotation left shift 15bit */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* k3 */

-	subl(4) = kll; subr(4) = klr;

-	/* k4 */

-	subl(5) = krl; subr(5) = krr;

-	/* rotation left shift 15+30bit */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);

-	/* k7 */

-	subl(10) = kll; subr(10) = klr;

-	/* k8 */

-	subl(11) = krl; subr(11) = krr;

-	/* rotation left shift 15+30+15bit */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* k10 */

-	subl(13) = krl; subr(13) = krr;

-	/* rotation left shift 15+30+15+17 bit */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);

-	/* kl3 */

-	subl(16) = kll; subr(16) = klr;

-	/* kl4 */

-	subl(17) = krl; subr(17) = krr;

-	/* rotation left shift 15+30+15+17+17 bit */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);

-	/* k13 */

-	subl(18) = kll; subr(18) = klr;

-	/* k14 */

-	subl(19) = krl; subr(19) = krr;

-	/* rotation left shift 15+30+15+17+17+17 bit */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);

-	/* k17 */

-	subl(22) = kll; subr(22) = klr;

-	/* k18 */

-	subl(23) = krl; subr(23) = krr;

-	/* generate KA */

-	kll = subl(0); klr = subr(0);

-	krl = subl(1); krr = subr(1);

-	CAMELLIA_F(kll, klr,

-		CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,

-		w0, w1, il, ir, t0, t1);

-	krl ^= w0; krr ^= w1;

-	CAMELLIA_F(krl, krr,

-		CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,

-		kll, klr, il, ir, t0, t1);

-	/* current status == (kll, klr, w0, w1) */

-	CAMELLIA_F(kll, klr,

-		CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,

-		krl, krr, il, ir, t0, t1);

-	krl ^= w0; krr ^= w1;

-	CAMELLIA_F(krl, krr,

-		CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,

-		w0, w1, il, ir, t0, t1);

-	kll ^= w0; klr ^= w1;

-	/* generate KA dependent subkeys */

-	/* k1, k2 */

-	subl(2) = kll; subr(2) = klr;

-	subl(3) = krl; subr(3) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* k5,k6 */

-	subl(6) = kll; subr(6) = klr;

-	subl(7) = krl; subr(7) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* kl1, kl2 */

-	subl(8) = kll; subr(8) = klr;

-	subl(9) = krl; subr(9) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* k9 */

-	subl(12) = kll; subr(12) = klr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* k11, k12 */

-	subl(14) = kll; subr(14) = klr;

-	subl(15) = krl; subr(15) = krr;

-	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);

-	/* k15, k16 */

-	subl(20) = kll; subr(20) = klr;

-	subl(21) = krl; subr(21) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);

-	/* kw3, kw4 */

-	subl(24) = kll; subr(24) = klr;

-	subl(25) = krl; subr(25) = krr;

-	/* absorb kw2 to other subkeys */

-/* round 2 */

-	subl(3) ^= subl(1); subr(3) ^= subr(1);

-/* round 4 */

-	subl(5) ^= subl(1); subr(5) ^= subr(1);

-/* round 6 */

-	subl(7) ^= subl(1); subr(7) ^= subr(1);

-	subl(1) ^= subr(1) & ~subr(9);

-	dw = subl(1) & subl(9),

-		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */

-/* round 8 */

-	subl(11) ^= subl(1); subr(11) ^= subr(1);

-/* round 10 */

-	subl(13) ^= subl(1); subr(13) ^= subr(1);

-/* round 12 */

-	subl(15) ^= subl(1); subr(15) ^= subr(1);

-	subl(1) ^= subr(1) & ~subr(17);

-	dw = subl(1) & subl(17),

-		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */

-/* round 14 */

-	subl(19) ^= subl(1); subr(19) ^= subr(1);

-/* round 16 */

-	subl(21) ^= subl(1); subr(21) ^= subr(1);

-/* round 18 */

-	subl(23) ^= subl(1); subr(23) ^= subr(1);

-/* kw3 */

-	subl(24) ^= subl(1); subr(24) ^= subr(1);

-	/* absorb kw4 to other subkeys */

-	kw4l = subl(25); kw4r = subr(25);

-/* round 17 */

-	subl(22) ^= kw4l; subr(22) ^= kw4r;

-/* round 15 */

-	subl(20) ^= kw4l; subr(20) ^= kw4r;

-/* round 13 */

-	subl(18) ^= kw4l; subr(18) ^= kw4r;

-	kw4l ^= kw4r & ~subr(16);

-	dw = kw4l & subl(16),

-		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */

-/* round 11 */

-	subl(14) ^= kw4l; subr(14) ^= kw4r;

-/* round 9 */

-	subl(12) ^= kw4l; subr(12) ^= kw4r;

-/* round 7 */

-	subl(10) ^= kw4l; subr(10) ^= kw4r;

-	kw4l ^= kw4r & ~subr(8);

-	dw = kw4l & subl(8),

-		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */

-/* round 5 */

-	subl(6) ^= kw4l; subr(6) ^= kw4r;

-/* round 3 */

-	subl(4) ^= kw4l; subr(4) ^= kw4r;

-/* round 1 */

-	subl(2) ^= kw4l; subr(2) ^= kw4r;

-/* kw1 */

-	subl(0) ^= kw4l; subr(0) ^= kw4r;

-	/* key XOR is end of F-function */

-	CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */

-	CamelliaSubkeyR(0) = subr(0) ^ subr(2);

-	CamelliaSubkeyL(2) = subl(3);       /* round 1 */

-	CamelliaSubkeyR(2) = subr(3);

-	CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */

-	CamelliaSubkeyR(3) = subr(2) ^ subr(4);

-	CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */

-	CamelliaSubkeyR(4) = subr(3) ^ subr(5);

-	CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */

-	CamelliaSubkeyR(5) = subr(4) ^ subr(6);

-	CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */

-	CamelliaSubkeyR(6) = subr(5) ^ subr(7);

-	tl = subl(10) ^ (subr(10) & ~subr(8));

-	dw = tl & subl(8),  /* FL(kl1) */

-		tr = subr(10) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */

-	CamelliaSubkeyR(7) = subr(6) ^ tr;

-	CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */

-	CamelliaSubkeyR(8) = subr(8);

-	CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */

-	CamelliaSubkeyR(9) = subr(9);

-	tl = subl(7) ^ (subr(7) & ~subr(9));

-	dw = tl & subl(9),  /* FLinv(kl2) */

-		tr = subr(7) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */

-	CamelliaSubkeyR(10) = tr ^ subr(11);

-	CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */

-	CamelliaSubkeyR(11) = subr(10) ^ subr(12);

-	CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */

-	CamelliaSubkeyR(12) = subr(11) ^ subr(13);

-	CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */

-	CamelliaSubkeyR(13) = subr(12) ^ subr(14);

-	CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */

-	CamelliaSubkeyR(14) = subr(13) ^ subr(15);

-	tl = subl(18) ^ (subr(18) & ~subr(16));

-	dw = tl & subl(16), /* FL(kl3) */

-		tr = subr(18) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */

-	CamelliaSubkeyR(15) = subr(14) ^ tr;

-	CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */

-	CamelliaSubkeyR(16) = subr(16);

-	CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */

-	CamelliaSubkeyR(17) = subr(17);

-	tl = subl(15) ^ (subr(15) & ~subr(17));

-	dw = tl & subl(17), /* FLinv(kl4) */

-		tr = subr(15) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */

-	CamelliaSubkeyR(18) = tr ^ subr(19);

-	CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */

-	CamelliaSubkeyR(19) = subr(18) ^ subr(20);

-	CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */

-	CamelliaSubkeyR(20) = subr(19) ^ subr(21);

-	CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */

-	CamelliaSubkeyR(21) = subr(20) ^ subr(22);

-	CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */

-	CamelliaSubkeyR(22) = subr(21) ^ subr(23);

-	CamelliaSubkeyL(23) = subl(22);     /* round 18 */

-	CamelliaSubkeyR(23) = subr(22);

-	CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */

-	CamelliaSubkeyR(24) = subr(24) ^ subr(23);

-	/* apply the inverse of the last half of P-function */

-	dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),

-		dw = CAMELLIA_RL8(dw);/* round 1 */

-	CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,

-		CamelliaSubkeyL(2) = dw;

-	dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),

-		dw = CAMELLIA_RL8(dw);/* round 2 */

-	CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,

-		CamelliaSubkeyL(3) = dw;

-	dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),

-		dw = CAMELLIA_RL8(dw);/* round 3 */

-	CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,

-		CamelliaSubkeyL(4) = dw;

-	dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),

-		dw = CAMELLIA_RL8(dw);/* round 4 */

-	CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,

-		CamelliaSubkeyL(5) = dw;

-	dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),

-		dw = CAMELLIA_RL8(dw);/* round 5 */

-	CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,

-		CamelliaSubkeyL(6) = dw;

-	dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),

-		dw = CAMELLIA_RL8(dw);/* round 6 */

-	CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,

-		CamelliaSubkeyL(7) = dw;

-	dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),

-		dw = CAMELLIA_RL8(dw);/* round 7 */

-	CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,

-		CamelliaSubkeyL(10) = dw;

-	dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),

-		dw = CAMELLIA_RL8(dw);/* round 8 */

-	CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,

-		CamelliaSubkeyL(11) = dw;

-	dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),

-		dw = CAMELLIA_RL8(dw);/* round 9 */

-	CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,

-		CamelliaSubkeyL(12) = dw;

-	dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),

-		dw = CAMELLIA_RL8(dw);/* round 10 */

-	CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,

-		CamelliaSubkeyL(13) = dw;

-	dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),

-		dw = CAMELLIA_RL8(dw);/* round 11 */

-	CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,

-		CamelliaSubkeyL(14) = dw;

-	dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),

-		dw = CAMELLIA_RL8(dw);/* round 12 */

-	CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,

-		CamelliaSubkeyL(15) = dw;

-	dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),

-		dw = CAMELLIA_RL8(dw);/* round 13 */

-	CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,

-		CamelliaSubkeyL(18) = dw;

-	dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),

-		dw = CAMELLIA_RL8(dw);/* round 14 */

-	CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,

-		CamelliaSubkeyL(19) = dw;

-	dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),

-		dw = CAMELLIA_RL8(dw);/* round 15 */

-	CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,

-		CamelliaSubkeyL(20) = dw;

-	dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),

-		dw = CAMELLIA_RL8(dw);/* round 16 */

-	CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,

-		CamelliaSubkeyL(21) = dw;

-	dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),

-		dw = CAMELLIA_RL8(dw);/* round 17 */

-	CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,

-		CamelliaSubkeyL(22) = dw;

-	dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),

-		dw = CAMELLIA_RL8(dw);/* round 18 */

-	CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,

-		CamelliaSubkeyL(23) = dw;

-	return;

-	}

-void camellia_setup256(const u8 *key, u32 *subkey)

-	{

-	u32 kll,klr,krl,krr;           /* left half of key */

-	u32 krll,krlr,krrl,krrr;       /* right half of key */

-	u32 il, ir, t0, t1, w0, w1;    /* temporary variables */

-	u32 kw4l, kw4r, dw, tl, tr;

-	u32 subL[34];

-	u32 subR[34];

-	/**

-	 *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)

-	 *  (|| is concatination)

-	 */

-	kll  = GETU32(key     );

-	klr  = GETU32(key +  4);

-	krl  = GETU32(key +  8);

-	krr  = GETU32(key + 12);

-	krll = GETU32(key + 16);

-	krlr = GETU32(key + 20);

-	krrl = GETU32(key + 24);

-	krrr = GETU32(key + 28);

-	/* generate KL dependent subkeys */

-	/* kw1 */

-	subl(0) = kll; subr(0) = klr;

-	/* kw2 */

-	subl(1) = krl; subr(1) = krr;

-	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);

-	/* k9 */

-	subl(12) = kll; subr(12) = klr;

-	/* k10 */

-	subl(13) = krl; subr(13) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* kl3 */

-	subl(16) = kll; subr(16) = klr;

-	/* kl4 */

-	subl(17) = krl; subr(17) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);

-	/* k17 */

-	subl(22) = kll; subr(22) = klr;

-	/* k18 */

-	subl(23) = krl; subr(23) = krr;

-	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);

-	/* k23 */

-	subl(30) = kll; subr(30) = klr;

-	/* k24 */

-	subl(31) = krl; subr(31) = krr;

-	/* generate KR dependent subkeys */

-	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);

-	/* k3 */

-	subl(4) = krll; subr(4) = krlr;

-	/* k4 */

-	subl(5) = krrl; subr(5) = krrr;

-	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);

-	/* kl1 */

-	subl(8) = krll; subr(8) = krlr;

-	/* kl2 */

-	subl(9) = krrl; subr(9) = krrr;

-	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);

-	/* k13 */

-	subl(18) = krll; subr(18) = krlr;

-	/* k14 */

-	subl(19) = krrl; subr(19) = krrr;

-	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);

-	/* k19 */

-	subl(26) = krll; subr(26) = krlr;

-	/* k20 */

-	subl(27) = krrl; subr(27) = krrr;

-	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);

-	/* generate KA */

-	kll = subl(0) ^ krll; klr = subr(0) ^ krlr;

-	krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;

-	CAMELLIA_F(kll, klr,

-		CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,

-		w0, w1, il, ir, t0, t1);

-	krl ^= w0; krr ^= w1;

-	CAMELLIA_F(krl, krr,

-		CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,

-		kll, klr, il, ir, t0, t1);

-	kll ^= krll; klr ^= krlr;

-	CAMELLIA_F(kll, klr,

-		CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,

-		krl, krr, il, ir, t0, t1);

-	krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;

-	CAMELLIA_F(krl, krr,

-		CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,

-		w0, w1, il, ir, t0, t1);

-	kll ^= w0; klr ^= w1;

-	/* generate KB */

-	krll ^= kll; krlr ^= klr;

-	krrl ^= krl; krrr ^= krr;

-	CAMELLIA_F(krll, krlr,

-		CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,

-		w0, w1, il, ir, t0, t1);

-	krrl ^= w0; krrr ^= w1;

-	CAMELLIA_F(krrl, krrr,

-		CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,

-		w0, w1, il, ir, t0, t1);

-	krll ^= w0; krlr ^= w1;

-	/* generate KA dependent subkeys */

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);

-	/* k5 */

-	subl(6) = kll; subr(6) = klr;

-	/* k6 */

-	subl(7) = krl; subr(7) = krr;

-	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);

-	/* k11 */

-	subl(14) = kll; subr(14) = klr;

-	/* k12 */

-	subl(15) = krl; subr(15) = krr;

-	/* rotation left shift 32bit */

-	/* kl5 */

-	subl(24) = klr; subr(24) = krl;

-	/* kl6 */

-	subl(25) = krr; subr(25) = kll;

-	/* rotation left shift 49 from k11,k12 -> k21,k22 */

-	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);

-	/* k21 */

-	subl(28) = kll; subr(28) = klr;

-	/* k22 */

-	subl(29) = krl; subr(29) = krr;

-	/* generate KB dependent subkeys */

-	/* k1 */

-	subl(2) = krll; subr(2) = krlr;

-	/* k2 */

-	subl(3) = krrl; subr(3) = krrr;

-	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);

-	/* k7 */

-	subl(10) = krll; subr(10) = krlr;

-	/* k8 */

-	subl(11) = krrl; subr(11) = krrr;

-	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);

-	/* k15 */

-	subl(20) = krll; subr(20) = krlr;

-	/* k16 */

-	subl(21) = krrl; subr(21) = krrr;

-	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);

-	/* kw3 */

-	subl(32) = krll; subr(32) = krlr;

-	/* kw4 */

-	subl(33) = krrl; subr(33) = krrr;

-	/* absorb kw2 to other subkeys */

-/* round 2 */

-	subl(3) ^= subl(1); subr(3) ^= subr(1);

-/* round 4 */

-	subl(5) ^= subl(1); subr(5) ^= subr(1);

-/* round 6 */

-	subl(7) ^= subl(1); subr(7) ^= subr(1);

-	subl(1) ^= subr(1) & ~subr(9);

-	dw = subl(1) & subl(9),

-		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */

-/* round 8 */

-	subl(11) ^= subl(1); subr(11) ^= subr(1);

-/* round 10 */

-	subl(13) ^= subl(1); subr(13) ^= subr(1);

-/* round 12 */

-	subl(15) ^= subl(1); subr(15) ^= subr(1);

-	subl(1) ^= subr(1) & ~subr(17);

-	dw = subl(1) & subl(17),

-		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */

-/* round 14 */

-	subl(19) ^= subl(1); subr(19) ^= subr(1);

-/* round 16 */

-	subl(21) ^= subl(1); subr(21) ^= subr(1);

-/* round 18 */

-	subl(23) ^= subl(1); subr(23) ^= subr(1);

-	subl(1) ^= subr(1) & ~subr(25);

-	dw = subl(1) & subl(25),

-		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */

-/* round 20 */

-	subl(27) ^= subl(1); subr(27) ^= subr(1);

-/* round 22 */

-	subl(29) ^= subl(1); subr(29) ^= subr(1);

-/* round 24 */

-	subl(31) ^= subl(1); subr(31) ^= subr(1);

-/* kw3 */

-	subl(32) ^= subl(1); subr(32) ^= subr(1);

-	/* absorb kw4 to other subkeys */

-	kw4l = subl(33); kw4r = subr(33);

-/* round 23 */

-	subl(30) ^= kw4l; subr(30) ^= kw4r;

-/* round 21 */

-	subl(28) ^= kw4l; subr(28) ^= kw4r;

-/* round 19 */

-	subl(26) ^= kw4l; subr(26) ^= kw4r;

-	kw4l ^= kw4r & ~subr(24);

-	dw = kw4l & subl(24),

-		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */

-/* round 17 */

-	subl(22) ^= kw4l; subr(22) ^= kw4r;

-/* round 15 */

-	subl(20) ^= kw4l; subr(20) ^= kw4r;

-/* round 13 */

-	subl(18) ^= kw4l; subr(18) ^= kw4r;

-	kw4l ^= kw4r & ~subr(16);

-	dw = kw4l & subl(16),

-		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */

-/* round 11 */

-	subl(14) ^= kw4l; subr(14) ^= kw4r;

-/* round 9 */

-	subl(12) ^= kw4l; subr(12) ^= kw4r;

-/* round 7 */

-	subl(10) ^= kw4l; subr(10) ^= kw4r;

-	kw4l ^= kw4r & ~subr(8);

-	dw = kw4l & subl(8),

-		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */

-/* round 5 */

-	subl(6) ^= kw4l; subr(6) ^= kw4r;

-/* round 3 */

-	subl(4) ^= kw4l; subr(4) ^= kw4r;

-/* round 1 */

-	subl(2) ^= kw4l; subr(2) ^= kw4r;

-/* kw1 */

-	subl(0) ^= kw4l; subr(0) ^= kw4r;

-	/* key XOR is end of F-function */

-	CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */

-	CamelliaSubkeyR(0) = subr(0) ^ subr(2);

-	CamelliaSubkeyL(2) = subl(3);       /* round 1 */

-	CamelliaSubkeyR(2) = subr(3);

-	CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */

-	CamelliaSubkeyR(3) = subr(2) ^ subr(4);

-	CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */

-	CamelliaSubkeyR(4) = subr(3) ^ subr(5);

-	CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */

-	CamelliaSubkeyR(5) = subr(4) ^ subr(6);

-	CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */

-	CamelliaSubkeyR(6) = subr(5) ^ subr(7);

-	tl = subl(10) ^ (subr(10) & ~subr(8));

-	dw = tl & subl(8),  /* FL(kl1) */

-		tr = subr(10) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */

-	CamelliaSubkeyR(7) = subr(6) ^ tr;

-	CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */

-	CamelliaSubkeyR(8) = subr(8);

-	CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */

-	CamelliaSubkeyR(9) = subr(9);

-	tl = subl(7) ^ (subr(7) & ~subr(9));

-	dw = tl & subl(9),  /* FLinv(kl2) */

-		tr = subr(7) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */

-	CamelliaSubkeyR(10) = tr ^ subr(11);

-	CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */

-	CamelliaSubkeyR(11) = subr(10) ^ subr(12);

-	CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */

-	CamelliaSubkeyR(12) = subr(11) ^ subr(13);

-	CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */

-	CamelliaSubkeyR(13) = subr(12) ^ subr(14);

-	CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */

-	CamelliaSubkeyR(14) = subr(13) ^ subr(15);

-	tl = subl(18) ^ (subr(18) & ~subr(16));

-	dw = tl & subl(16), /* FL(kl3) */

-		tr = subr(18) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */

-	CamelliaSubkeyR(15) = subr(14) ^ tr;

-	CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */

-	CamelliaSubkeyR(16) = subr(16);

-	CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */

-	CamelliaSubkeyR(17) = subr(17);

-	tl = subl(15) ^ (subr(15) & ~subr(17));

-	dw = tl & subl(17), /* FLinv(kl4) */

-		tr = subr(15) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */

-	CamelliaSubkeyR(18) = tr ^ subr(19);

-	CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */

-	CamelliaSubkeyR(19) = subr(18) ^ subr(20);

-	CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */

-	CamelliaSubkeyR(20) = subr(19) ^ subr(21);

-	CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */

-	CamelliaSubkeyR(21) = subr(20) ^ subr(22);

-	CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */

-	CamelliaSubkeyR(22) = subr(21) ^ subr(23);

-	tl = subl(26) ^ (subr(26)

-		& ~subr(24));

-	dw = tl & subl(24), /* FL(kl5) */

-		tr = subr(26) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */

-	CamelliaSubkeyR(23) = subr(22) ^ tr;

-	CamelliaSubkeyL(24) = subl(24);     /* FL(kl5) */

-	CamelliaSubkeyR(24) = subr(24);

-	CamelliaSubkeyL(25) = subl(25);     /* FLinv(kl6) */

-	CamelliaSubkeyR(25) = subr(25);

-	tl = subl(23) ^ (subr(23) &

-		~subr(25));

-	dw = tl & subl(25), /* FLinv(kl6) */

-		tr = subr(23) ^ CAMELLIA_RL1(dw);

-	CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */

-	CamelliaSubkeyR(26) = tr ^ subr(27);

-	CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */

-	CamelliaSubkeyR(27) = subr(26) ^ subr(28);

-	CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */

-	CamelliaSubkeyR(28) = subr(27) ^ subr(29);

-	CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */

-	CamelliaSubkeyR(29) = subr(28) ^ subr(30);

-	CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */

-	CamelliaSubkeyR(30) = subr(29) ^ subr(31);

-	CamelliaSubkeyL(31) = subl(30);     /* round 24 */

-	CamelliaSubkeyR(31) = subr(30);

-	CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */

-	CamelliaSubkeyR(32) = subr(32) ^ subr(31);

-	/* apply the inverse of the last half of P-function */

-	dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),

-		dw = CAMELLIA_RL8(dw);/* round 1 */

-	CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,

-		CamelliaSubkeyL(2) = dw;

-	dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),

-		dw = CAMELLIA_RL8(dw);/* round 2 */

-	CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,

-		CamelliaSubkeyL(3) = dw;

-	dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),

-		dw = CAMELLIA_RL8(dw);/* round 3 */

-	CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,

-		CamelliaSubkeyL(4) = dw;

-	dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),

-		dw = CAMELLIA_RL8(dw);/* round 4 */

-	CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,

-		CamelliaSubkeyL(5) = dw;

-	dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),

-		dw = CAMELLIA_RL8(dw);/* round 5 */

-	CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,

-		CamelliaSubkeyL(6) = dw;

-	dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),

-		dw = CAMELLIA_RL8(dw);/* round 6 */

-	CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,

-		CamelliaSubkeyL(7) = dw;

-	dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),

-		dw = CAMELLIA_RL8(dw);/* round 7 */

-	CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,

-		CamelliaSubkeyL(10) = dw;

-	dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),

-		dw = CAMELLIA_RL8(dw);/* round 8 */

-	CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,

-		CamelliaSubkeyL(11) = dw;

-	dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),

-		dw = CAMELLIA_RL8(dw);/* round 9 */

-	CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,

-		CamelliaSubkeyL(12) = dw;

-	dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),

-		dw = CAMELLIA_RL8(dw);/* round 10 */

-	CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,

-		CamelliaSubkeyL(13) = dw;

-	dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),

-		dw = CAMELLIA_RL8(dw);/* round 11 */

-	CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,

-		CamelliaSubkeyL(14) = dw;

-	dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),

-		dw = CAMELLIA_RL8(dw);/* round 12 */

-	CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,

-		CamelliaSubkeyL(15) = dw;

-	dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),

-		dw = CAMELLIA_RL8(dw);/* round 13 */

-	CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,

-		CamelliaSubkeyL(18) = dw;

-	dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),

-		dw = CAMELLIA_RL8(dw);/* round 14 */

-	CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,

-		CamelliaSubkeyL(19) = dw;

-	dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),

-		dw = CAMELLIA_RL8(dw);/* round 15 */

-	CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,

-		CamelliaSubkeyL(20) = dw;

-	dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),

-		dw = CAMELLIA_RL8(dw);/* round 16 */

-	CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,

-		CamelliaSubkeyL(21) = dw;

-	dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),

-		dw = CAMELLIA_RL8(dw);/* round 17 */

-	CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,

-		CamelliaSubkeyL(22) = dw;

-	dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),

-		dw = CAMELLIA_RL8(dw);/* round 18 */

-	CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,

-		CamelliaSubkeyL(23) = dw;

-	dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),

-		dw = CAMELLIA_RL8(dw);/* round 19 */

-	CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,

-		CamelliaSubkeyL(26) = dw;

-	dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),

-		dw = CAMELLIA_RL8(dw);/* round 20 */

-	CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,

-		CamelliaSubkeyL(27) = dw;

-	dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),

-		dw = CAMELLIA_RL8(dw);/* round 21 */

-	CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,

-		CamelliaSubkeyL(28) = dw;

-	dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),

-		dw = CAMELLIA_RL8(dw);/* round 22 */

-	CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,

-		CamelliaSubkeyL(29) = dw;

-	dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),

-		dw = CAMELLIA_RL8(dw);/* round 23 */

-	CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,

-		CamelliaSubkeyL(30) = dw;

-	dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),

-		dw = CAMELLIA_RL8(dw);/* round 24 */

-	CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,

-		CamelliaSubkeyL(31) = dw;

-	return;

-	}

-void camellia_setup192(const u8 *key, u32 *subkey)

-	{

-	u8 kk[32];

-	u32 krll, krlr, krrl,krrr;

-	memcpy(kk, key, 24);

-	memcpy((u8 *)&krll, key+16,4);

-	memcpy((u8 *)&krlr, key+20,4);

-	krrl = ~krll;

-	krrr = ~krlr;

-	memcpy(kk+24, (u8 *)&krrl, 4);

-	memcpy(kk+28, (u8 *)&krrr, 4);

-	camellia_setup256(kk, subkey);

-	return;

-	}

-/**

- * Stuff related to camellia encryption/decryption

- */

-void camellia_encrypt128(const u32 *subkey, u32 *io)

-	{

-	u32 il, ir, t0, t1;

-	/* pre whitening but absorb kw2*/

-	io[0] ^= CamelliaSubkeyL(0);

-	io[1] ^= CamelliaSubkeyR(0);

-	/* main iteration */

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(2),CamelliaSubkeyR(2),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(3),CamelliaSubkeyR(3),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(4),CamelliaSubkeyR(4),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(5),CamelliaSubkeyR(5),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(6),CamelliaSubkeyR(6),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(7),CamelliaSubkeyR(7),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(8),CamelliaSubkeyR(8),

-		CamelliaSubkeyL(9),CamelliaSubkeyR(9),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(10),CamelliaSubkeyR(10),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(11),CamelliaSubkeyR(11),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(12),CamelliaSubkeyR(12),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(13),CamelliaSubkeyR(13),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(14),CamelliaSubkeyR(14),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(15),CamelliaSubkeyR(15),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(16),CamelliaSubkeyR(16),

-		CamelliaSubkeyL(17),CamelliaSubkeyR(17),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(18),CamelliaSubkeyR(18),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(19),CamelliaSubkeyR(19),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(20),CamelliaSubkeyR(20),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(21),CamelliaSubkeyR(21),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(22),CamelliaSubkeyR(22),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(23),CamelliaSubkeyR(23),

-		io[0],io[1],il,ir,t0,t1);

-	/* post whitening but kw4 */

-	io[2] ^= CamelliaSubkeyL(24);

-	io[3] ^= CamelliaSubkeyR(24);

-	t0 = io[0];

-	t1 = io[1];

-	io[0] = io[2];

-	io[1] = io[3];

-	io[2] = t0;

-	io[3] = t1;

-	return;

-	}

-void camellia_decrypt128(const u32 *subkey, u32 *io)

-	{

-	u32 il,ir,t0,t1;               /* temporary valiables */

-	/* pre whitening but absorb kw2*/

-	io[0] ^= CamelliaSubkeyL(24);

-	io[1] ^= CamelliaSubkeyR(24);

-	/* main iteration */

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(23),CamelliaSubkeyR(23),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(22),CamelliaSubkeyR(22),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(21),CamelliaSubkeyR(21),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(20),CamelliaSubkeyR(20),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(19),CamelliaSubkeyR(19),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(18),CamelliaSubkeyR(18),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(17),CamelliaSubkeyR(17),

-		CamelliaSubkeyL(16),CamelliaSubkeyR(16),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(15),CamelliaSubkeyR(15),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(14),CamelliaSubkeyR(14),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(13),CamelliaSubkeyR(13),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(12),CamelliaSubkeyR(12),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(11),CamelliaSubkeyR(11),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(10),CamelliaSubkeyR(10),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(9),CamelliaSubkeyR(9),

-		CamelliaSubkeyL(8),CamelliaSubkeyR(8),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(7),CamelliaSubkeyR(7),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(6),CamelliaSubkeyR(6),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(5),CamelliaSubkeyR(5),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(4),CamelliaSubkeyR(4),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(3),CamelliaSubkeyR(3),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(2),CamelliaSubkeyR(2),

-		io[0],io[1],il,ir,t0,t1);

-	/* post whitening but kw4 */

-	io[2] ^= CamelliaSubkeyL(0);

-	io[3] ^= CamelliaSubkeyR(0);

-	t0 = io[0];

-	t1 = io[1];

-	io[0] = io[2];

-	io[1] = io[3];

-	io[2] = t0;

-	io[3] = t1;

-	return;

-	}

-/**

- * stuff for 192 and 256bit encryption/decryption

- */

-void camellia_encrypt256(const u32 *subkey, u32 *io)

-	{

-	u32 il,ir,t0,t1;           /* temporary valiables */

-	/* pre whitening but absorb kw2*/

-	io[0] ^= CamelliaSubkeyL(0);

-	io[1] ^= CamelliaSubkeyR(0);

-	/* main iteration */

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(2),CamelliaSubkeyR(2),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(3),CamelliaSubkeyR(3),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(4),CamelliaSubkeyR(4),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(5),CamelliaSubkeyR(5),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(6),CamelliaSubkeyR(6),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(7),CamelliaSubkeyR(7),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(8),CamelliaSubkeyR(8),

-		CamelliaSubkeyL(9),CamelliaSubkeyR(9),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(10),CamelliaSubkeyR(10),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(11),CamelliaSubkeyR(11),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(12),CamelliaSubkeyR(12),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(13),CamelliaSubkeyR(13),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(14),CamelliaSubkeyR(14),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(15),CamelliaSubkeyR(15),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(16),CamelliaSubkeyR(16),

-		CamelliaSubkeyL(17),CamelliaSubkeyR(17),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(18),CamelliaSubkeyR(18),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(19),CamelliaSubkeyR(19),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(20),CamelliaSubkeyR(20),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(21),CamelliaSubkeyR(21),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(22),CamelliaSubkeyR(22),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(23),CamelliaSubkeyR(23),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(24),CamelliaSubkeyR(24),

-		CamelliaSubkeyL(25),CamelliaSubkeyR(25),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(26),CamelliaSubkeyR(26),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(27),CamelliaSubkeyR(27),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(28),CamelliaSubkeyR(28),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(29),CamelliaSubkeyR(29),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(30),CamelliaSubkeyR(30),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(31),CamelliaSubkeyR(31),

-		io[0],io[1],il,ir,t0,t1);

-	/* post whitening but kw4 */

-	io[2] ^= CamelliaSubkeyL(32);

-	io[3] ^= CamelliaSubkeyR(32);

-	t0 = io[0];

-	t1 = io[1];

-	io[0] = io[2];

-	io[1] = io[3];

-	io[2] = t0;

-	io[3] = t1;

-	return;

-	}

-void camellia_decrypt256(const u32 *subkey, u32 *io)

-	{

-	u32 il,ir,t0,t1;           /* temporary valiables */

-	/* pre whitening but absorb kw2*/

-	io[0] ^= CamelliaSubkeyL(32);

-	io[1] ^= CamelliaSubkeyR(32);

-	/* main iteration */

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(31),CamelliaSubkeyR(31),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(30),CamelliaSubkeyR(30),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(29),CamelliaSubkeyR(29),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(28),CamelliaSubkeyR(28),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(27),CamelliaSubkeyR(27),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(26),CamelliaSubkeyR(26),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(25),CamelliaSubkeyR(25),

-		CamelliaSubkeyL(24),CamelliaSubkeyR(24),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(23),CamelliaSubkeyR(23),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(22),CamelliaSubkeyR(22),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(21),CamelliaSubkeyR(21),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(20),CamelliaSubkeyR(20),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(19),CamelliaSubkeyR(19),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(18),CamelliaSubkeyR(18),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(17),CamelliaSubkeyR(17),

-		CamelliaSubkeyL(16),CamelliaSubkeyR(16),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(15),CamelliaSubkeyR(15),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(14),CamelliaSubkeyR(14),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(13),CamelliaSubkeyR(13),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(12),CamelliaSubkeyR(12),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(11),CamelliaSubkeyR(11),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(10),CamelliaSubkeyR(10),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_FLS(io[0],io[1],io[2],io[3],

-		CamelliaSubkeyL(9),CamelliaSubkeyR(9),

-		CamelliaSubkeyL(8),CamelliaSubkeyR(8),

-		t0,t1,il,ir);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(7),CamelliaSubkeyR(7),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(6),CamelliaSubkeyR(6),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(5),CamelliaSubkeyR(5),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(4),CamelliaSubkeyR(4),

-		io[0],io[1],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[0],io[1],

-		CamelliaSubkeyL(3),CamelliaSubkeyR(3),

-		io[2],io[3],il,ir,t0,t1);

-	CAMELLIA_ROUNDSM(io[2],io[3],

-		CamelliaSubkeyL(2),CamelliaSubkeyR(2),

-		io[0],io[1],il,ir,t0,t1);

-	/* post whitening but kw4 */

-	io[2] ^= CamelliaSubkeyL(0);

-	io[3] ^= CamelliaSubkeyR(0);

-	t0 = io[0];

-	t1 = io[1];

-	io[0] = io[2];

-	io[1] = io[3];

-	io[2] = t0;

-	io[3] = t1;

-	return;

-	}

--- a/sys/src/ape/lib/openssl/crypto/camellia/camellia.h

+++ /dev/null

@@ -1,129 +1,0 @@

-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef HEADER_CAMELLIA_H

-#define HEADER_CAMELLIA_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_CAMELLIA

-#error CAMELLIA is disabled.

-#endif

-#define CAMELLIA_ENCRYPT	1

-#define CAMELLIA_DECRYPT	0

-/* Because array size can't be a const in C, the following two are macros.

-   Both sizes are in bytes. */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* This should be a hidden type, but EVP requires that the size be known */

-#define CAMELLIA_BLOCK_SIZE 16

-#define CAMELLIA_TABLE_BYTE_LEN 272

-#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)

- /* to match with WORD */

-typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];

-struct camellia_key_st

-	{

-	KEY_TABLE_TYPE rd_key;

-	int bitLength;

-	void (*enc)(const unsigned int *subkey, unsigned int *io);

-	void (*dec)(const unsigned int *subkey, unsigned int *io);

-	};

-typedef struct camellia_key_st CAMELLIA_KEY;

-int Camellia_set_key(const unsigned char *userKey, const int bits,

-	CAMELLIA_KEY *key);

-void Camellia_encrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key);

-void Camellia_decrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key);

-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key, const int enc);

-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, const int enc);

-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc);

-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,

-	const int nbits,const CAMELLIA_KEY *key,

-	unsigned char *ivec,const int enc);

-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num);

-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char ivec[CAMELLIA_BLOCK_SIZE],

-	unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],

-	unsigned int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* !HEADER_Camellia_H */

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_cbc.c

+++ /dev/null

@@ -1,273 +1,0 @@

-/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef CAMELLIA_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <stdio.h>

-#include <string.h>

-#include <openssl/camellia.h>

-#include "cmll_locl.h"

-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,

-		     const unsigned long length, const CAMELLIA_KEY *key,

-		     unsigned char *ivec, const int enc) {

-	unsigned long n;

-	unsigned long len = length;

-	const unsigned char *iv = ivec;

-	union {	u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)];

-		u8  t8 [CAMELLIA_BLOCK_SIZE]; } tmp;

-	const union { long one; char little; } camellia_endian = {1};

-	assert(in && out && key && ivec);

-	assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));

-	if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0)

-		{

-		if (CAMELLIA_ENCRYPT == enc)

-			{

-			while (len >= CAMELLIA_BLOCK_SIZE)

-				{

-				XOR4WORD2((u32 *)out,

-					(u32 *)in, (u32 *)iv);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				key->enc(key->rd_key, (u32 *)out);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				iv = out;

-				len -= CAMELLIA_BLOCK_SIZE;

-				in += CAMELLIA_BLOCK_SIZE;

-				out += CAMELLIA_BLOCK_SIZE;

-				}

-			if (len)

-				{

-				for(n=0; n < len; ++n)

-					out[n] = in[n] ^ iv[n];

-				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)

-					out[n] = iv[n];

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				key->enc(key->rd_key, (u32 *)out);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				iv = out;

-				}

-			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);

-			}

-		else if (in != out)

-			{

-			while (len >= CAMELLIA_BLOCK_SIZE)

-				{

-				memcpy(out,in,CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				key->dec(key->rd_key,(u32 *)out);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				XOR4WORD((u32 *)out, (u32 *)iv);

-				iv = in;

-				len -= CAMELLIA_BLOCK_SIZE;

-				in  += CAMELLIA_BLOCK_SIZE;

-				out += CAMELLIA_BLOCK_SIZE;

-				}

-			if (len)

-				{

-				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->dec(key->rd_key, tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				for(n=0; n < len; ++n)

-					out[n] = tmp.t8[n] ^ iv[n];

-				iv = in;

-				}

-			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);

-			}

-		else /* in == out */

-			{

-			while (len >= CAMELLIA_BLOCK_SIZE)

-				{

-				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				key->dec(key->rd_key, (u32 *)out);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				XOR4WORD((u32 *)out, (u32 *)ivec);

-				memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);

-				len -= CAMELLIA_BLOCK_SIZE;

-				in += CAMELLIA_BLOCK_SIZE;

-				out += CAMELLIA_BLOCK_SIZE;

-				}

-			if (len)

-				{

-				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				key->dec(key->rd_key,(u32 *)out);

-				if (camellia_endian.little)

-					SWAP4WORD((u32 *)out);

-				for(n=0; n < len; ++n)

-					out[n] ^= ivec[n];

-				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)

-					out[n] = tmp.t8[n];

-				memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);

-				}

-			}

-		}

-	else /* no aligned */

-		{

-		if (CAMELLIA_ENCRYPT == enc)

-			{

-			while (len >= CAMELLIA_BLOCK_SIZE)

-				{

-				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)

-					tmp.t8[n] = in[n] ^ iv[n];

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->enc(key->rd_key, tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);

-				iv = out;

-				len -= CAMELLIA_BLOCK_SIZE;

-				in += CAMELLIA_BLOCK_SIZE;

-				out += CAMELLIA_BLOCK_SIZE;

-				}

-			if (len)

-				{

-				for(n=0; n < len; ++n)

-					tmp.t8[n] = in[n] ^ iv[n];

-				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)

-					tmp.t8[n] = iv[n];

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->enc(key->rd_key, tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);

-				iv = out;

-				}

-			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);

-			}

-		else if (in != out)

-			{

-			while (len >= CAMELLIA_BLOCK_SIZE)

-				{

-				memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->dec(key->rd_key,tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)

-					out[n] = tmp.t8[n] ^ iv[n];

-				iv = in;

-				len -= CAMELLIA_BLOCK_SIZE;

-				in  += CAMELLIA_BLOCK_SIZE;

-				out += CAMELLIA_BLOCK_SIZE;

-				}

-			if (len)

-				{

-				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->dec(key->rd_key, tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				for(n=0; n < len; ++n)

-					out[n] = tmp.t8[n] ^ iv[n];

-				iv = in;

-				}

-			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);

-			}

-		else

-			{

-			while (len >= CAMELLIA_BLOCK_SIZE)

-				{

-				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->dec(key->rd_key, tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)

-					tmp.t8[n] ^= ivec[n];

-				memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);

-				memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);

-				len -= CAMELLIA_BLOCK_SIZE;

-				in += CAMELLIA_BLOCK_SIZE;

-				out += CAMELLIA_BLOCK_SIZE;

-				}

-			if (len)

-				{

-				memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				key->dec(key->rd_key,tmp.t32);

-				if (camellia_endian.little)

-					SWAP4WORD(tmp.t32);

-				for(n=0; n < len; ++n)

-					tmp.t8[n] ^= ivec[n];

-				memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);

-				memcpy(out,tmp.t8,len);

-				}

-			}

-		}

-}

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_cfb.c

+++ /dev/null

@@ -1,235 +1,0 @@

-/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef CAMELLIA_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <string.h>

-#include <openssl/camellia.h>

-#include "cmll_locl.h"

-#include "e_os.h"

-/* The input and output encrypted as though 128bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 128bit block we have used is contained in *num;

- */

-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc)

-	{

-	unsigned int n;

-	unsigned long l = length;

-	unsigned char c;

-	assert(in && out && key && ivec && num);

-	n = *num;

-	if (enc)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				Camellia_encrypt(ivec, ivec, key);

-				}

-			ivec[n] = *(out++) = *(in++) ^ ivec[n];

-			n = (n+1) % CAMELLIA_BLOCK_SIZE;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				Camellia_encrypt(ivec, ivec, key);

-				}

-			c = *(in);

-			*(out++) = *(in++) ^ ivec[n];

-			ivec[n] = c;

-			n = (n+1) % CAMELLIA_BLOCK_SIZE;

-			}

-		}

-	*num=n;

-	}

-/* This expects a single block of size nbits for both in and out. Note that

-   it corrupts any extra bits in the last byte of out */

-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,

-	const int nbits,const CAMELLIA_KEY *key,

-	unsigned char *ivec,const int enc)

-	{

-	int n,rem,num;

-	unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];

-	if (nbits<=0 || nbits>128) return;

-	/* fill in the first half of the new IV with the current IV */

-	memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);

-	/* construct the new IV */

-	Camellia_encrypt(ivec,ivec,key);

-	num = (nbits+7)/8;

-	if (enc)	/* encrypt the input */

-		for(n=0 ; n < num ; ++n)

-			out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);

-	else		/* decrypt the input */

-		for(n=0 ; n < num ; ++n)

-			out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];

-	/* shift ovec left... */

-	rem = nbits%8;

-	num = nbits/8;

-	if(rem==0)

-		memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);

-	else

-		for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)

-			ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);

-	/* it is not necessary to cleanse ovec, since the IV is not secret */

-	}

-/* N.B. This expects the input to be packed, MS bit first */

-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc)

-	{

-	unsigned int n;

-	unsigned char c[1],d[1];

-	assert(in && out && key && ivec && num);

-	assert(*num == 0);

-	memset(out,0,(length+7)/8);

-	for(n=0 ; n < length ; ++n)

-		{

-		c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;

-		Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);

-		out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));

-		}

-	}

-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num, const int enc)

-	{

-	unsigned int n;

-	assert(in && out && key && ivec && num);

-	assert(*num == 0);

-	for(n=0 ; n < length ; ++n)

-		Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);

-	}

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_ctr.c

+++ /dev/null

@@ -1,143 +1,0 @@

-/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef CAMELLIA_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/camellia.h>

-#include "cmll_locl.h"

-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the Camellia code

- * is endian-neutral. */

-/* increment counter (128-bit int) by 1 */

-static void Camellia_ctr128_inc(unsigned char *counter)

-	{

-	unsigned long c;

-	/* Grab bottom dword of counter and increment */

-	c = GETU32(counter + 12);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter + 12, c);

-	/* if no overflow, we're done */

-	if (c)

-		return;

-	/* Grab 1st dword of counter and increment */

-	c = GETU32(counter +  8);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter +  8, c);

-	/* if no overflow, we're done */

-	if (c)

-		return;

-	/* Grab 2nd dword of counter and increment */

-	c = GETU32(counter +  4);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter +  4, c);

-	/* if no overflow, we're done */

-	if (c)

-		return;

-	/* Grab top dword of counter and increment */

-	c = GETU32(counter +  0);

-	c++;	c &= 0xFFFFFFFF;

-	PUTU32(counter +  0, c);

-	}

-/* The input encrypted as though 128bit counter mode is being

- * used.  The extra state information to record how much of the

- * 128bit block we have used is contained in *num, and the

- * encrypted counter is kept in ecount_buf.  Both *num and

- * ecount_buf must be initialised with zeros before the first

- * call to Camellia_ctr128_encrypt().

- *

- * This algorithm assumes that the counter is in the x lower bits

- * of the IV (ivec), and that the application has full control over

- * overflow and the rest of the IV.  This implementation takes NO

- * responsability for checking that the counter doesn't overflow

- * into the rest of the IV when incremented.

- */

-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char ivec[CAMELLIA_BLOCK_SIZE],

-	unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],

-	unsigned int *num)

-	{

-	unsigned int n;

-	unsigned long l=length;

-	assert(in && out && key && counter && num);

-	assert(*num < CAMELLIA_BLOCK_SIZE);

-	n = *num;

-	while (l--)

-		{

-		if (n == 0)

-			{

-			Camellia_encrypt(ivec, ecount_buf, key);

-			Camellia_ctr128_inc(ivec);

-			}

-		*(out++) = *(in++) ^ ecount_buf[n];

-		n = (n+1) % CAMELLIA_BLOCK_SIZE;

-		}

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_ecb.c

+++ /dev/null

@@ -1,74 +1,0 @@

-/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#ifndef CAMELLIA_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/camellia.h>

-#include "cmll_locl.h"

-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key, const int enc)

-	{

-	assert(in && out && key);

-	assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));

-	if (CAMELLIA_ENCRYPT == enc)

-		Camellia_encrypt(in, out, key);

-	else

-		Camellia_decrypt(in, out, key);

-	}

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_locl.h

+++ /dev/null

@@ -1,165 +1,0 @@

-/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .

- * ALL RIGHTS RESERVED.

- *

- * Intellectual Property information for Camellia:

- *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html

- *

- * News Release for Announcement of Camellia open source:

- *     http://www.ntt.co.jp/news/news06e/0604/060413a.html

- *

- * The Camellia Code included herein is developed by

- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed

- * to the OpenSSL project.

- *

- * The Camellia Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- */

-#ifndef HEADER_CAMELLIA_LOCL_H

-#define HEADER_CAMELLIA_LOCL_H

-#include "openssl/e_os2.h"

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-typedef unsigned char u8;

-typedef unsigned int u32;

-#ifdef __cplusplus

-extern "C" {

-#endif

-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))

-# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )

-# define GETU32(p) SWAP(*((u32 *)(p)))

-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }

-# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )

-#else /* not windows */

-# define GETU32(pt) (((u32)(pt)[0] << 24) \

-	^ ((u32)(pt)[1] << 16) \

-	^ ((u32)(pt)[2] <<  8) \

-	^ ((u32)(pt)[3]))

-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \

-	(ct)[1] = (u8)((st) >> 16); \

-	(ct)[2] = (u8)((st) >>  8); \

-	(ct)[3] = (u8)(st); }

-#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))

-#define CAMELLIA_SWAP4(x) \

-  do{\

-    asm("bswap %1" : "+r" (x));\

-  }while(0)

-#else

-#define CAMELLIA_SWAP4(x) \

-   do{\

-     x = ((u32)x << 16) + ((u32)x >> 16);\

-     x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\

-   } while(0)

-#endif

-#endif

-#define COPY4WORD(dst, src)	 \

-	     do			 \

-		     {		 \

-		     (dst)[0]=(src)[0];		\

-		     (dst)[1]=(src)[1];		\

-		     (dst)[2]=(src)[2];		\

-		     (dst)[3]=(src)[3];		\

-		     }while(0)

-#define SWAP4WORD(word)				\

-   do						\

-	   {					\

-	   CAMELLIA_SWAP4((word)[0]);			\

-	   CAMELLIA_SWAP4((word)[1]);			\

-	   CAMELLIA_SWAP4((word)[2]);			\

-	   CAMELLIA_SWAP4((word)[3]);			\

-	   }while(0)

-#define XOR4WORD(a, b)/* a = a ^ b */		\

-   do						\

-	{					\

-	(a)[0]^=(b)[0];				\

-	(a)[1]^=(b)[1];				\

-	(a)[2]^=(b)[2];				\

-	(a)[3]^=(b)[3];				\

-	}while(0)

-#define XOR4WORD2(a, b, c)/* a = b ^ c */	\

-   do						\

-	{					\

-	(a)[0]=(b)[0]^(c)[0];			\

-	(a)[1]=(b)[1]^(c)[1];				\

-	(a)[2]=(b)[2]^(c)[2];				\

-	(a)[3]=(b)[3]^(c)[3];				\

-	}while(0)

-void camellia_setup128(const u8 *key, u32 *subkey);

-void camellia_setup192(const u8 *key, u32 *subkey);

-void camellia_setup256(const u8 *key, u32 *subkey);

-void camellia_encrypt128(const u32 *subkey, u32 *io);

-void camellia_decrypt128(const u32 *subkey, u32 *io);

-void camellia_encrypt256(const u32 *subkey, u32 *io);

-void camellia_decrypt256(const u32 *subkey, u32 *io);

-#ifdef __cplusplus

-}

-#endif

-#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_misc.c

+++ /dev/null

@@ -1,116 +1,0 @@

-/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include <openssl/opensslv.h>

-#include <openssl/camellia.h>

-#include "cmll_locl.h"

-const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;

-int Camellia_set_key(const unsigned char *userKey, const int bits,

-	CAMELLIA_KEY *key)

-	{

-	if (!userKey || !key)

-		{

-		return -1;

-		}

-	switch(bits)

-		{

-	case 128:

-		camellia_setup128(userKey, (unsigned int *)key->rd_key);

-		key->enc = camellia_encrypt128;

-		key->dec = camellia_decrypt128;

-		break;

-	case 192:

-		camellia_setup192(userKey, (unsigned int *)key->rd_key);

-		key->enc = camellia_encrypt256;

-		key->dec = camellia_decrypt256;

-		break;

-	case 256:

-		camellia_setup256(userKey, (unsigned int *)key->rd_key);

-		key->enc = camellia_encrypt256;

-		key->dec = camellia_decrypt256;

-		break;

-	default:

-		return -2;

-		}

-	key->bitLength = bits;

-	return 0;

-	}

-void Camellia_encrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key)

-	{

-	u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];

-	const union { long one; char little; } camellia_endian = {1};

-	memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);

-	if (camellia_endian.little) SWAP4WORD(tmp);

-	key->enc(key->rd_key, tmp);

-	if (camellia_endian.little) SWAP4WORD(tmp);

-	memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);

-	}

-void Camellia_decrypt(const unsigned char *in, unsigned char *out,

-	const CAMELLIA_KEY *key)

-	{

-	u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];

-	const union { long one; char little; } camellia_endian = {1};

-	memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);

-	if (camellia_endian.little) SWAP4WORD(tmp);

-	key->dec(key->rd_key, tmp);

-	if (camellia_endian.little) SWAP4WORD(tmp);

-	memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);

-	}

--- a/sys/src/ape/lib/openssl/crypto/camellia/cmll_ofb.c

+++ /dev/null

@@ -1,141 +1,0 @@

-/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef CAMELLIA_DEBUG

-# ifndef NDEBUG

-#  define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <openssl/camellia.h>

-#include "cmll_locl.h"

-/* The input and output encrypted as though 128bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 128bit block we have used is contained in *num;

- */

-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-	const unsigned long length, const CAMELLIA_KEY *key,

-	unsigned char *ivec, int *num) {

-	unsigned int n;

-	unsigned long l=length;

-	assert(in && out && key && ivec && num);

-	n = *num;

-	while (l--) {

-		if (n == 0) {

-			Camellia_encrypt(ivec, ivec, key);

-		}

-		*(out++) = *(in++) ^ ivec[n];

-		n = (n+1) % CAMELLIA_BLOCK_SIZE;

-	}

-	*num=n;

-}

--- a/sys/src/ape/lib/openssl/crypto/cast/Makefile

+++ /dev/null

@@ -1,106 +1,0 @@

-#

-# OpenSSL/crypto/cast/Makefile

-#

-DIR=	cast

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CAST_ENC=c_enc.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=casttest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c

-LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o

-SRC= $(LIBSRC)

-EXHEADER= cast.h

-HEADER=	cast_s.h cast_lcl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@)

-# COFF

-cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@)

-# a.out

-cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h

-c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-c_cfb64.o: c_cfb64.c cast_lcl.h

-c_ecb.o: ../../e_os.h ../../include/openssl/cast.h

-c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h

-c_enc.o: ../../e_os.h ../../include/openssl/cast.h

-c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-c_enc.o: c_enc.c cast_lcl.h

-c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h

-c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-c_ofb64.o: c_ofb64.c cast_lcl.h

-c_skey.o: ../../e_os.h ../../include/openssl/cast.h

-c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-c_skey.o: c_skey.c cast_lcl.h cast_s.h

--- a/sys/src/ape/lib/openssl/crypto/cast/asm/cast-586.pl

+++ /dev/null

@@ -1,176 +1,0 @@

-#!/usr/local/bin/perl

-# define for pentium pro friendly version

-$ppro=1;

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-require "cbc.pl";

-&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");

-$CAST_ROUNDS=16;

-$L="edi";

-$R="esi";

-$K="ebp";

-$tmp1="ecx";

-$tmp2="ebx";

-$tmp3="eax";

-$tmp4="edx";

-$S1="CAST_S_table0";

-$S2="CAST_S_table1";

-$S3="CAST_S_table2";

-$S4="CAST_S_table3";

-@F1=("add","xor","sub");

-@F2=("xor","sub","add");

-@F3=("sub","add","xor");

-&CAST_encrypt("CAST_encrypt",1);

-&CAST_encrypt("CAST_decrypt",0);

-&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);

-&asm_finish();

-sub CAST_encrypt {

-    local($name,$enc)=@_;

-    local($win_ex)=<<"EOF";

-EXTERN	_CAST_S_table0:DWORD

-EXTERN	_CAST_S_table1:DWORD

-EXTERN	_CAST_S_table2:DWORD

-EXTERN	_CAST_S_table3:DWORD

-EOF

-    &main::external_label(

-			  "CAST_S_table0",

-			  "CAST_S_table1",

-			  "CAST_S_table2",

-			  "CAST_S_table3",

-			  );

-    &function_begin_B($name,$win_ex);

-    &comment("");

-    &push("ebp");

-    &push("ebx");

-    &mov($tmp2,&wparam(0));

-    &mov($K,&wparam(1));

-    &push("esi");

-    &push("edi");

-    &comment("Load the 2 words");

-    &mov($L,&DWP(0,$tmp2,"",0));

-    &mov($R,&DWP(4,$tmp2,"",0));

-    &comment('Get short key flag');

-    &mov($tmp3,&DWP(128,$K,"",0));

-    if($enc) {

-	&push($tmp3);

-    } else {

-	&or($tmp3,$tmp3);

-	&jnz(&label('cast_dec_skip'));

-    }

-    &xor($tmp3,	$tmp3);

-    # encrypting part

-    if ($enc) {

-	&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&comment('test short key flag');

-	&pop($tmp4);

-	&or($tmp4,$tmp4);

-	&jnz(&label('cast_enc_done'));

-	&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-    } else {

-	&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&set_label('cast_dec_skip');

-	&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);

-	&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);

-    }

-    &set_label('cast_enc_done') if $enc;

-# Why the nop? - Ben 17/1/99

-    &nop();

-    &mov($tmp3,&wparam(0));

-    &mov(&DWP(4,$tmp3,"",0),$L);

-    &mov(&DWP(0,$tmp3,"",0),$R);

-    &function_end($name);

-}

-sub E_CAST {

-    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;

-    # Ri needs to have 16 pre added.

-    &comment("round $i");

-    &mov(	$tmp4,		&DWP($i*8,$K,"",1));

-    &mov(	$tmp1,		&DWP($i*8+4,$K,"",1));

-    &$OP1(	$tmp4,		$R);

-    &rotl(	$tmp4,		&LB($tmp1));

-    if ($ppro) {

-	&mov(	$tmp2,		$tmp4);		# B

-	&xor(	$tmp1,		$tmp1);

-	&movb(	&LB($tmp1),	&HB($tmp4));	# A

-	&and(	$tmp2,		0xff);

-	&shr(	$tmp4,		16); 		#

-	&xor(	$tmp3,		$tmp3);

-    } else {

-	&mov(	$tmp2,		$tmp4);		# B

-	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD

-	&shr(	$tmp4,		16); 		#

-	&and(	$tmp2,		0xff);

-    }

-    &movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD

-    &and(	$tmp4,		0xff);		# D

-    &mov(	$tmp1,		&DWP($S1,"",$tmp1,4));

-    &mov(	$tmp2,		&DWP($S2,"",$tmp2,4));

-    &$OP2(	$tmp1,		$tmp2);

-    &mov(	$tmp2,		&DWP($S3,"",$tmp3,4));

-    &$OP3(	$tmp1,		$tmp2);

-    &mov(	$tmp2,		&DWP($S4,"",$tmp4,4));

-    &$OP1(	$tmp1,		$tmp2);

-    # XXX

-    &xor(	$L,		$tmp1);

-    # XXX

-}

--- a/sys/src/ape/lib/openssl/crypto/cast/asm/readme

+++ /dev/null

@@ -1,7 +1,0 @@

-There is a ppro flag in cast-586 which turns on/off

-generation of pentium pro/II friendly code

-This flag makes the inner loop one cycle longer, but generates

-code that runs %30 faster on the pentium pro/II, while only %7 slower

-on the pentium.  By default, this flag is on.

--- a/sys/src/ape/lib/openssl/crypto/cast/c_cfb64.c

+++ /dev/null

@@ -1,122 +1,0 @@

-/* crypto/cast/c_cfb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/cast.h>

-#include "cast_lcl.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, CAST_KEY *schedule, unsigned char *ivec,

-			int *num, int enc)

-	{

-	register CAST_LONG v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	CAST_LONG ti[2];

-	unsigned char *iv,c,cc;

-	iv=ivec;

-	if (enc)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				n2l(iv,v0); ti[0]=v0;

-				n2l(iv,v1); ti[1]=v1;

-				CAST_encrypt((CAST_LONG *)ti,schedule);

-				iv=ivec;

-				t=ti[0]; l2n(t,iv);

-				t=ti[1]; l2n(t,iv);

-				iv=ivec;

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				n2l(iv,v0); ti[0]=v0;

-				n2l(iv,v1); ti[1]=v1;

-				CAST_encrypt((CAST_LONG *)ti,schedule);

-				iv=ivec;

-				t=ti[0]; l2n(t,iv);

-				t=ti[1]; l2n(t,iv);

-				iv=ivec;

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=t=c=cc=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/c_ecb.c

+++ /dev/null

@@ -1,80 +1,0 @@

-/* crypto/cast/c_ecb.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/cast.h>

-#include "cast_lcl.h"

-#include <openssl/opensslv.h>

-const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;

-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,

-		      CAST_KEY *ks, int enc)

-	{

-	CAST_LONG l,d[2];

-	n2l(in,l); d[0]=l;

-	n2l(in,l); d[1]=l;

-	if (enc)

-		CAST_encrypt(d,ks);

-	else

-		CAST_decrypt(d,ks);

-	l=d[0]; l2n(l,out);

-	l=d[1]; l2n(l,out);

-	l=d[0]=d[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/c_enc.c

+++ /dev/null

@@ -1,207 +1,0 @@

-/* crypto/cast/c_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/cast.h>

-#include "cast_lcl.h"

-void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)

-	{

-	register CAST_LONG l,r,*k,t;

-	k= &(key->data[0]);

-	l=data[0];

-	r=data[1];

-	E_CAST( 0,k,l,r,+,^,-);

-	E_CAST( 1,k,r,l,^,-,+);

-	E_CAST( 2,k,l,r,-,+,^);

-	E_CAST( 3,k,r,l,+,^,-);

-	E_CAST( 4,k,l,r,^,-,+);

-	E_CAST( 5,k,r,l,-,+,^);

-	E_CAST( 6,k,l,r,+,^,-);

-	E_CAST( 7,k,r,l,^,-,+);

-	E_CAST( 8,k,l,r,-,+,^);

-	E_CAST( 9,k,r,l,+,^,-);

-	E_CAST(10,k,l,r,^,-,+);

-	E_CAST(11,k,r,l,-,+,^);

-	if(!key->short_key)

-	    {

-	    E_CAST(12,k,l,r,+,^,-);

-	    E_CAST(13,k,r,l,^,-,+);

-	    E_CAST(14,k,l,r,-,+,^);

-	    E_CAST(15,k,r,l,+,^,-);

-	    }

-	data[1]=l&0xffffffffL;

-	data[0]=r&0xffffffffL;

-	}

-void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)

-	{

-	register CAST_LONG l,r,*k,t;

-	k= &(key->data[0]);

-	l=data[0];

-	r=data[1];

-	if(!key->short_key)

-	    {

-	    E_CAST(15,k,l,r,+,^,-);

-	    E_CAST(14,k,r,l,-,+,^);

-	    E_CAST(13,k,l,r,^,-,+);

-	    E_CAST(12,k,r,l,+,^,-);

-	    }

-	E_CAST(11,k,l,r,-,+,^);

-	E_CAST(10,k,r,l,^,-,+);

-	E_CAST( 9,k,l,r,+,^,-);

-	E_CAST( 8,k,r,l,-,+,^);

-	E_CAST( 7,k,l,r,^,-,+);

-	E_CAST( 6,k,r,l,+,^,-);

-	E_CAST( 5,k,l,r,-,+,^);

-	E_CAST( 4,k,r,l,^,-,+);

-	E_CAST( 3,k,l,r,+,^,-);

-	E_CAST( 2,k,r,l,-,+,^);

-	E_CAST( 1,k,l,r,^,-,+);

-	E_CAST( 0,k,r,l,+,^,-);

-	data[1]=l&0xffffffffL;

-	data[0]=r&0xffffffffL;

-	}

-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     CAST_KEY *ks, unsigned char *iv, int enc)

-	{

-	register CAST_LONG tin0,tin1;

-	register CAST_LONG tout0,tout1,xor0,xor1;

-	register long l=length;

-	CAST_LONG tin[2];

-	if (enc)

-		{

-		n2l(iv,tout0);

-		n2l(iv,tout1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			CAST_encrypt(tin,ks);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2n(tout0,out);

-			l2n(tout1,out);

-			}

-		if (l != -8)

-			{

-			n2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			CAST_encrypt(tin,ks);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2n(tout0,out);

-			l2n(tout1,out);

-			}

-		l2n(tout0,iv);

-		l2n(tout1,iv);

-		}

-	else

-		{

-		n2l(iv,xor0);

-		n2l(iv,xor1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin[0]=tin0;

-			tin[1]=tin1;

-			CAST_decrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2n(tout0,out);

-			l2n(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin[0]=tin0;

-			tin[1]=tin1;

-			CAST_decrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2nn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		l2n(xor0,iv);

-		l2n(xor1,iv);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/c_ofb64.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/cast/c_ofb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/cast.h>

-#include "cast_lcl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, CAST_KEY *schedule, unsigned char *ivec,

-			int *num)

-	{

-	register CAST_LONG v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned char d[8];

-	register char *dp;

-	CAST_LONG ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv=ivec;

-	n2l(iv,v0);

-	n2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=(char *)d;

-	l2n(v0,dp);

-	l2n(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			CAST_encrypt((CAST_LONG *)ti,schedule);

-			dp=(char *)d;

-			t=ti[0]; l2n(t,dp);

-			t=ti[1]; l2n(t,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-		v0=ti[0];

-		v1=ti[1];

-		iv=ivec;

-		l2n(v0,iv);

-		l2n(v1,iv);

-		}

-	t=v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/c_skey.c

+++ /dev/null

@@ -1,166 +1,0 @@

-/* crypto/cast/c_skey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/cast.h>

-#include "cast_lcl.h"

-#include "cast_s.h"

-#define CAST_exp(l,A,a,n) \

-	A[n/4]=l; \

-	a[n+3]=(l    )&0xff; \

-	a[n+2]=(l>> 8)&0xff; \

-	a[n+1]=(l>>16)&0xff; \

-	a[n+0]=(l>>24)&0xff;

-#define S4 CAST_S_table4

-#define S5 CAST_S_table5

-#define S6 CAST_S_table6

-#define S7 CAST_S_table7

-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)

-	{

-	CAST_LONG x[16];

-	CAST_LONG z[16];

-	CAST_LONG k[32];

-	CAST_LONG X[4],Z[4];

-	CAST_LONG l,*K;

-	int i;

-	for (i=0; i<16; i++) x[i]=0;

-	if (len > 16) len=16;

-	for (i=0; i<len; i++)

-		x[i]=data[i];

-	if(len <= 10)

-	    key->short_key=1;

-	else

-	    key->short_key=0;

-	K= &k[0];

-	X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;

-	X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;

-	X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;

-	X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;

-	for (;;)

-		{

-	l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];

-	CAST_exp(l,Z,z, 0);

-	l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];

-	CAST_exp(l,Z,z, 4);

-	l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];

-	CAST_exp(l,Z,z, 8);

-	l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];

-	CAST_exp(l,Z,z,12);

-	K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];

-	K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];

-	K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];

-	K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];

-	l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];

-	CAST_exp(l,X,x, 0);

-	l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];

-	CAST_exp(l,X,x, 4);

-	l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];

-	CAST_exp(l,X,x, 8);

-	l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];

-	CAST_exp(l,X,x,12);

-	K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];

-	K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];

-	K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];

-	K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];

-	l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];

-	CAST_exp(l,Z,z, 0);

-	l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];

-	CAST_exp(l,Z,z, 4);

-	l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];

-	CAST_exp(l,Z,z, 8);

-	l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];

-	CAST_exp(l,Z,z,12);

-	K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];

-	K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];

-	K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];

-	K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];

-	l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];

-	CAST_exp(l,X,x, 0);

-	l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];

-	CAST_exp(l,X,x, 4);

-	l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];

-	CAST_exp(l,X,x, 8);

-	l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];

-	CAST_exp(l,X,x,12);

-	K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];

-	K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];

-	K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];

-	K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];

-	if (K != k)  break;

-	K+=16;

-		}

-	for (i=0; i<16; i++)

-		{

-		key->data[i*2]=k[i];

-		key->data[i*2+1]=((k[i+16])+16)&0x1f;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/cast.h

+++ /dev/null

@@ -1,105 +1,0 @@

-/* crypto/cast/cast.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_CAST_H

-#define HEADER_CAST_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_CAST

-#error CAST is disabled.

-#endif

-#define CAST_ENCRYPT	1

-#define CAST_DECRYPT	0

-#define CAST_LONG unsigned long

-#define CAST_BLOCK	8

-#define CAST_KEY_LENGTH	16

-typedef struct cast_key_st

-	{

-	CAST_LONG data[32];

-	int short_key;	/* Use reduced rounds for short key */

-	} CAST_KEY;

-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);

-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,

-		      int enc);

-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);

-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);

-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-		      CAST_KEY *ks, unsigned char *iv, int enc);

-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, CAST_KEY *schedule, unsigned char *ivec,

-			int *num, int enc);

-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, CAST_KEY *schedule, unsigned char *ivec,

-			int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/cast/cast_lcl.h

+++ /dev/null

@@ -1,227 +1,0 @@

-/* crypto/cast/cast_lcl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "e_os.h"

-#ifdef OPENSSL_SYS_WIN32

-#include <stdlib.h>

-#endif

-#undef c2l

-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \

-			 l|=((unsigned long)(*((c)++)))<< 8L, \

-			 l|=((unsigned long)(*((c)++)))<<16L, \

-			 l|=((unsigned long)(*((c)++)))<<24L)

-/* NOTE - c is not incremented as per c2l */

-#undef c2ln

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \

-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \

-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \

-			case 5: l2|=((unsigned long)(*(--(c))));     \

-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \

-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \

-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \

-			case 1: l1|=((unsigned long)(*(--(c))));     \

-				} \

-			}

-#undef l2c

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

-/* NOTE - c is not incremented as per l2c */

-#undef l2cn

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \

-				} \

-			}

-/* NOTE - c is not incremented as per n2l */

-#define n2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))    ; \

-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \

-			case 4: l1 =((unsigned long)(*(--(c))))    ; \

-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \

-				} \

-			}

-/* NOTE - c is not incremented as per l2n */

-#define l2nn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-				} \

-			}

-#undef n2l

-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \

-                         l|=((unsigned long)(*((c)++)))<<16L, \

-                         l|=((unsigned long)(*((c)++)))<< 8L, \

-                         l|=((unsigned long)(*((c)++))))

-#undef l2n

-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)     )&0xff))

-#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)

-#define ROTL(a,n)     (_lrotl(a,n))

-#else

-#define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))

-#endif

-#define C_M    0x3fc

-#define C_0    22L

-#define C_1    14L

-#define C_2     6L

-#define C_3     2L /* left shift */

-/* The rotate has an extra 16 added to it to help the x86 asm */

-#if defined(CAST_PTR)

-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \

-	{ \

-	int i; \

-	t=(key[n*2] OP1 R)&0xffffffffL; \

-	i=key[n*2+1]; \

-	t=ROTL(t,i); \

-	L^= (((((*(CAST_LONG *)((unsigned char *) \

-			CAST_S_table0+((t>>C_2)&C_M)) OP2 \

-		*(CAST_LONG *)((unsigned char *) \

-			CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \

-		*(CAST_LONG *)((unsigned char *) \

-			CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \

-		*(CAST_LONG *)((unsigned char *) \

-			CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \

-	}

-#elif defined(CAST_PTR2)

-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \

-	{ \

-	int i; \

-	CAST_LONG u,v,w; \

-	w=(key[n*2] OP1 R)&0xffffffffL; \

-	i=key[n*2+1]; \

-	w=ROTL(w,i); \

-	u=w>>C_2; \

-	v=w<<C_3; \

-	u&=C_M; \

-	v&=C_M; \

-	t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \

-	u=w>>C_0; \

-	t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\

-	v=w>>C_1; \

-	u&=C_M; \

-	v&=C_M; \

-	t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\

-	t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\

-	L^=(t&0xffffffff); \

-	}

-#else

-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \

-	{ \

-	CAST_LONG a,b,c,d; \

-	t=(key[n*2] OP1 R)&0xffffffff; \

-	t=ROTL(t,(key[n*2+1])); \

-	a=CAST_S_table0[(t>> 8)&0xff]; \

-	b=CAST_S_table1[(t    )&0xff]; \

-	c=CAST_S_table2[(t>>24)&0xff]; \

-	d=CAST_S_table3[(t>>16)&0xff]; \

-	L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \

-	}

-#endif

-extern const CAST_LONG CAST_S_table0[256];

-extern const CAST_LONG CAST_S_table1[256];

-extern const CAST_LONG CAST_S_table2[256];

-extern const CAST_LONG CAST_S_table3[256];

-extern const CAST_LONG CAST_S_table4[256];

-extern const CAST_LONG CAST_S_table5[256];

-extern const CAST_LONG CAST_S_table6[256];

-extern const CAST_LONG CAST_S_table7[256];

--- a/sys/src/ape/lib/openssl/crypto/cast/cast_s.h

+++ /dev/null

@@ -1,585 +1,0 @@

-/* crypto/cast/cast_s.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={

-	0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,

-	0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,

-	0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,

-	0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,

-	0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,

-	0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,

-	0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f,

-	0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0,

-	0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de,

-	0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7,

-	0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f,

-	0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935,

-	0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d,

-	0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d,

-	0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165,

-	0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50,

-	0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272,

-	0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe,

-	0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d,

-	0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3,

-	0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a,

-	0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167,

-	0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f,

-	0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291,

-	0xd7894360,0x425c750d,0x93b39e26,0x187184c9,

-	0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779,

-	0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6,

-	0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2,

-	0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9,

-	0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511,

-	0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e,

-	0x31366241,0x051ef495,0xaa573b04,0x4a805d8d,

-	0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e,

-	0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5,

-	0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82,

-	0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324,

-	0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac,

-	0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c,

-	0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f,

-	0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc,

-	0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491,

-	0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d,

-	0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de,

-	0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96,

-	0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a,

-	0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a,

-	0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79,

-	0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d,

-	0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779,

-	0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd,

-	0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755,

-	0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6,

-	0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb,

-	0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9,

-	0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0,

-	0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872,

-	0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79,

-	0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c,

-	0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298,

-	0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e,

-	0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571,

-	0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9,

-	0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,

-	0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={

-	0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,

-	0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,

-	0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,

-	0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3,

-	0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909,

-	0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb,

-	0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b,

-	0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806,

-	0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4,

-	0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b,

-	0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f,

-	0x62143154,0x0d554b63,0x5d681121,0xc866c359,

-	0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21,

-	0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b,

-	0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d,

-	0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c,

-	0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f,

-	0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34,

-	0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d,

-	0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb,

-	0xe8256333,0x844e8212,0x128d8098,0xfed33fb4,

-	0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd,

-	0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801,

-	0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860,

-	0x54f03084,0x066ff472,0xa31aa153,0xdadc4755,

-	0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b,

-	0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709,

-	0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304,

-	0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b,

-	0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b,

-	0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c,

-	0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf,

-	0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9,

-	0x0beeff53,0xe3214517,0xb4542835,0x9f63293c,

-	0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3,

-	0xf33401c6,0x30a22c95,0x31a70850,0x60930f13,

-	0x73f98417,0xa1269859,0xec645c44,0x52c877a9,

-	0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f,

-	0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab,

-	0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6,

-	0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4,

-	0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6,

-	0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43,

-	0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58,

-	0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8,

-	0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906,

-	0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171,

-	0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d,

-	0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89,

-	0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6,

-	0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b,

-	0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4,

-	0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb,

-	0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6,

-	0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e,

-	0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f,

-	0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea,

-	0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249,

-	0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea,

-	0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa,

-	0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd,

-	0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9,

-	0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,

-	0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={

-	0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,

-	0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,

-	0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,

-	0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5,

-	0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e,

-	0xb9afa820,0xfade82e0,0xa067268b,0x8272792e,

-	0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc,

-	0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240,

-	0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e,

-	0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5,

-	0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f,

-	0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b,

-	0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99,

-	0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71,

-	0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f,

-	0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04,

-	0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380,

-	0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82,

-	0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8,

-	0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15,

-	0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504,

-	0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2,

-	0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6,

-	0x94fd6574,0x927985b2,0x8276dbcb,0x02778176,

-	0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e,

-	0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148,

-	0xef303cab,0x984faf28,0x779faf9b,0x92dc560d,

-	0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc,

-	0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1,

-	0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341,

-	0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c,

-	0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e,

-	0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15,

-	0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51,

-	0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4,

-	0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f,

-	0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b,

-	0x6d498623,0x193cbcfa,0x27627545,0x825cf47a,

-	0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392,

-	0x10428db7,0x8272a972,0x9270c4a8,0x127de50b,

-	0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231,

-	0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b,

-	0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889,

-	0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5,

-	0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67,

-	0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45,

-	0x3a609437,0xec00c9a9,0x44715253,0x0a874b49,

-	0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536,

-	0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d,

-	0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc,

-	0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d,

-	0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0,

-	0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e,

-	0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69,

-	0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767,

-	0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2,

-	0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce,

-	0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49,

-	0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24,

-	0xaf96da0f,0x68458425,0x99833be5,0x600d457d,

-	0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0,

-	0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a,

-	0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,

-	0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={

-	0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,

-	0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,

-	0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,

-	0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf,

-	0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220,

-	0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15,

-	0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe,

-	0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121,

-	0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701,

-	0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25,

-	0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b,

-	0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5,

-	0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93,

-	0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb,

-	0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746,

-	0xc9335400,0x6920318f,0x081dbb99,0xffc304a5,

-	0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9,

-	0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d,

-	0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb,

-	0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6,

-	0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c,

-	0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23,

-	0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7,

-	0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003,

-	0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340,

-	0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6,

-	0xe756bdff,0xdd3369ac,0xec17b035,0x06572327,

-	0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119,

-	0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec,

-	0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24,

-	0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205,

-	0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a,

-	0x6701902c,0x9b757a54,0x31d477f7,0x9126b031,

-	0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79,

-	0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5,

-	0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df,

-	0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c,

-	0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26,

-	0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69,

-	0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab,

-	0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9,

-	0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7,

-	0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff,

-	0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417,

-	0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3,

-	0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2,

-	0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2,

-	0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2,

-	0x109873f6,0x00613096,0xc32d9521,0xada121ff,

-	0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a,

-	0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091,

-	0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919,

-	0x77079103,0xdea03af6,0x78a8565e,0xdee356df,

-	0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef,

-	0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf,

-	0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876,

-	0x39e4460c,0x1fda8538,0x1987832f,0xca007367,

-	0xa99144f8,0x296b299e,0x492fc295,0x9266beab,

-	0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c,

-	0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04,

-	0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43,

-	0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282,

-	0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,

-	0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={

-	0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,

-	0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,

-	0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,

-	0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a,

-	0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180,

-	0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff,

-	0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2,

-	0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02,

-	0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725,

-	0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a,

-	0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b,

-	0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7,

-	0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571,

-	0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9,

-	0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec,

-	0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981,

-	0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea,

-	0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774,

-	0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263,

-	0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655,

-	0x911e739a,0x17af8975,0x32c7911c,0x89f89468,

-	0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2,

-	0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b,

-	0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910,

-	0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284,

-	0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1,

-	0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4,

-	0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da,

-	0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7,

-	0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049,

-	0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce,

-	0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f,

-	0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6,

-	0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba,

-	0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4,

-	0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be,

-	0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561,

-	0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3,

-	0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6,

-	0x309e374f,0x2cb6356a,0x85808573,0x4991f840,

-	0x76f0ae02,0x083be84d,0x28421c9a,0x44489406,

-	0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4,

-	0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472,

-	0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2,

-	0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487,

-	0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7,

-	0x445f7382,0x175683f4,0xcdc66a97,0x70be0288,

-	0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5,

-	0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2,

-	0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e,

-	0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78,

-	0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e,

-	0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76,

-	0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801,

-	0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0,

-	0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad,

-	0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58,

-	0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0,

-	0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2,

-	0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20,

-	0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be,

-	0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8,

-	0xe822fe15,0x88570983,0x750e6249,0xda627e55,

-	0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={

-	0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,

-	0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,

-	0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,

-	0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138,

-	0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e,

-	0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367,

-	0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866,

-	0xa084db2d,0x09a8486f,0xa888614a,0x2900af98,

-	0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c,

-	0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072,

-	0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd,

-	0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3,

-	0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53,

-	0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd,

-	0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d,

-	0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8,

-	0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf,

-	0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9,

-	0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807,

-	0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54,

-	0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a,

-	0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387,

-	0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563,

-	0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc,

-	0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0,

-	0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf,

-	0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be,

-	0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf,

-	0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0,

-	0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f,

-	0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2,

-	0x372b74af,0x692573e4,0xe9a9d848,0xf3160289,

-	0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853,

-	0x20951063,0x4576698d,0xb6fad407,0x592af950,

-	0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa,

-	0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f,

-	0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9,

-	0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b,

-	0x7dede786,0xc39a3373,0x42410005,0x6a091751,

-	0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be,

-	0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358,

-	0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13,

-	0x8cf63166,0x061c87be,0x88c98f88,0x6062e397,

-	0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976,

-	0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459,

-	0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0,

-	0x3007cd3e,0x74719eef,0xdc872681,0x073340d4,

-	0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891,

-	0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f,

-	0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da,

-	0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb,

-	0xe2969123,0x257f0c3d,0x9348af49,0x361400bc,

-	0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2,

-	0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084,

-	0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab,

-	0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25,

-	0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b,

-	0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121,

-	0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b,

-	0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5,

-	0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855,

-	0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd,

-	0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,

-	0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={

-	0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,

-	0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,

-	0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,

-	0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de,

-	0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd,

-	0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43,

-	0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f,

-	0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19,

-	0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9,

-	0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2,

-	0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e,

-	0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516,

-	0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83,

-	0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88,

-	0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e,

-	0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816,

-	0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a,

-	0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756,

-	0xc06eba30,0x07211b24,0x45c28829,0xc95e317f,

-	0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a,

-	0xad4ebc46,0x468f508b,0x7829435f,0xf124183b,

-	0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264,

-	0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78,

-	0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688,

-	0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d,

-	0xf7debb85,0x61fe033c,0x16746233,0x3c034c28,

-	0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802,

-	0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3,

-	0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9,

-	0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7,

-	0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302,

-	0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06,

-	0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858,

-	0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033,

-	0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a,

-	0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a,

-	0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4,

-	0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566,

-	0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df,

-	0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509,

-	0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9,

-	0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962,

-	0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c,

-	0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e,

-	0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07,

-	0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c,

-	0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939,

-	0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c,

-	0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e,

-	0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285,

-	0x74904698,0x4c2b0edd,0x4f757656,0x5d393378,

-	0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301,

-	0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd,

-	0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be,

-	0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567,

-	0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767,

-	0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2,

-	0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647,

-	0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf,

-	0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914,

-	0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2,

-	0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c,

-	0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,

-	0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,

-	};

-OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={

-	0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,

-	0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,

-	0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,

-	0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc,

-	0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940,

-	0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd,

-	0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42,

-	0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d,

-	0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164,

-	0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2,

-	0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4,

-	0x38129022,0xce949ad4,0xb84769ad,0x965bd862,

-	0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0,

-	0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc,

-	0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6,

-	0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c,

-	0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491,

-	0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e,

-	0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b,

-	0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039,

-	0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8,

-	0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8,

-	0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006,

-	0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42,

-	0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564,

-	0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5,

-	0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab,

-	0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472,

-	0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc,

-	0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225,

-	0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8,

-	0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c,

-	0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441,

-	0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb,

-	0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f,

-	0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054,

-	0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504,

-	0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70,

-	0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c,

-	0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc,

-	0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6,

-	0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c,

-	0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd,

-	0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3,

-	0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4,

-	0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4,

-	0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc,

-	0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101,

-	0x730edebc,0x5b643113,0x94917e4f,0x503c2fba,

-	0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f,

-	0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf,

-	0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e,

-	0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603,

-	0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a,

-	0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37,

-	0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c,

-	0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819,

-	0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384,

-	0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,

-	0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,

-	0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,

-	0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,

-	0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,

-	0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,

-	};

--- a/sys/src/ape/lib/openssl/crypto/cast/cast_spd.c

+++ /dev/null

@@ -1,278 +1,0 @@

-/* crypto/cast/cast_spd.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/cast.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-#ifndef CLK_TCK

-#define HZ	100.0

-#else /* CLK_TCK */

-#define HZ ((double)CLK_TCK)

-#endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static unsigned char key[] ={

-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,

-			};

-	CAST_KEY sch;

-	double a,b,c,d;

-#ifndef SIGALRM

-	long ca,cb,cc;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	CAST_set_key(&sch,16,key);

-	count=10;

-	do	{

-		long i;

-		CAST_LONG data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			CAST_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count/512;

-	cb=count;

-	cc=count*8/BUFSIZE+1;

-	printf("Doing CAST_set_key %ld times\n",ca);

-#define COND(d)	(count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing CAST_set_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count+=4)

-		{

-		CAST_set_key(&sch,16,key);

-		CAST_set_key(&sch,16,key);

-		CAST_set_key(&sch,16,key);

-		CAST_set_key(&sch,16,key);

-		}

-	d=Time_F(STOP);

-	printf("%ld cast set_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing CAST_encrypt's for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing CAST_encrypt %ld times\n",cb);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cb); count+=4)

-		{

-		CAST_LONG data[2];

-		CAST_encrypt(data,&sch);

-		CAST_encrypt(data,&sch);

-		CAST_encrypt(data,&sch);

-		CAST_encrypt(data,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld CAST_encrypt's in %.2f second\n",count,d);

-	b=((double)COUNT(cb)*8)/d;

-#ifdef SIGALRM

-	printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,

-			&(key[0]),CAST_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-	printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);

-	printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);

-	printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/castopts.c

+++ /dev/null

@@ -1,342 +1,0 @@

-/* crypto/cast/castopts.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.

- * This is for machines with 64k code segment size restrictions. */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/cast.h>

-#define CAST_DEFAULT_OPTIONS

-#undef E_CAST

-#define CAST_encrypt  CAST_encrypt_normal

-#define CAST_decrypt  CAST_decrypt_normal

-#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal

-#undef HEADER_CAST_LOCL_H

-#include "c_enc.c"

-#define CAST_PTR

-#undef CAST_PTR2

-#undef E_CAST

-#undef CAST_encrypt

-#undef CAST_decrypt

-#undef CAST_cbc_encrypt

-#define CAST_encrypt  CAST_encrypt_ptr

-#define CAST_decrypt  CAST_decrypt_ptr

-#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr

-#undef HEADER_CAST_LOCL_H

-#include "c_enc.c"

-#undef CAST_PTR

-#define CAST_PTR2

-#undef E_CAST

-#undef CAST_encrypt

-#undef CAST_decrypt

-#undef CAST_cbc_encrypt

-#define CAST_encrypt  CAST_encrypt_ptr2

-#define CAST_decrypt  CAST_decrypt_ptr2

-#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2

-#undef HEADER_CAST_LOCL_H

-#include "c_enc.c"

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# ifndef CLK_TCK

-#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */

-#   define HZ	100.0

-#  else /* _BSD_CLK_TCK_ */

-#   define HZ ((double)_BSD_CLK_TCK_)

-#  endif

-# else /* CLK_TCK */

-#  define HZ ((double)CLK_TCK)

-# endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-#ifdef SIGALRM

-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);

-#else

-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);

-#endif

-#define time_it(func,name,index) \

-	print_name(name); \

-	Time_F(START); \

-	for (count=0,run=1; COND(cb); count+=4) \

-		{ \

-		unsigned long d[2]; \

-		func(d,&sch); \

-		func(d,&sch); \

-		func(d,&sch); \

-		func(d,&sch); \

-		} \

-	tm[index]=Time_F(STOP); \

-	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \

-	tm[index]=((double)COUNT(cb))/tm[index];

-#define print_it(name,index) \

-	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \

-		tm[index]*8,1.0e6/tm[index]);

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static char key[16]={	0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-				0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};

-	CAST_KEY sch;

-	double d,tm[16],max=0;

-	int rank[16];

-	char *str[16];

-	int max_idx=0,i,num=0,j;

-#ifndef SIGALARM

-	long ca,cb,cc,cd,ce;

-#endif

-	for (i=0; i<12; i++)

-		{

-		tm[i]=0.0;

-		rank[i]=0;

-		}

-#ifndef TIMES

-	fprintf(stderr,"To get the most accurate results, try to run this\n");

-	fprintf(stderr,"program when this computer is idle.\n");

-#endif

-	CAST_set_key(&sch,16,key);

-#ifndef SIGALRM

-	fprintf(stderr,"First we calculate the approximate speed ...\n");

-	count=10;

-	do	{

-		long i;

-		unsigned long data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			CAST_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count;

-	cb=count*3;

-	cc=count*3*8/BUFSIZE+1;

-	cd=count*8/BUFSIZE+1;

-	ce=count/20+1;

-#define COND(d) (count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c) (run)

-#define COUNT(d) (count)

-        signal(SIGALRM,sig_done);

-        alarm(10);

-#endif

-	time_it(CAST_encrypt_normal,	"CAST_encrypt_normal ", 0);

-	time_it(CAST_encrypt_ptr,	"CAST_encrypt_ptr    ", 1);

-	time_it(CAST_encrypt_ptr2,	"CAST_encrypt_ptr2   ", 2);

-	num+=3;

-	str[0]="<nothing>";

-	print_it("CAST_encrypt_normal ",0);

-	max=tm[0];

-	max_idx=0;

-	str[1]="ptr      ";

-	print_it("CAST_encrypt_ptr ",1);

-	if (max < tm[1]) { max=tm[1]; max_idx=1; }

-	str[2]="ptr2     ";

-	print_it("CAST_encrypt_ptr2 ",2);

-	if (max < tm[2]) { max=tm[2]; max_idx=2; }

-	printf("options    CAST ecb/s\n");

-	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);

-	d=tm[max_idx];

-	tm[max_idx]= -2.0;

-	max= -1.0;

-	for (;;)

-		{

-		for (i=0; i<3; i++)

-			{

-			if (max < tm[i]) { max=tm[i]; j=i; }

-			}

-		if (max < 0.0) break;

-		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);

-		tm[j]= -2.0;

-		max= -1.0;

-		}

-	switch (max_idx)

-		{

-	case 0:

-		printf("-DCAST_DEFAULT_OPTIONS\n");

-		break;

-	case 1:

-		printf("-DCAST_PTR\n");

-		break;

-	case 2:

-		printf("-DCAST_PTR2\n");

-		break;

-		}

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/casts.cpp

+++ /dev/null

@@ -1,70 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/cast.h>

-void main(int argc,char *argv[])

-	{

-	CAST_KEY key;

-	unsigned long s1,s2,e1,e2;

-	unsigned long data[2];

-	int i,j;

-	static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};

-	CAST_set_key(&key, 16,d);

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<1000; i++) /**/

-			{

-			CAST_encrypt(&data[0],&key);

-			GetTSC(s1);

-			CAST_encrypt(&data[0],&key);

-			CAST_encrypt(&data[0],&key);

-			CAST_encrypt(&data[0],&key);

-			GetTSC(e1);

-			GetTSC(s2);

-			CAST_encrypt(&data[0],&key);

-			CAST_encrypt(&data[0],&key);

-			CAST_encrypt(&data[0],&key);

-			CAST_encrypt(&data[0],&key);

-			GetTSC(e2);

-			CAST_encrypt(&data[0],&key);

-			}

-		printf("cast %d %d (%d)\n",

-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/cast/casttest.c

+++ /dev/null

@@ -1,233 +1,0 @@

-/* crypto/cast/casttest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */

-#include "../e_os.h"

-#ifdef OPENSSL_NO_CAST

-int main(int argc, char *argv[])

-{

-    printf("No CAST support\n");

-    return(0);

-}

-#else

-#include <openssl/cast.h>

-#define FULL_TEST

-static unsigned char k[16]={

-	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,

-	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A

-	};

-static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};

-static int k_len[3]={16,10,5};

-static unsigned char c[3][8]={

-	{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},

-	{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},

-	{0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},

-	};

-static unsigned char out[80];

-static unsigned char in_a[16]={

-	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,

-	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};

-static unsigned char in_b[16]={

-	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,

-	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};

-static unsigned char c_a[16]={

-	0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,

-	0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};

-static unsigned char c_b[16]={

-	0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,

-	0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};

-#if 0

-char *text="Hello to all people out there";

-static unsigned char cfb_key[16]={

-	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,

-	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,

-	};

-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};

-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];

-#define CFB_TEST_SIZE 24

-static unsigned char plain[CFB_TEST_SIZE]=

-        {

-        0x4e,0x6f,0x77,0x20,0x69,0x73,

-        0x20,0x74,0x68,0x65,0x20,0x74,

-        0x69,0x6d,0x65,0x20,0x66,0x6f,

-        0x72,0x20,0x61,0x6c,0x6c,0x20

-        };

-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={

-	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,

-	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,

-	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45

-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,

-	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,

-	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/

-	};

-#endif

-int main(int argc, char *argv[])

-    {

-#ifdef FULL_TEST

-    long l;

-    CAST_KEY key_b;

-#endif

-    int i,z,err=0;

-    CAST_KEY key;

-    for (z=0; z<3; z++)

-	{

-	CAST_set_key(&key,k_len[z],k);

-	CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);

-	if (memcmp(out,&(c[z][0]),8) != 0)

-	    {

-	    printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);

-	    printf("got     :");

-	    for (i=0; i<8; i++)

-		printf("%02X ",out[i]);

-	    printf("\n");

-	    printf("expected:");

-	    for (i=0; i<8; i++)

-		printf("%02X ",c[z][i]);

-	    err=20;

-	    printf("\n");

-	    }

-	CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);

-	if (memcmp(out,in,8) != 0)

-	    {

-	    printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);

-	    printf("got     :");

-	    for (i=0; i<8; i++)

-		printf("%02X ",out[i]);

-	    printf("\n");

-	    printf("expected:");

-	    for (i=0; i<8; i++)

-		printf("%02X ",in[i]);

-	    printf("\n");

-	    err=3;

-	    }

-	}

-    if (err == 0)

-	printf("ecb cast5 ok\n");

-#ifdef FULL_TEST

-      {

-      unsigned char out_a[16],out_b[16];

-      static char *hex="0123456789ABCDEF";

-      printf("This test will take some time....");

-      fflush(stdout);

-      memcpy(out_a,in_a,sizeof(in_a));

-      memcpy(out_b,in_b,sizeof(in_b));

-      i=1;

-      for (l=0; l<1000000L; l++)

-	  {

-	  CAST_set_key(&key_b,16,out_b);

-	  CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);

-	  CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);

-	  CAST_set_key(&key,16,out_a);

-	  CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);

-	  CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);

-	  if ((l & 0xffff) == 0xffff)

-	      {

-	      printf("%c",hex[i&0x0f]);

-	      fflush(stdout);

-	      i++;

-	      }

-	  }

-      if (	(memcmp(out_a,c_a,sizeof(c_a)) != 0) ||

-		(memcmp(out_b,c_b,sizeof(c_b)) != 0))

-	  {

-	  printf("\n");

-	  printf("Error\n");

-	  printf("A out =");

-	  for (i=0; i<16; i++) printf("%02X ",out_a[i]);

-	  printf("\nactual=");

-	  for (i=0; i<16; i++) printf("%02X ",c_a[i]);

-	  printf("\n");

-	  printf("B out =");

-	  for (i=0; i<16; i++) printf("%02X ",out_b[i]);

-	  printf("\nactual=");

-	  for (i=0; i<16; i++) printf("%02X ",c_b[i]);

-	  printf("\n");

-	  }

-      else

-	  printf(" ok\n");

-      }

-#endif

-    EXIT(err);

-    return(err);

-    }

-#endif

--- a/sys/src/ape/lib/openssl/crypto/comp/Makefile

+++ /dev/null

@@ -1,108 +1,0 @@

-#

-# OpenSSL/crypto/comp/Makefile

-#

-DIR=	comp

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= comp_lib.c comp_err.c \

-	c_rle.c c_zlib.c

-LIBOBJ=	comp_lib.o comp_err.o \

-	c_rle.o c_zlib.o

-SRC= $(LIBSRC)

-EXHEADER= comp.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-c_rle.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h

-c_rle.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

-c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-c_rle.o: ../../include/openssl/symhacks.h c_rle.c

-c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h

-c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c

-comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h

-comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-comp_err.o: ../../include/openssl/opensslconf.h

-comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-comp_err.o: ../../include/openssl/symhacks.h comp_err.c

-comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-comp_lib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h

-comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

-comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c

--- a/sys/src/ape/lib/openssl/crypto/comp/c_rle.c

+++ /dev/null

@@ -1,62 +1,0 @@

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/objects.h>

-#include <openssl/comp.h>

-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen);

-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen);

-static COMP_METHOD rle_method={

-	NID_rle_compression,

-	LN_rle_compression,

-	NULL,

-	NULL,

-	rle_compress_block,

-	rle_expand_block,

-	NULL,

-	NULL,

-	};

-COMP_METHOD *COMP_rle(void)

-	{

-	return(&rle_method);

-	}

-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,

-	     unsigned int olen, unsigned char *in, unsigned int ilen)

-	{

-	/* int i; */

-	if (olen < (ilen+1))

-		{

-		/* ZZZZZZZZZZZZZZZZZZZZZZ */

-		return(-1);

-		}

-	*(out++)=0;

-	memcpy(out,in,ilen);

-	return(ilen+1);

-	}

-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,

-	     unsigned int olen, unsigned char *in, unsigned int ilen)

-	{

-	int i;

-	if (olen < (ilen-1))

-		{

-		/* ZZZZZZZZZZZZZZZZZZZZZZ */

-		return(-1);

-		}

-	i= *(in++);

-	if (i == 0)

-		{

-		memcpy(out,in,ilen-1);

-		}

-	return(ilen-1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/comp/c_zlib.c

+++ /dev/null

@@ -1,412 +1,0 @@

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/objects.h>

-#include <openssl/comp.h>

-#include <openssl/err.h>

-COMP_METHOD *COMP_zlib(void );

-static COMP_METHOD zlib_method_nozlib={

-	NID_undef,

-	"(undef)",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	};

-#ifndef ZLIB

-#undef ZLIB_SHARED

-#else

-#include <zlib.h>

-static int zlib_stateful_init(COMP_CTX *ctx);

-static void zlib_stateful_finish(COMP_CTX *ctx);

-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen);

-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen);

-/* memory allocations functions for zlib intialization */

-static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size)

-{

-	void *p;

-	p=OPENSSL_malloc(no*size);

-	if (p)

-		memset(p, 0, no*size);

-	return p;

-}

-static void zlib_zfree(void* opaque, void* address)

-{

-	OPENSSL_free(address);

-}

-#if 0

-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen);

-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen);

-static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,

-	uLong sourceLen);

-static COMP_METHOD zlib_stateless_method={

-	NID_zlib_compression,

-	LN_zlib_compression,

-	NULL,

-	NULL,

-	zlib_compress_block,

-	zlib_expand_block,

-	NULL,

-	NULL,

-	};

-#endif

-static COMP_METHOD zlib_stateful_method={

-	NID_zlib_compression,

-	LN_zlib_compression,

-	zlib_stateful_init,

-	zlib_stateful_finish,

-	zlib_stateful_compress_block,

-	zlib_stateful_expand_block,

-	NULL,

-	NULL,

-	};

-/*

- * When OpenSSL is built on Windows, we do not want to require that

- * the ZLIB.DLL be available in order for the OpenSSL DLLs to

- * work.  Therefore, all ZLIB routines are loaded at run time

- * and we do not link to a .LIB file when ZLIB_SHARED is set.

- */

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)

-# include <windows.h>

-#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */

-#ifdef ZLIB_SHARED

-#include <openssl/dso.h>

-/* Function pointers */

-typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,

-	const Bytef *source, uLong sourceLen);

-typedef int (*inflateEnd_ft)(z_streamp strm);

-typedef int (*inflate_ft)(z_streamp strm, int flush);

-typedef int (*inflateInit__ft)(z_streamp strm,

-	const char * version, int stream_size);

-typedef int (*deflateEnd_ft)(z_streamp strm);

-typedef int (*deflate_ft)(z_streamp strm, int flush);

-typedef int (*deflateInit__ft)(z_streamp strm, int level,

-	const char * version, int stream_size);

-static compress_ft	p_compress=NULL;

-static inflateEnd_ft	p_inflateEnd=NULL;

-static inflate_ft	p_inflate=NULL;

-static inflateInit__ft	p_inflateInit_=NULL;

-static deflateEnd_ft	p_deflateEnd=NULL;

-static deflate_ft	p_deflate=NULL;

-static deflateInit__ft	p_deflateInit_=NULL;

-static int zlib_loaded = 0;     /* only attempt to init func pts once */

-static DSO *zlib_dso = NULL;

-#define compress                p_compress

-#define inflateEnd              p_inflateEnd

-#define inflate                 p_inflate

-#define inflateInit_            p_inflateInit_

-#define deflateEnd              p_deflateEnd

-#define deflate                 p_deflate

-#define deflateInit_            p_deflateInit_

-#endif /* ZLIB_SHARED */

-struct zlib_state

-	{

-	z_stream istream;

-	z_stream ostream;

-	};

-static int zlib_stateful_ex_idx = -1;

-static void zlib_stateful_free_ex_data(void *obj, void *item,

-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)

-	{

-	struct zlib_state *state = (struct zlib_state *)item;

-	inflateEnd(&state->istream);

-	deflateEnd(&state->ostream);

-	OPENSSL_free(state);

-	}

-static int zlib_stateful_init(COMP_CTX *ctx)

-	{

-	int err;

-	struct zlib_state *state =

-		(struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));

-	if (state == NULL)

-		goto err;

-	state->istream.zalloc = zlib_zalloc;

-	state->istream.zfree = zlib_zfree;

-	state->istream.opaque = Z_NULL;

-	state->istream.next_in = Z_NULL;

-	state->istream.next_out = Z_NULL;

-	state->istream.avail_in = 0;

-	state->istream.avail_out = 0;

-	err = inflateInit_(&state->istream,

-		ZLIB_VERSION, sizeof(z_stream));

-	if (err != Z_OK)

-		goto err;

-	state->ostream.zalloc = zlib_zalloc;

-	state->ostream.zfree = zlib_zfree;

-	state->ostream.opaque = Z_NULL;

-	state->ostream.next_in = Z_NULL;

-	state->ostream.next_out = Z_NULL;

-	state->ostream.avail_in = 0;

-	state->ostream.avail_out = 0;

-	err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION,

-		ZLIB_VERSION, sizeof(z_stream));

-	if (err != Z_OK)

-		goto err;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);

-	CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);

-	return 1;

- err:

-	if (state) OPENSSL_free(state);

-	return 0;

-	}

-static void zlib_stateful_finish(COMP_CTX *ctx)

-	{

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);

-	}

-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen)

-	{

-	int err = Z_OK;

-	struct zlib_state *state =

-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,

-			zlib_stateful_ex_idx);

-	if (state == NULL)

-		return -1;

-	state->ostream.next_in = in;

-	state->ostream.avail_in = ilen;

-	state->ostream.next_out = out;

-	state->ostream.avail_out = olen;

-	if (ilen > 0)

-		err = deflate(&state->ostream, Z_SYNC_FLUSH);

-	if (err != Z_OK)

-		return -1;

-#ifdef DEBUG_ZLIB

-	fprintf(stderr,"compress(%4d)->%4d %s\n",

-		ilen,olen - state->ostream.avail_out,

-		(ilen != olen - state->ostream.avail_out)?"zlib":"clear");

-#endif

-	return olen - state->ostream.avail_out;

-	}

-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen)

-	{

-	int err = Z_OK;

-	struct zlib_state *state =

-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,

-			zlib_stateful_ex_idx);

-	if (state == NULL)

-		return 0;

-	state->istream.next_in = in;

-	state->istream.avail_in = ilen;

-	state->istream.next_out = out;

-	state->istream.avail_out = olen;

-	if (ilen > 0)

-		err = inflate(&state->istream, Z_SYNC_FLUSH);

-	if (err != Z_OK)

-		return -1;

-#ifdef DEBUG_ZLIB

-	fprintf(stderr,"expand(%4d)->%4d %s\n",

-		ilen,olen - state->istream.avail_out,

-		(ilen != olen - state->istream.avail_out)?"zlib":"clear");

-#endif

-	return olen - state->istream.avail_out;

-	}

-#if 0

-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen)

-	{

-	unsigned long l;

-	int i;

-	int clear=1;

-	if (ilen > 128)

-		{

-		out[0]=1;

-		l=olen-1;

-		i=compress(&(out[1]),&l,in,(unsigned long)ilen);

-		if (i != Z_OK)

-			return(-1);

-		if (ilen > l)

-			{

-			clear=0;

-			l++;

-			}

-		}

-	if (clear)

-		{

-		out[0]=0;

-		memcpy(&(out[1]),in,ilen);

-		l=ilen+1;

-		}

-#ifdef DEBUG_ZLIB

-	fprintf(stderr,"compress(%4d)->%4d %s\n",

-		ilen,(int)l,(clear)?"clear":"zlib");

-#endif

-	return((int)l);

-	}

-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,

-	unsigned int olen, unsigned char *in, unsigned int ilen)

-	{

-	unsigned long l;

-	int i;

-	if (in[0])

-		{

-		l=olen;

-		i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);

-		if (i != Z_OK)

-			return(-1);

-		}

-	else

-		{

-		memcpy(out,&(in[1]),ilen-1);

-		l=ilen-1;

-		}

-#ifdef DEBUG_ZLIB

-        fprintf(stderr,"expand  (%4d)->%4d %s\n",

-		ilen,(int)l,in[0]?"zlib":"clear");

-#endif

-	return((int)l);

-	}

-static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,

-	     uLong sourceLen)

-{

-    z_stream stream;

-    int err;

-    stream.next_in = (Bytef*)source;

-    stream.avail_in = (uInt)sourceLen;

-    /* Check for source > 64K on 16-bit machine: */

-    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;

-    stream.next_out = dest;

-    stream.avail_out = (uInt)*destLen;

-    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;

-    stream.zalloc = (alloc_func)0;

-    stream.zfree = (free_func)0;

-    err = inflateInit_(&stream,

-	    ZLIB_VERSION, sizeof(z_stream));

-    if (err != Z_OK) return err;

-    err = inflate(&stream, Z_FINISH);

-    if (err != Z_STREAM_END) {

-        inflateEnd(&stream);

-        return err;

-    }

-    *destLen = stream.total_out;

-    err = inflateEnd(&stream);

-    return err;

-}

-#endif

-#endif

-COMP_METHOD *COMP_zlib(void)

-	{

-	COMP_METHOD *meth = &zlib_method_nozlib;

-#ifdef ZLIB_SHARED

-	if (!zlib_loaded)

-		{

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)

-		zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);

-#else

-		zlib_dso = DSO_load(NULL, "z", NULL, 0);

-#endif

-		if (zlib_dso != NULL)

-			{

-			p_compress

-				= (compress_ft) DSO_bind_func(zlib_dso,

-					"compress");

-			p_inflateEnd

-				= (inflateEnd_ft) DSO_bind_func(zlib_dso,

-					"inflateEnd");

-			p_inflate

-				= (inflate_ft) DSO_bind_func(zlib_dso,

-					"inflate");

-			p_inflateInit_

-				= (inflateInit__ft) DSO_bind_func(zlib_dso,

-					"inflateInit_");

-			p_deflateEnd

-				= (deflateEnd_ft) DSO_bind_func(zlib_dso,

-					"deflateEnd");

-			p_deflate

-				= (deflate_ft) DSO_bind_func(zlib_dso,

-					"deflate");

-			p_deflateInit_

-				= (deflateInit__ft) DSO_bind_func(zlib_dso,

-					"deflateInit_");

-			if (p_compress && p_inflateEnd && p_inflate

-				&& p_inflateInit_ && p_deflateEnd

-				&& p_deflate && p_deflateInit_)

-				zlib_loaded++;

-			}

-		}

-#endif

-#ifdef ZLIB_SHARED

-	if (zlib_loaded)

-#endif

-#if defined(ZLIB) || defined(ZLIB_SHARED)

-		{

-		/* init zlib_stateful_ex_idx here so that in a multi-process

-		 * application it's enough to intialize openssl before forking

-		 * (idx will be inherited in all the children) */

-		if (zlib_stateful_ex_idx == -1)

-			{

-			CRYPTO_w_lock(CRYPTO_LOCK_COMP);

-			if (zlib_stateful_ex_idx == -1)

-				zlib_stateful_ex_idx =

-					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,

-						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);

-			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);

-			if (zlib_stateful_ex_idx == -1)

-				goto err;

-			}

-		meth = &zlib_stateful_method;

-		}

-err:

-#endif

-	return(meth);

-	}

--- a/sys/src/ape/lib/openssl/crypto/comp/comp.h

+++ /dev/null

@@ -1,66 +1,0 @@

-#ifndef HEADER_COMP_H

-#define HEADER_COMP_H

-#include <openssl/crypto.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct comp_ctx_st COMP_CTX;

-typedef struct comp_method_st

-	{

-	int type;		/* NID for compression library */

-	const char *name;	/* A text string to identify the library */

-	int (*init)(COMP_CTX *ctx);

-	void (*finish)(COMP_CTX *ctx);

-	int (*compress)(COMP_CTX *ctx,

-			unsigned char *out, unsigned int olen,

-			unsigned char *in, unsigned int ilen);

-	int (*expand)(COMP_CTX *ctx,

-		      unsigned char *out, unsigned int olen,

-		      unsigned char *in, unsigned int ilen);

-	/* The following two do NOTHING, but are kept for backward compatibility */

-	long (*ctrl)(void);

-	long (*callback_ctrl)(void);

-	} COMP_METHOD;

-struct comp_ctx_st

-	{

-	COMP_METHOD *meth;

-	unsigned long compress_in;

-	unsigned long compress_out;

-	unsigned long expand_in;

-	unsigned long expand_out;

-	CRYPTO_EX_DATA	ex_data;

-	};

-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);

-void COMP_CTX_free(COMP_CTX *ctx);

-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,

-	unsigned char *in, int ilen);

-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,

-	unsigned char *in, int ilen);

-COMP_METHOD *COMP_rle(void );

-COMP_METHOD *COMP_zlib(void );

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_COMP_strings(void);

-/* Error codes for the COMP functions. */

-/* Function codes. */

-/* Reason codes. */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/comp/comp_err.c

+++ /dev/null

@@ -1,93 +1,0 @@

-/* crypto/comp/comp_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/comp.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)

-static ERR_STRING_DATA COMP_str_functs[]=

-	{

-{0,NULL}

-	};

-static ERR_STRING_DATA COMP_str_reasons[]=

-	{

-{0,NULL}

-	};

-#endif

-void ERR_load_COMP_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(COMP_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,COMP_str_functs);

-		ERR_load_strings(0,COMP_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/comp/comp_lib.c

+++ /dev/null

@@ -1,72 +1,0 @@

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/objects.h>

-#include <openssl/comp.h>

-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)

-	{

-	COMP_CTX *ret;

-	if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)

-		{

-		/* ZZZZZZZZZZZZZZZZ */

-		return(NULL);

-		}

-	memset(ret,0,sizeof(COMP_CTX));

-	ret->meth=meth;

-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))

-		{

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-void COMP_CTX_free(COMP_CTX *ctx)

-	{

-	if(ctx == NULL)

-	    return;

-	if (ctx->meth->finish != NULL)

-		ctx->meth->finish(ctx);

-	OPENSSL_free(ctx);

-	}

-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,

-	     unsigned char *in, int ilen)

-	{

-	int ret;

-	if (ctx->meth->compress == NULL)

-		{

-		/* ZZZZZZZZZZZZZZZZZ */

-		return(-1);

-		}

-	ret=ctx->meth->compress(ctx,out,olen,in,ilen);

-	if (ret > 0)

-		{

-		ctx->compress_in+=ilen;

-		ctx->compress_out+=ret;

-		}

-	return(ret);

-	}

-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,

-	     unsigned char *in, int ilen)

-	{

-	int ret;

-	if (ctx->meth->expand == NULL)

-		{

-		/* ZZZZZZZZZZZZZZZZZ */

-		return(-1);

-		}

-	ret=ctx->meth->expand(ctx,out,olen,in,ilen);

-	if (ret > 0)

-		{

-		ctx->expand_in+=ilen;

-		ctx->expand_out+=ret;

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/Makefile

+++ /dev/null

@@ -1,152 +1,0 @@

-#

-# OpenSSL/crypto/conf/Makefile

-#

-DIR=	conf

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \

-	 conf_mall.c conf_sap.c

-LIBOBJ=	conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \

-	conf_mall.o conf_sap.o

-SRC= $(LIBSRC)

-EXHEADER= conf.h conf_api.h

-HEADER=	conf_def.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-conf_api.o: ../../e_os.h ../../include/openssl/bio.h

-conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h

-conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-conf_api.o: ../../include/openssl/symhacks.h conf_api.c

-conf_def.o: ../../e_os.h ../../include/openssl/bio.h

-conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h

-conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c

-conf_def.o: conf_def.h

-conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h

-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-conf_err.o: ../../include/openssl/opensslconf.h

-conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-conf_err.o: ../../include/openssl/symhacks.h conf_err.c

-conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h

-conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h

-conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-conf_lib.o: ../../include/openssl/symhacks.h conf_lib.c

-conf_mall.o: ../../e_os.h ../../include/openssl/asn1.h

-conf_mall.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h

-conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-conf_mall.o: ../../include/openssl/objects.h

-conf_mall.o: ../../include/openssl/opensslconf.h

-conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c

-conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h

-conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-conf_mod.o: ../../include/openssl/opensslconf.h

-conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-conf_mod.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-conf_mod.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mod.c

-conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h

-conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h

-conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c

--- a/sys/src/ape/lib/openssl/crypto/conf/README

+++ /dev/null

@@ -1,78 +1,0 @@

-WARNING WARNING WARNING!!!

-This stuff is experimental, may change radically or be deleted altogether

-before OpenSSL 0.9.7 release. You have been warned!

-Configuration modules. These are a set of modules which can perform

-various configuration functions.

-Currently the routines should be called at most once when an application

-starts up: that is before it starts any threads.

-The routines read a configuration file set up like this:

------

-#default section

-openssl_init=init_section

-[init_section]

-module1=value1

-#Second instance of module1

-module1.1=valueX

-module2=value2

-module3=dso_literal

-module4=dso_section

-[dso_section]

-path=/some/path/to/some/dso.so

-other_stuff=other_value

-----

-When this file is loaded a configuration module with the specified

-string (module* in the above example) is looked up and its init

-function called as:

-int conf_init_func(CONF_IMODULE *md, CONF *cnf);

-The function can then take whatever action is appropriate, for example

-further lookups based on the value. Multiple instances of the same

-config module can be loaded.

-When the application closes down the modules are cleaned up by calling

-an optional finish function:

-void conf_finish_func(CONF_IMODULE *md);

-The finish functions are called in reverse order: that is the last module

-loaded is the first one cleaned up.

-If no module exists with a given name then an attempt is made to load

-a DSO with the supplied name. This might mean that "module3" attempts

-to load a DSO called libmodule3.so or module3.dll for example. An explicit

-DSO name can be given by including a separate section as in the module4 example

-above.

-The DSO is expected to at least contain an initialization function:

-int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);

-and may also include a finish function:

-void OPENSSL_finish(CONF_IMODULE *md);

-Static modules can also be added using,

-int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);

-where "name" is the name in the configuration file this function corresponds to.

-A set of builtin modules (currently only an ASN1 non functional test module) can be

-added by calling OPENSSL_load_builtin_modules().

-The function OPENSSL_config() is intended as a simple configuration function that

-any application can call to perform various default configuration tasks. It uses the

-file openssl.cnf in the usual locations.

--- a/sys/src/ape/lib/openssl/crypto/conf/cnf_save.c

+++ /dev/null

@@ -1,106 +1,0 @@

-/* crypto/conf/cnf_save.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/conf.h>

-static void print_conf(CONF_VALUE *cv);

-static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);

-main()

-	{

-	LHASH *conf;

-	long l;

-	conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);

-	if (conf == NULL)

-		{

-		fprintf(stderr,"error loading config, line %ld\n",l);

-		exit(1);

-		}

-	lh_doall(conf,LHASH_DOALL_FN(print_conf));

-	}

-static void print_conf(CONF_VALUE *cv)

-	{

-	int i;

-	CONF_VALUE *v;

-	char *section;

-	char *name;

-	char *value;

-	STACK *s;

-	/* If it is a single entry, return */

-	if (cv->name != NULL) return;

-	printf("[ %s ]\n",cv->section);

-	s=(STACK *)cv->value;

-	for (i=0; i<sk_num(s); i++)

-		{

-		v=(CONF_VALUE *)sk_value(s,i);

-		section=(v->section == NULL)?"None":v->section;

-		name=(v->name == NULL)?"None":v->name;

-		value=(v->value == NULL)?"None":v->value;

-		printf("%s=%s\n",name,value);

-		}

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/conf.h

+++ /dev/null

@@ -1,254 +1,0 @@

-/* crypto/conf/conf.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef  HEADER_CONF_H

-#define HEADER_CONF_H

-#include <openssl/bio.h>

-#include <openssl/lhash.h>

-#include <openssl/stack.h>

-#include <openssl/safestack.h>

-#include <openssl/e_os2.h>

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct

-	{

-	char *section;

-	char *name;

-	char *value;

-	} CONF_VALUE;

-DECLARE_STACK_OF(CONF_VALUE)

-DECLARE_STACK_OF(CONF_MODULE)

-DECLARE_STACK_OF(CONF_IMODULE)

-struct conf_st;

-struct conf_method_st;

-typedef struct conf_method_st CONF_METHOD;

-struct conf_method_st

-	{

-	const char *name;

-	CONF *(*create)(CONF_METHOD *meth);

-	int (*init)(CONF *conf);

-	int (*destroy)(CONF *conf);

-	int (*destroy_data)(CONF *conf);

-	int (*load_bio)(CONF *conf, BIO *bp, long *eline);

-	int (*dump)(const CONF *conf, BIO *bp);

-	int (*is_number)(const CONF *conf, char c);

-	int (*to_int)(const CONF *conf, char c);

-	int (*load)(CONF *conf, const char *name, long *eline);

-	};

-/* Module definitions */

-typedef struct conf_imodule_st CONF_IMODULE;

-typedef struct conf_module_st CONF_MODULE;

-/* DSO module function typedefs */

-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);

-typedef void conf_finish_func(CONF_IMODULE *md);

-#define	CONF_MFLAGS_IGNORE_ERRORS	0x1

-#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2

-#define CONF_MFLAGS_SILENT		0x4

-#define CONF_MFLAGS_NO_DSO		0x8

-#define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10

-#define CONF_MFLAGS_DEFAULT_SECTION	0x20

-int CONF_set_default_method(CONF_METHOD *meth);

-void CONF_set_nconf(CONF *conf,LHASH *hash);

-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);

-#ifndef OPENSSL_NO_FP_API

-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);

-#endif

-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);

-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);

-char *CONF_get_string(LHASH *conf,const char *group,const char *name);

-long CONF_get_number(LHASH *conf,const char *group,const char *name);

-void CONF_free(LHASH *conf);

-int CONF_dump_fp(LHASH *conf, FILE *out);

-int CONF_dump_bio(LHASH *conf, BIO *out);

-void OPENSSL_config(const char *config_name);

-void OPENSSL_no_config(void);

-/* New conf code.  The semantics are different from the functions above.

-   If that wasn't the case, the above functions would have been replaced */

-struct conf_st

-	{

-	CONF_METHOD *meth;

-	void *meth_data;

-	LHASH *data;

-	};

-CONF *NCONF_new(CONF_METHOD *meth);

-CONF_METHOD *NCONF_default(void);

-CONF_METHOD *NCONF_WIN32(void);

-#if 0 /* Just to give you an idea of what I have in mind */

-CONF_METHOD *NCONF_XML(void);

-#endif

-void NCONF_free(CONF *conf);

-void NCONF_free_data(CONF *conf);

-int NCONF_load(CONF *conf,const char *file,long *eline);

-#ifndef OPENSSL_NO_FP_API

-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);

-#endif

-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);

-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);

-char *NCONF_get_string(const CONF *conf,const char *group,const char *name);

-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,

-		       long *result);

-int NCONF_dump_fp(const CONF *conf, FILE *out);

-int NCONF_dump_bio(const CONF *conf, BIO *out);

-#if 0 /* The following function has no error checking,

-	 and should therefore be avoided */

-long NCONF_get_number(CONF *conf,char *group,char *name);

-#else

-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)

-#endif

-/* Module functions */

-int CONF_modules_load(const CONF *cnf, const char *appname,

-		      unsigned long flags);

-int CONF_modules_load_file(const char *filename, const char *appname,

-			   unsigned long flags);

-void CONF_modules_unload(int all);

-void CONF_modules_finish(void);

-void CONF_modules_free(void);

-int CONF_module_add(const char *name, conf_init_func *ifunc,

-		    conf_finish_func *ffunc);

-const char *CONF_imodule_get_name(const CONF_IMODULE *md);

-const char *CONF_imodule_get_value(const CONF_IMODULE *md);

-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);

-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);

-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);

-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);

-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);

-void *CONF_module_get_usr_data(CONF_MODULE *pmod);

-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);

-char *CONF_get1_default_config_file(void);

-int CONF_parse_list(const char *list, int sep, int nospc,

-	int (*list_cb)(const char *elem, int len, void *usr), void *arg);

-void OPENSSL_load_builtin_modules(void);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_CONF_strings(void);

-/* Error codes for the CONF functions. */

-/* Function codes. */

-#define CONF_F_CONF_DUMP_FP				 104

-#define CONF_F_CONF_LOAD				 100

-#define CONF_F_CONF_LOAD_BIO				 102

-#define CONF_F_CONF_LOAD_FP				 103

-#define CONF_F_CONF_MODULES_LOAD			 116

-#define CONF_F_DEF_LOAD					 120

-#define CONF_F_DEF_LOAD_BIO				 121

-#define CONF_F_MODULE_INIT				 115

-#define CONF_F_MODULE_LOAD_DSO				 117

-#define CONF_F_MODULE_RUN				 118

-#define CONF_F_NCONF_DUMP_BIO				 105

-#define CONF_F_NCONF_DUMP_FP				 106

-#define CONF_F_NCONF_GET_NUMBER				 107

-#define CONF_F_NCONF_GET_NUMBER_E			 112

-#define CONF_F_NCONF_GET_SECTION			 108

-#define CONF_F_NCONF_GET_STRING				 109

-#define CONF_F_NCONF_LOAD				 113

-#define CONF_F_NCONF_LOAD_BIO				 110

-#define CONF_F_NCONF_LOAD_FP				 114

-#define CONF_F_NCONF_NEW				 111

-#define CONF_F_STR_COPY					 101

-/* Reason codes. */

-#define CONF_R_ERROR_LOADING_DSO			 110

-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100

-#define CONF_R_MISSING_EQUAL_SIGN			 101

-#define CONF_R_MISSING_FINISH_FUNCTION			 111

-#define CONF_R_MISSING_INIT_FUNCTION			 112

-#define CONF_R_MODULE_INITIALIZATION_ERROR		 109

-#define CONF_R_NO_CLOSE_BRACE				 102

-#define CONF_R_NO_CONF					 105

-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106

-#define CONF_R_NO_SECTION				 107

-#define CONF_R_NO_SUCH_FILE				 114

-#define CONF_R_NO_VALUE					 108

-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103

-#define CONF_R_UNKNOWN_MODULE_NAME			 113

-#define CONF_R_VARIABLE_HAS_NO_VALUE			 104

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_api.c

+++ /dev/null

@@ -1,308 +1,0 @@

-/* conf_api.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Part of the code in here was originally in conf.c, which is now removed */

-#ifndef CONF_DEBUG

-# undef NDEBUG /* avoid conflicting definitions */

-# define NDEBUG

-#endif

-#include <assert.h>

-#include <string.h>

-#include <openssl/conf.h>

-#include <openssl/conf_api.h>

-#include "e_os.h"

-static void value_free_hash(CONF_VALUE *a, LHASH *conf);

-static void value_free_stack(CONF_VALUE *a,LHASH *conf);

-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)

-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)

-/* We don't use function pointer casting or wrapper functions - but cast each

- * callback parameter inside the callback functions. */

-/* static unsigned long hash(CONF_VALUE *v); */

-static unsigned long hash(const void *v_void);

-/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */

-static int cmp_conf(const void *a_void,const void *b_void);

-/* Up until OpenSSL 0.9.5a, this was get_section */

-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)

-	{

-	CONF_VALUE *v,vv;

-	if ((conf == NULL) || (section == NULL)) return(NULL);

-	vv.name=NULL;

-	vv.section=(char *)section;

-	v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);

-	return(v);

-	}

-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */

-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,

-					       const char *section)

-	{

-	CONF_VALUE *v;

-	v=_CONF_get_section(conf,section);

-	if (v != NULL)

-		return((STACK_OF(CONF_VALUE) *)v->value);

-	else

-		return(NULL);

-	}

-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)

-	{

-	CONF_VALUE *v = NULL;

-	STACK_OF(CONF_VALUE) *ts;

-	ts = (STACK_OF(CONF_VALUE) *)section->value;

-	value->section=section->section;

-	if (!sk_CONF_VALUE_push(ts,value))

-		{

-		return 0;

-		}

-	v = (CONF_VALUE *)lh_insert(conf->data, value);

-	if (v != NULL)

-		{

-		(void)sk_CONF_VALUE_delete_ptr(ts,v);

-		OPENSSL_free(v->name);

-		OPENSSL_free(v->value);

-		OPENSSL_free(v);

-		}

-	return 1;

-	}

-char *_CONF_get_string(const CONF *conf, const char *section, const char *name)

-	{

-	CONF_VALUE *v,vv;

-	char *p;

-	if (name == NULL) return(NULL);

-	if (conf != NULL)

-		{

-		if (section != NULL)

-			{

-			vv.name=(char *)name;

-			vv.section=(char *)section;

-			v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);

-			if (v != NULL) return(v->value);

-			if (strcmp(section,"ENV") == 0)

-				{

-				p=Getenv(name);

-				if (p != NULL) return(p);

-				}

-			}

-		vv.section="default";

-		vv.name=(char *)name;

-		v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);

-		if (v != NULL)

-			return(v->value);

-		else

-			return(NULL);

-		}

-	else

-		return(Getenv(name));

-	}

-#if 0 /* There's no way to provide error checking with this function, so

-	 force implementors of the higher levels to get a string and read

-	 the number themselves. */

-long _CONF_get_number(CONF *conf, char *section, char *name)

-	{

-	char *str;

-	long ret=0;

-	str=_CONF_get_string(conf,section,name);

-	if (str == NULL) return(0);

-	for (;;)

-		{

-		if (conf->meth->is_number(conf, *str))

-			ret=ret*10+conf->meth->to_int(conf, *str);

-		else

-			return(ret);

-		str++;

-		}

-	}

-#endif

-int _CONF_new_data(CONF *conf)

-	{

-	if (conf == NULL)

-		{

-		return 0;

-		}

-	if (conf->data == NULL)

-		if ((conf->data = lh_new(hash, cmp_conf)) == NULL)

-			{

-			return 0;

-			}

-	return 1;

-	}

-void _CONF_free_data(CONF *conf)

-	{

-	if (conf == NULL || conf->data == NULL) return;

-	conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'

-				  * works as expected */

-	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),

-			conf->data);

-	/* We now have only 'section' entries in the hash table.

-	 * Due to problems with */

-	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),

-			conf->data);

-	lh_free(conf->data);

-	}

-static void value_free_hash(CONF_VALUE *a, LHASH *conf)

-	{

-	if (a->name != NULL)

-		{

-		a=(CONF_VALUE *)lh_delete(conf,a);

-		}

-	}

-static void value_free_stack(CONF_VALUE *a, LHASH *conf)

-	{

-	CONF_VALUE *vv;

-	STACK *sk;

-	int i;

-	if (a->name != NULL) return;

-	sk=(STACK *)a->value;

-	for (i=sk_num(sk)-1; i>=0; i--)

-		{

-		vv=(CONF_VALUE *)sk_value(sk,i);

-		OPENSSL_free(vv->value);

-		OPENSSL_free(vv->name);

-		OPENSSL_free(vv);

-		}

-	if (sk != NULL) sk_free(sk);

-	OPENSSL_free(a->section);

-	OPENSSL_free(a);

-	}

-/* static unsigned long hash(CONF_VALUE *v) */

-static unsigned long hash(const void *v_void)

-	{

-	CONF_VALUE *v = (CONF_VALUE *)v_void;

-	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));

-	}

-/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */

-static int cmp_conf(const void *a_void,const  void *b_void)

-	{

-	int i;

-	CONF_VALUE *a = (CONF_VALUE *)a_void;

-	CONF_VALUE *b = (CONF_VALUE *)b_void;

-	if (a->section != b->section)

-		{

-		i=strcmp(a->section,b->section);

-		if (i) return(i);

-		}

-	if ((a->name != NULL) && (b->name != NULL))

-		{

-		i=strcmp(a->name,b->name);

-		return(i);

-		}

-	else if (a->name == b->name)

-		return(0);

-	else

-		return((a->name == NULL)?-1:1);

-	}

-/* Up until OpenSSL 0.9.5a, this was new_section */

-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)

-	{

-	STACK *sk=NULL;

-	int ok=0,i;

-	CONF_VALUE *v=NULL,*vv;

-	if ((sk=sk_new_null()) == NULL)

-		goto err;

-	if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)

-		goto err;

-	i=strlen(section)+1;

-	if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)

-		goto err;

-	memcpy(v->section,section,i);

-	v->name=NULL;

-	v->value=(char *)sk;

-	vv=(CONF_VALUE *)lh_insert(conf->data,v);

-	assert(vv == NULL);

-	ok=1;

-err:

-	if (!ok)

-		{

-		if (sk != NULL) sk_free(sk);

-		if (v != NULL) OPENSSL_free(v);

-		v=NULL;

-		}

-	return(v);

-	}

-IMPLEMENT_STACK_OF(CONF_VALUE)

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_api.h

+++ /dev/null

@@ -1,89 +1,0 @@

-/* conf_api.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef  HEADER_CONF_API_H

-#define HEADER_CONF_API_H

-#include <openssl/lhash.h>

-#include <openssl/conf.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Up until OpenSSL 0.9.5a, this was new_section */

-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);

-/* Up until OpenSSL 0.9.5a, this was get_section */

-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);

-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */

-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,

-					       const char *section);

-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);

-char *_CONF_get_string(const CONF *conf, const char *section,

-		       const char *name);

-long _CONF_get_number(const CONF *conf, const char *section, const char *name);

-int _CONF_new_data(CONF *conf);

-void _CONF_free_data(CONF *conf);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_def.c

+++ /dev/null

@@ -1,750 +1,0 @@

-/* crypto/conf/conf.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Part of the code in here was originally in conf.c, which is now removed */

-#include <stdio.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/stack.h>

-#include <openssl/lhash.h>

-#include <openssl/conf.h>

-#include <openssl/conf_api.h>

-#include "conf_def.h"

-#include <openssl/buffer.h>

-#include <openssl/err.h>

-static char *eat_ws(CONF *conf, char *p);

-static char *eat_alpha_numeric(CONF *conf, char *p);

-static void clear_comments(CONF *conf, char *p);

-static int str_copy(CONF *conf,char *section,char **to, char *from);

-static char *scan_quote(CONF *conf, char *p);

-static char *scan_dquote(CONF *conf, char *p);

-#define scan_esc(conf,p)	(((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))

-static CONF *def_create(CONF_METHOD *meth);

-static int def_init_default(CONF *conf);

-static int def_init_WIN32(CONF *conf);

-static int def_destroy(CONF *conf);

-static int def_destroy_data(CONF *conf);

-static int def_load(CONF *conf, const char *name, long *eline);

-static int def_load_bio(CONF *conf, BIO *bp, long *eline);

-static int def_dump(const CONF *conf, BIO *bp);

-static int def_is_number(const CONF *conf, char c);

-static int def_to_int(const CONF *conf, char c);

-const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;

-static CONF_METHOD default_method = {

-	"OpenSSL default",

-	def_create,

-	def_init_default,

-	def_destroy,

-	def_destroy_data,

-	def_load_bio,

-	def_dump,

-	def_is_number,

-	def_to_int,

-	def_load

-	};

-static CONF_METHOD WIN32_method = {

-	"WIN32",

-	def_create,

-	def_init_WIN32,

-	def_destroy,

-	def_destroy_data,

-	def_load_bio,

-	def_dump,

-	def_is_number,

-	def_to_int,

-	def_load

-	};

-CONF_METHOD *NCONF_default()

-	{

-	return &default_method;

-	}

-CONF_METHOD *NCONF_WIN32()

-	{

-	return &WIN32_method;

-	}

-static CONF *def_create(CONF_METHOD *meth)

-	{

-	CONF *ret;

-	ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));

-	if (ret)

-		if (meth->init(ret) == 0)

-			{

-			OPENSSL_free(ret);

-			ret = NULL;

-			}

-	return ret;

-	}

-static int def_init_default(CONF *conf)

-	{

-	if (conf == NULL)

-		return 0;

-	conf->meth = &default_method;

-	conf->meth_data = (void *)CONF_type_default;

-	conf->data = NULL;

-	return 1;

-	}

-static int def_init_WIN32(CONF *conf)

-	{

-	if (conf == NULL)

-		return 0;

-	conf->meth = &WIN32_method;

-	conf->meth_data = (void *)CONF_type_win32;

-	conf->data = NULL;

-	return 1;

-	}

-static int def_destroy(CONF *conf)

-	{

-	if (def_destroy_data(conf))

-		{

-		OPENSSL_free(conf);

-		return 1;

-		}

-	return 0;

-	}

-static int def_destroy_data(CONF *conf)

-	{

-	if (conf == NULL)

-		return 0;

-	_CONF_free_data(conf);

-	return 1;

-	}

-static int def_load(CONF *conf, const char *name, long *line)

-	{

-	int ret;

-	BIO *in=NULL;

-#ifdef OPENSSL_SYS_VMS

-	in=BIO_new_file(name, "r");

-#else

-	in=BIO_new_file(name, "rb");

-#endif

-	if (in == NULL)

-		{

-		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)

-			CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE);

-		else

-			CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB);

-		return 0;

-		}

-	ret = def_load_bio(conf, in, line);

-	BIO_free(in);

-	return ret;

-	}

-static int def_load_bio(CONF *conf, BIO *in, long *line)

-	{

-/* The macro BUFSIZE conflicts with a system macro in VxWorks */

-#define CONFBUFSIZE	512

-	int bufnum=0,i,ii;

-	BUF_MEM *buff=NULL;

-	char *s,*p,*end;

-	int again,n;

-	long eline=0;

-	char btmp[DECIMAL_SIZE(eline)+1];

-	CONF_VALUE *v=NULL,*tv;

-	CONF_VALUE *sv=NULL;

-	char *section=NULL,*buf;

-	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;

-	char *start,*psection,*pname;

-	void *h = (void *)(conf->data);

-	if ((buff=BUF_MEM_new()) == NULL)

-		{

-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);

-		goto err;

-		}

-	section=(char *)OPENSSL_malloc(10);

-	if (section == NULL)

-		{

-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	BUF_strlcpy(section,"default",10);

-	if (_CONF_new_data(conf) == 0)

-		{

-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	sv=_CONF_new_section(conf,section);

-	if (sv == NULL)

-		{

-		CONFerr(CONF_F_DEF_LOAD_BIO,

-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);

-		goto err;

-		}

-	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;

-	bufnum=0;

-	again=0;

-	for (;;)

-		{

-		if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))

-			{

-			CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);

-			goto err;

-			}

-		p= &(buff->data[bufnum]);

-		*p='\0';

-		BIO_gets(in, p, CONFBUFSIZE-1);

-		p[CONFBUFSIZE-1]='\0';

-		ii=i=strlen(p);

-		if (i == 0 && !again) break;

-		again=0;

-		while (i > 0)

-			{

-			if ((p[i-1] != '\r') && (p[i-1] != '\n'))

-				break;

-			else

-				i--;

-			}

-		/* we removed some trailing stuff so there is a new

-		 * line on the end. */

-		if (ii && i == ii)

-			again=1; /* long line */

-		else

-			{

-			p[i]='\0';

-			eline++; /* another input line */

-			}

-		/* we now have a line with trailing \r\n removed */

-		/* i is the number of bytes */

-		bufnum+=i;

-		v=NULL;

-		/* check for line continuation */

-		if (bufnum >= 1)

-			{

-			/* If we have bytes and the last char '\\' and

-			 * second last char is not '\\' */

-			p= &(buff->data[bufnum-1]);

-			if (IS_ESC(conf,p[0]) &&

-				((bufnum <= 1) || !IS_ESC(conf,p[-1])))

-				{

-				bufnum--;

-				again=1;

-				}

-			}

-		if (again) continue;

-		bufnum=0;

-		buf=buff->data;

-		clear_comments(conf, buf);

-		n=strlen(buf);

-		s=eat_ws(conf, buf);

-		if (IS_EOF(conf,*s)) continue; /* blank line */

-		if (*s == '[')

-			{

-			char *ss;

-			s++;

-			start=eat_ws(conf, s);

-			ss=start;

-again:

-			end=eat_alpha_numeric(conf, ss);

-			p=eat_ws(conf, end);

-			if (*p != ']')

-				{

-				if (*p != '\0')

-					{

-					ss=p;

-					goto again;

-					}

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);

-				goto err;

-				}

-			*end='\0';

-			if (!str_copy(conf,NULL,&section,start)) goto err;

-			if ((sv=_CONF_get_section(conf,section)) == NULL)

-				sv=_CONF_new_section(conf,section);

-			if (sv == NULL)

-				{

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);

-				goto err;

-				}

-			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;

-			continue;

-			}

-		else

-			{

-			pname=s;

-			psection=NULL;

-			end=eat_alpha_numeric(conf, s);

-			if ((end[0] == ':') && (end[1] == ':'))

-				{

-				*end='\0';

-				end+=2;

-				psection=pname;

-				pname=end;

-				end=eat_alpha_numeric(conf, end);

-				}

-			p=eat_ws(conf, end);

-			if (*p != '=')

-				{

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-						CONF_R_MISSING_EQUAL_SIGN);

-				goto err;

-				}

-			*end='\0';

-			p++;

-			start=eat_ws(conf, p);

-			while (!IS_EOF(conf,*p))

-				p++;

-			p--;

-			while ((p != start) && (IS_WS(conf,*p)))

-				p--;

-			p++;

-			*p='\0';

-			if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))

-				{

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-							ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			if (psection == NULL) psection=section;

-			v->name=(char *)OPENSSL_malloc(strlen(pname)+1);

-			v->value=NULL;

-			if (v->name == NULL)

-				{

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-							ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			BUF_strlcpy(v->name,pname,strlen(pname)+1);

-			if (!str_copy(conf,psection,&(v->value),start)) goto err;

-			if (strcmp(psection,section) != 0)

-				{

-				if ((tv=_CONF_get_section(conf,psection))

-					== NULL)

-					tv=_CONF_new_section(conf,psection);

-				if (tv == NULL)

-					{

-					CONFerr(CONF_F_DEF_LOAD_BIO,

-					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);

-					goto err;

-					}

-				ts=(STACK_OF(CONF_VALUE) *)tv->value;

-				}

-			else

-				{

-				tv=sv;

-				ts=section_sk;

-				}

-#if 1

-			if (_CONF_add_string(conf, tv, v) == 0)

-				{

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-							ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-#else

-			v->section=tv->section;

-			if (!sk_CONF_VALUE_push(ts,v))

-				{

-				CONFerr(CONF_F_DEF_LOAD_BIO,

-							ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			vv=(CONF_VALUE *)lh_insert(conf->data,v);

-			if (vv != NULL)

-				{

-				sk_CONF_VALUE_delete_ptr(ts,vv);

-				OPENSSL_free(vv->name);

-				OPENSSL_free(vv->value);

-				OPENSSL_free(vv);

-				}

-#endif

-			v=NULL;

-			}

-		}

-	if (buff != NULL) BUF_MEM_free(buff);

-	if (section != NULL) OPENSSL_free(section);

-	return(1);

-err:

-	if (buff != NULL) BUF_MEM_free(buff);

-	if (section != NULL) OPENSSL_free(section);

-	if (line != NULL) *line=eline;

-	BIO_snprintf(btmp,sizeof btmp,"%ld",eline);

-	ERR_add_error_data(2,"line ",btmp);

-	if ((h != conf->data) && (conf->data != NULL))

-		{

-		CONF_free(conf->data);

-		conf->data=NULL;

-		}

-	if (v != NULL)

-		{

-		if (v->name != NULL) OPENSSL_free(v->name);

-		if (v->value != NULL) OPENSSL_free(v->value);

-		if (v != NULL) OPENSSL_free(v);

-		}

-	return(0);

-	}

-static void clear_comments(CONF *conf, char *p)

-	{

-	char *to;

-	to=p;

-	for (;;)

-		{

-		if (IS_FCOMMENT(conf,*p))

-			{

-			*p='\0';

-			return;

-			}

-		if (!IS_WS(conf,*p))

-			{

-			break;

-			}

-		p++;

-		}

-	for (;;)

-		{

-		if (IS_COMMENT(conf,*p))

-			{

-			*p='\0';

-			return;

-			}

-		if (IS_DQUOTE(conf,*p))

-			{

-			p=scan_dquote(conf, p);

-			continue;

-			}

-		if (IS_QUOTE(conf,*p))

-			{

-			p=scan_quote(conf, p);

-			continue;

-			}

-		if (IS_ESC(conf,*p))

-			{

-			p=scan_esc(conf,p);

-			continue;

-			}

-		if (IS_EOF(conf,*p))

-			return;

-		else

-			p++;

-		}

-	}

-static int str_copy(CONF *conf, char *section, char **pto, char *from)

-	{

-	int q,r,rr=0,to=0,len=0;

-	char *s,*e,*rp,*p,*rrp,*np,*cp,v;

-	BUF_MEM *buf;

-	if ((buf=BUF_MEM_new()) == NULL) return(0);

-	len=strlen(from)+1;

-	if (!BUF_MEM_grow(buf,len)) goto err;

-	for (;;)

-		{

-		if (IS_QUOTE(conf,*from))

-			{

-			q= *from;

-			from++;

-			while (!IS_EOF(conf,*from) && (*from != q))

-				{

-				if (IS_ESC(conf,*from))

-					{

-					from++;

-					if (IS_EOF(conf,*from)) break;

-					}

-				buf->data[to++]= *(from++);

-				}

-			if (*from == q) from++;

-			}

-		else if (IS_DQUOTE(conf,*from))

-			{

-			q= *from;

-			from++;

-			while (!IS_EOF(conf,*from))

-				{

-				if (*from == q)

-					{

-					if (*(from+1) == q)

-						{

-						from++;

-						}

-					else

-						{

-						break;

-						}

-					}

-				buf->data[to++]= *(from++);

-				}

-			if (*from == q) from++;

-			}

-		else if (IS_ESC(conf,*from))

-			{

-			from++;

-			v= *(from++);

-			if (IS_EOF(conf,v)) break;

-			else if (v == 'r') v='\r';

-			else if (v == 'n') v='\n';

-			else if (v == 'b') v='\b';

-			else if (v == 't') v='\t';

-			buf->data[to++]= v;

-			}

-		else if (IS_EOF(conf,*from))

-			break;

-		else if (*from == '$')

-			{

-			/* try to expand it */

-			rrp=NULL;

-			s= &(from[1]);

-			if (*s == '{')

-				q='}';

-			else if (*s == '(')

-				q=')';

-			else q=0;

-			if (q) s++;

-			cp=section;

-			e=np=s;

-			while (IS_ALPHA_NUMERIC(conf,*e))

-				e++;

-			if ((e[0] == ':') && (e[1] == ':'))

-				{

-				cp=np;

-				rrp=e;

-				rr= *e;

-				*rrp='\0';

-				e+=2;

-				np=e;

-				while (IS_ALPHA_NUMERIC(conf,*e))

-					e++;

-				}

-			r= *e;

-			*e='\0';

-			rp=e;

-			if (q)

-				{

-				if (r != q)

-					{

-					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);

-					goto err;

-					}

-				e++;

-				}

-			/* So at this point we have

-			 * np which is the start of the name string which is

-			 *   '\0' terminated.

-			 * cp which is the start of the section string which is

-			 *   '\0' terminated.

-			 * e is the 'next point after'.

-			 * r and rr are the chars replaced by the '\0'

-			 * rp and rrp is where 'r' and 'rr' came from.

-			 */

-			p=_CONF_get_string(conf,cp,np);

-			if (rrp != NULL) *rrp=rr;

-			*rp=r;

-			if (p == NULL)

-				{

-				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);

-				goto err;

-				}

-			BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from)));

-			while (*p)

-				buf->data[to++]= *(p++);

-			/* Since we change the pointer 'from', we also have

-			   to change the perceived length of the string it

-			   points at.  /RL */

-			len -= e-from;

-			from=e;

-			/* In case there were no braces or parenthesis around

-			   the variable reference, we have to put back the

-			   character that was replaced with a '\0'.  /RL */

-			*rp = r;

-			}

-		else

-			buf->data[to++]= *(from++);

-		}

-	buf->data[to]='\0';

-	if (*pto != NULL) OPENSSL_free(*pto);

-	*pto=buf->data;

-	OPENSSL_free(buf);

-	return(1);

-err:

-	if (buf != NULL) BUF_MEM_free(buf);

-	return(0);

-	}

-static char *eat_ws(CONF *conf, char *p)

-	{

-	while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))

-		p++;

-	return(p);

-	}

-static char *eat_alpha_numeric(CONF *conf, char *p)

-	{

-	for (;;)

-		{

-		if (IS_ESC(conf,*p))

-			{

-			p=scan_esc(conf,p);

-			continue;

-			}

-		if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))

-			return(p);

-		p++;

-		}

-	}

-static char *scan_quote(CONF *conf, char *p)

-	{

-	int q= *p;

-	p++;

-	while (!(IS_EOF(conf,*p)) && (*p != q))

-		{

-		if (IS_ESC(conf,*p))

-			{

-			p++;

-			if (IS_EOF(conf,*p)) return(p);

-			}

-		p++;

-		}

-	if (*p == q) p++;

-	return(p);

-	}

-static char *scan_dquote(CONF *conf, char *p)

-	{

-	int q= *p;

-	p++;

-	while (!(IS_EOF(conf,*p)))

-		{

-		if (*p == q)

-			{

-			if (*(p+1) == q)

-				{

-				p++;

-				}

-			else

-				{

-				break;

-				}

-			}

-		p++;

-		}

-	if (*p == q) p++;

-	return(p);

-	}

-static void dump_value(CONF_VALUE *a, BIO *out)

-	{

-	if (a->name)

-		BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);

-	else

-		BIO_printf(out, "[[%s]]\n", a->section);

-	}

-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)

-static int def_dump(const CONF *conf, BIO *out)

-	{

-	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);

-	return 1;

-	}

-static int def_is_number(const CONF *conf, char c)

-	{

-	return IS_NUMBER(conf,c);

-	}

-static int def_to_int(const CONF *conf, char c)

-	{

-	return c - '0';

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_def.h

+++ /dev/null

@@ -1,180 +1,0 @@

-/* crypto/conf/conf_def.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* THIS FILE WAS AUTOMAGICALLY GENERATED!

-   Please modify and use keysets.pl to regenerate it. */

-#define CONF_NUMBER		1

-#define CONF_UPPER		2

-#define CONF_LOWER		4

-#define CONF_UNDER		256

-#define CONF_PUNCTUATION	512

-#define CONF_WS			16

-#define CONF_ESC		32

-#define CONF_QUOTE		64

-#define CONF_DQUOTE		1024

-#define CONF_COMMENT		128

-#define CONF_FCOMMENT		2048

-#define CONF_EOF		8

-#define CONF_HIGHBIT		4096

-#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)

-#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)

-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \

-					CONF_PUNCTUATION)

-#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))

-#ifndef CHARSET_EBCDIC

-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)

-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)

-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)

-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)

-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)

-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)

-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)

-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \

-				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)

-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)

-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)

-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)

-#else /*CHARSET_EBCDIC*/

-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)

-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)

-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)

-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)

-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)

-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)

-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)

-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \

-				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)

-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)

-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)

-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)

-#endif /*CHARSET_EBCDIC*/

-static unsigned short CONF_type_default[256]={

-	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

-	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,

-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

-	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,

-	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,

-	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,

-	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,

-	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,

-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,

-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,

-	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,

-	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,

-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,

-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,

-	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	};

-static unsigned short CONF_type_win32[256]={

-	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

-	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,

-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

-	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,

-	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,

-	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,

-	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,

-	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,

-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,

-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,

-	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,

-	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,

-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,

-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,

-	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,

-	};

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_err.c

+++ /dev/null

@@ -1,129 +1,0 @@

-/* crypto/conf/conf_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/conf.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)

-static ERR_STRING_DATA CONF_str_functs[]=

-	{

-{ERR_FUNC(CONF_F_CONF_DUMP_FP),	"CONF_dump_fp"},

-{ERR_FUNC(CONF_F_CONF_LOAD),	"CONF_load"},

-{ERR_FUNC(CONF_F_CONF_LOAD_BIO),	"CONF_load_bio"},

-{ERR_FUNC(CONF_F_CONF_LOAD_FP),	"CONF_load_fp"},

-{ERR_FUNC(CONF_F_CONF_MODULES_LOAD),	"CONF_modules_load"},

-{ERR_FUNC(CONF_F_DEF_LOAD),	"DEF_LOAD"},

-{ERR_FUNC(CONF_F_DEF_LOAD_BIO),	"DEF_LOAD_BIO"},

-{ERR_FUNC(CONF_F_MODULE_INIT),	"MODULE_INIT"},

-{ERR_FUNC(CONF_F_MODULE_LOAD_DSO),	"MODULE_LOAD_DSO"},

-{ERR_FUNC(CONF_F_MODULE_RUN),	"MODULE_RUN"},

-{ERR_FUNC(CONF_F_NCONF_DUMP_BIO),	"NCONF_dump_bio"},

-{ERR_FUNC(CONF_F_NCONF_DUMP_FP),	"NCONF_dump_fp"},

-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER),	"NCONF_get_number"},

-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E),	"NCONF_get_number_e"},

-{ERR_FUNC(CONF_F_NCONF_GET_SECTION),	"NCONF_get_section"},

-{ERR_FUNC(CONF_F_NCONF_GET_STRING),	"NCONF_get_string"},

-{ERR_FUNC(CONF_F_NCONF_LOAD),	"NCONF_load"},

-{ERR_FUNC(CONF_F_NCONF_LOAD_BIO),	"NCONF_load_bio"},

-{ERR_FUNC(CONF_F_NCONF_LOAD_FP),	"NCONF_load_fp"},

-{ERR_FUNC(CONF_F_NCONF_NEW),	"NCONF_new"},

-{ERR_FUNC(CONF_F_STR_COPY),	"STR_COPY"},

-{0,NULL}

-	};

-static ERR_STRING_DATA CONF_str_reasons[]=

-	{

-{ERR_REASON(CONF_R_ERROR_LOADING_DSO)    ,"error loading dso"},

-{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},

-{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN)   ,"missing equal sign"},

-{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},

-{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},

-{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},

-{ERR_REASON(CONF_R_NO_CLOSE_BRACE)       ,"no close brace"},

-{ERR_REASON(CONF_R_NO_CONF)              ,"no conf"},

-{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},

-{ERR_REASON(CONF_R_NO_SECTION)           ,"no section"},

-{ERR_REASON(CONF_R_NO_SUCH_FILE)         ,"no such file"},

-{ERR_REASON(CONF_R_NO_VALUE)             ,"no value"},

-{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},

-{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME)  ,"unknown module name"},

-{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},

-{0,NULL}

-	};

-#endif

-void ERR_load_CONF_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(CONF_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,CONF_str_functs);

-		ERR_load_strings(0,CONF_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_lib.c

+++ /dev/null

@@ -1,401 +1,0 @@

-/* conf_lib.c */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#include <openssl/conf.h>

-#include <openssl/conf_api.h>

-#include <openssl/lhash.h>

-const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;

-static CONF_METHOD *default_CONF_method=NULL;

-/* Init a 'CONF' structure from an old LHASH */

-void CONF_set_nconf(CONF *conf, LHASH *hash)

-	{

-	if (default_CONF_method == NULL)

-		default_CONF_method = NCONF_default();

-	default_CONF_method->init(conf);

-	conf->data = hash;

-	}

-/* The following section contains the "CONF classic" functions,

-   rewritten in terms of the new CONF interface. */

-int CONF_set_default_method(CONF_METHOD *meth)

-	{

-	default_CONF_method = meth;

-	return 1;

-	}

-LHASH *CONF_load(LHASH *conf, const char *file, long *eline)

-	{

-	LHASH *ltmp;

-	BIO *in=NULL;

-#ifdef OPENSSL_SYS_VMS

-	in=BIO_new_file(file, "r");

-#else

-	in=BIO_new_file(file, "rb");

-#endif

-	if (in == NULL)

-		{

-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);

-		return NULL;

-		}

-	ltmp = CONF_load_bio(conf, in, eline);

-	BIO_free(in);

-	return ltmp;

-	}

-#ifndef OPENSSL_NO_FP_API

-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)

-	{

-	BIO *btmp;

-	LHASH *ltmp;

-	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {

-		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);

-		return NULL;

-	}

-	ltmp = CONF_load_bio(conf, btmp, eline);

-	BIO_free(btmp);

-	return ltmp;

-	}

-#endif

-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)

-	{

-	CONF ctmp;

-	int ret;

-	CONF_set_nconf(&ctmp, conf);

-	ret = NCONF_load_bio(&ctmp, bp, eline);

-	if (ret)

-		return ctmp.data;

-	return NULL;

-	}

-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)

-	{

-	if (conf == NULL)

-		{

-		return NULL;

-		}

-	else

-		{

-		CONF ctmp;

-		CONF_set_nconf(&ctmp, conf);

-		return NCONF_get_section(&ctmp, section);

-		}

-	}

-char *CONF_get_string(LHASH *conf,const char *group,const char *name)

-	{

-	if (conf == NULL)

-		{

-		return NCONF_get_string(NULL, group, name);

-		}

-	else

-		{

-		CONF ctmp;

-		CONF_set_nconf(&ctmp, conf);

-		return NCONF_get_string(&ctmp, group, name);

-		}

-	}

-long CONF_get_number(LHASH *conf,const char *group,const char *name)

-	{

-	int status;

-	long result = 0;

-	if (conf == NULL)

-		{

-		status = NCONF_get_number_e(NULL, group, name, &result);

-		}

-	else

-		{

-		CONF ctmp;

-		CONF_set_nconf(&ctmp, conf);

-		status = NCONF_get_number_e(&ctmp, group, name, &result);

-		}

-	if (status == 0)

-		{

-		/* This function does not believe in errors... */

-		ERR_clear_error();

-		}

-	return result;

-	}

-void CONF_free(LHASH *conf)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	NCONF_free_data(&ctmp);

-	}

-#ifndef OPENSSL_NO_FP_API

-int CONF_dump_fp(LHASH *conf, FILE *out)

-	{

-	BIO *btmp;

-	int ret;

-	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {

-		CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);

-		return 0;

-	}

-	ret = CONF_dump_bio(conf, btmp);

-	BIO_free(btmp);

-	return ret;

-	}

-#endif

-int CONF_dump_bio(LHASH *conf, BIO *out)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	return NCONF_dump_bio(&ctmp, out);

-	}

-/* The following section contains the "New CONF" functions.  They are

-   completely centralised around a new CONF structure that may contain

-   basically anything, but at least a method pointer and a table of data.

-   These functions are also written in terms of the bridge functions used

-   by the "CONF classic" functions, for consistency.  */

-CONF *NCONF_new(CONF_METHOD *meth)

-	{

-	CONF *ret;

-	if (meth == NULL)

-		meth = NCONF_default();

-	ret = meth->create(meth);

-	if (ret == NULL)

-		{

-		CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	return ret;

-	}

-void NCONF_free(CONF *conf)

-	{

-	if (conf == NULL)

-		return;

-	conf->meth->destroy(conf);

-	}

-void NCONF_free_data(CONF *conf)

-	{

-	if (conf == NULL)

-		return;

-	conf->meth->destroy_data(conf);

-	}

-int NCONF_load(CONF *conf, const char *file, long *eline)

-	{

-	if (conf == NULL)

-		{

-		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);

-		return 0;

-		}

-	return conf->meth->load(conf, file, eline);

-	}

-#ifndef OPENSSL_NO_FP_API

-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)

-	{

-	BIO *btmp;

-	int ret;

-	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))

-		{

-		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);

-		return 0;

-		}

-	ret = NCONF_load_bio(conf, btmp, eline);

-	BIO_free(btmp);

-	return ret;

-	}

-#endif

-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)

-	{

-	if (conf == NULL)

-		{

-		CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);

-		return 0;

-		}

-	return conf->meth->load_bio(conf, bp, eline);

-	}

-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)

-	{

-	if (conf == NULL)

-		{

-		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);

-		return NULL;

-		}

-	if (section == NULL)

-		{

-		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);

-		return NULL;

-		}

-	return _CONF_get_section_values(conf, section);

-	}

-char *NCONF_get_string(const CONF *conf,const char *group,const char *name)

-	{

-	char *s = _CONF_get_string(conf, group, name);

-        /* Since we may get a value from an environment variable even

-           if conf is NULL, let's check the value first */

-        if (s) return s;

-	if (conf == NULL)

-		{

-		CONFerr(CONF_F_NCONF_GET_STRING,

-                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);

-		return NULL;

-		}

-	CONFerr(CONF_F_NCONF_GET_STRING,

-		CONF_R_NO_VALUE);

-	ERR_add_error_data(4,"group=",group," name=",name);

-	return NULL;

-	}

-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,

-		       long *result)

-	{

-	char *str;

-	if (result == NULL)

-		{

-		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	str = NCONF_get_string(conf,group,name);

-	if (str == NULL)

-		return 0;

-	for (*result = 0;conf->meth->is_number(conf, *str);)

-		{

-		*result = (*result)*10 + conf->meth->to_int(conf, *str);

-		str++;

-		}

-	return 1;

-	}

-#ifndef OPENSSL_NO_FP_API

-int NCONF_dump_fp(const CONF *conf, FILE *out)

-	{

-	BIO *btmp;

-	int ret;

-	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {

-		CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);

-		return 0;

-	}

-	ret = NCONF_dump_bio(conf, btmp);

-	BIO_free(btmp);

-	return ret;

-	}

-#endif

-int NCONF_dump_bio(const CONF *conf, BIO *out)

-	{

-	if (conf == NULL)

-		{

-		CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);

-		return 0;

-		}

-	return conf->meth->dump(conf, out);

-	}

-/* This function should be avoided */

-#if 0

-long NCONF_get_number(CONF *conf,char *group,char *name)

-	{

-	int status;

-	long ret=0;

-	status = NCONF_get_number_e(conf, group, name, &ret);

-	if (status == 0)

-		{

-		/* This function does not believe in errors... */

-		ERR_get_error();

-		}

-	return ret;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_mall.c

+++ /dev/null

@@ -1,80 +1,0 @@

-/* conf_mall.c */

-/* Written by Stephen Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/dso.h>

-#include <openssl/x509.h>

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-/* Load all OpenSSL builtin modules */

-void OPENSSL_load_builtin_modules(void)

-	{

-	/* Add builtin modules here */

-	ASN1_add_oid_module();

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE_add_conf_module();

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_mod.c

+++ /dev/null

@@ -1,617 +1,0 @@

-/* conf_mod.c */

-/* Written by Stephen Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <ctype.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/dso.h>

-#include <openssl/x509.h>

-#define DSO_mod_init_name "OPENSSL_init"

-#define DSO_mod_finish_name "OPENSSL_finish"

-/* This structure contains a data about supported modules.

- * entries in this table correspond to either dynamic or

- * static modules.

- */

-struct conf_module_st

-	{

-	/* DSO of this module or NULL if static */

-	DSO *dso;

-	/* Name of the module */

-	char *name;

-	/* Init function */

-	conf_init_func *init;

-	/* Finish function */

-	conf_finish_func *finish;

-	/* Number of successfully initialized modules */

-	int links;

-	void *usr_data;

-	};

-/* This structure contains information about modules that have been

- * successfully initialized. There may be more than one entry for a

- * given module.

- */

-struct conf_imodule_st

-	{

-	CONF_MODULE *pmod;

-	char *name;

-	char *value;

-	unsigned long flags;

-	void *usr_data;

-	};

-static STACK_OF(CONF_MODULE) *supported_modules = NULL;

-static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;

-static void module_free(CONF_MODULE *md);

-static void module_finish(CONF_IMODULE *imod);

-static int module_run(const CONF *cnf, char *name, char *value,

-					  unsigned long flags);

-static CONF_MODULE *module_add(DSO *dso, const char *name,

-			conf_init_func *ifunc, conf_finish_func *ffunc);

-static CONF_MODULE *module_find(char *name);

-static int module_init(CONF_MODULE *pmod, char *name, char *value,

-					   const CONF *cnf);

-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,

-									unsigned long flags);

-/* Main function: load modules from a CONF structure */

-int CONF_modules_load(const CONF *cnf, const char *appname,

-		      unsigned long flags)

-	{

-	STACK_OF(CONF_VALUE) *values;

-	CONF_VALUE *vl;

-	char *vsection = NULL;

-	int ret, i;

-	if (!cnf)

-		return 1;

-	if (appname)

-		vsection = NCONF_get_string(cnf, NULL, appname);

-	if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))

-		vsection = NCONF_get_string(cnf, NULL, "openssl_conf");

-	if (!vsection)

-		{

-		ERR_clear_error();

-		return 1;

-		}

-	values = NCONF_get_section(cnf, vsection);

-	if (!values)

-		return 0;

-	for (i = 0; i < sk_CONF_VALUE_num(values); i++)

-		{

-		vl = sk_CONF_VALUE_value(values, i);

-		ret = module_run(cnf, vl->name, vl->value, flags);

-		if (ret <= 0)

-			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))

-				return ret;

-		}

-	return 1;

-	}

-int CONF_modules_load_file(const char *filename, const char *appname,

-			   unsigned long flags)

-	{

-	char *file = NULL;

-	CONF *conf = NULL;

-	int ret = 0;

-	conf = NCONF_new(NULL);

-	if (!conf)

-		goto err;

-	if (filename == NULL)

-		{

-		file = CONF_get1_default_config_file();

-		if (!file)

-			goto err;

-		}

-	else

-		file = (char *)filename;

-	if (NCONF_load(conf, file, NULL) <= 0)

-		{

-		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&

-		  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))

-			{

-			ERR_clear_error();

-			ret = 1;

-			}

-		goto err;

-		}

-	ret = CONF_modules_load(conf, appname, flags);

-	err:

-	if (filename == NULL)

-		OPENSSL_free(file);

-	NCONF_free(conf);

-	return ret;

-	}

-static int module_run(const CONF *cnf, char *name, char *value,

-		      unsigned long flags)

-	{

-	CONF_MODULE *md;

-	int ret;

-	md = module_find(name);

-	/* Module not found: try to load DSO */

-	if (!md && !(flags & CONF_MFLAGS_NO_DSO))

-		md = module_load_dso(cnf, name, value, flags);

-	if (!md)

-		{

-		if (!(flags & CONF_MFLAGS_SILENT))

-			{

-			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);

-			ERR_add_error_data(2, "module=", name);

-			}

-		return -1;

-		}

-	ret = module_init(md, name, value, cnf);

-	if (ret <= 0)

-		{

-		if (!(flags & CONF_MFLAGS_SILENT))

-			{

-			char rcode[DECIMAL_SIZE(ret)+1];

-			CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);

-			BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);

-			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);

-			}

-		}

-	return ret;

-	}

-/* Load a module from a DSO */

-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,

-				    unsigned long flags)

-	{

-	DSO *dso = NULL;

-	conf_init_func *ifunc;

-	conf_finish_func *ffunc;

-	char *path = NULL;

-	int errcode = 0;

-	CONF_MODULE *md;

-	/* Look for alternative path in module section */

-	path = NCONF_get_string(cnf, value, "path");

-	if (!path)

-		{

-		ERR_clear_error();

-		path = name;

-		}

-	dso = DSO_load(NULL, path, NULL, 0);

-	if (!dso)

-		{

-		errcode = CONF_R_ERROR_LOADING_DSO;

-		goto err;

-		}

-        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);

-	if (!ifunc)

-		{

-		errcode = CONF_R_MISSING_INIT_FUNCTION;

-		goto err;

-		}

-        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);

-	/* All OK, add module */

-	md = module_add(dso, name, ifunc, ffunc);

-	if (!md)

-		goto err;

-	return md;

-	err:

-	if (dso)

-		DSO_free(dso);

-	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);

-	ERR_add_error_data(4, "module=", name, ", path=", path);

-	return NULL;

-	}

-/* add module to list */

-static CONF_MODULE *module_add(DSO *dso, const char *name,

-			       conf_init_func *ifunc, conf_finish_func *ffunc)

-	{

-	CONF_MODULE *tmod = NULL;

-	if (supported_modules == NULL)

-		supported_modules = sk_CONF_MODULE_new_null();

-	if (supported_modules == NULL)

-		return NULL;

-	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));

-	if (tmod == NULL)

-		return NULL;

-	tmod->dso = dso;

-	tmod->name = BUF_strdup(name);

-	tmod->init = ifunc;

-	tmod->finish = ffunc;

-	tmod->links = 0;

-	if (!sk_CONF_MODULE_push(supported_modules, tmod))

-		{

-		OPENSSL_free(tmod);

-		return NULL;

-		}

-	return tmod;

-	}

-/* Find a module from the list. We allow module names of the

- * form modname.XXXX to just search for modname to allow the

- * same module to be initialized more than once.

- */

-static CONF_MODULE *module_find(char *name)

-	{

-	CONF_MODULE *tmod;

-	int i, nchar;

-	char *p;

-	p = strrchr(name, '.');

-	if (p)

-		nchar = p - name;

-	else

-		nchar = strlen(name);

-	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)

-		{

-		tmod = sk_CONF_MODULE_value(supported_modules, i);

-		if (!strncmp(tmod->name, name, nchar))

-			return tmod;

-		}

-	return NULL;

-	}

-/* initialize a module */

-static int module_init(CONF_MODULE *pmod, char *name, char *value,

-		       const CONF *cnf)

-	{

-	int ret = 1;

-	int init_called = 0;

-	CONF_IMODULE *imod = NULL;

-	/* Otherwise add initialized module to list */

-	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));

-	if (!imod)

-		goto err;

-	imod->pmod = pmod;

-	imod->name = BUF_strdup(name);

-	imod->value = BUF_strdup(value);

-	imod->usr_data = NULL;

-	if (!imod->name || !imod->value)

-		goto memerr;

-	/* Try to initialize module */

-	if(pmod->init)

-		{

-		ret = pmod->init(imod, cnf);

-		init_called = 1;

-		/* Error occurred, exit */

-		if (ret <= 0)

-			goto err;

-		}

-	if (initialized_modules == NULL)

-		{

-		initialized_modules = sk_CONF_IMODULE_new_null();

-		if (!initialized_modules)

-			{

-			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	if (!sk_CONF_IMODULE_push(initialized_modules, imod))

-		{

-		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	pmod->links++;

-	return ret;

-	err:

-	/* We've started the module so we'd better finish it */

-	if (pmod->finish && init_called)

-		pmod->finish(imod);

-	memerr:

-	if (imod)

-		{

-		if (imod->name)

-			OPENSSL_free(imod->name);

-		if (imod->value)

-			OPENSSL_free(imod->value);

-		OPENSSL_free(imod);

-		}

-	return -1;

-	}

-/* Unload any dynamic modules that have a link count of zero:

- * i.e. have no active initialized modules. If 'all' is set

- * then all modules are unloaded including static ones.

- */

-void CONF_modules_unload(int all)

-	{

-	int i;

-	CONF_MODULE *md;

-	CONF_modules_finish();

-	/* unload modules in reverse order */

-	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)

-		{

-		md = sk_CONF_MODULE_value(supported_modules, i);

-		/* If static or in use and 'all' not set ignore it */

-		if (((md->links > 0) || !md->dso) && !all)

-			continue;

-		/* Since we're working in reverse this is OK */

-		(void)sk_CONF_MODULE_delete(supported_modules, i);

-		module_free(md);

-		}

-	if (sk_CONF_MODULE_num(supported_modules) == 0)

-		{

-		sk_CONF_MODULE_free(supported_modules);

-		supported_modules = NULL;

-		}

-	}

-/* unload a single module */

-static void module_free(CONF_MODULE *md)

-	{

-	if (md->dso)

-		DSO_free(md->dso);

-	OPENSSL_free(md->name);

-	OPENSSL_free(md);

-	}

-/* finish and free up all modules instances */

-void CONF_modules_finish(void)

-	{

-	CONF_IMODULE *imod;

-	while (sk_CONF_IMODULE_num(initialized_modules) > 0)

-		{

-		imod = sk_CONF_IMODULE_pop(initialized_modules);

-		module_finish(imod);

-		}

-	sk_CONF_IMODULE_free(initialized_modules);

-	initialized_modules = NULL;

-	}

-/* finish a module instance */

-static void module_finish(CONF_IMODULE *imod)

-	{

-	if (imod->pmod->finish)

-		imod->pmod->finish(imod);

-	imod->pmod->links--;

-	OPENSSL_free(imod->name);

-	OPENSSL_free(imod->value);

-	OPENSSL_free(imod);

-	}

-/* Add a static module to OpenSSL */

-int CONF_module_add(const char *name, conf_init_func *ifunc,

-		    conf_finish_func *ffunc)

-	{

-	if (module_add(NULL, name, ifunc, ffunc))

-		return 1;

-	else

-		return 0;

-	}

-void CONF_modules_free(void)

-	{

-	CONF_modules_finish();

-	CONF_modules_unload(1);

-	}

-/* Utility functions */

-const char *CONF_imodule_get_name(const CONF_IMODULE *md)

-	{

-	return md->name;

-	}

-const char *CONF_imodule_get_value(const CONF_IMODULE *md)

-	{

-	return md->value;

-	}

-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)

-	{

-	return md->usr_data;

-	}

-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)

-	{

-	md->usr_data = usr_data;

-	}

-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)

-	{

-	return md->pmod;

-	}

-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)

-	{

-	return md->flags;

-	}

-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)

-	{

-	md->flags = flags;

-	}

-void *CONF_module_get_usr_data(CONF_MODULE *pmod)

-	{

-	return pmod->usr_data;

-	}

-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)

-	{

-	pmod->usr_data = usr_data;

-	}

-/* Return default config file name */

-char *CONF_get1_default_config_file(void)

-	{

-	char *file;

-	int len;

-	file = getenv("OPENSSL_CONF");

-	if (file)

-		return BUF_strdup(file);

-	len = strlen(X509_get_default_cert_area());

-#ifndef OPENSSL_SYS_VMS

-	len++;

-#endif

-	len += strlen(OPENSSL_CONF);

-	file = OPENSSL_malloc(len + 1);

-	if (!file)

-		return NULL;

-	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);

-#ifndef OPENSSL_SYS_VMS

-	BUF_strlcat(file,"/",len + 1);

-#endif

-	BUF_strlcat(file,OPENSSL_CONF,len + 1);

-	return file;

-	}

-/* This function takes a list separated by 'sep' and calls the

- * callback function giving the start and length of each member

- * optionally stripping leading and trailing whitespace. This can

- * be used to parse comma separated lists for example.

- */

-int CONF_parse_list(const char *list_, int sep, int nospc,

-	int (*list_cb)(const char *elem, int len, void *usr), void *arg)

-	{

-	int ret;

-	const char *lstart, *tmpend, *p;

-	lstart = list_;

-	for(;;)

-		{

-		if (nospc)

-			{

-			while(*lstart && isspace((unsigned char)*lstart))

-				lstart++;

-			}

-		p = strchr(lstart, sep);

-		if (p == lstart || !*lstart)

-			ret = list_cb(NULL, 0, arg);

-		else

-			{

-			if (p)

-				tmpend = p - 1;

-			else

-				tmpend = lstart + strlen(lstart) - 1;

-			if (nospc)

-				{

-				while(isspace((unsigned char)*tmpend))

-					tmpend--;

-				}

-			ret = list_cb(lstart, tmpend - lstart + 1, arg);

-			}

-		if (ret <= 0)

-			return ret;

-		if (p == NULL)

-			return 1;

-		lstart = p + 1;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/conf_sap.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* conf_sap.c */

-/* Written by Stephen Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/dso.h>

-#include <openssl/x509.h>

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-/* This is the automatic configuration loader: it is called automatically by

- * OpenSSL when any of a number of standard initialisation functions are called,

- * unless this is overridden by calling OPENSSL_no_config()

- */

-static int openssl_configured = 0;

-void OPENSSL_config(const char *config_name)

-	{

-	if (openssl_configured)

-		return;

-	OPENSSL_load_builtin_modules();

-#ifndef OPENSSL_NO_ENGINE

-	/* Need to load ENGINEs */

-	ENGINE_load_builtin_engines();

-#endif

-	/* Add others here? */

-	ERR_clear_error();

-	if (CONF_modules_load_file(NULL, config_name,

-	CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)

-		{

-		BIO *bio_err;

-		ERR_load_crypto_strings();

-		if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)

-			{

-			BIO_printf(bio_err,"Auto configuration failed\n");

-			ERR_print_errors(bio_err);

-			BIO_free(bio_err);

-			}

-		exit(1);

-		}

-	return;

-	}

-void OPENSSL_no_config()

-	{

-	openssl_configured = 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/conf/keysets.pl

+++ /dev/null

@@ -1,185 +1,0 @@

-#!/usr/local/bin/perl

-$NUMBER=0x01;

-$UPPER=0x02;

-$LOWER=0x04;

-$UNDER=0x100;

-$PUNCTUATION=0x200;

-$WS=0x10;

-$ESC=0x20;

-$QUOTE=0x40;

-$DQUOTE=0x400;

-$COMMENT=0x80;

-$FCOMMENT=0x800;

-$EOF=0x08;

-$HIGHBIT=0x1000;

-foreach (0 .. 255)

-	{

-	$v=0;

-	$c=sprintf("%c",$_);

-	$v|=$NUMBER	if ($c =~ /[0-9]/);

-	$v|=$UPPER	if ($c =~ /[A-Z]/);

-	$v|=$LOWER	if ($c =~ /[a-z]/);

-	$v|=$UNDER	if ($c =~ /_/);

-	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);

-	$v|=$WS		if ($c =~ /[ \t\r\n]/);

-	$v|=$ESC	if ($c =~ /\\/);

-	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)

-	$v|=$COMMENT	if ($c =~ /\#/);

-	$v|=$EOF	if ($c =~ /\0/);

-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);

-	push(@V_def,$v);

-	}

-foreach (0 .. 255)

-	{

-	$v=0;

-	$c=sprintf("%c",$_);

-	$v|=$NUMBER	if ($c =~ /[0-9]/);

-	$v|=$UPPER	if ($c =~ /[A-Z]/);

-	$v|=$LOWER	if ($c =~ /[a-z]/);

-	$v|=$UNDER	if ($c =~ /_/);

-	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);

-	$v|=$WS		if ($c =~ /[ \t\r\n]/);

-	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)

-	$v|=$FCOMMENT	if ($c =~ /;/);

-	$v|=$EOF	if ($c =~ /\0/);

-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);

-	push(@V_w32,$v);

-	}

-print <<"EOF";

-/* crypto/conf/conf_def.h */

-/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young (eay\@cryptsoft.com).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson (tjh\@cryptsoft.com).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young (eay\@cryptsoft.com)"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* THIS FILE WAS AUTOMAGICALLY GENERATED!

-   Please modify and use keysets.pl to regenerate it. */

-#define CONF_NUMBER		$NUMBER

-#define CONF_UPPER		$UPPER

-#define CONF_LOWER		$LOWER

-#define CONF_UNDER		$UNDER

-#define CONF_PUNCTUATION	$PUNCTUATION

-#define CONF_WS			$WS

-#define CONF_ESC		$ESC

-#define CONF_QUOTE		$QUOTE

-#define CONF_DQUOTE		$DQUOTE

-#define CONF_COMMENT		$COMMENT

-#define CONF_FCOMMENT		$FCOMMENT

-#define CONF_EOF		$EOF

-#define CONF_HIGHBIT		$HIGHBIT

-#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)

-#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)

-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\

-					CONF_PUNCTUATION)

-#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))

-#ifndef CHARSET_EBCDIC

-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)

-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)

-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)

-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)

-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)

-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)

-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)

-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\

-				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)

-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)

-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)

-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)

-#else /*CHARSET_EBCDIC*/

-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)

-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)

-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)

-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)

-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)

-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)

-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)

-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\

-				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)

-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)

-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)

-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)

-#endif /*CHARSET_EBCDIC*/

-EOF

-print "static unsigned short CONF_type_default[256]={";

-for ($i=0; $i<256; $i++)

-	{

-	print "\n\t" if ($i % 8) == 0;

-	printf "0x%04X,",$V_def[$i];

-	}

-print "\n\t};\n\n";

-print "static unsigned short CONF_type_win32[256]={";

-for ($i=0; $i<256; $i++)

-	{

-	print "\n\t" if ($i % 8) == 0;

-	printf "0x%04X,",$V_w32[$i];

-	}

-print "\n\t};\n\n";

--- a/sys/src/ape/lib/openssl/crypto/conf/ssleay.cnf

+++ /dev/null

@@ -1,78 +1,0 @@

-#

-# This is a test configuration file for use in SSLeay etc...

-#

-init = 5

-in\#it1 =10

-init2='10'

-init3='10\''

-init4="10'"

-init5='='10\'' again'

-SSLeay::version = 0.5.0

-[genrsa]

-default_bits	= 512

-SSLEAY::version = 0.5.0

-[gendh]

-default_bits	= 512

-def_generator	= 2

-[s_client]

-cipher1		= DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\

-cipher2		= 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'

-cipher3		= "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"

-cipher4		= DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5

-[ default ]

-cert_dir	= $ENV::HOME/.ca_certs

-HOME		= /tmp/eay

-tmp_cert_dir	= $HOME/.ca_certs

-tmp2_cert_dir	= thisis$(HOME)stuff

-LOGNAME	= Eric Young (home=$HOME)

-[ special ]

-H=$HOME

-H=$default::HOME

-H=$ENV::HOME

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-RANDFILE		= $HOME/.rand

-[ req ]

-default_bits		= 512

-default_keyfile 	= privkey.pem

-Attribute_type_1	= countryName

-Attribute_text_1	= Country Name (2 letter code)

-Attribute_default_1	= AU

-Attribute_type_2	= stateOrProvinceName

-Attribute_text_2	= State or Province Name (full name)

-Attribute_default_2	= Queensland

-Attribute_type_3	= localityName

-Attribute_text_3	= Locality Name (eg, city)

-Attribute_type_4	= organizationName

-Attribute_text_4	= Organization Name (eg, company)

-Attribute_default_4	= Mincom Pty Ltd

-Attribute_type_5	= organizationalUnitName

-Attribute_text_5	= Organizational Unit Name (eg, section)

-Attribute_default_5	= TR

-Attribute_type_6	= commonName

-Attribute_text_6	= Common Name (eg, YOUR name)

-Attribute_type_7	= emailAddress

-Attribute_text_7	= Email Address

--- a/sys/src/ape/lib/openssl/crypto/conf/test.c

+++ /dev/null

@@ -1,98 +1,0 @@

-/* crypto/conf/test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/conf.h>

-#include <openssl/err.h>

-main()

-	{

-	LHASH *conf;

-	long eline;

-	char *s,*s2;

-#ifdef USE_WIN32

-	CONF_set_default_method(CONF_WIN32);

-#endif

-	conf=CONF_load(NULL,"ssleay.cnf",&eline);

-	if (conf == NULL)

-		{

-		ERR_load_crypto_strings();

-		printf("unable to load configuration, line %ld\n",eline);

-		ERR_print_errors_fp(stderr);

-		exit(1);

-		}

-	lh_stats(conf,stdout);

-	lh_node_stats(conf,stdout);

-	lh_node_usage_stats(conf,stdout);

-	s=CONF_get_string(conf,NULL,"init2");

-	printf("init2=%s\n",(s == NULL)?"NULL":s);

-	s=CONF_get_string(conf,NULL,"cipher1");

-	printf("cipher1=%s\n",(s == NULL)?"NULL":s);

-	s=CONF_get_string(conf,"s_client","cipher1");

-	printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);

-	printf("---------------------------- DUMP ------------------------\n");

-	CONF_dump_fp(conf, stdout);

-	exit(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/cpt_err.c

+++ /dev/null

@@ -1,103 +1,0 @@

-/* crypto/cpt_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/crypto.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)

-static ERR_STRING_DATA CRYPTO_str_functs[]=

-	{

-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX),	"CRYPTO_get_ex_new_index"},

-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID),	"CRYPTO_get_new_dynlockid"},

-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID),	"CRYPTO_get_new_lockid"},

-{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA),	"CRYPTO_set_ex_data"},

-{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX),	"DEF_ADD_INDEX"},

-{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS),	"DEF_GET_CLASS"},

-{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA),	"INT_DUP_EX_DATA"},

-{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA),	"INT_FREE_EX_DATA"},

-{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA),	"INT_NEW_EX_DATA"},

-{0,NULL}

-	};

-static ERR_STRING_DATA CRYPTO_str_reasons[]=

-	{

-{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},

-{0,NULL}

-	};

-#endif

-void ERR_load_CRYPTO_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,CRYPTO_str_functs);

-		ERR_load_strings(0,CRYPTO_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/cryptlib.c

+++ /dev/null

@@ -1,758 +1,0 @@

-/* crypto/cryptlib.c */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include "cryptlib.h"

-#include <openssl/safestack.h>

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)

-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */

-#endif

-DECLARE_STACK_OF(CRYPTO_dynlock)

-IMPLEMENT_STACK_OF(CRYPTO_dynlock)

-/* real #defines in crypto.h, keep these upto date */

-static const char* const lock_names[CRYPTO_NUM_LOCKS] =

-	{

-	"<<ERROR>>",

-	"err",

-	"ex_data",

-	"x509",

-	"x509_info",

-	"x509_pkey",

-	"x509_crl",

-	"x509_req",

-	"dsa",

-	"rsa",

-	"evp_pkey",

-	"x509_store",

-	"ssl_ctx",

-	"ssl_cert",

-	"ssl_session",

-	"ssl_sess_cert",

-	"ssl",

-	"ssl_method",

-	"rand",

-	"rand2",

-	"debug_malloc",

-	"BIO",

-	"gethostbyname",

-	"getservbyname",

-	"readdir",

-	"RSA_blinding",

-	"dh",

-	"debug_malloc2",

-	"dso",

-	"dynlock",

-	"engine",

-	"ui",

-	"ecdsa",

-	"ec",

-	"ecdh",

-	"bn",

-	"ec_pre_comp",

-	"store",

-	"comp",

-#if CRYPTO_NUM_LOCKS != 39

-# error "Inconsistency between crypto.h and cryptlib.c"

-#endif

-	};

-/* This is for applications to allocate new type names in the non-dynamic

-   array of lock names.  These are numbered with positive numbers.  */

-static STACK *app_locks=NULL;

-/* For applications that want a more dynamic way of handling threads, the

-   following stack is used.  These are externally numbered with negative

-   numbers.  */

-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;

-static void (MS_FAR *locking_callback)(int mode,int type,

-	const char *file,int line)=NULL;

-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,

-	int type,const char *file,int line)=NULL;

-static unsigned long (MS_FAR *id_callback)(void)=NULL;

-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)

-	(const char *file,int line)=NULL;

-static void (MS_FAR *dynlock_lock_callback)(int mode,

-	struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;

-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,

-	const char *file,int line)=NULL;

-int CRYPTO_get_new_lockid(char *name)

-	{

-	char *str;

-	int i;

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)

-	/* A hack to make Visual C++ 5.0 work correctly when linking as

-	 * a DLL using /MT. Without this, the application cannot use

-	 * and floating point printf's.

-	 * It also seems to be needed for Visual C 1.5 (win16) */

-	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];

-#endif

-	if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))

-		{

-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	if ((str=BUF_strdup(name)) == NULL)

-		{

-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	i=sk_push(app_locks,str);

-	if (!i)

-		OPENSSL_free(str);

-	else

-		i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */

-	return(i);

-	}

-int CRYPTO_num_locks(void)

-	{

-	return CRYPTO_NUM_LOCKS;

-	}

-int CRYPTO_get_new_dynlockid(void)

-	{

-	int i = 0;

-	CRYPTO_dynlock *pointer = NULL;

-	if (dynlock_create_callback == NULL)

-		{

-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);

-		return(0);

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);

-	if ((dyn_locks == NULL)

-		&& ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))

-		{

-		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

-	pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));

-	if (pointer == NULL)

-		{

-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	pointer->references = 1;

-	pointer->data = dynlock_create_callback(__FILE__,__LINE__);

-	if (pointer->data == NULL)

-		{

-		OPENSSL_free(pointer);

-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);

-	/* First, try to find an existing empty slot */

-	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);

-	/* If there was none, push, thereby creating a new one */

-	if (i == -1)

-		/* Since sk_push() returns the number of items on the

-		   stack, not the location of the pushed item, we need

-		   to transform the returned number into a position,

-		   by decreasing it.  */

-		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;

-	else

-		/* If we found a place with a NULL pointer, put our pointer

-		   in it.  */

-		(void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);

-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

-	if (i == -1)

-		{

-		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);

-		OPENSSL_free(pointer);

-		}

-	else

-		i += 1; /* to avoid 0 */

-	return -i;

-	}

-void CRYPTO_destroy_dynlockid(int i)

-	{

-	CRYPTO_dynlock *pointer = NULL;

-	if (i)

-		i = -i-1;

-	if (dynlock_destroy_callback == NULL)

-		return;

-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);

-	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))

-		{

-		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

-		return;

-		}

-	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);

-	if (pointer != NULL)

-		{

-		--pointer->references;

-#ifdef REF_CHECK

-		if (pointer->references < 0)

-			{

-			fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");

-			abort();

-			}

-		else

-#endif

-			if (pointer->references <= 0)

-				{

-				(void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);

-				}

-			else

-				pointer = NULL;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

-	if (pointer)

-		{

-		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);

-		OPENSSL_free(pointer);

-		}

-	}

-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)

-	{

-	CRYPTO_dynlock *pointer = NULL;

-	if (i)

-		i = -i-1;

-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);

-	if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))

-		pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);

-	if (pointer)

-		pointer->references++;

-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);

-	if (pointer)

-		return pointer->data;

-	return NULL;

-	}

-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))

-	(const char *file,int line)

-	{

-	return(dynlock_create_callback);

-	}

-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,

-	struct CRYPTO_dynlock_value *l, const char *file,int line)

-	{

-	return(dynlock_lock_callback);

-	}

-void (*CRYPTO_get_dynlock_destroy_callback(void))

-	(struct CRYPTO_dynlock_value *l, const char *file,int line)

-	{

-	return(dynlock_destroy_callback);

-	}

-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)

-	(const char *file, int line))

-	{

-	dynlock_create_callback=func;

-	}

-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,

-	struct CRYPTO_dynlock_value *l, const char *file, int line))

-	{

-	dynlock_lock_callback=func;

-	}

-void CRYPTO_set_dynlock_destroy_callback(void (*func)

-	(struct CRYPTO_dynlock_value *l, const char *file, int line))

-	{

-	dynlock_destroy_callback=func;

-	}

-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,

-		int line)

-	{

-	return(locking_callback);

-	}

-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,

-					  const char *file,int line)

-	{

-	return(add_lock_callback);

-	}

-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,

-					      const char *file,int line))

-	{

-	locking_callback=func;

-	}

-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,

-					      const char *file,int line))

-	{

-	add_lock_callback=func;

-	}

-unsigned long (*CRYPTO_get_id_callback(void))(void)

-	{

-	return(id_callback);

-	}

-void CRYPTO_set_id_callback(unsigned long (*func)(void))

-	{

-	id_callback=func;

-	}

-unsigned long CRYPTO_thread_id(void)

-	{

-	unsigned long ret=0;

-	if (id_callback == NULL)

-		{

-#ifdef OPENSSL_SYS_WIN16

-		ret=(unsigned long)GetCurrentTask();

-#elif defined(OPENSSL_SYS_WIN32)

-		ret=(unsigned long)GetCurrentThreadId();

-#elif defined(GETPID_IS_MEANINGLESS)

-		ret=1L;

-#else

-		ret=(unsigned long)getpid();

-#endif

-		}

-	else

-		ret=id_callback();

-	return(ret);

-	}

-void CRYPTO_lock(int mode, int type, const char *file, int line)

-	{

-#ifdef LOCK_DEBUG

-		{

-		char *rw_text,*operation_text;

-		if (mode & CRYPTO_LOCK)

-			operation_text="lock  ";

-		else if (mode & CRYPTO_UNLOCK)

-			operation_text="unlock";

-		else

-			operation_text="ERROR ";

-		if (mode & CRYPTO_READ)

-			rw_text="r";

-		else if (mode & CRYPTO_WRITE)

-			rw_text="w";

-		else

-			rw_text="ERROR";

-		fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",

-			CRYPTO_thread_id(), rw_text, operation_text,

-			CRYPTO_get_lock_name(type), file, line);

-		}

-#endif

-	if (type < 0)

-		{

-		if (dynlock_lock_callback != NULL)

-			{

-			struct CRYPTO_dynlock_value *pointer

-				= CRYPTO_get_dynlock_value(type);

-			OPENSSL_assert(pointer != NULL);

-			dynlock_lock_callback(mode, pointer, file, line);

-			CRYPTO_destroy_dynlockid(type);

-			}

-		}

-	else

-		if (locking_callback != NULL)

-			locking_callback(mode,type,file,line);

-	}

-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,

-	     int line)

-	{

-	int ret = 0;

-	if (add_lock_callback != NULL)

-		{

-#ifdef LOCK_DEBUG

-		int before= *pointer;

-#endif

-		ret=add_lock_callback(pointer,amount,type,file,line);

-#ifdef LOCK_DEBUG

-		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",

-			CRYPTO_thread_id(),

-			before,amount,ret,

-			CRYPTO_get_lock_name(type),

-			file,line);

-#endif

-		}

-	else

-		{

-		CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);

-		ret= *pointer+amount;

-#ifdef LOCK_DEBUG

-		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",

-			CRYPTO_thread_id(),

-			*pointer,amount,ret,

-			CRYPTO_get_lock_name(type),

-			file,line);

-#endif

-		*pointer=ret;

-		CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);

-		}

-	return(ret);

-	}

-const char *CRYPTO_get_lock_name(int type)

-	{

-	if (type < 0)

-		return("dynamic");

-	else if (type < CRYPTO_NUM_LOCKS)

-		return(lock_names[type]);

-	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))

-		return("ERROR");

-	else

-		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));

-	}

-#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \

-	defined(__INTEL__) || \

-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)

-unsigned long  OPENSSL_ia32cap_P=0;

-unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }

-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)

-#define OPENSSL_CPUID_SETUP

-void OPENSSL_cpuid_setup(void)

-{ static int trigger=0;

-  unsigned long OPENSSL_ia32_cpuid(void);

-  char *env;

-    if (trigger)	return;

-    trigger=1;

-    if ((env=getenv("OPENSSL_ia32cap")))

-	OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10);

-    else

-	OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10);

-    /*

-     * |(1<<10) sets a reserved bit to signal that variable

-     * was initialized already... This is to avoid interference

-     * with cpuid snippets in ELF .init segment.

-     */

-}

-#endif

-#else

-unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }

-#endif

-int OPENSSL_NONPIC_relocated = 0;

-#if !defined(OPENSSL_CPUID_SETUP)

-void OPENSSL_cpuid_setup(void) {}

-#endif

-#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)

-#ifdef __CYGWIN__

-/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */

-#include <windows.h>

-#endif

-/* All we really need to do is remove the 'error' state when a thread

- * detaches */

-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,

-	     LPVOID lpvReserved)

-	{

-	switch(fdwReason)

-		{

-	case DLL_PROCESS_ATTACH:

-		OPENSSL_cpuid_setup();

-#if defined(_WIN32_WINNT)

-		{

-		IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;

-		IMAGE_NT_HEADERS *nt_headers;

-		if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)

-			{

-			nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header

-						+ dos_header->e_lfanew);

-			if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&

-			    hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))

-				OPENSSL_NONPIC_relocated=1;

-			}

-		}

-#endif

-		break;

-	case DLL_THREAD_ATTACH:

-		break;

-	case DLL_THREAD_DETACH:

-		ERR_remove_state(0);

-		break;

-	case DLL_PROCESS_DETACH:

-		break;

-		}

-	return(TRUE);

-	}

-#endif

-#if defined(_WIN32) && !defined(__CYGWIN__)

-#include <tchar.h>

-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333

-int OPENSSL_isservice(void)

-{ HWINSTA h;

-  DWORD len;

-  WCHAR *name;

-    (void)GetDesktopWindow(); /* return value is ignored */

-    h = GetProcessWindowStation();

-    if (h==NULL) return -1;

-    if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||

-	GetLastError() != ERROR_INSUFFICIENT_BUFFER)

-	return -1;

-    if (len>512) return -1;		/* paranoia */

-    len++,len&=~1;			/* paranoia */

-#ifdef _MSC_VER

-    name=(WCHAR *)_alloca(len+sizeof(WCHAR));

-#else

-    name=(WCHAR *)alloca(len+sizeof(WCHAR));

-#endif

-    if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))

-	return -1;

-    len++,len&=~1;			/* paranoia */

-    name[len/sizeof(WCHAR)]=L'\0';	/* paranoia */

-#if 1

-    /* This doesn't cover "interactive" services [working with real

-     * WinSta0's] nor programs started non-interactively by Task

-     * Scheduler [those are working with SAWinSta]. */

-    if (wcsstr(name,L"Service-0x"))	return 1;

-#else

-    /* This covers all non-interactive programs such as services. */

-    if (!wcsstr(name,L"WinSta0"))	return 1;

-#endif

-    else				return 0;

-}

-#else

-int OPENSSL_isservice(void) { return 0; }

-#endif

-void OPENSSL_showfatal (const char *fmta,...)

-{ va_list ap;

-  TCHAR buf[256];

-  const TCHAR *fmt;

-#ifdef STD_ERROR_HANDLE	/* what a dirty trick! */

-  HANDLE h;

-    if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&

-	GetFileType(h)!=FILE_TYPE_UNKNOWN)

-    {	/* must be console application */

-	va_start (ap,fmta);

-	vfprintf (stderr,fmta,ap);

-	va_end (ap);

-	return;

-    }

-#endif

-    if (sizeof(TCHAR)==sizeof(char))

-	fmt=(const TCHAR *)fmta;

-    else do

-    { int    keepgoing;

-      size_t len_0=strlen(fmta)+1,i;

-      WCHAR *fmtw;

-#ifdef _MSC_VER

-	fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));

-#else

-	fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));

-#endif

-	if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }

-#ifndef OPENSSL_NO_MULTIBYTE

-	if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))

-#endif

-	    for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];

-	for (i=0;i<len_0;i++)

-	{   if (fmtw[i]==L'%') do

-	    {	keepgoing=0;

-		switch (fmtw[i+1])

-		{   case L'0': case L'1': case L'2': case L'3': case L'4':

-		    case L'5': case L'6': case L'7': case L'8': case L'9':

-		    case L'.': case L'*':

-		    case L'-':	i++; keepgoing=1; break;

-		    case L's':	fmtw[i+1]=L'S';   break;

-		    case L'S':	fmtw[i+1]=L's';   break;

-		    case L'c':	fmtw[i+1]=L'C';   break;

-		    case L'C':	fmtw[i+1]=L'c';   break;

-		}

-	    } while (keepgoing);

-	}

-	fmt = (const TCHAR *)fmtw;

-    } while (0);

-    va_start (ap,fmta);

-    _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);

-    buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');

-    va_end (ap);

-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333

-    /* this -------------v--- guards NT-specific calls */

-    if (GetVersion() < 0x80000000 && OPENSSL_isservice())

-    {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));

-	const TCHAR *pmsg=buf;

-	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);

-	DeregisterEventSource(h);

-    }

-    else

-#endif

-	MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);

-}

-#else

-void OPENSSL_showfatal (const char *fmta,...)

-{ va_list ap;

-    va_start (ap,fmta);

-    vfprintf (stderr,fmta,ap);

-    va_end (ap);

-}

-int OPENSSL_isservice (void) { return 0; }

-#endif

-void OpenSSLDie(const char *file,int line,const char *assertion)

-	{

-	OPENSSL_showfatal(

-		"%s(%d): OpenSSL internal error, assertion failed: %s\n",

-		file,line,assertion);

-	abort();

-	}

-void *OPENSSL_stderr(void)	{ return stderr; }

--- a/sys/src/ape/lib/openssl/crypto/cryptlib.h

+++ /dev/null

@@ -1,112 +1,0 @@

-/* crypto/cryptlib.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_CRYPTLIB_H

-#define HEADER_CRYPTLIB_H

-#include <stdlib.h>

-#include <string.h>

-#include "e_os.h"

-#ifdef OPENSSL_USE_APPLINK

-#define BIO_FLAGS_UPLINK 0x8000

-#include "ms/uplink.h"

-#endif

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/opensslconf.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifndef OPENSSL_SYS_VMS

-#define X509_CERT_AREA		OPENSSLDIR

-#define X509_CERT_DIR		OPENSSLDIR "/certs"

-#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"

-#define X509_PRIVATE_DIR	OPENSSLDIR "/private"

-#else

-#define X509_CERT_AREA		"SSLROOT:[000000]"

-#define X509_CERT_DIR		"SSLCERTS:"

-#define X509_CERT_FILE		"SSLCERTS:cert.pem"

-#define X509_PRIVATE_DIR        "SSLPRIVATE:"

-#endif

-#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"

-#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"

-/* size of string representations */

-#define DECIMAL_SIZE(type)	((sizeof(type)*8+2)/3+1)

-#define HEX_SIZE(type)		(sizeof(type)*2)

-void OPENSSL_cpuid_setup(void);

-extern unsigned long OPENSSL_ia32cap_P;

-void OPENSSL_showfatal(const char *,...);

-void *OPENSSL_stderr(void);

-extern int OPENSSL_NONPIC_relocated;

-int OPENSSL_isservice(void);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/crypto.h

+++ /dev/null

@@ -1,550 +1,0 @@

-/* crypto/crypto.h */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_CRYPTO_H

-#define HEADER_CRYPTO_H

-#include <stdlib.h>

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/safestack.h>

-#include <openssl/opensslv.h>

-#include <openssl/ossl_typ.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-/* Resolve problems on some operating systems with symbol names that clash

-   one way or another */

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Backward compatibility to SSLeay */

-/* This is more to be used to check the correct DLL is being used

- * in the MS world. */

-#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER

-#define SSLEAY_VERSION		0

-/* #define SSLEAY_OPTIONS	1 no longer supported */

-#define SSLEAY_CFLAGS		2

-#define SSLEAY_BUILT_ON		3

-#define SSLEAY_PLATFORM		4

-#define SSLEAY_DIR		5

-/* Already declared in ossl_typ.h */

-#if 0

-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;

-/* Called when a new object is created */

-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-/* Called when an object is free()ed */

-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-/* Called when we need to dup an object */

-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,

-					int idx, long argl, void *argp);

-#endif

-/* A generic structure to pass assorted data in a expandable way */

-typedef struct openssl_item_st

-	{

-	int code;

-	void *value;		/* Not used for flag attributes */

-	size_t value_size;	/* Max size of value for output, length for input */

-	size_t *value_length;	/* Returned length of value for output */

-	} OPENSSL_ITEM;

-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock

- * names in cryptlib.c

- */

-#define	CRYPTO_LOCK_ERR			1

-#define	CRYPTO_LOCK_EX_DATA		2

-#define	CRYPTO_LOCK_X509		3

-#define	CRYPTO_LOCK_X509_INFO		4

-#define	CRYPTO_LOCK_X509_PKEY		5

-#define CRYPTO_LOCK_X509_CRL		6

-#define CRYPTO_LOCK_X509_REQ		7

-#define CRYPTO_LOCK_DSA			8

-#define CRYPTO_LOCK_RSA			9

-#define CRYPTO_LOCK_EVP_PKEY		10

-#define CRYPTO_LOCK_X509_STORE		11

-#define CRYPTO_LOCK_SSL_CTX		12

-#define CRYPTO_LOCK_SSL_CERT		13

-#define CRYPTO_LOCK_SSL_SESSION		14

-#define CRYPTO_LOCK_SSL_SESS_CERT	15

-#define CRYPTO_LOCK_SSL			16

-#define CRYPTO_LOCK_SSL_METHOD		17

-#define CRYPTO_LOCK_RAND		18

-#define CRYPTO_LOCK_RAND2		19

-#define CRYPTO_LOCK_MALLOC		20

-#define CRYPTO_LOCK_BIO			21

-#define CRYPTO_LOCK_GETHOSTBYNAME	22

-#define CRYPTO_LOCK_GETSERVBYNAME	23

-#define CRYPTO_LOCK_READDIR		24

-#define CRYPTO_LOCK_RSA_BLINDING	25

-#define CRYPTO_LOCK_DH			26

-#define CRYPTO_LOCK_MALLOC2		27

-#define CRYPTO_LOCK_DSO			28

-#define CRYPTO_LOCK_DYNLOCK		29

-#define CRYPTO_LOCK_ENGINE		30

-#define CRYPTO_LOCK_UI			31

-#define CRYPTO_LOCK_ECDSA               32

-#define CRYPTO_LOCK_EC			33

-#define CRYPTO_LOCK_ECDH		34

-#define CRYPTO_LOCK_BN  		35

-#define CRYPTO_LOCK_EC_PRE_COMP		36

-#define CRYPTO_LOCK_STORE		37

-#define CRYPTO_LOCK_COMP		38

-#define CRYPTO_NUM_LOCKS		39

-#define CRYPTO_LOCK		1

-#define CRYPTO_UNLOCK		2

-#define CRYPTO_READ		4

-#define CRYPTO_WRITE		8

-#ifndef OPENSSL_NO_LOCKING

-#ifndef CRYPTO_w_lock

-#define CRYPTO_w_lock(type)	\

-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)

-#define CRYPTO_w_unlock(type)	\

-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)

-#define CRYPTO_r_lock(type)	\

-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)

-#define CRYPTO_r_unlock(type)	\

-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)

-#define CRYPTO_add(addr,amount,type)	\

-	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)

-#endif

-#else

-#define CRYPTO_w_lock(a)

-#define CRYPTO_w_unlock(a)

-#define CRYPTO_r_lock(a)

-#define CRYPTO_r_unlock(a)

-#define CRYPTO_add(a,b,c)	((*(a))+=(b))

-#endif

-/* Some applications as well as some parts of OpenSSL need to allocate

-   and deallocate locks in a dynamic fashion.  The following typedef

-   makes this possible in a type-safe manner.  */

-/* struct CRYPTO_dynlock_value has to be defined by the application. */

-typedef struct

-	{

-	int references;

-	struct CRYPTO_dynlock_value *data;

-	} CRYPTO_dynlock;

-/* The following can be used to detect memory leaks in the SSLeay library.

- * It used, it turns on malloc checking */

-#define CRYPTO_MEM_CHECK_OFF	0x0	/* an enume */

-#define CRYPTO_MEM_CHECK_ON	0x1	/* a bit */

-#define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */

-#define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */

-/* The following are bit values to turn on or off options connected to the

- * malloc checking functionality */

-/* Adds time to the memory checking information */

-#define V_CRYPTO_MDEBUG_TIME	0x1 /* a bit */

-/* Adds thread number to the memory checking information */

-#define V_CRYPTO_MDEBUG_THREAD	0x2 /* a bit */

-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)

-/* predec of the BIO type */

-typedef struct bio_st BIO_dummy;

-struct crypto_ex_data_st

-	{

-	STACK *sk;

-	int dummy; /* gcc is screwing up this data structure :-( */

-	};

-/* This stuff is basically class callback functions

- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */

-typedef struct crypto_ex_data_func_st

-	{

-	long argl;	/* Arbitary long */

-	void *argp;	/* Arbitary void * */

-	CRYPTO_EX_new *new_func;

-	CRYPTO_EX_free *free_func;

-	CRYPTO_EX_dup *dup_func;

-	} CRYPTO_EX_DATA_FUNCS;

-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)

-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA

- * entry.

- */

-#define CRYPTO_EX_INDEX_BIO		0

-#define CRYPTO_EX_INDEX_SSL		1

-#define CRYPTO_EX_INDEX_SSL_CTX		2

-#define CRYPTO_EX_INDEX_SSL_SESSION	3

-#define CRYPTO_EX_INDEX_X509_STORE	4

-#define CRYPTO_EX_INDEX_X509_STORE_CTX	5

-#define CRYPTO_EX_INDEX_RSA		6

-#define CRYPTO_EX_INDEX_DSA		7

-#define CRYPTO_EX_INDEX_DH		8

-#define CRYPTO_EX_INDEX_ENGINE		9

-#define CRYPTO_EX_INDEX_X509		10

-#define CRYPTO_EX_INDEX_UI		11

-#define CRYPTO_EX_INDEX_ECDSA		12

-#define CRYPTO_EX_INDEX_ECDH		13

-#define CRYPTO_EX_INDEX_COMP		14

-#define CRYPTO_EX_INDEX_STORE		15

-/* Dynamically assigned indexes start from this value (don't use directly, use

- * via CRYPTO_ex_data_new_class). */

-#define CRYPTO_EX_INDEX_USER		100

-/* This is the default callbacks, but we can have others as well:

- * this is needed in Win32 where the application malloc and the

- * library malloc may not be the same.

- */

-#define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\

-	malloc, realloc, free)

-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD

-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */

-#  define CRYPTO_MDEBUG

-# endif

-#endif

-/* Set standard debugging functions (not done by default

- * unless CRYPTO_MDEBUG is defined) */

-#define CRYPTO_malloc_debug_init()	do {\

-	CRYPTO_set_mem_debug_functions(\

-		CRYPTO_dbg_malloc,\

-		CRYPTO_dbg_realloc,\

-		CRYPTO_dbg_free,\

-		CRYPTO_dbg_set_options,\

-		CRYPTO_dbg_get_options);\

-	} while(0)

-int CRYPTO_mem_ctrl(int mode);

-int CRYPTO_is_mem_check_on(void);

-/* for applications */

-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)

-#define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)

-/* for library-internal use */

-#define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)

-#define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)

-#define is_MemCheck_on() CRYPTO_is_mem_check_on()

-#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)

-#define OPENSSL_realloc(addr,num) \

-	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)

-#define OPENSSL_realloc_clean(addr,old_num,num) \

-	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)

-#define OPENSSL_remalloc(addr,num) \

-	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)

-#define OPENSSL_freeFunc	CRYPTO_free

-#define OPENSSL_free(addr)	CRYPTO_free(addr)

-#define OPENSSL_malloc_locked(num) \

-	CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)

-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)

-const char *SSLeay_version(int type);

-unsigned long SSLeay(void);

-int OPENSSL_issetugid(void);

-/* An opaque type representing an implementation of "ex_data" support */

-typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;

-/* Return an opaque pointer to the current "ex_data" implementation */

-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);

-/* Sets the "ex_data" implementation to be used (if it's not too late) */

-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);

-/* Get a new "ex_data" class, and return the corresponding "class_index" */

-int CRYPTO_ex_data_new_class(void);

-/* Within a given class, get/register a new index */

-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,

-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-		CRYPTO_EX_free *free_func);

-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given

- * class (invokes whatever per-class callbacks are applicable) */

-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);

-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,

-		CRYPTO_EX_DATA *from);

-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);

-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index

- * (relative to the class type involved) */

-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);

-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);

-/* This function cleans up all "ex_data" state. It mustn't be called under

- * potential race-conditions. */

-void CRYPTO_cleanup_all_ex_data(void);

-int CRYPTO_get_new_lockid(char *name);

-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */

-void CRYPTO_lock(int mode, int type,const char *file,int line);

-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,

-					      const char *file,int line));

-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,

-		int line);

-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,

-					      const char *file, int line));

-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,

-					  const char *file,int line);

-void CRYPTO_set_id_callback(unsigned long (*func)(void));

-unsigned long (*CRYPTO_get_id_callback(void))(void);

-unsigned long CRYPTO_thread_id(void);

-const char *CRYPTO_get_lock_name(int type);

-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,

-		    int line);

-int CRYPTO_get_new_dynlockid(void);

-void CRYPTO_destroy_dynlockid(int i);

-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);

-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));

-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));

-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));

-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);

-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);

-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);

-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --

- * call the latter last if you need different functions */

-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));

-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));

-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),

-                                void *(*r)(void *,size_t,const char *,int),

-                                void (*f)(void *));

-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),

-                                       void (*free_func)(void *));

-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),

-				   void (*r)(void *,void *,int,const char *,int,int),

-				   void (*f)(void *,int),

-				   void (*so)(long),

-				   long (*go)(void));

-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));

-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));

-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),

-                                 void *(**r)(void *, size_t,const char *,int),

-                                 void (**f)(void *));

-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),

-                                        void (**f)(void *));

-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),

-				    void (**r)(void *,void *,int,const char *,int,int),

-				    void (**f)(void *,int),

-				    void (**so)(long),

-				    long (**go)(void));

-void *CRYPTO_malloc_locked(int num, const char *file, int line);

-void CRYPTO_free_locked(void *);

-void *CRYPTO_malloc(int num, const char *file, int line);

-void CRYPTO_free(void *);

-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);

-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,

-			   int line);

-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);

-void OPENSSL_cleanse(void *ptr, size_t len);

-void CRYPTO_set_mem_debug_options(long bits);

-long CRYPTO_get_mem_debug_options(void);

-#define CRYPTO_push_info(info) \

-        CRYPTO_push_info_(info, __FILE__, __LINE__);

-int CRYPTO_push_info_(const char *info, const char *file, int line);

-int CRYPTO_pop_info(void);

-int CRYPTO_remove_all_info(void);

-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;

- * used as default in CRYPTO_MDEBUG compilations): */

-/* The last argument has the following significance:

- *

- * 0:	called before the actual memory allocation has taken place

- * 1:	called after the actual memory allocation has taken place

- */

-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);

-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);

-void CRYPTO_dbg_free(void *addr,int before_p);

-/* Tell the debugging code about options.  By default, the following values

- * apply:

- *

- * 0:                           Clear all options.

- * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.

- * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.

- * V_CRYPTO_MDEBUG_ALL (3):     1 + 2

- */

-void CRYPTO_dbg_set_options(long bits);

-long CRYPTO_dbg_get_options(void);

-#ifndef OPENSSL_NO_FP_API

-void CRYPTO_mem_leaks_fp(FILE *);

-#endif

-void CRYPTO_mem_leaks(struct bio_st *bio);

-/* unsigned long order, char *file, int line, int num_bytes, char *addr */

-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);

-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);

-/* die if we have to */

-void OpenSSLDie(const char *file,int line,const char *assertion);

-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))

-unsigned long *OPENSSL_ia32cap_loc(void);

-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_CRYPTO_strings(void);

-/* Error codes for the CRYPTO functions. */

-/* Function codes. */

-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100

-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103

-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101

-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102

-#define CRYPTO_F_DEF_ADD_INDEX				 104

-#define CRYPTO_F_DEF_GET_CLASS				 105

-#define CRYPTO_F_INT_DUP_EX_DATA			 106

-#define CRYPTO_F_INT_FREE_EX_DATA			 107

-#define CRYPTO_F_INT_NEW_EX_DATA			 108

-/* Reason codes. */

-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/cversion.c

+++ /dev/null

@@ -1,117 +1,0 @@

-/* crypto/cversion.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "cryptlib.h"

-#ifndef NO_WINDOWS_BRAINDEATH

-#include "buildinf.h"

-#endif

-const char *SSLeay_version(int t)

-	{

-	if (t == SSLEAY_VERSION)

-		return OPENSSL_VERSION_TEXT;

-	if (t == SSLEAY_BUILT_ON)

-		{

-#ifdef DATE

-		static char buf[sizeof(DATE)+11];

-		BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);

-		return(buf);

-#else

-		return("built on: date not available");

-#endif

-		}

-	if (t == SSLEAY_CFLAGS)

-		{

-#ifdef CFLAGS

-		static char buf[sizeof(CFLAGS)+11];

-		BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);

-		return(buf);

-#else

-		return("compiler: information not available");

-#endif

-		}

-	if (t == SSLEAY_PLATFORM)

-		{

-#ifdef PLATFORM

-		static char buf[sizeof(PLATFORM)+11];

-		BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);

-		return(buf);

-#else

-		return("platform: information not available");

-#endif

-		}

-	if (t == SSLEAY_DIR)

-		{

-#ifdef OPENSSLDIR

-		return "OPENSSLDIR: \"" OPENSSLDIR "\"";

-#else

-		return "OPENSSLDIR: N/A";

-#endif

-		}

-	return("not available");

-	}

-unsigned long SSLeay(void)

-	{

-	return(SSLEAY_VERSION_NUMBER);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/COPYRIGHT

+++ /dev/null

@@ -1,50 +1,0 @@

-Copyright (C) 1995-1997 Eric Young ([email protected])

-All rights reserved.

-This package is an DES implementation written by Eric Young ([email protected]).

-The implementation was written so as to conform with MIT's libdes.

-This library is free for commercial and non-commercial use as long as

-the following conditions are aheared to.  The following conditions

-apply to all code found in this distribution.

-Copyright remains Eric Young's, and as such any Copyright notices in

-the code are not to be removed.

-If this package is used in a product, Eric Young should be given attribution

-as the author of that the SSL library.  This can be in the form of a textual

-message at program startup or in documentation (online or textual) provided

-with the package.

-Redistribution and use in source and binary forms, with or without

-modification, are permitted provided that the following conditions

-are met:

-1. Redistributions of source code must retain the copyright

-   notice, this list of conditions and the following disclaimer.

-2. Redistributions in binary form must reproduce the above copyright

-   notice, this list of conditions and the following disclaimer in the

-   documentation and/or other materials provided with the distribution.

-3. All advertising materials mentioning features or use of this software

-   must display the following acknowledgement:

-   This product includes software developed by Eric Young ([email protected])

-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

-SUCH DAMAGE.

-The license and distribution terms for any publically available version or

-derivative of this code cannot be changed.  i.e. this code cannot simply be

-copied and put under another distrubution license

-[including the GNU Public License.]

-The reason behind this being stated in this direct manner is past

-experience in code simply being copied and the attribution removed

-from it and then being distributed as part of other packages. This

-implementation was a non-trivial and unpaid effort.

--- a/sys/src/ape/lib/openssl/crypto/des/DES.pm

+++ /dev/null

@@ -1,19 +1,0 @@

-package DES;

-require Exporter;

-require DynaLoader;

-@ISA = qw(Exporter DynaLoader);

-# Items to export into callers namespace by default

-# (move infrequently used names to @EXPORT_OK below)

-@EXPORT = qw(

-);

-# Other items we are prepared to export if requested

-@EXPORT_OK = qw(

-crypt

-);

-# Preloaded methods go here.  Autoload methods go after __END__, and are

-# processed by the autosplit program.

-bootstrap DES;

-1;

-__END__

--- a/sys/src/ape/lib/openssl/crypto/des/DES.xs

+++ /dev/null

@@ -1,268 +1,0 @@

-#include "EXTERN.h"

-#include "perl.h"

-#include "XSUB.h"

-#include "des.h"

-#define deschar	char

-static STRLEN len;

-static int

-not_here(s)

-char *s;

-{

-    croak("%s not implemented on this architecture", s);

-    return -1;

-}

-MODULE = DES	PACKAGE = DES	PREFIX = des_

-char *

-des_crypt(buf,salt)

-	char *	buf

-	char *	salt

-void

-des_set_odd_parity(key)

-	des_cblock *	key

-PPCODE:

-	{

-	SV *s;

-	s=sv_newmortal();

-	sv_setpvn(s,(char *)key,8);

-	des_set_odd_parity((des_cblock *)SvPV(s,na));

-	PUSHs(s);

-	}

-int

-des_is_weak_key(key)

-	des_cblock *	key

-des_key_schedule

-des_set_key(key)

-	des_cblock *	key

-CODE:

-	des_set_key(key,RETVAL);

-OUTPUT:

-RETVAL

-des_cblock

-des_ecb_encrypt(input,ks,encrypt)

-	des_cblock *	input

-	des_key_schedule *	ks

-	int	encrypt

-CODE:

-	des_ecb_encrypt(input,&RETVAL,*ks,encrypt);

-OUTPUT:

-RETVAL

-void

-des_cbc_encrypt(input,ks,ivec,encrypt)

-	char *	input

-	des_key_schedule *	ks

-	des_cblock *	ivec

-	int	encrypt

-PPCODE:

-	{

-	SV *s;

-	STRLEN len,l;

-	char *c;

-	l=SvCUR(ST(0));

-	len=((((unsigned long)l)+7)/8)*8;

-	s=sv_newmortal();

-	sv_setpvn(s,"",0);

-	SvGROW(s,len);

-	SvCUR_set(s,len);

-	c=(char *)SvPV(s,na);

-	des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,

-		l,*ks,ivec,encrypt);

-	sv_setpvn(ST(2),(char *)c[len-8],8);

-	PUSHs(s);

-	}

-void

-des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)

-	char *	input

-	des_key_schedule *	ks1

-	des_key_schedule *	ks2

-	des_cblock *	ivec1

-	des_cblock *	ivec2

-	int	encrypt

-PPCODE:

-	{

-	SV *s;

-	STRLEN len,l;

-	l=SvCUR(ST(0));

-	len=((((unsigned long)l)+7)/8)*8;

-	s=sv_newmortal();

-	sv_setpvn(s,"",0);

-	SvGROW(s,len);

-	SvCUR_set(s,len);

-	des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),

-		l,*ks1,*ks2,ivec1,ivec2,encrypt);

-	sv_setpvn(ST(3),(char *)ivec1,8);

-	sv_setpvn(ST(4),(char *)ivec2,8);

-	PUSHs(s);

-	}

-void

-des_cbc_cksum(input,ks,ivec)

-	char *	input

-	des_key_schedule *	ks

-	des_cblock *	ivec

-PPCODE:

-	{

-	SV *s1,*s2;

-	STRLEN len,l;

-	des_cblock c;

-	unsigned long i1,i2;

-	s1=sv_newmortal();

-	s2=sv_newmortal();

-	l=SvCUR(ST(0));

-	des_cbc_cksum((des_cblock *)input,(des_cblock *)c,

-		l,*ks,ivec);

-	i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);

-	i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);

-	sv_setiv(s1,i1);

-	sv_setiv(s2,i2);

-	sv_setpvn(ST(2),(char *)c,8);

-	PUSHs(s1);

-	PUSHs(s2);

-	}

-void

-des_cfb_encrypt(input,numbits,ks,ivec,encrypt)

-	char *	input

-	int	numbits

-	des_key_schedule *	ks

-	des_cblock *	ivec

-	int	encrypt

-PPCODE:

-	{

-	SV *s;

-	STRLEN len;

-	char *c;

-	len=SvCUR(ST(0));

-	s=sv_newmortal();

-	sv_setpvn(s,"",0);

-	SvGROW(s,len);

-	SvCUR_set(s,len);

-	c=(char *)SvPV(s,na);

-	des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,

-		(int)numbits,(long)len,*ks,ivec,encrypt);

-	sv_setpvn(ST(3),(char *)ivec,8);

-	PUSHs(s);

-	}

-des_cblock *

-des_ecb3_encrypt(input,ks1,ks2,encrypt)

-	des_cblock *	input

-	des_key_schedule *	ks1

-	des_key_schedule *	ks2

-	int	encrypt

-CODE:

-	{

-	des_cblock c;

-	des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,

-		*ks1,*ks2,encrypt);

-	RETVAL= &c;

-	}

-OUTPUT:

-RETVAL

-void

-des_ofb_encrypt(input,numbits,ks,ivec)

-	unsigned char *	input

-	int	numbits

-	des_key_schedule *	ks

-	des_cblock *	ivec

-PPCODE:

-	{

-	SV *s;

-	STRLEN len,l;

-	unsigned char *c;

-	len=SvCUR(ST(0));

-	s=sv_newmortal();

-	sv_setpvn(s,"",0);

-	SvGROW(s,len);

-	SvCUR_set(s,len);

-	c=(unsigned char *)SvPV(s,na);

-	des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,

-		numbits,len,*ks,ivec);

-	sv_setpvn(ST(3),(char *)ivec,8);

-	PUSHs(s);

-	}

-void

-des_pcbc_encrypt(input,ks,ivec,encrypt)

-	char *	input

-	des_key_schedule *	ks

-	des_cblock *	ivec

-	int	encrypt

-PPCODE:

-	{

-	SV *s;

-	STRLEN len,l;

-	char *c;

-	l=SvCUR(ST(0));

-	len=((((unsigned long)l)+7)/8)*8;

-	s=sv_newmortal();

-	sv_setpvn(s,"",0);

-	SvGROW(s,len);

-	SvCUR_set(s,len);

-	c=(char *)SvPV(s,na);

-	des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,

-		l,*ks,ivec,encrypt);

-	sv_setpvn(ST(2),(char *)c[len-8],8);

-	PUSHs(s);

-	}

-des_cblock *

-des_random_key()

-CODE:

-	{

-	des_cblock c;

-	des_random_key(c);

-	RETVAL=&c;

-	}

-OUTPUT:

-RETVAL

-des_cblock *

-des_string_to_key(str)

-char *	str

-CODE:

-	{

-	des_cblock c;

-	des_string_to_key(str,&c);

-	RETVAL=&c;

-	}

-OUTPUT:

-RETVAL

-void

-des_string_to_2keys(str)

-char *	str

-PPCODE:

-	{

-	des_cblock c1,c2;

-	SV *s1,*s2;

-	des_string_to_2keys(str,&c1,&c2);

-	EXTEND(sp,2);

-	s1=sv_newmortal();

-	sv_setpvn(s1,(char *)c1,8);

-	s2=sv_newmortal();

-	sv_setpvn(s2,(char *)c2,8);

-	PUSHs(s1);

-	PUSHs(s2);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/FILES0

+++ /dev/null

@@ -1,96 +1,0 @@

-/* General stuff */

-COPYRIGHT	- Copyright info.

-MODES.DES	- A description of the features of the different modes of DES.

-FILES		- This file.

-INSTALL		- How to make things compile.

-Imakefile	- For use with kerberos.

-README		- What this package is.

-VERSION		- Which version this is and what was changed.

-KERBEROS	- Kerberos version 4 notes.

-Makefile.PL	- An old makefile to build with perl5, not current.

-Makefile.ssl	- The SSLeay makefile

-Makefile.uni	- The normal unix makefile.

-GNUmakefile	- The makefile for use with glibc.

-makefile.bc	- A Borland C makefile

-times		- Some outputs from 'speed' on some machines.

-vms.com		- For use when compiling under VMS

-/* My SunOS des(1) replacement */

-des.c		- des(1) source code.

-des.man		- des(1) manual.

-/* Testing and timing programs. */

-destest.c	- Source for libdes.a test program.

-speed.c		- Source for libdes.a timing program.

-rpw.c		- Source for libdes.a testing password reading routines.

-/* libdes.a source code */

-des_crypt.man	- libdes.a manual page.

-des.h		- Public libdes.a header file.

-ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.

-ecb3_enc.c	- des_ecb3_encrypt() source.

-cbc_ckm.c	- des_cbc_cksum() source.

-cbc_enc.c	- des_cbc_encrypt() source.

-ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies

-		  the new iv values back in the passed iv vector.

-ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.

-cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.

-cfb_enc.c	- des_cfb_encrypt() source.

-cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be

-		  used as a stream cipher.

-cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be

-		  used as a stream cipher and using triple DES.

-ofb_enc.c	- des_cfb_encrypt() source.

-ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be

-		  used as a stream cipher.

-ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be

-		  used as a stream cipher and using triple DES.

-enc_read.c	- des_enc_read() source.

-enc_writ.c	- des_enc_write() source.

-pcbc_enc.c	- des_pcbc_encrypt() source.

-qud_cksm.c	- quad_cksum() source.

-rand_key.c	- des_random_key() source.

-read_pwd.c	- Source for des_read_password() plus related functions.

-set_key.c	- Source for des_set_key().

-str2key.c	- Covert a string of any length into a key.

-fcrypt.c	- A small, fast version of crypt(3).

-des_locl.h	- Internal libdes.a header file.

-podd.h		- Odd parity tables - used in des_set_key().

-sk.h		- Lookup tables used in des_set_key().

-spr.h		- What is left of the S tables - used in ecb_encrypt().

-des_ver.h	- header file for the external definition of the

-		  version string.

-des.doc		- SSLeay documentation for the library.

-/* The perl scripts - you can ignore these files they are only

- * included for the curious */

-des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt

-		  both done in a perl library.

-testdes.pl	- Testing program for des.pl

-doIP		- Perl script used to develop IP xor/shift code.

-doPC1		- Perl script used to develop PC1 xor/shift code.

-doPC2		- Generates sk.h.

-PC1		- Output of doPC1 should be the same as output from PC1.

-PC2		- used in development of doPC2.

-shifts.pl	- Perl library used by my perl scripts.

-/* I started making a perl5 dynamic library for libdes

- * but did not fully finish, these files are part of that effort. */

-DES.pm

-DES.pod

-DES.xs

-t

-typemap

-/* The following are for use with sun RPC implementaions. */

-rpc_des.h

-rpc_enc.c

-/* The following are contibuted by Mark Murray <[email protected]>.  They

- * are not normally built into libdes due to machine specific routines

- * contained in them.  They are for use in the most recent incarnation of

- * export kerberos v 4 (eBones). */

-supp.c

-new_rkey.c

--- a/sys/src/ape/lib/openssl/crypto/des/INSTALL

+++ /dev/null

@@ -1,69 +1,0 @@

-Check the CC and CFLAGS lines in the makefile

-If your C library does not support the times(3) function, change the

-#define TIMES to

-#undef TIMES in speed.c

-If it does, check the HZ value for the times(3) function.

-If your system does not define CLK_TCK it will be assumed to

-be 100.0.

-If possible use gcc v 2.7.?

-Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)

-In recent times, some system compilers give better performace.

-type 'make'

-run './destest' to check things are ok.

-run './rpw' to check the tty code for reading passwords works.

-run './speed' to see how fast those optimisations make the library run :-)

-run './des_opts' to determin the best compile time options.

-The output from des_opts should be put in the makefile options and des_enc.c

-should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.

-For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'

-and then you can use the 'DES_PTR' option.

-The file options.txt has the options listed for best speed on quite a

-few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then

-turn on the relevant option in the Makefile.

-There are some special Makefile targets that make life easier.

-make cc		- standard cc build

-make gcc	- standard gcc build

-make x86-elf	- x86 assembler (elf), linux-elf.

-make x86-out	- x86 assembler (a.out), FreeBSD

-make x86-solaris- x86 assembler

-make x86-bsdi	- x86 assembler (a.out with primative assembler).

-If at all possible use the assembler (for Windows NT/95, use

-asm/win32.obj to link with).  The x86 assembler is very very fast.

-A make install will by default install

-libdes.a      in /usr/local/lib/libdes.a

-des           in /usr/local/bin/des

-des_crypt.man in /usr/local/man/man3/des_crypt.3

-des.man       in /usr/local/man/man1/des.1

-des.h         in /usr/include/des.h

-des(1) should be compatible with sunOS's but I have been unable to

-test it.

-These routines should compile on MSDOS, most 32bit and 64bit version

-of Unix (BSD and SYSV) and VMS, without modification.

-The only problems should be #include files that are in the wrong places.

-These routines can be compiled under MSDOS.

-I have successfully encrypted files using des(1) under MSDOS and then

-decrypted the files on a SparcStation.

-I have been able to compile and test the routines with

-Microsoft C v 5.1 and Turbo C v 2.0.

-The code in this library is in no way optimised for the 16bit

-operation of MSDOS.

-When building for glibc, ignore all of the above and just unpack into

-glibc-1.??/des and then gmake as per normal.

-As a final note on performace.  Certain CPUs like sparcs and Alpha often give

-a %10 speed difference depending on the link order.  It is rather anoying

-when one program reports 'x' DES encrypts a second and another reports

-'x*0.9' the speed.

--- a/sys/src/ape/lib/openssl/crypto/des/Imakefile

+++ /dev/null

@@ -1,35 +1,0 @@

-# This Imakefile has not been tested for a while but it should still

-# work when placed in the correct directory in the kerberos v 4 distribution

-SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \

-        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \

-        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \

-	ecb3_enc.c ofb_enc.c ofb64enc.c

-OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \

-	qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \

-	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \

-	ecb3_enc.o ofb_enc.o ofb64enc.o

-GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \

-	vms.com KERBEROS

-DES=    des.c des.man

-TESTING=destest.c speed.c rpw.c

-LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h

-PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl

-CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)

-SRCDIR=$(SRCTOP)/lib/des

-DBG= -O

-INCLUDE= -I$(SRCDIR)

-CC= cc

-library_obj_rule()

-install_library_target(des,$(OBJS),$(SRCS),)

-test(destest,libdes.a,)

-test(rpw,libdes.a,)

--- a/sys/src/ape/lib/openssl/crypto/des/KERBEROS

+++ /dev/null

@@ -1,41 +1,0 @@

- [ This is an old file, I don't know if it is true anymore

-   but I will leave the file here - eay 21/11/95 ]

-To use this library with Bones (kerberos without DES):

-1) Get my modified Bones - eBones.  It can be found on

-   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z

-   and

-   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z

-2) Unpack this library in src/lib/des, makeing sure it is version

-   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences

-   from the version in comp.sources.misc volume 29 patchlevel2.

-   The primarily difference is that it should compile under kerberos :-).

-   It can be found at.

-   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z

-Now do a normal kerberos build and things should work.

-One problem I found when I was build on my local sun.

----

-For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c

-*** make_commands.c.orig	Fri Jul  3 04:18:35 1987

---- make_commands.c	Wed May 20 08:47:42 1992

-***************

-*** 98,104 ****

-       if (!rename(o_file, z_file)) {

-  	  if (!vfork()) {

-  	       chdir("/tmp");

-! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",

-  		     z_file+5, 0);

-  	       perror("/bin/ld");

-  	       _exit(1);

---- 98,104 ----

-       if (!rename(o_file, z_file)) {

-  	  if (!vfork()) {

-  	       chdir("/tmp");

-! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",

-  		     z_file+5, 0);

-  	       perror("/bin/ld");

-  	       _exit(1);

--- a/sys/src/ape/lib/openssl/crypto/des/Makefile

+++ /dev/null

@@ -1,292 +1,0 @@

-#

-# OpenSSL/crypto/des/Makefile

-#

-DIR=	des

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=-I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-RANLIB=		ranlib

-DES_ENC=	des_enc.o fcrypt_b.o

-# or use

-#DES_ENC=	dx86-elf.o yx86-elf.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=destest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \

-	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \

-	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \

-	qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \

-	des_enc.c fcrypt_b.c \

-	xcbc_enc.c \

-	str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \

-	read2pwd.c

-LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \

-	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \

-	enc_read.o enc_writ.o ofb64enc.o \

-	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \

-	${DES_ENC} \

-	fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \

-	ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o

-SRC= $(LIBSRC)

-EXHEADER= des.h des_old.h

-HEADER=	des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-des: des.o cbc3_enc.o lib

-	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)

-des_enc-sparc.S:	asm/des_enc.m4

-	m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S

-# ELF

-dx86-elf.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@)

-yx86-elf.s:	asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@)

-# COFF

-dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@)

-yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@)

-# a.out

-dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@)

-yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-# We need to use force because 'install' matches 'INSTALL' on case

-# insensitive systems

-FRC.install:

-install: FRC.install

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-cbc_cksm.o: cbc_cksm.c des_locl.h

-cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c

-cfb64ede.o: ../../e_os.h ../../include/openssl/des.h

-cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

-cfb64ede.o: ../../include/openssl/opensslconf.h

-cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-cfb64ede.o: cfb64ede.c des_locl.h

-cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-cfb64enc.o: cfb64enc.c des_locl.h

-cfb_enc.o: ../../e_os.h ../../include/openssl/des.h

-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h

-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h

-des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-des_enc.o: des_enc.c des_locl.h ncbc_enc.c

-des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-des_old.o: ../../include/openssl/ui_compat.h des_old.c

-des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-des_old2.o: ../../include/openssl/ui_compat.h des_old2.c

-ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-ecb3_enc.o: des_locl.h ecb3_enc.c

-ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c

-ecb_enc.o: spr.h

-ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-ede_cbcm_enc.o: ../../include/openssl/e_os2.h

-ede_cbcm_enc.o: ../../include/openssl/opensslconf.h

-ede_cbcm_enc.o: ../../include/openssl/ossl_typ.h

-ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c

-enc_read.o: ../../e_os.h ../../include/openssl/bio.h

-enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-enc_read.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h

-enc_read.o: enc_read.c

-enc_writ.o: ../../e_os.h ../../include/openssl/bio.h

-enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c

-fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-fcrypt.o: des_locl.h fcrypt.c

-fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-fcrypt_b.o: des_locl.h fcrypt_b.c

-ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-ofb64ede.o: des_locl.h ofb64ede.c

-ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-ofb64enc.o: des_locl.h ofb64enc.c

-ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-ofb_enc.o: des_locl.h ofb_enc.c

-pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-pcbc_enc.o: des_locl.h pcbc_enc.c

-qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-qud_cksm.o: des_locl.h qud_cksm.c

-rand_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-rand_key.o: ../../include/openssl/ui_compat.h rand_key.c

-read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

-read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

-read2pwd.o: ../../include/openssl/opensslconf.h

-read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c

-rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c

-set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-set_key.o: des_locl.h set_key.c

-str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

-str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

-str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-str2key.o: des_locl.h str2key.c

-xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-xcbc_enc.o: des_locl.h xcbc_enc.c

--- a/sys/src/ape/lib/openssl/crypto/des/README

+++ /dev/null

@@ -1,54 +1,0 @@

-		libdes, Version 4.01 10-Jan-97

-		Copyright (c) 1997, Eric Young

-			  All rights reserved.

-    This program is free software; you can redistribute it and/or modify

-    it under the terms specified in COPYRIGHT.

-The primary ftp site for this library is

-ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz

-libdes is now also shipped with SSLeay.  Primary ftp site of

-ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz

-The best way to build this library is to build it as part of SSLeay.

-This kit builds a DES encryption library and a DES encryption program.

-It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,

-triple cfb, desx, and MIT's pcbc encryption modes and also has a fast

-implementation of crypt(3).

-It contains support routines to read keys from a terminal,

-generate a random key, generate a key from an arbitrary length string,

-read/write encrypted data from/to a file descriptor.

-The implementation was written so as to conform with the manual entry

-for the des_crypt(3) library routines from MIT's project Athena.

-destest should be run after compilation to test the des routines.

-rpw should be run after compilation to test the read password routines.

-The des program is a replacement for the sun des command.  I believe it

-conforms to the sun version.

-The Imakefile is setup for use in the kerberos distribution.

-These routines are best compiled with gcc or any other good

-optimising compiler.

-Just turn you optimiser up to the highest settings and run destest

-after the build to make sure everything works.

-I believe these routines are close to the fastest and most portable DES

-routines that use small lookup tables (4.5k) that are publicly available.

-The fcrypt routine is faster than ufc's fcrypt (when compiling with

-gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines

-(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.

-[ 10-Jan-97 and a function of an incorrect speed testing program in

-  ufc which gave much better test figures that reality ].

-It is worth noting that on sparc and Alpha CPUs, performance of the DES

-library can vary by upto %10 due to the positioning of files after application

-linkage.

-Eric Young ([email protected])

--- a/sys/src/ape/lib/openssl/crypto/des/VERSION

+++ /dev/null

@@ -1,412 +1,0 @@

-	Fixed the weak key values which were wrong :-(

-	Defining SIGACTION causes sigaction() to be used instead of signal().

-	SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it

-	can cause problems.  This should hopefully not affect normal

-	applications.

-Version 4.04

-	Fixed a few tests in destest.  Also added x86 assember for

-	des_ncbc_encrypt() which is the standard cbc mode function.

-	This makes a very very large performace difference.

-	Ariel Glenn [email protected] reports that the terminal

-	'turn echo off' can return (errno == EINVAL) under solaris

-	when redirection is used.  So I now catch that as well as ENOTTY.

-Version 4.03

-	Left a static out of enc_write.c, which caused to buffer to be

-	continiously malloc()ed.  Does anyone use these functions?  I keep

-	on feeling like removing them since I only had these in there

-	for a version of kerberised login.  Anyway, this was pointed out

-	by Theo de Raadt <[email protected]>

-	The 'n' bit ofb code was wrong, it was not shifting the shift

-	register. It worked correctly for n == 64.  Thanks to

-	Gigi Ankeny <[email protected]> for pointing this one out.

-Version 4.02

-	I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'

-	when checking for weak keys which is wrong :-(, pointed out by

-	Markus F.X.J. Oberhumer <[email protected]>.

-Version 4.01

-	Even faster inner loop in the DES assembler for x86 and a modification

-	for IP/FP which is faster on x86.  Both of these changes are

-	from Svend Olaf Mikkelsen <[email protected]>.  His

-	changes make the assembler run %40 faster on a pentium.  This is just

-	a case of getting the instruction sequence 'just right'.

-	All credit to 'Svend' :-)

-	Quite a few special x86 'make' targets.

-	A libdes-l (lite) distribution.

-Version 4.00

-	After a bit of a pause, I'll up the major version number since this

-	is mostly a performace release.  I've added x86 assembler and

-	added more options for performance.  A %28 speedup for gcc

-	on a pentium and the assembler is a %50 speedup.

-	MIPS CPU's, sparc and Alpha are the main CPU's with speedups.

-	Run des_opts to work out which options should be used.

-	DES_RISC1/DES_RISC2 use alternative inner loops which use

-	more registers but should give speedups on any CPU that does

-	dual issue (pentium).  DES_UNROLL unrolls the inner loop,

-	which costs in code size.

-Version 3.26

-	I've finally removed one of the shifts in D_ENCRYPT.  This

-	meant I've changed the des_SPtrans table (spr.h), the set_key()

-	function and some things in des_enc.c.  This has definitly

-	made things faster :-).  I've known about this one for some

-	time but I've been too lazy to follow it up :-).

-	Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..

-	instead of L^=((..)|(..)|(..)..  This should save a register at

-	least.

-	Assember for x86.  The file to replace is des_enc.c, which is replaced

-	by one of the assembler files found in asm.  Look at des/asm/readme

-	for more info.

-	/* Modification to fcrypt so it can be compiled to support

-	HPUX 10.x's long password format, define -DLONGCRYPT to use this.

-	Thanks to Jens Kupferschmidt <[email protected]>. */

-	SIGWINCH case put in des_read_passwd() so the function does not

-	'exit' if this function is recieved.

-Version 3.25 17/07/96

-	Modified read_pwd.c so that stdin can be read if not a tty.

-	Thanks to Jeff Barber <[email protected]> for the patches.

-	des_init_random_number_generator() shortened due to VMS linker

-	limits.

-	Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2

-	8 byte quantites xored before and after encryption.

-	des_xcbc_encryption() - the name is funny to preserve the des_

-	prefix on all functions.

-Version 3.24 20/04/96

-	The DES_PTR macro option checked and used by SSLeay configuration

-Version 3.23 11/04/96

-	Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,

-	it gives a %20 speedup :-)

-	Fixed the problem with des.pl under perl5.  The patches were

-	sent by Ed Kubaitis ([email protected]).

-	if fcrypt.c, changed values to handle illegal salt values the way

-	normal crypt() implementations do.  Some programs apparently use

-	them :-(. The patch was sent by Bjorn Gronvall <[email protected]>

-Version 3.22 29/11/95

-	Bug in des(1), an error with the uuencoding stuff when the

-	'data' is small, thanks to Geoff Keating <[email protected]>

-	for the patch.

-Version 3.21 22/11/95

-	After some emailing back and forth with

-	Colin Plumb <[email protected]>, I've tweaked a few things

-	and in a future version I will probably put in some of the

-	optimisation he suggested for use with the DES_USE_PTR option.

-	Extra routines from Mark Murray <[email protected]> for use in

-	freeBSD.  They mostly involve random number generation for use

-	with kerberos.  They involve evil machine specific system calls

-	etc so I would normally suggest pushing this stuff into the

-	application and/or using RAND_seed()/RAND_bytes() if you are

-	using this DES library as part of SSLeay.

-	Redone the read_pw() function so that it is cleaner and

-	supports termios, thanks to Sameer Parekh <[email protected]>

-	for the initial patches for this.

-	Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been

-	 done just to make things more consistent.

-	I have also now added triple DES versions of cfb and ofb.

-Version 3.20

-	Damn, Damn, Damn, as pointed out by [email protected],

-	my des_random_seed() function was only copying 4 bytes of the

-	passed seed into the init structure.  It is now fixed to copy 8.

-	My own suggestion is to used something like MD5 :-)

-Version 3.19

-	While looking at my code one day, I though, why do I keep on

-	calling des_encrypt(in,out,ks,enc) when every function that

-	calls it has in and out the same.  So I dropped the 'out'

-	parameter, people should not be using this function.

-Version 3.18 30/08/95

-	Fixed a few bit with the distribution and the filenames.

-	3.17 had been munged via a move to DOS and back again.

-	NO CODE CHANGES

-Version 3.17 14/07/95

-	Fixed ede3 cbc which I had broken in 3.16.  I have also

-	removed some unneeded variables in 7-8 of the routines.

-Version 3.16 26/06/95

-	Added des_encrypt2() which does not use IP/FP, used by triple

-	des routines.  Tweaked things a bit elsewhere. %13 speedup on

-	sparc and %6 on a R4400 for ede3 cbc mode.

-Version 3.15 06/06/95

-	Added des_ncbc_encrypt(), it is des_cbc mode except that it is

-	'normal' and copies the new iv value back over the top of the

-	passed parameter.

-	CHANGED des_ede3_cbc_encrypt() so that it too now overwrites

-	the iv.  THIS WILL BREAK EXISTING CODE, but since this function

-	only new, I feel I can change it, not so with des_cbc_encrypt :-(.

-	I need to update the documentation.

-Version 3.14 31/05/95

-	New release upon the world, as part of my SSL implementation.

-	New copyright and usage stuff.  Basically free for all to use

-	as long as you say it came from me :-)

-Version 3.13 31/05/95

-	A fix in speed.c, if HZ is not defined, I set it to 100.0

-	which is reasonable for most unixes except SunOS 4.x.

-	I now have a #ifdef sun but timing for SunOS 4.x looked very

-	good :-(.  At my last job where I used SunOS 4.x, it was

-	defined to be 60.0 (look at the old INSTALL documentation), at

-	the last release had it changed to 100.0 since I now work with

-	Solaris2 and SVR4 boxes.

-	Thanks to  Rory Chisholm <[email protected]> for pointing this

-	one out.

-Version 3.12 08/05/95

-	As pointed out by The Crypt Keeper <[email protected]>,

-	my D_ENCRYPT macro in crypt() had an un-necessary variable.

-	It has been removed.

-Version 3.11 03/05/95

-	Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys

-	and one iv.  It is a standard and I needed it for my SSL code.

-	It makes more sense to use this for triple DES than

-	3cbc_encrypt().  I have also added (or should I say tested :-)

-	cfb64_encrypt() which is cfb64 but it will encrypt a partial

-	number of bytes - 3 bytes in 3 bytes out.  Again this is for

-	my SSL library, as a form of encryption to use with SSL

-	telnet.

-Version 3.10 22/03/95

-	Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls

-	to cbc3_encrypt, the 2 iv values that were being returned to

-	be used in the next call were reversed :-(.

-	Many thanks to Bill Wade <[email protected]> for pointing out

-	this error.

-Version 3.09 01/02/95

-	Fixed des_random_key to far more random, it was rather feeble

-	with regards to picking the initial seed.  The problem was

-	pointed out by Olaf Kirch <[email protected]>.

-Version 3.08 14/12/94

-	Added Makefile.PL so libdes can be built into perl5.

-	Changed des_locl.h so RAND is always defined.

-Version 3.07 05/12/94

-	Added GNUmake and stuff so the library can be build with

-	glibc.

-Version 3.06 30/08/94

-	Added rpc_enc.c which contains _des_crypt.  This is for use in

-	secure_rpc v 4.0

-	Finally fixed the cfb_enc problems.

-	Fixed a few parameter parsing bugs in des (-3 and -b), thanks

-	to Rob McMillan <[email protected]>

-Version 3.05 21/04/94

-	for unsigned long l; gcc does not produce ((l>>34) == 0)

-	This causes bugs in cfb_enc.

-	Thanks to Hadmut Danisch <[email protected]>

-Version 3.04 20/04/94

-	Added a version number to des.c and libdes.a

-Version 3.03 12/01/94

-	Fixed a bug in non zero iv in 3cbc_enc.

-Version 3.02 29/10/93

-	I now work in a place where there are 6+ architectures and 14+

-	OS versions :-).

-	Fixed TERMIO definition so the most sys V boxes will work :-)

-Release upon comp.sources.misc

-Version 3.01 08/10/93

-	Added des_3cbc_encrypt()

-Version 3.00 07/10/93

-	Fixed up documentation.

-	quad_cksum definitely compatible with MIT's now.

-Version 2.30 24/08/93

-	Triple DES now defaults to triple cbc but can do triple ecb

-	 with the -b flag.

-	Fixed some MSDOS uuen/uudecoding problems, thanks to

-	Added prototypes.

-Version 2.22 29/06/93

-	Fixed a bug in des_is_weak_key() which stopped it working :-(

-	thanks to [email protected].

-Version 2.21 03/06/93

-	des(1) with no arguments gives quite a bit of help.

-	Added -c (generate ckecksum) flag to des(1).

-	Added -3 (triple DES) flag to des(1).

-	Added cfb and ofb routines to the library.

-Version 2.20 11/03/93

-	Added -u (uuencode) flag to des(1).

-	I have been playing with byte order in quad_cksum to make it

-	 compatible with MIT's version.  All I can say is avid this

-	 function if possible since MIT's output is endian dependent.

-Version 2.12 14/10/92

-	Added MSDOS specific macro in ecb_encrypt which gives a %70

-	 speed up when the code is compiled with turbo C.

-Version 2.11 12/10/92

-	Speedup in set_key (recoding of PC-1)

-	 I now do it in 47 simple operations, down from 60.

-	 Thanks to John Fletcher ([email protected])

-	 for motivating me to look for a faster system :-)

-	 The speedup is probably less that 1% but it is still 13

-	 instructions less :-).

-Version 2.10 06/10/92

-	The code now works on the 64bit ETA10 and CRAY without modifications or

-	 #defines.  I believe the code should work on any machine that

-	 defines long, int or short to be 8 bytes long.

-	Thanks to Shabbir J. Safdar ([email protected])

-	 for helping me fix the code to run on 64bit machines (he had

-	 access to an ETA10).

-	Thanks also to John Fletcher <[email protected]>

-	 for testing the routines on a CRAY.

-	read_password.c has been renamed to read_passwd.c

-	string_to_key.c has been renamed to string2key.c

-Version 2.00 14/09/92

-	Made mods so that the library should work on 64bit CPU's.

-	Removed all my uchar and ulong defs.  To many different

-	 versions of unix define them in their header files in too many

-	 different combinations :-)

-	IRIX - Sillicon Graphics mods (mostly in read_password.c).

-	 Thanks to Andrew Daviel ([email protected])

-Version 1.99 26/08/92

-	Fixed a bug or 2 in enc_read.c

-	Fixed a bug in enc_write.c

-	Fixed a pseudo bug in fcrypt.c (very obscure).

-Version 1.98 31/07/92

-	Support for the ETA10.  This is a strange machine that defines

-	longs and ints as 8 bytes and shorts as 4 bytes.

-	Since I do evil things with long * that assume that they are 4

-	bytes.  Look in the Makefile for the option to compile for

-	this machine.  quad_cksum appears to have problems but I

-	will don't have the time to fix it right now, and this is not

-	a function that uses DES and so will not effect the main uses

-	of the library.

-Version 1.97 20/05/92 eay

-	Fixed the Imakefile and made some changes to des.h to fix some

-	problems when building this package with Kerberos v 4.

-Version 1.96 18/05/92 eay

-	Fixed a small bug in string_to_key() where problems could

-	occur if des_check_key was set to true and the string

-	generated a weak key.

-Patch2 posted to comp.sources.misc

-Version 1.95 13/05/92 eay

-	Added an alternative version of the D_ENCRYPT macro in

-	ecb_encrypt and fcrypt.  Depending on the compiler, one version or the

-	other will be faster.  This was inspired by

-	Dana How <[email protected]>, and her pointers about doing the

-	*(ulong *)((uchar *)ptr+(value&0xfc))

-	vs

-	ptr[value&0x3f]

-	to stop the C compiler doing a <<2 to convert the long array index.

-Version 1.94 05/05/92 eay

-	Fixed an incompatibility between my string_to_key and the MIT

-	 version.  When the key is longer than 8 chars, I was wrapping

-	 with a different method.  To use the old version, define

-	 OLD_STR_TO_KEY in the makefile.  Thanks to

-	 [email protected] (Viktor Dukhovni).

-Version 1.93 28/04/92 eay

-	Fixed the VMS mods so that echo is now turned off in

-	 read_password.  Thanks again to [email protected].

-	MSDOS support added.  The routines can be compiled with

-	 Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.

-Patch1 posted to comp.sources.misc

-Version 1.92 13/04/92 eay

-	Changed D_ENCRYPT so that the rotation of R occurs outside of

-	 the loop.  This required rotating all the longs in sp.h (now

-	 called spr.h). Thanks to Richard Outerbridge <[email protected]>

-	speed.c has been changed so it will work without SIGALRM.  If

-	 times(3) is not present it will try to use ftime() instead.

-Version 1.91 08/04/92 eay

-	Added -E/-D options to des(1) so it can use string_to_key.

-	Added SVR4 mods suggested by [email protected]

-	Added VMS mods suggested by [email protected].  If

-	anyone knows how to turn of tty echo in VMS please tell me or

-	implement it yourself :-).

-	Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS

-	does not like IN/OUT being used.

-Libdes posted to comp.sources.misc

-Version 1.9 24/03/92 eay

-	Now contains a fast small crypt replacement.

-	Added des(1) command.

-	Added des_rw_mode so people can use cbc encryption with

-	enc_read and enc_write.

-Version 1.8 15/10/91 eay

-	Bug in cbc_cksum.

-	Many thanks to Keith Reynolds ([email protected]) for pointing this

-	one out.

-Version 1.7 24/09/91 eay

-	Fixed set_key :-)

-	set_key is 4 times faster and takes less space.

-	There are a few minor changes that could be made.

-Version 1.6 19/09/1991 eay

-	Finally go IP and FP finished.

-	Now I need to fix set_key.

-	This version is quite a bit faster that 1.51

-Version 1.52 15/06/1991 eay

-	20% speedup in ecb_encrypt by changing the E bit selection

-	to use 2 32bit words.  This also required modification of the

-	sp table.  There is still a way to speedup the IP and IP-1

-	(hints from [email protected]) still working on this one :-(.

-Version 1.51 07/06/1991 eay

-	Faster des_encrypt by loop unrolling

-	Fixed bug in quad_cksum.c (thanks to [email protected])

-Version 1.50 28/05/1991 eay

-	Optimised the code a bit more for the sparc.  I have improved the

-	speed of the inner des_encrypt by speeding up the initial and

-	final permutations.

-Version 1.40 23/10/1990 eay

-	Fixed des_random_key, it did not produce a random key :-(

-Version 1.30  2/10/1990 eay

-	Have made des_quad_cksum the same as MIT's, the full package

-	should be compatible with MIT's

-	Have tested on a DECstation 3100

-	Still need to fix des_set_key (make it faster).

-	Does des_cbc_encrypts at 70.5k/sec on a 3100.

-Version 1.20 18/09/1990 eay

-	Fixed byte order dependencies.

-	Fixed (I hope) all the word alignment problems.

-	Speedup in des_ecb_encrypt.

-Version 1.10 11/09/1990 eay

-	Added des_enc_read and des_enc_write.

-	Still need to fix des_quad_cksum.

-	Still need to document des_enc_read and des_enc_write.

-Version 1.00 27/08/1990 eay

--- a/sys/src/ape/lib/openssl/crypto/des/asm/crypt586.pl

+++ /dev/null

@@ -1,208 +1,0 @@

-#!/usr/local/bin/perl

-#

-# The inner loop instruction sequence and the IP/FP modifications are from

-# Svend Olaf Mikkelsen <[email protected]>

-# I've added the stuff needed for crypt() but I've not worried about making

-# things perfect.

-#

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],"crypt586.pl");

-$L="edi";

-$R="esi";

-&external_label("DES_SPtrans");

-&fcrypt_body("fcrypt_body");

-&asm_finish();

-sub fcrypt_body

-	{

-	local($name,$do_ip)=@_;

-	&function_begin($name,"EXTRN   _DES_SPtrans:DWORD");

-	&comment("");

-	&comment("Load the 2 words");

-	$trans="ebp";

-	&xor(	$L,	$L);

-	&xor(	$R,	$R);

-	# PIC-ification:-)

-	&picmeup("edx","DES_SPtrans");

-	#if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }

-	#else		{ &lea("edx",&DWP("DES_SPtrans")); }

-	&push("edx");	# becomes &swtmp(1)

-	#

-	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT

-	&push(&DWC(25)); # add a variable

-	&set_label("start");

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");

-		}

-	 &mov("ebx",	&swtmp(0));

-	&mov("eax",	$L);

-	 &dec("ebx");

-	&mov($L,	$R);

-	 &mov($R,	"eax");

-	&mov(&swtmp(0),	"ebx");

-	 &jnz(&label("start"));

-	&comment("");

-	&comment("FP");

-	&mov("edx",&wparam(0));

-	&FP_new($R,$L,"eax",3);

-	&mov(&DWP(0,"edx","",0),"eax");

-	&mov(&DWP(4,"edx","",0),$L);

-	&add("esp",8);	# remove variables

-	&function_end($name);

-	}

-sub D_ENCRYPT

-	{

-	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;

-	&mov(	$u,		&wparam(2));			# 2

-	&mov(	$t,		$R);

-	&shr(	$t,		16);				# 1

-	&mov(	$tmp2,		&wparam(3));			# 2

-	&xor(	$t,		$R);				# 1

-	&and(	$u,		$t);				# 2

-	&and(	$t,		$tmp2);				# 2

-	&mov(	$tmp1,		$u);

-	&shl(	$tmp1,		16); 				# 1

-	&mov(	$tmp2,		$t);

-	&shl(	$tmp2,		16); 				# 1

-	&xor(	$u,		$tmp1);				# 2

-	&xor(	$t,		$tmp2);				# 2

-	&mov(	$tmp1,		&DWP(&n2a($S*4),$trans,"",0));	# 2

-	&xor(	$u,		$tmp1);

-	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$trans,"",0));	# 2

-	&xor(	$u,		$R);

-	&xor(	$t,		$R);

-	&xor(	$t,		$tmp2);

-	&and(	$u,		"0xfcfcfcfc"	);		# 2

-	&xor(	$tmp1,		$tmp1);				# 1

-	&and(	$t,		"0xcfcfcfcf"	);		# 2

-	&xor(	$tmp2,		$tmp2);

-	&movb(	&LB($tmp1),	&LB($u)	);

-	&movb(	&LB($tmp2),	&HB($u)	);

-	&rotr(	$t,		4		);

-	&mov(	$trans,		&swtmp(1));

-	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));

-	&movb(	&LB($tmp1),	&LB($t)	);

-	&xor(	$L,		&DWP("0x200",$trans,$tmp2,0));

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&shr(	$u,		16);

-	&xor(	$L,		&DWP("0x100",$trans,$tmp1,0));

-	&movb(	&LB($tmp1),	&HB($u)	);

-	&shr(	$t,		16);

-	&xor(	$L,		&DWP("0x300",$trans,$tmp2,0));

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&and(	$u,		"0xff"	);

-	&and(	$t,		"0xff"	);

-	&mov(	$tmp1,		&DWP("0x600",$trans,$tmp1,0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x700",$trans,$tmp2,0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x400",$trans,$u,0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x500",$trans,$t,0));

-	&xor(	$L,		$tmp1);

-	&mov(	$trans,		&wparam(1));

-	}

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

-# now has a side affect of rotating $a by $shift

-sub R_PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask,$last)=@_;

-	&rotl(	$a,		$shift		) if ($shift != 0);

-	&mov(	$tt,		$a		);

-	&xor(	$a,		$b		);

-	&and(	$a,		$mask		);

-	if ($notlast eq $b)

-		{

-		&xor(	$b,		$a		);

-		&xor(	$tt,		$a		);

-		}

-	else

-		{

-		&xor(	$tt,		$a		);

-		&xor(	$b,		$a		);

-		}

-	&comment("");

-	}

-sub IP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);

-	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);

-	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotr($tt,	3-$lr); }

-		else	{ &rotl($tt,	$lr-3); }

-		}

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotr($r,	2-$lr); }

-		else	{ &rotl($r,	$lr-2); }

-		}

-	}

-sub FP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotl($r,	2-$lr); }

-		else	{ &rotr($r,	$lr-2); }

-		}

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotl($l,	3-$lr); }

-		else	{ &rotr($l,	$lr-3); }

-		}

-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);

-	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);

-	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);

-	&rotr($tt	, 4);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/asm/des-586.pl

+++ /dev/null

@@ -1,251 +1,0 @@

-#!/usr/local/bin/perl

-#

-# The inner loop instruction sequence and the IP/FP modifications are from

-# Svend Olaf Mikkelsen <[email protected]>

-#

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-require "cbc.pl";

-require "desboth.pl";

-# base code is in microsft

-# op dest, source

-# format.

-#

-&asm_init($ARGV[0],"des-586.pl");

-$L="edi";

-$R="esi";

-&external_label("DES_SPtrans");

-&DES_encrypt("DES_encrypt1",1);

-&DES_encrypt("DES_encrypt2",0);

-&DES_encrypt3("DES_encrypt3",1);

-&DES_encrypt3("DES_decrypt3",0);

-&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);

-&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);

-&asm_finish();

-sub DES_encrypt

-	{

-	local($name,$do_ip)=@_;

-	&function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");

-	&push("esi");

-	&push("edi");

-	&comment("");

-	&comment("Load the 2 words");

-	$trans="ebp";

-	if ($do_ip)

-		{

-		&mov($R,&wparam(0));

-		 &xor(	"ecx",		"ecx"		);

-		&push("ebx");

-		&push("ebp");

-		&mov("eax",&DWP(0,$R,"",0));

-		 &mov("ebx",&wparam(2));	# get encrypt flag

-		&mov($L,&DWP(4,$R,"",0));

-		&comment("");

-		&comment("IP");

-		&IP_new("eax",$L,$R,3);

-		}

-	else

-		{

-		&mov("eax",&wparam(0));

-		 &xor(	"ecx",		"ecx"		);

-		&push("ebx");

-		&push("ebp");

-		&mov($R,&DWP(0,"eax","",0));

-		 &mov("ebx",&wparam(2));	# get encrypt flag

-		&rotl($R,3);

-		&mov($L,&DWP(4,"eax","",0));

-		&rotl($L,3);

-		}

-	# PIC-ification:-)

-	&picmeup($trans,"DES_SPtrans");

-	#if ($cpp)	{ &picmeup($trans,"DES_SPtrans");   }

-	#else		{ &lea($trans,&DWP("DES_SPtrans")); }

-	&mov(	"ecx",	&wparam(1)	);

-	&cmp("ebx","0");

-	&je(&label("start_decrypt"));

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");

-		}

-	&jmp(&label("end"));

-	&set_label("start_decrypt");

-	for ($i=15; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx");

-		}

-	&set_label("end");

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("FP");

-		&mov("edx",&wparam(0));

-		&FP_new($L,$R,"eax",3);

-		&mov(&DWP(0,"edx","",0),"eax");

-		&mov(&DWP(4,"edx","",0),$R);

-		}

-	else

-		{

-		&comment("");

-		&comment("Fixup");

-		&rotr($L,3);		# r

-		 &mov("eax",&wparam(0));

-		&rotr($R,3);		# l

-		 &mov(&DWP(0,"eax","",0),$L);

-		 &mov(&DWP(4,"eax","",0),$R);

-		}

-	&pop("ebp");

-	&pop("ebx");

-	&pop("edi");

-	&pop("esi");

-	&ret();

-	&function_end_B($name);

-	}

-sub D_ENCRYPT

-	{

-	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;

-	 &mov(	$u,		&DWP(&n2a($S*4),$tmp2,"",0));

-	&xor(	$tmp1,		$tmp1);

-	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$tmp2,"",0));

-	&xor(	$u,		$R);

-	&xor(	$tmp2,		$tmp2);

-	 &xor(	$t,		$R);

-	&and(	$u,		"0xfcfcfcfc"	);

-	 &and(	$t,		"0xcfcfcfcf"	);

-	&movb(	&LB($tmp1),	&LB($u)	);

-	 &movb(	&LB($tmp2),	&HB($u)	);

-	&rotr(	$t,		4		);

-	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));

-	 &movb(	&LB($tmp1),	&LB($t)	);

-	 &xor(	$L,		&DWP("0x200",$trans,$tmp2,0));

-	 &movb(	&LB($tmp2),	&HB($t)	);

-	&shr(	$u,		16);

-	 &xor(	$L,		&DWP("0x100",$trans,$tmp1,0));

-	 &movb(	&LB($tmp1),	&HB($u)	);

-	&shr(	$t,		16);

-	 &xor(	$L,		&DWP("0x300",$trans,$tmp2,0));

-	&movb(	&LB($tmp2),	&HB($t)	);

-	 &and(	$u,		"0xff"	);

-	&and(	$t,		"0xff"	);

-	 &xor(	$L,		&DWP("0x600",$trans,$tmp1,0));

-	 &xor(	$L,		&DWP("0x700",$trans,$tmp2,0));

-	&mov(	$tmp2,		&wparam(1)	);

-	 &xor(	$L,		&DWP("0x400",$trans,$u,0));

-	 &xor(	$L,		&DWP("0x500",$trans,$t,0));

-	}

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

-# now has a side affect of rotating $a by $shift

-sub R_PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask,$last)=@_;

-	&rotl(	$a,		$shift		) if ($shift != 0);

-	&mov(	$tt,		$a		);

-	&xor(	$a,		$b		);

-	&and(	$a,		$mask		);

-	# This can never succeed, and besides it is difficult to see what the

-	# idea was - Ben 13 Feb 99

-	if (!$last eq $b)

-		{

-		&xor(	$b,		$a		);

-		&xor(	$tt,		$a		);

-		}

-	else

-		{

-		&xor(	$tt,		$a		);

-		&xor(	$b,		$a		);

-		}

-	&comment("");

-	}

-sub IP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);

-	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);

-	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotr($tt,	3-$lr); }

-		else	{ &rotl($tt,	$lr-3); }

-		}

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotr($r,	2-$lr); }

-		else	{ &rotl($r,	$lr-2); }

-		}

-	}

-sub FP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotl($r,	2-$lr); }

-		else	{ &rotr($r,	$lr-2); }

-		}

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotl($l,	3-$lr); }

-		else	{ &rotr($l,	$lr-3); }

-		}

-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);

-	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);

-	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);

-	&rotr($tt	, 4);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/asm/des686.pl

+++ /dev/null

@@ -1,230 +1,0 @@

-#!/usr/local/bin/perl

-$prog="des686.pl";

-# base code is in microsft

-# op dest, source

-# format.

-#

-# WILL NOT WORK ANYMORE WITH desboth.pl

-require "desboth.pl";

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif ( ($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("");

-&file("dx86xxxx");

-$L="edi";

-$R="esi";

-&DES_encrypt("DES_encrypt1",1);

-&DES_encrypt("DES_encrypt2",0);

-&DES_encrypt3("DES_encrypt3",1);

-&DES_encrypt3("DES_decrypt3",0);

-&file_end();

-sub DES_encrypt

-	{

-	local($name,$do_ip)=@_;

-	&function_begin($name,"EXTRN   _DES_SPtrans:DWORD");

-	&comment("");

-	&comment("Load the 2 words");

-	&mov("eax",&wparam(0));

-	&mov($L,&DWP(0,"eax","",0));

-	&mov($R,&DWP(4,"eax","",0));

-	$ksp=&wparam(1);

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("IP");

-		&IP_new($L,$R,"eax");

-		}

-	&comment("");

-	&comment("fixup rotate");

-	&rotl($R,3);

-	&rotl($L,3);

-	&exch($L,$R);

-	&comment("");

-	&comment("load counter, key_schedule and enc flag");

-	&mov("eax",&wparam(2));	# get encrypt flag

-	&mov("ebp",&wparam(1));	# get ks

-	&cmp("eax","0");

-	&je(&label("start_decrypt"));

-	# encrypting part

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");

-		}

-	&jmp(&label("end"));

-	&set_label("start_decrypt");

-	for ($i=15; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");

-		}

-	&set_label("end");

-	&comment("");

-	&comment("Fixup");

-	&rotr($L,3);		# r

-	&rotr($R,3);		# l

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("FP");

-		&FP_new($R,$L,"eax");

-		}

-	&mov("eax",&wparam(0));

-	&mov(&DWP(0,"eax","",0),$L);

-	&mov(&DWP(4,"eax","",0),$R);

-	&function_end($name);

-	}

-# The logic is to load R into 2 registers and operate on both at the same time.

-# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'

-# while also masking the other copy and doing a lookup.  We then also accumulate the

-# L value in 2 registers then combine them at the end.

-sub D_ENCRYPT

-	{

-	local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;

-	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));

-	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));

-	&xor(	$u,		$R		);

-	&xor(	$t,		$R		);

-	&rotr(	$t,		4		);

-	# the numbers at the end of the line are origional instruction order

-	&mov(	$tmp2,		$u		);			# 1 2

-	&mov(	$tmp1,		$t		);			# 1 1

-	&and(	$tmp2,		"0xfc"		);			# 1 4

-	&and(	$tmp1,		"0xfc"		);			# 1 3

-	&shr(	$t,		8		);			# 1 5

-	&xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));	# 1 7

-	&shr(	$u,		8		);			# 1 6

-	&mov(	$tmp1,		&DWP("      $desSP",$tmp2,"",0));	# 1 8

-	&mov(	$tmp2,		$u		);			# 2 2

-	&xor(	$L,		$tmp1		);			# 1 9

-	&and(	$tmp2,		"0xfc"		);			# 2 4

-	&mov(	$tmp1,		$t		);			# 2 1

-	&and(	$tmp1,		"0xfc"		);			# 2 3

-	&shr(	$t,		8		);			# 2 5

-	&xor(	$L,		&DWP("0x300+$desSP",$tmp1,"",0));	# 2 7

-	&shr(	$u,		8		);			# 2 6

-	&mov(	$tmp1,		&DWP("0x200+$desSP",$tmp2,"",0));	# 2 8

-	&mov(	$tmp2,		$u		);			# 3 2

-	&xor(	$L,		$tmp1		);			# 2 9

-	&and(	$tmp2,		"0xfc"		);			# 3 4

-	&mov(	$tmp1,		$t		);			# 3 1

-	&shr(	$u,		8		);			# 3 6

-	&and(	$tmp1,		"0xfc"		);			# 3 3

-	&shr(	$t,		8		);			# 3 5

-	&xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));	# 3 7

-	&mov(	$tmp1,		&DWP("0x400+$desSP",$tmp2,"",0));	# 3 8

-	&and(	$t,		"0xfc"		);			# 4 1

-	&xor(	$L,		$tmp1		);			# 3 9

-	&and(	$u,		"0xfc"		);			# 4 2

-	&xor(	$L,		&DWP("0x700+$desSP",$t,"",0));		# 4 3

-	&xor(	$L,		&DWP("0x600+$desSP",$u,"",0));		# 4 4

-	}

-sub PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask)=@_;

-	&mov(	$tt,		$a		);

-	&shr(	$tt,		$shift		);

-	&xor(	$tt,		$b		);

-	&and(	$tt,		$mask		);

-	&xor(	$b,		$tt		);

-	&shl(	$tt,		$shift		);

-	&xor(	$a,		$tt		);

-	}

-sub IP_new

-	{

-	local($l,$r,$tt)=@_;

-	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");

-	&PERM_OP($l,$r,$tt,16,"0x0000ffff");

-	&PERM_OP($r,$l,$tt, 2,"0x33333333");

-	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");

-	&PERM_OP($r,$l,$tt, 1,"0x55555555");

-	}

-sub FP_new

-	{

-	local($l,$r,$tt)=@_;

-	&PERM_OP($l,$r,$tt, 1,"0x55555555");

-        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");

-        &PERM_OP($l,$r,$tt, 2,"0x33333333");

-        &PERM_OP($r,$l,$tt,16,"0x0000ffff");

-        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");

-	}

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/asm/des_enc.m4

+++ /dev/null

@@ -1,1980 +1,0 @@

-!  des_enc.m4

-!  des_enc.S  (generated from des_enc.m4)

-!

-!  UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file.

-!

-!  Version 1.0. 32-bit version.

-!

-!  June 8, 2000.

-!

-!  Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation

-!		by Andy Polyakov.

-!

-!  January 1, 2003.

-!

-!  Assembler version: Copyright Svend Olaf Mikkelsen.

-!

-!  Original C code: Copyright Eric A. Young.

-!

-!  This code can be freely used by LibDES/SSLeay/OpenSSL users.

-!

-!  The LibDES/SSLeay/OpenSSL copyright notices must be respected.

-!

-!  This version can be redistributed.

-!

-!  To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S

-!

-!  Global registers 1 to 5 are used. This is the same as done by the

-!  cc compiler. The UltraSPARC load/store little endian feature is used.

-!

-!  Instruction grouping often refers to one CPU cycle.

-!

-!  Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S

-!

-!  Assemble through cc:  cc -c -xarch=v8plusa -o des_enc.o des_enc.S

-!

-!  Performance improvement according to './apps/openssl speed des'

-!

-!	32-bit build:

-!		23%  faster than cc-5.2 -xarch=v8plus -xO5

-!		115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5

-!	64-bit build:

-!		50%  faster than cc-5.2 -xarch=v9 -xO5

-!		100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5

-!

-.ident "des_enc.m4 2.1"

-#if defined(__SUNPRO_C) && defined(__sparcv9)

-# define ABI64  /* They've said -xarch=v9 at command line */

-#elif defined(__GNUC__) && defined(__arch64__)

-# define ABI64  /* They've said -m64 at command line */

-#endif

-#ifdef ABI64

-  .register	%g2,#scratch

-  .register	%g3,#scratch

-# define	FRAME	-192

-# define	BIAS	2047

-# define	LDPTR	ldx

-# define	STPTR	stx

-# define	ARG0	128

-# define	ARGSZ	8

-# ifndef OPENSSL_SYSNAME_ULTRASPARC

-# define OPENSSL_SYSNAME_ULTRASPARC

-# endif

-#else

-# define	FRAME	-96

-# define	BIAS	0

-# define	LDPTR	ld

-# define	STPTR	st

-# define	ARG0	68

-# define	ARGSZ	4

-#endif

-#define LOOPS 7

-#define global0 %g0

-#define global1 %g1

-#define global2 %g2

-#define global3 %g3

-#define global4 %g4

-#define global5 %g5

-#define local0 %l0

-#define local1 %l1

-#define local2 %l2

-#define local3 %l3

-#define local4 %l4

-#define local5 %l5

-#define local7 %l6

-#define local6 %l7

-#define in0 %i0

-#define in1 %i1

-#define in2 %i2

-#define in3 %i3

-#define in4 %i4

-#define in5 %i5

-#define in6 %i6

-#define in7 %i7

-#define out0 %o0

-#define out1 %o1

-#define out2 %o2

-#define out3 %o3

-#define out4 %o4

-#define out5 %o5

-#define out6 %o6

-#define out7 %o7

-#define stub stb

-changequote({,})

-! Macro definitions:

-! {ip_macro}

-!

-! The logic used in initial and final permutations is the same as in

-! the C code. The permutations are done with a clever shift, xor, and

-! technique.

-!

-! The macro also loads address sbox 1 to 5 to global 1 to 5, address

-! sbox 6 to local6, and addres sbox 8 to out3.

-!

-! Rotates the halfs 3 left to bring the sbox bits in convenient positions.

-!

-! Loads key first round from address in parameter 5 to out0, out1.

-!

-! After the the original LibDES initial permutation, the resulting left

-! is in the variable initially used for right and vice versa. The macro

-! implements the possibility to keep the halfs in the original registers.

-!

-! parameter 1  left

-! parameter 2  right

-! parameter 3  result left (modify in first round)

-! parameter 4  result right (use in first round)

-! parameter 5  key address

-! parameter 6  1/2 for include encryption/decryption

-! parameter 7  1 for move in1 to in3

-! parameter 8  1 for move in3 to in4, 2 for move in4 to in3

-! parameter 9  1 for load ks3 and ks2 to in4 and in3

-define(ip_macro, {

-! {ip_macro}

-! $1 $2 $4 $3 $5 $6 $7 $8 $9

-	ld	[out2+256], local1

-	srl	$2, 4, local4

-	xor	local4, $1, local4

-	ifelse($7,1,{mov in1, in3},{nop})

-	ld	[out2+260], local2

-	and	local4, local1, local4

-	ifelse($8,1,{mov in3, in4},{})

-	ifelse($8,2,{mov in4, in3},{})

-	ld	[out2+280], out4          ! loop counter

-	sll	local4, 4, local1

-	xor	$1, local4, $1

-	ld	[out2+264], local3

-	srl	$1, 16, local4

-	xor	$2, local1, $2

-	ifelse($9,1,{LDPTR	KS3, in4},{})

-	xor	local4, $2, local4

-	nop	!sethi	%hi(DES_SPtrans), global1 ! sbox addr

-	ifelse($9,1,{LDPTR	KS2, in3},{})

-	and	local4, local2, local4

-	nop	!or	global1, %lo(DES_SPtrans), global1   ! sbox addr

-	sll	local4, 16, local1

-	xor	$2, local4, $2

-	srl	$2, 2, local4

-	xor	$1, local1, $1

-	sethi	%hi(16711680), local5

-	xor	local4, $1, local4

-	and	local4, local3, local4

-	or	local5, 255, local5

-	sll	local4, 2, local2

-	xor	$1, local4, $1

-	srl	$1, 8, local4

-	xor	$2, local2, $2

-	xor	local4, $2, local4

-	add	global1, 768, global4

-	and	local4, local5, local4

-	add	global1, 1024, global5

-	ld	[out2+272], local7

-	sll	local4, 8, local1

-	xor	$2, local4, $2

-	srl	$2, 1, local4

-	xor	$1, local1, $1

-	ld	[$5], out0                ! key 7531

-	xor	local4, $1, local4

-	add	global1, 256, global2

-	ld	[$5+4], out1              ! key 8642

-	and	local4, local7, local4

-	add	global1, 512, global3

-	sll	local4, 1, local1

-	xor	$1, local4, $1

-	sll	$1, 3, local3

-	xor	$2, local1, $2

-	sll	$2, 3, local2

-	add	global1, 1280, local6     ! address sbox 8

-	srl	$1, 29, local4

-	add	global1, 1792, out3       ! address sbox 8

-	srl	$2, 29, local1

-	or	local4, local3, $4

-	or	local2, local1, $3

-	ifelse($6, 1, {

-		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds

-		or	local2, local1, $3

-		xor	$4, out0, local1

-		call .des_enc.1

-		and	local1, 252, local1

-	},{})

-	ifelse($6, 2, {

-		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds

-		or	local2, local1, $3

-		xor	$4, out0, local1

-		call .des_dec.1

-		and	local1, 252, local1

-	},{})

-})

-! {rounds_macro}

-!

-! The logic used in the DES rounds is the same as in the C code,

-! except that calculations for sbox 1 and sbox 5 begin before

-! the previous round is finished.

-!

-! In each round one half (work) is modified based on key and the

-! other half (use).

-!

-! In this version we do two rounds in a loop repeated 7 times

-! and two rounds seperately.

-!

-! One half has the bits for the sboxes in the following positions:

-!

-!	777777xx555555xx333333xx111111xx

-!

-!	88xx666666xx444444xx222222xx8888

-!

-! The bits for each sbox are xor-ed with the key bits for that box.

-! The above xx bits are cleared, and the result used for lookup in

-! the sbox table. Each sbox entry contains the 4 output bits permuted

-! into 32 bits according to the P permutation.

-!

-! In the description of DES, left and right are switched after

-! each round, except after last round. In this code the original

-! left and right are kept in the same register in all rounds, meaning

-! that after the 16 rounds the result for right is in the register

-! originally used for left.

-!

-! parameter 1  first work (left in first round)

-! parameter 2  first use (right in first round)

-! parameter 3  enc/dec  1/-1

-! parameter 4  loop label

-! parameter 5  key address register

-! parameter 6  optional address for key next encryption/decryption

-! parameter 7  not empty for include retl

-!

-! also compares in2 to 8

-define(rounds_macro, {

-! {rounds_macro}

-! $1 $2 $3 $4 $5 $6 $7 $8 $9

-	xor	$2, out0, local1

-	ld	[out2+284], local5        ! 0x0000FC00

-	ba	$4

-	and	local1, 252, local1

-	.align 32

-$4:

-	! local6 is address sbox 6

-	! out3   is address sbox 8

-	! out4   is loop counter

-	ld	[global1+local1], local1

-	xor	$2, out1, out1            ! 8642

-	xor	$2, out0, out0            ! 7531

-	fmovs	%f0, %f0                  ! fxor used for alignment

-	srl	out1, 4, local0           ! rotate 4 right

-	and	out0, local5, local3      ! 3

-	fmovs	%f0, %f0

-	ld	[$5+$3*8], local7         ! key 7531 next round

-	srl	local3, 8, local3         ! 3

-	and	local0, 252, local2       ! 2

-	fmovs	%f0, %f0

-	ld	[global3+local3],local3   ! 3

-	sll	out1, 28, out1            ! rotate

-	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7

-	ld	[global2+local2], local2  ! 2

-	srl	out0, 24, local1          ! 7

-	or	out1, local0, out1        ! rotate

-	ldub	[out2+local1], local1     ! 7 (and 0xFC)

-	srl	out1, 24, local0          ! 8

-	and	out1, local5, local4      ! 4

-	ldub	[out2+local0], local0     ! 8 (and 0xFC)

-	srl	local4, 8, local4         ! 4

-	xor	$1, local2, $1            ! 2 finished local2 now sbox 6

-	ld	[global4+local4],local4   ! 4

-	srl	out1, 16, local2          ! 6

-	xor	$1, local3, $1            ! 3 finished local3 now sbox 5

-	ld	[out3+local0],local0      ! 8

-	and	local2, 252, local2       ! 6

-	add	global1, 1536, local5     ! address sbox 7

-	ld	[local6+local2], local2   ! 6

-	srl	out0, 16, local3          ! 5

-	xor	$1, local4, $1            ! 4 finished

-	ld	[local5+local1],local1    ! 7

-	and	local3, 252, local3       ! 5

-	xor	$1, local0, $1            ! 8 finished

-	ld	[global5+local3],local3   ! 5

-	xor	$1, local2, $1            ! 6 finished

-	subcc	out4, 1, out4

-	ld	[$5+$3*8+4], out0         ! key 8642 next round

-	xor	$1, local7, local2        ! sbox 5 next round

-	xor	$1, local1, $1            ! 7 finished

-	srl	local2, 16, local2        ! sbox 5 next round

-	xor	$1, local3, $1            ! 5 finished

-	ld	[$5+$3*16+4], out1        ! key 8642 next round again

-	and	local2, 252, local2       ! sbox5 next round

-! next round

-	xor	$1, local7, local7        ! 7531

-	ld	[global5+local2], local2  ! 5

-	srl	local7, 24, local3        ! 7

-	xor	$1, out0, out0            ! 8642

-	ldub	[out2+local3], local3     ! 7 (and 0xFC)

-	srl	out0, 4, local0           ! rotate 4 right

-	and	local7, 252, local1       ! 1

-	sll	out0, 28, out0            ! rotate

-	xor	$2, local2, $2            ! 5 finished local2 used

-	srl	local0, 8, local4         ! 4

-	and	local0, 252, local2       ! 2

-	ld	[local5+local3], local3   ! 7

-	srl	local0, 16, local5        ! 6

-	or	out0, local0, out0        ! rotate

-	ld	[global2+local2], local2  ! 2

-	srl	out0, 24, local0

-	ld	[$5+$3*16], out0          ! key 7531 next round

-	and	local4, 252, local4	  ! 4

-	and	local5, 252, local5       ! 6

-	ld	[global4+local4], local4  ! 4

-	xor	$2, local3, $2            ! 7 finished local3 used

-	and	local0, 252, local0       ! 8

-	ld	[local6+local5], local5   ! 6

-	xor	$2, local2, $2            ! 2 finished local2 now sbox 3

-	srl	local7, 8, local2         ! 3 start

-	ld	[out3+local0], local0     ! 8

-	xor	$2, local4, $2            ! 4 finished

-	and	local2, 252, local2       ! 3

-	ld	[global1+local1], local1  ! 1

-	xor	$2, local5, $2            ! 6 finished local5 used

-	ld	[global3+local2], local2  ! 3

-	xor	$2, local0, $2            ! 8 finished

-	add	$5, $3*16, $5             ! enc add 8, dec add -8 to key pointer

-	ld	[out2+284], local5        ! 0x0000FC00

-	xor	$2, out0, local4          ! sbox 1 next round

-	xor	$2, local1, $2            ! 1 finished

-	xor	$2, local2, $2            ! 3 finished

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bne,pt	%icc, $4

-#else

-	bne	$4

-#endif

-	and	local4, 252, local1       ! sbox 1 next round

-! two rounds more:

-	ld	[global1+local1], local1

-	xor	$2, out1, out1

-	xor	$2, out0, out0

-	srl	out1, 4, local0           ! rotate

-	and	out0, local5, local3

-	ld	[$5+$3*8], local7         ! key 7531

-	srl	local3, 8, local3

-	and	local0, 252, local2

-	ld	[global3+local3],local3

-	sll	out1, 28, out1            ! rotate

-	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7

-	ld	[global2+local2], local2

-	srl	out0, 24, local1

-	or	out1, local0, out1        ! rotate

-	ldub	[out2+local1], local1

-	srl	out1, 24, local0

-	and	out1, local5, local4

-	ldub	[out2+local0], local0

-	srl	local4, 8, local4

-	xor	$1, local2, $1            ! 2 finished local2 now sbox 6

-	ld	[global4+local4],local4

-	srl	out1, 16, local2

-	xor	$1, local3, $1            ! 3 finished local3 now sbox 5

-	ld	[out3+local0],local0

-	and	local2, 252, local2

-	add	global1, 1536, local5     ! address sbox 7

-	ld	[local6+local2], local2

-	srl	out0, 16, local3

-	xor	$1, local4, $1            ! 4 finished

-	ld	[local5+local1],local1

-	and	local3, 252, local3

-	xor	$1, local0, $1

-	ld	[global5+local3],local3

-	xor	$1, local2, $1            ! 6 finished

-	cmp	in2, 8

-	ifelse($6,{}, {}, {ld	[out2+280], out4})  ! loop counter

-	xor	$1, local7, local2        ! sbox 5 next round

-	xor	$1, local1, $1            ! 7 finished

-	ld	[$5+$3*8+4], out0

-	srl	local2, 16, local2        ! sbox 5 next round

-	xor	$1, local3, $1            ! 5 finished

-	and	local2, 252, local2

-! next round (two rounds more)

-	xor	$1, local7, local7        ! 7531

-	ld	[global5+local2], local2

-	srl	local7, 24, local3

-	xor	$1, out0, out0            ! 8642

-	ldub	[out2+local3], local3

-	srl	out0, 4, local0           ! rotate

-	and	local7, 252, local1

-	sll	out0, 28, out0            ! rotate

-	xor	$2, local2, $2            ! 5 finished local2 used

-	srl	local0, 8, local4

-	and	local0, 252, local2

-	ld	[local5+local3], local3

-	srl	local0, 16, local5

-	or	out0, local0, out0        ! rotate

-	ld	[global2+local2], local2

-	srl	out0, 24, local0

-	ifelse($6,{}, {}, {ld	[$6], out0})   ! key next encryption/decryption

-	and	local4, 252, local4

-	and	local5, 252, local5

-	ld	[global4+local4], local4

-	xor	$2, local3, $2            ! 7 finished local3 used

-	and	local0, 252, local0

-	ld	[local6+local5], local5

-	xor	$2, local2, $2            ! 2 finished local2 now sbox 3

-	srl	local7, 8, local2         ! 3 start

-	ld	[out3+local0], local0

-	xor	$2, local4, $2

-	and	local2, 252, local2

-	ld	[global1+local1], local1

-	xor	$2, local5, $2            ! 6 finished local5 used

-	ld	[global3+local2], local2

-	srl	$1, 3, local3

-	xor	$2, local0, $2

-	ifelse($6,{}, {}, {ld	[$6+4], out1}) ! key next encryption/decryption

-	sll	$1, 29, local4

-	xor	$2, local1, $2

-	ifelse($7,{}, {}, {retl})

-	xor	$2, local2, $2

-})

-! {fp_macro}

-!

-!  parameter 1   right (original left)

-!  parameter 2   left (original right)

-!  parameter 3   1 for optional store to [in0]

-!  parameter 4   1 for load input/output address to local5/7

-!

-!  The final permutation logic switches the halfes, meaning that

-!  left and right ends up the the registers originally used.

-define(fp_macro, {

-! {fp_macro}

-! $1 $2 $3 $4 $5 $6 $7 $8 $9

-	! initially undo the rotate 3 left done after initial permutation

-	! original left is received shifted 3 right and 29 left in local3/4

-	sll	$2, 29, local1

-	or	local3, local4, $1

-	srl	$2, 3, $2

-	sethi	%hi(0x55555555), local2

-	or	$2, local1, $2

-	or	local2, %lo(0x55555555), local2

-	srl	$2, 1, local3

-	sethi	%hi(0x00ff00ff), local1

-	xor	local3, $1, local3

-	or	local1, %lo(0x00ff00ff), local1

-	and	local3, local2, local3

-	sethi	%hi(0x33333333), local4

-	sll	local3, 1, local2

-	xor	$1, local3, $1

-	srl	$1, 8, local3

-	xor	$2, local2, $2

-	xor	local3, $2, local3

-	or	local4, %lo(0x33333333), local4

-	and	local3, local1, local3

-	sethi	%hi(0x0000ffff), local1

-	sll	local3, 8, local2

-	xor	$2, local3, $2

-	srl	$2, 2, local3

-	xor	$1, local2, $1

-	xor	local3, $1, local3

-	or	local1, %lo(0x0000ffff), local1

-	and	local3, local4, local3

-	sethi	%hi(0x0f0f0f0f), local4

-	sll	local3, 2, local2

-	ifelse($4,1, {LDPTR INPUT, local5})

-	xor	$1, local3, $1

-	ifelse($4,1, {LDPTR OUTPUT, local7})

-	srl	$1, 16, local3

-	xor	$2, local2, $2

-	xor	local3, $2, local3

-	or	local4, %lo(0x0f0f0f0f), local4

-	and	local3, local1, local3

-	sll	local3, 16, local2

-	xor	$2, local3, local1

-	srl	local1, 4, local3

-	xor	$1, local2, $1

-	xor	local3, $1, local3

-	and	local3, local4, local3

-	sll	local3, 4, local2

-	xor	$1, local3, $1

-	! optional store:

-	ifelse($3,1, {st $1, [in0]})

-	xor	local1, local2, $2

-	ifelse($3,1, {st $2, [in0+4]})

-})

-! {fp_ip_macro}

-!

-! Does initial permutation for next block mixed with

-! final permutation for current block.

-!

-! parameter 1   original left

-! parameter 2   original right

-! parameter 3   left ip

-! parameter 4   right ip

-! parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4

-!                2: mov in4 to in3

-!

-! also adds -8 to length in2 and loads loop counter to out4

-define(fp_ip_macro, {

-! {fp_ip_macro}

-! $1 $2 $3 $4 $5 $6 $7 $8 $9

-	define({temp1},{out4})

-	define({temp2},{local3})

-	define({ip1},{local1})

-	define({ip2},{local2})

-	define({ip4},{local4})

-	define({ip5},{local5})

-	! $1 in local3, local4

-	ld	[out2+256], ip1

-	sll	out5, 29, temp1

-	or	local3, local4, $1

-	srl	out5, 3, $2

-	ifelse($5,2,{mov in4, in3})

-	ld	[out2+272], ip5

-	srl	$4, 4, local0

-	or	$2, temp1, $2

-	srl	$2, 1, temp1

-	xor	temp1, $1, temp1

-	and	temp1, ip5, temp1

-	xor	local0, $3, local0

-	sll	temp1, 1, temp2

-	xor	$1, temp1, $1

-	and	local0, ip1, local0

-	add	in2, -8, in2

-	sll	local0, 4, local7

-	xor	$3, local0, $3

-	ld	[out2+268], ip4

-	srl	$1, 8, temp1

-	xor	$2, temp2, $2

-	ld	[out2+260], ip2

-	srl	$3, 16, local0

-	xor	$4, local7, $4

-	xor	temp1, $2, temp1

-	xor	local0, $4, local0

-	and	temp1, ip4, temp1

-	and	local0, ip2, local0

-	sll	temp1, 8, temp2

-	xor	$2, temp1, $2

-	sll	local0, 16, local7

-	xor	$4, local0, $4

-	srl	$2, 2, temp1

-	xor	$1, temp2, $1

-	ld	[out2+264], temp2         ! ip3

-	srl	$4, 2, local0

-	xor	$3, local7, $3

-	xor	temp1, $1, temp1

-	xor	local0, $3, local0

-	and	temp1, temp2, temp1

-	and	local0, temp2, local0

-	sll	temp1, 2, temp2

-	xor	$1, temp1, $1

-	sll	local0, 2, local7

-	xor	$3, local0, $3

-	srl	$1, 16, temp1

-	xor	$2, temp2, $2

-	srl	$3, 8, local0

-	xor	$4, local7, $4

-	xor	temp1, $2, temp1

-	xor	local0, $4, local0

-	and	temp1, ip2, temp1

-	and	local0, ip4, local0

-	sll	temp1, 16, temp2

-	xor	$2, temp1, local4

-	sll	local0, 8, local7

-	xor	$4, local0, $4

-	srl	$4, 1, local0

-	xor	$3, local7, $3

-	srl	local4, 4, temp1

-	xor	local0, $3, local0

-	xor	$1, temp2, $1

-	and	local0, ip5, local0

-	sll	local0, 1, local7

-	xor	temp1, $1, temp1

-	xor	$3, local0, $3

-	xor	$4, local7, $4

-	sll	$3, 3, local5

-	and	temp1, ip1, temp1

-	sll	temp1, 4, temp2

-	xor	$1, temp1, $1

-	ifelse($5,1,{LDPTR	KS2, in4})

-	sll	$4, 3, local2

-	xor	local4, temp2, $2

-	! reload since used as temporar:

-	ld	[out2+280], out4          ! loop counter

-	srl	$3, 29, local0

-	ifelse($5,1,{add in4, 120, in4})

-	ifelse($5,1,{LDPTR	KS1, in3})

-	srl	$4, 29, local7

-	or	local0, local5, $4

-	or	local2, local7, $3

-})

-! {load_little_endian}

-!

-! parameter 1  address

-! parameter 2  destination left

-! parameter 3  destination right

-! parameter 4  temporar

-! parameter 5  label

-define(load_little_endian, {

-! {load_little_endian}

-! $1 $2 $3 $4 $5 $6 $7 $8 $9

-	! first in memory to rightmost in register

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	andcc	$1, 3, global0

-	bne,pn	%icc, $5

-	nop

-	lda	[$1] 0x88, $2

-	add	$1, 4, $4

-	ba,pt	%icc, $5a

-	lda	[$4] 0x88, $3

-#endif

-$5:

-	ldub	[$1+3], $2

-	ldub	[$1+2], $4

-	sll	$2, 8, $2

-	or	$2, $4, $2

-	ldub	[$1+1], $4

-	sll	$2, 8, $2

-	or	$2, $4, $2

-	ldub	[$1+0], $4

-	sll	$2, 8, $2

-	or	$2, $4, $2

-	ldub	[$1+3+4], $3

-	ldub	[$1+2+4], $4

-	sll	$3, 8, $3

-	or	$3, $4, $3

-	ldub	[$1+1+4], $4

-	sll	$3, 8, $3

-	or	$3, $4, $3

-	ldub	[$1+0+4], $4

-	sll	$3, 8, $3

-	or	$3, $4, $3

-$5a:

-})

-! {load_little_endian_inc}

-!

-! parameter 1  address

-! parameter 2  destination left

-! parameter 3  destination right

-! parameter 4  temporar

-! parameter 4  label

-!

-! adds 8 to address

-define(load_little_endian_inc, {

-! {load_little_endian_inc}

-! $1 $2 $3 $4 $5 $6 $7 $8 $9

-	! first in memory to rightmost in register

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	andcc	$1, 3, global0

-	bne,pn	%icc, $5

-	nop

-	lda	[$1] 0x88, $2

-	add	$1, 4, $1

-	lda	[$1] 0x88, $3

-	ba,pt	%icc, $5a

-	add	$1, 4, $1

-#endif

-$5:

-	ldub	[$1+3], $2

-	ldub	[$1+2], $4

-	sll	$2, 8, $2

-	or	$2, $4, $2

-	ldub	[$1+1], $4

-	sll	$2, 8, $2

-	or	$2, $4, $2

-	ldub	[$1+0], $4

-	sll	$2, 8, $2

-	or	$2, $4, $2

-	ldub	[$1+3+4], $3

-	add	$1, 8, $1

-	ldub	[$1+2+4-8], $4

-	sll	$3, 8, $3

-	or	$3, $4, $3

-	ldub	[$1+1+4-8], $4

-	sll	$3, 8, $3

-	or	$3, $4, $3

-	ldub	[$1+0+4-8], $4

-	sll	$3, 8, $3

-	or	$3, $4, $3

-$5a:

-})

-! {load_n_bytes}

-!

-! Loads 1 to 7 bytes little endian

-! Remaining bytes are zeroed.

-!

-! parameter 1  address

-! parameter 2  length

-! parameter 3  destination register left

-! parameter 4  destination register right

-! parameter 5  temp

-! parameter 6  temp2

-! parameter 7  label

-! parameter 8  return label

-define(load_n_bytes, {

-! {load_n_bytes}

-! $1 $2 $5 $6 $7 $8 $7 $8 $9

-$7.0:	call	.+8

-	sll	$2, 2, $6

-	add	%o7,$7.jmp.table-$7.0,$5

-	add	$5, $6, $5

-	mov	0, $4

-	ld	[$5], $5

-	jmp	%o7+$5

-	mov	0, $3

-$7.7:

-	ldub	[$1+6], $5

-	sll	$5, 16, $5

-	or	$3, $5, $3

-$7.6:

-	ldub	[$1+5], $5

-	sll	$5, 8, $5

-	or	$3, $5, $3

-$7.5:

-	ldub	[$1+4], $5

-	or	$3, $5, $3

-$7.4:

-	ldub	[$1+3], $5

-	sll	$5, 24, $5

-	or	$4, $5, $4

-$7.3:

-	ldub	[$1+2], $5

-	sll	$5, 16, $5

-	or	$4, $5, $4

-$7.2:

-	ldub	[$1+1], $5

-	sll	$5, 8, $5

-	or	$4, $5, $4

-$7.1:

-	ldub	[$1+0], $5

-	ba	$8

-	or	$4, $5, $4

-	.align 4

-$7.jmp.table:

-	.word	0

-	.word	$7.1-$7.0

-	.word	$7.2-$7.0

-	.word	$7.3-$7.0

-	.word	$7.4-$7.0

-	.word	$7.5-$7.0

-	.word	$7.6-$7.0

-	.word	$7.7-$7.0

-})

-! {store_little_endian}

-!

-! parameter 1  address

-! parameter 2  source left

-! parameter 3  source right

-! parameter 4  temporar

-define(store_little_endian, {

-! {store_little_endian}

-! $1 $2 $3 $4 $5 $6 $7 $8 $9

-	! rightmost in register to first in memory

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	andcc	$1, 3, global0

-	bne,pn	%icc, $5

-	nop

-	sta	$2, [$1] 0x88

-	add	$1, 4, $4

-	ba,pt	%icc, $5a

-	sta	$3, [$4] 0x88

-#endif

-$5:

-	and	$2, 255, $4

-	stub	$4, [$1+0]

-	srl	$2, 8, $4

-	and	$4, 255, $4

-	stub	$4, [$1+1]

-	srl	$2, 16, $4

-	and	$4, 255, $4

-	stub	$4, [$1+2]

-	srl	$2, 24, $4

-	stub	$4, [$1+3]

-	and	$3, 255, $4

-	stub	$4, [$1+0+4]

-	srl	$3, 8, $4

-	and	$4, 255, $4

-	stub	$4, [$1+1+4]

-	srl	$3, 16, $4

-	and	$4, 255, $4

-	stub	$4, [$1+2+4]

-	srl	$3, 24, $4

-	stub	$4, [$1+3+4]

-$5a:

-})

-! {store_n_bytes}

-!

-! Stores 1 to 7 bytes little endian

-!

-! parameter 1  address

-! parameter 2  length

-! parameter 3  source register left

-! parameter 4  source register right

-! parameter 5  temp

-! parameter 6  temp2

-! parameter 7  label

-! parameter 8  return label

-define(store_n_bytes, {

-! {store_n_bytes}

-! $1 $2 $5 $6 $7 $8 $7 $8 $9

-$7.0:	call	.+8

-	sll	$2, 2, $6

-	add	%o7,$7.jmp.table-$7.0,$5

-	add	$5, $6, $5

-	ld	[$5], $5

-	jmp	%o7+$5

-	nop

-$7.7:

-	srl	$3, 16, $5

-	and	$5, 0xff, $5

-	stub	$5, [$1+6]

-$7.6:

-	srl	$3, 8, $5

-	and	$5, 0xff, $5

-	stub	$5, [$1+5]

-$7.5:

-	and	$3, 0xff, $5

-	stub	$5, [$1+4]

-$7.4:

-	srl	$4, 24, $5

-	stub	$5, [$1+3]

-$7.3:

-	srl	$4, 16, $5

-	and	$5, 0xff, $5

-	stub	$5, [$1+2]

-$7.2:

-	srl	$4, 8, $5

-	and	$5, 0xff, $5

-	stub	$5, [$1+1]

-$7.1:

-	and	$4, 0xff, $5

-	ba	$8

-	stub	$5, [$1]

-	.align 4

-$7.jmp.table:

-	.word	0

-	.word	$7.1-$7.0

-	.word	$7.2-$7.0

-	.word	$7.3-$7.0

-	.word	$7.4-$7.0

-	.word	$7.5-$7.0

-	.word	$7.6-$7.0

-	.word	$7.7-$7.0

-})

-define(testvalue,{1})

-define(register_init, {

-! For test purposes:

-	sethi	%hi(testvalue), local0

-	or	local0, %lo(testvalue), local0

-	ifelse($1,{},{}, {mov	local0, $1})

-	ifelse($2,{},{}, {mov	local0, $2})

-	ifelse($3,{},{}, {mov	local0, $3})

-	ifelse($4,{},{}, {mov	local0, $4})

-	ifelse($5,{},{}, {mov	local0, $5})

-	ifelse($6,{},{}, {mov	local0, $6})

-	ifelse($7,{},{}, {mov	local0, $7})

-	ifelse($8,{},{}, {mov	local0, $8})

-	mov	local0, local1

-	mov	local0, local2

-	mov	local0, local3

-	mov	local0, local4

-	mov	local0, local5

-	mov	local0, local7

-	mov	local0, local6

-	mov	local0, out0

-	mov	local0, out1

-	mov	local0, out2

-	mov	local0, out3

-	mov	local0, out4

-	mov	local0, out5

-	mov	local0, global1

-	mov	local0, global2

-	mov	local0, global3

-	mov	local0, global4

-	mov	local0, global5

-})

-.section	".text"

-	.align 32

-.des_enc:

-	! key address in3

-	! loads key next encryption/decryption first round from [in4]

-	rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl)

-	.align 32

-.des_dec:

-	! implemented with out5 as first parameter to avoid

-	! register exchange in ede modes

-	! key address in4

-	! loads key next encryption/decryption first round from [in3]

-	rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl)

-! void DES_encrypt1(data, ks, enc)

-! *******************************

-	.align 32

-	.global DES_encrypt1

-	.type	 DES_encrypt1,#function

-DES_encrypt1:

-	save	%sp, FRAME, %sp

-	call	.PIC.me.up

-	mov	.PIC.me.up-(.-4),out0

-	ld	[in0], in5                ! left

-	cmp	in2, 0                    ! enc

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	be,pn	%icc, .encrypt.dec        ! enc/dec

-#else

-	be	.encrypt.dec

-#endif

-	ld	[in0+4], out5             ! right

-	! parameter 6  1/2 for include encryption/decryption

-	! parameter 7  1 for move in1 to in3

-	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3

-	ip_macro(in5, out5, in5, out5, in3, 0, 1, 1)

-	rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used

-	fp_macro(in5, out5, 1)            ! 1 for store to [in0]

-	ret

-	restore

-.encrypt.dec:

-	add	in1, 120, in3             ! use last subkey for first round

-	! parameter 6  1/2 for include encryption/decryption

-	! parameter 7  1 for move in1 to in3

-	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3

-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec,  ks in4

-	fp_macro(out5, in5, 1)            ! 1 for store to [in0]

-	ret

-	restore

-.DES_encrypt1.end:

-	.size	 DES_encrypt1,.DES_encrypt1.end-DES_encrypt1

-! void DES_encrypt2(data, ks, enc)

-!*********************************

-	! encrypts/decrypts without initial/final permutation

-	.align 32

-	.global DES_encrypt2

-	.type	 DES_encrypt2,#function

-DES_encrypt2:

-	save	%sp, FRAME, %sp

-	call	.PIC.me.up

-	mov	.PIC.me.up-(.-4),out0

-	! Set sbox address 1 to 6 and rotate halfs 3 left

-	! Errors caught by destest? Yes. Still? *NO*

-	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1

-	!or	global1, %lo(DES_SPtrans), global1  ! sbox 1

-	add	global1, 256, global2     ! sbox 2

-	add	global1, 512, global3     ! sbox 3

-	ld	[in0], out5               ! right

-	add	global1, 768, global4     ! sbox 4

-	add	global1, 1024, global5    ! sbox 5

-	ld	[in0+4], in5              ! left

-	add	global1, 1280, local6     ! sbox 6

-	add	global1, 1792, out3       ! sbox 8

-	! rotate

-	sll	in5, 3, local5

-	mov	in1, in3                  ! key address to in3

-	sll	out5, 3, local7

-	srl	in5, 29, in5

-	srl	out5, 29, out5

-	add	in5, local5, in5

-	add	out5, local7, out5

-	cmp	in2, 0

-	! we use our own stackframe

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	be,pn	%icc, .encrypt2.dec       ! decryption

-#else

-	be	.encrypt2.dec

-#endif

-	STPTR	in0, [%sp+BIAS+ARG0+0*ARGSZ]

-	ld	[in3], out0               ! key 7531 first round

-	mov	LOOPS, out4               ! loop counter

-	ld	[in3+4], out1             ! key 8642 first round

-	sethi	%hi(0x0000FC00), local5

-	call .des_enc

-	mov	in3, in4

-	! rotate

-	sll	in5, 29, in0

-	srl	in5, 3, in5

-	sll	out5, 29, in1

-	add	in5, in0, in5

-	srl	out5, 3, out5

-	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0

-	add	out5, in1, out5

-	st	in5, [in0]

-	st	out5, [in0+4]

-	ret

-	restore

-.encrypt2.dec:

-	add in3, 120, in4

-	ld	[in4], out0               ! key 7531 first round

-	mov	LOOPS, out4               ! loop counter

-	ld	[in4+4], out1             ! key 8642 first round

-	sethi	%hi(0x0000FC00), local5

-	mov	in5, local1               ! left expected in out5

-	mov	out5, in5

-	call .des_dec

-	mov	local1, out5

-.encrypt2.finish:

-	! rotate

-	sll	in5, 29, in0

-	srl	in5, 3, in5

-	sll	out5, 29, in1

-	add	in5, in0, in5

-	srl	out5, 3, out5

-	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0

-	add	out5, in1, out5

-	st	out5, [in0]

-	st	in5, [in0+4]

-	ret

-	restore

-.DES_encrypt2.end:

-	.size	 DES_encrypt2, .DES_encrypt2.end-DES_encrypt2

-! void DES_encrypt3(data, ks1, ks2, ks3)

-! **************************************

-	.align 32

-	.global DES_encrypt3

-	.type	 DES_encrypt3,#function

-DES_encrypt3:

-	save	%sp, FRAME, %sp

-	call	.PIC.me.up

-	mov	.PIC.me.up-(.-4),out0

-	ld	[in0], in5                ! left

-	add	in2, 120, in4             ! ks2

-	ld	[in0+4], out5             ! right

-	mov	in3, in2                  ! save ks3

-	! parameter 6  1/2 for include encryption/decryption

-	! parameter 7  1 for mov in1 to in3

-	! parameter 8  1 for mov in3 to in4

-	! parameter 9  1 for load ks3 and ks2 to in4 and in3

-	ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0)

-	call	.des_dec

-	mov	in2, in3                  ! preload ks3

-	call	.des_enc

-	nop

-	fp_macro(in5, out5, 1)

-	ret

-	restore

-.DES_encrypt3.end:

-	.size	 DES_encrypt3,.DES_encrypt3.end-DES_encrypt3

-! void DES_decrypt3(data, ks1, ks2, ks3)

-! **************************************

-	.align 32

-	.global DES_decrypt3

-	.type	 DES_decrypt3,#function

-DES_decrypt3:

-	save	%sp, FRAME, %sp

-	call	.PIC.me.up

-	mov	.PIC.me.up-(.-4),out0

-	ld	[in0], in5                ! left

-	add	in3, 120, in4             ! ks3

-	ld	[in0+4], out5             ! right

-	mov	in2, in3                  ! ks2

-	! parameter 6  1/2 for include encryption/decryption

-	! parameter 7  1 for mov in1 to in3

-	! parameter 8  1 for mov in3 to in4

-	! parameter 9  1 for load ks3 and ks2 to in4 and in3

-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0)

-	call	.des_enc

-	add	in1, 120, in4             ! preload ks1

-	call	.des_dec

-	nop

-	fp_macro(out5, in5, 1)

-	ret

-	restore

-.DES_decrypt3.end:

-	.size	 DES_decrypt3,.DES_decrypt3.end-DES_decrypt3

-	.align	256

-	.type	 .des_and,#object

-	.size	 .des_and,284

-.des_and:

-! This table is used for AND 0xFC when it is known that register

-! bits 8-31 are zero. Makes it possible to do three arithmetic

-! operations in one cycle.

-	.byte  0, 0, 0, 0, 4, 4, 4, 4

-	.byte  8, 8, 8, 8, 12, 12, 12, 12

-	.byte  16, 16, 16, 16, 20, 20, 20, 20

-	.byte  24, 24, 24, 24, 28, 28, 28, 28

-	.byte  32, 32, 32, 32, 36, 36, 36, 36

-	.byte  40, 40, 40, 40, 44, 44, 44, 44

-	.byte  48, 48, 48, 48, 52, 52, 52, 52

-	.byte  56, 56, 56, 56, 60, 60, 60, 60

-	.byte  64, 64, 64, 64, 68, 68, 68, 68

-	.byte  72, 72, 72, 72, 76, 76, 76, 76

-	.byte  80, 80, 80, 80, 84, 84, 84, 84

-	.byte  88, 88, 88, 88, 92, 92, 92, 92

-	.byte  96, 96, 96, 96, 100, 100, 100, 100

-	.byte  104, 104, 104, 104, 108, 108, 108, 108

-	.byte  112, 112, 112, 112, 116, 116, 116, 116

-	.byte  120, 120, 120, 120, 124, 124, 124, 124

-	.byte  128, 128, 128, 128, 132, 132, 132, 132

-	.byte  136, 136, 136, 136, 140, 140, 140, 140

-	.byte  144, 144, 144, 144, 148, 148, 148, 148

-	.byte  152, 152, 152, 152, 156, 156, 156, 156

-	.byte  160, 160, 160, 160, 164, 164, 164, 164

-	.byte  168, 168, 168, 168, 172, 172, 172, 172

-	.byte  176, 176, 176, 176, 180, 180, 180, 180

-	.byte  184, 184, 184, 184, 188, 188, 188, 188

-	.byte  192, 192, 192, 192, 196, 196, 196, 196

-	.byte  200, 200, 200, 200, 204, 204, 204, 204

-	.byte  208, 208, 208, 208, 212, 212, 212, 212

-	.byte  216, 216, 216, 216, 220, 220, 220, 220

-	.byte  224, 224, 224, 224, 228, 228, 228, 228

-	.byte  232, 232, 232, 232, 236, 236, 236, 236

-	.byte  240, 240, 240, 240, 244, 244, 244, 244

-	.byte  248, 248, 248, 248, 252, 252, 252, 252

-	! 5 numbers for initil/final permutation

-	.word   0x0f0f0f0f                ! offset 256

-	.word	0x0000ffff                ! 260

-	.word	0x33333333                ! 264

-	.word	0x00ff00ff                ! 268

-	.word	0x55555555                ! 272

-	.word	0                         ! 276

-	.word	LOOPS                     ! 280

-	.word	0x0000FC00                ! 284

-.PIC.DES_SPtrans:

-	.word	%r_disp32(DES_SPtrans)

-! input:	out0	offset between .PIC.me.up and caller

-! output:	out0	pointer to .PIC.me.up

-!		out2	pointer to .des_and

-!		global1	pointer to DES_SPtrans

-	.align	32

-.PIC.me.up:

-	add	out0,%o7,out0			! pointer to .PIC.me.up

-#if 1

-	ld	[out0+(.PIC.DES_SPtrans-.PIC.me.up)],global1

-	add	global1,(.PIC.DES_SPtrans-.PIC.me.up),global1

-	add	global1,out0,global1

-#else

-# ifdef OPENSSL_PIC

-	! In case anybody wonders why this code is same for both ABI.

-	! To start with it is not. Do note LDPTR below. But of course

-	! you must be wondering why the rest of it does not contain

-	! things like %hh, %hm and %lm. Well, those are needed only

-	! if OpenSSL library *itself* will become larger than 4GB,

-	! which is not going to happen any time soon.

-	sethi	%hi(DES_SPtrans),global1

-	or	global1,%lo(DES_SPtrans),global1

-	sethi	%hi(_GLOBAL_OFFSET_TABLE_-(.PIC.me.up-.)),out2

-	add	global1,out0,global1

-	add	out2,%lo(_GLOBAL_OFFSET_TABLE_-(.PIC.me.up-.)),out2

-	LDPTR	[out2+global1],global1

-# elif 0

-	setn	DES_SPtrans,out2,global1	! synthetic instruction !

-# elif defined(ABI64)

-	sethi	%hh(DES_SPtrans),out2

-	or	out2,%hm(DES_SPtrans),out2

-	sethi	%lm(DES_SPtrans),global1

-	or	global1,%lo(DES_SPtrans),global1

-	sllx	out2,32,out2

-	or	out2,global1,global1

-# else

-	sethi	%hi(DES_SPtrans),global1

-	or	global1,%lo(DES_SPtrans),global1

-# endif

-#endif

-	retl

-	add	out0,.des_and-.PIC.me.up,out2

-! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc)

-! *****************************************************************

-	.align 32

-	.global DES_ncbc_encrypt

-	.type	 DES_ncbc_encrypt,#function

-DES_ncbc_encrypt:

-	save	%sp, FRAME, %sp

-	define({INPUT},  { [%sp+BIAS+ARG0+0*ARGSZ] })

-	define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] })

-	define({IVEC},   { [%sp+BIAS+ARG0+4*ARGSZ] })

-	call	.PIC.me.up

-	mov	.PIC.me.up-(.-4),out0

-	cmp	in5, 0                    ! enc

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	be,pn	%icc, .ncbc.dec

-#else

-	be	.ncbc.dec

-#endif

-	STPTR	in4, IVEC

-	! addr  left  right  temp  label

-	load_little_endian(in4, in5, out5, local3, .LLE1)  ! iv

-	addcc	in2, -8, in2              ! bytes missing when first block done

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bl,pn	%icc, .ncbc.enc.seven.or.less

-#else

-	bl	.ncbc.enc.seven.or.less

-#endif

-	mov	in3, in4                  ! schedule

-.ncbc.enc.next.block:

-	load_little_endian(in0, out4, global4, local3, .LLE2)  ! block

-.ncbc.enc.next.block_1:

-	xor	in5, out4, in5            ! iv xor

-	xor	out5, global4, out5       ! iv xor

-	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3

-	ip_macro(in5, out5, in5, out5, in3, 0, 0, 2)

-.ncbc.enc.next.block_2:

-!//	call .des_enc                     ! compares in2 to 8

-!	rounds inlined for alignment purposes

-	add	global1, 768, global4     ! address sbox 4 since register used below

-	rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption  ks in3

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bl,pn	%icc, .ncbc.enc.next.block_fp

-#else

-	bl	.ncbc.enc.next.block_fp

-#endif

-	add	in0, 8, in0               ! input address

-	! If 8 or more bytes are to be encrypted after this block,

-	! we combine final permutation for this block with initial

-	! permutation for next block. Load next block:

-	load_little_endian(in0, global3, global4, local5, .LLE12)

-	!  parameter 1   original left

-	!  parameter 2   original right

-	!  parameter 3   left ip

-	!  parameter 4   right ip

-	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4

-	!                2: mov in4 to in3

-	!

-	! also adds -8 to length in2 and loads loop counter to out4

-	fp_ip_macro(out0, out1, global3, global4, 2)

-	store_little_endian(in1, out0, out1, local3, .SLE10)  ! block

-	ld	[in3], out0               ! key 7531 first round next block

-	mov 	in5, local1

-	xor	global3, out5, in5        ! iv xor next block

-	ld	[in3+4], out1             ! key 8642

-	add	global1, 512, global3     ! address sbox 3 since register used

-	xor	global4, local1, out5     ! iv xor next block

-	ba	.ncbc.enc.next.block_2

-	add	in1, 8, in1               ! output adress

-.ncbc.enc.next.block_fp:

-	fp_macro(in5, out5)

-	store_little_endian(in1, in5, out5, local3, .SLE1)  ! block

-	addcc   in2, -8, in2              ! bytes missing when next block done

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bpos,pt	%icc, .ncbc.enc.next.block  ! also jumps if 0

-#else

-	bpos	.ncbc.enc.next.block

-#endif

-	add	in1, 8, in1

-.ncbc.enc.seven.or.less:

-	cmp	in2, -8

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	ble,pt	%icc, .ncbc.enc.finish

-#else

-	ble	.ncbc.enc.finish

-#endif

-	nop

-	add	in2, 8, local1            ! bytes to load

-	! addr, length, dest left, dest right, temp, temp2, label, ret label

-	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1)

-	! Loads 1 to 7 bytes little endian to global4, out4

-.ncbc.enc.finish:

-	LDPTR	IVEC, local4

-	store_little_endian(local4, in5, out5, local5, .SLE2)  ! ivec

-	ret

-	restore

-.ncbc.dec:

-	STPTR	in0, INPUT

-	cmp	in2, 0                    ! length

-	add	in3, 120, in3

-	LDPTR	IVEC, local7              ! ivec

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	ble,pn	%icc, .ncbc.dec.finish

-#else

-	ble	.ncbc.dec.finish

-#endif

-	mov	in3, in4                  ! schedule

-	STPTR	in1, OUTPUT

-	mov	in0, local5               ! input

-	load_little_endian(local7, in0, in1, local3, .LLE3)   ! ivec

-.ncbc.dec.next.block:

-	load_little_endian(local5, in5, out5, local3, .LLE4)  ! block

-	! parameter 6  1/2 for include encryption/decryption

-	! parameter 7  1 for mov in1 to in3

-	! parameter 8  1 for mov in3 to in4

-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion  ks in4

-	fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7

-	! in2 is bytes left to be stored

-	! in2 is compared to 8 in the rounds

-	xor	out5, in0, out4           ! iv xor

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bl,pn	%icc, .ncbc.dec.seven.or.less

-#else

-	bl	.ncbc.dec.seven.or.less

-#endif

-	xor	in5, in1, global4         ! iv xor

-	! Load ivec next block now, since input and output address might be the same.

-	load_little_endian_inc(local5, in0, in1, local3, .LLE5)  ! iv

-	store_little_endian(local7, out4, global4, local3, .SLE3)

-	STPTR	local5, INPUT

-	add	local7, 8, local7

-	addcc   in2, -8, in2

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bg,pt	%icc, .ncbc.dec.next.block

-#else

-	bg	.ncbc.dec.next.block

-#endif

-	STPTR	local7, OUTPUT

-.ncbc.dec.store.iv:

-	LDPTR	IVEC, local4              ! ivec

-	store_little_endian(local4, in0, in1, local5, .SLE4)

-.ncbc.dec.finish:

-	ret

-	restore

-.ncbc.dec.seven.or.less:

-	load_little_endian_inc(local5, in0, in1, local3, .LLE13)     ! ivec

-	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv)

-.DES_ncbc_encrypt.end:

-	.size	 DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt

-! void DES_ede3_cbc_encrypt(input, output, lenght, ks1, ks2, ks3, ivec, enc)

-! **************************************************************************

-	.align 32

-	.global DES_ede3_cbc_encrypt

-	.type	 DES_ede3_cbc_encrypt,#function

-DES_ede3_cbc_encrypt:

-	save	%sp, FRAME, %sp

-	define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] })

-	define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] })

-	define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] })

-	call	.PIC.me.up

-	mov	.PIC.me.up-(.-4),out0

-	LDPTR	[%fp+BIAS+ARG0+7*ARGSZ], local3          ! enc

-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec

-	cmp	local3, 0                 ! enc

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	be,pn	%icc, .ede3.dec

-#else

-	be	.ede3.dec

-#endif

-	STPTR	in4, KS2

-	STPTR	in5, KS3

-	load_little_endian(local4, in5, out5, local3, .LLE6)  ! ivec

-	addcc	in2, -8, in2              ! bytes missing after next block

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bl,pn	%icc,  .ede3.enc.seven.or.less

-#else

-	bl	.ede3.enc.seven.or.less

-#endif

-	STPTR	in3, KS1

-.ede3.enc.next.block:

-	load_little_endian(in0, out4, global4, local3, .LLE7)

-.ede3.enc.next.block_1:

-	LDPTR	KS2, in4

-	xor	in5, out4, in5            ! iv xor

-	xor	out5, global4, out5       ! iv xor

-	LDPTR	KS1, in3

-	add	in4, 120, in4             ! for decryption we use last subkey first

-	nop

-	ip_macro(in5, out5, in5, out5, in3)

-.ede3.enc.next.block_2:

-	call .des_enc                     ! ks1 in3

-	nop

-	call .des_dec                     ! ks2 in4

-	LDPTR	KS3, in3

-	call .des_enc                     ! ks3 in3  compares in2 to 8

-	nop

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bl,pn	%icc, .ede3.enc.next.block_fp

-#else

-	bl	.ede3.enc.next.block_fp

-#endif

-	add	in0, 8, in0

-	! If 8 or more bytes are to be encrypted after this block,

-	! we combine final permutation for this block with initial

-	! permutation for next block. Load next block:

-	load_little_endian(in0, global3, global4, local5, .LLE11)

-	!  parameter 1   original left

-	!  parameter 2   original right

-	!  parameter 3   left ip

-	!  parameter 4   right ip

-	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4

-	!                2: mov in4 to in3

-	!

-	! also adds -8 to length in2 and loads loop counter to out4

-	fp_ip_macro(out0, out1, global3, global4, 1)

-	store_little_endian(in1, out0, out1, local3, .SLE9)  ! block

-	mov 	in5, local1

-	xor	global3, out5, in5        ! iv xor next block

-	ld	[in3], out0               ! key 7531

-	add	global1, 512, global3     ! address sbox 3

-	xor	global4, local1, out5     ! iv xor next block

-	ld	[in3+4], out1             ! key 8642

-	add	global1, 768, global4     ! address sbox 4

-	ba	.ede3.enc.next.block_2

-	add	in1, 8, in1

-.ede3.enc.next.block_fp:

-	fp_macro(in5, out5)

-	store_little_endian(in1, in5, out5, local3, .SLE5)  ! block

-	addcc   in2, -8, in2              ! bytes missing when next block done

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bpos,pt	%icc, .ede3.enc.next.block

-#else

-	bpos	.ede3.enc.next.block

-#endif

-	add	in1, 8, in1

-.ede3.enc.seven.or.less:

-	cmp	in2, -8

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	ble,pt	%icc, .ede3.enc.finish

-#else

-	ble	.ede3.enc.finish

-#endif

-	nop

-	add	in2, 8, local1            ! bytes to load

-	! addr, length, dest left, dest right, temp, temp2, label, ret label

-	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1)

-.ede3.enc.finish:

-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec

-	store_little_endian(local4, in5, out5, local5, .SLE6)  ! ivec

-	ret

-	restore

-.ede3.dec:

-	STPTR	in0, INPUT

-	add	in5, 120, in5

-	STPTR	in1, OUTPUT

-	mov	in0, local5

-	add	in3, 120, in3

-	STPTR	in3, KS1

-	cmp	in2, 0

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	ble	%icc, .ede3.dec.finish

-#else

-	ble	.ede3.dec.finish

-#endif

-	STPTR	in5, KS3

-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local7          ! iv

-	load_little_endian(local7, in0, in1, local3, .LLE8)

-.ede3.dec.next.block:

-	load_little_endian(local5, in5, out5, local3, .LLE9)

-	! parameter 6  1/2 for include encryption/decryption

-	! parameter 7  1 for mov in1 to in3

-	! parameter 8  1 for mov in3 to in4

-	! parameter 9  1 for load ks3 and ks2 to in4 and in3

-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4

-	call .des_enc                     ! ks2 in3

-	LDPTR	KS1, in4

-	call .des_dec                     ! ks1 in4

-	nop

-	fp_macro(out5, in5, 0, 1)   ! 1 for input and output address local5/7

-	! in2 is bytes left to be stored

-	! in2 is compared to 8 in the rounds

-	xor	out5, in0, out4

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bl,pn	%icc, .ede3.dec.seven.or.less

-#else

-	bl	.ede3.dec.seven.or.less

-#endif

-	xor	in5, in1, global4

-	load_little_endian_inc(local5, in0, in1, local3, .LLE10)   ! iv next block

-	store_little_endian(local7, out4, global4, local3, .SLE7)  ! block

-	STPTR	local5, INPUT

-	addcc   in2, -8, in2

-	add	local7, 8, local7

-#ifdef OPENSSL_SYSNAME_ULTRASPARC

-	bg,pt	%icc, .ede3.dec.next.block

-#else

-	bg	.ede3.dec.next.block

-#endif

-	STPTR	local7, OUTPUT

-.ede3.dec.store.iv:

-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec

-	store_little_endian(local4, in0, in1, local5, .SLE8)  ! ivec

-.ede3.dec.finish:

-	ret

-	restore

-.ede3.dec.seven.or.less:

-	load_little_endian_inc(local5, in0, in1, local3, .LLE14)     ! iv

-	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv)

-.DES_ede3_cbc_encrypt.end:

-	.size	 DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt

--- a/sys/src/ape/lib/openssl/crypto/des/asm/desboth.pl

+++ /dev/null

@@ -1,79 +1,0 @@

-#!/usr/local/bin/perl

-$L="edi";

-$R="esi";

-sub DES_encrypt3

-	{

-	local($name,$enc)=@_;

-	&function_begin_B($name,"");

-	&push("ebx");

-	&mov("ebx",&wparam(0));

-	&push("ebp");

-	&push("esi");

-	&push("edi");

-	&comment("");

-	&comment("Load the data words");

-	&mov($L,&DWP(0,"ebx","",0));

-	&mov($R,&DWP(4,"ebx","",0));

-	&stack_push(3);

-	&comment("");

-	&comment("IP");

-	&IP_new($L,$R,"edx",0);

-	# put them back

-	if ($enc)

-		{

-		&mov(&DWP(4,"ebx","",0),$R);

-		 &mov("eax",&wparam(1));

-		&mov(&DWP(0,"ebx","",0),"edx");

-		 &mov("edi",&wparam(2));

-		 &mov("esi",&wparam(3));

-		}

-	else

-		{

-		&mov(&DWP(4,"ebx","",0),$R);

-		 &mov("esi",&wparam(1));

-		&mov(&DWP(0,"ebx","",0),"edx");

-		 &mov("edi",&wparam(2));

-		 &mov("eax",&wparam(3));

-		}

-	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));

-	&mov(&swtmp(1),	"eax");

-	&mov(&swtmp(0),	"ebx");

-	&call("DES_encrypt2");

-	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));

-	&mov(&swtmp(1),	"edi");

-	&mov(&swtmp(0),	"ebx");

-	&call("DES_encrypt2");

-	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));

-	&mov(&swtmp(1),	"esi");

-	&mov(&swtmp(0),	"ebx");

-	&call("DES_encrypt2");

-	&stack_pop(3);

-	&mov($L,&DWP(0,"ebx","",0));

-	&mov($R,&DWP(4,"ebx","",0));

-	&comment("");

-	&comment("FP");

-	&FP_new($L,$R,"eax",0);

-	&mov(&DWP(0,"ebx","",0),"eax");

-	&mov(&DWP(4,"ebx","",0),$R);

-	&pop("edi");

-	&pop("esi");

-	&pop("ebp");

-	&pop("ebx");

-	&ret();

-	&function_end_B($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/asm/readme

+++ /dev/null

@@ -1,131 +1,0 @@

-First up, let me say I don't like writing in assembler.  It is not portable,

-dependant on the particular CPU architecture release and is generally a pig

-to debug and get right.  Having said that, the x86 architecture is probably

-the most important for speed due to number of boxes and since

-it appears to be the worst architecture to to get

-good C compilers for.  So due to this, I have lowered myself to do

-assembler for the inner DES routines in libdes :-).

-The file to implement in assembler is des_enc.c.  Replace the following

-4 functions

-des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);

-des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);

-des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);

-des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);

-They encrypt/decrypt the 64 bits held in 'data' using

-the 'ks' key schedules.   The only difference between the 4 functions is that

-des_encrypt2() does not perform IP() or FP() on the data (this is an

-optimization for when doing triple DES and des_encrypt3() and des_decrypt3()

-perform triple des.  The triple DES routines are in here because it does

-make a big difference to have them located near the des_encrypt2 function

-at link time..

-Now as we all know, there are lots of different operating systems running on

-x86 boxes, and unfortunately they normally try to make sure their assembler

-formating is not the same as the other peoples.

-The 4 main formats I know of are

-Microsoft	Windows 95/Windows NT

-Elf		Includes Linux and FreeBSD(?).

-a.out		The older Linux.

-Solaris		Same as Elf but different comments :-(.

-Now I was not overly keen to write 4 different copies of the same code,

-so I wrote a few perl routines to output the correct assembler, given

-a target assembler type.  This code is ugly and is just a hack.

-The libraries are x86unix.pl and x86ms.pl.

-des586.pl, des686.pl and des-som[23].pl are the programs to actually

-generate the assembler.

-So to generate elf assembler

-perl des-som3.pl elf >dx86-elf.s

-For Windows 95/NT

-perl des-som2.pl win32 >win32.asm

-[ update 4 Jan 1996 ]

-I have added another way to do things.

-perl des-som3.pl cpp >dx86-cpp.s

-generates a file that will be included by dx86unix.cpp when it is compiled.

-To build for elf, a.out, solaris, bsdi etc,

-cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o

-cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o

-cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o

-cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o

-This was done to cut down the number of files in the distribution.

-Now the ugly part.  I acquired my copy of Intels

-"Optimization's For Intel's 32-Bit Processors" and found a few interesting

-things.  First, the aim of the exersize is to 'extract' one byte at a time

-from a word and do an array lookup.  This involves getting the byte from

-the 4 locations in the word and moving it to a new word and doing the lookup.

-The most obvious way to do this is

-xor	eax,	eax				# clear word

-movb	al,	cl				# get low byte

-xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word

-movb	al,	ch				# get next byte

-xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word

-shr	ecx	16

-which seems ok.  For the pentium, this system appears to be the best.

-One has to do instruction interleaving to keep both functional units

-operating, but it is basically very efficient.

-Now the crunch.  When a full register is used after a partial write, eg.

-mov	al,	cl

-xor	edi,	DWORD PTR 0x100+des_SP[eax]

-386	- 1 cycle stall

-486	- 1 cycle stall

-586	- 0 cycle stall

-686	- at least 7 cycle stall (page 22 of the above mentioned document).

-So the technique that produces the best results on a pentium, according to

-the documentation, will produce hideous results on a pentium pro.

-To get around this, des686.pl will generate code that is not as fast on

-a pentium, should be very good on a pentium pro.

-mov	eax,	ecx				# copy word

-shr	ecx,	8				# line up next byte

-and	eax,	0fch				# mask byte

-xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup

-mov	eax,	ecx				# get word

-shr	ecx	8				# line up next byte

-and	eax,	0fch				# mask byte

-xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup

-Due to the execution units in the pentium, this actually works quite well.

-For a pentium pro it should be very good.  This is the type of output

-Visual C++ generates.

-There is a third option.  instead of using

-mov	al,	ch

-which is bad on the pentium pro, one may be able to use

-movzx	eax,	ch

-which may not incur the partial write penalty.  On the pentium,

-this instruction takes 4 cycles so is not worth using but on the

-pentium pro it appears it may be worth while.  I need access to one to

-experiment :-).

-eric (20 Oct 1996)

-22 Nov 1996 - I have asked people to run the 2 different version on pentium

-pros and it appears that the intel documentation is wrong.  The

-mov al,bh is still faster on a pentium pro, so just use the des586.pl

-install des686.pl

-3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these

-functions into des_enc.c because it does make a massive performance

-difference on some boxes to have the functions code located close to

-the des_encrypt2() function.

-9 Jan 1997 - des-som2.pl is now the correct perl script to use for

-pentiums.  It contains an inner loop from

-Svend Olaf Mikkelsen <[email protected]> which does raw ecb DES calls at

-273,000 per second.  He had a previous version at 250,000 and the best

-I was able to get was 203,000.  The content has not changed, this is all

-due to instruction sequencing (and actual instructions choice) which is able

-to keep both functional units of the pentium going.

-We may have lost the ugly register usage restrictions when x86 went 32 bit

-but for the pentium it has been replaced by evil instruction ordering tricks.

-13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.

-raw DES at 281,000 per second on a pentium 100.

--- a/sys/src/ape/lib/openssl/crypto/des/cbc3_enc.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* crypto/des/cbc3_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-/* HAS BUGS! DON'T USE - this is only present for use in des.c */

-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,

-	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,

-	     DES_cblock *iv2, int enc)

-	{

-	int off=((int)length-1)/8;

-	long l8=((length+7)/8)*8;

-	DES_cblock niv1,niv2;

-	if (enc == DES_ENCRYPT)

-		{

-		DES_cbc_encrypt((unsigned char*)input,

-				(unsigned char*)output,length,&ks1,iv1,enc);

-		if (length >= sizeof(DES_cblock))

-			memcpy(niv1,output[off],sizeof(DES_cblock));

-		DES_cbc_encrypt((unsigned char*)output,

-				(unsigned char*)output,l8,&ks2,iv1,!enc);

-		DES_cbc_encrypt((unsigned char*)output,

-				(unsigned char*)output,l8,&ks1,iv2,enc);

-		if (length >= sizeof(DES_cblock))

-			memcpy(niv2,output[off],sizeof(DES_cblock));

-		}

-	else

-		{

-		if (length >= sizeof(DES_cblock))

-			memcpy(niv2,input[off],sizeof(DES_cblock));

-		DES_cbc_encrypt((unsigned char*)input,

-				(unsigned char*)output,l8,&ks1,iv2,enc);

-		DES_cbc_encrypt((unsigned char*)output,

-				(unsigned char*)output,l8,&ks2,iv1,!enc);

-		if (length >= sizeof(DES_cblock))

-			memcpy(niv1,output[off],sizeof(DES_cblock));

-		DES_cbc_encrypt((unsigned char*)output,

-				(unsigned char*)output,length,&ks1,iv1,enc);

-		}

-	memcpy(*iv1,niv1,sizeof(DES_cblock));

-	memcpy(*iv2,niv2,sizeof(DES_cblock));

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/cbc_cksm.c

+++ /dev/null

@@ -1,106 +1,0 @@

-/* crypto/des/cbc_cksm.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,

-		       long length, DES_key_schedule *schedule,

-		       const_DES_cblock *ivec)

-	{

-	register DES_LONG tout0,tout1,tin0,tin1;

-	register long l=length;

-	DES_LONG tin[2];

-	unsigned char *out = &(*output)[0];

-	const unsigned char *iv = &(*ivec)[0];

-	c2l(iv,tout0);

-	c2l(iv,tout1);

-	for (; l>0; l-=8)

-		{

-		if (l >= 8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			}

-		else

-			c2ln(in,tin0,tin1,l);

-		tin0^=tout0; tin[0]=tin0;

-		tin1^=tout1; tin[1]=tin1;

-		DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);

-		/* fix 15/10/91 eay - thanks to [email protected] */

-		tout0=tin[0];

-		tout1=tin[1];

-		}

-	if (out != NULL)

-		{

-		l2c(tout0,out);

-		l2c(tout1,out);

-		}

-	tout0=tin0=tin1=tin[0]=tin[1]=0;

-	/*

-	  Transform the data in tout1 so that it will

-	  match the return value that the MIT Kerberos

-	  mit_des_cbc_cksum API returns.

-	*/

-	tout1 = ((tout1 >> 24L) & 0x000000FF)

-	      | ((tout1 >> 8L)  & 0x0000FF00)

-	      | ((tout1 << 8L)  & 0x00FF0000)

-	      | ((tout1 << 24L) & 0xFF000000);

-	return(tout1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/cbc_enc.c

+++ /dev/null

@@ -1,61 +1,0 @@

-/* crypto/des/cbc_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define CBC_ENC_C__DONT_UPDATE_IV

-#include "ncbc_enc.c" /* des_cbc_encrypt */

--- a/sys/src/ape/lib/openssl/crypto/des/cfb64ede.c

+++ /dev/null

@@ -1,254 +1,0 @@

-/* crypto/des/cfb64ede.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-#include "e_os.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			    long length, DES_key_schedule *ks1,

-			    DES_key_schedule *ks2, DES_key_schedule *ks3,

-			    DES_cblock *ivec, int *num, int enc)

-	{

-	register DES_LONG v0,v1;

-	register long l=length;

-	register int n= *num;

-	DES_LONG ti[2];

-	unsigned char *iv,c,cc;

-	iv=&(*ivec)[0];

-	if (enc)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0);

-				c2l(iv,v1);

-				ti[0]=v0;

-				ti[1]=v1;

-				DES_encrypt3(ti,ks1,ks2,ks3);

-				v0=ti[0];

-				v1=ti[1];

-				iv = &(*ivec)[0];

-				l2c(v0,iv);

-				l2c(v1,iv);

-				iv = &(*ivec)[0];

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0);

-				c2l(iv,v1);

-				ti[0]=v0;

-				ti[1]=v1;

-				DES_encrypt3(ti,ks1,ks2,ks3);

-				v0=ti[0];

-				v1=ti[1];

-				iv = &(*ivec)[0];

-				l2c(v0,iv);

-				l2c(v1,iv);

-				iv = &(*ivec)[0];

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=c=cc=0;

-	*num=n;

-	}

-#ifdef undef /* MACRO */

-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),

-	     int *num, int enc)

-	{

-	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);

-	}

-#endif

-/* This is compatible with the single key CFB-r for DES, even thought that's

- * not what EVP needs.

- */

-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,

-			  int numbits,long length,DES_key_schedule *ks1,

-			  DES_key_schedule *ks2,DES_key_schedule *ks3,

-			  DES_cblock *ivec,int enc)

-	{

-	register DES_LONG d0,d1,v0,v1;

-	register unsigned long l=length,n=((unsigned int)numbits+7)/8;

-	register int num=numbits,i;

-	DES_LONG ti[2];

-	unsigned char *iv;

-	unsigned char ovec[16];

-	if (num > 64) return;

-	iv = &(*ivec)[0];

-	c2l(iv,v0);

-	c2l(iv,v1);

-	if (enc)

-		{

-		while (l >= n)

-			{

-			l-=n;

-			ti[0]=v0;

-			ti[1]=v1;

-			DES_encrypt3(ti,ks1,ks2,ks3);

-			c2ln(in,d0,d1,n);

-			in+=n;

-			d0^=ti[0];

-			d1^=ti[1];

-			l2cn(d0,d1,out,n);

-			out+=n;

-			/* 30-08-94 - eay - changed because l>>32 and

-			 * l<<32 are bad under gcc :-( */

-			if (num == 32)

-				{ v0=v1; v1=d0; }

-			else if (num == 64)

-				{ v0=d0; v1=d1; }

-			else

-				{

-				iv=&ovec[0];

-				l2c(v0,iv);

-				l2c(v1,iv);

-				l2c(d0,iv);

-				l2c(d1,iv);

-				/* shift ovec left most of the bits... */

-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));

-				/* now the remaining bits */

-				if(num%8 != 0)

-					for(i=0 ; i < 8 ; ++i)

-						{

-						ovec[i]<<=num%8;

-						ovec[i]|=ovec[i+1]>>(8-num%8);

-						}

-				iv=&ovec[0];

-				c2l(iv,v0);

-				c2l(iv,v1);

-				}

-			}

-		}

-	else

-		{

-		while (l >= n)

-			{

-			l-=n;

-			ti[0]=v0;

-			ti[1]=v1;

-			DES_encrypt3(ti,ks1,ks2,ks3);

-			c2ln(in,d0,d1,n);

-			in+=n;

-			/* 30-08-94 - eay - changed because l>>32 and

-			 * l<<32 are bad under gcc :-( */

-			if (num == 32)

-				{ v0=v1; v1=d0; }

-			else if (num == 64)

-				{ v0=d0; v1=d1; }

-			else

-				{

-				iv=&ovec[0];

-				l2c(v0,iv);

-				l2c(v1,iv);

-				l2c(d0,iv);

-				l2c(d1,iv);

-				/* shift ovec left most of the bits... */

-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));

-				/* now the remaining bits */

-				if(num%8 != 0)

-					for(i=0 ; i < 8 ; ++i)

-						{

-						ovec[i]<<=num%8;

-						ovec[i]|=ovec[i+1]>>(8-num%8);

-						}

-				iv=&ovec[0];

-				c2l(iv,v0);

-				c2l(iv,v1);

-				}

-			d0^=ti[0];

-			d1^=ti[1];

-			l2cn(d0,d1,out,n);

-			out+=n;

-			}

-		}

-	iv = &(*ivec)[0];

-	l2c(v0,iv);

-	l2c(v1,iv);

-	v0=v1=d0=d1=ti[0]=ti[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/cfb64enc.c

+++ /dev/null

@@ -1,121 +1,0 @@

-/* crypto/des/cfb64enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, DES_key_schedule *schedule,

-		       DES_cblock *ivec, int *num, int enc)

-	{

-	register DES_LONG v0,v1;

-	register long l=length;

-	register int n= *num;

-	DES_LONG ti[2];

-	unsigned char *iv,c,cc;

-	iv = &(*ivec)[0];

-	if (enc)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0); ti[0]=v0;

-				c2l(iv,v1); ti[1]=v1;

-				DES_encrypt1(ti,schedule,DES_ENCRYPT);

-				iv = &(*ivec)[0];

-				v0=ti[0]; l2c(v0,iv);

-				v0=ti[1]; l2c(v0,iv);

-				iv = &(*ivec)[0];

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0); ti[0]=v0;

-				c2l(iv,v1); ti[1]=v1;

-				DES_encrypt1(ti,schedule,DES_ENCRYPT);

-				iv = &(*ivec)[0];

-				v0=ti[0]; l2c(v0,iv);

-				v0=ti[1]; l2c(v0,iv);

-				iv = &(*ivec)[0];

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=c=cc=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/cfb_enc.c

+++ /dev/null

@@ -1,195 +1,0 @@

-/* crypto/des/cfb_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "e_os.h"

-#include "des_locl.h"

-#include <assert.h>

-/* The input and output are loaded in multiples of 8 bits.

- * What this means is that if you hame numbits=12 and length=2

- * the first 12 bits will be retrieved from the first byte and half

- * the second.  The second 12 bits will come from the 3rd and half the 4th

- * byte.

- */

-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it

- * will not be compatible with any encryption prior to that date. Ben. */

-void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,

-		     long length, DES_key_schedule *schedule, DES_cblock *ivec,

-		     int enc)

-	{

-	register DES_LONG d0,d1,v0,v1;

-	register unsigned long l=length;

-	register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8;

-	DES_LONG ti[2];

-	unsigned char *iv;

-#ifndef L_ENDIAN

-	unsigned char ovec[16];

-#else

-	unsigned int  sh[4];

-	unsigned char *ovec=(unsigned char *)sh;

-	/* I kind of count that compiler optimizes away this assertioni,*/

-	assert (sizeof(sh[0])==4);	/* as this holds true for all,	*/

-					/* but 16-bit platforms...	*/

-#endif

-	if (numbits<=0 || numbits > 64) return;

-	iv = &(*ivec)[0];

-	c2l(iv,v0);

-	c2l(iv,v1);

-	if (enc)

-		{

-		while (l >= (unsigned long)n)

-			{

-			l-=n;

-			ti[0]=v0;

-			ti[1]=v1;

-			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);

-			c2ln(in,d0,d1,n);

-			in+=n;

-			d0^=ti[0];

-			d1^=ti[1];

-			l2cn(d0,d1,out,n);

-			out+=n;

-			/* 30-08-94 - eay - changed because l>>32 and

-			 * l<<32 are bad under gcc :-( */

-			if (numbits == 32)

-				{ v0=v1; v1=d0; }

-			else if (numbits == 64)

-				{ v0=d0; v1=d1; }

-			else

-				{

-#ifndef L_ENDIAN

-				iv=&ovec[0];

-				l2c(v0,iv);

-				l2c(v1,iv);

-				l2c(d0,iv);

-				l2c(d1,iv);

-#else

-				sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;

-#endif

-				if (rem==0)

-					memmove(ovec,ovec+num,8);

-				else

-					for(i=0 ; i < 8 ; ++i)

-						ovec[i]=ovec[i+num]<<rem |

-							ovec[i+num+1]>>(8-rem);

-#ifdef L_ENDIAN

-				v0=sh[0], v1=sh[1];

-#else

-				iv=&ovec[0];

-				c2l(iv,v0);

-				c2l(iv,v1);

-#endif

-				}

-			}

-		}

-	else

-		{

-		while (l >= (unsigned long)n)

-			{

-			l-=n;

-			ti[0]=v0;

-			ti[1]=v1;

-			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);

-			c2ln(in,d0,d1,n);

-			in+=n;

-			/* 30-08-94 - eay - changed because l>>32 and

-			 * l<<32 are bad under gcc :-( */

-			if (numbits == 32)

-				{ v0=v1; v1=d0; }

-			else if (numbits == 64)

-				{ v0=d0; v1=d1; }

-			else

-				{

-#ifndef L_ENDIAN

-				iv=&ovec[0];

-				l2c(v0,iv);

-				l2c(v1,iv);

-				l2c(d0,iv);

-				l2c(d1,iv);

-#else

-				sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;

-#endif

-				if (rem==0)

-					memmove(ovec,ovec+num,8);

-				else

-					for(i=0 ; i < 8 ; ++i)

-						ovec[i]=ovec[i+num]<<rem |

-							ovec[i+num+1]>>(8-rem);

-#ifdef L_ENDIAN

-				v0=sh[0], v1=sh[1];

-#else

-				iv=&ovec[0];

-				c2l(iv,v0);

-				c2l(iv,v1);

-#endif

-				}

-			d0^=ti[0];

-			d1^=ti[1];

-			l2cn(d0,d1,out,n);

-			out+=n;

-			}

-		}

-	iv = &(*ivec)[0];

-	l2c(v0,iv);

-	l2c(v1,iv);

-	v0=v1=d0=d1=ti[0]=ti[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/des.c

+++ /dev/null

@@ -1,932 +1,0 @@

-/* crypto/des/des.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_SYS_MSDOS

-#ifndef OPENSSL_SYS_VMS

-#include OPENSSL_UNISTD

-#else /* OPENSSL_SYS_VMS */

-#ifdef __DECC

-#include <unistd.h>

-#else /* not __DECC */

-#include <math.h>

-#endif /* __DECC */

-#endif /* OPENSSL_SYS_VMS */

-#else /* OPENSSL_SYS_MSDOS */

-#include <io.h>

-#endif

-#include <time.h>

-#include "des_ver.h"

-#ifdef OPENSSL_SYS_VMS

-#include <types.h>

-#include <stat.h>

-#else

-#ifndef _IRIX

-#include <sys/types.h>

-#endif

-#include <sys/stat.h>

-#endif

-#include <openssl/des.h>

-#include <openssl/rand.h>

-#include <openssl/ui_compat.h>

-void usage(void);

-void doencryption(void);

-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);

-void uufwriteEnd(FILE *fp);

-int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);

-int uuencode(unsigned char *in,int num,unsigned char *out);

-int uudecode(unsigned char *in,int num,unsigned char *out);

-void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,

-	DES_key_schedule sk1,DES_key_schedule sk2,

-	DES_cblock *ivec1,DES_cblock *ivec2,int enc);

-#ifdef OPENSSL_SYS_VMS

-#define EXIT(a) exit(a&0x10000000L)

-#else

-#define EXIT(a) exit(a)

-#endif

-#define BUFSIZE (8*1024)

-#define VERIFY  1

-#define KEYSIZ	8

-#define KEYSIZB 1024 /* should hit tty line limit first :-) */

-char key[KEYSIZB+1];

-int do_encrypt,longk=0;

-FILE *DES_IN,*DES_OUT,*CKSUM_OUT;

-char uuname[200];

-unsigned char uubuf[50];

-int uubufnum=0;

-#define INUUBUFN	(45*100)

-#define OUTUUBUF	(65*100)

-unsigned char b[OUTUUBUF];

-unsigned char bb[300];

-DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

-char cksumname[200]="";

-int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;

-int main(int argc, char **argv)

-	{

-	int i;

-	struct stat ins,outs;

-	char *p;

-	char *in=NULL,*out=NULL;

-	vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;

-	error=0;

-	memset(key,0,sizeof(key));

-	for (i=1; i<argc; i++)

-		{

-		p=argv[i];

-		if ((p[0] == '-') && (p[1] != '\0'))

-			{

-			p++;

-			while (*p)

-				{

-				switch (*(p++))

-					{

-				case '3':

-					flag3=1;

-					longk=1;

-					break;

-				case 'c':

-					cflag=1;

-					strncpy(cksumname,p,200);

-					cksumname[sizeof(cksumname)-1]='\0';

-					p+=strlen(cksumname);

-					break;

-				case 'C':

-					cflag=1;

-					longk=1;

-					strncpy(cksumname,p,200);

-					cksumname[sizeof(cksumname)-1]='\0';

-					p+=strlen(cksumname);

-					break;

-				case 'e':

-					eflag=1;

-					break;

-				case 'v':

-					vflag=1;

-					break;

-				case 'E':

-					eflag=1;

-					longk=1;

-					break;

-				case 'd':

-					dflag=1;

-					break;

-				case 'D':

-					dflag=1;

-					longk=1;

-					break;

-				case 'b':

-					bflag=1;

-					break;

-				case 'f':

-					fflag=1;

-					break;

-				case 's':

-					sflag=1;

-					break;

-				case 'u':

-					uflag=1;

-					strncpy(uuname,p,200);

-					uuname[sizeof(uuname)-1]='\0';

-					p+=strlen(uuname);

-					break;

-				case 'h':

-					hflag=1;

-					break;

-				case 'k':

-					kflag=1;

-					if ((i+1) == argc)

-						{

-						fputs("must have a key with the -k option\n",stderr);

-						error=1;

-						}

-					else

-						{

-						int j;

-						i++;

-						strncpy(key,argv[i],KEYSIZB);

-						for (j=strlen(argv[i])-1; j>=0; j--)

-							argv[i][j]='\0';

-						}

-					break;

-				default:

-					fprintf(stderr,"'%c' unknown flag\n",p[-1]);

-					error=1;

-					break;

-					}

-				}

-			}

-		else

-			{

-			if (in == NULL)

-				in=argv[i];

-			else if (out == NULL)

-				out=argv[i];

-			else

-				error=1;

-			}

-		}

-	if (error) usage();

-	/* We either

-	 * do checksum or

-	 * do encrypt or

-	 * do decrypt or

-	 * do decrypt then ckecksum or

-	 * do checksum then encrypt

-	 */

-	if (((eflag+dflag) == 1) || cflag)

-		{

-		if (eflag) do_encrypt=DES_ENCRYPT;

-		if (dflag) do_encrypt=DES_DECRYPT;

-		}

-	else

-		{

-		if (vflag)

-			{

-#ifndef _Windows

-			fprintf(stderr,"des(1) built with %s\n",libdes_version);

-#endif

-			EXIT(1);

-			}

-		else usage();

-		}

-#ifndef _Windows

-	if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);

-#endif

-	if (	(in != NULL) &&

-		(out != NULL) &&

-#ifndef OPENSSL_SYS_MSDOS

-		(stat(in,&ins) != -1) &&

-		(stat(out,&outs) != -1) &&

-		(ins.st_dev == outs.st_dev) &&

-		(ins.st_ino == outs.st_ino))

-#else /* OPENSSL_SYS_MSDOS */

-		(strcmp(in,out) == 0))

-#endif

-			{

-			fputs("input and output file are the same\n",stderr);

-			EXIT(3);

-			}

-	if (!kflag)

-		if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))

-			{

-			fputs("password error\n",stderr);

-			EXIT(2);

-			}

-	if (in == NULL)

-		DES_IN=stdin;

-	else if ((DES_IN=fopen(in,"r")) == NULL)

-		{

-		perror("opening input file");

-		EXIT(4);

-		}

-	CKSUM_OUT=stdout;

-	if (out == NULL)

-		{

-		DES_OUT=stdout;

-		CKSUM_OUT=stderr;

-		}

-	else if ((DES_OUT=fopen(out,"w")) == NULL)

-		{

-		perror("opening output file");

-		EXIT(5);

-		}

-#ifdef OPENSSL_SYS_MSDOS

-	/* This should set the file to binary mode. */

-	{

-#include <fcntl.h>

-	if (!(uflag && dflag))

-		setmode(fileno(DES_IN),O_BINARY);

-	if (!(uflag && eflag))

-		setmode(fileno(DES_OUT),O_BINARY);

-	}

-#endif

-	doencryption();

-	fclose(DES_IN);

-	fclose(DES_OUT);

-	EXIT(0);

-	}

-void usage(void)

-	{

-	char **u;

-	static const char *Usage[]={

-"des <options> [input-file [output-file]]",

-"options:",

-"-v         : des(1) version number",

-"-e         : encrypt using SunOS compatible user key to DES key conversion.",

-"-E         : encrypt ",

-"-d         : decrypt using SunOS compatible user key to DES key conversion.",

-"-D         : decrypt ",

-"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",

-"             DES key conversion and output to ckname (stdout default,",

-"             stderr if data being output on stdout).  The checksum is",

-"             generated before encryption and after decryption if used",

-"             in conjunction with -[eEdD].",

-"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",

-"-k key     : use key 'key'",

-"-h         : the key that is entered will be a hexadecimal number",

-"             that is used directly as the des key",

-"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",

-"             (uuname is the filename to put in the uuencode header).",

-"-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",

-"-3         : encrypt using triple DES encryption.  This uses 2 keys",

-"             generated from the input key.  If the input key is less",

-"             than 8 characters long, this is equivalent to normal",

-"             encryption.  Default is triple cbc, -b makes it triple ecb.",

-NULL

-};

-	for (u=(char **)Usage; *u; u++)

-		{

-		fputs(*u,stderr);

-		fputc('\n',stderr);

-		}

-	EXIT(1);

-	}

-void doencryption(void)

-	{

-#ifdef _LIBC

-	extern unsigned long time();

-#endif

-	register int i;

-	DES_key_schedule ks,ks2;

-	DES_cblock iv,iv2;

-	char *p;

-	int num=0,j,k,l,rem,ll,len,last,ex=0;

-	DES_cblock kk,k2;

-	FILE *O;

-	int Exit=0;

-#ifndef OPENSSL_SYS_MSDOS

-	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];

-#else

-	static unsigned char *buf=NULL,*obuf=NULL;

-	if (buf == NULL)

-		{

-		if (    (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||

-			((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))

-			{

-			fputs("Not enough memory\n",stderr);

-			Exit=10;

-			goto problems;

-			}

-		}

-#endif

-	if (hflag)

-		{

-		j=(flag3?16:8);

-		p=key;

-		for (i=0; i<j; i++)

-			{

-			k=0;

-			if ((*p <= '9') && (*p >= '0'))

-				k=(*p-'0')<<4;

-			else if ((*p <= 'f') && (*p >= 'a'))

-				k=(*p-'a'+10)<<4;

-			else if ((*p <= 'F') && (*p >= 'A'))

-				k=(*p-'A'+10)<<4;

-			else

-				{

-				fputs("Bad hex key\n",stderr);

-				Exit=9;

-				goto problems;

-				}

-			p++;

-			if ((*p <= '9') && (*p >= '0'))

-				k|=(*p-'0');

-			else if ((*p <= 'f') && (*p >= 'a'))

-				k|=(*p-'a'+10);

-			else if ((*p <= 'F') && (*p >= 'A'))

-				k|=(*p-'A'+10);

-			else

-				{

-				fputs("Bad hex key\n",stderr);

-				Exit=9;

-				goto problems;

-				}

-			p++;

-			if (i < 8)

-				kk[i]=k;

-			else

-				k2[i-8]=k;

-			}

-		DES_set_key_unchecked(&k2,&ks2);

-		OPENSSL_cleanse(k2,sizeof(k2));

-		}

-	else if (longk || flag3)

-		{

-		if (flag3)

-			{

-			DES_string_to_2keys(key,&kk,&k2);

-			DES_set_key_unchecked(&k2,&ks2);

-			OPENSSL_cleanse(k2,sizeof(k2));

-			}

-		else

-			DES_string_to_key(key,&kk);

-		}

-	else

-		for (i=0; i<KEYSIZ; i++)

-			{

-			l=0;

-			k=key[i];

-			for (j=0; j<8; j++)

-				{

-				if (k&1) l++;

-				k>>=1;

-				}

-			if (l & 1)

-				kk[i]=key[i]&0x7f;

-			else

-				kk[i]=key[i]|0x80;

-			}

-	DES_set_key_unchecked(&kk,&ks);

-	OPENSSL_cleanse(key,sizeof(key));

-	OPENSSL_cleanse(kk,sizeof(kk));

-	/* woops - A bug that does not showup under unix :-( */

-	memset(iv,0,sizeof(iv));

-	memset(iv2,0,sizeof(iv2));

-	l=1;

-	rem=0;

-	/* first read */

-	if (eflag || (!dflag && cflag))

-		{

-		for (;;)

-			{

-			num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);

-			l+=rem;

-			num+=rem;

-			if (l < 0)

-				{

-				perror("read error");

-				Exit=6;

-				goto problems;

-				}

-			rem=l%8;

-			len=l-rem;

-			if (feof(DES_IN))

-				{

-				for (i=7-rem; i>0; i--)

-					RAND_pseudo_bytes(buf + l++, 1);

-				buf[l++]=rem;

-				ex=1;

-				len+=rem;

-				}

-			else

-				l-=rem;

-			if (cflag)

-				{

-				DES_cbc_cksum(buf,&cksum,

-					(long)len,&ks,&cksum);

-				if (!eflag)

-					{

-					if (feof(DES_IN)) break;

-					else continue;

-					}

-				}

-			if (bflag && !flag3)

-				for (i=0; i<l; i+=8)

-					DES_ecb_encrypt(

-						(DES_cblock *)&(buf[i]),

-						(DES_cblock *)&(obuf[i]),

-						&ks,do_encrypt);

-			else if (flag3 && bflag)

-				for (i=0; i<l; i+=8)

-					DES_ecb2_encrypt(

-						(DES_cblock *)&(buf[i]),

-						(DES_cblock *)&(obuf[i]),

-						&ks,&ks2,do_encrypt);

-			else if (flag3 && !bflag)

-				{

-				char tmpbuf[8];

-				if (rem) memcpy(tmpbuf,&(buf[l]),

-					(unsigned int)rem);

-				DES_3cbc_encrypt(

-					(DES_cblock *)buf,(DES_cblock *)obuf,

-					(long)l,ks,ks2,&iv,

-					&iv2,do_encrypt);

-				if (rem) memcpy(&(buf[l]),tmpbuf,

-					(unsigned int)rem);

-				}

-			else

-				{

-				DES_cbc_encrypt(

-					buf,obuf,

-					(long)l,&ks,&iv,do_encrypt);

-				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);

-				}

-			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);

-			i=0;

-			while (i < l)

-				{

-				if (uflag)

-					j=uufwrite(obuf,1,(unsigned int)l-i,

-						DES_OUT);

-				else

-					j=fwrite(obuf,1,(unsigned int)l-i,

-						DES_OUT);

-				if (j == -1)

-					{

-					perror("Write error");

-					Exit=7;

-					goto problems;

-					}

-				i+=j;

-				}

-			if (feof(DES_IN))

-				{

-				if (uflag) uufwriteEnd(DES_OUT);

-				break;

-				}

-			}

-		}

-	else /* decrypt */

-		{

-		ex=1;

-		for (;;)

-			{

-			if (ex) {

-				if (uflag)

-					l=uufread(buf,1,BUFSIZE,DES_IN);

-				else

-					l=fread(buf,1,BUFSIZE,DES_IN);

-				ex=0;

-				rem=l%8;

-				l-=rem;

-				}

-			if (l < 0)

-				{

-				perror("read error");

-				Exit=6;

-				goto problems;

-				}

-			if (bflag && !flag3)

-				for (i=0; i<l; i+=8)

-					DES_ecb_encrypt(

-						(DES_cblock *)&(buf[i]),

-						(DES_cblock *)&(obuf[i]),

-						&ks,do_encrypt);

-			else if (flag3 && bflag)

-				for (i=0; i<l; i+=8)

-					DES_ecb2_encrypt(

-						(DES_cblock *)&(buf[i]),

-						(DES_cblock *)&(obuf[i]),

-						&ks,&ks2,do_encrypt);

-			else if (flag3 && !bflag)

-				{

-				DES_3cbc_encrypt(

-					(DES_cblock *)buf,(DES_cblock *)obuf,

-					(long)l,ks,ks2,&iv,

-					&iv2,do_encrypt);

-				}

-			else

-				{

-				DES_cbc_encrypt(

-					buf,obuf,

-				 	(long)l,&ks,&iv,do_encrypt);

-				if (l >= 8) memcpy(iv,&(buf[l-8]),8);

-				}

-			if (uflag)

-				ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);

-			else

-				ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);

-			ll+=rem;

-			rem=ll%8;

-			ll-=rem;

-			if (feof(DES_IN) && (ll == 0))

-				{

-				last=obuf[l-1];

-				if ((last > 7) || (last < 0))

-					{

-					fputs("The file was not decrypted correctly.\n",

-						stderr);

-					Exit=8;

-					last=0;

-					}

-				l=l-8+last;

-				}

-			i=0;

-			if (cflag) DES_cbc_cksum(obuf,

-				(DES_cblock *)cksum,(long)l/8*8,&ks,

-				(DES_cblock *)cksum);

-			while (i != l)

-				{

-				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);

-				if (j == -1)

-					{

-					perror("Write error");

-					Exit=7;

-					goto problems;

-					}

-				i+=j;

-				}

-			l=ll;

-			if ((l == 0) && feof(DES_IN)) break;

-			}

-		}

-	if (cflag)

-		{

-		l=0;

-		if (cksumname[0] != '\0')

-			{

-			if ((O=fopen(cksumname,"w")) != NULL)

-				{

-				CKSUM_OUT=O;

-				l=1;

-				}

-			}

-		for (i=0; i<8; i++)

-			fprintf(CKSUM_OUT,"%02X",cksum[i]);

-		fprintf(CKSUM_OUT,"\n");

-		if (l) fclose(CKSUM_OUT);

-		}

-problems:

-	OPENSSL_cleanse(buf,sizeof(buf));

-	OPENSSL_cleanse(obuf,sizeof(obuf));

-	OPENSSL_cleanse(&ks,sizeof(ks));

-	OPENSSL_cleanse(&ks2,sizeof(ks2));

-	OPENSSL_cleanse(iv,sizeof(iv));

-	OPENSSL_cleanse(iv2,sizeof(iv2));

-	OPENSSL_cleanse(kk,sizeof(kk));

-	OPENSSL_cleanse(k2,sizeof(k2));

-	OPENSSL_cleanse(uubuf,sizeof(uubuf));

-	OPENSSL_cleanse(b,sizeof(b));

-	OPENSSL_cleanse(bb,sizeof(bb));

-	OPENSSL_cleanse(cksum,sizeof(cksum));

-	if (Exit) EXIT(Exit);

-	}

-/*    We ignore this parameter but it should be > ~50 I believe    */

-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)

-	{

-	int i,j,left,rem,ret=num;

-	static int start=1;

-	if (start)

-		{

-		fprintf(fp,"begin 600 %s\n",

-			(uuname[0] == '\0')?"text.d":uuname);

-		start=0;

-		}

-	if (uubufnum)

-		{

-		if (uubufnum+num < 45)

-			{

-			memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);

-			uubufnum+=num;

-			return(num);

-			}

-		else

-			{

-			i=45-uubufnum;

-			memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);

-			j=uuencode((unsigned char *)uubuf,45,b);

-			fwrite(b,1,(unsigned int)j,fp);

-			uubufnum=0;

-			data+=i;

-			num-=i;

-			}

-		}

-	for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)

-		{

-		j=uuencode(&(data[i]),INUUBUFN,b);

-		fwrite(b,1,(unsigned int)j,fp);

-		}

-	rem=(num-i)%45;

-	left=(num-i-rem);

-	if (left)

-		{

-		j=uuencode(&(data[i]),left,b);

-		fwrite(b,1,(unsigned int)j,fp);

-		i+=left;

-		}

-	if (i != num)

-		{

-		memcpy(uubuf,&(data[i]),(unsigned int)rem);

-		uubufnum=rem;

-		}

-	return(ret);

-	}

-void uufwriteEnd(FILE *fp)

-	{

-	int j;

-	static const char *end=" \nend\n";

-	if (uubufnum != 0)

-		{

-		uubuf[uubufnum]='\0';

-		uubuf[uubufnum+1]='\0';

-		uubuf[uubufnum+2]='\0';

-		j=uuencode(uubuf,uubufnum,b);

-		fwrite(b,1,(unsigned int)j,fp);

-		}

-	fwrite(end,1,strlen(end),fp);

-	}

-/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */

-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)

-	{

-	int i,j,tot;

-	static int done=0;

-	static int valid=0;

-	static int start=1;

-	if (start)

-		{

-		for (;;)

-			{

-			b[0]='\0';

-			fgets((char *)b,300,fp);

-			if (b[0] == '\0')

-				{

-				fprintf(stderr,"no 'begin' found in uuencoded input\n");

-				return(-1);

-				}

-			if (strncmp((char *)b,"begin ",6) == 0) break;

-			}

-		start=0;

-		}

-	if (done) return(0);

-	tot=0;

-	if (valid)

-		{

-		memcpy(out,bb,(unsigned int)valid);

-		tot=valid;

-		valid=0;

-		}

-	for (;;)

-		{

-		b[0]='\0';

-		fgets((char *)b,300,fp);

-		if (b[0] == '\0') break;

-		i=strlen((char *)b);

-		if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))

-			{

-			done=1;

-			while (!feof(fp))

-				{

-				fgets((char *)b,300,fp);

-				}

-			break;

-			}

-		i=uudecode(b,i,bb);

-		if (i < 0) break;

-		if ((i+tot+8) > num)

-			{

-			/* num to copy to make it a multiple of 8 */

-			j=(num/8*8)-tot-8;

-			memcpy(&(out[tot]),bb,(unsigned int)j);

-			tot+=j;

-			memcpy(bb,&(bb[j]),(unsigned int)i-j);

-			valid=i-j;

-			break;

-			}

-		memcpy(&(out[tot]),bb,(unsigned int)i);

-		tot+=i;

-		}

-	return(tot);

-	}

-#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \

-			 l|=((DES_LONG)(*((c)++)))<< 8, \

-		 	 l|=((DES_LONG)(*((c)++))))

-#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \

-                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \

-                    *((c)++)=(unsigned char)(((l)    )&0xff))

-int uuencode(unsigned char *in, int num, unsigned char *out)

-	{

-	int j,i,n,tot=0;

-	DES_LONG l;

-	register unsigned char *p;

-	p=out;

-	for (j=0; j<num; j+=45)

-		{

-		if (j+45 > num)

-			i=(num-j);

-		else	i=45;

-		*(p++)=i+' ';

-		for (n=0; n<i; n+=3)

-			{

-			ccc2l(in,l);

-			*(p++)=((l>>18)&0x3f)+' ';

-			*(p++)=((l>>12)&0x3f)+' ';

-			*(p++)=((l>> 6)&0x3f)+' ';

-			*(p++)=((l    )&0x3f)+' ';

-			tot+=4;

-			}

-		*(p++)='\n';

-		tot+=2;

-		}

-	*p='\0';

-	l=0;

-	return(tot);

-	}

-int uudecode(unsigned char *in, int num, unsigned char *out)

-	{

-	int j,i,k;

-	unsigned int n=0,space=0;

-	DES_LONG l;

-	DES_LONG w,x,y,z;

-	unsigned int blank=(unsigned int)'\n'-' ';

-	for (j=0; j<num; )

-		{

-		n= *(in++)-' ';

-		if (n == blank)

-			{

-			n=0;

-			in--;

-			}

-		if (n > 60)

-			{

-			fprintf(stderr,"uuencoded line length too long\n");

-			return(-1);

-			}

-		j++;

-		for (i=0; i<n; j+=4,i+=3)

-			{

-			/* the following is for cases where spaces are

-			 * removed from lines.

-			 */

-			if (space)

-				{

-				w=x=y=z=0;

-				}

-			else

-				{

-				w= *(in++)-' ';

-				x= *(in++)-' ';

-				y= *(in++)-' ';

-				z= *(in++)-' ';

-				}

-			if ((w > 63) || (x > 63) || (y > 63) || (z > 63))

-				{

-				k=0;

-				if (w == blank) k=1;

-				if (x == blank) k=2;

-				if (y == blank) k=3;

-				if (z == blank) k=4;

-				space=1;

-				switch (k) {

-				case 1:	w=0; in--;

-				case 2: x=0; in--;

-				case 3: y=0; in--;

-				case 4: z=0; in--;

-					break;

-				case 0:

-					space=0;

-					fprintf(stderr,"bad uuencoded data values\n");

-					w=x=y=z=0;

-					return(-1);

-					break;

-					}

-				}

-			l=(w<<18)|(x<<12)|(y<< 6)|(z    );

-			l2ccc(l,out);

-			}

-		if (*(in++) != '\n')

-			{

-			fprintf(stderr,"missing nl in uuencoded line\n");

-			w=x=y=z=0;

-			return(-1);

-			}

-		j++;

-		}

-	*out='\0';

-	w=x=y=z=0;

-	return(n);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/des.h

+++ /dev/null

@@ -1,244 +1,0 @@

-/* crypto/des/des.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_NEW_DES_H

-#define HEADER_NEW_DES_H

-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES,

-				   DES_LONG (via openssl/opensslconf.h */

-#ifdef OPENSSL_NO_DES

-#error DES is disabled.

-#endif

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef unsigned char DES_cblock[8];

-typedef /* const */ unsigned char const_DES_cblock[8];

-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *

- * and const_DES_cblock * are incompatible pointer types. */

-typedef struct DES_ks

-    {

-    union

-	{

-	DES_cblock cblock;

-	/* make sure things are correct size on machines with

-	 * 8 byte longs */

-	DES_LONG deslong[2];

-	} ks[16];

-    } DES_key_schedule;

-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT

-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT

-#  define OPENSSL_ENABLE_OLD_DES_SUPPORT

-# endif

-#endif

-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT

-# include <openssl/des_old.h>

-#endif

-#define DES_KEY_SZ 	(sizeof(DES_cblock))

-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))

-#define DES_ENCRYPT	1

-#define DES_DECRYPT	0

-#define DES_CBC_MODE	0

-#define DES_PCBC_MODE	1

-#define DES_ecb2_encrypt(i,o,k1,k2,e) \

-	DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \

-	DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \

-	DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \

-	DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-OPENSSL_DECLARE_GLOBAL(int,DES_check_key);	/* defaults to false */

-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)

-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */

-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)

-const char *DES_options(void);

-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,

-		      DES_key_schedule *ks1,DES_key_schedule *ks2,

-		      DES_key_schedule *ks3, int enc);

-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,

-		       long length,DES_key_schedule *schedule,

-		       const_DES_cblock *ivec);

-/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */

-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,

-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		     int enc);

-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,

-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		      int enc);

-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,

-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);

-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,

-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		     int enc);

-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,

-		     DES_key_schedule *ks,int enc);

-/* 	This is the DES encryption function that gets called by just about

-	every other DES routine in the library.  You should not use this

-	function except to implement 'modes' of DES.  I say this because the

-	functions that call this routine do the conversion from 'char *' to

-	long, and this needs to be done to make sure 'non-aligned' memory

-	access do not occur.  The characters are loaded 'little endian'.

-	Data is a pointer to 2 unsigned long's and ks is the

-	DES_key_schedule to use.  enc, is non zero specifies encryption,

-	zero if decryption. */

-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);

-/* 	This functions is the same as DES_encrypt1() except that the DES

-	initial permutation (IP) and final permutation (FP) have been left

-	out.  As for DES_encrypt1(), you should not use this function.

-	It is used by the routines in the library that implement triple DES.

-	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same

-	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */

-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);

-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,

-		  DES_key_schedule *ks2, DES_key_schedule *ks3);

-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,

-		  DES_key_schedule *ks2, DES_key_schedule *ks3);

-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output,

-			  long length,

-			  DES_key_schedule *ks1,DES_key_schedule *ks2,

-			  DES_key_schedule *ks3,DES_cblock *ivec,int enc);

-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,

-			   long length,

-			   DES_key_schedule *ks1,DES_key_schedule *ks2,

-			   DES_key_schedule *ks3,

-			   DES_cblock *ivec1,DES_cblock *ivec2,

-			   int enc);

-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,

-			    long length,DES_key_schedule *ks1,

-			    DES_key_schedule *ks2,DES_key_schedule *ks3,

-			    DES_cblock *ivec,int *num,int enc);

-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,

-			  int numbits,long length,DES_key_schedule *ks1,

-			  DES_key_schedule *ks2,DES_key_schedule *ks3,

-			  DES_cblock *ivec,int enc);

-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,

-			    long length,DES_key_schedule *ks1,

-			    DES_key_schedule *ks2,DES_key_schedule *ks3,

-			    DES_cblock *ivec,int *num);

-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,

-		       DES_cblock *out_white);

-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,

-		 DES_cblock *iv);

-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,

-		  DES_cblock *iv);

-char *DES_fcrypt(const char *buf,const char *salt, char *ret);

-char *DES_crypt(const char *buf,const char *salt);

-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,

-		     long length,DES_key_schedule *schedule,DES_cblock *ivec);

-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,

-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,

-		      int enc);

-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],

-			long length,int out_count,DES_cblock *seed);

-int DES_random_key(DES_cblock *ret);

-void DES_set_odd_parity(DES_cblock *key);

-int DES_check_key_parity(const_DES_cblock *key);

-int DES_is_weak_key(const_DES_cblock *key);

-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls

- * DES_set_key_checked if global variable DES_check_key is set,

- * DES_set_key_unchecked otherwise. */

-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);

-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);

-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);

-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);

-void DES_string_to_key(const char *str,DES_cblock *key);

-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);

-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,

-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,

-		       int enc);

-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,

-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);

-int DES_read_password(DES_cblock *key, const char *prompt, int verify);

-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,

-	int verify);

-#define DES_fixup_key_parity DES_set_odd_parity

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/des/des.pod

+++ /dev/null

@@ -1,217 +1,0 @@

-=pod

-=head1 NAME

-des - encrypt or decrypt data using Data Encryption Standard

-=head1 SYNOPSIS

-B<des>

-(

-B<-e>

-|

-B<-E>

-) | (

-B<-d>

-|

-B<-D>

-) | (

-B<->[B<cC>][B<ckname>]

-) |

-[

-B<-b3hfs>

-] [

-B<-k>

-I<key>

-]

-] [

-B<-u>[I<uuname>]

-[

-I<input-file>

-[

-I<output-file>

-] ]

-=head1 NOTE

-This page describes the B<des> stand-alone program, not the B<openssl des>

-command.

-=head1 DESCRIPTION

-B<des>

-encrypts and decrypts data using the

-Data Encryption Standard algorithm.

-One of

-B<-e>, B<-E>

-(for encrypt) or

-B<-d>, B<-D>

-(for decrypt) must be specified.

-It is also possible to use

-B<-c>

-or

-B<-C>

-in conjunction or instead of the a encrypt/decrypt option to generate

-a 16 character hexadecimal checksum, generated via the

-I<des_cbc_cksum>.

-Two standard encryption modes are supported by the

-B<des>

-program, Cipher Block Chaining (the default) and Electronic Code Book

-(specified with

-B<-b>).

-The key used for the DES

-algorithm is obtained by prompting the user unless the

-B<-k>

-I<key>

-option is given.

-If the key is an argument to the

-B<des>

-command, it is potentially visible to users executing

-ps(1)

-or a derivative.  To minimise this possibility,

-B<des>

-takes care to destroy the key argument immediately upon entry.

-If your shell keeps a history file be careful to make sure it is not

-world readable.

-Since this program attempts to maintain compatibility with sunOS's

-des(1) command, there are 2 different methods used to convert the user

-supplied key to a des key.

-Whenever and one or more of

-B<-E>, B<-D>, B<-C>

-or

-B<-3>

-options are used, the key conversion procedure will not be compatible

-with the sunOS des(1) version but will use all the user supplied

-character to generate the des key.

-B<des>

-command reads from standard input unless

-I<input-file>

-is specified and writes to standard output unless

-I<output-file>

-is given.

-=head1 OPTIONS

-=over 4

-=item B<-b>

-Select ECB

-(eight bytes at a time) encryption mode.

-=item B<-3>

-Encrypt using triple encryption.

-By default triple cbc encryption is used but if the

-B<-b>

-option is used then triple ECB encryption is performed.

-If the key is less than 8 characters long, the flag has no effect.

-=item B<-e>

-Encrypt data using an 8 byte key in a manner compatible with sunOS

-des(1).

-=item B<-E>

-Encrypt data using a key of nearly unlimited length (1024 bytes).

-This will product a more secure encryption.

-=item B<-d>

-Decrypt data that was encrypted with the B<-e> option.

-=item B<-D>

-Decrypt data that was encrypted with the B<-E> option.

-=item B<-c>

-Generate a 16 character hexadecimal cbc checksum and output this to

-stderr.

-If a filename was specified after the

-B<-c>

-option, the checksum is output to that file.

-The checksum is generated using a key generated in a sunOS compatible

-manner.

-=item B<-C>

-A cbc checksum is generated in the same manner as described for the

-B<-c>

-option but the DES key is generated in the same manner as used for the

-B<-E>

-and

-B<-D>

-options

-=item B<-f>

-Does nothing - allowed for compatibility with sunOS des(1) command.

-=item B<-s>

-Does nothing - allowed for compatibility with sunOS des(1) command.

-=item B<-k> I<key>

-Use the encryption

-I<key>

-specified.

-=item B<-h>

-The

-I<key>

-is assumed to be a 16 character hexadecimal number.

-If the

-B<-3>

-option is used the key is assumed to be a 32 character hexadecimal

-number.

-=item B<-u>

-This flag is used to read and write uuencoded files.  If decrypting,

-the input file is assumed to contain uuencoded, DES encrypted data.

-If encrypting, the characters following the B<-u> are used as the name of

-the uuencoded file to embed in the begin line of the uuencoded

-output.  If there is no name specified after the B<-u>, the name text.des

-will be embedded in the header.

-=head1 SEE ALSO

-ps(1),

-L<des_crypt(3)|des_crypt(3)>

-=head1 BUGS

-The problem with using the

-B<-e>

-option is the short key length.

-It would be better to use a real 56-bit key rather than an

-ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII

-radically reduces the time necessary for a brute-force cryptographic attack.

-My attempt to remove this problem is to add an alternative text-key to

-DES-key function.  This alternative function (accessed via

-B<-E>, B<-D>, B<-S>

-and

-B<-3>)

-uses DES to help generate the key.

-Be carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will

-not decrypt filename (the B<-u> option will gobble the B<-d> option).

-The VMS operating system operates in a world where files are always a

-multiple of 512 bytes.  This causes problems when encrypted data is

-send from Unix to VMS since a 88 byte file will suddenly be padded

-with 424 null bytes.  To get around this problem, use the B<-u> option

-to uuencode the data before it is send to the VMS system.

-=head1 AUTHOR

-Eric Young ([email protected])

-=cut

--- a/sys/src/ape/lib/openssl/crypto/des/des3s.cpp

+++ /dev/null

@@ -1,67 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/des.h>

-void main(int argc,char *argv[])

-	{

-	des_key_schedule key1,key2,key3;

-	unsigned long s1,s2,e1,e2;

-	unsigned long data[2];

-	int i,j;

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<1000; i++) /**/

-			{

-			des_encrypt3(&data[0],key1,key2,key3);

-			GetTSC(s1);

-			des_encrypt3(&data[0],key1,key2,key3);

-			des_encrypt3(&data[0],key1,key2,key3);

-			des_encrypt3(&data[0],key1,key2,key3);

-			GetTSC(e1);

-			GetTSC(s2);

-			des_encrypt3(&data[0],key1,key2,key3);

-			des_encrypt3(&data[0],key1,key2,key3);

-			des_encrypt3(&data[0],key1,key2,key3);

-			des_encrypt3(&data[0],key1,key2,key3);

-			GetTSC(e2);

-			des_encrypt3(&data[0],key1,key2,key3);

-			}

-		printf("des %d %d (%d)\n",

-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/des_enc.c

+++ /dev/null

@@ -1,407 +1,0 @@

-/* crypto/des/des_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)

-	{

-	register DES_LONG l,r,t,u;

-#ifdef DES_PTR

-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;

-#endif

-#ifndef DES_UNROLL

-	register int i;

-#endif

-	register DES_LONG *s;

-	r=data[0];

-	l=data[1];

-	IP(r,l);

-	/* Things have been modified so that the initial rotate is

-	 * done outside the loop.  This required the

-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.

-	 * One perl script later and things have a 5% speed up on a sparc2.

-	 * Thanks to Richard Outerbridge <[email protected]>

-	 * for pointing this out. */

-	/* clear the top bits on machines with 8byte longs */

-	/* shift left by 2 */

-	r=ROTATE(r,29)&0xffffffffL;

-	l=ROTATE(l,29)&0xffffffffL;

-	s=ks->ks->deslong;

-	/* I don't know if it is worth the effort of loop unrolling the

-	 * inner loop */

-	if (enc)

-		{

-#ifdef DES_UNROLL

-		D_ENCRYPT(l,r, 0); /*  1 */

-		D_ENCRYPT(r,l, 2); /*  2 */

-		D_ENCRYPT(l,r, 4); /*  3 */

-		D_ENCRYPT(r,l, 6); /*  4 */

-		D_ENCRYPT(l,r, 8); /*  5 */

-		D_ENCRYPT(r,l,10); /*  6 */

-		D_ENCRYPT(l,r,12); /*  7 */

-		D_ENCRYPT(r,l,14); /*  8 */

-		D_ENCRYPT(l,r,16); /*  9 */

-		D_ENCRYPT(r,l,18); /*  10 */

-		D_ENCRYPT(l,r,20); /*  11 */

-		D_ENCRYPT(r,l,22); /*  12 */

-		D_ENCRYPT(l,r,24); /*  13 */

-		D_ENCRYPT(r,l,26); /*  14 */

-		D_ENCRYPT(l,r,28); /*  15 */

-		D_ENCRYPT(r,l,30); /*  16 */

-#else

-		for (i=0; i<32; i+=8)

-			{

-			D_ENCRYPT(l,r,i+0); /*  1 */

-			D_ENCRYPT(r,l,i+2); /*  2 */

-			D_ENCRYPT(l,r,i+4); /*  3 */

-			D_ENCRYPT(r,l,i+6); /*  4 */

-			}

-#endif

-		}

-	else

-		{

-#ifdef DES_UNROLL

-		D_ENCRYPT(l,r,30); /* 16 */

-		D_ENCRYPT(r,l,28); /* 15 */

-		D_ENCRYPT(l,r,26); /* 14 */

-		D_ENCRYPT(r,l,24); /* 13 */

-		D_ENCRYPT(l,r,22); /* 12 */

-		D_ENCRYPT(r,l,20); /* 11 */

-		D_ENCRYPT(l,r,18); /* 10 */

-		D_ENCRYPT(r,l,16); /*  9 */

-		D_ENCRYPT(l,r,14); /*  8 */

-		D_ENCRYPT(r,l,12); /*  7 */

-		D_ENCRYPT(l,r,10); /*  6 */

-		D_ENCRYPT(r,l, 8); /*  5 */

-		D_ENCRYPT(l,r, 6); /*  4 */

-		D_ENCRYPT(r,l, 4); /*  3 */

-		D_ENCRYPT(l,r, 2); /*  2 */

-		D_ENCRYPT(r,l, 0); /*  1 */

-#else

-		for (i=30; i>0; i-=8)

-			{

-			D_ENCRYPT(l,r,i-0); /* 16 */

-			D_ENCRYPT(r,l,i-2); /* 15 */

-			D_ENCRYPT(l,r,i-4); /* 14 */

-			D_ENCRYPT(r,l,i-6); /* 13 */

-			}

-#endif

-		}

-	/* rotate and clear the top bits on machines with 8byte longs */

-	l=ROTATE(l,3)&0xffffffffL;

-	r=ROTATE(r,3)&0xffffffffL;

-	FP(r,l);

-	data[0]=l;

-	data[1]=r;

-	l=r=t=u=0;

-	}

-void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)

-	{

-	register DES_LONG l,r,t,u;

-#ifdef DES_PTR

-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;

-#endif

-#ifndef DES_UNROLL

-	register int i;

-#endif

-	register DES_LONG *s;

-	r=data[0];

-	l=data[1];

-	/* Things have been modified so that the initial rotate is

-	 * done outside the loop.  This required the

-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.

-	 * One perl script later and things have a 5% speed up on a sparc2.

-	 * Thanks to Richard Outerbridge <[email protected]>

-	 * for pointing this out. */

-	/* clear the top bits on machines with 8byte longs */

-	r=ROTATE(r,29)&0xffffffffL;

-	l=ROTATE(l,29)&0xffffffffL;

-	s=ks->ks->deslong;

-	/* I don't know if it is worth the effort of loop unrolling the

-	 * inner loop */

-	if (enc)

-		{

-#ifdef DES_UNROLL

-		D_ENCRYPT(l,r, 0); /*  1 */

-		D_ENCRYPT(r,l, 2); /*  2 */

-		D_ENCRYPT(l,r, 4); /*  3 */

-		D_ENCRYPT(r,l, 6); /*  4 */

-		D_ENCRYPT(l,r, 8); /*  5 */

-		D_ENCRYPT(r,l,10); /*  6 */

-		D_ENCRYPT(l,r,12); /*  7 */

-		D_ENCRYPT(r,l,14); /*  8 */

-		D_ENCRYPT(l,r,16); /*  9 */

-		D_ENCRYPT(r,l,18); /*  10 */

-		D_ENCRYPT(l,r,20); /*  11 */

-		D_ENCRYPT(r,l,22); /*  12 */

-		D_ENCRYPT(l,r,24); /*  13 */

-		D_ENCRYPT(r,l,26); /*  14 */

-		D_ENCRYPT(l,r,28); /*  15 */

-		D_ENCRYPT(r,l,30); /*  16 */

-#else

-		for (i=0; i<32; i+=8)

-			{

-			D_ENCRYPT(l,r,i+0); /*  1 */

-			D_ENCRYPT(r,l,i+2); /*  2 */

-			D_ENCRYPT(l,r,i+4); /*  3 */

-			D_ENCRYPT(r,l,i+6); /*  4 */

-			}

-#endif

-		}

-	else

-		{

-#ifdef DES_UNROLL

-		D_ENCRYPT(l,r,30); /* 16 */

-		D_ENCRYPT(r,l,28); /* 15 */

-		D_ENCRYPT(l,r,26); /* 14 */

-		D_ENCRYPT(r,l,24); /* 13 */

-		D_ENCRYPT(l,r,22); /* 12 */

-		D_ENCRYPT(r,l,20); /* 11 */

-		D_ENCRYPT(l,r,18); /* 10 */

-		D_ENCRYPT(r,l,16); /*  9 */

-		D_ENCRYPT(l,r,14); /*  8 */

-		D_ENCRYPT(r,l,12); /*  7 */

-		D_ENCRYPT(l,r,10); /*  6 */

-		D_ENCRYPT(r,l, 8); /*  5 */

-		D_ENCRYPT(l,r, 6); /*  4 */

-		D_ENCRYPT(r,l, 4); /*  3 */

-		D_ENCRYPT(l,r, 2); /*  2 */

-		D_ENCRYPT(r,l, 0); /*  1 */

-#else

-		for (i=30; i>0; i-=8)

-			{

-			D_ENCRYPT(l,r,i-0); /* 16 */

-			D_ENCRYPT(r,l,i-2); /* 15 */

-			D_ENCRYPT(l,r,i-4); /* 14 */

-			D_ENCRYPT(r,l,i-6); /* 13 */

-			}

-#endif

-		}

-	/* rotate and clear the top bits on machines with 8byte longs */

-	data[0]=ROTATE(l,3)&0xffffffffL;

-	data[1]=ROTATE(r,3)&0xffffffffL;

-	l=r=t=u=0;

-	}

-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,

-		  DES_key_schedule *ks2, DES_key_schedule *ks3)

-	{

-	register DES_LONG l,r;

-	l=data[0];

-	r=data[1];

-	IP(l,r);

-	data[0]=l;

-	data[1]=r;

-	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);

-	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);

-	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);

-	l=data[0];

-	r=data[1];

-	FP(r,l);

-	data[0]=l;

-	data[1]=r;

-	}

-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,

-		  DES_key_schedule *ks2, DES_key_schedule *ks3)

-	{

-	register DES_LONG l,r;

-	l=data[0];

-	r=data[1];

-	IP(l,r);

-	data[0]=l;

-	data[1]=r;

-	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);

-	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);

-	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);

-	l=data[0];

-	r=data[1];

-	FP(r,l);

-	data[0]=l;

-	data[1]=r;

-	}

-#ifndef DES_DEFAULT_OPTIONS

-#undef CBC_ENC_C__DONT_UPDATE_IV

-#include "ncbc_enc.c" /* DES_ncbc_encrypt */

-void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,

-			  long length, DES_key_schedule *ks1,

-			  DES_key_schedule *ks2, DES_key_schedule *ks3,

-			  DES_cblock *ivec, int enc)

-	{

-	register DES_LONG tin0,tin1;

-	register DES_LONG tout0,tout1,xor0,xor1;

-	register const unsigned char *in;

-	unsigned char *out;

-	register long l=length;

-	DES_LONG tin[2];

-	unsigned char *iv;

-	in=input;

-	out=output;

-	iv = &(*ivec)[0];

-	if (enc)

-		{

-		c2l(iv,tout0);

-		c2l(iv,tout1);

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2c(tout0,out);

-			l2c(tout1,out);

-			}

-		if (l != -8)

-			{

-			c2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);

-			tout0=tin[0];

-			tout1=tin[1];

-			l2c(tout0,out);

-			l2c(tout1,out);

-			}

-		iv = &(*ivec)[0];

-		l2c(tout0,iv);

-		l2c(tout1,iv);

-		}

-	else

-		{

-		register DES_LONG t0,t1;

-		c2l(iv,xor0);

-		c2l(iv,xor1);

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			t0=tin0;

-			t1=tin1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);

-			tout0=tin[0];

-			tout1=tin[1];

-			tout0^=xor0;

-			tout1^=xor1;

-			l2c(tout0,out);

-			l2c(tout1,out);

-			xor0=t0;

-			xor1=t1;

-			}

-		if (l != -8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			t0=tin0;

-			t1=tin1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);

-			tout0=tin[0];

-			tout1=tin[1];

-			tout0^=xor0;

-			tout1^=xor1;

-			l2cn(tout0,tout1,out,l+8);

-			xor0=t0;

-			xor1=t1;

-			}

-		iv = &(*ivec)[0];

-		l2c(xor0,iv);

-		l2c(xor1,iv);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

-#endif /* DES_DEFAULT_OPTIONS */

--- a/sys/src/ape/lib/openssl/crypto/des/des_locl.h

+++ /dev/null

@@ -1,428 +1,0 @@

-/* crypto/des/des_locl.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_DES_LOCL_H

-#define HEADER_DES_LOCL_H

-#include <openssl/e_os2.h>

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)

-#ifndef OPENSSL_SYS_MSDOS

-#define OPENSSL_SYS_MSDOS

-#endif

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#ifndef OPENSSL_SYS_MSDOS

-#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)

-#ifdef OPENSSL_UNISTD

-# include OPENSSL_UNISTD

-#else

-# include <unistd.h>

-#endif

-#include <math.h>

-#endif

-#endif

-#include <openssl/des.h>

-#ifdef OPENSSL_SYS_MSDOS		/* Visual C++ 2.1 (Windows NT/95) */

-#include <stdlib.h>

-#include <errno.h>

-#include <time.h>

-#include <io.h>

-#endif

-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)

-#include <string.h>

-#endif

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#define ITERATIONS 16

-#define HALF_ITERATIONS 8

-/* used in des_read and des_write */

-#define MAXWRITE	(1024*16)

-#define BSIZE		(MAXWRITE+4)

-#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \

-			 l|=((DES_LONG)(*((c)++)))<< 8L, \

-			 l|=((DES_LONG)(*((c)++)))<<16L, \

-			 l|=((DES_LONG)(*((c)++)))<<24L)

-/* NOTE - c is not incremented as per c2l */

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \

-			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \

-			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \

-			case 5: l2|=((DES_LONG)(*(--(c))));     \

-			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \

-			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \

-			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \

-			case 1: l1|=((DES_LONG)(*(--(c))));     \

-				} \

-			}

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

-/* replacements for htonl and ntohl since I have no idea what to do

- * when faced with machines with 8 byte longs. */

-#define HDRSIZE 4

-#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \

-			 l|=((DES_LONG)(*((c)++)))<<16L, \

-			 l|=((DES_LONG)(*((c)++)))<< 8L, \

-			 l|=((DES_LONG)(*((c)++))))

-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)     )&0xff))

-/* NOTE - c is not incremented as per l2c */

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \

-				} \

-			}

-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)

-#define	ROTATE(a,n)	(_lrotr(a,n))

-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)

-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)

-#  define ROTATE(a,n)	({ register unsigned int ret;	\

-				asm ("rorl %1,%0"	\

-					: "=r"(ret)	\

-					: "I"(n),"0"(a)	\

-					: "cc");	\

-			   ret;				\

-			})

-# endif

-#endif

-#ifndef ROTATE

-#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))

-#endif

-/* Don't worry about the LOAD_DATA() stuff, that is used by

- * fcrypt() to add it's little bit to the front */

-#ifdef DES_FCRYPT

-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \

-	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }

-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \

-	t=R^(R>>16L); \

-	u=t&E0; t&=E1; \

-	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \

-	tmp=(t<<16); t^=R^s[S+1]; t^=tmp

-#else

-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)

-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \

-	u=R^s[S  ]; \

-	t=R^s[S+1]

-#endif

-/* The changes to this macro may help or hinder, depending on the

- * compiler and the architecture.  gcc2 always seems to do well :-).

- * Inspired by Dana How <[email protected]>

- * DO NOT use the alternative version on machines with 8 byte longs.

- * It does not seem to work on the Alpha, even when DES_LONG is 4

- * bytes, probably an issue of accessing non-word aligned objects :-( */

-#ifdef DES_PTR

-/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there

- * is no reason to not xor all the sub items together.  This potentially

- * saves a register since things can be xored directly into L */

-#if defined(DES_RISC1) || defined(DES_RISC2)

-#ifdef DES_RISC1

-#define D_ENCRYPT(LL,R,S) { \

-	unsigned int u1,u2,u3; \

-	LOAD_DATA(R,S,u,t,E0,E1,u1); \

-	u2=(int)u>>8L; \

-	u1=(int)u&0xfc; \

-	u2&=0xfc; \

-	t=ROTATE(t,4); \

-	u>>=16L; \

-	LL^= *(const DES_LONG *)(des_SP      +u1); \

-	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \

-	u3=(int)(u>>8L); \

-	u1=(int)u&0xfc; \

-	u3&=0xfc; \

-	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \

-	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \

-	u2=(int)t>>8L; \

-	u1=(int)t&0xfc; \

-	u2&=0xfc; \

-	t>>=16L; \

-	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \

-	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \

-	u3=(int)t>>8L; \

-	u1=(int)t&0xfc; \

-	u3&=0xfc; \

-	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \

-	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }

-#endif

-#ifdef DES_RISC2

-#define D_ENCRYPT(LL,R,S) { \

-	unsigned int u1,u2,s1,s2; \

-	LOAD_DATA(R,S,u,t,E0,E1,u1); \

-	u2=(int)u>>8L; \

-	u1=(int)u&0xfc; \

-	u2&=0xfc; \

-	t=ROTATE(t,4); \

-	LL^= *(const DES_LONG *)(des_SP      +u1); \

-	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \

-	s1=(int)(u>>16L); \

-	s2=(int)(u>>24L); \

-	s1&=0xfc; \

-	s2&=0xfc; \

-	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \

-	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \

-	u2=(int)t>>8L; \

-	u1=(int)t&0xfc; \

-	u2&=0xfc; \

-	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \

-	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \

-	s1=(int)(t>>16L); \

-	s2=(int)(t>>24L); \

-	s1&=0xfc; \

-	s2&=0xfc; \

-	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \

-	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }

-#endif

-#else

-#define D_ENCRYPT(LL,R,S) { \

-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \

-	t=ROTATE(t,4); \

-	LL^= \

-	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \

-	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }

-#endif

-#else /* original version */

-#if defined(DES_RISC1) || defined(DES_RISC2)

-#ifdef DES_RISC1

-#define D_ENCRYPT(LL,R,S) {\

-	unsigned int u1,u2,u3; \

-	LOAD_DATA(R,S,u,t,E0,E1,u1); \

-	u>>=2L; \

-	t=ROTATE(t,6); \

-	u2=(int)u>>8L; \

-	u1=(int)u&0x3f; \

-	u2&=0x3f; \

-	u>>=16L; \

-	LL^=DES_SPtrans[0][u1]; \

-	LL^=DES_SPtrans[2][u2]; \

-	u3=(int)u>>8L; \

-	u1=(int)u&0x3f; \

-	u3&=0x3f; \

-	LL^=DES_SPtrans[4][u1]; \

-	LL^=DES_SPtrans[6][u3]; \

-	u2=(int)t>>8L; \

-	u1=(int)t&0x3f; \

-	u2&=0x3f; \

-	t>>=16L; \

-	LL^=DES_SPtrans[1][u1]; \

-	LL^=DES_SPtrans[3][u2]; \

-	u3=(int)t>>8L; \

-	u1=(int)t&0x3f; \

-	u3&=0x3f; \

-	LL^=DES_SPtrans[5][u1]; \

-	LL^=DES_SPtrans[7][u3]; }

-#endif

-#ifdef DES_RISC2

-#define D_ENCRYPT(LL,R,S) {\

-	unsigned int u1,u2,s1,s2; \

-	LOAD_DATA(R,S,u,t,E0,E1,u1); \

-	u>>=2L; \

-	t=ROTATE(t,6); \

-	u2=(int)u>>8L; \

-	u1=(int)u&0x3f; \

-	u2&=0x3f; \

-	LL^=DES_SPtrans[0][u1]; \

-	LL^=DES_SPtrans[2][u2]; \

-	s1=(int)u>>16L; \

-	s2=(int)u>>24L; \

-	s1&=0x3f; \

-	s2&=0x3f; \

-	LL^=DES_SPtrans[4][s1]; \

-	LL^=DES_SPtrans[6][s2]; \

-	u2=(int)t>>8L; \

-	u1=(int)t&0x3f; \

-	u2&=0x3f; \

-	LL^=DES_SPtrans[1][u1]; \

-	LL^=DES_SPtrans[3][u2]; \

-	s1=(int)t>>16; \

-	s2=(int)t>>24L; \

-	s1&=0x3f; \

-	s2&=0x3f; \

-	LL^=DES_SPtrans[5][s1]; \

-	LL^=DES_SPtrans[7][s2]; }

-#endif

-#else

-#define D_ENCRYPT(LL,R,S) {\

-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \

-	t=ROTATE(t,4); \

-	LL^=\

-		DES_SPtrans[0][(u>> 2L)&0x3f]^ \

-		DES_SPtrans[2][(u>>10L)&0x3f]^ \

-		DES_SPtrans[4][(u>>18L)&0x3f]^ \

-		DES_SPtrans[6][(u>>26L)&0x3f]^ \

-		DES_SPtrans[1][(t>> 2L)&0x3f]^ \

-		DES_SPtrans[3][(t>>10L)&0x3f]^ \

-		DES_SPtrans[5][(t>>18L)&0x3f]^ \

-		DES_SPtrans[7][(t>>26L)&0x3f]; }

-#endif

-#endif

-	/* IP and FP

-	 * The problem is more of a geometric problem that random bit fiddling.

-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6

-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4

-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2

-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0

-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7

-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5

-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3

-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1

-	The output has been subject to swaps of the form

-	0 1 -> 3 1 but the odd and even bits have been put into

-	2 3    2 0

-	different words.  The main trick is to remember that

-	t=((l>>size)^r)&(mask);

-	r^=t;

-	l^=(t<<size);

-	can be used to swap and move bits between words.

-	So l =  0  1  2  3  r = 16 17 18 19

-	        4  5  6  7      20 21 22 23

-	        8  9 10 11      24 25 26 27

-	       12 13 14 15      28 29 30 31

-	becomes (for size == 2 and mask == 0x3333)

-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19

-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23

-		10^24 11^25 -- --        8  9 24 25      10 11 24 25

-		14^28 15^29 -- --       12 13 28 29      14 15 28 29

-	Thanks for hints from Richard Outerbridge - he told me IP&FP

-	could be done in 15 xor, 10 shifts and 5 ands.

-	When I finally started to think of the problem in 2D

-	I first got ~42 operations without xors.  When I remembered

-	how to use xors :-) I got it to its final state.

-	*/

-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\

-	(b)^=(t),\

-	(a)^=((t)<<(n)))

-#define IP(l,r) \

-	{ \

-	register DES_LONG tt; \

-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \

-	PERM_OP(l,r,tt,16,0x0000ffffL); \

-	PERM_OP(r,l,tt, 2,0x33333333L); \

-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \

-	PERM_OP(r,l,tt, 1,0x55555555L); \

-	}

-#define FP(l,r) \

-	{ \

-	register DES_LONG tt; \

-	PERM_OP(l,r,tt, 1,0x55555555L); \

-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \

-	PERM_OP(l,r,tt, 2,0x33333333L); \

-	PERM_OP(r,l,tt,16,0x0000ffffL); \

-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \

-	}

-extern const DES_LONG DES_SPtrans[8][64];

-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,

-		 DES_LONG Eswap0, DES_LONG Eswap1);

-#endif

--- a/sys/src/ape/lib/openssl/crypto/des/des_old.c

+++ /dev/null

@@ -1,271 +1,0 @@

-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */

-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- *

- * The function names in here are deprecated and are only present to

- * provide an interface compatible with libdes.  OpenSSL now provides

- * functions where "des_" has been replaced with "DES_" in the names,

- * to make it possible to make incompatible changes that are needed

- * for C type security and other stuff.

- *

- * Please consider starting to use the DES_ functions rather than the

- * des_ ones.  The des_ functions will dissapear completely before

- * OpenSSL 1.0!

- *

- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#define OPENSSL_DES_LIBDES_COMPATIBILITY

-#include <openssl/des.h>

-#include <openssl/rand.h>

-const char *_ossl_old_des_options(void)

-	{

-	return DES_options();

-	}

-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	des_key_schedule ks1,des_key_schedule ks2,

-	des_key_schedule ks3, int enc)

-	{

-	DES_ecb3_encrypt((const_DES_cblock *)input, output,

-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,

-		(DES_key_schedule *)ks3, enc);

-	}

-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)

-	{

-	return DES_cbc_cksum((unsigned char *)input, output, length,

-		(DES_key_schedule *)schedule, ivec);

-	}

-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)

-	{

-	DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,

-		length, (DES_key_schedule *)schedule, ivec, enc);

-	}

-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)

-	{

-	DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,

-		length, (DES_key_schedule *)schedule, ivec, enc);

-	}

-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,

-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)

-	{

-	DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,

-		length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);

-	}

-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,

-	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)

-	{

-	DES_cfb_encrypt(in, out, numbits, length,

-		(DES_key_schedule *)schedule, ivec, enc);

-	}

-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	des_key_schedule ks,int enc)

-	{

-	DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);

-	}

-void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)

-	{

-	DES_encrypt1(data, (DES_key_schedule *)ks, enc);

-	}

-void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)

-	{

-	DES_encrypt2(data, (DES_key_schedule *)ks, enc);

-	}

-void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,

-	des_key_schedule ks2, des_key_schedule ks3)

-	{

-	DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,

-		(DES_key_schedule *)ks3);

-	}

-void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,

-	des_key_schedule ks2, des_key_schedule ks3)

-	{

-	DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,

-		(DES_key_schedule *)ks3);

-	}

-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output,

-	long length, des_key_schedule ks1, des_key_schedule ks2,

-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)

-	{

-	DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,

-		length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,

-		(DES_key_schedule *)ks3, ivec, enc);

-	}

-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,

-	long length, des_key_schedule ks1, des_key_schedule ks2,

-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)

-	{

-	DES_ede3_cfb64_encrypt(in, out, length,

-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,

-		(DES_key_schedule *)ks3, ivec, num, enc);

-	}

-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,

-	long length, des_key_schedule ks1, des_key_schedule ks2,

-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)

-	{

-	DES_ede3_ofb64_encrypt(in, out, length,

-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,

-		(DES_key_schedule *)ks3, ivec, num);

-	}

-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),

-	_ossl_old_des_cblock (*out_white))

-	{

-	DES_xwhite_in2out(des_key, in_white, out_white);

-	}

-int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,

-	_ossl_old_des_cblock *iv)

-	{

-	return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);

-	}

-int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,

-	_ossl_old_des_cblock *iv)

-	{

-	return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);

-	}

-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)

-	{

-	return DES_fcrypt(buf, salt, ret);

-	}

-char *_ossl_old_des_crypt(const char *buf,const char *salt)

-	{

-	return DES_crypt(buf, salt);

-	}

-char *_ossl_old_crypt(const char *buf,const char *salt)

-	{

-	return DES_crypt(buf, salt);

-	}

-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,

-	int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)

-	{

-	DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,

-		ivec);

-	}

-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)

-	{

-	DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,

-		length, (DES_key_schedule *)schedule, ivec, enc);

-	}

-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	long length,int out_count,_ossl_old_des_cblock *seed)

-	{

-	return DES_quad_cksum((unsigned char *)input, output, length,

-		out_count, seed);

-	}

-void _ossl_old_des_random_seed(_ossl_old_des_cblock key)

-	{

-	RAND_seed(key, sizeof(_ossl_old_des_cblock));

-	}

-void _ossl_old_des_random_key(_ossl_old_des_cblock ret)

-	{

-	DES_random_key((DES_cblock *)ret);

-	}

-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,

-				int verify)

-	{

-	return DES_read_password(key, prompt, verify);

-	}

-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,

-	const char *prompt, int verify)

-	{

-	return DES_read_2passwords(key1, key2, prompt, verify);

-	}

-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)

-	{

-	DES_set_odd_parity(key);

-	}

-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)

-	{

-	return DES_is_weak_key(key);

-	}

-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)

-	{

-	return DES_set_key(key, (DES_key_schedule *)schedule);

-	}

-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)

-	{

-	return DES_key_sched(key, (DES_key_schedule *)schedule);

-	}

-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)

-	{

-	DES_string_to_key(str, key);

-	}

-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)

-	{

-	DES_string_to_2keys(str, key1, key2);

-	}

-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)

-	{

-	DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,

-		ivec, num, enc);

-	}

-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)

-	{

-	DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,

-		ivec, num);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/des_old.h

+++ /dev/null

@@ -1,445 +1,0 @@

-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */

-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- *

- * The function names in here are deprecated and are only present to

- * provide an interface compatible with openssl 0.9.6 and older as

- * well as libdes.  OpenSSL now provides functions where "des_" has

- * been replaced with "DES_" in the names, to make it possible to

- * make incompatible changes that are needed for C type security and

- * other stuff.

- *

- * This include files has two compatibility modes:

- *

- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API

- *     that is compatible with libdes and SSLeay.

- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an

- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.

- *

- * Note that these modes break earlier snapshots of OpenSSL, where

- * libdes compatibility was the only available mode or (later on) the

- * prefered compatibility mode.  However, after much consideration

- * (and more or less violent discussions with external parties), it

- * was concluded that OpenSSL should be compatible with earlier versions

- * of itself before anything else.  Also, in all honesty, libdes is

- * an old beast that shouldn't really be used any more.

- *

- * Please consider starting to use the DES_ functions rather than the

- * des_ ones.  The des_ functions will disappear completely before

- * OpenSSL 1.0!

- *

- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_DES_H

-#define HEADER_DES_H

-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */

-#ifdef OPENSSL_NO_DES

-#error DES is disabled.

-#endif

-#ifndef HEADER_NEW_DES_H

-#error You must include des.h, not des_old.h directly.

-#endif

-#ifdef _KERBEROS_DES_H

-#error <openssl/des_old.h> replaces <kerberos/des.h>.

-#endif

-#include <openssl/symhacks.h>

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef _

-#undef _

-#endif

-typedef unsigned char _ossl_old_des_cblock[8];

-typedef struct _ossl_old_des_ks_struct

-	{

-	union	{

-		_ossl_old_des_cblock _;

-		/* make sure things are correct size on machines with

-		 * 8 byte longs */

-		DES_LONG pad[2];

-		} ks;

-	} _ossl_old_des_key_schedule[16];

-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY

-#define des_cblock DES_cblock

-#define const_des_cblock const_DES_cblock

-#define des_key_schedule DES_key_schedule

-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\

-	DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))

-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\

-	DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))

-#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\

-	DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))

-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\

-	DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))

-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\

-	DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))

-#define des_options()\

-	DES_options()

-#define des_cbc_cksum(i,o,l,k,iv)\

-	DES_cbc_cksum((i),(o),(l),&(k),(iv))

-#define des_cbc_encrypt(i,o,l,k,iv,e)\

-	DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))

-#define des_ncbc_encrypt(i,o,l,k,iv,e)\

-	DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))

-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\

-	DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))

-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\

-	DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))

-#define des_ecb_encrypt(i,o,k,e)\

-	DES_ecb_encrypt((i),(o),&(k),(e))

-#define des_encrypt1(d,k,e)\

-	DES_encrypt1((d),&(k),(e))

-#define des_encrypt2(d,k,e)\

-	DES_encrypt2((d),&(k),(e))

-#define des_encrypt3(d,k1,k2,k3)\

-	DES_encrypt3((d),&(k1),&(k2),&(k3))

-#define des_decrypt3(d,k1,k2,k3)\

-	DES_decrypt3((d),&(k1),&(k2),&(k3))

-#define des_xwhite_in2out(k,i,o)\

-	DES_xwhite_in2out((k),(i),(o))

-#define des_enc_read(f,b,l,k,iv)\

-	DES_enc_read((f),(b),(l),&(k),(iv))

-#define des_enc_write(f,b,l,k,iv)\

-	DES_enc_write((f),(b),(l),&(k),(iv))

-#define des_fcrypt(b,s,r)\

-	DES_fcrypt((b),(s),(r))

-#if 0

-#define des_crypt(b,s)\

-	DES_crypt((b),(s))

-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)

-#define crypt(b,s)\

-	DES_crypt((b),(s))

-#endif

-#endif

-#define des_ofb_encrypt(i,o,n,l,k,iv)\

-	DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))

-#define des_pcbc_encrypt(i,o,l,k,iv,e)\

-	DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))

-#define des_quad_cksum(i,o,l,c,s)\

-	DES_quad_cksum((i),(o),(l),(c),(s))

-#define des_random_seed(k)\

-	_ossl_096_des_random_seed((k))

-#define des_random_key(r)\

-	DES_random_key((r))

-#define des_read_password(k,p,v) \

-	DES_read_password((k),(p),(v))

-#define des_read_2passwords(k1,k2,p,v) \

-	DES_read_2passwords((k1),(k2),(p),(v))

-#define des_set_odd_parity(k)\

-	DES_set_odd_parity((k))

-#define des_check_key_parity(k)\

-	DES_check_key_parity((k))

-#define des_is_weak_key(k)\

-	DES_is_weak_key((k))

-#define des_set_key(k,ks)\

-	DES_set_key((k),&(ks))

-#define des_key_sched(k,ks)\

-	DES_key_sched((k),&(ks))

-#define des_set_key_checked(k,ks)\

-	DES_set_key_checked((k),&(ks))

-#define des_set_key_unchecked(k,ks)\

-	DES_set_key_unchecked((k),&(ks))

-#define des_string_to_key(s,k)\

-	DES_string_to_key((s),(k))

-#define des_string_to_2keys(s,k1,k2)\

-	DES_string_to_2keys((s),(k1),(k2))

-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\

-	DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))

-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\

-	DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))

-#define des_ecb2_encrypt(i,o,k1,k2,e) \

-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \

-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \

-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \

-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-#define des_check_key DES_check_key

-#define des_rw_mode DES_rw_mode

-#else /* libdes compatibility */

-/* Map all symbol names to _ossl_old_des_* form, so we avoid all

-   clashes with libdes */

-#define des_cblock _ossl_old_des_cblock

-#define des_key_schedule _ossl_old_des_key_schedule

-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\

-	_ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))

-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\

-	_ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))

-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\

-	_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))

-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\

-	_ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))

-#define des_options()\

-	_ossl_old_des_options()

-#define des_cbc_cksum(i,o,l,k,iv)\

-	_ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))

-#define des_cbc_encrypt(i,o,l,k,iv,e)\

-	_ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))

-#define des_ncbc_encrypt(i,o,l,k,iv,e)\

-	_ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))

-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\

-	_ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))

-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\

-	_ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))

-#define des_ecb_encrypt(i,o,k,e)\

-	_ossl_old_des_ecb_encrypt((i),(o),(k),(e))

-#define des_encrypt(d,k,e)\

-	_ossl_old_des_encrypt((d),(k),(e))

-#define des_encrypt2(d,k,e)\

-	_ossl_old_des_encrypt2((d),(k),(e))

-#define des_encrypt3(d,k1,k2,k3)\

-	_ossl_old_des_encrypt3((d),(k1),(k2),(k3))

-#define des_decrypt3(d,k1,k2,k3)\

-	_ossl_old_des_decrypt3((d),(k1),(k2),(k3))

-#define des_xwhite_in2out(k,i,o)\

-	_ossl_old_des_xwhite_in2out((k),(i),(o))

-#define des_enc_read(f,b,l,k,iv)\

-	_ossl_old_des_enc_read((f),(b),(l),(k),(iv))

-#define des_enc_write(f,b,l,k,iv)\

-	_ossl_old_des_enc_write((f),(b),(l),(k),(iv))

-#define des_fcrypt(b,s,r)\

-	_ossl_old_des_fcrypt((b),(s),(r))

-#define des_crypt(b,s)\

-	_ossl_old_des_crypt((b),(s))

-#if 0

-#define crypt(b,s)\

-	_ossl_old_crypt((b),(s))

-#endif

-#define des_ofb_encrypt(i,o,n,l,k,iv)\

-	_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))

-#define des_pcbc_encrypt(i,o,l,k,iv,e)\

-	_ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))

-#define des_quad_cksum(i,o,l,c,s)\

-	_ossl_old_des_quad_cksum((i),(o),(l),(c),(s))

-#define des_random_seed(k)\

-	_ossl_old_des_random_seed((k))

-#define des_random_key(r)\

-	_ossl_old_des_random_key((r))

-#define des_read_password(k,p,v) \

-	_ossl_old_des_read_password((k),(p),(v))

-#define des_read_2passwords(k1,k2,p,v) \

-	_ossl_old_des_read_2passwords((k1),(k2),(p),(v))

-#define des_set_odd_parity(k)\

-	_ossl_old_des_set_odd_parity((k))

-#define des_is_weak_key(k)\

-	_ossl_old_des_is_weak_key((k))

-#define des_set_key(k,ks)\

-	_ossl_old_des_set_key((k),(ks))

-#define des_key_sched(k,ks)\

-	_ossl_old_des_key_sched((k),(ks))

-#define des_string_to_key(s,k)\

-	_ossl_old_des_string_to_key((s),(k))

-#define des_string_to_2keys(s,k1,k2)\

-	_ossl_old_des_string_to_2keys((s),(k1),(k2))

-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\

-	_ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))

-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\

-	_ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))

-#define des_ecb2_encrypt(i,o,k1,k2,e) \

-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))

-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \

-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))

-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \

-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))

-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \

-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))

-#define des_check_key DES_check_key

-#define des_rw_mode DES_rw_mode

-#endif

-const char *_ossl_old_des_options(void);

-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, int enc);

-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);

-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,

-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);

-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,

-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	_ossl_old_des_key_schedule ks,int enc);

-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);

-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);

-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,

-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);

-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,

-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);

-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output,

-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);

-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,

-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);

-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,

-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,

-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);

-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),

-	_ossl_old_des_cblock (*out_white));

-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,

-	_ossl_old_des_cblock *iv);

-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,

-	_ossl_old_des_cblock *iv);

-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);

-char *_ossl_old_des_crypt(const char *buf,const char *salt);

-#if !defined(PERL5) && !defined(NeXT)

-char *_ossl_old_crypt(const char *buf,const char *salt);

-#endif

-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,

-	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);

-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,

-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);

-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,

-	long length,int out_count,_ossl_old_des_cblock *seed);

-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);

-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);

-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);

-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,

-	const char *prompt,int verify);

-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);

-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);

-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);

-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);

-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);

-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);

-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);

-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,

-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);

-void _ossl_096_des_random_seed(des_cblock *key);

-/* The following definitions provide compatibility with the MIT Kerberos

- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */

-#define _KERBEROS_DES_H

-#define KRBDES_ENCRYPT DES_ENCRYPT

-#define KRBDES_DECRYPT DES_DECRYPT

-#ifdef KERBEROS

-#  define ENCRYPT DES_ENCRYPT

-#  define DECRYPT DES_DECRYPT

-#endif

-#ifndef NCOMPAT

-#  define C_Block des_cblock

-#  define Key_schedule des_key_schedule

-#  define KEY_SZ DES_KEY_SZ

-#  define string_to_key des_string_to_key

-#  define read_pw_string des_read_pw_string

-#  define random_key des_random_key

-#  define pcbc_encrypt des_pcbc_encrypt

-#  define set_key des_set_key

-#  define key_sched des_key_sched

-#  define ecb_encrypt des_ecb_encrypt

-#  define cbc_encrypt des_cbc_encrypt

-#  define ncbc_encrypt des_ncbc_encrypt

-#  define xcbc_encrypt des_xcbc_encrypt

-#  define cbc_cksum des_cbc_cksum

-#  define quad_cksum des_quad_cksum

-#  define check_parity des_check_key_parity

-#endif

-#define des_fixup_key_parity DES_fixup_key_parity

-#ifdef  __cplusplus

-}

-#endif

-/* for DES_read_pw_string et al */

-#include <openssl/ui_compat.h>

-#endif

--- a/sys/src/ape/lib/openssl/crypto/des/des_old2.c

+++ /dev/null

@@ -1,82 +1,0 @@

-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */

-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- *

- * The function names in here are deprecated and are only present to

- * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now

- * provides functions where "des_" has been replaced with "DES_" in

- * the names, to make it possible to make incompatible changes that

- * are needed for C type security and other stuff.

- *

- * Please consider starting to use the DES_ functions rather than the

- * des_ ones.  The des_ functions will dissapear completely before

- * OpenSSL 1.0!

- *

- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#undef OPENSSL_DES_LIBDES_COMPATIBILITY

-#include <openssl/des.h>

-#include <openssl/rand.h>

-void _ossl_096_des_random_seed(DES_cblock *key)

-	{

-	RAND_seed(key, sizeof(DES_cblock));

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/des_opts.c

+++ /dev/null

@@ -1,608 +1,0 @@

-/* crypto/des/des_opts.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.

- * This is for machines with 64k code segment size restrictions. */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#ifndef OPENSSL_SYS_MSDOS

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD

-#else

-#include <io.h>

-extern void exit();

-#endif

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/des.h>

-#include "spr.h"

-#define DES_DEFAULT_OPTIONS

-#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)

-#define PART1

-#define PART2

-#define PART3

-#define PART4

-#endif

-#ifdef PART1

-#undef DES_UNROLL

-#undef DES_RISC1

-#undef DES_RISC2

-#undef DES_PTR

-#undef D_ENCRYPT

-#define DES_encrypt1 des_encrypt_u4_cisc_idx

-#define DES_encrypt2 des_encrypt2_u4_cisc_idx

-#define DES_encrypt3 des_encrypt3_u4_cisc_idx

-#define DES_decrypt3 des_decrypt3_u4_cisc_idx

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#define DES_UNROLL

-#undef DES_RISC1

-#undef DES_RISC2

-#undef DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u16_cisc_idx

-#define DES_encrypt2 des_encrypt2_u16_cisc_idx

-#define DES_encrypt3 des_encrypt3_u16_cisc_idx

-#define DES_decrypt3 des_decrypt3_u16_cisc_idx

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#undef DES_UNROLL

-#define DES_RISC1

-#undef DES_RISC2

-#undef DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u4_risc1_idx

-#define DES_encrypt2 des_encrypt2_u4_risc1_idx

-#define DES_encrypt3 des_encrypt3_u4_risc1_idx

-#define DES_decrypt3 des_decrypt3_u4_risc1_idx

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#endif

-#ifdef PART2

-#undef DES_UNROLL

-#undef DES_RISC1

-#define DES_RISC2

-#undef DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u4_risc2_idx

-#define DES_encrypt2 des_encrypt2_u4_risc2_idx

-#define DES_encrypt3 des_encrypt3_u4_risc2_idx

-#define DES_decrypt3 des_decrypt3_u4_risc2_idx

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#define DES_UNROLL

-#define DES_RISC1

-#undef DES_RISC2

-#undef DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u16_risc1_idx

-#define DES_encrypt2 des_encrypt2_u16_risc1_idx

-#define DES_encrypt3 des_encrypt3_u16_risc1_idx

-#define DES_decrypt3 des_decrypt3_u16_risc1_idx

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#define DES_UNROLL

-#undef DES_RISC1

-#define DES_RISC2

-#undef DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u16_risc2_idx

-#define DES_encrypt2 des_encrypt2_u16_risc2_idx

-#define DES_encrypt3 des_encrypt3_u16_risc2_idx

-#define DES_decrypt3 des_decrypt3_u16_risc2_idx

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#endif

-#ifdef PART3

-#undef DES_UNROLL

-#undef DES_RISC1

-#undef DES_RISC2

-#define DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u4_cisc_ptr

-#define DES_encrypt2 des_encrypt2_u4_cisc_ptr

-#define DES_encrypt3 des_encrypt3_u4_cisc_ptr

-#define DES_decrypt3 des_decrypt3_u4_cisc_ptr

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#define DES_UNROLL

-#undef DES_RISC1

-#undef DES_RISC2

-#define DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u16_cisc_ptr

-#define DES_encrypt2 des_encrypt2_u16_cisc_ptr

-#define DES_encrypt3 des_encrypt3_u16_cisc_ptr

-#define DES_decrypt3 des_decrypt3_u16_cisc_ptr

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#undef DES_UNROLL

-#define DES_RISC1

-#undef DES_RISC2

-#define DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u4_risc1_ptr

-#define DES_encrypt2 des_encrypt2_u4_risc1_ptr

-#define DES_encrypt3 des_encrypt3_u4_risc1_ptr

-#define DES_decrypt3 des_decrypt3_u4_risc1_ptr

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#endif

-#ifdef PART4

-#undef DES_UNROLL

-#undef DES_RISC1

-#define DES_RISC2

-#define DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u4_risc2_ptr

-#define DES_encrypt2 des_encrypt2_u4_risc2_ptr

-#define DES_encrypt3 des_encrypt3_u4_risc2_ptr

-#define DES_decrypt3 des_decrypt3_u4_risc2_ptr

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#define DES_UNROLL

-#define DES_RISC1

-#undef DES_RISC2

-#define DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u16_risc1_ptr

-#define DES_encrypt2 des_encrypt2_u16_risc1_ptr

-#define DES_encrypt3 des_encrypt3_u16_risc1_ptr

-#define DES_decrypt3 des_decrypt3_u16_risc1_ptr

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#define DES_UNROLL

-#undef DES_RISC1

-#define DES_RISC2

-#define DES_PTR

-#undef D_ENCRYPT

-#undef DES_encrypt1

-#undef DES_encrypt2

-#undef DES_encrypt3

-#undef DES_decrypt3

-#define DES_encrypt1 des_encrypt_u16_risc2_ptr

-#define DES_encrypt2 des_encrypt2_u16_risc2_ptr

-#define DES_encrypt3 des_encrypt3_u16_risc2_ptr

-#define DES_decrypt3 des_decrypt3_u16_risc2_ptr

-#undef HEADER_DES_LOCL_H

-#include "des_enc.c"

-#endif

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# ifndef CLK_TCK

-#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */

-#   define HZ	100.0

-#  else /* _BSD_CLK_TCK_ */

-#   define HZ ((double)_BSD_CLK_TCK_)

-#  endif

-# else /* CLK_TCK */

-#  define HZ ((double)CLK_TCK)

-# endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-#ifdef SIGALRM

-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);

-#else

-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);

-#endif

-#define time_it(func,name,index) \

-	print_name(name); \

-	Time_F(START); \

-	for (count=0,run=1; COND(cb); count++) \

-		{ \

-		unsigned long d[2]; \

-		func(d,&sch,DES_ENCRYPT); \

-		} \

-	tm[index]=Time_F(STOP); \

-	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \

-	tm[index]=((double)COUNT(cb))/tm[index];

-#define print_it(name,index) \

-	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \

-		tm[index]*8,1.0e6/tm[index]);

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};

-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};

-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};

-	DES_key_schedule sch,sch2,sch3;

-	double d,tm[16],max=0;

-	int rank[16];

-	char *str[16];

-	int max_idx=0,i,num=0,j;

-#ifndef SIGALARM

-	long ca,cb,cc,cd,ce;

-#endif

-	for (i=0; i<12; i++)

-		{

-		tm[i]=0.0;

-		rank[i]=0;

-		}

-#ifndef TIMES

-	fprintf(stderr,"To get the most accurate results, try to run this\n");

-	fprintf(stderr,"program when this computer is idle.\n");

-#endif

-	DES_set_key_unchecked(&key,&sch);

-	DES_set_key_unchecked(&key2,&sch2);

-	DES_set_key_unchecked(&key3,&sch3);

-#ifndef SIGALRM

-	fprintf(stderr,"First we calculate the approximate speed ...\n");

-	DES_set_key_unchecked(&key,sch);

-	count=10;

-	do	{

-		long i;

-		unsigned long data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count;

-	cb=count*3;

-	cc=count*3*8/BUFSIZE+1;

-	cd=count*8/BUFSIZE+1;

-	ce=count/20+1;

-#define COND(d) (count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c) (run)

-#define COUNT(d) (count)

-        signal(SIGALRM,sig_done);

-        alarm(10);

-#endif

-#ifdef PART1

-	time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);

-	time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);

-	time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);

-	num+=3;

-#endif

-#ifdef PART2

-	time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);

-	time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);

-	time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);

-	num+=3;

-#endif

-#ifdef PART3

-	time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);

-	time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);

-	time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);

-	num+=3;

-#endif

-#ifdef PART4

-	time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);

-	time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);

-	time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);

-	num+=3;

-#endif

-#ifdef PART1

-	str[0]=" 4  c i";

-	print_it("des_encrypt_u4_cisc_idx  ",0);

-	max=tm[0];

-	max_idx=0;

-	str[1]="16  c i";

-	print_it("des_encrypt_u16_cisc_idx ",1);

-	if (max < tm[1]) { max=tm[1]; max_idx=1; }

-	str[2]=" 4 r1 i";

-	print_it("des_encrypt_u4_risc1_idx ",2);

-	if (max < tm[2]) { max=tm[2]; max_idx=2; }

-#endif

-#ifdef PART2

-	str[3]="16 r1 i";

-	print_it("des_encrypt_u16_risc1_idx",3);

-	if (max < tm[3]) { max=tm[3]; max_idx=3; }

-	str[4]=" 4 r2 i";

-	print_it("des_encrypt_u4_risc2_idx ",4);

-	if (max < tm[4]) { max=tm[4]; max_idx=4; }

-	str[5]="16 r2 i";

-	print_it("des_encrypt_u16_risc2_idx",5);

-	if (max < tm[5]) { max=tm[5]; max_idx=5; }

-#endif

-#ifdef PART3

-	str[6]=" 4  c p";

-	print_it("des_encrypt_u4_cisc_ptr  ",6);

-	if (max < tm[6]) { max=tm[6]; max_idx=6; }

-	str[7]="16  c p";

-	print_it("des_encrypt_u16_cisc_ptr ",7);

-	if (max < tm[7]) { max=tm[7]; max_idx=7; }

-	str[8]=" 4 r1 p";

-	print_it("des_encrypt_u4_risc1_ptr ",8);

-	if (max < tm[8]) { max=tm[8]; max_idx=8; }

-#endif

-#ifdef PART4

-	str[9]="16 r1 p";

-	print_it("des_encrypt_u16_risc1_ptr",9);

-	if (max < tm[9]) { max=tm[9]; max_idx=9; }

-	str[10]=" 4 r2 p";

-	print_it("des_encrypt_u4_risc2_ptr ",10);

-	if (max < tm[10]) { max=tm[10]; max_idx=10; }

-	str[11]="16 r2 p";

-	print_it("des_encrypt_u16_risc2_ptr",11);

-	if (max < tm[11]) { max=tm[11]; max_idx=11; }

-#endif

-	printf("options    des ecb/s\n");

-	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);

-	d=tm[max_idx];

-	tm[max_idx]= -2.0;

-	max= -1.0;

-	for (;;)

-		{

-		for (i=0; i<12; i++)

-			{

-			if (max < tm[i]) { max=tm[i]; j=i; }

-			}

-		if (max < 0.0) break;

-		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);

-		tm[j]= -2.0;

-		max= -1.0;

-		}

-	switch (max_idx)

-		{

-	case 0:

-		printf("-DDES_DEFAULT_OPTIONS\n");

-		break;

-	case 1:

-		printf("-DDES_UNROLL\n");

-		break;

-	case 2:

-		printf("-DDES_RISC1\n");

-		break;

-	case 3:

-		printf("-DDES_UNROLL -DDES_RISC1\n");

-		break;

-	case 4:

-		printf("-DDES_RISC2\n");

-		break;

-	case 5:

-		printf("-DDES_UNROLL -DDES_RISC2\n");

-		break;

-	case 6:

-		printf("-DDES_PTR\n");

-		break;

-	case 7:

-		printf("-DDES_UNROLL -DDES_PTR\n");

-		break;

-	case 8:

-		printf("-DDES_RISC1 -DDES_PTR\n");

-		break;

-	case 9:

-		printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");

-		break;

-	case 10:

-		printf("-DDES_RISC2 -DDES_PTR\n");

-		break;

-	case 11:

-		printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");

-		break;

-		}

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/des_ver.h

+++ /dev/null

@@ -1,71 +1,0 @@

-/* crypto/des/des_ver.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_BUILD_SHLIBCRYPTO

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-/* The following macros make sure the names are different from libdes names */

-#define DES_version OSSL_DES_version

-#define libdes_version OSSL_libdes_version

-OPENSSL_EXTERN const char OSSL_DES_version[];	/* SSLeay version string */

-OPENSSL_EXTERN const char OSSL_libdes_version[];	/* old libdes version string */

--- a/sys/src/ape/lib/openssl/crypto/des/dess.cpp

+++ /dev/null

@@ -1,67 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/des.h>

-void main(int argc,char *argv[])

-	{

-	des_key_schedule key;

-	unsigned long s1,s2,e1,e2;

-	unsigned long data[2];

-	int i,j;

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<1000; i++) /**/

-			{

-			des_encrypt1(&data[0],key,1);

-			GetTSC(s1);

-			des_encrypt1(&data[0],key,1);

-			des_encrypt1(&data[0],key,1);

-			des_encrypt1(&data[0],key,1);

-			GetTSC(e1);

-			GetTSC(s2);

-			des_encrypt1(&data[0],key,1);

-			des_encrypt1(&data[0],key,1);

-			des_encrypt1(&data[0],key,1);

-			des_encrypt1(&data[0],key,1);

-			GetTSC(e2);

-			des_encrypt1(&data[0],key,1);

-			}

-		printf("des %d %d (%d)\n",

-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/destest.c

+++ /dev/null

@@ -1,952 +1,0 @@

-/* crypto/des/destest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/e_os2.h>

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)

-#ifndef OPENSSL_SYS_MSDOS

-#define OPENSSL_SYS_MSDOS

-#endif

-#endif

-#ifndef OPENSSL_SYS_MSDOS

-#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)

-#include OPENSSL_UNISTD

-#endif

-#else

-#include <io.h>

-#endif

-#include <string.h>

-#ifdef OPENSSL_NO_DES

-int main(int argc, char *argv[])

-{

-    printf("No DES support\n");

-    return(0);

-}

-#else

-#include <openssl/des.h>

-#define crypt(c,s) (DES_crypt((c),(s)))

-/* tisk tisk - the test keys don't all have odd parity :-( */

-/* test data */

-#define NUM_TESTS 34

-static unsigned char key_data[NUM_TESTS][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},

-	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},

-	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},

-	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},

-	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},

-	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},

-	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},

-	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},

-	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},

-	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},

-	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},

-	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},

-	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},

-	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},

-	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},

-	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},

-	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},

-	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},

-	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},

-	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},

-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},

-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},

-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};

-static unsigned char plain_data[NUM_TESTS][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},

-	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},

-	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},

-	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},

-	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},

-	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},

-	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},

-	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},

-	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},

-	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},

-	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},

-	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},

-	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},

-	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},

-	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},

-	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},

-	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},

-	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},

-	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};

-static unsigned char cipher_data[NUM_TESTS][8]={

-	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},

-	{0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},

-	{0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},

-	{0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},

-	{0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},

-	{0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},

-	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},

-	{0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},

-	{0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},

-	{0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},

-	{0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},

-	{0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},

-	{0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},

-	{0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},

-	{0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},

-	{0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},

-	{0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},

-	{0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},

-	{0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},

-	{0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},

-	{0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},

-	{0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},

-	{0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},

-	{0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},

-	{0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},

-	{0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},

-	{0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},

-	{0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},

-	{0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},

-	{0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},

-	{0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},

-	{0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},

-	{0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},

-	{0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};

-static unsigned char cipher_ecb2[NUM_TESTS-1][8]={

-	{0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},

-	{0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},

-	{0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},

-	{0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},

-	{0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},

-	{0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},

-	{0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},

-	{0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},

-	{0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},

-	{0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},

-	{0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},

-	{0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},

-	{0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},

-	{0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},

-	{0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},

-	{0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},

-	{0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},

-	{0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},

-	{0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},

-	{0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},

-	{0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},

-	{0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},

-	{0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},

-	{0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},

-	{0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},

-	{0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},

-	{0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},

-	{0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},

-	{0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},

-	{0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},

-	{0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},

-	{0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},

-	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};

-static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};

-static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};

-static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};

-static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};

-/* Changed the following text constant to binary so it will work on ebcdic

- * machines :-) */

-/* static char cbc_data[40]="7654321 Now is the time for \0001"; */

-static unsigned char cbc_data[40]={

-	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,

-	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,

-	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,

-	0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,

-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	};

-static unsigned char cbc_ok[32]={

-	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,

-	0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,

-	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,

-	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};

-#ifdef SCREW_THE_PARITY

-#error "SCREW_THE_PARITY is not ment to be defined."

-#error "Original vectors are preserved for reference only."

-static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};

-static unsigned char xcbc_ok[32]={

-	0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,

-	0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,

-	0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,

-	0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,

-	};

-#else

-static unsigned char xcbc_ok[32]={

-	0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,

-	0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,

-	0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,

-	0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,

-	};

-#endif

-static unsigned char cbc3_ok[32]={

-	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,

-	0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,

-	0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,

-	0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};

-static unsigned char pcbc_ok[32]={

-	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,

-	0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,

-	0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,

-	0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};

-static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};

-static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};

-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];

-static unsigned char plain[24]=

-	{

-	0x4e,0x6f,0x77,0x20,0x69,0x73,

-	0x20,0x74,0x68,0x65,0x20,0x74,

-	0x69,0x6d,0x65,0x20,0x66,0x6f,

-	0x72,0x20,0x61,0x6c,0x6c,0x20

-	};

-static unsigned char cfb_cipher8[24]= {

-	0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,

-	0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };

-static unsigned char cfb_cipher16[24]={

-	0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,

-	0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };

-static unsigned char cfb_cipher32[24]={

-	0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,

-	0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };

-static unsigned char cfb_cipher48[24]={

-	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,

-	0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };

-static unsigned char cfb_cipher64[24]={

-	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,

-	0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };

-static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};

-static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};

-static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];

-static unsigned char ofb_cipher[24]=

-	{

-	0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,

-	0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,

-	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3

-	};

-#if 0

-static DES_LONG cbc_cksum_ret=0xB462FEF7L;

-#else

-static DES_LONG cbc_cksum_ret=0xF7FE62B4L;

-#endif

-static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};

-static char *pt(unsigned char *p);

-static int cfb_test(int bits, unsigned char *cfb_cipher);

-static int cfb64_test(unsigned char *cfb_cipher);

-static int ede_cfb64_test(unsigned char *cfb_cipher);

-int main(int argc, char *argv[])

-	{

-	int j,err=0;

-	unsigned int i;

-	des_cblock in,out,outin,iv3,iv2;

-	des_key_schedule ks,ks2,ks3;

-	unsigned char cbc_in[40];

-	unsigned char cbc_out[40];

-	DES_LONG cs;

-	unsigned char cret[8];

-#ifdef _CRAY

-        struct {

-            int a:32;

-            int b:32;

-        } lqret[2];

-#else

-        DES_LONG lqret[4];

-#endif

-	int num;

-	char *str;

-#ifndef OPENSSL_NO_DESCBCM

-	printf("Doing cbcm\n");

-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	memset(cbc_out,0,40);

-	memset(cbc_in,0,40);

-	i=strlen((char *)cbc_data)+1;

-	/* i=((i+7)/8)*8; */

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	memset(iv2,'\0',sizeof iv2);

-	DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,

-			      DES_ENCRYPT);

-	DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,

-			      &iv3,&iv2,DES_ENCRYPT);

-	/*	if (memcmp(cbc_out,cbc3_ok,

-		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)

-		{

-		printf("des_ede3_cbc_encrypt encrypt error\n");

-		err=1;

-		}

-	*/

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	memset(iv2,'\0',sizeof iv2);

-	DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)

-		{

-		unsigned int n;

-		printf("des_ede3_cbcm_encrypt decrypt error\n");

-		for(n=0 ; n < i ; ++n)

-		    printf(" %02x",cbc_data[n]);

-		printf("\n");

-		for(n=0 ; n < i ; ++n)

-		    printf(" %02x",cbc_in[n]);

-		printf("\n");

-		err=1;

-		}

-#endif

-	printf("Doing ecb\n");

-	for (i=0; i<NUM_TESTS; i++)

-		{

-		DES_set_key_unchecked(&key_data[i],&ks);

-		memcpy(in,plain_data[i],8);

-		memset(out,0,8);

-		memset(outin,0,8);

-		des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);

-		des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);

-		if (memcmp(out,cipher_data[i],8) != 0)

-			{

-			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",

-				i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),

-				pt(out));

-			err=1;

-			}

-		if (memcmp(in,outin,8) != 0)

-			{

-			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",

-				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));

-			err=1;

-			}

-		}

-#ifndef LIBDES_LIT

-	printf("Doing ede ecb\n");

-	for (i=0; i<(NUM_TESTS-2); i++)

-		{

-		DES_set_key_unchecked(&key_data[i],&ks);

-		DES_set_key_unchecked(&key_data[i+1],&ks2);

-		DES_set_key_unchecked(&key_data[i+2],&ks3);

-		memcpy(in,plain_data[i],8);

-		memset(out,0,8);

-		memset(outin,0,8);

-		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);

-		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);

-		if (memcmp(out,cipher_ecb2[i],8) != 0)

-			{

-			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",

-				i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),

-				pt(out));

-			err=1;

-			}

-		if (memcmp(in,outin,8) != 0)

-			{

-			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",

-				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));

-			err=1;

-			}

-		}

-#endif

-	printf("Doing cbc\n");

-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	memset(cbc_out,0,40);

-	memset(cbc_in,0,40);

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,

-			 &iv3,DES_ENCRYPT);

-	if (memcmp(cbc_out,cbc_ok,32) != 0)

-		{

-		printf("cbc_encrypt encrypt error\n");

-		err=1;

-		}

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,

-			 &iv3,DES_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)

-		{

-		printf("cbc_encrypt decrypt error\n");

-		err=1;

-		}

-#ifndef LIBDES_LIT

-	printf("Doing desx cbc\n");

-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	memset(cbc_out,0,40);

-	memset(cbc_in,0,40);

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,

-			 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);

-	if (memcmp(cbc_out,xcbc_ok,32) != 0)

-		{

-		printf("des_xcbc_encrypt encrypt error\n");

-		err=1;

-		}

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,

-			 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)

-		{

-		printf("des_xcbc_encrypt decrypt error\n");

-		err=1;

-		}

-#endif

-	printf("Doing ede cbc\n");

-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	memset(cbc_out,0,40);

-	memset(cbc_in,0,40);

-	i=strlen((char *)cbc_data)+1;

-	/* i=((i+7)/8)*8; */

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,

-			     DES_ENCRYPT);

-	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,

-			     &iv3,DES_ENCRYPT);

-	if (memcmp(cbc_out,cbc3_ok,

-		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)

-		{

-		unsigned int n;

-		printf("des_ede3_cbc_encrypt encrypt error\n");

-		for(n=0 ; n < i ; ++n)

-		    printf(" %02x",cbc_out[n]);

-		printf("\n");

-		for(n=0 ; n < i ; ++n)

-		    printf(" %02x",cbc3_ok[n]);

-		printf("\n");

-		err=1;

-		}

-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));

-	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)

-		{

-		unsigned int n;

-		printf("des_ede3_cbc_encrypt decrypt error\n");

-		for(n=0 ; n < i ; ++n)

-		    printf(" %02x",cbc_data[n]);

-		printf("\n");

-		for(n=0 ; n < i ; ++n)

-		    printf(" %02x",cbc_in[n]);

-		printf("\n");

-		err=1;

-		}

-#ifndef LIBDES_LIT

-	printf("Doing pcbc\n");

-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)

-		{

-		printf("Key error %d\n",j);

-		err=1;

-		}

-	memset(cbc_out,0,40);

-	memset(cbc_in,0,40);

-	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,

-			 &cbc_iv,DES_ENCRYPT);

-	if (memcmp(cbc_out,pcbc_ok,32) != 0)

-		{

-		printf("pcbc_encrypt encrypt error\n");

-		err=1;

-		}

-	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,

-			 DES_DECRYPT);

-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)

-		{

-		printf("pcbc_encrypt decrypt error\n");

-		err=1;

-		}

-	printf("Doing ");

-	printf("cfb8 ");

-	err+=cfb_test(8,cfb_cipher8);

-	printf("cfb16 ");

-	err+=cfb_test(16,cfb_cipher16);

-	printf("cfb32 ");

-	err+=cfb_test(32,cfb_cipher32);

-	printf("cfb48 ");

-	err+=cfb_test(48,cfb_cipher48);

-	printf("cfb64 ");

-	err+=cfb_test(64,cfb_cipher64);

-	printf("cfb64() ");

-	err+=cfb64_test(cfb_cipher64);

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	for (i=0; i<sizeof(plain); i++)

-		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),

-			8,1,ks,&cfb_tmp,DES_ENCRYPT);

-	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)

-		{

-		printf("cfb_encrypt small encrypt error\n");

-		err=1;

-		}

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	for (i=0; i<sizeof(plain); i++)

-		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),

-			8,1,ks,&cfb_tmp,DES_DECRYPT);

-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)

-		{

-		printf("cfb_encrypt small decrypt error\n");

-		err=1;

-		}

-	printf("ede_cfb64() ");

-	err+=ede_cfb64_test(cfb_cipher64);

-	printf("done\n");

-	printf("Doing ofb\n");

-	DES_set_key_checked(&ofb_key,&ks);

-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));

-	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);

-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)

-		{

-		printf("ofb_encrypt encrypt error\n");

-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",

-ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],

-ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);

-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",

-ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],

-ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);

-		err=1;

-		}

-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));

-	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);

-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)

-		{

-		printf("ofb_encrypt decrypt error\n");

-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",

-ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],

-ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);

-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",

-plain[8+0], plain[8+1], plain[8+2], plain[8+3],

-plain[8+4], plain[8+5], plain[8+6], plain[8+7]);

-		err=1;

-		}

-	printf("Doing ofb64\n");

-	DES_set_key_checked(&ofb_key,&ks);

-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));

-	memset(ofb_buf1,0,sizeof(ofb_buf1));

-	memset(ofb_buf2,0,sizeof(ofb_buf1));

-	num=0;

-	for (i=0; i<sizeof(plain); i++)

-		{

-		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,

-				  &num);

-		}

-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)

-		{

-		printf("ofb64_encrypt encrypt error\n");

-		err=1;

-		}

-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));

-	num=0;

-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,

-			  &num);

-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)

-		{

-		printf("ofb64_encrypt decrypt error\n");

-		err=1;

-		}

-	printf("Doing ede_ofb64\n");

-	DES_set_key_checked(&ofb_key,&ks);

-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));

-	memset(ofb_buf1,0,sizeof(ofb_buf1));

-	memset(ofb_buf2,0,sizeof(ofb_buf1));

-	num=0;

-	for (i=0; i<sizeof(plain); i++)

-		{

-		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,

-				       ks,&ofb_tmp,&num);

-		}

-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)

-		{

-		printf("ede_ofb64_encrypt encrypt error\n");

-		err=1;

-		}

-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));

-	num=0;

-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,

-			       &ofb_tmp,&num);

-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)

-		{

-		printf("ede_ofb64_encrypt decrypt error\n");

-		err=1;

-		}

-	printf("Doing cbc_cksum\n");

-	DES_set_key_checked(&cbc_key,&ks);

-	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);

-	if (cs != cbc_cksum_ret)

-		{

-		printf("bad return value (%08lX), should be %08lX\n",

-			(unsigned long)cs,(unsigned long)cbc_cksum_ret);

-		err=1;

-		}

-	if (memcmp(cret,cbc_cksum_data,8) != 0)

-		{

-		printf("bad cbc_cksum block returned\n");

-		err=1;

-		}

-	printf("Doing quad_cksum\n");

-	cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,

-		(long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);

-	if (cs != 0x70d7a63aL)

-		{

-		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",

-			(unsigned long)cs);

-		err=1;

-		}

-#ifdef _CRAY

-	if (lqret[0].a != 0x327eba8dL)

-		{

-		printf("quad_cksum error, out[0] %08lx is not %08lx\n",

-			(unsigned long)lqret[0].a,0x327eba8dUL);

-		err=1;

-		}

-	if (lqret[0].b != 0x201a49ccL)

-		{

-		printf("quad_cksum error, out[1] %08lx is not %08lx\n",

-			(unsigned long)lqret[0].b,0x201a49ccUL);

-		err=1;

-		}

-	if (lqret[1].a != 0x70d7a63aL)

-		{

-		printf("quad_cksum error, out[2] %08lx is not %08lx\n",

-			(unsigned long)lqret[1].a,0x70d7a63aUL);

-		err=1;

-		}

-	if (lqret[1].b != 0x501c2c26L)

-		{

-		printf("quad_cksum error, out[3] %08lx is not %08lx\n",

-			(unsigned long)lqret[1].b,0x501c2c26UL);

-		err=1;

-		}

-#else

-	if (lqret[0] != 0x327eba8dL)

-		{

-		printf("quad_cksum error, out[0] %08lx is not %08lx\n",

-			(unsigned long)lqret[0],0x327eba8dUL);

-		err=1;

-		}

-	if (lqret[1] != 0x201a49ccL)

-		{

-		printf("quad_cksum error, out[1] %08lx is not %08lx\n",

-			(unsigned long)lqret[1],0x201a49ccUL);

-		err=1;

-		}

-	if (lqret[2] != 0x70d7a63aL)

-		{

-		printf("quad_cksum error, out[2] %08lx is not %08lx\n",

-			(unsigned long)lqret[2],0x70d7a63aUL);

-		err=1;

-		}

-	if (lqret[3] != 0x501c2c26L)

-		{

-		printf("quad_cksum error, out[3] %08lx is not %08lx\n",

-			(unsigned long)lqret[3],0x501c2c26UL);

-		err=1;

-		}

-#endif

-#endif

-	printf("input word alignment test");

-	for (i=0; i<4; i++)

-		{

-		printf(" %d",i);

-		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,

-				 strlen((char *)cbc_data)+1,ks,

-				 &cbc_iv,DES_ENCRYPT);

-		}

-	printf("\noutput word alignment test");

-	for (i=0; i<4; i++)

-		{

-		printf(" %d",i);

-		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),

-				 strlen((char *)cbc_data)+1,ks,

-				 &cbc_iv,DES_ENCRYPT);

-		}

-	printf("\n");

-	printf("fast crypt test ");

-	str=crypt("testing","ef");

-	if (strcmp("efGnQx2725bI2",str) != 0)

-		{

-		printf("fast crypt error, %s should be efGnQx2725bI2\n",str);

-		err=1;

-		}

-	str=crypt("bca76;23","yA");

-	if (strcmp("yA1Rp/1hZXIJk",str) != 0)

-		{

-		printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);

-		err=1;

-		}

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	printf("\n");

-	return(err);

-	}

-static char *pt(unsigned char *p)

-	{

-	static char bufs[10][20];

-	static int bnum=0;

-	char *ret;

-	int i;

-	static char *f="0123456789ABCDEF";

-	ret= &(bufs[bnum++][0]);

-	bnum%=10;

-	for (i=0; i<8; i++)

-		{

-		ret[i*2]=f[(p[i]>>4)&0xf];

-		ret[i*2+1]=f[p[i]&0xf];

-		}

-	ret[16]='\0';

-	return(ret);

-	}

-#ifndef LIBDES_LIT

-static int cfb_test(int bits, unsigned char *cfb_cipher)

-	{

-	des_key_schedule ks;

-	int i,err=0;

-	DES_set_key_checked(&cfb_key,&ks);

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,

-			DES_ENCRYPT);

-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)

-		{

-		err=1;

-		printf("cfb_encrypt encrypt error\n");

-		for (i=0; i<24; i+=8)

-			printf("%s\n",pt(&(cfb_buf1[i])));

-		}

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,

-			DES_DECRYPT);

-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)

-		{

-		err=1;

-		printf("cfb_encrypt decrypt error\n");

-		for (i=0; i<24; i+=8)

-			printf("%s\n",pt(&(cfb_buf1[i])));

-		}

-	return(err);

-	}

-static int cfb64_test(unsigned char *cfb_cipher)

-	{

-	des_key_schedule ks;

-	int err=0,i,n;

-	DES_set_key_checked(&cfb_key,&ks);

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	n=0;

-	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);

-	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,

-			  &cfb_tmp,&n,DES_ENCRYPT);

-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)

-		{

-		err=1;

-		printf("cfb_encrypt encrypt error\n");

-		for (i=0; i<24; i+=8)

-			printf("%s\n",pt(&(cfb_buf1[i])));

-		}

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	n=0;

-	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);

-	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),

-			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);

-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)

-		{

-		err=1;

-		printf("cfb_encrypt decrypt error\n");

-		for (i=0; i<24; i+=8)

-			printf("%s\n",pt(&(cfb_buf2[i])));

-		}

-	return(err);

-	}

-static int ede_cfb64_test(unsigned char *cfb_cipher)

-	{

-	des_key_schedule ks;

-	int err=0,i,n;

-	DES_set_key_checked(&cfb_key,&ks);

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	n=0;

-	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,

-			       DES_ENCRYPT);

-	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),

-			       sizeof(plain)-12,ks,ks,ks,

-			       &cfb_tmp,&n,DES_ENCRYPT);

-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)

-		{

-		err=1;

-		printf("ede_cfb_encrypt encrypt error\n");

-		for (i=0; i<24; i+=8)

-			printf("%s\n",pt(&(cfb_buf1[i])));

-		}

-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));

-	n=0;

-	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,

-			       &cfb_tmp,&n,DES_DECRYPT);

-	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),

-			       sizeof(plain)-17,ks,ks,ks,

-			       &cfb_tmp,&n,DES_DECRYPT);

-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)

-		{

-		err=1;

-		printf("ede_cfb_encrypt decrypt error\n");

-		for (i=0; i<24; i+=8)

-			printf("%s\n",pt(&(cfb_buf2[i])));

-		}

-	return(err);

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/des/ecb3_enc.c

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/des/ecb3_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,

-		      DES_key_schedule *ks1, DES_key_schedule *ks2,

-		      DES_key_schedule *ks3,

-	     int enc)

-	{

-	register DES_LONG l0,l1;

-	DES_LONG ll[2];

-	const unsigned char *in = &(*input)[0];

-	unsigned char *out = &(*output)[0];

-	c2l(in,l0);

-	c2l(in,l1);

-	ll[0]=l0;

-	ll[1]=l1;

-	if (enc)

-		DES_encrypt3(ll,ks1,ks2,ks3);

-	else

-		DES_decrypt3(ll,ks1,ks2,ks3);

-	l0=ll[0];

-	l1=ll[1];

-	l2c(l0,out);

-	l2c(l1,out);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/ecb_enc.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* crypto/des/ecb_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-#include "des_ver.h"

-#include "spr.h"

-#include <openssl/opensslv.h>

-#include <openssl/bio.h>

-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;

-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;

-const char *DES_options(void)

-	{

-	static int init=1;

-	static char buf[32];

-	if (init)

-		{

-		const char *ptr,*unroll,*risc,*size;

-#ifdef DES_PTR

-		ptr="ptr";

-#else

-		ptr="idx";

-#endif

-#if defined(DES_RISC1) || defined(DES_RISC2)

-#ifdef DES_RISC1

-		risc="risc1";

-#endif

-#ifdef DES_RISC2

-		risc="risc2";

-#endif

-#else

-		risc="cisc";

-#endif

-#ifdef DES_UNROLL

-		unroll="16";

-#else

-		unroll="4";

-#endif

-		if (sizeof(DES_LONG) != sizeof(long))

-			size="int";

-		else

-			size="long";

-		BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,

-			     size);

-		init=0;

-		}

-	return(buf);

-	}

-void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,

-		     DES_key_schedule *ks, int enc)

-	{

-	register DES_LONG l;

-	DES_LONG ll[2];

-	const unsigned char *in = &(*input)[0];

-	unsigned char *out = &(*output)[0];

-	c2l(in,l); ll[0]=l;

-	c2l(in,l); ll[1]=l;

-	DES_encrypt1(ll,ks,enc);

-	l=ll[0]; l2c(l,out);

-	l=ll[1]; l2c(l,out);

-	l=ll[0]=ll[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/ede_cbcm_enc.c

+++ /dev/null

@@ -1,199 +1,0 @@

-/* ede_cbcm_enc.c */

-/* Written by Ben Laurie <[email protected]> for the OpenSSL

- * project 13 Feb 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

-This is an implementation of Triple DES Cipher Block Chaining with Output

-Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).

-Note that there is a known attack on this by Biham and Knudsen but it takes

-a lot of work:

-http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz

-*/

-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */

-#ifndef OPENSSL_NO_DESCBCM

-#include "des_locl.h"

-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,

-	     long length, DES_key_schedule *ks1, DES_key_schedule *ks2,

-	     DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,

-	     int enc)

-    {

-    register DES_LONG tin0,tin1;

-    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;

-    register long l=length;

-    DES_LONG tin[2];

-    unsigned char *iv1,*iv2;

-    iv1 = &(*ivec1)[0];

-    iv2 = &(*ivec2)[0];

-    if (enc)

-	{

-	c2l(iv1,m0);

-	c2l(iv1,m1);

-	c2l(iv2,tout0);

-	c2l(iv2,tout1);

-	for (l-=8; l>=-7; l-=8)

-	    {

-	    tin[0]=m0;

-	    tin[1]=m1;

-	    DES_encrypt1(tin,ks3,1);

-	    m0=tin[0];

-	    m1=tin[1];

-	    if(l < 0)

-		{

-		c2ln(in,tin0,tin1,l+8);

-		}

-	    else

-		{

-		c2l(in,tin0);

-		c2l(in,tin1);

-		}

-	    tin0^=tout0;

-	    tin1^=tout1;

-	    tin[0]=tin0;

-	    tin[1]=tin1;

-	    DES_encrypt1(tin,ks1,1);

-	    tin[0]^=m0;

-	    tin[1]^=m1;

-	    DES_encrypt1(tin,ks2,0);

-	    tin[0]^=m0;

-	    tin[1]^=m1;

-	    DES_encrypt1(tin,ks1,1);

-	    tout0=tin[0];

-	    tout1=tin[1];

-	    l2c(tout0,out);

-	    l2c(tout1,out);

-	    }

-	iv1=&(*ivec1)[0];

-	l2c(m0,iv1);

-	l2c(m1,iv1);

-	iv2=&(*ivec2)[0];

-	l2c(tout0,iv2);

-	l2c(tout1,iv2);

-	}

-    else

-	{

-	register DES_LONG t0,t1;

-	c2l(iv1,m0);

-	c2l(iv1,m1);

-	c2l(iv2,xor0);

-	c2l(iv2,xor1);

-	for (l-=8; l>=-7; l-=8)

-	    {

-	    tin[0]=m0;

-	    tin[1]=m1;

-	    DES_encrypt1(tin,ks3,1);

-	    m0=tin[0];

-	    m1=tin[1];

-	    c2l(in,tin0);

-	    c2l(in,tin1);

-	    t0=tin0;

-	    t1=tin1;

-	    tin[0]=tin0;

-	    tin[1]=tin1;

-	    DES_encrypt1(tin,ks1,0);

-	    tin[0]^=m0;

-	    tin[1]^=m1;

-	    DES_encrypt1(tin,ks2,1);

-	    tin[0]^=m0;

-	    tin[1]^=m1;

-	    DES_encrypt1(tin,ks1,0);

-	    tout0=tin[0];

-	    tout1=tin[1];

-	    tout0^=xor0;

-	    tout1^=xor1;

-	    if(l < 0)

-		{

-		l2cn(tout0,tout1,out,l+8);

-		}

-	    else

-		{

-		l2c(tout0,out);

-		l2c(tout1,out);

-		}

-	    xor0=t0;

-	    xor1=t1;

-	    }

-	iv1=&(*ivec1)[0];

-	l2c(m0,iv1);

-	l2c(m1,iv1);

-	iv2=&(*ivec2)[0];

-	l2c(xor0,iv2);

-	l2c(xor1,iv2);

-	}

-    tin0=tin1=tout0=tout1=xor0=xor1=0;

-    tin[0]=tin[1]=0;

-    }

-#endif

--- a/sys/src/ape/lib/openssl/crypto/des/enc_read.c

+++ /dev/null

@@ -1,228 +1,0 @@

-/* crypto/des/enc_read.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include "des_locl.h"

-/* This has some uglies in it but it works - even over sockets. */

-/*extern int errno;*/

-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;

-/*

- * WARNINGS:

- *

- *  -  The data format used by DES_enc_write() and DES_enc_read()

- *     has a cryptographic weakness: When asked to write more

- *     than MAXWRITE bytes, DES_enc_write will split the data

- *     into several chunks that are all encrypted

- *     using the same IV.  So don't use these functions unless you

- *     are sure you know what you do (in which case you might

- *     not want to use them anyway).

- *

- *  -  This code cannot handle non-blocking sockets.

- *

- *  -  This function uses an internal state and thus cannot be

- *     used on multiple files.

- */

-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,

-		 DES_cblock *iv)

-	{

-	/* data to be unencrypted */

-	int net_num=0;

-	static unsigned char *net=NULL;

-	/* extra unencrypted data

-	 * for when a block of 100 comes in but is des_read one byte at

-	 * a time. */

-	static unsigned char *unnet=NULL;

-	static int unnet_start=0;

-	static int unnet_left=0;

-	static unsigned char *tmpbuf=NULL;

-	int i;

-	long num=0,rnum;

-	unsigned char *p;

-	if (tmpbuf == NULL)

-		{

-		tmpbuf=OPENSSL_malloc(BSIZE);

-		if (tmpbuf == NULL) return(-1);

-		}

-	if (net == NULL)

-		{

-		net=OPENSSL_malloc(BSIZE);

-		if (net == NULL) return(-1);

-		}

-	if (unnet == NULL)

-		{

-		unnet=OPENSSL_malloc(BSIZE);

-		if (unnet == NULL) return(-1);

-		}

-	/* left over data from last decrypt */

-	if (unnet_left != 0)

-		{

-		if (unnet_left < len)

-			{

-			/* we still still need more data but will return

-			 * with the number of bytes we have - should always

-			 * check the return value */

-			memcpy(buf,&(unnet[unnet_start]),

-			       unnet_left);

-			/* eay 26/08/92 I had the next 2 lines

-			 * reversed :-( */

-			i=unnet_left;

-			unnet_start=unnet_left=0;

-			}

-		else

-			{

-			memcpy(buf,&(unnet[unnet_start]),len);

-			unnet_start+=len;

-			unnet_left-=len;

-			i=len;

-			}

-		return(i);

-		}

-	/* We need to get more data. */

-	if (len > MAXWRITE) len=MAXWRITE;

-	/* first - get the length */

-	while (net_num < HDRSIZE)

-		{

-		i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);

-#ifdef EINTR

-		if ((i == -1) && (errno == EINTR)) continue;

-#endif

-		if (i <= 0) return(0);

-		net_num+=i;

-		}

-	/* we now have at net_num bytes in net */

-	p=net;

-	/* num=0;  */

-	n2l(p,num);

-	/* num should be rounded up to the next group of eight

-	 * we make sure that we have read a multiple of 8 bytes from the net.

-	 */

-	if ((num > MAXWRITE) || (num < 0)) /* error */

-		return(-1);

-	rnum=(num < 8)?8:((num+7)/8*8);

-	net_num=0;

-	while (net_num < rnum)

-		{

-		i=read(fd,(void *)&(net[net_num]),rnum-net_num);

-#ifdef EINTR

-		if ((i == -1) && (errno == EINTR)) continue;

-#endif

-		if (i <= 0) return(0);

-		net_num+=i;

-		}

-	/* Check if there will be data left over. */

-	if (len < num)

-		{

-		if (DES_rw_mode & DES_PCBC_MODE)

-			DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);

-		else

-			DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);

-		memcpy(buf,unnet,len);

-		unnet_start=len;

-		unnet_left=num-len;

-		/* The following line is done because we return num

-		 * as the number of bytes read. */

-		num=len;

-		}

-	else

-		{

-		/* >output is a multiple of 8 byes, if len < rnum

-		 * >we must be careful.  The user must be aware that this

-		 * >routine will write more bytes than he asked for.

-		 * >The length of the buffer must be correct.

-		 * FIXED - Should be ok now 18-9-90 - eay */

-		if (len < rnum)

-			{

-			if (DES_rw_mode & DES_PCBC_MODE)

-				DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,

-						 DES_DECRYPT);

-			else

-				DES_cbc_encrypt(net,tmpbuf,num,sched,iv,

-						DES_DECRYPT);

-			/* eay 26/08/92 fix a bug that returned more

-			 * bytes than you asked for (returned len bytes :-( */

-			memcpy(buf,tmpbuf,num);

-			}

-		else

-			{

-			if (DES_rw_mode & DES_PCBC_MODE)

-				DES_pcbc_encrypt(net,buf,num,sched,iv,

-						 DES_DECRYPT);

-			else

-				DES_cbc_encrypt(net,buf,num,sched,iv,

-						DES_DECRYPT);

-			}

-		}

-	return num;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/enc_writ.c

+++ /dev/null

@@ -1,171 +1,0 @@

-/* crypto/des/enc_writ.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <errno.h>

-#include <time.h>

-#include <stdio.h>

-#include "cryptlib.h"

-#include "des_locl.h"

-#include <openssl/rand.h>

-/*

- * WARNINGS:

- *

- *  -  The data format used by DES_enc_write() and DES_enc_read()

- *     has a cryptographic weakness: When asked to write more

- *     than MAXWRITE bytes, DES_enc_write will split the data

- *     into several chunks that are all encrypted

- *     using the same IV.  So don't use these functions unless you

- *     are sure you know what you do (in which case you might

- *     not want to use them anyway).

- *

- *  -  This code cannot handle non-blocking sockets.

- */

-int DES_enc_write(int fd, const void *_buf, int len,

-		  DES_key_schedule *sched, DES_cblock *iv)

-	{

-#ifdef _LIBC

-	extern unsigned long time();

-	extern int write();

-#endif

-	const unsigned char *buf=_buf;

-	long rnum;

-	int i,j,k,outnum;

-	static unsigned char *outbuf=NULL;

-	unsigned char shortbuf[8];

-	unsigned char *p;

-	const unsigned char *cp;

-	static int start=1;

-	if (outbuf == NULL)

-		{

-		outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);

-		if (outbuf == NULL) return(-1);

-		}

-	/* If we are sending less than 8 bytes, the same char will look

-	 * the same if we don't pad it out with random bytes */

-	if (start)

-		{

-		start=0;

-		}

-	/* lets recurse if we want to send the data in small chunks */

-	if (len > MAXWRITE)

-		{

-		j=0;

-		for (i=0; i<len; i+=k)

-			{

-			k=DES_enc_write(fd,&(buf[i]),

-				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);

-			if (k < 0)

-				return(k);

-			else

-				j+=k;

-			}

-		return(j);

-		}

-	/* write length first */

-	p=outbuf;

-	l2n(len,p);

-	/* pad short strings */

-	if (len < 8)

-		{

-		cp=shortbuf;

-		memcpy(shortbuf,buf,len);

-		RAND_pseudo_bytes(shortbuf+len, 8-len);

-		rnum=8;

-		}

-	else

-		{

-		cp=buf;

-		rnum=((len+7)/8*8); /* round up to nearest eight */

-		}

-	if (DES_rw_mode & DES_PCBC_MODE)

-		DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,

-				 DES_ENCRYPT);

-	else

-		DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,

-				DES_ENCRYPT);

-	/* output */

-	outnum=rnum+HDRSIZE;

-	for (j=0; j<outnum; j+=i)

-		{

-		/* eay 26/08/92 I was not doing writing from where we

-		 * got up to. */

-		i=write(fd,(void *)&(outbuf[j]),outnum-j);

-		if (i == -1)

-			{

-#ifdef EINTR

-			if (errno == EINTR)

-				i=0;

-			else

-#endif

-			        /* This is really a bad error - very bad

-				 * It will stuff-up both ends. */

-				return(-1);

-			}

-		}

-	return(len);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/fcrypt.c

+++ /dev/null

@@ -1,170 +1,0 @@

-/* NOCW */

-#include <stdio.h>

-#ifdef _OSD_POSIX

-#ifndef CHARSET_EBCDIC

-#define CHARSET_EBCDIC 1

-#endif

-#endif

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-/* This version of crypt has been developed from my MIT compatible

- * DES library.

- * Eric Young ([email protected])

- */

-/* Modification by Jens Kupferschmidt (Cu)

- * I have included directive PARA for shared memory computers.

- * I have included a directive LONGCRYPT to using this routine to cipher

- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN

- * definition is the maximum of length of password and can changed. I have

- * defined 24.

- */

-#include "des_locl.h"

-/* Added more values to handle illegal salt values the way normal

- * crypt() implementations do.  The patch was sent by

- * Bjorn Gronvall <[email protected]>

- */

-static unsigned const char con_salt[128]={

-0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,

-0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,

-0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,

-0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,

-0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,

-0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,

-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,

-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,

-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,

-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,

-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,

-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,

-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,

-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,

-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,

-0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,

-};

-static unsigned const char cov_2char[64]={

-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,

-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,

-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,

-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,

-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,

-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,

-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,

-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A

-};

-char *DES_crypt(const char *buf, const char *salt)

-	{

-	static char buff[14];

-#ifndef CHARSET_EBCDIC

-	return(DES_fcrypt(buf,salt,buff));

-#else

-	char e_salt[2+1];

-	char e_buf[32+1];	/* replace 32 by 8 ? */

-	char *ret;

-	/* Copy at most 2 chars of salt */

-	if ((e_salt[0] = salt[0]) != '\0')

-	    e_salt[1] = salt[1];

-	/* Copy at most 32 chars of password */

-	strncpy (e_buf, buf, sizeof(e_buf));

-	/* Make sure we have a delimiter */

-	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';

-	/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */

-	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);

-	/* Convert the cleartext password to ASCII */

-	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);

-	/* Encrypt it (from/to ASCII) */

-	ret = DES_fcrypt(e_buf,e_salt,buff);

-	/* Convert the result back to EBCDIC */

-	ascii2ebcdic(ret, ret, strlen(ret));

-	return ret;

-#endif

-	}

-char *DES_fcrypt(const char *buf, const char *salt, char *ret)

-	{

-	unsigned int i,j,x,y;

-	DES_LONG Eswap0,Eswap1;

-	DES_LONG out[2],ll;

-	DES_cblock key;

-	DES_key_schedule ks;

-	unsigned char bb[9];

-	unsigned char *b=bb;

-	unsigned char c,u;

-	/* eay 25/08/92

-	 * If you call crypt("pwd","*") as often happens when you

-	 * have * as the pwd field in /etc/passwd, the function

-	 * returns *\0XXXXXXXXX

-	 * The \0 makes the string look like * so the pwd "*" would

-	 * crypt to "*".  This was found when replacing the crypt in

-	 * our shared libraries.  People found that the disabled

-	 * accounts effectively had no passwd :-(. */

-#ifndef CHARSET_EBCDIC

-	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);

-	Eswap0=con_salt[x]<<2;

-	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);

-	Eswap1=con_salt[x]<<6;

-#else

-	x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);

-	Eswap0=con_salt[x]<<2;

-	x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);

-	Eswap1=con_salt[x]<<6;

-#endif

-/* EAY

-r=strlen(buf);

-r=(r+7)/8;

-*/

-	for (i=0; i<8; i++)

-		{

-		c= *(buf++);

-		if (!c) break;

-		key[i]=(c<<1);

-		}

-	for (; i<8; i++)

-		key[i]=0;

-	DES_set_key_unchecked(&key,&ks);

-	fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);

-	ll=out[0]; l2c(ll,b);

-	ll=out[1]; l2c(ll,b);

-	y=0;

-	u=0x80;

-	bb[8]=0;

-	for (i=2; i<13; i++)

-		{

-		c=0;

-		for (j=0; j<6; j++)

-			{

-			c<<=1;

-			if (bb[y] & u) c|=1;

-			u>>=1;

-			if (!u)

-				{

-				y++;

-				u=0x80;

-				}

-			}

-		ret[i]=cov_2char[c];

-		}

-	ret[13]='\0';

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/fcrypt_b.c

+++ /dev/null

@@ -1,145 +1,0 @@

-/* crypto/des/fcrypt_b.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-/* This version of crypt has been developed from my MIT compatible

- * DES library.

- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au

- * Eric Young ([email protected])

- */

-#define DES_FCRYPT

-#include "des_locl.h"

-#undef DES_FCRYPT

-#undef PERM_OP

-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\

-	(b)^=(t),\

-	(a)^=((t)<<(n)))

-#undef HPERM_OP

-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\

-	(a)=(a)^(t)^(t>>(16-(n))))\

-void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,

-		 DES_LONG Eswap1)

-	{

-	register DES_LONG l,r,t,u;

-#ifdef DES_PTR

-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;

-#endif

-	register DES_LONG *s;

-	register int j;

-	register DES_LONG E0,E1;

-	l=0;

-	r=0;

-	s=(DES_LONG *)ks;

-	E0=Eswap0;

-	E1=Eswap1;

-	for (j=0; j<25; j++)

-		{

-#ifndef DES_UNROLL

-		register int i;

-		for (i=0; i<32; i+=8)

-			{

-			D_ENCRYPT(l,r,i+0); /*  1 */

-			D_ENCRYPT(r,l,i+2); /*  2 */

-			D_ENCRYPT(l,r,i+4); /*  1 */

-			D_ENCRYPT(r,l,i+6); /*  2 */

-			}

-#else

-		D_ENCRYPT(l,r, 0); /*  1 */

-		D_ENCRYPT(r,l, 2); /*  2 */

-		D_ENCRYPT(l,r, 4); /*  3 */

-		D_ENCRYPT(r,l, 6); /*  4 */

-		D_ENCRYPT(l,r, 8); /*  5 */

-		D_ENCRYPT(r,l,10); /*  6 */

-		D_ENCRYPT(l,r,12); /*  7 */

-		D_ENCRYPT(r,l,14); /*  8 */

-		D_ENCRYPT(l,r,16); /*  9 */

-		D_ENCRYPT(r,l,18); /*  10 */

-		D_ENCRYPT(l,r,20); /*  11 */

-		D_ENCRYPT(r,l,22); /*  12 */

-		D_ENCRYPT(l,r,24); /*  13 */

-		D_ENCRYPT(r,l,26); /*  14 */

-		D_ENCRYPT(l,r,28); /*  15 */

-		D_ENCRYPT(r,l,30); /*  16 */

-#endif

-		t=l;

-		l=r;

-		r=t;

-		}

-	l=ROTATE(l,3)&0xffffffffL;

-	r=ROTATE(r,3)&0xffffffffL;

-	PERM_OP(l,r,t, 1,0x55555555L);

-	PERM_OP(r,l,t, 8,0x00ff00ffL);

-	PERM_OP(l,r,t, 2,0x33333333L);

-	PERM_OP(r,l,t,16,0x0000ffffL);

-	PERM_OP(l,r,t, 4,0x0f0f0f0fL);

-	out[0]=r;

-	out[1]=l;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/makefile.bc

+++ /dev/null

@@ -1,50 +1,0 @@

-#

-# Origional BC Makefile from Teun <[email protected]>

-#

-#

-CC      = bcc

-TLIB    = tlib /0 /C

-# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s

-OPTIMIZE= -3 -O2

-#WINDOWS= -W

-CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS

-LFLAGS  = -ml $(WINDOWS)

-.c.obj:

-	$(CC) $(CFLAGS) $*.c

-.obj.exe:

-	$(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib

-all: $(LIB) destest.exe rpw.exe des.exe speed.exe

-# "make clean": use a directory containing only libdes .exe and .obj files...

-clean:

-	del *.exe

-	del *.obj

-	del libdes.lib

-	del libdes.rsp

-OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \

-	qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \

-	enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \

-	ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\

-	cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\

-	ofb64ede.obj supp.obj

-LIB=    libdes.lib

-$(LIB): $(OBJS)

-	del $(LIB)

-	makersp "+%s &\n" &&|

-	$(OBJS)

-|       >libdes.rsp

-	$(TLIB) libdes.lib @libdes.rsp,nul

-	del libdes.rsp

-destest.exe: destest.obj libdes.lib

-rpw.exe:     rpw.obj libdes.lib

-speed.exe:   speed.obj libdes.lib

-des.exe:     des.obj libdes.lib

--- a/sys/src/ape/lib/openssl/crypto/des/ncbc_enc.c

+++ /dev/null

@@ -1,148 +1,0 @@

-/* crypto/des/ncbc_enc.c */

-/*

- * #included by:

- *    cbc_enc.c  (DES_cbc_encrypt)

- *    des_enc.c  (DES_ncbc_encrypt)

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-#ifdef CBC_ENC_C__DONT_UPDATE_IV

-void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)

-#else

-void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)

-#endif

-	{

-	register DES_LONG tin0,tin1;

-	register DES_LONG tout0,tout1,xor0,xor1;

-	register long l=length;

-	DES_LONG tin[2];

-	unsigned char *iv;

-	iv = &(*ivec)[0];

-	if (enc)

-		{

-		c2l(iv,tout0);

-		c2l(iv,tout1);

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			tin0^=tout0; tin[0]=tin0;

-			tin1^=tout1; tin[1]=tin1;

-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);

-			tout0=tin[0]; l2c(tout0,out);

-			tout1=tin[1]; l2c(tout1,out);

-			}

-		if (l != -8)

-			{

-			c2ln(in,tin0,tin1,l+8);

-			tin0^=tout0; tin[0]=tin0;

-			tin1^=tout1; tin[1]=tin1;

-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);

-			tout0=tin[0]; l2c(tout0,out);

-			tout1=tin[1]; l2c(tout1,out);

-			}

-#ifndef CBC_ENC_C__DONT_UPDATE_IV

-		iv = &(*ivec)[0];

-		l2c(tout0,iv);

-		l2c(tout1,iv);

-#endif

-		}

-	else

-		{

-		c2l(iv,xor0);

-		c2l(iv,xor1);

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0); tin[0]=tin0;

-			c2l(in,tin1); tin[1]=tin1;

-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2c(tout0,out);

-			l2c(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			c2l(in,tin0); tin[0]=tin0;

-			c2l(in,tin1); tin[1]=tin1;

-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2cn(tout0,tout1,out,l+8);

-#ifndef CBC_ENC_C__DONT_UPDATE_IV

-			xor0=tin0;

-			xor1=tin1;

-#endif

-			}

-#ifndef CBC_ENC_C__DONT_UPDATE_IV

-		iv = &(*ivec)[0];

-		l2c(xor0,iv);

-		l2c(xor1,iv);

-#endif

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/ofb64ede.c

+++ /dev/null

@@ -1,125 +1,0 @@

-/* crypto/des/ofb64ede.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void DES_ede3_ofb64_encrypt(register const unsigned char *in,

-			    register unsigned char *out, long length,

-			    DES_key_schedule *k1, DES_key_schedule *k2,

-			    DES_key_schedule *k3, DES_cblock *ivec,

-			    int *num)

-	{

-	register DES_LONG v0,v1;

-	register int n= *num;

-	register long l=length;

-	DES_cblock d;

-	register char *dp;

-	DES_LONG ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv = &(*ivec)[0];

-	c2l(iv,v0);

-	c2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=(char *)d;

-	l2c(v0,dp);

-	l2c(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			/* ti[0]=v0; */

-			/* ti[1]=v1; */

-			DES_encrypt3(ti,k1,k2,k3);

-			v0=ti[0];

-			v1=ti[1];

-			dp=(char *)d;

-			l2c(v0,dp);

-			l2c(v1,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-/*		v0=ti[0];

-		v1=ti[1];*/

-		iv = &(*ivec)[0];

-		l2c(v0,iv);

-		l2c(v1,iv);

-		}

-	v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

-#ifdef undef /* MACRO */

-void DES_ede2_ofb64_encrypt(register unsigned char *in,

-	     register unsigned char *out, long length, DES_key_schedule k1,

-	     DES_key_schedule k2, DES_cblock (*ivec), int *num)

-	{

-	DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/des/ofb64enc.c

+++ /dev/null

@@ -1,110 +1,0 @@

-/* crypto/des/ofb64enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void DES_ofb64_encrypt(register const unsigned char *in,

-		       register unsigned char *out, long length,

-		       DES_key_schedule *schedule, DES_cblock *ivec, int *num)

-	{

-	register DES_LONG v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	DES_cblock d;

-	register unsigned char *dp;

-	DES_LONG ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv = &(*ivec)[0];

-	c2l(iv,v0);

-	c2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=d;

-	l2c(v0,dp);

-	l2c(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			DES_encrypt1(ti,schedule,DES_ENCRYPT);

-			dp=d;

-			t=ti[0]; l2c(t,dp);

-			t=ti[1]; l2c(t,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-		v0=ti[0];

-		v1=ti[1];

-		iv = &(*ivec)[0];

-		l2c(v0,iv);

-		l2c(v1,iv);

-		}

-	t=v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/ofb_enc.c

+++ /dev/null

@@ -1,135 +1,0 @@

-/* crypto/des/ofb_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-/* The input and output are loaded in multiples of 8 bits.

- * What this means is that if you hame numbits=12 and length=2

- * the first 12 bits will be retrieved from the first byte and half

- * the second.  The second 12 bits will come from the 3rd and half the 4th

- * byte.

- */

-void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,

-		     long length, DES_key_schedule *schedule,

-		     DES_cblock *ivec)

-	{

-	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;

-	register DES_LONG mask0,mask1;

-	register long l=length;

-	register int num=numbits;

-	DES_LONG ti[2];

-	unsigned char *iv;

-	if (num > 64) return;

-	if (num > 32)

-		{

-		mask0=0xffffffffL;

-		if (num >= 64)

-			mask1=mask0;

-		else

-			mask1=(1L<<(num-32))-1;

-		}

-	else

-		{

-		if (num == 32)

-			mask0=0xffffffffL;

-		else

-			mask0=(1L<<num)-1;

-		mask1=0x00000000L;

-		}

-	iv = &(*ivec)[0];

-	c2l(iv,v0);

-	c2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	while (l-- > 0)

-		{

-		ti[0]=v0;

-		ti[1]=v1;

-		DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);

-		vv0=ti[0];

-		vv1=ti[1];

-		c2ln(in,d0,d1,n);

-		in+=n;

-		d0=(d0^vv0)&mask0;

-		d1=(d1^vv1)&mask1;

-		l2cn(d0,d1,out,n);

-		out+=n;

-		if (num == 32)

-			{ v0=v1; v1=vv0; }

-		else if (num == 64)

-				{ v0=vv0; v1=vv1; }

-		else if (num > 32) /* && num != 64 */

-			{

-			v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;

-			v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;

-			}

-		else /* num < 32 */

-			{

-			v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;

-			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;

-			}

-		}

-	iv = &(*ivec)[0];

-	l2c(v0,iv);

-	l2c(v1,iv);

-	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/options.txt

+++ /dev/null

@@ -1,39 +1,0 @@

-Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds

-instead of the default 4.

-RISC1 and RISC2 are 2 alternatives for the inner loop and

-PTR means to use pointers arithmatic instead of arrays.

-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler		577,000 4620k/s

-IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR	496,000 3968k/s

-solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]	459,400 3672k/s

-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1	433,000 3468k/s

-solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 		380,000 3041k/s

-linux - pentium 100mhz - gcc 2.7.0 - assembler			281,000 2250k/s

-NT 4.0 - pentium 100mhz - VC 4.2 - assembler			281,000 2250k/s

-AIX 4.1? - PPC604 100mhz - cc - UNROLL 				275,000 2200k/s

-IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR		235,300 1882k/s

-IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR			233,700 1869k/s

-NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR		191,000 1528k/s

-DEC Alpha 165mhz??  - cc - RISC2 PTR [2]			181,000 1448k/s

-linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR		158,500 1268k/s

-HPUX 10 - 9000/887 - cc - UNROLL [3]	 			148,000	1190k/s

-solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL		123,600  989k/s

-IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR			101,000  808k/s

-DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL			 81,000  648k/s

-solaris 2.4 486 50mhz - gcc 2.6.3 - assembler			 65,000  522k/s

-HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR	 76,000	 608k/s

-solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2		 43,500  344k/s

-AIX - old slow one :-) - cc -					 39,000  312k/s

-Notes.

-[1] For the ultra sparc, SunC 4.0

-    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'

-    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.

-    I'll record the higher since it is coming from the library but it

-    is all rather weird.

-[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.

-[3] I was unable to get access to this machine when it was not heavily loaded.

-    As such, my timing program was never able to get more that %30 of the CPU.

-    This would cause the program to give much lower speed numbers because

-    it would be 'fighting' to stay in the cache with the other CPU burning

-    processes.

--- a/sys/src/ape/lib/openssl/crypto/des/pcbc_enc.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* crypto/des/pcbc_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,

-		      long length, DES_key_schedule *schedule,

-		      DES_cblock *ivec, int enc)

-	{

-	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;

-	DES_LONG tin[2];

-	const unsigned char *in;

-	unsigned char *out,*iv;

-	in=input;

-	out=output;

-	iv = &(*ivec)[0];

-	if (enc)

-		{

-		c2l(iv,xor0);

-		c2l(iv,xor1);

-		for (; length>0; length-=8)

-			{

-			if (length >= 8)

-				{

-				c2l(in,sin0);

-				c2l(in,sin1);

-				}

-			else

-				c2ln(in,sin0,sin1,length);

-			tin[0]=sin0^xor0;

-			tin[1]=sin1^xor1;

-			DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);

-			tout0=tin[0];

-			tout1=tin[1];

-			xor0=sin0^tout0;

-			xor1=sin1^tout1;

-			l2c(tout0,out);

-			l2c(tout1,out);

-			}

-		}

-	else

-		{

-		c2l(iv,xor0); c2l(iv,xor1);

-		for (; length>0; length-=8)

-			{

-			c2l(in,sin0);

-			c2l(in,sin1);

-			tin[0]=sin0;

-			tin[1]=sin1;

-			DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			if (length >= 8)

-				{

-				l2c(tout0,out);

-				l2c(tout1,out);

-				}

-			else

-				l2cn(tout0,tout1,out,length);

-			xor0=tout0^sin0;

-			xor1=tout1^sin1;

-			}

-		}

-	tin[0]=tin[1]=0;

-	sin0=sin1=xor0=xor1=tout0=tout1=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/qud_cksm.c

+++ /dev/null

@@ -1,139 +1,0 @@

-/* crypto/des/qud_cksm.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer

- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40

- * This module in only based on the code in this paper and is

- * almost definitely not the same as the MIT implementation.

- */

-#include "des_locl.h"

-/* bug fix for dos - 7/6/91 - Larry [email protected] */

-#define Q_B0(a)	(((DES_LONG)(a)))

-#define Q_B1(a)	(((DES_LONG)(a))<<8)

-#define Q_B2(a)	(((DES_LONG)(a))<<16)

-#define Q_B3(a)	(((DES_LONG)(a))<<24)

-/* used to scramble things a bit */

-/* Got the value MIT uses via brute force :-) 2/10/90 eay */

-#define NOISE	((DES_LONG)83653421L)

-DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],

-	     long length, int out_count, DES_cblock *seed)

-	{

-	DES_LONG z0,z1,t0,t1;

-	int i;

-	long l;

-	const unsigned char *cp;

-#ifdef _CRAY

-	struct lp_st { int a:32; int b:32; } *lp;

-#else

-	DES_LONG *lp;

-#endif

-	if (out_count < 1) out_count=1;

-#ifdef _CRAY

-	lp = (struct lp_st *) &(output[0])[0];

-#else

-	lp = (DES_LONG *) &(output[0])[0];

-#endif

-	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);

-	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);

-	for (i=0; ((i<4)&&(i<out_count)); i++)

-		{

-		cp=input;

-		l=length;

-		while (l > 0)

-			{

-			if (l > 1)

-				{

-				t0= (DES_LONG)(*(cp++));

-				t0|=(DES_LONG)Q_B1(*(cp++));

-				l--;

-				}

-			else

-				t0= (DES_LONG)(*(cp++));

-			l--;

-			/* add */

-			t0+=z0;

-			t0&=0xffffffffL;

-			t1=z1;

-			/* square, well sort of square */

-			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))

-				&0xffffffffL)%0x7fffffffL;

-			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;

-			}

-		if (lp != NULL)

-			{

-			/* The MIT library assumes that the checksum is

-			 * composed of 2*out_count 32 bit ints */

-#ifdef _CRAY

-			(*lp).a = z0;

-			(*lp).b = z1;

-			lp++;

-#else

-			*lp++ = z0;

-			*lp++ = z1;

-#endif

-			}

-		}

-	return(z0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/rand_key.c

+++ /dev/null

@@ -1,68 +1,0 @@

-/* crypto/des/rand_key.c */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/des.h>

-#include <openssl/rand.h>

-int DES_random_key(DES_cblock *ret)

-	{

-	do

-		{

-		if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)

-			return (0);

-		} while (DES_is_weak_key(ret));

-	DES_set_odd_parity(ret);

-	return (1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/read2pwd.c

+++ /dev/null

@@ -1,140 +1,0 @@

-/* crypto/des/read2pwd.c */

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <string.h>

-#include <openssl/des.h>

-#include <openssl/ui.h>

-#include <openssl/crypto.h>

-int DES_read_password(DES_cblock *key, const char *prompt, int verify)

-	{

-	int ok;

-	char buf[BUFSIZ],buff[BUFSIZ];

-	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)

-		DES_string_to_key(buf,key);

-	OPENSSL_cleanse(buf,BUFSIZ);

-	OPENSSL_cleanse(buff,BUFSIZ);

-	return(ok);

-	}

-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,

-	     int verify)

-	{

-	int ok;

-	char buf[BUFSIZ],buff[BUFSIZ];

-	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)

-		DES_string_to_2keys(buf,key1,key2);

-	OPENSSL_cleanse(buf,BUFSIZ);

-	OPENSSL_cleanse(buff,BUFSIZ);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/read_pwd.c

+++ /dev/null

@@ -1,521 +1,0 @@

-/* crypto/des/read_pwd.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/e_os2.h>

-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)

-#ifdef OPENSSL_UNISTD

-# include OPENSSL_UNISTD

-#else

-# include <unistd.h>

-#endif

-/* If unistd.h defines _POSIX_VERSION, we conclude that we

- * are on a POSIX system and have sigaction and termios. */

-#if defined(_POSIX_VERSION)

-# define SIGACTION

-# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)

-# define TERMIOS

-# endif

-#endif

-#endif

-/* #define SIGACTION */ /* Define this if you have sigaction() */

-#ifdef WIN16TTY

-#undef OPENSSL_SYS_WIN16

-#undef _WINDOWS

-#include <graph.h>

-#endif

-/* 06-Apr-92 Luke Brennan    Support for VMS */

-#include "des_locl.h"

-#include "cryptlib.h"

-#include <signal.h>

-#include <stdio.h>

-#include <string.h>

-#include <setjmp.h>

-#include <errno.h>

-#ifdef OPENSSL_SYS_VMS			/* prototypes for sys$whatever */

-#include <starlet.h>

-#ifdef __DECC

-#pragma message disable DOLLARID

-#endif

-#endif

-#ifdef WIN_CONSOLE_BUG

-#include <windows.h>

-#ifndef OPENSSL_SYS_WINCE

-#include <wincon.h>

-#endif

-#endif

-/* There are 5 types of terminal interface supported,

- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY

- */

-#if defined(__sgi) && !defined(TERMIOS)

-#define TERMIOS

-#undef  TERMIO

-#undef  SGTTY

-#endif

-#if defined(linux) && !defined(TERMIO)

-#undef  TERMIOS

-#define TERMIO

-#undef  SGTTY

-#endif

-#ifdef _LIBC

-#undef  TERMIOS

-#define TERMIO

-#undef  SGTTY

-#endif

-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)

-#undef  TERMIOS

-#undef  TERMIO

-#define SGTTY

-#endif

-#if defined(OPENSSL_SYS_VXWORKS)

-#undef TERMIOS

-#undef TERMIO

-#undef SGTTY

-#endif

-#ifdef TERMIOS

-#include <termios.h>

-#define TTY_STRUCT		struct termios

-#define TTY_FLAGS		c_lflag

-#define	TTY_get(tty,data)	tcgetattr(tty,data)

-#define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)

-#endif

-#ifdef TERMIO

-#include <termio.h>

-#define TTY_STRUCT		struct termio

-#define TTY_FLAGS		c_lflag

-#define TTY_get(tty,data)	ioctl(tty,TCGETA,data)

-#define TTY_set(tty,data)	ioctl(tty,TCSETA,data)

-#endif

-#ifdef SGTTY

-#include <sgtty.h>

-#define TTY_STRUCT		struct sgttyb

-#define TTY_FLAGS		sg_flags

-#define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)

-#define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)

-#endif

-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)

-#include <sys/ioctl.h>

-#endif

-#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)

-#include <conio.h>

-#define fgets(a,b,c) noecho_fgets(a,b,c)

-#endif

-#ifdef OPENSSL_SYS_VMS

-#include <ssdef.h>

-#include <iodef.h>

-#include <ttdef.h>

-#include <descrip.h>

-struct IOSB {

-	short iosb$w_value;

-	short iosb$w_count;

-	long  iosb$l_info;

-	};

-#endif

-#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)

-/*

- * This one needs work. As a matter of fact the code is unoperational

- * and this is only a trick to get it compiled.

- *					<[email protected]>

- */

-#define TTY_STRUCT int

-#endif

-#ifndef NX509_SIG

-#define NX509_SIG 32

-#endif

-static void read_till_nl(FILE *);

-static void recsig(int);

-static void pushsig(void);

-static void popsig(void);

-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)

-static int noecho_fgets(char *buf, int size, FILE *tty);

-#endif

-#ifdef SIGACTION

- static struct sigaction savsig[NX509_SIG];

-#else

-  static void (*savsig[NX509_SIG])(int );

-#endif

-static jmp_buf save;

-int des_read_pw_string(char *buf, int length, const char *prompt,

-	     int verify)

-	{

-	char buff[BUFSIZ];

-	int ret;

-	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);

-	OPENSSL_cleanse(buff,BUFSIZ);

-	return(ret);

-	}

-#ifdef OPENSSL_SYS_WINCE

-int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)

-	{

-	memset(buf,0,size);

-	memset(buff,0,size);

-	return(0);

-	}

-#elif defined(OPENSSL_SYS_WIN16)

-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)

-	{

-	memset(buf,0,size);

-	memset(buff,0,size);

-	return(0);

-	}

-#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */

-static void read_till_nl(FILE *in)

-	{

-#define SIZE 4

-	char buf[SIZE+1];

-	do	{

-		fgets(buf,SIZE,in);

-		} while (strchr(buf,'\n') == NULL);

-	}

-/* return 0 if ok, 1 (or -1) otherwise */

-int des_read_pw(char *buf, char *buff, int size, const char *prompt,

-	     int verify)

-	{

-#ifdef OPENSSL_SYS_VMS

-	struct IOSB iosb;

-	$DESCRIPTOR(terminal,"TT");

-	long tty_orig[3], tty_new[3];

-	long status;

-	unsigned short channel = 0;

-#else

-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)

-	TTY_STRUCT tty_orig,tty_new;

-#endif

-#endif

-	int number;

-	int ok;

-	/* statics are simply to avoid warnings about longjmp clobbering

-	   things */

-	static int ps;

-	int is_a_tty;

-	static FILE *tty;

-	char *p;

-	if (setjmp(save))

-		{

-		ok=0;

-		goto error;

-		}

-	number=5;

-	ok=0;

-	ps=0;

-	is_a_tty=1;

-	tty=NULL;

-#ifdef OPENSSL_SYS_MSDOS

-	if ((tty=fopen("con","r")) == NULL)

-		tty=stdin;

-#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)

-	tty=stdin;

-#else

-#ifndef OPENSSL_SYS_MPE

-	if ((tty=fopen("/dev/tty","r")) == NULL)

-#endif

-		tty=stdin;

-#endif

-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)

-	if (TTY_get(fileno(tty),&tty_orig) == -1)

-		{

-#ifdef ENOTTY

-		if (errno == ENOTTY)

-			is_a_tty=0;

-		else

-#endif

-#ifdef EINVAL

-		/* Ariel Glenn [email protected] reports that solaris

-		 * can return EINVAL instead.  This should be ok */

-		if (errno == EINVAL)

-			is_a_tty=0;

-		else

-#endif

-			return(-1);

-		}

-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));

-#endif

-#ifdef OPENSSL_SYS_VMS

-	status = sys$assign(&terminal,&channel,0,0);

-	if (status != SS$_NORMAL)

-		return(-1);

-	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);

-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

-		return(-1);

-#endif

-	pushsig();

-	ps=1;

-#ifdef TTY_FLAGS

-	tty_new.TTY_FLAGS &= ~ECHO;

-#endif

-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)

-	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))

-#ifdef OPENSSL_SYS_MPE

-		; /* MPE lies -- echo really has been disabled */

-#else

-		return(-1);

-#endif

-#endif

-#ifdef OPENSSL_SYS_VMS

-	tty_new[0] = tty_orig[0];

-	tty_new[1] = tty_orig[1] | TT$M_NOECHO;

-	tty_new[2] = tty_orig[2];

-	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);

-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

-		return(-1);

-#endif

-	ps=2;

-	while ((!ok) && (number--))

-		{

-		fputs(prompt,stderr);

-		fflush(stderr);

-		buf[0]='\0';

-		fgets(buf,size,tty);

-		if (feof(tty)) goto error;

-		if (ferror(tty)) goto error;

-		if ((p=(char *)strchr(buf,'\n')) != NULL)

-			*p='\0';

-		else	read_till_nl(tty);

-		if (verify)

-			{

-			fprintf(stderr,"\nVerifying password - %s",prompt);

-			fflush(stderr);

-			buff[0]='\0';

-			fgets(buff,size,tty);

-			if (feof(tty)) goto error;

-			if ((p=(char *)strchr(buff,'\n')) != NULL)

-				*p='\0';

-			else	read_till_nl(tty);

-			if (strcmp(buf,buff) != 0)

-				{

-				fprintf(stderr,"\nVerify failure");

-				fflush(stderr);

-				break;

-				/* continue; */

-				}

-			}

-		ok=1;

-		}

-error:

-	fprintf(stderr,"\n");

-#if 0

-	perror("fgets(tty)");

-#endif

-	/* What can we do if there is an error? */

-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)

-	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);

-#endif

-#ifdef OPENSSL_SYS_VMS

-	if (ps >= 2)

-		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0

-			,tty_orig,12,0,0,0,0);

-#endif

-	if (ps >= 1) popsig();

-	if (stdin != tty) fclose(tty);

-#ifdef OPENSSL_SYS_VMS

-	status = sys$dassgn(channel);

-#endif

-	return(!ok);

-	}

-static void pushsig(void)

-	{

-	int i;

-#ifdef SIGACTION

-	struct sigaction sa;

-	memset(&sa,0,sizeof sa);

-	sa.sa_handler=recsig;

-#endif

-	for (i=1; i<NX509_SIG; i++)

-		{

-#ifdef SIGUSR1

-		if (i == SIGUSR1)

-			continue;

-#endif

-#ifdef SIGUSR2

-		if (i == SIGUSR2)

-			continue;

-#endif

-#ifdef SIGACTION

-		sigaction(i,&sa,&savsig[i]);

-#else

-		savsig[i]=signal(i,recsig);

-#endif

-		}

-#ifdef SIGWINCH

-	signal(SIGWINCH,SIG_DFL);

-#endif

-	}

-static void popsig(void)

-	{

-	int i;

-	for (i=1; i<NX509_SIG; i++)

-		{

-#ifdef SIGUSR1

-		if (i == SIGUSR1)

-			continue;

-#endif

-#ifdef SIGUSR2

-		if (i == SIGUSR2)

-			continue;

-#endif

-#ifdef SIGACTION

-		sigaction(i,&savsig[i],NULL);

-#else

-		signal(i,savsig[i]);

-#endif

-		}

-	}

-static void recsig(int i)

-	{

-	longjmp(save,1);

-#ifdef LINT

-	i=i;

-#endif

-	}

-#ifdef OPENSSL_SYS_MSDOS

-static int noecho_fgets(char *buf, int size, FILE *tty)

-	{

-	int i;

-	char *p;

-	p=buf;

-	for (;;)

-		{

-		if (size == 0)

-			{

-			*p='\0';

-			break;

-			}

-		size--;

-#ifdef WIN16TTY

-		i=_inchar();

-#else

-		i=getch();

-#endif

-		if (i == '\r') i='\n';

-		*(p++)=i;

-		if (i == '\n')

-			{

-			*p='\0';

-			break;

-			}

-		}

-#ifdef WIN_CONSOLE_BUG

-/* Win95 has several evil console bugs: one of these is that the

- * last character read using getch() is passed to the next read: this is

- * usually a CR so this can be trouble. No STDIO fix seems to work but

- * flushing the console appears to do the trick.

- */

-		{

-			HANDLE inh;

-			inh = GetStdHandle(STD_INPUT_HANDLE);

-			FlushConsoleInputBuffer(inh);

-		}

-#endif

-	return(strlen(buf));

-	}

-#endif

-#endif /* !OPENSSL_SYS_WINCE && !WIN16 */

--- a/sys/src/ape/lib/openssl/crypto/des/rpc_des.h

+++ /dev/null

@@ -1,131 +1,0 @@

-/* crypto/des/rpc_des.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*  @(#)des.h	2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */

-/*

- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for

- * unrestricted use provided that this legend is included on all tape

- * media and as a part of the software program in whole or part.  Users

- * may copy or modify Sun RPC without charge, but are not authorized

- * to license or distribute it to anyone else except as part of a product or

- * program developed by the user.

- *

- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE

- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.

- *

- * Sun RPC is provided with no support and without any obligation on the

- * part of Sun Microsystems, Inc. to assist in its use, correction,

- * modification or enhancement.

- *

- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE

- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC

- * OR ANY PART THEREOF.

- *

- * In no event will Sun Microsystems, Inc. be liable for any lost revenue

- * or profits or other special, indirect and consequential damages, even if

- * Sun has been advised of the possibility of such damages.

- *

- * Sun Microsystems, Inc.

- * 2550 Garcia Avenue

- * Mountain View, California  94043

- */

-/*

- * Generic DES driver interface

- * Keep this file hardware independent!

- * Copyright (c) 1986 by Sun Microsystems, Inc.

- */

-#define DES_MAXLEN 	65536	/* maximum # of bytes to encrypt  */

-#define DES_QUICKLEN	16	/* maximum # of bytes to encrypt quickly */

-#ifdef HEADER_DES_H

-#undef ENCRYPT

-#undef DECRYPT

-#endif

-enum desdir { ENCRYPT, DECRYPT };

-enum desmode { CBC, ECB };

-/*

- * parameters to ioctl call

- */

-struct desparams {

-	unsigned char des_key[8];	/* key (with low bit parity) */

-	enum desdir des_dir;	/* direction */

-	enum desmode des_mode;	/* mode */

-	unsigned char des_ivec[8];	/* input vector */

-	unsigned des_len;	/* number of bytes to crypt */

-	union {

-		unsigned char UDES_data[DES_QUICKLEN];

-		unsigned char *UDES_buf;

-	} UDES;

-#	define des_data UDES.UDES_data	/* direct data here if quick */

-#	define des_buf	UDES.UDES_buf	/* otherwise, pointer to data */

-};

-/*

- * Encrypt an arbitrary sized buffer

- */

-#define	DESIOCBLOCK	_IOWR(d, 6, struct desparams)

-/*

- * Encrypt of small amount of data, quickly

- */

-#define DESIOCQUICK	_IOWR(d, 7, struct desparams)

--- a/sys/src/ape/lib/openssl/crypto/des/rpc_enc.c

+++ /dev/null

@@ -1,98 +1,0 @@

-/* crypto/des/rpc_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "rpc_des.h"

-#include "des_locl.h"

-#include "des_ver.h"

-int _des_crypt(char *buf,int len,struct desparams *desp);

-int _des_crypt(char *buf, int len, struct desparams *desp)

-	{

-	DES_key_schedule ks;

-	int enc;

-	DES_set_key_unchecked(&desp->des_key,&ks);

-	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;

-	if (desp->des_mode == CBC)

-		DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,

-				(DES_cblock *)desp->UDES.UDES_buf,&ks,

-				enc);

-	else

-		{

-		DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,

-				len,&ks,&desp->des_ivec,enc);

-#ifdef undef

-		/* len will always be %8 if called from common_crypt

-		 * in secure_rpc.

-		 * Libdes's cbc encrypt does not copy back the iv,

-		 * so we have to do it here. */

-		/* It does now :-) eay 20/09/95 */

-		a=(char *)&(desp->UDES.UDES_buf[len-8]);

-		b=(char *)&(desp->des_ivec[0]);

-		*(a++)= *(b++); *(a++)= *(b++);

-		*(a++)= *(b++); *(a++)= *(b++);

-		*(a++)= *(b++); *(a++)= *(b++);

-		*(a++)= *(b++); *(a++)= *(b++);

-#endif

-		}

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/rpw.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* crypto/des/rpw.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/des.h>

-int main(int argc, char *argv[])

-	{

-	DES_cblock k,k1;

-	int i;

-	printf("read passwd\n");

-	if ((i=des_read_password(&k,"Enter password:",0)) == 0)

-		{

-		printf("password = ");

-		for (i=0; i<8; i++)

-			printf("%02x ",k[i]);

-		}

-	else

-		printf("error %d\n",i);

-	printf("\n");

-	printf("read 2passwds and verify\n");

-	if ((i=des_read_2passwords(&k,&k1,

-		"Enter verified password:",1)) == 0)

-		{

-		printf("password1 = ");

-		for (i=0; i<8; i++)

-			printf("%02x ",k[i]);

-		printf("\n");

-		printf("password2 = ");

-		for (i=0; i<8; i++)

-			printf("%02x ",k1[i]);

-		printf("\n");

-		exit(1);

-		}

-	else

-		{

-		printf("error %d\n",i);

-		exit(0);

-		}

-#ifdef LINT

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/set_key.c

+++ /dev/null

@@ -1,407 +1,0 @@

-/* crypto/des/set_key.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* set_key.c v 1.4 eay 24/9/91

- * 1.4 Speed up by 400% :-)

- * 1.3 added register declarations.

- * 1.2 unrolled make_key_sched a bit more

- * 1.1 added norm_expand_bits

- * 1.0 First working version

- */

-#include "des_locl.h"

-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */

-static const unsigned char odd_parity[256]={

-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,

- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,

- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,

- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,

- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,

- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,

- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,

-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,

-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,

-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,

-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,

-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,

-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,

-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,

-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,

-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};

-void DES_set_odd_parity(DES_cblock *key)

-	{

-	unsigned int i;

-	for (i=0; i<DES_KEY_SZ; i++)

-		(*key)[i]=odd_parity[(*key)[i]];

-	}

-int DES_check_key_parity(const_DES_cblock *key)

-	{

-	unsigned int i;

-	for (i=0; i<DES_KEY_SZ; i++)

-		{

-		if ((*key)[i] != odd_parity[(*key)[i]])

-			return(0);

-		}

-	return(1);

-	}

-/* Weak and semi week keys as take from

- * %A D.W. Davies

- * %A W.L. Price

- * %T Security for Computer Networks

- * %I John Wiley & Sons

- * %D 1984

- * Many thanks to [email protected] (Steven Bellovin) for the reference

- * (and actual cblock values).

- */

-#define NUM_WEAK_KEY	16

-static const DES_cblock weak_keys[NUM_WEAK_KEY]={

-	/* weak keys */

-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},

-	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},

-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},

-	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},

-	/* semi-weak keys */

-	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},

-	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},

-	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},

-	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},

-	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},

-	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},

-	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},

-	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},

-	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},

-	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},

-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},

-	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};

-int DES_is_weak_key(const_DES_cblock *key)

-	{

-	int i;

-	for (i=0; i<NUM_WEAK_KEY; i++)

-		/* Added == 0 to comparison, I obviously don't run

-		 * this section very often :-(, thanks to

-		 * [email protected] for the fix

-		 * eay 93/06/29

-		 * Another problem, I was comparing only the first 4

-		 * bytes, 97/03/18 */

-		if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);

-	return(0);

-	}

-/* NOW DEFINED IN des_local.h

- * See ecb_encrypt.c for a pseudo description of these macros.

- * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\

- * 	(b)^=(t),\

- * 	(a)=((a)^((t)<<(n))))

- */

-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\

-	(a)=(a)^(t)^(t>>(16-(n))))

-static const DES_LONG des_skb[8][64]={

-	{

-	/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */

-	0x00000000L,0x00000010L,0x20000000L,0x20000010L,

-	0x00010000L,0x00010010L,0x20010000L,0x20010010L,

-	0x00000800L,0x00000810L,0x20000800L,0x20000810L,

-	0x00010800L,0x00010810L,0x20010800L,0x20010810L,

-	0x00000020L,0x00000030L,0x20000020L,0x20000030L,

-	0x00010020L,0x00010030L,0x20010020L,0x20010030L,

-	0x00000820L,0x00000830L,0x20000820L,0x20000830L,

-	0x00010820L,0x00010830L,0x20010820L,0x20010830L,

-	0x00080000L,0x00080010L,0x20080000L,0x20080010L,

-	0x00090000L,0x00090010L,0x20090000L,0x20090010L,

-	0x00080800L,0x00080810L,0x20080800L,0x20080810L,

-	0x00090800L,0x00090810L,0x20090800L,0x20090810L,

-	0x00080020L,0x00080030L,0x20080020L,0x20080030L,

-	0x00090020L,0x00090030L,0x20090020L,0x20090030L,

-	0x00080820L,0x00080830L,0x20080820L,0x20080830L,

-	0x00090820L,0x00090830L,0x20090820L,0x20090830L,

-	},{

-	/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */

-	0x00000000L,0x02000000L,0x00002000L,0x02002000L,

-	0x00200000L,0x02200000L,0x00202000L,0x02202000L,

-	0x00000004L,0x02000004L,0x00002004L,0x02002004L,

-	0x00200004L,0x02200004L,0x00202004L,0x02202004L,

-	0x00000400L,0x02000400L,0x00002400L,0x02002400L,

-	0x00200400L,0x02200400L,0x00202400L,0x02202400L,

-	0x00000404L,0x02000404L,0x00002404L,0x02002404L,

-	0x00200404L,0x02200404L,0x00202404L,0x02202404L,

-	0x10000000L,0x12000000L,0x10002000L,0x12002000L,

-	0x10200000L,0x12200000L,0x10202000L,0x12202000L,

-	0x10000004L,0x12000004L,0x10002004L,0x12002004L,

-	0x10200004L,0x12200004L,0x10202004L,0x12202004L,

-	0x10000400L,0x12000400L,0x10002400L,0x12002400L,

-	0x10200400L,0x12200400L,0x10202400L,0x12202400L,

-	0x10000404L,0x12000404L,0x10002404L,0x12002404L,

-	0x10200404L,0x12200404L,0x10202404L,0x12202404L,

-	},{

-	/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */

-	0x00000000L,0x00000001L,0x00040000L,0x00040001L,

-	0x01000000L,0x01000001L,0x01040000L,0x01040001L,

-	0x00000002L,0x00000003L,0x00040002L,0x00040003L,

-	0x01000002L,0x01000003L,0x01040002L,0x01040003L,

-	0x00000200L,0x00000201L,0x00040200L,0x00040201L,

-	0x01000200L,0x01000201L,0x01040200L,0x01040201L,

-	0x00000202L,0x00000203L,0x00040202L,0x00040203L,

-	0x01000202L,0x01000203L,0x01040202L,0x01040203L,

-	0x08000000L,0x08000001L,0x08040000L,0x08040001L,

-	0x09000000L,0x09000001L,0x09040000L,0x09040001L,

-	0x08000002L,0x08000003L,0x08040002L,0x08040003L,

-	0x09000002L,0x09000003L,0x09040002L,0x09040003L,

-	0x08000200L,0x08000201L,0x08040200L,0x08040201L,

-	0x09000200L,0x09000201L,0x09040200L,0x09040201L,

-	0x08000202L,0x08000203L,0x08040202L,0x08040203L,

-	0x09000202L,0x09000203L,0x09040202L,0x09040203L,

-	},{

-	/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */

-	0x00000000L,0x00100000L,0x00000100L,0x00100100L,

-	0x00000008L,0x00100008L,0x00000108L,0x00100108L,

-	0x00001000L,0x00101000L,0x00001100L,0x00101100L,

-	0x00001008L,0x00101008L,0x00001108L,0x00101108L,

-	0x04000000L,0x04100000L,0x04000100L,0x04100100L,

-	0x04000008L,0x04100008L,0x04000108L,0x04100108L,

-	0x04001000L,0x04101000L,0x04001100L,0x04101100L,

-	0x04001008L,0x04101008L,0x04001108L,0x04101108L,

-	0x00020000L,0x00120000L,0x00020100L,0x00120100L,

-	0x00020008L,0x00120008L,0x00020108L,0x00120108L,

-	0x00021000L,0x00121000L,0x00021100L,0x00121100L,

-	0x00021008L,0x00121008L,0x00021108L,0x00121108L,

-	0x04020000L,0x04120000L,0x04020100L,0x04120100L,

-	0x04020008L,0x04120008L,0x04020108L,0x04120108L,

-	0x04021000L,0x04121000L,0x04021100L,0x04121100L,

-	0x04021008L,0x04121008L,0x04021108L,0x04121108L,

-	},{

-	/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */

-	0x00000000L,0x10000000L,0x00010000L,0x10010000L,

-	0x00000004L,0x10000004L,0x00010004L,0x10010004L,

-	0x20000000L,0x30000000L,0x20010000L,0x30010000L,

-	0x20000004L,0x30000004L,0x20010004L,0x30010004L,

-	0x00100000L,0x10100000L,0x00110000L,0x10110000L,

-	0x00100004L,0x10100004L,0x00110004L,0x10110004L,

-	0x20100000L,0x30100000L,0x20110000L,0x30110000L,

-	0x20100004L,0x30100004L,0x20110004L,0x30110004L,

-	0x00001000L,0x10001000L,0x00011000L,0x10011000L,

-	0x00001004L,0x10001004L,0x00011004L,0x10011004L,

-	0x20001000L,0x30001000L,0x20011000L,0x30011000L,

-	0x20001004L,0x30001004L,0x20011004L,0x30011004L,

-	0x00101000L,0x10101000L,0x00111000L,0x10111000L,

-	0x00101004L,0x10101004L,0x00111004L,0x10111004L,

-	0x20101000L,0x30101000L,0x20111000L,0x30111000L,

-	0x20101004L,0x30101004L,0x20111004L,0x30111004L,

-	},{

-	/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */

-	0x00000000L,0x08000000L,0x00000008L,0x08000008L,

-	0x00000400L,0x08000400L,0x00000408L,0x08000408L,

-	0x00020000L,0x08020000L,0x00020008L,0x08020008L,

-	0x00020400L,0x08020400L,0x00020408L,0x08020408L,

-	0x00000001L,0x08000001L,0x00000009L,0x08000009L,

-	0x00000401L,0x08000401L,0x00000409L,0x08000409L,

-	0x00020001L,0x08020001L,0x00020009L,0x08020009L,

-	0x00020401L,0x08020401L,0x00020409L,0x08020409L,

-	0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,

-	0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,

-	0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,

-	0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,

-	0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,

-	0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,

-	0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,

-	0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,

-	},{

-	/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */

-	0x00000000L,0x00000100L,0x00080000L,0x00080100L,

-	0x01000000L,0x01000100L,0x01080000L,0x01080100L,

-	0x00000010L,0x00000110L,0x00080010L,0x00080110L,

-	0x01000010L,0x01000110L,0x01080010L,0x01080110L,

-	0x00200000L,0x00200100L,0x00280000L,0x00280100L,

-	0x01200000L,0x01200100L,0x01280000L,0x01280100L,

-	0x00200010L,0x00200110L,0x00280010L,0x00280110L,

-	0x01200010L,0x01200110L,0x01280010L,0x01280110L,

-	0x00000200L,0x00000300L,0x00080200L,0x00080300L,

-	0x01000200L,0x01000300L,0x01080200L,0x01080300L,

-	0x00000210L,0x00000310L,0x00080210L,0x00080310L,

-	0x01000210L,0x01000310L,0x01080210L,0x01080310L,

-	0x00200200L,0x00200300L,0x00280200L,0x00280300L,

-	0x01200200L,0x01200300L,0x01280200L,0x01280300L,

-	0x00200210L,0x00200310L,0x00280210L,0x00280310L,

-	0x01200210L,0x01200310L,0x01280210L,0x01280310L,

-	},{

-	/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */

-	0x00000000L,0x04000000L,0x00040000L,0x04040000L,

-	0x00000002L,0x04000002L,0x00040002L,0x04040002L,

-	0x00002000L,0x04002000L,0x00042000L,0x04042000L,

-	0x00002002L,0x04002002L,0x00042002L,0x04042002L,

-	0x00000020L,0x04000020L,0x00040020L,0x04040020L,

-	0x00000022L,0x04000022L,0x00040022L,0x04040022L,

-	0x00002020L,0x04002020L,0x00042020L,0x04042020L,

-	0x00002022L,0x04002022L,0x00042022L,0x04042022L,

-	0x00000800L,0x04000800L,0x00040800L,0x04040800L,

-	0x00000802L,0x04000802L,0x00040802L,0x04040802L,

-	0x00002800L,0x04002800L,0x00042800L,0x04042800L,

-	0x00002802L,0x04002802L,0x00042802L,0x04042802L,

-	0x00000820L,0x04000820L,0x00040820L,0x04040820L,

-	0x00000822L,0x04000822L,0x00040822L,0x04040822L,

-	0x00002820L,0x04002820L,0x00042820L,0x04042820L,

-	0x00002822L,0x04002822L,0x00042822L,0x04042822L,

-	}};

-int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)

-	{

-	if (DES_check_key)

-		{

-		return DES_set_key_checked(key, schedule);

-		}

-	else

-		{

-		DES_set_key_unchecked(key, schedule);

-		return 0;

-		}

-	}

-/* return 0 if key parity is odd (correct),

- * return -1 if key parity error,

- * return -2 if illegal weak key.

- */

-int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)

-	{

-	if (!DES_check_key_parity(key))

-		return(-1);

-	if (DES_is_weak_key(key))

-		return(-2);

-	DES_set_key_unchecked(key, schedule);

-	return 0;

-	}

-void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)

-	{

-	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};

-	register DES_LONG c,d,t,s,t2;

-	register const unsigned char *in;

-	register DES_LONG *k;

-	register int i;

-#ifdef OPENBSD_DEV_CRYPTO

-	memcpy(schedule->key,key,sizeof schedule->key);

-	schedule->session=NULL;

-#endif

-	k = &schedule->ks->deslong[0];

-	in = &(*key)[0];

-	c2l(in,c);

-	c2l(in,d);

-	/* do PC1 in 47 simple operations :-)

-	 * Thanks to John Fletcher ([email protected])

-	 * for the inspiration. :-) */

-	PERM_OP (d,c,t,4,0x0f0f0f0fL);

-	HPERM_OP(c,t,-2,0xcccc0000L);

-	HPERM_OP(d,t,-2,0xcccc0000L);

-	PERM_OP (d,c,t,1,0x55555555L);

-	PERM_OP (c,d,t,8,0x00ff00ffL);

-	PERM_OP (d,c,t,1,0x55555555L);

-	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |

-		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));

-	c&=0x0fffffffL;

-	for (i=0; i<ITERATIONS; i++)

-		{

-		if (shifts2[i])

-			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }

-		else

-			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }

-		c&=0x0fffffffL;

-		d&=0x0fffffffL;

-		/* could be a few less shifts but I am to lazy at this

-		 * point in time to investigate */

-		s=	des_skb[0][ (c    )&0x3f                ]|

-			des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|

-			des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|

-			des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |

-						  ((c>>22L)&0x38)];

-		t=	des_skb[4][ (d    )&0x3f                ]|

-			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|

-			des_skb[6][ (d>>15L)&0x3f                ]|

-			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];

-		/* table contained 0213 4657 */

-		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;

-		*(k++)=ROTATE(t2,30)&0xffffffffL;

-		t2=((s>>16L)|(t&0xffff0000L));

-		*(k++)=ROTATE(t2,26)&0xffffffffL;

-		}

-	}

-int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)

-	{

-	return(DES_set_key(key,schedule));

-	}

-/*

-#undef des_fixup_key_parity

-void des_fixup_key_parity(des_cblock *key)

-	{

-	des_set_odd_parity(key);

-	}

-*/

--- a/sys/src/ape/lib/openssl/crypto/des/speed.c

+++ /dev/null

@@ -1,314 +1,0 @@

-/* crypto/des/speed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#define crypt(c,s) (des_crypt((c),(s)))

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/des.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# ifndef CLK_TCK

-#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */

-#   define HZ	100.0

-#  else /* _BSD_CLK_TCK_ */

-#   define HZ ((double)_BSD_CLK_TCK_)

-#  endif

-# else /* CLK_TCK */

-#  define HZ ((double)CLK_TCK)

-# endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};

-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};

-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};

-	DES_key_schedule sch,sch2,sch3;

-	double a,b,c,d,e;

-#ifndef SIGALRM

-	long ca,cb,cc,cd,ce;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-	DES_set_key_unchecked(&key2,&sch2);

-	DES_set_key_unchecked(&key3,&sch3);

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	DES_set_key_unchecked(&key,&sch);

-	count=10;

-	do	{

-		long i;

-		DES_LONG data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			DES_encrypt1(data,&sch,DES_ENCRYPT);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count;

-	cb=count*3;

-	cc=count*3*8/BUFSIZE+1;

-	cd=count*8/BUFSIZE+1;

-	ce=count/20+1;

-	printf("Doing set_key %ld times\n",ca);

-#define COND(d)	(count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing set_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count++)

-		DES_set_key_unchecked(&key,&sch);

-	d=Time_F(STOP);

-	printf("%ld set_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing DES_encrypt's for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing DES_encrypt %ld times\n",cb);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cb); count++)

-		{

-		DES_LONG data[2];

-		DES_encrypt1(data,&sch,DES_ENCRYPT);

-		}

-	d=Time_F(STOP);

-	printf("%ld DES_encrypt's in %.2f second\n",count,d);

-	b=((double)COUNT(cb)*8)/d;

-#ifdef SIGALRM

-	printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,

-			&key,DES_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-#ifdef SIGALRM

-	printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cd); count++)

-		DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,

-			&sch,

-			&sch2,

-			&sch3,

-			&key,

-			DES_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	d=((double)COUNT(cd)*BUFSIZE)/d;

-#ifdef SIGALRM

-	printf("Doing crypt for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing crypt %ld times\n",ce);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ce); count++)

-		crypt("testing1","ef");

-	e=Time_F(STOP);

-	printf("%ld crypts in %.2f second\n",count,e);

-	e=((double)COUNT(ce))/e;

-	printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);

-	printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);

-	printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);

-	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);

-	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/spr.h

+++ /dev/null

@@ -1,204 +1,0 @@

-/* crypto/des/spr.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={

-{

-/* nibble 0 */

-0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,

-0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,

-0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,

-0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,

-0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,

-0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,

-0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,

-0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,

-0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,

-0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,

-0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,

-0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,

-0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,

-0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,

-0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,

-0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,

-},{

-/* nibble 1 */

-0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,

-0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,

-0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,

-0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,

-0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,

-0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,

-0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,

-0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,

-0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,

-0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,

-0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,

-0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,

-0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,

-0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,

-0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,

-0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,

-},{

-/* nibble 2 */

-0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,

-0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,

-0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,

-0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,

-0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,

-0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,

-0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,

-0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,

-0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,

-0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,

-0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,

-0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,

-0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,

-0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,

-0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,

-0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,

-},{

-/* nibble 3 */

-0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,

-0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,

-0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,

-0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,

-0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,

-0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,

-0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,

-0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,

-0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,

-0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,

-0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,

-0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,

-0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,

-0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,

-0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,

-0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,

-},{

-/* nibble 4 */

-0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,

-0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,

-0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,

-0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,

-0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,

-0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,

-0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,

-0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,

-0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,

-0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,

-0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,

-0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,

-0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,

-0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,

-0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,

-0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,

-},{

-/* nibble 5 */

-0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,

-0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,

-0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,

-0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,

-0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,

-0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,

-0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,

-0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,

-0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,

-0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,

-0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,

-0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,

-0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,

-0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,

-0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,

-0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,

-},{

-/* nibble 6 */

-0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,

-0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,

-0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,

-0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,

-0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,

-0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,

-0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,

-0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,

-0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,

-0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,

-0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,

-0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,

-0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,

-0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,

-0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,

-0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,

-},{

-/* nibble 7 */

-0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,

-0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,

-0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,

-0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,

-0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,

-0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,

-0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,

-0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,

-0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,

-0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,

-0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,

-0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,

-0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,

-0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,

-0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,

-0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,

-}};

--- a/sys/src/ape/lib/openssl/crypto/des/str2key.c

+++ /dev/null

@@ -1,174 +1,0 @@

-/* crypto/des/str2key.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-#include <openssl/crypto.h>

-void DES_string_to_key(const char *str, DES_cblock *key)

-	{

-	DES_key_schedule ks;

-	int i,length;

-	register unsigned char j;

-	memset(key,0,8);

-	length=strlen(str);

-#ifdef OLD_STR_TO_KEY

-	for (i=0; i<length; i++)

-		(*key)[i%8]^=(str[i]<<1);

-#else /* MIT COMPATIBLE */

-	for (i=0; i<length; i++)

-		{

-		j=str[i];

-		if ((i%16) < 8)

-			(*key)[i%8]^=(j<<1);

-		else

-			{

-			/* Reverse the bit order 05/05/92 eay */

-			j=((j<<4)&0xf0)|((j>>4)&0x0f);

-			j=((j<<2)&0xcc)|((j>>2)&0x33);

-			j=((j<<1)&0xaa)|((j>>1)&0x55);

-			(*key)[7-(i%8)]^=j;

-			}

-		}

-#endif

-	DES_set_odd_parity(key);

-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY

-	if(DES_is_weak_key(key))

-	    (*key)[7] ^= 0xF0;

-	DES_set_key(key,&ks);

-#else

-	DES_set_key_unchecked(key,&ks);

-#endif

-	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);

-	OPENSSL_cleanse(&ks,sizeof(ks));

-	DES_set_odd_parity(key);

-	}

-void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)

-	{

-	DES_key_schedule ks;

-	int i,length;

-	register unsigned char j;

-	memset(key1,0,8);

-	memset(key2,0,8);

-	length=strlen(str);

-#ifdef OLD_STR_TO_KEY

-	if (length <= 8)

-		{

-		for (i=0; i<length; i++)

-			{

-			(*key2)[i]=(*key1)[i]=(str[i]<<1);

-			}

-		}

-	else

-		{

-		for (i=0; i<length; i++)

-			{

-			if ((i/8)&1)

-				(*key2)[i%8]^=(str[i]<<1);

-			else

-				(*key1)[i%8]^=(str[i]<<1);

-			}

-		}

-#else /* MIT COMPATIBLE */

-	for (i=0; i<length; i++)

-		{

-		j=str[i];

-		if ((i%32) < 16)

-			{

-			if ((i%16) < 8)

-				(*key1)[i%8]^=(j<<1);

-			else

-				(*key2)[i%8]^=(j<<1);

-			}

-		else

-			{

-			j=((j<<4)&0xf0)|((j>>4)&0x0f);

-			j=((j<<2)&0xcc)|((j>>2)&0x33);

-			j=((j<<1)&0xaa)|((j>>1)&0x55);

-			if ((i%16) < 8)

-				(*key1)[7-(i%8)]^=j;

-			else

-				(*key2)[7-(i%8)]^=j;

-			}

-		}

-	if (length <= 8) memcpy(key2,key1,8);

-#endif

-	DES_set_odd_parity(key1);

-	DES_set_odd_parity(key2);

-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY

-	if(DES_is_weak_key(key1))

-	    (*key1)[7] ^= 0xF0;

-	DES_set_key(key1,&ks);

-#else

-	DES_set_key_unchecked(key1,&ks);

-#endif

-	DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);

-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY

-	if(DES_is_weak_key(key2))

-	    (*key2)[7] ^= 0xF0;

-	DES_set_key(key2,&ks);

-#else

-	DES_set_key_unchecked(key2,&ks);

-#endif

-	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);

-	OPENSSL_cleanse(&ks,sizeof(ks));

-	DES_set_odd_parity(key1);

-	DES_set_odd_parity(key2);

-	}

--- a/sys/src/ape/lib/openssl/crypto/des/t/test

+++ /dev/null

@@ -1,27 +1,0 @@

-#!./perl

-BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }

-use DES;

-$key='00000000';

-$ks=DES::set_key($key);

-@a=split(//,$ks);

-foreach (@a) { printf "%02x-",ord($_); }

-print "\n";

-$key=DES::random_key();

-print "($_)\n";

-@a=split(//,$key);

-foreach (@a) { printf "%02x-",ord($_); }

-print "\n";

-$str="this is and again into the breach";

-($k1,$k2)=DES::string_to_2keys($str);

-@a=split(//,$k1);

-foreach (@a) { printf "%02x-",ord($_); }

-print "\n";

-@a=split(//,$k2);

-foreach (@a) { printf "%02x-",ord($_); }

-print "\n";

--- a/sys/src/ape/lib/openssl/crypto/des/times/486-50.sol

+++ /dev/null

@@ -1,16 +1,0 @@

-Solaris 2.4, 486 50mhz, gcc 2.6.3

-options    des ecb/s

-16 r2 i     43552.51 100.0%

-16 r1 i     43487.45  99.9%

-16  c p     43003.23  98.7%

-16 r2 p     42339.00  97.2%

-16  c i     41900.91  96.2%

-16 r1 p     41360.64  95.0%

- 4  c i     38728.48  88.9%

- 4  c p     38225.63  87.8%

- 4 r1 i     38085.79  87.4%

- 4 r2 i     37825.64  86.9%

- 4 r2 p     34611.00  79.5%

- 4 r1 p     31802.00  73.0%

--DDES_UNROLL -DDES_RISC2

--- a/sys/src/ape/lib/openssl/crypto/des/times/586-100.lnx

+++ /dev/null

@@ -1,20 +1,0 @@

-Pentium 100

-Linux 2 kernel

-gcc 2.7.0 -O3 -fomit-frame-pointer

-No X server running, just a console, it makes the top speed jump from 151,000

-to 158,000 :-).

-options    des ecb/s

-assember   281000.00 177.1%

-16 r1 p    158667.40 100.0%

-16 r1 i    148471.70  93.6%

-16 r2 p    143961.80  90.7%

-16 r2 i    141689.20  89.3%

- 4 r1 i    140100.00  88.3%

- 4 r2 i    134049.40  84.5%

-16  c i    124145.20  78.2%

-16  c p    121584.20  76.6%

- 4  c i    118116.00  74.4%

- 4 r2 p    117977.90  74.4%

- 4  c p    114971.40  72.5%

- 4 r1 p    114578.40  72.2%

--DDES_UNROLL -DDES_RISC1 -DDES_PTR

--- a/sys/src/ape/lib/openssl/crypto/des/times/686-200.fre

+++ /dev/null

@@ -1,18 +1,0 @@

-Pentium 100

-Free BSD 2.1.5 kernel

-gcc 2.7.2.2 -O3 -fomit-frame-pointer

-options    des ecb/s

-assember   578000.00 133.1%

-16 r2 i    434454.80 100.0%

-16 r1 i    433621.43  99.8%

-16 r2 p    431375.69  99.3%

- 4 r1 i    423722.30  97.5%

- 4 r2 i    422399.40  97.2%

-16 r1 p    421739.40  97.1%

-16  c i    399027.94  91.8%

-16  c p    372251.70  85.7%

- 4  c i    365118.35  84.0%

- 4  c p    352880.51  81.2%

- 4 r2 p    255104.90  58.7%

- 4 r1 p    251289.18  57.8%

--DDES_UNROLL -DDES_RISC2

--- a/sys/src/ape/lib/openssl/crypto/des/times/aix.cc

+++ /dev/null

@@ -1,26 +1,0 @@

-From: Paco Garcia <[email protected]>

-This machine is a Bull Estrella  Minitower Model MT604-100

-Processor        : PPC604

-P.Speed          : 100Mhz

-Data/Instr Cache :    16 K

-L2 Cache         :   256 K

-PCI BUS Speed    :    33 Mhz

-TransfRate PCI   :   132 MB/s

-Memory           :    96 MB

-options    des ecb/s

- 4  c p    275118.61 100.0%

- 4  c i    273545.07  99.4%

- 4 r2 p    270441.02  98.3%

- 4 r1 p    253052.15  92.0%

- 4 r2 i    240842.97  87.5%

- 4 r1 i    240556.66  87.4%

-16  c i    224603.99  81.6%

-16  c p    224483.98  81.6%

-16 r2 p    215691.19  78.4%

-16 r1 p    208332.83  75.7%

-16 r1 i    199206.50  72.4%

-16 r2 i    198963.70  72.3%

--DDES_PTR

--- a/sys/src/ape/lib/openssl/crypto/des/times/alpha.cc

+++ /dev/null

@@ -1,18 +1,0 @@

-cc -O2

-DES_LONG is 'unsigned int'

-options    des ecb/s

- 4 r2 p    181146.14 100.0%

-16 r2 p    172102.94  95.0%

- 4 r2 i    165424.11  91.3%

-16  c p    160468.64  88.6%

- 4  c p    156653.59  86.5%

- 4  c i    155245.18  85.7%

- 4 r1 p    154729.68  85.4%

-16 r2 i    154137.69  85.1%

-16 r1 p    152357.96  84.1%

-16  c i    148743.91  82.1%

- 4 r1 i    146695.59  81.0%

-16 r1 i    144961.00  80.0%

--DDES_RISC2 -DDES_PTR

--- a/sys/src/ape/lib/openssl/crypto/des/times/hpux.cc

+++ /dev/null

@@ -1,17 +1,0 @@

-HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive

-options    des ecb/s

-16  c i    149448.90 100.0%

- 4  c i    145861.79  97.6%

-16 r2 i    141710.96  94.8%

-16 r1 i    139455.33  93.3%

- 4 r2 i    138800.00  92.9%

- 4 r1 i    136692.65  91.5%

-16 r2 p    110228.17  73.8%

-16 r1 p    109397.07  73.2%

-16  c p    109209.89  73.1%

- 4  c p    108014.71  72.3%

- 4 r2 p    107873.88  72.2%

- 4 r1 p    107685.83  72.1%

--DDES_UNROLL

--- a/sys/src/ape/lib/openssl/crypto/des/times/sparc.gcc

+++ /dev/null

@@ -1,17 +1,0 @@

-solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2

-options    des ecb/s

-16  c i    124382.70 100.0%

- 4  c i    118884.68  95.6%

-16  c p    112261.20  90.3%

-16 r2 i    111777.10  89.9%

-16 r2 p    108896.30  87.5%

-16 r1 p    108791.59  87.5%

- 4  c p    107290.10  86.3%

- 4 r1 p    104583.80  84.1%

-16 r1 i    104206.20  83.8%

- 4 r2 p    103709.80  83.4%

- 4 r2 i     98306.43  79.0%

- 4 r1 i     91525.80  73.6%

--DDES_UNROLL

--- a/sys/src/ape/lib/openssl/crypto/des/times/usparc.cc

+++ /dev/null

@@ -1,31 +1,0 @@

-solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5

-For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'

-gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.

-I belive the difference is tied up in optimisation that the compiler

-is able to perform when the code is 'inlined'.  For 'speed', the DES

-routines are being linked from a library.  I'll record the higher

-speed since if performance is everything, you can always inline

-'des_enc.c'.

-[ 16-Jan-06 - I've been playing with the

-  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'

-  and while it makes the des_opts numbers much slower, it makes the

-  actual 'speed' numbers look better which is a realistic version of

-  using the libraries. ]

-options    des ecb/s

-16 r1 p    475516.90 100.0%

-16 r2 p    439388.10  92.4%

-16  c i    427001.40  89.8%

-16  c p    419516.50  88.2%

- 4 r2 p    409491.70  86.1%

- 4 r1 p    404266.90  85.0%

- 4  c p    398121.00  83.7%

- 4  c i    370588.40  77.9%

- 4 r1 i    362742.20  76.3%

-16 r2 i    331275.50  69.7%

-16 r1 i    324730.60  68.3%

- 4 r2 i     63535.10  13.4%	<-- very very weird, must be cache problems.

--DDES_UNROLL -DDES_RISC1 -DDES_PTR

--- a/sys/src/ape/lib/openssl/crypto/des/typemap

+++ /dev/null

@@ -1,34 +1,0 @@

-#

-# DES SECTION

-#

-deschar *	T_DESCHARP

-des_cblock *	T_CBLOCK

-des_cblock	T_CBLOCK

-des_key_schedule	T_SCHEDULE

-des_key_schedule *	T_SCHEDULE

-INPUT

-T_CBLOCK

-	$var=(des_cblock *)SvPV($arg,len);

-	if (len < DES_KEY_SZ)

-		{

-		croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);

-		}

-T_SCHEDULE

-	$var=(des_key_schedule *)SvPV($arg,len);

-	if (len < DES_SCHEDULE_SZ)

-		{

-		croak(\"$var needs to be at least %u bytes long\",

-			DES_SCHEDULE_SZ);

-		}

-OUTPUT

-T_CBLOCK

-	sv_setpvn($arg,(char *)$var,DES_KEY_SZ);

-T_SCHEDULE

-	sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);

-T_DESCHARP

-	sv_setpvn($arg,(char *)$var,len);

--- a/sys/src/ape/lib/openssl/crypto/des/xcbc_enc.c

+++ /dev/null

@@ -1,195 +1,0 @@

-/* crypto/des/xcbc_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "des_locl.h"

-/* RSA's DESX */

-static unsigned char desx_white_in2out[256]={

-0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,

-0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,

-0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,

-0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,

-0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,

-0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,

-0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,

-0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,

-0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,

-0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,

-0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,

-0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,

-0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,

-0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,

-0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,

-0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,

-	};

-void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,

-	     DES_cblock *out_white)

-	{

-	int out0,out1;

-	int i;

-	const unsigned char *key = &(*des_key)[0];

-	const unsigned char *in = &(*in_white)[0];

-	unsigned char *out = &(*out_white)[0];

-	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;

-	out0=out1=0;

-	for (i=0; i<8; i++)

-		{

-		out[i]=key[i]^desx_white_in2out[out0^out1];

-		out0=out1;

-		out1=(int)out[i&0x07];

-		}

-	out0=out[0];

-	out1=out[i];

-	for (i=0; i<8; i++)

-		{

-		out[i]=in[i]^desx_white_in2out[out0^out1];

-		out0=out1;

-		out1=(int)out[i&0x07];

-		}

-	}

-void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,

-		      long length, DES_key_schedule *schedule,

-		      DES_cblock *ivec, const_DES_cblock *inw,

-		      const_DES_cblock *outw, int enc)

-	{

-	register DES_LONG tin0,tin1;

-	register DES_LONG tout0,tout1,xor0,xor1;

-	register DES_LONG inW0,inW1,outW0,outW1;

-	register const unsigned char *in2;

-	register long l=length;

-	DES_LONG tin[2];

-	unsigned char *iv;

-	in2 = &(*inw)[0];

-	c2l(in2,inW0);

-	c2l(in2,inW1);

-	in2 = &(*outw)[0];

-	c2l(in2,outW0);

-	c2l(in2,outW1);

-	iv = &(*ivec)[0];

-	if (enc)

-		{

-		c2l(iv,tout0);

-		c2l(iv,tout1);

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			tin0^=tout0^inW0; tin[0]=tin0;

-			tin1^=tout1^inW1; tin[1]=tin1;

-			DES_encrypt1(tin,schedule,DES_ENCRYPT);

-			tout0=tin[0]^outW0; l2c(tout0,out);

-			tout1=tin[1]^outW1; l2c(tout1,out);

-			}

-		if (l != -8)

-			{

-			c2ln(in,tin0,tin1,l+8);

-			tin0^=tout0^inW0; tin[0]=tin0;

-			tin1^=tout1^inW1; tin[1]=tin1;

-			DES_encrypt1(tin,schedule,DES_ENCRYPT);

-			tout0=tin[0]^outW0; l2c(tout0,out);

-			tout1=tin[1]^outW1; l2c(tout1,out);

-			}

-		iv = &(*ivec)[0];

-		l2c(tout0,iv);

-		l2c(tout1,iv);

-		}

-	else

-		{

-		c2l(iv,xor0);

-		c2l(iv,xor1);

-		for (l-=8; l>0; l-=8)

-			{

-			c2l(in,tin0); tin[0]=tin0^outW0;

-			c2l(in,tin1); tin[1]=tin1^outW1;

-			DES_encrypt1(tin,schedule,DES_DECRYPT);

-			tout0=tin[0]^xor0^inW0;

-			tout1=tin[1]^xor1^inW1;

-			l2c(tout0,out);

-			l2c(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			c2l(in,tin0); tin[0]=tin0^outW0;

-			c2l(in,tin1); tin[1]=tin1^outW1;

-			DES_encrypt1(tin,schedule,DES_DECRYPT);

-			tout0=tin[0]^xor0^inW0;

-			tout1=tin[1]^xor1^inW1;

-			l2cn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		iv = &(*ivec)[0];

-		l2c(xor0,iv);

-		l2c(xor1,iv);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	inW0=inW1=outW0=outW1=0;

-	tin[0]=tin[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/Makefile

+++ /dev/null

@@ -1,133 +1,0 @@

-#

-# OpenSSL/crypto/dh/Makefile

-#

-DIR=	dh

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST= dhtest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c

-LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o

-SRC= $(LIBSRC)

-EXHEADER= dh.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h

-dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

-dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c

-dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h

-dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dh_check.o: ../../include/openssl/opensslconf.h

-dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c

-dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h

-dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dh_depr.o: ../cryptlib.h dh_depr.c

-dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h

-dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dh_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dh_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dh_err.o: dh_err.c

-dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h

-dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dh_gen.o: ../cryptlib.h dh_gen.c

-dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h

-dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c

-dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h

-dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c

--- a/sys/src/ape/lib/openssl/crypto/dh/dh.h

+++ /dev/null

@@ -1,234 +1,0 @@

-/* crypto/dh/dh.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_DH_H

-#define HEADER_DH_H

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_DH

-#error DH is disabled.

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifndef OPENSSL_DH_MAX_MODULUS_BITS

-# define OPENSSL_DH_MAX_MODULUS_BITS	10000

-#endif

-#define DH_FLAG_CACHE_MONT_P     0x01

-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH

-                                       * implementation now uses constant time

-                                       * modular exponentiation for secret exponents

-                                       * by default. This flag causes the

-                                       * faster variable sliding window method to

-                                       * be used for all exponents.

-                                       */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct dh_st DH; */

-/* typedef struct dh_method DH_METHOD; */

-struct dh_method

-	{

-	const char *name;

-	/* Methods here */

-	int (*generate_key)(DH *dh);

-	int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);

-	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,

-				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-				BN_MONT_CTX *m_ctx); /* Can be null */

-	int (*init)(DH *dh);

-	int (*finish)(DH *dh);

-	int flags;

-	char *app_data;

-	/* If this is non-NULL, it will be used to generate parameters */

-	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);

-	};

-struct dh_st

-	{

-	/* This first argument is used to pick up errors when

-	 * a DH is passed instead of a EVP_PKEY */

-	int pad;

-	int version;

-	BIGNUM *p;

-	BIGNUM *g;

-	long length; /* optional */

-	BIGNUM *pub_key;	/* g^x */

-	BIGNUM *priv_key;	/* x */

-	int flags;

-	BN_MONT_CTX *method_mont_p;

-	/* Place holders if we want to do X9.42 DH */

-	BIGNUM *q;

-	BIGNUM *j;

-	unsigned char *seed;

-	int seedlen;

-	BIGNUM *counter;

-	int references;

-	CRYPTO_EX_DATA ex_data;

-	const DH_METHOD *meth;

-	ENGINE *engine;

-	};

-#define DH_GENERATOR_2		2

-/* #define DH_GENERATOR_3	3 */

-#define DH_GENERATOR_5		5

-/* DH_check error codes */

-#define DH_CHECK_P_NOT_PRIME		0x01

-#define DH_CHECK_P_NOT_SAFE_PRIME	0x02

-#define DH_UNABLE_TO_CHECK_GENERATOR	0x04

-#define DH_NOT_SUITABLE_GENERATOR	0x08

-/* DH_check_pub_key error codes */

-#define DH_CHECK_PUBKEY_TOO_SMALL	0x01

-#define DH_CHECK_PUBKEY_TOO_LARGE	0x02

-/* primes p where (p-1)/2 is prime too are called "safe"; we define

-   this for backward compatibility: */

-#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME

-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)

-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \

-		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))

-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \

-		(unsigned char *)(x))

-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)

-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)

-const DH_METHOD *DH_OpenSSL(void);

-void DH_set_default_method(const DH_METHOD *meth);

-const DH_METHOD *DH_get_default_method(void);

-int DH_set_method(DH *dh, const DH_METHOD *meth);

-DH *DH_new_method(ENGINE *engine);

-DH *	DH_new(void);

-void	DH_free(DH *dh);

-int	DH_up_ref(DH *dh);

-int	DH_size(const DH *dh);

-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int DH_set_ex_data(DH *d, int idx, void *arg);

-void *DH_get_ex_data(DH *d, int idx);

-/* Deprecated version */

-#ifndef OPENSSL_NO_DEPRECATED

-DH *	DH_generate_parameters(int prime_len,int generator,

-		void (*callback)(int,int,void *),void *cb_arg);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* New version */

-int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);

-int	DH_check(const DH *dh,int *codes);

-int	DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);

-int	DH_generate_key(DH *dh);

-int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);

-DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);

-int	i2d_DHparams(const DH *a,unsigned char **pp);

-#ifndef OPENSSL_NO_FP_API

-int	DHparams_print_fp(FILE *fp, const DH *x);

-#endif

-#ifndef OPENSSL_NO_BIO

-int	DHparams_print(BIO *bp, const DH *x);

-#else

-int	DHparams_print(char *bp, const DH *x);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_DH_strings(void);

-/* Error codes for the DH functions. */

-/* Function codes. */

-#define DH_F_COMPUTE_KEY				 102

-#define DH_F_DHPARAMS_PRINT				 100

-#define DH_F_DHPARAMS_PRINT_FP				 101

-#define DH_F_DH_BUILTIN_GENPARAMS			 106

-#define DH_F_DH_NEW_METHOD				 105

-#define DH_F_GENERATE_KEY				 103

-#define DH_F_GENERATE_PARAMETERS			 104

-/* Reason codes. */

-#define DH_R_BAD_GENERATOR				 101

-#define DH_R_INVALID_PUBKEY				 102

-#define DH_R_MODULUS_TOO_LARGE				 103

-#define DH_R_NO_PRIVATE_VALUE				 100

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dh/dh1024.pem

+++ /dev/null

@@ -1,5 +1,0 @@

------BEGIN DH PARAMETERS-----

-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq

-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx

-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC

------END DH PARAMETERS-----

--- a/sys/src/ape/lib/openssl/crypto/dh/dh192.pem

+++ /dev/null

@@ -1,3 +1,0 @@

------BEGIN DH PARAMETERS-----

-MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=

------END DH PARAMETERS-----

--- a/sys/src/ape/lib/openssl/crypto/dh/dh2048.pem

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN DH PARAMETERS-----

-MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o

-AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh

-z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo

-pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW

-aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA

-Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==

------END DH PARAMETERS-----

------BEGIN DH PARAMETERS-----

-MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5

-8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F

-SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt

-gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok

-yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N

-a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==

------END DH PARAMETERS-----

--- a/sys/src/ape/lib/openssl/crypto/dh/dh4096.pem

+++ /dev/null

@@ -1,14 +1,0 @@

------BEGIN DH PARAMETERS-----

-MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7

-vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H

-TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF

-bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1

-rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE

-EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9

-bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3

-W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH

-ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb

-NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR

-jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=

------END DH PARAMETERS-----

--- a/sys/src/ape/lib/openssl/crypto/dh/dh512.pem

+++ /dev/null

@@ -1,4 +1,0 @@

------BEGIN DH PARAMETERS-----

-MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn

-a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC

------END DH PARAMETERS-----

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_asn1.c

+++ /dev/null

@@ -1,87 +1,0 @@

-/* dh_asn1.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-#include <openssl/objects.h>

-#include <openssl/asn1t.h>

-/* Override the default free and new methods */

-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_NEW_PRE) {

-		*pval = (ASN1_VALUE *)DH_new();

-		if(*pval) return 2;

-		return 0;

-	} else if(operation == ASN1_OP_FREE_PRE) {

-		DH_free((DH *)*pval);

-		*pval = NULL;

-		return 2;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(DHparams, dh_cb) = {

-	ASN1_SIMPLE(DH, p, BIGNUM),

-	ASN1_SIMPLE(DH, g, BIGNUM),

-	ASN1_OPT(DH, length, ZLONG),

-} ASN1_SEQUENCE_END_cb(DH, DHparams)

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_check.c

+++ /dev/null

@@ -1,142 +1,0 @@

-/* crypto/dh/dh_check.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-/* Check that p is a safe prime and

- * if g is 2, 3 or 5, check that it is a suitable generator

- * where

- * for 2, p mod 24 == 11

- * for 3, p mod 12 == 5

- * for 5, p mod 10 == 3 or 7

- * should hold.

- */

-int DH_check(const DH *dh, int *ret)

-	{

-	int ok=0;

-	BN_CTX *ctx=NULL;

-	BN_ULONG l;

-	BIGNUM *q=NULL;

-	*ret=0;

-	ctx=BN_CTX_new();

-	if (ctx == NULL) goto err;

-	q=BN_new();

-	if (q == NULL) goto err;

-	if (BN_is_word(dh->g,DH_GENERATOR_2))

-		{

-		l=BN_mod_word(dh->p,24);

-		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;

-		}

-#if 0

-	else if (BN_is_word(dh->g,DH_GENERATOR_3))

-		{

-		l=BN_mod_word(dh->p,12);

-		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;

-		}

-#endif

-	else if (BN_is_word(dh->g,DH_GENERATOR_5))

-		{

-		l=BN_mod_word(dh->p,10);

-		if ((l != 3) && (l != 7))

-			*ret|=DH_NOT_SUITABLE_GENERATOR;

-		}

-	else

-		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;

-	if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))

-		*ret|=DH_CHECK_P_NOT_PRIME;

-	else

-		{

-		if (!BN_rshift1(q,dh->p)) goto err;

-		if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))

-			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;

-		}

-	ok=1;

-err:

-	if (ctx != NULL) BN_CTX_free(ctx);

-	if (q != NULL) BN_free(q);

-	return(ok);

-	}

-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)

-	{

-	int ok=0;

-	BIGNUM *q=NULL;

-	*ret=0;

-	q=BN_new();

-	if (q == NULL) goto err;

-	BN_set_word(q,1);

-	if (BN_cmp(pub_key,q) <= 0)

-		*ret|=DH_CHECK_PUBKEY_TOO_SMALL;

-	BN_copy(q,dh->p);

-	BN_sub_word(q,1);

-	if (BN_cmp(pub_key,q) >= 0)

-		*ret|=DH_CHECK_PUBKEY_TOO_LARGE;

-	ok = 1;

-err:

-	if (q != NULL) BN_free(q);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_depr.c

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/dh/dh_depr.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* This file contains deprecated functions as wrappers to the new ones */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-static void *dummy=&dummy;

-#ifndef OPENSSL_NO_DEPRECATED

-DH *DH_generate_parameters(int prime_len, int generator,

-	     void (*callback)(int,int,void *), void *cb_arg)

-	{

-	BN_GENCB cb;

-	DH *ret=NULL;

-	if((ret=DH_new()) == NULL)

-		return NULL;

-	BN_GENCB_set_old(&cb, callback, cb_arg);

-	if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))

-		return ret;

-	DH_free(ret);

-	return NULL;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_err.c

+++ /dev/null

@@ -1,104 +1,0 @@

-/* crypto/dh/dh_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/dh.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)

-static ERR_STRING_DATA DH_str_functs[]=

-	{

-{ERR_FUNC(DH_F_COMPUTE_KEY),	"COMPUTE_KEY"},

-{ERR_FUNC(DH_F_DHPARAMS_PRINT),	"DHparams_print"},

-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),	"DHparams_print_fp"},

-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},

-{ERR_FUNC(DH_F_DH_NEW_METHOD),	"DH_new_method"},

-{ERR_FUNC(DH_F_GENERATE_KEY),	"GENERATE_KEY"},

-{ERR_FUNC(DH_F_GENERATE_PARAMETERS),	"GENERATE_PARAMETERS"},

-{0,NULL}

-	};

-static ERR_STRING_DATA DH_str_reasons[]=

-	{

-{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},

-{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},

-{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},

-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},

-{0,NULL}

-	};

-#endif

-void ERR_load_DH_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(DH_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,DH_str_functs);

-		ERR_load_strings(0,DH_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_gen.c

+++ /dev/null

@@ -1,175 +1,0 @@

-/* crypto/dh/dh_gen.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* NB: These functions have been upgraded - the previous prototypes are in

- * dh_depr.c as wrappers to these ones.

- *  - Geoff

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);

-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)

-	{

-	if(ret->meth->generate_params)

-		return ret->meth->generate_params(ret, prime_len, generator, cb);

-	return dh_builtin_genparams(ret, prime_len, generator, cb);

-	}

-/* We generate DH parameters as follows

- * find a prime q which is prime_len/2 bits long.

- * p=(2*q)+1 or (p-1)/2 = q

- * For this case, g is a generator if

- * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.

- * Since the factors of p-1 are q and 2, we just need to check

- * g^2 mod p != 1 and g^q mod p != 1.

- *

- * Having said all that,

- * there is another special case method for the generators 2, 3 and 5.

- * for 2, p mod 24 == 11

- * for 3, p mod 12 == 5  <<<<< does not work for safe primes.

- * for 5, p mod 10 == 3 or 7

- *

- * Thanks to Phil Karn <[email protected]> for the pointers about the

- * special generators and for answering some of my questions.

- *

- * I've implemented the second simple method :-).

- * Since DH should be using a safe prime (both p and q are prime),

- * this generator function can take a very very long time to run.

- */

-/* Actually there is no reason to insist that 'generator' be a generator.

- * It's just as OK (and in some sense better) to use a generator of the

- * order-q subgroup.

- */

-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)

-	{

-	BIGNUM *t1,*t2;

-	int g,ok= -1;

-	BN_CTX *ctx=NULL;

-	ctx=BN_CTX_new();

-	if (ctx == NULL) goto err;

-	BN_CTX_start(ctx);

-	t1 = BN_CTX_get(ctx);

-	t2 = BN_CTX_get(ctx);

-	if (t1 == NULL || t2 == NULL) goto err;

-	/* Make sure 'ret' has the necessary elements */

-	if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;

-	if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;

-	if (generator <= 1)

-		{

-		DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);

-		goto err;

-		}

-	if (generator == DH_GENERATOR_2)

-		{

-		if (!BN_set_word(t1,24)) goto err;

-		if (!BN_set_word(t2,11)) goto err;

-		g=2;

-		}

-#if 0 /* does not work for safe primes */

-	else if (generator == DH_GENERATOR_3)

-		{

-		if (!BN_set_word(t1,12)) goto err;

-		if (!BN_set_word(t2,5)) goto err;

-		g=3;

-		}

-#endif

-	else if (generator == DH_GENERATOR_5)

-		{

-		if (!BN_set_word(t1,10)) goto err;

-		if (!BN_set_word(t2,3)) goto err;

-		/* BN_set_word(t3,7); just have to miss

-		 * out on these ones :-( */

-		g=5;

-		}

-	else

-		{

-		/* in the general case, don't worry if 'generator' is a

-		 * generator or not: since we are using safe primes,

-		 * it will generate either an order-q or an order-2q group,

-		 * which both is OK */

-		if (!BN_set_word(t1,2)) goto err;

-		if (!BN_set_word(t2,1)) goto err;

-		g=generator;

-		}

-	if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;

-	if(!BN_GENCB_call(cb, 3, 0)) goto err;

-	if (!BN_set_word(ret->g,g)) goto err;

-	ok=1;

-err:

-	if (ok == -1)

-		{

-		DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);

-		ok=0;

-		}

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	return ok;

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_key.c

+++ /dev/null

@@ -1,263 +1,0 @@

-/* crypto/dh/dh_key.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rand.h>

-#include <openssl/dh.h>

-static int generate_key(DH *dh);

-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);

-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,

-			const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *m, BN_CTX *ctx,

-			BN_MONT_CTX *m_ctx);

-static int dh_init(DH *dh);

-static int dh_finish(DH *dh);

-int DH_generate_key(DH *dh)

-	{

-	return dh->meth->generate_key(dh);

-	}

-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)

-	{

-	return dh->meth->compute_key(key, pub_key, dh);

-	}

-static DH_METHOD dh_ossl = {

-"OpenSSL DH Method",

-generate_key,

-compute_key,

-dh_bn_mod_exp,

-dh_init,

-dh_finish,

-0,

-NULL,

-NULL

-};

-const DH_METHOD *DH_OpenSSL(void)

-{

-	return &dh_ossl;

-}

-static int generate_key(DH *dh)

-	{

-	int ok=0;

-	int generate_new_key=0;

-	unsigned l;

-	BN_CTX *ctx;

-	BN_MONT_CTX *mont=NULL;

-	BIGNUM *pub_key=NULL,*priv_key=NULL;

-	ctx = BN_CTX_new();

-	if (ctx == NULL) goto err;

-	if (dh->priv_key == NULL)

-		{

-		priv_key=BN_new();

-		if (priv_key == NULL) goto err;

-		generate_new_key=1;

-		}

-	else

-		priv_key=dh->priv_key;

-	if (dh->pub_key == NULL)

-		{

-		pub_key=BN_new();

-		if (pub_key == NULL) goto err;

-		}

-	else

-		pub_key=dh->pub_key;

-	if (dh->flags & DH_FLAG_CACHE_MONT_P)

-		{

-		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,

-				CRYPTO_LOCK_DH, dh->p, ctx);

-		if (!mont)

-			goto err;

-		}

-	if (generate_new_key)

-		{

-		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */

-		if (!BN_rand(priv_key, l, 0, 0)) goto err;

-		}

-	{

-		BIGNUM local_prk;

-		BIGNUM *prk;

-		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)

-			{

-			BN_init(&local_prk);

-			prk = &local_prk;

-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);

-			}

-		else

-			prk = priv_key;

-		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;

-	}

-	dh->pub_key=pub_key;

-	dh->priv_key=priv_key;

-	ok=1;

-err:

-	if (ok != 1)

-		DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);

-	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);

-	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);

-	BN_CTX_free(ctx);

-	return(ok);

-	}

-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)

-	{

-	BN_CTX *ctx=NULL;

-	BN_MONT_CTX *mont=NULL;

-	BIGNUM *tmp;

-	int ret= -1;

-        int check_result;

-	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)

-		{

-		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);

-		goto err;

-		}

-	ctx = BN_CTX_new();

-	if (ctx == NULL) goto err;

-	BN_CTX_start(ctx);

-	tmp = BN_CTX_get(ctx);

-	if (dh->priv_key == NULL)

-		{

-		DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);

-		goto err;

-		}

-	if (dh->flags & DH_FLAG_CACHE_MONT_P)

-		{

-		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,

-				CRYPTO_LOCK_DH, dh->p, ctx);

-		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)

-			{

-			/* XXX */

-			BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);

-			}

-		if (!mont)

-			goto err;

-		}

-        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)

-		{

-		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);

-		goto err;

-		}

-	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))

-		{

-		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);

-		goto err;

-		}

-	ret=BN_bn2bin(tmp,key);

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	return(ret);

-	}

-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,

-			const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *m, BN_CTX *ctx,

-			BN_MONT_CTX *m_ctx)

-	{

-	/* If a is only one word long and constant time is false, use the faster

-	 * exponenentiation function.

-	 */

-	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))

-		{

-		BN_ULONG A = a->d[0];

-		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);

-		}

-	else

-		return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);

-	}

-static int dh_init(DH *dh)

-	{

-	dh->flags |= DH_FLAG_CACHE_MONT_P;

-	return(1);

-	}

-static int dh_finish(DH *dh)

-	{

-	if(dh->method_mont_p)

-		BN_MONT_CTX_free(dh->method_mont_p);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/dh_lib.c

+++ /dev/null

@@ -1,247 +1,0 @@

-/* crypto/dh/dh_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dh.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;

-static const DH_METHOD *default_DH_method = NULL;

-void DH_set_default_method(const DH_METHOD *meth)

-	{

-	default_DH_method = meth;

-	}

-const DH_METHOD *DH_get_default_method(void)

-	{

-	if(!default_DH_method)

-		default_DH_method = DH_OpenSSL();

-	return default_DH_method;

-	}

-int DH_set_method(DH *dh, const DH_METHOD *meth)

-	{

-	/* NB: The caller is specifically setting a method, so it's not up to us

-	 * to deal with which ENGINE it comes from. */

-        const DH_METHOD *mtmp;

-        mtmp = dh->meth;

-        if (mtmp->finish) mtmp->finish(dh);

-#ifndef OPENSSL_NO_ENGINE

-	if (dh->engine)

-		{

-		ENGINE_finish(dh->engine);

-		dh->engine = NULL;

-		}

-#endif

-        dh->meth = meth;

-        if (meth->init) meth->init(dh);

-        return 1;

-	}

-DH *DH_new(void)

-	{

-	return DH_new_method(NULL);

-	}

-DH *DH_new_method(ENGINE *engine)

-	{

-	DH *ret;

-	ret=(DH *)OPENSSL_malloc(sizeof(DH));

-	if (ret == NULL)

-		{

-		DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->meth = DH_get_default_method();

-#ifndef OPENSSL_NO_ENGINE

-	if (engine)

-		{

-		if (!ENGINE_init(engine))

-			{

-			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		ret->engine = engine;

-		}

-	else

-		ret->engine = ENGINE_get_default_DH();

-	if(ret->engine)

-		{

-		ret->meth = ENGINE_get_DH(ret->engine);

-		if(!ret->meth)

-			{

-			DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);

-			ENGINE_finish(ret->engine);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		}

-#endif

-	ret->pad=0;

-	ret->version=0;

-	ret->p=NULL;

-	ret->g=NULL;

-	ret->length=0;

-	ret->pub_key=NULL;

-	ret->priv_key=NULL;

-	ret->q=NULL;

-	ret->j=NULL;

-	ret->seed = NULL;

-	ret->seedlen = 0;

-	ret->counter = NULL;

-	ret->method_mont_p=NULL;

-	ret->references = 1;

-	ret->flags=ret->meth->flags;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);

-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))

-		{

-#ifndef OPENSSL_NO_ENGINE

-		if (ret->engine)

-			ENGINE_finish(ret->engine);

-#endif

-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-void DH_free(DH *r)

-	{

-	int i;

-	if(r == NULL) return;

-	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);

-#ifdef REF_PRINT

-	REF_PRINT("DH",r);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"DH_free, bad reference count\n");

-		abort();

-	}

-#endif

-	if (r->meth->finish)

-		r->meth->finish(r);

-#ifndef OPENSSL_NO_ENGINE

-	if (r->engine)

-		ENGINE_finish(r->engine);

-#endif

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);

-	if (r->p != NULL) BN_clear_free(r->p);

-	if (r->g != NULL) BN_clear_free(r->g);

-	if (r->q != NULL) BN_clear_free(r->q);

-	if (r->j != NULL) BN_clear_free(r->j);

-	if (r->seed) OPENSSL_free(r->seed);

-	if (r->counter != NULL) BN_clear_free(r->counter);

-	if (r->pub_key != NULL) BN_clear_free(r->pub_key);

-	if (r->priv_key != NULL) BN_clear_free(r->priv_key);

-	OPENSSL_free(r);

-	}

-int DH_up_ref(DH *r)

-	{

-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);

-#ifdef REF_PRINT

-	REF_PRINT("DH",r);

-#endif

-#ifdef REF_CHECK

-	if (i < 2)

-		{

-		fprintf(stderr, "DH_up, bad reference count\n");

-		abort();

-		}

-#endif

-	return ((i > 1) ? 1 : 0);

-	}

-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-        {

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,

-				new_func, dup_func, free_func);

-        }

-int DH_set_ex_data(DH *d, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));

-	}

-void *DH_get_ex_data(DH *d, int idx)

-	{

-	return(CRYPTO_get_ex_data(&d->ex_data,idx));

-	}

-int DH_size(const DH *dh)

-	{

-	return(BN_num_bytes(dh->p));

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/dhtest.c

+++ /dev/null

@@ -1,226 +1,0 @@

-/* crypto/dh/dhtest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../e_os.h"

-#include <openssl/crypto.h>

-#include <openssl/bio.h>

-#include <openssl/bn.h>

-#include <openssl/rand.h>

-#include <openssl/err.h>

-#ifdef OPENSSL_NO_DH

-int main(int argc, char *argv[])

-{

-    printf("No DH support\n");

-    return(0);

-}

-#else

-#include <openssl/dh.h>

-#ifdef OPENSSL_SYS_WIN16

-#define MS_CALLBACK	_far _loadds

-#else

-#define MS_CALLBACK

-#endif

-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-int main(int argc, char *argv[])

-	{

-	BN_GENCB _cb;

-	DH *a;

-	DH *b=NULL;

-	char buf[12];

-	unsigned char *abuf=NULL,*bbuf=NULL;

-	int i,alen,blen,aout,bout,ret=1;

-	BIO *out;

-	CRYPTO_malloc_debug_init();

-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-#ifdef OPENSSL_SYS_WIN32

-	CRYPTO_malloc_init();

-#endif

-	RAND_seed(rnd_seed, sizeof rnd_seed);

-	out=BIO_new(BIO_s_file());

-	if (out == NULL) EXIT(1);

-	BIO_set_fp(out,stdout,BIO_NOCLOSE);

-	BN_GENCB_set(&_cb, &cb, out);

-	if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,

-				DH_GENERATOR_5, &_cb))

-		goto err;

-	if (!DH_check(a, &i)) goto err;

-	if (i & DH_CHECK_P_NOT_PRIME)

-		BIO_puts(out, "p value is not prime\n");

-	if (i & DH_CHECK_P_NOT_SAFE_PRIME)

-		BIO_puts(out, "p value is not a safe prime\n");

-	if (i & DH_UNABLE_TO_CHECK_GENERATOR)

-		BIO_puts(out, "unable to check the generator value\n");

-	if (i & DH_NOT_SUITABLE_GENERATOR)

-		BIO_puts(out, "the g value is not a generator\n");

-	BIO_puts(out,"\np    =");

-	BN_print(out,a->p);

-	BIO_puts(out,"\ng    =");

-	BN_print(out,a->g);

-	BIO_puts(out,"\n");

-	b=DH_new();

-	if (b == NULL) goto err;

-	b->p=BN_dup(a->p);

-	b->g=BN_dup(a->g);

-	if ((b->p == NULL) || (b->g == NULL)) goto err;

-	/* Set a to run with normal modexp and b to use constant time */

-	a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;

-	b->flags |= DH_FLAG_NO_EXP_CONSTTIME;

-	if (!DH_generate_key(a)) goto err;

-	BIO_puts(out,"pri 1=");

-	BN_print(out,a->priv_key);

-	BIO_puts(out,"\npub 1=");

-	BN_print(out,a->pub_key);

-	BIO_puts(out,"\n");

-	if (!DH_generate_key(b)) goto err;

-	BIO_puts(out,"pri 2=");

-	BN_print(out,b->priv_key);

-	BIO_puts(out,"\npub 2=");

-	BN_print(out,b->pub_key);

-	BIO_puts(out,"\n");

-	alen=DH_size(a);

-	abuf=(unsigned char *)OPENSSL_malloc(alen);

-	aout=DH_compute_key(abuf,b->pub_key,a);

-	BIO_puts(out,"key1 =");

-	for (i=0; i<aout; i++)

-		{

-		sprintf(buf,"%02X",abuf[i]);

-		BIO_puts(out,buf);

-		}

-	BIO_puts(out,"\n");

-	blen=DH_size(b);

-	bbuf=(unsigned char *)OPENSSL_malloc(blen);

-	bout=DH_compute_key(bbuf,a->pub_key,b);

-	BIO_puts(out,"key2 =");

-	for (i=0; i<bout; i++)

-		{

-		sprintf(buf,"%02X",bbuf[i]);

-		BIO_puts(out,buf);

-		}

-	BIO_puts(out,"\n");

-	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))

-		{

-		fprintf(stderr,"Error in DH routines\n");

-		ret=1;

-		}

-	else

-		ret=0;

-err:

-	ERR_print_errors_fp(stderr);

-	if (abuf != NULL) OPENSSL_free(abuf);

-	if (bbuf != NULL) OPENSSL_free(bbuf);

-	if(b != NULL) DH_free(b);

-	if(a != NULL) DH_free(a);

-	BIO_free(out);

-#ifdef OPENSSL_SYS_NETWARE

-    if (ret) printf("ERROR: %d\n", ret);

-#endif

-	EXIT(ret);

-	return(ret);

-	}

-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write(arg->arg,&c,1);

-	(void)BIO_flush(arg->arg);

-#ifdef LINT

-	p=n;

-#endif

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dh/example

+++ /dev/null

@@ -1,50 +1,0 @@

-From [email protected] Mon Sep 25 10:50:51 1995

-Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562

-  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000

-Received: by minbne.mincom.oz.au id AA19958

-  (5.65c/IDA-1.4.4 for [email protected]); Wed, 27 Sep 1995 19:34:59 +1000

-Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);

-          Wed, 27 Sep 1995 19:13:05 +1000

-Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;

-          Wed, 27 Sep 1995 04:48:46 -0400

-Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT

-Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT

-Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14])

-          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442

-          for <[email protected]>; Mon, 25 Sep 1995 17:52:47 -0700

-Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1)

-          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700

-Date: Mon, 25 Sep 1995 17:50:51 -0700

-From: Phil Karn <[email protected]>

-Message-Id: <[email protected]>

-To: [email protected], [email protected]

-Subject: Primality verification needed

-Sender: [email protected]

-Precedence: bulk

-Status: RO

-X-Status:

-Hi. I've generated a 2047-bit "strong" prime number that I would like to

-use with Diffie-Hellman key exchange. I assert that not only is this number

-'p' prime, but so is (p-1)/2.

-I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version

-1.3.2 to test this number. This function uses the Miller-Rabin primality test.

-However, to increase my confidence that this number really is a strong prime,

-I'd like to ask others to confirm it with other tests. Here's the number in hex:

-72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e

-fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a

-a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65

-fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2

-3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0

-ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3

-56a05180c3bec7ddd5ef6fe76b1f717b

-The generator, g, for this prime is 2.

-Thanks!

-Phil Karn

--- a/sys/src/ape/lib/openssl/crypto/dh/generate

+++ /dev/null

@@ -1,65 +1,0 @@

-From: [email protected] (Bill Stewart)

-Newsgroups: sci.crypt

-Subject: Re: Diffie-Hellman key exchange

-Date: Wed, 11 Oct 1995 23:08:28 GMT

-Organization: Freelance Information Architect

-Lines: 32

-Message-ID: <[email protected]>

-References: <[email protected]>

-NNTP-Posting-Host: ix-pl4-16.ix.netcom.com

-X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995

-X-Newsreader: Forte Free Agent 1.0.82

-Kent Briggs <[email protected]> wrote:

->I have a copy of the 1976 IEEE article describing the

->Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm

->looking for sources that give examples of secure a,q pairs and

->possible some source code that I could examine.

-q should be prime, and ideally should be a "strong prime",

-which means it's of the form 2n+1 where n is also prime.

-q also needs to be long enough to prevent the attacks LaMacchia and

-Odlyzko described (some variant on a factoring attack which generates

-a large pile of simultaneous equations and then solves them);

-long enough is about the same size as factoring, so 512 bits may not

-be secure enough for most applications.  (The 192 bits used by

-"secure NFS" was certainly not long enough.)

-a should be a generator for q, which means it needs to be

-relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will

-work.

-....

-Date: Tue, 26 Sep 1995 13:52:36 MST

-From: "Richard Schroeppel" <[email protected]>

-To: karn

-Cc: [email protected]

-Subject: random large primes

-Since your prime is really random, proving it is hard.

-My personal limit on rigorously proved primes is ~350 digits.

-If you really want a proof, we should talk to Francois Morain,

-or the Australian group.

-If you want 2 to be a generator (mod P), then you need it

-to be a non-square.  If (P-1)/2 is also prime, then

-non-square == primitive-root for bases << P.

-In the case at hand, this means 2 is a generator iff P = 11 (mod 24).

-If you want this, you should restrict your sieve accordingly.

-3 is a generator iff P = 5 (mod 12).

-5 is a generator iff P = 3 or 7 (mod 10).

-2 is perfectly usable as a base even if it's a non-generator, since

-it still covers half the space of possible residues.  And an

-eavesdropper can always determine the low-bit of your exponent for

-a generator anyway.

-Rich  [email protected]

--- a/sys/src/ape/lib/openssl/crypto/dh/p1024.c

+++ /dev/null

@@ -1,92 +1,0 @@

-/* crypto/dh/p1024.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/bn.h>

-#include <openssl/asn1.h>

-#include <openssl/dh.h>

-#include <openssl/pem.h>

-unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,

-	0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,

-	0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,

-	0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,

-	0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,

-	0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,

-	0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,

-	0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,

-	0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,

-	0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,

-	0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,

-	0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,

-	0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,

-	0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,

-	0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,

-	0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,

-	};

-main()

-	{

-	DH *dh;

-	dh=DH_new();

-	dh->p=BN_bin2bn(data,sizeof(data),NULL);

-	dh->g=BN_new();

-	BN_set_word(dh->g,2);

-	PEM_write_DHparams(stdout,dh);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/p192.c

+++ /dev/null

@@ -1,80 +1,0 @@

-/* crypto/dh/p192.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/bn.h>

-#include <openssl/asn1.h>

-#include <openssl/dh.h>

-#include <openssl/pem.h>

-unsigned char data[]={

-0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,

-0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,

-0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,

-	};

-main()

-	{

-	DH *dh;

-	dh=DH_new();

-	dh->p=BN_bin2bn(data,sizeof(data),NULL);

-	dh->g=BN_new();

-	BN_set_word(dh->g,3);

-	PEM_write_DHparams(stdout,dh);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dh/p512.c

+++ /dev/null

@@ -1,85 +1,0 @@

-/* crypto/dh/p512.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/bn.h>

-#include <openssl/asn1.h>

-#include <openssl/dh.h>

-#include <openssl/pem.h>

-unsigned char data[]={

-0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,

-0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,

-0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,

-0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,

-0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,

-0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,

-0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,

-0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,

-	};

-main()

-	{

-	DH *dh;

-	dh=DH_new();

-	dh->p=BN_bin2bn(data,sizeof(data),NULL);

-	dh->g=BN_new();

-	BN_set_word(dh->g,2);

-	PEM_write_DHparams(stdout,dh);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dsa/Makefile

+++ /dev/null

@@ -1,164 +1,0 @@

-#

-# OpenSSL/crypto/dsa/Makefile

-#

-DIR=	dsa

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=dsatest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \

-	dsa_err.c dsa_ossl.c dsa_depr.c

-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \

-	dsa_err.o dsa_ossl.o dsa_depr.o

-SRC= $(LIBSRC)

-EXHEADER= dsa.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dsa_asn1.o: ../../include/openssl/opensslconf.h

-dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c

-dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c

-dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dsa_err.o: dsa_err.c

-dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c

-dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c

-dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dsa_lib.o: ../cryptlib.h dsa_lib.c

-dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dsa_ossl.o: ../../include/openssl/opensslconf.h

-dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dsa_ossl.o: ../cryptlib.h dsa_ossl.c

-dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dsa_sign.o: ../../include/openssl/opensslconf.h

-dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dsa_sign.o: ../cryptlib.h dsa_sign.c

-dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h

-dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dsa_vrf.o: ../cryptlib.h dsa_vrf.c

--- a/sys/src/ape/lib/openssl/crypto/dsa/README

+++ /dev/null

@@ -1,4 +1,0 @@

-The stuff in here is based on patches supplied to me by

-Steven Schoch <[email protected]> to do DSS.

-I have since modified a them a little but a debt of gratitude

-is due for doing the initial work.

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa.h

+++ /dev/null

@@ -1,285 +1,0 @@

-/* crypto/dsa/dsa.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*

- * The DSS routines are based on patches supplied by

- * Steven Schoch <[email protected]>.  He basically did the

- * work and I have just tweaked them a little to fit into my

- * stylistic vision for SSLeay :-) */

-#ifndef HEADER_DSA_H

-#define HEADER_DSA_H

-#include <openssl/e_os2.h>

-#ifdef OPENSSL_NO_DSA

-#error DSA is disabled.

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/crypto.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_DH

-# include <openssl/dh.h>

-#endif

-#endif

-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS

-# define OPENSSL_DSA_MAX_MODULUS_BITS	10000

-#endif

-#define DSA_FLAG_CACHE_MONT_P	0x01

-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA

-                                              * implementation now uses constant time

-                                              * modular exponentiation for secret exponents

-                                              * by default. This flag causes the

-                                              * faster variable sliding window method to

-                                              * be used for all exponents.

-                                              */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct dsa_st DSA; */

-/* typedef struct dsa_method DSA_METHOD; */

-typedef struct DSA_SIG_st

-	{

-	BIGNUM *r;

-	BIGNUM *s;

-	} DSA_SIG;

-struct dsa_method

-	{

-	const char *name;

-	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);

-	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,

-								BIGNUM **rp);

-	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,

-							DSA_SIG *sig, DSA *dsa);

-	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,

-			BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,

-			BN_MONT_CTX *in_mont);

-	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,

-				const BIGNUM *m, BN_CTX *ctx,

-				BN_MONT_CTX *m_ctx); /* Can be null */

-	int (*init)(DSA *dsa);

-	int (*finish)(DSA *dsa);

-	int flags;

-	char *app_data;

-	/* If this is non-NULL, it is used to generate DSA parameters */

-	int (*dsa_paramgen)(DSA *dsa, int bits,

-			unsigned char *seed, int seed_len,

-			int *counter_ret, unsigned long *h_ret,

-			BN_GENCB *cb);

-	/* If this is non-NULL, it is used to generate DSA keys */

-	int (*dsa_keygen)(DSA *dsa);

-	};

-struct dsa_st

-	{

-	/* This first variable is used to pick up errors where

-	 * a DSA is passed instead of of a EVP_PKEY */

-	int pad;

-	long version;

-	int write_params;

-	BIGNUM *p;

-	BIGNUM *q;	/* == 20 */

-	BIGNUM *g;

-	BIGNUM *pub_key;  /* y public key */

-	BIGNUM *priv_key; /* x private key */

-	BIGNUM *kinv;	/* Signing pre-calc */

-	BIGNUM *r;	/* Signing pre-calc */

-	int flags;

-	/* Normally used to cache montgomery values */

-	BN_MONT_CTX *method_mont_p;

-	int references;

-	CRYPTO_EX_DATA ex_data;

-	const DSA_METHOD *meth;

-	/* functional reference if 'meth' is ENGINE-provided */

-	ENGINE *engine;

-	};

-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)

-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \

-		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))

-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \

-		(unsigned char *)(x))

-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)

-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)

-DSA_SIG * DSA_SIG_new(void);

-void	DSA_SIG_free(DSA_SIG *a);

-int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);

-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);

-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);

-int	DSA_do_verify(const unsigned char *dgst,int dgst_len,

-		      DSA_SIG *sig,DSA *dsa);

-const DSA_METHOD *DSA_OpenSSL(void);

-void	DSA_set_default_method(const DSA_METHOD *);

-const DSA_METHOD *DSA_get_default_method(void);

-int	DSA_set_method(DSA *dsa, const DSA_METHOD *);

-DSA *	DSA_new(void);

-DSA *	DSA_new_method(ENGINE *engine);

-void	DSA_free (DSA *r);

-/* "up" the DSA object's reference count */

-int	DSA_up_ref(DSA *r);

-int	DSA_size(const DSA *);

-	/* next 4 return -1 on error */

-int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);

-int	DSA_sign(int type,const unsigned char *dgst,int dlen,

-		unsigned char *sig, unsigned int *siglen, DSA *dsa);

-int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,

-		const unsigned char *sigbuf, int siglen, DSA *dsa);

-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int DSA_set_ex_data(DSA *d, int idx, void *arg);

-void *DSA_get_ex_data(DSA *d, int idx);

-DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);

-DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);

-DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);

-/* Deprecated version */

-#ifndef OPENSSL_NO_DEPRECATED

-DSA *	DSA_generate_parameters(int bits,

-		unsigned char *seed,int seed_len,

-		int *counter_ret, unsigned long *h_ret,void

-		(*callback)(int, int, void *),void *cb_arg);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* New version */

-int	DSA_generate_parameters_ex(DSA *dsa, int bits,

-		unsigned char *seed,int seed_len,

-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

-int	DSA_generate_key(DSA *a);

-int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);

-int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);

-int	i2d_DSAparams(const DSA *a,unsigned char **pp);

-#ifndef OPENSSL_NO_BIO

-int	DSAparams_print(BIO *bp, const DSA *x);

-int	DSA_print(BIO *bp, const DSA *x, int off);

-#endif

-#ifndef OPENSSL_NO_FP_API

-int	DSAparams_print_fp(FILE *fp, const DSA *x);

-int	DSA_print_fp(FILE *bp, const DSA *x, int off);

-#endif

-#define DSS_prime_checks 50

-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:

- * 50 rounds of Rabin-Miller */

-#define DSA_is_prime(n, callback, cb_arg) \

-	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)

-#ifndef OPENSSL_NO_DH

-/* Convert DSA structure (key or just parameters) into DH structure

- * (be careful to avoid small subgroup attacks when using this!) */

-DH *DSA_dup_DH(const DSA *r);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_DSA_strings(void);

-/* Error codes for the DSA functions. */

-/* Function codes. */

-#define DSA_F_D2I_DSA_SIG				 110

-#define DSA_F_DSAPARAMS_PRINT				 100

-#define DSA_F_DSAPARAMS_PRINT_FP			 101

-#define DSA_F_DSA_DO_SIGN				 112

-#define DSA_F_DSA_DO_VERIFY				 113

-#define DSA_F_DSA_NEW_METHOD				 103

-#define DSA_F_DSA_PRINT					 104

-#define DSA_F_DSA_PRINT_FP				 105

-#define DSA_F_DSA_SIGN					 106

-#define DSA_F_DSA_SIGN_SETUP				 107

-#define DSA_F_DSA_SIG_NEW				 109

-#define DSA_F_DSA_VERIFY				 108

-#define DSA_F_I2D_DSA_SIG				 111

-#define DSA_F_SIG_CB					 114

-/* Reason codes. */

-#define DSA_R_BAD_Q_VALUE				 102

-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100

-#define DSA_R_MISSING_PARAMETERS			 101

-#define DSA_R_MODULUS_TOO_LARGE				 103

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_asn1.c

+++ /dev/null

@@ -1,140 +1,0 @@

-/* dsa_asn1.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/dsa.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-/* Override the default new methods */

-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_NEW_PRE) {

-		DSA_SIG *sig;

-		sig = OPENSSL_malloc(sizeof(DSA_SIG));

-		sig->r = NULL;

-		sig->s = NULL;

-		*pval = (ASN1_VALUE *)sig;

-		if(sig) return 2;

-		DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {

-	ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),

-	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)

-} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)

-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)

-/* Override the default free and new methods */

-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_NEW_PRE) {

-		*pval = (ASN1_VALUE *)DSA_new();

-		if(*pval) return 2;

-		return 0;

-	} else if(operation == ASN1_OP_FREE_PRE) {

-		DSA_free((DSA *)*pval);

-		*pval = NULL;

-		return 2;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {

-	ASN1_SIMPLE(DSA, version, LONG),

-	ASN1_SIMPLE(DSA, p, BIGNUM),

-	ASN1_SIMPLE(DSA, q, BIGNUM),

-	ASN1_SIMPLE(DSA, g, BIGNUM),

-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),

-	ASN1_SIMPLE(DSA, priv_key, BIGNUM)

-} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)

-ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {

-	ASN1_SIMPLE(DSA, p, BIGNUM),

-	ASN1_SIMPLE(DSA, q, BIGNUM),

-	ASN1_SIMPLE(DSA, g, BIGNUM),

-} ASN1_SEQUENCE_END_cb(DSA, DSAparams)

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)

-/* DSA public key is a bit trickier... its effectively a CHOICE type

- * decided by a field called write_params which can either write out

- * just the public key as an INTEGER or the parameters and public key

- * in a SEQUENCE

- */

-ASN1_SEQUENCE(dsa_pub_internal) = {

-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),

-	ASN1_SIMPLE(DSA, p, BIGNUM),

-	ASN1_SIMPLE(DSA, q, BIGNUM),

-	ASN1_SIMPLE(DSA, g, BIGNUM)

-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)

-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {

-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),

-	ASN1_EX_COMBINE(0, 0, dsa_pub_internal)

-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_depr.c

+++ /dev/null

@@ -1,106 +1,0 @@

-/* crypto/dsa/dsa_depr.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* This file contains deprecated function(s) that are now wrappers to the new

- * version(s). */

-#undef GENUINE_DSA

-#ifdef GENUINE_DSA

-/* Parameter generation follows the original release of FIPS PUB 186,

- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */

-#define HASH    EVP_sha()

-#else

-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,

- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in

- * FIPS PUB 180-1) */

-#define HASH    EVP_sha1()

-#endif

-static void *dummy=&dummy;

-#ifndef OPENSSL_NO_SHA

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/rand.h>

-#include <openssl/sha.h>

-#ifndef OPENSSL_NO_DEPRECATED

-DSA *DSA_generate_parameters(int bits,

-		unsigned char *seed_in, int seed_len,

-		int *counter_ret, unsigned long *h_ret,

-		void (*callback)(int, int, void *),

-		void *cb_arg)

-	{

-	BN_GENCB cb;

-	DSA *ret;

-	if ((ret=DSA_new()) == NULL) return NULL;

-	BN_GENCB_set_old(&cb, callback, cb_arg);

-	if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,

-				counter_ret, h_ret, &cb))

-		return ret;

-	DSA_free(ret);

-	return NULL;

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_err.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/dsa/dsa_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/dsa.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)

-static ERR_STRING_DATA DSA_str_functs[]=

-	{

-{ERR_FUNC(DSA_F_D2I_DSA_SIG),	"d2i_DSA_SIG"},

-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},

-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},

-{ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},

-{ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},

-{ERR_FUNC(DSA_F_DSA_NEW_METHOD),	"DSA_new_method"},

-{ERR_FUNC(DSA_F_DSA_PRINT),	"DSA_print"},

-{ERR_FUNC(DSA_F_DSA_PRINT_FP),	"DSA_print_fp"},

-{ERR_FUNC(DSA_F_DSA_SIGN),	"DSA_sign"},

-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),	"DSA_sign_setup"},

-{ERR_FUNC(DSA_F_DSA_SIG_NEW),	"DSA_SIG_new"},

-{ERR_FUNC(DSA_F_DSA_VERIFY),	"DSA_verify"},

-{ERR_FUNC(DSA_F_I2D_DSA_SIG),	"i2d_DSA_SIG"},

-{ERR_FUNC(DSA_F_SIG_CB),	"SIG_CB"},

-{0,NULL}

-	};

-static ERR_STRING_DATA DSA_str_reasons[]=

-	{

-{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},

-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},

-{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},

-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},

-{0,NULL}

-	};

-#endif

-void ERR_load_DSA_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,DSA_str_functs);

-		ERR_load_strings(0,DSA_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_gen.c

+++ /dev/null

@@ -1,322 +1,0 @@

-/* crypto/dsa/dsa_gen.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#undef GENUINE_DSA

-#ifdef GENUINE_DSA

-/* Parameter generation follows the original release of FIPS PUB 186,

- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */

-#define HASH    EVP_sha()

-#else

-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,

- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in

- * FIPS PUB 180-1) */

-#define HASH    EVP_sha1()

-#endif

-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */

-#ifndef OPENSSL_NO_SHA

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/rand.h>

-#include <openssl/sha.h>

-static int dsa_builtin_paramgen(DSA *ret, int bits,

-		unsigned char *seed_in, int seed_len,

-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

-int DSA_generate_parameters_ex(DSA *ret, int bits,

-		unsigned char *seed_in, int seed_len,

-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)

-	{

-	if(ret->meth->dsa_paramgen)

-		return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,

-				counter_ret, h_ret, cb);

-	return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,

-			counter_ret, h_ret, cb);

-	}

-static int dsa_builtin_paramgen(DSA *ret, int bits,

-		unsigned char *seed_in, int seed_len,

-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)

-	{

-	int ok=0;

-	unsigned char seed[SHA_DIGEST_LENGTH];

-	unsigned char md[SHA_DIGEST_LENGTH];

-	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];

-	BIGNUM *r0,*W,*X,*c,*test;

-	BIGNUM *g=NULL,*q=NULL,*p=NULL;

-	BN_MONT_CTX *mont=NULL;

-	int k,n=0,i,b,m=0;

-	int counter=0;

-	int r=0;

-	BN_CTX *ctx=NULL;

-	unsigned int h=2;

-	if (bits < 512) bits=512;

-	bits=(bits+63)/64*64;

-	/* NB: seed_len == 0 is special case: copy generated seed to

- 	 * seed_in if it is not NULL.

- 	 */

-	if (seed_len && (seed_len < 20))

-		seed_in = NULL; /* seed buffer too small -- ignore */

-	if (seed_len > 20)

-		seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,

-		                * but our internal buffers are restricted to 160 bits*/

-	if ((seed_in != NULL) && (seed_len == 20))

-		{

-		memcpy(seed,seed_in,seed_len);

-		/* set seed_in to NULL to avoid it being copied back */

-		seed_in = NULL;

-		}

-	if ((ctx=BN_CTX_new()) == NULL) goto err;

-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;

-	BN_CTX_start(ctx);

-	r0 = BN_CTX_get(ctx);

-	g = BN_CTX_get(ctx);

-	W = BN_CTX_get(ctx);

-	q = BN_CTX_get(ctx);

-	X = BN_CTX_get(ctx);

-	c = BN_CTX_get(ctx);

-	p = BN_CTX_get(ctx);

-	test = BN_CTX_get(ctx);

-	if (!BN_lshift(test,BN_value_one(),bits-1))

-		goto err;

-	for (;;)

-		{

-		for (;;) /* find q */

-			{

-			int seed_is_random;

-			/* step 1 */

-			if(!BN_GENCB_call(cb, 0, m++))

-				goto err;

-			if (!seed_len)

-				{

-				RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);

-				seed_is_random = 1;

-				}

-			else

-				{

-				seed_is_random = 0;

-				seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/

-				}

-			memcpy(buf,seed,SHA_DIGEST_LENGTH);

-			memcpy(buf2,seed,SHA_DIGEST_LENGTH);

-			/* precompute "SEED + 1" for step 7: */

-			for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)

-				{

-				buf[i]++;

-				if (buf[i] != 0) break;

-				}

-			/* step 2 */

-			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);

-			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);

-			for (i=0; i<SHA_DIGEST_LENGTH; i++)

-				md[i]^=buf2[i];

-			/* step 3 */

-			md[0]|=0x80;

-			md[SHA_DIGEST_LENGTH-1]|=0x01;

-			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;

-			/* step 4 */

-			r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,

-					seed_is_random, cb);

-			if (r > 0)

-				break;

-			if (r != 0)

-				goto err;

-			/* do a callback call */

-			/* step 5 */

-			}

-		if(!BN_GENCB_call(cb, 2, 0)) goto err;

-		if(!BN_GENCB_call(cb, 3, 0)) goto err;

-		/* step 6 */

-		counter=0;

-		/* "offset = 2" */

-		n=(bits-1)/160;

-		b=(bits-1)-n*160;

-		for (;;)

-			{

-			if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))

-				goto err;

-			/* step 7 */

-			BN_zero(W);

-			/* now 'buf' contains "SEED + offset - 1" */

-			for (k=0; k<=n; k++)

-				{

-				/* obtain "SEED + offset + k" by incrementing: */

-				for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)

-					{

-					buf[i]++;

-					if (buf[i] != 0) break;

-					}

-				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);

-				/* step 8 */

-				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))

-					goto err;

-				if (!BN_lshift(r0,r0,160*k)) goto err;

-				if (!BN_add(W,W,r0)) goto err;

-				}

-			/* more of step 8 */

-			if (!BN_mask_bits(W,bits-1)) goto err;

-			if (!BN_copy(X,W)) goto err;

-			if (!BN_add(X,X,test)) goto err;

-			/* step 9 */

-			if (!BN_lshift1(r0,q)) goto err;

-			if (!BN_mod(c,X,r0,ctx)) goto err;

-			if (!BN_sub(r0,c,BN_value_one())) goto err;

-			if (!BN_sub(p,X,r0)) goto err;

-			/* step 10 */

-			if (BN_cmp(p,test) >= 0)

-				{

-				/* step 11 */

-				r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,

-						ctx, 1, cb);

-				if (r > 0)

-						goto end; /* found it */

-				if (r != 0)

-					goto err;

-				}

-			/* step 13 */

-			counter++;

-			/* "offset = offset + n + 1" */

-			/* step 14 */

-			if (counter >= 4096) break;

-			}

-		}

-end:

-	if(!BN_GENCB_call(cb, 2, 1))

-		goto err;

-	/* We now need to generate g */

-	/* Set r0=(p-1)/q */

-	if (!BN_sub(test,p,BN_value_one())) goto err;

-	if (!BN_div(r0,NULL,test,q,ctx)) goto err;

-	if (!BN_set_word(test,h)) goto err;

-	if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;

-	for (;;)

-		{

-		/* g=test^r0%p */

-		if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;

-		if (!BN_is_one(g)) break;

-		if (!BN_add(test,test,BN_value_one())) goto err;

-		h++;

-		}

-	if(!BN_GENCB_call(cb, 3, 1))

-		goto err;

-	ok=1;

-err:

-	if (ok)

-		{

-		if(ret->p) BN_free(ret->p);

-		if(ret->q) BN_free(ret->q);

-		if(ret->g) BN_free(ret->g);

-		ret->p=BN_dup(p);

-		ret->q=BN_dup(q);

-		ret->g=BN_dup(g);

-		if (ret->p == NULL || ret->q == NULL || ret->g == NULL)

-			{

-			ok=0;

-			goto err;

-			}

-		if (seed_in != NULL) memcpy(seed_in,seed,20);

-		if (counter_ret != NULL) *counter_ret=counter;

-		if (h_ret != NULL) *h_ret=h;

-		}

-	if(ctx)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	if (mont != NULL) BN_MONT_CTX_free(mont);

-	return ok;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_key.c

+++ /dev/null

@@ -1,128 +1,0 @@

-/* crypto/dsa/dsa_key.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_SHA

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/rand.h>

-static int dsa_builtin_keygen(DSA *dsa);

-int DSA_generate_key(DSA *dsa)

-	{

-	if(dsa->meth->dsa_keygen)

-		return dsa->meth->dsa_keygen(dsa);

-	return dsa_builtin_keygen(dsa);

-	}

-static int dsa_builtin_keygen(DSA *dsa)

-	{

-	int ok=0;

-	BN_CTX *ctx=NULL;

-	BIGNUM *pub_key=NULL,*priv_key=NULL;

-	if ((ctx=BN_CTX_new()) == NULL) goto err;

-	if (dsa->priv_key == NULL)

-		{

-		if ((priv_key=BN_new()) == NULL) goto err;

-		}

-	else

-		priv_key=dsa->priv_key;

-	do

-		if (!BN_rand_range(priv_key,dsa->q)) goto err;

-	while (BN_is_zero(priv_key));

-	if (dsa->pub_key == NULL)

-		{

-		if ((pub_key=BN_new()) == NULL) goto err;

-		}

-	else

-		pub_key=dsa->pub_key;

-	{

-		BIGNUM local_prk;

-		BIGNUM *prk;

-		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)

-			{

-			BN_init(&local_prk);

-			prk = &local_prk;

-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);

-			}

-		else

-			prk = priv_key;

-		if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;

-	}

-	dsa->priv_key=priv_key;

-	dsa->pub_key=pub_key;

-	ok=1;

-err:

-	if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);

-	if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);

-	if (ctx != NULL) BN_CTX_free(ctx);

-	return(ok);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_lib.c

+++ /dev/null

@@ -1,311 +1,0 @@

-/* crypto/dsa/dsa_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Original version from Steven Schoch <[email protected]> */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;

-static const DSA_METHOD *default_DSA_method = NULL;

-void DSA_set_default_method(const DSA_METHOD *meth)

-	{

-	default_DSA_method = meth;

-	}

-const DSA_METHOD *DSA_get_default_method(void)

-	{

-	if(!default_DSA_method)

-		default_DSA_method = DSA_OpenSSL();

-	return default_DSA_method;

-	}

-DSA *DSA_new(void)

-	{

-	return DSA_new_method(NULL);

-	}

-int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)

-	{

-	/* NB: The caller is specifically setting a method, so it's not up to us

-	 * to deal with which ENGINE it comes from. */

-        const DSA_METHOD *mtmp;

-        mtmp = dsa->meth;

-        if (mtmp->finish) mtmp->finish(dsa);

-#ifndef OPENSSL_NO_ENGINE

-	if (dsa->engine)

-		{

-		ENGINE_finish(dsa->engine);

-		dsa->engine = NULL;

-		}

-#endif

-        dsa->meth = meth;

-        if (meth->init) meth->init(dsa);

-        return 1;

-	}

-DSA *DSA_new_method(ENGINE *engine)

-	{

-	DSA *ret;

-	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));

-	if (ret == NULL)

-		{

-		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->meth = DSA_get_default_method();

-#ifndef OPENSSL_NO_ENGINE

-	if (engine)

-		{

-		if (!ENGINE_init(engine))

-			{

-			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		ret->engine = engine;

-		}

-	else

-		ret->engine = ENGINE_get_default_DSA();

-	if(ret->engine)

-		{

-		ret->meth = ENGINE_get_DSA(ret->engine);

-		if(!ret->meth)

-			{

-			DSAerr(DSA_F_DSA_NEW_METHOD,

-				ERR_R_ENGINE_LIB);

-			ENGINE_finish(ret->engine);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		}

-#endif

-	ret->pad=0;

-	ret->version=0;

-	ret->write_params=1;

-	ret->p=NULL;

-	ret->q=NULL;

-	ret->g=NULL;

-	ret->pub_key=NULL;

-	ret->priv_key=NULL;

-	ret->kinv=NULL;

-	ret->r=NULL;

-	ret->method_mont_p=NULL;

-	ret->references=1;

-	ret->flags=ret->meth->flags;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);

-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))

-		{

-#ifndef OPENSSL_NO_ENGINE

-		if (ret->engine)

-			ENGINE_finish(ret->engine);

-#endif

-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-void DSA_free(DSA *r)

-	{

-	int i;

-	if (r == NULL) return;

-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);

-#ifdef REF_PRINT

-	REF_PRINT("DSA",r);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"DSA_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if(r->meth->finish)

-		r->meth->finish(r);

-#ifndef OPENSSL_NO_ENGINE

-	if(r->engine)

-		ENGINE_finish(r->engine);

-#endif

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);

-	if (r->p != NULL) BN_clear_free(r->p);

-	if (r->q != NULL) BN_clear_free(r->q);

-	if (r->g != NULL) BN_clear_free(r->g);

-	if (r->pub_key != NULL) BN_clear_free(r->pub_key);

-	if (r->priv_key != NULL) BN_clear_free(r->priv_key);

-	if (r->kinv != NULL) BN_clear_free(r->kinv);

-	if (r->r != NULL) BN_clear_free(r->r);

-	OPENSSL_free(r);

-	}

-int DSA_up_ref(DSA *r)

-	{

-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);

-#ifdef REF_PRINT

-	REF_PRINT("DSA",r);

-#endif

-#ifdef REF_CHECK

-	if (i < 2)

-		{

-		fprintf(stderr, "DSA_up_ref, bad reference count\n");

-		abort();

-		}

-#endif

-	return ((i > 1) ? 1 : 0);

-	}

-int DSA_size(const DSA *r)

-	{

-	int ret,i;

-	ASN1_INTEGER bs;

-	unsigned char buf[4];	/* 4 bytes looks really small.

-				   However, i2d_ASN1_INTEGER() will not look

-				   beyond the first byte, as long as the second

-				   parameter is NULL. */

-	i=BN_num_bits(r->q);

-	bs.length=(i+7)/8;

-	bs.data=buf;

-	bs.type=V_ASN1_INTEGER;

-	/* If the top bit is set the asn1 encoding is 1 larger. */

-	buf[0]=0xff;

-	i=i2d_ASN1_INTEGER(&bs,NULL);

-	i+=i; /* r and s */

-	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);

-	return(ret);

-	}

-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-        {

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,

-				new_func, dup_func, free_func);

-        }

-int DSA_set_ex_data(DSA *d, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));

-	}

-void *DSA_get_ex_data(DSA *d, int idx)

-	{

-	return(CRYPTO_get_ex_data(&d->ex_data,idx));

-	}

-#ifndef OPENSSL_NO_DH

-DH *DSA_dup_DH(const DSA *r)

-	{

-	/* DSA has p, q, g, optional pub_key, optional priv_key.

-	 * DH has p, optional length, g, optional pub_key, optional priv_key.

-	 */

-	DH *ret = NULL;

-	if (r == NULL)

-		goto err;

-	ret = DH_new();

-	if (ret == NULL)

-		goto err;

-	if (r->p != NULL)

-		if ((ret->p = BN_dup(r->p)) == NULL)

-			goto err;

-	if (r->q != NULL)

-		ret->length = BN_num_bits(r->q);

-	if (r->g != NULL)

-		if ((ret->g = BN_dup(r->g)) == NULL)

-			goto err;

-	if (r->pub_key != NULL)

-		if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)

-			goto err;

-	if (r->priv_key != NULL)

-		if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)

-			goto err;

-	return ret;

- err:

-	if (ret != NULL)

-		DH_free(ret);

-	return NULL;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_ossl.c

+++ /dev/null

@@ -1,393 +1,0 @@

-/* crypto/dsa/dsa_ossl.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Original version from Steven Schoch <[email protected]> */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/rand.h>

-#include <openssl/asn1.h>

-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);

-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);

-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,

-		  DSA *dsa);

-static int dsa_init(DSA *dsa);

-static int dsa_finish(DSA *dsa);

-static DSA_METHOD openssl_dsa_meth = {

-"OpenSSL DSA method",

-dsa_do_sign,

-dsa_sign_setup,

-dsa_do_verify,

-NULL, /* dsa_mod_exp, */

-NULL, /* dsa_bn_mod_exp, */

-dsa_init,

-dsa_finish,

-0,

-NULL,

-NULL,

-NULL

-};

-/* These macro wrappers replace attempts to use the dsa_mod_exp() and

- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of

- * having a the macro work as an expression by bundling an "err_instr". So;

- *

- *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,

- *                 dsa->method_mont_p)) goto err;

- *

- * can be replaced by;

- *

- *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,

- *                 dsa->method_mont_p);

- */

-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \

-	do { \

-	int _tmp_res53; \

-	if((dsa)->meth->dsa_mod_exp) \

-		_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \

-				(a2), (p2), (m), (ctx), (in_mont)); \

-	else \

-		_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \

-				(m), (ctx), (in_mont)); \

-	if(!_tmp_res53) err_instr; \

-	} while(0)

-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \

-	do { \

-	int _tmp_res53; \

-	if((dsa)->meth->bn_mod_exp) \

-		_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \

-				(m), (ctx), (m_ctx)); \

-	else \

-		_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \

-	if(!_tmp_res53) err_instr; \

-	} while(0)

-const DSA_METHOD *DSA_OpenSSL(void)

-{

-	return &openssl_dsa_meth;

-}

-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)

-	{

-	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;

-	BIGNUM m;

-	BIGNUM xr;

-	BN_CTX *ctx=NULL;

-	int i,reason=ERR_R_BN_LIB;

-	DSA_SIG *ret=NULL;

-	BN_init(&m);

-	BN_init(&xr);

-	if (!dsa->p || !dsa->q || !dsa->g)

-		{

-		reason=DSA_R_MISSING_PARAMETERS;

-		goto err;

-		}

-	s=BN_new();

-	if (s == NULL) goto err;

-	i=BN_num_bytes(dsa->q); /* should be 20 */

-	if ((dlen > i) || (dlen > 50))

-		{

-		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;

-		goto err;

-		}

-	ctx=BN_CTX_new();

-	if (ctx == NULL) goto err;

-	if ((dsa->kinv == NULL) || (dsa->r == NULL))

-		{

-		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;

-		}

-	else

-		{

-		kinv=dsa->kinv;

-		dsa->kinv=NULL;

-		r=dsa->r;

-		dsa->r=NULL;

-		}

-	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;

-	/* Compute  s = inv(k) (m + xr) mod q */

-	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */

-	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */

-	if (BN_cmp(s,dsa->q) > 0)

-		BN_sub(s,s,dsa->q);

-	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;

-	ret=DSA_SIG_new();

-	if (ret == NULL) goto err;

-	ret->r = r;

-	ret->s = s;

-err:

-	if (!ret)

-		{

-		DSAerr(DSA_F_DSA_DO_SIGN,reason);

-		BN_free(r);

-		BN_free(s);

-		}

-	if (ctx != NULL) BN_CTX_free(ctx);

-	BN_clear_free(&m);

-	BN_clear_free(&xr);

-	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */

-	    BN_clear_free(kinv);

-	return(ret);

-	}

-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)

-	{

-	BN_CTX *ctx;

-	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;

-	int ret=0;

-	if (!dsa->p || !dsa->q || !dsa->g)

-		{

-		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);

-		return 0;

-		}

-	BN_init(&k);

-	BN_init(&kq);

-	if (ctx_in == NULL)

-		{

-		if ((ctx=BN_CTX_new()) == NULL) goto err;

-		}

-	else

-		ctx=ctx_in;

-	if ((r=BN_new()) == NULL) goto err;

-	/* Get random k */

-	do

-		if (!BN_rand_range(&k, dsa->q)) goto err;

-	while (BN_is_zero(&k));

-	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)

-		{

-		BN_set_flags(&k, BN_FLG_CONSTTIME);

-		}

-	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)

-		{

-		if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,

-						CRYPTO_LOCK_DSA,

-						dsa->p, ctx))

-			goto err;

-		}

-	/* Compute r = (g^k mod p) mod q */

-	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)

-		{

-		if (!BN_copy(&kq, &k)) goto err;

-		/* We do not want timing information to leak the length of k,

-		 * so we compute g^k using an equivalent exponent of fixed length.

-		 *

-		 * (This is a kludge that we need because the BN_mod_exp_mont()

-		 * does not let us specify the desired timing behaviour.) */

-		if (!BN_add(&kq, &kq, dsa->q)) goto err;

-		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))

-			{

-			if (!BN_add(&kq, &kq, dsa->q)) goto err;

-			}

-		K = &kq;

-		}

-	else

-		{

-		K = &k;

-		}

-	DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,

-			dsa->method_mont_p);

-	if (!BN_mod(r,r,dsa->q,ctx)) goto err;

-	/* Compute  part of 's = inv(k) (m + xr) mod q' */

-	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;

-	if (*kinvp != NULL) BN_clear_free(*kinvp);

-	*kinvp=kinv;

-	kinv=NULL;

-	if (*rp != NULL) BN_clear_free(*rp);

-	*rp=r;

-	ret=1;

-err:

-	if (!ret)

-		{

-		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);

-		if (kinv != NULL) BN_clear_free(kinv);

-		if (r != NULL) BN_clear_free(r);

-		}

-	if (ctx_in == NULL) BN_CTX_free(ctx);

-	if (kinv != NULL) BN_clear_free(kinv);

-	BN_clear_free(&k);

-	BN_clear_free(&kq);

-	return(ret);

-	}

-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,

-		  DSA *dsa)

-	{

-	BN_CTX *ctx;

-	BIGNUM u1,u2,t1;

-	BN_MONT_CTX *mont=NULL;

-	int ret = -1;

-	if (!dsa->p || !dsa->q || !dsa->g)

-		{

-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);

-		return -1;

-		}

-	if (BN_num_bits(dsa->q) != 160)

-		{

-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);

-		return -1;

-		}

-	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)

-		{

-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);

-		return -1;

-		}

-	BN_init(&u1);

-	BN_init(&u2);

-	BN_init(&t1);

-	if ((ctx=BN_CTX_new()) == NULL) goto err;

-	if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||

-	    BN_ucmp(sig->r, dsa->q) >= 0)

-		{

-		ret = 0;

-		goto err;

-		}

-	if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||

-	    BN_ucmp(sig->s, dsa->q) >= 0)

-		{

-		ret = 0;

-		goto err;

-		}

-	/* Calculate W = inv(S) mod Q

-	 * save W in u2 */

-	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;

-	/* save M in u1 */

-	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;

-	/* u1 = M * w mod q */

-	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;

-	/* u2 = r * w mod q */

-	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;

-	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)

-		{

-		mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,

-					CRYPTO_LOCK_DSA, dsa->p, ctx);

-		if (!mont)

-			goto err;

-		}

-	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);

-	/* BN_copy(&u1,&t1); */

-	/* let u1 = u1 mod q */

-	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;

-	/* V is now in u1.  If the signature is correct, it will be

-	 * equal to R. */

-	ret=(BN_ucmp(&u1, sig->r) == 0);

-	err:

-	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;

-	   there is no error in BN. Test should be ret == -1 (Ben) */

-	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);

-	if (ctx != NULL) BN_CTX_free(ctx);

-	BN_free(&u1);

-	BN_free(&u2);

-	BN_free(&t1);

-	return(ret);

-	}

-static int dsa_init(DSA *dsa)

-{

-	dsa->flags|=DSA_FLAG_CACHE_MONT_P;

-	return(1);

-}

-static int dsa_finish(DSA *dsa)

-{

-	if(dsa->method_mont_p)

-		BN_MONT_CTX_free(dsa->method_mont_p);

-	return(1);

-}

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_sign.c

+++ /dev/null

@@ -1,92 +1,0 @@

-/* crypto/dsa/dsa_sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Original version from Steven Schoch <[email protected]> */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/rand.h>

-#include <openssl/asn1.h>

-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)

-	{

-	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);

-	}

-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,

-	     unsigned int *siglen, DSA *dsa)

-	{

-	DSA_SIG *s;

-	s=DSA_do_sign(dgst,dlen,dsa);

-	if (s == NULL)

-		{

-		*siglen=0;

-		return(0);

-		}

-	*siglen=i2d_DSA_SIG(s,&sig);

-	DSA_SIG_free(s);

-	return(1);

-	}

-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)

-	{

-	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsa_vrf.c

+++ /dev/null

@@ -1,94 +1,0 @@

-/* crypto/dsa/dsa_vrf.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Original version from Steven Schoch <[email protected]> */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/dsa.h>

-#include <openssl/rand.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1_mac.h>

-int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,

-		  DSA *dsa)

-	{

-	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);

-	}

-/* data has already been hashed (probably with SHA or SHA-1). */

-/* returns

- *      1: correct signature

- *      0: incorrect signature

- *     -1: error

- */

-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,

-	     const unsigned char *sigbuf, int siglen, DSA *dsa)

-	{

-	DSA_SIG *s;

-	int ret=-1;

-	s = DSA_SIG_new();

-	if (s == NULL) return(ret);

-	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;

-	ret=DSA_do_verify(dgst,dgst_len,s,dsa);

-err:

-	DSA_SIG_free(s);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsagen.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/dsa/dsagen.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/dsa.h>

-#define TEST

-#define GENUINE_DSA

-#ifdef GENUINE_DSA

-#define LAST_VALUE 0xbd

-#else

-#define LAST_VALUE 0xd3

-#endif

-#ifdef TEST

-unsigned char seed[20]={

-	0xd5,0x01,0x4e,0x4b,

-	0x60,0xef,0x2b,0xa8,

-	0xb6,0x21,0x1b,0x40,

-	0x62,0xba,0x32,0x24,

-	0xe0,0x42,0x7d,LAST_VALUE};

-#endif

-int cb(int p, int n)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	printf("%c",c);

-	fflush(stdout);

-	}

-main()

-	{

-	int i;

-	BIGNUM *n;

-	BN_CTX *ctx;

-	unsigned char seed_buf[20];

-	DSA *dsa;

-	int counter,h;

-	BIO *bio_err=NULL;

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	memcpy(seed_buf,seed,20);

-	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);

-	if (dsa == NULL)

-		DSA_print(bio_err,dsa,0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dsa/dsatest.c

+++ /dev/null

@@ -1,260 +1,0 @@

-/* crypto/dsa/dsatest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Until the key-gen callbacks are modified to use newer prototypes, we allow

- * deprecated functions for openssl-internal code */

-#ifdef OPENSSL_NO_DEPRECATED

-#undef OPENSSL_NO_DEPRECATED

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include "../e_os.h"

-#include <openssl/crypto.h>

-#include <openssl/rand.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/bn.h>

-#ifdef OPENSSL_NO_DSA

-int main(int argc, char *argv[])

-{

-    printf("No DSA support\n");

-    return(0);

-}

-#else

-#include <openssl/dsa.h>

-#ifdef OPENSSL_SYS_WIN16

-#define MS_CALLBACK     _far _loadds

-#else

-#define MS_CALLBACK

-#endif

-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);

-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to

- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */

-static unsigned char seed[20]={

-	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,

-	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,

-	};

-static unsigned char out_p[]={

-	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,

-	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,

-	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,

-	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,

-	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,

-	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,

-	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,

-	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,

-	};

-static unsigned char out_q[]={

-	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,

-	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,

-	0xda,0xce,0x91,0x5f,

-	};

-static unsigned char out_g[]={

-	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,

-	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,

-	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,

-	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,

-	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,

-	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,

-	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,

-	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,

-	};

-static const unsigned char str1[]="12345678901234567890";

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-static BIO *bio_err=NULL;

-int main(int argc, char **argv)

-	{

-	BN_GENCB cb;

-	DSA *dsa=NULL;

-	int counter,ret=0,i,j;

-	unsigned char buf[256];

-	unsigned long h;

-	unsigned char sig[256];

-	unsigned int siglen;

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	CRYPTO_malloc_debug_init();

-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	ERR_load_crypto_strings();

-	RAND_seed(rnd_seed, sizeof rnd_seed);

-	BIO_printf(bio_err,"test generation of DSA parameters\n");

-	BN_GENCB_set(&cb, dsa_cb, bio_err);

-	if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,

-				seed, 20, &counter, &h, &cb))

-		goto end;

-	BIO_printf(bio_err,"seed\n");

-	for (i=0; i<20; i+=4)

-		{

-		BIO_printf(bio_err,"%02X%02X%02X%02X ",

-			seed[i],seed[i+1],seed[i+2],seed[i+3]);

-		}

-	BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);

-	if (dsa == NULL) goto end;

-	DSA_print(bio_err,dsa,0);

-	if (counter != 105)

-		{

-		BIO_printf(bio_err,"counter should be 105\n");

-		goto end;

-		}

-	if (h != 2)

-		{

-		BIO_printf(bio_err,"h should be 2\n");

-		goto end;

-		}

-	i=BN_bn2bin(dsa->q,buf);

-	j=sizeof(out_q);

-	if ((i != j) || (memcmp(buf,out_q,i) != 0))

-		{

-		BIO_printf(bio_err,"q value is wrong\n");

-		goto end;

-		}

-	i=BN_bn2bin(dsa->p,buf);

-	j=sizeof(out_p);

-	if ((i != j) || (memcmp(buf,out_p,i) != 0))

-		{

-		BIO_printf(bio_err,"p value is wrong\n");

-		goto end;

-		}

-	i=BN_bn2bin(dsa->g,buf);

-	j=sizeof(out_g);

-	if ((i != j) || (memcmp(buf,out_g,i) != 0))

-		{

-		BIO_printf(bio_err,"g value is wrong\n");

-		goto end;

-		}

-	dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;

-	DSA_generate_key(dsa);

-	DSA_sign(0, str1, 20, sig, &siglen, dsa);

-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)

-		ret=1;

-	dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;

-	DSA_generate_key(dsa);

-	DSA_sign(0, str1, 20, sig, &siglen, dsa);

-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)

-		ret=1;

-end:

-	if (!ret)

-		ERR_print_errors(bio_err);

-	if (dsa != NULL) DSA_free(dsa);

-	CRYPTO_cleanup_all_ex_data();

-	ERR_remove_state(0);

-	ERR_free_strings();

-	CRYPTO_mem_leaks(bio_err);

-	if (bio_err != NULL)

-		{

-		BIO_free(bio_err);

-		bio_err = NULL;

-		}

-#ifdef OPENSSL_SYS_NETWARE

-    if (!ret) printf("ERROR\n");

-#endif

-	EXIT(!ret);

-	return(0);

-	}

-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)

-	{

-	char c='*';

-	static int ok=0,num=0;

-	if (p == 0) { c='.'; num++; };

-	if (p == 1) c='+';

-	if (p == 2) { c='*'; ok++; }

-	if (p == 3) c='\n';

-	BIO_write(arg->arg,&c,1);

-	(void)BIO_flush(arg->arg);

-	if (!ok && (p == 0) && (num > 1))

-		{

-		BIO_printf((BIO *)arg,"error in dsatest\n");

-		return 0;

-		}

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dsa/fips186a.txt

+++ /dev/null

@@ -1,122 +1,0 @@

-The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5

-examples.  This is an updated version that uses SHA-1 (FIPS 180-1)

-supplied to me by Wei Dai

-		     APPENDIX 5. EXAMPLE OF THE DSA

-This appendix is for informational purposes only and is not required to meet

-the standard.

-Let L = 512 (size of p).  The values in this example are expressed in

-hexadecimal notation.  The p and q given here were generated by the prime

-generation standard described in appendix 2 using the 160-bit SEED:

-          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3

-With this SEED, the algorithm found p and q when the counter was at 105.

-x was generated by the algorithm described in appendix 3, section 3.1, using

-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:

-XSEED =

-	bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6

-t =

-	67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0

-x = G(t,XSEED) mod q

-k was generated by the algorithm described in appendix 3, section 3.2, using

-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:

-KSEED =

-	687a66d9 0648f993 867e121f 4ddf9ddb 01205584

-t =

-	EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301

-k = G(t,KSEED) mod q

-Finally:

-h = 2

-p =

-	8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7

-	cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac

-	49693dfb f83724c2 ec0736ee 31c80291

-q =

-	c773218c 737ec8ee 993b4f2d ed30f48e dace915f

-g =

-	626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb

-	3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c

-	c42e9f6f 464b088c c572af53 e6d78802

-x =

-	2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614

-k =

-	358dad57 1462710f 50e254cf 1a376b2b deaadfbf

-kinv =

-	0d516729 8202e49b 4116ac10 4fc3f415 ae52f917

-M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)

-SHA(M) =

-	a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d

-y =

-	19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85

-	9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74

-	858fba33 f44c0669 9630a76b 030ee333

-r =

-	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0

-s =

-	41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8

-w =

-	9df4ece5 826be95f ed406d41 b43edc0b 1c18841b

-u1 =

-	bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d

-u2 =

-	821a9263 12e97ade abcc8d08 2b527897 8a2df4b0

-gu1 mod p =

-	51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753

-	9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf

-	6f96662a 1987a21b e4ec1071 010b6069

-yu2 mod p =

-	8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665

-	5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67

-	c19441f4 22bf3c34 08aeba1f 0a4dbec7

-v =

-	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0

--- a/sys/src/ape/lib/openssl/crypto/dso/Makefile

+++ /dev/null

@@ -1,142 +1,0 @@

-#

-# OpenSSL/crypto/dso/Makefile

-#

-DIR=	dso

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \

-	dso_openssl.c dso_win32.c dso_vms.c

-LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \

-	dso_openssl.o dso_win32.o dso_vms.o

-SRC= $(LIBSRC)

-EXHEADER= dso.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-dso_dl.o: ../../e_os.h ../../include/openssl/bio.h

-dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dso_dl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dso_dl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dso_dl.o: ../cryptlib.h dso_dl.c

-dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h

-dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_dlfcn.o: ../../include/openssl/opensslconf.h

-dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dso_dlfcn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dso_dlfcn.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dlfcn.c

-dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dso_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dso_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dso_err.o: dso_err.c

-dso_lib.o: ../../e_os.h ../../include/openssl/bio.h

-dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dso_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dso_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dso_lib.o: ../cryptlib.h dso_lib.c

-dso_null.o: ../../e_os.h ../../include/openssl/bio.h

-dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_null.o: ../../include/openssl/opensslconf.h

-dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dso_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dso_null.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_null.c

-dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h

-dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_openssl.o: ../../include/openssl/opensslconf.h

-dso_openssl.o: ../../include/openssl/opensslv.h

-dso_openssl.o: ../../include/openssl/ossl_typ.h

-dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c

-dso_vms.o: ../../e_os.h ../../include/openssl/bio.h

-dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-dso_vms.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-dso_vms.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-dso_vms.o: ../cryptlib.h dso_vms.c

-dso_win32.o: ../../e_os.h ../../include/openssl/bio.h

-dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-dso_win32.o: ../../include/openssl/opensslconf.h

-dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-dso_win32.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-dso_win32.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_win32.c

--- a/sys/src/ape/lib/openssl/crypto/dso/README

+++ /dev/null

@@ -1,22 +1,0 @@

-NOTES

------

-I've checked out HPUX (well, version 11 at least) and shl_t is

-a pointer type so it's safe to use in the way it has been in

-dso_dl.c. On the other hand, HPUX11 support dlfcn too and

-according to their man page, prefer developers to move to that.

-I'll leave Richard's changes there as I guess dso_dl is needed

-for HPUX10.20.

-There is now a callback scheme in place where filename conversion can

-(a) be turned off altogether through the use of the

-    DSO_FLAG_NO_NAME_TRANSLATION flag,

-(b) be handled by default using the default DSO_METHOD's converter

-(c) overriden per-DSO by setting the override callback

-(d) a mix of (b) and (c) - eg. implement an override callback that;

-    (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)

-        and if so, convert "blah" into "blah32.dll" (the default is

-	otherwise to make it "blah.dll").

-    (ii) default to the normal behaviour - we're not on win32, eg.

-         finish with (return dso->meth->dso_name_converter(dso,NULL)).

--- a/sys/src/ape/lib/openssl/crypto/dso/dso.h

+++ /dev/null

@@ -1,368 +1,0 @@

-/* dso.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_DSO_H

-#define HEADER_DSO_H

-#include <openssl/crypto.h>

-#ifdef __cplusplus

-extern "C" {

-#endif

-/* These values are used as commands to DSO_ctrl() */

-#define DSO_CTRL_GET_FLAGS	1

-#define DSO_CTRL_SET_FLAGS	2

-#define DSO_CTRL_OR_FLAGS	3

-/* By default, DSO_load() will translate the provided filename into a form

- * typical for the platform (more specifically the DSO_METHOD) using the

- * dso_name_converter function of the method. Eg. win32 will transform "blah"

- * into "blah.dll", and dlfcn will transform it into "libblah.so". The

- * behaviour can be overriden by setting the name_converter callback in the DSO

- * object (using DSO_set_name_converter()). This callback could even utilise

- * the DSO_METHOD's converter too if it only wants to override behaviour for

- * one or two possible DSO methods. However, the following flag can be set in a

- * DSO to prevent *any* native name-translation at all - eg. if the caller has

- * prompted the user for a path to a driver library so the filename should be

- * interpreted as-is. */

-#define DSO_FLAG_NO_NAME_TRANSLATION		0x01

-/* An extra flag to give if only the extension should be added as

- * translation.  This is obviously only of importance on Unix and

- * other operating systems where the translation also may prefix

- * the name with something, like 'lib', and ignored everywhere else.

- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used

- * at the same time. */

-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY	0x02

-/* The following flag controls the translation of symbol names to upper

- * case.  This is currently only being implemented for OpenVMS.

- */

-#define DSO_FLAG_UPCASE_SYMBOL			0x10

-/* This flag loads the library with public symbols.

- * Meaning: The exported symbols of this library are public

- * to all libraries loaded after this library.

- * At the moment only implemented in unix.

- */

-#define DSO_FLAG_GLOBAL_SYMBOLS			0x20

-typedef void (*DSO_FUNC_TYPE)(void);

-typedef struct dso_st DSO;

-/* The function prototype used for method functions (or caller-provided

- * callbacks) that transform filenames. They are passed a DSO structure pointer

- * (or NULL if they are to be used independantly of a DSO object) and a

- * filename to transform. They should either return NULL (if there is an error

- * condition) or a newly allocated string containing the transformed form that

- * the caller will need to free with OPENSSL_free() when done. */

-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);

-/* The function prototype used for method functions (or caller-provided

- * callbacks) that merge two file specifications. They are passed a

- * DSO structure pointer (or NULL if they are to be used independantly of

- * a DSO object) and two file specifications to merge. They should

- * either return NULL (if there is an error condition) or a newly allocated

- * string containing the result of merging that the caller will need

- * to free with OPENSSL_free() when done.

- * Here, merging means that bits and pieces are taken from each of the

- * file specifications and added together in whatever fashion that is

- * sensible for the DSO method in question.  The only rule that really

- * applies is that if the two specification contain pieces of the same

- * type, the copy from the first string takes priority.  One could see

- * it as the first specification is the one given by the user and the

- * second being a bunch of defaults to add on if they're missing in the

- * first. */

-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);

-typedef struct dso_meth_st

-	{

-	const char *name;

-	/* Loads a shared library, NB: new DSO_METHODs must ensure that a

-	 * successful load populates the loaded_filename field, and likewise a

-	 * successful unload OPENSSL_frees and NULLs it out. */

-	int (*dso_load)(DSO *dso);

-	/* Unloads a shared library */

-	int (*dso_unload)(DSO *dso);

-	/* Binds a variable */

-	void *(*dso_bind_var)(DSO *dso, const char *symname);

-	/* Binds a function - assumes a return type of DSO_FUNC_TYPE.

-	 * This should be cast to the real function prototype by the

-	 * caller. Platforms that don't have compatible representations

-	 * for different prototypes (this is possible within ANSI C)

-	 * are highly unlikely to have shared libraries at all, let

-	 * alone a DSO_METHOD implemented for them. */

-	DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);

-/* I don't think this would actually be used in any circumstances. */

-#if 0

-	/* Unbinds a variable */

-	int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);

-	/* Unbinds a function */

-	int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);

-#endif

-	/* The generic (yuck) "ctrl()" function. NB: Negative return

-	 * values (rather than zero) indicate errors. */

-	long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);

-	/* The default DSO_METHOD-specific function for converting filenames to

-	 * a canonical native form. */

-	DSO_NAME_CONVERTER_FUNC dso_name_converter;

-	/* The default DSO_METHOD-specific function for converting filenames to

-	 * a canonical native form. */

-	DSO_MERGER_FUNC dso_merger;

-	/* [De]Initialisation handlers. */

-	int (*init)(DSO *dso);

-	int (*finish)(DSO *dso);

-	} DSO_METHOD;

-/**********************************************************************/

-/* The low-level handle type used to refer to a loaded shared library */

-struct dso_st

-	{

-	DSO_METHOD *meth;

-	/* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS

-	 * doesn't use anything but will need to cache the filename

-	 * for use in the dso_bind handler. All in all, let each

-	 * method control its own destiny. "Handles" and such go in

-	 * a STACK. */

-	STACK *meth_data;

-	int references;

-	int flags;

-	/* For use by applications etc ... use this for your bits'n'pieces,

-	 * don't touch meth_data! */

-	CRYPTO_EX_DATA ex_data;

-	/* If this callback function pointer is set to non-NULL, then it will

-	 * be used in DSO_load() in place of meth->dso_name_converter. NB: This

-	 * should normally set using DSO_set_name_converter(). */

-	DSO_NAME_CONVERTER_FUNC name_converter;

-	/* If this callback function pointer is set to non-NULL, then it will

-	 * be used in DSO_load() in place of meth->dso_merger. NB: This

-	 * should normally set using DSO_set_merger(). */

-	DSO_MERGER_FUNC merger;

-	/* This is populated with (a copy of) the platform-independant

-	 * filename used for this DSO. */

-	char *filename;

-	/* This is populated with (a copy of) the translated filename by which

-	 * the DSO was actually loaded. It is NULL iff the DSO is not currently

-	 * loaded. NB: This is here because the filename translation process

-	 * may involve a callback being invoked more than once not only to

-	 * convert to a platform-specific form, but also to try different

-	 * filenames in the process of trying to perform a load. As such, this

-	 * variable can be used to indicate (a) whether this DSO structure

-	 * corresponds to a loaded library or not, and (b) the filename with

-	 * which it was actually loaded. */

-	char *loaded_filename;

-	};

-DSO *	DSO_new(void);

-DSO *	DSO_new_method(DSO_METHOD *method);

-int	DSO_free(DSO *dso);

-int	DSO_flags(DSO *dso);

-int	DSO_up_ref(DSO *dso);

-long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);

-/* This function sets the DSO's name_converter callback. If it is non-NULL,

- * then it will be used instead of the associated DSO_METHOD's function. If

- * oldcb is non-NULL then it is set to the function pointer value being

- * replaced. Return value is non-zero for success. */

-int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,

-				DSO_NAME_CONVERTER_FUNC *oldcb);

-/* These functions can be used to get/set the platform-independant filename

- * used for a DSO. NB: set will fail if the DSO is already loaded. */

-const char *DSO_get_filename(DSO *dso);

-int	DSO_set_filename(DSO *dso, const char *filename);

-/* This function will invoke the DSO's name_converter callback to translate a

- * filename, or if the callback isn't set it will instead use the DSO_METHOD's

- * converter. If "filename" is NULL, the "filename" in the DSO itself will be

- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is

- * simply duplicated. NB: This function is usually called from within a

- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that

- * caller-created DSO_METHODs can do the same thing. A non-NULL return value

- * will need to be OPENSSL_free()'d. */

-char	*DSO_convert_filename(DSO *dso, const char *filename);

-/* This function will invoke the DSO's merger callback to merge two file

- * specifications, or if the callback isn't set it will instead use the

- * DSO_METHOD's merger.  A non-NULL return value will need to be

- * OPENSSL_free()'d. */

-char	*DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);

-/* If the DSO is currently loaded, this returns the filename that it was loaded

- * under, otherwise it returns NULL. So it is also useful as a test as to

- * whether the DSO is currently loaded. NB: This will not necessarily return

- * the same value as DSO_convert_filename(dso, dso->filename), because the

- * DSO_METHOD's load function may have tried a variety of filenames (with

- * and/or without the aid of the converters) before settling on the one it

- * actually loaded. */

-const char *DSO_get_loaded_filename(DSO *dso);

-void	DSO_set_default_method(DSO_METHOD *meth);

-DSO_METHOD *DSO_get_default_method(void);

-DSO_METHOD *DSO_get_method(DSO *dso);

-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);

-/* The all-singing all-dancing load function, you normally pass NULL

- * for the first and third parameters. Use DSO_up and DSO_free for

- * subsequent reference count handling. Any flags passed in will be set

- * in the constructed DSO after its init() function but before the

- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */

-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);

-/* This function binds to a variable inside a shared library. */

-void *DSO_bind_var(DSO *dso, const char *symname);

-/* This function binds to a function inside a shared library. */

-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);

-/* This method is the default, but will beg, borrow, or steal whatever

- * method should be the default on any particular platform (including

- * DSO_METH_null() if necessary). */

-DSO_METHOD *DSO_METHOD_openssl(void);

-/* This method is defined for all platforms - if a platform has no

- * DSO support then this will be the only method! */

-DSO_METHOD *DSO_METHOD_null(void);

-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions

- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into

- * this method. If not, this method will return NULL. */

-DSO_METHOD *DSO_METHOD_dlfcn(void);

-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load,

- * shl_unload, shl_findsym, etc) will be used and incorporated into

- * this method. If not, this method will return NULL. */

-DSO_METHOD *DSO_METHOD_dl(void);

-/* If WIN32 is defined, use DLLs. If not, return NULL. */

-DSO_METHOD *DSO_METHOD_win32(void);

-/* If VMS is defined, use shared images. If not, return NULL. */

-DSO_METHOD *DSO_METHOD_vms(void);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_DSO_strings(void);

-/* Error codes for the DSO functions. */

-/* Function codes. */

-#define DSO_F_DLFCN_BIND_FUNC				 100

-#define DSO_F_DLFCN_BIND_VAR				 101

-#define DSO_F_DLFCN_LOAD				 102

-#define DSO_F_DLFCN_MERGER				 130

-#define DSO_F_DLFCN_NAME_CONVERTER			 123

-#define DSO_F_DLFCN_UNLOAD				 103

-#define DSO_F_DL_BIND_FUNC				 104

-#define DSO_F_DL_BIND_VAR				 105

-#define DSO_F_DL_LOAD					 106

-#define DSO_F_DL_MERGER					 131

-#define DSO_F_DL_NAME_CONVERTER				 124

-#define DSO_F_DL_UNLOAD					 107

-#define DSO_F_DSO_BIND_FUNC				 108

-#define DSO_F_DSO_BIND_VAR				 109

-#define DSO_F_DSO_CONVERT_FILENAME			 126

-#define DSO_F_DSO_CTRL					 110

-#define DSO_F_DSO_FREE					 111

-#define DSO_F_DSO_GET_FILENAME				 127

-#define DSO_F_DSO_GET_LOADED_FILENAME			 128

-#define DSO_F_DSO_LOAD					 112

-#define DSO_F_DSO_MERGE					 132

-#define DSO_F_DSO_NEW_METHOD				 113

-#define DSO_F_DSO_SET_FILENAME				 129

-#define DSO_F_DSO_SET_NAME_CONVERTER			 122

-#define DSO_F_DSO_UP_REF				 114

-#define DSO_F_VMS_BIND_SYM				 115

-#define DSO_F_VMS_LOAD					 116

-#define DSO_F_VMS_MERGER				 133

-#define DSO_F_VMS_UNLOAD				 117

-#define DSO_F_WIN32_BIND_FUNC				 118

-#define DSO_F_WIN32_BIND_VAR				 119

-#define DSO_F_WIN32_JOINER				 135

-#define DSO_F_WIN32_LOAD				 120

-#define DSO_F_WIN32_MERGER				 134

-#define DSO_F_WIN32_NAME_CONVERTER			 125

-#define DSO_F_WIN32_SPLITTER				 136

-#define DSO_F_WIN32_UNLOAD				 121

-/* Reason codes. */

-#define DSO_R_CTRL_FAILED				 100

-#define DSO_R_DSO_ALREADY_LOADED			 110

-#define DSO_R_EMPTY_FILE_STRUCTURE			 113

-#define DSO_R_FAILURE					 114

-#define DSO_R_FILENAME_TOO_BIG				 101

-#define DSO_R_FINISH_FAILED				 102

-#define DSO_R_INCORRECT_FILE_SYNTAX			 115

-#define DSO_R_LOAD_FAILED				 103

-#define DSO_R_NAME_TRANSLATION_FAILED			 109

-#define DSO_R_NO_FILENAME				 111

-#define DSO_R_NO_FILE_SPECIFICATION			 116

-#define DSO_R_NULL_HANDLE				 104

-#define DSO_R_SET_FILENAME_FAILED			 112

-#define DSO_R_STACK_ERROR				 105

-#define DSO_R_SYM_FAILURE				 106

-#define DSO_R_UNLOAD_FAILED				 107

-#define DSO_R_UNSUPPORTED				 108

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_dl.c

+++ /dev/null

@@ -1,353 +1,0 @@

-/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-#ifndef DSO_DL

-DSO_METHOD *DSO_METHOD_dl(void)

-       {

-       return NULL;

-       }

-#else

-#include <dl.h>

-/* Part of the hack in "dl_load" ... */

-#define DSO_MAX_TRANSLATED_SIZE 256

-static int dl_load(DSO *dso);

-static int dl_unload(DSO *dso);

-static void *dl_bind_var(DSO *dso, const char *symname);

-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);

-#if 0

-static int dl_unbind_var(DSO *dso, char *symname, void *symptr);

-static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);

-static int dl_init(DSO *dso);

-static int dl_finish(DSO *dso);

-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);

-#endif

-static char *dl_name_converter(DSO *dso, const char *filename);

-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);

-static DSO_METHOD dso_meth_dl = {

-	"OpenSSL 'dl' shared library method",

-	dl_load,

-	dl_unload,

-	dl_bind_var,

-	dl_bind_func,

-/* For now, "unbind" doesn't exist */

-#if 0

-	NULL, /* unbind_var */

-	NULL, /* unbind_func */

-#endif

-	NULL, /* ctrl */

-	dl_name_converter,

-	dl_merger,

-	NULL, /* init */

-	NULL  /* finish */

-	};

-DSO_METHOD *DSO_METHOD_dl(void)

-	{

-	return(&dso_meth_dl);

-	}

-/* For this DSO_METHOD, our meth_data STACK will contain;

- * (i) the handle (shl_t) returned from shl_load().

- * NB: I checked on HPUX11 and shl_t is itself a pointer

- * type so the cast is safe.

- */

-static int dl_load(DSO *dso)

-	{

-	shl_t ptr = NULL;

-	/* We don't do any fancy retries or anything, just take the method's

-	 * (or DSO's if it has the callback set) best translation of the

-	 * platform-independant filename and try once with that. */

-	char *filename= DSO_convert_filename(dso, NULL);

-	if(filename == NULL)

-		{

-		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);

-		goto err;

-		}

-	ptr = shl_load(filename, BIND_IMMEDIATE |

-		(dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);

-		ERR_add_error_data(4, "filename(", filename, "): ",

-			strerror(errno));

-		goto err;

-		}

-	if(!sk_push(dso->meth_data, (char *)ptr))

-		{

-		DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);

-		goto err;

-		}

-	/* Success, stick the converted filename we've loaded under into the DSO

-	 * (it also serves as the indicator that we are currently loaded). */

-	dso->loaded_filename = filename;

-	return(1);

-err:

-	/* Cleanup! */

-	if(filename != NULL)

-		OPENSSL_free(filename);

-	if(ptr != NULL)

-		shl_unload(ptr);

-	return(0);

-	}

-static int dl_unload(DSO *dso)

-	{

-	shl_t ptr;

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		return(1);

-	/* Is this statement legal? */

-	ptr = (shl_t)sk_pop(dso->meth_data);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);

-		/* Should push the value back onto the stack in

-		 * case of a retry. */

-		sk_push(dso->meth_data, (char *)ptr);

-		return(0);

-		}

-	shl_unload(ptr);

-	return(1);

-	}

-static void *dl_bind_var(DSO *dso, const char *symname)

-	{

-	shl_t ptr;

-	void *sym;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);

-		return(NULL);

-		}

-	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);

-		return(NULL);

-		}

-	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)

-		{

-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);

-		ERR_add_error_data(4, "symname(", symname, "): ",

-			strerror(errno));

-		return(NULL);

-		}

-	return(sym);

-	}

-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)

-	{

-	shl_t ptr;

-	void *sym;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);

-		return(NULL);

-		}

-	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);

-		return(NULL);

-		}

-	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)

-		{

-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);

-		ERR_add_error_data(4, "symname(", symname, "): ",

-			strerror(errno));

-		return(NULL);

-		}

-	return((DSO_FUNC_TYPE)sym);

-	}

-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)

-	{

-	char *merged;

-	if(!filespec1 && !filespec2)

-		{

-		DSOerr(DSO_F_DL_MERGER,

-				ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	/* If the first file specification is a rooted path, it rules.

-	   same goes if the second file specification is missing. */

-	if (!filespec2 || filespec1[0] == '/')

-		{

-		merged = OPENSSL_malloc(strlen(filespec1) + 1);

-		if(!merged)

-			{

-			DSOerr(DSO_F_DL_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec1);

-		}

-	/* If the first file specification is missing, the second one rules. */

-	else if (!filespec1)

-		{

-		merged = OPENSSL_malloc(strlen(filespec2) + 1);

-		if(!merged)

-			{

-			DSOerr(DSO_F_DL_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec2);

-		}

-	else

-		/* This part isn't as trivial as it looks.  It assumes that

-		   the second file specification really is a directory, and

-		   makes no checks whatsoever.  Therefore, the result becomes

-		   the concatenation of filespec2 followed by a slash followed

-		   by filespec1. */

-		{

-		int spec2len, len;

-		spec2len = (filespec2 ? strlen(filespec2) : 0);

-		len = spec2len + (filespec1 ? strlen(filespec1) : 0);

-		if(filespec2 && filespec2[spec2len - 1] == '/')

-			{

-			spec2len--;

-			len--;

-			}

-		merged = OPENSSL_malloc(len + 2);

-		if(!merged)

-			{

-			DSOerr(DSO_F_DL_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec2);

-		merged[spec2len] = '/';

-		strcpy(&merged[spec2len + 1], filespec1);

-		}

-	return(merged);

-	}

-/* This function is identical to the one in dso_dlfcn.c, but as it is highly

- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the

- * same time, there's no great duplicating the code. Figuring out an elegant

- * way to share one copy of the code would be more difficult and would not

- * leave the implementations independant. */

-#if defined(__hpux)

-static const char extension[] = ".sl";

-#else

-static const char extension[] = ".so";

-#endif

-static char *dl_name_converter(DSO *dso, const char *filename)

-	{

-	char *translated;

-	int len, rsize, transform;

-	len = strlen(filename);

-	rsize = len + 1;

-	transform = (strstr(filename, "/") == NULL);

-		{

-		/* We will convert this to "%s.s?" or "lib%s.s?" */

-		rsize += strlen(extension);/* The length of ".s?" */

-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)

-			rsize += 3; /* The length of "lib" */

-		}

-	translated = OPENSSL_malloc(rsize);

-	if(translated == NULL)

-		{

-		DSOerr(DSO_F_DL_NAME_CONVERTER,

-				DSO_R_NAME_TRANSLATION_FAILED);

-		return(NULL);

-		}

-	if(transform)

-		{

-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)

-			sprintf(translated, "lib%s%s", filename, extension);

-		else

-			sprintf(translated, "%s%s", filename, extension);

-		}

-	else

-		sprintf(translated, "%s", filename);

-	return(translated);

-	}

-#endif /* DSO_DL */

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_dlfcn.c

+++ /dev/null

@@ -1,369 +1,0 @@

-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-#ifndef DSO_DLFCN

-DSO_METHOD *DSO_METHOD_dlfcn(void)

-	{

-	return NULL;

-	}

-#else

-#ifdef HAVE_DLFCN_H

-#include <dlfcn.h>

-#endif

-/* Part of the hack in "dlfcn_load" ... */

-#define DSO_MAX_TRANSLATED_SIZE 256

-static int dlfcn_load(DSO *dso);

-static int dlfcn_unload(DSO *dso);

-static void *dlfcn_bind_var(DSO *dso, const char *symname);

-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);

-#if 0

-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);

-static int dlfcn_init(DSO *dso);

-static int dlfcn_finish(DSO *dso);

-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);

-#endif

-static char *dlfcn_name_converter(DSO *dso, const char *filename);

-static char *dlfcn_merger(DSO *dso, const char *filespec1,

-	const char *filespec2);

-static DSO_METHOD dso_meth_dlfcn = {

-	"OpenSSL 'dlfcn' shared library method",

-	dlfcn_load,

-	dlfcn_unload,

-	dlfcn_bind_var,

-	dlfcn_bind_func,

-/* For now, "unbind" doesn't exist */

-#if 0

-	NULL, /* unbind_var */

-	NULL, /* unbind_func */

-#endif

-	NULL, /* ctrl */

-	dlfcn_name_converter,

-	dlfcn_merger,

-	NULL, /* init */

-	NULL  /* finish */

-	};

-DSO_METHOD *DSO_METHOD_dlfcn(void)

-	{

-	return(&dso_meth_dlfcn);

-	}

-/* Prior to using the dlopen() function, we should decide on the flag

- * we send. There's a few different ways of doing this and it's a

- * messy venn-diagram to match up which platforms support what. So

- * as we don't have autoconf yet, I'm implementing a hack that could

- * be hacked further relatively easily to deal with cases as we find

- * them. Initially this is to cope with OpenBSD. */

-#if defined(__OpenBSD__) || defined(__NetBSD__)

-#	ifdef DL_LAZY

-#		define DLOPEN_FLAG DL_LAZY

-#	else

-#		ifdef RTLD_NOW

-#			define DLOPEN_FLAG RTLD_NOW

-#		else

-#			define DLOPEN_FLAG 0

-#		endif

-#	endif

-#else

-#	ifdef OPENSSL_SYS_SUNOS

-#		define DLOPEN_FLAG 1

-#	else

-#		define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */

-#	endif

-#endif

-/* For this DSO_METHOD, our meth_data STACK will contain;

- * (i) the handle (void*) returned from dlopen().

- */

-static int dlfcn_load(DSO *dso)

-	{

-	void *ptr = NULL;

-	/* See applicable comments in dso_dl.c */

-	char *filename = DSO_convert_filename(dso, NULL);

-	int flags = DLOPEN_FLAG;

-	if(filename == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);

-		goto err;

-		}

-#ifdef RTLD_GLOBAL

-	if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)

-		flags |= RTLD_GLOBAL;

-#endif

-	ptr = dlopen(filename, flags);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);

-		ERR_add_error_data(4, "filename(", filename, "): ", dlerror());

-		goto err;

-		}

-	if(!sk_push(dso->meth_data, (char *)ptr))

-		{

-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);

-		goto err;

-		}

-	/* Success */

-	dso->loaded_filename = filename;

-	return(1);

-err:

-	/* Cleanup! */

-	if(filename != NULL)

-		OPENSSL_free(filename);

-	if(ptr != NULL)

-		dlclose(ptr);

-	return(0);

-}

-static int dlfcn_unload(DSO *dso)

-	{

-	void *ptr;

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		return(1);

-	ptr = (void *)sk_pop(dso->meth_data);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);

-		/* Should push the value back onto the stack in

-		 * case of a retry. */

-		sk_push(dso->meth_data, (char *)ptr);

-		return(0);

-		}

-	/* For now I'm not aware of any errors associated with dlclose() */

-	dlclose(ptr);

-	return(1);

-	}

-static void *dlfcn_bind_var(DSO *dso, const char *symname)

-	{

-	void *ptr, *sym;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);

-		return(NULL);

-		}

-	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);

-		return(NULL);

-		}

-	sym = dlsym(ptr, symname);

-	if(sym == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);

-		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());

-		return(NULL);

-		}

-	return(sym);

-	}

-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)

-	{

-	void *ptr;

-	DSO_FUNC_TYPE sym, *tsym = &sym;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);

-		return(NULL);

-		}

-	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);

-		return(NULL);

-		}

-	*(void **)(tsym) = dlsym(ptr, symname);

-	if(sym == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);

-		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());

-		return(NULL);

-		}

-	return(sym);

-	}

-static char *dlfcn_merger(DSO *dso, const char *filespec1,

-	const char *filespec2)

-	{

-	char *merged;

-	if(!filespec1 && !filespec2)

-		{

-		DSOerr(DSO_F_DLFCN_MERGER,

-				ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	/* If the first file specification is a rooted path, it rules.

-	   same goes if the second file specification is missing. */

-	if (!filespec2 || filespec1[0] == '/')

-		{

-		merged = OPENSSL_malloc(strlen(filespec1) + 1);

-		if(!merged)

-			{

-			DSOerr(DSO_F_DLFCN_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec1);

-		}

-	/* If the first file specification is missing, the second one rules. */

-	else if (!filespec1)

-		{

-		merged = OPENSSL_malloc(strlen(filespec2) + 1);

-		if(!merged)

-			{

-			DSOerr(DSO_F_DLFCN_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec2);

-		}

-	else

-		/* This part isn't as trivial as it looks.  It assumes that

-		   the second file specification really is a directory, and

-		   makes no checks whatsoever.  Therefore, the result becomes

-		   the concatenation of filespec2 followed by a slash followed

-		   by filespec1. */

-		{

-		int spec2len, len;

-		spec2len = (filespec2 ? strlen(filespec2) : 0);

-		len = spec2len + (filespec1 ? strlen(filespec1) : 0);

-		if(filespec2 && filespec2[spec2len - 1] == '/')

-			{

-			spec2len--;

-			len--;

-			}

-		merged = OPENSSL_malloc(len + 2);

-		if(!merged)

-			{

-			DSOerr(DSO_F_DLFCN_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec2);

-		merged[spec2len] = '/';

-		strcpy(&merged[spec2len + 1], filespec1);

-		}

-	return(merged);

-	}

-static char *dlfcn_name_converter(DSO *dso, const char *filename)

-	{

-	char *translated;

-	int len, rsize, transform;

-	len = strlen(filename);

-	rsize = len + 1;

-	transform = (strstr(filename, "/") == NULL);

-	if(transform)

-		{

-		/* We will convert this to "%s.so" or "lib%s.so" */

-		rsize += 3;	/* The length of ".so" */

-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)

-			rsize += 3; /* The length of "lib" */

-		}

-	translated = OPENSSL_malloc(rsize);

-	if(translated == NULL)

-		{

-		DSOerr(DSO_F_DLFCN_NAME_CONVERTER,

-				DSO_R_NAME_TRANSLATION_FAILED);

-		return(NULL);

-		}

-	if(transform)

-		{

-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)

-			sprintf(translated, "lib%s.so", filename);

-		else

-			sprintf(translated, "%s.so", filename);

-		}

-	else

-		sprintf(translated, "%s", filename);

-	return(translated);

-	}

-#endif /* DSO_DLFCN */

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_err.c

+++ /dev/null

@@ -1,147 +1,0 @@

-/* crypto/dso/dso_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/dso.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)

-static ERR_STRING_DATA DSO_str_functs[]=

-	{

-{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),	"DLFCN_BIND_FUNC"},

-{ERR_FUNC(DSO_F_DLFCN_BIND_VAR),	"DLFCN_BIND_VAR"},

-{ERR_FUNC(DSO_F_DLFCN_LOAD),	"DLFCN_LOAD"},

-{ERR_FUNC(DSO_F_DLFCN_MERGER),	"DLFCN_MERGER"},

-{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),	"DLFCN_NAME_CONVERTER"},

-{ERR_FUNC(DSO_F_DLFCN_UNLOAD),	"DLFCN_UNLOAD"},

-{ERR_FUNC(DSO_F_DL_BIND_FUNC),	"DL_BIND_FUNC"},

-{ERR_FUNC(DSO_F_DL_BIND_VAR),	"DL_BIND_VAR"},

-{ERR_FUNC(DSO_F_DL_LOAD),	"DL_LOAD"},

-{ERR_FUNC(DSO_F_DL_MERGER),	"DL_MERGER"},

-{ERR_FUNC(DSO_F_DL_NAME_CONVERTER),	"DL_NAME_CONVERTER"},

-{ERR_FUNC(DSO_F_DL_UNLOAD),	"DL_UNLOAD"},

-{ERR_FUNC(DSO_F_DSO_BIND_FUNC),	"DSO_bind_func"},

-{ERR_FUNC(DSO_F_DSO_BIND_VAR),	"DSO_bind_var"},

-{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME),	"DSO_convert_filename"},

-{ERR_FUNC(DSO_F_DSO_CTRL),	"DSO_ctrl"},

-{ERR_FUNC(DSO_F_DSO_FREE),	"DSO_free"},

-{ERR_FUNC(DSO_F_DSO_GET_FILENAME),	"DSO_get_filename"},

-{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),	"DSO_get_loaded_filename"},

-{ERR_FUNC(DSO_F_DSO_LOAD),	"DSO_load"},

-{ERR_FUNC(DSO_F_DSO_MERGE),	"DSO_merge"},

-{ERR_FUNC(DSO_F_DSO_NEW_METHOD),	"DSO_new_method"},

-{ERR_FUNC(DSO_F_DSO_SET_FILENAME),	"DSO_set_filename"},

-{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),	"DSO_set_name_converter"},

-{ERR_FUNC(DSO_F_DSO_UP_REF),	"DSO_up_ref"},

-{ERR_FUNC(DSO_F_VMS_BIND_SYM),	"VMS_BIND_SYM"},

-{ERR_FUNC(DSO_F_VMS_LOAD),	"VMS_LOAD"},

-{ERR_FUNC(DSO_F_VMS_MERGER),	"VMS_MERGER"},

-{ERR_FUNC(DSO_F_VMS_UNLOAD),	"VMS_UNLOAD"},

-{ERR_FUNC(DSO_F_WIN32_BIND_FUNC),	"WIN32_BIND_FUNC"},

-{ERR_FUNC(DSO_F_WIN32_BIND_VAR),	"WIN32_BIND_VAR"},

-{ERR_FUNC(DSO_F_WIN32_JOINER),	"WIN32_JOINER"},

-{ERR_FUNC(DSO_F_WIN32_LOAD),	"WIN32_LOAD"},

-{ERR_FUNC(DSO_F_WIN32_MERGER),	"WIN32_MERGER"},

-{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),	"WIN32_NAME_CONVERTER"},

-{ERR_FUNC(DSO_F_WIN32_SPLITTER),	"WIN32_SPLITTER"},

-{ERR_FUNC(DSO_F_WIN32_UNLOAD),	"WIN32_UNLOAD"},

-{0,NULL}

-	};

-static ERR_STRING_DATA DSO_str_reasons[]=

-	{

-{ERR_REASON(DSO_R_CTRL_FAILED)           ,"control command failed"},

-{ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    ,"dso already loaded"},

-{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE)  ,"empty file structure"},

-{ERR_REASON(DSO_R_FAILURE)               ,"failure"},

-{ERR_REASON(DSO_R_FILENAME_TOO_BIG)      ,"filename too big"},

-{ERR_REASON(DSO_R_FINISH_FAILED)         ,"cleanup method function failed"},

-{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"},

-{ERR_REASON(DSO_R_LOAD_FAILED)           ,"could not load the shared library"},

-{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},

-{ERR_REASON(DSO_R_NO_FILENAME)           ,"no filename"},

-{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"},

-{ERR_REASON(DSO_R_NULL_HANDLE)           ,"a null shared library handle was used"},

-{ERR_REASON(DSO_R_SET_FILENAME_FAILED)   ,"set filename failed"},

-{ERR_REASON(DSO_R_STACK_ERROR)           ,"the meth_data stack is corrupt"},

-{ERR_REASON(DSO_R_SYM_FAILURE)           ,"could not bind to the requested symbol name"},

-{ERR_REASON(DSO_R_UNLOAD_FAILED)         ,"could not unload the shared library"},

-{ERR_REASON(DSO_R_UNSUPPORTED)           ,"functionality not supported"},

-{0,NULL}

-	};

-#endif

-void ERR_load_DSO_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(DSO_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,DSO_str_functs);

-		ERR_load_strings(0,DSO_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_lib.c

+++ /dev/null

@@ -1,466 +1,0 @@

-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-static DSO_METHOD *default_DSO_meth = NULL;

-DSO *DSO_new(void)

-	{

-	return(DSO_new_method(NULL));

-	}

-void DSO_set_default_method(DSO_METHOD *meth)

-	{

-	default_DSO_meth = meth;

-	}

-DSO_METHOD *DSO_get_default_method(void)

-	{

-	return(default_DSO_meth);

-	}

-DSO_METHOD *DSO_get_method(DSO *dso)

-	{

-	return(dso->meth);

-	}

-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)

-	{

-	DSO_METHOD *mtmp;

-	mtmp = dso->meth;

-	dso->meth = meth;

-	return(mtmp);

-	}

-DSO *DSO_new_method(DSO_METHOD *meth)

-	{

-	DSO *ret;

-	if(default_DSO_meth == NULL)

-		/* We default to DSO_METH_openssl() which in turn defaults

-		 * to stealing the "best available" method. Will fallback

-		 * to DSO_METH_null() in the worst case. */

-		default_DSO_meth = DSO_METHOD_openssl();

-	ret = (DSO *)OPENSSL_malloc(sizeof(DSO));

-	if(ret == NULL)

-		{

-		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	memset(ret, 0, sizeof(DSO));

-	ret->meth_data = sk_new_null();

-	if(ret->meth_data == NULL)

-		{

-		/* sk_new doesn't generate any errors so we do */

-		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		OPENSSL_free(ret);

-		return(NULL);

-		}

-	if(meth == NULL)

-		ret->meth = default_DSO_meth;

-	else

-		ret->meth = meth;

-	ret->references = 1;

-	if((ret->meth->init != NULL) && !ret->meth->init(ret))

-		{

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-int DSO_free(DSO *dso)

-	{

-        int i;

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);

-#ifdef REF_PRINT

-	REF_PRINT("DSO",dso);

-#endif

-	if(i > 0) return(1);

-#ifdef REF_CHECK

-	if(i < 0)

-		{

-		fprintf(stderr,"DSO_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))

-		{

-		DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);

-		return(0);

-		}

-	if((dso->meth->finish != NULL) && !dso->meth->finish(dso))

-		{

-		DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);

-		return(0);

-		}

-	sk_free(dso->meth_data);

-	if(dso->filename != NULL)

-		OPENSSL_free(dso->filename);

-	if(dso->loaded_filename != NULL)

-		OPENSSL_free(dso->loaded_filename);

-	OPENSSL_free(dso);

-	return(1);

-	}

-int DSO_flags(DSO *dso)

-	{

-	return((dso == NULL) ? 0 : dso->flags);

-	}

-int DSO_up_ref(DSO *dso)

-	{

-	if (dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);

-	return(1);

-	}

-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)

-	{

-	DSO *ret;

-	int allocated = 0;

-	if(dso == NULL)

-		{

-		ret = DSO_new_method(meth);

-		if(ret == NULL)

-			{

-			DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		allocated = 1;

-		/* Pass the provided flags to the new DSO object */

-		if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)

-			{

-			DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);

-			goto err;

-			}

-		}

-	else

-		ret = dso;

-	/* Don't load if we're currently already loaded */

-	if(ret->filename != NULL)

-		{

-		DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);

-		goto err;

-		}

-	/* filename can only be NULL if we were passed a dso that already has

-	 * one set. */

-	if(filename != NULL)

-		if(!DSO_set_filename(ret, filename))

-			{

-			DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);

-			goto err;

-			}

-	filename = ret->filename;

-	if(filename == NULL)

-		{

-		DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);

-		goto err;

-		}

-	if(ret->meth->dso_load == NULL)

-		{

-		DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);

-		goto err;

-		}

-	if(!ret->meth->dso_load(ret))

-		{

-		DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);

-		goto err;

-		}

-	/* Load succeeded */

-	return(ret);

-err:

-	if(allocated)

-		DSO_free(ret);

-	return(NULL);

-	}

-void *DSO_bind_var(DSO *dso, const char *symname)

-	{

-	void *ret = NULL;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(dso->meth->dso_bind_var == NULL)

-		{

-		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);

-		return(NULL);

-		}

-	if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)

-		{

-		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);

-		return(NULL);

-		}

-	/* Success */

-	return(ret);

-	}

-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)

-	{

-	DSO_FUNC_TYPE ret = NULL;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(dso->meth->dso_bind_func == NULL)

-		{

-		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);

-		return(NULL);

-		}

-	if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)

-		{

-		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);

-		return(NULL);

-		}

-	/* Success */

-	return(ret);

-	}

-/* I don't really like these *_ctrl functions very much to be perfectly

- * honest. For one thing, I think I have to return a negative value for

- * any error because possible DSO_ctrl() commands may return values

- * such as "size"s that can legitimately be zero (making the standard

- * "if(DSO_cmd(...))" form that works almost everywhere else fail at

- * odd times. I'd prefer "output" values to be passed by reference and

- * the return value as success/failure like usual ... but we conform

- * when we must... :-) */

-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)

-	{

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-		return(-1);

-		}

-	/* We should intercept certain generic commands and only pass control

-	 * to the method-specific ctrl() function if it's something we don't

-	 * handle. */

-	switch(cmd)

-		{

-	case DSO_CTRL_GET_FLAGS:

-		return dso->flags;

-	case DSO_CTRL_SET_FLAGS:

-		dso->flags = (int)larg;

-		return(0);

-	case DSO_CTRL_OR_FLAGS:

-		dso->flags |= (int)larg;

-		return(0);

-	default:

-		break;

-		}

-	if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))

-		{

-		DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);

-		return(-1);

-		}

-	return(dso->meth->dso_ctrl(dso,cmd,larg,parg));

-	}

-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,

-			DSO_NAME_CONVERTER_FUNC *oldcb)

-	{

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,

-				ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if(oldcb)

-		*oldcb = dso->name_converter;

-	dso->name_converter = cb;

-	return(1);

-	}

-const char *DSO_get_filename(DSO *dso)

-	{

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	return(dso->filename);

-	}

-int DSO_set_filename(DSO *dso, const char *filename)

-	{

-	char *copied;

-	if((dso == NULL) || (filename == NULL))

-		{

-		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if(dso->loaded_filename)

-		{

-		DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);

-		return(0);

-		}

-	/* We'll duplicate filename */

-	copied = OPENSSL_malloc(strlen(filename) + 1);

-	if(copied == NULL)

-		{

-		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	BUF_strlcpy(copied, filename, strlen(filename) + 1);

-	if(dso->filename)

-		OPENSSL_free(dso->filename);

-	dso->filename = copied;

-	return(1);

-	}

-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)

-	{

-	char *result = NULL;

-	if(dso == NULL || filespec1 == NULL)

-		{

-		DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(filespec1 == NULL)

-		filespec1 = dso->filename;

-	if(filespec1 == NULL)

-		{

-		DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);

-		return(NULL);

-		}

-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)

-		{

-		if(dso->merger != NULL)

-			result = dso->merger(dso, filespec1, filespec2);

-		else if(dso->meth->dso_merger != NULL)

-			result = dso->meth->dso_merger(dso,

-				filespec1, filespec2);

-		}

-	return(result);

-	}

-char *DSO_convert_filename(DSO *dso, const char *filename)

-	{

-	char *result = NULL;

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(filename == NULL)

-		filename = dso->filename;

-	if(filename == NULL)

-		{

-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);

-		return(NULL);

-		}

-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)

-		{

-		if(dso->name_converter != NULL)

-			result = dso->name_converter(dso, filename);

-		else if(dso->meth->dso_name_converter != NULL)

-			result = dso->meth->dso_name_converter(dso, filename);

-		}

-	if(result == NULL)

-		{

-		result = OPENSSL_malloc(strlen(filename) + 1);

-		if(result == NULL)

-			{

-			DSOerr(DSO_F_DSO_CONVERT_FILENAME,

-					ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		BUF_strlcpy(result, filename, strlen(filename) + 1);

-		}

-	return(result);

-	}

-const char *DSO_get_loaded_filename(DSO *dso)

-	{

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,

-				ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	return(dso->loaded_filename);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_null.c

+++ /dev/null

@@ -1,88 +1,0 @@

-/* dso_null.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* This "NULL" method is provided as the fallback for systems that have

- * no appropriate support for "shared-libraries". */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-static DSO_METHOD dso_meth_null = {

-	"NULL shared library method",

-	NULL, /* load */

-	NULL, /* unload */

-	NULL, /* bind_var */

-	NULL, /* bind_func */

-/* For now, "unbind" doesn't exist */

-#if 0

-	NULL, /* unbind_var */

-	NULL, /* unbind_func */

-#endif

-	NULL, /* ctrl */

-	NULL, /* dso_name_converter */

-	NULL, /* dso_merger */

-	NULL, /* init */

-	NULL  /* finish */

-	};

-DSO_METHOD *DSO_METHOD_null(void)

-	{

-	return(&dso_meth_null);

-	}

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_openssl.c

+++ /dev/null

@@ -1,81 +1,0 @@

-/* dso_openssl.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-/* We just pinch the method from an appropriate "default" method. */

-DSO_METHOD *DSO_METHOD_openssl(void)

-	{

-#ifdef DEF_DSO_METHOD

-	return(DEF_DSO_METHOD());

-#elif defined(DSO_DLFCN)

-	return(DSO_METHOD_dlfcn());

-#elif defined(DSO_DL)

-	return(DSO_METHOD_dl());

-#elif defined(DSO_WIN32)

-	return(DSO_METHOD_win32());

-#elif defined(DSO_VMS)

-	return(DSO_METHOD_vms());

-#else

-	return(DSO_METHOD_null());

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_vms.c

+++ /dev/null

@@ -1,504 +1,0 @@

-/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-#ifdef OPENSSL_SYS_VMS

-#pragma message disable DOLLARID

-#include <rms.h>

-#include <lib$routines.h>

-#include <stsdef.h>

-#include <descrip.h>

-#include <starlet.h>

-#endif

-#ifndef OPENSSL_SYS_VMS

-DSO_METHOD *DSO_METHOD_vms(void)

-	{

-	return NULL;

-	}

-#else

-#pragma message disable DOLLARID

-static int vms_load(DSO *dso);

-static int vms_unload(DSO *dso);

-static void *vms_bind_var(DSO *dso, const char *symname);

-static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);

-#if 0

-static int vms_unbind_var(DSO *dso, char *symname, void *symptr);

-static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);

-static int vms_init(DSO *dso);

-static int vms_finish(DSO *dso);

-static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);

-#endif

-static char *vms_name_converter(DSO *dso, const char *filename);

-static char *vms_merger(DSO *dso, const char *filespec1,

-	const char *filespec2);

-static DSO_METHOD dso_meth_vms = {

-	"OpenSSL 'VMS' shared library method",

-	vms_load,

-	NULL, /* unload */

-	vms_bind_var,

-	vms_bind_func,

-/* For now, "unbind" doesn't exist */

-#if 0

-	NULL, /* unbind_var */

-	NULL, /* unbind_func */

-#endif

-	NULL, /* ctrl */

-	vms_name_converter,

-	vms_merger,

-	NULL, /* init */

-	NULL  /* finish */

-	};

-/* On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends

- * on the reference to the file name being the same for all calls regarding

- * one shared image, so we'll just store it in an instance of the following

- * structure and put a pointer to that instance in the meth_data stack.

- */

-typedef struct dso_internal_st

-	{

-	/* This should contain the name only, no directory,

-	 * no extension, nothing but a name. */

-	struct dsc$descriptor_s filename_dsc;

-	char filename[FILENAME_MAX+1];

-	/* This contains whatever is not in filename, if needed.

-	 * Normally not defined. */

-	struct dsc$descriptor_s imagename_dsc;

-	char imagename[FILENAME_MAX+1];

-	} DSO_VMS_INTERNAL;

-DSO_METHOD *DSO_METHOD_vms(void)

-	{

-	return(&dso_meth_vms);

-	}

-static int vms_load(DSO *dso)

-	{

-	void *ptr = NULL;

-	/* See applicable comments in dso_dl.c */

-	char *filename = DSO_convert_filename(dso, NULL);

-	DSO_VMS_INTERNAL *p;

-	const char *sp1, *sp2;	/* Search result */

-	if(filename == NULL)

-		{

-		DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME);

-		goto err;

-		}

-	/* A file specification may look like this:

-	 *

-	 *	node::dev:[dir-spec]name.type;ver

-	 *

-	 * or (for compatibility with TOPS-20):

-	 *

-	 *	node::dev:<dir-spec>name.type;ver

-	 *

-	 * and the dir-spec uses '.' as separator.  Also, a dir-spec

-	 * may consist of several parts, with mixed use of [] and <>:

-	 *

-	 *	[dir1.]<dir2>

-	 *

-	 * We need to split the file specification into the name and

-	 * the rest (both before and after the name itself).

-	 */

-	/* Start with trying to find the end of a dir-spec, and save the

-	   position of the byte after in sp1 */

-	sp1 = strrchr(filename, ']');

-	sp2 = strrchr(filename, '>');

-	if (sp1 == NULL) sp1 = sp2;

-	if (sp2 != NULL && sp2 > sp1) sp1 = sp2;

-	if (sp1 == NULL) sp1 = strrchr(filename, ':');

-	if (sp1 == NULL)

-		sp1 = filename;

-	else

-		sp1++;		/* The byte after the found character */

-	/* Now, let's see if there's a type, and save the position in sp2 */

-	sp2 = strchr(sp1, '.');

-	/* If we found it, that's where we'll cut.  Otherwise, look for a

-	   version number and save the position in sp2 */

-	if (sp2 == NULL) sp2 = strchr(sp1, ';');

-	/* If there was still nothing to find, set sp2 to point at the end of

-	   the string */

-	if (sp2 == NULL) sp2 = sp1 + strlen(sp1);

-	/* Check that we won't get buffer overflows */

-	if (sp2 - sp1 > FILENAME_MAX

-		|| (sp1 - filename) + strlen(sp2) > FILENAME_MAX)

-		{

-		DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);

-		goto err;

-		}

-	p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));

-	if(p == NULL)

-		{

-		DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	strncpy(p->filename, sp1, sp2-sp1);

-	p->filename[sp2-sp1] = '\0';

-	strncpy(p->imagename, filename, sp1-filename);

-	p->imagename[sp1-filename] = '\0';

-	strcat(p->imagename, sp2);

-	p->filename_dsc.dsc$w_length = strlen(p->filename);

-	p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-	p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;

-	p->filename_dsc.dsc$a_pointer = p->filename;

-	p->imagename_dsc.dsc$w_length = strlen(p->imagename);

-	p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-	p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;

-	p->imagename_dsc.dsc$a_pointer = p->imagename;

-	if(!sk_push(dso->meth_data, (char *)p))

-		{

-		DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);

-		goto err;

-		}

-	/* Success (for now, we lie.  We actually do not know...) */

-	dso->loaded_filename = filename;

-	return(1);

-err:

-	/* Cleanup! */

-	if(p != NULL)

-		OPENSSL_free(p);

-	if(filename != NULL)

-		OPENSSL_free(filename);

-	return(0);

-	}

-/* Note that this doesn't actually unload the shared image, as there is no

- * such thing in VMS.  Next time it get loaded again, a new copy will

- * actually be loaded.

- */

-static int vms_unload(DSO *dso)

-	{

-	DSO_VMS_INTERNAL *p;

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		return(1);

-	p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);

-	if(p == NULL)

-		{

-		DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);

-		return(0);

-		}

-	/* Cleanup */

-	OPENSSL_free(p);

-	return(1);

-	}

-/* We must do this in a separate function because of the way the exception

-   handler works (it makes this function return */

-static int do_find_symbol(DSO_VMS_INTERNAL *ptr,

-	struct dsc$descriptor_s *symname_dsc, void **sym,

-	unsigned long flags)

-	{

-	/* Make sure that signals are caught and returned instead of

-	   aborting the program.  The exception handler gets unestablished

-	   automatically on return from this function.  */

-	lib$establish(lib$sig_to_ret);

-	if(ptr->imagename_dsc.dsc$w_length)

-		return lib$find_image_symbol(&ptr->filename_dsc,

-			symname_dsc, sym,

-			&ptr->imagename_dsc, flags);

-	else

-		return lib$find_image_symbol(&ptr->filename_dsc,

-			symname_dsc, sym,

-			0, flags);

-	}

-void vms_bind_sym(DSO *dso, const char *symname, void **sym)

-	{

-	DSO_VMS_INTERNAL *ptr;

-	int status;

-#if 0

-	int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't

-                               defined in VMS older than 7.0 or so */

-#else

-	int flags = 0;

-#endif

-	struct dsc$descriptor_s symname_dsc;

-	*sym = NULL;

-	symname_dsc.dsc$w_length = strlen(symname);

-	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-	symname_dsc.dsc$b_class = DSC$K_CLASS_S;

-	symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);

-		return;

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);

-		return;

-		}

-	ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,

-		sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE);

-		return;

-		}

-	if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;

-	status = do_find_symbol(ptr, &symname_dsc, sym, flags);

-	if(!$VMS_STATUS_SUCCESS(status))

-		{

-		unsigned short length;

-		char errstring[257];

-		struct dsc$descriptor_s errstring_dsc;

-		errstring_dsc.dsc$w_length = sizeof(errstring);

-		errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-		errstring_dsc.dsc$b_class = DSC$K_CLASS_S;

-		errstring_dsc.dsc$a_pointer = errstring;

-		*sym = NULL;

-		status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);

-		if (!$VMS_STATUS_SUCCESS(status))

-			lib$signal(status); /* This is really bad.  Abort!  */

-		else

-			{

-			errstring[length] = '\0';

-			DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE);

-			if (ptr->imagename_dsc.dsc$w_length)

-				ERR_add_error_data(9,

-					"Symbol ", symname,

-					" in ", ptr->filename,

-					" (", ptr->imagename, ")",

-					": ", errstring);

-			else

-				ERR_add_error_data(6,

-					"Symbol ", symname,

-					" in ", ptr->filename,

-					": ", errstring);

-			}

-		return;

-		}

-	return;

-	}

-static void *vms_bind_var(DSO *dso, const char *symname)

-	{

-	void *sym = 0;

-	vms_bind_sym(dso, symname, &sym);

-	return sym;

-	}

-static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)

-	{

-	DSO_FUNC_TYPE sym = 0;

-	vms_bind_sym(dso, symname, (void **)&sym);

-	return sym;

-	}

-static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)

-	{

-	int status;

-	int filespec1len, filespec2len;

-	struct FAB fab;

-#ifdef NAML$C_MAXRSS

-	struct NAML nam;

-	char esa[NAML$C_MAXRSS];

-#else

-	struct NAM nam;

-	char esa[NAM$C_MAXRSS];

-#endif

-	char *merged;

-	if (!filespec1) filespec1 = "";

-	if (!filespec2) filespec2 = "";

-	filespec1len = strlen(filespec1);

-	filespec2len = strlen(filespec2);

-	fab = cc$rms_fab;

-#ifdef NAML$C_MAXRSS

-	nam = cc$rms_naml;

-#else

-	nam = cc$rms_nam;

-#endif

-	fab.fab$l_fna = (char *)filespec1;

-	fab.fab$b_fns = filespec1len;

-	fab.fab$l_dna = (char *)filespec2;

-	fab.fab$b_dns = filespec2len;

-#ifdef NAML$C_MAXRSS

-	if (filespec1len > NAM$C_MAXRSS)

-		{

-		fab.fab$l_fna = 0;

-		fab.fab$b_fns = 0;

-		nam.naml$l_long_filename = (char *)filespec1;

-		nam.naml$l_long_filename_size = filespec1len;

-		}

-	if (filespec2len > NAM$C_MAXRSS)

-		{

-		fab.fab$l_dna = 0;

-		fab.fab$b_dns = 0;

-		nam.naml$l_long_defname = (char *)filespec2;

-		nam.naml$l_long_defname_size = filespec2len;

-		}

-	nam.naml$l_esa = esa;

-	nam.naml$b_ess = NAM$C_MAXRSS;

-	nam.naml$l_long_expand = esa;

-	nam.naml$l_long_expand_alloc = sizeof(esa);

-	nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;

-	nam.naml$v_no_short_upcase = 1;

-	fab.fab$l_naml = &nam;

-#else

-	nam.nam$l_esa = esa;

-	nam.nam$b_ess = NAM$C_MAXRSS;

-	nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;

-	fab.fab$l_nam = &nam;

-#endif

-	status = sys$parse(&fab, 0, 0);

-	if(!$VMS_STATUS_SUCCESS(status))

-		{

-		unsigned short length;

-		char errstring[257];

-		struct dsc$descriptor_s errstring_dsc;

-		errstring_dsc.dsc$w_length = sizeof(errstring);

-		errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;

-		errstring_dsc.dsc$b_class = DSC$K_CLASS_S;

-		errstring_dsc.dsc$a_pointer = errstring;

-		status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);

-		if (!$VMS_STATUS_SUCCESS(status))

-			lib$signal(status); /* This is really bad.  Abort!  */

-		else

-			{

-			errstring[length] = '\0';

-			DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE);

-			ERR_add_error_data(7,

-					   "filespec \"", filespec1, "\", ",

-					   "defaults \"", filespec2, "\": ",

-					   errstring);

-			}

-		return(NULL);

-		}

-#ifdef NAML$C_MAXRSS

-	if (nam.naml$l_long_expand_size)

-		{

-		merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);

-		if(!merged)

-			goto malloc_err;

-		strncpy(merged, nam.naml$l_long_expand,

-			nam.naml$l_long_expand_size);

-		merged[nam.naml$l_long_expand_size] = '\0';

-		}

-	else

-		{

-		merged = OPENSSL_malloc(nam.naml$b_esl + 1);

-		if(!merged)

-			goto malloc_err;

-		strncpy(merged, nam.naml$l_esa,

-			nam.naml$b_esl);

-		merged[nam.naml$b_esl] = '\0';

-		}

-#else

-	merged = OPENSSL_malloc(nam.nam$b_esl + 1);

-	if(!merged)

-		goto malloc_err;

-	strncpy(merged, nam.nam$l_esa,

-		nam.nam$b_esl);

-	merged[nam.nam$b_esl] = '\0';

-#endif

-	return(merged);

- malloc_err:

-	DSOerr(DSO_F_VMS_MERGER,

-		ERR_R_MALLOC_FAILURE);

-	}

-static char *vms_name_converter(DSO *dso, const char *filename)

-	{

-        int len = strlen(filename);

-        char *not_translated = OPENSSL_malloc(len+1);

-        strcpy(not_translated,filename);

-	return(not_translated);

-	}

-#endif /* OPENSSL_SYS_VMS */

--- a/sys/src/ape/lib/openssl/crypto/dso/dso_win32.c

+++ /dev/null

@@ -1,660 +1,0 @@

-/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/dso.h>

-#if !defined(DSO_WIN32)

-DSO_METHOD *DSO_METHOD_win32(void)

-	{

-	return NULL;

-	}

-#else

-#ifdef _WIN32_WCE

-# if _WIN32_WCE < 300

-static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)

-	{

-	WCHAR lpProcNameW[64];

-	int i;

-	for (i=0;lpProcName[i] && i<64;i++)

-		lpProcNameW[i] = (WCHAR)lpProcName[i];

-	if (i==64) return NULL;

-	lpProcNameW[i] = 0;

-	return GetProcAddressW(hModule,lpProcNameW);

-	}

-# endif

-# undef GetProcAddress

-# define GetProcAddress GetProcAddressA

-static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)

-	{

-	WCHAR *fnamw;

-	size_t len_0=strlen(lpLibFileName)+1,i;

-#ifdef _MSC_VER

-	fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));

-#else

-	fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR));

-#endif

-	if (fnamw == NULL) return NULL;

-#if defined(_WIN32_WCE) && _WIN32_WCE>=101

-	if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0))

-#endif

-		for (i=0;i<len_0;i++) fnamw[i]=(WCHAR)lpLibFileName[i];

-	return LoadLibraryW(fnamw);

-	}

-#endif

-/* Part of the hack in "win32_load" ... */

-#define DSO_MAX_TRANSLATED_SIZE 256

-static int win32_load(DSO *dso);

-static int win32_unload(DSO *dso);

-static void *win32_bind_var(DSO *dso, const char *symname);

-static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);

-#if 0

-static int win32_unbind_var(DSO *dso, char *symname, void *symptr);

-static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);

-static int win32_init(DSO *dso);

-static int win32_finish(DSO *dso);

-static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);

-#endif

-static char *win32_name_converter(DSO *dso, const char *filename);

-static char *win32_merger(DSO *dso, const char *filespec1,

-	const char *filespec2);

-static const char *openssl_strnchr(const char *string, int c, size_t len);

-static DSO_METHOD dso_meth_win32 = {

-	"OpenSSL 'win32' shared library method",

-	win32_load,

-	win32_unload,

-	win32_bind_var,

-	win32_bind_func,

-/* For now, "unbind" doesn't exist */

-#if 0

-	NULL, /* unbind_var */

-	NULL, /* unbind_func */

-#endif

-	NULL, /* ctrl */

-	win32_name_converter,

-	win32_merger,

-	NULL, /* init */

-	NULL  /* finish */

-	};

-DSO_METHOD *DSO_METHOD_win32(void)

-	{

-	return(&dso_meth_win32);

-	}

-/* For this DSO_METHOD, our meth_data STACK will contain;

- * (i) a pointer to the handle (HINSTANCE) returned from

- *     LoadLibrary(), and copied.

- */

-static int win32_load(DSO *dso)

-	{

-	HINSTANCE h = NULL, *p = NULL;

-	/* See applicable comments from dso_dl.c */

-	char *filename = DSO_convert_filename(dso, NULL);

-	if(filename == NULL)

-		{

-		DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);

-		goto err;

-		}

-	h = LoadLibraryA(filename);

-	if(h == NULL)

-		{

-		DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);

-		ERR_add_error_data(3, "filename(", filename, ")");

-		goto err;

-		}

-	p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));

-	if(p == NULL)

-		{

-		DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	*p = h;

-	if(!sk_push(dso->meth_data, (char *)p))

-		{

-		DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);

-		goto err;

-		}

-	/* Success */

-	dso->loaded_filename = filename;

-	return(1);

-err:

-	/* Cleanup !*/

-	if(filename != NULL)

-		OPENSSL_free(filename);

-	if(p != NULL)

-		OPENSSL_free(p);

-	if(h != NULL)

-		FreeLibrary(h);

-	return(0);

-	}

-static int win32_unload(DSO *dso)

-	{

-	HINSTANCE *p;

-	if(dso == NULL)

-		{

-		DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		return(1);

-	p = (HINSTANCE *)sk_pop(dso->meth_data);

-	if(p == NULL)

-		{

-		DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);

-		return(0);

-		}

-	if(!FreeLibrary(*p))

-		{

-		DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);

-		/* We should push the value back onto the stack in

-		 * case of a retry. */

-		sk_push(dso->meth_data, (char *)p);

-		return(0);

-		}

-	/* Cleanup */

-	OPENSSL_free(p);

-	return(1);

-	}

-/* Using GetProcAddress for variables? TODO: Check this out in

- * the Win32 API docs, there's probably a variant for variables. */

-static void *win32_bind_var(DSO *dso, const char *symname)

-	{

-	HINSTANCE *ptr;

-	void *sym;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);

-		return(NULL);

-		}

-	ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);

-		return(NULL);

-		}

-	sym = GetProcAddress(*ptr, symname);

-	if(sym == NULL)

-		{

-		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);

-		ERR_add_error_data(3, "symname(", symname, ")");

-		return(NULL);

-		}

-	return(sym);

-	}

-static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)

-	{

-	HINSTANCE *ptr;

-	void *sym;

-	if((dso == NULL) || (symname == NULL))

-		{

-		DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(sk_num(dso->meth_data) < 1)

-		{

-		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);

-		return(NULL);

-		}

-	ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);

-	if(ptr == NULL)

-		{

-		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);

-		return(NULL);

-		}

-	sym = GetProcAddress(*ptr, symname);

-	if(sym == NULL)

-		{

-		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);

-		ERR_add_error_data(3, "symname(", symname, ")");

-		return(NULL);

-		}

-	return((DSO_FUNC_TYPE)sym);

-	}

-struct file_st

-	{

-	const char *node; int nodelen;

-	const char *device; int devicelen;

-	const char *predir; int predirlen;

-	const char *dir; int dirlen;

-	const char *file; int filelen;

-	};

-static struct file_st *win32_splitter(DSO *dso, const char *filename,

-	int assume_last_is_dir)

-	{

-	struct file_st *result = NULL;

-	enum { IN_NODE, IN_DEVICE, IN_FILE } position;

-	const char *start = filename;

-	char last;

-	if (!filename)

-		{

-		DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME);

-		/*goto err;*/

-		return(NULL);

-		}

-	result = OPENSSL_malloc(sizeof(struct file_st));

-	if(result == NULL)

-		{

-		DSOerr(DSO_F_WIN32_SPLITTER,

-			ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	memset(result, 0, sizeof(struct file_st));

-	position = IN_DEVICE;

-	if(filename[0] == '\\' && filename[1] == '\\'

-		|| filename[0] == '/' && filename[1] == '/')

-		{

-		position = IN_NODE;

-		filename += 2;

-		start = filename;

-		result->node = start;

-		}

-	do

-		{

-		last = filename[0];

-		switch(last)

-			{

-		case ':':

-			if(position != IN_DEVICE)

-				{

-				DSOerr(DSO_F_WIN32_SPLITTER,

-					DSO_R_INCORRECT_FILE_SYNTAX);

-				/*goto err;*/

-				return(NULL);

-				}

-			result->device = start;

-			result->devicelen = filename - start;

-			position = IN_FILE;

-			start = ++filename;

-			result->dir = start;

-			break;

-		case '\\':

-		case '/':

-			if(position == IN_NODE)

-				{

-				result->nodelen = filename - start;

-				position = IN_FILE;

-				start = ++filename;

-				result->dir = start;

-				}

-			else if(position == IN_DEVICE)

-				{

-				position = IN_FILE;

-				filename++;

-				result->dir = start;

-				result->dirlen = filename - start;

-				start = filename;

-				}

-			else

-				{

-				filename++;

-				result->dirlen += filename - start;

-				start = filename;

-				}

-			break;

-		case '\0':

-			if(position == IN_NODE)

-				{

-				result->nodelen = filename - start;

-				}

-			else

-				{

-				if(filename - start > 0)

-					{

-					if (assume_last_is_dir)

-						{

-						if (position == IN_DEVICE)

-							{

-							result->dir = start;

-							result->dirlen = 0;

-							}

-						result->dirlen +=

-							filename - start;

-						}

-					else

-						{

-						result->file = start;

-						result->filelen =

-							filename - start;

-						}

-					}

-				}

-			break;

-		default:

-			filename++;

-			break;

-			}

-		}

-	while(last);

-	if(!result->nodelen) result->node = NULL;

-	if(!result->devicelen) result->device = NULL;

-	if(!result->dirlen) result->dir = NULL;

-	if(!result->filelen) result->file = NULL;

-	return(result);

-	}

-static char *win32_joiner(DSO *dso, const struct file_st *file_split)

-	{

-	int len = 0, offset = 0;

-	char *result = NULL;

-	const char *start;

-	if(!file_split)

-		{

-		DSOerr(DSO_F_WIN32_JOINER,

-				ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if(file_split->node)

-		{

-		len += 2 + file_split->nodelen;	/* 2 for starting \\ */

-		if(file_split->predir || file_split->dir || file_split->file)

-			len++;	/* 1 for ending \ */

-		}

-	else if(file_split->device)

-		{

-		len += file_split->devicelen + 1; /* 1 for ending : */

-		}

-	len += file_split->predirlen;

-	if(file_split->predir && (file_split->dir || file_split->file))

-		{

-		len++;	/* 1 for ending \ */

-		}

-	len += file_split->dirlen;

-	if(file_split->dir && file_split->file)

-		{

-		len++;	/* 1 for ending \ */

-		}

-	len += file_split->filelen;

-	if(!len)

-		{

-		DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);

-		return(NULL);

-		}

-	result = OPENSSL_malloc(len + 1);

-	if (!result)

-		{

-		DSOerr(DSO_F_WIN32_JOINER,

-			ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	if(file_split->node)

-		{

-		strcpy(&result[offset], "\\\\"); offset += 2;

-		strncpy(&result[offset], file_split->node,

-			file_split->nodelen); offset += file_split->nodelen;

-		if(file_split->predir || file_split->dir || file_split->file)

-			{

-			result[offset] = '\\'; offset++;

-			}

-		}

-	else if(file_split->device)

-		{

-		strncpy(&result[offset], file_split->device,

-			file_split->devicelen); offset += file_split->devicelen;

-		result[offset] = ':'; offset++;

-		}

-	start = file_split->predir;

-	while(file_split->predirlen > (start - file_split->predir))

-		{

-		const char *end = openssl_strnchr(start, '/',

-			file_split->predirlen - (start - file_split->predir));

-		if(!end)

-			end = start

-				+ file_split->predirlen

-				- (start - file_split->predir);

-		strncpy(&result[offset], start,

-			end - start); offset += end - start;

-		result[offset] = '\\'; offset++;

-		start = end + 1;

-		}

-#if 0 /* Not needed, since the directory converter above already appeneded

-	 a backslash */

-	if(file_split->predir && (file_split->dir || file_split->file))

-		{

-		result[offset] = '\\'; offset++;

-		}

-#endif

-	start = file_split->dir;

-	while(file_split->dirlen > (start - file_split->dir))

-		{

-		const char *end = openssl_strnchr(start, '/',

-			file_split->dirlen - (start - file_split->dir));

-		if(!end)

-			end = start

-				+ file_split->dirlen

-				- (start - file_split->dir);

-		strncpy(&result[offset], start,

-			end - start); offset += end - start;

-		result[offset] = '\\'; offset++;

-		start = end + 1;

-		}

-#if 0 /* Not needed, since the directory converter above already appeneded

-	 a backslash */

-	if(file_split->dir && file_split->file)

-		{

-		result[offset] = '\\'; offset++;

-		}

-#endif

-	strncpy(&result[offset], file_split->file,

-		file_split->filelen); offset += file_split->filelen;

-	result[offset] = '\0';

-	return(result);

-	}

-static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2)

-	{

-	char *merged = NULL;

-	struct file_st *filespec1_split = NULL;

-	struct file_st *filespec2_split = NULL;

-	if(!filespec1 && !filespec2)

-		{

-		DSOerr(DSO_F_WIN32_MERGER,

-				ERR_R_PASSED_NULL_PARAMETER);

-		return(NULL);

-		}

-	if (!filespec2)

-		{

-		merged = OPENSSL_malloc(strlen(filespec1) + 1);

-		if(!merged)

-			{

-			DSOerr(DSO_F_WIN32_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec1);

-		}

-	else if (!filespec1)

-		{

-		merged = OPENSSL_malloc(strlen(filespec2) + 1);

-		if(!merged)

-			{

-			DSOerr(DSO_F_WIN32_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		strcpy(merged, filespec2);

-		}

-	else

-		{

-		filespec1_split = win32_splitter(dso, filespec1, 0);

-		if (!filespec1_split)

-			{

-			DSOerr(DSO_F_WIN32_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		filespec2_split = win32_splitter(dso, filespec2, 1);

-		if (!filespec2_split)

-			{

-			DSOerr(DSO_F_WIN32_MERGER,

-				ERR_R_MALLOC_FAILURE);

-			OPENSSL_free(filespec1_split);

-			return(NULL);

-			}

-		/* Fill in into filespec1_split */

-		if (!filespec1_split->node && !filespec1_split->device)

-			{

-			filespec1_split->node = filespec2_split->node;

-			filespec1_split->nodelen = filespec2_split->nodelen;

-			filespec1_split->device = filespec2_split->device;

-			filespec1_split->devicelen = filespec2_split->devicelen;

-			}

-		if (!filespec1_split->dir)

-			{

-			filespec1_split->dir = filespec2_split->dir;

-			filespec1_split->dirlen = filespec2_split->dirlen;

-			}

-		else if (filespec1_split->dir[0] != '\\'

-			&& filespec1_split->dir[0] != '/')

-			{

-			filespec1_split->predir = filespec2_split->dir;

-			filespec1_split->predirlen = filespec2_split->dirlen;

-			}

-		if (!filespec1_split->file)

-			{

-			filespec1_split->file = filespec2_split->file;

-			filespec1_split->filelen = filespec2_split->filelen;

-			}

-		merged = win32_joiner(dso, filespec1_split);

-		}

-	return(merged);

-	}

-static char *win32_name_converter(DSO *dso, const char *filename)

-	{

-	char *translated;

-	int len, transform;

-	len = strlen(filename);

-	transform = ((strstr(filename, "/") == NULL) &&

-			(strstr(filename, "\\") == NULL) &&

-			(strstr(filename, ":") == NULL));

-	if(transform)

-		/* We will convert this to "%s.dll" */

-		translated = OPENSSL_malloc(len + 5);

-	else

-		/* We will simply duplicate filename */

-		translated = OPENSSL_malloc(len + 1);

-	if(translated == NULL)

-		{

-		DSOerr(DSO_F_WIN32_NAME_CONVERTER,

-				DSO_R_NAME_TRANSLATION_FAILED);

-		return(NULL);

-		}

-	if(transform)

-		sprintf(translated, "%s.dll", filename);

-	else

-		sprintf(translated, "%s", filename);

-	return(translated);

-	}

-static const char *openssl_strnchr(const char *string, int c, size_t len)

-	{

-	size_t i;

-	const char *p;

-	for (i = 0, p = string; i < len && *p; i++, p++)

-		{

-		if (*p == c)

-			return p;

-		}

-	return NULL;

-	}

-#endif /* OPENSSL_SYS_WIN32 */

--- a/sys/src/ape/lib/openssl/crypto/ebcdic.c

+++ /dev/null

@@ -1,221 +1,0 @@

-/* crypto/ebcdic.c */

-#ifndef CHARSET_EBCDIC

-#include <openssl/e_os2.h>

-#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)

-static void *dummy=&dummy;

-#endif

-#else /*CHARSET_EBCDIC*/

-#include "ebcdic.h"

-/*      Initial Port for  Apache-1.3     by <[email protected]>

- *      Adapted for       OpenSSL-0.9.4  by <[email protected]>

- */

-#ifdef _OSD_POSIX

-/*

-    "BS2000 OSD" is a POSIX subsystem on a main frame.

-    It is made by Siemens AG, Germany, for their BS2000 mainframe machines.

-    Within the POSIX subsystem, the same character set was chosen as in

-    "native BS2000", namely EBCDIC. (EDF04)

-    The name "ASCII" in these routines is misleading: actually, conversion

-    is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;

-    that means that (western european) national characters are preserved.

-    This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.

-*/

-/* Here's the bijective ebcdic-to-ascii table: */

-const unsigned char os_toascii[256] = {

-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,

-       0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/

-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,

-       0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/

-/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,

-       0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/

-/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,

-       0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/

-/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,

-       0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/

-/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,

-       0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/

-/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,

-       0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/

-/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,

-       0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/

-/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,

-       0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/

-/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,

-       0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/

-/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,

-       0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/

-/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,

-       0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/

-/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

-       0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/

-/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,

-       0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/

-/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,

-       0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/

-/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

-       0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e  /*0123456789.{.}.~*/

-};

-/* The ascii-to-ebcdic table: */

-const unsigned char os_toebcdic[256] = {

-/*00*/  0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,

-	0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,  /*................*/

-/*10*/  0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,

-	0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,  /*................*/

-/*20*/  0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,

-	0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,  /* !"#$%&'()*+,-./ */

-/*30*/  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,

-	0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,  /*0123456789:;<=>?*/

-/*40*/  0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,

-	0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,  /*@ABCDEFGHIJKLMNO*/

-/*50*/  0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,

-	0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d,  /*PQRSTUVWXYZ[\]^_*/

-/*60*/  0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,

-	0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,  /*`abcdefghijklmno*/

-/*70*/  0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,

-	0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07,  /*pqrstuvwxyz{|}~.*/

-/*80*/  0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,

-	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14,  /*................*/

-/*90*/  0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,

-	0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f,  /*................*/

-/*a0*/  0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,

-	0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1,  /*................*/

-/*b0*/  0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,

-	0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab,  /*................*/

-/*c0*/  0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,

-	0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,  /*................*/

-/*d0*/  0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,

-	0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59,  /*................*/

-/*e0*/  0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,

-	0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,  /*................*/

-/*f0*/  0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,

-	0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf   /*................*/

-};

-#else  /*_OSD_POSIX*/

-/*

-This code does basic character mapping for IBM's TPF and OS/390 operating systems.

-It is a modified version of the BS2000 table.

-Bijective EBCDIC (character set IBM-1047) to US-ASCII table:

-This table is bijective - there are no ambigous or duplicate characters.

-*/

-const unsigned char os_toascii[256] = {

-    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f:           */

-    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */

-    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f:           */

-    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */

-    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f:           */

-    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */

-    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f:           */

-    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */

-    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f:           */

-    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /*  ...........<(+| */

-    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f:           */

-    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */

-    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f:           */

-    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */

-    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f:           */

-    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */

-    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f:           */

-    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */

-    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f:           */

-    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */

-    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af:           */

-    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */

-    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf:           */

-    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */

-    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf:           */

-    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */

-    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df:           */

-    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */

-    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef:           */

-    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */

-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff:           */

-    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f  /* 0123456789...... */

-};

-/*

-The US-ASCII to EBCDIC (character set IBM-1047) table:

-This table is bijective (no ambiguous or duplicate characters)

-*/

-const unsigned char os_toebcdic[256] = {

-    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f:           */

-    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */

-    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f:           */

-    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */

-    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f:           */

-    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /*  !"#$%&'()*+,-./ */

-    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f:           */

-    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */

-    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f:           */

-    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */

-    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f:           */

-    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */

-    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f:           */

-    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */

-    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f:           */

-    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */

-    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f:           */

-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */

-    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f:           */

-    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */

-    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af:           */

-    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */

-    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf:           */

-    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */

-    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf:           */

-    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */

-    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df:           */

-    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */

-    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef:           */

-    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */

-    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff:           */

-    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf  /* ................ */

-};

-#endif /*_OSD_POSIX*/

-/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)

- * dest and srce may be identical, or separate memory blocks, but

- * should not overlap. These functions intentionally have an interface

- * compatible to memcpy(3).

- */

-void *

-ebcdic2ascii(void *dest, const void *srce, size_t count)

-{

-    unsigned char *udest = dest;

-    const unsigned char *usrce = srce;

-    while (count-- != 0) {

-        *udest++ = os_toascii[*usrce++];

-    }

-    return dest;

-}

-void *

-ascii2ebcdic(void *dest, const void *srce, size_t count)

-{

-    unsigned char *udest = dest;

-    const unsigned char *usrce = srce;

-    while (count-- != 0) {

-        *udest++ = os_toebcdic[*usrce++];

-    }

-    return dest;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ebcdic.h

+++ /dev/null

@@ -1,19 +1,0 @@

-/* crypto/ebcdic.h */

-#ifndef HEADER_EBCDIC_H

-#define HEADER_EBCDIC_H

-#include <sys/types.h>

-/* Avoid name clashes with other applications */

-#define os_toascii   _openssl_os_toascii

-#define os_toebcdic  _openssl_os_toebcdic

-#define ebcdic2ascii _openssl_ebcdic2ascii

-#define ascii2ebcdic _openssl_ascii2ebcdic

-extern const unsigned char os_toascii[256];

-extern const unsigned char os_toebcdic[256];

-void *ebcdic2ascii(void *dest, const void *srce, size_t count);

-void *ascii2ebcdic(void *dest, const void *srce, size_t count);

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ec/Makefile

+++ /dev/null

@@ -1,193 +1,0 @@

-#

-# crypto/ec/Makefile

-#

-DIR=	ec

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=ectest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\

-	ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\

-	ec2_smpl.c ec2_smpt.c ec2_mult.c

-LIBOBJ=	ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\

-	ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\

-	ec2_smpl.o ec2_mult.o

-SRC= $(LIBSRC)

-EXHEADER= ec.h

-HEADER=	ec_lcl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-ec2_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec2_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec2_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec2_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h

-ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h

-ec2_smpt.o: ec2_smpt.c

-ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ec_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h

-ec_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ec_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-ec_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_asn1.o: ../../include/openssl/symhacks.h ec_asn1.c ec_lcl.h

-ec_check.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_check.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_check.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec_check.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_check.o: ../../include/openssl/symhacks.h ec_check.c ec_lcl.h

-ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_curve.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_curve.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h

-ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_cvt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec_cvt.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_cvt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_cvt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h

-ec_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h

-ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_err.o: ../../include/openssl/symhacks.h ec_err.c

-ec_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_key.o: ../../include/openssl/symhacks.h ec_key.c ec_lcl.h

-ec_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_lib.o: ../../include/openssl/symhacks.h ec_lcl.h ec_lib.c

-ec_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c

-ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c

-ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ecp_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ecp_mont.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecp_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecp_mont.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_mont.c

-ecp_nist.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ecp_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ecp_nist.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c

-ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ecp_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ecp_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h

-ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecp_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecp_smpl.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_smpl.c

--- a/sys/src/ape/lib/openssl/crypto/ec/ec.h

+++ /dev/null

@@ -1,526 +1,0 @@

-/* crypto/ec/ec.h */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#ifndef HEADER_EC_H

-#define HEADER_EC_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_EC

-#error EC is disabled.

-#endif

-#include <openssl/asn1.h>

-#include <openssl/symhacks.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#elif defined(__SUNPRO_C)

-# if __SUNPRO_C >= 0x520

-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)

-# endif

-#endif

-#ifndef OPENSSL_ECC_MAX_FIELD_BITS

-# define OPENSSL_ECC_MAX_FIELD_BITS 661

-#endif

-typedef enum {

-	/* values as defined in X9.62 (ECDSA) and elsewhere */

-	POINT_CONVERSION_COMPRESSED = 2,

-	POINT_CONVERSION_UNCOMPRESSED = 4,

-	POINT_CONVERSION_HYBRID = 6

-} point_conversion_form_t;

-typedef struct ec_method_st EC_METHOD;

-typedef struct ec_group_st

-	/*

-	 EC_METHOD *meth;

-	 -- field definition

-	 -- curve coefficients

-	 -- optional generator with associated information (order, cofactor)

-	 -- optional extra data (precomputed table for fast computation of multiples of generator)

-	 -- ASN1 stuff

-	*/

-	EC_GROUP;

-typedef struct ec_point_st EC_POINT;

-/* EC_METHODs for curves over GF(p).

- * EC_GFp_simple_method provides the basis for the optimized methods.

- */

-const EC_METHOD *EC_GFp_simple_method(void);

-const EC_METHOD *EC_GFp_mont_method(void);

-const EC_METHOD *EC_GFp_nist_method(void);

-/* EC_METHOD for curves over GF(2^m).

- */

-const EC_METHOD *EC_GF2m_simple_method(void);

-EC_GROUP *EC_GROUP_new(const EC_METHOD *);

-void EC_GROUP_free(EC_GROUP *);

-void EC_GROUP_clear_free(EC_GROUP *);

-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);

-EC_GROUP *EC_GROUP_dup(const EC_GROUP *);

-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);

-int EC_METHOD_get_field_type(const EC_METHOD *);

-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);

-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);

-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);

-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);

-void EC_GROUP_set_curve_name(EC_GROUP *, int nid);

-int EC_GROUP_get_curve_name(const EC_GROUP *);

-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);

-int EC_GROUP_get_asn1_flag(const EC_GROUP *);

-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);

-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);

-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);

-size_t EC_GROUP_get_seed_len(const EC_GROUP *);

-size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);

-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-/* returns the number of bits needed to represent a field element */

-int EC_GROUP_get_degree(const EC_GROUP *);

-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */

-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);

-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the

- * elliptic curve is not zero, 0 otherwise */

-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);

-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */

-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);

-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()

- * after choosing an appropriate EC_METHOD */

-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure

- * specified by a curve name (in form of a NID) */

-EC_GROUP *EC_GROUP_new_by_curve_name(int nid);

-/* handling of internal curves */

-typedef struct {

-	int nid;

-	const char *comment;

-	} EC_builtin_curve;

-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number

- * of all available curves or zero if a error occurred.

- * In case r ist not zero nitems EC_builtin_curve structures

- * are filled with the data of the first nitems internal groups */

-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);

-/* EC_POINT functions */

-EC_POINT *EC_POINT_new(const EC_GROUP *);

-void EC_POINT_free(EC_POINT *);

-void EC_POINT_clear_free(EC_POINT *);

-int EC_POINT_copy(EC_POINT *, const EC_POINT *);

-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);

-const EC_METHOD *EC_POINT_method_of(const EC_POINT *);

-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);

-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);

-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);

-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BN_CTX *);

-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, int y_bit, BN_CTX *);

-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BN_CTX *);

-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, int y_bit, BN_CTX *);

-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,

-        unsigned char *buf, size_t len, BN_CTX *);

-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,

-        const unsigned char *buf, size_t len, BN_CTX *);

-/* other interfaces to point2oct/oct2point: */

-BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,

-	point_conversion_form_t form, BIGNUM *, BN_CTX *);

-EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,

-	EC_POINT *, BN_CTX *);

-char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,

-	point_conversion_form_t form, BN_CTX *);

-EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,

-	EC_POINT *, BN_CTX *);

-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);

-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);

-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);

-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);

-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);

-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);

-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */

-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);

-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */

-int EC_GROUP_have_precompute_mult(const EC_GROUP *);

-/* ASN1 stuff */

-/* EC_GROUP_get_basis_type() returns the NID of the basis type

- * used to represent the field elements */

-int EC_GROUP_get_basis_type(const EC_GROUP *);

-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);

-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,

-	unsigned int *k2, unsigned int *k3);

-#define OPENSSL_EC_NAMED_CURVE	0x001

-typedef struct ecpk_parameters_st ECPKPARAMETERS;

-EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);

-int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);

-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)

-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)

-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \

-                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))

-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \

-		(unsigned char *)(x))

-#ifndef OPENSSL_NO_BIO

-int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);

-#endif

-#ifndef OPENSSL_NO_FP_API

-int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);

-#endif

-/* the EC_KEY stuff */

-typedef struct ec_key_st EC_KEY;

-/* some values for the encoding_flag */

-#define EC_PKEY_NO_PARAMETERS	0x001

-#define EC_PKEY_NO_PUBKEY	0x002

-EC_KEY *EC_KEY_new(void);

-EC_KEY *EC_KEY_new_by_curve_name(int nid);

-void EC_KEY_free(EC_KEY *);

-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);

-EC_KEY *EC_KEY_dup(const EC_KEY *);

-int EC_KEY_up_ref(EC_KEY *);

-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);

-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);

-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);

-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);

-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);

-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);

-unsigned EC_KEY_get_enc_flags(const EC_KEY *);

-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);

-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);

-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);

-/* functions to set/get method specific data  */

-void *EC_KEY_get_key_method_data(EC_KEY *,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-/* wrapper functions for the underlying EC_GROUP object */

-void EC_KEY_set_asn1_flag(EC_KEY *, int);

-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);

-/* EC_KEY_generate_key() creates a ec private (public) key */

-int EC_KEY_generate_key(EC_KEY *);

-/* EC_KEY_check_key() */

-int EC_KEY_check_key(const EC_KEY *);

-/* de- and encoding functions for SEC1 ECPrivateKey */

-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);

-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);

-/* de- and encoding functions for EC parameters */

-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);

-int i2d_ECParameters(EC_KEY *a, unsigned char **out);

-/* de- and encoding functions for EC public key

- * (octet string, not DER -- hence 'o2i' and 'i2o') */

-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);

-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);

-#ifndef OPENSSL_NO_BIO

-int	ECParameters_print(BIO *bp, const EC_KEY *x);

-int	EC_KEY_print(BIO *bp, const EC_KEY *x, int off);

-#endif

-#ifndef OPENSSL_NO_FP_API

-int	ECParameters_print_fp(FILE *fp, const EC_KEY *x);

-int	EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);

-#endif

-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)

-#ifndef __cplusplus

-#if defined(__SUNPRO_C)

-#  if __SUNPRO_C >= 0x520

-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)

-#  endif

-# endif

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_EC_strings(void);

-/* Error codes for the EC functions. */

-/* Function codes. */

-#define EC_F_COMPUTE_WNAF				 143

-#define EC_F_D2I_ECPARAMETERS				 144

-#define EC_F_D2I_ECPKPARAMETERS				 145

-#define EC_F_D2I_ECPRIVATEKEY				 146

-#define EC_F_ECPARAMETERS_PRINT				 147

-#define EC_F_ECPARAMETERS_PRINT_FP			 148

-#define EC_F_ECPKPARAMETERS_PRINT			 149

-#define EC_F_ECPKPARAMETERS_PRINT_FP			 150

-#define EC_F_ECP_NIST_MOD_192				 203

-#define EC_F_ECP_NIST_MOD_224				 204

-#define EC_F_ECP_NIST_MOD_256				 205

-#define EC_F_ECP_NIST_MOD_521				 206

-#define EC_F_EC_ASN1_GROUP2CURVE			 153

-#define EC_F_EC_ASN1_GROUP2FIELDID			 154

-#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155

-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156

-#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157

-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158

-#define EC_F_EC_EX_DATA_SET_DATA			 211

-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY		 208

-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT	 159

-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE		 195

-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT			 160

-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT			 161

-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162

-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163

-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES	 164

-#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133

-#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134

-#define EC_F_EC_GFP_MONT_FIELD_MUL			 131

-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE		 209

-#define EC_F_EC_GFP_MONT_FIELD_SQR			 132

-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE		 189

-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP		 135

-#define EC_F_EC_GFP_NIST_FIELD_MUL			 200

-#define EC_F_EC_GFP_NIST_FIELD_SQR			 201

-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE		 202

-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 165

-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE		 166

-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100

-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101

-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102

-#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103

-#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104

-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137

-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES	 167

-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105

-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES	 168

-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128

-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES	 169

-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129

-#define EC_F_EC_GROUP_CHECK				 170

-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 171

-#define EC_F_EC_GROUP_COPY				 106

-#define EC_F_EC_GROUP_GET0_GENERATOR			 139

-#define EC_F_EC_GROUP_GET_COFACTOR			 140

-#define EC_F_EC_GROUP_GET_CURVE_GF2M			 172

-#define EC_F_EC_GROUP_GET_CURVE_GFP			 130

-#define EC_F_EC_GROUP_GET_DEGREE			 173

-#define EC_F_EC_GROUP_GET_ORDER				 141

-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS		 193

-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS		 194

-#define EC_F_EC_GROUP_NEW				 108

-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME			 174

-#define EC_F_EC_GROUP_NEW_FROM_DATA			 175

-#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142

-#define EC_F_EC_GROUP_SET_CURVE_GF2M			 176

-#define EC_F_EC_GROUP_SET_CURVE_GFP			 109

-#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110

-#define EC_F_EC_GROUP_SET_GENERATOR			 111

-#define EC_F_EC_KEY_CHECK_KEY				 177

-#define EC_F_EC_KEY_COPY				 178

-#define EC_F_EC_KEY_GENERATE_KEY			 179

-#define EC_F_EC_KEY_NEW					 182

-#define EC_F_EC_KEY_PRINT				 180

-#define EC_F_EC_KEY_PRINT_FP				 181

-#define EC_F_EC_POINTS_MAKE_AFFINE			 136

-#define EC_F_EC_POINTS_MUL				 138

-#define EC_F_EC_POINT_ADD				 112

-#define EC_F_EC_POINT_CMP				 113

-#define EC_F_EC_POINT_COPY				 114

-#define EC_F_EC_POINT_DBL				 115

-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M	 183

-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116

-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117

-#define EC_F_EC_POINT_INVERT				 210

-#define EC_F_EC_POINT_IS_AT_INFINITY			 118

-#define EC_F_EC_POINT_IS_ON_CURVE			 119

-#define EC_F_EC_POINT_MAKE_AFFINE			 120

-#define EC_F_EC_POINT_MUL				 184

-#define EC_F_EC_POINT_NEW				 121

-#define EC_F_EC_POINT_OCT2POINT				 122

-#define EC_F_EC_POINT_POINT2OCT				 123

-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M	 185

-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124

-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M	 186

-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125

-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126

-#define EC_F_EC_POINT_SET_TO_INFINITY			 127

-#define EC_F_EC_PRE_COMP_DUP				 207

-#define EC_F_EC_PRE_COMP_NEW				 196

-#define EC_F_EC_WNAF_MUL				 187

-#define EC_F_EC_WNAF_PRECOMPUTE_MULT			 188

-#define EC_F_I2D_ECPARAMETERS				 190

-#define EC_F_I2D_ECPKPARAMETERS				 191

-#define EC_F_I2D_ECPRIVATEKEY				 192

-#define EC_F_I2O_ECPUBLICKEY				 151

-#define EC_F_O2I_ECPUBLICKEY				 152

-/* Reason codes. */

-#define EC_R_ASN1_ERROR					 115

-#define EC_R_ASN1_UNKNOWN_FIELD				 116

-#define EC_R_BUFFER_TOO_SMALL				 100

-#define EC_R_D2I_ECPKPARAMETERS_FAILURE			 117

-#define EC_R_DISCRIMINANT_IS_ZERO			 118

-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE		 119

-#define EC_R_FIELD_TOO_LARGE				 138

-#define EC_R_GROUP2PKPARAMETERS_FAILURE			 120

-#define EC_R_I2D_ECPKPARAMETERS_FAILURE			 121

-#define EC_R_INCOMPATIBLE_OBJECTS			 101

-#define EC_R_INVALID_ARGUMENT				 112

-#define EC_R_INVALID_COMPRESSED_POINT			 110

-#define EC_R_INVALID_COMPRESSION_BIT			 109

-#define EC_R_INVALID_ENCODING				 102

-#define EC_R_INVALID_FIELD				 103

-#define EC_R_INVALID_FORM				 104

-#define EC_R_INVALID_GROUP_ORDER			 122

-#define EC_R_INVALID_PENTANOMIAL_BASIS			 132

-#define EC_R_INVALID_PRIVATE_KEY			 123

-#define EC_R_INVALID_TRINOMIAL_BASIS			 137

-#define EC_R_MISSING_PARAMETERS				 124

-#define EC_R_MISSING_PRIVATE_KEY			 125

-#define EC_R_NOT_A_NIST_PRIME				 135

-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136

-#define EC_R_NOT_IMPLEMENTED				 126

-#define EC_R_NOT_INITIALIZED				 111

-#define EC_R_NO_FIELD_MOD				 133

-#define EC_R_PASSED_NULL_PARAMETER			 134

-#define EC_R_PKPARAMETERS2GROUP_FAILURE			 127

-#define EC_R_POINT_AT_INFINITY				 106

-#define EC_R_POINT_IS_NOT_ON_CURVE			 107

-#define EC_R_SLOT_FULL					 108

-#define EC_R_UNDEFINED_GENERATOR			 113

-#define EC_R_UNDEFINED_ORDER				 128

-#define EC_R_UNKNOWN_GROUP				 129

-#define EC_R_UNKNOWN_ORDER				 114

-#define EC_R_UNSUPPORTED_FIELD				 131

-#define EC_R_WRONG_ORDER				 130

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ec/ec2_mult.c

+++ /dev/null

@@ -1,380 +1,0 @@

-/* crypto/ec/ec2_mult.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The software is originally written by Sheueling Chang Shantz and

- * Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/err.h>

-#include "ec_lcl.h"

-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective

- * coordinates.

- * Uses algorithm Mdouble in appendix of

- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over

- *     GF(2^m) without precomputation".

- * modified to not require precomputation of c=b^{2^{m-1}}.

- */

-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)

-	{

-	BIGNUM *t1;

-	int ret = 0;

-	/* Since Mdouble is static we can guarantee that ctx != NULL. */

-	BN_CTX_start(ctx);

-	t1 = BN_CTX_get(ctx);

-	if (t1 == NULL) goto err;

-	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;

-	if (!group->meth->field_sqr(group, t1, z, ctx)) goto err;

-	if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err;

-	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;

-	if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err;

-	if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err;

-	if (!BN_GF2m_add(x, x, t1)) goto err;

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery

- * projective coordinates.

- * Uses algorithm Madd in appendix of

- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over

- *     GF(2^m) without precomputation".

- */

-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,

-	const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)

-	{

-	BIGNUM *t1, *t2;

-	int ret = 0;

-	/* Since Madd is static we can guarantee that ctx != NULL. */

-	BN_CTX_start(ctx);

-	t1 = BN_CTX_get(ctx);

-	t2 = BN_CTX_get(ctx);

-	if (t2 == NULL) goto err;

-	if (!BN_copy(t1, x)) goto err;

-	if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err;

-	if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err;

-	if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err;

-	if (!BN_GF2m_add(z1, z1, x1)) goto err;

-	if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err;

-	if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err;

-	if (!BN_GF2m_add(x1, x1, t2)) goto err;

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)

- * using Montgomery point multiplication algorithm Mxy() in appendix of

- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over

- *     GF(2^m) without precomputation".

- * Returns:

- *     0 on error

- *     1 if return value should be the point at infinity

- *     2 otherwise

- */

-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1,

-	BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)

-	{

-	BIGNUM *t3, *t4, *t5;

-	int ret = 0;

-	if (BN_is_zero(z1))

-		{

-		BN_zero(x2);

-		BN_zero(z2);

-		return 1;

-		}

-	if (BN_is_zero(z2))

-		{

-		if (!BN_copy(x2, x)) return 0;

-		if (!BN_GF2m_add(z2, x, y)) return 0;

-		return 2;

-		}

-	/* Since Mxy is static we can guarantee that ctx != NULL. */

-	BN_CTX_start(ctx);

-	t3 = BN_CTX_get(ctx);

-	t4 = BN_CTX_get(ctx);

-	t5 = BN_CTX_get(ctx);

-	if (t5 == NULL) goto err;

-	if (!BN_one(t5)) goto err;

-	if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err;

-	if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err;

-	if (!BN_GF2m_add(z1, z1, x1)) goto err;

-	if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err;

-	if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err;

-	if (!BN_GF2m_add(z2, z2, x2)) goto err;

-	if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err;

-	if (!group->meth->field_sqr(group, t4, x, ctx)) goto err;

-	if (!BN_GF2m_add(t4, t4, y)) goto err;

-	if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err;

-	if (!BN_GF2m_add(t4, t4, z2)) goto err;

-	if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err;

-	if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err;

-	if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err;

-	if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err;

-	if (!BN_GF2m_add(z2, x2, x)) goto err;

-	if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err;

-	if (!BN_GF2m_add(z2, z2, y)) goto err;

-	ret = 2;

- err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Computes scalar*point and stores the result in r.

- * point can not equal r.

- * Uses algorithm 2P of

- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over

- *     GF(2^m) without precomputation".

- */

-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-	const EC_POINT *point, BN_CTX *ctx)

-	{

-	BIGNUM *x1, *x2, *z1, *z2;

-	int ret = 0, i, j;

-	BN_ULONG mask;

-	if (r == point)

-		{

-		ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);

-		return 0;

-		}

-	/* if result should be point at infinity */

-	if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||

-		EC_POINT_is_at_infinity(group, point))

-		{

-		return EC_POINT_set_to_infinity(group, r);

-		}

-	/* only support affine coordinates */

-	if (!point->Z_is_one) return 0;

-	/* Since point_multiply is static we can guarantee that ctx != NULL. */

-	BN_CTX_start(ctx);

-	x1 = BN_CTX_get(ctx);

-	z1 = BN_CTX_get(ctx);

-	if (z1 == NULL) goto err;

-	x2 = &r->X;

-	z2 = &r->Y;

-	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */

-	if (!BN_one(z1)) goto err; /* z1 = 1 */

-	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */

-	if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err;

-	if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */

-	/* find top most bit and go one past it */

-	i = scalar->top - 1; j = BN_BITS2 - 1;

-	mask = BN_TBIT;

-	while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }

-	mask >>= 1; j--;

-	/* if top most bit was at word break, go to next word */

-	if (!mask)

-		{

-		i--; j = BN_BITS2 - 1;

-		mask = BN_TBIT;

-		}

-	for (; i >= 0; i--)

-		{

-		for (; j >= 0; j--)

-			{

-			if (scalar->d[i] & mask)

-				{

-				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;

-				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;

-				}

-			else

-				{

-				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;

-				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;

-				}

-			mask >>= 1;

-			}

-		j = BN_BITS2 - 1;

-		mask = BN_TBIT;

-		}

-	/* convert out of "projective" coordinates */

-	i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);

-	if (i == 0) goto err;

-	else if (i == 1)

-		{

-		if (!EC_POINT_set_to_infinity(group, r)) goto err;

-		}

-	else

-		{

-		if (!BN_one(&r->Z)) goto err;

-		r->Z_is_one = 1;

-		}

-	/* GF(2^m) field elements should always have BIGNUM::neg = 0 */

-	BN_set_negative(&r->X, 0);

-	BN_set_negative(&r->Y, 0);

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	return ret;

-	}

-/* Computes the sum

- *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]

- * gracefully ignoring NULL scalar values.

- */

-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	int ret = 0;

-	size_t i;

-	EC_POINT *p=NULL;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	/* This implementation is more efficient than the wNAF implementation for 2

-	 * or fewer points.  Use the ec_wNAF_mul implementation for 3 or more points,

-	 * or if we can perform a fast multiplication based on precomputation.

-	 */

-	if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group)))

-		{

-		ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);

-		goto err;

-		}

-	if ((p = EC_POINT_new(group)) == NULL) goto err;

-	if (!EC_POINT_set_to_infinity(group, r)) goto err;

-	if (scalar)

-		{

-		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;

-		if (BN_is_negative(scalar))

-			if (!group->meth->invert(group, p, ctx)) goto err;

-		if (!group->meth->add(group, r, r, p, ctx)) goto err;

-		}

-	for (i = 0; i < num; i++)

-		{

-		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;

-		if (BN_is_negative(scalars[i]))

-			if (!group->meth->invert(group, p, ctx)) goto err;

-		if (!group->meth->add(group, r, r, p, ctx)) goto err;

-		}

-	ret = 1;

-  err:

-	if (p) EC_POINT_free(p);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Precomputation for point multiplication: fall back to wNAF methods

- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */

-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)

-	{

-	return ec_wNAF_precompute_mult(group, ctx);

- 	}

-int ec_GF2m_have_precompute_mult(const EC_GROUP *group)

-	{

-	return ec_wNAF_have_precompute_mult(group);

- 	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec2_smpl.c

+++ /dev/null

@@ -1,971 +1,0 @@

-/* crypto/ec/ec2_smpl.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The software is originally written by Sheueling Chang Shantz and

- * Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/err.h>

-#include "ec_lcl.h"

-const EC_METHOD *EC_GF2m_simple_method(void)

-	{

-	static const EC_METHOD ret = {

-		NID_X9_62_characteristic_two_field,

-		ec_GF2m_simple_group_init,

-		ec_GF2m_simple_group_finish,

-		ec_GF2m_simple_group_clear_finish,

-		ec_GF2m_simple_group_copy,

-		ec_GF2m_simple_group_set_curve,

-		ec_GF2m_simple_group_get_curve,

-		ec_GF2m_simple_group_get_degree,

-		ec_GF2m_simple_group_check_discriminant,

-		ec_GF2m_simple_point_init,

-		ec_GF2m_simple_point_finish,

-		ec_GF2m_simple_point_clear_finish,

-		ec_GF2m_simple_point_copy,

-		ec_GF2m_simple_point_set_to_infinity,

-		0 /* set_Jprojective_coordinates_GFp */,

-		0 /* get_Jprojective_coordinates_GFp */,

-		ec_GF2m_simple_point_set_affine_coordinates,

-		ec_GF2m_simple_point_get_affine_coordinates,

-		ec_GF2m_simple_set_compressed_coordinates,

-		ec_GF2m_simple_point2oct,

-		ec_GF2m_simple_oct2point,

-		ec_GF2m_simple_add,

-		ec_GF2m_simple_dbl,

-		ec_GF2m_simple_invert,

-		ec_GF2m_simple_is_at_infinity,

-		ec_GF2m_simple_is_on_curve,

-		ec_GF2m_simple_cmp,

-		ec_GF2m_simple_make_affine,

-		ec_GF2m_simple_points_make_affine,

-		/* the following three method functions are defined in ec2_mult.c */

-		ec_GF2m_simple_mul,

-		ec_GF2m_precompute_mult,

-		ec_GF2m_have_precompute_mult,

-		ec_GF2m_simple_field_mul,

-		ec_GF2m_simple_field_sqr,

-		ec_GF2m_simple_field_div,

-		0 /* field_encode */,

-		0 /* field_decode */,

-		0 /* field_set_to_one */ };

-	return &ret;

-	}

-/* Initialize a GF(2^m)-based EC_GROUP structure.

- * Note that all other members are handled by EC_GROUP_new.

- */

-int ec_GF2m_simple_group_init(EC_GROUP *group)

-	{

-	BN_init(&group->field);

-	BN_init(&group->a);

-	BN_init(&group->b);

-	return 1;

-	}

-/* Free a GF(2^m)-based EC_GROUP structure.

- * Note that all other members are handled by EC_GROUP_free.

- */

-void ec_GF2m_simple_group_finish(EC_GROUP *group)

-	{

-	BN_free(&group->field);

-	BN_free(&group->a);

-	BN_free(&group->b);

-	}

-/* Clear and free a GF(2^m)-based EC_GROUP structure.

- * Note that all other members are handled by EC_GROUP_clear_free.

- */

-void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)

-	{

-	BN_clear_free(&group->field);

-	BN_clear_free(&group->a);

-	BN_clear_free(&group->b);

-	group->poly[0] = 0;

-	group->poly[1] = 0;

-	group->poly[2] = 0;

-	group->poly[3] = 0;

-	group->poly[4] = 0;

-	}

-/* Copy a GF(2^m)-based EC_GROUP structure.

- * Note that all other members are handled by EC_GROUP_copy.

- */

-int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)

-	{

-	int i;

-	if (!BN_copy(&dest->field, &src->field)) return 0;

-	if (!BN_copy(&dest->a, &src->a)) return 0;

-	if (!BN_copy(&dest->b, &src->b)) return 0;

-	dest->poly[0] = src->poly[0];

-	dest->poly[1] = src->poly[1];

-	dest->poly[2] = src->poly[2];

-	dest->poly[3] = src->poly[3];

-	dest->poly[4] = src->poly[4];

-	bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);

-	bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);

-	for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;

-	for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;

-	return 1;

-	}

-/* Set the curve parameters of an EC_GROUP structure. */

-int ec_GF2m_simple_group_set_curve(EC_GROUP *group,

-	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	int ret = 0, i;

-	/* group->field */

-	if (!BN_copy(&group->field, p)) goto err;

-	i = BN_GF2m_poly2arr(&group->field, group->poly, 5);

-	if ((i != 5) && (i != 3))

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);

-		goto err;

-		}

-	/* group->a */

-	if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;

-	bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);

-	for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;

-	/* group->b */

-	if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;

-	bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);

-	for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;

-	ret = 1;

-  err:

-	return ret;

-	}

-/* Get the curve parameters of an EC_GROUP structure.

- * If p, a, or b are NULL then there values will not be set but the method will return with success.

- */

-int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

-	{

-	int ret = 0;

-	if (p != NULL)

-		{

-		if (!BN_copy(p, &group->field)) return 0;

-		}

-	if (a != NULL)

-		{

-		if (!BN_copy(a, &group->a)) goto err;

-		}

-	if (b != NULL)

-		{

-		if (!BN_copy(b, &group->b)) goto err;

-		}

-	ret = 1;

-  err:

-	return ret;

-	}

-/* Gets the degree of the field.  For a curve over GF(2^m) this is the value m. */

-int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)

-	{

-	return BN_num_bits(&group->field)-1;

-	}

-/* Checks the discriminant of the curve.

- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p)

- */

-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BIGNUM *b;

-	BN_CTX *new_ctx = NULL;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	BN_CTX_start(ctx);

-	b = BN_CTX_get(ctx);

-	if (b == NULL) goto err;

-	if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err;

-	/* check the discriminant:

-	 * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p)

-	 */

-	if (BN_is_zero(b)) goto err;

-	ret = 1;

-err:

-	if (ctx != NULL)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Initializes an EC_POINT. */

-int ec_GF2m_simple_point_init(EC_POINT *point)

-	{

-	BN_init(&point->X);

-	BN_init(&point->Y);

-	BN_init(&point->Z);

-	return 1;

-	}

-/* Frees an EC_POINT. */

-void ec_GF2m_simple_point_finish(EC_POINT *point)

-	{

-	BN_free(&point->X);

-	BN_free(&point->Y);

-	BN_free(&point->Z);

-	}

-/* Clears and frees an EC_POINT. */

-void ec_GF2m_simple_point_clear_finish(EC_POINT *point)

-	{

-	BN_clear_free(&point->X);

-	BN_clear_free(&point->Y);

-	BN_clear_free(&point->Z);

-	point->Z_is_one = 0;

-	}

-/* Copy the contents of one EC_POINT into another.  Assumes dest is initialized. */

-int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)

-	{

-	if (!BN_copy(&dest->X, &src->X)) return 0;

-	if (!BN_copy(&dest->Y, &src->Y)) return 0;

-	if (!BN_copy(&dest->Z, &src->Z)) return 0;

-	dest->Z_is_one = src->Z_is_one;

-	return 1;

-	}

-/* Set an EC_POINT to the point at infinity.

- * A point at infinity is represented by having Z=0.

- */

-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)

-	{

-	point->Z_is_one = 0;

-	BN_zero(&point->Z);

-	return 1;

-	}

-/* Set the coordinates of an EC_POINT using affine coordinates.

- * Note that the simple implementation only uses affine coordinates.

- */

-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)

-	{

-	int ret = 0;

-	if (x == NULL || y == NULL)

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (!BN_copy(&point->X, x)) goto err;

-	BN_set_negative(&point->X, 0);

-	if (!BN_copy(&point->Y, y)) goto err;

-	BN_set_negative(&point->Y, 0);

-	if (!BN_copy(&point->Z, BN_value_one())) goto err;

-	BN_set_negative(&point->Z, 0);

-	point->Z_is_one = 1;

-	ret = 1;

-  err:

-	return ret;

-	}

-/* Gets the affine coordinates of an EC_POINT.

- * Note that the simple implementation only uses affine coordinates.

- */

-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,

-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)

-	{

-	int ret = 0;

-	if (EC_POINT_is_at_infinity(group, point))

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);

-		return 0;

-		}

-	if (BN_cmp(&point->Z, BN_value_one()))

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (x != NULL)

-		{

-		if (!BN_copy(x, &point->X)) goto err;

-		BN_set_negative(x, 0);

-		}

-	if (y != NULL)

-		{

-		if (!BN_copy(y, &point->Y)) goto err;

-		BN_set_negative(y, 0);

-		}

-	ret = 1;

- err:

-	return ret;

-	}

-/* Include patented algorithms. */

-#include "ec2_smpt.c"

-/* Converts an EC_POINT to an octet string.

- * If buf is NULL, the encoded length will be returned.

- * If the length len of buf is smaller than required an error will be returned.

- *

- * The point compression section of this function is patented by Certicom Corp.

- * under US Patent 6,141,420.  Point compression is disabled by default and can

- * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at

- * Configure-time.

- */

-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,

-	unsigned char *buf, size_t len, BN_CTX *ctx)

-	{

-	size_t ret;

-	BN_CTX *new_ctx = NULL;

-	int used_ctx = 0;

-	BIGNUM *x, *y, *yxi;

-	size_t field_len, i, skip;

-#ifndef OPENSSL_EC_BIN_PT_COMP

-	if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID))

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);

-		goto err;

-		}

-#endif

-	if ((form != POINT_CONVERSION_COMPRESSED)

-		&& (form != POINT_CONVERSION_UNCOMPRESSED)

-		&& (form != POINT_CONVERSION_HYBRID))

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);

-		goto err;

-		}

-	if (EC_POINT_is_at_infinity(group, point))

-		{

-		/* encodes to a single 0 octet */

-		if (buf != NULL)

-			{

-			if (len < 1)

-				{

-				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);

-				return 0;

-				}

-			buf[0] = 0;

-			}

-		return 1;

-		}

-	/* ret := required output buffer length */

-	field_len = (EC_GROUP_get_degree(group) + 7) / 8;

-	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;

-	/* if 'buf' is NULL, just return required length */

-	if (buf != NULL)

-		{

-		if (len < ret)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);

-			goto err;

-			}

-		if (ctx == NULL)

-			{

-			ctx = new_ctx = BN_CTX_new();

-			if (ctx == NULL)

-				return 0;

-			}

-		BN_CTX_start(ctx);

-		used_ctx = 1;

-		x = BN_CTX_get(ctx);

-		y = BN_CTX_get(ctx);

-		yxi = BN_CTX_get(ctx);

-		if (yxi == NULL) goto err;

-		if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;

-		buf[0] = form;

-#ifdef OPENSSL_EC_BIN_PT_COMP

-		if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))

-			{

-			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;

-			if (BN_is_odd(yxi)) buf[0]++;

-			}

-#endif

-		i = 1;

-		skip = field_len - BN_num_bytes(x);

-		if (skip > field_len)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		while (skip > 0)

-			{

-			buf[i++] = 0;

-			skip--;

-			}

-		skip = BN_bn2bin(x, buf + i);

-		i += skip;

-		if (i != 1 + field_len)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)

-			{

-			skip = field_len - BN_num_bytes(y);

-			if (skip > field_len)

-				{

-				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			while (skip > 0)

-				{

-				buf[i++] = 0;

-				skip--;

-				}

-			skip = BN_bn2bin(y, buf + i);

-			i += skip;

-			}

-		if (i != ret)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		}

-	if (used_ctx)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

- err:

-	if (used_ctx)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return 0;

-	}

-/* Converts an octet string representation to an EC_POINT.

- * Note that the simple implementation only uses affine coordinates.

- */

-int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

-	const unsigned char *buf, size_t len, BN_CTX *ctx)

-	{

-	point_conversion_form_t form;

-	int y_bit;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *x, *y, *yxi;

-	size_t field_len, enc_len;

-	int ret = 0;

-	if (len == 0)

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);

-		return 0;

-		}

-	form = buf[0];

-	y_bit = form & 1;

-	form = form & ~1U;

-	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)

-		&& (form != POINT_CONVERSION_UNCOMPRESSED)

-		&& (form != POINT_CONVERSION_HYBRID))

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		return 0;

-		}

-	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		return 0;

-		}

-	if (form == 0)

-		{

-		if (len != 1)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-			return 0;

-			}

-		return EC_POINT_set_to_infinity(group, point);

-		}

-	field_len = (EC_GROUP_get_degree(group) + 7) / 8;

-	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;

-	if (len != enc_len)

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		return 0;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	yxi = BN_CTX_get(ctx);

-	if (yxi == NULL) goto err;

-	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;

-	if (BN_ucmp(x, &group->field) >= 0)

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		goto err;

-		}

-	if (form == POINT_CONVERSION_COMPRESSED)

-		{

-		if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;

-		if (BN_ucmp(y, &group->field) >= 0)

-			{

-			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-			goto err;

-			}

-		if (form == POINT_CONVERSION_HYBRID)

-			{

-			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;

-			if (y_bit != BN_is_odd(yxi))

-				{

-				ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-				goto err;

-				}

-			}

-		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;

-		}

-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */

-		{

-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);

-		goto err;

-		}

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Computes a + b and stores the result in r.  r could be a or b, a could be b.

- * Uses algorithm A.10.2 of IEEE P1363.

- */

-int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;

-	int ret = 0;

-	if (EC_POINT_is_at_infinity(group, a))

-		{

-		if (!EC_POINT_copy(r, b)) return 0;

-		return 1;

-		}

-	if (EC_POINT_is_at_infinity(group, b))

-		{

-		if (!EC_POINT_copy(r, a)) return 0;

-		return 1;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	x0 = BN_CTX_get(ctx);

-	y0 = BN_CTX_get(ctx);

-	x1 = BN_CTX_get(ctx);

-	y1 = BN_CTX_get(ctx);

-	x2 = BN_CTX_get(ctx);

-	y2 = BN_CTX_get(ctx);

-	s = BN_CTX_get(ctx);

-	t = BN_CTX_get(ctx);

-	if (t == NULL) goto err;

-	if (a->Z_is_one)

-		{

-		if (!BN_copy(x0, &a->X)) goto err;

-		if (!BN_copy(y0, &a->Y)) goto err;

-		}

-	else

-		{

-		if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err;

-		}

-	if (b->Z_is_one)

-		{

-		if (!BN_copy(x1, &b->X)) goto err;

-		if (!BN_copy(y1, &b->Y)) goto err;

-		}

-	else

-		{

-		if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err;

-		}

-	if (BN_GF2m_cmp(x0, x1))

-		{

-		if (!BN_GF2m_add(t, x0, x1)) goto err;

-		if (!BN_GF2m_add(s, y0, y1)) goto err;

-		if (!group->meth->field_div(group, s, s, t, ctx)) goto err;

-		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;

-		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;

-		if (!BN_GF2m_add(x2, x2, s)) goto err;

-		if (!BN_GF2m_add(x2, x2, t)) goto err;

-		}

-	else

-		{

-		if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1))

-			{

-			if (!EC_POINT_set_to_infinity(group, r)) goto err;

-			ret = 1;

-			goto err;

-			}

-		if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err;

-		if (!BN_GF2m_add(s, s, x1)) goto err;

-		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;

-		if (!BN_GF2m_add(x2, x2, s)) goto err;

-		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;

-		}

-	if (!BN_GF2m_add(y2, x1, x2)) goto err;

-	if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err;

-	if (!BN_GF2m_add(y2, y2, x2)) goto err;

-	if (!BN_GF2m_add(y2, y2, y1)) goto err;

-	if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err;

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Computes 2 * a and stores the result in r.  r could be a.

- * Uses algorithm A.10.2 of IEEE P1363.

- */

-int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)

-	{

-	return ec_GF2m_simple_add(group, r, a, a, ctx);

-	}

-int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

-	{

-	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))

-		/* point is its own inverse */

-		return 1;

-	if (!EC_POINT_make_affine(group, point, ctx)) return 0;

-	return BN_GF2m_add(&point->Y, &point->X, &point->Y);

-	}

-/* Indicates whether the given point is the point at infinity. */

-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)

-	{

-	return BN_is_zero(&point->Z);

-	}

-/* Determines whether the given EC_POINT is an actual point on the curve defined

- * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:

- *      y^2 + x*y = x^3 + a*x^2 + b.

- */

-int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)

-	{

-	int ret = -1;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *lh, *y2;

-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);

-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);

-	if (EC_POINT_is_at_infinity(group, point))

-		return 1;

-	field_mul = group->meth->field_mul;

-	field_sqr = group->meth->field_sqr;

-	/* only support affine coordinates */

-	if (!point->Z_is_one) goto err;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return -1;

-		}

-	BN_CTX_start(ctx);

-	y2 = BN_CTX_get(ctx);

-	lh = BN_CTX_get(ctx);

-	if (lh == NULL) goto err;

-	/* We have a curve defined by a Weierstrass equation

-	 *      y^2 + x*y = x^3 + a*x^2 + b.

-	 *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0

-	 *  <=> ((x + a) * x + y ) * x + b + y^2 = 0

-	 */

-	if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err;

-	if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;

-	if (!BN_GF2m_add(lh, lh, &point->Y)) goto err;

-	if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;

-	if (!BN_GF2m_add(lh, lh, &group->b)) goto err;

-	if (!field_sqr(group, y2, &point->Y, ctx)) goto err;

-	if (!BN_GF2m_add(lh, lh, y2)) goto err;

-	ret = BN_is_zero(lh);

- err:

-	if (ctx) BN_CTX_end(ctx);

-	if (new_ctx) BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Indicates whether two points are equal.

- * Return values:

- *  -1   error

- *   0   equal (in affine coordinates)

- *   1   not equal

- */

-int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)

-	{

-	BIGNUM *aX, *aY, *bX, *bY;

-	BN_CTX *new_ctx = NULL;

-	int ret = -1;

-	if (EC_POINT_is_at_infinity(group, a))

-		{

-		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;

-		}

-	if (a->Z_is_one && b->Z_is_one)

-		{

-		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return -1;

-		}

-	BN_CTX_start(ctx);

-	aX = BN_CTX_get(ctx);

-	aY = BN_CTX_get(ctx);

-	bX = BN_CTX_get(ctx);

-	bY = BN_CTX_get(ctx);

-	if (bY == NULL) goto err;

-	if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err;

-	if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err;

-	ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;

-  err:

-	if (ctx) BN_CTX_end(ctx);

-	if (new_ctx) BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Forces the given EC_POINT to internally use affine coordinates. */

-int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *x, *y;

-	int ret = 0;

-	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))

-		return 1;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	if (y == NULL) goto err;

-	if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;

-	if (!BN_copy(&point->X, x)) goto err;

-	if (!BN_copy(&point->Y, y)) goto err;

-	if (!BN_one(&point->Z)) goto err;

-	ret = 1;

-  err:

-	if (ctx) BN_CTX_end(ctx);

-	if (new_ctx) BN_CTX_free(new_ctx);

-	return ret;

-	}

-/* Forces each of the EC_POINTs in the given array to use affine coordinates. */

-int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)

-	{

-	size_t i;

-	for (i = 0; i < num; i++)

-		{

-		if (!group->meth->make_affine(group, points[i], ctx)) return 0;

-		}

-	return 1;

-	}

-/* Wrapper to simple binary polynomial field multiplication implementation. */

-int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);

-	}

-/* Wrapper to simple binary polynomial field squaring implementation. */

-int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

-	{

-	return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);

-	}

-/* Wrapper to simple binary polynomial field division implementation. */

-int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	return BN_GF2m_mod_div(r, a, b, &group->field, ctx);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec2_smpt.c

+++ /dev/null

@@ -1,141 +1,0 @@

-/* crypto/ec/ec2_smpt.c */

-/* This code was originally written by Douglas Stebila

- * <[email protected]> for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Calaculates and sets the affine coordinates of an EC_POINT from the given

- * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1.

- * Note that the simple implementation only uses affine coordinates.

- *

- * This algorithm is patented by Certicom Corp. under US Patent 6,141,420

- * (for licensing information, contact [email protected]).

- * This function is disabled by default and can be enabled by defining the

- * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.

- */

-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x_, int y_bit, BN_CTX *ctx)

-	{

-#ifndef OPENSSL_EC_BIN_PT_COMP

-	ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED);

-	return 0;

-#else

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *tmp, *x, *y, *z;

-	int ret = 0, z0;

-	/* clear error queue */

-	ERR_clear_error();

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	y_bit = (y_bit != 0) ? 1 : 0;

-	BN_CTX_start(ctx);

-	tmp = BN_CTX_get(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	z = BN_CTX_get(ctx);

-	if (z == NULL) goto err;

-	if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;

-	if (BN_is_zero(x))

-		{

-		if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;

-		}

-	else

-		{

-		if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;

-		if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;

-		if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;

-		if (!BN_GF2m_add(tmp, x, tmp)) goto err;

-		if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx))

-			{

-			unsigned long err = ERR_peek_last_error();

-			if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION)

-				{

-				ERR_clear_error();

-				ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);

-				}

-			else

-				ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);

-			goto err;

-			}

-		z0 = (BN_is_odd(z)) ? 1 : 0;

-		if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;

-		if (z0 != y_bit)

-			{

-			if (!BN_GF2m_add(y, y, x)) goto err;

-			}

-		}

-	if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_asn1.c

+++ /dev/null

@@ -1,1429 +1,0 @@

-/* crypto/ec/ec_asn1.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include "ec_lcl.h"

-#include <openssl/err.h>

-#include <openssl/asn1t.h>

-#include <openssl/objects.h>

-int EC_GROUP_get_basis_type(const EC_GROUP *group)

-	{

-	int i=0;

-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=

-		NID_X9_62_characteristic_two_field)

-		/* everything else is currently not supported */

-		return 0;

-	while (group->poly[i] != 0)

-		i++;

-	if (i == 4)

-		return NID_X9_62_ppBasis;

-	else if (i == 2)

-		return NID_X9_62_tpBasis;

-	else

-		/* everything else is currently not supported */

-		return 0;

-	}

-int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)

-	{

-	if (group == NULL)

-		return 0;

-	if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve

-	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))

-		{

-		ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (k)

-		*k = group->poly[1];

-	return 1;

-	}

-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,

-	unsigned int *k2, unsigned int *k3)

-	{

-	if (group == NULL)

-		return 0;

-	if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve

-	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))

-		{

-		ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (k1)

-		*k1 = group->poly[3];

-	if (k2)

-		*k2 = group->poly[2];

-	if (k3)

-		*k3 = group->poly[1];

-	return 1;

-	}

-/* some structures needed for the asn1 encoding */

-typedef struct x9_62_pentanomial_st {

-	long k1;

-	long k2;

-	long k3;

-	} X9_62_PENTANOMIAL;

-typedef struct x9_62_characteristic_two_st {

-	long m;

-	ASN1_OBJECT  *type;

-	union	{

-		char *ptr;

-		/* NID_X9_62_onBasis */

-		ASN1_NULL    *onBasis;

-		/* NID_X9_62_tpBasis */

-		ASN1_INTEGER *tpBasis;

-		/* NID_X9_62_ppBasis */

-		X9_62_PENTANOMIAL *ppBasis;

-		/* anything else */

-		ASN1_TYPE *other;

-		} p;

-	} X9_62_CHARACTERISTIC_TWO;

-typedef struct x9_62_fieldid_st {

-        ASN1_OBJECT *fieldType;

-	union	{

-		char *ptr;

-		/* NID_X9_62_prime_field */

-		ASN1_INTEGER *prime;

-		/* NID_X9_62_characteristic_two_field */

-		X9_62_CHARACTERISTIC_TWO *char_two;

-		/* anything else */

-		ASN1_TYPE *other;

-		} p;

-	} X9_62_FIELDID;

-typedef struct x9_62_curve_st {

-        ASN1_OCTET_STRING *a;

-        ASN1_OCTET_STRING *b;

-        ASN1_BIT_STRING   *seed;

-        } X9_62_CURVE;

-typedef struct ec_parameters_st {

-        long              version;

-        X9_62_FIELDID     *fieldID;

-        X9_62_CURVE       *curve;

-        ASN1_OCTET_STRING *base;

-        ASN1_INTEGER      *order;

-        ASN1_INTEGER      *cofactor;

-        } ECPARAMETERS;

-struct ecpk_parameters_st {

-	int	type;

-	union {

-		ASN1_OBJECT  *named_curve;

-		ECPARAMETERS *parameters;

-		ASN1_NULL    *implicitlyCA;

-	} value;

-	}/* ECPKPARAMETERS */;

-/* SEC1 ECPrivateKey */

-typedef struct ec_privatekey_st {

-	long              version;

-	ASN1_OCTET_STRING *privateKey;

-        ECPKPARAMETERS    *parameters;

-	ASN1_BIT_STRING   *publicKey;

-	} EC_PRIVATEKEY;

-/* the OpenSSL ASN.1 definitions */

-ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {

-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),

-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),

-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)

-} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)

-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)

-ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);

-ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {

-	ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),

-	ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),

-	ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))

-} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);

-ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {

-	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),

-	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),

-	ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)

-} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)

-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)

-ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);

-ASN1_ADB(X9_62_FIELDID) = {

-	ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),

-	ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))

-} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);

-ASN1_SEQUENCE(X9_62_FIELDID) = {

-	ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),

-	ASN1_ADB_OBJECT(X9_62_FIELDID)

-} ASN1_SEQUENCE_END(X9_62_FIELDID)

-ASN1_SEQUENCE(X9_62_CURVE) = {

-	ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),

-	ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END(X9_62_CURVE)

-ASN1_SEQUENCE(ECPARAMETERS) = {

-	ASN1_SIMPLE(ECPARAMETERS, version, LONG),

-	ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),

-	ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),

-	ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),

-	ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(ECPARAMETERS)

-DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)

-ASN1_CHOICE(ECPKPARAMETERS) = {

-	ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),

-	ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),

-	ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)

-} ASN1_CHOICE_END(ECPKPARAMETERS)

-DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)

-IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)

-ASN1_SEQUENCE(EC_PRIVATEKEY) = {

-	ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),

-	ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),

-	ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),

-	ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)

-} ASN1_SEQUENCE_END(EC_PRIVATEKEY)

-DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)

-IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)

-/* some declarations of internal function */

-/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */

-static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);

-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */

-static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);

-/* ec_asn1_parameters2group() creates a EC_GROUP object from a

- * ECPARAMETERS object */

-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);

-/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a

- * EC_GROUP object */

-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);

-/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a

- * ECPKPARAMETERS object */

-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);

-/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a

- * EC_GROUP object */

-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,

-	ECPKPARAMETERS *);

-/* the function definitions */

-static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)

-	{

-	int			ok=0, nid;

-	BIGNUM			*tmp = NULL;

-	if (group == NULL || field == NULL)

-		return 0;

-	/* clear the old values (if necessary) */

-	if (field->fieldType != NULL)

-		ASN1_OBJECT_free(field->fieldType);

-	if (field->p.other != NULL)

-		ASN1_TYPE_free(field->p.other);

-	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));

-	/* set OID for the field */

-	if ((field->fieldType = OBJ_nid2obj(nid)) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);

-		goto err;

-		}

-	if (nid == NID_X9_62_prime_field)

-		{

-		if ((tmp = BN_new()) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		/* the parameters are specified by the prime number p */

-		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);

-			goto err;

-			}

-		/* set the prime number */

-		field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL);

-		if (field->p.prime == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		}

-	else	/* nid == NID_X9_62_characteristic_two_field */

-		{

-		int		field_type;

-		X9_62_CHARACTERISTIC_TWO *char_two;

-		field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();

-		char_two = field->p.char_two;

-		if (char_two == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		char_two->m = (long)EC_GROUP_get_degree(group);

-		field_type = EC_GROUP_get_basis_type(group);

-		if (field_type == 0)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);

-			goto err;

-			}

-		/* set base type OID */

-		if ((char_two->type = OBJ_nid2obj(field_type)) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);

-			goto err;

-			}

-		if (field_type == NID_X9_62_tpBasis)

-			{

-			unsigned int k;

-			if (!EC_GROUP_get_trinomial_basis(group, &k))

-				goto err;

-			char_two->p.tpBasis = ASN1_INTEGER_new();

-			if (!char_two->p.tpBasis)

-				{

-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k))

-				{

-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID,

-					ERR_R_ASN1_LIB);

-				goto err;

-				}

-			}

-		else if (field_type == NID_X9_62_ppBasis)

-			{

-			unsigned int k1, k2, k3;

-			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))

-				goto err;

-			char_two->p.ppBasis = X9_62_PENTANOMIAL_new();

-			if (!char_two->p.ppBasis)

-				{

-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			/* set k? values */

-			char_two->p.ppBasis->k1 = (long)k1;

-			char_two->p.ppBasis->k2 = (long)k2;

-			char_two->p.ppBasis->k3 = (long)k3;

-			}

-		else /* field_type == NID_X9_62_onBasis */

-			{

-			/* for ONB the parameters are (asn1) NULL */

-			char_two->p.onBasis = ASN1_NULL_new();

-			if (!char_two->p.onBasis)

-				{

-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			}

-		}

-	ok = 1;

-err :	if (tmp)

-		BN_free(tmp);

-	return(ok);

-}

-static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)

-	{

-	int           ok=0, nid;

-	BIGNUM        *tmp_1=NULL, *tmp_2=NULL;

-	unsigned char *buffer_1=NULL, *buffer_2=NULL,

-	              *a_buf=NULL, *b_buf=NULL;

-	size_t        len_1, len_2;

-	unsigned char char_zero = 0;

-	if (!group || !curve || !curve->a || !curve->b)

-		return 0;

-	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));

-	/* get a and b */

-	if (nid == NID_X9_62_prime_field)

-		{

-		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	else	/* nid == NID_X9_62_characteristic_two_field */

-		{

-		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	len_1 = (size_t)BN_num_bytes(tmp_1);

-	len_2 = (size_t)BN_num_bytes(tmp_2);

-	if (len_1 == 0)

-		{

-		/* len_1 == 0 => a == 0 */

-		a_buf = &char_zero;

-		len_1 = 1;

-		}

-	else

-		{

-		if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE,

-			      ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);

-			goto err;

-			}

-		a_buf = buffer_1;

-		}

-	if (len_2 == 0)

-		{

-		/* len_2 == 0 => b == 0 */

-		b_buf = &char_zero;

-		len_2 = 1;

-		}

-	else

-		{

-		if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE,

-			      ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);

-			goto err;

-			}

-		b_buf = buffer_2;

-		}

-	/* set a and b */

-	if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||

-	    !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2))

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);

-		goto err;

-		}

-	/* set the seed (optional) */

-	if (group->seed)

-		{

-		if (!curve->seed)

-			if ((curve->seed = ASN1_BIT_STRING_new()) == NULL)

-				{

-				ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

-		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;

-		if (!ASN1_BIT_STRING_set(curve->seed, group->seed,

-		                         (int)group->seed_len))

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		}

-	else

-		{

-		if (curve->seed)

-			{

-			ASN1_BIT_STRING_free(curve->seed);

-			curve->seed = NULL;

-			}

-		}

-	ok = 1;

-err:	if (buffer_1)

-		OPENSSL_free(buffer_1);

-	if (buffer_2)

-		OPENSSL_free(buffer_2);

-	if (tmp_1)

-		BN_free(tmp_1);

-	if (tmp_2)

-		BN_free(tmp_2);

-	return(ok);

-	}

-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,

-                                              ECPARAMETERS *param)

-	{

-	int	ok=0;

-	size_t  len=0;

-	ECPARAMETERS   *ret=NULL;

-	BIGNUM	       *tmp=NULL;

-	unsigned char  *buffer=NULL;

-	const EC_POINT *point=NULL;

-	point_conversion_form_t form;

-	if ((tmp = BN_new()) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (param == NULL)

-	{

-		if ((ret = ECPARAMETERS_new()) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,

-			      ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-	}

-	else

-		ret = param;

-	/* set the version (always one) */

-	ret->version = (long)0x1;

-	/* set the fieldID */

-	if (!ec_asn1_group2fieldid(group, ret->fieldID))

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);

-		goto err;

-		}

-	/* set the curve */

-	if (!ec_asn1_group2curve(group, ret->curve))

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);

-		goto err;

-		}

-	/* set the base point */

-	if ((point = EC_GROUP_get0_generator(group)) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);

-		goto err;

-		}

-	form = EC_GROUP_get_point_conversion_form(group);

-	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);

-	if (len == 0)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);

-		goto err;

-		}

-	if ((buffer = OPENSSL_malloc(len)) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);

-		goto err;

-		}

-	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);

-		goto err;

-		}

-	/* set the order */

-	if (!EC_GROUP_get_order(group, tmp, NULL))

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);

-		goto err;

-		}

-	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);

-	if (ret->order == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);

-		goto err;

-		}

-	/* set the cofactor (optional) */

-	if (EC_GROUP_get_cofactor(group, tmp, NULL))

-		{

-		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);

-		if (ret->cofactor == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		}

-	ok = 1;

-err :	if(!ok)

-		{

-		if (ret && !param)

-			ECPARAMETERS_free(ret);

-		ret = NULL;

-		}

-	if (tmp)

-		BN_free(tmp);

-	if (buffer)

-		OPENSSL_free(buffer);

-	return(ret);

-	}

-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,

-                                           ECPKPARAMETERS *params)

-	{

-	int            ok = 1, tmp;

-	ECPKPARAMETERS *ret = params;

-	if (ret == NULL)

-		{

-		if ((ret = ECPKPARAMETERS_new()) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,

-			      ERR_R_MALLOC_FAILURE);

-			return NULL;

-			}

-		}

-	else

-		{

-		if (ret->type == 0 && ret->value.named_curve)

-			ASN1_OBJECT_free(ret->value.named_curve);

-		else if (ret->type == 1 && ret->value.parameters)

-			ECPARAMETERS_free(ret->value.parameters);

-		}

-	if (EC_GROUP_get_asn1_flag(group))

-		{

-		/* use the asn1 OID to describe the

-		 * the elliptic curve parameters

-		 */

-		tmp = EC_GROUP_get_curve_name(group);

-		if (tmp)

-			{

-			ret->type = 0;

-			if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)

-				ok = 0;

-			}

-		else

-			/* we don't kmow the nid => ERROR */

-			ok = 0;

-		}

-	else

-		{

-		/* use the ECPARAMETERS structure */

-		ret->type = 1;

-		if ((ret->value.parameters = ec_asn1_group2parameters(

-		     group, NULL)) == NULL)

-			ok = 0;

-		}

-	if (!ok)

-		{

-		ECPKPARAMETERS_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)

-	{

-	int			ok = 0, tmp;

-	EC_GROUP		*ret = NULL;

-	BIGNUM			*p = NULL, *a = NULL, *b = NULL;

-	EC_POINT		*point=NULL;

-	long    		field_bits;

-	if (!params->fieldID || !params->fieldID->fieldType ||

-	    !params->fieldID->p.ptr)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-		goto err;

-		}

-	/* now extract the curve parameters a and b */

-	if (!params->curve || !params->curve->a ||

-	    !params->curve->a->data || !params->curve->b ||

-	    !params->curve->b->data)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-		goto err;

-		}

-	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);

-	if (a == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);

-		goto err;

-		}

-	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);

-	if (b == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);

-		goto err;

-		}

-	/* get the field parameters */

-	tmp = OBJ_obj2nid(params->fieldID->fieldType);

-	if (tmp == NID_X9_62_characteristic_two_field)

-		{

-		X9_62_CHARACTERISTIC_TWO *char_two;

-		char_two = params->fieldID->p.char_two;

-		field_bits = char_two->m;

-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);

-			goto err;

-			}

-		if ((p = BN_new()) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		/* get the base type */

-		tmp = OBJ_obj2nid(char_two->type);

-		if (tmp ==  NID_X9_62_tpBasis)

-			{

-			long tmp_long;

-			if (!char_two->p.tpBasis)

-				{

-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-				goto err;

-				}

-			tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);

-			if (!(char_two->m > tmp_long && tmp_long > 0))

-				{

-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);

-				goto err;

-				}

-			/* create the polynomial */

-			if (!BN_set_bit(p, (int)char_two->m))

-				goto err;

-			if (!BN_set_bit(p, (int)tmp_long))

-				goto err;

-			if (!BN_set_bit(p, 0))

-				goto err;

-			}

-		else if (tmp == NID_X9_62_ppBasis)

-			{

-			X9_62_PENTANOMIAL *penta;

-			penta = char_two->p.ppBasis;

-			if (!penta)

-				{

-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-				goto err;

-				}

-			if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0))

-				{

-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);

-				goto err;

-				}

-			/* create the polynomial */

-			if (!BN_set_bit(p, (int)char_two->m)) goto err;

-			if (!BN_set_bit(p, (int)penta->k1)) goto err;

-			if (!BN_set_bit(p, (int)penta->k2)) goto err;

-			if (!BN_set_bit(p, (int)penta->k3)) goto err;

-			if (!BN_set_bit(p, 0)) goto err;

-			}

-		else if (tmp == NID_X9_62_onBasis)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);

-			goto err;

-			}

-		else /* error */

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-			goto err;

-			}

-		/* create the EC_GROUP structure */

-		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);

-		}

-	else if (tmp == NID_X9_62_prime_field)

-		{

-		/* we have a curve over a prime field */

-		/* extract the prime number */

-		if (!params->fieldID->p.prime)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-			goto err;

-			}

-		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);

-		if (p == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		if (BN_is_negative(p) || BN_is_zero(p))

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);

-			goto err;

-			}

-		field_bits = BN_num_bits(p);

-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);

-			goto err;

-			}

-		/* create the EC_GROUP structure */

-		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);

-		}

-	else

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);

-		goto err;

-		}

-	if (ret == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);

-		goto err;

-		}

-	/* extract seed (optional) */

-	if (params->curve->seed != NULL)

-		{

-		if (ret->seed != NULL)

-			OPENSSL_free(ret->seed);

-		if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,

-			      ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		memcpy(ret->seed, params->curve->seed->data,

-		       params->curve->seed->length);

-		ret->seed_len = params->curve->seed->length;

-		}

-	if (!params->order || !params->base || !params->base->data)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);

-		goto err;

-		}

-	if ((point = EC_POINT_new(ret)) == NULL) goto err;

-	/* set the point conversion form */

-	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)

-				(params->base->data[0] & ~0x01));

-	/* extract the ec point */

-	if (!EC_POINT_oct2point(ret, point, params->base->data,

-		                params->base->length, NULL))

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);

-		goto err;

-		}

-	/* extract the order */

-	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);

-		goto err;

-		}

-	if (BN_is_negative(a) || BN_is_zero(a))

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);

-		goto err;

-		}

-	if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);

-		goto err;

-		}

-	/* extract the cofactor (optional) */

-	if (params->cofactor == NULL)

-		{

-		if (b)

-			{

-			BN_free(b);

-			b = NULL;

-			}

-		}

-	else

-		if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);

-			goto err;

-			}

-	/* set the generator, order and cofactor (if present) */

-	if (!EC_GROUP_set_generator(ret, point, a, b))

-		{

-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);

-		goto err;

-		}

-	ok = 1;

-err:	if (!ok)

-		{

-		if (ret)

-			EC_GROUP_clear_free(ret);

-		ret = NULL;

-		}

-	if (p)

-		BN_free(p);

-	if (a)

-		BN_free(a);

-	if (b)

-		BN_free(b);

-	if (point)

-		EC_POINT_free(point);

-	return(ret);

-}

-EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)

-	{

-	EC_GROUP *ret=NULL;

-	int      tmp=0;

-	if (params == NULL)

-		{

-		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,

-		      EC_R_MISSING_PARAMETERS);

-		return NULL;

-		}

-	if (params->type == 0)

-		{ /* the curve is given by an OID */

-		tmp = OBJ_obj2nid(params->value.named_curve);

-		if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL)

-			{

-			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,

-			      EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);

-			return NULL;

-			}

-		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);

-		}

-	else if (params->type == 1)

-		{ /* the parameters are given by a ECPARAMETERS

-		   * structure */

-		ret = ec_asn1_parameters2group(params->value.parameters);

-		if (!ret)

-			{

-			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);

-			return NULL;

-			}

-		EC_GROUP_set_asn1_flag(ret, 0x0);

-		}

-	else if (params->type == 2)

-		{ /* implicitlyCA */

-		return NULL;

-		}

-	else

-		{

-		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);

-		return NULL;

-		}

-	return ret;

-	}

-/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */

-EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)

-	{

-	EC_GROUP	*group  = NULL;

-	ECPKPARAMETERS	*params = NULL;

-	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)

-		{

-		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);

-		ECPKPARAMETERS_free(params);

-		return NULL;

-		}

-	if ((group = ec_asn1_pkparameters2group(params)) == NULL)

-		{

-		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);

-		return NULL;

-		}

-	if (a && *a)

-		EC_GROUP_clear_free(*a);

-	if (a)

-		*a = group;

-	ECPKPARAMETERS_free(params);

-	return(group);

-	}

-int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)

-	{

-	int		ret=0;

-	ECPKPARAMETERS	*tmp = ec_asn1_group2pkparameters(a, NULL);

-	if (tmp == NULL)

-		{

-		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);

-		return 0;

-		}

-	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)

-		{

-		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);

-		ECPKPARAMETERS_free(tmp);

-		return 0;

-		}

-	ECPKPARAMETERS_free(tmp);

-	return(ret);

-	}

-/* some EC_KEY functions */

-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)

-	{

-	int             ok=0;

-	EC_KEY          *ret=NULL;

-	EC_PRIVATEKEY   *priv_key=NULL;

-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)

-		{

-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)

-		{

-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);

-		EC_PRIVATEKEY_free(priv_key);

-		return NULL;

-		}

-	if (a == NULL || *a == NULL)

-		{

-		if ((ret = EC_KEY_new()) == NULL)

-			{

-			ECerr(EC_F_D2I_ECPRIVATEKEY,

-                                 ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		if (a)

-			*a = ret;

-		}

-	else

-		ret = *a;

-	if (priv_key->parameters)

-		{

-		if (ret->group)

-			EC_GROUP_clear_free(ret->group);

-		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);

-		}

-	if (ret->group == NULL)

-		{

-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);

-		goto err;

-		}

-	ret->version = priv_key->version;

-	if (priv_key->privateKey)

-		{

-		ret->priv_key = BN_bin2bn(

-			M_ASN1_STRING_data(priv_key->privateKey),

-			M_ASN1_STRING_length(priv_key->privateKey),

-			ret->priv_key);

-		if (ret->priv_key == NULL)

-			{

-			ECerr(EC_F_D2I_ECPRIVATEKEY,

-                              ERR_R_BN_LIB);

-			goto err;

-			}

-		}

-	else

-		{

-		ECerr(EC_F_D2I_ECPRIVATEKEY,

-                      EC_R_MISSING_PRIVATE_KEY);

-		goto err;

-		}

-	if (priv_key->publicKey)

-		{

-		const unsigned char *pub_oct;

-		size_t pub_oct_len;

-		if (ret->pub_key)

-			EC_POINT_clear_free(ret->pub_key);

-		ret->pub_key = EC_POINT_new(ret->group);

-		if (ret->pub_key == NULL)

-			{

-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);

-			goto err;

-			}

-		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);

-		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);

-		/* save the point conversion form */

-		ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);

-		if (!EC_POINT_oct2point(ret->group, ret->pub_key,

-			pub_oct, pub_oct_len, NULL))

-			{

-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	ok = 1;

-err:

-	if (!ok)

-		{

-		if (ret)

-			EC_KEY_free(ret);

-		ret = NULL;

-		}

-	if (priv_key)

-		EC_PRIVATEKEY_free(priv_key);

-	return(ret);

-	}

-int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)

-	{

-	int             ret=0, ok=0;

-	unsigned char   *buffer=NULL;

-	size_t          buf_len=0, tmp_len;

-	EC_PRIVATEKEY   *priv_key=NULL;

-	if (a == NULL || a->group == NULL || a->priv_key == NULL)

-		{

-		ECerr(EC_F_I2D_ECPRIVATEKEY,

-                      ERR_R_PASSED_NULL_PARAMETER);

-		goto err;

-		}

-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)

-		{

-		ECerr(EC_F_I2D_ECPRIVATEKEY,

-                      ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	priv_key->version = a->version;

-	buf_len = (size_t)BN_num_bytes(a->priv_key);

-	buffer = OPENSSL_malloc(buf_len);

-	if (buffer == NULL)

-		{

-		ECerr(EC_F_I2D_ECPRIVATEKEY,

-                      ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!BN_bn2bin(a->priv_key, buffer))

-		{

-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);

-		goto err;

-		}

-	if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))

-		{

-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);

-		goto err;

-		}

-	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))

-		{

-		if ((priv_key->parameters = ec_asn1_group2pkparameters(

-			a->group, priv_key->parameters)) == NULL)

-			{

-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))

-		{

-		priv_key->publicKey = M_ASN1_BIT_STRING_new();

-		if (priv_key->publicKey == NULL)

-			{

-			ECerr(EC_F_I2D_ECPRIVATEKEY,

-				ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		tmp_len = EC_POINT_point2oct(a->group, a->pub_key,

-				a->conv_form, NULL, 0, NULL);

-		if (tmp_len > buf_len)

-			{

-			unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);

-			if (!tmp_buffer)

-				{

-				ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			buffer = tmp_buffer;

-			buf_len = tmp_len;

-			}

-		if (!EC_POINT_point2oct(a->group, a->pub_key,

-			a->conv_form, buffer, buf_len, NULL))

-			{

-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);

-			goto err;

-			}

-		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

-		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;

-		if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer,

-				buf_len))

-			{

-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);

-			goto err;

-			}

-		}

-	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)

-		{

-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);

-		goto err;

-		}

-	ok=1;

-err:

-	if (buffer)

-		OPENSSL_free(buffer);

-	if (priv_key)

-		EC_PRIVATEKEY_free(priv_key);

-	return(ok?ret:0);

-	}

-int i2d_ECParameters(EC_KEY *a, unsigned char **out)

-	{

-	if (a == NULL)

-		{

-		ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	return i2d_ECPKParameters(a->group, out);

-	}

-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)

-	{

-	EC_KEY   *ret;

-	if (in == NULL || *in == NULL)

-		{

-		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (a == NULL || *a == NULL)

-		{

-		if ((ret = EC_KEY_new()) == NULL)

-			{

-			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);

-			return NULL;

-			}

-		if (a)

-			*a = ret;

-		}

-	else

-		ret = *a;

-	if (!d2i_ECPKParameters(&ret->group, in, len))

-		{

-		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);

-		return NULL;

-		}

-	return ret;

-	}

-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)

-	{

-	EC_KEY *ret=NULL;

-	if (a == NULL || (*a) == NULL || (*a)->group == NULL)

-		{

-		/* sorry, but a EC_GROUP-structur is necessary

-                 * to set the public key */

-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	ret = *a;

-	if (ret->pub_key == NULL &&

-		(ret->pub_key = EC_POINT_new(ret->group)) == NULL)

-		{

-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))

-		{

-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);

-		return 0;

-		}

-	/* save the point conversion form */

-	ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);

-	*in += len;

-	return ret;

-	}

-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)

-	{

-        size_t buf_len=0;

-	int new_buffer = 0;

-        if (a == NULL)

-		{

-		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-        buf_len = EC_POINT_point2oct(a->group, a->pub_key,

-                              a->conv_form, NULL, 0, NULL);

-	if (out == NULL || buf_len == 0)

-	/* out == NULL => just return the length of the octet string */

-		return buf_len;

-	if (*out == NULL)

-		{

-		if ((*out = OPENSSL_malloc(buf_len)) == NULL)

-			{

-			ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		new_buffer = 1;

-		}

-        if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,

-				*out, buf_len, NULL))

-		{

-		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);

-		OPENSSL_free(*out);

-		*out = NULL;

-		return 0;

-		}

-	if (!new_buffer)

-		*out += buf_len;

-	return buf_len;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_check.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* crypto/ec/ec_check.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ec_lcl.h"

-#include <openssl/err.h>

-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BIGNUM *order;

-	BN_CTX *new_ctx = NULL;

-	EC_POINT *point = NULL;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			{

-			ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	BN_CTX_start(ctx);

-	if ((order = BN_CTX_get(ctx)) == NULL) goto err;

-	/* check the discriminant */

-	if (!EC_GROUP_check_discriminant(group, ctx))

-		{

-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);

-		goto err;

-		}

-	/* check the generator */

-	if (group->generator == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);

-		goto err;

-		}

-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))

-		{

-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);

-		goto err;

-		}

-	/* check the order of the generator */

-	if ((point = EC_POINT_new(group)) == NULL) goto err;

-	if (!EC_GROUP_get_order(group, order, ctx)) goto err;

-	if (BN_is_zero(order))

-		{

-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);

-		goto err;

-		}

-	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err;

-	if (!EC_POINT_is_at_infinity(group, point))

-		{

-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);

-		goto err;

-		}

-	ret = 1;

-err:

-	if (ctx != NULL)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	if (point)

-		EC_POINT_free(point);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_curve.c

+++ /dev/null

@@ -1,1270 +1,0 @@

-/* crypto/ec/ec_curve.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#include "ec_lcl.h"

-#include <openssl/err.h>

-#include <openssl/obj_mac.h>

-typedef struct ec_curve_data_st {

-	int	field_type;	/* either NID_X9_62_prime_field or

-				 * NID_X9_62_characteristic_two_field */

-	const char *p;		/* either a prime number or a polynomial */

-	const char *a;

-	const char *b;

-	const char *x;		/* the x coordinate of the generator */

-	const char *y;		/* the y coordinate of the generator */

-	const char *order;	/* the order of the group generated by the

-				 * generator */

-	const BN_ULONG cofactor;/* the cofactor */

-	const unsigned char *seed;/* the seed (optional) */

-	size_t	seed_len;

-	const char *comment;	/* a short description of the curve */

-} EC_CURVE_DATA;

-/* the nist prime curves */

-static const unsigned char _EC_NIST_PRIME_192_SEED[] = {

-	0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,

-	0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};

-static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",

-	"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",

-	"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",

-	"07192b95ffc8da78631011ed6b24cdd573f977a11e794811",

-	"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,

-	_EC_NIST_PRIME_192_SEED, 20,

-	"NIST/X9.62/SECG curve over a 192 bit prime field"

-	};

-static const unsigned char _EC_NIST_PRIME_224_SEED[] = {

-	0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,

-	0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};

-static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",

-	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",

-	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",

-	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,

-	_EC_NIST_PRIME_224_SEED, 20,

-	"NIST/SECG curve over a 224 bit prime field"

-	};

-static const unsigned char _EC_NIST_PRIME_384_SEED[] = {

-	0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,

-	0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};

-static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"

-	"FFF0000000000000000FFFFFFFF",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"

-	"FFF0000000000000000FFFFFFFC",

-	"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"

-	"98D8A2ED19D2A85C8EDD3EC2AEF",

-	"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"

-	"25DBF55296C3A545E3872760AB7",

-	"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"

-	"1ce1d7e819d7a431d7c90ea0e5f",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"

-	"DB248B0A77AECEC196ACCC52973",1,

-	_EC_NIST_PRIME_384_SEED, 20,

-	"NIST/SECG curve over a 384 bit prime field"

-	};

-static const unsigned char _EC_NIST_PRIME_521_SEED[] = {

-	0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,

-	0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};

-static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {

-	NID_X9_62_prime_field,

-	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",

-	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",

-	"051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"

-	"193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",

-	"C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"

-	"B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",

-	"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"

-	"7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",

-	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"

-	"868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,

-	_EC_NIST_PRIME_521_SEED, 20,

-	"NIST/SECG curve over a 521 bit prime field"

-	};

-/* the x9.62 prime curves (minus the nist prime curves) */

-static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {

-	0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,

-	0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};

-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",

-	"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",

-	"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",

-	"6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",

-	"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,

-	_EC_X9_62_PRIME_192V2_SEED, 20,

-	"X9.62 curve over a 192 bit prime field"

-	};

-static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {

-	0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,

-	0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};

-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",

-	"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",

-	"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",

-	"38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",

-	"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,

-	_EC_X9_62_PRIME_192V3_SEED, 20,

-	"X9.62 curve over a 192 bit prime field"

-	};

-static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {

-	0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,

-	0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};

-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {

-	NID_X9_62_prime_field,

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",

-	"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",

-	"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",

-	"7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,

-	_EC_X9_62_PRIME_239V1_SEED, 20,

-	"X9.62 curve over a 239 bit prime field"

-	};

-static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {

-	0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,

-	0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};

-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {

-	NID_X9_62_prime_field,

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",

-	"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",

-	"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",

-	"5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",

-	"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,

-	_EC_X9_62_PRIME_239V2_SEED, 20,

-	"X9.62 curve over a 239 bit prime field"

-	};

-static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {

-	0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,

-	0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};

-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {

-	NID_X9_62_prime_field,

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",

-	"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",

-	"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",

-	"1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",

-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,

-	_EC_X9_62_PRIME_239V3_SEED, 20,

-	"X9.62 curve over a 239 bit prime field"

-	};

-static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {

-	0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,

-	0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};

-static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",

-	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",

-	"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",

-	"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",

-	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",

-	"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,

-	_EC_X9_62_PRIME_256V1_SEED, 20,

-	"X9.62/SECG curve over a 256 bit prime field"

-	};

-/* the secg prime curves (minus the nist and x9.62 prime curves) */

-static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {

-	0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,

-	0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};

-static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {

-	NID_X9_62_prime_field,

-	"DB7C2ABF62E35E668076BEAD208B",

-	"DB7C2ABF62E35E668076BEAD2088",

-	"659EF8BA043916EEDE8911702B22",

-	"09487239995A5EE76B55F9C2F098",

-	"a89ce5af8724c0a23e0e0ff77500",

-	"DB7C2ABF62E35E7628DFAC6561C5",1,

-	_EC_SECG_PRIME_112R1_SEED, 20,

-	"SECG/WTLS curve over a 112 bit prime field"

-	};

-static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {

-	0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,

-	0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};

-static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {

-	NID_X9_62_prime_field,

-	"DB7C2ABF62E35E668076BEAD208B",

-	"6127C24C05F38A0AAAF65C0EF02C",

-	"51DEF1815DB5ED74FCC34C85D709",

-	"4BA30AB5E892B4E1649DD0928643",

-	"adcd46f5882e3747def36e956e97",

-	"36DF0AAFD8B8D7597CA10520D04B",4,

-	_EC_SECG_PRIME_112R2_SEED, 20,

-	"SECG curve over a 112 bit prime field"

-	};

-static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {

-	0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,

-	0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};

-static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",

-	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",

-	"E87579C11079F43DD824993C2CEE5ED3",

-	"161FF7528B899B2D0C28607CA52C5B86",

-	"cf5ac8395bafeb13c02da292dded7a83",

-	"FFFFFFFE0000000075A30D1B9038A115",1,

-	_EC_SECG_PRIME_128R1_SEED, 20,

-	"SECG curve over a 128 bit prime field"

-	};

-static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {

-	0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,

-	0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};

-static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",

-	"D6031998D1B3BBFEBF59CC9BBFF9AEE1",

-	"5EEEFCA380D02919DC2C6558BB6D8A5D",

-	"7B6AA5D85E572983E6FB32A7CDEBC140",

-	"27b6916a894d3aee7106fe805fc34b44",

-	"3FFFFFFF7FFFFFFFBE0024720613B5A3",4,

-	_EC_SECG_PRIME_128R2_SEED, 20,

-	"SECG curve over a 128 bit prime field"

-	};

-static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",

-	"0",

-	"7",

-	"3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",

-	"938cf935318fdced6bc28286531733c3f03c4fee",

-	"0100000000000000000001B8FA16DFAB9ACA16B6B3",1,

-	NULL, 0,

-	"SECG curve over a 160 bit prime field"

-	};

-static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {

-	0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45};

-static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",

-	"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",

-	"4A96B5688EF573284664698968C38BB913CBFC82",

-	"23a628553168947d59dcc912042351377ac5fb32",

-	"0100000000000000000001F4C8F927AED3CA752257",1,

-	_EC_SECG_PRIME_160R1_SEED, 20,

-	"SECG curve over a 160 bit prime field"

-	};

-static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {

-	0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,

-	0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51};

-static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",

-	"B4E134D3FB59EB8BAB57274904664D5AF50388BA",

-	"52DCB034293A117E1F4FF11B30F7199D3144CE6D",

-	"feaffef2e331f296e071fa0df9982cfea7d43f2e",

-	"0100000000000000000000351EE786A818F3A1A16B",1,

-	_EC_SECG_PRIME_160R2_SEED, 20,

-	"SECG/WTLS curve over a 160 bit prime field"

-	};

-static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",

-	"0",

-	"3",

-	"DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",

-	"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",

-	"FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1,

-	NULL, 20,

-	"SECG curve over a 192 bit prime field"

-	};

-static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",

-	"0",

-	"5",

-	"A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",

-	"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",

-	"010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1,

-	NULL, 20,

-	"SECG curve over a 224 bit prime field"

-	};

-static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",

-	"0",

-	"7",

-	"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",

-	"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1,

-	NULL, 20,

-	"SECG curve over a 256 bit prime field"

-	};

-/* some wap/wtls curves */

-static const EC_CURVE_DATA _EC_WTLS_8 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFDE7",

-	"0",

-	"3",

-	"1",

-	"2",

-	"0100000000000001ECEA551AD837E9",1,

-	NULL, 20,

-	"WTLS curve over a 112 bit prime field"

-	};

-static const EC_CURVE_DATA _EC_WTLS_9 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",

-	"0",

-	"3",

-	"1",

-	"2",

-	"0100000000000000000001CDC98AE0E2DE574ABF33",1,

-	NULL, 20,

-	"WTLS curve over a 160 bit prime field"

-	};

-static const EC_CURVE_DATA _EC_WTLS_12 = {

-	NID_X9_62_prime_field,

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",

-	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",

-	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",

-	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",

-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,

-	NULL, 0,

-	"WTLS curvs over a 224 bit prime field"

-	};

-/* characteristic two curves */

-static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {

-	0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,

-	0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000201",

-	"003088250CA6E7C7FE649CE85820F7",

-	"00E8BEE4D3E2260744188BE0E9C723",

-	"009D73616F35F4AB1407D73562C10F",

-	"00A52830277958EE84D1315ED31886",

-	"0100000000000000D9CCEC8A39E56F", 2,

-	_EC_SECG_CHAR2_113R1_SEED, 20,

-	"SECG curve over a 113 bit binary field"

-	};

-static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {

-	0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,

-	0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000201",

-	"00689918DBEC7E5A0DD6DFC0AA55C7",

-	"0095E9A9EC9B297BD4BF36E059184F",

-	"01A57A6A7B26CA5EF52FCDB8164797",

-	"00B3ADC94ED1FE674C06E695BABA1D",

-	"010000000000000108789B2496AF93", 2,

-	_EC_SECG_CHAR2_113R2_SEED, 20,

-	"SECG curve over a 113 bit binary field"

-	};

-static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {

-	0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,

-	0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {

-	NID_X9_62_characteristic_two_field,

-	"080000000000000000000000000000010D",

-	"07A11B09A76B562144418FF3FF8C2570B8",

-	"0217C05610884B63B9C6C7291678F9D341",

-	"0081BAF91FDF9833C40F9C181343638399",

-	"078C6E7EA38C001F73C8134B1B4EF9E150",

-	"0400000000000000023123953A9464B54D", 2,

-	_EC_SECG_CHAR2_131R1_SEED, 20,

-	"SECG/WTLS curve over a 131 bit binary field"

-	};

-static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {

-	0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {

-	NID_X9_62_characteristic_two_field,

-	"080000000000000000000000000000010D",

-	"03E5A88919D7CAFCBF415F07C2176573B2",

-	"04B8266A46C55657AC734CE38F018F2192",

-	"0356DCD8F2F95031AD652D23951BB366A8",

-	"0648F06D867940A5366D9E265DE9EB240F",

-	"0400000000000000016954A233049BA98F", 2,

-	_EC_SECG_CHAR2_131R2_SEED, 20,

-	"SECG curve over a 131 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = {

-	NID_X9_62_characteristic_two_field,

-	"0800000000000000000000000000000000000000C9",

-	"1",

-	"1",

-	"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",

-	"0289070FB05D38FF58321F2E800536D538CCDAA3D9",

-	"04000000000000000000020108A2E0CC0D99F8A5EF", 2,

-	NULL, 0,

-	"NIST/SECG/WTLS curve over a 163 bit binary field"

-	};

-static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {

-	0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,

-	0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {

-	NID_X9_62_characteristic_two_field,

-	"0800000000000000000000000000000000000000C9",

-	"07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",

-	"0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",

-	"0369979697AB43897789566789567F787A7876A654",

-	"00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",

-	"03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,

-/* The algorithm used to derive the curve parameters from

- * the seed used here is slightly different than the

- * algorithm described in X9.62 .

- */

-#if 0

-	_EC_SECG_CHAR2_163R1_SEED, 20,

-#else

-	NULL, 0,

-#endif

-	"SECG curve over a 163 bit binary field"

-	};

-static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = {

-	0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,

-	0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={

-	NID_X9_62_characteristic_two_field,

-	"0800000000000000000000000000000000000000C9",

-	"1",

-	"020A601907B8C953CA1481EB10512F78744A3205FD",

-	"03F0EBA16286A2D57EA0991168D4994637E8343E36",

-	"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",

-	"040000000000000000000292FE77E70C12A4234C33", 2,

-/* The seed here was used to created the curve parameters in normal

- * basis representation (and not the polynomial representation used here)

- */

-#if 0

-	_EC_NIST_CHAR2_163B_SEED, 20,

-#else

-	NULL, 0,

-#endif

-	"NIST/SECG curve over a 163 bit binary field"

-	};

-static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {

-	0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,

-	0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {

-	NID_X9_62_characteristic_two_field,

-	"02000000000000000000000000000000000000000000008001",

-	"0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",

-	"00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",

-	"01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",

-	"0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",

-	"01000000000000000000000000C7F34A778F443ACC920EBA49", 2,

-	_EC_SECG_CHAR2_193R1_SEED, 20,

-	"SECG curve over a 193 bit binary field"

-	};

-static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {

-	0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,

-	0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {

-	NID_X9_62_characteristic_two_field,

-	"02000000000000000000000000000000000000000000008001",

-	"0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",

-	"00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",

-	"00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",

-	"01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",

-	"010000000000000000000000015AAB561B005413CCD4EE99D5", 2,

-	_EC_SECG_CHAR2_193R2_SEED, 20,

-	"SECG curve over a 193 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000000000000000004000000000000000001",

-	"0",

-	"1",

-	"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",

-	"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",

-	"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,

-	NULL, 0,

-	"NIST/SECG/WTLS curve over a 233 bit binary field"

-	};

-static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = {

-	0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,

-	0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000000000000000004000000000000000001",

-	"000000000000000000000000000000000000000000000000000000000001",

-	"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",

-	"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",

-	"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",

-	"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,

-	_EC_NIST_CHAR2_233B_SEED, 20,

-	"NIST/SECG/WTLS curve over a 233 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000004000000000000000000000000000000000000001",

-	"0",

-	"1",

-	"29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",

-	"76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",

-	"2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,

-	NULL, 0,

-	"SECG curve over a 239 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = {

-	NID_X9_62_characteristic_two_field,

-	"080000000000000000000000000000000000000000000000000000000000000000001"

-	"0A1",

-	"0",

-	"1",

-	"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"

-	"836",

-	"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"

-	"259",

-	"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"

-	"C61", 4,

-	NULL, 20,

-	"NIST/SECG curve over a 283 bit binary field"

-	};

-static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = {

-	0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,

-	0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = {

-	NID_X9_62_characteristic_two_field,

-	"080000000000000000000000000000000000000000000000000000000000000000001"

-	"0A1",

-	"000000000000000000000000000000000000000000000000000000000000000000000"

-	"001",

-	"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"

-	"2F5",

-	"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"

-	"053",

-	"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"

-	"2F4",

-	"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"

-	"307", 2,

-	_EC_NIST_CHAR2_283B_SEED, 20,

-	"NIST/SECG curve over a 283 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000000000000000000000000000000000000000000000"

-	"00000000000008000000000000000000001",

-	"0",

-	"1",

-	"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"

-	"89EB5AAAA62EE222EB1B35540CFE9023746",

-	"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"

-	"C42E9C55215AA9CA27A5863EC48D8E0286B",

-	"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"

-	"EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,

-	NULL, 0,

-	"NIST/SECG curve over a 409 bit binary field"

-	};

-static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = {

-	0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,

-	0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000000000000000000000000000000000000000000000"

-	"00000000000008000000000000000000001",

-	"000000000000000000000000000000000000000000000000000000000000000000000"

-	"00000000000000000000000000000000001",

-	"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"

-	"7B272822F6CD57A55AA4F50AE317B13545F",

-	"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"

-	"A868A1180515603AEAB60794E54BB7996A7",

-	"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"

-	"F1FDF4B4F40D2181B3681C364BA0273C706",

-	"010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"

-	"7BE5FA47C3C9E052F838164CD37D9A21173", 2,

-	_EC_NIST_CHAR2_409B_SEED, 20,

-	"NIST/SECG curve over a 409 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000000000000000000000000"

-	"000000000000000000000000000000000000000000000000000000000000000000000"

-	"00425",

-	"0",

-	"1",

-	"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"

-	"58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"

-	"1C8972",

-	"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"

-	"9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"

-	"F1C7A3",

-	"020000000000000000000000000000000000000000000000000000000000000000000"

-	"000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"

-	"7C1001", 4,

-	NULL, 0,

-	"NIST/SECG curve over a 571 bit binary field"

-	};

-static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = {

-	0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,

-	0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10};

-static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000000000000000000000000"

-	"000000000000000000000000000000000000000000000000000000000000000000000"

-	"00425",

-	"000000000000000000000000000000000000000000000000000000000000000000000"

-	"000000000000000000000000000000000000000000000000000000000000000000000"

-	"000001",

-	"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"

-	"BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"

-	"55727A",

-	"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"

-	"950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"

-	"EC2D19",

-	"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"

-	"E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"

-	"8AC15B",

-	"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-	"FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"

-	"E84E47", 2,

-	_EC_NIST_CHAR2_571B_SEED, 20,

-	"NIST/SECG curve over a 571 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {

-	0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,

-	0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {

-	NID_X9_62_characteristic_two_field,

-	"080000000000000000000000000000000000000107",

-	"072546B5435234A422E0789675F432C89435DE5242",

-	"00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",

-	"07AF69989546103D79329FCC3D74880F33BBE803CB",

-	"01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",

-	"0400000000000000000001E60FC8821CC74DAEAFC1", 2,

-	_EC_X9_62_CHAR2_163V1_SEED, 20,

-	"X9.62 curve over a 163 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {

-	0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {

-	NID_X9_62_characteristic_two_field,

- 	"080000000000000000000000000000000000000107",

-	"0108B39E77C4B108BED981ED0E890E117C511CF072",

-	"0667ACEB38AF4E488C407433FFAE4F1C811638DF20",

-	"0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",

-	"079F684DDF6684C5CD258B3890021B2386DFD19FC5",

-	"03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,

-	_EC_X9_62_CHAR2_163V2_SEED, 20,

-	"X9.62 curve over a 163 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {

-	0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,

-	0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {

-	NID_X9_62_characteristic_two_field,

-	"080000000000000000000000000000000000000107",

-	"07A526C63D3E25A256A007699F5447E32AE456B50E",

-	"03F7061798EB99E238FD6F1BF95B48FEEB4854252B",

-	"02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",

-	"05B935590C155E17EA48EB3FF3718B893DF59A05D0",

-	"03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,

-	_EC_X9_62_CHAR2_163V3_SEED, 20,

-	"X9.62 curve over a 163 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {

-	NID_X9_62_characteristic_two_field,

-	"0100000000000000000000000000000000080000000007",

-	"E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",

-	"5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",

-	"8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",

-	"6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",

-	"00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,

-	NULL, 0,

-	"X9.62 curve over a 176 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {

-	0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000201",

-	"2866537B676752636A68F56554E12640276B649EF7526267",

-	"2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",

-	"36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",

-	"765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",

-	"40000000000000000000000004A20E90C39067C893BBB9A5", 2,

-	_EC_X9_62_CHAR2_191V1_SEED, 20,

-	"X9.62 curve over a 191 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {

-	0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000201",

-	"401028774D7777C7B7666D1366EA432071274F89FF01E718",

-	"0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",

-	"3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",

-	"17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",

-	"20000000000000000000000050508CB89F652824E06B8173", 4,

-	_EC_X9_62_CHAR2_191V2_SEED, 20,

-	"X9.62 curve over a 191 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {

-	0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000201",

-	"6C01074756099122221056911C77D77E77A777E7E7E77FCB",

-	"71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",

-	"375D4CE24FDE434489DE8746E71786015009E66E38A926DD",

-	"545A39176196575D985999366E6AD34CE0A77CD7127B06BE",

-	"155555555555555555555555610C0B196812BFB6288A3EA3", 6,

-	_EC_X9_62_CHAR2_191V3_SEED, 20,

-	"X9.62 curve over a 191 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {

-	NID_X9_62_characteristic_two_field,

-	"010000000000000000000000000000000800000000000000000007",

-	"0000000000000000000000000000000000000000000000000000",

-	"C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",

-	"89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",

-	"0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",

-	"000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,

-	NULL, 0,

-	"X9.62 curve over a 208 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {

-	0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,

-	0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000001000000001",

-	"32010857077C5431123A46B808906756F543423E8D27877578125778AC76",

-	"790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",

-	"57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",

-	"61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",

-	"2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,

-	_EC_X9_62_CHAR2_239V1_SEED, 20,

-	"X9.62 curve over a 239 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {

-	0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000001000000001",

-	"4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",

-	"5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",

-	"28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",

-	"5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",

-	"1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,

-	_EC_X9_62_CHAR2_239V2_SEED, 20,

-	"X9.62 curve over a 239 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {

-	0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,

-	0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000001000000001",

-	"01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",

-	"6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",

-	"70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",

-	"2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",

-	"0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,

-	_EC_X9_62_CHAR2_239V3_SEED, 20,

-	"X9.62 curve over a 239 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {

-	NID_X9_62_characteristic_two_field,

-	"010000000000000000000000000000000000000000000000000000010000000000000"

-	"B",

-	"91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",

-	"7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",

-	"6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",

-	"10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",

-	"000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",

-	0xFF06,

-	NULL, 0,

-	"X9.62 curve over a 272 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {

-	NID_X9_62_characteristic_two_field,

-	"010000000000000000000000000000000000000000000000000000000000000000000"

-	"000000807",

-	"FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"

-	"6C8E681",

-	"BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"

-	"27340BE",

-	"197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"

-	"40A2614",

-	"E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"

-	"B92C03B",

-	"000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"

-	"443051D", 0xFE2E,

-	NULL, 0,

-	"X9.62 curve over a 304 bit binary field"

-	};

-static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {

-	0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,

-	0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000000000000000000000000"

-	"000100000000000000001",

-	"5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"

-	"656FB549016A96656A557",

-	"2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"

-	"7742B6329E70680231988",

-	"3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"

-	"8E8E707C07A2239B1B097",

-	"53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"

-	"4AE2DE211305A407104BD",

-	"01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"

-	"64FE7719E74F490758D3B", 0x4C,

-	_EC_X9_62_CHAR2_359V1_SEED, 20,

-	"X9.62 curve over a 359 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {

-	NID_X9_62_characteristic_two_field,

-	"010000000000000000000000000000000000000000000000000000000000000000000"

-	"0002000000000000000000007",

-	"E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"

-	"F0AB7519CCD2A1A906AE30D",

-	"FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"

-	"D84D164F444F8F74786046A",

-	"1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"

-	"9E927BE216F02E1FB136A5F",

-	"7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"

-	"ADAA81E2A0750B80FDA2310",

-	"00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"

-	"9AE40A6F131E9CFCE5BD967", 0xFF70,

-	NULL, 0,

-	"X9.62 curve over a 368 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {

-	NID_X9_62_characteristic_two_field,

-	"800000000000000000000000000000000000000000000000000000000000000000000"

-	"000000001000000000000000000000000000001",

-	"1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"

-	"B9906D0957F6C6FEACD615468DF104DE296CD8F",

-	"10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"

-	"26D4E50A8DD731B107A9962381FB5D807BF2618",

-	"120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"

-	"1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",

-	"20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"

-	"ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",

-	"0340340340340340340340340340340340340340340340340340340323C313FAB5058"

-	"9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,

-	NULL, 0,

-	"X9.62 curve over a 431 bit binary field"

-	};

-static const EC_CURVE_DATA _EC_WTLS_1 = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000201",

-	"1",

-	"1",

-	"01667979A40BA497E5D5C270780617",

-	"00F44B4AF1ECC2630E08785CEBCC15",

-	"00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,

-	NULL, 0,

-	"WTLS curve over a 113 bit binary field"

-	};

-/* IPSec curves */

-/* NOTE: The of curves over a extension field of non prime degree

- * is not recommended (Weil-descent).

- * As the group order is not a prime this curve is not suitable

- * for ECDSA.

- */

-static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {

-	NID_X9_62_characteristic_two_field,

-	"0800000000000000000000004000000000000001",

-	"0",

-	"07338f",

-	"7b",

-	"1c8",

-	"2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3,

-	NULL, 0,

-	"\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"

-	"\tNot suitable for ECDSA.\n\tQuestionable extension field!"

-	};

-/* NOTE: The of curves over a extension field of non prime degree

- * is not recommended (Weil-descent).

- * As the group order is not a prime this curve is not suitable

- * for ECDSA.

- */

-static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {

-	NID_X9_62_characteristic_two_field,

-	"020000000000000000000000000000200000000000000001",

-	"0",

-	"1ee9",

-	"18",

-	"0d",

-	"FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2,

-	NULL, 0,

-	"\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"

-	"\tNot suitable for ECDSA.\n\tQuestionable extension field!"

-	};

-typedef struct _ec_list_element_st {

-	int	nid;

-	const EC_CURVE_DATA *data;

-	} ec_list_element;

-static const ec_list_element curve_list[] = {

-	/* prime field curves */

-	/* secg curves */

-	{ NID_secp112r1, &_EC_SECG_PRIME_112R1},

-	{ NID_secp112r2, &_EC_SECG_PRIME_112R2},

-	{ NID_secp128r1, &_EC_SECG_PRIME_128R1},

-	{ NID_secp128r2, &_EC_SECG_PRIME_128R2},

-	{ NID_secp160k1, &_EC_SECG_PRIME_160K1},

-	{ NID_secp160r1, &_EC_SECG_PRIME_160R1},

-	{ NID_secp160r2, &_EC_SECG_PRIME_160R2},

-	/* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */

-	{ NID_secp192k1, &_EC_SECG_PRIME_192K1},

-	{ NID_secp224k1, &_EC_SECG_PRIME_224K1},

-	{ NID_secp224r1, &_EC_NIST_PRIME_224},

-	{ NID_secp256k1, &_EC_SECG_PRIME_256K1},

-	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */

-	{ NID_secp384r1, &_EC_NIST_PRIME_384},

-	{ NID_secp521r1, &_EC_NIST_PRIME_521},

-	/* X9.62 curves */

-	{ NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},

-	{ NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},

-	{ NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},

-	{ NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},

-	{ NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},

-	{ NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},

-	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},

-	/* characteristic two field curves */

-	/* NIST/SECG curves */

-	{ NID_sect113r1, &_EC_SECG_CHAR2_113R1},

-	{ NID_sect113r2, &_EC_SECG_CHAR2_113R2},

-	{ NID_sect131r1, &_EC_SECG_CHAR2_131R1},

-	{ NID_sect131r2, &_EC_SECG_CHAR2_131R2},

-	{ NID_sect163k1, &_EC_NIST_CHAR2_163K },

-	{ NID_sect163r1, &_EC_SECG_CHAR2_163R1},

-	{ NID_sect163r2, &_EC_NIST_CHAR2_163B },

-	{ NID_sect193r1, &_EC_SECG_CHAR2_193R1},

-	{ NID_sect193r2, &_EC_SECG_CHAR2_193R2},

-	{ NID_sect233k1, &_EC_NIST_CHAR2_233K },

-	{ NID_sect233r1, &_EC_NIST_CHAR2_233B },

-	{ NID_sect239k1, &_EC_SECG_CHAR2_239K1},

-	{ NID_sect283k1, &_EC_NIST_CHAR2_283K },

-	{ NID_sect283r1, &_EC_NIST_CHAR2_283B },

-	{ NID_sect409k1, &_EC_NIST_CHAR2_409K },

-	{ NID_sect409r1, &_EC_NIST_CHAR2_409B },

-	{ NID_sect571k1, &_EC_NIST_CHAR2_571K },

-	{ NID_sect571r1, &_EC_NIST_CHAR2_571B },

-	/* X9.62 curves */

-	{ NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},

-	{ NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},

-	{ NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},

-	{ NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},

-	{ NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},

-	{ NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},

-	{ NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},

-	{ NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},

-	{ NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},

-	{ NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},

-	{ NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},

-	{ NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},

-	{ NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},

-	{ NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},

-	{ NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},

-	{ NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},

-	/* the WAP/WTLS curves

-	 * [unlike SECG, spec has its own OIDs for curves from X9.62] */

-	{ NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},

-	{ NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},

-	{ NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},

-	{ NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},

-	{ NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},

-	{ NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},

-	{ NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},

-	{ NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 },

-	{ NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},

-	{ NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},

-	{ NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},

-	/* IPSec curves */

-	{ NID_ipsec3, &_EC_IPSEC_155_ID3},

-	{ NID_ipsec4, &_EC_IPSEC_185_ID4},

-};

-static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);

-static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)

-	{

-	EC_GROUP *group=NULL;

-	EC_POINT *P=NULL;

-	BN_CTX	 *ctx=NULL;

-	BIGNUM 	 *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;

-	int	 ok=0;

-	if ((ctx = BN_CTX_new()) == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||

-		(b = BN_new()) == NULL || (x = BN_new()) == NULL ||

-		(y = BN_new()) == NULL || (order = BN_new()) == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)

-		|| !BN_hex2bn(&b, data->b))

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);

-		goto err;

-		}

-	if (data->field_type == NID_X9_62_prime_field)

-		{

-		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)

-			{

-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-		else

-		{ /* field_type == NID_X9_62_characteristic_two_field */

-		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)

-			{

-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	if ((P = EC_POINT_new(group)) == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);

-		goto err;

-		}

-	if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y))

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);

-		goto err;

-		}

-	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx))

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);

-		goto err;

-		}

-	if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor))

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);

-		goto err;

-		}

-	if (!EC_GROUP_set_generator(group, P, order, x))

-		{

-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);

-		goto err;

-		}

-	if (data->seed)

-		{

-		if (!EC_GROUP_set_seed(group, data->seed, data->seed_len))

-			{

-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	ok=1;

-err:

-	if (!ok)

-		{

-		EC_GROUP_free(group);

-		group = NULL;

-		}

-	if (P)

-		EC_POINT_free(P);

-	if (ctx)

-		BN_CTX_free(ctx);

-	if (p)

-		BN_free(p);

-	if (a)

-		BN_free(a);

-	if (b)

-		BN_free(b);

-	if (order)

-		BN_free(order);

-	if (x)

-		BN_free(x);

-	if (y)

-		BN_free(y);

-	return group;

-	}

-EC_GROUP *EC_GROUP_new_by_curve_name(int nid)

-	{

-	size_t i;

-	EC_GROUP *ret = NULL;

-	if (nid <= 0)

-		return NULL;

-	for (i=0; i<curve_list_length; i++)

-		if (curve_list[i].nid == nid)

-			{

-			ret = ec_group_new_from_data(curve_list[i].data);

-			break;

-			}

-	if (ret == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);

-		return NULL;

-		}

-	EC_GROUP_set_curve_name(ret, nid);

-	return ret;

-	}

-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)

-	{

-	size_t	i, min;

-	if (r == NULL || nitems == 0)

-		return curve_list_length;

-	min = nitems < curve_list_length ? nitems : curve_list_length;

-	for (i = 0; i < min; i++)

-		{

-		r[i].nid = curve_list[i].nid;

-		r[i].comment = curve_list[i].data->comment;

-		}

-	return curve_list_length;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_cvt.c

+++ /dev/null

@@ -1,144 +1,0 @@

-/* crypto/ec/ec_cvt.c */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#include <openssl/err.h>

-#include "ec_lcl.h"

-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	const EC_METHOD *meth;

-	EC_GROUP *ret;

-	meth = EC_GFp_nist_method();

-	ret = EC_GROUP_new(meth);

-	if (ret == NULL)

-		return NULL;

-	if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))

-		{

-		unsigned long err;

-		err = ERR_peek_last_error();

-		if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&

-			((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||

-			 (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))

-			{

-			/* real error */

-			EC_GROUP_clear_free(ret);

-			return NULL;

-			}

-		/* not an actual error, we just cannot use EC_GFp_nist_method */

-		ERR_clear_error();

-		EC_GROUP_clear_free(ret);

-		meth = EC_GFp_mont_method();

-		ret = EC_GROUP_new(meth);

-		if (ret == NULL)

-			return NULL;

-		if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))

-			{

-			EC_GROUP_clear_free(ret);

-			return NULL;

-			}

-		}

-	return ret;

-	}

-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	const EC_METHOD *meth;

-	EC_GROUP *ret;

-	meth = EC_GF2m_simple_method();

-	ret = EC_GROUP_new(meth);

-	if (ret == NULL)

-		return NULL;

-	if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx))

-		{

-		EC_GROUP_clear_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_err.c

+++ /dev/null

@@ -1,239 +1,0 @@

-/* crypto/ec/ec_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ec.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)

-static ERR_STRING_DATA EC_str_functs[]=

-	{

-{ERR_FUNC(EC_F_COMPUTE_WNAF),	"COMPUTE_WNAF"},

-{ERR_FUNC(EC_F_D2I_ECPARAMETERS),	"d2i_ECParameters"},

-{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),	"d2i_ECPKParameters"},

-{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY),	"d2i_ECPrivateKey"},

-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT),	"ECParameters_print"},

-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP),	"ECParameters_print_fp"},

-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT),	"ECPKParameters_print"},

-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP),	"ECPKParameters_print_fp"},

-{ERR_FUNC(EC_F_ECP_NIST_MOD_192),	"ECP_NIST_MOD_192"},

-{ERR_FUNC(EC_F_ECP_NIST_MOD_224),	"ECP_NIST_MOD_224"},

-{ERR_FUNC(EC_F_ECP_NIST_MOD_256),	"ECP_NIST_MOD_256"},

-{ERR_FUNC(EC_F_ECP_NIST_MOD_521),	"ECP_NIST_MOD_521"},

-{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE),	"EC_ASN1_GROUP2CURVE"},

-{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID),	"EC_ASN1_GROUP2FIELDID"},

-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS),	"EC_ASN1_GROUP2PARAMETERS"},

-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS),	"EC_ASN1_GROUP2PKPARAMETERS"},

-{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP),	"EC_ASN1_PARAMETERS2GROUP"},

-{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP),	"EC_ASN1_PKPARAMETERS2GROUP"},

-{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA),	"EC_EX_DATA_set_data"},

-{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),	"EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),	"ec_GF2m_simple_group_check_discriminant"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),	"ec_GF2m_simple_group_set_curve"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT),	"ec_GF2m_simple_oct2point"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT),	"ec_GF2m_simple_point2oct"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),	"ec_GF2m_simple_point_get_affine_coordinates"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),	"ec_GF2m_simple_point_set_affine_coordinates"},

-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),	"ec_GF2m_simple_set_compressed_coordinates"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE),	"ec_GFp_mont_field_decode"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE),	"ec_GFp_mont_field_encode"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL),	"ec_GFp_mont_field_mul"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),	"ec_GFp_mont_field_set_to_one"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR),	"ec_GFp_mont_field_sqr"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),	"ec_GFp_mont_group_set_curve"},

-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),	"EC_GFP_MONT_GROUP_SET_CURVE_GFP"},

-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL),	"ec_GFp_nist_field_mul"},

-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR),	"ec_GFp_nist_field_sqr"},

-{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),	"ec_GFp_nist_group_set_curve"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),	"ec_GFp_simple_group_check_discriminant"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),	"ec_GFp_simple_group_set_curve"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),	"EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),	"EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE),	"ec_GFp_simple_make_affine"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT),	"ec_GFp_simple_oct2point"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT),	"ec_GFp_simple_point2oct"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),	"ec_GFp_simple_points_make_affine"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),	"ec_GFp_simple_point_get_affine_coordinates"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),	"EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),	"ec_GFp_simple_point_set_affine_coordinates"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),	"EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),	"ec_GFp_simple_set_compressed_coordinates"},

-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),	"EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},

-{ERR_FUNC(EC_F_EC_GROUP_CHECK),	"EC_GROUP_check"},

-{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),	"EC_GROUP_check_discriminant"},

-{ERR_FUNC(EC_F_EC_GROUP_COPY),	"EC_GROUP_copy"},

-{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR),	"EC_GROUP_get0_generator"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR),	"EC_GROUP_get_cofactor"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M),	"EC_GROUP_get_curve_GF2m"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP),	"EC_GROUP_get_curve_GFp"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE),	"EC_GROUP_get_degree"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER),	"EC_GROUP_get_order"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),	"EC_GROUP_get_pentanomial_basis"},

-{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),	"EC_GROUP_get_trinomial_basis"},

-{ERR_FUNC(EC_F_EC_GROUP_NEW),	"EC_GROUP_new"},

-{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME),	"EC_GROUP_new_by_curve_name"},

-{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA),	"EC_GROUP_NEW_FROM_DATA"},

-{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT),	"EC_GROUP_precompute_mult"},

-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M),	"EC_GROUP_set_curve_GF2m"},

-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP),	"EC_GROUP_set_curve_GFp"},

-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),	"EC_GROUP_SET_EXTRA_DATA"},

-{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR),	"EC_GROUP_set_generator"},

-{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY),	"EC_KEY_check_key"},

-{ERR_FUNC(EC_F_EC_KEY_COPY),	"EC_KEY_copy"},

-{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY),	"EC_KEY_generate_key"},

-{ERR_FUNC(EC_F_EC_KEY_NEW),	"EC_KEY_new"},

-{ERR_FUNC(EC_F_EC_KEY_PRINT),	"EC_KEY_print"},

-{ERR_FUNC(EC_F_EC_KEY_PRINT_FP),	"EC_KEY_print_fp"},

-{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),	"EC_POINTs_make_affine"},

-{ERR_FUNC(EC_F_EC_POINTS_MUL),	"EC_POINTs_mul"},

-{ERR_FUNC(EC_F_EC_POINT_ADD),	"EC_POINT_add"},

-{ERR_FUNC(EC_F_EC_POINT_CMP),	"EC_POINT_cmp"},

-{ERR_FUNC(EC_F_EC_POINT_COPY),	"EC_POINT_copy"},

-{ERR_FUNC(EC_F_EC_POINT_DBL),	"EC_POINT_dbl"},

-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),	"EC_POINT_get_affine_coordinates_GF2m"},

-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),	"EC_POINT_get_affine_coordinates_GFp"},

-{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),	"EC_POINT_get_Jprojective_coordinates_GFp"},

-{ERR_FUNC(EC_F_EC_POINT_INVERT),	"EC_POINT_invert"},

-{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY),	"EC_POINT_is_at_infinity"},

-{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE),	"EC_POINT_is_on_curve"},

-{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE),	"EC_POINT_make_affine"},

-{ERR_FUNC(EC_F_EC_POINT_MUL),	"EC_POINT_mul"},

-{ERR_FUNC(EC_F_EC_POINT_NEW),	"EC_POINT_new"},

-{ERR_FUNC(EC_F_EC_POINT_OCT2POINT),	"EC_POINT_oct2point"},

-{ERR_FUNC(EC_F_EC_POINT_POINT2OCT),	"EC_POINT_point2oct"},

-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),	"EC_POINT_set_affine_coordinates_GF2m"},

-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),	"EC_POINT_set_affine_coordinates_GFp"},

-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),	"EC_POINT_set_compressed_coordinates_GF2m"},

-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),	"EC_POINT_set_compressed_coordinates_GFp"},

-{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),	"EC_POINT_set_Jprojective_coordinates_GFp"},

-{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY),	"EC_POINT_set_to_infinity"},

-{ERR_FUNC(EC_F_EC_PRE_COMP_DUP),	"EC_PRE_COMP_DUP"},

-{ERR_FUNC(EC_F_EC_PRE_COMP_NEW),	"EC_PRE_COMP_NEW"},

-{ERR_FUNC(EC_F_EC_WNAF_MUL),	"ec_wNAF_mul"},

-{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT),	"ec_wNAF_precompute_mult"},

-{ERR_FUNC(EC_F_I2D_ECPARAMETERS),	"i2d_ECParameters"},

-{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS),	"i2d_ECPKParameters"},

-{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),	"i2d_ECPrivateKey"},

-{ERR_FUNC(EC_F_I2O_ECPUBLICKEY),	"i2o_ECPublicKey"},

-{ERR_FUNC(EC_F_O2I_ECPUBLICKEY),	"o2i_ECPublicKey"},

-{0,NULL}

-	};

-static ERR_STRING_DATA EC_str_reasons[]=

-	{

-{ERR_REASON(EC_R_ASN1_ERROR)             ,"asn1 error"},

-{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},

-{ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},

-{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},

-{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},

-{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},

-{ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},

-{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},

-{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},

-{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},

-{ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},

-{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},

-{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},

-{ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},

-{ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},

-{ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},

-{ERR_REASON(EC_R_INVALID_GROUP_ORDER)    ,"invalid group order"},

-{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},

-{ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},

-{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},

-{ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},

-{ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},

-{ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},

-{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"},

-{ERR_REASON(EC_R_NOT_IMPLEMENTED)        ,"not implemented"},

-{ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},

-{ERR_REASON(EC_R_NO_FIELD_MOD)           ,"no field mod"},

-{ERR_REASON(EC_R_PASSED_NULL_PARAMETER)  ,"passed null parameter"},

-{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},

-{ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},

-{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE)  ,"point is not on curve"},

-{ERR_REASON(EC_R_SLOT_FULL)              ,"slot full"},

-{ERR_REASON(EC_R_UNDEFINED_GENERATOR)    ,"undefined generator"},

-{ERR_REASON(EC_R_UNDEFINED_ORDER)        ,"undefined order"},

-{ERR_REASON(EC_R_UNKNOWN_GROUP)          ,"unknown group"},

-{ERR_REASON(EC_R_UNKNOWN_ORDER)          ,"unknown order"},

-{ERR_REASON(EC_R_UNSUPPORTED_FIELD)      ,"unsupported field"},

-{ERR_REASON(EC_R_WRONG_ORDER)            ,"wrong order"},

-{0,NULL}

-	};

-#endif

-void ERR_load_EC_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(EC_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,EC_str_functs);

-		ERR_load_strings(0,EC_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_key.c

+++ /dev/null

@@ -1,465 +1,0 @@

-/* crypto/ec/ec_key.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Portions originally developed by SUN MICROSYSTEMS, INC., and

- * contributed to the OpenSSL project.

- */

-#include <string.h>

-#include "ec_lcl.h"

-#include <openssl/err.h>

-#include <string.h>

-EC_KEY *EC_KEY_new(void)

-	{

-	EC_KEY *ret;

-	ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));

-	if (ret == NULL)

-		{

-		ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->version = 1;

-	ret->group   = NULL;

-	ret->pub_key = NULL;

-	ret->priv_key= NULL;

-	ret->enc_flag= 0;

-	ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;

-	ret->references= 1;

-	ret->method_data = NULL;

-	return(ret);

-	}

-EC_KEY *EC_KEY_new_by_curve_name(int nid)

-	{

-	EC_KEY *ret = EC_KEY_new();

-	if (ret == NULL)

-		return NULL;

-	ret->group = EC_GROUP_new_by_curve_name(nid);

-	if (ret->group == NULL)

-		{

-		EC_KEY_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void EC_KEY_free(EC_KEY *r)

-	{

-	int i;

-	if (r == NULL) return;

-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC);

-#ifdef REF_PRINT

-	REF_PRINT("EC_KEY",r);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"EC_KEY_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if (r->group    != NULL)

-		EC_GROUP_free(r->group);

-	if (r->pub_key  != NULL)

-		EC_POINT_free(r->pub_key);

-	if (r->priv_key != NULL)

-		BN_clear_free(r->priv_key);

-	EC_EX_DATA_free_all_data(&r->method_data);

-	OPENSSL_cleanse((void *)r, sizeof(EC_KEY));

-	OPENSSL_free(r);

-	}

-EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)

-	{

-	EC_EXTRA_DATA *d;

-	if (dest == NULL || src == NULL)

-		{

-		ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	/* copy the parameters */

-	if (src->group)

-		{

-		const EC_METHOD *meth = EC_GROUP_method_of(src->group);

-		/* clear the old group */

-		if (dest->group)

-			EC_GROUP_free(dest->group);

-		dest->group = EC_GROUP_new(meth);

-		if (dest->group == NULL)

-			return NULL;

-		if (!EC_GROUP_copy(dest->group, src->group))

-			return NULL;

-		}

-	/*  copy the public key */

-	if (src->pub_key && src->group)

-		{

-		if (dest->pub_key)

-			EC_POINT_free(dest->pub_key);

-		dest->pub_key = EC_POINT_new(src->group);

-		if (dest->pub_key == NULL)

-			return NULL;

-		if (!EC_POINT_copy(dest->pub_key, src->pub_key))

-			return NULL;

-		}

-	/* copy the private key */

-	if (src->priv_key)

-		{

-		if (dest->priv_key == NULL)

-			{

-			dest->priv_key = BN_new();

-			if (dest->priv_key == NULL)

-				return NULL;

-			}

-		if (!BN_copy(dest->priv_key, src->priv_key))

-			return NULL;

-		}

-	/* copy method/extra data */

-	EC_EX_DATA_free_all_data(&dest->method_data);

-	for (d = src->method_data; d != NULL; d = d->next)

-		{

-		void *t = d->dup_func(d->data);

-		if (t == NULL)

-			return 0;

-		if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))

-			return 0;

-		}

-	/* copy the rest */

-	dest->enc_flag  = src->enc_flag;

-	dest->conv_form = src->conv_form;

-	dest->version   = src->version;

-	return dest;

-	}

-EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)

-	{

-	EC_KEY *ret = EC_KEY_new();

-	if (ret == NULL)

-		return NULL;

-	if (EC_KEY_copy(ret, ec_key) == NULL)

-		{

-		EC_KEY_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-int EC_KEY_up_ref(EC_KEY *r)

-	{

-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);

-#ifdef REF_PRINT

-	REF_PRINT("EC_KEY",r);

-#endif

-#ifdef REF_CHECK

-	if (i < 2)

-		{

-		fprintf(stderr, "EC_KEY_up, bad reference count\n");

-		abort();

-		}

-#endif

-	return ((i > 1) ? 1 : 0);

-	}

-int EC_KEY_generate_key(EC_KEY *eckey)

-	{

-	int	ok = 0;

-	BN_CTX	*ctx = NULL;

-	BIGNUM	*priv_key = NULL, *order = NULL;

-	EC_POINT *pub_key = NULL;

-	if (!eckey || !eckey->group)

-		{

-		ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if ((order = BN_new()) == NULL) goto err;

-	if ((ctx = BN_CTX_new()) == NULL) goto err;

-	if (eckey->priv_key == NULL)

-		{

-		priv_key = BN_new();

-		if (priv_key == NULL)

-			goto err;

-		}

-	else

-		priv_key = eckey->priv_key;

-	if (!EC_GROUP_get_order(eckey->group, order, ctx))

-		goto err;

-	do

-		if (!BN_rand_range(priv_key, order))

-			goto err;

-	while (BN_is_zero(priv_key));

-	if (eckey->pub_key == NULL)

-		{

-		pub_key = EC_POINT_new(eckey->group);

-		if (pub_key == NULL)

-			goto err;

-		}

-	else

-		pub_key = eckey->pub_key;

-	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))

-		goto err;

-	eckey->priv_key = priv_key;

-	eckey->pub_key  = pub_key;

-	ok=1;

-err:

-	if (order)

-		BN_free(order);

-	if (pub_key  != NULL && eckey->pub_key  == NULL)

-		EC_POINT_free(pub_key);

-	if (priv_key != NULL && eckey->priv_key == NULL)

-		BN_free(priv_key);

-	if (ctx != NULL)

-		BN_CTX_free(ctx);

-	return(ok);

-	}

-int EC_KEY_check_key(const EC_KEY *eckey)

-	{

-	int	ok   = 0;

-	BN_CTX	*ctx = NULL;

-	BIGNUM	*order  = NULL;

-	EC_POINT *point = NULL;

-	if (!eckey || !eckey->group || !eckey->pub_key)

-		{

-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if ((ctx = BN_CTX_new()) == NULL)

-		goto err;

-	if ((order = BN_new()) == NULL)

-		goto err;

-	if ((point = EC_POINT_new(eckey->group)) == NULL)

-		goto err;

-	/* testing whether the pub_key is on the elliptic curve */

-	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))

-		{

-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);

-		goto err;

-		}

-	/* testing whether pub_key * order is the point at infinity */

-	if (!EC_GROUP_get_order(eckey->group, order, ctx))

-		{

-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);

-		goto err;

-		}

-	if (!EC_POINT_copy(point, eckey->pub_key))

-		{

-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);

-		goto err;

-		}

-	if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx))

-		{

-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);

-		goto err;

-		}

-	if (!EC_POINT_is_at_infinity(eckey->group, point))

-		{

-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);

-		goto err;

-		}

-	/* in case the priv_key is present :

-	 * check if generator * priv_key == pub_key

-	 */

-	if (eckey->priv_key)

-		{

-		if (BN_cmp(eckey->priv_key, order) >= 0)

-			{

-			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);

-			goto err;

-			}

-		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,

-			NULL, NULL, ctx))

-			{

-			ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);

-			goto err;

-			}

-		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,

-			ctx) != 0)

-			{

-			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);

-			goto err;

-			}

-		}

-	ok = 1;

-err:

-	if (ctx   != NULL)

-		BN_CTX_free(ctx);

-	if (order != NULL)

-		BN_free(order);

-	if (point != NULL)

-		EC_POINT_free(point);

-	return(ok);

-	}

-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)

-	{

-	return key->group;

-	}

-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)

-	{

-	if (key->group != NULL)

-		EC_GROUP_free(key->group);

-	key->group = EC_GROUP_dup(group);

-	return (key->group == NULL) ? 0 : 1;

-	}

-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)

-	{

-	return key->priv_key;

-	}

-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)

-	{

-	if (key->priv_key)

-		BN_clear_free(key->priv_key);

-	key->priv_key = BN_dup(priv_key);

-	return (key->priv_key == NULL) ? 0 : 1;

-	}

-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)

-	{

-	return key->pub_key;

-	}

-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)

-	{

-	if (key->pub_key != NULL)

-		EC_POINT_free(key->pub_key);

-	key->pub_key = EC_POINT_dup(pub_key, key->group);

-	return (key->pub_key == NULL) ? 0 : 1;

-	}

-unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)

-	{

-	return key->enc_flag;

-	}

-void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)

-	{

-	key->enc_flag = flags;

-	}

-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)

-	{

-	return key->conv_form;

-	}

-void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)

-	{

-	key->conv_form = cform;

-	if (key->group != NULL)

-		EC_GROUP_set_point_conversion_form(key->group, cform);

-	}

-void *EC_KEY_get_key_method_data(EC_KEY *key,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))

-	{

-	return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);

-	}

-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))

-	{

-	EC_EXTRA_DATA *ex_data;

-	CRYPTO_w_lock(CRYPTO_LOCK_EC);

-	ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);

-	if (ex_data == NULL)

-		EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);

-	CRYPTO_w_unlock(CRYPTO_LOCK_EC);

-	}

-void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)

-	{

-	if (key->group != NULL)

-		EC_GROUP_set_asn1_flag(key->group, flag);

-	}

-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)

-	{

-	if (key->group == NULL)

-		return 0;

-	return EC_GROUP_precompute_mult(key->group, ctx);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_lcl.h

+++ /dev/null

@@ -1,390 +1,0 @@

-/* crypto/ec/ec_lcl.h */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#include <stdlib.h>

-#include <openssl/obj_mac.h>

-#include <openssl/ec.h>

-#include <openssl/bn.h>

-#if defined(__SUNPRO_C)

-# if __SUNPRO_C >= 0x520

-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)

-# endif

-#endif

-/* Structure details are not part of the exported interface,

- * so all this may change in future versions. */

-struct ec_method_st {

-	/* used by EC_METHOD_get_field_type: */

-	int field_type; /* a NID */

-	/* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */

-	int (*group_init)(EC_GROUP *);

-	void (*group_finish)(EC_GROUP *);

-	void (*group_clear_finish)(EC_GROUP *);

-	int (*group_copy)(EC_GROUP *, const EC_GROUP *);

-	/* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */

-	/* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */

-	int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-	int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-	/* used by EC_GROUP_get_degree: */

-	int (*group_get_degree)(const EC_GROUP *);

-	/* used by EC_GROUP_check: */

-	int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);

-	/* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */

-	int (*point_init)(EC_POINT *);

-	void (*point_finish)(EC_POINT *);

-	void (*point_clear_finish)(EC_POINT *);

-	int (*point_copy)(EC_POINT *, const EC_POINT *);

-	/* used by EC_POINT_set_to_infinity,

-	 * EC_POINT_set_Jprojective_coordinates_GFp,

-	 * EC_POINT_get_Jprojective_coordinates_GFp,

-	 * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,

-	 * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,

-	 * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:

-	 */

-	int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);

-	int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,

-		const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);

-	int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,

-		BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);

-	int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,

-		const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-	int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,

-		BIGNUM *x, BIGNUM *y, BN_CTX *);

-	int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,

-		const BIGNUM *x, int y_bit, BN_CTX *);

-	/* used by EC_POINT_point2oct, EC_POINT_oct2point: */

-	size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,

-	        unsigned char *buf, size_t len, BN_CTX *);

-	int (*oct2point)(const EC_GROUP *, EC_POINT *,

-	        const unsigned char *buf, size_t len, BN_CTX *);

-	/* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */

-	int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-	int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);

-	int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);

-	/* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */

-	int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);

-	int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);

-	int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-	/* used by EC_POINT_make_affine, EC_POINTs_make_affine: */

-	int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);

-	int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);

-	/* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult

-	 * (default implementations are used if the 'mul' pointer is 0): */

-	int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-		size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);

-	int (*precompute_mult)(EC_GROUP *group, BN_CTX *);

-	int (*have_precompute_mult)(const EC_GROUP *group);

-	/* internal functions */

-	/* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that

-	 * the same implementations of point operations can be used with different

-	 * optimized implementations of expensive field operations: */

-	int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-	int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-	int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-	int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */

-	int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */

-	int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);

-} /* EC_METHOD */;

-typedef struct ec_extra_data_st {

-	struct ec_extra_data_st *next;

-	void *data;

-	void *(*dup_func)(void *);

-	void (*free_func)(void *);

-	void (*clear_free_func)(void *);

-} EC_EXTRA_DATA; /* used in EC_GROUP */

-struct ec_group_st {

-	const EC_METHOD *meth;

-	EC_POINT *generator; /* optional */

-	BIGNUM order, cofactor;

-	int curve_name;/* optional NID for named curve */

-	int asn1_flag; /* flag to control the asn1 encoding */

-	point_conversion_form_t asn1_form;

-	unsigned char *seed; /* optional seed for parameters (appears in ASN1) */

-	size_t seed_len;

-	EC_EXTRA_DATA *extra_data; /* linked list */

-	/* The following members are handled by the method functions,

-	 * even if they appear generic */

-	BIGNUM field; /* Field specification.

-	               * For curves over GF(p), this is the modulus;

-	               * for curves over GF(2^m), this is the

-	               * irreducible polynomial defining the field.

-	               */

-	unsigned int poly[5]; /* Field specification for curves over GF(2^m).

-	                       * The irreducible f(t) is then of the form:

-	                       *     t^poly[0] + t^poly[1] + ... + t^poly[k]

-	                       * where m = poly[0] > poly[1] > ... > poly[k] = 0.

-	                       */

-	BIGNUM a, b; /* Curve coefficients.

-	              * (Here the assumption is that BIGNUMs can be used

-	              * or abused for all kinds of fields, not just GF(p).)

-	              * For characteristic  > 3,  the curve is defined

-	              * by a Weierstrass equation of the form

-	              *     y^2 = x^3 + a*x + b.

-	              * For characteristic  2,  the curve is defined by

-	              * an equation of the form

-	              *     y^2 + x*y = x^3 + a*x^2 + b.

-	              */

-	int a_is_minus3; /* enable optimized point arithmetics for special case */

-	void *field_data1; /* method-specific (e.g., Montgomery structure) */

-	void *field_data2; /* method-specific */

-	int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *,	BN_CTX *); /* method-specific */

-} /* EC_GROUP */;

-struct ec_key_st {

-	int version;

-	EC_GROUP *group;

-	EC_POINT *pub_key;

-	BIGNUM	 *priv_key;

-	unsigned int enc_flag;

-	point_conversion_form_t conv_form;

-	int 	references;

-	EC_EXTRA_DATA *method_data;

-} /* EC_KEY */;

-/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only

- * (with visibility limited to 'package' level for now).

- * We use the function pointers as index for retrieval; this obviates

- * global ex_data-style index tables.

- */

-int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void EC_EX_DATA_free_data(EC_EXTRA_DATA **,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));

-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);

-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);

-struct ec_point_st {

-	const EC_METHOD *meth;

-	/* All members except 'meth' are handled by the method functions,

-	 * even if they appear generic */

-	BIGNUM X;

-	BIGNUM Y;

-	BIGNUM Z; /* Jacobian projective coordinates:

-	           * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */

-	int Z_is_one; /* enable optimized point arithmetics for special case */

-} /* EC_POINT */;

-/* method functions in ec_mult.c

- * (ec_lib.c uses these as defaults if group->method->mul is 0) */

-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);

-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);

-int ec_wNAF_have_precompute_mult(const EC_GROUP *group);

-/* method functions in ecp_smpl.c */

-int ec_GFp_simple_group_init(EC_GROUP *);

-void ec_GFp_simple_group_finish(EC_GROUP *);

-void ec_GFp_simple_group_clear_finish(EC_GROUP *);

-int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);

-int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-int ec_GFp_simple_group_get_degree(const EC_GROUP *);

-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);

-int ec_GFp_simple_point_init(EC_POINT *);

-void ec_GFp_simple_point_finish(EC_POINT *);

-void ec_GFp_simple_point_clear_finish(EC_POINT *);

-int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);

-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);

-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);

-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);

-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BN_CTX *);

-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, int y_bit, BN_CTX *);

-size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,

-	unsigned char *buf, size_t len, BN_CTX *);

-int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,

-	const unsigned char *buf, size_t len, BN_CTX *);

-int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);

-int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);

-int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);

-int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);

-int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-/* method functions in ecp_mont.c */

-int ec_GFp_mont_group_init(EC_GROUP *);

-int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-void ec_GFp_mont_group_finish(EC_GROUP *);

-void ec_GFp_mont_group_clear_finish(EC_GROUP *);

-int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);

-int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);

-/* method functions in ecp_nist.c */

-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);

-int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-/* method functions in ec2_smpl.c */

-int ec_GF2m_simple_group_init(EC_GROUP *);

-void ec_GF2m_simple_group_finish(EC_GROUP *);

-void ec_GF2m_simple_group_clear_finish(EC_GROUP *);

-int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);

-int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);

-int ec_GF2m_simple_group_get_degree(const EC_GROUP *);

-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);

-int ec_GF2m_simple_point_init(EC_POINT *);

-void ec_GF2m_simple_point_finish(EC_POINT *);

-void ec_GF2m_simple_point_clear_finish(EC_POINT *);

-int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);

-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);

-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);

-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,

-	BIGNUM *x, BIGNUM *y, BN_CTX *);

-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,

-	const BIGNUM *x, int y_bit, BN_CTX *);

-size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,

-	unsigned char *buf, size_t len, BN_CTX *);

-int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,

-	const unsigned char *buf, size_t len, BN_CTX *);

-int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);

-int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);

-int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);

-int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);

-int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);

-int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);

-int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);

-int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

-/* method functions in ec2_mult.c */

-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);

-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);

-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_lib.c

+++ /dev/null

@@ -1,1164 +1,0 @@

-/* crypto/ec/ec_lib.c */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Binary polynomial ECC support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include <string.h>

-#include <openssl/err.h>

-#include <openssl/opensslv.h>

-#include "ec_lcl.h"

-static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;

-/* functions for EC_GROUP objects */

-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)

-	{

-	EC_GROUP *ret;

-	if (meth == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (meth->group_init == 0)

-		{

-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return NULL;

-		}

-	ret = OPENSSL_malloc(sizeof *ret);

-	if (ret == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	ret->meth = meth;

-	ret->extra_data = NULL;

-	ret->generator = NULL;

-	BN_init(&ret->order);

-	BN_init(&ret->cofactor);

-	ret->curve_name = 0;

-	ret->asn1_flag  = 0;

-	ret->asn1_form  = POINT_CONVERSION_UNCOMPRESSED;

-	ret->seed = NULL;

-	ret->seed_len = 0;

-	if (!meth->group_init(ret))

-		{

-		OPENSSL_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void EC_GROUP_free(EC_GROUP *group)

-	{

-	if (!group) return;

-	if (group->meth->group_finish != 0)

-		group->meth->group_finish(group);

-	EC_EX_DATA_free_all_data(&group->extra_data);

-	if (group->generator != NULL)

-		EC_POINT_free(group->generator);

-	BN_free(&group->order);

-	BN_free(&group->cofactor);

-	if (group->seed)

-		OPENSSL_free(group->seed);

-	OPENSSL_free(group);

-	}

-void EC_GROUP_clear_free(EC_GROUP *group)

-	{

-	if (!group) return;

-	if (group->meth->group_clear_finish != 0)

-		group->meth->group_clear_finish(group);

-	else if (group->meth->group_finish != 0)

-		group->meth->group_finish(group);

-	EC_EX_DATA_clear_free_all_data(&group->extra_data);

-	if (group->generator != NULL)

-		EC_POINT_clear_free(group->generator);

-	BN_clear_free(&group->order);

-	BN_clear_free(&group->cofactor);

-	if (group->seed)

-		{

-		OPENSSL_cleanse(group->seed, group->seed_len);

-		OPENSSL_free(group->seed);

-		}

-	OPENSSL_cleanse(group, sizeof *group);

-	OPENSSL_free(group);

-	}

-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)

-	{

-	EC_EXTRA_DATA *d;

-	if (dest->meth->group_copy == 0)

-		{

-		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (dest->meth != src->meth)

-		{

-		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	if (dest == src)

-		return 1;

-	EC_EX_DATA_free_all_data(&dest->extra_data);

-	for (d = src->extra_data; d != NULL; d = d->next)

-		{

-		void *t = d->dup_func(d->data);

-		if (t == NULL)

-			return 0;

-		if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))

-			return 0;

-		}

-	if (src->generator != NULL)

-		{

-		if (dest->generator == NULL)

-			{

-			dest->generator = EC_POINT_new(dest);

-			if (dest->generator == NULL) return 0;

-			}

-		if (!EC_POINT_copy(dest->generator, src->generator)) return 0;

-		}

-	else

-		{

-		/* src->generator == NULL */

-		if (dest->generator != NULL)

-			{

-			EC_POINT_clear_free(dest->generator);

-			dest->generator = NULL;

-			}

-		}

-	if (!BN_copy(&dest->order, &src->order)) return 0;

-	if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;

-	dest->curve_name = src->curve_name;

-	dest->asn1_flag  = src->asn1_flag;

-	dest->asn1_form  = src->asn1_form;

-	if (src->seed)

-		{

-		if (dest->seed)

-			OPENSSL_free(dest->seed);

-		dest->seed = OPENSSL_malloc(src->seed_len);

-		if (dest->seed == NULL)

-			return 0;

-		if (!memcpy(dest->seed, src->seed, src->seed_len))

-			return 0;

-		dest->seed_len = src->seed_len;

-		}

-	else

-		{

-		if (dest->seed)

-			OPENSSL_free(dest->seed);

-		dest->seed = NULL;

-		dest->seed_len = 0;

-		}

-	return dest->meth->group_copy(dest, src);

-	}

-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)

-	{

-	EC_GROUP *t = NULL;

-	int ok = 0;

-	if (a == NULL) return NULL;

-	if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL);

-	if (!EC_GROUP_copy(t, a)) goto err;

-	ok = 1;

-  err:

-	if (!ok)

-		{

-		if (t) EC_GROUP_free(t);

-		return NULL;

-		}

-	else return t;

-	}

-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)

-	{

-	return group->meth;

-	}

-int EC_METHOD_get_field_type(const EC_METHOD *meth)

-        {

-        return meth->field_type;

-        }

-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)

-	{

-	if (generator == NULL)

-		{

-		ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);

-		return 0   ;

-		}

-	if (group->generator == NULL)

-		{

-		group->generator = EC_POINT_new(group);

-		if (group->generator == NULL) return 0;

-		}

-	if (!EC_POINT_copy(group->generator, generator)) return 0;

-	if (order != NULL)

-		{ if (!BN_copy(&group->order, order)) return 0; }

-	else

-		BN_zero(&group->order);

-	if (cofactor != NULL)

-		{ if (!BN_copy(&group->cofactor, cofactor)) return 0; }

-	else

-		BN_zero(&group->cofactor);

-	return 1;

-	}

-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)

-	{

-	return group->generator;

-	}

-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)

-	{

-	if (!BN_copy(order, &group->order))

-		return 0;

-	return !BN_is_zero(order);

-	}

-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)

-	{

-	if (!BN_copy(cofactor, &group->cofactor))

-		return 0;

-	return !BN_is_zero(&group->cofactor);

-	}

-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)

-	{

-	group->curve_name = nid;

-	}

-int EC_GROUP_get_curve_name(const EC_GROUP *group)

-	{

-	return group->curve_name;

-	}

-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)

-	{

-	group->asn1_flag = flag;

-	}

-int EC_GROUP_get_asn1_flag(const EC_GROUP *group)

-	{

-	return group->asn1_flag;

-	}

-void EC_GROUP_set_point_conversion_form(EC_GROUP *group,

-                                        point_conversion_form_t form)

-	{

-	group->asn1_form = form;

-	}

-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group)

-	{

-	return group->asn1_form;

-	}

-size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)

-	{

-	if (group->seed)

-		{

-		OPENSSL_free(group->seed);

-		group->seed = NULL;

-		group->seed_len = 0;

-		}

-	if (!len || !p)

-		return 1;

-	if ((group->seed = OPENSSL_malloc(len)) == NULL)

-		return 0;

-	memcpy(group->seed, p, len);

-	group->seed_len = len;

-	return len;

-	}

-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)

-	{

-	return group->seed;

-	}

-size_t EC_GROUP_get_seed_len(const EC_GROUP *group)

-	{

-	return group->seed_len;

-	}

-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	if (group->meth->group_set_curve == 0)

-		{

-		ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	return group->meth->group_set_curve(group, p, a, b, ctx);

-	}

-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

-	{

-	if (group->meth->group_get_curve == 0)

-		{

-		ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	return group->meth->group_get_curve(group, p, a, b, ctx);

-	}

-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	if (group->meth->group_set_curve == 0)

-		{

-		ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	return group->meth->group_set_curve(group, p, a, b, ctx);

-	}

-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

-	{

-	if (group->meth->group_get_curve == 0)

-		{

-		ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	return group->meth->group_get_curve(group, p, a, b, ctx);

-	}

-int EC_GROUP_get_degree(const EC_GROUP *group)

-	{

-	if (group->meth->group_get_degree == 0)

-		{

-		ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	return group->meth->group_get_degree(group);

-	}

-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)

-	{

-	if (group->meth->group_check_discriminant == 0)

-		{

-		ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	return group->meth->group_check_discriminant(group, ctx);

-	}

-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)

-	{

-	int    r = 0;

-	BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;

-	BN_CTX *ctx_new = NULL;

-	/* compare the field types*/

-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=

-	    EC_METHOD_get_field_type(EC_GROUP_method_of(b)))

-		return 1;

-	/* compare the curve name (if present) */

-	if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&

-	    EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))

-		return 0;

-	if (!ctx)

-		ctx_new = ctx = BN_CTX_new();

-	if (!ctx)

-		return -1;

-	BN_CTX_start(ctx);

-	a1 = BN_CTX_get(ctx);

-	a2 = BN_CTX_get(ctx);

-	a3 = BN_CTX_get(ctx);

-	b1 = BN_CTX_get(ctx);

-	b2 = BN_CTX_get(ctx);

-	b3 = BN_CTX_get(ctx);

-	if (!b3)

-		{

-		BN_CTX_end(ctx);

-		if (ctx_new)

-			BN_CTX_free(ctx);

-		return -1;

-		}

-	/* XXX This approach assumes that the external representation

-	 * of curves over the same field type is the same.

-	 */

-	if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||

-	    !b->meth->group_get_curve(b, b1, b2, b3, ctx))

-		r = 1;

-	if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))

-		r = 1;

-	/* XXX EC_POINT_cmp() assumes that the methods are equal */

-	if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),

-	    EC_GROUP_get0_generator(b), ctx))

-		r = 1;

-	if (!r)

-		{

-		/* compare the order and cofactor */

-		if (!EC_GROUP_get_order(a, a1, ctx) ||

-		    !EC_GROUP_get_order(b, b1, ctx) ||

-		    !EC_GROUP_get_cofactor(a, a2, ctx) ||

-		    !EC_GROUP_get_cofactor(b, b2, ctx))

-			{

-			BN_CTX_end(ctx);

-			if (ctx_new)

-				BN_CTX_free(ctx);

-			return -1;

-			}

-		if (BN_cmp(a1, b1) || BN_cmp(a2, b2))

-			r = 1;

-		}

-	BN_CTX_end(ctx);

-	if (ctx_new)

-		BN_CTX_free(ctx);

-	return r;

-	}

-/* this has 'package' visibility */

-int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))

-	{

-	EC_EXTRA_DATA *d;

-	if (ex_data == NULL)

-		return 0;

-	for (d = *ex_data; d != NULL; d = d->next)

-		{

-		if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)

-			{

-			ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);

-			return 0;

-			}

-		}

-	if (data == NULL)

-		/* no explicit entry needed */

-		return 1;

-	d = OPENSSL_malloc(sizeof *d);

-	if (d == NULL)

-		return 0;

-	d->data = data;

-	d->dup_func = dup_func;

-	d->free_func = free_func;

-	d->clear_free_func = clear_free_func;

-	d->next = *ex_data;

-	*ex_data = d;

-	return 1;

-	}

-/* this has 'package' visibility */

-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))

-	{

-	const EC_EXTRA_DATA *d;

-	for (d = ex_data; d != NULL; d = d->next)

-		{

-		if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)

-			return d->data;

-		}

-	return NULL;

-	}

-/* this has 'package' visibility */

-void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))

-	{

-	EC_EXTRA_DATA **p;

-	if (ex_data == NULL)

-		return;

-	for (p = ex_data; *p != NULL; p = &((*p)->next))

-		{

-		if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)

-			{

-			EC_EXTRA_DATA *next = (*p)->next;

-			(*p)->free_func((*p)->data);

-			OPENSSL_free(*p);

-			*p = next;

-			return;

-			}

-		}

-	}

-/* this has 'package' visibility */

-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,

-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))

-	{

-	EC_EXTRA_DATA **p;

-	if (ex_data == NULL)

-		return;

-	for (p = ex_data; *p != NULL; p = &((*p)->next))

-		{

-		if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)

-			{

-			EC_EXTRA_DATA *next = (*p)->next;

-			(*p)->clear_free_func((*p)->data);

-			OPENSSL_free(*p);

-			*p = next;

-			return;

-			}

-		}

-	}

-/* this has 'package' visibility */

-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)

-	{

-	EC_EXTRA_DATA *d;

-	if (ex_data == NULL)

-		return;

-	d = *ex_data;

-	while (d)

-		{

-		EC_EXTRA_DATA *next = d->next;

-		d->free_func(d->data);

-		OPENSSL_free(d);

-		d = next;

-		}

-	*ex_data = NULL;

-	}

-/* this has 'package' visibility */

-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)

-	{

-	EC_EXTRA_DATA *d;

-	if (ex_data == NULL)

-		return;

-	d = *ex_data;

-	while (d)

-		{

-		EC_EXTRA_DATA *next = d->next;

-		d->clear_free_func(d->data);

-		OPENSSL_free(d);

-		d = next;

-		}

-	*ex_data = NULL;

-	}

-/* functions for EC_POINT objects */

-EC_POINT *EC_POINT_new(const EC_GROUP *group)

-	{

-	EC_POINT *ret;

-	if (group == NULL)

-		{

-		ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (group->meth->point_init == 0)

-		{

-		ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return NULL;

-		}

-	ret = OPENSSL_malloc(sizeof *ret);

-	if (ret == NULL)

-		{

-		ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	ret->meth = group->meth;

-	if (!ret->meth->point_init(ret))

-		{

-		OPENSSL_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void EC_POINT_free(EC_POINT *point)

-	{

-	if (!point) return;

-	if (point->meth->point_finish != 0)

-		point->meth->point_finish(point);

-	OPENSSL_free(point);

-	}

-void EC_POINT_clear_free(EC_POINT *point)

-	{

-	if (!point) return;

-	if (point->meth->point_clear_finish != 0)

-		point->meth->point_clear_finish(point);

-	else if (point->meth != NULL && point->meth->point_finish != 0)

-		point->meth->point_finish(point);

-	OPENSSL_cleanse(point, sizeof *point);

-	OPENSSL_free(point);

-	}

-int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)

-	{

-	if (dest->meth->point_copy == 0)

-		{

-		ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (dest->meth != src->meth)

-		{

-		ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	if (dest == src)

-		return 1;

-	return dest->meth->point_copy(dest, src);

-	}

-EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)

-	{

-	EC_POINT *t;

-	int r;

-	if (a == NULL) return NULL;

-	t = EC_POINT_new(group);

-	if (t == NULL) return(NULL);

-	r = EC_POINT_copy(t, a);

-	if (!r)

-		{

-		EC_POINT_free(t);

-		return NULL;

-		}

-	else return t;

-	}

-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)

-	{

-	return point->meth;

-	}

-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)

-	{

-	if (group->meth->point_set_to_infinity == 0)

-		{

-		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_set_to_infinity(group, point);

-	}

-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)

-	{

-	if (group->meth->point_set_Jprojective_coordinates_GFp == 0)

-		{

-		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);

-	}

-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,

-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)

-	{

-	if (group->meth->point_get_Jprojective_coordinates_GFp == 0)

-		{

-		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);

-	}

-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)

-	{

-	if (group->meth->point_set_affine_coordinates == 0)

-		{

-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);

-	}

-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)

-	{

-	if (group->meth->point_set_affine_coordinates == 0)

-		{

-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);

-	}

-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,

-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)

-	{

-	if (group->meth->point_get_affine_coordinates == 0)

-		{

-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);

-	}

-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,

-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)

-	{

-	if (group->meth->point_get_affine_coordinates == 0)

-		{

-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);

-	}

-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, int y_bit, BN_CTX *ctx)

-	{

-	if (group->meth->point_set_compressed_coordinates == 0)

-		{

-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);

-	}

-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, int y_bit, BN_CTX *ctx)

-	{

-	if (group->meth->point_set_compressed_coordinates == 0)

-		{

-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);

-	}

-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,

-        unsigned char *buf, size_t len, BN_CTX *ctx)

-	{

-	if (group->meth->point2oct == 0)

-		{

-		ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point2oct(group, point, form, buf, len, ctx);

-	}

-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,

-        const unsigned char *buf, size_t len, BN_CTX *ctx)

-	{

-	if (group->meth->oct2point == 0)

-		{

-		ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->oct2point(group, point, buf, len, ctx);

-	}

-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)

-	{

-	if (group->meth->add == 0)

-		{

-		ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))

-		{

-		ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->add(group, r, a, b, ctx);

-	}

-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)

-	{

-	if (group->meth->dbl == 0)

-		{

-		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if ((group->meth != r->meth) || (r->meth != a->meth))

-		{

-		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->dbl(group, r, a, ctx);

-	}

-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)

-	{

-	if (group->meth->dbl == 0)

-		{

-		ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != a->meth)

-		{

-		ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->invert(group, a, ctx);

-	}

-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)

-	{

-	if (group->meth->is_at_infinity == 0)

-		{

-		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->is_at_infinity(group, point);

-	}

-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)

-	{

-	if (group->meth->is_on_curve == 0)

-		{

-		ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->is_on_curve(group, point, ctx);

-	}

-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)

-	{

-	if (group->meth->point_cmp == 0)

-		{

-		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if ((group->meth != a->meth) || (a->meth != b->meth))

-		{

-		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->point_cmp(group, a, b, ctx);

-	}

-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

-	{

-	if (group->meth->make_affine == 0)

-		{

-		ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	if (group->meth != point->meth)

-		{

-		ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	return group->meth->make_affine(group, point, ctx);

-	}

-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)

-	{

-	size_t i;

-	if (group->meth->points_make_affine == 0)

-		{

-		ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return 0;

-		}

-	for (i = 0; i < num; i++)

-		{

-		if (group->meth != points[i]->meth)

-			{

-			ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);

-			return 0;

-			}

-		}

-	return group->meth->points_make_affine(group, num, points, ctx);

-	}

-/* Functions for point multiplication.

- *

- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c;

- * otherwise we dispatch through methods.

- */

-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)

-	{

-	if (group->meth->mul == 0)

-		/* use default */

-		return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);

-	return group->meth->mul(group, r, scalar, num, points, scalars, ctx);

-	}

-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,

-	const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)

-	{

-	/* just a convenient interface to EC_POINTs_mul() */

-	const EC_POINT *points[1];

-	const BIGNUM *scalars[1];

-	points[0] = point;

-	scalars[0] = p_scalar;

-	return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);

-	}

-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)

-	{

-	if (group->meth->mul == 0)

-		/* use default */

-		return ec_wNAF_precompute_mult(group, ctx);

-	if (group->meth->precompute_mult != 0)

-		return group->meth->precompute_mult(group, ctx);

-	else

-		return 1; /* nothing to do, so report success */

-	}

-int EC_GROUP_have_precompute_mult(const EC_GROUP *group)

-	{

-	if (group->meth->mul == 0)

-		/* use default */

-		return ec_wNAF_have_precompute_mult(group);

-	if (group->meth->have_precompute_mult != 0)

-		return group->meth->have_precompute_mult(group);

-	else

-		return 0; /* cannot tell whether precomputation has been performed */

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_mult.c

+++ /dev/null

@@ -1,938 +1,0 @@

-/* crypto/ec/ec_mult.c */

-/*

- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Portions of this software developed by SUN MICROSYSTEMS, INC.,

- * and contributed to the OpenSSL project.

- */

-#include <string.h>

-#include <openssl/err.h>

-#include "ec_lcl.h"

-/*

- * This file implements the wNAF-based interleaving multi-exponentation method

- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);

- * for multiplication with precomputation, we use wNAF splitting

- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).

- */

-/* structure for precomputed multiples of the generator */

-typedef struct ec_pre_comp_st {

-	const EC_GROUP *group; /* parent EC_GROUP object */

-	size_t blocksize;      /* block size for wNAF splitting */

-	size_t numblocks;      /* max. number of blocks for which we have precomputation */

-	size_t w;              /* window size */

-	EC_POINT **points;     /* array with pre-calculated multiples of generator:

-	                        * 'num' pointers to EC_POINT objects followed by a NULL */

-	size_t num;            /* numblocks * 2^(w-1) */

-	int references;

-} EC_PRE_COMP;

-/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */

-static void *ec_pre_comp_dup(void *);

-static void ec_pre_comp_free(void *);

-static void ec_pre_comp_clear_free(void *);

-static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)

-	{

-	EC_PRE_COMP *ret = NULL;

-	if (!group)

-		return NULL;

-	ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));

-	if (!ret)

-		{

-		ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);

-		return ret;

-		}

-	ret->group = group;

-	ret->blocksize = 8; /* default */

-	ret->numblocks = 0;

-	ret->w = 4; /* default */

-	ret->points = NULL;

-	ret->num = 0;

-	ret->references = 1;

-	return ret;

-	}

-static void *ec_pre_comp_dup(void *src_)

-	{

-	EC_PRE_COMP *src = src_;

-	/* no need to actually copy, these objects never change! */

-	CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);

-	return src_;

-	}

-static void ec_pre_comp_free(void *pre_)

-	{

-	int i;

-	EC_PRE_COMP *pre = pre_;

-	if (!pre)

-		return;

-	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);

-	if (i > 0)

-		return;

-	if (pre->points)

-		{

-		EC_POINT **p;

-		for (p = pre->points; *p != NULL; p++)

-			EC_POINT_free(*p);

-		OPENSSL_free(pre->points);

-		}

-	OPENSSL_free(pre);

-	}

-static void ec_pre_comp_clear_free(void *pre_)

-	{

-	int i;

-	EC_PRE_COMP *pre = pre_;

-	if (!pre)

-		return;

-	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);

-	if (i > 0)

-		return;

-	if (pre->points)

-		{

-		EC_POINT **p;

-		for (p = pre->points; *p != NULL; p++)

-			EC_POINT_clear_free(*p);

-		OPENSSL_cleanse(pre->points, sizeof pre->points);

-		OPENSSL_free(pre->points);

-		}

-	OPENSSL_cleanse(pre, sizeof pre);

-	OPENSSL_free(pre);

-	}

-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.

- * This is an array  r[]  of values that are either zero or odd with an

- * absolute value less than  2^w  satisfying

- *     scalar = \sum_j r[j]*2^j

- * where at most one of any  w+1  consecutive digits is non-zero

- * with the exception that the most significant digit may be only

- * w-1 zeros away from that next non-zero digit.

- */

-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)

-	{

-	int window_val;

-	int ok = 0;

-	signed char *r = NULL;

-	int sign = 1;

-	int bit, next_bit, mask;

-	size_t len = 0, j;

-	if (BN_is_zero(scalar))

-		{

-		r = OPENSSL_malloc(1);

-		if (!r)

-			{

-			ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		r[0] = 0;

-		*ret_len = 1;

-		return r;

-		}

-	if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */

-		{

-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	bit = 1 << w; /* at most 128 */

-	next_bit = bit << 1; /* at most 256 */

-	mask = next_bit - 1; /* at most 255 */

-	if (BN_is_negative(scalar))

-		{

-		sign = -1;

-		}

-	len = BN_num_bits(scalar);

-	r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation

-	                              * (*ret_len will be set to the actual length, i.e. at most

-	                              * BN_num_bits(scalar) + 1) */

-	if (r == NULL)

-		{

-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (scalar->d == NULL || scalar->top == 0)

-		{

-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	window_val = scalar->d[0] & mask;

-	j = 0;

-	while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */

-		{

-		int digit = 0;

-		/* 0 <= window_val <= 2^(w+1) */

-		if (window_val & 1)

-			{

-			/* 0 < window_val < 2^(w+1) */

-			if (window_val & bit)

-				{

-				digit = window_val - next_bit; /* -2^w < digit < 0 */

-#if 1 /* modified wNAF */

-				if (j + w + 1 >= len)

-					{

-					/* special case for generating modified wNAFs:

-					 * no new bits will be added into window_val,

-					 * so using a positive digit here will decrease

-					 * the total length of the representation */

-					digit = window_val & (mask >> 1); /* 0 < digit < 2^w */

-					}

-#endif

-				}

-			else

-				{

-				digit = window_val; /* 0 < digit < 2^w */

-				}

-			if (digit <= -bit || digit >= bit || !(digit & 1))

-				{

-				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			window_val -= digit;

-			/* now window_val is 0 or 2^(w+1) in standard wNAF generation;

-			 * for modified window NAFs, it may also be 2^w

-			 */

-			if (window_val != 0 && window_val != next_bit && window_val != bit)

-				{

-				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			}

-		r[j++] = sign * digit;

-		window_val >>= 1;

-		window_val += bit * BN_is_bit_set(scalar, j + w);

-		if (window_val > next_bit)

-			{

-			ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		}

-	if (j > len + 1)

-		{

-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	len = j;

-	ok = 1;

- err:

-	if (!ok)

-		{

-		OPENSSL_free(r);

-		r = NULL;

-		}

-	if (ok)

-		*ret_len = len;

-	return r;

-	}

-/* TODO: table should be optimised for the wNAF-based implementation,

- *       sometimes smaller windows will give better performance

- *       (thus the boundaries should be increased)

- */

-#define EC_window_bits_for_scalar_size(b) \

-		((size_t) \

-		 ((b) >= 2000 ? 6 : \

-		  (b) >=  800 ? 5 : \

-		  (b) >=  300 ? 4 : \

-		  (b) >=   70 ? 3 : \

-		  (b) >=   20 ? 2 : \

-		  1))

-/* Compute

- *      \sum scalars[i]*points[i],

- * also including

- *      scalar*generator

- * in the addition if scalar != NULL

- */

-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	const EC_POINT *generator = NULL;

-	EC_POINT *tmp = NULL;

-	size_t totalnum;

-	size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */

-	size_t pre_points_per_block = 0;

-	size_t i, j;

-	int k;

-	int r_is_inverted = 0;

-	int r_is_at_infinity = 1;

-	size_t *wsize = NULL; /* individual window sizes */

-	signed char **wNAF = NULL; /* individual wNAFs */

-	size_t *wNAF_len = NULL;

-	size_t max_len = 0;

-	size_t num_val;

-	EC_POINT **val = NULL; /* precomputation */

-	EC_POINT **v;

-	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */

-	const EC_PRE_COMP *pre_comp = NULL;

-	int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars,

-	                     * i.e. precomputation is not available */

-	int ret = 0;

-	if (group->meth != r->meth)

-		{

-		ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);

-		return 0;

-		}

-	if ((scalar == NULL) && (num == 0))

-		{

-		return EC_POINT_set_to_infinity(group, r);

-		}

-	for (i = 0; i < num; i++)

-		{

-		if (group->meth != points[i]->meth)

-			{

-			ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);

-			return 0;

-			}

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			goto err;

-		}

-	if (scalar != NULL)

-		{

-		generator = EC_GROUP_get0_generator(group);

-		if (generator == NULL)

-			{

-			ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);

-			goto err;

-			}

-		/* look if we can use precomputed multiples of generator */

-		pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);

-		if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0))

-			{

-			blocksize = pre_comp->blocksize;

-			/* determine maximum number of blocks that wNAF splitting may yield

-			 * (NB: maximum wNAF length is bit length plus one) */

-			numblocks = (BN_num_bits(scalar) / blocksize) + 1;

-			/* we cannot use more blocks than we have precomputation for */

-			if (numblocks > pre_comp->numblocks)

-				numblocks = pre_comp->numblocks;

-			pre_points_per_block = 1u << (pre_comp->w - 1);

-			/* check that pre_comp looks sane */

-			if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))

-				{

-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			}

-		else

-			{

-			/* can't use precomputation */

-			pre_comp = NULL;

-			numblocks = 1;

-			num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */

-			}

-		}

-	totalnum = num + numblocks;

-	wsize    = OPENSSL_malloc(totalnum * sizeof wsize[0]);

-	wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);

-	wNAF     = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */

-	val_sub  = OPENSSL_malloc(totalnum * sizeof val_sub[0]);

-	if (!wsize || !wNAF_len || !wNAF || !val_sub)

-		{

-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	wNAF[0] = NULL;	/* preliminary pivot */

-	/* num_val will be the total number of temporarily precomputed points */

-	num_val = 0;

-	for (i = 0; i < num + num_scalar; i++)

-		{

-		size_t bits;

-		bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);

-		wsize[i] = EC_window_bits_for_scalar_size(bits);

-		num_val += 1u << (wsize[i] - 1);

-		wNAF[i + 1] = NULL; /* make sure we always have a pivot */

-		wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);

-		if (wNAF[i] == NULL)

-			goto err;

-		if (wNAF_len[i] > max_len)

-			max_len = wNAF_len[i];

-		}

-	if (numblocks)

-		{

-		/* we go here iff scalar != NULL */

-		if (pre_comp == NULL)

-			{

-			if (num_scalar != 1)

-				{

-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			/* we have already generated a wNAF for 'scalar' */

-			}

-		else

-			{

-			signed char *tmp_wNAF = NULL;

-			size_t tmp_len = 0;

-			if (num_scalar != 0)

-				{

-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			/* use the window size for which we have precomputation */

-			wsize[num] = pre_comp->w;

-			tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);

-			if (!tmp_wNAF)

-				goto err;

-			if (tmp_len <= max_len)

-				{

-				/* One of the other wNAFs is at least as long

-				 * as the wNAF belonging to the generator,

-				 * so wNAF splitting will not buy us anything. */

-				numblocks = 1;

-				totalnum = num + 1; /* don't use wNAF splitting */

-				wNAF[num] = tmp_wNAF;

-				wNAF[num + 1] = NULL;

-				wNAF_len[num] = tmp_len;

-				if (tmp_len > max_len)

-					max_len = tmp_len;

-				/* pre_comp->points starts with the points that we need here: */

-				val_sub[num] = pre_comp->points;

-				}

-			else

-				{

-				/* don't include tmp_wNAF directly into wNAF array

-				 * - use wNAF splitting and include the blocks */

-				signed char *pp;

-				EC_POINT **tmp_points;

-				if (tmp_len < numblocks * blocksize)

-					{

-					/* possibly we can do with fewer blocks than estimated */

-					numblocks = (tmp_len + blocksize - 1) / blocksize;

-					if (numblocks > pre_comp->numblocks)

-						{

-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-						goto err;

-						}

-					totalnum = num + numblocks;

-					}

-				/* split wNAF in 'numblocks' parts */

-				pp = tmp_wNAF;

-				tmp_points = pre_comp->points;

-				for (i = num; i < totalnum; i++)

-					{

-					if (i < totalnum - 1)

-						{

-						wNAF_len[i] = blocksize;

-						if (tmp_len < blocksize)

-							{

-							ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-							goto err;

-							}

-						tmp_len -= blocksize;

-						}

-					else

-						/* last block gets whatever is left

-						 * (this could be more or less than 'blocksize'!) */

-						wNAF_len[i] = tmp_len;

-					wNAF[i + 1] = NULL;

-					wNAF[i] = OPENSSL_malloc(wNAF_len[i]);

-					if (wNAF[i] == NULL)

-						{

-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);

-						OPENSSL_free(tmp_wNAF);

-						goto err;

-						}

-					memcpy(wNAF[i], pp, wNAF_len[i]);

-					if (wNAF_len[i] > max_len)

-						max_len = wNAF_len[i];

-					if (*tmp_points == NULL)

-						{

-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-						OPENSSL_free(tmp_wNAF);

-						goto err;

-						}

-					val_sub[i] = tmp_points;

-					tmp_points += pre_points_per_block;

-					pp += blocksize;

-					}

-				OPENSSL_free(tmp_wNAF);

-				}

-			}

-		}

-	/* All points we precompute now go into a single array 'val'.

-	 * 'val_sub[i]' is a pointer to the subarray for the i-th point,

-	 * or to a subarray of 'pre_comp->points' if we already have precomputation. */

-	val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);

-	if (val == NULL)

-		{

-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	val[num_val] = NULL; /* pivot element */

-	/* allocate points for precomputation */

-	v = val;

-	for (i = 0; i < num + num_scalar; i++)

-		{

-		val_sub[i] = v;

-		for (j = 0; j < (1u << (wsize[i] - 1)); j++)

-			{

-			*v = EC_POINT_new(group);

-			if (*v == NULL) goto err;

-			v++;

-			}

-		}

-	if (!(v == val + num_val))

-		{

-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	if (!(tmp = EC_POINT_new(group)))

-		goto err;

-	/* prepare precomputed values:

-	 *    val_sub[i][0] :=     points[i]

-	 *    val_sub[i][1] := 3 * points[i]

-	 *    val_sub[i][2] := 5 * points[i]

-	 *    ...

-	 */

-	for (i = 0; i < num + num_scalar; i++)

-		{

-		if (i < num)

-			{

-			if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;

-			}

-		else

-			{

-			if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;

-			}

-		if (wsize[i] > 1)

-			{

-			if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;

-			for (j = 1; j < (1u << (wsize[i] - 1)); j++)

-				{

-				if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;

-				}

-			}

-		}

-#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */

-	if (!EC_POINTs_make_affine(group, num_val, val, ctx))

-		goto err;

-#endif

-	r_is_at_infinity = 1;

-	for (k = max_len - 1; k >= 0; k--)

-		{

-		if (!r_is_at_infinity)

-			{

-			if (!EC_POINT_dbl(group, r, r, ctx)) goto err;

-			}

-		for (i = 0; i < totalnum; i++)

-			{

-			if (wNAF_len[i] > (size_t)k)

-				{

-				int digit = wNAF[i][k];

-				int is_neg;

-				if (digit)

-					{

-					is_neg = digit < 0;

-					if (is_neg)

-						digit = -digit;

-					if (is_neg != r_is_inverted)

-						{

-						if (!r_is_at_infinity)

-							{

-							if (!EC_POINT_invert(group, r, ctx)) goto err;

-							}

-						r_is_inverted = !r_is_inverted;

-						}

-					/* digit > 0 */

-					if (r_is_at_infinity)

-						{

-						if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;

-						r_is_at_infinity = 0;

-						}

-					else

-						{

-						if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;

-						}

-					}

-				}

-			}

-		}

-	if (r_is_at_infinity)

-		{

-		if (!EC_POINT_set_to_infinity(group, r)) goto err;

-		}

-	else

-		{

-		if (r_is_inverted)

-			if (!EC_POINT_invert(group, r, ctx)) goto err;

-		}

-	ret = 1;

- err:

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	if (tmp != NULL)

-		EC_POINT_free(tmp);

-	if (wsize != NULL)

-		OPENSSL_free(wsize);

-	if (wNAF_len != NULL)

-		OPENSSL_free(wNAF_len);

-	if (wNAF != NULL)

-		{

-		signed char **w;

-		for (w = wNAF; *w != NULL; w++)

-			OPENSSL_free(*w);

-		OPENSSL_free(wNAF);

-		}

-	if (val != NULL)

-		{

-		for (v = val; *v != NULL; v++)

-			EC_POINT_clear_free(*v);

-		OPENSSL_free(val);

-		}

-	if (val_sub != NULL)

-		{

-		OPENSSL_free(val_sub);

-		}

-	return ret;

-	}

-/* ec_wNAF_precompute_mult()

- * creates an EC_PRE_COMP object with preprecomputed multiples of the generator

- * for use with wNAF splitting as implemented in ec_wNAF_mul().

- *

- * 'pre_comp->points' is an array of multiples of the generator

- * of the following form:

- * points[0] =     generator;

- * points[1] = 3 * generator;

- * ...

- * points[2^(w-1)-1] =     (2^(w-1)-1) * generator;

- * points[2^(w-1)]   =     2^blocksize * generator;

- * points[2^(w-1)+1] = 3 * 2^blocksize * generator;

- * ...

- * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) *  2^(blocksize*(numblocks-2)) * generator

- * points[2^(w-1)*(numblocks-1)]   =              2^(blocksize*(numblocks-1)) * generator

- * ...

- * points[2^(w-1)*numblocks-1]     = (2^(w-1)) *  2^(blocksize*(numblocks-1)) * generator

- * points[2^(w-1)*numblocks]       = NULL

- */

-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)

-	{

-	const EC_POINT *generator;

-	EC_POINT *tmp_point = NULL, *base = NULL, **var;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *order;

-	size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;

-	EC_POINT **points = NULL;

-	EC_PRE_COMP *pre_comp;

-	int ret = 0;

-	/* if there is an old EC_PRE_COMP object, throw it away */

-	EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);

-	if ((pre_comp = ec_pre_comp_new(group)) == NULL)

-		return 0;

-	generator = EC_GROUP_get0_generator(group);

-	if (generator == NULL)

-		{

-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);

-		goto err;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			goto err;

-		}

-	BN_CTX_start(ctx);

-	order = BN_CTX_get(ctx);

-	if (order == NULL) goto err;

-	if (!EC_GROUP_get_order(group, order, ctx)) goto err;

-	if (BN_is_zero(order))

-		{

-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);

-		goto err;

-		}

-	bits = BN_num_bits(order);

-	/* The following parameters mean we precompute (approximately)

-	 * one point per bit.

-	 *

-	 * TBD: The combination  8, 4  is perfect for 160 bits; for other

-	 * bit lengths, other parameter combinations might provide better

-	 * efficiency.

-	 */

-	blocksize = 8;

-	w = 4;

-	if (EC_window_bits_for_scalar_size(bits) > w)

-		{

-		/* let's not make the window too small ... */

-		w = EC_window_bits_for_scalar_size(bits);

-		}

-	numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */

-	pre_points_per_block = 1u << (w - 1);

-	num = pre_points_per_block * numblocks; /* number of points to compute and store */

-	points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));

-	if (!points)

-		{

-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	var = points;

-	var[num] = NULL; /* pivot */

-	for (i = 0; i < num; i++)

-		{

-		if ((var[i] = EC_POINT_new(group)) == NULL)

-			{

-			ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group)))

-		{

-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!EC_POINT_copy(base, generator))

-		goto err;

-	/* do the precomputation */

-	for (i = 0; i < numblocks; i++)

-		{

-		size_t j;

-		if (!EC_POINT_dbl(group, tmp_point, base, ctx))

-			goto err;

-		if (!EC_POINT_copy(*var++, base))

-			goto err;

-		for (j = 1; j < pre_points_per_block; j++, var++)

-			{

-			/* calculate odd multiples of the current base point */

-			if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))

-				goto err;

-			}

-		if (i < numblocks - 1)

-			{

-			/* get the next base (multiply current one by 2^blocksize) */

-			size_t k;

-			if (blocksize <= 2)

-				{

-				ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			if (!EC_POINT_dbl(group, base, tmp_point, ctx))

-				goto err;

-			for (k = 2; k < blocksize; k++)

-				{

-				if (!EC_POINT_dbl(group,base,base,ctx))

-					goto err;

-				}

-			}

- 		}

-	if (!EC_POINTs_make_affine(group, num, points, ctx))

-		goto err;

-	pre_comp->group = group;

-	pre_comp->blocksize = blocksize;

-	pre_comp->numblocks = numblocks;

-	pre_comp->w = w;

-	pre_comp->points = points;

-	points = NULL;

-	pre_comp->num = num;

-	if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,

-		ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))

-		goto err;

-	pre_comp = NULL;

-	ret = 1;

- err:

-	if (ctx != NULL)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	if (pre_comp)

-		ec_pre_comp_free(pre_comp);

-	if (points)

-		{

-		EC_POINT **p;

-		for (p = points; *p != NULL; p++)

-			EC_POINT_free(*p);

-		OPENSSL_free(points);

-		}

-	if (tmp_point)

-		EC_POINT_free(tmp_point);

-	if (base)

-		EC_POINT_free(base);

-	return ret;

-	}

-int ec_wNAF_have_precompute_mult(const EC_GROUP *group)

-	{

-	if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)

-		return 1;

-	else

-		return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ec_print.c

+++ /dev/null

@@ -1,195 +1,0 @@

-/* crypto/ec/ec_print.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/crypto.h>

-#include "ec_lcl.h"

-BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,

-                          const EC_POINT *point,

-                          point_conversion_form_t form,

-                          BIGNUM *ret,

-                          BN_CTX *ctx)

-	{

-	size_t        buf_len=0;

-	unsigned char *buf;

-	buf_len = EC_POINT_point2oct(group, point, form,

-                                     NULL, 0, ctx);

-	if (buf_len == 0)

-		return NULL;

-	if ((buf = OPENSSL_malloc(buf_len)) == NULL)

-		return NULL;

-	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))

-		{

-		OPENSSL_free(buf);

-		return NULL;

-		}

-	ret = BN_bin2bn(buf, buf_len, ret);

-	OPENSSL_free(buf);

-	return ret;

-}

-EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,

-                            const BIGNUM *bn,

-                            EC_POINT *point,

-                            BN_CTX *ctx)

-	{

-	size_t        buf_len=0;

-	unsigned char *buf;

-	EC_POINT      *ret;

-	if ((buf_len = BN_num_bytes(bn)) == 0) return NULL;

-	buf = OPENSSL_malloc(buf_len);

-	if (buf == NULL)

-		return NULL;

-	if (!BN_bn2bin(bn, buf))

-		{

-		OPENSSL_free(buf);

-		return NULL;

-		}

-	if (point == NULL)

-		{

-		if ((ret = EC_POINT_new(group)) == NULL)

-			{

-			OPENSSL_free(buf);

-			return NULL;

-			}

-		}

-	else

-		ret = point;

-	if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx))

-		{

-		if (point == NULL)

-			EC_POINT_clear_free(ret);

-		OPENSSL_free(buf);

-		return NULL;

-		}

-	OPENSSL_free(buf);

-	return ret;

-	}

-static const char *HEX_DIGITS = "0123456789ABCDEF";

-/* the return value must be freed (using OPENSSL_free()) */

-char *EC_POINT_point2hex(const EC_GROUP *group,

-                         const EC_POINT *point,

-                         point_conversion_form_t form,

-                         BN_CTX *ctx)

-	{

-	char          *ret, *p;

-	size_t        buf_len=0,i;

-	unsigned char *buf, *pbuf;

-	buf_len = EC_POINT_point2oct(group, point, form,

-                                     NULL, 0, ctx);

-	if (buf_len == 0)

-		return NULL;

-	if ((buf = OPENSSL_malloc(buf_len)) == NULL)

-		return NULL;

-	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))

-		{

-		OPENSSL_free(buf);

-		return NULL;

-		}

-	ret = (char *)OPENSSL_malloc(buf_len*2+2);

-	if (ret == NULL)

-		{

-		OPENSSL_free(buf);

-		return NULL;

-		}

-	p = ret;

-	pbuf = buf;

-	for (i=buf_len; i > 0; i--)

-		{

-			int v = (int) *(pbuf++);

-			*(p++)=HEX_DIGITS[v>>4];

-			*(p++)=HEX_DIGITS[v&0x0F];

-		}

-	*p='\0';

-	OPENSSL_free(buf);

-	return ret;

-	}

-EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,

-                             const char *buf,

-                             EC_POINT *point,

-                             BN_CTX *ctx)

-	{

-	EC_POINT *ret=NULL;

-	BIGNUM   *tmp_bn=NULL;

-	if (!BN_hex2bn(&tmp_bn, buf))

-		return NULL;

-	ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);

-	BN_clear_free(tmp_bn);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ecp_mont.c

+++ /dev/null

@@ -1,315 +1,0 @@

-/* crypto/ec/ecp_mont.c */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Portions of this software developed by SUN MICROSYSTEMS, INC.,

- * and contributed to the OpenSSL project.

- */

-#include <openssl/err.h>

-#include "ec_lcl.h"

-const EC_METHOD *EC_GFp_mont_method(void)

-	{

-	static const EC_METHOD ret = {

-		NID_X9_62_prime_field,

-		ec_GFp_mont_group_init,

-		ec_GFp_mont_group_finish,

-		ec_GFp_mont_group_clear_finish,

-		ec_GFp_mont_group_copy,

-		ec_GFp_mont_group_set_curve,

-		ec_GFp_simple_group_get_curve,

-		ec_GFp_simple_group_get_degree,

-		ec_GFp_simple_group_check_discriminant,

-		ec_GFp_simple_point_init,

-		ec_GFp_simple_point_finish,

-		ec_GFp_simple_point_clear_finish,

-		ec_GFp_simple_point_copy,

-		ec_GFp_simple_point_set_to_infinity,

-		ec_GFp_simple_set_Jprojective_coordinates_GFp,

-		ec_GFp_simple_get_Jprojective_coordinates_GFp,

-		ec_GFp_simple_point_set_affine_coordinates,

-		ec_GFp_simple_point_get_affine_coordinates,

-		ec_GFp_simple_set_compressed_coordinates,

-		ec_GFp_simple_point2oct,

-		ec_GFp_simple_oct2point,

-		ec_GFp_simple_add,

-		ec_GFp_simple_dbl,

-		ec_GFp_simple_invert,

-		ec_GFp_simple_is_at_infinity,

-		ec_GFp_simple_is_on_curve,

-		ec_GFp_simple_cmp,

-		ec_GFp_simple_make_affine,

-		ec_GFp_simple_points_make_affine,

-		0 /* mul */,

-		0 /* precompute_mult */,

-		0 /* have_precompute_mult */,

-		ec_GFp_mont_field_mul,

-		ec_GFp_mont_field_sqr,

-		0 /* field_div */,

-		ec_GFp_mont_field_encode,

-		ec_GFp_mont_field_decode,

-		ec_GFp_mont_field_set_to_one };

-	return &ret;

-	}

-int ec_GFp_mont_group_init(EC_GROUP *group)

-	{

-	int ok;

-	ok = ec_GFp_simple_group_init(group);

-	group->field_data1 = NULL;

-	group->field_data2 = NULL;

-	return ok;

-	}

-void ec_GFp_mont_group_finish(EC_GROUP *group)

-	{

-	if (group->field_data1 != NULL)

-		{

-		BN_MONT_CTX_free(group->field_data1);

-		group->field_data1 = NULL;

-		}

-	if (group->field_data2 != NULL)

-		{

-		BN_free(group->field_data2);

-		group->field_data2 = NULL;

-		}

-	ec_GFp_simple_group_finish(group);

-	}

-void ec_GFp_mont_group_clear_finish(EC_GROUP *group)

-	{

-	if (group->field_data1 != NULL)

-		{

-		BN_MONT_CTX_free(group->field_data1);

-		group->field_data1 = NULL;

-		}

-	if (group->field_data2 != NULL)

-		{

-		BN_clear_free(group->field_data2);

-		group->field_data2 = NULL;

-		}

-	ec_GFp_simple_group_clear_finish(group);

-	}

-int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)

-	{

-	if (dest->field_data1 != NULL)

-		{

-		BN_MONT_CTX_free(dest->field_data1);

-		dest->field_data1 = NULL;

-		}

-	if (dest->field_data2 != NULL)

-		{

-		BN_clear_free(dest->field_data2);

-		dest->field_data2 = NULL;

-		}

-	if (!ec_GFp_simple_group_copy(dest, src)) return 0;

-	if (src->field_data1 != NULL)

-		{

-		dest->field_data1 = BN_MONT_CTX_new();

-		if (dest->field_data1 == NULL) return 0;

-		if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;

-		}

-	if (src->field_data2 != NULL)

-		{

-		dest->field_data2 = BN_dup(src->field_data2);

-		if (dest->field_data2 == NULL) goto err;

-		}

-	return 1;

- err:

-	if (dest->field_data1 != NULL)

-		{

-		BN_MONT_CTX_free(dest->field_data1);

-		dest->field_data1 = NULL;

-		}

-	return 0;

-	}

-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BN_MONT_CTX *mont = NULL;

-	BIGNUM *one = NULL;

-	int ret = 0;

-	if (group->field_data1 != NULL)

-		{

-		BN_MONT_CTX_free(group->field_data1);

-		group->field_data1 = NULL;

-		}

-	if (group->field_data2 != NULL)

-		{

-		BN_free(group->field_data2);

-		group->field_data2 = NULL;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	mont = BN_MONT_CTX_new();

-	if (mont == NULL) goto err;

-	if (!BN_MONT_CTX_set(mont, p, ctx))

-		{

-		ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);

-		goto err;

-		}

-	one = BN_new();

-	if (one == NULL) goto err;

-	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;

-	group->field_data1 = mont;

-	mont = NULL;

-	group->field_data2 = one;

-	one = NULL;

-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);

-	if (!ret)

-		{

-		BN_MONT_CTX_free(group->field_data1);

-		group->field_data1 = NULL;

-		BN_free(group->field_data2);

-		group->field_data2 = NULL;

-		}

- err:

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	if (mont != NULL)

-		BN_MONT_CTX_free(mont);

-	return ret;

-	}

-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	if (group->field_data1 == NULL)

-		{

-		ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);

-		return 0;

-		}

-	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);

-	}

-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

-	{

-	if (group->field_data1 == NULL)

-		{

-		ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);

-		return 0;

-		}

-	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);

-	}

-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

-	{

-	if (group->field_data1 == NULL)

-		{

-		ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);

-		return 0;

-		}

-	return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);

-	}

-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

-	{

-	if (group->field_data1 == NULL)

-		{

-		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);

-		return 0;

-		}

-	return BN_from_montgomery(r, a, group->field_data1, ctx);

-	}

-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)

-	{

-	if (group->field_data2 == NULL)

-		{

-		ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);

-		return 0;

-		}

-	if (!BN_copy(r, group->field_data2)) return 0;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ecp_nist.c

+++ /dev/null

@@ -1,236 +1,0 @@

-/* crypto/ec/ecp_nist.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Portions of this software developed by SUN MICROSYSTEMS, INC.,

- * and contributed to the OpenSSL project.

- */

-#include <limits.h>

-#include <openssl/err.h>

-#include <openssl/obj_mac.h>

-#include "ec_lcl.h"

-const EC_METHOD *EC_GFp_nist_method(void)

-	{

-	static const EC_METHOD ret = {

-		NID_X9_62_prime_field,

-		ec_GFp_simple_group_init,

-		ec_GFp_simple_group_finish,

-		ec_GFp_simple_group_clear_finish,

-		ec_GFp_nist_group_copy,

-		ec_GFp_nist_group_set_curve,

-		ec_GFp_simple_group_get_curve,

-		ec_GFp_simple_group_get_degree,

-		ec_GFp_simple_group_check_discriminant,

-		ec_GFp_simple_point_init,

-		ec_GFp_simple_point_finish,

-		ec_GFp_simple_point_clear_finish,

-		ec_GFp_simple_point_copy,

-		ec_GFp_simple_point_set_to_infinity,

-		ec_GFp_simple_set_Jprojective_coordinates_GFp,

-		ec_GFp_simple_get_Jprojective_coordinates_GFp,

-		ec_GFp_simple_point_set_affine_coordinates,

-		ec_GFp_simple_point_get_affine_coordinates,

-		ec_GFp_simple_set_compressed_coordinates,

-		ec_GFp_simple_point2oct,

-		ec_GFp_simple_oct2point,

-		ec_GFp_simple_add,

-		ec_GFp_simple_dbl,

-		ec_GFp_simple_invert,

-		ec_GFp_simple_is_at_infinity,

-		ec_GFp_simple_is_on_curve,

-		ec_GFp_simple_cmp,

-		ec_GFp_simple_make_affine,

-		ec_GFp_simple_points_make_affine,

-		0 /* mul */,

-		0 /* precompute_mult */,

-		0 /* have_precompute_mult */,

-		ec_GFp_nist_field_mul,

-		ec_GFp_nist_field_sqr,

-		0 /* field_div */,

-		0 /* field_encode */,

-		0 /* field_decode */,

-		0 /* field_set_to_one */ };

-	return &ret;

-	}

-#if BN_BITS2 == 64

-#define	NO_32_BIT_TYPE

-#endif

-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)

-	{

-	dest->field_mod_func = src->field_mod_func;

-	return ec_GFp_simple_group_copy(dest, src);

-	}

-int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,

-	const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *tmp_bn;

-	if (ctx == NULL)

-		if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0;

-	BN_CTX_start(ctx);

-	if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err;

-	if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)

-		group->field_mod_func = BN_nist_mod_192;

-	else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)

-		{

-#ifndef NO_32_BIT_TYPE

-		group->field_mod_func = BN_nist_mod_224;

-#else

-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);

-		goto err;

-#endif

-		}

-	else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)

-		{

-#ifndef NO_32_BIT_TYPE

-		group->field_mod_func = BN_nist_mod_256;

-#else

-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);

-		goto err;

-#endif

-		}

-	else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)

-		{

-#ifndef NO_32_BIT_TYPE

-		group->field_mod_func = BN_nist_mod_384;

-#else

-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);

-		goto err;

-#endif

-		}

-	else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)

-		/* this one works in the NO_32_BIT_TYPE case */

-		group->field_mod_func = BN_nist_mod_521;

-	else

-		{

-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);

-		goto err;

-		}

-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,

-	const BIGNUM *b, BN_CTX *ctx)

-	{

-	int	ret=0;

-	BN_CTX	*ctx_new=NULL;

-	if (!group || !r || !a || !b)

-		{

-		ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);

-		goto err;

-		}

-	if (!ctx)

-		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;

-	if (!BN_mul(r, a, b, ctx)) goto err;

-	if (!group->field_mod_func(r, r, &group->field, ctx))

-		goto err;

-	ret=1;

-err:

-	if (ctx_new)

-		BN_CTX_free(ctx_new);

-	return ret;

-	}

-int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,

-	BN_CTX *ctx)

-	{

-	int	ret=0;

-	BN_CTX	*ctx_new=NULL;

-	if (!group || !r || !a)

-		{

-		ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);

-		goto err;

-		}

-	if (!ctx)

-		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;

-	if (!BN_sqr(r, a, ctx)) goto err;

-	if (!group->field_mod_func(r, r, &group->field, ctx))

-		goto err;

-	ret=1;

-err:

-	if (ctx_new)

-		BN_CTX_free(ctx_new);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ecp_smpl.c

+++ /dev/null

@@ -1,1716 +1,0 @@

-/* crypto/ec/ecp_smpl.c */

-/* Includes code written by Lenka Fibikova <[email protected]>

- * for the OpenSSL project.

- * Includes code written by Bodo Moeller for the OpenSSL project.

-*/

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * Portions of this software developed by SUN MICROSYSTEMS, INC.,

- * and contributed to the OpenSSL project.

- */

-#include <openssl/err.h>

-#include <openssl/symhacks.h>

-#include "ec_lcl.h"

-const EC_METHOD *EC_GFp_simple_method(void)

-	{

-	static const EC_METHOD ret = {

-		NID_X9_62_prime_field,

-		ec_GFp_simple_group_init,

-		ec_GFp_simple_group_finish,

-		ec_GFp_simple_group_clear_finish,

-		ec_GFp_simple_group_copy,

-		ec_GFp_simple_group_set_curve,

-		ec_GFp_simple_group_get_curve,

-		ec_GFp_simple_group_get_degree,

-		ec_GFp_simple_group_check_discriminant,

-		ec_GFp_simple_point_init,

-		ec_GFp_simple_point_finish,

-		ec_GFp_simple_point_clear_finish,

-		ec_GFp_simple_point_copy,

-		ec_GFp_simple_point_set_to_infinity,

-		ec_GFp_simple_set_Jprojective_coordinates_GFp,

-		ec_GFp_simple_get_Jprojective_coordinates_GFp,

-		ec_GFp_simple_point_set_affine_coordinates,

-		ec_GFp_simple_point_get_affine_coordinates,

-		ec_GFp_simple_set_compressed_coordinates,

-		ec_GFp_simple_point2oct,

-		ec_GFp_simple_oct2point,

-		ec_GFp_simple_add,

-		ec_GFp_simple_dbl,

-		ec_GFp_simple_invert,

-		ec_GFp_simple_is_at_infinity,

-		ec_GFp_simple_is_on_curve,

-		ec_GFp_simple_cmp,

-		ec_GFp_simple_make_affine,

-		ec_GFp_simple_points_make_affine,

-		0 /* mul */,

-		0 /* precompute_mult */,

-		0 /* have_precompute_mult */,

-		ec_GFp_simple_field_mul,

-		ec_GFp_simple_field_sqr,

-		0 /* field_div */,

-		0 /* field_encode */,

-		0 /* field_decode */,

-		0 /* field_set_to_one */ };

-	return &ret;

-	}

-/* Most method functions in this file are designed to work with

- * non-trivial representations of field elements if necessary

- * (see ecp_mont.c): while standard modular addition and subtraction

- * are used, the field_mul and field_sqr methods will be used for

- * multiplication, and field_encode and field_decode (if defined)

- * will be used for converting between representations.

- * Functions ec_GFp_simple_points_make_affine() and

- * ec_GFp_simple_point_get_affine_coordinates() specifically assume

- * that if a non-trivial representation is used, it is a Montgomery

- * representation (i.e. 'encoding' means multiplying by some factor R).

- */

-int ec_GFp_simple_group_init(EC_GROUP *group)

-	{

-	BN_init(&group->field);

-	BN_init(&group->a);

-	BN_init(&group->b);

-	group->a_is_minus3 = 0;

-	return 1;

-	}

-void ec_GFp_simple_group_finish(EC_GROUP *group)

-	{

-	BN_free(&group->field);

-	BN_free(&group->a);

-	BN_free(&group->b);

-	}

-void ec_GFp_simple_group_clear_finish(EC_GROUP *group)

-	{

-	BN_clear_free(&group->field);

-	BN_clear_free(&group->a);

-	BN_clear_free(&group->b);

-	}

-int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)

-	{

-	if (!BN_copy(&dest->field, &src->field)) return 0;

-	if (!BN_copy(&dest->a, &src->a)) return 0;

-	if (!BN_copy(&dest->b, &src->b)) return 0;

-	dest->a_is_minus3 = src->a_is_minus3;

-	return 1;

-	}

-int ec_GFp_simple_group_set_curve(EC_GROUP *group,

-	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *tmp_a;

-	/* p must be a prime > 3 */

-	if (BN_num_bits(p) <= 2 || !BN_is_odd(p))

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);

-		return 0;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	tmp_a = BN_CTX_get(ctx);

-	if (tmp_a == NULL) goto err;

-	/* group->field */

-	if (!BN_copy(&group->field, p)) goto err;

-	BN_set_negative(&group->field, 0);

-	/* group->a */

-	if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;

-	if (group->meth->field_encode)

-		{ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }

-	else

-		if (!BN_copy(&group->a, tmp_a)) goto err;

-	/* group->b */

-	if (!BN_nnmod(&group->b, b, p, ctx)) goto err;

-	if (group->meth->field_encode)

-		if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;

-	/* group->a_is_minus3 */

-	if (!BN_add_word(tmp_a, 3)) goto err;

-	group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BN_CTX *new_ctx = NULL;

-	if (p != NULL)

-		{

-		if (!BN_copy(p, &group->field)) return 0;

-		}

-	if (a != NULL || b != NULL)

-		{

-		if (group->meth->field_decode)

-			{

-			if (ctx == NULL)

-				{

-				ctx = new_ctx = BN_CTX_new();

-				if (ctx == NULL)

-					return 0;

-				}

-			if (a != NULL)

-				{

-				if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;

-				}

-			if (b != NULL)

-				{

-				if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;

-				}

-			}

-		else

-			{

-			if (a != NULL)

-				{

-				if (!BN_copy(a, &group->a)) goto err;

-				}

-			if (b != NULL)

-				{

-				if (!BN_copy(b, &group->b)) goto err;

-				}

-			}

-		}

-	ret = 1;

- err:

-	if (new_ctx)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_group_get_degree(const EC_GROUP *group)

-	{

-	return BN_num_bits(&group->field);

-	}

-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)

-	{

-	int ret = 0;

-	BIGNUM *a,*b,*order,*tmp_1,*tmp_2;

-	const BIGNUM *p = &group->field;

-	BN_CTX *new_ctx = NULL;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	BN_CTX_start(ctx);

-	a = BN_CTX_get(ctx);

-	b = BN_CTX_get(ctx);

-	tmp_1 = BN_CTX_get(ctx);

-	tmp_2 = BN_CTX_get(ctx);

-	order = BN_CTX_get(ctx);

-	if (order == NULL) goto err;

-	if (group->meth->field_decode)

-		{

-		if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;

-		if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_copy(a, &group->a)) goto err;

-		if (!BN_copy(b, &group->b)) goto err;

-		}

-	/* check the discriminant:

-	 * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)

-         * 0 =< a, b < p */

-	if (BN_is_zero(a))

-		{

-		if (BN_is_zero(b)) goto err;

-		}

-	else if (!BN_is_zero(b))

-		{

-		if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;

-		if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;

-		if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;

-		/* tmp_1 = 4*a^3 */

-		if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;

-		if (!BN_mul_word(tmp_2, 27)) goto err;

-		/* tmp_2 = 27*b^2 */

-		if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;

-		if (BN_is_zero(a)) goto err;

-		}

-	ret = 1;

-err:

-	if (ctx != NULL)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_point_init(EC_POINT *point)

-	{

-	BN_init(&point->X);

-	BN_init(&point->Y);

-	BN_init(&point->Z);

-	point->Z_is_one = 0;

-	return 1;

-	}

-void ec_GFp_simple_point_finish(EC_POINT *point)

-	{

-	BN_free(&point->X);

-	BN_free(&point->Y);

-	BN_free(&point->Z);

-	}

-void ec_GFp_simple_point_clear_finish(EC_POINT *point)

-	{

-	BN_clear_free(&point->X);

-	BN_clear_free(&point->Y);

-	BN_clear_free(&point->Z);

-	point->Z_is_one = 0;

-	}

-int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)

-	{

-	if (!BN_copy(&dest->X, &src->X)) return 0;

-	if (!BN_copy(&dest->Y, &src->Y)) return 0;

-	if (!BN_copy(&dest->Z, &src->Z)) return 0;

-	dest->Z_is_one = src->Z_is_one;

-	return 1;

-	}

-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)

-	{

-	point->Z_is_one = 0;

-	BN_zero(&point->Z);

-	return 1;

-	}

-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	int ret = 0;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	if (x != NULL)

-		{

-		if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;

-		if (group->meth->field_encode)

-			{

-			if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;

-			}

-		}

-	if (y != NULL)

-		{

-		if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;

-		if (group->meth->field_encode)

-			{

-			if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;

-			}

-		}

-	if (z != NULL)

-		{

-		int Z_is_one;

-		if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;

-		Z_is_one = BN_is_one(&point->Z);

-		if (group->meth->field_encode)

-			{

-			if (Z_is_one && (group->meth->field_set_to_one != 0))

-				{

-				if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;

-				}

-			else

-				{

-				if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;

-				}

-			}

-		point->Z_is_one = Z_is_one;

-		}

-	ret = 1;

- err:

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,

-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	int ret = 0;

-	if (group->meth->field_decode != 0)

-		{

-		if (ctx == NULL)

-			{

-			ctx = new_ctx = BN_CTX_new();

-			if (ctx == NULL)

-				return 0;

-			}

-		if (x != NULL)

-			{

-			if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;

-			}

-		if (y != NULL)

-			{

-			if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;

-			}

-		if (z != NULL)

-			{

-			if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;

-			}

-		}

-	else

-		{

-		if (x != NULL)

-			{

-			if (!BN_copy(x, &point->X)) goto err;

-			}

-		if (y != NULL)

-			{

-			if (!BN_copy(y, &point->Y)) goto err;

-			}

-		if (z != NULL)

-			{

-			if (!BN_copy(z, &point->Z)) goto err;

-			}

-		}

-	ret = 1;

- err:

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)

-	{

-	if (x == NULL || y == NULL)

-		{

-		/* unlike for projective coordinates, we do not tolerate this */

-		ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);

-	}

-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,

-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *Z, *Z_1, *Z_2, *Z_3;

-	const BIGNUM *Z_;

-	int ret = 0;

-	if (EC_POINT_is_at_infinity(group, point))

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);

-		return 0;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	Z = BN_CTX_get(ctx);

-	Z_1 = BN_CTX_get(ctx);

-	Z_2 = BN_CTX_get(ctx);

-	Z_3 = BN_CTX_get(ctx);

-	if (Z_3 == NULL) goto err;

-	/* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */

-	if (group->meth->field_decode)

-		{

-		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;

-		Z_ = Z;

-		}

-	else

-		{

-		Z_ = &point->Z;

-		}

-	if (BN_is_one(Z_))

-		{

-		if (group->meth->field_decode)

-			{

-			if (x != NULL)

-				{

-				if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;

-				}

-			if (y != NULL)

-				{

-				if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;

-				}

-			}

-		else

-			{

-			if (x != NULL)

-				{

-				if (!BN_copy(x, &point->X)) goto err;

-				}

-			if (y != NULL)

-				{

-				if (!BN_copy(y, &point->Y)) goto err;

-				}

-			}

-		}

-	else

-		{

-		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);

-			goto err;

-			}

-		if (group->meth->field_encode == 0)

-			{

-			/* field_sqr works on standard representation */

-			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;

-			}

-		else

-			{

-			if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;

-			}

-		if (x != NULL)

-			{

-			/* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */

-			if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;

-			}

-		if (y != NULL)

-			{

-			if (group->meth->field_encode == 0)

-				{

-				/* field_mul works on standard representation */

-				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;

-				}

-			else

-				{

-				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;

-				}

-			/* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */

-			if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;

-			}

-		}

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,

-	const BIGNUM *x_, int y_bit, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *tmp1, *tmp2, *x, *y;

-	int ret = 0;

-	/* clear error queue*/

-	ERR_clear_error();

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	y_bit = (y_bit != 0);

-	BN_CTX_start(ctx);

-	tmp1 = BN_CTX_get(ctx);

-	tmp2 = BN_CTX_get(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	if (y == NULL) goto err;

-	/* Recover y.  We have a Weierstrass equation

-	 *     y^2 = x^3 + a*x + b,

-	 * so  y  is one of the square roots of  x^3 + a*x + b.

-	 */

-	/* tmp1 := x^3 */

-	if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;

-	if (group->meth->field_decode == 0)

-		{

-		/* field_{sqr,mul} work on standard representation */

-		if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;

-		if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;

-		if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;

-		}

-	/* tmp1 := tmp1 + a*x */

-	if (group->a_is_minus3)

-		{

-		if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;

-		if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;

-		if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;

-		}

-	else

-		{

-		if (group->meth->field_decode)

-			{

-			if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;

-			if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;

-			}

-		else

-			{

-			/* field_mul works on standard representation */

-			if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;

-			}

-		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;

-		}

-	/* tmp1 := tmp1 + b */

-	if (group->meth->field_decode)

-		{

-		if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;

-		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;

-		}

-	else

-		{

-		if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;

-		}

-	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))

-		{

-		unsigned long err = ERR_peek_last_error();

-		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)

-			{

-			ERR_clear_error();

-			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);

-			}

-		else

-			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);

-		goto err;

-		}

-	if (y_bit != BN_is_odd(y))

-		{

-		if (BN_is_zero(y))

-			{

-			int kron;

-			kron = BN_kronecker(x, &group->field, ctx);

-			if (kron == -2) goto err;

-			if (kron == 1)

-				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);

-			else

-				/* BN_mod_sqrt() should have cought this error (not a square) */

-				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);

-			goto err;

-			}

-		if (!BN_usub(y, &group->field, y)) goto err;

-		}

-	if (y_bit != BN_is_odd(y))

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,

-	unsigned char *buf, size_t len, BN_CTX *ctx)

-	{

-	size_t ret;

-	BN_CTX *new_ctx = NULL;

-	int used_ctx = 0;

-	BIGNUM *x, *y;

-	size_t field_len, i, skip;

-	if ((form != POINT_CONVERSION_COMPRESSED)

-		&& (form != POINT_CONVERSION_UNCOMPRESSED)

-		&& (form != POINT_CONVERSION_HYBRID))

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);

-		goto err;

-		}

-	if (EC_POINT_is_at_infinity(group, point))

-		{

-		/* encodes to a single 0 octet */

-		if (buf != NULL)

-			{

-			if (len < 1)

-				{

-				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);

-				return 0;

-				}

-			buf[0] = 0;

-			}

-		return 1;

-		}

-	/* ret := required output buffer length */

-	field_len = BN_num_bytes(&group->field);

-	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;

-	/* if 'buf' is NULL, just return required length */

-	if (buf != NULL)

-		{

-		if (len < ret)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);

-			goto err;

-			}

-		if (ctx == NULL)

-			{

-			ctx = new_ctx = BN_CTX_new();

-			if (ctx == NULL)

-				return 0;

-			}

-		BN_CTX_start(ctx);

-		used_ctx = 1;

-		x = BN_CTX_get(ctx);

-		y = BN_CTX_get(ctx);

-		if (y == NULL) goto err;

-		if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;

-		if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))

-			buf[0] = form + 1;

-		else

-			buf[0] = form;

-		i = 1;

-		skip = field_len - BN_num_bytes(x);

-		if (skip > field_len)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		while (skip > 0)

-			{

-			buf[i++] = 0;

-			skip--;

-			}

-		skip = BN_bn2bin(x, buf + i);

-		i += skip;

-		if (i != 1 + field_len)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)

-			{

-			skip = field_len - BN_num_bytes(y);

-			if (skip > field_len)

-				{

-				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			while (skip > 0)

-				{

-				buf[i++] = 0;

-				skip--;

-				}

-			skip = BN_bn2bin(y, buf + i);

-			i += skip;

-			}

-		if (i != ret)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		}

-	if (used_ctx)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

- err:

-	if (used_ctx)

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return 0;

-	}

-int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

-	const unsigned char *buf, size_t len, BN_CTX *ctx)

-	{

-	point_conversion_form_t form;

-	int y_bit;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *x, *y;

-	size_t field_len, enc_len;

-	int ret = 0;

-	if (len == 0)

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);

-		return 0;

-		}

-	form = buf[0];

-	y_bit = form & 1;

-	form = form & ~1U;

-	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)

-		&& (form != POINT_CONVERSION_UNCOMPRESSED)

-		&& (form != POINT_CONVERSION_HYBRID))

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		return 0;

-		}

-	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		return 0;

-		}

-	if (form == 0)

-		{

-		if (len != 1)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-			return 0;

-			}

-		return EC_POINT_set_to_infinity(group, point);

-		}

-	field_len = BN_num_bytes(&group->field);

-	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;

-	if (len != enc_len)

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		return 0;

-		}

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	if (y == NULL) goto err;

-	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;

-	if (BN_ucmp(x, &group->field) >= 0)

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-		goto err;

-		}

-	if (form == POINT_CONVERSION_COMPRESSED)

-		{

-		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;

-		if (BN_ucmp(y, &group->field) >= 0)

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-			goto err;

-			}

-		if (form == POINT_CONVERSION_HYBRID)

-			{

-			if (y_bit != BN_is_odd(y))

-				{

-				ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

-				goto err;

-				}

-			}

-		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;

-		}

-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);

-		goto err;

-		}

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)

-	{

-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);

-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);

-	const BIGNUM *p;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;

-	int ret = 0;

-	if (a == b)

-		return EC_POINT_dbl(group, r, a, ctx);

-	if (EC_POINT_is_at_infinity(group, a))

-		return EC_POINT_copy(r, b);

-	if (EC_POINT_is_at_infinity(group, b))

-		return EC_POINT_copy(r, a);

-	field_mul = group->meth->field_mul;

-	field_sqr = group->meth->field_sqr;

-	p = &group->field;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	n0 = BN_CTX_get(ctx);

-	n1 = BN_CTX_get(ctx);

-	n2 = BN_CTX_get(ctx);

-	n3 = BN_CTX_get(ctx);

-	n4 = BN_CTX_get(ctx);

-	n5 = BN_CTX_get(ctx);

-	n6 = BN_CTX_get(ctx);

-	if (n6 == NULL) goto end;

-	/* Note that in this function we must not read components of 'a' or 'b'

-	 * once we have written the corresponding components of 'r'.

-	 * ('r' might be one of 'a' or 'b'.)

-	 */

-	/* n1, n2 */

-	if (b->Z_is_one)

-		{

-		if (!BN_copy(n1, &a->X)) goto end;

-		if (!BN_copy(n2, &a->Y)) goto end;

-		/* n1 = X_a */

-		/* n2 = Y_a */

-		}

-	else

-		{

-		if (!field_sqr(group, n0, &b->Z, ctx)) goto end;

-		if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;

-		/* n1 = X_a * Z_b^2 */

-		if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;

-		if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;

-		/* n2 = Y_a * Z_b^3 */

-		}

-	/* n3, n4 */

-	if (a->Z_is_one)

-		{

-		if (!BN_copy(n3, &b->X)) goto end;

-		if (!BN_copy(n4, &b->Y)) goto end;

-		/* n3 = X_b */

-		/* n4 = Y_b */

-		}

-	else

-		{

-		if (!field_sqr(group, n0, &a->Z, ctx)) goto end;

-		if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;

-		/* n3 = X_b * Z_a^2 */

-		if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;

-		if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;

-		/* n4 = Y_b * Z_a^3 */

-		}

-	/* n5, n6 */

-	if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;

-	if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;

-	/* n5 = n1 - n3 */

-	/* n6 = n2 - n4 */

-	if (BN_is_zero(n5))

-		{

-		if (BN_is_zero(n6))

-			{

-			/* a is the same point as b */

-			BN_CTX_end(ctx);

-			ret = EC_POINT_dbl(group, r, a, ctx);

-			ctx = NULL;

-			goto end;

-			}

-		else

-			{

-			/* a is the inverse of b */

-			BN_zero(&r->Z);

-			r->Z_is_one = 0;

-			ret = 1;

-			goto end;

-			}

-		}

-	/* 'n7', 'n8' */

-	if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;

-	if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;

-	/* 'n7' = n1 + n3 */

-	/* 'n8' = n2 + n4 */

-	/* Z_r */

-	if (a->Z_is_one && b->Z_is_one)

-		{

-		if (!BN_copy(&r->Z, n5)) goto end;

-		}

-	else

-		{

-		if (a->Z_is_one)

-			{ if (!BN_copy(n0, &b->Z)) goto end; }

-		else if (b->Z_is_one)

-			{ if (!BN_copy(n0, &a->Z)) goto end; }

-		else

-			{ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }

-		if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;

-		}

-	r->Z_is_one = 0;

-	/* Z_r = Z_a * Z_b * n5 */

-	/* X_r */

-	if (!field_sqr(group, n0, n6, ctx)) goto end;

-	if (!field_sqr(group, n4, n5, ctx)) goto end;

-	if (!field_mul(group, n3, n1, n4, ctx)) goto end;

-	if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;

-	/* X_r = n6^2 - n5^2 * 'n7' */

-	/* 'n9' */

-	if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;

-	if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;

-	/* n9 = n5^2 * 'n7' - 2 * X_r */

-	/* Y_r */

-	if (!field_mul(group, n0, n0, n6, ctx)) goto end;

-	if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */

-	if (!field_mul(group, n1, n2, n5, ctx)) goto end;

-	if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;

-	if (BN_is_odd(n0))

-		if (!BN_add(n0, n0, p)) goto end;

-	/* now  0 <= n0 < 2*p,  and n0 is even */

-	if (!BN_rshift1(&r->Y, n0)) goto end;

-	/* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */

-	ret = 1;

- end:

-	if (ctx) /* otherwise we already called BN_CTX_end */

-		BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)

-	{

-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);

-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);

-	const BIGNUM *p;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *n0, *n1, *n2, *n3;

-	int ret = 0;

-	if (EC_POINT_is_at_infinity(group, a))

-		{

-		BN_zero(&r->Z);

-		r->Z_is_one = 0;

-		return 1;

-		}

-	field_mul = group->meth->field_mul;

-	field_sqr = group->meth->field_sqr;

-	p = &group->field;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	n0 = BN_CTX_get(ctx);

-	n1 = BN_CTX_get(ctx);

-	n2 = BN_CTX_get(ctx);

-	n3 = BN_CTX_get(ctx);

-	if (n3 == NULL) goto err;

-	/* Note that in this function we must not read components of 'a'

-	 * once we have written the corresponding components of 'r'.

-	 * ('r' might the same as 'a'.)

-	 */

-	/* n1 */

-	if (a->Z_is_one)

-		{

-		if (!field_sqr(group, n0, &a->X, ctx)) goto err;

-		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;

-		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;

-		if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;

-		/* n1 = 3 * X_a^2 + a_curve */

-		}

-	else if (group->a_is_minus3)

-		{

-		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;

-		if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;

-		if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;

-		if (!field_mul(group, n1, n0, n2, ctx)) goto err;

-		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;

-		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;

-		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)

-		 *    = 3 * X_a^2 - 3 * Z_a^4 */

-		}

-	else

-		{

-		if (!field_sqr(group, n0, &a->X, ctx)) goto err;

-		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;

-		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;

-		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;

-		if (!field_sqr(group, n1, n1, ctx)) goto err;

-		if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;

-		if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;

-		/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */

-		}

-	/* Z_r */

-	if (a->Z_is_one)

-		{

-		if (!BN_copy(n0, &a->Y)) goto err;

-		}

-	else

-		{

-		if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;

-		}

-	if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;

-	r->Z_is_one = 0;

-	/* Z_r = 2 * Y_a * Z_a */

-	/* n2 */

-	if (!field_sqr(group, n3, &a->Y, ctx)) goto err;

-	if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;

-	if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;

-	/* n2 = 4 * X_a * Y_a^2 */

-	/* X_r */

-	if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;

-	if (!field_sqr(group, &r->X, n1, ctx)) goto err;

-	if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;

-	/* X_r = n1^2 - 2 * n2 */

-	/* n3 */

-	if (!field_sqr(group, n0, n3, ctx)) goto err;

-	if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;

-	/* n3 = 8 * Y_a^4 */

-	/* Y_r */

-	if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;

-	if (!field_mul(group, n0, n1, n0, ctx)) goto err;

-	if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;

-	/* Y_r = n1 * (n2 - X_r) - n3 */

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

-	{

-	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))

-		/* point is its own inverse */

-		return 1;

-	return BN_usub(&point->Y, &group->field, &point->Y);

-	}

-int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)

-	{

-	return BN_is_zero(&point->Z);

-	}

-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)

-	{

-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);

-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);

-	const BIGNUM *p;

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *rh, *tmp, *Z4, *Z6;

-	int ret = -1;

-	if (EC_POINT_is_at_infinity(group, point))

-		return 1;

-	field_mul = group->meth->field_mul;

-	field_sqr = group->meth->field_sqr;

-	p = &group->field;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return -1;

-		}

-	BN_CTX_start(ctx);

-	rh = BN_CTX_get(ctx);

-	tmp = BN_CTX_get(ctx);

-	Z4 = BN_CTX_get(ctx);

-	Z6 = BN_CTX_get(ctx);

-	if (Z6 == NULL) goto err;

-	/* We have a curve defined by a Weierstrass equation

-	 *      y^2 = x^3 + a*x + b.

-	 * The point to consider is given in Jacobian projective coordinates

-	 * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).

-	 * Substituting this and multiplying by  Z^6  transforms the above equation into

-	 *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.

-	 * To test this, we add up the right-hand side in 'rh'.

-	 */

-	/* rh := X^2 */

-	if (!field_sqr(group, rh, &point->X, ctx)) goto err;

-	if (!point->Z_is_one)

-		{

-		if (!field_sqr(group, tmp, &point->Z, ctx)) goto err;

-		if (!field_sqr(group, Z4, tmp, ctx)) goto err;

-		if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err;

-		/* rh := (rh + a*Z^4)*X */

-		if (group->a_is_minus3)

-			{

-			if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err;

-			if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err;

-			if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err;

-			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;

-			}

-		else

-			{

-			if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err;

-			if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;

-			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;

-			}

-		/* rh := rh + b*Z^6 */

-		if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err;

-		if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;

-		}

-	else

-		{

-		/* point->Z_is_one */

-		/* rh := (rh + a)*X */

-		if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err;

-		if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;

-		/* rh := rh + b */

-		if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;

-		}

-	/* 'lh' := Y^2 */

-	if (!field_sqr(group, tmp, &point->Y, ctx)) goto err;

-	ret = (0 == BN_ucmp(tmp, rh));

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)

-	{

-	/* return values:

-	 *  -1   error

-	 *   0   equal (in affine coordinates)

-	 *   1   not equal

-	 */

-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);

-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *tmp1, *tmp2, *Za23, *Zb23;

-	const BIGNUM *tmp1_, *tmp2_;

-	int ret = -1;

-	if (EC_POINT_is_at_infinity(group, a))

-		{

-		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;

-		}

-	if (a->Z_is_one && b->Z_is_one)

-		{

-		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;

-		}

-	field_mul = group->meth->field_mul;

-	field_sqr = group->meth->field_sqr;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return -1;

-		}

-	BN_CTX_start(ctx);

-	tmp1 = BN_CTX_get(ctx);

-	tmp2 = BN_CTX_get(ctx);

-	Za23 = BN_CTX_get(ctx);

-	Zb23 = BN_CTX_get(ctx);

-	if (Zb23 == NULL) goto end;

-	/* We have to decide whether

-	 *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),

-	 * or equivalently, whether

-	 *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).

-	 */

-	if (!b->Z_is_one)

-		{

-		if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;

-		if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;

-		tmp1_ = tmp1;

-		}

-	else

-		tmp1_ = &a->X;

-	if (!a->Z_is_one)

-		{

-		if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;

-		if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;

-		tmp2_ = tmp2;

-		}

-	else

-		tmp2_ = &b->X;

-	/* compare  X_a*Z_b^2  with  X_b*Z_a^2 */

-	if (BN_cmp(tmp1_, tmp2_) != 0)

-		{

-		ret = 1; /* points differ */

-		goto end;

-		}

-	if (!b->Z_is_one)

-		{

-		if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;

-		if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;

-		/* tmp1_ = tmp1 */

-		}

-	else

-		tmp1_ = &a->Y;

-	if (!a->Z_is_one)

-		{

-		if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;

-		if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;

-		/* tmp2_ = tmp2 */

-		}

-	else

-		tmp2_ = &b->Y;

-	/* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */

-	if (BN_cmp(tmp1_, tmp2_) != 0)

-		{

-		ret = 1; /* points differ */

-		goto end;

-		}

-	/* points are equal */

-	ret = 0;

- end:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *x, *y;

-	int ret = 0;

-	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))

-		return 1;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	if (y == NULL) goto err;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;

-	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;

-	if (!point->Z_is_one)

-		{

-		ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	return ret;

-	}

-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)

-	{

-	BN_CTX *new_ctx = NULL;

-	BIGNUM *tmp0, *tmp1;

-	size_t pow2 = 0;

-	BIGNUM **heap = NULL;

-	size_t i;

-	int ret = 0;

-	if (num == 0)

-		return 1;

-	if (ctx == NULL)

-		{

-		ctx = new_ctx = BN_CTX_new();

-		if (ctx == NULL)

-			return 0;

-		}

-	BN_CTX_start(ctx);

-	tmp0 = BN_CTX_get(ctx);

-	tmp1 = BN_CTX_get(ctx);

-	if (tmp0  == NULL || tmp1 == NULL) goto err;

-	/* Before converting the individual points, compute inverses of all Z values.

-	 * Modular inversion is rather slow, but luckily we can do with a single

-	 * explicit inversion, plus about 3 multiplications per input value.

-	 */

-	pow2 = 1;

-	while (num > pow2)

-		pow2 <<= 1;

-	/* Now pow2 is the smallest power of 2 satifsying pow2 >= num.

-	 * We need twice that. */

-	pow2 <<= 1;

-	heap = OPENSSL_malloc(pow2 * sizeof heap[0]);

-	if (heap == NULL) goto err;

-	/* The array is used as a binary tree, exactly as in heapsort:

-	 *

-	 *                               heap[1]

-	 *                 heap[2]                     heap[3]

-	 *          heap[4]       heap[5]       heap[6]       heap[7]

-	 *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]

-	 *

-	 * We put the Z's in the last line;

-	 * then we set each other node to the product of its two child-nodes (where

-	 * empty or 0 entries are treated as ones);

-	 * then we invert heap[1];

-	 * then we invert each other node by replacing it by the product of its

-	 * parent (after inversion) and its sibling (before inversion).

-	 */

-	heap[0] = NULL;

-	for (i = pow2/2 - 1; i > 0; i--)

-		heap[i] = NULL;

-	for (i = 0; i < num; i++)

-		heap[pow2/2 + i] = &points[i]->Z;

-	for (i = pow2/2 + num; i < pow2; i++)

-		heap[i] = NULL;

-	/* set each node to the product of its children */

-	for (i = pow2/2 - 1; i > 0; i--)

-		{

-		heap[i] = BN_new();

-		if (heap[i] == NULL) goto err;

-		if (heap[2*i] != NULL)

-			{

-			if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))

-				{

-				if (!BN_copy(heap[i], heap[2*i])) goto err;

-				}

-			else

-				{

-				if (BN_is_zero(heap[2*i]))

-					{

-					if (!BN_copy(heap[i], heap[2*i + 1])) goto err;

-					}

-				else

-					{

-					if (!group->meth->field_mul(group, heap[i],

-						heap[2*i], heap[2*i + 1], ctx)) goto err;

-					}

-				}

-			}

-		}

-	/* invert heap[1] */

-	if (!BN_is_zero(heap[1]))

-		{

-		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))

-			{

-			ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);

-			goto err;

-			}

-		}

-	if (group->meth->field_encode != 0)

-		{

-		/* in the Montgomery case, we just turned  R*H  (representing H)

-		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);

-		 * i.e. we have need to multiply by the Montgomery factor twice */

-		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;

-		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;

-		}

-	/* set other heap[i]'s to their inverses */

-	for (i = 2; i < pow2/2 + num; i += 2)

-		{

-		/* i is even */

-		if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))

-			{

-			if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;

-			if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;

-			if (!BN_copy(heap[i], tmp0)) goto err;

-			if (!BN_copy(heap[i + 1], tmp1)) goto err;

-			}

-		else

-			{

-			if (!BN_copy(heap[i], heap[i/2])) goto err;

-			}

-		}

-	/* we have replaced all non-zero Z's by their inverses, now fix up all the points */

-	for (i = 0; i < num; i++)

-		{

-		EC_POINT *p = points[i];

-		if (!BN_is_zero(&p->Z))

-			{

-			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */

-			if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;

-			if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;

-			if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;

-			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;

-			if (group->meth->field_set_to_one != 0)

-				{

-				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;

-				}

-			else

-				{

-				if (!BN_one(&p->Z)) goto err;

-				}

-			p->Z_is_one = 1;

-			}

-		}

-	ret = 1;

- err:

-	BN_CTX_end(ctx);

-	if (new_ctx != NULL)

-		BN_CTX_free(new_ctx);

-	if (heap != NULL)

-		{

-		/* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */

-		for (i = pow2/2 - 1; i > 0; i--)

-			{

-			if (heap[i] != NULL)

-				BN_clear_free(heap[i]);

-			}

-		OPENSSL_free(heap);

-		}

-	return ret;

-	}

-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

-	{

-	return BN_mod_mul(r, a, b, &group->field, ctx);

-	}

-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

-	{

-	return BN_mod_sqr(r, a, &group->field, ctx);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ec/ectest.c

+++ /dev/null

@@ -1,1344 +1,0 @@

-/* crypto/ec/ectest.c */

-/*

- * Originally written by Bodo Moeller for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#ifdef FLAT_INC

-#include "e_os.h"

-#else

-#include "../e_os.h"

-#endif

-#include <string.h>

-#include <time.h>

-#ifdef OPENSSL_NO_EC

-int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }

-#else

-#include <openssl/ec.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/obj_mac.h>

-#include <openssl/objects.h>

-#include <openssl/rand.h>

-#include <openssl/bn.h>

-#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)

-/* suppress "too big too optimize" warning */

-#pragma warning(disable:4959)

-#endif

-#define ABORT do { \

-	fflush(stdout); \

-	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \

-	ERR_print_errors_fp(stderr); \

-	EXIT(1); \

-} while (0)

-void prime_field_tests(void);

-void char2_field_tests(void);

-void internal_curve_test(void);

-#define TIMING_BASE_PT 0

-#define TIMING_RAND_PT 1

-#define TIMING_SIMUL 2

-#if 0

-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)

-	{

-	clock_t clck;

-	int i, j;

-	BIGNUM *s;

-	BIGNUM *r[10], *r0[10];

-	EC_POINT *P;

-	s = BN_new();

-	if (s == NULL) ABORT;

-	fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));

-	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;

-	fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));

-	fflush(stdout);

-	P = EC_POINT_new(group);

-	if (P == NULL) ABORT;

-	EC_POINT_copy(P, EC_GROUP_get0_generator(group));

-	for (i = 0; i < 10; i++)

-		{

-		if ((r[i] = BN_new()) == NULL) ABORT;

-		if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;

-		if (type != TIMING_BASE_PT)

-			{

-			if ((r0[i] = BN_new()) == NULL) ABORT;

-			if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;

-			}

-		}

-	clck = clock();

-	for (i = 0; i < 10; i++)

-		{

-		for (j = 0; j < 10; j++)

-			{

-			if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,

-				(type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;

-			}

-		}

-	clck = clock() - clck;

-	fprintf(stdout, "\n");

-#ifdef CLOCKS_PER_SEC

-	/* "To determine the time in seconds, the value returned

-	 * by the clock function should be divided by the value

-	 * of the macro CLOCKS_PER_SEC."

-	 *                                       -- ISO/IEC 9899 */

-#	define UNIT "s"

-#else

-	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"

-	 *                            -- cc on NeXTstep/OpenStep */

-#	define UNIT "units"

-#	define CLOCKS_PER_SEC 1

-#endif

-	if (type == TIMING_BASE_PT) {

-		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,

-			"base point multiplications", (double)clck/CLOCKS_PER_SEC);

-	} else if (type == TIMING_RAND_PT) {

-		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,

-			"random point multiplications", (double)clck/CLOCKS_PER_SEC);

-	} else if (type == TIMING_SIMUL) {

-		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,

-			"s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);

-	}

-	fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));

-	EC_POINT_free(P);

-	BN_free(s);

-	for (i = 0; i < 10; i++)

-		{

-		BN_free(r[i]);

-		if (type != TIMING_BASE_PT) BN_free(r0[i]);

-		}

-	}

-#endif

-void prime_field_tests()

-	{

-	BN_CTX *ctx = NULL;

-	BIGNUM *p, *a, *b;

-	EC_GROUP *group;

-	EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;

-	EC_POINT *P, *Q, *R;

-	BIGNUM *x, *y, *z;

-	unsigned char buf[100];

-	size_t i, len;

-	int k;

-#if 1 /* optional */

-	ctx = BN_CTX_new();

-	if (!ctx) ABORT;

-#endif

-	p = BN_new();

-	a = BN_new();

-	b = BN_new();

-	if (!p || !a || !b) ABORT;

-	if (!BN_hex2bn(&p, "17")) ABORT;

-	if (!BN_hex2bn(&a, "1")) ABORT;

-	if (!BN_hex2bn(&b, "1")) ABORT;

-	group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp

-	                                             * so that the library gets to choose the EC_METHOD */

-	if (!group) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	{

-		EC_GROUP *tmp;

-		tmp = EC_GROUP_new(EC_GROUP_method_of(group));

-		if (!tmp) ABORT;

-		if (!EC_GROUP_copy(tmp, group)) ABORT;

-		EC_GROUP_free(group);

-		group = tmp;

-	}

-	if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;

-	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");

-	BN_print_fp(stdout, p);

-	fprintf(stdout, ")\n     a = 0x");

-	BN_print_fp(stdout, a);

-	fprintf(stdout, "\n     b = 0x");

-	BN_print_fp(stdout, b);

-	fprintf(stdout, "\n");

-	P = EC_POINT_new(group);

-	Q = EC_POINT_new(group);

-	R = EC_POINT_new(group);

-	if (!P || !Q || !R) ABORT;

-	if (!EC_POINT_set_to_infinity(group, P)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-	buf[0] = 0;

-	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;

-	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-	x = BN_new();

-	y = BN_new();

-	z = BN_new();

-	if (!x || !y || !z) ABORT;

-	if (!BN_hex2bn(&x, "D")) ABORT;

-	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, Q, ctx))

-		{

-		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;

-		fprintf(stderr, "Point is not on curve: x = 0x");

-		BN_print_fp(stderr, x);

-		fprintf(stderr, ", y = 0x");

-		BN_print_fp(stderr, y);

-		fprintf(stderr, "\n");

-		ABORT;

-		}

-	fprintf(stdout, "A cyclic subgroup:\n");

-	k = 100;

-	do

-		{

-		if (k-- == 0) ABORT;

-		if (EC_POINT_is_at_infinity(group, P))

-			fprintf(stdout, "     point at infinity\n");

-		else

-			{

-			if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-			fprintf(stdout, "     x = 0x");

-			BN_print_fp(stdout, x);

-			fprintf(stdout, ", y = 0x");

-			BN_print_fp(stdout, y);

-			fprintf(stdout, "\n");

-			}

-		if (!EC_POINT_copy(R, P)) ABORT;

-		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;

-#if 0 /* optional */

-		{

-			EC_POINT *points[3];

-			points[0] = R;

-			points[1] = Q;

-			points[2] = P;

-			if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;

-		}

-#endif

-		}

-	while (!EC_POINT_is_at_infinity(group, P));

-	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);

-	if (len == 0) ABORT;

-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;

-	fprintf(stdout, "Generator as octect string, compressed form:\n     ");

-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);

-	if (len == 0) ABORT;

-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;

-	fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n     ");

-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);

-	if (len == 0) ABORT;

-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;

-	fprintf(stdout, "\nGenerator as octect string, hybrid form:\n     ");

-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

-	if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;

-	fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, ", Y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, ", Z = 0x");

-	BN_print_fp(stdout, z);

-	fprintf(stdout, "\n");

-	if (!EC_POINT_invert(group, P, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;

-	/* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)

-	 * -- not a NIST curve, but commonly used */

-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;

-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;

-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;

-	if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;

-	if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;

-	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;

-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, "\n     y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, "\n");

-	/* G_y value taken from the standard: */

-	if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;

-	if (0 != BN_cmp(y, z)) ABORT;

-	fprintf(stdout, "verify degree ...");

-	if (EC_GROUP_get_degree(group) != 160) ABORT;

-	fprintf(stdout, " ok\n");

-	fprintf(stdout, "verify group order ...");

-	fflush(stdout);

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, ".");

-	fflush(stdout);

-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, " ok\n");

-	if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;

-	if (!EC_GROUP_copy(P_160, group)) ABORT;

-	/* Curve P-192 (FIPS PUB 186-2, App. 6) */

-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;

-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;

-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;

-	if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;

-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;

-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, "\n     y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, "\n");

-	/* G_y value taken from the standard: */

-	if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;

-	if (0 != BN_cmp(y, z)) ABORT;

-	fprintf(stdout, "verify degree ...");

-	if (EC_GROUP_get_degree(group) != 192) ABORT;

-	fprintf(stdout, " ok\n");

-	fprintf(stdout, "verify group order ...");

-	fflush(stdout);

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, ".");

-	fflush(stdout);

-#if 0

-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;

-#endif

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, " ok\n");

-	if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;

-	if (!EC_GROUP_copy(P_192, group)) ABORT;

-	/* Curve P-224 (FIPS PUB 186-2, App. 6) */

-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;

-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;

-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;

-	if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;

-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;

-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, "\n     y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, "\n");

-	/* G_y value taken from the standard: */

-	if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;

-	if (0 != BN_cmp(y, z)) ABORT;

-	fprintf(stdout, "verify degree ...");

-	if (EC_GROUP_get_degree(group) != 224) ABORT;

-	fprintf(stdout, " ok\n");

-	fprintf(stdout, "verify group order ...");

-	fflush(stdout);

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, ".");

-	fflush(stdout);

-#if 0

-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;

-#endif

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, " ok\n");

-	if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;

-	if (!EC_GROUP_copy(P_224, group)) ABORT;

-	/* Curve P-256 (FIPS PUB 186-2, App. 6) */

-	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;

-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;

-	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;

-	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;

-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"

-		"84F3B9CAC2FC632551")) ABORT;

-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, "\n     y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, "\n");

-	/* G_y value taken from the standard: */

-	if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;

-	if (0 != BN_cmp(y, z)) ABORT;

-	fprintf(stdout, "verify degree ...");

-	if (EC_GROUP_get_degree(group) != 256) ABORT;

-	fprintf(stdout, " ok\n");

-	fprintf(stdout, "verify group order ...");

-	fflush(stdout);

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, ".");

-	fflush(stdout);

-#if 0

-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;

-#endif

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, " ok\n");

-	if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;

-	if (!EC_GROUP_copy(P_256, group)) ABORT;

-	/* Curve P-384 (FIPS PUB 186-2, App. 6) */

-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;

-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;

-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;

-	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"

-		"120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"

-		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;

-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;

-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, "\n     y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, "\n");

-	/* G_y value taken from the standard: */

-	if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"

-		"7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;

-	if (0 != BN_cmp(y, z)) ABORT;

-	fprintf(stdout, "verify degree ...");

-	if (EC_GROUP_get_degree(group) != 384) ABORT;

-	fprintf(stdout, " ok\n");

-	fprintf(stdout, "verify group order ...");

-	fflush(stdout);

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, ".");

-	fflush(stdout);

-#if 0

-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;

-#endif

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, " ok\n");

-	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;

-	if (!EC_GROUP_copy(P_384, group)) ABORT;

-	/* Curve P-521 (FIPS PUB 186-2, App. 6) */

-	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;

-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;

-	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;

-	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"

-		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"

-		"DF883D2C34F1EF451FD46B503F00")) ABORT;

-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;

-	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"

-		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"

-		"3C1856A429BF97E7E31C2E5BD66")) ABORT;

-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

-		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"

-		"C9B8899C47AEBB6FB71E91386409")) ABORT;

-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;

-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;

-	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");

-	BN_print_fp(stdout, x);

-	fprintf(stdout, "\n     y = 0x");

-	BN_print_fp(stdout, y);

-	fprintf(stdout, "\n");

-	/* G_y value taken from the standard: */

-	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"

-		"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"

-		"7086A272C24088BE94769FD16650")) ABORT;

-	if (0 != BN_cmp(y, z)) ABORT;

-	fprintf(stdout, "verify degree ...");

-	if (EC_GROUP_get_degree(group) != 521) ABORT;

-	fprintf(stdout, " ok\n");

-	fprintf(stdout, "verify group order ...");

-	fflush(stdout);

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, ".");

-	fflush(stdout);

-#if 0

-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;

-#endif

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;

-	fprintf(stdout, " ok\n");

-	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;

-	if (!EC_GROUP_copy(P_521, group)) ABORT;

-	/* more tests using the last curve */

-	if (!EC_POINT_copy(Q, P)) ABORT;

-	if (EC_POINT_is_at_infinity(group, Q)) ABORT;

-	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */

-	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;

-	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */

-	{

-		const EC_POINT *points[4];

-		const BIGNUM *scalars[4];

-		BIGNUM scalar3;

-		if (EC_POINT_is_at_infinity(group, Q)) ABORT;

-		points[0] = Q;

-		points[1] = Q;

-		points[2] = Q;

-		points[3] = Q;

-		if (!BN_add(y, z, BN_value_one())) ABORT;

-		if (BN_is_odd(y)) ABORT;

-		if (!BN_rshift1(y, y)) ABORT;

-		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */

-		scalars[1] = y;

-		fprintf(stdout, "combined multiplication ...");

-		fflush(stdout);

-		/* z is still the group order */

-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;

-		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;

-		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;

-		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;

-		fprintf(stdout, ".");

-		fflush(stdout);

-		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;

-		if (!BN_add(z, z, y)) ABORT;

-		BN_set_negative(z, 1);

-		scalars[0] = y;

-		scalars[1] = z; /* z = -(order + y) */

-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;

-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-		fprintf(stdout, ".");

-		fflush(stdout);

-		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;

-		if (!BN_add(z, x, y)) ABORT;

-		BN_set_negative(z, 1);

-		scalars[0] = x;

-		scalars[1] = y;

-		scalars[2] = z; /* z = -(x+y) */

-		BN_init(&scalar3);

-		BN_zero(&scalar3);

-		scalars[3] = &scalar3;

-		if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;

-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-		fprintf(stdout, " ok\n\n");

-		BN_free(&scalar3);

-	}

-#if 0

-	timings(P_160, TIMING_BASE_PT, ctx);

-	timings(P_160, TIMING_RAND_PT, ctx);

-	timings(P_160, TIMING_SIMUL, ctx);

-	timings(P_192, TIMING_BASE_PT, ctx);

-	timings(P_192, TIMING_RAND_PT, ctx);

-	timings(P_192, TIMING_SIMUL, ctx);

-	timings(P_224, TIMING_BASE_PT, ctx);

-	timings(P_224, TIMING_RAND_PT, ctx);

-	timings(P_224, TIMING_SIMUL, ctx);

-	timings(P_256, TIMING_BASE_PT, ctx);

-	timings(P_256, TIMING_RAND_PT, ctx);

-	timings(P_256, TIMING_SIMUL, ctx);

-	timings(P_384, TIMING_BASE_PT, ctx);

-	timings(P_384, TIMING_RAND_PT, ctx);

-	timings(P_384, TIMING_SIMUL, ctx);

-	timings(P_521, TIMING_BASE_PT, ctx);

-	timings(P_521, TIMING_RAND_PT, ctx);

-	timings(P_521, TIMING_SIMUL, ctx);

-#endif

-	if (ctx)

-		BN_CTX_free(ctx);

-	BN_free(p); BN_free(a);	BN_free(b);

-	EC_GROUP_free(group);

-	EC_POINT_free(P);

-	EC_POINT_free(Q);

-	EC_POINT_free(R);

-	BN_free(x); BN_free(y); BN_free(z);

-	if (P_160) EC_GROUP_free(P_160);

-	if (P_192) EC_GROUP_free(P_192);

-	if (P_224) EC_GROUP_free(P_224);

-	if (P_256) EC_GROUP_free(P_256);

-	if (P_384) EC_GROUP_free(P_384);

-	if (P_521) EC_GROUP_free(P_521);

-	}

-/* Change test based on whether binary point compression is enabled or not. */

-#ifdef OPENSSL_EC_BIN_PT_COMP

-#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \

-	if (!BN_hex2bn(&x, _x)) ABORT; \

-	if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \

-	if (!BN_hex2bn(&z, _order)) ABORT; \

-	if (!BN_hex2bn(&cof, _cof)) ABORT; \

-	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \

-	if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \

-	fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \

-	BN_print_fp(stdout, x); \

-	fprintf(stdout, "\n     y = 0x"); \

-	BN_print_fp(stdout, y); \

-	fprintf(stdout, "\n"); \

-	/* G_y value taken from the standard: */ \

-	if (!BN_hex2bn(&z, _y)) ABORT; \

-	if (0 != BN_cmp(y, z)) ABORT;

-#else

-#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \

-	if (!BN_hex2bn(&x, _x)) ABORT; \

-	if (!BN_hex2bn(&y, _y)) ABORT; \

-	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \

-	if (!BN_hex2bn(&z, _order)) ABORT; \

-	if (!BN_hex2bn(&cof, _cof)) ABORT; \

-	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \

-	fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \

-	BN_print_fp(stdout, x); \

-	fprintf(stdout, "\n     y = 0x"); \

-	BN_print_fp(stdout, y); \

-	fprintf(stdout, "\n");

-#endif

-#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \

-	if (!BN_hex2bn(&p, _p)) ABORT; \

-	if (!BN_hex2bn(&a, _a)) ABORT; \

-	if (!BN_hex2bn(&b, _b)) ABORT; \

-	if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \

-	CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \

-	fprintf(stdout, "verify degree ..."); \

-	if (EC_GROUP_get_degree(group) != _degree) ABORT; \

-	fprintf(stdout, " ok\n"); \

-	fprintf(stdout, "verify group order ..."); \

-	fflush(stdout); \

-	if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \

-	fprintf(stdout, "."); \

-	fflush(stdout); \

-	/* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \

-	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \

-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \

-	fprintf(stdout, " ok\n"); \

-	if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \

-	if (!EC_GROUP_copy(_variable, group)) ABORT;

-void char2_field_tests()

-	{

-	BN_CTX *ctx = NULL;

-	BIGNUM *p, *a, *b;

-	EC_GROUP *group;

-	EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;

-	EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;

-	EC_POINT *P, *Q, *R;

-	BIGNUM *x, *y, *z, *cof;

-	unsigned char buf[100];

-	size_t i, len;

-	int k;

-#if 1 /* optional */

-	ctx = BN_CTX_new();

-	if (!ctx) ABORT;

-#endif

-	p = BN_new();

-	a = BN_new();

-	b = BN_new();

-	if (!p || !a || !b) ABORT;

-	if (!BN_hex2bn(&p, "13")) ABORT;

-	if (!BN_hex2bn(&a, "3")) ABORT;

-	if (!BN_hex2bn(&b, "1")) ABORT;

-	group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m

-	                                                * so that the library gets to choose the EC_METHOD */

-	if (!group) ABORT;

-	if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;

-	{

-		EC_GROUP *tmp;

-		tmp = EC_GROUP_new(EC_GROUP_method_of(group));

-		if (!tmp) ABORT;

-		if (!EC_GROUP_copy(tmp, group)) ABORT;

-		EC_GROUP_free(group);

-		group = tmp;

-	}

-	if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;

-	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");

-	BN_print_fp(stdout, p);

-	fprintf(stdout, ")\n     a = 0x");

-	BN_print_fp(stdout, a);

-	fprintf(stdout, "\n     b = 0x");

-	BN_print_fp(stdout, b);

-	fprintf(stdout, "\n(0x... means binary polynomial)\n");

-	P = EC_POINT_new(group);

-	Q = EC_POINT_new(group);

-	R = EC_POINT_new(group);

-	if (!P || !Q || !R) ABORT;

-	if (!EC_POINT_set_to_infinity(group, P)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-	buf[0] = 0;

-	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;

-	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-	x = BN_new();

-	y = BN_new();

-	z = BN_new();

-	cof = BN_new();

-	if (!x || !y || !z || !cof) ABORT;

-	if (!BN_hex2bn(&x, "6")) ABORT;

-/* Change test based on whether binary point compression is enabled or not. */

-#ifdef OPENSSL_EC_BIN_PT_COMP

-	if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;

-#else

-	if (!BN_hex2bn(&y, "8")) ABORT;

-	if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;

-#endif

-	if (!EC_POINT_is_on_curve(group, Q, ctx))

-		{

-/* Change test based on whether binary point compression is enabled or not. */

-#ifdef OPENSSL_EC_BIN_PT_COMP

-		if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;

-#endif

-		fprintf(stderr, "Point is not on curve: x = 0x");

-		BN_print_fp(stderr, x);

-		fprintf(stderr, ", y = 0x");

-		BN_print_fp(stderr, y);

-		fprintf(stderr, "\n");

-		ABORT;

-		}

-	fprintf(stdout, "A cyclic subgroup:\n");

-	k = 100;

-	do

-		{

-		if (k-- == 0) ABORT;

-		if (EC_POINT_is_at_infinity(group, P))

-			fprintf(stdout, "     point at infinity\n");

-		else

-			{

-			if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;

-			fprintf(stdout, "     x = 0x");

-			BN_print_fp(stdout, x);

-			fprintf(stdout, ", y = 0x");

-			BN_print_fp(stdout, y);

-			fprintf(stdout, "\n");

-			}

-		if (!EC_POINT_copy(R, P)) ABORT;

-		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;

-		}

-	while (!EC_POINT_is_at_infinity(group, P));

-	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-/* Change test based on whether binary point compression is enabled or not. */

-#ifdef OPENSSL_EC_BIN_PT_COMP

-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);

-	if (len == 0) ABORT;

-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;

-	fprintf(stdout, "Generator as octet string, compressed form:\n     ");

-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

-#endif

-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);

-	if (len == 0) ABORT;

-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;

-	fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");

-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

-/* Change test based on whether binary point compression is enabled or not. */

-#ifdef OPENSSL_EC_BIN_PT_COMP

-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);

-	if (len == 0) ABORT;

-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;

-	fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");

-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

-#endif

-	fprintf(stdout, "\n");

-	if (!EC_POINT_invert(group, P, ctx)) ABORT;

-	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;

-	/* Curve K-163 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve K-163",

-		"0800000000000000000000000000000000000000C9",

-		"1",

-		"1",

-		"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",

-		"0289070FB05D38FF58321F2E800536D538CCDAA3D9",

-		1,

-		"04000000000000000000020108A2E0CC0D99F8A5EF",

-		"2",

-		163,

-		C2_K163

-		);

-	/* Curve B-163 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve B-163",

-		"0800000000000000000000000000000000000000C9",

-		"1",

-		"020A601907B8C953CA1481EB10512F78744A3205FD",

-		"03F0EBA16286A2D57EA0991168D4994637E8343E36",

-		"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",

-		1,

-		"040000000000000000000292FE77E70C12A4234C33",

-		"2",

-		163,

-		C2_B163

-		);

-	/* Curve K-233 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve K-233",

-		"020000000000000000000000000000000000000004000000000000000001",

-		"0",

-		"1",

-		"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",

-		"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",

-		0,

-		"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",

-		"4",

-		233,

-		C2_K233

-		);

-	/* Curve B-233 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve B-233",

-		"020000000000000000000000000000000000000004000000000000000001",

-		"000000000000000000000000000000000000000000000000000000000001",

-		"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",

-		"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",

-		"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",

-		1,

-		"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",

-		"2",

-		233,

-		C2_B233

-		);

-	/* Curve K-283 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve K-283",

-		"0800000000000000000000000000000000000000000000000000000000000000000010A1",

-		"0",

-		"1",

-		"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",

-		"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",

-		0,

-		"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",

-		"4",

-		283,

-		C2_K283

-		);

-	/* Curve B-283 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve B-283",

-		"0800000000000000000000000000000000000000000000000000000000000000000010A1",

-		"000000000000000000000000000000000000000000000000000000000000000000000001",

-		"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",

-		"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",

-		"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",

-		1,

-		"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",

-		"2",

-		283,

-		C2_B283

-		);

-	/* Curve K-409 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve K-409",

-		"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",

-		"0",

-		"1",

-		"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",

-		"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",

-		1,

-		"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",

-		"4",

-		409,

-		C2_K409

-		);

-	/* Curve B-409 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve B-409",

-		"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",

-		"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",

-		"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",

-		"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",

-		"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",

-		1,

-		"010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",

-		"2",

-		409,

-		C2_B409

-		);

-	/* Curve K-571 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve K-571",

-		"80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",

-		"0",

-		"1",

-		"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",

-		"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",

-		0,

-		"020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",

-		"4",

-		571,

-		C2_K571

-		);

-	/* Curve B-571 (FIPS PUB 186-2, App. 6) */

-	CHAR2_CURVE_TEST

-		(

-		"NIST curve B-571",

-		"80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",

-		"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",

-		"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",

-		"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",

-		"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",

-		1,

-		"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",

-		"2",

-		571,

-		C2_B571

-		);

-	/* more tests using the last curve */

-	if (!EC_POINT_copy(Q, P)) ABORT;

-	if (EC_POINT_is_at_infinity(group, Q)) ABORT;

-	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;

-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;

-	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */

-	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;

-	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;

-	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */

-	{

-		const EC_POINT *points[3];

-		const BIGNUM *scalars[3];

-		if (EC_POINT_is_at_infinity(group, Q)) ABORT;

-		points[0] = Q;

-		points[1] = Q;

-		points[2] = Q;

-		if (!BN_add(y, z, BN_value_one())) ABORT;

-		if (BN_is_odd(y)) ABORT;

-		if (!BN_rshift1(y, y)) ABORT;

-		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */

-		scalars[1] = y;

-		fprintf(stdout, "combined multiplication ...");

-		fflush(stdout);

-		/* z is still the group order */

-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;

-		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;

-		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;

-		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;

-		fprintf(stdout, ".");

-		fflush(stdout);

-		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;

-		if (!BN_add(z, z, y)) ABORT;

-		BN_set_negative(z, 1);

-		scalars[0] = y;

-		scalars[1] = z; /* z = -(order + y) */

-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;

-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-		fprintf(stdout, ".");

-		fflush(stdout);

-		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;

-		if (!BN_add(z, x, y)) ABORT;

-		BN_set_negative(z, 1);

-		scalars[0] = x;

-		scalars[1] = y;

-		scalars[2] = z; /* z = -(x+y) */

-		if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;

-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;

-		fprintf(stdout, " ok\n\n");

-	}

-#if 0

-	timings(C2_K163, TIMING_BASE_PT, ctx);

-	timings(C2_K163, TIMING_RAND_PT, ctx);

-	timings(C2_K163, TIMING_SIMUL, ctx);

-	timings(C2_B163, TIMING_BASE_PT, ctx);

-	timings(C2_B163, TIMING_RAND_PT, ctx);

-	timings(C2_B163, TIMING_SIMUL, ctx);

-	timings(C2_K233, TIMING_BASE_PT, ctx);

-	timings(C2_K233, TIMING_RAND_PT, ctx);

-	timings(C2_K233, TIMING_SIMUL, ctx);

-	timings(C2_B233, TIMING_BASE_PT, ctx);

-	timings(C2_B233, TIMING_RAND_PT, ctx);

-	timings(C2_B233, TIMING_SIMUL, ctx);

-	timings(C2_K283, TIMING_BASE_PT, ctx);

-	timings(C2_K283, TIMING_RAND_PT, ctx);

-	timings(C2_K283, TIMING_SIMUL, ctx);

-	timings(C2_B283, TIMING_BASE_PT, ctx);

-	timings(C2_B283, TIMING_RAND_PT, ctx);

-	timings(C2_B283, TIMING_SIMUL, ctx);

-	timings(C2_K409, TIMING_BASE_PT, ctx);

-	timings(C2_K409, TIMING_RAND_PT, ctx);

-	timings(C2_K409, TIMING_SIMUL, ctx);

-	timings(C2_B409, TIMING_BASE_PT, ctx);

-	timings(C2_B409, TIMING_RAND_PT, ctx);

-	timings(C2_B409, TIMING_SIMUL, ctx);

-	timings(C2_K571, TIMING_BASE_PT, ctx);

-	timings(C2_K571, TIMING_RAND_PT, ctx);

-	timings(C2_K571, TIMING_SIMUL, ctx);

-	timings(C2_B571, TIMING_BASE_PT, ctx);

-	timings(C2_B571, TIMING_RAND_PT, ctx);

-	timings(C2_B571, TIMING_SIMUL, ctx);

-#endif

-	if (ctx)

-		BN_CTX_free(ctx);

-	BN_free(p); BN_free(a);	BN_free(b);

-	EC_GROUP_free(group);

-	EC_POINT_free(P);

-	EC_POINT_free(Q);

-	EC_POINT_free(R);

-	BN_free(x); BN_free(y); BN_free(z); BN_free(cof);

-	if (C2_K163) EC_GROUP_free(C2_K163);

-	if (C2_B163) EC_GROUP_free(C2_B163);

-	if (C2_K233) EC_GROUP_free(C2_K233);

-	if (C2_B233) EC_GROUP_free(C2_B233);

-	if (C2_K283) EC_GROUP_free(C2_K283);

-	if (C2_B283) EC_GROUP_free(C2_B283);

-	if (C2_K409) EC_GROUP_free(C2_K409);

-	if (C2_B409) EC_GROUP_free(C2_B409);

-	if (C2_K571) EC_GROUP_free(C2_K571);

-	if (C2_B571) EC_GROUP_free(C2_B571);

-	}

-void internal_curve_test(void)

-	{

-	EC_builtin_curve *curves = NULL;

-	size_t crv_len = 0, n = 0;

-	int    ok = 1;

-	crv_len = EC_get_builtin_curves(NULL, 0);

-	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);

-	if (curves == NULL)

-		return;

-	if (!EC_get_builtin_curves(curves, crv_len))

-		{

-		OPENSSL_free(curves);

-		return;

-		}

-	fprintf(stdout, "testing internal curves: ");

-	for (n = 0; n < crv_len; n++)

-		{

-		EC_GROUP *group = NULL;

-		int nid = curves[n].nid;

-		if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)

-			{

-			ok = 0;

-			fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"

-				" curve %s\n", OBJ_nid2sn(nid));

-			/* try next curve */

-			continue;

-			}

-		if (!EC_GROUP_check(group, NULL))

-			{

-			ok = 0;

-			fprintf(stdout, "\nEC_GROUP_check() failed with"

-				" curve %s\n", OBJ_nid2sn(nid));

-			EC_GROUP_free(group);

-			/* try the next curve */

-			continue;

-			}

-		fprintf(stdout, ".");

-		fflush(stdout);

-		EC_GROUP_free(group);

-		}

-	if (ok)

-		fprintf(stdout, " ok\n");

-	else

-		fprintf(stdout, " failed\n");

-	OPENSSL_free(curves);

-	return;

-	}

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-int main(int argc, char *argv[])

-	{

-	/* enable memory leak checking unless explicitly disabled */

-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))

-		{

-		CRYPTO_malloc_debug_init();

-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);

-		}

-	else

-		{

-		/* OPENSSL_DEBUG_MEMORY=off */

-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);

-		}

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	ERR_load_crypto_strings();

-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */

-	prime_field_tests();

-	puts("");

-	char2_field_tests();

-	/* test the internal curves */

-	internal_curve_test();

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE_cleanup();

-#endif

-	CRYPTO_cleanup_all_ex_data();

-	ERR_free_strings();

-	ERR_remove_state(0);

-	CRYPTO_mem_leaks_fp(stderr);

-	return 0;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ecdh/Makefile

+++ /dev/null

@@ -1,111 +1,0 @@

-#

-# crypto/ecdh/Makefile

-#

-DIR=	ecdh

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g -Wall

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=ecdhtest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c

-LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o

-SRC= $(LIBSRC)

-EXHEADER= ecdh.h

-HEADER=	ech_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ech_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ech_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ech_err.o: ech_err.c

-ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h

-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h

-ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h

-ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h

-ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h

-ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ech_ossl.o: ../../include/openssl/opensslconf.h

-ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ecdh.h

+++ /dev/null

@@ -1,123 +1,0 @@

-/* crypto/ecdh/ecdh.h */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH software is originally written by Douglas Stebila of

- * Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ECDH_H

-#define HEADER_ECDH_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_ECDH

-#error ECDH is disabled.

-#endif

-#include <openssl/ec.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef __cplusplus

-extern "C" {

-#endif

-const ECDH_METHOD *ECDH_OpenSSL(void);

-void	  ECDH_set_default_method(const ECDH_METHOD *);

-const ECDH_METHOD *ECDH_get_default_method(void);

-int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);

-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,

-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));

-int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new

-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);

-void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ECDH_strings(void);

-/* Error codes for the ECDH functions. */

-/* Function codes. */

-#define ECDH_F_ECDH_COMPUTE_KEY				 100

-#define ECDH_F_ECDH_DATA_NEW_METHOD			 101

-/* Reason codes. */

-#define ECDH_R_KDF_FAILED				 102

-#define ECDH_R_NO_PRIVATE_VALUE				 100

-#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ecdhtest.c

+++ /dev/null

@@ -1,368 +1,0 @@

-/* crypto/ecdh/ecdhtest.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH software is originally written by Douglas Stebila of

- * Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../e_os.h"

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_ECDH */

-#include <openssl/crypto.h>

-#include <openssl/bio.h>

-#include <openssl/bn.h>

-#include <openssl/objects.h>

-#include <openssl/rand.h>

-#include <openssl/sha.h>

-#include <openssl/err.h>

-#ifdef OPENSSL_NO_ECDH

-int main(int argc, char *argv[])

-{

-    printf("No ECDH support\n");

-    return(0);

-}

-#else

-#include <openssl/ec.h>

-#include <openssl/ecdh.h>

-#ifdef OPENSSL_SYS_WIN16

-#define MS_CALLBACK	_far _loadds

-#else

-#define MS_CALLBACK

-#endif

-#if 0

-static void MS_CALLBACK cb(int p, int n, void *arg);

-#endif

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-static const int KDF1_SHA1_len = 20;

-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)

-	{

-#ifndef OPENSSL_NO_SHA

-	if (*outlen < SHA_DIGEST_LENGTH)

-		return NULL;

-	else

-		*outlen = SHA_DIGEST_LENGTH;

-	return SHA1(in, inlen, out);

-#else

-	return NULL;

-#endif

-	}

-static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)

-	{

-	EC_KEY *a=NULL;

-	EC_KEY *b=NULL;

-	BIGNUM *x_a=NULL, *y_a=NULL,

-	       *x_b=NULL, *y_b=NULL;

-	char buf[12];

-	unsigned char *abuf=NULL,*bbuf=NULL;

-	int i,alen,blen,aout,bout,ret=0;

-	const EC_GROUP *group;

-	a = EC_KEY_new_by_curve_name(nid);

-	b = EC_KEY_new_by_curve_name(nid);

-	if (a == NULL || b == NULL)

-		goto err;

-	group = EC_KEY_get0_group(a);

-	if ((x_a=BN_new()) == NULL) goto err;

-	if ((y_a=BN_new()) == NULL) goto err;

-	if ((x_b=BN_new()) == NULL) goto err;

-	if ((y_b=BN_new()) == NULL) goto err;

-	BIO_puts(out,"Testing key generation with ");

-	BIO_puts(out,text);

-#ifdef NOISY

-	BIO_puts(out,"\n");

-#else

-	(void)BIO_flush(out);

-#endif

-	if (!EC_KEY_generate_key(a)) goto err;

-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)

-		{

-		if (!EC_POINT_get_affine_coordinates_GFp(group,

-			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;

-		}

-	else

-		{

-		if (!EC_POINT_get_affine_coordinates_GF2m(group,

-			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;

-		}

-#ifdef NOISY

-	BIO_puts(out,"  pri 1=");

-	BN_print(out,a->priv_key);

-	BIO_puts(out,"\n  pub 1=");

-	BN_print(out,x_a);

-	BIO_puts(out,",");

-	BN_print(out,y_a);

-	BIO_puts(out,"\n");

-#else

-	BIO_printf(out," .");

-	(void)BIO_flush(out);

-#endif

-	if (!EC_KEY_generate_key(b)) goto err;

-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)

-		{

-		if (!EC_POINT_get_affine_coordinates_GFp(group,

-			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;

-		}

-	else

-		{

-		if (!EC_POINT_get_affine_coordinates_GF2m(group,

-			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;

-		}

-#ifdef NOISY

-	BIO_puts(out,"  pri 2=");

-	BN_print(out,b->priv_key);

-	BIO_puts(out,"\n  pub 2=");

-	BN_print(out,x_b);

-	BIO_puts(out,",");

-	BN_print(out,y_b);

-	BIO_puts(out,"\n");

-#else

-	BIO_printf(out,".");

-	(void)BIO_flush(out);

-#endif

-	alen=KDF1_SHA1_len;

-	abuf=(unsigned char *)OPENSSL_malloc(alen);

-	aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);

-#ifdef NOISY

-	BIO_puts(out,"  key1 =");

-	for (i=0; i<aout; i++)

-		{

-		sprintf(buf,"%02X",abuf[i]);

-		BIO_puts(out,buf);

-		}

-	BIO_puts(out,"\n");

-#else

-	BIO_printf(out,".");

-	(void)BIO_flush(out);

-#endif

-	blen=KDF1_SHA1_len;

-	bbuf=(unsigned char *)OPENSSL_malloc(blen);

-	bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);

-#ifdef NOISY

-	BIO_puts(out,"  key2 =");

-	for (i=0; i<bout; i++)

-		{

-		sprintf(buf,"%02X",bbuf[i]);

-		BIO_puts(out,buf);

-		}

-	BIO_puts(out,"\n");

-#else

-	BIO_printf(out,".");

-	(void)BIO_flush(out);

-#endif

-	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))

-		{

-#ifndef NOISY

-		BIO_printf(out, " failed\n\n");

-		BIO_printf(out, "key a:\n");

-		BIO_printf(out, "private key: ");

-		BN_print(out, EC_KEY_get0_private_key(a));

-		BIO_printf(out, "\n");

-		BIO_printf(out, "public key (x,y): ");

-		BN_print(out, x_a);

-		BIO_printf(out, ",");

-		BN_print(out, y_a);

-		BIO_printf(out, "\nkey b:\n");

-		BIO_printf(out, "private key: ");

-		BN_print(out, EC_KEY_get0_private_key(b));

-		BIO_printf(out, "\n");

-		BIO_printf(out, "public key (x,y): ");

-		BN_print(out, x_b);

-		BIO_printf(out, ",");

-		BN_print(out, y_b);

-		BIO_printf(out, "\n");

-		BIO_printf(out, "generated key a: ");

-		for (i=0; i<bout; i++)

-			{

-			sprintf(buf, "%02X", bbuf[i]);

-			BIO_puts(out, buf);

-			}

-		BIO_printf(out, "\n");

-		BIO_printf(out, "generated key b: ");

-		for (i=0; i<aout; i++)

-			{

-			sprintf(buf, "%02X", abuf[i]);

-			BIO_puts(out,buf);

-			}

-		BIO_printf(out, "\n");

-#endif

-		fprintf(stderr,"Error in ECDH routines\n");

-		ret=0;

-		}

-	else

-		{

-#ifndef NOISY

-		BIO_printf(out, " ok\n");

-#endif

-		ret=1;

-		}

-err:

-	ERR_print_errors_fp(stderr);

-	if (abuf != NULL) OPENSSL_free(abuf);

-	if (bbuf != NULL) OPENSSL_free(bbuf);

-	if (x_a) BN_free(x_a);

-	if (y_a) BN_free(y_a);

-	if (x_b) BN_free(x_b);

-	if (y_b) BN_free(y_b);

-	if (b) EC_KEY_free(b);

-	if (a) EC_KEY_free(a);

-	return(ret);

-	}

-int main(int argc, char *argv[])

-	{

-	BN_CTX *ctx=NULL;

-	int ret=1;

-	BIO *out;

-	CRYPTO_malloc_debug_init();

-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-#ifdef OPENSSL_SYS_WIN32

-	CRYPTO_malloc_init();

-#endif

-	RAND_seed(rnd_seed, sizeof rnd_seed);

-	out=BIO_new(BIO_s_file());

-	if (out == NULL) EXIT(1);

-	BIO_set_fp(out,stdout,BIO_NOCLOSE);

-	if ((ctx=BN_CTX_new()) == NULL) goto err;

-	/* NIST PRIME CURVES TESTS */

-	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;

-	/* NIST BINARY CURVES TESTS */

-	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;

-	if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;

-	ret = 0;

-err:

-	ERR_print_errors_fp(stderr);

-	if (ctx) BN_CTX_free(ctx);

-	BIO_free(out);

-	CRYPTO_cleanup_all_ex_data();

-	ERR_remove_state(0);

-	CRYPTO_mem_leaks_fp(stderr);

-	EXIT(ret);

-	return(ret);

-	}

-#if 0

-static void MS_CALLBACK cb(int p, int n, void *arg)

-	{

-	char c='*';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	BIO_write((BIO *)arg,&c,1);

-	(void)BIO_flush((BIO *)arg);

-#ifdef LINT

-	p=n;

-#endif

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ech_err.c

+++ /dev/null

@@ -1,98 +1,0 @@

-/* crypto/ecdh/ech_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ecdh.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)

-static ERR_STRING_DATA ECDH_str_functs[]=

-	{

-{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},

-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_NEW_METHOD"},

-{0,NULL}

-	};

-static ERR_STRING_DATA ECDH_str_reasons[]=

-	{

-{ERR_REASON(ECDH_R_KDF_FAILED)           ,"KDF failed"},

-{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     ,"no private value"},

-{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},

-{0,NULL}

-	};

-#endif

-void ERR_load_ECDH_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,ECDH_str_functs);

-		ERR_load_strings(0,ECDH_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ech_key.c

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/ecdh/ecdh_key.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH software is originally written by Douglas Stebila of

- * Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ech_locl.h"

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,

-	EC_KEY *eckey,

-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))

-{

-	ECDH_DATA *ecdh = ecdh_check(eckey);

-	if (ecdh == NULL)

-		return 0;

-	return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);

-}

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ech_lib.c

+++ /dev/null

@@ -1,247 +1,0 @@

-/* crypto/ecdh/ech_lib.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH software is originally written by Douglas Stebila of

- * Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ech_locl.h"

-#include <string.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/err.h>

-const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;

-static const ECDH_METHOD *default_ECDH_method = NULL;

-static void *ecdh_data_new(void);

-static void *ecdh_data_dup(void *);

-static void  ecdh_data_free(void *);

-void ECDH_set_default_method(const ECDH_METHOD *meth)

-	{

-	default_ECDH_method = meth;

-	}

-const ECDH_METHOD *ECDH_get_default_method(void)

-	{

-	if(!default_ECDH_method)

-		default_ECDH_method = ECDH_OpenSSL();

-	return default_ECDH_method;

-	}

-int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)

-	{

-	const ECDH_METHOD *mtmp;

-	ECDH_DATA *ecdh;

-	ecdh = ecdh_check(eckey);

-	if (ecdh == NULL)

-		return 0;

-        mtmp = ecdh->meth;

-#if 0

-        if (mtmp->finish)

-		mtmp->finish(eckey);

-#endif

-#ifndef OPENSSL_NO_ENGINE

-	if (ecdh->engine)

-		{

-		ENGINE_finish(ecdh->engine);

-		ecdh->engine = NULL;

-		}

-#endif

-        ecdh->meth = meth;

-#if 0

-        if (meth->init)

-		meth->init(eckey);

-#endif

-        return 1;

-	}

-static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)

-	{

-	ECDH_DATA *ret;

-	ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));

-	if (ret == NULL)

-		{

-		ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->init = NULL;

-	ret->meth = ECDH_get_default_method();

-	ret->engine = engine;

-#ifndef OPENSSL_NO_ENGINE

-	if (!ret->engine)

-		ret->engine = ENGINE_get_default_ECDH();

-	if (ret->engine)

-		{

-		ret->meth = ENGINE_get_ECDH(ret->engine);

-		if (!ret->meth)

-			{

-			ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);

-			ENGINE_finish(ret->engine);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		}

-#endif

-	ret->flags = ret->meth->flags;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);

-#if 0

-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))

-		{

-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-#endif

-	return(ret);

-	}

-static void *ecdh_data_new(void)

-	{

-	return (void *)ECDH_DATA_new_method(NULL);

-	}

-static void *ecdh_data_dup(void *data)

-{

-	ECDH_DATA *r = (ECDH_DATA *)data;

-	/* XXX: dummy operation */

-	if (r == NULL)

-		return NULL;

-	return (void *)ecdh_data_new();

-}

-void ecdh_data_free(void *data)

-	{

-	ECDH_DATA *r = (ECDH_DATA *)data;

-#ifndef OPENSSL_NO_ENGINE

-	if (r->engine)

-		ENGINE_finish(r->engine);

-#endif

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);

-	OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));

-	OPENSSL_free(r);

-	}

-ECDH_DATA *ecdh_check(EC_KEY *key)

-	{

-	ECDH_DATA *ecdh_data;

-	void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,

-					ecdh_data_free, ecdh_data_free);

-	if (data == NULL)

-	{

-		ecdh_data = (ECDH_DATA *)ecdh_data_new();

-		if (ecdh_data == NULL)

-			return NULL;

-		EC_KEY_insert_key_method_data(key, (void *)ecdh_data,

-			ecdh_data_dup, ecdh_data_free, ecdh_data_free);

-	}

-	else

-		ecdh_data = (ECDH_DATA *)data;

-	return ecdh_data;

-	}

-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-	{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,

-				new_func, dup_func, free_func);

-	}

-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)

-	{

-	ECDH_DATA *ecdh;

-	ecdh = ecdh_check(d);

-	if (ecdh == NULL)

-		return 0;

-	return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));

-	}

-void *ECDH_get_ex_data(EC_KEY *d, int idx)

-	{

-	ECDH_DATA *ecdh;

-	ecdh = ecdh_check(d);

-	if (ecdh == NULL)

-		return NULL;

-	return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));

-	}

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ech_locl.h

+++ /dev/null

@@ -1,94 +1,0 @@

-/* crypto/ecdh/ech_locl.h */

-/* ====================================================================

- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ECH_LOCL_H

-#define HEADER_ECH_LOCL_H

-#include <openssl/ecdh.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-struct ecdh_method

-	{

-	const char *name;

-	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,

-	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));

-#if 0

-	int (*init)(EC_KEY *eckey);

-	int (*finish)(EC_KEY *eckey);

-#endif

-	int flags;

-	char *app_data;

-	};

-typedef struct ecdh_data_st {

-	/* EC_KEY_METH_DATA part */

-	int (*init)(EC_KEY *);

-	/* method specific part */

-	ENGINE	*engine;

-	int	flags;

-	const ECDH_METHOD *meth;

-	CRYPTO_EX_DATA ex_data;

-} ECDH_DATA;

-ECDH_DATA *ecdh_check(EC_KEY *);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* HEADER_ECH_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/ecdh/ech_ossl.c

+++ /dev/null

@@ -1,213 +1,0 @@

-/* crypto/ecdh/ech_ossl.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH software is originally written by Douglas Stebila of

- * Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include <limits.h>

-#include "cryptlib.h"

-#include "ech_locl.h"

-#include <openssl/err.h>

-#include <openssl/sha.h>

-#include <openssl/obj_mac.h>

-#include <openssl/bn.h>

-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,

-	EC_KEY *ecdh,

-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));

-static ECDH_METHOD openssl_ecdh_meth = {

-	"OpenSSL ECDH method",

-	ecdh_compute_key,

-#if 0

-	NULL, /* init     */

-	NULL, /* finish   */

-#endif

-	0,    /* flags    */

-	NULL  /* app_data */

-};

-const ECDH_METHOD *ECDH_OpenSSL(void)

-	{

-	return &openssl_ecdh_meth;

-	}

-/* This implementation is based on the following primitives in the IEEE 1363 standard:

- *  - ECKAS-DH1

- *  - ECSVDP-DH

- * Finally an optional KDF is applied.

- */

-static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,

-	EC_KEY *ecdh,

-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))

-	{

-	BN_CTX *ctx;

-	EC_POINT *tmp=NULL;

-	BIGNUM *x=NULL, *y=NULL;

-	const BIGNUM *priv_key;

-	const EC_GROUP* group;

-	int ret= -1;

-	size_t buflen, len;

-	unsigned char *buf=NULL;

-	if (outlen > INT_MAX)

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */

-		return -1;

-		}

-	if ((ctx = BN_CTX_new()) == NULL) goto err;

-	BN_CTX_start(ctx);

-	x = BN_CTX_get(ctx);

-	y = BN_CTX_get(ctx);

-	priv_key = EC_KEY_get0_private_key(ecdh);

-	if (priv_key == NULL)

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);

-		goto err;

-		}

-	group = EC_KEY_get0_group(ecdh);

-	if ((tmp=EC_POINT_new(group)) == NULL)

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx))

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);

-		goto err;

-		}

-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)

-		{

-		if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx))

-			{

-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);

-			goto err;

-			}

-		}

-	else

-		{

-		if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx))

-			{

-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);

-			goto err;

-			}

-		}

-	buflen = (EC_GROUP_get_degree(group) + 7)/8;

-	len = BN_num_bytes(x);

-	if (len > buflen)

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-	if ((buf = OPENSSL_malloc(buflen)) == NULL)

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	memset(buf, 0, buflen - len);

-	if (len != (size_t)BN_bn2bin(x, buf + buflen - len))

-		{

-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);

-		goto err;

-		}

-	if (KDF != 0)

-		{

-		if (KDF(buf, buflen, out, &outlen) == NULL)

-			{

-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);

-			goto err;

-			}

-		ret = outlen;

-		}

-	else

-		{

-		/* no KDF, just copy as much as we can */

-		if (outlen > buflen)

-			outlen = buflen;

-		memcpy(out, buf, outlen);

-		ret = outlen;

-		}

-err:

-	if (tmp) EC_POINT_free(tmp);

-	if (ctx) BN_CTX_end(ctx);

-	if (ctx) BN_CTX_free(ctx);

-	if (buf) OPENSSL_free(buf);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/Makefile

+++ /dev/null

@@ -1,125 +1,0 @@

-#

-# crypto/ecdsa/Makefile

-#

-DIR=	ecdsa

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g -Wall

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=ecdsatest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c

-LIBOBJ=	ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o

-SRC= $(LIBSRC)

-EXHEADER= ecdsa.h

-HEADER=	ecs_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-ecs_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ecs_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecs_asn1.o: ../../include/openssl/symhacks.h ecs_asn1.c ecs_locl.h

-ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h

-ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ecs_err.o: ecs_err.c

-ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h

-ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ecs_lib.o: ecs_lib.c ecs_locl.h

-ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ecs_ossl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ecs_ossl.o: ../../include/openssl/opensslconf.h

-ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c

-ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h

-ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h

-ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c

-ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h

-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h

-ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecdsa.h

+++ /dev/null

@@ -1,271 +1,0 @@

-/* crypto/ecdsa/ecdsa.h */

-/**

- * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions

- * \author Written by Nils Larsch for the OpenSSL project

- */

-/* ====================================================================

- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ECDSA_H

-#define HEADER_ECDSA_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_ECDSA

-#error ECDSA is disabled.

-#endif

-#include <openssl/ec.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef __cplusplus

-extern "C" {

-#endif

-typedef struct ECDSA_SIG_st

-	{

-	BIGNUM *r;

-	BIGNUM *s;

-	} ECDSA_SIG;

-/** ECDSA_SIG *ECDSA_SIG_new(void)

- * allocates and initialize a ECDSA_SIG structure

- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred

- */

-ECDSA_SIG *ECDSA_SIG_new(void);

-/** ECDSA_SIG_free

- * frees a ECDSA_SIG structure

- * \param a pointer to the ECDSA_SIG structure

- */

-void	  ECDSA_SIG_free(ECDSA_SIG *a);

-/** i2d_ECDSA_SIG

- * DER encode content of ECDSA_SIG object (note: this function modifies *pp

- * (*pp += length of the DER encoded signature)).

- * \param a  pointer to the ECDSA_SIG object

- * \param pp pointer to a unsigned char pointer for the output or NULL

- * \return the length of the DER encoded ECDSA_SIG object or 0

- */

-int	  i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);

-/** d2i_ECDSA_SIG

- * decodes a DER encoded ECDSA signature (note: this function changes *pp

- * (*pp += len)).

- * \param v pointer to ECDSA_SIG pointer (may be NULL)

- * \param pp buffer with the DER encoded signature

- * \param len bufferlength

- * \return pointer to the decoded ECDSA_SIG structure (or NULL)

- */

-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);

-/** ECDSA_do_sign

- * computes the ECDSA signature of the given hash value using

- * the supplied private key and returns the created signature.

- * \param dgst pointer to the hash value

- * \param dgst_len length of the hash value

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return pointer to a ECDSA_SIG structure or NULL

- */

-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);

-/** ECDSA_do_sign_ex

- * computes ECDSA signature of a given hash value using the supplied

- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).

- * \param dgst pointer to the hash value to sign

- * \param dgstlen length of the hash value

- * \param kinv optional pointer to a pre-computed inverse k

- * \param rp optional pointer to the pre-computed rp value (see

- *        ECDSA_sign_setup

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return pointer to a ECDSA_SIG structure or NULL

- */

-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,

-		const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);

-/** ECDSA_do_verify

- * verifies that the supplied signature is a valid ECDSA

- * signature of the supplied hash value using the supplied public key.

- * \param dgst pointer to the hash value

- * \param dgst_len length of the hash value

- * \param sig  pointer to the ECDSA_SIG structure

- * \param eckey pointer to the EC_KEY object containing a public EC key

- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error

- */

-int	  ECDSA_do_verify(const unsigned char *dgst, int dgst_len,

-		const ECDSA_SIG *sig, EC_KEY* eckey);

-const ECDSA_METHOD *ECDSA_OpenSSL(void);

-/** ECDSA_set_default_method

- * sets the default ECDSA method

- * \param meth the new default ECDSA_METHOD

- */

-void	  ECDSA_set_default_method(const ECDSA_METHOD *meth);

-/** ECDSA_get_default_method

- * returns the default ECDSA method

- * \return pointer to ECDSA_METHOD structure containing the default method

- */

-const ECDSA_METHOD *ECDSA_get_default_method(void);

-/** ECDSA_set_method

- * sets method to be used for the ECDSA operations

- * \param eckey pointer to the EC_KEY object

- * \param meth  pointer to the new method

- * \return 1 on success and 0 otherwise

- */

-int 	  ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);

-/** ECDSA_size

- * returns the maximum length of the DER encoded signature

- * \param  eckey pointer to a EC_KEY object

- * \return numbers of bytes required for the DER encoded signature

- */

-int	  ECDSA_size(const EC_KEY *eckey);

-/** ECDSA_sign_setup

- * precompute parts of the signing operation.

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \param ctx  pointer to a BN_CTX object (may be NULL)

- * \param kinv pointer to a BIGNUM pointer for the inverse of k

- * \param rp   pointer to a BIGNUM pointer for x coordinate of k * generator

- * \return 1 on success and 0 otherwise

- */

-int 	  ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,

-		BIGNUM **rp);

-/** ECDSA_sign

- * computes ECDSA signature of a given hash value using the supplied

- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).

- * \param type this parameter is ignored

- * \param dgst pointer to the hash value to sign

- * \param dgstlen length of the hash value

- * \param sig buffer to hold the DER encoded signature

- * \param siglen pointer to the length of the returned signature

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return 1 on success and 0 otherwise

- */

-int	  ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,

-		unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);

-/** ECDSA_sign_ex

- * computes ECDSA signature of a given hash value using the supplied

- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).

- * \param type this parameter is ignored

- * \param dgst pointer to the hash value to sign

- * \param dgstlen length of the hash value

- * \param sig buffer to hold the DER encoded signature

- * \param siglen pointer to the length of the returned signature

- * \param kinv optional pointer to a pre-computed inverse k

- * \param rp optional pointer to the pre-computed rp value (see

- *        ECDSA_sign_setup

- * \param eckey pointer to the EC_KEY object containing a private EC key

- * \return 1 on success and 0 otherwise

- */

-int	  ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,

-		unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,

-		const BIGNUM *rp, EC_KEY *eckey);

-/** ECDSA_verify

- * verifies that the given signature is valid ECDSA signature

- * of the supplied hash value using the specified public key.

- * \param type this parameter is ignored

- * \param dgst pointer to the hash value

- * \param dgstlen length of the hash value

- * \param sig  pointer to the DER encoded signature

- * \param siglen length of the DER encoded signature

- * \param eckey pointer to the EC_KEY object containing a public EC key

- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error

- */

-int 	  ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,

-		const unsigned char *sig, int siglen, EC_KEY *eckey);

-/* the standard ex_data functions */

-int 	  ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new

-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int 	  ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);

-void 	  *ECDSA_get_ex_data(EC_KEY *d, int idx);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ECDSA_strings(void);

-/* Error codes for the ECDSA functions. */

-/* Function codes. */

-#define ECDSA_F_ECDSA_DATA_NEW_METHOD			 100

-#define ECDSA_F_ECDSA_DO_SIGN				 101

-#define ECDSA_F_ECDSA_DO_VERIFY				 102

-#define ECDSA_F_ECDSA_SIGN_SETUP			 103

-/* Reason codes. */

-#define ECDSA_R_BAD_SIGNATURE				 100

-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 101

-#define ECDSA_R_ERR_EC_LIB				 102

-#define ECDSA_R_MISSING_PARAMETERS			 103

-#define ECDSA_R_NEED_NEW_SETUP_VALUES			 106

-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104

-#define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecdsatest.c

+++ /dev/null

@@ -1,500 +1,0 @@

-/* crypto/ecdsa/ecdsatest.c */

-/*

- * Written by Nils Larsch for the OpenSSL project.

- */

-/* ====================================================================

- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * The elliptic curve binary polynomial software is originally written by

- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */

-#ifdef OPENSSL_NO_ECDSA

-int main(int argc, char * argv[])

-	{

-	puts("Elliptic curves are disabled.");

-	return 0;

-	}

-#else

-#include <openssl/crypto.h>

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#include <openssl/ecdsa.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/rand.h>

-static const char rnd_seed[] = "string to make the random number generator "

-	"think it has entropy";

-/* declaration of the test functions */

-int x9_62_tests(BIO *);

-int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);

-int test_builtin(BIO *);

-/* functions to change the RAND_METHOD */

-int change_rand(void);

-int restore_rand(void);

-int fbytes(unsigned char *buf, int num);

-RAND_METHOD	fake_rand;

-const RAND_METHOD *old_rand;

-int change_rand(void)

-	{

-	/* save old rand method */

-	if ((old_rand = RAND_get_rand_method()) == NULL)

-		return 0;

-	fake_rand.seed    = old_rand->seed;

-	fake_rand.cleanup = old_rand->cleanup;

-	fake_rand.add     = old_rand->add;

-	fake_rand.status  = old_rand->status;

-	/* use own random function */

-	fake_rand.bytes      = fbytes;

-	fake_rand.pseudorand = old_rand->bytes;

-	/* set new RAND_METHOD */

-	if (!RAND_set_rand_method(&fake_rand))

-		return 0;

-	return 1;

-	}

-int restore_rand(void)

-	{

-	if (!RAND_set_rand_method(old_rand))

-		return 0;

-	else

-		return 1;

-	}

-static int fbytes_counter = 0;

-static const char *numbers[8] = {

-	"651056770906015076056810763456358567190100156695615665659",

-	"6140507067065001063065065565667405560006161556565665656654",

-	"8763001015071075675010661307616710783570106710677817767166"

-	"71676178726717",

-	"7000000175690566466555057817571571075705015757757057795755"

-	"55657156756655",

-	"1275552191113212300012030439187146164646146646466749494799",

-	"1542725565216523985789236956265265265235675811949404040041",

-	"1456427555219115346513212300075341203043918714616464614664"

-	"64667494947990",

-	"1712787255652165239672857892369562652652652356758119494040"

-	"40041670216363"};

-int fbytes(unsigned char *buf, int num)

-	{

-	int	ret;

-	BIGNUM	*tmp = NULL;

-	if (fbytes_counter >= 8)

-		return 0;

-	tmp = BN_new();

-	if (!tmp)

-		return 0;

-	if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))

-		{

-		BN_free(tmp);

-		return 0;

-		}

-	fbytes_counter ++;

-	ret = BN_bn2bin(tmp, buf);

-	if (ret == 0 || ret != num)

-		ret = 0;

-	else

-		ret = 1;

-	if (tmp)

-		BN_free(tmp);

-	return ret;

-	}

-/* some tests from the X9.62 draft */

-int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)

-	{

-	int	ret = 0;

-	const char message[] = "abc";

-	unsigned char digest[20];

-	unsigned int  dgst_len = 0;

-	EVP_MD_CTX md_ctx;

-	EC_KEY    *key = NULL;

-	ECDSA_SIG *signature = NULL;

-	BIGNUM    *r = NULL, *s = NULL;

-	EVP_MD_CTX_init(&md_ctx);

-	/* get the message digest */

-	EVP_DigestInit(&md_ctx, EVP_ecdsa());

-	EVP_DigestUpdate(&md_ctx, (const void*)message, 3);

-	EVP_DigestFinal(&md_ctx, digest, &dgst_len);

-	BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));

-	/* create the key */

-	if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)

-		goto x962_int_err;

-	if (!EC_KEY_generate_key(key))

-		goto x962_int_err;

-	BIO_printf(out, ".");

-	(void)BIO_flush(out);

-	/* create the signature */

-	signature = ECDSA_do_sign(digest, 20, key);

-	if (signature == NULL)

-		goto x962_int_err;

-	BIO_printf(out, ".");

-	(void)BIO_flush(out);

-	/* compare the created signature with the expected signature */

-	if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)

-		goto x962_int_err;

-	if (!BN_dec2bn(&r, r_in) ||

-	    !BN_dec2bn(&s, s_in))

-		goto x962_int_err;

-	if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))

-		goto x962_int_err;

-	BIO_printf(out, ".");

-	(void)BIO_flush(out);

-	/* verify the signature */

-	if (ECDSA_do_verify(digest, 20, signature, key) != 1)

-		goto x962_int_err;

-	BIO_printf(out, ".");

-	(void)BIO_flush(out);

-	BIO_printf(out, " ok\n");

-	ret = 1;

-x962_int_err:

-	if (!ret)

-		BIO_printf(out, " failed\n");

-	if (key)

-		EC_KEY_free(key);

-	if (signature)

-		ECDSA_SIG_free(signature);

-	if (r)

-		BN_free(r);

-	if (s)

-		BN_free(s);

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return ret;

-	}

-int x9_62_tests(BIO *out)

-	{

-	int ret = 0;

-	BIO_printf(out, "some tests from X9.62:\n");

-	/* set own rand method */

-	if (!change_rand())

-		goto x962_err;

-	if (!x9_62_test_internal(out, NID_X9_62_prime192v1,

-		"3342403536405981729393488334694600415596881826869351677613",

-		"5735822328888155254683894997897571951568553642892029982342"))

-		goto x962_err;

-	if (!x9_62_test_internal(out, NID_X9_62_prime239v1,

-		"3086361431751678114926225473006680188549593787585317781474"

-		"62058306432176",

-		"3238135532097973577080787768312505059318910517550078427819"

-		"78505179448783"))

-		goto x962_err;

-	if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,

-		"87194383164871543355722284926904419997237591535066528048",

-		"308992691965804947361541664549085895292153777025772063598"))

-		goto x962_err;

-	if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,

-		"2159633321041961198501834003903461262881815148684178964245"

-		"5876922391552",

-		"1970303740007316867383349976549972270528498040721988191026"

-		"49413465737174"))

-		goto x962_err;

-	ret = 1;

-x962_err:

-	if (!restore_rand())

-		ret = 0;

-	return ret;

-	}

-int test_builtin(BIO *out)

-	{

-	EC_builtin_curve *curves = NULL;

-	size_t		crv_len = 0, n = 0;

-	EC_KEY		*eckey = NULL, *wrong_eckey = NULL;

-	EC_GROUP	*group;

-	unsigned char	digest[20], wrong_digest[20];

-	unsigned char	*signature = NULL;

-	unsigned int	sig_len;

-	int		nid, ret =  0;

-	/* fill digest values with some random data */

-	if (!RAND_pseudo_bytes(digest, 20) ||

-	    !RAND_pseudo_bytes(wrong_digest, 20))

-		{

-		BIO_printf(out, "ERROR: unable to get random data\n");

-		goto builtin_err;

-		}

-	/* create and verify a ecdsa signature with every availble curve

-	 * (with ) */

-	BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "

-		"with some internal curves:\n");

-	/* get a list of all internal curves */

-	crv_len = EC_get_builtin_curves(NULL, 0);

-	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);

-	if (curves == NULL)

-		{

-		BIO_printf(out, "malloc error\n");

-		goto builtin_err;

-		}

-	if (!EC_get_builtin_curves(curves, crv_len))

-		{

-		BIO_printf(out, "unable to get internal curves\n");

-		goto builtin_err;

-		}

-	/* now create and verify a signature for every curve */

-	for (n = 0; n < crv_len; n++)

-		{

-		unsigned char dirt, offset;

-		nid = curves[n].nid;

-		if (nid == NID_ipsec4)

-			continue;

-		/* create new ecdsa key (== EC_KEY) */

-		if ((eckey = EC_KEY_new()) == NULL)

-			goto builtin_err;

-		group = EC_GROUP_new_by_curve_name(nid);

-		if (group == NULL)

-			goto builtin_err;

-		if (EC_KEY_set_group(eckey, group) == 0)

-			goto builtin_err;

-		EC_GROUP_free(group);

-		if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)

-			/* drop the curve */

-			{

-			EC_KEY_free(eckey);

-			eckey = NULL;

-			continue;

-			}

-		BIO_printf(out, "%s: ", OBJ_nid2sn(nid));

-		/* create key */

-		if (!EC_KEY_generate_key(eckey))

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		/* create second key */

-		if ((wrong_eckey = EC_KEY_new()) == NULL)

-			goto builtin_err;

-		group = EC_GROUP_new_by_curve_name(nid);

-		if (group == NULL)

-			goto builtin_err;

-		if (EC_KEY_set_group(wrong_eckey, group) == 0)

-			goto builtin_err;

-		EC_GROUP_free(group);

-		if (!EC_KEY_generate_key(wrong_eckey))

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		/* check key */

-		if (!EC_KEY_check_key(eckey))

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		/* create signature */

-		sig_len = ECDSA_size(eckey);

-		if ((signature = OPENSSL_malloc(sig_len)) == NULL)

-			goto builtin_err;

-                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		/* verify signature */

-		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		/* verify signature with the wrong key */

-		if (ECDSA_verify(0, digest, 20, signature, sig_len,

-			wrong_eckey) == 1)

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		/* wrong digest */

-		if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,

-			eckey) == 1)

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		/* modify a single byte of the signature */

-		offset = signature[10] % sig_len;

-		dirt   = signature[11];

-		signature[offset] ^= dirt ? dirt : 1;

-		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)

-			{

-			BIO_printf(out, " failed\n");

-			goto builtin_err;

-			}

-		BIO_printf(out, ".");

-		(void)BIO_flush(out);

-		BIO_printf(out, " ok\n");

-		/* cleanup */

-		OPENSSL_free(signature);

-		signature = NULL;

-		EC_KEY_free(eckey);

-		eckey = NULL;

-		EC_KEY_free(wrong_eckey);

-		wrong_eckey = NULL;

-		}

-	ret = 1;

-builtin_err:

-	if (eckey)

-		EC_KEY_free(eckey);

-	if (wrong_eckey)

-		EC_KEY_free(wrong_eckey);

-	if (signature)

-		OPENSSL_free(signature);

-	if (curves)

-		OPENSSL_free(curves);

-	return ret;

-	}

-int main(void)

-	{

-	int 	ret = 1;

-	BIO	*out;

-	out = BIO_new_fp(stdout, BIO_NOCLOSE);

-	/* enable memory leak checking unless explicitly disabled */

-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&

-		(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))

-		{

-		CRYPTO_malloc_debug_init();

-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);

-		}

-	else

-		{

-		/* OPENSSL_DEBUG_MEMORY=off */

-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);

-		}

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	ERR_load_crypto_strings();

-	/* initialize the prng */

-	RAND_seed(rnd_seed, sizeof(rnd_seed));

-	/* the tests */

-	if (!x9_62_tests(out))  goto err;

-	if (!test_builtin(out)) goto err;

-	ret = 0;

-err:

-	if (ret)

-		BIO_printf(out, "\nECDSA test failed\n");

-	else

-		BIO_printf(out, "\nECDSA test passed\n");

-	if (ret)

-		ERR_print_errors(out);

-	CRYPTO_cleanup_all_ex_data();

-	ERR_remove_state(0);

-	ERR_free_strings();

-	CRYPTO_mem_leaks(out);

-	if (out != NULL)

-		BIO_free(out);

-	return ret;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_asn1.c

+++ /dev/null

@@ -1,67 +1,0 @@

-/* crypto/ecdsa/ecs_asn1.c */

-/* ====================================================================

- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ecs_locl.h"

-#include <openssl/err.h>

-#include <openssl/asn1t.h>

-ASN1_SEQUENCE(ECDSA_SIG) = {

-	ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),

-	ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)

-} ASN1_SEQUENCE_END(ECDSA_SIG)

-DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)

-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_err.c

+++ /dev/null

@@ -1,104 +1,0 @@

-/* crypto/ecdsa/ecs_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ecdsa.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)

-static ERR_STRING_DATA ECDSA_str_functs[]=

-	{

-{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_NEW_METHOD"},

-{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},

-{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},

-{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),	"ECDSA_sign_setup"},

-{0,NULL}

-	};

-static ERR_STRING_DATA ECDSA_str_reasons[]=

-	{

-{ERR_REASON(ECDSA_R_BAD_SIGNATURE)       ,"bad signature"},

-{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},

-{ERR_REASON(ECDSA_R_ERR_EC_LIB)          ,"err ec lib"},

-{ERR_REASON(ECDSA_R_MISSING_PARAMETERS)  ,"missing parameters"},

-{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},

-{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},

-{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},

-{0,NULL}

-	};

-#endif

-void ERR_load_ECDSA_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,ECDSA_str_functs);

-		ERR_load_strings(0,ECDSA_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_lib.c

+++ /dev/null

@@ -1,261 +1,0 @@

-/* crypto/ecdsa/ecs_lib.c */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include "ecs_locl.h"

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/bn.h>

-const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;

-static const ECDSA_METHOD *default_ECDSA_method = NULL;

-static void *ecdsa_data_new(void);

-static void *ecdsa_data_dup(void *);

-static void  ecdsa_data_free(void *);

-void ECDSA_set_default_method(const ECDSA_METHOD *meth)

-{

-	default_ECDSA_method = meth;

-}

-const ECDSA_METHOD *ECDSA_get_default_method(void)

-{

-	if(!default_ECDSA_method)

-		default_ECDSA_method = ECDSA_OpenSSL();

-	return default_ECDSA_method;

-}

-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)

-{

-        const ECDSA_METHOD *mtmp;

-	ECDSA_DATA *ecdsa;

-	ecdsa = ecdsa_check(eckey);

-	if (ecdsa == NULL)

-		return 0;

-        mtmp = ecdsa->meth;

-#ifndef OPENSSL_NO_ENGINE

-	if (ecdsa->engine)

-	{

-		ENGINE_finish(ecdsa->engine);

-		ecdsa->engine = NULL;

-	}

-#endif

-        ecdsa->meth = meth;

-        return 1;

-}

-static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)

-{

-	ECDSA_DATA *ret;

-	ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));

-	if (ret == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);

-		return(NULL);

-	}

-	ret->init = NULL;

-	ret->meth = ECDSA_get_default_method();

-	ret->engine = engine;

-#ifndef OPENSSL_NO_ENGINE

-	if (!ret->engine)

-		ret->engine = ENGINE_get_default_ECDSA();

-	if (ret->engine)

-	{

-		ret->meth = ENGINE_get_ECDSA(ret->engine);

-		if (!ret->meth)

-		{

-			ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);

-			ENGINE_finish(ret->engine);

-			OPENSSL_free(ret);

-			return NULL;

-		}

-	}

-#endif

-	ret->flags = ret->meth->flags;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);

-#if 0

-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))

-	{

-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);

-		OPENSSL_free(ret);

-		ret=NULL;

-	}

-#endif

-	return(ret);

-}

-static void *ecdsa_data_new(void)

-{

-	return (void *)ECDSA_DATA_new_method(NULL);

-}

-static void *ecdsa_data_dup(void *data)

-{

-	ECDSA_DATA *r = (ECDSA_DATA *)data;

-	/* XXX: dummy operation */

-	if (r == NULL)

-		return NULL;

-	return ecdsa_data_new();

-}

-static void ecdsa_data_free(void *data)

-{

-	ECDSA_DATA *r = (ECDSA_DATA *)data;

-#ifndef OPENSSL_NO_ENGINE

-	if (r->engine)

-		ENGINE_finish(r->engine);

-#endif

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);

-	OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));

-	OPENSSL_free(r);

-}

-ECDSA_DATA *ecdsa_check(EC_KEY *key)

-{

-	ECDSA_DATA *ecdsa_data;

-	void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,

-					ecdsa_data_free, ecdsa_data_free);

-	if (data == NULL)

-	{

-		ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();

-		if (ecdsa_data == NULL)

-			return NULL;

-		EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,

-			ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);

-	}

-	else

-		ecdsa_data = (ECDSA_DATA *)data;

-	return ecdsa_data;

-}

-int ECDSA_size(const EC_KEY *r)

-{

-	int ret,i;

-	ASN1_INTEGER bs;

-	BIGNUM	*order=NULL;

-	unsigned char buf[4];

-	const EC_GROUP *group;

-	if (r == NULL)

-		return 0;

-	group = EC_KEY_get0_group(r);

-	if (group == NULL)

-		return 0;

-	if ((order = BN_new()) == NULL) return 0;

-	if (!EC_GROUP_get_order(group,order,NULL))

-	{

-		BN_clear_free(order);

-		return 0;

-	}

-	i=BN_num_bits(order);

-	bs.length=(i+7)/8;

-	bs.data=buf;

-	bs.type=V_ASN1_INTEGER;

-	/* If the top bit is set the asn1 encoding is 1 larger. */

-	buf[0]=0xff;

-	i=i2d_ASN1_INTEGER(&bs,NULL);

-	i+=i; /* r and s */

-	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);

-	BN_clear_free(order);

-	return(ret);

-}

-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,

-				new_func, dup_func, free_func);

-}

-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)

-{

-	ECDSA_DATA *ecdsa;

-	ecdsa = ecdsa_check(d);

-	if (ecdsa == NULL)

-		return 0;

-	return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg));

-}

-void *ECDSA_get_ex_data(EC_KEY *d, int idx)

-{

-	ECDSA_DATA *ecdsa;

-	ecdsa = ecdsa_check(d);

-	if (ecdsa == NULL)

-		return NULL;

-	return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));

-}

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_locl.h

+++ /dev/null

@@ -1,107 +1,0 @@

-/* crypto/ecdsa/ecs_locl.h */

-/*

- * Written by Nils Larsch for the OpenSSL project

- */

-/* ====================================================================

- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ECS_LOCL_H

-#define HEADER_ECS_LOCL_H

-#include <openssl/ecdsa.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-struct ecdsa_method

-	{

-	const char *name;

-	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,

-			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);

-	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,

-			BIGNUM **r);

-	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,

-			const ECDSA_SIG *sig, EC_KEY *eckey);

-#if 0

-	int (*init)(EC_KEY *eckey);

-	int (*finish)(EC_KEY *eckey);

-#endif

-	int flags;

-	char *app_data;

-	};

-typedef struct ecdsa_data_st {

-	/* EC_KEY_METH_DATA part */

-	int (*init)(EC_KEY *);

-	/* method (ECDSA) specific part */

-	ENGINE	*engine;

-	int	flags;

-	const ECDSA_METHOD *meth;

-	CRYPTO_EX_DATA ex_data;

-} ECDSA_DATA;

-/** ecdsa_check

- * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure

- * and if not it removes the old meth_data and creates a ECDSA_DATA structure.

- * \param  eckey pointer to a EC_KEY object

- * \return pointer to a ECDSA_DATA structure

- */

-ECDSA_DATA *ecdsa_check(EC_KEY *eckey);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* HEADER_ECS_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_ossl.c

+++ /dev/null

@@ -1,455 +1,0 @@

-/* crypto/ecdsa/ecs_ossl.c */

-/*

- * Written by Nils Larsch for the OpenSSL project

- */

-/* ====================================================================

- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ecs_locl.h"

-#include <openssl/err.h>

-#include <openssl/obj_mac.h>

-#include <openssl/bn.h>

-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,

-		const BIGNUM *, const BIGNUM *, EC_KEY *eckey);

-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,

-		BIGNUM **rp);

-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,

-		const ECDSA_SIG *sig, EC_KEY *eckey);

-static ECDSA_METHOD openssl_ecdsa_meth = {

-	"OpenSSL ECDSA method",

-	ecdsa_do_sign,

-	ecdsa_sign_setup,

-	ecdsa_do_verify,

-#if 0

-	NULL, /* init     */

-	NULL, /* finish   */

-#endif

-	0,    /* flags    */

-	NULL  /* app_data */

-};

-const ECDSA_METHOD *ECDSA_OpenSSL(void)

-{

-	return &openssl_ecdsa_meth;

-}

-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,

-		BIGNUM **rp)

-{

-	BN_CTX   *ctx = NULL;

-	BIGNUM	 *k = NULL, *r = NULL, *order = NULL, *X = NULL;

-	EC_POINT *tmp_point=NULL;

-	const EC_GROUP *group;

-	int 	 ret = 0;

-	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-	}

-	if (ctx_in == NULL)

-	{

-		if ((ctx = BN_CTX_new()) == NULL)

-		{

-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-	}

-	else

-		ctx = ctx_in;

-	k     = BN_new();	/* this value is later returned in *kinvp */

-	r     = BN_new();	/* this value is later returned in *rp    */

-	order = BN_new();

-	X     = BN_new();

-	if (!k || !r || !order || !X)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if ((tmp_point = EC_POINT_new(group)) == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);

-		goto err;

-	}

-	if (!EC_GROUP_get_order(group, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);

-		goto err;

-	}

-	do

-	{

-		/* get random k */

-		do

-			if (!BN_rand_range(k, order))

-			{

-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,

-				 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);

-				goto err;

-			}

-		while (BN_is_zero(k));

-		/* compute r the x-coordinate of generator * k */

-		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);

-			goto err;

-		}

-		if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)

-		{

-			if (!EC_POINT_get_affine_coordinates_GFp(group,

-				tmp_point, X, NULL, ctx))

-			{

-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);

-				goto err;

-			}

-		}

-		else /* NID_X9_62_characteristic_two_field */

-		{

-			if (!EC_POINT_get_affine_coordinates_GF2m(group,

-				tmp_point, X, NULL, ctx))

-			{

-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);

-				goto err;

-			}

-		}

-		if (!BN_nnmod(r, X, order, ctx))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);

-			goto err;

-		}

-	}

-	while (BN_is_zero(r));

-	/* compute the inverse of k */

-	if (!BN_mod_inverse(k, k, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);

-		goto err;

-	}

-	/* clear old values if necessary */

-	if (*rp != NULL)

-		BN_clear_free(*rp);

-	if (*kinvp != NULL)

-		BN_clear_free(*kinvp);

-	/* save the pre-computed values  */

-	*rp    = r;

-	*kinvp = k;

-	ret = 1;

-err:

-	if (!ret)

-	{

-		if (k != NULL) BN_clear_free(k);

-		if (r != NULL) BN_clear_free(r);

-	}

-	if (ctx_in == NULL)

-		BN_CTX_free(ctx);

-	if (order != NULL)

-		BN_free(order);

-	if (tmp_point != NULL)

-		EC_POINT_free(tmp_point);

-	if (X)

-		BN_clear_free(X);

-	return(ret);

-}

-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,

-		const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)

-{

-	int     ok = 0;

-	BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;

-	const BIGNUM *ckinv;

-	BN_CTX     *ctx = NULL;

-	const EC_GROUP   *group;

-	ECDSA_SIG  *ret;

-	ECDSA_DATA *ecdsa;

-	const BIGNUM *priv_key;

-	ecdsa    = ecdsa_check(eckey);

-	group    = EC_KEY_get0_group(eckey);

-	priv_key = EC_KEY_get0_private_key(eckey);

-	if (group == NULL || priv_key == NULL || ecdsa == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-	}

-	ret = ECDSA_SIG_new();

-	if (!ret)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	s = ret->s;

-	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||

-		(tmp = BN_new()) == NULL || (m = BN_new()) == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if (!EC_GROUP_get_order(group, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);

-		goto err;

-	}

-	if (dgst_len > BN_num_bytes(order))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,

-			ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		goto err;

-	}

-	if (!BN_bin2bn(dgst, dgst_len, m))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);

-		goto err;

-	}

-	do

-	{

-		if (in_kinv == NULL || in_r == NULL)

-		{

-			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r))

-			{

-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);

-				goto err;

-			}

-			ckinv = kinv;

-		}

-		else

-		{

-			ckinv  = in_kinv;

-			if (BN_copy(ret->r, in_r) == NULL)

-			{

-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);

-				goto err;

-			}

-		}

-		if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);

-			goto err;

-		}

-		if (!BN_mod_add_quick(s, tmp, m, order))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);

-			goto err;

-		}

-		if (!BN_mod_mul(s, s, ckinv, order, ctx))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);

-			goto err;

-		}

-		if (BN_is_zero(s))

-		{

-			/* if kinv and r have been supplied by the caller

-			 * don't to generate new kinv and r values */

-			if (in_kinv != NULL && in_r != NULL)

-			{

-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);

-				goto err;

-			}

-		}

-		else

-			/* s != 0 => we have a valid signature */

-			break;

-	}

-	while (1);

-	ok = 1;

-err:

-	if (!ok)

-	{

-		ECDSA_SIG_free(ret);

-		ret = NULL;

-	}

-	if (ctx)

-		BN_CTX_free(ctx);

-	if (m)

-		BN_clear_free(m);

-	if (tmp)

-		BN_clear_free(tmp);

-	if (order)

-		BN_free(order);

-	if (kinv)

-		BN_clear_free(kinv);

-	return ret;

-}

-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,

-		const ECDSA_SIG *sig, EC_KEY *eckey)

-{

-	int ret = -1;

-	BN_CTX   *ctx;

-	BIGNUM   *order, *u1, *u2, *m, *X;

-	EC_POINT *point = NULL;

-	const EC_GROUP *group;

-	const EC_POINT *pub_key;

-	/* check input values */

-	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||

-	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);

-		return -1;

-	}

-	ctx = BN_CTX_new();

-	if (!ctx)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);

-		return -1;

-	}

-	BN_CTX_start(ctx);

-	order = BN_CTX_get(ctx);

-	u1    = BN_CTX_get(ctx);

-	u2    = BN_CTX_get(ctx);

-	m     = BN_CTX_get(ctx);

-	X     = BN_CTX_get(ctx);

-	if (!X)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

-		goto err;

-	}

-	if (!EC_GROUP_get_order(group, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);

-		goto err;

-	}

-	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) ||

-	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||

-	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);

-		ret = 0;	/* signature is invalid */

-		goto err;

-	}

-	/* calculate tmp1 = inv(S) mod order */

-	if (!BN_mod_inverse(u2, sig->s, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

-		goto err;

-	}

-	/* digest -> m */

-	if (!BN_bin2bn(dgst, dgst_len, m))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

-		goto err;

-	}

-	/* u1 = m * tmp mod order */

-	if (!BN_mod_mul(u1, m, u2, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

-		goto err;

-	}

-	/* u2 = r * w mod q */

-	if (!BN_mod_mul(u2, sig->r, u2, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

-		goto err;

-	}

-	if ((point = EC_POINT_new(group)) == NULL)

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);

-		goto err;

-	}

-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)

-	{

-		if (!EC_POINT_get_affine_coordinates_GFp(group,

-			point, X, NULL, ctx))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);

-			goto err;

-		}

-	}

-	else /* NID_X9_62_characteristic_two_field */

-	{

-		if (!EC_POINT_get_affine_coordinates_GF2m(group,

-			point, X, NULL, ctx))

-		{

-			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);

-			goto err;

-		}

-	}

-	if (!BN_nnmod(u1, X, order, ctx))

-	{

-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

-		goto err;

-	}

-	/*  if the signature is correct u1 is equal to sig->r */

-	ret = (BN_ucmp(u1, sig->r) == 0);

-err:

-	BN_CTX_end(ctx);

-	BN_CTX_free(ctx);

-	if (point)

-		EC_POINT_free(point);

-	return ret;

-}

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_sign.c

+++ /dev/null

@@ -1,104 +1,0 @@

-/* crypto/ecdsa/ecdsa_sign.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ecs_locl.h"

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)

-{

-	return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);

-}

-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,

-	const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)

-{

-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);

-	if (ecdsa == NULL)

-		return NULL;

-	return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);

-}

-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char

-		*sig, unsigned int *siglen, EC_KEY *eckey)

-{

-	return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);

-}

-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char

-	*sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r,

-	EC_KEY *eckey)

-{

-	ECDSA_SIG *s;

-	s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);

-	if (s == NULL)

-	{

-		*siglen=0;

-		return 0;

-	}

-	*siglen = i2d_ECDSA_SIG(s, &sig);

-	ECDSA_SIG_free(s);

-	return 1;

-}

-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,

-		BIGNUM **rp)

-{

-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);

-	if (ecdsa == NULL)

-		return 0;

-	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);

-}

--- a/sys/src/ape/lib/openssl/crypto/ecdsa/ecs_vrf.c

+++ /dev/null

@@ -1,96 +1,0 @@

-/* crypto/ecdsa/ecdsa_vrf.c */

-/*

- * Written by Nils Larsch for the OpenSSL project

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ecs_locl.h"

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-/* returns

- *      1: correct signature

- *      0: incorrect signature

- *     -1: error

- */

-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,

-		const ECDSA_SIG *sig, EC_KEY *eckey)

-	{

-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);

-	if (ecdsa == NULL)

-		return 0;

-	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);

-	}

-/* returns

- *      1: correct signature

- *      0: incorrect signature

- *     -1: error

- */

-int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,

-		const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)

- 	{

-	ECDSA_SIG *s;

-	int ret=-1;

-	s = ECDSA_SIG_new();

-	if (s == NULL) return(ret);

-	if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;

-	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);

-err:

-	ECDSA_SIG_free(s);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/Makefile

+++ /dev/null

@@ -1,288 +1,0 @@

-#

-# OpenSSL/crypto/engine/Makefile

-#

-DIR=	engine

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST= enginetest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \

-	eng_table.c eng_pkey.c eng_fat.c eng_all.c \

-	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \

-	tb_cipher.c tb_digest.c \

-	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c

-LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \

-	eng_table.o eng_pkey.o eng_fat.o eng_all.o \

-	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \

-	tb_cipher.o tb_digest.o \

-	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o

-SRC= $(LIBSRC)

-EXHEADER= engine.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-eng_all.o: ../../e_os.h ../../include/openssl/bio.h

-eng_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-eng_all.o: ../cryptlib.h eng_all.c eng_int.h

-eng_cnf.o: ../../e_os.h ../../include/openssl/bio.h

-eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_cnf.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_cnf.c eng_int.h

-eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h

-eng_cryptodev.o: ../../include/openssl/objects.h

-eng_cryptodev.o: ../../include/openssl/opensslconf.h

-eng_cryptodev.o: ../../include/openssl/opensslv.h

-eng_cryptodev.o: ../../include/openssl/ossl_typ.h

-eng_cryptodev.o: ../../include/openssl/safestack.h

-eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-eng_cryptodev.o: eng_cryptodev.c

-eng_ctrl.o: ../../e_os.h ../../include/openssl/bio.h

-eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_ctrl.o: ../../include/openssl/opensslconf.h

-eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_ctrl.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_ctrl.c eng_int.h

-eng_dyn.o: ../../e_os.h ../../include/openssl/bio.h

-eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_dyn.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_dyn.c eng_int.h

-eng_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-eng_err.o: eng_err.c

-eng_fat.o: ../../e_os.h ../../include/openssl/bio.h

-eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_fat.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_fat.c eng_int.h

-eng_init.o: ../../e_os.h ../../include/openssl/bio.h

-eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_init.o: ../../include/openssl/opensslconf.h

-eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_init.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_init.c eng_int.h

-eng_lib.o: ../../e_os.h ../../include/openssl/bio.h

-eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_lib.c

-eng_list.o: ../../e_os.h ../../include/openssl/bio.h

-eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_list.o: ../../include/openssl/opensslconf.h

-eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_list.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_list.c

-eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h

-eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

-eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h

-eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-eng_openssl.o: ../../include/openssl/opensslconf.h

-eng_openssl.o: ../../include/openssl/opensslv.h

-eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h

-eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h

-eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c

-eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h

-eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-eng_padlock.o: ../../include/openssl/opensslconf.h

-eng_padlock.o: ../../include/openssl/opensslv.h

-eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-eng_padlock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_padlock.o: ../../include/openssl/symhacks.h eng_padlock.c

-eng_pkey.o: ../../e_os.h ../../include/openssl/bio.h

-eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-eng_pkey.o: ../../include/openssl/opensslconf.h

-eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_pkey.c

-eng_table.o: ../../e_os.h ../../include/openssl/asn1.h

-eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-eng_table.o: ../../include/openssl/opensslconf.h

-eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-eng_table.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h

-eng_table.o: eng_table.c

-tb_cipher.o: ../../e_os.h ../../include/openssl/bio.h

-tb_cipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_cipher.o: ../../include/openssl/opensslconf.h

-tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tb_cipher.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h

-tb_cipher.o: tb_cipher.c

-tb_dh.o: ../../e_os.h ../../include/openssl/bio.h

-tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_dh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c

-tb_digest.o: ../../e_os.h ../../include/openssl/bio.h

-tb_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_digest.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_digest.o: ../../include/openssl/opensslconf.h

-tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tb_digest.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h

-tb_digest.o: tb_digest.c

-tb_dsa.o: ../../e_os.h ../../include/openssl/bio.h

-tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c

-tb_ecdh.o: ../../e_os.h ../../include/openssl/bio.h

-tb_ecdh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c

-tb_ecdsa.o: ../../e_os.h ../../include/openssl/bio.h

-tb_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_ecdsa.o: ../../include/openssl/opensslconf.h

-tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tb_ecdsa.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_ecdsa.c

-tb_rand.o: ../../e_os.h ../../include/openssl/bio.h

-tb_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c

-tb_rsa.o: ../../e_os.h ../../include/openssl/bio.h

-tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c

-tb_store.o: ../../e_os.h ../../include/openssl/bio.h

-tb_store.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-tb_store.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-tb_store.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-tb_store.o: ../../include/openssl/opensslconf.h

-tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-tb_store.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-tb_store.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_store.c

--- a/sys/src/ape/lib/openssl/crypto/engine/README

+++ /dev/null

@@ -1,211 +1,0 @@

-Notes: 2001-09-24

------------------

-This "description" (if one chooses to call it that) needed some major updating

-so here goes. This update addresses a change being made at the same time to

-OpenSSL, and it pretty much completely restructures the underlying mechanics of

-the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals

-for masochists" document *and* a rather extensive commit log message. (I'd get

-lynched for sticking all this in CHANGES or the commit mails :-).

-ENGINE_TABLE underlies this restructuring, as described in the internal header

-"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;

-tb_rsa.c, tb_dsa.c, etc.

-However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so

-I'll mention a bit about that first. EVP_CIPHER (and most of this applies

-equally to EVP_MD for digests) is both a "method" and a algorithm/mode

-identifier that, in the current API, "lingers". These cipher description +

-implementation structures can be defined or obtained directly by applications,

-or can be loaded "en masse" into EVP storage so that they can be catalogued and

-searched in various ways, ie. two ways of encrypting with the "des_cbc"

-algorithm/mode pair are;

-(i) directly;

-     const EVP_CIPHER *cipher = EVP_des_cbc();

-     EVP_EncryptInit(&ctx, cipher, key, iv);

-     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]

-(ii) indirectly;

-     OpenSSL_add_all_ciphers();

-     cipher = EVP_get_cipherbyname("des_cbc");

-     EVP_EncryptInit(&ctx, cipher, key, iv);

-     [ ... etc ... ]

-The latter is more generally used because it also allows ciphers/digests to be

-looked up based on other identifiers which can be useful for automatic cipher

-selection, eg. in SSL/TLS, or by user-controllable configuration.

-The important point about this is that EVP_CIPHER definitions and structures are

-passed around with impunity and there is no safe way, without requiring massive

-rewrites of many applications, to assume that EVP_CIPHERs can be reference

-counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it

-comes from can "safely" be destroyed. Unless of course the way of getting to

-such ciphers is via entirely distinct API calls that didn't exist before.

-However existing API usage cannot be made to understand when an EVP_CIPHER

-pointer, that has been passed to the caller, is no longer being used.

-The other problem with the existing API w.r.t. to hooking EVP_CIPHER support

-into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register

-ciphers simultaneously registers cipher *types* and cipher *implementations* -

-they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with

-hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The

-solution is necessarily that ENGINE-provided ciphers simply are not registered,

-stored, or exposed to the caller in the same manner as existing ciphers. This is

-especially necessary considering the fact ENGINE uses reference counts to allow

-for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to

-callers in the current API, support no such controls.

-Another sticking point for integrating cipher support into ENGINE is linkage.

-Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby

-they are available *because* they're part of a giant ENGINE called "openssl".

-Ie. all implementations *have* to come from an ENGINE, but we get round that by

-having a giant ENGINE with all the software support encapsulated. This creates

-linker hassles if nothing else - linking a 1-line application that calls 2 basic

-RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of

-ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we

-continue with this approach for EVP_CIPHER support (even if it *was* possible)

-we would lose our ability to link selectively by selectively loading certain

-implementations of certain functionality. Touching any part of any kind of

-crypto would result in massive static linkage of everything else. So the

-solution is to change the way ENGINE feeds existing "classes", ie. how the

-hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking

-for EVP_CIPHER, and EVP_MD.

-The way this is now being done is by mostly reverting back to how things used to

-work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this

-was previously replaced by an "ENGINE" pointer and all RSA code that required

-the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to

-temporarily get and use the ENGINE's RSA implementation. Apart from being more

-efficient, switching back to each RSA having an RSA_METHOD pointer also allows

-us to conceivably operate with *no* ENGINE. As we'll see, this removes any need

-for a fallback ENGINE that encapsulates default implementations - we can simply

-have our RSA structure pointing its RSA_METHOD pointer to the software

-implementation and have its ENGINE pointer set to NULL.

-A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases

-turn out to be degenerate forms of the same thing. The EVP storage of ciphers,

-and the existing EVP API functions that return "software" implementations and

-descriptions remain untouched. However, the storage takes more meaning in terms

-of "cipher description" and less meaning in terms of "implementation". When an

-EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to

-begin en/decryption, the hooking to ENGINE comes into play. What happens is that

-cipher-specific ENGINE code is asked for an ENGINE pointer (a functional

-reference) for any ENGINE that is registered to perform the algo/mode that the

-provided EVP_CIPHER structure represents. Under normal circumstances, that

-ENGINE code will return NULL because no ENGINEs will have had any cipher

-implementations *registered*. As such, a NULL ENGINE pointer is stored in the

-EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the

-context and so is used as the implementation. Pretty much how things work now

-except we'd have a redundant ENGINE pointer set to NULL and doing nothing.

-Conversely, if an ENGINE *has* been registered to perform the algorithm/mode

-combination represented by the provided EVP_CIPHER, then a functional reference

-to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.

-That functional reference will be stored in the context (and released on

-cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER

-definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the

-application will actually be replaced by an EVP_CIPHER from the registered

-ENGINE - it will support the same algorithm/mode as the original but will be a

-completely different implementation. Because this EVP_CIPHER isn't stored in the

-EVP storage, nor is it returned to applications from traditional API functions,

-there is no associated problem with it not having reference counts. And of

-course, when one of these "private" cipher implementations is hooked into

-EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional

-reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is

-safe.

-The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but

-in essence it is simply an instantiation of "ENGINE_TABLE" code for use by

-EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for

-use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of

-ENGINE_TABLE essentially provide linker-separation of the classes so that even

-if ENGINEs implement *all* possible algorithms, an application using only

-EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core

-ENGINE code that is independant of class, and of course the ENGINE

-implementation that the application loaded. It will *not* however link any

-class-specific ENGINE code for digests, RSA, etc nor will it bleed over into

-other APIs, such as the RSA/DSA/etc library code.

-ENGINE_TABLE is a little more complicated than may seem necessary but this is

-mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load

-DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*

-to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for

-example tb_cipher.c, implements a hash-table keyed by integer "nid" values.

-These nids provide the uniquenness of an algorithm/mode - and each nid will hash

-to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of

-pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some

-caching tricks such that requests on that 'nid' will be cached and all future

-requests will return immediately (well, at least with minimal operation) unless

-a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is

-that an application could have support for 10 ENGINEs statically linked

-in, and the machine in question may not have any of the hardware those 10

-ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we

-want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise

-each of those 10 ENGINEs. Instead, the first such request will try to do that

-and will either return (and cache) a NULL ENGINE pointer or will return a

-functional reference to the first that successfully initialised. In the latter

-case it will also cache an extra functional reference to the ENGINE as a

-"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable

-that is unset only if un/registration takes place on that pile. Ie. if

-implementations of "des_cbc" are added or removed. This behaviour can be

-tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to

-ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will

-try to initialise from the "pile" will be those that are already initialised

-(ie. it's simply an increment of the functional reference count, and no real

-"initialisation" will take place).

-RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the

-difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are

-actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is

-not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are

-necessarily interoperable and don't have different flavours, only different

-implementations. In other words, the ENGINE_TABLE for RSA will either be empty,

-or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile

-represents ENGINEs that implement the single "type" of RSA there is.

-Cleanup - the registration and unregistration may pose questions about how

-cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the

-application or EVP_CIPHER code releases its last reference to an ENGINE, the

-ENGINE_PILE code may still have references and thus those ENGINEs will stay

-hooked in forever). The way this is handled is via "unregistration". With these

-new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that

-is an algorithm-agnostic process. Even if initialised, it will not have

-registered any of its implementations (to do so would link all class "table"

-code despite the fact the application may use only ciphers, for example). This

-is deliberately a distinct step. Moreover, registration and unregistration has

-nothing to do with whether an ENGINE is *functional* or not (ie. you can even

-register an ENGINE and its implementations without it being operational, you may

-not even have the drivers to make it operate). What actually happens with

-respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"

-functions. These functions are internal-only and each part of ENGINE code that

-could require cleanup will, upon performing its first allocation, register a

-callback with the "engine_cleanup" code. The other part of this that makes it

-tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their

-initialised state. So if RSA code asks for an ENGINE and no ENGINE has

-registered an implementation, the code will simply return NULL and the tb_rsa.c

-state will be unchanged. Thus, no cleanup is required unless registration takes

-place. ENGINE_cleanup() will simply iterate across a list of registered cleanup

-callbacks calling each in turn, and will then internally delete its own storage

-(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is

-part of a gracefull restart and the application wants to cleanup all state then

-start again), the internal STACK storage will be freshly allocated. This is much

-the same as the situation in the ENGINE_TABLE instantiations ... NULL is the

-initialised state, so only modification operations (not queries) will cause that

-code to have to register a cleanup.

-What else? The bignum callbacks and associated ENGINE functions have been

-removed for two obvious reasons; (i) there was no way to generalise them to the

-mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM

-method, and (ii) because of (i), there was no meaningful way for library or

-application code to automatically hook and use ENGINE supplied bignum functions

-anyway. Also, ENGINE_cpy() has been removed (although an internal-only version

-exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good

-one and now certainly doesn't make sense in any generalised way. Some of the

-RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE

-changes have now, as a consequence, been reverted back. This is because the

-hooking of ENGINE is now automatic (and passive, it can interally use a NULL

-ENGINE pointer to simply ignore ENGINE from then on).

-Hell, that should be enough for now ... comments welcome: [email protected]

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_all.c

+++ /dev/null

@@ -1,122 +1,0 @@

-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte <[email protected]> for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include "eng_int.h"

-void ENGINE_load_builtin_engines(void)

-	{

-	/* There's no longer any need for an "openssl" ENGINE unless, one day,

-	 * it is the *only* way for standard builtin implementations to be be

-	 * accessed (ie. it would be possible to statically link binaries with

-	 * *no* builtin implementations). */

-#if 0

-	ENGINE_load_openssl();

-#endif

-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)

-	ENGINE_load_padlock();

-#endif

-	ENGINE_load_dynamic();

-#ifndef OPENSSL_NO_STATIC_ENGINE

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_4758_CCA

-	ENGINE_load_4758cca();

-#endif

-#ifndef OPENSSL_NO_HW_AEP

-	ENGINE_load_aep();

-#endif

-#ifndef OPENSSL_NO_HW_ATALLA

-	ENGINE_load_atalla();

-#endif

-#ifndef OPENSSL_NO_HW_CSWIFT

-	ENGINE_load_cswift();

-#endif

-#ifndef OPENSSL_NO_HW_NCIPHER

-	ENGINE_load_chil();

-#endif

-#ifndef OPENSSL_NO_HW_NURON

-	ENGINE_load_nuron();

-#endif

-#ifndef OPENSSL_NO_HW_SUREWARE

-	ENGINE_load_sureware();

-#endif

-#ifndef OPENSSL_NO_HW_UBSEC

-	ENGINE_load_ubsec();

-#endif

-#endif

-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)

-	ENGINE_load_gmp();

-#endif

-#endif

-#ifndef OPENSSL_NO_HW

-#if defined(__OpenBSD__) || defined(__FreeBSD__)

-	ENGINE_load_cryptodev();

-#endif

-#endif

-	}

-#if defined(__OpenBSD__) || defined(__FreeBSD__)

-void ENGINE_setup_bsd_cryptodev(void) {

-	static int bsd_cryptodev_default_loaded = 0;

-	if (!bsd_cryptodev_default_loaded) {

-		ENGINE_load_cryptodev();

-		ENGINE_register_all_complete();

-	}

-	bsd_cryptodev_default_loaded=1;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_cnf.c

+++ /dev/null

@@ -1,239 +1,0 @@

-/* eng_cnf.c */

-/* Written by Stephen Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-#include <openssl/conf.h>

-/* #define ENGINE_CONF_DEBUG */

-/* ENGINE config module */

-static char *skip_dot(char *name)

-	{

-	char *p;

-	p = strchr(name, '.');

-	if (p)

-		return p + 1;

-	return name;

-	}

-static STACK_OF(ENGINE) *initialized_engines = NULL;

-static int int_engine_init(ENGINE *e)

-	{

-	if (!ENGINE_init(e))

-		return 0;

-	if (!initialized_engines)

-		initialized_engines = sk_ENGINE_new_null();

-	if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))

-		{

-		ENGINE_finish(e);

-		return 0;

-		}

-	return 1;

-	}

-static int int_engine_configure(char *name, char *value, const CONF *cnf)

-	{

-	int i;

-	int ret = 0;

-	long do_init = -1;

-	STACK_OF(CONF_VALUE) *ecmds;

-	CONF_VALUE *ecmd;

-	char *ctrlname, *ctrlvalue;

-	ENGINE *e = NULL;

-	name = skip_dot(name);

-#ifdef ENGINE_CONF_DEBUG

-	fprintf(stderr, "Configuring engine %s\n", name);

-#endif

-	/* Value is a section containing ENGINE commands */

-	ecmds = NCONF_get_section(cnf, value);

-	if (!ecmds)

-		{

-		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);

-		return 0;

-		}

-	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)

-		{

-		ecmd = sk_CONF_VALUE_value(ecmds, i);

-		ctrlname = skip_dot(ecmd->name);

-		ctrlvalue = ecmd->value;

-#ifdef ENGINE_CONF_DEBUG

-	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);

-#endif

-		/* First handle some special pseudo ctrls */

-		/* Override engine name to use */

-		if (!strcmp(ctrlname, "engine_id"))

-			name = ctrlvalue;

-		/* Load a dynamic ENGINE */

-		else if (!strcmp(ctrlname, "dynamic_path"))

-			{

-			e = ENGINE_by_id("dynamic");

-			if (!e)

-				goto err;

-			if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))

-				goto err;

-			if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))

-				goto err;

-			if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))

-				goto err;

-			}

-		/* ... add other pseudos here ... */

-		else

-			{

-			/* At this point we need an ENGINE structural reference

-			 * if we don't already have one.

-			 */

-			if (!e)

-				{

-				e = ENGINE_by_id(name);

-				if (!e)

-					return 0;

-				}

-			/* Allow "EMPTY" to mean no value: this allows a valid

-			 * "value" to be passed to ctrls of type NO_INPUT

-		 	 */

-			if (!strcmp(ctrlvalue, "EMPTY"))

-				ctrlvalue = NULL;

-			if (!strcmp(ctrlname, "init"))

-				{

-				if (!NCONF_get_number_e(cnf, value, "init", &do_init))

-					goto err;

-				if (do_init == 1)

-					{

-					if (!int_engine_init(e))

-						goto err;

-					}

-				else if (do_init != 0)

-					{

-					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);

-					goto err;

-					}

-				}

-			else if (!strcmp(ctrlname, "default_algorithms"))

-				{

-				if (!ENGINE_set_default_string(e, ctrlvalue))

-					goto err;

-				}

-			else if (!ENGINE_ctrl_cmd_string(e,

-					ctrlname, ctrlvalue, 0))

-				return 0;

-			}

-		}

-	if (e && (do_init == -1) && !int_engine_init(e))

-		goto err;

-	ret = 1;

-	err:

-	if (e)

-		ENGINE_free(e);

-	return ret;

-	}

-static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)

-	{

-	STACK_OF(CONF_VALUE) *elist;

-	CONF_VALUE *cval;

-	int i;

-#ifdef ENGINE_CONF_DEBUG

-	fprintf(stderr, "Called engine module: name %s, value %s\n",

-			CONF_imodule_get_name(md), CONF_imodule_get_value(md));

-#endif

-	/* Value is a section containing ENGINEs to configure */

-	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));

-	if (!elist)

-		{

-		ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);

-		return 0;

-		}

-	for (i = 0; i < sk_CONF_VALUE_num(elist); i++)

-		{

-		cval = sk_CONF_VALUE_value(elist, i);

-		if (!int_engine_configure(cval->name, cval->value, cnf))

-			return 0;

-		}

-	return 1;

-	}

-static void int_engine_module_finish(CONF_IMODULE *md)

-	{

-	ENGINE *e;

-	while ((e = sk_ENGINE_pop(initialized_engines)))

-		ENGINE_finish(e);

-	sk_ENGINE_free(initialized_engines);

-	initialized_engines = NULL;

-	}

-void ENGINE_add_conf_module(void)

-	{

-	CONF_module_add("engines",

-			int_engine_module_init,

-			int_engine_module_finish);

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_cryptodev.c

+++ /dev/null

@@ -1,1133 +1,0 @@

-/*

- * Copyright (c) 2002 Bob Beck <[email protected]>

- * Copyright (c) 2002 Theo de Raadt

- * Copyright (c) 2002 Markus Friedl

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY

- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY

- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- *

- */

-#include <openssl/objects.h>

-#include <openssl/engine.h>

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \

-	(defined(OpenBSD) || defined(__FreeBSD_version))

-#include <sys/param.h>

-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)

-#  define HAVE_CRYPTODEV

-# endif

-# if (OpenBSD >= 200110)

-#  define HAVE_SYSLOG_R

-# endif

-#endif

-#ifndef HAVE_CRYPTODEV

-void

-ENGINE_load_cryptodev(void)

-{

-	/* This is a NOP on platforms without /dev/crypto */

-	return;

-}

-#else

-#include <sys/types.h>

-#include <crypto/cryptodev.h>

-#include <sys/ioctl.h>

-#include <errno.h>

-#include <stdio.h>

-#include <unistd.h>

-#include <fcntl.h>

-#include <stdarg.h>

-#include <syslog.h>

-#include <errno.h>

-#include <string.h>

-struct dev_crypto_state {

-	struct session_op d_sess;

-	int d_fd;

-};

-static u_int32_t cryptodev_asymfeat = 0;

-static int get_asym_dev_crypto(void);

-static int open_dev_crypto(void);

-static int get_dev_crypto(void);

-static int cryptodev_max_iv(int cipher);

-static int cryptodev_key_length_valid(int cipher, int len);

-static int cipher_nid_to_cryptodev(int nid);

-static int get_cryptodev_ciphers(const int **cnids);

-static int get_cryptodev_digests(const int **cnids);

-static int cryptodev_usable_ciphers(const int **nids);

-static int cryptodev_usable_digests(const int **nids);

-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-    const unsigned char *in, unsigned int inl);

-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-    const unsigned char *iv, int enc);

-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);

-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,

-    const int **nids, int nid);

-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,

-    const int **nids, int nid);

-static int bn2crparam(const BIGNUM *a, struct crparam *crp);

-static int crparam2bn(struct crparam *crp, BIGNUM *a);

-static void zapparams(struct crypt_kop *kop);

-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,

-    int slen, BIGNUM *s);

-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,

-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,

-    RSA *rsa);

-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,

-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,

-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,

-    BN_CTX *ctx, BN_MONT_CTX *mont);

-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,

-    int dlen, DSA *dsa);

-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,

-    DSA_SIG *sig, DSA *dsa);

-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-    BN_MONT_CTX *m_ctx);

-static int cryptodev_dh_compute_key(unsigned char *key,

-    const BIGNUM *pub_key, DH *dh);

-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,

-    void (*f)());

-void ENGINE_load_cryptodev(void);

-static const ENGINE_CMD_DEFN cryptodev_defns[] = {

-	{ 0, NULL, NULL, 0 }

-};

-static struct {

-	int	id;

-	int	nid;

-	int	ivmax;

-	int	keylen;

-} ciphers[] = {

-	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },

-	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },

-	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },

-	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },

-	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },

-	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },

-	{ 0,				NID_undef,		0,	 0, },

-};

-static struct {

-	int	id;

-	int	nid;

-} digests[] = {

-	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	},

-	{ CRYPTO_RIPEMD160_HMAC,	NID_ripemd160,		},

-	{ CRYPTO_MD5_KPDK,		NID_undef,		},

-	{ CRYPTO_SHA1_KPDK,		NID_undef,		},

-	{ CRYPTO_MD5,			NID_md5,		},

-	{ CRYPTO_SHA1,			NID_undef,		},

-	{ 0,				NID_undef,		},

-};

-/*

- * Return a fd if /dev/crypto seems usable, 0 otherwise.

- */

-static int

-open_dev_crypto(void)

-{

-	static int fd = -1;

-	if (fd == -1) {

-		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)

-			return (-1);

-		/* close on exec */

-		if (fcntl(fd, F_SETFD, 1) == -1) {

-			close(fd);

-			fd = -1;

-			return (-1);

-		}

-	}

-	return (fd);

-}

-static int

-get_dev_crypto(void)

-{

-	int fd, retfd;

-	if ((fd = open_dev_crypto()) == -1)

-		return (-1);

-	if (ioctl(fd, CRIOGET, &retfd) == -1)

-		return (-1);

-	/* close on exec */

-	if (fcntl(retfd, F_SETFD, 1) == -1) {

-		close(retfd);

-		return (-1);

-	}

-	return (retfd);

-}

-/* Caching version for asym operations */

-static int

-get_asym_dev_crypto(void)

-{

-	static int fd = -1;

-	if (fd == -1)

-		fd = get_dev_crypto();

-	return fd;

-}

-/*

- * XXXX this needs to be set for each alg - and determined from

- * a running card.

- */

-static int

-cryptodev_max_iv(int cipher)

-{

-	int i;

-	for (i = 0; ciphers[i].id; i++)

-		if (ciphers[i].id == cipher)

-			return (ciphers[i].ivmax);

-	return (0);

-}

-/*

- * XXXX this needs to be set for each alg - and determined from

- * a running card. For now, fake it out - but most of these

- * for real devices should return 1 for the supported key

- * sizes the device can handle.

- */

-static int

-cryptodev_key_length_valid(int cipher, int len)

-{

-	int i;

-	for (i = 0; ciphers[i].id; i++)

-		if (ciphers[i].id == cipher)

-			return (ciphers[i].keylen == len);

-	return (0);

-}

-/* convert libcrypto nids to cryptodev */

-static int

-cipher_nid_to_cryptodev(int nid)

-{

-	int i;

-	for (i = 0; ciphers[i].id; i++)

-		if (ciphers[i].nid == nid)

-			return (ciphers[i].id);

-	return (0);

-}

-/*

- * Find out what ciphers /dev/crypto will let us have a session for.

- * XXX note, that some of these openssl doesn't deal with yet!

- * returning them here is harmless, as long as we return NULL

- * when asked for a handler in the cryptodev_engine_ciphers routine

- */

-static int

-get_cryptodev_ciphers(const int **cnids)

-{

-	static int nids[CRYPTO_ALGORITHM_MAX];

-	struct session_op sess;

-	int fd, i, count = 0;

-	if ((fd = get_dev_crypto()) < 0) {

-		*cnids = NULL;

-		return (0);

-	}

-	memset(&sess, 0, sizeof(sess));

-	sess.key = (caddr_t)"123456781234567812345678";

-	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {

-		if (ciphers[i].nid == NID_undef)

-			continue;

-		sess.cipher = ciphers[i].id;

-		sess.keylen = ciphers[i].keylen;

-		sess.mac = 0;

-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&

-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)

-			nids[count++] = ciphers[i].nid;

-	}

-	close(fd);

-	if (count > 0)

-		*cnids = nids;

-	else

-		*cnids = NULL;

-	return (count);

-}

-/*

- * Find out what digests /dev/crypto will let us have a session for.

- * XXX note, that some of these openssl doesn't deal with yet!

- * returning them here is harmless, as long as we return NULL

- * when asked for a handler in the cryptodev_engine_digests routine

- */

-static int

-get_cryptodev_digests(const int **cnids)

-{

-	static int nids[CRYPTO_ALGORITHM_MAX];

-	struct session_op sess;

-	int fd, i, count = 0;

-	if ((fd = get_dev_crypto()) < 0) {

-		*cnids = NULL;

-		return (0);

-	}

-	memset(&sess, 0, sizeof(sess));

-	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {

-		if (digests[i].nid == NID_undef)

-			continue;

-		sess.mac = digests[i].id;

-		sess.cipher = 0;

-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&

-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)

-			nids[count++] = digests[i].nid;

-	}

-	close(fd);

-	if (count > 0)

-		*cnids = nids;

-	else

-		*cnids = NULL;

-	return (count);

-}

-/*

- * Find the useable ciphers|digests from dev/crypto - this is the first

- * thing called by the engine init crud which determines what it

- * can use for ciphers from this engine. We want to return

- * only what we can do, anythine else is handled by software.

- *

- * If we can't initialize the device to do anything useful for

- * any reason, we want to return a NULL array, and 0 length,

- * which forces everything to be done is software. By putting

- * the initalization of the device in here, we ensure we can

- * use this engine as the default, and if for whatever reason

- * /dev/crypto won't do what we want it will just be done in

- * software

- *

- * This can (should) be greatly expanded to perhaps take into

- * account speed of the device, and what we want to do.

- * (although the disabling of particular alg's could be controlled

- * by the device driver with sysctl's.) - this is where we

- * want most of the decisions made about what we actually want

- * to use from /dev/crypto.

- */

-static int

-cryptodev_usable_ciphers(const int **nids)

-{

-	return (get_cryptodev_ciphers(nids));

-}

-static int

-cryptodev_usable_digests(const int **nids)

-{

-	/*

-	 * XXXX just disable all digests for now, because it sucks.

-	 * we need a better way to decide this - i.e. I may not

-	 * want digests on slow cards like hifn on fast machines,

-	 * but might want them on slow or loaded machines, etc.

-	 * will also want them when using crypto cards that don't

-	 * suck moose gonads - would be nice to be able to decide something

-	 * as reasonable default without having hackery that's card dependent.

-	 * of course, the default should probably be just do everything,

-	 * with perhaps a sysctl to turn algoritms off (or have them off

-	 * by default) on cards that generally suck like the hifn.

-	 */

-	*nids = NULL;

-	return (0);

-}

-static int

-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-    const unsigned char *in, unsigned int inl)

-{

-	struct crypt_op cryp;

-	struct dev_crypto_state *state = ctx->cipher_data;

-	struct session_op *sess = &state->d_sess;

-	void *iiv;

-	unsigned char save_iv[EVP_MAX_IV_LENGTH];

-	if (state->d_fd < 0)

-		return (0);

-	if (!inl)

-		return (1);

-	if ((inl % ctx->cipher->block_size) != 0)

-		return (0);

-	memset(&cryp, 0, sizeof(cryp));

-	cryp.ses = sess->ses;

-	cryp.flags = 0;

-	cryp.len = inl;

-	cryp.src = (caddr_t) in;

-	cryp.dst = (caddr_t) out;

-	cryp.mac = 0;

-	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;

-	if (ctx->cipher->iv_len) {

-		cryp.iv = (caddr_t) ctx->iv;

-		if (!ctx->encrypt) {

-			iiv = (void *) in + inl - ctx->cipher->iv_len;

-			memcpy(save_iv, iiv, ctx->cipher->iv_len);

-		}

-	} else

-		cryp.iv = NULL;

-	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {

-		/* XXX need better errror handling

-		 * this can fail for a number of different reasons.

-		 */

-		return (0);

-	}

-	if (ctx->cipher->iv_len) {

-		if (ctx->encrypt)

-			iiv = (void *) out + inl - ctx->cipher->iv_len;

-		else

-			iiv = save_iv;

-		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);

-	}

-	return (1);

-}

-static int

-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-    const unsigned char *iv, int enc)

-{

-	struct dev_crypto_state *state = ctx->cipher_data;

-	struct session_op *sess = &state->d_sess;

-	int cipher;

-	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)

-		return (0);

-	if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))

-		return (0);

-	if (!cryptodev_key_length_valid(cipher, ctx->key_len))

-		return (0);

-	memset(sess, 0, sizeof(struct session_op));

-	if ((state->d_fd = get_dev_crypto()) < 0)

-		return (0);

-	sess->key = (unsigned char *)key;

-	sess->keylen = ctx->key_len;

-	sess->cipher = cipher;

-	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {

-		close(state->d_fd);

-		state->d_fd = -1;

-		return (0);

-	}

-	return (1);

-}

-/*

- * free anything we allocated earlier when initting a

- * session, and close the session.

- */

-static int

-cryptodev_cleanup(EVP_CIPHER_CTX *ctx)

-{

-	int ret = 0;

-	struct dev_crypto_state *state = ctx->cipher_data;

-	struct session_op *sess = &state->d_sess;

-	if (state->d_fd < 0)

-		return (0);

-	/* XXX if this ioctl fails, someting's wrong. the invoker

-	 * may have called us with a bogus ctx, or we could

-	 * have a device that for whatever reason just doesn't

-	 * want to play ball - it's not clear what's right

-	 * here - should this be an error? should it just

-	 * increase a counter, hmm. For right now, we return

-	 * 0 - I don't believe that to be "right". we could

-	 * call the gorpy openssl lib error handlers that

-	 * print messages to users of the library. hmm..

-	 */

-	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {

-		ret = 0;

-	} else {

-		ret = 1;

-	}

-	close(state->d_fd);

-	state->d_fd = -1;

-	return (ret);

-}

-/*

- * libcrypto EVP stuff - this is how we get wired to EVP so the engine

- * gets called when libcrypto requests a cipher NID.

- */

-/* DES CBC EVP */

-const EVP_CIPHER cryptodev_des_cbc = {

-	NID_des_cbc,

-	8, 8, 8,

-	EVP_CIPH_CBC_MODE,

-	cryptodev_init_key,

-	cryptodev_cipher,

-	cryptodev_cleanup,

-	sizeof(struct dev_crypto_state),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL

-};

-/* 3DES CBC EVP */

-const EVP_CIPHER cryptodev_3des_cbc = {

-	NID_des_ede3_cbc,

-	8, 24, 8,

-	EVP_CIPH_CBC_MODE,

-	cryptodev_init_key,

-	cryptodev_cipher,

-	cryptodev_cleanup,

-	sizeof(struct dev_crypto_state),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL

-};

-const EVP_CIPHER cryptodev_bf_cbc = {

-	NID_bf_cbc,

-	8, 16, 8,

-	EVP_CIPH_CBC_MODE,

-	cryptodev_init_key,

-	cryptodev_cipher,

-	cryptodev_cleanup,

-	sizeof(struct dev_crypto_state),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL

-};

-const EVP_CIPHER cryptodev_cast_cbc = {

-	NID_cast5_cbc,

-	8, 16, 8,

-	EVP_CIPH_CBC_MODE,

-	cryptodev_init_key,

-	cryptodev_cipher,

-	cryptodev_cleanup,

-	sizeof(struct dev_crypto_state),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL

-};

-const EVP_CIPHER cryptodev_aes_cbc = {

-	NID_aes_128_cbc,

-	16, 16, 16,

-	EVP_CIPH_CBC_MODE,

-	cryptodev_init_key,

-	cryptodev_cipher,

-	cryptodev_cleanup,

-	sizeof(struct dev_crypto_state),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL

-};

-/*

- * Registered by the ENGINE when used to find out how to deal with

- * a particular NID in the ENGINE. this says what we'll do at the

- * top level - note, that list is restricted by what we answer with

- */

-static int

-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,

-    const int **nids, int nid)

-{

-	if (!cipher)

-		return (cryptodev_usable_ciphers(nids));

-	switch (nid) {

-	case NID_des_ede3_cbc:

-		*cipher = &cryptodev_3des_cbc;

-		break;

-	case NID_des_cbc:

-		*cipher = &cryptodev_des_cbc;

-		break;

-	case NID_bf_cbc:

-		*cipher = &cryptodev_bf_cbc;

-		break;

-	case NID_cast5_cbc:

-		*cipher = &cryptodev_cast_cbc;

-		break;

-	case NID_aes_128_cbc:

-		*cipher = &cryptodev_aes_cbc;

-		break;

-	default:

-		*cipher = NULL;

-		break;

-	}

-	return (*cipher != NULL);

-}

-static int

-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,

-    const int **nids, int nid)

-{

-	if (!digest)

-		return (cryptodev_usable_digests(nids));

-	switch (nid) {

-	case NID_md5:

-		*digest = NULL; /* need to make a clean md5 critter */

-		break;

-	default:

-		*digest = NULL;

-		break;

-	}

-	return (*digest != NULL);

-}

-/*

- * Convert a BIGNUM to the representation that /dev/crypto needs.

- * Upon completion of use, the caller is responsible for freeing

- * crp->crp_p.

- */

-static int

-bn2crparam(const BIGNUM *a, struct crparam *crp)

-{

-	int i, j, k;

-	ssize_t words, bytes, bits;

-	u_char *b;

-	crp->crp_p = NULL;

-	crp->crp_nbits = 0;

-	bits = BN_num_bits(a);

-	bytes = (bits + 7) / 8;

-	b = malloc(bytes);

-	if (b == NULL)

-		return (1);

-	crp->crp_p = b;

-	crp->crp_nbits = bits;

-	for (i = 0, j = 0; i < a->top; i++) {

-		for (k = 0; k < BN_BITS2 / 8; k++) {

-			if ((j + k) >= bytes)

-				return (0);

-			b[j + k] = a->d[i] >> (k * 8);

-		}

-		j += BN_BITS2 / 8;

-	}

-	return (0);

-}

-/* Convert a /dev/crypto parameter to a BIGNUM */

-static int

-crparam2bn(struct crparam *crp, BIGNUM *a)

-{

-	u_int8_t *pd;

-	int i, bytes;

-	bytes = (crp->crp_nbits + 7) / 8;

-	if (bytes == 0)

-		return (-1);

-	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)

-		return (-1);

-	for (i = 0; i < bytes; i++)

-		pd[i] = crp->crp_p[bytes - i - 1];

-	BN_bin2bn(pd, bytes, a);

-	free(pd);

-	return (0);

-}

-static void

-zapparams(struct crypt_kop *kop)

-{

-	int i;

-	for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {

-		if (kop->crk_param[i].crp_p)

-			free(kop->crk_param[i].crp_p);

-		kop->crk_param[i].crp_p = NULL;

-		kop->crk_param[i].crp_nbits = 0;

-	}

-}

-static int

-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)

-{

-	int fd, ret = -1;

-	if ((fd = get_asym_dev_crypto()) < 0)

-		return (ret);

-	if (r) {

-		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));

-		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;

-		kop->crk_oparams++;

-	}

-	if (s) {

-		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));

-		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;

-		kop->crk_oparams++;

-	}

-	if (ioctl(fd, CIOCKEY, kop) == 0) {

-		if (r)

-			crparam2bn(&kop->crk_param[kop->crk_iparams], r);

-		if (s)

-			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);

-		ret = 0;

-	}

-	return (ret);

-}

-static int

-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)

-{

-	struct crypt_kop kop;

-	int ret = 1;

-	/* Currently, we know we can do mod exp iff we can do any

-	 * asymmetric operations at all.

-	 */

-	if (cryptodev_asymfeat == 0) {

-		ret = BN_mod_exp(r, a, p, m, ctx);

-		return (ret);

-	}

-	memset(&kop, 0, sizeof kop);

-	kop.crk_op = CRK_MOD_EXP;

-	/* inputs: a^p % m */

-	if (bn2crparam(a, &kop.crk_param[0]))

-		goto err;

-	if (bn2crparam(p, &kop.crk_param[1]))

-		goto err;

-	if (bn2crparam(m, &kop.crk_param[2]))

-		goto err;

-	kop.crk_iparams = 3;

-	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {

-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();

-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);

-	}

-err:

-	zapparams(&kop);

-	return (ret);

-}

-static int

-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)

-{

-	int r;

-	BN_CTX *ctx;

-	ctx = BN_CTX_new();

-	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);

-	BN_CTX_free(ctx);

-	return (r);

-}

-static int

-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-{

-	struct crypt_kop kop;

-	int ret = 1;

-	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {

-		/* XXX 0 means failure?? */

-		return (0);

-	}

-	memset(&kop, 0, sizeof kop);

-	kop.crk_op = CRK_MOD_EXP_CRT;

-	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */

-	if (bn2crparam(rsa->p, &kop.crk_param[0]))

-		goto err;

-	if (bn2crparam(rsa->q, &kop.crk_param[1]))

-		goto err;

-	if (bn2crparam(I, &kop.crk_param[2]))

-		goto err;

-	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))

-		goto err;

-	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))

-		goto err;

-	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))

-		goto err;

-	kop.crk_iparams = 6;

-	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {

-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();

-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);

-	}

-err:

-	zapparams(&kop);

-	return (ret);

-}

-static RSA_METHOD cryptodev_rsa = {

-	"cryptodev RSA method",

-	NULL,				/* rsa_pub_enc */

-	NULL,				/* rsa_pub_dec */

-	NULL,				/* rsa_priv_enc */

-	NULL,				/* rsa_priv_dec */

-	NULL,

-	NULL,

-	NULL,				/* init */

-	NULL,				/* finish */

-	0,				/* flags */

-	NULL,				/* app_data */

-	NULL,				/* rsa_sign */

-	NULL				/* rsa_verify */

-};

-static int

-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,

-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-{

-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));

-}

-static int

-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,

-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,

-    BN_CTX *ctx, BN_MONT_CTX *mont)

-{

-	BIGNUM t2;

-	int ret = 0;

-	BN_init(&t2);

-	/* v = ( g^u1 * y^u2 mod p ) mod q */

-	/* let t1 = g ^ u1 mod p */

-	ret = 0;

-	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))

-		goto err;

-	/* let t2 = y ^ u2 mod p */

-	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))

-		goto err;

-	/* let u1 = t1 * t2 mod p */

-	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))

-		goto err;

-	BN_copy(t1,u1);

-	ret = 1;

-err:

-	BN_free(&t2);

-	return(ret);

-}

-static DSA_SIG *

-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)

-{

-	struct crypt_kop kop;

-	BIGNUM *r = NULL, *s = NULL;

-	DSA_SIG *dsaret = NULL;

-	if ((r = BN_new()) == NULL)

-		goto err;

-	if ((s = BN_new()) == NULL) {

-		BN_free(r);

-		goto err;

-	}

-	memset(&kop, 0, sizeof kop);

-	kop.crk_op = CRK_DSA_SIGN;

-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */

-	kop.crk_param[0].crp_p = (caddr_t)dgst;

-	kop.crk_param[0].crp_nbits = dlen * 8;

-	if (bn2crparam(dsa->p, &kop.crk_param[1]))

-		goto err;

-	if (bn2crparam(dsa->q, &kop.crk_param[2]))

-		goto err;

-	if (bn2crparam(dsa->g, &kop.crk_param[3]))

-		goto err;

-	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))

-		goto err;

-	kop.crk_iparams = 5;

-	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,

-	    BN_num_bytes(dsa->q), s) == 0) {

-		dsaret = DSA_SIG_new();

-		dsaret->r = r;

-		dsaret->s = s;

-	} else {

-		const DSA_METHOD *meth = DSA_OpenSSL();

-		BN_free(r);

-		BN_free(s);

-		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);

-	}

-err:

-	kop.crk_param[0].crp_p = NULL;

-	zapparams(&kop);

-	return (dsaret);

-}

-static int

-cryptodev_dsa_verify(const unsigned char *dgst, int dlen,

-    DSA_SIG *sig, DSA *dsa)

-{

-	struct crypt_kop kop;

-	int dsaret = 1;

-	memset(&kop, 0, sizeof kop);

-	kop.crk_op = CRK_DSA_VERIFY;

-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */

-	kop.crk_param[0].crp_p = (caddr_t)dgst;

-	kop.crk_param[0].crp_nbits = dlen * 8;

-	if (bn2crparam(dsa->p, &kop.crk_param[1]))

-		goto err;

-	if (bn2crparam(dsa->q, &kop.crk_param[2]))

-		goto err;

-	if (bn2crparam(dsa->g, &kop.crk_param[3]))

-		goto err;

-	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))

-		goto err;

-	if (bn2crparam(sig->r, &kop.crk_param[5]))

-		goto err;

-	if (bn2crparam(sig->s, &kop.crk_param[6]))

-		goto err;

-	kop.crk_iparams = 7;

-	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {

-		dsaret = kop.crk_status;

-	} else {

-		const DSA_METHOD *meth = DSA_OpenSSL();

-		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);

-	}

-err:

-	kop.crk_param[0].crp_p = NULL;

-	zapparams(&kop);

-	return (dsaret);

-}

-static DSA_METHOD cryptodev_dsa = {

-	"cryptodev DSA method",

-	NULL,

-	NULL,				/* dsa_sign_setup */

-	NULL,

-	NULL,				/* dsa_mod_exp */

-	NULL,

-	NULL,				/* init */

-	NULL,				/* finish */

-	0,	/* flags */

-	NULL	/* app_data */

-};

-static int

-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-    BN_MONT_CTX *m_ctx)

-{

-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));

-}

-static int

-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)

-{

-	struct crypt_kop kop;

-	int dhret = 1;

-	int fd, keylen;

-	if ((fd = get_asym_dev_crypto()) < 0) {

-		const DH_METHOD *meth = DH_OpenSSL();

-		return ((meth->compute_key)(key, pub_key, dh));

-	}

-	keylen = BN_num_bits(dh->p);

-	memset(&kop, 0, sizeof kop);

-	kop.crk_op = CRK_DH_COMPUTE_KEY;

-	/* inputs: dh->priv_key pub_key dh->p key */

-	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))

-		goto err;

-	if (bn2crparam(pub_key, &kop.crk_param[1]))

-		goto err;

-	if (bn2crparam(dh->p, &kop.crk_param[2]))

-		goto err;

-	kop.crk_iparams = 3;

-	kop.crk_param[3].crp_p = key;

-	kop.crk_param[3].crp_nbits = keylen * 8;

-	kop.crk_oparams = 1;

-	if (ioctl(fd, CIOCKEY, &kop) == -1) {

-		const DH_METHOD *meth = DH_OpenSSL();

-		dhret = (meth->compute_key)(key, pub_key, dh);

-	}

-err:

-	kop.crk_param[3].crp_p = NULL;

-	zapparams(&kop);

-	return (dhret);

-}

-static DH_METHOD cryptodev_dh = {

-	"cryptodev DH method",

-	NULL,				/* cryptodev_dh_generate_key */

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	0,	/* flags */

-	NULL	/* app_data */

-};

-/*

- * ctrl right now is just a wrapper that doesn't do much

- * but I expect we'll want some options soon.

- */

-static int

-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())

-{

-#ifdef HAVE_SYSLOG_R

-	struct syslog_data sd = SYSLOG_DATA_INIT;

-#endif

-	switch (cmd) {

-	default:

-#ifdef HAVE_SYSLOG_R

-		syslog_r(LOG_ERR, &sd,

-		    "cryptodev_ctrl: unknown command %d", cmd);

-#else

-		syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);

-#endif

-		break;

-	}

-	return (1);

-}

-void

-ENGINE_load_cryptodev(void)

-{

-	ENGINE *engine = ENGINE_new();

-	int fd;

-	if (engine == NULL)

-		return;

-	if ((fd = get_dev_crypto()) < 0) {

-		ENGINE_free(engine);

-		return;

-	}

-	/*

-	 * find out what asymmetric crypto algorithms we support

-	 */

-	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {

-		close(fd);

-		ENGINE_free(engine);

-		return;

-	}

-	close(fd);

-	if (!ENGINE_set_id(engine, "cryptodev") ||

-	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||

-	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||

-	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||

-	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||

-	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {

-		ENGINE_free(engine);

-		return;

-	}

-	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {

-		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();

-		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;

-		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;

-		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;

-		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;

-		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;

-		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;

-		if (cryptodev_asymfeat & CRF_MOD_EXP) {

-			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;

-			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)

-				cryptodev_rsa.rsa_mod_exp =

-				    cryptodev_rsa_mod_exp;

-			else

-				cryptodev_rsa.rsa_mod_exp =

-				    cryptodev_rsa_nocrt_mod_exp;

-		}

-	}

-	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {

-		const DSA_METHOD *meth = DSA_OpenSSL();

-		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));

-		if (cryptodev_asymfeat & CRF_DSA_SIGN)

-			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;

-		if (cryptodev_asymfeat & CRF_MOD_EXP) {

-			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;

-			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;

-		}

-		if (cryptodev_asymfeat & CRF_DSA_VERIFY)

-			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;

-	}

-	if (ENGINE_set_DH(engine, &cryptodev_dh)){

-		const DH_METHOD *dh_meth = DH_OpenSSL();

-		cryptodev_dh.generate_key = dh_meth->generate_key;

-		cryptodev_dh.compute_key = dh_meth->compute_key;

-		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;

-		if (cryptodev_asymfeat & CRF_MOD_EXP) {

-			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;

-			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)

-				cryptodev_dh.compute_key =

-				    cryptodev_dh_compute_key;

-		}

-	}

-	ENGINE_add(engine);

-	ENGINE_free(engine);

-	ERR_clear_error();

-}

-#endif /* HAVE_CRYPTODEV */

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_ctrl.c

+++ /dev/null

@@ -1,389 +1,0 @@

-/* crypto/engine/eng_ctrl.c */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* When querying a ENGINE-specific control command's 'description', this string

- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */

-static const char *int_no_description = "";

-/* These internal functions handle 'CMD'-related control commands when the

- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not

- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */

-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)

-	{

-	if((defn->cmd_num == 0) || (defn->cmd_name == NULL))

-		return 1;

-	return 0;

-	}

-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)

-	{

-	int idx = 0;

-	while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))

-		{

-		idx++;

-		defn++;

-		}

-	if(int_ctrl_cmd_is_null(defn))

-		/* The given name wasn't found */

-		return -1;

-	return idx;

-	}

-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)

-	{

-	int idx = 0;

-	/* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So

-	 * our searches don't need to take any longer than necessary. */

-	while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))

-		{

-		idx++;

-		defn++;

-		}

-	if(defn->cmd_num == num)

-		return idx;

-	/* The given cmd_num wasn't found */

-	return -1;

-	}

-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,

-			   void (*f)(void))

-	{

-	int idx;

-	char *s = (char *)p;

-	/* Take care of the easy one first (eg. it requires no searches) */

-	if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)

-		{

-		if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))

-			return 0;

-		return e->cmd_defns->cmd_num;

-		}

-	/* One or two commands require that "p" be a valid string buffer */

-	if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||

-			(cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||

-			(cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))

-		{

-		if(s == NULL)

-			{

-			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,

-				ERR_R_PASSED_NULL_PARAMETER);

-			return -1;

-			}

-		}

-	/* Now handle cmd_name -> cmd_num conversion */

-	if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)

-		{

-		if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(

-						e->cmd_defns, s)) < 0))

-			{

-			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,

-				ENGINE_R_INVALID_CMD_NAME);

-			return -1;

-			}

-		return e->cmd_defns[idx].cmd_num;

-		}

-	/* For the rest of the commands, the 'long' argument must specify a

-	 * valie command number - so we need to conduct a search. */

-	if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,

-					(unsigned int)i)) < 0))

-		{

-		ENGINEerr(ENGINE_F_INT_CTRL_HELPER,

-			ENGINE_R_INVALID_CMD_NUMBER);

-		return -1;

-		}

-	/* Now the logic splits depending on command type */

-	switch(cmd)

-		{

-	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:

-		idx++;

-		if(int_ctrl_cmd_is_null(e->cmd_defns + idx))

-			/* end-of-list */

-			return 0;

-		else

-			return e->cmd_defns[idx].cmd_num;

-	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:

-		return strlen(e->cmd_defns[idx].cmd_name);

-	case ENGINE_CTRL_GET_NAME_FROM_CMD:

-		return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,

-				    "%s", e->cmd_defns[idx].cmd_name);

-	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:

-		if(e->cmd_defns[idx].cmd_desc)

-			return strlen(e->cmd_defns[idx].cmd_desc);

-		return strlen(int_no_description);

-	case ENGINE_CTRL_GET_DESC_FROM_CMD:

-		if(e->cmd_defns[idx].cmd_desc)

-			return BIO_snprintf(s,

-					    strlen(e->cmd_defns[idx].cmd_desc) + 1,

-					    "%s", e->cmd_defns[idx].cmd_desc);

-		return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",

-				    int_no_description);

-	case ENGINE_CTRL_GET_CMD_FLAGS:

-		return e->cmd_defns[idx].cmd_flags;

-		}

-	/* Shouldn't really be here ... */

-	ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);

-	return -1;

-	}

-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int ctrl_exists, ref_exists;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	ref_exists = ((e->struct_ref > 0) ? 1 : 0);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);

-	if(!ref_exists)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);

-		return 0;

-		}

-	/* Intercept any "root-level" commands before trying to hand them on to

-	 * ctrl() handlers. */

-	switch(cmd)

-		{

-	case ENGINE_CTRL_HAS_CTRL_FUNCTION:

-		return ctrl_exists;

-	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:

-	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:

-	case ENGINE_CTRL_GET_CMD_FROM_NAME:

-	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:

-	case ENGINE_CTRL_GET_NAME_FROM_CMD:

-	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:

-	case ENGINE_CTRL_GET_DESC_FROM_CMD:

-	case ENGINE_CTRL_GET_CMD_FLAGS:

-		if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))

-			return int_ctrl_helper(e,cmd,i,p,f);

-		if(!ctrl_exists)

-			{

-			ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);

-			/* For these cmd-related functions, failure is indicated

-			 * by a -1 return value (because 0 is used as a valid

-			 * return in some places). */

-			return -1;

-			}

-	default:

-		break;

-		}

-	/* Anything else requires a ctrl() handler to exist. */

-	if(!ctrl_exists)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);

-		return 0;

-		}

-	return e->ctrl(e, cmd, i, p, f);

-	}

-int ENGINE_cmd_is_executable(ENGINE *e, int cmd)

-	{

-	int flags;

-	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,

-			ENGINE_R_INVALID_CMD_NUMBER);

-		return 0;

-		}

-	if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&

-			!(flags & ENGINE_CMD_FLAG_NUMERIC) &&

-			!(flags & ENGINE_CMD_FLAG_STRING))

-		return 0;

-	return 1;

-	}

-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,

-        long i, void *p, void (*f)(void), int cmd_optional)

-        {

-	int num;

-	if((e == NULL) || (cmd_name == NULL))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,

-					ENGINE_CTRL_GET_CMD_FROM_NAME,

-					0, (void *)cmd_name, NULL)) <= 0))

-		{

-		/* If the command didn't *have* to be supported, we fake

-		 * success. This allows certain settings to be specified for

-		 * multiple ENGINEs and only require a change of ENGINE id

-		 * (without having to selectively apply settings). Eg. changing

-		 * from a hardware device back to the regular software ENGINE

-		 * without editing the config file, etc. */

-		if(cmd_optional)

-			{

-			ERR_clear_error();

-			return 1;

-			}

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,

-			ENGINE_R_INVALID_CMD_NAME);

-		return 0;

-		}

-	/* Force the result of the control command to 0 or 1, for the reasons

-	 * mentioned before. */

-        if (ENGINE_ctrl(e, num, i, p, f))

-                return 1;

-        return 0;

-        }

-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,

-				int cmd_optional)

-	{

-	int num, flags;

-	long l;

-	char *ptr;

-	if((e == NULL) || (cmd_name == NULL))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,

-					ENGINE_CTRL_GET_CMD_FROM_NAME,

-					0, (void *)cmd_name, NULL)) <= 0))

-		{

-		/* If the command didn't *have* to be supported, we fake

-		 * success. This allows certain settings to be specified for

-		 * multiple ENGINEs and only require a change of ENGINE id

-		 * (without having to selectively apply settings). Eg. changing

-		 * from a hardware device back to the regular software ENGINE

-		 * without editing the config file, etc. */

-		if(cmd_optional)

-			{

-			ERR_clear_error();

-			return 1;

-			}

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ENGINE_R_INVALID_CMD_NAME);

-		return 0;

-		}

-	if(!ENGINE_cmd_is_executable(e, num))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ENGINE_R_CMD_NOT_EXECUTABLE);

-		return 0;

-		}

-	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)

-		{

-		/* Shouldn't happen, given that ENGINE_cmd_is_executable()

-		 * returned success. */

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ENGINE_R_INTERNAL_LIST_ERROR);

-		return 0;

-		}

-	/* If the command takes no input, there must be no input. And vice

-	 * versa. */

-	if(flags & ENGINE_CMD_FLAG_NO_INPUT)

-		{

-		if(arg != NULL)

-			{

-			ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-				ENGINE_R_COMMAND_TAKES_NO_INPUT);

-			return 0;

-			}

-		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1

-		 * rather than returning it as "return data". This is to ensure

-		 * usage of these commands is consistent across applications and

-		 * that certain applications don't understand it one way, and

-		 * others another. */

-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))

-			return 1;

-		return 0;

-		}

-	/* So, we require input */

-	if(arg == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ENGINE_R_COMMAND_TAKES_INPUT);

-		return 0;

-		}

-	/* If it takes string input, that's easy */

-	if(flags & ENGINE_CMD_FLAG_STRING)

-		{

-		/* Same explanation as above */

-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))

-			return 1;

-		return 0;

-		}

-	/* If it doesn't take numeric either, then it is unsupported for use in

-	 * a config-setting situation, which is what this function is for. This

-	 * should never happen though, because ENGINE_cmd_is_executable() was

-	 * used. */

-	if(!(flags & ENGINE_CMD_FLAG_NUMERIC))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ENGINE_R_INTERNAL_LIST_ERROR);

-		return 0;

-		}

-	l = strtol(arg, &ptr, 10);

-	if((arg == ptr) || (*ptr != '\0'))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,

-			ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);

-		return 0;

-		}

-	/* Force the result of the control command to 0 or 1, for the reasons

-	 * mentioned before. */

-	if(ENGINE_ctrl(e, num, l, NULL, NULL))

-		return 1;

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_dyn.c

+++ /dev/null

@@ -1,548 +1,0 @@

-/* crypto/engine/eng_dyn.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-#include <openssl/dso.h>

-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader

- * should implement the hook-up functions with the following prototypes. */

-/* Our ENGINE handlers */

-static int dynamic_init(ENGINE *e);

-static int dynamic_finish(ENGINE *e);

-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-/* Predeclare our context type */

-typedef struct st_dynamic_data_ctx dynamic_data_ctx;

-/* The implementation for the important control command */

-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);

-#define DYNAMIC_CMD_SO_PATH		ENGINE_CMD_BASE

-#define DYNAMIC_CMD_NO_VCHECK		(ENGINE_CMD_BASE + 1)

-#define DYNAMIC_CMD_ID			(ENGINE_CMD_BASE + 2)

-#define DYNAMIC_CMD_LIST_ADD		(ENGINE_CMD_BASE + 3)

-#define DYNAMIC_CMD_DIR_LOAD		(ENGINE_CMD_BASE + 4)

-#define DYNAMIC_CMD_DIR_ADD		(ENGINE_CMD_BASE + 5)

-#define DYNAMIC_CMD_LOAD		(ENGINE_CMD_BASE + 6)

-/* The constants used when creating the ENGINE */

-static const char *engine_dynamic_id = "dynamic";

-static const char *engine_dynamic_name = "Dynamic engine loading support";

-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {

-	{DYNAMIC_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the new ENGINE shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{DYNAMIC_CMD_NO_VCHECK,

-		"NO_VCHECK",

-		"Specifies to continue even if version checking fails (boolean)",

-		ENGINE_CMD_FLAG_NUMERIC},

-	{DYNAMIC_CMD_ID,

-		"ID",

-		"Specifies an ENGINE id name for loading",

-		ENGINE_CMD_FLAG_STRING},

-	{DYNAMIC_CMD_LIST_ADD,

-		"LIST_ADD",

-		"Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",

-		ENGINE_CMD_FLAG_NUMERIC},

-	{DYNAMIC_CMD_DIR_LOAD,

-		"DIR_LOAD",

-		"Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",

-		ENGINE_CMD_FLAG_NUMERIC},

-	{DYNAMIC_CMD_DIR_ADD,

-		"DIR_ADD",

-		"Adds a directory from which ENGINEs can be loaded",

-		ENGINE_CMD_FLAG_STRING},

-	{DYNAMIC_CMD_LOAD,

-		"LOAD",

-		"Load up the ENGINE specified by other settings",

-		ENGINE_CMD_FLAG_NO_INPUT},

-	{0, NULL, NULL, 0}

-	};

-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {

-	{0, NULL, NULL, 0}

-	};

-/* Loading code stores state inside the ENGINE structure via the "ex_data"

- * element. We load all our state into a single structure and use that as a

- * single context in the "ex_data" stack. */

-struct st_dynamic_data_ctx

-	{

-	/* The DSO object we load that supplies the ENGINE code */

-	DSO *dynamic_dso;

-	/* The function pointer to the version checking shared library function */

-	dynamic_v_check_fn v_check;

-	/* The function pointer to the engine-binding shared library function */

-	dynamic_bind_engine bind_engine;

-	/* The default name/path for loading the shared library */

-	const char *DYNAMIC_LIBNAME;

-	/* Whether to continue loading on a version check failure */

-	int no_vcheck;

-	/* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */

-	const char *engine_id;

-	/* If non-zero, a successfully loaded ENGINE should be added to the internal

-	 * ENGINE list. If 2, the add must succeed or the entire load should fail. */

-	int list_add_value;

-	/* The symbol name for the version checking function */

-	const char *DYNAMIC_F1;

-	/* The symbol name for the "initialise ENGINE structure" function */

-	const char *DYNAMIC_F2;

-	/* Whether to never use 'dirs', use 'dirs' as a fallback, or only use

-	 * 'dirs' for loading. Default is to use 'dirs' as a fallback. */

-	int dir_load;

-	/* A stack of directories from which ENGINEs could be loaded */

-	STACK *dirs;

-	};

-/* This is the "ex_data" index we obtain and reserve for use with our context

- * structure. */

-static int dynamic_ex_data_idx = -1;

-static void int_free_str(void *s) { OPENSSL_free(s); }

-/* Because our ex_data element may or may not get allocated depending on whether

- * a "first-use" occurs before the ENGINE is freed, we have a memory leak

- * problem to solve. We can't declare a "new" handler for the ex_data as we

- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this

- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"

- * handler and that will get called if an ENGINE is being destroyed and there

- * was an ex_data element corresponding to our context type. */

-static void dynamic_data_ctx_free_func(void *parent, void *ptr,

-			CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)

-	{

-	if(ptr)

-		{

-		dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;

-		if(ctx->dynamic_dso)

-			DSO_free(ctx->dynamic_dso);

-		if(ctx->DYNAMIC_LIBNAME)

-			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);

-		if(ctx->engine_id)

-			OPENSSL_free((void*)ctx->engine_id);

-		if(ctx->dirs)

-			sk_pop_free(ctx->dirs, int_free_str);

-		OPENSSL_free(ctx);

-		}

-	}

-/* Construct the per-ENGINE context. We create it blindly and then use a lock to

- * check for a race - if so, all but one of the threads "racing" will have

- * wasted their time. The alternative involves creating everything inside the

- * lock which is far worse. */

-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)

-	{

-	dynamic_data_ctx *c;

-	c = OPENSSL_malloc(sizeof(dynamic_data_ctx));

-	if(!c)

-		{

-		ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	memset(c, 0, sizeof(dynamic_data_ctx));

-	c->dynamic_dso = NULL;

-	c->v_check = NULL;

-	c->bind_engine = NULL;

-	c->DYNAMIC_LIBNAME = NULL;

-	c->no_vcheck = 0;

-	c->engine_id = NULL;

-	c->list_add_value = 0;

-	c->DYNAMIC_F1 = "v_check";

-	c->DYNAMIC_F2 = "bind_engine";

-	c->dir_load = 1;

-	c->dirs = sk_new_null();

-	if(!c->dirs)

-		{

-		ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);

-		OPENSSL_free(c);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,

-				dynamic_ex_data_idx)) == NULL)

-		{

-		/* Good, we're the first */

-		ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);

-		*ctx = c;

-		c = NULL;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	/* If we lost the race to set the context, c is non-NULL and *ctx is the

-	 * context of the thread that won. */

-	if(c)

-		OPENSSL_free(c);

-	return 1;

-	}

-/* This function retrieves the context structure from an ENGINE's "ex_data", or

- * if it doesn't exist yet, sets it up. */

-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)

-	{

-	dynamic_data_ctx *ctx;

-	if(dynamic_ex_data_idx < 0)

-		{

-		/* Create and register the ENGINE ex_data, and associate our

-		 * "free" function with it to ensure any allocated contexts get

-		 * freed when an ENGINE goes underground. */

-		int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,

-					dynamic_data_ctx_free_func);

-		if(new_idx == -1)

-			{

-			ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);

-			return NULL;

-			}

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		/* Avoid a race by checking again inside this lock */

-		if(dynamic_ex_data_idx < 0)

-			{

-			/* Good, someone didn't beat us to it */

-			dynamic_ex_data_idx = new_idx;

-			new_idx = -1;

-			}

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		/* In theory we could "give back" the index here if

-		 * (new_idx>-1), but it's not possible and wouldn't gain us much

-		 * if it were. */

-		}

-	ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);

-	/* Check if the context needs to be created */

-	if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))

-		/* "set_data" will set errors if necessary */

-		return NULL;

-	return ctx;

-	}

-static ENGINE *engine_dynamic(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!ENGINE_set_id(ret, engine_dynamic_id) ||

-			!ENGINE_set_name(ret, engine_dynamic_name) ||

-			!ENGINE_set_init_function(ret, dynamic_init) ||

-			!ENGINE_set_finish_function(ret, dynamic_finish) ||

-			!ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||

-			!ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||

-			!ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_dynamic(void)

-	{

-	ENGINE *toadd = engine_dynamic();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	/* If the "add" worked, it gets a structural reference. So either way,

-	 * we release our just-created reference. */

-	ENGINE_free(toadd);

-	/* If the "add" didn't work, it was probably a conflict because it was

-	 * already added (eg. someone calling ENGINE_load_blah then calling

-	 * ENGINE_load_builtin_engines() perhaps). */

-	ERR_clear_error();

-	}

-static int dynamic_init(ENGINE *e)

-	{

-	/* We always return failure - the "dyanamic" engine itself can't be used

-	 * for anything. */

-	return 0;

-	}

-static int dynamic_finish(ENGINE *e)

-	{

-	/* This should never be called on account of "dynamic_init" always

-	 * failing. */

-	return 0;

-	}

-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);

-	int initialised;

-	if(!ctx)

-		{

-		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);

-		return 0;

-		}

-	initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);

-	/* All our control commands require the ENGINE to be uninitialised */

-	if(initialised)

-		{

-		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,

-			ENGINE_R_ALREADY_LOADED);

-		return 0;

-		}

-	switch(cmd)

-		{

-	case DYNAMIC_CMD_SO_PATH:

-		/* a NULL 'p' or a string of zero-length is the same thing */

-		if(p && (strlen((const char *)p) < 1))

-			p = NULL;

-		if(ctx->DYNAMIC_LIBNAME)

-			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);

-		if(p)

-			ctx->DYNAMIC_LIBNAME = BUF_strdup(p);

-		else

-			ctx->DYNAMIC_LIBNAME = NULL;

-		return (ctx->DYNAMIC_LIBNAME ? 1 : 0);

-	case DYNAMIC_CMD_NO_VCHECK:

-		ctx->no_vcheck = ((i == 0) ? 0 : 1);

-		return 1;

-	case DYNAMIC_CMD_ID:

-		/* a NULL 'p' or a string of zero-length is the same thing */

-		if(p && (strlen((const char *)p) < 1))

-			p = NULL;

-		if(ctx->engine_id)

-			OPENSSL_free((void*)ctx->engine_id);

-		if(p)

-			ctx->engine_id = BUF_strdup(p);

-		else

-			ctx->engine_id = NULL;

-		return (ctx->engine_id ? 1 : 0);

-	case DYNAMIC_CMD_LIST_ADD:

-		if((i < 0) || (i > 2))

-			{

-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,

-				ENGINE_R_INVALID_ARGUMENT);

-			return 0;

-			}

-		ctx->list_add_value = (int)i;

-		return 1;

-	case DYNAMIC_CMD_LOAD:

-		return dynamic_load(e, ctx);

-	case DYNAMIC_CMD_DIR_LOAD:

-		if((i < 0) || (i > 2))

-			{

-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,

-				ENGINE_R_INVALID_ARGUMENT);

-			return 0;

-			}

-		ctx->dir_load = (int)i;

-		return 1;

-	case DYNAMIC_CMD_DIR_ADD:

-		/* a NULL 'p' or a string of zero-length is the same thing */

-		if(!p || (strlen((const char *)p) < 1))

-			{

-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,

-				ENGINE_R_INVALID_ARGUMENT);

-			return 0;

-			}

-		{

-		char *tmp_str = BUF_strdup(p);

-		if(!tmp_str)

-			{

-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,

-				ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		sk_insert(ctx->dirs, tmp_str, -1);

-		}

-		return 1;

-	default:

-		break;

-		}

-	ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int int_load(dynamic_data_ctx *ctx)

-	{

-	int num, loop;

-	/* Unless told not to, try a direct load */

-	if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,

-				ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)

-		return 1;

-	/* If we're not allowed to use 'dirs' or we have none, fail */

-	if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))

-		return 0;

-	for(loop = 0; loop < num; loop++)

-		{

-		const char *s = sk_value(ctx->dirs, loop);

-		char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);

-		if(!merge)

-			return 0;

-		if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))

-			{

-			/* Found what we're looking for */

-			OPENSSL_free(merge);

-			return 1;

-			}

-		OPENSSL_free(merge);

-		}

-	return 0;

-	}

-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)

-	{

-	ENGINE cpy;

-	dynamic_fns fns;

-	if(!ctx->dynamic_dso)

-		ctx->dynamic_dso = DSO_new();

-	if(!ctx->DYNAMIC_LIBNAME)

-		{

-		if(!ctx->engine_id)

-			return 0;

-		ctx->DYNAMIC_LIBNAME =

-			DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);

-		}

-	if(!int_load(ctx))

-		{

-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,

-			ENGINE_R_DSO_NOT_FOUND);

-		DSO_free(ctx->dynamic_dso);

-		ctx->dynamic_dso = NULL;

-		return 0;

-		}

-	/* We have to find a bind function otherwise it'll always end badly */

-	if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(

-					ctx->dynamic_dso, ctx->DYNAMIC_F2)))

-		{

-		ctx->bind_engine = NULL;

-		DSO_free(ctx->dynamic_dso);

-		ctx->dynamic_dso = NULL;

-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,

-			ENGINE_R_DSO_FAILURE);

-		return 0;

-		}

-	/* Do we perform version checking? */

-	if(!ctx->no_vcheck)

-		{

-		unsigned long vcheck_res = 0;

-		/* Now we try to find a version checking function and decide how

-		 * to cope with failure if/when it fails. */

-		ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(

-				ctx->dynamic_dso, ctx->DYNAMIC_F1);

-		if(ctx->v_check)

-			vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);

-		/* We fail if the version checker veto'd the load *or* if it is

-		 * deferring to us (by returning its version) and we think it is

-		 * too old. */

-		if(vcheck_res < OSSL_DYNAMIC_OLDEST)

-			{

-			/* Fail */

-			ctx->bind_engine = NULL;

-			ctx->v_check = NULL;

-			DSO_free(ctx->dynamic_dso);

-			ctx->dynamic_dso = NULL;

-			ENGINEerr(ENGINE_F_DYNAMIC_LOAD,

-				ENGINE_R_VERSION_INCOMPATIBILITY);

-			return 0;

-			}

-		}

-	/* First binary copy the ENGINE structure so that we can roll back if

-	 * the hand-over fails */

-	memcpy(&cpy, e, sizeof(ENGINE));

-	/* Provide the ERR, "ex_data", memory, and locking callbacks so the

-	 * loaded library uses our state rather than its own. FIXME: As noted in

-	 * engine.h, much of this would be simplified if each area of code

-	 * provided its own "summary" structure of all related callbacks. It

-	 * would also increase opaqueness. */

-	fns.static_state = ENGINE_get_static_state();

-	fns.err_fns = ERR_get_implementation();

-	fns.ex_data_fns = CRYPTO_get_ex_data_implementation();

-	CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,

-				&fns.mem_fns.realloc_cb,

-				&fns.mem_fns.free_cb);

-	fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();

-	fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();

-	fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();

-	fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();

-	fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();

-	/* Now that we've loaded the dynamic engine, make sure no "dynamic"

-	 * ENGINE elements will show through. */

-	engine_set_all_null(e);

-	/* Try to bind the ENGINE onto our own ENGINE structure */

-	if(!ctx->bind_engine(e, ctx->engine_id, &fns))

-		{

-		ctx->bind_engine = NULL;

-		ctx->v_check = NULL;

-		DSO_free(ctx->dynamic_dso);

-		ctx->dynamic_dso = NULL;

-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);

-		/* Copy the original ENGINE structure back */

-		memcpy(e, &cpy, sizeof(ENGINE));

-		return 0;

-		}

-	/* Do we try to add this ENGINE to the internal list too? */

-	if(ctx->list_add_value > 0)

-		{

-		if(!ENGINE_add(e))

-			{

-			/* Do we tolerate this or fail? */

-			if(ctx->list_add_value > 1)

-				{

-				/* Fail - NB: By this time, it's too late to

-				 * rollback, and trying to do so allows the

-				 * bind_engine() code to have created leaks. We

-				 * just have to fail where we are, after the

-				 * ENGINE has changed. */

-				ENGINEerr(ENGINE_F_DYNAMIC_LOAD,

-					ENGINE_R_CONFLICTING_ENGINE_ID);

-				return 0;

-				}

-			/* Tolerate */

-			ERR_clear_error();

-			}

-		}

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_err.c

+++ /dev/null

@@ -1,168 +1,0 @@

-/* crypto/engine/eng_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/engine.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)

-static ERR_STRING_DATA ENGINE_str_functs[]=

-	{

-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),	"DYNAMIC_CTRL"},

-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),	"DYNAMIC_GET_DATA_CTX"},

-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),	"DYNAMIC_LOAD"},

-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX),	"DYNAMIC_SET_DATA_CTX"},

-{ERR_FUNC(ENGINE_F_ENGINE_ADD),	"ENGINE_add"},

-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),	"ENGINE_by_id"},

-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),	"ENGINE_cmd_is_executable"},

-{ERR_FUNC(ENGINE_F_ENGINE_CTRL),	"ENGINE_ctrl"},

-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),	"ENGINE_ctrl_cmd"},

-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),	"ENGINE_ctrl_cmd_string"},

-{ERR_FUNC(ENGINE_F_ENGINE_FINISH),	"ENGINE_finish"},

-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL),	"ENGINE_FREE_UTIL"},

-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),	"ENGINE_get_cipher"},

-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),	"ENGINE_GET_DEFAULT_TYPE"},

-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),	"ENGINE_get_digest"},

-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),	"ENGINE_get_next"},

-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),	"ENGINE_get_prev"},

-{ERR_FUNC(ENGINE_F_ENGINE_INIT),	"ENGINE_init"},

-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),	"ENGINE_LIST_ADD"},

-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE),	"ENGINE_LIST_REMOVE"},

-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),	"ENGINE_load_private_key"},

-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),	"ENGINE_load_public_key"},

-{ERR_FUNC(ENGINE_F_ENGINE_NEW),	"ENGINE_new"},

-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),	"ENGINE_remove"},

-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),	"ENGINE_set_default_string"},

-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),	"ENGINE_SET_DEFAULT_TYPE"},

-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),	"ENGINE_set_id"},

-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),	"ENGINE_set_name"},

-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),	"ENGINE_TABLE_REGISTER"},

-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),	"ENGINE_UNLOAD_KEY"},

-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH),	"ENGINE_UNLOCKED_FINISH"},

-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),	"ENGINE_up_ref"},

-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),	"INT_CTRL_HELPER"},

-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),	"INT_ENGINE_CONFIGURE"},

-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT),	"INT_ENGINE_MODULE_INIT"},

-{ERR_FUNC(ENGINE_F_LOG_MESSAGE),	"LOG_MESSAGE"},

-{0,NULL}

-	};

-static ERR_STRING_DATA ENGINE_str_reasons[]=

-	{

-{ERR_REASON(ENGINE_R_ALREADY_LOADED)     ,"already loaded"},

-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},

-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},

-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},

-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},

-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},

-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},

-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},

-{ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},

-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},

-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},

-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},

-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},

-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},

-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},

-{ERR_REASON(ENGINE_R_FINISH_FAILED)      ,"finish failed"},

-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  ,"could not obtain hardware handle"},

-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},

-{ERR_REASON(ENGINE_R_INIT_FAILED)        ,"init failed"},

-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},

-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   ,"invalid argument"},

-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   ,"invalid cmd name"},

-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},

-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},

-{ERR_REASON(ENGINE_R_INVALID_STRING)     ,"invalid string"},

-{ERR_REASON(ENGINE_R_NOT_INITIALISED)    ,"not initialised"},

-{ERR_REASON(ENGINE_R_NOT_LOADED)         ,"not loaded"},

-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},

-{ERR_REASON(ENGINE_R_NO_INDEX)           ,"no index"},

-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   ,"no load function"},

-{ERR_REASON(ENGINE_R_NO_REFERENCE)       ,"no reference"},

-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     ,"no such engine"},

-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},

-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},

-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},

-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},

-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},

-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},

-{0,NULL}

-	};

-#endif

-void ERR_load_ENGINE_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,ENGINE_str_functs);

-		ERR_load_strings(0,ENGINE_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_fat.c

+++ /dev/null

@@ -1,167 +1,0 @@

-/* crypto/engine/eng_fat.c */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include "eng_int.h"

-#include <openssl/conf.h>

-int ENGINE_set_default(ENGINE *e, unsigned int flags)

-	{

-	if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))

-		return 0;

-	if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))

-		return 0;

-#endif

-#ifndef OPENSSL_NO_DSA

-	if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))

-		return 0;

-#endif

-#ifndef OPENSSL_NO_DH

-	if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))

-		return 0;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))

-		return 0;

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))

-		return 0;

-#endif

-	if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))

-		return 0;

-	return 1;

-	}

-/* Set default algorithms using a string */

-static int int_def_cb(const char *alg, int len, void *arg)

-	{

-	unsigned int *pflags = arg;

-	if (!strncmp(alg, "ALL", len))

-		*pflags |= ENGINE_METHOD_ALL;

-	else if (!strncmp(alg, "RSA", len))

-		*pflags |= ENGINE_METHOD_RSA;

-	else if (!strncmp(alg, "DSA", len))

-		*pflags |= ENGINE_METHOD_DSA;

-	else if (!strncmp(alg, "ECDH", len))

-		*pflags |= ENGINE_METHOD_ECDH;

-	else if (!strncmp(alg, "ECDSA", len))

-		*pflags |= ENGINE_METHOD_ECDSA;

-	else if (!strncmp(alg, "DH", len))

-		*pflags |= ENGINE_METHOD_DH;

-	else if (!strncmp(alg, "RAND", len))

-		*pflags |= ENGINE_METHOD_RAND;

-	else if (!strncmp(alg, "CIPHERS", len))

-		*pflags |= ENGINE_METHOD_CIPHERS;

-	else if (!strncmp(alg, "DIGESTS", len))

-		*pflags |= ENGINE_METHOD_DIGESTS;

-	else

-		return 0;

-	return 1;

-	}

-int ENGINE_set_default_string(ENGINE *e, const char *def_list)

-	{

-	unsigned int flags = 0;

-	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,

-					ENGINE_R_INVALID_STRING);

-		ERR_add_error_data(2, "str=",def_list);

-		return 0;

-		}

-	return ENGINE_set_default(e, flags);

-	}

-int ENGINE_register_complete(ENGINE *e)

-	{

-	ENGINE_register_ciphers(e);

-	ENGINE_register_digests(e);

-#ifndef OPENSSL_NO_RSA

-	ENGINE_register_RSA(e);

-#endif

-#ifndef OPENSSL_NO_DSA

-	ENGINE_register_DSA(e);

-#endif

-#ifndef OPENSSL_NO_DH

-	ENGINE_register_DH(e);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	ENGINE_register_ECDH(e);

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	ENGINE_register_ECDSA(e);

-#endif

-	ENGINE_register_RAND(e);

-	return 1;

-	}

-int ENGINE_register_all_complete(void)

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_complete(e);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_init.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* crypto/engine/eng_init.c */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* Initialise a engine type for use (or up its functional reference count

- * if it's already in use). This version is only used internally. */

-int engine_unlocked_init(ENGINE *e)

-	{

-	int to_return = 1;

-	if((e->funct_ref == 0) && e->init)

-		/* This is the first functional reference and the engine

-		 * requires initialisation so we do it now. */

-		to_return = e->init(e);

-	if(to_return)

-		{

-		/* OK, we return a functional reference which is also a

-		 * structural reference. */

-		e->struct_ref++;

-		e->funct_ref++;

-		engine_ref_debug(e, 0, 1)

-		engine_ref_debug(e, 1, 1)

-		}

-	return to_return;

-	}

-/* Free a functional reference to a engine type. This version is only used

- * internally. */

-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)

-	{

-	int to_return = 1;

-	/* Reduce the functional reference count here so if it's the terminating

-	 * case, we can release the lock safely and call the finish() handler

-	 * without risk of a race. We get a race if we leave the count until

-	 * after and something else is calling "finish" at the same time -

-	 * there's a chance that both threads will together take the count from

-	 * 2 to 0 without either calling finish(). */

-	e->funct_ref--;

-	engine_ref_debug(e, 1, -1);

-	if((e->funct_ref == 0) && e->finish)

-		{

-		if(unlock_for_handlers)

-			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		to_return = e->finish(e);

-		if(unlock_for_handlers)

-			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		if(!to_return)

-			return 0;

-		}

-#ifdef REF_CHECK

-	if(e->funct_ref < 0)

-		{

-		fprintf(stderr,"ENGINE_finish, bad functional reference count\n");

-		abort();

-		}

-#endif

-	/* Release the structural reference too */

-	if(!engine_free_util(e, 0))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED);

-		return 0;

-		}

-	return to_return;

-	}

-/* The API (locked) version of "init" */

-int ENGINE_init(ENGINE *e)

-	{

-	int ret;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	ret = engine_unlocked_init(e);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return ret;

-	}

-/* The API (locked) version of "finish" */

-int ENGINE_finish(ENGINE *e)

-	{

-	int to_return = 1;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	to_return = engine_unlocked_finish(e, 1);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	if(!to_return)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);

-		return 0;

-		}

-	return to_return;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_int.h

+++ /dev/null

@@ -1,194 +1,0 @@

-/* crypto/engine/eng_int.h */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_ENGINE_INT_H

-#define HEADER_ENGINE_INT_H

-#include "cryptlib.h"

-/* Take public definitions from engine.h */

-#include <openssl/engine.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* If we compile with this symbol defined, then both reference counts in the

- * ENGINE structure will be monitored with a line of output on stderr for each

- * change. This prints the engine's pointer address (truncated to unsigned int),

- * "struct" or "funct" to indicate the reference type, the before and after

- * reference count, and the file:line-number pair. The "engine_ref_debug"

- * statements must come *after* the change. */

-#ifdef ENGINE_REF_COUNT_DEBUG

-#define engine_ref_debug(e, isfunct, diff) \

-	fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \

-		(unsigned int)(e), (isfunct ? "funct" : "struct"), \

-		((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \

-		((isfunct) ? (e)->funct_ref : (e)->struct_ref), \

-		(__FILE__), (__LINE__));

-#else

-#define engine_ref_debug(e, isfunct, diff)

-#endif

-/* Any code that will need cleanup operations should use these functions to

- * register callbacks. ENGINE_cleanup() will call all registered callbacks in

- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be

- * held (in "write" mode). */

-typedef void (ENGINE_CLEANUP_CB)(void);

-typedef struct st_engine_cleanup_item

-	{

-	ENGINE_CLEANUP_CB *cb;

-	} ENGINE_CLEANUP_ITEM;

-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)

-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);

-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);

-/* We need stacks of ENGINEs for use in eng_table.c */

-DECLARE_STACK_OF(ENGINE)

-/* If this symbol is defined then engine_table_select(), the function that is

- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and

- * functional references (etc), will display debugging summaries to stderr. */

-/* #define ENGINE_TABLE_DEBUG */

-/* This represents an implementation table. Dependent code should instantiate it

- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */

-typedef struct st_engine_table ENGINE_TABLE;

-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,

-		ENGINE *e, const int *nids, int num_nids, int setdefault);

-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);

-void engine_table_cleanup(ENGINE_TABLE **table);

-#ifndef ENGINE_TABLE_DEBUG

-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);

-#else

-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);

-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)

-#endif

-/* Internal versions of API functions that have control over locking. These are

- * used between C files when functionality needs to be shared but the caller may

- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */

-int engine_unlocked_init(ENGINE *e);

-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);

-int engine_free_util(ENGINE *e, int locked);

-/* This function will reset all "set"able values in an ENGINE to NULL. This

- * won't touch reference counts or ex_data, but is equivalent to calling all the

- * ENGINE_set_***() functions with a NULL value. */

-void engine_set_all_null(ENGINE *e);

-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed

- * in engine.h. */

-/* This is a structure for storing implementations of various crypto

- * algorithms and functions. */

-struct engine_st

-	{

-	const char *id;

-	const char *name;

-	const RSA_METHOD *rsa_meth;

-	const DSA_METHOD *dsa_meth;

-	const DH_METHOD *dh_meth;

-	const ECDH_METHOD *ecdh_meth;

-	const ECDSA_METHOD *ecdsa_meth;

-	const RAND_METHOD *rand_meth;

-	const STORE_METHOD *store_meth;

-	/* Cipher handling is via this callback */

-	ENGINE_CIPHERS_PTR ciphers;

-	/* Digest handling is via this callback */

-	ENGINE_DIGESTS_PTR digests;

-	ENGINE_GEN_INT_FUNC_PTR	destroy;

-	ENGINE_GEN_INT_FUNC_PTR init;

-	ENGINE_GEN_INT_FUNC_PTR finish;

-	ENGINE_CTRL_FUNC_PTR ctrl;

-	ENGINE_LOAD_KEY_PTR load_privkey;

-	ENGINE_LOAD_KEY_PTR load_pubkey;

-	const ENGINE_CMD_DEFN *cmd_defns;

-	int flags;

-	/* reference count on the structure itself */

-	int struct_ref;

-	/* reference count on usability of the engine type. NB: This

-	 * controls the loading and initialisation of any functionlity

-	 * required by this engine, whereas the previous count is

-	 * simply to cope with (de)allocation of this structure. Hence,

-	 * running_ref <= struct_ref at all times. */

-	int funct_ref;

-	/* A place to store per-ENGINE data */

-	CRYPTO_EX_DATA ex_data;

-	/* Used to maintain the linked-list of engines. */

-	struct engine_st *prev;

-	struct engine_st *next;

-	};

-#ifdef  __cplusplus

-}

-#endif

-#endif /* HEADER_ENGINE_INT_H */

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_lib.c

+++ /dev/null

@@ -1,329 +1,0 @@

-/* crypto/engine/eng_lib.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-#include <openssl/rand.h>

-/* The "new"/"free" stuff first */

-ENGINE *ENGINE_new(void)

-	{

-	ENGINE *ret;

-	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));

-	if(ret == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	memset(ret, 0, sizeof(ENGINE));

-	ret->struct_ref = 1;

-	engine_ref_debug(ret, 0, 1)

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);

-	return ret;

-	}

-/* Placed here (close proximity to ENGINE_new) so that modifications to the

- * elements of the ENGINE structure are more likely to be caught and changed

- * here. */

-void engine_set_all_null(ENGINE *e)

-	{

-	e->id = NULL;

-	e->name = NULL;

-	e->rsa_meth = NULL;

-	e->dsa_meth = NULL;

-	e->dh_meth = NULL;

-	e->rand_meth = NULL;

-	e->store_meth = NULL;

-	e->ciphers = NULL;

-	e->digests = NULL;

-	e->destroy = NULL;

-	e->init = NULL;

-	e->finish = NULL;

-	e->ctrl = NULL;

-	e->load_privkey = NULL;

-	e->load_pubkey = NULL;

-	e->cmd_defns = NULL;

-	e->flags = 0;

-	}

-int engine_free_util(ENGINE *e, int locked)

-	{

-	int i;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if(locked)

-		i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);

-	else

-		i = --e->struct_ref;

-	engine_ref_debug(e, 0, -1)

-	if (i > 0) return 1;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"ENGINE_free, bad structural reference count\n");

-		abort();

-		}

-#endif

-	/* Give the ENGINE a chance to do any structural cleanup corresponding

-	 * to allocation it did in its constructor (eg. unload error strings) */

-	if(e->destroy)

-		e->destroy(e);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);

-	OPENSSL_free(e);

-	return 1;

-	}

-int ENGINE_free(ENGINE *e)

-	{

-	return engine_free_util(e, 1);

-	}

-/* Cleanup stuff */

-/* ENGINE_cleanup() is coded such that anything that does work that will need

- * cleanup can register a "cleanup" callback here. That way we don't get linker

- * bloat by referring to all *possible* cleanups, but any linker bloat into code

- * "X" will cause X's cleanup function to end up here. */

-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;

-static int int_cleanup_check(int create)

-	{

-	if(cleanup_stack) return 1;

-	if(!create) return 0;

-	cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();

-	return (cleanup_stack ? 1 : 0);

-	}

-static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)

-	{

-	ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(

-					ENGINE_CLEANUP_ITEM));

-	if(!item) return NULL;

-	item->cb = cb;

-	return item;

-	}

-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)

-	{

-	ENGINE_CLEANUP_ITEM *item;

-	if(!int_cleanup_check(1)) return;

-	item = int_cleanup_item(cb);

-	if(item)

-		sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);

-	}

-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)

-	{

-	ENGINE_CLEANUP_ITEM *item;

-	if(!int_cleanup_check(1)) return;

-	item = int_cleanup_item(cb);

-	if(item)

-		sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);

-	}

-/* The API function that performs all cleanup */

-static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)

-	{

-	(*(item->cb))();

-	OPENSSL_free(item);

-	}

-void ENGINE_cleanup(void)

-	{

-	if(int_cleanup_check(0))

-		{

-		sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,

-			engine_cleanup_cb_free);

-		cleanup_stack = NULL;

-		}

-	/* FIXME: This should be handled (somehow) through RAND, eg. by it

-	 * registering a cleanup callback. */

-	RAND_set_rand_method(NULL);

-	}

-/* Now the "ex_data" support */

-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-	{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,

-			new_func, dup_func, free_func);

-	}

-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));

-	}

-void *ENGINE_get_ex_data(const ENGINE *e, int idx)

-	{

-	return(CRYPTO_get_ex_data(&e->ex_data, idx));

-	}

-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the

- * ENGINE structure itself. */

-int ENGINE_set_id(ENGINE *e, const char *id)

-	{

-	if(id == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_SET_ID,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	e->id = id;

-	return 1;

-	}

-int ENGINE_set_name(ENGINE *e, const char *name)

-	{

-	if(name == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	e->name = name;

-	return 1;

-	}

-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)

-	{

-	e->destroy = destroy_f;

-	return 1;

-	}

-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)

-	{

-	e->init = init_f;

-	return 1;

-	}

-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)

-	{

-	e->finish = finish_f;

-	return 1;

-	}

-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)

-	{

-	e->ctrl = ctrl_f;

-	return 1;

-	}

-int ENGINE_set_flags(ENGINE *e, int flags)

-	{

-	e->flags = flags;

-	return 1;

-	}

-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)

-	{

-	e->cmd_defns = defns;

-	return 1;

-	}

-const char *ENGINE_get_id(const ENGINE *e)

-	{

-	return e->id;

-	}

-const char *ENGINE_get_name(const ENGINE *e)

-	{

-	return e->name;

-	}

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)

-	{

-	return e->destroy;

-	}

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)

-	{

-	return e->init;

-	}

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)

-	{

-	return e->finish;

-	}

-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)

-	{

-	return e->ctrl;

-	}

-int ENGINE_get_flags(const ENGINE *e)

-	{

-	return e->flags;

-	}

-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)

-	{

-	return e->cmd_defns;

-	}

-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so

- * put the "static_state" hack here. */

-static int internal_static_hack = 0;

-void *ENGINE_get_static_state(void)

-	{

-	return &internal_static_hack;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_list.c

+++ /dev/null

@@ -1,431 +1,0 @@

-/* crypto/engine/eng_list.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include "eng_int.h"

-/* The linked-list of pointers to engine types. engine_list_head

- * incorporates an implicit structural reference but engine_list_tail

- * does not - the latter is a computational niceity and only points

- * to something that is already pointed to by its predecessor in the

- * list (or engine_list_head itself). In the same way, the use of the

- * "prev" pointer in each ENGINE is to save excessive list iteration,

- * it doesn't correspond to an extra structural reference. Hence,

- * engine_list_head, and each non-null "next" pointer account for

- * the list itself assuming exactly 1 structural reference on each

- * list member. */

-static ENGINE *engine_list_head = NULL;

-static ENGINE *engine_list_tail = NULL;

-/* This cleanup function is only needed internally. If it should be called, we

- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */

-static void engine_list_cleanup(void)

-	{

-	ENGINE *iterator = engine_list_head;

-	while(iterator != NULL)

-		{

-		ENGINE_remove(iterator);

-		iterator = engine_list_head;

-		}

-	return;

-	}

-/* These static functions starting with a lower case "engine_" always

- * take place when CRYPTO_LOCK_ENGINE has been locked up. */

-static int engine_list_add(ENGINE *e)

-	{

-	int conflict = 0;

-	ENGINE *iterator = NULL;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	iterator = engine_list_head;

-	while(iterator && !conflict)

-		{

-		conflict = (strcmp(iterator->id, e->id) == 0);

-		iterator = iterator->next;

-		}

-	if(conflict)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,

-			ENGINE_R_CONFLICTING_ENGINE_ID);

-		return 0;

-		}

-	if(engine_list_head == NULL)

-		{

-		/* We are adding to an empty list. */

-		if(engine_list_tail)

-			{

-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,

-				ENGINE_R_INTERNAL_LIST_ERROR);

-			return 0;

-			}

-		engine_list_head = e;

-		e->prev = NULL;

-		/* The first time the list allocates, we should register the

-		 * cleanup. */

-		engine_cleanup_add_last(engine_list_cleanup);

-		}

-	else

-		{

-		/* We are adding to the tail of an existing list. */

-		if((engine_list_tail == NULL) ||

-				(engine_list_tail->next != NULL))

-			{

-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,

-				ENGINE_R_INTERNAL_LIST_ERROR);

-			return 0;

-			}

-		engine_list_tail->next = e;

-		e->prev = engine_list_tail;

-		}

-	/* Having the engine in the list assumes a structural

-	 * reference. */

-	e->struct_ref++;

-	engine_ref_debug(e, 0, 1)

-	/* However it came to be, e is the last item in the list. */

-	engine_list_tail = e;

-	e->next = NULL;

-	return 1;

-	}

-static int engine_list_remove(ENGINE *e)

-	{

-	ENGINE *iterator;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	/* We need to check that e is in our linked list! */

-	iterator = engine_list_head;

-	while(iterator && (iterator != e))

-		iterator = iterator->next;

-	if(iterator == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,

-			ENGINE_R_ENGINE_IS_NOT_IN_LIST);

-		return 0;

-		}

-	/* un-link e from the chain. */

-	if(e->next)

-		e->next->prev = e->prev;

-	if(e->prev)

-		e->prev->next = e->next;

-	/* Correct our head/tail if necessary. */

-	if(engine_list_head == e)

-		engine_list_head = e->next;

-	if(engine_list_tail == e)

-		engine_list_tail = e->prev;

-	engine_free_util(e, 0);

-	return 1;

-	}

-/* Get the first/last "ENGINE" type available. */

-ENGINE *ENGINE_get_first(void)

-	{

-	ENGINE *ret;

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	ret = engine_list_head;

-	if(ret)

-		{

-		ret->struct_ref++;

-		engine_ref_debug(ret, 0, 1)

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return ret;

-	}

-ENGINE *ENGINE_get_last(void)

-	{

-	ENGINE *ret;

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	ret = engine_list_tail;

-	if(ret)

-		{

-		ret->struct_ref++;

-		engine_ref_debug(ret, 0, 1)

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return ret;

-	}

-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */

-ENGINE *ENGINE_get_next(ENGINE *e)

-	{

-	ENGINE *ret = NULL;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	ret = e->next;

-	if(ret)

-		{

-		/* Return a valid structural refernce to the next ENGINE */

-		ret->struct_ref++;

-		engine_ref_debug(ret, 0, 1)

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	/* Release the structural reference to the previous ENGINE */

-	ENGINE_free(e);

-	return ret;

-	}

-ENGINE *ENGINE_get_prev(ENGINE *e)

-	{

-	ENGINE *ret = NULL;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	ret = e->prev;

-	if(ret)

-		{

-		/* Return a valid structural reference to the next ENGINE */

-		ret->struct_ref++;

-		engine_ref_debug(ret, 0, 1)

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	/* Release the structural reference to the previous ENGINE */

-	ENGINE_free(e);

-	return ret;

-	}

-/* Add another "ENGINE" type into the list. */

-int ENGINE_add(ENGINE *e)

-	{

-	int to_return = 1;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_ADD,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if((e->id == NULL) || (e->name == NULL))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_ADD,

-			ENGINE_R_ID_OR_NAME_MISSING);

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(!engine_list_add(e))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_ADD,

-			ENGINE_R_INTERNAL_LIST_ERROR);

-		to_return = 0;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return to_return;

-	}

-/* Remove an existing "ENGINE" type from the array. */

-int ENGINE_remove(ENGINE *e)

-	{

-	int to_return = 1;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(!engine_list_remove(e))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,

-			ENGINE_R_INTERNAL_LIST_ERROR);

-		to_return = 0;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return to_return;

-	}

-static void engine_cpy(ENGINE *dest, const ENGINE *src)

-	{

-	dest->id = src->id;

-	dest->name = src->name;

-#ifndef OPENSSL_NO_RSA

-	dest->rsa_meth = src->rsa_meth;

-#endif

-#ifndef OPENSSL_NO_DSA

-	dest->dsa_meth = src->dsa_meth;

-#endif

-#ifndef OPENSSL_NO_DH

-	dest->dh_meth = src->dh_meth;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	dest->ecdh_meth = src->ecdh_meth;

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	dest->ecdsa_meth = src->ecdsa_meth;

-#endif

-	dest->rand_meth = src->rand_meth;

-	dest->store_meth = src->store_meth;

-	dest->ciphers = src->ciphers;

-	dest->digests = src->digests;

-	dest->destroy = src->destroy;

-	dest->init = src->init;

-	dest->finish = src->finish;

-	dest->ctrl = src->ctrl;

-	dest->load_privkey = src->load_privkey;

-	dest->load_pubkey = src->load_pubkey;

-	dest->cmd_defns = src->cmd_defns;

-	dest->flags = src->flags;

-	}

-ENGINE *ENGINE_by_id(const char *id)

-	{

-	ENGINE *iterator;

-	char *load_dir = NULL;

-	if(id == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	iterator = engine_list_head;

-	while(iterator && (strcmp(id, iterator->id) != 0))

-		iterator = iterator->next;

-	if(iterator)

-		{

-		/* We need to return a structural reference. If this is an

-		 * ENGINE type that returns copies, make a duplicate - otherwise

-		 * increment the existing ENGINE's reference count. */

-		if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)

-			{

-			ENGINE *cp = ENGINE_new();

-			if(!cp)

-				iterator = NULL;

-			else

-				{

-				engine_cpy(cp, iterator);

-				iterator = cp;

-				}

-			}

-		else

-			{

-			iterator->struct_ref++;

-			engine_ref_debug(iterator, 0, 1)

-			}

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-#if 0

-	if(iterator == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,

-			ENGINE_R_NO_SUCH_ENGINE);

-		ERR_add_error_data(2, "id=", id);

-		}

-	return iterator;

-#else

-	/* EEK! Experimental code starts */

-	if(iterator) return iterator;

-	/* Prevent infinite recusrion if we're looking for the dynamic engine. */

-	if (strcmp(id, "dynamic"))

-		{

-#ifdef OPENSSL_SYS_VMS

-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";

-#else

-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;

-#endif

-		iterator = ENGINE_by_id("dynamic");

-		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||

-				!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||

-				!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",

-					load_dir, 0) ||

-				!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))

-				goto notfound;

-		return iterator;

-		}

-notfound:

-	ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);

-	ERR_add_error_data(2, "id=", id);

-	return NULL;

-	/* EEK! Experimental code ends */

-#endif

-	}

-int ENGINE_up_ref(ENGINE *e)

-	{

-	if (e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_openssl.c

+++ /dev/null

@@ -1,384 +1,0 @@

-/* crypto/engine/eng_openssl.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/engine.h>

-#include <openssl/dso.h>

-#include <openssl/pem.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-/* This testing gunk is implemented (and explained) lower down. It also assumes

- * the application explicitly calls "ENGINE_load_openssl()" because this is no

- * longer automatic in ENGINE_load_builtin_engines(). */

-#define TEST_ENG_OPENSSL_RC4

-#define TEST_ENG_OPENSSL_PKEY

-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */

-#define TEST_ENG_OPENSSL_RC4_P_INIT

-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */

-#define TEST_ENG_OPENSSL_SHA

-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */

-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */

-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */

-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */

-/* Now check what of those algorithms are actually enabled */

-#ifdef OPENSSL_NO_RC4

-#undef TEST_ENG_OPENSSL_RC4

-#undef TEST_ENG_OPENSSL_RC4_OTHERS

-#undef TEST_ENG_OPENSSL_RC4_P_INIT

-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER

-#endif

-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)

-#undef TEST_ENG_OPENSSL_SHA

-#undef TEST_ENG_OPENSSL_SHA_OTHERS

-#undef TEST_ENG_OPENSSL_SHA_P_INIT

-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE

-#undef TEST_ENG_OPENSSL_SHA_P_FINAL

-#endif

-#ifdef TEST_ENG_OPENSSL_RC4

-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,

-				const int **nids, int nid);

-#endif

-#ifdef TEST_ENG_OPENSSL_SHA

-static int openssl_digests(ENGINE *e, const EVP_MD **digest,

-				const int **nids, int nid);

-#endif

-#ifdef TEST_ENG_OPENSSL_PKEY

-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-#endif

-/* The constants used when creating the ENGINE */

-static const char *engine_openssl_id = "openssl";

-static const char *engine_openssl_name = "Software engine support";

-/* This internal function is used by ENGINE_openssl() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-	if(!ENGINE_set_id(e, engine_openssl_id)

-			|| !ENGINE_set_name(e, engine_openssl_name)

-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS

-#ifndef OPENSSL_NO_RSA

-			|| !ENGINE_set_RSA(e, RSA_get_default_method())

-#endif

-#ifndef OPENSSL_NO_DSA

-			|| !ENGINE_set_DSA(e, DSA_get_default_method())

-#endif

-#ifndef OPENSSL_NO_ECDH

-			|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())

-#endif

-#ifndef OPENSSL_NO_ECDSA

-			|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())

-#endif

-#ifndef OPENSSL_NO_DH

-			|| !ENGINE_set_DH(e, DH_get_default_method())

-#endif

-			|| !ENGINE_set_RAND(e, RAND_SSLeay())

-#ifdef TEST_ENG_OPENSSL_RC4

-			|| !ENGINE_set_ciphers(e, openssl_ciphers)

-#endif

-#ifdef TEST_ENG_OPENSSL_SHA

-			|| !ENGINE_set_digests(e, openssl_digests)

-#endif

-#endif

-#ifdef TEST_ENG_OPENSSL_PKEY

-			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)

-#endif

-			)

-		return 0;

-	/* If we add errors to this ENGINE, ensure the error handling is setup here */

-	/* openssl_load_error_strings(); */

-	return 1;

-	}

-static ENGINE *engine_openssl(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_openssl(void)

-	{

-	ENGINE *toadd = engine_openssl();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	/* If the "add" worked, it gets a structural reference. So either way,

-	 * we release our just-created reference. */

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_openssl_id) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* ENGINE_DYNAMIC_SUPPORT */

-#ifdef TEST_ENG_OPENSSL_RC4

-/* This section of code compiles an "alternative implementation" of two modes of

- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"

- * should under normal circumstances go via this support rather than the default

- * EVP support. There are other symbols to tweak the testing;

- *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time

- *        we're asked for a cipher we don't support (should not happen).

- *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time

- *        the "init_key" handler is called.

- *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.

- */

-#include <openssl/rc4.h>

-#define TEST_RC4_KEY_SIZE		16

-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};

-static int test_cipher_nids_number = 2;

-typedef struct {

-	unsigned char key[TEST_RC4_KEY_SIZE];

-	RC4_KEY ks;

-	} TEST_RC4_KEY;

-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)

-static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv, int enc)

-	{

-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT

-	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");

-#endif

-	memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));

-	RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),

-		test(ctx)->key);

-	return 1;

-	}

-static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		      const unsigned char *in, unsigned int inl)

-	{

-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER

-	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");

-#endif

-	RC4(&test(ctx)->ks,inl,in,out);

-	return 1;

-	}

-static const EVP_CIPHER test_r4_cipher=

-	{

-	NID_rc4,

-	1,TEST_RC4_KEY_SIZE,0,

-	EVP_CIPH_VARIABLE_LENGTH,

-	test_rc4_init_key,

-	test_rc4_cipher,

-	NULL,

-	sizeof(TEST_RC4_KEY),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-static const EVP_CIPHER test_r4_40_cipher=

-	{

-	NID_rc4_40,

-	1,5 /* 40 bit */,0,

-	EVP_CIPH_VARIABLE_LENGTH,

-	test_rc4_init_key,

-	test_rc4_cipher,

-	NULL,

-	sizeof(TEST_RC4_KEY),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,

-			const int **nids, int nid)

-	{

-	if(!cipher)

-		{

-		/* We are returning a list of supported nids */

-		*nids = test_cipher_nids;

-		return test_cipher_nids_number;

-		}

-	/* We are being asked for a specific cipher */

-	if(nid == NID_rc4)

-		*cipher = &test_r4_cipher;

-	else if(nid == NID_rc4_40)

-		*cipher = &test_r4_40_cipher;

-	else

-		{

-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS

-		fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "

-				"nid %d\n", nid);

-#endif

-		*cipher = NULL;

-		return 0;

-		}

-	return 1;

-	}

-#endif

-#ifdef TEST_ENG_OPENSSL_SHA

-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */

-#include <openssl/sha.h>

-static int test_digest_nids[] = {NID_sha1};

-static int test_digest_nids_number = 1;

-static int test_sha1_init(EVP_MD_CTX *ctx)

-	{

-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT

-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");

-#endif

-	return SHA1_Init(ctx->md_data);

-	}

-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{

-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE

-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");

-#endif

-	return SHA1_Update(ctx->md_data,data,count);

-	}

-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)

-	{

-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL

-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");

-#endif

-	return SHA1_Final(md,ctx->md_data);

-	}

-static const EVP_MD test_sha_md=

-	{

-	NID_sha1,

-	NID_sha1WithRSAEncryption,

-	SHA_DIGEST_LENGTH,

-	0,

-	test_sha1_init,

-	test_sha1_update,

-	test_sha1_final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA_CTX),

-	};

-static int openssl_digests(ENGINE *e, const EVP_MD **digest,

-			const int **nids, int nid)

-	{

-	if(!digest)

-		{

-		/* We are returning a list of supported nids */

-		*nids = test_digest_nids;

-		return test_digest_nids_number;

-		}

-	/* We are being asked for a specific digest */

-	if(nid == NID_sha1)

-		*digest = &test_sha_md;

-	else

-		{

-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS

-		fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "

-				"nid %d\n", nid);

-#endif

-		*digest = NULL;

-		return 0;

-		}

-	return 1;

-	}

-#endif

-#ifdef TEST_ENG_OPENSSL_PKEY

-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data)

-	{

-	BIO *in;

-	EVP_PKEY *key;

-	fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);

-	in = BIO_new_file(key_id, "r");

-	if (!in)

-		return NULL;

-	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);

-	BIO_free(in);

-	return key;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_padlock.c

+++ /dev/null

@@ -1,1216 +1,0 @@

-/*

- * Support for VIA PadLock Advanced Cryptography Engine (ACE)

- * Written by Michal Ludvig <[email protected]>

- *            http://www.logix.cz/michal

- *

- * Big thanks to Andy Polyakov for a help with optimization,

- * assembler fixes, port to MS Windows and a lot of other

- * valuable work on this engine!

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/opensslconf.h>

-#include <openssl/crypto.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#include <openssl/evp.h>

-#ifndef OPENSSL_NO_AES

-#include <openssl/aes.h>

-#endif

-#include <openssl/rand.h>

-#include <openssl/err.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_PADLOCK

-/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */

-#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)

-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE

-#    define DYNAMIC_ENGINE

-#  endif

-#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)

-#  ifdef ENGINE_DYNAMIC_SUPPORT

-#    define DYNAMIC_ENGINE

-#  endif

-#else

-#  error "Only OpenSSL >= 0.9.7 is supported"

-#endif

-/* VIA PadLock AES is available *ONLY* on some x86 CPUs.

-   Not only that it doesn't exist elsewhere, but it

-   even can't be compiled on other platforms!

-   In addition, because of the heavy use of inline assembler,

-   compiler choice is limited to GCC and Microsoft C. */

-#undef COMPILE_HW_PADLOCK

-#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)

-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \

-     (defined(_MSC_VER) && defined(_M_IX86))

-#  define COMPILE_HW_PADLOCK

-static ENGINE *ENGINE_padlock (void);

-# endif

-#endif

-void ENGINE_load_padlock (void)

-{

-/* On non-x86 CPUs it just returns. */

-#ifdef COMPILE_HW_PADLOCK

-	ENGINE *toadd = ENGINE_padlock ();

-	if (!toadd) return;

-	ENGINE_add (toadd);

-	ENGINE_free (toadd);

-	ERR_clear_error ();

-#endif

-}

-#ifdef COMPILE_HW_PADLOCK

-/* We do these includes here to avoid header problems on platforms that

-   do not have the VIA padlock anyway... */

-#ifdef _MSC_VER

-# include <malloc.h>

-# define alloca _alloca

-#else

-# include <stdlib.h>

-#endif

-/* Function for ENGINE detection and control */

-static int padlock_available(void);

-static int padlock_init(ENGINE *e);

-/* RNG Stuff */

-static RAND_METHOD padlock_rand;

-/* Cipher Stuff */

-#ifndef OPENSSL_NO_AES

-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);

-#endif

-/* Engine names */

-static const char *padlock_id = "padlock";

-static char padlock_name[100];

-/* Available features */

-static int padlock_use_ace = 0;	/* Advanced Cryptography Engine */

-static int padlock_use_rng = 0;	/* Random Number Generator */

-#ifndef OPENSSL_NO_AES

-static int padlock_aes_align_required = 1;

-#endif

-/* ===== Engine "management" functions ===== */

-/* Prepare the ENGINE structure for registration */

-static int

-padlock_bind_helper(ENGINE *e)

-{

-	/* Check available features */

-	padlock_available();

-#if 1	/* disable RNG for now, see commentary in vicinity of RNG code */

-	padlock_use_rng=0;

-#endif

-	/* Generate a nice engine name with available features */

-	BIO_snprintf(padlock_name, sizeof(padlock_name),

-		"VIA PadLock (%s, %s)",

-		 padlock_use_rng ? "RNG" : "no-RNG",

-		 padlock_use_ace ? "ACE" : "no-ACE");

-	/* Register everything or return with an error */

-	if (!ENGINE_set_id(e, padlock_id) ||

-	    !ENGINE_set_name(e, padlock_name) ||

-	    !ENGINE_set_init_function(e, padlock_init) ||

-#ifndef OPENSSL_NO_AES

-	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||

-#endif

-	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {

-		return 0;

-	}

-	/* Everything looks good */

-	return 1;

-}

-/* Constructor */

-static ENGINE *

-ENGINE_padlock(void)

-{

-	ENGINE *eng = ENGINE_new();

-	if (!eng) {

-		return NULL;

-	}

-	if (!padlock_bind_helper(eng)) {

-		ENGINE_free(eng);

-		return NULL;

-	}

-	return eng;

-}

-/* Check availability of the engine */

-static int

-padlock_init(ENGINE *e)

-{

-	return (padlock_use_rng || padlock_use_ace);

-}

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library.

- */

-#ifdef DYNAMIC_ENGINE

-static int

-padlock_bind_fn(ENGINE *e, const char *id)

-{

-	if (id && (strcmp(id, padlock_id) != 0)) {

-		return 0;

-	}

-	if (!padlock_bind_helper(e))  {

-		return 0;

-	}

-	return 1;

-}

-IMPLEMENT_DYNAMIC_CHECK_FN ();

-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn);

-#endif /* DYNAMIC_ENGINE */

-/* ===== Here comes the "real" engine ===== */

-#ifndef OPENSSL_NO_AES

-/* Some AES-related constants */

-#define AES_BLOCK_SIZE		16

-#define AES_KEY_SIZE_128	16

-#define AES_KEY_SIZE_192	24

-#define AES_KEY_SIZE_256	32

-/* Here we store the status information relevant to the

-   current context. */

-/* BIG FAT WARNING:

- * 	Inline assembler in PADLOCK_XCRYPT_ASM()

- * 	depends on the order of items in this structure.

- * 	Don't blindly modify, reorder, etc!

- */

-struct padlock_cipher_data

-{

-	unsigned char iv[AES_BLOCK_SIZE];	/* Initialization vector */

-	union {	unsigned int pad[4];

-		struct {

-			int rounds:4;

-			int dgst:1;	/* n/a in C3 */

-			int align:1;	/* n/a in C3 */

-			int ciphr:1;	/* n/a in C3 */

-			unsigned int keygen:1;

-			int interm:1;

-			unsigned int encdec:1;

-			int ksize:2;

-		} b;

-	} cword;		/* Control word */

-	AES_KEY ks;		/* Encryption key */

-};

-/*

- * Essentially this variable belongs in thread local storage.

- * Having this variable global on the other hand can only cause

- * few bogus key reloads [if any at all on single-CPU system],

- * so we accept the penatly...

- */

-static volatile struct padlock_cipher_data *padlock_saved_context;

-#endif

-/*

- * =======================================================

- * Inline assembler section(s).

- * =======================================================

- * Order of arguments is chosen to facilitate Windows port

- * using __fastcall calling convention. If you wish to add

- * more routines, keep in mind that first __fastcall

- * argument is passed in %ecx and second - in %edx.

- * =======================================================

- */

-#if defined(__GNUC__) && __GNUC__>=2

-/*

- * As for excessive "push %ebx"/"pop %ebx" found all over.

- * When generating position-independent code GCC won't let

- * us use "b" in assembler templates nor even respect "ebx"

- * in "clobber description." Therefore the trouble...

- */

-/* Helper function - check if a CPUID instruction

-   is available on this CPU */

-static int

-padlock_insn_cpuid_available(void)

-{

-	int result = -1;

-	/* We're checking if the bit #21 of EFLAGS

-	   can be toggled. If yes = CPUID is available. */

-	asm volatile (

-		"pushf\n"

-		"popl %%eax\n"

-		"xorl $0x200000, %%eax\n"

-		"movl %%eax, %%ecx\n"

-		"andl $0x200000, %%ecx\n"

-		"pushl %%eax\n"

-		"popf\n"

-		"pushf\n"

-		"popl %%eax\n"

-		"andl $0x200000, %%eax\n"

-		"xorl %%eax, %%ecx\n"

-		"movl %%ecx, %0\n"

-		: "=r" (result) : : "eax", "ecx");

-	return (result == 0);

-}

-/* Load supported features of the CPU to see if

-   the PadLock is available. */

-static int

-padlock_available(void)

-{

-	char vendor_string[16];

-	unsigned int eax, edx;

-	/* First check if the CPUID instruction is available at all... */

-	if (! padlock_insn_cpuid_available())

-		return 0;

-	/* Are we running on the Centaur (VIA) CPU? */

-	eax = 0x00000000;

-	vendor_string[12] = 0;

-	asm volatile (

-		"pushl	%%ebx\n"

-		"cpuid\n"

-		"movl	%%ebx,(%%edi)\n"

-		"movl	%%edx,4(%%edi)\n"

-		"movl	%%ecx,8(%%edi)\n"

-		"popl	%%ebx"

-		: "+a"(eax) : "D"(vendor_string) : "ecx", "edx");

-	if (strcmp(vendor_string, "CentaurHauls") != 0)

-		return 0;

-	/* Check for Centaur Extended Feature Flags presence */

-	eax = 0xC0000000;

-	asm volatile ("pushl %%ebx; cpuid; popl	%%ebx"

-		: "+a"(eax) : : "ecx", "edx");

-	if (eax < 0xC0000001)

-		return 0;

-	/* Read the Centaur Extended Feature Flags */

-	eax = 0xC0000001;

-	asm volatile ("pushl %%ebx; cpuid; popl %%ebx"

-		: "+a"(eax), "=d"(edx) : : "ecx");

-	/* Fill up some flags */

-	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));

-	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));

-	return padlock_use_ace + padlock_use_rng;

-}

-#ifndef OPENSSL_NO_AES

-/* Our own htonl()/ntohl() */

-static inline void

-padlock_bswapl(AES_KEY *ks)

-{

-	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);

-	unsigned int *key = ks->rd_key;

-	while (i--) {

-		asm volatile ("bswapl %0" : "+r"(*key));

-		key++;

-	}

-}

-#endif

-/* Force key reload from memory to the CPU microcode.

-   Loading EFLAGS from the stack clears EFLAGS[30]

-   which does the trick. */

-static inline void

-padlock_reload_key(void)

-{

-	asm volatile ("pushfl; popfl");

-}

-#ifndef OPENSSL_NO_AES

-/*

- * This is heuristic key context tracing. At first one

- * believes that one should use atomic swap instructions,

- * but it's not actually necessary. Point is that if

- * padlock_saved_context was changed by another thread

- * after we've read it and before we compare it with cdata,

- * our key *shall* be reloaded upon thread context switch

- * and we are therefore set in either case...

- */

-static inline void

-padlock_verify_context(struct padlock_cipher_data *cdata)

-{

-	asm volatile (

-	"pushfl\n"

-"	btl	$30,(%%esp)\n"

-"	jnc	1f\n"

-"	cmpl	%2,%1\n"

-"	je	1f\n"

-"	popfl\n"

-"	subl	$4,%%esp\n"

-"1:	addl	$4,%%esp\n"

-"	movl	%2,%0"

-	:"+m"(padlock_saved_context)

-	: "r"(padlock_saved_context), "r"(cdata) : "cc");

-}

-/* Template for padlock_xcrypt_* modes */

-/* BIG FAT WARNING:

- * 	The offsets used with 'leal' instructions

- * 	describe items of the 'padlock_cipher_data'

- * 	structure.

- */

-#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)	\

-static inline void *name(size_t cnt,		\

-	struct padlock_cipher_data *cdata,	\

-	void *out, const void *inp) 		\

-{	void *iv; 				\

-	asm volatile ( "pushl	%%ebx\n"	\

-		"	leal	16(%0),%%edx\n"	\

-		"	leal	32(%0),%%ebx\n"	\

-			rep_xcrypt "\n"		\

-		"	popl	%%ebx"		\

-		: "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \

-		: "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \

-		: "edx", "cc", "memory");	\

-	return iv;				\

-}

-/* Generate all functions with appropriate opcodes */

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")	/* rep xcryptecb */

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")	/* rep xcryptcbc */

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */

-#endif

-/* The RNG call itself */

-static inline unsigned int

-padlock_xstore(void *addr, unsigned int edx_in)

-{

-	unsigned int eax_out;

-	asm volatile (".byte 0x0f,0xa7,0xc0"	/* xstore */

-	    : "=a"(eax_out),"=m"(*(unsigned *)addr)

-	    : "D"(addr), "d" (edx_in)

-	    );

-	return eax_out;

-}

-/* Why not inline 'rep movsd'? I failed to find information on what

- * value in Direction Flag one can expect and consequently have to

- * apply "better-safe-than-sorry" approach and assume "undefined."

- * I could explicitly clear it and restore the original value upon

- * return from padlock_aes_cipher, but it's presumably too much

- * trouble for too little gain...

- *

- * In case you wonder 'rep xcrypt*' instructions above are *not*

- * affected by the Direction Flag and pointers advance toward

- * larger addresses unconditionally.

- */

-static inline unsigned char *

-padlock_memcpy(void *dst,const void *src,size_t n)

-{

-	long       *d=dst;

-	const long *s=src;

-	n /= sizeof(*d);

-	do { *d++ = *s++; } while (--n);

-	return dst;

-}

-#elif defined(_MSC_VER)

-/*

- * Unlike GCC these are real functions. In order to minimize impact

- * on performance we adhere to __fastcall calling convention in

- * order to get two first arguments passed through %ecx and %edx.

- * Which kind of suits very well, as instructions in question use

- * both %ecx and %edx as input:-)

- */

-#define REP_XCRYPT(code)		\

-	_asm _emit 0xf3			\

-	_asm _emit 0x0f _asm _emit 0xa7	\

-	_asm _emit code

-/* BIG FAT WARNING:

- * 	The offsets used with 'lea' instructions

- * 	describe items of the 'padlock_cipher_data'

- * 	structure.

- */

-#define PADLOCK_XCRYPT_ASM(name,code)	\

-static void * __fastcall 		\

-	name (size_t cnt, void *cdata,	\

-	void *outp, const void *inp)	\

-{	_asm	mov	eax,edx		\

-	_asm	lea	edx,[eax+16]	\

-	_asm	lea	ebx,[eax+32]	\

-	_asm	mov	edi,outp	\

-	_asm	mov	esi,inp		\

-	REP_XCRYPT(code)		\

-}

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)

-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)

-static int __fastcall

-padlock_xstore(void *outp,unsigned int code)

-{	_asm	mov	edi,ecx

-	_asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0

-}

-static void __fastcall

-padlock_reload_key(void)

-{	_asm pushfd _asm popfd		}

-static void __fastcall

-padlock_verify_context(void *cdata)

-{	_asm	{

-		pushfd

-		bt	DWORD PTR[esp],30

-		jnc	skip

-		cmp	ecx,padlock_saved_context

-		je	skip

-		popfd

-		sub	esp,4

-	skip:	add	esp,4

-		mov	padlock_saved_context,ecx

-		}

-}

-static int

-padlock_available(void)

-{	_asm	{

-		pushfd

-		pop	eax

-		mov	ecx,eax

-		xor	eax,1<<21

-		push	eax

-		popfd

-		pushfd

-		pop	eax

-		xor	eax,ecx

-		bt	eax,21

-		jnc	noluck

-		mov	eax,0

-		cpuid

-		xor	eax,eax

-		cmp	ebx,'tneC'

-		jne	noluck

-		cmp	edx,'Hrua'

-		jne	noluck

-		cmp	ecx,'slua'

-		jne	noluck

-		mov	eax,0xC0000000

-		cpuid

-		mov	edx,eax

-		xor	eax,eax

-		cmp	edx,0xC0000001

-		jb	noluck

-		mov	eax,0xC0000001

-		cpuid

-		xor	eax,eax

-		bt	edx,6

-		jnc	skip_a

-		bt	edx,7

-		jnc	skip_a

-		mov	padlock_use_ace,1

-		inc	eax

-	skip_a:	bt	edx,2

-		jnc	skip_r

-		bt	edx,3

-		jnc	skip_r

-		mov	padlock_use_rng,1

-		inc	eax

-	skip_r:

-	noluck:

-		}

-}

-static void __fastcall

-padlock_bswapl(void *key)

-{	_asm	{

-		pushfd

-		cld

-		mov	esi,ecx

-		mov	edi,ecx

-		mov	ecx,60

-	up:	lodsd

-		bswap	eax

-		stosd

-		loop	up

-		popfd

-		}

-}

-/* MS actually specifies status of Direction Flag and compiler even

- * manages to compile following as 'rep movsd' all by itself...

- */

-#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))

-#endif

-/* ===== AES encryption/decryption ===== */

-#ifndef OPENSSL_NO_AES

-#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)

-#define NID_aes_128_cfb	NID_aes_128_cfb128

-#endif

-#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)

-#define NID_aes_128_ofb	NID_aes_128_ofb128

-#endif

-#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)

-#define NID_aes_192_cfb	NID_aes_192_cfb128

-#endif

-#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)

-#define NID_aes_192_ofb	NID_aes_192_ofb128

-#endif

-#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)

-#define NID_aes_256_cfb	NID_aes_256_cfb128

-#endif

-#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)

-#define NID_aes_256_ofb	NID_aes_256_ofb128

-#endif

-/* List of supported ciphers. */

-static int padlock_cipher_nids[] = {

-	NID_aes_128_ecb,

-	NID_aes_128_cbc,

-	NID_aes_128_cfb,

-	NID_aes_128_ofb,

-	NID_aes_192_ecb,

-	NID_aes_192_cbc,

-	NID_aes_192_cfb,

-	NID_aes_192_ofb,

-	NID_aes_256_ecb,

-	NID_aes_256_cbc,

-	NID_aes_256_cfb,

-	NID_aes_256_ofb,

-};

-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/

-				      sizeof(padlock_cipher_nids[0]));

-/* Function prototypes ... */

-static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-				const unsigned char *iv, int enc);

-static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			      const unsigned char *in, size_t nbytes);

-#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +		\

-	( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )	)

-#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\

-	NEAREST_ALIGNED(ctx->cipher_data))

-#define EVP_CIPHER_block_size_ECB	AES_BLOCK_SIZE

-#define EVP_CIPHER_block_size_CBC	AES_BLOCK_SIZE

-#define EVP_CIPHER_block_size_OFB	1

-#define EVP_CIPHER_block_size_CFB	1

-/* Declaring so many ciphers by hand would be a pain.

-   Instead introduce a bit of preprocessor magic :-) */

-#define	DECLARE_AES_EVP(ksize,lmode,umode)	\

-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = {	\

-	NID_aes_##ksize##_##lmode,		\

-	EVP_CIPHER_block_size_##umode,	\

-	AES_KEY_SIZE_##ksize,		\

-	AES_BLOCK_SIZE,			\

-	0 | EVP_CIPH_##umode##_MODE,	\

-	padlock_aes_init_key,		\

-	padlock_aes_cipher,		\

-	NULL,				\

-	sizeof(struct padlock_cipher_data) + 16,	\

-	EVP_CIPHER_set_asn1_iv,		\

-	EVP_CIPHER_get_asn1_iv,		\

-	NULL,				\

-	NULL				\

-}

-DECLARE_AES_EVP(128,ecb,ECB);

-DECLARE_AES_EVP(128,cbc,CBC);

-DECLARE_AES_EVP(128,cfb,CFB);

-DECLARE_AES_EVP(128,ofb,OFB);

-DECLARE_AES_EVP(192,ecb,ECB);

-DECLARE_AES_EVP(192,cbc,CBC);

-DECLARE_AES_EVP(192,cfb,CFB);

-DECLARE_AES_EVP(192,ofb,OFB);

-DECLARE_AES_EVP(256,ecb,ECB);

-DECLARE_AES_EVP(256,cbc,CBC);

-DECLARE_AES_EVP(256,cfb,CFB);

-DECLARE_AES_EVP(256,ofb,OFB);

-static int

-padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)

-{

-	/* No specific cipher => return a list of supported nids ... */

-	if (!cipher) {

-		*nids = padlock_cipher_nids;

-		return padlock_cipher_nids_num;

-	}

-	/* ... or the requested "cipher" otherwise */

-	switch (nid) {

-	  case NID_aes_128_ecb:

-	    *cipher = &padlock_aes_128_ecb;

-	    break;

-	  case NID_aes_128_cbc:

-	    *cipher = &padlock_aes_128_cbc;

-	    break;

-	  case NID_aes_128_cfb:

-	    *cipher = &padlock_aes_128_cfb;

-	    break;

-	  case NID_aes_128_ofb:

-	    *cipher = &padlock_aes_128_ofb;

-	    break;

-	  case NID_aes_192_ecb:

-	    *cipher = &padlock_aes_192_ecb;

-	    break;

-	  case NID_aes_192_cbc:

-	    *cipher = &padlock_aes_192_cbc;

-	    break;

-	  case NID_aes_192_cfb:

-	    *cipher = &padlock_aes_192_cfb;

-	    break;

-	  case NID_aes_192_ofb:

-	    *cipher = &padlock_aes_192_ofb;

-	    break;

-	  case NID_aes_256_ecb:

-	    *cipher = &padlock_aes_256_ecb;

-	    break;

-	  case NID_aes_256_cbc:

-	    *cipher = &padlock_aes_256_cbc;

-	    break;

-	  case NID_aes_256_cfb:

-	    *cipher = &padlock_aes_256_cfb;

-	    break;

-	  case NID_aes_256_ofb:

-	    *cipher = &padlock_aes_256_ofb;

-	    break;

-	  default:

-	    /* Sorry, we don't support this NID */

-	    *cipher = NULL;

-	    return 0;

-	}

-	return 1;

-}

-/* Prepare the encryption key for PadLock usage */

-static int

-padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,

-		      const unsigned char *iv, int enc)

-{

-	struct padlock_cipher_data *cdata;

-	int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;

-	if (key==NULL) return 0;	/* ERROR */

-	cdata = ALIGNED_CIPHER_DATA(ctx);

-	memset(cdata, 0, sizeof(struct padlock_cipher_data));

-	/* Prepare Control word. */

-	if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)

-		cdata->cword.b.encdec = 0;

-	else

-		cdata->cword.b.encdec = (ctx->encrypt == 0);

-	cdata->cword.b.rounds = 10 + (key_len - 128) / 32;

-	cdata->cword.b.ksize = (key_len - 128) / 64;

-	switch(key_len) {

-		case 128:

-			/* PadLock can generate an extended key for

-			   AES128 in hardware */

-			memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);

-			cdata->cword.b.keygen = 0;

-			break;

-		case 192:

-		case 256:

-			/* Generate an extended AES key in software.

-			   Needed for AES192/AES256 */

-			/* Well, the above applies to Stepping 8 CPUs

-			   and is listed as hardware errata. They most

-			   likely will fix it at some point and then

-			   a check for stepping would be due here. */

-			if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||

-			    EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||

-			    enc)

-				AES_set_encrypt_key(key, key_len, &cdata->ks);

-			else

-				AES_set_decrypt_key(key, key_len, &cdata->ks);

-#ifndef AES_ASM

-			/* OpenSSL C functions use byte-swapped extended key. */

-			padlock_bswapl(&cdata->ks);

-#endif

-			cdata->cword.b.keygen = 1;

-			break;

-		default:

-			/* ERROR */

-			return 0;

-	}

-	/*

-	 * This is done to cover for cases when user reuses the

-	 * context for new key. The catch is that if we don't do

-	 * this, padlock_eas_cipher might proceed with old key...

-	 */

-	padlock_reload_key ();

-	return 1;

-}

-/*

- * Simplified version of padlock_aes_cipher() used when

- * 1) both input and output buffers are at aligned addresses.

- * or when

- * 2) running on a newer CPU that doesn't require aligned buffers.

- */

-static int

-padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,

-		const unsigned char *in_arg, size_t nbytes)

-{

-	struct padlock_cipher_data *cdata;

-	void  *iv;

-	cdata = ALIGNED_CIPHER_DATA(ctx);

-	padlock_verify_context(cdata);

-	switch (EVP_CIPHER_CTX_mode(ctx)) {

-	case EVP_CIPH_ECB_MODE:

-		padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);

-		break;

-	case EVP_CIPH_CBC_MODE:

-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);

-		iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);

-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);

-		break;

-	case EVP_CIPH_CFB_MODE:

-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);

-		iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);

-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);

-		break;

-	case EVP_CIPH_OFB_MODE:

-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);

-		padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);

-		memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);

-		break;

-	default:

-		return 0;

-	}

-	memset(cdata->iv, 0, AES_BLOCK_SIZE);

-	return 1;

-}

-#ifndef  PADLOCK_CHUNK

-# define PADLOCK_CHUNK	512	/* Must be a power of 2 larger than 16 */

-#endif

-#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)

-# error "insane PADLOCK_CHUNK..."

-#endif

-/* Re-align the arguments to 16-Bytes boundaries and run the

-   encryption function itself. This function is not AES-specific. */

-static int

-padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,

-		   const unsigned char *in_arg, size_t nbytes)

-{

-	struct padlock_cipher_data *cdata;

-	const  void *inp;

-	unsigned char  *out;

-	void  *iv;

-	int    inp_misaligned, out_misaligned, realign_in_loop;

-	size_t chunk, allocated=0;

-	/* ctx->num is maintained in byte-oriented modes,

-	   such as CFB and OFB... */

-	if ((chunk = ctx->num)) { /* borrow chunk variable */

-		unsigned char *ivp=ctx->iv;

-		switch (EVP_CIPHER_CTX_mode(ctx)) {

-		case EVP_CIPH_CFB_MODE:

-			if (chunk >= AES_BLOCK_SIZE)

-				return 0; /* bogus value */

-			if (ctx->encrypt)

-				while (chunk<AES_BLOCK_SIZE && nbytes!=0) {

-					ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];

-					chunk++, nbytes--;

-				}

-			else	while (chunk<AES_BLOCK_SIZE && nbytes!=0) {

-					unsigned char c = *(in_arg++);

-					*(out_arg++) = c ^ ivp[chunk];

-					ivp[chunk++] = c, nbytes--;

-				}

-			ctx->num = chunk%AES_BLOCK_SIZE;

-			break;

-		case EVP_CIPH_OFB_MODE:

-			if (chunk >= AES_BLOCK_SIZE)

-				return 0; /* bogus value */

-			while (chunk<AES_BLOCK_SIZE && nbytes!=0) {

-				*(out_arg++) = *(in_arg++) ^ ivp[chunk];

-				chunk++, nbytes--;

-			}

-			ctx->num = chunk%AES_BLOCK_SIZE;

-			break;

-		}

-	}

-	if (nbytes == 0)

-		return 1;

-#if 0

-	if (nbytes % AES_BLOCK_SIZE)

-		return 0; /* are we expected to do tail processing? */

-#else

-	/* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC

-	   modes and arbitrary value in byte-oriented modes, such as

-	   CFB and OFB... */

-#endif

-	/* VIA promises CPUs that won't require alignment in the future.

-	   For now padlock_aes_align_required is initialized to 1 and

-	   the condition is never met... */

-	/* C7 core is capable to manage unaligned input in non-ECB[!]

-	   mode, but performance penalties appear to be approximately

-	   same as for software alignment below or ~3x. They promise to

-	   improve it in the future, but for now we can just as well

-	   pretend that it can only handle aligned input... */

-	if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0)

-		return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);

-	inp_misaligned = (((size_t)in_arg) & 0x0F);

-	out_misaligned = (((size_t)out_arg) & 0x0F);

-	/* Note that even if output is aligned and input not,

-	 * I still prefer to loop instead of copy the whole

-	 * input and then encrypt in one stroke. This is done

-	 * in order to improve L1 cache utilization... */

-	realign_in_loop = out_misaligned|inp_misaligned;

-	if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0)

-		return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);

-	/* this takes one "if" out of the loops */

-	chunk  = nbytes;

-	chunk %= PADLOCK_CHUNK;

-	if (chunk==0) chunk = PADLOCK_CHUNK;

-	if (out_misaligned) {

-		/* optmize for small input */

-		allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes);

-		out = alloca(0x10 + allocated);

-		out = NEAREST_ALIGNED(out);

-	}

-	else

-		out = out_arg;

-	cdata = ALIGNED_CIPHER_DATA(ctx);

-	padlock_verify_context(cdata);

-	switch (EVP_CIPHER_CTX_mode(ctx)) {

-	case EVP_CIPH_ECB_MODE:

-		do	{

-			if (inp_misaligned)

-				inp = padlock_memcpy(out, in_arg, chunk);

-			else

-				inp = in_arg;

-			in_arg += chunk;

-			padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp);

-			if (out_misaligned)

-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;

-			else

-				out     = out_arg+=chunk;

-			nbytes -= chunk;

-			chunk   = PADLOCK_CHUNK;

-		} while (nbytes);

-		break;

-	case EVP_CIPH_CBC_MODE:

-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);

-		goto cbc_shortcut;

-		do	{

-			if (iv != cdata->iv)

-				memcpy(cdata->iv, iv, AES_BLOCK_SIZE);

-			chunk = PADLOCK_CHUNK;

-		cbc_shortcut: /* optimize for small input */

-			if (inp_misaligned)

-				inp = padlock_memcpy(out, in_arg, chunk);

-			else

-				inp = in_arg;

-			in_arg += chunk;

-			iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp);

-			if (out_misaligned)

-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;

-			else

-				out     = out_arg+=chunk;

-		} while (nbytes -= chunk);

-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);

-		break;

-	case EVP_CIPH_CFB_MODE:

-		memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);

-		chunk &= ~(AES_BLOCK_SIZE-1);

-		if (chunk)	goto cfb_shortcut;

-		else		goto cfb_skiploop;

-		do	{

-			if (iv != cdata->iv)

-				memcpy(cdata->iv, iv, AES_BLOCK_SIZE);

-			chunk = PADLOCK_CHUNK;

-		cfb_shortcut: /* optimize for small input */

-			if (inp_misaligned)

-				inp = padlock_memcpy(out, in_arg, chunk);

-			else

-				inp = in_arg;

-			in_arg += chunk;

-			iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp);

-			if (out_misaligned)

-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;

-			else

-				out     = out_arg+=chunk;

-			nbytes -= chunk;

-		} while (nbytes >= AES_BLOCK_SIZE);

-		cfb_skiploop:

-		if (nbytes) {

-			unsigned char *ivp = cdata->iv;

-			if (iv != ivp) {

-				memcpy(ivp, iv, AES_BLOCK_SIZE);

-				iv = ivp;

-			}

-			ctx->num = nbytes;

-			if (cdata->cword.b.encdec) {

-				cdata->cword.b.encdec=0;

-				padlock_reload_key();

-				padlock_xcrypt_ecb(1,cdata,ivp,ivp);

-				cdata->cword.b.encdec=1;

-				padlock_reload_key();

-				while(nbytes) {

-					unsigned char c = *(in_arg++);

-					*(out_arg++) = c ^ *ivp;

-					*(ivp++) = c, nbytes--;

-				}

-			}

-			else {	padlock_reload_key();

-				padlock_xcrypt_ecb(1,cdata,ivp,ivp);

-				padlock_reload_key();

-				while (nbytes) {

-					*ivp = *(out_arg++) = *(in_arg++) ^ *ivp;

-					ivp++, nbytes--;

-				}

-			}

-		}

-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);

-		break;

-	case EVP_CIPH_OFB_MODE:

-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);

-		chunk &= ~(AES_BLOCK_SIZE-1);

-		if (chunk) do	{

-			if (inp_misaligned)

-				inp = padlock_memcpy(out, in_arg, chunk);

-			else

-				inp = in_arg;

-			in_arg += chunk;

-			padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp);

-			if (out_misaligned)

-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;

-			else

-				out     = out_arg+=chunk;

-			nbytes -= chunk;

-			chunk   = PADLOCK_CHUNK;

-		} while (nbytes >= AES_BLOCK_SIZE);

-		if (nbytes) {

-			unsigned char *ivp = cdata->iv;

-			ctx->num = nbytes;

-			padlock_reload_key();	/* empirically found */

-			padlock_xcrypt_ecb(1,cdata,ivp,ivp);

-			padlock_reload_key();	/* empirically found */

-			while (nbytes) {

-				*(out_arg++) = *(in_arg++) ^ *ivp;

-				ivp++, nbytes--;

-			}

-		}

-		memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);

-		break;

-	default:

-		return 0;

-	}

-	/* Clean the realign buffer if it was used */

-	if (out_misaligned) {

-		volatile unsigned long *p=(void *)out;

-		size_t   n = allocated/sizeof(*p);

-		while (n--) *p++=0;

-	}

-	memset(cdata->iv, 0, AES_BLOCK_SIZE);

-	return 1;

-}

-#endif /* OPENSSL_NO_AES */

-/* ===== Random Number Generator ===== */

-/*

- * This code is not engaged. The reason is that it does not comply

- * with recommendations for VIA RNG usage for secure applications

- * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it

- * provide meaningful error control...

- */

-/* Wrapper that provides an interface between the API and

-   the raw PadLock RNG */

-static int

-padlock_rand_bytes(unsigned char *output, int count)

-{

-	unsigned int eax, buf;

-	while (count >= 8) {

-		eax = padlock_xstore(output, 0);

-		if (!(eax&(1<<6)))	return 0; /* RNG disabled */

-		/* this ---vv--- covers DC bias, Raw Bits and String Filter */

-		if (eax&(0x1F<<10))	return 0;

-		if ((eax&0x1F)==0)	continue; /* no data, retry... */

-		if ((eax&0x1F)!=8)	return 0; /* fatal failure...  */

-		output += 8;

-		count  -= 8;

-	}

-	while (count > 0) {

-		eax = padlock_xstore(&buf, 3);

-		if (!(eax&(1<<6)))	return 0; /* RNG disabled */

-		/* this ---vv--- covers DC bias, Raw Bits and String Filter */

-		if (eax&(0x1F<<10))	return 0;

-		if ((eax&0x1F)==0)	continue; /* no data, retry... */

-		if ((eax&0x1F)!=1)	return 0; /* fatal failure...  */

-		*output++ = (unsigned char)buf;

-		count--;

-	}

-	*(volatile unsigned int *)&buf=0;

-	return 1;

-}

-/* Dummy but necessary function */

-static int

-padlock_rand_status(void)

-{

-	return 1;

-}

-/* Prepare structure for registration */

-static RAND_METHOD padlock_rand = {

-	NULL,			/* seed */

-	padlock_rand_bytes,	/* bytes */

-	NULL,			/* cleanup */

-	NULL,			/* add */

-	padlock_rand_bytes,	/* pseudorand */

-	padlock_rand_status,	/* rand status */

-};

-#endif /* COMPILE_HW_PADLOCK */

-#endif /* !OPENSSL_NO_HW_PADLOCK */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_pkey.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* crypto/engine/eng_pkey.c */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* Basic get/set stuff */

-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)

-	{

-	e->load_privkey = loadpriv_f;

-	return 1;

-	}

-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)

-	{

-	e->load_pubkey = loadpub_f;

-	return 1;

-	}

-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)

-	{

-	return e->load_privkey;

-	}

-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)

-	{

-	return e->load_pubkey;

-	}

-/* API functions to load public/private keys */

-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data)

-	{

-	EVP_PKEY *pkey;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(e->funct_ref == 0)

-		{

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,

-			ENGINE_R_NOT_INITIALISED);

-		return 0;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	if (!e->load_privkey)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,

-			ENGINE_R_NO_LOAD_FUNCTION);

-		return 0;

-		}

-	pkey = e->load_privkey(e, key_id, ui_method, callback_data);

-	if (!pkey)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,

-			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);

-		return 0;

-		}

-	return pkey;

-	}

-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data)

-	{

-	EVP_PKEY *pkey;

-	if(e == NULL)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(e->funct_ref == 0)

-		{

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,

-			ENGINE_R_NOT_INITIALISED);

-		return 0;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	if (!e->load_pubkey)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,

-			ENGINE_R_NO_LOAD_FUNCTION);

-		return 0;

-		}

-	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);

-	if (!pkey)

-		{

-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,

-			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);

-		return 0;

-		}

-	return pkey;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/eng_table.c

+++ /dev/null

@@ -1,315 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/lhash.h>

-#include "eng_int.h"

-/* The type of the items in the table */

-typedef struct st_engine_pile

-	{

-	/* The 'nid' of this algorithm/mode */

-	int nid;

-	/* ENGINEs that implement this algorithm/mode. */

-	STACK_OF(ENGINE) *sk;

-	/* The default ENGINE to perform this algorithm/mode. */

-	ENGINE *funct;

-	/* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */

-	int uptodate;

-	} ENGINE_PILE;

-/* The type exposed in eng_int.h */

-struct st_engine_table

-	{

-	LHASH piles;

-	}; /* ENGINE_TABLE */

-/* Global flags (ENGINE_TABLE_FLAG_***). */

-static unsigned int table_flags = 0;

-/* API function manipulating 'table_flags' */

-unsigned int ENGINE_get_table_flags(void)

-	{

-	return table_flags;

-	}

-void ENGINE_set_table_flags(unsigned int flags)

-	{

-	table_flags = flags;

-	}

-/* Internal functions for the "piles" hash table */

-static unsigned long engine_pile_hash(const ENGINE_PILE *c)

-	{

-	return c->nid;

-	}

-static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)

-	{

-	return a->nid - b->nid;

-	}

-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)

-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)

-static int int_table_check(ENGINE_TABLE **t, int create)

-	{

-	LHASH *lh;

-	if(*t) return 1;

-	if(!create) return 0;

-	if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),

-			LHASH_COMP_FN(engine_pile_cmp))) == NULL)

-		return 0;

-	*t = (ENGINE_TABLE *)lh;

-	return 1;

-	}

-/* Privately exposed (via eng_int.h) functions for adding and/or removing

- * ENGINEs from the implementation table */

-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,

-		ENGINE *e, const int *nids, int num_nids, int setdefault)

-	{

-	int ret = 0, added = 0;

-	ENGINE_PILE tmplate, *fnd;

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(!(*table))

-		added = 1;

-	if(!int_table_check(table, 1))

-		goto end;

-	if(added)

-		/* The cleanup callback needs to be added */

-		engine_cleanup_add_first(cleanup);

-	while(num_nids--)

-		{

-		tmplate.nid = *nids;

-		fnd = lh_retrieve(&(*table)->piles, &tmplate);

-		if(!fnd)

-			{

-			fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));

-			if(!fnd) goto end;

-			fnd->uptodate = 0;

-			fnd->nid = *nids;

-			fnd->sk = sk_ENGINE_new_null();

-			if(!fnd->sk)

-				{

-				OPENSSL_free(fnd);

-				goto end;

-				}

-			fnd->funct = NULL;

-			lh_insert(&(*table)->piles, fnd);

-			}

-		/* A registration shouldn't add duplciate entries */

-		(void)sk_ENGINE_delete_ptr(fnd->sk, e);

-		/* if 'setdefault', this ENGINE goes to the head of the list */

-		if(!sk_ENGINE_push(fnd->sk, e))

-			goto end;

-		/* "touch" this ENGINE_PILE */

-		fnd->uptodate = 1;

-		if(setdefault)

-			{

-			if(!engine_unlocked_init(e))

-				{

-				ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,

-						ENGINE_R_INIT_FAILED);

-				goto end;

-				}

-			if(fnd->funct)

-				engine_unlocked_finish(fnd->funct, 0);

-			fnd->funct = e;

-			}

-		nids++;

-		}

-	ret = 1;

-end:

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return ret;

-	}

-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)

-	{

-	int n;

-	/* Iterate the 'c->sk' stack removing any occurance of 'e' */

-	while((n = sk_ENGINE_find(pile->sk, e)) >= 0)

-		{

-		(void)sk_ENGINE_delete(pile->sk, n);

-		/* "touch" this ENGINE_CIPHER */

-		pile->uptodate = 1;

-		}

-	if(pile->funct == e)

-		{

-		engine_unlocked_finish(e, 0);

-		pile->funct = NULL;

-		}

-	}

-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)

-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(int_table_check(table, 0))

-		lh_doall_arg(&(*table)->piles,

-			LHASH_DOALL_ARG_FN(int_unregister_cb), e);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	}

-static void int_cleanup_cb(ENGINE_PILE *p)

-	{

-	sk_ENGINE_free(p->sk);

-	if(p->funct)

-		engine_unlocked_finish(p->funct, 0);

-	OPENSSL_free(p);

-	}

-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)

-void engine_table_cleanup(ENGINE_TABLE **table)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	if(*table)

-		{

-		lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));

-		lh_free(&(*table)->piles);

-		*table = NULL;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	}

-/* return a functional reference for a given 'nid' */

-#ifndef ENGINE_TABLE_DEBUG

-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)

-#else

-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)

-#endif

-	{

-	ENGINE *ret = NULL;

-	ENGINE_PILE tmplate, *fnd=NULL;

-	int initres, loop = 0;

-	if(!(*table))

-		{

-#ifdef ENGINE_TABLE_DEBUG

-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "

-			"registered!\n", f, l, nid);

-#endif

-		return NULL;

-		}

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	/* Check again inside the lock otherwise we could race against cleanup

-	 * operations. But don't worry about a fprintf(stderr). */

-	if(!int_table_check(table, 0)) goto end;

-	tmplate.nid = nid;

-	fnd = lh_retrieve(&(*table)->piles, &tmplate);

-	if(!fnd) goto end;

-	if(fnd->funct && engine_unlocked_init(fnd->funct))

-		{

-#ifdef ENGINE_TABLE_DEBUG

-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "

-			"ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);

-#endif

-		ret = fnd->funct;

-		goto end;

-		}

-	if(fnd->uptodate)

-		{

-		ret = fnd->funct;

-		goto end;

-		}

-trynext:

-	ret = sk_ENGINE_value(fnd->sk, loop++);

-	if(!ret)

-		{

-#ifdef ENGINE_TABLE_DEBUG

-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "

-				"registered implementations would initialise\n",

-				f, l, nid);

-#endif

-		goto end;

-		}

-	/* Try to initialise the ENGINE? */

-	if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))

-		initres = engine_unlocked_init(ret);

-	else

-		initres = 0;

-	if(initres)

-		{

-		/* Update 'funct' */

-		if((fnd->funct != ret) && engine_unlocked_init(ret))

-			{

-			/* If there was a previous default we release it. */

-			if(fnd->funct)

-				engine_unlocked_finish(fnd->funct, 0);

-			fnd->funct = ret;

-#ifdef ENGINE_TABLE_DEBUG

-			fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "

-				"setting default to '%s'\n", f, l, nid, ret->id);

-#endif

-			}

-#ifdef ENGINE_TABLE_DEBUG

-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "

-				"newly initialised '%s'\n", f, l, nid, ret->id);

-#endif

-		goto end;

-		}

-	goto trynext;

-end:

-	/* If it failed, it is unlikely to succeed again until some future

-	 * registrations have taken place. In all cases, we cache. */

-	if(fnd) fnd->uptodate = 1;

-#ifdef ENGINE_TABLE_DEBUG

-	if(ret)

-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "

-				"ENGINE '%s'\n", f, l, nid, ret->id);

-	else

-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "

-				"'no matching ENGINE'\n", f, l, nid);

-#endif

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	/* Whatever happened, any failed init()s are not failures in this

-	 * context, so clear our error state. */

-	ERR_clear_error();

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/engine.h

+++ /dev/null

@@ -1,785 +1,0 @@

-/* openssl/engine.h */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_ENGINE_H

-#define HEADER_ENGINE_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_ENGINE

-#error ENGINE is disabled.

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#ifndef OPENSSL_NO_ECDH

-#include <openssl/ecdh.h>

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#include <openssl/ecdsa.h>

-#endif

-#include <openssl/rand.h>

-#include <openssl/store.h>

-#include <openssl/ui.h>

-#include <openssl/err.h>

-#endif

-#include <openssl/ossl_typ.h>

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* These flags are used to control combinations of algorithm (methods)

- * by bitwise "OR"ing. */

-#define ENGINE_METHOD_RSA		(unsigned int)0x0001

-#define ENGINE_METHOD_DSA		(unsigned int)0x0002

-#define ENGINE_METHOD_DH		(unsigned int)0x0004

-#define ENGINE_METHOD_RAND		(unsigned int)0x0008

-#define ENGINE_METHOD_ECDH		(unsigned int)0x0010

-#define ENGINE_METHOD_ECDSA		(unsigned int)0x0020

-#define ENGINE_METHOD_CIPHERS		(unsigned int)0x0040

-#define ENGINE_METHOD_DIGESTS		(unsigned int)0x0080

-#define ENGINE_METHOD_STORE		(unsigned int)0x0100

-/* Obvious all-or-nothing cases. */

-#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF

-#define ENGINE_METHOD_NONE		(unsigned int)0x0000

-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used

- * internally to control registration of ENGINE implementations, and can be set

- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to

- * initialise registered ENGINEs if they are not already initialised. */

-#define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001

-/* ENGINE flags that can be set by ENGINE_set_flags(). */

-/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */

-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related

- * control commands on their own. Without this flag, ENGINE_ctrl() handles these

- * control commands on behalf of the ENGINE using their "cmd_defns" data. */

-#define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002

-/* This flag is for ENGINEs who return new duplicate structures when found via

- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()

- * commands are called in sequence as part of some stateful process like

- * key-generation setup and execution), it can set this flag - then each attempt

- * to obtain the ENGINE will result in it being copied into a new structure.

- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments

- * the existing ENGINE's structural reference count. */

-#define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004

-/* ENGINEs can support their own command types, and these flags are used in

- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each

- * command expects. Currently only numeric and string input is supported. If a

- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,

- * then it is regarded as an "internal" control command - and not for use in

- * config setting situations. As such, they're not available to the

- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to

- * this list of 'command types' should be reflected carefully in

- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */

-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */

-#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001

-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to

- * ENGINE_ctrl) */

-#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002

-/* Indicates that the control command takes *no* input. Ie. the control command

- * is unparameterised. */

-#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004

-/* Indicates that the control command is internal. This control command won't

- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()

- * function. */

-#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008

-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs

- * relying on these commands should compile conditional support for

- * compatibility (eg. if these symbols are defined) but should also migrate the

- * same functionality to their own ENGINE-specific control functions that can be

- * "discovered" by calling applications. The fact these control commands

- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the

- * fact that application code can find and use them without requiring per-ENGINE

- * hacking. */

-/* These flags are used to tell the ctrl function what should be done.

- * All command numbers are shared between all engines, even if some don't

- * make sense to some engines.  In such a case, they do nothing but return

- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */

-#define ENGINE_CTRL_SET_LOGSTREAM		1

-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2

-#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any

-						     handles/connections etc. */

-#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */

-#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used

-						     when calling the password

-						     callback and the user

-						     interface */

-#define ENGINE_CTRL_LOAD_CONFIGURATION		6 /* Load a configuration, given

-						     a string that represents a

-						     file name or so */

-#define ENGINE_CTRL_LOAD_SECTION		7 /* Load data from a given

-						     section in the already loaded

-						     configuration */

-/* These control commands allow an application to deal with an arbitrary engine

- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE

- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,

- * including ENGINE-specific command types, return zero for an error.

- *

- * An ENGINE can choose to implement these ctrl functions, and can internally

- * manage things however it chooses - it does so by setting the

- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the

- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns

- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()

- * handler need only implement its own commands - the above "meta" commands will

- * be taken care of. */

-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then

- * all the remaining control commands will return failure, so it is worth

- * checking this first if the caller is trying to "discover" the engine's

- * capabilities and doesn't want errors generated unnecessarily. */

-#define ENGINE_CTRL_HAS_CTRL_FUNCTION		10

-/* Returns a positive command number for the first command supported by the

- * engine. Returns zero if no ctrl commands are supported. */

-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11

-/* The 'long' argument specifies a command implemented by the engine, and the

- * return value is the next command supported, or zero if there are no more. */

-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12

-/* The 'void*' argument is a command name (cast from 'const char *'), and the

- * return value is the command that corresponds to it. */

-#define ENGINE_CTRL_GET_CMD_FROM_NAME		13

-/* The next two allow a command to be converted into its corresponding string

- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN

- * case, the return value is the length of the command name (not counting a

- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer

- * large enough, and it will be populated with the name of the command (WITH a

- * trailing EOL). */

-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14

-#define ENGINE_CTRL_GET_NAME_FROM_CMD		15

-/* The next two are similar but give a "short description" of a command. */

-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16

-#define ENGINE_CTRL_GET_DESC_FROM_CMD		17

-/* With this command, the return value is the OR'd combination of

- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given

- * engine-specific ctrl command expects. */

-#define ENGINE_CTRL_GET_CMD_FLAGS		18

-/* ENGINE implementations should start the numbering of their own control

- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */

-#define ENGINE_CMD_BASE				200

-/* NB: These 2 nCipher "chil" control commands are deprecated, and their

- * functionality is now available through ENGINE-specific control commands

- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2

- * commands should be migrated to the more general command handling before these

- * are removed. */

-/* Flags specific to the nCipher "chil" engine */

-#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100

-	/* Depending on the value of the (long)i argument, this sets or

-	 * unsets the SimpleForkCheck flag in the CHIL API to enable or

-	 * disable checking and workarounds for applications that fork().

-	 */

-#define ENGINE_CTRL_CHIL_NO_LOCKING		101

-	/* This prevents the initialisation function from providing mutex

-	 * callbacks to the nCipher library. */

-/* If an ENGINE supports its own specific control commands and wishes the

- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its

- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries

- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that

- * supports the stated commands (ie. the "cmd_num" entries as described by the

- * array). NB: The array must be ordered in increasing order of cmd_num.

- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set

- * to zero and/or cmd_name set to NULL. */

-typedef struct ENGINE_CMD_DEFN_st

-	{

-	unsigned int cmd_num; /* The command number */

-	const char *cmd_name; /* The command name itself */

-	const char *cmd_desc; /* A short description of the command */

-	unsigned int cmd_flags; /* The input the command expects */

-	} ENGINE_CMD_DEFN;

-/* Generic function pointer */

-typedef int (*ENGINE_GEN_FUNC_PTR)(void);

-/* Generic function pointer taking no arguments */

-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);

-/* Specific control function pointer */

-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));

-/* Generic load_key function pointer */

-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,

-	UI_METHOD *ui_method, void *callback_data);

-/* These callback types are for an ENGINE's handler for cipher and digest logic.

- * These handlers have these prototypes;

- *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);

- *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);

- * Looking at how to implement these handlers in the case of cipher support, if

- * the framework wants the EVP_CIPHER for 'nid', it will call;

- *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)

- * If the framework wants a list of supported 'nid's, it will call;

- *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)

- */

-/* Returns to a pointer to the array of supported cipher 'nid's. If the second

- * parameter is non-NULL it is set to the size of the returned array. */

-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);

-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);

-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE

- * structures where the pointers have a "structural reference". This means that

- * their reference is to allowed access to the structure but it does not imply

- * that the structure is functional. To simply increment or decrement the

- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not

- * required when iterating using ENGINE_get_next as it will automatically

- * decrement the structural reference count of the "current" ENGINE and

- * increment the structural reference count of the ENGINE it returns (unless it

- * is NULL). */

-/* Get the first/last "ENGINE" type available. */

-ENGINE *ENGINE_get_first(void);

-ENGINE *ENGINE_get_last(void);

-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */

-ENGINE *ENGINE_get_next(ENGINE *e);

-ENGINE *ENGINE_get_prev(ENGINE *e);

-/* Add another "ENGINE" type into the array. */

-int ENGINE_add(ENGINE *e);

-/* Remove an existing "ENGINE" type from the array. */

-int ENGINE_remove(ENGINE *e);

-/* Retrieve an engine from the list by its unique "id" value. */

-ENGINE *ENGINE_by_id(const char *id);

-/* Add all the built-in engines. */

-void ENGINE_load_openssl(void);

-void ENGINE_load_dynamic(void);

-#ifndef OPENSSL_NO_STATIC_ENGINE

-void ENGINE_load_4758cca(void);

-void ENGINE_load_aep(void);

-void ENGINE_load_atalla(void);

-void ENGINE_load_chil(void);

-void ENGINE_load_cswift(void);

-#ifndef OPENSSL_NO_GMP

-void ENGINE_load_gmp(void);

-#endif

-void ENGINE_load_nuron(void);

-void ENGINE_load_sureware(void);

-void ENGINE_load_ubsec(void);

-#endif

-void ENGINE_load_cryptodev(void);

-void ENGINE_load_padlock(void);

-void ENGINE_load_builtin_engines(void);

-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation

- * "registry" handling. */

-unsigned int ENGINE_get_table_flags(void);

-void ENGINE_set_table_flags(unsigned int flags);

-/* Manage registration of ENGINEs per "table". For each type, there are 3

- * functions;

- *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)

- *   ENGINE_unregister_***(e) - unregister the implementation from 'e'

- *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list

- * Cleanup is automatically registered from each table when required, so

- * ENGINE_cleanup() will reverse any "register" operations. */

-int ENGINE_register_RSA(ENGINE *e);

-void ENGINE_unregister_RSA(ENGINE *e);

-void ENGINE_register_all_RSA(void);

-int ENGINE_register_DSA(ENGINE *e);

-void ENGINE_unregister_DSA(ENGINE *e);

-void ENGINE_register_all_DSA(void);

-int ENGINE_register_ECDH(ENGINE *e);

-void ENGINE_unregister_ECDH(ENGINE *e);

-void ENGINE_register_all_ECDH(void);

-int ENGINE_register_ECDSA(ENGINE *e);

-void ENGINE_unregister_ECDSA(ENGINE *e);

-void ENGINE_register_all_ECDSA(void);

-int ENGINE_register_DH(ENGINE *e);

-void ENGINE_unregister_DH(ENGINE *e);

-void ENGINE_register_all_DH(void);

-int ENGINE_register_RAND(ENGINE *e);

-void ENGINE_unregister_RAND(ENGINE *e);

-void ENGINE_register_all_RAND(void);

-int ENGINE_register_STORE(ENGINE *e);

-void ENGINE_unregister_STORE(ENGINE *e);

-void ENGINE_register_all_STORE(void);

-int ENGINE_register_ciphers(ENGINE *e);

-void ENGINE_unregister_ciphers(ENGINE *e);

-void ENGINE_register_all_ciphers(void);

-int ENGINE_register_digests(ENGINE *e);

-void ENGINE_unregister_digests(ENGINE *e);

-void ENGINE_register_all_digests(void);

-/* These functions register all support from the above categories. Note, use of

- * these functions can result in static linkage of code your application may not

- * need. If you only need a subset of functionality, consider using more

- * selective initialisation. */

-int ENGINE_register_complete(ENGINE *e);

-int ENGINE_register_all_complete(void);

-/* Send parametrised control commands to the engine. The possibilities to send

- * down an integer, a pointer to data or a function pointer are provided. Any of

- * the parameters may or may not be NULL, depending on the command number. In

- * actuality, this function only requires a structural (rather than functional)

- * reference to an engine, but many control commands may require the engine be

- * functional. The caller should be aware of trying commands that require an

- * operational ENGINE, and only use functional references in such situations. */

-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-/* This function tests if an ENGINE-specific command is usable as a "setting".

- * Eg. in an application's config file that gets processed through

- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to

- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */

-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);

-/* This function works like ENGINE_ctrl() with the exception of taking a

- * command name instead of a command number, and can handle optional commands.

- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to

- * use the cmd_name and cmd_optional. */

-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,

-        long i, void *p, void (*f)(void), int cmd_optional);

-/* This function passes a command-name and argument to an ENGINE. The cmd_name

- * is converted to a command number and the control command is called using

- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in

- * which case no control command is called). The command is checked for input

- * flags, and if necessary the argument will be converted to a numeric value. If

- * cmd_optional is non-zero, then if the ENGINE doesn't support the given

- * cmd_name the return value will be success anyway. This function is intended

- * for applications to use so that users (or config files) can supply

- * engine-specific config data to the ENGINE at run-time to control behaviour of

- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()

- * functions that return data, deal with binary data, or that are otherwise

- * supposed to be used directly through ENGINE_ctrl() in application code. Any

- * "return" data from an ENGINE_ctrl() operation in this function will be lost -

- * the return value is interpreted as failure if the return value is zero,

- * success otherwise, and this function returns a boolean value as a result. In

- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE

- * implementations with parameterisations that work in this scheme, so that

- * compliant ENGINE-based applications can work consistently with the same

- * configuration for the same ENGINE-enabled devices, across applications. */

-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,

-				int cmd_optional);

-/* These functions are useful for manufacturing new ENGINE structures. They

- * don't address reference counting at all - one uses them to populate an ENGINE

- * structure with personalised implementations of things prior to using it

- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also

- * here so that the ENGINE structure doesn't have to be exposed and break binary

- * compatibility! */

-ENGINE *ENGINE_new(void);

-int ENGINE_free(ENGINE *e);

-int ENGINE_up_ref(ENGINE *e);

-int ENGINE_set_id(ENGINE *e, const char *id);

-int ENGINE_set_name(ENGINE *e, const char *name);

-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);

-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);

-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);

-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);

-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);

-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);

-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);

-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);

-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);

-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);

-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);

-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);

-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);

-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);

-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);

-int ENGINE_set_flags(ENGINE *e, int flags);

-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);

-/* These functions allow control over any per-structure ENGINE data. */

-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);

-void *ENGINE_get_ex_data(const ENGINE *e, int idx);

-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function

- * automatically ensures the list cleanup function is registered to be called

- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure

- * ENGINE_cleanup() will clean up after them. */

-void ENGINE_cleanup(void);

-/* These return values from within the ENGINE structure. These can be useful

- * with functional references as well as structural references - it depends

- * which you obtained. Using the result for functional purposes if you only

- * obtained a structural reference may be problematic! */

-const char *ENGINE_get_id(const ENGINE *e);

-const char *ENGINE_get_name(const ENGINE *e);

-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);

-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);

-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);

-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);

-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);

-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);

-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);

-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);

-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);

-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);

-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);

-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);

-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);

-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);

-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);

-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);

-int ENGINE_get_flags(const ENGINE *e);

-/* FUNCTIONAL functions. These functions deal with ENGINE structures

- * that have (or will) be initialised for use. Broadly speaking, the

- * structural functions are useful for iterating the list of available

- * engine types, creating new engine types, and other "list" operations.

- * These functions actually deal with ENGINEs that are to be used. As

- * such these functions can fail (if applicable) when particular

- * engines are unavailable - eg. if a hardware accelerator is not

- * attached or not functioning correctly. Each ENGINE has 2 reference

- * counts; structural and functional. Every time a functional reference

- * is obtained or released, a corresponding structural reference is

- * automatically obtained or released too. */

-/* Initialise a engine type for use (or up its reference count if it's

- * already in use). This will fail if the engine is not currently

- * operational and cannot initialise. */

-int ENGINE_init(ENGINE *e);

-/* Free a functional reference to a engine type. This does not require

- * a corresponding call to ENGINE_free as it also releases a structural

- * reference. */

-int ENGINE_finish(ENGINE *e);

-/* The following functions handle keys that are stored in some secondary

- * location, handled by the engine.  The storage may be on a card or

- * whatever. */

-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-/* This returns a pointer for the current ENGINE structure that

- * is (by default) performing any RSA operations. The value returned

- * is an incremented reference, so it should be free'd (ENGINE_finish)

- * before it is discarded. */

-ENGINE *ENGINE_get_default_RSA(void);

-/* Same for the other "methods" */

-ENGINE *ENGINE_get_default_DSA(void);

-ENGINE *ENGINE_get_default_ECDH(void);

-ENGINE *ENGINE_get_default_ECDSA(void);

-ENGINE *ENGINE_get_default_DH(void);

-ENGINE *ENGINE_get_default_RAND(void);

-/* These functions can be used to get a functional reference to perform

- * ciphering or digesting corresponding to "nid". */

-ENGINE *ENGINE_get_cipher_engine(int nid);

-ENGINE *ENGINE_get_digest_engine(int nid);

-/* This sets a new default ENGINE structure for performing RSA

- * operations. If the result is non-zero (success) then the ENGINE

- * structure will have had its reference count up'd so the caller

- * should still free their own reference 'e'. */

-int ENGINE_set_default_RSA(ENGINE *e);

-int ENGINE_set_default_string(ENGINE *e, const char *def_list);

-/* Same for the other "methods" */

-int ENGINE_set_default_DSA(ENGINE *e);

-int ENGINE_set_default_ECDH(ENGINE *e);

-int ENGINE_set_default_ECDSA(ENGINE *e);

-int ENGINE_set_default_DH(ENGINE *e);

-int ENGINE_set_default_RAND(ENGINE *e);

-int ENGINE_set_default_ciphers(ENGINE *e);

-int ENGINE_set_default_digests(ENGINE *e);

-/* The combination "set" - the flags are bitwise "OR"d from the

- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"

- * function, this function can result in unnecessary static linkage. If your

- * application requires only specific functionality, consider using more

- * selective functions. */

-int ENGINE_set_default(ENGINE *e, unsigned int flags);

-void ENGINE_add_conf_module(void);

-/* Deprecated functions ... */

-/* int ENGINE_clear_defaults(void); */

-/**************************/

-/* DYNAMIC ENGINE SUPPORT */

-/**************************/

-/* Binary/behaviour compatibility levels */

-#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00020000

-/* Binary versions older than this are too old for us (whether we're a loader or

- * a loadee) */

-#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00020000

-/* When compiling an ENGINE entirely as an external shared library, loadable by

- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure

- * type provides the calling application's (or library's) error functionality

- * and memory management function pointers to the loaded library. These should

- * be used/set in the loaded library code so that the loading application's

- * 'state' will be used/changed in all operations. The 'static_state' pointer

- * allows the loaded library to know if it shares the same static data as the

- * calling application (or library), and thus whether these callbacks need to be

- * set or not. */

-typedef void *(*dyn_MEM_malloc_cb)(size_t);

-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);

-typedef void (*dyn_MEM_free_cb)(void *);

-typedef struct st_dynamic_MEM_fns {

-	dyn_MEM_malloc_cb			malloc_cb;

-	dyn_MEM_realloc_cb			realloc_cb;

-	dyn_MEM_free_cb				free_cb;

-	} dynamic_MEM_fns;

-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use

- * these types so we (and any other dependant code) can simplify a bit?? */

-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);

-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);

-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(

-						const char *,int);

-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,

-						const char *,int);

-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,

-						const char *,int);

-typedef struct st_dynamic_LOCK_fns {

-	dyn_lock_locking_cb			lock_locking_cb;

-	dyn_lock_add_lock_cb			lock_add_lock_cb;

-	dyn_dynlock_create_cb			dynlock_create_cb;

-	dyn_dynlock_lock_cb			dynlock_lock_cb;

-	dyn_dynlock_destroy_cb			dynlock_destroy_cb;

-	} dynamic_LOCK_fns;

-/* The top-level structure */

-typedef struct st_dynamic_fns {

-	void 					*static_state;

-	const ERR_FNS				*err_fns;

-	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;

-	dynamic_MEM_fns				mem_fns;

-	dynamic_LOCK_fns			lock_fns;

-	} dynamic_fns;

-/* The version checking function should be of this prototype. NB: The

- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.

- * If this function returns zero, it indicates a (potential) version

- * incompatibility and the loaded library doesn't believe it can proceed.

- * Otherwise, the returned value is the (latest) version supported by the

- * loading library. The loader may still decide that the loaded code's version

- * is unsatisfactory and could veto the load. The function is expected to

- * be implemented with the symbol name "v_check", and a default implementation

- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */

-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);

-#define IMPLEMENT_DYNAMIC_CHECK_FN() \

-	OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \

-		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \

-		return 0; }

-/* This function is passed the ENGINE structure to initialise with its own

- * function and command settings. It should not adjust the structural or

- * functional reference counts. If this function returns zero, (a) the load will

- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the

- * structure, and (c) the shared library will be unloaded. So implementations

- * should do their own internal cleanup in failure circumstances otherwise they

- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that

- * the loader is looking for. If this is NULL, the shared library can choose to

- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared

- * library must initialise only an ENGINE matching the passed 'id'. The function

- * is expected to be implemented with the symbol name "bind_engine". A standard

- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where

- * the parameter 'fn' is a callback function that populates the ENGINE structure

- * and returns an int value (zero for failure). 'fn' should have prototype;

- *    [static] int fn(ENGINE *e, const char *id); */

-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,

-				const dynamic_fns *fns);

-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \

-	OPENSSL_EXPORT \

-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \

-		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \

-		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \

-			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \

-			return 0; \

-		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \

-		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \

-		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \

-		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \

-		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \

-		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \

-			return 0; \

-		if(!ERR_set_implementation(fns->err_fns)) return 0; \

-	skip_cbs: \

-		if(!fn(e,id)) return 0; \

-		return 1; }

-/* If the loading application (or library) and the loaded ENGINE library share

- * the same static data (eg. they're both dynamically linked to the same

- * libcrypto.so) we need a way to avoid trying to set system callbacks - this

- * would fail, and for the same reason that it's unnecessary to try. If the

- * loaded ENGINE has (or gets from through the loader) its own copy of the

- * libcrypto static data, we will need to set the callbacks. The easiest way to

- * detect this is to have a function that returns a pointer to some static data

- * and let the loading application and loaded ENGINE compare their respective

- * values. */

-void *ENGINE_get_static_state(void);

-#if defined(__OpenBSD__) || defined(__FreeBSD__)

-void ENGINE_setup_bsd_cryptodev(void);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_ENGINE_strings(void);

-/* Error codes for the ENGINE functions. */

-/* Function codes. */

-#define ENGINE_F_DYNAMIC_CTRL				 180

-#define ENGINE_F_DYNAMIC_GET_DATA_CTX			 181

-#define ENGINE_F_DYNAMIC_LOAD				 182

-#define ENGINE_F_DYNAMIC_SET_DATA_CTX			 183

-#define ENGINE_F_ENGINE_ADD				 105

-#define ENGINE_F_ENGINE_BY_ID				 106

-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE		 170

-#define ENGINE_F_ENGINE_CTRL				 142

-#define ENGINE_F_ENGINE_CTRL_CMD			 178

-#define ENGINE_F_ENGINE_CTRL_CMD_STRING			 171

-#define ENGINE_F_ENGINE_FINISH				 107

-#define ENGINE_F_ENGINE_FREE_UTIL			 108

-#define ENGINE_F_ENGINE_GET_CIPHER			 185

-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE		 177

-#define ENGINE_F_ENGINE_GET_DIGEST			 186

-#define ENGINE_F_ENGINE_GET_NEXT			 115

-#define ENGINE_F_ENGINE_GET_PREV			 116

-#define ENGINE_F_ENGINE_INIT				 119

-#define ENGINE_F_ENGINE_LIST_ADD			 120

-#define ENGINE_F_ENGINE_LIST_REMOVE			 121

-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150

-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151

-#define ENGINE_F_ENGINE_NEW				 122

-#define ENGINE_F_ENGINE_REMOVE				 123

-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING		 189

-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126

-#define ENGINE_F_ENGINE_SET_ID				 129

-#define ENGINE_F_ENGINE_SET_NAME			 130

-#define ENGINE_F_ENGINE_TABLE_REGISTER			 184

-#define ENGINE_F_ENGINE_UNLOAD_KEY			 152

-#define ENGINE_F_ENGINE_UNLOCKED_FINISH			 191

-#define ENGINE_F_ENGINE_UP_REF				 190

-#define ENGINE_F_INT_CTRL_HELPER			 172

-#define ENGINE_F_INT_ENGINE_CONFIGURE			 188

-#define ENGINE_F_INT_ENGINE_MODULE_INIT			 187

-#define ENGINE_F_LOG_MESSAGE				 141

-/* Reason codes. */

-#define ENGINE_R_ALREADY_LOADED				 100

-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER		 133

-#define ENGINE_R_CMD_NOT_EXECUTABLE			 134

-#define ENGINE_R_COMMAND_TAKES_INPUT			 135

-#define ENGINE_R_COMMAND_TAKES_NO_INPUT			 136

-#define ENGINE_R_CONFLICTING_ENGINE_ID			 103

-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119

-#define ENGINE_R_DH_NOT_IMPLEMENTED			 139

-#define ENGINE_R_DSA_NOT_IMPLEMENTED			 140

-#define ENGINE_R_DSO_FAILURE				 104

-#define ENGINE_R_DSO_NOT_FOUND				 132

-#define ENGINE_R_ENGINES_SECTION_ERROR			 148

-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105

-#define ENGINE_R_ENGINE_SECTION_ERROR			 149

-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128

-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129

-#define ENGINE_R_FINISH_FAILED				 106

-#define ENGINE_R_GET_HANDLE_FAILED			 107

-#define ENGINE_R_ID_OR_NAME_MISSING			 108

-#define ENGINE_R_INIT_FAILED				 109

-#define ENGINE_R_INTERNAL_LIST_ERROR			 110

-#define ENGINE_R_INVALID_ARGUMENT			 143

-#define ENGINE_R_INVALID_CMD_NAME			 137

-#define ENGINE_R_INVALID_CMD_NUMBER			 138

-#define ENGINE_R_INVALID_INIT_VALUE			 151

-#define ENGINE_R_INVALID_STRING				 150

-#define ENGINE_R_NOT_INITIALISED			 117

-#define ENGINE_R_NOT_LOADED				 112

-#define ENGINE_R_NO_CONTROL_FUNCTION			 120

-#define ENGINE_R_NO_INDEX				 144

-#define ENGINE_R_NO_LOAD_FUNCTION			 125

-#define ENGINE_R_NO_REFERENCE				 130

-#define ENGINE_R_NO_SUCH_ENGINE				 116

-#define ENGINE_R_NO_UNLOAD_FUNCTION			 126

-#define ENGINE_R_PROVIDE_PARAMETERS			 113

-#define ENGINE_R_RSA_NOT_IMPLEMENTED			 141

-#define ENGINE_R_UNIMPLEMENTED_CIPHER			 146

-#define ENGINE_R_UNIMPLEMENTED_DIGEST			 147

-#define ENGINE_R_VERSION_INCOMPATIBILITY		 145

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/engine/enginetest.c

+++ /dev/null

@@ -1,283 +1,0 @@

-/* crypto/engine/enginetest.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#ifdef OPENSSL_NO_ENGINE

-int main(int argc, char *argv[])

-{

-    printf("No ENGINE support\n");

-    return(0);

-}

-#else

-#include <openssl/e_os2.h>

-#include <openssl/buffer.h>

-#include <openssl/crypto.h>

-#include <openssl/engine.h>

-#include <openssl/err.h>

-static void display_engine_list(void)

-	{

-	ENGINE *h;

-	int loop;

-	h = ENGINE_get_first();

-	loop = 0;

-	printf("listing available engine types\n");

-	while(h)

-		{

-		printf("engine %i, id = \"%s\", name = \"%s\"\n",

-			loop++, ENGINE_get_id(h), ENGINE_get_name(h));

-		h = ENGINE_get_next(h);

-		}

-	printf("end of list\n");

-	/* ENGINE_get_first() increases the struct_ref counter, so we

-           must call ENGINE_free() to decrease it again */

-	ENGINE_free(h);

-	}

-int main(int argc, char *argv[])

-	{

-	ENGINE *block[512];

-	char buf[256];

-	const char *id, *name;

-	ENGINE *ptr;

-	int loop;

-	int to_return = 1;

-	ENGINE *new_h1 = NULL;

-	ENGINE *new_h2 = NULL;

-	ENGINE *new_h3 = NULL;

-	ENGINE *new_h4 = NULL;

-	/* enable memory leak checking unless explicitly disabled */

-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))

-		{

-		CRYPTO_malloc_debug_init();

-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);

-		}

-	else

-		{

-		/* OPENSSL_DEBUG_MEMORY=off */

-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);

-		}

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	ERR_load_crypto_strings();

-	memset(block, 0, 512 * sizeof(ENGINE *));

-	if(((new_h1 = ENGINE_new()) == NULL) ||

-			!ENGINE_set_id(new_h1, "test_id0") ||

-			!ENGINE_set_name(new_h1, "First test item") ||

-			((new_h2 = ENGINE_new()) == NULL) ||

-			!ENGINE_set_id(new_h2, "test_id1") ||

-			!ENGINE_set_name(new_h2, "Second test item") ||

-			((new_h3 = ENGINE_new()) == NULL) ||

-			!ENGINE_set_id(new_h3, "test_id2") ||

-			!ENGINE_set_name(new_h3, "Third test item") ||

-			((new_h4 = ENGINE_new()) == NULL) ||

-			!ENGINE_set_id(new_h4, "test_id3") ||

-			!ENGINE_set_name(new_h4, "Fourth test item"))

-		{

-		printf("Couldn't set up test ENGINE structures\n");

-		goto end;

-		}

-	printf("\nenginetest beginning\n\n");

-	display_engine_list();

-	if(!ENGINE_add(new_h1))

-		{

-		printf("Add failed!\n");

-		goto end;

-		}

-	display_engine_list();

-	ptr = ENGINE_get_first();

-	if(!ENGINE_remove(ptr))

-		{

-		printf("Remove failed!\n");

-		goto end;

-		}

-	if (ptr)

-		ENGINE_free(ptr);

-	display_engine_list();

-	if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))

-		{

-		printf("Add failed!\n");

-		goto end;

-		}

-	display_engine_list();

-	if(!ENGINE_remove(new_h2))

-		{

-		printf("Remove failed!\n");

-		goto end;

-		}

-	display_engine_list();

-	if(!ENGINE_add(new_h4))

-		{

-		printf("Add failed!\n");

-		goto end;

-		}

-	display_engine_list();

-	if(ENGINE_add(new_h3))

-		{

-		printf("Add *should* have failed but didn't!\n");

-		goto end;

-		}

-	else

-		printf("Add that should fail did.\n");

-	ERR_clear_error();

-	if(ENGINE_remove(new_h2))

-		{

-		printf("Remove *should* have failed but didn't!\n");

-		goto end;

-		}

-	else

-		printf("Remove that should fail did.\n");

-	ERR_clear_error();

-	if(!ENGINE_remove(new_h3))

-		{

-		printf("Remove failed!\n");

-		goto end;

-		}

-	display_engine_list();

-	if(!ENGINE_remove(new_h4))

-		{

-		printf("Remove failed!\n");

-		goto end;

-		}

-	display_engine_list();

-	/* Depending on whether there's any hardware support compiled

-	 * in, this remove may be destined to fail. */

-	ptr = ENGINE_get_first();

-	if(ptr)

-		if(!ENGINE_remove(ptr))

-			printf("Remove failed!i - probably no hardware "

-				"support present.\n");

-	if (ptr)

-		ENGINE_free(ptr);

-	display_engine_list();

-	if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))

-		{

-		printf("Couldn't add and remove to an empty list!\n");

-		goto end;

-		}

-	else

-		printf("Successfully added and removed to an empty list!\n");

-	printf("About to beef up the engine-type list\n");

-	for(loop = 0; loop < 512; loop++)

-		{

-		sprintf(buf, "id%i", loop);

-		id = BUF_strdup(buf);

-		sprintf(buf, "Fake engine type %i", loop);

-		name = BUF_strdup(buf);

-		if(((block[loop] = ENGINE_new()) == NULL) ||

-				!ENGINE_set_id(block[loop], id) ||

-				!ENGINE_set_name(block[loop], name))

-			{

-			printf("Couldn't create block of ENGINE structures.\n"

-				"I'll probably also core-dump now, damn.\n");

-			goto end;

-			}

-		}

-	for(loop = 0; loop < 512; loop++)

-		{

-		if(!ENGINE_add(block[loop]))

-			{

-			printf("\nAdding stopped at %i, (%s,%s)\n",

-				loop, ENGINE_get_id(block[loop]),

-				ENGINE_get_name(block[loop]));

-			goto cleanup_loop;

-			}

-		else

-			printf("."); fflush(stdout);

-		}

-cleanup_loop:

-	printf("\nAbout to empty the engine-type list\n");

-	while((ptr = ENGINE_get_first()) != NULL)

-		{

-		if(!ENGINE_remove(ptr))

-			{

-			printf("\nRemove failed!\n");

-			goto end;

-			}

-		ENGINE_free(ptr);

-		printf("."); fflush(stdout);

-		}

-	for(loop = 0; loop < 512; loop++)

-		{

-		OPENSSL_free((void *)ENGINE_get_id(block[loop]));

-		OPENSSL_free((void *)ENGINE_get_name(block[loop]));

-		}

-	printf("\nTests completed happily\n");

-	to_return = 0;

-end:

-	if(to_return)

-		ERR_print_errors_fp(stderr);

-	if(new_h1) ENGINE_free(new_h1);

-	if(new_h2) ENGINE_free(new_h2);

-	if(new_h3) ENGINE_free(new_h3);

-	if(new_h4) ENGINE_free(new_h4);

-	for(loop = 0; loop < 512; loop++)

-		if(block[loop])

-			ENGINE_free(block[loop]);

-	ENGINE_cleanup();

-	CRYPTO_cleanup_all_ex_data();

-	ERR_free_strings();

-	ERR_remove_state(0);

-	CRYPTO_mem_leaks_fp(stderr);

-	return to_return;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_cipher.c

+++ /dev/null

@@ -1,143 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that

- * is used by EVP to hook in cipher code and cache defaults (etc), will display

- * brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_CIPHER_DEBUG */

-static ENGINE_TABLE *cipher_table = NULL;

-void ENGINE_unregister_ciphers(ENGINE *e)

-	{

-	engine_table_unregister(&cipher_table, e);

-	}

-static void engine_unregister_all_ciphers(void)

-	{

-	engine_table_cleanup(&cipher_table);

-	}

-int ENGINE_register_ciphers(ENGINE *e)

-	{

-	if(e->ciphers)

-		{

-		const int *nids;

-		int num_nids = e->ciphers(e, NULL, &nids, 0);

-		if(num_nids > 0)

-			return engine_table_register(&cipher_table,

-					engine_unregister_all_ciphers, e, nids,

-					num_nids, 0);

-		}

-	return 1;

-	}

-void ENGINE_register_all_ciphers()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_ciphers(e);

-	}

-int ENGINE_set_default_ciphers(ENGINE *e)

-	{

-	if(e->ciphers)

-		{

-		const int *nids;

-		int num_nids = e->ciphers(e, NULL, &nids, 0);

-		if(num_nids > 0)

-			return engine_table_register(&cipher_table,

-					engine_unregister_all_ciphers, e, nids,

-					num_nids, 1);

-		}

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references) for a given cipher 'nid' */

-ENGINE *ENGINE_get_cipher_engine(int nid)

-	{

-	return engine_table_select(&cipher_table, nid);

-	}

-/* Obtains a cipher implementation from an ENGINE functional reference */

-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)

-	{

-	const EVP_CIPHER *ret;

-	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);

-	if(!fn || !fn(e, &ret, NULL, nid))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,

-				ENGINE_R_UNIMPLEMENTED_CIPHER);

-		return NULL;

-		}

-	return ret;

-	}

-/* Gets the cipher callback from an ENGINE structure */

-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)

-	{

-	return e->ciphers;

-	}

-/* Sets the cipher callback in an ENGINE structure */

-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)

-	{

-	e->ciphers = f;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_dh.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is

- * used by DH to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_DH_DEBUG */

-static ENGINE_TABLE *dh_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_DH(ENGINE *e)

-	{

-	engine_table_unregister(&dh_table, e);

-	}

-static void engine_unregister_all_DH(void)

-	{

-	engine_table_cleanup(&dh_table);

-	}

-int ENGINE_register_DH(ENGINE *e)

-	{

-	if(e->dh_meth)

-		return engine_table_register(&dh_table,

-				engine_unregister_all_DH, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_DH()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_DH(e);

-	}

-int ENGINE_set_default_DH(ENGINE *e)

-	{

-	if(e->dh_meth)

-		return engine_table_register(&dh_table,

-				engine_unregister_all_DH, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_DH(void)

-	{

-	return engine_table_select(&dh_table, dummy_nid);

-	}

-/* Obtains an DH implementation from an ENGINE functional reference */

-const DH_METHOD *ENGINE_get_DH(const ENGINE *e)

-	{

-	return e->dh_meth;

-	}

-/* Sets an DH implementation in an ENGINE structure */

-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)

-	{

-	e->dh_meth = dh_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_digest.c

+++ /dev/null

@@ -1,143 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that

- * is used by EVP to hook in digest code and cache defaults (etc), will display

- * brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_DIGEST_DEBUG */

-static ENGINE_TABLE *digest_table = NULL;

-void ENGINE_unregister_digests(ENGINE *e)

-	{

-	engine_table_unregister(&digest_table, e);

-	}

-static void engine_unregister_all_digests(void)

-	{

-	engine_table_cleanup(&digest_table);

-	}

-int ENGINE_register_digests(ENGINE *e)

-	{

-	if(e->digests)

-		{

-		const int *nids;

-		int num_nids = e->digests(e, NULL, &nids, 0);

-		if(num_nids > 0)

-			return engine_table_register(&digest_table,

-					engine_unregister_all_digests, e, nids,

-					num_nids, 0);

-		}

-	return 1;

-	}

-void ENGINE_register_all_digests()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_digests(e);

-	}

-int ENGINE_set_default_digests(ENGINE *e)

-	{

-	if(e->digests)

-		{

-		const int *nids;

-		int num_nids = e->digests(e, NULL, &nids, 0);

-		if(num_nids > 0)

-			return engine_table_register(&digest_table,

-					engine_unregister_all_digests, e, nids,

-					num_nids, 1);

-		}

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references) for a given digest 'nid' */

-ENGINE *ENGINE_get_digest_engine(int nid)

-	{

-	return engine_table_select(&digest_table, nid);

-	}

-/* Obtains a digest implementation from an ENGINE functional reference */

-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)

-	{

-	const EVP_MD *ret;

-	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);

-	if(!fn || !fn(e, &ret, NULL, nid))

-		{

-		ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,

-				ENGINE_R_UNIMPLEMENTED_DIGEST);

-		return NULL;

-		}

-	return ret;

-	}

-/* Gets the digest callback from an ENGINE structure */

-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)

-	{

-	return e->digests;

-	}

-/* Sets the digest callback in an ENGINE structure */

-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)

-	{

-	e->digests = f;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_dsa.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is

- * used by DSA to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_DSA_DEBUG */

-static ENGINE_TABLE *dsa_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_DSA(ENGINE *e)

-	{

-	engine_table_unregister(&dsa_table, e);

-	}

-static void engine_unregister_all_DSA(void)

-	{

-	engine_table_cleanup(&dsa_table);

-	}

-int ENGINE_register_DSA(ENGINE *e)

-	{

-	if(e->dsa_meth)

-		return engine_table_register(&dsa_table,

-				engine_unregister_all_DSA, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_DSA()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_DSA(e);

-	}

-int ENGINE_set_default_DSA(ENGINE *e)

-	{

-	if(e->dsa_meth)

-		return engine_table_register(&dsa_table,

-				engine_unregister_all_DSA, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_DSA(void)

-	{

-	return engine_table_select(&dsa_table, dummy_nid);

-	}

-/* Obtains an DSA implementation from an ENGINE functional reference */

-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)

-	{

-	return e->dsa_meth;

-	}

-/* Sets an DSA implementation in an ENGINE structure */

-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)

-	{

-	e->dsa_meth = dsa_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_ecdh.c

+++ /dev/null

@@ -1,133 +1,0 @@

-/* crypto/engine/tb_ecdh.c */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

- * to the OpenSSL project.

- *

- * The ECC Code is licensed pursuant to the OpenSSL open source

- * license provided below.

- *

- * The ECDH engine software is originally written by Nils Gura and

- * Douglas Stebila of Sun Microsystems Laboratories.

- *

- */

-/* ====================================================================

- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is

- * used by ECDH to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_ECDH_DEBUG */

-static ENGINE_TABLE *ecdh_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_ECDH(ENGINE *e)

-	{

-	engine_table_unregister(&ecdh_table, e);

-	}

-static void engine_unregister_all_ECDH(void)

-	{

-	engine_table_cleanup(&ecdh_table);

-	}

-int ENGINE_register_ECDH(ENGINE *e)

-	{

-	if(e->ecdh_meth)

-		return engine_table_register(&ecdh_table,

-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_ECDH()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_ECDH(e);

-	}

-int ENGINE_set_default_ECDH(ENGINE *e)

-	{

-	if(e->ecdh_meth)

-		return engine_table_register(&ecdh_table,

-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_ECDH(void)

-	{

-	return engine_table_select(&ecdh_table, dummy_nid);

-	}

-/* Obtains an ECDH implementation from an ENGINE functional reference */

-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)

-	{

-	return e->ecdh_meth;

-	}

-/* Sets an ECDH implementation in an ENGINE structure */

-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)

-	{

-	e->ecdh_meth = ecdh_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_ecdsa.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is

- * used by ECDSA to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_ECDSA_DEBUG */

-static ENGINE_TABLE *ecdsa_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_ECDSA(ENGINE *e)

-	{

-	engine_table_unregister(&ecdsa_table, e);

-	}

-static void engine_unregister_all_ECDSA(void)

-	{

-	engine_table_cleanup(&ecdsa_table);

-	}

-int ENGINE_register_ECDSA(ENGINE *e)

-	{

-	if(e->ecdsa_meth)

-		return engine_table_register(&ecdsa_table,

-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_ECDSA()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_ECDSA(e);

-	}

-int ENGINE_set_default_ECDSA(ENGINE *e)

-	{

-	if(e->ecdsa_meth)

-		return engine_table_register(&ecdsa_table,

-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_ECDSA(void)

-	{

-	return engine_table_select(&ecdsa_table, dummy_nid);

-	}

-/* Obtains an ECDSA implementation from an ENGINE functional reference */

-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)

-	{

-	return e->ecdsa_meth;

-	}

-/* Sets an ECDSA implementation in an ENGINE structure */

-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)

-	{

-	e->ecdsa_meth = ecdsa_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_rand.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is

- * used by RAND to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_RAND_DEBUG */

-static ENGINE_TABLE *rand_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_RAND(ENGINE *e)

-	{

-	engine_table_unregister(&rand_table, e);

-	}

-static void engine_unregister_all_RAND(void)

-	{

-	engine_table_cleanup(&rand_table);

-	}

-int ENGINE_register_RAND(ENGINE *e)

-	{

-	if(e->rand_meth)

-		return engine_table_register(&rand_table,

-				engine_unregister_all_RAND, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_RAND()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_RAND(e);

-	}

-int ENGINE_set_default_RAND(ENGINE *e)

-	{

-	if(e->rand_meth)

-		return engine_table_register(&rand_table,

-				engine_unregister_all_RAND, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_RAND(void)

-	{

-	return engine_table_select(&rand_table, dummy_nid);

-	}

-/* Obtains an RAND implementation from an ENGINE functional reference */

-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)

-	{

-	return e->rand_meth;

-	}

-/* Sets an RAND implementation in an ENGINE structure */

-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)

-	{

-	e->rand_meth = rand_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_rsa.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is

- * used by RSA to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_RSA_DEBUG */

-static ENGINE_TABLE *rsa_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_RSA(ENGINE *e)

-	{

-	engine_table_unregister(&rsa_table, e);

-	}

-static void engine_unregister_all_RSA(void)

-	{

-	engine_table_cleanup(&rsa_table);

-	}

-int ENGINE_register_RSA(ENGINE *e)

-	{

-	if(e->rsa_meth)

-		return engine_table_register(&rsa_table,

-				engine_unregister_all_RSA, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_RSA()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_RSA(e);

-	}

-int ENGINE_set_default_RSA(ENGINE *e)

-	{

-	if(e->rsa_meth)

-		return engine_table_register(&rsa_table,

-				engine_unregister_all_RSA, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_RSA(void)

-	{

-	return engine_table_select(&rsa_table, dummy_nid);

-	}

-/* Obtains an RSA implementation from an ENGINE functional reference */

-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)

-	{

-	return e->rsa_meth;

-	}

-/* Sets an RSA implementation in an ENGINE structure */

-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)

-	{

-	e->rsa_meth = rsa_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/engine/tb_store.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "eng_int.h"

-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is

- * used by STORE to hook in implementation code and cache defaults (etc), will

- * display brief debugging summaries to stderr with the 'nid'. */

-/* #define ENGINE_STORE_DEBUG */

-static ENGINE_TABLE *store_table = NULL;

-static const int dummy_nid = 1;

-void ENGINE_unregister_STORE(ENGINE *e)

-	{

-	engine_table_unregister(&store_table, e);

-	}

-static void engine_unregister_all_STORE(void)

-	{

-	engine_table_cleanup(&store_table);

-	}

-int ENGINE_register_STORE(ENGINE *e)

-	{

-	if(e->store_meth)

-		return engine_table_register(&store_table,

-				engine_unregister_all_STORE, e, &dummy_nid, 1, 0);

-	return 1;

-	}

-void ENGINE_register_all_STORE()

-	{

-	ENGINE *e;

-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))

-		ENGINE_register_STORE(e);

-	}

-/* The following two functions are removed because they're useless. */

-#if 0

-int ENGINE_set_default_STORE(ENGINE *e)

-	{

-	if(e->store_meth)

-		return engine_table_register(&store_table,

-				engine_unregister_all_STORE, e, &dummy_nid, 1, 1);

-	return 1;

-	}

-#endif

-#if 0

-/* Exposed API function to get a functional reference from the implementation

- * table (ie. try to get a functional reference from the tabled structural

- * references). */

-ENGINE *ENGINE_get_default_STORE(void)

-	{

-	return engine_table_select(&store_table, dummy_nid);

-	}

-#endif

-/* Obtains an STORE implementation from an ENGINE functional reference */

-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)

-	{

-	return e->store_meth;

-	}

-/* Sets an STORE implementation in an ENGINE structure */

-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)

-	{

-	e->store_meth = store_meth;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/err/Makefile

+++ /dev/null

@@ -1,109 +1,0 @@

-#

-# OpenSSL/crypto/err/Makefile

-#

-DIR=	err

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=err.c err_all.c err_prn.c

-LIBOBJ=err.o err_all.o err_prn.o

-SRC= $(LIBSRC)

-EXHEADER= err.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h

-err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-err.o: ../cryptlib.h err.c

-err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

-err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h

-err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h

-err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h

-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h

-err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h

-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-err_all.o: err_all.c

-err_prn.o: ../../e_os.h ../../include/openssl/bio.h

-err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c

--- a/sys/src/ape/lib/openssl/crypto/err/err.c

+++ /dev/null

@@ -1,1128 +1,0 @@

-/* crypto/err/err.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdarg.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-static void err_load_strings(int lib, ERR_STRING_DATA *str);

-static void ERR_STATE_free(ERR_STATE *s);

-#ifndef OPENSSL_NO_ERR

-static ERR_STRING_DATA ERR_str_libraries[]=

-	{

-{ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},

-{ERR_PACK(ERR_LIB_SYS,0,0)		,"system library"},

-{ERR_PACK(ERR_LIB_BN,0,0)		,"bignum routines"},

-{ERR_PACK(ERR_LIB_RSA,0,0)		,"rsa routines"},

-{ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},

-{ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},

-{ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},

-{ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},

-{ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},

-{ERR_PACK(ERR_LIB_DSA,0,0)		,"dsa routines"},

-{ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},

-{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},

-{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuration file routines"},

-{ERR_PACK(ERR_LIB_CRYPTO,0,0)		,"common libcrypto routines"},

-{ERR_PACK(ERR_LIB_EC,0,0)		,"elliptic curve routines"},

-{ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},

-{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},

-{ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},

-{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},

-{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},

-{ERR_PACK(ERR_LIB_RAND,0,0)		,"random number generator"},

-{ERR_PACK(ERR_LIB_DSO,0,0)		,"DSO support routines"},

-{ERR_PACK(ERR_LIB_ENGINE,0,0)		,"engine routines"},

-{ERR_PACK(ERR_LIB_OCSP,0,0)		,"OCSP routines"},

-{0,NULL},

-	};

-static ERR_STRING_DATA ERR_str_functs[]=

-	{

-	{ERR_PACK(0,SYS_F_FOPEN,0),     	"fopen"},

-	{ERR_PACK(0,SYS_F_CONNECT,0),		"connect"},

-	{ERR_PACK(0,SYS_F_GETSERVBYNAME,0),	"getservbyname"},

-	{ERR_PACK(0,SYS_F_SOCKET,0),		"socket"},

-	{ERR_PACK(0,SYS_F_IOCTLSOCKET,0),	"ioctlsocket"},

-	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},

-	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},

-	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},

-#ifdef OPENSSL_SYS_WINDOWS

-	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},

-#endif

-	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},

-	{ERR_PACK(0,SYS_F_FREAD,0),		"fread"},

-	{0,NULL},

-	};

-static ERR_STRING_DATA ERR_str_reasons[]=

-	{

-{ERR_R_SYS_LIB				,"system lib"},

-{ERR_R_BN_LIB				,"BN lib"},

-{ERR_R_RSA_LIB				,"RSA lib"},

-{ERR_R_DH_LIB				,"DH lib"},

-{ERR_R_EVP_LIB				,"EVP lib"},

-{ERR_R_BUF_LIB				,"BUF lib"},

-{ERR_R_OBJ_LIB				,"OBJ lib"},

-{ERR_R_PEM_LIB				,"PEM lib"},

-{ERR_R_DSA_LIB				,"DSA lib"},

-{ERR_R_X509_LIB				,"X509 lib"},

-{ERR_R_ASN1_LIB				,"ASN1 lib"},

-{ERR_R_CONF_LIB				,"CONF lib"},

-{ERR_R_CRYPTO_LIB			,"CRYPTO lib"},

-{ERR_R_EC_LIB				,"EC lib"},

-{ERR_R_SSL_LIB				,"SSL lib"},

-{ERR_R_BIO_LIB				,"BIO lib"},

-{ERR_R_PKCS7_LIB			,"PKCS7 lib"},

-{ERR_R_X509V3_LIB			,"X509V3 lib"},

-{ERR_R_PKCS12_LIB			,"PKCS12 lib"},

-{ERR_R_RAND_LIB				,"RAND lib"},

-{ERR_R_DSO_LIB				,"DSO lib"},

-{ERR_R_ENGINE_LIB			,"ENGINE lib"},

-{ERR_R_OCSP_LIB				,"OCSP lib"},

-{ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},

-{ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},

-{ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},

-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE	,"expecting an asn1 sequence"},

-{ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},

-{ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},

-{ERR_R_FATAL                            ,"fatal"},

-{ERR_R_MALLOC_FAILURE			,"malloc failure"},

-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},

-{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},

-{ERR_R_INTERNAL_ERROR			,"internal error"},

-{ERR_R_DISABLED				,"called a function that was disabled at compile-time"},

-{0,NULL},

-	};

-#endif

-/* Define the predeclared (but externally opaque) "ERR_FNS" type */

-struct st_ERR_FNS

-	{

-	/* Works on the "error_hash" string table */

-	LHASH *(*cb_err_get)(int create);

-	void (*cb_err_del)(void);

-	ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);

-	ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);

-	ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);

-	/* Works on the "thread_hash" error-state table */

-	LHASH *(*cb_thread_get)(int create);

-	void (*cb_thread_release)(LHASH **hash);

-	ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);

-	ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);

-	void (*cb_thread_del_item)(const ERR_STATE *);

-	/* Returns the next available error "library" numbers */

-	int (*cb_get_next_lib)(void);

-	};

-/* Predeclarations of the "err_defaults" functions */

-static LHASH *int_err_get(int create);

-static void int_err_del(void);

-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);

-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);

-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);

-static LHASH *int_thread_get(int create);

-static void int_thread_release(LHASH **hash);

-static ERR_STATE *int_thread_get_item(const ERR_STATE *);

-static ERR_STATE *int_thread_set_item(ERR_STATE *);

-static void int_thread_del_item(const ERR_STATE *);

-static int int_err_get_next_lib(void);

-/* The static ERR_FNS table using these defaults functions */

-static const ERR_FNS err_defaults =

-	{

-	int_err_get,

-	int_err_del,

-	int_err_get_item,

-	int_err_set_item,

-	int_err_del_item,

-	int_thread_get,

-	int_thread_release,

-	int_thread_get_item,

-	int_thread_set_item,

-	int_thread_del_item,

-	int_err_get_next_lib

-	};

-/* The replacable table of ERR_FNS functions we use at run-time */

-static const ERR_FNS *err_fns = NULL;

-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */

-#define ERRFN(a) err_fns->cb_##a

-/* The internal state used by "err_defaults" - as such, the setting, reading,

- * creating, and deleting of this data should only be permitted via the

- * "err_defaults" functions. This way, a linked module can completely defer all

- * ERR state operation (together with requisite locking) to the implementations

- * and state in the loading application. */

-static LHASH *int_error_hash = NULL;

-static LHASH *int_thread_hash = NULL;

-static int int_thread_hash_references = 0;

-static int int_err_library_number= ERR_LIB_USER;

-/* Internal function that checks whether "err_fns" is set and if not, sets it to

- * the defaults. */

-static void err_fns_check(void)

-	{

-	if (err_fns) return;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	if (!err_fns)

-		err_fns = &err_defaults;

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	}

-/* API functions to get or set the underlying ERR functions. */

-const ERR_FNS *ERR_get_implementation(void)

-	{

-	err_fns_check();

-	return err_fns;

-	}

-int ERR_set_implementation(const ERR_FNS *fns)

-	{

-	int ret = 0;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	/* It's too late if 'err_fns' is non-NULL. BTW: not much point setting

-	 * an error is there?! */

-	if (!err_fns)

-		{

-		err_fns = fns;

-		ret = 1;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	return ret;

-	}

-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables

- * internal to the "err_defaults" implementation. */

-/* static unsigned long err_hash(ERR_STRING_DATA *a); */

-static unsigned long err_hash(const void *a_void);

-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */

-static int err_cmp(const void *a_void, const void *b_void);

-/* static unsigned long pid_hash(ERR_STATE *pid); */

-static unsigned long pid_hash(const void *pid_void);

-/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */

-static int pid_cmp(const void *a_void,const void *pid_void);

-static unsigned long get_error_values(int inc,int top,const char **file,int *line,

-				      const char **data,int *flags);

-/* The internal functions used in the "err_defaults" implementation */

-static LHASH *int_err_get(int create)

-	{

-	LHASH *ret = NULL;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	if (!int_error_hash && create)

-		{

-		CRYPTO_push_info("int_err_get (err.c)");

-		int_error_hash = lh_new(err_hash, err_cmp);

-		CRYPTO_pop_info();

-		}

-	if (int_error_hash)

-		ret = int_error_hash;

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	return ret;

-	}

-static void int_err_del(void)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	if (int_error_hash)

-		{

-		lh_free(int_error_hash);

-		int_error_hash = NULL;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	}

-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)

-	{

-	ERR_STRING_DATA *p;

-	LHASH *hash;

-	err_fns_check();

-	hash = ERRFN(err_get)(0);

-	if (!hash)

-		return NULL;

-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);

-	p = (ERR_STRING_DATA *)lh_retrieve(hash, d);

-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);

-	return p;

-	}

-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)

-	{

-	ERR_STRING_DATA *p;

-	LHASH *hash;

-	err_fns_check();

-	hash = ERRFN(err_get)(1);

-	if (!hash)

-		return NULL;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	p = (ERR_STRING_DATA *)lh_insert(hash, d);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	return p;

-	}

-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)

-	{

-	ERR_STRING_DATA *p;

-	LHASH *hash;

-	err_fns_check();

-	hash = ERRFN(err_get)(0);

-	if (!hash)

-		return NULL;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	p = (ERR_STRING_DATA *)lh_delete(hash, d);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	return p;

-	}

-static LHASH *int_thread_get(int create)

-	{

-	LHASH *ret = NULL;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	if (!int_thread_hash && create)

-		{

-		CRYPTO_push_info("int_thread_get (err.c)");

-		int_thread_hash = lh_new(pid_hash, pid_cmp);

-		CRYPTO_pop_info();

-		}

-	if (int_thread_hash)

-		{

-		int_thread_hash_references++;

-		ret = int_thread_hash;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	return ret;

-	}

-static void int_thread_release(LHASH **hash)

-	{

-	int i;

-	if (hash == NULL || *hash == NULL)

-		return;

-	i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);

-#ifdef REF_PRINT

-	fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"int_thread_release, bad reference count\n");

-		abort(); /* ok */

-		}

-#endif

-	*hash = NULL;

-	}

-static ERR_STATE *int_thread_get_item(const ERR_STATE *d)

-	{

-	ERR_STATE *p;

-	LHASH *hash;

-	err_fns_check();

-	hash = ERRFN(thread_get)(0);

-	if (!hash)

-		return NULL;

-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);

-	p = (ERR_STATE *)lh_retrieve(hash, d);

-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);

-	ERRFN(thread_release)(&hash);

-	return p;

-	}

-static ERR_STATE *int_thread_set_item(ERR_STATE *d)

-	{

-	ERR_STATE *p;

-	LHASH *hash;

-	err_fns_check();

-	hash = ERRFN(thread_get)(1);

-	if (!hash)

-		return NULL;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	p = (ERR_STATE *)lh_insert(hash, d);

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	ERRFN(thread_release)(&hash);

-	return p;

-	}

-static void int_thread_del_item(const ERR_STATE *d)

-	{

-	ERR_STATE *p;

-	LHASH *hash;

-	err_fns_check();

-	hash = ERRFN(thread_get)(0);

-	if (!hash)

-		return;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	p = (ERR_STATE *)lh_delete(hash, d);

-	/* make sure we don't leak memory */

-	if (int_thread_hash_references == 1

-		&& int_thread_hash && (lh_num_items(int_thread_hash) == 0))

-		{

-		lh_free(int_thread_hash);

-		int_thread_hash = NULL;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	ERRFN(thread_release)(&hash);

-	if (p)

-		ERR_STATE_free(p);

-	}

-static int int_err_get_next_lib(void)

-	{

-	int ret;

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	ret = int_err_library_number++;

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	return ret;

-	}

-#ifndef OPENSSL_NO_ERR

-#define NUM_SYS_STR_REASONS 127

-#define LEN_SYS_STR_REASON 32

-static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];

-/* SYS_str_reasons is filled with copies of strerror() results at

- * initialization.

- * 'errno' values up to 127 should cover all usual errors,

- * others will be displayed numerically by ERR_error_string.

- * It is crucial that we have something for each reason code

- * that occurs in ERR_str_reasons, or bogus reason strings

- * will be returned for SYSerr(), which always gets an errno

- * value and never one of those 'standard' reason codes. */

-static void build_SYS_str_reasons(void)

-	{

-	/* OPENSSL_malloc cannot be used here, use static storage instead */

-	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];

-	int i;

-	static int init = 1;

-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);

-	if (!init)

-		{

-		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);

-		return;

-		}

-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);

-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

-	if (!init)

-		{

-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-		return;

-		}

-	for (i = 1; i <= NUM_SYS_STR_REASONS; i++)

-		{

-		ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];

-		str->error = (unsigned long)i;

-		if (str->string == NULL)

-			{

-			char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);

-			char *src = strerror(i);

-			if (src != NULL)

-				{

-				strncpy(*dest, src, sizeof *dest);

-				(*dest)[sizeof *dest - 1] = '\0';

-				str->string = *dest;

-				}

-			}

-		if (str->string == NULL)

-			str->string = "unknown";

-		}

-	/* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},

-	 * as required by ERR_load_strings. */

-	init = 0;

-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

-	}

-#endif

-#define err_clear_data(p,i) \

-	do { \

-	if (((p)->err_data[i] != NULL) && \

-		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \

-		{  \

-		OPENSSL_free((p)->err_data[i]); \

-		(p)->err_data[i]=NULL; \

-		} \

-	(p)->err_data_flags[i]=0; \

-	} while(0)

-#define err_clear(p,i) \

-	do { \

-	(p)->err_flags[i]=0; \

-	(p)->err_buffer[i]=0; \

-	err_clear_data(p,i); \

-	(p)->err_file[i]=NULL; \

-	(p)->err_line[i]= -1; \

-	} while(0)

-static void ERR_STATE_free(ERR_STATE *s)

-	{

-	int i;

-	if (s == NULL)

-	    return;

-	for (i=0; i<ERR_NUM_ERRORS; i++)

-		{

-		err_clear_data(s,i);

-		}

-	OPENSSL_free(s);

-	}

-void ERR_load_ERR_strings(void)

-	{

-	err_fns_check();

-#ifndef OPENSSL_NO_ERR

-	err_load_strings(0,ERR_str_libraries);

-	err_load_strings(0,ERR_str_reasons);

-	err_load_strings(ERR_LIB_SYS,ERR_str_functs);

-	build_SYS_str_reasons();

-	err_load_strings(ERR_LIB_SYS,SYS_str_reasons);

-#endif

-	}

-static void err_load_strings(int lib, ERR_STRING_DATA *str)

-	{

-	while (str->error)

-		{

-		if (lib)

-			str->error|=ERR_PACK(lib,0,0);

-		ERRFN(err_set_item)(str);

-		str++;

-		}

-	}

-void ERR_load_strings(int lib, ERR_STRING_DATA *str)

-	{

-	ERR_load_ERR_strings();

-	err_load_strings(lib, str);

-	}

-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)

-	{

-	while (str->error)

-		{

-		if (lib)

-			str->error|=ERR_PACK(lib,0,0);

-		ERRFN(err_del_item)(str);

-		str++;

-		}

-	}

-void ERR_free_strings(void)

-	{

-	err_fns_check();

-	ERRFN(err_del)();

-	}

-/********************************************************/

-void ERR_put_error(int lib, int func, int reason, const char *file,

-	     int line)

-	{

-	ERR_STATE *es;

-#ifdef _OSD_POSIX

-	/* In the BS2000-OSD POSIX subsystem, the compiler generates

-	 * path names in the form "*POSIX(/etc/passwd)".

-	 * This dirty hack strips them to something sensible.

-	 * @@@ We shouldn't modify a const string, though.

-	 */

-	if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {

-		char *end;

-		/* Skip the "*POSIX(" prefix */

-		file += sizeof("*POSIX(")-1;

-		end = &file[strlen(file)-1];

-		if (*end == ')')

-			*end = '\0';

-		/* Optional: use the basename of the path only. */

-		if ((end = strrchr(file, '/')) != NULL)

-			file = &end[1];

-	}

-#endif

-	es=ERR_get_state();

-	es->top=(es->top+1)%ERR_NUM_ERRORS;

-	if (es->top == es->bottom)

-		es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;

-	es->err_flags[es->top]=0;

-	es->err_buffer[es->top]=ERR_PACK(lib,func,reason);

-	es->err_file[es->top]=file;

-	es->err_line[es->top]=line;

-	err_clear_data(es,es->top);

-	}

-void ERR_clear_error(void)

-	{

-	int i;

-	ERR_STATE *es;

-	es=ERR_get_state();

-	for (i=0; i<ERR_NUM_ERRORS; i++)

-		{

-		err_clear(es,i);

-		}

-	es->top=es->bottom=0;

-	}

-unsigned long ERR_get_error(void)

-	{ return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }

-unsigned long ERR_get_error_line(const char **file,

-	     int *line)

-	{ return(get_error_values(1,0,file,line,NULL,NULL)); }

-unsigned long ERR_get_error_line_data(const char **file, int *line,

-	     const char **data, int *flags)

-	{ return(get_error_values(1,0,file,line,data,flags)); }

-unsigned long ERR_peek_error(void)

-	{ return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }

-unsigned long ERR_peek_error_line(const char **file, int *line)

-	{ return(get_error_values(0,0,file,line,NULL,NULL)); }

-unsigned long ERR_peek_error_line_data(const char **file, int *line,

-	     const char **data, int *flags)

-	{ return(get_error_values(0,0,file,line,data,flags)); }

-unsigned long ERR_peek_last_error(void)

-	{ return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }

-unsigned long ERR_peek_last_error_line(const char **file, int *line)

-	{ return(get_error_values(0,1,file,line,NULL,NULL)); }

-unsigned long ERR_peek_last_error_line_data(const char **file, int *line,

-	     const char **data, int *flags)

-	{ return(get_error_values(0,1,file,line,data,flags)); }

-static unsigned long get_error_values(int inc, int top, const char **file, int *line,

-	     const char **data, int *flags)

-	{

-	int i=0;

-	ERR_STATE *es;

-	unsigned long ret;

-	es=ERR_get_state();

-	if (inc && top)

-		{

-		if (file) *file = "";

-		if (line) *line = 0;

-		if (data) *data = "";

-		if (flags) *flags = 0;

-		return ERR_R_INTERNAL_ERROR;

-		}

-	if (es->bottom == es->top) return 0;

-	if (top)

-		i=es->top;			 /* last error */

-	else

-		i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */

-	ret=es->err_buffer[i];

-	if (inc)

-		{

-		es->bottom=i;

-		es->err_buffer[i]=0;

-		}

-	if ((file != NULL) && (line != NULL))

-		{

-		if (es->err_file[i] == NULL)

-			{

-			*file="NA";

-			if (line != NULL) *line=0;

-			}

-		else

-			{

-			*file=es->err_file[i];

-			if (line != NULL) *line=es->err_line[i];

-			}

-		}

-	if (data == NULL)

-		{

-		if (inc)

-			{

-			err_clear_data(es, i);

-			}

-		}

-	else

-		{

-		if (es->err_data[i] == NULL)

-			{

-			*data="";

-			if (flags != NULL) *flags=0;

-			}

-		else

-			{

-			*data=es->err_data[i];

-			if (flags != NULL) *flags=es->err_data_flags[i];

-			}

-		}

-	return ret;

-	}

-void ERR_error_string_n(unsigned long e, char *buf, size_t len)

-	{

-	char lsbuf[64], fsbuf[64], rsbuf[64];

-	const char *ls,*fs,*rs;

-	unsigned long l,f,r;

-	l=ERR_GET_LIB(e);

-	f=ERR_GET_FUNC(e);

-	r=ERR_GET_REASON(e);

-	ls=ERR_lib_error_string(e);

-	fs=ERR_func_error_string(e);

-	rs=ERR_reason_error_string(e);

-	if (ls == NULL)

-		BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);

-	if (fs == NULL)

-		BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);

-	if (rs == NULL)

-		BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);

-	BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf,

-		fs?fs:fsbuf, rs?rs:rsbuf);

-	if (strlen(buf) == len-1)

-		{

-		/* output may be truncated; make sure we always have 5

-		 * colon-separated fields, i.e. 4 colons ... */

-#define NUM_COLONS 4

-		if (len > NUM_COLONS) /* ... if possible */

-			{

-			int i;

-			char *s = buf;

-			for (i = 0; i < NUM_COLONS; i++)

-				{

-				char *colon = strchr(s, ':');

-				if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)

-					{

-					/* set colon no. i at last possible position

-					 * (buf[len-1] is the terminating 0)*/

-					colon = &buf[len-1] - NUM_COLONS + i;

-					*colon = ':';

-					}

-				s = colon + 1;

-				}

-			}

-		}

-	}

-/* BAD for multi-threading: uses a local buffer if ret == NULL */

-/* ERR_error_string_n should be used instead for ret != NULL

- * as ERR_error_string cannot know how large the buffer is */

-char *ERR_error_string(unsigned long e, char *ret)

-	{

-	static char buf[256];

-	if (ret == NULL) ret=buf;

-	ERR_error_string_n(e, ret, 256);

-	return ret;

-	}

-LHASH *ERR_get_string_table(void)

-	{

-	err_fns_check();

-	return ERRFN(err_get)(0);

-	}

-LHASH *ERR_get_err_state_table(void)

-	{

-	err_fns_check();

-	return ERRFN(thread_get)(0);

-	}

-void ERR_release_err_state_table(LHASH **hash)

-	{

-	err_fns_check();

-	ERRFN(thread_release)(hash);

-	}

-const char *ERR_lib_error_string(unsigned long e)

-	{

-	ERR_STRING_DATA d,*p;

-	unsigned long l;

-	err_fns_check();

-	l=ERR_GET_LIB(e);

-	d.error=ERR_PACK(l,0,0);

-	p=ERRFN(err_get_item)(&d);

-	return((p == NULL)?NULL:p->string);

-	}

-const char *ERR_func_error_string(unsigned long e)

-	{

-	ERR_STRING_DATA d,*p;

-	unsigned long l,f;

-	err_fns_check();

-	l=ERR_GET_LIB(e);

-	f=ERR_GET_FUNC(e);

-	d.error=ERR_PACK(l,f,0);

-	p=ERRFN(err_get_item)(&d);

-	return((p == NULL)?NULL:p->string);

-	}

-const char *ERR_reason_error_string(unsigned long e)

-	{

-	ERR_STRING_DATA d,*p=NULL;

-	unsigned long l,r;

-	err_fns_check();

-	l=ERR_GET_LIB(e);

-	r=ERR_GET_REASON(e);

-	d.error=ERR_PACK(l,0,r);

-	p=ERRFN(err_get_item)(&d);

-	if (!p)

-		{

-		d.error=ERR_PACK(0,0,r);

-		p=ERRFN(err_get_item)(&d);

-		}

-	return((p == NULL)?NULL:p->string);

-	}

-/* static unsigned long err_hash(ERR_STRING_DATA *a) */

-static unsigned long err_hash(const void *a_void)

-	{

-	unsigned long ret,l;

-	l=((const ERR_STRING_DATA *)a_void)->error;

-	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);

-	return(ret^ret%19*13);

-	}

-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */

-static int err_cmp(const void *a_void, const void *b_void)

-	{

-	return((int)(((const ERR_STRING_DATA *)a_void)->error -

-			((const ERR_STRING_DATA *)b_void)->error));

-	}

-/* static unsigned long pid_hash(ERR_STATE *a) */

-static unsigned long pid_hash(const void *a_void)

-	{

-	return(((const ERR_STATE *)a_void)->pid*13);

-	}

-/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */

-static int pid_cmp(const void *a_void, const void *b_void)

-	{

-	return((int)((long)((const ERR_STATE *)a_void)->pid -

-			(long)((const ERR_STATE *)b_void)->pid));

-	}

-void ERR_remove_state(unsigned long pid)

-	{

-	ERR_STATE tmp;

-	err_fns_check();

-	if (pid == 0)

-		pid=(unsigned long)CRYPTO_thread_id();

-	tmp.pid=pid;

-	/* thread_del_item automatically destroys the LHASH if the number of

-	 * items reaches zero. */

-	ERRFN(thread_del_item)(&tmp);

-	}

-ERR_STATE *ERR_get_state(void)

-	{

-	static ERR_STATE fallback;

-	ERR_STATE *ret,tmp,*tmpp=NULL;

-	int i;

-	unsigned long pid;

-	err_fns_check();

-	pid=(unsigned long)CRYPTO_thread_id();

-	tmp.pid=pid;

-	ret=ERRFN(thread_get_item)(&tmp);

-	/* ret == the error state, if NULL, make a new one */

-	if (ret == NULL)

-		{

-		ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));

-		if (ret == NULL) return(&fallback);

-		ret->pid=pid;

-		ret->top=0;

-		ret->bottom=0;

-		for (i=0; i<ERR_NUM_ERRORS; i++)

-			{

-			ret->err_data[i]=NULL;

-			ret->err_data_flags[i]=0;

-			}

-		tmpp = ERRFN(thread_set_item)(ret);

-		/* To check if insertion failed, do a get. */

-		if (ERRFN(thread_get_item)(ret) != ret)

-			{

-			ERR_STATE_free(ret); /* could not insert it */

-			return(&fallback);

-			}

-		/* If a race occured in this function and we came second, tmpp

-		 * is the first one that we just replaced. */

-		if (tmpp)

-			ERR_STATE_free(tmpp);

-		}

-	return ret;

-	}

-int ERR_get_next_error_library(void)

-	{

-	err_fns_check();

-	return ERRFN(get_next_lib)();

-	}

-void ERR_set_error_data(char *data, int flags)

-	{

-	ERR_STATE *es;

-	int i;

-	es=ERR_get_state();

-	i=es->top;

-	if (i == 0)

-		i=ERR_NUM_ERRORS-1;

-	err_clear_data(es,i);

-	es->err_data[i]=data;

-	es->err_data_flags[i]=flags;

-	}

-void ERR_add_error_data(int num, ...)

-	{

-	va_list args;

-	int i,n,s;

-	char *str,*p,*a;

-	s=80;

-	str=OPENSSL_malloc(s+1);

-	if (str == NULL) return;

-	str[0]='\0';

-	va_start(args, num);

-	n=0;

-	for (i=0; i<num; i++)

-		{

-		a=va_arg(args, char*);

-		/* ignore NULLs, thanks to Bob Beck <[email protected]> */

-		if (a != NULL)

-			{

-			n+=strlen(a);

-			if (n > s)

-				{

-				s=n+20;

-				p=OPENSSL_realloc(str,s+1);

-				if (p == NULL)

-					{

-					OPENSSL_free(str);

-					goto err;

-					}

-				else

-					str=p;

-				}

-			BUF_strlcat(str,a,(size_t)s+1);

-			}

-		}

-	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);

-err:

-	va_end(args);

-	}

-int ERR_set_mark(void)

-	{

-	ERR_STATE *es;

-	es=ERR_get_state();

-	if (es->bottom == es->top) return 0;

-	es->err_flags[es->top]|=ERR_FLAG_MARK;

-	return 1;

-	}

-int ERR_pop_to_mark(void)

-	{

-	ERR_STATE *es;

-	es=ERR_get_state();

-	while(es->bottom != es->top

-		&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0)

-		{

-		err_clear(es,es->top);

-		es->top-=1;

-		if (es->top == -1) es->top=ERR_NUM_ERRORS-1;

-		}

-	if (es->bottom == es->top) return 0;

-	es->err_flags[es->top]&=~ERR_FLAG_MARK;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/err/err.h

+++ /dev/null

@@ -1,318 +1,0 @@

-/* crypto/err/err.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ERR_H

-#define HEADER_ERR_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h>

-#include <stdlib.h>

-#endif

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifndef OPENSSL_NO_LHASH

-#include <openssl/lhash.h>

-#endif

-#ifdef	__cplusplus

-extern "C" {

-#endif

-#ifndef OPENSSL_NO_ERR

-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)

-#else

-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)

-#endif

-#include <errno.h>

-#define ERR_TXT_MALLOCED	0x01

-#define ERR_TXT_STRING		0x02

-#define ERR_FLAG_MARK		0x01

-#define ERR_NUM_ERRORS	16

-typedef struct err_state_st

-	{

-	unsigned long pid;

-	int err_flags[ERR_NUM_ERRORS];

-	unsigned long err_buffer[ERR_NUM_ERRORS];

-	char *err_data[ERR_NUM_ERRORS];

-	int err_data_flags[ERR_NUM_ERRORS];

-	const char *err_file[ERR_NUM_ERRORS];

-	int err_line[ERR_NUM_ERRORS];

-	int top,bottom;

-	} ERR_STATE;

-/* library */

-#define ERR_LIB_NONE		1

-#define ERR_LIB_SYS		2

-#define ERR_LIB_BN		3

-#define ERR_LIB_RSA		4

-#define ERR_LIB_DH		5

-#define ERR_LIB_EVP		6

-#define ERR_LIB_BUF		7

-#define ERR_LIB_OBJ		8

-#define ERR_LIB_PEM		9

-#define ERR_LIB_DSA		10

-#define ERR_LIB_X509		11

-/* #define ERR_LIB_METH         12 */

-#define ERR_LIB_ASN1		13

-#define ERR_LIB_CONF		14

-#define ERR_LIB_CRYPTO		15

-#define ERR_LIB_EC		16

-#define ERR_LIB_SSL		20

-/* #define ERR_LIB_SSL23        21 */

-/* #define ERR_LIB_SSL2         22 */

-/* #define ERR_LIB_SSL3         23 */

-/* #define ERR_LIB_RSAREF       30 */

-/* #define ERR_LIB_PROXY        31 */

-#define ERR_LIB_BIO		32

-#define ERR_LIB_PKCS7		33

-#define ERR_LIB_X509V3		34

-#define ERR_LIB_PKCS12		35

-#define ERR_LIB_RAND		36

-#define ERR_LIB_DSO		37

-#define ERR_LIB_ENGINE		38

-#define ERR_LIB_OCSP            39

-#define ERR_LIB_UI              40

-#define ERR_LIB_COMP            41

-#define ERR_LIB_ECDSA		42

-#define ERR_LIB_ECDH		43

-#define ERR_LIB_STORE           44

-#define ERR_LIB_USER		128

-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)

-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)

-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)

-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)

-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)

-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)

-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)

-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)

-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)

-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)

-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)

-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)

-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)

-#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)

-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)

-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)

-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)

-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)

-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)

-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)

-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)

-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)

-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)

-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)

-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)

-#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)

-#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)

-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)

-/* Borland C seems too stupid to be able to shift and do longs in

- * the pre-processor :-( */

-#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)*0x1000000)| \

-				((((unsigned long)f)&0xfffL)*0x1000)| \

-				((((unsigned long)r)&0xfffL)))

-#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)

-#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)

-#define ERR_GET_REASON(l)	(int)((l)&0xfffL)

-#define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)

-/* OS functions */

-#define SYS_F_FOPEN		1

-#define SYS_F_CONNECT		2

-#define SYS_F_GETSERVBYNAME	3

-#define SYS_F_SOCKET		4

-#define SYS_F_IOCTLSOCKET	5

-#define SYS_F_BIND		6

-#define SYS_F_LISTEN		7

-#define SYS_F_ACCEPT		8

-#define SYS_F_WSASTARTUP	9 /* Winsock stuff */

-#define SYS_F_OPENDIR		10

-#define SYS_F_FREAD		11

-/* reasons */

-#define ERR_R_SYS_LIB	ERR_LIB_SYS       /* 2 */

-#define ERR_R_BN_LIB	ERR_LIB_BN        /* 3 */

-#define ERR_R_RSA_LIB	ERR_LIB_RSA       /* 4 */

-#define ERR_R_DH_LIB	ERR_LIB_DH        /* 5 */

-#define ERR_R_EVP_LIB	ERR_LIB_EVP       /* 6 */

-#define ERR_R_BUF_LIB	ERR_LIB_BUF       /* 7 */

-#define ERR_R_OBJ_LIB	ERR_LIB_OBJ       /* 8 */

-#define ERR_R_PEM_LIB	ERR_LIB_PEM       /* 9 */

-#define ERR_R_DSA_LIB	ERR_LIB_DSA      /* 10 */

-#define ERR_R_X509_LIB	ERR_LIB_X509     /* 11 */

-#define ERR_R_ASN1_LIB	ERR_LIB_ASN1     /* 13 */

-#define ERR_R_CONF_LIB	ERR_LIB_CONF     /* 14 */

-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */

-#define ERR_R_EC_LIB	ERR_LIB_EC       /* 16 */

-#define ERR_R_SSL_LIB	ERR_LIB_SSL      /* 20 */

-#define ERR_R_BIO_LIB	ERR_LIB_BIO      /* 32 */

-#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7    /* 33 */

-#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */

-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */

-#define ERR_R_RAND_LIB	ERR_LIB_RAND     /* 36 */

-#define ERR_R_DSO_LIB	ERR_LIB_DSO      /* 37 */

-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */

-#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */

-#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */

-#define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */

-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA	 /* 42 */

-#define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */

-#define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */

-#define ERR_R_NESTED_ASN1_ERROR			58

-#define ERR_R_BAD_ASN1_OBJECT_HEADER		59

-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		60

-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	61

-#define ERR_R_ASN1_LENGTH_MISMATCH		62

-#define ERR_R_MISSING_ASN1_EOS			63

-/* fatal error */

-#define ERR_R_FATAL				64

-#define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)

-#define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)

-#define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)

-#define	ERR_R_INTERNAL_ERROR			(4|ERR_R_FATAL)

-#define	ERR_R_DISABLED				(5|ERR_R_FATAL)

-/* 99 is the maximum possible ERR_R_... code, higher values

- * are reserved for the individual libraries */

-typedef struct ERR_string_data_st

-	{

-	unsigned long error;

-	const char *string;

-	} ERR_STRING_DATA;

-void ERR_put_error(int lib, int func,int reason,const char *file,int line);

-void ERR_set_error_data(char *data,int flags);

-unsigned long ERR_get_error(void);

-unsigned long ERR_get_error_line(const char **file,int *line);

-unsigned long ERR_get_error_line_data(const char **file,int *line,

-				      const char **data, int *flags);

-unsigned long ERR_peek_error(void);

-unsigned long ERR_peek_error_line(const char **file,int *line);

-unsigned long ERR_peek_error_line_data(const char **file,int *line,

-				       const char **data,int *flags);

-unsigned long ERR_peek_last_error(void);

-unsigned long ERR_peek_last_error_line(const char **file,int *line);

-unsigned long ERR_peek_last_error_line_data(const char **file,int *line,

-				       const char **data,int *flags);

-void ERR_clear_error(void );

-char *ERR_error_string(unsigned long e,char *buf);

-void ERR_error_string_n(unsigned long e, char *buf, size_t len);

-const char *ERR_lib_error_string(unsigned long e);

-const char *ERR_func_error_string(unsigned long e);

-const char *ERR_reason_error_string(unsigned long e);

-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),

-			 void *u);

-#ifndef OPENSSL_NO_FP_API

-void ERR_print_errors_fp(FILE *fp);

-#endif

-#ifndef OPENSSL_NO_BIO

-void ERR_print_errors(BIO *bp);

-void ERR_add_error_data(int num, ...);

-#endif

-void ERR_load_strings(int lib,ERR_STRING_DATA str[]);

-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);

-void ERR_load_ERR_strings(void);

-void ERR_load_crypto_strings(void);

-void ERR_free_strings(void);

-void ERR_remove_state(unsigned long pid); /* if zero we look it up */

-ERR_STATE *ERR_get_state(void);

-#ifndef OPENSSL_NO_LHASH

-LHASH *ERR_get_string_table(void);

-LHASH *ERR_get_err_state_table(void);

-void ERR_release_err_state_table(LHASH **hash);

-#endif

-int ERR_get_next_error_library(void);

-int ERR_set_mark(void);

-int ERR_pop_to_mark(void);

-/* Already defined in ossl_typ.h */

-/* typedef struct st_ERR_FNS ERR_FNS; */

-/* An application can use this function and provide the return value to loaded

- * modules that should use the application's ERR state/functionality */

-const ERR_FNS *ERR_get_implementation(void);

-/* A loaded module should call this function prior to any ERR operations using

- * the application's "ERR_FNS". */

-int ERR_set_implementation(const ERR_FNS *fns);

-#ifdef	__cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/err/err_all.c

+++ /dev/null

@@ -1,142 +1,0 @@

-/* crypto/err/err_all.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/asn1.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-#include <openssl/buffer.h>

-#include <openssl/bio.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#include <openssl/ecdsa.h>

-#endif

-#ifndef OPENSSL_NO_ECDH

-#include <openssl/ecdh.h>

-#endif

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/pem2.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/conf.h>

-#include <openssl/pkcs12.h>

-#include <openssl/rand.h>

-#include <openssl/dso.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/ui.h>

-#include <openssl/ocsp.h>

-#include <openssl/err.h>

-void ERR_load_crypto_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	ERR_load_ERR_strings(); /* include error strings for SYSerr */

-	ERR_load_BN_strings();

-#ifndef OPENSSL_NO_RSA

-	ERR_load_RSA_strings();

-#endif

-#ifndef OPENSSL_NO_DH

-	ERR_load_DH_strings();

-#endif

-	ERR_load_EVP_strings();

-	ERR_load_BUF_strings();

-	ERR_load_OBJ_strings();

-	ERR_load_PEM_strings();

-#ifndef OPENSSL_NO_DSA

-	ERR_load_DSA_strings();

-#endif

-	ERR_load_X509_strings();

-	ERR_load_ASN1_strings();

-	ERR_load_CONF_strings();

-	ERR_load_CRYPTO_strings();

-#ifndef OPENSSL_NO_EC

-	ERR_load_EC_strings();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	ERR_load_ECDSA_strings();

-#endif

-#ifndef OPENSSL_NO_ECDH

-	ERR_load_ECDH_strings();

-#endif

-	/* skip ERR_load_SSL_strings() because it is not in this library */

-	ERR_load_BIO_strings();

-	ERR_load_PKCS7_strings();

-	ERR_load_X509V3_strings();

-	ERR_load_PKCS12_strings();

-	ERR_load_RAND_strings();

-	ERR_load_DSO_strings();

-#ifndef OPENSSL_NO_ENGINE

-	ERR_load_ENGINE_strings();

-#endif

-	ERR_load_OCSP_strings();

-	ERR_load_UI_strings();

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/err/err_prn.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/err/err_prn.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/err.h>

-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),

-			 void *u)

-	{

-	unsigned long l;

-	char buf[256];

-	char buf2[4096];

-	const char *file,*data;

-	int line,flags;

-	unsigned long es;

-	es=CRYPTO_thread_id();

-	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)

-		{

-		ERR_error_string_n(l, buf, sizeof buf);

-		BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,

-			file, line, (flags & ERR_TXT_STRING) ? data : "");

-		cb(buf2, strlen(buf2), u);

-		}

-	}

-#ifndef OPENSSL_NO_FP_API

-static int print_fp(const char *str, size_t len, void *fp)

-	{

-	BIO bio;

-	BIO_set(&bio,BIO_s_file());

-	BIO_set_fp(&bio,fp,BIO_NOCLOSE);

-	return BIO_printf(&bio, "%s", str);

-	}

-void ERR_print_errors_fp(FILE *fp)

-	{

-	ERR_print_errors_cb(print_fp, fp);

-	}

-#endif

-static int print_bio(const char *str, size_t len, void *bp)

-	{

-	return BIO_write((BIO *)bp, str, len);

-	}

-void ERR_print_errors(BIO *bp)

-	{

-	ERR_print_errors_cb(print_bio, bp);

-	}

--- a/sys/src/ape/lib/openssl/crypto/err/openssl.ec

+++ /dev/null

@@ -1,85 +1,0 @@

-# crypto/err/openssl.ec

-# configuration file for util/mkerr.pl

-# files that may have to be rewritten by util/mkerr.pl

-L ERR		NONE				NONE

-L BN		crypto/bn/bn.h			crypto/bn/bn_err.c

-L RSA		crypto/rsa/rsa.h		crypto/rsa/rsa_err.c

-L DH		crypto/dh/dh.h			crypto/dh/dh_err.c

-L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c

-L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c

-L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c

-L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c

-L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c

-L X509		crypto/x509/x509.h		crypto/x509/x509_err.c

-L ASN1		crypto/asn1/asn1.h		crypto/asn1/asn1_err.c

-L CONF		crypto/conf/conf.h		crypto/conf/conf_err.c

-L CRYPTO	crypto/crypto.h			crypto/cpt_err.c

-L EC		crypto/ec/ec.h			crypto/ec/ec_err.c

-L SSL		ssl/ssl.h			ssl/ssl_err.c

-L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c

-L PKCS7		crypto/pkcs7/pkcs7.h		crypto/pkcs7/pkcs7err.c

-L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c

-L PKCS12	crypto/pkcs12/pkcs12.h		crypto/pkcs12/pk12err.c

-L RAND		crypto/rand/rand.h		crypto/rand/rand_err.c

-L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c

-L ENGINE	crypto/engine/engine.h		crypto/engine/eng_err.c

-L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c

-L UI		crypto/ui/ui.h			crypto/ui/ui_err.c

-L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c

-L ECDSA		crypto/ecdsa/ecdsa.h		crypto/ecdsa/ecs_err.c

-L ECDH		crypto/ecdh/ecdh.h		crypto/ecdh/ech_err.c

-L STORE		crypto/store/store.h		crypto/store/str_err.c

-# additional header files to be scanned for function names

-L NONE		crypto/x509/x509_vfy.h		NONE

-L NONE		crypto/ec/ec_lcl.h		NONE

-F RSAREF_F_RSA_BN2BIN

-F RSAREF_F_RSA_PRIVATE_DECRYPT

-F RSAREF_F_RSA_PRIVATE_ENCRYPT

-F RSAREF_F_RSA_PUBLIC_DECRYPT

-F RSAREF_F_RSA_PUBLIC_ENCRYPT

-#F SSL_F_CLIENT_CERTIFICATE

-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010

-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020

-R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		1021

-R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		1022

-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030

-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040

-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041

-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042

-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043

-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044

-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045

-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046

-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047

-R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048

-R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049

-R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050

-R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051

-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060

-R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070

-R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071

-R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080

-R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090

-R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100

-R RSAREF_R_CONTENT_ENCODING			0x0400

-R RSAREF_R_DATA					0x0401

-R RSAREF_R_DIGEST_ALGORITHM			0x0402

-R RSAREF_R_ENCODING				0x0403

-R RSAREF_R_KEY					0x0404

-R RSAREF_R_KEY_ENCODING				0x0405

-R RSAREF_R_LEN					0x0406

-R RSAREF_R_MODULUS_LEN				0x0407

-R RSAREF_R_NEED_RANDOM				0x0408

-R RSAREF_R_PRIVATE_KEY				0x0409

-R RSAREF_R_PUBLIC_KEY				0x040a

-R RSAREF_R_SIGNATURE				0x040b

-R RSAREF_R_SIGNATURE_ENCODING			0x040c

-R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d

--- a/sys/src/ape/lib/openssl/crypto/evp/Makefile

+++ /dev/null

@@ -1,646 +1,0 @@

-#

-# OpenSSL/crypto/evp/Makefile

-#

-DIR=	evp

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=evp_test.c

-TESTDATA=evptests.txt

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \

-	e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\

-	e_rc4.c e_aes.c names.c e_seed.c \

-	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \

-	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \

-	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\

-	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \

-	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \

-	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \

-	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \

-	e_old.c

-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \

-	e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\

-	e_rc4.o e_aes.o names.o e_seed.o \

-	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \

-	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \

-	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\

-	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \

-	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \

-	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \

-	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \

-	e_old.o

-SRC= $(LIBSRC)

-EXHEADER= evp.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	cp $(TESTDATA) ../../test

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h

-bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c

-bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h

-bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c

-bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-bio_md.o: ../cryptlib.h bio_md.c

-bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c

-c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c

-c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-c_allc.o: ../cryptlib.h c_allc.c

-c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-c_alld.o: ../cryptlib.h c_alld.c

-digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-digest.o: ../../include/openssl/symhacks.h ../cryptlib.h digest.c

-e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h

-e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c

-e_aes.o: evp_locl.h

-e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h

-e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h

-e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c

-e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

-e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h

-e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h

-e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h

-e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

-e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h

-e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-e_null.o: ../cryptlib.h e_null.c

-e_old.o: e_old.c

-e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h

-e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h

-e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h

-e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c

-e_rc5.o: ../../e_os.h ../../include/openssl/bio.h

-e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c

-e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_seed.o: ../../include/openssl/symhacks.h e_seed.c

-e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h

-e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

-e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

-e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c

-encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-encode.o: ../cryptlib.h encode.c

-evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-evp_acnf.o: ../../include/openssl/opensslconf.h

-evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c

-evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h

-evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_enc.c evp_locl.h

-evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-evp_err.o: ../../include/openssl/symhacks.h evp_err.c

-evp_key.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h

-evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c

-evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c

-evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-evp_pbe.o: ../cryptlib.h evp_pbe.c

-evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h

-evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-evp_pkey.o: ../../include/openssl/opensslconf.h

-evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c

-m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-m_dss.o: ../cryptlib.h m_dss.c

-m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-m_dss1.o: ../cryptlib.h m_dss1.c

-m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h

-m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-m_ecdsa.o: ../cryptlib.h m_ecdsa.c

-m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

-m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c

-m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h

-m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c

-m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h

-m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c

-m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h

-m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c

-m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c

-m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h

-m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-m_ripemd.o: ../../include/openssl/opensslconf.h

-m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h

-m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c

-m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-m_sha.o: ../cryptlib.h m_sha.c

-m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-m_sha1.o: ../cryptlib.h m_sha1.c

-names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-names.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c

-p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h

-p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p5_crpt.o: ../cryptlib.h p5_crpt.c

-p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h

-p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h

-p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c

-p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c

-p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c

-p_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h

-p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

-p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c

-p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p_open.o: ../cryptlib.h p_open.c

-p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c

-p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c

-p_verify.o: ../../e_os.h ../../include/openssl/asn1.h

-p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p_verify.o: ../../include/openssl/opensslconf.h

-p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c

--- a/sys/src/ape/lib/openssl/crypto/evp/bio_b64.c

+++ /dev/null

@@ -1,567 +1,0 @@

-/* crypto/evp/bio_b64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-static int b64_write(BIO *h, const char *buf, int num);

-static int b64_read(BIO *h, char *buf, int size);

-/*static int b64_puts(BIO *h, const char *str); */

-/*static int b64_gets(BIO *h, char *str, int size); */

-static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int b64_new(BIO *h);

-static int b64_free(BIO *data);

-static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);

-#define B64_BLOCK_SIZE	1024

-#define B64_BLOCK_SIZE2	768

-#define B64_NONE	0

-#define B64_ENCODE	1

-#define B64_DECODE	2

-typedef struct b64_struct

-	{

-	/*BIO *bio; moved to the BIO structure */

-	int buf_len;

-	int buf_off;

-	int tmp_len;		/* used to find the start when decoding */

-	int tmp_nl;		/* If true, scan until '\n' */

-	int encode;

-	int start;		/* have we started decoding yet? */

-	int cont;		/* <= 0 when finished */

-	EVP_ENCODE_CTX base64;

-	char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];

-	char tmp[B64_BLOCK_SIZE];

-	} BIO_B64_CTX;

-static BIO_METHOD methods_b64=

-	{

-	BIO_TYPE_BASE64,"base64 encoding",

-	b64_write,

-	b64_read,

-	NULL, /* b64_puts, */

-	NULL, /* b64_gets, */

-	b64_ctrl,

-	b64_new,

-	b64_free,

-	b64_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_base64(void)

-	{

-	return(&methods_b64);

-	}

-static int b64_new(BIO *bi)

-	{

-	BIO_B64_CTX *ctx;

-	ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));

-	if (ctx == NULL) return(0);

-	ctx->buf_len=0;

-	ctx->tmp_len=0;

-	ctx->tmp_nl=0;

-	ctx->buf_off=0;

-	ctx->cont=1;

-	ctx->start=1;

-	ctx->encode=0;

-	bi->init=1;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int b64_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int b64_read(BIO *b, char *out, int outl)

-	{

-	int ret=0,i,ii,j,k,x,n,num,ret_code=0;

-	BIO_B64_CTX *ctx;

-	unsigned char *p,*q;

-	if (out == NULL) return(0);

-	ctx=(BIO_B64_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	if (ctx->encode != B64_DECODE)

-		{

-		ctx->encode=B64_DECODE;

-		ctx->buf_len=0;

-		ctx->buf_off=0;

-		ctx->tmp_len=0;

-		EVP_DecodeInit(&(ctx->base64));

-		}

-	/* First check if there are bytes decoded/encoded */

-	if (ctx->buf_len > 0)

-		{

-		i=ctx->buf_len-ctx->buf_off;

-		if (i > outl) i=outl;

-		OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));

-		memcpy(out,&(ctx->buf[ctx->buf_off]),i);

-		ret=i;

-		out+=i;

-		outl-=i;

-		ctx->buf_off+=i;

-		if (ctx->buf_len == ctx->buf_off)

-			{

-			ctx->buf_len=0;

-			ctx->buf_off=0;

-			}

-		}

-	/* At this point, we have room of outl bytes and an empty

-	 * buffer, so we should read in some more. */

-	ret_code=0;

-	while (outl > 0)

-		{

-		if (ctx->cont <= 0)

-			break;

-		i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),

-			B64_BLOCK_SIZE-ctx->tmp_len);

-		if (i <= 0)

-			{

-			ret_code=i;

-			/* Should be continue next time we are called? */

-			if (!BIO_should_retry(b->next_bio))

-				{

-				ctx->cont=i;

-				/* If buffer empty break */

-				if(ctx->tmp_len == 0)

-					break;

-				/* Fall through and process what we have */

-				else

-					i = 0;

-				}

-			/* else we retry and add more data to buffer */

-			else

-				break;

-			}

-		i+=ctx->tmp_len;

-		ctx->tmp_len = i;

-		/* We need to scan, a line at a time until we

-		 * have a valid line if we are starting. */

-		if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))

-			{

-			/* ctx->start=1; */

-			ctx->tmp_len=0;

-			}

-		else if (ctx->start)

-			{

-			q=p=(unsigned char *)ctx->tmp;

-			for (j=0; j<i; j++)

-				{

-				if (*(q++) != '\n') continue;

-				/* due to a previous very long line,

-				 * we need to keep on scanning for a '\n'

-				 * before we even start looking for

-				 * base64 encoded stuff. */

-				if (ctx->tmp_nl)

-					{

-					p=q;

-					ctx->tmp_nl=0;

-					continue;

-					}

-				k=EVP_DecodeUpdate(&(ctx->base64),

-					(unsigned char *)ctx->buf,

-					&num,p,q-p);

-				if ((k <= 0) && (num == 0) && (ctx->start))

-					EVP_DecodeInit(&ctx->base64);

-				else

-					{

-					if (p != (unsigned char *)

-						&(ctx->tmp[0]))

-						{

-						i-=(p- (unsigned char *)

-							&(ctx->tmp[0]));

-						for (x=0; x < i; x++)

-							ctx->tmp[x]=p[x];

-						}

-					EVP_DecodeInit(&ctx->base64);

-					ctx->start=0;

-					break;

-					}

-				p=q;

-				}

-			/* we fell off the end without starting */

-			if (j == i)

-				{

-				/* Is this is one long chunk?, if so, keep on

-				 * reading until a new line. */

-				if (p == (unsigned char *)&(ctx->tmp[0]))

-					{

-					/* Check buffer full */

-					if (i == B64_BLOCK_SIZE)

-						{

-						ctx->tmp_nl=1;

-						ctx->tmp_len=0;

-						}

-					}

-				else if (p != q) /* finished on a '\n' */

-					{

-					n=q-p;

-					for (ii=0; ii<n; ii++)

-						ctx->tmp[ii]=p[ii];

-					ctx->tmp_len=n;

-					}

-				/* else finished on a '\n' */

-				continue;

-				}

-			else

-				ctx->tmp_len=0;

-			}

-		/* If buffer isn't full and we can retry then

-		 * restart to read in more data.

-		 */

-		else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))

-			continue;

-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)

-			{

-			int z,jj;

-			jj=(i>>2)<<2;

-			z=EVP_DecodeBlock((unsigned char *)ctx->buf,

-				(unsigned char *)ctx->tmp,jj);

-			if (jj > 2)

-				{

-				if (ctx->tmp[jj-1] == '=')

-					{

-					z--;

-					if (ctx->tmp[jj-2] == '=')

-						z--;

-					}

-				}

-			/* z is now number of output bytes and jj is the

-			 * number consumed */

-			if (jj != i)

-				{

-				memcpy((unsigned char *)ctx->tmp,

-					(unsigned char *)&(ctx->tmp[jj]),i-jj);

-				ctx->tmp_len=i-jj;

-				}

-			ctx->buf_len=0;

-			if (z > 0)

-				{

-				ctx->buf_len=z;

-				i=1;

-				}

-			else

-				i=z;

-			}

-		else

-			{

-			i=EVP_DecodeUpdate(&(ctx->base64),

-				(unsigned char *)ctx->buf,&ctx->buf_len,

-				(unsigned char *)ctx->tmp,i);

-			ctx->tmp_len = 0;

-			}

-		ctx->buf_off=0;

-		if (i < 0)

-			{

-			ret_code=0;

-			ctx->buf_len=0;

-			break;

-			}

-		if (ctx->buf_len <= outl)

-			i=ctx->buf_len;

-		else

-			i=outl;

-		memcpy(out,ctx->buf,i);

-		ret+=i;

-		ctx->buf_off=i;

-		if (ctx->buf_off == ctx->buf_len)

-			{

-			ctx->buf_len=0;

-			ctx->buf_off=0;

-			}

-		outl-=i;

-		out+=i;

-		}

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return((ret == 0)?ret_code:ret);

-	}

-static int b64_write(BIO *b, const char *in, int inl)

-	{

-	int ret=inl,n,i;

-	BIO_B64_CTX *ctx;

-	ctx=(BIO_B64_CTX *)b->ptr;

-	BIO_clear_retry_flags(b);

-	if (ctx->encode != B64_ENCODE)

-		{

-		ctx->encode=B64_ENCODE;

-		ctx->buf_len=0;

-		ctx->buf_off=0;

-		ctx->tmp_len=0;

-		EVP_EncodeInit(&(ctx->base64));

-		}

-	n=ctx->buf_len-ctx->buf_off;

-	while (n > 0)

-		{

-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-		if (i <= 0)

-			{

-			BIO_copy_next_retry(b);

-			return(i);

-			}

-		ctx->buf_off+=i;

-		n-=i;

-		}

-	/* at this point all pending data has been written */

-	ctx->buf_off=0;

-	ctx->buf_len=0;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	while (inl > 0)

-		{

-		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;

-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)

-			{

-			if (ctx->tmp_len > 0)

-				{

-				n=3-ctx->tmp_len;

-				/* There's a teoretical possibility for this */

-				if (n > inl)

-					n=inl;

-				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);

-				ctx->tmp_len+=n;

-				if (ctx->tmp_len < 3)

-					break;

-				ctx->buf_len=EVP_EncodeBlock(

-					(unsigned char *)ctx->buf,

-					(unsigned char *)ctx->tmp,

-					ctx->tmp_len);

-				/* Since we're now done using the temporary

-				   buffer, the length should be 0'd */

-				ctx->tmp_len=0;

-				}

-			else

-				{

-				if (n < 3)

-					{

-					memcpy(&(ctx->tmp[0]),in,n);

-					ctx->tmp_len=n;

-					break;

-					}

-				n-=n%3;

-				ctx->buf_len=EVP_EncodeBlock(

-					(unsigned char *)ctx->buf,

-					(unsigned char *)in,n);

-				}

-			}

-		else

-			{

-			EVP_EncodeUpdate(&(ctx->base64),

-				(unsigned char *)ctx->buf,&ctx->buf_len,

-				(unsigned char *)in,n);

-			}

-		inl-=n;

-		in+=n;

-		ctx->buf_off=0;

-		n=ctx->buf_len;

-		while (n > 0)

-			{

-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				return((ret == 0)?i:ret);

-				}

-			n-=i;

-			ctx->buf_off+=i;

-			}

-		ctx->buf_len=0;

-		ctx->buf_off=0;

-		}

-	return(ret);

-	}

-static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO_B64_CTX *ctx;

-	long ret=1;

-	int i;

-	ctx=(BIO_B64_CTX *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ctx->cont=1;

-		ctx->start=1;

-		ctx->encode=B64_NONE;

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_EOF:	/* More to read */

-		if (ctx->cont <= 0)

-			ret=1;

-		else

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_WPENDING: /* More to write in buffer */

-		ret=ctx->buf_len-ctx->buf_off;

-		if ((ret == 0) && (ctx->encode != B64_NONE)

-			&& (ctx->base64.num != 0))

-			ret=1;

-		else if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_PENDING: /* More to read in buffer */

-		ret=ctx->buf_len-ctx->buf_off;

-		if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_FLUSH:

-		/* do a final write */

-again:

-		while (ctx->buf_len != ctx->buf_off)

-			{

-			i=b64_write(b,NULL,0);

-			if (i < 0)

-				return i;

-			}

-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)

-			{

-			if (ctx->tmp_len != 0)

-				{

-				ctx->buf_len=EVP_EncodeBlock(

-					(unsigned char *)ctx->buf,

-					(unsigned char *)ctx->tmp,

-					ctx->tmp_len);

-				ctx->buf_off=0;

-				ctx->tmp_len=0;

-				goto again;

-				}

-			}

-		else if (ctx->encode != B64_NONE && ctx->base64.num != 0)

-			{

-			ctx->buf_off=0;

-			EVP_EncodeFinal(&(ctx->base64),

-				(unsigned char *)ctx->buf,

-				&(ctx->buf_len));

-			/* push out the bytes */

-			goto again;

-			}

-		/* Finally flush the underlying BIO */

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_DUP:

-		break;

-	case BIO_CTRL_INFO:

-	case BIO_CTRL_GET:

-	case BIO_CTRL_SET:

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/bio_enc.c

+++ /dev/null

@@ -1,426 +1,0 @@

-/* crypto/evp/bio_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-static int enc_write(BIO *h, const char *buf, int num);

-static int enc_read(BIO *h, char *buf, int size);

-/*static int enc_puts(BIO *h, const char *str); */

-/*static int enc_gets(BIO *h, char *str, int size); */

-static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int enc_new(BIO *h);

-static int enc_free(BIO *data);

-static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);

-#define ENC_BLOCK_SIZE	(1024*4)

-#define BUF_OFFSET	(EVP_MAX_BLOCK_LENGTH*2)

-typedef struct enc_struct

-	{

-	int buf_len;

-	int buf_off;

-	int cont;		/* <= 0 when finished */

-	int finished;

-	int ok;			/* bad decrypt */

-	EVP_CIPHER_CTX cipher;

-	/* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate

-	 * can return up to a block more data than is presented to it

-	 */

-	char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];

-	} BIO_ENC_CTX;

-static BIO_METHOD methods_enc=

-	{

-	BIO_TYPE_CIPHER,"cipher",

-	enc_write,

-	enc_read,

-	NULL, /* enc_puts, */

-	NULL, /* enc_gets, */

-	enc_ctrl,

-	enc_new,

-	enc_free,

-	enc_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_cipher(void)

-	{

-	return(&methods_enc);

-	}

-static int enc_new(BIO *bi)

-	{

-	BIO_ENC_CTX *ctx;

-	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));

-	if (ctx == NULL) return(0);

-	EVP_CIPHER_CTX_init(&ctx->cipher);

-	ctx->buf_len=0;

-	ctx->buf_off=0;

-	ctx->cont=1;

-	ctx->finished=0;

-	ctx->ok=1;

-	bi->init=0;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int enc_free(BIO *a)

-	{

-	BIO_ENC_CTX *b;

-	if (a == NULL) return(0);

-	b=(BIO_ENC_CTX *)a->ptr;

-	EVP_CIPHER_CTX_cleanup(&(b->cipher));

-	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));

-	OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int enc_read(BIO *b, char *out, int outl)

-	{

-	int ret=0,i;

-	BIO_ENC_CTX *ctx;

-	if (out == NULL) return(0);

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	/* First check if there are bytes decoded/encoded */

-	if (ctx->buf_len > 0)

-		{

-		i=ctx->buf_len-ctx->buf_off;

-		if (i > outl) i=outl;

-		memcpy(out,&(ctx->buf[ctx->buf_off]),i);

-		ret=i;

-		out+=i;

-		outl-=i;

-		ctx->buf_off+=i;

-		if (ctx->buf_len == ctx->buf_off)

-			{

-			ctx->buf_len=0;

-			ctx->buf_off=0;

-			}

-		}

-	/* At this point, we have room of outl bytes and an empty

-	 * buffer, so we should read in some more. */

-	while (outl > 0)

-		{

-		if (ctx->cont <= 0) break;

-		/* read in at IV offset, read the EVP_Cipher

-		 * documentation about why */

-		i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);

-		if (i <= 0)

-			{

-			/* Should be continue next time we are called? */

-			if (!BIO_should_retry(b->next_bio))

-				{

-				ctx->cont=i;

-				i=EVP_CipherFinal_ex(&(ctx->cipher),

-					(unsigned char *)ctx->buf,

-					&(ctx->buf_len));

-				ctx->ok=i;

-				ctx->buf_off=0;

-				}

-			else

-				{

-				ret=(ret == 0)?i:ret;

-				break;

-				}

-			}

-		else

-			{

-			EVP_CipherUpdate(&(ctx->cipher),

-				(unsigned char *)ctx->buf,&ctx->buf_len,

-				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);

-			ctx->cont=1;

-			/* Note: it is possible for EVP_CipherUpdate to

-			 * decrypt zero bytes because this is or looks like

-			 * the final block: if this happens we should retry

-			 * and either read more data or decrypt the final

-			 * block

-			 */

-			if(ctx->buf_len == 0) continue;

-			}

-		if (ctx->buf_len <= outl)

-			i=ctx->buf_len;

-		else

-			i=outl;

-		if (i <= 0) break;

-		memcpy(out,ctx->buf,i);

-		ret+=i;

-		ctx->buf_off=i;

-		outl-=i;

-		out+=i;

-		}

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return((ret == 0)?ctx->cont:ret);

-	}

-static int enc_write(BIO *b, const char *in, int inl)

-	{

-	int ret=0,n,i;

-	BIO_ENC_CTX *ctx;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	ret=inl;

-	BIO_clear_retry_flags(b);

-	n=ctx->buf_len-ctx->buf_off;

-	while (n > 0)

-		{

-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-		if (i <= 0)

-			{

-			BIO_copy_next_retry(b);

-			return(i);

-			}

-		ctx->buf_off+=i;

-		n-=i;

-		}

-	/* at this point all pending data has been written */

-	if ((in == NULL) || (inl <= 0)) return(0);

-	ctx->buf_off=0;

-	while (inl > 0)

-		{

-		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;

-		EVP_CipherUpdate(&(ctx->cipher),

-			(unsigned char *)ctx->buf,&ctx->buf_len,

-			(unsigned char *)in,n);

-		inl-=n;

-		in+=n;

-		ctx->buf_off=0;

-		n=ctx->buf_len;

-		while (n > 0)

-			{

-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				return (ret == inl) ? i : ret - inl;

-				}

-			n-=i;

-			ctx->buf_off+=i;

-			}

-		ctx->buf_len=0;

-		ctx->buf_off=0;

-		}

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO *dbio;

-	BIO_ENC_CTX *ctx,*dctx;

-	long ret=1;

-	int i;

-	EVP_CIPHER_CTX **c_ctx;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ctx->ok=1;

-		ctx->finished=0;

-		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,

-			ctx->cipher.encrypt);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_EOF:	/* More to read */

-		if (ctx->cont <= 0)

-			ret=1;

-		else

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_WPENDING:

-		ret=ctx->buf_len-ctx->buf_off;

-		if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_PENDING: /* More to read in buffer */

-		ret=ctx->buf_len-ctx->buf_off;

-		if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_FLUSH:

-		/* do a final write */

-again:

-		while (ctx->buf_len != ctx->buf_off)

-			{

-			i=enc_write(b,NULL,0);

-			if (i < 0)

-				return i;

-			}

-		if (!ctx->finished)

-			{

-			ctx->finished=1;

-			ctx->buf_off=0;

-			ret=EVP_CipherFinal_ex(&(ctx->cipher),

-				(unsigned char *)ctx->buf,

-				&(ctx->buf_len));

-			ctx->ok=(int)ret;

-			if (ret <= 0) break;

-			/* push out the bytes */

-			goto again;

-			}

-		/* Finally flush the underlying BIO */

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_C_GET_CIPHER_STATUS:

-		ret=(long)ctx->ok;

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_C_GET_CIPHER_CTX:

-		c_ctx=(EVP_CIPHER_CTX **)ptr;

-		(*c_ctx)= &(ctx->cipher);

-		b->init=1;

-		break;

-	case BIO_CTRL_DUP:

-		dbio=(BIO *)ptr;

-		dctx=(BIO_ENC_CTX *)dbio->ptr;

-		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));

-		dbio->init=1;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-/*

-void BIO_set_cipher_ctx(b,c)

-BIO *b;

-EVP_CIPHER_ctx *c;

-	{

-	if (b == NULL) return;

-	if ((b->callback != NULL) &&

-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))

-		return;

-	b->init=1;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));

-	if (b->callback != NULL)

-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);

-	}

-*/

-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,

-	     const unsigned char *i, int e)

-	{

-	BIO_ENC_CTX *ctx;

-	if (b == NULL) return;

-	if ((b->callback != NULL) &&

-		(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))

-		return;

-	b->init=1;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);

-	if (b->callback != NULL)

-		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/bio_md.c

+++ /dev/null

@@ -1,269 +1,0 @@

-/* crypto/evp/bio_md.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-/* BIO_put and BIO_get both add to the digest,

- * BIO_gets returns the digest */

-static int md_write(BIO *h, char const *buf, int num);

-static int md_read(BIO *h, char *buf, int size);

-/*static int md_puts(BIO *h, const char *str); */

-static int md_gets(BIO *h, char *str, int size);

-static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int md_new(BIO *h);

-static int md_free(BIO *data);

-static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);

-static BIO_METHOD methods_md=

-	{

-	BIO_TYPE_MD,"message digest",

-	md_write,

-	md_read,

-	NULL, /* md_puts, */

-	md_gets,

-	md_ctrl,

-	md_new,

-	md_free,

-	md_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_md(void)

-	{

-	return(&methods_md);

-	}

-static int md_new(BIO *bi)

-	{

-	EVP_MD_CTX *ctx;

-	ctx=EVP_MD_CTX_create();

-	if (ctx == NULL) return(0);

-	bi->init=0;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int md_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	EVP_MD_CTX_destroy(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int md_read(BIO *b, char *out, int outl)

-	{

-	int ret=0;

-	EVP_MD_CTX *ctx;

-	if (out == NULL) return(0);

-	ctx=b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	ret=BIO_read(b->next_bio,out,outl);

-	if (b->init)

-		{

-		if (ret > 0)

-			{

-			EVP_DigestUpdate(ctx,(unsigned char *)out,

-				(unsigned int)ret);

-			}

-		}

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static int md_write(BIO *b, const char *in, int inl)

-	{

-	int ret=0;

-	EVP_MD_CTX *ctx;

-	if ((in == NULL) || (inl <= 0)) return(0);

-	ctx=b->ptr;

-	if ((ctx != NULL) && (b->next_bio != NULL))

-		ret=BIO_write(b->next_bio,in,inl);

-	if (b->init)

-		{

-		if (ret > 0)

-			{

-			EVP_DigestUpdate(ctx,(const unsigned char *)in,

-				(unsigned int)ret);

-			}

-		}

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static long md_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	EVP_MD_CTX *ctx,*dctx,**pctx;

-	const EVP_MD **ppmd;

-	EVP_MD *md;

-	long ret=1;

-	BIO *dbio;

-	ctx=b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		if (b->init)

-			ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);

-		else

-			ret=0;

-		if (ret > 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_C_GET_MD:

-		if (b->init)

-			{

-			ppmd=ptr;

-			*ppmd=ctx->digest;

-			}

-		else

-			ret=0;

-		break;

-	case BIO_C_GET_MD_CTX:

-		if (b->init)

-			{

-			pctx=ptr;

-			*pctx=ctx;

-			}

-		else

-			ret=0;

-		break;

-	case BIO_C_SET_MD_CTX:

-		if (b->init)

-			b->ptr=ptr;

-		else

-			ret=0;

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_C_SET_MD:

-		md=ptr;

-		ret = EVP_DigestInit_ex(ctx,md, NULL);

-		if (ret > 0)

-			b->init=1;

-		break;

-	case BIO_CTRL_DUP:

-		dbio=ptr;

-		dctx=dbio->ptr;

-		EVP_MD_CTX_copy_ex(dctx,ctx);

-		b->init=1;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static int md_gets(BIO *bp, char *buf, int size)

-	{

-	EVP_MD_CTX *ctx;

-	unsigned int ret;

-	ctx=bp->ptr;

-	if (size < ctx->digest->md_size)

-		return(0);

-	EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);

-	return((int)ret);

-	}

-/*

-static int md_puts(bp,str)

-BIO *bp;

-char *str;

-	{

-	return(-1);

-	}

-*/

--- a/sys/src/ape/lib/openssl/crypto/evp/bio_ok.c

+++ /dev/null

@@ -1,575 +1,0 @@

-/* crypto/evp/bio_ok.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/*

-	From: Arne Ansper <[email protected]>

-	Why BIO_f_reliable?

-	I wrote function which took BIO* as argument, read data from it

-	and processed it. Then I wanted to store the input file in

-	encrypted form. OK I pushed BIO_f_cipher to the BIO stack

-	and everything was OK. BUT if user types wrong password

-	BIO_f_cipher outputs only garbage and my function crashes. Yes

-	I can and I should fix my function, but BIO_f_cipher is

-	easy way to add encryption support to many existing applications

-	and it's hard to debug and fix them all.

-	So I wanted another BIO which would catch the incorrect passwords and

-	file damages which cause garbage on BIO_f_cipher's output.

-	The easy way is to push the BIO_f_md and save the checksum at

-	the end of the file. However there are several problems with this

-	approach:

-	1) you must somehow separate checksum from actual data.

-	2) you need lot's of memory when reading the file, because you

-	must read to the end of the file and verify the checksum before

-	letting the application to read the data.

-	BIO_f_reliable tries to solve both problems, so that you can

-	read and write arbitrary long streams using only fixed amount

-	of memory.

-	BIO_f_reliable splits data stream into blocks. Each block is prefixed

-	with it's length and suffixed with it's digest. So you need only

-	several Kbytes of memory to buffer single block before verifying

-	it's digest.

-	BIO_f_reliable goes further and adds several important capabilities:

-	1) the digest of the block is computed over the whole stream

-	-- so nobody can rearrange the blocks or remove or replace them.

-	2) to detect invalid passwords right at the start BIO_f_reliable

-	adds special prefix to the stream. In order to avoid known plain-text

-	attacks this prefix is generated as follows:

-		*) digest is initialized with random seed instead of

-		standardized one.

-		*) same seed is written to output

-		*) well-known text is then hashed and the output

-		of the digest is also written to output.

-	reader can now read the seed from stream, hash the same string

-	and then compare the digest output.

-	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I

-	initially wrote and tested this code on x86 machine and wrote the

-	digests out in machine-dependent order :( There are people using

-	this code and I cannot change this easily without making existing

-	data files unreadable.

-*/

-#include <stdio.h>

-#include <errno.h>

-#include <assert.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-static int ok_write(BIO *h, const char *buf, int num);

-static int ok_read(BIO *h, char *buf, int size);

-static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int ok_new(BIO *h);

-static int ok_free(BIO *data);

-static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);

-static void sig_out(BIO* b);

-static void sig_in(BIO* b);

-static void block_out(BIO* b);

-static void block_in(BIO* b);

-#define OK_BLOCK_SIZE	(1024*4)

-#define OK_BLOCK_BLOCK	4

-#define IOBS		(OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)

-#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."

-typedef struct ok_struct

-	{

-	size_t buf_len;

-	size_t buf_off;

-	size_t buf_len_save;

-	size_t buf_off_save;

-	int cont;		/* <= 0 when finished */

-	int finished;

-	EVP_MD_CTX md;

-	int blockout;		/* output block is ready */

-	int sigio;		/* must process signature */

-	unsigned char buf[IOBS];

-	} BIO_OK_CTX;

-static BIO_METHOD methods_ok=

-	{

-	BIO_TYPE_CIPHER,"reliable",

-	ok_write,

-	ok_read,

-	NULL, /* ok_puts, */

-	NULL, /* ok_gets, */

-	ok_ctrl,

-	ok_new,

-	ok_free,

-	ok_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_reliable(void)

-	{

-	return(&methods_ok);

-	}

-static int ok_new(BIO *bi)

-	{

-	BIO_OK_CTX *ctx;

-	ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));

-	if (ctx == NULL) return(0);

-	ctx->buf_len=0;

-	ctx->buf_off=0;

-	ctx->buf_len_save=0;

-	ctx->buf_off_save=0;

-	ctx->cont=1;

-	ctx->finished=0;

-	ctx->blockout= 0;

-	ctx->sigio=1;

-	EVP_MD_CTX_init(&ctx->md);

-	bi->init=0;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int ok_free(BIO *a)

-	{

-	if (a == NULL) return(0);

-	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);

-	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));

-	OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-static int ok_read(BIO *b, char *out, int outl)

-	{

-	int ret=0,i,n;

-	BIO_OK_CTX *ctx;

-	if (out == NULL) return(0);

-	ctx=(BIO_OK_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);

-	while(outl > 0)

-		{

-		/* copy clean bytes to output buffer */

-		if (ctx->blockout)

-			{

-			i=ctx->buf_len-ctx->buf_off;

-			if (i > outl) i=outl;

-			memcpy(out,&(ctx->buf[ctx->buf_off]),i);

-			ret+=i;

-			out+=i;

-			outl-=i;

-			ctx->buf_off+=i;

-			/* all clean bytes are out */

-			if (ctx->buf_len == ctx->buf_off)

-				{

-				ctx->buf_off=0;

-				/* copy start of the next block into proper place */

-				if(ctx->buf_len_save- ctx->buf_off_save > 0)

-					{

-					ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;

-					memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),

-							ctx->buf_len);

-					}

-				else

-					{

-					ctx->buf_len=0;

-					}

-				ctx->blockout= 0;

-				}

-			}

-		/* output buffer full -- cancel */

-		if (outl == 0) break;

-		/* no clean bytes in buffer -- fill it */

-		n=IOBS- ctx->buf_len;

-		i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);

-		if (i <= 0) break;	/* nothing new */

-		ctx->buf_len+= i;

-		/* no signature yet -- check if we got one */

-		if (ctx->sigio == 1) sig_in(b);

-		/* signature ok -- check if we got block */

-		if (ctx->sigio == 0) block_in(b);

-		/* invalid block -- cancel */

-		if (ctx->cont <= 0) break;

-		}

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static int ok_write(BIO *b, const char *in, int inl)

-	{

-	int ret=0,n,i;

-	BIO_OK_CTX *ctx;

-	if (inl <= 0) return inl;

-	ctx=(BIO_OK_CTX *)b->ptr;

-	ret=inl;

-	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);

-	if(ctx->sigio) sig_out(b);

-	do{

-		BIO_clear_retry_flags(b);

-		n=ctx->buf_len-ctx->buf_off;

-		while (ctx->blockout && n > 0)

-			{

-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				if(!BIO_should_retry(b))

-					ctx->cont= 0;

-				return(i);

-				}

-			ctx->buf_off+=i;

-			n-=i;

-			}

-		/* at this point all pending data has been written */

-		ctx->blockout= 0;

-		if (ctx->buf_len == ctx->buf_off)

-			{

-			ctx->buf_len=OK_BLOCK_BLOCK;

-			ctx->buf_off=0;

-			}

-		if ((in == NULL) || (inl <= 0)) return(0);

-		n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ?

-			(int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl;

-		memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);

-		ctx->buf_len+= n;

-		inl-=n;

-		in+=n;

-		if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)

-			{

-			block_out(b);

-			}

-	}while(inl > 0);

-	BIO_clear_retry_flags(b);

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	BIO_OK_CTX *ctx;

-	EVP_MD *md;

-	const EVP_MD **ppmd;

-	long ret=1;

-	int i;

-	ctx=b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ctx->buf_len=0;

-		ctx->buf_off=0;

-		ctx->buf_len_save=0;

-		ctx->buf_off_save=0;

-		ctx->cont=1;

-		ctx->finished=0;

-		ctx->blockout= 0;

-		ctx->sigio=1;

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_EOF:	/* More to read */

-		if (ctx->cont <= 0)

-			ret=1;

-		else

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_PENDING: /* More to read in buffer */

-	case BIO_CTRL_WPENDING: /* More to read in buffer */

-		ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;

-		if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_FLUSH:

-		/* do a final write */

-		if(ctx->blockout == 0)

-			block_out(b);

-		while (ctx->blockout)

-			{

-			i=ok_write(b,NULL,0);

-			if (i < 0)

-				{

-				ret=i;

-				break;

-				}

-			}

-		ctx->finished=1;

-		ctx->buf_off=ctx->buf_len=0;

-		ctx->cont=(int)ret;

-		/* Finally flush the underlying BIO */

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_INFO:

-		ret=(long)ctx->cont;

-		break;

-	case BIO_C_SET_MD:

-		md=ptr;

-		EVP_DigestInit_ex(&ctx->md, md, NULL);

-		b->init=1;

-		break;

-	case BIO_C_GET_MD:

-		if (b->init)

-			{

-			ppmd=ptr;

-			*ppmd=ctx->md.digest;

-			}

-		else

-			ret=0;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static void longswap(void *_ptr, size_t len)

-{	const union { long one; char little; } is_endian = {1};

-	if (is_endian.little) {

-		size_t i;

-		unsigned char *p=_ptr,c;

-		for(i= 0;i < len;i+= 4) {

-			c=p[0],p[0]=p[3],p[3]=c;

-			c=p[1],p[1]=p[2],p[2]=c;

-		}

-	}

-}

-static void sig_out(BIO* b)

-	{

-	BIO_OK_CTX *ctx;

-	EVP_MD_CTX *md;

-	ctx=b->ptr;

-	md=&ctx->md;

-	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;

-	EVP_DigestInit_ex(md, md->digest, NULL);

-	/* FIXME: there's absolutely no guarantee this makes any sense at all,

-	 * particularly now EVP_MD_CTX has been restructured.

-	 */

-	RAND_pseudo_bytes(md->md_data, md->digest->md_size);

-	memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);

-	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);

-	ctx->buf_len+= md->digest->md_size;

-	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));

-	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);

-	ctx->buf_len+= md->digest->md_size;

-	ctx->blockout= 1;

-	ctx->sigio= 0;

-	}

-static void sig_in(BIO* b)

-	{

-	BIO_OK_CTX *ctx;

-	EVP_MD_CTX *md;

-	unsigned char tmp[EVP_MAX_MD_SIZE];

-	int ret= 0;

-	ctx=b->ptr;

-	md=&ctx->md;

-	if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return;

-	EVP_DigestInit_ex(md, md->digest, NULL);

-	memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);

-	longswap(md->md_data, md->digest->md_size);

-	ctx->buf_off+= md->digest->md_size;

-	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));

-	EVP_DigestFinal_ex(md, tmp, NULL);

-	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;

-	ctx->buf_off+= md->digest->md_size;

-	if(ret == 1)

-		{

-		ctx->sigio= 0;

-		if(ctx->buf_len != ctx->buf_off)

-			{

-			memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);

-			}

-		ctx->buf_len-= ctx->buf_off;

-		ctx->buf_off= 0;

-		}

-	else

-		{

-		ctx->cont= 0;

-		}

-	}

-static void block_out(BIO* b)

-	{

-	BIO_OK_CTX *ctx;

-	EVP_MD_CTX *md;

-	unsigned long tl;

-	ctx=b->ptr;

-	md=&ctx->md;

-	tl= ctx->buf_len- OK_BLOCK_BLOCK;

-	ctx->buf[0]=(unsigned char)(tl>>24);

-	ctx->buf[1]=(unsigned char)(tl>>16);

-	ctx->buf[2]=(unsigned char)(tl>>8);

-	ctx->buf[3]=(unsigned char)(tl);

-	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);

-	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);

-	ctx->buf_len+= md->digest->md_size;

-	ctx->blockout= 1;

-	}

-static void block_in(BIO* b)

-	{

-	BIO_OK_CTX *ctx;

-	EVP_MD_CTX *md;

-	unsigned long tl= 0;

-	unsigned char tmp[EVP_MAX_MD_SIZE];

-	ctx=b->ptr;

-	md=&ctx->md;

-	assert(sizeof(tl)>=OK_BLOCK_BLOCK);	/* always true */

-	tl =ctx->buf[0]; tl<<=8;

-	tl|=ctx->buf[1]; tl<<=8;

-	tl|=ctx->buf[2]; tl<<=8;

-	tl|=ctx->buf[3];

-	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;

-	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);

-	EVP_DigestFinal_ex(md, tmp, NULL);

-	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)

-		{

-		/* there might be parts from next block lurking around ! */

-		ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;

-		ctx->buf_len_save= ctx->buf_len;

-		ctx->buf_off= OK_BLOCK_BLOCK;

-		ctx->buf_len= tl+ OK_BLOCK_BLOCK;

-		ctx->blockout= 1;

-		}

-	else

-		{

-		ctx->cont= 0;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/c_all.c

+++ /dev/null

@@ -1,90 +1,0 @@

-/* crypto/evp/c_all.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#if 0

-#undef OpenSSL_add_all_algorithms

-void OpenSSL_add_all_algorithms(void)

-	{

-	OPENSSL_add_all_algorithms_noconf();

-	}

-#endif

-void OPENSSL_add_all_algorithms_noconf(void)

-	{

-	/*

-	 * For the moment OPENSSL_cpuid_setup does something

-	 * only on IA-32, but we reserve the option for all

-	 * platforms...

-	 */

-	OPENSSL_cpuid_setup();

-	OpenSSL_add_all_ciphers();

-	OpenSSL_add_all_digests();

-#ifndef OPENSSL_NO_ENGINE

-# if defined(__OpenBSD__) || defined(__FreeBSD__)

-	ENGINE_setup_bsd_cryptodev();

-# endif

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/c_allc.c

+++ /dev/null

@@ -1,225 +1,0 @@

-/* crypto/evp/c_allc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/pkcs12.h>

-#include <openssl/objects.h>

-void OpenSSL_add_all_ciphers(void)

-	{

-#ifndef OPENSSL_NO_DES

-	EVP_add_cipher(EVP_des_cfb());

-	EVP_add_cipher(EVP_des_cfb1());

-	EVP_add_cipher(EVP_des_cfb8());

-	EVP_add_cipher(EVP_des_ede_cfb());

-	EVP_add_cipher(EVP_des_ede3_cfb());

-	EVP_add_cipher(EVP_des_ofb());

-	EVP_add_cipher(EVP_des_ede_ofb());

-	EVP_add_cipher(EVP_des_ede3_ofb());

-	EVP_add_cipher(EVP_desx_cbc());

-	EVP_add_cipher_alias(SN_desx_cbc,"DESX");

-	EVP_add_cipher_alias(SN_desx_cbc,"desx");

-	EVP_add_cipher(EVP_des_cbc());

-	EVP_add_cipher_alias(SN_des_cbc,"DES");

-	EVP_add_cipher_alias(SN_des_cbc,"des");

-	EVP_add_cipher(EVP_des_ede_cbc());

-	EVP_add_cipher(EVP_des_ede3_cbc());

-	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");

-	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");

-	EVP_add_cipher(EVP_des_ecb());

-	EVP_add_cipher(EVP_des_ede());

-	EVP_add_cipher(EVP_des_ede3());

-#endif

-#ifndef OPENSSL_NO_RC4

-	EVP_add_cipher(EVP_rc4());

-	EVP_add_cipher(EVP_rc4_40());

-#endif

-#ifndef OPENSSL_NO_IDEA

-	EVP_add_cipher(EVP_idea_ecb());

-	EVP_add_cipher(EVP_idea_cfb());

-	EVP_add_cipher(EVP_idea_ofb());

-	EVP_add_cipher(EVP_idea_cbc());

-	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");

-	EVP_add_cipher_alias(SN_idea_cbc,"idea");

-#endif

-#ifndef OPENSSL_NO_SEED

-	EVP_add_cipher(EVP_seed_ecb());

-	EVP_add_cipher(EVP_seed_cfb());

-	EVP_add_cipher(EVP_seed_ofb());

-	EVP_add_cipher(EVP_seed_cbc());

-	EVP_add_cipher_alias(SN_seed_cbc,"SEED");

-	EVP_add_cipher_alias(SN_seed_cbc,"seed");

-#endif

-#ifndef OPENSSL_NO_RC2

-	EVP_add_cipher(EVP_rc2_ecb());

-	EVP_add_cipher(EVP_rc2_cfb());

-	EVP_add_cipher(EVP_rc2_ofb());

-	EVP_add_cipher(EVP_rc2_cbc());

-	EVP_add_cipher(EVP_rc2_40_cbc());

-	EVP_add_cipher(EVP_rc2_64_cbc());

-	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");

-	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");

-#endif

-#ifndef OPENSSL_NO_BF

-	EVP_add_cipher(EVP_bf_ecb());

-	EVP_add_cipher(EVP_bf_cfb());

-	EVP_add_cipher(EVP_bf_ofb());

-	EVP_add_cipher(EVP_bf_cbc());

-	EVP_add_cipher_alias(SN_bf_cbc,"BF");

-	EVP_add_cipher_alias(SN_bf_cbc,"bf");

-	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");

-#endif

-#ifndef OPENSSL_NO_CAST

-	EVP_add_cipher(EVP_cast5_ecb());

-	EVP_add_cipher(EVP_cast5_cfb());

-	EVP_add_cipher(EVP_cast5_ofb());

-	EVP_add_cipher(EVP_cast5_cbc());

-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");

-	EVP_add_cipher_alias(SN_cast5_cbc,"cast");

-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");

-	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");

-#endif

-#ifndef OPENSSL_NO_RC5

-	EVP_add_cipher(EVP_rc5_32_12_16_ecb());

-	EVP_add_cipher(EVP_rc5_32_12_16_cfb());

-	EVP_add_cipher(EVP_rc5_32_12_16_ofb());

-	EVP_add_cipher(EVP_rc5_32_12_16_cbc());

-	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");

-	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");

-#endif

-#ifndef OPENSSL_NO_AES

-	EVP_add_cipher(EVP_aes_128_ecb());

-	EVP_add_cipher(EVP_aes_128_cbc());

-	EVP_add_cipher(EVP_aes_128_cfb());

-	EVP_add_cipher(EVP_aes_128_cfb1());

-	EVP_add_cipher(EVP_aes_128_cfb8());

-	EVP_add_cipher(EVP_aes_128_ofb());

-#if 0

-	EVP_add_cipher(EVP_aes_128_ctr());

-#endif

-	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");

-	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");

-	EVP_add_cipher(EVP_aes_192_ecb());

-	EVP_add_cipher(EVP_aes_192_cbc());

-	EVP_add_cipher(EVP_aes_192_cfb());

-	EVP_add_cipher(EVP_aes_192_cfb1());

-	EVP_add_cipher(EVP_aes_192_cfb8());

-	EVP_add_cipher(EVP_aes_192_ofb());

-#if 0

-	EVP_add_cipher(EVP_aes_192_ctr());

-#endif

-	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");

-	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");

-	EVP_add_cipher(EVP_aes_256_ecb());

-	EVP_add_cipher(EVP_aes_256_cbc());

-	EVP_add_cipher(EVP_aes_256_cfb());

-	EVP_add_cipher(EVP_aes_256_cfb1());

-	EVP_add_cipher(EVP_aes_256_cfb8());

-	EVP_add_cipher(EVP_aes_256_ofb());

-#if 0

-	EVP_add_cipher(EVP_aes_256_ctr());

-#endif

-	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");

-	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	EVP_add_cipher(EVP_camellia_128_ecb());

-	EVP_add_cipher(EVP_camellia_128_cbc());

-	EVP_add_cipher(EVP_camellia_128_cfb());

-	EVP_add_cipher(EVP_camellia_128_cfb1());

-	EVP_add_cipher(EVP_camellia_128_cfb8());

-	EVP_add_cipher(EVP_camellia_128_ofb());

-	EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");

-	EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");

-	EVP_add_cipher(EVP_camellia_192_ecb());

-	EVP_add_cipher(EVP_camellia_192_cbc());

-	EVP_add_cipher(EVP_camellia_192_cfb());

-	EVP_add_cipher(EVP_camellia_192_cfb1());

-	EVP_add_cipher(EVP_camellia_192_cfb8());

-	EVP_add_cipher(EVP_camellia_192_ofb());

-	EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");

-	EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");

-	EVP_add_cipher(EVP_camellia_256_ecb());

-	EVP_add_cipher(EVP_camellia_256_cbc());

-	EVP_add_cipher(EVP_camellia_256_cfb());

-	EVP_add_cipher(EVP_camellia_256_cfb1());

-	EVP_add_cipher(EVP_camellia_256_cfb8());

-	EVP_add_cipher(EVP_camellia_256_ofb());

-	EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");

-	EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");

-#endif

-	PKCS12_PBE_add();

-	PKCS5_PBE_add();

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/c_alld.c

+++ /dev/null

@@ -1,114 +1,0 @@

-/* crypto/evp/c_alld.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/pkcs12.h>

-#include <openssl/objects.h>

-void OpenSSL_add_all_digests(void)

-	{

-#ifndef OPENSSL_NO_MD2

-	EVP_add_digest(EVP_md2());

-#endif

-#ifndef OPENSSL_NO_MD4

-	EVP_add_digest(EVP_md4());

-#endif

-#ifndef OPENSSL_NO_MD5

-	EVP_add_digest(EVP_md5());

-	EVP_add_digest_alias(SN_md5,"ssl2-md5");

-	EVP_add_digest_alias(SN_md5,"ssl3-md5");

-#endif

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)

-	EVP_add_digest(EVP_sha());

-#ifndef OPENSSL_NO_DSA

-	EVP_add_digest(EVP_dss());

-#endif

-#endif

-#ifndef OPENSSL_NO_SHA

-	EVP_add_digest(EVP_sha1());

-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");

-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);

-#ifndef OPENSSL_NO_DSA

-	EVP_add_digest(EVP_dss1());

-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);

-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");

-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	EVP_add_digest(EVP_ecdsa());

-#endif

-#endif

-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)

-	EVP_add_digest(EVP_mdc2());

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-	EVP_add_digest(EVP_ripemd160());

-	EVP_add_digest_alias(SN_ripemd160,"ripemd");

-	EVP_add_digest_alias(SN_ripemd160,"rmd160");

-#endif

-#ifndef OPENSSL_NO_SHA256

-	EVP_add_digest(EVP_sha224());

-	EVP_add_digest(EVP_sha256());

-#endif

-#ifndef OPENSSL_NO_SHA512

-	EVP_add_digest(EVP_sha384());

-	EVP_add_digest(EVP_sha512());

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/digest.c

+++ /dev/null

@@ -1,334 +1,0 @@

-/* crypto/evp/digest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)

-	{

-	memset(ctx,'\0',sizeof *ctx);

-	}

-EVP_MD_CTX *EVP_MD_CTX_create(void)

-	{

-	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);

-	EVP_MD_CTX_init(ctx);

-	return ctx;

-	}

-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)

-	{

-	EVP_MD_CTX_init(ctx);

-	return EVP_DigestInit_ex(ctx, type, NULL);

-	}

-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)

-	{

-	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);

-#ifndef OPENSSL_NO_ENGINE

-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts

-	 * so this context may already have an ENGINE! Try to avoid releasing

-	 * the previous handle, re-querying for an ENGINE, and having a

-	 * reinitialisation, when it may all be unecessary. */

-	if (ctx->engine && ctx->digest && (!type ||

-			(type && (type->type == ctx->digest->type))))

-		goto skip_to_init;

-	if (type)

-		{

-		/* Ensure an ENGINE left lying around from last time is cleared

-		 * (the previous check attempted to avoid this if the same

-		 * ENGINE and EVP_MD could be used). */

-		if(ctx->engine)

-			ENGINE_finish(ctx->engine);

-		if(impl)

-			{

-			if (!ENGINE_init(impl))

-				{

-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);

-				return 0;

-				}

-			}

-		else

-			/* Ask if an ENGINE is reserved for this job */

-			impl = ENGINE_get_digest_engine(type->type);

-		if(impl)

-			{

-			/* There's an ENGINE for this job ... (apparently) */

-			const EVP_MD *d = ENGINE_get_digest(impl, type->type);

-			if(!d)

-				{

-				/* Same comment from evp_enc.c */

-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);

-				return 0;

-				}

-			/* We'll use the ENGINE's private digest definition */

-			type = d;

-			/* Store the ENGINE functional reference so we know

-			 * 'type' came from an ENGINE and we need to release

-			 * it when done. */

-			ctx->engine = impl;

-			}

-		else

-			ctx->engine = NULL;

-		}

-	else

-	if(!ctx->digest)

-		{

-		EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);

-		return 0;

-		}

-#endif

-	if (ctx->digest != type)

-		{

-		if (ctx->digest && ctx->digest->ctx_size)

-			OPENSSL_free(ctx->md_data);

-		ctx->digest=type;

-		if (type->ctx_size)

-			ctx->md_data=OPENSSL_malloc(type->ctx_size);

-		}

-#ifndef OPENSSL_NO_ENGINE

-skip_to_init:

-#endif

-	return ctx->digest->init(ctx);

-	}

-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,

-	     size_t count)

-	{

-	return ctx->digest->update(ctx,data,count);

-	}

-/* The caller can assume that this removes any secret data from the context */

-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)

-	{

-	int ret;

-	ret = EVP_DigestFinal_ex(ctx, md, size);

-	EVP_MD_CTX_cleanup(ctx);

-	return ret;

-	}

-/* The caller can assume that this removes any secret data from the context */

-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)

-	{

-	int ret;

-	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);

-	ret=ctx->digest->final(ctx,md);

-	if (size != NULL)

-		*size=ctx->digest->md_size;

-	if (ctx->digest->cleanup)

-		{

-		ctx->digest->cleanup(ctx);

-		EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);

-		}

-	memset(ctx->md_data,0,ctx->digest->ctx_size);

-	return ret;

-	}

-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)

-	{

-	EVP_MD_CTX_init(out);

-	return EVP_MD_CTX_copy_ex(out, in);

-	}

-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)

-	{

-	unsigned char *tmp_buf;

-	if ((in == NULL) || (in->digest == NULL))

-		{

-		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);

-		return 0;

-		}

-#ifndef OPENSSL_NO_ENGINE

-	/* Make sure it's safe to copy a digest context using an ENGINE */

-	if (in->engine && !ENGINE_init(in->engine))

-		{

-		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);

-		return 0;

-		}

-#endif

-	if (out->digest == in->digest)

-		{

-		tmp_buf = out->md_data;

-	    	EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);

-		}

-	else tmp_buf = NULL;

-	EVP_MD_CTX_cleanup(out);

-	memcpy(out,in,sizeof *out);

-	if (out->digest->ctx_size)

-		{

-		if (tmp_buf) out->md_data = tmp_buf;

-		else out->md_data=OPENSSL_malloc(out->digest->ctx_size);

-		memcpy(out->md_data,in->md_data,out->digest->ctx_size);

-		}

-	if (out->digest->copy)

-		return out->digest->copy(out,in);

-	return 1;

-	}

-int EVP_Digest(const void *data, size_t count,

-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)

-	{

-	EVP_MD_CTX ctx;

-	int ret;

-	EVP_MD_CTX_init(&ctx);

-	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);

-	ret=EVP_DigestInit_ex(&ctx, type, impl)

-	  && EVP_DigestUpdate(&ctx, data, count)

-	  && EVP_DigestFinal_ex(&ctx, md, size);

-	EVP_MD_CTX_cleanup(&ctx);

-	return ret;

-	}

-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)

-	{

-	EVP_MD_CTX_cleanup(ctx);

-	OPENSSL_free(ctx);

-	}

-/* This call frees resources associated with the context */

-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)

-	{

-	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,

-	 * because sometimes only copies of the context are ever finalised.

-	 */

-	if (ctx->digest && ctx->digest->cleanup

-	    && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))

-		ctx->digest->cleanup(ctx);

-	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data

-	    && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))

-		{

-		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);

-		OPENSSL_free(ctx->md_data);

-		}

-#ifndef OPENSSL_NO_ENGINE

-	if(ctx->engine)

-		/* The EVP_MD we used belongs to an ENGINE, release the

-		 * functional reference we held for this reason. */

-		ENGINE_finish(ctx->engine);

-#endif

-	memset(ctx,'\0',sizeof *ctx);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/e_aes.c

+++ /dev/null

@@ -1,120 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_AES

-#include <openssl/evp.h>

-#include <openssl/err.h>

-#include <string.h>

-#include <assert.h>

-#include <openssl/aes.h>

-#include "evp_locl.h"

-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-					const unsigned char *iv, int enc);

-typedef struct

-	{

-	AES_KEY ks;

-	} EVP_AES_KEY;

-#define data(ctx)	EVP_C_DATA(EVP_AES_KEY,ctx)

-IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,

-		       NID_aes_128, 16, 16, 16, 128,

-		       0, aes_init_key, NULL,

-		       EVP_CIPHER_set_asn1_iv,

-		       EVP_CIPHER_get_asn1_iv,

-		       NULL)

-IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,

-		       NID_aes_192, 16, 24, 16, 128,

-		       0, aes_init_key, NULL,

-		       EVP_CIPHER_set_asn1_iv,

-		       EVP_CIPHER_get_asn1_iv,

-		       NULL)

-IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,

-		       NID_aes_256, 16, 32, 16, 128,

-		       0, aes_init_key, NULL,

-		       EVP_CIPHER_set_asn1_iv,

-		       EVP_CIPHER_get_asn1_iv,

-		       NULL)

-#define IMPLEMENT_AES_CFBR(ksize,cbits)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)

-IMPLEMENT_AES_CFBR(128,1)

-IMPLEMENT_AES_CFBR(192,1)

-IMPLEMENT_AES_CFBR(256,1)

-IMPLEMENT_AES_CFBR(128,8)

-IMPLEMENT_AES_CFBR(192,8)

-IMPLEMENT_AES_CFBR(256,8)

-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-		   const unsigned char *iv, int enc)

-	{

-	int ret;

-	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE

-	    || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE

-	    || enc)

-		ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);

-	else

-		ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);

-	if(ret < 0)

-		{

-		EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);

-		return 0;

-		}

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_bf.c

+++ /dev/null

@@ -1,88 +1,0 @@

-/* crypto/evp/e_bf.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_BF

-#include <openssl/evp.h>

-#include "evp_locl.h"

-#include <openssl/objects.h>

-#include <openssl/blowfish.h>

-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-		       const unsigned char *iv, int enc);

-typedef struct

-	{

-	BF_KEY ks;

-	} EVP_BF_KEY;

-#define data(ctx)	EVP_C_DATA(EVP_BF_KEY,ctx)

-IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,

-			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,

-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-		       const unsigned char *iv, int enc)

-	{

-	BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_camellia.c

+++ /dev/null

@@ -1,131 +1,0 @@

-/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_CAMELLIA

-#include <openssl/evp.h>

-#include <openssl/err.h>

-#include <string.h>

-#include <assert.h>

-#include <openssl/camellia.h>

-#include "evp_locl.h"

-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc);

-/* Camellia subkey Structure */

-typedef struct

-	{

-	CAMELLIA_KEY ks;

-	} EVP_CAMELLIA_KEY;

-/* Attribute operation for Camellia */

-#define data(ctx)	EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)

-IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,

-	NID_camellia_128, 16, 16, 16, 128,

-	0, camellia_init_key, NULL,

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL)

-IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,

-	NID_camellia_192, 16, 24, 16, 128,

-	0, camellia_init_key, NULL,

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL)

-IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,

-	NID_camellia_256, 16, 32, 16, 128,

-	0, camellia_init_key, NULL,

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL)

-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)	IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)

-IMPLEMENT_CAMELLIA_CFBR(128,1)

-IMPLEMENT_CAMELLIA_CFBR(192,1)

-IMPLEMENT_CAMELLIA_CFBR(256,1)

-IMPLEMENT_CAMELLIA_CFBR(128,8)

-IMPLEMENT_CAMELLIA_CFBR(192,8)

-IMPLEMENT_CAMELLIA_CFBR(256,8)

-/* The subkey for Camellia is generated. */

-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc)

-	{

-	int ret;

-	ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);

-	if(ret < 0)

-		{

-		EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED);

-		return 0;

-		}

-	return 1;

-	}

-#else

-# ifdef PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_cast.c

+++ /dev/null

@@ -1,90 +1,0 @@

-/* crypto/evp/e_cast.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_CAST

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include "evp_locl.h"

-#include <openssl/cast.h>

-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			 const unsigned char *iv,int enc);

-typedef struct

-	{

-	CAST_KEY ks;

-	} EVP_CAST_KEY;

-#define data(ctx)	EVP_C_DATA(EVP_CAST_KEY,ctx)

-IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,

-			NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,

-			EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,

-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			 const unsigned char *iv, int enc)

-	{

-	CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_des.c

+++ /dev/null

@@ -1,176 +1,0 @@

-/* crypto/evp/e_des.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_DES

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include "evp_locl.h"

-#include <openssl/des.h>

-#include <openssl/rand.h>

-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv, int enc);

-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);

-/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */

-static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			  const unsigned char *in, unsigned int inl)

-{

-	BLOCK_CIPHER_ecb_loop()

-		DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);

-	return 1;

-}

-static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			  const unsigned char *in, unsigned int inl)

-{

-	DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);

-	return 1;

-}

-static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			  const unsigned char *in, unsigned int inl)

-{

-	DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,

-			 (DES_cblock *)ctx->iv, ctx->encrypt);

-	return 1;

-}

-static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			    const unsigned char *in, unsigned int inl)

-{

-	DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,

-			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);

-	return 1;

-}

-/* Although we have a CFB-r implementation for DES, it doesn't pack the right

-   way, so wrap it here */

-static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			   const unsigned char *in, unsigned int inl)

-    {

-    unsigned int n;

-    unsigned char c[1],d[1];

-    for(n=0 ; n < inl ; ++n)

-	{

-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;

-	DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,

-			ctx->encrypt);

-	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));

-	}

-    return 1;

-    }

-static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			   const unsigned char *in, unsigned int inl)

-    {

-    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,

-		    ctx->encrypt);

-    return 1;

-    }

-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,

-			EVP_CIPH_RAND_KEY, des_init_key, NULL,

-			EVP_CIPHER_set_asn1_iv,

-			EVP_CIPHER_get_asn1_iv,

-			des_ctrl)

-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,

-		     EVP_CIPH_RAND_KEY, des_init_key,NULL,

-		     EVP_CIPHER_set_asn1_iv,

-		     EVP_CIPHER_get_asn1_iv,des_ctrl)

-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,

-		     EVP_CIPH_RAND_KEY,des_init_key,NULL,

-		     EVP_CIPHER_set_asn1_iv,

-		     EVP_CIPHER_get_asn1_iv,des_ctrl)

-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv, int enc)

-	{

-	DES_cblock *deskey = (DES_cblock *)key;

-#ifdef EVP_CHECK_DES_KEY

-	if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)

-		return 0;

-#else

-	DES_set_key_unchecked(deskey,ctx->cipher_data);

-#endif

-	return 1;

-	}

-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

-	{

-	switch(type)

-		{

-	case EVP_CTRL_RAND_KEY:

-		if (RAND_bytes(ptr, 8) <= 0)

-			return 0;

-		DES_set_odd_parity((DES_cblock *)ptr);

-		return 1;

-	default:

-		return -1;

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_des3.c

+++ /dev/null

@@ -1,271 +1,0 @@

-/* crypto/evp/e_des3.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_DES

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include "evp_locl.h"

-#include <openssl/des.h>

-#include <openssl/rand.h>

-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			    const unsigned char *iv,int enc);

-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			     const unsigned char *iv,int enc);

-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);

-typedef struct

-    {

-    DES_key_schedule ks1;/* key schedule */

-    DES_key_schedule ks2;/* key schedule (for ede) */

-    DES_key_schedule ks3;/* key schedule (for ede3) */

-    } DES_EDE_KEY;

-#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)

-/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */

-static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			      const unsigned char *in, unsigned int inl)

-{

-	BLOCK_CIPHER_ecb_loop()

-		DES_ecb3_encrypt((const_DES_cblock *)(in + i),

-				 (DES_cblock *)(out + i),

-				 &data(ctx)->ks1, &data(ctx)->ks2,

-				 &data(ctx)->ks3,

-				 ctx->encrypt);

-	return 1;

-}

-static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			      const unsigned char *in, unsigned int inl)

-{

-	DES_ede3_ofb64_encrypt(in, out, (long)inl,

-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,

-			       (DES_cblock *)ctx->iv, &ctx->num);

-	return 1;

-}

-static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			      const unsigned char *in, unsigned int inl)

-{

-#ifdef KSSL_DEBUG

-	{

-        int i;

-        char *cp;

-	printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);

-	printf("\t iv= ");

-        for(i=0;i<8;i++)

-                printf("%02X",ctx->iv[i]);

-	printf("\n");

-	}

-#endif    /* KSSL_DEBUG */

-	DES_ede3_cbc_encrypt(in, out, (long)inl,

-			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,

-			     (DES_cblock *)ctx->iv, ctx->encrypt);

-	return 1;

-}

-static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			      const unsigned char *in, unsigned int inl)

-{

-	DES_ede3_cfb64_encrypt(in, out, (long)inl,

-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,

-			       (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);

-	return 1;

-}

-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right

-   way, so wrap it here */

-static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-				const unsigned char *in, unsigned int inl)

-    {

-    unsigned int n;

-    unsigned char c[1],d[1];

-    for(n=0 ; n < inl ; ++n)

-	{

-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;

-	DES_ede3_cfb_encrypt(c,d,1,1,

-			     &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,

-			     (DES_cblock *)ctx->iv,ctx->encrypt);

-	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));

-	}

-    return 1;

-    }

-static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-				const unsigned char *in, unsigned int inl)

-    {

-    DES_ede3_cfb_encrypt(in,out,8,inl,

-			 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,

-			 (DES_cblock *)ctx->iv,ctx->encrypt);

-    return 1;

-    }

-BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,

-			EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,

-			EVP_CIPHER_set_asn1_iv,

-			EVP_CIPHER_get_asn1_iv,

-			des3_ctrl)

-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher

-#define des_ede3_ofb_cipher des_ede_ofb_cipher

-#define des_ede3_cbc_cipher des_ede_cbc_cipher

-#define des_ede3_ecb_cipher des_ede_ecb_cipher

-BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,

-			EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,

-			EVP_CIPHER_set_asn1_iv,

-			EVP_CIPHER_get_asn1_iv,

-			des3_ctrl)

-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,

-		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,

-		     EVP_CIPHER_set_asn1_iv,

-		     EVP_CIPHER_get_asn1_iv,

-		     des3_ctrl)

-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,

-		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,

-		     EVP_CIPHER_set_asn1_iv,

-		     EVP_CIPHER_get_asn1_iv,

-		     des3_ctrl)

-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			    const unsigned char *iv, int enc)

-	{

-	DES_cblock *deskey = (DES_cblock *)key;

-#ifdef EVP_CHECK_DES_KEY

-	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)

-		!! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))

-		return 0;

-#else

-	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);

-	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);

-#endif

-	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,

-	       sizeof(data(ctx)->ks1));

-	return 1;

-	}

-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			     const unsigned char *iv, int enc)

-	{

-	DES_cblock *deskey = (DES_cblock *)key;

-#ifdef KSSL_DEBUG

-	{

-        int i;

-        printf("des_ede3_init_key(ctx=%lx)\n", ctx);

-	printf("\tKEY= ");

-        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");

-	printf("\t IV= ");

-        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");

-	}

-#endif	/* KSSL_DEBUG */

-#ifdef EVP_CHECK_DES_KEY

-	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)

-		|| DES_set_key_checked(&deskey[1],&data(ctx)->ks2)

-		|| DES_set_key_checked(&deskey[2],&data(ctx)->ks3))

-		return 0;

-#else

-	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);

-	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);

-	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);

-#endif

-	return 1;

-	}

-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

-	{

-	DES_cblock *deskey = ptr;

-	switch(type)

-		{

-	case EVP_CTRL_RAND_KEY:

-		if (RAND_bytes(ptr, c->key_len) <= 0)

-			return 0;

-		DES_set_odd_parity(deskey);

-		if (c->key_len >= 16)

-			DES_set_odd_parity(deskey + 1);

-		if (c->key_len >= 24)

-			DES_set_odd_parity(deskey + 2);

-		return 1;

-	default:

-		return -1;

-		}

-	}

-const EVP_CIPHER *EVP_des_ede(void)

-{

-	return &des_ede_ecb;

-}

-const EVP_CIPHER *EVP_des_ede3(void)

-{

-	return &des_ede3_ecb;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_dsa.c

+++ /dev/null

@@ -1,71 +1,0 @@

-/* crypto/evp/e_dsa.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-static EVP_PKEY_METHOD dss_method=

-	{

-	DSA_sign,

-	DSA_verify,

-	{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},

-	};

--- a/sys/src/ape/lib/openssl/crypto/evp/e_idea.c

+++ /dev/null

@@ -1,118 +1,0 @@

-/* crypto/evp/e_idea.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_IDEA

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include "evp_locl.h"

-#include <openssl/idea.h>

-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			 const unsigned char *iv,int enc);

-/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special

- * case

- */

-static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			   const unsigned char *in, unsigned int inl)

-{

-	BLOCK_CIPHER_ecb_loop()

-		idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);

-	return 1;

-}

-/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */

-typedef struct

-	{

-	IDEA_KEY_SCHEDULE ks;

-	} EVP_IDEA_KEY;

-BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)

-BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)

-BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)

-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,

-			0, idea_init_key, NULL,

-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			 const unsigned char *iv, int enc)

-	{

-	if(!enc) {

-		if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;

-		else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;

-	}

-	if (enc) idea_set_encrypt_key(key,ctx->cipher_data);

-	else

-		{

-		IDEA_KEY_SCHEDULE tmp;

-		idea_set_encrypt_key(key,&tmp);

-		idea_set_decrypt_key(&tmp,ctx->cipher_data);

-		OPENSSL_cleanse((unsigned char *)&tmp,

-				sizeof(IDEA_KEY_SCHEDULE));

-		}

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_null.c

+++ /dev/null

@@ -1,102 +1,0 @@

-/* crypto/evp/e_null.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv,int enc);

-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl);

-static const EVP_CIPHER n_cipher=

-	{

-	NID_undef,

-	1,0,0,

-	0,

-	null_init_key,

-	null_cipher,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-const EVP_CIPHER *EVP_enc_null(void)

-	{

-	return(&n_cipher);

-	}

-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	     const unsigned char *iv, int enc)

-	{

-	/*	memset(&(ctx->c),0,sizeof(ctx->c));*/

-	return 1;

-	}

-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	     const unsigned char *in, unsigned int inl)

-	{

-	if (in != out)

-		memcpy((char *)out,(const char *)in,(size_t)inl);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/e_old.c

+++ /dev/null

@@ -1,125 +1,0 @@

-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifdef OPENSSL_NO_DEPRECATED

-static void *dummy = &dummy;

-#else

-#include <openssl/evp.h>

-/* Define some deprecated functions, so older programs

-   don't crash and burn too quickly.  On Windows and VMS,

-   these will never be used, since functions and variables

-   in shared libraries are selected by entry point location,

-   not by name.  */

-#ifndef OPENSSL_NO_BF

-#undef EVP_bf_cfb

-const EVP_CIPHER *EVP_bf_cfb(void);

-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }

-#endif

-#ifndef OPENSSL_NO_DES

-#undef EVP_des_cfb

-const EVP_CIPHER *EVP_des_cfb(void);

-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }

-#undef EVP_des_ede3_cfb

-const EVP_CIPHER *EVP_des_ede3_cfb(void);

-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }

-#undef EVP_des_ede_cfb

-const EVP_CIPHER *EVP_des_ede_cfb(void);

-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }

-#endif

-#ifndef OPENSSL_NO_IDEA

-#undef EVP_idea_cfb

-const EVP_CIPHER *EVP_idea_cfb(void);

-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }

-#endif

-#ifndef OPENSSL_NO_RC2

-#undef EVP_rc2_cfb

-const EVP_CIPHER *EVP_rc2_cfb(void);

-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }

-#endif

-#ifndef OPENSSL_NO_CAST

-#undef EVP_cast5_cfb

-const EVP_CIPHER *EVP_cast5_cfb(void);

-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }

-#endif

-#ifndef OPENSSL_NO_RC5

-#undef EVP_rc5_32_12_16_cfb

-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);

-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }

-#endif

-#ifndef OPENSSL_NO_AES

-#undef EVP_aes_128_cfb

-const EVP_CIPHER *EVP_aes_128_cfb(void);

-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }

-#undef EVP_aes_192_cfb

-const EVP_CIPHER *EVP_aes_192_cfb(void);

-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }

-#undef EVP_aes_256_cfb

-const EVP_CIPHER *EVP_aes_256_cfb(void);

-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_rc2.c

+++ /dev/null

@@ -1,232 +1,0 @@

-/* crypto/evp/e_rc2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_RC2

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include "evp_locl.h"

-#include <openssl/rc2.h>

-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv,int enc);

-static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);

-static int rc2_magic_to_meth(int i);

-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);

-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);

-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);

-typedef struct

-	{

-	int key_bits;	/* effective key bits */

-	RC2_KEY ks;	/* key schedule */

-	} EVP_RC2_KEY;

-#define data(ctx)	((EVP_RC2_KEY *)(ctx)->cipher_data)

-IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,

-			8,

-			RC2_KEY_LENGTH, 8, 64,

-			EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,

-			rc2_init_key, NULL,

-			rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,

-			rc2_ctrl)

-#define RC2_40_MAGIC	0xa0

-#define RC2_64_MAGIC	0x78

-#define RC2_128_MAGIC	0x3a

-static const EVP_CIPHER r2_64_cbc_cipher=

-	{

-	NID_rc2_64_cbc,

-	8,8 /* 64 bit */,8,

-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,

-	rc2_init_key,

-	rc2_cbc_cipher,

-	NULL,

-	sizeof(EVP_RC2_KEY),

-	rc2_set_asn1_type_and_iv,

-	rc2_get_asn1_type_and_iv,

-	rc2_ctrl,

-	NULL

-	};

-static const EVP_CIPHER r2_40_cbc_cipher=

-	{

-	NID_rc2_40_cbc,

-	8,5 /* 40 bit */,8,

-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,

-	rc2_init_key,

-	rc2_cbc_cipher,

-	NULL,

-	sizeof(EVP_RC2_KEY),

-	rc2_set_asn1_type_and_iv,

-	rc2_get_asn1_type_and_iv,

-	rc2_ctrl,

-	NULL

-	};

-const EVP_CIPHER *EVP_rc2_64_cbc(void)

-	{

-	return(&r2_64_cbc_cipher);

-	}

-const EVP_CIPHER *EVP_rc2_40_cbc(void)

-	{

-	return(&r2_40_cbc_cipher);

-	}

-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv, int enc)

-	{

-	RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),

-		    key,data(ctx)->key_bits);

-	return 1;

-	}

-static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)

-	{

-	int i;

-	EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);

-	if 	(i == 128) return(RC2_128_MAGIC);

-	else if (i == 64)  return(RC2_64_MAGIC);

-	else if (i == 40)  return(RC2_40_MAGIC);

-	else return(0);

-	}

-static int rc2_magic_to_meth(int i)

-	{

-	if      (i == RC2_128_MAGIC) return 128;

-	else if (i == RC2_64_MAGIC)  return 64;

-	else if (i == RC2_40_MAGIC)  return 40;

-	else

-		{

-		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);

-		return(0);

-		}

-	}

-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

-	{

-	long num=0;

-	int i=0;

-	int key_bits;

-	unsigned int l;

-	unsigned char iv[EVP_MAX_IV_LENGTH];

-	if (type != NULL)

-		{

-		l=EVP_CIPHER_CTX_iv_length(c);

-		OPENSSL_assert(l <= sizeof(iv));

-		i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);

-		if (i != (int)l)

-			return(-1);

-		key_bits =rc2_magic_to_meth((int)num);

-		if (!key_bits)

-			return(-1);

-		if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);

-		EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);

-		EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);

-		}

-	return(i);

-	}

-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

-	{

-	long num;

-	int i=0,j;

-	if (type != NULL)

-		{

-		num=rc2_meth_to_magic(c);

-		j=EVP_CIPHER_CTX_iv_length(c);

-		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);

-		}

-	return(i);

-	}

-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

-	{

-	switch(type)

-		{

-	case EVP_CTRL_INIT:

-		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;

-		return 1;

-	case EVP_CTRL_GET_RC2_KEY_BITS:

-		*(int *)ptr = data(c)->key_bits;

-		return 1;

-	case EVP_CTRL_SET_RC2_KEY_BITS:

-		if(arg > 0)

-			{

-			data(c)->key_bits = arg;

-			return 1;

-			}

-		return 0;

-	default:

-		return -1;

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_rc4.c

+++ /dev/null

@@ -1,136 +1,0 @@

-/* crypto/evp/e_rc4.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_RC4

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/rc4.h>

-/* FIXME: surely this is available elsewhere? */

-#define EVP_RC4_KEY_SIZE		16

-typedef struct

-    {

-    RC4_KEY ks;	/* working key */

-    } EVP_RC4_KEY;

-#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)

-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv,int enc);

-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		      const unsigned char *in, unsigned int inl);

-static const EVP_CIPHER r4_cipher=

-	{

-	NID_rc4,

-	1,EVP_RC4_KEY_SIZE,0,

-	EVP_CIPH_VARIABLE_LENGTH,

-	rc4_init_key,

-	rc4_cipher,

-	NULL,

-	sizeof(EVP_RC4_KEY),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-static const EVP_CIPHER r4_40_cipher=

-	{

-	NID_rc4_40,

-	1,5 /* 40 bit */,0,

-	EVP_CIPH_VARIABLE_LENGTH,

-	rc4_init_key,

-	rc4_cipher,

-	NULL,

-	sizeof(EVP_RC4_KEY),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-const EVP_CIPHER *EVP_rc4(void)

-	{

-	return(&r4_cipher);

-	}

-const EVP_CIPHER *EVP_rc4_40(void)

-	{

-	return(&r4_40_cipher);

-	}

-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			const unsigned char *iv, int enc)

-	{

-	RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),

-		    key);

-	return 1;

-	}

-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		      const unsigned char *in, unsigned int inl)

-	{

-	RC4(&data(ctx)->ks,inl,in,out);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_rc5.c

+++ /dev/null

@@ -1,126 +1,0 @@

-/* crypto/evp/e_rc5.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_RC5

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include "evp_locl.h"

-#include <openssl/rc5.h>

-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			       const unsigned char *iv,int enc);

-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);

-typedef struct

-	{

-	int rounds;	/* number of rounds */

-	RC5_32_KEY ks;	/* key schedule */

-	} EVP_RC5_KEY;

-#define data(ctx)	EVP_C_DATA(EVP_RC5_KEY,ctx)

-IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,

-		       8, RC5_32_KEY_LENGTH, 8, 64,

-		       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,

-		       r_32_12_16_init_key, NULL,

-		       NULL, NULL, rc5_ctrl)

-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

-	{

-	switch(type)

-		{

-	case EVP_CTRL_INIT:

-		data(c)->rounds = RC5_12_ROUNDS;

-		return 1;

-	case EVP_CTRL_GET_RC5_ROUNDS:

-		*(int *)ptr = data(c)->rounds;

-		return 1;

-	case EVP_CTRL_SET_RC5_ROUNDS:

-		switch(arg)

-			{

-		case RC5_8_ROUNDS:

-		case RC5_12_ROUNDS:

-		case RC5_16_ROUNDS:

-			data(c)->rounds = arg;

-			return 1;

-		default:

-			EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);

-			return 0;

-			}

-	default:

-		return -1;

-		}

-	}

-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			       const unsigned char *iv, int enc)

-	{

-	RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),

-		       key,data(ctx)->rounds);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_seed.c

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#include <openssl/evp.h>

-#include <openssl/err.h>

-#include <string.h>

-#include <assert.h>

-#ifndef OPENSSL_NO_SEED

-#include <openssl/seed.h>

-#include "evp_locl.h"

-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,	const unsigned char *iv, int enc);

-typedef struct

-	{

-	SEED_KEY_SCHEDULE ks;

-	} EVP_SEED_KEY;

-IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,

-                       16, 16, 16, 128,

-                       0, seed_init_key, 0, 0, 0, 0)

-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-                         const unsigned char *iv, int enc)

-	{

-	SEED_set_key(key, ctx->cipher_data);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/e_xcbc_d.c

+++ /dev/null

@@ -1,125 +1,0 @@

-/* crypto/evp/e_xcbc_d.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_DES

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/des.h>

-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			     const unsigned char *iv,int enc);

-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			   const unsigned char *in, unsigned int inl);

-typedef struct

-    {

-    DES_key_schedule ks;/* key schedule */

-    DES_cblock inw;

-    DES_cblock outw;

-    } DESX_CBC_KEY;

-#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)

-static const EVP_CIPHER d_xcbc_cipher=

-	{

-	NID_desx_cbc,

-	8,24,8,

-	EVP_CIPH_CBC_MODE,

-	desx_cbc_init_key,

-	desx_cbc_cipher,

-	NULL,

-	sizeof(DESX_CBC_KEY),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL,

-	NULL

-	};

-const EVP_CIPHER *EVP_desx_cbc(void)

-	{

-	return(&d_xcbc_cipher);

-	}

-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-			     const unsigned char *iv, int enc)

-	{

-	DES_cblock *deskey = (DES_cblock *)key;

-	DES_set_key_unchecked(deskey,&data(ctx)->ks);

-	memcpy(&data(ctx)->inw[0],&key[8],8);

-	memcpy(&data(ctx)->outw[0],&key[16],8);

-	return 1;

-	}

-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			   const unsigned char *in, unsigned int inl)

-	{

-	DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,

-			 (DES_cblock *)&(ctx->iv[0]),

-			 &data(ctx)->inw,

-			 &data(ctx)->outw,

-			 ctx->encrypt);

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/encode.c

+++ /dev/null

@@ -1,446 +1,0 @@

-/* crypto/evp/encode.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#ifndef CHARSET_EBCDIC

-#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])

-#define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])

-#else

-/* We assume that PEM encoded files are EBCDIC files

- * (i.e., printable text files). Convert them here while decoding.

- * When encoding, output is EBCDIC (text) format again.

- * (No need for conversion in the conv_bin2ascii macro, as the

- * underlying textstring data_bin2ascii[] is already EBCDIC)

- */

-#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])

-#define conv_ascii2bin(a)	(data_ascii2bin[os_toascii[a]&0x7f])

-#endif

-/* 64 char lines

- * pad input with 0

- * left over chars are set to =

- * 1 byte  => xx==

- * 2 bytes => xxx=

- * 3 bytes => xxxx

- */

-#define BIN_PER_LINE    (64/4*3)

-#define CHUNKS_PER_LINE (64/4)

-#define CHAR_PER_LINE   (64+1)

-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\

-abcdefghijklmnopqrstuvwxyz0123456789+/";

-/* 0xF0 is a EOLN

- * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).

- * 0xF2 is EOF

- * 0xE0 is ignore at start of line.

- * 0xFF is error

- */

-#define B64_EOLN		0xF0

-#define B64_CR			0xF1

-#define B64_EOF			0xF2

-#define B64_WS			0xE0

-#define B64_ERROR       	0xFF

-#define B64_NOT_BASE64(a)	(((a)|0x13) == 0xF3)

-static unsigned char data_ascii2bin[128]={

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,

-	0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,

-	0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,

-	0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,

-	0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,

-	0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,

-	0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,

-	0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,

-	0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,

-	0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,

-	0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,

-	};

-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)

-	{

-	ctx->length=48;

-	ctx->num=0;

-	ctx->line_num=0;

-	}

-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,

-	     const unsigned char *in, int inl)

-	{

-	int i,j;

-	unsigned int total=0;

-	*outl=0;

-	if (inl == 0) return;

-	OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));

-	if ((ctx->num+inl) < ctx->length)

-		{

-		memcpy(&(ctx->enc_data[ctx->num]),in,inl);

-		ctx->num+=inl;

-		return;

-		}

-	if (ctx->num != 0)

-		{

-		i=ctx->length-ctx->num;

-		memcpy(&(ctx->enc_data[ctx->num]),in,i);

-		in+=i;

-		inl-=i;

-		j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);

-		ctx->num=0;

-		out+=j;

-		*(out++)='\n';

-		*out='\0';

-		total=j+1;

-		}

-	while (inl >= ctx->length)

-		{

-		j=EVP_EncodeBlock(out,in,ctx->length);

-		in+=ctx->length;

-		inl-=ctx->length;

-		out+=j;

-		*(out++)='\n';

-		*out='\0';

-		total+=j+1;

-		}

-	if (inl != 0)

-		memcpy(&(ctx->enc_data[0]),in,inl);

-	ctx->num=inl;

-	*outl=total;

-	}

-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)

-	{

-	unsigned int ret=0;

-	if (ctx->num != 0)

-		{

-		ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);

-		out[ret++]='\n';

-		out[ret]='\0';

-		ctx->num=0;

-		}

-	*outl=ret;

-	}

-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)

-	{

-	int i,ret=0;

-	unsigned long l;

-	for (i=dlen; i > 0; i-=3)

-		{

-		if (i >= 3)

-			{

-			l=	(((unsigned long)f[0])<<16L)|

-				(((unsigned long)f[1])<< 8L)|f[2];

-			*(t++)=conv_bin2ascii(l>>18L);

-			*(t++)=conv_bin2ascii(l>>12L);

-			*(t++)=conv_bin2ascii(l>> 6L);

-			*(t++)=conv_bin2ascii(l     );

-			}

-		else

-			{

-			l=((unsigned long)f[0])<<16L;

-			if (i == 2) l|=((unsigned long)f[1]<<8L);

-			*(t++)=conv_bin2ascii(l>>18L);

-			*(t++)=conv_bin2ascii(l>>12L);

-			*(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);

-			*(t++)='=';

-			}

-		ret+=4;

-		f+=3;

-		}

-	*t='\0';

-	return(ret);

-	}

-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)

-	{

-	ctx->length=30;

-	ctx->num=0;

-	ctx->line_num=0;

-	ctx->expect_nl=0;

-	}

-/* -1 for error

- *  0 for last line

- *  1 for full line

- */

-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,

-	     const unsigned char *in, int inl)

-	{

-	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;

-	unsigned char *d;

-	n=ctx->num;

-	d=ctx->enc_data;

-	ln=ctx->line_num;

-	exp_nl=ctx->expect_nl;

-	/* last line of input. */

-	if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))

-		{ rv=0; goto end; }

-	/* We parse the input data */

-	for (i=0; i<inl; i++)

-		{

-		/* If the current line is > 80 characters, scream alot */

-		if (ln >= 80) { rv= -1; goto end; }

-		/* Get char and put it into the buffer */

-		tmp= *(in++);

-		v=conv_ascii2bin(tmp);

-		/* only save the good data :-) */

-		if (!B64_NOT_BASE64(v))

-			{

-			OPENSSL_assert(n < (int)sizeof(ctx->enc_data));

-			d[n++]=tmp;

-			ln++;

-			}

-		else if (v == B64_ERROR)

-			{

-			rv= -1;

-			goto end;

-			}

-		/* have we seen a '=' which is 'definitly' the last

-		 * input line.  seof will point to the character that

-		 * holds it. and eof will hold how many characters to

-		 * chop off. */

-		if (tmp == '=')

-			{

-			if (seof == -1) seof=n;

-			eof++;

-			}

-		if (v == B64_CR)

-			{

-			ln = 0;

-			if (exp_nl)

-				continue;

-			}

-		/* eoln */

-		if (v == B64_EOLN)

-			{

-			ln=0;

-			if (exp_nl)

-				{

-				exp_nl=0;

-				continue;

-				}

-			}

-		exp_nl=0;

-		/* If we are at the end of input and it looks like a

-		 * line, process it. */

-		if (((i+1) == inl) && (((n&3) == 0) || eof))

-			{

-			v=B64_EOF;

-			/* In case things were given us in really small

-			   records (so two '=' were given in separate

-			   updates), eof may contain the incorrect number

-			   of ending bytes to skip, so let's redo the count */

-			eof = 0;

-			if (d[n-1] == '=') eof++;

-			if (d[n-2] == '=') eof++;

-			/* There will never be more than two '=' */

-			}

-		if ((v == B64_EOF && (n&3) == 0) || (n >= 64))

-			{

-			/* This is needed to work correctly on 64 byte input

-			 * lines.  We process the line and then need to

-			 * accept the '\n' */

-			if ((v != B64_EOF) && (n >= 64)) exp_nl=1;

-			tmp2=v;

-			if (n > 0)

-				{

-				v=EVP_DecodeBlock(out,d,n);

-				n=0;

-				if (v < 0) { rv=0; goto end; }

-				ret+=(v-eof);

-				}

-			else

-				{

-				eof=1;

-				v=0;

-				}

-			/* This is the case where we have had a short

-			 * but valid input line */

-			if ((v < ctx->length) && eof)

-				{

-				rv=0;

-				goto end;

-				}

-			else

-				ctx->length=v;

-			if (seof >= 0) { rv=0; goto end; }

-			out+=v;

-			}

-		}

-	rv=1;

-end:

-	*outl=ret;

-	ctx->num=n;

-	ctx->line_num=ln;

-	ctx->expect_nl=exp_nl;

-	return(rv);

-	}

-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)

-	{

-	int i,ret=0,a,b,c,d;

-	unsigned long l;

-	/* trim white space from the start of the line. */

-	while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))

-		{

-		f++;

-		n--;

-		}

-	/* strip off stuff at the end of the line

-	 * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */

-	while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))

-		n--;

-	if (n%4 != 0) return(-1);

-	for (i=0; i<n; i+=4)

-		{

-		a=conv_ascii2bin(*(f++));

-		b=conv_ascii2bin(*(f++));

-		c=conv_ascii2bin(*(f++));

-		d=conv_ascii2bin(*(f++));

-		if (	(a & 0x80) || (b & 0x80) ||

-			(c & 0x80) || (d & 0x80))

-			return(-1);

-		l=(	(((unsigned long)a)<<18L)|

-			(((unsigned long)b)<<12L)|

-			(((unsigned long)c)<< 6L)|

-			(((unsigned long)d)     ));

-		*(t++)=(unsigned char)(l>>16L)&0xff;

-		*(t++)=(unsigned char)(l>> 8L)&0xff;

-		*(t++)=(unsigned char)(l     )&0xff;

-		ret+=3;

-		}

-	return(ret);

-	}

-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int i;

-	*outl=0;

-	if (ctx->num != 0)

-		{

-		i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);

-		if (i < 0) return(-1);

-		ctx->num=0;

-		*outl=i;

-		return(1);

-		}

-	else

-		return(1);

-	}

-#ifdef undef

-int EVP_DecodeValid(unsigned char *buf, int len)

-	{

-	int i,num=0,bad=0;

-	if (len == 0) return(-1);

-	while (conv_ascii2bin(*buf) == B64_WS)

-		{

-		buf++;

-		len--;

-		if (len == 0) return(-1);

-		}

-	for (i=len; i >= 4; i-=4)

-		{

-		if (	(conv_ascii2bin(buf[0]) >= 0x40) ||

-			(conv_ascii2bin(buf[1]) >= 0x40) ||

-			(conv_ascii2bin(buf[2]) >= 0x40) ||

-			(conv_ascii2bin(buf[3]) >= 0x40))

-			return(-1);

-		buf+=4;

-		num+=1+(buf[2] != '=')+(buf[3] != '=');

-		}

-	if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))

-		return(num);

-	if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&

-		(conv_ascii2bin(buf[0]) == B64_EOLN))

-		return(num);

-	return(1);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/evp.h

+++ /dev/null

@@ -1,979 +1,0 @@

-/* crypto/evp/evp.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_ENVELOPE_H

-#define HEADER_ENVELOPE_H

-#ifdef OPENSSL_ALGORITHM_DEFINES

-# include <openssl/opensslconf.h>

-#else

-# define OPENSSL_ALGORITHM_DEFINES

-# include <openssl/opensslconf.h>

-# undef OPENSSL_ALGORITHM_DEFINES

-#endif

-#include <openssl/ossl_typ.h>

-#include <openssl/symhacks.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-/*

-#define EVP_RC2_KEY_SIZE		16

-#define EVP_RC4_KEY_SIZE		16

-#define EVP_BLOWFISH_KEY_SIZE		16

-#define EVP_CAST5_KEY_SIZE		16

-#define EVP_RC5_32_12_16_KEY_SIZE	16

-*/

-#define EVP_MAX_MD_SIZE			64	/* longest known is SHA512 */

-#define EVP_MAX_KEY_LENGTH		32

-#define EVP_MAX_IV_LENGTH		16

-#define EVP_MAX_BLOCK_LENGTH		32

-#define PKCS5_SALT_LEN			8

-/* Default PKCS#5 iteration count */

-#define PKCS5_DEFAULT_ITER		2048

-#include <openssl/objects.h>

-#define EVP_PK_RSA	0x0001

-#define EVP_PK_DSA	0x0002

-#define EVP_PK_DH	0x0004

-#define EVP_PK_EC	0x0008

-#define EVP_PKT_SIGN	0x0010

-#define EVP_PKT_ENC	0x0020

-#define EVP_PKT_EXCH	0x0040

-#define EVP_PKS_RSA	0x0100

-#define EVP_PKS_DSA	0x0200

-#define EVP_PKS_EC	0x0400

-#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */

-#define EVP_PKEY_NONE	NID_undef

-#define EVP_PKEY_RSA	NID_rsaEncryption

-#define EVP_PKEY_RSA2	NID_rsa

-#define EVP_PKEY_DSA	NID_dsa

-#define EVP_PKEY_DSA1	NID_dsa_2

-#define EVP_PKEY_DSA2	NID_dsaWithSHA

-#define EVP_PKEY_DSA3	NID_dsaWithSHA1

-#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2

-#define EVP_PKEY_DH	NID_dhKeyAgreement

-#define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey

-#ifdef	__cplusplus

-extern "C" {

-#endif

-/* Type needs to be a bit field

- * Sub-type needs to be for variations on the method, as in, can it do

- * arbitrary encryption.... */

-struct evp_pkey_st

-	{

-	int type;

-	int save_type;

-	int references;

-	union	{

-		char *ptr;

-#ifndef OPENSSL_NO_RSA

-		struct rsa_st *rsa;	/* RSA */

-#endif

-#ifndef OPENSSL_NO_DSA

-		struct dsa_st *dsa;	/* DSA */

-#endif

-#ifndef OPENSSL_NO_DH

-		struct dh_st *dh;	/* DH */

-#endif

-#ifndef OPENSSL_NO_EC

-		struct ec_key_st *ec;	/* ECC */

-#endif

-		} pkey;

-	int save_parameters;

-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */

-	} /* EVP_PKEY */;

-#define EVP_PKEY_MO_SIGN	0x0001

-#define EVP_PKEY_MO_VERIFY	0x0002

-#define EVP_PKEY_MO_ENCRYPT	0x0004

-#define EVP_PKEY_MO_DECRYPT	0x0008

-#if 0

-/* This structure is required to tie the message digest and signing together.

- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or

- * oid, md and pkey.

- * This is required because for various smart-card perform the digest and

- * signing/verification on-board.  To handle this case, the specific

- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.

- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.

- * This can either be software or a token to provide the required low level

- * routines.

- */

-typedef struct evp_pkey_md_st

-	{

-	int oid;

-	EVP_MD *md;

-	EVP_PKEY_METHOD *pkey;

-	} EVP_PKEY_MD;

-#define EVP_rsa_md2() \

-		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_md2())

-#define EVP_rsa_md5() \

-		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_md5())

-#define EVP_rsa_sha0() \

-		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_sha())

-#define EVP_rsa_sha1() \

-		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\

-			EVP_rsa_pkcs1(),EVP_sha1())

-#define EVP_rsa_ripemd160() \

-		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\

-			EVP_rsa_pkcs1(),EVP_ripemd160())

-#define EVP_rsa_mdc2() \

-		EVP_PKEY_MD_add(NID_mdc2WithRSA,\

-			EVP_rsa_octet_string(),EVP_mdc2())

-#define EVP_dsa_sha() \

-		EVP_PKEY_MD_add(NID_dsaWithSHA,\

-			EVP_dsa(),EVP_sha())

-#define EVP_dsa_sha1() \

-		EVP_PKEY_MD_add(NID_dsaWithSHA1,\

-			EVP_dsa(),EVP_sha1())

-typedef struct evp_pkey_method_st

-	{

-	char *name;

-	int flags;

-	int type;		/* RSA, DSA, an SSLeay specific constant */

-	int oid;		/* For the pub-key type */

-	int encrypt_oid;	/* pub/priv key encryption */

-	int (*sign)();

-	int (*verify)();

-	struct	{

-		int (*set)();	/* get and/or set the underlying type */

-		int (*get)();

-		int (*encrypt)();

-		int (*decrypt)();

-		int (*i2d)();

-		int (*d2i)();

-		int (*dup)();

-		} pub,priv;

-	int (*set_asn1_parameters)();

-	int (*get_asn1_parameters)();

-	} EVP_PKEY_METHOD;

-#endif

-#ifndef EVP_MD

-struct env_md_st

-	{

-	int type;

-	int pkey_type;

-	int md_size;

-	unsigned long flags;

-	int (*init)(EVP_MD_CTX *ctx);

-	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);

-	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);

-	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);

-	int (*cleanup)(EVP_MD_CTX *ctx);

-	/* FIXME: prototype these some day */

-	int (*sign)(int type, const unsigned char *m, unsigned int m_length,

-		    unsigned char *sigret, unsigned int *siglen, void *key);

-	int (*verify)(int type, const unsigned char *m, unsigned int m_length,

-		      const unsigned char *sigbuf, unsigned int siglen,

-		      void *key);

-	int required_pkey_type[5]; /*EVP_PKEY_xxx */

-	int block_size;

-	int ctx_size; /* how big does the ctx->md_data need to be */

-	} /* EVP_MD */;

-typedef int evp_sign_method(int type,const unsigned char *m,

-			    unsigned int m_length,unsigned char *sigret,

-			    unsigned int *siglen, void *key);

-typedef int evp_verify_method(int type,const unsigned char *m,

-			    unsigned int m_length,const unsigned char *sigbuf,

-			    unsigned int siglen, void *key);

-#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single

-					* block */

-#define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}

-#ifndef OPENSSL_NO_DSA

-#define EVP_PKEY_DSA_method	(evp_sign_method *)DSA_sign, \

-				(evp_verify_method *)DSA_verify, \

-				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \

-					EVP_PKEY_DSA4,0}

-#else

-#define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \

-				(evp_verify_method *)ECDSA_verify, \

-                                 {EVP_PKEY_EC,0,0,0}

-#else

-#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method

-#endif

-#ifndef OPENSSL_NO_RSA

-#define EVP_PKEY_RSA_method	(evp_sign_method *)RSA_sign, \

-				(evp_verify_method *)RSA_verify, \

-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}

-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \

-				(evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \

-				(evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \

-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}

-#else

-#define EVP_PKEY_RSA_method	EVP_PKEY_NULL_method

-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method

-#endif

-#endif /* !EVP_MD */

-struct env_md_ctx_st

-	{

-	const EVP_MD *digest;

-	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */

-	unsigned long flags;

-	void *md_data;

-	} /* EVP_MD_CTX */;

-/* values for EVP_MD_CTX flags */

-#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called

-						* once only */

-#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been

-						* cleaned */

-#define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data

-						* in EVP_MD_CTX_cleanup */

-struct evp_cipher_st

-	{

-	int nid;

-	int block_size;

-	int key_len;		/* Default value for variable length ciphers */

-	int iv_len;

-	unsigned long flags;	/* Various flags */

-	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-		    const unsigned char *iv, int enc);	/* init key */

-	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,

-			 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */

-	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */

-	int ctx_size;		/* how big ctx->cipher_data needs to be */

-	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */

-	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */

-	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */

-	void *app_data;		/* Application data */

-	} /* EVP_CIPHER */;

-/* Values for cipher flags */

-/* Modes for ciphers */

-#define		EVP_CIPH_STREAM_CIPHER		0x0

-#define		EVP_CIPH_ECB_MODE		0x1

-#define		EVP_CIPH_CBC_MODE		0x2

-#define		EVP_CIPH_CFB_MODE		0x3

-#define		EVP_CIPH_OFB_MODE		0x4

-#define 	EVP_CIPH_MODE			0x7

-/* Set if variable length cipher */

-#define 	EVP_CIPH_VARIABLE_LENGTH	0x8

-/* Set if the iv handling should be done by the cipher itself */

-#define 	EVP_CIPH_CUSTOM_IV		0x10

-/* Set if the cipher's init() function should be called if key is NULL */

-#define 	EVP_CIPH_ALWAYS_CALL_INIT	0x20

-/* Call ctrl() to init cipher parameters */

-#define 	EVP_CIPH_CTRL_INIT		0x40

-/* Don't use standard key length function */

-#define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80

-/* Don't use standard block padding */

-#define 	EVP_CIPH_NO_PADDING		0x100

-/* cipher handles random key generation */

-#define 	EVP_CIPH_RAND_KEY		0x200

-/* ctrl() values */

-#define		EVP_CTRL_INIT			0x0

-#define 	EVP_CTRL_SET_KEY_LENGTH		0x1

-#define 	EVP_CTRL_GET_RC2_KEY_BITS	0x2

-#define 	EVP_CTRL_SET_RC2_KEY_BITS	0x3

-#define 	EVP_CTRL_GET_RC5_ROUNDS		0x4

-#define 	EVP_CTRL_SET_RC5_ROUNDS		0x5

-#define 	EVP_CTRL_RAND_KEY		0x6

-typedef struct evp_cipher_info_st

-	{

-	const EVP_CIPHER *cipher;

-	unsigned char iv[EVP_MAX_IV_LENGTH];

-	} EVP_CIPHER_INFO;

-struct evp_cipher_ctx_st

-	{

-	const EVP_CIPHER *cipher;

-	ENGINE *engine;	/* functional reference if 'cipher' is ENGINE-provided */

-	int encrypt;		/* encrypt or decrypt */

-	int buf_len;		/* number we have left */

-	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */

-	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */

-	unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */

-	int num;				/* used by cfb/ofb mode */

-	void *app_data;		/* application stuff */

-	int key_len;		/* May change for variable length cipher */

-	unsigned long flags;	/* Various flags */

-	void *cipher_data; /* per EVP data */

-	int final_used;

-	int block_mask;

-	unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */

-	} /* EVP_CIPHER_CTX */;

-typedef struct evp_Encode_Ctx_st

-	{

-	int num;	/* number saved in a partial encode/decode */

-	int length;	/* The length is either the output line length

-			 * (in input bytes) or the shortest input line

-			 * length that is ok.  Once decoding begins,

-			 * the length is adjusted up each time a longer

-			 * line is decoded */

-	unsigned char enc_data[80];	/* data to encode */

-	int line_num;	/* number read on current line */

-	int expect_nl;

-	} EVP_ENCODE_CTX;

-/* Password based encryption function */

-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-		ASN1_TYPE *param, const EVP_CIPHER *cipher,

-                const EVP_MD *md, int en_de);

-#ifndef OPENSSL_NO_RSA

-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\

-					(char *)(rsa))

-#endif

-#ifndef OPENSSL_NO_DSA

-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\

-					(char *)(dsa))

-#endif

-#ifndef OPENSSL_NO_DH

-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\

-					(char *)(dh))

-#endif

-#ifndef OPENSSL_NO_EC

-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\

-                                        (char *)(eckey))

-#endif

-/* Add some extra combinations */

-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))

-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))

-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))

-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))

-int EVP_MD_type(const EVP_MD *md);

-#define EVP_MD_nid(e)			EVP_MD_type(e)

-#define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))

-int EVP_MD_pkey_type(const EVP_MD *md);

-int EVP_MD_size(const EVP_MD *md);

-int EVP_MD_block_size(const EVP_MD *md);

-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);

-#define EVP_MD_CTX_size(e)		EVP_MD_size(EVP_MD_CTX_md(e))

-#define EVP_MD_CTX_block_size(e)	EVP_MD_block_size(EVP_MD_CTX_md(e))

-#define EVP_MD_CTX_type(e)		EVP_MD_type(EVP_MD_CTX_md(e))

-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);

-#define EVP_CIPHER_name(e)		OBJ_nid2sn(EVP_CIPHER_nid(e))

-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);

-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);

-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);

-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);

-#define EVP_CIPHER_mode(e)		(EVP_CIPHER_flags(e) & EVP_CIPH_MODE)

-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);

-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);

-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);

-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);

-#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))

-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);

-#define EVP_CIPHER_CTX_mode(e)		(EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)

-#define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)

-#define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)

-#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)

-#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)

-#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)

-#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)

-#define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)

-#define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)

-#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)

-#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)

-#ifdef CONST_STRICT

-void BIO_set_md(BIO *,const EVP_MD *md);

-#else

-# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)

-#endif

-#define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)

-#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)

-#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)

-#define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)

-#define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)

-int EVP_Cipher(EVP_CIPHER_CTX *c,

-		unsigned char *out,

-		const unsigned char *in,

-		unsigned int inl);

-#define EVP_add_cipher_alias(n,alias) \

-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))

-#define EVP_add_digest_alias(n,alias) \

-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))

-#define EVP_delete_cipher_alias(alias) \

-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);

-#define EVP_delete_digest_alias(alias) \

-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);

-void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);

-int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);

-EVP_MD_CTX *EVP_MD_CTX_create(void);

-void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);

-int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);

-void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);

-void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);

-int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);

-int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);

-int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,

-			 size_t cnt);

-int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);

-int	EVP_Digest(const void *data, size_t count,

-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);

-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);

-int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);

-int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);

-int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);

-void	EVP_set_pw_prompt(const char *prompt);

-char *	EVP_get_pw_prompt(void);

-int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,

-		const unsigned char *salt, const unsigned char *data,

-		int datal, int count, unsigned char *key,unsigned char *iv);

-int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		int *outl, const unsigned char *in, int inl);

-int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

-int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

-int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		const unsigned char *key, const unsigned char *iv);

-int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		int *outl, const unsigned char *in, int inl);

-int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,

-		       const unsigned char *key,const unsigned char *iv,

-		       int enc);

-int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		       const unsigned char *key,const unsigned char *iv,

-		       int enc);

-int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,

-		int *outl, const unsigned char *in, int inl);

-int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

-int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,

-		EVP_PKEY *pkey);

-int	EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,

-		unsigned int siglen,EVP_PKEY *pkey);

-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,

-		const unsigned char *ek, int ekl, const unsigned char *iv,

-		EVP_PKEY *priv);

-int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

-		 unsigned char **ek, int *ekl, unsigned char *iv,

-		EVP_PKEY **pubk, int npubk);

-int	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);

-void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);

-void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,

-		const unsigned char *in,int inl);

-void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);

-int	EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);

-void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);

-int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,

-		const unsigned char *in, int inl);

-int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned

-		char *out, int *outl);

-int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);

-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);

-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);

-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);

-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);

-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);

-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);

-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);

-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);

-#ifndef OPENSSL_NO_BIO

-BIO_METHOD *BIO_f_md(void);

-BIO_METHOD *BIO_f_base64(void);

-BIO_METHOD *BIO_f_cipher(void);

-BIO_METHOD *BIO_f_reliable(void);

-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,

-		const unsigned char *i, int enc);

-#endif

-const EVP_MD *EVP_md_null(void);

-#ifndef OPENSSL_NO_MD2

-const EVP_MD *EVP_md2(void);

-#endif

-#ifndef OPENSSL_NO_MD4

-const EVP_MD *EVP_md4(void);

-#endif

-#ifndef OPENSSL_NO_MD5

-const EVP_MD *EVP_md5(void);

-#endif

-#ifndef OPENSSL_NO_SHA

-const EVP_MD *EVP_sha(void);

-const EVP_MD *EVP_sha1(void);

-const EVP_MD *EVP_dss(void);

-const EVP_MD *EVP_dss1(void);

-const EVP_MD *EVP_ecdsa(void);

-#endif

-#ifndef OPENSSL_NO_SHA256

-const EVP_MD *EVP_sha224(void);

-const EVP_MD *EVP_sha256(void);

-#endif

-#ifndef OPENSSL_NO_SHA512

-const EVP_MD *EVP_sha384(void);

-const EVP_MD *EVP_sha512(void);

-#endif

-#ifndef OPENSSL_NO_MDC2

-const EVP_MD *EVP_mdc2(void);

-#endif

-#ifndef OPENSSL_NO_RIPEMD

-const EVP_MD *EVP_ripemd160(void);

-#endif

-const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */

-#ifndef OPENSSL_NO_DES

-const EVP_CIPHER *EVP_des_ecb(void);

-const EVP_CIPHER *EVP_des_ede(void);

-const EVP_CIPHER *EVP_des_ede3(void);

-const EVP_CIPHER *EVP_des_ede_ecb(void);

-const EVP_CIPHER *EVP_des_ede3_ecb(void);

-const EVP_CIPHER *EVP_des_cfb64(void);

-# define EVP_des_cfb EVP_des_cfb64

-const EVP_CIPHER *EVP_des_cfb1(void);

-const EVP_CIPHER *EVP_des_cfb8(void);

-const EVP_CIPHER *EVP_des_ede_cfb64(void);

-# define EVP_des_ede_cfb EVP_des_ede_cfb64

-#if 0

-const EVP_CIPHER *EVP_des_ede_cfb1(void);

-const EVP_CIPHER *EVP_des_ede_cfb8(void);

-#endif

-const EVP_CIPHER *EVP_des_ede3_cfb64(void);

-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64

-const EVP_CIPHER *EVP_des_ede3_cfb1(void);

-const EVP_CIPHER *EVP_des_ede3_cfb8(void);

-const EVP_CIPHER *EVP_des_ofb(void);

-const EVP_CIPHER *EVP_des_ede_ofb(void);

-const EVP_CIPHER *EVP_des_ede3_ofb(void);

-const EVP_CIPHER *EVP_des_cbc(void);

-const EVP_CIPHER *EVP_des_ede_cbc(void);

-const EVP_CIPHER *EVP_des_ede3_cbc(void);

-const EVP_CIPHER *EVP_desx_cbc(void);

-/* This should now be supported through the dev_crypto ENGINE. But also, why are

- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */

-#if 0

-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO

-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);

-const EVP_CIPHER *EVP_dev_crypto_rc4(void);

-const EVP_MD *EVP_dev_crypto_md5(void);

-# endif

-#endif

-#endif

-#ifndef OPENSSL_NO_RC4

-const EVP_CIPHER *EVP_rc4(void);

-const EVP_CIPHER *EVP_rc4_40(void);

-#endif

-#ifndef OPENSSL_NO_IDEA

-const EVP_CIPHER *EVP_idea_ecb(void);

-const EVP_CIPHER *EVP_idea_cfb64(void);

-# define EVP_idea_cfb EVP_idea_cfb64

-const EVP_CIPHER *EVP_idea_ofb(void);

-const EVP_CIPHER *EVP_idea_cbc(void);

-#endif

-#ifndef OPENSSL_NO_RC2

-const EVP_CIPHER *EVP_rc2_ecb(void);

-const EVP_CIPHER *EVP_rc2_cbc(void);

-const EVP_CIPHER *EVP_rc2_40_cbc(void);

-const EVP_CIPHER *EVP_rc2_64_cbc(void);

-const EVP_CIPHER *EVP_rc2_cfb64(void);

-# define EVP_rc2_cfb EVP_rc2_cfb64

-const EVP_CIPHER *EVP_rc2_ofb(void);

-#endif

-#ifndef OPENSSL_NO_BF

-const EVP_CIPHER *EVP_bf_ecb(void);

-const EVP_CIPHER *EVP_bf_cbc(void);

-const EVP_CIPHER *EVP_bf_cfb64(void);

-# define EVP_bf_cfb EVP_bf_cfb64

-const EVP_CIPHER *EVP_bf_ofb(void);

-#endif

-#ifndef OPENSSL_NO_CAST

-const EVP_CIPHER *EVP_cast5_ecb(void);

-const EVP_CIPHER *EVP_cast5_cbc(void);

-const EVP_CIPHER *EVP_cast5_cfb64(void);

-# define EVP_cast5_cfb EVP_cast5_cfb64

-const EVP_CIPHER *EVP_cast5_ofb(void);

-#endif

-#ifndef OPENSSL_NO_RC5

-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);

-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);

-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);

-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64

-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);

-#endif

-#ifndef OPENSSL_NO_AES

-const EVP_CIPHER *EVP_aes_128_ecb(void);

-const EVP_CIPHER *EVP_aes_128_cbc(void);

-const EVP_CIPHER *EVP_aes_128_cfb1(void);

-const EVP_CIPHER *EVP_aes_128_cfb8(void);

-const EVP_CIPHER *EVP_aes_128_cfb128(void);

-# define EVP_aes_128_cfb EVP_aes_128_cfb128

-const EVP_CIPHER *EVP_aes_128_ofb(void);

-#if 0

-const EVP_CIPHER *EVP_aes_128_ctr(void);

-#endif

-const EVP_CIPHER *EVP_aes_192_ecb(void);

-const EVP_CIPHER *EVP_aes_192_cbc(void);

-const EVP_CIPHER *EVP_aes_192_cfb1(void);

-const EVP_CIPHER *EVP_aes_192_cfb8(void);

-const EVP_CIPHER *EVP_aes_192_cfb128(void);

-# define EVP_aes_192_cfb EVP_aes_192_cfb128

-const EVP_CIPHER *EVP_aes_192_ofb(void);

-#if 0

-const EVP_CIPHER *EVP_aes_192_ctr(void);

-#endif

-const EVP_CIPHER *EVP_aes_256_ecb(void);

-const EVP_CIPHER *EVP_aes_256_cbc(void);

-const EVP_CIPHER *EVP_aes_256_cfb1(void);

-const EVP_CIPHER *EVP_aes_256_cfb8(void);

-const EVP_CIPHER *EVP_aes_256_cfb128(void);

-# define EVP_aes_256_cfb EVP_aes_256_cfb128

-const EVP_CIPHER *EVP_aes_256_ofb(void);

-#if 0

-const EVP_CIPHER *EVP_aes_256_ctr(void);

-#endif

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-const EVP_CIPHER *EVP_camellia_128_ecb(void);

-const EVP_CIPHER *EVP_camellia_128_cbc(void);

-const EVP_CIPHER *EVP_camellia_128_cfb1(void);

-const EVP_CIPHER *EVP_camellia_128_cfb8(void);

-const EVP_CIPHER *EVP_camellia_128_cfb128(void);

-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128

-const EVP_CIPHER *EVP_camellia_128_ofb(void);

-const EVP_CIPHER *EVP_camellia_192_ecb(void);

-const EVP_CIPHER *EVP_camellia_192_cbc(void);

-const EVP_CIPHER *EVP_camellia_192_cfb1(void);

-const EVP_CIPHER *EVP_camellia_192_cfb8(void);

-const EVP_CIPHER *EVP_camellia_192_cfb128(void);

-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128

-const EVP_CIPHER *EVP_camellia_192_ofb(void);

-const EVP_CIPHER *EVP_camellia_256_ecb(void);

-const EVP_CIPHER *EVP_camellia_256_cbc(void);

-const EVP_CIPHER *EVP_camellia_256_cfb1(void);

-const EVP_CIPHER *EVP_camellia_256_cfb8(void);

-const EVP_CIPHER *EVP_camellia_256_cfb128(void);

-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128

-const EVP_CIPHER *EVP_camellia_256_ofb(void);

-#endif

-#ifndef OPENSSL_NO_SEED

-const EVP_CIPHER *EVP_seed_ecb(void);

-const EVP_CIPHER *EVP_seed_cbc(void);

-const EVP_CIPHER *EVP_seed_cfb128(void);

-# define EVP_seed_cfb EVP_seed_cfb128

-const EVP_CIPHER *EVP_seed_ofb(void);

-#endif

-void OPENSSL_add_all_algorithms_noconf(void);

-void OPENSSL_add_all_algorithms_conf(void);

-#ifdef OPENSSL_LOAD_CONF

-#define OpenSSL_add_all_algorithms() \

-		OPENSSL_add_all_algorithms_conf()

-#else

-#define OpenSSL_add_all_algorithms() \

-		OPENSSL_add_all_algorithms_noconf()

-#endif

-void OpenSSL_add_all_ciphers(void);

-void OpenSSL_add_all_digests(void);

-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()

-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()

-#define SSLeay_add_all_digests() OpenSSL_add_all_digests()

-int EVP_add_cipher(const EVP_CIPHER *cipher);

-int EVP_add_digest(const EVP_MD *digest);

-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);

-const EVP_MD *EVP_get_digestbyname(const char *name);

-void EVP_cleanup(void);

-int		EVP_PKEY_decrypt(unsigned char *dec_key,

-			const unsigned char *enc_key,int enc_key_len,

-			EVP_PKEY *private_key);

-int		EVP_PKEY_encrypt(unsigned char *enc_key,

-			const unsigned char *key,int key_len,

-			EVP_PKEY *pub_key);

-int		EVP_PKEY_type(int type);

-int		EVP_PKEY_bits(EVP_PKEY *pkey);

-int		EVP_PKEY_size(EVP_PKEY *pkey);

-int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);

-#ifndef OPENSSL_NO_RSA

-struct rsa_st;

-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);

-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_DSA

-struct dsa_st;

-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);

-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_DH

-struct dh_st;

-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);

-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_EC

-struct ec_key_st;

-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);

-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);

-#endif

-EVP_PKEY *	EVP_PKEY_new(void);

-void		EVP_PKEY_free(EVP_PKEY *pkey);

-EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,

-			long length);

-int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);

-EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,

-			long length);

-EVP_PKEY *	d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,

-			long length);

-int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);

-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);

-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);

-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);

-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);

-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);

-int EVP_CIPHER_type(const EVP_CIPHER *ctx);

-/* calls methods */

-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);

-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);

-/* These are used by EVP_CIPHER methods */

-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);

-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);

-/* PKCS5 password based encryption */

-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,

-			 int en_de);

-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,

-			   const unsigned char *salt, int saltlen, int iter,

-			   int keylen, unsigned char *out);

-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,

-			 int en_de);

-void PKCS5_PBE_add(void);

-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,

-	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);

-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,

-		    EVP_PBE_KEYGEN *keygen);

-void EVP_PBE_cleanup(void);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_EVP_strings(void);

-/* Error codes for the EVP functions. */

-/* Function codes. */

-#define EVP_F_AES_INIT_KEY				 133

-#define EVP_F_CAMELLIA_INIT_KEY				 159

-#define EVP_F_D2I_PKEY					 100

-#define EVP_F_DSAPKEY2PKCS8				 134

-#define EVP_F_DSA_PKEY2PKCS8				 135

-#define EVP_F_ECDSA_PKEY2PKCS8				 129

-#define EVP_F_ECKEY_PKEY2PKCS8				 132

-#define EVP_F_EVP_CIPHERINIT_EX				 123

-#define EVP_F_EVP_CIPHER_CTX_CTRL			 124

-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122

-#define EVP_F_EVP_DECRYPTFINAL_EX			 101

-#define EVP_F_EVP_DIGESTINIT_EX				 128

-#define EVP_F_EVP_ENCRYPTFINAL_EX			 127

-#define EVP_F_EVP_MD_CTX_COPY_EX			 110

-#define EVP_F_EVP_OPENINIT				 102

-#define EVP_F_EVP_PBE_ALG_ADD				 115

-#define EVP_F_EVP_PBE_CIPHERINIT			 116

-#define EVP_F_EVP_PKCS82PKEY				 111

-#define EVP_F_EVP_PKEY2PKCS8_BROKEN			 113

-#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103

-#define EVP_F_EVP_PKEY_DECRYPT				 104

-#define EVP_F_EVP_PKEY_ENCRYPT				 105

-#define EVP_F_EVP_PKEY_GET1_DH				 119

-#define EVP_F_EVP_PKEY_GET1_DSA				 120

-#define EVP_F_EVP_PKEY_GET1_ECDSA			 130

-#define EVP_F_EVP_PKEY_GET1_EC_KEY			 131

-#define EVP_F_EVP_PKEY_GET1_RSA				 121

-#define EVP_F_EVP_PKEY_NEW				 106

-#define EVP_F_EVP_RIJNDAEL				 126

-#define EVP_F_EVP_SIGNFINAL				 107

-#define EVP_F_EVP_VERIFYFINAL				 108

-#define EVP_F_PKCS5_PBE_KEYIVGEN			 117

-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118

-#define EVP_F_PKCS8_SET_BROKEN				 112

-#define EVP_F_RC2_MAGIC_TO_METH				 109

-#define EVP_F_RC5_CTRL					 125

-/* Reason codes. */

-#define EVP_R_AES_KEY_SETUP_FAILED			 143

-#define EVP_R_ASN1_LIB					 140

-#define EVP_R_BAD_BLOCK_LENGTH				 136

-#define EVP_R_BAD_DECRYPT				 100

-#define EVP_R_BAD_KEY_LENGTH				 137

-#define EVP_R_BN_DECODE_ERROR				 112

-#define EVP_R_BN_PUBKEY_ERROR				 113

-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED			 157

-#define EVP_R_CIPHER_PARAMETER_ERROR			 122

-#define EVP_R_CTRL_NOT_IMPLEMENTED			 132

-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED		 133

-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138

-#define EVP_R_DECODE_ERROR				 114

-#define EVP_R_DIFFERENT_KEY_TYPES			 101

-#define EVP_R_ENCODE_ERROR				 115

-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119

-#define EVP_R_EXPECTING_AN_RSA_KEY			 127

-#define EVP_R_EXPECTING_A_DH_KEY			 128

-#define EVP_R_EXPECTING_A_DSA_KEY			 129

-#define EVP_R_EXPECTING_A_ECDSA_KEY			 141

-#define EVP_R_EXPECTING_A_EC_KEY			 142

-#define EVP_R_INITIALIZATION_ERROR			 134

-#define EVP_R_INPUT_NOT_INITIALIZED			 111

-#define EVP_R_INVALID_KEY_LENGTH			 130

-#define EVP_R_IV_TOO_LARGE				 102

-#define EVP_R_KEYGEN_FAILURE				 120

-#define EVP_R_MISSING_PARAMETERS			 103

-#define EVP_R_NO_CIPHER_SET				 131

-#define EVP_R_NO_DIGEST_SET				 139

-#define EVP_R_NO_DSA_PARAMETERS				 116

-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104

-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105

-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117

-#define EVP_R_PUBLIC_KEY_NOT_RSA			 106

-#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121

-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135

-#define EVP_R_UNSUPPORTED_CIPHER			 107

-#define EVP_R_UNSUPPORTED_KEYLENGTH			 123

-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124

-#define EVP_R_UNSUPPORTED_KEY_SIZE			 108

-#define EVP_R_UNSUPPORTED_PRF				 125

-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118

-#define EVP_R_UNSUPPORTED_SALT_TYPE			 126

-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109

-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110

-#define EVP_R_SEED_KEY_SETUP_FAILED			 162

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_acnf.c

+++ /dev/null

@@ -1,73 +1,0 @@

-/* evp_acnf.c */

-/* Written by Stephen Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/conf.h>

-/* Load all algorithms and configure OpenSSL.

- * This function is called automatically when

- * OPENSSL_LOAD_CONF is set.

- */

-void OPENSSL_add_all_algorithms_conf(void)

-	{

-	OPENSSL_add_all_algorithms_noconf();

-	OPENSSL_config(NULL);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_enc.c

+++ /dev/null

@@ -1,563 +1,0 @@

-/* crypto/evp/evp_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include "evp_locl.h"

-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;

-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)

-	{

-	memset(ctx,0,sizeof(EVP_CIPHER_CTX));

-	/* ctx->cipher=NULL; */

-	}

-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)

-	{

-	EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);

-	if (ctx)

-		EVP_CIPHER_CTX_init(ctx);

-	return ctx;

-	}

-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,

-	     const unsigned char *key, const unsigned char *iv, int enc)

-	{

-	if (cipher)

-		EVP_CIPHER_CTX_init(ctx);

-	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);

-	}

-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,

-	     const unsigned char *key, const unsigned char *iv, int enc)

-	{

-	if (enc == -1)

-		enc = ctx->encrypt;

-	else

-		{

-		if (enc)

-			enc = 1;

-		ctx->encrypt = enc;

-		}

-#ifndef OPENSSL_NO_ENGINE

-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts

-	 * so this context may already have an ENGINE! Try to avoid releasing

-	 * the previous handle, re-querying for an ENGINE, and having a

-	 * reinitialisation, when it may all be unecessary. */

-	if (ctx->engine && ctx->cipher && (!cipher ||

-			(cipher && (cipher->nid == ctx->cipher->nid))))

-		goto skip_to_init;

-#endif

-	if (cipher)

-		{

-		/* Ensure a context left lying around from last time is cleared

-		 * (the previous check attempted to avoid this if the same

-		 * ENGINE and EVP_CIPHER could be used). */

-		EVP_CIPHER_CTX_cleanup(ctx);

-		/* Restore encrypt field: it is zeroed by cleanup */

-		ctx->encrypt = enc;

-#ifndef OPENSSL_NO_ENGINE

-		if(impl)

-			{

-			if (!ENGINE_init(impl))

-				{

-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

-				return 0;

-				}

-			}

-		else

-			/* Ask if an ENGINE is reserved for this job */

-			impl = ENGINE_get_cipher_engine(cipher->nid);

-		if(impl)

-			{

-			/* There's an ENGINE for this job ... (apparently) */

-			const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);

-			if(!c)

-				{

-				/* One positive side-effect of US's export

-				 * control history, is that we should at least

-				 * be able to avoid using US mispellings of

-				 * "initialisation"? */

-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

-				return 0;

-				}

-			/* We'll use the ENGINE's private cipher definition */

-			cipher = c;

-			/* Store the ENGINE functional reference so we know

-			 * 'cipher' came from an ENGINE and we need to release

-			 * it when done. */

-			ctx->engine = impl;

-			}

-		else

-			ctx->engine = NULL;

-#endif

-		ctx->cipher=cipher;

-		if (ctx->cipher->ctx_size)

-			{

-			ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);

-			if (!ctx->cipher_data)

-				{

-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);

-				return 0;

-				}

-			}

-		else

-			{

-			ctx->cipher_data = NULL;

-			}

-		ctx->key_len = cipher->key_len;

-		ctx->flags = 0;

-		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)

-			{

-			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))

-				{

-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

-				return 0;

-				}

-			}

-		}

-	else if(!ctx->cipher)

-		{

-		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);

-		return 0;

-		}

-#ifndef OPENSSL_NO_ENGINE

-skip_to_init:

-#endif

-	/* we assume block size is a power of 2 in *cryptUpdate */

-	OPENSSL_assert(ctx->cipher->block_size == 1

-	    || ctx->cipher->block_size == 8

-	    || ctx->cipher->block_size == 16);

-	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {

-		switch(EVP_CIPHER_CTX_mode(ctx)) {

-			case EVP_CIPH_STREAM_CIPHER:

-			case EVP_CIPH_ECB_MODE:

-			break;

-			case EVP_CIPH_CFB_MODE:

-			case EVP_CIPH_OFB_MODE:

-			ctx->num = 0;

-			case EVP_CIPH_CBC_MODE:

-			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=

-					(int)sizeof(ctx->iv));

-			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));

-			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));

-			break;

-			default:

-			return 0;

-			break;

-		}

-	}

-	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {

-		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;

-	}

-	ctx->buf_len=0;

-	ctx->final_used=0;

-	ctx->block_mask=ctx->cipher->block_size-1;

-	return 1;

-	}

-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,

-	     const unsigned char *in, int inl)

-	{

-	if (ctx->encrypt)

-		return EVP_EncryptUpdate(ctx,out,outl,in,inl);

-	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);

-	}

-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	if (ctx->encrypt)

-		return EVP_EncryptFinal_ex(ctx,out,outl);

-	else	return EVP_DecryptFinal_ex(ctx,out,outl);

-	}

-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	if (ctx->encrypt)

-		return EVP_EncryptFinal(ctx,out,outl);

-	else	return EVP_DecryptFinal(ctx,out,outl);

-	}

-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,

-	     const unsigned char *key, const unsigned char *iv)

-	{

-	return EVP_CipherInit(ctx, cipher, key, iv, 1);

-	}

-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,

-		const unsigned char *key, const unsigned char *iv)

-	{

-	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);

-	}

-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,

-	     const unsigned char *key, const unsigned char *iv)

-	{

-	return EVP_CipherInit(ctx, cipher, key, iv, 0);

-	}

-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,

-	     const unsigned char *key, const unsigned char *iv)

-	{

-	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);

-	}

-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,

-	     const unsigned char *in, int inl)

-	{

-	int i,j,bl;

-	OPENSSL_assert(inl > 0);

-	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)

-		{

-		if(ctx->cipher->do_cipher(ctx,out,in,inl))

-			{

-			*outl=inl;

-			return 1;

-			}

-		else

-			{

-			*outl=0;

-			return 0;

-			}

-		}

-	i=ctx->buf_len;

-	bl=ctx->cipher->block_size;

-	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));

-	if (i != 0)

-		{

-		if (i+inl < bl)

-			{

-			memcpy(&(ctx->buf[i]),in,inl);

-			ctx->buf_len+=inl;

-			*outl=0;

-			return 1;

-			}

-		else

-			{

-			j=bl-i;

-			memcpy(&(ctx->buf[i]),in,j);

-			if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;

-			inl-=j;

-			in+=j;

-			out+=bl;

-			*outl=bl;

-			}

-		}

-	else

-		*outl = 0;

-	i=inl&(bl-1);

-	inl-=i;

-	if (inl > 0)

-		{

-		if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;

-		*outl+=inl;

-		}

-	if (i != 0)

-		memcpy(ctx->buf,&(in[inl]),i);

-	ctx->buf_len=i;

-	return 1;

-	}

-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int ret;

-	ret = EVP_EncryptFinal_ex(ctx, out, outl);

-	return ret;

-	}

-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int n,ret;

-	unsigned int i, b, bl;

-	b=ctx->cipher->block_size;

-	OPENSSL_assert(b <= sizeof ctx->buf);

-	if (b == 1)

-		{

-		*outl=0;

-		return 1;

-		}

-	bl=ctx->buf_len;

-	if (ctx->flags & EVP_CIPH_NO_PADDING)

-		{

-		if(bl)

-			{

-			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);

-			return 0;

-			}

-		*outl = 0;

-		return 1;

-		}

-	n=b-bl;

-	for (i=bl; i<b; i++)

-		ctx->buf[i]=n;

-	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);

-	if(ret)

-		*outl=b;

-	return ret;

-	}

-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,

-	     const unsigned char *in, int inl)

-	{

-	int fix_len;

-	unsigned int b;

-	if (inl == 0)

-		{

-		*outl=0;

-		return 1;

-		}

-	if (ctx->flags & EVP_CIPH_NO_PADDING)

-		return EVP_EncryptUpdate(ctx, out, outl, in, inl);

-	b=ctx->cipher->block_size;

-	OPENSSL_assert(b <= sizeof ctx->final);

-	if(ctx->final_used)

-		{

-		memcpy(out,ctx->final,b);

-		out+=b;

-		fix_len = 1;

-		}

-	else

-		fix_len = 0;

-	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))

-		return 0;

-	/* if we have 'decrypted' a multiple of block size, make sure

-	 * we have a copy of this last block */

-	if (b > 1 && !ctx->buf_len)

-		{

-		*outl-=b;

-		ctx->final_used=1;

-		memcpy(ctx->final,&out[*outl],b);

-		}

-	else

-		ctx->final_used = 0;

-	if (fix_len)

-		*outl += b;

-	return 1;

-	}

-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int ret;

-	ret = EVP_DecryptFinal_ex(ctx, out, outl);

-	return ret;

-	}

-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int i,n;

-	unsigned int b;

-	*outl=0;

-	b=ctx->cipher->block_size;

-	if (ctx->flags & EVP_CIPH_NO_PADDING)

-		{

-		if(ctx->buf_len)

-			{

-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);

-			return 0;

-			}

-		*outl = 0;

-		return 1;

-		}

-	if (b > 1)

-		{

-		if (ctx->buf_len || !ctx->final_used)

-			{

-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);

-			return(0);

-			}

-		OPENSSL_assert(b <= sizeof ctx->final);

-		n=ctx->final[b-1];

-		if (n == 0 || n > (int)b)

-			{

-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);

-			return(0);

-			}

-		for (i=0; i<n; i++)

-			{

-			if (ctx->final[--b] != n)

-				{

-				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);

-				return(0);

-				}

-			}

-		n=ctx->cipher->block_size-n;

-		for (i=0; i<n; i++)

-			out[i]=ctx->final[i];

-		*outl=n;

-		}

-	else

-		*outl=0;

-	return(1);

-	}

-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)

-	{

-	if (ctx)

-		{

-		EVP_CIPHER_CTX_cleanup(ctx);

-		OPENSSL_free(ctx);

-		}

-	}

-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)

-	{

-	if (c->cipher != NULL)

-		{

-		if(c->cipher->cleanup && !c->cipher->cleanup(c))

-			return 0;

-		/* Cleanse cipher context data */

-		if (c->cipher_data)

-			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);

-		}

-	if (c->cipher_data)

-		OPENSSL_free(c->cipher_data);

-#ifndef OPENSSL_NO_ENGINE

-	if (c->engine)

-		/* The EVP_CIPHER we used belongs to an ENGINE, release the

-		 * functional reference we held for this reason. */

-		ENGINE_finish(c->engine);

-#endif

-	memset(c,0,sizeof(EVP_CIPHER_CTX));

-	return 1;

-	}

-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)

-	{

-	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)

-		return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);

-	if(c->key_len == keylen) return 1;

-	if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))

-		{

-		c->key_len = keylen;

-		return 1;

-		}

-	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);

-	return 0;

-	}

-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)

-	{

-	if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;

-	else ctx->flags |= EVP_CIPH_NO_PADDING;

-	return 1;

-	}

-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)

-{

-	int ret;

-	if(!ctx->cipher) {

-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);

-		return 0;

-	}

-	if(!ctx->cipher->ctrl) {

-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);

-		return 0;

-	}

-	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);

-	if(ret == -1) {

-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);

-		return 0;

-	}

-	return ret;

-}

-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)

-	{

-	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)

-		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);

-	if (RAND_bytes(key, ctx->key_len) <= 0)

-		return 0;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_err.c

+++ /dev/null

@@ -1,174 +1,0 @@

-/* crypto/evp/evp_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)

-static ERR_STRING_DATA EVP_str_functs[]=

-	{

-{ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},

-{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},

-{ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},

-{ERR_FUNC(EVP_F_DSAPKEY2PKCS8),	"DSAPKEY2PKCS8"},

-{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),	"DSA_PKEY2PKCS8"},

-{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),	"ECDSA_PKEY2PKCS8"},

-{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8),	"ECKEY_PKEY2PKCS8"},

-{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},

-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),	"EVP_CIPHER_CTX_ctrl"},

-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),	"EVP_CIPHER_CTX_set_key_length"},

-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),	"EVP_DecryptFinal_ex"},

-{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},

-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},

-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},

-{ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},

-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},

-{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),	"EVP_PBE_CipherInit"},

-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY),	"EVP_PKCS82PKEY"},

-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN),	"EVP_PKEY2PKCS8_broken"},

-{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),	"EVP_PKEY_copy_parameters"},

-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),	"EVP_PKEY_decrypt"},

-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),	"EVP_PKEY_encrypt"},

-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),	"EVP_PKEY_get1_DH"},

-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),	"EVP_PKEY_get1_DSA"},

-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA),	"EVP_PKEY_GET1_ECDSA"},

-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY),	"EVP_PKEY_get1_EC_KEY"},

-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),	"EVP_PKEY_get1_RSA"},

-{ERR_FUNC(EVP_F_EVP_PKEY_NEW),	"EVP_PKEY_new"},

-{ERR_FUNC(EVP_F_EVP_RIJNDAEL),	"EVP_RIJNDAEL"},

-{ERR_FUNC(EVP_F_EVP_SIGNFINAL),	"EVP_SignFinal"},

-{ERR_FUNC(EVP_F_EVP_VERIFYFINAL),	"EVP_VerifyFinal"},

-{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),	"PKCS5_PBE_keyivgen"},

-{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN),	"PKCS5_v2_PBE_keyivgen"},

-{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),	"PKCS8_set_broken"},

-{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),	"RC2_MAGIC_TO_METH"},

-{ERR_FUNC(EVP_F_RC5_CTRL),	"RC5_CTRL"},

-{0,NULL}

-	};

-static ERR_STRING_DATA EVP_str_reasons[]=

-	{

-{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  ,"aes key setup failed"},

-{ERR_REASON(EVP_R_ASN1_LIB)              ,"asn1 lib"},

-{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH)      ,"bad block length"},

-{ERR_REASON(EVP_R_BAD_DECRYPT)           ,"bad decrypt"},

-{ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},

-{ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},

-{ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},

-{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},

-{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},

-{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},

-{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},

-{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},

-{ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},

-{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},

-{ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},

-{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},

-{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},

-{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},

-{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},

-{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},

-{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},

-{ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},

-{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},

-{ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},

-{ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},

-{ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},

-{ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},

-{ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},

-{ERR_REASON(EVP_R_NO_DIGEST_SET)         ,"no digest set"},

-{ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},

-{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},

-{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},

-{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},

-{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},

-{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},

-{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},

-{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},

-{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},

-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},

-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE)  ,"unsupported key size"},

-{ERR_REASON(EVP_R_UNSUPPORTED_PRF)       ,"unsupported prf"},

-{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},

-{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},

-{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},

-{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},

-{0,NULL}

-	};

-#endif

-void ERR_load_EVP_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,EVP_str_functs);

-		ERR_load_strings(0,EVP_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_key.c

+++ /dev/null

@@ -1,175 +1,0 @@

-/* crypto/evp/evp_key.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/ui.h>

-/* should be init to zeros. */

-static char prompt_string[80];

-void EVP_set_pw_prompt(const char *prompt)

-	{

-	if (prompt == NULL)

-		prompt_string[0]='\0';

-	else

-		{

-		strncpy(prompt_string,prompt,79);

-		prompt_string[79]='\0';

-		}

-	}

-char *EVP_get_pw_prompt(void)

-	{

-	if (prompt_string[0] == '\0')

-		return(NULL);

-	else

-		return(prompt_string);

-	}

-/* For historical reasons, the standard function for reading passwords is

- * in the DES library -- if someone ever wants to disable DES,

- * this function will fail */

-int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)

-	{

-	int ret;

-	char buff[BUFSIZ];

-	UI *ui;

-	if ((prompt == NULL) && (prompt_string[0] != '\0'))

-		prompt=prompt_string;

-	ui = UI_new();

-	UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);

-	if (verify)

-		UI_add_verify_string(ui,prompt,0,

-			buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);

-	ret = UI_process(ui);

-	UI_free(ui);

-	OPENSSL_cleanse(buff,BUFSIZ);

-	return ret;

-	}

-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,

-	     const unsigned char *salt, const unsigned char *data, int datal,

-	     int count, unsigned char *key, unsigned char *iv)

-	{

-	EVP_MD_CTX c;

-	unsigned char md_buf[EVP_MAX_MD_SIZE];

-	int niv,nkey,addmd=0;

-	unsigned int mds=0,i;

-	nkey=type->key_len;

-	niv=type->iv_len;

-	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);

-	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);

-	if (data == NULL) return(nkey);

-	EVP_MD_CTX_init(&c);

-	for (;;)

-		{

-		if (!EVP_DigestInit_ex(&c,md, NULL))

-			return 0;

-		if (addmd++)

-			EVP_DigestUpdate(&c,&(md_buf[0]),mds);

-		EVP_DigestUpdate(&c,data,datal);

-		if (salt != NULL)

-			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);

-		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);

-		for (i=1; i<(unsigned int)count; i++)

-			{

-			EVP_DigestInit_ex(&c,md, NULL);

-			EVP_DigestUpdate(&c,&(md_buf[0]),mds);

-			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);

-			}

-		i=0;

-		if (nkey)

-			{

-			for (;;)

-				{

-				if (nkey == 0) break;

-				if (i == mds) break;

-				if (key != NULL)

-					*(key++)=md_buf[i];

-				nkey--;

-				i++;

-				}

-			}

-		if (niv && (i != mds))

-			{

-			for (;;)

-				{

-				if (niv == 0) break;

-				if (i == mds) break;

-				if (iv != NULL)

-					*(iv++)=md_buf[i];

-				niv--;

-				i++;

-				}

-			}

-		if ((nkey == 0) && (niv == 0)) break;

-		}

-	EVP_MD_CTX_cleanup(&c);

-	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);

-	return(type->key_len);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_lib.c

+++ /dev/null

@@ -1,279 +1,0 @@

-/* crypto/evp/evp_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

-	{

-	int ret;

-	if (c->cipher->set_asn1_parameters != NULL)

-		ret=c->cipher->set_asn1_parameters(c,type);

-	else

-		ret=-1;

-	return(ret);

-	}

-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

-	{

-	int ret;

-	if (c->cipher->get_asn1_parameters != NULL)

-		ret=c->cipher->get_asn1_parameters(c,type);

-	else

-		ret=-1;

-	return(ret);

-	}

-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

-	{

-	int i=0;

-	unsigned int l;

-	if (type != NULL)

-		{

-		l=EVP_CIPHER_CTX_iv_length(c);

-		OPENSSL_assert(l <= sizeof(c->iv));

-		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);

-		if (i != (int)l)

-			return(-1);

-		else if (i > 0)

-			memcpy(c->iv,c->oiv,l);

-		}

-	return(i);

-	}

-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

-	{

-	int i=0;

-	unsigned int j;

-	if (type != NULL)

-		{

-		j=EVP_CIPHER_CTX_iv_length(c);

-		OPENSSL_assert(j <= sizeof(c->iv));

-		i=ASN1_TYPE_set_octetstring(type,c->oiv,j);

-		}

-	return(i);

-	}

-/* Convert the various cipher NIDs and dummies to a proper OID NID */

-int EVP_CIPHER_type(const EVP_CIPHER *ctx)

-{

-	int nid;

-	ASN1_OBJECT *otmp;

-	nid = EVP_CIPHER_nid(ctx);

-	switch(nid) {

-		case NID_rc2_cbc:

-		case NID_rc2_64_cbc:

-		case NID_rc2_40_cbc:

-		return NID_rc2_cbc;

-		case NID_rc4:

-		case NID_rc4_40:

-		return NID_rc4;

-		case NID_aes_128_cfb128:

-		case NID_aes_128_cfb8:

-		case NID_aes_128_cfb1:

-		return NID_aes_128_cfb128;

-		case NID_aes_192_cfb128:

-		case NID_aes_192_cfb8:

-		case NID_aes_192_cfb1:

-		return NID_aes_192_cfb128;

-		case NID_aes_256_cfb128:

-		case NID_aes_256_cfb8:

-		case NID_aes_256_cfb1:

-		return NID_aes_256_cfb128;

-		case NID_des_cfb64:

-		case NID_des_cfb8:

-		case NID_des_cfb1:

-		return NID_des_cfb64;

-		default:

-		/* Check it has an OID and it is valid */

-		otmp = OBJ_nid2obj(nid);

-		if(!otmp || !otmp->data) nid = NID_undef;

-		ASN1_OBJECT_free(otmp);

-		return nid;

-	}

-}

-int EVP_CIPHER_block_size(const EVP_CIPHER *e)

-	{

-	return e->block_size;

-	}

-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->cipher->block_size;

-	}

-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)

-	{

-	return ctx->cipher->do_cipher(ctx,out,in,inl);

-	}

-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->cipher;

-	}

-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)

-	{

-	return cipher->flags;

-	}

-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->cipher->flags;

-	}

-void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->app_data;

-	}

-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)

-	{

-	ctx->app_data = data;

-	}

-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)

-	{

-	return cipher->iv_len;

-	}

-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->cipher->iv_len;

-	}

-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)

-	{

-	return cipher->key_len;

-	}

-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->key_len;

-	}

-int EVP_CIPHER_nid(const EVP_CIPHER *cipher)

-	{

-	return cipher->nid;

-	}

-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)

-	{

-	return ctx->cipher->nid;

-	}

-int EVP_MD_block_size(const EVP_MD *md)

-	{

-	return md->block_size;

-	}

-int EVP_MD_type(const EVP_MD *md)

-	{

-	return md->type;

-	}

-int EVP_MD_pkey_type(const EVP_MD *md)

-	{

-	return md->pkey_type;

-	}

-int EVP_MD_size(const EVP_MD *md)

-	{

-	return md->md_size;

-	}

-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)

-	{

-	return ctx->digest;

-	}

-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)

-	{

-	ctx->flags |= flags;

-	}

-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)

-	{

-	ctx->flags &= ~flags;

-	}

-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)

-	{

-	return (ctx->flags & flags);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_locl.h

+++ /dev/null

@@ -1,236 +1,0 @@

-/* evp_locl.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Macros to code block cipher wrappers */

-/* Wrapper functions for each cipher mode */

-#define BLOCK_CIPHER_ecb_loop() \

-	unsigned int i, bl; \

-	bl = ctx->cipher->block_size;\

-	if(inl < bl) return 1;\

-	inl -= bl; \

-	for(i=0; i <= inl; i+=bl)

-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \

-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \

-{\

-	BLOCK_CIPHER_ecb_loop() \

-		cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\

-	return 1;\

-}

-#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \

-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \

-{\

-	cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\

-	return 1;\

-}

-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \

-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \

-{\

-	cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\

-	return 1;\

-}

-#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \

-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \

-{\

-	cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\

-	return 1;\

-}

-#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \

-	BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \

-	BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \

-	BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \

-	BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)

-#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \

-			  key_len, iv_len, flags, init_key, cleanup, \

-			  set_asn1, get_asn1, ctrl) \

-static const EVP_CIPHER cname##_##mode = { \

-	nid##_##nmode, block_size, key_len, iv_len, \

-	flags | EVP_CIPH_##MODE##_MODE, \

-	init_key, \

-	cname##_##mode##_cipher, \

-	cleanup, \

-	sizeof(kstruct), \

-	set_asn1, get_asn1,\

-	ctrl, \

-	NULL \

-}; \

-const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }

-#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \

-			     iv_len, flags, init_key, cleanup, set_asn1, \

-			     get_asn1, ctrl) \

-BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \

-		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)

-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \

-			     iv_len, cbits, flags, init_key, cleanup, \

-			     set_asn1, get_asn1, ctrl) \

-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \

-		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \

-		  get_asn1, ctrl)

-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \

-			     iv_len, cbits, flags, init_key, cleanup, \

-			     set_asn1, get_asn1, ctrl) \

-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \

-		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \

-		  get_asn1, ctrl)

-#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \

-			     iv_len, flags, init_key, cleanup, set_asn1, \

-			     get_asn1, ctrl) \

-BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \

-		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)

-#define BLOCK_CIPHER_defs(cname, kstruct, \

-			  nid, block_size, key_len, iv_len, cbits, flags, \

-			  init_key, cleanup, set_asn1, get_asn1, ctrl) \

-BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \

-		     init_key, cleanup, set_asn1, get_asn1, ctrl) \

-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \

-		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \

-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \

-		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \

-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \

-		     init_key, cleanup, set_asn1, get_asn1, ctrl)

-/*

-#define BLOCK_CIPHER_defs(cname, kstruct, \

-				nid, block_size, key_len, iv_len, flags,\

-				 init_key, cleanup, set_asn1, get_asn1, ctrl)\

-static const EVP_CIPHER cname##_cbc = {\

-	nid##_cbc, block_size, key_len, iv_len, \

-	flags | EVP_CIPH_CBC_MODE,\

-	init_key,\

-	cname##_cbc_cipher,\

-	cleanup,\

-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\

-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\

-	set_asn1, get_asn1,\

-	ctrl, \

-	NULL \

-};\

-const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\

-static const EVP_CIPHER cname##_cfb = {\

-	nid##_cfb64, 1, key_len, iv_len, \

-	flags | EVP_CIPH_CFB_MODE,\

-	init_key,\

-	cname##_cfb_cipher,\

-	cleanup,\

-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\

-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\

-	set_asn1, get_asn1,\

-	ctrl,\

-	NULL \

-};\

-const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\

-static const EVP_CIPHER cname##_ofb = {\

-	nid##_ofb64, 1, key_len, iv_len, \

-	flags | EVP_CIPH_OFB_MODE,\

-	init_key,\

-	cname##_ofb_cipher,\

-	cleanup,\

-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\

-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\

-	set_asn1, get_asn1,\

-	ctrl,\

-	NULL \

-};\

-const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\

-static const EVP_CIPHER cname##_ecb = {\

-	nid##_ecb, block_size, key_len, iv_len, \

-	flags | EVP_CIPH_ECB_MODE,\

-	init_key,\

-	cname##_ecb_cipher,\

-	cleanup,\

-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\

-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\

-	set_asn1, get_asn1,\

-	ctrl,\

-	NULL \

-};\

-const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }

-*/

-#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \

-			       block_size, key_len, iv_len, cbits, \

-			       flags, init_key, \

-			       cleanup, set_asn1, get_asn1, ctrl) \

-	BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \

-	BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \

-			  cbits, flags, init_key, cleanup, set_asn1, \

-			  get_asn1, ctrl)

-#define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)

-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \

-	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \

-	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \

-			     NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \

-			     0, cipher##_init_key, NULL, \

-			     EVP_CIPHER_set_asn1_iv, \

-			     EVP_CIPHER_get_asn1_iv, \

-			     NULL)

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_pbe.c

+++ /dev/null

@@ -1,137 +1,0 @@

-/* evp_pbe.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-/* Password based encryption (PBE) functions */

-static STACK *pbe_algs;

-/* Setup a cipher context from a PBE algorithm */

-typedef struct {

-int pbe_nid;

-const EVP_CIPHER *cipher;

-const EVP_MD *md;

-EVP_PBE_KEYGEN *keygen;

-} EVP_PBE_CTL;

-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,

-	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)

-{

-	EVP_PBE_CTL *pbetmp, pbelu;

-	int i;

-	pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);

-	if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);

-	else i = -1;

-	if (i == -1) {

-		char obj_tmp[80];

-		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);

-		if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);

-		else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);

-		ERR_add_error_data(2, "TYPE=", obj_tmp);

-		return 0;

-	}

-	if(!pass) passlen = 0;

-	else if (passlen == -1) passlen = strlen(pass);

-	pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);

-	i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,

-						 pbetmp->md, en_de);

-	if (!i) {

-		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);

-		return 0;

-	}

-	return 1;

-}

-static int pbe_cmp(const char * const *a, const char * const *b)

-{

-	const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,

-			* const *pbe2 = (const EVP_PBE_CTL * const *)b;

-	return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);

-}

-/* Add a PBE algorithm */

-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,

-	     EVP_PBE_KEYGEN *keygen)

-{

-	EVP_PBE_CTL *pbe_tmp;

-	if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);

-	if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {

-		EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	pbe_tmp->pbe_nid = nid;

-	pbe_tmp->cipher = cipher;

-	pbe_tmp->md = md;

-	pbe_tmp->keygen = keygen;

-	sk_push (pbe_algs, (char *)pbe_tmp);

-	return 1;

-}

-void EVP_PBE_cleanup(void)

-{

-	sk_pop_free(pbe_algs, OPENSSL_freeFunc);

-	pbe_algs = NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_pkey.c

+++ /dev/null

@@ -1,794 +1,0 @@

-/* evp_pkey.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_DSA

-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);

-#endif

-#ifndef OPENSSL_NO_EC

-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);

-#endif

-/* Extract a private key from a PKCS8 structure */

-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)

-{

-	EVP_PKEY *pkey = NULL;

-#ifndef OPENSSL_NO_RSA

-	RSA *rsa = NULL;

-#endif

-#ifndef OPENSSL_NO_DSA

-	DSA *dsa = NULL;

-	ASN1_TYPE *t1, *t2;

-	ASN1_INTEGER *privkey;

-	STACK_OF(ASN1_TYPE) *ndsa = NULL;

-#endif

-#ifndef OPENSSL_NO_EC

-	EC_KEY *eckey = NULL;

-	const unsigned char *p_tmp;

-#endif

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)

-	ASN1_TYPE    *param = NULL;

-	BN_CTX *ctx = NULL;

-	int plen;

-#endif

-	X509_ALGOR *a;

-	const unsigned char *p;

-	const unsigned char *cp;

-	int pkeylen;

-	int  nid;

-	char obj_tmp[80];

-	if(p8->pkey->type == V_ASN1_OCTET_STRING) {

-		p8->broken = PKCS8_OK;

-		p = p8->pkey->value.octet_string->data;

-		pkeylen = p8->pkey->value.octet_string->length;

-	} else {

-		p8->broken = PKCS8_NO_OCTET;

-		p = p8->pkey->value.sequence->data;

-		pkeylen = p8->pkey->value.sequence->length;

-	}

-	if (!(pkey = EVP_PKEY_new())) {

-		EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	a = p8->pkeyalg;

-	nid = OBJ_obj2nid(a->algorithm);

-	switch(nid)

-	{

-#ifndef OPENSSL_NO_RSA

-		case NID_rsaEncryption:

-		cp = p;

-		if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			return NULL;

-		}

-		EVP_PKEY_assign_RSA (pkey, rsa);

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-		case NID_dsa:

-		/* PKCS#8 DSA is weird: you just get a private key integer

-	         * and parameters in the AlgorithmIdentifier the pubkey must

-		 * be recalculated.

-		 */

-		/* Check for broken DSA PKCS#8, UGH! */

-		if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {

-		    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,

-							  d2i_ASN1_TYPE,

-							  ASN1_TYPE_free))) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto dsaerr;

-		    }

-		    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto dsaerr;

-		    }

-		    /* Handle Two broken types:

-		     * SEQUENCE {parameters, priv_key}

-		     * SEQUENCE {pub_key, priv_key}

-		     */

-		    t1 = sk_ASN1_TYPE_value(ndsa, 0);

-		    t2 = sk_ASN1_TYPE_value(ndsa, 1);

-		    if(t1->type == V_ASN1_SEQUENCE) {

-			p8->broken = PKCS8_EMBEDDED_PARAM;

-			param = t1;

-		    } else if(a->parameter->type == V_ASN1_SEQUENCE) {

-			p8->broken = PKCS8_NS_DB;

-			param = a->parameter;

-		    } else {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto dsaerr;

-		    }

-		    if(t2->type != V_ASN1_INTEGER) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto dsaerr;

-		    }

-		    privkey = t2->value.integer;

-		} else {

-			if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {

-				EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-				goto dsaerr;

-			}

-			param = p8->pkeyalg->parameter;

-		}

-		if (!param || (param->type != V_ASN1_SEQUENCE)) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto dsaerr;

-		}

-		cp = p = param->value.sequence->data;

-		plen = param->value.sequence->length;

-		if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto dsaerr;

-		}

-		/* We have parameters now set private key */

-		if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);

-			goto dsaerr;

-		}

-		/* Calculate public key (ouch!) */

-		if (!(dsa->pub_key = BN_new())) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);

-			goto dsaerr;

-		}

-		if (!(ctx = BN_CTX_new())) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);

-			goto dsaerr;

-		}

-		if (!BN_mod_exp(dsa->pub_key, dsa->g,

-						 dsa->priv_key, dsa->p, ctx)) {

-			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);

-			goto dsaerr;

-		}

-		EVP_PKEY_assign_DSA(pkey, dsa);

-		BN_CTX_free (ctx);

-		if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

-		else ASN1_INTEGER_free(privkey);

-		break;

-		dsaerr:

-		BN_CTX_free (ctx);

-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

-		DSA_free(dsa);

-		EVP_PKEY_free(pkey);

-		return NULL;

-		break;

-#endif

-#ifndef OPENSSL_NO_EC

-		case NID_X9_62_id_ecPublicKey:

-		p_tmp = p;

-		/* extract the ec parameters */

-		param = p8->pkeyalg->parameter;

-		if (!param || ((param->type != V_ASN1_SEQUENCE) &&

-		    (param->type != V_ASN1_OBJECT)))

-		{

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto ecerr;

-		}

-		if (param->type == V_ASN1_SEQUENCE)

-		{

-			cp = p = param->value.sequence->data;

-			plen = param->value.sequence->length;

-			if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))

-			{

-				EVPerr(EVP_F_EVP_PKCS82PKEY,

-					EVP_R_DECODE_ERROR);

-				goto ecerr;

-			}

-		}

-		else

-		{

-			EC_GROUP *group;

-			cp = p = param->value.object->data;

-			plen = param->value.object->length;

-			/* type == V_ASN1_OBJECT => the parameters are given

-			 * by an asn1 OID

-			 */

-			if ((eckey = EC_KEY_new()) == NULL)

-			{

-				EVPerr(EVP_F_EVP_PKCS82PKEY,

-					ERR_R_MALLOC_FAILURE);

-				goto ecerr;

-			}

-			group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));

-			if (group == NULL)

-				goto ecerr;

-			EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);

-			if (EC_KEY_set_group(eckey, group) == 0)

-				goto ecerr;

-			EC_GROUP_free(group);

-		}

-		/* We have parameters now set private key */

-		if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))

-		{

-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);

-			goto ecerr;

-		}

-		/* calculate public key (if necessary) */

-		if (EC_KEY_get0_public_key(eckey) == NULL)

-		{

-			const BIGNUM *priv_key;

-			const EC_GROUP *group;

-			EC_POINT *pub_key;

-			/* the public key was not included in the SEC1 private

-			 * key => calculate the public key */

-			group   = EC_KEY_get0_group(eckey);

-			pub_key = EC_POINT_new(group);

-			if (pub_key == NULL)

-			{

-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);

-				goto ecerr;

-			}

-			if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))

-			{

-				EC_POINT_free(pub_key);

-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);

-				goto ecerr;

-			}

-			priv_key = EC_KEY_get0_private_key(eckey);

-			if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))

-			{

-				EC_POINT_free(pub_key);

-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);

-				goto ecerr;

-			}

-			if (EC_KEY_set_public_key(eckey, pub_key) == 0)

-			{

-				EC_POINT_free(pub_key);

-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);

-				goto ecerr;

-			}

-			EC_POINT_free(pub_key);

-		}

-		EVP_PKEY_assign_EC_KEY(pkey, eckey);

-		if (ctx)

-			BN_CTX_free(ctx);

-		break;

-ecerr:

-		if (ctx)

-			BN_CTX_free(ctx);

-		if (eckey)

-			EC_KEY_free(eckey);

-		if (pkey)

-			EVP_PKEY_free(pkey);

-		return NULL;

-#endif

-		default:

-		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);

-		if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);

-		else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);

-		ERR_add_error_data(2, "TYPE=", obj_tmp);

-		EVP_PKEY_free (pkey);

-		return NULL;

-	}

-	return pkey;

-}

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)

-{

-	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);

-}

-/* Turn a private key into a PKCS8 structure */

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)

-{

-	PKCS8_PRIV_KEY_INFO *p8;

-	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {

-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	p8->broken = broken;

-	if (!ASN1_INTEGER_set(p8->version, 0)) {

-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);

-		PKCS8_PRIV_KEY_INFO_free (p8);

-		return NULL;

-	}

-	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {

-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);

-		PKCS8_PRIV_KEY_INFO_free (p8);

-		return NULL;

-	}

-	p8->pkey->type = V_ASN1_OCTET_STRING;

-	switch (EVP_PKEY_type(pkey->type)) {

-#ifndef OPENSSL_NO_RSA

-		case EVP_PKEY_RSA:

-		if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;

-		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);

-		p8->pkeyalg->parameter->type = V_ASN1_NULL;

-		if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,

-					 &p8->pkey->value.octet_string)) {

-			EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);

-			PKCS8_PRIV_KEY_INFO_free (p8);

-			return NULL;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-		case EVP_PKEY_DSA:

-		if(!dsa_pkey2pkcs8(p8, pkey)) {

-			PKCS8_PRIV_KEY_INFO_free (p8);

-			return NULL;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_EC

-		case EVP_PKEY_EC:

-		if (!eckey_pkey2pkcs8(p8, pkey))

-		{

-			PKCS8_PRIV_KEY_INFO_free(p8);

-			return(NULL);

-		}

-		break;

-#endif

-		default:

-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);

-		PKCS8_PRIV_KEY_INFO_free (p8);

-		return NULL;

-	}

-	RAND_add(p8->pkey->value.octet_string->data,

-		 p8->pkey->value.octet_string->length, 0.0);

-	return p8;

-}

-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)

-{

-	switch (broken) {

-		case PKCS8_OK:

-		p8->broken = PKCS8_OK;

-		return p8;

-		break;

-		case PKCS8_NO_OCTET:

-		p8->broken = PKCS8_NO_OCTET;

-		p8->pkey->type = V_ASN1_SEQUENCE;

-		return p8;

-		break;

-		default:

-		EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);

-		return NULL;

-	}

-}

-#ifndef OPENSSL_NO_DSA

-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)

-{

-	ASN1_STRING *params = NULL;

-	ASN1_INTEGER *prkey = NULL;

-	ASN1_TYPE *ttmp = NULL;

-	STACK_OF(ASN1_TYPE) *ndsa = NULL;

-	unsigned char *p = NULL, *q;

-	int len;

-	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);

-	len = i2d_DSAparams (pkey->pkey.dsa, NULL);

-	if (!(p = OPENSSL_malloc(len))) {

-		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	q = p;

-	i2d_DSAparams (pkey->pkey.dsa, &q);

-	if (!(params = ASN1_STRING_new())) {

-		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if (!ASN1_STRING_set(params, p, len)) {

-		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	OPENSSL_free(p);

-	p = NULL;

-	/* Get private key into integer */

-	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {

-		EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);

-		goto err;

-	}

-	switch(p8->broken) {

-		case PKCS8_OK:

-		case PKCS8_NO_OCTET:

-		if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,

-					 &p8->pkey->value.octet_string)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		M_ASN1_INTEGER_free (prkey);

-		prkey = NULL;

-		p8->pkeyalg->parameter->value.sequence = params;

-		params = NULL;

-		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;

-		break;

-		case PKCS8_NS_DB:

-		p8->pkeyalg->parameter->value.sequence = params;

-		params = NULL;

-		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;

-		if (!(ndsa = sk_ASN1_TYPE_new_null())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!(ttmp = ASN1_TYPE_new())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!(ttmp->value.integer =

-			BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);

-			goto err;

-		}

-		ttmp->type = V_ASN1_INTEGER;

-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!(ttmp = ASN1_TYPE_new())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		ttmp->value.integer = prkey;

-		prkey = NULL;

-		ttmp->type = V_ASN1_INTEGER;

-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		ttmp = NULL;

-		if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,

-					 &p8->pkey->value.octet_string->data,

-					 &p8->pkey->value.octet_string->length)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

-		break;

-		case PKCS8_EMBEDDED_PARAM:

-		p8->pkeyalg->parameter->type = V_ASN1_NULL;

-		if (!(ndsa = sk_ASN1_TYPE_new_null())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!(ttmp = ASN1_TYPE_new())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		ttmp->value.sequence = params;

-		params = NULL;

-		ttmp->type = V_ASN1_SEQUENCE;

-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!(ttmp = ASN1_TYPE_new())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		ttmp->value.integer = prkey;

-		prkey = NULL;

-		ttmp->type = V_ASN1_INTEGER;

-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		ttmp = NULL;

-		if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,

-					 &p8->pkey->value.octet_string->data,

-					 &p8->pkey->value.octet_string->length)) {

-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

-		break;

-	}

-	return 1;

-err:

-	if (p != NULL) OPENSSL_free(p);

-	if (params != NULL) ASN1_STRING_free(params);

-	if (prkey != NULL) M_ASN1_INTEGER_free(prkey);

-	if (ttmp != NULL) ASN1_TYPE_free(ttmp);

-	if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

-	return 0;

-}

-#endif

-#ifndef OPENSSL_NO_EC

-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)

-{

-	EC_KEY		*ec_key;

-	const EC_GROUP  *group;

-	unsigned char	*p, *pp;

-	int 		nid, i, ret = 0;

-	unsigned int    tmp_flags, old_flags;

-	ec_key = pkey->pkey.ec;

-	if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)

-	{

-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);

-		return 0;

-	}

-	/* set the ec parameters OID */

-	if (p8->pkeyalg->algorithm)

-		ASN1_OBJECT_free(p8->pkeyalg->algorithm);

-	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);

-	/* set the ec parameters */

-	if (p8->pkeyalg->parameter)

-	{

-		ASN1_TYPE_free(p8->pkeyalg->parameter);

-		p8->pkeyalg->parameter = NULL;

-	}

-	if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)

-	{

-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	if (EC_GROUP_get_asn1_flag(group)

-                     && (nid = EC_GROUP_get_curve_name(group)))

-	{

-		/* we have a 'named curve' => just set the OID */

-		p8->pkeyalg->parameter->type = V_ASN1_OBJECT;

-		p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);

-	}

-	else	/* explicit parameters */

-	{

-		if ((i = i2d_ECParameters(ec_key, NULL)) == 0)

-		{

-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);

-			return 0;

-		}

-		if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)

-		{

-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		pp = p;

-		if (!i2d_ECParameters(ec_key, &pp))

-		{

-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);

-			OPENSSL_free(p);

-			return 0;

-		}

-		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;

-		if ((p8->pkeyalg->parameter->value.sequence

-			= ASN1_STRING_new()) == NULL)

-		{

-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);

-			OPENSSL_free(p);

-			return 0;

-		}

-		ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);

-		OPENSSL_free(p);

-	}

-	/* set the private key */

-	/* do not include the parameters in the SEC1 private key

-	 * see PKCS#11 12.11 */

-	old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);

-	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;

-	EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);

-	i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);

-	if (!i)

-	{

-		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);

-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);

-		return 0;

-	}

-	p = (unsigned char *) OPENSSL_malloc(i);

-	if (!p)

-	{

-		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);

-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	pp = p;

-	if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))

-	{

-		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);

-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);

-		OPENSSL_free(p);

-		return 0;

-	}

-	/* restore old encoding flags */

-	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);

-	switch(p8->broken) {

-		case PKCS8_OK:

-		p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();

-		if (!p8->pkey->value.octet_string ||

-		    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,

-		    (const void *)p, i))

-		{

-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);

-		}

-		else

-			ret = 1;

-		break;

-		case PKCS8_NO_OCTET:		/* RSA specific */

-		case PKCS8_NS_DB:		/* DSA specific */

-		case PKCS8_EMBEDDED_PARAM:	/* DSA specific */

-		default:

-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);

-	}

-	OPENSSL_cleanse(p, (size_t)i);

-	OPENSSL_free(p);

-	return ret;

-}

-#endif

-/* EVP_PKEY attribute functions */

-int EVP_PKEY_get_attr_count(const EVP_PKEY *key)

-{

-	return X509at_get_attr_count(key->attributes);

-}

-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,

-			  int lastpos)

-{

-	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);

-}

-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,

-			  int lastpos)

-{

-	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);

-}

-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)

-{

-	return X509at_get_attr(key->attributes, loc);

-}

-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)

-{

-	return X509at_delete_attr(key->attributes, loc);

-}

-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)

-{

-	if(X509at_add1_attr(&key->attributes, attr)) return 1;

-	return 0;

-}

-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len)

-{

-	if(X509at_add1_attr_by_OBJ(&key->attributes, obj,

-				type, bytes, len)) return 1;

-	return 0;

-}

-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,

-			int nid, int type,

-			const unsigned char *bytes, int len)

-{

-	if(X509at_add1_attr_by_NID(&key->attributes, nid,

-				type, bytes, len)) return 1;

-	return 0;

-}

-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len)

-{

-	if(X509at_add1_attr_by_txt(&key->attributes, attrname,

-				type, bytes, len)) return 1;

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/evp/evp_test.c

+++ /dev/null

@@ -1,449 +1,0 @@

-/* Written by Ben Laurie, 2001 */

-/*

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#include <stdio.h>

-#include <string.h>

-#include "../e_os.h"

-#include <openssl/opensslconf.h>

-#include <openssl/evp.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/conf.h>

-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)

-    {

-    int n=0;

-    fprintf(f,"%s",title);

-    for( ; n < l ; ++n)

-	{

-	if((n%16) == 0)

-	    fprintf(f,"\n%04x",n);

-	fprintf(f," %02x",s[n]);

-	}

-    fprintf(f,"\n");

-    }

-static int convert(unsigned char *s)

-    {

-    unsigned char *d;

-    for(d=s ; *s ; s+=2,++d)

-	{

-	unsigned int n;

-	if(!s[1])

-	    {

-	    fprintf(stderr,"Odd number of hex digits!");

-	    EXIT(4);

-	    }

-	sscanf((char *)s,"%2x",&n);

-	*d=(unsigned char)n;

-	}

-    return s-d;

-    }

-static char *sstrsep(char **string, const char *delim)

-    {

-    char isdelim[256];

-    char *token = *string;

-    if (**string == 0)

-        return NULL;

-    memset(isdelim, 0, 256);

-    isdelim[0] = 1;

-    while (*delim)

-        {

-        isdelim[(unsigned char)(*delim)] = 1;

-        delim++;

-        }

-    while (!isdelim[(unsigned char)(**string)])

-        {

-        (*string)++;

-        }

-    if (**string)

-        {

-        **string = 0;

-        (*string)++;

-        }

-    return token;

-    }

-static unsigned char *ustrsep(char **p,const char *sep)

-    { return (unsigned char *)sstrsep(p,sep); }

-static int test1_exit(int ec)

-	{

-	EXIT(ec);

-	return(0);		/* To keep some compilers quiet */

-	}

-static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,

-		  const unsigned char *iv,int in,

-		  const unsigned char *plaintext,int pn,

-		  const unsigned char *ciphertext,int cn,

-		  int encdec)

-    {

-    EVP_CIPHER_CTX ctx;

-    unsigned char out[4096];

-    int outl,outl2;

-    printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),

-	   (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));

-    hexdump(stdout,"Key",key,kn);

-    if(in)

-	hexdump(stdout,"IV",iv,in);

-    hexdump(stdout,"Plaintext",plaintext,pn);

-    hexdump(stdout,"Ciphertext",ciphertext,cn);

-    if(kn != c->key_len)

-	{

-	fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,

-		c->key_len);

-	test1_exit(5);

-	}

-    EVP_CIPHER_CTX_init(&ctx);

-    if (encdec != 0)

-        {

-	if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))

-	    {

-	    fprintf(stderr,"EncryptInit failed\n");

-	    ERR_print_errors_fp(stderr);

-	    test1_exit(10);

-	    }

-	EVP_CIPHER_CTX_set_padding(&ctx,0);

-	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))

-	    {

-	    fprintf(stderr,"Encrypt failed\n");

-	    ERR_print_errors_fp(stderr);

-	    test1_exit(6);

-	    }

-	if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))

-	    {

-	    fprintf(stderr,"EncryptFinal failed\n");

-	    ERR_print_errors_fp(stderr);

-	    test1_exit(7);

-	    }

-	if(outl+outl2 != cn)

-	    {

-	    fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",

-		    outl+outl2,cn);

-	    test1_exit(8);

-	    }

-	if(memcmp(out,ciphertext,cn))

-	    {

-	    fprintf(stderr,"Ciphertext mismatch\n");

-	    hexdump(stderr,"Got",out,cn);

-	    hexdump(stderr,"Expected",ciphertext,cn);

-	    test1_exit(9);

-	    }

-	}

-    if (encdec <= 0)

-        {

-	if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))

-	    {

-	    fprintf(stderr,"DecryptInit failed\n");

-	    ERR_print_errors_fp(stderr);

-	    test1_exit(11);

-	    }

-	EVP_CIPHER_CTX_set_padding(&ctx,0);

-	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))

-	    {

-	    fprintf(stderr,"Decrypt failed\n");

-	    ERR_print_errors_fp(stderr);

-	    test1_exit(6);

-	    }

-	if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))

-	    {

-	    fprintf(stderr,"DecryptFinal failed\n");

-	    ERR_print_errors_fp(stderr);

-	    test1_exit(7);

-	    }

-	if(outl+outl2 != cn)

-	    {

-	    fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",

-		    outl+outl2,cn);

-	    test1_exit(8);

-	    }

-	if(memcmp(out,plaintext,cn))

-	    {

-	    fprintf(stderr,"Plaintext mismatch\n");

-	    hexdump(stderr,"Got",out,cn);

-	    hexdump(stderr,"Expected",plaintext,cn);

-	    test1_exit(9);

-	    }

-	}

-    EVP_CIPHER_CTX_cleanup(&ctx);

-    printf("\n");

-    }

-static int test_cipher(const char *cipher,const unsigned char *key,int kn,

-		       const unsigned char *iv,int in,

-		       const unsigned char *plaintext,int pn,

-		       const unsigned char *ciphertext,int cn,

-		       int encdec)

-    {

-    const EVP_CIPHER *c;

-    c=EVP_get_cipherbyname(cipher);

-    if(!c)

-	return 0;

-    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);

-    return 1;

-    }

-static int test_digest(const char *digest,

-		       const unsigned char *plaintext,int pn,

-		       const unsigned char *ciphertext, unsigned int cn)

-    {

-    const EVP_MD *d;

-    EVP_MD_CTX ctx;

-    unsigned char md[EVP_MAX_MD_SIZE];

-    unsigned int mdn;

-    d=EVP_get_digestbyname(digest);

-    if(!d)

-	return 0;

-    printf("Testing digest %s\n",EVP_MD_name(d));

-    hexdump(stdout,"Plaintext",plaintext,pn);

-    hexdump(stdout,"Digest",ciphertext,cn);

-    EVP_MD_CTX_init(&ctx);

-    if(!EVP_DigestInit_ex(&ctx,d, NULL))

-	{

-	fprintf(stderr,"DigestInit failed\n");

-	ERR_print_errors_fp(stderr);

-	EXIT(100);

-	}

-    if(!EVP_DigestUpdate(&ctx,plaintext,pn))

-	{

-	fprintf(stderr,"DigestUpdate failed\n");

-	ERR_print_errors_fp(stderr);

-	EXIT(101);

-	}

-    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))

-	{

-	fprintf(stderr,"DigestFinal failed\n");

-	ERR_print_errors_fp(stderr);

-	EXIT(101);

-	}

-    EVP_MD_CTX_cleanup(&ctx);

-    if(mdn != cn)

-	{

-	fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);

-	EXIT(102);

-	}

-    if(memcmp(md,ciphertext,cn))

-	{

-	fprintf(stderr,"Digest mismatch\n");

-	hexdump(stderr,"Got",md,cn);

-	hexdump(stderr,"Expected",ciphertext,cn);

-	EXIT(103);

-	}

-    printf("\n");

-    EVP_MD_CTX_cleanup(&ctx);

-    return 1;

-    }

-int main(int argc,char **argv)

-    {

-    const char *szTestFile;

-    FILE *f;

-    if(argc != 2)

-	{

-	fprintf(stderr,"%s <test file>\n",argv[0]);

-	EXIT(1);

-	}

-    CRYPTO_malloc_debug_init();

-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);

-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-    szTestFile=argv[1];

-    f=fopen(szTestFile,"r");

-    if(!f)

-	{

-	perror(szTestFile);

-	EXIT(2);

-	}

-    /* Load up the software EVP_CIPHER and EVP_MD definitions */

-    OpenSSL_add_all_ciphers();

-    OpenSSL_add_all_digests();

-#ifndef OPENSSL_NO_ENGINE

-    /* Load all compiled-in ENGINEs */

-    ENGINE_load_builtin_engines();

-#endif

-#if 0

-    OPENSSL_config();

-#endif

-#ifndef OPENSSL_NO_ENGINE

-    /* Register all available ENGINE implementations of ciphers and digests.

-     * This could perhaps be changed to "ENGINE_register_all_complete()"? */

-    ENGINE_register_all_ciphers();

-    ENGINE_register_all_digests();

-    /* If we add command-line options, this statement should be switchable.

-     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if

-     * they weren't already initialised. */

-    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */

-#endif

-    for( ; ; )

-	{

-	char line[4096];

-	char *p;

-	char *cipher;

-	unsigned char *iv,*key,*plaintext,*ciphertext;

-	int encdec;

-	int kn,in,pn,cn;

-	if(!fgets((char *)line,sizeof line,f))

-	    break;

-	if(line[0] == '#' || line[0] == '\n')

-	    continue;

-	p=line;

-	cipher=sstrsep(&p,":");

-	key=ustrsep(&p,":");

-	iv=ustrsep(&p,":");

-	plaintext=ustrsep(&p,":");

-	ciphertext=ustrsep(&p,":");

-	if (p[-1] == '\n') {

-	    p[-1] = '\0';

-	    encdec = -1;

-	} else {

-	    encdec = atoi(sstrsep(&p,"\n"));

-	}

-	kn=convert(key);

-	in=convert(iv);

-	pn=convert(plaintext);

-	cn=convert(ciphertext);

-	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)

-	   && !test_digest(cipher,plaintext,pn,ciphertext,cn))

-	    {

-#ifdef OPENSSL_NO_AES

-	    if (strstr(cipher, "AES") == cipher)

-		{

-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);

-		continue;

-		}

-#endif

-#ifdef OPENSSL_NO_DES

-	    if (strstr(cipher, "DES") == cipher)

-		{

-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);

-		continue;

-		}

-#endif

-#ifdef OPENSSL_NO_RC4

-	    if (strstr(cipher, "RC4") == cipher)

-		{

-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);

-		continue;

-		}

-#endif

-#ifdef OPENSSL_NO_CAMELLIA

-	    if (strstr(cipher, "CAMELLIA") == cipher)

-		{

-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);

-		continue;

-		}

-#endif

-#ifdef OPENSSL_NO_SEED

-	    if (strstr(cipher, "SEED") == cipher)

-		{

-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);

-		continue;

-		}

-#endif

-	    fprintf(stderr,"Can't find %s\n",cipher);

-	    EXIT(3);

-	    }

-	}

-#ifndef OPENSSL_NO_ENGINE

-    ENGINE_cleanup();

-#endif

-    EVP_cleanup();

-    CRYPTO_cleanup_all_ex_data();

-    ERR_remove_state(0);

-    ERR_free_strings();

-    CRYPTO_mem_leaks_fp(stderr);

-    return 0;

-    }

--- a/sys/src/ape/lib/openssl/crypto/evp/evptests.txt

+++ /dev/null

@@ -1,321 +1,0 @@

-#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)

-#digest:::input:output

-# SHA(1) tests (from shatest.c)

-SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d

-# MD5 tests (from md5test.c)

-MD5::::d41d8cd98f00b204e9800998ecf8427e

-MD5:::61:0cc175b9c0f1b6a831c399e269772661

-MD5:::616263:900150983cd24fb0d6963f7d28e17f72

-MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0

-MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b

-MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f

-MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a

-# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)

-AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1

-# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)

-AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1

-# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)

-AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1

-# AES 128 ECB tests (from NIST test vectors, encrypt)

-#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1

-# AES 128 ECB tests (from NIST test vectors, decrypt)

-#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0

-# AES 192 ECB tests (from NIST test vectors, decrypt)

-#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0

-# AES 256 ECB tests (from NIST test vectors, decrypt)

-#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0

-# AES 128 CBC tests (from NIST test vectors, encrypt)

-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1

-# AES 192 CBC tests (from NIST test vectors, encrypt)

-#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1

-# AES 256 CBC tests (from NIST test vectors, encrypt)

-#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1

-# AES 128 CBC tests (from NIST test vectors, decrypt)

-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0

-# AES tests from NIST document SP800-38A

-# For all ECB encrypts and decrypts, the transformed sequence is

-#   AES-bits-ECB:key::plaintext:ciphertext:encdec

-# ECB-AES128.Encrypt and ECB-AES128.Decrypt

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4

-# ECB-AES192.Encrypt and ECB-AES192.Decrypt

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E

-# ECB-AES256.Encrypt and ECB-AES256.Decrypt

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7

-# For all CBC encrypts and decrypts, the transformed sequence is

-#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CBC-AES128.Encrypt and CBC-AES128.Decrypt

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7

-# CBC-AES192.Encrypt and CBC-AES192.Decrypt

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD

-# CBC-AES256.Encrypt and CBC-AES256.Decrypt

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B

-# We don't support CFB{1,8}-AESxxx.{En,De}crypt

-# For all CFB128 encrypts and decrypts, the transformed sequence is

-#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CFB128-AES128.Encrypt

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1

-# CFB128-AES128.Decrypt

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0

-# CFB128-AES192.Encrypt

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1

-# CFB128-AES192.Decrypt

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0

-# CFB128-AES256.Encrypt

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1

-# CFB128-AES256.Decrypt

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0

-# For all OFB encrypts and decrypts, the transformed sequence is

-#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec

-# OFB-AES128.Encrypt

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1

-# OFB-AES128.Decrypt

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0

-# OFB-AES192.Encrypt

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1

-# OFB-AES192.Decrypt

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0

-# OFB-AES256.Encrypt

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1

-# OFB-AES256.Decrypt

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0

-# DES ECB tests (from destest)

-DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7

-DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58

-DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B

-DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533

-DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D

-DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD

-DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4

-# DESX-CBC tests (from destest)

-DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4

-# DES EDE3 CBC tests (from destest)

-DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675

-# RC4 tests (from rc4test)

-RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596

-RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879

-RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a

-RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858

-RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf

-RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61

-# Camellia tests from RFC3713

-# For all ECB encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec

-CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43

-CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9

-CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509

-# ECB-CAMELLIA128.Encrypt

-CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1

-CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1

-CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1

-# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A

-# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26

-# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B

-# For all CBC encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980

-# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08

-# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F

-# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt

-# For all CFB128 encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CFB128-CAMELLIA128.Encrypt

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1

-# CFB128-CAMELLIA128.Decrypt

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0

-# CFB128-CAMELLIA192.Encrypt

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1

-# CFB128-CAMELLIA192.Decrypt

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0

-# CFB128-CAMELLIA256.Encrypt

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1

-# CFB128-CAMELLIA256.Decrypt

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0

-# For all OFB encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec

-# OFB-CAMELLIA128.Encrypt

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1

-# OFB-CAMELLIA128.Decrypt

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0

-# OFB-CAMELLIA192.Encrypt

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1

-# OFB-CAMELLIA192.Decrypt

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0

-# OFB-CAMELLIA256.Encrypt

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1

-# OFB-CAMELLIA256.Decrypt

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0

-# SEED test vectors from RFC4269

-SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0

-SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0

-SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0

-SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0

-SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1

-SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1

-SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1

-SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1

--- a/sys/src/ape/lib/openssl/crypto/evp/m_dss.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* crypto/evp/m_dss.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_SHA

-static int init(EVP_MD_CTX *ctx)

-	{ return SHA1_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA1_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA1_Final(md,ctx->md_data); }

-static const EVP_MD dsa_md=

-	{

-	NID_dsaWithSHA,

-	NID_dsaWithSHA,

-	SHA_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_DSA_method,

-	SHA_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA_CTX),

-	};

-const EVP_MD *EVP_dss(void)

-	{

-	return(&dsa_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_dss1.c

+++ /dev/null

@@ -1,100 +1,0 @@

-/* crypto/evp/m_dss1.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_SHA

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return SHA1_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA1_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA1_Final(md,ctx->md_data); }

-static const EVP_MD dss1_md=

-	{

-	NID_dsa,

-	NID_dsaWithSHA1,

-	SHA_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_DSA_method,

-	SHA_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA_CTX),

-	};

-const EVP_MD *EVP_dss1(void)

-	{

-	return(&dss1_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_ecdsa.c

+++ /dev/null

@@ -1,148 +1,0 @@

-/* crypto/evp/m_ecdsa.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_SHA

-static int init(EVP_MD_CTX *ctx)

-	{ return SHA1_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA1_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA1_Final(md,ctx->md_data); }

-static const EVP_MD ecdsa_md=

-	{

-	NID_ecdsa_with_SHA1,

-	NID_ecdsa_with_SHA1,

-	SHA_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_ECDSA_method,

-	SHA_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA_CTX),

-	};

-const EVP_MD *EVP_ecdsa(void)

-	{

-	return(&ecdsa_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_md2.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/evp/m_md2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_MD2

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/md2.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return MD2_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return MD2_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return MD2_Final(md,ctx->md_data); }

-static const EVP_MD md2_md=

-	{

-	NID_md2,

-	NID_md2WithRSAEncryption,

-	MD2_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	MD2_BLOCK,

-	sizeof(EVP_MD *)+sizeof(MD2_CTX),

-	};

-const EVP_MD *EVP_md2(void)

-	{

-	return(&md2_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_md4.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/evp/m_md4.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_MD4

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/md4.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return MD4_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return MD4_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return MD4_Final(md,ctx->md_data); }

-static const EVP_MD md4_md=

-	{

-	NID_md4,

-	NID_md4WithRSAEncryption,

-	MD4_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	MD4_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(MD4_CTX),

-	};

-const EVP_MD *EVP_md4(void)

-	{

-	return(&md4_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_md5.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/evp/m_md5.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_MD5

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/md5.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return MD5_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return MD5_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return MD5_Final(md,ctx->md_data); }

-static const EVP_MD md5_md=

-	{

-	NID_md5,

-	NID_md5WithRSAEncryption,

-	MD5_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	MD5_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(MD5_CTX),

-	};

-const EVP_MD *EVP_md5(void)

-	{

-	return(&md5_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_mdc2.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* crypto/evp/m_mdc2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_MDC2

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/mdc2.h>

-#include <openssl/rsa.h>

-static int init(EVP_MD_CTX *ctx)

-	{ return MDC2_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return MDC2_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return MDC2_Final(md,ctx->md_data); }

-static const EVP_MD mdc2_md=

-	{

-	NID_mdc2,

-	NID_mdc2WithRSA,

-	MDC2_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_ASN1_OCTET_STRING_method,

-	MDC2_BLOCK,

-	sizeof(EVP_MD *)+sizeof(MDC2_CTX),

-	};

-const EVP_MD *EVP_mdc2(void)

-	{

-	return(&mdc2_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_null.c

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/evp/m_null.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-static int init(EVP_MD_CTX *ctx)

-	{ return 1; }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return 1; }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return 1; }

-static const EVP_MD null_md=

-	{

-	NID_undef,

-	NID_undef,

-	0,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_NULL_method,

-	0,

-	sizeof(EVP_MD *),

-	};

-const EVP_MD *EVP_md_null(void)

-	{

-	return(&null_md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/m_ripemd.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/evp/m_ripemd.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_RIPEMD

-#include <openssl/ripemd.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return RIPEMD160_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return RIPEMD160_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return RIPEMD160_Final(md,ctx->md_data); }

-static const EVP_MD ripemd160_md=

-	{

-	NID_ripemd160,

-	NID_ripemd160WithRSA,

-	RIPEMD160_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	RIPEMD160_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),

-	};

-const EVP_MD *EVP_ripemd160(void)

-	{

-	return(&ripemd160_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_sha.c

+++ /dev/null

@@ -1,100 +1,0 @@

-/* crypto/evp/m_sha.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return SHA_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA_Final(md,ctx->md_data); }

-static const EVP_MD sha_md=

-	{

-	NID_sha,

-	NID_shaWithRSAEncryption,

-	SHA_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA_CTX),

-	};

-const EVP_MD *EVP_sha(void)

-	{

-	return(&sha_md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/m_sha1.c

+++ /dev/null

@@ -1,204 +1,0 @@

-/* crypto/evp/m_sha1.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_SHA

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-static int init(EVP_MD_CTX *ctx)

-	{ return SHA1_Init(ctx->md_data); }

-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA1_Update(ctx->md_data,data,count); }

-static int final(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA1_Final(md,ctx->md_data); }

-static const EVP_MD sha1_md=

-	{

-	NID_sha1,

-	NID_sha1WithRSAEncryption,

-	SHA_DIGEST_LENGTH,

-	0,

-	init,

-	update,

-	final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA_CTX),

-	};

-const EVP_MD *EVP_sha1(void)

-	{

-	return(&sha1_md);

-	}

-#endif

-#ifndef OPENSSL_NO_SHA256

-static int init224(EVP_MD_CTX *ctx)

-	{ return SHA224_Init(ctx->md_data); }

-static int init256(EVP_MD_CTX *ctx)

-	{ return SHA256_Init(ctx->md_data); }

-/*

- * Even though there're separate SHA224_[Update|Final], we call

- * SHA256 functions even in SHA224 context. This is what happens

- * there anyway, so we can spare few CPU cycles:-)

- */

-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA256_Update(ctx->md_data,data,count); }

-static int final256(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA256_Final(md,ctx->md_data); }

-static const EVP_MD sha224_md=

-	{

-	NID_sha224,

-	NID_sha224WithRSAEncryption,

-	SHA224_DIGEST_LENGTH,

-	0,

-	init224,

-	update256,

-	final256,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA256_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA256_CTX),

-	};

-const EVP_MD *EVP_sha224(void)

-	{ return(&sha224_md); }

-static const EVP_MD sha256_md=

-	{

-	NID_sha256,

-	NID_sha256WithRSAEncryption,

-	SHA256_DIGEST_LENGTH,

-	0,

-	init256,

-	update256,

-	final256,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA256_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA256_CTX),

-	};

-const EVP_MD *EVP_sha256(void)

-	{ return(&sha256_md); }

-#endif	/* ifndef OPENSSL_NO_SHA256 */

-#ifndef OPENSSL_NO_SHA512

-static int init384(EVP_MD_CTX *ctx)

-	{ return SHA384_Init(ctx->md_data); }

-static int init512(EVP_MD_CTX *ctx)

-	{ return SHA512_Init(ctx->md_data); }

-/* See comment in SHA224/256 section */

-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)

-	{ return SHA512_Update(ctx->md_data,data,count); }

-static int final512(EVP_MD_CTX *ctx,unsigned char *md)

-	{ return SHA512_Final(md,ctx->md_data); }

-static const EVP_MD sha384_md=

-	{

-	NID_sha384,

-	NID_sha384WithRSAEncryption,

-	SHA384_DIGEST_LENGTH,

-	0,

-	init384,

-	update512,

-	final512,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA512_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA512_CTX),

-	};

-const EVP_MD *EVP_sha384(void)

-	{ return(&sha384_md); }

-static const EVP_MD sha512_md=

-	{

-	NID_sha512,

-	NID_sha512WithRSAEncryption,

-	SHA512_DIGEST_LENGTH,

-	0,

-	init512,

-	update512,

-	final512,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	SHA512_CBLOCK,

-	sizeof(EVP_MD *)+sizeof(SHA512_CTX),

-	};

-const EVP_MD *EVP_sha512(void)

-	{ return(&sha512_md); }

-#endif	/* ifndef OPENSSL_NO_SHA512 */

--- a/sys/src/ape/lib/openssl/crypto/evp/names.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* crypto/evp/names.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int EVP_add_cipher(const EVP_CIPHER *c)

-	{

-	int r;

-	r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);

-	if (r == 0) return(0);

-	r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);

-	return(r);

-	}

-int EVP_add_digest(const EVP_MD *md)

-	{

-	int r;

-	const char *name;

-	name=OBJ_nid2sn(md->type);

-	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);

-	if (r == 0) return(0);

-	r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);

-	if (r == 0) return(0);

-	if (md->type != md->pkey_type)

-		{

-		r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),

-			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);

-		if (r == 0) return(0);

-		r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),

-			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);

-		}

-	return(r);

-	}

-const EVP_CIPHER *EVP_get_cipherbyname(const char *name)

-	{

-	const EVP_CIPHER *cp;

-	cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);

-	return(cp);

-	}

-const EVP_MD *EVP_get_digestbyname(const char *name)

-	{

-	const EVP_MD *cp;

-	cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);

-	return(cp);

-	}

-void EVP_cleanup(void)

-	{

-	OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);

-	OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);

-	/* The above calls will only clean out the contents of the name

-	   hash table, but not the hash table itself.  The following line

-	   does that part.  -- Richard Levitte */

-	OBJ_NAME_cleanup(-1);

-	EVP_PBE_cleanup();

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/openbsd_hw.c

+++ /dev/null

@@ -1,446 +1,0 @@

-/* Written by Ben Laurie, 2001 */

-/*

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/rsa.h>

-#include "evp_locl.h"

-/* This stuff should now all be supported through

- * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */

-static void *dummy=&dummy;

-#if 0

-/* check flag after OpenSSL headers to ensure make depend works */

-#ifdef OPENSSL_OPENBSD_DEV_CRYPTO

-#include <fcntl.h>

-#include <stdio.h>

-#include <errno.h>

-#include <sys/ioctl.h>

-#include <crypto/cryptodev.h>

-#include <unistd.h>

-#include <assert.h>

-/* longest key supported in hardware */

-#define MAX_HW_KEY	24

-#define MAX_HW_IV	8

-#define MD5_DIGEST_LENGTH	16

-#define MD5_CBLOCK		64

-static int fd;

-static int dev_failed;

-typedef struct session_op session_op;

-#define CDATA(ctx) EVP_C_DATA(session_op,ctx)

-static void err(const char *str)

-    {

-    fprintf(stderr,"%s: errno %d\n",str,errno);

-    }

-static int dev_crypto_init(session_op *ses)

-    {

-    if(dev_failed)

-	return 0;

-    if(!fd)

-	{

-	int cryptodev_fd;

-        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)

-	    {

-	    err("/dev/crypto");

-	    dev_failed=1;

-	    return 0;

-	    }

-        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)

-	    {

-	    err("CRIOGET failed");

-	    close(cryptodev_fd);

-	    dev_failed=1;

-	    return 0;

-	    }

-	close(cryptodev_fd);

-	}

-    assert(ses);

-    memset(ses,'\0',sizeof *ses);

-    return 1;

-    }

-static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)

-    {

-    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)

-	err("CIOCFSESSION failed");

-    OPENSSL_free(CDATA(ctx)->key);

-    return 1;

-    }

-static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,

-			       const unsigned char *key,int klen)

-    {

-    if(!dev_crypto_init(CDATA(ctx)))

-	return 0;

-    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);

-    assert(ctx->cipher->iv_len <= MAX_HW_IV);

-    memcpy(CDATA(ctx)->key,key,klen);

-    CDATA(ctx)->cipher=cipher;

-    CDATA(ctx)->keylen=klen;

-    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)

-	{

-	err("CIOCGSESSION failed");

-	return 0;

-	}

-    return 1;

-    }

-static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,

-			     const unsigned char *in,unsigned int inl)

-    {

-    struct crypt_op cryp;

-    unsigned char lb[MAX_HW_IV];

-    if(!inl)

-	return 1;

-    assert(CDATA(ctx));

-    assert(!dev_failed);

-    memset(&cryp,'\0',sizeof cryp);

-    cryp.ses=CDATA(ctx)->ses;

-    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;

-    cryp.flags=0;

-    cryp.len=inl;

-    assert((inl&(ctx->cipher->block_size-1)) == 0);

-    cryp.src=(caddr_t)in;

-    cryp.dst=(caddr_t)out;

-    cryp.mac=0;

-    if(ctx->cipher->iv_len)

-	cryp.iv=(caddr_t)ctx->iv;

-    if(!ctx->encrypt)

-	memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);

-    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)

-	{

-	if(errno == EINVAL) /* buffers are misaligned */

-	    {

-	    unsigned int cinl=0;

-	    char *cin=NULL;

-	    char *cout=NULL;

-	    /* NB: this can only make cinl != inl with stream ciphers */

-	    cinl=(inl+3)/4*4;

-	    if(((unsigned long)in&3) || cinl != inl)

-		{

-		cin=OPENSSL_malloc(cinl);

-		memcpy(cin,in,inl);

-		cryp.src=cin;

-		}

-	    if(((unsigned long)out&3) || cinl != inl)

-		{

-		cout=OPENSSL_malloc(cinl);

-		cryp.dst=cout;

-		}

-	    cryp.len=cinl;

-	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)

-		{

-		err("CIOCCRYPT(2) failed");

-		printf("src=%p dst=%p\n",cryp.src,cryp.dst);

-		abort();

-		return 0;

-		}

-	    if(cout)

-		{

-		memcpy(out,cout,inl);

-		OPENSSL_free(cout);

-		}

-	    if(cin)

-		OPENSSL_free(cin);

-	    }

-	else

-	    {

-	    err("CIOCCRYPT failed");

-	    abort();

-	    return 0;

-	    }

-	}

-    if(ctx->encrypt)

-	memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);

-    else

-	memcpy(ctx->iv,lb,ctx->cipher->iv_len);

-    return 1;

-    }

-static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,

-					const unsigned char *key,

-					const unsigned char *iv, int enc)

-    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }

-#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher

-BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,

-		     0, dev_crypto_des_ede3_init_key,

-		     dev_crypto_cleanup,

-		     EVP_CIPHER_set_asn1_iv,

-		     EVP_CIPHER_get_asn1_iv,

-		     NULL)

-static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,

-					const unsigned char *key,

-					const unsigned char *iv, int enc)

-    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }

-static const EVP_CIPHER r4_cipher=

-    {

-    NID_rc4,

-    1,16,0,	/* FIXME: key should be up to 256 bytes */

-    EVP_CIPH_VARIABLE_LENGTH,

-    dev_crypto_rc4_init_key,

-    dev_crypto_cipher,

-    dev_crypto_cleanup,

-    sizeof(session_op),

-    NULL,

-    NULL,

-    NULL

-    };

-const EVP_CIPHER *EVP_dev_crypto_rc4(void)

-    { return &r4_cipher; }

-typedef struct

-    {

-    session_op sess;

-    char *data;

-    int len;

-    unsigned char md[EVP_MAX_MD_SIZE];

-    } MD_DATA;

-static int dev_crypto_init_digest(MD_DATA *md_data,int mac)

-    {

-    if(!dev_crypto_init(&md_data->sess))

-	return 0;

-    md_data->len=0;

-    md_data->data=NULL;

-    md_data->sess.mac=mac;

-    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)

-	{

-	err("CIOCGSESSION failed");

-	return 0;

-	}

-    return 1;

-    }

-static int dev_crypto_cleanup_digest(MD_DATA *md_data)

-    {

-    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)

-	{

-	err("CIOCFSESSION failed");

-	return 0;

-	}

-    return 1;

-    }

-/* FIXME: if device can do chained MACs, then don't accumulate */

-/* FIXME: move accumulation to the framework */

-static int dev_crypto_md5_init(EVP_MD_CTX *ctx)

-    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }

-static int do_digest(int ses,unsigned char *md,const void *data,int len)

-    {

-    struct crypt_op cryp;

-    static unsigned char md5zero[16]=

-	{

-	0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,

-	0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e

-	};

-    /* some cards can't do zero length */

-    if(!len)

-	{

-	memcpy(md,md5zero,16);

-	return 1;

-	}

-    memset(&cryp,'\0',sizeof cryp);

-    cryp.ses=ses;

-    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */

-    cryp.len=len;

-    cryp.src=(caddr_t)data;

-    cryp.dst=(caddr_t)data; // FIXME!!!

-    cryp.mac=(caddr_t)md;

-    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)

-	{

-	if(errno == EINVAL) /* buffer is misaligned */

-	    {

-	    char *dcopy;

-	    dcopy=OPENSSL_malloc(len);

-	    memcpy(dcopy,data,len);

-	    cryp.src=dcopy;

-	    cryp.dst=cryp.src; // FIXME!!!

-	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)

-		{

-		err("CIOCCRYPT(MAC2) failed");

-		abort();

-		return 0;

-		}

-	    OPENSSL_free(dcopy);

-	    }

-	else

-	    {

-	    err("CIOCCRYPT(MAC) failed");

-	    abort();

-	    return 0;

-	    }

-	}

-    //    printf("done\n");

-    return 1;

-    }

-static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,

-				 unsigned long len)

-    {

-    MD_DATA *md_data=ctx->md_data;

-    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)

-	return do_digest(md_data->sess.ses,md_data->md,data,len);

-    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);

-    memcpy(md_data->data+md_data->len,data,len);

-    md_data->len+=len;

-    return 1;

-    }

-static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)

-    {

-    int ret;

-    MD_DATA *md_data=ctx->md_data;

-    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)

-	{

-	memcpy(md,md_data->md,MD5_DIGEST_LENGTH);

-	ret=1;

-	}

-    else

-	{

-	ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);

-	OPENSSL_free(md_data->data);

-	md_data->data=NULL;

-	md_data->len=0;

-	}

-    return ret;

-    }

-static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)

-    {

-    const MD_DATA *from_md=from->md_data;

-    MD_DATA *to_md=to->md_data;

-    // How do we copy sessions?

-    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);

-    to_md->data=OPENSSL_malloc(from_md->len);

-    memcpy(to_md->data,from_md->data,from_md->len);

-    return 1;

-    }

-static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)

-    {

-    return dev_crypto_cleanup_digest(ctx->md_data);

-    }

-static const EVP_MD md5_md=

-    {

-    NID_md5,

-    NID_md5WithRSAEncryption,

-    MD5_DIGEST_LENGTH,

-    EVP_MD_FLAG_ONESHOT,	// XXX: set according to device info...

-    dev_crypto_md5_init,

-    dev_crypto_md5_update,

-    dev_crypto_md5_final,

-    dev_crypto_md5_copy,

-    dev_crypto_md5_cleanup,

-    EVP_PKEY_RSA_method,

-    MD5_CBLOCK,

-    sizeof(MD_DATA),

-    };

-const EVP_MD *EVP_dev_crypto_md5(void)

-    { return &md5_md; }

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/p5_crpt.c

+++ /dev/null

@@ -1,159 +1,0 @@

-/* p5_crpt.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/evp.h>

-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.

- */

-void PKCS5_PBE_add(void)

-{

-#ifndef OPENSSL_NO_DES

-#  ifndef OPENSSL_NO_MD5

-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),

-							 PKCS5_PBE_keyivgen);

-#  endif

-#  ifndef OPENSSL_NO_MD2

-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),

-							 PKCS5_PBE_keyivgen);

-#  endif

-#  ifndef OPENSSL_NO_SHA

-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),

-							 PKCS5_PBE_keyivgen);

-#  endif

-#endif

-#ifndef OPENSSL_NO_RC2

-#  ifndef OPENSSL_NO_MD5

-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),

-							 PKCS5_PBE_keyivgen);

-#  endif

-#  ifndef OPENSSL_NO_MD2

-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),

-							 PKCS5_PBE_keyivgen);

-#  endif

-#  ifndef OPENSSL_NO_SHA

-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),

-							 PKCS5_PBE_keyivgen);

-#  endif

-#endif

-#ifndef OPENSSL_NO_HMAC

-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);

-#endif

-}

-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,

-			 int en_de)

-{

-	EVP_MD_CTX ctx;

-	unsigned char md_tmp[EVP_MAX_MD_SIZE];

-	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

-	int i;

-	PBEPARAM *pbe;

-	int saltlen, iter;

-	unsigned char *salt;

-	const unsigned char *pbuf;

-	/* Extract useful info from parameter */

-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||

-	    param->value.sequence == NULL) {

-		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);

-		return 0;

-	}

-	pbuf = param->value.sequence->data;

-	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {

-		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);

-		return 0;

-	}

-	if (!pbe->iter) iter = 1;

-	else iter = ASN1_INTEGER_get (pbe->iter);

-	salt = pbe->salt->data;

-	saltlen = pbe->salt->length;

-	if(!pass) passlen = 0;

-	else if(passlen == -1) passlen = strlen(pass);

-	EVP_MD_CTX_init(&ctx);

-	EVP_DigestInit_ex(&ctx, md, NULL);

-	EVP_DigestUpdate(&ctx, pass, passlen);

-	EVP_DigestUpdate(&ctx, salt, saltlen);

-	PBEPARAM_free(pbe);

-	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);

-	for (i = 1; i < iter; i++) {

-		EVP_DigestInit_ex(&ctx, md, NULL);

-		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));

-		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);

-	}

-	EVP_MD_CTX_cleanup(&ctx);

-	OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));

-	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));

-	OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);

-	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),

-						 EVP_CIPHER_iv_length(cipher));

-	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);

-	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);

-	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);

-	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/evp/p5_crpt2.c

+++ /dev/null

@@ -1,263 +1,0 @@

-/* p5_crpt2.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include "cryptlib.h"

-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)

-#include <openssl/x509.h>

-#include <openssl/evp.h>

-#include <openssl/hmac.h>

-/* set this to print out info about the keygen algorithm */

-/* #define DEBUG_PKCS5V2 */

-#ifdef DEBUG_PKCS5V2

-	static void h__dump (const unsigned char *p, int len);

-#endif

-/* This is an implementation of PKCS#5 v2.0 password based encryption key

- * derivation function PBKDF2 using the only currently defined function HMAC

- * with SHA1. Verified against test vectors posted by Peter Gutmann

- * <[email protected]> to the PKCS-TNG <[email protected]> mailing list.

- */

-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,

-			   const unsigned char *salt, int saltlen, int iter,

-			   int keylen, unsigned char *out)

-{

-	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];

-	int cplen, j, k, tkeylen;

-	unsigned long i = 1;

-	HMAC_CTX hctx;

-	HMAC_CTX_init(&hctx);

-	p = out;

-	tkeylen = keylen;

-	if(!pass) passlen = 0;

-	else if(passlen == -1) passlen = strlen(pass);

-	while(tkeylen) {

-		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;

-		else cplen = tkeylen;

-		/* We are unlikely to ever use more than 256 blocks (5120 bits!)

-		 * but just in case...

-		 */

-		itmp[0] = (unsigned char)((i >> 24) & 0xff);

-		itmp[1] = (unsigned char)((i >> 16) & 0xff);

-		itmp[2] = (unsigned char)((i >> 8) & 0xff);

-		itmp[3] = (unsigned char)(i & 0xff);

-		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);

-		HMAC_Update(&hctx, salt, saltlen);

-		HMAC_Update(&hctx, itmp, 4);

-		HMAC_Final(&hctx, digtmp, NULL);

-		memcpy(p, digtmp, cplen);

-		for(j = 1; j < iter; j++) {

-			HMAC(EVP_sha1(), pass, passlen,

-				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);

-			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];

-		}

-		tkeylen-= cplen;

-		i++;

-		p+= cplen;

-	}

-	HMAC_CTX_cleanup(&hctx);

-#ifdef DEBUG_PKCS5V2

-	fprintf(stderr, "Password:\n");

-	h__dump (pass, passlen);

-	fprintf(stderr, "Salt:\n");

-	h__dump (salt, saltlen);

-	fprintf(stderr, "Iteration count %d\n", iter);

-	fprintf(stderr, "Key:\n");

-	h__dump (out, keylen);

-#endif

-	return 1;

-}

-#ifdef DO_TEST

-main()

-{

-	unsigned char out[4];

-	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};

-	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);

-	fprintf(stderr, "Out %02X %02X %02X %02X\n",

-					 out[0], out[1], out[2], out[3]);

-}

-#endif

-/* Now the key derivation function itself. This is a bit evil because

- * it has to check the ASN1 parameters are valid: and there are quite a

- * few of them...

- */

-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,

-                         int en_de)

-{

-	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];

-	const unsigned char *pbuf;

-	int saltlen, iter, plen;

-	unsigned int keylen;

-	PBE2PARAM *pbe2 = NULL;

-	const EVP_CIPHER *cipher;

-	PBKDF2PARAM *kdf = NULL;

-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||

-	    param->value.sequence == NULL) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);

-		return 0;

-	}

-	pbuf = param->value.sequence->data;

-	plen = param->value.sequence->length;

-	if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);

-		return 0;

-	}

-	/* See if we recognise the key derivation function */

-	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,

-				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);

-		goto err;

-	}

-	/* lets see if we recognise the encryption algorithm.

-	 */

-	cipher = EVP_get_cipherbyname(

-			OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));

-	if(!cipher) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,

-						EVP_R_UNSUPPORTED_CIPHER);

-		goto err;

-	}

-	/* Fixup cipher based on AlgorithmIdentifier */

-	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);

-	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,

-					EVP_R_CIPHER_PARAMETER_ERROR);

-		goto err;

-	}

-	keylen = EVP_CIPHER_CTX_key_length(ctx);

-	OPENSSL_assert(keylen <= sizeof key);

-	/* Now decode key derivation function */

-	if(!pbe2->keyfunc->parameter ||

-		 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))

-		{

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);

-		goto err;

-		}

-	pbuf = pbe2->keyfunc->parameter->value.sequence->data;

-	plen = pbe2->keyfunc->parameter->value.sequence->length;

-	if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);

-		goto err;

-	}

-	PBE2PARAM_free(pbe2);

-	pbe2 = NULL;

-	/* Now check the parameters of the kdf */

-	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,

-						EVP_R_UNSUPPORTED_KEYLENGTH);

-		goto err;

-	}

-	if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);

-		goto err;

-	}

-	if(kdf->salt->type != V_ASN1_OCTET_STRING) {

-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,

-						EVP_R_UNSUPPORTED_SALT_TYPE);

-		goto err;

-	}

-	/* it seems that its all OK */

-	salt = kdf->salt->value.octet_string->data;

-	saltlen = kdf->salt->value.octet_string->length;

-	iter = ASN1_INTEGER_get(kdf->iter);

-	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);

-	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);

-	OPENSSL_cleanse(key, keylen);

-	PBKDF2PARAM_free(kdf);

-	return 1;

-	err:

-	PBE2PARAM_free(pbe2);

-	PBKDF2PARAM_free(kdf);

-	return 0;

-}

-#ifdef DEBUG_PKCS5V2

-static void h__dump (const unsigned char *p, int len)

-{

-        for (; len --; p++) fprintf(stderr, "%02X ", *p);

-        fprintf(stderr, "\n");

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/p_dec.c

+++ /dev/null

@@ -1,87 +1,0 @@

-/* crypto/evp/p_dec.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,

-	     EVP_PKEY *priv)

-	{

-	int ret= -1;

-#ifndef OPENSSL_NO_RSA

-	if (priv->type != EVP_PKEY_RSA)

-		{

-#endif

-		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);

-#ifndef OPENSSL_NO_RSA

-		goto err;

-                }

-	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);

-err:

-#endif

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/p_enc.c

+++ /dev/null

@@ -1,86 +1,0 @@

-/* crypto/evp/p_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,

-	     EVP_PKEY *pubk)

-	{

-	int ret=0;

-#ifndef OPENSSL_NO_RSA

-	if (pubk->type != EVP_PKEY_RSA)

-		{

-#endif

-		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);

-#ifndef OPENSSL_NO_RSA

-		goto err;

-		}

-	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);

-err:

-#endif

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/p_lib.c

+++ /dev/null

@@ -1,502 +1,0 @@

-/* crypto/evp/p_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/err.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/asn1_mac.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-static void EVP_PKEY_free_it(EVP_PKEY *x);

-int EVP_PKEY_bits(EVP_PKEY *pkey)

-	{

-	if (0)

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	else if (pkey->type == EVP_PKEY_RSA)

-		return(BN_num_bits(pkey->pkey.rsa->n));

-#endif

-#ifndef OPENSSL_NO_DSA

-	else if (pkey->type == EVP_PKEY_DSA)

-		return(BN_num_bits(pkey->pkey.dsa->p));

-#endif

-#ifndef OPENSSL_NO_EC

-	else if (pkey->type == EVP_PKEY_EC)

-		{

-		BIGNUM *order = BN_new();

-		const EC_GROUP *group;

-		int ret;

-		if (!order)

-			{

-			ERR_clear_error();

-			return 0;

-			}

-		group = EC_KEY_get0_group(pkey->pkey.ec);

-		if (!EC_GROUP_get_order(group, order, NULL))

-			{

-			ERR_clear_error();

-			return 0;

-			}

-		ret = BN_num_bits(order);

-		BN_free(order);

-		return ret;

-		}

-#endif

-	return(0);

-	}

-int EVP_PKEY_size(EVP_PKEY *pkey)

-	{

-	if (pkey == NULL)

-		return(0);

-#ifndef OPENSSL_NO_RSA

-	if (pkey->type == EVP_PKEY_RSA)

-		return(RSA_size(pkey->pkey.rsa));

-	else

-#endif

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-		return(DSA_size(pkey->pkey.dsa));

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		if (pkey->type == EVP_PKEY_EC)

-		return(ECDSA_size(pkey->pkey.ec));

-#endif

-	return(0);

-	}

-int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)

-	{

-#ifndef OPENSSL_NO_DSA

-	if (pkey->type == EVP_PKEY_DSA)

-		{

-		int ret=pkey->save_parameters;

-		if (mode >= 0)

-			pkey->save_parameters=mode;

-		return(ret);

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	if (pkey->type == EVP_PKEY_EC)

-		{

-		int ret = pkey->save_parameters;

-		if (mode >= 0)

-			pkey->save_parameters = mode;

-		return(ret);

-		}

-#endif

-	return(0);

-	}

-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)

-	{

-	if (to->type != from->type)

-		{

-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);

-		goto err;

-		}

-	if (EVP_PKEY_missing_parameters(from))

-		{

-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);

-		goto err;

-		}

-#ifndef OPENSSL_NO_DSA

-	if (to->type == EVP_PKEY_DSA)

-		{

-		BIGNUM *a;

-		if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;

-		if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);

-		to->pkey.dsa->p=a;

-		if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;

-		if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);

-		to->pkey.dsa->q=a;

-		if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;

-		if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);

-		to->pkey.dsa->g=a;

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	if (to->type == EVP_PKEY_EC)

-		{

-		EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));

-		if (group == NULL)

-			goto err;

-		if (EC_KEY_set_group(to->pkey.ec, group) == 0)

-			goto err;

-		EC_GROUP_free(group);

-		}

-#endif

-	return(1);

-err:

-	return(0);

-	}

-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)

-	{

-#ifndef OPENSSL_NO_DSA

-	if (pkey->type == EVP_PKEY_DSA)

-		{

-		DSA *dsa;

-		dsa=pkey->pkey.dsa;

-		if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))

-			return(1);

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	if (pkey->type == EVP_PKEY_EC)

-		{

-		if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)

-			return(1);

-		}

-#endif

-	return(0);

-	}

-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)

-	{

-#ifndef OPENSSL_NO_DSA

-	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))

-		{

-		if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||

-			BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||

-			BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))

-			return(0);

-		else

-			return(1);

-		}

-#endif

-#ifndef OPENSSL_NO_EC

-	if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)

-		{

-		const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),

-		               *group_b = EC_KEY_get0_group(b->pkey.ec);

-		if (EC_GROUP_cmp(group_a, group_b, NULL))

-			return 0;

-		else

-			return 1;

-		}

-#endif

-	return(-1);

-	}

-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)

-	{

-	if (a->type != b->type)

-		return -1;

-	if (EVP_PKEY_cmp_parameters(a, b) == 0)

-		return 0;

-	switch (a->type)

-		{

-#ifndef OPENSSL_NO_RSA

-	case EVP_PKEY_RSA:

-		if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0

-			|| BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)

-			return 0;

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-	case EVP_PKEY_DSA:

-		if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)

-			return 0;

-		break;

-#endif

-#ifndef OPENSSL_NO_EC

-	case EVP_PKEY_EC:

-		{

-		int  r;

-		const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);

-		const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),

-		               *pb = EC_KEY_get0_public_key(b->pkey.ec);

-		r = EC_POINT_cmp(group, pa, pb, NULL);

-		if (r != 0)

-			{

-			if (r == 1)

-				return 0;

-			else

-				return -2;

-			}

-		}

- 		break;

-#endif

-#ifndef OPENSSL_NO_DH

-	case EVP_PKEY_DH:

-		return -2;

-#endif

-	default:

-		return -2;

-		}

-	return 1;

-	}

-EVP_PKEY *EVP_PKEY_new(void)

-	{

-	EVP_PKEY *ret;

-	ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));

-	if (ret == NULL)

-		{

-		EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	ret->type=EVP_PKEY_NONE;

-	ret->references=1;

-	ret->pkey.ptr=NULL;

-	ret->attributes=NULL;

-	ret->save_parameters=1;

-	return(ret);

-	}

-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)

-	{

-	if (pkey == NULL) return(0);

-	if (pkey->pkey.ptr != NULL)

-		EVP_PKEY_free_it(pkey);

-	pkey->type=EVP_PKEY_type(type);

-	pkey->save_type=type;

-	pkey->pkey.ptr=key;

-	return(key != NULL);

-	}

-#ifndef OPENSSL_NO_RSA

-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)

-{

-	int ret = EVP_PKEY_assign_RSA(pkey, key);

-	if(ret)

-		RSA_up_ref(key);

-	return ret;

-}

-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)

-	{

-	if(pkey->type != EVP_PKEY_RSA) {

-		EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);

-		return NULL;

-	}

-	RSA_up_ref(pkey->pkey.rsa);

-	return pkey->pkey.rsa;

-}

-#endif

-#ifndef OPENSSL_NO_DSA

-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)

-{

-	int ret = EVP_PKEY_assign_DSA(pkey, key);

-	if(ret)

-		DSA_up_ref(key);

-	return ret;

-}

-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)

-	{

-	if(pkey->type != EVP_PKEY_DSA) {

-		EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);

-		return NULL;

-	}

-	DSA_up_ref(pkey->pkey.dsa);

-	return pkey->pkey.dsa;

-}

-#endif

-#ifndef OPENSSL_NO_EC

-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)

-{

-	int ret = EVP_PKEY_assign_EC_KEY(pkey,key);

-	if (ret)

-		EC_KEY_up_ref(key);

-	return ret;

-}

-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)

-{

-	if (pkey->type != EVP_PKEY_EC)

-	{

-		EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);

-		return NULL;

-	}

-	EC_KEY_up_ref(pkey->pkey.ec);

-	return pkey->pkey.ec;

-}

-#endif

-#ifndef OPENSSL_NO_DH

-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)

-{

-	int ret = EVP_PKEY_assign_DH(pkey, key);

-	if(ret)

-		DH_up_ref(key);

-	return ret;

-}

-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)

-	{

-	if(pkey->type != EVP_PKEY_DH) {

-		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);

-		return NULL;

-	}

-	DH_up_ref(pkey->pkey.dh);

-	return pkey->pkey.dh;

-}

-#endif

-int EVP_PKEY_type(int type)

-	{

-	switch (type)

-		{

-	case EVP_PKEY_RSA:

-	case EVP_PKEY_RSA2:

-		return(EVP_PKEY_RSA);

-	case EVP_PKEY_DSA:

-	case EVP_PKEY_DSA1:

-	case EVP_PKEY_DSA2:

-	case EVP_PKEY_DSA3:

-	case EVP_PKEY_DSA4:

-		return(EVP_PKEY_DSA);

-	case EVP_PKEY_DH:

-		return(EVP_PKEY_DH);

-	case EVP_PKEY_EC:

-		return(EVP_PKEY_EC);

-	default:

-		return(NID_undef);

-		}

-	}

-void EVP_PKEY_free(EVP_PKEY *x)

-	{

-	int i;

-	if (x == NULL) return;

-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",x);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"EVP_PKEY_free, bad reference count\n");

-		abort();

-		}

-#endif

-	EVP_PKEY_free_it(x);

-	if (x->attributes)

-		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);

-	OPENSSL_free(x);

-	}

-static void EVP_PKEY_free_it(EVP_PKEY *x)

-	{

-	switch (x->type)

-		{

-#ifndef OPENSSL_NO_RSA

-	case EVP_PKEY_RSA:

-	case EVP_PKEY_RSA2:

-		RSA_free(x->pkey.rsa);

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-	case EVP_PKEY_DSA:

-	case EVP_PKEY_DSA2:

-	case EVP_PKEY_DSA3:

-	case EVP_PKEY_DSA4:

-		DSA_free(x->pkey.dsa);

-		break;

-#endif

-#ifndef OPENSSL_NO_EC

-	case EVP_PKEY_EC:

-		EC_KEY_free(x->pkey.ec);

-		break;

-#endif

-#ifndef OPENSSL_NO_DH

-	case EVP_PKEY_DH:

-		DH_free(x->pkey.dh);

-		break;

-#endif

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/p_open.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/evp/p_open.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_RSA

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/rsa.h>

-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

-	const unsigned char *ek, int ekl, const unsigned char *iv,

-	EVP_PKEY *priv)

-	{

-	unsigned char *key=NULL;

-	int i,size=0,ret=0;

-	if(type) {

-		EVP_CIPHER_CTX_init(ctx);

-		if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;

-	}

-	if(!priv) return 1;

-	if (priv->type != EVP_PKEY_RSA)

-		{

-		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);

-		goto err;

-                }

-	size=RSA_size(priv->pkey.rsa);

-	key=(unsigned char *)OPENSSL_malloc(size+2);

-	if (key == NULL)

-		{

-		/* ERROR */

-		EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	i=EVP_PKEY_decrypt(key,ek,ekl,priv);

-	if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))

-		{

-		/* ERROR */

-		goto err;

-		}

-	if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;

-	ret=1;

-err:

-	if (key != NULL) OPENSSL_cleanse(key,size);

-	OPENSSL_free(key);

-	return(ret);

-	}

-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int i;

-	i=EVP_DecryptFinal_ex(ctx,out,outl);

-	EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);

-	return(i);

-	}

-#else /* !OPENSSL_NO_RSA */

-# ifdef PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/evp/p_seal.c

+++ /dev/null

@@ -1,115 +1,0 @@

-/* crypto/evp/p_seal.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,

-	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)

-	{

-	unsigned char key[EVP_MAX_KEY_LENGTH];

-	int i;

-	if(type) {

-		EVP_CIPHER_CTX_init(ctx);

-		if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;

-	}

-	if ((npubk <= 0) || !pubk)

-		return 1;

-	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)

-		return 0;

-	if (EVP_CIPHER_CTX_iv_length(ctx))

-		RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));

-	if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;

-	for (i=0; i<npubk; i++)

-		{

-		ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),

-			pubk[i]);

-		if (ekl[i] <= 0) return(-1);

-		}

-	return(npubk);

-	}

-/* MACRO

-void EVP_SealUpdate(ctx,out,outl,in,inl)

-EVP_CIPHER_CTX *ctx;

-unsigned char *out;

-int *outl;

-unsigned char *in;

-int inl;

-	{

-	EVP_EncryptUpdate(ctx,out,outl,in,inl);

-	}

-*/

-int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)

-	{

-	int i;

-	i = EVP_EncryptFinal_ex(ctx,out,outl);

-	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);

-	return i;

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/p_sign.c

+++ /dev/null

@@ -1,114 +1,0 @@

-/* crypto/evp/p_sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#ifdef undef

-void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)

-	{

-	EVP_DigestInit_ex(ctx,type);

-	}

-void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,

-	     unsigned int count)

-	{

-	EVP_DigestUpdate(ctx,data,count);

-	}

-#endif

-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,

-	     EVP_PKEY *pkey)

-	{

-	unsigned char m[EVP_MAX_MD_SIZE];

-	unsigned int m_len;

-	int i,ok=0,v;

-	MS_STATIC EVP_MD_CTX tmp_ctx;

-	*siglen=0;

-	EVP_MD_CTX_init(&tmp_ctx);

-	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);

-	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);

-	EVP_MD_CTX_cleanup(&tmp_ctx);

-	for (i=0; i<4; i++)

-		{

-		v=ctx->digest->required_pkey_type[i];

-		if (v == 0) break;

-		if (pkey->type == v)

-			{

-			ok=1;

-			break;

-			}

-		}

-	if (!ok)

-		{

-		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);

-		return(0);

-		}

-	if (ctx->digest->sign == NULL)

-		{

-		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);

-		return(0);

-		}

-	return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,

-		pkey->pkey.ptr));

-	}

--- a/sys/src/ape/lib/openssl/crypto/evp/p_verify.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/evp/p_verify.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,

-	     unsigned int siglen, EVP_PKEY *pkey)

-	{

-	unsigned char m[EVP_MAX_MD_SIZE];

-	unsigned int m_len;

-	int i,ok=0,v;

-	MS_STATIC EVP_MD_CTX tmp_ctx;

-	for (i=0; i<4; i++)

-		{

-		v=ctx->digest->required_pkey_type[i];

-		if (v == 0) break;

-		if (pkey->type == v)

-			{

-			ok=1;

-			break;

-			}

-		}

-	if (!ok)

-		{

-		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);

-		return(-1);

-		}

-	EVP_MD_CTX_init(&tmp_ctx);

-	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);

-	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);

-	EVP_MD_CTX_cleanup(&tmp_ctx);

-        if (ctx->digest->verify == NULL)

-                {

-		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);

-		return(0);

-		}

-	return(ctx->digest->verify(ctx->digest->type,m,m_len,

-		sigbuf,siglen,pkey->pkey.ptr));

-	}

--- a/sys/src/ape/lib/openssl/crypto/ex_data.c

+++ /dev/null

@@ -1,632 +1,0 @@

-/* crypto/ex_data.c */

-/*

- * Overhaul notes;

- *

- * This code is now *mostly* thread-safe. It is now easier to understand in what

- * ways it is safe and in what ways it is not, which is an improvement. Firstly,

- * all per-class stacks and index-counters for ex_data are stored in the same

- * global LHASH table (keyed by class). This hash table uses locking for all

- * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be

- * called when no other threads can possibly race against it (even if it was

- * locked, the race would mean it's possible the hash table might have been

- * recreated after the cleanup). As classes can only be added to the hash table,

- * and within each class, the stack of methods can only be incremented, the

- * locking mechanics are simpler than they would otherwise be. For example, the

- * new/dup/free ex_data functions will lock the hash table, copy the method

- * pointers it needs from the relevant class, then unlock the hash table before

- * actually applying those method pointers to the task of the new/dup/free

- * operations. As they can't be removed from the method-stack, only

- * supplemented, there's no race conditions associated with using them outside

- * the lock. The get/set_ex_data functions are not locked because they do not

- * involve this global state at all - they operate directly with a previously

- * obtained per-class method index and a particular "ex_data" variable. These

- * variables are usually instantiated per-context (eg. each RSA structure has

- * one) so locking on read/write access to that variable can be locked locally

- * if required (eg. using the "RSA" lock to synchronise access to a

- * per-RSA-structure ex_data variable if required).

- * [Geoff]

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-/* What an "implementation of ex_data functionality" looks like */

-struct st_CRYPTO_EX_DATA_IMPL

-	{

-	/*********************/

-	/* GLOBAL OPERATIONS */

-	/* Return a new class index */

-	int (*cb_new_class)(void);

-	/* Cleanup all state used by the implementation */

-	void (*cb_cleanup)(void);

-	/************************/

-	/* PER-CLASS OPERATIONS */

-	/* Get a new method index within a class */

-	int (*cb_get_new_index)(int class_index, long argl, void *argp,

-			CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-			CRYPTO_EX_free *free_func);

-	/* Initialise a new CRYPTO_EX_DATA of a given class */

-	int (*cb_new_ex_data)(int class_index, void *obj,

-			CRYPTO_EX_DATA *ad);

-	/* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */

-	int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,

-			CRYPTO_EX_DATA *from);

-	/* Cleanup a CRYPTO_EX_DATA of a given class */

-	void (*cb_free_ex_data)(int class_index, void *obj,

-			CRYPTO_EX_DATA *ad);

-	};

-/* The implementation we use at run-time */

-static const CRYPTO_EX_DATA_IMPL *impl = NULL;

-/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.

- * EX_IMPL(get_new_index)(...); */

-#define EX_IMPL(a) impl->cb_##a

-/* Predeclare the "default" ex_data implementation */

-static int int_new_class(void);

-static void int_cleanup(void);

-static int int_get_new_index(int class_index, long argl, void *argp,

-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-		CRYPTO_EX_free *free_func);

-static int int_new_ex_data(int class_index, void *obj,

-		CRYPTO_EX_DATA *ad);

-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,

-		CRYPTO_EX_DATA *from);

-static void int_free_ex_data(int class_index, void *obj,

-		CRYPTO_EX_DATA *ad);

-static CRYPTO_EX_DATA_IMPL impl_default =

-	{

-	int_new_class,

-	int_cleanup,

-	int_get_new_index,

-	int_new_ex_data,

-	int_dup_ex_data,

-	int_free_ex_data

-	};

-/* Internal function that checks whether "impl" is set and if not, sets it to

- * the default. */

-static void impl_check(void)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);

-	if(!impl)

-		impl = &impl_default;

-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);

-	}

-/* A macro wrapper for impl_check that first uses a non-locked test before

- * invoking the function (which checks again inside a lock). */

-#define IMPL_CHECK if(!impl) impl_check();

-/* API functions to get/set the "ex_data" implementation */

-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)

-	{

-	IMPL_CHECK

-	return impl;

-	}

-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)

-	{

-	int toret = 0;

-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);

-	if(!impl)

-		{

-		impl = i;

-		toret = 1;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);

-	return toret;

-	}

-/****************************************************************************/

-/* Interal (default) implementation of "ex_data" support. API functions are

- * further down. */

-/* The type that represents what each "class" used to implement locally. A STACK

- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global

- * value representing the class that is used to distinguish these items. */

-typedef struct st_ex_class_item {

-	int class_index;

-	STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;

-	int meth_num;

-} EX_CLASS_ITEM;

-/* When assigning new class indexes, this is our counter */

-static int ex_class = CRYPTO_EX_INDEX_USER;

-/* The global hash table of EX_CLASS_ITEM items */

-static LHASH *ex_data = NULL;

-/* The callbacks required in the "ex_data" hash table */

-static unsigned long ex_hash_cb(const void *a_void)

-	{

-	return ((const EX_CLASS_ITEM *)a_void)->class_index;

-	}

-static int ex_cmp_cb(const void *a_void, const void *b_void)

-	{

-	return (((const EX_CLASS_ITEM *)a_void)->class_index -

-		((const EX_CLASS_ITEM *)b_void)->class_index);

-	}

-/* Internal functions used by the "impl_default" implementation to access the

- * state */

-static int ex_data_check(void)

-	{

-	int toret = 1;

-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);

-	if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))

-		toret = 0;

-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);

-	return toret;

-	}

-/* This macros helps reduce the locking from repeated checks because the

- * ex_data_check() function checks ex_data again inside a lock. */

-#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}

-/* This "inner" callback is used by the callback function that follows it */

-static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)

-	{

-	OPENSSL_free(funcs);

-	}

-/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from

- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do

- * any locking. */

-static void def_cleanup_cb(void *a_void)

-	{

-	EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;

-	sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);

-	OPENSSL_free(item);

-	}

-/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a

- * given class. Handles locking. */

-static EX_CLASS_ITEM *def_get_class(int class_index)

-	{

-	EX_CLASS_ITEM d, *p, *gen;

-	EX_DATA_CHECK(return NULL;)

-	d.class_index = class_index;

-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);

-	p = lh_retrieve(ex_data, &d);

-	if(!p)

-		{

-		gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));

-		if(gen)

-			{

-			gen->class_index = class_index;

-			gen->meth_num = 0;

-			gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();

-			if(!gen->meth)

-				OPENSSL_free(gen);

-			else

-				{

-				/* Because we're inside the ex_data lock, the

-				 * return value from the insert will be NULL */

-				lh_insert(ex_data, gen);

-				p = gen;

-				}

-			}

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);

-	if(!p)

-		CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);

-	return p;

-	}

-/* Add a new method to the given EX_CLASS_ITEM and return the corresponding

- * index (or -1 for error). Handles locking. */

-static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,

-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-		CRYPTO_EX_free *free_func)

-	{

-	int toret = -1;

-	CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(

-					sizeof(CRYPTO_EX_DATA_FUNCS));

-	if(!a)

-		{

-		CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);

-		return -1;

-		}

-	a->argl=argl;

-	a->argp=argp;

-	a->new_func=new_func;

-	a->dup_func=dup_func;

-	a->free_func=free_func;

-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);

-	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)

-		{

-		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))

-			{

-			CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);

-			OPENSSL_free(a);

-			goto err;

-			}

-		}

-	toret = item->meth_num++;

-	(void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);

-err:

-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);

-	return toret;

-	}

-/**************************************************************/

-/* The functions in the default CRYPTO_EX_DATA_IMPL structure */

-static int int_new_class(void)

-	{

-	int toret;

-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);

-	toret = ex_class++;

-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);

-	return toret;

-	}

-static void int_cleanup(void)

-	{

-	EX_DATA_CHECK(return;)

-	lh_doall(ex_data, def_cleanup_cb);

-	lh_free(ex_data);

-	ex_data = NULL;

-	impl = NULL;

-	}

-static int int_get_new_index(int class_index, long argl, void *argp,

-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-		CRYPTO_EX_free *free_func)

-	{

-	EX_CLASS_ITEM *item = def_get_class(class_index);

-	if(!item)

-		return -1;

-	return def_add_index(item, argl, argp, new_func, dup_func, free_func);

-	}

-/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in

- * the lock, then using them outside the lock. NB: Thread-safety only applies to

- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'

- * itself. */

-static int int_new_ex_data(int class_index, void *obj,

-		CRYPTO_EX_DATA *ad)

-	{

-	int mx,i;

-	void *ptr;

-	CRYPTO_EX_DATA_FUNCS **storage = NULL;

-	EX_CLASS_ITEM *item = def_get_class(class_index);

-	if(!item)

-		/* error is already set */

-		return 0;

-	ad->sk = NULL;

-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);

-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);

-	if(mx > 0)

-		{

-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));

-		if(!storage)

-			goto skip;

-		for(i = 0; i < mx; i++)

-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);

-		}

-skip:

-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);

-	if((mx > 0) && !storage)

-		{

-		CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	for(i = 0; i < mx; i++)

-		{

-		if(storage[i] && storage[i]->new_func)

-			{

-			ptr = CRYPTO_get_ex_data(ad, i);

-			storage[i]->new_func(obj,ptr,ad,i,

-				storage[i]->argl,storage[i]->argp);

-			}

-		}

-	if(storage)

-		OPENSSL_free(storage);

-	return 1;

-	}

-/* Same thread-safety notes as for "int_new_ex_data" */

-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,

-		CRYPTO_EX_DATA *from)

-	{

-	int mx, j, i;

-	char *ptr;

-	CRYPTO_EX_DATA_FUNCS **storage = NULL;

-	EX_CLASS_ITEM *item;

-	if(!from->sk)

-		/* 'to' should be "blank" which *is* just like 'from' */

-		return 1;

-	if((item = def_get_class(class_index)) == NULL)

-		return 0;

-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);

-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);

-	j = sk_num(from->sk);

-	if(j < mx)

-		mx = j;

-	if(mx > 0)

-		{

-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));

-		if(!storage)

-			goto skip;

-		for(i = 0; i < mx; i++)

-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);

-		}

-skip:

-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);

-	if((mx > 0) && !storage)

-		{

-		CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	for(i = 0; i < mx; i++)

-		{

-		ptr = CRYPTO_get_ex_data(from, i);

-		if(storage[i] && storage[i]->dup_func)

-			storage[i]->dup_func(to,from,&ptr,i,

-				storage[i]->argl,storage[i]->argp);

-		CRYPTO_set_ex_data(to,i,ptr);

-		}

-	if(storage)

-		OPENSSL_free(storage);

-	return 1;

-	}

-/* Same thread-safety notes as for "int_new_ex_data" */

-static void int_free_ex_data(int class_index, void *obj,

-		CRYPTO_EX_DATA *ad)

-	{

-	int mx,i;

-	EX_CLASS_ITEM *item;

-	void *ptr;

-	CRYPTO_EX_DATA_FUNCS **storage = NULL;

-	if((item = def_get_class(class_index)) == NULL)

-		return;

-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);

-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);

-	if(mx > 0)

-		{

-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));

-		if(!storage)

-			goto skip;

-		for(i = 0; i < mx; i++)

-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);

-		}

-skip:

-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);

-	if((mx > 0) && !storage)

-		{

-		CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);

-		return;

-		}

-	for(i = 0; i < mx; i++)

-		{

-		if(storage[i] && storage[i]->free_func)

-			{

-			ptr = CRYPTO_get_ex_data(ad,i);

-			storage[i]->free_func(obj,ptr,ad,i,

-				storage[i]->argl,storage[i]->argp);

-			}

-		}

-	if(storage)

-		OPENSSL_free(storage);

-	if(ad->sk)

-		{

-		sk_free(ad->sk);

-		ad->sk=NULL;

-		}

-	}

-/********************************************************************/

-/* API functions that defer all "state" operations to the "ex_data"

- * implementation we have set. */

-/* Obtain an index for a new class (not the same as getting a new index within

- * an existing class - this is actually getting a new *class*) */

-int CRYPTO_ex_data_new_class(void)

-	{

-	IMPL_CHECK

-	return EX_IMPL(new_class)();

-	}

-/* Release all "ex_data" state to prevent memory leaks. This can't be made

- * thread-safe without overhauling a lot of stuff, and shouldn't really be

- * called under potential race-conditions anyway (it's for program shutdown

- * after all). */

-void CRYPTO_cleanup_all_ex_data(void)

-	{

-	IMPL_CHECK

-	EX_IMPL(cleanup)();

-	}

-/* Inside an existing class, get/register a new index. */

-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,

-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,

-		CRYPTO_EX_free *free_func)

-	{

-	int ret = -1;

-	IMPL_CHECK

-	ret = EX_IMPL(get_new_index)(class_index,

-			argl, argp, new_func, dup_func, free_func);

-	return ret;

-	}

-/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including

- * calling new() callbacks for each index in the class used by this variable */

-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)

-	{

-	IMPL_CHECK

-	return EX_IMPL(new_ex_data)(class_index, obj, ad);

-	}

-/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for

- * each index in the class used by this variable */

-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,

-	     CRYPTO_EX_DATA *from)

-	{

-	IMPL_CHECK

-	return EX_IMPL(dup_ex_data)(class_index, to, from);

-	}

-/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for

- * each index in the class used by this variable */

-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)

-	{

-	IMPL_CHECK

-	EX_IMPL(free_ex_data)(class_index, obj, ad);

-	}

-/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a

- * particular index in the class used by this variable */

-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)

-	{

-	int i;

-	if (ad->sk == NULL)

-		{

-		if ((ad->sk=sk_new_null()) == NULL)

-			{

-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		}

-	i=sk_num(ad->sk);

-	while (i <= idx)

-		{

-		if (!sk_push(ad->sk,NULL))

-			{

-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		i++;

-		}

-	sk_set(ad->sk,idx,val);

-	return(1);

-	}

-/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a

- * particular index in the class used by this variable */

-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)

-	{

-	if (ad->sk == NULL)

-		return(0);

-	else if (idx >= sk_num(ad->sk))

-		return(0);

-	else

-		return(sk_value(ad->sk,idx));

-	}

-IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)

--- a/sys/src/ape/lib/openssl/crypto/hmac/Makefile

+++ /dev/null

@@ -1,85 +1,0 @@

-#

-# OpenSSL/crypto/md/Makefile

-#

-DIR=	hmac

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=hmactest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=hmac.c

-LIBOBJ=hmac.o

-SRC= $(LIBSRC)

-EXHEADER= hmac.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h

-hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c

--- a/sys/src/ape/lib/openssl/crypto/hmac/hmac.c

+++ /dev/null

@@ -1,173 +1,0 @@

-/* crypto/hmac/hmac.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/hmac.h>

-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,

-		  const EVP_MD *md, ENGINE *impl)

-	{

-	int i,j,reset=0;

-	unsigned char pad[HMAC_MAX_MD_CBLOCK];

-	if (md != NULL)

-		{

-		reset=1;

-		ctx->md=md;

-		}

-	else

-		md=ctx->md;

-	if (key != NULL)

-		{

-		reset=1;

-		j=EVP_MD_block_size(md);

-		OPENSSL_assert(j <= (int)sizeof(ctx->key));

-		if (j < len)

-			{

-			EVP_DigestInit_ex(&ctx->md_ctx,md, impl);

-			EVP_DigestUpdate(&ctx->md_ctx,key,len);

-			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,

-				&ctx->key_length);

-			}

-		else

-			{

-			OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key));

-			memcpy(ctx->key,key,len);

-			ctx->key_length=len;

-			}

-		if(ctx->key_length != HMAC_MAX_MD_CBLOCK)

-			memset(&ctx->key[ctx->key_length], 0,

-				HMAC_MAX_MD_CBLOCK - ctx->key_length);

-		}

-	if (reset)

-		{

-		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)

-			pad[i]=0x36^ctx->key[i];

-		EVP_DigestInit_ex(&ctx->i_ctx,md, impl);

-		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));

-		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)

-			pad[i]=0x5c^ctx->key[i];

-		EVP_DigestInit_ex(&ctx->o_ctx,md, impl);

-		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));

-		}

-	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);

-	}

-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,

-	       const EVP_MD *md)

-	{

-	if(key && md)

-	    HMAC_CTX_init(ctx);

-	HMAC_Init_ex(ctx,key,len,md, NULL);

-	}

-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)

-	{

-	EVP_DigestUpdate(&ctx->md_ctx,data,len);

-	}

-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)

-	{

-	int j;

-	unsigned int i;

-	unsigned char buf[EVP_MAX_MD_SIZE];

-	j=EVP_MD_block_size(ctx->md);

-	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);

-	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);

-	EVP_DigestUpdate(&ctx->md_ctx,buf,i);

-	EVP_DigestFinal_ex(&ctx->md_ctx,md,len);

-	}

-void HMAC_CTX_init(HMAC_CTX *ctx)

-	{

-	EVP_MD_CTX_init(&ctx->i_ctx);

-	EVP_MD_CTX_init(&ctx->o_ctx);

-	EVP_MD_CTX_init(&ctx->md_ctx);

-	}

-void HMAC_CTX_cleanup(HMAC_CTX *ctx)

-	{

-	EVP_MD_CTX_cleanup(&ctx->i_ctx);

-	EVP_MD_CTX_cleanup(&ctx->o_ctx);

-	EVP_MD_CTX_cleanup(&ctx->md_ctx);

-	memset(ctx,0,sizeof *ctx);

-	}

-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,

-		    const unsigned char *d, size_t n, unsigned char *md,

-		    unsigned int *md_len)

-	{

-	HMAC_CTX c;

-	static unsigned char m[EVP_MAX_MD_SIZE];

-	if (md == NULL) md=m;

-	HMAC_CTX_init(&c);

-	HMAC_Init(&c,key,key_len,evp_md);

-	HMAC_Update(&c,d,n);

-	HMAC_Final(&c,md,md_len);

-	HMAC_CTX_cleanup(&c);

-	return(md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/hmac/hmac.h

+++ /dev/null

@@ -1,108 +1,0 @@

-/* crypto/hmac/hmac.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_HMAC_H

-#define HEADER_HMAC_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_HMAC

-#error HMAC is disabled.

-#endif

-#include <openssl/evp.h>

-#define HMAC_MAX_MD_CBLOCK	128	/* largest known is SHA512 */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct hmac_ctx_st

-	{

-	const EVP_MD *md;

-	EVP_MD_CTX md_ctx;

-	EVP_MD_CTX i_ctx;

-	EVP_MD_CTX o_ctx;

-	unsigned int key_length;

-	unsigned char key[HMAC_MAX_MD_CBLOCK];

-	} HMAC_CTX;

-#define HMAC_size(e)	(EVP_MD_size((e)->md))

-void HMAC_CTX_init(HMAC_CTX *ctx);

-void HMAC_CTX_cleanup(HMAC_CTX *ctx);

-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */

-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,

-	       const EVP_MD *md); /* deprecated */

-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,

-		  const EVP_MD *md, ENGINE *impl);

-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);

-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,

-		    const unsigned char *d, size_t n, unsigned char *md,

-		    unsigned int *md_len);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/hmac/hmactest.c

+++ /dev/null

@@ -1,175 +1,0 @@

-/* crypto/hmac/hmactest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_HMAC

-int main(int argc, char *argv[])

-{

-    printf("No HMAC support\n");

-    return(0);

-}

-#else

-#include <openssl/hmac.h>

-#ifndef OPENSSL_NO_MD5

-#include <openssl/md5.h>

-#endif

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-#ifndef OPENSSL_NO_MD5

-static struct test_st

-	{

-	unsigned char key[16];

-	int key_len;

-	unsigned char data[64];

-	int data_len;

-	unsigned char *digest;

-	} test[4]={

-	{	"",

-		0,

-		"More text test vectors to stuff up EBCDIC machines :-)",

-		54,

-		(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",

-	},{	{0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,

-		 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},

-		16,

-		"Hi There",

-		8,

-		(unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",

-	},{	"Jefe",

-		4,

-		"what do ya want for nothing?",

-		28,

-		(unsigned char *)"750c783e6ab0b503eaa86e310a5db738",

-	},{

-		{0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,

-		 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},

-		16,

-		{0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,

-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,

-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,

-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,

-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,

-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,

-		 0xdd,0xdd},

-		50,

-		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",

-	},

-	};

-#endif

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-#ifndef OPENSSL_NO_MD5

-	int i;

-	char *p;

-#endif

-	int err=0;

-#ifdef OPENSSL_NO_MD5

-	printf("test skipped: MD5 disabled\n");

-#else

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);

-	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);

-	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);

-	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);

-#endif

-	for (i=0; i<4; i++)

-		{

-		p=pt(HMAC(EVP_md5(),

-			test[i].key, test[i].key_len,

-			test[i].data, test[i].data_len,

-			NULL,NULL));

-		if (strcmp(p,(char *)test[i].digest) != 0)

-			{

-			printf("error calculating HMAC on %d entry'\n",i);

-			printf("got %s instead of %s\n",p,test[i].digest);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		}

-#endif /* OPENSSL_NO_MD5 */

-	EXIT(err);

-	return(0);

-	}

-#ifndef OPENSSL_NO_MD5

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<MD5_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ia64cpuid.S

+++ /dev/null

@@ -1,121 +1,0 @@

-// Works on all IA-64 platforms: Linux, HP-UX, Win64i...

-// On Win64i compile with ias.exe.

-.text

-.global	OPENSSL_rdtsc#

-.proc	OPENSSL_rdtsc#

-OPENSSL_rdtsc:

-{ .mib;	mov			r8=ar.itc

-	br.ret.sptk.many	b0		};;

-.endp   OPENSSL_rdtsc#

-.global	OPENSSL_atomic_add#

-.proc	OPENSSL_atomic_add#

-.align	32

-OPENSSL_atomic_add:

-{ .mii;	ld4		r2=[r32]

-	nop.i		0

-	nop.i		0		};;

-.Lspin:

-{ .mii;	mov		ar.ccv=r2

-	add		r8=r2,r33

-	mov		r3=r2		};;

-{ .mmi;	mf

-	cmpxchg4.acq	r2=[r32],r8,ar.ccv

-	nop.i		0		};;

-{ .mib;	cmp.ne		p6,p0=r2,r3

-	nop.i		0

-(p6)	br.dpnt		.Lspin		};;

-{ .mib;	nop.m		0

-	sxt4		r8=r8

-	br.ret.sptk.many	b0	};;

-.endp	OPENSSL_atomic_add#

-// Returns a structure comprising pointer to the top of stack of

-// the caller and pointer beyond backing storage for the current

-// register frame. The latter is required, because it might be

-// insufficient to wipe backing storage for the current frame

-// (as this procedure does), one might have to go further, toward

-// higher addresses to reach for whole "retroactively" saved

-// context...

-.global	OPENSSL_wipe_cpu#

-.proc	OPENSSL_wipe_cpu#

-.align	32

-OPENSSL_wipe_cpu:

-	.prologue

-	.fframe	0

-	.save	ar.pfs,r2

-	.save	ar.lc,r3

-{ .mib;	alloc		r2=ar.pfs,0,96,0,96

-	mov		r3=ar.lc

-	brp.loop.imp	.L_wipe_top,.L_wipe_end-16

-					};;

-{ .mii;	mov		r9=ar.bsp

-	mov		r8=pr

-	mov		ar.lc=96	};;

-	.body

-{ .mii;	add		r9=96*8-8,r9

-	mov		ar.ec=1		};;

-// One can sweep double as fast, but then we can't quarantee

-// that backing storage is wiped...

-.L_wipe_top:

-{ .mfi;	st8		[r9]=r0,-8

-	mov		f127=f0

-	mov		r127=r0		}

-{ .mfb;	nop.m		0

-	nop.f		0

-	br.ctop.sptk	.L_wipe_top	};;

-.L_wipe_end:

-{ .mfi;	mov		r11=r0

-	mov		f6=f0

-	mov		r14=r0		}

-{ .mfi;	mov		r15=r0

-	mov		f7=f0

-	mov		r16=r0		}

-{ .mfi;	mov		r17=r0

-	mov		f8=f0

-	mov		r18=r0		}

-{ .mfi;	mov		r19=r0

-	mov		f9=f0

-	mov		r20=r0		}

-{ .mfi;	mov		r21=r0

-	mov		f10=f0

-	mov		r22=r0		}

-{ .mfi;	mov		r23=r0

-	mov		f11=f0

-	mov		r24=r0		}

-{ .mfi;	mov		r25=r0

-	mov		f12=f0

-	mov		r26=r0		}

-{ .mfi;	mov		r27=r0

-	mov		f13=f0

-	mov		r28=r0		}

-{ .mfi;	mov		r29=r0

-	mov		f14=f0

-	mov		r30=r0		}

-{ .mfi;	mov		r31=r0

-	mov		f15=f0

-	nop.i		0		}

-{ .mfi;	mov		f16=f0		}

-{ .mfi;	mov		f17=f0		}

-{ .mfi;	mov		f18=f0		}

-{ .mfi;	mov		f19=f0		}

-{ .mfi;	mov		f20=f0		}

-{ .mfi;	mov		f21=f0		}

-{ .mfi;	mov		f22=f0		}

-{ .mfi;	mov		f23=f0		}

-{ .mfi;	mov		f24=f0		}

-{ .mfi;	mov		f25=f0		}

-{ .mfi;	mov		f26=f0		}

-{ .mfi;	mov		f27=f0		}

-{ .mfi;	mov		f28=f0		}

-{ .mfi;	mov		f29=f0		}

-{ .mfi;	mov		f30=f0		}

-{ .mfi;	add		r9=96*8+8,r9

-	mov		f31=f0

-	mov		pr=r8,0x1ffff	}

-{ .mib;	mov		r8=sp

-	mov		ar.lc=r3

-	br.ret.sptk	b0		};;

-.endp	OPENSSL_wipe_cpu#

--- a/sys/src/ape/lib/openssl/crypto/idea/Makefile

+++ /dev/null

@@ -1,86 +1,0 @@

-#

-# OpenSSL/crypto/idea/Makefile

-#

-DIR=	idea

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=ideatest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c

-LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o

-SRC= $(LIBSRC)

-EXHEADER= idea.h

-HEADER=	idea_lcl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h

-i_cbc.o: i_cbc.c idea_lcl.h

-i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h

-i_cfb64.o: i_cfb64.c idea_lcl.h

-i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h

-i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h

-i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h

-i_ofb64.o: i_ofb64.c idea_lcl.h

-i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h

-i_skey.o: i_skey.c idea_lcl.h

--- a/sys/src/ape/lib/openssl/crypto/idea/i_cbc.c

+++ /dev/null

@@ -1,168 +1,0 @@

-/* crypto/idea/i_cbc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/idea.h>

-#include "idea_lcl.h"

-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt)

-	{

-	register unsigned long tin0,tin1;

-	register unsigned long tout0,tout1,xor0,xor1;

-	register long l=length;

-	unsigned long tin[2];

-	if (encrypt)

-		{

-		n2l(iv,tout0);

-		n2l(iv,tout1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0);

-			n2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			idea_encrypt(tin,ks);

-			tout0=tin[0]; l2n(tout0,out);

-			tout1=tin[1]; l2n(tout1,out);

-			}

-		if (l != -8)

-			{

-			n2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			idea_encrypt(tin,ks);

-			tout0=tin[0]; l2n(tout0,out);

-			tout1=tin[1]; l2n(tout1,out);

-			}

-		l2n(tout0,iv);

-		l2n(tout1,iv);

-		}

-	else

-		{

-		n2l(iv,xor0);

-		n2l(iv,xor1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			n2l(in,tin0); tin[0]=tin0;

-			n2l(in,tin1); tin[1]=tin1;

-			idea_encrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2n(tout0,out);

-			l2n(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			n2l(in,tin0); tin[0]=tin0;

-			n2l(in,tin1); tin[1]=tin1;

-			idea_encrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2nn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		l2n(xor0,iv);

-		l2n(xor1,iv);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

-void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)

-	{

-	register IDEA_INT *p;

-	register unsigned long x1,x2,x3,x4,t0,t1,ul;

-	x2=d[0];

-	x1=(x2>>16);

-	x4=d[1];

-	x3=(x4>>16);

-	p= &(key->data[0][0]);

-	E_IDEA(0);

-	E_IDEA(1);

-	E_IDEA(2);

-	E_IDEA(3);

-	E_IDEA(4);

-	E_IDEA(5);

-	E_IDEA(6);

-	E_IDEA(7);

-	x1&=0xffff;

-	idea_mul(x1,x1,*p,ul); p++;

-	t0= x3+ *(p++);

-	t1= x2+ *(p++);

-	x4&=0xffff;

-	idea_mul(x4,x4,*p,ul);

-	d[0]=(t0&0xffff)|((x1&0xffff)<<16);

-	d[1]=(x4&0xffff)|((t1&0xffff)<<16);

-	}

--- a/sys/src/ape/lib/openssl/crypto/idea/i_cfb64.c

+++ /dev/null

@@ -1,122 +1,0 @@

-/* crypto/idea/i_cfb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/idea.h>

-#include "idea_lcl.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, IDEA_KEY_SCHEDULE *schedule,

-			unsigned char *ivec, int *num, int encrypt)

-	{

-	register unsigned long v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned long ti[2];

-	unsigned char *iv,c,cc;

-	iv=(unsigned char *)ivec;

-	if (encrypt)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				n2l(iv,v0); ti[0]=v0;

-				n2l(iv,v1); ti[1]=v1;

-				idea_encrypt((unsigned long *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2n(t,iv);

-				t=ti[1]; l2n(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				n2l(iv,v0); ti[0]=v0;

-				n2l(iv,v1); ti[1]=v1;

-				idea_encrypt((unsigned long *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2n(t,iv);

-				t=ti[1]; l2n(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=t=c=cc=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/idea/i_ecb.c

+++ /dev/null

@@ -1,85 +1,0 @@

-/* crypto/idea/i_ecb.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/idea.h>

-#include "idea_lcl.h"

-#include <openssl/opensslv.h>

-const char IDEA_version[]="IDEA" OPENSSL_VERSION_PTEXT;

-const char *idea_options(void)

-	{

-	if (sizeof(short) != sizeof(IDEA_INT))

-		return("idea(int)");

-	else

-		return("idea(short)");

-	}

-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	     IDEA_KEY_SCHEDULE *ks)

-	{

-	unsigned long l0,l1,d[2];

-	n2l(in,l0); d[0]=l0;

-	n2l(in,l1); d[1]=l1;

-	idea_encrypt(d,ks);

-	l0=d[0]; l2n(l0,out);

-	l1=d[1]; l2n(l1,out);

-	l0=l1=d[0]=d[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/idea/i_ofb64.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/idea/i_ofb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/idea.h>

-#include "idea_lcl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			long length, IDEA_KEY_SCHEDULE *schedule,

-			unsigned char *ivec, int *num)

-	{

-	register unsigned long v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned char d[8];

-	register char *dp;

-	unsigned long ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv=(unsigned char *)ivec;

-	n2l(iv,v0);

-	n2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=(char *)d;

-	l2n(v0,dp);

-	l2n(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			idea_encrypt((unsigned long *)ti,schedule);

-			dp=(char *)d;

-			t=ti[0]; l2n(t,dp);

-			t=ti[1]; l2n(t,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-		v0=ti[0];

-		v1=ti[1];

-		iv=(unsigned char *)ivec;

-		l2n(v0,iv);

-		l2n(v1,iv);

-		}

-	t=v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/idea/i_skey.c

+++ /dev/null

@@ -1,157 +1,0 @@

-/* crypto/idea/i_skey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/idea.h>

-#include "idea_lcl.h"

-static IDEA_INT inverse(unsigned int xin);

-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)

-	{

-	int i;

-	register IDEA_INT *kt,*kf,r0,r1,r2;

-	kt= &(ks->data[0][0]);

-	n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]);

-	n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]);

-	kf=kt;

-	kt+=8;

-	for (i=0; i<6; i++)

-		{

-		r2= kf[1];

-		r1= kf[2];

-		*(kt++)= ((r2<<9) | (r1>>7))&0xffff;

-		r0= kf[3];

-		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;

-		r1= kf[4];

-		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;

-		r0= kf[5];

-		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;

-		r1= kf[6];

-		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;

-		r0= kf[7];

-		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;

-		r1= kf[0];

-		if (i >= 5) break;

-		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;

-		*(kt++)= ((r1<<9) | (r2>>7))&0xffff;

-		kf+=8;

-		}

-	}

-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)

-	{

-	int r;

-	register IDEA_INT *tp,t;

-	const IDEA_INT *fp;

-	tp= &(dk->data[0][0]);

-	fp= &(ek->data[8][0]);

-	for (r=0; r<9; r++)

-		{

-		*(tp++)=inverse(fp[0]);

-		*(tp++)=((int)(0x10000L-fp[2])&0xffff);

-		*(tp++)=((int)(0x10000L-fp[1])&0xffff);

-		*(tp++)=inverse(fp[3]);

-		if (r == 8) break;

-		fp-=6;

-		*(tp++)=fp[4];

-		*(tp++)=fp[5];

-		}

-	tp= &(dk->data[0][0]);

-	t=tp[1];

-	tp[1]=tp[2];

-	tp[2]=t;

-	t=tp[49];

-	tp[49]=tp[50];

-	tp[50]=t;

-	}

-/* taken directly from the 'paper' I'll have a look at it later */

-static IDEA_INT inverse(unsigned int xin)

-	{

-	long n1,n2,q,r,b1,b2,t;

-	if (xin == 0)

-		b2=0;

-	else

-		{

-		n1=0x10001;

-		n2=xin;

-		b2=1;

-		b1=0;

-		do	{

-			r=(n1%n2);

-			q=(n1-r)/n2;

-			if (r == 0)

-				{ if (b2 < 0) b2=0x10001+b2; }

-			else

-				{

-				n1=n2;

-				n2=r;

-				t=b2;

-				b2=b1-q*b2;

-				b1=t;

-				}

-			} while (r != 0);

-		}

-	return((IDEA_INT)b2);

-	}

--- a/sys/src/ape/lib/openssl/crypto/idea/idea.h

+++ /dev/null

@@ -1,100 +1,0 @@

-/* crypto/idea/idea.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_IDEA_H

-#define HEADER_IDEA_H

-#include <openssl/opensslconf.h> /* IDEA_INT, OPENSSL_NO_IDEA */

-#ifdef OPENSSL_NO_IDEA

-#error IDEA is disabled.

-#endif

-#define IDEA_ENCRYPT	1

-#define IDEA_DECRYPT	0

-#define IDEA_BLOCK	8

-#define IDEA_KEY_LENGTH	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct idea_key_st

-	{

-	IDEA_INT data[9][6];

-	} IDEA_KEY_SCHEDULE;

-const char *idea_options(void);

-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,

-	IDEA_KEY_SCHEDULE *ks);

-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);

-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);

-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);

-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,

-	int *num,int enc);

-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);

-void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/idea/idea_lcl.h

+++ /dev/null

@@ -1,215 +1,0 @@

-/* crypto/idea/idea_lcl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* The new form of this macro (check if the a*b == 0) was suggested by

- * Colin Plumb <[email protected]> */

-/* Removal of the inner if from from Wei Dai 24/4/96 */

-#define idea_mul(r,a,b,ul) \

-ul=(unsigned long)a*b; \

-if (ul != 0) \

-	{ \

-	r=(ul&0xffff)-(ul>>16); \

-	r-=((r)>>16); \

-	} \

-else \

-	r=(-(int)a-b+1); /* assuming a or b is 0 and in range */

-#ifdef undef

-#define idea_mul(r,a,b,ul,sl) \

-if (a == 0) r=(0x10001-b)&0xffff; \

-else if (b == 0) r=(0x10001-a)&0xffff; \

-else	{ \

-	ul=(unsigned long)a*b; \

-	sl=(ul&0xffff)-(ul>>16); \

-	if (sl <= 0) sl+=0x10001; \

-	r=sl; \

-	}

-#endif

-/*  7/12/95 - Many thanks to Rhys Weatherley <[email protected]>

- * for pointing out that I was assuming little endian

- * byte order for all quantities what idea

- * actually used bigendian.  No where in the spec does it mention

- * this, it is all in terms of 16 bit numbers and even the example

- * does not use byte streams for the input example :-(.

- * If you byte swap each pair of input, keys and iv, the functions

- * would produce the output as the old version :-(.

- */

-/* NOTE - c is not incremented as per n2l */

-#define n2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))    ; \

-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \

-			case 4: l1 =((unsigned long)(*(--(c))))    ; \

-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \

-				} \

-			}

-/* NOTE - c is not incremented as per l2n */

-#define l2nn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-				} \

-			}

-#undef n2l

-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \

-                         l|=((unsigned long)(*((c)++)))<<16L, \

-                         l|=((unsigned long)(*((c)++)))<< 8L, \

-                         l|=((unsigned long)(*((c)++))))

-#undef l2n

-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)     )&0xff))

-#undef s2n

-#define s2n(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff))

-#undef n2s

-#define n2s(c,l)	(l =((IDEA_INT)(*((c)++)))<< 8L, \

-			 l|=((IDEA_INT)(*((c)++)))      )

-#ifdef undef

-/* NOTE - c is not incremented as per c2l */

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))<<24; \

-			case 7: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 5: l2|=((unsigned long)(*(--(c))));     \

-			case 4: l1 =((unsigned long)(*(--(c))))<<24; \

-			case 3: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 1: l1|=((unsigned long)(*(--(c))));     \

-				} \

-			}

-/* NOTE - c is not incremented as per l2c */

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-				} \

-			}

-#undef c2s

-#define c2s(c,l)	(l =((unsigned long)(*((c)++)))    , \

-			 l|=((unsigned long)(*((c)++)))<< 8L)

-#undef s2c

-#define s2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff))

-#undef c2l

-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))     , \

-			 l|=((unsigned long)(*((c)++)))<< 8L, \

-			 l|=((unsigned long)(*((c)++)))<<16L, \

-			 l|=((unsigned long)(*((c)++)))<<24L)

-#undef l2c

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

-#endif

-#define E_IDEA(num) \

-	x1&=0xffff; \

-	idea_mul(x1,x1,*p,ul); p++; \

-	x2+= *(p++); \

-	x3+= *(p++); \

-	x4&=0xffff; \

-	idea_mul(x4,x4,*p,ul); p++; \

-	t0=(x1^x3)&0xffff; \

-	idea_mul(t0,t0,*p,ul); p++; \

-	t1=(t0+(x2^x4))&0xffff; \

-	idea_mul(t1,t1,*p,ul); p++; \

-	t0+=t1; \

-	x1^=t1; \

-	x4^=t0; \

-	ul=x2^t0; /* do the swap to x3 */ \

-	x2=x3^t1; \

-	x3=ul;

--- a/sys/src/ape/lib/openssl/crypto/idea/idea_spd.c

+++ /dev/null

@@ -1,299 +1,0 @@

-/* crypto/idea/idea_spd.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/idea.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-#ifndef CLK_TCK

-#define HZ	100.0

-#else /* CLK_TCK */

-#define HZ ((double)CLK_TCK)

-#endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static unsigned char key[] ={

-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,

-			};

-	IDEA_KEY_SCHEDULE sch;

-	double a,aa,b,c,d;

-#ifndef SIGALRM

-	long ca,cca,cb,cc;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	idea_set_encrypt_key(key,&sch);

-	count=10;

-	do	{

-		long i;

-		IDEA_INT data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			idea_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count/4;

-	cca=count/200;

-	cb=count;

-	cc=count*8/BUFSIZE+1;

-	printf("idea_set_encrypt_key %ld times\n",ca);

-#define COND(d)	(count <= (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing idea_set_encrypt_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count+=4)

-		{

-		idea_set_encrypt_key(key,&sch);

-		idea_set_encrypt_key(key,&sch);

-		idea_set_encrypt_key(key,&sch);

-		idea_set_encrypt_key(key,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld idea idea_set_encrypt_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing idea_set_decrypt_key for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing idea_set_decrypt_key %ld times\n",cca);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cca); count+=4)

-		{

-		idea_set_decrypt_key(&sch,&sch);

-		idea_set_decrypt_key(&sch,&sch);

-		idea_set_decrypt_key(&sch,&sch);

-		idea_set_decrypt_key(&sch,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld idea idea_set_decrypt_key's in %.2f seconds\n",count,d);

-	aa=((double)COUNT(cca))/d;

-#ifdef SIGALRM

-	printf("Doing idea_encrypt's for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing idea_encrypt %ld times\n",cb);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cb); count+=4)

-		{

-		unsigned long data[2];

-		idea_encrypt(data,&sch);

-		idea_encrypt(data,&sch);

-		idea_encrypt(data,&sch);

-		idea_encrypt(data,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld idea_encrypt's in %.2f second\n",count,d);

-	b=((double)COUNT(cb)*8)/d;

-#ifdef SIGALRM

-	printf("Doing idea_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing idea_cbc_encrypt %ld times on %ld byte blocks\n",cc,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		idea_cbc_encrypt(buf,buf,BUFSIZE,&sch,

-			&(key[0]),IDEA_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld idea_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-	printf("IDEA set_encrypt_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);

-	printf("IDEA set_decrypt_key per sec = %12.2f (%9.3fuS)\n",aa,1.0e6/aa);

-	printf("IDEA raw ecb bytes   per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);

-	printf("IDEA cbc     bytes   per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/idea/ideatest.c

+++ /dev/null

@@ -1,235 +1,0 @@

-/* crypto/idea/ideatest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_IDEA

-int main(int argc, char *argv[])

-{

-    printf("No IDEA support\n");

-    return(0);

-}

-#else

-#include <openssl/idea.h>

-unsigned char k[16]={

-	0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,

-	0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};

-unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};

-unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};

-unsigned char out[80];

-char *text="Hello to all people out there";

-static unsigned char cfb_key[16]={

-	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,

-	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,

-	};

-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};

-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];

-#define CFB_TEST_SIZE 24

-static unsigned char plain[CFB_TEST_SIZE]=

-        {

-        0x4e,0x6f,0x77,0x20,0x69,0x73,

-        0x20,0x74,0x68,0x65,0x20,0x74,

-        0x69,0x6d,0x65,0x20,0x66,0x6f,

-        0x72,0x20,0x61,0x6c,0x6c,0x20

-        };

-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={

-	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,

-	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,

-	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45

-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,

-	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,

-	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/

-	};

-static int cfb64_test(unsigned char *cfb_cipher);

-static char *pt(unsigned char *p);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	IDEA_KEY_SCHEDULE key,dkey;

-	unsigned char iv[8];

-	idea_set_encrypt_key(k,&key);

-	idea_ecb_encrypt(in,out,&key);

-	if (memcmp(out,c,8) != 0)

-		{

-		printf("ecb idea error encrypting\n");

-		printf("got     :");

-		for (i=0; i<8; i++)

-			printf("%02X ",out[i]);

-		printf("\n");

-		printf("expected:");

-		for (i=0; i<8; i++)

-			printf("%02X ",c[i]);

-		err=20;

-		printf("\n");

-		}

-	idea_set_decrypt_key(&key,&dkey);

-	idea_ecb_encrypt(c,out,&dkey);

-	if (memcmp(out,in,8) != 0)

-		{

-		printf("ecb idea error decrypting\n");

-		printf("got     :");

-		for (i=0; i<8; i++)

-			printf("%02X ",out[i]);

-		printf("\n");

-		printf("expected:");

-		for (i=0; i<8; i++)

-			printf("%02X ",in[i]);

-		printf("\n");

-		err=3;

-		}

-	if (err == 0) printf("ecb idea ok\n");

-	memcpy(iv,k,8);

-	idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);

-	memcpy(iv,k,8);

-	idea_cbc_encrypt(out,out,8,&dkey,iv,0);

-	idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);

-	if (memcmp(text,out,strlen(text)+1) != 0)

-		{

-		printf("cbc idea bad\n");

-		err=4;

-		}

-	else

-		printf("cbc idea ok\n");

-	printf("cfb64 idea ");

-	if (cfb64_test(cfb_cipher64))

-		{

-		printf("bad\n");

-		err=5;

-		}

-	else

-		printf("ok\n");

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	return(err);

-	}

-static int cfb64_test(unsigned char *cfb_cipher)

-        {

-        IDEA_KEY_SCHEDULE eks,dks;

-        int err=0,i,n;

-        idea_set_encrypt_key(cfb_key,&eks);

-        idea_set_decrypt_key(&eks,&dks);

-        memcpy(cfb_tmp,cfb_iv,8);

-        n=0;

-        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,

-                cfb_tmp,&n,IDEA_ENCRYPT);

-        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),

-                (long)CFB_TEST_SIZE-12,&eks,

-                cfb_tmp,&n,IDEA_ENCRYPT);

-        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)

-                {

-                err=1;

-                printf("idea_cfb64_encrypt encrypt error\n");

-                for (i=0; i<CFB_TEST_SIZE; i+=8)

-                        printf("%s\n",pt(&(cfb_buf1[i])));

-                }

-        memcpy(cfb_tmp,cfb_iv,8);

-        n=0;

-        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,

-                cfb_tmp,&n,IDEA_DECRYPT);

-        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),

-                (long)CFB_TEST_SIZE-17,&dks,

-                cfb_tmp,&n,IDEA_DECRYPT);

-        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)

-                {

-                err=1;

-                printf("idea_cfb_encrypt decrypt error\n");

-                for (i=0; i<24; i+=8)

-                        printf("%s\n",pt(&(cfb_buf2[i])));

-                }

-        return(err);

-        }

-static char *pt(unsigned char *p)

-	{

-	static char bufs[10][20];

-	static int bnum=0;

-	char *ret;

-	int i;

-	static char *f="0123456789ABCDEF";

-	ret= &(bufs[bnum++][0]);

-	bnum%=10;

-	for (i=0; i<8; i++)

-		{

-		ret[i*2]=f[(p[i]>>4)&0xf];

-		ret[i*2+1]=f[p[i]&0xf];

-		}

-	ret[16]='\0';

-	return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/idea/version

+++ /dev/null

@@ -1,12 +1,0 @@

-1.1 07/12/95 - eay

-	Many thanks to Rhys Weatherley <[email protected]>

-	for pointing out that I was assuming little endian byte

-	order for all quantities what idea actually used

-	bigendian.  No where in the spec does it mention

-	this, it is all in terms of 16 bit numbers and even the example

-	does not use byte streams for the input example :-(.

-	If you byte swap each pair of input, keys and iv, the functions

-	would produce the output as the old version :-(.

-1.0 ??/??/95 - eay

-	First version.

--- a/sys/src/ape/lib/openssl/crypto/krb5/Makefile

+++ /dev/null

@@ -1,84 +1,0 @@

-#

-# OpenSSL/krb5/Makefile

-#

-DIR=	krb5

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= krb5_asn.c

-LIBOBJ= krb5_asn.o

-SRC= $(LIBSRC)

-EXHEADER= krb5_asn.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-krb5_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/krb5_asn.h

-krb5_asn.o: ../../include/openssl/opensslconf.h

-krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c

--- a/sys/src/ape/lib/openssl/crypto/krb5/krb5_asn.c

+++ /dev/null

@@ -1,167 +1,0 @@

-/* krb5_asn.c */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project,

-** using ocsp/{*.h,*asn*.c} as a starting point

-*/

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/krb5_asn.h>

-ASN1_SEQUENCE(KRB5_ENCDATA) = {

-	ASN1_EXP(KRB5_ENCDATA, etype,		ASN1_INTEGER,	  0),

-	ASN1_EXP_OPT(KRB5_ENCDATA, kvno,	ASN1_INTEGER,	  1),

-	ASN1_EXP(KRB5_ENCDATA, cipher,		ASN1_OCTET_STRING,2)

-} ASN1_SEQUENCE_END(KRB5_ENCDATA)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)

-ASN1_SEQUENCE(KRB5_PRINCNAME) = {

-	ASN1_EXP(KRB5_PRINCNAME, nametype,	ASN1_INTEGER,	  0),

-	ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)

-} ASN1_SEQUENCE_END(KRB5_PRINCNAME)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)

-/* [APPLICATION 1] = 0x61 */

-ASN1_SEQUENCE(KRB5_TKTBODY) = {

-	ASN1_EXP(KRB5_TKTBODY, tktvno,		ASN1_INTEGER,	  0),

-	ASN1_EXP(KRB5_TKTBODY, realm, 		ASN1_GENERALSTRING, 1),

-	ASN1_EXP(KRB5_TKTBODY, sname,		KRB5_PRINCNAME,	  2),

-	ASN1_EXP(KRB5_TKTBODY, encdata,		KRB5_ENCDATA,	  3)

-} ASN1_SEQUENCE_END(KRB5_TKTBODY)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)

-ASN1_ITEM_TEMPLATE(KRB5_TICKET) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,

-			KRB5_TICKET, KRB5_TKTBODY)

-ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)

-/* [APPLICATION 14] = 0x6e */

-ASN1_SEQUENCE(KRB5_APREQBODY) = {

-	ASN1_EXP(KRB5_APREQBODY, pvno,		ASN1_INTEGER,	  0),

-	ASN1_EXP(KRB5_APREQBODY, msgtype,	ASN1_INTEGER,	  1),

-	ASN1_EXP(KRB5_APREQBODY, apoptions,	ASN1_BIT_STRING,  2),

-	ASN1_EXP(KRB5_APREQBODY, ticket, 	KRB5_TICKET,	  3),

-	ASN1_EXP(KRB5_APREQBODY, authenticator,	KRB5_ENCDATA,	  4),

-} ASN1_SEQUENCE_END(KRB5_APREQBODY)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)

-ASN1_ITEM_TEMPLATE(KRB5_APREQ) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,

-			KRB5_APREQ, KRB5_APREQBODY)

-ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)

-/*  Authenticator stuff 	*/

-ASN1_SEQUENCE(KRB5_CHECKSUM) = {

-	ASN1_EXP(KRB5_CHECKSUM, ctype,		ASN1_INTEGER,	  0),

-	ASN1_EXP(KRB5_CHECKSUM, checksum,	ASN1_OCTET_STRING,1)

-} ASN1_SEQUENCE_END(KRB5_CHECKSUM)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)

-ASN1_SEQUENCE(KRB5_ENCKEY) = {

-	ASN1_EXP(KRB5_ENCKEY,	ktype,		ASN1_INTEGER,	  0),

-	ASN1_EXP(KRB5_ENCKEY,	keyvalue,	ASN1_OCTET_STRING,1)

-} ASN1_SEQUENCE_END(KRB5_ENCKEY)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)

-/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */

-ASN1_SEQUENCE(KRB5_AUTHDATA) = {

-	ASN1_EXP(KRB5_AUTHDATA,	adtype,		ASN1_INTEGER,	  0),

-	ASN1_EXP(KRB5_AUTHDATA,	addata, 	ASN1_OCTET_STRING,1)

-} ASN1_SEQUENCE_END(KRB5_AUTHDATA)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)

-/* [APPLICATION 2] = 0x62 */

-ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {

-	ASN1_EXP(KRB5_AUTHENTBODY,	avno,	ASN1_INTEGER,	  0),

-	ASN1_EXP(KRB5_AUTHENTBODY,	crealm,	ASN1_GENERALSTRING, 1),

-	ASN1_EXP(KRB5_AUTHENTBODY,	cname,	KRB5_PRINCNAME,	  2),

-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	cksum,	KRB5_CHECKSUM,	  3),

-	ASN1_EXP(KRB5_AUTHENTBODY,	cusec,	ASN1_INTEGER,	  4),

-	ASN1_EXP(KRB5_AUTHENTBODY,	ctime,	ASN1_GENERALIZEDTIME, 5),

-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	subkey,	KRB5_ENCKEY,	  6),

-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	seqnum,	ASN1_INTEGER,	  7),

-	ASN1_EXP_SEQUENCE_OF_OPT

-		    (KRB5_AUTHENTBODY,	authorization,	KRB5_AUTHDATA, 8),

-} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)

-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,

-			KRB5_AUTHENT, KRB5_AUTHENTBODY)

-ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)

-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)

--- a/sys/src/ape/lib/openssl/crypto/krb5/krb5_asn.h

+++ /dev/null

@@ -1,256 +1,0 @@

-/* krb5_asn.h */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project,

-** using ocsp/{*.h,*asn*.c} as a starting point

-*/

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_KRB5_ASN_H

-#define HEADER_KRB5_ASN_H

-/*

-#include <krb5.h>

-*/

-#include <openssl/safestack.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*	ASN.1 from Kerberos RFC 1510

-*/

-/*	EncryptedData ::=   SEQUENCE {

-**		etype[0]                      INTEGER, -- EncryptionType

-**		kvno[1]                       INTEGER OPTIONAL,

-**		cipher[2]                     OCTET STRING -- ciphertext

-**	}

-*/

-typedef	struct	krb5_encdata_st

-	{

-	ASN1_INTEGER			*etype;

-	ASN1_INTEGER			*kvno;

-	ASN1_OCTET_STRING		*cipher;

-	}	KRB5_ENCDATA;

-DECLARE_STACK_OF(KRB5_ENCDATA)

-/*	PrincipalName ::=   SEQUENCE {

-**		name-type[0]                  INTEGER,

-**		name-string[1]                SEQUENCE OF GeneralString

-**	}

-*/

-typedef	struct	krb5_princname_st

-	{

-	ASN1_INTEGER			*nametype;

-	STACK_OF(ASN1_GENERALSTRING)	*namestring;

-	}	KRB5_PRINCNAME;

-DECLARE_STACK_OF(KRB5_PRINCNAME)

-/*	Ticket ::=	[APPLICATION 1] SEQUENCE {

-**		tkt-vno[0]                    INTEGER,

-**		realm[1]                      Realm,

-**		sname[2]                      PrincipalName,

-**		enc-part[3]                   EncryptedData

-**	}

-*/

-typedef	struct	krb5_tktbody_st

-	{

-	ASN1_INTEGER			*tktvno;

-	ASN1_GENERALSTRING		*realm;

-	KRB5_PRINCNAME			*sname;

-	KRB5_ENCDATA			*encdata;

-	}	KRB5_TKTBODY;

-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;

-DECLARE_STACK_OF(KRB5_TKTBODY)

-/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {

-**		pvno[0]                       INTEGER,

-**		msg-type[1]                   INTEGER,

-**		ap-options[2]                 APOptions,

-**		ticket[3]                     Ticket,

-**		authenticator[4]              EncryptedData

-**	}

-**

-**	APOptions ::=   BIT STRING {

-**		reserved(0), use-session-key(1), mutual-required(2) }

-*/

-typedef	struct	krb5_ap_req_st

-	{

-	ASN1_INTEGER			*pvno;

-	ASN1_INTEGER			*msgtype;

-	ASN1_BIT_STRING			*apoptions;

-	KRB5_TICKET			*ticket;

-	KRB5_ENCDATA			*authenticator;

-	}	KRB5_APREQBODY;

-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;

-DECLARE_STACK_OF(KRB5_APREQBODY)

-/*	Authenticator Stuff	*/

-/*	Checksum ::=   SEQUENCE {

-**		cksumtype[0]                  INTEGER,

-**		checksum[1]                   OCTET STRING

-**	}

-*/

-typedef	struct	krb5_checksum_st

-	{

-	ASN1_INTEGER			*ctype;

-	ASN1_OCTET_STRING		*checksum;

-	}	KRB5_CHECKSUM;

-DECLARE_STACK_OF(KRB5_CHECKSUM)

-/*	EncryptionKey ::=   SEQUENCE {

-**		keytype[0]                    INTEGER,

-**		keyvalue[1]                   OCTET STRING

-**	}

-*/

-typedef struct  krb5_encryptionkey_st

-	{

-	ASN1_INTEGER			*ktype;

-	ASN1_OCTET_STRING		*keyvalue;

-	}	KRB5_ENCKEY;

-DECLARE_STACK_OF(KRB5_ENCKEY)

-/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {

-**		ad-type[0]                    INTEGER,

-**              ad-data[1]                    OCTET STRING

-**	}

-*/

-typedef struct	krb5_authorization_st

-	{

-	ASN1_INTEGER			*adtype;

-	ASN1_OCTET_STRING		*addata;

-	}	KRB5_AUTHDATA;

-DECLARE_STACK_OF(KRB5_AUTHDATA)

-/*	-- Unencrypted authenticator

-**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {

-**		authenticator-vno[0]          INTEGER,

-**		crealm[1]                     Realm,

-**		cname[2]                      PrincipalName,

-**		cksum[3]                      Checksum OPTIONAL,

-**		cusec[4]                      INTEGER,

-**		ctime[5]                      KerberosTime,

-**		subkey[6]                     EncryptionKey OPTIONAL,

-**		seq-number[7]                 INTEGER OPTIONAL,

-**		authorization-data[8]         AuthorizationData OPTIONAL

-**	}

-*/

-typedef struct	krb5_authenticator_st

-	{

-	ASN1_INTEGER			*avno;

-	ASN1_GENERALSTRING		*crealm;

-	KRB5_PRINCNAME			*cname;

-	KRB5_CHECKSUM			*cksum;

-	ASN1_INTEGER			*cusec;

-	ASN1_GENERALIZEDTIME		*ctime;

-	KRB5_ENCKEY			*subkey;

-	ASN1_INTEGER			*seqnum;

-	KRB5_AUTHDATA			*authorization;

-	}	KRB5_AUTHENTBODY;

-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;

-DECLARE_STACK_OF(KRB5_AUTHENTBODY)

-/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =

-**	type *name##_new(void);

-**	void name##_free(type *a);

-**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =

-**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =

-**	  type *d2i_##name(type **a, const unsigned char **in, long len);

-**	  int i2d_##name(type *a, unsigned char **out);

-**	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it

-*/

-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)

-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)

-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)

-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)

-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)

-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)

-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)

-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)

-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)

-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)

-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/lhash/Makefile

+++ /dev/null

@@ -1,88 +1,0 @@

-#

-# OpenSSL/crypto/lhash/Makefile

-#

-DIR=	lhash

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=lhash.c lh_stats.c

-LIBOBJ=lhash.o lh_stats.o

-SRC= $(LIBSRC)

-EXHEADER= lhash.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-lh_stats.o: ../../e_os.h ../../include/openssl/bio.h

-lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-lh_stats.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-lh_stats.o: ../../include/openssl/symhacks.h ../cryptlib.h lh_stats.c

-lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h

-lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-lhash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-lhash.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h lhash.c

--- a/sys/src/ape/lib/openssl/crypto/lhash/lh_stats.c

+++ /dev/null

@@ -1,248 +1,0 @@

-/* crypto/lhash/lh_stats.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-/* If you wish to build this outside of SSLeay, remove the following lines

- * and things should work as expected */

-#include "cryptlib.h"

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/lhash.h>

-#ifdef OPENSSL_NO_BIO

-void lh_stats(LHASH *lh, FILE *out)

-	{

-	fprintf(out,"num_items             = %lu\n",lh->num_items);

-	fprintf(out,"num_nodes             = %u\n",lh->num_nodes);

-	fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);

-	fprintf(out,"num_expands           = %lu\n",lh->num_expands);

-	fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);

-	fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);

-	fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);

-	fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);

-	fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);

-	fprintf(out,"num_insert            = %lu\n",lh->num_insert);

-	fprintf(out,"num_replace           = %lu\n",lh->num_replace);

-	fprintf(out,"num_delete            = %lu\n",lh->num_delete);

-	fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);

-	fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);

-	fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);

-	fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);

-#if 0

-	fprintf(out,"p                     = %u\n",lh->p);

-	fprintf(out,"pmax                  = %u\n",lh->pmax);

-	fprintf(out,"up_load               = %lu\n",lh->up_load);

-	fprintf(out,"down_load             = %lu\n",lh->down_load);

-#endif

-	}

-void lh_node_stats(LHASH *lh, FILE *out)

-	{

-	LHASH_NODE *n;

-	unsigned int i,num;

-	for (i=0; i<lh->num_nodes; i++)

-		{

-		for (n=lh->b[i],num=0; n != NULL; n=n->next)

-			num++;

-		fprintf(out,"node %6u -> %3u\n",i,num);

-		}

-	}

-void lh_node_usage_stats(LHASH *lh, FILE *out)

-	{

-	LHASH_NODE *n;

-	unsigned long num;

-	unsigned int i;

-	unsigned long total=0,n_used=0;

-	for (i=0; i<lh->num_nodes; i++)

-		{

-		for (n=lh->b[i],num=0; n != NULL; n=n->next)

-			num++;

-		if (num != 0)

-			{

-			n_used++;

-			total+=num;

-			}

-		}

-	fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);

-	fprintf(out,"%lu items\n",total);

-	if (n_used == 0) return;

-	fprintf(out,"load %d.%02d  actual load %d.%02d\n",

-		(int)(total/lh->num_nodes),

-		(int)((total%lh->num_nodes)*100/lh->num_nodes),

-		(int)(total/n_used),

-		(int)((total%n_used)*100/n_used));

-	}

-#else

-#ifndef OPENSSL_NO_FP_API

-void lh_stats(const LHASH *lh, FILE *fp)

-	{

-	BIO *bp;

-	bp=BIO_new(BIO_s_file());

-	if (bp == NULL) goto end;

-	BIO_set_fp(bp,fp,BIO_NOCLOSE);

-	lh_stats_bio(lh,bp);

-	BIO_free(bp);

-end:;

-	}

-void lh_node_stats(const LHASH *lh, FILE *fp)

-	{

-	BIO *bp;

-	bp=BIO_new(BIO_s_file());

-	if (bp == NULL) goto end;

-	BIO_set_fp(bp,fp,BIO_NOCLOSE);

-	lh_node_stats_bio(lh,bp);

-	BIO_free(bp);

-end:;

-	}

-void lh_node_usage_stats(const LHASH *lh, FILE *fp)

-	{

-	BIO *bp;

-	bp=BIO_new(BIO_s_file());

-	if (bp == NULL) goto end;

-	BIO_set_fp(bp,fp,BIO_NOCLOSE);

-	lh_node_usage_stats_bio(lh,bp);

-	BIO_free(bp);

-end:;

-	}

-#endif

-void lh_stats_bio(const LHASH *lh, BIO *out)

-	{

-	BIO_printf(out,"num_items             = %lu\n",lh->num_items);

-	BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);

-	BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);

-	BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);

-	BIO_printf(out,"num_expand_reallocs   = %lu\n",

-		   lh->num_expand_reallocs);

-	BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);

-	BIO_printf(out,"num_contract_reallocs = %lu\n",

-		   lh->num_contract_reallocs);

-	BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);

-	BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);

-	BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);

-	BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);

-	BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);

-	BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);

-	BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);

-	BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);

-	BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);

-#if 0

-	BIO_printf(out,"p                     = %u\n",lh->p);

-	BIO_printf(out,"pmax                  = %u\n",lh->pmax);

-	BIO_printf(out,"up_load               = %lu\n",lh->up_load);

-	BIO_printf(out,"down_load             = %lu\n",lh->down_load);

-#endif

-	}

-void lh_node_stats_bio(const LHASH *lh, BIO *out)

-	{

-	LHASH_NODE *n;

-	unsigned int i,num;

-	for (i=0; i<lh->num_nodes; i++)

-		{

-		for (n=lh->b[i],num=0; n != NULL; n=n->next)

-			num++;

-		BIO_printf(out,"node %6u -> %3u\n",i,num);

-		}

-	}

-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)

-	{

-	LHASH_NODE *n;

-	unsigned long num;

-	unsigned int i;

-	unsigned long total=0,n_used=0;

-	for (i=0; i<lh->num_nodes; i++)

-		{

-		for (n=lh->b[i],num=0; n != NULL; n=n->next)

-			num++;

-		if (num != 0)

-			{

-			n_used++;

-			total+=num;

-			}

-		}

-	BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);

-	BIO_printf(out,"%lu items\n",total);

-	if (n_used == 0) return;

-	BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",

-		   (int)(total/lh->num_nodes),

-		   (int)((total%lh->num_nodes)*100/lh->num_nodes),

-		   (int)(total/n_used),

-		   (int)((total%n_used)*100/n_used));

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/lhash/lh_test.c

+++ /dev/null

@@ -1,88 +1,0 @@

-/* crypto/lhash/lh_test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/lhash.h>

-main()

-	{

-	LHASH *conf;

-	char buf[256];

-	int i;

-	conf=lh_new(lh_strhash,strcmp);

-	for (;;)

-		{

-		char *p;

-		buf[0]='\0';

-		fgets(buf,256,stdin);

-		if (buf[0] == '\0') break;

-		i=strlen(buf);

-		p=OPENSSL_malloc(i+1);

-		memcpy(p,buf,i+1);

-		lh_insert(conf,p);

-		}

-	lh_node_stats(conf,stdout);

-	lh_stats(conf,stdout);

-	lh_node_usage_stats(conf,stdout);

-	exit(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/lhash/lhash.c

+++ /dev/null

@@ -1,470 +1,0 @@

-/* crypto/lhash/lhash.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Code for dynamic hash table routines

- * Author - Eric Young v 2.0

- *

- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is

- *	     present. eay 18-Jun-98

- *

- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98

- *

- * 2.0 eay - Fixed a bug that occurred when using lh_delete

- *	     from inside lh_doall().  As entries were deleted,

- *	     the 'table' was 'contract()ed', making some entries

- *	     jump from the end of the table to the start, there by

- *	     skipping the lh_doall() processing. eay - 4/12/95

- *

- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs

- *	     were not being free()ed. 21/11/95

- *

- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c

- *	     19/09/95

- *

- * 1.7 eay - Removed the fputs() for realloc failures - the code

- *           should silently tolerate them.  I have also fixed things

- *           lint complained about 04/05/95

- *

- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92

- *

- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992

- *

- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91

- *

- * 1.3 eay - Fixed a few lint problems 19/3/1991

- *

- * 1.2 eay - Fixed lh_doall problem 13/3/1991

- *

- * 1.1 eay - Added lh_doall

- *

- * 1.0 eay - First version

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include <openssl/crypto.h>

-#include <openssl/lhash.h>

-const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;

-#undef MIN_NODES

-#define MIN_NODES	16

-#define UP_LOAD		(2*LH_LOAD_MULT) /* load times 256  (default 2) */

-#define DOWN_LOAD	(LH_LOAD_MULT)   /* load times 256  (default 1) */

-static void expand(LHASH *lh);

-static void contract(LHASH *lh);

-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);

-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)

-	{

-	LHASH *ret;

-	int i;

-	if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)

-		goto err0;

-	if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)

-		goto err1;

-	for (i=0; i<MIN_NODES; i++)

-		ret->b[i]=NULL;

-	ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);

-	ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);

-	ret->num_nodes=MIN_NODES/2;

-	ret->num_alloc_nodes=MIN_NODES;

-	ret->p=0;

-	ret->pmax=MIN_NODES/2;

-	ret->up_load=UP_LOAD;

-	ret->down_load=DOWN_LOAD;

-	ret->num_items=0;

-	ret->num_expands=0;

-	ret->num_expand_reallocs=0;

-	ret->num_contracts=0;

-	ret->num_contract_reallocs=0;

-	ret->num_hash_calls=0;

-	ret->num_comp_calls=0;

-	ret->num_insert=0;

-	ret->num_replace=0;

-	ret->num_delete=0;

-	ret->num_no_delete=0;

-	ret->num_retrieve=0;

-	ret->num_retrieve_miss=0;

-	ret->num_hash_comps=0;

-	ret->error=0;

-	return(ret);

-err1:

-	OPENSSL_free(ret);

-err0:

-	return(NULL);

-	}

-void lh_free(LHASH *lh)

-	{

-	unsigned int i;

-	LHASH_NODE *n,*nn;

-	if (lh == NULL)

-	    return;

-	for (i=0; i<lh->num_nodes; i++)

-		{

-		n=lh->b[i];

-		while (n != NULL)

-			{

-			nn=n->next;

-			OPENSSL_free(n);

-			n=nn;

-			}

-		}

-	OPENSSL_free(lh->b);

-	OPENSSL_free(lh);

-	}

-void *lh_insert(LHASH *lh, void *data)

-	{

-	unsigned long hash;

-	LHASH_NODE *nn,**rn;

-	void *ret;

-	lh->error=0;

-	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))

-		expand(lh);

-	rn=getrn(lh,data,&hash);

-	if (*rn == NULL)

-		{

-		if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)

-			{

-			lh->error++;

-			return(NULL);

-			}

-		nn->data=data;

-		nn->next=NULL;

-#ifndef OPENSSL_NO_HASH_COMP

-		nn->hash=hash;

-#endif

-		*rn=nn;

-		ret=NULL;

-		lh->num_insert++;

-		lh->num_items++;

-		}

-	else /* replace same key */

-		{

-		ret= (*rn)->data;

-		(*rn)->data=data;

-		lh->num_replace++;

-		}

-	return(ret);

-	}

-void *lh_delete(LHASH *lh, const void *data)

-	{

-	unsigned long hash;

-	LHASH_NODE *nn,**rn;

-	void *ret;

-	lh->error=0;

-	rn=getrn(lh,data,&hash);

-	if (*rn == NULL)

-		{

-		lh->num_no_delete++;

-		return(NULL);

-		}

-	else

-		{

-		nn= *rn;

-		*rn=nn->next;

-		ret=nn->data;

-		OPENSSL_free(nn);

-		lh->num_delete++;

-		}

-	lh->num_items--;

-	if ((lh->num_nodes > MIN_NODES) &&

-		(lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))

-		contract(lh);

-	return(ret);

-	}

-void *lh_retrieve(LHASH *lh, const void *data)

-	{

-	unsigned long hash;

-	LHASH_NODE **rn;

-	void *ret;

-	lh->error=0;

-	rn=getrn(lh,data,&hash);

-	if (*rn == NULL)

-		{

-		lh->num_retrieve_miss++;

-		return(NULL);

-		}

-	else

-		{

-		ret= (*rn)->data;

-		lh->num_retrieve++;

-		}

-	return(ret);

-	}

-static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,

-			  LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)

-	{

-	int i;

-	LHASH_NODE *a,*n;

-	/* reverse the order so we search from 'top to bottom'

-	 * We were having memory leaks otherwise */

-	for (i=lh->num_nodes-1; i>=0; i--)

-		{

-		a=lh->b[i];

-		while (a != NULL)

-			{

-			/* 28/05/91 - eay - n added so items can be deleted

-			 * via lh_doall */

-			n=a->next;

-			if(use_arg)

-				func_arg(a->data,arg);

-			else

-				func(a->data);

-			a=n;

-			}

-		}

-	}

-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)

-	{

-	doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);

-	}

-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)

-	{

-	doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);

-	}

-static void expand(LHASH *lh)

-	{

-	LHASH_NODE **n,**n1,**n2,*np;

-	unsigned int p,i,j;

-	unsigned long hash,nni;

-	lh->num_nodes++;

-	lh->num_expands++;

-	p=(int)lh->p++;

-	n1= &(lh->b[p]);

-	n2= &(lh->b[p+(int)lh->pmax]);

-	*n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */

-	nni=lh->num_alloc_nodes;

-	for (np= *n1; np != NULL; )

-		{

-#ifndef OPENSSL_NO_HASH_COMP

-		hash=np->hash;

-#else

-		hash=lh->hash(np->data);

-		lh->num_hash_calls++;

-#endif

-		if ((hash%nni) != p)

-			{ /* move it */

-			*n1= (*n1)->next;

-			np->next= *n2;

-			*n2=np;

-			}

-		else

-			n1= &((*n1)->next);

-		np= *n1;

-		}

-	if ((lh->p) >= lh->pmax)

-		{

-		j=(int)lh->num_alloc_nodes*2;

-		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,

-			(int)(sizeof(LHASH_NODE *)*j));

-		if (n == NULL)

-			{

-/*			fputs("realloc error in lhash",stderr); */

-			lh->error++;

-			lh->p=0;

-			return;

-			}

-		/* else */

-		for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */

-			n[i]=NULL;			  /* 02/03/92 eay */

-		lh->pmax=lh->num_alloc_nodes;

-		lh->num_alloc_nodes=j;

-		lh->num_expand_reallocs++;

-		lh->p=0;

-		lh->b=n;

-		}

-	}

-static void contract(LHASH *lh)

-	{

-	LHASH_NODE **n,*n1,*np;

-	np=lh->b[lh->p+lh->pmax-1];

-	lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */

-	if (lh->p == 0)

-		{

-		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,

-			(unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));

-		if (n == NULL)

-			{

-/*			fputs("realloc error in lhash",stderr); */

-			lh->error++;

-			return;

-			}

-		lh->num_contract_reallocs++;

-		lh->num_alloc_nodes/=2;

-		lh->pmax/=2;

-		lh->p=lh->pmax-1;

-		lh->b=n;

-		}

-	else

-		lh->p--;

-	lh->num_nodes--;

-	lh->num_contracts++;

-	n1=lh->b[(int)lh->p];

-	if (n1 == NULL)

-		lh->b[(int)lh->p]=np;

-	else

-		{

-		while (n1->next != NULL)

-			n1=n1->next;

-		n1->next=np;

-		}

-	}

-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)

-	{

-	LHASH_NODE **ret,*n1;

-	unsigned long hash,nn;

-	LHASH_COMP_FN_TYPE cf;

-	hash=(*(lh->hash))(data);

-	lh->num_hash_calls++;

-	*rhash=hash;

-	nn=hash%lh->pmax;

-	if (nn < lh->p)

-		nn=hash%lh->num_alloc_nodes;

-	cf=lh->comp;

-	ret= &(lh->b[(int)nn]);

-	for (n1= *ret; n1 != NULL; n1=n1->next)

-		{

-#ifndef OPENSSL_NO_HASH_COMP

-		lh->num_hash_comps++;

-		if (n1->hash != hash)

-			{

-			ret= &(n1->next);

-			continue;

-			}

-#endif

-		lh->num_comp_calls++;

-		if(cf(n1->data,data) == 0)

-			break;

-		ret= &(n1->next);

-		}

-	return(ret);

-	}

-/* The following hash seems to work very well on normal text strings

- * no collisions on /usr/dict/words and it distributes on %2^n quite

- * well, not as good as MD5, but still good.

- */

-unsigned long lh_strhash(const char *c)

-	{

-	unsigned long ret=0;

-	long n;

-	unsigned long v;

-	int r;

-	if ((c == NULL) || (*c == '\0'))

-		return(ret);

-/*

-	unsigned char b[16];

-	MD5(c,strlen(c),b);

-	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));

-*/

-	n=0x100;

-	while (*c)

-		{

-		v=n|(*c);

-		n+=0x100;

-		r= (int)((v>>2)^v)&0x0f;

-		ret=(ret<<r)|(ret>>(32-r));

-		ret&=0xFFFFFFFFL;

-		ret^=v*v;

-		c++;

-		}

-	return((ret>>16)^ret);

-	}

-unsigned long lh_num_items(const LHASH *lh)

-	{

-	return lh ? lh->num_items : 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/lhash/lhash.h

+++ /dev/null

@@ -1,200 +1,0 @@

-/* crypto/lhash/lhash.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Header for dynamic hash table routines

- * Author - Eric Young

- */

-#ifndef HEADER_LHASH_H

-#define HEADER_LHASH_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_FP_API

-#include <stdio.h>

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct lhash_node_st

-	{

-	void *data;

-	struct lhash_node_st *next;

-#ifndef OPENSSL_NO_HASH_COMP

-	unsigned long hash;

-#endif

-	} LHASH_NODE;

-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);

-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);

-typedef void (*LHASH_DOALL_FN_TYPE)(void *);

-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);

-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.

- * This way, callbacks can be provided to LHASH structures without function

- * pointer casting and the macro-defined callbacks provide per-variable casting

- * before deferring to the underlying type-specific callbacks. NB: It is

- * possible to place a "static" in front of both the DECLARE and IMPLEMENT

- * macros if the functions are strictly internal. */

-/* First: "hash" functions */

-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \

-	unsigned long f_name##_LHASH_HASH(const void *);

-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \

-	unsigned long f_name##_LHASH_HASH(const void *arg) { \

-		o_type a = (o_type)arg; \

-		return f_name(a); }

-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH

-/* Second: "compare" functions */

-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \

-	int f_name##_LHASH_COMP(const void *, const void *);

-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \

-	int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \

-		o_type a = (o_type)arg1; \

-		o_type b = (o_type)arg2; \

-		return f_name(a,b); }

-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP

-/* Third: "doall" functions */

-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \

-	void f_name##_LHASH_DOALL(void *);

-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \

-	void f_name##_LHASH_DOALL(void *arg) { \

-		o_type a = (o_type)arg; \

-		f_name(a); }

-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL

-/* Fourth: "doall_arg" functions */

-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \

-	void f_name##_LHASH_DOALL_ARG(void *, void *);

-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \

-	void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \

-		o_type a = (o_type)arg1; \

-		a_type b = (a_type)arg2; \

-		f_name(a,b); }

-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG

-typedef struct lhash_st

-	{

-	LHASH_NODE **b;

-	LHASH_COMP_FN_TYPE comp;

-	LHASH_HASH_FN_TYPE hash;

-	unsigned int num_nodes;

-	unsigned int num_alloc_nodes;

-	unsigned int p;

-	unsigned int pmax;

-	unsigned long up_load; /* load times 256 */

-	unsigned long down_load; /* load times 256 */

-	unsigned long num_items;

-	unsigned long num_expands;

-	unsigned long num_expand_reallocs;

-	unsigned long num_contracts;

-	unsigned long num_contract_reallocs;

-	unsigned long num_hash_calls;

-	unsigned long num_comp_calls;

-	unsigned long num_insert;

-	unsigned long num_replace;

-	unsigned long num_delete;

-	unsigned long num_no_delete;

-	unsigned long num_retrieve;

-	unsigned long num_retrieve_miss;

-	unsigned long num_hash_comps;

-	int error;

-	} LHASH;

-#define LH_LOAD_MULT	256

-/* Indicates a malloc() error in the last call, this is only bad

- * in lh_insert(). */

-#define lh_error(lh)	((lh)->error)

-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);

-void lh_free(LHASH *lh);

-void *lh_insert(LHASH *lh, void *data);

-void *lh_delete(LHASH *lh, const void *data);

-void *lh_retrieve(LHASH *lh, const void *data);

-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);

-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);

-unsigned long lh_strhash(const char *c);

-unsigned long lh_num_items(const LHASH *lh);

-#ifndef OPENSSL_NO_FP_API

-void lh_stats(const LHASH *lh, FILE *out);

-void lh_node_stats(const LHASH *lh, FILE *out);

-void lh_node_usage_stats(const LHASH *lh, FILE *out);

-#endif

-#ifndef OPENSSL_NO_BIO

-void lh_stats_bio(const LHASH *lh, BIO *out);

-void lh_node_stats_bio(const LHASH *lh, BIO *out);

-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/lhash/num.pl

+++ /dev/null

@@ -1,17 +1,0 @@

-#!/usr/local/bin/perl

-#node     10 ->   4

-while (<>)

-	{

-	next unless /^node/;

-	chop;

-	@a=split;

-	$num{$a[3]}++;

-	}

-@a=sort {$a <=> $b } keys %num;

-foreach (0 .. $a[$#a])

-	{

-	printf "%4d:%4d\n",$_,$num{$_};

-	}

--- a/sys/src/ape/lib/openssl/crypto/md2/Makefile

+++ /dev/null

@@ -1,89 +1,0 @@

-#

-# OpenSSL/crypto/md/Makefile

-#

-DIR=	md2

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=md2test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=md2_dgst.c md2_one.c

-LIBOBJ=md2_dgst.o md2_one.o

-SRC= $(LIBSRC)

-EXHEADER= md2.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h

-md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-md2_dgst.o: ../../include/openssl/symhacks.h md2_dgst.c

-md2_one.o: ../../e_os.h ../../include/openssl/bio.h

-md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

-md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-md2_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-md2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-md2_one.o: ../cryptlib.h md2_one.c

--- a/sys/src/ape/lib/openssl/crypto/md2/md2.c

+++ /dev/null

@@ -1,124 +1,0 @@

-/* crypto/md2/md2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/md2.h>

-#define BUFSIZE	1024*16

-void do_fp(FILE *f);

-void pt(unsigned char *md);

-int read(int, void *, unsigned int);

-void exit(int);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	FILE *IN;

-	if (argc == 1)

-		{

-		do_fp(stdin);

-		}

-	else

-		{

-		for (i=1; i<argc; i++)

-			{

-			IN=fopen(argv[i],"r");

-			if (IN == NULL)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			printf("MD2(%s)= ",argv[i]);

-			do_fp(IN);

-			fclose(IN);

-			}

-		}

-	exit(err);

-	return(err);

-	}

-void do_fp(FILE *f)

-	{

-	MD2_CTX c;

-	unsigned char md[MD2_DIGEST_LENGTH];

-	int fd,i;

-	static unsigned char buf[BUFSIZE];

-	fd=fileno(f);

-	MD2_Init(&c);

-	for (;;)

-		{

-		i=read(fd,buf,BUFSIZE);

-		if (i <= 0) break;

-		MD2_Update(&c,buf,(unsigned long)i);

-		}

-	MD2_Final(&(md[0]),&c);

-	pt(md);

-	}

-void pt(unsigned char *md)

-	{

-	int i;

-	for (i=0; i<MD2_DIGEST_LENGTH; i++)

-		printf("%02x",md[i]);

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/md2/md2.h

+++ /dev/null

@@ -1,92 +1,0 @@

-/* crypto/md/md2.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MD2_H

-#define HEADER_MD2_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */

-#ifdef OPENSSL_NO_MD2

-#error MD2 is disabled.

-#endif

-#include <stddef.h>

-#define MD2_DIGEST_LENGTH	16

-#define MD2_BLOCK       	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct MD2state_st

-	{

-	unsigned int num;

-	unsigned char data[MD2_BLOCK];

-	MD2_INT cksm[MD2_BLOCK];

-	MD2_INT state[MD2_BLOCK];

-	} MD2_CTX;

-const char *MD2_options(void);

-int MD2_Init(MD2_CTX *c);

-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);

-int MD2_Final(unsigned char *md, MD2_CTX *c);

-unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md2/md2_dgst.c

+++ /dev/null

@@ -1,227 +1,0 @@

-/* crypto/md2/md2_dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/md2.h>

-#include <openssl/opensslv.h>

-#include <openssl/crypto.h>

-const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;

-/* Implemented from RFC1319 The MD2 Message-Digest Algorithm

- */

-#define UCHAR	unsigned char

-static void md2_block(MD2_CTX *c, const unsigned char *d);

-/* The magic S table - I have converted it to hex since it is

- * basically just a random byte string. */

-static MD2_INT S[256]={

-	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,

-	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,

-	0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,

-	0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,

-	0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,

-	0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,

-	0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,

-	0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,

-	0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,

-	0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,

-	0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,

-	0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,

-	0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,

-	0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,

-	0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,

-	0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,

-	0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,

-	0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,

-	0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,

-	0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,

-	0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,

-	0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,

-	0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,

-	0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,

-	0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,

-	0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,

-	0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,

-	0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,

-	0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,

-	0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,

-	0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,

-	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,

-	};

-const char *MD2_options(void)

-	{

-	if (sizeof(MD2_INT) == 1)

-		return("md2(char)");

-	else

-		return("md2(int)");

-	}

-int MD2_Init(MD2_CTX *c)

-	{

-	c->num=0;

-	memset(c->state,0,sizeof c->state);

-	memset(c->cksm,0,sizeof c->cksm);

-	memset(c->data,0,sizeof c->data);

-	return 1;

-	}

-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)

-	{

-	register UCHAR *p;

-	if (len == 0) return 1;

-	p=c->data;

-	if (c->num != 0)

-		{

-		if ((c->num+len) >= MD2_BLOCK)

-			{

-			memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);

-			md2_block(c,c->data);

-			data+=(MD2_BLOCK - c->num);

-			len-=(MD2_BLOCK - c->num);

-			c->num=0;

-			/* drop through and do the rest */

-			}

-		else

-			{

-			memcpy(&(p[c->num]),data,len);

-			/* data+=len; */

-			c->num+=(int)len;

-			return 1;

-			}

-		}

-	/* we now can process the input data in blocks of MD2_BLOCK

-	 * chars and save the leftovers to c->data. */

-	while (len >= MD2_BLOCK)

-		{

-		md2_block(c,data);

-		data+=MD2_BLOCK;

-		len-=MD2_BLOCK;

-		}

-	memcpy(p,data,len);

-	c->num=(int)len;

-	return 1;

-	}

-static void md2_block(MD2_CTX *c, const unsigned char *d)

-	{

-	register MD2_INT t,*sp1,*sp2;

-	register int i,j;

-	MD2_INT state[48];

-	sp1=c->state;

-	sp2=c->cksm;

-	j=sp2[MD2_BLOCK-1];

-	for (i=0; i<16; i++)

-		{

-		state[i]=sp1[i];

-		state[i+16]=t=d[i];

-		state[i+32]=(t^sp1[i]);

-		j=sp2[i]^=S[t^j];

-		}

-	t=0;

-	for (i=0; i<18; i++)

-		{

-		for (j=0; j<48; j+=8)

-			{

-			t= state[j+ 0]^=S[t];

-			t= state[j+ 1]^=S[t];

-			t= state[j+ 2]^=S[t];

-			t= state[j+ 3]^=S[t];

-			t= state[j+ 4]^=S[t];

-			t= state[j+ 5]^=S[t];

-			t= state[j+ 6]^=S[t];

-			t= state[j+ 7]^=S[t];

-			}

-		t=(t+i)&0xff;

-		}

-	memcpy(sp1,state,16*sizeof(MD2_INT));

-	OPENSSL_cleanse(state,48*sizeof(MD2_INT));

-	}

-int MD2_Final(unsigned char *md, MD2_CTX *c)

-	{

-	int i,v;

-	register UCHAR *cp;

-	register MD2_INT *p1,*p2;

-	cp=c->data;

-	p1=c->state;

-	p2=c->cksm;

-	v=MD2_BLOCK-c->num;

-	for (i=c->num; i<MD2_BLOCK; i++)

-		cp[i]=(UCHAR)v;

-	md2_block(c,cp);

-	for (i=0; i<MD2_BLOCK; i++)

-		cp[i]=(UCHAR)p2[i];

-	md2_block(c,cp);

-	for (i=0; i<16; i++)

-		md[i]=(UCHAR)(p1[i]&0xff);

-	memset((char *)&c,0,sizeof(c));

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/md2/md2_one.c

+++ /dev/null

@@ -1,94 +1,0 @@

-/* crypto/md2/md2_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/md2.h>

-/* This is a separate file so that #defines in cryptlib.h can

- * map my MD functions to different names */

-unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	MD2_CTX c;

-	static unsigned char m[MD2_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!MD2_Init(&c))

-		return NULL;

-#ifndef CHARSET_EBCDIC

-	MD2_Update(&c,d,n);

-#else

-	{

-		char temp[1024];

-		unsigned long chunk;

-		while (n > 0)

-		{

-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;

-			ebcdic2ascii(temp, d, chunk);

-			MD2_Update(&c,temp,chunk);

-			n -= chunk;

-			d += chunk;

-		}

-	}

-#endif

-	MD2_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */

-	return(md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/md2/md2test.c

+++ /dev/null

@@ -1,143 +1,0 @@

-/* crypto/md2/md2test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_MD2

-int main(int argc, char *argv[])

-{

-    printf("No MD2 support\n");

-    return(0);

-}

-#else

-#include <openssl/evp.h>

-#include <openssl/md2.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-static char *test[]={

-	"",

-	"a",

-	"abc",

-	"message digest",

-	"abcdefghijklmnopqrstuvwxyz",

-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",

-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",

-	NULL,

-	};

-static char *ret[]={

-	"8350e5a3e24c153df2275c9f80692773",

-	"32ec01ec4a6dac72c0ab96fb34c0b5d1",

-	"da853b0d3f88d99b30283a69e6ded6bb",

-	"ab4f496bfb2a530b219ff33031fe06b0",

-	"4e8ddff3650292ab5a4108c3aa47940b",

-	"da33def2a42df13975352846c30338cd",

-	"d5976f79d83d3a0dc9806c3c66f3efd8",

-	};

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	char **P,**R;

-	char *p;

-	unsigned char md[MD2_DIGEST_LENGTH];

-	P=test;

-	R=ret;

-	i=1;

-	while (*P != NULL)

-		{

-		EVP_Digest((unsigned char *)*P,strlen(*P),md,NULL,EVP_md2(), NULL);

-		p=pt(md);

-		if (strcmp(p,*R) != 0)

-			{

-			printf("error calculating MD2 on '%s'\n",*P);

-			printf("got %s instead of %s\n",p,*R);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		i++;

-		R++;

-		P++;

-		}

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	return err;

-	}

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<MD2_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md32_common.h

+++ /dev/null

@@ -1,623 +1,0 @@

-/* crypto/md32_common.h */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

- * This is a generic 32 bit "collector" for message digest algorithms.

- * Whenever needed it collects input character stream into chunks of

- * 32 bit values and invokes a block function that performs actual hash

- * calculations.

- *

- * Porting guide.

- *

- * Obligatory macros:

- *

- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN

- *	this macro defines byte order of input stream.

- * HASH_CBLOCK

- *	size of a unit chunk HASH_BLOCK operates on.

- * HASH_LONG

- *	has to be at lest 32 bit wide, if it's wider, then

- *	HASH_LONG_LOG2 *has to* be defined along

- * HASH_CTX

- *	context structure that at least contains following

- *	members:

- *		typedef struct {

- *			...

- *			HASH_LONG	Nl,Nh;

- *			HASH_LONG	data[HASH_LBLOCK];

- *			unsigned int	num;

- *			...

- *			} HASH_CTX;

- * HASH_UPDATE

- *	name of "Update" function, implemented here.

- * HASH_TRANSFORM

- *	name of "Transform" function, implemented here.

- * HASH_FINAL

- *	name of "Final" function, implemented here.

- * HASH_BLOCK_HOST_ORDER

- *	name of "block" function treating *aligned* input message

- *	in host byte order, implemented externally.

- * HASH_BLOCK_DATA_ORDER

- *	name of "block" function treating *unaligned* input message

- *	in original (data) byte order, implemented externally (it

- *	actually is optional if data and host are of the same

- *	"endianess").

- * HASH_MAKE_STRING

- *	macro convering context variables to an ASCII hash string.

- *

- * Optional macros:

- *

- * B_ENDIAN or L_ENDIAN

- *	defines host byte-order.

- * HASH_LONG_LOG2

- *	defaults to 2 if not states otherwise.

- * HASH_LBLOCK

- *	assumed to be HASH_CBLOCK/4 if not stated otherwise.

- * HASH_BLOCK_DATA_ORDER_ALIGNED

- *	alternative "block" function capable of treating

- *	aligned input message in original (data) order,

- *	implemented externally.

- *

- * MD5 example:

- *

- *	#define DATA_ORDER_IS_LITTLE_ENDIAN

- *

- *	#define HASH_LONG		MD5_LONG

- *	#define HASH_LONG_LOG2		MD5_LONG_LOG2

- *	#define HASH_CTX		MD5_CTX

- *	#define HASH_CBLOCK		MD5_CBLOCK

- *	#define HASH_LBLOCK		MD5_LBLOCK

- *	#define HASH_UPDATE		MD5_Update

- *	#define HASH_TRANSFORM		MD5_Transform

- *	#define HASH_FINAL		MD5_Final

- *	#define HASH_BLOCK_HOST_ORDER	md5_block_host_order

- *	#define HASH_BLOCK_DATA_ORDER	md5_block_data_order

- *

- *					<[email protected]>

- */

-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)

-#error "DATA_ORDER must be defined!"

-#endif

-#ifndef HASH_CBLOCK

-#error "HASH_CBLOCK must be defined!"

-#endif

-#ifndef HASH_LONG

-#error "HASH_LONG must be defined!"

-#endif

-#ifndef HASH_CTX

-#error "HASH_CTX must be defined!"

-#endif

-#ifndef HASH_UPDATE

-#error "HASH_UPDATE must be defined!"

-#endif

-#ifndef HASH_TRANSFORM

-#error "HASH_TRANSFORM must be defined!"

-#endif

-#ifndef HASH_FINAL

-#error "HASH_FINAL must be defined!"

-#endif

-#ifndef HASH_BLOCK_HOST_ORDER

-#error "HASH_BLOCK_HOST_ORDER must be defined!"

-#endif

-#if 0

-/*

- * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED

- * isn't defined.

- */

-#ifndef HASH_BLOCK_DATA_ORDER

-#error "HASH_BLOCK_DATA_ORDER must be defined!"

-#endif

-#endif

-#ifndef HASH_LBLOCK

-#define HASH_LBLOCK	(HASH_CBLOCK/4)

-#endif

-#ifndef HASH_LONG_LOG2

-#define HASH_LONG_LOG2	2

-#endif

-/*

- * Engage compiler specific rotate intrinsic function if available.

- */

-#undef ROTATE

-#ifndef PEDANTIC

-# if defined(_MSC_VER) || defined(__ICC)

-#  define ROTATE(a,n)	_lrotl(a,n)

-# elif defined(__MWERKS__)

-#  if defined(__POWERPC__)

-#   define ROTATE(a,n)	__rlwinm(a,n,0,31)

-#  elif defined(__MC68K__)

-    /* Motorola specific tweak. <[email protected]> */

-#   define ROTATE(a,n)	( n<24 ? __rol(a,n) : __ror(a,32-n) )

-#  else

-#   define ROTATE(a,n)	__rol(a,n)

-#  endif

-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)

-  /*

-   * Some GNU C inline assembler templates. Note that these are

-   * rotates by *constant* number of bits! But that's exactly

-   * what we need here...

-   * 					<[email protected]>

-   */

-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)

-#   define ROTATE(a,n)	({ register unsigned int ret;	\

-				asm (			\

-				"roll %1,%0"		\

-				: "=r"(ret)		\

-				: "I"(n), "0"(a)	\

-				: "cc");		\

-			   ret;				\

-			})

-#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)

-#   define ROTATE(a,n)	({ register unsigned int ret;	\

-				asm (			\

-				"rlwinm %0,%1,%2,0,31"	\

-				: "=r"(ret)		\

-				: "r"(a), "I"(n));	\

-			   ret;				\

-			})

-#  endif

-# endif

-#endif /* PEDANTIC */

-#if HASH_LONG_LOG2==2	/* Engage only if sizeof(HASH_LONG)== 4 */

-/* A nice byte order reversal from Wei Dai <[email protected]> */

-#ifdef ROTATE

-/* 5 instructions with rotate instruction, else 9 */

-#define REVERSE_FETCH32(a,l)	(					\

-		l=*(const HASH_LONG *)(a),				\

-		((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))	\

-				)

-#else

-/* 6 instructions with rotate instruction, else 8 */

-#define REVERSE_FETCH32(a,l)	(				\

-		l=*(const HASH_LONG *)(a),			\

-		l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),	\

-		ROTATE(l,16)					\

-				)

-/*

- * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...

- * It's rewritten as above for two reasons:

- *	- RISCs aren't good at long constants and have to explicitely

- *	  compose 'em with several (well, usually 2) instructions in a

- *	  register before performing the actual operation and (as you

- *	  already realized:-) having same constant should inspire the

- *	  compiler to permanently allocate the only register for it;

- *	- most modern CPUs have two ALUs, but usually only one has

- *	  circuitry for shifts:-( this minor tweak inspires compiler

- *	  to schedule shift instructions in a better way...

- *

- *				<[email protected]>

- */

-#endif

-#endif

-#ifndef ROTATE

-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))

-#endif

-/*

- * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED

- * and HASH_BLOCK_HOST_ORDER ought to be the same if input data

- * and host are of the same "endianess". It's possible to mask

- * this with blank #define HASH_BLOCK_DATA_ORDER though...

- *

- *				<[email protected]>

- */

-#if defined(B_ENDIAN)

-#  if defined(DATA_ORDER_IS_BIG_ENDIAN)

-#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2

-#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER

-#    endif

-#  endif

-#elif defined(L_ENDIAN)

-#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)

-#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2

-#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER

-#    endif

-#  endif

-#endif

-#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)

-#ifndef HASH_BLOCK_DATA_ORDER

-#error "HASH_BLOCK_DATA_ORDER must be defined!"

-#endif

-#endif

-#if defined(DATA_ORDER_IS_BIG_ENDIAN)

-#ifndef PEDANTIC

-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)

-#  if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \

-      (defined(__x86_64) || defined(__x86_64__))

-    /*

-     * This gives ~30-40% performance improvement in SHA-256 compiled

-     * with gcc [on P4]. Well, first macro to be frank. We can pull

-     * this trick on x86* platforms only, because these CPUs can fetch

-     * unaligned data without raising an exception.

-     */

-#   define HOST_c2l(c,l)	({ unsigned int r=*((const unsigned int *)(c));	\

-				   asm ("bswapl %0":"=r"(r):"0"(r));	\

-				   (c)+=4; (l)=r;			})

-#   define HOST_l2c(l,c)	({ unsigned int r=(l);			\

-				   asm ("bswapl %0":"=r"(r):"0"(r));	\

-				   *((unsigned int *)(c))=r; (c)+=4; r;	})

-#  endif

-# endif

-#endif

-#ifndef HOST_c2l

-#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))<<24),		\

-			 l|=(((unsigned long)(*((c)++)))<<16),		\

-			 l|=(((unsigned long)(*((c)++)))<< 8),		\

-			 l|=(((unsigned long)(*((c)++)))    ),		\

-			 l)

-#endif

-#define HOST_p_c2l(c,l,n)	{					\

-			switch (n) {					\

-			case 0: l =((unsigned long)(*((c)++)))<<24;	\

-			case 1: l|=((unsigned long)(*((c)++)))<<16;	\

-			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\

-			case 3: l|=((unsigned long)(*((c)++)));		\

-				} }

-#define HOST_p_c2l_p(c,l,sc,len) {					\

-			switch (sc) {					\

-			case 0: l =((unsigned long)(*((c)++)))<<24;	\

-				if (--len == 0) break;			\

-			case 1: l|=((unsigned long)(*((c)++)))<<16;	\

-				if (--len == 0) break;			\

-			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\

-				} }

-/* NOTE the pointer is not incremented at the end of this */

-#define HOST_c2l_p(c,l,n)	{					\

-			l=0; (c)+=n;					\

-			switch (n) {					\

-			case 3: l =((unsigned long)(*(--(c))))<< 8;	\

-			case 2: l|=((unsigned long)(*(--(c))))<<16;	\

-			case 1: l|=((unsigned long)(*(--(c))))<<24;	\

-				} }

-#ifndef HOST_l2c

-#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff),	\

-			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\

-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\

-			 *((c)++)=(unsigned char)(((l)    )&0xff),	\

-			 l)

-#endif

-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

-#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)

-# ifndef B_ENDIAN

-   /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */

-#  define HOST_c2l(c,l)	((l)=*((const unsigned int *)(c)), (c)+=4, l)

-#  define HOST_l2c(l,c)	(*((unsigned int *)(c))=(l), (c)+=4, l)

-# endif

-#endif

-#ifndef HOST_c2l

-#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ),		\

-			 l|=(((unsigned long)(*((c)++)))<< 8),		\

-			 l|=(((unsigned long)(*((c)++)))<<16),		\

-			 l|=(((unsigned long)(*((c)++)))<<24),		\

-			 l)

-#endif

-#define HOST_p_c2l(c,l,n)	{					\

-			switch (n) {					\

-			case 0: l =((unsigned long)(*((c)++)));		\

-			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\

-			case 2: l|=((unsigned long)(*((c)++)))<<16;	\

-			case 3: l|=((unsigned long)(*((c)++)))<<24;	\

-				} }

-#define HOST_p_c2l_p(c,l,sc,len) {					\

-			switch (sc) {					\

-			case 0: l =((unsigned long)(*((c)++)));		\

-				if (--len == 0) break;			\

-			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\

-				if (--len == 0) break;			\

-			case 2: l|=((unsigned long)(*((c)++)))<<16;	\

-				} }

-/* NOTE the pointer is not incremented at the end of this */

-#define HOST_c2l_p(c,l,n)	{					\

-			l=0; (c)+=n;					\

-			switch (n) {					\

-			case 3: l =((unsigned long)(*(--(c))))<<16;	\

-			case 2: l|=((unsigned long)(*(--(c))))<< 8;	\

-			case 1: l|=((unsigned long)(*(--(c))));		\

-				} }

-#ifndef HOST_l2c

-#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff),	\

-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\

-			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\

-			 *((c)++)=(unsigned char)(((l)>>24)&0xff),	\

-			 l)

-#endif

-#endif

-/*

- * Time for some action:-)

- */

-int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)

-	{

-	const unsigned char *data=data_;

-	register HASH_LONG * p;

-	register HASH_LONG l;

-	size_t sw,sc,ew,ec;

-	if (len==0) return 1;

-	l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;

-	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to

-	 * Wei Dai <[email protected]> for pointing it out. */

-	if (l < c->Nl) /* overflow */

-		c->Nh++;

-	c->Nh+=(len>>29);	/* might cause compiler warning on 16-bit */

-	c->Nl=l;

-	if (c->num != 0)

-		{

-		p=c->data;

-		sw=c->num>>2;

-		sc=c->num&0x03;

-		if ((c->num+len) >= HASH_CBLOCK)

-			{

-			l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;

-			for (; sw<HASH_LBLOCK; sw++)

-				{

-				HOST_c2l(data,l); p[sw]=l;

-				}

-			HASH_BLOCK_HOST_ORDER (c,p,1);

-			len-=(HASH_CBLOCK-c->num);

-			c->num=0;

-			/* drop through and do the rest */

-			}

-		else

-			{

-			c->num+=(unsigned int)len;

-			if ((sc+len) < 4) /* ugly, add char's to a word */

-				{

-				l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;

-				}

-			else

-				{

-				ew=(c->num>>2);

-				ec=(c->num&0x03);

-				if (sc)

-					l=p[sw];

-				HOST_p_c2l(data,l,sc);

-				p[sw++]=l;

-				for (; sw < ew; sw++)

-					{

-					HOST_c2l(data,l); p[sw]=l;

-					}

-				if (ec)

-					{

-					HOST_c2l_p(data,l,ec); p[sw]=l;

-					}

-				}

-			return 1;

-			}

-		}

-	sw=len/HASH_CBLOCK;

-	if (sw > 0)

-		{

-#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)

-		/*

-		 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined

-		 * only if sizeof(HASH_LONG)==4.

-		 */

-		if ((((size_t)data)%4) == 0)

-			{

-			/* data is properly aligned so that we can cast it: */

-			HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw);

-			sw*=HASH_CBLOCK;

-			data+=sw;

-			len-=sw;

-			}

-		else

-#if !defined(HASH_BLOCK_DATA_ORDER)

-			while (sw--)

-				{

-				memcpy (p=c->data,data,HASH_CBLOCK);

-				HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);

-				data+=HASH_CBLOCK;

-				len-=HASH_CBLOCK;

-				}

-#endif

-#endif

-#if defined(HASH_BLOCK_DATA_ORDER)

-			{

-			HASH_BLOCK_DATA_ORDER(c,data,sw);

-			sw*=HASH_CBLOCK;

-			data+=sw;

-			len-=sw;

-			}

-#endif

-		}

-	if (len!=0)

-		{

-		p = c->data;

-		c->num = len;

-		ew=len>>2;	/* words to copy */

-		ec=len&0x03;

-		for (; ew; ew--,p++)

-			{

-			HOST_c2l(data,l); *p=l;

-			}

-		HOST_c2l_p(data,l,ec);

-		*p=l;

-		}

-	return 1;

-	}

-void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)

-	{

-#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)

-	if ((((size_t)data)%4) == 0)

-		/* data is properly aligned so that we can cast it: */

-		HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1);

-	else

-#if !defined(HASH_BLOCK_DATA_ORDER)

-		{

-		memcpy (c->data,data,HASH_CBLOCK);

-		HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);

-		}

-#endif

-#endif

-#if defined(HASH_BLOCK_DATA_ORDER)

-	HASH_BLOCK_DATA_ORDER (c,data,1);

-#endif

-	}

-int HASH_FINAL (unsigned char *md, HASH_CTX *c)

-	{

-	register HASH_LONG *p;

-	register unsigned long l;

-	register int i,j;

-	static const unsigned char end[4]={0x80,0x00,0x00,0x00};

-	const unsigned char *cp=end;

-	/* c->num should definitly have room for at least one more byte. */

-	p=c->data;

-	i=c->num>>2;

-	j=c->num&0x03;

-#if 0

-	/* purify often complains about the following line as an

-	 * Uninitialized Memory Read.  While this can be true, the

-	 * following p_c2l macro will reset l when that case is true.

-	 * This is because j&0x03 contains the number of 'valid' bytes

-	 * already in p[i].  If and only if j&0x03 == 0, the UMR will

-	 * occur but this is also the only time p_c2l will do

-	 * l= *(cp++) instead of l|= *(cp++)

-	 * Many thanks to Alex Tang <[email protected]> for pickup this

-	 * 'potential bug' */

-#ifdef PURIFY

-	if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */

-#endif

-	l=p[i];

-#else

-	l = (j==0) ? 0 : p[i];

-#endif

-	HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */

-	if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */

-		{

-		if (i<HASH_LBLOCK) p[i]=0;

-		HASH_BLOCK_HOST_ORDER (c,p,1);

-		i=0;

-		}

-	for (; i<(HASH_LBLOCK-2); i++)

-		p[i]=0;

-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)

-	p[HASH_LBLOCK-2]=c->Nh;

-	p[HASH_LBLOCK-1]=c->Nl;

-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

-	p[HASH_LBLOCK-2]=c->Nl;

-	p[HASH_LBLOCK-1]=c->Nh;

-#endif

-	HASH_BLOCK_HOST_ORDER (c,p,1);

-#ifndef HASH_MAKE_STRING

-#error "HASH_MAKE_STRING must be defined!"

-#else

-	HASH_MAKE_STRING(c,md);

-#endif

-	c->num=0;

-	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack

-	 * but I'm not worried :-)

-	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));

-	 */

-	return 1;

-	}

-#ifndef MD32_REG_T

-#define MD32_REG_T long

-/*

- * This comment was originaly written for MD5, which is why it

- * discusses A-D. But it basically applies to all 32-bit digests,

- * which is why it was moved to common header file.

- *

- * In case you wonder why A-D are declared as long and not

- * as MD5_LONG. Doing so results in slight performance

- * boost on LP64 architectures. The catch is we don't

- * really care if 32 MSBs of a 64-bit register get polluted

- * with eventual overflows as we *save* only 32 LSBs in

- * *either* case. Now declaring 'em long excuses the compiler

- * from keeping 32 MSBs zeroed resulting in 13% performance

- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.

- * Well, to be honest it should say that this *prevents*

- * performance degradation.

- *				<[email protected]>

- * Apparently there're LP64 compilers that generate better

- * code if A-D are declared int. Most notably GCC-x86_64

- * generates better code.

- *				<[email protected]>

- */

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md4/Makefile

+++ /dev/null

@@ -1,86 +1,0 @@

-#

-# OpenSSL/crypto/md4/Makefile

-#

-DIR=    md4

-TOP=    ../..

-CC=     cc

-CPP=    $(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=       Makefile

-AR=             ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=md4test.c

-APPS=md4.c

-LIB=$(TOP)/libcrypto.a

-LIBSRC=md4_dgst.c md4_one.c

-LIBOBJ=md4_dgst.o md4_one.o

-SRC= $(LIBSRC)

-EXHEADER= md4.h

-HEADER= md4_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:    lib

-lib:    $(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h

-md4_dgst.o: ../../include/openssl/opensslconf.h

-md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c

-md4_dgst.o: md4_locl.h

-md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h

-md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-md4_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-md4_one.o: ../../include/openssl/symhacks.h md4_one.c

--- a/sys/src/ape/lib/openssl/crypto/md4/md4.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/md4/md4.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/md4.h>

-#define BUFSIZE	1024*16

-void do_fp(FILE *f);

-void pt(unsigned char *md);

-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)

-int read(int, void *, unsigned int);

-#endif

-int main(int argc, char **argv)

-	{

-	int i,err=0;

-	FILE *IN;

-	if (argc == 1)

-		{

-		do_fp(stdin);

-		}

-	else

-		{

-		for (i=1; i<argc; i++)

-			{

-			IN=fopen(argv[i],"r");

-			if (IN == NULL)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			printf("MD4(%s)= ",argv[i]);

-			do_fp(IN);

-			fclose(IN);

-			}

-		}

-	exit(err);

-	}

-void do_fp(FILE *f)

-	{

-	MD4_CTX c;

-	unsigned char md[MD4_DIGEST_LENGTH];

-	int fd;

-	int i;

-	static unsigned char buf[BUFSIZE];

-	fd=fileno(f);

-	MD4_Init(&c);

-	for (;;)

-		{

-		i=read(fd,buf,sizeof buf);

-		if (i <= 0) break;

-		MD4_Update(&c,buf,(unsigned long)i);

-		}

-	MD4_Final(&(md[0]),&c);

-	pt(md);

-	}

-void pt(unsigned char *md)

-	{

-	int i;

-	for (i=0; i<MD4_DIGEST_LENGTH; i++)

-		printf("%02x",md[i]);

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/md4/md4.h

+++ /dev/null

@@ -1,117 +1,0 @@

-/* crypto/md4/md4.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MD4_H

-#define HEADER_MD4_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_MD4

-#error MD4 is disabled.

-#endif

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! MD4_LONG_LOG2 has to be defined along.			   !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define MD4_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define MD4_LONG unsigned long

-#define MD4_LONG_LOG2 3

-/*

- * _CRAY note. I could declare short, but I have no idea what impact

- * does it have on performance on none-T3E machines. I could declare

- * int, but at least on C90 sizeof(int) can be chosen at compile time.

- * So I've chosen long...

- *					<[email protected]>

- */

-#else

-#define MD4_LONG unsigned int

-#endif

-#define MD4_CBLOCK	64

-#define MD4_LBLOCK	(MD4_CBLOCK/4)

-#define MD4_DIGEST_LENGTH 16

-typedef struct MD4state_st

-	{

-	MD4_LONG A,B,C,D;

-	MD4_LONG Nl,Nh;

-	MD4_LONG data[MD4_LBLOCK];

-	unsigned int num;

-	} MD4_CTX;

-int MD4_Init(MD4_CTX *c);

-int MD4_Update(MD4_CTX *c, const void *data, size_t len);

-int MD4_Final(unsigned char *md, MD4_CTX *c);

-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);

-void MD4_Transform(MD4_CTX *c, const unsigned char *b);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md4/md4_dgst.c

+++ /dev/null

@@ -1,258 +1,0 @@

-/* crypto/md4/md4_dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "md4_locl.h"

-#include <openssl/opensslv.h>

-const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;

-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm

- */

-#define INIT_DATA_A (unsigned long)0x67452301L

-#define INIT_DATA_B (unsigned long)0xefcdab89L

-#define INIT_DATA_C (unsigned long)0x98badcfeL

-#define INIT_DATA_D (unsigned long)0x10325476L

-int MD4_Init(MD4_CTX *c)

-	{

-	c->A=INIT_DATA_A;

-	c->B=INIT_DATA_B;

-	c->C=INIT_DATA_C;

-	c->D=INIT_DATA_D;

-	c->Nl=0;

-	c->Nh=0;

-	c->num=0;

-	return 1;

-	}

-#ifndef md4_block_host_order

-void md4_block_host_order (MD4_CTX *c, const void *data, size_t num)

-	{

-	const MD4_LONG *X=data;

-	register unsigned MD32_REG_T A,B,C,D;

-	A=c->A;

-	B=c->B;

-	C=c->C;

-	D=c->D;

-	for (;num--;X+=HASH_LBLOCK)

-		{

-	/* Round 0 */

-	R0(A,B,C,D,X[ 0], 3,0);

-	R0(D,A,B,C,X[ 1], 7,0);

-	R0(C,D,A,B,X[ 2],11,0);

-	R0(B,C,D,A,X[ 3],19,0);

-	R0(A,B,C,D,X[ 4], 3,0);

-	R0(D,A,B,C,X[ 5], 7,0);

-	R0(C,D,A,B,X[ 6],11,0);

-	R0(B,C,D,A,X[ 7],19,0);

-	R0(A,B,C,D,X[ 8], 3,0);

-	R0(D,A,B,C,X[ 9], 7,0);

-	R0(C,D,A,B,X[10],11,0);

-	R0(B,C,D,A,X[11],19,0);

-	R0(A,B,C,D,X[12], 3,0);

-	R0(D,A,B,C,X[13], 7,0);

-	R0(C,D,A,B,X[14],11,0);

-	R0(B,C,D,A,X[15],19,0);

-	/* Round 1 */

-	R1(A,B,C,D,X[ 0], 3,0x5A827999L);

-	R1(D,A,B,C,X[ 4], 5,0x5A827999L);

-	R1(C,D,A,B,X[ 8], 9,0x5A827999L);

-	R1(B,C,D,A,X[12],13,0x5A827999L);

-	R1(A,B,C,D,X[ 1], 3,0x5A827999L);

-	R1(D,A,B,C,X[ 5], 5,0x5A827999L);

-	R1(C,D,A,B,X[ 9], 9,0x5A827999L);

-	R1(B,C,D,A,X[13],13,0x5A827999L);

-	R1(A,B,C,D,X[ 2], 3,0x5A827999L);

-	R1(D,A,B,C,X[ 6], 5,0x5A827999L);

-	R1(C,D,A,B,X[10], 9,0x5A827999L);

-	R1(B,C,D,A,X[14],13,0x5A827999L);

-	R1(A,B,C,D,X[ 3], 3,0x5A827999L);

-	R1(D,A,B,C,X[ 7], 5,0x5A827999L);

-	R1(C,D,A,B,X[11], 9,0x5A827999L);

-	R1(B,C,D,A,X[15],13,0x5A827999L);

-	/* Round 2 */

-	R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);

-	R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);

-	R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);

-	R2(B,C,D,A,X[12],15,0x6ED9EBA1);

-	R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);

-	R2(D,A,B,C,X[10], 9,0x6ED9EBA1);

-	R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);

-	R2(B,C,D,A,X[14],15,0x6ED9EBA1);

-	R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);

-	R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);

-	R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);

-	R2(B,C,D,A,X[13],15,0x6ED9EBA1);

-	R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);

-	R2(D,A,B,C,X[11], 9,0x6ED9EBA1);

-	R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);

-	R2(B,C,D,A,X[15],15,0x6ED9EBA1);

-	A = c->A += A;

-	B = c->B += B;

-	C = c->C += C;

-	D = c->D += D;

-		}

-	}

-#endif

-#ifndef md4_block_data_order

-#ifdef X

-#undef X

-#endif

-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)

-	{

-	const unsigned char *data=data_;

-	register unsigned MD32_REG_T A,B,C,D,l;

-#ifndef MD32_XARRAY

-	/* See comment in crypto/sha/sha_locl.h for details. */

-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,

-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;

-# define X(i)	XX##i

-#else

-	MD4_LONG XX[MD4_LBLOCK];

-# define X(i)	XX[i]

-#endif

-	A=c->A;

-	B=c->B;

-	C=c->C;

-	D=c->D;

-	for (;num--;)

-		{

-	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;

-	/* Round 0 */

-	R0(A,B,C,D,X( 0), 3,0);	HOST_c2l(data,l); X( 2)=l;

-	R0(D,A,B,C,X( 1), 7,0);	HOST_c2l(data,l); X( 3)=l;

-	R0(C,D,A,B,X( 2),11,0);	HOST_c2l(data,l); X( 4)=l;

-	R0(B,C,D,A,X( 3),19,0);	HOST_c2l(data,l); X( 5)=l;

-	R0(A,B,C,D,X( 4), 3,0);	HOST_c2l(data,l); X( 6)=l;

-	R0(D,A,B,C,X( 5), 7,0);	HOST_c2l(data,l); X( 7)=l;

-	R0(C,D,A,B,X( 6),11,0);	HOST_c2l(data,l); X( 8)=l;

-	R0(B,C,D,A,X( 7),19,0);	HOST_c2l(data,l); X( 9)=l;

-	R0(A,B,C,D,X( 8), 3,0);	HOST_c2l(data,l); X(10)=l;

-	R0(D,A,B,C,X( 9), 7,0);	HOST_c2l(data,l); X(11)=l;

-	R0(C,D,A,B,X(10),11,0);	HOST_c2l(data,l); X(12)=l;

-	R0(B,C,D,A,X(11),19,0);	HOST_c2l(data,l); X(13)=l;

-	R0(A,B,C,D,X(12), 3,0);	HOST_c2l(data,l); X(14)=l;

-	R0(D,A,B,C,X(13), 7,0);	HOST_c2l(data,l); X(15)=l;

-	R0(C,D,A,B,X(14),11,0);

-	R0(B,C,D,A,X(15),19,0);

-	/* Round 1 */

-	R1(A,B,C,D,X( 0), 3,0x5A827999L);

-	R1(D,A,B,C,X( 4), 5,0x5A827999L);

-	R1(C,D,A,B,X( 8), 9,0x5A827999L);

-	R1(B,C,D,A,X(12),13,0x5A827999L);

-	R1(A,B,C,D,X( 1), 3,0x5A827999L);

-	R1(D,A,B,C,X( 5), 5,0x5A827999L);

-	R1(C,D,A,B,X( 9), 9,0x5A827999L);

-	R1(B,C,D,A,X(13),13,0x5A827999L);

-	R1(A,B,C,D,X( 2), 3,0x5A827999L);

-	R1(D,A,B,C,X( 6), 5,0x5A827999L);

-	R1(C,D,A,B,X(10), 9,0x5A827999L);

-	R1(B,C,D,A,X(14),13,0x5A827999L);

-	R1(A,B,C,D,X( 3), 3,0x5A827999L);

-	R1(D,A,B,C,X( 7), 5,0x5A827999L);

-	R1(C,D,A,B,X(11), 9,0x5A827999L);

-	R1(B,C,D,A,X(15),13,0x5A827999L);

-	/* Round 2 */

-	R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);

-	R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);

-	R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);

-	R2(B,C,D,A,X(12),15,0x6ED9EBA1L);

-	R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);

-	R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);

-	R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);

-	R2(B,C,D,A,X(14),15,0x6ED9EBA1L);

-	R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);

-	R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);

-	R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);

-	R2(B,C,D,A,X(13),15,0x6ED9EBA1L);

-	R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);

-	R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);

-	R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);

-	R2(B,C,D,A,X(15),15,0x6ED9EBA1L);

-	A = c->A += A;

-	B = c->B += B;

-	C = c->C += C;

-	D = c->D += D;

-		}

-	}

-#endif

-#ifdef undef

-int printit(unsigned long *l)

-	{

-	int i,ii;

-	for (i=0; i<2; i++)

-		{

-		for (ii=0; ii<8; ii++)

-			{

-			fprintf(stderr,"%08lx ",l[i*8+ii]);

-			}

-		fprintf(stderr,"\n");

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md4/md4_locl.h

+++ /dev/null

@@ -1,156 +1,0 @@

-/* crypto/md4/md4_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/opensslconf.h>

-#include <openssl/md4.h>

-#ifndef MD4_LONG_LOG2

-#define MD4_LONG_LOG2 2 /* default to 32 bits */

-#endif

-void md4_block_host_order (MD4_CTX *c, const void *p,size_t num);

-void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);

-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)

-# if !defined(B_ENDIAN)

-/*

- * *_block_host_order is expected to handle aligned data while

- * *_block_data_order - unaligned. As algorithm and host (x86)

- * are in this case of the same "endianness" these two are

- * otherwise indistinguishable. But normally you don't want to

- * call the same function because unaligned access in places

- * where alignment is expected is usually a "Bad Thing". Indeed,

- * on RISCs you get punished with BUS ERROR signal or *severe*

- * performance degradation. Intel CPUs are in turn perfectly

- * capable of loading unaligned data without such drastic side

- * effect. Yes, they say it's slower than aligned load, but no

- * exception is generated and therefore performance degradation

- * is *incomparable* with RISCs. What we should weight here is

- * costs of unaligned access against costs of aligning data.

- * According to my measurements allowing unaligned access results

- * in ~9% performance improvement on Pentium II operating at

- * 266MHz. I won't be surprised if the difference will be higher

- * on faster systems:-)

- *

- *				<[email protected]>

- */

-# define md4_block_data_order md4_block_host_order

-# endif

-#endif

-#define DATA_ORDER_IS_LITTLE_ENDIAN

-#define HASH_LONG		MD4_LONG

-#define HASH_LONG_LOG2		MD4_LONG_LOG2

-#define HASH_CTX		MD4_CTX

-#define HASH_CBLOCK		MD4_CBLOCK

-#define HASH_LBLOCK		MD4_LBLOCK

-#define HASH_UPDATE		MD4_Update

-#define HASH_TRANSFORM		MD4_Transform

-#define HASH_FINAL		MD4_Final

-#define	HASH_MAKE_STRING(c,s)	do {	\

-	unsigned long ll;		\

-	ll=(c)->A; HOST_l2c(ll,(s));	\

-	ll=(c)->B; HOST_l2c(ll,(s));	\

-	ll=(c)->C; HOST_l2c(ll,(s));	\

-	ll=(c)->D; HOST_l2c(ll,(s));	\

-	} while (0)

-#define HASH_BLOCK_HOST_ORDER	md4_block_host_order

-#if !defined(L_ENDIAN) || defined(md4_block_data_order)

-#define	HASH_BLOCK_DATA_ORDER	md4_block_data_order

-/*

- * Little-endians (Intel and Alpha) feel better without this.

- * It looks like memcpy does better job than generic

- * md4_block_data_order on copying-n-aligning input data.

- * But frankly speaking I didn't expect such result on Alpha.

- * On the other hand I've got this with egcs-1.0.2 and if

- * program is compiled with another (better?) compiler it

- * might turn out other way around.

- *

- *				<[email protected]>

- */

-#endif

-#include "md32_common.h"

-/*

-#define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))

-#define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))

-*/

-/* As pointed out by Wei Dai <[email protected]>, the above can be

- * simplified to the code below.  Wei attributes these optimizations

- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.

- */

-#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))

-#define G(b,c,d)	(((b) & (c)) | ((b) & (d)) | ((c) & (d)))

-#define	H(b,c,d)	((b) ^ (c) ^ (d))

-#define R0(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+F((b),(c),(d))); \

-	a=ROTATE(a,s); };

-#define R1(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+G((b),(c),(d))); \

-	a=ROTATE(a,s); };\

-#define R2(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+H((b),(c),(d))); \

-	a=ROTATE(a,s); };

--- a/sys/src/ape/lib/openssl/crypto/md4/md4_one.c

+++ /dev/null

@@ -1,97 +1,0 @@

-/* crypto/md4/md4_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/md4.h>

-#include <openssl/crypto.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	MD4_CTX c;

-	static unsigned char m[MD4_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!MD4_Init(&c))

-		return NULL;

-#ifndef CHARSET_EBCDIC

-	MD4_Update(&c,d,n);

-#else

-	{

-		char temp[1024];

-		unsigned long chunk;

-		while (n > 0)

-		{

-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;

-			ebcdic2ascii(temp, d, chunk);

-			MD4_Update(&c,temp,chunk);

-			n -= chunk;

-			d += chunk;

-		}

-	}

-#endif

-	MD4_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */

-	return(md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/md4/md4s.cpp

+++ /dev/null

@@ -1,78 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/md4.h>

-extern "C" {

-void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);

-}

-void main(int argc,char *argv[])

-	{

-	unsigned char buffer[64*256];

-	MD4_CTX ctx;

-	unsigned long s1,s2,e1,e2;

-	unsigned char k[16];

-	unsigned long data[2];

-	unsigned char iv[8];

-	int i,num=0,numm;

-	int j=0;

-	if (argc >= 2)

-		num=atoi(argv[1]);

-	if (num == 0) num=16;

-	if (num > 250) num=16;

-	numm=num+2;

-	num*=64;

-	numm*=64;

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<10; i++) /**/

-			{

-			md4_block_x86(&ctx,buffer,numm);

-			GetTSC(s1);

-			md4_block_x86(&ctx,buffer,numm);

-			GetTSC(e1);

-			GetTSC(s2);

-			md4_block_x86(&ctx,buffer,num);

-			GetTSC(e2);

-			md4_block_x86(&ctx,buffer,num);

-			}

-		printf("md4 (%d bytes) %d %d (%.2f)\n",num,

-			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/md4/md4test.c

+++ /dev/null

@@ -1,136 +1,0 @@

-/* crypto/md4/md4test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_MD4

-int main(int argc, char *argv[])

-{

-    printf("No MD4 support\n");

-    return(0);

-}

-#else

-#include <openssl/evp.h>

-#include <openssl/md4.h>

-static char *test[]={

-	"",

-	"a",

-	"abc",

-	"message digest",

-	"abcdefghijklmnopqrstuvwxyz",

-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",

-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",

-	NULL,

-	};

-static char *ret[]={

-"31d6cfe0d16ae931b73c59d7e0c089c0",

-"bde52cb31de33e46245e05fbdbd6fb24",

-"a448017aaf21d8525fc10ae87aa6729d",

-"d9130a8164549fe818874806e1c7014b",

-"d79e1c308aa5bbcdeea8ed63df412da9",

-"043f8582f241db351ce627e153e7f0e4",

-"e33b4ddc9c38f2199c3e7b164fcc0536",

-};

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	char **P,**R;

-	char *p;

-	unsigned char md[MD4_DIGEST_LENGTH];

-	P=test;

-	R=ret;

-	i=1;

-	while (*P != NULL)

-		{

-		EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);

-		p=pt(md);

-		if (strcmp(p,(char *)*R) != 0)

-			{

-			printf("error calculating MD4 on '%s'\n",*P);

-			printf("got %s instead of %s\n",p,*R);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		i++;

-		R++;

-		P++;

-		}

-	EXIT(err);

-	return(0);

-	}

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<MD4_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md5/Makefile

+++ /dev/null

@@ -1,120 +1,0 @@

-#

-# OpenSSL/crypto/md5/Makefile

-#

-DIR=    md5

-TOP=    ../..

-CC=     cc

-CPP=    $(CC) -E

-INCLUDES=-I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=       Makefile

-AR=             ar r

-MD5_ASM_OBJ=

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=md5test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=md5_dgst.c md5_one.c

-LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)

-SRC= $(LIBSRC)

-EXHEADER= md5.h

-HEADER= md5_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:    lib

-lib:    $(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@)

-# COFF

-mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@)

-# a.out

-mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@)

-md5-sparcv8plus.o: asm/md5-sparcv9.S

-	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \

-		-o md5-sparcv8plus.o asm/md5-sparcv9.S

-# Old GNU assembler doesn't understand V9 instructions, so we

-# hire /usr/ccs/bin/as to do the job. Note that option is called

-# *-gcc27, but even gcc 2>=8 users may experience similar problem

-# if they didn't bother to upgrade GNU assembler. Such users should

-# not choose this option, but be adviced to *remove* GNU assembler

-# or upgrade it.

-md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S

-	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \

-		/usr/ccs/bin/as -xarch=v8plus - -o md5-sparcv8plus-gcc27.o

-md5-sparcv9.o: asm/md5-sparcv9.S

-	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \

-		-o md5-sparcv9.o asm/md5-sparcv9.S

-md5-x86_64.s:	asm/md5-x86_64.pl;	$(PERL) asm/md5-x86_64.pl $@

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h

-md5_dgst.o: ../../include/openssl/opensslconf.h

-md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c

-md5_dgst.o: md5_locl.h

-md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h

-md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-md5_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-md5_one.o: ../../include/openssl/symhacks.h md5_one.c

--- a/sys/src/ape/lib/openssl/crypto/md5/asm/md5-586.pl

+++ /dev/null

@@ -1,306 +1,0 @@

-#!/usr/local/bin/perl

-# Normal is the

-# md5_block_x86(MD5_CTX *c, ULONG *X);

-# version, non-normal is the

-# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);

-$normal=0;

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],$0);

-$A="eax";

-$B="ebx";

-$C="ecx";

-$D="edx";

-$tmp1="edi";

-$tmp2="ebp";

-$X="esi";

-# What we need to load into $tmp for the next round

-%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));

-@xo=(

- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,	# R0

- 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,	# R1

- 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,	# R2

- 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3

- );

-&md5_block("md5_block_asm_host_order");

-&asm_finish();

-sub Np

-	{

-	local($p)=@_;

-	local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);

-	return($n{$p});

-	}

-sub R0

-	{

-	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;

-	&mov($tmp1,$C)  if $pos < 0;

-	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one

-	# body proper

-	&comment("R0 $ki");

-	&xor($tmp1,$d); # F function - part 2

-	&and($tmp1,$b); # F function - part 3

-	&lea($a,&DWP($t,$a,$tmp2,1));

-	&xor($tmp1,$d); # F function - part 4

-	&add($a,$tmp1);

-	&mov($tmp1,&Np($c)) if $pos < 1;	# next tmp1 for R0

-	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1

-	&rotl($a,$s);

-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);

-	&add($a,$b);

-	}

-sub R1

-	{

-	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;

-	&comment("R1 $ki");

-	&lea($a,&DWP($t,$a,$tmp2,1));

-	&xor($tmp1,$b); # G function - part 2

-	&and($tmp1,$d); # G function - part 3

-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);

-	&xor($tmp1,$c);			# G function - part 4

-	&add($a,$tmp1);

-	&mov($tmp1,&Np($c)) if $pos < 1;	# G function - part 1

-	&mov($tmp1,&Np($c)) if $pos == 1;	# G function - part 1

-	&rotl($a,$s);

-	&add($a,$b);

-	}

-sub R2

-	{

-	local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;

-	# This one is different, only 3 logical operations

-if (($n & 1) == 0)

-	{

-	&comment("R2 $ki");

-	# make sure to do 'D' first, not 'B', else we clash with

-	# the last add from the previous round.

-	&xor($tmp1,$d); # H function - part 2

-	&xor($tmp1,$b); # H function - part 3

-	&lea($a,&DWP($t,$a,$tmp2,1));

-	&add($a,$tmp1);

-	&rotl($a,$s);

-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));

-	&mov($tmp1,&Np($c));

-	}

-else

-	{

-	&comment("R2 $ki");

-	# make sure to do 'D' first, not 'B', else we clash with

-	# the last add from the previous round.

-	&lea($a,&DWP($t,$a,$tmp2,1));

-	&add($b,$c);			# MOVED FORWARD

-	&xor($tmp1,$d); # H function - part 2

-	&xor($tmp1,$b); # H function - part 3

-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);

-	&add($a,$tmp1);

-	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1

-	&mov($tmp1,-1) if $pos == 1;		# I function - part 1

-	&rotl($a,$s);

-	&add($a,$b);

-	}

-	}

-sub R3

-	{

-	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;

-	&comment("R3 $ki");

-	# &not($tmp1)

-	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2

-	&or($tmp1,$b);				# I function - part 3

-	&lea($a,&DWP($t,$a,$tmp2,1));

-	&xor($tmp1,$c); 			# I function - part 4

-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value

-	&mov($tmp2,&wparam(0)) if $pos == 2;

-	&add($a,$tmp1);

-	&mov($tmp1,-1) if $pos < 1;	# H function - part 1

-	&add($K,64) if $pos >=1 && !$normal;

-	&rotl($a,$s);

-	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time

-	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;

-	&add($a,$b);

-	}

-sub md5_block

-	{

-	local($name)=@_;

-	&function_begin_B($name,"",3);

-	# parameter 1 is the MD5_CTX structure.

-	# A	0

-	# B	4

-	# C	8

-	# D 	12

-	&push("esi");

-	 &push("edi");

-	&mov($tmp1,	&wparam(0)); # edi

-	 &mov($X,	&wparam(1)); # esi

-	&mov($C,	&wparam(2));

-	 &push("ebp");

-	&shl($C,	6);

-	&push("ebx");

-	 &add($C,	$X); # offset we end at

-	&sub($C,	64);

-	 &mov($A,	&DWP( 0,$tmp1,"",0));

-	&push($C);	# Put on the TOS

-	 &mov($B,	&DWP( 4,$tmp1,"",0));

-	&mov($C,	&DWP( 8,$tmp1,"",0));

-	 &mov($D,	&DWP(12,$tmp1,"",0));

-	&set_label("start") unless $normal;

-	&comment("");

-	&comment("R0 section");

-	&R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);

-	&R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);

-	&R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);

-	&R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);

-	&R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);

-	&R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);

-	&R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);

-	&R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);

-	&R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);

-	&R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);

-	&R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);

-	&R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);

-	&R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);

-	&R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);

-	&R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);

-	&R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);

-	&comment("");

-	&comment("R1 section");

-	&R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);

-	&R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);

-	&R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);

-	&R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);

-	&R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);

-	&R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);

-	&R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);

-	&R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);

-	&R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);

-	&R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);

-	&R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);

-	&R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);

-	&R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);

-	&R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);

-	&R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);

-	&R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);

-	&comment("");

-	&comment("R2 section");

-	&R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);

-	&R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);

-	&R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);

-	&R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);

-	&R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);

-	&R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);

-	&R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);

-	&R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);

-	&R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);

-	&R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);

-	&R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);

-	&R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);

-	&R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);

-	&R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);

-	&R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);

-	&R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);

-	&comment("");

-	&comment("R3 section");

-	&R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);

-	&R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);

-	&R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);

-	&R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);

-	&R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);

-	&R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);

-	&R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);

-	&R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);

-	&R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);

-	&R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);

-	&R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);

-	&R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);

-	&R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);

-	&R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);

-	&R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);

-	&R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);

-	# &mov($tmp2,&wparam(0));	# done in the last R3

-	# &mov($tmp1,	&DWP( 0,$tmp2,"",0)); # done is the last R3

-	&add($A,$tmp1);

-	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));

-	&add($B,$tmp1);

-	&mov($tmp1,	&DWP( 8,$tmp2,"",0));

-	&add($C,$tmp1);

-	&mov($tmp1,	&DWP(12,$tmp2,"",0));

-	&add($D,$tmp1);

-	&mov(&DWP( 0,$tmp2,"",0),$A);

-	&mov(&DWP( 4,$tmp2,"",0),$B);

-	&mov($tmp1,&swtmp(0)) unless $normal;

-	&mov(&DWP( 8,$tmp2,"",0),$C);

-	 &mov(&DWP(12,$tmp2,"",0),$D);

-	&cmp($tmp1,$X) unless $normal;			# check count

-	 &jae(&label("start")) unless $normal;

-	&pop("eax"); # pop the temp variable off the stack

-	 &pop("ebx");

-	&pop("ebp");

-	 &pop("edi");

-	&pop("esi");

-	 &ret();

-	&function_end_B($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/md5/asm/md5-sparcv9.S

+++ /dev/null

@@ -1,1031 +1,0 @@

-.ident	"md5-sparcv9.S, Version 1.0"

-.ident	"SPARC V9 ISA artwork by Andy Polyakov <[email protected]>"

-.file	"md5-sparcv9.S"

-/*

- * ====================================================================

- * Copyright (c) 1999 Andy Polyakov <[email protected]>.

- *

- * Rights for redistribution and usage in source and binary forms are

- * granted as long as above copyright notices are retained. Warranty

- * of any kind is (of course:-) disclaimed.

- * ====================================================================

- */

-/*

- * This is my modest contribution to OpenSSL project (see

- * http://www.openssl.org/ for more information about it) and is an

- * assembler implementation of MD5 block hash function. I've hand-coded

- * this for the sole reason to reach UltraSPARC-specific "load in

- * little-endian byte order" instruction. This gives up to 15%

- * performance improvement for cases when input message is aligned at

- * 32 bits boundary. The module was tested under both 32 *and* 64 bit

- * kernels. For updates see http://fy.chalmers.se/~appro/hpe/.

- *

- * To compile with SC4.x/SC5.x:

- *

- *	cc -xarch=v[9|8plus] -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \

- *		-c md5-sparcv9.S

- *

- * and with gcc:

- *

- *	gcc -mcpu=ultrasparc -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \

- *		-c md5-sparcv9.S

- *

- * or if above fails (it does if you have gas):

- *

- *	gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \

- *		as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o

- */

-#include <openssl/e_os2.h>

-#define	A	%o0

-#define B	%o1

-#define	C	%o2

-#define	D	%o3

-#define	T1	%o4

-#define	T2	%o5

-#define	R0	%l0

-#define	R1	%l1

-#define	R2	%l2

-#define	R3	%l3

-#define	R4	%l4

-#define	R5	%l5

-#define	R6	%l6

-#define	R7	%l7

-#define	R8	%i3

-#define	R9	%i4

-#define	R10	%i5

-#define	R11	%g1

-#define R12	%g2

-#define	R13	%g3

-#define RX	%g4

-#define Aptr	%i0+0

-#define Bptr	%i0+4

-#define Cptr	%i0+8

-#define Dptr	%i0+12

-#define Aval	R5	/* those not used at the end of the last round */

-#define Bval	R6

-#define Cval	R7

-#define Dval	R8

-#if defined(MD5_BLOCK_DATA_ORDER)

-# if defined(OPENSSL_SYSNAME_ULTRASPARC)

-#  define	LOAD			lda

-#  define	X(i)			[%i1+i*4]%asi

-#  define	md5_block		md5_block_asm_data_order_aligned

-#  define	ASI_PRIMARY_LITTLE	0x88

-# else

-#  error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!"

-# endif

-#else

-# define	LOAD			ld

-# define	X(i)			[%i1+i*4]

-# define	md5_block		md5_block_asm_host_order

-#endif

-.section        ".text",#alloc,#execinstr

-#if defined(__SUNPRO_C) && defined(__sparcv9)

-  /* They've said -xarch=v9 at command line */

-  .register	%g2,#scratch

-  .register	%g3,#scratch

-# define	FRAME	-192

-#elif defined(__GNUC__) && defined(__arch64__)

-  /* They've said -m64 at command line */

-  .register     %g2,#scratch

-  .register     %g3,#scratch

-# define        FRAME   -192

-#else

-# define	FRAME	-96

-#endif

-.align  32

-.global md5_block

-md5_block:

-	save	%sp,FRAME,%sp

-	ld	[Dptr],D

-	ld	[Cptr],C

-	ld	[Bptr],B

-	ld	[Aptr],A

-#ifdef ASI_PRIMARY_LITTLE

-	rd	%asi,%o7	! How dare I? Well, I just do:-)

-	wr	%g0,ASI_PRIMARY_LITTLE,%asi

-#endif

-	LOAD	X(0),R0

-.Lmd5_block_loop:

-!!!!!!!!Round 0

-	xor	C,D,T1

-	sethi	%hi(0xd76aa478),T2

-	and	T1,B,T1

-	or	T2,%lo(0xd76aa478),T2	!=

-	xor	T1,D,T1

-	add	T1,R0,T1

-	LOAD	X(1),R1

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,7,T2

-	srl	A,32-7,A

-	or	A,T2,A			!=

-	 xor	 B,C,T1

-	add	A,B,A

-	sethi	%hi(0xe8c7b756),T2

-	and	T1,A,T1			!=

-	or	T2,%lo(0xe8c7b756),T2

-	xor	T1,C,T1

-	LOAD	X(2),R2

-	add	T1,R1,T1		!=

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,12,T2

-	srl	D,32-12,D		!=

-	or	D,T2,D

-	 xor	 A,B,T1

-	add	D,A,D

-	sethi	%hi(0x242070db),T2	!=

-	and	T1,D,T1

-	or	T2,%lo(0x242070db),T2

-	xor	T1,B,T1

-	add	T1,R2,T1		!=

-	LOAD	X(3),R3

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,17,T2			!=

-	srl	C,32-17,C

-	or	C,T2,C

-	 xor	 D,A,T1

-	add	C,D,C			!=

-	sethi	%hi(0xc1bdceee),T2

-	and	T1,C,T1

-	or	T2,%lo(0xc1bdceee),T2

-	xor	T1,A,T1			!=

-	add	T1,R3,T1

-	LOAD	X(4),R4

-	add	T1,T2,T1

-	add	B,T1,B			!=

-	sll	B,22,T2

-	srl	B,32-22,B

-	or	B,T2,B

-	 xor	 C,D,T1			!=

-	add	B,C,B

-	sethi	%hi(0xf57c0faf),T2

-	and	T1,B,T1

-	or	T2,%lo(0xf57c0faf),T2	!=

-	xor	T1,D,T1

-	add	T1,R4,T1

-	LOAD	X(5),R5

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,7,T2

-	srl	A,32-7,A

-	or	A,T2,A			!=

-	 xor	 B,C,T1

-	add	A,B,A

-	sethi	%hi(0x4787c62a),T2

-	and	T1,A,T1			!=

-	or	T2,%lo(0x4787c62a),T2

-	xor	T1,C,T1

-	LOAD	X(6),R6

-	add	T1,R5,T1		!=

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,12,T2

-	srl	D,32-12,D		!=

-	or	D,T2,D

-	 xor	 A,B,T1

-	add	D,A,D

-	sethi	%hi(0xa8304613),T2	!=

-	and	T1,D,T1

-	or	T2,%lo(0xa8304613),T2

-	xor	T1,B,T1

-	add	T1,R6,T1		!=

-	LOAD	X(7),R7

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,17,T2			!=

-	srl	C,32-17,C

-	or	C,T2,C

-	 xor	 D,A,T1

-	add	C,D,C			!=

-	sethi	%hi(0xfd469501),T2

-	and	T1,C,T1

-	or	T2,%lo(0xfd469501),T2

-	xor	T1,A,T1			!=

-	add	T1,R7,T1

-	LOAD	X(8),R8

-	add	T1,T2,T1

-	add	B,T1,B			!=

-	sll	B,22,T2

-	srl	B,32-22,B

-	or	B,T2,B

-	 xor	 C,D,T1			!=

-	add	B,C,B

-	sethi	%hi(0x698098d8),T2

-	and	T1,B,T1

-	or	T2,%lo(0x698098d8),T2	!=

-	xor	T1,D,T1

-	add	T1,R8,T1

-	LOAD	X(9),R9

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,7,T2

-	srl	A,32-7,A

-	or	A,T2,A			!=

-	 xor	 B,C,T1

-	add	A,B,A

-	sethi	%hi(0x8b44f7af),T2

-	and	T1,A,T1			!=

-	or	T2,%lo(0x8b44f7af),T2

-	xor	T1,C,T1

-	LOAD	X(10),R10

-	add	T1,R9,T1		!=

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,12,T2

-	srl	D,32-12,D		!=

-	or	D,T2,D

-	 xor	 A,B,T1

-	add	D,A,D

-	sethi	%hi(0xffff5bb1),T2	!=

-	and	T1,D,T1

-	or	T2,%lo(0xffff5bb1),T2

-	xor	T1,B,T1

-	add	T1,R10,T1		!=

-	LOAD	X(11),R11

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,17,T2			!=

-	srl	C,32-17,C

-	or	C,T2,C

-	 xor	 D,A,T1

-	add	C,D,C			!=

-	sethi	%hi(0x895cd7be),T2

-	and	T1,C,T1

-	or	T2,%lo(0x895cd7be),T2

-	xor	T1,A,T1			!=

-	add	T1,R11,T1

-	LOAD	X(12),R12

-	add	T1,T2,T1

-	add	B,T1,B			!=

-	sll	B,22,T2

-	srl	B,32-22,B

-	or	B,T2,B

-	 xor	 C,D,T1			!=

-	add	B,C,B

-	sethi	%hi(0x6b901122),T2

-	and	T1,B,T1

-	or	T2,%lo(0x6b901122),T2	!=

-	xor	T1,D,T1

-	add	T1,R12,T1

-	LOAD	X(13),R13

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,7,T2

-	srl	A,32-7,A

-	or	A,T2,A			!=

-	 xor	 B,C,T1

-	add	A,B,A

-	sethi	%hi(0xfd987193),T2

-	and	T1,A,T1			!=

-	or	T2,%lo(0xfd987193),T2

-	xor	T1,C,T1

-	LOAD	X(14),RX

-	add	T1,R13,T1		!=

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,12,T2

-	srl	D,32-12,D		!=

-	or	D,T2,D

-	 xor	 A,B,T1

-	add	D,A,D

-	sethi	%hi(0xa679438e),T2	!=

-	and	T1,D,T1

-	or	T2,%lo(0xa679438e),T2

-	xor	T1,B,T1

-	add	T1,RX,T1		!=

-	LOAD	X(15),RX

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,17,T2			!=

-	srl	C,32-17,C

-	or	C,T2,C

-	 xor	 D,A,T1

-	add	C,D,C			!=

-	sethi	%hi(0x49b40821),T2

-	and	T1,C,T1

-	or	T2,%lo(0x49b40821),T2

-	xor	T1,A,T1			!=

-	add	T1,RX,T1

-	!pre-LOADed	X(1),R1

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,22,T2			!=

-	srl	B,32-22,B

-	or	B,T2,B

-	add	B,C,B

-!!!!!!!!Round 1

-	xor	B,C,T1			!=

-	sethi	%hi(0xf61e2562),T2

-	and	T1,D,T1

-	or	T2,%lo(0xf61e2562),T2

-	xor	T1,C,T1			!=

-	add	T1,R1,T1

-	!pre-LOADed	X(6),R6

-	add	T1,T2,T1

-	add	A,T1,A

-	sll	A,5,T2			!=

-	srl	A,32-5,A

-	or	A,T2,A

-	add	A,B,A

-	xor	A,B,T1			!=

-	sethi	%hi(0xc040b340),T2

-	and	T1,C,T1

-	or	T2,%lo(0xc040b340),T2

-	xor	T1,B,T1			!=

-	add	T1,R6,T1

-	!pre-LOADed	X(11),R11

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,9,T2			!=

-	srl	D,32-9,D

-	or	D,T2,D

-	add	D,A,D

-	xor	D,A,T1			!=

-	sethi	%hi(0x265e5a51),T2

-	and	T1,B,T1

-	or	T2,%lo(0x265e5a51),T2

-	xor	T1,A,T1			!=

-	add	T1,R11,T1

-	!pre-LOADed	X(0),R0

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,14,T2			!=

-	srl	C,32-14,C

-	or	C,T2,C

-	add	C,D,C

-	xor	C,D,T1			!=

-	sethi	%hi(0xe9b6c7aa),T2

-	and	T1,A,T1

-	or	T2,%lo(0xe9b6c7aa),T2

-	xor	T1,D,T1			!=

-	add	T1,R0,T1

-	!pre-LOADed	X(5),R5

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,20,T2			!=

-	srl	B,32-20,B

-	or	B,T2,B

-	add	B,C,B

-	xor	B,C,T1			!=

-	sethi	%hi(0xd62f105d),T2

-	and	T1,D,T1

-	or	T2,%lo(0xd62f105d),T2

-	xor	T1,C,T1			!=

-	add	T1,R5,T1

-	!pre-LOADed	X(10),R10

-	add	T1,T2,T1

-	add	A,T1,A

-	sll	A,5,T2			!=

-	srl	A,32-5,A

-	or	A,T2,A

-	add	A,B,A

-	xor	A,B,T1			!=

-	sethi	%hi(0x02441453),T2

-	and	T1,C,T1

-	or	T2,%lo(0x02441453),T2

-	xor	T1,B,T1			!=

-	add	T1,R10,T1

-	LOAD	X(15),RX

-	add	T1,T2,T1

-	add	D,T1,D			!=

-	sll	D,9,T2

-	srl	D,32-9,D

-	or	D,T2,D

-	add	D,A,D			!=

-	xor	D,A,T1

-	sethi	%hi(0xd8a1e681),T2

-	and	T1,B,T1

-	or	T2,%lo(0xd8a1e681),T2	!=

-	xor	T1,A,T1

-	add	T1,RX,T1

-	!pre-LOADed	X(4),R4

-	add	T1,T2,T1

-	add	C,T1,C			!=

-	sll	C,14,T2

-	srl	C,32-14,C

-	or	C,T2,C

-	add	C,D,C			!=

-	xor	C,D,T1

-	sethi	%hi(0xe7d3fbc8),T2

-	and	T1,A,T1

-	or	T2,%lo(0xe7d3fbc8),T2	!=

-	xor	T1,D,T1

-	add	T1,R4,T1

-	!pre-LOADed	X(9),R9

-	add	T1,T2,T1

-	add	B,T1,B			!=

-	sll	B,20,T2

-	srl	B,32-20,B

-	or	B,T2,B

-	add	B,C,B			!=

-	xor	B,C,T1

-	sethi	%hi(0x21e1cde6),T2

-	and	T1,D,T1

-	or	T2,%lo(0x21e1cde6),T2	!=

-	xor	T1,C,T1

-	add	T1,R9,T1

-	LOAD	X(14),RX

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,5,T2

-	srl	A,32-5,A

-	or	A,T2,A			!=

-	add	A,B,A

-	xor	A,B,T1

-	sethi	%hi(0xc33707d6),T2

-	and	T1,C,T1			!=

-	or	T2,%lo(0xc33707d6),T2

-	xor	T1,B,T1

-	add	T1,RX,T1

-	!pre-LOADed	X(3),R3

-	add	T1,T2,T1		!=

-	add	D,T1,D

-	sll	D,9,T2

-	srl	D,32-9,D

-	or	D,T2,D			!=

-	add	D,A,D

-	xor	D,A,T1

-	sethi	%hi(0xf4d50d87),T2

-	and	T1,B,T1			!=

-	or	T2,%lo(0xf4d50d87),T2

-	xor	T1,A,T1

-	add	T1,R3,T1

-	!pre-LOADed	X(8),R8

-	add	T1,T2,T1		!=

-	add	C,T1,C

-	sll	C,14,T2

-	srl	C,32-14,C

-	or	C,T2,C			!=

-	add	C,D,C

-	xor	C,D,T1

-	sethi	%hi(0x455a14ed),T2

-	and	T1,A,T1			!=

-	or	T2,%lo(0x455a14ed),T2

-	xor	T1,D,T1

-	add	T1,R8,T1

-	!pre-LOADed	X(13),R13

-	add	T1,T2,T1		!=

-	add	B,T1,B

-	sll	B,20,T2

-	srl	B,32-20,B

-	or	B,T2,B			!=

-	add	B,C,B

-	xor	B,C,T1

-	sethi	%hi(0xa9e3e905),T2

-	and	T1,D,T1			!=

-	or	T2,%lo(0xa9e3e905),T2

-	xor	T1,C,T1

-	add	T1,R13,T1

-	!pre-LOADed	X(2),R2

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,5,T2

-	srl	A,32-5,A

-	or	A,T2,A			!=

-	add	A,B,A

-	xor	A,B,T1

-	sethi	%hi(0xfcefa3f8),T2

-	and	T1,C,T1			!=

-	or	T2,%lo(0xfcefa3f8),T2

-	xor	T1,B,T1

-	add	T1,R2,T1

-	!pre-LOADed	X(7),R7

-	add	T1,T2,T1		!=

-	add	D,T1,D

-	sll	D,9,T2

-	srl	D,32-9,D

-	or	D,T2,D			!=

-	add	D,A,D

-	xor	D,A,T1

-	sethi	%hi(0x676f02d9),T2

-	and	T1,B,T1			!=

-	or	T2,%lo(0x676f02d9),T2

-	xor	T1,A,T1

-	add	T1,R7,T1

-	!pre-LOADed	X(12),R12

-	add	T1,T2,T1		!=

-	add	C,T1,C

-	sll	C,14,T2

-	srl	C,32-14,C

-	or	C,T2,C			!=

-	add	C,D,C

-	xor	C,D,T1

-	sethi	%hi(0x8d2a4c8a),T2

-	and	T1,A,T1			!=

-	or	T2,%lo(0x8d2a4c8a),T2

-	xor	T1,D,T1

-	add	T1,R12,T1

-	!pre-LOADed	X(5),R5

-	add	T1,T2,T1		!=

-	add	B,T1,B

-	sll	B,20,T2

-	srl	B,32-20,B

-	or	B,T2,B			!=

-	add	B,C,B

-!!!!!!!!Round 2

-	xor	B,C,T1

-	sethi	%hi(0xfffa3942),T2

-	xor	T1,D,T1			!=

-	or	T2,%lo(0xfffa3942),T2

-	add	T1,R5,T1

-	!pre-LOADed	X(8),R8

-	add	T1,T2,T1

-	add	A,T1,A			!=

-	sll	A,4,T2

-	srl	A,32-4,A

-	or	A,T2,A

-	add	A,B,A			!=

-	xor	A,B,T1

-	sethi	%hi(0x8771f681),T2

-	xor	T1,C,T1

-	or	T2,%lo(0x8771f681),T2	!=

-	add	T1,R8,T1

-	!pre-LOADed	X(11),R11

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,11,T2			!=

-	srl	D,32-11,D

-	or	D,T2,D

-	add	D,A,D

-	xor	D,A,T1			!=

-	sethi	%hi(0x6d9d6122),T2

-	xor	T1,B,T1

-	or	T2,%lo(0x6d9d6122),T2

-	add	T1,R11,T1		!=

-	LOAD	X(14),RX

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,16,T2			!=

-	srl	C,32-16,C

-	or	C,T2,C

-	add	C,D,C

-	xor	C,D,T1			!=

-	sethi	%hi(0xfde5380c),T2

-	xor	T1,A,T1

-	or	T2,%lo(0xfde5380c),T2

-	add	T1,RX,T1		!=

-	!pre-LOADed	X(1),R1

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,23,T2

-	srl	B,32-23,B		!=

-	or	B,T2,B

-	add	B,C,B

-	xor	B,C,T1

-	sethi	%hi(0xa4beea44),T2	!=

-	xor	T1,D,T1

-	or	T2,%lo(0xa4beea44),T2

-	add	T1,R1,T1

-	!pre-LOADed	X(4),R4

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,4,T2

-	srl	A,32-4,A

-	or	A,T2,A			!=

-	add	A,B,A

-	xor	A,B,T1

-	sethi	%hi(0x4bdecfa9),T2

-	xor	T1,C,T1			!=

-	or	T2,%lo(0x4bdecfa9),T2

-	add	T1,R4,T1

-	!pre-LOADed	X(7),R7

-	add	T1,T2,T1

-	add	D,T1,D			!=

-	sll	D,11,T2

-	srl	D,32-11,D

-	or	D,T2,D

-	add	D,A,D			!=

-	xor	D,A,T1

-	sethi	%hi(0xf6bb4b60),T2

-	xor	T1,B,T1

-	or	T2,%lo(0xf6bb4b60),T2	!=

-	add	T1,R7,T1

-	!pre-LOADed	X(10),R10

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,16,T2			!=

-	srl	C,32-16,C

-	or	C,T2,C

-	add	C,D,C

-	xor	C,D,T1			!=

-	sethi	%hi(0xbebfbc70),T2

-	xor	T1,A,T1

-	or	T2,%lo(0xbebfbc70),T2

-	add	T1,R10,T1		!=

-	!pre-LOADed	X(13),R13

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,23,T2

-	srl	B,32-23,B		!=

-	or	B,T2,B

-	add	B,C,B

-	xor	B,C,T1

-	sethi	%hi(0x289b7ec6),T2	!=

-	xor	T1,D,T1

-	or	T2,%lo(0x289b7ec6),T2

-	add	T1,R13,T1

-	!pre-LOADed	X(0),R0

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,4,T2

-	srl	A,32-4,A

-	or	A,T2,A			!=

-	add	A,B,A

-	xor	A,B,T1

-	sethi	%hi(0xeaa127fa),T2

-	xor	T1,C,T1			!=

-	or	T2,%lo(0xeaa127fa),T2

-	add	T1,R0,T1

-	!pre-LOADed	X(3),R3

-	add	T1,T2,T1

-	add	D,T1,D			!=

-	sll	D,11,T2

-	srl	D,32-11,D

-	or	D,T2,D

-	add	D,A,D			!=

-	xor	D,A,T1

-	sethi	%hi(0xd4ef3085),T2

-	xor	T1,B,T1

-	or	T2,%lo(0xd4ef3085),T2	!=

-	add	T1,R3,T1

-	!pre-LOADed	X(6),R6

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,16,T2			!=

-	srl	C,32-16,C

-	or	C,T2,C

-	add	C,D,C

-	xor	C,D,T1			!=

-	sethi	%hi(0x04881d05),T2

-	xor	T1,A,T1

-	or	T2,%lo(0x04881d05),T2

-	add	T1,R6,T1		!=

-	!pre-LOADed	X(9),R9

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,23,T2

-	srl	B,32-23,B		!=

-	or	B,T2,B

-	add	B,C,B

-	xor	B,C,T1

-	sethi	%hi(0xd9d4d039),T2	!=

-	xor	T1,D,T1

-	or	T2,%lo(0xd9d4d039),T2

-	add	T1,R9,T1

-	!pre-LOADed	X(12),R12

-	add	T1,T2,T1		!=

-	add	A,T1,A

-	sll	A,4,T2

-	srl	A,32-4,A

-	or	A,T2,A			!=

-	add	A,B,A

-	xor	A,B,T1

-	sethi	%hi(0xe6db99e5),T2

-	xor	T1,C,T1			!=

-	or	T2,%lo(0xe6db99e5),T2

-	add	T1,R12,T1

-	LOAD	X(15),RX

-	add	T1,T2,T1		!=

-	add	D,T1,D

-	sll	D,11,T2

-	srl	D,32-11,D

-	or	D,T2,D			!=

-	add	D,A,D

-	xor	D,A,T1

-	sethi	%hi(0x1fa27cf8),T2

-	xor	T1,B,T1			!=

-	or	T2,%lo(0x1fa27cf8),T2

-	add	T1,RX,T1

-	!pre-LOADed	X(2),R2

-	add	T1,T2,T1

-	add	C,T1,C			!=

-	sll	C,16,T2

-	srl	C,32-16,C

-	or	C,T2,C

-	add	C,D,C			!=

-	xor	C,D,T1

-	sethi	%hi(0xc4ac5665),T2

-	xor	T1,A,T1

-	or	T2,%lo(0xc4ac5665),T2	!=

-	add	T1,R2,T1

-	!pre-LOADed	X(0),R0

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,23,T2			!=

-	srl	B,32-23,B

-	or	B,T2,B

-	add	B,C,B

-!!!!!!!!Round 3

-	orn	B,D,T1			!=

-	sethi	%hi(0xf4292244),T2

-	xor	T1,C,T1

-	or	T2,%lo(0xf4292244),T2

-	add	T1,R0,T1		!=

-	!pre-LOADed	X(7),R7

-	add	T1,T2,T1

-	add	A,T1,A

-	sll	A,6,T2

-	srl	A,32-6,A		!=

-	or	A,T2,A

-	add	A,B,A

-	orn	A,C,T1

-	sethi	%hi(0x432aff97),T2	!=

-	xor	T1,B,T1

-	or	T2,%lo(0x432aff97),T2

-	LOAD	X(14),RX

-	add	T1,R7,T1		!=

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,10,T2

-	srl	D,32-10,D		!=

-	or	D,T2,D

-	add	D,A,D

-	orn	D,B,T1

-	sethi	%hi(0xab9423a7),T2	!=

-	xor	T1,A,T1

-	or	T2,%lo(0xab9423a7),T2

-	add	T1,RX,T1

-	!pre-LOADed	X(5),R5

-	add	T1,T2,T1		!=

-	add	C,T1,C

-	sll	C,15,T2

-	srl	C,32-15,C

-	or	C,T2,C			!=

-	add	C,D,C

-	orn	C,A,T1

-	sethi	%hi(0xfc93a039),T2

-	xor	T1,D,T1			!=

-	or	T2,%lo(0xfc93a039),T2

-	add	T1,R5,T1

-	!pre-LOADed	X(12),R12

-	add	T1,T2,T1

-	add	B,T1,B			!=

-	sll	B,21,T2

-	srl	B,32-21,B

-	or	B,T2,B

-	add	B,C,B			!=

-	orn	B,D,T1

-	sethi	%hi(0x655b59c3),T2

-	xor	T1,C,T1

-	or	T2,%lo(0x655b59c3),T2	!=

-	add	T1,R12,T1

-	!pre-LOADed	X(3),R3

-	add	T1,T2,T1

-	add	A,T1,A

-	sll	A,6,T2			!=

-	srl	A,32-6,A

-	or	A,T2,A

-	add	A,B,A

-	orn	A,C,T1			!=

-	sethi	%hi(0x8f0ccc92),T2

-	xor	T1,B,T1

-	or	T2,%lo(0x8f0ccc92),T2

-	add	T1,R3,T1		!=

-	!pre-LOADed	X(10),R10

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,10,T2

-	srl	D,32-10,D		!=

-	or	D,T2,D

-	add	D,A,D

-	orn	D,B,T1

-	sethi	%hi(0xffeff47d),T2	!=

-	xor	T1,A,T1

-	or	T2,%lo(0xffeff47d),T2

-	add	T1,R10,T1

-	!pre-LOADed	X(1),R1

-	add	T1,T2,T1		!=

-	add	C,T1,C

-	sll	C,15,T2

-	srl	C,32-15,C

-	or	C,T2,C			!=

-	add	C,D,C

-	orn	C,A,T1

-	sethi	%hi(0x85845dd1),T2

-	xor	T1,D,T1			!=

-	or	T2,%lo(0x85845dd1),T2

-	add	T1,R1,T1

-	!pre-LOADed	X(8),R8

-	add	T1,T2,T1

-	add	B,T1,B			!=

-	sll	B,21,T2

-	srl	B,32-21,B

-	or	B,T2,B

-	add	B,C,B			!=

-	orn	B,D,T1

-	sethi	%hi(0x6fa87e4f),T2

-	xor	T1,C,T1

-	or	T2,%lo(0x6fa87e4f),T2	!=

-	add	T1,R8,T1

-	LOAD	X(15),RX

-	add	T1,T2,T1

-	add	A,T1,A			!=

-	sll	A,6,T2

-	srl	A,32-6,A

-	or	A,T2,A

-	add	A,B,A			!=

-	orn	A,C,T1

-	sethi	%hi(0xfe2ce6e0),T2

-	xor	T1,B,T1

-	or	T2,%lo(0xfe2ce6e0),T2	!=

-	add	T1,RX,T1

-	!pre-LOADed	X(6),R6

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,10,T2			!=

-	srl	D,32-10,D

-	or	D,T2,D

-	add	D,A,D

-	orn	D,B,T1			!=

-	sethi	%hi(0xa3014314),T2

-	xor	T1,A,T1

-	or	T2,%lo(0xa3014314),T2

-	add	T1,R6,T1		!=

-	!pre-LOADed	X(13),R13

-	add	T1,T2,T1

-	add	C,T1,C

-	sll	C,15,T2

-	srl	C,32-15,C		!=

-	or	C,T2,C

-	add	C,D,C

-	orn	C,A,T1

-	sethi	%hi(0x4e0811a1),T2	!=

-	xor	T1,D,T1

-	or	T2,%lo(0x4e0811a1),T2

-	!pre-LOADed	X(4),R4

-	 ld	 [Aptr],Aval

-	add	T1,R13,T1		!=

-	add	T1,T2,T1

-	add	B,T1,B

-	sll	B,21,T2

-	srl	B,32-21,B		!=

-	or	B,T2,B

-	add	B,C,B

-	orn	B,D,T1

-	sethi	%hi(0xf7537e82),T2	!=

-	xor	T1,C,T1

-	or	T2,%lo(0xf7537e82),T2

-	!pre-LOADed	X(11),R11

-	 ld	 [Dptr],Dval

-	add	T1,R4,T1		!=

-	add	T1,T2,T1

-	add	A,T1,A

-	sll	A,6,T2

-	srl	A,32-6,A		!=

-	or	A,T2,A

-	add	A,B,A

-	orn	A,C,T1

-	sethi	%hi(0xbd3af235),T2	!=

-	xor	T1,B,T1

-	or	T2,%lo(0xbd3af235),T2

-	!pre-LOADed	X(2),R2

-	 ld	 [Cptr],Cval

-	add	T1,R11,T1		!=

-	add	T1,T2,T1

-	add	D,T1,D

-	sll	D,10,T2

-	srl	D,32-10,D		!=

-	or	D,T2,D

-	add	D,A,D

-	orn	D,B,T1

-	sethi	%hi(0x2ad7d2bb),T2	!=

-	xor	T1,A,T1

-	or	T2,%lo(0x2ad7d2bb),T2

-	!pre-LOADed	X(9),R9

-	 ld	 [Bptr],Bval

-	add	T1,R2,T1		!=

-	 add	 Aval,A,Aval

-	add	T1,T2,T1

-	 st	 Aval,[Aptr]

-	add	C,T1,C			!=

-	sll	C,15,T2

-	 add	 Dval,D,Dval

-	srl	C,32-15,C

-	or	C,T2,C			!=

-	 st	 Dval,[Dptr]

-	add	C,D,C

-	orn	C,A,T1

-	sethi	%hi(0xeb86d391),T2	!=

-	xor	T1,D,T1

-	or	T2,%lo(0xeb86d391),T2

-	add	T1,R9,T1

-	!pre-LOADed	X(0),R0

-	 mov	 Aval,A			!=

-	add	T1,T2,T1

-	 mov	 Dval,D

-	add	B,T1,B

-	sll	B,21,T2			!=

-	 add	 Cval,C,Cval

-	srl	B,32-21,B

-	 st	 Cval,[Cptr]

-	or	B,T2,B			!=

-	add	B,C,B

-	deccc	%i2

-	mov	Cval,C

-	add	B,Bval,B		!=

-	inc	64,%i1

-	nop

-	st	B,[Bptr]

-	nop				!=

-#ifdef	OPENSSL_SYSNAME_ULTRASPARC

-	bg,a,pt	%icc,.Lmd5_block_loop

-#else

-	bg,a	.Lmd5_block_loop

-#endif

-	LOAD	X(0),R0

-#ifdef ASI_PRIMARY_LITTLE

-	wr	%g0,%o7,%asi

-#endif

-	ret

-	restore	%g0,0,%o0

-.type	md5_block,#function

-.size	md5_block,(.-md5_block)

--- a/sys/src/ape/lib/openssl/crypto/md5/asm/md5-x86_64.pl

+++ /dev/null

@@ -1,245 +1,0 @@

-#!/usr/bin/perl -w

-#

-# MD5 optimized for AMD64.

-#

-# Author: Marc Bevand <bevand_m (at) epita.fr>

-# Licence: I hereby disclaim the copyright on this code and place it

-# in the public domain.

-#

-use strict;

-my $code;

-# round1_step() does:

-#   dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s)

-#   %r10d = X[k_next]

-#   %r11d = z' (copy of z for the next step)

-# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC)

-sub round1_step

-{

-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;

-    $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);

-    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);

-    $code .= <<EOF;

-	xor	$y,		%r11d		/* y ^ ... */

-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */

-	and	$x,		%r11d		/* x & ... */

-	xor	$z,		%r11d		/* z ^ ... */

-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */

-	add	%r11d,		$dst		/* dst += ... */

-	rol	\$$s,		$dst		/* dst <<< s */

-	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */

-	add	$x,		$dst		/* dst += x */

-EOF

-}

-# round2_step() does:

-#   dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s)

-#   %r10d = X[k_next]

-#   %r11d = y' (copy of y for the next step)

-# Each round2_step() takes about 6.22 clocks (9 instructions, 1.45 IPC)

-sub round2_step

-{

-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;

-    $code .= " mov	1*4(%rsi),	%r10d		/* (NEXT STEP) X[1] */\n" if ($pos == -1);

-    $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);

-    $code .= <<EOF;

-	xor	$x,		%r11d		/* x ^ ... */

-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */

-	and	$z,		%r11d		/* z & ... */

-	xor	$y,		%r11d		/* y ^ ... */

-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */

-	add	%r11d,		$dst		/* dst += ... */

-	rol	\$$s,		$dst		/* dst <<< s */

-	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */

-	add	$x,		$dst		/* dst += x */

-EOF

-}

-# round3_step() does:

-#   dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s)

-#   %r10d = X[k_next]

-#   %r11d = y' (copy of y for the next step)

-# Each round3_step() takes about 4.26 clocks (8 instructions, 1.88 IPC)

-sub round3_step

-{

-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;

-    $code .= " mov	5*4(%rsi),	%r10d		/* (NEXT STEP) X[5] */\n" if ($pos == -1);

-    $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);

-    $code .= <<EOF;

-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */

-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */

-	xor	$z,		%r11d		/* z ^ ... */

-	xor	$x,		%r11d		/* x ^ ... */

-	add	%r11d,		$dst		/* dst += ... */

-	rol	\$$s,		$dst		/* dst <<< s */

-	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */

-	add	$x,		$dst		/* dst += x */

-EOF

-}

-# round4_step() does:

-#   dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s)

-#   %r10d = X[k_next]

-#   %r11d = not z' (copy of not z for the next step)

-# Each round4_step() takes about 5.27 clocks (9 instructions, 1.71 IPC)

-sub round4_step

-{

-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;

-    $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);

-    $code .= " mov	\$0xffffffff,	%r11d\n" if ($pos == -1);

-    $code .= " xor	%edx,		%r11d		/* (NEXT STEP) not z' = not %edx*/\n"

-    if ($pos == -1);

-    $code .= <<EOF;

-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */

-	or	$x,		%r11d		/* x | ... */

-	xor	$y,		%r11d		/* y ^ ... */

-	add	%r11d,		$dst		/* dst += ... */

-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */

-	mov	\$0xffffffff,	%r11d

-	rol	\$$s,		$dst		/* dst <<< s */

-	xor	$y,		%r11d		/* (NEXT STEP) not z' = not $y */

-	add	$x,		$dst		/* dst += x */

-EOF

-}

-my $output = shift;

-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";

-$code .= <<EOF;

-.text

-.align 16

-.globl md5_block_asm_host_order

-.type md5_block_asm_host_order,\@function,3

-md5_block_asm_host_order:

-	push	%rbp

-	push	%rbx

-	push	%r14

-	push	%r15

-	# rdi = arg #1 (ctx, MD5_CTX pointer)

-	# rsi = arg #2 (ptr, data pointer)

-	# rdx = arg #3 (nbr, number of 16-word blocks to process)

-	mov	%rdi,		%rbp	# rbp = ctx

-	shl	\$6,		%rdx	# rdx = nbr in bytes

-	lea	(%rsi,%rdx),	%rdi	# rdi = end

-	mov	0*4(%rbp),	%eax	# eax = ctx->A

-	mov	1*4(%rbp),	%ebx	# ebx = ctx->B

-	mov	2*4(%rbp),	%ecx	# ecx = ctx->C

-	mov	3*4(%rbp),	%edx	# edx = ctx->D

-	# end is 'rdi'

-	# ptr is 'rsi'

-	# A is 'eax'

-	# B is 'ebx'

-	# C is 'ecx'

-	# D is 'edx'

-	cmp	%rdi,		%rsi		# cmp end with ptr

-	je	.Lend				# jmp if ptr == end

-	# BEGIN of loop over 16-word blocks

-.Lloop:	# save old values of A, B, C, D

-	mov	%eax,		%r8d

-	mov	%ebx,		%r9d

-	mov	%ecx,		%r14d

-	mov	%edx,		%r15d

-EOF

-round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7');

-round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12');

-round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17');

-round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22');

-round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7');

-round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12');

-round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17');

-round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22');

-round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7');

-round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12');

-round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17');

-round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22');

-round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7');

-round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12');

-round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17');

-round1_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x49b40821','22');

-round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5');

-round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9');

-round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14');

-round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20');

-round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5');

-round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9');

-round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14');

-round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20');

-round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5');

-round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9');

-round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14');

-round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20');

-round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5');

-round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9');

-round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14');

-round2_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x8d2a4c8a','20');

-round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4');

-round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11');

-round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16');

-round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23');

-round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4');

-round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11');

-round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16');

-round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23');

-round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4');

-round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11');

-round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16');

-round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23');

-round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4');

-round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11');

-round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16');

-round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23');

-round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6');

-round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10');

-round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15');

-round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21');

-round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6');

-round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10');

-round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15');

-round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21');

-round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6');

-round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10');

-round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15');

-round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21');

-round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6');

-round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10');

-round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15');

-round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21');

-$code .= <<EOF;

-	# add old values of A, B, C, D

-	add	%r8d,	%eax

-	add	%r9d,	%ebx

-	add	%r14d,	%ecx

-	add	%r15d,	%edx

-	# loop control

-	add	\$64,		%rsi		# ptr += 64

-	cmp	%rdi,		%rsi		# cmp end with ptr

-	jb	.Lloop				# jmp if ptr < end

-	# END of loop over 16-word blocks

-.Lend:

-	mov	%eax,		0*4(%rbp)	# ctx->A = A

-	mov	%ebx,		1*4(%rbp)	# ctx->B = B

-	mov	%ecx,		2*4(%rbp)	# ctx->C = C

-	mov	%edx,		3*4(%rbp)	# ctx->D = D

-	pop	%r15

-	pop	%r14

-	pop	%rbx

-	pop	%rbp

-	ret

-.size md5_block_asm_host_order,.-md5_block_asm_host_order

-EOF

-print $code;

-close STDOUT;

--- a/sys/src/ape/lib/openssl/crypto/md5/md5.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/md5/md5.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/md5.h>

-#define BUFSIZE	1024*16

-void do_fp(FILE *f);

-void pt(unsigned char *md);

-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)

-int read(int, void *, unsigned int);

-#endif

-int main(int argc, char **argv)

-	{

-	int i,err=0;

-	FILE *IN;

-	if (argc == 1)

-		{

-		do_fp(stdin);

-		}

-	else

-		{

-		for (i=1; i<argc; i++)

-			{

-			IN=fopen(argv[i],"r");

-			if (IN == NULL)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			printf("MD5(%s)= ",argv[i]);

-			do_fp(IN);

-			fclose(IN);

-			}

-		}

-	exit(err);

-	}

-void do_fp(FILE *f)

-	{

-	MD5_CTX c;

-	unsigned char md[MD5_DIGEST_LENGTH];

-	int fd;

-	int i;

-	static unsigned char buf[BUFSIZE];

-	fd=fileno(f);

-	MD5_Init(&c);

-	for (;;)

-		{

-		i=read(fd,buf,BUFSIZE);

-		if (i <= 0) break;

-		MD5_Update(&c,buf,(unsigned long)i);

-		}

-	MD5_Final(&(md[0]),&c);

-	pt(md);

-	}

-void pt(unsigned char *md)

-	{

-	int i;

-	for (i=0; i<MD5_DIGEST_LENGTH; i++)

-		printf("%02x",md[i]);

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/md5/md5.h

+++ /dev/null

@@ -1,117 +1,0 @@

-/* crypto/md5/md5.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MD5_H

-#define HEADER_MD5_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_MD5

-#error MD5 is disabled.

-#endif

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! MD5_LONG_LOG2 has to be defined along.			   !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define MD5_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define MD5_LONG unsigned long

-#define MD5_LONG_LOG2 3

-/*

- * _CRAY note. I could declare short, but I have no idea what impact

- * does it have on performance on none-T3E machines. I could declare

- * int, but at least on C90 sizeof(int) can be chosen at compile time.

- * So I've chosen long...

- *					<[email protected]>

- */

-#else

-#define MD5_LONG unsigned int

-#endif

-#define MD5_CBLOCK	64

-#define MD5_LBLOCK	(MD5_CBLOCK/4)

-#define MD5_DIGEST_LENGTH 16

-typedef struct MD5state_st

-	{

-	MD5_LONG A,B,C,D;

-	MD5_LONG Nl,Nh;

-	MD5_LONG data[MD5_LBLOCK];

-	unsigned int num;

-	} MD5_CTX;

-int MD5_Init(MD5_CTX *c);

-int MD5_Update(MD5_CTX *c, const void *data, size_t len);

-int MD5_Final(unsigned char *md, MD5_CTX *c);

-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);

-void MD5_Transform(MD5_CTX *c, const unsigned char *b);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md5/md5_dgst.c

+++ /dev/null

@@ -1,292 +1,0 @@

-/* crypto/md5/md5_dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "md5_locl.h"

-#include <openssl/opensslv.h>

-const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;

-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm

- */

-#define INIT_DATA_A (unsigned long)0x67452301L

-#define INIT_DATA_B (unsigned long)0xefcdab89L

-#define INIT_DATA_C (unsigned long)0x98badcfeL

-#define INIT_DATA_D (unsigned long)0x10325476L

-int MD5_Init(MD5_CTX *c)

-	{

-	c->A=INIT_DATA_A;

-	c->B=INIT_DATA_B;

-	c->C=INIT_DATA_C;

-	c->D=INIT_DATA_D;

-	c->Nl=0;

-	c->Nh=0;

-	c->num=0;

-	return 1;

-	}

-#ifndef md5_block_host_order

-void md5_block_host_order (MD5_CTX *c, const void *data, size_t num)

-	{

-	const MD5_LONG *X=data;

-	register unsigned MD32_REG_T A,B,C,D;

-	A=c->A;

-	B=c->B;

-	C=c->C;

-	D=c->D;

-	for (;num--;X+=HASH_LBLOCK)

-		{

-	/* Round 0 */

-	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);

-	R0(D,A,B,C,X[ 1],12,0xe8c7b756L);

-	R0(C,D,A,B,X[ 2],17,0x242070dbL);

-	R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);

-	R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);

-	R0(D,A,B,C,X[ 5],12,0x4787c62aL);

-	R0(C,D,A,B,X[ 6],17,0xa8304613L);

-	R0(B,C,D,A,X[ 7],22,0xfd469501L);

-	R0(A,B,C,D,X[ 8], 7,0x698098d8L);

-	R0(D,A,B,C,X[ 9],12,0x8b44f7afL);

-	R0(C,D,A,B,X[10],17,0xffff5bb1L);

-	R0(B,C,D,A,X[11],22,0x895cd7beL);

-	R0(A,B,C,D,X[12], 7,0x6b901122L);

-	R0(D,A,B,C,X[13],12,0xfd987193L);

-	R0(C,D,A,B,X[14],17,0xa679438eL);

-	R0(B,C,D,A,X[15],22,0x49b40821L);

-	/* Round 1 */

-	R1(A,B,C,D,X[ 1], 5,0xf61e2562L);

-	R1(D,A,B,C,X[ 6], 9,0xc040b340L);

-	R1(C,D,A,B,X[11],14,0x265e5a51L);

-	R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);

-	R1(A,B,C,D,X[ 5], 5,0xd62f105dL);

-	R1(D,A,B,C,X[10], 9,0x02441453L);

-	R1(C,D,A,B,X[15],14,0xd8a1e681L);

-	R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);

-	R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);

-	R1(D,A,B,C,X[14], 9,0xc33707d6L);

-	R1(C,D,A,B,X[ 3],14,0xf4d50d87L);

-	R1(B,C,D,A,X[ 8],20,0x455a14edL);

-	R1(A,B,C,D,X[13], 5,0xa9e3e905L);

-	R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);

-	R1(C,D,A,B,X[ 7],14,0x676f02d9L);

-	R1(B,C,D,A,X[12],20,0x8d2a4c8aL);

-	/* Round 2 */

-	R2(A,B,C,D,X[ 5], 4,0xfffa3942L);

-	R2(D,A,B,C,X[ 8],11,0x8771f681L);

-	R2(C,D,A,B,X[11],16,0x6d9d6122L);

-	R2(B,C,D,A,X[14],23,0xfde5380cL);

-	R2(A,B,C,D,X[ 1], 4,0xa4beea44L);

-	R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);

-	R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);

-	R2(B,C,D,A,X[10],23,0xbebfbc70L);

-	R2(A,B,C,D,X[13], 4,0x289b7ec6L);

-	R2(D,A,B,C,X[ 0],11,0xeaa127faL);

-	R2(C,D,A,B,X[ 3],16,0xd4ef3085L);

-	R2(B,C,D,A,X[ 6],23,0x04881d05L);

-	R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);

-	R2(D,A,B,C,X[12],11,0xe6db99e5L);

-	R2(C,D,A,B,X[15],16,0x1fa27cf8L);

-	R2(B,C,D,A,X[ 2],23,0xc4ac5665L);

-	/* Round 3 */

-	R3(A,B,C,D,X[ 0], 6,0xf4292244L);

-	R3(D,A,B,C,X[ 7],10,0x432aff97L);

-	R3(C,D,A,B,X[14],15,0xab9423a7L);

-	R3(B,C,D,A,X[ 5],21,0xfc93a039L);

-	R3(A,B,C,D,X[12], 6,0x655b59c3L);

-	R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);

-	R3(C,D,A,B,X[10],15,0xffeff47dL);

-	R3(B,C,D,A,X[ 1],21,0x85845dd1L);

-	R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);

-	R3(D,A,B,C,X[15],10,0xfe2ce6e0L);

-	R3(C,D,A,B,X[ 6],15,0xa3014314L);

-	R3(B,C,D,A,X[13],21,0x4e0811a1L);

-	R3(A,B,C,D,X[ 4], 6,0xf7537e82L);

-	R3(D,A,B,C,X[11],10,0xbd3af235L);

-	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);

-	R3(B,C,D,A,X[ 9],21,0xeb86d391L);

-	A = c->A += A;

-	B = c->B += B;

-	C = c->C += C;

-	D = c->D += D;

-		}

-	}

-#endif

-#ifndef md5_block_data_order

-#ifdef X

-#undef X

-#endif

-void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)

-	{

-	const unsigned char *data=data_;

-	register unsigned MD32_REG_T A,B,C,D,l;

-#ifndef MD32_XARRAY

-	/* See comment in crypto/sha/sha_locl.h for details. */

-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,

-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;

-# define X(i)	XX##i

-#else

-	MD5_LONG XX[MD5_LBLOCK];

-# define X(i)	XX[i]

-#endif

-	A=c->A;

-	B=c->B;

-	C=c->C;

-	D=c->D;

-	for (;num--;)

-		{

-	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;

-	/* Round 0 */

-	R0(A,B,C,D,X( 0), 7,0xd76aa478L);	HOST_c2l(data,l); X( 2)=l;

-	R0(D,A,B,C,X( 1),12,0xe8c7b756L);	HOST_c2l(data,l); X( 3)=l;

-	R0(C,D,A,B,X( 2),17,0x242070dbL);	HOST_c2l(data,l); X( 4)=l;

-	R0(B,C,D,A,X( 3),22,0xc1bdceeeL);	HOST_c2l(data,l); X( 5)=l;

-	R0(A,B,C,D,X( 4), 7,0xf57c0fafL);	HOST_c2l(data,l); X( 6)=l;

-	R0(D,A,B,C,X( 5),12,0x4787c62aL);	HOST_c2l(data,l); X( 7)=l;

-	R0(C,D,A,B,X( 6),17,0xa8304613L);	HOST_c2l(data,l); X( 8)=l;

-	R0(B,C,D,A,X( 7),22,0xfd469501L);	HOST_c2l(data,l); X( 9)=l;

-	R0(A,B,C,D,X( 8), 7,0x698098d8L);	HOST_c2l(data,l); X(10)=l;

-	R0(D,A,B,C,X( 9),12,0x8b44f7afL);	HOST_c2l(data,l); X(11)=l;

-	R0(C,D,A,B,X(10),17,0xffff5bb1L);	HOST_c2l(data,l); X(12)=l;

-	R0(B,C,D,A,X(11),22,0x895cd7beL);	HOST_c2l(data,l); X(13)=l;

-	R0(A,B,C,D,X(12), 7,0x6b901122L);	HOST_c2l(data,l); X(14)=l;

-	R0(D,A,B,C,X(13),12,0xfd987193L);	HOST_c2l(data,l); X(15)=l;

-	R0(C,D,A,B,X(14),17,0xa679438eL);

-	R0(B,C,D,A,X(15),22,0x49b40821L);

-	/* Round 1 */

-	R1(A,B,C,D,X( 1), 5,0xf61e2562L);

-	R1(D,A,B,C,X( 6), 9,0xc040b340L);

-	R1(C,D,A,B,X(11),14,0x265e5a51L);

-	R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);

-	R1(A,B,C,D,X( 5), 5,0xd62f105dL);

-	R1(D,A,B,C,X(10), 9,0x02441453L);

-	R1(C,D,A,B,X(15),14,0xd8a1e681L);

-	R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);

-	R1(A,B,C,D,X( 9), 5,0x21e1cde6L);

-	R1(D,A,B,C,X(14), 9,0xc33707d6L);

-	R1(C,D,A,B,X( 3),14,0xf4d50d87L);

-	R1(B,C,D,A,X( 8),20,0x455a14edL);

-	R1(A,B,C,D,X(13), 5,0xa9e3e905L);

-	R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);

-	R1(C,D,A,B,X( 7),14,0x676f02d9L);

-	R1(B,C,D,A,X(12),20,0x8d2a4c8aL);

-	/* Round 2 */

-	R2(A,B,C,D,X( 5), 4,0xfffa3942L);

-	R2(D,A,B,C,X( 8),11,0x8771f681L);

-	R2(C,D,A,B,X(11),16,0x6d9d6122L);

-	R2(B,C,D,A,X(14),23,0xfde5380cL);

-	R2(A,B,C,D,X( 1), 4,0xa4beea44L);

-	R2(D,A,B,C,X( 4),11,0x4bdecfa9L);

-	R2(C,D,A,B,X( 7),16,0xf6bb4b60L);

-	R2(B,C,D,A,X(10),23,0xbebfbc70L);

-	R2(A,B,C,D,X(13), 4,0x289b7ec6L);

-	R2(D,A,B,C,X( 0),11,0xeaa127faL);

-	R2(C,D,A,B,X( 3),16,0xd4ef3085L);

-	R2(B,C,D,A,X( 6),23,0x04881d05L);

-	R2(A,B,C,D,X( 9), 4,0xd9d4d039L);

-	R2(D,A,B,C,X(12),11,0xe6db99e5L);

-	R2(C,D,A,B,X(15),16,0x1fa27cf8L);

-	R2(B,C,D,A,X( 2),23,0xc4ac5665L);

-	/* Round 3 */

-	R3(A,B,C,D,X( 0), 6,0xf4292244L);

-	R3(D,A,B,C,X( 7),10,0x432aff97L);

-	R3(C,D,A,B,X(14),15,0xab9423a7L);

-	R3(B,C,D,A,X( 5),21,0xfc93a039L);

-	R3(A,B,C,D,X(12), 6,0x655b59c3L);

-	R3(D,A,B,C,X( 3),10,0x8f0ccc92L);

-	R3(C,D,A,B,X(10),15,0xffeff47dL);

-	R3(B,C,D,A,X( 1),21,0x85845dd1L);

-	R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);

-	R3(D,A,B,C,X(15),10,0xfe2ce6e0L);

-	R3(C,D,A,B,X( 6),15,0xa3014314L);

-	R3(B,C,D,A,X(13),21,0x4e0811a1L);

-	R3(A,B,C,D,X( 4), 6,0xf7537e82L);

-	R3(D,A,B,C,X(11),10,0xbd3af235L);

-	R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);

-	R3(B,C,D,A,X( 9),21,0xeb86d391L);

-	A = c->A += A;

-	B = c->B += B;

-	C = c->C += C;

-	D = c->D += D;

-		}

-	}

-#endif

-#ifdef undef

-int printit(unsigned long *l)

-	{

-	int i,ii;

-	for (i=0; i<2; i++)

-		{

-		for (ii=0; ii<8; ii++)

-			{

-			fprintf(stderr,"%08lx ",l[i*8+ii]);

-			}

-		fprintf(stderr,"\n");

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/md5/md5_locl.h

+++ /dev/null

@@ -1,176 +1,0 @@

-/* crypto/md5/md5_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/e_os2.h>

-#include <openssl/md5.h>

-#ifndef MD5_LONG_LOG2

-#define MD5_LONG_LOG2 2 /* default to 32 bits */

-#endif

-#ifdef MD5_ASM

-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__)

-#  if !defined(B_ENDIAN)

-#   define md5_block_host_order md5_block_asm_host_order

-#  endif

-# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)

-   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,size_t num);

-#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned

-# endif

-#endif

-void md5_block_host_order (MD5_CTX *c, const void *p,size_t num);

-void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);

-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__)

-# if !defined(B_ENDIAN)

-/*

- * *_block_host_order is expected to handle aligned data while

- * *_block_data_order - unaligned. As algorithm and host (x86)

- * are in this case of the same "endianness" these two are

- * otherwise indistinguishable. But normally you don't want to

- * call the same function because unaligned access in places

- * where alignment is expected is usually a "Bad Thing". Indeed,

- * on RISCs you get punished with BUS ERROR signal or *severe*

- * performance degradation. Intel CPUs are in turn perfectly

- * capable of loading unaligned data without such drastic side

- * effect. Yes, they say it's slower than aligned load, but no

- * exception is generated and therefore performance degradation

- * is *incomparable* with RISCs. What we should weight here is

- * costs of unaligned access against costs of aligning data.

- * According to my measurements allowing unaligned access results

- * in ~9% performance improvement on Pentium II operating at

- * 266MHz. I won't be surprised if the difference will be higher

- * on faster systems:-)

- *

- *				<[email protected]>

- */

-# define md5_block_data_order md5_block_host_order

-# endif

-#endif

-#define DATA_ORDER_IS_LITTLE_ENDIAN

-#define HASH_LONG		MD5_LONG

-#define HASH_LONG_LOG2		MD5_LONG_LOG2

-#define HASH_CTX		MD5_CTX

-#define HASH_CBLOCK		MD5_CBLOCK

-#define HASH_LBLOCK		MD5_LBLOCK

-#define HASH_UPDATE		MD5_Update

-#define HASH_TRANSFORM		MD5_Transform

-#define HASH_FINAL		MD5_Final

-#define	HASH_MAKE_STRING(c,s)	do {	\

-	unsigned long ll;		\

-	ll=(c)->A; HOST_l2c(ll,(s));	\

-	ll=(c)->B; HOST_l2c(ll,(s));	\

-	ll=(c)->C; HOST_l2c(ll,(s));	\

-	ll=(c)->D; HOST_l2c(ll,(s));	\

-	} while (0)

-#define HASH_BLOCK_HOST_ORDER	md5_block_host_order

-#if !defined(L_ENDIAN) || defined(md5_block_data_order)

-#define	HASH_BLOCK_DATA_ORDER	md5_block_data_order

-/*

- * Little-endians (Intel and Alpha) feel better without this.

- * It looks like memcpy does better job than generic

- * md5_block_data_order on copying-n-aligning input data.

- * But frankly speaking I didn't expect such result on Alpha.

- * On the other hand I've got this with egcs-1.0.2 and if

- * program is compiled with another (better?) compiler it

- * might turn out other way around.

- *

- *				<[email protected]>

- */

-#endif

-#include "md32_common.h"

-/*

-#define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))

-#define	G(x,y,z)	(((x) & (z))  |  ((y) & (~(z))))

-*/

-/* As pointed out by Wei Dai <[email protected]>, the above can be

- * simplified to the code below.  Wei attributes these optimizations

- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.

- */

-#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))

-#define	G(b,c,d)	((((b) ^ (c)) & (d)) ^ (c))

-#define	H(b,c,d)	((b) ^ (c) ^ (d))

-#define	I(b,c,d)	(((~(d)) | (b)) ^ (c))

-#define R0(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+F((b),(c),(d))); \

-	a=ROTATE(a,s); \

-	a+=b; };\

-#define R1(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+G((b),(c),(d))); \

-	a=ROTATE(a,s); \

-	a+=b; };

-#define R2(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+H((b),(c),(d))); \

-	a=ROTATE(a,s); \

-	a+=b; };

-#define R3(a,b,c,d,k,s,t) { \

-	a+=((k)+(t)+I((b),(c),(d))); \

-	a=ROTATE(a,s); \

-	a+=b; };

--- a/sys/src/ape/lib/openssl/crypto/md5/md5_one.c

+++ /dev/null

@@ -1,97 +1,0 @@

-/* crypto/md5/md5_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/md5.h>

-#include <openssl/crypto.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	MD5_CTX c;

-	static unsigned char m[MD5_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!MD5_Init(&c))

-		return NULL;

-#ifndef CHARSET_EBCDIC

-	MD5_Update(&c,d,n);

-#else

-	{

-		char temp[1024];

-		unsigned long chunk;

-		while (n > 0)

-		{

-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;

-			ebcdic2ascii(temp, d, chunk);

-			MD5_Update(&c,temp,chunk);

-			n -= chunk;

-			d += chunk;

-		}

-	}

-#endif

-	MD5_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */

-	return(md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/md5/md5s.cpp

+++ /dev/null

@@ -1,78 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/md5.h>

-extern "C" {

-void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);

-}

-void main(int argc,char *argv[])

-	{

-	unsigned char buffer[64*256];

-	MD5_CTX ctx;

-	unsigned long s1,s2,e1,e2;

-	unsigned char k[16];

-	unsigned long data[2];

-	unsigned char iv[8];

-	int i,num=0,numm;

-	int j=0;

-	if (argc >= 2)

-		num=atoi(argv[1]);

-	if (num == 0) num=16;

-	if (num > 250) num=16;

-	numm=num+2;

-	num*=64;

-	numm*=64;

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<10; i++) /**/

-			{

-			md5_block_x86(&ctx,buffer,numm);

-			GetTSC(s1);

-			md5_block_x86(&ctx,buffer,numm);

-			GetTSC(e1);

-			GetTSC(s2);

-			md5_block_x86(&ctx,buffer,num);

-			GetTSC(e2);

-			md5_block_x86(&ctx,buffer,num);

-			}

-		printf("md5 (%d bytes) %d %d (%.2f)\n",num,

-			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/md5/md5test.c

+++ /dev/null

@@ -1,140 +1,0 @@

-/* crypto/md5/md5test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_MD5

-int main(int argc, char *argv[])

-{

-    printf("No MD5 support\n");

-    return(0);

-}

-#else

-#include <openssl/evp.h>

-#include <openssl/md5.h>

-static char *test[]={

-	"",

-	"a",

-	"abc",

-	"message digest",

-	"abcdefghijklmnopqrstuvwxyz",

-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",

-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",

-	NULL,

-	};

-static char *ret[]={

-	"d41d8cd98f00b204e9800998ecf8427e",

-	"0cc175b9c0f1b6a831c399e269772661",

-	"900150983cd24fb0d6963f7d28e17f72",

-	"f96b697d7cb7938d525a2f31aaf161d0",

-	"c3fcd3d76192e4007dfb496cca67e13b",

-	"d174ab98d277d9f5a5611c2c9f419d9f",

-	"57edf4a22be3c955ac49da2e2107b67a",

-	};

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	char **P,**R;

-	char *p;

-	unsigned char md[MD5_DIGEST_LENGTH];

-	P=test;

-	R=ret;

-	i=1;

-	while (*P != NULL)

-		{

-		EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);

-		p=pt(md);

-		if (strcmp(p,(char *)*R) != 0)

-			{

-			printf("error calculating MD5 on '%s'\n",*P);

-			printf("got %s instead of %s\n",p,*R);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		i++;

-		R++;

-		P++;

-		}

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	return(0);

-	}

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<MD5_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/mdc2/Makefile

+++ /dev/null

@@ -1,93 +1,0 @@

-#

-# OpenSSL/crypto/mdc2/Makefile

-#

-DIR=	mdc2

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST= mdc2test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=mdc2dgst.c mdc2_one.c

-LIBOBJ=mdc2dgst.o mdc2_one.o

-SRC= $(LIBSRC)

-EXHEADER= mdc2.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h

-mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h

-mdc2_one.o: ../../include/openssl/opensslconf.h

-mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c

-mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

-mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h

-mdc2dgst.o: ../../include/openssl/opensslconf.h

-mdc2dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-mdc2dgst.o: mdc2dgst.c

--- a/sys/src/ape/lib/openssl/crypto/mdc2/mdc2.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/mdc2/mdc2.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_MDC2_H

-#define HEADER_MDC2_H

-#include <openssl/des.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_MDC2

-#error MDC2 is disabled.

-#endif

-#define MDC2_BLOCK              8

-#define MDC2_DIGEST_LENGTH      16

-typedef struct mdc2_ctx_st

-	{

-	unsigned int num;

-	unsigned char data[MDC2_BLOCK];

-	DES_cblock h,hh;

-	int pad_type; /* either 1 or 2, default 1 */

-	} MDC2_CTX;

-int MDC2_Init(MDC2_CTX *c);

-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);

-int MDC2_Final(unsigned char *md, MDC2_CTX *c);

-unsigned char *MDC2(const unsigned char *d, size_t n,

-	unsigned char *md);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/mdc2/mdc2_one.c

+++ /dev/null

@@ -1,76 +1,0 @@

-/* crypto/mdc2/mdc2_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/mdc2.h>

-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	MDC2_CTX c;

-	static unsigned char m[MDC2_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!MDC2_Init(&c))

-		return NULL;

-	MDC2_Update(&c,d,n);

-        MDC2_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */

-	return(md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/mdc2/mdc2dgst.c

+++ /dev/null

@@ -1,199 +1,0 @@

-/* crypto/mdc2/mdc2dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/des.h>

-#include <openssl/mdc2.h>

-#undef c2l

-#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \

-			 l|=((DES_LONG)(*((c)++)))<< 8L, \

-			 l|=((DES_LONG)(*((c)++)))<<16L, \

-			 l|=((DES_LONG)(*((c)++)))<<24L)

-#undef l2c

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			*((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			*((c)++)=(unsigned char)(((l)>>24L)&0xff))

-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);

-int MDC2_Init(MDC2_CTX *c)

-	{

-	c->num=0;

-	c->pad_type=1;

-	memset(&(c->h[0]),0x52,MDC2_BLOCK);

-	memset(&(c->hh[0]),0x25,MDC2_BLOCK);

-	return 1;

-	}

-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)

-	{

-	size_t i,j;

-	i=c->num;

-	if (i != 0)

-		{

-		if (i+len < MDC2_BLOCK)

-			{

-			/* partial block */

-			memcpy(&(c->data[i]),in,len);

-			c->num+=(int)len;

-			return 1;

-			}

-		else

-			{

-			/* filled one */

-			j=MDC2_BLOCK-i;

-			memcpy(&(c->data[i]),in,j);

-			len-=j;

-			in+=j;

-			c->num=0;

-			mdc2_body(c,&(c->data[0]),MDC2_BLOCK);

-			}

-		}

-	i=len&~((size_t)MDC2_BLOCK-1);

-	if (i > 0) mdc2_body(c,in,i);

-	j=len-i;

-	if (j > 0)

-		{

-		memcpy(&(c->data[0]),&(in[i]),j);

-		c->num=(int)j;

-		}

-	return 1;

-	}

-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)

-	{

-	register DES_LONG tin0,tin1;

-	register DES_LONG ttin0,ttin1;

-	DES_LONG d[2],dd[2];

-	DES_key_schedule k;

-	unsigned char *p;

-	size_t i;

-	for (i=0; i<len; i+=8)

-		{

-		c2l(in,tin0); d[0]=dd[0]=tin0;

-		c2l(in,tin1); d[1]=dd[1]=tin1;

-		c->h[0]=(c->h[0]&0x9f)|0x40;

-		c->hh[0]=(c->hh[0]&0x9f)|0x20;

-		DES_set_odd_parity(&c->h);

-		DES_set_key_unchecked(&c->h,&k);

-		DES_encrypt1(d,&k,1);

-		DES_set_odd_parity(&c->hh);

-		DES_set_key_unchecked(&c->hh,&k);

-		DES_encrypt1(dd,&k,1);

-		ttin0=tin0^dd[0];

-		ttin1=tin1^dd[1];

-		tin0^=d[0];

-		tin1^=d[1];

-		p=c->h;

-		l2c(tin0,p);

-		l2c(ttin1,p);

-		p=c->hh;

-		l2c(ttin0,p);

-		l2c(tin1,p);

-		}

-	}

-int MDC2_Final(unsigned char *md, MDC2_CTX *c)

-	{

-	unsigned int i;

-	int j;

-	i=c->num;

-	j=c->pad_type;

-	if ((i > 0) || (j == 2))

-		{

-		if (j == 2)

-			c->data[i++]=0x80;

-		memset(&(c->data[i]),0,MDC2_BLOCK-i);

-		mdc2_body(c,c->data,MDC2_BLOCK);

-		}

-	memcpy(md,(char *)c->h,MDC2_BLOCK);

-	memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);

-	return 1;

-	}

-#undef TEST

-#ifdef TEST

-main()

-	{

-	unsigned char md[MDC2_DIGEST_LENGTH];

-	int i;

-	MDC2_CTX c;

-	static char *text="Now is the time for all ";

-	MDC2_Init(&c);

-	MDC2_Update(&c,text,strlen(text));

-	MDC2_Final(&(md[0]),&c);

-	for (i=0; i<MDC2_DIGEST_LENGTH; i++)

-		printf("%02X",md[i]);

-	printf("\n");

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/mdc2/mdc2test.c

+++ /dev/null

@@ -1,149 +1,0 @@

-/* crypto/mdc2/mdc2test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../e_os.h"

-#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)

-#define OPENSSL_NO_MDC2

-#endif

-#ifdef OPENSSL_NO_MDC2

-int main(int argc, char *argv[])

-{

-    printf("No MDC2 support\n");

-    return(0);

-}

-#else

-#include <openssl/evp.h>

-#include <openssl/mdc2.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-static unsigned char pad1[16]={

-	0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,

-	0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A

-	};

-static unsigned char pad2[16]={

-	0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,

-	0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2

-	};

-int main(int argc, char *argv[])

-	{

-	int ret=0;

-	unsigned char md[MDC2_DIGEST_LENGTH];

-	int i;

-	EVP_MD_CTX c;

-	static char *text="Now is the time for all ";

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(text,text,strlen(text));

-#endif

-	EVP_MD_CTX_init(&c);

-	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);

-	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));

-	EVP_DigestFinal_ex(&c,&(md[0]),NULL);

-	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)

-		{

-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)

-			printf("%02X",md[i]);

-		printf(" <- generated\n");

-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)

-			printf("%02X",pad1[i]);

-		printf(" <- correct\n");

-		ret=1;

-		}

-	else

-		printf("pad1 - ok\n");

-	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);

-	/* FIXME: use a ctl function? */

-	((MDC2_CTX *)c.md_data)->pad_type=2;

-	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));

-	EVP_DigestFinal_ex(&c,&(md[0]),NULL);

-	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)

-		{

-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)

-			printf("%02X",md[i]);

-		printf(" <- generated\n");

-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)

-			printf("%02X",pad2[i]);

-		printf(" <- correct\n");

-		ret=1;

-		}

-	else

-		printf("pad2 - ok\n");

-	EVP_MD_CTX_cleanup(&c);

-#ifdef OPENSSL_SYS_NETWARE

-    if (ret) printf("ERROR: %d\n", ret);

-#endif

-	EXIT(ret);

-	return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/mem.c

+++ /dev/null

@@ -1,401 +1,0 @@

-/* crypto/mem.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-static int allow_customize = 1;      /* we provide flexible functions for */

-static int allow_customize_debug = 1;/* exchanging memory-related functions at

-                                      * run-time, but this must be done

-                                      * before any blocks are actually

-                                      * allocated; or we'll run into huge

-                                      * problems when malloc/free pairs

-                                      * don't match etc. */

-/* the following pointers may be changed as long as 'allow_customize' is set */

-static void *(*malloc_func)(size_t)         = malloc;

-static void *default_malloc_ex(size_t num, const char *file, int line)

-	{ return malloc_func(num); }

-static void *(*malloc_ex_func)(size_t, const char *file, int line)

-        = default_malloc_ex;

-static void *(*realloc_func)(void *, size_t)= realloc;

-static void *default_realloc_ex(void *str, size_t num,

-        const char *file, int line)

-	{ return realloc_func(str,num); }

-static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)

-        = default_realloc_ex;

-static void (*free_func)(void *)            = free;

-static void *(*malloc_locked_func)(size_t)  = malloc;

-static void *default_malloc_locked_ex(size_t num, const char *file, int line)

-	{ return malloc_locked_func(num); }

-static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)

-        = default_malloc_locked_ex;

-static void (*free_locked_func)(void *)     = free;

-/* may be changed as long as 'allow_customize_debug' is set */

-/* XXX use correct function pointer types */

-#ifdef CRYPTO_MDEBUG

-/* use default functions from mem_dbg.c */

-static void (*malloc_debug_func)(void *,int,const char *,int,int)

-	= CRYPTO_dbg_malloc;

-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)

-	= CRYPTO_dbg_realloc;

-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;

-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;

-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;

-#else

-/* applications can use CRYPTO_malloc_debug_init() to select above case

- * at run-time */

-static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;

-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)

-	= NULL;

-static void (*free_debug_func)(void *,int) = NULL;

-static void (*set_debug_options_func)(long) = NULL;

-static long (*get_debug_options_func)(void) = NULL;

-#endif

-int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),

-	void (*f)(void *))

-	{

-	if (!allow_customize)

-		return 0;

-	if ((m == 0) || (r == 0) || (f == 0))

-		return 0;

-	malloc_func=m; malloc_ex_func=default_malloc_ex;

-	realloc_func=r; realloc_ex_func=default_realloc_ex;

-	free_func=f;

-	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;

-	free_locked_func=f;

-	return 1;

-	}

-int CRYPTO_set_mem_ex_functions(

-        void *(*m)(size_t,const char *,int),

-        void *(*r)(void *, size_t,const char *,int),

-	void (*f)(void *))

-	{

-	if (!allow_customize)

-		return 0;

-	if ((m == 0) || (r == 0) || (f == 0))

-		return 0;

-	malloc_func=0; malloc_ex_func=m;

-	realloc_func=0; realloc_ex_func=r;

-	free_func=f;

-	malloc_locked_func=0; malloc_locked_ex_func=m;

-	free_locked_func=f;

-	return 1;

-	}

-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))

-	{

-	if (!allow_customize)

-		return 0;

-	if ((m == NULL) || (f == NULL))

-		return 0;

-	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;

-	free_locked_func=f;

-	return 1;

-	}

-int CRYPTO_set_locked_mem_ex_functions(

-        void *(*m)(size_t,const char *,int),

-        void (*f)(void *))

-	{

-	if (!allow_customize)

-		return 0;

-	if ((m == NULL) || (f == NULL))

-		return 0;

-	malloc_locked_func=0; malloc_locked_ex_func=m;

-	free_func=f;

-	return 1;

-	}

-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),

-				   void (*r)(void *,void *,int,const char *,int,int),

-				   void (*f)(void *,int),

-				   void (*so)(long),

-				   long (*go)(void))

-	{

-	if (!allow_customize_debug)

-		return 0;

-	malloc_debug_func=m;

-	realloc_debug_func=r;

-	free_debug_func=f;

-	set_debug_options_func=so;

-	get_debug_options_func=go;

-	return 1;

-	}

-void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),

-	void (**f)(void *))

-	{

-	if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ?

-	                     malloc_func : 0;

-	if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ?

-	                     realloc_func : 0;

-	if (f != NULL) *f=free_func;

-	}

-void CRYPTO_get_mem_ex_functions(

-        void *(**m)(size_t,const char *,int),

-        void *(**r)(void *, size_t,const char *,int),

-	void (**f)(void *))

-	{

-	if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?

-	                    malloc_ex_func : 0;

-	if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?

-	                    realloc_ex_func : 0;

-	if (f != NULL) *f=free_func;

-	}

-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))

-	{

-	if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ?

-	                     malloc_locked_func : 0;

-	if (f != NULL) *f=free_locked_func;

-	}

-void CRYPTO_get_locked_mem_ex_functions(

-        void *(**m)(size_t,const char *,int),

-        void (**f)(void *))

-	{

-	if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?

-	                    malloc_locked_ex_func : 0;

-	if (f != NULL) *f=free_locked_func;

-	}

-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),

-				    void (**r)(void *,void *,int,const char *,int,int),

-				    void (**f)(void *,int),

-				    void (**so)(long),

-				    long (**go)(void))

-	{

-	if (m != NULL) *m=malloc_debug_func;

-	if (r != NULL) *r=realloc_debug_func;

-	if (f != NULL) *f=free_debug_func;

-	if (so != NULL) *so=set_debug_options_func;

-	if (go != NULL) *go=get_debug_options_func;

-	}

-void *CRYPTO_malloc_locked(int num, const char *file, int line)

-	{

-	void *ret = NULL;

-	extern unsigned char cleanse_ctr;

-	if (num <= 0) return NULL;

-	allow_customize = 0;

-	if (malloc_debug_func != NULL)

-		{

-		allow_customize_debug = 0;

-		malloc_debug_func(NULL, num, file, line, 0);

-		}

-	ret = malloc_locked_ex_func(num,file,line);

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);

-#endif

-	if (malloc_debug_func != NULL)

-		malloc_debug_func(ret, num, file, line, 1);

-        /* Create a dependency on the value of 'cleanse_ctr' so our memory

-         * sanitisation function can't be optimised out. NB: We only do

-         * this for >2Kb so the overhead doesn't bother us. */

-        if(ret && (num > 2048))

-		((unsigned char *)ret)[0] = cleanse_ctr;

-	return ret;

-	}

-void CRYPTO_free_locked(void *str)

-	{

-	if (free_debug_func != NULL)

-		free_debug_func(str, 0);

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);

-#endif

-	free_locked_func(str);

-	if (free_debug_func != NULL)

-		free_debug_func(NULL, 1);

-	}

-void *CRYPTO_malloc(int num, const char *file, int line)

-	{

-	void *ret = NULL;

-	extern unsigned char cleanse_ctr;

-	if (num <= 0) return NULL;

-	allow_customize = 0;

-	if (malloc_debug_func != NULL)

-		{

-		allow_customize_debug = 0;

-		malloc_debug_func(NULL, num, file, line, 0);

-		}

-	ret = malloc_ex_func(num,file,line);

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);

-#endif

-	if (malloc_debug_func != NULL)

-		malloc_debug_func(ret, num, file, line, 1);

-        /* Create a dependency on the value of 'cleanse_ctr' so our memory

-         * sanitisation function can't be optimised out. NB: We only do

-         * this for >2Kb so the overhead doesn't bother us. */

-        if(ret && (num > 2048))

-                ((unsigned char *)ret)[0] = cleanse_ctr;

-	return ret;

-	}

-void *CRYPTO_realloc(void *str, int num, const char *file, int line)

-	{

-	void *ret = NULL;

-	if (str == NULL)

-		return CRYPTO_malloc(num, file, line);

-	if (num <= 0) return NULL;

-	if (realloc_debug_func != NULL)

-		realloc_debug_func(str, NULL, num, file, line, 0);

-	ret = realloc_ex_func(str,num,file,line);

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);

-#endif

-	if (realloc_debug_func != NULL)

-		realloc_debug_func(str, ret, num, file, line, 1);

-	return ret;

-	}

-void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,

-			   int line)

-	{

-	void *ret = NULL;

-	if (str == NULL)

-		return CRYPTO_malloc(num, file, line);

-	if (num <= 0) return NULL;

-	if (realloc_debug_func != NULL)

-		realloc_debug_func(str, NULL, num, file, line, 0);

-	ret=malloc_ex_func(num,file,line);

-	if(ret)

-		{

-		memcpy(ret,str,old_len);

-		OPENSSL_cleanse(str,old_len);

-		free_func(str);

-		}

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr,

-		"LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",

-		str, ret, num);

-#endif

-	if (realloc_debug_func != NULL)

-		realloc_debug_func(str, ret, num, file, line, 1);

-	return ret;

-	}

-void CRYPTO_free(void *str)

-	{

-	if (free_debug_func != NULL)

-		free_debug_func(str, 0);

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);

-#endif

-	free_func(str);

-	if (free_debug_func != NULL)

-		free_debug_func(NULL, 1);

-	}

-void *CRYPTO_remalloc(void *a, int num, const char *file, int line)

-	{

-	if (a != NULL) OPENSSL_free(a);

-	a=(char *)OPENSSL_malloc(num);

-	return(a);

-	}

-void CRYPTO_set_mem_debug_options(long bits)

-	{

-	if (set_debug_options_func != NULL)

-		set_debug_options_func(bits);

-	}

-long CRYPTO_get_mem_debug_options(void)

-	{

-	if (get_debug_options_func != NULL)

-		return get_debug_options_func();

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/mem_clr.c

+++ /dev/null

@@ -1,77 +1,0 @@

-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2002.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include <openssl/crypto.h>

-unsigned char cleanse_ctr = 0;

-void OPENSSL_cleanse(void *ptr, size_t len)

-	{

-	unsigned char *p = ptr;

-	size_t loop = len, ctr = cleanse_ctr;

-	while(loop--)

-		{

-		*(p++) = (unsigned char)ctr;

-		ctr += (17 + ((size_t)p & 0xF));

-		}

-	p=memchr(ptr, (unsigned char)ctr, len);

-	if(p)

-		ctr += (63 + (size_t)p);

-	cleanse_ctr = (unsigned char)ctr;

-	}

--- a/sys/src/ape/lib/openssl/crypto/mem_dbg.c

+++ /dev/null

@@ -1,795 +1,0 @@

-/* crypto/mem_dbg.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <time.h>

-#include "cryptlib.h"

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/bio.h>

-#include <openssl/lhash.h>

-static int mh_mode=CRYPTO_MEM_CHECK_OFF;

-/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE

- * when the application asks for it (usually after library initialisation

- * for which no book-keeping is desired).

- *

- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library

- * thinks that certain allocations should not be checked (e.g. the data

- * structures used for memory checking).  It is not suitable as an initial

- * state: the library will unexpectedly enable memory checking when it

- * executes one of those sections that want to disable checking

- * temporarily.

- *

- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.

- */

-static unsigned long order = 0; /* number of memory requests */

-static LHASH *mh=NULL; /* hash-table of memory requests (address as key);

-                        * access requires MALLOC2 lock */

-typedef struct app_mem_info_st

-/* For application-defined information (static C-string `info')

- * to be displayed in memory leak list.

- * Each thread has its own stack.  For applications, there is

- *   CRYPTO_push_info("...")     to push an entry,

- *   CRYPTO_pop_info()           to pop an entry,

- *   CRYPTO_remove_all_info()    to pop all entries.

- */

-	{

-	unsigned long thread;

-	const char *file;

-	int line;

-	const char *info;

-	struct app_mem_info_st *next; /* tail of thread's stack */

-	int references;

-	} APP_INFO;

-static void app_info_free(APP_INFO *);

-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's

-                          * that are at the top of their thread's stack

-                          * (with `thread' as key);

-                          * access requires MALLOC2 lock */

-typedef struct mem_st

-/* memory-block description */

-	{

-	void *addr;

-	int num;

-	const char *file;

-	int line;

-	unsigned long thread;

-	unsigned long order;

-	time_t time;

-	APP_INFO *app_info;

-	} MEM;

-static long options =             /* extra information to be recorded */

-#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)

-	V_CRYPTO_MDEBUG_TIME |

-#endif

-#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)

-	V_CRYPTO_MDEBUG_THREAD |

-#endif

-	0;

-static unsigned int num_disable = 0; /* num_disable > 0

-                                      *     iff

-                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)

-                                      */

-static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.

-                                            * CRYPTO_LOCK_MALLOC2 is locked

-                                            * exactly in this case (by the

-                                            * thread named in disabling_thread).

-                                            */

-static void app_info_free(APP_INFO *inf)

-	{

-	if (--(inf->references) <= 0)

-		{

-		if (inf->next != NULL)

-			{

-			app_info_free(inf->next);

-			}

-		OPENSSL_free(inf);

-		}

-	}

-int CRYPTO_mem_ctrl(int mode)

-	{

-	int ret=mh_mode;

-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);

-	switch (mode)

-		{

-	/* for applications (not to be called while multiple threads

-	 * use the library): */

-	case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */

-		mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;

-		num_disable = 0;

-		break;

-	case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */

-		mh_mode = 0;

-		num_disable = 0; /* should be true *before* MemCheck_stop is used,

-		                    or there'll be a lot of confusion */

-		break;

-	/* switch off temporarily (for library-internal use): */

-	case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */

-		if (mh_mode & CRYPTO_MEM_CHECK_ON)

-			{

-			if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */

-				{

-				/* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while

-				 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if

-				 * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release

-				 * it because we block entry to this function).

-				 * Give them a chance, first, and then claim the locks in

-				 * appropriate order (long-time lock first).

-				 */

-				CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);

-				/* Note that after we have waited for CRYPTO_LOCK_MALLOC2

-				 * and CRYPTO_LOCK_MALLOC, we'll still be in the right

-				 * "case" and "if" branch because MemCheck_start and

-				 * MemCheck_stop may never be used while there are multiple

-				 * OpenSSL threads. */

-				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);

-				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);

-				mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;

-				disabling_thread=CRYPTO_thread_id();

-				}

-			num_disable++;

-			}

-		break;

-	case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */

-		if (mh_mode & CRYPTO_MEM_CHECK_ON)

-			{

-			if (num_disable) /* always true, or something is going wrong */

-				{

-				num_disable--;

-				if (num_disable == 0)

-					{

-					mh_mode|=CRYPTO_MEM_CHECK_ENABLE;

-					CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);

-					}

-				}

-			}

-		break;

-	default:

-		break;

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);

-	return(ret);

-	}

-int CRYPTO_is_mem_check_on(void)

-	{

-	int ret = 0;

-	if (mh_mode & CRYPTO_MEM_CHECK_ON)

-		{

-		CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);

-		ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)

-			|| (disabling_thread != CRYPTO_thread_id());

-		CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);

-		}

-	return(ret);

-	}

-void CRYPTO_dbg_set_options(long bits)

-	{

-	options = bits;

-	}

-long CRYPTO_dbg_get_options(void)

-	{

-	return options;

-	}

-/* static int mem_cmp(MEM *a, MEM *b) */

-static int mem_cmp(const void *a_void, const void *b_void)

-	{

-#ifdef _WIN64

-	const char *a=(const char *)((const MEM *)a_void)->addr,

-		   *b=(const char *)((const MEM *)b_void)->addr;

-	if (a==b)	return 0;

-	else if (a>b)	return 1;

-	else		return -1;

-#else

-	return((const char *)((const MEM *)a_void)->addr

-		- (const char *)((const MEM *)b_void)->addr);

-#endif

-	}

-/* static unsigned long mem_hash(MEM *a) */

-static unsigned long mem_hash(const void *a_void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)((const MEM *)a_void)->addr;

-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;

-	return(ret);

-	}

-/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */

-static int app_info_cmp(const void *a_void, const void *b_void)

-	{

-	return(((const APP_INFO *)a_void)->thread

-		!= ((const APP_INFO *)b_void)->thread);

-	}

-/* static unsigned long app_info_hash(APP_INFO *a) */

-static unsigned long app_info_hash(const void *a_void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)((const APP_INFO *)a_void)->thread;

-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;

-	return(ret);

-	}

-static APP_INFO *pop_info(void)

-	{

-	APP_INFO tmp;

-	APP_INFO *ret = NULL;

-	if (amih != NULL)

-		{

-		tmp.thread=CRYPTO_thread_id();

-		if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)

-			{

-			APP_INFO *next=ret->next;

-			if (next != NULL)

-				{

-				next->references++;

-				lh_insert(amih,(char *)next);

-				}

-#ifdef LEVITTE_DEBUG_MEM

-			if (ret->thread != tmp.thread)

-				{

-				fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",

-					ret->thread, tmp.thread);

-				abort();

-				}

-#endif

-			if (--(ret->references) <= 0)

-				{

-				ret->next = NULL;

-				if (next != NULL)

-					next->references--;

-				OPENSSL_free(ret);

-				}

-			}

-		}

-	return(ret);

-	}

-int CRYPTO_push_info_(const char *info, const char *file, int line)

-	{

-	APP_INFO *ami, *amim;

-	int ret=0;

-	if (is_MemCheck_on())

-		{

-		MemCheck_off(); /* obtain MALLOC2 lock */

-		if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)

-			{

-			ret=0;

-			goto err;

-			}

-		if (amih == NULL)

-			{

-			if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)

-				{

-				OPENSSL_free(ami);

-				ret=0;

-				goto err;

-				}

-			}

-		ami->thread=CRYPTO_thread_id();

-		ami->file=file;

-		ami->line=line;

-		ami->info=info;

-		ami->references=1;

-		ami->next=NULL;

-		if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)

-			{

-#ifdef LEVITTE_DEBUG_MEM

-			if (ami->thread != amim->thread)

-				{

-				fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",

-					amim->thread, ami->thread);

-				abort();

-				}

-#endif

-			ami->next=amim;

-			}

- err:

-		MemCheck_on(); /* release MALLOC2 lock */

-		}

-	return(ret);

-	}

-int CRYPTO_pop_info(void)

-	{

-	int ret=0;

-	if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */

-		{

-		MemCheck_off(); /* obtain MALLOC2 lock */

-		ret=(pop_info() != NULL);

-		MemCheck_on(); /* release MALLOC2 lock */

-		}

-	return(ret);

-	}

-int CRYPTO_remove_all_info(void)

-	{

-	int ret=0;

-	if (is_MemCheck_on()) /* _must_ be true */

-		{

-		MemCheck_off(); /* obtain MALLOC2 lock */

-		while(pop_info() != NULL)

-			ret++;

-		MemCheck_on(); /* release MALLOC2 lock */

-		}

-	return(ret);

-	}

-static unsigned long break_order_num=0;

-void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,

-	int before_p)

-	{

-	MEM *m,*mm;

-	APP_INFO tmp,*amim;

-	switch(before_p & 127)

-		{

-	case 0:

-		break;

-	case 1:

-		if (addr == NULL)

-			break;

-		if (is_MemCheck_on())

-			{

-			MemCheck_off(); /* make sure we hold MALLOC2 lock */

-			if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)

-				{

-				OPENSSL_free(addr);

-				MemCheck_on(); /* release MALLOC2 lock

-				                * if num_disabled drops to 0 */

-				return;

-				}

-			if (mh == NULL)

-				{

-				if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)

-					{

-					OPENSSL_free(addr);

-					OPENSSL_free(m);

-					addr=NULL;

-					goto err;

-					}

-				}

-			m->addr=addr;

-			m->file=file;

-			m->line=line;

-			m->num=num;

-			if (options & V_CRYPTO_MDEBUG_THREAD)

-				m->thread=CRYPTO_thread_id();

-			else

-				m->thread=0;

-			if (order == break_order_num)

-				{

-				/* BREAK HERE */

-				m->order=order;

-				}

-			m->order=order++;

-#ifdef LEVITTE_DEBUG_MEM

-			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",

-				m->order,

-				(before_p & 128) ? '*' : '+',

-				m->addr, m->num);

-#endif

-			if (options & V_CRYPTO_MDEBUG_TIME)

-				m->time=time(NULL);

-			else

-				m->time=0;

-			tmp.thread=CRYPTO_thread_id();

-			m->app_info=NULL;

-			if (amih != NULL

-				&& (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)

-				{

-				m->app_info = amim;

-				amim->references++;

-				}

-			if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)

-				{

-				/* Not good, but don't sweat it */

-				if (mm->app_info != NULL)

-					{

-					mm->app_info->references--;

-					}

-				OPENSSL_free(mm);

-				}

-		err:

-			MemCheck_on(); /* release MALLOC2 lock

-			                * if num_disabled drops to 0 */

-			}

-		break;

-		}

-	return;

-	}

-void CRYPTO_dbg_free(void *addr, int before_p)

-	{

-	MEM m,*mp;

-	switch(before_p)

-		{

-	case 0:

-		if (addr == NULL)

-			break;

-		if (is_MemCheck_on() && (mh != NULL))

-			{

-			MemCheck_off(); /* make sure we hold MALLOC2 lock */

-			m.addr=addr;

-			mp=(MEM *)lh_delete(mh,(char *)&m);

-			if (mp != NULL)

-				{

-#ifdef LEVITTE_DEBUG_MEM

-			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",

-				mp->order, mp->addr, mp->num);

-#endif

-				if (mp->app_info != NULL)

-					app_info_free(mp->app_info);

-				OPENSSL_free(mp);

-				}

-			MemCheck_on(); /* release MALLOC2 lock

-			                * if num_disabled drops to 0 */

-			}

-		break;

-	case 1:

-		break;

-		}

-	}

-void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,

-	const char *file, int line, int before_p)

-	{

-	MEM m,*mp;

-#ifdef LEVITTE_DEBUG_MEM

-	fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",

-		addr1, addr2, num, file, line, before_p);

-#endif

-	switch(before_p)

-		{

-	case 0:

-		break;

-	case 1:

-		if (addr2 == NULL)

-			break;

-		if (addr1 == NULL)

-			{

-			CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);

-			break;

-			}

-		if (is_MemCheck_on())

-			{

-			MemCheck_off(); /* make sure we hold MALLOC2 lock */

-			m.addr=addr1;

-			mp=(MEM *)lh_delete(mh,(char *)&m);

-			if (mp != NULL)

-				{

-#ifdef LEVITTE_DEBUG_MEM

-				fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",

-					mp->order,

-					mp->addr, mp->num,

-					addr2, num);

-#endif

-				mp->addr=addr2;

-				mp->num=num;

-				lh_insert(mh,(char *)mp);

-				}

-			MemCheck_on(); /* release MALLOC2 lock

-			                * if num_disabled drops to 0 */

-			}

-		break;

-		}

-	return;

-	}

-typedef struct mem_leak_st

-	{

-	BIO *bio;

-	int chunks;

-	long bytes;

-	} MEM_LEAK;

-static void print_leak(const MEM *m, MEM_LEAK *l)

-	{

-	char buf[1024];

-	char *bufp = buf;

-	APP_INFO *amip;

-	int ami_cnt;

-	struct tm *lcl = NULL;

-	unsigned long ti;

-#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))

-	if(m->addr == (char *)l->bio)

-	    return;

-	if (options & V_CRYPTO_MDEBUG_TIME)

-		{

-		lcl = localtime(&m->time);

-		BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",

-			lcl->tm_hour,lcl->tm_min,lcl->tm_sec);

-		bufp += strlen(bufp);

-		}

-	BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",

-		m->order,m->file,m->line);

-	bufp += strlen(bufp);

-	if (options & V_CRYPTO_MDEBUG_THREAD)

-		{

-		BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);

-		bufp += strlen(bufp);

-		}

-	BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",

-		m->num,(unsigned long)m->addr);

-	bufp += strlen(bufp);

-	BIO_puts(l->bio,buf);

-	l->chunks++;

-	l->bytes+=m->num;

-	amip=m->app_info;

-	ami_cnt=0;

-	if (!amip)

-		return;

-	ti=amip->thread;

-	do

-		{

-		int buf_len;

-		int info_len;

-		ami_cnt++;

-		memset(buf,'>',ami_cnt);

-		BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,

-			" thread=%lu, file=%s, line=%d, info=\"",

-			amip->thread, amip->file, amip->line);

-		buf_len=strlen(buf);

-		info_len=strlen(amip->info);

-		if (128 - buf_len - 3 < info_len)

-			{

-			memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);

-			buf_len = 128 - 3;

-			}

-		else

-			{

-			BUF_strlcpy(buf + buf_len, amip->info,

-				    sizeof buf - buf_len);

-			buf_len = strlen(buf);

-			}

-		BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");

-		BIO_puts(l->bio,buf);

-		amip = amip->next;

-		}

-	while(amip && amip->thread == ti);

-#ifdef LEVITTE_DEBUG_MEM

-	if (amip)

-		{

-		fprintf(stderr, "Thread switch detected in backtrace!!!!\n");

-		abort();

-		}

-#endif

-	}

-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)

-void CRYPTO_mem_leaks(BIO *b)

-	{

-	MEM_LEAK ml;

-	if (mh == NULL && amih == NULL)

-		return;

-	MemCheck_off(); /* obtain MALLOC2 lock */

-	ml.bio=b;

-	ml.bytes=0;

-	ml.chunks=0;

-	if (mh != NULL)

-		lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),

-				(char *)&ml);

-	if (ml.chunks != 0)

-		{

-		BIO_printf(b,"%ld bytes leaked in %d chunks\n",

-			   ml.bytes,ml.chunks);

-		}

-	else

-		{

-		/* Make sure that, if we found no leaks, memory-leak debugging itself

-		 * does not introduce memory leaks (which might irritate

-		 * external debugging tools).

-		 * (When someone enables leak checking, but does not call

-		 * this function, we declare it to be their fault.)

-		 *

-		 * XXX    This should be in CRYPTO_mem_leaks_cb,

-		 * and CRYPTO_mem_leaks should be implemented by

-		 * using CRYPTO_mem_leaks_cb.

-		 * (Also their should be a variant of lh_doall_arg

-		 * that takes a function pointer instead of a void *;

-		 * this would obviate the ugly and illegal

-		 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.

-		 * Otherwise the code police will come and get us.)

-		 */

-		int old_mh_mode;

-		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);

-		/* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),

-		 * which uses CRYPTO_is_mem_check_on */

-		old_mh_mode = mh_mode;

-		mh_mode = CRYPTO_MEM_CHECK_OFF;

-		if (mh != NULL)

-			{

-			lh_free(mh);

-			mh = NULL;

-			}

-		if (amih != NULL)

-			{

-			if (lh_num_items(amih) == 0)

-				{

-				lh_free(amih);

-				amih = NULL;

-				}

-			}

-		mh_mode = old_mh_mode;

-		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);

-		}

-	MemCheck_on(); /* release MALLOC2 lock */

-	}

-#ifndef OPENSSL_NO_FP_API

-void CRYPTO_mem_leaks_fp(FILE *fp)

-	{

-	BIO *b;

-	if (mh == NULL) return;

-	/* Need to turn off memory checking when allocated BIOs ... especially

-	 * as we're creating them at a time when we're trying to check we've not

-	 * left anything un-free()'d!! */

-	MemCheck_off();

-	b = BIO_new(BIO_s_file());

-	MemCheck_on();

-	if(!b) return;

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	CRYPTO_mem_leaks(b);

-	BIO_free(b);

-	}

-#endif

-/* FIXME: We really don't allow much to the callback.  For example, it has

-   no chance of reaching the info stack for the item it processes.  Should

-   it really be this way?  -- Richard Levitte */

-/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h

- * If this code is restructured, remove the callback type if it is no longer

- * needed. -- Geoff Thorpe */

-static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)

-	{

-	(**cb)(m->order,m->file,m->line,m->num,m->addr);

-	}

-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)

-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)

-	{

-	if (mh == NULL) return;

-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);

-	lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);

-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);

-	}

--- a/sys/src/ape/lib/openssl/crypto/mkfile

+++ /dev/null

@@ -1,718 +1,0 @@

-APE=/sys/src/ape

-<$APE/config

-LIB=/$objtype/lib/ape/libcrypto.a

-OFILES=\

-#	LPdir_unix.$O\

-	cpt_err.$O\

-	cryptlib.$O\

-	cversion.$O\

-	ebcdic.$O\

-	ex_data.$O\

-	mem.$O\

-	mem_clr.$O\

-	mem_dbg.$O\

-	o_dir.$O\

-	o_str.$O\

-	o_time.$O\

-	tmdiff.$O\

-	uid.$O\

-# aes \

-	aes_cbc.$O\

-	aes_cfb.$O\

-	aes_core.$O\

-	aes_ctr.$O\

-	aes_ecb.$O\

-	aes_ige.$O\

-	aes_misc.$O\

-	aes_ofb.$O\

-# asn1 \

-	a_bitstr.$O\

-	a_bool.$O\

-	a_bytes.$O\

-	a_d2i_fp.$O\

-	a_digest.$O\

-	a_dup.$O\

-	a_enum.$O\

-	a_gentm.$O\

-	a_hdr.$O\

-	a_i2d_fp.$O\

-	a_int.$O\

-	a_mbstr.$O\

-	a_meth.$O\

-	a_object.$O\

-	a_octet.$O\

-	a_print.$O\

-	a_set.$O\

-	a_sign.$O\

-	a_strex.$O\

-	a_strnid.$O\

-	a_time.$O\

-	a_type.$O\

-	a_utctm.$O\

-	a_utf8.$O\

-	a_verify.$O\

-	asn1_err.$O\

-	asn1_gen.$O\

-	asn1_lib.$O\

-	asn1_par.$O\

-	asn_moid.$O\

-	asn_pack.$O\

-	d2i_pr.$O\

-	d2i_pu.$O\

-	evp_asn1.$O\

-	f_enum.$O\

-	f_int.$O\

-	f_string.$O\

-	i2d_pr.$O\

-	i2d_pu.$O\

-	n_pkey.$O\

-	nsseq.$O\

-	p5_pbe.$O\

-	p5_pbev2.$O\

-	p8_pkey.$O\

-	t_bitst.$O\

-	t_crl.$O\

-	t_pkey.$O\

-	t_req.$O\

-	t_spki.$O\

-	t_x509.$O\

-	t_x509a.$O\

-	tasn_dec.$O\

-	tasn_enc.$O\

-	tasn_fre.$O\

-	tasn_new.$O\

-	tasn_typ.$O\

-	tasn_utl.$O\

-	x_algor.$O\

-	x_attrib.$O\

-	x_bignum.$O\

-	x_crl.$O\

-	x_exten.$O\

-	x_info.$O\

-	x_long.$O\

-	x_name.$O\

-	x_pkey.$O\

-	x_pubkey.$O\

-	x_req.$O\

-	x_sig.$O\

-	x_spki.$O\

-	x_val.$O\

-	x_x509.$O\

-	x_x509a.$O\

-# bf \

-	bf_cfb64.$O\

-	bf_ecb.$O\

-	bf_enc.$O\

-	bf_ofb64.$O\

-	bf_skey.$O\

-# bio \

-	b_dump.$O\

-	b_print.$O\

-	b_sock.$O\

-	bf_buff.$O\

-	bf_lbuf.$O\

-	bf_nbio.$O\

-	bf_null.$O\

-	bio_cb.$O\

-	bio_err.$O\

-	bio_lib.$O\

-	bss_acpt.$O\

-	bss_bio.$O\

-	bss_conn.$O\

-	bss_dgram.$O\

-	bss_fd.$O\

-	bss_file.$O\

-	bss_log.$O\

-	bss_mem.$O\

-	bss_null.$O\

-	bss_sock.$O\

-# bn \

-	bn_add.$O\

-	bn_asm.$O\

-	bn_blind.$O\

-	bn_ctx.$O\

-	bn_depr.$O\

-	bn_div.$O\

-	bn_err.$O\

-	bn_exp.$O\

-	bn_exp2.$O\

-	bn_gcd.$O\

-	bn_gf2m.$O\

-	bn_kron.$O\

-	bn_lib.$O\

-	bn_mod.$O\

-	bn_mont.$O\

-	bn_mpi.$O\

-	bn_mul.$O\

-	bn_nist.$O\

-	bn_prime.$O\

-	bn_print.$O\

-	bn_rand.$O\

-	bn_recp.$O\

-	bn_shift.$O\

-	bn_sqr.$O\

-	bn_sqrt.$O\

-	bn_word.$O\

-# buffer \

-	buf_err.$O\

-	buffer.$O\

-# camelia \

-	camellia.$O\

-	cmll_cbc.$O\

-	cmll_cfb.$O\

-	cmll_ctr.$O\

-	cmll_ecb.$O\

-	cmll_misc.$O\

-	cmll_ofb.$O\

-# cast \

-	c_cfb64.$O\

-	c_ecb.$O\

-	c_enc.$O\

-	c_ofb64.$O\

-	c_skey.$O\

-# comp \

-	c_rle.$O\

-	c_zlib.$O\

-	comp_err.$O\

-	comp_lib.$O\

-# conf \

-	conf_api.$O\

-	conf_def.$O\

-	conf_err.$O\

-	conf_lib.$O\

-	conf_mall.$O\

-	conf_mod.$O\

-	conf_sap.$O\

-# des \

-	cbc_cksm.$O\

-	cbc_enc.$O\

-	cfb64ede.$O\

-	cfb64enc.$O\

-	cfb_enc.$O\

-	des_enc.$O\

-	des_old.$O\

-	des_old2.$O\

-	ecb3_enc.$O\

-	ecb_enc.$O\

-	ede_cbcm_enc.$O\

-	enc_read.$O\

-	enc_writ.$O\

-	fcrypt.$O\

-	fcrypt_b.$O\

-	ofb64ede.$O\

-	ofb64enc.$O\

-	ofb_enc.$O\

-	pcbc_enc.$O\

-	qud_cksm.$O\

-	rand_key.$O\

-	read2pwd.$O\

-	rpc_enc.$O\

-	set_key.$O\

-	str2key.$O\

-	xcbc_enc.$O\

-# dh \

-	dh_asn1.$O\

-	dh_check.$O\

-	dh_depr.$O\

-	dh_err.$O\

-	dh_gen.$O\

-	dh_key.$O\

-	dh_lib.$O\

-# dsa \

-	dsa_asn1.$O\

-	dsa_depr.$O\

-	dsa_err.$O\

-	dsa_gen.$O\

-	dsa_key.$O\

-	dsa_lib.$O\

-	dsa_ossl.$O\

-	dsa_sign.$O\

-	dsa_vrf.$O\

-# dso \

-	dso_dl.$O\

-	dso_dlfcn.$O\

-	dso_err.$O\

-	dso_lib.$O\

-	dso_null.$O\

-	dso_openssl.$O\

-	dso_vms.$O\

-	dso_win32.$O\

-# ec \

-	ec2_mult.$O\

-	ec2_smpl.$O\

-	ec_asn1.$O\

-	ec_check.$O\

-	ec_curve.$O\

-	ec_cvt.$O\

-	ec_err.$O\

-	ec_key.$O\

-	ec_lib.$O\

-	ec_mult.$O\

-	ec_print.$O\

-	ecp_mont.$O\

-	ecp_nist.$O\

-	ecp_smpl.$O\

-# ecdsa \

-	ecs_asn1.$O\

-	ecs_err.$O\

-	ecs_lib.$O\

-	ecs_ossl.$O\

-	ecs_sign.$O\

-	ecs_vrf.$O\

-# ecdh \

-	ech_err.$O\

-	ech_key.$O\

-	ech_lib.$O\

-	ech_ossl.$O\

-# engine \

-	eng_all.$O\

-	eng_cnf.$O\

-	eng_cryptodev.$O\

-	eng_ctrl.$O\

-	eng_dyn.$O\

-	eng_err.$O\

-	eng_fat.$O\

-	eng_init.$O\

-	eng_lib.$O\

-	eng_list.$O\

-	eng_openssl.$O\

-	eng_padlock.$O\

-	eng_pkey.$O\

-	eng_table.$O\

-	tb_cipher.$O\

-	tb_dh.$O\

-	tb_digest.$O\

-	tb_dsa.$O\

-	tb_ecdh.$O\

-	tb_ecdsa.$O\

-	tb_rand.$O\

-	tb_rsa.$O\

-	tb_store.$O\

-# err \

-	err.$O\

-	err_all.$O\

-	err_prn.$O\

-# evp \

-	bio_b64.$O\

-	bio_enc.$O\

-	bio_md.$O\

-	bio_ok.$O\

-	c_all.$O\

-	c_allc.$O\

-	c_alld.$O\

-	digest.$O\

-	e_aes.$O\

-	e_bf.$O\

-	e_camellia.$O\

-	e_cast.$O\

-	e_des.$O\

-	e_des3.$O\

-	e_idea.$O\

-	e_null.$O\

-	e_old.$O\

-	e_rc2.$O\

-	e_rc4.$O\

-	e_rc5.$O\

-	e_seed.$O\

-	e_xcbc_d.$O\

-	encode.$O\

-	evp_acnf.$O\

-	evp_enc.$O\

-	evp_err.$O\

-	evp_key.$O\

-	evp_lib.$O\

-	evp_pbe.$O\

-	evp_pkey.$O\

-	m_dss.$O\

-	m_dss1.$O\

-	m_ecdsa.$O\

-	m_md2.$O\

-	m_md4.$O\

-	m_md5.$O\

-	m_mdc2.$O\

-	m_null.$O\

-	m_ripemd.$O\

-	m_sha.$O\

-	m_sha1.$O\

-	names.$O\

-	openbsd_hw.$O\

-	p5_crpt.$O\

-	p5_crpt2.$O\

-	p_dec.$O\

-	p_enc.$O\

-	p_lib.$O\

-	p_open.$O\

-	p_seal.$O\

-	p_sign.$O\

-	p_verify.$O\

-# hmac \

-	hmac.$O\

-# idea \

-	i_cbc.$O\

-	i_cfb64.$O\

-	i_ecb.$O\

-	i_ofb64.$O\

-	i_skey.$O\

-# krb5 \

-	krb5_asn.$O\

-# lhash \

-	lh_stats.$O\

-	lhash.$O\

-# md2 \

-	md2_dgst.$O\

-	md2_one.$O\

-# md4 \

-	md4_dgst.$O\

-	md4_one.$O\

-# md5 \

-	md5_dgst.$O\

-	md5_one.$O\

-# mdc2 \

-	mdc2_one.$O\

-	mdc2dgst.$O\

-# objects \

-	o_names.$O\

-	obj_dat.$O\

-	obj_err.$O\

-	obj_lib.$O\

-# ocsp \

-	ocsp_asn.$O\

-	ocsp_cl.$O\

-	ocsp_err.$O\

-	ocsp_ext.$O\

-	ocsp_ht.$O\

-	ocsp_lib.$O\

-	ocsp_prn.$O\

-	ocsp_srv.$O\

-	ocsp_vfy.$O\

-# pem \

-	pem_all.$O\

-	pem_err.$O\

-	pem_info.$O\

-	pem_lib.$O\

-	pem_oth.$O\

-	pem_pk8.$O\

-	pem_pkey.$O\

-	pem_seal.$O\

-	pem_sign.$O\

-	pem_x509.$O\

-	pem_xaux.$O\

-# pkcs12 \

-	p12_add.$O\

-	p12_asn.$O\

-	p12_attr.$O\

-	p12_crpt.$O\

-	p12_crt.$O\

-	p12_decr.$O\

-	p12_init.$O\

-	p12_key.$O\

-	p12_kiss.$O\

-	p12_mutl.$O\

-	p12_npas.$O\

-	p12_p8d.$O\

-	p12_p8e.$O\

-	p12_utl.$O\

-	pk12err.$O\

-# pkcs7 \

-	pk7_asn1.$O\

-	pk7_attr.$O\

-	pk7_doit.$O\

-	pk7_lib.$O\

-	pk7_mime.$O\

-	pk7_smime.$O\

-	pkcs7err.$O\

-# pqueue \

-	pqueue.$O\

-# rand \

-	md_rand.$O\

-	rand_egd.$O\

-	rand_err.$O\

-	rand_lib.$O\

-	rand_os2.$O\

-	rand_unix.$O\

-	rand_win.$O\

-	randfile.$O\

-# rc2 \

-	rc2_cbc.$O\

-	rc2_ecb.$O\

-	rc2_skey.$O\

-	rc2cfb64.$O\

-	rc2ofb64.$O\

-# rc4 \

-	rc4_enc.$O\

-	rc4_skey.$O\

-# rc5 \

-	rc5_ecb.$O\

-	rc5_enc.$O\

-	rc5_skey.$O\

-	rc5cfb64.$O\

-	rc5ofb64.$O\

-# ripemd \

-	rmd_dgst.$O\

-	rmd_one.$O\

-# rsa \

-	rsa_asn1.$O\

-	rsa_chk.$O\

-	rsa_depr.$O\

-	rsa_eay.$O\

-	rsa_err.$O\

-	rsa_gen.$O\

-	rsa_lib.$O\

-	rsa_none.$O\

-	rsa_null.$O\

-	rsa_oaep.$O\

-	rsa_pk1.$O\

-	rsa_pss.$O\

-	rsa_saos.$O\

-	rsa_sign.$O\

-	rsa_ssl.$O\

-	rsa_x931.$O\

-# seed \

-	seed.$O\

-	seed_cbc.$O\

-	seed_cfb.$O\

-	seed_ecb.$O\

-	seed_ofb.$O\

-# sha \

-	sha1_one.$O\

-	sha1dgst.$O\

-	sha256.$O\

-	sha512.$O\

-	sha_dgst.$O\

-	sha_one.$O\

-# stack \

-	stack.$O\

-# txt_db \

-	txt_db.$O\

-# ui \

-	ui_compat.$O\

-	ui_err.$O\

-	ui_lib.$O\

-	ui_openssl.$O\

-	ui_util.$O\

-# x509 \

-	by_dir.$O\

-	by_file.$O\

-	x509_att.$O\

-	x509_cmp.$O\

-	x509_d2.$O\

-	x509_def.$O\

-	x509_err.$O\

-	x509_ext.$O\

-	x509_lu.$O\

-	x509_obj.$O\

-	x509_r2x.$O\

-	x509_req.$O\

-	x509_set.$O\

-	x509_trs.$O\

-	x509_txt.$O\

-	x509_v3.$O\

-	x509_vfy.$O\

-	x509_vpm.$O\

-	x509cset.$O\

-	x509name.$O\

-	x509rset.$O\

-	x509spki.$O\

-	x509type.$O\

-	x_all.$O\

-# x509v3 \

-	pcy_cache.$O\

-	pcy_data.$O\

-	pcy_lib.$O\

-	pcy_map.$O\

-	pcy_node.$O\

-	pcy_tree.$O\

-	v3_addr.$O\

-	v3_akey.$O\

-	v3_akeya.$O\

-	v3_alt.$O\

-	v3_asid.$O\

-	v3_bcons.$O\

-	v3_bitst.$O\

-	v3_conf.$O\

-	v3_cpols.$O\

-	v3_crld.$O\

-	v3_enum.$O\

-	v3_extku.$O\

-	v3_genn.$O\

-	v3_ia5.$O\

-	v3_info.$O\

-	v3_int.$O\

-	v3_lib.$O\

-	v3_ncons.$O\

-	v3_ocsp.$O\

-	v3_pci.$O\

-	v3_pcia.$O\

-	v3_pcons.$O\

-	v3_pku.$O\

-	v3_pmaps.$O\

-	v3_prn.$O\

-	v3_purp.$O\

-	v3_skey.$O\

-	v3_sxnet.$O\

-	v3_utl.$O\

-	v3err.$O\

-# ../engines \

-	e_4758cca.$O\

-	e_aep.$O\

-	e_atalla.$O\

-	e_chil.$O\

-	e_cswift.$O\

-	e_gmp.$O\

-	e_nuron.$O\

-	e_sureware.$O\

-	e_ubsec.$O\

-HFILES=\

-	../include/buildinf.h\

-	../include/e_os.h\

-</sys/src/cmd/mksyslib

-CFLAGS=-c -I. -I../include -D_POSIX_SOURCE -D_BSD_EXTENSION -DZLIB -DPLAN9 -DT$objtype

-%.$O: aes/%.c

-	$CC $CFLAGS aes/$stem.c

-%.$O: asn1/%.c

-	$CC $CFLAGS asn1/$stem.c

-%.$O: bf/%.c

-	$CC $CFLAGS bf/$stem.c

-%.$O: bio/%.c

-	$CC $CFLAGS bio/$stem.c

-%.$O: bn/%.c

-	$CC $CFLAGS bn/$stem.c

-%.$O: buffer/%.c

-	$CC $CFLAGS buffer/$stem.c

-%.$O: camellia/%.c

-	$CC $CFLAGS camellia/$stem.c

-%.$O: cast/%.c

-	$CC $CFLAGS cast/$stem.c

-%.$O: comp/%.c

-	$CC $CFLAGS comp/$stem.c

-%.$O: conf/%.c

-	$CC $CFLAGS conf/$stem.c

-%.$O: des/%.c

-	$CC $CFLAGS des/$stem.c

-%.$O: dh/%.c

-	$CC $CFLAGS dh/$stem.c

-%.$O: dsa/%.c

-	$CC $CFLAGS dsa/$stem.c

-%.$O: dso/%.c

-	$CC $CFLAGS dso/$stem.c

-%.$O: ec/%.c

-	$CC $CFLAGS ec/$stem.c

-%.$O: ecdh/%.c

-	$CC $CFLAGS ecdh/$stem.c

-%.$O: ecdsa/%.c

-	$CC $CFLAGS ecdsa/$stem.c

-%.$O: engine/%.c

-	$CC $CFLAGS engine/$stem.c

-%.$O: err/%.c

-	$CC $CFLAGS err/$stem.c

-%.$O: evp/%.c

-	$CC $CFLAGS evp/$stem.c

-%.$O: hmac/%.c

-	$CC $CFLAGS hmac/$stem.c

-%.$O: idea/%.c

-	$CC $CFLAGS idea/$stem.c

-%.$O: krb5/%.c

-	$CC $CFLAGS krb5/$stem.c

-%.$O: lhash/%.c

-	$CC $CFLAGS lhash/$stem.c

-%.$O: md2/%.c

-	$CC $CFLAGS md2/$stem.c

-%.$O: md4/%.c

-	$CC $CFLAGS md4/$stem.c

-%.$O: md5/%.c

-	$CC $CFLAGS md5/$stem.c

-%.$O: mdc2/%.c

-	$CC $CFLAGS mdc2/$stem.c

-%.$O: objects/%.c

-	$CC $CFLAGS objects/$stem.c

-%.$O: ocsp/%.c

-	$CC $CFLAGS ocsp/$stem.c

-%.$O: pem/%.c

-	$CC $CFLAGS pem/$stem.c

-%.$O: pkcs7/%.c

-	$CC $CFLAGS pkcs7/$stem.c

-%.$O: pqueue/%.c

-	$CC $CFLAGS pqueue/$stem.c

-%.$O: pkcs12/%.c

-	$CC $CFLAGS pkcs12/$stem.c

-%.$O: rand/%.c

-	$CC $CFLAGS rand/$stem.c

-%.$O: rc2/%.c

-	$CC $CFLAGS rc2/$stem.c

-%.$O: rc4/%.c

-	$CC $CFLAGS rc4/$stem.c

-%.$O: rc5/%.c

-	$CC $CFLAGS rc5/$stem.c

-%.$O: ripemd/%.c

-	$CC $CFLAGS ripemd/$stem.c

-%.$O: rsa/%.c

-	$CC $CFLAGS rsa/$stem.c

-%.$O: seed/%.c

-	$CC $CFLAGS seed/$stem.c

-%.$O: sha/%.c

-	$CC $CFLAGS sha/$stem.c

-%.$O: stack/%.c

-	$CC $CFLAGS stack/$stem.c

-%.$O: txt_db/%.c

-	$CC $CFLAGS txt_db/$stem.c

-%.$O: ui/%.c

-	$CC $CFLAGS ui/$stem.c

-%.$O: x509/%.c

-	$CC $CFLAGS x509/$stem.c

-%.$O: x509v3/%.c

-	$CC $CFLAGS x509v3/$stem.c

-%.$O: ../engines/%.c

-	$CC $CFLAGS ../engines/$stem.c

--- a/sys/src/ape/lib/openssl/crypto/o_dir.c

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <errno.h>

-#include <e_os.h>

-/* The routines really come from the Levitte Programming, so to make

-   life simple, let's just use the raw files and hack the symbols to

-   fit our namespace.  */

-#define LP_DIR_CTX OPENSSL_DIR_CTX

-#define LP_dir_context_st OPENSSL_dir_context_st

-#define LP_find_file OPENSSL_DIR_read

-#define LP_find_file_end OPENSSL_DIR_end

-#include "o_dir.h"

-#define LPDIR_H

-#if defined OPENSSL_SYS_UNIX || defined DJGPP || defined PLAN9

-#include "LPdir_unix.c"

-#elif defined OPENSSL_SYS_VMS

-#include "LPdir_vms.c"

-#elif defined OPENSSL_SYS_WIN32

-#include "LPdir_win32.c"

-#elif defined OPENSSL_SYS_WINCE

-#include "LPdir_wince.c"

-#else

-#include "LPdir_nyi.c"

-#endif

--- a/sys/src/ape/lib/openssl/crypto/o_dir.h

+++ /dev/null

@@ -1,53 +1,0 @@

-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */

-/* Copied from Richard Levitte's ([email protected]) LP library.  All

- * symbol names have been changed, with permission from the author.

- */

-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- */

-#ifndef O_DIR_H

-#define O_DIR_H

-#ifdef __cplusplus

-extern "C" {

-#endif

-  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;

-  /* returns NULL on error or end-of-directory.

-     If it is end-of-directory, errno will be zero */

-  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);

-  /* returns 1 on success, 0 on error */

-  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);

-#ifdef __cplusplus

-}

-#endif

-#endif /* LPDIR_H */

--- a/sys/src/ape/lib/openssl/crypto/o_dir_test.c

+++ /dev/null

@@ -1,70 +1,0 @@

-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */

-/* Copied from Richard Levitte's ([email protected]) LP library.  All

- * symbol names have been changed, with permission from the author.

- */

-/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */

-/*

- * Copyright (c) 2004, Richard Levitte <[email protected]>

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- */

-#include <stddef.h>

-#include <stdlib.h>

-#include <stdio.h>

-#include <errno.h>

-#include "e_os2.h"

-#include "o_dir.h"

-#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE

-#define CURRDIR "."

-#elif defined OPENSSL_SYS_VMS

-#define CURRDIR "SYS$DISK:[]"

-#else

-#error "No supported platform defined!"

-#endif

-int main()

-{

-  OPENSSL_DIR_CTX *ctx = NULL;

-  const char *result;

-  while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL)

-    {

-      printf("%s\n", result);

-    }

-  if (errno)

-    {

-      perror("test_dir");

-      exit(1);

-    }

-  if (!OPENSSL_DIR_end(&ctx))

-    {

-      perror("test_dir");

-      exit(2);

-    }

-  exit(0);

-}

--- a/sys/src/ape/lib/openssl/crypto/o_str.c

+++ /dev/null

@@ -1,105 +1,0 @@

-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <ctype.h>

-#include <e_os.h>

-#include "o_str.h"

-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)

-	{

-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)

-	while (*str1 && *str2 && n)

-		{

-		int res = toupper(*str1) - toupper(*str2);

-		if (res) return res < 0 ? -1 : 1;

-		str1++;

-		str2++;

-		n--;

-		}

-	if (n == 0)

-		return 0;

-	if (*str1)

-		return 1;

-	if (*str2)

-		return -1;

-	return 0;

-#else

-	/* Recursion hazard warning! Whenever strncasecmp is #defined as

-	 * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be

-	 * defined as well. */

-	return strncasecmp(str1, str2, n);

-#endif

-	}

-int OPENSSL_strcasecmp(const char *str1, const char *str2)

-	{

-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)

-	return OPENSSL_strncasecmp(str1, str2, (size_t)-1);

-#else

-	return strcasecmp(str1, str2);

-#endif

-	}

-int OPENSSL_memcmp(const void *v1,const void *v2,size_t n)

-	{

-	const unsigned char *c1=v1,*c2=v2;

-	int ret=0;

-	while(n && (ret=*c1-*c2)==0) n--,c1++,c2++;

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/o_str.h

+++ /dev/null

@@ -1,68 +1,0 @@

-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_O_STR_H

-#define HEADER_O_STR_H

-#include <stddef.h>		/* to get size_t */

-int OPENSSL_strcasecmp(const char *str1, const char *str2);

-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);

-int OPENSSL_memcmp(const void *p1,const void *p2,size_t n);

-#endif

--- a/sys/src/ape/lib/openssl/crypto/o_time.c

+++ /dev/null

@@ -1,217 +1,0 @@

-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/e_os2.h>

-#include <string.h>

-#include "o_time.h"

-#ifdef OPENSSL_SYS_VMS

-# include <libdtdef.h>

-# include <lib$routines.h>

-# include <lnmdef.h>

-# include <starlet.h>

-# include <descrip.h>

-# include <stdlib.h>

-#endif

-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)

-	{

-	struct tm *ts = NULL;

-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)

-	/* should return &data, but doesn't on some systems,

-	   so we don't even look at the return value */

-	gmtime_r(timer,result);

-	ts = result;

-#elif !defined(OPENSSL_SYS_VMS)

-	ts = gmtime(timer);

-	if (ts == NULL)

-		return NULL;

-	memcpy(result, ts, sizeof(struct tm));

-	ts = result;

-#endif

-#ifdef OPENSSL_SYS_VMS

-	if (ts == NULL)

-		{

-		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");

-		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");

-		char logvalue[256];

-		unsigned int reslen = 0;

-		struct {

-			short buflen;

-			short code;

-			void *bufaddr;

-			unsigned int *reslen;

-		} itemlist[] = {

-			{ 0, LNM$_STRING, 0, 0 },

-			{ 0, 0, 0, 0 },

-		};

-		int status;

-		time_t t;

-		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */

-		itemlist[0].buflen = sizeof(logvalue);

-		itemlist[0].bufaddr = logvalue;

-		itemlist[0].reslen = &reslen;

-		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);

-		if (!(status & 1))

-			return NULL;

-		logvalue[reslen] = '\0';

-		t = *timer;

-/* The following is extracted from the DEC C header time.h */

-/*

-**  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime

-**  have two implementations.  One implementation is provided

-**  for compatibility and deals with time in terms of local time,

-**  the other __utc_* deals with time in terms of UTC.

-*/

-/* We use the same conditions as in said time.h to check if we should

-   assume that t contains local time (and should therefore be adjusted)

-   or UTC (and should therefore be left untouched). */

-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE

-		/* Get the numerical value of the equivalence string */

-		status = atoi(logvalue);

-		/* and use it to move time to GMT */

-		t -= status;

-#endif

-		/* then convert the result to the time structure */

-		/* Since there was no gmtime_r() to do this stuff for us,

-		   we have to do it the hard way. */

-		{

-		/* The VMS epoch is the astronomical Smithsonian date,

-		   if I remember correctly, which is November 17, 1858.

-		   Furthermore, time is measure in thenths of microseconds

-		   and stored in quadwords (64 bit integers).  unix_epoch

-		   below is January 1st 1970 expressed as a VMS time.  The

-		   following code was used to get this number:

-		   #include <stdio.h>

-		   #include <stdlib.h>

-		   #include <lib$routines.h>

-		   #include <starlet.h>

-		   main()

-		   {

-		     unsigned long systime[2];

-		     unsigned short epoch_values[7] =

-		       { 1970, 1, 1, 0, 0, 0, 0 };

-		     lib$cvt_vectim(epoch_values, systime);

-		     printf("%u %u", systime[0], systime[1]);

-		   }

-		*/

-		unsigned long unix_epoch[2] = { 1273708544, 8164711 };

-		unsigned long deltatime[2];

-		unsigned long systime[2];

-		struct vms_vectime

-			{

-			short year, month, day, hour, minute, second,

-				centi_second;

-			} time_values;

-		long operation;

-		/* Turn the number of seconds since January 1st 1970 to

-		   an internal delta time.

-		   Note that lib$cvt_to_internal_time() will assume

-		   that t is signed, and will therefore break on 32-bit

-		   systems some time in 2038.

-		*/

-		operation = LIB$K_DELTA_SECONDS;

-		status = lib$cvt_to_internal_time(&operation,

-			&t, deltatime);

-		/* Add the delta time with the Unix epoch and we have

-		   the current UTC time in internal format */

-		status = lib$add_times(unix_epoch, deltatime, systime);

-		/* Turn the internal time into a time vector */

-		status = sys$numtim(&time_values, systime);

-		/* Fill in the struct tm with the result */

-		result->tm_sec = time_values.second;

-		result->tm_min = time_values.minute;

-		result->tm_hour = time_values.hour;

-		result->tm_mday = time_values.day;

-		result->tm_mon = time_values.month - 1;

-		result->tm_year = time_values.year - 1900;

-		operation = LIB$K_DAY_OF_WEEK;

-		status = lib$cvt_from_internal_time(&operation,

-			&result->tm_wday, systime);

-		result->tm_wday %= 7;

-		operation = LIB$K_DAY_OF_YEAR;

-		status = lib$cvt_from_internal_time(&operation,

-			&result->tm_yday, systime);

-		result->tm_yday--;

-		result->tm_isdst = 0; /* There's no way to know... */

-		ts = result;

-		}

-		}

-#endif

-	return ts;

-	}

--- a/sys/src/ape/lib/openssl/crypto/o_time.h

+++ /dev/null

@@ -1,66 +1,0 @@

-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_O_TIME_H

-#define HEADER_O_TIME_H

-#include <time.h>

-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);

-#endif

--- a/sys/src/ape/lib/openssl/crypto/objects/Makefile

+++ /dev/null

@@ -1,119 +1,0 @@

-#

-# OpenSSL/crypto/objects/Makefile

-#

-DIR=	objects

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-PERL=		perl

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	o_names.c obj_dat.c obj_lib.c obj_err.c

-LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o

-SRC= $(LIBSRC)

-EXHEADER= objects.h obj_mac.h

-HEADER=	$(EXHEADER) obj_dat.h

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	obj_dat.h lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-obj_dat.h: obj_dat.pl obj_mac.h

-	$(PERL) obj_dat.pl obj_mac.h obj_dat.h

-# objects.pl both reads and writes obj_mac.num

-obj_mac.h: objects.pl objects.txt obj_mac.num

-	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h

-	@sleep 1; touch obj_mac.h; sleep 1

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-o_names.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-o_names.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-o_names.o: o_names.c

-obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h

-obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-obj_dat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-obj_dat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-obj_dat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-obj_dat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-obj_dat.o: ../cryptlib.h obj_dat.c obj_dat.h

-obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-obj_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-obj_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-obj_err.o: obj_err.c

-obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-obj_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-obj_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-obj_lib.o: ../cryptlib.h obj_lib.c

--- a/sys/src/ape/lib/openssl/crypto/objects/o_names.c

+++ /dev/null

@@ -1,369 +1,0 @@

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/err.h>

-#include <openssl/lhash.h>

-#include <openssl/objects.h>

-#include <openssl/safestack.h>

-#include <openssl/e_os2.h>

-/* Later versions of DEC C has started to add lnkage information to certain

- * functions, which makes it tricky to use them as values to regular function

- * pointers.  One way is to define a macro that takes care of casting them

- * correctly.

- */

-#ifdef OPENSSL_SYS_VMS_DECC

-# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp

-#else

-# define OPENSSL_strcmp strcmp

-#endif

-/* I use the ex_data stuff to manage the identifiers for the obj_name_types

- * that applications may define.  I only really use the free function field.

- */

-static LHASH *names_lh=NULL;

-static int names_type_num=OBJ_NAME_TYPE_NUM;

-typedef struct name_funcs_st

-	{

-	unsigned long (*hash_func)(const char *name);

-	int (*cmp_func)(const char *a,const char *b);

-	void (*free_func)(const char *, int, const char *);

-	} NAME_FUNCS;

-DECLARE_STACK_OF(NAME_FUNCS)

-IMPLEMENT_STACK_OF(NAME_FUNCS)

-static STACK_OF(NAME_FUNCS) *name_funcs_stack;

-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable

- * casting in the functions. This prevents function pointer casting without the

- * need for macro-generated wrapper functions. */

-/* static unsigned long obj_name_hash(OBJ_NAME *a); */

-static unsigned long obj_name_hash(const void *a_void);

-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */

-static int obj_name_cmp(const void *a_void,const void *b_void);

-int OBJ_NAME_init(void)

-	{

-	if (names_lh != NULL) return(1);

-	MemCheck_off();

-	names_lh=lh_new(obj_name_hash, obj_name_cmp);

-	MemCheck_on();

-	return(names_lh != NULL);

-	}

-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),

-	int (*cmp_func)(const char *, const char *),

-	void (*free_func)(const char *, int, const char *))

-	{

-	int ret;

-	int i;

-	NAME_FUNCS *name_funcs;

-	if (name_funcs_stack == NULL)

-		{

-		MemCheck_off();

-		name_funcs_stack=sk_NAME_FUNCS_new_null();

-		MemCheck_on();

-		}

-	if ((name_funcs_stack == NULL))

-		{

-		/* ERROR */

-		return(0);

-		}

-	ret=names_type_num;

-	names_type_num++;

-	for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)

-		{

-		MemCheck_off();

-		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));

-		MemCheck_on();

-		if (!name_funcs)

-			{

-			OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		name_funcs->hash_func = lh_strhash;

-		name_funcs->cmp_func = OPENSSL_strcmp;

-		name_funcs->free_func = 0; /* NULL is often declared to

-						* ((void *)0), which according

-						* to Compaq C is not really

-						* compatible with a function

-						* pointer.	-- Richard Levitte*/

-		MemCheck_off();

-		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);

-		MemCheck_on();

-		}

-	name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);

-	if (hash_func != NULL)

-		name_funcs->hash_func = hash_func;

-	if (cmp_func != NULL)

-		name_funcs->cmp_func = cmp_func;

-	if (free_func != NULL)

-		name_funcs->free_func = free_func;

-	return(ret);

-	}

-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */

-static int obj_name_cmp(const void *a_void, const void *b_void)

-	{

-	int ret;

-	const OBJ_NAME *a = (const OBJ_NAME *)a_void;

-	const OBJ_NAME *b = (const OBJ_NAME *)b_void;

-	ret=a->type-b->type;

-	if (ret == 0)

-		{

-		if ((name_funcs_stack != NULL)

-			&& (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))

-			{

-			ret=sk_NAME_FUNCS_value(name_funcs_stack,

-				a->type)->cmp_func(a->name,b->name);

-			}

-		else

-			ret=strcmp(a->name,b->name);

-		}

-	return(ret);

-	}

-/* static unsigned long obj_name_hash(OBJ_NAME *a) */

-static unsigned long obj_name_hash(const void *a_void)

-	{

-	unsigned long ret;

-	const OBJ_NAME *a = (const OBJ_NAME *)a_void;

-	if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))

-		{

-		ret=sk_NAME_FUNCS_value(name_funcs_stack,

-			a->type)->hash_func(a->name);

-		}

-	else

-		{

-		ret=lh_strhash(a->name);

-		}

-	ret^=a->type;

-	return(ret);

-	}

-const char *OBJ_NAME_get(const char *name, int type)

-	{

-	OBJ_NAME on,*ret;

-	int num=0,alias;

-	if (name == NULL) return(NULL);

-	if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);

-	alias=type&OBJ_NAME_ALIAS;

-	type&= ~OBJ_NAME_ALIAS;

-	on.name=name;

-	on.type=type;

-	for (;;)

-	{

-		ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);

-		if (ret == NULL) return(NULL);

-		if ((ret->alias) && !alias)

-			{

-			if (++num > 10) return(NULL);

-			on.name=ret->data;

-			}

-		else

-			{

-			return(ret->data);

-			}

-		}

-	}

-int OBJ_NAME_add(const char *name, int type, const char *data)

-	{

-	OBJ_NAME *onp,*ret;

-	int alias;

-	if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);

-	alias=type&OBJ_NAME_ALIAS;

-	type&= ~OBJ_NAME_ALIAS;

-	onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));

-	if (onp == NULL)

-		{

-		/* ERROR */

-		return(0);

-		}

-	onp->name=name;

-	onp->alias=alias;

-	onp->type=type;

-	onp->data=data;

-	ret=(OBJ_NAME *)lh_insert(names_lh,onp);

-	if (ret != NULL)

-		{

-		/* free things */

-		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))

-			{

-			/* XXX: I'm not sure I understand why the free

-			 * function should get three arguments...

-			 * -- Richard Levitte

-			 */

-			sk_NAME_FUNCS_value(name_funcs_stack,

-				ret->type)->free_func(ret->name,ret->type,ret->data);

-			}

-		OPENSSL_free(ret);

-		}

-	else

-		{

-		if (lh_error(names_lh))

-			{

-			/* ERROR */

-			return(0);

-			}

-		}

-	return(1);

-	}

-int OBJ_NAME_remove(const char *name, int type)

-	{

-	OBJ_NAME on,*ret;

-	if (names_lh == NULL) return(0);

-	type&= ~OBJ_NAME_ALIAS;

-	on.name=name;

-	on.type=type;

-	ret=(OBJ_NAME *)lh_delete(names_lh,&on);

-	if (ret != NULL)

-		{

-		/* free things */

-		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))

-			{

-			/* XXX: I'm not sure I understand why the free

-			 * function should get three arguments...

-			 * -- Richard Levitte

-			 */

-			sk_NAME_FUNCS_value(name_funcs_stack,

-				ret->type)->free_func(ret->name,ret->type,ret->data);

-			}

-		OPENSSL_free(ret);

-		return(1);

-		}

-	else

-		return(0);

-	}

-struct doall

-	{

-	int type;

-	void (*fn)(const OBJ_NAME *,void *arg);

-	void *arg;

-	};

-static void do_all_fn(const OBJ_NAME *name,struct doall *d)

-	{

-	if(name->type == d->type)

-		d->fn(name,d->arg);

-	}

-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)

-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)

-	{

-	struct doall d;

-	d.type=type;

-	d.fn=fn;

-	d.arg=arg;

-	lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);

-	}

-struct doall_sorted

-	{

-	int type;

-	int n;

-	const OBJ_NAME **names;

-	};

-static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)

-	{

-	struct doall_sorted *d=d_;

-	if(name->type != d->type)

-		return;

-	d->names[d->n++]=name;

-	}

-static int do_all_sorted_cmp(const void *n1_,const void *n2_)

-	{

-	const OBJ_NAME * const *n1=n1_;

-	const OBJ_NAME * const *n2=n2_;

-	return strcmp((*n1)->name,(*n2)->name);

-	}

-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),

-				void *arg)

-	{

-	struct doall_sorted d;

-	int n;

-	d.type=type;

-	d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);

-	d.n=0;

-	OBJ_NAME_do_all(type,do_all_sorted_fn,&d);

-	qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);

-	for(n=0 ; n < d.n ; ++n)

-		fn(d.names[n],arg);

-	OPENSSL_free((void *)d.names);

-	}

-static int free_type;

-static void names_lh_free(OBJ_NAME *onp)

-{

-	if(onp == NULL)

-		return;

-	if ((free_type < 0) || (free_type == onp->type))

-		{

-		OBJ_NAME_remove(onp->name,onp->type);

-		}

-	}

-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)

-static void name_funcs_free(NAME_FUNCS *ptr)

-	{

-	OPENSSL_free(ptr);

-	}

-void OBJ_NAME_cleanup(int type)

-	{

-	unsigned long down_load;

-	if (names_lh == NULL) return;

-	free_type=type;

-	down_load=names_lh->down_load;

-	names_lh->down_load=0;

-	lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));

-	if (type < 0)

-		{

-		lh_free(names_lh);

-		sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);

-		names_lh=NULL;

-		name_funcs_stack = NULL;

-		}

-	else

-		names_lh->down_load=down_load;

-	}

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_dat.c

+++ /dev/null

@@ -1,785 +1,0 @@

-/* crypto/objects/obj_dat.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <ctype.h>

-#include <limits.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-/* obj_dat.h is generated from objects.h by obj_dat.pl */

-#ifndef OPENSSL_NO_OBJECT

-#include "obj_dat.h"

-#else

-/* You will have to load all the objects needed manually in the application */

-#define NUM_NID 0

-#define NUM_SN 0

-#define NUM_LN 0

-#define NUM_OBJ 0

-static unsigned char lvalues[1];

-static ASN1_OBJECT nid_objs[1];

-static ASN1_OBJECT *sn_objs[1];

-static ASN1_OBJECT *ln_objs[1];

-static ASN1_OBJECT *obj_objs[1];

-#endif

-static int sn_cmp(const void *a, const void *b);

-static int ln_cmp(const void *a, const void *b);

-static int obj_cmp(const void *a, const void *b);

-#define ADDED_DATA	0

-#define ADDED_SNAME	1

-#define ADDED_LNAME	2

-#define ADDED_NID	3

-typedef struct added_obj_st

-	{

-	int type;

-	ASN1_OBJECT *obj;

-	} ADDED_OBJ;

-static int new_nid=NUM_NID;

-static LHASH *added=NULL;

-static int sn_cmp(const void *a, const void *b)

-	{

-	const ASN1_OBJECT * const *ap = a, * const *bp = b;

-	return(strcmp((*ap)->sn,(*bp)->sn));

-	}

-static int ln_cmp(const void *a, const void *b)

-	{

-	const ASN1_OBJECT * const *ap = a, * const *bp = b;

-	return(strcmp((*ap)->ln,(*bp)->ln));

-	}

-/* static unsigned long add_hash(ADDED_OBJ *ca) */

-static unsigned long add_hash(const void *ca_void)

-	{

-	const ASN1_OBJECT *a;

-	int i;

-	unsigned long ret=0;

-	unsigned char *p;

-	const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;

-	a=ca->obj;

-	switch (ca->type)

-		{

-	case ADDED_DATA:

-		ret=a->length<<20L;

-		p=(unsigned char *)a->data;

-		for (i=0; i<a->length; i++)

-			ret^=p[i]<<((i*3)%24);

-		break;

-	case ADDED_SNAME:

-		ret=lh_strhash(a->sn);

-		break;

-	case ADDED_LNAME:

-		ret=lh_strhash(a->ln);

-		break;

-	case ADDED_NID:

-		ret=a->nid;

-		break;

-	default:

-		/* abort(); */

-		return 0;

-		}

-	ret&=0x3fffffffL;

-	ret|=ca->type<<30L;

-	return(ret);

-	}

-/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */

-static int add_cmp(const void *ca_void, const void *cb_void)

-	{

-	ASN1_OBJECT *a,*b;

-	int i;

-	const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;

-	const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;

-	i=ca->type-cb->type;

-	if (i) return(i);

-	a=ca->obj;

-	b=cb->obj;

-	switch (ca->type)

-		{

-	case ADDED_DATA:

-		i=(a->length - b->length);

-		if (i) return(i);

-		return(memcmp(a->data,b->data,(size_t)a->length));

-	case ADDED_SNAME:

-		if (a->sn == NULL) return(-1);

-		else if (b->sn == NULL) return(1);

-		else return(strcmp(a->sn,b->sn));

-	case ADDED_LNAME:

-		if (a->ln == NULL) return(-1);

-		else if (b->ln == NULL) return(1);

-		else return(strcmp(a->ln,b->ln));

-	case ADDED_NID:

-		return(a->nid-b->nid);

-	default:

-		/* abort(); */

-		return 0;

-		}

-	}

-static int init_added(void)

-	{

-	if (added != NULL) return(1);

-	added=lh_new(add_hash,add_cmp);

-	return(added != NULL);

-	}

-static void cleanup1(ADDED_OBJ *a)

-	{

-	a->obj->nid=0;

-	a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|

-	                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|

-			ASN1_OBJECT_FLAG_DYNAMIC_DATA;

-	}

-static void cleanup2(ADDED_OBJ *a)

-	{ a->obj->nid++; }

-static void cleanup3(ADDED_OBJ *a)

-	{

-	if (--a->obj->nid == 0)

-		ASN1_OBJECT_free(a->obj);

-	OPENSSL_free(a);

-	}

-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)

-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)

-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)

-void OBJ_cleanup(void)

-	{

-	if (added == NULL) return;

-	added->down_load=0;

-	lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */

-	lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */

-	lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */

-	lh_free(added);

-	added=NULL;

-	}

-int OBJ_new_nid(int num)

-	{

-	int i;

-	i=new_nid;

-	new_nid+=num;

-	return(i);

-	}

-int OBJ_add_object(const ASN1_OBJECT *obj)

-	{

-	ASN1_OBJECT *o;

-	ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;

-	int i;

-	if (added == NULL)

-		if (!init_added()) return(0);

-	if ((o=OBJ_dup(obj)) == NULL) goto err;

-	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;

-	if ((o->length != 0) && (obj->data != NULL))

-		if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;

-	if (o->sn != NULL)

-		if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;

-	if (o->ln != NULL)

-		if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;

-	for (i=ADDED_DATA; i<=ADDED_NID; i++)

-		{

-		if (ao[i] != NULL)

-			{

-			ao[i]->type=i;

-			ao[i]->obj=o;

-			aop=(ADDED_OBJ *)lh_insert(added,ao[i]);

-			/* memory leak, buit should not normally matter */

-			if (aop != NULL)

-				OPENSSL_free(aop);

-			}

-		}

-	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|

-			ASN1_OBJECT_FLAG_DYNAMIC_DATA);

-	return(o->nid);

-err2:

-	OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);

-err:

-	for (i=ADDED_DATA; i<=ADDED_NID; i++)

-		if (ao[i] != NULL) OPENSSL_free(ao[i]);

-	if (o != NULL) OPENSSL_free(o);

-	return(NID_undef);

-	}

-ASN1_OBJECT *OBJ_nid2obj(int n)

-	{

-	ADDED_OBJ ad,*adp;

-	ASN1_OBJECT ob;

-	if ((n >= 0) && (n < NUM_NID))

-		{

-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))

-			{

-			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);

-			return(NULL);

-			}

-		return((ASN1_OBJECT *)&(nid_objs[n]));

-		}

-	else if (added == NULL)

-		return(NULL);

-	else

-		{

-		ad.type=ADDED_NID;

-		ad.obj= &ob;

-		ob.nid=n;

-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

-		if (adp != NULL)

-			return(adp->obj);

-		else

-			{

-			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);

-			return(NULL);

-			}

-		}

-	}

-const char *OBJ_nid2sn(int n)

-	{

-	ADDED_OBJ ad,*adp;

-	ASN1_OBJECT ob;

-	if ((n >= 0) && (n < NUM_NID))

-		{

-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))

-			{

-			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);

-			return(NULL);

-			}

-		return(nid_objs[n].sn);

-		}

-	else if (added == NULL)

-		return(NULL);

-	else

-		{

-		ad.type=ADDED_NID;

-		ad.obj= &ob;

-		ob.nid=n;

-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

-		if (adp != NULL)

-			return(adp->obj->sn);

-		else

-			{

-			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);

-			return(NULL);

-			}

-		}

-	}

-const char *OBJ_nid2ln(int n)

-	{

-	ADDED_OBJ ad,*adp;

-	ASN1_OBJECT ob;

-	if ((n >= 0) && (n < NUM_NID))

-		{

-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))

-			{

-			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);

-			return(NULL);

-			}

-		return(nid_objs[n].ln);

-		}

-	else if (added == NULL)

-		return(NULL);

-	else

-		{

-		ad.type=ADDED_NID;

-		ad.obj= &ob;

-		ob.nid=n;

-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

-		if (adp != NULL)

-			return(adp->obj->ln);

-		else

-			{

-			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);

-			return(NULL);

-			}

-		}

-	}

-int OBJ_obj2nid(const ASN1_OBJECT *a)

-	{

-	ASN1_OBJECT **op;

-	ADDED_OBJ ad,*adp;

-	if (a == NULL)

-		return(NID_undef);

-	if (a->nid != 0)

-		return(a->nid);

-	if (added != NULL)

-		{

-		ad.type=ADDED_DATA;

-		ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */

-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

-		if (adp != NULL) return (adp->obj->nid);

-		}

-	op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,

-		NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);

-	if (op == NULL)

-		return(NID_undef);

-	return((*op)->nid);

-	}

-/* Convert an object name into an ASN1_OBJECT

- * if "noname" is not set then search for short and long names first.

- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid

- * it can be used with any objects, not just registered ones.

- */

-ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)

-	{

-	int nid = NID_undef;

-	ASN1_OBJECT *op=NULL;

-	unsigned char *buf;

-	unsigned char *p;

-	const unsigned char *cp;

-	int i, j;

-	if(!no_name) {

-		if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||

-			((nid = OBJ_ln2nid(s)) != NID_undef) )

-					return OBJ_nid2obj(nid);

-	}

-	/* Work out size of content octets */

-	i=a2d_ASN1_OBJECT(NULL,0,s,-1);

-	if (i <= 0) {

-		/* Don't clear the error */

-		/*ERR_clear_error();*/

-		return NULL;

-	}

-	/* Work out total size */

-	j = ASN1_object_size(0,i,V_ASN1_OBJECT);

-	if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;

-	p = buf;

-	/* Write out tag+length */

-	ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);

-	/* Write out contents */

-	a2d_ASN1_OBJECT(p,i,s,-1);

-	cp=buf;

-	op=d2i_ASN1_OBJECT(NULL,&cp,j);

-	OPENSSL_free(buf);

-	return op;

-	}

-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)

-{

-	int i,n=0,len,nid, first, use_bn;

-	BIGNUM *bl;

-	unsigned long l;

-	unsigned char *p;

-	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];

-	if ((a == NULL) || (a->data == NULL)) {

-		buf[0]='\0';

-		return(0);

-	}

-	if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)

-		{

-		const char *s;

-		s=OBJ_nid2ln(nid);

-		if (s == NULL)

-			s=OBJ_nid2sn(nid);

-		if (buf)

-			BUF_strlcpy(buf,s,buf_len);

-		n=strlen(s);

-		return n;

-		}

-	len=a->length;

-	p=a->data;

-	first = 1;

-	bl = NULL;

-	while (len > 0)

-		{

-		l=0;

-		use_bn = 0;

-		for (;;)

-			{

-			unsigned char c = *p++;

-			len--;

-			if ((len == 0) && (c & 0x80))

-				goto err;

-			if (use_bn)

-				{

-				if (!BN_add_word(bl, c & 0x7f))

-					goto err;

-				}

-			else

-				l |= c  & 0x7f;

-			if (!(c & 0x80))

-				break;

-			if (!use_bn && (l > (ULONG_MAX >> 7L)))

-				{

-				if (!bl && !(bl = BN_new()))

-					goto err;

-				if (!BN_set_word(bl, l))

-					goto err;

-				use_bn = 1;

-				}

-			if (use_bn)

-				{

-				if (!BN_lshift(bl, bl, 7))

-					goto err;

-				}

-			else

-				l<<=7L;

-			}

-		if (first)

-			{

-			first = 0;

-			if (l >= 80)

-				{

-				i = 2;

-				if (use_bn)

-					{

-					if (!BN_sub_word(bl, 80))

-						goto err;

-					}

-				else

-					l -= 80;

-				}

-			else

-				{

-				i=(int)(l/40);

-				l-=(long)(i*40);

-				}

-			if (buf && (buf_len > 0))

-				{

-				*buf++ = i + '0';

-				buf_len--;

-				}

-			n++;

-			}

-		if (use_bn)

-			{

-			char *bndec;

-			bndec = BN_bn2dec(bl);

-			if (!bndec)

-				goto err;

-			i = strlen(bndec);

-			if (buf)

-				{

-				if (buf_len > 0)

-					{

-					*buf++ = '.';

-					buf_len--;

-					}

-				BUF_strlcpy(buf,bndec,buf_len);

-				if (i > buf_len)

-					{

-					buf += buf_len;

-					buf_len = 0;

-					}

-				else

-					{

-					buf+=i;

-					buf_len-=i;

-					}

-				}

-			n++;

-			n += i;

-			OPENSSL_free(bndec);

-			}

-		else

-			{

-			BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);

-			i=strlen(tbuf);

-			if (buf && (buf_len > 0))

-				{

-				BUF_strlcpy(buf,tbuf,buf_len);

-				if (i > buf_len)

-					{

-					buf += buf_len;

-					buf_len = 0;

-					}

-				else

-					{

-					buf+=i;

-					buf_len-=i;

-					}

-				}

-			n+=i;

-			l=0;

-			}

-		}

-	if (bl)

-		BN_free(bl);

-	return n;

-	err:

-	if (bl)

-		BN_free(bl);

-	return -1;

-}

-int OBJ_txt2nid(const char *s)

-{

-	ASN1_OBJECT *obj;

-	int nid;

-	obj = OBJ_txt2obj(s, 0);

-	nid = OBJ_obj2nid(obj);

-	ASN1_OBJECT_free(obj);

-	return nid;

-}

-int OBJ_ln2nid(const char *s)

-	{

-	ASN1_OBJECT o,*oo= &o,**op;

-	ADDED_OBJ ad,*adp;

-	o.ln=s;

-	if (added != NULL)

-		{

-		ad.type=ADDED_LNAME;

-		ad.obj= &o;

-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

-		if (adp != NULL) return (adp->obj->nid);

-		}

-	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,

-		sizeof(ASN1_OBJECT *),ln_cmp);

-	if (op == NULL) return(NID_undef);

-	return((*op)->nid);

-	}

-int OBJ_sn2nid(const char *s)

-	{

-	ASN1_OBJECT o,*oo= &o,**op;

-	ADDED_OBJ ad,*adp;

-	o.sn=s;

-	if (added != NULL)

-		{

-		ad.type=ADDED_SNAME;

-		ad.obj= &o;

-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);

-		if (adp != NULL) return (adp->obj->nid);

-		}

-	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,

-		sizeof(ASN1_OBJECT *),sn_cmp);

-	if (op == NULL) return(NID_undef);

-	return((*op)->nid);

-	}

-static int obj_cmp(const void *ap, const void *bp)

-	{

-	int j;

-	const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;

-	const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;

-	j=(a->length - b->length);

-        if (j) return(j);

-	return(memcmp(a->data,b->data,a->length));

-        }

-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,

-	int (*cmp)(const void *, const void *))

-	{

-	return OBJ_bsearch_ex(key, base, num, size, cmp, 0);

-	}

-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,

-	int size, int (*cmp)(const void *, const void *), int flags)

-	{

-	int l,h,i=0,c=0;

-	const char *p = NULL;

-	if (num == 0) return(NULL);

-	l=0;

-	h=num;

-	while (l < h)

-		{

-		i=(l+h)/2;

-		p= &(base[i*size]);

-		c=(*cmp)(key,p);

-		if (c < 0)

-			h=i;

-		else if (c > 0)

-			l=i+1;

-		else

-			break;

-		}

-#ifdef CHARSET_EBCDIC

-/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and

- * I don't have perl (yet), we revert to a *LINEAR* search

- * when the object wasn't found in the binary search.

- */

-	if (c != 0)

-		{

-		for (i=0; i<num; ++i)

-			{

-			p= &(base[i*size]);

-			c = (*cmp)(key,p);

-			if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))

-				return p;

-			}

-		}

-#endif

-	if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))

-		p = NULL;

-	else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))

-		{

-		while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)

-			i--;

-		p = &(base[i*size]);

-		}

-	return(p);

-	}

-int OBJ_create_objects(BIO *in)

-	{

-	MS_STATIC char buf[512];

-	int i,num=0;

-	char *o,*s,*l=NULL;

-	for (;;)

-		{

-		s=o=NULL;

-		i=BIO_gets(in,buf,512);

-		if (i <= 0) return(num);

-		buf[i-1]='\0';

-		if (!isalnum((unsigned char)buf[0])) return(num);

-		o=s=buf;

-		while (isdigit((unsigned char)*s) || (*s == '.'))

-			s++;

-		if (*s != '\0')

-			{

-			*(s++)='\0';

-			while (isspace((unsigned char)*s))

-				s++;

-			if (*s == '\0')

-				s=NULL;

-			else

-				{

-				l=s;

-				while ((*l != '\0') && !isspace((unsigned char)*l))

-					l++;

-				if (*l != '\0')

-					{

-					*(l++)='\0';

-					while (isspace((unsigned char)*l))

-						l++;

-					if (*l == '\0') l=NULL;

-					}

-				else

-					l=NULL;

-				}

-			}

-		else

-			s=NULL;

-		if ((o == NULL) || (*o == '\0')) return(num);

-		if (!OBJ_create(o,s,l)) return(num);

-		num++;

-		}

-	/* return(num); */

-	}

-int OBJ_create(const char *oid, const char *sn, const char *ln)

-	{

-	int ok=0;

-	ASN1_OBJECT *op=NULL;

-	unsigned char *buf;

-	int i;

-	i=a2d_ASN1_OBJECT(NULL,0,oid,-1);

-	if (i <= 0) return(0);

-	if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)

-		{

-		OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	i=a2d_ASN1_OBJECT(buf,i,oid,-1);

-	if (i == 0)

-		goto err;

-	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);

-	if (op == NULL)

-		goto err;

-	ok=OBJ_add_object(op);

-err:

-	ASN1_OBJECT_free(op);

-	OPENSSL_free(buf);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_dat.h

+++ /dev/null

@@ -1,4297 +1,0 @@

-/* crypto/objects/obj_dat.h */

-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the

- * following command:

- * perl obj_dat.pl obj_mac.h obj_dat.h

- */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define NUM_NID 780

-#define NUM_SN 773

-#define NUM_LN 773

-#define NUM_OBJ 729

-static unsigned char lvalues[5154]={

-0x00,                                        /* [  0] OBJ_undef */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 14] OBJ_md2 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 22] OBJ_md5 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 30] OBJ_rc4 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 38] OBJ_rsaEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 47] OBJ_md2WithRSAEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 56] OBJ_md5WithRSAEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 65] OBJ_pbeWithMD2AndDES_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 74] OBJ_pbeWithMD5AndDES_CBC */

-0x55,                                        /* [ 83] OBJ_X500 */

-0x55,0x04,                                   /* [ 84] OBJ_X509 */

-0x55,0x04,0x03,                              /* [ 86] OBJ_commonName */

-0x55,0x04,0x06,                              /* [ 89] OBJ_countryName */

-0x55,0x04,0x07,                              /* [ 92] OBJ_localityName */

-0x55,0x04,0x08,                              /* [ 95] OBJ_stateOrProvinceName */

-0x55,0x04,0x0A,                              /* [ 98] OBJ_organizationName */

-0x55,0x04,0x0B,                              /* [101] OBJ_organizationalUnitName */

-0x55,0x08,0x01,0x01,                         /* [104] OBJ_rsa */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [108] OBJ_pkcs7 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [116] OBJ_pkcs7_data */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [125] OBJ_pkcs7_signed */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [134] OBJ_pkcs7_enveloped */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [143] OBJ_pkcs7_signedAndEnveloped */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [152] OBJ_pkcs7_digest */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [161] OBJ_pkcs7_encrypted */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [170] OBJ_pkcs3 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [178] OBJ_dhKeyAgreement */

-0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */

-0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */

-0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */

-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */

-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */

-0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */

-0x2B,0x0E,0x03,0x02,0x0F,                    /* [231] OBJ_shaWithRSAEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [236] OBJ_des_ede3_cbc */

-0x2B,0x0E,0x03,0x02,0x08,                    /* [244] OBJ_des_ofb64 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [249] OBJ_pkcs9 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [338] OBJ_netscape */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [345] OBJ_netscape_cert_extension */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [353] OBJ_netscape_data_type */

-0x2B,0x0E,0x03,0x02,0x1A,                    /* [361] OBJ_sha1 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */

-0x2B,0x0E,0x03,0x02,0x0D,                    /* [375] OBJ_dsaWithSHA */

-0x2B,0x0E,0x03,0x02,0x0C,                    /* [380] OBJ_dsa_2 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */

-0x2B,0x0E,0x03,0x02,0x1B,                    /* [403] OBJ_dsaWithSHA1_2 */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */

-0x55,0x1D,                                   /* [489] OBJ_id_ce */

-0x55,0x1D,0x0E,                              /* [491] OBJ_subject_key_identifier */

-0x55,0x1D,0x0F,                              /* [494] OBJ_key_usage */

-0x55,0x1D,0x10,                              /* [497] OBJ_private_key_usage_period */

-0x55,0x1D,0x11,                              /* [500] OBJ_subject_alt_name */

-0x55,0x1D,0x12,                              /* [503] OBJ_issuer_alt_name */

-0x55,0x1D,0x13,                              /* [506] OBJ_basic_constraints */

-0x55,0x1D,0x14,                              /* [509] OBJ_crl_number */

-0x55,0x1D,0x20,                              /* [512] OBJ_certificate_policies */

-0x55,0x1D,0x23,                              /* [515] OBJ_authority_key_identifier */

-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */

-0x55,0x08,0x03,0x65,                         /* [527] OBJ_mdc2 */

-0x55,0x08,0x03,0x64,                         /* [531] OBJ_mdc2WithRSA */

-0x55,0x04,0x2A,                              /* [535] OBJ_givenName */

-0x55,0x04,0x04,                              /* [538] OBJ_surname */

-0x55,0x04,0x2B,                              /* [541] OBJ_initials */

-0x55,0x1D,0x1F,                              /* [544] OBJ_crl_distribution_points */

-0x2B,0x0E,0x03,0x02,0x03,                    /* [547] OBJ_md5WithRSA */

-0x55,0x04,0x05,                              /* [552] OBJ_serialNumber */

-0x55,0x04,0x0C,                              /* [555] OBJ_title */

-0x55,0x04,0x0D,                              /* [558] OBJ_description */

-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */

-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */

-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [579] OBJ_dsaWithSHA1 */

-0x2B,0x0E,0x03,0x02,0x1D,                    /* [586] OBJ_sha1WithRSA */

-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [591] OBJ_dsa */

-0x2B,0x24,0x03,0x02,0x01,                    /* [598] OBJ_ripemd160 */

-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */

-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */

-0x29,0x01,0x01,0x85,0x1A,0x02,               /* [623] OBJ_zlib_compression */

-0x55,0x1D,0x25,                              /* [629] OBJ_ext_key_usage */

-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [632] OBJ_id_pkix */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [638] OBJ_id_kp */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [645] OBJ_server_auth */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [653] OBJ_client_auth */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [661] OBJ_code_sign */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [669] OBJ_email_protect */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [677] OBJ_time_stamp */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */

-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */

-0x55,0x1D,0x1B,                              /* [744] OBJ_delta_crl */

-0x55,0x1D,0x15,                              /* [747] OBJ_crl_reason */

-0x55,0x1D,0x18,                              /* [750] OBJ_invalidity_date */

-0x2B,0x65,0x01,0x04,0x01,                    /* [753] OBJ_sxnet */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [950] OBJ_hmacWithSHA1 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [958] OBJ_id_qt_cps */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [966] OBJ_id_qt_unotice */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */

-0x55,0x04,0x29,                              /* [1029] OBJ_name */

-0x55,0x04,0x2E,                              /* [1032] OBJ_dnQualifier */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1035] OBJ_id_pe */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1042] OBJ_id_ad */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1049] OBJ_info_access */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1057] OBJ_ad_OCSP */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1065] OBJ_ad_ca_issuers */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1073] OBJ_OCSP_sign */

-0x28,                                        /* [1081] OBJ_iso */

-0x2A,                                        /* [1082] OBJ_member_body */

-0x2A,0x86,0x48,                              /* [1083] OBJ_ISO_US */

-0x2A,0x86,0x48,0xCE,0x38,                    /* [1086] OBJ_X9_57 */

-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1091] OBJ_X9cm */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1097] OBJ_pkcs1 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1105] OBJ_pkcs5 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1863] OBJ_md4 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1871] OBJ_id_pkix_mod */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1878] OBJ_id_qt */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1885] OBJ_id_it */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1892] OBJ_id_pkip */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1899] OBJ_id_alg */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1906] OBJ_id_cmc */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1913] OBJ_id_on */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1920] OBJ_id_pda */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1927] OBJ_id_aca */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1934] OBJ_id_qcs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1941] OBJ_id_cct */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1948] OBJ_id_pkix1_explicit_88 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1956] OBJ_id_pkix1_implicit_88 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1964] OBJ_id_pkix1_explicit_93 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1972] OBJ_id_pkix1_implicit_93 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1980] OBJ_id_mod_crmf */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1988] OBJ_id_mod_cmc */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1996] OBJ_id_mod_kea_profile_88 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2004] OBJ_id_mod_kea_profile_93 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2012] OBJ_id_mod_cmp */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2020] OBJ_id_mod_qualified_cert_88 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2028] OBJ_id_mod_qualified_cert_93 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2036] OBJ_id_mod_attribute_cert */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2044] OBJ_id_mod_timestamp_protocol */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2052] OBJ_id_mod_ocsp */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2060] OBJ_id_mod_dvcs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2068] OBJ_id_mod_cmp2000 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2076] OBJ_biometricInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2084] OBJ_qcStatements */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbgp_ipAddrBlock */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbgp_autonomousSysNum */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbgp_routerIdentifier */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2164] OBJ_ipsecUser */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2172] OBJ_dvcs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2180] OBJ_id_it_caProtEncCert */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2188] OBJ_id_it_signKeyPairTypes */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2196] OBJ_id_it_encKeyPairTypes */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2204] OBJ_id_it_preferredSymmAlg */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2212] OBJ_id_it_caKeyUpdateInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2220] OBJ_id_it_currentCRL */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2228] OBJ_id_it_unsupportedOIDs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2236] OBJ_id_it_subscriptionRequest */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2244] OBJ_id_it_subscriptionResponse */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2252] OBJ_id_it_keyPairParamReq */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2260] OBJ_id_it_keyPairParamRep */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2268] OBJ_id_it_revPassphrase */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2276] OBJ_id_it_implicitConfirm */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2284] OBJ_id_it_confirmWaitTime */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2292] OBJ_id_it_origPKIMessage */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2300] OBJ_id_regCtrl */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2308] OBJ_id_regInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2388] OBJ_id_alg_des40 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2396] OBJ_id_alg_noSignature */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2412] OBJ_id_alg_dh_pop */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2420] OBJ_id_cmc_statusInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2428] OBJ_id_cmc_identification */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2436] OBJ_id_cmc_identityProof */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2444] OBJ_id_cmc_dataReturn */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2452] OBJ_id_cmc_transactionId */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2460] OBJ_id_cmc_senderNonce */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2468] OBJ_id_cmc_recipientNonce */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2476] OBJ_id_cmc_addExtensions */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2484] OBJ_id_cmc_encryptedPOP */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2492] OBJ_id_cmc_decryptedPOP */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2500] OBJ_id_cmc_lraPOPWitness */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2508] OBJ_id_cmc_getCert */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2516] OBJ_id_cmc_getCRL */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2524] OBJ_id_cmc_revokeRequest */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2532] OBJ_id_cmc_regInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2540] OBJ_id_cmc_responseInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2548] OBJ_id_cmc_queryPending */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2556] OBJ_id_cmc_popLinkRandom */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2564] OBJ_id_cmc_popLinkWitness */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2572] OBJ_id_cmc_confirmCertAcceptance */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2580] OBJ_id_on_personalData */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2588] OBJ_id_pda_dateOfBirth */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2596] OBJ_id_pda_placeOfBirth */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2604] OBJ_id_pda_gender */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2612] OBJ_id_pda_countryOfCitizenship */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2620] OBJ_id_pda_countryOfResidence */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2628] OBJ_id_aca_authenticationInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2636] OBJ_id_aca_accessIdentity */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2644] OBJ_id_aca_chargingIdentity */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2652] OBJ_id_aca_group */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2660] OBJ_id_aca_role */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2676] OBJ_id_cct_crs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2684] OBJ_id_cct_PKIData */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2692] OBJ_id_cct_PKIResponse */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2700] OBJ_ad_timeStamping */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2708] OBJ_ad_dvcs */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */

-0x2B,0x0E,0x03,0x02,                         /* [2815] OBJ_algorithm */

-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2819] OBJ_rsaSignature */

-0x55,0x08,                                   /* [2824] OBJ_X500algorithms */

-0x2B,                                        /* [2826] OBJ_org */

-0x2B,0x06,                                   /* [2827] OBJ_dod */

-0x2B,0x06,0x01,                              /* [2829] OBJ_iana */

-0x2B,0x06,0x01,0x01,                         /* [2832] OBJ_Directory */

-0x2B,0x06,0x01,0x02,                         /* [2836] OBJ_Management */

-0x2B,0x06,0x01,0x03,                         /* [2840] OBJ_Experimental */

-0x2B,0x06,0x01,0x04,                         /* [2844] OBJ_Private */

-0x2B,0x06,0x01,0x05,                         /* [2848] OBJ_Security */

-0x2B,0x06,0x01,0x06,                         /* [2852] OBJ_SNMPv2 */

-0x2B,0x06,0x01,0x07,                         /* [2856] OBJ_Mail */

-0x2B,0x06,0x01,0x04,0x01,                    /* [2860] OBJ_Enterprises */

-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */

-0x00,                                        /* [2894] OBJ_joint_iso_ccitt */

-0x55,0x01,0x05,                              /* [2895] OBJ_selected_attribute_types */

-0x55,0x01,0x05,0x37,                         /* [2898] OBJ_clearance */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2911] OBJ_ac_proxying */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2919] OBJ_sinfo_access */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2927] OBJ_id_aca_encAttrs */

-0x55,0x04,0x48,                              /* [2935] OBJ_role */

-0x55,0x1D,0x24,                              /* [2938] OBJ_policy_constraints */

-0x55,0x1D,0x37,                              /* [2941] OBJ_target_information */

-0x55,0x1D,0x38,                              /* [2944] OBJ_no_rev_avail */

-0x00,                                        /* [2947] OBJ_ccitt */

-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2948] OBJ_ansi_X9_62 */

-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2953] OBJ_X9_62_prime_field */

-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2960] OBJ_X9_62_characteristic_two_field */

-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2967] OBJ_X9_62_id_ecPublicKey */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2974] OBJ_X9_62_prime192v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2982] OBJ_X9_62_prime192v2 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2990] OBJ_X9_62_prime192v3 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2998] OBJ_X9_62_prime239v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3006] OBJ_X9_62_prime239v2 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3014] OBJ_X9_62_prime239v3 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3022] OBJ_X9_62_prime256v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3030] OBJ_ecdsa_with_SHA1 */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */

-0x55,0x1D,0x17,                              /* [3154] OBJ_hold_instruction_code */

-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3157] OBJ_hold_instruction_none */

-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3164] OBJ_hold_instruction_call_issuer */

-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3171] OBJ_hold_instruction_reject */

-0x09,                                        /* [3178] OBJ_data */

-0x09,0x92,0x26,                              /* [3179] OBJ_pss */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3182] OBJ_ucl */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3189] OBJ_pilot */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */

-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */

-0x55,0x04,0x2D,                              /* [3843] OBJ_x500UniqueIdentifier */

-0x2B,0x06,0x01,0x07,0x01,                    /* [3846] OBJ_mime_mhs */

-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3851] OBJ_mime_mhs_headings */

-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3857] OBJ_mime_mhs_bodies */

-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3863] OBJ_id_hex_partial_message */

-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3870] OBJ_id_hex_multipart_message */

-0x55,0x04,0x2C,                              /* [3877] OBJ_generationQualifier */

-0x55,0x04,0x41,                              /* [3880] OBJ_pseudonym */

-0x67,0x2A,                                   /* [3883] OBJ_id_set */

-0x67,0x2A,0x00,                              /* [3885] OBJ_set_ctype */

-0x67,0x2A,0x01,                              /* [3888] OBJ_set_msgExt */

-0x67,0x2A,0x03,                              /* [3891] OBJ_set_attr */

-0x67,0x2A,0x05,                              /* [3894] OBJ_set_policy */

-0x67,0x2A,0x07,                              /* [3897] OBJ_set_certExt */

-0x67,0x2A,0x08,                              /* [3900] OBJ_set_brand */

-0x67,0x2A,0x00,0x00,                         /* [3903] OBJ_setct_PANData */

-0x67,0x2A,0x00,0x01,                         /* [3907] OBJ_setct_PANToken */

-0x67,0x2A,0x00,0x02,                         /* [3911] OBJ_setct_PANOnly */

-0x67,0x2A,0x00,0x03,                         /* [3915] OBJ_setct_OIData */

-0x67,0x2A,0x00,0x04,                         /* [3919] OBJ_setct_PI */

-0x67,0x2A,0x00,0x05,                         /* [3923] OBJ_setct_PIData */

-0x67,0x2A,0x00,0x06,                         /* [3927] OBJ_setct_PIDataUnsigned */

-0x67,0x2A,0x00,0x07,                         /* [3931] OBJ_setct_HODInput */

-0x67,0x2A,0x00,0x08,                         /* [3935] OBJ_setct_AuthResBaggage */

-0x67,0x2A,0x00,0x09,                         /* [3939] OBJ_setct_AuthRevReqBaggage */

-0x67,0x2A,0x00,0x0A,                         /* [3943] OBJ_setct_AuthRevResBaggage */

-0x67,0x2A,0x00,0x0B,                         /* [3947] OBJ_setct_CapTokenSeq */

-0x67,0x2A,0x00,0x0C,                         /* [3951] OBJ_setct_PInitResData */

-0x67,0x2A,0x00,0x0D,                         /* [3955] OBJ_setct_PI_TBS */

-0x67,0x2A,0x00,0x0E,                         /* [3959] OBJ_setct_PResData */

-0x67,0x2A,0x00,0x10,                         /* [3963] OBJ_setct_AuthReqTBS */

-0x67,0x2A,0x00,0x11,                         /* [3967] OBJ_setct_AuthResTBS */

-0x67,0x2A,0x00,0x12,                         /* [3971] OBJ_setct_AuthResTBSX */

-0x67,0x2A,0x00,0x13,                         /* [3975] OBJ_setct_AuthTokenTBS */

-0x67,0x2A,0x00,0x14,                         /* [3979] OBJ_setct_CapTokenData */

-0x67,0x2A,0x00,0x15,                         /* [3983] OBJ_setct_CapTokenTBS */

-0x67,0x2A,0x00,0x16,                         /* [3987] OBJ_setct_AcqCardCodeMsg */

-0x67,0x2A,0x00,0x17,                         /* [3991] OBJ_setct_AuthRevReqTBS */

-0x67,0x2A,0x00,0x18,                         /* [3995] OBJ_setct_AuthRevResData */

-0x67,0x2A,0x00,0x19,                         /* [3999] OBJ_setct_AuthRevResTBS */

-0x67,0x2A,0x00,0x1A,                         /* [4003] OBJ_setct_CapReqTBS */

-0x67,0x2A,0x00,0x1B,                         /* [4007] OBJ_setct_CapReqTBSX */

-0x67,0x2A,0x00,0x1C,                         /* [4011] OBJ_setct_CapResData */

-0x67,0x2A,0x00,0x1D,                         /* [4015] OBJ_setct_CapRevReqTBS */

-0x67,0x2A,0x00,0x1E,                         /* [4019] OBJ_setct_CapRevReqTBSX */

-0x67,0x2A,0x00,0x1F,                         /* [4023] OBJ_setct_CapRevResData */

-0x67,0x2A,0x00,0x20,                         /* [4027] OBJ_setct_CredReqTBS */

-0x67,0x2A,0x00,0x21,                         /* [4031] OBJ_setct_CredReqTBSX */

-0x67,0x2A,0x00,0x22,                         /* [4035] OBJ_setct_CredResData */

-0x67,0x2A,0x00,0x23,                         /* [4039] OBJ_setct_CredRevReqTBS */

-0x67,0x2A,0x00,0x24,                         /* [4043] OBJ_setct_CredRevReqTBSX */

-0x67,0x2A,0x00,0x25,                         /* [4047] OBJ_setct_CredRevResData */

-0x67,0x2A,0x00,0x26,                         /* [4051] OBJ_setct_PCertReqData */

-0x67,0x2A,0x00,0x27,                         /* [4055] OBJ_setct_PCertResTBS */

-0x67,0x2A,0x00,0x28,                         /* [4059] OBJ_setct_BatchAdminReqData */

-0x67,0x2A,0x00,0x29,                         /* [4063] OBJ_setct_BatchAdminResData */

-0x67,0x2A,0x00,0x2A,                         /* [4067] OBJ_setct_CardCInitResTBS */

-0x67,0x2A,0x00,0x2B,                         /* [4071] OBJ_setct_MeAqCInitResTBS */

-0x67,0x2A,0x00,0x2C,                         /* [4075] OBJ_setct_RegFormResTBS */

-0x67,0x2A,0x00,0x2D,                         /* [4079] OBJ_setct_CertReqData */

-0x67,0x2A,0x00,0x2E,                         /* [4083] OBJ_setct_CertReqTBS */

-0x67,0x2A,0x00,0x2F,                         /* [4087] OBJ_setct_CertResData */

-0x67,0x2A,0x00,0x30,                         /* [4091] OBJ_setct_CertInqReqTBS */

-0x67,0x2A,0x00,0x31,                         /* [4095] OBJ_setct_ErrorTBS */

-0x67,0x2A,0x00,0x32,                         /* [4099] OBJ_setct_PIDualSignedTBE */

-0x67,0x2A,0x00,0x33,                         /* [4103] OBJ_setct_PIUnsignedTBE */

-0x67,0x2A,0x00,0x34,                         /* [4107] OBJ_setct_AuthReqTBE */

-0x67,0x2A,0x00,0x35,                         /* [4111] OBJ_setct_AuthResTBE */

-0x67,0x2A,0x00,0x36,                         /* [4115] OBJ_setct_AuthResTBEX */

-0x67,0x2A,0x00,0x37,                         /* [4119] OBJ_setct_AuthTokenTBE */

-0x67,0x2A,0x00,0x38,                         /* [4123] OBJ_setct_CapTokenTBE */

-0x67,0x2A,0x00,0x39,                         /* [4127] OBJ_setct_CapTokenTBEX */

-0x67,0x2A,0x00,0x3A,                         /* [4131] OBJ_setct_AcqCardCodeMsgTBE */

-0x67,0x2A,0x00,0x3B,                         /* [4135] OBJ_setct_AuthRevReqTBE */

-0x67,0x2A,0x00,0x3C,                         /* [4139] OBJ_setct_AuthRevResTBE */

-0x67,0x2A,0x00,0x3D,                         /* [4143] OBJ_setct_AuthRevResTBEB */

-0x67,0x2A,0x00,0x3E,                         /* [4147] OBJ_setct_CapReqTBE */

-0x67,0x2A,0x00,0x3F,                         /* [4151] OBJ_setct_CapReqTBEX */

-0x67,0x2A,0x00,0x40,                         /* [4155] OBJ_setct_CapResTBE */

-0x67,0x2A,0x00,0x41,                         /* [4159] OBJ_setct_CapRevReqTBE */

-0x67,0x2A,0x00,0x42,                         /* [4163] OBJ_setct_CapRevReqTBEX */

-0x67,0x2A,0x00,0x43,                         /* [4167] OBJ_setct_CapRevResTBE */

-0x67,0x2A,0x00,0x44,                         /* [4171] OBJ_setct_CredReqTBE */

-0x67,0x2A,0x00,0x45,                         /* [4175] OBJ_setct_CredReqTBEX */

-0x67,0x2A,0x00,0x46,                         /* [4179] OBJ_setct_CredResTBE */

-0x67,0x2A,0x00,0x47,                         /* [4183] OBJ_setct_CredRevReqTBE */

-0x67,0x2A,0x00,0x48,                         /* [4187] OBJ_setct_CredRevReqTBEX */

-0x67,0x2A,0x00,0x49,                         /* [4191] OBJ_setct_CredRevResTBE */

-0x67,0x2A,0x00,0x4A,                         /* [4195] OBJ_setct_BatchAdminReqTBE */

-0x67,0x2A,0x00,0x4B,                         /* [4199] OBJ_setct_BatchAdminResTBE */

-0x67,0x2A,0x00,0x4C,                         /* [4203] OBJ_setct_RegFormReqTBE */

-0x67,0x2A,0x00,0x4D,                         /* [4207] OBJ_setct_CertReqTBE */

-0x67,0x2A,0x00,0x4E,                         /* [4211] OBJ_setct_CertReqTBEX */

-0x67,0x2A,0x00,0x4F,                         /* [4215] OBJ_setct_CertResTBE */

-0x67,0x2A,0x00,0x50,                         /* [4219] OBJ_setct_CRLNotificationTBS */

-0x67,0x2A,0x00,0x51,                         /* [4223] OBJ_setct_CRLNotificationResTBS */

-0x67,0x2A,0x00,0x52,                         /* [4227] OBJ_setct_BCIDistributionTBS */

-0x67,0x2A,0x01,0x01,                         /* [4231] OBJ_setext_genCrypt */

-0x67,0x2A,0x01,0x03,                         /* [4235] OBJ_setext_miAuth */

-0x67,0x2A,0x01,0x04,                         /* [4239] OBJ_setext_pinSecure */

-0x67,0x2A,0x01,0x05,                         /* [4243] OBJ_setext_pinAny */

-0x67,0x2A,0x01,0x07,                         /* [4247] OBJ_setext_track2 */

-0x67,0x2A,0x01,0x08,                         /* [4251] OBJ_setext_cv */

-0x67,0x2A,0x05,0x00,                         /* [4255] OBJ_set_policy_root */

-0x67,0x2A,0x07,0x00,                         /* [4259] OBJ_setCext_hashedRoot */

-0x67,0x2A,0x07,0x01,                         /* [4263] OBJ_setCext_certType */

-0x67,0x2A,0x07,0x02,                         /* [4267] OBJ_setCext_merchData */

-0x67,0x2A,0x07,0x03,                         /* [4271] OBJ_setCext_cCertRequired */

-0x67,0x2A,0x07,0x04,                         /* [4275] OBJ_setCext_tunneling */

-0x67,0x2A,0x07,0x05,                         /* [4279] OBJ_setCext_setExt */

-0x67,0x2A,0x07,0x06,                         /* [4283] OBJ_setCext_setQualf */

-0x67,0x2A,0x07,0x07,                         /* [4287] OBJ_setCext_PGWYcapabilities */

-0x67,0x2A,0x07,0x08,                         /* [4291] OBJ_setCext_TokenIdentifier */

-0x67,0x2A,0x07,0x09,                         /* [4295] OBJ_setCext_Track2Data */

-0x67,0x2A,0x07,0x0A,                         /* [4299] OBJ_setCext_TokenType */

-0x67,0x2A,0x07,0x0B,                         /* [4303] OBJ_setCext_IssuerCapabilities */

-0x67,0x2A,0x03,0x00,                         /* [4307] OBJ_setAttr_Cert */

-0x67,0x2A,0x03,0x01,                         /* [4311] OBJ_setAttr_PGWYcap */

-0x67,0x2A,0x03,0x02,                         /* [4315] OBJ_setAttr_TokenType */

-0x67,0x2A,0x03,0x03,                         /* [4319] OBJ_setAttr_IssCap */

-0x67,0x2A,0x03,0x00,0x00,                    /* [4323] OBJ_set_rootKeyThumb */

-0x67,0x2A,0x03,0x00,0x01,                    /* [4328] OBJ_set_addPolicy */

-0x67,0x2A,0x03,0x02,0x01,                    /* [4333] OBJ_setAttr_Token_EMV */

-0x67,0x2A,0x03,0x02,0x02,                    /* [4338] OBJ_setAttr_Token_B0Prime */

-0x67,0x2A,0x03,0x03,0x03,                    /* [4343] OBJ_setAttr_IssCap_CVM */

-0x67,0x2A,0x03,0x03,0x04,                    /* [4348] OBJ_setAttr_IssCap_T2 */

-0x67,0x2A,0x03,0x03,0x05,                    /* [4353] OBJ_setAttr_IssCap_Sig */

-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4358] OBJ_setAttr_GenCryptgrm */

-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4364] OBJ_setAttr_T2Enc */

-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4370] OBJ_setAttr_T2cleartxt */

-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4376] OBJ_setAttr_TokICCsig */

-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4382] OBJ_setAttr_SecDevSig */

-0x67,0x2A,0x08,0x01,                         /* [4388] OBJ_set_brand_IATA_ATA */

-0x67,0x2A,0x08,0x1E,                         /* [4392] OBJ_set_brand_Diners */

-0x67,0x2A,0x08,0x22,                         /* [4396] OBJ_set_brand_AmericanExpress */

-0x67,0x2A,0x08,0x23,                         /* [4400] OBJ_set_brand_JCB */

-0x67,0x2A,0x08,0x04,                         /* [4404] OBJ_set_brand_Visa */

-0x67,0x2A,0x08,0x05,                         /* [4408] OBJ_set_brand_MasterCard */

-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4412] OBJ_set_brand_Novus */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4417] OBJ_des_cdmf */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */

-0x00,                                        /* [4434] OBJ_itu_t */

-0x50,                                        /* [4435] OBJ_joint_iso_itu_t */

-0x67,                                        /* [4436] OBJ_international_organizations */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4437] OBJ_ms_smartcard_login */

-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4447] OBJ_ms_upn */

-0x55,0x04,0x09,                              /* [4457] OBJ_streetAddress */

-0x55,0x04,0x11,                              /* [4460] OBJ_postalCode */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4463] OBJ_id_ppl */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4470] OBJ_proxyCertInfo */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4478] OBJ_id_ppl_anyLanguage */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4486] OBJ_id_ppl_inheritAll */

-0x55,0x1D,0x1E,                              /* [4494] OBJ_name_constraints */

-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4497] OBJ_Independent */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4505] OBJ_sha256WithRSAEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4514] OBJ_sha384WithRSAEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4523] OBJ_sha512WithRSAEncryption */

-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4532] OBJ_sha224WithRSAEncryption */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4541] OBJ_sha256 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4550] OBJ_sha384 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4559] OBJ_sha512 */

-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4568] OBJ_sha224 */

-0x2B,                                        /* [4577] OBJ_identified_organization */

-0x2B,0x81,0x04,                              /* [4578] OBJ_certicom_arc */

-0x67,0x2B,                                   /* [4581] OBJ_wap */

-0x67,0x2B,0x0D,                              /* [4583] OBJ_wap_wsg */

-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4586] OBJ_X9_62_id_characteristic_two_basis */

-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4594] OBJ_X9_62_onBasis */

-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4603] OBJ_X9_62_tpBasis */

-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4612] OBJ_X9_62_ppBasis */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4621] OBJ_X9_62_c2pnb163v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4629] OBJ_X9_62_c2pnb163v2 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4637] OBJ_X9_62_c2pnb163v3 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4645] OBJ_X9_62_c2pnb176v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4653] OBJ_X9_62_c2tnb191v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4661] OBJ_X9_62_c2tnb191v2 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4669] OBJ_X9_62_c2tnb191v3 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4677] OBJ_X9_62_c2onb191v4 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4685] OBJ_X9_62_c2onb191v5 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4693] OBJ_X9_62_c2pnb208w1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4701] OBJ_X9_62_c2tnb239v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4709] OBJ_X9_62_c2tnb239v2 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4717] OBJ_X9_62_c2tnb239v3 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4725] OBJ_X9_62_c2onb239v4 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4733] OBJ_X9_62_c2onb239v5 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4741] OBJ_X9_62_c2pnb272w1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4749] OBJ_X9_62_c2pnb304w1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4757] OBJ_X9_62_c2tnb359v1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4765] OBJ_X9_62_c2pnb368w1 */

-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4773] OBJ_X9_62_c2tnb431r1 */

-0x2B,0x81,0x04,0x00,0x06,                    /* [4781] OBJ_secp112r1 */

-0x2B,0x81,0x04,0x00,0x07,                    /* [4786] OBJ_secp112r2 */

-0x2B,0x81,0x04,0x00,0x1C,                    /* [4791] OBJ_secp128r1 */

-0x2B,0x81,0x04,0x00,0x1D,                    /* [4796] OBJ_secp128r2 */

-0x2B,0x81,0x04,0x00,0x09,                    /* [4801] OBJ_secp160k1 */

-0x2B,0x81,0x04,0x00,0x08,                    /* [4806] OBJ_secp160r1 */

-0x2B,0x81,0x04,0x00,0x1E,                    /* [4811] OBJ_secp160r2 */

-0x2B,0x81,0x04,0x00,0x1F,                    /* [4816] OBJ_secp192k1 */

-0x2B,0x81,0x04,0x00,0x20,                    /* [4821] OBJ_secp224k1 */

-0x2B,0x81,0x04,0x00,0x21,                    /* [4826] OBJ_secp224r1 */

-0x2B,0x81,0x04,0x00,0x0A,                    /* [4831] OBJ_secp256k1 */

-0x2B,0x81,0x04,0x00,0x22,                    /* [4836] OBJ_secp384r1 */

-0x2B,0x81,0x04,0x00,0x23,                    /* [4841] OBJ_secp521r1 */

-0x2B,0x81,0x04,0x00,0x04,                    /* [4846] OBJ_sect113r1 */

-0x2B,0x81,0x04,0x00,0x05,                    /* [4851] OBJ_sect113r2 */

-0x2B,0x81,0x04,0x00,0x16,                    /* [4856] OBJ_sect131r1 */

-0x2B,0x81,0x04,0x00,0x17,                    /* [4861] OBJ_sect131r2 */

-0x2B,0x81,0x04,0x00,0x01,                    /* [4866] OBJ_sect163k1 */

-0x2B,0x81,0x04,0x00,0x02,                    /* [4871] OBJ_sect163r1 */

-0x2B,0x81,0x04,0x00,0x0F,                    /* [4876] OBJ_sect163r2 */

-0x2B,0x81,0x04,0x00,0x18,                    /* [4881] OBJ_sect193r1 */

-0x2B,0x81,0x04,0x00,0x19,                    /* [4886] OBJ_sect193r2 */

-0x2B,0x81,0x04,0x00,0x1A,                    /* [4891] OBJ_sect233k1 */

-0x2B,0x81,0x04,0x00,0x1B,                    /* [4896] OBJ_sect233r1 */

-0x2B,0x81,0x04,0x00,0x03,                    /* [4901] OBJ_sect239k1 */

-0x2B,0x81,0x04,0x00,0x10,                    /* [4906] OBJ_sect283k1 */

-0x2B,0x81,0x04,0x00,0x11,                    /* [4911] OBJ_sect283r1 */

-0x2B,0x81,0x04,0x00,0x24,                    /* [4916] OBJ_sect409k1 */

-0x2B,0x81,0x04,0x00,0x25,                    /* [4921] OBJ_sect409r1 */

-0x2B,0x81,0x04,0x00,0x26,                    /* [4926] OBJ_sect571k1 */

-0x2B,0x81,0x04,0x00,0x27,                    /* [4931] OBJ_sect571r1 */

-0x67,0x2B,0x0D,0x04,0x01,                    /* [4936] OBJ_wap_wsg_idm_ecid_wtls1 */

-0x67,0x2B,0x0D,0x04,0x03,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls3 */

-0x67,0x2B,0x0D,0x04,0x04,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls4 */

-0x67,0x2B,0x0D,0x04,0x05,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls5 */

-0x67,0x2B,0x0D,0x04,0x06,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls6 */

-0x67,0x2B,0x0D,0x04,0x07,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls7 */

-0x67,0x2B,0x0D,0x04,0x08,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls8 */

-0x67,0x2B,0x0D,0x04,0x09,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls9 */

-0x67,0x2B,0x0D,0x04,0x0A,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls10 */

-0x67,0x2B,0x0D,0x04,0x0B,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls11 */

-0x67,0x2B,0x0D,0x04,0x0C,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls12 */

-0x55,0x1D,0x20,0x00,                         /* [4991] OBJ_any_policy */

-0x55,0x1D,0x21,                              /* [4995] OBJ_policy_mappings */

-0x55,0x1D,0x36,                              /* [4998] OBJ_inhibit_any_policy */

-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5001] OBJ_camellia_128_cbc */

-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5012] OBJ_camellia_192_cbc */

-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5023] OBJ_camellia_256_cbc */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5034] OBJ_camellia_128_ecb */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5042] OBJ_camellia_192_ecb */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5050] OBJ_camellia_256_ecb */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5058] OBJ_camellia_128_cfb128 */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5066] OBJ_camellia_192_cfb128 */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5074] OBJ_camellia_256_cfb128 */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5082] OBJ_camellia_128_ofb128 */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5090] OBJ_camellia_192_ofb128 */

-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5098] OBJ_camellia_256_ofb128 */

-0x55,0x1D,0x09,                              /* [5106] OBJ_subject_directory_attributes */

-0x55,0x1D,0x1C,                              /* [5109] OBJ_issuing_distribution_point */

-0x55,0x1D,0x1D,                              /* [5112] OBJ_certificate_issuer */

-0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5115] OBJ_kisa */

-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5121] OBJ_seed_ecb */

-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5129] OBJ_seed_cbc */

-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5137] OBJ_seed_ofb128 */

-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5145] OBJ_seed_cfb128 */

-};

-static ASN1_OBJECT nid_objs[NUM_NID]={

-{"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},

-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},

-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},

-{"MD2","md2",NID_md2,8,&(lvalues[14]),0},

-{"MD5","md5",NID_md5,8,&(lvalues[22]),0},

-{"RC4","rc4",NID_rc4,8,&(lvalues[30]),0},

-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[38]),0},

-{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,

-	&(lvalues[47]),0},

-{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,

-	&(lvalues[56]),0},

-{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,

-	&(lvalues[65]),0},

-{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,

-	&(lvalues[74]),0},

-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0},

-{"X509","X509",NID_X509,2,&(lvalues[84]),0},

-{"CN","commonName",NID_commonName,3,&(lvalues[86]),0},

-{"C","countryName",NID_countryName,3,&(lvalues[89]),0},

-{"L","localityName",NID_localityName,3,&(lvalues[92]),0},

-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[95]),0},

-{"O","organizationName",NID_organizationName,3,&(lvalues[98]),0},

-{"OU","organizationalUnitName",NID_organizationalUnitName,3,

-	&(lvalues[101]),0},

-{"RSA","rsa",NID_rsa,4,&(lvalues[104]),0},

-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[108]),0},

-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[116]),0},

-{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,

-	&(lvalues[125]),0},

-{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,

-	&(lvalues[134]),0},

-{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",

-	NID_pkcs7_signedAndEnveloped,9,&(lvalues[143]),0},

-{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,

-	&(lvalues[152]),0},

-{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,

-	&(lvalues[161]),0},

-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[170]),0},

-{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,

-	&(lvalues[178]),0},

-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},

-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},

-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},

-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},

-{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0},

-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},

-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0},

-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0},

-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},

-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0},

-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0},

-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0},

-{"SHA","sha",NID_sha,5,&(lvalues[226]),0},

-{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,

-	&(lvalues[231]),0},

-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0},

-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},

-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},

-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0},

-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},

-{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,

-	&(lvalues[257]),0},

-{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,

-	&(lvalues[266]),0},

-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},

-{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,

-	&(lvalues[284]),0},

-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0},

-{"countersignature","countersignature",NID_pkcs9_countersignature,9,

-	&(lvalues[302]),0},

-{"challengePassword","challengePassword",NID_pkcs9_challengePassword,

-	9,&(lvalues[311]),0},

-{"unstructuredAddress","unstructuredAddress",

-	NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0},

-{"extendedCertificateAttributes","extendedCertificateAttributes",

-	NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0},

-{"Netscape","Netscape Communications Corp.",NID_netscape,7,

-	&(lvalues[338]),0},

-{"nsCertExt","Netscape Certificate Extension",

-	NID_netscape_cert_extension,8,&(lvalues[345]),0},

-{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,

-	&(lvalues[353]),0},

-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0},

-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0},

-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0},

-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},

-{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},

-{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,

-	&(lvalues[366]),0},

-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0},

-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0},

-{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,

-	9,&(lvalues[385]),0},

-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0},

-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0},

-{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,

-	&(lvalues[408]),0},

-{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,

-	&(lvalues[417]),0},

-{"nsRevocationUrl","Netscape Revocation Url",

-	NID_netscape_revocation_url,9,&(lvalues[426]),0},

-{"nsCaRevocationUrl","Netscape CA Revocation Url",

-	NID_netscape_ca_revocation_url,9,&(lvalues[435]),0},

-{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,

-	&(lvalues[444]),0},

-{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,

-	9,&(lvalues[453]),0},

-{"nsSslServerName","Netscape SSL Server Name",

-	NID_netscape_ssl_server_name,9,&(lvalues[462]),0},

-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},

-{"nsCertSequence","Netscape Certificate Sequence",

-	NID_netscape_cert_sequence,9,&(lvalues[480]),0},

-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0},

-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},

-{"subjectKeyIdentifier","X509v3 Subject Key Identifier",

-	NID_subject_key_identifier,3,&(lvalues[491]),0},

-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0},

-{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",

-	NID_private_key_usage_period,3,&(lvalues[497]),0},

-{"subjectAltName","X509v3 Subject Alternative Name",

-	NID_subject_alt_name,3,&(lvalues[500]),0},

-{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,

-	3,&(lvalues[503]),0},

-{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,

-	3,&(lvalues[506]),0},

-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0},

-{"certificatePolicies","X509v3 Certificate Policies",

-	NID_certificate_policies,3,&(lvalues[512]),0},

-{"authorityKeyIdentifier","X509v3 Authority Key Identifier",

-	NID_authority_key_identifier,3,&(lvalues[515]),0},

-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},

-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0},

-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0},

-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0},

-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},

-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},

-{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0},

-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0},

-{"GN","givenName",NID_givenName,3,&(lvalues[535]),0},

-{"SN","surname",NID_surname,3,&(lvalues[538]),0},

-{"initials","initials",NID_initials,3,&(lvalues[541]),0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{"crlDistributionPoints","X509v3 CRL Distribution Points",

-	NID_crl_distribution_points,3,&(lvalues[544]),0},

-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},

-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0},

-{"title","title",NID_title,3,&(lvalues[555]),0},

-{"description","description",NID_description,3,&(lvalues[558]),0},

-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},

-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0},

-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0},

-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0},

-{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",

-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},

-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},

-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0},

-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},

-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},

-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,

-	&(lvalues[603]),0},

-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},

-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0},

-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},

-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},

-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},

-{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},

-{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,

-	&(lvalues[629]),0},

-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},

-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},

-{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,

-	&(lvalues[645]),0},

-{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,

-	&(lvalues[653]),0},

-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},

-{"emailProtection","E-mail Protection",NID_email_protect,8,

-	&(lvalues[669]),0},

-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},

-{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,

-	&(lvalues[685]),0},

-{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,

-	&(lvalues[695]),0},

-{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,

-	&(lvalues[705]),0},

-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},

-{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,

-	&(lvalues[725]),0},

-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},

-{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,

-	&(lvalues[744]),0},

-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},

-{"invalidityDate","Invalidity Date",NID_invalidity_date,3,

-	&(lvalues[750]),0},

-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},

-{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",

-	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},

-{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",

-	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},

-{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",

-	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},

-{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",

-	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},

-{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",

-	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},

-{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",

-	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},

-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},

-{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,

-	11,&(lvalues[829]),0},

-{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},

-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},

-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},

-{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,

-	&(lvalues[873]),0},

-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},

-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},

-{"x509Certificate","x509Certificate",NID_x509Certificate,10,

-	&(lvalues[902]),0},

-{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,

-	&(lvalues[912]),0},

-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},

-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},

-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},

-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},

-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},

-{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,

-	&(lvalues[966]),0},

-{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},

-{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,

-	&(lvalues[974]),0},

-{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,

-	&(lvalues[983]),0},

-{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,

-	&(lvalues[992]),0},

-{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,

-	&(lvalues[1001]),0},

-{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,

-	&(lvalues[1010]),0},

-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},

-{"name","name",NID_name,3,&(lvalues[1029]),0},

-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},

-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},

-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},

-{"authorityInfoAccess","Authority Information Access",NID_info_access,

-	8,&(lvalues[1049]),0},

-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},

-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},

-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},

-{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},

-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},

-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},

-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},

-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},

-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},

-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},

-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},

-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},

-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},

-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},

-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},

-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},

-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},

-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},

-{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,

-	&(lvalues[1192]),0},

-{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,

-	&(lvalues[1203]),0},

-{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,

-	&(lvalues[1214]),0},

-{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,

-	11,&(lvalues[1225]),0},

-{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",

-	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},

-{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",

-	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},

-{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",

-	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},

-{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",

-	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},

-{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,

-	11,&(lvalues[1280]),0},

-{"id-smime-ct-authData","id-smime-ct-authData",

-	NID_id_smime_ct_authData,11,&(lvalues[1291]),0},

-{"id-smime-ct-publishCert","id-smime-ct-publishCert",

-	NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},

-{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,

-	11,&(lvalues[1313]),0},

-{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,

-	11,&(lvalues[1324]),0},

-{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",

-	NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},

-{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",

-	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},

-{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",

-	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},

-{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",

-	NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},

-{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",

-	NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},

-{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",

-	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},

-{"id-smime-aa-contentHint","id-smime-aa-contentHint",

-	NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},

-{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",

-	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},

-{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",

-	NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},

-{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",

-	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},

-{"id-smime-aa-macValue","id-smime-aa-macValue",

-	NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},

-{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",

-	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},

-{"id-smime-aa-contentReference","id-smime-aa-contentReference",

-	NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},

-{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",

-	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},

-{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",

-	NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},

-{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",

-	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},

-{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",

-	NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},

-{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",

-	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},

-{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",

-	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},

-{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",

-	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},

-{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",

-	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},

-{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",

-	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},

-{"id-smime-aa-ets-contentTimestamp",

-	"id-smime-aa-ets-contentTimestamp",

-	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},

-{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",

-	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},

-{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",

-	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},

-{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",

-	NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},

-{"id-smime-aa-ets-revocationValues",

-	"id-smime-aa-ets-revocationValues",

-	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},

-{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",

-	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},

-{"id-smime-aa-ets-certCRLTimestamp",

-	"id-smime-aa-ets-certCRLTimestamp",

-	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},

-{"id-smime-aa-ets-archiveTimeStamp",

-	"id-smime-aa-ets-archiveTimeStamp",

-	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},

-{"id-smime-aa-signatureType","id-smime-aa-signatureType",

-	NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},

-{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",

-	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},

-{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",

-	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},

-{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",

-	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},

-{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",

-	NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},

-{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",

-	NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},

-{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,

-	&(lvalues[1731]),0},

-{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",

-	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},

-{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",

-	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},

-{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,

-	&(lvalues[1764]),0},

-{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",

-	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},

-{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",

-	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},

-{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",

-	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},

-{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",

-	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},

-{"id-smime-cti-ets-proofOfDelivery",

-	"id-smime-cti-ets-proofOfDelivery",

-	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},

-{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",

-	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},

-{"id-smime-cti-ets-proofOfApproval",

-	"id-smime-cti-ets-proofOfApproval",

-	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},

-{"id-smime-cti-ets-proofOfCreation",

-	"id-smime-cti-ets-proofOfCreation",

-	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},

-{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},

-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},

-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},

-{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},

-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},

-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},

-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},

-{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},

-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},

-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},

-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},

-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},

-{"id-pkix1-explicit-88","id-pkix1-explicit-88",

-	NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},

-{"id-pkix1-implicit-88","id-pkix1-implicit-88",

-	NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},

-{"id-pkix1-explicit-93","id-pkix1-explicit-93",

-	NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},

-{"id-pkix1-implicit-93","id-pkix1-implicit-93",

-	NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},

-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},

-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},

-{"id-mod-kea-profile-88","id-mod-kea-profile-88",

-	NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},

-{"id-mod-kea-profile-93","id-mod-kea-profile-93",

-	NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},

-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},

-{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",

-	NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},

-{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",

-	NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},

-{"id-mod-attribute-cert","id-mod-attribute-cert",

-	NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},

-{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",

-	NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},

-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},

-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},

-{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,

-	&(lvalues[2068]),0},

-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},

-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},

-{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,

-	&(lvalues[2092]),0},

-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},

-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},

-{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,

-	&(lvalues[2116]),0},

-{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",

-	NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},

-{"sbgp-routerIdentifier","sbgp-routerIdentifier",

-	NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},

-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},

-{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,

-	&(lvalues[2148]),0},

-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},

-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},

-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},

-{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,

-	8,&(lvalues[2180]),0},

-{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",

-	NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},

-{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",

-	NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},

-{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",

-	NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},

-{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",

-	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},

-{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,

-	&(lvalues[2220]),0},

-{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",

-	NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},

-{"id-it-subscriptionRequest","id-it-subscriptionRequest",

-	NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},

-{"id-it-subscriptionResponse","id-it-subscriptionResponse",

-	NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},

-{"id-it-keyPairParamReq","id-it-keyPairParamReq",

-	NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},

-{"id-it-keyPairParamRep","id-it-keyPairParamRep",

-	NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},

-{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,

-	8,&(lvalues[2268]),0},

-{"id-it-implicitConfirm","id-it-implicitConfirm",

-	NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},

-{"id-it-confirmWaitTime","id-it-confirmWaitTime",

-	NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},

-{"id-it-origPKIMessage","id-it-origPKIMessage",

-	NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},

-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},

-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},

-{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,

-	9,&(lvalues[2316]),0},

-{"id-regCtrl-authenticator","id-regCtrl-authenticator",

-	NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},

-{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",

-	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},

-{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",

-	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},

-{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",

-	NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},

-{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",

-	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},

-{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",

-	NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},

-{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,

-	&(lvalues[2379]),0},

-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},

-{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,

-	&(lvalues[2396]),0},

-{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",

-	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},

-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},

-{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,

-	&(lvalues[2420]),0},

-{"id-cmc-identification","id-cmc-identification",

-	NID_id_cmc_identification,8,&(lvalues[2428]),0},

-{"id-cmc-identityProof","id-cmc-identityProof",

-	NID_id_cmc_identityProof,8,&(lvalues[2436]),0},

-{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,

-	&(lvalues[2444]),0},

-{"id-cmc-transactionId","id-cmc-transactionId",

-	NID_id_cmc_transactionId,8,&(lvalues[2452]),0},

-{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,

-	&(lvalues[2460]),0},

-{"id-cmc-recipientNonce","id-cmc-recipientNonce",

-	NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},

-{"id-cmc-addExtensions","id-cmc-addExtensions",

-	NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},

-{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,

-	8,&(lvalues[2484]),0},

-{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,

-	8,&(lvalues[2492]),0},

-{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",

-	NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},

-{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,

-	&(lvalues[2508]),0},

-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},

-{"id-cmc-revokeRequest","id-cmc-revokeRequest",

-	NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},

-{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,

-	&(lvalues[2532]),0},

-{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,

-	8,&(lvalues[2540]),0},

-{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,

-	8,&(lvalues[2548]),0},

-{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",

-	NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},

-{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",

-	NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},

-{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",

-	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},

-{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,

-	&(lvalues[2580]),0},

-{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,

-	&(lvalues[2588]),0},

-{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,

-	8,&(lvalues[2596]),0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},

-{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",

-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},

-{"id-pda-countryOfResidence","id-pda-countryOfResidence",

-	NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},

-{"id-aca-authenticationInfo","id-aca-authenticationInfo",

-	NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},

-{"id-aca-accessIdentity","id-aca-accessIdentity",

-	NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},

-{"id-aca-chargingIdentity","id-aca-chargingIdentity",

-	NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},

-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},

-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},

-{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",

-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},

-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},

-{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,

-	&(lvalues[2684]),0},

-{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,

-	&(lvalues[2692]),0},

-{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,

-	&(lvalues[2700]),0},

-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},

-{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,

-	&(lvalues[2716]),0},

-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},

-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},

-{"acceptableResponses","Acceptable OCSP Responses",

-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},

-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},

-{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,

-	9,&(lvalues[2761]),0},

-{"serviceLocator","OCSP Service Locator",

-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},

-{"extendedStatus","Extended OCSP Status",

-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},

-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},

-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},

-{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,

-	&(lvalues[2806]),0},

-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},

-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},

-{"X500algorithms","directory services - algorithms",

-	NID_X500algorithms,2,&(lvalues[2824]),0},

-{"ORG","org",NID_org,1,&(lvalues[2826]),0},

-{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},

-{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},

-{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},

-{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},

-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},

-{"private","Private",NID_Private,4,&(lvalues[2844]),0},

-{"security","Security",NID_Security,4,&(lvalues[2848]),0},

-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},

-{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},

-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},

-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},

-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},

-{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},

-{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0},

-{"selected-attribute-types","Selected Attribute Types",

-	NID_selected_attribute_types,3,&(lvalues[2895]),0},

-{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},

-{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,

-	&(lvalues[2902]),0},

-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},

-{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,

-	&(lvalues[2919]),0},

-{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,

-	&(lvalues[2927]),0},

-{"role","role",NID_role,3,&(lvalues[2935]),0},

-{"policyConstraints","X509v3 Policy Constraints",

-	NID_policy_constraints,3,&(lvalues[2938]),0},

-{"targetInformation","X509v3 AC Targeting",NID_target_information,3,

-	&(lvalues[2941]),0},

-{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,

-	&(lvalues[2944]),0},

-{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0},

-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},

-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},

-{"characteristic-two-field","characteristic-two-field",

-	NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},

-{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,

-	&(lvalues[2967]),0},

-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},

-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},

-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},

-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},

-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},

-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},

-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},

-{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,

-	&(lvalues[3030]),0},

-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},

-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},

-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},

-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},

-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},

-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},

-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},

-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},

-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},

-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},

-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},

-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},

-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},

-{"holdInstructionCode","Hold Instruction Code",

-	NID_hold_instruction_code,3,&(lvalues[3154]),0},

-{"holdInstructionNone","Hold Instruction None",

-	NID_hold_instruction_none,7,&(lvalues[3157]),0},

-{"holdInstructionCallIssuer","Hold Instruction Call Issuer",

-	NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},

-{"holdInstructionReject","Hold Instruction Reject",

-	NID_hold_instruction_reject,7,&(lvalues[3171]),0},

-{"data","data",NID_data,1,&(lvalues[3178]),0},

-{"pss","pss",NID_pss,3,&(lvalues[3179]),0},

-{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},

-{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},

-{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,

-	&(lvalues[3197]),0},

-{"pilotAttributeSyntax","pilotAttributeSyntax",

-	NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},

-{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,

-	&(lvalues[3215]),0},

-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},

-{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,

-	&(lvalues[3233]),0},

-{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",

-	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},

-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},

-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},

-{"account","account",NID_account,10,&(lvalues[3273]),0},

-{"document","document",NID_document,10,&(lvalues[3283]),0},

-{"room","room",NID_room,10,&(lvalues[3293]),0},

-{"documentSeries","documentSeries",NID_documentSeries,10,

-	&(lvalues[3303]),0},

-{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,

-	&(lvalues[3313]),0},

-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},

-{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,

-	10,&(lvalues[3333]),0},

-{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,

-	&(lvalues[3343]),0},

-{"simpleSecurityObject","simpleSecurityObject",

-	NID_simpleSecurityObject,10,&(lvalues[3353]),0},

-{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,

-	&(lvalues[3363]),0},

-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},

-{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,

-	10,&(lvalues[3383]),0},

-{"UID","userId",NID_userId,10,&(lvalues[3393]),0},

-{"textEncodedORAddress","textEncodedORAddress",

-	NID_textEncodedORAddress,10,&(lvalues[3403]),0},

-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},

-{"info","info",NID_info,10,&(lvalues[3423]),0},

-{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,

-	&(lvalues[3433]),0},

-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},

-{"photo","photo",NID_photo,10,&(lvalues[3453]),0},

-{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},

-{"host","host",NID_host,10,&(lvalues[3473]),0},

-{"manager","manager",NID_manager,10,&(lvalues[3483]),0},

-{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,

-	&(lvalues[3493]),0},

-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},

-{"documentVersion","documentVersion",NID_documentVersion,10,

-	&(lvalues[3513]),0},

-{"documentAuthor","documentAuthor",NID_documentAuthor,10,

-	&(lvalues[3523]),0},

-{"documentLocation","documentLocation",NID_documentLocation,10,

-	&(lvalues[3533]),0},

-{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,

-	10,&(lvalues[3543]),0},

-{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},

-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},

-{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,

-	&(lvalues[3573]),0},

-{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,

-	&(lvalues[3583]),0},

-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},

-{"pilotAttributeType27","pilotAttributeType27",

-	NID_pilotAttributeType27,10,&(lvalues[3603]),0},

-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},

-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},

-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},

-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},

-{"associatedDomain","associatedDomain",NID_associatedDomain,10,

-	&(lvalues[3653]),0},

-{"associatedName","associatedName",NID_associatedName,10,

-	&(lvalues[3663]),0},

-{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,

-	&(lvalues[3673]),0},

-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},

-{"mobileTelephoneNumber","mobileTelephoneNumber",

-	NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},

-{"pagerTelephoneNumber","pagerTelephoneNumber",

-	NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},

-{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,

-	10,&(lvalues[3713]),0},

-{"organizationalStatus","organizationalStatus",

-	NID_organizationalStatus,10,&(lvalues[3723]),0},

-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},

-{"mailPreferenceOption","mailPreferenceOption",

-	NID_mailPreferenceOption,10,&(lvalues[3743]),0},

-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},

-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},

-{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,

-	&(lvalues[3773]),0},

-{"subtreeMinimumQuality","subtreeMinimumQuality",

-	NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},

-{"subtreeMaximumQuality","subtreeMaximumQuality",

-	NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},

-{"personalSignature","personalSignature",NID_personalSignature,10,

-	&(lvalues[3803]),0},

-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},

-{"audio","audio",NID_audio,10,&(lvalues[3823]),0},

-{"documentPublisher","documentPublisher",NID_documentPublisher,10,

-	&(lvalues[3833]),0},

-{"x500UniqueIdentifier","x500UniqueIdentifier",

-	NID_x500UniqueIdentifier,3,&(lvalues[3843]),0},

-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0},

-{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,

-	&(lvalues[3851]),0},

-{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,

-	&(lvalues[3857]),0},

-{"id-hex-partial-message","id-hex-partial-message",

-	NID_id_hex_partial_message,7,&(lvalues[3863]),0},

-{"id-hex-multipart-message","id-hex-multipart-message",

-	NID_id_hex_multipart_message,7,&(lvalues[3870]),0},

-{"generationQualifier","generationQualifier",NID_generationQualifier,

-	3,&(lvalues[3877]),0},

-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{"id-set","Secure Electronic Transactions",NID_id_set,2,

-	&(lvalues[3883]),0},

-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},

-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0},

-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0},

-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0},

-{"set-certExt","certificate extensions",NID_set_certExt,3,

-	&(lvalues[3897]),0},

-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0},

-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0},

-{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,

-	&(lvalues[3907]),0},

-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0},

-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0},

-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0},

-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0},

-{"setct-PIDataUnsigned","setct-PIDataUnsigned",

-	NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0},

-{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,

-	&(lvalues[3931]),0},

-{"setct-AuthResBaggage","setct-AuthResBaggage",

-	NID_setct_AuthResBaggage,4,&(lvalues[3935]),0},

-{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",

-	NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0},

-{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",

-	NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0},

-{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,

-	&(lvalues[3947]),0},

-{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,

-	&(lvalues[3951]),0},

-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0},

-{"setct-PResData","setct-PResData",NID_setct_PResData,4,

-	&(lvalues[3959]),0},

-{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,

-	&(lvalues[3963]),0},

-{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,

-	&(lvalues[3967]),0},

-{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,

-	&(lvalues[3971]),0},

-{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,

-	&(lvalues[3975]),0},

-{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,

-	&(lvalues[3979]),0},

-{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,

-	&(lvalues[3983]),0},

-{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",

-	NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0},

-{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,

-	4,&(lvalues[3991]),0},

-{"setct-AuthRevResData","setct-AuthRevResData",

-	NID_setct_AuthRevResData,4,&(lvalues[3995]),0},

-{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,

-	4,&(lvalues[3999]),0},

-{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,

-	&(lvalues[4003]),0},

-{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,

-	&(lvalues[4007]),0},

-{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,

-	&(lvalues[4011]),0},

-{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,

-	&(lvalues[4015]),0},

-{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,

-	4,&(lvalues[4019]),0},

-{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,

-	4,&(lvalues[4023]),0},

-{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,

-	&(lvalues[4027]),0},

-{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,

-	&(lvalues[4031]),0},

-{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,

-	&(lvalues[4035]),0},

-{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,

-	4,&(lvalues[4039]),0},

-{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",

-	NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0},

-{"setct-CredRevResData","setct-CredRevResData",

-	NID_setct_CredRevResData,4,&(lvalues[4047]),0},

-{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,

-	&(lvalues[4051]),0},

-{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,

-	&(lvalues[4055]),0},

-{"setct-BatchAdminReqData","setct-BatchAdminReqData",

-	NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0},

-{"setct-BatchAdminResData","setct-BatchAdminResData",

-	NID_setct_BatchAdminResData,4,&(lvalues[4063]),0},

-{"setct-CardCInitResTBS","setct-CardCInitResTBS",

-	NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0},

-{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",

-	NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0},

-{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,

-	4,&(lvalues[4075]),0},

-{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,

-	&(lvalues[4079]),0},

-{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,

-	&(lvalues[4083]),0},

-{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,

-	&(lvalues[4087]),0},

-{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,

-	4,&(lvalues[4091]),0},

-{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,

-	&(lvalues[4095]),0},

-{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",

-	NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0},

-{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,

-	4,&(lvalues[4103]),0},

-{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,

-	&(lvalues[4107]),0},

-{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,

-	&(lvalues[4111]),0},

-{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,

-	&(lvalues[4115]),0},

-{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,

-	&(lvalues[4119]),0},

-{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,

-	&(lvalues[4123]),0},

-{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,

-	&(lvalues[4127]),0},

-{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",

-	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0},

-{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,

-	4,&(lvalues[4135]),0},

-{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,

-	4,&(lvalues[4139]),0},

-{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",

-	NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0},

-{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,

-	&(lvalues[4147]),0},

-{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,

-	&(lvalues[4151]),0},

-{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,

-	&(lvalues[4155]),0},

-{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,

-	&(lvalues[4159]),0},

-{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,

-	4,&(lvalues[4163]),0},

-{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,

-	&(lvalues[4167]),0},

-{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,

-	&(lvalues[4171]),0},

-{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,

-	&(lvalues[4175]),0},

-{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,

-	&(lvalues[4179]),0},

-{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,

-	4,&(lvalues[4183]),0},

-{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",

-	NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0},

-{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,

-	4,&(lvalues[4191]),0},

-{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",

-	NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0},

-{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",

-	NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0},

-{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,

-	4,&(lvalues[4203]),0},

-{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,

-	&(lvalues[4207]),0},

-{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,

-	&(lvalues[4211]),0},

-{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,

-	&(lvalues[4215]),0},

-{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",

-	NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0},

-{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",

-	NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0},

-{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",

-	NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0},

-{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,

-	&(lvalues[4231]),0},

-{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,

-	&(lvalues[4235]),0},

-{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,

-	&(lvalues[4239]),0},

-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0},

-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0},

-{"setext-cv","additional verification",NID_setext_cv,4,

-	&(lvalues[4251]),0},

-{"set-policy-root","set-policy-root",NID_set_policy_root,4,

-	&(lvalues[4255]),0},

-{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,

-	&(lvalues[4259]),0},

-{"setCext-certType","setCext-certType",NID_setCext_certType,4,

-	&(lvalues[4263]),0},

-{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,

-	&(lvalues[4267]),0},

-{"setCext-cCertRequired","setCext-cCertRequired",

-	NID_setCext_cCertRequired,4,&(lvalues[4271]),0},

-{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,

-	&(lvalues[4275]),0},

-{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,

-	&(lvalues[4279]),0},

-{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,

-	&(lvalues[4283]),0},

-{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",

-	NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0},

-{"setCext-TokenIdentifier","setCext-TokenIdentifier",

-	NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0},

-{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,

-	&(lvalues[4295]),0},

-{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,

-	&(lvalues[4299]),0},

-{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",

-	NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0},

-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0},

-{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,

-	4,&(lvalues[4311]),0},

-{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,

-	&(lvalues[4315]),0},

-{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,

-	&(lvalues[4319]),0},

-{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,

-	&(lvalues[4323]),0},

-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0},

-{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,

-	&(lvalues[4333]),0},

-{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",

-	NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0},

-{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,

-	&(lvalues[4343]),0},

-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,

-	&(lvalues[4348]),0},

-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,

-	&(lvalues[4353]),0},

-{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,

-	6,&(lvalues[4358]),0},

-{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,

-	&(lvalues[4364]),0},

-{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,

-	&(lvalues[4370]),0},

-{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,

-	&(lvalues[4376]),0},

-{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,

-	6,&(lvalues[4382]),0},

-{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,

-	&(lvalues[4388]),0},

-{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,

-	&(lvalues[4392]),0},

-{"set-brand-AmericanExpress","set-brand-AmericanExpress",

-	NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0},

-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0},

-{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,

-	&(lvalues[4404]),0},

-{"set-brand-MasterCard","set-brand-MasterCard",

-	NID_set_brand_MasterCard,4,&(lvalues[4408]),0},

-{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,

-	&(lvalues[4412]),0},

-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0},

-{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",

-	NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0},

-{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4434]),0},

-{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1,

-	&(lvalues[4435]),0},

-{"international-organizations","International Organizations",

-	NID_international_organizations,1,&(lvalues[4436]),0},

-{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,

-	10,&(lvalues[4437]),0},

-{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,

-	&(lvalues[4447]),0},

-{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},

-{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},

-{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},

-{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0},

-{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0},

-{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0},

-{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0},

-{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},

-{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},

-{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},

-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0},

-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0},

-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0},

-{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,

-	&(lvalues[4470]),0},

-{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,

-	&(lvalues[4478]),0},

-{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,

-	&(lvalues[4486]),0},

-{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,

-	&(lvalues[4494]),0},

-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4497]),0},

-{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,

-	&(lvalues[4505]),0},

-{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,

-	&(lvalues[4514]),0},

-{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,

-	&(lvalues[4523]),0},

-{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,

-	&(lvalues[4532]),0},

-{"SHA256","sha256",NID_sha256,9,&(lvalues[4541]),0},

-{"SHA384","sha384",NID_sha384,9,&(lvalues[4550]),0},

-{"SHA512","sha512",NID_sha512,9,&(lvalues[4559]),0},

-{"SHA224","sha224",NID_sha224,9,&(lvalues[4568]),0},

-{"identified-organization","identified-organization",

-	NID_identified_organization,1,&(lvalues[4577]),0},

-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4578]),0},

-{"wap","wap",NID_wap,2,&(lvalues[4581]),0},

-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4583]),0},

-{"id-characteristic-two-basis","id-characteristic-two-basis",

-	NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4586]),0},

-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4594]),0},

-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4603]),0},

-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4612]),0},

-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4621]),0},

-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4629]),0},

-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4637]),0},

-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4645]),0},

-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4653]),0},

-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4661]),0},

-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4669]),0},

-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4677]),0},

-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4685]),0},

-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4693]),0},

-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4701]),0},

-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4709]),0},

-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4717]),0},

-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4725]),0},

-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4733]),0},

-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4741]),0},

-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4749]),0},

-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4757]),0},

-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4765]),0},

-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4773]),0},

-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4781]),0},

-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4786]),0},

-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4791]),0},

-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4796]),0},

-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4801]),0},

-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4806]),0},

-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4811]),0},

-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4816]),0},

-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4821]),0},

-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4826]),0},

-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4831]),0},

-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4836]),0},

-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4841]),0},

-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4846]),0},

-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4851]),0},

-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4856]),0},

-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4861]),0},

-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4866]),0},

-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4871]),0},

-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4876]),0},

-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4881]),0},

-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4886]),0},

-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4891]),0},

-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4896]),0},

-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4901]),0},

-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4906]),0},

-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4911]),0},

-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4916]),0},

-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4921]),0},

-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4926]),0},

-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4931]),0},

-{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",

-	NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4936]),0},

-{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",

-	NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4941]),0},

-{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",

-	NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4946]),0},

-{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",

-	NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4951]),0},

-{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",

-	NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4956]),0},

-{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",

-	NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4961]),0},

-{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",

-	NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4966]),0},

-{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",

-	NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4971]),0},

-{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",

-	NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4976]),0},

-{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",

-	NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4981]),0},

-{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",

-	NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4986]),0},

-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4991]),0},

-{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,

-	&(lvalues[4995]),0},

-{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",

-	NID_inhibit_any_policy,3,&(lvalues[4998]),0},

-{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},

-{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},

-{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,

-	&(lvalues[5001]),0},

-{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,

-	&(lvalues[5012]),0},

-{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,

-	&(lvalues[5023]),0},

-{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,

-	&(lvalues[5034]),0},

-{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,

-	&(lvalues[5042]),0},

-{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,

-	&(lvalues[5050]),0},

-{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,

-	&(lvalues[5058]),0},

-{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,

-	&(lvalues[5066]),0},

-{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,

-	&(lvalues[5074]),0},

-{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},

-{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},

-{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},

-{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0},

-{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},

-{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},

-{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,

-	&(lvalues[5082]),0},

-{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,

-	&(lvalues[5090]),0},

-{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,

-	&(lvalues[5098]),0},

-{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",

-	NID_subject_directory_attributes,3,&(lvalues[5106]),0},

-{"issuingDistributionPoint","X509v3 Issuing Distrubution Point",

-	NID_issuing_distribution_point,3,&(lvalues[5109]),0},

-{"certificateIssuer","X509v3 Certificate Issuer",

-	NID_certificate_issuer,3,&(lvalues[5112]),0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{"KISA","kisa",NID_kisa,6,&(lvalues[5115]),0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{NULL,NULL,NID_undef,0,NULL,0},

-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5121]),0},

-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5129]),0},

-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5137]),0},

-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5145]),0},

-};

-static ASN1_OBJECT *sn_objs[NUM_SN]={

-&(nid_objs[364]),/* "AD_DVCS" */

-&(nid_objs[419]),/* "AES-128-CBC" */

-&(nid_objs[421]),/* "AES-128-CFB" */

-&(nid_objs[650]),/* "AES-128-CFB1" */

-&(nid_objs[653]),/* "AES-128-CFB8" */

-&(nid_objs[418]),/* "AES-128-ECB" */

-&(nid_objs[420]),/* "AES-128-OFB" */

-&(nid_objs[423]),/* "AES-192-CBC" */

-&(nid_objs[425]),/* "AES-192-CFB" */

-&(nid_objs[651]),/* "AES-192-CFB1" */

-&(nid_objs[654]),/* "AES-192-CFB8" */

-&(nid_objs[422]),/* "AES-192-ECB" */

-&(nid_objs[424]),/* "AES-192-OFB" */

-&(nid_objs[427]),/* "AES-256-CBC" */

-&(nid_objs[429]),/* "AES-256-CFB" */

-&(nid_objs[652]),/* "AES-256-CFB1" */

-&(nid_objs[655]),/* "AES-256-CFB8" */

-&(nid_objs[426]),/* "AES-256-ECB" */

-&(nid_objs[428]),/* "AES-256-OFB" */

-&(nid_objs[91]),/* "BF-CBC" */

-&(nid_objs[93]),/* "BF-CFB" */

-&(nid_objs[92]),/* "BF-ECB" */

-&(nid_objs[94]),/* "BF-OFB" */

-&(nid_objs[14]),/* "C" */

-&(nid_objs[751]),/* "CAMELLIA-128-CBC" */

-&(nid_objs[757]),/* "CAMELLIA-128-CFB" */

-&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */

-&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */

-&(nid_objs[754]),/* "CAMELLIA-128-ECB" */

-&(nid_objs[766]),/* "CAMELLIA-128-OFB" */

-&(nid_objs[752]),/* "CAMELLIA-192-CBC" */

-&(nid_objs[758]),/* "CAMELLIA-192-CFB" */

-&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */

-&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */

-&(nid_objs[755]),/* "CAMELLIA-192-ECB" */

-&(nid_objs[767]),/* "CAMELLIA-192-OFB" */

-&(nid_objs[753]),/* "CAMELLIA-256-CBC" */

-&(nid_objs[759]),/* "CAMELLIA-256-CFB" */

-&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */

-&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */

-&(nid_objs[756]),/* "CAMELLIA-256-ECB" */

-&(nid_objs[768]),/* "CAMELLIA-256-OFB" */

-&(nid_objs[108]),/* "CAST5-CBC" */

-&(nid_objs[110]),/* "CAST5-CFB" */

-&(nid_objs[109]),/* "CAST5-ECB" */

-&(nid_objs[111]),/* "CAST5-OFB" */

-&(nid_objs[13]),/* "CN" */

-&(nid_objs[141]),/* "CRLReason" */

-&(nid_objs[417]),/* "CSPName" */

-&(nid_objs[367]),/* "CrlID" */

-&(nid_objs[391]),/* "DC" */

-&(nid_objs[31]),/* "DES-CBC" */

-&(nid_objs[643]),/* "DES-CDMF" */

-&(nid_objs[30]),/* "DES-CFB" */

-&(nid_objs[656]),/* "DES-CFB1" */

-&(nid_objs[657]),/* "DES-CFB8" */

-&(nid_objs[29]),/* "DES-ECB" */

-&(nid_objs[32]),/* "DES-EDE" */

-&(nid_objs[43]),/* "DES-EDE-CBC" */

-&(nid_objs[60]),/* "DES-EDE-CFB" */

-&(nid_objs[62]),/* "DES-EDE-OFB" */

-&(nid_objs[33]),/* "DES-EDE3" */

-&(nid_objs[44]),/* "DES-EDE3-CBC" */

-&(nid_objs[61]),/* "DES-EDE3-CFB" */

-&(nid_objs[658]),/* "DES-EDE3-CFB1" */

-&(nid_objs[659]),/* "DES-EDE3-CFB8" */

-&(nid_objs[63]),/* "DES-EDE3-OFB" */

-&(nid_objs[45]),/* "DES-OFB" */

-&(nid_objs[80]),/* "DESX-CBC" */

-&(nid_objs[380]),/* "DOD" */

-&(nid_objs[116]),/* "DSA" */

-&(nid_objs[66]),/* "DSA-SHA" */

-&(nid_objs[113]),/* "DSA-SHA1" */

-&(nid_objs[70]),/* "DSA-SHA1-old" */

-&(nid_objs[67]),/* "DSA-old" */

-&(nid_objs[297]),/* "DVCS" */

-&(nid_objs[99]),/* "GN" */

-&(nid_objs[381]),/* "IANA" */

-&(nid_objs[34]),/* "IDEA-CBC" */

-&(nid_objs[35]),/* "IDEA-CFB" */

-&(nid_objs[36]),/* "IDEA-ECB" */

-&(nid_objs[46]),/* "IDEA-OFB" */

-&(nid_objs[181]),/* "ISO" */

-&(nid_objs[183]),/* "ISO-US" */

-&(nid_objs[645]),/* "ITU-T" */

-&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */

-&(nid_objs[773]),/* "KISA" */

-&(nid_objs[15]),/* "L" */

-&(nid_objs[ 3]),/* "MD2" */

-&(nid_objs[257]),/* "MD4" */

-&(nid_objs[ 4]),/* "MD5" */

-&(nid_objs[114]),/* "MD5-SHA1" */

-&(nid_objs[95]),/* "MDC2" */

-&(nid_objs[388]),/* "Mail" */

-&(nid_objs[393]),/* "NULL" */

-&(nid_objs[404]),/* "NULL" */

-&(nid_objs[57]),/* "Netscape" */

-&(nid_objs[366]),/* "Nonce" */

-&(nid_objs[17]),/* "O" */

-&(nid_objs[178]),/* "OCSP" */

-&(nid_objs[180]),/* "OCSPSigning" */

-&(nid_objs[379]),/* "ORG" */

-&(nid_objs[18]),/* "OU" */

-&(nid_objs[749]),/* "Oakley-EC2N-3" */

-&(nid_objs[750]),/* "Oakley-EC2N-4" */

-&(nid_objs[ 9]),/* "PBE-MD2-DES" */

-&(nid_objs[168]),/* "PBE-MD2-RC2-64" */

-&(nid_objs[10]),/* "PBE-MD5-DES" */

-&(nid_objs[169]),/* "PBE-MD5-RC2-64" */

-&(nid_objs[147]),/* "PBE-SHA1-2DES" */

-&(nid_objs[146]),/* "PBE-SHA1-3DES" */

-&(nid_objs[170]),/* "PBE-SHA1-DES" */

-&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */

-&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */

-&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */

-&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */

-&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */

-&(nid_objs[161]),/* "PBES2" */

-&(nid_objs[69]),/* "PBKDF2" */

-&(nid_objs[162]),/* "PBMAC1" */

-&(nid_objs[127]),/* "PKIX" */

-&(nid_objs[98]),/* "RC2-40-CBC" */

-&(nid_objs[166]),/* "RC2-64-CBC" */

-&(nid_objs[37]),/* "RC2-CBC" */

-&(nid_objs[39]),/* "RC2-CFB" */

-&(nid_objs[38]),/* "RC2-ECB" */

-&(nid_objs[40]),/* "RC2-OFB" */

-&(nid_objs[ 5]),/* "RC4" */

-&(nid_objs[97]),/* "RC4-40" */

-&(nid_objs[120]),/* "RC5-CBC" */

-&(nid_objs[122]),/* "RC5-CFB" */

-&(nid_objs[121]),/* "RC5-ECB" */

-&(nid_objs[123]),/* "RC5-OFB" */

-&(nid_objs[117]),/* "RIPEMD160" */

-&(nid_objs[124]),/* "RLE" */

-&(nid_objs[19]),/* "RSA" */

-&(nid_objs[ 7]),/* "RSA-MD2" */

-&(nid_objs[396]),/* "RSA-MD4" */

-&(nid_objs[ 8]),/* "RSA-MD5" */

-&(nid_objs[96]),/* "RSA-MDC2" */

-&(nid_objs[104]),/* "RSA-NP-MD5" */

-&(nid_objs[119]),/* "RSA-RIPEMD160" */

-&(nid_objs[42]),/* "RSA-SHA" */

-&(nid_objs[65]),/* "RSA-SHA1" */

-&(nid_objs[115]),/* "RSA-SHA1-2" */

-&(nid_objs[671]),/* "RSA-SHA224" */

-&(nid_objs[668]),/* "RSA-SHA256" */

-&(nid_objs[669]),/* "RSA-SHA384" */

-&(nid_objs[670]),/* "RSA-SHA512" */

-&(nid_objs[777]),/* "SEED-CBC" */

-&(nid_objs[779]),/* "SEED-CFB" */

-&(nid_objs[776]),/* "SEED-ECB" */

-&(nid_objs[778]),/* "SEED-OFB" */

-&(nid_objs[41]),/* "SHA" */

-&(nid_objs[64]),/* "SHA1" */

-&(nid_objs[675]),/* "SHA224" */

-&(nid_objs[672]),/* "SHA256" */

-&(nid_objs[673]),/* "SHA384" */

-&(nid_objs[674]),/* "SHA512" */

-&(nid_objs[188]),/* "SMIME" */

-&(nid_objs[167]),/* "SMIME-CAPS" */

-&(nid_objs[100]),/* "SN" */

-&(nid_objs[16]),/* "ST" */

-&(nid_objs[143]),/* "SXNetID" */

-&(nid_objs[458]),/* "UID" */

-&(nid_objs[ 0]),/* "UNDEF" */

-&(nid_objs[11]),/* "X500" */

-&(nid_objs[378]),/* "X500algorithms" */

-&(nid_objs[12]),/* "X509" */

-&(nid_objs[184]),/* "X9-57" */

-&(nid_objs[185]),/* "X9cm" */

-&(nid_objs[125]),/* "ZLIB" */

-&(nid_objs[478]),/* "aRecord" */

-&(nid_objs[289]),/* "aaControls" */

-&(nid_objs[287]),/* "ac-auditEntity" */

-&(nid_objs[397]),/* "ac-proxying" */

-&(nid_objs[288]),/* "ac-targeting" */

-&(nid_objs[368]),/* "acceptableResponses" */

-&(nid_objs[446]),/* "account" */

-&(nid_objs[363]),/* "ad_timestamping" */

-&(nid_objs[376]),/* "algorithm" */

-&(nid_objs[405]),/* "ansi-X9-62" */

-&(nid_objs[746]),/* "anyPolicy" */

-&(nid_objs[370]),/* "archiveCutoff" */

-&(nid_objs[484]),/* "associatedDomain" */

-&(nid_objs[485]),/* "associatedName" */

-&(nid_objs[501]),/* "audio" */

-&(nid_objs[177]),/* "authorityInfoAccess" */

-&(nid_objs[90]),/* "authorityKeyIdentifier" */

-&(nid_objs[87]),/* "basicConstraints" */

-&(nid_objs[365]),/* "basicOCSPResponse" */

-&(nid_objs[285]),/* "biometricInfo" */

-&(nid_objs[494]),/* "buildingName" */

-&(nid_objs[691]),/* "c2onb191v4" */

-&(nid_objs[692]),/* "c2onb191v5" */

-&(nid_objs[697]),/* "c2onb239v4" */

-&(nid_objs[698]),/* "c2onb239v5" */

-&(nid_objs[684]),/* "c2pnb163v1" */

-&(nid_objs[685]),/* "c2pnb163v2" */

-&(nid_objs[686]),/* "c2pnb163v3" */

-&(nid_objs[687]),/* "c2pnb176v1" */

-&(nid_objs[693]),/* "c2pnb208w1" */

-&(nid_objs[699]),/* "c2pnb272w1" */

-&(nid_objs[700]),/* "c2pnb304w1" */

-&(nid_objs[702]),/* "c2pnb368w1" */

-&(nid_objs[688]),/* "c2tnb191v1" */

-&(nid_objs[689]),/* "c2tnb191v2" */

-&(nid_objs[690]),/* "c2tnb191v3" */

-&(nid_objs[694]),/* "c2tnb239v1" */

-&(nid_objs[695]),/* "c2tnb239v2" */

-&(nid_objs[696]),/* "c2tnb239v3" */

-&(nid_objs[701]),/* "c2tnb359v1" */

-&(nid_objs[703]),/* "c2tnb431r1" */

-&(nid_objs[483]),/* "cNAMERecord" */

-&(nid_objs[179]),/* "caIssuers" */

-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */

-&(nid_objs[152]),/* "certBag" */

-&(nid_objs[677]),/* "certicom-arc" */

-&(nid_objs[771]),/* "certificateIssuer" */

-&(nid_objs[89]),/* "certificatePolicies" */

-&(nid_objs[54]),/* "challengePassword" */

-&(nid_objs[407]),/* "characteristic-two-field" */

-&(nid_objs[395]),/* "clearance" */

-&(nid_objs[130]),/* "clientAuth" */

-&(nid_objs[131]),/* "codeSigning" */

-&(nid_objs[50]),/* "contentType" */

-&(nid_objs[53]),/* "countersignature" */

-&(nid_objs[153]),/* "crlBag" */

-&(nid_objs[103]),/* "crlDistributionPoints" */

-&(nid_objs[88]),/* "crlNumber" */

-&(nid_objs[500]),/* "dITRedirect" */

-&(nid_objs[451]),/* "dNSDomain" */

-&(nid_objs[495]),/* "dSAQuality" */

-&(nid_objs[434]),/* "data" */

-&(nid_objs[390]),/* "dcobject" */

-&(nid_objs[140]),/* "deltaCRL" */

-&(nid_objs[107]),/* "description" */

-&(nid_objs[28]),/* "dhKeyAgreement" */

-&(nid_objs[382]),/* "directory" */

-&(nid_objs[174]),/* "dnQualifier" */

-&(nid_objs[447]),/* "document" */

-&(nid_objs[471]),/* "documentAuthor" */

-&(nid_objs[468]),/* "documentIdentifier" */

-&(nid_objs[472]),/* "documentLocation" */

-&(nid_objs[502]),/* "documentPublisher" */

-&(nid_objs[449]),/* "documentSeries" */

-&(nid_objs[469]),/* "documentTitle" */

-&(nid_objs[470]),/* "documentVersion" */

-&(nid_objs[392]),/* "domain" */

-&(nid_objs[452]),/* "domainRelatedObject" */

-&(nid_objs[416]),/* "ecdsa-with-SHA1" */

-&(nid_objs[48]),/* "emailAddress" */

-&(nid_objs[132]),/* "emailProtection" */

-&(nid_objs[389]),/* "enterprises" */

-&(nid_objs[384]),/* "experimental" */

-&(nid_objs[172]),/* "extReq" */

-&(nid_objs[56]),/* "extendedCertificateAttributes" */

-&(nid_objs[126]),/* "extendedKeyUsage" */

-&(nid_objs[372]),/* "extendedStatus" */

-&(nid_objs[462]),/* "favouriteDrink" */

-&(nid_objs[453]),/* "friendlyCountry" */

-&(nid_objs[490]),/* "friendlyCountryName" */

-&(nid_objs[156]),/* "friendlyName" */

-&(nid_objs[509]),/* "generationQualifier" */

-&(nid_objs[163]),/* "hmacWithSHA1" */

-&(nid_objs[432]),/* "holdInstructionCallIssuer" */

-&(nid_objs[430]),/* "holdInstructionCode" */

-&(nid_objs[431]),/* "holdInstructionNone" */

-&(nid_objs[433]),/* "holdInstructionReject" */

-&(nid_objs[486]),/* "homePostalAddress" */

-&(nid_objs[473]),/* "homeTelephoneNumber" */

-&(nid_objs[466]),/* "host" */

-&(nid_objs[442]),/* "iA5StringSyntax" */

-&(nid_objs[266]),/* "id-aca" */

-&(nid_objs[355]),/* "id-aca-accessIdentity" */

-&(nid_objs[354]),/* "id-aca-authenticationInfo" */

-&(nid_objs[356]),/* "id-aca-chargingIdentity" */

-&(nid_objs[399]),/* "id-aca-encAttrs" */

-&(nid_objs[357]),/* "id-aca-group" */

-&(nid_objs[358]),/* "id-aca-role" */

-&(nid_objs[176]),/* "id-ad" */

-&(nid_objs[262]),/* "id-alg" */

-&(nid_objs[323]),/* "id-alg-des40" */

-&(nid_objs[326]),/* "id-alg-dh-pop" */

-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */

-&(nid_objs[324]),/* "id-alg-noSignature" */

-&(nid_objs[268]),/* "id-cct" */

-&(nid_objs[361]),/* "id-cct-PKIData" */

-&(nid_objs[362]),/* "id-cct-PKIResponse" */

-&(nid_objs[360]),/* "id-cct-crs" */

-&(nid_objs[81]),/* "id-ce" */

-&(nid_objs[680]),/* "id-characteristic-two-basis" */

-&(nid_objs[263]),/* "id-cmc" */

-&(nid_objs[334]),/* "id-cmc-addExtensions" */

-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */

-&(nid_objs[330]),/* "id-cmc-dataReturn" */

-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */

-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */

-&(nid_objs[339]),/* "id-cmc-getCRL" */

-&(nid_objs[338]),/* "id-cmc-getCert" */

-&(nid_objs[328]),/* "id-cmc-identification" */

-&(nid_objs[329]),/* "id-cmc-identityProof" */

-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */

-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */

-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */

-&(nid_objs[343]),/* "id-cmc-queryPending" */

-&(nid_objs[333]),/* "id-cmc-recipientNonce" */

-&(nid_objs[341]),/* "id-cmc-regInfo" */

-&(nid_objs[342]),/* "id-cmc-responseInfo" */

-&(nid_objs[340]),/* "id-cmc-revokeRequest" */

-&(nid_objs[332]),/* "id-cmc-senderNonce" */

-&(nid_objs[327]),/* "id-cmc-statusInfo" */

-&(nid_objs[331]),/* "id-cmc-transactionId" */

-&(nid_objs[408]),/* "id-ecPublicKey" */

-&(nid_objs[508]),/* "id-hex-multipart-message" */

-&(nid_objs[507]),/* "id-hex-partial-message" */

-&(nid_objs[260]),/* "id-it" */

-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */

-&(nid_objs[298]),/* "id-it-caProtEncCert" */

-&(nid_objs[311]),/* "id-it-confirmWaitTime" */

-&(nid_objs[303]),/* "id-it-currentCRL" */

-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */

-&(nid_objs[310]),/* "id-it-implicitConfirm" */

-&(nid_objs[308]),/* "id-it-keyPairParamRep" */

-&(nid_objs[307]),/* "id-it-keyPairParamReq" */

-&(nid_objs[312]),/* "id-it-origPKIMessage" */

-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */

-&(nid_objs[309]),/* "id-it-revPassphrase" */

-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */

-&(nid_objs[305]),/* "id-it-subscriptionRequest" */

-&(nid_objs[306]),/* "id-it-subscriptionResponse" */

-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */

-&(nid_objs[128]),/* "id-kp" */

-&(nid_objs[280]),/* "id-mod-attribute-cert" */

-&(nid_objs[274]),/* "id-mod-cmc" */

-&(nid_objs[277]),/* "id-mod-cmp" */

-&(nid_objs[284]),/* "id-mod-cmp2000" */

-&(nid_objs[273]),/* "id-mod-crmf" */

-&(nid_objs[283]),/* "id-mod-dvcs" */

-&(nid_objs[275]),/* "id-mod-kea-profile-88" */

-&(nid_objs[276]),/* "id-mod-kea-profile-93" */

-&(nid_objs[282]),/* "id-mod-ocsp" */

-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */

-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */

-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */

-&(nid_objs[264]),/* "id-on" */

-&(nid_objs[347]),/* "id-on-personalData" */

-&(nid_objs[265]),/* "id-pda" */

-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */

-&(nid_objs[353]),/* "id-pda-countryOfResidence" */

-&(nid_objs[348]),/* "id-pda-dateOfBirth" */

-&(nid_objs[351]),/* "id-pda-gender" */

-&(nid_objs[349]),/* "id-pda-placeOfBirth" */

-&(nid_objs[175]),/* "id-pe" */

-&(nid_objs[261]),/* "id-pkip" */

-&(nid_objs[258]),/* "id-pkix-mod" */

-&(nid_objs[269]),/* "id-pkix1-explicit-88" */

-&(nid_objs[271]),/* "id-pkix1-explicit-93" */

-&(nid_objs[270]),/* "id-pkix1-implicit-88" */

-&(nid_objs[272]),/* "id-pkix1-implicit-93" */

-&(nid_objs[662]),/* "id-ppl" */

-&(nid_objs[664]),/* "id-ppl-anyLanguage" */

-&(nid_objs[667]),/* "id-ppl-independent" */

-&(nid_objs[665]),/* "id-ppl-inheritAll" */

-&(nid_objs[267]),/* "id-qcs" */

-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */

-&(nid_objs[259]),/* "id-qt" */

-&(nid_objs[164]),/* "id-qt-cps" */

-&(nid_objs[165]),/* "id-qt-unotice" */

-&(nid_objs[313]),/* "id-regCtrl" */

-&(nid_objs[316]),/* "id-regCtrl-authenticator" */

-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */

-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */

-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */

-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */

-&(nid_objs[315]),/* "id-regCtrl-regToken" */

-&(nid_objs[314]),/* "id-regInfo" */

-&(nid_objs[322]),/* "id-regInfo-certReq" */

-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */

-&(nid_objs[512]),/* "id-set" */

-&(nid_objs[191]),/* "id-smime-aa" */

-&(nid_objs[215]),/* "id-smime-aa-contentHint" */

-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */

-&(nid_objs[221]),/* "id-smime-aa-contentReference" */

-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */

-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */

-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */

-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */

-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */

-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */

-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */

-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */

-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */

-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */

-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */

-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */

-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */

-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */

-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */

-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */

-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */

-&(nid_objs[219]),/* "id-smime-aa-macValue" */

-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */

-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */

-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */

-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */

-&(nid_objs[239]),/* "id-smime-aa-signatureType" */

-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */

-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */

-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */

-&(nid_objs[192]),/* "id-smime-alg" */

-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */

-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */

-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */

-&(nid_objs[245]),/* "id-smime-alg-ESDH" */

-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */

-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */

-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */

-&(nid_objs[193]),/* "id-smime-cd" */

-&(nid_objs[248]),/* "id-smime-cd-ldap" */

-&(nid_objs[190]),/* "id-smime-ct" */

-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */

-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */

-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */

-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */

-&(nid_objs[205]),/* "id-smime-ct-authData" */

-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */

-&(nid_objs[206]),/* "id-smime-ct-publishCert" */

-&(nid_objs[204]),/* "id-smime-ct-receipt" */

-&(nid_objs[195]),/* "id-smime-cti" */

-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */

-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */

-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */

-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */

-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */

-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */

-&(nid_objs[189]),/* "id-smime-mod" */

-&(nid_objs[196]),/* "id-smime-mod-cms" */

-&(nid_objs[197]),/* "id-smime-mod-ess" */

-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */

-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */

-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */

-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */

-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */

-&(nid_objs[198]),/* "id-smime-mod-oid" */

-&(nid_objs[194]),/* "id-smime-spq" */

-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */

-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */

-&(nid_objs[676]),/* "identified-organization" */

-&(nid_objs[461]),/* "info" */

-&(nid_objs[748]),/* "inhibitAnyPolicy" */

-&(nid_objs[101]),/* "initials" */

-&(nid_objs[647]),/* "international-organizations" */

-&(nid_objs[142]),/* "invalidityDate" */

-&(nid_objs[294]),/* "ipsecEndSystem" */

-&(nid_objs[295]),/* "ipsecTunnel" */

-&(nid_objs[296]),/* "ipsecUser" */

-&(nid_objs[86]),/* "issuerAltName" */

-&(nid_objs[770]),/* "issuingDistributionPoint" */

-&(nid_objs[492]),/* "janetMailbox" */

-&(nid_objs[150]),/* "keyBag" */

-&(nid_objs[83]),/* "keyUsage" */

-&(nid_objs[477]),/* "lastModifiedBy" */

-&(nid_objs[476]),/* "lastModifiedTime" */

-&(nid_objs[157]),/* "localKeyID" */

-&(nid_objs[480]),/* "mXRecord" */

-&(nid_objs[460]),/* "mail" */

-&(nid_objs[493]),/* "mailPreferenceOption" */

-&(nid_objs[467]),/* "manager" */

-&(nid_objs[182]),/* "member-body" */

-&(nid_objs[51]),/* "messageDigest" */

-&(nid_objs[383]),/* "mgmt" */

-&(nid_objs[504]),/* "mime-mhs" */

-&(nid_objs[506]),/* "mime-mhs-bodies" */

-&(nid_objs[505]),/* "mime-mhs-headings" */

-&(nid_objs[488]),/* "mobileTelephoneNumber" */

-&(nid_objs[136]),/* "msCTLSign" */

-&(nid_objs[135]),/* "msCodeCom" */

-&(nid_objs[134]),/* "msCodeInd" */

-&(nid_objs[138]),/* "msEFS" */

-&(nid_objs[171]),/* "msExtReq" */

-&(nid_objs[137]),/* "msSGC" */

-&(nid_objs[648]),/* "msSmartcardLogin" */

-&(nid_objs[649]),/* "msUPN" */

-&(nid_objs[481]),/* "nSRecord" */

-&(nid_objs[173]),/* "name" */

-&(nid_objs[666]),/* "nameConstraints" */

-&(nid_objs[369]),/* "noCheck" */

-&(nid_objs[403]),/* "noRevAvail" */

-&(nid_objs[72]),/* "nsBaseUrl" */

-&(nid_objs[76]),/* "nsCaPolicyUrl" */

-&(nid_objs[74]),/* "nsCaRevocationUrl" */

-&(nid_objs[58]),/* "nsCertExt" */

-&(nid_objs[79]),/* "nsCertSequence" */

-&(nid_objs[71]),/* "nsCertType" */

-&(nid_objs[78]),/* "nsComment" */

-&(nid_objs[59]),/* "nsDataType" */

-&(nid_objs[75]),/* "nsRenewalUrl" */

-&(nid_objs[73]),/* "nsRevocationUrl" */

-&(nid_objs[139]),/* "nsSGC" */

-&(nid_objs[77]),/* "nsSslServerName" */

-&(nid_objs[681]),/* "onBasis" */

-&(nid_objs[491]),/* "organizationalStatus" */

-&(nid_objs[475]),/* "otherMailbox" */

-&(nid_objs[489]),/* "pagerTelephoneNumber" */

-&(nid_objs[374]),/* "path" */

-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */

-&(nid_objs[499]),/* "personalSignature" */

-&(nid_objs[487]),/* "personalTitle" */

-&(nid_objs[464]),/* "photo" */

-&(nid_objs[437]),/* "pilot" */

-&(nid_objs[439]),/* "pilotAttributeSyntax" */

-&(nid_objs[438]),/* "pilotAttributeType" */

-&(nid_objs[479]),/* "pilotAttributeType27" */

-&(nid_objs[456]),/* "pilotDSA" */

-&(nid_objs[441]),/* "pilotGroups" */

-&(nid_objs[444]),/* "pilotObject" */

-&(nid_objs[440]),/* "pilotObjectClass" */

-&(nid_objs[455]),/* "pilotOrganization" */

-&(nid_objs[445]),/* "pilotPerson" */

-&(nid_objs[ 2]),/* "pkcs" */

-&(nid_objs[186]),/* "pkcs1" */

-&(nid_objs[27]),/* "pkcs3" */

-&(nid_objs[187]),/* "pkcs5" */

-&(nid_objs[20]),/* "pkcs7" */

-&(nid_objs[21]),/* "pkcs7-data" */

-&(nid_objs[25]),/* "pkcs7-digestData" */

-&(nid_objs[26]),/* "pkcs7-encryptedData" */

-&(nid_objs[23]),/* "pkcs7-envelopedData" */

-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */

-&(nid_objs[22]),/* "pkcs7-signedData" */

-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */

-&(nid_objs[47]),/* "pkcs9" */

-&(nid_objs[401]),/* "policyConstraints" */

-&(nid_objs[747]),/* "policyMappings" */

-&(nid_objs[661]),/* "postalCode" */

-&(nid_objs[683]),/* "ppBasis" */

-&(nid_objs[406]),/* "prime-field" */

-&(nid_objs[409]),/* "prime192v1" */

-&(nid_objs[410]),/* "prime192v2" */

-&(nid_objs[411]),/* "prime192v3" */

-&(nid_objs[412]),/* "prime239v1" */

-&(nid_objs[413]),/* "prime239v2" */

-&(nid_objs[414]),/* "prime239v3" */

-&(nid_objs[415]),/* "prime256v1" */

-&(nid_objs[385]),/* "private" */

-&(nid_objs[84]),/* "privateKeyUsagePeriod" */

-&(nid_objs[663]),/* "proxyCertInfo" */

-&(nid_objs[510]),/* "pseudonym" */

-&(nid_objs[435]),/* "pss" */

-&(nid_objs[286]),/* "qcStatements" */

-&(nid_objs[457]),/* "qualityLabelledData" */

-&(nid_objs[450]),/* "rFC822localPart" */

-&(nid_objs[400]),/* "role" */

-&(nid_objs[448]),/* "room" */

-&(nid_objs[463]),/* "roomNumber" */

-&(nid_objs[ 6]),/* "rsaEncryption" */

-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */

-&(nid_objs[377]),/* "rsaSignature" */

-&(nid_objs[ 1]),/* "rsadsi" */

-&(nid_objs[482]),/* "sOARecord" */

-&(nid_objs[155]),/* "safeContentsBag" */

-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */

-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */

-&(nid_objs[292]),/* "sbgp-routerIdentifier" */

-&(nid_objs[159]),/* "sdsiCertificate" */

-&(nid_objs[704]),/* "secp112r1" */

-&(nid_objs[705]),/* "secp112r2" */

-&(nid_objs[706]),/* "secp128r1" */

-&(nid_objs[707]),/* "secp128r2" */

-&(nid_objs[708]),/* "secp160k1" */

-&(nid_objs[709]),/* "secp160r1" */

-&(nid_objs[710]),/* "secp160r2" */

-&(nid_objs[711]),/* "secp192k1" */

-&(nid_objs[712]),/* "secp224k1" */

-&(nid_objs[713]),/* "secp224r1" */

-&(nid_objs[714]),/* "secp256k1" */

-&(nid_objs[715]),/* "secp384r1" */

-&(nid_objs[716]),/* "secp521r1" */

-&(nid_objs[154]),/* "secretBag" */

-&(nid_objs[474]),/* "secretary" */

-&(nid_objs[717]),/* "sect113r1" */

-&(nid_objs[718]),/* "sect113r2" */

-&(nid_objs[719]),/* "sect131r1" */

-&(nid_objs[720]),/* "sect131r2" */

-&(nid_objs[721]),/* "sect163k1" */

-&(nid_objs[722]),/* "sect163r1" */

-&(nid_objs[723]),/* "sect163r2" */

-&(nid_objs[724]),/* "sect193r1" */

-&(nid_objs[725]),/* "sect193r2" */

-&(nid_objs[726]),/* "sect233k1" */

-&(nid_objs[727]),/* "sect233r1" */

-&(nid_objs[728]),/* "sect239k1" */

-&(nid_objs[729]),/* "sect283k1" */

-&(nid_objs[730]),/* "sect283r1" */

-&(nid_objs[731]),/* "sect409k1" */

-&(nid_objs[732]),/* "sect409r1" */

-&(nid_objs[733]),/* "sect571k1" */

-&(nid_objs[734]),/* "sect571r1" */

-&(nid_objs[386]),/* "security" */

-&(nid_objs[394]),/* "selected-attribute-types" */

-&(nid_objs[105]),/* "serialNumber" */

-&(nid_objs[129]),/* "serverAuth" */

-&(nid_objs[371]),/* "serviceLocator" */

-&(nid_objs[625]),/* "set-addPolicy" */

-&(nid_objs[515]),/* "set-attr" */

-&(nid_objs[518]),/* "set-brand" */

-&(nid_objs[638]),/* "set-brand-AmericanExpress" */

-&(nid_objs[637]),/* "set-brand-Diners" */

-&(nid_objs[636]),/* "set-brand-IATA-ATA" */

-&(nid_objs[639]),/* "set-brand-JCB" */

-&(nid_objs[641]),/* "set-brand-MasterCard" */

-&(nid_objs[642]),/* "set-brand-Novus" */

-&(nid_objs[640]),/* "set-brand-Visa" */

-&(nid_objs[517]),/* "set-certExt" */

-&(nid_objs[513]),/* "set-ctype" */

-&(nid_objs[514]),/* "set-msgExt" */

-&(nid_objs[516]),/* "set-policy" */

-&(nid_objs[607]),/* "set-policy-root" */

-&(nid_objs[624]),/* "set-rootKeyThumb" */

-&(nid_objs[620]),/* "setAttr-Cert" */

-&(nid_objs[631]),/* "setAttr-GenCryptgrm" */

-&(nid_objs[623]),/* "setAttr-IssCap" */

-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */

-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */

-&(nid_objs[629]),/* "setAttr-IssCap-T2" */

-&(nid_objs[621]),/* "setAttr-PGWYcap" */

-&(nid_objs[635]),/* "setAttr-SecDevSig" */

-&(nid_objs[632]),/* "setAttr-T2Enc" */

-&(nid_objs[633]),/* "setAttr-T2cleartxt" */

-&(nid_objs[634]),/* "setAttr-TokICCsig" */

-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */

-&(nid_objs[626]),/* "setAttr-Token-EMV" */

-&(nid_objs[622]),/* "setAttr-TokenType" */

-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */

-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */

-&(nid_objs[616]),/* "setCext-TokenIdentifier" */

-&(nid_objs[618]),/* "setCext-TokenType" */

-&(nid_objs[617]),/* "setCext-Track2Data" */

-&(nid_objs[611]),/* "setCext-cCertRequired" */

-&(nid_objs[609]),/* "setCext-certType" */

-&(nid_objs[608]),/* "setCext-hashedRoot" */

-&(nid_objs[610]),/* "setCext-merchData" */

-&(nid_objs[613]),/* "setCext-setExt" */

-&(nid_objs[614]),/* "setCext-setQualf" */

-&(nid_objs[612]),/* "setCext-tunneling" */

-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */

-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */

-&(nid_objs[570]),/* "setct-AuthReqTBE" */

-&(nid_objs[534]),/* "setct-AuthReqTBS" */

-&(nid_objs[527]),/* "setct-AuthResBaggage" */

-&(nid_objs[571]),/* "setct-AuthResTBE" */

-&(nid_objs[572]),/* "setct-AuthResTBEX" */

-&(nid_objs[535]),/* "setct-AuthResTBS" */

-&(nid_objs[536]),/* "setct-AuthResTBSX" */

-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */

-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */

-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */

-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */

-&(nid_objs[542]),/* "setct-AuthRevResData" */

-&(nid_objs[578]),/* "setct-AuthRevResTBE" */

-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */

-&(nid_objs[543]),/* "setct-AuthRevResTBS" */

-&(nid_objs[573]),/* "setct-AuthTokenTBE" */

-&(nid_objs[537]),/* "setct-AuthTokenTBS" */

-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */

-&(nid_objs[558]),/* "setct-BatchAdminReqData" */

-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */

-&(nid_objs[559]),/* "setct-BatchAdminResData" */

-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */

-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */

-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */

-&(nid_objs[580]),/* "setct-CapReqTBE" */

-&(nid_objs[581]),/* "setct-CapReqTBEX" */

-&(nid_objs[544]),/* "setct-CapReqTBS" */

-&(nid_objs[545]),/* "setct-CapReqTBSX" */

-&(nid_objs[546]),/* "setct-CapResData" */

-&(nid_objs[582]),/* "setct-CapResTBE" */

-&(nid_objs[583]),/* "setct-CapRevReqTBE" */

-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */

-&(nid_objs[547]),/* "setct-CapRevReqTBS" */

-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */

-&(nid_objs[549]),/* "setct-CapRevResData" */

-&(nid_objs[585]),/* "setct-CapRevResTBE" */

-&(nid_objs[538]),/* "setct-CapTokenData" */

-&(nid_objs[530]),/* "setct-CapTokenSeq" */

-&(nid_objs[574]),/* "setct-CapTokenTBE" */

-&(nid_objs[575]),/* "setct-CapTokenTBEX" */

-&(nid_objs[539]),/* "setct-CapTokenTBS" */

-&(nid_objs[560]),/* "setct-CardCInitResTBS" */

-&(nid_objs[566]),/* "setct-CertInqReqTBS" */

-&(nid_objs[563]),/* "setct-CertReqData" */

-&(nid_objs[595]),/* "setct-CertReqTBE" */

-&(nid_objs[596]),/* "setct-CertReqTBEX" */

-&(nid_objs[564]),/* "setct-CertReqTBS" */

-&(nid_objs[565]),/* "setct-CertResData" */

-&(nid_objs[597]),/* "setct-CertResTBE" */

-&(nid_objs[586]),/* "setct-CredReqTBE" */

-&(nid_objs[587]),/* "setct-CredReqTBEX" */

-&(nid_objs[550]),/* "setct-CredReqTBS" */

-&(nid_objs[551]),/* "setct-CredReqTBSX" */

-&(nid_objs[552]),/* "setct-CredResData" */

-&(nid_objs[588]),/* "setct-CredResTBE" */

-&(nid_objs[589]),/* "setct-CredRevReqTBE" */

-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */

-&(nid_objs[553]),/* "setct-CredRevReqTBS" */

-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */

-&(nid_objs[555]),/* "setct-CredRevResData" */

-&(nid_objs[591]),/* "setct-CredRevResTBE" */

-&(nid_objs[567]),/* "setct-ErrorTBS" */

-&(nid_objs[526]),/* "setct-HODInput" */

-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */

-&(nid_objs[522]),/* "setct-OIData" */

-&(nid_objs[519]),/* "setct-PANData" */

-&(nid_objs[521]),/* "setct-PANOnly" */

-&(nid_objs[520]),/* "setct-PANToken" */

-&(nid_objs[556]),/* "setct-PCertReqData" */

-&(nid_objs[557]),/* "setct-PCertResTBS" */

-&(nid_objs[523]),/* "setct-PI" */

-&(nid_objs[532]),/* "setct-PI-TBS" */

-&(nid_objs[524]),/* "setct-PIData" */

-&(nid_objs[525]),/* "setct-PIDataUnsigned" */

-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */

-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */

-&(nid_objs[531]),/* "setct-PInitResData" */

-&(nid_objs[533]),/* "setct-PResData" */

-&(nid_objs[594]),/* "setct-RegFormReqTBE" */

-&(nid_objs[562]),/* "setct-RegFormResTBS" */

-&(nid_objs[606]),/* "setext-cv" */

-&(nid_objs[601]),/* "setext-genCrypt" */

-&(nid_objs[602]),/* "setext-miAuth" */

-&(nid_objs[604]),/* "setext-pinAny" */

-&(nid_objs[603]),/* "setext-pinSecure" */

-&(nid_objs[605]),/* "setext-track2" */

-&(nid_objs[52]),/* "signingTime" */

-&(nid_objs[454]),/* "simpleSecurityObject" */

-&(nid_objs[496]),/* "singleLevelQuality" */

-&(nid_objs[387]),/* "snmpv2" */

-&(nid_objs[660]),/* "streetAddress" */

-&(nid_objs[85]),/* "subjectAltName" */

-&(nid_objs[769]),/* "subjectDirectoryAttributes" */

-&(nid_objs[398]),/* "subjectInfoAccess" */

-&(nid_objs[82]),/* "subjectKeyIdentifier" */

-&(nid_objs[498]),/* "subtreeMaximumQuality" */

-&(nid_objs[497]),/* "subtreeMinimumQuality" */

-&(nid_objs[402]),/* "targetInformation" */

-&(nid_objs[459]),/* "textEncodedORAddress" */

-&(nid_objs[293]),/* "textNotice" */

-&(nid_objs[133]),/* "timeStamping" */

-&(nid_objs[106]),/* "title" */

-&(nid_objs[682]),/* "tpBasis" */

-&(nid_objs[375]),/* "trustRoot" */

-&(nid_objs[436]),/* "ucl" */

-&(nid_objs[55]),/* "unstructuredAddress" */

-&(nid_objs[49]),/* "unstructuredName" */

-&(nid_objs[465]),/* "userClass" */

-&(nid_objs[373]),/* "valid" */

-&(nid_objs[678]),/* "wap" */

-&(nid_objs[679]),/* "wap-wsg" */

-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */

-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */

-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */

-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */

-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */

-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */

-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */

-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */

-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */

-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */

-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */

-&(nid_objs[503]),/* "x500UniqueIdentifier" */

-&(nid_objs[158]),/* "x509Certificate" */

-&(nid_objs[160]),/* "x509Crl" */

-};

-static ASN1_OBJECT *ln_objs[NUM_LN]={

-&(nid_objs[363]),/* "AD Time Stamping" */

-&(nid_objs[405]),/* "ANSI X9.62" */

-&(nid_objs[368]),/* "Acceptable OCSP Responses" */

-&(nid_objs[664]),/* "Any language" */

-&(nid_objs[177]),/* "Authority Information Access" */

-&(nid_objs[365]),/* "Basic OCSP Response" */

-&(nid_objs[285]),/* "Biometric Info" */

-&(nid_objs[179]),/* "CA Issuers" */

-&(nid_objs[131]),/* "Code Signing" */

-&(nid_objs[382]),/* "Directory" */

-&(nid_objs[392]),/* "Domain" */

-&(nid_objs[132]),/* "E-mail Protection" */

-&(nid_objs[389]),/* "Enterprises" */

-&(nid_objs[384]),/* "Experimental" */

-&(nid_objs[372]),/* "Extended OCSP Status" */

-&(nid_objs[172]),/* "Extension Request" */

-&(nid_objs[432]),/* "Hold Instruction Call Issuer" */

-&(nid_objs[430]),/* "Hold Instruction Code" */

-&(nid_objs[431]),/* "Hold Instruction None" */

-&(nid_objs[433]),/* "Hold Instruction Reject" */

-&(nid_objs[634]),/* "ICC or token signature" */

-&(nid_objs[294]),/* "IPSec End System" */

-&(nid_objs[295]),/* "IPSec Tunnel" */

-&(nid_objs[296]),/* "IPSec User" */

-&(nid_objs[182]),/* "ISO Member Body" */

-&(nid_objs[183]),/* "ISO US Member Body" */

-&(nid_objs[667]),/* "Independent" */

-&(nid_objs[665]),/* "Inherit all" */

-&(nid_objs[647]),/* "International Organizations" */

-&(nid_objs[142]),/* "Invalidity Date" */

-&(nid_objs[504]),/* "MIME MHS" */

-&(nid_objs[388]),/* "Mail" */

-&(nid_objs[383]),/* "Management" */

-&(nid_objs[417]),/* "Microsoft CSP Name" */

-&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */

-&(nid_objs[138]),/* "Microsoft Encrypted File System" */

-&(nid_objs[171]),/* "Microsoft Extension Request" */

-&(nid_objs[134]),/* "Microsoft Individual Code Signing" */

-&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */

-&(nid_objs[648]),/* "Microsoft Smartcardlogin" */

-&(nid_objs[136]),/* "Microsoft Trust List Signing" */

-&(nid_objs[649]),/* "Microsoft Universal Principal Name" */

-&(nid_objs[393]),/* "NULL" */

-&(nid_objs[404]),/* "NULL" */

-&(nid_objs[72]),/* "Netscape Base Url" */

-&(nid_objs[76]),/* "Netscape CA Policy Url" */

-&(nid_objs[74]),/* "Netscape CA Revocation Url" */

-&(nid_objs[71]),/* "Netscape Cert Type" */

-&(nid_objs[58]),/* "Netscape Certificate Extension" */

-&(nid_objs[79]),/* "Netscape Certificate Sequence" */

-&(nid_objs[78]),/* "Netscape Comment" */

-&(nid_objs[57]),/* "Netscape Communications Corp." */

-&(nid_objs[59]),/* "Netscape Data Type" */

-&(nid_objs[75]),/* "Netscape Renewal Url" */

-&(nid_objs[73]),/* "Netscape Revocation Url" */

-&(nid_objs[77]),/* "Netscape SSL Server Name" */

-&(nid_objs[139]),/* "Netscape Server Gated Crypto" */

-&(nid_objs[178]),/* "OCSP" */

-&(nid_objs[370]),/* "OCSP Archive Cutoff" */

-&(nid_objs[367]),/* "OCSP CRL ID" */

-&(nid_objs[369]),/* "OCSP No Check" */

-&(nid_objs[366]),/* "OCSP Nonce" */

-&(nid_objs[371]),/* "OCSP Service Locator" */

-&(nid_objs[180]),/* "OCSP Signing" */

-&(nid_objs[161]),/* "PBES2" */

-&(nid_objs[69]),/* "PBKDF2" */

-&(nid_objs[162]),/* "PBMAC1" */

-&(nid_objs[127]),/* "PKIX" */

-&(nid_objs[164]),/* "Policy Qualifier CPS" */

-&(nid_objs[165]),/* "Policy Qualifier User Notice" */

-&(nid_objs[385]),/* "Private" */

-&(nid_objs[663]),/* "Proxy Certificate Information" */

-&(nid_objs[ 1]),/* "RSA Data Security, Inc." */

-&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */

-&(nid_objs[188]),/* "S/MIME" */

-&(nid_objs[167]),/* "S/MIME Capabilities" */

-&(nid_objs[387]),/* "SNMPv2" */

-&(nid_objs[512]),/* "Secure Electronic Transactions" */

-&(nid_objs[386]),/* "Security" */

-&(nid_objs[394]),/* "Selected Attribute Types" */

-&(nid_objs[143]),/* "Strong Extranet ID" */

-&(nid_objs[398]),/* "Subject Information Access" */

-&(nid_objs[130]),/* "TLS Web Client Authentication" */

-&(nid_objs[129]),/* "TLS Web Server Authentication" */

-&(nid_objs[133]),/* "Time Stamping" */

-&(nid_objs[375]),/* "Trust Root" */

-&(nid_objs[12]),/* "X509" */

-&(nid_objs[402]),/* "X509v3 AC Targeting" */

-&(nid_objs[746]),/* "X509v3 Any Policy" */

-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */

-&(nid_objs[87]),/* "X509v3 Basic Constraints" */

-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */

-&(nid_objs[88]),/* "X509v3 CRL Number" */

-&(nid_objs[141]),/* "X509v3 CRL Reason Code" */

-&(nid_objs[771]),/* "X509v3 Certificate Issuer" */

-&(nid_objs[89]),/* "X509v3 Certificate Policies" */

-&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */

-&(nid_objs[126]),/* "X509v3 Extended Key Usage" */

-&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */

-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */

-&(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */

-&(nid_objs[83]),/* "X509v3 Key Usage" */

-&(nid_objs[666]),/* "X509v3 Name Constraints" */

-&(nid_objs[403]),/* "X509v3 No Revocation Available" */

-&(nid_objs[401]),/* "X509v3 Policy Constraints" */

-&(nid_objs[747]),/* "X509v3 Policy Mappings" */

-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */

-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */

-&(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */

-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */

-&(nid_objs[184]),/* "X9.57" */

-&(nid_objs[185]),/* "X9.57 CM ?" */

-&(nid_objs[478]),/* "aRecord" */

-&(nid_objs[289]),/* "aaControls" */

-&(nid_objs[287]),/* "ac-auditEntity" */

-&(nid_objs[397]),/* "ac-proxying" */

-&(nid_objs[288]),/* "ac-targeting" */

-&(nid_objs[446]),/* "account" */

-&(nid_objs[364]),/* "ad dvcs" */

-&(nid_objs[606]),/* "additional verification" */

-&(nid_objs[419]),/* "aes-128-cbc" */

-&(nid_objs[421]),/* "aes-128-cfb" */

-&(nid_objs[650]),/* "aes-128-cfb1" */

-&(nid_objs[653]),/* "aes-128-cfb8" */

-&(nid_objs[418]),/* "aes-128-ecb" */

-&(nid_objs[420]),/* "aes-128-ofb" */

-&(nid_objs[423]),/* "aes-192-cbc" */

-&(nid_objs[425]),/* "aes-192-cfb" */

-&(nid_objs[651]),/* "aes-192-cfb1" */

-&(nid_objs[654]),/* "aes-192-cfb8" */

-&(nid_objs[422]),/* "aes-192-ecb" */

-&(nid_objs[424]),/* "aes-192-ofb" */

-&(nid_objs[427]),/* "aes-256-cbc" */

-&(nid_objs[429]),/* "aes-256-cfb" */

-&(nid_objs[652]),/* "aes-256-cfb1" */

-&(nid_objs[655]),/* "aes-256-cfb8" */

-&(nid_objs[426]),/* "aes-256-ecb" */

-&(nid_objs[428]),/* "aes-256-ofb" */

-&(nid_objs[376]),/* "algorithm" */

-&(nid_objs[484]),/* "associatedDomain" */

-&(nid_objs[485]),/* "associatedName" */

-&(nid_objs[501]),/* "audio" */

-&(nid_objs[91]),/* "bf-cbc" */

-&(nid_objs[93]),/* "bf-cfb" */

-&(nid_objs[92]),/* "bf-ecb" */

-&(nid_objs[94]),/* "bf-ofb" */

-&(nid_objs[494]),/* "buildingName" */

-&(nid_objs[691]),/* "c2onb191v4" */

-&(nid_objs[692]),/* "c2onb191v5" */

-&(nid_objs[697]),/* "c2onb239v4" */

-&(nid_objs[698]),/* "c2onb239v5" */

-&(nid_objs[684]),/* "c2pnb163v1" */

-&(nid_objs[685]),/* "c2pnb163v2" */

-&(nid_objs[686]),/* "c2pnb163v3" */

-&(nid_objs[687]),/* "c2pnb176v1" */

-&(nid_objs[693]),/* "c2pnb208w1" */

-&(nid_objs[699]),/* "c2pnb272w1" */

-&(nid_objs[700]),/* "c2pnb304w1" */

-&(nid_objs[702]),/* "c2pnb368w1" */

-&(nid_objs[688]),/* "c2tnb191v1" */

-&(nid_objs[689]),/* "c2tnb191v2" */

-&(nid_objs[690]),/* "c2tnb191v3" */

-&(nid_objs[694]),/* "c2tnb239v1" */

-&(nid_objs[695]),/* "c2tnb239v2" */

-&(nid_objs[696]),/* "c2tnb239v3" */

-&(nid_objs[701]),/* "c2tnb359v1" */

-&(nid_objs[703]),/* "c2tnb431r1" */

-&(nid_objs[483]),/* "cNAMERecord" */

-&(nid_objs[751]),/* "camellia-128-cbc" */

-&(nid_objs[757]),/* "camellia-128-cfb" */

-&(nid_objs[760]),/* "camellia-128-cfb1" */

-&(nid_objs[763]),/* "camellia-128-cfb8" */

-&(nid_objs[754]),/* "camellia-128-ecb" */

-&(nid_objs[766]),/* "camellia-128-ofb" */

-&(nid_objs[752]),/* "camellia-192-cbc" */

-&(nid_objs[758]),/* "camellia-192-cfb" */

-&(nid_objs[761]),/* "camellia-192-cfb1" */

-&(nid_objs[764]),/* "camellia-192-cfb8" */

-&(nid_objs[755]),/* "camellia-192-ecb" */

-&(nid_objs[767]),/* "camellia-192-ofb" */

-&(nid_objs[753]),/* "camellia-256-cbc" */

-&(nid_objs[759]),/* "camellia-256-cfb" */

-&(nid_objs[762]),/* "camellia-256-cfb1" */

-&(nid_objs[765]),/* "camellia-256-cfb8" */

-&(nid_objs[756]),/* "camellia-256-ecb" */

-&(nid_objs[768]),/* "camellia-256-ofb" */

-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */

-&(nid_objs[108]),/* "cast5-cbc" */

-&(nid_objs[110]),/* "cast5-cfb" */

-&(nid_objs[109]),/* "cast5-ecb" */

-&(nid_objs[111]),/* "cast5-ofb" */

-&(nid_objs[152]),/* "certBag" */

-&(nid_objs[677]),/* "certicom-arc" */

-&(nid_objs[517]),/* "certificate extensions" */

-&(nid_objs[54]),/* "challengePassword" */

-&(nid_objs[407]),/* "characteristic-two-field" */

-&(nid_objs[395]),/* "clearance" */

-&(nid_objs[633]),/* "cleartext track 2" */

-&(nid_objs[13]),/* "commonName" */

-&(nid_objs[513]),/* "content types" */

-&(nid_objs[50]),/* "contentType" */

-&(nid_objs[53]),/* "countersignature" */

-&(nid_objs[14]),/* "countryName" */

-&(nid_objs[153]),/* "crlBag" */

-&(nid_objs[500]),/* "dITRedirect" */

-&(nid_objs[451]),/* "dNSDomain" */

-&(nid_objs[495]),/* "dSAQuality" */

-&(nid_objs[434]),/* "data" */

-&(nid_objs[390]),/* "dcObject" */

-&(nid_objs[31]),/* "des-cbc" */

-&(nid_objs[643]),/* "des-cdmf" */

-&(nid_objs[30]),/* "des-cfb" */

-&(nid_objs[656]),/* "des-cfb1" */

-&(nid_objs[657]),/* "des-cfb8" */

-&(nid_objs[29]),/* "des-ecb" */

-&(nid_objs[32]),/* "des-ede" */

-&(nid_objs[43]),/* "des-ede-cbc" */

-&(nid_objs[60]),/* "des-ede-cfb" */

-&(nid_objs[62]),/* "des-ede-ofb" */

-&(nid_objs[33]),/* "des-ede3" */

-&(nid_objs[44]),/* "des-ede3-cbc" */

-&(nid_objs[61]),/* "des-ede3-cfb" */

-&(nid_objs[658]),/* "des-ede3-cfb1" */

-&(nid_objs[659]),/* "des-ede3-cfb8" */

-&(nid_objs[63]),/* "des-ede3-ofb" */

-&(nid_objs[45]),/* "des-ofb" */

-&(nid_objs[107]),/* "description" */

-&(nid_objs[80]),/* "desx-cbc" */

-&(nid_objs[28]),/* "dhKeyAgreement" */

-&(nid_objs[11]),/* "directory services (X.500)" */

-&(nid_objs[378]),/* "directory services - algorithms" */

-&(nid_objs[174]),/* "dnQualifier" */

-&(nid_objs[447]),/* "document" */

-&(nid_objs[471]),/* "documentAuthor" */

-&(nid_objs[468]),/* "documentIdentifier" */

-&(nid_objs[472]),/* "documentLocation" */

-&(nid_objs[502]),/* "documentPublisher" */

-&(nid_objs[449]),/* "documentSeries" */

-&(nid_objs[469]),/* "documentTitle" */

-&(nid_objs[470]),/* "documentVersion" */

-&(nid_objs[380]),/* "dod" */

-&(nid_objs[391]),/* "domainComponent" */

-&(nid_objs[452]),/* "domainRelatedObject" */

-&(nid_objs[116]),/* "dsaEncryption" */

-&(nid_objs[67]),/* "dsaEncryption-old" */

-&(nid_objs[66]),/* "dsaWithSHA" */

-&(nid_objs[113]),/* "dsaWithSHA1" */

-&(nid_objs[70]),/* "dsaWithSHA1-old" */

-&(nid_objs[297]),/* "dvcs" */

-&(nid_objs[416]),/* "ecdsa-with-SHA1" */

-&(nid_objs[48]),/* "emailAddress" */

-&(nid_objs[632]),/* "encrypted track 2" */

-&(nid_objs[56]),/* "extendedCertificateAttributes" */

-&(nid_objs[462]),/* "favouriteDrink" */

-&(nid_objs[453]),/* "friendlyCountry" */

-&(nid_objs[490]),/* "friendlyCountryName" */

-&(nid_objs[156]),/* "friendlyName" */

-&(nid_objs[631]),/* "generate cryptogram" */

-&(nid_objs[509]),/* "generationQualifier" */

-&(nid_objs[601]),/* "generic cryptogram" */

-&(nid_objs[99]),/* "givenName" */

-&(nid_objs[163]),/* "hmacWithSHA1" */

-&(nid_objs[486]),/* "homePostalAddress" */

-&(nid_objs[473]),/* "homeTelephoneNumber" */

-&(nid_objs[466]),/* "host" */

-&(nid_objs[442]),/* "iA5StringSyntax" */

-&(nid_objs[381]),/* "iana" */

-&(nid_objs[266]),/* "id-aca" */

-&(nid_objs[355]),/* "id-aca-accessIdentity" */

-&(nid_objs[354]),/* "id-aca-authenticationInfo" */

-&(nid_objs[356]),/* "id-aca-chargingIdentity" */

-&(nid_objs[399]),/* "id-aca-encAttrs" */

-&(nid_objs[357]),/* "id-aca-group" */

-&(nid_objs[358]),/* "id-aca-role" */

-&(nid_objs[176]),/* "id-ad" */

-&(nid_objs[262]),/* "id-alg" */

-&(nid_objs[323]),/* "id-alg-des40" */

-&(nid_objs[326]),/* "id-alg-dh-pop" */

-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */

-&(nid_objs[324]),/* "id-alg-noSignature" */

-&(nid_objs[268]),/* "id-cct" */

-&(nid_objs[361]),/* "id-cct-PKIData" */

-&(nid_objs[362]),/* "id-cct-PKIResponse" */

-&(nid_objs[360]),/* "id-cct-crs" */

-&(nid_objs[81]),/* "id-ce" */

-&(nid_objs[680]),/* "id-characteristic-two-basis" */

-&(nid_objs[263]),/* "id-cmc" */

-&(nid_objs[334]),/* "id-cmc-addExtensions" */

-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */

-&(nid_objs[330]),/* "id-cmc-dataReturn" */

-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */

-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */

-&(nid_objs[339]),/* "id-cmc-getCRL" */

-&(nid_objs[338]),/* "id-cmc-getCert" */

-&(nid_objs[328]),/* "id-cmc-identification" */

-&(nid_objs[329]),/* "id-cmc-identityProof" */

-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */

-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */

-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */

-&(nid_objs[343]),/* "id-cmc-queryPending" */

-&(nid_objs[333]),/* "id-cmc-recipientNonce" */

-&(nid_objs[341]),/* "id-cmc-regInfo" */

-&(nid_objs[342]),/* "id-cmc-responseInfo" */

-&(nid_objs[340]),/* "id-cmc-revokeRequest" */

-&(nid_objs[332]),/* "id-cmc-senderNonce" */

-&(nid_objs[327]),/* "id-cmc-statusInfo" */

-&(nid_objs[331]),/* "id-cmc-transactionId" */

-&(nid_objs[408]),/* "id-ecPublicKey" */

-&(nid_objs[508]),/* "id-hex-multipart-message" */

-&(nid_objs[507]),/* "id-hex-partial-message" */

-&(nid_objs[260]),/* "id-it" */

-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */

-&(nid_objs[298]),/* "id-it-caProtEncCert" */

-&(nid_objs[311]),/* "id-it-confirmWaitTime" */

-&(nid_objs[303]),/* "id-it-currentCRL" */

-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */

-&(nid_objs[310]),/* "id-it-implicitConfirm" */

-&(nid_objs[308]),/* "id-it-keyPairParamRep" */

-&(nid_objs[307]),/* "id-it-keyPairParamReq" */

-&(nid_objs[312]),/* "id-it-origPKIMessage" */

-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */

-&(nid_objs[309]),/* "id-it-revPassphrase" */

-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */

-&(nid_objs[305]),/* "id-it-subscriptionRequest" */

-&(nid_objs[306]),/* "id-it-subscriptionResponse" */

-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */

-&(nid_objs[128]),/* "id-kp" */

-&(nid_objs[280]),/* "id-mod-attribute-cert" */

-&(nid_objs[274]),/* "id-mod-cmc" */

-&(nid_objs[277]),/* "id-mod-cmp" */

-&(nid_objs[284]),/* "id-mod-cmp2000" */

-&(nid_objs[273]),/* "id-mod-crmf" */

-&(nid_objs[283]),/* "id-mod-dvcs" */

-&(nid_objs[275]),/* "id-mod-kea-profile-88" */

-&(nid_objs[276]),/* "id-mod-kea-profile-93" */

-&(nid_objs[282]),/* "id-mod-ocsp" */

-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */

-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */

-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */

-&(nid_objs[264]),/* "id-on" */

-&(nid_objs[347]),/* "id-on-personalData" */

-&(nid_objs[265]),/* "id-pda" */

-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */

-&(nid_objs[353]),/* "id-pda-countryOfResidence" */

-&(nid_objs[348]),/* "id-pda-dateOfBirth" */

-&(nid_objs[351]),/* "id-pda-gender" */

-&(nid_objs[349]),/* "id-pda-placeOfBirth" */

-&(nid_objs[175]),/* "id-pe" */

-&(nid_objs[261]),/* "id-pkip" */

-&(nid_objs[258]),/* "id-pkix-mod" */

-&(nid_objs[269]),/* "id-pkix1-explicit-88" */

-&(nid_objs[271]),/* "id-pkix1-explicit-93" */

-&(nid_objs[270]),/* "id-pkix1-implicit-88" */

-&(nid_objs[272]),/* "id-pkix1-implicit-93" */

-&(nid_objs[662]),/* "id-ppl" */

-&(nid_objs[267]),/* "id-qcs" */

-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */

-&(nid_objs[259]),/* "id-qt" */

-&(nid_objs[313]),/* "id-regCtrl" */

-&(nid_objs[316]),/* "id-regCtrl-authenticator" */

-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */

-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */

-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */

-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */

-&(nid_objs[315]),/* "id-regCtrl-regToken" */

-&(nid_objs[314]),/* "id-regInfo" */

-&(nid_objs[322]),/* "id-regInfo-certReq" */

-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */

-&(nid_objs[191]),/* "id-smime-aa" */

-&(nid_objs[215]),/* "id-smime-aa-contentHint" */

-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */

-&(nid_objs[221]),/* "id-smime-aa-contentReference" */

-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */

-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */

-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */

-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */

-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */

-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */

-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */

-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */

-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */

-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */

-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */

-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */

-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */

-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */

-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */

-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */

-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */

-&(nid_objs[219]),/* "id-smime-aa-macValue" */

-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */

-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */

-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */

-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */

-&(nid_objs[239]),/* "id-smime-aa-signatureType" */

-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */

-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */

-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */

-&(nid_objs[192]),/* "id-smime-alg" */

-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */

-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */

-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */

-&(nid_objs[245]),/* "id-smime-alg-ESDH" */

-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */

-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */

-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */

-&(nid_objs[193]),/* "id-smime-cd" */

-&(nid_objs[248]),/* "id-smime-cd-ldap" */

-&(nid_objs[190]),/* "id-smime-ct" */

-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */

-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */

-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */

-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */

-&(nid_objs[205]),/* "id-smime-ct-authData" */

-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */

-&(nid_objs[206]),/* "id-smime-ct-publishCert" */

-&(nid_objs[204]),/* "id-smime-ct-receipt" */

-&(nid_objs[195]),/* "id-smime-cti" */

-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */

-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */

-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */

-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */

-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */

-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */

-&(nid_objs[189]),/* "id-smime-mod" */

-&(nid_objs[196]),/* "id-smime-mod-cms" */

-&(nid_objs[197]),/* "id-smime-mod-ess" */

-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */

-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */

-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */

-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */

-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */

-&(nid_objs[198]),/* "id-smime-mod-oid" */

-&(nid_objs[194]),/* "id-smime-spq" */

-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */

-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */

-&(nid_objs[34]),/* "idea-cbc" */

-&(nid_objs[35]),/* "idea-cfb" */

-&(nid_objs[36]),/* "idea-ecb" */

-&(nid_objs[46]),/* "idea-ofb" */

-&(nid_objs[676]),/* "identified-organization" */

-&(nid_objs[461]),/* "info" */

-&(nid_objs[101]),/* "initials" */

-&(nid_objs[749]),/* "ipsec3" */

-&(nid_objs[750]),/* "ipsec4" */

-&(nid_objs[181]),/* "iso" */

-&(nid_objs[623]),/* "issuer capabilities" */

-&(nid_objs[645]),/* "itu-t" */

-&(nid_objs[492]),/* "janetMailbox" */

-&(nid_objs[646]),/* "joint-iso-itu-t" */

-&(nid_objs[150]),/* "keyBag" */

-&(nid_objs[773]),/* "kisa" */

-&(nid_objs[477]),/* "lastModifiedBy" */

-&(nid_objs[476]),/* "lastModifiedTime" */

-&(nid_objs[157]),/* "localKeyID" */

-&(nid_objs[15]),/* "localityName" */

-&(nid_objs[480]),/* "mXRecord" */

-&(nid_objs[493]),/* "mailPreferenceOption" */

-&(nid_objs[467]),/* "manager" */

-&(nid_objs[ 3]),/* "md2" */

-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */

-&(nid_objs[257]),/* "md4" */

-&(nid_objs[396]),/* "md4WithRSAEncryption" */

-&(nid_objs[ 4]),/* "md5" */

-&(nid_objs[114]),/* "md5-sha1" */

-&(nid_objs[104]),/* "md5WithRSA" */

-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */

-&(nid_objs[95]),/* "mdc2" */

-&(nid_objs[96]),/* "mdc2WithRSA" */

-&(nid_objs[602]),/* "merchant initiated auth" */

-&(nid_objs[514]),/* "message extensions" */

-&(nid_objs[51]),/* "messageDigest" */

-&(nid_objs[506]),/* "mime-mhs-bodies" */

-&(nid_objs[505]),/* "mime-mhs-headings" */

-&(nid_objs[488]),/* "mobileTelephoneNumber" */

-&(nid_objs[481]),/* "nSRecord" */

-&(nid_objs[173]),/* "name" */

-&(nid_objs[681]),/* "onBasis" */

-&(nid_objs[379]),/* "org" */

-&(nid_objs[17]),/* "organizationName" */

-&(nid_objs[491]),/* "organizationalStatus" */

-&(nid_objs[18]),/* "organizationalUnitName" */

-&(nid_objs[475]),/* "otherMailbox" */

-&(nid_objs[489]),/* "pagerTelephoneNumber" */

-&(nid_objs[374]),/* "path" */

-&(nid_objs[621]),/* "payment gateway capabilities" */

-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */

-&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */

-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */

-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */

-&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */

-&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */

-&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */

-&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */

-&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */

-&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */

-&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */

-&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */

-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */

-&(nid_objs[499]),/* "personalSignature" */

-&(nid_objs[487]),/* "personalTitle" */

-&(nid_objs[464]),/* "photo" */

-&(nid_objs[437]),/* "pilot" */

-&(nid_objs[439]),/* "pilotAttributeSyntax" */

-&(nid_objs[438]),/* "pilotAttributeType" */

-&(nid_objs[479]),/* "pilotAttributeType27" */

-&(nid_objs[456]),/* "pilotDSA" */

-&(nid_objs[441]),/* "pilotGroups" */

-&(nid_objs[444]),/* "pilotObject" */

-&(nid_objs[440]),/* "pilotObjectClass" */

-&(nid_objs[455]),/* "pilotOrganization" */

-&(nid_objs[445]),/* "pilotPerson" */

-&(nid_objs[186]),/* "pkcs1" */

-&(nid_objs[27]),/* "pkcs3" */

-&(nid_objs[187]),/* "pkcs5" */

-&(nid_objs[20]),/* "pkcs7" */

-&(nid_objs[21]),/* "pkcs7-data" */

-&(nid_objs[25]),/* "pkcs7-digestData" */

-&(nid_objs[26]),/* "pkcs7-encryptedData" */

-&(nid_objs[23]),/* "pkcs7-envelopedData" */

-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */

-&(nid_objs[22]),/* "pkcs7-signedData" */

-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */

-&(nid_objs[47]),/* "pkcs9" */

-&(nid_objs[661]),/* "postalCode" */

-&(nid_objs[683]),/* "ppBasis" */

-&(nid_objs[406]),/* "prime-field" */

-&(nid_objs[409]),/* "prime192v1" */

-&(nid_objs[410]),/* "prime192v2" */

-&(nid_objs[411]),/* "prime192v3" */

-&(nid_objs[412]),/* "prime239v1" */

-&(nid_objs[413]),/* "prime239v2" */

-&(nid_objs[414]),/* "prime239v3" */

-&(nid_objs[415]),/* "prime256v1" */

-&(nid_objs[510]),/* "pseudonym" */

-&(nid_objs[435]),/* "pss" */

-&(nid_objs[286]),/* "qcStatements" */

-&(nid_objs[457]),/* "qualityLabelledData" */

-&(nid_objs[450]),/* "rFC822localPart" */

-&(nid_objs[98]),/* "rc2-40-cbc" */

-&(nid_objs[166]),/* "rc2-64-cbc" */

-&(nid_objs[37]),/* "rc2-cbc" */

-&(nid_objs[39]),/* "rc2-cfb" */

-&(nid_objs[38]),/* "rc2-ecb" */

-&(nid_objs[40]),/* "rc2-ofb" */

-&(nid_objs[ 5]),/* "rc4" */

-&(nid_objs[97]),/* "rc4-40" */

-&(nid_objs[120]),/* "rc5-cbc" */

-&(nid_objs[122]),/* "rc5-cfb" */

-&(nid_objs[121]),/* "rc5-ecb" */

-&(nid_objs[123]),/* "rc5-ofb" */

-&(nid_objs[460]),/* "rfc822Mailbox" */

-&(nid_objs[117]),/* "ripemd160" */

-&(nid_objs[119]),/* "ripemd160WithRSA" */

-&(nid_objs[400]),/* "role" */

-&(nid_objs[448]),/* "room" */

-&(nid_objs[463]),/* "roomNumber" */

-&(nid_objs[19]),/* "rsa" */

-&(nid_objs[ 6]),/* "rsaEncryption" */

-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */

-&(nid_objs[377]),/* "rsaSignature" */

-&(nid_objs[124]),/* "run length compression" */

-&(nid_objs[482]),/* "sOARecord" */

-&(nid_objs[155]),/* "safeContentsBag" */

-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */

-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */

-&(nid_objs[292]),/* "sbgp-routerIdentifier" */

-&(nid_objs[159]),/* "sdsiCertificate" */

-&(nid_objs[704]),/* "secp112r1" */

-&(nid_objs[705]),/* "secp112r2" */

-&(nid_objs[706]),/* "secp128r1" */

-&(nid_objs[707]),/* "secp128r2" */

-&(nid_objs[708]),/* "secp160k1" */

-&(nid_objs[709]),/* "secp160r1" */

-&(nid_objs[710]),/* "secp160r2" */

-&(nid_objs[711]),/* "secp192k1" */

-&(nid_objs[712]),/* "secp224k1" */

-&(nid_objs[713]),/* "secp224r1" */

-&(nid_objs[714]),/* "secp256k1" */

-&(nid_objs[715]),/* "secp384r1" */

-&(nid_objs[716]),/* "secp521r1" */

-&(nid_objs[154]),/* "secretBag" */

-&(nid_objs[474]),/* "secretary" */

-&(nid_objs[717]),/* "sect113r1" */

-&(nid_objs[718]),/* "sect113r2" */

-&(nid_objs[719]),/* "sect131r1" */

-&(nid_objs[720]),/* "sect131r2" */

-&(nid_objs[721]),/* "sect163k1" */

-&(nid_objs[722]),/* "sect163r1" */

-&(nid_objs[723]),/* "sect163r2" */

-&(nid_objs[724]),/* "sect193r1" */

-&(nid_objs[725]),/* "sect193r2" */

-&(nid_objs[726]),/* "sect233k1" */

-&(nid_objs[727]),/* "sect233r1" */

-&(nid_objs[728]),/* "sect239k1" */

-&(nid_objs[729]),/* "sect283k1" */

-&(nid_objs[730]),/* "sect283r1" */

-&(nid_objs[731]),/* "sect409k1" */

-&(nid_objs[732]),/* "sect409r1" */

-&(nid_objs[733]),/* "sect571k1" */

-&(nid_objs[734]),/* "sect571r1" */

-&(nid_objs[635]),/* "secure device signature" */

-&(nid_objs[777]),/* "seed-cbc" */

-&(nid_objs[779]),/* "seed-cfb" */

-&(nid_objs[776]),/* "seed-ecb" */

-&(nid_objs[778]),/* "seed-ofb" */

-&(nid_objs[105]),/* "serialNumber" */

-&(nid_objs[625]),/* "set-addPolicy" */

-&(nid_objs[515]),/* "set-attr" */

-&(nid_objs[518]),/* "set-brand" */

-&(nid_objs[638]),/* "set-brand-AmericanExpress" */

-&(nid_objs[637]),/* "set-brand-Diners" */

-&(nid_objs[636]),/* "set-brand-IATA-ATA" */

-&(nid_objs[639]),/* "set-brand-JCB" */

-&(nid_objs[641]),/* "set-brand-MasterCard" */

-&(nid_objs[642]),/* "set-brand-Novus" */

-&(nid_objs[640]),/* "set-brand-Visa" */

-&(nid_objs[516]),/* "set-policy" */

-&(nid_objs[607]),/* "set-policy-root" */

-&(nid_objs[624]),/* "set-rootKeyThumb" */

-&(nid_objs[620]),/* "setAttr-Cert" */

-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */

-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */

-&(nid_objs[629]),/* "setAttr-IssCap-T2" */

-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */

-&(nid_objs[626]),/* "setAttr-Token-EMV" */

-&(nid_objs[622]),/* "setAttr-TokenType" */

-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */

-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */

-&(nid_objs[616]),/* "setCext-TokenIdentifier" */

-&(nid_objs[618]),/* "setCext-TokenType" */

-&(nid_objs[617]),/* "setCext-Track2Data" */

-&(nid_objs[611]),/* "setCext-cCertRequired" */

-&(nid_objs[609]),/* "setCext-certType" */

-&(nid_objs[608]),/* "setCext-hashedRoot" */

-&(nid_objs[610]),/* "setCext-merchData" */

-&(nid_objs[613]),/* "setCext-setExt" */

-&(nid_objs[614]),/* "setCext-setQualf" */

-&(nid_objs[612]),/* "setCext-tunneling" */

-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */

-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */

-&(nid_objs[570]),/* "setct-AuthReqTBE" */

-&(nid_objs[534]),/* "setct-AuthReqTBS" */

-&(nid_objs[527]),/* "setct-AuthResBaggage" */

-&(nid_objs[571]),/* "setct-AuthResTBE" */

-&(nid_objs[572]),/* "setct-AuthResTBEX" */

-&(nid_objs[535]),/* "setct-AuthResTBS" */

-&(nid_objs[536]),/* "setct-AuthResTBSX" */

-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */

-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */

-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */

-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */

-&(nid_objs[542]),/* "setct-AuthRevResData" */

-&(nid_objs[578]),/* "setct-AuthRevResTBE" */

-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */

-&(nid_objs[543]),/* "setct-AuthRevResTBS" */

-&(nid_objs[573]),/* "setct-AuthTokenTBE" */

-&(nid_objs[537]),/* "setct-AuthTokenTBS" */

-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */

-&(nid_objs[558]),/* "setct-BatchAdminReqData" */

-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */

-&(nid_objs[559]),/* "setct-BatchAdminResData" */

-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */

-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */

-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */

-&(nid_objs[580]),/* "setct-CapReqTBE" */

-&(nid_objs[581]),/* "setct-CapReqTBEX" */

-&(nid_objs[544]),/* "setct-CapReqTBS" */

-&(nid_objs[545]),/* "setct-CapReqTBSX" */

-&(nid_objs[546]),/* "setct-CapResData" */

-&(nid_objs[582]),/* "setct-CapResTBE" */

-&(nid_objs[583]),/* "setct-CapRevReqTBE" */

-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */

-&(nid_objs[547]),/* "setct-CapRevReqTBS" */

-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */

-&(nid_objs[549]),/* "setct-CapRevResData" */

-&(nid_objs[585]),/* "setct-CapRevResTBE" */

-&(nid_objs[538]),/* "setct-CapTokenData" */

-&(nid_objs[530]),/* "setct-CapTokenSeq" */

-&(nid_objs[574]),/* "setct-CapTokenTBE" */

-&(nid_objs[575]),/* "setct-CapTokenTBEX" */

-&(nid_objs[539]),/* "setct-CapTokenTBS" */

-&(nid_objs[560]),/* "setct-CardCInitResTBS" */

-&(nid_objs[566]),/* "setct-CertInqReqTBS" */

-&(nid_objs[563]),/* "setct-CertReqData" */

-&(nid_objs[595]),/* "setct-CertReqTBE" */

-&(nid_objs[596]),/* "setct-CertReqTBEX" */

-&(nid_objs[564]),/* "setct-CertReqTBS" */

-&(nid_objs[565]),/* "setct-CertResData" */

-&(nid_objs[597]),/* "setct-CertResTBE" */

-&(nid_objs[586]),/* "setct-CredReqTBE" */

-&(nid_objs[587]),/* "setct-CredReqTBEX" */

-&(nid_objs[550]),/* "setct-CredReqTBS" */

-&(nid_objs[551]),/* "setct-CredReqTBSX" */

-&(nid_objs[552]),/* "setct-CredResData" */

-&(nid_objs[588]),/* "setct-CredResTBE" */

-&(nid_objs[589]),/* "setct-CredRevReqTBE" */

-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */

-&(nid_objs[553]),/* "setct-CredRevReqTBS" */

-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */

-&(nid_objs[555]),/* "setct-CredRevResData" */

-&(nid_objs[591]),/* "setct-CredRevResTBE" */

-&(nid_objs[567]),/* "setct-ErrorTBS" */

-&(nid_objs[526]),/* "setct-HODInput" */

-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */

-&(nid_objs[522]),/* "setct-OIData" */

-&(nid_objs[519]),/* "setct-PANData" */

-&(nid_objs[521]),/* "setct-PANOnly" */

-&(nid_objs[520]),/* "setct-PANToken" */

-&(nid_objs[556]),/* "setct-PCertReqData" */

-&(nid_objs[557]),/* "setct-PCertResTBS" */

-&(nid_objs[523]),/* "setct-PI" */

-&(nid_objs[532]),/* "setct-PI-TBS" */

-&(nid_objs[524]),/* "setct-PIData" */

-&(nid_objs[525]),/* "setct-PIDataUnsigned" */

-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */

-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */

-&(nid_objs[531]),/* "setct-PInitResData" */

-&(nid_objs[533]),/* "setct-PResData" */

-&(nid_objs[594]),/* "setct-RegFormReqTBE" */

-&(nid_objs[562]),/* "setct-RegFormResTBS" */

-&(nid_objs[604]),/* "setext-pinAny" */

-&(nid_objs[603]),/* "setext-pinSecure" */

-&(nid_objs[605]),/* "setext-track2" */

-&(nid_objs[41]),/* "sha" */

-&(nid_objs[64]),/* "sha1" */

-&(nid_objs[115]),/* "sha1WithRSA" */

-&(nid_objs[65]),/* "sha1WithRSAEncryption" */

-&(nid_objs[675]),/* "sha224" */

-&(nid_objs[671]),/* "sha224WithRSAEncryption" */

-&(nid_objs[672]),/* "sha256" */

-&(nid_objs[668]),/* "sha256WithRSAEncryption" */

-&(nid_objs[673]),/* "sha384" */

-&(nid_objs[669]),/* "sha384WithRSAEncryption" */

-&(nid_objs[674]),/* "sha512" */

-&(nid_objs[670]),/* "sha512WithRSAEncryption" */

-&(nid_objs[42]),/* "shaWithRSAEncryption" */

-&(nid_objs[52]),/* "signingTime" */

-&(nid_objs[454]),/* "simpleSecurityObject" */

-&(nid_objs[496]),/* "singleLevelQuality" */

-&(nid_objs[16]),/* "stateOrProvinceName" */

-&(nid_objs[660]),/* "streetAddress" */

-&(nid_objs[498]),/* "subtreeMaximumQuality" */

-&(nid_objs[497]),/* "subtreeMinimumQuality" */

-&(nid_objs[100]),/* "surname" */

-&(nid_objs[459]),/* "textEncodedORAddress" */

-&(nid_objs[293]),/* "textNotice" */

-&(nid_objs[106]),/* "title" */

-&(nid_objs[682]),/* "tpBasis" */

-&(nid_objs[436]),/* "ucl" */

-&(nid_objs[ 0]),/* "undefined" */

-&(nid_objs[55]),/* "unstructuredAddress" */

-&(nid_objs[49]),/* "unstructuredName" */

-&(nid_objs[465]),/* "userClass" */

-&(nid_objs[458]),/* "userId" */

-&(nid_objs[373]),/* "valid" */

-&(nid_objs[678]),/* "wap" */

-&(nid_objs[679]),/* "wap-wsg" */

-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */

-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */

-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */

-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */

-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */

-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */

-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */

-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */

-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */

-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */

-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */

-&(nid_objs[503]),/* "x500UniqueIdentifier" */

-&(nid_objs[158]),/* "x509Certificate" */

-&(nid_objs[160]),/* "x509Crl" */

-&(nid_objs[125]),/* "zlib compression" */

-};

-static ASN1_OBJECT *obj_objs[NUM_OBJ]={

-&(nid_objs[ 0]),/* OBJ_undef                        0 */

-&(nid_objs[393]),/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */

-&(nid_objs[404]),/* OBJ_ccitt                        OBJ_itu_t */

-&(nid_objs[645]),/* OBJ_itu_t                        0 */

-&(nid_objs[434]),/* OBJ_data                         0 9 */

-&(nid_objs[181]),/* OBJ_iso                          1 */

-&(nid_objs[182]),/* OBJ_member_body                  1 2 */

-&(nid_objs[379]),/* OBJ_org                          1 3 */

-&(nid_objs[676]),/* OBJ_identified_organization      1 3 */

-&(nid_objs[646]),/* OBJ_joint_iso_itu_t              2 */

-&(nid_objs[11]),/* OBJ_X500                         2 5 */

-&(nid_objs[647]),/* OBJ_international_organizations  2 23 */

-&(nid_objs[380]),/* OBJ_dod                          1 3 6 */

-&(nid_objs[12]),/* OBJ_X509                         2 5 4 */

-&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */

-&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */

-&(nid_objs[512]),/* OBJ_id_set                       2 23 42 */

-&(nid_objs[678]),/* OBJ_wap                          2 23 43 */

-&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */

-&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */

-&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */

-&(nid_objs[677]),/* OBJ_certicom_arc                 1 3 132 */

-&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */

-&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */

-&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */

-&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */

-&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */

-&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */

-&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */

-&(nid_objs[660]),/* OBJ_streetAddress                2 5 4 9 */

-&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */

-&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */

-&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */

-&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */

-&(nid_objs[661]),/* OBJ_postalCode                   2 5 4 17 */

-&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */

-&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */

-&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */

-&(nid_objs[509]),/* OBJ_generationQualifier          2 5 4 44 */

-&(nid_objs[503]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */

-&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */

-&(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */

-&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */

-&(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */

-&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */

-&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */

-&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */

-&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */

-&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */

-&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */

-&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */

-&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */

-&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */

-&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */

-&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */

-&(nid_objs[770]),/* OBJ_issuing_distribution_point   2 5 29 28 */

-&(nid_objs[771]),/* OBJ_certificate_issuer           2 5 29 29 */

-&(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */

-&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */

-&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */

-&(nid_objs[747]),/* OBJ_policy_mappings              2 5 29 33 */

-&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */

-&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */

-&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */

-&(nid_objs[748]),/* OBJ_inhibit_any_policy           2 5 29 54 */

-&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */

-&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */

-&(nid_objs[513]),/* OBJ_set_ctype                    2 23 42 0 */

-&(nid_objs[514]),/* OBJ_set_msgExt                   2 23 42 1 */

-&(nid_objs[515]),/* OBJ_set_attr                     2 23 42 3 */

-&(nid_objs[516]),/* OBJ_set_policy                   2 23 42 5 */

-&(nid_objs[517]),/* OBJ_set_certExt                  2 23 42 7 */

-&(nid_objs[518]),/* OBJ_set_brand                    2 23 42 8 */

-&(nid_objs[679]),/* OBJ_wap_wsg                      2 23 43 13 */

-&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */

-&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */

-&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */

-&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */

-&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */

-&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */

-&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */

-&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */

-&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */

-&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */

-&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */

-&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */

-&(nid_objs[746]),/* OBJ_any_policy                   2 5 29 32 0 */

-&(nid_objs[519]),/* OBJ_setct_PANData                2 23 42 0 0 */

-&(nid_objs[520]),/* OBJ_setct_PANToken               2 23 42 0 1 */

-&(nid_objs[521]),/* OBJ_setct_PANOnly                2 23 42 0 2 */

-&(nid_objs[522]),/* OBJ_setct_OIData                 2 23 42 0 3 */

-&(nid_objs[523]),/* OBJ_setct_PI                     2 23 42 0 4 */

-&(nid_objs[524]),/* OBJ_setct_PIData                 2 23 42 0 5 */

-&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */

-&(nid_objs[526]),/* OBJ_setct_HODInput               2 23 42 0 7 */

-&(nid_objs[527]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */

-&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */

-&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */

-&(nid_objs[530]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */

-&(nid_objs[531]),/* OBJ_setct_PInitResData           2 23 42 0 12 */

-&(nid_objs[532]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */

-&(nid_objs[533]),/* OBJ_setct_PResData               2 23 42 0 14 */

-&(nid_objs[534]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */

-&(nid_objs[535]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */

-&(nid_objs[536]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */

-&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */

-&(nid_objs[538]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */

-&(nid_objs[539]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */

-&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */

-&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */

-&(nid_objs[542]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */

-&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */

-&(nid_objs[544]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */

-&(nid_objs[545]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */

-&(nid_objs[546]),/* OBJ_setct_CapResData             2 23 42 0 28 */

-&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */

-&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */

-&(nid_objs[549]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */

-&(nid_objs[550]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */

-&(nid_objs[551]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */

-&(nid_objs[552]),/* OBJ_setct_CredResData            2 23 42 0 34 */

-&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */

-&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */

-&(nid_objs[555]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */

-&(nid_objs[556]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */

-&(nid_objs[557]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */

-&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */

-&(nid_objs[559]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */

-&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */

-&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */

-&(nid_objs[562]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */

-&(nid_objs[563]),/* OBJ_setct_CertReqData            2 23 42 0 45 */

-&(nid_objs[564]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */

-&(nid_objs[565]),/* OBJ_setct_CertResData            2 23 42 0 47 */

-&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */

-&(nid_objs[567]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */

-&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */

-&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */

-&(nid_objs[570]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */

-&(nid_objs[571]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */

-&(nid_objs[572]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */

-&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */

-&(nid_objs[574]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */

-&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */

-&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */

-&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */

-&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */

-&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */

-&(nid_objs[580]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */

-&(nid_objs[581]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */

-&(nid_objs[582]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */

-&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */

-&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */

-&(nid_objs[585]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */

-&(nid_objs[586]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */

-&(nid_objs[587]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */

-&(nid_objs[588]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */

-&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */

-&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */

-&(nid_objs[591]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */

-&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */

-&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */

-&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */

-&(nid_objs[595]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */

-&(nid_objs[596]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */

-&(nid_objs[597]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */

-&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */

-&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */

-&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */

-&(nid_objs[601]),/* OBJ_setext_genCrypt              2 23 42 1 1 */

-&(nid_objs[602]),/* OBJ_setext_miAuth                2 23 42 1 3 */

-&(nid_objs[603]),/* OBJ_setext_pinSecure             2 23 42 1 4 */

-&(nid_objs[604]),/* OBJ_setext_pinAny                2 23 42 1 5 */

-&(nid_objs[605]),/* OBJ_setext_track2                2 23 42 1 7 */

-&(nid_objs[606]),/* OBJ_setext_cv                    2 23 42 1 8 */

-&(nid_objs[620]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */

-&(nid_objs[621]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */

-&(nid_objs[622]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */

-&(nid_objs[623]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */

-&(nid_objs[607]),/* OBJ_set_policy_root              2 23 42 5 0 */

-&(nid_objs[608]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */

-&(nid_objs[609]),/* OBJ_setCext_certType             2 23 42 7 1 */

-&(nid_objs[610]),/* OBJ_setCext_merchData            2 23 42 7 2 */

-&(nid_objs[611]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */

-&(nid_objs[612]),/* OBJ_setCext_tunneling            2 23 42 7 4 */

-&(nid_objs[613]),/* OBJ_setCext_setExt               2 23 42 7 5 */

-&(nid_objs[614]),/* OBJ_setCext_setQualf             2 23 42 7 6 */

-&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */

-&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */

-&(nid_objs[617]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */

-&(nid_objs[618]),/* OBJ_setCext_TokenType            2 23 42 7 10 */

-&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */

-&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */

-&(nid_objs[640]),/* OBJ_set_brand_Visa               2 23 42 8 4 */

-&(nid_objs[641]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */

-&(nid_objs[637]),/* OBJ_set_brand_Diners             2 23 42 8 30 */

-&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */

-&(nid_objs[639]),/* OBJ_set_brand_JCB                2 23 42 8 35 */

-&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */

-&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */

-&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */

-&(nid_objs[504]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */

-&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */

-&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */

-&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */

-&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */

-&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */

-&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */

-&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */

-&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */

-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */

-&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */

-&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */

-&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */

-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */

-&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */

-&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */

-&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */

-&(nid_objs[721]),/* OBJ_sect163k1                    1 3 132 0 1 */

-&(nid_objs[722]),/* OBJ_sect163r1                    1 3 132 0 2 */

-&(nid_objs[728]),/* OBJ_sect239k1                    1 3 132 0 3 */

-&(nid_objs[717]),/* OBJ_sect113r1                    1 3 132 0 4 */

-&(nid_objs[718]),/* OBJ_sect113r2                    1 3 132 0 5 */

-&(nid_objs[704]),/* OBJ_secp112r1                    1 3 132 0 6 */

-&(nid_objs[705]),/* OBJ_secp112r2                    1 3 132 0 7 */

-&(nid_objs[709]),/* OBJ_secp160r1                    1 3 132 0 8 */

-&(nid_objs[708]),/* OBJ_secp160k1                    1 3 132 0 9 */

-&(nid_objs[714]),/* OBJ_secp256k1                    1 3 132 0 10 */

-&(nid_objs[723]),/* OBJ_sect163r2                    1 3 132 0 15 */

-&(nid_objs[729]),/* OBJ_sect283k1                    1 3 132 0 16 */

-&(nid_objs[730]),/* OBJ_sect283r1                    1 3 132 0 17 */

-&(nid_objs[719]),/* OBJ_sect131r1                    1 3 132 0 22 */

-&(nid_objs[720]),/* OBJ_sect131r2                    1 3 132 0 23 */

-&(nid_objs[724]),/* OBJ_sect193r1                    1 3 132 0 24 */

-&(nid_objs[725]),/* OBJ_sect193r2                    1 3 132 0 25 */

-&(nid_objs[726]),/* OBJ_sect233k1                    1 3 132 0 26 */

-&(nid_objs[727]),/* OBJ_sect233r1                    1 3 132 0 27 */

-&(nid_objs[706]),/* OBJ_secp128r1                    1 3 132 0 28 */

-&(nid_objs[707]),/* OBJ_secp128r2                    1 3 132 0 29 */

-&(nid_objs[710]),/* OBJ_secp160r2                    1 3 132 0 30 */

-&(nid_objs[711]),/* OBJ_secp192k1                    1 3 132 0 31 */

-&(nid_objs[712]),/* OBJ_secp224k1                    1 3 132 0 32 */

-&(nid_objs[713]),/* OBJ_secp224r1                    1 3 132 0 33 */

-&(nid_objs[715]),/* OBJ_secp384r1                    1 3 132 0 34 */

-&(nid_objs[716]),/* OBJ_secp521r1                    1 3 132 0 35 */

-&(nid_objs[731]),/* OBJ_sect409k1                    1 3 132 0 36 */

-&(nid_objs[732]),/* OBJ_sect409r1                    1 3 132 0 37 */

-&(nid_objs[733]),/* OBJ_sect571k1                    1 3 132 0 38 */

-&(nid_objs[734]),/* OBJ_sect571r1                    1 3 132 0 39 */

-&(nid_objs[624]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */

-&(nid_objs[625]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */

-&(nid_objs[626]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */

-&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */

-&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */

-&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */

-&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */

-&(nid_objs[642]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */

-&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 13 4 1 */

-&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 13 4 3 */

-&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 13 4 4 */

-&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 13 4 5 */

-&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 13 4 6 */

-&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 13 4 7 */

-&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 13 4 8 */

-&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 13 4 9 */

-&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 13 4 10 */

-&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 13 4 11 */

-&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 13 4 12 */

-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */

-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */

-&(nid_objs[773]),/* OBJ_kisa                         1 2 410 200004 */

-&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */

-&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */

-&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */

-&(nid_objs[505]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */

-&(nid_objs[506]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */

-&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */

-&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */

-&(nid_objs[632]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */

-&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */

-&(nid_objs[634]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */

-&(nid_objs[635]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */

-&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */

-&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */

-&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */

-&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */

-&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */

-&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */

-&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */

-&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */

-&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */

-&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */

-&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */

-&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */

-&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */

-&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */

-&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */

-&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */

-&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */

-&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */

-&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */

-&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */

-&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */

-&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */

-&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */

-&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */

-&(nid_objs[662]),/* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */

-&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */

-&(nid_objs[507]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */

-&(nid_objs[508]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */

-&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */

-&(nid_objs[754]),/* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */

-&(nid_objs[766]),/* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */

-&(nid_objs[757]),/* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */

-&(nid_objs[755]),/* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */

-&(nid_objs[767]),/* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */

-&(nid_objs[758]),/* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */

-&(nid_objs[756]),/* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */

-&(nid_objs[768]),/* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */

-&(nid_objs[759]),/* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */

-&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */

-&(nid_objs[776]),/* OBJ_seed_ecb                     1 2 410 200004 1 3 */

-&(nid_objs[777]),/* OBJ_seed_cbc                     1 2 410 200004 1 4 */

-&(nid_objs[779]),/* OBJ_seed_cfb128                  1 2 410 200004 1 5 */

-&(nid_objs[778]),/* OBJ_seed_ofb128                  1 2 410 200004 1 6 */

-&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */

-&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */

-&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */

-&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */

-&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */

-&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */

-&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */

-&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */

-&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */

-&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */

-&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */

-&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */

-&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */

-&(nid_objs[643]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */

-&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */

-&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */

-&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */

-&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */

-&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */

-&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */

-&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */

-&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */

-&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */

-&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */

-&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */

-&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */

-&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */

-&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */

-&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */

-&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */

-&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */

-&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */

-&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */

-&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */

-&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */

-&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */

-&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */

-&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */

-&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */

-&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */

-&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */

-&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */

-&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */

-&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */

-&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */

-&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */

-&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */

-&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */

-&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */

-&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */

-&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */

-&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */

-&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */

-&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */

-&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */

-&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */

-&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */

-&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */

-&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */

-&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */

-&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */

-&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */

-&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */

-&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */

-&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */

-&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */

-&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */

-&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */

-&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */

-&(nid_objs[663]),/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */

-&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */

-&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */

-&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */

-&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */

-&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */

-&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */

-&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */

-&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */

-&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */

-&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */

-&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */

-&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */

-&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */

-&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */

-&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */

-&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */

-&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */

-&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */

-&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */

-&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */

-&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */

-&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */

-&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */

-&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */

-&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */

-&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */

-&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */

-&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */

-&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */

-&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */

-&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */

-&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */

-&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */

-&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */

-&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */

-&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */

-&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */

-&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */

-&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */

-&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */

-&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */

-&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */

-&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */

-&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */

-&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */

-&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */

-&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */

-&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */

-&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */

-&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */

-&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */

-&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */

-&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */

-&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */

-&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */

-&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */

-&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */

-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */

-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */

-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */

-&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */

-&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */

-&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */

-&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */

-&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */

-&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */

-&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */

-&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */

-&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */

-&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */

-&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */

-&(nid_objs[665]),/* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */

-&(nid_objs[667]),/* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */

-&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */

-&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */

-&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */

-&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */

-&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */

-&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */

-&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */

-&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */

-&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */

-&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */

-&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */

-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */

-&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */

-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */

-&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */

-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */

-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */

-&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */

-&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */

-&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */

-&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */

-&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */

-&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */

-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */

-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */

-&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */

-&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */

-&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */

-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */

-&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */

-&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */

-&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */

-&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */

-&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */

-&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */

-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */

-&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */

-&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */

-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */

-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */

-&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */

-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */

-&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */

-&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */

-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */

-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */

-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */

-&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */

-&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */

-&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */

-&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */

-&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */

-&(nid_objs[681]),/* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */

-&(nid_objs[682]),/* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */

-&(nid_objs[683]),/* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */

-&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */

-&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */

-&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */

-&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */

-&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */

-&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */

-&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */

-&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */

-&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */

-&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */

-&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */

-&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */

-&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */

-&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */

-&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */

-&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */

-&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */

-&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */

-&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */

-&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */

-&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */

-&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */

-&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */

-&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */

-&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */

-&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */

-&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */

-&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */

-&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */

-&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */

-&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */

-&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */

-&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */

-&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */

-&(nid_objs[672]),/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */

-&(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */

-&(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */

-&(nid_objs[675]),/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */

-&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */

-&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */

-&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */

-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */

-&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */

-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */

-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */

-&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */

-&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */

-&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */

-&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */

-&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */

-&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */

-&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */

-&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */

-&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */

-&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */

-&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */

-&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */

-&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */

-&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */

-&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */

-&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */

-&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */

-&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */

-&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */

-&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */

-&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */

-&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */

-&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */

-&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */

-&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */

-&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */

-&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */

-&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */

-&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */

-&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */

-&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */

-&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */

-&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */

-&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */

-&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */

-&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */

-&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */

-&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */

-&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */

-&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */

-&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */

-&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */

-&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */

-&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */

-&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */

-&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */

-&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */

-&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */

-&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */

-&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */

-&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */

-&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */

-&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */

-&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */

-&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */

-&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */

-&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */

-&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */

-&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */

-&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */

-&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */

-&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */

-&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */

-&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */

-&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */

-&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */

-&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */

-&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */

-&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */

-&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */

-&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */

-&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */

-&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */

-&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */

-&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */

-&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */

-&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */

-&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */

-&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */

-&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */

-&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */

-&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */

-&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */

-&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */

-&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */

-&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */

-&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */

-&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */

-&(nid_objs[648]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */

-&(nid_objs[649]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */

-&(nid_objs[751]),/* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */

-&(nid_objs[752]),/* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */

-&(nid_objs[753]),/* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */

-&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */

-&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */

-&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */

-&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */

-&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */

-&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */

-&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */

-&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */

-&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */

-&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */

-&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */

-&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */

-&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */

-&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */

-&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */

-&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */

-&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */

-&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */

-&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */

-&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */

-&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */

-&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */

-&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */

-&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */

-&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */

-&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */

-&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */

-&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */

-&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */

-&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */

-&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */

-&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */

-&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */

-&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */

-&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */

-&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */

-&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */

-&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */

-&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */

-&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */

-&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */

-&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */

-&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */

-&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */

-&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */

-&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */

-&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */

-&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */

-&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */

-&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */

-&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */

-&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */

-&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */

-&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */

-&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */

-&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */

-&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */

-&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */

-&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */

-&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */

-&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */

-&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */

-&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */

-&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */

-&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */

-&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */

-&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */

-&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */

-};

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_dat.pl

+++ /dev/null

@@ -1,307 +1,0 @@

-#!/usr/local/bin/perl

-# fixes bug in floating point emulation on sparc64 when

-# this script produces off-by-one output on sparc64

-use integer;

-sub obj_cmp

-	{

-	local(@a,@b,$_,$r);

-	$A=$obj_len{$obj{$nid{$a}}};

-	$B=$obj_len{$obj{$nid{$b}}};

-	$r=($A-$B);

-	return($r) if $r != 0;

-	$A=$obj_der{$obj{$nid{$a}}};

-	$B=$obj_der{$obj{$nid{$b}}};

-	return($A cmp $B);

-	}

-sub expand_obj

-	{

-	local(*v)=@_;

-	local($k,$d);

-	local($i);

-	do	{

-		$i=0;

-		foreach $k (keys %v)

-			{

-			if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/))

-				{ $i++; }

-			}

-		} while($i);

-	foreach $k (keys %v)

-		{

-		@a=split(/,/,$v{$k});

-		$objn{$k}=$#a+1;

-		}

-	return(%objn);

-	}

-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";

-open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";

-while (<IN>)

-	{

-	next unless /^\#define\s+(\S+)\s+(.*)$/;

-	$v=$1;

-	$d=$2;

-	$d =~ s/^\"//;

-	$d =~ s/\"$//;

-	if ($v =~ /^SN_(.*)$/)

-		{

-		if(defined $snames{$d})

-			{

-			print "WARNING: Duplicate short name \"$d\"\n";

-			}

-		else

-			{ $snames{$d} = "X"; }

-		$sn{$1}=$d;

-		}

-	elsif ($v =~ /^LN_(.*)$/)

-		{

-		if(defined $lnames{$d})

-			{

-			print "WARNING: Duplicate long name \"$d\"\n";

-			}

-		else

-			{ $lnames{$d} = "X"; }

-		$ln{$1}=$d;

-		}

-	elsif ($v =~ /^NID_(.*)$/)

-		{ $nid{$d}=$1; }

-	elsif ($v =~ /^OBJ_(.*)$/)

-		{

-		$obj{$1}=$v;

-		$objd{$v}=$d;

-		}

-	}

-close IN;

-%ob=&expand_obj(*objd);

-@a=sort { $a <=> $b } keys %nid;

-$n=$a[$#a]+1;

-@lvalues=();

-$lvalues=0;

-for ($i=0; $i<$n; $i++)

-	{

-	if (!defined($nid{$i}))

-		{

-		push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n");

-		}

-	else

-		{

-		$sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";

-		$ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";

-		if ($sn eq "NULL") {

-			$sn=$ln;

-			$sn{$nid{$i}} = $ln;

-		}

-		if ($ln eq "NULL") {

-			$ln=$sn;

-			$ln{$nid{$i}} = $sn;

-		}

-		$out ="{";

-		$out.="\"$sn\"";

-		$out.=","."\"$ln\"";

-		$out.=",NID_$nid{$i},";

-		if (defined($obj{$nid{$i}}))

-			{

-			$v=$objd{$obj{$nid{$i}}};

-			$v =~ s/L//g;

-			$v =~ s/,/ /g;

-			$r=&der_it($v);

-			$z="";

-			$length=0;

-			foreach (unpack("C*",$r))

-				{

-				$z.=sprintf("0x%02X,",$_);

-				$length++;

-				}

-			$obj_der{$obj{$nid{$i}}}=$z;

-			$obj_len{$obj{$nid{$i}}}=$length;

-			push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",

-				$z,$lvalues,$obj{$nid{$i}}));

-			$out.="$length,&(lvalues[$lvalues]),0";

-			$lvalues+=$length;

-			}

-		else

-			{

-			$out.="0,NULL,0";

-			}

-		$out.="},\n";

-		push(@out,$out);

-		}

-	}

-@a=grep(defined($sn{$nid{$_}}),0 .. $n);

-foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)

-	{

-	push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));

-	}

-@a=grep(defined($ln{$nid{$_}}),0 .. $n);

-foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)

-	{

-	push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));

-	}

-@a=grep(defined($obj{$nid{$_}}),0 .. $n);

-foreach (sort obj_cmp @a)

-	{

-	$m=$obj{$nid{$_}};

-	$v=$objd{$m};

-	$v =~ s/L//g;

-	$v =~ s/,/ /g;

-	push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));

-	}

-print OUT <<'EOF';

-/* crypto/objects/obj_dat.h */

-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the

- * following command:

- * perl obj_dat.pl obj_mac.h obj_dat.h

- */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-EOF

-printf OUT "#define NUM_NID %d\n",$n;

-printf OUT "#define NUM_SN %d\n",$#sn+1;

-printf OUT "#define NUM_LN %d\n",$#ln+1;

-printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;

-printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;

-print OUT @lvalues;

-print OUT "};\n\n";

-printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";

-foreach (@out)

-	{

-	if (length($_) > 75)

-		{

-		$out="";

-		foreach (split(/,/))

-			{

-			$t=$out.$_.",";

-			if (length($t) > 70)

-				{

-				print OUT "$out\n";

-				$t="\t$_,";

-				}

-			$out=$t;

-			}

-		chop $out;

-		print OUT "$out";

-		}

-	else

-		{ print OUT $_; }

-	}

-print  OUT "};\n\n";

-printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";

-print  OUT @sn;

-print  OUT "};\n\n";

-printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";

-print  OUT @ln;

-print  OUT "};\n\n";

-printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";

-print  OUT @ob;

-print  OUT "};\n\n";

-close OUT;

-sub der_it

-	{

-	local($v)=@_;

-	local(@a,$i,$ret,@r);

-	@a=split(/\s+/,$v);

-	$ret.=pack("C*",$a[0]*40+$a[1]);

-	shift @a;

-	shift @a;

-	foreach (@a)

-		{

-		@r=();

-		$t=0;

-		while ($_ >= 128)

-			{

-			$x=$_%128;

-			$_/=128;

-			push(@r,((($t++)?0x80:0)|$x));

-			}

-		push(@r,((($t++)?0x80:0)|$_));

-		$ret.=pack("C*",reverse(@r));

-		}

-	return($ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_err.c

+++ /dev/null

@@ -1,102 +1,0 @@

-/* crypto/objects/obj_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/objects.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)

-static ERR_STRING_DATA OBJ_str_functs[]=

-	{

-{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT),	"OBJ_add_object"},

-{ERR_FUNC(OBJ_F_OBJ_CREATE),	"OBJ_create"},

-{ERR_FUNC(OBJ_F_OBJ_DUP),	"OBJ_dup"},

-{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX),	"OBJ_NAME_new_index"},

-{ERR_FUNC(OBJ_F_OBJ_NID2LN),	"OBJ_nid2ln"},

-{ERR_FUNC(OBJ_F_OBJ_NID2OBJ),	"OBJ_nid2obj"},

-{ERR_FUNC(OBJ_F_OBJ_NID2SN),	"OBJ_nid2sn"},

-{0,NULL}

-	};

-static ERR_STRING_DATA OBJ_str_reasons[]=

-	{

-{ERR_REASON(OBJ_R_MALLOC_FAILURE)        ,"malloc failure"},

-{ERR_REASON(OBJ_R_UNKNOWN_NID)           ,"unknown nid"},

-{0,NULL}

-	};

-#endif

-void ERR_load_OBJ_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,OBJ_str_functs);

-		ERR_load_strings(0,OBJ_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_lib.c

+++ /dev/null

@@ -1,128 +1,0 @@

-/* crypto/objects/obj_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)

-	{

-	ASN1_OBJECT *r;

-	int i;

-	char *ln=NULL;

-	if (o == NULL) return(NULL);

-	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))

-		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of

-					     duplication is this??? */

-	r=ASN1_OBJECT_new();

-	if (r == NULL)

-		{

-		OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);

-		return(NULL);

-		}

-	r->data=OPENSSL_malloc(o->length);

-	if (r->data == NULL)

-		goto err;

-	if (o->data != NULL)

-		memcpy(r->data,o->data,o->length);

-	r->length=o->length;

-	r->nid=o->nid;

-	r->ln=r->sn=NULL;

-	if (o->ln != NULL)

-		{

-		i=strlen(o->ln)+1;

-		r->ln=ln=OPENSSL_malloc(i);

-		if (r->ln == NULL) goto err;

-		memcpy(ln,o->ln,i);

-		}

-	if (o->sn != NULL)

-		{

-		char *s;

-		i=strlen(o->sn)+1;

-		r->sn=s=OPENSSL_malloc(i);

-		if (r->sn == NULL) goto err;

-		memcpy(s,o->sn,i);

-		}

-	r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|

-		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);

-	return(r);

-err:

-	OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);

-	if (r != NULL)

-		{

-		if (ln != NULL) OPENSSL_free(ln);

-		if (r->data != NULL) OPENSSL_free(r->data);

-		OPENSSL_free(r);

-		}

-	return(NULL);

-	}

-int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)

-	{

-	int ret;

-	ret=(a->length-b->length);

-	if (ret) return(ret);

-	return(memcmp(a->data,b->data,a->length));

-	}

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_mac.h

+++ /dev/null

@@ -1,3433 +1,0 @@

-/* crypto/objects/obj_mac.h */

-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the

- * following command:

- * perl objects.pl objects.txt obj_mac.num obj_mac.h

- */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define SN_undef			"UNDEF"

-#define LN_undef			"undefined"

-#define NID_undef			0

-#define OBJ_undef			0L

-#define SN_itu_t		"ITU-T"

-#define LN_itu_t		"itu-t"

-#define NID_itu_t		645

-#define OBJ_itu_t		0L

-#define NID_ccitt		404

-#define OBJ_ccitt		OBJ_itu_t

-#define SN_iso		"ISO"

-#define LN_iso		"iso"

-#define NID_iso		181

-#define OBJ_iso		1L

-#define SN_joint_iso_itu_t		"JOINT-ISO-ITU-T"

-#define LN_joint_iso_itu_t		"joint-iso-itu-t"

-#define NID_joint_iso_itu_t		646

-#define OBJ_joint_iso_itu_t		2L

-#define NID_joint_iso_ccitt		393

-#define OBJ_joint_iso_ccitt		OBJ_joint_iso_itu_t

-#define SN_member_body		"member-body"

-#define LN_member_body		"ISO Member Body"

-#define NID_member_body		182

-#define OBJ_member_body		OBJ_iso,2L

-#define SN_identified_organization		"identified-organization"

-#define NID_identified_organization		676

-#define OBJ_identified_organization		OBJ_iso,3L

-#define SN_certicom_arc		"certicom-arc"

-#define NID_certicom_arc		677

-#define OBJ_certicom_arc		OBJ_identified_organization,132L

-#define SN_international_organizations		"international-organizations"

-#define LN_international_organizations		"International Organizations"

-#define NID_international_organizations		647

-#define OBJ_international_organizations		OBJ_joint_iso_itu_t,23L

-#define SN_wap		"wap"

-#define NID_wap		678

-#define OBJ_wap		OBJ_international_organizations,43L

-#define SN_wap_wsg		"wap-wsg"

-#define NID_wap_wsg		679

-#define OBJ_wap_wsg		OBJ_wap,13L

-#define SN_selected_attribute_types		"selected-attribute-types"

-#define LN_selected_attribute_types		"Selected Attribute Types"

-#define NID_selected_attribute_types		394

-#define OBJ_selected_attribute_types		OBJ_joint_iso_itu_t,5L,1L,5L

-#define SN_clearance		"clearance"

-#define NID_clearance		395

-#define OBJ_clearance		OBJ_selected_attribute_types,55L

-#define SN_ISO_US		"ISO-US"

-#define LN_ISO_US		"ISO US Member Body"

-#define NID_ISO_US		183

-#define OBJ_ISO_US		OBJ_member_body,840L

-#define SN_X9_57		"X9-57"

-#define LN_X9_57		"X9.57"

-#define NID_X9_57		184

-#define OBJ_X9_57		OBJ_ISO_US,10040L

-#define SN_X9cm		"X9cm"

-#define LN_X9cm		"X9.57 CM ?"

-#define NID_X9cm		185

-#define OBJ_X9cm		OBJ_X9_57,4L

-#define SN_dsa		"DSA"

-#define LN_dsa		"dsaEncryption"

-#define NID_dsa		116

-#define OBJ_dsa		OBJ_X9cm,1L

-#define SN_dsaWithSHA1		"DSA-SHA1"

-#define LN_dsaWithSHA1		"dsaWithSHA1"

-#define NID_dsaWithSHA1		113

-#define OBJ_dsaWithSHA1		OBJ_X9cm,3L

-#define SN_ansi_X9_62		"ansi-X9-62"

-#define LN_ansi_X9_62		"ANSI X9.62"

-#define NID_ansi_X9_62		405

-#define OBJ_ansi_X9_62		OBJ_ISO_US,10045L

-#define OBJ_X9_62_id_fieldType		OBJ_ansi_X9_62,1L

-#define SN_X9_62_prime_field		"prime-field"

-#define NID_X9_62_prime_field		406

-#define OBJ_X9_62_prime_field		OBJ_X9_62_id_fieldType,1L

-#define SN_X9_62_characteristic_two_field		"characteristic-two-field"

-#define NID_X9_62_characteristic_two_field		407

-#define OBJ_X9_62_characteristic_two_field		OBJ_X9_62_id_fieldType,2L

-#define SN_X9_62_id_characteristic_two_basis		"id-characteristic-two-basis"

-#define NID_X9_62_id_characteristic_two_basis		680

-#define OBJ_X9_62_id_characteristic_two_basis		OBJ_X9_62_characteristic_two_field,3L

-#define SN_X9_62_onBasis		"onBasis"

-#define NID_X9_62_onBasis		681

-#define OBJ_X9_62_onBasis		OBJ_X9_62_id_characteristic_two_basis,1L

-#define SN_X9_62_tpBasis		"tpBasis"

-#define NID_X9_62_tpBasis		682

-#define OBJ_X9_62_tpBasis		OBJ_X9_62_id_characteristic_two_basis,2L

-#define SN_X9_62_ppBasis		"ppBasis"

-#define NID_X9_62_ppBasis		683

-#define OBJ_X9_62_ppBasis		OBJ_X9_62_id_characteristic_two_basis,3L

-#define OBJ_X9_62_id_publicKeyType		OBJ_ansi_X9_62,2L

-#define SN_X9_62_id_ecPublicKey		"id-ecPublicKey"

-#define NID_X9_62_id_ecPublicKey		408

-#define OBJ_X9_62_id_ecPublicKey		OBJ_X9_62_id_publicKeyType,1L

-#define OBJ_X9_62_ellipticCurve		OBJ_ansi_X9_62,3L

-#define OBJ_X9_62_c_TwoCurve		OBJ_X9_62_ellipticCurve,0L

-#define SN_X9_62_c2pnb163v1		"c2pnb163v1"

-#define NID_X9_62_c2pnb163v1		684

-#define OBJ_X9_62_c2pnb163v1		OBJ_X9_62_c_TwoCurve,1L

-#define SN_X9_62_c2pnb163v2		"c2pnb163v2"

-#define NID_X9_62_c2pnb163v2		685

-#define OBJ_X9_62_c2pnb163v2		OBJ_X9_62_c_TwoCurve,2L

-#define SN_X9_62_c2pnb163v3		"c2pnb163v3"

-#define NID_X9_62_c2pnb163v3		686

-#define OBJ_X9_62_c2pnb163v3		OBJ_X9_62_c_TwoCurve,3L

-#define SN_X9_62_c2pnb176v1		"c2pnb176v1"

-#define NID_X9_62_c2pnb176v1		687

-#define OBJ_X9_62_c2pnb176v1		OBJ_X9_62_c_TwoCurve,4L

-#define SN_X9_62_c2tnb191v1		"c2tnb191v1"

-#define NID_X9_62_c2tnb191v1		688

-#define OBJ_X9_62_c2tnb191v1		OBJ_X9_62_c_TwoCurve,5L

-#define SN_X9_62_c2tnb191v2		"c2tnb191v2"

-#define NID_X9_62_c2tnb191v2		689

-#define OBJ_X9_62_c2tnb191v2		OBJ_X9_62_c_TwoCurve,6L

-#define SN_X9_62_c2tnb191v3		"c2tnb191v3"

-#define NID_X9_62_c2tnb191v3		690

-#define OBJ_X9_62_c2tnb191v3		OBJ_X9_62_c_TwoCurve,7L

-#define SN_X9_62_c2onb191v4		"c2onb191v4"

-#define NID_X9_62_c2onb191v4		691

-#define OBJ_X9_62_c2onb191v4		OBJ_X9_62_c_TwoCurve,8L

-#define SN_X9_62_c2onb191v5		"c2onb191v5"

-#define NID_X9_62_c2onb191v5		692

-#define OBJ_X9_62_c2onb191v5		OBJ_X9_62_c_TwoCurve,9L

-#define SN_X9_62_c2pnb208w1		"c2pnb208w1"

-#define NID_X9_62_c2pnb208w1		693

-#define OBJ_X9_62_c2pnb208w1		OBJ_X9_62_c_TwoCurve,10L

-#define SN_X9_62_c2tnb239v1		"c2tnb239v1"

-#define NID_X9_62_c2tnb239v1		694

-#define OBJ_X9_62_c2tnb239v1		OBJ_X9_62_c_TwoCurve,11L

-#define SN_X9_62_c2tnb239v2		"c2tnb239v2"

-#define NID_X9_62_c2tnb239v2		695

-#define OBJ_X9_62_c2tnb239v2		OBJ_X9_62_c_TwoCurve,12L

-#define SN_X9_62_c2tnb239v3		"c2tnb239v3"

-#define NID_X9_62_c2tnb239v3		696

-#define OBJ_X9_62_c2tnb239v3		OBJ_X9_62_c_TwoCurve,13L

-#define SN_X9_62_c2onb239v4		"c2onb239v4"

-#define NID_X9_62_c2onb239v4		697

-#define OBJ_X9_62_c2onb239v4		OBJ_X9_62_c_TwoCurve,14L

-#define SN_X9_62_c2onb239v5		"c2onb239v5"

-#define NID_X9_62_c2onb239v5		698

-#define OBJ_X9_62_c2onb239v5		OBJ_X9_62_c_TwoCurve,15L

-#define SN_X9_62_c2pnb272w1		"c2pnb272w1"

-#define NID_X9_62_c2pnb272w1		699

-#define OBJ_X9_62_c2pnb272w1		OBJ_X9_62_c_TwoCurve,16L

-#define SN_X9_62_c2pnb304w1		"c2pnb304w1"

-#define NID_X9_62_c2pnb304w1		700

-#define OBJ_X9_62_c2pnb304w1		OBJ_X9_62_c_TwoCurve,17L

-#define SN_X9_62_c2tnb359v1		"c2tnb359v1"

-#define NID_X9_62_c2tnb359v1		701

-#define OBJ_X9_62_c2tnb359v1		OBJ_X9_62_c_TwoCurve,18L

-#define SN_X9_62_c2pnb368w1		"c2pnb368w1"

-#define NID_X9_62_c2pnb368w1		702

-#define OBJ_X9_62_c2pnb368w1		OBJ_X9_62_c_TwoCurve,19L

-#define SN_X9_62_c2tnb431r1		"c2tnb431r1"

-#define NID_X9_62_c2tnb431r1		703

-#define OBJ_X9_62_c2tnb431r1		OBJ_X9_62_c_TwoCurve,20L

-#define OBJ_X9_62_primeCurve		OBJ_X9_62_ellipticCurve,1L

-#define SN_X9_62_prime192v1		"prime192v1"

-#define NID_X9_62_prime192v1		409

-#define OBJ_X9_62_prime192v1		OBJ_X9_62_primeCurve,1L

-#define SN_X9_62_prime192v2		"prime192v2"

-#define NID_X9_62_prime192v2		410

-#define OBJ_X9_62_prime192v2		OBJ_X9_62_primeCurve,2L

-#define SN_X9_62_prime192v3		"prime192v3"

-#define NID_X9_62_prime192v3		411

-#define OBJ_X9_62_prime192v3		OBJ_X9_62_primeCurve,3L

-#define SN_X9_62_prime239v1		"prime239v1"

-#define NID_X9_62_prime239v1		412

-#define OBJ_X9_62_prime239v1		OBJ_X9_62_primeCurve,4L

-#define SN_X9_62_prime239v2		"prime239v2"

-#define NID_X9_62_prime239v2		413

-#define OBJ_X9_62_prime239v2		OBJ_X9_62_primeCurve,5L

-#define SN_X9_62_prime239v3		"prime239v3"

-#define NID_X9_62_prime239v3		414

-#define OBJ_X9_62_prime239v3		OBJ_X9_62_primeCurve,6L

-#define SN_X9_62_prime256v1		"prime256v1"

-#define NID_X9_62_prime256v1		415

-#define OBJ_X9_62_prime256v1		OBJ_X9_62_primeCurve,7L

-#define OBJ_X9_62_id_ecSigType		OBJ_ansi_X9_62,4L

-#define SN_ecdsa_with_SHA1		"ecdsa-with-SHA1"

-#define NID_ecdsa_with_SHA1		416

-#define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L

-#define OBJ_secg_ellipticCurve		OBJ_certicom_arc,0L

-#define SN_secp112r1		"secp112r1"

-#define NID_secp112r1		704

-#define OBJ_secp112r1		OBJ_secg_ellipticCurve,6L

-#define SN_secp112r2		"secp112r2"

-#define NID_secp112r2		705

-#define OBJ_secp112r2		OBJ_secg_ellipticCurve,7L

-#define SN_secp128r1		"secp128r1"

-#define NID_secp128r1		706

-#define OBJ_secp128r1		OBJ_secg_ellipticCurve,28L

-#define SN_secp128r2		"secp128r2"

-#define NID_secp128r2		707

-#define OBJ_secp128r2		OBJ_secg_ellipticCurve,29L

-#define SN_secp160k1		"secp160k1"

-#define NID_secp160k1		708

-#define OBJ_secp160k1		OBJ_secg_ellipticCurve,9L

-#define SN_secp160r1		"secp160r1"

-#define NID_secp160r1		709

-#define OBJ_secp160r1		OBJ_secg_ellipticCurve,8L

-#define SN_secp160r2		"secp160r2"

-#define NID_secp160r2		710

-#define OBJ_secp160r2		OBJ_secg_ellipticCurve,30L

-#define SN_secp192k1		"secp192k1"

-#define NID_secp192k1		711

-#define OBJ_secp192k1		OBJ_secg_ellipticCurve,31L

-#define SN_secp224k1		"secp224k1"

-#define NID_secp224k1		712

-#define OBJ_secp224k1		OBJ_secg_ellipticCurve,32L

-#define SN_secp224r1		"secp224r1"

-#define NID_secp224r1		713

-#define OBJ_secp224r1		OBJ_secg_ellipticCurve,33L

-#define SN_secp256k1		"secp256k1"

-#define NID_secp256k1		714

-#define OBJ_secp256k1		OBJ_secg_ellipticCurve,10L

-#define SN_secp384r1		"secp384r1"

-#define NID_secp384r1		715

-#define OBJ_secp384r1		OBJ_secg_ellipticCurve,34L

-#define SN_secp521r1		"secp521r1"

-#define NID_secp521r1		716

-#define OBJ_secp521r1		OBJ_secg_ellipticCurve,35L

-#define SN_sect113r1		"sect113r1"

-#define NID_sect113r1		717

-#define OBJ_sect113r1		OBJ_secg_ellipticCurve,4L

-#define SN_sect113r2		"sect113r2"

-#define NID_sect113r2		718

-#define OBJ_sect113r2		OBJ_secg_ellipticCurve,5L

-#define SN_sect131r1		"sect131r1"

-#define NID_sect131r1		719

-#define OBJ_sect131r1		OBJ_secg_ellipticCurve,22L

-#define SN_sect131r2		"sect131r2"

-#define NID_sect131r2		720

-#define OBJ_sect131r2		OBJ_secg_ellipticCurve,23L

-#define SN_sect163k1		"sect163k1"

-#define NID_sect163k1		721

-#define OBJ_sect163k1		OBJ_secg_ellipticCurve,1L

-#define SN_sect163r1		"sect163r1"

-#define NID_sect163r1		722

-#define OBJ_sect163r1		OBJ_secg_ellipticCurve,2L

-#define SN_sect163r2		"sect163r2"

-#define NID_sect163r2		723

-#define OBJ_sect163r2		OBJ_secg_ellipticCurve,15L

-#define SN_sect193r1		"sect193r1"

-#define NID_sect193r1		724

-#define OBJ_sect193r1		OBJ_secg_ellipticCurve,24L

-#define SN_sect193r2		"sect193r2"

-#define NID_sect193r2		725

-#define OBJ_sect193r2		OBJ_secg_ellipticCurve,25L

-#define SN_sect233k1		"sect233k1"

-#define NID_sect233k1		726

-#define OBJ_sect233k1		OBJ_secg_ellipticCurve,26L

-#define SN_sect233r1		"sect233r1"

-#define NID_sect233r1		727

-#define OBJ_sect233r1		OBJ_secg_ellipticCurve,27L

-#define SN_sect239k1		"sect239k1"

-#define NID_sect239k1		728

-#define OBJ_sect239k1		OBJ_secg_ellipticCurve,3L

-#define SN_sect283k1		"sect283k1"

-#define NID_sect283k1		729

-#define OBJ_sect283k1		OBJ_secg_ellipticCurve,16L

-#define SN_sect283r1		"sect283r1"

-#define NID_sect283r1		730

-#define OBJ_sect283r1		OBJ_secg_ellipticCurve,17L

-#define SN_sect409k1		"sect409k1"

-#define NID_sect409k1		731

-#define OBJ_sect409k1		OBJ_secg_ellipticCurve,36L

-#define SN_sect409r1		"sect409r1"

-#define NID_sect409r1		732

-#define OBJ_sect409r1		OBJ_secg_ellipticCurve,37L

-#define SN_sect571k1		"sect571k1"

-#define NID_sect571k1		733

-#define OBJ_sect571k1		OBJ_secg_ellipticCurve,38L

-#define SN_sect571r1		"sect571r1"

-#define NID_sect571r1		734

-#define OBJ_sect571r1		OBJ_secg_ellipticCurve,39L

-#define OBJ_wap_wsg_idm_ecid		OBJ_wap_wsg,4L

-#define SN_wap_wsg_idm_ecid_wtls1		"wap-wsg-idm-ecid-wtls1"

-#define NID_wap_wsg_idm_ecid_wtls1		735

-#define OBJ_wap_wsg_idm_ecid_wtls1		OBJ_wap_wsg_idm_ecid,1L

-#define SN_wap_wsg_idm_ecid_wtls3		"wap-wsg-idm-ecid-wtls3"

-#define NID_wap_wsg_idm_ecid_wtls3		736

-#define OBJ_wap_wsg_idm_ecid_wtls3		OBJ_wap_wsg_idm_ecid,3L

-#define SN_wap_wsg_idm_ecid_wtls4		"wap-wsg-idm-ecid-wtls4"

-#define NID_wap_wsg_idm_ecid_wtls4		737

-#define OBJ_wap_wsg_idm_ecid_wtls4		OBJ_wap_wsg_idm_ecid,4L

-#define SN_wap_wsg_idm_ecid_wtls5		"wap-wsg-idm-ecid-wtls5"

-#define NID_wap_wsg_idm_ecid_wtls5		738

-#define OBJ_wap_wsg_idm_ecid_wtls5		OBJ_wap_wsg_idm_ecid,5L

-#define SN_wap_wsg_idm_ecid_wtls6		"wap-wsg-idm-ecid-wtls6"

-#define NID_wap_wsg_idm_ecid_wtls6		739

-#define OBJ_wap_wsg_idm_ecid_wtls6		OBJ_wap_wsg_idm_ecid,6L

-#define SN_wap_wsg_idm_ecid_wtls7		"wap-wsg-idm-ecid-wtls7"

-#define NID_wap_wsg_idm_ecid_wtls7		740

-#define OBJ_wap_wsg_idm_ecid_wtls7		OBJ_wap_wsg_idm_ecid,7L

-#define SN_wap_wsg_idm_ecid_wtls8		"wap-wsg-idm-ecid-wtls8"

-#define NID_wap_wsg_idm_ecid_wtls8		741

-#define OBJ_wap_wsg_idm_ecid_wtls8		OBJ_wap_wsg_idm_ecid,8L

-#define SN_wap_wsg_idm_ecid_wtls9		"wap-wsg-idm-ecid-wtls9"

-#define NID_wap_wsg_idm_ecid_wtls9		742

-#define OBJ_wap_wsg_idm_ecid_wtls9		OBJ_wap_wsg_idm_ecid,9L

-#define SN_wap_wsg_idm_ecid_wtls10		"wap-wsg-idm-ecid-wtls10"

-#define NID_wap_wsg_idm_ecid_wtls10		743

-#define OBJ_wap_wsg_idm_ecid_wtls10		OBJ_wap_wsg_idm_ecid,10L

-#define SN_wap_wsg_idm_ecid_wtls11		"wap-wsg-idm-ecid-wtls11"

-#define NID_wap_wsg_idm_ecid_wtls11		744

-#define OBJ_wap_wsg_idm_ecid_wtls11		OBJ_wap_wsg_idm_ecid,11L

-#define SN_wap_wsg_idm_ecid_wtls12		"wap-wsg-idm-ecid-wtls12"

-#define NID_wap_wsg_idm_ecid_wtls12		745

-#define OBJ_wap_wsg_idm_ecid_wtls12		OBJ_wap_wsg_idm_ecid,12L

-#define SN_cast5_cbc		"CAST5-CBC"

-#define LN_cast5_cbc		"cast5-cbc"

-#define NID_cast5_cbc		108

-#define OBJ_cast5_cbc		OBJ_ISO_US,113533L,7L,66L,10L

-#define SN_cast5_ecb		"CAST5-ECB"

-#define LN_cast5_ecb		"cast5-ecb"

-#define NID_cast5_ecb		109

-#define SN_cast5_cfb64		"CAST5-CFB"

-#define LN_cast5_cfb64		"cast5-cfb"

-#define NID_cast5_cfb64		110

-#define SN_cast5_ofb64		"CAST5-OFB"

-#define LN_cast5_ofb64		"cast5-ofb"

-#define NID_cast5_ofb64		111

-#define LN_pbeWithMD5AndCast5_CBC		"pbeWithMD5AndCast5CBC"

-#define NID_pbeWithMD5AndCast5_CBC		112

-#define OBJ_pbeWithMD5AndCast5_CBC		OBJ_ISO_US,113533L,7L,66L,12L

-#define SN_rsadsi		"rsadsi"

-#define LN_rsadsi		"RSA Data Security, Inc."

-#define NID_rsadsi		1

-#define OBJ_rsadsi		OBJ_ISO_US,113549L

-#define SN_pkcs		"pkcs"

-#define LN_pkcs		"RSA Data Security, Inc. PKCS"

-#define NID_pkcs		2

-#define OBJ_pkcs		OBJ_rsadsi,1L

-#define SN_pkcs1		"pkcs1"

-#define NID_pkcs1		186

-#define OBJ_pkcs1		OBJ_pkcs,1L

-#define LN_rsaEncryption		"rsaEncryption"

-#define NID_rsaEncryption		6

-#define OBJ_rsaEncryption		OBJ_pkcs1,1L

-#define SN_md2WithRSAEncryption		"RSA-MD2"

-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"

-#define NID_md2WithRSAEncryption		7

-#define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L

-#define SN_md4WithRSAEncryption		"RSA-MD4"

-#define LN_md4WithRSAEncryption		"md4WithRSAEncryption"

-#define NID_md4WithRSAEncryption		396

-#define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L

-#define SN_md5WithRSAEncryption		"RSA-MD5"

-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"

-#define NID_md5WithRSAEncryption		8

-#define OBJ_md5WithRSAEncryption		OBJ_pkcs1,4L

-#define SN_sha1WithRSAEncryption		"RSA-SHA1"

-#define LN_sha1WithRSAEncryption		"sha1WithRSAEncryption"

-#define NID_sha1WithRSAEncryption		65

-#define OBJ_sha1WithRSAEncryption		OBJ_pkcs1,5L

-#define SN_sha256WithRSAEncryption		"RSA-SHA256"

-#define LN_sha256WithRSAEncryption		"sha256WithRSAEncryption"

-#define NID_sha256WithRSAEncryption		668

-#define OBJ_sha256WithRSAEncryption		OBJ_pkcs1,11L

-#define SN_sha384WithRSAEncryption		"RSA-SHA384"

-#define LN_sha384WithRSAEncryption		"sha384WithRSAEncryption"

-#define NID_sha384WithRSAEncryption		669

-#define OBJ_sha384WithRSAEncryption		OBJ_pkcs1,12L

-#define SN_sha512WithRSAEncryption		"RSA-SHA512"

-#define LN_sha512WithRSAEncryption		"sha512WithRSAEncryption"

-#define NID_sha512WithRSAEncryption		670

-#define OBJ_sha512WithRSAEncryption		OBJ_pkcs1,13L

-#define SN_sha224WithRSAEncryption		"RSA-SHA224"

-#define LN_sha224WithRSAEncryption		"sha224WithRSAEncryption"

-#define NID_sha224WithRSAEncryption		671

-#define OBJ_sha224WithRSAEncryption		OBJ_pkcs1,14L

-#define SN_pkcs3		"pkcs3"

-#define NID_pkcs3		27

-#define OBJ_pkcs3		OBJ_pkcs,3L

-#define LN_dhKeyAgreement		"dhKeyAgreement"

-#define NID_dhKeyAgreement		28

-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L

-#define SN_pkcs5		"pkcs5"

-#define NID_pkcs5		187

-#define OBJ_pkcs5		OBJ_pkcs,5L

-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"

-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"

-#define NID_pbeWithMD2AndDES_CBC		9

-#define OBJ_pbeWithMD2AndDES_CBC		OBJ_pkcs5,1L

-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"

-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"

-#define NID_pbeWithMD5AndDES_CBC		10

-#define OBJ_pbeWithMD5AndDES_CBC		OBJ_pkcs5,3L

-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"

-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"

-#define NID_pbeWithMD2AndRC2_CBC		168

-#define OBJ_pbeWithMD2AndRC2_CBC		OBJ_pkcs5,4L

-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"

-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"

-#define NID_pbeWithMD5AndRC2_CBC		169

-#define OBJ_pbeWithMD5AndRC2_CBC		OBJ_pkcs5,6L

-#define SN_pbeWithSHA1AndDES_CBC		"PBE-SHA1-DES"

-#define LN_pbeWithSHA1AndDES_CBC		"pbeWithSHA1AndDES-CBC"

-#define NID_pbeWithSHA1AndDES_CBC		170

-#define OBJ_pbeWithSHA1AndDES_CBC		OBJ_pkcs5,10L

-#define SN_pbeWithSHA1AndRC2_CBC		"PBE-SHA1-RC2-64"

-#define LN_pbeWithSHA1AndRC2_CBC		"pbeWithSHA1AndRC2-CBC"

-#define NID_pbeWithSHA1AndRC2_CBC		68

-#define OBJ_pbeWithSHA1AndRC2_CBC		OBJ_pkcs5,11L

-#define LN_id_pbkdf2		"PBKDF2"

-#define NID_id_pbkdf2		69

-#define OBJ_id_pbkdf2		OBJ_pkcs5,12L

-#define LN_pbes2		"PBES2"

-#define NID_pbes2		161

-#define OBJ_pbes2		OBJ_pkcs5,13L

-#define LN_pbmac1		"PBMAC1"

-#define NID_pbmac1		162

-#define OBJ_pbmac1		OBJ_pkcs5,14L

-#define SN_pkcs7		"pkcs7"

-#define NID_pkcs7		20

-#define OBJ_pkcs7		OBJ_pkcs,7L

-#define LN_pkcs7_data		"pkcs7-data"

-#define NID_pkcs7_data		21

-#define OBJ_pkcs7_data		OBJ_pkcs7,1L

-#define LN_pkcs7_signed		"pkcs7-signedData"

-#define NID_pkcs7_signed		22

-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L

-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"

-#define NID_pkcs7_enveloped		23

-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L

-#define LN_pkcs7_signedAndEnveloped		"pkcs7-signedAndEnvelopedData"

-#define NID_pkcs7_signedAndEnveloped		24

-#define OBJ_pkcs7_signedAndEnveloped		OBJ_pkcs7,4L

-#define LN_pkcs7_digest		"pkcs7-digestData"

-#define NID_pkcs7_digest		25

-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L

-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"

-#define NID_pkcs7_encrypted		26

-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L

-#define SN_pkcs9		"pkcs9"

-#define NID_pkcs9		47

-#define OBJ_pkcs9		OBJ_pkcs,9L

-#define LN_pkcs9_emailAddress		"emailAddress"

-#define NID_pkcs9_emailAddress		48

-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L

-#define LN_pkcs9_unstructuredName		"unstructuredName"

-#define NID_pkcs9_unstructuredName		49

-#define OBJ_pkcs9_unstructuredName		OBJ_pkcs9,2L

-#define LN_pkcs9_contentType		"contentType"

-#define NID_pkcs9_contentType		50

-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L

-#define LN_pkcs9_messageDigest		"messageDigest"

-#define NID_pkcs9_messageDigest		51

-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L

-#define LN_pkcs9_signingTime		"signingTime"

-#define NID_pkcs9_signingTime		52

-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L

-#define LN_pkcs9_countersignature		"countersignature"

-#define NID_pkcs9_countersignature		53

-#define OBJ_pkcs9_countersignature		OBJ_pkcs9,6L

-#define LN_pkcs9_challengePassword		"challengePassword"

-#define NID_pkcs9_challengePassword		54

-#define OBJ_pkcs9_challengePassword		OBJ_pkcs9,7L

-#define LN_pkcs9_unstructuredAddress		"unstructuredAddress"

-#define NID_pkcs9_unstructuredAddress		55

-#define OBJ_pkcs9_unstructuredAddress		OBJ_pkcs9,8L

-#define LN_pkcs9_extCertAttributes		"extendedCertificateAttributes"

-#define NID_pkcs9_extCertAttributes		56

-#define OBJ_pkcs9_extCertAttributes		OBJ_pkcs9,9L

-#define SN_ext_req		"extReq"

-#define LN_ext_req		"Extension Request"

-#define NID_ext_req		172

-#define OBJ_ext_req		OBJ_pkcs9,14L

-#define SN_SMIMECapabilities		"SMIME-CAPS"

-#define LN_SMIMECapabilities		"S/MIME Capabilities"

-#define NID_SMIMECapabilities		167

-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L

-#define SN_SMIME		"SMIME"

-#define LN_SMIME		"S/MIME"

-#define NID_SMIME		188

-#define OBJ_SMIME		OBJ_pkcs9,16L

-#define SN_id_smime_mod		"id-smime-mod"

-#define NID_id_smime_mod		189

-#define OBJ_id_smime_mod		OBJ_SMIME,0L

-#define SN_id_smime_ct		"id-smime-ct"

-#define NID_id_smime_ct		190

-#define OBJ_id_smime_ct		OBJ_SMIME,1L

-#define SN_id_smime_aa		"id-smime-aa"

-#define NID_id_smime_aa		191

-#define OBJ_id_smime_aa		OBJ_SMIME,2L

-#define SN_id_smime_alg		"id-smime-alg"

-#define NID_id_smime_alg		192

-#define OBJ_id_smime_alg		OBJ_SMIME,3L

-#define SN_id_smime_cd		"id-smime-cd"

-#define NID_id_smime_cd		193

-#define OBJ_id_smime_cd		OBJ_SMIME,4L

-#define SN_id_smime_spq		"id-smime-spq"

-#define NID_id_smime_spq		194

-#define OBJ_id_smime_spq		OBJ_SMIME,5L

-#define SN_id_smime_cti		"id-smime-cti"

-#define NID_id_smime_cti		195

-#define OBJ_id_smime_cti		OBJ_SMIME,6L

-#define SN_id_smime_mod_cms		"id-smime-mod-cms"

-#define NID_id_smime_mod_cms		196

-#define OBJ_id_smime_mod_cms		OBJ_id_smime_mod,1L

-#define SN_id_smime_mod_ess		"id-smime-mod-ess"

-#define NID_id_smime_mod_ess		197

-#define OBJ_id_smime_mod_ess		OBJ_id_smime_mod,2L

-#define SN_id_smime_mod_oid		"id-smime-mod-oid"

-#define NID_id_smime_mod_oid		198

-#define OBJ_id_smime_mod_oid		OBJ_id_smime_mod,3L

-#define SN_id_smime_mod_msg_v3		"id-smime-mod-msg-v3"

-#define NID_id_smime_mod_msg_v3		199

-#define OBJ_id_smime_mod_msg_v3		OBJ_id_smime_mod,4L

-#define SN_id_smime_mod_ets_eSignature_88		"id-smime-mod-ets-eSignature-88"

-#define NID_id_smime_mod_ets_eSignature_88		200

-#define OBJ_id_smime_mod_ets_eSignature_88		OBJ_id_smime_mod,5L

-#define SN_id_smime_mod_ets_eSignature_97		"id-smime-mod-ets-eSignature-97"

-#define NID_id_smime_mod_ets_eSignature_97		201

-#define OBJ_id_smime_mod_ets_eSignature_97		OBJ_id_smime_mod,6L

-#define SN_id_smime_mod_ets_eSigPolicy_88		"id-smime-mod-ets-eSigPolicy-88"

-#define NID_id_smime_mod_ets_eSigPolicy_88		202

-#define OBJ_id_smime_mod_ets_eSigPolicy_88		OBJ_id_smime_mod,7L

-#define SN_id_smime_mod_ets_eSigPolicy_97		"id-smime-mod-ets-eSigPolicy-97"

-#define NID_id_smime_mod_ets_eSigPolicy_97		203

-#define OBJ_id_smime_mod_ets_eSigPolicy_97		OBJ_id_smime_mod,8L

-#define SN_id_smime_ct_receipt		"id-smime-ct-receipt"

-#define NID_id_smime_ct_receipt		204

-#define OBJ_id_smime_ct_receipt		OBJ_id_smime_ct,1L

-#define SN_id_smime_ct_authData		"id-smime-ct-authData"

-#define NID_id_smime_ct_authData		205

-#define OBJ_id_smime_ct_authData		OBJ_id_smime_ct,2L

-#define SN_id_smime_ct_publishCert		"id-smime-ct-publishCert"

-#define NID_id_smime_ct_publishCert		206

-#define OBJ_id_smime_ct_publishCert		OBJ_id_smime_ct,3L

-#define SN_id_smime_ct_TSTInfo		"id-smime-ct-TSTInfo"

-#define NID_id_smime_ct_TSTInfo		207

-#define OBJ_id_smime_ct_TSTInfo		OBJ_id_smime_ct,4L

-#define SN_id_smime_ct_TDTInfo		"id-smime-ct-TDTInfo"

-#define NID_id_smime_ct_TDTInfo		208

-#define OBJ_id_smime_ct_TDTInfo		OBJ_id_smime_ct,5L

-#define SN_id_smime_ct_contentInfo		"id-smime-ct-contentInfo"

-#define NID_id_smime_ct_contentInfo		209

-#define OBJ_id_smime_ct_contentInfo		OBJ_id_smime_ct,6L

-#define SN_id_smime_ct_DVCSRequestData		"id-smime-ct-DVCSRequestData"

-#define NID_id_smime_ct_DVCSRequestData		210

-#define OBJ_id_smime_ct_DVCSRequestData		OBJ_id_smime_ct,7L

-#define SN_id_smime_ct_DVCSResponseData		"id-smime-ct-DVCSResponseData"

-#define NID_id_smime_ct_DVCSResponseData		211

-#define OBJ_id_smime_ct_DVCSResponseData		OBJ_id_smime_ct,8L

-#define SN_id_smime_aa_receiptRequest		"id-smime-aa-receiptRequest"

-#define NID_id_smime_aa_receiptRequest		212

-#define OBJ_id_smime_aa_receiptRequest		OBJ_id_smime_aa,1L

-#define SN_id_smime_aa_securityLabel		"id-smime-aa-securityLabel"

-#define NID_id_smime_aa_securityLabel		213

-#define OBJ_id_smime_aa_securityLabel		OBJ_id_smime_aa,2L

-#define SN_id_smime_aa_mlExpandHistory		"id-smime-aa-mlExpandHistory"

-#define NID_id_smime_aa_mlExpandHistory		214

-#define OBJ_id_smime_aa_mlExpandHistory		OBJ_id_smime_aa,3L

-#define SN_id_smime_aa_contentHint		"id-smime-aa-contentHint"

-#define NID_id_smime_aa_contentHint		215

-#define OBJ_id_smime_aa_contentHint		OBJ_id_smime_aa,4L

-#define SN_id_smime_aa_msgSigDigest		"id-smime-aa-msgSigDigest"

-#define NID_id_smime_aa_msgSigDigest		216

-#define OBJ_id_smime_aa_msgSigDigest		OBJ_id_smime_aa,5L

-#define SN_id_smime_aa_encapContentType		"id-smime-aa-encapContentType"

-#define NID_id_smime_aa_encapContentType		217

-#define OBJ_id_smime_aa_encapContentType		OBJ_id_smime_aa,6L

-#define SN_id_smime_aa_contentIdentifier		"id-smime-aa-contentIdentifier"

-#define NID_id_smime_aa_contentIdentifier		218

-#define OBJ_id_smime_aa_contentIdentifier		OBJ_id_smime_aa,7L

-#define SN_id_smime_aa_macValue		"id-smime-aa-macValue"

-#define NID_id_smime_aa_macValue		219

-#define OBJ_id_smime_aa_macValue		OBJ_id_smime_aa,8L

-#define SN_id_smime_aa_equivalentLabels		"id-smime-aa-equivalentLabels"

-#define NID_id_smime_aa_equivalentLabels		220

-#define OBJ_id_smime_aa_equivalentLabels		OBJ_id_smime_aa,9L

-#define SN_id_smime_aa_contentReference		"id-smime-aa-contentReference"

-#define NID_id_smime_aa_contentReference		221

-#define OBJ_id_smime_aa_contentReference		OBJ_id_smime_aa,10L

-#define SN_id_smime_aa_encrypKeyPref		"id-smime-aa-encrypKeyPref"

-#define NID_id_smime_aa_encrypKeyPref		222

-#define OBJ_id_smime_aa_encrypKeyPref		OBJ_id_smime_aa,11L

-#define SN_id_smime_aa_signingCertificate		"id-smime-aa-signingCertificate"

-#define NID_id_smime_aa_signingCertificate		223

-#define OBJ_id_smime_aa_signingCertificate		OBJ_id_smime_aa,12L

-#define SN_id_smime_aa_smimeEncryptCerts		"id-smime-aa-smimeEncryptCerts"

-#define NID_id_smime_aa_smimeEncryptCerts		224

-#define OBJ_id_smime_aa_smimeEncryptCerts		OBJ_id_smime_aa,13L

-#define SN_id_smime_aa_timeStampToken		"id-smime-aa-timeStampToken"

-#define NID_id_smime_aa_timeStampToken		225

-#define OBJ_id_smime_aa_timeStampToken		OBJ_id_smime_aa,14L

-#define SN_id_smime_aa_ets_sigPolicyId		"id-smime-aa-ets-sigPolicyId"

-#define NID_id_smime_aa_ets_sigPolicyId		226

-#define OBJ_id_smime_aa_ets_sigPolicyId		OBJ_id_smime_aa,15L

-#define SN_id_smime_aa_ets_commitmentType		"id-smime-aa-ets-commitmentType"

-#define NID_id_smime_aa_ets_commitmentType		227

-#define OBJ_id_smime_aa_ets_commitmentType		OBJ_id_smime_aa,16L

-#define SN_id_smime_aa_ets_signerLocation		"id-smime-aa-ets-signerLocation"

-#define NID_id_smime_aa_ets_signerLocation		228

-#define OBJ_id_smime_aa_ets_signerLocation		OBJ_id_smime_aa,17L

-#define SN_id_smime_aa_ets_signerAttr		"id-smime-aa-ets-signerAttr"

-#define NID_id_smime_aa_ets_signerAttr		229

-#define OBJ_id_smime_aa_ets_signerAttr		OBJ_id_smime_aa,18L

-#define SN_id_smime_aa_ets_otherSigCert		"id-smime-aa-ets-otherSigCert"

-#define NID_id_smime_aa_ets_otherSigCert		230

-#define OBJ_id_smime_aa_ets_otherSigCert		OBJ_id_smime_aa,19L

-#define SN_id_smime_aa_ets_contentTimestamp		"id-smime-aa-ets-contentTimestamp"

-#define NID_id_smime_aa_ets_contentTimestamp		231

-#define OBJ_id_smime_aa_ets_contentTimestamp		OBJ_id_smime_aa,20L

-#define SN_id_smime_aa_ets_CertificateRefs		"id-smime-aa-ets-CertificateRefs"

-#define NID_id_smime_aa_ets_CertificateRefs		232

-#define OBJ_id_smime_aa_ets_CertificateRefs		OBJ_id_smime_aa,21L

-#define SN_id_smime_aa_ets_RevocationRefs		"id-smime-aa-ets-RevocationRefs"

-#define NID_id_smime_aa_ets_RevocationRefs		233

-#define OBJ_id_smime_aa_ets_RevocationRefs		OBJ_id_smime_aa,22L

-#define SN_id_smime_aa_ets_certValues		"id-smime-aa-ets-certValues"

-#define NID_id_smime_aa_ets_certValues		234

-#define OBJ_id_smime_aa_ets_certValues		OBJ_id_smime_aa,23L

-#define SN_id_smime_aa_ets_revocationValues		"id-smime-aa-ets-revocationValues"

-#define NID_id_smime_aa_ets_revocationValues		235

-#define OBJ_id_smime_aa_ets_revocationValues		OBJ_id_smime_aa,24L

-#define SN_id_smime_aa_ets_escTimeStamp		"id-smime-aa-ets-escTimeStamp"

-#define NID_id_smime_aa_ets_escTimeStamp		236

-#define OBJ_id_smime_aa_ets_escTimeStamp		OBJ_id_smime_aa,25L

-#define SN_id_smime_aa_ets_certCRLTimestamp		"id-smime-aa-ets-certCRLTimestamp"

-#define NID_id_smime_aa_ets_certCRLTimestamp		237

-#define OBJ_id_smime_aa_ets_certCRLTimestamp		OBJ_id_smime_aa,26L

-#define SN_id_smime_aa_ets_archiveTimeStamp		"id-smime-aa-ets-archiveTimeStamp"

-#define NID_id_smime_aa_ets_archiveTimeStamp		238

-#define OBJ_id_smime_aa_ets_archiveTimeStamp		OBJ_id_smime_aa,27L

-#define SN_id_smime_aa_signatureType		"id-smime-aa-signatureType"

-#define NID_id_smime_aa_signatureType		239

-#define OBJ_id_smime_aa_signatureType		OBJ_id_smime_aa,28L

-#define SN_id_smime_aa_dvcs_dvc		"id-smime-aa-dvcs-dvc"

-#define NID_id_smime_aa_dvcs_dvc		240

-#define OBJ_id_smime_aa_dvcs_dvc		OBJ_id_smime_aa,29L

-#define SN_id_smime_alg_ESDHwith3DES		"id-smime-alg-ESDHwith3DES"

-#define NID_id_smime_alg_ESDHwith3DES		241

-#define OBJ_id_smime_alg_ESDHwith3DES		OBJ_id_smime_alg,1L

-#define SN_id_smime_alg_ESDHwithRC2		"id-smime-alg-ESDHwithRC2"

-#define NID_id_smime_alg_ESDHwithRC2		242

-#define OBJ_id_smime_alg_ESDHwithRC2		OBJ_id_smime_alg,2L

-#define SN_id_smime_alg_3DESwrap		"id-smime-alg-3DESwrap"

-#define NID_id_smime_alg_3DESwrap		243

-#define OBJ_id_smime_alg_3DESwrap		OBJ_id_smime_alg,3L

-#define SN_id_smime_alg_RC2wrap		"id-smime-alg-RC2wrap"

-#define NID_id_smime_alg_RC2wrap		244

-#define OBJ_id_smime_alg_RC2wrap		OBJ_id_smime_alg,4L

-#define SN_id_smime_alg_ESDH		"id-smime-alg-ESDH"

-#define NID_id_smime_alg_ESDH		245

-#define OBJ_id_smime_alg_ESDH		OBJ_id_smime_alg,5L

-#define SN_id_smime_alg_CMS3DESwrap		"id-smime-alg-CMS3DESwrap"

-#define NID_id_smime_alg_CMS3DESwrap		246

-#define OBJ_id_smime_alg_CMS3DESwrap		OBJ_id_smime_alg,6L

-#define SN_id_smime_alg_CMSRC2wrap		"id-smime-alg-CMSRC2wrap"

-#define NID_id_smime_alg_CMSRC2wrap		247

-#define OBJ_id_smime_alg_CMSRC2wrap		OBJ_id_smime_alg,7L

-#define SN_id_smime_cd_ldap		"id-smime-cd-ldap"

-#define NID_id_smime_cd_ldap		248

-#define OBJ_id_smime_cd_ldap		OBJ_id_smime_cd,1L

-#define SN_id_smime_spq_ets_sqt_uri		"id-smime-spq-ets-sqt-uri"

-#define NID_id_smime_spq_ets_sqt_uri		249

-#define OBJ_id_smime_spq_ets_sqt_uri		OBJ_id_smime_spq,1L

-#define SN_id_smime_spq_ets_sqt_unotice		"id-smime-spq-ets-sqt-unotice"

-#define NID_id_smime_spq_ets_sqt_unotice		250

-#define OBJ_id_smime_spq_ets_sqt_unotice		OBJ_id_smime_spq,2L

-#define SN_id_smime_cti_ets_proofOfOrigin		"id-smime-cti-ets-proofOfOrigin"

-#define NID_id_smime_cti_ets_proofOfOrigin		251

-#define OBJ_id_smime_cti_ets_proofOfOrigin		OBJ_id_smime_cti,1L

-#define SN_id_smime_cti_ets_proofOfReceipt		"id-smime-cti-ets-proofOfReceipt"

-#define NID_id_smime_cti_ets_proofOfReceipt		252

-#define OBJ_id_smime_cti_ets_proofOfReceipt		OBJ_id_smime_cti,2L

-#define SN_id_smime_cti_ets_proofOfDelivery		"id-smime-cti-ets-proofOfDelivery"

-#define NID_id_smime_cti_ets_proofOfDelivery		253

-#define OBJ_id_smime_cti_ets_proofOfDelivery		OBJ_id_smime_cti,3L

-#define SN_id_smime_cti_ets_proofOfSender		"id-smime-cti-ets-proofOfSender"

-#define NID_id_smime_cti_ets_proofOfSender		254

-#define OBJ_id_smime_cti_ets_proofOfSender		OBJ_id_smime_cti,4L

-#define SN_id_smime_cti_ets_proofOfApproval		"id-smime-cti-ets-proofOfApproval"

-#define NID_id_smime_cti_ets_proofOfApproval		255

-#define OBJ_id_smime_cti_ets_proofOfApproval		OBJ_id_smime_cti,5L

-#define SN_id_smime_cti_ets_proofOfCreation		"id-smime-cti-ets-proofOfCreation"

-#define NID_id_smime_cti_ets_proofOfCreation		256

-#define OBJ_id_smime_cti_ets_proofOfCreation		OBJ_id_smime_cti,6L

-#define LN_friendlyName		"friendlyName"

-#define NID_friendlyName		156

-#define OBJ_friendlyName		OBJ_pkcs9,20L

-#define LN_localKeyID		"localKeyID"

-#define NID_localKeyID		157

-#define OBJ_localKeyID		OBJ_pkcs9,21L

-#define SN_ms_csp_name		"CSPName"

-#define LN_ms_csp_name		"Microsoft CSP Name"

-#define NID_ms_csp_name		417

-#define OBJ_ms_csp_name		1L,3L,6L,1L,4L,1L,311L,17L,1L

-#define OBJ_certTypes		OBJ_pkcs9,22L

-#define LN_x509Certificate		"x509Certificate"

-#define NID_x509Certificate		158

-#define OBJ_x509Certificate		OBJ_certTypes,1L

-#define LN_sdsiCertificate		"sdsiCertificate"

-#define NID_sdsiCertificate		159

-#define OBJ_sdsiCertificate		OBJ_certTypes,2L

-#define OBJ_crlTypes		OBJ_pkcs9,23L

-#define LN_x509Crl		"x509Crl"

-#define NID_x509Crl		160

-#define OBJ_x509Crl		OBJ_crlTypes,1L

-#define OBJ_pkcs12		OBJ_pkcs,12L

-#define OBJ_pkcs12_pbeids		OBJ_pkcs12,1L

-#define SN_pbe_WithSHA1And128BitRC4		"PBE-SHA1-RC4-128"

-#define LN_pbe_WithSHA1And128BitRC4		"pbeWithSHA1And128BitRC4"

-#define NID_pbe_WithSHA1And128BitRC4		144

-#define OBJ_pbe_WithSHA1And128BitRC4		OBJ_pkcs12_pbeids,1L

-#define SN_pbe_WithSHA1And40BitRC4		"PBE-SHA1-RC4-40"

-#define LN_pbe_WithSHA1And40BitRC4		"pbeWithSHA1And40BitRC4"

-#define NID_pbe_WithSHA1And40BitRC4		145

-#define OBJ_pbe_WithSHA1And40BitRC4		OBJ_pkcs12_pbeids,2L

-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC		"PBE-SHA1-3DES"

-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC		"pbeWithSHA1And3-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC		146

-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,3L

-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC		"PBE-SHA1-2DES"

-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC		"pbeWithSHA1And2-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC		147

-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,4L

-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"

-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"

-#define NID_pbe_WithSHA1And128BitRC2_CBC		148

-#define OBJ_pbe_WithSHA1And128BitRC2_CBC		OBJ_pkcs12_pbeids,5L

-#define SN_pbe_WithSHA1And40BitRC2_CBC		"PBE-SHA1-RC2-40"

-#define LN_pbe_WithSHA1And40BitRC2_CBC		"pbeWithSHA1And40BitRC2-CBC"

-#define NID_pbe_WithSHA1And40BitRC2_CBC		149

-#define OBJ_pbe_WithSHA1And40BitRC2_CBC		OBJ_pkcs12_pbeids,6L

-#define OBJ_pkcs12_Version1		OBJ_pkcs12,10L

-#define OBJ_pkcs12_BagIds		OBJ_pkcs12_Version1,1L

-#define LN_keyBag		"keyBag"

-#define NID_keyBag		150

-#define OBJ_keyBag		OBJ_pkcs12_BagIds,1L

-#define LN_pkcs8ShroudedKeyBag		"pkcs8ShroudedKeyBag"

-#define NID_pkcs8ShroudedKeyBag		151

-#define OBJ_pkcs8ShroudedKeyBag		OBJ_pkcs12_BagIds,2L

-#define LN_certBag		"certBag"

-#define NID_certBag		152

-#define OBJ_certBag		OBJ_pkcs12_BagIds,3L

-#define LN_crlBag		"crlBag"

-#define NID_crlBag		153

-#define OBJ_crlBag		OBJ_pkcs12_BagIds,4L

-#define LN_secretBag		"secretBag"

-#define NID_secretBag		154

-#define OBJ_secretBag		OBJ_pkcs12_BagIds,5L

-#define LN_safeContentsBag		"safeContentsBag"

-#define NID_safeContentsBag		155

-#define OBJ_safeContentsBag		OBJ_pkcs12_BagIds,6L

-#define SN_md2		"MD2"

-#define LN_md2		"md2"

-#define NID_md2		3

-#define OBJ_md2		OBJ_rsadsi,2L,2L

-#define SN_md4		"MD4"

-#define LN_md4		"md4"

-#define NID_md4		257

-#define OBJ_md4		OBJ_rsadsi,2L,4L

-#define SN_md5		"MD5"

-#define LN_md5		"md5"

-#define NID_md5		4

-#define OBJ_md5		OBJ_rsadsi,2L,5L

-#define SN_md5_sha1		"MD5-SHA1"

-#define LN_md5_sha1		"md5-sha1"

-#define NID_md5_sha1		114

-#define LN_hmacWithSHA1		"hmacWithSHA1"

-#define NID_hmacWithSHA1		163

-#define OBJ_hmacWithSHA1		OBJ_rsadsi,2L,7L

-#define SN_rc2_cbc		"RC2-CBC"

-#define LN_rc2_cbc		"rc2-cbc"

-#define NID_rc2_cbc		37

-#define OBJ_rc2_cbc		OBJ_rsadsi,3L,2L

-#define SN_rc2_ecb		"RC2-ECB"

-#define LN_rc2_ecb		"rc2-ecb"

-#define NID_rc2_ecb		38

-#define SN_rc2_cfb64		"RC2-CFB"

-#define LN_rc2_cfb64		"rc2-cfb"

-#define NID_rc2_cfb64		39

-#define SN_rc2_ofb64		"RC2-OFB"

-#define LN_rc2_ofb64		"rc2-ofb"

-#define NID_rc2_ofb64		40

-#define SN_rc2_40_cbc		"RC2-40-CBC"

-#define LN_rc2_40_cbc		"rc2-40-cbc"

-#define NID_rc2_40_cbc		98

-#define SN_rc2_64_cbc		"RC2-64-CBC"

-#define LN_rc2_64_cbc		"rc2-64-cbc"

-#define NID_rc2_64_cbc		166

-#define SN_rc4		"RC4"

-#define LN_rc4		"rc4"

-#define NID_rc4		5

-#define OBJ_rc4		OBJ_rsadsi,3L,4L

-#define SN_rc4_40		"RC4-40"

-#define LN_rc4_40		"rc4-40"

-#define NID_rc4_40		97

-#define SN_des_ede3_cbc		"DES-EDE3-CBC"

-#define LN_des_ede3_cbc		"des-ede3-cbc"

-#define NID_des_ede3_cbc		44

-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L

-#define SN_rc5_cbc		"RC5-CBC"

-#define LN_rc5_cbc		"rc5-cbc"

-#define NID_rc5_cbc		120

-#define OBJ_rc5_cbc		OBJ_rsadsi,3L,8L

-#define SN_rc5_ecb		"RC5-ECB"

-#define LN_rc5_ecb		"rc5-ecb"

-#define NID_rc5_ecb		121

-#define SN_rc5_cfb64		"RC5-CFB"

-#define LN_rc5_cfb64		"rc5-cfb"

-#define NID_rc5_cfb64		122

-#define SN_rc5_ofb64		"RC5-OFB"

-#define LN_rc5_ofb64		"rc5-ofb"

-#define NID_rc5_ofb64		123

-#define SN_ms_ext_req		"msExtReq"

-#define LN_ms_ext_req		"Microsoft Extension Request"

-#define NID_ms_ext_req		171

-#define OBJ_ms_ext_req		1L,3L,6L,1L,4L,1L,311L,2L,1L,14L

-#define SN_ms_code_ind		"msCodeInd"

-#define LN_ms_code_ind		"Microsoft Individual Code Signing"

-#define NID_ms_code_ind		134

-#define OBJ_ms_code_ind		1L,3L,6L,1L,4L,1L,311L,2L,1L,21L

-#define SN_ms_code_com		"msCodeCom"

-#define LN_ms_code_com		"Microsoft Commercial Code Signing"

-#define NID_ms_code_com		135

-#define OBJ_ms_code_com		1L,3L,6L,1L,4L,1L,311L,2L,1L,22L

-#define SN_ms_ctl_sign		"msCTLSign"

-#define LN_ms_ctl_sign		"Microsoft Trust List Signing"

-#define NID_ms_ctl_sign		136

-#define OBJ_ms_ctl_sign		1L,3L,6L,1L,4L,1L,311L,10L,3L,1L

-#define SN_ms_sgc		"msSGC"

-#define LN_ms_sgc		"Microsoft Server Gated Crypto"

-#define NID_ms_sgc		137

-#define OBJ_ms_sgc		1L,3L,6L,1L,4L,1L,311L,10L,3L,3L

-#define SN_ms_efs		"msEFS"

-#define LN_ms_efs		"Microsoft Encrypted File System"

-#define NID_ms_efs		138

-#define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L

-#define SN_ms_smartcard_login		"msSmartcardLogin"

-#define LN_ms_smartcard_login		"Microsoft Smartcardlogin"

-#define NID_ms_smartcard_login		648

-#define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L

-#define SN_ms_upn		"msUPN"

-#define LN_ms_upn		"Microsoft Universal Principal Name"

-#define NID_ms_upn		649

-#define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L

-#define SN_idea_cbc		"IDEA-CBC"

-#define LN_idea_cbc		"idea-cbc"

-#define NID_idea_cbc		34

-#define OBJ_idea_cbc		1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L

-#define SN_idea_ecb		"IDEA-ECB"

-#define LN_idea_ecb		"idea-ecb"

-#define NID_idea_ecb		36

-#define SN_idea_cfb64		"IDEA-CFB"

-#define LN_idea_cfb64		"idea-cfb"

-#define NID_idea_cfb64		35

-#define SN_idea_ofb64		"IDEA-OFB"

-#define LN_idea_ofb64		"idea-ofb"

-#define NID_idea_ofb64		46

-#define SN_bf_cbc		"BF-CBC"

-#define LN_bf_cbc		"bf-cbc"

-#define NID_bf_cbc		91

-#define OBJ_bf_cbc		1L,3L,6L,1L,4L,1L,3029L,1L,2L

-#define SN_bf_ecb		"BF-ECB"

-#define LN_bf_ecb		"bf-ecb"

-#define NID_bf_ecb		92

-#define SN_bf_cfb64		"BF-CFB"

-#define LN_bf_cfb64		"bf-cfb"

-#define NID_bf_cfb64		93

-#define SN_bf_ofb64		"BF-OFB"

-#define LN_bf_ofb64		"bf-ofb"

-#define NID_bf_ofb64		94

-#define SN_id_pkix		"PKIX"

-#define NID_id_pkix		127

-#define OBJ_id_pkix		1L,3L,6L,1L,5L,5L,7L

-#define SN_id_pkix_mod		"id-pkix-mod"

-#define NID_id_pkix_mod		258

-#define OBJ_id_pkix_mod		OBJ_id_pkix,0L

-#define SN_id_pe		"id-pe"

-#define NID_id_pe		175

-#define OBJ_id_pe		OBJ_id_pkix,1L

-#define SN_id_qt		"id-qt"

-#define NID_id_qt		259

-#define OBJ_id_qt		OBJ_id_pkix,2L

-#define SN_id_kp		"id-kp"

-#define NID_id_kp		128

-#define OBJ_id_kp		OBJ_id_pkix,3L

-#define SN_id_it		"id-it"

-#define NID_id_it		260

-#define OBJ_id_it		OBJ_id_pkix,4L

-#define SN_id_pkip		"id-pkip"

-#define NID_id_pkip		261

-#define OBJ_id_pkip		OBJ_id_pkix,5L

-#define SN_id_alg		"id-alg"

-#define NID_id_alg		262

-#define OBJ_id_alg		OBJ_id_pkix,6L

-#define SN_id_cmc		"id-cmc"

-#define NID_id_cmc		263

-#define OBJ_id_cmc		OBJ_id_pkix,7L

-#define SN_id_on		"id-on"

-#define NID_id_on		264

-#define OBJ_id_on		OBJ_id_pkix,8L

-#define SN_id_pda		"id-pda"

-#define NID_id_pda		265

-#define OBJ_id_pda		OBJ_id_pkix,9L

-#define SN_id_aca		"id-aca"

-#define NID_id_aca		266

-#define OBJ_id_aca		OBJ_id_pkix,10L

-#define SN_id_qcs		"id-qcs"

-#define NID_id_qcs		267

-#define OBJ_id_qcs		OBJ_id_pkix,11L

-#define SN_id_cct		"id-cct"

-#define NID_id_cct		268

-#define OBJ_id_cct		OBJ_id_pkix,12L

-#define SN_id_ppl		"id-ppl"

-#define NID_id_ppl		662

-#define OBJ_id_ppl		OBJ_id_pkix,21L

-#define SN_id_ad		"id-ad"

-#define NID_id_ad		176

-#define OBJ_id_ad		OBJ_id_pkix,48L

-#define SN_id_pkix1_explicit_88		"id-pkix1-explicit-88"

-#define NID_id_pkix1_explicit_88		269

-#define OBJ_id_pkix1_explicit_88		OBJ_id_pkix_mod,1L

-#define SN_id_pkix1_implicit_88		"id-pkix1-implicit-88"

-#define NID_id_pkix1_implicit_88		270

-#define OBJ_id_pkix1_implicit_88		OBJ_id_pkix_mod,2L

-#define SN_id_pkix1_explicit_93		"id-pkix1-explicit-93"

-#define NID_id_pkix1_explicit_93		271

-#define OBJ_id_pkix1_explicit_93		OBJ_id_pkix_mod,3L

-#define SN_id_pkix1_implicit_93		"id-pkix1-implicit-93"

-#define NID_id_pkix1_implicit_93		272

-#define OBJ_id_pkix1_implicit_93		OBJ_id_pkix_mod,4L

-#define SN_id_mod_crmf		"id-mod-crmf"

-#define NID_id_mod_crmf		273

-#define OBJ_id_mod_crmf		OBJ_id_pkix_mod,5L

-#define SN_id_mod_cmc		"id-mod-cmc"

-#define NID_id_mod_cmc		274

-#define OBJ_id_mod_cmc		OBJ_id_pkix_mod,6L

-#define SN_id_mod_kea_profile_88		"id-mod-kea-profile-88"

-#define NID_id_mod_kea_profile_88		275

-#define OBJ_id_mod_kea_profile_88		OBJ_id_pkix_mod,7L

-#define SN_id_mod_kea_profile_93		"id-mod-kea-profile-93"

-#define NID_id_mod_kea_profile_93		276

-#define OBJ_id_mod_kea_profile_93		OBJ_id_pkix_mod,8L

-#define SN_id_mod_cmp		"id-mod-cmp"

-#define NID_id_mod_cmp		277

-#define OBJ_id_mod_cmp		OBJ_id_pkix_mod,9L

-#define SN_id_mod_qualified_cert_88		"id-mod-qualified-cert-88"

-#define NID_id_mod_qualified_cert_88		278

-#define OBJ_id_mod_qualified_cert_88		OBJ_id_pkix_mod,10L

-#define SN_id_mod_qualified_cert_93		"id-mod-qualified-cert-93"

-#define NID_id_mod_qualified_cert_93		279

-#define OBJ_id_mod_qualified_cert_93		OBJ_id_pkix_mod,11L

-#define SN_id_mod_attribute_cert		"id-mod-attribute-cert"

-#define NID_id_mod_attribute_cert		280

-#define OBJ_id_mod_attribute_cert		OBJ_id_pkix_mod,12L

-#define SN_id_mod_timestamp_protocol		"id-mod-timestamp-protocol"

-#define NID_id_mod_timestamp_protocol		281

-#define OBJ_id_mod_timestamp_protocol		OBJ_id_pkix_mod,13L

-#define SN_id_mod_ocsp		"id-mod-ocsp"

-#define NID_id_mod_ocsp		282

-#define OBJ_id_mod_ocsp		OBJ_id_pkix_mod,14L

-#define SN_id_mod_dvcs		"id-mod-dvcs"

-#define NID_id_mod_dvcs		283

-#define OBJ_id_mod_dvcs		OBJ_id_pkix_mod,15L

-#define SN_id_mod_cmp2000		"id-mod-cmp2000"

-#define NID_id_mod_cmp2000		284

-#define OBJ_id_mod_cmp2000		OBJ_id_pkix_mod,16L

-#define SN_info_access		"authorityInfoAccess"

-#define LN_info_access		"Authority Information Access"

-#define NID_info_access		177

-#define OBJ_info_access		OBJ_id_pe,1L

-#define SN_biometricInfo		"biometricInfo"

-#define LN_biometricInfo		"Biometric Info"

-#define NID_biometricInfo		285

-#define OBJ_biometricInfo		OBJ_id_pe,2L

-#define SN_qcStatements		"qcStatements"

-#define NID_qcStatements		286

-#define OBJ_qcStatements		OBJ_id_pe,3L

-#define SN_ac_auditEntity		"ac-auditEntity"

-#define NID_ac_auditEntity		287

-#define OBJ_ac_auditEntity		OBJ_id_pe,4L

-#define SN_ac_targeting		"ac-targeting"

-#define NID_ac_targeting		288

-#define OBJ_ac_targeting		OBJ_id_pe,5L

-#define SN_aaControls		"aaControls"

-#define NID_aaControls		289

-#define OBJ_aaControls		OBJ_id_pe,6L

-#define SN_sbgp_ipAddrBlock		"sbgp-ipAddrBlock"

-#define NID_sbgp_ipAddrBlock		290

-#define OBJ_sbgp_ipAddrBlock		OBJ_id_pe,7L

-#define SN_sbgp_autonomousSysNum		"sbgp-autonomousSysNum"

-#define NID_sbgp_autonomousSysNum		291

-#define OBJ_sbgp_autonomousSysNum		OBJ_id_pe,8L

-#define SN_sbgp_routerIdentifier		"sbgp-routerIdentifier"

-#define NID_sbgp_routerIdentifier		292

-#define OBJ_sbgp_routerIdentifier		OBJ_id_pe,9L

-#define SN_ac_proxying		"ac-proxying"

-#define NID_ac_proxying		397

-#define OBJ_ac_proxying		OBJ_id_pe,10L

-#define SN_sinfo_access		"subjectInfoAccess"

-#define LN_sinfo_access		"Subject Information Access"

-#define NID_sinfo_access		398

-#define OBJ_sinfo_access		OBJ_id_pe,11L

-#define SN_proxyCertInfo		"proxyCertInfo"

-#define LN_proxyCertInfo		"Proxy Certificate Information"

-#define NID_proxyCertInfo		663

-#define OBJ_proxyCertInfo		OBJ_id_pe,14L

-#define SN_id_qt_cps		"id-qt-cps"

-#define LN_id_qt_cps		"Policy Qualifier CPS"

-#define NID_id_qt_cps		164

-#define OBJ_id_qt_cps		OBJ_id_qt,1L

-#define SN_id_qt_unotice		"id-qt-unotice"

-#define LN_id_qt_unotice		"Policy Qualifier User Notice"

-#define NID_id_qt_unotice		165

-#define OBJ_id_qt_unotice		OBJ_id_qt,2L

-#define SN_textNotice		"textNotice"

-#define NID_textNotice		293

-#define OBJ_textNotice		OBJ_id_qt,3L

-#define SN_server_auth		"serverAuth"

-#define LN_server_auth		"TLS Web Server Authentication"

-#define NID_server_auth		129

-#define OBJ_server_auth		OBJ_id_kp,1L

-#define SN_client_auth		"clientAuth"

-#define LN_client_auth		"TLS Web Client Authentication"

-#define NID_client_auth		130

-#define OBJ_client_auth		OBJ_id_kp,2L

-#define SN_code_sign		"codeSigning"

-#define LN_code_sign		"Code Signing"

-#define NID_code_sign		131

-#define OBJ_code_sign		OBJ_id_kp,3L

-#define SN_email_protect		"emailProtection"

-#define LN_email_protect		"E-mail Protection"

-#define NID_email_protect		132

-#define OBJ_email_protect		OBJ_id_kp,4L

-#define SN_ipsecEndSystem		"ipsecEndSystem"

-#define LN_ipsecEndSystem		"IPSec End System"

-#define NID_ipsecEndSystem		294

-#define OBJ_ipsecEndSystem		OBJ_id_kp,5L

-#define SN_ipsecTunnel		"ipsecTunnel"

-#define LN_ipsecTunnel		"IPSec Tunnel"

-#define NID_ipsecTunnel		295

-#define OBJ_ipsecTunnel		OBJ_id_kp,6L

-#define SN_ipsecUser		"ipsecUser"

-#define LN_ipsecUser		"IPSec User"

-#define NID_ipsecUser		296

-#define OBJ_ipsecUser		OBJ_id_kp,7L

-#define SN_time_stamp		"timeStamping"

-#define LN_time_stamp		"Time Stamping"

-#define NID_time_stamp		133

-#define OBJ_time_stamp		OBJ_id_kp,8L

-#define SN_OCSP_sign		"OCSPSigning"

-#define LN_OCSP_sign		"OCSP Signing"

-#define NID_OCSP_sign		180

-#define OBJ_OCSP_sign		OBJ_id_kp,9L

-#define SN_dvcs		"DVCS"

-#define LN_dvcs		"dvcs"

-#define NID_dvcs		297

-#define OBJ_dvcs		OBJ_id_kp,10L

-#define SN_id_it_caProtEncCert		"id-it-caProtEncCert"

-#define NID_id_it_caProtEncCert		298

-#define OBJ_id_it_caProtEncCert		OBJ_id_it,1L

-#define SN_id_it_signKeyPairTypes		"id-it-signKeyPairTypes"

-#define NID_id_it_signKeyPairTypes		299

-#define OBJ_id_it_signKeyPairTypes		OBJ_id_it,2L

-#define SN_id_it_encKeyPairTypes		"id-it-encKeyPairTypes"

-#define NID_id_it_encKeyPairTypes		300

-#define OBJ_id_it_encKeyPairTypes		OBJ_id_it,3L

-#define SN_id_it_preferredSymmAlg		"id-it-preferredSymmAlg"

-#define NID_id_it_preferredSymmAlg		301

-#define OBJ_id_it_preferredSymmAlg		OBJ_id_it,4L

-#define SN_id_it_caKeyUpdateInfo		"id-it-caKeyUpdateInfo"

-#define NID_id_it_caKeyUpdateInfo		302

-#define OBJ_id_it_caKeyUpdateInfo		OBJ_id_it,5L

-#define SN_id_it_currentCRL		"id-it-currentCRL"

-#define NID_id_it_currentCRL		303

-#define OBJ_id_it_currentCRL		OBJ_id_it,6L

-#define SN_id_it_unsupportedOIDs		"id-it-unsupportedOIDs"

-#define NID_id_it_unsupportedOIDs		304

-#define OBJ_id_it_unsupportedOIDs		OBJ_id_it,7L

-#define SN_id_it_subscriptionRequest		"id-it-subscriptionRequest"

-#define NID_id_it_subscriptionRequest		305

-#define OBJ_id_it_subscriptionRequest		OBJ_id_it,8L

-#define SN_id_it_subscriptionResponse		"id-it-subscriptionResponse"

-#define NID_id_it_subscriptionResponse		306

-#define OBJ_id_it_subscriptionResponse		OBJ_id_it,9L

-#define SN_id_it_keyPairParamReq		"id-it-keyPairParamReq"

-#define NID_id_it_keyPairParamReq		307

-#define OBJ_id_it_keyPairParamReq		OBJ_id_it,10L

-#define SN_id_it_keyPairParamRep		"id-it-keyPairParamRep"

-#define NID_id_it_keyPairParamRep		308

-#define OBJ_id_it_keyPairParamRep		OBJ_id_it,11L

-#define SN_id_it_revPassphrase		"id-it-revPassphrase"

-#define NID_id_it_revPassphrase		309

-#define OBJ_id_it_revPassphrase		OBJ_id_it,12L

-#define SN_id_it_implicitConfirm		"id-it-implicitConfirm"

-#define NID_id_it_implicitConfirm		310

-#define OBJ_id_it_implicitConfirm		OBJ_id_it,13L

-#define SN_id_it_confirmWaitTime		"id-it-confirmWaitTime"

-#define NID_id_it_confirmWaitTime		311

-#define OBJ_id_it_confirmWaitTime		OBJ_id_it,14L

-#define SN_id_it_origPKIMessage		"id-it-origPKIMessage"

-#define NID_id_it_origPKIMessage		312

-#define OBJ_id_it_origPKIMessage		OBJ_id_it,15L

-#define SN_id_regCtrl		"id-regCtrl"

-#define NID_id_regCtrl		313

-#define OBJ_id_regCtrl		OBJ_id_pkip,1L

-#define SN_id_regInfo		"id-regInfo"

-#define NID_id_regInfo		314

-#define OBJ_id_regInfo		OBJ_id_pkip,2L

-#define SN_id_regCtrl_regToken		"id-regCtrl-regToken"

-#define NID_id_regCtrl_regToken		315

-#define OBJ_id_regCtrl_regToken		OBJ_id_regCtrl,1L

-#define SN_id_regCtrl_authenticator		"id-regCtrl-authenticator"

-#define NID_id_regCtrl_authenticator		316

-#define OBJ_id_regCtrl_authenticator		OBJ_id_regCtrl,2L

-#define SN_id_regCtrl_pkiPublicationInfo		"id-regCtrl-pkiPublicationInfo"

-#define NID_id_regCtrl_pkiPublicationInfo		317

-#define OBJ_id_regCtrl_pkiPublicationInfo		OBJ_id_regCtrl,3L

-#define SN_id_regCtrl_pkiArchiveOptions		"id-regCtrl-pkiArchiveOptions"

-#define NID_id_regCtrl_pkiArchiveOptions		318

-#define OBJ_id_regCtrl_pkiArchiveOptions		OBJ_id_regCtrl,4L

-#define SN_id_regCtrl_oldCertID		"id-regCtrl-oldCertID"

-#define NID_id_regCtrl_oldCertID		319

-#define OBJ_id_regCtrl_oldCertID		OBJ_id_regCtrl,5L

-#define SN_id_regCtrl_protocolEncrKey		"id-regCtrl-protocolEncrKey"

-#define NID_id_regCtrl_protocolEncrKey		320

-#define OBJ_id_regCtrl_protocolEncrKey		OBJ_id_regCtrl,6L

-#define SN_id_regInfo_utf8Pairs		"id-regInfo-utf8Pairs"

-#define NID_id_regInfo_utf8Pairs		321

-#define OBJ_id_regInfo_utf8Pairs		OBJ_id_regInfo,1L

-#define SN_id_regInfo_certReq		"id-regInfo-certReq"

-#define NID_id_regInfo_certReq		322

-#define OBJ_id_regInfo_certReq		OBJ_id_regInfo,2L

-#define SN_id_alg_des40		"id-alg-des40"

-#define NID_id_alg_des40		323

-#define OBJ_id_alg_des40		OBJ_id_alg,1L

-#define SN_id_alg_noSignature		"id-alg-noSignature"

-#define NID_id_alg_noSignature		324

-#define OBJ_id_alg_noSignature		OBJ_id_alg,2L

-#define SN_id_alg_dh_sig_hmac_sha1		"id-alg-dh-sig-hmac-sha1"

-#define NID_id_alg_dh_sig_hmac_sha1		325

-#define OBJ_id_alg_dh_sig_hmac_sha1		OBJ_id_alg,3L

-#define SN_id_alg_dh_pop		"id-alg-dh-pop"

-#define NID_id_alg_dh_pop		326

-#define OBJ_id_alg_dh_pop		OBJ_id_alg,4L

-#define SN_id_cmc_statusInfo		"id-cmc-statusInfo"

-#define NID_id_cmc_statusInfo		327

-#define OBJ_id_cmc_statusInfo		OBJ_id_cmc,1L

-#define SN_id_cmc_identification		"id-cmc-identification"

-#define NID_id_cmc_identification		328

-#define OBJ_id_cmc_identification		OBJ_id_cmc,2L

-#define SN_id_cmc_identityProof		"id-cmc-identityProof"

-#define NID_id_cmc_identityProof		329

-#define OBJ_id_cmc_identityProof		OBJ_id_cmc,3L

-#define SN_id_cmc_dataReturn		"id-cmc-dataReturn"

-#define NID_id_cmc_dataReturn		330

-#define OBJ_id_cmc_dataReturn		OBJ_id_cmc,4L

-#define SN_id_cmc_transactionId		"id-cmc-transactionId"

-#define NID_id_cmc_transactionId		331

-#define OBJ_id_cmc_transactionId		OBJ_id_cmc,5L

-#define SN_id_cmc_senderNonce		"id-cmc-senderNonce"

-#define NID_id_cmc_senderNonce		332

-#define OBJ_id_cmc_senderNonce		OBJ_id_cmc,6L

-#define SN_id_cmc_recipientNonce		"id-cmc-recipientNonce"

-#define NID_id_cmc_recipientNonce		333

-#define OBJ_id_cmc_recipientNonce		OBJ_id_cmc,7L

-#define SN_id_cmc_addExtensions		"id-cmc-addExtensions"

-#define NID_id_cmc_addExtensions		334

-#define OBJ_id_cmc_addExtensions		OBJ_id_cmc,8L

-#define SN_id_cmc_encryptedPOP		"id-cmc-encryptedPOP"

-#define NID_id_cmc_encryptedPOP		335

-#define OBJ_id_cmc_encryptedPOP		OBJ_id_cmc,9L

-#define SN_id_cmc_decryptedPOP		"id-cmc-decryptedPOP"

-#define NID_id_cmc_decryptedPOP		336

-#define OBJ_id_cmc_decryptedPOP		OBJ_id_cmc,10L

-#define SN_id_cmc_lraPOPWitness		"id-cmc-lraPOPWitness"

-#define NID_id_cmc_lraPOPWitness		337

-#define OBJ_id_cmc_lraPOPWitness		OBJ_id_cmc,11L

-#define SN_id_cmc_getCert		"id-cmc-getCert"

-#define NID_id_cmc_getCert		338

-#define OBJ_id_cmc_getCert		OBJ_id_cmc,15L

-#define SN_id_cmc_getCRL		"id-cmc-getCRL"

-#define NID_id_cmc_getCRL		339

-#define OBJ_id_cmc_getCRL		OBJ_id_cmc,16L

-#define SN_id_cmc_revokeRequest		"id-cmc-revokeRequest"

-#define NID_id_cmc_revokeRequest		340

-#define OBJ_id_cmc_revokeRequest		OBJ_id_cmc,17L

-#define SN_id_cmc_regInfo		"id-cmc-regInfo"

-#define NID_id_cmc_regInfo		341

-#define OBJ_id_cmc_regInfo		OBJ_id_cmc,18L

-#define SN_id_cmc_responseInfo		"id-cmc-responseInfo"

-#define NID_id_cmc_responseInfo		342

-#define OBJ_id_cmc_responseInfo		OBJ_id_cmc,19L

-#define SN_id_cmc_queryPending		"id-cmc-queryPending"

-#define NID_id_cmc_queryPending		343

-#define OBJ_id_cmc_queryPending		OBJ_id_cmc,21L

-#define SN_id_cmc_popLinkRandom		"id-cmc-popLinkRandom"

-#define NID_id_cmc_popLinkRandom		344

-#define OBJ_id_cmc_popLinkRandom		OBJ_id_cmc,22L

-#define SN_id_cmc_popLinkWitness		"id-cmc-popLinkWitness"

-#define NID_id_cmc_popLinkWitness		345

-#define OBJ_id_cmc_popLinkWitness		OBJ_id_cmc,23L

-#define SN_id_cmc_confirmCertAcceptance		"id-cmc-confirmCertAcceptance"

-#define NID_id_cmc_confirmCertAcceptance		346

-#define OBJ_id_cmc_confirmCertAcceptance		OBJ_id_cmc,24L

-#define SN_id_on_personalData		"id-on-personalData"

-#define NID_id_on_personalData		347

-#define OBJ_id_on_personalData		OBJ_id_on,1L

-#define SN_id_pda_dateOfBirth		"id-pda-dateOfBirth"

-#define NID_id_pda_dateOfBirth		348

-#define OBJ_id_pda_dateOfBirth		OBJ_id_pda,1L

-#define SN_id_pda_placeOfBirth		"id-pda-placeOfBirth"

-#define NID_id_pda_placeOfBirth		349

-#define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L

-#define SN_id_pda_gender		"id-pda-gender"

-#define NID_id_pda_gender		351

-#define OBJ_id_pda_gender		OBJ_id_pda,3L

-#define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"

-#define NID_id_pda_countryOfCitizenship		352

-#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L

-#define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"

-#define NID_id_pda_countryOfResidence		353

-#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L

-#define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"

-#define NID_id_aca_authenticationInfo		354

-#define OBJ_id_aca_authenticationInfo		OBJ_id_aca,1L

-#define SN_id_aca_accessIdentity		"id-aca-accessIdentity"

-#define NID_id_aca_accessIdentity		355

-#define OBJ_id_aca_accessIdentity		OBJ_id_aca,2L

-#define SN_id_aca_chargingIdentity		"id-aca-chargingIdentity"

-#define NID_id_aca_chargingIdentity		356

-#define OBJ_id_aca_chargingIdentity		OBJ_id_aca,3L

-#define SN_id_aca_group		"id-aca-group"

-#define NID_id_aca_group		357

-#define OBJ_id_aca_group		OBJ_id_aca,4L

-#define SN_id_aca_role		"id-aca-role"

-#define NID_id_aca_role		358

-#define OBJ_id_aca_role		OBJ_id_aca,5L

-#define SN_id_aca_encAttrs		"id-aca-encAttrs"

-#define NID_id_aca_encAttrs		399

-#define OBJ_id_aca_encAttrs		OBJ_id_aca,6L

-#define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"

-#define NID_id_qcs_pkixQCSyntax_v1		359

-#define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L

-#define SN_id_cct_crs		"id-cct-crs"

-#define NID_id_cct_crs		360

-#define OBJ_id_cct_crs		OBJ_id_cct,1L

-#define SN_id_cct_PKIData		"id-cct-PKIData"

-#define NID_id_cct_PKIData		361

-#define OBJ_id_cct_PKIData		OBJ_id_cct,2L

-#define SN_id_cct_PKIResponse		"id-cct-PKIResponse"

-#define NID_id_cct_PKIResponse		362

-#define OBJ_id_cct_PKIResponse		OBJ_id_cct,3L

-#define SN_id_ppl_anyLanguage		"id-ppl-anyLanguage"

-#define LN_id_ppl_anyLanguage		"Any language"

-#define NID_id_ppl_anyLanguage		664

-#define OBJ_id_ppl_anyLanguage		OBJ_id_ppl,0L

-#define SN_id_ppl_inheritAll		"id-ppl-inheritAll"

-#define LN_id_ppl_inheritAll		"Inherit all"

-#define NID_id_ppl_inheritAll		665

-#define OBJ_id_ppl_inheritAll		OBJ_id_ppl,1L

-#define SN_Independent		"id-ppl-independent"

-#define LN_Independent		"Independent"

-#define NID_Independent		667

-#define OBJ_Independent		OBJ_id_ppl,2L

-#define SN_ad_OCSP		"OCSP"

-#define LN_ad_OCSP		"OCSP"

-#define NID_ad_OCSP		178

-#define OBJ_ad_OCSP		OBJ_id_ad,1L

-#define SN_ad_ca_issuers		"caIssuers"

-#define LN_ad_ca_issuers		"CA Issuers"

-#define NID_ad_ca_issuers		179

-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L

-#define SN_ad_timeStamping		"ad_timestamping"

-#define LN_ad_timeStamping		"AD Time Stamping"

-#define NID_ad_timeStamping		363

-#define OBJ_ad_timeStamping		OBJ_id_ad,3L

-#define SN_ad_dvcs		"AD_DVCS"

-#define LN_ad_dvcs		"ad dvcs"

-#define NID_ad_dvcs		364

-#define OBJ_ad_dvcs		OBJ_id_ad,4L

-#define OBJ_id_pkix_OCSP		OBJ_ad_OCSP

-#define SN_id_pkix_OCSP_basic		"basicOCSPResponse"

-#define LN_id_pkix_OCSP_basic		"Basic OCSP Response"

-#define NID_id_pkix_OCSP_basic		365

-#define OBJ_id_pkix_OCSP_basic		OBJ_id_pkix_OCSP,1L

-#define SN_id_pkix_OCSP_Nonce		"Nonce"

-#define LN_id_pkix_OCSP_Nonce		"OCSP Nonce"

-#define NID_id_pkix_OCSP_Nonce		366

-#define OBJ_id_pkix_OCSP_Nonce		OBJ_id_pkix_OCSP,2L

-#define SN_id_pkix_OCSP_CrlID		"CrlID"

-#define LN_id_pkix_OCSP_CrlID		"OCSP CRL ID"

-#define NID_id_pkix_OCSP_CrlID		367

-#define OBJ_id_pkix_OCSP_CrlID		OBJ_id_pkix_OCSP,3L

-#define SN_id_pkix_OCSP_acceptableResponses		"acceptableResponses"

-#define LN_id_pkix_OCSP_acceptableResponses		"Acceptable OCSP Responses"

-#define NID_id_pkix_OCSP_acceptableResponses		368

-#define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L

-#define SN_id_pkix_OCSP_noCheck		"noCheck"

-#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"

-#define NID_id_pkix_OCSP_noCheck		369

-#define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L

-#define SN_id_pkix_OCSP_archiveCutoff		"archiveCutoff"

-#define LN_id_pkix_OCSP_archiveCutoff		"OCSP Archive Cutoff"

-#define NID_id_pkix_OCSP_archiveCutoff		370

-#define OBJ_id_pkix_OCSP_archiveCutoff		OBJ_id_pkix_OCSP,6L

-#define SN_id_pkix_OCSP_serviceLocator		"serviceLocator"

-#define LN_id_pkix_OCSP_serviceLocator		"OCSP Service Locator"

-#define NID_id_pkix_OCSP_serviceLocator		371

-#define OBJ_id_pkix_OCSP_serviceLocator		OBJ_id_pkix_OCSP,7L

-#define SN_id_pkix_OCSP_extendedStatus		"extendedStatus"

-#define LN_id_pkix_OCSP_extendedStatus		"Extended OCSP Status"

-#define NID_id_pkix_OCSP_extendedStatus		372

-#define OBJ_id_pkix_OCSP_extendedStatus		OBJ_id_pkix_OCSP,8L

-#define SN_id_pkix_OCSP_valid		"valid"

-#define NID_id_pkix_OCSP_valid		373

-#define OBJ_id_pkix_OCSP_valid		OBJ_id_pkix_OCSP,9L

-#define SN_id_pkix_OCSP_path		"path"

-#define NID_id_pkix_OCSP_path		374

-#define OBJ_id_pkix_OCSP_path		OBJ_id_pkix_OCSP,10L

-#define SN_id_pkix_OCSP_trustRoot		"trustRoot"

-#define LN_id_pkix_OCSP_trustRoot		"Trust Root"

-#define NID_id_pkix_OCSP_trustRoot		375

-#define OBJ_id_pkix_OCSP_trustRoot		OBJ_id_pkix_OCSP,11L

-#define SN_algorithm		"algorithm"

-#define LN_algorithm		"algorithm"

-#define NID_algorithm		376

-#define OBJ_algorithm		1L,3L,14L,3L,2L

-#define SN_md5WithRSA		"RSA-NP-MD5"

-#define LN_md5WithRSA		"md5WithRSA"

-#define NID_md5WithRSA		104

-#define OBJ_md5WithRSA		OBJ_algorithm,3L

-#define SN_des_ecb		"DES-ECB"

-#define LN_des_ecb		"des-ecb"

-#define NID_des_ecb		29

-#define OBJ_des_ecb		OBJ_algorithm,6L

-#define SN_des_cbc		"DES-CBC"

-#define LN_des_cbc		"des-cbc"

-#define NID_des_cbc		31

-#define OBJ_des_cbc		OBJ_algorithm,7L

-#define SN_des_ofb64		"DES-OFB"

-#define LN_des_ofb64		"des-ofb"

-#define NID_des_ofb64		45

-#define OBJ_des_ofb64		OBJ_algorithm,8L

-#define SN_des_cfb64		"DES-CFB"

-#define LN_des_cfb64		"des-cfb"

-#define NID_des_cfb64		30

-#define OBJ_des_cfb64		OBJ_algorithm,9L

-#define SN_rsaSignature		"rsaSignature"

-#define NID_rsaSignature		377

-#define OBJ_rsaSignature		OBJ_algorithm,11L

-#define SN_dsa_2		"DSA-old"

-#define LN_dsa_2		"dsaEncryption-old"

-#define NID_dsa_2		67

-#define OBJ_dsa_2		OBJ_algorithm,12L

-#define SN_dsaWithSHA		"DSA-SHA"

-#define LN_dsaWithSHA		"dsaWithSHA"

-#define NID_dsaWithSHA		66

-#define OBJ_dsaWithSHA		OBJ_algorithm,13L

-#define SN_shaWithRSAEncryption		"RSA-SHA"

-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"

-#define NID_shaWithRSAEncryption		42

-#define OBJ_shaWithRSAEncryption		OBJ_algorithm,15L

-#define SN_des_ede_ecb		"DES-EDE"

-#define LN_des_ede_ecb		"des-ede"

-#define NID_des_ede_ecb		32

-#define OBJ_des_ede_ecb		OBJ_algorithm,17L

-#define SN_des_ede3_ecb		"DES-EDE3"

-#define LN_des_ede3_ecb		"des-ede3"

-#define NID_des_ede3_ecb		33

-#define SN_des_ede_cbc		"DES-EDE-CBC"

-#define LN_des_ede_cbc		"des-ede-cbc"

-#define NID_des_ede_cbc		43

-#define SN_des_ede_cfb64		"DES-EDE-CFB"

-#define LN_des_ede_cfb64		"des-ede-cfb"

-#define NID_des_ede_cfb64		60

-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"

-#define LN_des_ede3_cfb64		"des-ede3-cfb"

-#define NID_des_ede3_cfb64		61

-#define SN_des_ede_ofb64		"DES-EDE-OFB"

-#define LN_des_ede_ofb64		"des-ede-ofb"

-#define NID_des_ede_ofb64		62

-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"

-#define LN_des_ede3_ofb64		"des-ede3-ofb"

-#define NID_des_ede3_ofb64		63

-#define SN_desx_cbc		"DESX-CBC"

-#define LN_desx_cbc		"desx-cbc"

-#define NID_desx_cbc		80

-#define SN_sha		"SHA"

-#define LN_sha		"sha"

-#define NID_sha		41

-#define OBJ_sha		OBJ_algorithm,18L

-#define SN_sha1		"SHA1"

-#define LN_sha1		"sha1"

-#define NID_sha1		64

-#define OBJ_sha1		OBJ_algorithm,26L

-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"

-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"

-#define NID_dsaWithSHA1_2		70

-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L

-#define SN_sha1WithRSA		"RSA-SHA1-2"

-#define LN_sha1WithRSA		"sha1WithRSA"

-#define NID_sha1WithRSA		115

-#define OBJ_sha1WithRSA		OBJ_algorithm,29L

-#define SN_ripemd160		"RIPEMD160"

-#define LN_ripemd160		"ripemd160"

-#define NID_ripemd160		117

-#define OBJ_ripemd160		1L,3L,36L,3L,2L,1L

-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"

-#define LN_ripemd160WithRSA		"ripemd160WithRSA"

-#define NID_ripemd160WithRSA		119

-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L

-#define SN_sxnet		"SXNetID"

-#define LN_sxnet		"Strong Extranet ID"

-#define NID_sxnet		143

-#define OBJ_sxnet		1L,3L,101L,1L,4L,1L

-#define SN_X500		"X500"

-#define LN_X500		"directory services (X.500)"

-#define NID_X500		11

-#define OBJ_X500		2L,5L

-#define SN_X509		"X509"

-#define NID_X509		12

-#define OBJ_X509		OBJ_X500,4L

-#define SN_commonName		"CN"

-#define LN_commonName		"commonName"

-#define NID_commonName		13

-#define OBJ_commonName		OBJ_X509,3L

-#define SN_surname		"SN"

-#define LN_surname		"surname"

-#define NID_surname		100

-#define OBJ_surname		OBJ_X509,4L

-#define LN_serialNumber		"serialNumber"

-#define NID_serialNumber		105

-#define OBJ_serialNumber		OBJ_X509,5L

-#define SN_countryName		"C"

-#define LN_countryName		"countryName"

-#define NID_countryName		14

-#define OBJ_countryName		OBJ_X509,6L

-#define SN_localityName		"L"

-#define LN_localityName		"localityName"

-#define NID_localityName		15

-#define OBJ_localityName		OBJ_X509,7L

-#define SN_stateOrProvinceName		"ST"

-#define LN_stateOrProvinceName		"stateOrProvinceName"

-#define NID_stateOrProvinceName		16

-#define OBJ_stateOrProvinceName		OBJ_X509,8L

-#define LN_streetAddress		"streetAddress"

-#define NID_streetAddress		660

-#define OBJ_streetAddress		OBJ_X509,9L

-#define SN_organizationName		"O"

-#define LN_organizationName		"organizationName"

-#define NID_organizationName		17

-#define OBJ_organizationName		OBJ_X509,10L

-#define SN_organizationalUnitName		"OU"

-#define LN_organizationalUnitName		"organizationalUnitName"

-#define NID_organizationalUnitName		18

-#define OBJ_organizationalUnitName		OBJ_X509,11L

-#define LN_title		"title"

-#define NID_title		106

-#define OBJ_title		OBJ_X509,12L

-#define LN_description		"description"

-#define NID_description		107

-#define OBJ_description		OBJ_X509,13L

-#define LN_postalCode		"postalCode"

-#define NID_postalCode		661

-#define OBJ_postalCode		OBJ_X509,17L

-#define SN_name		"name"

-#define LN_name		"name"

-#define NID_name		173

-#define OBJ_name		OBJ_X509,41L

-#define SN_givenName		"GN"

-#define LN_givenName		"givenName"

-#define NID_givenName		99

-#define OBJ_givenName		OBJ_X509,42L

-#define LN_initials		"initials"

-#define NID_initials		101

-#define OBJ_initials		OBJ_X509,43L

-#define LN_generationQualifier		"generationQualifier"

-#define NID_generationQualifier		509

-#define OBJ_generationQualifier		OBJ_X509,44L

-#define LN_x500UniqueIdentifier		"x500UniqueIdentifier"

-#define NID_x500UniqueIdentifier		503

-#define OBJ_x500UniqueIdentifier		OBJ_X509,45L

-#define SN_dnQualifier		"dnQualifier"

-#define LN_dnQualifier		"dnQualifier"

-#define NID_dnQualifier		174

-#define OBJ_dnQualifier		OBJ_X509,46L

-#define LN_pseudonym		"pseudonym"

-#define NID_pseudonym		510

-#define OBJ_pseudonym		OBJ_X509,65L

-#define SN_role		"role"

-#define LN_role		"role"

-#define NID_role		400

-#define OBJ_role		OBJ_X509,72L

-#define SN_X500algorithms		"X500algorithms"

-#define LN_X500algorithms		"directory services - algorithms"

-#define NID_X500algorithms		378

-#define OBJ_X500algorithms		OBJ_X500,8L

-#define SN_rsa		"RSA"

-#define LN_rsa		"rsa"

-#define NID_rsa		19

-#define OBJ_rsa		OBJ_X500algorithms,1L,1L

-#define SN_mdc2WithRSA		"RSA-MDC2"

-#define LN_mdc2WithRSA		"mdc2WithRSA"

-#define NID_mdc2WithRSA		96

-#define OBJ_mdc2WithRSA		OBJ_X500algorithms,3L,100L

-#define SN_mdc2		"MDC2"

-#define LN_mdc2		"mdc2"

-#define NID_mdc2		95

-#define OBJ_mdc2		OBJ_X500algorithms,3L,101L

-#define SN_id_ce		"id-ce"

-#define NID_id_ce		81

-#define OBJ_id_ce		OBJ_X500,29L

-#define SN_subject_directory_attributes		"subjectDirectoryAttributes"

-#define LN_subject_directory_attributes		"X509v3 Subject Directory Attributes"

-#define NID_subject_directory_attributes		769

-#define OBJ_subject_directory_attributes		OBJ_id_ce,9L

-#define SN_subject_key_identifier		"subjectKeyIdentifier"

-#define LN_subject_key_identifier		"X509v3 Subject Key Identifier"

-#define NID_subject_key_identifier		82

-#define OBJ_subject_key_identifier		OBJ_id_ce,14L

-#define SN_key_usage		"keyUsage"

-#define LN_key_usage		"X509v3 Key Usage"

-#define NID_key_usage		83

-#define OBJ_key_usage		OBJ_id_ce,15L

-#define SN_private_key_usage_period		"privateKeyUsagePeriod"

-#define LN_private_key_usage_period		"X509v3 Private Key Usage Period"

-#define NID_private_key_usage_period		84

-#define OBJ_private_key_usage_period		OBJ_id_ce,16L

-#define SN_subject_alt_name		"subjectAltName"

-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"

-#define NID_subject_alt_name		85

-#define OBJ_subject_alt_name		OBJ_id_ce,17L

-#define SN_issuer_alt_name		"issuerAltName"

-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"

-#define NID_issuer_alt_name		86

-#define OBJ_issuer_alt_name		OBJ_id_ce,18L

-#define SN_basic_constraints		"basicConstraints"

-#define LN_basic_constraints		"X509v3 Basic Constraints"

-#define NID_basic_constraints		87

-#define OBJ_basic_constraints		OBJ_id_ce,19L

-#define SN_crl_number		"crlNumber"

-#define LN_crl_number		"X509v3 CRL Number"

-#define NID_crl_number		88

-#define OBJ_crl_number		OBJ_id_ce,20L

-#define SN_crl_reason		"CRLReason"

-#define LN_crl_reason		"X509v3 CRL Reason Code"

-#define NID_crl_reason		141

-#define OBJ_crl_reason		OBJ_id_ce,21L

-#define SN_invalidity_date		"invalidityDate"

-#define LN_invalidity_date		"Invalidity Date"

-#define NID_invalidity_date		142

-#define OBJ_invalidity_date		OBJ_id_ce,24L

-#define SN_delta_crl		"deltaCRL"

-#define LN_delta_crl		"X509v3 Delta CRL Indicator"

-#define NID_delta_crl		140

-#define OBJ_delta_crl		OBJ_id_ce,27L

-#define SN_issuing_distribution_point		"issuingDistributionPoint"

-#define LN_issuing_distribution_point		"X509v3 Issuing Distrubution Point"

-#define NID_issuing_distribution_point		770

-#define OBJ_issuing_distribution_point		OBJ_id_ce,28L

-#define SN_certificate_issuer		"certificateIssuer"

-#define LN_certificate_issuer		"X509v3 Certificate Issuer"

-#define NID_certificate_issuer		771

-#define OBJ_certificate_issuer		OBJ_id_ce,29L

-#define SN_name_constraints		"nameConstraints"

-#define LN_name_constraints		"X509v3 Name Constraints"

-#define NID_name_constraints		666

-#define OBJ_name_constraints		OBJ_id_ce,30L

-#define SN_crl_distribution_points		"crlDistributionPoints"

-#define LN_crl_distribution_points		"X509v3 CRL Distribution Points"

-#define NID_crl_distribution_points		103

-#define OBJ_crl_distribution_points		OBJ_id_ce,31L

-#define SN_certificate_policies		"certificatePolicies"

-#define LN_certificate_policies		"X509v3 Certificate Policies"

-#define NID_certificate_policies		89

-#define OBJ_certificate_policies		OBJ_id_ce,32L

-#define SN_any_policy		"anyPolicy"

-#define LN_any_policy		"X509v3 Any Policy"

-#define NID_any_policy		746

-#define OBJ_any_policy		OBJ_certificate_policies,0L

-#define SN_policy_mappings		"policyMappings"

-#define LN_policy_mappings		"X509v3 Policy Mappings"

-#define NID_policy_mappings		747

-#define OBJ_policy_mappings		OBJ_id_ce,33L

-#define SN_authority_key_identifier		"authorityKeyIdentifier"

-#define LN_authority_key_identifier		"X509v3 Authority Key Identifier"

-#define NID_authority_key_identifier		90

-#define OBJ_authority_key_identifier		OBJ_id_ce,35L

-#define SN_policy_constraints		"policyConstraints"

-#define LN_policy_constraints		"X509v3 Policy Constraints"

-#define NID_policy_constraints		401

-#define OBJ_policy_constraints		OBJ_id_ce,36L

-#define SN_ext_key_usage		"extendedKeyUsage"

-#define LN_ext_key_usage		"X509v3 Extended Key Usage"

-#define NID_ext_key_usage		126

-#define OBJ_ext_key_usage		OBJ_id_ce,37L

-#define SN_inhibit_any_policy		"inhibitAnyPolicy"

-#define LN_inhibit_any_policy		"X509v3 Inhibit Any Policy"

-#define NID_inhibit_any_policy		748

-#define OBJ_inhibit_any_policy		OBJ_id_ce,54L

-#define SN_target_information		"targetInformation"

-#define LN_target_information		"X509v3 AC Targeting"

-#define NID_target_information		402

-#define OBJ_target_information		OBJ_id_ce,55L

-#define SN_no_rev_avail		"noRevAvail"

-#define LN_no_rev_avail		"X509v3 No Revocation Available"

-#define NID_no_rev_avail		403

-#define OBJ_no_rev_avail		OBJ_id_ce,56L

-#define SN_netscape		"Netscape"

-#define LN_netscape		"Netscape Communications Corp."

-#define NID_netscape		57

-#define OBJ_netscape		2L,16L,840L,1L,113730L

-#define SN_netscape_cert_extension		"nsCertExt"

-#define LN_netscape_cert_extension		"Netscape Certificate Extension"

-#define NID_netscape_cert_extension		58

-#define OBJ_netscape_cert_extension		OBJ_netscape,1L

-#define SN_netscape_data_type		"nsDataType"

-#define LN_netscape_data_type		"Netscape Data Type"

-#define NID_netscape_data_type		59

-#define OBJ_netscape_data_type		OBJ_netscape,2L

-#define SN_netscape_cert_type		"nsCertType"

-#define LN_netscape_cert_type		"Netscape Cert Type"

-#define NID_netscape_cert_type		71

-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L

-#define SN_netscape_base_url		"nsBaseUrl"

-#define LN_netscape_base_url		"Netscape Base Url"

-#define NID_netscape_base_url		72

-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L

-#define SN_netscape_revocation_url		"nsRevocationUrl"

-#define LN_netscape_revocation_url		"Netscape Revocation Url"

-#define NID_netscape_revocation_url		73

-#define OBJ_netscape_revocation_url		OBJ_netscape_cert_extension,3L

-#define SN_netscape_ca_revocation_url		"nsCaRevocationUrl"

-#define LN_netscape_ca_revocation_url		"Netscape CA Revocation Url"

-#define NID_netscape_ca_revocation_url		74

-#define OBJ_netscape_ca_revocation_url		OBJ_netscape_cert_extension,4L

-#define SN_netscape_renewal_url		"nsRenewalUrl"

-#define LN_netscape_renewal_url		"Netscape Renewal Url"

-#define NID_netscape_renewal_url		75

-#define OBJ_netscape_renewal_url		OBJ_netscape_cert_extension,7L

-#define SN_netscape_ca_policy_url		"nsCaPolicyUrl"

-#define LN_netscape_ca_policy_url		"Netscape CA Policy Url"

-#define NID_netscape_ca_policy_url		76

-#define OBJ_netscape_ca_policy_url		OBJ_netscape_cert_extension,8L

-#define SN_netscape_ssl_server_name		"nsSslServerName"

-#define LN_netscape_ssl_server_name		"Netscape SSL Server Name"

-#define NID_netscape_ssl_server_name		77

-#define OBJ_netscape_ssl_server_name		OBJ_netscape_cert_extension,12L

-#define SN_netscape_comment		"nsComment"

-#define LN_netscape_comment		"Netscape Comment"

-#define NID_netscape_comment		78

-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L

-#define SN_netscape_cert_sequence		"nsCertSequence"

-#define LN_netscape_cert_sequence		"Netscape Certificate Sequence"

-#define NID_netscape_cert_sequence		79

-#define OBJ_netscape_cert_sequence		OBJ_netscape_data_type,5L

-#define SN_ns_sgc		"nsSGC"

-#define LN_ns_sgc		"Netscape Server Gated Crypto"

-#define NID_ns_sgc		139

-#define OBJ_ns_sgc		OBJ_netscape,4L,1L

-#define SN_org		"ORG"

-#define LN_org		"org"

-#define NID_org		379

-#define OBJ_org		OBJ_iso,3L

-#define SN_dod		"DOD"

-#define LN_dod		"dod"

-#define NID_dod		380

-#define OBJ_dod		OBJ_org,6L

-#define SN_iana		"IANA"

-#define LN_iana		"iana"

-#define NID_iana		381

-#define OBJ_iana		OBJ_dod,1L

-#define OBJ_internet		OBJ_iana

-#define SN_Directory		"directory"

-#define LN_Directory		"Directory"

-#define NID_Directory		382

-#define OBJ_Directory		OBJ_internet,1L

-#define SN_Management		"mgmt"

-#define LN_Management		"Management"

-#define NID_Management		383

-#define OBJ_Management		OBJ_internet,2L

-#define SN_Experimental		"experimental"

-#define LN_Experimental		"Experimental"

-#define NID_Experimental		384

-#define OBJ_Experimental		OBJ_internet,3L

-#define SN_Private		"private"

-#define LN_Private		"Private"

-#define NID_Private		385

-#define OBJ_Private		OBJ_internet,4L

-#define SN_Security		"security"

-#define LN_Security		"Security"

-#define NID_Security		386

-#define OBJ_Security		OBJ_internet,5L

-#define SN_SNMPv2		"snmpv2"

-#define LN_SNMPv2		"SNMPv2"

-#define NID_SNMPv2		387

-#define OBJ_SNMPv2		OBJ_internet,6L

-#define LN_Mail		"Mail"

-#define NID_Mail		388

-#define OBJ_Mail		OBJ_internet,7L

-#define SN_Enterprises		"enterprises"

-#define LN_Enterprises		"Enterprises"

-#define NID_Enterprises		389

-#define OBJ_Enterprises		OBJ_Private,1L

-#define SN_dcObject		"dcobject"

-#define LN_dcObject		"dcObject"

-#define NID_dcObject		390

-#define OBJ_dcObject		OBJ_Enterprises,1466L,344L

-#define SN_mime_mhs		"mime-mhs"

-#define LN_mime_mhs		"MIME MHS"

-#define NID_mime_mhs		504

-#define OBJ_mime_mhs		OBJ_Mail,1L

-#define SN_mime_mhs_headings		"mime-mhs-headings"

-#define LN_mime_mhs_headings		"mime-mhs-headings"

-#define NID_mime_mhs_headings		505

-#define OBJ_mime_mhs_headings		OBJ_mime_mhs,1L

-#define SN_mime_mhs_bodies		"mime-mhs-bodies"

-#define LN_mime_mhs_bodies		"mime-mhs-bodies"

-#define NID_mime_mhs_bodies		506

-#define OBJ_mime_mhs_bodies		OBJ_mime_mhs,2L

-#define SN_id_hex_partial_message		"id-hex-partial-message"

-#define LN_id_hex_partial_message		"id-hex-partial-message"

-#define NID_id_hex_partial_message		507

-#define OBJ_id_hex_partial_message		OBJ_mime_mhs_headings,1L

-#define SN_id_hex_multipart_message		"id-hex-multipart-message"

-#define LN_id_hex_multipart_message		"id-hex-multipart-message"

-#define NID_id_hex_multipart_message		508

-#define OBJ_id_hex_multipart_message		OBJ_mime_mhs_headings,2L

-#define SN_rle_compression		"RLE"

-#define LN_rle_compression		"run length compression"

-#define NID_rle_compression		124

-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L

-#define SN_zlib_compression		"ZLIB"

-#define LN_zlib_compression		"zlib compression"

-#define NID_zlib_compression		125

-#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L

-#define OBJ_csor		2L,16L,840L,1L,101L,3L

-#define OBJ_nistAlgorithms		OBJ_csor,4L

-#define OBJ_aes		OBJ_nistAlgorithms,1L

-#define SN_aes_128_ecb		"AES-128-ECB"

-#define LN_aes_128_ecb		"aes-128-ecb"

-#define NID_aes_128_ecb		418

-#define OBJ_aes_128_ecb		OBJ_aes,1L

-#define SN_aes_128_cbc		"AES-128-CBC"

-#define LN_aes_128_cbc		"aes-128-cbc"

-#define NID_aes_128_cbc		419

-#define OBJ_aes_128_cbc		OBJ_aes,2L

-#define SN_aes_128_ofb128		"AES-128-OFB"

-#define LN_aes_128_ofb128		"aes-128-ofb"

-#define NID_aes_128_ofb128		420

-#define OBJ_aes_128_ofb128		OBJ_aes,3L

-#define SN_aes_128_cfb128		"AES-128-CFB"

-#define LN_aes_128_cfb128		"aes-128-cfb"

-#define NID_aes_128_cfb128		421

-#define OBJ_aes_128_cfb128		OBJ_aes,4L

-#define SN_aes_192_ecb		"AES-192-ECB"

-#define LN_aes_192_ecb		"aes-192-ecb"

-#define NID_aes_192_ecb		422

-#define OBJ_aes_192_ecb		OBJ_aes,21L

-#define SN_aes_192_cbc		"AES-192-CBC"

-#define LN_aes_192_cbc		"aes-192-cbc"

-#define NID_aes_192_cbc		423

-#define OBJ_aes_192_cbc		OBJ_aes,22L

-#define SN_aes_192_ofb128		"AES-192-OFB"

-#define LN_aes_192_ofb128		"aes-192-ofb"

-#define NID_aes_192_ofb128		424

-#define OBJ_aes_192_ofb128		OBJ_aes,23L

-#define SN_aes_192_cfb128		"AES-192-CFB"

-#define LN_aes_192_cfb128		"aes-192-cfb"

-#define NID_aes_192_cfb128		425

-#define OBJ_aes_192_cfb128		OBJ_aes,24L

-#define SN_aes_256_ecb		"AES-256-ECB"

-#define LN_aes_256_ecb		"aes-256-ecb"

-#define NID_aes_256_ecb		426

-#define OBJ_aes_256_ecb		OBJ_aes,41L

-#define SN_aes_256_cbc		"AES-256-CBC"

-#define LN_aes_256_cbc		"aes-256-cbc"

-#define NID_aes_256_cbc		427

-#define OBJ_aes_256_cbc		OBJ_aes,42L

-#define SN_aes_256_ofb128		"AES-256-OFB"

-#define LN_aes_256_ofb128		"aes-256-ofb"

-#define NID_aes_256_ofb128		428

-#define OBJ_aes_256_ofb128		OBJ_aes,43L

-#define SN_aes_256_cfb128		"AES-256-CFB"

-#define LN_aes_256_cfb128		"aes-256-cfb"

-#define NID_aes_256_cfb128		429

-#define OBJ_aes_256_cfb128		OBJ_aes,44L

-#define SN_aes_128_cfb1		"AES-128-CFB1"

-#define LN_aes_128_cfb1		"aes-128-cfb1"

-#define NID_aes_128_cfb1		650

-#define SN_aes_192_cfb1		"AES-192-CFB1"

-#define LN_aes_192_cfb1		"aes-192-cfb1"

-#define NID_aes_192_cfb1		651

-#define SN_aes_256_cfb1		"AES-256-CFB1"

-#define LN_aes_256_cfb1		"aes-256-cfb1"

-#define NID_aes_256_cfb1		652

-#define SN_aes_128_cfb8		"AES-128-CFB8"

-#define LN_aes_128_cfb8		"aes-128-cfb8"

-#define NID_aes_128_cfb8		653

-#define SN_aes_192_cfb8		"AES-192-CFB8"

-#define LN_aes_192_cfb8		"aes-192-cfb8"

-#define NID_aes_192_cfb8		654

-#define SN_aes_256_cfb8		"AES-256-CFB8"

-#define LN_aes_256_cfb8		"aes-256-cfb8"

-#define NID_aes_256_cfb8		655

-#define SN_des_cfb1		"DES-CFB1"

-#define LN_des_cfb1		"des-cfb1"

-#define NID_des_cfb1		656

-#define SN_des_cfb8		"DES-CFB8"

-#define LN_des_cfb8		"des-cfb8"

-#define NID_des_cfb8		657

-#define SN_des_ede3_cfb1		"DES-EDE3-CFB1"

-#define LN_des_ede3_cfb1		"des-ede3-cfb1"

-#define NID_des_ede3_cfb1		658

-#define SN_des_ede3_cfb8		"DES-EDE3-CFB8"

-#define LN_des_ede3_cfb8		"des-ede3-cfb8"

-#define NID_des_ede3_cfb8		659

-#define OBJ_nist_hashalgs		OBJ_nistAlgorithms,2L

-#define SN_sha256		"SHA256"

-#define LN_sha256		"sha256"

-#define NID_sha256		672

-#define OBJ_sha256		OBJ_nist_hashalgs,1L

-#define SN_sha384		"SHA384"

-#define LN_sha384		"sha384"

-#define NID_sha384		673

-#define OBJ_sha384		OBJ_nist_hashalgs,2L

-#define SN_sha512		"SHA512"

-#define LN_sha512		"sha512"

-#define NID_sha512		674

-#define OBJ_sha512		OBJ_nist_hashalgs,3L

-#define SN_sha224		"SHA224"

-#define LN_sha224		"sha224"

-#define NID_sha224		675

-#define OBJ_sha224		OBJ_nist_hashalgs,4L

-#define SN_hold_instruction_code		"holdInstructionCode"

-#define LN_hold_instruction_code		"Hold Instruction Code"

-#define NID_hold_instruction_code		430

-#define OBJ_hold_instruction_code		OBJ_id_ce,23L

-#define OBJ_holdInstruction		OBJ_X9_57,2L

-#define SN_hold_instruction_none		"holdInstructionNone"

-#define LN_hold_instruction_none		"Hold Instruction None"

-#define NID_hold_instruction_none		431

-#define OBJ_hold_instruction_none		OBJ_holdInstruction,1L

-#define SN_hold_instruction_call_issuer		"holdInstructionCallIssuer"

-#define LN_hold_instruction_call_issuer		"Hold Instruction Call Issuer"

-#define NID_hold_instruction_call_issuer		432

-#define OBJ_hold_instruction_call_issuer		OBJ_holdInstruction,2L

-#define SN_hold_instruction_reject		"holdInstructionReject"

-#define LN_hold_instruction_reject		"Hold Instruction Reject"

-#define NID_hold_instruction_reject		433

-#define OBJ_hold_instruction_reject		OBJ_holdInstruction,3L

-#define SN_data		"data"

-#define NID_data		434

-#define OBJ_data		OBJ_itu_t,9L

-#define SN_pss		"pss"

-#define NID_pss		435

-#define OBJ_pss		OBJ_data,2342L

-#define SN_ucl		"ucl"

-#define NID_ucl		436

-#define OBJ_ucl		OBJ_pss,19200300L

-#define SN_pilot		"pilot"

-#define NID_pilot		437

-#define OBJ_pilot		OBJ_ucl,100L

-#define LN_pilotAttributeType		"pilotAttributeType"

-#define NID_pilotAttributeType		438

-#define OBJ_pilotAttributeType		OBJ_pilot,1L

-#define LN_pilotAttributeSyntax		"pilotAttributeSyntax"

-#define NID_pilotAttributeSyntax		439

-#define OBJ_pilotAttributeSyntax		OBJ_pilot,3L

-#define LN_pilotObjectClass		"pilotObjectClass"

-#define NID_pilotObjectClass		440

-#define OBJ_pilotObjectClass		OBJ_pilot,4L

-#define LN_pilotGroups		"pilotGroups"

-#define NID_pilotGroups		441

-#define OBJ_pilotGroups		OBJ_pilot,10L

-#define LN_iA5StringSyntax		"iA5StringSyntax"

-#define NID_iA5StringSyntax		442

-#define OBJ_iA5StringSyntax		OBJ_pilotAttributeSyntax,4L

-#define LN_caseIgnoreIA5StringSyntax		"caseIgnoreIA5StringSyntax"

-#define NID_caseIgnoreIA5StringSyntax		443

-#define OBJ_caseIgnoreIA5StringSyntax		OBJ_pilotAttributeSyntax,5L

-#define LN_pilotObject		"pilotObject"

-#define NID_pilotObject		444

-#define OBJ_pilotObject		OBJ_pilotObjectClass,3L

-#define LN_pilotPerson		"pilotPerson"

-#define NID_pilotPerson		445

-#define OBJ_pilotPerson		OBJ_pilotObjectClass,4L

-#define SN_account		"account"

-#define NID_account		446

-#define OBJ_account		OBJ_pilotObjectClass,5L

-#define SN_document		"document"

-#define NID_document		447

-#define OBJ_document		OBJ_pilotObjectClass,6L

-#define SN_room		"room"

-#define NID_room		448

-#define OBJ_room		OBJ_pilotObjectClass,7L

-#define LN_documentSeries		"documentSeries"

-#define NID_documentSeries		449

-#define OBJ_documentSeries		OBJ_pilotObjectClass,9L

-#define SN_Domain		"domain"

-#define LN_Domain		"Domain"

-#define NID_Domain		392

-#define OBJ_Domain		OBJ_pilotObjectClass,13L

-#define LN_rFC822localPart		"rFC822localPart"

-#define NID_rFC822localPart		450

-#define OBJ_rFC822localPart		OBJ_pilotObjectClass,14L

-#define LN_dNSDomain		"dNSDomain"

-#define NID_dNSDomain		451

-#define OBJ_dNSDomain		OBJ_pilotObjectClass,15L

-#define LN_domainRelatedObject		"domainRelatedObject"

-#define NID_domainRelatedObject		452

-#define OBJ_domainRelatedObject		OBJ_pilotObjectClass,17L

-#define LN_friendlyCountry		"friendlyCountry"

-#define NID_friendlyCountry		453

-#define OBJ_friendlyCountry		OBJ_pilotObjectClass,18L

-#define LN_simpleSecurityObject		"simpleSecurityObject"

-#define NID_simpleSecurityObject		454

-#define OBJ_simpleSecurityObject		OBJ_pilotObjectClass,19L

-#define LN_pilotOrganization		"pilotOrganization"

-#define NID_pilotOrganization		455

-#define OBJ_pilotOrganization		OBJ_pilotObjectClass,20L

-#define LN_pilotDSA		"pilotDSA"

-#define NID_pilotDSA		456

-#define OBJ_pilotDSA		OBJ_pilotObjectClass,21L

-#define LN_qualityLabelledData		"qualityLabelledData"

-#define NID_qualityLabelledData		457

-#define OBJ_qualityLabelledData		OBJ_pilotObjectClass,22L

-#define SN_userId		"UID"

-#define LN_userId		"userId"

-#define NID_userId		458

-#define OBJ_userId		OBJ_pilotAttributeType,1L

-#define LN_textEncodedORAddress		"textEncodedORAddress"

-#define NID_textEncodedORAddress		459

-#define OBJ_textEncodedORAddress		OBJ_pilotAttributeType,2L

-#define SN_rfc822Mailbox		"mail"

-#define LN_rfc822Mailbox		"rfc822Mailbox"

-#define NID_rfc822Mailbox		460

-#define OBJ_rfc822Mailbox		OBJ_pilotAttributeType,3L

-#define SN_info		"info"

-#define NID_info		461

-#define OBJ_info		OBJ_pilotAttributeType,4L

-#define LN_favouriteDrink		"favouriteDrink"

-#define NID_favouriteDrink		462

-#define OBJ_favouriteDrink		OBJ_pilotAttributeType,5L

-#define LN_roomNumber		"roomNumber"

-#define NID_roomNumber		463

-#define OBJ_roomNumber		OBJ_pilotAttributeType,6L

-#define SN_photo		"photo"

-#define NID_photo		464

-#define OBJ_photo		OBJ_pilotAttributeType,7L

-#define LN_userClass		"userClass"

-#define NID_userClass		465

-#define OBJ_userClass		OBJ_pilotAttributeType,8L

-#define SN_host		"host"

-#define NID_host		466

-#define OBJ_host		OBJ_pilotAttributeType,9L

-#define SN_manager		"manager"

-#define NID_manager		467

-#define OBJ_manager		OBJ_pilotAttributeType,10L

-#define LN_documentIdentifier		"documentIdentifier"

-#define NID_documentIdentifier		468

-#define OBJ_documentIdentifier		OBJ_pilotAttributeType,11L

-#define LN_documentTitle		"documentTitle"

-#define NID_documentTitle		469

-#define OBJ_documentTitle		OBJ_pilotAttributeType,12L

-#define LN_documentVersion		"documentVersion"

-#define NID_documentVersion		470

-#define OBJ_documentVersion		OBJ_pilotAttributeType,13L

-#define LN_documentAuthor		"documentAuthor"

-#define NID_documentAuthor		471

-#define OBJ_documentAuthor		OBJ_pilotAttributeType,14L

-#define LN_documentLocation		"documentLocation"

-#define NID_documentLocation		472

-#define OBJ_documentLocation		OBJ_pilotAttributeType,15L

-#define LN_homeTelephoneNumber		"homeTelephoneNumber"

-#define NID_homeTelephoneNumber		473

-#define OBJ_homeTelephoneNumber		OBJ_pilotAttributeType,20L

-#define SN_secretary		"secretary"

-#define NID_secretary		474

-#define OBJ_secretary		OBJ_pilotAttributeType,21L

-#define LN_otherMailbox		"otherMailbox"

-#define NID_otherMailbox		475

-#define OBJ_otherMailbox		OBJ_pilotAttributeType,22L

-#define LN_lastModifiedTime		"lastModifiedTime"

-#define NID_lastModifiedTime		476

-#define OBJ_lastModifiedTime		OBJ_pilotAttributeType,23L

-#define LN_lastModifiedBy		"lastModifiedBy"

-#define NID_lastModifiedBy		477

-#define OBJ_lastModifiedBy		OBJ_pilotAttributeType,24L

-#define SN_domainComponent		"DC"

-#define LN_domainComponent		"domainComponent"

-#define NID_domainComponent		391

-#define OBJ_domainComponent		OBJ_pilotAttributeType,25L

-#define LN_aRecord		"aRecord"

-#define NID_aRecord		478

-#define OBJ_aRecord		OBJ_pilotAttributeType,26L

-#define LN_pilotAttributeType27		"pilotAttributeType27"

-#define NID_pilotAttributeType27		479

-#define OBJ_pilotAttributeType27		OBJ_pilotAttributeType,27L

-#define LN_mXRecord		"mXRecord"

-#define NID_mXRecord		480

-#define OBJ_mXRecord		OBJ_pilotAttributeType,28L

-#define LN_nSRecord		"nSRecord"

-#define NID_nSRecord		481

-#define OBJ_nSRecord		OBJ_pilotAttributeType,29L

-#define LN_sOARecord		"sOARecord"

-#define NID_sOARecord		482

-#define OBJ_sOARecord		OBJ_pilotAttributeType,30L

-#define LN_cNAMERecord		"cNAMERecord"

-#define NID_cNAMERecord		483

-#define OBJ_cNAMERecord		OBJ_pilotAttributeType,31L

-#define LN_associatedDomain		"associatedDomain"

-#define NID_associatedDomain		484

-#define OBJ_associatedDomain		OBJ_pilotAttributeType,37L

-#define LN_associatedName		"associatedName"

-#define NID_associatedName		485

-#define OBJ_associatedName		OBJ_pilotAttributeType,38L

-#define LN_homePostalAddress		"homePostalAddress"

-#define NID_homePostalAddress		486

-#define OBJ_homePostalAddress		OBJ_pilotAttributeType,39L

-#define LN_personalTitle		"personalTitle"

-#define NID_personalTitle		487

-#define OBJ_personalTitle		OBJ_pilotAttributeType,40L

-#define LN_mobileTelephoneNumber		"mobileTelephoneNumber"

-#define NID_mobileTelephoneNumber		488

-#define OBJ_mobileTelephoneNumber		OBJ_pilotAttributeType,41L

-#define LN_pagerTelephoneNumber		"pagerTelephoneNumber"

-#define NID_pagerTelephoneNumber		489

-#define OBJ_pagerTelephoneNumber		OBJ_pilotAttributeType,42L

-#define LN_friendlyCountryName		"friendlyCountryName"

-#define NID_friendlyCountryName		490

-#define OBJ_friendlyCountryName		OBJ_pilotAttributeType,43L

-#define LN_organizationalStatus		"organizationalStatus"

-#define NID_organizationalStatus		491

-#define OBJ_organizationalStatus		OBJ_pilotAttributeType,45L

-#define LN_janetMailbox		"janetMailbox"

-#define NID_janetMailbox		492

-#define OBJ_janetMailbox		OBJ_pilotAttributeType,46L

-#define LN_mailPreferenceOption		"mailPreferenceOption"

-#define NID_mailPreferenceOption		493

-#define OBJ_mailPreferenceOption		OBJ_pilotAttributeType,47L

-#define LN_buildingName		"buildingName"

-#define NID_buildingName		494

-#define OBJ_buildingName		OBJ_pilotAttributeType,48L

-#define LN_dSAQuality		"dSAQuality"

-#define NID_dSAQuality		495

-#define OBJ_dSAQuality		OBJ_pilotAttributeType,49L

-#define LN_singleLevelQuality		"singleLevelQuality"

-#define NID_singleLevelQuality		496

-#define OBJ_singleLevelQuality		OBJ_pilotAttributeType,50L

-#define LN_subtreeMinimumQuality		"subtreeMinimumQuality"

-#define NID_subtreeMinimumQuality		497

-#define OBJ_subtreeMinimumQuality		OBJ_pilotAttributeType,51L

-#define LN_subtreeMaximumQuality		"subtreeMaximumQuality"

-#define NID_subtreeMaximumQuality		498

-#define OBJ_subtreeMaximumQuality		OBJ_pilotAttributeType,52L

-#define LN_personalSignature		"personalSignature"

-#define NID_personalSignature		499

-#define OBJ_personalSignature		OBJ_pilotAttributeType,53L

-#define LN_dITRedirect		"dITRedirect"

-#define NID_dITRedirect		500

-#define OBJ_dITRedirect		OBJ_pilotAttributeType,54L

-#define SN_audio		"audio"

-#define NID_audio		501

-#define OBJ_audio		OBJ_pilotAttributeType,55L

-#define LN_documentPublisher		"documentPublisher"

-#define NID_documentPublisher		502

-#define OBJ_documentPublisher		OBJ_pilotAttributeType,56L

-#define SN_id_set		"id-set"

-#define LN_id_set		"Secure Electronic Transactions"

-#define NID_id_set		512

-#define OBJ_id_set		OBJ_international_organizations,42L

-#define SN_set_ctype		"set-ctype"

-#define LN_set_ctype		"content types"

-#define NID_set_ctype		513

-#define OBJ_set_ctype		OBJ_id_set,0L

-#define SN_set_msgExt		"set-msgExt"

-#define LN_set_msgExt		"message extensions"

-#define NID_set_msgExt		514

-#define OBJ_set_msgExt		OBJ_id_set,1L

-#define SN_set_attr		"set-attr"

-#define NID_set_attr		515

-#define OBJ_set_attr		OBJ_id_set,3L

-#define SN_set_policy		"set-policy"

-#define NID_set_policy		516

-#define OBJ_set_policy		OBJ_id_set,5L

-#define SN_set_certExt		"set-certExt"

-#define LN_set_certExt		"certificate extensions"

-#define NID_set_certExt		517

-#define OBJ_set_certExt		OBJ_id_set,7L

-#define SN_set_brand		"set-brand"

-#define NID_set_brand		518

-#define OBJ_set_brand		OBJ_id_set,8L

-#define SN_setct_PANData		"setct-PANData"

-#define NID_setct_PANData		519

-#define OBJ_setct_PANData		OBJ_set_ctype,0L

-#define SN_setct_PANToken		"setct-PANToken"

-#define NID_setct_PANToken		520

-#define OBJ_setct_PANToken		OBJ_set_ctype,1L

-#define SN_setct_PANOnly		"setct-PANOnly"

-#define NID_setct_PANOnly		521

-#define OBJ_setct_PANOnly		OBJ_set_ctype,2L

-#define SN_setct_OIData		"setct-OIData"

-#define NID_setct_OIData		522

-#define OBJ_setct_OIData		OBJ_set_ctype,3L

-#define SN_setct_PI		"setct-PI"

-#define NID_setct_PI		523

-#define OBJ_setct_PI		OBJ_set_ctype,4L

-#define SN_setct_PIData		"setct-PIData"

-#define NID_setct_PIData		524

-#define OBJ_setct_PIData		OBJ_set_ctype,5L

-#define SN_setct_PIDataUnsigned		"setct-PIDataUnsigned"

-#define NID_setct_PIDataUnsigned		525

-#define OBJ_setct_PIDataUnsigned		OBJ_set_ctype,6L

-#define SN_setct_HODInput		"setct-HODInput"

-#define NID_setct_HODInput		526

-#define OBJ_setct_HODInput		OBJ_set_ctype,7L

-#define SN_setct_AuthResBaggage		"setct-AuthResBaggage"

-#define NID_setct_AuthResBaggage		527

-#define OBJ_setct_AuthResBaggage		OBJ_set_ctype,8L

-#define SN_setct_AuthRevReqBaggage		"setct-AuthRevReqBaggage"

-#define NID_setct_AuthRevReqBaggage		528

-#define OBJ_setct_AuthRevReqBaggage		OBJ_set_ctype,9L

-#define SN_setct_AuthRevResBaggage		"setct-AuthRevResBaggage"

-#define NID_setct_AuthRevResBaggage		529

-#define OBJ_setct_AuthRevResBaggage		OBJ_set_ctype,10L

-#define SN_setct_CapTokenSeq		"setct-CapTokenSeq"

-#define NID_setct_CapTokenSeq		530

-#define OBJ_setct_CapTokenSeq		OBJ_set_ctype,11L

-#define SN_setct_PInitResData		"setct-PInitResData"

-#define NID_setct_PInitResData		531

-#define OBJ_setct_PInitResData		OBJ_set_ctype,12L

-#define SN_setct_PI_TBS		"setct-PI-TBS"

-#define NID_setct_PI_TBS		532

-#define OBJ_setct_PI_TBS		OBJ_set_ctype,13L

-#define SN_setct_PResData		"setct-PResData"

-#define NID_setct_PResData		533

-#define OBJ_setct_PResData		OBJ_set_ctype,14L

-#define SN_setct_AuthReqTBS		"setct-AuthReqTBS"

-#define NID_setct_AuthReqTBS		534

-#define OBJ_setct_AuthReqTBS		OBJ_set_ctype,16L

-#define SN_setct_AuthResTBS		"setct-AuthResTBS"

-#define NID_setct_AuthResTBS		535

-#define OBJ_setct_AuthResTBS		OBJ_set_ctype,17L

-#define SN_setct_AuthResTBSX		"setct-AuthResTBSX"

-#define NID_setct_AuthResTBSX		536

-#define OBJ_setct_AuthResTBSX		OBJ_set_ctype,18L

-#define SN_setct_AuthTokenTBS		"setct-AuthTokenTBS"

-#define NID_setct_AuthTokenTBS		537

-#define OBJ_setct_AuthTokenTBS		OBJ_set_ctype,19L

-#define SN_setct_CapTokenData		"setct-CapTokenData"

-#define NID_setct_CapTokenData		538

-#define OBJ_setct_CapTokenData		OBJ_set_ctype,20L

-#define SN_setct_CapTokenTBS		"setct-CapTokenTBS"

-#define NID_setct_CapTokenTBS		539

-#define OBJ_setct_CapTokenTBS		OBJ_set_ctype,21L

-#define SN_setct_AcqCardCodeMsg		"setct-AcqCardCodeMsg"

-#define NID_setct_AcqCardCodeMsg		540

-#define OBJ_setct_AcqCardCodeMsg		OBJ_set_ctype,22L

-#define SN_setct_AuthRevReqTBS		"setct-AuthRevReqTBS"

-#define NID_setct_AuthRevReqTBS		541

-#define OBJ_setct_AuthRevReqTBS		OBJ_set_ctype,23L

-#define SN_setct_AuthRevResData		"setct-AuthRevResData"

-#define NID_setct_AuthRevResData		542

-#define OBJ_setct_AuthRevResData		OBJ_set_ctype,24L

-#define SN_setct_AuthRevResTBS		"setct-AuthRevResTBS"

-#define NID_setct_AuthRevResTBS		543

-#define OBJ_setct_AuthRevResTBS		OBJ_set_ctype,25L

-#define SN_setct_CapReqTBS		"setct-CapReqTBS"

-#define NID_setct_CapReqTBS		544

-#define OBJ_setct_CapReqTBS		OBJ_set_ctype,26L

-#define SN_setct_CapReqTBSX		"setct-CapReqTBSX"

-#define NID_setct_CapReqTBSX		545

-#define OBJ_setct_CapReqTBSX		OBJ_set_ctype,27L

-#define SN_setct_CapResData		"setct-CapResData"

-#define NID_setct_CapResData		546

-#define OBJ_setct_CapResData		OBJ_set_ctype,28L

-#define SN_setct_CapRevReqTBS		"setct-CapRevReqTBS"

-#define NID_setct_CapRevReqTBS		547

-#define OBJ_setct_CapRevReqTBS		OBJ_set_ctype,29L

-#define SN_setct_CapRevReqTBSX		"setct-CapRevReqTBSX"

-#define NID_setct_CapRevReqTBSX		548

-#define OBJ_setct_CapRevReqTBSX		OBJ_set_ctype,30L

-#define SN_setct_CapRevResData		"setct-CapRevResData"

-#define NID_setct_CapRevResData		549

-#define OBJ_setct_CapRevResData		OBJ_set_ctype,31L

-#define SN_setct_CredReqTBS		"setct-CredReqTBS"

-#define NID_setct_CredReqTBS		550

-#define OBJ_setct_CredReqTBS		OBJ_set_ctype,32L

-#define SN_setct_CredReqTBSX		"setct-CredReqTBSX"

-#define NID_setct_CredReqTBSX		551

-#define OBJ_setct_CredReqTBSX		OBJ_set_ctype,33L

-#define SN_setct_CredResData		"setct-CredResData"

-#define NID_setct_CredResData		552

-#define OBJ_setct_CredResData		OBJ_set_ctype,34L

-#define SN_setct_CredRevReqTBS		"setct-CredRevReqTBS"

-#define NID_setct_CredRevReqTBS		553

-#define OBJ_setct_CredRevReqTBS		OBJ_set_ctype,35L

-#define SN_setct_CredRevReqTBSX		"setct-CredRevReqTBSX"

-#define NID_setct_CredRevReqTBSX		554

-#define OBJ_setct_CredRevReqTBSX		OBJ_set_ctype,36L

-#define SN_setct_CredRevResData		"setct-CredRevResData"

-#define NID_setct_CredRevResData		555

-#define OBJ_setct_CredRevResData		OBJ_set_ctype,37L

-#define SN_setct_PCertReqData		"setct-PCertReqData"

-#define NID_setct_PCertReqData		556

-#define OBJ_setct_PCertReqData		OBJ_set_ctype,38L

-#define SN_setct_PCertResTBS		"setct-PCertResTBS"

-#define NID_setct_PCertResTBS		557

-#define OBJ_setct_PCertResTBS		OBJ_set_ctype,39L

-#define SN_setct_BatchAdminReqData		"setct-BatchAdminReqData"

-#define NID_setct_BatchAdminReqData		558

-#define OBJ_setct_BatchAdminReqData		OBJ_set_ctype,40L

-#define SN_setct_BatchAdminResData		"setct-BatchAdminResData"

-#define NID_setct_BatchAdminResData		559

-#define OBJ_setct_BatchAdminResData		OBJ_set_ctype,41L

-#define SN_setct_CardCInitResTBS		"setct-CardCInitResTBS"

-#define NID_setct_CardCInitResTBS		560

-#define OBJ_setct_CardCInitResTBS		OBJ_set_ctype,42L

-#define SN_setct_MeAqCInitResTBS		"setct-MeAqCInitResTBS"

-#define NID_setct_MeAqCInitResTBS		561

-#define OBJ_setct_MeAqCInitResTBS		OBJ_set_ctype,43L

-#define SN_setct_RegFormResTBS		"setct-RegFormResTBS"

-#define NID_setct_RegFormResTBS		562

-#define OBJ_setct_RegFormResTBS		OBJ_set_ctype,44L

-#define SN_setct_CertReqData		"setct-CertReqData"

-#define NID_setct_CertReqData		563

-#define OBJ_setct_CertReqData		OBJ_set_ctype,45L

-#define SN_setct_CertReqTBS		"setct-CertReqTBS"

-#define NID_setct_CertReqTBS		564

-#define OBJ_setct_CertReqTBS		OBJ_set_ctype,46L

-#define SN_setct_CertResData		"setct-CertResData"

-#define NID_setct_CertResData		565

-#define OBJ_setct_CertResData		OBJ_set_ctype,47L

-#define SN_setct_CertInqReqTBS		"setct-CertInqReqTBS"

-#define NID_setct_CertInqReqTBS		566

-#define OBJ_setct_CertInqReqTBS		OBJ_set_ctype,48L

-#define SN_setct_ErrorTBS		"setct-ErrorTBS"

-#define NID_setct_ErrorTBS		567

-#define OBJ_setct_ErrorTBS		OBJ_set_ctype,49L

-#define SN_setct_PIDualSignedTBE		"setct-PIDualSignedTBE"

-#define NID_setct_PIDualSignedTBE		568

-#define OBJ_setct_PIDualSignedTBE		OBJ_set_ctype,50L

-#define SN_setct_PIUnsignedTBE		"setct-PIUnsignedTBE"

-#define NID_setct_PIUnsignedTBE		569

-#define OBJ_setct_PIUnsignedTBE		OBJ_set_ctype,51L

-#define SN_setct_AuthReqTBE		"setct-AuthReqTBE"

-#define NID_setct_AuthReqTBE		570

-#define OBJ_setct_AuthReqTBE		OBJ_set_ctype,52L

-#define SN_setct_AuthResTBE		"setct-AuthResTBE"

-#define NID_setct_AuthResTBE		571

-#define OBJ_setct_AuthResTBE		OBJ_set_ctype,53L

-#define SN_setct_AuthResTBEX		"setct-AuthResTBEX"

-#define NID_setct_AuthResTBEX		572

-#define OBJ_setct_AuthResTBEX		OBJ_set_ctype,54L

-#define SN_setct_AuthTokenTBE		"setct-AuthTokenTBE"

-#define NID_setct_AuthTokenTBE		573

-#define OBJ_setct_AuthTokenTBE		OBJ_set_ctype,55L

-#define SN_setct_CapTokenTBE		"setct-CapTokenTBE"

-#define NID_setct_CapTokenTBE		574

-#define OBJ_setct_CapTokenTBE		OBJ_set_ctype,56L

-#define SN_setct_CapTokenTBEX		"setct-CapTokenTBEX"

-#define NID_setct_CapTokenTBEX		575

-#define OBJ_setct_CapTokenTBEX		OBJ_set_ctype,57L

-#define SN_setct_AcqCardCodeMsgTBE		"setct-AcqCardCodeMsgTBE"

-#define NID_setct_AcqCardCodeMsgTBE		576

-#define OBJ_setct_AcqCardCodeMsgTBE		OBJ_set_ctype,58L

-#define SN_setct_AuthRevReqTBE		"setct-AuthRevReqTBE"

-#define NID_setct_AuthRevReqTBE		577

-#define OBJ_setct_AuthRevReqTBE		OBJ_set_ctype,59L

-#define SN_setct_AuthRevResTBE		"setct-AuthRevResTBE"

-#define NID_setct_AuthRevResTBE		578

-#define OBJ_setct_AuthRevResTBE		OBJ_set_ctype,60L

-#define SN_setct_AuthRevResTBEB		"setct-AuthRevResTBEB"

-#define NID_setct_AuthRevResTBEB		579

-#define OBJ_setct_AuthRevResTBEB		OBJ_set_ctype,61L

-#define SN_setct_CapReqTBE		"setct-CapReqTBE"

-#define NID_setct_CapReqTBE		580

-#define OBJ_setct_CapReqTBE		OBJ_set_ctype,62L

-#define SN_setct_CapReqTBEX		"setct-CapReqTBEX"

-#define NID_setct_CapReqTBEX		581

-#define OBJ_setct_CapReqTBEX		OBJ_set_ctype,63L

-#define SN_setct_CapResTBE		"setct-CapResTBE"

-#define NID_setct_CapResTBE		582

-#define OBJ_setct_CapResTBE		OBJ_set_ctype,64L

-#define SN_setct_CapRevReqTBE		"setct-CapRevReqTBE"

-#define NID_setct_CapRevReqTBE		583

-#define OBJ_setct_CapRevReqTBE		OBJ_set_ctype,65L

-#define SN_setct_CapRevReqTBEX		"setct-CapRevReqTBEX"

-#define NID_setct_CapRevReqTBEX		584

-#define OBJ_setct_CapRevReqTBEX		OBJ_set_ctype,66L

-#define SN_setct_CapRevResTBE		"setct-CapRevResTBE"

-#define NID_setct_CapRevResTBE		585

-#define OBJ_setct_CapRevResTBE		OBJ_set_ctype,67L

-#define SN_setct_CredReqTBE		"setct-CredReqTBE"

-#define NID_setct_CredReqTBE		586

-#define OBJ_setct_CredReqTBE		OBJ_set_ctype,68L

-#define SN_setct_CredReqTBEX		"setct-CredReqTBEX"

-#define NID_setct_CredReqTBEX		587

-#define OBJ_setct_CredReqTBEX		OBJ_set_ctype,69L

-#define SN_setct_CredResTBE		"setct-CredResTBE"

-#define NID_setct_CredResTBE		588

-#define OBJ_setct_CredResTBE		OBJ_set_ctype,70L

-#define SN_setct_CredRevReqTBE		"setct-CredRevReqTBE"

-#define NID_setct_CredRevReqTBE		589

-#define OBJ_setct_CredRevReqTBE		OBJ_set_ctype,71L

-#define SN_setct_CredRevReqTBEX		"setct-CredRevReqTBEX"

-#define NID_setct_CredRevReqTBEX		590

-#define OBJ_setct_CredRevReqTBEX		OBJ_set_ctype,72L

-#define SN_setct_CredRevResTBE		"setct-CredRevResTBE"

-#define NID_setct_CredRevResTBE		591

-#define OBJ_setct_CredRevResTBE		OBJ_set_ctype,73L

-#define SN_setct_BatchAdminReqTBE		"setct-BatchAdminReqTBE"

-#define NID_setct_BatchAdminReqTBE		592

-#define OBJ_setct_BatchAdminReqTBE		OBJ_set_ctype,74L

-#define SN_setct_BatchAdminResTBE		"setct-BatchAdminResTBE"

-#define NID_setct_BatchAdminResTBE		593

-#define OBJ_setct_BatchAdminResTBE		OBJ_set_ctype,75L

-#define SN_setct_RegFormReqTBE		"setct-RegFormReqTBE"

-#define NID_setct_RegFormReqTBE		594

-#define OBJ_setct_RegFormReqTBE		OBJ_set_ctype,76L

-#define SN_setct_CertReqTBE		"setct-CertReqTBE"

-#define NID_setct_CertReqTBE		595

-#define OBJ_setct_CertReqTBE		OBJ_set_ctype,77L

-#define SN_setct_CertReqTBEX		"setct-CertReqTBEX"

-#define NID_setct_CertReqTBEX		596

-#define OBJ_setct_CertReqTBEX		OBJ_set_ctype,78L

-#define SN_setct_CertResTBE		"setct-CertResTBE"

-#define NID_setct_CertResTBE		597

-#define OBJ_setct_CertResTBE		OBJ_set_ctype,79L

-#define SN_setct_CRLNotificationTBS		"setct-CRLNotificationTBS"

-#define NID_setct_CRLNotificationTBS		598

-#define OBJ_setct_CRLNotificationTBS		OBJ_set_ctype,80L

-#define SN_setct_CRLNotificationResTBS		"setct-CRLNotificationResTBS"

-#define NID_setct_CRLNotificationResTBS		599

-#define OBJ_setct_CRLNotificationResTBS		OBJ_set_ctype,81L

-#define SN_setct_BCIDistributionTBS		"setct-BCIDistributionTBS"

-#define NID_setct_BCIDistributionTBS		600

-#define OBJ_setct_BCIDistributionTBS		OBJ_set_ctype,82L

-#define SN_setext_genCrypt		"setext-genCrypt"

-#define LN_setext_genCrypt		"generic cryptogram"

-#define NID_setext_genCrypt		601

-#define OBJ_setext_genCrypt		OBJ_set_msgExt,1L

-#define SN_setext_miAuth		"setext-miAuth"

-#define LN_setext_miAuth		"merchant initiated auth"

-#define NID_setext_miAuth		602

-#define OBJ_setext_miAuth		OBJ_set_msgExt,3L

-#define SN_setext_pinSecure		"setext-pinSecure"

-#define NID_setext_pinSecure		603

-#define OBJ_setext_pinSecure		OBJ_set_msgExt,4L

-#define SN_setext_pinAny		"setext-pinAny"

-#define NID_setext_pinAny		604

-#define OBJ_setext_pinAny		OBJ_set_msgExt,5L

-#define SN_setext_track2		"setext-track2"

-#define NID_setext_track2		605

-#define OBJ_setext_track2		OBJ_set_msgExt,7L

-#define SN_setext_cv		"setext-cv"

-#define LN_setext_cv		"additional verification"

-#define NID_setext_cv		606

-#define OBJ_setext_cv		OBJ_set_msgExt,8L

-#define SN_set_policy_root		"set-policy-root"

-#define NID_set_policy_root		607

-#define OBJ_set_policy_root		OBJ_set_policy,0L

-#define SN_setCext_hashedRoot		"setCext-hashedRoot"

-#define NID_setCext_hashedRoot		608

-#define OBJ_setCext_hashedRoot		OBJ_set_certExt,0L

-#define SN_setCext_certType		"setCext-certType"

-#define NID_setCext_certType		609

-#define OBJ_setCext_certType		OBJ_set_certExt,1L

-#define SN_setCext_merchData		"setCext-merchData"

-#define NID_setCext_merchData		610

-#define OBJ_setCext_merchData		OBJ_set_certExt,2L

-#define SN_setCext_cCertRequired		"setCext-cCertRequired"

-#define NID_setCext_cCertRequired		611

-#define OBJ_setCext_cCertRequired		OBJ_set_certExt,3L

-#define SN_setCext_tunneling		"setCext-tunneling"

-#define NID_setCext_tunneling		612

-#define OBJ_setCext_tunneling		OBJ_set_certExt,4L

-#define SN_setCext_setExt		"setCext-setExt"

-#define NID_setCext_setExt		613

-#define OBJ_setCext_setExt		OBJ_set_certExt,5L

-#define SN_setCext_setQualf		"setCext-setQualf"

-#define NID_setCext_setQualf		614

-#define OBJ_setCext_setQualf		OBJ_set_certExt,6L

-#define SN_setCext_PGWYcapabilities		"setCext-PGWYcapabilities"

-#define NID_setCext_PGWYcapabilities		615

-#define OBJ_setCext_PGWYcapabilities		OBJ_set_certExt,7L

-#define SN_setCext_TokenIdentifier		"setCext-TokenIdentifier"

-#define NID_setCext_TokenIdentifier		616

-#define OBJ_setCext_TokenIdentifier		OBJ_set_certExt,8L

-#define SN_setCext_Track2Data		"setCext-Track2Data"

-#define NID_setCext_Track2Data		617

-#define OBJ_setCext_Track2Data		OBJ_set_certExt,9L

-#define SN_setCext_TokenType		"setCext-TokenType"

-#define NID_setCext_TokenType		618

-#define OBJ_setCext_TokenType		OBJ_set_certExt,10L

-#define SN_setCext_IssuerCapabilities		"setCext-IssuerCapabilities"

-#define NID_setCext_IssuerCapabilities		619

-#define OBJ_setCext_IssuerCapabilities		OBJ_set_certExt,11L

-#define SN_setAttr_Cert		"setAttr-Cert"

-#define NID_setAttr_Cert		620

-#define OBJ_setAttr_Cert		OBJ_set_attr,0L

-#define SN_setAttr_PGWYcap		"setAttr-PGWYcap"

-#define LN_setAttr_PGWYcap		"payment gateway capabilities"

-#define NID_setAttr_PGWYcap		621

-#define OBJ_setAttr_PGWYcap		OBJ_set_attr,1L

-#define SN_setAttr_TokenType		"setAttr-TokenType"

-#define NID_setAttr_TokenType		622

-#define OBJ_setAttr_TokenType		OBJ_set_attr,2L

-#define SN_setAttr_IssCap		"setAttr-IssCap"

-#define LN_setAttr_IssCap		"issuer capabilities"

-#define NID_setAttr_IssCap		623

-#define OBJ_setAttr_IssCap		OBJ_set_attr,3L

-#define SN_set_rootKeyThumb		"set-rootKeyThumb"

-#define NID_set_rootKeyThumb		624

-#define OBJ_set_rootKeyThumb		OBJ_setAttr_Cert,0L

-#define SN_set_addPolicy		"set-addPolicy"

-#define NID_set_addPolicy		625

-#define OBJ_set_addPolicy		OBJ_setAttr_Cert,1L

-#define SN_setAttr_Token_EMV		"setAttr-Token-EMV"

-#define NID_setAttr_Token_EMV		626

-#define OBJ_setAttr_Token_EMV		OBJ_setAttr_TokenType,1L

-#define SN_setAttr_Token_B0Prime		"setAttr-Token-B0Prime"

-#define NID_setAttr_Token_B0Prime		627

-#define OBJ_setAttr_Token_B0Prime		OBJ_setAttr_TokenType,2L

-#define SN_setAttr_IssCap_CVM		"setAttr-IssCap-CVM"

-#define NID_setAttr_IssCap_CVM		628

-#define OBJ_setAttr_IssCap_CVM		OBJ_setAttr_IssCap,3L

-#define SN_setAttr_IssCap_T2		"setAttr-IssCap-T2"

-#define NID_setAttr_IssCap_T2		629

-#define OBJ_setAttr_IssCap_T2		OBJ_setAttr_IssCap,4L

-#define SN_setAttr_IssCap_Sig		"setAttr-IssCap-Sig"

-#define NID_setAttr_IssCap_Sig		630

-#define OBJ_setAttr_IssCap_Sig		OBJ_setAttr_IssCap,5L

-#define SN_setAttr_GenCryptgrm		"setAttr-GenCryptgrm"

-#define LN_setAttr_GenCryptgrm		"generate cryptogram"

-#define NID_setAttr_GenCryptgrm		631

-#define OBJ_setAttr_GenCryptgrm		OBJ_setAttr_IssCap_CVM,1L

-#define SN_setAttr_T2Enc		"setAttr-T2Enc"

-#define LN_setAttr_T2Enc		"encrypted track 2"

-#define NID_setAttr_T2Enc		632

-#define OBJ_setAttr_T2Enc		OBJ_setAttr_IssCap_T2,1L

-#define SN_setAttr_T2cleartxt		"setAttr-T2cleartxt"

-#define LN_setAttr_T2cleartxt		"cleartext track 2"

-#define NID_setAttr_T2cleartxt		633

-#define OBJ_setAttr_T2cleartxt		OBJ_setAttr_IssCap_T2,2L

-#define SN_setAttr_TokICCsig		"setAttr-TokICCsig"

-#define LN_setAttr_TokICCsig		"ICC or token signature"

-#define NID_setAttr_TokICCsig		634

-#define OBJ_setAttr_TokICCsig		OBJ_setAttr_IssCap_Sig,1L

-#define SN_setAttr_SecDevSig		"setAttr-SecDevSig"

-#define LN_setAttr_SecDevSig		"secure device signature"

-#define NID_setAttr_SecDevSig		635

-#define OBJ_setAttr_SecDevSig		OBJ_setAttr_IssCap_Sig,2L

-#define SN_set_brand_IATA_ATA		"set-brand-IATA-ATA"

-#define NID_set_brand_IATA_ATA		636

-#define OBJ_set_brand_IATA_ATA		OBJ_set_brand,1L

-#define SN_set_brand_Diners		"set-brand-Diners"

-#define NID_set_brand_Diners		637

-#define OBJ_set_brand_Diners		OBJ_set_brand,30L

-#define SN_set_brand_AmericanExpress		"set-brand-AmericanExpress"

-#define NID_set_brand_AmericanExpress		638

-#define OBJ_set_brand_AmericanExpress		OBJ_set_brand,34L

-#define SN_set_brand_JCB		"set-brand-JCB"

-#define NID_set_brand_JCB		639

-#define OBJ_set_brand_JCB		OBJ_set_brand,35L

-#define SN_set_brand_Visa		"set-brand-Visa"

-#define NID_set_brand_Visa		640

-#define OBJ_set_brand_Visa		OBJ_set_brand,4L

-#define SN_set_brand_MasterCard		"set-brand-MasterCard"

-#define NID_set_brand_MasterCard		641

-#define OBJ_set_brand_MasterCard		OBJ_set_brand,5L

-#define SN_set_brand_Novus		"set-brand-Novus"

-#define NID_set_brand_Novus		642

-#define OBJ_set_brand_Novus		OBJ_set_brand,6011L

-#define SN_des_cdmf		"DES-CDMF"

-#define LN_des_cdmf		"des-cdmf"

-#define NID_des_cdmf		643

-#define OBJ_des_cdmf		OBJ_rsadsi,3L,10L

-#define SN_rsaOAEPEncryptionSET		"rsaOAEPEncryptionSET"

-#define NID_rsaOAEPEncryptionSET		644

-#define OBJ_rsaOAEPEncryptionSET		OBJ_rsadsi,1L,1L,6L

-#define SN_ipsec3		"Oakley-EC2N-3"

-#define LN_ipsec3		"ipsec3"

-#define NID_ipsec3		749

-#define SN_ipsec4		"Oakley-EC2N-4"

-#define LN_ipsec4		"ipsec4"

-#define NID_ipsec4		750

-#define SN_camellia_128_cbc		"CAMELLIA-128-CBC"

-#define LN_camellia_128_cbc		"camellia-128-cbc"

-#define NID_camellia_128_cbc		751

-#define OBJ_camellia_128_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,2L

-#define SN_camellia_192_cbc		"CAMELLIA-192-CBC"

-#define LN_camellia_192_cbc		"camellia-192-cbc"

-#define NID_camellia_192_cbc		752

-#define OBJ_camellia_192_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,3L

-#define SN_camellia_256_cbc		"CAMELLIA-256-CBC"

-#define LN_camellia_256_cbc		"camellia-256-cbc"

-#define NID_camellia_256_cbc		753

-#define OBJ_camellia_256_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,4L

-#define OBJ_ntt_ds		0L,3L,4401L,5L

-#define OBJ_camellia		OBJ_ntt_ds,3L,1L,9L

-#define SN_camellia_128_ecb		"CAMELLIA-128-ECB"

-#define LN_camellia_128_ecb		"camellia-128-ecb"

-#define NID_camellia_128_ecb		754

-#define OBJ_camellia_128_ecb		OBJ_camellia,1L

-#define SN_camellia_128_ofb128		"CAMELLIA-128-OFB"

-#define LN_camellia_128_ofb128		"camellia-128-ofb"

-#define NID_camellia_128_ofb128		766

-#define OBJ_camellia_128_ofb128		OBJ_camellia,3L

-#define SN_camellia_128_cfb128		"CAMELLIA-128-CFB"

-#define LN_camellia_128_cfb128		"camellia-128-cfb"

-#define NID_camellia_128_cfb128		757

-#define OBJ_camellia_128_cfb128		OBJ_camellia,4L

-#define SN_camellia_192_ecb		"CAMELLIA-192-ECB"

-#define LN_camellia_192_ecb		"camellia-192-ecb"

-#define NID_camellia_192_ecb		755

-#define OBJ_camellia_192_ecb		OBJ_camellia,21L

-#define SN_camellia_192_ofb128		"CAMELLIA-192-OFB"

-#define LN_camellia_192_ofb128		"camellia-192-ofb"

-#define NID_camellia_192_ofb128		767

-#define OBJ_camellia_192_ofb128		OBJ_camellia,23L

-#define SN_camellia_192_cfb128		"CAMELLIA-192-CFB"

-#define LN_camellia_192_cfb128		"camellia-192-cfb"

-#define NID_camellia_192_cfb128		758

-#define OBJ_camellia_192_cfb128		OBJ_camellia,24L

-#define SN_camellia_256_ecb		"CAMELLIA-256-ECB"

-#define LN_camellia_256_ecb		"camellia-256-ecb"

-#define NID_camellia_256_ecb		756

-#define OBJ_camellia_256_ecb		OBJ_camellia,41L

-#define SN_camellia_256_ofb128		"CAMELLIA-256-OFB"

-#define LN_camellia_256_ofb128		"camellia-256-ofb"

-#define NID_camellia_256_ofb128		768

-#define OBJ_camellia_256_ofb128		OBJ_camellia,43L

-#define SN_camellia_256_cfb128		"CAMELLIA-256-CFB"

-#define LN_camellia_256_cfb128		"camellia-256-cfb"

-#define NID_camellia_256_cfb128		759

-#define OBJ_camellia_256_cfb128		OBJ_camellia,44L

-#define SN_camellia_128_cfb1		"CAMELLIA-128-CFB1"

-#define LN_camellia_128_cfb1		"camellia-128-cfb1"

-#define NID_camellia_128_cfb1		760

-#define SN_camellia_192_cfb1		"CAMELLIA-192-CFB1"

-#define LN_camellia_192_cfb1		"camellia-192-cfb1"

-#define NID_camellia_192_cfb1		761

-#define SN_camellia_256_cfb1		"CAMELLIA-256-CFB1"

-#define LN_camellia_256_cfb1		"camellia-256-cfb1"

-#define NID_camellia_256_cfb1		762

-#define SN_camellia_128_cfb8		"CAMELLIA-128-CFB8"

-#define LN_camellia_128_cfb8		"camellia-128-cfb8"

-#define NID_camellia_128_cfb8		763

-#define SN_camellia_192_cfb8		"CAMELLIA-192-CFB8"

-#define LN_camellia_192_cfb8		"camellia-192-cfb8"

-#define NID_camellia_192_cfb8		764

-#define SN_camellia_256_cfb8		"CAMELLIA-256-CFB8"

-#define LN_camellia_256_cfb8		"camellia-256-cfb8"

-#define NID_camellia_256_cfb8		765

-#define SN_kisa		"KISA"

-#define LN_kisa		"kisa"

-#define NID_kisa		773

-#define OBJ_kisa		OBJ_member_body,410L,200004L

-#define SN_seed_ecb		"SEED-ECB"

-#define LN_seed_ecb		"seed-ecb"

-#define NID_seed_ecb		776

-#define OBJ_seed_ecb		OBJ_kisa,1L,3L

-#define SN_seed_cbc		"SEED-CBC"

-#define LN_seed_cbc		"seed-cbc"

-#define NID_seed_cbc		777

-#define OBJ_seed_cbc		OBJ_kisa,1L,4L

-#define SN_seed_cfb128		"SEED-CFB"

-#define LN_seed_cfb128		"seed-cfb"

-#define NID_seed_cfb128		779

-#define OBJ_seed_cfb128		OBJ_kisa,1L,5L

-#define SN_seed_ofb128		"SEED-OFB"

-#define LN_seed_ofb128		"seed-ofb"

-#define NID_seed_ofb128		778

-#define OBJ_seed_ofb128		OBJ_kisa,1L,6L

--- a/sys/src/ape/lib/openssl/crypto/objects/obj_mac.num

+++ /dev/null

@@ -1,779 +1,0 @@

-undef		0

-rsadsi		1

-pkcs		2

-md2		3

-md5		4

-rc4		5

-rsaEncryption		6

-md2WithRSAEncryption		7

-md5WithRSAEncryption		8

-pbeWithMD2AndDES_CBC		9

-pbeWithMD5AndDES_CBC		10

-X500		11

-X509		12

-commonName		13

-countryName		14

-localityName		15

-stateOrProvinceName		16

-organizationName		17

-organizationalUnitName		18

-rsa		19

-pkcs7		20

-pkcs7_data		21

-pkcs7_signed		22

-pkcs7_enveloped		23

-pkcs7_signedAndEnveloped		24

-pkcs7_digest		25

-pkcs7_encrypted		26

-pkcs3		27

-dhKeyAgreement		28

-des_ecb		29

-des_cfb64		30

-des_cbc		31

-des_ede_ecb		32

-des_ede3_ecb		33

-idea_cbc		34

-idea_cfb64		35

-idea_ecb		36

-rc2_cbc		37

-rc2_ecb		38

-rc2_cfb64		39

-rc2_ofb64		40

-sha		41

-shaWithRSAEncryption		42

-des_ede_cbc		43

-des_ede3_cbc		44

-des_ofb64		45

-idea_ofb64		46

-pkcs9		47

-pkcs9_emailAddress		48

-pkcs9_unstructuredName		49

-pkcs9_contentType		50

-pkcs9_messageDigest		51

-pkcs9_signingTime		52

-pkcs9_countersignature		53

-pkcs9_challengePassword		54

-pkcs9_unstructuredAddress		55

-pkcs9_extCertAttributes		56

-netscape		57

-netscape_cert_extension		58

-netscape_data_type		59

-des_ede_cfb64		60

-des_ede3_cfb64		61

-des_ede_ofb64		62

-des_ede3_ofb64		63

-sha1		64

-sha1WithRSAEncryption		65

-dsaWithSHA		66

-dsa_2		67

-pbeWithSHA1AndRC2_CBC		68

-id_pbkdf2		69

-dsaWithSHA1_2		70

-netscape_cert_type		71

-netscape_base_url		72

-netscape_revocation_url		73

-netscape_ca_revocation_url		74

-netscape_renewal_url		75

-netscape_ca_policy_url		76

-netscape_ssl_server_name		77

-netscape_comment		78

-netscape_cert_sequence		79

-desx_cbc		80

-id_ce		81

-subject_key_identifier		82

-key_usage		83

-private_key_usage_period		84

-subject_alt_name		85

-issuer_alt_name		86

-basic_constraints		87

-crl_number		88

-certificate_policies		89

-authority_key_identifier		90

-bf_cbc		91

-bf_ecb		92

-bf_cfb64		93

-bf_ofb64		94

-mdc2		95

-mdc2WithRSA		96

-rc4_40		97

-rc2_40_cbc		98

-givenName		99

-surname		100

-initials		101

-uniqueIdentifier		102

-crl_distribution_points		103

-md5WithRSA		104

-serialNumber		105

-title		106

-description		107

-cast5_cbc		108

-cast5_ecb		109

-cast5_cfb64		110

-cast5_ofb64		111

-pbeWithMD5AndCast5_CBC		112

-dsaWithSHA1		113

-md5_sha1		114

-sha1WithRSA		115

-dsa		116

-ripemd160		117

-ripemd160WithRSA		119

-rc5_cbc		120

-rc5_ecb		121

-rc5_cfb64		122

-rc5_ofb64		123

-rle_compression		124

-zlib_compression		125

-ext_key_usage		126

-id_pkix		127

-id_kp		128

-server_auth		129

-client_auth		130

-code_sign		131

-email_protect		132

-time_stamp		133

-ms_code_ind		134

-ms_code_com		135

-ms_ctl_sign		136

-ms_sgc		137

-ms_efs		138

-ns_sgc		139

-delta_crl		140

-crl_reason		141

-invalidity_date		142

-sxnet		143

-pbe_WithSHA1And128BitRC4		144

-pbe_WithSHA1And40BitRC4		145

-pbe_WithSHA1And3_Key_TripleDES_CBC		146

-pbe_WithSHA1And2_Key_TripleDES_CBC		147

-pbe_WithSHA1And128BitRC2_CBC		148

-pbe_WithSHA1And40BitRC2_CBC		149

-keyBag		150

-pkcs8ShroudedKeyBag		151

-certBag		152

-crlBag		153

-secretBag		154

-safeContentsBag		155

-friendlyName		156

-localKeyID		157

-x509Certificate		158

-sdsiCertificate		159

-x509Crl		160

-pbes2		161

-pbmac1		162

-hmacWithSHA1		163

-id_qt_cps		164

-id_qt_unotice		165

-rc2_64_cbc		166

-SMIMECapabilities		167

-pbeWithMD2AndRC2_CBC		168

-pbeWithMD5AndRC2_CBC		169

-pbeWithSHA1AndDES_CBC		170

-ms_ext_req		171

-ext_req		172

-name		173

-dnQualifier		174

-id_pe		175

-id_ad		176

-info_access		177

-ad_OCSP		178

-ad_ca_issuers		179

-OCSP_sign		180

-iso		181

-member_body		182

-ISO_US		183

-X9_57		184

-X9cm		185

-pkcs1		186

-pkcs5		187

-SMIME		188

-id_smime_mod		189

-id_smime_ct		190

-id_smime_aa		191

-id_smime_alg		192

-id_smime_cd		193

-id_smime_spq		194

-id_smime_cti		195

-id_smime_mod_cms		196

-id_smime_mod_ess		197

-id_smime_mod_oid		198

-id_smime_mod_msg_v3		199

-id_smime_mod_ets_eSignature_88		200

-id_smime_mod_ets_eSignature_97		201

-id_smime_mod_ets_eSigPolicy_88		202

-id_smime_mod_ets_eSigPolicy_97		203

-id_smime_ct_receipt		204

-id_smime_ct_authData		205

-id_smime_ct_publishCert		206

-id_smime_ct_TSTInfo		207

-id_smime_ct_TDTInfo		208

-id_smime_ct_contentInfo		209

-id_smime_ct_DVCSRequestData		210

-id_smime_ct_DVCSResponseData		211

-id_smime_aa_receiptRequest		212

-id_smime_aa_securityLabel		213

-id_smime_aa_mlExpandHistory		214

-id_smime_aa_contentHint		215

-id_smime_aa_msgSigDigest		216

-id_smime_aa_encapContentType		217

-id_smime_aa_contentIdentifier		218

-id_smime_aa_macValue		219

-id_smime_aa_equivalentLabels		220

-id_smime_aa_contentReference		221

-id_smime_aa_encrypKeyPref		222

-id_smime_aa_signingCertificate		223

-id_smime_aa_smimeEncryptCerts		224

-id_smime_aa_timeStampToken		225

-id_smime_aa_ets_sigPolicyId		226

-id_smime_aa_ets_commitmentType		227

-id_smime_aa_ets_signerLocation		228

-id_smime_aa_ets_signerAttr		229

-id_smime_aa_ets_otherSigCert		230

-id_smime_aa_ets_contentTimestamp		231

-id_smime_aa_ets_CertificateRefs		232

-id_smime_aa_ets_RevocationRefs		233

-id_smime_aa_ets_certValues		234

-id_smime_aa_ets_revocationValues		235

-id_smime_aa_ets_escTimeStamp		236

-id_smime_aa_ets_certCRLTimestamp		237

-id_smime_aa_ets_archiveTimeStamp		238

-id_smime_aa_signatureType		239

-id_smime_aa_dvcs_dvc		240

-id_smime_alg_ESDHwith3DES		241

-id_smime_alg_ESDHwithRC2		242

-id_smime_alg_3DESwrap		243

-id_smime_alg_RC2wrap		244

-id_smime_alg_ESDH		245

-id_smime_alg_CMS3DESwrap		246

-id_smime_alg_CMSRC2wrap		247

-id_smime_cd_ldap		248

-id_smime_spq_ets_sqt_uri		249

-id_smime_spq_ets_sqt_unotice		250

-id_smime_cti_ets_proofOfOrigin		251

-id_smime_cti_ets_proofOfReceipt		252

-id_smime_cti_ets_proofOfDelivery		253

-id_smime_cti_ets_proofOfSender		254

-id_smime_cti_ets_proofOfApproval		255

-id_smime_cti_ets_proofOfCreation		256

-md4		257

-id_pkix_mod		258

-id_qt		259

-id_it		260

-id_pkip		261

-id_alg		262

-id_cmc		263

-id_on		264

-id_pda		265

-id_aca		266

-id_qcs		267

-id_cct		268

-id_pkix1_explicit_88		269

-id_pkix1_implicit_88		270

-id_pkix1_explicit_93		271

-id_pkix1_implicit_93		272

-id_mod_crmf		273

-id_mod_cmc		274

-id_mod_kea_profile_88		275

-id_mod_kea_profile_93		276

-id_mod_cmp		277

-id_mod_qualified_cert_88		278

-id_mod_qualified_cert_93		279

-id_mod_attribute_cert		280

-id_mod_timestamp_protocol		281

-id_mod_ocsp		282

-id_mod_dvcs		283

-id_mod_cmp2000		284

-biometricInfo		285

-qcStatements		286

-ac_auditEntity		287

-ac_targeting		288

-aaControls		289

-sbgp_ipAddrBlock		290

-sbgp_autonomousSysNum		291

-sbgp_routerIdentifier		292

-textNotice		293

-ipsecEndSystem		294

-ipsecTunnel		295

-ipsecUser		296

-dvcs		297

-id_it_caProtEncCert		298

-id_it_signKeyPairTypes		299

-id_it_encKeyPairTypes		300

-id_it_preferredSymmAlg		301

-id_it_caKeyUpdateInfo		302

-id_it_currentCRL		303

-id_it_unsupportedOIDs		304

-id_it_subscriptionRequest		305

-id_it_subscriptionResponse		306

-id_it_keyPairParamReq		307

-id_it_keyPairParamRep		308

-id_it_revPassphrase		309

-id_it_implicitConfirm		310

-id_it_confirmWaitTime		311

-id_it_origPKIMessage		312

-id_regCtrl		313

-id_regInfo		314

-id_regCtrl_regToken		315

-id_regCtrl_authenticator		316

-id_regCtrl_pkiPublicationInfo		317

-id_regCtrl_pkiArchiveOptions		318

-id_regCtrl_oldCertID		319

-id_regCtrl_protocolEncrKey		320

-id_regInfo_utf8Pairs		321

-id_regInfo_certReq		322

-id_alg_des40		323

-id_alg_noSignature		324

-id_alg_dh_sig_hmac_sha1		325

-id_alg_dh_pop		326

-id_cmc_statusInfo		327

-id_cmc_identification		328

-id_cmc_identityProof		329

-id_cmc_dataReturn		330

-id_cmc_transactionId		331

-id_cmc_senderNonce		332

-id_cmc_recipientNonce		333

-id_cmc_addExtensions		334

-id_cmc_encryptedPOP		335

-id_cmc_decryptedPOP		336

-id_cmc_lraPOPWitness		337

-id_cmc_getCert		338

-id_cmc_getCRL		339

-id_cmc_revokeRequest		340

-id_cmc_regInfo		341

-id_cmc_responseInfo		342

-id_cmc_queryPending		343

-id_cmc_popLinkRandom		344

-id_cmc_popLinkWitness		345

-id_cmc_confirmCertAcceptance		346

-id_on_personalData		347

-id_pda_dateOfBirth		348

-id_pda_placeOfBirth		349

-id_pda_pseudonym		350

-id_pda_gender		351

-id_pda_countryOfCitizenship		352

-id_pda_countryOfResidence		353

-id_aca_authenticationInfo		354

-id_aca_accessIdentity		355

-id_aca_chargingIdentity		356

-id_aca_group		357

-id_aca_role		358

-id_qcs_pkixQCSyntax_v1		359

-id_cct_crs		360

-id_cct_PKIData		361

-id_cct_PKIResponse		362

-ad_timeStamping		363

-ad_dvcs		364

-id_pkix_OCSP_basic		365

-id_pkix_OCSP_Nonce		366

-id_pkix_OCSP_CrlID		367

-id_pkix_OCSP_acceptableResponses		368

-id_pkix_OCSP_noCheck		369

-id_pkix_OCSP_archiveCutoff		370

-id_pkix_OCSP_serviceLocator		371

-id_pkix_OCSP_extendedStatus		372

-id_pkix_OCSP_valid		373

-id_pkix_OCSP_path		374

-id_pkix_OCSP_trustRoot		375

-algorithm		376

-rsaSignature		377

-X500algorithms		378

-org		379

-dod		380

-iana		381

-Directory		382

-Management		383

-Experimental		384

-Private		385

-Security		386

-SNMPv2		387

-Mail		388

-Enterprises		389

-dcObject		390

-domainComponent		391

-Domain		392

-joint_iso_ccitt		393

-selected_attribute_types		394

-clearance		395

-md4WithRSAEncryption		396

-ac_proxying		397

-sinfo_access		398

-id_aca_encAttrs		399

-role		400

-policy_constraints		401

-target_information		402

-no_rev_avail		403

-ccitt		404

-ansi_X9_62		405

-X9_62_prime_field		406

-X9_62_characteristic_two_field		407

-X9_62_id_ecPublicKey		408

-X9_62_prime192v1		409

-X9_62_prime192v2		410

-X9_62_prime192v3		411

-X9_62_prime239v1		412

-X9_62_prime239v2		413

-X9_62_prime239v3		414

-X9_62_prime256v1		415

-ecdsa_with_SHA1		416

-ms_csp_name		417

-aes_128_ecb		418

-aes_128_cbc		419

-aes_128_ofb128		420

-aes_128_cfb128		421

-aes_192_ecb		422

-aes_192_cbc		423

-aes_192_ofb128		424

-aes_192_cfb128		425

-aes_256_ecb		426

-aes_256_cbc		427

-aes_256_ofb128		428

-aes_256_cfb128		429

-hold_instruction_code		430

-hold_instruction_none		431

-hold_instruction_call_issuer		432

-hold_instruction_reject		433

-data		434

-pss		435

-ucl		436

-pilot		437

-pilotAttributeType		438

-pilotAttributeSyntax		439

-pilotObjectClass		440

-pilotGroups		441

-iA5StringSyntax		442

-caseIgnoreIA5StringSyntax		443

-pilotObject		444

-pilotPerson		445

-account		446

-document		447

-room		448

-documentSeries		449

-rFC822localPart		450

-dNSDomain		451

-domainRelatedObject		452

-friendlyCountry		453

-simpleSecurityObject		454

-pilotOrganization		455

-pilotDSA		456

-qualityLabelledData		457

-userId		458

-textEncodedORAddress		459

-rfc822Mailbox		460

-info		461

-favouriteDrink		462

-roomNumber		463

-photo		464

-userClass		465

-host		466

-manager		467

-documentIdentifier		468

-documentTitle		469

-documentVersion		470

-documentAuthor		471

-documentLocation		472

-homeTelephoneNumber		473

-secretary		474

-otherMailbox		475

-lastModifiedTime		476

-lastModifiedBy		477

-aRecord		478

-pilotAttributeType27		479

-mXRecord		480

-nSRecord		481

-sOARecord		482

-cNAMERecord		483

-associatedDomain		484

-associatedName		485

-homePostalAddress		486

-personalTitle		487

-mobileTelephoneNumber		488

-pagerTelephoneNumber		489

-friendlyCountryName		490

-organizationalStatus		491

-janetMailbox		492

-mailPreferenceOption		493

-buildingName		494

-dSAQuality		495

-singleLevelQuality		496

-subtreeMinimumQuality		497

-subtreeMaximumQuality		498

-personalSignature		499

-dITRedirect		500

-audio		501

-documentPublisher		502

-x500UniqueIdentifier		503

-mime_mhs		504

-mime_mhs_headings		505

-mime_mhs_bodies		506

-id_hex_partial_message		507

-id_hex_multipart_message		508

-generationQualifier		509

-pseudonym		510

-InternationalRA		511

-id_set		512

-set_ctype		513

-set_msgExt		514

-set_attr		515

-set_policy		516

-set_certExt		517

-set_brand		518

-setct_PANData		519

-setct_PANToken		520

-setct_PANOnly		521

-setct_OIData		522

-setct_PI		523

-setct_PIData		524

-setct_PIDataUnsigned		525

-setct_HODInput		526

-setct_AuthResBaggage		527

-setct_AuthRevReqBaggage		528

-setct_AuthRevResBaggage		529

-setct_CapTokenSeq		530

-setct_PInitResData		531

-setct_PI_TBS		532

-setct_PResData		533

-setct_AuthReqTBS		534

-setct_AuthResTBS		535

-setct_AuthResTBSX		536

-setct_AuthTokenTBS		537

-setct_CapTokenData		538

-setct_CapTokenTBS		539

-setct_AcqCardCodeMsg		540

-setct_AuthRevReqTBS		541

-setct_AuthRevResData		542

-setct_AuthRevResTBS		543

-setct_CapReqTBS		544

-setct_CapReqTBSX		545

-setct_CapResData		546

-setct_CapRevReqTBS		547

-setct_CapRevReqTBSX		548

-setct_CapRevResData		549

-setct_CredReqTBS		550

-setct_CredReqTBSX		551

-setct_CredResData		552

-setct_CredRevReqTBS		553

-setct_CredRevReqTBSX		554

-setct_CredRevResData		555

-setct_PCertReqData		556

-setct_PCertResTBS		557

-setct_BatchAdminReqData		558

-setct_BatchAdminResData		559

-setct_CardCInitResTBS		560

-setct_MeAqCInitResTBS		561

-setct_RegFormResTBS		562

-setct_CertReqData		563

-setct_CertReqTBS		564

-setct_CertResData		565

-setct_CertInqReqTBS		566

-setct_ErrorTBS		567

-setct_PIDualSignedTBE		568

-setct_PIUnsignedTBE		569

-setct_AuthReqTBE		570

-setct_AuthResTBE		571

-setct_AuthResTBEX		572

-setct_AuthTokenTBE		573

-setct_CapTokenTBE		574

-setct_CapTokenTBEX		575

-setct_AcqCardCodeMsgTBE		576

-setct_AuthRevReqTBE		577

-setct_AuthRevResTBE		578

-setct_AuthRevResTBEB		579

-setct_CapReqTBE		580

-setct_CapReqTBEX		581

-setct_CapResTBE		582

-setct_CapRevReqTBE		583

-setct_CapRevReqTBEX		584

-setct_CapRevResTBE		585

-setct_CredReqTBE		586

-setct_CredReqTBEX		587

-setct_CredResTBE		588

-setct_CredRevReqTBE		589

-setct_CredRevReqTBEX		590

-setct_CredRevResTBE		591

-setct_BatchAdminReqTBE		592

-setct_BatchAdminResTBE		593

-setct_RegFormReqTBE		594

-setct_CertReqTBE		595

-setct_CertReqTBEX		596

-setct_CertResTBE		597

-setct_CRLNotificationTBS		598

-setct_CRLNotificationResTBS		599

-setct_BCIDistributionTBS		600

-setext_genCrypt		601

-setext_miAuth		602

-setext_pinSecure		603

-setext_pinAny		604

-setext_track2		605

-setext_cv		606

-set_policy_root		607

-setCext_hashedRoot		608

-setCext_certType		609

-setCext_merchData		610

-setCext_cCertRequired		611

-setCext_tunneling		612

-setCext_setExt		613

-setCext_setQualf		614

-setCext_PGWYcapabilities		615

-setCext_TokenIdentifier		616

-setCext_Track2Data		617

-setCext_TokenType		618

-setCext_IssuerCapabilities		619

-setAttr_Cert		620

-setAttr_PGWYcap		621

-setAttr_TokenType		622

-setAttr_IssCap		623

-set_rootKeyThumb		624

-set_addPolicy		625

-setAttr_Token_EMV		626

-setAttr_Token_B0Prime		627

-setAttr_IssCap_CVM		628

-setAttr_IssCap_T2		629

-setAttr_IssCap_Sig		630

-setAttr_GenCryptgrm		631

-setAttr_T2Enc		632

-setAttr_T2cleartxt		633

-setAttr_TokICCsig		634

-setAttr_SecDevSig		635

-set_brand_IATA_ATA		636

-set_brand_Diners		637

-set_brand_AmericanExpress		638

-set_brand_JCB		639

-set_brand_Visa		640

-set_brand_MasterCard		641

-set_brand_Novus		642

-des_cdmf		643

-rsaOAEPEncryptionSET		644

-itu_t		645

-joint_iso_itu_t		646

-international_organizations		647

-ms_smartcard_login		648

-ms_upn		649

-aes_128_cfb1		650

-aes_192_cfb1		651

-aes_256_cfb1		652

-aes_128_cfb8		653

-aes_192_cfb8		654

-aes_256_cfb8		655

-des_cfb1		656

-des_cfb8		657

-des_ede3_cfb1		658

-des_ede3_cfb8		659

-streetAddress		660

-postalCode		661

-id_ppl		662

-proxyCertInfo		663

-id_ppl_anyLanguage		664

-id_ppl_inheritAll		665

-name_constraints		666

-Independent		667

-sha256WithRSAEncryption		668

-sha384WithRSAEncryption		669

-sha512WithRSAEncryption		670

-sha224WithRSAEncryption		671

-sha256		672

-sha384		673

-sha512		674

-sha224		675

-identified_organization		676

-certicom_arc		677

-wap		678

-wap_wsg		679

-X9_62_id_characteristic_two_basis		680

-X9_62_onBasis		681

-X9_62_tpBasis		682

-X9_62_ppBasis		683

-X9_62_c2pnb163v1		684

-X9_62_c2pnb163v2		685

-X9_62_c2pnb163v3		686

-X9_62_c2pnb176v1		687

-X9_62_c2tnb191v1		688

-X9_62_c2tnb191v2		689

-X9_62_c2tnb191v3		690

-X9_62_c2onb191v4		691

-X9_62_c2onb191v5		692

-X9_62_c2pnb208w1		693

-X9_62_c2tnb239v1		694

-X9_62_c2tnb239v2		695

-X9_62_c2tnb239v3		696

-X9_62_c2onb239v4		697

-X9_62_c2onb239v5		698

-X9_62_c2pnb272w1		699

-X9_62_c2pnb304w1		700

-X9_62_c2tnb359v1		701

-X9_62_c2pnb368w1		702

-X9_62_c2tnb431r1		703

-secp112r1		704

-secp112r2		705

-secp128r1		706

-secp128r2		707

-secp160k1		708

-secp160r1		709

-secp160r2		710

-secp192k1		711

-secp224k1		712

-secp224r1		713

-secp256k1		714

-secp384r1		715

-secp521r1		716

-sect113r1		717

-sect113r2		718

-sect131r1		719

-sect131r2		720

-sect163k1		721

-sect163r1		722

-sect163r2		723

-sect193r1		724

-sect193r2		725

-sect233k1		726

-sect233r1		727

-sect239k1		728

-sect283k1		729

-sect283r1		730

-sect409k1		731

-sect409r1		732

-sect571k1		733

-sect571r1		734

-wap_wsg_idm_ecid_wtls1		735

-wap_wsg_idm_ecid_wtls3		736

-wap_wsg_idm_ecid_wtls4		737

-wap_wsg_idm_ecid_wtls5		738

-wap_wsg_idm_ecid_wtls6		739

-wap_wsg_idm_ecid_wtls7		740

-wap_wsg_idm_ecid_wtls8		741

-wap_wsg_idm_ecid_wtls9		742

-wap_wsg_idm_ecid_wtls10		743

-wap_wsg_idm_ecid_wtls11		744

-wap_wsg_idm_ecid_wtls12		745

-any_policy		746

-policy_mappings		747

-inhibit_any_policy		748

-ipsec3		749

-ipsec4		750

-camellia_128_cbc		751

-camellia_192_cbc		752

-camellia_256_cbc		753

-camellia_128_ecb		754

-camellia_192_ecb		755

-camellia_256_ecb		756

-camellia_128_cfb128		757

-camellia_192_cfb128		758

-camellia_256_cfb128		759

-camellia_128_cfb1		760

-camellia_192_cfb1		761

-camellia_256_cfb1		762

-camellia_128_cfb8		763

-camellia_192_cfb8		764

-camellia_256_cfb8		765

-camellia_128_ofb128		766

-camellia_192_ofb128		767

-camellia_256_ofb128		768

-subject_directory_attributes		769

-issuing_distribution_point		770

-certificate_issuer		771

-korea		772

-kisa		773

-kftc		774

-npki_alg		775

-seed_ecb		776

-seed_cbc		777

-seed_ofb128		778

-seed_cfb128		779

--- a/sys/src/ape/lib/openssl/crypto/objects/objects.README

+++ /dev/null

@@ -1,44 +1,0 @@

-objects.txt syntax

-------------------

-To cover all the naming hacks that were previously in objects.h needed some

-kind of hacks in objects.txt.

-The basic syntax for adding an object is as follows:

-	1 2 3 4		: shortName	: Long Name

-		If the long name doesn't contain spaces, or no short name

-		exists, the long name is used as basis for the base name

-		in C.  Otherwise, the short name is used.

-		The base name (let's call it 'base') will then be used to

-		create the C macros SN_base, LN_base, NID_base and OBJ_base.

-		Note that if the base name contains spaces, dashes or periods,

-		those will be converte to underscore.

-Then there are some extra commands:

-	!Alias foo 1 2 3 4

-		This juts makes a name foo for an OID.  The C macro

-		OBJ_foo will be created as a result.

-	!Cname foo

-		This makes sure that the name foo will be used as base name

-		in C.

-	!module foo

-	1 2 3 4		: shortName	: Long Name

-	!global

-		The !module command was meant to define a kind of modularity.

-		What it does is to make sure the module name is prepended

-		to the base name.  !global turns this off.  This construction

-		is not recursive.

-Lines starting with # are treated as comments, as well as any line starting

-with ! and not matching the commands above.

--- a/sys/src/ape/lib/openssl/crypto/objects/objects.h

+++ /dev/null

@@ -1,1049 +1,0 @@

-/* crypto/objects/objects.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_OBJECTS_H

-#define HEADER_OBJECTS_H

-#define USE_OBJ_MAC

-#ifdef USE_OBJ_MAC

-#include <openssl/obj_mac.h>

-#else

-#define SN_undef			"UNDEF"

-#define LN_undef			"undefined"

-#define NID_undef			0

-#define OBJ_undef			0L

-#define SN_Algorithm			"Algorithm"

-#define LN_algorithm			"algorithm"

-#define NID_algorithm			38

-#define OBJ_algorithm			1L,3L,14L,3L,2L

-#define LN_rsadsi			"rsadsi"

-#define NID_rsadsi			1

-#define OBJ_rsadsi			1L,2L,840L,113549L

-#define LN_pkcs				"pkcs"

-#define NID_pkcs			2

-#define OBJ_pkcs			OBJ_rsadsi,1L

-#define SN_md2				"MD2"

-#define LN_md2				"md2"

-#define NID_md2				3

-#define OBJ_md2				OBJ_rsadsi,2L,2L

-#define SN_md5				"MD5"

-#define LN_md5				"md5"

-#define NID_md5				4

-#define OBJ_md5				OBJ_rsadsi,2L,5L

-#define SN_rc4				"RC4"

-#define LN_rc4				"rc4"

-#define NID_rc4				5

-#define OBJ_rc4				OBJ_rsadsi,3L,4L

-#define LN_rsaEncryption		"rsaEncryption"

-#define NID_rsaEncryption		6

-#define OBJ_rsaEncryption		OBJ_pkcs,1L,1L

-#define SN_md2WithRSAEncryption		"RSA-MD2"

-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"

-#define NID_md2WithRSAEncryption	7

-#define OBJ_md2WithRSAEncryption	OBJ_pkcs,1L,2L

-#define SN_md5WithRSAEncryption		"RSA-MD5"

-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"

-#define NID_md5WithRSAEncryption	8

-#define OBJ_md5WithRSAEncryption	OBJ_pkcs,1L,4L

-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"

-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"

-#define NID_pbeWithMD2AndDES_CBC	9

-#define OBJ_pbeWithMD2AndDES_CBC	OBJ_pkcs,5L,1L

-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"

-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"

-#define NID_pbeWithMD5AndDES_CBC	10

-#define OBJ_pbeWithMD5AndDES_CBC	OBJ_pkcs,5L,3L

-#define LN_X500				"X500"

-#define NID_X500			11

-#define OBJ_X500			2L,5L

-#define LN_X509				"X509"

-#define NID_X509			12

-#define OBJ_X509			OBJ_X500,4L

-#define SN_commonName			"CN"

-#define LN_commonName			"commonName"

-#define NID_commonName			13

-#define OBJ_commonName			OBJ_X509,3L

-#define SN_countryName			"C"

-#define LN_countryName			"countryName"

-#define NID_countryName			14

-#define OBJ_countryName			OBJ_X509,6L

-#define SN_localityName			"L"

-#define LN_localityName			"localityName"

-#define NID_localityName		15

-#define OBJ_localityName		OBJ_X509,7L

-/* Postal Address? PA */

-/* should be "ST" (rfc1327) but MS uses 'S' */

-#define SN_stateOrProvinceName		"ST"

-#define LN_stateOrProvinceName		"stateOrProvinceName"

-#define NID_stateOrProvinceName		16

-#define OBJ_stateOrProvinceName		OBJ_X509,8L

-#define SN_organizationName		"O"

-#define LN_organizationName		"organizationName"

-#define NID_organizationName		17

-#define OBJ_organizationName		OBJ_X509,10L

-#define SN_organizationalUnitName	"OU"

-#define LN_organizationalUnitName	"organizationalUnitName"

-#define NID_organizationalUnitName	18

-#define OBJ_organizationalUnitName	OBJ_X509,11L

-#define SN_rsa				"RSA"

-#define LN_rsa				"rsa"

-#define NID_rsa				19

-#define OBJ_rsa				OBJ_X500,8L,1L,1L

-#define LN_pkcs7			"pkcs7"

-#define NID_pkcs7			20

-#define OBJ_pkcs7			OBJ_pkcs,7L

-#define LN_pkcs7_data			"pkcs7-data"

-#define NID_pkcs7_data			21

-#define OBJ_pkcs7_data			OBJ_pkcs7,1L

-#define LN_pkcs7_signed			"pkcs7-signedData"

-#define NID_pkcs7_signed		22

-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L

-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"

-#define NID_pkcs7_enveloped		23

-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L

-#define LN_pkcs7_signedAndEnveloped	"pkcs7-signedAndEnvelopedData"

-#define NID_pkcs7_signedAndEnveloped	24

-#define OBJ_pkcs7_signedAndEnveloped	OBJ_pkcs7,4L

-#define LN_pkcs7_digest			"pkcs7-digestData"

-#define NID_pkcs7_digest		25

-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L

-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"

-#define NID_pkcs7_encrypted		26

-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L

-#define LN_pkcs3			"pkcs3"

-#define NID_pkcs3			27

-#define OBJ_pkcs3			OBJ_pkcs,3L

-#define LN_dhKeyAgreement		"dhKeyAgreement"

-#define NID_dhKeyAgreement		28

-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L

-#define SN_des_ecb			"DES-ECB"

-#define LN_des_ecb			"des-ecb"

-#define NID_des_ecb			29

-#define OBJ_des_ecb			OBJ_algorithm,6L

-#define SN_des_cfb64			"DES-CFB"

-#define LN_des_cfb64			"des-cfb"

-#define NID_des_cfb64			30

-/* IV + num */

-#define OBJ_des_cfb64			OBJ_algorithm,9L

-#define SN_des_cbc			"DES-CBC"

-#define LN_des_cbc			"des-cbc"

-#define NID_des_cbc			31

-/* IV */

-#define OBJ_des_cbc			OBJ_algorithm,7L

-#define SN_des_ede			"DES-EDE"

-#define LN_des_ede			"des-ede"

-#define NID_des_ede			32

-/* ?? */

-#define OBJ_des_ede			OBJ_algorithm,17L

-#define SN_des_ede3			"DES-EDE3"

-#define LN_des_ede3			"des-ede3"

-#define NID_des_ede3			33

-#define SN_idea_cbc			"IDEA-CBC"

-#define LN_idea_cbc			"idea-cbc"

-#define NID_idea_cbc			34

-#define OBJ_idea_cbc			1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L

-#define SN_idea_cfb64			"IDEA-CFB"

-#define LN_idea_cfb64			"idea-cfb"

-#define NID_idea_cfb64			35

-#define SN_idea_ecb			"IDEA-ECB"

-#define LN_idea_ecb			"idea-ecb"

-#define NID_idea_ecb			36

-#define SN_rc2_cbc			"RC2-CBC"

-#define LN_rc2_cbc			"rc2-cbc"

-#define NID_rc2_cbc			37

-#define OBJ_rc2_cbc			OBJ_rsadsi,3L,2L

-#define SN_rc2_ecb			"RC2-ECB"

-#define LN_rc2_ecb			"rc2-ecb"

-#define NID_rc2_ecb			38

-#define SN_rc2_cfb64			"RC2-CFB"

-#define LN_rc2_cfb64			"rc2-cfb"

-#define NID_rc2_cfb64			39

-#define SN_rc2_ofb64			"RC2-OFB"

-#define LN_rc2_ofb64			"rc2-ofb"

-#define NID_rc2_ofb64			40

-#define SN_sha				"SHA"

-#define LN_sha				"sha"

-#define NID_sha				41

-#define OBJ_sha				OBJ_algorithm,18L

-#define SN_shaWithRSAEncryption		"RSA-SHA"

-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"

-#define NID_shaWithRSAEncryption	42

-#define OBJ_shaWithRSAEncryption	OBJ_algorithm,15L

-#define SN_des_ede_cbc			"DES-EDE-CBC"

-#define LN_des_ede_cbc			"des-ede-cbc"

-#define NID_des_ede_cbc			43

-#define SN_des_ede3_cbc			"DES-EDE3-CBC"

-#define LN_des_ede3_cbc			"des-ede3-cbc"

-#define NID_des_ede3_cbc		44

-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L

-#define SN_des_ofb64			"DES-OFB"

-#define LN_des_ofb64			"des-ofb"

-#define NID_des_ofb64			45

-#define OBJ_des_ofb64			OBJ_algorithm,8L

-#define SN_idea_ofb64			"IDEA-OFB"

-#define LN_idea_ofb64			"idea-ofb"

-#define NID_idea_ofb64			46

-#define LN_pkcs9			"pkcs9"

-#define NID_pkcs9			47

-#define OBJ_pkcs9			OBJ_pkcs,9L

-#define SN_pkcs9_emailAddress		"Email"

-#define LN_pkcs9_emailAddress		"emailAddress"

-#define NID_pkcs9_emailAddress		48

-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L

-#define LN_pkcs9_unstructuredName	"unstructuredName"

-#define NID_pkcs9_unstructuredName	49

-#define OBJ_pkcs9_unstructuredName	OBJ_pkcs9,2L

-#define LN_pkcs9_contentType		"contentType"

-#define NID_pkcs9_contentType		50

-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L

-#define LN_pkcs9_messageDigest		"messageDigest"

-#define NID_pkcs9_messageDigest		51

-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L

-#define LN_pkcs9_signingTime		"signingTime"

-#define NID_pkcs9_signingTime		52

-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L

-#define LN_pkcs9_countersignature	"countersignature"

-#define NID_pkcs9_countersignature	53

-#define OBJ_pkcs9_countersignature	OBJ_pkcs9,6L

-#define LN_pkcs9_challengePassword	"challengePassword"

-#define NID_pkcs9_challengePassword	54

-#define OBJ_pkcs9_challengePassword	OBJ_pkcs9,7L

-#define LN_pkcs9_unstructuredAddress	"unstructuredAddress"

-#define NID_pkcs9_unstructuredAddress	55

-#define OBJ_pkcs9_unstructuredAddress	OBJ_pkcs9,8L

-#define LN_pkcs9_extCertAttributes	"extendedCertificateAttributes"

-#define NID_pkcs9_extCertAttributes	56

-#define OBJ_pkcs9_extCertAttributes	OBJ_pkcs9,9L

-#define SN_netscape			"Netscape"

-#define LN_netscape			"Netscape Communications Corp."

-#define NID_netscape			57

-#define OBJ_netscape			2L,16L,840L,1L,113730L

-#define SN_netscape_cert_extension	"nsCertExt"

-#define LN_netscape_cert_extension	"Netscape Certificate Extension"

-#define NID_netscape_cert_extension	58

-#define OBJ_netscape_cert_extension	OBJ_netscape,1L

-#define SN_netscape_data_type		"nsDataType"

-#define LN_netscape_data_type		"Netscape Data Type"

-#define NID_netscape_data_type		59

-#define OBJ_netscape_data_type		OBJ_netscape,2L

-#define SN_des_ede_cfb64		"DES-EDE-CFB"

-#define LN_des_ede_cfb64		"des-ede-cfb"

-#define NID_des_ede_cfb64		60

-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"

-#define LN_des_ede3_cfb64		"des-ede3-cfb"

-#define NID_des_ede3_cfb64		61

-#define SN_des_ede_ofb64		"DES-EDE-OFB"

-#define LN_des_ede_ofb64		"des-ede-ofb"

-#define NID_des_ede_ofb64		62

-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"

-#define LN_des_ede3_ofb64		"des-ede3-ofb"

-#define NID_des_ede3_ofb64		63

-/* I'm not sure about the object ID */

-#define SN_sha1				"SHA1"

-#define LN_sha1				"sha1"

-#define NID_sha1			64

-#define OBJ_sha1			OBJ_algorithm,26L

-/* 28 Jun 1996 - eay */

-/* #define OBJ_sha1			1L,3L,14L,2L,26L,05L <- wrong */

-#define SN_sha1WithRSAEncryption	"RSA-SHA1"

-#define LN_sha1WithRSAEncryption	"sha1WithRSAEncryption"

-#define NID_sha1WithRSAEncryption	65

-#define OBJ_sha1WithRSAEncryption	OBJ_pkcs,1L,5L

-#define SN_dsaWithSHA			"DSA-SHA"

-#define LN_dsaWithSHA			"dsaWithSHA"

-#define NID_dsaWithSHA			66

-#define OBJ_dsaWithSHA			OBJ_algorithm,13L

-#define SN_dsa_2			"DSA-old"

-#define LN_dsa_2			"dsaEncryption-old"

-#define NID_dsa_2			67

-#define OBJ_dsa_2			OBJ_algorithm,12L

-/* proposed by microsoft to RSA */

-#define SN_pbeWithSHA1AndRC2_CBC	"PBE-SHA1-RC2-64"

-#define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"

-#define NID_pbeWithSHA1AndRC2_CBC	68

-#define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L

-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now

- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something

- * completely different.

- */

-#define LN_id_pbkdf2			"PBKDF2"

-#define NID_id_pbkdf2			69

-#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L

-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"

-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"

-#define NID_dsaWithSHA1_2		70

-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */

-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L

-#define SN_netscape_cert_type		"nsCertType"

-#define LN_netscape_cert_type		"Netscape Cert Type"

-#define NID_netscape_cert_type		71

-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L

-#define SN_netscape_base_url		"nsBaseUrl"

-#define LN_netscape_base_url		"Netscape Base Url"

-#define NID_netscape_base_url		72

-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L

-#define SN_netscape_revocation_url	"nsRevocationUrl"

-#define LN_netscape_revocation_url	"Netscape Revocation Url"

-#define NID_netscape_revocation_url	73

-#define OBJ_netscape_revocation_url	OBJ_netscape_cert_extension,3L

-#define SN_netscape_ca_revocation_url	"nsCaRevocationUrl"

-#define LN_netscape_ca_revocation_url	"Netscape CA Revocation Url"

-#define NID_netscape_ca_revocation_url	74

-#define OBJ_netscape_ca_revocation_url	OBJ_netscape_cert_extension,4L

-#define SN_netscape_renewal_url		"nsRenewalUrl"

-#define LN_netscape_renewal_url		"Netscape Renewal Url"

-#define NID_netscape_renewal_url	75

-#define OBJ_netscape_renewal_url	OBJ_netscape_cert_extension,7L

-#define SN_netscape_ca_policy_url	"nsCaPolicyUrl"

-#define LN_netscape_ca_policy_url	"Netscape CA Policy Url"

-#define NID_netscape_ca_policy_url	76

-#define OBJ_netscape_ca_policy_url	OBJ_netscape_cert_extension,8L

-#define SN_netscape_ssl_server_name	"nsSslServerName"

-#define LN_netscape_ssl_server_name	"Netscape SSL Server Name"

-#define NID_netscape_ssl_server_name	77

-#define OBJ_netscape_ssl_server_name	OBJ_netscape_cert_extension,12L

-#define SN_netscape_comment		"nsComment"

-#define LN_netscape_comment		"Netscape Comment"

-#define NID_netscape_comment		78

-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L

-#define SN_netscape_cert_sequence	"nsCertSequence"

-#define LN_netscape_cert_sequence	"Netscape Certificate Sequence"

-#define NID_netscape_cert_sequence	79

-#define OBJ_netscape_cert_sequence	OBJ_netscape_data_type,5L

-#define SN_desx_cbc			"DESX-CBC"

-#define LN_desx_cbc			"desx-cbc"

-#define NID_desx_cbc			80

-#define SN_id_ce			"id-ce"

-#define NID_id_ce			81

-#define OBJ_id_ce			2L,5L,29L

-#define SN_subject_key_identifier	"subjectKeyIdentifier"

-#define LN_subject_key_identifier	"X509v3 Subject Key Identifier"

-#define NID_subject_key_identifier	82

-#define OBJ_subject_key_identifier	OBJ_id_ce,14L

-#define SN_key_usage			"keyUsage"

-#define LN_key_usage			"X509v3 Key Usage"

-#define NID_key_usage			83

-#define OBJ_key_usage			OBJ_id_ce,15L

-#define SN_private_key_usage_period	"privateKeyUsagePeriod"

-#define LN_private_key_usage_period	"X509v3 Private Key Usage Period"

-#define NID_private_key_usage_period	84

-#define OBJ_private_key_usage_period	OBJ_id_ce,16L

-#define SN_subject_alt_name		"subjectAltName"

-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"

-#define NID_subject_alt_name		85

-#define OBJ_subject_alt_name		OBJ_id_ce,17L

-#define SN_issuer_alt_name		"issuerAltName"

-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"

-#define NID_issuer_alt_name		86

-#define OBJ_issuer_alt_name		OBJ_id_ce,18L

-#define SN_basic_constraints		"basicConstraints"

-#define LN_basic_constraints		"X509v3 Basic Constraints"

-#define NID_basic_constraints		87

-#define OBJ_basic_constraints		OBJ_id_ce,19L

-#define SN_crl_number			"crlNumber"

-#define LN_crl_number			"X509v3 CRL Number"

-#define NID_crl_number			88

-#define OBJ_crl_number			OBJ_id_ce,20L

-#define SN_certificate_policies		"certificatePolicies"

-#define LN_certificate_policies		"X509v3 Certificate Policies"

-#define NID_certificate_policies	89

-#define OBJ_certificate_policies	OBJ_id_ce,32L

-#define SN_authority_key_identifier	"authorityKeyIdentifier"

-#define LN_authority_key_identifier	"X509v3 Authority Key Identifier"

-#define NID_authority_key_identifier	90

-#define OBJ_authority_key_identifier	OBJ_id_ce,35L

-#define SN_bf_cbc			"BF-CBC"

-#define LN_bf_cbc			"bf-cbc"

-#define NID_bf_cbc			91

-#define OBJ_bf_cbc			1L,3L,6L,1L,4L,1L,3029L,1L,2L

-#define SN_bf_ecb			"BF-ECB"

-#define LN_bf_ecb			"bf-ecb"

-#define NID_bf_ecb			92

-#define SN_bf_cfb64			"BF-CFB"

-#define LN_bf_cfb64			"bf-cfb"

-#define NID_bf_cfb64			93

-#define SN_bf_ofb64			"BF-OFB"

-#define LN_bf_ofb64			"bf-ofb"

-#define NID_bf_ofb64			94

-#define SN_mdc2				"MDC2"

-#define LN_mdc2				"mdc2"

-#define NID_mdc2			95

-#define OBJ_mdc2			2L,5L,8L,3L,101L

-/* An alternative?			1L,3L,14L,3L,2L,19L */

-#define SN_mdc2WithRSA			"RSA-MDC2"

-#define LN_mdc2WithRSA			"mdc2withRSA"

-#define NID_mdc2WithRSA			96

-#define OBJ_mdc2WithRSA			2L,5L,8L,3L,100L

-#define SN_rc4_40			"RC4-40"

-#define LN_rc4_40			"rc4-40"

-#define NID_rc4_40			97

-#define SN_rc2_40_cbc			"RC2-40-CBC"

-#define LN_rc2_40_cbc			"rc2-40-cbc"

-#define NID_rc2_40_cbc			98

-#define SN_givenName			"G"

-#define LN_givenName			"givenName"

-#define NID_givenName			99

-#define OBJ_givenName			OBJ_X509,42L

-#define SN_surname			"S"

-#define LN_surname			"surname"

-#define NID_surname			100

-#define OBJ_surname			OBJ_X509,4L

-#define SN_initials			"I"

-#define LN_initials			"initials"

-#define NID_initials			101

-#define OBJ_initials			OBJ_X509,43L

-#define SN_uniqueIdentifier		"UID"

-#define LN_uniqueIdentifier		"uniqueIdentifier"

-#define NID_uniqueIdentifier		102

-#define OBJ_uniqueIdentifier		OBJ_X509,45L

-#define SN_crl_distribution_points	"crlDistributionPoints"

-#define LN_crl_distribution_points	"X509v3 CRL Distribution Points"

-#define NID_crl_distribution_points	103

-#define OBJ_crl_distribution_points	OBJ_id_ce,31L

-#define SN_md5WithRSA			"RSA-NP-MD5"

-#define LN_md5WithRSA			"md5WithRSA"

-#define NID_md5WithRSA			104

-#define OBJ_md5WithRSA			OBJ_algorithm,3L

-#define SN_serialNumber			"SN"

-#define LN_serialNumber			"serialNumber"

-#define NID_serialNumber		105

-#define OBJ_serialNumber		OBJ_X509,5L

-#define SN_title			"T"

-#define LN_title			"title"

-#define NID_title			106

-#define OBJ_title			OBJ_X509,12L

-#define SN_description			"D"

-#define LN_description			"description"

-#define NID_description			107

-#define OBJ_description			OBJ_X509,13L

-/* CAST5 is CAST-128, I'm just sticking with the documentation */

-#define SN_cast5_cbc			"CAST5-CBC"

-#define LN_cast5_cbc			"cast5-cbc"

-#define NID_cast5_cbc			108

-#define OBJ_cast5_cbc			1L,2L,840L,113533L,7L,66L,10L

-#define SN_cast5_ecb			"CAST5-ECB"

-#define LN_cast5_ecb			"cast5-ecb"

-#define NID_cast5_ecb			109

-#define SN_cast5_cfb64			"CAST5-CFB"

-#define LN_cast5_cfb64			"cast5-cfb"

-#define NID_cast5_cfb64			110

-#define SN_cast5_ofb64			"CAST5-OFB"

-#define LN_cast5_ofb64			"cast5-ofb"

-#define NID_cast5_ofb64			111

-#define LN_pbeWithMD5AndCast5_CBC	"pbeWithMD5AndCast5CBC"

-#define NID_pbeWithMD5AndCast5_CBC	112

-#define OBJ_pbeWithMD5AndCast5_CBC	1L,2L,840L,113533L,7L,66L,12L

-/* This is one sun will soon be using :-(

- * id-dsa-with-sha1 ID  ::= {

- *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }

- */

-#define SN_dsaWithSHA1			"DSA-SHA1"

-#define LN_dsaWithSHA1			"dsaWithSHA1"

-#define NID_dsaWithSHA1			113

-#define OBJ_dsaWithSHA1			1L,2L,840L,10040L,4L,3L

-#define NID_md5_sha1			114

-#define SN_md5_sha1			"MD5-SHA1"

-#define LN_md5_sha1			"md5-sha1"

-#define SN_sha1WithRSA			"RSA-SHA1-2"

-#define LN_sha1WithRSA			"sha1WithRSA"

-#define NID_sha1WithRSA			115

-#define OBJ_sha1WithRSA			OBJ_algorithm,29L

-#define SN_dsa				"DSA"

-#define LN_dsa				"dsaEncryption"

-#define NID_dsa				116

-#define OBJ_dsa				1L,2L,840L,10040L,4L,1L

-#define SN_ripemd160			"RIPEMD160"

-#define LN_ripemd160			"ripemd160"

-#define NID_ripemd160			117

-#define OBJ_ripemd160			1L,3L,36L,3L,2L,1L

-/* The name should actually be rsaSignatureWithripemd160, but I'm going

- * to continue using the convention I'm using with the other ciphers */

-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"

-#define LN_ripemd160WithRSA		"ripemd160WithRSA"

-#define NID_ripemd160WithRSA		119

-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L

-/* Taken from rfc2040

- *  RC5_CBC_Parameters ::= SEQUENCE {

- *	version           INTEGER (v1_0(16)),

- *	rounds            INTEGER (8..127),

- *	blockSizeInBits   INTEGER (64, 128),

- *	iv                OCTET STRING OPTIONAL

- *	}

- */

-#define SN_rc5_cbc			"RC5-CBC"

-#define LN_rc5_cbc			"rc5-cbc"

-#define NID_rc5_cbc			120

-#define OBJ_rc5_cbc			OBJ_rsadsi,3L,8L

-#define SN_rc5_ecb			"RC5-ECB"

-#define LN_rc5_ecb			"rc5-ecb"

-#define NID_rc5_ecb			121

-#define SN_rc5_cfb64			"RC5-CFB"

-#define LN_rc5_cfb64			"rc5-cfb"

-#define NID_rc5_cfb64			122

-#define SN_rc5_ofb64			"RC5-OFB"

-#define LN_rc5_ofb64			"rc5-ofb"

-#define NID_rc5_ofb64			123

-#define SN_rle_compression		"RLE"

-#define LN_rle_compression		"run length compression"

-#define NID_rle_compression		124

-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L

-#define SN_zlib_compression		"ZLIB"

-#define LN_zlib_compression		"zlib compression"

-#define NID_zlib_compression		125

-#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L

-#define SN_ext_key_usage		"extendedKeyUsage"

-#define LN_ext_key_usage		"X509v3 Extended Key Usage"

-#define NID_ext_key_usage		126

-#define OBJ_ext_key_usage		OBJ_id_ce,37

-#define SN_id_pkix			"PKIX"

-#define NID_id_pkix			127

-#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L

-#define SN_id_kp			"id-kp"

-#define NID_id_kp			128

-#define OBJ_id_kp			OBJ_id_pkix,3L

-/* PKIX extended key usage OIDs */

-#define SN_server_auth			"serverAuth"

-#define LN_server_auth			"TLS Web Server Authentication"

-#define NID_server_auth			129

-#define OBJ_server_auth			OBJ_id_kp,1L

-#define SN_client_auth			"clientAuth"

-#define LN_client_auth			"TLS Web Client Authentication"

-#define NID_client_auth			130

-#define OBJ_client_auth			OBJ_id_kp,2L

-#define SN_code_sign			"codeSigning"

-#define LN_code_sign			"Code Signing"

-#define NID_code_sign			131

-#define OBJ_code_sign			OBJ_id_kp,3L

-#define SN_email_protect		"emailProtection"

-#define LN_email_protect		"E-mail Protection"

-#define NID_email_protect		132

-#define OBJ_email_protect		OBJ_id_kp,4L

-#define SN_time_stamp			"timeStamping"

-#define LN_time_stamp			"Time Stamping"

-#define NID_time_stamp			133

-#define OBJ_time_stamp			OBJ_id_kp,8L

-/* Additional extended key usage OIDs: Microsoft */

-#define SN_ms_code_ind			"msCodeInd"

-#define LN_ms_code_ind			"Microsoft Individual Code Signing"

-#define NID_ms_code_ind			134

-#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L

-#define SN_ms_code_com			"msCodeCom"

-#define LN_ms_code_com			"Microsoft Commercial Code Signing"

-#define NID_ms_code_com			135

-#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L

-#define SN_ms_ctl_sign			"msCTLSign"

-#define LN_ms_ctl_sign			"Microsoft Trust List Signing"

-#define NID_ms_ctl_sign			136

-#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L

-#define SN_ms_sgc			"msSGC"

-#define LN_ms_sgc			"Microsoft Server Gated Crypto"

-#define NID_ms_sgc			137

-#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L

-#define SN_ms_efs			"msEFS"

-#define LN_ms_efs			"Microsoft Encrypted File System"

-#define NID_ms_efs			138

-#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L

-/* Additional usage: Netscape */

-#define SN_ns_sgc			"nsSGC"

-#define LN_ns_sgc			"Netscape Server Gated Crypto"

-#define NID_ns_sgc			139

-#define OBJ_ns_sgc			OBJ_netscape,4L,1L

-#define SN_delta_crl			"deltaCRL"

-#define LN_delta_crl			"X509v3 Delta CRL Indicator"

-#define NID_delta_crl			140

-#define OBJ_delta_crl			OBJ_id_ce,27L

-#define SN_crl_reason			"CRLReason"

-#define LN_crl_reason			"CRL Reason Code"

-#define NID_crl_reason			141

-#define OBJ_crl_reason			OBJ_id_ce,21L

-#define SN_invalidity_date		"invalidityDate"

-#define LN_invalidity_date		"Invalidity Date"

-#define NID_invalidity_date		142

-#define OBJ_invalidity_date		OBJ_id_ce,24L

-#define SN_sxnet			"SXNetID"

-#define LN_sxnet			"Strong Extranet ID"

-#define NID_sxnet			143

-#define OBJ_sxnet			1L,3L,101L,1L,4L,1L

-/* PKCS12 and related OBJECT IDENTIFIERS */

-#define OBJ_pkcs12			OBJ_pkcs,12L

-#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1

-#define SN_pbe_WithSHA1And128BitRC4	"PBE-SHA1-RC4-128"

-#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"

-#define NID_pbe_WithSHA1And128BitRC4	144

-#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L

-#define SN_pbe_WithSHA1And40BitRC4	"PBE-SHA1-RC4-40"

-#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"

-#define NID_pbe_WithSHA1And40BitRC4	145

-#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L

-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC	"PBE-SHA1-3DES"

-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146

-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L

-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC	"PBE-SHA1-2DES"

-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"

-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147

-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L

-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"

-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"

-#define NID_pbe_WithSHA1And128BitRC2_CBC	148

-#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L

-#define SN_pbe_WithSHA1And40BitRC2_CBC	"PBE-SHA1-RC2-40"

-#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"

-#define NID_pbe_WithSHA1And40BitRC2_CBC	149

-#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L

-#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L

-#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L

-#define LN_keyBag		"keyBag"

-#define NID_keyBag		150

-#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L

-#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"

-#define NID_pkcs8ShroudedKeyBag	151

-#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L

-#define LN_certBag		"certBag"

-#define NID_certBag		152

-#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L

-#define LN_crlBag		"crlBag"

-#define NID_crlBag		153

-#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L

-#define LN_secretBag		"secretBag"

-#define NID_secretBag		154

-#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L

-#define LN_safeContentsBag	"safeContentsBag"

-#define NID_safeContentsBag	155

-#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L

-#define LN_friendlyName		"friendlyName"

-#define	NID_friendlyName	156

-#define OBJ_friendlyName	OBJ_pkcs9, 20L

-#define LN_localKeyID		"localKeyID"

-#define	NID_localKeyID		157

-#define OBJ_localKeyID		OBJ_pkcs9, 21L

-#define OBJ_certTypes		OBJ_pkcs9, 22L

-#define LN_x509Certificate	"x509Certificate"

-#define	NID_x509Certificate	158

-#define OBJ_x509Certificate	OBJ_certTypes, 1L

-#define LN_sdsiCertificate	"sdsiCertificate"

-#define	NID_sdsiCertificate	159

-#define OBJ_sdsiCertificate	OBJ_certTypes, 2L

-#define OBJ_crlTypes		OBJ_pkcs9, 23L

-#define LN_x509Crl		"x509Crl"

-#define	NID_x509Crl		160

-#define OBJ_x509Crl		OBJ_crlTypes, 1L

-/* PKCS#5 v2 OIDs */

-#define LN_pbes2		"PBES2"

-#define NID_pbes2		161

-#define OBJ_pbes2		OBJ_pkcs,5L,13L

-#define LN_pbmac1		"PBMAC1"

-#define NID_pbmac1		162

-#define OBJ_pbmac1		OBJ_pkcs,5L,14L

-#define LN_hmacWithSHA1		"hmacWithSHA1"

-#define NID_hmacWithSHA1	163

-#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L

-/* Policy Qualifier Ids */

-#define LN_id_qt_cps		"Policy Qualifier CPS"

-#define SN_id_qt_cps		"id-qt-cps"

-#define NID_id_qt_cps		164

-#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L

-#define LN_id_qt_unotice	"Policy Qualifier User Notice"

-#define SN_id_qt_unotice	"id-qt-unotice"

-#define NID_id_qt_unotice	165

-#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L

-#define SN_rc2_64_cbc			"RC2-64-CBC"

-#define LN_rc2_64_cbc			"rc2-64-cbc"

-#define NID_rc2_64_cbc			166

-#define SN_SMIMECapabilities		"SMIME-CAPS"

-#define LN_SMIMECapabilities		"S/MIME Capabilities"

-#define NID_SMIMECapabilities		167

-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L

-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"

-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"

-#define NID_pbeWithMD2AndRC2_CBC	168

-#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L

-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"

-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"

-#define NID_pbeWithMD5AndRC2_CBC	169

-#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L

-#define SN_pbeWithSHA1AndDES_CBC	"PBE-SHA1-DES"

-#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"

-#define NID_pbeWithSHA1AndDES_CBC	170

-#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L

-/* Extension request OIDs */

-#define LN_ms_ext_req			"Microsoft Extension Request"

-#define SN_ms_ext_req			"msExtReq"

-#define NID_ms_ext_req			171

-#define OBJ_ms_ext_req			1L,3L,6L,1L,4L,1L,311L,2L,1L,14L

-#define LN_ext_req			"Extension Request"

-#define SN_ext_req			"extReq"

-#define NID_ext_req			172

-#define OBJ_ext_req			OBJ_pkcs9,14L

-#define SN_name				"name"

-#define LN_name				"name"

-#define NID_name			173

-#define OBJ_name			OBJ_X509,41L

-#define SN_dnQualifier			"dnQualifier"

-#define LN_dnQualifier			"dnQualifier"

-#define NID_dnQualifier			174

-#define OBJ_dnQualifier			OBJ_X509,46L

-#define SN_id_pe			"id-pe"

-#define NID_id_pe			175

-#define OBJ_id_pe			OBJ_id_pkix,1L

-#define SN_id_ad			"id-ad"

-#define NID_id_ad			176

-#define OBJ_id_ad			OBJ_id_pkix,48L

-#define SN_info_access			"authorityInfoAccess"

-#define LN_info_access			"Authority Information Access"

-#define NID_info_access			177

-#define OBJ_info_access			OBJ_id_pe,1L

-#define SN_ad_OCSP			"OCSP"

-#define LN_ad_OCSP			"OCSP"

-#define NID_ad_OCSP			178

-#define OBJ_ad_OCSP			OBJ_id_ad,1L

-#define SN_ad_ca_issuers		"caIssuers"

-#define LN_ad_ca_issuers		"CA Issuers"

-#define NID_ad_ca_issuers		179

-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L

-#define SN_OCSP_sign			"OCSPSigning"

-#define LN_OCSP_sign			"OCSP Signing"

-#define NID_OCSP_sign			180

-#define OBJ_OCSP_sign			OBJ_id_kp,9L

-#endif /* USE_OBJ_MAC */

-#include <openssl/bio.h>

-#include <openssl/asn1.h>

-#define	OBJ_NAME_TYPE_UNDEF		0x00

-#define	OBJ_NAME_TYPE_MD_METH		0x01

-#define	OBJ_NAME_TYPE_CIPHER_METH	0x02

-#define	OBJ_NAME_TYPE_PKEY_METH		0x03

-#define	OBJ_NAME_TYPE_COMP_METH		0x04

-#define	OBJ_NAME_TYPE_NUM		0x05

-#define	OBJ_NAME_ALIAS			0x8000

-#define OBJ_BSEARCH_VALUE_ON_NOMATCH		0x01

-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH	0x02

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct obj_name_st

-	{

-	int type;

-	int alias;

-	const char *name;

-	const char *data;

-	} OBJ_NAME;

-#define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)

-int OBJ_NAME_init(void);

-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),

-		       int (*cmp_func)(const char *, const char *),

-		       void (*free_func)(const char *, int, const char *));

-const char *OBJ_NAME_get(const char *name,int type);

-int OBJ_NAME_add(const char *name,int type,const char *data);

-int OBJ_NAME_remove(const char *name,int type);

-void OBJ_NAME_cleanup(int type); /* -1 for everything */

-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),

-		     void *arg);

-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),

-			    void *arg);

-ASN1_OBJECT *	OBJ_dup(const ASN1_OBJECT *o);

-ASN1_OBJECT *	OBJ_nid2obj(int n);

-const char *	OBJ_nid2ln(int n);

-const char *	OBJ_nid2sn(int n);

-int		OBJ_obj2nid(const ASN1_OBJECT *o);

-ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);

-int	OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);

-int		OBJ_txt2nid(const char *s);

-int		OBJ_ln2nid(const char *s);

-int		OBJ_sn2nid(const char *s);

-int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);

-const char *	OBJ_bsearch(const char *key,const char *base,int num,int size,

-	int (*cmp)(const void *, const void *));

-const char *	OBJ_bsearch_ex(const char *key,const char *base,int num,

-	int size, int (*cmp)(const void *, const void *), int flags);

-int		OBJ_new_nid(int num);

-int		OBJ_add_object(const ASN1_OBJECT *obj);

-int		OBJ_create(const char *oid,const char *sn,const char *ln);

-void		OBJ_cleanup(void );

-int		OBJ_create_objects(BIO *in);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_OBJ_strings(void);

-/* Error codes for the OBJ functions. */

-/* Function codes. */

-#define OBJ_F_OBJ_ADD_OBJECT				 105

-#define OBJ_F_OBJ_CREATE				 100

-#define OBJ_F_OBJ_DUP					 101

-#define OBJ_F_OBJ_NAME_NEW_INDEX			 106

-#define OBJ_F_OBJ_NID2LN				 102

-#define OBJ_F_OBJ_NID2OBJ				 103

-#define OBJ_F_OBJ_NID2SN				 104

-/* Reason codes. */

-#define OBJ_R_MALLOC_FAILURE				 100

-#define OBJ_R_UNKNOWN_NID				 101

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/objects/objects.pl

+++ /dev/null

@@ -1,229 +1,0 @@

-#!/usr/local/bin/perl

-open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";

-$max_nid=0;

-$o=0;

-while(<NUMIN>)

-	{

-	chop;

-	$o++;

-	s/#.*$//;

-	next if /^\s*$/;

-	$_ = 'X'.$_;

-	($Cname,$mynum) = split;

-	$Cname =~ s/^X//;

-	if (defined($nidn{$mynum}))

-		{ die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }

-	$nid{$Cname} = $mynum;

-	$nidn{$mynum} = $Cname;

-	$order{$mynum} = $o;

-	$max_nid = $mynum if $mynum > $max_nid;

-	}

-close NUMIN;

-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";

-$Cname="";

-$o=0;

-while (<IN>)

-	{

-	chop;

-	$o++;

-        if (/^!module\s+(.*)$/)

-		{

-		$module = $1."-";

-		$module =~ s/\./_/g;

-		$module =~ s/-/_/g;

-		}

-        if (/^!global$/)

-		{ $module = ""; }

-	if (/^!Cname\s+(.*)$/)

-		{ $Cname = $1; }

-	if (/^!Alias\s+(.+?)\s+(.*)$/)

-		{

-		$Cname = $module.$1;

-		$myoid = $2;

-		$myoid = &process_oid($myoid);

-		$Cname =~ s/-/_/g;

-		$ordern{$o} = $Cname;

-		$order{$Cname} = $o;

-		$obj{$Cname} = $myoid;

-		$_ = "";

-		$Cname = "";

-		}

-	s/!.*$//;

-	s/#.*$//;

-	next if /^\s*$/;

-	($myoid,$mysn,$myln) = split ':';

-	$mysn =~ s/^\s*//;

-	$mysn =~ s/\s*$//;

-	$myln =~ s/^\s*//;

-	$myln =~ s/\s*$//;

-	$myoid =~ s/^\s*//;

-	$myoid =~ s/\s*$//;

-	if ($myoid ne "")

-		{

-		$myoid = &process_oid($myoid);

-		}

-	if ($Cname eq "" && !($myln =~ / /))

-		{

-		$Cname = $myln;

-		$Cname =~ s/\./_/g;

-		$Cname =~ s/-/_/g;

-		if ($Cname ne "" && defined($ln{$module.$Cname}))

-			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }

-		}

-	if ($Cname eq "")

-		{

-		$Cname = $mysn;

-		$Cname =~ s/-/_/g;

-		if ($Cname ne "" && defined($sn{$module.$Cname}))

-			{ die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }

-		}

-	if ($Cname eq "")

-		{

-		$Cname = $myln;

-		$Cname =~ s/-/_/g;

-		$Cname =~ s/\./_/g;

-		$Cname =~ s/ /_/g;

-		if ($Cname ne "" && defined($ln{$module.$Cname}))

-			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }

-		}

-	$Cname =~ s/\./_/g;

-	$Cname =~ s/-/_/g;

-	$Cname = $module.$Cname;

-	$ordern{$o} = $Cname;

-	$order{$Cname} = $o;

-	$sn{$Cname} = $mysn;

-	$ln{$Cname} = $myln;

-	$obj{$Cname} = $myoid;

-	if (!defined($nid{$Cname}))

-		{

-		$max_nid++;

-		$nid{$Cname} = $max_nid;

-		$nidn{$max_nid} = $Cname;

-		}

-	$Cname="";

-	}

-close IN;

-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";

-foreach (sort { $a <=> $b } keys %nidn)

-	{

-	print NUMOUT $nidn{$_},"\t\t",$_,"\n";

-	}

-close NUMOUT;

-open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";

-print OUT <<'EOF';

-/* crypto/objects/obj_mac.h */

-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the

- * following command:

- * perl objects.pl objects.txt obj_mac.num obj_mac.h

- */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define SN_undef			"UNDEF"

-#define LN_undef			"undefined"

-#define NID_undef			0

-#define OBJ_undef			0L

-EOF

-foreach (sort { $a <=> $b } keys %ordern)

-	{

-	$Cname=$ordern{$_};

-	print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";

-	print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";

-	print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";

-	print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";

-	print OUT "\n";

-	}

-close OUT;

-sub process_oid

-	{

-	local($oid)=@_;

-	local(@a,$oid_pref);

-	@a = split(/\s+/,$myoid);

-	$pref_oid = "";

-	$pref_sep = "";

-	if (!($a[0] =~ /^[0-9]+$/))

-		{

-		$a[0] =~ s/-/_/g;

-		if (!defined($obj{$a[0]}))

-			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }

-		$pref_oid = "OBJ_" . $a[0];

-		$pref_sep = ",";

-		shift @a;

-		}

-	$oids = join('L,',@a) . "L";

-	if ($oids ne "L")

-		{

-		$oids = $pref_oid . $pref_sep . $oids;

-		}

-	else

-		{

-		$oids = $pref_oid;

-		}

-	return($oids);

-	}

--- a/sys/src/ape/lib/openssl/crypto/objects/objects.txt

+++ /dev/null

@@ -1,1103 +1,0 @@

-# CCITT was renamed to ITU-T quite some time ago

-0			: ITU-T			: itu-t

-!Alias ccitt itu-t

-1			: ISO			: iso

-2			: JOINT-ISO-ITU-T	: joint-iso-itu-t

-!Alias joint-iso-ccitt joint-iso-itu-t

-iso 2			: member-body		: ISO Member Body

-iso 3			: identified-organization

-identified-organization 132	: certicom-arc

-joint-iso-itu-t 23	: international-organizations	: International Organizations

-international-organizations 43	: wap

-wap 13			: wap-wsg

-joint-iso-itu-t 5 1 5	: selected-attribute-types	: Selected Attribute Types

-selected-attribute-types 55	: clearance

-member-body 840		: ISO-US		: ISO US Member Body

-ISO-US 10040		: X9-57			: X9.57

-X9-57 4			: X9cm			: X9.57 CM ?

-!Cname dsa

-X9cm 1			: DSA			: dsaEncryption

-X9cm 3			: DSA-SHA1		: dsaWithSHA1

-ISO-US 10045		: ansi-X9-62		: ANSI X9.62

-!module X9-62

-!Alias id-fieldType ansi-X9-62 1

-X9-62_id-fieldType 1		: prime-field

-X9-62_id-fieldType 2		: characteristic-two-field

-X9-62_characteristic-two-field 3 : id-characteristic-two-basis

-X9-62_id-characteristic-two-basis 1 : onBasis

-X9-62_id-characteristic-two-basis 2 : tpBasis

-X9-62_id-characteristic-two-basis 3 : ppBasis

-!Alias id-publicKeyType ansi-X9-62 2

-X9-62_id-publicKeyType 1	: id-ecPublicKey

-!Alias ellipticCurve ansi-X9-62 3

-!Alias c-TwoCurve X9-62_ellipticCurve 0

-X9-62_c-TwoCurve 1		: c2pnb163v1

-X9-62_c-TwoCurve 2		: c2pnb163v2

-X9-62_c-TwoCurve 3		: c2pnb163v3

-X9-62_c-TwoCurve 4		: c2pnb176v1

-X9-62_c-TwoCurve 5		: c2tnb191v1

-X9-62_c-TwoCurve 6		: c2tnb191v2

-X9-62_c-TwoCurve 7		: c2tnb191v3

-X9-62_c-TwoCurve 8		: c2onb191v4

-X9-62_c-TwoCurve 9		: c2onb191v5

-X9-62_c-TwoCurve 10		: c2pnb208w1

-X9-62_c-TwoCurve 11		: c2tnb239v1

-X9-62_c-TwoCurve 12		: c2tnb239v2

-X9-62_c-TwoCurve 13		: c2tnb239v3

-X9-62_c-TwoCurve 14		: c2onb239v4

-X9-62_c-TwoCurve 15		: c2onb239v5

-X9-62_c-TwoCurve 16		: c2pnb272w1

-X9-62_c-TwoCurve 17		: c2pnb304w1

-X9-62_c-TwoCurve 18		: c2tnb359v1

-X9-62_c-TwoCurve 19		: c2pnb368w1

-X9-62_c-TwoCurve 20		: c2tnb431r1

-!Alias primeCurve X9-62_ellipticCurve 1

-X9-62_primeCurve 1	 	: prime192v1

-X9-62_primeCurve 2	 	: prime192v2

-X9-62_primeCurve 3	 	: prime192v3

-X9-62_primeCurve 4	 	: prime239v1

-X9-62_primeCurve 5	 	: prime239v2

-X9-62_primeCurve 6	 	: prime239v3

-X9-62_primeCurve 7	 	: prime256v1

-!Alias id-ecSigType ansi-X9-62 4

-!global

-X9-62_id-ecSigType 1		: ecdsa-with-SHA1

-# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"

-# (http://www.secg.org/)

-!Alias secg_ellipticCurve certicom-arc 0

-# SECG prime curves OIDs

-secg-ellipticCurve 6		: secp112r1

-secg-ellipticCurve 7		: secp112r2

-secg-ellipticCurve 28		: secp128r1

-secg-ellipticCurve 29		: secp128r2

-secg-ellipticCurve 9		: secp160k1

-secg-ellipticCurve 8		: secp160r1

-secg-ellipticCurve 30		: secp160r2

-secg-ellipticCurve 31		: secp192k1

-# NOTE: the curve secp192r1 is the same as prime192v1 defined above

-#       and is therefore omitted

-secg-ellipticCurve 32		: secp224k1

-secg-ellipticCurve 33		: secp224r1

-secg-ellipticCurve 10		: secp256k1

-# NOTE: the curve secp256r1 is the same as prime256v1 defined above

-#       and is therefore omitted

-secg-ellipticCurve 34		: secp384r1

-secg-ellipticCurve 35		: secp521r1

-# SECG characteristic two curves OIDs

-secg-ellipticCurve 4		: sect113r1

-secg-ellipticCurve 5		: sect113r2

-secg-ellipticCurve 22		: sect131r1

-secg-ellipticCurve 23		: sect131r2

-secg-ellipticCurve 1		: sect163k1

-secg-ellipticCurve 2		: sect163r1

-secg-ellipticCurve 15		: sect163r2

-secg-ellipticCurve 24		: sect193r1

-secg-ellipticCurve 25		: sect193r2

-secg-ellipticCurve 26		: sect233k1

-secg-ellipticCurve 27		: sect233r1

-secg-ellipticCurve 3		: sect239k1

-secg-ellipticCurve 16		: sect283k1

-secg-ellipticCurve 17		: sect283r1

-secg-ellipticCurve 36		: sect409k1

-secg-ellipticCurve 37		: sect409r1

-secg-ellipticCurve 38		: sect571k1

-secg-ellipticCurve 39		: sect571r1

-# WAP/TLS curve OIDs (http://www.wapforum.org/)

-!Alias wap-wsg-idm-ecid wap-wsg 4

-wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1

-wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3

-wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4

-wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5

-wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6

-wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7

-wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8

-wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9

-wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10

-wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11

-wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12

-ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc

-			: CAST5-ECB		: cast5-ecb

-!Cname cast5-cfb64

-			: CAST5-CFB		: cast5-cfb

-!Cname cast5-ofb64

-			: CAST5-OFB		: cast5-ofb

-!Cname pbeWithMD5AndCast5-CBC

-ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC

-ISO-US 113549		: rsadsi		: RSA Data Security, Inc.

-rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS

-pkcs 1			: pkcs1

-pkcs1 1			:			: rsaEncryption

-pkcs1 2			: RSA-MD2		: md2WithRSAEncryption

-pkcs1 3			: RSA-MD4		: md4WithRSAEncryption

-pkcs1 4			: RSA-MD5		: md5WithRSAEncryption

-pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption

-# According to PKCS #1 version 2.1

-pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption

-pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption

-pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption

-pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption

-pkcs 3			: pkcs3

-pkcs3 1			:			: dhKeyAgreement

-pkcs 5			: pkcs5

-pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC

-pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC

-pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC

-pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC

-pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC

-pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC

-!Cname id_pbkdf2

-pkcs5 12		:			: PBKDF2

-!Cname pbes2

-pkcs5 13		:			: PBES2

-!Cname pbmac1

-pkcs5 14		:			: PBMAC1

-pkcs 7			: pkcs7

-pkcs7 1			:			: pkcs7-data

-!Cname pkcs7-signed

-pkcs7 2			:			: pkcs7-signedData

-!Cname pkcs7-enveloped

-pkcs7 3			:			: pkcs7-envelopedData

-!Cname pkcs7-signedAndEnveloped

-pkcs7 4			:			: pkcs7-signedAndEnvelopedData

-!Cname pkcs7-digest

-pkcs7 5			:			: pkcs7-digestData

-!Cname pkcs7-encrypted

-pkcs7 6			:			: pkcs7-encryptedData

-pkcs 9			: pkcs9

-!module pkcs9

-pkcs9 1			: 			: emailAddress

-pkcs9 2			:			: unstructuredName

-pkcs9 3			:			: contentType

-pkcs9 4			:			: messageDigest

-pkcs9 5			:			: signingTime

-pkcs9 6			:			: countersignature

-pkcs9 7			:			: challengePassword

-pkcs9 8			:			: unstructuredAddress

-!Cname extCertAttributes

-pkcs9 9			:			: extendedCertificateAttributes

-!global

-!Cname ext-req

-pkcs9 14		: extReq		: Extension Request

-!Cname SMIMECapabilities

-pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities

-# S/MIME

-!Cname SMIME

-pkcs9 16		: SMIME			: S/MIME

-SMIME 0			: id-smime-mod

-SMIME 1			: id-smime-ct

-SMIME 2			: id-smime-aa

-SMIME 3			: id-smime-alg

-SMIME 4			: id-smime-cd

-SMIME 5			: id-smime-spq

-SMIME 6			: id-smime-cti

-# S/MIME Modules

-id-smime-mod 1		: id-smime-mod-cms

-id-smime-mod 2		: id-smime-mod-ess

-id-smime-mod 3		: id-smime-mod-oid

-id-smime-mod 4		: id-smime-mod-msg-v3

-id-smime-mod 5		: id-smime-mod-ets-eSignature-88

-id-smime-mod 6		: id-smime-mod-ets-eSignature-97

-id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88

-id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97

-# S/MIME Content Types

-id-smime-ct 1		: id-smime-ct-receipt

-id-smime-ct 2		: id-smime-ct-authData

-id-smime-ct 3		: id-smime-ct-publishCert

-id-smime-ct 4		: id-smime-ct-TSTInfo

-id-smime-ct 5		: id-smime-ct-TDTInfo

-id-smime-ct 6		: id-smime-ct-contentInfo

-id-smime-ct 7		: id-smime-ct-DVCSRequestData

-id-smime-ct 8		: id-smime-ct-DVCSResponseData

-# S/MIME Attributes

-id-smime-aa 1		: id-smime-aa-receiptRequest

-id-smime-aa 2		: id-smime-aa-securityLabel

-id-smime-aa 3		: id-smime-aa-mlExpandHistory

-id-smime-aa 4		: id-smime-aa-contentHint

-id-smime-aa 5		: id-smime-aa-msgSigDigest

-# obsolete

-id-smime-aa 6		: id-smime-aa-encapContentType

-id-smime-aa 7		: id-smime-aa-contentIdentifier

-# obsolete

-id-smime-aa 8		: id-smime-aa-macValue

-id-smime-aa 9		: id-smime-aa-equivalentLabels

-id-smime-aa 10		: id-smime-aa-contentReference

-id-smime-aa 11		: id-smime-aa-encrypKeyPref

-id-smime-aa 12		: id-smime-aa-signingCertificate

-id-smime-aa 13		: id-smime-aa-smimeEncryptCerts

-id-smime-aa 14		: id-smime-aa-timeStampToken

-id-smime-aa 15		: id-smime-aa-ets-sigPolicyId

-id-smime-aa 16		: id-smime-aa-ets-commitmentType

-id-smime-aa 17		: id-smime-aa-ets-signerLocation

-id-smime-aa 18		: id-smime-aa-ets-signerAttr

-id-smime-aa 19		: id-smime-aa-ets-otherSigCert

-id-smime-aa 20		: id-smime-aa-ets-contentTimestamp

-id-smime-aa 21		: id-smime-aa-ets-CertificateRefs

-id-smime-aa 22		: id-smime-aa-ets-RevocationRefs

-id-smime-aa 23		: id-smime-aa-ets-certValues

-id-smime-aa 24		: id-smime-aa-ets-revocationValues

-id-smime-aa 25		: id-smime-aa-ets-escTimeStamp

-id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp

-id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp

-id-smime-aa 28		: id-smime-aa-signatureType

-id-smime-aa 29		: id-smime-aa-dvcs-dvc

-# S/MIME Algorithm Identifiers

-# obsolete

-id-smime-alg 1		: id-smime-alg-ESDHwith3DES

-# obsolete

-id-smime-alg 2		: id-smime-alg-ESDHwithRC2

-# obsolete

-id-smime-alg 3		: id-smime-alg-3DESwrap

-# obsolete

-id-smime-alg 4		: id-smime-alg-RC2wrap

-id-smime-alg 5		: id-smime-alg-ESDH

-id-smime-alg 6		: id-smime-alg-CMS3DESwrap

-id-smime-alg 7		: id-smime-alg-CMSRC2wrap

-# S/MIME Certificate Distribution

-id-smime-cd 1		: id-smime-cd-ldap

-# S/MIME Signature Policy Qualifier

-id-smime-spq 1		: id-smime-spq-ets-sqt-uri

-id-smime-spq 2		: id-smime-spq-ets-sqt-unotice

-# S/MIME Commitment Type Identifier

-id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin

-id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt

-id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery

-id-smime-cti 4		: id-smime-cti-ets-proofOfSender

-id-smime-cti 5		: id-smime-cti-ets-proofOfApproval

-id-smime-cti 6		: id-smime-cti-ets-proofOfCreation

-pkcs9 20		:			: friendlyName

-pkcs9 21		:			: localKeyID

-!Cname ms-csp-name

-1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name

-!Alias certTypes pkcs9 22

-certTypes 1		:			: x509Certificate

-certTypes 2		:			: sdsiCertificate

-!Alias crlTypes pkcs9 23

-crlTypes 1		:			: x509Crl

-!Alias pkcs12 pkcs 12

-!Alias pkcs12-pbeids pkcs12 1

-!Cname pbe-WithSHA1And128BitRC4

-pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4

-!Cname pbe-WithSHA1And40BitRC4

-pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4

-!Cname pbe-WithSHA1And3_Key_TripleDES-CBC

-pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC

-!Cname pbe-WithSHA1And2_Key_TripleDES-CBC

-pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC

-!Cname pbe-WithSHA1And128BitRC2-CBC

-pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC

-!Cname pbe-WithSHA1And40BitRC2-CBC

-pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC

-!Alias pkcs12-Version1 pkcs12 10

-!Alias pkcs12-BagIds pkcs12-Version1 1

-pkcs12-BagIds 1		:			: keyBag

-pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag

-pkcs12-BagIds 3		:			: certBag

-pkcs12-BagIds 4		:			: crlBag

-pkcs12-BagIds 5		:			: secretBag

-pkcs12-BagIds 6		:			: safeContentsBag

-rsadsi 2 2		: MD2			: md2

-rsadsi 2 4		: MD4			: md4

-rsadsi 2 5		: MD5			: md5

-			: MD5-SHA1		: md5-sha1

-rsadsi 2 7		:			: hmacWithSHA1

-rsadsi 3 2		: RC2-CBC		: rc2-cbc

-			: RC2-ECB		: rc2-ecb

-!Cname rc2-cfb64

-			: RC2-CFB		: rc2-cfb

-!Cname rc2-ofb64

-			: RC2-OFB		: rc2-ofb

-			: RC2-40-CBC		: rc2-40-cbc

-			: RC2-64-CBC		: rc2-64-cbc

-rsadsi 3 4		: RC4			: rc4

-			: RC4-40		: rc4-40

-rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc

-rsadsi 3 8		: RC5-CBC		: rc5-cbc

-			: RC5-ECB		: rc5-ecb

-!Cname rc5-cfb64

-			: RC5-CFB		: rc5-cfb

-!Cname rc5-ofb64

-			: RC5-OFB		: rc5-ofb

-!Cname ms-ext-req

-1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request

-!Cname ms-code-ind

-1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing

-!Cname ms-code-com

-1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing

-!Cname ms-ctl-sign

-1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing

-!Cname ms-sgc

-1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto

-!Cname ms-efs

-1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System

-!Cname ms-smartcard-login

-1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin

-!Cname ms-upn

-1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name

-1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc

-			: IDEA-ECB		: idea-ecb

-!Cname idea-cfb64

-			: IDEA-CFB		: idea-cfb

-!Cname idea-ofb64

-			: IDEA-OFB		: idea-ofb

-1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc

-			: BF-ECB		: bf-ecb

-!Cname bf-cfb64

-			: BF-CFB		: bf-cfb

-!Cname bf-ofb64

-			: BF-OFB		: bf-ofb

-!Cname id-pkix

-1 3 6 1 5 5 7		: PKIX

-# PKIX Arcs

-id-pkix 0		: id-pkix-mod

-id-pkix 1		: id-pe

-id-pkix 2		: id-qt

-id-pkix 3		: id-kp

-id-pkix 4		: id-it

-id-pkix 5		: id-pkip

-id-pkix 6		: id-alg

-id-pkix 7		: id-cmc

-id-pkix 8		: id-on

-id-pkix 9		: id-pda

-id-pkix 10		: id-aca

-id-pkix 11		: id-qcs

-id-pkix 12		: id-cct

-id-pkix 21		: id-ppl

-id-pkix 48		: id-ad

-# PKIX Modules

-id-pkix-mod 1		: id-pkix1-explicit-88

-id-pkix-mod 2		: id-pkix1-implicit-88

-id-pkix-mod 3		: id-pkix1-explicit-93

-id-pkix-mod 4		: id-pkix1-implicit-93

-id-pkix-mod 5		: id-mod-crmf

-id-pkix-mod 6		: id-mod-cmc

-id-pkix-mod 7		: id-mod-kea-profile-88

-id-pkix-mod 8		: id-mod-kea-profile-93

-id-pkix-mod 9		: id-mod-cmp

-id-pkix-mod 10		: id-mod-qualified-cert-88

-id-pkix-mod 11		: id-mod-qualified-cert-93

-id-pkix-mod 12		: id-mod-attribute-cert

-id-pkix-mod 13		: id-mod-timestamp-protocol

-id-pkix-mod 14		: id-mod-ocsp

-id-pkix-mod 15		: id-mod-dvcs

-id-pkix-mod 16		: id-mod-cmp2000

-# PKIX Private Extensions

-!Cname info-access

-id-pe 1			: authorityInfoAccess	: Authority Information Access

-id-pe 2			: biometricInfo		: Biometric Info

-id-pe 3			: qcStatements

-id-pe 4			: ac-auditEntity

-id-pe 5			: ac-targeting

-id-pe 6			: aaControls

-id-pe 7			: sbgp-ipAddrBlock

-id-pe 8			: sbgp-autonomousSysNum

-id-pe 9			: sbgp-routerIdentifier

-id-pe 10		: ac-proxying

-!Cname sinfo-access

-id-pe 11		: subjectInfoAccess	: Subject Information Access

-id-pe 14		: proxyCertInfo		: Proxy Certificate Information

-# PKIX policyQualifiers for Internet policy qualifiers

-id-qt 1			: id-qt-cps		: Policy Qualifier CPS

-id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice

-id-qt 3			: textNotice

-# PKIX key purpose identifiers

-!Cname server-auth

-id-kp 1			: serverAuth		: TLS Web Server Authentication

-!Cname client-auth

-id-kp 2			: clientAuth		: TLS Web Client Authentication

-!Cname code-sign

-id-kp 3			: codeSigning		: Code Signing

-!Cname email-protect

-id-kp 4			: emailProtection	: E-mail Protection

-id-kp 5			: ipsecEndSystem	: IPSec End System

-id-kp 6			: ipsecTunnel		: IPSec Tunnel

-id-kp 7			: ipsecUser		: IPSec User

-!Cname time-stamp

-id-kp 8			: timeStamping		: Time Stamping

-# From OCSP spec RFC2560

-!Cname OCSP-sign

-id-kp 9			: OCSPSigning		: OCSP Signing

-id-kp 10		: DVCS			: dvcs

-# CMP information types

-id-it 1			: id-it-caProtEncCert

-id-it 2			: id-it-signKeyPairTypes

-id-it 3			: id-it-encKeyPairTypes

-id-it 4			: id-it-preferredSymmAlg

-id-it 5			: id-it-caKeyUpdateInfo

-id-it 6			: id-it-currentCRL

-id-it 7			: id-it-unsupportedOIDs

-# obsolete

-id-it 8			: id-it-subscriptionRequest

-# obsolete

-id-it 9			: id-it-subscriptionResponse

-id-it 10		: id-it-keyPairParamReq

-id-it 11		: id-it-keyPairParamRep

-id-it 12		: id-it-revPassphrase

-id-it 13		: id-it-implicitConfirm

-id-it 14		: id-it-confirmWaitTime

-id-it 15		: id-it-origPKIMessage

-# CRMF registration

-id-pkip 1		: id-regCtrl

-id-pkip 2		: id-regInfo

-# CRMF registration controls

-id-regCtrl 1		: id-regCtrl-regToken

-id-regCtrl 2		: id-regCtrl-authenticator

-id-regCtrl 3		: id-regCtrl-pkiPublicationInfo

-id-regCtrl 4		: id-regCtrl-pkiArchiveOptions

-id-regCtrl 5		: id-regCtrl-oldCertID

-id-regCtrl 6		: id-regCtrl-protocolEncrKey

-# CRMF registration information

-id-regInfo 1		: id-regInfo-utf8Pairs

-id-regInfo 2		: id-regInfo-certReq

-# algorithms

-id-alg 1		: id-alg-des40

-id-alg 2		: id-alg-noSignature

-id-alg 3		: id-alg-dh-sig-hmac-sha1

-id-alg 4		: id-alg-dh-pop

-# CMC controls

-id-cmc 1		: id-cmc-statusInfo

-id-cmc 2		: id-cmc-identification

-id-cmc 3		: id-cmc-identityProof

-id-cmc 4		: id-cmc-dataReturn

-id-cmc 5		: id-cmc-transactionId

-id-cmc 6		: id-cmc-senderNonce

-id-cmc 7		: id-cmc-recipientNonce

-id-cmc 8		: id-cmc-addExtensions

-id-cmc 9		: id-cmc-encryptedPOP

-id-cmc 10		: id-cmc-decryptedPOP

-id-cmc 11		: id-cmc-lraPOPWitness

-id-cmc 15		: id-cmc-getCert

-id-cmc 16		: id-cmc-getCRL

-id-cmc 17		: id-cmc-revokeRequest

-id-cmc 18		: id-cmc-regInfo

-id-cmc 19		: id-cmc-responseInfo

-id-cmc 21		: id-cmc-queryPending

-id-cmc 22		: id-cmc-popLinkRandom

-id-cmc 23		: id-cmc-popLinkWitness

-id-cmc 24		: id-cmc-confirmCertAcceptance

-# other names

-id-on 1			: id-on-personalData

-# personal data attributes

-id-pda 1		: id-pda-dateOfBirth

-id-pda 2		: id-pda-placeOfBirth

-id-pda 3		: id-pda-gender

-id-pda 4		: id-pda-countryOfCitizenship

-id-pda 5		: id-pda-countryOfResidence

-# attribute certificate attributes

-id-aca 1		: id-aca-authenticationInfo

-id-aca 2		: id-aca-accessIdentity

-id-aca 3		: id-aca-chargingIdentity

-id-aca 4		: id-aca-group

-# attention : the following seems to be obsolete, replace by 'role'

-id-aca 5		: id-aca-role

-id-aca 6		: id-aca-encAttrs

-# qualified certificate statements

-id-qcs 1		: id-qcs-pkixQCSyntax-v1

-# CMC content types

-id-cct 1		: id-cct-crs

-id-cct 2		: id-cct-PKIData

-id-cct 3		: id-cct-PKIResponse

-# Predefined Proxy Certificate policy languages

-id-ppl 0		: id-ppl-anyLanguage	: Any language

-id-ppl 1		: id-ppl-inheritAll	: Inherit all

-id-ppl 2		: id-ppl-independent	: Independent

-# access descriptors for authority info access extension

-!Cname ad-OCSP

-id-ad 1			: OCSP			: OCSP

-!Cname ad-ca-issuers

-id-ad 2			: caIssuers		: CA Issuers

-!Cname ad-timeStamping

-id-ad 3			: ad_timestamping	: AD Time Stamping

-!Cname ad-dvcs

-id-ad 4			: AD_DVCS		: ad dvcs

-!Alias id-pkix-OCSP ad-OCSP

-!module id-pkix-OCSP

-!Cname basic

-id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response

-id-pkix-OCSP 2		: Nonce			: OCSP Nonce

-id-pkix-OCSP 3		: CrlID			: OCSP CRL ID

-id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses

-id-pkix-OCSP 5		: noCheck		: OCSP No Check

-id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff

-id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator

-id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status

-id-pkix-OCSP 9		: valid

-id-pkix-OCSP 10		: path

-id-pkix-OCSP 11		: trustRoot		: Trust Root

-!global

-1 3 14 3 2		: algorithm		: algorithm

-algorithm 3		: RSA-NP-MD5		: md5WithRSA

-algorithm 6		: DES-ECB		: des-ecb

-algorithm 7		: DES-CBC		: des-cbc

-!Cname des-ofb64

-algorithm 8		: DES-OFB		: des-ofb

-!Cname des-cfb64

-algorithm 9		: DES-CFB		: des-cfb

-algorithm 11		: rsaSignature

-!Cname dsa-2

-algorithm 12		: DSA-old		: dsaEncryption-old

-algorithm 13		: DSA-SHA		: dsaWithSHA

-algorithm 15		: RSA-SHA		: shaWithRSAEncryption

-!Cname des-ede-ecb

-algorithm 17		: DES-EDE		: des-ede

-!Cname des-ede3-ecb

-			: DES-EDE3		: des-ede3

-			: DES-EDE-CBC		: des-ede-cbc

-!Cname des-ede-cfb64

-			: DES-EDE-CFB		: des-ede-cfb

-!Cname des-ede3-cfb64

-			: DES-EDE3-CFB		: des-ede3-cfb

-!Cname des-ede-ofb64

-			: DES-EDE-OFB		: des-ede-ofb

-!Cname des-ede3-ofb64

-			: DES-EDE3-OFB		: des-ede3-ofb

-			: DESX-CBC		: desx-cbc

-algorithm 18		: SHA			: sha

-algorithm 26		: SHA1			: sha1

-!Cname dsaWithSHA1-2

-algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old

-algorithm 29		: RSA-SHA1-2		: sha1WithRSA

-1 3 36 3 2 1		: RIPEMD160		: ripemd160

-1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA

-!Cname sxnet

-1 3 101 1 4 1		: SXNetID		: Strong Extranet ID

-2 5			: X500			: directory services (X.500)

-X500 4			: X509

-X509 3			: CN			: commonName

-X509 4			: SN			: surname

-X509 5			: 			: serialNumber

-X509 6			: C			: countryName

-X509 7			: L			: localityName

-X509 8			: ST			: stateOrProvinceName

-X509 9			:			: streetAddress

-X509 10			: O			: organizationName

-X509 11			: OU			: organizationalUnitName

-X509 12			: 			: title

-X509 13			: 			: description

-X509 17			:			: postalCode

-X509 41			: name			: name

-X509 42			: GN			: givenName

-X509 43			: 			: initials

-X509 44			: 			: generationQualifier

-X509 45			: 			: x500UniqueIdentifier

-X509 46			: dnQualifier		: dnQualifier

-X509 65			:			: pseudonym

-X509 72			: role			: role

-X500 8			: X500algorithms	: directory services - algorithms

-X500algorithms 1 1	: RSA			: rsa

-X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA

-X500algorithms 3 101	: MDC2			: mdc2

-X500 29			: id-ce

-!Cname subject-directory-attributes

-id-ce 9			: subjectDirectoryAttributes : X509v3 Subject Directory Attributes

-!Cname subject-key-identifier

-id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier

-!Cname key-usage

-id-ce 15		: keyUsage		: X509v3 Key Usage

-!Cname private-key-usage-period

-id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period

-!Cname subject-alt-name

-id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name

-!Cname issuer-alt-name

-id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name

-!Cname basic-constraints

-id-ce 19		: basicConstraints	: X509v3 Basic Constraints

-!Cname crl-number

-id-ce 20		: crlNumber		: X509v3 CRL Number

-!Cname crl-reason

-id-ce 21		: CRLReason		: X509v3 CRL Reason Code

-!Cname invalidity-date

-id-ce 24		: invalidityDate	: Invalidity Date

-!Cname delta-crl

-id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator

-!Cname issuing-distribution-point

-id-ce 28		: issuingDistributionPoint : X509v3 Issuing Distrubution Point

-!Cname certificate-issuer

-id-ce 29		: certificateIssuer	: X509v3 Certificate Issuer

-!Cname name-constraints

-id-ce 30		: nameConstraints	: X509v3 Name Constraints

-!Cname crl-distribution-points

-id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points

-!Cname certificate-policies

-id-ce 32		: certificatePolicies	: X509v3 Certificate Policies

-!Cname any-policy

-certificate-policies 0	: anyPolicy		: X509v3 Any Policy

-!Cname policy-mappings

-id-ce 33		: policyMappings	: X509v3 Policy Mappings

-!Cname authority-key-identifier

-id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier

-!Cname policy-constraints

-id-ce 36		: policyConstraints	: X509v3 Policy Constraints

-!Cname ext-key-usage

-id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage

-!Cname inhibit-any-policy

-id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy

-!Cname target-information

-id-ce 55		: targetInformation	: X509v3 AC Targeting

-!Cname no-rev-avail

-id-ce 56		: noRevAvail		: X509v3 No Revocation Available

-!Cname netscape

-2 16 840 1 113730	: Netscape		: Netscape Communications Corp.

-!Cname netscape-cert-extension

-netscape 1		: nsCertExt		: Netscape Certificate Extension

-!Cname netscape-data-type

-netscape 2		: nsDataType		: Netscape Data Type

-!Cname netscape-cert-type

-netscape-cert-extension 1 : nsCertType		: Netscape Cert Type

-!Cname netscape-base-url

-netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url

-!Cname netscape-revocation-url

-netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url

-!Cname netscape-ca-revocation-url

-netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url

-!Cname netscape-renewal-url

-netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url

-!Cname netscape-ca-policy-url

-netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url

-!Cname netscape-ssl-server-name

-netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name

-!Cname netscape-comment

-netscape-cert-extension 13 : nsComment		: Netscape Comment

-!Cname netscape-cert-sequence

-netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence

-!Cname ns-sgc

-netscape 4 1		: nsSGC			: Netscape Server Gated Crypto

-# iso(1)

-iso 3			: ORG			: org

-org 6			: DOD			: dod

-dod 1			: IANA			: iana

-!Alias internet iana

-internet 1		: directory		: Directory

-internet 2		: mgmt			: Management

-internet 3		: experimental		: Experimental

-internet 4		: private		: Private

-internet 5		: security		: Security

-internet 6		: snmpv2		: SNMPv2

-# Documents refer to "internet 7" as "mail". This however leads to ambiguities

-# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for

-# rfc822Mailbox. The short name is therefore here left out for a reason.

-# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as

-# references are realized via long name "Mail" (with capital M).

-internet 7		:			: Mail

-Private 1		: enterprises		: Enterprises

-# RFC 2247

-Enterprises 1466 344	: dcobject		: dcObject

-# RFC 1495

-Mail 1			: mime-mhs		: MIME MHS

-mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings

-mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies

-mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message

-mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message

-# What the hell are these OIDs, really?

-!Cname rle-compression

-1 1 1 1 666 1		: RLE			: run length compression

-!Cname zlib-compression

-1 1 1 1 666 2		: ZLIB			: zlib compression

-# AES aka Rijndael

-!Alias csor 2 16 840 1 101 3

-!Alias nistAlgorithms csor 4

-!Alias aes nistAlgorithms 1

-aes 1			: AES-128-ECB		: aes-128-ecb

-aes 2			: AES-128-CBC		: aes-128-cbc

-!Cname aes-128-ofb128

-aes 3			: AES-128-OFB		: aes-128-ofb

-!Cname aes-128-cfb128

-aes 4			: AES-128-CFB		: aes-128-cfb

-aes 21			: AES-192-ECB		: aes-192-ecb

-aes 22			: AES-192-CBC		: aes-192-cbc

-!Cname aes-192-ofb128

-aes 23			: AES-192-OFB		: aes-192-ofb

-!Cname aes-192-cfb128

-aes 24			: AES-192-CFB		: aes-192-cfb

-aes 41			: AES-256-ECB		: aes-256-ecb

-aes 42			: AES-256-CBC		: aes-256-cbc

-!Cname aes-256-ofb128

-aes 43			: AES-256-OFB		: aes-256-ofb

-!Cname aes-256-cfb128

-aes 44			: AES-256-CFB		: aes-256-cfb

-# There are no OIDs for these modes...

-			: AES-128-CFB1		: aes-128-cfb1

-			: AES-192-CFB1		: aes-192-cfb1

-			: AES-256-CFB1		: aes-256-cfb1

-			: AES-128-CFB8		: aes-128-cfb8

-			: AES-192-CFB8		: aes-192-cfb8

-			: AES-256-CFB8		: aes-256-cfb8

-			: DES-CFB1		: des-cfb1

-			: DES-CFB8		: des-cfb8

-			: DES-EDE3-CFB1		: des-ede3-cfb1

-			: DES-EDE3-CFB8		: des-ede3-cfb8

-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.

-!Alias nist_hashalgs nistAlgorithms 2

-nist_hashalgs 1		: SHA256		: sha256

-nist_hashalgs 2		: SHA384		: sha384

-nist_hashalgs 3		: SHA512		: sha512

-nist_hashalgs 4		: SHA224		: sha224

-# Hold instruction CRL entry extension

-!Cname hold-instruction-code

-id-ce 23		: holdInstructionCode	: Hold Instruction Code

-!Alias holdInstruction	X9-57 2

-!Cname hold-instruction-none

-holdInstruction 1	: holdInstructionNone	: Hold Instruction None

-!Cname hold-instruction-call-issuer

-holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer

-!Cname hold-instruction-reject

-holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject

-# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of

-# them are also mentioned in RFC 2247

-itu-t 9			: data

-data 2342		: pss

-pss 19200300		: ucl

-ucl 100			: pilot

-pilot 1			:			: pilotAttributeType

-pilot 3			:			: pilotAttributeSyntax

-pilot 4			:			: pilotObjectClass

-pilot 10		:			: pilotGroups

-pilotAttributeSyntax 4	:			: iA5StringSyntax

-pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax

-pilotObjectClass 3	:			: pilotObject

-pilotObjectClass 4	:			: pilotPerson

-pilotObjectClass 5	: account

-pilotObjectClass 6	: document

-pilotObjectClass 7	: room

-pilotObjectClass 9	:			: documentSeries

-pilotObjectClass 13	: domain		: Domain

-pilotObjectClass 14	:			: rFC822localPart

-pilotObjectClass 15	:			: dNSDomain

-pilotObjectClass 17	:			: domainRelatedObject

-pilotObjectClass 18	:			: friendlyCountry

-pilotObjectClass 19	:			: simpleSecurityObject

-pilotObjectClass 20	:			: pilotOrganization

-pilotObjectClass 21	:			: pilotDSA

-pilotObjectClass 22	:			: qualityLabelledData

-pilotAttributeType 1	: UID			: userId

-pilotAttributeType 2	:			: textEncodedORAddress

-pilotAttributeType 3	: mail			: rfc822Mailbox

-pilotAttributeType 4	: info

-pilotAttributeType 5	:			: favouriteDrink

-pilotAttributeType 6	:			: roomNumber

-pilotAttributeType 7	: photo

-pilotAttributeType 8	:			: userClass

-pilotAttributeType 9	: host

-pilotAttributeType 10	: manager

-pilotAttributeType 11	:			: documentIdentifier

-pilotAttributeType 12	:			: documentTitle

-pilotAttributeType 13	:			: documentVersion

-pilotAttributeType 14	:			: documentAuthor

-pilotAttributeType 15	:			: documentLocation

-pilotAttributeType 20	:			: homeTelephoneNumber

-pilotAttributeType 21	: secretary

-pilotAttributeType 22	:			: otherMailbox

-pilotAttributeType 23	:			: lastModifiedTime

-pilotAttributeType 24	:			: lastModifiedBy

-pilotAttributeType 25	: DC			: domainComponent

-pilotAttributeType 26	:			: aRecord

-pilotAttributeType 27	:			: pilotAttributeType27

-pilotAttributeType 28	:			: mXRecord

-pilotAttributeType 29	:			: nSRecord

-pilotAttributeType 30	:			: sOARecord

-pilotAttributeType 31	:			: cNAMERecord

-pilotAttributeType 37	:			: associatedDomain

-pilotAttributeType 38	:			: associatedName

-pilotAttributeType 39	:			: homePostalAddress

-pilotAttributeType 40	:			: personalTitle

-pilotAttributeType 41	:			: mobileTelephoneNumber

-pilotAttributeType 42	:			: pagerTelephoneNumber

-pilotAttributeType 43	:			: friendlyCountryName

-# The following clashes with 2.5.4.45, so commented away

-#pilotAttributeType 44	: uid			: uniqueIdentifier

-pilotAttributeType 45	:			: organizationalStatus

-pilotAttributeType 46	:			: janetMailbox

-pilotAttributeType 47	:			: mailPreferenceOption

-pilotAttributeType 48	:			: buildingName

-pilotAttributeType 49	:			: dSAQuality

-pilotAttributeType 50	:			: singleLevelQuality

-pilotAttributeType 51	:			: subtreeMinimumQuality

-pilotAttributeType 52	:			: subtreeMaximumQuality

-pilotAttributeType 53	:			: personalSignature

-pilotAttributeType 54	:			: dITRedirect

-pilotAttributeType 55	: audio

-pilotAttributeType 56	:			: documentPublisher

-international-organizations 42	: id-set	: Secure Electronic Transactions

-id-set 0		: set-ctype		: content types

-id-set 1		: set-msgExt		: message extensions

-id-set 3		: set-attr

-id-set 5		: set-policy

-id-set 7		: set-certExt		: certificate extensions

-id-set 8		: set-brand

-set-ctype 0		: setct-PANData

-set-ctype 1		: setct-PANToken

-set-ctype 2		: setct-PANOnly

-set-ctype 3		: setct-OIData

-set-ctype 4		: setct-PI

-set-ctype 5		: setct-PIData

-set-ctype 6		: setct-PIDataUnsigned

-set-ctype 7		: setct-HODInput

-set-ctype 8		: setct-AuthResBaggage

-set-ctype 9		: setct-AuthRevReqBaggage

-set-ctype 10		: setct-AuthRevResBaggage

-set-ctype 11		: setct-CapTokenSeq

-set-ctype 12		: setct-PInitResData

-set-ctype 13		: setct-PI-TBS

-set-ctype 14		: setct-PResData

-set-ctype 16		: setct-AuthReqTBS

-set-ctype 17		: setct-AuthResTBS

-set-ctype 18		: setct-AuthResTBSX

-set-ctype 19		: setct-AuthTokenTBS

-set-ctype 20		: setct-CapTokenData

-set-ctype 21		: setct-CapTokenTBS

-set-ctype 22		: setct-AcqCardCodeMsg

-set-ctype 23		: setct-AuthRevReqTBS

-set-ctype 24		: setct-AuthRevResData

-set-ctype 25		: setct-AuthRevResTBS

-set-ctype 26		: setct-CapReqTBS

-set-ctype 27		: setct-CapReqTBSX

-set-ctype 28		: setct-CapResData

-set-ctype 29		: setct-CapRevReqTBS

-set-ctype 30		: setct-CapRevReqTBSX

-set-ctype 31		: setct-CapRevResData

-set-ctype 32		: setct-CredReqTBS

-set-ctype 33		: setct-CredReqTBSX

-set-ctype 34		: setct-CredResData

-set-ctype 35		: setct-CredRevReqTBS

-set-ctype 36		: setct-CredRevReqTBSX

-set-ctype 37		: setct-CredRevResData

-set-ctype 38		: setct-PCertReqData

-set-ctype 39		: setct-PCertResTBS

-set-ctype 40		: setct-BatchAdminReqData

-set-ctype 41		: setct-BatchAdminResData

-set-ctype 42		: setct-CardCInitResTBS

-set-ctype 43		: setct-MeAqCInitResTBS

-set-ctype 44		: setct-RegFormResTBS

-set-ctype 45		: setct-CertReqData

-set-ctype 46		: setct-CertReqTBS

-set-ctype 47		: setct-CertResData

-set-ctype 48		: setct-CertInqReqTBS

-set-ctype 49		: setct-ErrorTBS

-set-ctype 50		: setct-PIDualSignedTBE

-set-ctype 51		: setct-PIUnsignedTBE

-set-ctype 52		: setct-AuthReqTBE

-set-ctype 53		: setct-AuthResTBE

-set-ctype 54		: setct-AuthResTBEX

-set-ctype 55		: setct-AuthTokenTBE

-set-ctype 56		: setct-CapTokenTBE

-set-ctype 57		: setct-CapTokenTBEX

-set-ctype 58		: setct-AcqCardCodeMsgTBE

-set-ctype 59		: setct-AuthRevReqTBE

-set-ctype 60		: setct-AuthRevResTBE

-set-ctype 61		: setct-AuthRevResTBEB

-set-ctype 62		: setct-CapReqTBE

-set-ctype 63		: setct-CapReqTBEX

-set-ctype 64		: setct-CapResTBE

-set-ctype 65		: setct-CapRevReqTBE

-set-ctype 66		: setct-CapRevReqTBEX

-set-ctype 67		: setct-CapRevResTBE

-set-ctype 68		: setct-CredReqTBE

-set-ctype 69		: setct-CredReqTBEX

-set-ctype 70		: setct-CredResTBE

-set-ctype 71		: setct-CredRevReqTBE

-set-ctype 72		: setct-CredRevReqTBEX

-set-ctype 73		: setct-CredRevResTBE

-set-ctype 74		: setct-BatchAdminReqTBE

-set-ctype 75		: setct-BatchAdminResTBE

-set-ctype 76		: setct-RegFormReqTBE

-set-ctype 77		: setct-CertReqTBE

-set-ctype 78		: setct-CertReqTBEX

-set-ctype 79		: setct-CertResTBE

-set-ctype 80		: setct-CRLNotificationTBS

-set-ctype 81		: setct-CRLNotificationResTBS

-set-ctype 82		: setct-BCIDistributionTBS

-set-msgExt 1		: setext-genCrypt	: generic cryptogram

-set-msgExt 3		: setext-miAuth		: merchant initiated auth

-set-msgExt 4		: setext-pinSecure

-set-msgExt 5		: setext-pinAny

-set-msgExt 7		: setext-track2

-set-msgExt 8		: setext-cv		: additional verification

-set-policy 0		: set-policy-root

-set-certExt 0		: setCext-hashedRoot

-set-certExt 1		: setCext-certType

-set-certExt 2		: setCext-merchData

-set-certExt 3		: setCext-cCertRequired

-set-certExt 4		: setCext-tunneling

-set-certExt 5		: setCext-setExt

-set-certExt 6		: setCext-setQualf

-set-certExt 7		: setCext-PGWYcapabilities

-set-certExt 8		: setCext-TokenIdentifier

-set-certExt 9		: setCext-Track2Data

-set-certExt 10		: setCext-TokenType

-set-certExt 11		: setCext-IssuerCapabilities

-set-attr 0		: setAttr-Cert

-set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities

-set-attr 2		: setAttr-TokenType

-set-attr 3		: setAttr-IssCap	: issuer capabilities

-setAttr-Cert 0		: set-rootKeyThumb

-setAttr-Cert 1		: set-addPolicy

-setAttr-TokenType 1	: setAttr-Token-EMV

-setAttr-TokenType 2	: setAttr-Token-B0Prime

-setAttr-IssCap 3	: setAttr-IssCap-CVM

-setAttr-IssCap 4	: setAttr-IssCap-T2

-setAttr-IssCap 5	: setAttr-IssCap-Sig

-setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram

-setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2

-setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2

-setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature

-setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature

-set-brand 1		: set-brand-IATA-ATA

-set-brand 30		: set-brand-Diners

-set-brand 34		: set-brand-AmericanExpress

-set-brand 35		: set-brand-JCB

-set-brand 4		: set-brand-Visa

-set-brand 5		: set-brand-MasterCard

-set-brand 6011		: set-brand-Novus

-rsadsi 3 10		: DES-CDMF		: des-cdmf

-rsadsi 1 1 6		: rsaOAEPEncryptionSET

-			: Oakley-EC2N-3		: ipsec3

-			: Oakley-EC2N-4		: ipsec4

-# Definitions for Camellia cipher - CBC MODE

-1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc

-1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC		: camellia-192-cbc

-1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC		: camellia-256-cbc

-# Definitions for Camellia cipher - ECB, CFB, OFB MODE

-!Alias ntt-ds 0 3 4401 5

-!Alias camellia ntt-ds 3 1 9

-camellia 1		: CAMELLIA-128-ECB		: camellia-128-ecb

-!Cname camellia-128-ofb128

-camellia 3		: CAMELLIA-128-OFB		: camellia-128-ofb

-!Cname camellia-128-cfb128

-camellia 4		: CAMELLIA-128-CFB		: camellia-128-cfb

-camellia 21		: CAMELLIA-192-ECB		: camellia-192-ecb

-!Cname camellia-192-ofb128

-camellia 23		: CAMELLIA-192-OFB		: camellia-192-ofb

-!Cname camellia-192-cfb128

-camellia 24		: CAMELLIA-192-CFB		: camellia-192-cfb

-camellia 41		: CAMELLIA-256-ECB		: camellia-256-ecb

-!Cname camellia-256-ofb128

-camellia 43		: CAMELLIA-256-OFB		: camellia-256-ofb

-!Cname camellia-256-cfb128

-camellia 44		: CAMELLIA-256-CFB		: camellia-256-cfb

-# There are no OIDs for these modes...

-			: CAMELLIA-128-CFB1		: camellia-128-cfb1

-			: CAMELLIA-192-CFB1		: camellia-192-cfb1

-			: CAMELLIA-256-CFB1		: camellia-256-cfb1

-			: CAMELLIA-128-CFB8		: camellia-128-cfb8

-			: CAMELLIA-192-CFB8		: camellia-192-cfb8

-			: CAMELLIA-256-CFB8		: camellia-256-cfb8

-# Definitions for SEED cipher - ECB, CBC, OFB mode

-member-body 410 200004  : KISA          : kisa

-kisa 1 3                : SEED-ECB      : seed-ecb

-kisa 1 4                : SEED-CBC      : seed-cbc

-!Cname seed-cfb128

-kisa 1 5                : SEED-CFB      : seed-cfb

-!Cname seed-ofb128

-kisa 1 6                : SEED-OFB      : seed-ofb

--- a/sys/src/ape/lib/openssl/crypto/ocsp/Makefile

+++ /dev/null

@@ -1,213 +1,0 @@

-#

-# OpenSSL/ocsp/Makefile

-#

-DIR=	ocsp

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \

-	ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c

-LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \

-	ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o

-SRC= $(LIBSRC)

-EXHEADER= ocsp.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-ocsp_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h

-ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-ocsp_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-ocsp_asn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-ocsp_asn.o: ocsp_asn.c

-ocsp_cl.o: ../../e_os.h ../../include/openssl/asn1.h

-ocsp_cl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h

-ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h

-ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-ocsp_cl.o: ../cryptlib.h ocsp_cl.c

-ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h

-ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-ocsp_err.o: ocsp_err.c

-ocsp_ext.o: ../../e_os.h ../../include/openssl/asn1.h

-ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h

-ocsp_ext.o: ../../include/openssl/opensslconf.h

-ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c

-ocsp_ht.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ocsp_ht.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ocsp_ht.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ocsp_ht.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h

-ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-ocsp_ht.o: ocsp_ht.c

-ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h

-ocsp_lib.o: ../../include/openssl/opensslconf.h

-ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-ocsp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-ocsp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ocsp_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lib.c

-ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h

-ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-ocsp_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-ocsp_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-ocsp_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-ocsp_prn.o: ocsp_prn.c

-ocsp_srv.o: ../../e_os.h ../../include/openssl/asn1.h

-ocsp_srv.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h

-ocsp_srv.o: ../../include/openssl/opensslconf.h

-ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-ocsp_srv.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-ocsp_srv.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ocsp_srv.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_srv.c

-ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h

-ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-ocsp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-ocsp_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-ocsp_vfy.o: ocsp_vfy.c

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp.h

+++ /dev/null

@@ -1,614 +1,0 @@

-/* ocsp.h */

-/* Written by Tom Titchener <[email protected]> for the OpenSSL

- * project. */

-/* History:

-   This file was transfered to Richard Levitte from CertCo by Kathy

-   Weinhold in mid-spring 2000 to be included in OpenSSL or released

-   as a patch kit. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_OCSP_H

-#define HEADER_OCSP_H

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/safestack.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Various flags and values */

-#define OCSP_DEFAULT_NONCE_LENGTH	16

-#define OCSP_NOCERTS			0x1

-#define OCSP_NOINTERN			0x2

-#define OCSP_NOSIGS			0x4

-#define OCSP_NOCHAIN			0x8

-#define OCSP_NOVERIFY			0x10

-#define OCSP_NOEXPLICIT			0x20

-#define OCSP_NOCASIGN			0x40

-#define OCSP_NODELEGATED		0x80

-#define OCSP_NOCHECKS			0x100

-#define OCSP_TRUSTOTHER			0x200

-#define OCSP_RESPID_KEY			0x400

-#define OCSP_NOTIME			0x800

-/*   CertID ::= SEQUENCE {

- *       hashAlgorithm            AlgorithmIdentifier,

- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN

- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)

- *       serialNumber       CertificateSerialNumber }

- */

-typedef struct ocsp_cert_id_st

-	{

-	X509_ALGOR *hashAlgorithm;

-	ASN1_OCTET_STRING *issuerNameHash;

-	ASN1_OCTET_STRING *issuerKeyHash;

-	ASN1_INTEGER *serialNumber;

-	} OCSP_CERTID;

-DECLARE_STACK_OF(OCSP_CERTID)

-/*   Request ::=     SEQUENCE {

- *       reqCert                    CertID,

- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_one_request_st

-	{

-	OCSP_CERTID *reqCert;

-	STACK_OF(X509_EXTENSION) *singleRequestExtensions;

-	} OCSP_ONEREQ;

-DECLARE_STACK_OF(OCSP_ONEREQ)

-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)

-/*   TBSRequest      ::=     SEQUENCE {

- *       version             [0] EXPLICIT Version DEFAULT v1,

- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,

- *       requestList             SEQUENCE OF Request,

- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_req_info_st

-	{

-	ASN1_INTEGER *version;

-	GENERAL_NAME *requestorName;

-	STACK_OF(OCSP_ONEREQ) *requestList;

-	STACK_OF(X509_EXTENSION) *requestExtensions;

-	} OCSP_REQINFO;

-/*   Signature       ::=     SEQUENCE {

- *       signatureAlgorithm   AlgorithmIdentifier,

- *       signature            BIT STRING,

- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

- */

-typedef struct ocsp_signature_st

-	{

-	X509_ALGOR *signatureAlgorithm;

-	ASN1_BIT_STRING *signature;

-	STACK_OF(X509) *certs;

-	} OCSP_SIGNATURE;

-/*   OCSPRequest     ::=     SEQUENCE {

- *       tbsRequest                  TBSRequest,

- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }

- */

-typedef struct ocsp_request_st

-	{

-	OCSP_REQINFO *tbsRequest;

-	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */

-	} OCSP_REQUEST;

-/*   OCSPResponseStatus ::= ENUMERATED {

- *       successful            (0),      --Response has valid confirmations

- *       malformedRequest      (1),      --Illegal confirmation request

- *       internalError         (2),      --Internal error in issuer

- *       tryLater              (3),      --Try again later

- *                                       --(4) is not used

- *       sigRequired           (5),      --Must sign the request

- *       unauthorized          (6)       --Request unauthorized

- *   }

- */

-#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0

-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1

-#define OCSP_RESPONSE_STATUS_INTERNALERROR        2

-#define OCSP_RESPONSE_STATUS_TRYLATER             3

-#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5

-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6

-/*   ResponseBytes ::=       SEQUENCE {

- *       responseType   OBJECT IDENTIFIER,

- *       response       OCTET STRING }

- */

-typedef struct ocsp_resp_bytes_st

-	{

-	ASN1_OBJECT *responseType;

-	ASN1_OCTET_STRING *response;

-	} OCSP_RESPBYTES;

-/*   OCSPResponse ::= SEQUENCE {

- *      responseStatus         OCSPResponseStatus,

- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

- */

-typedef struct ocsp_response_st

-	{

-	ASN1_ENUMERATED *responseStatus;

-	OCSP_RESPBYTES  *responseBytes;

-	} OCSP_RESPONSE;

-/*   ResponderID ::= CHOICE {

- *      byName   [1] Name,

- *      byKey    [2] KeyHash }

- */

-#define V_OCSP_RESPID_NAME 0

-#define V_OCSP_RESPID_KEY  1

-typedef struct ocsp_responder_id_st

-	{

-	int type;

-	union   {

-		X509_NAME* byName;

-        	ASN1_OCTET_STRING *byKey;

-		} value;

-	} OCSP_RESPID;

-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key

- *                            --(excluding the tag and length fields)

- */

-/*   RevokedInfo ::= SEQUENCE {

- *       revocationTime              GeneralizedTime,

- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

- */

-typedef struct ocsp_revoked_info_st

-	{

-	ASN1_GENERALIZEDTIME *revocationTime;

-	ASN1_ENUMERATED *revocationReason;

-	} OCSP_REVOKEDINFO;

-/*   CertStatus ::= CHOICE {

- *       good                [0]     IMPLICIT NULL,

- *       revoked             [1]     IMPLICIT RevokedInfo,

- *       unknown             [2]     IMPLICIT UnknownInfo }

- */

-#define V_OCSP_CERTSTATUS_GOOD    0

-#define V_OCSP_CERTSTATUS_REVOKED 1

-#define V_OCSP_CERTSTATUS_UNKNOWN 2

-typedef struct ocsp_cert_status_st

-	{

-	int type;

-	union	{

-		ASN1_NULL *good;

-		OCSP_REVOKEDINFO *revoked;

-		ASN1_NULL *unknown;

-		} value;

-	} OCSP_CERTSTATUS;

-/*   SingleResponse ::= SEQUENCE {

- *      certID                       CertID,

- *      certStatus                   CertStatus,

- *      thisUpdate                   GeneralizedTime,

- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,

- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_single_response_st

-	{

-	OCSP_CERTID *certId;

-	OCSP_CERTSTATUS *certStatus;

-	ASN1_GENERALIZEDTIME *thisUpdate;

-	ASN1_GENERALIZEDTIME *nextUpdate;

-	STACK_OF(X509_EXTENSION) *singleExtensions;

-	} OCSP_SINGLERESP;

-DECLARE_STACK_OF(OCSP_SINGLERESP)

-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)

-/*   ResponseData ::= SEQUENCE {

- *      version              [0] EXPLICIT Version DEFAULT v1,

- *      responderID              ResponderID,

- *      producedAt               GeneralizedTime,

- *      responses                SEQUENCE OF SingleResponse,

- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }

- */

-typedef struct ocsp_response_data_st

-	{

-	ASN1_INTEGER *version;

-	OCSP_RESPID  *responderId;

-	ASN1_GENERALIZEDTIME *producedAt;

-	STACK_OF(OCSP_SINGLERESP) *responses;

-	STACK_OF(X509_EXTENSION) *responseExtensions;

-	} OCSP_RESPDATA;

-/*   BasicOCSPResponse       ::= SEQUENCE {

- *      tbsResponseData      ResponseData,

- *      signatureAlgorithm   AlgorithmIdentifier,

- *      signature            BIT STRING,

- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

- */

-  /* Note 1:

-     The value for "signature" is specified in the OCSP rfc2560 as follows:

-     "The value for the signature SHALL be computed on the hash of the DER

-     encoding ResponseData."  This means that you must hash the DER-encoded

-     tbsResponseData, and then run it through a crypto-signing function, which

-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems

-     a bit odd, but that's the spec.  Also note that the data structures do not

-     leave anywhere to independently specify the algorithm used for the initial

-     hash. So, we look at the signature-specification algorithm, and try to do

-     something intelligent.	-- Kathy Weinhold, CertCo */

-  /* Note 2:

-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open

-     for interpretation.  I've done tests against another responder, and found

-     that it doesn't do the double hashing that the RFC seems to say one

-     should.  Therefore, all relevant functions take a flag saying which

-     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */

-typedef struct ocsp_basic_response_st

-	{

-	OCSP_RESPDATA *tbsResponseData;

-	X509_ALGOR *signatureAlgorithm;

-	ASN1_BIT_STRING *signature;

-	STACK_OF(X509) *certs;

-	} OCSP_BASICRESP;

-/*

- *   CRLReason ::= ENUMERATED {

- *        unspecified             (0),

- *        keyCompromise           (1),

- *        cACompromise            (2),

- *        affiliationChanged      (3),

- *        superseded              (4),

- *        cessationOfOperation    (5),

- *        certificateHold         (6),

- *        removeFromCRL           (8) }

- */

-#define OCSP_REVOKED_STATUS_NOSTATUS               -1

-#define OCSP_REVOKED_STATUS_UNSPECIFIED             0

-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1

-#define OCSP_REVOKED_STATUS_CACOMPROMISE            2

-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3

-#define OCSP_REVOKED_STATUS_SUPERSEDED              4

-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5

-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6

-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8

-/* CrlID ::= SEQUENCE {

- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,

- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,

- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }

- */

-typedef struct ocsp_crl_id_st

-        {

-	ASN1_IA5STRING *crlUrl;

-	ASN1_INTEGER *crlNum;

-	ASN1_GENERALIZEDTIME *crlTime;

-        } OCSP_CRLID;

-/* ServiceLocator ::= SEQUENCE {

- *      issuer    Name,

- *      locator   AuthorityInfoAccessSyntax OPTIONAL }

- */

-typedef struct ocsp_service_locator_st

-        {

-	X509_NAME* issuer;

-	STACK_OF(ACCESS_DESCRIPTION) *locator;

-        } OCSP_SERVICELOC;

-#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"

-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"

-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)

-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)

-#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \

-     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)

-#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\

-     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)

-#define PEM_write_bio_OCSP_REQUEST(bp,o) \

-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\

-			bp,(char *)o, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \

-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\

-			bp,(char *)o, NULL,NULL,0,NULL,NULL)

-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)

-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)

-#define OCSP_REQUEST_sign(o,pkey,md) \

-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\

-		o->optionalSignature->signatureAlgorithm,NULL,\

-	        o->optionalSignature->signature,o->tbsRequest,pkey,md)

-#define OCSP_BASICRESP_sign(o,pkey,md,d) \

-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\

-		o->signature,o->tbsResponseData,pkey,md)

-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\

-        a->optionalSignature->signatureAlgorithm,\

-	a->optionalSignature->signature,a->tbsRequest,r)

-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\

-	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)

-#define ASN1_BIT_STRING_digest(data,type,md,len) \

-	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)

-#define OCSP_CERTSTATUS_dup(cs)\

-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\

-		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))

-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);

-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);

-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,

-			      X509_NAME *issuerName,

-			      ASN1_BIT_STRING* issuerKey,

-			      ASN1_INTEGER *serialNumber);

-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);

-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);

-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);

-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);

-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);

-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

-int OCSP_request_sign(OCSP_REQUEST   *req,

-		      X509           *signer,

-		      EVP_PKEY       *key,

-		      const EVP_MD   *dgst,

-		      STACK_OF(X509) *certs,

-		      unsigned long flags);

-int OCSP_response_status(OCSP_RESPONSE *resp);

-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);

-int OCSP_resp_count(OCSP_BASICRESP *bs);

-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);

-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);

-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,

-				ASN1_GENERALIZEDTIME **revtime,

-				ASN1_GENERALIZEDTIME **thisupd,

-				ASN1_GENERALIZEDTIME **nextupd);

-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,

-				int *reason,

-				ASN1_GENERALIZEDTIME **revtime,

-				ASN1_GENERALIZEDTIME **thisupd,

-				ASN1_GENERALIZEDTIME **nextupd);

-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

-			ASN1_GENERALIZEDTIME *nextupd,

-			long sec, long maxsec);

-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);

-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);

-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

-int OCSP_request_onereq_count(OCSP_REQUEST *req);

-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);

-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,

-			ASN1_OCTET_STRING **pikeyHash,

-			ASN1_INTEGER **pserial, OCSP_CERTID *cid);

-int OCSP_request_is_signed(OCSP_REQUEST *req);

-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);

-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,

-						OCSP_CERTID *cid,

-						int status, int reason,

-						ASN1_TIME *revtime,

-					ASN1_TIME *thisupd, ASN1_TIME *nextupd);

-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);

-int OCSP_basic_sign(OCSP_BASICRESP *brsp,

-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,

-			STACK_OF(X509) *certs, unsigned long flags);

-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,

-				void *data, STACK_OF(ASN1_OBJECT) *sk);

-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \

-	ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)

-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);

-X509_EXTENSION *OCSP_accept_responses_new(char **oids);

-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);

-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);

-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);

-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);

-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);

-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);

-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);

-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);

-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);

-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);

-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);

-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);

-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);

-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);

-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);

-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);

-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);

-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);

-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);

-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);

-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);

-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);

-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);

-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);

-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);

-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);

-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);

-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,

-							unsigned long flags);

-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);

-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)

-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)

-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)

-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)

-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)

-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)

-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)

-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)

-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)

-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)

-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)

-char *OCSP_response_status_str(long s);

-char *OCSP_cert_status_str(long s);

-char *OCSP_crl_reason_str(long s);

-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);

-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);

-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_OCSP_strings(void);

-/* Error codes for the OCSP functions. */

-/* Function codes. */

-#define OCSP_F_ASN1_STRING_ENCODE			 100

-#define OCSP_F_D2I_OCSP_NONCE				 102

-#define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103

-#define OCSP_F_OCSP_BASIC_SIGN				 104

-#define OCSP_F_OCSP_BASIC_VERIFY			 105

-#define OCSP_F_OCSP_CERT_ID_NEW				 101

-#define OCSP_F_OCSP_CHECK_DELEGATED			 106

-#define OCSP_F_OCSP_CHECK_IDS				 107

-#define OCSP_F_OCSP_CHECK_ISSUER			 108

-#define OCSP_F_OCSP_CHECK_VALIDITY			 115

-#define OCSP_F_OCSP_MATCH_ISSUERID			 109

-#define OCSP_F_OCSP_PARSE_URL				 114

-#define OCSP_F_OCSP_REQUEST_SIGN			 110

-#define OCSP_F_OCSP_REQUEST_VERIFY			 116

-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111

-#define OCSP_F_OCSP_SENDREQ_BIO				 112

-#define OCSP_F_REQUEST_VERIFY				 113

-/* Reason codes. */

-#define OCSP_R_BAD_DATA					 100

-#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101

-#define OCSP_R_DIGEST_ERR				 102

-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122

-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123

-#define OCSP_R_ERROR_PARSING_URL			 121

-#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103

-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124

-#define OCSP_R_NOT_BASIC_RESPONSE			 104

-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105

-#define OCSP_R_NO_CONTENT				 106

-#define OCSP_R_NO_PUBLIC_KEY				 107

-#define OCSP_R_NO_RESPONSE_DATA				 108

-#define OCSP_R_NO_REVOKED_TIME				 109

-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110

-#define OCSP_R_REQUEST_NOT_SIGNED			 128

-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111

-#define OCSP_R_ROOT_CA_NOT_TRUSTED			 112

-#define OCSP_R_SERVER_READ_ERROR			 113

-#define OCSP_R_SERVER_RESPONSE_ERROR			 114

-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115

-#define OCSP_R_SERVER_WRITE_ERROR			 116

-#define OCSP_R_SIGNATURE_FAILURE			 117

-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118

-#define OCSP_R_STATUS_EXPIRED				 125

-#define OCSP_R_STATUS_NOT_YET_VALID			 126

-#define OCSP_R_STATUS_TOO_OLD				 127

-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119

-#define OCSP_R_UNKNOWN_NID				 120

-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_asn.c

+++ /dev/null

@@ -1,182 +1,0 @@

-/* ocsp_asn.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/ocsp.h>

-ASN1_SEQUENCE(OCSP_SIGNATURE) = {

-	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),

-	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),

-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)

-} ASN1_SEQUENCE_END(OCSP_SIGNATURE)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)

-ASN1_SEQUENCE(OCSP_CERTID) = {

-	ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),

-	ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(OCSP_CERTID)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)

-ASN1_SEQUENCE(OCSP_ONEREQ) = {

-	ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),

-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)

-} ASN1_SEQUENCE_END(OCSP_ONEREQ)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)

-ASN1_SEQUENCE(OCSP_REQINFO) = {

-	ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),

-	ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),

-	ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),

-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)

-} ASN1_SEQUENCE_END(OCSP_REQINFO)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)

-ASN1_SEQUENCE(OCSP_REQUEST) = {

-	ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),

-	ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)

-} ASN1_SEQUENCE_END(OCSP_REQUEST)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)

-/* OCSP_RESPONSE templates */

-ASN1_SEQUENCE(OCSP_RESPBYTES) = {

-	    ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),

-	    ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(OCSP_RESPBYTES)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)

-ASN1_SEQUENCE(OCSP_RESPONSE) = {

-	ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),

-	ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)

-} ASN1_SEQUENCE_END(OCSP_RESPONSE)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)

-ASN1_CHOICE(OCSP_RESPID) = {

-	   ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),

-	   ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)

-} ASN1_CHOICE_END(OCSP_RESPID)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)

-ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {

-	ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),

-  	ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)

-} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)

-ASN1_CHOICE(OCSP_CERTSTATUS) = {

-	ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),

-	ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),

-	ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)

-} ASN1_CHOICE_END(OCSP_CERTSTATUS)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)

-ASN1_SEQUENCE(OCSP_SINGLERESP) = {

-	   ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),

-	   ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),

-	   ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),

-	   ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),

-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)

-} ASN1_SEQUENCE_END(OCSP_SINGLERESP)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)

-ASN1_SEQUENCE(OCSP_RESPDATA) = {

-	   ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),

-	   ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),

-	   ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),

-	   ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),

-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)

-} ASN1_SEQUENCE_END(OCSP_RESPDATA)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)

-ASN1_SEQUENCE(OCSP_BASICRESP) = {

-	   ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),

-	   ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),

-	   ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),

-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)

-} ASN1_SEQUENCE_END(OCSP_BASICRESP)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)

-ASN1_SEQUENCE(OCSP_CRLID) = {

-	   ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),

-	   ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),

-	   ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)

-} ASN1_SEQUENCE_END(OCSP_CRLID)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)

-ASN1_SEQUENCE(OCSP_SERVICELOC) = {

-	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),

-	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)

-} ASN1_SEQUENCE_END(OCSP_SERVICELOC)

-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_cl.c

+++ /dev/null

@@ -1,372 +1,0 @@

-/* ocsp_cl.c */

-/* Written by Tom Titchener <[email protected]> for the OpenSSL

- * project. */

-/* History:

-   This file was transfered to Richard Levitte from CertCo by Kathy

-   Weinhold in mid-spring 2000 to be included in OpenSSL or released

-   as a patch kit. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <time.h>

-#include <cryptlib.h>

-#include <openssl/objects.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/x509v3.h>

-#include <openssl/ocsp.h>

-/* Utility functions related to sending OCSP requests and extracting

- * relevant information from the response.

- */

-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ

- * pointer: useful if we want to add extensions.

- */

-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)

-        {

-	OCSP_ONEREQ *one = NULL;

-	if (!(one = OCSP_ONEREQ_new())) goto err;

-	if (one->reqCert) OCSP_CERTID_free(one->reqCert);

-	one->reqCert = cid;

-	if (req &&

-		!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))

-				goto err;

-	return one;

-err:

-	OCSP_ONEREQ_free(one);

-	return NULL;

-        }

-/* Set requestorName from an X509_NAME structure */

-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)

-	{

-	GENERAL_NAME *gen;

-	gen = GENERAL_NAME_new();

-	if (gen == NULL)

-		return 0;

-	if (!X509_NAME_set(&gen->d.directoryName, nm))

-		{

-		GENERAL_NAME_free(gen);

-		return 0;

-		}

-	gen->type = GEN_DIRNAME;

-	if (req->tbsRequest->requestorName)

-		GENERAL_NAME_free(req->tbsRequest->requestorName);

-	req->tbsRequest->requestorName = gen;

-	return 1;

-	}

-/* Add a certificate to an OCSP request */

-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)

-	{

-	OCSP_SIGNATURE *sig;

-	if (!req->optionalSignature)

-		req->optionalSignature = OCSP_SIGNATURE_new();

-	sig = req->optionalSignature;

-	if (!sig) return 0;

-	if (!cert) return 1;

-	if (!sig->certs && !(sig->certs = sk_X509_new_null()))

-		return 0;

-	if(!sk_X509_push(sig->certs, cert)) return 0;

-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);

-	return 1;

-	}

-/* Sign an OCSP request set the requestorName to the subjec

- * name of an optional signers certificate and include one

- * or more optional certificates in the request. Behaves

- * like PKCS7_sign().

- */

-int OCSP_request_sign(OCSP_REQUEST   *req,

-		      X509           *signer,

-		      EVP_PKEY       *key,

-		      const EVP_MD   *dgst,

-		      STACK_OF(X509) *certs,

-		      unsigned long flags)

-        {

-	int i;

-	OCSP_SIGNATURE *sig;

-	X509 *x;

-	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))

-			goto err;

-	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;

-	if (!dgst) dgst = EVP_sha1();

-	if (key)

-		{

-		if (!X509_check_private_key(signer, key))

-			{

-			OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

-			goto err;

-			}

-		if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;

-		}

-	if (!(flags & OCSP_NOCERTS))

-		{

-		if(!OCSP_request_add1_cert(req, signer)) goto err;

-		for (i = 0; i < sk_X509_num(certs); i++)

-			{

-			x = sk_X509_value(certs, i);

-			if (!OCSP_request_add1_cert(req, x)) goto err;

-			}

-		}

-	return 1;

-err:

-	OCSP_SIGNATURE_free(req->optionalSignature);

-	req->optionalSignature = NULL;

-	return 0;

-	}

-/* Get response status */

-int OCSP_response_status(OCSP_RESPONSE *resp)

-	{

-	return ASN1_ENUMERATED_get(resp->responseStatus);

-	}

-/* Extract basic response from OCSP_RESPONSE or NULL if

- * no basic response present.

- */

-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)

-	{

-	OCSP_RESPBYTES *rb;

-	rb = resp->responseBytes;

-	if (!rb)

-		{

-		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);

-		return NULL;

-		}

-	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)

-		{

-		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);

-		return NULL;

-		}

-	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));

-	}

-/* Return number of OCSP_SINGLERESP reponses present in

- * a basic response.

- */

-int OCSP_resp_count(OCSP_BASICRESP *bs)

-	{

-	if (!bs) return -1;

-	return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);

-	}

-/* Extract an OCSP_SINGLERESP response with a given index */

-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)

-	{

-	if (!bs) return NULL;

-	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);

-	}

-/* Look single response matching a given certificate ID */

-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)

-	{

-	int i;

-	STACK_OF(OCSP_SINGLERESP) *sresp;

-	OCSP_SINGLERESP *single;

-	if (!bs) return -1;

-	if (last < 0) last = 0;

-	else last++;

-	sresp = bs->tbsResponseData->responses;

-	for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)

-		{

-		single = sk_OCSP_SINGLERESP_value(sresp, i);

-		if (!OCSP_id_cmp(id, single->certId)) return i;

-		}

-	return -1;

-	}

-/* Extract status information from an OCSP_SINGLERESP structure.

- * Note: the revtime and reason values are only set if the

- * certificate status is revoked. Returns numerical value of

- * status.

- */

-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,

-				ASN1_GENERALIZEDTIME **revtime,

-				ASN1_GENERALIZEDTIME **thisupd,

-				ASN1_GENERALIZEDTIME **nextupd)

-	{

-	int ret;

-	OCSP_CERTSTATUS *cst;

-	if(!single) return -1;

-	cst = single->certStatus;

-	ret = cst->type;

-	if (ret == V_OCSP_CERTSTATUS_REVOKED)

-		{

-		OCSP_REVOKEDINFO *rev = cst->value.revoked;

-		if (revtime) *revtime = rev->revocationTime;

-		if (reason)

-			{

-			if(rev->revocationReason)

-				*reason = ASN1_ENUMERATED_get(rev->revocationReason);

-			else *reason = -1;

-			}

-		}

-	if(thisupd) *thisupd = single->thisUpdate;

-	if(nextupd) *nextupd = single->nextUpdate;

-	return ret;

-	}

-/* This function combines the previous ones: look up a certificate ID and

- * if found extract status information. Return 0 is successful.

- */

-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,

-				int *reason,

-				ASN1_GENERALIZEDTIME **revtime,

-				ASN1_GENERALIZEDTIME **thisupd,

-				ASN1_GENERALIZEDTIME **nextupd)

-	{

-	int i;

-	OCSP_SINGLERESP *single;

-	i = OCSP_resp_find(bs, id, -1);

-	/* Maybe check for multiple responses and give an error? */

-	if(i < 0) return 0;

-	single = OCSP_resp_get0(bs, i);

-	i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);

-	if(status) *status = i;

-	return 1;

-	}

-/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will

- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid

- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.

- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage

- * parameter specifies the maximum age the thisUpdate field can be.

- */

-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)

-	{

-	int ret = 1;

-	time_t t_now, t_tmp;

-	time(&t_now);

-	/* Check thisUpdate is valid and not more than nsec in the future */

-	if (!ASN1_GENERALIZEDTIME_check(thisupd))

-		{

-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);

-		ret = 0;

-		}

-	else

-		{

-			t_tmp = t_now + nsec;

-			if (X509_cmp_time(thisupd, &t_tmp) > 0)

-			{

-			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);

-			ret = 0;

-			}

-		/* If maxsec specified check thisUpdate is not more than maxsec in the past */

-		if (maxsec >= 0)

-			{

-			t_tmp = t_now - maxsec;

-			if (X509_cmp_time(thisupd, &t_tmp) < 0)

-				{

-				OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);

-				ret = 0;

-				}

-			}

-		}

-	if (!nextupd) return ret;

-	/* Check nextUpdate is valid and not more than nsec in the past */

-	if (!ASN1_GENERALIZEDTIME_check(nextupd))

-		{

-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);

-		ret = 0;

-		}

-	else

-		{

-		t_tmp = t_now - nsec;

-		if (X509_cmp_time(nextupd, &t_tmp) < 0)

-			{

-			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);

-			ret = 0;

-			}

-		}

-	/* Also don't allow nextUpdate to precede thisUpdate */

-	if (ASN1_STRING_cmp(nextupd, thisupd) < 0)

-		{

-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);

-		ret = 0;

-		}

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_err.c

+++ /dev/null

@@ -1,140 +1,0 @@

-/* crypto/ocsp/ocsp_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ocsp.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)

-static ERR_STRING_DATA OCSP_str_functs[]=

-	{

-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),	"ASN1_STRING_encode"},

-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),	"D2I_OCSP_NONCE"},

-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),	"OCSP_basic_add1_status"},

-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),	"OCSP_basic_sign"},

-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),	"OCSP_basic_verify"},

-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),	"OCSP_cert_id_new"},

-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED),	"OCSP_CHECK_DELEGATED"},

-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),	"OCSP_CHECK_IDS"},

-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),	"OCSP_CHECK_ISSUER"},

-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),	"OCSP_check_validity"},

-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),	"OCSP_MATCH_ISSUERID"},

-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL),	"OCSP_parse_url"},

-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),	"OCSP_request_sign"},

-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),	"OCSP_request_verify"},

-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),	"OCSP_response_get1_basic"},

-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),	"OCSP_sendreq_bio"},

-{ERR_FUNC(OCSP_F_REQUEST_VERIFY),	"REQUEST_VERIFY"},

-{0,NULL}

-	};

-static ERR_STRING_DATA OCSP_str_reasons[]=

-	{

-{ERR_REASON(OCSP_R_BAD_DATA)             ,"bad data"},

-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},

-{ERR_REASON(OCSP_R_DIGEST_ERR)           ,"digest err"},

-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},

-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},

-{ERR_REASON(OCSP_R_ERROR_PARSING_URL)    ,"error parsing url"},

-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},

-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},

-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE)   ,"not basic response"},

-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},

-{ERR_REASON(OCSP_R_NO_CONTENT)           ,"no content"},

-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY)        ,"no public key"},

-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA)     ,"no response data"},

-{ERR_REASON(OCSP_R_NO_REVOKED_TIME)      ,"no revoked time"},

-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},

-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED)   ,"request not signed"},

-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},

-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED)  ,"root ca not trusted"},

-{ERR_REASON(OCSP_R_SERVER_READ_ERROR)    ,"server read error"},

-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},

-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},

-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR)   ,"server write error"},

-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE)    ,"signature failure"},

-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},

-{ERR_REASON(OCSP_R_STATUS_EXPIRED)       ,"status expired"},

-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},

-{ERR_REASON(OCSP_R_STATUS_TOO_OLD)       ,"status too old"},

-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},

-{ERR_REASON(OCSP_R_UNKNOWN_NID)          ,"unknown nid"},

-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},

-{0,NULL}

-	};

-#endif

-void ERR_load_OCSP_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,OCSP_str_functs);

-		ERR_load_strings(0,OCSP_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_ext.c

+++ /dev/null

@@ -1,545 +1,0 @@

-/* ocsp_ext.c */

-/* Written by Tom Titchener <[email protected]> for the OpenSSL

- * project. */

-/* History:

-   This file was transfered to Richard Levitte from CertCo by Kathy

-   Weinhold in mid-spring 2000 to be included in OpenSSL or released

-   as a patch kit. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <cryptlib.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/ocsp.h>

-#include <openssl/rand.h>

-#include <openssl/x509v3.h>

-/* Standard wrapper functions for extensions */

-/* OCSP request extensions */

-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)

-	{

-	return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));

-	}

-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));

-	}

-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));

-	}

-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));

-	}

-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)

-	{

-	return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));

-	}

-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)

-	{

-	return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));

-	}

-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)

-	{

-	return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);

-	}

-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,

-							unsigned long flags)

-	{

-	return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);

-	}

-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);

-	}

-/* Single extensions */

-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)

-	{

-	return(X509v3_get_ext_count(x->singleRequestExtensions));

-	}

-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));

-	}

-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));

-	}

-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));

-	}

-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)

-	{

-	return(X509v3_get_ext(x->singleRequestExtensions,loc));

-	}

-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)

-	{

-	return(X509v3_delete_ext(x->singleRequestExtensions,loc));

-	}

-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)

-	{

-	return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);

-	}

-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,

-							unsigned long flags)

-	{

-	return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);

-	}

-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);

-	}

-/* OCSP Basic response */

-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)

-	{

-	return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));

-	}

-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));

-	}

-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));

-	}

-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));

-	}

-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)

-	{

-	return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));

-	}

-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)

-	{

-	return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));

-	}

-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)

-	{

-	return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);

-	}

-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,

-							unsigned long flags)

-	{

-	return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);

-	}

-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);

-	}

-/* OCSP single response extensions */

-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)

-	{

-	return(X509v3_get_ext_count(x->singleExtensions));

-	}

-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));

-	}

-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));

-	}

-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));

-	}

-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)

-	{

-	return(X509v3_get_ext(x->singleExtensions,loc));

-	}

-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)

-	{

-	return(X509v3_delete_ext(x->singleExtensions,loc));

-	}

-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)

-	{

-	return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);

-	}

-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,

-							unsigned long flags)

-	{

-	return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);

-	}

-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);

-	}

-/* also CRL Entry Extensions */

-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,

-				void *data, STACK_OF(ASN1_OBJECT) *sk)

-        {

-	int i;

-	unsigned char *p, *b = NULL;

-	if (data)

-	        {

-		if ((i=i2d(data,NULL)) <= 0) goto err;

-		if (!(b=p=OPENSSL_malloc((unsigned int)i)))

-			goto err;

-	        if (i2d(data, &p) <= 0) goto err;

-		}

-	else if (sk)

-	        {

-		if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,

-						   (I2D_OF(ASN1_OBJECT))i2d,

-						   V_ASN1_SEQUENCE,

-						   V_ASN1_UNIVERSAL,

-						   IS_SEQUENCE))<=0) goto err;

-		if (!(b=p=OPENSSL_malloc((unsigned int)i)))

-			goto err;

-		if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,

-						V_ASN1_SEQUENCE,

-						V_ASN1_UNIVERSAL,

-						IS_SEQUENCE)<=0) goto err;

-		}

-	else

-		{

-		OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);

-		goto err;

-		}

-	if (!s && !(s = ASN1_STRING_new())) goto err;

-	if (!(ASN1_STRING_set(s, b, i))) goto err;

-	OPENSSL_free(b);

-	return s;

-err:

-	if (b) OPENSSL_free(b);

-	return NULL;

-	}

-/* Nonce handling functions */

-/* Add a nonce to an extension stack. A nonce can be specificed or if NULL

- * a random nonce will be generated.

- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the

- * nonce, previous versions used the raw nonce.

- */

-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)

-	{

-	unsigned char *tmpval;

-	ASN1_OCTET_STRING os;

-	int ret = 0;

-	if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;

-	/* Create the OCTET STRING manually by writing out the header and

-	 * appending the content octets. This avoids an extra memory allocation

-	 * operation in some cases. Applications should *NOT* do this because

-         * it relies on library internals.

-	 */

-	os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);

-	os.data = OPENSSL_malloc(os.length);

-	if (os.data == NULL)

-		goto err;

-	tmpval = os.data;

-	ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);

-	if (val)

-		memcpy(tmpval, val, len);

-	else

-		RAND_pseudo_bytes(tmpval, len);

-	if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,

-			&os, 0, X509V3_ADD_REPLACE))

-				goto err;

-	ret = 1;

-	err:

-	if (os.data)

-		OPENSSL_free(os.data);

-	return ret;

-	}

-/* Add nonce to an OCSP request */

-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)

-	{

-	return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);

-	}

-/* Same as above but for a response */

-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)

-	{

-	return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);

-	}

-/* Check nonce validity in a request and response.

- * Return value reflects result:

- *  1: nonces present and equal.

- *  2: nonces both absent.

- *  3: nonce present in response only.

- *  0: nonces both present and not equal.

- * -1: nonce in request only.

- *

- *  For most responders clients can check return > 0.

- *  If responder doesn't handle nonces return != 0 may be

- *  necessary. return == 0 is always an error.

- */

-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)

-	{

-	/*

-	 * Since we are only interested in the presence or absence of

-	 * the nonce and comparing its value there is no need to use

-	 * the X509V3 routines: this way we can avoid them allocating an

-	 * ASN1_OCTET_STRING structure for the value which would be

-	 * freed immediately anyway.

-	 */

-	int req_idx, resp_idx;

-	X509_EXTENSION *req_ext, *resp_ext;

-	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);

-	resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);

-	/* Check both absent */

-	if((req_idx < 0) && (resp_idx < 0))

-		return 2;

-	/* Check in request only */

-	if((req_idx >= 0) && (resp_idx < 0))

-		return -1;

-	/* Check in response but not request */

-	if((req_idx < 0) && (resp_idx >= 0))

-		return 3;

-	/* Otherwise nonce in request and response so retrieve the extensions */

-	req_ext = OCSP_REQUEST_get_ext(req, req_idx);

-	resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);

-	if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))

-		return 0;

-	return 1;

-	}

-/* Copy the nonce value (if any) from an OCSP request to

- * a response.

- */

-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)

-	{

-	X509_EXTENSION *req_ext;

-	int req_idx;

-	/* Check for nonce in request */

-	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);

-	/* If no nonce that's OK */

-	if (req_idx < 0) return 2;

-	req_ext = OCSP_REQUEST_get_ext(req, req_idx);

-	return OCSP_BASICRESP_add_ext(resp, req_ext, -1);

-	}

-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)

-        {

-	X509_EXTENSION *x = NULL;

-	OCSP_CRLID *cid = NULL;

-	if (!(cid = OCSP_CRLID_new())) goto err;

-	if (url)

-	        {

-		if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;

-		if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;

-		}

-	if (n)

-	        {

-		if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;

-		if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;

-		}

-	if (tim)

-	        {

-		if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;

-		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))

-		        goto err;

-		}

-	if (!(x = X509_EXTENSION_new())) goto err;

-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;

-	if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,

-				    NULL)))

-	        goto err;

-	OCSP_CRLID_free(cid);

-	return x;

-err:

-	if (x) X509_EXTENSION_free(x);

-	if (cid) OCSP_CRLID_free(cid);

-	return NULL;

-	}

-/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */

-X509_EXTENSION *OCSP_accept_responses_new(char **oids)

-        {

-	int nid;

-	STACK_OF(ASN1_OBJECT) *sk = NULL;

-	ASN1_OBJECT *o = NULL;

-        X509_EXTENSION *x = NULL;

-	if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;

-	while (oids && *oids)

-	        {

-		if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid)))

-		        sk_ASN1_OBJECT_push(sk, o);

-		oids++;

-		}

-	if (!(x = X509_EXTENSION_new())) goto err;

-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))

-		goto err;

-	if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,

-				    sk)))

-	        goto err;

-	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);

-	return x;

-err:

-	if (x) X509_EXTENSION_free(x);

-	if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);

-	return NULL;

-        }

-/*  ArchiveCutoff ::= GeneralizedTime */

-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)

-        {

-	X509_EXTENSION *x=NULL;

-	ASN1_GENERALIZEDTIME *gt = NULL;

-	if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;

-	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;

-	if (!(x = X509_EXTENSION_new())) goto err;

-	if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;

-	if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,

-				    i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;

-	ASN1_GENERALIZEDTIME_free(gt);

-	return x;

-err:

-	if (gt) ASN1_GENERALIZEDTIME_free(gt);

-	if (x) X509_EXTENSION_free(x);

-	return NULL;

-	}

-/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently

- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This

- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.

- */

-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)

-        {

-	X509_EXTENSION *x = NULL;

-	ASN1_IA5STRING *ia5 = NULL;

-	OCSP_SERVICELOC *sloc = NULL;

-	ACCESS_DESCRIPTION *ad = NULL;

-	if (!(sloc = OCSP_SERVICELOC_new())) goto err;

-	if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;

-	if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;

-	while (urls && *urls)

-	        {

-		if (!(ad = ACCESS_DESCRIPTION_new())) goto err;

-		if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;

-		if (!(ad->location = GENERAL_NAME_new())) goto err;

-	        if (!(ia5 = ASN1_IA5STRING_new())) goto err;

-		if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;

-		ad->location->type = GEN_URI;

-		ad->location->d.ia5 = ia5;

-		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;

-		urls++;

-		}

-	if (!(x = X509_EXTENSION_new())) goto err;

-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))

-	        goto err;

-	if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,

-				    i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;

-	OCSP_SERVICELOC_free(sloc);

-	return x;

-err:

-	if (x) X509_EXTENSION_free(x);

-	if (sloc) OCSP_SERVICELOC_free(sloc);

-	return NULL;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_ht.c

+++ /dev/null

@@ -1,173 +1,0 @@

-/* ocsp_ht.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/asn1.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <ctype.h>

-#include <string.h>

-#include <openssl/ocsp.h>

-#include <openssl/err.h>

-#include <openssl/buffer.h>

-#ifdef OPENSSL_SYS_SUNOS

-#define strtoul (unsigned long)strtol

-#endif /* OPENSSL_SYS_SUNOS */

-/* Quick and dirty HTTP OCSP request handler.

- * Could make this a bit cleverer by adding

- * support for non blocking BIOs and a few

- * other refinements.

- */

-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)

-{

-	BIO *mem = NULL;

-	char tmpbuf[1024];

-	OCSP_RESPONSE *resp = NULL;

-	char *p, *q, *r;

-	int len, retcode;

-	static char req_txt[] =

-"POST %s HTTP/1.0\r\n\

-Content-Type: application/ocsp-request\r\n\

-Content-Length: %d\r\n\r\n";

-	len = i2d_OCSP_REQUEST(req, NULL);

-	if(BIO_printf(b, req_txt, path, len) < 0) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);

-		goto err;

-	}

-	if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);

-		goto err;

-	}

-	if(!(mem = BIO_new(BIO_s_mem()))) goto err;

-	/* Copy response to a memory BIO: socket bios can't do gets! */

-	while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {

-		if(len < 0) {

-			OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);

-			goto err;

-		}

-		BIO_write(mem, tmpbuf, len);

-	}

-	if(BIO_gets(mem, tmpbuf, 512) <= 0) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

-		goto err;

-	}

-	/* Parse the HTTP response. This will look like this:

-	 * "HTTP/1.0 200 OK". We need to obtain the numeric code and

-         * (optional) informational message.

-	 */

-	/* Skip to first white space (passed protocol info) */

-	for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;

-	if(!*p) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

-		goto err;

-	}

-	/* Skip past white space to start of response code */

-	while(*p && isspace((unsigned char)*p)) p++;

-	if(!*p) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

-		goto err;

-	}

-	/* Find end of response code: first whitespace after start of code */

-	for(q = p; *q && !isspace((unsigned char)*q); q++) continue;

-	if(!*q) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

-		goto err;

-	}

-	/* Set end of response code and start of message */

-	*q++ = 0;

-	/* Attempt to parse numeric code */

-	retcode = strtoul(p, &r, 10);

-	if(*r) goto err;

-	/* Skip over any leading white space in message */

-	while(*q && isspace((unsigned char)*q))  q++;

-	if(*q) {

-	/* Finally zap any trailing white space in message (include CRLF) */

-	/* We know q has a non white space character so this is OK */

-		for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;

-	}

-	if(retcode != 200) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);

-		if(!*q) {

-			ERR_add_error_data(2, "Code=", p);

-		}

-		else {

-			ERR_add_error_data(4, "Code=", p, ",Reason=", q);

-		}

-		goto err;

-	}

-	/* Find blank line marking beginning of content */

-	while(BIO_gets(mem, tmpbuf, 512) > 0)

-	{

-		for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue;

-		if(!*p) break;

-	}

-	if(*p) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);

-		goto err;

-	}

-	if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {

-		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);

-		goto err;

-	}

-	err:

-	BIO_free(mem);

-	return resp;

-}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_lib.c

+++ /dev/null

@@ -1,262 +1,0 @@

-/* ocsp_lib.c */

-/* Written by Tom Titchener <[email protected]> for the OpenSSL

- * project. */

-/* History:

-   This file was transfered to Richard Levitte from CertCo by Kathy

-   Weinhold in mid-spring 2000 to be included in OpenSSL or released

-   as a patch kit. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <cryptlib.h>

-#include <openssl/objects.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/x509v3.h>

-#include <openssl/ocsp.h>

-/* Convert a certificate and its issuer to an OCSP_CERTID */

-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)

-{

-	X509_NAME *iname;

-	ASN1_INTEGER *serial;

-	ASN1_BIT_STRING *ikey;

-#ifndef OPENSSL_NO_SHA1

-	if(!dgst) dgst = EVP_sha1();

-#endif

-	if (subject)

-		{

-		iname = X509_get_issuer_name(subject);

-		serial = X509_get_serialNumber(subject);

-		}

-	else

-		{

-		iname = X509_get_subject_name(issuer);

-		serial = NULL;

-		}

-	ikey = X509_get0_pubkey_bitstr(issuer);

-	return OCSP_cert_id_new(dgst, iname, ikey, serial);

-}

-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,

-			      X509_NAME *issuerName,

-			      ASN1_BIT_STRING* issuerKey,

-			      ASN1_INTEGER *serialNumber)

-        {

-	int nid;

-        unsigned int i;

-	X509_ALGOR *alg;

-	OCSP_CERTID *cid = NULL;

-	unsigned char md[EVP_MAX_MD_SIZE];

-	if (!(cid = OCSP_CERTID_new())) goto err;

-	alg = cid->hashAlgorithm;

-	if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);

-	if ((nid = EVP_MD_type(dgst)) == NID_undef)

-	        {

-		OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);

-		goto err;

-		}

-	if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;

-	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;

-	alg->parameter->type=V_ASN1_NULL;

-	if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;

-	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;

-	/* Calculate the issuerKey hash, excluding tag and length */

-	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);

-	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;

-	if (serialNumber)

-		{

-		ASN1_INTEGER_free(cid->serialNumber);

-		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;

-		}

-	return cid;

-digerr:

-	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);

-err:

-	if (cid) OCSP_CERTID_free(cid);

-	return NULL;

-	}

-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)

-	{

-	int ret;

-	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);

-	if (ret) return ret;

-	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);

-	if (ret) return ret;

-	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);

-	}

-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)

-	{

-	int ret;

-	ret = OCSP_id_issuer_cmp(a, b);

-	if (ret) return ret;

-	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);

-	}

-/* Parse a URL and split it up into host, port and path components and whether

- * it is SSL.

- */

-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)

-	{

-	char *p, *buf;

-	char *host, *port;

-	/* dup the buffer since we are going to mess with it */

-	buf = BUF_strdup(url);

-	if (!buf) goto mem_err;

-	*phost = NULL;

-	*pport = NULL;

-	*ppath = NULL;

-	/* Check for initial colon */

-	p = strchr(buf, ':');

-	if (!p) goto parse_err;

-	*(p++) = '\0';

-	if (!strcmp(buf, "http"))

-		{

-		*pssl = 0;

-		port = "80";

-		}

-	else if (!strcmp(buf, "https"))

-		{

-		*pssl = 1;

-		port = "443";

-		}

-	else

-		goto parse_err;

-	/* Check for double slash */

-	if ((p[0] != '/') || (p[1] != '/'))

-		goto parse_err;

-	p += 2;

-	host = p;

-	/* Check for trailing part of path */

-	p = strchr(p, '/');

-	if (!p)

-		*ppath = BUF_strdup("/");

-	else

-		{

-		*ppath = BUF_strdup(p);

-		/* Set start of path to 0 so hostname is valid */

-		*p = '\0';

-		}

-	if (!*ppath) goto mem_err;

-	/* Look for optional ':' for port number */

-	if ((p = strchr(host, ':')))

-		{

-		*p = 0;

-		port = p + 1;

-		}

-	else

-		{

-		/* Not found: set default port */

-		if (*pssl) port = "443";

-		else port = "80";

-		}

-	*pport = BUF_strdup(port);

-	if (!*pport) goto mem_err;

-	*phost = BUF_strdup(host);

-	if (!*phost) goto mem_err;

-	OPENSSL_free(buf);

-	return 1;

-	mem_err:

-	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);

-	goto err;

-	parse_err:

-	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);

-	err:

-	if (buf) OPENSSL_free(buf);

-	if (*ppath) OPENSSL_free(*ppath);

-	if (*pport) OPENSSL_free(*pport);

-	if (*phost) OPENSSL_free(*phost);

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_prn.c

+++ /dev/null

@@ -1,291 +1,0 @@

-/* ocsp_prn.c */

-/* Written by Tom Titchener <[email protected]> for the OpenSSL

- * project. */

-/* History:

-   This file was originally part of ocsp.c and was transfered to Richard

-   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included

-   in OpenSSL or released as a patch kit. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/ocsp.h>

-#include <openssl/pem.h>

-static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)

-        {

-	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");

-	indent += 2;

-	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");

-	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);

-	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");

-	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);

-	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");

-	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);

-	BIO_printf(bp, "\n%*sSerial Number: ", indent, "");

-	i2a_ASN1_INTEGER(bp, a->serialNumber);

-	BIO_printf(bp, "\n");

-	return 1;

-	}

-typedef struct

-	{

-	long t;

-	char *m;

-	} OCSP_TBLSTR;

-static char *table2string(long s, OCSP_TBLSTR *ts, int len)

-{

-	OCSP_TBLSTR *p;

-	for (p=ts; p < ts + len; p++)

-	        if (p->t == s)

-		         return p->m;

-	return "(UNKNOWN)";

-}

-char *OCSP_response_status_str(long s)

-        {

-	static OCSP_TBLSTR rstat_tbl[] = {

-	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },

-	        { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },

-	        { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },

-	        { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },

-	        { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },

-	        { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };

-	return table2string(s, rstat_tbl, 6);

-	}

-char *OCSP_cert_status_str(long s)

-        {

-	static OCSP_TBLSTR cstat_tbl[] = {

-	        { V_OCSP_CERTSTATUS_GOOD, "good" },

-	        { V_OCSP_CERTSTATUS_REVOKED, "revoked" },

-	        { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };

-	return table2string(s, cstat_tbl, 3);

-	}

-char *OCSP_crl_reason_str(long s)

-        {

-	OCSP_TBLSTR reason_tbl[] = {

-	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },

-          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },

-          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },

-          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },

-          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },

-          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },

-          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },

-          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };

-	return table2string(s, reason_tbl, 8);

-	}

-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)

-        {

-	int i;

-	long l;

-	OCSP_CERTID* cid = NULL;

-	OCSP_ONEREQ *one = NULL;

-	OCSP_REQINFO *inf = o->tbsRequest;

-	OCSP_SIGNATURE *sig = o->optionalSignature;

-	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;

-	l=ASN1_INTEGER_get(inf->version);

-	if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;

-	if (inf->requestorName != NULL)

-	        {

-		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0)

-		        goto err;

-		GENERAL_NAME_print(bp, inf->requestorName);

-		}

-	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;

-	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)

-	        {

-		one = sk_OCSP_ONEREQ_value(inf->requestList, i);

-		cid = one->reqCert;

-		ocsp_certid_print(bp, cid, 8);

-		if (!X509V3_extensions_print(bp,

-					"Request Single Extensions",

-					one->singleRequestExtensions, flags, 8))

-							goto err;

-		}

-	if (!X509V3_extensions_print(bp, "Request Extensions",

-			inf->requestExtensions, flags, 4))

-							goto err;

-	if (sig)

-	        {

-		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);

-		for (i=0; i<sk_X509_num(sig->certs); i++)

-			{

-			X509_print(bp, sk_X509_value(sig->certs,i));

-			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));

-			}

-		}

-	return 1;

-err:

-	return 0;

-	}

-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)

-        {

-	int i, ret = 0;

-	long l;

-	unsigned char *p;

-	OCSP_CERTID *cid = NULL;

-	OCSP_BASICRESP *br = NULL;

-	OCSP_RESPID *rid = NULL;

-	OCSP_RESPDATA  *rd = NULL;

-	OCSP_CERTSTATUS *cst = NULL;

-	OCSP_REVOKEDINFO *rev = NULL;

-	OCSP_SINGLERESP *single = NULL;

-	OCSP_RESPBYTES *rb = o->responseBytes;

-	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;

-	l=ASN1_ENUMERATED_get(o->responseStatus);

-	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%lx)\n",

-		       OCSP_response_status_str(l), l) <= 0) goto err;

-	if (rb == NULL) return 1;

-        if (BIO_puts(bp,"    Response Type: ") <= 0)

-	        goto err;

-	if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)

-	        goto err;

-	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)

-	        {

-		BIO_puts(bp," (unknown response type)\n");

-		return 1;

-		}

-	p = ASN1_STRING_data(rb->response);

-	i = ASN1_STRING_length(rb->response);

-	if (!(br = OCSP_response_get1_basic(o))) goto err;

-	rd = br->tbsResponseData;

-	l=ASN1_INTEGER_get(rd->version);

-	if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",

-		       l+1,l) <= 0) goto err;

-	if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;

-	rid =  rd->responderId;

-	switch (rid->type)

-		{

-		case V_OCSP_RESPID_NAME:

-		        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);

-		        break;

-		case V_OCSP_RESPID_KEY:

-		        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);

-		        break;

-		}

-	if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;

-	if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;

-	if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;

-	for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)

-	        {

-		if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;

-		single = sk_OCSP_SINGLERESP_value(rd->responses, i);

-		cid = single->certId;

-		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;

-		cst = single->certStatus;

-		if (BIO_printf(bp,"    Cert Status: %s",

-			       OCSP_cert_status_str(cst->type)) <= 0)

-		        goto err;

-		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)

-		        {

-		        rev = cst->value.revoked;

-			if (BIO_printf(bp, "\n    Revocation Time: ") <= 0)

-			        goto err;

-			if (!ASN1_GENERALIZEDTIME_print(bp,

-							rev->revocationTime))

-				goto err;

-			if (rev->revocationReason)

-			        {

-				l=ASN1_ENUMERATED_get(rev->revocationReason);

-				if (BIO_printf(bp,

-					 "\n    Revocation Reason: %s (0x%lx)",

-					       OCSP_crl_reason_str(l), l) <= 0)

-				        goto err;

-				}

-			}

-		if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;

-		if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))

-			goto err;

-		if (single->nextUpdate)

-		        {

-			if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;

-			if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))

-				goto err;

-			}

-		if (!BIO_write(bp,"\n",1)) goto err;

-		if (!X509V3_extensions_print(bp,

-					"Response Single Extensions",

-					single->singleExtensions, flags, 8))

-							goto err;

-		if (!BIO_write(bp,"\n",1)) goto err;

-		}

-	if (!X509V3_extensions_print(bp, "Response Extensions",

-					rd->responseExtensions, flags, 4))

-	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)

-							goto err;

-	for (i=0; i<sk_X509_num(br->certs); i++)

-		{

-		X509_print(bp, sk_X509_value(br->certs,i));

-		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));

-		}

-	ret = 1;

-err:

-	OCSP_BASICRESP_free(br);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_srv.c

+++ /dev/null

@@ -1,264 +1,0 @@

-/* ocsp_srv.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <cryptlib.h>

-#include <openssl/objects.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/x509v3.h>

-#include <openssl/ocsp.h>

-/* Utility functions related to sending OCSP responses and extracting

- * relevant information from the request.

- */

-int OCSP_request_onereq_count(OCSP_REQUEST *req)

-	{

-	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);

-	}

-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)

-	{

-	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);

-	}

-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)

-	{

-	return one->reqCert;

-	}

-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,

-			ASN1_OCTET_STRING **pikeyHash,

-			ASN1_INTEGER **pserial, OCSP_CERTID *cid)

-	{

-	if (!cid) return 0;

-	if (pmd) *pmd = cid->hashAlgorithm->algorithm;

-	if(piNameHash) *piNameHash = cid->issuerNameHash;

-	if (pikeyHash) *pikeyHash = cid->issuerKeyHash;

-	if (pserial) *pserial = cid->serialNumber;

-	return 1;

-	}

-int OCSP_request_is_signed(OCSP_REQUEST *req)

-	{

-	if(req->optionalSignature) return 1;

-	return 0;

-	}

-/* Create an OCSP response and encode an optional basic response */

-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)

-        {

-        OCSP_RESPONSE *rsp = NULL;

-	if (!(rsp = OCSP_RESPONSE_new())) goto err;

-	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;

-	if (!bs) return rsp;

-	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;

-	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);

-	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))

-				goto err;

-	return rsp;

-err:

-	if (rsp) OCSP_RESPONSE_free(rsp);

-	return NULL;

-	}

-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,

-						OCSP_CERTID *cid,

-						int status, int reason,

-						ASN1_TIME *revtime,

-					ASN1_TIME *thisupd, ASN1_TIME *nextupd)

-	{

-	OCSP_SINGLERESP *single = NULL;

-	OCSP_CERTSTATUS *cs;

-	OCSP_REVOKEDINFO *ri;

-	if(!rsp->tbsResponseData->responses &&

-	    !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))

-		goto err;

-	if (!(single = OCSP_SINGLERESP_new()))

-		goto err;

-	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))

-		goto err;

-	if (nextupd &&

-		!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))

-		goto err;

-	OCSP_CERTID_free(single->certId);

-	if(!(single->certId = OCSP_CERTID_dup(cid)))

-		goto err;

-	cs = single->certStatus;

-	switch(cs->type = status)

-		{

-	case V_OCSP_CERTSTATUS_REVOKED:

-		if (!revtime)

-		        {

-		        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);

-			goto err;

-		        }

-		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;

-		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))

-			goto err;

-		if (reason != OCSP_REVOKED_STATUS_NOSTATUS)

-		        {

-			if (!(ri->revocationReason = ASN1_ENUMERATED_new()))

-			        goto err;

-			if (!(ASN1_ENUMERATED_set(ri->revocationReason,

-						  reason)))

-			        goto err;

-			}

-		break;

-	case V_OCSP_CERTSTATUS_GOOD:

-		cs->value.good = ASN1_NULL_new();

-		break;

-	case V_OCSP_CERTSTATUS_UNKNOWN:

-		cs->value.unknown = ASN1_NULL_new();

-		break;

-	default:

-		goto err;

-		}

-	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))

-		goto err;

-	return single;

-err:

-	OCSP_SINGLERESP_free(single);

-	return NULL;

-	}

-/* Add a certificate to an OCSP request */

-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)

-	{

-	if (!resp->certs && !(resp->certs = sk_X509_new_null()))

-		return 0;

-	if(!sk_X509_push(resp->certs, cert)) return 0;

-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);

-	return 1;

-	}

-int OCSP_basic_sign(OCSP_BASICRESP *brsp,

-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,

-			STACK_OF(X509) *certs, unsigned long flags)

-        {

-	int i;

-	OCSP_RESPID *rid;

-	if (!X509_check_private_key(signer, key))

-		{

-		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

-		goto err;

-		}

-	if(!(flags & OCSP_NOCERTS))

-		{

-		if(!OCSP_basic_add1_cert(brsp, signer))

-			goto err;

-		for (i = 0; i < sk_X509_num(certs); i++)

-			{

-			X509 *tmpcert = sk_X509_value(certs, i);

-			if(!OCSP_basic_add1_cert(brsp, tmpcert))

-				goto err;

-			}

-		}

-	rid = brsp->tbsResponseData->responderId;

-	if (flags & OCSP_RESPID_KEY)

-		{

-		unsigned char md[SHA_DIGEST_LENGTH];

-		X509_pubkey_digest(signer, EVP_sha1(), md, NULL);

-		if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))

-			goto err;

-		if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))

-				goto err;

-		rid->type = V_OCSP_RESPID_KEY;

-		}

-	else

-		{

-		if (!X509_NAME_set(&rid->value.byName,

-					X509_get_subject_name(signer)))

-				goto err;

-		rid->type = V_OCSP_RESPID_NAME;

-		}

-	if (!(flags & OCSP_NOTIME) &&

-		!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))

-		goto err;

-	/* Right now, I think that not doing double hashing is the right

-	   thing.	-- Richard Levitte */

-	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;

-	return 1;

-err:

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ocsp/ocsp_vfy.c

+++ /dev/null

@@ -1,444 +1,0 @@

-/* ocsp_vfy.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/ocsp.h>

-#include <openssl/err.h>

-#include <string.h>

-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags);

-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);

-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);

-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);

-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);

-static int ocsp_check_delegated(X509 *x, int flags);

-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags);

-/* Verify a basic response message */

-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags)

-	{

-	X509 *signer, *x;

-	STACK_OF(X509) *chain = NULL;

-	X509_STORE_CTX ctx;

-	int i, ret = 0;

-	ret = ocsp_find_signer(&signer, bs, certs, st, flags);

-	if (!ret)

-		{

-		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

-		goto end;

-		}

-	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))

-		flags |= OCSP_NOVERIFY;

-	if (!(flags & OCSP_NOSIGS))

-		{

-		EVP_PKEY *skey;

-		skey = X509_get_pubkey(signer);

-		ret = OCSP_BASICRESP_verify(bs, skey, 0);

-		EVP_PKEY_free(skey);

-		if(ret <= 0)

-			{

-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);

-			goto end;

-			}

-		}

-	if (!(flags & OCSP_NOVERIFY))

-		{

-		int init_res;

-		if(flags & OCSP_NOCHAIN)

-			init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);

-		else

-			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);

-		if(!init_res)

-			{

-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);

-			goto end;

-			}

-		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);

-		ret = X509_verify_cert(&ctx);

-		chain = X509_STORE_CTX_get1_chain(&ctx);

-		X509_STORE_CTX_cleanup(&ctx);

-                if (ret <= 0)

-			{

-			i = X509_STORE_CTX_get_error(&ctx);

-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);

-			ERR_add_error_data(2, "Verify error:",

-					X509_verify_cert_error_string(i));

-                        goto end;

-                	}

-		if(flags & OCSP_NOCHECKS)

-			{

-			ret = 1;

-			goto end;

-			}

-		/* At this point we have a valid certificate chain

-		 * need to verify it against the OCSP issuer criteria.

-		 */

-		ret = ocsp_check_issuer(bs, chain, flags);

-		/* If fatal error or valid match then finish */

-		if (ret != 0) goto end;

-		/* Easy case: explicitly trusted. Get root CA and

-		 * check for explicit trust

-		 */

-		if(flags & OCSP_NOEXPLICIT) goto end;

-		x = sk_X509_value(chain, sk_X509_num(chain) - 1);

-		if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)

-			{

-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);

-			goto end;

-			}

-		ret = 1;

-		}

-	end:

-	if(chain) sk_X509_pop_free(chain, X509_free);

-	return ret;

-	}

-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags)

-	{

-	X509 *signer;

-	OCSP_RESPID *rid = bs->tbsResponseData->responderId;

-	if ((signer = ocsp_find_signer_sk(certs, rid)))

-		{

-		*psigner = signer;

-		return 2;

-		}

-	if(!(flags & OCSP_NOINTERN) &&

-	    (signer = ocsp_find_signer_sk(bs->certs, rid)))

-		{

-		*psigner = signer;

-		return 1;

-		}

-	/* Maybe lookup from store if by subject name */

-	*psigner = NULL;

-	return 0;

-	}

-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)

-	{

-	int i;

-	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;

-	X509 *x;

-	/* Easy if lookup by name */

-	if (id->type == V_OCSP_RESPID_NAME)

-		return X509_find_by_subject(certs, id->value.byName);

-	/* Lookup by key hash */

-	/* If key hash isn't SHA1 length then forget it */

-	if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;

-	keyhash = id->value.byKey->data;

-	/* Calculate hash of each key and compare */

-	for (i = 0; i < sk_X509_num(certs); i++)

-		{

-		x = sk_X509_value(certs, i);

-		X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);

-		if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))

-			return x;

-		}

-	return NULL;

-	}

-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)

-	{

-	STACK_OF(OCSP_SINGLERESP) *sresp;

-	X509 *signer, *sca;

-	OCSP_CERTID *caid = NULL;

-	int i;

-	sresp = bs->tbsResponseData->responses;

-	if (sk_X509_num(chain) <= 0)

-		{

-		OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);

-		return -1;

-		}

-	/* See if the issuer IDs match. */

-	i = ocsp_check_ids(sresp, &caid);

-	/* If ID mismatch or other error then return */

-	if (i <= 0) return i;

-	signer = sk_X509_value(chain, 0);

-	/* Check to see if OCSP responder CA matches request CA */

-	if (sk_X509_num(chain) > 1)

-		{

-		sca = sk_X509_value(chain, 1);

-		i = ocsp_match_issuerid(sca, caid, sresp);

-		if (i < 0) return i;

-		if (i)

-			{

-			/* We have a match, if extensions OK then success */

-			if (ocsp_check_delegated(signer, flags)) return 1;

-			return 0;

-			}

-		}

-	/* Otherwise check if OCSP request signed directly by request CA */

-	return ocsp_match_issuerid(signer, caid, sresp);

-	}

-/* Check the issuer certificate IDs for equality. If there is a mismatch with the same

- * algorithm then there's no point trying to match any certificates against the issuer.

- * If the issuer IDs all match then we just need to check equality against one of them.

- */

-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)

-	{

-	OCSP_CERTID *tmpid, *cid;

-	int i, idcount;

-	idcount = sk_OCSP_SINGLERESP_num(sresp);

-	if (idcount <= 0)

-		{

-		OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);

-		return -1;

-		}

-	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;

-	*ret = NULL;

-	for (i = 1; i < idcount; i++)

-		{

-		tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;

-		/* Check to see if IDs match */

-		if (OCSP_id_issuer_cmp(cid, tmpid))

-			{

-			/* If algoritm mismatch let caller deal with it */

-			if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,

-					cid->hashAlgorithm->algorithm))

-					return 2;

-			/* Else mismatch */

-			return 0;

-			}

-		}

-	/* All IDs match: only need to check one ID */

-	*ret = cid;

-	return 1;

-	}

-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,

-			STACK_OF(OCSP_SINGLERESP) *sresp)

-	{

-	/* If only one ID to match then do it */

-	if(cid)

-		{

-		const EVP_MD *dgst;

-		X509_NAME *iname;

-		int mdlen;

-		unsigned char md[EVP_MAX_MD_SIZE];

-		if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))

-			{

-			OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);

-			return -1;

-			}

-		mdlen = EVP_MD_size(dgst);

-		if ((cid->issuerNameHash->length != mdlen) ||

-		   (cid->issuerKeyHash->length != mdlen))

-			return 0;

-		iname = X509_get_subject_name(cert);

-		if (!X509_NAME_digest(iname, dgst, md, NULL))

-			return -1;

-		if (memcmp(md, cid->issuerNameHash->data, mdlen))

-			return 0;

-		X509_pubkey_digest(cert, EVP_sha1(), md, NULL);

-		if (memcmp(md, cid->issuerKeyHash->data, mdlen))

-			return 0;

-		return 1;

-		}

-	else

-		{

-		/* We have to match the whole lot */

-		int i, ret;

-		OCSP_CERTID *tmpid;

-		for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)

-			{

-			tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;

-			ret = ocsp_match_issuerid(cert, tmpid, NULL);

-			if (ret <= 0) return ret;

-			}

-		return 1;

-		}

-	}

-static int ocsp_check_delegated(X509 *x, int flags)

-	{

-	X509_check_purpose(x, -1, 0);

-	if ((x->ex_flags & EXFLAG_XKUSAGE) &&

-	    (x->ex_xkusage & XKU_OCSP_SIGN))

-		return 1;

-	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);

-	return 0;

-	}

-/* Verify an OCSP request. This is fortunately much easier than OCSP

- * response verify. Just find the signers certificate and verify it

- * against a given trust value.

- */

-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)

-        {

-	X509 *signer;

-	X509_NAME *nm;

-	GENERAL_NAME *gen;

-	int ret;

-	X509_STORE_CTX ctx;

-	if (!req->optionalSignature)

-		{

-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);

-		return 0;

-		}

-	gen = req->tbsRequest->requestorName;

-	if (!gen || gen->type != GEN_DIRNAME)

-		{

-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);

-		return 0;

-		}

-	nm = gen->d.directoryName;

-	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);

-	if (ret <= 0)

-		{

-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

-		return 0;

-		}

-	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))

-		flags |= OCSP_NOVERIFY;

-	if (!(flags & OCSP_NOSIGS))

-		{

-		EVP_PKEY *skey;

-		skey = X509_get_pubkey(signer);

-		ret = OCSP_REQUEST_verify(req, skey);

-		EVP_PKEY_free(skey);

-		if(ret <= 0)

-			{

-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);

-			return 0;

-			}

-		}

-	if (!(flags & OCSP_NOVERIFY))

-		{

-		int init_res;

-		if(flags & OCSP_NOCHAIN)

-			init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);

-		else

-			init_res = X509_STORE_CTX_init(&ctx, store, signer,

-					req->optionalSignature->certs);

-		if(!init_res)

-			{

-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);

-			return 0;

-			}

-		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);

-		X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);

-		ret = X509_verify_cert(&ctx);

-		X509_STORE_CTX_cleanup(&ctx);

-                if (ret <= 0)

-			{

-			ret = X509_STORE_CTX_get_error(&ctx);

-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);

-			ERR_add_error_data(2, "Verify error:",

-					X509_verify_cert_error_string(ret));

-                        return 0;

-                	}

-		}

-	return 1;

-        }

-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,

-				X509_STORE *st, unsigned long flags)

-	{

-	X509 *signer;

-	if(!(flags & OCSP_NOINTERN))

-		{

-		signer = X509_find_by_subject(req->optionalSignature->certs, nm);

-		*psigner = signer;

-		return 1;

-		}

-	signer = X509_find_by_subject(certs, nm);

-	if (signer)

-		{

-		*psigner = signer;

-		return 2;

-		}

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/opensslconf.h

+++ /dev/null

@@ -1,226 +1,0 @@

-/* opensslconf.h */

-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */

-/* OpenSSL was configured with the following options: */

-#ifndef OPENSSL_DOING_MAKEDEPEND

-#ifndef OPENSSL_NO_CAMELLIA

-# define OPENSSL_NO_CAMELLIA

-#endif

-#ifndef OPENSSL_NO_GMP

-# define OPENSSL_NO_GMP

-#endif

-#ifndef OPENSSL_NO_KRB5

-# define OPENSSL_NO_KRB5

-#endif

-#ifndef OPENSSL_NO_MDC2

-# define OPENSSL_NO_MDC2

-#endif

-#ifndef OPENSSL_NO_RC5

-# define OPENSSL_NO_RC5

-#endif

-#ifndef OPENSSL_NO_RFC3779

-# define OPENSSL_NO_RFC3779

-#endif

-#ifndef OPENSSL_NO_SEED

-# define OPENSSL_NO_SEED

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-# define OPENSSL_NO_TLSEXT

-#endif

-#endif /* OPENSSL_DOING_MAKEDEPEND */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-# define OPENSSL_NO_DYNAMIC_ENGINE

-#endif

-/* The OPENSSL_NO_* macros are also defined as NO_* if the application

-   asks for it.  This is a transient feature that is provided for those

-   who haven't had the time to do the appropriate changes in their

-   applications.  */

-#ifdef OPENSSL_ALGORITHM_DEFINES

-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)

-#  define NO_CAMELLIA

-# endif

-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)

-#  define NO_GMP

-# endif

-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)

-#  define NO_KRB5

-# endif

-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)

-#  define NO_MDC2

-# endif

-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)

-#  define NO_RC5

-# endif

-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)

-#  define NO_RFC3779

-# endif

-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)

-#  define NO_SEED

-# endif

-# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT)

-#  define NO_TLSEXT

-# endif

-#endif

-/* crypto/opensslconf.h.in */

-/* Generate 80386 code? */

-#undef I386_ONLY

-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */

-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)

-#define ENGINESDIR "/usr/local/ssl/lib/engines"

-#define OPENSSLDIR "/usr/local/ssl"

-#endif

-#endif

-#undef OPENSSL_UNISTD

-#define OPENSSL_UNISTD <unistd.h>

-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)

-#define IDEA_INT unsigned int

-#endif

-#if defined(HEADER_MD2_H) && !defined(MD2_INT)

-#define MD2_INT unsigned int

-#endif

-#if defined(HEADER_RC2_H) && !defined(RC2_INT)

-/* I need to put in a mod for the alpha - eay */

-#define RC2_INT unsigned int

-#endif

-#if defined(HEADER_RC4_H)

-#if !defined(RC4_INT)

-/* using int types make the structure larger but make the code faster

- * on most boxes I have tested - up to %20 faster. */

-/*

- * I don't know what does "most" mean, but declaring "int" is a must on:

- * - Intel P6 because partial register stalls are very expensive;

- * - elder Alpha because it lacks byte load/store instructions;

- */

-#define RC4_INT unsigned int

-#endif

-#if !defined(RC4_CHUNK)

-/*

- * This enables code handling data aligned at natural CPU word

- * boundary. See crypto/rc4/rc4_enc.c for further details.

- */

-#undef RC4_CHUNK

-#endif

-#endif

-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

- * %20 speed up (longs are 8 bytes, int's are 4). */

-#ifndef DES_LONG

-#define DES_LONG unsigned long

-#endif

-#endif

-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

-#define CONFIG_HEADER_BN_H

-#undef BN_LLONG

-/* Should we define BN_DIV2W here? */

-/* Only one for the following should be defined */

-/* The prime number generation stuff may not work when

- * EIGHT_BIT but I don't care since I've only used this mode

- * for debuging the bignum libraries */

-#undef SIXTY_FOUR_BIT_LONG

-#undef SIXTY_FOUR_BIT

-#define THIRTY_TWO_BIT

-#undef SIXTEEN_BIT

-#undef EIGHT_BIT

-#endif

-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)

-#define CONFIG_HEADER_RC4_LOCL_H

-/* if this is defined data[i] is used instead of *data, this is a %20

- * speedup on x86 */

-#undef RC4_INDEX

-#endif

-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)

-#define CONFIG_HEADER_BF_LOCL_H

-#undef BF_PTR

-#endif /* HEADER_BF_LOCL_H */

-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)

-#define CONFIG_HEADER_DES_LOCL_H

-#ifndef DES_DEFAULT_OPTIONS

-/* the following is tweaked from a config script, that is why it is a

- * protected undef/define */

-#ifndef DES_PTR

-#undef DES_PTR

-#endif

-/* This helps C compiler generate the correct code for multiple functional

- * units.  It reduces register dependancies at the expense of 2 more

- * registers */

-#ifndef DES_RISC1

-#undef DES_RISC1

-#endif

-#ifndef DES_RISC2

-#undef DES_RISC2

-#endif

-#if defined(DES_RISC1) && defined(DES_RISC2)

-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!

-#endif

-/* Unroll the inner loop, this sometimes helps, sometimes hinders.

- * Very mucy CPU dependant */

-#ifndef DES_UNROLL

-#undef DES_UNROLL

-#endif

-/* These default values were supplied by

- * Peter Gutman <[email protected]>

- * They are only used if nothing else has been defined */

-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)

-/* Special defines which change the way the code is built depending on the

-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find

-   even newer MIPS CPU's, but at the moment one size fits all for

-   optimization options.  Older Sparc's work better with only UNROLL, but

-   there's no way to tell at compile time what it is you're running on */

-#if defined( sun )		/* Newer Sparc's */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#elif defined( __ultrix )	/* Older MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined( __osf1__ )	/* Alpha */

-#  define DES_PTR

-#  define DES_RISC2

-#elif defined ( _AIX )		/* RS6000 */

-  /* Unknown */

-#elif defined( __hpux )		/* HP-PA */

-  /* Unknown */

-#elif defined( __aux )		/* 68K */

-  /* Unknown */

-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */

-#  define DES_UNROLL

-#elif defined( __sgi )		/* Newer MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#endif /* Systems-specific speed defines */

-#endif

-#endif /* DES_DEFAULT_OPTIONS */

-#endif /* HEADER_DES_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/opensslconf.h.in

+++ /dev/null

@@ -1,159 +1,0 @@

-/* crypto/opensslconf.h.in */

-/* Generate 80386 code? */

-#undef I386_ONLY

-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */

-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)

-#define ENGINESDIR "/usr/local/lib/engines"

-#define OPENSSLDIR "/usr/local/ssl"

-#endif

-#endif

-#undef OPENSSL_UNISTD

-#define OPENSSL_UNISTD <unistd.h>

-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION

-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)

-#define IDEA_INT unsigned int

-#endif

-#if defined(HEADER_MD2_H) && !defined(MD2_INT)

-#define MD2_INT unsigned int

-#endif

-#if defined(HEADER_RC2_H) && !defined(RC2_INT)

-/* I need to put in a mod for the alpha - eay */

-#define RC2_INT unsigned int

-#endif

-#if defined(HEADER_RC4_H)

-#if !defined(RC4_INT)

-/* using int types make the structure larger but make the code faster

- * on most boxes I have tested - up to %20 faster. */

-/*

- * I don't know what does "most" mean, but declaring "int" is a must on:

- * - Intel P6 because partial register stalls are very expensive;

- * - elder Alpha because it lacks byte load/store instructions;

- */

-#define RC4_INT unsigned int

-#endif

-#if !defined(RC4_CHUNK)

-/*

- * This enables code handling data aligned at natural CPU word

- * boundary. See crypto/rc4/rc4_enc.c for further details.

- */

-#undef RC4_CHUNK

-#endif

-#endif

-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)

-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a

- * %20 speed up (longs are 8 bytes, int's are 4). */

-#ifndef DES_LONG

-#define DES_LONG unsigned long

-#endif

-#endif

-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)

-#define CONFIG_HEADER_BN_H

-#undef BN_LLONG

-/* Should we define BN_DIV2W here? */

-/* Only one for the following should be defined */

-/* The prime number generation stuff may not work when

- * EIGHT_BIT but I don't care since I've only used this mode

- * for debuging the bignum libraries */

-#undef SIXTY_FOUR_BIT_LONG

-#undef SIXTY_FOUR_BIT

-#define THIRTY_TWO_BIT

-#undef SIXTEEN_BIT

-#undef EIGHT_BIT

-#endif

-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)

-#define CONFIG_HEADER_RC4_LOCL_H

-/* if this is defined data[i] is used instead of *data, this is a %20

- * speedup on x86 */

-#undef RC4_INDEX

-#endif

-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)

-#define CONFIG_HEADER_BF_LOCL_H

-#undef BF_PTR

-#endif /* HEADER_BF_LOCL_H */

-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)

-#define CONFIG_HEADER_DES_LOCL_H

-#ifndef DES_DEFAULT_OPTIONS

-/* the following is tweaked from a config script, that is why it is a

- * protected undef/define */

-#ifndef DES_PTR

-#undef DES_PTR

-#endif

-/* This helps C compiler generate the correct code for multiple functional

- * units.  It reduces register dependancies at the expense of 2 more

- * registers */

-#ifndef DES_RISC1

-#undef DES_RISC1

-#endif

-#ifndef DES_RISC2

-#undef DES_RISC2

-#endif

-#if defined(DES_RISC1) && defined(DES_RISC2)

-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!

-#endif

-/* Unroll the inner loop, this sometimes helps, sometimes hinders.

- * Very mucy CPU dependant */

-#ifndef DES_UNROLL

-#undef DES_UNROLL

-#endif

-/* These default values were supplied by

- * Peter Gutman <[email protected]>

- * They are only used if nothing else has been defined */

-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)

-/* Special defines which change the way the code is built depending on the

-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find

-   even newer MIPS CPU's, but at the moment one size fits all for

-   optimization options.  Older Sparc's work better with only UNROLL, but

-   there's no way to tell at compile time what it is you're running on */

-#if defined( sun )		/* Newer Sparc's */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#elif defined( __ultrix )	/* Older MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined( __osf1__ )	/* Alpha */

-#  define DES_PTR

-#  define DES_RISC2

-#elif defined ( _AIX )		/* RS6000 */

-  /* Unknown */

-#elif defined( __hpux )		/* HP-PA */

-  /* Unknown */

-#elif defined( __aux )		/* 68K */

-  /* Unknown */

-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */

-#  define DES_UNROLL

-#elif defined( __sgi )		/* Newer MIPS */

-#  define DES_PTR

-#  define DES_RISC2

-#  define DES_UNROLL

-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */

-#  define DES_PTR

-#  define DES_RISC1

-#  define DES_UNROLL

-#endif /* Systems-specific speed defines */

-#endif

-#endif /* DES_DEFAULT_OPTIONS */

-#endif /* HEADER_DES_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/opensslv.h

+++ /dev/null

@@ -1,89 +1,0 @@

-#ifndef HEADER_OPENSSLV_H

-#define HEADER_OPENSSLV_H

-/* Numeric release version identifier:

- * MNNFFPPS: major minor fix patch status

- * The status nibble has one of the values 0 for development, 1 to e for betas

- * 1 to 14, and f for release.  The patch level is exactly that.

- * For example:

- * 0.9.3-dev	  0x00903000

- * 0.9.3-beta1	  0x00903001

- * 0.9.3-beta2-dev 0x00903002

- * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)

- * 0.9.3	  0x0090300f

- * 0.9.3a	  0x0090301f

- * 0.9.4	  0x0090400f

- * 1.2.3z	  0x102031af

- *

- * For continuity reasons (because 0.9.5 is already out, and is coded

- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level

- * part is slightly different, by setting the highest bit.  This means

- * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start

- * with 0x0090600S...

- *

- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)

- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for

- *  major minor fix final patch/beta)

- */

-#define OPENSSL_VERSION_NUMBER	0x0090807fL

-#ifdef OPENSSL_FIPS

-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8g-fips 19 Oct 2007"

-#else

-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8g 19 Oct 2007"

-#endif

-#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

-/* The macros below are to be used for shared library (.so, .dll, ...)

- * versioning.  That kind of versioning works a bit differently between

- * operating systems.  The most usual scheme is to set a major and a minor

- * number, and have the runtime loader check that the major number is equal

- * to what it was at application link time, while the minor number has to

- * be greater or equal to what it was at application link time.  With this

- * scheme, the version number is usually part of the file name, like this:

- *

- *	libcrypto.so.0.9

- *

- * Some unixen also make a softlink with the major verson number only:

- *

- *	libcrypto.so.0

- *

- * On Tru64 and IRIX 6.x it works a little bit differently.  There, the

- * shared library version is stored in the file, and is actually a series

- * of versions, separated by colons.  The rightmost version present in the

- * library when linking an application is stored in the application to be

- * matched at run time.  When the application is run, a check is done to

- * see if the library version stored in the application matches any of the

- * versions in the version string of the library itself.

- * This version string can be constructed in any way, depending on what

- * kind of matching is desired.  However, to implement the same scheme as

- * the one used in the other unixen, all compatible versions, from lowest

- * to highest, should be part of the string.  Consecutive builds would

- * give the following versions strings:

- *

- *	3.0

- *	3.0:3.1

- *	3.0:3.1:3.2

- *	4.0

- *	4.0:4.1

- *

- * Notice how version 4 is completely incompatible with version, and

- * therefore give the breach you can see.

- *

- * There may be other schemes as well that I haven't yet discovered.

- *

- * So, here's the way it works here: first of all, the library version

- * number doesn't need at all to match the overall OpenSSL version.

- * However, it's nice and more understandable if it actually does.

- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,

- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).

- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,

- * we need to keep a history of version numbers, which is done in the

- * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and

- * should only keep the versions that are binary compatible with the current.

- */

-#define SHLIB_VERSION_HISTORY ""

-#define SHLIB_VERSION_NUMBER "0.9.8"

-#endif /* HEADER_OPENSSLV_H */

--- a/sys/src/ape/lib/openssl/crypto/ossl_typ.h

+++ /dev/null

@@ -1,174 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_OPENSSL_TYPES_H

-#define HEADER_OPENSSL_TYPES_H

-#include <openssl/e_os2.h>

-#ifdef NO_ASN1_TYPEDEFS

-#define ASN1_INTEGER		ASN1_STRING

-#define ASN1_ENUMERATED		ASN1_STRING

-#define ASN1_BIT_STRING		ASN1_STRING

-#define ASN1_OCTET_STRING	ASN1_STRING

-#define ASN1_PRINTABLESTRING	ASN1_STRING

-#define ASN1_T61STRING		ASN1_STRING

-#define ASN1_IA5STRING		ASN1_STRING

-#define ASN1_UTCTIME		ASN1_STRING

-#define ASN1_GENERALIZEDTIME	ASN1_STRING

-#define ASN1_TIME		ASN1_STRING

-#define ASN1_GENERALSTRING	ASN1_STRING

-#define ASN1_UNIVERSALSTRING	ASN1_STRING

-#define ASN1_BMPSTRING		ASN1_STRING

-#define ASN1_VISIBLESTRING	ASN1_STRING

-#define ASN1_UTF8STRING		ASN1_STRING

-#define ASN1_BOOLEAN		int

-#define ASN1_NULL		int

-#else

-typedef struct asn1_string_st ASN1_INTEGER;

-typedef struct asn1_string_st ASN1_ENUMERATED;

-typedef struct asn1_string_st ASN1_BIT_STRING;

-typedef struct asn1_string_st ASN1_OCTET_STRING;

-typedef struct asn1_string_st ASN1_PRINTABLESTRING;

-typedef struct asn1_string_st ASN1_T61STRING;

-typedef struct asn1_string_st ASN1_IA5STRING;

-typedef struct asn1_string_st ASN1_GENERALSTRING;

-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;

-typedef struct asn1_string_st ASN1_BMPSTRING;

-typedef struct asn1_string_st ASN1_UTCTIME;

-typedef struct asn1_string_st ASN1_TIME;

-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;

-typedef struct asn1_string_st ASN1_VISIBLESTRING;

-typedef struct asn1_string_st ASN1_UTF8STRING;

-typedef int ASN1_BOOLEAN;

-typedef int ASN1_NULL;

-#endif

-#ifdef OPENSSL_SYS_WIN32

-#undef X509_NAME

-#undef X509_CERT_PAIR

-#undef PKCS7_ISSUER_AND_SERIAL

-#endif

-#ifdef BIGNUM

-#undef BIGNUM

-#endif

-typedef struct bignum_st BIGNUM;

-typedef struct bignum_ctx BN_CTX;

-typedef struct bn_blinding_st BN_BLINDING;

-typedef struct bn_mont_ctx_st BN_MONT_CTX;

-typedef struct bn_recp_ctx_st BN_RECP_CTX;

-typedef struct bn_gencb_st BN_GENCB;

-typedef struct buf_mem_st BUF_MEM;

-typedef struct evp_cipher_st EVP_CIPHER;

-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;

-typedef struct env_md_st EVP_MD;

-typedef struct env_md_ctx_st EVP_MD_CTX;

-typedef struct evp_pkey_st EVP_PKEY;

-typedef struct dh_st DH;

-typedef struct dh_method DH_METHOD;

-typedef struct dsa_st DSA;

-typedef struct dsa_method DSA_METHOD;

-typedef struct rsa_st RSA;

-typedef struct rsa_meth_st RSA_METHOD;

-typedef struct rand_meth_st RAND_METHOD;

-typedef struct ecdh_method ECDH_METHOD;

-typedef struct ecdsa_method ECDSA_METHOD;

-typedef struct x509_st X509;

-typedef struct X509_algor_st X509_ALGOR;

-typedef struct X509_crl_st X509_CRL;

-typedef struct X509_name_st X509_NAME;

-typedef struct x509_store_st X509_STORE;

-typedef struct x509_store_ctx_st X509_STORE_CTX;

-typedef struct v3_ext_ctx X509V3_CTX;

-typedef struct conf_st CONF;

-typedef struct store_st STORE;

-typedef struct store_method_st STORE_METHOD;

-typedef struct ui_st UI;

-typedef struct ui_method_st UI_METHOD;

-typedef struct st_ERR_FNS ERR_FNS;

-typedef struct engine_st ENGINE;

-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;

-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;

-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;

-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;

-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */

-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */

-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */

-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;

-/* Callback types for crypto.h */

-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,

-					int idx, long argl, void *argp);

-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,

-					int idx, long argl, void *argp);

-#endif /* def HEADER_OPENSSL_TYPES_H */

--- a/sys/src/ape/lib/openssl/crypto/pem/Makefile

+++ /dev/null

@@ -1,241 +1,0 @@

-#

-# OpenSSL/crypto/pem/Makefile

-#

-DIR=	pem

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \

-	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c

-LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \

-	pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o

-SRC= $(LIBSRC)

-EXHEADER= pem.h pem2.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links: $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-pem_all.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

-pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h

-pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c

-pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c

-pem_info.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h

-pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pem_info.o: ../cryptlib.h pem_info.c

-pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

-pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

-pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h

-pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pem_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

-pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pem_lib.o: ../cryptlib.h pem_lib.c

-pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h

-pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c

-pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h

-pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pem_pk8.o: ../cryptlib.h pem_pk8.c

-pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_pkey.o: ../../include/openssl/opensslconf.h

-pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c

-pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_seal.o: ../../include/openssl/opensslconf.h

-pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c

-pem_sign.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_sign.o: ../../include/openssl/opensslconf.h

-pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pem_sign.o: ../cryptlib.h pem_sign.c

-pem_x509.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_x509.o: ../../include/openssl/opensslconf.h

-pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pem_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_x509.c

-pem_xaux.o: ../../e_os.h ../../include/openssl/asn1.h

-pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pem_xaux.o: ../../include/openssl/opensslconf.h

-pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c

--- a/sys/src/ape/lib/openssl/crypto/pem/message

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN PRIVACY-ENHANCED MESSAGE-----

-Proc-Type: 4,ENCRYPTED

-Proc-Type: 4,MIC-ONLY

-Proc-Type: 4,MIC-CLEAR

-Content-Domain: RFC822

-DEK-Info: DES-CBC,0123456789abcdef

-Originator-Certificate

- xxxx

-Issuer-Certificate

- xxxx

-MIC-Info: RSA-MD5,RSA,

- xxxx

------END PRIVACY-ENHANCED MESSAGE-----

--- a/sys/src/ape/lib/openssl/crypto/pem/pem.h

+++ /dev/null

@@ -1,776 +1,0 @@

-/* crypto/pem/pem.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_PEM_H

-#define HEADER_PEM_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifndef OPENSSL_NO_STACK

-#include <openssl/stack.h>

-#endif

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem2.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define PEM_BUFSIZE		1024

-#define PEM_OBJ_UNDEF		0

-#define PEM_OBJ_X509		1

-#define PEM_OBJ_X509_REQ	2

-#define PEM_OBJ_CRL		3

-#define PEM_OBJ_SSL_SESSION	4

-#define PEM_OBJ_PRIV_KEY	10

-#define PEM_OBJ_PRIV_RSA	11

-#define PEM_OBJ_PRIV_DSA	12

-#define PEM_OBJ_PRIV_DH		13

-#define PEM_OBJ_PUB_RSA		14

-#define PEM_OBJ_PUB_DSA		15

-#define PEM_OBJ_PUB_DH		16

-#define PEM_OBJ_DHPARAMS	17

-#define PEM_OBJ_DSAPARAMS	18

-#define PEM_OBJ_PRIV_RSA_PUBLIC	19

-#define PEM_OBJ_PRIV_ECDSA	20

-#define PEM_OBJ_PUB_ECDSA	21

-#define PEM_OBJ_ECPARAMETERS	22

-#define PEM_ERROR		30

-#define PEM_DEK_DES_CBC         40

-#define PEM_DEK_IDEA_CBC        45

-#define PEM_DEK_DES_EDE         50

-#define PEM_DEK_DES_ECB         60

-#define PEM_DEK_RSA             70

-#define PEM_DEK_RSA_MD2         80

-#define PEM_DEK_RSA_MD5         90

-#define PEM_MD_MD2		NID_md2

-#define PEM_MD_MD5		NID_md5

-#define PEM_MD_SHA		NID_sha

-#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption

-#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption

-#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption

-#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"

-#define PEM_STRING_X509		"CERTIFICATE"

-#define PEM_STRING_X509_PAIR	"CERTIFICATE PAIR"

-#define PEM_STRING_X509_TRUSTED	"TRUSTED CERTIFICATE"

-#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"

-#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"

-#define PEM_STRING_X509_CRL	"X509 CRL"

-#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"

-#define PEM_STRING_PUBLIC	"PUBLIC KEY"

-#define PEM_STRING_RSA		"RSA PRIVATE KEY"

-#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"

-#define PEM_STRING_DSA		"DSA PRIVATE KEY"

-#define PEM_STRING_DSA_PUBLIC	"DSA PUBLIC KEY"

-#define PEM_STRING_PKCS7	"PKCS7"

-#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"

-#define PEM_STRING_PKCS8INF	"PRIVATE KEY"

-#define PEM_STRING_DHPARAMS	"DH PARAMETERS"

-#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"

-#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"

-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"

-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"

-#define PEM_STRING_ECPRIVATEKEY	"EC PRIVATE KEY"

-  /* Note that this structure is initialised by PEM_SealInit and cleaned up

-     by PEM_SealFinal (at least for now) */

-typedef struct PEM_Encode_Seal_st

-	{

-	EVP_ENCODE_CTX encode;

-	EVP_MD_CTX md;

-	EVP_CIPHER_CTX cipher;

-	} PEM_ENCODE_SEAL_CTX;

-/* enc_type is one off */

-#define PEM_TYPE_ENCRYPTED      10

-#define PEM_TYPE_MIC_ONLY       20

-#define PEM_TYPE_MIC_CLEAR      30

-#define PEM_TYPE_CLEAR		40

-typedef struct pem_recip_st

-	{

-	char *name;

-	X509_NAME *dn;

-	int cipher;

-	int key_enc;

-	/*	char iv[8]; unused and wrong size */

-	} PEM_USER;

-typedef struct pem_ctx_st

-	{

-	int type;		/* what type of object */

-	struct	{

-		int version;

-		int mode;

-		} proc_type;

-	char *domain;

-	struct	{

-		int cipher;

-	/* unused, and wrong size

-	   unsigned char iv[8]; */

-		} DEK_info;

-	PEM_USER *originator;

-	int num_recipient;

-	PEM_USER **recipient;

-#ifndef OPENSSL_NO_STACK

-	STACK *x509_chain;	/* certificate chain */

-#else

-	char *x509_chain;	/* certificate chain */

-#endif

-	EVP_MD *md;		/* signature type */

-	int md_enc;		/* is the md encrypted or not? */

-	int md_len;		/* length of md_data */

-	char *md_data;		/* message digest, could be pkey encrypted */

-	EVP_CIPHER *dec;	/* date encryption cipher */

-	int key_len;		/* key length */

-	unsigned char *key;	/* key */

-	/* unused, and wrong size

-	   unsigned char iv[8]; */

-	int  data_enc;		/* is the data encrypted */

-	int data_len;

-	unsigned char *data;

-	} PEM_CTX;

-/* These macros make the PEM_read/PEM_write functions easier to maintain and

- * write. Now they are all implemented with either:

- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)

- */

-#ifdef OPENSSL_NO_FP_API

-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/

-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/

-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/

-#else

-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \

-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\

-{ \

-    return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \

-				str, fp, \

-				CHECKED_PPTR_OF(type, x), \

-				cb, u); \

-}

-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, type *x) \

-{ \

-    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \

-			  str, fp, \

-			  CHECKED_PTR_OF(type, x), \

-			  NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, const type *x) \

-{ \

-    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \

-			  str, fp, \

-			  CHECKED_PTR_OF(const type, x), \

-			  NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, \

-		  void *u) \

-	{ \

-	    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \

-				  str, fp, \

-				  CHECKED_PTR_OF(type, x), \

-				  enc, kstr, klen, cb, u); \

-	}

-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \

-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, \

-		  void *u) \

-	{ \

-	    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \

-				  str, fp, \

-				  CHECKED_PTR_OF(const type, x), \

-				  enc, kstr, klen, cb, u); \

-	}

-#endif

-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \

-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\

-{ \

-    return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \

-				    str, bp, \

-				    CHECKED_PPTR_OF(type, x), \

-				    cb, u); \

-}

-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, type *x) \

-{ \

-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \

-			      str, bp, \

-			      CHECKED_PTR_OF(type, x), \

-			      NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, const type *x) \

-{ \

-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \

-			      str, bp, \

-			      CHECKED_PTR_OF(const type, x), \

-			      NULL, NULL, 0, NULL, NULL); \

-}

-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \

-	{ \

-	    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \

-				      str, bp, \

-				      CHECKED_PTR_OF(type, x), \

-				      enc, kstr, klen, cb, u); \

-	}

-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \

-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \

-	{ \

-	    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \

-				      str, bp, \

-				      CHECKED_PTR_OF(const type, x), \

-				      enc, kstr, klen, cb, u); \

-	}

-#define IMPLEMENT_PEM_write(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_fp(name, type, str, asn1)

-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)

-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)

-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)

-#define IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \

-	IMPLEMENT_PEM_read_fp(name, type, str, asn1)

-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \

-	IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_write(name, type, str, asn1)

-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \

-	IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_const(name, type, str, asn1)

-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \

-	IMPLEMENT_PEM_read(name, type, str, asn1) \

-	IMPLEMENT_PEM_write_cb(name, type, str, asn1)

-/* These are the same except they are for the declarations */

-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)

-#define DECLARE_PEM_read_fp(name, type) /**/

-#define DECLARE_PEM_write_fp(name, type) /**/

-#define DECLARE_PEM_write_cb_fp(name, type) /**/

-#else

-#define DECLARE_PEM_read_fp(name, type) \

-	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);

-#define DECLARE_PEM_write_fp(name, type) \

-	int PEM_write_##name(FILE *fp, type *x);

-#define DECLARE_PEM_write_fp_const(name, type) \

-	int PEM_write_##name(FILE *fp, const type *x);

-#define DECLARE_PEM_write_cb_fp(name, type) \

-	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);

-#endif

-#ifndef OPENSSL_NO_BIO

-#define DECLARE_PEM_read_bio(name, type) \

-	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);

-#define DECLARE_PEM_write_bio(name, type) \

-	int PEM_write_bio_##name(BIO *bp, type *x);

-#define DECLARE_PEM_write_bio_const(name, type) \

-	int PEM_write_bio_##name(BIO *bp, const type *x);

-#define DECLARE_PEM_write_cb_bio(name, type) \

-	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);

-#else

-#define DECLARE_PEM_read_bio(name, type) /**/

-#define DECLARE_PEM_write_bio(name, type) /**/

-#define DECLARE_PEM_write_cb_bio(name, type) /**/

-#endif

-#define DECLARE_PEM_write(name, type) \

-	DECLARE_PEM_write_bio(name, type) \

-	DECLARE_PEM_write_fp(name, type)

-#define DECLARE_PEM_write_const(name, type) \

-	DECLARE_PEM_write_bio_const(name, type) \

-	DECLARE_PEM_write_fp_const(name, type)

-#define DECLARE_PEM_write_cb(name, type) \

-	DECLARE_PEM_write_cb_bio(name, type) \

-	DECLARE_PEM_write_cb_fp(name, type)

-#define DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_read_bio(name, type) \

-	DECLARE_PEM_read_fp(name, type)

-#define DECLARE_PEM_rw(name, type) \

-	DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_write(name, type)

-#define DECLARE_PEM_rw_const(name, type) \

-	DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_write_const(name, type)

-#define DECLARE_PEM_rw_cb(name, type) \

-	DECLARE_PEM_read(name, type) \

-	DECLARE_PEM_write_cb(name, type)

-#ifdef SSLEAY_MACROS

-#define PEM_write_SSL_SESSION(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \

-			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_X509(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \

-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \

-			NULL,NULL,0,NULL,NULL)

-#define PEM_write_X509_CRL(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \

-			fp,(char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\

-			(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_RSAPublicKey(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\

-			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\

-			(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write((int (*)())i2d_PrivateKey,\

-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define PEM_write_PKCS7(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_DHparams(fp,x) \

-		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\

-			(char *)x,NULL,NULL,0,NULL,NULL)

-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \

-                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \

-			PEM_STRING_X509,fp, \

-                        (char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \

-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)

-#define	PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \

-	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)

-#define	PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \

-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)

-#define	PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \

-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)

-#define	PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \

-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)

-#define	PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \

-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)

-#define	PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \

-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)

-#define	PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \

-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)

-#define	PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \

-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)

-#define	PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \

-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)

-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \

-		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \

-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\

-							(char **)x,cb,u)

-#define PEM_write_bio_X509(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \

-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \

-			NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_X509_CRL(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\

-			bp,(char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_bio_RSAPublicKey(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \

-			PEM_STRING_RSA_PUBLIC,\

-			bp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \

-		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\

-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\

-			bp,(char *)x,enc,kstr,klen,cb,u)

-#define PEM_write_bio_PKCS7(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \

-			(char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_DHparams(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\

-			bp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_DSAparams(bp,x) \

-		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \

-			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \

-                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \

-			PEM_STRING_X509,bp, \

-                        (char *)x, NULL,NULL,0,NULL,NULL)

-#define	PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)

-#define	PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)

-#define	PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)

-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)

-#define	PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)

-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)

-#define	PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)

-#define	PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)

-#define	PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)

-#define	PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \

-	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)

-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \

-		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \

-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\

-							(char **)x,cb,u)

-#endif

-#if 1

-/* "userdata": new with OpenSSL 0.9.4 */

-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);

-#else

-/* OpenSSL 0.9.3, 0.9.3a */

-typedef int pem_password_cb(char *buf, int size, int rwflag);

-#endif

-int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);

-int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,

-	pem_password_cb *callback,void *u);

-#ifndef OPENSSL_NO_BIO

-int	PEM_read_bio(BIO *bp, char **name, char **header,

-		unsigned char **data,long *len);

-int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,

-		long len);

-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,

-	     pem_password_cb *cb, void *u);

-void *	PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,

-			  void **x, pem_password_cb *cb, void *u);

-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \

-    ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \

-			      name, bp,			\

-			      CHECKED_PPTR_OF(type, x), \

-			      cb, u))

-int	PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,

-			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,

-			   pem_password_cb *cb, void *u);

-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \

-    (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \

-			name, bp,		   \

-			CHECKED_PTR_OF(type, x), \

-			enc, kstr, klen, cb, u))

-STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);

-int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,

-		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);

-#endif

-#ifndef OPENSSL_SYS_WIN16

-int	PEM_read(FILE *fp, char **name, char **header,

-		unsigned char **data,long *len);

-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);

-void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,

-		      pem_password_cb *cb, void *u);

-int	PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,

-		       char *x,const EVP_CIPHER *enc,unsigned char *kstr,

-		       int klen,pem_password_cb *callback, void *u);

-STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,

-	pem_password_cb *cb, void *u);

-#endif

-int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,

-		EVP_MD *md_type, unsigned char **ek, int *ekl,

-		unsigned char *iv, EVP_PKEY **pubk, int npubk);

-void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,

-		unsigned char *in, int inl);

-int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,

-		unsigned char *out, int *outl, EVP_PKEY *priv);

-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);

-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);

-int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,

-		unsigned int *siglen, EVP_PKEY *pkey);

-int	PEM_def_callback(char *buf, int num, int w, void *key);

-void	PEM_proc_type(char *buf, int type);

-void	PEM_dek_info(char *buf, const char *type, int len, char *str);

-#ifndef SSLEAY_MACROS

-#include <openssl/symhacks.h>

-DECLARE_PEM_rw(X509, X509)

-DECLARE_PEM_rw(X509_AUX, X509)

-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)

-DECLARE_PEM_rw(X509_REQ, X509_REQ)

-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)

-DECLARE_PEM_rw(X509_CRL, X509_CRL)

-DECLARE_PEM_rw(PKCS7, PKCS7)

-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)

-DECLARE_PEM_rw(PKCS8, X509_SIG)

-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)

-#ifndef OPENSSL_NO_RSA

-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)

-DECLARE_PEM_rw_const(RSAPublicKey, RSA)

-DECLARE_PEM_rw(RSA_PUBKEY, RSA)

-#endif

-#ifndef OPENSSL_NO_DSA

-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)

-DECLARE_PEM_rw(DSA_PUBKEY, DSA)

-DECLARE_PEM_rw_const(DSAparams, DSA)

-#endif

-#ifndef OPENSSL_NO_EC

-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)

-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)

-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)

-#endif

-#ifndef OPENSSL_NO_DH

-DECLARE_PEM_rw_const(DHparams, DH)

-#endif

-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)

-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)

-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,

-                                  char *, int, pem_password_cb *, void *);

-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);

-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u);

-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);

-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,

-			      char *kstr,int klen, pem_password_cb *cd, void *u);

-#endif /* SSLEAY_MACROS */

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_PEM_strings(void);

-/* Error codes for the PEM functions. */

-/* Function codes. */

-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO			 120

-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP			 121

-#define PEM_F_DO_PK8PKEY				 126

-#define PEM_F_DO_PK8PKEY_FP				 125

-#define PEM_F_LOAD_IV					 101

-#define PEM_F_PEM_ASN1_READ				 102

-#define PEM_F_PEM_ASN1_READ_BIO				 103

-#define PEM_F_PEM_ASN1_WRITE				 104

-#define PEM_F_PEM_ASN1_WRITE_BIO			 105

-#define PEM_F_PEM_DEF_CALLBACK				 100

-#define PEM_F_PEM_DO_HEADER				 106

-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118

-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107

-#define PEM_F_PEM_PK8PKEY				 119

-#define PEM_F_PEM_READ					 108

-#define PEM_F_PEM_READ_BIO				 109

-#define PEM_F_PEM_READ_BIO_PRIVATEKEY			 123

-#define PEM_F_PEM_READ_PRIVATEKEY			 124

-#define PEM_F_PEM_SEALFINAL				 110

-#define PEM_F_PEM_SEALINIT				 111

-#define PEM_F_PEM_SIGNFINAL				 112

-#define PEM_F_PEM_WRITE					 113

-#define PEM_F_PEM_WRITE_BIO				 114

-#define PEM_F_PEM_X509_INFO_READ			 115

-#define PEM_F_PEM_X509_INFO_READ_BIO			 116

-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117

-/* Reason codes. */

-#define PEM_R_BAD_BASE64_DECODE				 100

-#define PEM_R_BAD_DECRYPT				 101

-#define PEM_R_BAD_END_LINE				 102

-#define PEM_R_BAD_IV_CHARS				 103

-#define PEM_R_BAD_PASSWORD_READ				 104

-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115

-#define PEM_R_NOT_DEK_INFO				 105

-#define PEM_R_NOT_ENCRYPTED				 106

-#define PEM_R_NOT_PROC_TYPE				 107

-#define PEM_R_NO_START_LINE				 108

-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109

-#define PEM_R_PUBLIC_KEY_NO_RSA				 110

-#define PEM_R_READ_KEY					 111

-#define PEM_R_SHORT_HEADER				 112

-#define PEM_R_UNSUPPORTED_CIPHER			 113

-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pem/pem2.h

+++ /dev/null

@@ -1,70 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

- * This header only exists to break a circular dependency between pem and err

- * Ben 30 Jan 1999.

- */

-#ifdef __cplusplus

-extern "C" {

-#endif

-#ifndef HEADER_PEM_H

-void ERR_load_PEM_strings(void);

-#endif

-#ifdef __cplusplus

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_all.c

+++ /dev/null

@@ -1,308 +1,0 @@

-/* crypto/pem/pem_all.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#undef SSLEAY_MACROS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-#include <openssl/pem.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#ifndef OPENSSL_NO_RSA

-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);

-#endif

-#ifndef OPENSSL_NO_DSA

-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);

-#endif

-#ifndef OPENSSL_NO_EC

-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);

-#endif

-IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)

-IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)

-IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)

-IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)

-IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,

-					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)

-#ifndef OPENSSL_NO_RSA

-/* We treat RSA or DSA private keys as a special case.

- *

- * For private keys we read in an EVP_PKEY structure with

- * PEM_read_bio_PrivateKey() and extract the relevant private

- * key: this means can handle "traditional" and PKCS#8 formats

- * transparently.

- */

-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)

-{

-	RSA *rtmp;

-	if(!key) return NULL;

-	rtmp = EVP_PKEY_get1_RSA(key);

-	EVP_PKEY_free(key);

-	if(!rtmp) return NULL;

-	if(rsa) {

-		RSA_free(*rsa);

-		*rsa = rtmp;

-	}

-	return rtmp;

-}

-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,

-								void *u)

-{

-	EVP_PKEY *pktmp;

-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);

-	return pkey_get_rsa(pktmp, rsa);

-}

-#ifndef OPENSSL_NO_FP_API

-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,

-								void *u)

-{

-	EVP_PKEY *pktmp;

-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);

-	return pkey_get_rsa(pktmp, rsa);

-}

-#endif

-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)

-IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)

-IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)

-#endif

-#ifndef OPENSSL_NO_DSA

-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)

-{

-	DSA *dtmp;

-	if(!key) return NULL;

-	dtmp = EVP_PKEY_get1_DSA(key);

-	EVP_PKEY_free(key);

-	if(!dtmp) return NULL;

-	if(dsa) {

-		DSA_free(*dsa);

-		*dsa = dtmp;

-	}

-	return dtmp;

-}

-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,

-								void *u)

-{

-	EVP_PKEY *pktmp;

-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);

-	return pkey_get_dsa(pktmp, dsa);

-}

-IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)

-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)

-#ifndef OPENSSL_NO_FP_API

-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,

-								void *u)

-{

-	EVP_PKEY *pktmp;

-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);

-	return pkey_get_dsa(pktmp, dsa);

-}

-#endif

-IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)

-#endif

-#ifndef OPENSSL_NO_EC

-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)

-{

-	EC_KEY *dtmp;

-	if(!key) return NULL;

-	dtmp = EVP_PKEY_get1_EC_KEY(key);

-	EVP_PKEY_free(key);

-	if(!dtmp) return NULL;

-	if(eckey)

-	{

- 		EC_KEY_free(*eckey);

-		*eckey = dtmp;

-	}

-	return dtmp;

-}

-EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,

-							void *u)

-{

-	EVP_PKEY *pktmp;

-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);

-	return pkey_get_eckey(pktmp, key);

-}

-IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)

-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)

-IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)

-#ifndef OPENSSL_NO_FP_API

-EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,

- 								void *u)

-{

-	EVP_PKEY *pktmp;

-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);

-	return pkey_get_eckey(pktmp, eckey);

-}

-#endif

-#endif

-#ifndef OPENSSL_NO_DH

-IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)

-#endif

-/* The PrivateKey case is not that straightforward.

- *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)

- * does not work, RSA and DSA keys have specific strings.

- * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything

- * appropriate.)

- */

-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\

-			(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)

-IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_err.c

+++ /dev/null

@@ -1,135 +1,0 @@

-/* crypto/pem/pem_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)

-static ERR_STRING_DATA PEM_str_functs[]=

-	{

-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),	"d2i_PKCS8PrivateKey_bio"},

-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),	"d2i_PKCS8PrivateKey_fp"},

-{ERR_FUNC(PEM_F_DO_PK8PKEY),	"DO_PK8PKEY"},

-{ERR_FUNC(PEM_F_DO_PK8PKEY_FP),	"DO_PK8PKEY_FP"},

-{ERR_FUNC(PEM_F_LOAD_IV),	"LOAD_IV"},

-{ERR_FUNC(PEM_F_PEM_ASN1_READ),	"PEM_ASN1_read"},

-{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),	"PEM_ASN1_read_bio"},

-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE),	"PEM_ASN1_write"},

-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),	"PEM_ASN1_write_bio"},

-{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK),	"PEM_def_callback"},

-{ERR_FUNC(PEM_F_PEM_DO_HEADER),	"PEM_do_header"},

-{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},

-{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),	"PEM_get_EVP_CIPHER_INFO"},

-{ERR_FUNC(PEM_F_PEM_PK8PKEY),	"PEM_PK8PKEY"},

-{ERR_FUNC(PEM_F_PEM_READ),	"PEM_read"},

-{ERR_FUNC(PEM_F_PEM_READ_BIO),	"PEM_read_bio"},

-{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),	"PEM_READ_BIO_PRIVATEKEY"},

-{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),	"PEM_READ_PRIVATEKEY"},

-{ERR_FUNC(PEM_F_PEM_SEALFINAL),	"PEM_SealFinal"},

-{ERR_FUNC(PEM_F_PEM_SEALINIT),	"PEM_SealInit"},

-{ERR_FUNC(PEM_F_PEM_SIGNFINAL),	"PEM_SignFinal"},

-{ERR_FUNC(PEM_F_PEM_WRITE),	"PEM_write"},

-{ERR_FUNC(PEM_F_PEM_WRITE_BIO),	"PEM_write_bio"},

-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ),	"PEM_X509_INFO_read"},

-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),	"PEM_X509_INFO_read_bio"},

-{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),	"PEM_X509_INFO_write_bio"},

-{0,NULL}

-	};

-static ERR_STRING_DATA PEM_str_reasons[]=

-	{

-{ERR_REASON(PEM_R_BAD_BASE64_DECODE)     ,"bad base64 decode"},

-{ERR_REASON(PEM_R_BAD_DECRYPT)           ,"bad decrypt"},

-{ERR_REASON(PEM_R_BAD_END_LINE)          ,"bad end line"},

-{ERR_REASON(PEM_R_BAD_IV_CHARS)          ,"bad iv chars"},

-{ERR_REASON(PEM_R_BAD_PASSWORD_READ)     ,"bad password read"},

-{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},

-{ERR_REASON(PEM_R_NOT_DEK_INFO)          ,"not dek info"},

-{ERR_REASON(PEM_R_NOT_ENCRYPTED)         ,"not encrypted"},

-{ERR_REASON(PEM_R_NOT_PROC_TYPE)         ,"not proc type"},

-{ERR_REASON(PEM_R_NO_START_LINE)         ,"no start line"},

-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},

-{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA)     ,"public key no rsa"},

-{ERR_REASON(PEM_R_READ_KEY)              ,"read key"},

-{ERR_REASON(PEM_R_SHORT_HEADER)          ,"short header"},

-{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},

-{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},

-{0,NULL}

-	};

-#endif

-void ERR_load_PEM_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,PEM_str_functs);

-		ERR_load_strings(0,PEM_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_info.c

+++ /dev/null

@@ -1,397 +1,0 @@

-/* crypto/pem/pem_info.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_FP_API

-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)

-	{

-        BIO *b;

-        STACK_OF(X509_INFO) *ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);

-        BIO_free(b);

-        return(ret);

-	}

-#endif

-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)

-	{

-	X509_INFO *xi=NULL;

-	char *name=NULL,*header=NULL;

-	void *pp;

-	unsigned char *data=NULL;

-	const unsigned char *p;

-	long len,error=0;

-	int ok=0;

-	STACK_OF(X509_INFO) *ret=NULL;

-	unsigned int i,raw;

-	d2i_of_void *d2i;

-	if (sk == NULL)

-		{

-		if ((ret=sk_X509_INFO_new_null()) == NULL)

-			{

-			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	else

-		ret=sk;

-	if ((xi=X509_INFO_new()) == NULL) goto err;

-	for (;;)

-		{

-		raw=0;

-		i=PEM_read_bio(bp,&name,&header,&data,&len);

-		if (i == 0)

-			{

-			error=ERR_GET_REASON(ERR_peek_last_error());

-			if (error == PEM_R_NO_START_LINE)

-				{

-				ERR_clear_error();

-				break;

-				}

-			goto err;

-			}

-start:

-		if (	(strcmp(name,PEM_STRING_X509) == 0) ||

-			(strcmp(name,PEM_STRING_X509_OLD) == 0))

-			{

-			d2i=(D2I_OF(void))d2i_X509;

-			if (xi->x509 != NULL)

-				{

-				if (!sk_X509_INFO_push(ret,xi)) goto err;

-				if ((xi=X509_INFO_new()) == NULL) goto err;

-				goto start;

-				}

-			pp=&(xi->x509);

-			}

-		else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))

-			{

-			d2i=(D2I_OF(void))d2i_X509_AUX;

-			if (xi->x509 != NULL)

-				{

-				if (!sk_X509_INFO_push(ret,xi)) goto err;

-				if ((xi=X509_INFO_new()) == NULL) goto err;

-				goto start;

-				}

-			pp=&(xi->x509);

-			}

-		else if (strcmp(name,PEM_STRING_X509_CRL) == 0)

-			{

-			d2i=(D2I_OF(void))d2i_X509_CRL;

-			if (xi->crl != NULL)

-				{

-				if (!sk_X509_INFO_push(ret,xi)) goto err;

-				if ((xi=X509_INFO_new()) == NULL) goto err;

-				goto start;

-				}

-			pp=&(xi->crl);

-			}

-		else

-#ifndef OPENSSL_NO_RSA

-			if (strcmp(name,PEM_STRING_RSA) == 0)

-			{

-			d2i=(D2I_OF(void))d2i_RSAPrivateKey;

-			if (xi->x_pkey != NULL)

-				{

-				if (!sk_X509_INFO_push(ret,xi)) goto err;

-				if ((xi=X509_INFO_new()) == NULL) goto err;

-				goto start;

-				}

-			xi->enc_data=NULL;

-			xi->enc_len=0;

-			xi->x_pkey=X509_PKEY_new();

-			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)

-				goto err;

-			xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;

-			pp=&(xi->x_pkey->dec_pkey->pkey.rsa);

-			if ((int)strlen(header) > 10) /* assume encrypted */

-				raw=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-			if (strcmp(name,PEM_STRING_DSA) == 0)

-			{

-			d2i=(D2I_OF(void))d2i_DSAPrivateKey;

-			if (xi->x_pkey != NULL)

-				{

-				if (!sk_X509_INFO_push(ret,xi)) goto err;

-				if ((xi=X509_INFO_new()) == NULL) goto err;

-				goto start;

-				}

-			xi->enc_data=NULL;

-			xi->enc_len=0;

-			xi->x_pkey=X509_PKEY_new();

-			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)

-				goto err;

-			xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;

-			pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);

-			if ((int)strlen(header) > 10) /* assume encrypted */

-				raw=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_EC

- 			if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)

- 			{

- 				d2i=(D2I_OF(void))d2i_ECPrivateKey;

- 				if (xi->x_pkey != NULL)

- 				{

- 					if (!sk_X509_INFO_push(ret,xi)) goto err;

- 					if ((xi=X509_INFO_new()) == NULL) goto err;

- 						goto start;

- 				}

- 			xi->enc_data=NULL;

- 			xi->enc_len=0;

- 			xi->x_pkey=X509_PKEY_new();

- 			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)

- 				goto err;

- 			xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;

- 			pp=&(xi->x_pkey->dec_pkey->pkey.ec);

- 			if ((int)strlen(header) > 10) /* assume encrypted */

- 				raw=1;

-			}

-		else

-#endif

-			{

-			d2i=NULL;

-			pp=NULL;

-			}

-		if (d2i != NULL)

-			{

-			if (!raw)

-				{

-				EVP_CIPHER_INFO cipher;

-				if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))

-					goto err;

-				if (!PEM_do_header(&cipher,data,&len,cb,u))

-					goto err;

-				p=data;

-				if (d2i(pp,&p,len) == NULL)

-					{

-					PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);

-					goto err;

-					}

-				}

-			else

-				{ /* encrypted RSA data */

-				if (!PEM_get_EVP_CIPHER_INFO(header,

-					&xi->enc_cipher)) goto err;

-				xi->enc_data=(char *)data;

-				xi->enc_len=(int)len;

-				data=NULL;

-				}

-			}

-		else	{

-			/* unknown */

-			}

-		if (name != NULL) OPENSSL_free(name);

-		if (header != NULL) OPENSSL_free(header);

-		if (data != NULL) OPENSSL_free(data);

-		name=NULL;

-		header=NULL;

-		data=NULL;

-		}

-	/* if the last one hasn't been pushed yet and there is anything

-	 * in it then add it to the stack ...

-	 */

-	if ((xi->x509 != NULL) || (xi->crl != NULL) ||

-		(xi->x_pkey != NULL) || (xi->enc_data != NULL))

-		{

-		if (!sk_X509_INFO_push(ret,xi)) goto err;

-		xi=NULL;

-		}

-	ok=1;

-err:

-	if (xi != NULL) X509_INFO_free(xi);

-	if (!ok)

-		{

-		for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)

-			{

-			xi=sk_X509_INFO_value(ret,i);

-			X509_INFO_free(xi);

-			}

-		if (ret != sk) sk_X509_INFO_free(ret);

-		ret=NULL;

-		}

-	if (name != NULL) OPENSSL_free(name);

-	if (header != NULL) OPENSSL_free(header);

-	if (data != NULL) OPENSSL_free(data);

-	return(ret);

-	}

-/* A TJH addition */

-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,

-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u)

-	{

-	EVP_CIPHER_CTX ctx;

-	int i,ret=0;

-	unsigned char *data=NULL;

-	const char *objstr=NULL;

-	char buf[PEM_BUFSIZE];

-	unsigned char *iv=NULL;

-	if (enc != NULL)

-		{

-		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));

-		if (objstr == NULL)

-			{

-			PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);

-			goto err;

-			}

-		}

-	/* now for the fun part ... if we have a private key then

-	 * we have to be able to handle a not-yet-decrypted key

-	 * being written out correctly ... if it is decrypted or

-	 * it is non-encrypted then we use the base code

-	 */

-	if (xi->x_pkey!=NULL)

-		{

-		if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )

-			{

-			/* copy from weirdo names into more normal things */

-			iv=xi->enc_cipher.iv;

-			data=(unsigned char *)xi->enc_data;

-			i=xi->enc_len;

-			/* we take the encryption data from the

-			 * internal stuff rather than what the

-			 * user has passed us ... as we have to

-			 * match exactly for some strange reason

-			 */

-			objstr=OBJ_nid2sn(

-				EVP_CIPHER_nid(xi->enc_cipher.cipher));

-			if (objstr == NULL)

-				{

-				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);

-				goto err;

-				}

-			/* create the right magic header stuff */

-			OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);

-			buf[0]='\0';

-			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);

-			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);

-			/* use the normal code to write things out */

-			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);

-			if (i <= 0) goto err;

-			}

-		else

-			{

-			/* Add DSA/DH */

-#ifndef OPENSSL_NO_RSA

-			/* normal optionally encrypted stuff */

-			if (PEM_write_bio_RSAPrivateKey(bp,

-				xi->x_pkey->dec_pkey->pkey.rsa,

-				enc,kstr,klen,cb,u)<=0)

-				goto err;

-#endif

-			}

-		}

-	/* if we have a certificate then write it out now */

-	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))

-		goto err;

-	/* we are ignoring anything else that is loaded into the X509_INFO

-	 * structure for the moment ... as I don't need it so I'm not

-	 * coding it here and Eric can do it when this makes it into the

-	 * base library --tjh

-	 */

-	ret=1;

-err:

-	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));

-	OPENSSL_cleanse(buf,PEM_BUFSIZE);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_lib.c

+++ /dev/null

@@ -1,781 +1,0 @@

-/* crypto/pem/pem_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/pkcs12.h>

-#ifndef OPENSSL_NO_DES

-#include <openssl/des.h>

-#endif

-const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;

-#define MIN_LENGTH	4

-static int load_iv(char **fromp,unsigned char *to, int num);

-static int check_pem(const char *nm, const char *name);

-int PEM_def_callback(char *buf, int num, int w, void *key)

-	{

-#ifdef OPENSSL_NO_FP_API

-	/* We should not ever call the default callback routine from

-	 * windows. */

-	PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(-1);

-#else

-	int i,j;

-	const char *prompt;

-	if(key) {

-		i=strlen(key);

-		i=(i > num)?num:i;

-		memcpy(buf,key,i);

-		return(i);

-	}

-	prompt=EVP_get_pw_prompt();

-	if (prompt == NULL)

-		prompt="Enter PEM pass phrase:";

-	for (;;)

-		{

-		i=EVP_read_pw_string(buf,num,prompt,w);

-		if (i != 0)

-			{

-			PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);

-			memset(buf,0,(unsigned int)num);

-			return(-1);

-			}

-		j=strlen(buf);

-		if (j < MIN_LENGTH)

-			{

-			fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);

-			}

-		else

-			break;

-		}

-	return(j);

-#endif

-	}

-void PEM_proc_type(char *buf, int type)

-	{

-	const char *str;

-	if (type == PEM_TYPE_ENCRYPTED)

-		str="ENCRYPTED";

-	else if (type == PEM_TYPE_MIC_CLEAR)

-		str="MIC-CLEAR";

-	else if (type == PEM_TYPE_MIC_ONLY)

-		str="MIC-ONLY";

-	else

-		str="BAD-TYPE";

-	BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);

-	BUF_strlcat(buf,str,PEM_BUFSIZE);

-	BUF_strlcat(buf,"\n",PEM_BUFSIZE);

-	}

-void PEM_dek_info(char *buf, const char *type, int len, char *str)

-	{

-	static const unsigned char map[17]="0123456789ABCDEF";

-	long i;

-	int j;

-	BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);

-	BUF_strlcat(buf,type,PEM_BUFSIZE);

-	BUF_strlcat(buf,",",PEM_BUFSIZE);

-	j=strlen(buf);

-	if (j + (len * 2) + 1 > PEM_BUFSIZE)

-        	return;

-	for (i=0; i<len; i++)

-		{

-		buf[j+i*2]  =map[(str[i]>>4)&0x0f];

-		buf[j+i*2+1]=map[(str[i]   )&0x0f];

-		}

-	buf[j+i*2]='\n';

-	buf[j+i*2+1]='\0';

-	}

-#ifndef OPENSSL_NO_FP_API

-void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,

-		    pem_password_cb *cb, void *u)

-	{

-        BIO *b;

-        void *ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);

-        BIO_free(b);

-        return(ret);

-	}

-#endif

-static int check_pem(const char *nm, const char *name)

-{

-	/* Normal matching nm and name */

-	if (!strcmp(nm,name)) return 1;

-	/* Make PEM_STRING_EVP_PKEY match any private key */

-	if(!strcmp(nm,PEM_STRING_PKCS8) &&

-		!strcmp(name,PEM_STRING_EVP_PKEY)) return 1;

-	if(!strcmp(nm,PEM_STRING_PKCS8INF) &&

-		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;

-	if(!strcmp(nm,PEM_STRING_RSA) &&

-		!strcmp(name,PEM_STRING_EVP_PKEY)) return 1;

-	if(!strcmp(nm,PEM_STRING_DSA) &&

-		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;

- 	if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&

- 		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;

-	/* Permit older strings */

-	if(!strcmp(nm,PEM_STRING_X509_OLD) &&

-		!strcmp(name,PEM_STRING_X509)) return 1;

-	if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&

-		!strcmp(name,PEM_STRING_X509_REQ)) return 1;

-	/* Allow normal certs to be read as trusted certs */

-	if(!strcmp(nm,PEM_STRING_X509) &&

-		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;

-	if(!strcmp(nm,PEM_STRING_X509_OLD) &&

-		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;

-	/* Some CAs use PKCS#7 with CERTIFICATE headers */

-	if(!strcmp(nm, PEM_STRING_X509) &&

-		!strcmp(name, PEM_STRING_PKCS7)) return 1;

-	return 0;

-}

-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,

-	     pem_password_cb *cb, void *u)

-	{

-	EVP_CIPHER_INFO cipher;

-	char *nm=NULL,*header=NULL;

-	unsigned char *data=NULL;

-	long len;

-	int ret = 0;

-	for (;;)

-		{

-		if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {

-			if(ERR_GET_REASON(ERR_peek_error()) ==

-				PEM_R_NO_START_LINE)

-				ERR_add_error_data(2, "Expecting: ", name);

-			return 0;

-		}

-		if(check_pem(nm, name)) break;

-		OPENSSL_free(nm);

-		OPENSSL_free(header);

-		OPENSSL_free(data);

-		}

-	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;

-	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;

-	*pdata = data;

-	*plen = len;

-	if (pnm)

-		*pnm = nm;

-	ret = 1;

-err:

-	if (!ret || !pnm) OPENSSL_free(nm);

-	OPENSSL_free(header);

-	if (!ret) OPENSSL_free(data);

-	return ret;

-	}

-#ifndef OPENSSL_NO_FP_API

-int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,

-		   char *x, const EVP_CIPHER *enc, unsigned char *kstr,

-		   int klen, pem_password_cb *callback, void *u)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,

-		       char *x, const EVP_CIPHER *enc, unsigned char *kstr,

-		       int klen, pem_password_cb *callback, void *u)

-	{

-	EVP_CIPHER_CTX ctx;

-	int dsize=0,i,j,ret=0;

-	unsigned char *p,*data=NULL;

-	const char *objstr=NULL;

-	char buf[PEM_BUFSIZE];

-	unsigned char key[EVP_MAX_KEY_LENGTH];

-	unsigned char iv[EVP_MAX_IV_LENGTH];

-	if (enc != NULL)

-		{

-		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));

-		if (objstr == NULL)

-			{

-			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);

-			goto err;

-			}

-		}

-	if ((dsize=i2d(x,NULL)) < 0)

-		{

-		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);

-		dsize=0;

-		goto err;

-		}

-	/* dzise + 8 bytes are needed */

-	/* actually it needs the cipher block size extra... */

-	data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);

-	if (data == NULL)

-		{

-		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	p=data;

-	i=i2d(x,&p);

-	if (enc != NULL)

-		{

-		if (kstr == NULL)

-			{

-			if (callback == NULL)

-				klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);

-			else

-				klen=(*callback)(buf,PEM_BUFSIZE,1,u);

-			if (klen <= 0)

-				{

-				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);

-				goto err;

-				}

-#ifdef CHARSET_EBCDIC

-			/* Convert the pass phrase from EBCDIC */

-			ebcdic2ascii(buf, buf, klen);

-#endif

-			kstr=(unsigned char *)buf;

-			}

-		RAND_add(data,i,0);/* put in the RSA key. */

-		OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));

-		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */

-			goto err;

-		/* The 'iv' is used as the iv and as a salt.  It is

-		 * NOT taken from the BytesToKey function */

-		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);

-		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);

-		OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);

-		buf[0]='\0';

-		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);

-		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);

-		/* k=strlen(buf); */

-		EVP_CIPHER_CTX_init(&ctx);

-		EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);

-		EVP_EncryptUpdate(&ctx,data,&j,data,i);

-		EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);

-		EVP_CIPHER_CTX_cleanup(&ctx);

-		i+=j;

-		ret=1;

-		}

-	else

-		{

-		ret=1;

-		buf[0]='\0';

-		}

-	i=PEM_write_bio(bp,name,buf,data,i);

-	if (i <= 0) ret=0;

-err:

-	OPENSSL_cleanse(key,sizeof(key));

-	OPENSSL_cleanse(iv,sizeof(iv));

-	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));

-	OPENSSL_cleanse(buf,PEM_BUFSIZE);

-	if (data != NULL)

-		{

-		OPENSSL_cleanse(data,(unsigned int)dsize);

-		OPENSSL_free(data);

-		}

-	return(ret);

-	}

-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,

-	     pem_password_cb *callback,void *u)

-	{

-	int i,j,o,klen;

-	long len;

-	EVP_CIPHER_CTX ctx;

-	unsigned char key[EVP_MAX_KEY_LENGTH];

-	char buf[PEM_BUFSIZE];

-	len= *plen;

-	if (cipher->cipher == NULL) return(1);

-	if (callback == NULL)

-		klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);

-	else

-		klen=callback(buf,PEM_BUFSIZE,0,u);

-	if (klen <= 0)

-		{

-		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);

-		return(0);

-		}

-#ifdef CHARSET_EBCDIC

-	/* Convert the pass phrase from EBCDIC */

-	ebcdic2ascii(buf, buf, klen);

-#endif

-	EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),

-		(unsigned char *)buf,klen,1,key,NULL);

-	j=(int)len;

-	EVP_CIPHER_CTX_init(&ctx);

-	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));

-	EVP_DecryptUpdate(&ctx,data,&i,data,j);

-	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);

-	EVP_CIPHER_CTX_cleanup(&ctx);

-	OPENSSL_cleanse((char *)buf,sizeof(buf));

-	OPENSSL_cleanse((char *)key,sizeof(key));

-	j+=i;

-	if (!o)

-		{

-		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);

-		return(0);

-		}

-	*plen=j;

-	return(1);

-	}

-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)

-	{

-	int o;

-	const EVP_CIPHER *enc=NULL;

-	char *p,c;

-	char **header_pp = &header;

-	cipher->cipher=NULL;

-	if ((header == NULL) || (*header == '\0') || (*header == '\n'))

-		return(1);

-	if (strncmp(header,"Proc-Type: ",11) != 0)

-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }

-	header+=11;

-	if (*header != '4') return(0); header++;

-	if (*header != ',') return(0); header++;

-	if (strncmp(header,"ENCRYPTED",9) != 0)

-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }

-	for (; (*header != '\n') && (*header != '\0'); header++)

-		;

-	if (*header == '\0')

-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }

-	header++;

-	if (strncmp(header,"DEK-Info: ",10) != 0)

-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }

-	header+=10;

-	p=header;

-	for (;;)

-		{

-		c= *header;

-#ifndef CHARSET_EBCDIC

-		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||

-			((c >= '0') && (c <= '9'))))

-			break;

-#else

-		if (!(	isupper(c) || (c == '-') ||

-			isdigit(c)))

-			break;

-#endif

-		header++;

-		}

-	*header='\0';

-	o=OBJ_sn2nid(p);

-	cipher->cipher=enc=EVP_get_cipherbyname(p);

-	*header=c;

-	header++;

-	if (enc == NULL)

-		{

-		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);

-		return(0);

-		}

-	if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))

-		return(0);

-	return(1);

-	}

-static int load_iv(char **fromp, unsigned char *to, int num)

-	{

-	int v,i;

-	char *from;

-	from= *fromp;

-	for (i=0; i<num; i++) to[i]=0;

-	num*=2;

-	for (i=0; i<num; i++)

-		{

-		if ((*from >= '0') && (*from <= '9'))

-			v= *from-'0';

-		else if ((*from >= 'A') && (*from <= 'F'))

-			v= *from-'A'+10;

-		else if ((*from >= 'a') && (*from <= 'f'))

-			v= *from-'a'+10;

-		else

-			{

-			PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);

-			return(0);

-			}

-		from++;

-		to[i/2]|=v<<(long)((!(i&1))*4);

-		}

-	*fromp=from;

-	return(1);

-	}

-#ifndef OPENSSL_NO_FP_API

-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,

-	     long len)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=PEM_write_bio(b, name, header, data,len);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,

-	     long len)

-	{

-	int nlen,n,i,j,outl;

-	unsigned char *buf = NULL;

-	EVP_ENCODE_CTX ctx;

-	int reason=ERR_R_BUF_LIB;

-	EVP_EncodeInit(&ctx);

-	nlen=strlen(name);

-	if (	(BIO_write(bp,"-----BEGIN ",11) != 11) ||

-		(BIO_write(bp,name,nlen) != nlen) ||

-		(BIO_write(bp,"-----\n",6) != 6))

-		goto err;

-	i=strlen(header);

-	if (i > 0)

-		{

-		if (	(BIO_write(bp,header,i) != i) ||

-			(BIO_write(bp,"\n",1) != 1))

-			goto err;

-		}

-	buf = OPENSSL_malloc(PEM_BUFSIZE*8);

-	if (buf == NULL)

-		{

-		reason=ERR_R_MALLOC_FAILURE;

-		goto err;

-		}

-	i=j=0;

-	while (len > 0)

-		{

-		n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);

-		EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);

-		if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))

-			goto err;

-		i+=outl;

-		len-=n;

-		j+=n;

-		}

-	EVP_EncodeFinal(&ctx,buf,&outl);

-	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;

-	OPENSSL_cleanse(buf, PEM_BUFSIZE*8);

-	OPENSSL_free(buf);

-	buf = NULL;

-	if (	(BIO_write(bp,"-----END ",9) != 9) ||

-		(BIO_write(bp,name,nlen) != nlen) ||

-		(BIO_write(bp,"-----\n",6) != 6))

-		goto err;

-	return(i+outl);

-err:

-	if (buf) {

-		OPENSSL_cleanse(buf, PEM_BUFSIZE*8);

-		OPENSSL_free(buf);

-	}

-	PEMerr(PEM_F_PEM_WRITE_BIO,reason);

-	return(0);

-	}

-#ifndef OPENSSL_NO_FP_API

-int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,

-	     long *len)

-        {

-        BIO *b;

-        int ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=PEM_read_bio(b, name, header, data,len);

-        BIO_free(b);

-        return(ret);

-        }

-#endif

-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,

-	     long *len)

-	{

-	EVP_ENCODE_CTX ctx;

-	int end=0,i,k,bl=0,hl=0,nohead=0;

-	char buf[256];

-	BUF_MEM *nameB;

-	BUF_MEM *headerB;

-	BUF_MEM *dataB,*tmpB;

-	nameB=BUF_MEM_new();

-	headerB=BUF_MEM_new();

-	dataB=BUF_MEM_new();

-	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))

-		{

-		BUF_MEM_free(nameB);

-		BUF_MEM_free(headerB);

-		BUF_MEM_free(dataB);

-		PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	buf[254]='\0';

-	for (;;)

-		{

-		i=BIO_gets(bp,buf,254);

-		if (i <= 0)

-			{

-			PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);

-			goto err;

-			}

-		while ((i >= 0) && (buf[i] <= ' ')) i--;

-		buf[++i]='\n'; buf[++i]='\0';

-		if (strncmp(buf,"-----BEGIN ",11) == 0)

-			{

-			i=strlen(&(buf[11]));

-			if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)

-				continue;

-			if (!BUF_MEM_grow(nameB,i+9))

-				{

-				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			memcpy(nameB->data,&(buf[11]),i-6);

-			nameB->data[i-6]='\0';

-			break;

-			}

-		}

-	hl=0;

-	if (!BUF_MEM_grow(headerB,256))

-		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }

-	headerB->data[0]='\0';

-	for (;;)

-		{

-		i=BIO_gets(bp,buf,254);

-		if (i <= 0) break;

-		while ((i >= 0) && (buf[i] <= ' ')) i--;

-		buf[++i]='\n'; buf[++i]='\0';

-		if (buf[0] == '\n') break;

-		if (!BUF_MEM_grow(headerB,hl+i+9))

-			{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }

-		if (strncmp(buf,"-----END ",9) == 0)

-			{

-			nohead=1;

-			break;

-			}

-		memcpy(&(headerB->data[hl]),buf,i);

-		headerB->data[hl+i]='\0';

-		hl+=i;

-		}

-	bl=0;

-	if (!BUF_MEM_grow(dataB,1024))

-		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }

-	dataB->data[0]='\0';

-	if (!nohead)

-		{

-		for (;;)

-			{

-			i=BIO_gets(bp,buf,254);

-			if (i <= 0) break;

-			while ((i >= 0) && (buf[i] <= ' ')) i--;

-			buf[++i]='\n'; buf[++i]='\0';

-			if (i != 65) end=1;

-			if (strncmp(buf,"-----END ",9) == 0)

-				break;

-			if (i > 65) break;

-			if (!BUF_MEM_grow_clean(dataB,i+bl+9))

-				{

-				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			memcpy(&(dataB->data[bl]),buf,i);

-			dataB->data[bl+i]='\0';

-			bl+=i;

-			if (end)

-				{

-				buf[0]='\0';

-				i=BIO_gets(bp,buf,254);

-				if (i <= 0) break;

-				while ((i >= 0) && (buf[i] <= ' ')) i--;

-				buf[++i]='\n'; buf[++i]='\0';

-				break;

-				}

-			}

-		}

-	else

-		{

-		tmpB=headerB;

-		headerB=dataB;

-		dataB=tmpB;

-		bl=hl;

-		}

-	i=strlen(nameB->data);

-	if (	(strncmp(buf,"-----END ",9) != 0) ||

-		(strncmp(nameB->data,&(buf[9]),i) != 0) ||

-		(strncmp(&(buf[9+i]),"-----\n",6) != 0))

-		{

-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);

-		goto err;

-		}

-	EVP_DecodeInit(&ctx);

-	i=EVP_DecodeUpdate(&ctx,

-		(unsigned char *)dataB->data,&bl,

-		(unsigned char *)dataB->data,bl);

-	if (i < 0)

-		{

-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);

-		goto err;

-		}

-	i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);

-	if (i < 0)

-		{

-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);

-		goto err;

-		}

-	bl+=k;

-	if (bl == 0) goto err;

-	*name=nameB->data;

-	*header=headerB->data;

-	*data=(unsigned char *)dataB->data;

-	*len=bl;

-	OPENSSL_free(nameB);

-	OPENSSL_free(headerB);

-	OPENSSL_free(dataB);

-	return(1);

-err:

-	BUF_MEM_free(nameB);

-	BUF_MEM_free(headerB);

-	BUF_MEM_free(dataB);

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_oth.c

+++ /dev/null

@@ -1,86 +1,0 @@

-/* crypto/pem/pem_oth.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-/* Handle 'other' PEMs: not private keys */

-void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,

-			pem_password_cb *cb, void *u)

-	{

-	const unsigned char *p=NULL;

-	unsigned char *data=NULL;

-	long len;

-	char *ret=NULL;

-	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))

-		return NULL;

-	p = data;

-	ret=d2i(x,&p,len);

-	if (ret == NULL)

-		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);

-	OPENSSL_free(data);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_pk8.c

+++ /dev/null

@@ -1,242 +1,0 @@

-/* crypto/pem/pem_pkey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs12.h>

-#include <openssl/pem.h>

-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,

-				int nid, const EVP_CIPHER *enc,

-				char *kstr, int klen,

-				pem_password_cb *cb, void *u);

-static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,

-				int nid, const EVP_CIPHER *enc,

-				char *kstr, int klen,

-				pem_password_cb *cb, void *u);

-/* These functions write a private key in PKCS#8 format: it is a "drop in"

- * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'

- * is NULL then it uses the unencrypted private key form. The 'nid' versions

- * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.

- */

-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);

-}

-int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);

-}

-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);

-}

-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);

-}

-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	X509_SIG *p8;

-	PKCS8_PRIV_KEY_INFO *p8inf;

-	char buf[PEM_BUFSIZE];

-	int ret;

-	if(!(p8inf = EVP_PKEY2PKCS8(x))) {

-		PEMerr(PEM_F_DO_PK8PKEY,

-					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);

-		return 0;

-	}

-	if(enc || (nid != -1)) {

-		if(!kstr) {

-			if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);

-			else klen = cb(buf, PEM_BUFSIZE, 1, u);

-			if(klen <= 0) {

-				PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);

-				PKCS8_PRIV_KEY_INFO_free(p8inf);

-				return 0;

-			}

-			kstr = buf;

-		}

-		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);

-		if(kstr == buf) OPENSSL_cleanse(buf, klen);

-		PKCS8_PRIV_KEY_INFO_free(p8inf);

-		if(isder) ret = i2d_PKCS8_bio(bp, p8);

-		else ret = PEM_write_bio_PKCS8(bp, p8);

-		X509_SIG_free(p8);

-		return ret;

-	} else {

-		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);

-		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);

-		PKCS8_PRIV_KEY_INFO_free(p8inf);

-		return ret;

-	}

-}

-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)

-{

-	PKCS8_PRIV_KEY_INFO *p8inf = NULL;

-	X509_SIG *p8 = NULL;

-	int klen;

-	EVP_PKEY *ret;

-	char psbuf[PEM_BUFSIZE];

-	p8 = d2i_PKCS8_bio(bp, NULL);

-	if(!p8) return NULL;

-	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);

-	else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);

-	if (klen <= 0) {

-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);

-		X509_SIG_free(p8);

-		return NULL;

-	}

-	p8inf = PKCS8_decrypt(p8, psbuf, klen);

-	X509_SIG_free(p8);

-	if(!p8inf) return NULL;

-	ret = EVP_PKCS82PKEY(p8inf);

-	PKCS8_PRIV_KEY_INFO_free(p8inf);

-	if(!ret) return NULL;

-	if(x) {

-		if(*x) EVP_PKEY_free(*x);

-		*x = ret;

-	}

-	return ret;

-}

-#ifndef OPENSSL_NO_FP_API

-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);

-}

-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);

-}

-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);

-}

-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

-			      char *kstr, int klen, pem_password_cb *cb, void *u)

-{

-	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);

-}

-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,

-				  char *kstr, int klen,

-				  pem_password_cb *cb, void *u)

-{

-	BIO *bp;

-	int ret;

-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {

-		PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);

-                return(0);

-	}

-	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);

-	BIO_free(bp);

-	return ret;

-}

-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)

-{

-	BIO *bp;

-	EVP_PKEY *ret;

-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {

-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);

-                return NULL;

-	}

-	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);

-	BIO_free(bp);

-	return ret;

-}

-#endif

-IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)

-IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,

-							 PKCS8_PRIV_KEY_INFO)

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_pkey.c

+++ /dev/null

@@ -1,149 +1,0 @@

-/* crypto/pem/pem_pkey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs12.h>

-#include <openssl/pem.h>

-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)

-	{

-	char *nm=NULL;

-	const unsigned char *p=NULL;

-	unsigned char *data=NULL;

-	long len;

-	EVP_PKEY *ret=NULL;

-	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))

-		return NULL;

-	p = data;

-	if (strcmp(nm,PEM_STRING_RSA) == 0)

-		ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);

-	else if (strcmp(nm,PEM_STRING_DSA) == 0)

-		ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);

-	else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)

-		ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);

-	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {

-		PKCS8_PRIV_KEY_INFO *p8inf;

-		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);

-		if(!p8inf) goto p8err;

-		ret = EVP_PKCS82PKEY(p8inf);

-		if(x) {

-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);

-			*x = ret;

-		}

-		PKCS8_PRIV_KEY_INFO_free(p8inf);

-	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {

-		PKCS8_PRIV_KEY_INFO *p8inf;

-		X509_SIG *p8;

-		int klen;

-		char psbuf[PEM_BUFSIZE];

-		p8 = d2i_X509_SIG(NULL, &p, len);

-		if(!p8) goto p8err;

-		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);

-		else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);

-		if (klen <= 0) {

-			PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,

-					PEM_R_BAD_PASSWORD_READ);

-			X509_SIG_free(p8);

-			goto err;

-		}

-		p8inf = PKCS8_decrypt(p8, psbuf, klen);

-		X509_SIG_free(p8);

-		if(!p8inf) goto p8err;

-		ret = EVP_PKCS82PKEY(p8inf);

-		if(x) {

-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);

-			*x = ret;

-		}

-		PKCS8_PRIV_KEY_INFO_free(p8inf);

-	}

-p8err:

-	if (ret == NULL)

-		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);

-err:

-	OPENSSL_free(nm);

-	OPENSSL_cleanse(data, len);

-	OPENSSL_free(data);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_FP_API

-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)

-	{

-        BIO *b;

-        EVP_PKEY *ret;

-        if ((b=BIO_new(BIO_s_file())) == NULL)

-		{

-		PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);

-                return(0);

-		}

-        BIO_set_fp(b,fp,BIO_NOCLOSE);

-        ret=PEM_read_bio_PrivateKey(b,x,cb,u);

-        BIO_free(b);

-        return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_seal.c

+++ /dev/null

@@ -1,189 +1,0 @@

-/* crypto/pem/pem_seal.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_RSA */

-#ifndef OPENSSL_NO_RSA

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/rsa.h>

-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,

-	     unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,

-	     int npubk)

-	{

-	unsigned char key[EVP_MAX_KEY_LENGTH];

-	int ret= -1;

-	int i,j,max=0;

-	char *s=NULL;

-	for (i=0; i<npubk; i++)

-		{

-		if (pubk[i]->type != EVP_PKEY_RSA)

-			{

-			PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);

-			goto err;

-			}

-		j=RSA_size(pubk[i]->pkey.rsa);

-		if (j > max) max=j;

-		}

-	s=(char *)OPENSSL_malloc(max*2);

-	if (s == NULL)

-		{

-		PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	EVP_EncodeInit(&ctx->encode);

-	EVP_MD_CTX_init(&ctx->md);

-	EVP_SignInit(&ctx->md,md_type);

-	EVP_CIPHER_CTX_init(&ctx->cipher);

-	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);

-	if (!ret) goto err;

-	/* base64 encode the keys */

-	for (i=0; i<npubk; i++)

-		{

-		j=EVP_EncodeBlock((unsigned char *)s,ek[i],

-			RSA_size(pubk[i]->pkey.rsa));

-		ekl[i]=j;

-		memcpy(ek[i],s,j+1);

-		}

-	ret=npubk;

-err:

-	if (s != NULL) OPENSSL_free(s);

-	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);

-	return(ret);

-	}

-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,

-	     unsigned char *in, int inl)

-	{

-	unsigned char buffer[1600];

-	int i,j;

-	*outl=0;

-	EVP_SignUpdate(&ctx->md,in,inl);

-	for (;;)

-		{

-		if (inl <= 0) break;

-		if (inl > 1200)

-			i=1200;

-		else

-			i=inl;

-		EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);

-		EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);

-		*outl+=j;

-		out+=j;

-		in+=i;

-		inl-=i;

-		}

-	}

-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,

-	     unsigned char *out, int *outl, EVP_PKEY *priv)

-	{

-	unsigned char *s=NULL;

-	int ret=0,j;

-	unsigned int i;

-	if (priv->type != EVP_PKEY_RSA)

-		{

-		PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);

-		goto err;

-		}

-	i=RSA_size(priv->pkey.rsa);

-	if (i < 100) i=100;

-	s=(unsigned char *)OPENSSL_malloc(i*2);

-	if (s == NULL)

-		{

-		PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);

-	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);

-	*outl=j;

-	out+=j;

-	EVP_EncodeFinal(&ctx->encode,out,&j);

-	*outl+=j;

-	if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;

-	*sigl=EVP_EncodeBlock(sig,s,i);

-	ret=1;

-err:

-	EVP_MD_CTX_cleanup(&ctx->md);

-	EVP_CIPHER_CTX_cleanup(&ctx->cipher);

-	if (s != NULL) OPENSSL_free(s);

-	return(ret);

-	}

-#else /* !OPENSSL_NO_RSA */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_sign.c

+++ /dev/null

@@ -1,102 +1,0 @@

-/* crypto/pem/pem_sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)

-	{

-	EVP_DigestInit_ex(ctx, type, NULL);

-	}

-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,

-	     unsigned int count)

-	{

-	EVP_DigestUpdate(ctx,data,count);

-	}

-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,

-	     EVP_PKEY *pkey)

-	{

-	unsigned char *m;

-	int i,ret=0;

-	unsigned int m_len;

-	m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);

-	if (m == NULL)

-		{

-		PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;

-	i=EVP_EncodeBlock(sigret,m,m_len);

-	*siglen=i;

-	ret=1;

-err:

-	/* ctx has been zeroed by EVP_SignFinal() */

-	if (m != NULL) OPENSSL_free(m);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_x509.c

+++ /dev/null

@@ -1,69 +1,0 @@

-/* pem_x509.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#undef SSLEAY_MACROS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-#include <openssl/pem.h>

-IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)

--- a/sys/src/ape/lib/openssl/crypto/pem/pem_xaux.c

+++ /dev/null

@@ -1,69 +1,0 @@

-/* pem_xaux.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#undef SSLEAY_MACROS

-#include "cryptlib.h"

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-#include <openssl/pem.h>

-IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)

-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)

--- a/sys/src/ape/lib/openssl/crypto/pem/pkcs7.lis

+++ /dev/null

@@ -1,22 +1,0 @@

-21     0:d=0 hl=2 l=  0 cons: univ: SEQUENCE

- 00     2:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData

- 21    13:d=0 hl=2 l=  0 cons: cont: 00			# explicit tag

-  21    15:d=0 hl=2 l=  0 cons: univ: SEQUENCE

-   00    17:d=0 hl=2 l=  1 prim: univ: INTEGER          # version

-   20    20:d=0 hl=2 l=  0 cons: univ: SET

-   21    22:d=0 hl=2 l=  0 cons: univ: SEQUENCE

-    00    24:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data

-    00    35:d=0 hl=2 l=  0 prim: univ: EOC

-   21    37:d=0 hl=2 l=  0 cons: cont: 00               # cert tag

-    20    39:d=0 hl=4 l=545 cons: univ: SEQUENCE

-    20   588:d=0 hl=4 l=524 cons: univ: SEQUENCE

-    00  1116:d=0 hl=2 l=  0 prim: univ: EOC

-   21  1118:d=0 hl=2 l=  0 cons: cont: 01		# crl tag

-    20  1120:d=0 hl=4 l=653 cons: univ: SEQUENCE

-    20  1777:d=0 hl=4 l=285 cons: univ: SEQUENCE

-    00  2066:d=0 hl=2 l=  0 prim: univ: EOC

-   21  2068:d=0 hl=2 l=  0 cons: univ: SET              # signers

-    00  2070:d=0 hl=2 l=  0 prim: univ: EOC

-  00  2072:d=0 hl=2 l=  0 prim: univ: EOC

- 00  2074:d=0 hl=2 l=  0 prim: univ: EOC

-00  2076:d=0 hl=2 l=  0 prim: univ: EOC

--- a/sys/src/ape/lib/openssl/crypto/perlasm/cbc.pl

+++ /dev/null

@@ -1,351 +1,0 @@

-#!/usr/local/bin/perl

-# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)

-# des_cblock (*input);

-# des_cblock (*output);

-# long length;

-# des_key_schedule schedule;

-# des_cblock (*ivec);

-# int enc;

-#

-# calls

-# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);

-#

-#&cbc("des_ncbc_encrypt","des_encrypt",0);

-#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",

-#	1,4,5,3,5,-1);

-#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",

-#	0,4,5,3,5,-1);

-#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",

-#	0,6,7,3,4,5);

-#

-# When doing a cipher that needs bigendian order,

-# for encrypt, the iv is kept in bigendian form,

-# while for decrypt, it is kept in little endian.

-sub cbc

-	{

-	local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;

-	# name is the function name

-	# enc_func and dec_func and the functions to call for encrypt/decrypt

-	# swap is true if byte order needs to be reversed

-	# iv_off is parameter number for the iv

-	# enc_off is parameter number for the encrypt/decrypt flag

-	# p1,p2,p3 are the offsets for parameters to be passed to the

-	# underlying calls.

-	&function_begin_B($name,"");

-	&comment("");

-	$in="esi";

-	$out="edi";

-	$count="ebp";

-	&push("ebp");

-	&push("ebx");

-	&push("esi");

-	&push("edi");

-	$data_off=4;

-	$data_off+=4 if ($p1 > 0);

-	$data_off+=4 if ($p2 > 0);

-	$data_off+=4 if ($p3 > 0);

-	&mov($count,	&wparam(2));	# length

-	&comment("getting iv ptr from parameter $iv_off");

-	&mov("ebx",	&wparam($iv_off));	# Get iv ptr

-	&mov($in,	&DWP(0,"ebx","",0));#	iv[0]

-	&mov($out,	&DWP(4,"ebx","",0));#	iv[1]

-	&push($out);

-	&push($in);

-	&push($out);	# used in decrypt for iv[1]

-	&push($in);	# used in decrypt for iv[0]

-	&mov("ebx",	"esp");		# This is the address of tin[2]

-	&mov($in,	&wparam(0));	# in

-	&mov($out,	&wparam(1));	# out

-	# We have loaded them all, how lets push things

-	&comment("getting encrypt flag from parameter $enc_off");

-	&mov("ecx",	&wparam($enc_off));	# Get enc flag

-	if ($p3 > 0)

-		{

-		&comment("get and push parameter $p3");

-		if ($enc_off != $p3)

-			{ &mov("eax",	&wparam($p3)); &push("eax"); }

-		else	{ &push("ecx"); }

-		}

-	if ($p2 > 0)

-		{

-		&comment("get and push parameter $p2");

-		if ($enc_off != $p2)

-			{ &mov("eax",	&wparam($p2)); &push("eax"); }

-		else	{ &push("ecx"); }

-		}

-	if ($p1 > 0)

-		{

-		&comment("get and push parameter $p1");

-		if ($enc_off != $p1)

-			{ &mov("eax",	&wparam($p1)); &push("eax"); }

-		else	{ &push("ecx"); }

-		}

-	&push("ebx");		# push data/iv

-	&cmp("ecx",0);

-	&jz(&label("decrypt"));

-	&and($count,0xfffffff8);

-	&mov("eax",	&DWP($data_off,"esp","",0));	# load iv[0]

-	&mov("ebx",	&DWP($data_off+4,"esp","",0));	# load iv[1]

-	&jz(&label("encrypt_finish"));

-	#############################################################

-	&set_label("encrypt_loop");

-	# encrypt start

-	# "eax" and "ebx" hold iv (or the last cipher text)

-	&mov("ecx",	&DWP(0,$in,"",0));	# load first 4 bytes

-	&mov("edx",	&DWP(4,$in,"",0));	# second 4 bytes

-	&xor("eax",	"ecx");

-	&xor("ebx",	"edx");

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call

-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#

-	&call($enc_func);

-	&mov("eax",	&DWP($data_off,"esp","",0));

-	&mov("ebx",	&DWP($data_off+4,"esp","",0));

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov(&DWP(0,$out,"",0),"eax");

-	&mov(&DWP(4,$out,"",0),"ebx");

-	# eax and ebx are the next iv.

-	&add($in,	8);

-	&add($out,	8);

-	&sub($count,	8);

-	&jnz(&label("encrypt_loop"));

-###################################################################3

-	&set_label("encrypt_finish");

-	&mov($count,	&wparam(2));	# length

-	&and($count,	7);

-	&jz(&label("finish"));

-	&call(&label("PIC_point"));

-&set_label("PIC_point");

-	&blindpop("edx");

-	&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));

-	&mov($count,&DWP(0,"ecx",$count,4))

-	&add($count,"edx");

-	&xor("ecx","ecx");

-	&xor("edx","edx");

-	#&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));

-	&jmp_ptr($count);

-&set_label("ej7");

-	&xor("edx",		"edx") if $ppro; # ppro friendly

-	&movb(&HB("edx"),	&BP(6,$in,"",0));

-	&shl("edx",8);

-&set_label("ej6");

-	&movb(&HB("edx"),	&BP(5,$in,"",0));

-&set_label("ej5");

-	&movb(&LB("edx"),	&BP(4,$in,"",0));

-&set_label("ej4");

-	&mov("ecx",		&DWP(0,$in,"",0));

-	&jmp(&label("ejend"));

-&set_label("ej3");

-	&movb(&HB("ecx"),	&BP(2,$in,"",0));

-	&xor("ecx",		"ecx") if $ppro; # ppro friendly

-	&shl("ecx",8);

-&set_label("ej2");

-	&movb(&HB("ecx"),	&BP(1,$in,"",0));

-&set_label("ej1");

-	&movb(&LB("ecx"),	&BP(0,$in,"",0));

-&set_label("ejend");

-	&xor("eax",	"ecx");

-	&xor("ebx",	"edx");

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call

-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#

-	&call($enc_func);

-	&mov("eax",	&DWP($data_off,"esp","",0));

-	&mov("ebx",	&DWP($data_off+4,"esp","",0));

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov(&DWP(0,$out,"",0),"eax");

-	&mov(&DWP(4,$out,"",0),"ebx");

-	&jmp(&label("finish"));

-	#############################################################

-	#############################################################

-	&set_label("decrypt",1);

-	# decrypt start

-	&and($count,0xfffffff8);

-	# The next 2 instructions are only for if the jz is taken

-	&mov("eax",	&DWP($data_off+8,"esp","",0));	# get iv[0]

-	&mov("ebx",	&DWP($data_off+12,"esp","",0));	# get iv[1]

-	&jz(&label("decrypt_finish"));

-	&set_label("decrypt_loop");

-	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes

-	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back

-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#

-	&call($dec_func);

-	&mov("eax",	&DWP($data_off,"esp","",0));	# get return

-	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]

-	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]

-	&xor("ecx",	"eax");

-	&xor("edx",	"ebx");

-	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,

-	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually

-	&mov(&DWP(0,$out,"",0),"ecx");

-	&mov(&DWP(4,$out,"",0),"edx");

-	&mov(&DWP($data_off+8,"esp","",0),	"eax");	# save iv

-	&mov(&DWP($data_off+12,"esp","",0),	"ebx");	#

-	&add($in,	8);

-	&add($out,	8);

-	&sub($count,	8);

-	&jnz(&label("decrypt_loop"));

-############################ ENDIT #######################3

-	&set_label("decrypt_finish");

-	&mov($count,	&wparam(2));	# length

-	&and($count,	7);

-	&jz(&label("finish"));

-	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes

-	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back

-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#

-	&call($dec_func);

-	&mov("eax",	&DWP($data_off,"esp","",0));	# get return

-	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#

-	&bswap("eax")	if $swap;

-	&bswap("ebx")	if $swap;

-	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]

-	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]

-	&xor("ecx",	"eax");

-	&xor("edx",	"ebx");

-	# this is for when we exit

-	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,

-	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually

-&set_label("dj7");

-	&rotr("edx",	16);

-	&movb(&BP(6,$out,"",0),	&LB("edx"));

-	&shr("edx",16);

-&set_label("dj6");

-	&movb(&BP(5,$out,"",0),	&HB("edx"));

-&set_label("dj5");

-	&movb(&BP(4,$out,"",0),	&LB("edx"));

-&set_label("dj4");

-	&mov(&DWP(0,$out,"",0),	"ecx");

-	&jmp(&label("djend"));

-&set_label("dj3");

-	&rotr("ecx",	16);

-	&movb(&BP(2,$out,"",0),	&LB("ecx"));

-	&shl("ecx",16);

-&set_label("dj2");

-	&movb(&BP(1,$in,"",0),	&HB("ecx"));

-&set_label("dj1");

-	&movb(&BP(0,$in,"",0),	&LB("ecx"));

-&set_label("djend");

-	# final iv is still in eax:ebx

-	&jmp(&label("finish"));

-############################ FINISH #######################3

-	&set_label("finish",1);

-	&mov("ecx",	&wparam($iv_off));	# Get iv ptr

-	#################################################

-	$total=16+4;

-	$total+=4 if ($p1 > 0);

-	$total+=4 if ($p2 > 0);

-	$total+=4 if ($p3 > 0);

-	&add("esp",$total);

-	&mov(&DWP(0,"ecx","",0),	"eax");	# save iv

-	&mov(&DWP(4,"ecx","",0),	"ebx");	# save iv

-	&function_end_A($name);

-	&align(64);

-	&set_label("cbc_enc_jmp_table");

-	&data_word("0");

-	&data_word(&label("ej1")."-".&label("PIC_point"));

-	&data_word(&label("ej2")."-".&label("PIC_point"));

-	&data_word(&label("ej3")."-".&label("PIC_point"));

-	&data_word(&label("ej4")."-".&label("PIC_point"));

-	&data_word(&label("ej5")."-".&label("PIC_point"));

-	&data_word(&label("ej6")."-".&label("PIC_point"));

-	&data_word(&label("ej7")."-".&label("PIC_point"));

-	# not used

-	#&set_label("cbc_dec_jmp_table",1);

-	#&data_word("0");

-	#&data_word(&label("dj1")."-".&label("PIC_point"));

-	#&data_word(&label("dj2")."-".&label("PIC_point"));

-	#&data_word(&label("dj3")."-".&label("PIC_point"));

-	#&data_word(&label("dj4")."-".&label("PIC_point"));

-	#&data_word(&label("dj5")."-".&label("PIC_point"));

-	#&data_word(&label("dj6")."-".&label("PIC_point"));

-	#&data_word(&label("dj7")."-".&label("PIC_point"));

-	&align(64);

-	&function_end_B($name);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/perlasm/readme

+++ /dev/null

@@ -1,124 +1,0 @@

-The perl scripts in this directory are my 'hack' to generate

-multiple different assembler formats via the one origional script.

-The way to use this library is to start with adding the path to this directory

-and then include it.

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-The first thing we do is setup the file and type of assember

-&asm_init($ARGV[0],$0);

-The first argument is the 'type'.  Currently

-'cpp', 'sol', 'a.out', 'elf' or 'win32'.

-Argument 2 is the file name.

-The reciprocal function is

-&asm_finish() which should be called at the end.

-There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,

-and x86unix.pl which is the unix (gas) version.

-Functions of interest are:

-&external_label("des_SPtrans");	declare and external variable

-&LB(reg);			Low byte for a register

-&HB(reg);			High byte for a register

-&BP(off,base,index,scale)	Byte pointer addressing

-&DWP(off,base,index,scale)	Word pointer addressing

-&stack_push(num)		Basically a 'sub esp, num*4' with extra

-&stack_pop(num)			inverse of stack_push

-&function_begin(name,extra)	Start a function with pushing of

-				edi, esi, ebx and ebp.  extra is extra win32

-				external info that may be required.

-&function_begin_B(name,extra)	Same as norma function_begin but no pushing.

-&function_end(name)		Call at end of function.

-&function_end_A(name)		Standard pop and ret, for use inside functions

-&function_end_B(name)		Call at end but with poping or 'ret'.

-&swtmp(num)			Address on stack temp word.

-&wparam(num)			Parameter number num, that was push

-				in C convention.  This all works over pushes

-				and pops.

-&comment("hello there")		Put in a comment.

-&label("loop")			Refer to a label, normally a jmp target.

-&set_label("loop")		Set a label at this point.

-&data_word(word)		Put in a word of data.

-So how does this all hold together?  Given

-int calc(int len, int *data)

-	{

-	int i,j=0;

-	for (i=0; i<len; i++)

-		{

-		j+=other(data[i]);

-		}

-	}

-So a very simple version of this function could be coded as

-	push(@INC,"perlasm","../../perlasm");

-	require "x86asm.pl";

-	&asm_init($ARGV[0],"cacl.pl");

-	&external_label("other");

-	$tmp1=	"eax";

-	$j=	"edi";

-	$data=	"esi";

-	$i=	"ebp";

-	&comment("a simple function");

-	&function_begin("calc");

-	&mov(	$data,		&wparam(1)); # data

-	&xor(	$j,		$j);

-	&xor(	$i,		$i);

-	&set_label("loop");

-	&cmp(	$i,		&wparam(0));

-	&jge(	&label("end"));

-	&mov(	$tmp1,		&DWP(0,$data,$i,4));

-	&push(	$tmp1);

-	&call(	"other");

-	&add(	$j,		"eax");

-	&pop(	$tmp1);

-	&inc(	$i);

-	&jmp(	&label("loop"));

-	&set_label("end");

-	&mov(	"eax",		$j);

-	&function_end("calc");

-	&asm_finish();

-The above example is very very unoptimised but gives an idea of how

-things work.

-There is also a cbc mode function generator in cbc.pl

-&cbc(	$name,

-	$encrypt_function_name,

-	$decrypt_function_name,

-	$true_if_byte_swap_needed,

-	$parameter_number_for_iv,

-	$parameter_number_for_encrypt_flag,

-	$first_parameter_to_pass,

-	$second_parameter_to_pass,

-	$third_parameter_to_pass);

-So for example, given

-void BF_encrypt(BF_LONG *data,BF_KEY *key);

-void BF_decrypt(BF_LONG *data,BF_KEY *key);

-void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,

-        BF_KEY *ks, unsigned char *iv, int enc);

-&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);

-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);

-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);

--- a/sys/src/ape/lib/openssl/crypto/perlasm/x86_64-xlate.pl

+++ /dev/null

@@ -1,506 +1,0 @@

-#!/usr/bin/env perl

-# Ascetic x86_64 AT&T to MASM assembler translator by <appro>.

-#

-# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T

-# format is way easier to parse. Because it's simpler to "gear" from

-# Unix ABI to Windows one [see cross-reference "card" at the end of

-# file]. Because Linux targets were available first...

-#

-# In addition the script also "distills" code suitable for GNU

-# assembler, so that it can be compiled with more rigid assemblers,

-# such as Solaris /usr/ccs/bin/as.

-#

-# This translator is not designed to convert *arbitrary* assembler

-# code from AT&T format to MASM one. It's designed to convert just

-# enough to provide for dual-ABI OpenSSL modules development...

-# There *are* limitations and you might have to modify your assembler

-# code or this script to achieve the desired result...

-#

-# Currently recognized limitations:

-#

-# - can't use multiple ops per line;

-# - indirect calls and jumps are not supported;

-#

-# Dual-ABI styling rules.

-#

-# 1. Adhere to Unix register and stack layout [see the end for

-#    explanation].

-# 2. Forget about "red zone," stick to more traditional blended

-#    stack frame allocation. If volatile storage is actually required

-#    that is. If not, just leave the stack as is.

-# 3. Functions tagged with ".type name,@function" get crafted with

-#    unified Win64 prologue and epilogue automatically. If you want

-#    to take care of ABI differences yourself, tag functions as

-#    ".type name,@abi-omnipotent" instead.

-# 4. To optimize the Win64 prologue you can specify number of input

-#    arguments as ".type name,@function,N." Keep in mind that if N is

-#    larger than 6, then you *have to* write "abi-omnipotent" code,

-#    because >6 cases can't be addressed with unified prologue.

-# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:

-#    (sorry about latter).

-# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is

-#    required to identify the spots, where to inject Win64 epilogue!

-#    But on the pros, it's then prefixed with rep automatically:-)

-# 7. Due to MASM limitations [and certain general counter-intuitivity

-#    of ip-relative addressing] generation of position-independent

-#    code is assisted by synthetic directive, .picmeup, which puts

-#    address of the *next* instruction into target register.

-#

-#    Example 1:

-#		.picmeup	%rax

-#		lea		.Label-.(%rax),%rax

-#    Example 2:

-#		.picmeup	%rcx

-#	.Lpic_point:

-#		...

-#		lea		.Label-.Lpic_point(%rcx),%rbp

-my $output = shift;

-open STDOUT,">$output" || die "can't open $output: $!";

-my $masm=1 if ($output =~ /\.asm/);

-my $current_segment;

-my $current_function;

-{ package opcode;	# pick up opcodes

-    sub re {

-	my	$self = shift;	# single instance in enough...

-	local	*line = shift;

-	undef	$ret;

-	if ($line =~ /^([a-z]+)/i) {

-	    $self->{op} = $1;

-	    $ret = $self;

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	    undef $self->{sz};

-	    if ($self->{op} =~ /(movz)b.*/) {	# movz is pain...

-		$self->{op} = $1;

-		$self->{sz} = "b";

-	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])/) {

-		$self->{op} = $1;

-		$self->{sz} = $2;

-	    }

-	}

-	$ret;

-    }

-    sub size {

-	my $self = shift;

-	my $sz   = shift;

-	$self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));

-	$self->{sz};

-    }

-    sub out {

-	my $self = shift;

-	if (!$masm) {

-	    if ($self->{op} eq "movz") {	# movz in pain...

-		sprintf "%s%s%s",$self->{op},$self->{sz},shift;

-	    } elsif ($self->{op} eq "ret") {

-	    	".byte	0xf3,0xc3";

-	    } else {

-		"$self->{op}$self->{sz}";

-	    }

-	} else {

-	    $self->{op} =~ s/movz/movzx/;

-	    if ($self->{op} eq "ret") {

-		$self->{op} = "";

-		if ($current_function->{abi} eq "svr4") {

-		    $self->{op} = "mov	rdi,QWORD PTR 8[rsp]\t;WIN64 epilogue\n\t".

-				  "mov	rsi,QWORD PTR 16[rsp]\n\t";

-	    	}

-		$self->{op} .= "DB\t0F3h,0C3h\t\t;repret";

-	    }

-	    $self->{op};

-	}

-    }

-}

-{ package const;	# pick up constants, which start with $

-    sub re {

-	my	$self = shift;	# single instance in enough...

-	local	*line = shift;

-	undef	$ret;

-	if ($line =~ /^\$([^,]+)/) {

-	    $self->{value} = $1;

-	    $ret = $self;

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	}

-	$ret;

-    }

-    sub out {

-    	my $self = shift;

-	if (!$masm) {

-	    sprintf "\$%s",$self->{value};

-	} else {

-	    $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig;

-	    sprintf "%s",$self->{value};

-	}

-    }

-}

-{ package ea;		# pick up effective addresses: expr(%reg,%reg,scale)

-    sub re {

-	my	$self = shift;	# single instance in enough...

-	local	*line = shift;

-	undef	$ret;

-	if ($line =~ /^([^\(,]*)\(([%\w,]+)\)/) {

-	    $self->{label} = $1;

-	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$2);

-	    $self->{scale} = 1 if (!defined($self->{scale}));

-	    $ret = $self;

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	    $self->{base}  =~ s/^%//;

-	    $self->{index} =~ s/^%// if (defined($self->{index}));

-	}

-	$ret;

-    }

-    sub size {}

-    sub out {

-    	my $self = shift;

-	my $sz = shift;

-	if (!$masm) {

-	    # elder GNU assembler insists on 64-bit EAs:-(

-	    # on pros side, this results in more compact code:-)

-	    $self->{index} =~ s/^[er](.?[0-9xp])[d]?$/r\1/;

-	    $self->{base}  =~ s/^[er](.?[0-9xp])[d]?$/r\1/;

-	    # Solaris /usr/ccs/bin/as can't handle multiplications

-	    # in $self->{label}

-	    $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/eg;

-	    $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;

-	    if (defined($self->{index})) {

-		sprintf "%s(%%%s,%%%s,%d)",

-					$self->{label},$self->{base},

-					$self->{index},$self->{scale};

-	    } else {

-		sprintf "%s(%%%s)",	$self->{label},$self->{base};

-	    }

-	} else {

-	    %szmap = ( b=>"BYTE", w=>"WORD", l=>"DWORD", q=>"QWORD" );

-	    $self->{label} =~ s/\./\$/g;

-	    $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig;

-	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);

-	    if (defined($self->{index})) {

-		sprintf "%s PTR %s[%s*%d+%s]",$szmap{$sz},

-					$self->{label},

-					$self->{index},$self->{scale},

-					$self->{base};

-	    } else {

-		sprintf "%s PTR %s[%s]",$szmap{$sz},

-					$self->{label},$self->{base};

-	    }

-	}

-    }

-}

-{ package register;	# pick up registers, which start with %.

-    sub re {

-	my	$class = shift;	# muliple instances...

-	my	$self = {};

-	local	*line = shift;

-	undef	$ret;

-	if ($line =~ /^%(\w+)/) {

-	    bless $self,$class;

-	    $self->{value} = $1;

-	    $ret = $self;

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	}

-	$ret;

-    }

-    sub size {

-	my	$self = shift;

-	undef	$ret;

-	if    ($self->{value} =~ /^r[\d]+b$/i)	{ $ret="b"; }

-	elsif ($self->{value} =~ /^r[\d]+w$/i)	{ $ret="w"; }

-	elsif ($self->{value} =~ /^r[\d]+d$/i)	{ $ret="l"; }

-	elsif ($self->{value} =~ /^r[\w]+$/i)	{ $ret="q"; }

-	elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }

-	elsif ($self->{value} =~ /^[\w]{2}l$/i)	{ $ret="b"; }

-	elsif ($self->{value} =~ /^[\w]{2}$/i)	{ $ret="w"; }

-	elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }

-	$ret;

-    }

-    sub out {

-    	my $self = shift;

-	sprintf $masm?"%s":"%%%s",$self->{value};

-    }

-}

-{ package label;	# pick up labels, which end with :

-    sub re {

-	my	$self = shift;	# single instance is enough...

-	local	*line = shift;

-	undef	$ret;

-	if ($line =~ /(^[\.\w]+\:)/) {

-	    $self->{value} = $1;

-	    $ret = $self;

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	    $self->{value} =~ s/\.L/\$L/ if ($masm);

-	}

-	$ret;

-    }

-    sub out {

-	my $self = shift;

-	if (!$masm) {

-	    $self->{value};

-	} elsif ($self->{value} ne "$current_function->{name}:") {

-	    $self->{value};

-	} elsif ($current_function->{abi} eq "svr4") {

-	    my $func =	"$current_function->{name}	PROC\n".

-			"	mov	QWORD PTR 8[rsp],rdi\t;WIN64 prologue\n".

-			"	mov	QWORD PTR 16[rsp],rsi\n";

-	    my $narg = $current_function->{narg};

-	    $narg=6 if (!defined($narg));

-	    $func .= "	mov	rdi,rcx\n" if ($narg>0);

-	    $func .= "	mov	rsi,rdx\n" if ($narg>1);

-	    $func .= "	mov	rdx,r8\n"  if ($narg>2);

-	    $func .= "	mov	rcx,r9\n"  if ($narg>3);

-	    $func .= "	mov	r8,QWORD PTR 40[rsp]\n" if ($narg>4);

-	    $func .= "	mov	r9,QWORD PTR 48[rsp]\n" if ($narg>5);

-	    $func .= "\n";

-	} else {

-	   "$current_function->{name}	PROC";

-	}

-    }

-}

-{ package expr;		# pick up expressioins

-    sub re {

-	my	$self = shift;	# single instance is enough...

-	local	*line = shift;

-	undef	$ret;

-	if ($line =~ /(^[^,]+)/) {

-	    $self->{value} = $1;

-	    $ret = $self;

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	    $self->{value} =~ s/\.L/\$L/g if ($masm);

-	}

-	$ret;

-    }

-    sub out {

-	my $self = shift;

-	$self->{value};

-    }

-}

-{ package directive;	# pick up directives, which start with .

-    sub re {

-	my	$self = shift;	# single instance is enough...

-	local	*line = shift;

-	undef	$ret;

-	my	$dir;

-	my	%opcode =	# lea 2f-1f(%rip),%dst; 1: nop; 2:

-		(	"%rax"=>0x01058d48,	"%rcx"=>0x010d8d48,

-			"%rdx"=>0x01158d48,	"%rbx"=>0x011d8d48,

-			"%rsp"=>0x01258d48,	"%rbp"=>0x012d8d48,

-			"%rsi"=>0x01358d48,	"%rdi"=>0x013d8d48,

-			"%r8" =>0x01058d4c,	"%r9" =>0x010d8d4c,

-			"%r10"=>0x01158d4c,	"%r11"=>0x011d8d4c,

-			"%r12"=>0x01258d4c,	"%r13"=>0x012d8d4c,

-			"%r14"=>0x01358d4c,	"%r15"=>0x013d8d4c	);

-	if ($line =~ /^\s*(\.\w+)/) {

-	    if (!$masm) {

-		$self->{value} = $1;

-		$line =~ s/\@abi\-omnipotent/\@function/;

-		$line =~ s/\@function.*/\@function/;

-		if ($line =~ /\.picmeup\s+(%r[\w]+)/i) {

-		    $self->{value} = sprintf "\t.long\t0x%x,0x90000000",$opcode{$1};

-		} else {

-		    $self->{value} = $line;

-		}

-		$line = "";

-		return $self;

-	    }

-	    $dir = $1;

-	    $ret = $self;

-	    undef $self->{value};

-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;

-	    SWITCH: for ($dir) {

-		/\.(text)/

-			    && do { my $v=undef;

-				    $v="$current_segment\tENDS\n" if ($current_segment);

-				    $current_segment = "_$1\$";

-				    $current_segment =~ tr/[a-z]/[A-Z]/;

-				    $v.="$current_segment\tSEGMENT ALIGN(64) 'CODE'";

-				    $self->{value} = $v;

-				    last;

-				  };

-		/\.globl/   && do { $self->{value} = "PUBLIC\t".$line; last; };

-		/\.type/    && do { ($sym,$type,$narg) = split(',',$line);

-				    if ($type eq "\@function") {

-					undef $current_function;

-					$current_function->{name} = $sym;

-					$current_function->{abi}  = "svr4";

-					$current_function->{narg} = $narg;

-				    } elsif ($type eq "\@abi-omnipotent") {

-					undef $current_function;

-					$current_function->{name} = $sym;

-				    }

-				    last;

-				  };

-		/\.size/    && do { if (defined($current_function)) {

-					$self->{value}="$current_function->{name}\tENDP";

-					undef $current_function;

-				    }

-				    last;

-				  };

-		/\.align/   && do { $self->{value} = "ALIGN\t".$line; last; };

-		/\.(byte|value|long|quad)/

-			    && do { my @arr = split(',',$line);

-				    my $sz  = substr($1,0,1);

-				    my $last = pop(@arr);

-				    $sz =~ tr/bvlq/BWDQ/;

-				    $self->{value} = "\tD$sz\t";

-				    for (@arr) { $self->{value} .= sprintf"0%Xh,",oct; }

-				    $self->{value} .= sprintf"0%Xh",oct($last);

-				    last;

-				  };

-		/\.picmeup/ && do { $self->{value} = sprintf"\tDD\t 0%Xh,090000000h",$opcode{$line};

-				    last;

-				  };

-	    }

-	    $line = "";

-	}

-	$ret;

-    }

-    sub out {

-	my $self = shift;

-	$self->{value};

-    }

-}

-while($line=<>) {

-    chomp($line);

-    $line =~ s|[#!].*$||;	# get rid of asm-style comments...

-    $line =~ s|/\*.*\*/||;	# ... and C-style comments...

-    $line =~ s|^\s+||;		# ... and skip white spaces in beginning

-    undef $label;

-    undef $opcode;

-    undef $dst;

-    undef $src;

-    undef $sz;

-    if ($label=label->re(\$line))	{ print $label->out(); }

-    if (directive->re(\$line)) {

-	printf "%s",directive->out();

-    } elsif ($opcode=opcode->re(\$line)) { ARGUMENT: {

-	if ($src=register->re(\$line))	{ opcode->size($src->size()); }

-	elsif ($src=const->re(\$line))	{ }

-	elsif ($src=ea->re(\$line))	{ }

-	elsif ($src=expr->re(\$line))	{ }

-	last ARGUMENT if ($line !~ /^,/);

-	$line = substr($line,1); $line =~ s/^\s+//;

-	if ($dst=register->re(\$line))	{ opcode->size($dst->size()); }

-	elsif ($dst=const->re(\$line))	{ }

-	elsif ($dst=ea->re(\$line))	{ }

-	} # ARGUMENT:

-	$sz=opcode->size();

-	if (defined($dst)) {

-	    if (!$masm) {

-		printf "\t%s\t%s,%s",	$opcode->out($dst->size()),

-					$src->out($sz),$dst->out($sz);

-	    } else {

-		printf "\t%s\t%s,%s",	$opcode->out(),

-					$dst->out($sz),$src->out($sz);

-	    }

-	} elsif (defined($src)) {

-	    printf "\t%s\t%s",$opcode->out(),$src->out($sz);

-	} else {

-	    printf "\t%s",$opcode->out();

-	}

-    }

-    print $line,"\n";

-}

-print "\n$current_segment\tENDS\nEND\n" if ($masm);

-close STDOUT;

-#################################################

-# Cross-reference x86_64 ABI "card"

-#

-# 		Unix		Win64

-# %rax		*		*

-# %rbx		-		-

-# %rcx		#4		#1

-# %rdx		#3		#2

-# %rsi		#2		-

-# %rdi		#1		-

-# %rbp		-		-

-# %rsp		-		-

-# %r8		#5		#3

-# %r9		#6		#4

-# %r10		*		*

-# %r11		*		*

-# %r12		-		-

-# %r13		-		-

-# %r14		-		-

-# %r15		-		-

-#

-# (*)	volatile register

-# (-)	preserved by callee

-# (#)	Nth argument, volatile

-#

-# In Unix terms top of stack is argument transfer area for arguments

-# which could not be accomodated in registers. Or in other words 7th

-# [integer] argument resides at 8(%rsp) upon function entry point.

-# 128 bytes above %rsp constitute a "red zone" which is not touched

-# by signal handlers and can be used as temporal storage without

-# allocating a frame.

-#

-# In Win64 terms N*8 bytes on top of stack is argument transfer area,

-# which belongs to/can be overwritten by callee. N is the number of

-# arguments passed to callee, *but* not less than 4! This means that

-# upon function entry point 5th argument resides at 40(%rsp), as well

-# as that 32 bytes from 8(%rsp) can always be used as temporal

-# storage [without allocating a frame].

-#

-# All the above means that if assembler programmer adheres to Unix

-# register and stack layout, but disregards the "red zone" existense,

-# it's possible to use following prologue and epilogue to "gear" from

-# Unix to Win64 ABI in leaf functions with not more than 6 arguments.

-#

-# omnipotent_function:

-# ifdef WIN64

-#	movq	%rdi,8(%rsp)

-#	movq	%rsi,16(%rsp)

-#	movq	%rcx,%rdi	; if 1st argument is actually present

-#	movq	%rdx,%rsi	; if 2nd argument is actually ...

-#	movq	%r8,%rdx	; if 3rd argument is ...

-#	movq	%r9,%rcx	; if 4th argument ...

-#	movq	40(%rsp),%r8	; if 5th ...

-#	movq	48(%rsp),%r9	; if 6th ...

-# endif

-#	...

-# ifdef WIN64

-#	movq	8(%rsp),%rdi

-#	movq	16(%rsp),%rsi

-# endif

-#	ret

--- a/sys/src/ape/lib/openssl/crypto/perlasm/x86asm.pl

+++ /dev/null

@@ -1,130 +1,0 @@

-#!/usr/local/bin/perl

-# require 'x86asm.pl';

-# &asm_init("cpp","des-586.pl");

-# XXX

-# XXX

-# main'asm_finish

-sub main'asm_finish

-	{

-	&file_end();

-	&asm_finish_cpp() if $cpp;

-	print &asm_get_output();

-	}

-sub main'asm_init

-	{

-	($type,$fn,$i386)=@_;

-	$filename=$fn;

-	$elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;

-	if (	($type eq "elf"))

-		{ $elf=1; require "x86unix.pl"; }

-	elsif (	($type eq "a.out"))

-		{ $aout=1; require "x86unix.pl"; }

-	elsif (	($type eq "coff" or $type eq "gaswin"))

-		{ $coff=1; require "x86unix.pl"; }

-	elsif (	($type eq "cpp"))

-		{ $cpp=1; require "x86unix.pl"; }

-	elsif (	($type eq "win32"))

-		{ $win32=1; require "x86ms.pl"; }

-	elsif (	($type eq "win32n"))

-		{ $win32=1; require "x86nasm.pl"; }

-	elsif (	($type eq "nw-nasm"))

-		{ $netware=1; require "x86nasm.pl"; }

-	elsif (	($type eq "nw-mwasm"))

-		{ $netware=1; $mwerks=1; require "x86nasm.pl"; }

-	else

-		{

-		print STDERR <<"EOF";

-Pick one target type from

-	elf	- Linux, FreeBSD, Solaris x86, etc.

-	a.out	- OpenBSD, DJGPP, etc.

-	coff	- GAS/COFF such as Win32 targets

-	win32	- Windows 95/Windows NT

-	win32n	- Windows 95/Windows NT NASM format

-	nw-nasm - NetWare NASM format

-	nw-mwasm- NetWare Metrowerks Assembler

-EOF

-		exit(1);

-		}

-	$pic=0;

-	for (@ARGV) {	$pic=1 if (/\-[fK]PIC/i);	}

-	&asm_init_output();

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $filename");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of ELF, a.out, COFF, Win32, ...");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("");

-	$filename =~ s/\.pl$//;

-	&file($filename);

-	}

-sub asm_finish_cpp

-	{

-	return unless $cpp;

-	local($tmp,$i);

-	foreach $i (&get_labels())

-		{

-		$tmp.="#define $i _$i\n";

-		}

-	print <<"EOF";

-/* Run the C pre-processor over this file with one of the following defined

- * ELF - elf object files,

- * OUT - a.out object files,

- * BSDI - BSDI style a.out object files

- * SOL - Solaris style elf

- */

-#define TYPE(a,b)       .type   a,b

-#define SIZE(a,b)       .size   a,b

-#if defined(OUT) || (defined(BSDI) && !defined(ELF))

-$tmp

-#endif

-#ifdef OUT

-#define OK	1

-#define ALIGN	4

-#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)

-#undef SIZE

-#undef TYPE

-#define SIZE(a,b)

-#define TYPE(a,b)	.def a; .scl 2; .type 32; .endef

-#endif /* __CYGWIN || __DJGPP */

-#endif

-#if defined(BSDI) && !defined(ELF)

-#define OK              1

-#define ALIGN           4

-#undef SIZE

-#undef TYPE

-#define SIZE(a,b)

-#define TYPE(a,b)

-#endif

-#if defined(ELF) || defined(SOL)

-#define OK              1

-#define ALIGN           16

-#endif

-#ifndef OK

-You need to define one of

-ELF - elf systems - linux-elf, NetBSD and DG-UX

-OUT - a.out systems - linux-a.out and FreeBSD

-SOL - solaris systems, which are elf with strange comment lines

-BSDI - a.out with a very primative version of as.

-#endif

-/* Let the Assembler begin :-) */

-EOF

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/perlasm/x86ms.pl

+++ /dev/null

@@ -1,462 +1,0 @@

-#!/usr/local/bin/perl

-package x86ms;

-$label="L000";

-%lb=(	'eax',	'al',

-	'ebx',	'bl',

-	'ecx',	'cl',

-	'edx',	'dl',

-	'ax',	'al',

-	'bx',	'bl',

-	'cx',	'cl',

-	'dx',	'dl',

-	);

-%hb=(	'eax',	'ah',

-	'ebx',	'bh',

-	'ecx',	'ch',

-	'edx',	'dh',

-	'ax',	'ah',

-	'bx',	'bh',

-	'cx',	'ch',

-	'dx',	'dh',

-	);

-sub main'asm_init_output { @out=(); }

-sub main'asm_get_output { return(@out); }

-sub main'get_labels { return(@labels); }

-sub main'external_label

-{

-	push(@labels,@_);

-	foreach (@_) {

-		push(@out, "EXTRN\t_$_:DWORD\n");

-	}

-}

-sub main'LB

-	{

-	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";

-	return($lb{$_[0]});

-	}

-sub main'HB

-	{

-	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";

-	return($hb{$_[0]});

-	}

-sub main'BP

-	{

-	&get_mem("BYTE",@_);

-	}

-sub main'DWP

-	{

-	&get_mem("DWORD",@_);

-	}

-sub main'QWP

-	{

-	&get_mem("QWORD",@_);

-	}

-sub main'BC

-	{

-	return @_;

-	}

-sub main'DWC

-	{

-	return @_;

-	}

-sub main'stack_push

-	{

-	local($num)=@_;

-	$stack+=$num*4;

-	&main'sub("esp",$num*4);

-	}

-sub main'stack_pop

-	{

-	local($num)=@_;

-	$stack-=$num*4;

-	&main'add("esp",$num*4);

-	}

-sub get_mem

-	{

-	local($size,$addr,$reg1,$reg2,$idx)=@_;

-	local($t,$post);

-	local($ret)="$size PTR ";

-	$addr =~ s/^\s+//;

-	if ($addr =~ /^(.+)\+(.+)$/)

-		{

-		$reg2=&conv($1);

-		$addr="_$2";

-		}

-	elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)

-		{

-		$addr="_$addr";

-		}

-	if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }

-	$reg1="$regs{$reg1}" if defined($regs{$reg1});

-	$reg2="$regs{$reg2}" if defined($regs{$reg2});

-	if (($addr ne "") && ($addr ne 0))

-		{

-		if ($addr !~ /^-/)

-			{ $ret.=$addr; }

-		else	{ $post=$addr; }

-		}

-	if ($reg2 ne "")

-		{

-		$t="";

-		$t="*$idx" if ($idx != 0);

-		$reg1="+".$reg1 if ("$reg1$post" ne "");

-		$ret.="[$reg2$t$reg1$post]";

-		}

-	else

-		{

-		$ret.="[$reg1$post]"

-		}

-	$ret =~ s/\[\]//;	# in case $addr was the only argument

-	return($ret);

-	}

-sub main'mov	{ &out2("mov",@_); }

-sub main'movb	{ &out2("mov",@_); }

-sub main'and	{ &out2("and",@_); }

-sub main'or	{ &out2("or",@_); }

-sub main'shl	{ &out2("shl",@_); }

-sub main'shr	{ &out2("shr",@_); }

-sub main'xor	{ &out2("xor",@_); }

-sub main'xorb	{ &out2("xor",@_); }

-sub main'add	{ &out2("add",@_); }

-sub main'adc	{ &out2("adc",@_); }

-sub main'sub	{ &out2("sub",@_); }

-sub main'sbb	{ &out2("sbb",@_); }

-sub main'rotl	{ &out2("rol",@_); }

-sub main'rotr	{ &out2("ror",@_); }

-sub main'exch	{ &out2("xchg",@_); }

-sub main'cmp	{ &out2("cmp",@_); }

-sub main'lea	{ &out2("lea",@_); }

-sub main'mul	{ &out1("mul",@_); }

-sub main'div	{ &out1("div",@_); }

-sub main'dec	{ &out1("dec",@_); }

-sub main'inc	{ &out1("inc",@_); }

-sub main'jmp	{ &out1("jmp",@_); }

-sub main'jmp_ptr { &out1p("jmp",@_); }

-sub main'je	{ &out1("je",@_); }

-sub main'jle	{ &out1("jle",@_); }

-sub main'jz	{ &out1("jz",@_); }

-sub main'jge	{ &out1("jge",@_); }

-sub main'jl	{ &out1("jl",@_); }

-sub main'ja	{ &out1("ja",@_); }

-sub main'jae	{ &out1("jae",@_); }

-sub main'jb	{ &out1("jb",@_); }

-sub main'jbe	{ &out1("jbe",@_); }

-sub main'jc	{ &out1("jc",@_); }

-sub main'jnc	{ &out1("jnc",@_); }

-sub main'jnz	{ &out1("jnz",@_); }

-sub main'jne	{ &out1("jne",@_); }

-sub main'jno	{ &out1("jno",@_); }

-sub main'push	{ &out1("push",@_); $stack+=4; }

-sub main'pop	{ &out1("pop",@_); $stack-=4; }

-sub main'pushf	{ &out0("pushfd"); $stack+=4; }

-sub main'popf	{ &out0("popfd"); $stack-=4; }

-sub main'bswap	{ &out1("bswap",@_); &using486(); }

-sub main'not	{ &out1("not",@_); }

-sub main'call	{ &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); }

-sub main'call_ptr { &out1p("call",@_); }

-sub main'ret	{ &out0("ret"); }

-sub main'nop	{ &out0("nop"); }

-sub main'test	{ &out2("test",@_); }

-sub main'bt	{ &out2("bt",@_); }

-sub main'leave	{ &out0("leave"); }

-sub main'cpuid  { &out0("DW\t0A20Fh"); }

-sub main'rdtsc  { &out0("DW\t0310Fh"); }

-sub main'halt	{ &out0("hlt"); }

-sub main'movz	{ &out2("movzx",@_); }

-sub main'neg	{ &out1("neg",@_); }

-sub main'cld	{ &out0("cld"); }

-# SSE2

-sub main'emms	{ &out0("emms"); }

-sub main'movd	{ &out2("movd",@_); }

-sub main'movq	{ &out2("movq",@_); }

-sub main'movdqu	{ &out2("movdqu",@_); }

-sub main'movdqa	{ &out2("movdqa",@_); }

-sub main'movdq2q{ &out2("movdq2q",@_); }

-sub main'movq2dq{ &out2("movq2dq",@_); }

-sub main'paddq	{ &out2("paddq",@_); }

-sub main'pmuludq{ &out2("pmuludq",@_); }

-sub main'psrlq	{ &out2("psrlq",@_); }

-sub main'psllq	{ &out2("psllq",@_); }

-sub main'pxor	{ &out2("pxor",@_); }

-sub main'por	{ &out2("por",@_); }

-sub main'pand	{ &out2("pand",@_); }

-sub out2

-	{

-	local($name,$p1,$p2)=@_;

-	local($l,$t,$line);

-	$line="\t$name\t";

-	$t=&conv($p1).",";

-	$l=length($t);

-	$line.="$t";

-	$l=4-($l+9)/8;

-	$line.="\t" x $l;

-	$line.=&conv($p2);

-	if ($line=~/\bxmm[0-7]\b/i) { $line=~s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i; }

-	push(@out,$line."\n");

-	}

-sub out0

-	{

-	local($name)=@_;

-	push(@out,"\t$name\n");

-	}

-sub out1

-	{

-	local($name,$p1)=@_;

-	local($l,$t);

-	push(@out,"\t$name\t".&conv($p1)."\n");

-	}

-sub conv

-	{

-	local($p)=@_;

-	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;

-	return $p;

-	}

-sub using486

-	{

-	return if $using486;

-	$using486++;

-	grep(s/\.386/\.486/,@out);

-	}

-sub main'file

-	{

-	local($file)=@_;

-	local($tmp)=<<"EOF";

-	TITLE	$file.asm

-        .386

-.model	FLAT

-_TEXT\$	SEGMENT PAGE 'CODE'

-EOF

-	push(@out,$tmp);

-	}

-sub main'function_begin

-	{

-	local($func,$extra)=@_;

-	push(@labels,$func);

-	local($tmp)=<<"EOF";

-PUBLIC	_$func

-$extra

-_$func PROC NEAR

-	push	ebp

-	push	ebx

-	push	esi

-	push	edi

-EOF

-	push(@out,$tmp);

-	$stack=20;

-	}

-sub main'function_begin_B

-	{

-	local($func,$extra)=@_;

-	local($tmp)=<<"EOF";

-PUBLIC	_$func

-$extra

-_$func PROC NEAR

-EOF

-	push(@out,$tmp);

-	$stack=4;

-	}

-sub main'function_end

-	{

-	local($func)=@_;

-	local($tmp)=<<"EOF";

-	pop	edi

-	pop	esi

-	pop	ebx

-	pop	ebp

-	ret

-_$func ENDP

-EOF

-	push(@out,$tmp);

-	$stack=0;

-	%label=();

-	}

-sub main'function_end_B

-	{

-	local($func)=@_;

-	local($tmp)=<<"EOF";

-_$func ENDP

-EOF

-	push(@out,$tmp);

-	$stack=0;

-	%label=();

-	}

-sub main'function_end_A

-	{

-	local($func)=@_;

-	local($tmp)=<<"EOF";

-	pop	edi

-	pop	esi

-	pop	ebx

-	pop	ebp

-	ret

-EOF

-	push(@out,$tmp);

-	}

-sub main'file_end

-	{

-	# try to detect if SSE2 or MMX extensions were used...

-	if (grep {/\b[x]?mm[0-7]\b,/i} @out) {

-		grep {s/\.[3-7]86/\.686\n\t\.XMM/} @out;

-		}

-	push(@out,"_TEXT\$	ENDS\n");

-	push(@out,"END\n");

-	}

-sub main'wparam

-	{

-	local($num)=@_;

-	return(&main'DWP($stack+$num*4,"esp","",0));

-	}

-sub main'swtmp

-	{

-	return(&main'DWP($_[0]*4,"esp","",0));

-	}

-# Should use swtmp, which is above esp.  Linix can trash the stack above esp

-#sub main'wtmp

-#	{

-#	local($num)=@_;

-#

-#	return(&main'DWP(-(($num+1)*4),"esp","",0));

-#	}

-sub main'comment

-	{

-	foreach (@_)

-		{

-		push(@out,"\t; $_\n");

-		}

-	}

-sub main'public_label

-	{

-	$label{$_[0]}="_$_[0]"	if (!defined($label{$_[0]}));

-	push(@out,"PUBLIC\t$label{$_[0]}\n");

-	}

-sub main'label

-	{

-	if (!defined($label{$_[0]}))

-		{

-		$label{$_[0]}="\$${label}${_[0]}";

-		$label++;

-		}

-	return($label{$_[0]});

-	}

-sub main'set_label

-	{

-	if (!defined($label{$_[0]}))

-		{

-		$label{$_[0]}="\$${label}${_[0]}";

-		$label++;

-		}

-	if ($_[1]!=0 && $_[1]>1)

-		{

-		main'align($_[1]);

-		}

-	if((defined $_[2]) && ($_[2] == 1))

-		{

-		push(@out,"$label{$_[0]}::\n");

-		}

-	elsif ($label{$_[0]} !~ /^\$/)

-		{

-		push(@out,"$label{$_[0]}\tLABEL PTR\n");

-		}

-	else

-		{

-		push(@out,"$label{$_[0]}:\n");

-		}

-	}

-sub main'data_byte

-	{

-	push(@out,"\tDB\t".join(',',@_)."\n");

-	}

-sub main'data_word

-	{

-	push(@out,"\tDD\t".join(',',@_)."\n");

-	}

-sub main'align

-	{

-	push(@out,"\tALIGN\t$_[0]\n");

-	}

-sub out1p

-	{

-	local($name,$p1)=@_;

-	local($l,$t);

-	push(@out,"\t$name\t".&conv($p1)."\n");

-	}

-sub main'picmeup

-	{

-	local($dst,$sym)=@_;

-	&main'lea($dst,&main'DWP($sym));

-	}

-sub main'blindpop { &out1("pop",@_); }

-sub main'initseg

-	{

-	local($f)=@_;

-	local($tmp)=<<___;

-OPTION	DOTNAME

-.CRT\$XCU	SEGMENT DWORD PUBLIC 'DATA'

-EXTRN	_$f:NEAR

-DD	_$f

-.CRT\$XCU	ENDS

-___

-	push(@out,$tmp);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/perlasm/x86nasm.pl

+++ /dev/null

@@ -1,451 +1,0 @@

-#!/usr/local/bin/perl

-package x86nasm;

-$label="L000";

-$under=($main'netware)?'':'_';

-%lb=(	'eax',	'al',

-	'ebx',	'bl',

-	'ecx',	'cl',

-	'edx',	'dl',

-	'ax',	'al',

-	'bx',	'bl',

-	'cx',	'cl',

-	'dx',	'dl',

-	);

-%hb=(	'eax',	'ah',

-	'ebx',	'bh',

-	'ecx',	'ch',

-	'edx',	'dh',

-	'ax',	'ah',

-	'bx',	'bh',

-	'cx',	'ch',

-	'dx',	'dh',

-	);

-sub main'asm_init_output { @out=(); }

-sub main'asm_get_output { return(@out); }

-sub main'get_labels { return(@labels); }

-sub main'external_label

-{

-	push(@labels,@_);

-	foreach (@_) {

-		push(@out,".") if ($main'mwerks);

-		push(@out, "extern\t${under}$_\n");

-	}

-}

-sub main'LB

-	{

-	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";

-	return($lb{$_[0]});

-	}

-sub main'HB

-	{

-	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";

-	return($hb{$_[0]});

-	}

-sub main'BP

-	{

-	&get_mem("BYTE",@_);

-	}

-sub main'DWP

-	{

-	&get_mem("DWORD",@_);

-	}

-sub main'QWP

-	{

-	&get_mem("",@_);

-	}

-sub main'BC

-	{

-	return (($main'mwerks)?"":"BYTE ")."@_";

-	}

-sub main'DWC

-	{

-	return (($main'mwerks)?"":"DWORD ")."@_";

-	}

-sub main'stack_push

-	{

-	my($num)=@_;

-	$stack+=$num*4;

-	&main'sub("esp",$num*4);

-	}

-sub main'stack_pop

-	{

-	my($num)=@_;

-	$stack-=$num*4;

-	&main'add("esp",$num*4);

-	}

-sub get_mem

-	{

-	my($size,$addr,$reg1,$reg2,$idx)=@_;

-	my($t,$post);

-	my($ret)=$size;

-	if ($ret ne "")

-		{

-		$ret .= " PTR" if ($main'mwerks);

-		$ret .= " ";

-		}

-	$ret .= "[";

-	$addr =~ s/^\s+//;

-	if ($addr =~ /^(.+)\+(.+)$/)

-		{

-		$reg2=&conv($1);

-		$addr="$under$2";

-		}

-	elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)

-		{

-		$addr="$under$addr";

-		}

-	if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }

-	$reg1="$regs{$reg1}" if defined($regs{$reg1});

-	$reg2="$regs{$reg2}" if defined($regs{$reg2});

-	if (($addr ne "") && ($addr ne 0))

-		{

-		if ($addr !~ /^-/)

-			{ $ret.="${addr}+"; }

-		else	{ $post=$addr; }

-		}

-	if ($reg2 ne "")

-		{

-		$t="";

-		$t="*$idx" if ($idx != 0);

-		$reg1="+".$reg1 if ("$reg1$post" ne "");

-		$ret.="$reg2$t$reg1$post]";

-		}

-	else

-		{

-		$ret.="$reg1$post]"

-		}

-	$ret =~ s/\+\]/]/; # in case $addr was the only argument

-	return($ret);

-	}

-sub main'mov	{ &out2("mov",@_); }

-sub main'movb	{ &out2("mov",@_); }

-sub main'and	{ &out2("and",@_); }

-sub main'or	{ &out2("or",@_); }

-sub main'shl	{ &out2("shl",@_); }

-sub main'shr	{ &out2("shr",@_); }

-sub main'xor	{ &out2("xor",@_); }

-sub main'xorb	{ &out2("xor",@_); }

-sub main'add	{ &out2("add",@_); }

-sub main'adc	{ &out2("adc",@_); }

-sub main'sub	{ &out2("sub",@_); }

-sub main'sbb	{ &out2("sbb",@_); }

-sub main'rotl	{ &out2("rol",@_); }

-sub main'rotr	{ &out2("ror",@_); }

-sub main'exch	{ &out2("xchg",@_); }

-sub main'cmp	{ &out2("cmp",@_); }

-sub main'lea	{ &out2("lea",@_); }

-sub main'mul	{ &out1("mul",@_); }

-sub main'div	{ &out1("div",@_); }

-sub main'dec	{ &out1("dec",@_); }

-sub main'inc	{ &out1("inc",@_); }

-sub main'jmp	{ &out1("jmp",@_); }

-sub main'jmp_ptr { &out1p("jmp",@_); }

-# This is a bit of a kludge: declare all branches as NEAR.

-$near=($main'mwerks)?'':'NEAR';

-sub main'je	{ &out1("je $near",@_); }

-sub main'jle	{ &out1("jle $near",@_); }

-sub main'jz	{ &out1("jz $near",@_); }

-sub main'jge	{ &out1("jge $near",@_); }

-sub main'jl	{ &out1("jl $near",@_); }

-sub main'ja	{ &out1("ja $near",@_); }

-sub main'jae	{ &out1("jae $near",@_); }

-sub main'jb	{ &out1("jb $near",@_); }

-sub main'jbe	{ &out1("jbe $near",@_); }

-sub main'jc	{ &out1("jc $near",@_); }

-sub main'jnc	{ &out1("jnc $near",@_); }

-sub main'jnz	{ &out1("jnz $near",@_); }

-sub main'jne	{ &out1("jne $near",@_); }

-sub main'jno	{ &out1("jno $near",@_); }

-sub main'push	{ &out1("push",@_); $stack+=4; }

-sub main'pop	{ &out1("pop",@_); $stack-=4; }

-sub main'pushf	{ &out0("pushfd"); $stack+=4; }

-sub main'popf	{ &out0("popfd"); $stack-=4; }

-sub main'bswap	{ &out1("bswap",@_); &using486(); }

-sub main'not	{ &out1("not",@_); }

-sub main'call	{ &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); }

-sub main'call_ptr { &out1p("call",@_); }

-sub main'ret	{ &out0("ret"); }

-sub main'nop	{ &out0("nop"); }

-sub main'test	{ &out2("test",@_); }

-sub main'bt	{ &out2("bt",@_); }

-sub main'leave	{ &out0("leave"); }

-sub main'cpuid	{ &out0("cpuid"); }

-sub main'rdtsc	{ &out0("rdtsc"); }

-sub main'halt	{ &out0("hlt"); }

-sub main'movz	{ &out2("movzx",@_); }

-sub main'neg	{ &out1("neg",@_); }

-sub main'cld	{ &out0("cld"); }

-# SSE2

-sub main'emms	{ &out0("emms"); }

-sub main'movd	{ &out2("movd",@_); }

-sub main'movq	{ &out2("movq",@_); }

-sub main'movdqu	{ &out2("movdqu",@_); }

-sub main'movdqa	{ &out2("movdqa",@_); }

-sub main'movdq2q{ &out2("movdq2q",@_); }

-sub main'movq2dq{ &out2("movq2dq",@_); }

-sub main'paddq	{ &out2("paddq",@_); }

-sub main'pmuludq{ &out2("pmuludq",@_); }

-sub main'psrlq	{ &out2("psrlq",@_); }

-sub main'psllq	{ &out2("psllq",@_); }

-sub main'pxor	{ &out2("pxor",@_); }

-sub main'por	{ &out2("por",@_); }

-sub main'pand	{ &out2("pand",@_); }

-sub out2

-	{

-	my($name,$p1,$p2)=@_;

-	my($l,$t);

-	push(@out,"\t$name\t");

-	if (!$main'mwerks and $name eq "lea")

-		{

-		$p1 =~ s/^[^\[]*\[/\[/;

-		$p2 =~ s/^[^\[]*\[/\[/;

-		}

-	$t=&conv($p1).",";

-	$l=length($t);

-	push(@out,$t);

-	$l=4-($l+9)/8;

-	push(@out,"\t" x $l);

-	push(@out,&conv($p2));

-	push(@out,"\n");

-	}

-sub out0

-	{

-	my($name)=@_;

-	push(@out,"\t$name\n");

-	}

-sub out1

-	{

-	my($name,$p1)=@_;

-	my($l,$t);

-	push(@out,"\t$name\t".&conv($p1)."\n");

-	}

-sub conv

-	{

-	my($p)=@_;

-	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;

-	return $p;

-	}

-sub using486

-	{

-	return if $using486;

-	$using486++;

-	grep(s/\.386/\.486/,@out);

-	}

-sub main'file

-	{

-	if ($main'mwerks)	{ push(@out,".section\t.text\n"); }

-	else	{

-		local $tmp=<<___;

-%ifdef __omf__

-section	code	use32 class=code

-%else

-section	.text

-%endif

-___

-		push(@out,$tmp);

-		}

-	}

-sub main'function_begin

-	{

-	my($func,$extra)=@_;

-	push(@labels,$func);

-	my($tmp)=<<"EOF";

-global	$under$func

-$under$func:

-	push	ebp

-	push	ebx

-	push	esi

-	push	edi

-EOF

-	push(@out,$tmp);

-	$stack=20;

-	}

-sub main'function_begin_B

-	{

-	my($func,$extra)=@_;

-	my($tmp)=<<"EOF";

-global	$under$func

-$under$func:

-EOF

-	push(@out,$tmp);

-	$stack=4;

-	}

-sub main'function_end

-	{

-	my($func)=@_;

-	my($tmp)=<<"EOF";

-	pop	edi

-	pop	esi

-	pop	ebx

-	pop	ebp

-	ret

-EOF

-	push(@out,$tmp);

-	$stack=0;

-	%label=();

-	}

-sub main'function_end_B

-	{

-	$stack=0;

-	%label=();

-	}

-sub main'function_end_A

-	{

-	my($func)=@_;

-	my($tmp)=<<"EOF";

-	pop	edi

-	pop	esi

-	pop	ebx

-	pop	ebp

-	ret

-EOF

-	push(@out,$tmp);

-	}

-sub main'file_end

-	{

-	}

-sub main'wparam

-	{

-	my($num)=@_;

-	return(&main'DWP($stack+$num*4,"esp","",0));

-	}

-sub main'swtmp

-	{

-	return(&main'DWP($_[0]*4,"esp","",0));

-	}

-# Should use swtmp, which is above esp.  Linix can trash the stack above esp

-#sub main'wtmp

-#	{

-#	my($num)=@_;

-#

-#	return(&main'DWP(-(($num+1)*4),"esp","",0));

-#	}

-sub main'comment

-	{

-	foreach (@_)

-		{

-		push(@out,"\t; $_\n");

-		}

-	}

-sub main'public_label

-	{

-	$label{$_[0]}="${under}${_[0]}"	if (!defined($label{$_[0]}));

-	push(@out,"global\t$label{$_[0]}\n");

-	}

-sub main'label

-	{

-	if (!defined($label{$_[0]}))

-		{

-		$label{$_[0]}="\@${label}${_[0]}";

-		$label++;

-		}

-	return($label{$_[0]});

-	}

-sub main'set_label

-	{

-	if (!defined($label{$_[0]}))

-		{

-		$label{$_[0]}="\@${label}${_[0]}";

-		$label++;

-		}

-	if ($_[1]!=0 && $_[1]>1)

-		{

-		main'align($_[1]);

-		}

-	push(@out,"$label{$_[0]}:\n");

-	}

-sub main'data_byte

-	{

-	push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n");

-	}

-sub main'data_word

-	{

-	push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n");

-	}

-sub main'align

-	{

-	push(@out,".") if ($main'mwerks);

-	push(@out,"align\t$_[0]\n");

-	}

-sub out1p

-	{

-	my($name,$p1)=@_;

-	my($l,$t);

-	push(@out,"\t$name\t".&conv($p1)."\n");

-	}

-sub main'picmeup

-	{

-	local($dst,$sym)=@_;

-	&main'lea($dst,&main'DWP($sym));

-	}

-sub main'blindpop { &out1("pop",@_); }

-sub main'initseg

-	{

-	local($f)=@_;

-	if ($main'win32)

-		{

-		local($tmp)=<<___;

-segment	.CRT\$XCU data

-extern	$under$f

-DD	$under$f

-___

-		push(@out,$tmp);

-		}

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/perlasm/x86unix.pl

+++ /dev/null

@@ -1,761 +1,0 @@

-#!/usr/local/bin/perl

-package x86unix;	# GAS actually...

-$label="L000";

-$const="";

-$constl=0;

-$align=($main'aout)?"4":"16";

-$under=($main'aout or $main'coff)?"_":"";

-$dot=($main'aout)?"":".";

-$com_start="#" if ($main'aout or $main'coff);

-sub main'asm_init_output { @out=(); }

-sub main'asm_get_output { return(@out); }

-sub main'get_labels { return(@labels); }

-sub main'external_label { push(@labels,@_); }

-if ($main'cpp)

-	{

-	$align="ALIGN";

-	$under="";

-	$com_start='/*';

-	$com_end='*/';

-	}

-%lb=(	'eax',	'%al',

-	'ebx',	'%bl',

-	'ecx',	'%cl',

-	'edx',	'%dl',

-	'ax',	'%al',

-	'bx',	'%bl',

-	'cx',	'%cl',

-	'dx',	'%dl',

-	);

-%hb=(	'eax',	'%ah',

-	'ebx',	'%bh',

-	'ecx',	'%ch',

-	'edx',	'%dh',

-	'ax',	'%ah',

-	'bx',	'%bh',

-	'cx',	'%ch',

-	'dx',	'%dh',

-	);

-%regs=(	'eax',	'%eax',

-	'ebx',	'%ebx',

-	'ecx',	'%ecx',

-	'edx',	'%edx',

-	'esi',	'%esi',

-	'edi',	'%edi',

-	'ebp',	'%ebp',

-	'esp',	'%esp',

-	'mm0',	'%mm0',

-	'mm1',	'%mm1',

-	'mm2',	'%mm2',

-	'mm3',	'%mm3',

-	'mm4',	'%mm4',

-	'mm5',	'%mm5',

-	'mm6',	'%mm6',

-	'mm7',	'%mm7',

-	'xmm0',	'%xmm0',

-	'xmm1',	'%xmm1',

-	'xmm2',	'%xmm2',

-	'xmm3',	'%xmm3',

-	'xmm4',	'%xmm4',

-	'xmm5',	'%xmm5',

-	'xmm6',	'%xmm6',

-	'xmm7',	'%xmm7',

-	);

-%reg_val=(

-	'eax',	0x00,

-	'ebx',	0x03,

-	'ecx',	0x01,

-	'edx',	0x02,

-	'esi',	0x06,

-	'edi',	0x07,

-	'ebp',	0x05,

-	'esp',	0x04,

-	);

-sub main'LB

-	{

-	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";

-	return($lb{$_[0]});

-	}

-sub main'HB

-	{

-	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";

-	return($hb{$_[0]});

-	}

-sub main'DWP

-	{

-	local($addr,$reg1,$reg2,$idx)=@_;

-	$ret="";

-	$addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;

-	$reg1="$regs{$reg1}" if defined($regs{$reg1});

-	$reg2="$regs{$reg2}" if defined($regs{$reg2});

-	$ret.=$addr if ($addr ne "") && ($addr ne 0);

-	if ($reg2 ne "")

-		{

-		if($idx ne "" && $idx != 0)

-		    { $ret.="($reg1,$reg2,$idx)"; }

-		else

-		    { $ret.="($reg1,$reg2)"; }

-	        }

-	elsif ($reg1 ne "")

-		{ $ret.="($reg1)" }

-	return($ret);

-	}

-sub main'QWP

-	{

-	return(&main'DWP(@_));

-	}

-sub main'BP

-	{

-	return(&main'DWP(@_));

-	}

-sub main'BC

-	{

-	return @_;

-	}

-sub main'DWC

-	{

-	return @_;

-	}

-#sub main'BP

-#	{

-#	local($addr,$reg1,$reg2,$idx)=@_;

-#

-#	$ret="";

-#

-#	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;

-#	$reg1="$regs{$reg1}" if defined($regs{$reg1});

-#	$reg2="$regs{$reg2}" if defined($regs{$reg2});

-#	$ret.=$addr if ($addr ne "") && ($addr ne 0);

-#	if ($reg2 ne "")

-#		{ $ret.="($reg1,$reg2,$idx)"; }

-#	else

-#		{ $ret.="($reg1)" }

-#	return($ret);

-#	}

-sub main'mov	{ &out2("movl",@_); }

-sub main'movb	{ &out2("movb",@_); }

-sub main'and	{ &out2("andl",@_); }

-sub main'or	{ &out2("orl",@_); }

-sub main'shl	{ &out2("sall",@_); }

-sub main'shr	{ &out2("shrl",@_); }

-sub main'xor	{ &out2("xorl",@_); }

-sub main'xorb	{ &out2("xorb",@_); }

-sub main'add	{ &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); }

-sub main'adc	{ &out2("adcl",@_); }

-sub main'sub	{ &out2("subl",@_); }

-sub main'sbb	{ &out2("sbbl",@_); }

-sub main'rotl	{ &out2("roll",@_); }

-sub main'rotr	{ &out2("rorl",@_); }

-sub main'exch	{ &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); }

-sub main'cmp	{ &out2("cmpl",@_); }

-sub main'lea	{ &out2("leal",@_); }

-sub main'mul	{ &out1("mull",@_); }

-sub main'div	{ &out1("divl",@_); }

-sub main'jmp	{ &out1("jmp",@_); }

-sub main'jmp_ptr { &out1p("jmp",@_); }

-sub main'je	{ &out1("je",@_); }

-sub main'jle	{ &out1("jle",@_); }

-sub main'jne	{ &out1("jne",@_); }

-sub main'jnz	{ &out1("jnz",@_); }

-sub main'jz	{ &out1("jz",@_); }

-sub main'jge	{ &out1("jge",@_); }

-sub main'jl	{ &out1("jl",@_); }

-sub main'ja	{ &out1("ja",@_); }

-sub main'jae	{ &out1("jae",@_); }

-sub main'jb	{ &out1("jb",@_); }

-sub main'jbe	{ &out1("jbe",@_); }

-sub main'jc	{ &out1("jc",@_); }

-sub main'jnc	{ &out1("jnc",@_); }

-sub main'jno	{ &out1("jno",@_); }

-sub main'dec	{ &out1("decl",@_); }

-sub main'inc	{ &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); }

-sub main'push	{ &out1("pushl",@_); $stack+=4; }

-sub main'pop	{ &out1("popl",@_); $stack-=4; }

-sub main'pushf	{ &out0("pushfl"); $stack+=4; }

-sub main'popf	{ &out0("popfl"); $stack-=4; }

-sub main'not	{ &out1("notl",@_); }

-sub main'call	{	my $pre=$under;

-			foreach $i (%label)

-			{ if ($label{$i} eq $_[0]) { $pre=''; last; } }

-			&out1("call",$pre.$_[0]);

-		}

-sub main'call_ptr { &out1p("call",@_); }

-sub main'ret	{ &out0("ret"); }

-sub main'nop	{ &out0("nop"); }

-sub main'test	{ &out2("testl",@_); }

-sub main'bt	{ &out2("btl",@_); }

-sub main'leave	{ &out0("leave"); }

-sub main'cpuid	{ &out0(".byte\t0x0f,0xa2"); }

-sub main'rdtsc	{ &out0(".byte\t0x0f,0x31"); }

-sub main'halt	{ &out0("hlt"); }

-sub main'movz	{ &out2("movzbl",@_); }

-sub main'neg	{ &out1("negl",@_); }

-sub main'cld	{ &out0("cld"); }

-# SSE2

-sub main'emms	{ &out0("emms"); }

-sub main'movd	{ &out2("movd",@_); }

-sub main'movdqu	{ &out2("movdqu",@_); }

-sub main'movdqa	{ &out2("movdqa",@_); }

-sub main'movdq2q{ &out2("movdq2q",@_); }

-sub main'movq2dq{ &out2("movq2dq",@_); }

-sub main'paddq	{ &out2("paddq",@_); }

-sub main'pmuludq{ &out2("pmuludq",@_); }

-sub main'psrlq	{ &out2("psrlq",@_); }

-sub main'psllq	{ &out2("psllq",@_); }

-sub main'pxor	{ &out2("pxor",@_); }

-sub main'por	{ &out2("por",@_); }

-sub main'pand	{ &out2("pand",@_); }

-sub main'movq	{

-	local($p1,$p2,$optimize)=@_;

-	if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)

-		# movq between mmx registers can sink Intel CPUs

-		{	push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n");	}

-	else	{	&out2("movq",@_);				}

-	}

-# The bswapl instruction is new for the 486. Emulate if i386.

-sub main'bswap

-	{

-	if ($main'i386)

-		{

-		&main'comment("bswapl @_");

-		&main'exch(main'HB(@_),main'LB(@_));

-		&main'rotr(@_,16);

-		&main'exch(main'HB(@_),main'LB(@_));

-		}

-	else

-		{

-		&out1("bswapl",@_);

-		}

-	}

-sub out2

-	{

-	local($name,$p1,$p2)=@_;

-	local($l,$ll,$t);

-	local(%special)=(	"roll",0xD1C0,"rorl",0xD1C8,

-				"rcll",0xD1D0,"rcrl",0xD1D8,

-				"shll",0xD1E0,"shrl",0xD1E8,

-				"sarl",0xD1F8);

-	if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))

-		{

-		$op=$special{$name}|$reg_val{$p1};

-		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);

-		$tmp2=sprintf(".byte %d\t",$op     &0xff);

-		push(@out,$tmp1);

-		push(@out,$tmp2);

-		$p2=&conv($p2);

-		$p1=&conv($p1);

-		&main'comment("$name $p2 $p1");

-		return;

-		}

-	push(@out,"\t$name\t");

-	$t=&conv($p2).",";

-	$l=length($t);

-	push(@out,$t);

-	$ll=4-($l+9)/8;

-	$tmp1=sprintf("\t" x $ll);

-	push(@out,$tmp1);

-	push(@out,&conv($p1)."\n");

-	}

-sub out1

-	{

-	local($name,$p1)=@_;

-	local($l,$t);

-	local(%special)=("bswapl",0x0FC8);

-	if ((defined($special{$name})) && defined($regs{$p1}))

-		{

-		$op=$special{$name}|$reg_val{$p1};

-		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);

-		$tmp2=sprintf(".byte %d\t",$op     &0xff);

-		push(@out,$tmp1);

-		push(@out,$tmp2);

-		$p2=&conv($p2);

-		$p1=&conv($p1);

-		&main'comment("$name $p2 $p1");

-		return;

-		}

-	push(@out,"\t$name\t".&conv($p1)."\n");

-	}

-sub out1p

-	{

-	local($name,$p1)=@_;

-	local($l,$t);

-	push(@out,"\t$name\t*".&conv($p1)."\n");

-	}

-sub out0

-	{

-	push(@out,"\t$_[0]\n");

-	}

-sub conv

-	{

-	local($p)=@_;

-#	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;

-	$p=$regs{$p} if (defined($regs{$p}));

-	$p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;

-	$p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;

-	return $p;

-	}

-sub main'file

-	{

-	local($file)=@_;

-	local($tmp)=<<"EOF";

-	.file	"$file.s"

-EOF

-	push(@out,$tmp);

-	}

-sub main'function_begin

-	{

-	local($func)=@_;

-	&main'external_label($func);

-	$func=$under.$func;

-	local($tmp)=<<"EOF";

-.text

-.globl	$func

-EOF

-	push(@out,$tmp);

-	if ($main'cpp)

-		{ $tmp=push(@out,"TYPE($func,\@function)\n"); }

-	elsif ($main'coff)

-		{ $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }

-	elsif ($main'aout and !$main'pic)

-		{ }

-	else	{ $tmp=push(@out,".type\t$func,\@function\n"); }

-	push(@out,".align\t$align\n");

-	push(@out,"$func:\n");

-	$tmp=<<"EOF";

-	pushl	%ebp

-	pushl	%ebx

-	pushl	%esi

-	pushl	%edi

-EOF

-	push(@out,$tmp);

-	$stack=20;

-	}

-sub main'function_begin_B

-	{

-	local($func,$extra)=@_;

-	&main'external_label($func);

-	$func=$under.$func;

-	local($tmp)=<<"EOF";

-.text

-.globl	$func

-EOF

-	push(@out,$tmp);

-	if ($main'cpp)

-		{ push(@out,"TYPE($func,\@function)\n"); }

-	elsif ($main'coff)

-		{ $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }

-	elsif ($main'aout and !$main'pic)

-		{ }

-	else	{ push(@out,".type	$func,\@function\n"); }

-	push(@out,".align\t$align\n");

-	push(@out,"$func:\n");

-	$stack=4;

-	}

-sub main'function_end

-	{

-	local($func)=@_;

-	$func=$under.$func;

-	local($tmp)=<<"EOF";

-	popl	%edi

-	popl	%esi

-	popl	%ebx

-	popl	%ebp

-	ret

-${dot}L_${func}_end:

-EOF

-	push(@out,$tmp);

-	if ($main'cpp)

-		{ push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }

-	elsif ($main'coff or $main'aout)

-                { }

-	else	{ push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }

-	push(@out,".ident	\"$func\"\n");

-	$stack=0;

-	%label=();

-	}

-sub main'function_end_A

-	{

-	local($func)=@_;

-	local($tmp)=<<"EOF";

-	popl	%edi

-	popl	%esi

-	popl	%ebx

-	popl	%ebp

-	ret

-EOF

-	push(@out,$tmp);

-	}

-sub main'function_end_B

-	{

-	local($func)=@_;

-	$func=$under.$func;

-	push(@out,"${dot}L_${func}_end:\n");

-	if ($main'cpp)

-		{ push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }

-        elsif ($main'coff or $main'aout)

-                { }

-	else	{ push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }

-	push(@out,".ident	\"$func\"\n");

-	$stack=0;

-	%label=();

-	}

-sub main'wparam

-	{

-	local($num)=@_;

-	return(&main'DWP($stack+$num*4,"esp","",0));

-	}

-sub main'stack_push

-	{

-	local($num)=@_;

-	$stack+=$num*4;

-	&main'sub("esp",$num*4);

-	}

-sub main'stack_pop

-	{

-	local($num)=@_;

-	$stack-=$num*4;

-	&main'add("esp",$num*4);

-	}

-sub main'swtmp

-	{

-	return(&main'DWP($_[0]*4,"esp","",0));

-	}

-# Should use swtmp, which is above esp.  Linix can trash the stack above esp

-#sub main'wtmp

-#	{

-#	local($num)=@_;

-#

-#	return(&main'DWP(-($num+1)*4,"esp","",0));

-#	}

-sub main'comment

-	{

-	if (!defined($com_start) or $main'elf)

-		{	# Regarding $main'elf above...

-			# GNU and SVR4 as'es use different comment delimiters,

-		push(@out,"\n");	# so we just skip ELF comments...

-		return;

-		}

-	foreach (@_)

-		{

-		if (/^\s*$/)

-			{ push(@out,"\n"); }

-		else

-			{ push(@out,"\t$com_start $_ $com_end\n"); }

-		}

-	}

-sub main'public_label

-	{

-	$label{$_[0]}="${under}${_[0]}"	if (!defined($label{$_[0]}));

-	push(@out,".globl\t$label{$_[0]}\n");

-	}

-sub main'label

-	{

-	if (!defined($label{$_[0]}))

-		{

-		$label{$_[0]}="${dot}${label}${_[0]}";

-		$label++;

-		}

-	return($label{$_[0]});

-	}

-sub main'set_label

-	{

-	if (!defined($label{$_[0]}))

-		{

-		$label{$_[0]}="${dot}${label}${_[0]}";

-		$label++;

-		}

-	if ($_[1]!=0)

-		{

-		if ($_[1]>1)	{ main'align($_[1]);		}

-		else		{ push(@out,".align $align\n");	}

-		}

-	push(@out,"$label{$_[0]}:\n");

-	}

-sub main'file_end

-	{

-	# try to detect if SSE2 or MMX extensions were used on ELF platform...

-	if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) {

-		local($tmp);

-		push (@out,"\n.section\t.bss\n");

-		push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");

-		push (@out,".section\t.init\n");

-		# One can argue that it's wasteful to craft every

-		# SSE/MMX module with this snippet... Well, it's 72

-		# bytes long and for the moment we have two modules.

-		# Let's argue when we have 7 modules or so...

-		#

-		# $1<<10 sets a reserved bit to signal that variable

-		# was initialized already...

-		&main'picmeup("edx","OPENSSL_ia32cap_P");

-		$tmp=<<___;

-		cmpl	\$0,(%edx)

-		jne	1f

-		movl	\$1<<10,(%edx)

-		pushf

-		popl	%eax

-		movl	%eax,%ecx

-		xorl	\$1<<21,%eax

-		pushl	%eax

-		popf

-		pushf

-		popl	%eax

-		xorl	%ecx,%eax

-		btl	\$21,%eax

-		jnc	1f

-		pushl	%edi

-		pushl	%ebx

-		movl	%edx,%edi

-		movl	\$1,%eax

-		.byte	0x0f,0xa2

-		orl	\$1<<10,%edx

-		movl	%edx,0(%edi)

-		popl	%ebx

-		popl	%edi

-		jmp	1f

-	.align	$align

-	1:

-___

-		push (@out,$tmp);

-	}

-	if ($const ne "")

-		{

-		push(@out,".section .rodata\n");

-		push(@out,$const);

-		$const="";

-		}

-	}

-sub main'data_byte

-	{

-	push(@out,"\t.byte\t".join(',',@_)."\n");

-	}

-sub main'data_word

-	{

-	push(@out,"\t.long\t".join(',',@_)."\n");

-	}

-sub main'align

-	{

-	my $val=$_[0],$p2,$i;

-	if ($main'aout) {

-		for ($p2=0;$val!=0;$val>>=1) { $p2++; }

-		$val=$p2-1;

-		$val.=",0x90";

-	}

-	push(@out,".align\t$val\n");

-	}

-# debug output functions: puts, putx, printf

-sub main'puts

-	{

-	&pushvars();

-	&main'push('$Lstring' . ++$constl);

-	&main'call('puts');

-	$stack-=4;

-	&main'add("esp",4);

-	&popvars();

-	$const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";

-	}

-sub main'putx

-	{

-	&pushvars();

-	&main'push($_[0]);

-	&main'push('$Lstring' . ++$constl);

-	&main'call('printf');

-	&main'add("esp",8);

-	$stack-=8;

-	&popvars();

-	$const .= "Lstring$constl:\n\t.string \"\%X\"\n";

-	}

-sub main'printf

-	{

-	$ostack = $stack;

-	&pushvars();

-	for ($i = @_ - 1; $i >= 0; $i--)

-		{

-		if ($i == 0) # change this to support %s format strings

-			{

-			&main'push('$Lstring' . ++$constl);

-			$const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";

-			}

-		else

-			{

-			if ($_[$i] =~ /([0-9]*)\(%esp\)/)

-				{

-				&main'push(($1 + $stack - $ostack) . '(%esp)');

-				}

-			else

-				{

-				&main'push($_[$i]);

-				}

-			}

-		}

-	&main'call('printf');

-	$stack-=4*@_;

-	&main'add("esp",4*@_);

-	&popvars();

-	}

-sub pushvars

-	{

-	&main'pushf();

-	&main'push("edx");

-	&main'push("ecx");

-	&main'push("eax");

-	}

-sub popvars

-	{

-	&main'pop("eax");

-	&main'pop("ecx");

-	&main'pop("edx");

-	&main'popf();

-	}

-sub main'picmeup

-	{

-	local($dst,$sym)=@_;

-	if ($main'cpp)

-		{

-		local($tmp)=<<___;

-#if (defined(ELF) || defined(SOL)) && defined(PIC)

-	call	1f

-1:	popl	$regs{$dst}

-	addl	\$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst}

-	movl	$sym\@GOT($regs{$dst}),$regs{$dst}

-#else

-	leal	$sym,$regs{$dst}

-#endif

-___

-		push(@out,$tmp);

-		}

-	elsif ($main'pic && ($main'elf || $main'aout))

-		{

-		&main'call(&main'label("PIC_me_up"));

-		&main'set_label("PIC_me_up");

-		&main'blindpop($dst);

-		&main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".

-				&main'label("PIC_me_up") . "]");

-		&main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst));

-		}

-	else

-		{

-		&main'lea($dst,&main'DWP($sym));

-		}

-	}

-sub main'blindpop { &out1("popl",@_); }

-sub main'initseg

-	{

-	local($f)=@_;

-	local($tmp);

-	if ($main'elf)

-		{

-		$tmp=<<___;

-.section	.init

-	call	$under$f

-	jmp	.Linitalign

-.align	$align

-.Linitalign:

-___

-		}

-	elsif ($main'coff)

-		{

-		$tmp=<<___;	# applies to both Cygwin and Mingw

-.section	.ctors

-.long	$under$f

-___

-		}

-	elsif ($main'aout)

-		{

-		local($ctor)="${under}_GLOBAL_\$I\$$f";

-		$tmp=".text\n";

-		$tmp.=".type	$ctor,\@function\n" if ($main'pic);

-		$tmp.=<<___;	# OpenBSD way...

-.globl	$ctor

-.align	2

-$ctor:

-	jmp	$under$f

-___

-		}

-	push(@out,$tmp) if ($tmp);

-	}

-1;

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/Makefile

+++ /dev/null

@@ -1,286 +1,0 @@

-#

-# OpenSSL/crypto/pkcs12/Makefile

-#

-DIR=	pkcs12

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \

-	p12_init.c p12_key.c p12_kiss.c p12_mutl.c\

-	p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c

-LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \

-	p12_init.o p12_key.o p12_kiss.o p12_mutl.o\

-	p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o

-SRC= $(LIBSRC)

-EXHEADER=  pkcs12.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-test:

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-p12_add.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h

-p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c

-p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_asn.o: ../cryptlib.h p12_asn.c

-p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_attr.o: ../../include/openssl/opensslconf.h

-p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_attr.o: ../cryptlib.h p12_attr.c

-p12_crpt.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_crpt.o: ../../include/openssl/opensslconf.h

-p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_crpt.o: ../cryptlib.h p12_crpt.c

-p12_crt.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h

-p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c

-p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_decr.o: ../../include/openssl/opensslconf.h

-p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_decr.o: ../cryptlib.h p12_decr.c

-p12_init.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_init.o: ../../include/openssl/opensslconf.h

-p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_init.o: ../cryptlib.h p12_init.c

-p12_key.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_key.o: ../cryptlib.h p12_key.c

-p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_kiss.o: ../../include/openssl/opensslconf.h

-p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_kiss.o: ../cryptlib.h p12_kiss.c

-p12_mutl.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h

-p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_mutl.c

-p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-p12_npas.o: p12_npas.c

-p12_p8d.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h

-p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c

-p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h

-p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c

-p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h

-p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h

-p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c

-pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h

-pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pk12err.o: pk12err.c

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_add.c

+++ /dev/null

@@ -1,224 +1,0 @@

-/* p12_add.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* Pack an object into an OCTET STRING and turn into a safebag */

-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,

-	     int nid2)

-{

-	PKCS12_BAGS *bag;

-	PKCS12_SAFEBAG *safebag;

-	if (!(bag = PKCS12_BAGS_new())) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	bag->type = OBJ_nid2obj(nid1);

-	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if (!(safebag = PKCS12_SAFEBAG_new())) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	safebag->value.bag = bag;

-	safebag->type = OBJ_nid2obj(nid2);

-	return safebag;

-}

-/* Turn PKCS8 object into a keybag */

-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)

-{

-	PKCS12_SAFEBAG *bag;

-	if (!(bag = PKCS12_SAFEBAG_new())) {

-		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	bag->type = OBJ_nid2obj(NID_keyBag);

-	bag->value.keybag = p8;

-	return bag;

-}

-/* Turn PKCS8 object into a shrouded keybag */

-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,

-	     int passlen, unsigned char *salt, int saltlen, int iter,

-	     PKCS8_PRIV_KEY_INFO *p8)

-{

-	PKCS12_SAFEBAG *bag;

-	/* Set up the safe bag */

-	if (!(bag = PKCS12_SAFEBAG_new())) {

-		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);

-	if (!(bag->value.shkeybag =

-	  PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,

-									 p8))) {

-		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	return bag;

-}

-/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */

-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)

-{

-	PKCS7 *p7;

-	if (!(p7 = PKCS7_new())) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	p7->type = OBJ_nid2obj(NID_pkcs7_data);

-	if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);

-		return NULL;

-	}

-	return p7;

-}

-/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */

-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)

-{

-	if(!PKCS7_type_is_data(p7))

-		{

-		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);

-		return NULL;

-		}

-	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));

-}

-/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */

-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

-			      unsigned char *salt, int saltlen, int iter,

-			      STACK_OF(PKCS12_SAFEBAG) *bags)

-{

-	PKCS7 *p7;

-	X509_ALGOR *pbe;

-	if (!(p7 = PKCS7_new())) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,

-				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);

-		return NULL;

-	}

-	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);

-	p7->d.encrypted->enc_data->algorithm = pbe;

-	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);

-	if (!(p7->d.encrypted->enc_data->enc_data =

-	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,

-				 bags, 1))) {

-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);

-		return NULL;

-	}

-	return p7;

-}

-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)

-{

-	if(!PKCS7_type_is_encrypted(p7)) return NULL;

-	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,

-			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),

-				   pass, passlen,

-			           p7->d.encrypted->enc_data->enc_data, 1);

-}

-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,

-								int passlen)

-{

-	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);

-}

-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)

-{

-	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),

-		&p12->authsafes->d.data))

-			return 1;

-	return 0;

-}

-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)

-{

-	if (!PKCS7_type_is_data(p12->authsafes))

-		{

-		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);

-		return NULL;

-		}

-	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_asn.c

+++ /dev/null

@@ -1,125 +1,0 @@

-/* p12_asn.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/pkcs12.h>

-/* PKCS#12 ASN1 module */

-ASN1_SEQUENCE(PKCS12) = {

-	ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),

-	ASN1_SIMPLE(PKCS12, authsafes, PKCS7),

-	ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)

-} ASN1_SEQUENCE_END(PKCS12)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS12)

-ASN1_SEQUENCE(PKCS12_MAC_DATA) = {

-	ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),

-	ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),

-	ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)

-ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);

-ASN1_ADB(PKCS12_BAGS) = {

-	ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),

-	ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),

-	ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),

-} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);

-ASN1_SEQUENCE(PKCS12_BAGS) = {

-	ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),

-	ASN1_ADB_OBJECT(PKCS12_BAGS),

-} ASN1_SEQUENCE_END(PKCS12_BAGS)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)

-ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);

-ASN1_ADB(PKCS12_SAFEBAG) = {

-	ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),

-	ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),

-	ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),

-	ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),

-	ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),

-	ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))

-} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);

-ASN1_SEQUENCE(PKCS12_SAFEBAG) = {

-	ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),

-	ASN1_ADB_OBJECT(PKCS12_SAFEBAG),

-	ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)

-} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)

-/* SEQUENCE OF SafeBag */

-ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)

-ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)

-/* Authsafes: SEQUENCE OF PKCS7 */

-ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)

-ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_attr.c

+++ /dev/null

@@ -1,145 +1,0 @@

-/* p12_attr.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* Add a local keyid to a safebag */

-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,

-	     int namelen)

-{

-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,

-				V_ASN1_OCTET_STRING, name, namelen))

-		return 1;

-	else

-		return 0;

-}

-/* Add key usage to PKCS#8 structure */

-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)

-{

-	unsigned char us_val;

-	us_val = (unsigned char) usage;

-	if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,

-				V_ASN1_BIT_STRING, &us_val, 1))

-		return 1;

-	else

-		return 0;

-}

-/* Add a friendlyname to a safebag */

-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,

-				 int namelen)

-{

-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,

-				MBSTRING_ASC, (unsigned char *)name, namelen))

-		return 1;

-	else

-		return 0;

-}

-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,

-				 const unsigned char *name, int namelen)

-{

-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,

-				MBSTRING_BMP, name, namelen))

-		return 1;

-	else

-		return 0;

-}

-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,

-				 int namelen)

-{

-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,

-				MBSTRING_ASC, (unsigned char *)name, namelen))

-		return 1;

-	else

-		return 0;

-}

-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)

-{

-	X509_ATTRIBUTE *attrib;

-	int i;

-	if (!attrs) return NULL;

-	for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {

-		attrib = sk_X509_ATTRIBUTE_value (attrs, i);

-		if (OBJ_obj2nid (attrib->object) == attr_nid) {

-			if (sk_ASN1_TYPE_num (attrib->value.set))

-			    return sk_ASN1_TYPE_value(attrib->value.set, 0);

-			else return NULL;

-		}

-	}

-	return NULL;

-}

-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)

-{

-	ASN1_TYPE *atype;

-	if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;

-	if (atype->type != V_ASN1_BMPSTRING) return NULL;

-	return uni2asc(atype->value.bmpstring->data,

-				 atype->value.bmpstring->length);

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_crpt.c

+++ /dev/null

@@ -1,130 +1,0 @@

-/* p12_crpt.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* PKCS#12 specific PBE functions */

-void PKCS12_PBE_add(void)

-{

-#ifndef OPENSSL_NO_RC4

-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),

-							 PKCS12_PBE_keyivgen);

-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),

-							 PKCS12_PBE_keyivgen);

-#endif

-#ifndef OPENSSL_NO_DES

-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,

-		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);

-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,

-			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);

-#endif

-#ifndef OPENSSL_NO_RC2

-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),

-					EVP_sha1(), PKCS12_PBE_keyivgen);

-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),

-					EVP_sha1(), PKCS12_PBE_keyivgen);

-#endif

-}

-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)

-{

-	PBEPARAM *pbe;

-	int saltlen, iter, ret;

-	unsigned char *salt;

-	const unsigned char *pbuf;

-	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

-	/* Extract useful info from parameter */

-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||

-	    param->value.sequence == NULL) {

-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);

-		return 0;

-	}

-	pbuf = param->value.sequence->data;

-	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {

-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);

-		return 0;

-	}

-	if (!pbe->iter) iter = 1;

-	else iter = ASN1_INTEGER_get (pbe->iter);

-	salt = pbe->salt->data;

-	saltlen = pbe->salt->length;

-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,

-			     iter, EVP_CIPHER_key_length(cipher), key, md)) {

-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);

-		PBEPARAM_free(pbe);

-		return 0;

-	}

-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,

-				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {

-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);

-		PBEPARAM_free(pbe);

-		return 0;

-	}

-	PBEPARAM_free(pbe);

-	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);

-	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);

-	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);

-	return ret;

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_crt.c

+++ /dev/null

@@ -1,348 +1,0 @@

-/* p12_crt.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);

-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,

-	     STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,

-	     int keytype)

-{

-	PKCS12 *p12 = NULL;

-	STACK_OF(PKCS7) *safes = NULL;

-	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;

-	PKCS12_SAFEBAG *bag = NULL;

-	int i;

-	unsigned char keyid[EVP_MAX_MD_SIZE];

-	unsigned int keyidlen = 0;

-	/* Set defaults */

-	if (!nid_cert)

-		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;

-	if (!nid_key)

-		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;

-	if (!iter)

-		iter = PKCS12_DEFAULT_ITER;

-	if (!mac_iter)

-		mac_iter = 1;

-	if(!pkey && !cert && !ca)

-		{

-		PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);

-		return NULL;

-		}

-	if (pkey && cert)

-		{

-		if(!X509_check_private_key(cert, pkey))

-			return NULL;

-		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);

-		}

-	if (cert)

-		{

-		bag = PKCS12_add_cert(&bags, cert);

-		if(name && !PKCS12_add_friendlyname(bag, name, -1))

-			goto err;

-		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))

-			goto err;

-		}

-	/* Add all other certificates */

-	for(i = 0; i < sk_X509_num(ca); i++)

-		{

-		if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))

-			goto err;

-		}

-	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))

-			goto err;

-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-	bags = NULL;

-	if (pkey)

-		{

-		int cspidx;

-		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);

-		if (!bag)

-			goto err;

-		cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);

-		if (cspidx >= 0)

-			{

-			X509_ATTRIBUTE *cspattr;

-			cspattr = EVP_PKEY_get_attr(pkey, cspidx);

-			if (!X509at_add1_attr(&bag->attrib, cspattr))

-				goto err;

-			}

-		if(name && !PKCS12_add_friendlyname(bag, name, -1))

-			goto err;

-		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))

-			goto err;

-		}

-	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))

-			goto err;

-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-	bags = NULL;

-	p12 = PKCS12_add_safes(safes, 0);

-	sk_PKCS7_pop_free(safes, PKCS7_free);

-	safes = NULL;

-	if ((mac_iter != -1) &&

-		!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))

-	    goto err;

-	return p12;

-	err:

-	if (p12)

-		PKCS12_free(p12);

-	if (safes)

-		sk_PKCS7_pop_free(safes, PKCS7_free);

-	if (bags)

-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-	return NULL;

-}

-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)

-	{

-	PKCS12_SAFEBAG *bag = NULL;

-	char *name;

-	int namelen = -1;

-	unsigned char *keyid;

-	int keyidlen = -1;

-	/* Add user certificate */

-	if(!(bag = PKCS12_x5092certbag(cert)))

-		goto err;

-	/* Use friendlyName and localKeyID in certificate.

-	 * (if present)

-	 */

-	name = (char *)X509_alias_get0(cert, &namelen);

-	if(name && !PKCS12_add_friendlyname(bag, name, namelen))

-		goto err;

-	keyid = X509_keyid_get0(cert, &keyidlen);

-	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))

-		goto err;

-	if (!pkcs12_add_bag(pbags, bag))

-		goto err;

-	return bag;

-	err:

-	if (bag)

-		PKCS12_SAFEBAG_free(bag);

-	return NULL;

-	}

-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,

-						int key_usage, int iter,

-						int nid_key, char *pass)

-	{

-	PKCS12_SAFEBAG *bag = NULL;

-	PKCS8_PRIV_KEY_INFO *p8 = NULL;

-	/* Make a PKCS#8 structure */

-	if(!(p8 = EVP_PKEY2PKCS8(key)))

-		goto err;

-	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))

-		goto err;

-	if (nid_key != -1)

-		{

-		bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);

-		PKCS8_PRIV_KEY_INFO_free(p8);

-		}

-	else

-		bag = PKCS12_MAKE_KEYBAG(p8);

-	if(!bag)

-		goto err;

-	if (!pkcs12_add_bag(pbags, bag))

-		goto err;

-	return bag;

-	err:

-	if (bag)

-		PKCS12_SAFEBAG_free(bag);

-	return NULL;

-	}

-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,

-						int nid_safe, int iter, char *pass)

-	{

-	PKCS7 *p7 = NULL;

-	int free_safes = 0;

-	if (!*psafes)

-		{

-		*psafes = sk_PKCS7_new_null();

-		if (!*psafes)

-			return 0;

-		free_safes = 1;

-		}

-	else

-		free_safes = 0;

-	if (nid_safe == 0)

-		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;

-	if (nid_safe == -1)

-		p7 = PKCS12_pack_p7data(bags);

-	else

-		p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,

-					  iter, bags);

-	if (!p7)

-		goto err;

-	if (!sk_PKCS7_push(*psafes, p7))

-		goto err;

-	return 1;

-	err:

-	if (free_safes)

-		{

-		sk_PKCS7_free(*psafes);

-		*psafes = NULL;

-		}

-	if (p7)

-		PKCS7_free(p7);

-	return 0;

-	}

-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)

-	{

-	int free_bags;

-	if (!pbags)

-		return 1;

-	if (!*pbags)

-		{

-		*pbags = sk_PKCS12_SAFEBAG_new_null();

-		if (!*pbags)

-			return 0;

-		free_bags = 1;

-		}

-	else

-		free_bags = 0;

-	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))

-		{

-		if (free_bags)

-			{

-			sk_PKCS12_SAFEBAG_free(*pbags);

-			*pbags = NULL;

-			}

-		return 0;

-		}

-	return 1;

-	}

-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)

-	{

-	PKCS12 *p12;

-	if (nid_p7 <= 0)

-		nid_p7 = NID_pkcs7_data;

-	p12 = PKCS12_init(nid_p7);

-	if (!p12)

-		return NULL;

-	if(!PKCS12_pack_authsafes(p12, safes))

-		{

-		PKCS12_free(p12);

-		return NULL;

-		}

-	return p12;

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_decr.c

+++ /dev/null

@@ -1,177 +1,0 @@

-/* p12_decr.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* Define this to dump decrypted output to files called DERnnn */

-/*#define DEBUG_DECRYPT*/

-/* Encrypt/Decrypt a buffer based on password and algor, result in a

- * OPENSSL_malloc'ed buffer

- */

-unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,

-	     int passlen, unsigned char *in, int inlen, unsigned char **data,

-	     int *datalen, int en_de)

-{

-	unsigned char *out;

-	int outlen, i;

-	EVP_CIPHER_CTX ctx;

-	EVP_CIPHER_CTX_init(&ctx);

-	/* Decrypt data */

-        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,

-					 algor->parameter, &ctx, en_de)) {

-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);

-		return NULL;

-	}

-	if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {

-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	EVP_CipherUpdate(&ctx, out, &i, in, inlen);

-	outlen = i;

-	if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {

-		OPENSSL_free(out);

-		out = NULL;

-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);

-		goto err;

-	}

-	outlen += i;

-	if (datalen) *datalen = outlen;

-	if (data) *data = out;

-	err:

-	EVP_CIPHER_CTX_cleanup(&ctx);

-	return out;

-}

-/* Decrypt an OCTET STRING and decode ASN1 structure

- * if zbuf set zero buffer after use.

- */

-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,

-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)

-{

-	unsigned char *out;

-	const unsigned char *p;

-	void *ret;

-	int outlen;

-	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,

-			       &out, &outlen, 0)) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);

-		return NULL;

-	}

-	p = out;

-#ifdef DEBUG_DECRYPT

-	{

-		FILE *op;

-		char fname[30];

-		static int fnm = 1;

-		sprintf(fname, "DER%d", fnm++);

-		op = fopen(fname, "wb");

-		fwrite (p, 1, outlen, op);

-		fclose(op);

-	}

-#endif

-	ret = ASN1_item_d2i(NULL, &p, outlen, it);

-	if (zbuf) OPENSSL_cleanse(out, outlen);

-	if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);

-	OPENSSL_free(out);

-	return ret;

-}

-/* Encode ASN1 structure and encrypt, return OCTET STRING

- * if zbuf set zero encoding.

- */

-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,

-				       const char *pass, int passlen,

-				       void *obj, int zbuf)

-{

-	ASN1_OCTET_STRING *oct;

-	unsigned char *in = NULL;

-	int inlen;

-	if (!(oct = M_ASN1_OCTET_STRING_new ())) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	inlen = ASN1_item_i2d(obj, &in, it);

-	if (!in) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);

-		return NULL;

-	}

-	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,

-				 &oct->length, 1)) {

-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);

-		OPENSSL_free(in);

-		return NULL;

-	}

-	if (zbuf) OPENSSL_cleanse(in, inlen);

-	OPENSSL_free(in);

-	return oct;

-}

-IMPLEMENT_PKCS12_STACK_OF(PKCS7)

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_init.c

+++ /dev/null

@@ -1,92 +1,0 @@

-/* p12_init.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* Initialise a PKCS12 structure to take data */

-PKCS12 *PKCS12_init(int mode)

-{

-	PKCS12 *pkcs12;

-	if (!(pkcs12 = PKCS12_new())) {

-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	ASN1_INTEGER_set(pkcs12->version, 3);

-	pkcs12->authsafes->type = OBJ_nid2obj(mode);

-	switch (mode) {

-		case NID_pkcs7_data:

-			if (!(pkcs12->authsafes->d.data =

-				 M_ASN1_OCTET_STRING_new())) {

-			PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		break;

-		default:

-			PKCS12err(PKCS12_F_PKCS12_INIT,

-				PKCS12_R_UNSUPPORTED_PKCS12_MODE);

-			goto err;

-	}

-	return pkcs12;

-err:

-	if (pkcs12 != NULL) PKCS12_free(pkcs12);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_key.c

+++ /dev/null

@@ -1,206 +1,0 @@

-/* p12_key.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-#include <openssl/bn.h>

-/* Uncomment out this line to get debugging info about key generation */

-/*#define DEBUG_KEYGEN*/

-#ifdef DEBUG_KEYGEN

-#include <openssl/bio.h>

-extern BIO *bio_err;

-void h__dump (unsigned char *p, int len);

-#endif

-/* PKCS12 compatible key/IV generation */

-#ifndef min

-#define min(a,b) ((a) < (b) ? (a) : (b))

-#endif

-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

-	     int saltlen, int id, int iter, int n, unsigned char *out,

-	     const EVP_MD *md_type)

-{

-	int ret;

-	unsigned char *unipass;

-	int uniplen;

-	if(!pass) {

-		unipass = NULL;

-		uniplen = 0;

-	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {

-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,

-						 id, iter, n, out, md_type);

-	if(unipass) {

-		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */

-		OPENSSL_free(unipass);

-	}

-	return ret;

-}

-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

-	     int saltlen, int id, int iter, int n, unsigned char *out,

-	     const EVP_MD *md_type)

-{

-	unsigned char *B, *D, *I, *p, *Ai;

-	int Slen, Plen, Ilen, Ijlen;

-	int i, j, u, v;

-	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */

-	EVP_MD_CTX ctx;

-#ifdef  DEBUG_KEYGEN

-	unsigned char *tmpout = out;

-	int tmpn = n;

-#endif

-#if 0

-	if (!pass) {

-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-	}

-#endif

-	EVP_MD_CTX_init(&ctx);

-#ifdef  DEBUG_KEYGEN

-	fprintf(stderr, "KEYGEN DEBUG\n");

-	fprintf(stderr, "ID %d, ITER %d\n", id, iter);

-	fprintf(stderr, "Password (length %d):\n", passlen);

-	h__dump(pass, passlen);

-	fprintf(stderr, "Salt (length %d):\n", saltlen);

-	h__dump(salt, saltlen);

-#endif

-	v = EVP_MD_block_size (md_type);

-	u = EVP_MD_size (md_type);

-	D = OPENSSL_malloc (v);

-	Ai = OPENSSL_malloc (u);

-	B = OPENSSL_malloc (v + 1);

-	Slen = v * ((saltlen+v-1)/v);

-	if(passlen) Plen = v * ((passlen+v-1)/v);

-	else Plen = 0;

-	Ilen = Slen + Plen;

-	I = OPENSSL_malloc (Ilen);

-	Ij = BN_new();

-	Bpl1 = BN_new();

-	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {

-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	for (i = 0; i < v; i++) D[i] = id;

-	p = I;

-	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];

-	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];

-	for (;;) {

-		EVP_DigestInit_ex(&ctx, md_type, NULL);

-		EVP_DigestUpdate(&ctx, D, v);

-		EVP_DigestUpdate(&ctx, I, Ilen);

-		EVP_DigestFinal_ex(&ctx, Ai, NULL);

-		for (j = 1; j < iter; j++) {

-			EVP_DigestInit_ex(&ctx, md_type, NULL);

-			EVP_DigestUpdate(&ctx, Ai, u);

-			EVP_DigestFinal_ex(&ctx, Ai, NULL);

-		}

-		memcpy (out, Ai, min (n, u));

-		if (u >= n) {

-			OPENSSL_free (Ai);

-			OPENSSL_free (B);

-			OPENSSL_free (D);

-			OPENSSL_free (I);

-			BN_free (Ij);

-			BN_free (Bpl1);

-			EVP_MD_CTX_cleanup(&ctx);

-#ifdef DEBUG_KEYGEN

-			fprintf(stderr, "Output KEY (length %d)\n", tmpn);

-			h__dump(tmpout, tmpn);

-#endif

-			return 1;

-		}

-		n -= u;

-		out += u;

-		for (j = 0; j < v; j++) B[j] = Ai[j % u];

-		/* Work out B + 1 first then can use B as tmp space */

-		BN_bin2bn (B, v, Bpl1);

-		BN_add_word (Bpl1, 1);

-		for (j = 0; j < Ilen ; j+=v) {

-			BN_bin2bn (I + j, v, Ij);

-			BN_add (Ij, Ij, Bpl1);

-			BN_bn2bin (Ij, B);

-			Ijlen = BN_num_bytes (Ij);

-			/* If more than 2^(v*8) - 1 cut off MSB */

-			if (Ijlen > v) {

-				BN_bn2bin (Ij, B);

-				memcpy (I + j, B + 1, v);

-#ifndef PKCS12_BROKEN_KEYGEN

-			/* If less than v bytes pad with zeroes */

-			} else if (Ijlen < v) {

-				memset(I + j, 0, v - Ijlen);

-				BN_bn2bin(Ij, I + j + v - Ijlen);

-#endif

-			} else BN_bn2bin (Ij, I + j);

-		}

-	}

-}

-#ifdef DEBUG_KEYGEN

-void h__dump (unsigned char *p, int len)

-{

-	for (; len --; p++) fprintf(stderr, "%02X", *p);

-	fprintf(stderr, "\n");

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_kiss.c

+++ /dev/null

@@ -1,297 +1,0 @@

-/* p12_kiss.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* Simplified PKCS#12 routines */

-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,

-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);

-static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,

-		       int passlen, EVP_PKEY **pkey, X509 **cert,

-		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,

-		       char *keymatch);

-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,

-			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,

-			ASN1_OCTET_STRING **keyid, char *keymatch);

-/* Parse and decrypt a PKCS#12 structure returning user key, user cert

- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,

- * or it should point to a valid STACK structure. pkey and cert can be

- * passed unitialised.

- */

-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,

-	     STACK_OF(X509) **ca)

-{

-	/* Check for NULL PKCS12 structure */

-	if(!p12) {

-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);

-		return 0;

-	}

-	/* Allocate stack for ca certificates if needed */

-	if ((ca != NULL) && (*ca == NULL)) {

-		if (!(*ca = sk_X509_new_null())) {

-			PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-	}

-	if(pkey) *pkey = NULL;

-	if(cert) *cert = NULL;

-	/* Check the mac */

-	/* If password is zero length or NULL then try verifying both cases

-	 * to determine which password is correct. The reason for this is that

-	 * under PKCS#12 password based encryption no password and a zero length

-	 * password are two different things...

-	 */

-	if(!pass || !*pass) {

-		if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;

-		else if(PKCS12_verify_mac(p12, "", 0)) pass = "";

-		else {

-			PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);

-			goto err;

-		}

-	} else if (!PKCS12_verify_mac(p12, pass, -1)) {

-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);

-		goto err;

-	}

-	if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))

-		{

-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);

-		goto err;

-		}

-	return 1;

- err:

-	if (pkey && *pkey) EVP_PKEY_free(*pkey);

-	if (cert && *cert) X509_free(*cert);

-	if (ca) sk_X509_pop_free(*ca, X509_free);

-	return 0;

-}

-/* Parse the outer PKCS#12 structure */

-static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,

-	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)

-{

-	STACK_OF(PKCS7) *asafes;

-	STACK_OF(PKCS12_SAFEBAG) *bags;

-	int i, bagnid;

-	PKCS7 *p7;

-	ASN1_OCTET_STRING *keyid = NULL;

-	char keymatch = 0;

-	if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;

-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {

-		p7 = sk_PKCS7_value (asafes, i);

-		bagnid = OBJ_obj2nid (p7->type);

-		if (bagnid == NID_pkcs7_data) {

-			bags = PKCS12_unpack_p7data(p7);

-		} else if (bagnid == NID_pkcs7_encrypted) {

-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);

-		} else continue;

-		if (!bags) {

-			sk_PKCS7_pop_free(asafes, PKCS7_free);

-			return 0;

-		}

-	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,

-							 &keyid, &keymatch)) {

-			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-			sk_PKCS7_pop_free(asafes, PKCS7_free);

-			return 0;

-		}

-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-	}

-	sk_PKCS7_pop_free(asafes, PKCS7_free);

-	if (keyid) M_ASN1_OCTET_STRING_free(keyid);

-	return 1;

-}

-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,

-		      int passlen, EVP_PKEY **pkey, X509 **cert,

-		      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,

-		      char *keymatch)

-{

-	int i;

-	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {

-		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),

-			 pass, passlen, pkey, cert, ca, keyid,

-							 keymatch)) return 0;

-	}

-	return 1;

-}

-#define MATCH_KEY  0x1

-#define MATCH_CERT 0x2

-#define MATCH_ALL  0x3

-static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,

-		     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,

-		     ASN1_OCTET_STRING **keyid,

-		     char *keymatch)

-{

-	PKCS8_PRIV_KEY_INFO *p8;

-	X509 *x509;

-	ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;

-	ASN1_TYPE *attrib;

-	ASN1_BMPSTRING *fname = NULL;

-	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))

-		fname = attrib->value.bmpstring;

-	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {

-		lkey = attrib->value.octet_string;

-		ckid = lkey;

-	}

-	/* Check for any local key id matching (if needed) */

-	if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {

-		if (*keyid) {

-			if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;

-		} else {

-			if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {

-				PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);

-				return 0;

-		    }

-		}

-	}

-	switch (M_PKCS12_bag_type(bag))

-	{

-	case NID_keyBag:

-		if (!lkey || !pkey) return 1;

-		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;

-		*keymatch |= MATCH_KEY;

-	break;

-	case NID_pkcs8ShroudedKeyBag:

-		if (!lkey || !pkey) return 1;

-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))

-				return 0;

-		*pkey = EVP_PKCS82PKEY(p8);

-		PKCS8_PRIV_KEY_INFO_free(p8);

-		if (!(*pkey)) return 0;

-		*keymatch |= MATCH_KEY;

-	break;

-	case NID_certBag:

-		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )

-								 return 1;

-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;

-		if(ckid)

-			{

-			if (!X509_keyid_set1(x509, ckid->data, ckid->length))

-				{

-				X509_free(x509);

-				return 0;

-				}

-			}

-		if(fname) {

-			int len, r;

-			unsigned char *data;

-			len = ASN1_STRING_to_UTF8(&data, fname);

-			if(len > 0) {

-				r = X509_alias_set1(x509, data, len);

-				OPENSSL_free(data);

-				if (!r)

-					{

-					X509_free(x509);

-					return 0;

-					}

-			}

-		}

-		if (lkey) {

-			*keymatch |= MATCH_CERT;

-			if (cert) *cert = x509;

-			else X509_free(x509);

-		} else {

-			if(ca) sk_X509_push (*ca, x509);

-			else X509_free(x509);

-		}

-	break;

-	case NID_safeContentsBag:

-		return parse_bags(bag->value.safes, pass, passlen,

-			 		pkey, cert, ca, keyid, keymatch);

-	break;

-	default:

-		return 1;

-	break;

-	}

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_mutl.c

+++ /dev/null

@@ -1,182 +1,0 @@

-/* p12_mutl.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef OPENSSL_NO_HMAC

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/hmac.h>

-#include <openssl/rand.h>

-#include <openssl/pkcs12.h>

-/* Generate a MAC */

-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,

-		   unsigned char *mac, unsigned int *maclen)

-{

-	const EVP_MD *md_type;

-	HMAC_CTX hmac;

-	unsigned char key[EVP_MAX_MD_SIZE], *salt;

-	int saltlen, iter;

-	if (!PKCS7_type_is_data(p12->authsafes))

-		{

-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);

-		return 0;

-		}

-	salt = p12->mac->salt->data;

-	saltlen = p12->mac->salt->length;

-	if (!p12->mac->iter) iter = 1;

-	else iter = ASN1_INTEGER_get (p12->mac->iter);

-    	if(!(md_type =

-		 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {

-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);

-		return 0;

-	}

-	if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,

-				 EVP_MD_size(md_type), key, md_type)) {

-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);

-		return 0;

-	}

-	HMAC_CTX_init(&hmac);

-	HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);

-    	HMAC_Update(&hmac, p12->authsafes->d.data->data,

-					 p12->authsafes->d.data->length);

-    	HMAC_Final(&hmac, mac, maclen);

-    	HMAC_CTX_cleanup(&hmac);

-	return 1;

-}

-/* Verify the mac */

-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)

-{

-	unsigned char mac[EVP_MAX_MD_SIZE];

-	unsigned int maclen;

-	if(p12->mac == NULL) {

-		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);

-		return 0;

-	}

-	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {

-		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);

-		return 0;

-	}

-	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)

-	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;

-	return 1;

-}

-/* Set a mac */

-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,

-	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)

-{

-	unsigned char mac[EVP_MAX_MD_SIZE];

-	unsigned int maclen;

-	if (!md_type) md_type = EVP_sha1();

-	if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==

-				 	PKCS12_ERROR) {

-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);

-		return 0;

-	}

-	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {

-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);

-		return 0;

-	}

-	if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {

-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);

-						return 0;

-	}

-	return 1;

-}

-/* Set up a mac structure */

-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,

-	     const EVP_MD *md_type)

-{

-	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;

-	if (iter > 1) {

-		if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {

-			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {

-			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-	}

-	if (!saltlen) saltlen = PKCS12_SALT_LEN;

-	p12->mac->salt->length = saltlen;

-	if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {

-		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	if (!salt) {

-		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)

-			return 0;

-	}

-	else memcpy (p12->mac->salt->data, salt, saltlen);

-	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));

-	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {

-		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;

-	return 1;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_npas.c

+++ /dev/null

@@ -1,216 +1,0 @@

-/* p12_npas.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include <openssl/pkcs12.h>

-/* PKCS#12 password change routine */

-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);

-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,

-			char *newpass);

-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);

-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);

-/*

- * Change the password on a PKCS#12 structure.

- */

-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)

-{

-	/* Check for NULL PKCS12 structure */

-	if(!p12) {

-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);

-		return 0;

-	}

-	/* Check the mac */

-	if (!PKCS12_verify_mac(p12, oldpass, -1)) {

-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);

-		return 0;

-	}

-	if (!newpass_p12(p12, oldpass, newpass)) {

-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);

-		return 0;

-	}

-	return 1;

-}

-/* Parse the outer PKCS#12 structure */

-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)

-{

-	STACK_OF(PKCS7) *asafes, *newsafes;

-	STACK_OF(PKCS12_SAFEBAG) *bags;

-	int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;

-	PKCS7 *p7, *p7new;

-	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;

-	unsigned char mac[EVP_MAX_MD_SIZE];

-	unsigned int maclen;

-	if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;

-	if(!(newsafes = sk_PKCS7_new_null())) return 0;

-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {

-		p7 = sk_PKCS7_value(asafes, i);

-		bagnid = OBJ_obj2nid(p7->type);

-		if (bagnid == NID_pkcs7_data) {

-			bags = PKCS12_unpack_p7data(p7);

-		} else if (bagnid == NID_pkcs7_encrypted) {

-			bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);

-			alg_get(p7->d.encrypted->enc_data->algorithm,

-				&pbe_nid, &pbe_iter, &pbe_saltlen);

-		} else continue;

-		if (!bags) {

-			sk_PKCS7_pop_free(asafes, PKCS7_free);

-			return 0;

-		}

-	    	if (!newpass_bags(bags, oldpass, newpass)) {

-			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-			sk_PKCS7_pop_free(asafes, PKCS7_free);

-			return 0;

-		}

-		/* Repack bag in same form with new password */

-		if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);

-		else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,

-						 pbe_saltlen, pbe_iter, bags);

-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

-		if(!p7new) {

-			sk_PKCS7_pop_free(asafes, PKCS7_free);

-			return 0;

-		}

-		sk_PKCS7_push(newsafes, p7new);

-	}

-	sk_PKCS7_pop_free(asafes, PKCS7_free);

-	/* Repack safe: save old safe in case of error */

-	p12_data_tmp = p12->authsafes->d.data;

-	if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;

-	if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;

-	if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;

-	if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;

-	if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;

-	ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);

-	p12->mac->dinfo->digest = macnew;

-	ASN1_OCTET_STRING_free(p12_data_tmp);

-	return 1;

-	saferr:

-	/* Restore old safe */

-	ASN1_OCTET_STRING_free(p12->authsafes->d.data);

-	ASN1_OCTET_STRING_free(macnew);

-	p12->authsafes->d.data = p12_data_tmp;

-	return 0;

-}

-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,

-			char *newpass)

-{

-	int i;

-	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {

-		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),

-				 oldpass, newpass))

-		    return 0;

-	}

-	return 1;

-}

-/* Change password of safebag: only needs handle shrouded keybags */

-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)

-{

-	PKCS8_PRIV_KEY_INFO *p8;

-	X509_SIG *p8new;

-	int p8_nid, p8_saltlen, p8_iter;

-	if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;

-	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;

-	alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);

-	if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,

-						     p8_iter, p8))) return 0;

-	X509_SIG_free(bag->value.shkeybag);

-	bag->value.shkeybag = p8new;

-	return 1;

-}

-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)

-{

-        PBEPARAM *pbe;

-        const unsigned char *p;

-        p = alg->parameter->value.sequence->data;

-        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);

-        *pnid = OBJ_obj2nid(alg->algorithm);

-	*piter = ASN1_INTEGER_get(pbe->iter);

-	*psaltlen = pbe->salt->length;

-        PBEPARAM_free(pbe);

-        return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_p8d.c

+++ /dev/null

@@ -1,68 +1,0 @@

-/* p12_p8d.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)

-{

-	return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,

-					passlen, p8->digest, 1);

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_p8e.c

+++ /dev/null

@@ -1,97 +1,0 @@

-/* p12_p8e.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,

-			 const char *pass, int passlen,

-			 unsigned char *salt, int saltlen, int iter,

-						PKCS8_PRIV_KEY_INFO *p8inf)

-{

-	X509_SIG *p8 = NULL;

-	X509_ALGOR *pbe;

-	if (!(p8 = X509_SIG_new())) {

-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);

-	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);

-	if(!pbe) {

-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);

-		goto err;

-	}

-	X509_ALGOR_free(p8->algor);

-	p8->algor = pbe;

-	M_ASN1_OCTET_STRING_free(p8->digest);

-	p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),

-					pass, passlen, p8inf, 1);

-	if(!p8->digest) {

-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);

-		goto err;

-	}

-	return p8;

-	err:

-	X509_SIG_free(p8);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/p12_utl.c

+++ /dev/null

@@ -1,146 +1,0 @@

-/* p12_utl.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/pkcs12.h>

-/* Cheap and nasty Unicode stuff */

-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)

-{

-	int ulen, i;

-	unsigned char *unitmp;

-	if (asclen == -1) asclen = strlen(asc);

-	ulen = asclen*2  + 2;

-	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;

-	for (i = 0; i < ulen - 2; i+=2) {

-		unitmp[i] = 0;

-		unitmp[i + 1] = asc[i>>1];

-	}

-	/* Make result double null terminated */

-	unitmp[ulen - 2] = 0;

-	unitmp[ulen - 1] = 0;

-	if (unilen) *unilen = ulen;

-	if (uni) *uni = unitmp;

-	return unitmp;

-}

-char *uni2asc(unsigned char *uni, int unilen)

-{

-	int asclen, i;

-	char *asctmp;

-	asclen = unilen / 2;

-	/* If no terminating zero allow for one */

-	if (!unilen || uni[unilen - 1]) asclen++;

-	uni++;

-	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;

-	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];

-	asctmp[asclen - 1] = 0;

-	return asctmp;

-}

-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)

-{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);

-}

-#ifndef OPENSSL_NO_FP_API

-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)

-{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);

-}

-#endif

-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)

-{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);

-}

-#ifndef OPENSSL_NO_FP_API

-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)

-{

-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);

-}

-#endif

-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)

-{

-	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),

-			NID_x509Certificate, NID_certBag);

-}

-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)

-{

-	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),

-			NID_x509Crl, NID_crlBag);

-}

-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)

-{

-	if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;

-	if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;

-	return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));

-}

-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)

-{

-	if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;

-	if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;

-	return ASN1_item_unpack(bag->value.bag->value.octet,

-							ASN1_ITEM_rptr(X509_CRL));

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/pk12err.c

+++ /dev/null

@@ -1,144 +1,0 @@

-/* crypto/pkcs12/pk12err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/pkcs12.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)

-static ERR_STRING_DATA PKCS12_str_functs[]=

-	{

-{ERR_FUNC(PKCS12_F_PARSE_BAG),	"PARSE_BAG"},

-{ERR_FUNC(PKCS12_F_PARSE_BAGS),	"PARSE_BAGS"},

-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME),	"PKCS12_ADD_FRIENDLYNAME"},

-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),	"PKCS12_add_friendlyname_asc"},

-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),	"PKCS12_add_friendlyname_uni"},

-{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID),	"PKCS12_add_localkeyid"},

-{ERR_FUNC(PKCS12_F_PKCS12_CREATE),	"PKCS12_create"},

-{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC),	"PKCS12_gen_mac"},

-{ERR_FUNC(PKCS12_F_PKCS12_INIT),	"PKCS12_init"},

-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I),	"PKCS12_item_decrypt_d2i"},

-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT),	"PKCS12_item_i2d_encrypt"},

-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG),	"PKCS12_item_pack_safebag"},

-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC),	"PKCS12_key_gen_asc"},

-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI),	"PKCS12_key_gen_uni"},

-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG),	"PKCS12_MAKE_KEYBAG"},

-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG),	"PKCS12_MAKE_SHKEYBAG"},

-{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS),	"PKCS12_newpass"},

-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA),	"PKCS12_pack_p7data"},

-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA),	"PKCS12_pack_p7encdata"},

-{ERR_FUNC(PKCS12_F_PKCS12_PARSE),	"PKCS12_parse"},

-{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT),	"PKCS12_pbe_crypt"},

-{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),	"PKCS12_PBE_keyivgen"},

-{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),	"PKCS12_setup_mac"},

-{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),	"PKCS12_set_mac"},

-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),	"PKCS12_unpack_authsafes"},

-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),	"PKCS12_unpack_p7data"},

-{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC),	"PKCS12_verify_mac"},

-{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),	"PKCS8_add_keyusage"},

-{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),	"PKCS8_encrypt"},

-{0,NULL}

-	};

-static ERR_STRING_DATA PKCS12_str_reasons[]=

-	{

-{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},

-{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},

-{ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},

-{ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},

-{ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},

-{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},

-{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},

-{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},

-{ERR_REASON(PKCS12_R_IV_GEN_ERROR)       ,"iv gen error"},

-{ERR_REASON(PKCS12_R_KEY_GEN_ERROR)      ,"key gen error"},

-{ERR_REASON(PKCS12_R_MAC_ABSENT)         ,"mac absent"},

-{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},

-{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR)    ,"mac setup error"},

-{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},

-{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR)   ,"mac verify error"},

-{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},

-{ERR_REASON(PKCS12_R_PARSE_ERROR)        ,"parse error"},

-{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},

-{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},

-{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},

-{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},

-{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},

-{0,NULL}

-	};

-#endif

-void ERR_load_PKCS12_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,PKCS12_str_functs);

-		ERR_load_strings(0,PKCS12_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs12/pkcs12.h

+++ /dev/null

@@ -1,333 +1,0 @@

-/* pkcs12.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_PKCS12_H

-#define HEADER_PKCS12_H

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#ifdef __cplusplus

-extern "C" {

-#endif

-#define PKCS12_KEY_ID	1

-#define PKCS12_IV_ID	2

-#define PKCS12_MAC_ID	3

-/* Default iteration count */

-#ifndef PKCS12_DEFAULT_ITER

-#define PKCS12_DEFAULT_ITER	PKCS5_DEFAULT_ITER

-#endif

-#define PKCS12_MAC_KEY_LENGTH 20

-#define PKCS12_SALT_LEN	8

-/* Uncomment out next line for unicode password and names, otherwise ASCII */

-/*#define PBE_UNICODE*/

-#ifdef PBE_UNICODE

-#define PKCS12_key_gen PKCS12_key_gen_uni

-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni

-#else

-#define PKCS12_key_gen PKCS12_key_gen_asc

-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc

-#endif

-/* MS key usage constants */

-#define KEY_EX	0x10

-#define KEY_SIG 0x80

-typedef struct {

-X509_SIG *dinfo;

-ASN1_OCTET_STRING *salt;

-ASN1_INTEGER *iter;	/* defaults to 1 */

-} PKCS12_MAC_DATA;

-typedef struct {

-ASN1_INTEGER *version;

-PKCS12_MAC_DATA *mac;

-PKCS7 *authsafes;

-} PKCS12;

-PREDECLARE_STACK_OF(PKCS12_SAFEBAG)

-typedef struct {

-ASN1_OBJECT *type;

-union {

-	struct pkcs12_bag_st *bag; /* secret, crl and certbag */

-	struct pkcs8_priv_key_info_st	*keybag; /* keybag */

-	X509_SIG *shkeybag; /* shrouded key bag */

-	STACK_OF(PKCS12_SAFEBAG) *safes;

-	ASN1_TYPE *other;

-}value;

-STACK_OF(X509_ATTRIBUTE) *attrib;

-} PKCS12_SAFEBAG;

-DECLARE_STACK_OF(PKCS12_SAFEBAG)

-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)

-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)

-typedef struct pkcs12_bag_st {

-ASN1_OBJECT *type;

-union {

-	ASN1_OCTET_STRING *x509cert;

-	ASN1_OCTET_STRING *x509crl;

-	ASN1_OCTET_STRING *octet;

-	ASN1_IA5STRING *sdsicert;

-	ASN1_TYPE *other; /* Secret or other bag */

-}value;

-} PKCS12_BAGS;

-#define PKCS12_ERROR	0

-#define PKCS12_OK	1

-/* Compatibility macros */

-#define M_PKCS12_x5092certbag PKCS12_x5092certbag

-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag

-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509

-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl

-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data

-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes

-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes

-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata

-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey

-#define M_PKCS8_decrypt PKCS8_decrypt

-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)

-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)

-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type

-#define PKCS12_get_attr(bag, attr_nid) \

-			 PKCS12_get_attr_gen(bag->attrib, attr_nid)

-#define PKCS8_get_attr(p8, attr_nid) \

-		PKCS12_get_attr_gen(p8->attributes, attr_nid)

-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)

-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);

-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);

-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);

-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);

-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,

-	     int nid2);

-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);

-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);

-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,

-								int passlen);

-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,

-			const char *pass, int passlen,

-			unsigned char *salt, int saltlen, int iter,

-			PKCS8_PRIV_KEY_INFO *p8);

-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,

-				     int passlen, unsigned char *salt,

-				     int saltlen, int iter,

-				     PKCS8_PRIV_KEY_INFO *p8);

-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);

-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);

-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

-			     unsigned char *salt, int saltlen, int iter,

-			     STACK_OF(PKCS12_SAFEBAG) *bags);

-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);

-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);

-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);

-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);

-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,

-				int namelen);

-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,

-				int namelen);

-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,

-				int namelen);

-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);

-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);

-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);

-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,

-				int passlen, unsigned char *in, int inlen,

-				unsigned char **data, int *datalen, int en_de);

-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,

-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);

-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,

-				       const char *pass, int passlen,

-				       void *obj, int zbuf);

-PKCS12 *PKCS12_init(int mode);

-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

-		       int saltlen, int id, int iter, int n,

-		       unsigned char *out, const EVP_MD *md_type);

-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);

-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,

-			 int en_de);

-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,

-			 unsigned char *mac, unsigned int *maclen);

-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);

-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,

-		   unsigned char *salt, int saltlen, int iter,

-		   const EVP_MD *md_type);

-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,

-					 int saltlen, const EVP_MD *md_type);

-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);

-char *uni2asc(unsigned char *uni, int unilen);

-DECLARE_ASN1_FUNCTIONS(PKCS12)

-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)

-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)

-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)

-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)

-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)

-void PKCS12_PBE_add(void);

-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,

-		 STACK_OF(X509) **ca);

-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,

-			 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,

-						 int mac_iter, int keytype);

-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);

-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,

-						int key_usage, int iter,

-						int key_nid, char *pass);

-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,

-					int safe_nid, int iter, char *pass);

-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);

-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);

-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);

-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);

-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);

-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_PKCS12_strings(void);

-/* Error codes for the PKCS12 functions. */

-/* Function codes. */

-#define PKCS12_F_PARSE_BAG				 129

-#define PKCS12_F_PARSE_BAGS				 103

-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME		 100

-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC		 127

-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI		 102

-#define PKCS12_F_PKCS12_ADD_LOCALKEYID			 104

-#define PKCS12_F_PKCS12_CREATE				 105

-#define PKCS12_F_PKCS12_GEN_MAC				 107

-#define PKCS12_F_PKCS12_INIT				 109

-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I		 106

-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT		 108

-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG		 117

-#define PKCS12_F_PKCS12_KEY_GEN_ASC			 110

-#define PKCS12_F_PKCS12_KEY_GEN_UNI			 111

-#define PKCS12_F_PKCS12_MAKE_KEYBAG			 112

-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG			 113

-#define PKCS12_F_PKCS12_NEWPASS				 128

-#define PKCS12_F_PKCS12_PACK_P7DATA			 114

-#define PKCS12_F_PKCS12_PACK_P7ENCDATA			 115

-#define PKCS12_F_PKCS12_PARSE				 118

-#define PKCS12_F_PKCS12_PBE_CRYPT			 119

-#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120

-#define PKCS12_F_PKCS12_SETUP_MAC			 122

-#define PKCS12_F_PKCS12_SET_MAC				 123

-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES		 130

-#define PKCS12_F_PKCS12_UNPACK_P7DATA			 131

-#define PKCS12_F_PKCS12_VERIFY_MAC			 126

-#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124

-#define PKCS12_F_PKCS8_ENCRYPT				 125

-/* Reason codes. */

-#define PKCS12_R_CANT_PACK_STRUCTURE			 100

-#define PKCS12_R_CONTENT_TYPE_NOT_DATA			 121

-#define PKCS12_R_DECODE_ERROR				 101

-#define PKCS12_R_ENCODE_ERROR				 102

-#define PKCS12_R_ENCRYPT_ERROR				 103

-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120

-#define PKCS12_R_INVALID_NULL_ARGUMENT			 104

-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105

-#define PKCS12_R_IV_GEN_ERROR				 106

-#define PKCS12_R_KEY_GEN_ERROR				 107

-#define PKCS12_R_MAC_ABSENT				 108

-#define PKCS12_R_MAC_GENERATION_ERROR			 109

-#define PKCS12_R_MAC_SETUP_ERROR			 110

-#define PKCS12_R_MAC_STRING_SET_ERROR			 111

-#define PKCS12_R_MAC_VERIFY_ERROR			 112

-#define PKCS12_R_MAC_VERIFY_FAILURE			 113

-#define PKCS12_R_PARSE_ERROR				 114

-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR		 115

-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR		 116

-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR			 117

-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM		 118

-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE		 119

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/Makefile

+++ /dev/null

@@ -1,187 +1,0 @@

-#

-# OpenSSL/crypto/pkcs7/Makefile

-#

-DIR=	pkcs7

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-PEX_LIBS=

-EX_LIBS=

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \

-	pk7_mime.c

-LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \

-	pk7_mime.o

-SRC= $(LIBSRC)

-EXHEADER=  pkcs7.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-test:

-all:	lib

-testapps: enc dec sign verify

-enc: enc.o lib

-	$(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)

-dec: dec.o lib

-	$(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)

-sign: sign.o lib

-	$(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)

-verify: verify.o example.o lib

-	$(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h

-pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c

-pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pk7_attr.o: ../../include/openssl/x509_vfy.h pk7_attr.c

-pk7_doit.o: ../../e_os.h ../../include/openssl/asn1.h

-pk7_doit.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_doit.c

-pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pk7_lib.o: ../cryptlib.h pk7_lib.c

-pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h

-pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-pk7_mime.o: ../../include/openssl/opensslconf.h

-pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h

-pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-pk7_mime.o: ../cryptlib.h pk7_mime.c

-pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h

-pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pk7_smime.o: ../../include/openssl/objects.h

-pk7_smime.o: ../../include/openssl/opensslconf.h

-pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pk7_smime.o: ../cryptlib.h pk7_smime.c

-pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-pkcs7err.o: ../../include/openssl/opensslconf.h

-pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pkcs7err.o: pkcs7err.c

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/bio_ber.c

+++ /dev/null

@@ -1,466 +1,0 @@

-/* crypto/evp/bio_ber.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-static int ber_write(BIO *h,char *buf,int num);

-static int ber_read(BIO *h,char *buf,int size);

-/*static int ber_puts(BIO *h,char *str); */

-/*static int ber_gets(BIO *h,char *str,int size); */

-static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);

-static int ber_new(BIO *h);

-static int ber_free(BIO *data);

-static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());

-#define BER_BUF_SIZE	(32)

-/* This is used to hold the state of the BER objects being read. */

-typedef struct ber_struct

-	{

-	int tag;

-	int class;

-	long length;

-	int inf;

-	int num_left;

-	int depth;

-	} BER_CTX;

-typedef struct bio_ber_struct

-	{

-	int tag;

-	int class;

-	long length;

-	int inf;

-	/* most of the following are used when doing non-blocking IO */

-	/* reading */

-	long num_left;	/* number of bytes still to read/write in block */

-	int depth;	/* used with indefinite encoding. */

-	int finished;	/* No more read data */

-	/* writting */

-	char *w_addr;

-	int w_offset;

-	int w_left;

-	int buf_len;

-	int buf_off;

-	unsigned char buf[BER_BUF_SIZE];

-	} BIO_BER_CTX;

-static BIO_METHOD methods_ber=

-	{

-	BIO_TYPE_CIPHER,"cipher",

-	ber_write,

-	ber_read,

-	NULL, /* ber_puts, */

-	NULL, /* ber_gets, */

-	ber_ctrl,

-	ber_new,

-	ber_free,

-	ber_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_ber(void)

-	{

-	return(&methods_ber);

-	}

-static int ber_new(BIO *bi)

-	{

-	BIO_BER_CTX *ctx;

-	ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));

-	if (ctx == NULL) return(0);

-	memset((char *)ctx,0,sizeof(BIO_BER_CTX));

-	bi->init=0;

-	bi->ptr=(char *)ctx;

-	bi->flags=0;

-	return(1);

-	}

-static int ber_free(BIO *a)

-	{

-	BIO_BER_CTX *b;

-	if (a == NULL) return(0);

-	b=(BIO_BER_CTX *)a->ptr;

-	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));

-	OPENSSL_free(a->ptr);

-	a->ptr=NULL;

-	a->init=0;

-	a->flags=0;

-	return(1);

-	}

-int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)

-	{

-	char buf[64];

-	int i,j,n;

-	int ret;

-	unsigned char *p;

-	unsigned long length

-	int tag;

-	int class;

-	long max;

-	BIO_clear_retry_flags(b);

-	/* Pack the buffer down if there is a hole at the front */

-	if (ctx->buf_off != 0)

-		{

-		p=ctx->buf;

-		j=ctx->buf_off;

-		n=ctx->buf_len-j;

-		for (i=0; i<n; i++)

-			{

-			p[0]=p[j];

-			p++;

-			}

-		ctx->buf_len-j;

-		ctx->buf_off=0;

-		}

-	/* If there is more room, read some more data */

-	i=BER_BUF_SIZE-ctx->buf_len;

-	if (i)

-		{

-		i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);

-		if (i <= 0)

-			{

-			BIO_copy_next_retry(b);

-			return(i);

-			}

-		else

-			ctx->buf_len+=i;

-		}

-	max=ctx->buf_len;

-	p=ctx->buf;

-	ret=ASN1_get_object(&p,&length,&tag,&class,max);

-	if (ret & 0x80)

-		{

-		if ((ctx->buf_len < BER_BUF_SIZE) &&

-			(ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))

-			{

-			ERR_clear_error(); /* clear the error */

-			BIO_set_retry_read(b);

-			}

-		return(-1);

-		}

-	/* We have no error, we have a header, so make use of it */

-	if ((ctx->tag  >= 0) && (ctx->tag != tag))

-		{

-		BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);

-		sprintf(buf,"tag=%d, got %d",ctx->tag,tag);

-		ERR_add_error_data(1,buf);

-		return(-1);

-		}

-	if (ret & 0x01)

-	if (ret & V_ASN1_CONSTRUCTED)

-	}

-static int ber_read(BIO *b, char *out, int outl)

-	{

-	int ret=0,i,n;

-	BIO_BER_CTX *ctx;

-	BIO_clear_retry_flags(b);

-	if (out == NULL) return(0);

-	ctx=(BIO_BER_CTX *)b->ptr;

-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);

-	if (ctx->finished) return(0);

-again:

-	/* First see if we are half way through reading a block */

-	if (ctx->num_left > 0)

-		{

-		if (ctx->num_left < outl)

-			n=ctx->num_left;

-		else

-			n=outl;

-		i=BIO_read(b->next_bio,out,n);

-		if (i <= 0)

-			{

-			BIO_copy_next_retry(b);

-			return(i);

-			}

-		ctx->num_left-=i;

-		outl-=i;

-		ret+=i;

-		if (ctx->num_left <= 0)

-			{

-			ctx->depth--;

-			if (ctx->depth <= 0)

-				ctx->finished=1;

-			}

-		if (outl <= 0)

-			return(ret);

-		else

-			goto again;

-		}

-	else	/* we need to read another BER header */

-		{

-		}

-	}

-static int ber_write(BIO *b, char *in, int inl)

-	{

-	int ret=0,n,i;

-	BIO_ENC_CTX *ctx;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	ret=inl;

-	BIO_clear_retry_flags(b);

-	n=ctx->buf_len-ctx->buf_off;

-	while (n > 0)

-		{

-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-		if (i <= 0)

-			{

-			BIO_copy_next_retry(b);

-			return(i);

-			}

-		ctx->buf_off+=i;

-		n-=i;

-		}

-	/* at this point all pending data has been written */

-	if ((in == NULL) || (inl <= 0)) return(0);

-	ctx->buf_off=0;

-	while (inl > 0)

-		{

-		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;

-		EVP_CipherUpdate(&(ctx->cipher),

-			(unsigned char *)ctx->buf,&ctx->buf_len,

-			(unsigned char *)in,n);

-		inl-=n;

-		in+=n;

-		ctx->buf_off=0;

-		n=ctx->buf_len;

-		while (n > 0)

-			{

-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);

-			if (i <= 0)

-				{

-				BIO_copy_next_retry(b);

-				return(i);

-				}

-			n-=i;

-			ctx->buf_off+=i;

-			}

-		ctx->buf_len=0;

-		ctx->buf_off=0;

-		}

-	BIO_copy_next_retry(b);

-	return(ret);

-	}

-static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)

-	{

-	BIO *dbio;

-	BIO_ENC_CTX *ctx,*dctx;

-	long ret=1;

-	int i;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		ctx->ok=1;

-		ctx->finished=0;

-		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,

-			ctx->cipher.berrypt);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_EOF:	/* More to read */

-		if (ctx->cont <= 0)

-			ret=1;

-		else

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_WPENDING:

-		ret=ctx->buf_len-ctx->buf_off;

-		if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_PENDING: /* More to read in buffer */

-		ret=ctx->buf_len-ctx->buf_off;

-		if (ret <= 0)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_FLUSH:

-		/* do a final write */

-again:

-		while (ctx->buf_len != ctx->buf_off)

-			{

-			i=ber_write(b,NULL,0);

-			if (i < 0)

-				{

-				ret=i;

-				break;

-				}

-			}

-		if (!ctx->finished)

-			{

-			ctx->finished=1;

-			ctx->buf_off=0;

-			ret=EVP_CipherFinal_ex(&(ctx->cipher),

-				(unsigned char *)ctx->buf,

-				&(ctx->buf_len));

-			ctx->ok=(int)ret;

-			if (ret <= 0) break;

-			/* push out the bytes */

-			goto again;

-			}

-		/* Finally flush the underlying BIO */

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-	case BIO_C_GET_CIPHER_STATUS:

-		ret=(long)ctx->ok;

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_DUP:

-		dbio=(BIO *)ptr;

-		dctx=(BIO_ENC_CTX *)dbio->ptr;

-		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));

-		dbio->init=1;

-		break;

-	default:

-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())

-	{

-	long ret=1;

-	if (b->next_bio == NULL) return(0);

-	switch (cmd)

-		{

-	default:

-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-/*

-void BIO_set_cipher_ctx(b,c)

-BIO *b;

-EVP_CIPHER_ctx *c;

-	{

-	if (b == NULL) return;

-	if ((b->callback != NULL) &&

-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))

-		return;

-	b->init=1;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));

-	if (b->callback != NULL)

-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);

-	}

-*/

-void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,

-	     int e)

-	{

-	BIO_ENC_CTX *ctx;

-	if (b == NULL) return;

-	if ((b->callback != NULL) &&

-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))

-		return;

-	b->init=1;

-	ctx=(BIO_ENC_CTX *)b->ptr;

-	EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);

-	if (b->callback != NULL)

-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/dec.c

+++ /dev/null

@@ -1,248 +1,0 @@

-/* crypto/pkcs7/verify.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include <openssl/asn1.h>

-int verify_callback(int ok, X509_STORE_CTX *ctx);

-BIO *bio_err=NULL;

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	char *keyfile=NULL;

-	BIO *in;

-	EVP_PKEY *pkey;

-	X509 *x509;

-	PKCS7 *p7;

-	PKCS7_SIGNER_INFO *si;

-	X509_STORE_CTX cert_ctx;

-	X509_STORE *cert_store=NULL;

-	BIO *data,*detached=NULL,*p7bio=NULL;

-	char buf[1024*4];

-	unsigned char *pp;

-	int i,printit=0;

-	STACK_OF(PKCS7_SIGNER_INFO) *sk;

-	OpenSSL_add_all_algorithms();

-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	data=BIO_new(BIO_s_file());

-	pp=NULL;

-	while (argc > 1)

-		{

-		argc--;

-		argv++;

-		if (strcmp(argv[0],"-p") == 0)

-			{

-			printit=1;

-			}

-		else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {

-			keyfile = argv[1];

-			argc-=1;

-			argv+=1;

-		} else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))

-			{

-			detached=BIO_new(BIO_s_file());

-			if (!BIO_read_filename(detached,argv[1]))

-				goto err;

-			argc-=1;

-			argv+=1;

-			}

-		else break;

-		}

-	 if (!BIO_read_filename(data,argv[0])) goto err;

-	if(!keyfile) {

-		fprintf(stderr, "No private key file specified\n");

-		goto err;

-	}

-        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;

-        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;

-        BIO_reset(in);

-        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)

-		goto err;

-        BIO_free(in);

-	if (pp == NULL)

-		BIO_set_fp(data,stdin,BIO_NOCLOSE);

-	/* Load the PKCS7 object from a file */

-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;

-	/* This stuff is being setup for certificate verification.

-	 * When using SSL, it could be replaced with a

-	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */

-	cert_store=X509_STORE_new();

-	X509_STORE_set_default_paths(cert_store);

-	X509_STORE_load_locations(cert_store,NULL,"../../certs");

-	X509_STORE_set_verify_cb_func(cert_store,verify_callback);

-	ERR_clear_error();

-	/* We need to process the data */

-	/* We cannot support detached encryption */

-	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);

-	if (p7bio == NULL)

-		{

-		printf("problems decoding\n");

-		goto err;

-		}

-	/* We now have to 'read' from p7bio to calculate digests etc. */

-	for (;;)

-		{

-		i=BIO_read(p7bio,buf,sizeof(buf));

-		/* print it? */

-		if (i <= 0) break;

-		fwrite(buf,1, i, stdout);

-		}

-	/* We can now verify signatures */

-	sk=PKCS7_get_signer_info(p7);

-	if (sk == NULL)

-		{

-		fprintf(stderr, "there are no signatures on this data\n");

-		}

-	else

-		{

-		/* Ok, first we need to, for each subject entry,

-		 * see if we can verify */

-		ERR_clear_error();

-		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)

-			{

-			si=sk_PKCS7_SIGNER_INFO_value(sk,i);

-			i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);

-			if (i <= 0)

-				goto err;

-			else

-				fprintf(stderr,"Signature verified\n");

-			}

-		}

-	X509_STORE_free(cert_store);

-	exit(0);

-err:

-	ERR_load_crypto_strings();

-	ERR_print_errors_fp(stderr);

-	exit(1);

-	}

-/* should be X509 * but we can just have them as char *. */

-int verify_callback(int ok, X509_STORE_CTX *ctx)

-	{

-	char buf[256];

-	X509 *err_cert;

-	int err,depth;

-	err_cert=X509_STORE_CTX_get_current_cert(ctx);

-	err=	X509_STORE_CTX_get_error(ctx);

-	depth=	X509_STORE_CTX_get_error_depth(ctx);

-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);

-	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);

-	if (!ok)

-		{

-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,

-			X509_verify_cert_error_string(err));

-		if (depth < 6)

-			{

-			ok=1;

-			X509_STORE_CTX_set_error(ctx,X509_V_OK);

-			}

-		else

-			{

-			ok=0;

-			X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);

-			}

-		}

-	switch (ctx->error)

-		{

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);

-		BIO_printf(bio_err,"issuer= %s\n",buf);

-		break;

-	case X509_V_ERR_CERT_NOT_YET_VALID:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

-		BIO_printf(bio_err,"notBefore=");

-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));

-		BIO_printf(bio_err,"\n");

-		break;

-	case X509_V_ERR_CERT_HAS_EXPIRED:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

-		BIO_printf(bio_err,"notAfter=");

-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));

-		BIO_printf(bio_err,"\n");

-		break;

-		}

-	BIO_printf(bio_err,"verify return:%d\n",ok);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/des.pem

+++ /dev/null

@@ -1,15 +1,0 @@

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ

-/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw

-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI

-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G

-CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N

-WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA

-oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL

-lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8

-5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/doc

+++ /dev/null

@@ -1,24 +1,0 @@

-int PKCS7_set_content_type(PKCS7 *p7, int type);

-Call to set the type of PKCS7 object we are working on

-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,

-	EVP_MD *dgst);

-Use this to setup a signer info

-There will also be functions to add signed and unsigned attributes.

-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);

-Add a signer info to the content.

-int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);

-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);

-----

-p7=PKCS7_new();

-PKCS7_set_content_type(p7,NID_pkcs7_signed);

-signer=PKCS7_SINGNER_INFO_new();

-PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());

-PKCS7_add_signer(py,signer);

-we are now setup.

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/enc.c

+++ /dev/null

@@ -1,174 +1,0 @@

-/* crypto/pkcs7/enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	X509 *x509;

-	PKCS7 *p7;

-	BIO *in;

-	BIO *data,*p7bio;

-	char buf[1024*4];

-	int i;

-	int nodetach=1;

-	char *keyfile = NULL;

-	const EVP_CIPHER *cipher=NULL;

-	STACK_OF(X509) *recips=NULL;

-	OpenSSL_add_all_algorithms();

-	data=BIO_new(BIO_s_file());

-	while(argc > 1)

-		{

-		if (strcmp(argv[1],"-nd") == 0)

-			{

-			nodetach=1;

-			argv++; argc--;

-			}

-		else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {

-			if(!(cipher = EVP_get_cipherbyname(argv[2]))) {

-				fprintf(stderr, "Unknown cipher %s\n", argv[2]);

-				goto err;

-			}

-			argc-=2;

-			argv+=2;

-		} else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {

-			keyfile = argv[2];

-			argc-=2;

-			argv+=2;

-			if (!(in=BIO_new_file(keyfile,"r"))) goto err;

-			if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))

-				goto err;

-			if(!recips) recips = sk_X509_new_null();

-			sk_X509_push(recips, x509);

-			BIO_free(in);

-		} else break;

-	}

-	if(!recips) {

-		fprintf(stderr, "No recipients\n");

-		goto err;

-	}

-	if (!BIO_read_filename(data,argv[1])) goto err;

-	p7=PKCS7_new();

-#if 0

-	BIO_reset(in);

-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;

-	BIO_free(in);

-	PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);

-	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;

-	/* we may want to add more */

-	PKCS7_add_certificate(p7,x509);

-#else

-	PKCS7_set_type(p7,NID_pkcs7_enveloped);

-#endif

-	if(!cipher)	{

-#ifndef OPENSSL_NO_DES

-		cipher = EVP_des_ede3_cbc();

-#else

-		fprintf(stderr, "No cipher selected\n");

-		goto err;

-#endif

-	}

-	if (!PKCS7_set_cipher(p7,cipher)) goto err;

-	for(i = 0; i < sk_X509_num(recips); i++) {

-		if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;

-	}

-	sk_X509_pop_free(recips, X509_free);

-	/* Set the content of the signed to 'data' */

-	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */

-	/* could be used, but not in this version :-)

-	if (!nodetach) PKCS7_set_detached(p7,1);

-	*/

-	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;

-	for (;;)

-		{

-		i=BIO_read(data,buf,sizeof(buf));

-		if (i <= 0) break;

-		BIO_write(p7bio,buf,i);

-		}

-	BIO_flush(p7bio);

-	if (!PKCS7_dataFinal(p7,p7bio)) goto err;

-	BIO_free(p7bio);

-	PEM_write_PKCS7(stdout,p7);

-	PKCS7_free(p7);

-	exit(0);

-err:

-	ERR_load_crypto_strings();

-	ERR_print_errors_fp(stderr);

-	exit(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/es1.pem

+++ /dev/null

@@ -1,66 +1,0 @@

------BEGIN PKCS7-----

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo

-KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw

-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI

-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G

-CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4

-ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA

-oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F

-XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+

-II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT

-pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0

-lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs

-8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5

-otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx

-go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi

-XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t

-KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw

-Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL

-r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu

-l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/

-mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk

-l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+

-HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY

-gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo

-TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL

-5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME

-SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/

-y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4

-9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP

-nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB

-Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs

-LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T

-tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE

-SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR

-8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/

-wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI

-uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw

-RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM

-Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU

-o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o

-WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy

-Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk

-YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ

-CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3

-DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714

-ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5

-kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX

-1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s

-xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb

-IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7

-7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv

-qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG

-X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a

-DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe

-UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1

-gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x

-PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT

-5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha

-y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC

-lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf

-lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/example.c

+++ /dev/null

@@ -1,329 +1,0 @@

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/pkcs7.h>

-#include <openssl/asn1_mac.h>

-#include <openssl/x509.h>

-int add_signed_time(PKCS7_SIGNER_INFO *si)

-	{

-	ASN1_UTCTIME *sign_time;

-	/* The last parameter is the amount to add/subtract from the current

-	 * time (in seconds) */

-	sign_time=X509_gmtime_adj(NULL,0);

-	PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,

-		V_ASN1_UTCTIME,(char *)sign_time);

-	return(1);

-	}

-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)

-	{

-	ASN1_TYPE *so;

-	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);

-	if (so->type == V_ASN1_UTCTIME)

-	    return so->value.utctime;

-	return NULL;

-	}

-static int signed_string_nid= -1;

-void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)

-	{

-	ASN1_OCTET_STRING *os;

-	/* To a an object of OID 1.2.3.4.5, which is an octet string */

-	if (signed_string_nid == -1)

-		signed_string_nid=

-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");

-	os=ASN1_OCTET_STRING_new();

-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));

-	/* When we add, we do not free */

-	PKCS7_add_signed_attribute(si,signed_string_nid,

-		V_ASN1_OCTET_STRING,(char *)os);

-	}

-int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)

-	{

-	ASN1_TYPE *so;

-	ASN1_OCTET_STRING *os;

-	int i;

-	if (signed_string_nid == -1)

-		signed_string_nid=

-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");

-	/* To retrieve */

-	so=PKCS7_get_signed_attribute(si,signed_string_nid);

-	if (so != NULL)

-		{

-		if (so->type == V_ASN1_OCTET_STRING)

-			{

-			os=so->value.octet_string;

-			i=os->length;

-			if ((i+1) > len)

-				i=len-1;

-			memcpy(buf,os->data,i);

-			return(i);

-			}

-		}

-	return(0);

-	}

-static int signed_seq2string_nid= -1;

-/* ########################################### */

-int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)

-	{

-	/* To add an object of OID 1.9.999, which is a sequence containing

-	 * 2 octet strings */

-	unsigned char *p;

-	ASN1_OCTET_STRING *os1,*os2;

-	ASN1_STRING *seq;

-	unsigned char *data;

-	int i,total;

-	if (signed_seq2string_nid == -1)

-		signed_seq2string_nid=

-			OBJ_create("1.9.9999","OID_example","Our example OID");

-	os1=ASN1_OCTET_STRING_new();

-	os2=ASN1_OCTET_STRING_new();

-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));

-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));

-	i =i2d_ASN1_OCTET_STRING(os1,NULL);

-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);

-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);

-	data=malloc(total);

-	p=data;

-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);

-	i2d_ASN1_OCTET_STRING(os1,&p);

-	i2d_ASN1_OCTET_STRING(os2,&p);

-	seq=ASN1_STRING_new();

-	ASN1_STRING_set(seq,data,total);

-	free(data);

-	ASN1_OCTET_STRING_free(os1);

-	ASN1_OCTET_STRING_free(os2);

-	PKCS7_add_signed_attribute(si,signed_seq2string_nid,

-		V_ASN1_SEQUENCE,(char *)seq);

-	return(1);

-	}

-/* For this case, I will malloc the return strings */

-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)

-	{

-	ASN1_TYPE *so;

-	if (signed_seq2string_nid == -1)

-		signed_seq2string_nid=

-			OBJ_create("1.9.9999","OID_example","Our example OID");

-	/* To retrieve */

-	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);

-	if (so && (so->type == V_ASN1_SEQUENCE))

-		{

-		ASN1_const_CTX c;

-		ASN1_STRING *s;

-		long length;

-		ASN1_OCTET_STRING *os1,*os2;

-		s=so->value.sequence;

-		c.p=ASN1_STRING_data(s);

-		c.max=c.p+ASN1_STRING_length(s);

-		if (!asn1_GetSequence(&c,&length)) goto err;

-		/* Length is the length of the seqence */

-		c.q=c.p;

-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)

-			goto err;

-		c.slen-=(c.p-c.q);

-		c.q=c.p;

-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)

-			goto err;

-		c.slen-=(c.p-c.q);

-		if (!asn1_const_Finish(&c)) goto err;

-		*str1=malloc(os1->length+1);

-		*str2=malloc(os2->length+1);

-		memcpy(*str1,os1->data,os1->length);

-		memcpy(*str2,os2->data,os2->length);

-		(*str1)[os1->length]='\0';

-		(*str2)[os2->length]='\0';

-		ASN1_OCTET_STRING_free(os1);

-		ASN1_OCTET_STRING_free(os2);

-		return(1);

-		}

-err:

-	return(0);

-	}

-/* #######################################

- * THE OTHER WAY TO DO THINGS

- * #######################################

- */

-X509_ATTRIBUTE *create_time(void)

-	{

-	ASN1_UTCTIME *sign_time;

-	X509_ATTRIBUTE *ret;

-	/* The last parameter is the amount to add/subtract from the current

-	 * time (in seconds) */

-	sign_time=X509_gmtime_adj(NULL,0);

-	ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,

-		V_ASN1_UTCTIME,(char *)sign_time);

-	return(ret);

-	}

-ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)

-	{

-	ASN1_TYPE *so;

-	PKCS7_SIGNER_INFO si;

-	si.auth_attr=sk;

-	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);

-	if (so->type == V_ASN1_UTCTIME)

-	    return so->value.utctime;

-	return NULL;

-	}

-X509_ATTRIBUTE *create_string(char *str)

-	{

-	ASN1_OCTET_STRING *os;

-	X509_ATTRIBUTE *ret;

-	/* To a an object of OID 1.2.3.4.5, which is an octet string */

-	if (signed_string_nid == -1)

-		signed_string_nid=

-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");

-	os=ASN1_OCTET_STRING_new();

-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));

-	/* When we add, we do not free */

-	ret=X509_ATTRIBUTE_create(signed_string_nid,

-		V_ASN1_OCTET_STRING,(char *)os);

-	return(ret);

-	}

-int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)

-	{

-	ASN1_TYPE *so;

-	ASN1_OCTET_STRING *os;

-	int i;

-	PKCS7_SIGNER_INFO si;

-	si.auth_attr=sk;

-	if (signed_string_nid == -1)

-		signed_string_nid=

-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");

-	/* To retrieve */

-	so=PKCS7_get_signed_attribute(&si,signed_string_nid);

-	if (so != NULL)

-		{

-		if (so->type == V_ASN1_OCTET_STRING)

-			{

-			os=so->value.octet_string;

-			i=os->length;

-			if ((i+1) > len)

-				i=len-1;

-			memcpy(buf,os->data,i);

-			return(i);

-			}

-		}

-	return(0);

-	}

-X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)

-	{

-	/* To add an object of OID 1.9.999, which is a sequence containing

-	 * 2 octet strings */

-	unsigned char *p;

-	ASN1_OCTET_STRING *os1,*os2;

-	ASN1_STRING *seq;

-	X509_ATTRIBUTE *ret;

-	unsigned char *data;

-	int i,total;

-	if (signed_seq2string_nid == -1)

-		signed_seq2string_nid=

-			OBJ_create("1.9.9999","OID_example","Our example OID");

-	os1=ASN1_OCTET_STRING_new();

-	os2=ASN1_OCTET_STRING_new();

-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));

-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));

-	i =i2d_ASN1_OCTET_STRING(os1,NULL);

-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);

-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);

-	data=malloc(total);

-	p=data;

-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);

-	i2d_ASN1_OCTET_STRING(os1,&p);

-	i2d_ASN1_OCTET_STRING(os2,&p);

-	seq=ASN1_STRING_new();

-	ASN1_STRING_set(seq,data,total);

-	free(data);

-	ASN1_OCTET_STRING_free(os1);

-	ASN1_OCTET_STRING_free(os2);

-	ret=X509_ATTRIBUTE_create(signed_seq2string_nid,

-		V_ASN1_SEQUENCE,(char *)seq);

-	return(ret);

-	}

-/* For this case, I will malloc the return strings */

-int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)

-	{

-	ASN1_TYPE *so;

-	PKCS7_SIGNER_INFO si;

-	if (signed_seq2string_nid == -1)

-		signed_seq2string_nid=

-			OBJ_create("1.9.9999","OID_example","Our example OID");

-	si.auth_attr=sk;

-	/* To retrieve */

-	so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);

-	if (so->type == V_ASN1_SEQUENCE)

-		{

-		ASN1_const_CTX c;

-		ASN1_STRING *s;

-		long length;

-		ASN1_OCTET_STRING *os1,*os2;

-		s=so->value.sequence;

-		c.p=ASN1_STRING_data(s);

-		c.max=c.p+ASN1_STRING_length(s);

-		if (!asn1_GetSequence(&c,&length)) goto err;

-		/* Length is the length of the seqence */

-		c.q=c.p;

-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)

-			goto err;

-		c.slen-=(c.p-c.q);

-		c.q=c.p;

-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)

-			goto err;

-		c.slen-=(c.p-c.q);

-		if (!asn1_const_Finish(&c)) goto err;

-		*str1=malloc(os1->length+1);

-		*str2=malloc(os2->length+1);

-		memcpy(*str1,os1->data,os1->length);

-		memcpy(*str2,os2->data,os2->length);

-		(*str1)[os1->length]='\0';

-		(*str2)[os2->length]='\0';

-		ASN1_OCTET_STRING_free(os1);

-		ASN1_OCTET_STRING_free(os2);

-		return(1);

-		}

-err:

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/example.h

+++ /dev/null

@@ -1,57 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-int add_signed_time(PKCS7_SIGNER_INFO *si);

-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);

-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/info.pem

+++ /dev/null

@@ -1,57 +1,0 @@

-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA

-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/[email protected]

-serial :047D

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1149 (0x47d)

-        Signature Algorithm: md5withRSAEncryption

-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA

-        Validity

-            Not Before: May 13 05:40:58 1998 GMT

-            Not After : May 12 05:40:58 2000 GMT

-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-                Modulus:

-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:

-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:

-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:

-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:

-                    e7:e7:0c:4d:0b

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            Netscape Comment:

-                Generated with SSLeay

-    Signature Algorithm: md5withRSAEncryption

-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:

-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:

-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:

-        50:74:ad:92:cb:4e:90:e5:fa:7d

------BEGIN CERTIFICATE-----

-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV

-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE

-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E

-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw

-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0

-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG

-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf

-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB

-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA

-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8

-4A3ZItobUHStkstOkOX6fQ==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9

-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG

-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/

-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29

-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b

-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk

-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/infokey.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9

-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG

-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/

-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29

-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b

-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk

-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/p7/a1

+++ /dev/null

@@ -1,2 +1,0 @@

-j,H>_��_�D�zE�L�	VJ��觬���E3��Y�x%_�k

-3�)DLSc�8%

\ No newline at end of file

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/p7/a2

+++ /dev/null

@@ -1,1 +1,0 @@

-k~@a�,N�M͹�	<O( KP�騠�K�>��U�o_�Bqrm�?٠t?t��ρ�Id2�

\ No newline at end of file

binary files a/sys/src/ape/lib/openssl/crypto/pkcs7/p7/cert.p7c /dev/null differ

binary files a/sys/src/ape/lib/openssl/crypto/pkcs7/p7/smime.p7m /dev/null differ

binary files a/sys/src/ape/lib/openssl/crypto/pkcs7/p7/smime.p7s /dev/null differ

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_asn1.c

+++ /dev/null

@@ -1,214 +1,0 @@

-/* pk7_asn.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/pkcs7.h>

-#include <openssl/x509.h>

-/* PKCS#7 ASN1 module */

-/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */

-ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);

-ASN1_ADB(PKCS7) = {

-	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),

-	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),

-	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),

-	ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),

-	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),

-	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))

-} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);

-ASN1_NDEF_SEQUENCE(PKCS7) = {

-	ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),

-	ASN1_ADB_OBJECT(PKCS7)

-}ASN1_NDEF_SEQUENCE_END(PKCS7)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7)

-IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)

-IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)

-ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {

-	ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),

-	ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),

-	ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),

-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),

-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),

-	ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)

-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)

-/* Minor tweak to operation: free up EVP_PKEY */

-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_FREE_POST) {

-		PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;

-		EVP_PKEY_free(si->pkey);

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {

-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),

-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),

-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),

-	/* NB this should be a SET OF but we use a SEQUENCE OF so the

-	 * original order * is retained when the structure is reencoded.

-	 * Since the attributes are implicitly tagged this will not affect

-	 * the encoding.

-	 */

-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),

-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),

-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),

-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)

-} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)

-ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {

-	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),

-	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)

-ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {

-	ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),

-	ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),

-	ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)

-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)

-/* Minor tweak to operation: free up X509 */

-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_FREE_POST) {

-		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;

-		X509_free(ri->cert);

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {

-	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),

-	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),

-	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),

-	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)

-ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {

-	ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),

-	ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),

-	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)

-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)

-ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {

-	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),

-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),

-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),

-	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),

-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),

-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),

-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)

-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)

-ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {

-	ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),

-	ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)

-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)

-ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {

-	ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),

-	ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),

-	ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),

-	ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)

-} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)

-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)

-/* Specials for authenticated attributes */

-/* When signing attributes we want to reorder them to match the sorted

- * encoding.

- */

-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)

-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)

-/* When verifying attributes we need to use the received order. So

- * we use SEQUENCE OF and tag it to SET OF

- */

-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,

-				V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)

-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_attr.c

+++ /dev/null

@@ -1,141 +1,0 @@

-/* pk7_attr.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/bio.h>

-#include <openssl/asn1.h>

-#include <openssl/pem.h>

-#include <openssl/pkcs7.h>

-#include <openssl/x509.h>

-#include <openssl/err.h>

-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)

-{

-	ASN1_STRING *seq;

-	unsigned char *p, *pp;

-	int len;

-	len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,

-				       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,

-				       IS_SEQUENCE);

-	if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {

-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	p=pp;

-	i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,

-				   V_ASN1_UNIVERSAL, IS_SEQUENCE);

-	if(!(seq = ASN1_STRING_new())) {

-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	if(!ASN1_STRING_set (seq, pp, len)) {

-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	OPENSSL_free (pp);

-        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,

-							V_ASN1_SEQUENCE, seq);

-}

-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)

-	{

-	ASN1_TYPE *cap;

-	const unsigned char *p;

-	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);

-	if (!cap || (cap->type != V_ASN1_SEQUENCE))

-		return NULL;

-	p = cap->value.sequence->data;

-	return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,

-					  cap->value.sequence->length,

-					  d2i_X509_ALGOR, X509_ALGOR_free,

-					  V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);

-	}

-/* Basic smime-capabilities OID and optional integer arg */

-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)

-{

-	X509_ALGOR *alg;

-	if(!(alg = X509_ALGOR_new())) {

-		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	ASN1_OBJECT_free(alg->algorithm);

-	alg->algorithm = OBJ_nid2obj (nid);

-	if (arg > 0) {

-		ASN1_INTEGER *nbit;

-		if(!(alg->parameter = ASN1_TYPE_new())) {

-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		if(!(nbit = ASN1_INTEGER_new())) {

-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		if(!ASN1_INTEGER_set (nbit, arg)) {

-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		alg->parameter->value.integer = nbit;

-		alg->parameter->type = V_ASN1_INTEGER;

-	}

-	sk_X509_ALGOR_push (sk, alg);

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_dgst.c

+++ /dev/null

@@ -1,66 +1,0 @@

-/* crypto/pkcs7/pk7_dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_doit.c

+++ /dev/null

@@ -1,1147 +1,0 @@

-/* crypto/pkcs7/pk7_doit.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/err.h>

-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,

-			 void *value);

-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);

-static int PKCS7_type_is_other(PKCS7* p7)

-	{

-	int isOther=1;

-	int nid=OBJ_obj2nid(p7->type);

-	switch( nid )

-		{

-	case NID_pkcs7_data:

-	case NID_pkcs7_signed:

-	case NID_pkcs7_enveloped:

-	case NID_pkcs7_signedAndEnveloped:

-	case NID_pkcs7_digest:

-	case NID_pkcs7_encrypted:

-		isOther=0;

-		break;

-	default:

-		isOther=1;

-		}

-	return isOther;

-	}

-static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)

-	{

-	if ( PKCS7_type_is_data(p7))

-		return p7->d.data;

-	if ( PKCS7_type_is_other(p7) && p7->d.other

-		&& (p7->d.other->type == V_ASN1_OCTET_STRING))

-		return p7->d.other->value.octet_string;

-	return NULL;

-	}

-static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)

-	{

-	BIO *btmp;

-	const EVP_MD *md;

-	if ((btmp=BIO_new(BIO_f_md())) == NULL)

-		{

-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);

-		goto err;

-		}

-	md=EVP_get_digestbyobj(alg->algorithm);

-	if (md == NULL)

-		{

-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);

-		goto err;

-		}

-	BIO_set_md(btmp,md);

-	if (*pbio == NULL)

-		*pbio=btmp;

-	else if (!BIO_push(*pbio,btmp))

-		{

-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);

-		goto err;

-		}

-	btmp=NULL;

-	return 1;

-	err:

-	if (btmp)

-		BIO_free(btmp);

-	return 0;

-	}

-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)

-	{

-	int i;

-	BIO *out=NULL,*btmp=NULL;

-	X509_ALGOR *xa = NULL;

-	const EVP_CIPHER *evp_cipher=NULL;

-	STACK_OF(X509_ALGOR) *md_sk=NULL;

-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;

-	X509_ALGOR *xalg=NULL;

-	PKCS7_RECIP_INFO *ri=NULL;

-	EVP_PKEY *pkey;

-	ASN1_OCTET_STRING *os=NULL;

-	i=OBJ_obj2nid(p7->type);

-	p7->state=PKCS7_S_HEADER;

-	switch (i)

-		{

-	case NID_pkcs7_signed:

-		md_sk=p7->d.sign->md_algs;

-		os = PKCS7_get_octet_string(p7->d.sign->contents);

-		break;

-	case NID_pkcs7_signedAndEnveloped:

-		rsk=p7->d.signed_and_enveloped->recipientinfo;

-		md_sk=p7->d.signed_and_enveloped->md_algs;

-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;

-		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;

-		if (evp_cipher == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,

-						PKCS7_R_CIPHER_NOT_INITIALIZED);

-			goto err;

-			}

-		break;

-	case NID_pkcs7_enveloped:

-		rsk=p7->d.enveloped->recipientinfo;

-		xalg=p7->d.enveloped->enc_data->algorithm;

-		evp_cipher=p7->d.enveloped->enc_data->cipher;

-		if (evp_cipher == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,

-						PKCS7_R_CIPHER_NOT_INITIALIZED);

-			goto err;

-			}

-		break;

-	case NID_pkcs7_digest:

-		xa = p7->d.digest->md;

-		os = PKCS7_get_octet_string(p7->d.digest->contents);

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);

-	        goto err;

-		}

-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)

-		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))

-			goto err;

-	if (xa && !PKCS7_bio_add_digest(&out, xa))

-			goto err;

-	if (evp_cipher != NULL)

-		{

-		unsigned char key[EVP_MAX_KEY_LENGTH];

-		unsigned char iv[EVP_MAX_IV_LENGTH];

-		int keylen,ivlen;

-		int jj,max;

-		unsigned char *tmp;

-		EVP_CIPHER_CTX *ctx;

-		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);

-			goto err;

-			}

-		BIO_get_cipher_ctx(btmp, &ctx);

-		keylen=EVP_CIPHER_key_length(evp_cipher);

-		ivlen=EVP_CIPHER_iv_length(evp_cipher);

-		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));

-		if (ivlen > 0)

-			if (RAND_pseudo_bytes(iv,ivlen) <= 0)

-				goto err;

-		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)

-			goto err;

-		if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)

-			goto err;

-		if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)

-			goto err;

-		if (ivlen > 0) {

-			if (xalg->parameter == NULL) {

-				xalg->parameter = ASN1_TYPE_new();

-				if (xalg->parameter == NULL)

-					goto err;

-			}

-			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)

-			       goto err;

-		}

-		/* Lets do the pub key stuff :-) */

-		max=0;

-		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)

-			{

-			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);

-			if (ri->cert == NULL)

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);

-				goto err;

-				}

-			if ((pkey=X509_get_pubkey(ri->cert)) == NULL)

-				goto err;

-			jj=EVP_PKEY_size(pkey);

-			EVP_PKEY_free(pkey);

-			if (max < jj) max=jj;

-			}

-		if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)

-			{

-			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);

-			if ((pkey=X509_get_pubkey(ri->cert)) == NULL)

-				goto err;

-			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);

-			EVP_PKEY_free(pkey);

-			if (jj <= 0)

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);

-				OPENSSL_free(tmp);

-				goto err;

-				}

-			if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATAINIT,

-					ERR_R_MALLOC_FAILURE);

-				OPENSSL_free(tmp);

-				goto err;

-				}

-			}

-		OPENSSL_free(tmp);

-		OPENSSL_cleanse(key, keylen);

-		if (out == NULL)

-			out=btmp;

-		else

-			BIO_push(out,btmp);

-		btmp=NULL;

-		}

-	if (bio == NULL)

-		{

-		if (PKCS7_is_detached(p7))

-			bio=BIO_new(BIO_s_null());

-		else if (os && os->length > 0)

-			bio = BIO_new_mem_buf(os->data, os->length);

-		if(bio == NULL)

-			{

-			bio=BIO_new(BIO_s_mem());

-			if (bio == NULL)

-				goto err;

-			BIO_set_mem_eof_return(bio,0);

-			}

-		}

-	BIO_push(out,bio);

-	bio=NULL;

-	if (0)

-		{

-err:

-		if (out != NULL)

-			BIO_free_all(out);

-		if (btmp != NULL)

-			BIO_free_all(btmp);

-		out=NULL;

-		}

-	return(out);

-	}

-static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)

-	{

-	int ret;

-	ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,

-				pcert->cert_info->issuer);

-	if (ret)

-		return ret;

-	return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,

-					ri->issuer_and_serial->serial);

-	}

-/* int */

-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)

-	{

-	int i,j;

-	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;

-	unsigned char *tmp=NULL;

-	X509_ALGOR *xa;

-	ASN1_OCTET_STRING *data_body=NULL;

-	const EVP_MD *evp_md;

-	const EVP_CIPHER *evp_cipher=NULL;

-	EVP_CIPHER_CTX *evp_ctx=NULL;

-	X509_ALGOR *enc_alg=NULL;

-	STACK_OF(X509_ALGOR) *md_sk=NULL;

-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;

-	X509_ALGOR *xalg=NULL;

-	PKCS7_RECIP_INFO *ri=NULL;

-	i=OBJ_obj2nid(p7->type);

-	p7->state=PKCS7_S_HEADER;

-	switch (i)

-		{

-	case NID_pkcs7_signed:

-		data_body=PKCS7_get_octet_string(p7->d.sign->contents);

-		md_sk=p7->d.sign->md_algs;

-		break;

-	case NID_pkcs7_signedAndEnveloped:

-		rsk=p7->d.signed_and_enveloped->recipientinfo;

-		md_sk=p7->d.signed_and_enveloped->md_algs;

-		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;

-		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;

-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);

-		if (evp_cipher == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);

-			goto err;

-			}

-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;

-		break;

-	case NID_pkcs7_enveloped:

-		rsk=p7->d.enveloped->recipientinfo;

-		enc_alg=p7->d.enveloped->enc_data->algorithm;

-		data_body=p7->d.enveloped->enc_data->enc_data;

-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);

-		if (evp_cipher == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);

-			goto err;

-			}

-		xalg=p7->d.enveloped->enc_data->algorithm;

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);

-	        goto err;

-		}

-	/* We will be checking the signature */

-	if (md_sk != NULL)

-		{

-		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)

-			{

-			xa=sk_X509_ALGOR_value(md_sk,i);

-			if ((btmp=BIO_new(BIO_f_md())) == NULL)

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);

-				goto err;

-				}

-			j=OBJ_obj2nid(xa->algorithm);

-			evp_md=EVP_get_digestbynid(j);

-			if (evp_md == NULL)

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);

-				goto err;

-				}

-			BIO_set_md(btmp,evp_md);

-			if (out == NULL)

-				out=btmp;

-			else

-				BIO_push(out,btmp);

-			btmp=NULL;

-			}

-		}

-	if (evp_cipher != NULL)

-		{

-#if 0

-		unsigned char key[EVP_MAX_KEY_LENGTH];

-		unsigned char iv[EVP_MAX_IV_LENGTH];

-		unsigned char *p;

-		int keylen,ivlen;

-		int max;

-		X509_OBJECT ret;

-#endif

-		int jj;

-		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);

-			goto err;

-			}

-		/* It was encrypted, we need to decrypt the secret key

-		 * with the private key */

-		/* Find the recipientInfo which matches the passed certificate

-		 * (if any)

-		 */

-		if (pcert) {

-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {

-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);

-				if (!pkcs7_cmp_ri(ri, pcert))

-					break;

-				ri=NULL;

-			}

-			if (ri == NULL) {

-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,

-				      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);

-				goto err;

-			}

-		}

-		jj=EVP_PKEY_size(pkey);

-		tmp=(unsigned char *)OPENSSL_malloc(jj+10);

-		if (tmp == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		/* If we haven't got a certificate try each ri in turn */

-		if (pcert == NULL)

-			{

-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)

-				{

-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);

-				jj=EVP_PKEY_decrypt(tmp,

-					M_ASN1_STRING_data(ri->enc_key),

-					M_ASN1_STRING_length(ri->enc_key),

-						pkey);

-				if (jj > 0)

-					break;

-				ERR_clear_error();

-				ri = NULL;

-				}

-			if (ri == NULL)

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,

-				      PKCS7_R_NO_RECIPIENT_MATCHES_KEY);

-				goto err;

-				}

-			}

-		else

-			{

-			jj=EVP_PKEY_decrypt(tmp,

-				M_ASN1_STRING_data(ri->enc_key),

-				M_ASN1_STRING_length(ri->enc_key), pkey);

-			if (jj <= 0)

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,

-								ERR_R_EVP_LIB);

-				goto err;

-				}

-			}

-		evp_ctx=NULL;

-		BIO_get_cipher_ctx(etmp,&evp_ctx);

-		if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)

-			goto err;

-		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)

-			goto err;

-		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {

-			/* Some S/MIME clients don't use the same key

-			 * and effective key length. The key length is

-			 * determined by the size of the decrypted RSA key.

-			 */

-			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,

-					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);

-				goto err;

-				}

-		}

-		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)

-			goto err;

-		OPENSSL_cleanse(tmp,jj);

-		if (out == NULL)

-			out=etmp;

-		else

-			BIO_push(out,etmp);

-		etmp=NULL;

-		}

-#if 1

-	if (PKCS7_is_detached(p7) || (in_bio != NULL))

-		{

-		bio=in_bio;

-		}

-	else

-		{

-#if 0

-		bio=BIO_new(BIO_s_mem());

-		/* We need to set this so that when we have read all

-		 * the data, the encrypt BIO, if present, will read

-		 * EOF and encode the last few bytes */

-		BIO_set_mem_eof_return(bio,0);

-		if (data_body->length > 0)

-			BIO_write(bio,(char *)data_body->data,data_body->length);

-#else

-		if (data_body->length > 0)

-		      bio = BIO_new_mem_buf(data_body->data,data_body->length);

-		else {

-			bio=BIO_new(BIO_s_mem());

-			BIO_set_mem_eof_return(bio,0);

-		}

-		if (bio == NULL)

-			goto err;

-#endif

-		}

-	BIO_push(out,bio);

-	bio=NULL;

-#endif

-	if (0)

-		{

-err:

-		if (out != NULL) BIO_free_all(out);

-		if (btmp != NULL) BIO_free_all(btmp);

-		if (etmp != NULL) BIO_free_all(etmp);

-		if (bio != NULL) BIO_free_all(bio);

-		out=NULL;

-		}

-	if (tmp != NULL)

-		OPENSSL_free(tmp);

-	return(out);

-	}

-static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)

-	{

-	for (;;)

-		{

-		bio=BIO_find_type(bio,BIO_TYPE_MD);

-		if (bio == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);

-			return NULL;

-			}

-		BIO_get_md_ctx(bio,pmd);

-		if (*pmd == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);

-			return NULL;

-			}

-		if (EVP_MD_CTX_type(*pmd) == nid)

-			return bio;

-		bio=BIO_next(bio);

-		}

-	return NULL;

-	}

-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)

-	{

-	int ret=0;

-	int i,j;

-	BIO *btmp;

-	BUF_MEM *buf_mem=NULL;

-	BUF_MEM *buf=NULL;

-	PKCS7_SIGNER_INFO *si;

-	EVP_MD_CTX *mdc,ctx_tmp;

-	STACK_OF(X509_ATTRIBUTE) *sk;

-	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;

-	ASN1_OCTET_STRING *os=NULL;

-	EVP_MD_CTX_init(&ctx_tmp);

-	i=OBJ_obj2nid(p7->type);

-	p7->state=PKCS7_S_HEADER;

-	switch (i)

-		{

-	case NID_pkcs7_signedAndEnveloped:

-		/* XXXXXXXXXXXXXXXX */

-		si_sk=p7->d.signed_and_enveloped->signer_info;

-		if (!(os=M_ASN1_OCTET_STRING_new()))

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		p7->d.signed_and_enveloped->enc_data->enc_data=os;

-		break;

-	case NID_pkcs7_enveloped:

-		/* XXXXXXXXXXXXXXXX */

-		if (!(os=M_ASN1_OCTET_STRING_new()))

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		p7->d.enveloped->enc_data->enc_data=os;

-		break;

-	case NID_pkcs7_signed:

-		si_sk=p7->d.sign->signer_info;

-		os=PKCS7_get_octet_string(p7->d.sign->contents);

-		/* If detached data then the content is excluded */

-		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {

-			M_ASN1_OCTET_STRING_free(os);

-			p7->d.sign->contents->d.data = NULL;

-		}

-		break;

-	case NID_pkcs7_digest:

-		os=PKCS7_get_octet_string(p7->d.digest->contents);

-		/* If detached data then the content is excluded */

-		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)

-			{

-			M_ASN1_OCTET_STRING_free(os);

-			p7->d.digest->contents->d.data = NULL;

-			}

-		break;

-		}

-	if (si_sk != NULL)

-		{

-		if ((buf=BUF_MEM_new()) == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);

-			goto err;

-			}

-		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)

-			{

-			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);

-			if (si->pkey == NULL) continue;

-			j=OBJ_obj2nid(si->digest_alg->algorithm);

-			btmp=bio;

-			btmp = PKCS7_find_digest(&mdc, btmp, j);

-			if (btmp == NULL)

-				goto err;

-			/* We now have the EVP_MD_CTX, lets do the

-			 * signing. */

-			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);

-			if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);

-				goto err;

-				}

-			sk=si->auth_attr;

-			/* If there are attributes, we add the digest

-			 * attribute and only sign the attributes */

-			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))

-				{

-				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;

-				unsigned int md_len, alen;

-				ASN1_OCTET_STRING *digest;

-				ASN1_UTCTIME *sign_time;

-				const EVP_MD *md_tmp;

-				/* Add signing time if not already present */

-				if (!PKCS7_get_signed_attribute(si,

-							NID_pkcs9_signingTime))

-					{

-					if (!(sign_time=X509_gmtime_adj(NULL,0)))

-						{

-						PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

-							ERR_R_MALLOC_FAILURE);

-						goto err;

-						}

-					if (!PKCS7_add_signed_attribute(si,

-						NID_pkcs9_signingTime,

-						V_ASN1_UTCTIME,sign_time))

-						{

-						M_ASN1_UTCTIME_free(sign_time);

-						goto err;

-						}

-					}

-				/* Add digest */

-				md_tmp=EVP_MD_CTX_md(&ctx_tmp);

-				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);

-				if (!(digest=M_ASN1_OCTET_STRING_new()))

-					{

-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

-						ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				if (!M_ASN1_OCTET_STRING_set(digest,md_data,

-								md_len))

-					{

-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

-						ERR_R_MALLOC_FAILURE);

-					M_ASN1_OCTET_STRING_free(digest);

-					goto err;

-					}

-				if (!PKCS7_add_signed_attribute(si,

-					NID_pkcs9_messageDigest,

-					V_ASN1_OCTET_STRING,digest))

-					{

-					M_ASN1_OCTET_STRING_free(digest);

-					goto err;

-					}

-				/* Now sign the attributes */

-				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);

-				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,

-							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));

-				if(!abuf) goto err;

-				EVP_SignUpdate(&ctx_tmp,abuf,alen);

-				OPENSSL_free(abuf);

-				}

-#ifndef OPENSSL_NO_DSA

-			if (si->pkey->type == EVP_PKEY_DSA)

-				ctx_tmp.digest=EVP_dss1();

-#endif

-#ifndef OPENSSL_NO_ECDSA

- 			if (si->pkey->type == EVP_PKEY_EC)

- 				ctx_tmp.digest=EVP_ecdsa();

-#endif

-			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,

-				(unsigned int *)&buf->length,si->pkey))

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);

-				goto err;

-				}

-			if (!ASN1_STRING_set(si->enc_digest,

-				(unsigned char *)buf->data,buf->length))

-				{

-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);

-				goto err;

-				}

-			}

-		}

-	else if (i == NID_pkcs7_digest)

-		{

-		unsigned char md_data[EVP_MAX_MD_SIZE];

-		unsigned int md_len;

-		if (!PKCS7_find_digest(&mdc, bio,

-				OBJ_obj2nid(p7->d.digest->md->algorithm)))

-			goto err;

-		EVP_DigestFinal_ex(mdc,md_data,&md_len);

-		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);

-		}

-	if (!PKCS7_is_detached(p7))

-		{

-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);

-		if (btmp == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);

-			goto err;

-			}

-		BIO_get_mem_ptr(btmp,&buf_mem);

-		/* Mark the BIO read only then we can use its copy of the data

-		 * instead of making an extra copy.

-		 */

-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);

-		BIO_set_mem_eof_return(btmp, 0);

-		os->data = (unsigned char *)buf_mem->data;

-		os->length = buf_mem->length;

-#if 0

-		M_ASN1_OCTET_STRING_set(os,

-			(unsigned char *)buf_mem->data,buf_mem->length);

-#endif

-		}

-	ret=1;

-err:

-	EVP_MD_CTX_cleanup(&ctx_tmp);

-	if (buf != NULL) BUF_MEM_free(buf);

-	return(ret);

-	}

-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,

-	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)

-	{

-	PKCS7_ISSUER_AND_SERIAL *ias;

-	int ret=0,i;

-	STACK_OF(X509) *cert;

-	X509 *x509;

-	if (PKCS7_type_is_signed(p7))

-		{

-		cert=p7->d.sign->cert;

-		}

-	else if (PKCS7_type_is_signedAndEnveloped(p7))

-		{

-		cert=p7->d.signed_and_enveloped->cert;

-		}

-	else

-		{

-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);

-		goto err;

-		}

-	/* XXXXXXXXXXXXXXXXXXXXXXX */

-	ias=si->issuer_and_serial;

-	x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);

-	/* were we able to find the cert in passed to us */

-	if (x509 == NULL)

-		{

-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);

-		goto err;

-		}

-	/* Lets verify */

-	if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))

-		{

-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);

-		goto err;

-		}

-	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);

-	i=X509_verify_cert(ctx);

-	if (i <= 0)

-		{

-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);

-		X509_STORE_CTX_cleanup(ctx);

-		goto err;

-		}

-	X509_STORE_CTX_cleanup(ctx);

-	return PKCS7_signatureVerify(bio, p7, si, x509);

-	err:

-	return ret;

-	}

-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,

-								X509 *x509)

-	{

-	ASN1_OCTET_STRING *os;

-	EVP_MD_CTX mdc_tmp,*mdc;

-	int ret=0,i;

-	int md_type;

-	STACK_OF(X509_ATTRIBUTE) *sk;

-	BIO *btmp;

-	EVP_PKEY *pkey;

-	EVP_MD_CTX_init(&mdc_tmp);

-	if (!PKCS7_type_is_signed(p7) &&

-				!PKCS7_type_is_signedAndEnveloped(p7)) {

-		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,

-						PKCS7_R_WRONG_PKCS7_TYPE);

-		goto err;

-	}

-	md_type=OBJ_obj2nid(si->digest_alg->algorithm);

-	btmp=bio;

-	for (;;)

-		{

-		if ((btmp == NULL) ||

-			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))

-			{

-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,

-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);

-			goto err;

-			}

-		BIO_get_md_ctx(btmp,&mdc);

-		if (mdc == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,

-							ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		if (EVP_MD_CTX_type(mdc) == md_type)

-			break;

-		/* Workaround for some broken clients that put the signature

-		 * OID instead of the digest OID in digest_alg->algorithm

-		 */

-		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)

-			break;

-		btmp=BIO_next(btmp);

-		}

-	/* mdc is the digest ctx that we want, unless there are attributes,

-	 * in which case the digest is the signed attributes */

-	EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);

-	sk=si->auth_attr;

-	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))

-		{

-		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;

-                unsigned int md_len, alen;

-		ASN1_OCTET_STRING *message_digest;

-		EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);

-		message_digest=PKCS7_digest_from_attributes(sk);

-		if (!message_digest)

-			{

-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,

-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);

-			goto err;

-			}

-		if ((message_digest->length != (int)md_len) ||

-			(memcmp(message_digest->data,md_dat,md_len)))

-			{

-#if 0

-{

-int ii;

-for (ii=0; ii<message_digest->length; ii++)

-	printf("%02X",message_digest->data[ii]); printf(" sent\n");

-for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");

-}

-#endif

-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,

-							PKCS7_R_DIGEST_FAILURE);

-			ret= -1;

-			goto err;

-			}

-		EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);

-		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,

-						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));

-		EVP_VerifyUpdate(&mdc_tmp, abuf, alen);

-		OPENSSL_free(abuf);

-		}

-	os=si->enc_digest;

-	pkey = X509_get_pubkey(x509);

-	if (!pkey)

-		{

-		ret = -1;

-		goto err;

-		}

-#ifndef OPENSSL_NO_DSA

-	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();

-#endif

-	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);

-	EVP_PKEY_free(pkey);

-	if (i <= 0)

-		{

-		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,

-						PKCS7_R_SIGNATURE_FAILURE);

-		ret= -1;

-		goto err;

-		}

-	else

-		ret=1;

-err:

-	EVP_MD_CTX_cleanup(&mdc_tmp);

-	return(ret);

-	}

-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)

-	{

-	STACK_OF(PKCS7_RECIP_INFO) *rsk;

-	PKCS7_RECIP_INFO *ri;

-	int i;

-	i=OBJ_obj2nid(p7->type);

-	if (i != NID_pkcs7_signedAndEnveloped)

-		return NULL;

-	if (p7->d.signed_and_enveloped == NULL)

-		return NULL;

-	rsk=p7->d.signed_and_enveloped->recipientinfo;

-	if (rsk == NULL)

-		return NULL;

-	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);

-	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);

-	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);

-	return(ri->issuer_and_serial);

-	}

-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)

-	{

-	return(get_attribute(si->auth_attr,nid));

-	}

-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)

-	{

-	return(get_attribute(si->unauth_attr,nid));

-	}

-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)

-	{

-	int i;

-	X509_ATTRIBUTE *xa;

-	ASN1_OBJECT *o;

-	o=OBJ_nid2obj(nid);

-	if (!o || !sk) return(NULL);

-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)

-		{

-		xa=sk_X509_ATTRIBUTE_value(sk,i);

-		if (OBJ_cmp(xa->object,o) == 0)

-			{

-			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))

-				return(sk_ASN1_TYPE_value(xa->value.set,0));

-			else

-				return(NULL);

-			}

-		}

-	return(NULL);

-	}

-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)

-{

-	ASN1_TYPE *astype;

-	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;

-	return astype->value.octet_string;

-}

-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,

-				STACK_OF(X509_ATTRIBUTE) *sk)

-	{

-	int i;

-	if (p7si->auth_attr != NULL)

-		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);

-	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);

-	if (p7si->auth_attr == NULL)

-		return 0;

-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)

-		{

-		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,

-			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))

-		    == NULL)

-			return(0);

-		}

-	return(1);

-	}

-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)

-	{

-	int i;

-	if (p7si->unauth_attr != NULL)

-		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,

-					   X509_ATTRIBUTE_free);

-	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);

-	if (p7si->unauth_attr == NULL)

-		return 0;

-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)

-		{

-		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,

-                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))

-		    == NULL)

-			return(0);

-		}

-	return(1);

-	}

-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,

-	     void *value)

-	{

-	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));

-	}

-int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,

-	     void *value)

-	{

-	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));

-	}

-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,

-			 void *value)

-	{

-	X509_ATTRIBUTE *attr=NULL;

-	if (*sk == NULL)

-		{

-		if (!(*sk = sk_X509_ATTRIBUTE_new_null()))

-			return 0;

-new_attrib:

-		if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))

-			return 0;

-		if (!sk_X509_ATTRIBUTE_push(*sk,attr))

-			{

-			X509_ATTRIBUTE_free(attr);

-			return 0;

-			}

-		}

-	else

-		{

-		int i;

-		for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)

-			{

-			attr=sk_X509_ATTRIBUTE_value(*sk,i);

-			if (OBJ_obj2nid(attr->object) == nid)

-				{

-				X509_ATTRIBUTE_free(attr);

-				attr=X509_ATTRIBUTE_create(nid,atrtype,value);

-				if (attr == NULL)

-					return 0;

-				if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))

-					{

-					X509_ATTRIBUTE_free(attr);

-					return 0;

-					}

-				goto end;

-				}

-			}

-		goto new_attrib;

-		}

-end:

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_enc.c

+++ /dev/null

@@ -1,76 +1,0 @@

-/* crypto/pkcs7/pk7_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-PKCS7_in_bio(PKCS7 *p7,BIO *in);

-PKCS7_out_bio(PKCS7 *p7,BIO *out);

-PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);

-PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);

-PKCS7_Init(PKCS7 *p7);

-PKCS7_Update(PKCS7 *p7);

-PKCS7_Finish(PKCS7 *p7);

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_lib.c

+++ /dev/null

@@ -1,589 +1,0 @@

-/* crypto/pkcs7/pk7_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)

-	{

-	int nid;

-	long ret;

-	nid=OBJ_obj2nid(p7->type);

-	switch (cmd)

-		{

-	case PKCS7_OP_SET_DETACHED_SIGNATURE:

-		if (nid == NID_pkcs7_signed)

-			{

-			ret=p7->detached=(int)larg;

-			if (ret && PKCS7_type_is_data(p7->d.sign->contents))

-					{

-					ASN1_OCTET_STRING *os;

-					os=p7->d.sign->contents->d.data;

-					ASN1_OCTET_STRING_free(os);

-					p7->d.sign->contents->d.data = NULL;

-					}

-			}

-		else

-			{

-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);

-			ret=0;

-			}

-		break;

-	case PKCS7_OP_GET_DETACHED_SIGNATURE:

-		if (nid == NID_pkcs7_signed)

-			{

-			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)

-				ret = 1;

-			else ret = 0;

-			p7->detached = ret;

-			}

-		else

-			{

-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);

-			ret=0;

-			}

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);

-		ret=0;

-		}

-	return(ret);

-	}

-int PKCS7_content_new(PKCS7 *p7, int type)

-	{

-	PKCS7 *ret=NULL;

-	if ((ret=PKCS7_new()) == NULL) goto err;

-	if (!PKCS7_set_type(ret,type)) goto err;

-	if (!PKCS7_set_content(p7,ret)) goto err;

-	return(1);

-err:

-	if (ret != NULL) PKCS7_free(ret);

-	return(0);

-	}

-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)

-	{

-	int i;

-	i=OBJ_obj2nid(p7->type);

-	switch (i)

-		{

-	case NID_pkcs7_signed:

-		if (p7->d.sign->contents != NULL)

-			PKCS7_free(p7->d.sign->contents);

-		p7->d.sign->contents=p7_data;

-		break;

-	case NID_pkcs7_digest:

-		if (p7->d.digest->contents != NULL)

-			PKCS7_free(p7->d.digest->contents);

-		p7->d.digest->contents=p7_data;

-		break;

-	case NID_pkcs7_data:

-	case NID_pkcs7_enveloped:

-	case NID_pkcs7_signedAndEnveloped:

-	case NID_pkcs7_encrypted:

-	default:

-		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);

-		goto err;

-		}

-	return(1);

-err:

-	return(0);

-	}

-int PKCS7_set_type(PKCS7 *p7, int type)

-	{

-	ASN1_OBJECT *obj;

-	/*PKCS7_content_free(p7);*/

-	obj=OBJ_nid2obj(type); /* will not fail */

-	switch (type)

-		{

-	case NID_pkcs7_signed:

-		p7->type=obj;

-		if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)

-			goto err;

-		if (!ASN1_INTEGER_set(p7->d.sign->version,1))

-			{

-			PKCS7_SIGNED_free(p7->d.sign);

-			p7->d.sign=NULL;

-			goto err;

-			}

-		break;

-	case NID_pkcs7_data:

-		p7->type=obj;

-		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)

-			goto err;

-		break;

-	case NID_pkcs7_signedAndEnveloped:

-		p7->type=obj;

-		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())

-			== NULL) goto err;

-		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);

-		if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))

-			goto err;

-		p7->d.signed_and_enveloped->enc_data->content_type

-						= OBJ_nid2obj(NID_pkcs7_data);

-		break;

-	case NID_pkcs7_enveloped:

-		p7->type=obj;

-		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())

-			== NULL) goto err;

-		if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))

-			goto err;

-		p7->d.enveloped->enc_data->content_type

-						= OBJ_nid2obj(NID_pkcs7_data);

-		break;

-	case NID_pkcs7_encrypted:

-		p7->type=obj;

-		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())

-			== NULL) goto err;

-		if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))

-			goto err;

-		p7->d.encrypted->enc_data->content_type

-						= OBJ_nid2obj(NID_pkcs7_data);

-		break;

-	case NID_pkcs7_digest:

-		p7->type=obj;

-		if ((p7->d.digest=PKCS7_DIGEST_new())

-			== NULL) goto err;

-		if (!ASN1_INTEGER_set(p7->d.digest->version,0))

-			goto err;

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);

-		goto err;

-		}

-	return(1);

-err:

-	return(0);

-	}

-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)

-	{

-	p7->type = OBJ_nid2obj(type);

-	p7->d.other = other;

-	return 1;

-	}

-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)

-	{

-	int i,j,nid;

-	X509_ALGOR *alg;

-	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;

-	STACK_OF(X509_ALGOR) *md_sk;

-	i=OBJ_obj2nid(p7->type);

-	switch (i)

-		{

-	case NID_pkcs7_signed:

-		signer_sk=	p7->d.sign->signer_info;

-		md_sk=		p7->d.sign->md_algs;

-		break;

-	case NID_pkcs7_signedAndEnveloped:

-		signer_sk=	p7->d.signed_and_enveloped->signer_info;

-		md_sk=		p7->d.signed_and_enveloped->md_algs;

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);

-		return(0);

-		}

-	nid=OBJ_obj2nid(psi->digest_alg->algorithm);

-	/* If the digest is not currently listed, add it */

-	j=0;

-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)

-		{

-		alg=sk_X509_ALGOR_value(md_sk,i);

-		if (OBJ_obj2nid(alg->algorithm) == nid)

-			{

-			j=1;

-			break;

-			}

-		}

-	if (!j) /* we need to add another algorithm */

-		{

-		if(!(alg=X509_ALGOR_new())

-			|| !(alg->parameter = ASN1_TYPE_new()))

-			{

-			X509_ALGOR_free(alg);

-			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		alg->algorithm=OBJ_nid2obj(nid);

-		alg->parameter->type = V_ASN1_NULL;

-		if (!sk_X509_ALGOR_push(md_sk,alg))

-			{

-			X509_ALGOR_free(alg);

-			return 0;

-			}

-		}

-	if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))

-		return 0;

-	return(1);

-	}

-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)

-	{

-	int i;

-	STACK_OF(X509) **sk;

-	i=OBJ_obj2nid(p7->type);

-	switch (i)

-		{

-	case NID_pkcs7_signed:

-		sk= &(p7->d.sign->cert);

-		break;

-	case NID_pkcs7_signedAndEnveloped:

-		sk= &(p7->d.signed_and_enveloped->cert);

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);

-		return(0);

-		}

-	if (*sk == NULL)

-		*sk=sk_X509_new_null();

-	if (*sk == NULL)

-		{

-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);

-	if (!sk_X509_push(*sk,x509))

-		{

-		X509_free(x509);

-		return 0;

-		}

-	return(1);

-	}

-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)

-	{

-	int i;

-	STACK_OF(X509_CRL) **sk;

-	i=OBJ_obj2nid(p7->type);

-	switch (i)

-		{

-	case NID_pkcs7_signed:

-		sk= &(p7->d.sign->crl);

-		break;

-	case NID_pkcs7_signedAndEnveloped:

-		sk= &(p7->d.signed_and_enveloped->crl);

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);

-		return(0);

-		}

-	if (*sk == NULL)

-		*sk=sk_X509_CRL_new_null();

-	if (*sk == NULL)

-		{

-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);

-	if (!sk_X509_CRL_push(*sk,crl))

-		{

-		X509_CRL_free(crl);

-		return 0;

-		}

-	return(1);

-	}

-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,

-	     const EVP_MD *dgst)

-	{

-	int nid;

-	char is_dsa;

-	if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)

-		is_dsa = 1;

-	else

-		is_dsa = 0;

-	/* We now need to add another PKCS7_SIGNER_INFO entry */

-	if (!ASN1_INTEGER_set(p7i->version,1))

-		goto err;

-	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,

-			X509_get_issuer_name(x509)))

-		goto err;

-	/* because ASN1_INTEGER_set is used to set a 'long' we will do

-	 * things the ugly way. */

-	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);

-	if (!(p7i->issuer_and_serial->serial=

-			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))

-		goto err;

-	/* lets keep the pkey around for a while */

-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);

-	p7i->pkey=pkey;

-	/* Set the algorithms */

-	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);

-	else

-		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));

-	if (p7i->digest_alg->parameter != NULL)

-		ASN1_TYPE_free(p7i->digest_alg->parameter);

-	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)

-		goto err;

-	p7i->digest_alg->parameter->type=V_ASN1_NULL;

-	if (p7i->digest_enc_alg->parameter != NULL)

-		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);

-	nid = EVP_PKEY_type(pkey->type);

-	if (nid == EVP_PKEY_RSA)

-		{

-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);

-		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))

-			goto err;

-		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;

-		}

-	else if (nid == EVP_PKEY_DSA)

-		{

-#if 1

-		/* use 'dsaEncryption' OID for compatibility with other software

-		 * (PKCS #7 v1.5 does specify how to handle DSA) ... */

-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);

-#else

-		/* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)

-		 * would make more sense. */

-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);

-#endif

-		p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */

-		}

-	else if (nid == EVP_PKEY_EC)

-		{

-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);

-		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))

-			goto err;

-		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;

-		}

-	else

-		return(0);

-	return(1);

-err:

-	return(0);

-	}

-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,

-	     const EVP_MD *dgst)

-	{

-	PKCS7_SIGNER_INFO *si;

-	if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;

-	if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;

-	if (!PKCS7_add_signer(p7,si)) goto err;

-	return(si);

-err:

-	PKCS7_SIGNER_INFO_free(si);

-	return(NULL);

-	}

-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)

-	{

-	if (PKCS7_type_is_digest(p7))

-		{

-		if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))

-			{

-			PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		p7->d.digest->md->parameter->type = V_ASN1_NULL;

-		p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));

-		return 1;

-		}

-	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);

-	return 1;

-	}

-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)

-	{

-	if (PKCS7_type_is_signed(p7))

-		{

-		return(p7->d.sign->signer_info);

-		}

-	else if (PKCS7_type_is_signedAndEnveloped(p7))

-		{

-		return(p7->d.signed_and_enveloped->signer_info);

-		}

-	else

-		return(NULL);

-	}

-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)

-	{

-	PKCS7_RECIP_INFO *ri;

-	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;

-	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;

-	if (!PKCS7_add_recipient_info(p7,ri)) goto err;

-	return(ri);

-err:

-	PKCS7_RECIP_INFO_free(ri);

-	return(NULL);

-	}

-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)

-	{

-	int i;

-	STACK_OF(PKCS7_RECIP_INFO) *sk;

-	i=OBJ_obj2nid(p7->type);

-	switch (i)

-		{

-	case NID_pkcs7_signedAndEnveloped:

-		sk=	p7->d.signed_and_enveloped->recipientinfo;

-		break;

-	case NID_pkcs7_enveloped:

-		sk=	p7->d.enveloped->recipientinfo;

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);

-		return(0);

-		}

-	if (!sk_PKCS7_RECIP_INFO_push(sk,ri))

-		return 0;

-	return(1);

-	}

-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)

-	{

-	if (!ASN1_INTEGER_set(p7i->version,0))

-		return 0;

-	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,

-		X509_get_issuer_name(x509)))

-		return 0;

-	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);

-	if (!(p7i->issuer_and_serial->serial=

-		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))

-		return 0;

-	X509_ALGOR_free(p7i->key_enc_algor);

-	if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))

-		return 0;

-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);

-	p7i->cert=x509;

-	return(1);

-	}

-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)

-	{

-	if (PKCS7_type_is_signed(p7))

-		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,

-			si->issuer_and_serial->issuer,

-			si->issuer_and_serial->serial));

-	else

-		return(NULL);

-	}

-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)

-	{

-	int i;

-	ASN1_OBJECT *objtmp;

-	PKCS7_ENC_CONTENT *ec;

-	i=OBJ_obj2nid(p7->type);

-	switch (i)

-		{

-	case NID_pkcs7_signedAndEnveloped:

-		ec=p7->d.signed_and_enveloped->enc_data;

-		break;

-	case NID_pkcs7_enveloped:

-		ec=p7->d.enveloped->enc_data;

-		break;

-	default:

-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);

-		return(0);

-		}

-	/* Check cipher OID exists and has data in it*/

-	i = EVP_CIPHER_type(cipher);

-	if(i == NID_undef) {

-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);

-		return(0);

-	}

-	objtmp = OBJ_nid2obj(i);

-	ec->cipher = cipher;

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_mime.c

+++ /dev/null

@@ -1,773 +1,0 @@

-/* pk7_mime.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include <openssl/x509.h>

-/* MIME and related routines */

-/* MIME format structures

- * Note that all are translated to lower case apart from

- * parameter values. Quotes are stripped off

- */

-typedef struct {

-char *param_name;			/* Param name e.g. "micalg" */

-char *param_value;			/* Param value e.g. "sha1" */

-} MIME_PARAM;

-DECLARE_STACK_OF(MIME_PARAM)

-IMPLEMENT_STACK_OF(MIME_PARAM)

-typedef struct {

-char *name;				/* Name of line e.g. "content-type" */

-char *value;				/* Value of line e.g. "text/plain" */

-STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */

-} MIME_HEADER;

-DECLARE_STACK_OF(MIME_HEADER)

-IMPLEMENT_STACK_OF(MIME_HEADER)

-static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags);

-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);

-static PKCS7 *B64_read_PKCS7(BIO *bio);

-static char * strip_ends(char *name);

-static char * strip_start(char *name);

-static char * strip_end(char *name);

-static MIME_HEADER *mime_hdr_new(char *name, char *value);

-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);

-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);

-static int mime_hdr_cmp(const MIME_HEADER * const *a,

-			const MIME_HEADER * const *b);

-static int mime_param_cmp(const MIME_PARAM * const *a,

-			const MIME_PARAM * const *b);

-static void mime_param_free(MIME_PARAM *param);

-static int mime_bound_check(char *line, int linelen, char *bound, int blen);

-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);

-static int strip_eol(char *linebuf, int *plen);

-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);

-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);

-static void mime_hdr_free(MIME_HEADER *hdr);

-#define MAX_SMLEN 1024

-#define mime_debug(x) /* x */

-/* Base 64 read and write of PKCS#7 structure */

-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)

-{

-	BIO *b64;

-	if(!(b64 = BIO_new(BIO_f_base64()))) {

-		PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	bio = BIO_push(b64, bio);

-	i2d_PKCS7_bio(bio, p7);

-	(void)BIO_flush(bio);

-	bio = BIO_pop(bio);

-	BIO_free(b64);

-	return 1;

-}

-static PKCS7 *B64_read_PKCS7(BIO *bio)

-{

-	BIO *b64;

-	PKCS7 *p7;

-	if(!(b64 = BIO_new(BIO_f_base64()))) {

-		PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	bio = BIO_push(b64, bio);

-	if(!(p7 = d2i_PKCS7_bio(bio, NULL)))

-		PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);

-	(void)BIO_flush(bio);

-	bio = BIO_pop(bio);

-	BIO_free(b64);

-	return p7;

-}

-/* SMIME sender */

-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)

-{

-	char bound[33], c;

-	int i;

-	char *mime_prefix, *mime_eol, *msg_type=NULL;

-	if (flags & PKCS7_NOOLDMIMETYPE)

-		mime_prefix = "application/pkcs7-";

-	else

-		mime_prefix = "application/x-pkcs7-";

-	if (flags & PKCS7_CRLFEOL)

-		mime_eol = "\r\n";

-	else

-		mime_eol = "\n";

-	if((flags & PKCS7_DETACHED) && data) {

-	/* We want multipart/signed */

-		/* Generate a random boundary */

-		RAND_pseudo_bytes((unsigned char *)bound, 32);

-		for(i = 0; i < 32; i++) {

-			c = bound[i] & 0xf;

-			if(c < 10) c += '0';

-			else c += 'A' - 10;

-			bound[i] = c;

-		}

-		bound[32] = 0;

-		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);

-		BIO_printf(bio, "Content-Type: multipart/signed;");

-		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);

-		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",

-						bound, mime_eol, mime_eol);

-		BIO_printf(bio, "This is an S/MIME signed message%s%s",

-						mime_eol, mime_eol);

-		/* Now write out the first part */

-		BIO_printf(bio, "------%s%s", bound, mime_eol);

-		pkcs7_output_data(bio, data, p7, flags);

-		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);

-		/* Headers for signature */

-		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);

-		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);

-		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",

-								mime_eol);

-		BIO_printf(bio, "Content-Disposition: attachment;");

-		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",

-							mime_eol, mime_eol);

-		B64_write_PKCS7(bio, p7);

-		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,

-							mime_eol, mime_eol);

-		return 1;

-	}

-	/* Determine smime-type header */

-	if (PKCS7_type_is_enveloped(p7))

-		msg_type = "enveloped-data";

-	else if (PKCS7_type_is_signed(p7))

-		{

-		/* If we have any signers it is signed-data othewise

-		 * certs-only.

-		 */

-		STACK_OF(PKCS7_SIGNER_INFO) *sinfos;

-		sinfos = PKCS7_get_signer_info(p7);

-		if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)

-			msg_type = "signed-data";

-		else

-			msg_type = "certs-only";

-		}

-	/* MIME headers */

-	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);

-	BIO_printf(bio, "Content-Disposition: attachment;");

-	BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);

-	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);

-	if (msg_type)

-		BIO_printf(bio, " smime-type=%s;", msg_type);

-	BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);

-	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",

-						mime_eol, mime_eol);

-	B64_write_PKCS7(bio, p7);

-	BIO_printf(bio, "%s", mime_eol);

-	return 1;

-}

-/* Handle output of PKCS#7 data */

-static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags)

-	{

-	BIO *tmpbio, *p7bio;

-	if (!(flags & PKCS7_STREAM))

-		{

-		SMIME_crlf_copy(data, out, flags);

-		return 1;

-		}

-	/* Partial sign operation */

-	/* Initialize sign operation */

-	p7bio = PKCS7_dataInit(p7, out);

-	/* Copy data across, computing digests etc */

-	SMIME_crlf_copy(data, p7bio, flags);

-	/* Must be detached */

-	PKCS7_set_detached(p7, 1);

-	/* Finalize signatures */

-	PKCS7_dataFinal(p7, p7bio);

-	/* Now remove any digests prepended to the BIO */

-	while (p7bio != out)

-		{

-		tmpbio = BIO_pop(p7bio);

-		BIO_free(p7bio);

-		p7bio = tmpbio;

-		}

-	return 1;

-	}

-/* SMIME reader: handle multipart/signed and opaque signing.

- * in multipart case the content is placed in a memory BIO

- * pointed to by "bcont". In opaque this is set to NULL

- */

-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)

-{

-	BIO *p7in;

-	STACK_OF(MIME_HEADER) *headers = NULL;

-	STACK_OF(BIO) *parts = NULL;

-	MIME_HEADER *hdr;

-	MIME_PARAM *prm;

-	PKCS7 *p7;

-	int ret;

-	if(bcont) *bcont = NULL;

-	if (!(headers = mime_parse_hdr(bio))) {

-		PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);

-		return NULL;

-	}

-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {

-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-		PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);

-		return NULL;

-	}

-	/* Handle multipart/signed */

-	if(!strcmp(hdr->value, "multipart/signed")) {

-		/* Split into two parts */

-		prm = mime_param_find(hdr, "boundary");

-		if(!prm || !prm->param_value) {

-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-			PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);

-			return NULL;

-		}

-		ret = multi_split(bio, prm->param_value, &parts);

-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-		if(!ret || (sk_BIO_num(parts) != 2) ) {

-			PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);

-			sk_BIO_pop_free(parts, BIO_vfree);

-			return NULL;

-		}

-		/* Parse the signature piece */

-		p7in = sk_BIO_value(parts, 1);

-		if (!(headers = mime_parse_hdr(p7in))) {

-			PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);

-			sk_BIO_pop_free(parts, BIO_vfree);

-			return NULL;

-		}

-		/* Get content type */

-		if(!(hdr = mime_hdr_find(headers, "content-type")) ||

-								 !hdr->value) {

-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-			PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);

-			return NULL;

-		}

-		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&

-			strcmp(hdr->value, "application/pkcs7-signature")) {

-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-			PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);

-			ERR_add_error_data(2, "type: ", hdr->value);

-			sk_BIO_pop_free(parts, BIO_vfree);

-			return NULL;

-		}

-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-		/* Read in PKCS#7 */

-		if(!(p7 = B64_read_PKCS7(p7in))) {

-			PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);

-			sk_BIO_pop_free(parts, BIO_vfree);

-			return NULL;

-		}

-		if(bcont) {

-			*bcont = sk_BIO_value(parts, 0);

-			BIO_free(p7in);

-			sk_BIO_free(parts);

-		} else sk_BIO_pop_free(parts, BIO_vfree);

-		return p7;

-	}

-	/* OK, if not multipart/signed try opaque signature */

-	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&

-	    strcmp (hdr->value, "application/pkcs7-mime")) {

-		PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);

-		ERR_add_error_data(2, "type: ", hdr->value);

-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-		return NULL;

-	}

-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-	if(!(p7 = B64_read_PKCS7(bio))) {

-		PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);

-		return NULL;

-	}

-	return p7;

-}

-/* Copy text from one BIO to another making the output CRLF at EOL */

-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)

-{

-	char eol;

-	int len;

-	char linebuf[MAX_SMLEN];

-	if(flags & PKCS7_BINARY) {

-		while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)

-						BIO_write(out, linebuf, len);

-		return 1;

-	}

-	if(flags & PKCS7_TEXT)

-		BIO_printf(out, "Content-Type: text/plain\r\n\r\n");

-	while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {

-		eol = strip_eol(linebuf, &len);

-		if (len)

-			BIO_write(out, linebuf, len);

-		if(eol) BIO_write(out, "\r\n", 2);

-	}

-	return 1;

-}

-/* Strip off headers if they are text/plain */

-int SMIME_text(BIO *in, BIO *out)

-{

-	char iobuf[4096];

-	int len;

-	STACK_OF(MIME_HEADER) *headers;

-	MIME_HEADER *hdr;

-	if (!(headers = mime_parse_hdr(in))) {

-		PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);

-		return 0;

-	}

-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {

-		PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);

-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-		return 0;

-	}

-	if (strcmp (hdr->value, "text/plain")) {

-		PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);

-		ERR_add_error_data(2, "type: ", hdr->value);

-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-		return 0;

-	}

-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);

-	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)

-						BIO_write(out, iobuf, len);

-	return 1;

-}

-/* Split a multipart/XXX message body into component parts: result is

- * canonical parts in a STACK of bios

- */

-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)

-{

-	char linebuf[MAX_SMLEN];

-	int len, blen;

-	int eol = 0, next_eol = 0;

-	BIO *bpart = NULL;

-	STACK_OF(BIO) *parts;

-	char state, part, first;

-	blen = strlen(bound);

-	part = 0;

-	state = 0;

-	first = 1;

-	parts = sk_BIO_new_null();

-	*ret = parts;

-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {

-		state = mime_bound_check(linebuf, len, bound, blen);

-		if(state == 1) {

-			first = 1;

-			part++;

-		} else if(state == 2) {

-			sk_BIO_push(parts, bpart);

-			return 1;

-		} else if(part) {

-			/* Strip CR+LF from linebuf */

-			next_eol = strip_eol(linebuf, &len);

-			if(first) {

-				first = 0;

-				if(bpart) sk_BIO_push(parts, bpart);

-				bpart = BIO_new(BIO_s_mem());

-				BIO_set_mem_eof_return(bpart, 0);

-			} else if (eol)

-				BIO_write(bpart, "\r\n", 2);

-			eol = next_eol;

-			if (len)

-				BIO_write(bpart, linebuf, len);

-		}

-	}

-	return 0;

-}

-/* This is the big one: parse MIME header lines up to message body */

-#define MIME_INVALID	0

-#define MIME_START	1

-#define MIME_TYPE	2

-#define MIME_NAME	3

-#define MIME_VALUE	4

-#define MIME_QUOTE	5

-#define MIME_COMMENT	6

-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)

-{

-	char *p, *q, c;

-	char *ntmp;

-	char linebuf[MAX_SMLEN];

-	MIME_HEADER *mhdr = NULL;

-	STACK_OF(MIME_HEADER) *headers;

-	int len, state, save_state = 0;

-	headers = sk_MIME_HEADER_new(mime_hdr_cmp);

-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {

-	/* If whitespace at line start then continuation line */

-	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;

-	else state = MIME_START;

-	ntmp = NULL;

-	/* Go through all characters */

-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {

-	/* State machine to handle MIME headers

-	 * if this looks horrible that's because it *is*

-         */

-		switch(state) {

-			case MIME_START:

-			if(c == ':') {

-				state = MIME_TYPE;

-				*p = 0;

-				ntmp = strip_ends(q);

-				q = p + 1;

-			}

-			break;

-			case MIME_TYPE:

-			if(c == ';') {

-				mime_debug("Found End Value\n");

-				*p = 0;

-				mhdr = mime_hdr_new(ntmp, strip_ends(q));

-				sk_MIME_HEADER_push(headers, mhdr);

-				ntmp = NULL;

-				q = p + 1;

-				state = MIME_NAME;

-			} else if(c == '(') {

-				save_state = state;

-				state = MIME_COMMENT;

-			}

-			break;

-			case MIME_COMMENT:

-			if(c == ')') {

-				state = save_state;

-			}

-			break;

-			case MIME_NAME:

-			if(c == '=') {

-				state = MIME_VALUE;

-				*p = 0;

-				ntmp = strip_ends(q);

-				q = p + 1;

-			}

-			break ;

-			case MIME_VALUE:

-			if(c == ';') {

-				state = MIME_NAME;

-				*p = 0;

-				mime_hdr_addparam(mhdr, ntmp, strip_ends(q));

-				ntmp = NULL;

-				q = p + 1;

-			} else if (c == '"') {

-				mime_debug("Found Quote\n");

-				state = MIME_QUOTE;

-			} else if(c == '(') {

-				save_state = state;

-				state = MIME_COMMENT;

-			}

-			break;

-			case MIME_QUOTE:

-			if(c == '"') {

-				mime_debug("Found Match Quote\n");

-				state = MIME_VALUE;

-			}

-			break;

-		}

-	}

-	if(state == MIME_TYPE) {

-		mhdr = mime_hdr_new(ntmp, strip_ends(q));

-		sk_MIME_HEADER_push(headers, mhdr);

-	} else if(state == MIME_VALUE)

-			 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));

-	if(p == linebuf) break;	/* Blank line means end of headers */

-}

-return headers;

-}

-static char *strip_ends(char *name)

-{

-	return strip_end(strip_start(name));

-}

-/* Strip a parameter of whitespace from start of param */

-static char *strip_start(char *name)

-{

-	char *p, c;

-	/* Look for first non white space or quote */

-	for(p = name; (c = *p) ;p++) {

-		if(c == '"') {

-			/* Next char is start of string if non null */

-			if(p[1]) return p + 1;

-			/* Else null string */

-			return NULL;

-		}

-		if(!isspace((unsigned char)c)) return p;

-	}

-	return NULL;

-}

-/* As above but strip from end of string : maybe should handle brackets? */

-static char *strip_end(char *name)

-{

-	char *p, c;

-	if(!name) return NULL;

-	/* Look for first non white space or quote */

-	for(p = name + strlen(name) - 1; p >= name ;p--) {

-		c = *p;

-		if(c == '"') {

-			if(p - 1 == name) return NULL;

-			*p = 0;

-			return name;

-		}

-		if(isspace((unsigned char)c)) *p = 0;

-		else return name;

-	}

-	return NULL;

-}

-static MIME_HEADER *mime_hdr_new(char *name, char *value)

-{

-	MIME_HEADER *mhdr;

-	char *tmpname, *tmpval, *p;

-	int c;

-	if(name) {

-		if(!(tmpname = BUF_strdup(name))) return NULL;

-		for(p = tmpname ; *p; p++) {

-			c = *p;

-			if(isupper(c)) {

-				c = tolower(c);

-				*p = c;

-			}

-		}

-	} else tmpname = NULL;

-	if(value) {

-		if(!(tmpval = BUF_strdup(value))) return NULL;

-		for(p = tmpval ; *p; p++) {

-			c = *p;

-			if(isupper(c)) {

-				c = tolower(c);

-				*p = c;

-			}

-		}

-	} else tmpval = NULL;

-	mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));

-	if(!mhdr) return NULL;

-	mhdr->name = tmpname;

-	mhdr->value = tmpval;

-	if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;

-	return mhdr;

-}

-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)

-{

-	char *tmpname, *tmpval, *p;

-	int c;

-	MIME_PARAM *mparam;

-	if(name) {

-		tmpname = BUF_strdup(name);

-		if(!tmpname) return 0;

-		for(p = tmpname ; *p; p++) {

-			c = *p;

-			if(isupper(c)) {

-				c = tolower(c);

-				*p = c;

-			}

-		}

-	} else tmpname = NULL;

-	if(value) {

-		tmpval = BUF_strdup(value);

-		if(!tmpval) return 0;

-	} else tmpval = NULL;

-	/* Parameter values are case sensitive so leave as is */

-	mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));

-	if(!mparam) return 0;

-	mparam->param_name = tmpname;

-	mparam->param_value = tmpval;

-	sk_MIME_PARAM_push(mhdr->params, mparam);

-	return 1;

-}

-static int mime_hdr_cmp(const MIME_HEADER * const *a,

-			const MIME_HEADER * const *b)

-{

-	return(strcmp((*a)->name, (*b)->name));

-}

-static int mime_param_cmp(const MIME_PARAM * const *a,

-			const MIME_PARAM * const *b)

-{

-	return(strcmp((*a)->param_name, (*b)->param_name));

-}

-/* Find a header with a given name (if possible) */

-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)

-{

-	MIME_HEADER htmp;

-	int idx;

-	htmp.name = name;

-	idx = sk_MIME_HEADER_find(hdrs, &htmp);

-	if(idx < 0) return NULL;

-	return sk_MIME_HEADER_value(hdrs, idx);

-}

-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)

-{

-	MIME_PARAM param;

-	int idx;

-	param.param_name = name;

-	idx = sk_MIME_PARAM_find(hdr->params, &param);

-	if(idx < 0) return NULL;

-	return sk_MIME_PARAM_value(hdr->params, idx);

-}

-static void mime_hdr_free(MIME_HEADER *hdr)

-{

-	if(hdr->name) OPENSSL_free(hdr->name);

-	if(hdr->value) OPENSSL_free(hdr->value);

-	if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);

-	OPENSSL_free(hdr);

-}

-static void mime_param_free(MIME_PARAM *param)

-{

-	if(param->param_name) OPENSSL_free(param->param_name);

-	if(param->param_value) OPENSSL_free(param->param_value);

-	OPENSSL_free(param);

-}

-/* Check for a multipart boundary. Returns:

- * 0 : no boundary

- * 1 : part boundary

- * 2 : final boundary

- */

-static int mime_bound_check(char *line, int linelen, char *bound, int blen)

-{

-	if(linelen == -1) linelen = strlen(line);

-	if(blen == -1) blen = strlen(bound);

-	/* Quickly eliminate if line length too short */

-	if(blen + 2 > linelen) return 0;

-	/* Check for part boundary */

-	if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {

-		if(!strncmp(line + blen + 2, "--", 2)) return 2;

-		else return 1;

-	}

-	return 0;

-}

-static int strip_eol(char *linebuf, int *plen)

-	{

-	int len = *plen;

-	char *p, c;

-	int is_eol = 0;

-	p = linebuf + len - 1;

-	for (p = linebuf + len - 1; len > 0; len--, p--)

-		{

-		c = *p;

-		if (c == '\n')

-			is_eol = 1;

-		else if (c != '\r')

-			break;

-		}

-	*plen = len;

-	return is_eol;

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pk7_smime.c

+++ /dev/null

@@ -1,500 +1,0 @@

-/* pk7_smime.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Simple PKCS#7 processing functions */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,

-		  BIO *data, int flags)

-{

-	PKCS7 *p7 = NULL;

-	PKCS7_SIGNER_INFO *si;

-	BIO *p7bio = NULL;

-	STACK_OF(X509_ALGOR) *smcap = NULL;

-	int i;

-	if(!X509_check_private_key(signcert, pkey)) {

-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

-                return NULL;

-	}

-	if(!(p7 = PKCS7_new())) {

-		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if (!PKCS7_set_type(p7, NID_pkcs7_signed))

-		goto err;

-	if (!PKCS7_content_new(p7, NID_pkcs7_data))

-		goto err;

-	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {

-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);

-		goto err;

-	}

-	if(!(flags & PKCS7_NOCERTS)) {

-		if (!PKCS7_add_certificate(p7, signcert))

-			goto err;

-		if(certs) for(i = 0; i < sk_X509_num(certs); i++)

-			if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))

-				goto err;

-	}

-	if(!(flags & PKCS7_NOATTR)) {

-		if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,

-				V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))

-			goto err;

-		/* Add SMIMECapabilities */

-		if(!(flags & PKCS7_NOSMIMECAP))

-		{

-		if(!(smcap = sk_X509_ALGOR_new_null())) {

-			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-#ifndef OPENSSL_NO_DES

-		if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))

-			goto err;

-#endif

-#ifndef OPENSSL_NO_RC2

-		if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))

-			goto err;

-		if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))

-			goto err;

-#endif

-#ifndef OPENSSL_NO_DES

-		if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))

-			goto err;

-#endif

-#ifndef OPENSSL_NO_RC2

-		if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))

-			goto err;

-#endif

-		if (!PKCS7_add_attrib_smimecap (si, smcap))

-			goto err;

-		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);

-		smcap = NULL;

-		}

-	}

-	if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);

-	if (flags & PKCS7_STREAM)

-		return p7;

-	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {

-		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	SMIME_crlf_copy(data, p7bio, flags);

-	if (!PKCS7_dataFinal(p7,p7bio)) {

-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);

-		goto err;

-	}

-	BIO_free_all(p7bio);

-	return p7;

-err:

-	sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);

-	BIO_free_all(p7bio);

-	PKCS7_free(p7);

-	return NULL;

-}

-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,

-					BIO *indata, BIO *out, int flags)

-{

-	STACK_OF(X509) *signers;

-	X509 *signer;

-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;

-	PKCS7_SIGNER_INFO *si;

-	X509_STORE_CTX cert_ctx;

-	char buf[4096];

-	int i, j=0, k, ret = 0;

-	BIO *p7bio;

-	BIO *tmpin, *tmpout;

-	if(!p7) {

-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);

-		return 0;

-	}

-	if(!PKCS7_type_is_signed(p7)) {

-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);

-		return 0;

-	}

-	/* Check for no data and no content: no data to verify signature */

-	if(PKCS7_get_detached(p7) && !indata) {

-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);

-		return 0;

-	}

-#if 0

-	/* NB: this test commented out because some versions of Netscape

-	 * illegally include zero length content when signing data.

-	 */

-	/* Check for data and content: two sets of data */

-	if(!PKCS7_get_detached(p7) && indata) {

-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);

-		return 0;

-	}

-#endif

-	sinfos = PKCS7_get_signer_info(p7);

-	if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {

-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);

-		return 0;

-	}

-	signers = PKCS7_get0_signers(p7, certs, flags);

-	if(!signers) return 0;

-	/* Now verify the certificates */

-	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {

-		signer = sk_X509_value (signers, k);

-		if (!(flags & PKCS7_NOCHAIN)) {

-			if(!X509_STORE_CTX_init(&cert_ctx, store, signer,

-							p7->d.sign->cert))

-				{

-				PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);

-				sk_X509_free(signers);

-				return 0;

-				}

-			X509_STORE_CTX_set_purpose(&cert_ctx,

-						X509_PURPOSE_SMIME_SIGN);

-		} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {

-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);

-			sk_X509_free(signers);

-			return 0;

-		}

-		if (!(flags & PKCS7_NOCRL))

-			X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);

-		i = X509_verify_cert(&cert_ctx);

-		if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);

-		X509_STORE_CTX_cleanup(&cert_ctx);

-		if (i <= 0) {

-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);

-			ERR_add_error_data(2, "Verify error:",

-					 X509_verify_cert_error_string(j));

-			sk_X509_free(signers);

-			return 0;

-		}

-		/* Check for revocation status here */

-	}

-	/* Performance optimization: if the content is a memory BIO then

-	 * store its contents in a temporary read only memory BIO. This

-	 * avoids potentially large numbers of slow copies of data which will

-	 * occur when reading from a read write memory BIO when signatures

-	 * are calculated.

-	 */

-	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))

-		{

-		char *ptr;

-		long len;

-		len = BIO_get_mem_data(indata, &ptr);

-		tmpin = BIO_new_mem_buf(ptr, len);

-		if (tmpin == NULL)

-			{

-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		}

-	else

-		tmpin = indata;

-	if (!(p7bio=PKCS7_dataInit(p7,tmpin)))

-		goto err;

-	if(flags & PKCS7_TEXT) {

-		if(!(tmpout = BIO_new(BIO_s_mem()))) {

-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-	} else tmpout = out;

-	/* We now have to 'read' from p7bio to calculate digests etc. */

-	for (;;)

-	{

-		i=BIO_read(p7bio,buf,sizeof(buf));

-		if (i <= 0) break;

-		if (tmpout) BIO_write(tmpout, buf, i);

-	}

-	if(flags & PKCS7_TEXT) {

-		if(!SMIME_text(tmpout, out)) {

-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);

-			BIO_free(tmpout);

-			goto err;

-		}

-		BIO_free(tmpout);

-	}

-	/* Now Verify All Signatures */

-	if (!(flags & PKCS7_NOSIGS))

-	    for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)

-		{

-		si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);

-		signer = sk_X509_value (signers, i);

-		j=PKCS7_signatureVerify(p7bio,p7,si, signer);

-		if (j <= 0) {

-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);

-			goto err;

-		}

-	}

-	ret = 1;

-	err:

-	if (tmpin == indata)

-		{

-		if (indata) BIO_pop(p7bio);

-		}

-	BIO_free_all(p7bio);

-	sk_X509_free(signers);

-	return ret;

-}

-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)

-{

-	STACK_OF(X509) *signers;

-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;

-	PKCS7_SIGNER_INFO *si;

-	PKCS7_ISSUER_AND_SERIAL *ias;

-	X509 *signer;

-	int i;

-	if(!p7) {

-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);

-		return NULL;

-	}

-	if(!PKCS7_type_is_signed(p7)) {

-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);

-		return NULL;

-	}

-	/* Collect all the signers together */

-	sinfos = PKCS7_get_signer_info(p7);

-	if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {

-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);

-		return NULL;

-	}

-	if(!(signers = sk_X509_new_null())) {

-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)

-	{

-	    si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);

-	    ias = si->issuer_and_serial;

-	    signer = NULL;

-		/* If any certificates passed they take priority */

-	    if (certs) signer = X509_find_by_issuer_and_serial (certs,

-					 	ias->issuer, ias->serial);

-	    if (!signer && !(flags & PKCS7_NOINTERN)

-			&& p7->d.sign->cert) signer =

-		              X509_find_by_issuer_and_serial (p7->d.sign->cert,

-					      	ias->issuer, ias->serial);

-	    if (!signer) {

-			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);

-			sk_X509_free(signers);

-			return NULL;

-	    }

-	    if (!sk_X509_push(signers, signer)) {

-			sk_X509_free(signers);

-			return NULL;

-	    }

-	}

-	return signers;

-}

-/* Build a complete PKCS#7 enveloped data */

-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,

-								int flags)

-{

-	PKCS7 *p7;

-	BIO *p7bio = NULL;

-	int i;

-	X509 *x509;

-	if(!(p7 = PKCS7_new())) {

-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))

-		goto err;

-	if(!PKCS7_set_cipher(p7, cipher)) {

-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);

-		goto err;

-	}

-	for(i = 0; i < sk_X509_num(certs); i++) {

-		x509 = sk_X509_value(certs, i);

-		if(!PKCS7_add_recipient(p7, x509)) {

-			PKCS7err(PKCS7_F_PKCS7_ENCRYPT,

-					PKCS7_R_ERROR_ADDING_RECIPIENT);

-			goto err;

-		}

-	}

-	if(!(p7bio = PKCS7_dataInit(p7, NULL))) {

-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	SMIME_crlf_copy(in, p7bio, flags);

-	(void)BIO_flush(p7bio);

-        if (!PKCS7_dataFinal(p7,p7bio)) {

-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);

-		goto err;

-	}

-        BIO_free_all(p7bio);

-	return p7;

-	err:

-	BIO_free_all(p7bio);

-	PKCS7_free(p7);

-	return NULL;

-}

-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)

-{

-	BIO *tmpmem;

-	int ret, i;

-	char buf[4096];

-	if(!p7) {

-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);

-		return 0;

-	}

-	if(!PKCS7_type_is_enveloped(p7)) {

-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);

-		return 0;

-	}

-	if(cert && !X509_check_private_key(cert, pkey)) {

-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,

-				PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

-		return 0;

-	}

-	if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {

-		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);

-		return 0;

-	}

-	if (flags & PKCS7_TEXT) {

-		BIO *tmpbuf, *bread;

-		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */

-		if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {

-			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);

-			BIO_free_all(tmpmem);

-			return 0;

-		}

-		if(!(bread = BIO_push(tmpbuf, tmpmem))) {

-			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);

-			BIO_free_all(tmpbuf);

-			BIO_free_all(tmpmem);

-			return 0;

-		}

-		ret = SMIME_text(bread, data);

-		BIO_free_all(bread);

-		return ret;

-	} else {

-		for(;;) {

-			i = BIO_read(tmpmem, buf, sizeof(buf));

-			if(i <= 0) break;

-			BIO_write(data, buf, i);

-		}

-		BIO_free_all(tmpmem);

-		return 1;

-	}

-}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pkcs7.h

+++ /dev/null

@@ -1,464 +1,0 @@

-/* crypto/pkcs7/pkcs7.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_PKCS7_H

-#define HEADER_PKCS7_H

-#include <openssl/asn1.h>

-#include <openssl/bio.h>

-#include <openssl/e_os2.h>

-#include <openssl/symhacks.h>

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_SYS_WIN32

-/* Under Win32 thes are defined in wincrypt.h */

-#undef PKCS7_ISSUER_AND_SERIAL

-#undef PKCS7_SIGNER_INFO

-#endif

-/*

-Encryption_ID		DES-CBC

-Digest_ID		MD5

-Digest_Encryption_ID	rsaEncryption

-Key_Encryption_ID	rsaEncryption

-*/

-typedef struct pkcs7_issuer_and_serial_st

-	{

-	X509_NAME *issuer;

-	ASN1_INTEGER *serial;

-	} PKCS7_ISSUER_AND_SERIAL;

-typedef struct pkcs7_signer_info_st

-	{

-	ASN1_INTEGER 			*version;	/* version 1 */

-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;

-	X509_ALGOR			*digest_alg;

-	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */

-	X509_ALGOR			*digest_enc_alg;

-	ASN1_OCTET_STRING		*enc_digest;

-	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */

-	/* The private key to sign with */

-	EVP_PKEY			*pkey;

-	} PKCS7_SIGNER_INFO;

-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)

-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)

-typedef struct pkcs7_recip_info_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;

-	X509_ALGOR			*key_enc_algor;

-	ASN1_OCTET_STRING		*enc_key;

-	X509				*cert; /* get the pub-key from this */

-	} PKCS7_RECIP_INFO;

-DECLARE_STACK_OF(PKCS7_RECIP_INFO)

-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)

-typedef struct pkcs7_signed_st

-	{

-	ASN1_INTEGER			*version;	/* version 1 */

-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */

-	STACK_OF(X509)			*cert;		/* [ 0 ] */

-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */

-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;

-	struct pkcs7_st			*contents;

-	} PKCS7_SIGNED;

-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.

- * How about merging the two */

-typedef struct pkcs7_enc_content_st

-	{

-	ASN1_OBJECT			*content_type;

-	X509_ALGOR			*algorithm;

-	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */

-	const EVP_CIPHER		*cipher;

-	} PKCS7_ENC_CONTENT;

-typedef struct pkcs7_enveloped_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;

-	PKCS7_ENC_CONTENT		*enc_data;

-	} PKCS7_ENVELOPE;

-typedef struct pkcs7_signedandenveloped_st

-	{

-	ASN1_INTEGER			*version;	/* version 1 */

-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */

-	STACK_OF(X509)			*cert;		/* [ 0 ] */

-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */

-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;

-	PKCS7_ENC_CONTENT		*enc_data;

-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;

-	} PKCS7_SIGN_ENVELOPE;

-typedef struct pkcs7_digest_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	X509_ALGOR			*md;		/* md used */

-	struct pkcs7_st 		*contents;

-	ASN1_OCTET_STRING		*digest;

-	} PKCS7_DIGEST;

-typedef struct pkcs7_encrypted_st

-	{

-	ASN1_INTEGER			*version;	/* version 0 */

-	PKCS7_ENC_CONTENT		*enc_data;

-	} PKCS7_ENCRYPT;

-typedef struct pkcs7_st

-	{

-	/* The following is non NULL if it contains ASN1 encoding of

-	 * this structure */

-	unsigned char *asn1;

-	long length;

-#define PKCS7_S_HEADER	0

-#define PKCS7_S_BODY	1

-#define PKCS7_S_TAIL	2

-	int state; /* used during processing */

-	int detached;

-	ASN1_OBJECT *type;

-	/* content as defined by the type */

-	/* all encryption/message digests are applied to the 'contents',

-	 * leaving out the 'type' field. */

-	union	{

-		char *ptr;

-		/* NID_pkcs7_data */

-		ASN1_OCTET_STRING *data;

-		/* NID_pkcs7_signed */

-		PKCS7_SIGNED *sign;

-		/* NID_pkcs7_enveloped */

-		PKCS7_ENVELOPE *enveloped;

-		/* NID_pkcs7_signedAndEnveloped */

-		PKCS7_SIGN_ENVELOPE *signed_and_enveloped;

-		/* NID_pkcs7_digest */

-		PKCS7_DIGEST *digest;

-		/* NID_pkcs7_encrypted */

-		PKCS7_ENCRYPT *encrypted;

-		/* Anything else */

-		ASN1_TYPE *other;

-		} d;

-	} PKCS7;

-DECLARE_STACK_OF(PKCS7)

-DECLARE_ASN1_SET_OF(PKCS7)

-DECLARE_PKCS12_STACK_OF(PKCS7)

-#define PKCS7_OP_SET_DETACHED_SIGNATURE	1

-#define PKCS7_OP_GET_DETACHED_SIGNATURE	2

-#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)

-#define PKCS7_get_attributes(si)	((si)->unauth_attr)

-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)

-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)

-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)

-#define PKCS7_type_is_signedAndEnveloped(a) \

-		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)

-#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)

-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)

-#define PKCS7_set_detached(p,v) \

-		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)

-#define PKCS7_get_detached(p) \

-		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)

-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))

-#ifdef SSLEAY_MACROS

-#ifndef PKCS7_ISSUER_AND_SERIAL_digest

-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \

-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\

-	                (char *)data,md,len)

-#endif

-#endif

-/* S/MIME related flags */

-#define PKCS7_TEXT		0x1

-#define PKCS7_NOCERTS		0x2

-#define PKCS7_NOSIGS		0x4

-#define PKCS7_NOCHAIN		0x8

-#define PKCS7_NOINTERN		0x10

-#define PKCS7_NOVERIFY		0x20

-#define PKCS7_DETACHED		0x40

-#define PKCS7_BINARY		0x80

-#define PKCS7_NOATTR		0x100

-#define	PKCS7_NOSMIMECAP	0x200

-#define PKCS7_NOOLDMIMETYPE	0x400

-#define PKCS7_CRLFEOL		0x800

-#define PKCS7_STREAM		0x1000

-#define PKCS7_NOCRL		0x2000

-/* Flags: for compatibility with older code */

-#define SMIME_TEXT	PKCS7_TEXT

-#define SMIME_NOCERTS	PKCS7_NOCERTS

-#define SMIME_NOSIGS	PKCS7_NOSIGS

-#define SMIME_NOCHAIN	PKCS7_NOCHAIN

-#define SMIME_NOINTERN	PKCS7_NOINTERN

-#define SMIME_NOVERIFY	PKCS7_NOVERIFY

-#define SMIME_DETACHED	PKCS7_DETACHED

-#define SMIME_BINARY	PKCS7_BINARY

-#define SMIME_NOATTR	PKCS7_NOATTR

-DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)

-#ifndef SSLEAY_MACROS

-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,

-	unsigned char *md,unsigned int *len);

-#ifndef OPENSSL_NO_FP_API

-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);

-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);

-#endif

-PKCS7 *PKCS7_dup(PKCS7 *p7);

-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);

-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);

-#endif

-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)

-DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)

-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)

-DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)

-DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)

-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)

-DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)

-DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)

-DECLARE_ASN1_FUNCTIONS(PKCS7)

-DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)

-DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)

-DECLARE_ASN1_NDEF_FUNCTION(PKCS7)

-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);

-int PKCS7_set_type(PKCS7 *p7, int type);

-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);

-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);

-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,

-	const EVP_MD *dgst);

-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);

-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);

-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);

-int PKCS7_content_new(PKCS7 *p7, int nid);

-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,

-	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);

-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,

-								X509 *x509);

-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);

-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);

-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);

-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,

-	EVP_PKEY *pkey, const EVP_MD *dgst);

-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);

-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);

-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);

-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);

-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);

-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);

-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);

-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);

-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);

-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,

-	void *data);

-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,

-	void *value);

-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);

-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);

-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,

-				STACK_OF(X509_ATTRIBUTE) *sk);

-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);

-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,

-							BIO *data, int flags);

-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,

-					BIO *indata, BIO *out, int flags);

-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);

-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,

-								int flags);

-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);

-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,

-			      STACK_OF(X509_ALGOR) *cap);

-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);

-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);

-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);

-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);

-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);

-int SMIME_text(BIO *in, BIO *out);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_PKCS7_strings(void);

-/* Error codes for the PKCS7 functions. */

-/* Function codes. */

-#define PKCS7_F_B64_READ_PKCS7				 120

-#define PKCS7_F_B64_WRITE_PKCS7				 121

-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP		 118

-#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100

-#define PKCS7_F_PKCS7_ADD_CRL				 101

-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102

-#define PKCS7_F_PKCS7_ADD_SIGNER			 103

-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST			 125

-#define PKCS7_F_PKCS7_CTRL				 104

-#define PKCS7_F_PKCS7_DATADECODE			 112

-#define PKCS7_F_PKCS7_DATAFINAL				 128

-#define PKCS7_F_PKCS7_DATAINIT				 105

-#define PKCS7_F_PKCS7_DATASIGN				 106

-#define PKCS7_F_PKCS7_DATAVERIFY			 107

-#define PKCS7_F_PKCS7_DECRYPT				 114

-#define PKCS7_F_PKCS7_ENCRYPT				 115

-#define PKCS7_F_PKCS7_FIND_DIGEST			 127

-#define PKCS7_F_PKCS7_GET0_SIGNERS			 124

-#define PKCS7_F_PKCS7_SET_CIPHER			 108

-#define PKCS7_F_PKCS7_SET_CONTENT			 109

-#define PKCS7_F_PKCS7_SET_DIGEST			 126

-#define PKCS7_F_PKCS7_SET_TYPE				 110

-#define PKCS7_F_PKCS7_SIGN				 116

-#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113

-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP			 119

-#define PKCS7_F_PKCS7_VERIFY				 117

-#define PKCS7_F_SMIME_READ_PKCS7			 122

-#define PKCS7_F_SMIME_TEXT				 123

-/* Reason codes. */

-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR		 117

-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 144

-#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116

-#define PKCS7_R_CONTENT_AND_DATA_PRESENT		 118

-#define PKCS7_R_DECODE_ERROR				 130

-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100

-#define PKCS7_R_DECRYPT_ERROR				 119

-#define PKCS7_R_DIGEST_FAILURE				 101

-#define PKCS7_R_ERROR_ADDING_RECIPIENT			 120

-#define PKCS7_R_ERROR_SETTING_CIPHER			 121

-#define PKCS7_R_INVALID_MIME_TYPE			 131

-#define PKCS7_R_INVALID_NULL_POINTER			 143

-#define PKCS7_R_MIME_NO_CONTENT_TYPE			 132

-#define PKCS7_R_MIME_PARSE_ERROR			 133

-#define PKCS7_R_MIME_SIG_PARSE_ERROR			 134

-#define PKCS7_R_MISSING_CERIPEND_INFO			 103

-#define PKCS7_R_NO_CONTENT				 122

-#define PKCS7_R_NO_CONTENT_TYPE				 135

-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE		 136

-#define PKCS7_R_NO_MULTIPART_BOUNDARY			 137

-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115

-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY		 146

-#define PKCS7_R_NO_SIGNATURES_ON_DATA			 123

-#define PKCS7_R_NO_SIGNERS				 142

-#define PKCS7_R_NO_SIG_CONTENT_TYPE			 138

-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104

-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR		 124

-#define PKCS7_R_PKCS7_DATAFINAL				 126

-#define PKCS7_R_PKCS7_DATAFINAL_ERROR			 125

-#define PKCS7_R_PKCS7_DATASIGN				 145

-#define PKCS7_R_PKCS7_PARSE_ERROR			 139

-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR			 140

-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 127

-#define PKCS7_R_SIGNATURE_FAILURE			 105

-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND		 128

-#define PKCS7_R_SIG_INVALID_MIME_TYPE			 141

-#define PKCS7_R_SMIME_TEXT_ERROR			 129

-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106

-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107

-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108

-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109

-#define PKCS7_R_UNKNOWN_OPERATION			 110

-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111

-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112

-#define PKCS7_R_WRONG_CONTENT_TYPE			 113

-#define PKCS7_R_WRONG_PKCS7_TYPE			 114

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/pkcs7err.c

+++ /dev/null

@@ -1,167 +1,0 @@

-/* crypto/pkcs7/pkcs7err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/pkcs7.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)

-static ERR_STRING_DATA PKCS7_str_functs[]=

-	{

-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),	"B64_READ_PKCS7"},

-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),	"B64_WRITE_PKCS7"},

-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),	"PKCS7_add_attrib_smimecap"},

-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),	"PKCS7_add_certificate"},

-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),	"PKCS7_add_crl"},

-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),	"PKCS7_add_recipient_info"},

-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),	"PKCS7_add_signer"},

-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),	"PKCS7_BIO_ADD_DIGEST"},

-{ERR_FUNC(PKCS7_F_PKCS7_CTRL),	"PKCS7_ctrl"},

-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),	"PKCS7_dataDecode"},

-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),	"PKCS7_dataFinal"},

-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),	"PKCS7_dataInit"},

-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),	"PKCS7_DATASIGN"},

-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),	"PKCS7_dataVerify"},

-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),	"PKCS7_decrypt"},

-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),	"PKCS7_encrypt"},

-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),	"PKCS7_FIND_DIGEST"},

-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),	"PKCS7_get0_signers"},

-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),	"PKCS7_set_cipher"},

-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),	"PKCS7_set_content"},

-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),	"PKCS7_set_digest"},

-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),	"PKCS7_set_type"},

-{ERR_FUNC(PKCS7_F_PKCS7_SIGN),	"PKCS7_sign"},

-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),	"PKCS7_signatureVerify"},

-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),	"PKCS7_simple_smimecap"},

-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),	"PKCS7_verify"},

-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),	"SMIME_read_PKCS7"},

-{ERR_FUNC(PKCS7_F_SMIME_TEXT),	"SMIME_text"},

-{0,NULL}

-	};

-static ERR_STRING_DATA PKCS7_str_reasons[]=

-	{

-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},

-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},

-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},

-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},

-{ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},

-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},

-{ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},

-{ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},

-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},

-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},

-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},

-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},

-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},

-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},

-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},

-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},

-{ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},

-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},

-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},

-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},

-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},

-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},

-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},

-{ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},

-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},

-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},

-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},

-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},

-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},

-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},

-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   ,"pkcs7 parse error"},

-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},

-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},

-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},

-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},

-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},

-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},

-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},

-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},

-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},

-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},

-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION)   ,"unknown operation"},

-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},

-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},

-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE)  ,"wrong content type"},

-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE)    ,"wrong pkcs7 type"},

-{0,NULL}

-	};

-#endif

-void ERR_load_PKCS7_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,PKCS7_str_functs);

-		ERR_load_strings(0,PKCS7_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/server.pem

+++ /dev/null

@@ -1,24 +1,0 @@

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)

------BEGIN CERTIFICATE-----

-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD

-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5

-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG

-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl

-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP

-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//

-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW

-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i

-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH

-irObpESxAZLySCmPPg==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu

-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj

-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz

-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b

-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA

-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/sign.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* crypto/pkcs7/sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	X509 *x509;

-	EVP_PKEY *pkey;

-	PKCS7 *p7;

-	PKCS7_SIGNER_INFO *si;

-	BIO *in;

-	BIO *data,*p7bio;

-	char buf[1024*4];

-	int i;

-	int nodetach=0;

-#ifndef OPENSSL_NO_MD2

-	EVP_add_digest(EVP_md2());

-#endif

-#ifndef OPENSSL_NO_MD5

-	EVP_add_digest(EVP_md5());

-#endif

-#ifndef OPENSSL_NO_SHA1

-	EVP_add_digest(EVP_sha1());

-#endif

-#ifndef OPENSSL_NO_MDC2

-	EVP_add_digest(EVP_mdc2());

-#endif

-	data=BIO_new(BIO_s_file());

-again:

-	if (argc > 1)

-		{

-		if (strcmp(argv[1],"-nd") == 0)

-			{

-			nodetach=1;

-			argv++; argc--;

-			goto again;

-			}

-		if (!BIO_read_filename(data,argv[1]))

-			goto err;

-		}

-	else

-		BIO_set_fp(data,stdin,BIO_NOCLOSE);

-	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;

-	if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;

-	BIO_reset(in);

-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;

-	BIO_free(in);

-	p7=PKCS7_new();

-	PKCS7_set_type(p7,NID_pkcs7_signed);

-	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());

-	if (si == NULL) goto err;

-	/* If you do this then you get signing time automatically added */

-	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,

-						OBJ_nid2obj(NID_pkcs7_data));

-	/* we may want to add more */

-	PKCS7_add_certificate(p7,x509);

-	/* Set the content of the signed to 'data' */

-	PKCS7_content_new(p7,NID_pkcs7_data);

-	if (!nodetach)

-		PKCS7_set_detached(p7,1);

-	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;

-	for (;;)

-		{

-		i=BIO_read(data,buf,sizeof(buf));

-		if (i <= 0) break;

-		BIO_write(p7bio,buf,i);

-		}

-	if (!PKCS7_dataFinal(p7,p7bio)) goto err;

-	BIO_free(p7bio);

-	PEM_write_PKCS7(stdout,p7);

-	PKCS7_free(p7);

-	exit(0);

-err:

-	ERR_load_crypto_strings();

-	ERR_print_errors_fp(stderr);

-	exit(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/3des.pem

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN PKCS7-----

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ

-/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw

-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI

-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G

-CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N

-WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA

-oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL

-lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8

-5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/3dess.pem

+++ /dev/null

@@ -1,32 +1,0 @@

------BEGIN PKCS7-----

-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC

-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR

-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv

-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE

-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow

-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu

-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG

-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m

-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh

-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg

-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP

-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds

-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB

-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l

-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB

-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB

-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf

-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s

-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx

-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP

-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ

-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB

-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B

-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG

-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv

-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA

-9CWR6g==

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/c.pem

+++ /dev/null

@@ -1,48 +1,0 @@

-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA

-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/[email protected]

-serial :047D

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1149 (0x47d)

-        Signature Algorithm: md5withRSAEncryption

-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA

-        Validity

-            Not Before: May 13 05:40:58 1998 GMT

-            Not After : May 12 05:40:58 2000 GMT

-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-                Modulus:

-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:

-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:

-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:

-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:

-                    e7:e7:0c:4d:0b

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            Netscape Comment:

-                Generated with SSLeay

-    Signature Algorithm: md5withRSAEncryption

-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:

-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:

-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:

-        50:74:ad:92:cb:4e:90:e5:fa:7d

------BEGIN CERTIFICATE-----

-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV

-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE

-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E

-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw

-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0

-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG

-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf

-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB

-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA

-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8

-4A3ZItobUHStkstOkOX6fQ==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/ff

+++ /dev/null

@@ -1,32 +1,0 @@

------BEGIN PKCS7-----

-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC

-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR

-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv

-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE

-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow

-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu

-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG

-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m

-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh

-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg

-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP

-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds

-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB

-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l

-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB

-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB

-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf

-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s

-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx

-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP

-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ

-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB

-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B

-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG

-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv

-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA

-9CWR6g==

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-e

+++ /dev/null

@@ -1,20 +1,0 @@

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV

-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k

-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y

-wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z

-VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE

-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG

-SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3

-YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx

-2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7

-oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK

-HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J

-eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH

-OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9

-qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD

-bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI

-/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-e.pem

+++ /dev/null

@@ -1,22 +1,0 @@

------BEGIN PKCS7-----

-MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ

-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT

-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ

-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9

-v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw

-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH

-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT

-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW

-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If

-lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD

-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK

-ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4

-L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ

-KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ

-pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF

-BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT

-WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F

-lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj

-5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr

-8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA=

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-enc-01

+++ /dev/null

@@ -1,62 +1,0 @@

-MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0

-IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT

-EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz

-IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ

-KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP

-gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI

-pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm

-STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq

-Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg

-optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx

-Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9

-ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t

-Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y

-M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te

-dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK

-RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO

-wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ

-NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA

-4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie

-0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa

-mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD

-FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR

-3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE

-2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN

-d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565

-JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK

-6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp

-DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5

-hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa

-9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG

-955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx

-QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/

-UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo

-lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9

-Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS

-KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA

-70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda

-KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs

-UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji

-J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd

-8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+

-F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH

-icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8

-1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM

-aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds

-J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE

-CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ

-KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE

-CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA

-hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR

-yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1

-FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4

-16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY

-4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr

-xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG

-gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM

-+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD

-NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA

-AAAAAAAAAAAA

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-enc-01.pem

+++ /dev/null

@@ -1,66 +1,0 @@

------BEGIN PKCS7-----

-MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC

-QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD

-VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB

-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq

-hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q

-VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq

-hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ

-NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W

-iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr

-cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg

-Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT

-bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX

-kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5

-mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/

-GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw

-Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj

-ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv

-WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc

-KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv

-5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o

-3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo

-qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6

-/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j

-JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62

-r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn

-szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr

-xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA

-bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7

-nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW

-7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi

-q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o

-PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w

-yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz

-l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG

-955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4

-UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8

-pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs

-/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6

-4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk

-e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK

-lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9

-09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o

-Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV

-Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a

-sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE

-SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+

-F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu

-WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd

-2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi

-P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+

-XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed

-XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO

-ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf

-APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD

-Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf

-LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl

-Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm

-yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM

-GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/

-rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP

-T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/

-g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04

-3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO

-6RLfsTyyPgJi0GsAAAAA

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-enc-02

+++ /dev/null

@@ -1,90 +1,0 @@

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV

-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k

-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn

-kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn

-rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE

-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG

-SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ

-xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP

-EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW

-PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG

-PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk

-PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl

-XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7

-dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c

-QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr

-cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa

-WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe

-+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy

-rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK

-xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z

-gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA

-SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54

-YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC

-ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB

-OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD

-31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo

-m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0

-PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc

-ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0

-iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa

-BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC

-fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56

-7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut

-eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x

-g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O

-/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj

-yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9

-rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J

-mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs

-8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw

-/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh

-xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU

-V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t

-5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r

-S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB

-DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf

-WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y

-NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi

-LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT

-8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx

-aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP

-Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl

-m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj

-hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U

-p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG

-x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF

-yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT

-7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy

-Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj

-dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L

-yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod

-3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5

-BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs

-hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm

-P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm

-bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj

-9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp

-B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj

-p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA

-2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e

-KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I

-YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz

-2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC

-Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk

-+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM

-6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk

-461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n

-wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q

-w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF

-oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee

-E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD

-XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV

-2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l

-SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF

-cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw

-BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU

-rZgAAAAAAAAAAAAA

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-enc-02.pem

+++ /dev/null

@@ -1,106 +1,0 @@

------BEGIN PKCS7-----

-MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ

-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT

-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ

-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0

-M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw

-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH

-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT

-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW

-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y

-K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz

-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+

-pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3

-RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg

-JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U

-uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y

-tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g

-RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY

-Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH

-UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax

-mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG

-wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM

-GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n

-q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV

-V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF

-zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB

-CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba

-z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc

-au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2

-xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq

-LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9

-OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+

-PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9

-dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B

-l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT

-jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo

-/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP

-Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW

-PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf

-FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn

-yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h

-xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB

-BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+

-LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5

-0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn

-N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV

-UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i

-kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6

-q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD

-1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9

-q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV

-mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM

-VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG

-BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt

-LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5

-bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv

-wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5

-K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv

-b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6

-KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2

-0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl

-SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm

-CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl

-lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N

-WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj

-hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD

-svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy

-KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ

-GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy

-X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa

-IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p

-kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V

-KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/

-6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8

-Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK

-0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v

-ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL

-770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/

-4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p

-8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM

-64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+

-liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX

-I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa

-bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI

-ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0

-yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH

-4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1

-DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ

-qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec

-Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv

-2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4

-OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew

-rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0

-Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw

-aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO

-2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1

-7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T

-RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2

-G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/

-W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3

-r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY

-hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R

-9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0

-YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj

-FK2YAAAAAA==

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-s-a-e

+++ /dev/null

@@ -1,91 +1,0 @@

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV

-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k

-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS

-G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha

-VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE

-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG

-SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0

-f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj

-cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI

-DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf

-ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U

-CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz

-3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY

-cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD

-1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G

-O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO

-P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P

-Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j

-aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0

-okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy

-0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc

-yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi

-Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay

-0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg

-58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO

-whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM

-6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0

-3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U

-PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG

-EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa

-qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF

-ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw

-/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle

-kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD

-KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a

-h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal

-r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0

-qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ

-QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b

-U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE

-PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF

-o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1

-YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA

-+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN

-Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY

-CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV

-OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg

-XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD

-c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J

-TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9

-gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4

-zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD

-JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w

-95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH

-rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah

-fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt

-j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI

-Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm

-hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap

-m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU

-xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/

-/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P

-O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd

-K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI

-LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc

-dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE

-ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV

-H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY

-6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR

-qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ

-MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46

-EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx

-MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP

-EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon

-iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z

-uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++

-Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU

-AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy

-FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ

-IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD

-yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt

-X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN

-wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d

-mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j

-OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l

-bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s

-5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA==

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/msie-s-a-e.pem

+++ /dev/null

@@ -1,106 +1,0 @@

------BEGIN PKCS7-----

-MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ

-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT

-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ

-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO

-OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw

-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH

-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT

-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW

-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv

-ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD

-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g

-l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3

-UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms

-HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl

-PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD

-2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ

-/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM

-IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi

-BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu

-rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ

-V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm

-a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv

-zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI

-IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v

-1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR

-iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg

-93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc

-k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4

-Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz

-6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM

-Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+

-shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk

-iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU

-vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc

-DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U

-ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI

-WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR

-VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw

-ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb

-4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1

-wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA

-Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+

-7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY

-TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q

-PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR

-NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/

-574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N

-oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33

-p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf

-VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD

-3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo

-9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD

-XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6

-pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01

-JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu

-WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm

-+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY

-9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4

-0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q

-53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp

-6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T

-H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD

-pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+

-3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w

-95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC

-QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV

-uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6

-M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4

-EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm

-jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG

-qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38

-Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6

-L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt

-gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP

-pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf

-/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4

-JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt

-+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV

-DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO

-S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6

-zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB

-RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR

-mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh

-nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb

-WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP

-9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl

-Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT

-H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5

-jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz

-x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0

-Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ

-YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv

-Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf

-ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi

-r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP

-zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI

-Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3

-QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22

-DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN

-mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn

-29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm

-WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi

-Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN

-7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA=

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/nav-smime

+++ /dev/null

@@ -1,157 +1,0 @@

-From [email protected] Thu May 14 13:32:27 1998

-X-UIDL: 83c94dd550e54329bf9571b72038b8c8

-Return-Path: [email protected]

-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for <[email protected]>; Thu, 14 May 1998 13:32:26 +1000 (EST)

-Message-ID: <[email protected]>

-Date: Thu, 14 May 1998 13:39:37 +1000

-From: Angela van Lent <[email protected]>

-X-Mailer: Mozilla 4.03 [en] (Win95; U)

-MIME-Version: 1.0

-To: [email protected]

-Subject: signed

-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C"

-Content-Length: 2604

-Status: OR

-This is a cryptographically signed message in MIME format.

---------------ms9A58844C95949ECC78A1C54C

-Content-Type: text/plain; charset=us-ascii

-Content-Transfer-Encoding: 7bit

-signed body

---------------ms9A58844C95949ECC78A1C54C

-Content-Type: application/x-pkcs7-signature; name="smime.p7s"

-Content-Transfer-Encoding: base64

-Content-Disposition: attachment; filename="smime.p7s"

-Content-Description: S/MIME Cryptographic Signature

-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC

-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR

-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv

-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE

-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow

-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu

-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG

-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m

-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh

-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg

-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP

-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds

-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB

-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l

-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB

-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB

-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf

-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s

-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx

-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP

-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ

-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB

-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B

-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG

-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv

-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA

-9CWR6g==

---------------ms9A58844C95949ECC78A1C54C--

-From [email protected] Thu May 14 13:33:16 1998

-X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731

-Return-Path: [email protected]

-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for <[email protected]>; Thu, 14 May 1998 13:33:15 +1000 (EST)

-Message-ID: <[email protected]>

-Date: Thu, 14 May 1998 13:40:27 +1000

-From: Angela van Lent <[email protected]>

-X-Mailer: Mozilla 4.03 [en] (Win95; U)

-MIME-Version: 1.0

-To: [email protected]

-Subject: signed

-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E"

-Content-Length: 2679

-Status: OR

-This is a cryptographically signed message in MIME format.

---------------msD7863B84BD61E02C407F2F5E

-Content-Type: text/plain; charset=us-ascii

-Content-Transfer-Encoding: 7bit

-signed body 2

---------------msD7863B84BD61E02C407F2F5E

-Content-Type: application/x-pkcs7-signature; name="smime.p7s"

-Content-Transfer-Encoding: base64

-Content-Disposition: attachment; filename="smime.p7s"

-Content-Description: S/MIME Cryptographic Signature

-MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC

-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR

-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv

-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE

-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow

-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu

-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG

-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m

-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh

-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg

-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP

-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds

-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB

-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l

-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB

-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB

-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf

-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s

-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx

-ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP

-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ

-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB

-AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN

-AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN

-rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO

-AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N

-coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC

-Zp8SSVVY

---------------msD7863B84BD61E02C407F2F5E--

-From [email protected] Thu May 14 14:05:32 1998

-X-UIDL: a7d629b4b9acacaee8b39371b860a32a

-Return-Path: [email protected]

-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for <[email protected]>; Thu, 14 May 1998 14:05:32 +1000 (EST)

-Message-ID: <[email protected]>

-Date: Thu, 14 May 1998 14:12:43 +1000

-From: Angela van Lent <[email protected]>

-X-Mailer: Mozilla 4.03 [en] (Win95; U)

-MIME-Version: 1.0

-To: [email protected]

-Subject: encrypted

-Content-Type: application/x-pkcs7-mime; name="smime.p7m"

-Content-Transfer-Encoding: base64

-Content-Disposition: attachment; filename="smime.p7m"

-Content-Description: S/MIME Encrypted Message

-Content-Length: 905

-Status: OR

-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG

-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD

-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd

-exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw

-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI

-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU

-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G

-CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg

-nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA

-oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX

-BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE

-CL3uV8k7m0iqAAAAAAAAAAAAAA==

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/s.pem

+++ /dev/null

@@ -1,57 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9

-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG

-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/

-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29

-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b

-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk

-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG

------END RSA PRIVATE KEY-----

-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA

-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/[email protected]

-serial :047D

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1149 (0x47d)

-        Signature Algorithm: md5withRSAEncryption

-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA

-        Validity

-            Not Before: May 13 05:40:58 1998 GMT

-            Not After : May 12 05:40:58 2000 GMT

-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-                Modulus:

-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:

-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:

-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:

-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:

-                    e7:e7:0c:4d:0b

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            Netscape Comment:

-                Generated with SSLeay

-    Signature Algorithm: md5withRSAEncryption

-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:

-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:

-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:

-        50:74:ad:92:cb:4e:90:e5:fa:7d

------BEGIN CERTIFICATE-----

-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV

-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE

-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E

-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw

-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0

-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG

-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf

-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB

-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA

-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8

-4A3ZItobUHStkstOkOX6fQ==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/t/server.pem

+++ /dev/null

@@ -1,57 +1,0 @@

-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA

-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/[email protected]

-serial :047D

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1149 (0x47d)

-        Signature Algorithm: md5withRSAEncryption

-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA

-        Validity

-            Not Before: May 13 05:40:58 1998 GMT

-            Not After : May 12 05:40:58 2000 GMT

-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-                Modulus:

-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:

-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:

-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:

-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:

-                    e7:e7:0c:4d:0b

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            Netscape Comment:

-                Generated with SSLeay

-    Signature Algorithm: md5withRSAEncryption

-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:

-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:

-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:

-        50:74:ad:92:cb:4e:90:e5:fa:7d

------BEGIN CERTIFICATE-----

-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV

-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE

-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E

-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw

-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m

-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0

-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG

-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf

-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB

-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA

-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8

-4A3ZItobUHStkstOkOX6fQ==

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9

-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG

-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/

-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29

-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b

-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk

-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/crypto/pkcs7/verify.c

+++ /dev/null

@@ -1,263 +1,0 @@

-/* crypto/pkcs7/verify.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/bio.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include "example.h"

-int verify_callback(int ok, X509_STORE_CTX *ctx);

-BIO *bio_err=NULL;

-BIO *bio_out=NULL;

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	PKCS7 *p7;

-	PKCS7_SIGNER_INFO *si;

-	X509_STORE_CTX cert_ctx;

-	X509_STORE *cert_store=NULL;

-	BIO *data,*detached=NULL,*p7bio=NULL;

-	char buf[1024*4];

-	char *pp;

-	int i,printit=0;

-	STACK_OF(PKCS7_SIGNER_INFO) *sk;

-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);

-#ifndef OPENSSL_NO_MD2

-	EVP_add_digest(EVP_md2());

-#endif

-#ifndef OPENSSL_NO_MD5

-	EVP_add_digest(EVP_md5());

-#endif

-#ifndef OPENSSL_NO_SHA1

-	EVP_add_digest(EVP_sha1());

-#endif

-#ifndef OPENSSL_NO_MDC2

-	EVP_add_digest(EVP_mdc2());

-#endif

-	data=BIO_new(BIO_s_file());

-	pp=NULL;

-	while (argc > 1)

-		{

-		argc--;

-		argv++;

-		if (strcmp(argv[0],"-p") == 0)

-			{

-			printit=1;

-			}

-		else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))

-			{

-			detached=BIO_new(BIO_s_file());

-			if (!BIO_read_filename(detached,argv[1]))

-				goto err;

-			argc--;

-			argv++;

-			}

-		else

-			{

-			pp=argv[0];

-			if (!BIO_read_filename(data,argv[0]))

-				goto err;

-			}

-		}

-	if (pp == NULL)

-		BIO_set_fp(data,stdin,BIO_NOCLOSE);

-	/* Load the PKCS7 object from a file */

-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;

-	/* This stuff is being setup for certificate verification.

-	 * When using SSL, it could be replaced with a

-	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */

-	cert_store=X509_STORE_new();

-	X509_STORE_set_default_paths(cert_store);

-	X509_STORE_load_locations(cert_store,NULL,"../../certs");

-	X509_STORE_set_verify_cb_func(cert_store,verify_callback);

-	ERR_clear_error();

-	/* We need to process the data */

-	if ((PKCS7_get_detached(p7) || detached))

-		{

-		if (detached == NULL)

-			{

-			printf("no data to verify the signature on\n");

-			exit(1);

-			}

-		else

-			p7bio=PKCS7_dataInit(p7,detached);

-		}

-	else

-		{

-		p7bio=PKCS7_dataInit(p7,NULL);

-		}

-	/* We now have to 'read' from p7bio to calculate digests etc. */

-	for (;;)

-		{

-		i=BIO_read(p7bio,buf,sizeof(buf));

-		/* print it? */

-		if (i <= 0) break;

-		}

-	/* We can now verify signatures */

-	sk=PKCS7_get_signer_info(p7);

-	if (sk == NULL)

-		{

-		printf("there are no signatures on this data\n");

-		exit(1);

-		}

-	/* Ok, first we need to, for each subject entry, see if we can verify */

-	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)

-		{

-		ASN1_UTCTIME *tm;

-		char *str1,*str2;

-		int rc;

-		si=sk_PKCS7_SIGNER_INFO_value(sk,i);

-		rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);

-		if (rc <= 0)

-			goto err;

-		printf("signer info\n");

-		if ((tm=get_signed_time(si)) != NULL)

-			{

-			BIO_printf(bio_out,"Signed time:");

-			ASN1_UTCTIME_print(bio_out,tm);

-			ASN1_UTCTIME_free(tm);

-			BIO_printf(bio_out,"\n");

-			}

-		if (get_signed_seq2string(si,&str1,&str2))

-			{

-			BIO_printf(bio_out,"String 1 is %s\n",str1);

-			BIO_printf(bio_out,"String 2 is %s\n",str2);

-			}

-		}

-	X509_STORE_free(cert_store);

-	printf("done\n");

-	exit(0);

-err:

-	ERR_load_crypto_strings();

-	ERR_print_errors_fp(stderr);

-	exit(1);

-	}

-/* should be X509 * but we can just have them as char *. */

-int verify_callback(int ok, X509_STORE_CTX *ctx)

-	{

-	char buf[256];

-	X509 *err_cert;

-	int err,depth;

-	err_cert=X509_STORE_CTX_get_current_cert(ctx);

-	err=	X509_STORE_CTX_get_error(ctx);

-	depth=	X509_STORE_CTX_get_error_depth(ctx);

-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);

-	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);

-	if (!ok)

-		{

-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,

-			X509_verify_cert_error_string(err));

-		if (depth < 6)

-			{

-			ok=1;

-			X509_STORE_CTX_set_error(ctx,X509_V_OK);

-			}

-		else

-			{

-			ok=0;

-			X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);

-			}

-		}

-	switch (ctx->error)

-		{

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);

-		BIO_printf(bio_err,"issuer= %s\n",buf);

-		break;

-	case X509_V_ERR_CERT_NOT_YET_VALID:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

-		BIO_printf(bio_err,"notBefore=");

-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));

-		BIO_printf(bio_err,"\n");

-		break;

-	case X509_V_ERR_CERT_HAS_EXPIRED:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

-		BIO_printf(bio_err,"notAfter=");

-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));

-		BIO_printf(bio_err,"\n");

-		break;

-		}

-	BIO_printf(bio_err,"verify return:%d\n",ok);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/pqueue/Makefile

+++ /dev/null

@@ -1,84 +1,0 @@

-#

-# OpenSSL/crypto/pqueue/Makefile

-#

-DIR=	pqueue

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=pqueue.c

-LIBOBJ=pqueue.o

-SRC= $(LIBSRC)

-EXHEADER= pqueue.h pq_compat.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-pqueue.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

-pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h

-pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-pqueue.o: ../cryptlib.h pqueue.c pqueue.h

--- a/sys/src/ape/lib/openssl/crypto/pqueue/pq_compat.h

+++ /dev/null

@@ -1,147 +1,0 @@

-/* crypto/pqueue/pqueue_compat.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/opensslconf.h>

-#include <openssl/bn.h>

-/*

- * The purpose of this header file is for supporting 64-bit integer

- * manipulation on 32-bit (and lower) machines.  Currently the only

- * such environment is VMS, Utrix and those with smaller default integer

- * sizes than 32 bits.  For all such environment, we fall back to using

- * BIGNUM.  We may need to fine tune the conditions for systems that

- * are incorrectly configured.

- *

- * The only clients of this code are (1) pqueue for priority, and

- * (2) DTLS, for sequence number manipulation.

- */

-#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)

-#define PQ_64BIT_IS_INTEGER 0

-#define PQ_64BIT_IS_BIGNUM 1

-#define PQ_64BIT     BIGNUM

-#define PQ_64BIT_CTX BN_CTX

-#define pq_64bit_init(x)           BN_init(x)

-#define pq_64bit_free(x)           BN_free(x)

-#define pq_64bit_ctx_new(ctx)      BN_CTX_new()

-#define pq_64bit_ctx_free(x)       BN_CTX_free(x)

-#define pq_64bit_assign(x, y)      BN_copy(x, y)

-#define pq_64bit_assign_word(x, y) BN_set_word(x, y)

-#define pq_64bit_gt(x, y)          BN_ucmp(x, y) >= 1 ? 1 : 0

-#define pq_64bit_eq(x, y)          BN_ucmp(x, y) == 0 ? 1 : 0

-#define pq_64bit_add_word(x, w)    BN_add_word(x, w)

-#define pq_64bit_sub(r, x, y)      BN_sub(r, x, y)

-#define pq_64bit_sub_word(x, w)    BN_sub_word(x, w)

-#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)

-#define pq_64bit_bin2num(bn, bytes, len)   BN_bin2bn(bytes, len, bn)

-#define pq_64bit_num2bin(bn, bytes)        BN_bn2bin(bn, bytes)

-#define pq_64bit_get_word(x)               BN_get_word(x)

-#define pq_64bit_is_bit_set(x, offset)     BN_is_bit_set(x, offset)

-#define pq_64bit_lshift(r, x, shift)       BN_lshift(r, x, shift)

-#define pq_64bit_set_bit(x, num)           BN_set_bit(x, num)

-#define pq_64bit_get_length(x)             BN_num_bits((x))

-#else

-#define PQ_64BIT_IS_INTEGER 1

-#define PQ_64BIT_IS_BIGNUM 0

-#if defined(SIXTY_FOUR_BIT)

-#define PQ_64BIT BN_ULONG

-#define PQ_64BIT_PRINT "%lld"

-#elif defined(SIXTY_FOUR_BIT_LONG)

-#define PQ_64BIT BN_ULONG

-#define PQ_64BIT_PRINT "%ld"

-#elif defined(THIRTY_TWO_BIT)

-#define PQ_64BIT BN_ULLONG

-#define PQ_64BIT_PRINT "%lld"

-#endif

-#define PQ_64BIT_CTX      void

-#define pq_64bit_init(x)

-#define pq_64bit_free(x)

-#define pq_64bit_ctx_new(ctx)        (ctx)

-#define pq_64bit_ctx_free(x)

-#define pq_64bit_assign(x, y)        (*(x) = *(y))

-#define pq_64bit_assign_word(x, y)   (*(x) = y)

-#define pq_64bit_gt(x, y)	         (*(x) > *(y))

-#define pq_64bit_eq(x, y)            (*(x) == *(y))

-#define pq_64bit_add_word(x, w)      (*(x) = (*(x) + (w)))

-#define pq_64bit_sub(r, x, y)        (*(r) = (*(x) - *(y)))

-#define pq_64bit_sub_word(x, w)      (*(x) = (*(x) - (w)))

-#define pq_64bit_mod(r, x, n, ctx)

-#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)

-#define pq_64bit_num2bin(num, bytes)      long_long_to_bytes(num, bytes)

-#define pq_64bit_get_word(x)              *(x)

-#define pq_64bit_lshift(r, x, shift)      (*(r) = (*(x) << (shift)))

-#define pq_64bit_set_bit(x, num)          do { \

-                                              PQ_64BIT mask = 1; \

-                                              mask = mask << (num); \

-                                              *(x) |= mask; \

-                                          } while(0)

-#endif /* OPENSSL_SYS_VMS */

--- a/sys/src/ape/lib/openssl/crypto/pqueue/pq_test.c

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/pqueue/pq_test.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "pqueue.h"

-int

-main(void)

-	{

-	pitem *item;

-	pqueue pq;

-	pq = pqueue_new();

-	item = pitem_new(3, NULL);

-	pqueue_insert(pq, item);

-	item = pitem_new(1, NULL);

-	pqueue_insert(pq, item);

-	item = pitem_new(2, NULL);

-	pqueue_insert(pq, item);

-	item = pqueue_find(pq, 1);

-	fprintf(stderr, "found %ld\n", item->priority);

-	item = pqueue_find(pq, 2);

-	fprintf(stderr, "found %ld\n", item->priority);

-	item = pqueue_find(pq, 3);

-	fprintf(stderr, "found %ld\n", item ? item->priority: 0);

-	pqueue_print(pq);

-	for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))

-		pitem_free(item);

-	pqueue_free(pq);

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/pqueue/pqueue.c

+++ /dev/null

@@ -1,236 +1,0 @@

-/* crypto/pqueue/pqueue.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include "pqueue.h"

-typedef struct _pqueue

-	{

-	pitem *items;

-	int count;

-	} pqueue_s;

-pitem *

-pitem_new(PQ_64BIT priority, void *data)

-	{

-	pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));

-	if (item == NULL) return NULL;

-	pq_64bit_init(&(item->priority));

-	pq_64bit_assign(&item->priority, &priority);

-	item->data = data;

-	item->next = NULL;

-	return item;

-	}

-void

-pitem_free(pitem *item)

-	{

-	if (item == NULL) return;

-	pq_64bit_free(&(item->priority));

-	OPENSSL_free(item);

-	}

-pqueue_s *

-pqueue_new()

-	{

-	pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));

-	if (pq == NULL) return NULL;

-	memset(pq, 0x00, sizeof(pqueue_s));

-	return pq;

-	}

-void

-pqueue_free(pqueue_s *pq)

-	{

-	if (pq == NULL) return;

-	OPENSSL_free(pq);

-	}

-pitem *

-pqueue_insert(pqueue_s *pq, pitem *item)

-	{

-	pitem *curr, *next;

-	if (pq->items == NULL)

-		{

-		pq->items = item;

-		return item;

-		}

-	for(curr = NULL, next = pq->items;

-		next != NULL;

-		curr = next, next = next->next)

-		{

-		if (pq_64bit_gt(&(next->priority), &(item->priority)))

-			{

-			item->next = next;

-			if (curr == NULL)

-				pq->items = item;

-			else

-				curr->next = item;

-			return item;

-			}

-		/* duplicates not allowed */

-		if (pq_64bit_eq(&(item->priority), &(next->priority)))

-			return NULL;

-		}

-	item->next = NULL;

-	curr->next = item;

-	return item;

-	}

-pitem *

-pqueue_peek(pqueue_s *pq)

-	{

-	return pq->items;

-	}

-pitem *

-pqueue_pop(pqueue_s *pq)

-	{

-	pitem *item = pq->items;

-	if (pq->items != NULL)

-		pq->items = pq->items->next;

-	return item;

-	}

-pitem *

-pqueue_find(pqueue_s *pq, PQ_64BIT priority)

-	{

-	pitem *next, *prev = NULL;

-	pitem *found = NULL;

-	if ( pq->items == NULL)

-		return NULL;

-	for ( next = pq->items; next->next != NULL;

-		  prev = next, next = next->next)

-		{

-		if ( pq_64bit_eq(&(next->priority), &priority))

-			{

-			found = next;

-			break;

-			}

-		}

-	/* check the one last node */

-	if ( pq_64bit_eq(&(next->priority), &priority))

-		found = next;

-	if ( ! found)

-		return NULL;

-#if 0 /* find works in peek mode */

-	if ( prev == NULL)

-		pq->items = next->next;

-	else

-		prev->next = next->next;

-#endif

-	return found;

-	}

-#if PQ_64BIT_IS_INTEGER

-void

-pqueue_print(pqueue_s *pq)

-	{

-	pitem *item = pq->items;

-	while(item != NULL)

-		{

-		printf("item\t" PQ_64BIT_PRINT "\n", item->priority);

-		item = item->next;

-		}

-	}

-#endif

-pitem *

-pqueue_iterator(pqueue_s *pq)

-	{

-	return pqueue_peek(pq);

-	}

-pitem *

-pqueue_next(pitem **item)

-	{

-	pitem *ret;

-	if ( item == NULL || *item == NULL)

-		return NULL;

-	/* *item != NULL */

-	ret = *item;

-	*item = (*item)->next;

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/pqueue/pqueue.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* crypto/pqueue/pqueue.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_PQUEUE_H

-#define HEADER_PQUEUE_H

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/pq_compat.h>

-typedef struct _pqueue *pqueue;

-typedef struct _pitem

-	{

-	PQ_64BIT priority;

-	void *data;

-	struct _pitem *next;

-	} pitem;

-typedef struct _pitem *piterator;

-pitem *pitem_new(PQ_64BIT priority, void *data);

-void   pitem_free(pitem *item);

-pqueue pqueue_new(void);

-void   pqueue_free(pqueue pq);

-pitem *pqueue_insert(pqueue pq, pitem *item);

-pitem *pqueue_peek(pqueue pq);

-pitem *pqueue_pop(pqueue pq);

-pitem *pqueue_find(pqueue pq, PQ_64BIT priority);

-pitem *pqueue_iterator(pqueue pq);

-pitem *pqueue_next(piterator *iter);

-void   pqueue_print(pqueue pq);

-#endif /* ! HEADER_PQUEUE_H */

--- a/sys/src/ape/lib/openssl/crypto/rand/Makefile

+++ /dev/null

@@ -1,159 +1,0 @@

-#

-# OpenSSL/crypto/rand/Makefile

-#

-DIR=	rand

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST= randtest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \

-	rand_win.c rand_unix.c rand_os2.c rand_nw.c

-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \

-	rand_win.o rand_unix.o rand_os2.o rand_nw.o

-SRC= $(LIBSRC)

-EXHEADER= rand.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-md_rand.o: ../../e_os.h ../../include/openssl/asn1.h

-md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-md_rand.o: md_rand.c rand_lcl.h

-rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h

-rand_egd.o: ../../include/openssl/opensslconf.h

-rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-rand_egd.o: rand_egd.c

-rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rand_err.o: rand_err.c

-rand_lib.o: ../../e_os.h ../../include/openssl/bio.h

-rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-rand_lib.o: ../../include/openssl/opensslconf.h

-rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rand_lib.o: ../cryptlib.h rand_lib.c

-rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h

-rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c

-rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h

-rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h

-rand_os2.o: rand_os2.c

-rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h

-rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rand_unix.o: ../../include/openssl/objects.h

-rand_unix.o: ../../include/openssl/opensslconf.h

-rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h

-rand_unix.o: rand_unix.c

-rand_win.o: ../../e_os.h ../../include/openssl/asn1.h

-rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h

-rand_win.o: rand_win.c

-randfile.o: ../../e_os.h ../../include/openssl/buffer.h

-randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-randfile.o: ../../include/openssl/opensslconf.h

-randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h

-randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-randfile.o: randfile.c

--- a/sys/src/ape/lib/openssl/crypto/rand/md_rand.c

+++ /dev/null

@@ -1,572 +1,0 @@

-/* crypto/rand/md_rand.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifdef MD_RAND_DEBUG

-# ifndef NDEBUG

-#   define NDEBUG

-# endif

-#endif

-#include <assert.h>

-#include <stdio.h>

-#include <string.h>

-#include "e_os.h"

-#include <openssl/rand.h>

-#include "rand_lcl.h"

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#ifdef BN_DEBUG

-# define PREDICT

-#endif

-/* #define PREDICT	1 */

-#define STATE_SIZE	1023

-static int state_num=0,state_index=0;

-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];

-static unsigned char md[MD_DIGEST_LENGTH];

-static long md_count[2]={0,0};

-static double entropy=0;

-static int initialized=0;

-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread

-                                           * holds CRYPTO_LOCK_RAND

-                                           * (to prevent double locking) */

-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */

-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */

-#ifdef PREDICT

-int rand_predictable=0;

-#endif

-const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;

-static void ssleay_rand_cleanup(void);

-static void ssleay_rand_seed(const void *buf, int num);

-static void ssleay_rand_add(const void *buf, int num, double add_entropy);

-static int ssleay_rand_bytes(unsigned char *buf, int num);

-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);

-static int ssleay_rand_status(void);

-RAND_METHOD rand_ssleay_meth={

-	ssleay_rand_seed,

-	ssleay_rand_bytes,

-	ssleay_rand_cleanup,

-	ssleay_rand_add,

-	ssleay_rand_pseudo_bytes,

-	ssleay_rand_status

-	};

-RAND_METHOD *RAND_SSLeay(void)

-	{

-	return(&rand_ssleay_meth);

-	}

-static void ssleay_rand_cleanup(void)

-	{

-	OPENSSL_cleanse(state,sizeof(state));

-	state_num=0;

-	state_index=0;

-	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);

-	md_count[0]=0;

-	md_count[1]=0;

-	entropy=0;

-	initialized=0;

-	}

-static void ssleay_rand_add(const void *buf, int num, double add)

-	{

-	int i,j,k,st_idx;

-	long md_c[2];

-	unsigned char local_md[MD_DIGEST_LENGTH];

-	EVP_MD_CTX m;

-	int do_not_lock;

-	/*

-	 * (Based on the rand(3) manpage)

-	 *

-	 * The input is chopped up into units of 20 bytes (or less for

-	 * the last block).  Each of these blocks is run through the hash

-	 * function as follows:  The data passed to the hash function

-	 * is the current 'md', the same number of bytes from the 'state'

-	 * (the location determined by in incremented looping index) as

-	 * the current 'block', the new key data 'block', and 'count'

-	 * (which is incremented after each use).

-	 * The result of this is kept in 'md' and also xored into the

-	 * 'state' at the same locations that were used as input into the

-         * hash function.

-	 */

-	/* check if we already have the lock */

-	if (crypto_lock_rand)

-		{

-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);

-		do_not_lock = (locking_thread == CRYPTO_thread_id());

-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);

-		}

-	else

-		do_not_lock = 0;

-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-	st_idx=state_index;

-	/* use our own copies of the counters so that even

-	 * if a concurrent thread seeds with exactly the

-	 * same data and uses the same subarray there's _some_

-	 * difference */

-	md_c[0] = md_count[0];

-	md_c[1] = md_count[1];

-	memcpy(local_md, md, sizeof md);

-	/* state_index <= state_num <= STATE_SIZE */

-	state_index += num;

-	if (state_index >= STATE_SIZE)

-		{

-		state_index%=STATE_SIZE;

-		state_num=STATE_SIZE;

-		}

-	else if (state_num < STATE_SIZE)

-		{

-		if (state_index > state_num)

-			state_num=state_index;

-		}

-	/* state_index <= state_num <= STATE_SIZE */

-	/* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]

-	 * are what we will use now, but other threads may use them

-	 * as well */

-	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);

-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-	EVP_MD_CTX_init(&m);

-	for (i=0; i<num; i+=MD_DIGEST_LENGTH)

-		{

-		j=(num-i);

-		j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;

-		MD_Init(&m);

-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);

-		k=(st_idx+j)-STATE_SIZE;

-		if (k > 0)

-			{

-			MD_Update(&m,&(state[st_idx]),j-k);

-			MD_Update(&m,&(state[0]),k);

-			}

-		else

-			MD_Update(&m,&(state[st_idx]),j);

-		MD_Update(&m,buf,j);

-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));

-		MD_Final(&m,local_md);

-		md_c[1]++;

-		buf=(const char *)buf + j;

-		for (k=0; k<j; k++)

-			{

-			/* Parallel threads may interfere with this,

-			 * but always each byte of the new state is

-			 * the XOR of some previous value of its

-			 * and local_md (itermediate values may be lost).

-			 * Alway using locking could hurt performance more

-			 * than necessary given that conflicts occur only

-			 * when the total seeding is longer than the random

-			 * state. */

-			state[st_idx++]^=local_md[k];

-			if (st_idx >= STATE_SIZE)

-				st_idx=0;

-			}

-		}

-	EVP_MD_CTX_cleanup(&m);

-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-	/* Don't just copy back local_md into md -- this could mean that

-	 * other thread's seeding remains without effect (except for

-	 * the incremented counter).  By XORing it we keep at least as

-	 * much entropy as fits into md. */

-	for (k = 0; k < (int)sizeof(md); k++)

-		{

-		md[k] ^= local_md[k];

-		}

-	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */

-	    entropy += add;

-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)

-	assert(md_c[1] == md_count[1]);

-#endif

-	}

-static void ssleay_rand_seed(const void *buf, int num)

-	{

-	ssleay_rand_add(buf, num, (double)num);

-	}

-static int ssleay_rand_bytes(unsigned char *buf, int num)

-	{

-	static  int stirred_pool = 0;

-	int i,j,k,st_num,st_idx;

-	int num_ceil;

-	int ok;

-	long md_c[2];

-	unsigned char local_md[MD_DIGEST_LENGTH];

-	EVP_MD_CTX m;

-#ifndef GETPID_IS_MEANINGLESS

-	pid_t curr_pid = getpid();

-#endif

-	int do_stir_pool = 0;

-#ifdef PREDICT

-	if (rand_predictable)

-		{

-		static unsigned char val=0;

-		for (i=0; i<num; i++)

-			buf[i]=val++;

-		return(1);

-		}

-#endif

-	if (num <= 0)

-		return 1;

-	EVP_MD_CTX_init(&m);

-	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */

-	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);

-	/*

-	 * (Based on the rand(3) manpage:)

-	 *

-	 * For each group of 10 bytes (or less), we do the following:

-	 *

-	 * Input into the hash function the local 'md' (which is initialized from

-	 * the global 'md' before any bytes are generated), the bytes that are to

-	 * be overwritten by the random bytes, and bytes from the 'state'

-	 * (incrementing looping index). From this digest output (which is kept

-	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the

-	 * bottom 10 bytes are xored into the 'state'.

-	 *

-	 * Finally, after we have finished 'num' random bytes for the

-	 * caller, 'count' (which is incremented) and the local and global 'md'

-	 * are fed into the hash function and the results are kept in the

-	 * global 'md'.

-	 */

-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */

-	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);

-	locking_thread = CRYPTO_thread_id();

-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);

-	crypto_lock_rand = 1;

-	if (!initialized)

-		{

-		RAND_poll();

-		initialized = 1;

-		}

-	if (!stirred_pool)

-		do_stir_pool = 1;

-	ok = (entropy >= ENTROPY_NEEDED);

-	if (!ok)

-		{

-		/* If the PRNG state is not yet unpredictable, then seeing

-		 * the PRNG output may help attackers to determine the new

-		 * state; thus we have to decrease the entropy estimate.

-		 * Once we've had enough initial seeding we don't bother to

-		 * adjust the entropy count, though, because we're not ambitious

-		 * to provide *information-theoretic* randomness.

-		 *

-		 * NOTE: This approach fails if the program forks before

-		 * we have enough entropy. Entropy should be collected

-		 * in a separate input pool and be transferred to the

-		 * output pool only when the entropy limit has been reached.

-		 */

-		entropy -= num;

-		if (entropy < 0)

-			entropy = 0;

-		}

-	if (do_stir_pool)

-		{

-		/* In the output function only half of 'md' remains secret,

-		 * so we better make sure that the required entropy gets

-		 * 'evenly distributed' through 'state', our randomness pool.

-		 * The input function (ssleay_rand_add) chains all of 'md',

-		 * which makes it more suitable for this purpose.

-		 */

-		int n = STATE_SIZE; /* so that the complete pool gets accessed */

-		while (n > 0)

-			{

-#if MD_DIGEST_LENGTH > 20

-# error "Please adjust DUMMY_SEED."

-#endif

-#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */

-			/* Note that the seed does not matter, it's just that

-			 * ssleay_rand_add expects to have something to hash. */

-			ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);

-			n -= MD_DIGEST_LENGTH;

-			}

-		if (ok)

-			stirred_pool = 1;

-		}

-	st_idx=state_index;

-	st_num=state_num;

-	md_c[0] = md_count[0];

-	md_c[1] = md_count[1];

-	memcpy(local_md, md, sizeof md);

-	state_index+=num_ceil;

-	if (state_index > state_num)

-		state_index %= state_num;

-	/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]

-	 * are now ours (but other threads may use them too) */

-	md_count[0] += 1;

-	/* before unlocking, we must clear 'crypto_lock_rand' */

-	crypto_lock_rand = 0;

-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-	while (num > 0)

-		{

-		/* num_ceil -= MD_DIGEST_LENGTH/2 */

-		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;

-		num-=j;

-		MD_Init(&m);

-#ifndef GETPID_IS_MEANINGLESS

-		if (curr_pid) /* just in the first iteration to save time */

-			{

-			MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);

-			curr_pid = 0;

-			}

-#endif

-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);

-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));

-#ifndef PURIFY

-		MD_Update(&m,buf,j); /* purify complains */

-#endif

-		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;

-		if (k > 0)

-			{

-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);

-			MD_Update(&m,&(state[0]),k);

-			}

-		else

-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);

-		MD_Final(&m,local_md);

-		for (i=0; i<MD_DIGEST_LENGTH/2; i++)

-			{

-			state[st_idx++]^=local_md[i]; /* may compete with other threads */

-			if (st_idx >= st_num)

-				st_idx=0;

-			if (i < j)

-				*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];

-			}

-		}

-	MD_Init(&m);

-	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));

-	MD_Update(&m,local_md,MD_DIGEST_LENGTH);

-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-	MD_Update(&m,md,MD_DIGEST_LENGTH);

-	MD_Final(&m,md);

-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-	EVP_MD_CTX_cleanup(&m);

-	if (ok)

-		return(1);

-	else

-		{

-		RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);

-		ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "

-			"http://www.openssl.org/support/faq.html");

-		return(0);

-		}

-	}

-/* pseudo-random bytes that are guaranteed to be unique but not

-   unpredictable */

-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)

-	{

-	int ret;

-	unsigned long err;

-	ret = RAND_bytes(buf, num);

-	if (ret == 0)

-		{

-		err = ERR_peek_error();

-		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&

-		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)

-			ERR_clear_error();

-		}

-	return (ret);

-	}

-static int ssleay_rand_status(void)

-	{

-	int ret;

-	int do_not_lock;

-	/* check if we already have the lock

-	 * (could happen if a RAND_poll() implementation calls RAND_status()) */

-	if (crypto_lock_rand)

-		{

-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);

-		do_not_lock = (locking_thread == CRYPTO_thread_id());

-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);

-		}

-	else

-		do_not_lock = 0;

-	if (!do_not_lock)

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */

-		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);

-		locking_thread = CRYPTO_thread_id();

-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);

-		crypto_lock_rand = 1;

-		}

-	if (!initialized)

-		{

-		RAND_poll();

-		initialized = 1;

-		}

-	ret = entropy >= ENTROPY_NEEDED;

-	if (!do_not_lock)

-		{

-		/* before unlocking, we must clear 'crypto_lock_rand' */

-		crypto_lock_rand = 0;

-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-		}

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rand/rand.h

+++ /dev/null

@@ -1,140 +1,0 @@

-/* crypto/rand/rand.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RAND_H

-#define HEADER_RAND_H

-#include <stdlib.h>

-#include <openssl/ossl_typ.h>

-#include <openssl/e_os2.h>

-#if defined(OPENSSL_SYS_WINDOWS)

-#include <windows.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#if defined(OPENSSL_FIPS)

-#define FIPS_RAND_SIZE_T size_t

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct rand_meth_st RAND_METHOD; */

-struct rand_meth_st

-	{

-	void (*seed)(const void *buf, int num);

-	int (*bytes)(unsigned char *buf, int num);

-	void (*cleanup)(void);

-	void (*add)(const void *buf, int num, double entropy);

-	int (*pseudorand)(unsigned char *buf, int num);

-	int (*status)(void);

-	};

-#ifdef BN_DEBUG

-extern int rand_predictable;

-#endif

-int RAND_set_rand_method(const RAND_METHOD *meth);

-const RAND_METHOD *RAND_get_rand_method(void);

-#ifndef OPENSSL_NO_ENGINE

-int RAND_set_rand_engine(ENGINE *engine);

-#endif

-RAND_METHOD *RAND_SSLeay(void);

-void RAND_cleanup(void );

-int  RAND_bytes(unsigned char *buf,int num);

-int  RAND_pseudo_bytes(unsigned char *buf,int num);

-void RAND_seed(const void *buf,int num);

-void RAND_add(const void *buf,int num,double entropy);

-int  RAND_load_file(const char *file,long max_bytes);

-int  RAND_write_file(const char *file);

-const char *RAND_file_name(char *file,size_t num);

-int RAND_status(void);

-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);

-int RAND_egd(const char *path);

-int RAND_egd_bytes(const char *path,int bytes);

-int RAND_poll(void);

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)

-void RAND_screen(void);

-int RAND_event(UINT, WPARAM, LPARAM);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_RAND_strings(void);

-/* Error codes for the RAND functions. */

-/* Function codes. */

-#define RAND_F_RAND_GET_RAND_METHOD			 101

-#define RAND_F_SSLEAY_RAND_BYTES			 100

-/* Reason codes. */

-#define RAND_R_PRNG_NOT_SEEDED				 100

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_egd.c

+++ /dev/null

@@ -1,303 +1,0 @@

-/* crypto/rand/rand_egd.c */

-/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/e_os2.h>

-#include <openssl/rand.h>

-#include <openssl/buffer.h>

-/*

- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.

- *

- * This module supplies three routines:

- *

- * RAND_query_egd_bytes(path, buf, bytes)

- *   will actually query "bytes" bytes of entropy form the egd-socket located

- *   at path and will write them to buf (if supplied) or will directly feed

- *   it to RAND_seed() if buf==NULL.

- *   The number of bytes is not limited by the maximum chunk size of EGD,

- *   which is 255 bytes. If more than 255 bytes are wanted, several chunks

- *   of entropy bytes are requested. The connection is left open until the

- *   query is competed.

- *   RAND_query_egd_bytes() returns with

- *     -1  if an error occured during connection or communication.

- *     num the number of bytes read from the EGD socket. This number is either

- *         the number of bytes requested or smaller, if the EGD pool is

- *         drained and the daemon signals that the pool is empty.

- *   This routine does not touch any RAND_status(). This is necessary, since

- *   PRNG functions may call it during initialization.

- *

- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them

- *   used to seed the PRNG.

- *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.

- *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the

- *   seed status so that the return value can reflect the seed state:

- *     -1  if an error occured during connection or communication _or_

- *         if the PRNG has still not received the required seeding.

- *     num the number of bytes read from the EGD socket. This number is either

- *         the number of bytes requested or smaller, if the EGD pool is

- *         drained and the daemon signals that the pool is empty.

- *

- * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed

- *   the PRNG.

- *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.

- */

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)

-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)

-	{

-	return(-1);

-	}

-int RAND_egd(const char *path)

-	{

-	return(-1);

-	}

-int RAND_egd_bytes(const char *path,int bytes)

-	{

-	return(-1);

-	}

-#else

-#include <openssl/opensslconf.h>

-#include OPENSSL_UNISTD

-#include <sys/types.h>

-#include <sys/socket.h>

-#ifndef NO_SYS_UN_H

-# ifdef OPENSSL_SYS_VXWORKS

-#   include <streams/un.h>

-# else

-#   include <sys/un.h>

-# endif

-#else

-struct	sockaddr_un {

-	short	sun_family;		/* AF_UNIX */

-	char	sun_path[108];		/* path name (gag) */

-};

-#endif /* NO_SYS_UN_H */

-#include <string.h>

-#include <errno.h>

-#ifndef offsetof

-#  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)

-#endif

-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)

-	{

-	int ret = 0;

-	struct sockaddr_un addr;

-	int len, num, numbytes;

-	int fd = -1;

-	int success;

-	unsigned char egdbuf[2], tempbuf[255], *retrievebuf;

-	memset(&addr, 0, sizeof(addr));

-	addr.sun_family = AF_UNIX;

-	if (strlen(path) >= sizeof(addr.sun_path))

-		return (-1);

-	BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);

-	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);

-	fd = socket(AF_UNIX, SOCK_STREAM, 0);

-	if (fd == -1) return (-1);

-	success = 0;

-	while (!success)

-	    {

-	    if (connect(fd, (struct sockaddr *)&addr, len) == 0)

-	       success = 1;

-	    else

-		{

-		switch (errno)

-		    {

-#ifdef EINTR

-		    case EINTR:

-#endif

-#ifdef EAGAIN

-		    case EAGAIN:

-#endif

-#ifdef EINPROGRESS

-		    case EINPROGRESS:

-#endif

-#ifdef EALREADY

-		    case EALREADY:

-#endif

-			/* No error, try again */

-			break;

-#ifdef EISCONN

-		    case EISCONN:

-			success = 1;

-			break;

-#endif

-		    default:

-			goto err;	/* failure */

-		    }

-		}

-	    }

-	while(bytes > 0)

-	    {

-	    egdbuf[0] = 1;

-	    egdbuf[1] = bytes < 255 ? bytes : 255;

-	    numbytes = 0;

-	    while (numbytes != 2)

-		{

-	        num = write(fd, egdbuf + numbytes, 2 - numbytes);

-	        if (num >= 0)

-		    numbytes += num;

-	    	else

-		    {

-		    switch (errno)

-		    	{

-#ifdef EINTR

-		    	case EINTR:

-#endif

-#ifdef EAGAIN

-		    	case EAGAIN:

-#endif

-			    /* No error, try again */

-			    break;

-		    	default:

-			    ret = -1;

-			    goto err;	/* failure */

-			}

-		    }

-		}

-	    numbytes = 0;

-	    while (numbytes != 1)

-		{

-	        num = read(fd, egdbuf, 1);

-	        if (num == 0)

-			goto err;	/* descriptor closed */

-		else if (num > 0)

-		    numbytes += num;

-	    	else

-		    {

-		    switch (errno)

-		    	{

-#ifdef EINTR

-		    	case EINTR:

-#endif

-#ifdef EAGAIN

-		    	case EAGAIN:

-#endif

-			    /* No error, try again */

-			    break;

-		    	default:

-			    ret = -1;

-			    goto err;	/* failure */

-			}

-		    }

-		}

-	    if(egdbuf[0] == 0)

-		goto err;

-	    if (buf)

-		retrievebuf = buf + ret;

-	    else

-		retrievebuf = tempbuf;

-	    numbytes = 0;

-	    while (numbytes != egdbuf[0])

-		{

-	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);

-		if (num == 0)

-			goto err;	/* descriptor closed */

-	        else if (num > 0)

-		    numbytes += num;

-	    	else

-		    {

-		    switch (errno)

-		    	{

-#ifdef EINTR

-		    	case EINTR:

-#endif

-#ifdef EAGAIN

-		    	case EAGAIN:

-#endif

-			    /* No error, try again */

-			    break;

-		    	default:

-			    ret = -1;

-			    goto err;	/* failure */

-			}

-		    }

-		}

-	    ret += egdbuf[0];

-	    bytes -= egdbuf[0];

-	    if (!buf)

-		RAND_seed(tempbuf, egdbuf[0]);

-	    }

- err:

-	if (fd != -1) close(fd);

-	return(ret);

-	}

-int RAND_egd_bytes(const char *path, int bytes)

-	{

-	int num, ret = 0;

-	num = RAND_query_egd_bytes(path, NULL, bytes);

-	if (num < 1) goto err;

-	if (RAND_status() == 1)

-	    ret = num;

- err:

-	return(ret);

-	}

-int RAND_egd(const char *path)

-	{

-	return (RAND_egd_bytes(path, 255));

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_err.c

+++ /dev/null

@@ -1,96 +1,0 @@

-/* crypto/rand/rand_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)

-static ERR_STRING_DATA RAND_str_functs[]=

-	{

-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},

-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},

-{0,NULL}

-	};

-static ERR_STRING_DATA RAND_str_reasons[]=

-	{

-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},

-{0,NULL}

-	};

-#endif

-void ERR_load_RAND_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,RAND_str_functs);

-		ERR_load_strings(0,RAND_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_lcl.h

+++ /dev/null

@@ -1,158 +1,0 @@

-/* crypto/rand/rand_lcl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_RAND_LCL_H

-#define HEADER_RAND_LCL_H

-#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */

-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)

-#define USE_SHA1_RAND

-#elif !defined(OPENSSL_NO_MD5)

-#define USE_MD5_RAND

-#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)

-#define USE_MDC2_RAND

-#elif !defined(OPENSSL_NO_MD2)

-#define USE_MD2_RAND

-#else

-#error No message digest algorithm available

-#endif

-#endif

-#include <openssl/evp.h>

-#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)

-#define	MD_Final(a,b)		EVP_DigestFinal_ex(a,b,NULL)

-#if defined(USE_MD5_RAND)

-#include <openssl/md5.h>

-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH

-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md5(), NULL)

-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)

-#elif defined(USE_SHA1_RAND)

-#include <openssl/sha.h>

-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH

-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_sha1(), NULL)

-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)

-#elif defined(USE_MDC2_RAND)

-#include <openssl/mdc2.h>

-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH

-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_mdc2(), NULL)

-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)

-#elif defined(USE_MD2_RAND)

-#include <openssl/md2.h>

-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH

-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md2(), NULL)

-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_lib.c

+++ /dev/null

@@ -1,176 +1,0 @@

-/* crypto/rand/rand_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#ifndef OPENSSL_NO_ENGINE

-/* non-NULL if default_RAND_meth is ENGINE-provided */

-static ENGINE *funct_ref =NULL;

-#endif

-static const RAND_METHOD *default_RAND_meth = NULL;

-int RAND_set_rand_method(const RAND_METHOD *meth)

-	{

-#ifndef OPENSSL_NO_ENGINE

-	if(funct_ref)

-		{

-		ENGINE_finish(funct_ref);

-		funct_ref = NULL;

-		}

-#endif

-	default_RAND_meth = meth;

-	return 1;

-	}

-const RAND_METHOD *RAND_get_rand_method(void)

-	{

-	if (!default_RAND_meth)

-		{

-#ifndef OPENSSL_NO_ENGINE

-		ENGINE *e = ENGINE_get_default_RAND();

-		if(e)

-			{

-			default_RAND_meth = ENGINE_get_RAND(e);

-			if(!default_RAND_meth)

-				{

-				ENGINE_finish(e);

-				e = NULL;

-				}

-			}

-		if(e)

-			funct_ref = e;

-		else

-#endif

-			default_RAND_meth = RAND_SSLeay();

-		}

-	return default_RAND_meth;

-	}

-#ifndef OPENSSL_NO_ENGINE

-int RAND_set_rand_engine(ENGINE *engine)

-	{

-	const RAND_METHOD *tmp_meth = NULL;

-	if(engine)

-		{

-		if(!ENGINE_init(engine))

-			return 0;

-		tmp_meth = ENGINE_get_RAND(engine);

-		if(!tmp_meth)

-			{

-			ENGINE_finish(engine);

-			return 0;

-			}

-		}

-	/* This function releases any prior ENGINE so call it first */

-	RAND_set_rand_method(tmp_meth);

-	funct_ref = engine;

-	return 1;

-	}

-#endif

-void RAND_cleanup(void)

-	{

-	const RAND_METHOD *meth = RAND_get_rand_method();

-	if (meth && meth->cleanup)

-		meth->cleanup();

-	RAND_set_rand_method(NULL);

-	}

-void RAND_seed(const void *buf, int num)

-	{

-	const RAND_METHOD *meth = RAND_get_rand_method();

-	if (meth && meth->seed)

-		meth->seed(buf,num);

-	}

-void RAND_add(const void *buf, int num, double entropy)

-	{

-	const RAND_METHOD *meth = RAND_get_rand_method();

-	if (meth && meth->add)

-		meth->add(buf,num,entropy);

-	}

-int RAND_bytes(unsigned char *buf, int num)

-	{

-	const RAND_METHOD *meth = RAND_get_rand_method();

-	if (meth && meth->bytes)

-		return meth->bytes(buf,num);

-	return(-1);

-	}

-int RAND_pseudo_bytes(unsigned char *buf, int num)

-	{

-	const RAND_METHOD *meth = RAND_get_rand_method();

-	if (meth && meth->pseudorand)

-		return meth->pseudorand(buf,num);

-	return(-1);

-	}

-int RAND_status(void)

-	{

-	const RAND_METHOD *meth = RAND_get_rand_method();

-	if (meth && meth->status)

-		return meth->status();

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_nw.c

+++ /dev/null

@@ -1,176 +1,0 @@

-/* crypto/rand/rand_nw.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include "rand_lcl.h"

-#if defined (OPENSSL_SYS_NETWARE)

-#if defined(NETWARE_LIBC)

-#include <nks/thread.h>

-#endif

-extern long RunningProcess;

-   /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed

-   */

-int RAND_poll(void)

-{

-   unsigned long l;

-   unsigned long tsc;

-   int i;

-      /* There are several options to gather miscellaneous data

-       * but for now we will loop checking the time stamp counter (rdtsc) and

-       * the SuperHighResolutionTimer.  Each iteration will collect 8 bytes

-       * of data but it is treated as only 1 byte of entropy.  The call to

-       * ThreadSwitchWithDelay() will introduce additional variability into

-       * the data returned by rdtsc.

-       *

-       * Applications can agument the seed material by adding additional

-       * stuff with RAND_add() and should probably do so.

-      */

-   l = GetProcessSwitchCount();

-   RAND_add(&l,sizeof(l),1);

-   l=RunningProcess;

-   RAND_add(&l,sizeof(l),1);

-   for( i=2; i<ENTROPY_NEEDED; i++)

-   {

-#ifdef __MWERKS__

-      asm

-      {

-         rdtsc

-         mov tsc, eax

-      }

-#else

-      asm volatile("rdtsc":"=A" (tsc));

-#endif

-      RAND_add(&tsc, sizeof(tsc), 1);

-      l = GetSuperHighResolutionTimer();

-      RAND_add(&l, sizeof(l), 0);

-# if defined(NETWARE_LIBC)

-      NXThreadYield();

-# else /* NETWARE_CLIB */

-      ThreadSwitchWithDelay();

-# endif

-   }

-   return 1;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_os2.c

+++ /dev/null

@@ -1,147 +1,0 @@

-/* crypto/rand/rand_os2.c */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include "rand_lcl.h"

-#ifdef OPENSSL_SYS_OS2

-#define INCL_DOSPROCESS

-#define INCL_DOSPROFILE

-#define INCL_DOSMISC

-#define INCL_DOSMODULEMGR

-#include <os2.h>

-#define   CMD_KI_RDCNT    (0x63)

-typedef struct _CPUUTIL {

-    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */

-    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */

-    ULONG ulIdleLow;            /* Low 32 bits of idle time       */

-    ULONG ulIdleHigh;           /* High 32 bits of idle time      */

-    ULONG ulBusyLow;            /* Low 32 bits of busy time       */

-    ULONG ulBusyHigh;           /* High 32 bits of busy time      */

-    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */

-    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */

-} CPUUTIL;

-APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;

-APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;

-HMODULE hDoscalls = 0;

-int RAND_poll(void)

-{

-    char failed_module[20];

-    QWORD qwTime;

-    ULONG SysVars[QSV_FOREGROUND_PROCESS];

-    if (hDoscalls == 0) {

-        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);

-        if (rc == 0) {

-            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);

-            if (rc)

-                DosPerfSysCall = NULL;

-            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);

-            if (rc)

-                DosQuerySysState = NULL;

-        }

-    }

-    /* Sample the hi-res timer, runs at around 1.1 MHz */

-    DosTmrQueryTime(&qwTime);

-    RAND_add(&qwTime, sizeof(qwTime), 2);

-    /* Sample a bunch of system variables, includes various process & memory statistics */

-    DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));

-    RAND_add(SysVars, sizeof(SysVars), 4);

-    /* If available, sample CPU registers that count at CPU MHz

-     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this

-     */

-    if (DosPerfSysCall) {

-        CPUUTIL util;

-        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {

-            RAND_add(&util, sizeof(util), 10);

-        }

-        else {

-            DosPerfSysCall = NULL;

-        }

-    }

-    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */

-    if (DosQuerySysState) {

-        char *buffer = OPENSSL_malloc(256 * 1024);

-        if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {

-            /* First 4 bytes in buffer is a pointer to the thread count

-             * there should be at least 1 byte of entropy per thread

-             */

-            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);

-        }

-        OPENSSL_free(buffer);

-        return 1;

-    }

-    return 0;

-}

-#endif /* OPENSSL_SYS_OS2 */

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_unix.c

+++ /dev/null

@@ -1,352 +1,0 @@

-/* crypto/rand/rand_unix.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#define USE_SOCKETS

-#include "e_os.h"

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include "rand_lcl.h"

-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(PLAN9))

-#include <sys/types.h>

-#include <sys/time.h>

-#include <sys/times.h>

-#include <sys/stat.h>

-#include <fcntl.h>

-#include <unistd.h>

-#include <time.h>

-#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */

-# include <poll.h>

-#endif

-#include <limits.h>

-#ifndef FD_SETSIZE

-# define FD_SETSIZE (8*sizeof(fd_set))

-#endif

-#ifdef __OpenBSD__

-int RAND_poll(void)

-{

-	u_int32_t rnd = 0, i;

-	unsigned char buf[ENTROPY_NEEDED];

-	for (i = 0; i < sizeof(buf); i++) {

-		if (i % 4 == 0)

-			rnd = arc4random();

-		buf[i] = rnd;

-		rnd >>= 8;

-	}

-	RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);

-	memset(buf, 0, sizeof(buf));

-	return 1;

-}

-#else /* !defined(__OpenBSD__) */

-int RAND_poll(void)

-{

-	unsigned long l;

-	pid_t curr_pid = getpid();

-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

-	unsigned char tmpbuf[ENTROPY_NEEDED];

-	int n = 0;

-#endif

-#ifdef DEVRANDOM

-	static const char *randomfiles[] = { DEVRANDOM };

-	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];

-	int fd;

-	size_t i;

-#endif

-#ifdef DEVRANDOM_EGD

-	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };

-	const char **egdsocket = NULL;

-#endif

-#ifdef DEVRANDOM

-	memset(randomstats,0,sizeof(randomstats));

-	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD

-	 * have this. Use /dev/urandom if you can as /dev/random may block

-	 * if it runs out of random entries.  */

-	for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)

-		{

-		if ((fd = open(randomfiles[i], O_RDONLY

-#ifdef O_NONBLOCK

-			|O_NONBLOCK

-#endif

-#ifdef O_BINARY

-			|O_BINARY

-#endif

-#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it

-		   our controlling tty */

-			|O_NOCTTY

-#endif

-			)) >= 0)

-			{

-			int usec = 10*1000; /* spend 10ms on each file */

-			int r;

-			size_t j;

-			struct stat *st=&randomstats[i];

-			/* Avoid using same input... Used to be O_NOFOLLOW

-			 * above, but it's not universally appropriate... */

-			if (fstat(fd,st) != 0)	{ close(fd); continue; }

-			for (j=0;j<i;j++)

-				{

-				if (randomstats[j].st_ino==st->st_ino &&

-				    randomstats[j].st_dev==st->st_dev)

-					break;

-				}

-			if (j<i)		{ close(fd); continue; }

-			do

-				{

-				int try_read = 0;

-#if defined(OPENSSL_SYS_LINUX)

-				/* use poll() */

-				struct pollfd pset;

-				pset.fd = fd;

-				pset.events = POLLIN;

-				pset.revents = 0;

-				if (poll(&pset, 1, usec / 1000) < 0)

-					usec = 0;

-				else

-					try_read = (pset.revents & POLLIN) != 0;

-#else

-				/* use select() */

-				fd_set fset;

-				struct timeval t;

-				t.tv_sec = 0;

-				t.tv_usec = usec;

-				if (FD_SETSIZE > 0 && fd >= FD_SETSIZE)

-					{

-					/* can't use select, so just try to read once anyway */

-					try_read = 1;

-					}

-				else

-					{

-					FD_ZERO(&fset);

-					FD_SET(fd, &fset);

-					if (select(fd+1,&fset,NULL,NULL,&t) >= 0)

-						{

-						usec = t.tv_usec;

-						if (FD_ISSET(fd, &fset))

-							try_read = 1;

-						}

-					else

-						usec = 0;

-					}

-#endif

-				if (try_read)

-					{

-					r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);

-					if (r > 0)

-						n += r;

-					}

-				else

-					r = -1;

-				/* Some Unixen will update t in select(), some

-				   won't.  For those who won't, or if we

-				   didn't use select() in the first place,

-				   give up here, otherwise, we will do

-				   this once again for the remaining

-				   time. */

-				if (usec == 10*1000)

-					usec = 0;

-				}

-			while ((r > 0 ||

-			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);

-			close(fd);

-			}

-		}

-#endif /* defined(DEVRANDOM) */

-#ifdef DEVRANDOM_EGD

-	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy

-	 * collecting daemon. */

-	for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)

-		{

-		int r;

-		r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,

-					 ENTROPY_NEEDED-n);

-		if (r > 0)

-			n += r;

-		}

-#endif /* defined(DEVRANDOM_EGD) */

-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

-	if (n > 0)

-		{

-		RAND_add(tmpbuf,sizeof tmpbuf,(double)n);

-		OPENSSL_cleanse(tmpbuf,n);

-		}

-#endif

-	/* put in some default random data, we need more than just this */

-	l=curr_pid;

-	RAND_add(&l,sizeof(l),0.0);

-	l=getuid();

-	RAND_add(&l,sizeof(l),0.0);

-	l=time(NULL);

-	RAND_add(&l,sizeof(l),0.0);

-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)

-	return 1;

-#else

-	return 0;

-#endif

-}

-#endif /* defined(__OpenBSD__) */

-#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */

-#if defined(OPENSSL_SYS_VXWORKS)

-int RAND_poll(void)

-	{

-	return 0;

-	}

-#endif

-#if defined(PLAN9)

-#include <fcntl.h>

-int RAND_poll(void)

-{

-	unsigned char buf[ENTROPY_NEEDED];

-	int fd;

-	if((fd=open("/dev/random", O_RDONLY)) < 0){

-		fprintf(stderr, "can't open /dev/random\n");

-Err:

-		return 0;

-	}

-	if(read(fd, buf, sizeof(buf)) != sizeof(buf)){

-		fprintf(stderr, "can't read /dev/random\n");

-		goto Err;

-	}

-	RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);

-	memset(buf, 0, sizeof(buf));

-	return 1;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_vms.c

+++ /dev/null

@@ -1,136 +1,0 @@

-/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte <[email protected]> for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/rand.h>

-#include "rand_lcl.h"

-#if defined(OPENSSL_SYS_VMS)

-#include <descrip.h>

-#include <jpidef.h>

-#include <ssdef.h>

-#include <starlet.h>

-#ifdef __DECC

-# pragma message disable DOLLARID

-#endif

-static struct items_data_st

-	{

-	short length, code;	/* length is amount of bytes */

-	} items_data[] =

-		{ { 4, JPI$_BUFIO },

-		  { 4, JPI$_CPUTIM },

-		  { 4, JPI$_DIRIO },

-		  { 8, JPI$_LOGINTIM },

-		  { 4, JPI$_PAGEFLTS },

-		  { 4, JPI$_PID },

-		  { 4, JPI$_WSSIZE },

-		  { 0, 0 }

-		};

-int RAND_poll(void)

-	{

-	long pid, iosb[2];

-	int status = 0;

-	struct

-		{

-		short length, code;

-		long *buffer;

-		int *retlen;

-		} item[32], *pitem;

-	unsigned char data_buffer[256];

-	short total_length = 0;

-	struct items_data_st *pitems_data;

-	pitems_data = items_data;

-	pitem = item;

-	/* Setup */

-	while (pitems_data->length

-		&& (total_length + pitems_data->length <= 256))

-		{

-		pitem->length = pitems_data->length;

-		pitem->code = pitems_data->code;

-		pitem->buffer = (long *)&data_buffer[total_length];

-		pitem->retlen = 0;

-		total_length += pitems_data->length;

-		pitems_data++;

-		pitem++;

-		}

-	pitem->length = pitem->code = 0;

-	/*

-	 * Scan through all the processes in the system and add entropy with

-	 * results from the processes that were possible to look at.

-	 * However, view the information as only half trustable.

-	 */

-	pid = -1;			/* search context */

-	while ((status = sys$getjpiw(0, &pid,  0, item, iosb, 0, 0))

-		!= SS$_NOMOREPROC)

-		{

-		if (status == SS$_NORMAL)

-			{

-			RAND_add(data_buffer, total_length, total_length/2);

-			}

-		}

-	sys$gettim(iosb);

-	RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);

-	return 1;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/rand_win.c

+++ /dev/null

@@ -1,758 +1,0 @@

-/* crypto/rand/rand_win.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/rand.h>

-#include "rand_lcl.h"

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)

-#include <windows.h>

-#ifndef _WIN32_WINNT

-# define _WIN32_WINNT 0x0400

-#endif

-#include <wincrypt.h>

-#include <tlhelp32.h>

-/* Limit the time spent walking through the heap, processes, threads and modules to

-   a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */

-#define MAXDELAY 1000

-/* Intel hardware RNG CSP -- available from

- * http://developer.intel.com/design/security/rng/redist_license.htm

- */

-#define PROV_INTEL_SEC 22

-#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"

-static void readtimer(void);

-static void readscreen(void);

-/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined

-   when WINVER is 0x0500 and up, which currently only happens on Win2000.

-   Unfortunately, those are typedefs, so they're a little bit difficult to

-   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined

-   within the same conditional, so it can be use to detect the absence of said

-   typedefs. */

-#ifndef CURSOR_SHOWING

-/*

- * Information about the global cursor.

- */

-typedef struct tagCURSORINFO

-{

-    DWORD   cbSize;

-    DWORD   flags;

-    HCURSOR hCursor;

-    POINT   ptScreenPos;

-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;

-#define CURSOR_SHOWING     0x00000001

-#endif /* CURSOR_SHOWING */

-#if !defined(OPENSSL_SYS_WINCE)

-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,

-				    DWORD, DWORD);

-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);

-typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);

-typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);

-typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);

-typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);

-typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);

-typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);

-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);

-typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);

-typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);

-typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);

-typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);

-typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);

-#include <lmcons.h>

-#include <lmstats.h>

-#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE

-       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was

-       * was added to the Platform SDK to allow the NET API to be used in

-       * non-Unicode applications provided that Unicode strings were still

-       * used for input.  LMSTR is defined as LPWSTR.

-       */

-typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)

-        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);

-typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);

-#endif /* 1 */

-#endif /* !OPENSSL_SYS_WINCE */

-int RAND_poll(void)

-{

-	MEMORYSTATUS m;

-	HCRYPTPROV hProvider = 0;

-	DWORD w;

-	int good = 0;

-	/* Determine the OS version we are on so we can turn off things

-	 * that do not work properly.

-	 */

-        OSVERSIONINFO osverinfo ;

-        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;

-        GetVersionEx( &osverinfo ) ;

-#if defined(OPENSSL_SYS_WINCE)

-# if defined(_WIN32_WCE) && _WIN32_WCE>=300

-/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available

- * in commonly available implementations prior 300... */

-	{

-	BYTE buf[64];

-	/* poll the CryptoAPI PRNG */

-	/* The CryptoAPI returns sizeof(buf) bytes of randomness */

-	if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,

-				CRYPT_VERIFYCONTEXT))

-		{

-		if (CryptGenRandom(hProvider, sizeof(buf), buf))

-			RAND_add(buf, sizeof(buf), sizeof(buf));

-		CryptReleaseContext(hProvider, 0);

-		}

-	}

-# endif

-#else	/* OPENSSL_SYS_WINCE */

-	/*

-	 * None of below libraries are present on Windows CE, which is

-	 * why we #ifndef the whole section. This also excuses us from

-	 * handling the GetProcAddress issue. The trouble is that in

-	 * real Win32 API GetProcAddress is available in ANSI flavor

-	 * only. In WinCE on the other hand GetProcAddress is a macro

-	 * most commonly defined as GetProcAddressW, which accepts

-	 * Unicode argument. If we were to call GetProcAddress under

-	 * WinCE, I'd recommend to either redefine GetProcAddress as

-	 * GetProcAddressA (there seem to be one in common CE spec) or

-	 * implement own shim routine, which would accept ANSI argument

-	 * and expand it to Unicode.

-	 */

-	{

-	/* load functions dynamically - not available on all systems */

-	HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));

-	HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));

-	HMODULE user = NULL;

-	HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));

-	CRYPTACQUIRECONTEXTW acquire = NULL;

-	CRYPTGENRANDOM gen = NULL;

-	CRYPTRELEASECONTEXT release = NULL;

-	NETSTATGET netstatget = NULL;

-	NETFREE netfree = NULL;

-	BYTE buf[64];

-	if (netapi)

-		{

-		netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");

-		netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");

-		}

-	if (netstatget && netfree)

-		{

-		LPBYTE outbuf;

-		/* NetStatisticsGet() is a Unicode only function

- 		 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0

-		 * contains 17 fields.  We treat each field as a source of

-		 * one byte of entropy.

-                 */

-		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)

-			{

-			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);

-			netfree(outbuf);

-			}

-		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)

-			{

-			RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);

-			netfree(outbuf);

-			}

-		}

-	if (netapi)

-		FreeLibrary(netapi);

-        /* It appears like this can cause an exception deep within ADVAPI32.DLL

-         * at random times on Windows 2000.  Reported by Jeffrey Altman.

-         * Only use it on NT.

-	 */

-	/* Wolfgang Marczy <[email protected]> reports that

-	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).

-	 * So we don't use this at all for now. */

-#if 0

-        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&

-		osverinfo.dwMajorVersion < 5)

-		{

-		/* Read Performance Statistics from NT/2000 registry

-		 * The size of the performance data can vary from call

-		 * to call so we must guess the size of the buffer to use

-		 * and increase its size if we get an ERROR_MORE_DATA

-		 * return instead of ERROR_SUCCESS.

-		 */

-		LONG   rc=ERROR_MORE_DATA;

-		char * buf=NULL;

-		DWORD bufsz=0;

-		DWORD length;

-		while (rc == ERROR_MORE_DATA)

-			{

-			buf = realloc(buf,bufsz+8192);

-			if (!buf)

-				break;

-			bufsz += 8192;

-			length = bufsz;

-			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),

-				NULL, NULL, buf, &length);

-			}

-		if (rc == ERROR_SUCCESS)

-			{

-                        /* For entropy count assume only least significant

-			 * byte of each DWORD is random.

-			 */

-			RAND_add(&length, sizeof(length), 0);

-			RAND_add(buf, length, length / 4.0);

-			/* Close the Registry Key to allow Windows to cleanup/close

-			 * the open handle

-			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened

-			 *       when the RegQueryValueEx above is done.  However, if

-			 *       it is not explicitly closed, it can cause disk

-			 *       partition manipulation problems.

-			 */

-			RegCloseKey(HKEY_PERFORMANCE_DATA);

-			}

-		if (buf)

-			free(buf);

-		}

-#endif

-	if (advapi)

-		{

-		/*

-		 * If it's available, then it's available in both ANSI

-		 * and UNICODE flavors even in Win9x, documentation says.

-		 * We favor Unicode...

-		 */

-		acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,

-			"CryptAcquireContextW");

-		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,

-			"CryptGenRandom");

-		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,

-			"CryptReleaseContext");

-		}

-	if (acquire && gen && release)

-		{

-		/* poll the CryptoAPI PRNG */

-                /* The CryptoAPI returns sizeof(buf) bytes of randomness */

-		if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,

-			CRYPT_VERIFYCONTEXT))

-			{

-			if (gen(hProvider, sizeof(buf), buf) != 0)

-				{

-				RAND_add(buf, sizeof(buf), 0);

-				good = 1;

-#if 0

-				printf("randomness from PROV_RSA_FULL\n");

-#endif

-				}

-			release(hProvider, 0);

-			}

-		/* poll the Pentium PRG with CryptoAPI */

-		if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))

-			{

-			if (gen(hProvider, sizeof(buf), buf) != 0)

-				{

-				RAND_add(buf, sizeof(buf), sizeof(buf));

-				good = 1;

-#if 0

-				printf("randomness from PROV_INTEL_SEC\n");

-#endif

-				}

-			release(hProvider, 0);

-			}

-		}

-        if (advapi)

-		FreeLibrary(advapi);

-	if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||

-	     !OPENSSL_isservice()) &&

-	    (user = LoadLibrary(TEXT("USER32.DLL"))))

-		{

-		GETCURSORINFO cursor;

-		GETFOREGROUNDWINDOW win;

-		GETQUEUESTATUS queue;

-		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");

-		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");

-		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");

-		if (win)

-			{

-			/* window handle */

-			HWND h = win();

-			RAND_add(&h, sizeof(h), 0);

-			}

-		if (cursor)

-			{

-			/* unfortunately, its not safe to call GetCursorInfo()

-			 * on NT4 even though it exists in SP3 (or SP6) and

-			 * higher.

-			 */

-			if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&

-				osverinfo.dwMajorVersion < 5)

-				cursor = 0;

-			}

-		if (cursor)

-			{

-			/* cursor position */

-                        /* assume 2 bytes of entropy */

-			CURSORINFO ci;

-			ci.cbSize = sizeof(CURSORINFO);

-			if (cursor(&ci))

-				RAND_add(&ci, ci.cbSize, 2);

-			}

-		if (queue)

-			{

-			/* message queue status */

-                        /* assume 1 byte of entropy */

-			w = queue(QS_ALLEVENTS);

-			RAND_add(&w, sizeof(w), 1);

-			}

-		FreeLibrary(user);

-		}

-	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap

-	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm

-	 * (Win 9x and 2000 only, not available on NT)

-	 *

-	 * This seeding method was proposed in Peter Gutmann, Software

-	 * Generation of Practically Strong Random Numbers,

-	 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html

-	 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf

-	 * (The assignment of entropy estimates below is arbitrary, but based

-	 * on Peter's analysis the full poll appears to be safe. Additional

-	 * interactive seeding is encouraged.)

-	 */

-	if (kernel)

-		{

-		CREATETOOLHELP32SNAPSHOT snap;

-		CLOSETOOLHELP32SNAPSHOT close_snap;

-		HANDLE handle;

-		HEAP32FIRST heap_first;

-		HEAP32NEXT heap_next;

-		HEAP32LIST heaplist_first, heaplist_next;

-		PROCESS32 process_first, process_next;

-		THREAD32 thread_first, thread_next;

-		MODULE32 module_first, module_next;

-		HEAPLIST32 hlist;

-		HEAPENTRY32 hentry;

-		PROCESSENTRY32 p;

-		THREADENTRY32 t;

-		MODULEENTRY32 m;

-		DWORD stoptime = 0;

-		snap = (CREATETOOLHELP32SNAPSHOT)

-			GetProcAddress(kernel, "CreateToolhelp32Snapshot");

-		close_snap = (CLOSETOOLHELP32SNAPSHOT)

-			GetProcAddress(kernel, "CloseToolhelp32Snapshot");

-		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");

-		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");

-		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");

-		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");

-		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");

-		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");

-		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");

-		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");

-		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");

-		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");

-		if (snap && heap_first && heap_next && heaplist_first &&

-			heaplist_next && process_first && process_next &&

-			thread_first && thread_next && module_first &&

-			module_next && (handle = snap(TH32CS_SNAPALL,0))

-			!= INVALID_HANDLE_VALUE)

-			{

-			/* heap list and heap walking */

-                        /* HEAPLIST32 contains 3 fields that will change with

-                         * each entry.  Consider each field a source of 1 byte

-                         * of entropy.

-                         * HEAPENTRY32 contains 5 fields that will change with

-                         * each entry.  Consider each field a source of 1 byte

-                         * of entropy.

-                         */

-			hlist.dwSize = sizeof(HEAPLIST32);

-			if (good) stoptime = GetTickCount() + MAXDELAY;

-			if (heaplist_first(handle, &hlist))

-				do

-					{

-					RAND_add(&hlist, hlist.dwSize, 3);

-					hentry.dwSize = sizeof(HEAPENTRY32);

-					if (heap_first(&hentry,

-						hlist.th32ProcessID,

-						hlist.th32HeapID))

-						{

-						int entrycnt = 80;

-						do

-							RAND_add(&hentry,

-								hentry.dwSize, 5);

-						while (heap_next(&hentry)

-							&& --entrycnt > 0);

-						}

-					} while (heaplist_next(handle,

-						&hlist) && GetTickCount() < stoptime);

-			/* process walking */

-                        /* PROCESSENTRY32 contains 9 fields that will change

-                         * with each entry.  Consider each field a source of

-                         * 1 byte of entropy.

-                         */

-			p.dwSize = sizeof(PROCESSENTRY32);

-			if (good) stoptime = GetTickCount() + MAXDELAY;

-			if (process_first(handle, &p))

-				do

-					RAND_add(&p, p.dwSize, 9);

-				while (process_next(handle, &p) && GetTickCount() < stoptime);

-			/* thread walking */

-                        /* THREADENTRY32 contains 6 fields that will change

-                         * with each entry.  Consider each field a source of

-                         * 1 byte of entropy.

-                         */

-			t.dwSize = sizeof(THREADENTRY32);

-			if (good) stoptime = GetTickCount() + MAXDELAY;

-			if (thread_first(handle, &t))

-				do

-					RAND_add(&t, t.dwSize, 6);

-				while (thread_next(handle, &t) && GetTickCount() < stoptime);

-			/* module walking */

-                        /* MODULEENTRY32 contains 9 fields that will change

-                         * with each entry.  Consider each field a source of

-                         * 1 byte of entropy.

-                         */

-			m.dwSize = sizeof(MODULEENTRY32);

-			if (good) stoptime = GetTickCount() + MAXDELAY;

-			if (module_first(handle, &m))

-				do

-					RAND_add(&m, m.dwSize, 9);

-				while (module_next(handle, &m)

-					       	&& (GetTickCount() < stoptime));

-			if (close_snap)

-				close_snap(handle);

-			else

-				CloseHandle(handle);

-			}

-		FreeLibrary(kernel);

-		}

-	}

-#endif /* !OPENSSL_SYS_WINCE */

-	/* timer data */

-	readtimer();

-	/* memory usage statistics */

-	GlobalMemoryStatus(&m);

-	RAND_add(&m, sizeof(m), 1);

-	/* process ID */

-	w = GetCurrentProcessId();

-	RAND_add(&w, sizeof(w), 1);

-#if 0

-	printf("Exiting RAND_poll\n");

-#endif

-	return(1);

-}

-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)

-        {

-        double add_entropy=0;

-        switch (iMsg)

-                {

-        case WM_KEYDOWN:

-                        {

-                        static WPARAM key;

-                        if (key != wParam)

-                                add_entropy = 0.05;

-                        key = wParam;

-                        }

-                        break;

-	case WM_MOUSEMOVE:

-                        {

-                        static int lastx,lasty,lastdx,lastdy;

-                        int x,y,dx,dy;

-                        x=LOWORD(lParam);

-                        y=HIWORD(lParam);

-                        dx=lastx-x;

-                        dy=lasty-y;

-                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)

-                                add_entropy=.2;

-                        lastx=x, lasty=y;

-                        lastdx=dx, lastdy=dy;

-                        }

-		break;

-		}

-	readtimer();

-        RAND_add(&iMsg, sizeof(iMsg), add_entropy);

-	RAND_add(&wParam, sizeof(wParam), 0);

-	RAND_add(&lParam, sizeof(lParam), 0);

-	return (RAND_status());

-	}

-void RAND_screen(void) /* function available for backward compatibility */

-{

-	RAND_poll();

-	readscreen();

-}

-/* feed timing information to the PRNG */

-static void readtimer(void)

-{

-	DWORD w;

-	LARGE_INTEGER l;

-	static int have_perfc = 1;

-#if defined(_MSC_VER) && defined(_M_X86)

-	static int have_tsc = 1;

-	DWORD cyclecount;

-	if (have_tsc) {

-	  __try {

-	    __asm {

-	      _emit 0x0f

-	      _emit 0x31

-	      mov cyclecount, eax

-	      }

-	    RAND_add(&cyclecount, sizeof(cyclecount), 1);

-	  } __except(EXCEPTION_EXECUTE_HANDLER) {

-	    have_tsc = 0;

-	  }

-	}

-#else

-# define have_tsc 0

-#endif

-	if (have_perfc) {

-	  if (QueryPerformanceCounter(&l) == 0)

-	    have_perfc = 0;

-	  else

-	    RAND_add(&l, sizeof(l), 0);

-	}

-	if (!have_tsc && !have_perfc) {

-	  w = GetTickCount();

-	  RAND_add(&w, sizeof(w), 0);

-	}

-}

-/* feed screen contents to PRNG */

-/*****************************************************************************

- *

- * Created 960901 by Gertjan van Oosten, [email protected], West Consulting B.V.

- *

- * Code adapted from

- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;

- * the original copyright message is:

- *

- *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.

- *

- *   You have a royalty-free right to use, modify, reproduce and

- *   distribute the Sample Files (and/or any modified version) in

- *   any way you find useful, provided that you agree that

- *   Microsoft has no warranty obligations or liability for any

- *   Sample Application Files which are modified.

- */

-static void readscreen(void)

-{

-#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)

-  HDC		hScrDC;		/* screen DC */

-  HDC		hMemDC;		/* memory DC */

-  HBITMAP	hBitmap;	/* handle for our bitmap */

-  HBITMAP	hOldBitmap;	/* handle for previous bitmap */

-  BITMAP	bm;		/* bitmap properties */

-  unsigned int	size;		/* size of bitmap */

-  char		*bmbits;	/* contents of bitmap */

-  int		w;		/* screen width */

-  int		h;		/* screen height */

-  int		y;		/* y-coordinate of screen lines to grab */

-  int		n = 16;		/* number of screen lines to grab at a time */

-  if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())

-    return;

-  /* Create a screen DC and a memory DC compatible to screen DC */

-  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);

-  hMemDC = CreateCompatibleDC(hScrDC);

-  /* Get screen resolution */

-  w = GetDeviceCaps(hScrDC, HORZRES);

-  h = GetDeviceCaps(hScrDC, VERTRES);

-  /* Create a bitmap compatible with the screen DC */

-  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);

-  /* Select new bitmap into memory DC */

-  hOldBitmap = SelectObject(hMemDC, hBitmap);

-  /* Get bitmap properties */

-  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);

-  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;

-  bmbits = OPENSSL_malloc(size);

-  if (bmbits) {

-    /* Now go through the whole screen, repeatedly grabbing n lines */

-    for (y = 0; y < h-n; y += n)

-    	{

-	unsigned char md[MD_DIGEST_LENGTH];

-	/* Bitblt screen DC to memory DC */

-	BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);

-	/* Copy bitmap bits from memory DC to bmbits */

-	GetBitmapBits(hBitmap, size, bmbits);

-	/* Get the hash of the bitmap */

-	MD(bmbits,size,md);

-	/* Seed the random generator with the hash value */

-	RAND_add(md, MD_DIGEST_LENGTH, 0);

-	}

-    OPENSSL_free(bmbits);

-  }

-  /* Select old bitmap back into memory DC */

-  hBitmap = SelectObject(hMemDC, hOldBitmap);

-  /* Clean up */

-  DeleteObject(hBitmap);

-  DeleteDC(hMemDC);

-  DeleteDC(hScrDC);

-#endif /* !OPENSSL_SYS_WINCE */

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rand/randfile.c

+++ /dev/null

@@ -1,283 +1,0 @@

-/* crypto/rand/randfile.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* We need to define this to get macros like S_IFBLK and S_IFCHR */

-#define _XOPEN_SOURCE 500

-#include <errno.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "e_os.h"

-#include <openssl/crypto.h>

-#include <openssl/rand.h>

-#include <openssl/buffer.h>

-#ifdef OPENSSL_SYS_VMS

-#include <unixio.h>

-#endif

-#ifndef NO_SYS_TYPES_H

-# include <sys/types.h>

-#endif

-#ifdef MAC_OS_pre_X

-# include <stat.h>

-#else

-# include <sys/stat.h>

-#endif

-#undef BUFSIZE

-#define BUFSIZE	1024

-#define RAND_DATA 1024

-/* #define RFILE ".rnd" - defined in ../../e_os.h */

-/* Note that these functions are intended for seed files only.

- * Entropy devices and EGD sockets are handled in rand_unix.c */

-int RAND_load_file(const char *file, long bytes)

-	{

-	/* If bytes >= 0, read up to 'bytes' bytes.

-	 * if bytes == -1, read complete file. */

-	MS_STATIC unsigned char buf[BUFSIZE];

-	struct stat sb;

-	int i,ret=0,n;

-	FILE *in;

-	if (file == NULL) return(0);

-	if (stat(file,&sb) < 0) return(0);

-	RAND_add(&sb,sizeof(sb),0.0);

-	if (bytes == 0) return(ret);

-	in=fopen(file,"rb");

-	if (in == NULL) goto err;

-#if defined(S_IFBLK) && defined(S_IFCHR)

-	if (sb.st_mode & (S_IFBLK | S_IFCHR)) {

-	  /* this file is a device. we don't want read an infinite number

-	   * of bytes from a random device, nor do we want to use buffered

-	   * I/O because we will waste system entropy.

-	   */

-	  bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */

-	  setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */

-	}

-#endif

-	for (;;)

-		{

-		if (bytes > 0)

-			n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;

-		else

-			n = BUFSIZE;

-		i=fread(buf,1,n,in);

-		if (i <= 0) break;

-		/* even if n != i, use the full array */

-		RAND_add(buf,n,(double)i);

-		ret+=i;

-		if (bytes > 0)

-			{

-			bytes-=n;

-			if (bytes <= 0) break;

-			}

-		}

-	fclose(in);

-	OPENSSL_cleanse(buf,BUFSIZE);

-err:

-	return(ret);

-	}

-int RAND_write_file(const char *file)

-	{

-	unsigned char buf[BUFSIZE];

-	int i,ret=0,rand_err=0;

-	FILE *out = NULL;

-	int n;

-	struct stat sb;

-	i=stat(file,&sb);

-	if (i != -1) {

-#if defined(S_IFBLK) && defined(S_IFCHR)

-	  if (sb.st_mode & (S_IFBLK | S_IFCHR)) {

-	    /* this file is a device. we don't write back to it.

-	     * we "succeed" on the assumption this is some sort

-	     * of random device. Otherwise attempting to write to

-	     * and chmod the device causes problems.

-	     */

-	    return(1);

-	  }

-#endif

-	}

-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)

-	{

-	/* For some reason Win32 can't write to files created this way */

-	/* chmod(..., 0600) is too late to protect the file,

-	 * permissions should be restrictive from the start */

-	int fd = open(file, O_CREAT, 0600);

-	if (fd != -1)

-		out = fdopen(fd, "wb");

-	}

-#endif

-	if (out == NULL)

-		out = fopen(file,"wb");

-	if (out == NULL) goto err;

-#ifndef NO_CHMOD

-	chmod(file,0600);

-#endif

-	n=RAND_DATA;

-	for (;;)

-		{

-		i=(n > BUFSIZE)?BUFSIZE:n;

-		n-=BUFSIZE;

-		if (RAND_bytes(buf,i) <= 0)

-			rand_err=1;

-		i=fwrite(buf,1,i,out);

-		if (i <= 0)

-			{

-			ret=0;

-			break;

-			}

-		ret+=i;

-		if (n <= 0) break;

-                }

-#ifdef OPENSSL_SYS_VMS

-	/* Try to delete older versions of the file, until there aren't

-	   any */

-	{

-	char *tmpf;

-	tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */

-	if (tmpf)

-		{

-		strcpy(tmpf, file);

-		strcat(tmpf, ";-1");

-		while(delete(tmpf) == 0)

-			;

-		rename(file,";1"); /* Make sure it's version 1, or we

-				      will reach the limit (32767) at

-				      some point... */

-		}

-	}

-#endif /* OPENSSL_SYS_VMS */

-	fclose(out);

-	OPENSSL_cleanse(buf,BUFSIZE);

-err:

-	return (rand_err ? -1 : ret);

-	}

-const char *RAND_file_name(char *buf, size_t size)

-	{

-	char *s=NULL;

-	int ok = 0;

-#ifdef __OpenBSD__

-	struct stat sb;

-#endif

-	if (OPENSSL_issetugid() == 0)

-		s=getenv("RANDFILE");

-	if (s != NULL && *s && strlen(s) + 1 < size)

-		{

-		if (BUF_strlcpy(buf,s,size) >= size)

-			return NULL;

-		}

-	else

-		{

-		if (OPENSSL_issetugid() == 0)

-			s=getenv("HOME");

-#ifdef DEFAULT_HOME

-		if (s == NULL)

-			{

-			s = DEFAULT_HOME;

-			}

-#endif

-		if (s && *s && strlen(s)+strlen(RFILE)+2 < size)

-			{

-			BUF_strlcpy(buf,s,size);

-#ifndef OPENSSL_SYS_VMS

-			BUF_strlcat(buf,"/",size);

-#endif

-			BUF_strlcat(buf,RFILE,size);

-			ok = 1;

-			}

-		else

-		  	buf[0] = '\0'; /* no file name */

-		}

-#ifdef __OpenBSD__

-	/* given that all random loads just fail if the file can't be

-	 * seen on a stat, we stat the file we're returning, if it

-	 * fails, use /dev/arandom instead. this allows the user to

-	 * use their own source for good random data, but defaults

-	 * to something hopefully decent if that isn't available.

-	 */

-	if (!ok)

-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {

-			return(NULL);

-		}

-	if (stat(buf,&sb) == -1)

-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {

-			return(NULL);

-		}

-#endif

-	return(buf);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rand/randtest.c

+++ /dev/null

@@ -1,219 +1,0 @@

-/* crypto/rand/randtest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/rand.h>

-#include "../e_os.h"

-/* some FIPS 140-1 random number test */

-/* some simple tests */

-int main(int argc,char **argv)

-	{

-	unsigned char buf[2500];

-	int i,j,k,s,sign,nsign,err=0;

-	unsigned long n1;

-	unsigned long n2[16];

-	unsigned long runs[2][34];

-	/*double d; */

-	long d;

-	i = RAND_pseudo_bytes(buf,2500);

-	if (i < 0)

-		{

-		printf ("init failed, the rand method is not properly installed\n");

-		err++;

-		goto err;

-		}

-	n1=0;

-	for (i=0; i<16; i++) n2[i]=0;

-	for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;

-	/* test 1 and 2 */

-	sign=0;

-	nsign=0;

-	for (i=0; i<2500; i++)

-		{

-		j=buf[i];

-		n2[j&0x0f]++;

-		n2[(j>>4)&0x0f]++;

-		for (k=0; k<8; k++)

-			{

-			s=(j&0x01);

-			if (s == sign)

-				nsign++;

-			else

-				{

-				if (nsign > 34) nsign=34;

-				if (nsign != 0)

-					{

-					runs[sign][nsign-1]++;

-					if (nsign > 6)

-						runs[sign][5]++;

-					}

-				sign=s;

-				nsign=1;

-				}

-			if (s) n1++;

-			j>>=1;

-			}

-		}

-		if (nsign > 34) nsign=34;

-		if (nsign != 0) runs[sign][nsign-1]++;

-	/* test 1 */

-	if (!((9654 < n1) && (n1 < 10346)))

-		{

-		printf("test 1 failed, X=%lu\n",n1);

-		err++;

-		}

-	printf("test 1 done\n");

-	/* test 2 */

-#ifdef undef

-	d=0;

-	for (i=0; i<16; i++)

-		d+=n2[i]*n2[i];

-	d=d*16.0/5000.0-5000.0;

-	if (!((1.03 < d) && (d < 57.4)))

-		{

-		printf("test 2 failed, X=%.2f\n",d);

-		err++;

-		}

-#endif

-	d=0;

-	for (i=0; i<16; i++)

-		d+=n2[i]*n2[i];

-	d=(d*8)/25-500000;

-	if (!((103 < d) && (d < 5740)))

-		{

-		printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);

-		err++;

-		}

-	printf("test 2 done\n");

-	/* test 3 */

-	for (i=0; i<2; i++)

-		{

-		if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))

-			{

-			printf("test 3 failed, bit=%d run=%d num=%lu\n",

-				i,1,runs[i][0]);

-			err++;

-			}

-		if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))

-			{

-			printf("test 3 failed, bit=%d run=%d num=%lu\n",

-				i,2,runs[i][1]);

-			err++;

-			}

-		if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))

-			{

-			printf("test 3 failed, bit=%d run=%d num=%lu\n",

-				i,3,runs[i][2]);

-			err++;

-			}

-		if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))

-			{

-			printf("test 3 failed, bit=%d run=%d num=%lu\n",

-				i,4,runs[i][3]);

-			err++;

-			}

-		if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))

-			{

-			printf("test 3 failed, bit=%d run=%d num=%lu\n",

-				i,5,runs[i][4]);

-			err++;

-			}

-		if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))

-			{

-			printf("test 3 failed, bit=%d run=%d num=%lu\n",

-				i,6,runs[i][5]);

-			err++;

-			}

-		}

-	printf("test 3 done\n");

-	/* test 4 */

-	if (runs[0][33] != 0)

-		{

-		printf("test 4 failed, bit=%d run=%d num=%lu\n",

-			0,34,runs[0][33]);

-		err++;

-		}

-	if (runs[1][33] != 0)

-		{

-		printf("test 4 failed, bit=%d run=%d num=%lu\n",

-			1,34,runs[1][33]);

-		err++;

-		}

-	printf("test 4 done\n");

- err:

-	err=((err)?1:0);

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	return(err);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/Makefile

+++ /dev/null

@@ -1,86 +1,0 @@

-#

-# OpenSSL/crypto/rc2/Makefile

-#

-DIR=	rc2

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=rc2test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c

-LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o

-SRC= $(LIBSRC)

-EXHEADER= rc2.h

-HEADER=	rc2_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h

-rc2_cbc.o: rc2_cbc.c rc2_locl.h

-rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h

-rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h

-rc2_skey.o: rc2_locl.h rc2_skey.c

-rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h

-rc2cfb64.o: rc2_locl.h rc2cfb64.c

-rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h

-rc2ofb64.o: rc2_locl.h rc2ofb64.c

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2.h

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/rc2/rc2.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RC2_H

-#define HEADER_RC2_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */

-#ifdef OPENSSL_NO_RC2

-#error RC2 is disabled.

-#endif

-#define RC2_ENCRYPT	1

-#define RC2_DECRYPT	0

-#define RC2_BLOCK	8

-#define RC2_KEY_LENGTH	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct rc2_key_st

-	{

-	RC2_INT data[64];

-	} RC2_KEY;

-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);

-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,

-		     int enc);

-void RC2_encrypt(unsigned long *data,RC2_KEY *key);

-void RC2_decrypt(unsigned long *data,RC2_KEY *key);

-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	RC2_KEY *ks, unsigned char *iv, int enc);

-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, RC2_KEY *schedule, unsigned char *ivec,

-		       int *num, int enc);

-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, RC2_KEY *schedule, unsigned char *ivec,

-		       int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2_cbc.c

+++ /dev/null

@@ -1,226 +1,0 @@

-/* crypto/rc2/rc2_cbc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc2.h>

-#include "rc2_locl.h"

-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,

-	     RC2_KEY *ks, unsigned char *iv, int encrypt)

-	{

-	register unsigned long tin0,tin1;

-	register unsigned long tout0,tout1,xor0,xor1;

-	register long l=length;

-	unsigned long tin[2];

-	if (encrypt)

-		{

-		c2l(iv,tout0);

-		c2l(iv,tout1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			RC2_encrypt(tin,ks);

-			tout0=tin[0]; l2c(tout0,out);

-			tout1=tin[1]; l2c(tout1,out);

-			}

-		if (l != -8)

-			{

-			c2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			RC2_encrypt(tin,ks);

-			tout0=tin[0]; l2c(tout0,out);

-			tout1=tin[1]; l2c(tout1,out);

-			}

-		l2c(tout0,iv);

-		l2c(tout1,iv);

-		}

-	else

-		{

-		c2l(iv,xor0);

-		c2l(iv,xor1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0); tin[0]=tin0;

-			c2l(in,tin1); tin[1]=tin1;

-			RC2_decrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2c(tout0,out);

-			l2c(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			c2l(in,tin0); tin[0]=tin0;

-			c2l(in,tin1); tin[1]=tin1;

-			RC2_decrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2cn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		l2c(xor0,iv);

-		l2c(xor1,iv);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

-void RC2_encrypt(unsigned long *d, RC2_KEY *key)

-	{

-	int i,n;

-	register RC2_INT *p0,*p1;

-	register RC2_INT x0,x1,x2,x3,t;

-	unsigned long l;

-	l=d[0];

-	x0=(RC2_INT)l&0xffff;

-	x1=(RC2_INT)(l>>16L);

-	l=d[1];

-	x2=(RC2_INT)l&0xffff;

-	x3=(RC2_INT)(l>>16L);

-	n=3;

-	i=5;

-	p0=p1= &(key->data[0]);

-	for (;;)

-		{

-		t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;

-		x0=(t<<1)|(t>>15);

-		t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;

-		x1=(t<<2)|(t>>14);

-		t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;

-		x2=(t<<3)|(t>>13);

-		t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;

-		x3=(t<<5)|(t>>11);

-		if (--i == 0)

-			{

-			if (--n == 0) break;

-			i=(n == 2)?6:5;

-			x0+=p1[x3&0x3f];

-			x1+=p1[x0&0x3f];

-			x2+=p1[x1&0x3f];

-			x3+=p1[x2&0x3f];

-			}

-		}

-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);

-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);

-	}

-void RC2_decrypt(unsigned long *d, RC2_KEY *key)

-	{

-	int i,n;

-	register RC2_INT *p0,*p1;

-	register RC2_INT x0,x1,x2,x3,t;

-	unsigned long l;

-	l=d[0];

-	x0=(RC2_INT)l&0xffff;

-	x1=(RC2_INT)(l>>16L);

-	l=d[1];

-	x2=(RC2_INT)l&0xffff;

-	x3=(RC2_INT)(l>>16L);

-	n=3;

-	i=5;

-	p0= &(key->data[63]);

-	p1= &(key->data[0]);

-	for (;;)

-		{

-		t=((x3<<11)|(x3>>5))&0xffff;

-		x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;

-		t=((x2<<13)|(x2>>3))&0xffff;

-		x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;

-		t=((x1<<14)|(x1>>2))&0xffff;

-		x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;

-		t=((x0<<15)|(x0>>1))&0xffff;

-		x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;

-		if (--i == 0)

-			{

-			if (--n == 0) break;

-			i=(n == 2)?6:5;

-			x3=(x3-p1[x2&0x3f])&0xffff;

-			x2=(x2-p1[x1&0x3f])&0xffff;

-			x1=(x1-p1[x0&0x3f])&0xffff;

-			x0=(x0-p1[x3&0x3f])&0xffff;

-			}

-		}

-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);

-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2_ecb.c

+++ /dev/null

@@ -1,88 +1,0 @@

-/* crypto/rc2/rc2_ecb.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc2.h>

-#include "rc2_locl.h"

-#include <openssl/opensslv.h>

-const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT;

-/* RC2 as implemented frm a posting from

- * Newsgroups: sci.crypt

- * Sender: [email protected] (Peter Gutmann)

- * Subject: Specification for Ron Rivests Cipher No.2

- * Message-ID: <[email protected]>

- * Date: 11 Feb 1996 06:45:03 GMT

- */

-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,

-		     int encrypt)

-	{

-	unsigned long l,d[2];

-	c2l(in,l); d[0]=l;

-	c2l(in,l); d[1]=l;

-	if (encrypt)

-		RC2_encrypt(d,ks);

-	else

-		RC2_decrypt(d,ks);

-	l=d[0]; l2c(l,out);

-	l=d[1]; l2c(l,out);

-	l=d[0]=d[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2_locl.h

+++ /dev/null

@@ -1,156 +1,0 @@

-/* crypto/rc2/rc2_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#undef c2l

-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \

-			 l|=((unsigned long)(*((c)++)))<< 8L, \

-			 l|=((unsigned long)(*((c)++)))<<16L, \

-			 l|=((unsigned long)(*((c)++)))<<24L)

-/* NOTE - c is not incremented as per c2l */

-#undef c2ln

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \

-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \

-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \

-			case 5: l2|=((unsigned long)(*(--(c))));     \

-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \

-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \

-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \

-			case 1: l1|=((unsigned long)(*(--(c))));     \

-				} \

-			}

-#undef l2c

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

-/* NOTE - c is not incremented as per l2c */

-#undef l2cn

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \

-				} \

-			}

-/* NOTE - c is not incremented as per n2l */

-#define n2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))    ; \

-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \

-			case 4: l1 =((unsigned long)(*(--(c))))    ; \

-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \

-				} \

-			}

-/* NOTE - c is not incremented as per l2n */

-#define l2nn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-				} \

-			}

-#undef n2l

-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \

-                         l|=((unsigned long)(*((c)++)))<<16L, \

-                         l|=((unsigned long)(*((c)++)))<< 8L, \

-                         l|=((unsigned long)(*((c)++))))

-#undef l2n

-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)     )&0xff))

-#define C_RC2(n) \

-	t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \

-	x0=(t<<1)|(t>>15); \

-	t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \

-	x1=(t<<2)|(t>>14); \

-	t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \

-	x2=(t<<3)|(t>>13); \

-	t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \

-	x3=(t<<5)|(t>>11);

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2_skey.c

+++ /dev/null

@@ -1,145 +1,0 @@

-/* crypto/rc2/rc2_skey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc2.h>

-#include "rc2_locl.h"

-static unsigned char key_table[256]={

-	0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,

-	0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,

-	0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,

-	0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,

-	0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,

-	0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,

-	0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,

-	0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,

-	0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,

-	0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,

-	0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,

-	0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,

-	0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,

-	0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,

-	0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,

-	0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,

-	0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,

-	0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,

-	0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,

-	0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,

-	0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,

-	0xfe,0x7f,0xc1,0xad,

-	};

-#if defined(_MSC_VER) && defined(_ARM_)

-#pragma optimize("g",off)

-#endif

-/* It has come to my attention that there are 2 versions of the RC2

- * key schedule.  One which is normal, and anther which has a hook to

- * use a reduced key length.

- * BSAFE uses the 'retarded' version.  What I previously shipped is

- * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses

- * a version where the bits parameter is the same as len*8 */

-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)

-	{

-	int i,j;

-	unsigned char *k;

-	RC2_INT *ki;

-	unsigned int c,d;

-	k= (unsigned char *)&(key->data[0]);

-	*k=0; /* for if there is a zero length key */

-	if (len > 128) len=128;

-	if (bits <= 0) bits=1024;

-	if (bits > 1024) bits=1024;

-	for (i=0; i<len; i++)

-		k[i]=data[i];

-	/* expand table */

-	d=k[len-1];

-	j=0;

-	for (i=len; i < 128; i++,j++)

-		{

-		d=key_table[(k[j]+d)&0xff];

-		k[i]=d;

-		}

-	/* hmm.... key reduction to 'bits' bits */

-	j=(bits+7)>>3;

-	i=128-j;

-	c= (0xff>>(-bits & 0x07));

-	d=key_table[k[i]&c];

-	k[i]=d;

-	while (i--)

-		{

-		d=key_table[k[i+j]^d];

-		k[i]=d;

-		}

-	/* copy from bytes into RC2_INT's */

-	ki= &(key->data[63]);

-	for (i=127; i>=0; i-=2)

-		*(ki--)=((k[i]<<8)|k[i-1])&0xffff;

-	}

-#if defined(_MSC_VER)

-#pragma optimize("",on)

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2cfb64.c

+++ /dev/null

@@ -1,122 +1,0 @@

-/* crypto/rc2/rc2cfb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc2.h>

-#include "rc2_locl.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, RC2_KEY *schedule, unsigned char *ivec,

-		       int *num, int encrypt)

-	{

-	register unsigned long v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned long ti[2];

-	unsigned char *iv,c,cc;

-	iv=(unsigned char *)ivec;

-	if (encrypt)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0); ti[0]=v0;

-				c2l(iv,v1); ti[1]=v1;

-				RC2_encrypt((unsigned long *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2c(t,iv);

-				t=ti[1]; l2c(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0); ti[0]=v0;

-				c2l(iv,v1); ti[1]=v1;

-				RC2_encrypt((unsigned long *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2c(t,iv);

-				t=ti[1]; l2c(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=t=c=cc=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2ofb64.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/rc2/rc2ofb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc2.h>

-#include "rc2_locl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-		       long length, RC2_KEY *schedule, unsigned char *ivec,

-		       int *num)

-	{

-	register unsigned long v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned char d[8];

-	register char *dp;

-	unsigned long ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv=(unsigned char *)ivec;

-	c2l(iv,v0);

-	c2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=(char *)d;

-	l2c(v0,dp);

-	l2c(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			RC2_encrypt((unsigned long *)ti,schedule);

-			dp=(char *)d;

-			t=ti[0]; l2c(t,dp);

-			t=ti[1]; l2c(t,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-		v0=ti[0];

-		v1=ti[1];

-		iv=(unsigned char *)ivec;

-		l2c(v0,iv);

-		l2c(v1,iv);

-		}

-	t=v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2speed.c

+++ /dev/null

@@ -1,277 +1,0 @@

-/* crypto/rc2/rc2speed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/rc2.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-#ifndef CLK_TCK

-#define HZ	100.0

-#else	/* CLK_TCK */

-#define HZ ((double)CLK_TCK)

-#endif	/* CLK_TCK */

-#endif	/* HZ */

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static unsigned char key[] ={

-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,

-			};

-	RC2_KEY sch;

-	double a,b,c,d;

-#ifndef SIGALRM

-	long ca,cb,cc;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	RC2_set_key(&sch,16,key,128);

-	count=10;

-	do	{

-		long i;

-		unsigned long data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			RC2_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count/512;

-	cb=count;

-	cc=count*8/BUFSIZE+1;

-	printf("Doing RC2_set_key %ld times\n",ca);

-#define COND(d)	(count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing RC2_set_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count+=4)

-		{

-		RC2_set_key(&sch,16,key,128);

-		RC2_set_key(&sch,16,key,128);

-		RC2_set_key(&sch,16,key,128);

-		RC2_set_key(&sch,16,key,128);

-		}

-	d=Time_F(STOP);

-	printf("%ld RC2_set_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing RC2_encrypt's for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing RC2_encrypt %ld times\n",cb);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cb); count+=4)

-		{

-		unsigned long data[2];

-		RC2_encrypt(data,&sch);

-		RC2_encrypt(data,&sch);

-		RC2_encrypt(data,&sch);

-		RC2_encrypt(data,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld RC2_encrypt's in %.2f second\n",count,d);

-	b=((double)COUNT(cb)*8)/d;

-#ifdef SIGALRM

-	printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,

-			&(key[0]),RC2_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-	printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);

-	printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);

-	printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/rc2test.c

+++ /dev/null

@@ -1,274 +1,0 @@

-/* crypto/rc2/rc2test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other

- * RC2 modes, more of the code will be uncommented. */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_RC2

-int main(int argc, char *argv[])

-{

-    printf("No RC2 support\n");

-    return(0);

-}

-#else

-#include <openssl/rc2.h>

-static unsigned char RC2key[4][16]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,

-	 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},

-	};

-static unsigned char RC2plain[4][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	};

-static unsigned char RC2cipher[4][8]={

-	{0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},

-	{0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},

-	{0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},

-	{0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},

-	};

-/************/

-#ifdef undef

-unsigned char k[16]={

-	0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,

-	0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};

-unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};

-unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};

-unsigned char out[80];

-char *text="Hello to all people out there";

-static unsigned char cfb_key[16]={

-	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,

-	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,

-	};

-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};

-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];

-#define CFB_TEST_SIZE 24

-static unsigned char plain[CFB_TEST_SIZE]=

-        {

-        0x4e,0x6f,0x77,0x20,0x69,0x73,

-        0x20,0x74,0x68,0x65,0x20,0x74,

-        0x69,0x6d,0x65,0x20,0x66,0x6f,

-        0x72,0x20,0x61,0x6c,0x6c,0x20

-        };

-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={

-	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,

-	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,

-	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45

-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,

-	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,

-	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/

-	};

-/*static int cfb64_test(unsigned char *cfb_cipher);*/

-static char *pt(unsigned char *p);

-#endif

-int main(int argc, char *argv[])

-	{

-	int i,n,err=0;

-	RC2_KEY key;

-	unsigned char buf[8],buf2[8];

-	for (n=0; n<4; n++)

-		{

-		RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);

-		RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);

-		if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)

-			{

-			printf("ecb rc2 error encrypting\n");

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",buf[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",RC2cipher[n][i]);

-			err=20;

-			printf("\n");

-			}

-		RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);

-		if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)

-			{

-			printf("ecb RC2 error decrypting\n");

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",buf[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",RC2plain[n][i]);

-			printf("\n");

-			err=3;

-			}

-		}

-	if (err == 0) printf("ecb RC2 ok\n");

-#ifdef undef

-	memcpy(iv,k,8);

-	idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);

-	memcpy(iv,k,8);

-	idea_cbc_encrypt(out,out,8,&dkey,iv,0);

-	idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);

-	if (memcmp(text,out,strlen(text)+1) != 0)

-		{

-		printf("cbc idea bad\n");

-		err=4;

-		}

-	else

-		printf("cbc idea ok\n");

-	printf("cfb64 idea ");

-	if (cfb64_test(cfb_cipher64))

-		{

-		printf("bad\n");

-		err=5;

-		}

-	else

-		printf("ok\n");

-#endif

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	return(err);

-	}

-#ifdef undef

-static int cfb64_test(unsigned char *cfb_cipher)

-        {

-        IDEA_KEY_SCHEDULE eks,dks;

-        int err=0,i,n;

-        idea_set_encrypt_key(cfb_key,&eks);

-        idea_set_decrypt_key(&eks,&dks);

-        memcpy(cfb_tmp,cfb_iv,8);

-        n=0;

-        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,

-                cfb_tmp,&n,IDEA_ENCRYPT);

-        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),

-                (long)CFB_TEST_SIZE-12,&eks,

-                cfb_tmp,&n,IDEA_ENCRYPT);

-        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)

-                {

-                err=1;

-                printf("idea_cfb64_encrypt encrypt error\n");

-                for (i=0; i<CFB_TEST_SIZE; i+=8)

-                        printf("%s\n",pt(&(cfb_buf1[i])));

-                }

-        memcpy(cfb_tmp,cfb_iv,8);

-        n=0;

-        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,

-                cfb_tmp,&n,IDEA_DECRYPT);

-        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),

-                (long)CFB_TEST_SIZE-17,&dks,

-                cfb_tmp,&n,IDEA_DECRYPT);

-        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)

-                {

-                err=1;

-                printf("idea_cfb_encrypt decrypt error\n");

-                for (i=0; i<24; i+=8)

-                        printf("%s\n",pt(&(cfb_buf2[i])));

-                }

-        return(err);

-        }

-static char *pt(unsigned char *p)

-	{

-	static char bufs[10][20];

-	static int bnum=0;

-	char *ret;

-	int i;

-	static char *f="0123456789ABCDEF";

-	ret= &(bufs[bnum++][0]);

-	bnum%=10;

-	for (i=0; i<8; i++)

-		{

-		ret[i*2]=f[(p[i]>>4)&0xf];

-		ret[i*2+1]=f[p[i]&0xf];

-		}

-	ret[16]='\0';

-	return(ret);

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc2/rrc2.doc

+++ /dev/null

@@ -1,219 +1,0 @@

->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996

-Article 23601 of sci.crypt:

-Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news

->From: [email protected] (Peter Gutmann)

-Newsgroups: sci.crypt

-Subject: Specification for Ron Rivests Cipher No.2

-Date: 11 Feb 1996 06:45:03 GMT

-Organization: University of Auckland

-Lines: 203

-Sender: [email protected] (Peter Gutmann)

-Message-ID: <[email protected]>

-NNTP-Posting-Host: cs26.cs.auckland.ac.nz

-X-Newsreader: NN version 6.5.0 #3 (NOV)

-                           Ron Rivest's Cipher No.2

-                           ------------------------

-Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may

-refer to it by other names) is word oriented, operating on a block of 64 bits

-divided into four 16-bit words, with a key table of 64 words.  All data units

-are little-endian.  This functional description of the algorithm is based in

-the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using

-the same general layout, terminology, and pseudocode style.

-Notation and RRC.2 Primitive Operations

-RRC.2 uses the following primitive operations:

-1. Two's-complement addition of words, denoted by "+".  The inverse operation,

-   subtraction, is denoted by "-".

-2. Bitwise exclusive OR, denoted by "^".

-3. Bitwise AND, denoted by "&".

-4. Bitwise NOT, denoted by "~".

-5. A left-rotation of words; the rotation of word x left by y is denoted

-   x <<< y.  The inverse operation, right-rotation, is denoted x >>> y.

-These operations are directly and efficiently supported by most processors.

-The RRC.2 Algorithm

-RRC.2 consists of three components, a *key expansion* algorithm, an

-*encryption* algorithm, and a *decryption* algorithm.

-Key Expansion

-The purpose of the key-expansion routine is to expand the user's key K to fill

-the expanded key array S, so S resembles an array of random binary words

-determined by the user's secret key K.

-Initialising the S-box

-RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of

-Beale Cipher No.1 XOR'd with a one-time pad.  The Beale Ciphers predate modern

-cryptography by enough time that there should be no concerns about trapdoors

-hidden in the data.  They have been published widely, and the S-box can be

-easily recreated from the one-time pad values and the Beale Cipher data taken

-from a standard source.  To initialise the S-box:

-  for i = 0 to 255 do

-    sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]

-The contents of Beale Cipher No.1 and the necessary one-time pad are given as

-an appendix at the end of this document.  For efficiency, implementors may wish

-to skip the Beale Cipher expansion and store the sBox table directly.

-Expanding the Secret Key to 128 Bytes

-The secret key is first expanded to fill 128 bytes (64 words).  The expansion

-consists of taking the sum of the first and last bytes in the user key, looking

-up the sum (modulo 256) in the S-box, and appending the result to the key.  The

-operation is repeated with the second byte and new last byte of the key until

-all 128 bytes have been generated.  Note that the following pseudocode treats

-the S array as an array of 128 bytes rather than 64 words.

-  for j = 0 to length-1 do

-    S[ j ] = K[ j ]

-  for j = length to 127 do

-    s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];

-At this point it is possible to perform a truncation of the effective key

-length to ease the creation of espionage-enabled software products.  However

-since the author cannot conceive why anyone would want to do this, it will not

-be considered further.

-The final phase of the key expansion involves replacing the first byte of S

-with the entry selected from the S-box:

-  S[ 0 ] = sBox[ S[ 0 ] ]

-Encryption

-The cipher has 16 full rounds, each divided into 4 subrounds.  Two of the full

-rounds perform an additional transformation on the data.  Note that the

-following pseudocode treats the S array as an array of 64 words rather than 128

-bytes.

-  for i = 0 to 15 do

-    j = i * 4;

-    word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1

-    word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2

-    word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3

-    word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5

-In addition the fifth and eleventh rounds add the contents of the S-box indexed

-by one of the data words to another of the data words following the four

-subrounds as follows:

-    word0 = word0 + S[ word3 & 63 ];

-    word1 = word1 + S[ word0 & 63 ];

-    word2 = word2 + S[ word1 & 63 ];

-    word3 = word3 + S[ word2 & 63 ];

-Decryption

-The decryption operation is simply the inverse of the encryption operation.

-Note that the following pseudocode treats the S array as an array of 64 words

-rather than 128 bytes.

-  for i = 15 downto 0 do

-    j = i * 4;

-    word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]

-    word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]

-    word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]

-    word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]

-In addition the fifth and eleventh rounds subtract the contents of the S-box

-indexed by one of the data words from another one of the data words following

-the four subrounds as follows:

-    word3 = word3 - S[ word2 & 63 ]

-    word2 = word2 - S[ word1 & 63 ]

-    word1 = word1 - S[ word0 & 63 ]

-    word0 = word0 - S[ word3 & 63 ]

-Test Vectors

-The following test vectors may be used to test the correctness of an RRC.2

-implementation:

-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-  Cipher:   0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7

-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01

-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-  Cipher:   0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74

-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-  Plain:    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF

-  Cipher:   0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E

-  Key:      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

-            0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F

-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-  Cipher:   0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31

-Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for

-          Creating the S-Box

-Beale Cipher No.1.

-  71, 194,  38,1701,  89,  76,  11,  83,1629,  48,  94,  63, 132,  16, 111,  95,

-  84, 341, 975,  14,  40,  64,  27,  81, 139, 213,  63,  90,1120,   8,  15,   3,

- 126,2018,  40,  74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,

- 124, 211, 486, 225, 401, 370,  11, 101, 305, 139, 189,  17,  33,  88, 208, 193,

- 145,   1,  94,  73, 416, 918, 263,  28, 500, 538, 356, 117, 136, 219,  27, 176,

- 130,  10, 460,  25, 485,  18, 436,  65,  84, 200, 283, 118, 320, 138,  36, 416,

- 280,  15,  71, 224, 961,  44,  16, 401,  39,  88,  61, 304,  12,  21,  24, 283,

- 134,  92,  63, 246, 486, 682,   7, 219, 184, 360, 780,  18,  64, 463, 474, 131,

- 160,  79,  73, 440,  95,  18,  64, 581,  34,  69, 128, 367, 460,  17,  81,  12,

- 103, 820,  62, 110,  97, 103, 862,  70,  60,1317, 471, 540, 208, 121, 890, 346,

-  36, 150,  59, 568, 614,  13, 120,  63, 219, 812,2160,1780,  99,  35,  18,  21,

- 136, 872,  15,  28, 170,  88,   4,  30,  44, 112,  18, 147, 436, 195, 320,  37,

- 122, 113,   6, 140,   8, 120, 305,  42,  58, 461,  44, 106, 301,  13, 408, 680,

-  93,  86, 116, 530,  82, 568,   9, 102,  38, 416,  89,  71, 216, 728, 965, 818,

-   2,  38, 121, 195,  14, 326, 148, 234,  18,  55, 131, 234, 361, 824,   5,  81,

- 623,  48, 961,  19,  26,  33,  10,1101, 365,  92,  88, 181, 275, 346, 201, 206

-One-time Pad.

- 158, 186, 223,  97,  64, 145, 190, 190, 117, 217, 163,  70, 206, 176, 183, 194,

- 146,  43, 248, 141,   3,  54,  72, 223, 233, 153,  91, 210,  36, 131, 244, 161,

- 105, 120, 113, 191, 113,  86,  19, 245, 213, 221,  43,  27, 242, 157,  73, 213,

- 193,  92, 166,  10,  23, 197, 112, 110, 193,  30, 156,  51, 125,  51, 158,  67,

- 197, 215,  59, 218, 110, 246, 181,   0, 135,  76, 164,  97,  47,  87, 234, 108,

- 144, 127,   6,   6, 222, 172,  80, 144,  22, 245, 207,  70, 227, 182, 146, 134,

- 119, 176,  73,  58, 135,  69,  23, 198,   0, 170,  32, 171, 176, 129,  91,  24,

- 126,  77, 248,   0, 118,  69,  57,  60, 190, 171, 217,  61, 136, 169, 196,  84,

- 168, 167, 163, 102, 223,  64, 174, 178, 166, 239, 242, 195, 249,  92,  59,  38,

- 241,  46, 236,  31,  59, 114,  23,  50, 119, 186,   7,  66, 212,  97, 222, 182,

- 230, 118, 122,  86, 105,  92, 179, 243, 255, 189, 223, 164, 194, 215,  98,  44,

-  17,  20,  53, 153, 137, 224, 176, 100, 208, 114,  36, 200, 145, 150, 215,  20,

-  87,  44, 252,  20, 235, 242, 163, 132,  63,  18,   5, 122,  74,  97,  34,  97,

- 142,  86, 146, 221, 179, 166, 161,  74,  69, 182,  88, 120, 128,  58,  76, 155,

-  15,  30,  77, 216, 165, 117, 107,  90, 169, 127, 143, 181, 208, 137, 200, 127,

- 170, 195,  26,  84, 255, 132, 150,  58, 103, 250, 120, 221, 237,  37,   8,  99

-Implementation

-A non-US based programmer who has never seen any encryption code before will

-shortly be implementing RRC.2 based solely on this specification and not on

-knowledge of any other encryption algorithms.  Stand by.

--- a/sys/src/ape/lib/openssl/crypto/rc2/tab.c

+++ /dev/null

@@ -1,86 +1,0 @@

-#include <stdio.h>

-unsigned char ebits_to_num[256]={

-	0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,

-	0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,

-	0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,

-	0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,

-	0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,

-	0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,

-	0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,

-	0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,

-	0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,

-	0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,

-	0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,

-	0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,

-	0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,

-	0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,

-	0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,

-	0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,

-	0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,

-	0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,

-	0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,

-	0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,

-	0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,

-	0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,

-	0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,

-	0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,

-	0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,

-	0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,

-	0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,

-	0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,

-	0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,

-	0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,

-	0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,

-	0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,

-	};

-unsigned char num_to_ebits[256]={

-	0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,

-	0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,

-	0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,

-	0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,

-	0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,

-	0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,

-	0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,

-	0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,

-	0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,

-	0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,

-	0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,

-	0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,

-	0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,

-	0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,

-	0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,

-	0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,

-	0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,

-	0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,

-	0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,

-	0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,

-	0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,

-	0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,

-	0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,

-	0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,

-	0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,

-	0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,

-	0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,

-	0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,

-	0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,

-	0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,

-	0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,

-	0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,

-	};

-main()

-	{

-	int i,j;

-	for (i=0; i<256; i++)

-		{

-		for (j=0; j<256; j++)

-			if (ebits_to_num[j] == i)

-				{

-				printf("0x%02x,",j);

-				break;

-				}

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc2/version

+++ /dev/null

@@ -1,22 +1,0 @@

-1.1 23/08/96 - eay

-	Changed RC2_set_key() so it now takes another argument.  Many

-	thanks to Peter Gutmann <[email protected]> for the

-	clarification and origional specification of RC2.  BSAFE uses

-	this last parameter, 'bits'.  It the key is 128 bits, BSAFE

-	also sets this parameter to 128.  The old behaviour can be

-	duplicated by setting this parameter to 1024.

-1.0 08/04/96 - eay

-	First version of SSLeay with rc2.  This has been written from the spec

-	posted sci.crypt.  It is in this directory under rrc2.doc

-	I have no test values for any mode other than ecb, my wrappers for the

-	other modes should be ok since they are basically the same as

-	the ones taken from idea and des :-).  I have implemented them as

-	little-endian operators.

-	While rc2 is included because it is used with SSL, I don't know how

-	far I trust it.  It is about the same speed as IDEA and DES.

-	So if you are paranoid, used Tripple DES, else IDEA.  If RC2

-	does get used more, perhaps more people will look for weaknesses in

-	it.

--- a/sys/src/ape/lib/openssl/crypto/rc4/Makefile

+++ /dev/null

@@ -1,115 +1,0 @@

-#

-# OpenSSL/crypto/rc4/Makefile

-#

-DIR=	rc4

-TOP=	../..

-CC=	cc

-CPP=    $(CC) -E

-INCLUDES=

-CFLAG=-g

-AR=		ar r

-RC4_ENC=rc4_enc.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=rc4test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=rc4_skey.c rc4_enc.c

-LIBOBJ=rc4_skey.o $(RC4_ENC)

-SRC= $(LIBSRC)

-EXHEADER= rc4.h

-HEADER=	$(EXHEADER) rc4_locl.h

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@)

-# COFF

-rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@)

-# a.out

-rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@)

-rc4-x86_64.s: asm/rc4-x86_64.pl;	$(PERL) asm/rc4-x86_64.pl $@

-rc4-ia64.s: asm/rc4-ia64.S

-	@case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \

-	int)	set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \

-	char)	set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \

-	*)	exit 1 ;; \

-	esac

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rc4_enc.o: ../../e_os.h ../../include/openssl/bio.h

-rc4_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rc4_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rc4_enc.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h

-rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h

-rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h

-rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h

-rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c

--- a/sys/src/ape/lib/openssl/crypto/rc4/asm/rc4-586.pl

+++ /dev/null

@@ -1,230 +1,0 @@

-#!/usr/local/bin/perl

-# At some point it became apparent that the original SSLeay RC4

-# assembler implementation performs suboptimaly on latest IA-32

-# microarchitectures. After re-tuning performance has changed as

-# following:

-#

-# Pentium	+0%

-# Pentium III	+17%

-# AMD		+52%(*)

-# P4		+180%(**)

-#

-# (*)	This number is actually a trade-off:-) It's possible to

-#	achieve	+72%, but at the cost of -48% off PIII performance.

-#	In other words code performing further 13% faster on AMD

-#	would perform almost 2 times slower on Intel PIII...

-#	For reference! This code delivers ~80% of rc4-amd64.pl

-#	performance on the same Opteron machine.

-# (**)	This number requires compressed key schedule set up by

-#	RC4_set_key and therefore doesn't apply to 0.9.7 [option for

-#	compressed key schedule is implemented in 0.9.8 and later,

-#	see commentary section in rc4_skey.c for further details].

-#

-#					<[email protected]>

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],"rc4-586.pl");

-$x="eax";

-$y="ebx";

-$tx="ecx";

-$ty="edx";

-$in="esi";

-$out="edi";

-$d="ebp";

-&RC4("RC4");

-&asm_finish();

-sub RC4_loop

-	{

-	local($n,$p,$char)=@_;

-	&comment("Round $n");

-	if ($char)

-		{

-		if ($p >= 0)

-			{

-			 &mov($ty,	&swtmp(2));

-			&cmp($ty,	$in);

-			 &jbe(&label("finished"));

-			&inc($in);

-			}

-		else

-			{

-			&add($ty,	8);

-			 &inc($in);

-			&cmp($ty,	$in);

-			 &jb(&label("finished"));

-			&mov(&swtmp(2),	$ty);

-			}

-		}

-	# Moved out

-	# &mov(	$tx,		&DWP(0,$d,$x,4)) if $p < 0;

-	&add(	&LB($y),	&LB($tx));

-	&mov(	$ty,		&DWP(0,$d,$y,4));

-	 # XXX

-	&mov(	&DWP(0,$d,$x,4),$ty);

-	 &add(	$ty,		$tx);

-	&mov(	&DWP(0,$d,$y,4),$tx);

-	 &and(	$ty,		0xff);

-	 &inc(	&LB($x));			# NEXT ROUND

-	&mov(	$tx,		&DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND

-	 &mov(	$ty,		&DWP(0,$d,$ty,4));

-	if (!$char)

-		{

-		#moved up into last round

-		if ($p >= 1)

-			{

-			&add(	$out,	8)

-			}

-		&movb(	&BP($n,"esp","",0),	&LB($ty));

-		}

-	else

-		{

-		# Note in+=8 has occured

-		&movb(	&HB($ty),	&BP(-1,$in,"",0));

-		 # XXX

-		&xorb(&LB($ty),		&HB($ty));

-		 # XXX

-		&movb(&BP($n,$out,"",0),&LB($ty));

-		}

-	}

-sub RC4

-	{

-	local($name)=@_;

-	&function_begin_B($name,"");

-	&mov($ty,&wparam(1));		# len

-	&cmp($ty,0);

-	&jne(&label("proceed"));

-	&ret();

-	&set_label("proceed");

-	&comment("");

-	&push("ebp");

-	 &push("ebx");

-	&push("esi");

-	 &xor(	$x,	$x);		# avoid partial register stalls

-	&push("edi");

-	 &xor(	$y,	$y);		# avoid partial register stalls

-	&mov(	$d,	&wparam(0));	# key

-	 &mov(	$in,	&wparam(2));

-	&movb(	&LB($x),	&BP(0,$d,"",1));

-	 &movb(	&LB($y),	&BP(4,$d,"",1));

-	&mov(	$out,	&wparam(3));

-	 &inc(	&LB($x));

-	&stack_push(3);	# 3 temp variables

-	 &add(	$d,	8);

-	# detect compressed schedule, see commentary section in rc4_skey.c...

-	# in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant,

-	# as compressed key schedule is set up in 0.9.8 and later.

-	&cmp(&DWP(256,$d),-1);

-	&je(&label("RC4_CHAR"));

-	 &lea(	$ty,	&DWP(-8,$ty,$in));

-	# check for 0 length input

-	 &mov(	&swtmp(2),	$ty);	# this is now address to exit at

-	&mov(	$tx,	&DWP(0,$d,$x,4));

-	 &cmp(	$ty,	$in);

-	&jb(	&label("end")); # less than 8 bytes

-	&set_label("start");

-	# filling DELAY SLOT

-	&add(	$in,	8);

-	&RC4_loop(0,-1,0);

-	&RC4_loop(1,0,0);

-	&RC4_loop(2,0,0);

-	&RC4_loop(3,0,0);

-	&RC4_loop(4,0,0);

-	&RC4_loop(5,0,0);

-	&RC4_loop(6,0,0);

-	&RC4_loop(7,1,0);

-	&comment("apply the cipher text");

-	# xor the cipher data with input

-	#&add(	$out,	8); #moved up into last round

-	&mov(	$tx,	&swtmp(0));

-	 &mov(	$ty,	&DWP(-8,$in,"",0));

-	&xor(	$tx,	$ty);

-	 &mov(	$ty,	&DWP(-4,$in,"",0));

-	&mov(	&DWP(-8,$out,"",0),	$tx);

-	 &mov(	$tx,	&swtmp(1));

-	&xor(	$tx,	$ty);

-	 &mov(	$ty,	&swtmp(2));	# load end ptr;

-	&mov(	&DWP(-4,$out,"",0),	$tx);

-	 &mov(	$tx,		&DWP(0,$d,$x,4));

-	&cmp($in,	$ty);

-	 &jbe(&label("start"));

-	&set_label("end");

-	# There is quite a bit of extra crap in RC4_loop() for this

-	# first round

-	&RC4_loop(0,-1,1);

-	&RC4_loop(1,0,1);

-	&RC4_loop(2,0,1);

-	&RC4_loop(3,0,1);

-	&RC4_loop(4,0,1);

-	&RC4_loop(5,0,1);

-	&RC4_loop(6,1,1);

-	&jmp(&label("finished"));

-	&align(16);

-	# this is essentially Intel P4 specific codepath, see rc4_skey.c,

-	# and is engaged in 0.9.8 and later context...

-	&set_label("RC4_CHAR");

-	&lea	($ty,&DWP(0,$in,$ty));

-	&mov	(&swtmp(2),$ty);

-	&movz	($tx,&BP(0,$d,$x));

-	# strangely enough unrolled loop performs over 20% slower...

-	&set_label("RC4_CHAR_loop");

-		&add	(&LB($y),&LB($tx));

-		&movz	($ty,&BP(0,$d,$y));

-		&movb	(&BP(0,$d,$y),&LB($tx));

-		&movb	(&BP(0,$d,$x),&LB($ty));

-		&add	(&LB($ty),&LB($tx));

-		&movz	($ty,&BP(0,$d,$ty));

-		&add	(&LB($x),1);

-		&xorb	(&LB($ty),&BP(0,$in));

-		&lea	($in,&BP(1,$in));

-		&movz	($tx,&BP(0,$d,$x));

-		&cmp	($in,&swtmp(2));

-		&movb	(&BP(0,$out),&LB($ty));

-		&lea	($out,&BP(1,$out));

-	&jb	(&label("RC4_CHAR_loop"));

-	&set_label("finished");

-	&dec(	$x);

-	 &stack_pop(3);

-	&movb(	&BP(-4,$d,"",0),&LB($y));

-	 &movb(	&BP(-8,$d,"",0),&LB($x));

-	&function_end($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc4/asm/rc4-ia64.S

+++ /dev/null

@@ -1,159 +1,0 @@

-// ====================================================================

-// Written by Andy Polyakov <[email protected]> for the OpenSSL

-// project.

-//

-// Rights for redistribution and usage in source and binary forms are

-// granted according to the OpenSSL license. Warranty of any kind is

-// disclaimed.

-// ====================================================================

-.ident  "rc4-ia64.S, Version 2.0"

-.ident  "IA-64 ISA artwork by Andy Polyakov <[email protected]>"

-// What's wrong with compiler generated code? Because of the nature of

-// C language, compiler doesn't [dare to] reorder load and stores. But

-// being memory-bound, RC4 should benefit from reorder [on in-order-

-// execution core such as IA-64]. But what can we reorder? At the very

-// least we can safely reorder references to key schedule in respect

-// to input and output streams. Secondly, from the first [close] glance

-// it appeared that it's possible to pull up some references to

-// elements of the key schedule itself. Original rationale ["prior

-// loads are not safe only for "degenerated" key schedule, when some

-// elements equal to the same value"] was kind of sloppy. I should have

-// formulated as it really was: if we assume that pulling up reference

-// to key[x+1] is not safe, then it would mean that key schedule would

-// "degenerate," which is never the case. The problem is that this

-// holds true in respect to references to key[x], but not to key[y].

-// Legitimate "collisions" do occur within every 256^2 bytes window.

-// Fortunately there're enough free instruction slots to keep prior

-// reference to key[x+1], detect "collision" and compensate for it.

-// All this without sacrificing a single clock cycle:-) Throughput is

-// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated

-// code and +30% - if compared to HP-UX C. Unrolling loop below should

-// give >30% on top of that...

-.text

-.explicit

-#if defined(_HPUX_SOURCE) && !defined(_LP64)

-# define ADDP	addp4

-#else

-# define ADDP	add

-#endif

-#ifndef SZ

-#define SZ	4	// this is set to sizeof(RC4_INT)

-#endif

-// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for

-// assembler implementation, while SZ==1 code is ~30% slower.

-#if SZ==1	// RC4_INT is unsigned char

-# define	LDKEY	ld1

-# define	STKEY	st1

-# define	OFF	0

-#elif SZ==4	// RC4_INT is unsigned int

-# define	LDKEY	ld4

-# define	STKEY	st4

-# define	OFF	2

-#elif SZ==8	// RC4_INT is unsigned long

-# define	LDKEY	ld8

-# define	STKEY	st8

-# define	OFF	3

-#endif

-out=r8;		// [expanded] output pointer

-inp=r9;		// [expanded] output pointer

-prsave=r10;

-key=r28;	// [expanded] pointer to RC4_KEY

-ksch=r29;	// (key->data+255)[&~(sizeof(key->data)-1)]

-xx=r30;

-yy=r31;

-// void RC4(RC4_KEY *key,size_t len,const void *inp,void *out);

-.global	RC4#

-.proc	RC4#

-.align	32

-.skip	16

-RC4:

-	.prologue

-	.save   ar.pfs,r2

-{ .mii;	alloc	r2=ar.pfs,4,12,0,16

-	.save	pr,prsave

-	mov	prsave=pr

-	ADDP	key=0,in0		};;

-{ .mib;	cmp.eq	p6,p0=0,in1			// len==0?

-	.save	ar.lc,r3

-	mov	r3=ar.lc

-(p6)	br.ret.spnt.many	b0	};;	// emergency exit

-	.body

-	.rotr	dat[4],key_x[4],tx[2],rnd[2],key_y[2],ty[1];

-{ .mib;	LDKEY	xx=[key],SZ			// load key->x

-	add	in1=-1,in1			// adjust len for loop counter

-	nop.b	0			}

-{ .mib;	ADDP	inp=0,in2

-	ADDP	out=0,in3

-	brp.loop.imp	.Ltop,.Lexit-16	};;

-{ .mmi;	LDKEY	yy=[key]			// load key->y

-	add	ksch=SZ,key

-	mov	ar.lc=in1		}

-{ .mmi;	mov	key_y[1]=r0			// guarantee inequality

-						// in first iteration

-	add	xx=1,xx

-	mov	pr.rot=1<<16		};;

-{ .mii;	nop.m	0

-	dep	key_x[1]=xx,r0,OFF,8

-	mov	ar.ec=3			};;	// note that epilogue counter

-						// is off by 1. I compensate

-						// for this at exit...

-.Ltop:

-// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which

-// theoretically gives asymptotic performance of clock frequency

-// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is

-// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently

-// splits the last bundle and you end up with 5*n spin-rate:-(

-// Originally the loop was scheduled for 3*n and relied on key

-// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But

-// *(out++)=dat, which maps to st1, had same effect [inadvertent

-// bundle split] and holded the loop back. Rescheduling for 4*n

-// made it possible to eliminate dependence on specific alignment

-// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would

-// require unrolling, sticking to variable shift instruction for

-// collecting output [to avoid starvation for integer shifter] and

-// copying of key schedule to controlled place in stack [so that

-// deposit instruction can serve as substitute for whole

-// key->data+((x&255)<<log2(sizeof(key->data[0])))]...

-{ .mmi;	(p19)	st1	[out]=dat[3],1			// *(out++)=dat

-	(p16)	add	xx=1,xx				// x++

-	(p18)	dep	rnd[1]=rnd[1],r0,OFF,8	}	// ((tx+ty)&255)<<OFF

-{ .mmi;	(p16)	add	key_x[1]=ksch,key_x[1]		// &key[xx&255]

-	(p17)	add	key_y[1]=ksch,key_y[1]	};;	// &key[yy&255]

-{ .mmi;	(p16)	LDKEY	tx[0]=[key_x[1]]		// tx=key[xx]

-	(p17)	LDKEY	ty[0]=[key_y[1]]		// ty=key[yy]

-	(p16)	dep	key_x[0]=xx,r0,OFF,8	}	// (xx&255)<<OFF

-{ .mmi;	(p18)	add	rnd[1]=ksch,rnd[1]		// &key[(tx+ty)&255]

-	(p16)	cmp.ne.unc p20,p21=key_x[1],key_y[1] };;

-{ .mmi;	(p18)	LDKEY	rnd[1]=[rnd[1]]			// rnd=key[(tx+ty)&255]

-	(p16)	ld1	dat[0]=[inp],1		}	// dat=*(inp++)

-.pred.rel	"mutex",p20,p21

-{ .mmi;	(p21)	add	yy=yy,tx[1]			// (p16)

-	(p20)	add	yy=yy,tx[0]			// (p16) y+=tx

-	(p21)	mov	tx[0]=tx[1]		};;	// (p16)

-{ .mmi;	(p17)	STKEY	[key_y[1]]=tx[1]		// key[yy]=tx

-	(p17)	STKEY	[key_x[2]]=ty[0]		// key[xx]=ty

-	(p16)	dep	key_y[0]=yy,r0,OFF,8	}	// &key[yy&255]

-{ .mmb;	(p17)	add	rnd[0]=tx[1],ty[0]		// tx+=ty

-	(p18)	xor	dat[2]=dat[2],rnd[1]		// dat^=rnd

-	br.ctop.sptk	.Ltop			};;

-.Lexit:

-{ .mib;	STKEY	[key]=yy,-SZ			// save key->y

-	mov	pr=prsave,0x1ffff

-	nop.b	0			}

-{ .mib;	st1	[out]=dat[3],1			// compensate for truncated

-						// epilogue counter

-	add	xx=-1,xx

-	nop.b	0			};;

-{ .mib;	STKEY	[key]=xx			// save key->x

-	mov	ar.lc=r3

-	br.ret.sptk.many	b0	};;

-.endp	RC4#

--- a/sys/src/ape/lib/openssl/crypto/rc4/asm/rc4-x86_64.pl

+++ /dev/null

@@ -1,240 +1,0 @@

-#!/usr/bin/env perl

-#

-# ====================================================================

-# Written by Andy Polyakov <[email protected]> for the OpenSSL

-# project. Rights for redistribution and usage in source and binary

-# forms are granted according to the OpenSSL license.

-# ====================================================================

-#

-# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in

-# "hand-coded assembler"] doesn't stand for the whole improvement

-# coefficient. It turned out that eliminating RC4_CHAR from config

-# line results in ~40% improvement (yes, even for C implementation).

-# Presumably it has everything to do with AMD cache architecture and

-# RAW or whatever penalties. Once again! The module *requires* config

-# line *without* RC4_CHAR! As for coding "secret," I bet on partial

-# register arithmetics. For example instead of 'inc %r8; and $255,%r8'

-# I simply 'inc %r8b'. Even though optimization manual discourages

-# to operate on partial registers, it turned out to be the best bet.

-# At least for AMD... How IA32E would perform remains to be seen...

-# As was shown by Marc Bevand reordering of couple of load operations

-# results in even higher performance gain of 3.3x:-) At least on

-# Opteron... For reference, 1x in this case is RC4_CHAR C-code

-# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.

-# Latter means that if you want to *estimate* what to expect from

-# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz.

-# Intel P4 EM64T core was found to run the AMD64 code really slow...

-# The only way to achieve comparable performance on P4 was to keep

-# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to

-# compose blended code, which would perform even within 30% marginal

-# on either AMD and Intel platforms, I implement both cases. See

-# rc4_skey.c for further details...

-# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing

-# those with add/sub results in 50% performance improvement of folded

-# loop...

-# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T

-# performance by >30% [unlike P4 32-bit case that is]. But this is

-# provided that loads are reordered even more aggressively! Both code

-# pathes, AMD64 and EM64T, reorder loads in essentially same manner

-# as my IA-64 implementation. On Opteron this resulted in modest 5%

-# improvement [I had to test it], while final Intel P4 performance

-# achieves respectful 432MBps on 2.8GHz processor now. For reference.

-# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than

-# RC4_INT code-path. While if executed on Opteron, it's only 25%

-# slower than the RC4_INT one [meaning that if CPU �-arch detection

-# is not implemented, then this final RC4_CHAR code-path should be

-# preferred, as it provides better *all-round* performance].

-$output=shift;

-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";

-$dat="%rdi";	    # arg1

-$len="%rsi";	    # arg2

-$inp="%rdx";	    # arg3

-$out="%rcx";	    # arg4

-@XX=("%r8","%r10");

-@TX=("%r9","%r11");

-$YY="%r12";

-$TY="%r13";

-$code=<<___;

-.text

-.globl	RC4

-.type	RC4,\@function,4

-.align	16

-RC4:	or	$len,$len

-	jne	.Lentry

-	ret

-.Lentry:

-	push	%r12

-	push	%r13

-	add	\$8,$dat

-	movl	-8($dat),$XX[0]#d

-	movl	-4($dat),$YY#d

-	cmpl	\$-1,256($dat)

-	je	.LRC4_CHAR

-	inc	$XX[0]#b

-	movl	($dat,$XX[0],4),$TX[0]#d

-	test	\$-8,$len

-	jz	.Lloop1

-	jmp	.Lloop8

-.align	16

-.Lloop8:

-___

-for ($i=0;$i<8;$i++) {

-$code.=<<___;

-	add	$TX[0]#b,$YY#b

-	mov	$XX[0],$XX[1]

-	movl	($dat,$YY,4),$TY#d

-	ror	\$8,%rax			# ror is redundant when $i=0

-	inc	$XX[1]#b

-	movl	($dat,$XX[1],4),$TX[1]#d

-	cmp	$XX[1],$YY

-	movl	$TX[0]#d,($dat,$YY,4)

-	cmove	$TX[0],$TX[1]

-	movl	$TY#d,($dat,$XX[0],4)

-	add	$TX[0]#b,$TY#b

-	movb	($dat,$TY,4),%al

-___

-push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers

-}

-$code.=<<___;

-	ror	\$8,%rax

-	sub	\$8,$len

-	xor	($inp),%rax

-	add	\$8,$inp

-	mov	%rax,($out)

-	add	\$8,$out

-	test	\$-8,$len

-	jnz	.Lloop8

-	cmp	\$0,$len

-	jne	.Lloop1

-___

-$code.=<<___;

-.Lexit:

-	sub	\$1,$XX[0]#b

-	movl	$XX[0]#d,-8($dat)

-	movl	$YY#d,-4($dat)

-	pop	%r13

-	pop	%r12

-	ret

-.align	16

-.Lloop1:

-	add	$TX[0]#b,$YY#b

-	movl	($dat,$YY,4),$TY#d

-	movl	$TX[0]#d,($dat,$YY,4)

-	movl	$TY#d,($dat,$XX[0],4)

-	add	$TY#b,$TX[0]#b

-	inc	$XX[0]#b

-	movl	($dat,$TX[0],4),$TY#d

-	movl	($dat,$XX[0],4),$TX[0]#d

-	xorb	($inp),$TY#b

-	inc	$inp

-	movb	$TY#b,($out)

-	inc	$out

-	dec	$len

-	jnz	.Lloop1

-	jmp	.Lexit

-.align	16

-.LRC4_CHAR:

-	add	\$1,$XX[0]#b

-	movzb	($dat,$XX[0]),$TX[0]#d

-	test	\$-8,$len

-	jz	.Lcloop1

-	push	%rbx

-	jmp	.Lcloop8

-.align	16

-.Lcloop8:

-	mov	($inp),%eax

-	mov	4($inp),%ebx

-___

-# unroll 2x4-wise, because 64-bit rotates kill Intel P4...

-for ($i=0;$i<4;$i++) {

-$code.=<<___;

-	add	$TX[0]#b,$YY#b

-	lea	1($XX[0]),$XX[1]

-	movzb	($dat,$YY),$TY#d

-	movzb	$XX[1]#b,$XX[1]#d

-	movzb	($dat,$XX[1]),$TX[1]#d

-	movb	$TX[0]#b,($dat,$YY)

-	cmp	$XX[1],$YY

-	movb	$TY#b,($dat,$XX[0])

-	jne	.Lcmov$i			# Intel cmov is sloooow...

-	mov	$TX[0],$TX[1]

-.Lcmov$i:

-	add	$TX[0]#b,$TY#b

-	xor	($dat,$TY),%al

-	ror	\$8,%eax

-___

-push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers

-}

-for ($i=4;$i<8;$i++) {

-$code.=<<___;

-	add	$TX[0]#b,$YY#b

-	lea	1($XX[0]),$XX[1]

-	movzb	($dat,$YY),$TY#d

-	movzb	$XX[1]#b,$XX[1]#d

-	movzb	($dat,$XX[1]),$TX[1]#d

-	movb	$TX[0]#b,($dat,$YY)

-	cmp	$XX[1],$YY

-	movb	$TY#b,($dat,$XX[0])

-	jne	.Lcmov$i			# Intel cmov is sloooow...

-	mov	$TX[0],$TX[1]

-.Lcmov$i:

-	add	$TX[0]#b,$TY#b

-	xor	($dat,$TY),%bl

-	ror	\$8,%ebx

-___

-push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers

-}

-$code.=<<___;

-	lea	-8($len),$len

-	mov	%eax,($out)

-	lea	8($inp),$inp

-	mov	%ebx,4($out)

-	lea	8($out),$out

-	test	\$-8,$len

-	jnz	.Lcloop8

-	pop	%rbx

-	cmp	\$0,$len

-	jne	.Lcloop1

-	jmp	.Lexit

-___

-$code.=<<___;

-.align	16

-.Lcloop1:

-	add	$TX[0]#b,$YY#b

-	movzb	($dat,$YY),$TY#d

-	movb	$TX[0]#b,($dat,$YY)

-	movb	$TY#b,($dat,$XX[0])

-	add	$TX[0]#b,$TY#b

-	add	\$1,$XX[0]#b

-	movzb	($dat,$TY),$TY#d

-	movzb	($dat,$XX[0]),$TX[0]#d

-	xorb	($inp),$TY#b

-	lea	1($inp),$inp

-	movb	$TY#b,($out)

-	lea	1($out),$out

-	sub	\$1,$len

-	jnz	.Lcloop1

-	jmp	.Lexit

-.size	RC4,.-RC4

-___

-$code =~ s/#([bwd])/$1/gm;

-print $code;

-close STDOUT;

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4.c

+++ /dev/null

@@ -1,193 +1,0 @@

-/* crypto/rc4/rc4.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/rc4.h>

-#include <openssl/evp.h>

-char *usage[]={

-"usage: rc4 args\n",

-"\n",

-" -in arg         - input file - default stdin\n",

-" -out arg        - output file - default stdout\n",

-" -key key        - password\n",

-NULL

-};

-int main(int argc, char *argv[])

-	{

-	FILE *in=NULL,*out=NULL;

-	char *infile=NULL,*outfile=NULL,*keystr=NULL;

-	RC4_KEY key;

-	char buf[BUFSIZ];

-	int badops=0,i;

-	char **pp;

-	unsigned char md[MD5_DIGEST_LENGTH];

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if 	(strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			infile= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outfile= *(++argv);

-			}

-		else if (strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			keystr= *(++argv);

-			}

-		else

-			{

-			fprintf(stderr,"unknown option %s\n",*argv);

-			badops=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badops)

-		{

-bad:

-		for (pp=usage; (*pp != NULL); pp++)

-			fprintf(stderr,"%s",*pp);

-		exit(1);

-		}

-	if (infile == NULL)

-		in=stdin;

-	else

-		{

-		in=fopen(infile,"r");

-		if (in == NULL)

-			{

-			perror("open");

-			exit(1);

-			}

-		}

-	if (outfile == NULL)

-		out=stdout;

-	else

-		{

-		out=fopen(outfile,"w");

-		if (out == NULL)

-			{

-			perror("open");

-			exit(1);

-			}

-		}

-#ifdef OPENSSL_SYS_MSDOS

-	/* This should set the file to binary mode. */

-	{

-#include <fcntl.h>

-	setmode(fileno(in),O_BINARY);

-	setmode(fileno(out),O_BINARY);

-	}

-#endif

-	if (keystr == NULL)

-		{ /* get key */

-		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);

-		if (i != 0)

-			{

-			OPENSSL_cleanse(buf,BUFSIZ);

-			fprintf(stderr,"bad password read\n");

-			exit(1);

-			}

-		keystr=buf;

-		}

-	EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL);

-	OPENSSL_cleanse(keystr,strlen(keystr));

-	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);

-	for(;;)

-		{

-		i=fread(buf,1,BUFSIZ,in);

-		if (i == 0) break;

-		if (i < 0)

-			{

-			perror("read");

-			exit(1);

-			}

-		RC4(&key,(unsigned int)i,(unsigned char *)buf,

-			(unsigned char *)buf);

-		i=fwrite(buf,(unsigned int)i,1,out);

-		if (i != 1)

-			{

-			perror("write");

-			exit(1);

-			}

-		}

-	fclose(out);

-	fclose(in);

-	exit(0);

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4.h

+++ /dev/null

@@ -1,87 +1,0 @@

-/* crypto/rc4/rc4.h */

-/* Copyright (C) 1995-1997 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RC4_H

-#define HEADER_RC4_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */

-#ifdef OPENSSL_NO_RC4

-#error RC4 is disabled.

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct rc4_key_st

-	{

-	RC4_INT x,y;

-	RC4_INT data[256];

-	} RC4_KEY;

-const char *RC4_options(void);

-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);

-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,

-		unsigned char *outdata);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4_enc.c

+++ /dev/null

@@ -1,315 +1,0 @@

-/* crypto/rc4/rc4_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc4.h>

-#include "rc4_locl.h"

-/* RC4 as implemented from a posting from

- * Newsgroups: sci.crypt

- * From: [email protected] (David Sterndark)

- * Subject: RC4 Algorithm revealed.

- * Message-ID: <[email protected]>

- * Date: Wed, 14 Sep 1994 06:35:31 GMT

- */

-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,

-	     unsigned char *outdata)

-	{

-        register RC4_INT *d;

-        register RC4_INT x,y,tx,ty;

-	int i;

-        x=key->x;

-        y=key->y;

-        d=key->data;

-#if defined(RC4_CHUNK)

-	/*

-	 * The original reason for implementing this(*) was the fact that

-	 * pre-21164a Alpha CPUs don't have byte load/store instructions

-	 * and e.g. a byte store has to be done with 64-bit load, shift,

-	 * and, or and finally 64-bit store. Peaking data and operating

-	 * at natural word size made it possible to reduce amount of

-	 * instructions as well as to perform early read-ahead without

-	 * suffering from RAW (read-after-write) hazard. This resulted

-	 * in ~40%(**) performance improvement on 21064 box with gcc.

-	 * But it's not only Alpha users who win here:-) Thanks to the

-	 * early-n-wide read-ahead this implementation also exhibits

-	 * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending

-	 * on sizeof(RC4_INT)).

-	 *

-	 * (*)	"this" means code which recognizes the case when input

-	 *	and output pointers appear to be aligned at natural CPU

-	 *	word boundary

-	 * (**)	i.e. according to 'apps/openssl speed rc4' benchmark,

-	 *	crypto/rc4/rc4speed.c exhibits almost 70% speed-up...

-	 *

-	 * Cavets.

-	 *

-	 * - RC4_CHUNK="unsigned long long" should be a #1 choice for

-	 *   UltraSPARC. Unfortunately gcc generates very slow code

-	 *   (2.5-3 times slower than one generated by Sun's WorkShop

-	 *   C) and therefore gcc (at least 2.95 and earlier) should

-	 *   always be told that RC4_CHUNK="unsigned long".

-	 *

-	 *					<[email protected]>

-	 */

-# define RC4_STEP	( \

-			x=(x+1) &0xff,	\

-			tx=d[x],	\

-			y=(tx+y)&0xff,	\

-			ty=d[y],	\

-			d[y]=tx,	\

-			d[x]=ty,	\

-			(RC4_CHUNK)d[(tx+ty)&0xff]\

-			)

-	if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) |

-	       ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )

-		{

-		RC4_CHUNK ichunk,otp;

-		const union { long one; char little; } is_endian = {1};

-		/*

-		 * I reckon we can afford to implement both endian

-		 * cases and to decide which way to take at run-time

-		 * because the machine code appears to be very compact

-		 * and redundant 1-2KB is perfectly tolerable (i.e.

-		 * in case the compiler fails to eliminate it:-). By

-		 * suggestion from Terrel Larson <[email protected]>

-		 * who also stands for the is_endian union:-)

-		 *

-		 * Special notes.

-		 *

-		 * - is_endian is declared automatic as doing otherwise

-		 *   (declaring static) prevents gcc from eliminating

-		 *   the redundant code;

-		 * - compilers (those I've tried) don't seem to have

-		 *   problems eliminating either the operators guarded

-		 *   by "if (sizeof(RC4_CHUNK)==8)" or the condition

-		 *   expressions themselves so I've got 'em to replace

-		 *   corresponding #ifdefs from the previous version;

-		 * - I chose to let the redundant switch cases when

-		 *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed

-		 *   before);

-		 * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in

-		 *   [LB]ESHFT guards against "shift is out of range"

-		 *   warnings when sizeof(RC4_CHUNK)!=8

-		 *

-		 *			<[email protected]>

-		 */

-		if (!is_endian.little)

-			{	/* BIG-ENDIAN CASE */

-# define BESHFT(c)	(((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))

-			for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))

-				{

-				ichunk  = *(RC4_CHUNK *)indata;

-				otp  = RC4_STEP<<BESHFT(0);

-				otp |= RC4_STEP<<BESHFT(1);

-				otp |= RC4_STEP<<BESHFT(2);

-				otp |= RC4_STEP<<BESHFT(3);

-				if (sizeof(RC4_CHUNK)==8)

-					{

-					otp |= RC4_STEP<<BESHFT(4);

-					otp |= RC4_STEP<<BESHFT(5);

-					otp |= RC4_STEP<<BESHFT(6);

-					otp |= RC4_STEP<<BESHFT(7);

-					}

-				*(RC4_CHUNK *)outdata = otp^ichunk;

-				indata  += sizeof(RC4_CHUNK);

-				outdata += sizeof(RC4_CHUNK);

-				}

-			if (len)

-				{

-				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;

-				ichunk = *(RC4_CHUNK *)indata;

-				ochunk = *(RC4_CHUNK *)outdata;

-				otp = 0;

-				i = BESHFT(0);

-				mask <<= (sizeof(RC4_CHUNK)-len)<<3;

-				switch (len&(sizeof(RC4_CHUNK)-1))

-					{

-					case 7:	otp  = RC4_STEP<<i, i-=8;

-					case 6:	otp |= RC4_STEP<<i, i-=8;

-					case 5:	otp |= RC4_STEP<<i, i-=8;

-					case 4:	otp |= RC4_STEP<<i, i-=8;

-					case 3:	otp |= RC4_STEP<<i, i-=8;

-					case 2:	otp |= RC4_STEP<<i, i-=8;

-					case 1:	otp |= RC4_STEP<<i, i-=8;

-					case 0: ; /*

-						   * it's never the case,

-						   * but it has to be here

-						   * for ultrix?

-						   */

-					}

-				ochunk &= ~mask;

-				ochunk |= (otp^ichunk) & mask;

-				*(RC4_CHUNK *)outdata = ochunk;

-				}

-			key->x=x;

-			key->y=y;

-			return;

-			}

-		else

-			{	/* LITTLE-ENDIAN CASE */

-# define LESHFT(c)	(((c)*8)&(sizeof(RC4_CHUNK)*8-1))

-			for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))

-				{

-				ichunk  = *(RC4_CHUNK *)indata;

-				otp  = RC4_STEP;

-				otp |= RC4_STEP<<8;

-				otp |= RC4_STEP<<16;

-				otp |= RC4_STEP<<24;

-				if (sizeof(RC4_CHUNK)==8)

-					{

-					otp |= RC4_STEP<<LESHFT(4);

-					otp |= RC4_STEP<<LESHFT(5);

-					otp |= RC4_STEP<<LESHFT(6);

-					otp |= RC4_STEP<<LESHFT(7);

-					}

-				*(RC4_CHUNK *)outdata = otp^ichunk;

-				indata  += sizeof(RC4_CHUNK);

-				outdata += sizeof(RC4_CHUNK);

-				}

-			if (len)

-				{

-				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;

-				ichunk = *(RC4_CHUNK *)indata;

-				ochunk = *(RC4_CHUNK *)outdata;

-				otp = 0;

-				i   = 0;

-				mask >>= (sizeof(RC4_CHUNK)-len)<<3;

-				switch (len&(sizeof(RC4_CHUNK)-1))

-					{

-					case 7:	otp  = RC4_STEP,    i+=8;

-					case 6:	otp |= RC4_STEP<<i, i+=8;

-					case 5:	otp |= RC4_STEP<<i, i+=8;

-					case 4:	otp |= RC4_STEP<<i, i+=8;

-					case 3:	otp |= RC4_STEP<<i, i+=8;

-					case 2:	otp |= RC4_STEP<<i, i+=8;

-					case 1:	otp |= RC4_STEP<<i, i+=8;

-					case 0: ; /*

-						   * it's never the case,

-						   * but it has to be here

-						   * for ultrix?

-						   */

-					}

-				ochunk &= ~mask;

-				ochunk |= (otp^ichunk) & mask;

-				*(RC4_CHUNK *)outdata = ochunk;

-				}

-			key->x=x;

-			key->y=y;

-			return;

-			}

-		}

-#endif

-#define LOOP(in,out) \

-		x=((x+1)&0xff); \

-		tx=d[x]; \

-		y=(tx+y)&0xff; \

-		d[x]=ty=d[y]; \

-		d[y]=tx; \

-		(out) = d[(tx+ty)&0xff]^ (in);

-#ifndef RC4_INDEX

-#define RC4_LOOP(a,b,i)	LOOP(*((a)++),*((b)++))

-#else

-#define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])

-#endif

-	i=(int)(len>>3L);

-	if (i)

-		{

-		for (;;)

-			{

-			RC4_LOOP(indata,outdata,0);

-			RC4_LOOP(indata,outdata,1);

-			RC4_LOOP(indata,outdata,2);

-			RC4_LOOP(indata,outdata,3);

-			RC4_LOOP(indata,outdata,4);

-			RC4_LOOP(indata,outdata,5);

-			RC4_LOOP(indata,outdata,6);

-			RC4_LOOP(indata,outdata,7);

-#ifdef RC4_INDEX

-			indata+=8;

-			outdata+=8;

-#endif

-			if (--i == 0) break;

-			}

-		}

-	i=(int)len&0x07;

-	if (i)

-		{

-		for (;;)

-			{

-			RC4_LOOP(indata,outdata,0); if (--i == 0) break;

-			RC4_LOOP(indata,outdata,1); if (--i == 0) break;

-			RC4_LOOP(indata,outdata,2); if (--i == 0) break;

-			RC4_LOOP(indata,outdata,3); if (--i == 0) break;

-			RC4_LOOP(indata,outdata,4); if (--i == 0) break;

-			RC4_LOOP(indata,outdata,5); if (--i == 0) break;

-			RC4_LOOP(indata,outdata,6); if (--i == 0) break;

-			}

-		}

-	key->x=x;

-	key->y=y;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4_locl.h

+++ /dev/null

@@ -1,5 +1,0 @@

-#ifndef HEADER_RC4_LOCL_H

-#define HEADER_RC4_LOCL_H

-#include <openssl/opensslconf.h>

-#include <cryptlib.h>

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4_skey.c

+++ /dev/null

@@ -1,150 +1,0 @@

-/* crypto/rc4/rc4_skey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc4.h>

-#include "rc4_locl.h"

-#include <openssl/opensslv.h>

-const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;

-const char *RC4_options(void)

-	{

-#ifdef RC4_INDEX

-	if (sizeof(RC4_INT) == 1)

-		return("rc4(idx,char)");

-	else

-		return("rc4(idx,int)");

-#else

-	if (sizeof(RC4_INT) == 1)

-		return("rc4(ptr,char)");

-	else

-		return("rc4(ptr,int)");

-#endif

-	}

-/* RC4 as implemented from a posting from

- * Newsgroups: sci.crypt

- * From: [email protected] (David Sterndark)

- * Subject: RC4 Algorithm revealed.

- * Message-ID: <[email protected]>

- * Date: Wed, 14 Sep 1994 06:35:31 GMT

- */

-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)

-	{

-        register RC4_INT tmp;

-        register int id1,id2;

-        register RC4_INT *d;

-        unsigned int i;

-        d= &(key->data[0]);

-        key->x = 0;

-        key->y = 0;

-        id1=id2=0;

-#define SK_LOOP(d,n) { \

-		tmp=d[(n)]; \

-		id2 = (data[id1] + tmp + id2) & 0xff; \

-		if (++id1 == len) id1=0; \

-		d[(n)]=d[id2]; \

-		d[id2]=tmp; }

-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)

-# if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \

-	defined(__INTEL__) || \

-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)

-	if (sizeof(RC4_INT) > 1) {

-		/*

-		 * Unlike all other x86 [and x86_64] implementations,

-		 * Intel P4 core [including EM64T] was found to perform

-		 * poorly with wider RC4_INT. Performance improvement

-		 * for IA-32 hand-coded assembler turned out to be 2.8x

-		 * if re-coded for RC4_CHAR! It's however inappropriate

-		 * to just switch to RC4_CHAR for x86[_64], as non-P4

-		 * implementations suffer from significant performance

-		 * losses then, e.g. PIII exhibits >2x deterioration,

-		 * and so does Opteron. In order to assure optimal

-		 * all-round performance, let us [try to] detect P4 at

-		 * run-time by checking upon HTT bit in CPU capability

-		 * vector and set up compressed key schedule, which is

-		 * recognized by correspondingly updated assembler

-		 * module...

-		 *				<[email protected]>

-		 */

-		if (OPENSSL_ia32cap_P & (1<<28)) {

-			unsigned char *cp=(unsigned char *)d;

-			for (i=0;i<256;i++) cp[i]=i;

-			for (i=0;i<256;i++) SK_LOOP(cp,i);

-			/* mark schedule as compressed! */

-			d[256/sizeof(RC4_INT)]=-1;

-			return;

-		}

-	}

-# endif

-#endif

-	for (i=0; i < 256; i++) d[i]=i;

-	for (i=0; i < 256; i+=4)

-		{

-		SK_LOOP(d,i+0);

-		SK_LOOP(d,i+1);

-		SK_LOOP(d,i+2);

-		SK_LOOP(d,i+3);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4s.cpp

+++ /dev/null

@@ -1,73 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/rc4.h>

-void main(int argc,char *argv[])

-	{

-	unsigned char buffer[1024];

-	RC4_KEY ctx;

-	unsigned long s1,s2,e1,e2;

-	unsigned char k[16];

-	unsigned long data[2];

-	unsigned char iv[8];

-	int i,num=64,numm;

-	int j=0;

-	if (argc >= 2)

-		num=atoi(argv[1]);

-	if (num == 0) num=256;

-	if (num > 1024-16) num=1024-16;

-	numm=num+8;

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<10; i++) /**/

-			{

-			RC4(&ctx,numm,buffer,buffer);

-			GetTSC(s1);

-			RC4(&ctx,numm,buffer,buffer);

-			GetTSC(e1);

-			GetTSC(s2);

-			RC4(&ctx,num,buffer,buffer);

-			GetTSC(e2);

-			RC4(&ctx,num,buffer,buffer);

-			}

-		printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,

-			e1-s1,e2-s2,(e1-s1)-(e2-s2));

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4speed.c

+++ /dev/null

@@ -1,253 +1,0 @@

-/* crypto/rc4/rc4speed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/rc4.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-#ifndef CLK_TCK

-#define HZ	100.0

-#else /* CLK_TCK */

-#define HZ ((double)CLK_TCK)

-#endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static unsigned char key[] ={

-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,

-			};

-	RC4_KEY sch;

-	double a,b,c,d;

-#ifndef SIGALRM

-	long ca,cb,cc;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	RC4_set_key(&sch,16,key);

-	count=10;

-	do	{

-		long i;

-		unsigned long data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			RC4(&sch,8,buf,buf);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count/512;

-	cc=count*8/BUFSIZE+1;

-	printf("Doing RC4_set_key %ld times\n",ca);

-#define COND(d)	(count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing RC4_set_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count+=4)

-		{

-		RC4_set_key(&sch,16,key);

-		RC4_set_key(&sch,16,key);

-		RC4_set_key(&sch,16,key);

-		RC4_set_key(&sch,16,key);

-		}

-	d=Time_F(STOP);

-	printf("%ld RC4_set_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		RC4(&sch,BUFSIZE,buf,buf);

-	d=Time_F(STOP);

-	printf("%ld RC4's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-	printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);

-	printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc4/rc4test.c

+++ /dev/null

@@ -1,236 +1,0 @@

-/* crypto/rc4/rc4test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_RC4

-int main(int argc, char *argv[])

-{

-    printf("No RC4 support\n");

-    return(0);

-}

-#else

-#include <openssl/rc4.h>

-#include <openssl/sha.h>

-static unsigned char keys[7][30]={

-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},

-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},

-	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{4,0xef,0x01,0x23,0x45},

-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},

-	{4,0xef,0x01,0x23,0x45},

-	};

-static unsigned char data_len[7]={8,8,8,20,28,10};

-static unsigned char data[7][30]={

-	{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	   0x00,0x00,0x00,0x00,0xff},

-	{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,

-	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,

-	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,

-	   0x12,0x34,0x56,0x78,0xff},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},

-	{0},

-	};

-static unsigned char output[7][30]={

-	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},

-	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},

-	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},

-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,

-	 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,

-	 0x36,0xb6,0x78,0x58,0x00},

-	{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,

-	 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,

-	 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,

-	 0x40,0x01,0x1e,0xcf,0x00},

-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},

-	{0},

-	};

-int main(int argc, char *argv[])

-	{

-	int err=0;

-	unsigned int i, j;

-	unsigned char *p;

-	RC4_KEY key;

-	unsigned char obuf[512];

-	for (i=0; i<6; i++)

-		{

-		RC4_set_key(&key,keys[i][0],&(keys[i][1]));

-		memset(obuf,0x00,sizeof(obuf));

-		RC4(&key,data_len[i],&(data[i][0]),obuf);

-		if (memcmp(obuf,output[i],data_len[i]+1) != 0)

-			{

-			printf("error calculating RC4\n");

-			printf("output:");

-			for (j=0; j<data_len[i]+1U; j++)

-				printf(" %02x",obuf[j]);

-			printf("\n");

-			printf("expect:");

-			p= &(output[i][0]);

-			for (j=0; j<data_len[i]+1U; j++)

-				printf(" %02x",*(p++));

-			printf("\n");

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		}

-	printf("test end processing ");

-	for (i=0; i<data_len[3]; i++)

-		{

-		RC4_set_key(&key,keys[3][0],&(keys[3][1]));

-		memset(obuf,0x00,sizeof(obuf));

-		RC4(&key,i,&(data[3][0]),obuf);

-		if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))

-			{

-			printf("error in RC4 length processing\n");

-			printf("output:");

-			for (j=0; j<i+1; j++)

-				printf(" %02x",obuf[j]);

-			printf("\n");

-			printf("expect:");

-			p= &(output[3][0]);

-			for (j=0; j<i; j++)

-				printf(" %02x",*(p++));

-			printf(" 00\n");

-			err++;

-			}

-		else

-			{

-			printf(".");

-			fflush(stdout);

-			}

-		}

-	printf("done\n");

-	printf("test multi-call ");

-	for (i=0; i<data_len[3]; i++)

-		{

-		RC4_set_key(&key,keys[3][0],&(keys[3][1]));

-		memset(obuf,0x00,sizeof(obuf));

-		RC4(&key,i,&(data[3][0]),obuf);

-		RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));

-		if (memcmp(obuf,output[3],data_len[3]+1) != 0)

-			{

-			printf("error in RC4 multi-call processing\n");

-			printf("output:");

-			for (j=0; j<data_len[3]+1U; j++)

-				printf(" %02x",obuf[j]);

-			printf("\n");

-			printf("expect:");

-			p= &(output[3][0]);

-			for (j=0; j<data_len[3]+1U; j++)

-				printf(" %02x",*(p++));

-			err++;

-			}

-		else

-			{

-			printf(".");

-			fflush(stdout);

-			}

-		}

-	printf("done\n");

-	printf("bulk test ");

-	{   unsigned char buf[513];

-	    SHA_CTX c;

-	    unsigned char md[SHA_DIGEST_LENGTH];

-	    static unsigned char expected[]={

-		0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,

-		0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };

-		RC4_set_key(&key,keys[0][0],&(keys[3][1]));

-		memset(buf,'\0',sizeof(buf));

-		SHA1_Init(&c);

-		for (i=0;i<2571;i++) {

-			RC4(&key,sizeof(buf),buf,buf);

-			SHA1_Update(&c,buf,sizeof(buf));

-		}

-		SHA1_Final(md,&c);

-		if (memcmp(md,expected,sizeof(md))) {

-			printf("error in RC4 bulk test\n");

-			printf("output:");

-			for (j=0; j<sizeof(md); j++)

-				printf(" %02x",md[j]);

-			printf("\n");

-			printf("expect:");

-			for (j=0; j<sizeof(md); j++)

-				printf(" %02x",expected[j]);

-			printf("\n");

-			err++;

-		}

-		else	printf("ok\n");

-	}

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	return(0);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc4/rrc4.doc

+++ /dev/null

@@ -1,278 +1,0 @@

-Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy

-Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark

-From: [email protected] (David Sterndark)

-Subject: RC4 Algorithm revealed.

-Message-ID: <[email protected]>

-Sender: [email protected]

-Organization: NETCOM On-line Communication Services (408 261-4700 guest)

-X-Newsreader: TIN [version 1.2 PL1]

-Date: Wed, 14 Sep 1994 06:35:31 GMT

-Lines: 263

-Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026

-I am shocked,  shocked, I tell you,  shocked, to discover

-that the cypherpunks have illegaly and criminally revealed

-a crucial RSA trade secret and harmed the security of

-America by reverse engineering the RC4 algorithm and

-publishing it to the world.

-On Saturday morning an anonymous cypherpunk wrote:

-   SUBJECT:  RC4 Source Code

-   I've tested this.  It is compatible with the RC4 object module

-   that comes in the various RSA toolkits.

-   /* rc4.h */

-   typedef struct rc4_key

-   {

-        unsigned char state[256];

-        unsigned char x;

-        unsigned char y;

-   } rc4_key;

-   void prepare_key(unsigned char *key_data_ptr,int key_data_len,

-   rc4_key *key);

-   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);

-   /*rc4.c */

-   #include "rc4.h"

-   static void swap_byte(unsigned char *a, unsigned char *b);

-   void prepare_key(unsigned char *key_data_ptr, int key_data_len,

-   rc4_key *key)

-   {

-        unsigned char swapByte;

-        unsigned char index1;

-        unsigned char index2;

-        unsigned char* state;

-        short counter;

-        state = &key->state[0];

-        for(counter = 0; counter < 256; counter++)

-        state[counter] = counter;

-        key->x = 0;

-        key->y = 0;

-        index1 = 0;

-        index2 = 0;

-        for(counter = 0; counter < 256; counter++)

-        {

-             index2 = (key_data_ptr[index1] + state[counter] +

-                index2) % 256;

-             swap_byte(&state[counter], &state[index2]);

-             index1 = (index1 + 1) % key_data_len;

-        }

-    }

-    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)

-    {

-        unsigned char x;

-        unsigned char y;

-        unsigned char* state;

-        unsigned char xorIndex;

-        short counter;

-        x = key->x;

-        y = key->y;

-        state = &key->state[0];

-        for(counter = 0; counter < buffer_len; counter ++)

-        {

-             x = (x + 1) % 256;

-             y = (state[x] + y) % 256;

-             swap_byte(&state[x], &state[y]);

-             xorIndex = (state[x] + state[y]) % 256;

-             buffer_ptr[counter] ^= state[xorIndex];

-         }

-         key->x = x;

-         key->y = y;

-    }

-    static void swap_byte(unsigned char *a, unsigned char *b)

-    {

-        unsigned char swapByte;

-        swapByte = *a;

-        *a = *b;

-        *b = swapByte;

-    }

-Another cypherpunk, this one not anonymous, tested the

-output from this algorithm against the output from

-official RC4 object code

-   Date: Tue, 13 Sep 94 18:37:56 PDT

-   From: [email protected] (Eric Rescorla)

-   Message-Id: <[email protected]>

-   Subject: RC4 compatibility testing

-   Cc: [email protected]

-   One data point:

-   I can't say anything about the internals of RC4 versus the

-   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',

-   since I don't know anything about RC4's internals.

-   However, I do have a (legitimately acquired) copy of BSAFE2 and

-   so I'm able to compare the output of this algorithm to the output

-   of genuine RC4 as found in BSAFE. I chose a set of test vectors

-   and ran them through both algorithms. The algorithms appear to

-   give identical results, at least with these key/plaintext pairs.

-   I note that this is the algorithm _without_ Hal Finney's

-   proposed modification

-   (see <[email protected]>).

-   The vectors I used (together with the ciphertext they produce)

-   follow at the end of this message.

-   -Ekr

-   Disclaimer: This posting does not reflect the opinions of EIT.

-   --------------------results follow--------------

-   Test vector 0

-   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef

-   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef

-   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96

-   Test vector 1

-   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef

-   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

-   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79

-   Test vector 2

-   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

-   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

-   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a

-   Test vector 3

-   Key: 0xef 0x01 0x23 0x45

-   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

-   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61

-   Test vector 4

-   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef

-   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01

-   0x01

-   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4

-   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f

-   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca

-   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d

-   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1

-   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6

-   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95

-   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a

-   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3

-   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56

-   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa

-   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd

-   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5

-   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6

-   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a

-   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6

-   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53

-   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32

-   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8

-   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0

-   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10

-   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62

-   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e

-   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef

-   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90

-   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29

-   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b

-   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16

-   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64

-   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86

-   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26

-   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91

-   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3

-   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35

-   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b

-   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8

-   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80

-   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2

-   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8

-   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d

-   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6

-   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c

-   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37

-   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00

-   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd

-   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f

-   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58

-   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12

-   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58

-   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4

-   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0

-   0xc0

---

- ---------------------------------------------------------------------

-We have the right to defend ourselves and our

-property, because of the kind of animals that we              James A. Donald

-are.  True law derives from this right, not from

-the arbitrary power of the omnipotent state.                [email protected]

--- a/sys/src/ape/lib/openssl/crypto/rc5/Makefile

+++ /dev/null

@@ -1,103 +1,0 @@

-#

-# OpenSSL/crypto/rc5/Makefile

-#

-DIR=	rc5

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-RC5_ENC=		rc5_enc.o

-# or use

-#DES_ENC=	r586-elf.o

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=rc5test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c

-LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o

-SRC= $(LIBSRC)

-EXHEADER= rc5.h

-HEADER=	rc5_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@)

-# COFF

-r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@)

-# a.out

-r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

-	(cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rc5_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rc5_ecb.o: ../../include/openssl/rc5.h rc5_ecb.c rc5_locl.h

-rc5_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h

-rc5_enc.o: rc5_enc.c rc5_locl.h

-rc5_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h

-rc5_skey.o: rc5_locl.h rc5_skey.c

-rc5cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h

-rc5cfb64.o: rc5_locl.h rc5cfb64.c

-rc5ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h

-rc5ofb64.o: rc5_locl.h rc5ofb64.c

--- a/sys/src/ape/lib/openssl/crypto/rc5/asm/rc5-586.pl

+++ /dev/null

@@ -1,109 +1,0 @@

-#!/usr/local/bin/perl

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-require "cbc.pl";

-&asm_init($ARGV[0],"rc5-586.pl");

-$RC5_MAX_ROUNDS=16;

-$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;

-$A="edi";

-$B="esi";

-$S="ebp";

-$tmp1="eax";

-$r="ebx";

-$tmpc="ecx";

-$tmp4="edx";

-&RC5_32_encrypt("RC5_32_encrypt",1);

-&RC5_32_encrypt("RC5_32_decrypt",0);

-&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);

-&asm_finish();

-sub RC5_32_encrypt

-	{

-	local($name,$enc)=@_;

-	&function_begin_B($name,"");

-	&comment("");

-	&push("ebp");

-	 &push("esi");

-	&push("edi");

-	 &mov($tmp4,&wparam(0));

-	&mov($S,&wparam(1));

-	&comment("Load the 2 words");

-	 &mov($A,&DWP(0,$tmp4,"",0));

-	&mov($B,&DWP(4,$tmp4,"",0));

-	&push($r);

-	 &mov($r,	&DWP(0,$S,"",0));

-	# encrypting part

-	if ($enc)

-		{

-		 &add($A,	&DWP(4+0,$S,"",0));

-		&add($B,	&DWP(4+4,$S,"",0));

-		for ($i=0; $i<$RC5_MAX_ROUNDS; $i++)

-			{

-			 &xor($A,	$B);

-			&mov($tmp1,	&DWP(12+$i*8,$S,"",0));

-			 &mov($tmpc,	$B);

-			&rotl($A,	&LB("ecx"));

-			&add($A,	$tmp1);

-			 &xor($B,	$A);

-			&mov($tmp1,	&DWP(16+$i*8,$S,"",0));

-			 &mov($tmpc,	$A);

-			&rotl($B,	&LB("ecx"));

-			&add($B,	$tmp1);

-			if (($i == 7) || ($i == 11))

-				{

-			 &cmp($r,	$i+1);

-			&je(&label("rc5_exit"));

-				}

-			}

-		}

-	else

-		{

-		 &cmp($r,	12);

-		&je(&label("rc5_dec_12"));

-		 &cmp($r,	8);

-		&je(&label("rc5_dec_8"));

-		for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--)

-			{

-			&set_label("rc5_dec_$i") if ($i == 12) || ($i == 8);

-			 &mov($tmp1,	&DWP($i*8+8,$S,"",0));

-			&sub($B,	$tmp1);

-			 &mov($tmpc,	$A);

-			&rotr($B,	&LB("ecx"));

-			&xor($B,	$A);

-			 &mov($tmp1,	&DWP($i*8+4,$S,"",0));

-			&sub($A,	$tmp1);

-			 &mov($tmpc,	$B);

-			&rotr($A,	&LB("ecx"));

-			&xor($A,	$B);

-			}

-		 &sub($B,	&DWP(4+4,$S,"",0));

-		&sub($A,	&DWP(4+0,$S,"",0));

-		}

-	&set_label("rc5_exit");

-	 &mov(&DWP(0,$tmp4,"",0),$A);

-	&mov(&DWP(4,$tmp4,"",0),$B);

-	 &pop("ebx");

-	&pop("edi");

-	 &pop("esi");

-	&pop("ebp");

-	 &ret();

-	&function_end_B($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5.h

+++ /dev/null

@@ -1,118 +1,0 @@

-/* crypto/rc5/rc5.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RC5_H

-#define HEADER_RC5_H

-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC5 */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_RC5

-#error RC5 is disabled.

-#endif

-#define RC5_ENCRYPT	1

-#define RC5_DECRYPT	0

-/* 32 bit.  For Alpha, things may get weird */

-#define RC5_32_INT unsigned long

-#define RC5_32_BLOCK		8

-#define RC5_32_KEY_LENGTH	16 /* This is a default, max is 255 */

-/* This are the only values supported.  Tweak the code if you want more

- * The most supported modes will be

- * RC5-32/12/16

- * RC5-32/16/8

- */

-#define RC5_8_ROUNDS	8

-#define RC5_12_ROUNDS	12

-#define RC5_16_ROUNDS	16

-typedef struct rc5_key_st

-	{

-	/* Number of rounds */

-	int rounds;

-	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];

-	} RC5_32_KEY;

-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,

-	int rounds);

-void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,

-	int enc);

-void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);

-void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);

-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,

-			long length, RC5_32_KEY *ks, unsigned char *iv,

-			int enc);

-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			  long length, RC5_32_KEY *schedule,

-			  unsigned char *ivec, int *num, int enc);

-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			  long length, RC5_32_KEY *schedule,

-			  unsigned char *ivec, int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5_ecb.c

+++ /dev/null

@@ -1,80 +1,0 @@

-/* crypto/rc5/rc5_ecb.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc5.h>

-#include "rc5_locl.h"

-#include <openssl/opensslv.h>

-const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;

-void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,

-			RC5_32_KEY *ks, int encrypt)

-	{

-	unsigned long l,d[2];

-	c2l(in,l); d[0]=l;

-	c2l(in,l); d[1]=l;

-	if (encrypt)

-		RC5_32_encrypt(d,ks);

-	else

-		RC5_32_decrypt(d,ks);

-	l=d[0]; l2c(l,out);

-	l=d[1]; l2c(l,out);

-	l=d[0]=d[1]=0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5_enc.c

+++ /dev/null

@@ -1,215 +1,0 @@

-/* crypto/rc5/rc5_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/rc5.h>

-#include "rc5_locl.h"

-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,

-			long length, RC5_32_KEY *ks, unsigned char *iv,

-			int encrypt)

-	{

-	register unsigned long tin0,tin1;

-	register unsigned long tout0,tout1,xor0,xor1;

-	register long l=length;

-	unsigned long tin[2];

-	if (encrypt)

-		{

-		c2l(iv,tout0);

-		c2l(iv,tout1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0);

-			c2l(in,tin1);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			RC5_32_encrypt(tin,ks);

-			tout0=tin[0]; l2c(tout0,out);

-			tout1=tin[1]; l2c(tout1,out);

-			}

-		if (l != -8)

-			{

-			c2ln(in,tin0,tin1,l+8);

-			tin0^=tout0;

-			tin1^=tout1;

-			tin[0]=tin0;

-			tin[1]=tin1;

-			RC5_32_encrypt(tin,ks);

-			tout0=tin[0]; l2c(tout0,out);

-			tout1=tin[1]; l2c(tout1,out);

-			}

-		l2c(tout0,iv);

-		l2c(tout1,iv);

-		}

-	else

-		{

-		c2l(iv,xor0);

-		c2l(iv,xor1);

-		iv-=8;

-		for (l-=8; l>=0; l-=8)

-			{

-			c2l(in,tin0); tin[0]=tin0;

-			c2l(in,tin1); tin[1]=tin1;

-			RC5_32_decrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2c(tout0,out);

-			l2c(tout1,out);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		if (l != -8)

-			{

-			c2l(in,tin0); tin[0]=tin0;

-			c2l(in,tin1); tin[1]=tin1;

-			RC5_32_decrypt(tin,ks);

-			tout0=tin[0]^xor0;

-			tout1=tin[1]^xor1;

-			l2cn(tout0,tout1,out,l+8);

-			xor0=tin0;

-			xor1=tin1;

-			}

-		l2c(xor0,iv);

-		l2c(xor1,iv);

-		}

-	tin0=tin1=tout0=tout1=xor0=xor1=0;

-	tin[0]=tin[1]=0;

-	}

-void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)

-	{

-	RC5_32_INT a,b,*s;

-	s=key->data;

-	a=d[0]+s[0];

-	b=d[1]+s[1];

-	E_RC5_32(a,b,s, 2);

-	E_RC5_32(a,b,s, 4);

-	E_RC5_32(a,b,s, 6);

-	E_RC5_32(a,b,s, 8);

-	E_RC5_32(a,b,s,10);

-	E_RC5_32(a,b,s,12);

-	E_RC5_32(a,b,s,14);

-	E_RC5_32(a,b,s,16);

-	if (key->rounds == 12)

-		{

-		E_RC5_32(a,b,s,18);

-		E_RC5_32(a,b,s,20);

-		E_RC5_32(a,b,s,22);

-		E_RC5_32(a,b,s,24);

-		}

-	else if (key->rounds == 16)

-		{

-		/* Do a full expansion to avoid a jump */

-		E_RC5_32(a,b,s,18);

-		E_RC5_32(a,b,s,20);

-		E_RC5_32(a,b,s,22);

-		E_RC5_32(a,b,s,24);

-		E_RC5_32(a,b,s,26);

-		E_RC5_32(a,b,s,28);

-		E_RC5_32(a,b,s,30);

-		E_RC5_32(a,b,s,32);

-		}

-	d[0]=a;

-	d[1]=b;

-	}

-void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)

-	{

-	RC5_32_INT a,b,*s;

-	s=key->data;

-	a=d[0];

-	b=d[1];

-	if (key->rounds == 16)

-		{

-		D_RC5_32(a,b,s,32);

-		D_RC5_32(a,b,s,30);

-		D_RC5_32(a,b,s,28);

-		D_RC5_32(a,b,s,26);

-		/* Do a full expansion to avoid a jump */

-		D_RC5_32(a,b,s,24);

-		D_RC5_32(a,b,s,22);

-		D_RC5_32(a,b,s,20);

-		D_RC5_32(a,b,s,18);

-		}

-	else if (key->rounds == 12)

-		{

-		D_RC5_32(a,b,s,24);

-		D_RC5_32(a,b,s,22);

-		D_RC5_32(a,b,s,20);

-		D_RC5_32(a,b,s,18);

-		}

-	D_RC5_32(a,b,s,16);

-	D_RC5_32(a,b,s,14);

-	D_RC5_32(a,b,s,12);

-	D_RC5_32(a,b,s,10);

-	D_RC5_32(a,b,s, 8);

-	D_RC5_32(a,b,s, 6);

-	D_RC5_32(a,b,s, 4);

-	D_RC5_32(a,b,s, 2);

-	d[0]=a-s[0];

-	d[1]=b-s[1];

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5_locl.h

+++ /dev/null

@@ -1,207 +1,0 @@

-/* crypto/rc5/rc5_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdlib.h>

-#undef c2l

-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \

-			 l|=((unsigned long)(*((c)++)))<< 8L, \

-			 l|=((unsigned long)(*((c)++)))<<16L, \

-			 l|=((unsigned long)(*((c)++)))<<24L)

-/* NOTE - c is not incremented as per c2l */

-#undef c2ln

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \

-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \

-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \

-			case 5: l2|=((unsigned long)(*(--(c))));     \

-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \

-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \

-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \

-			case 1: l1|=((unsigned long)(*(--(c))));     \

-				} \

-			}

-#undef l2c

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

-/* NOTE - c is not incremented as per l2c */

-#undef l2cn

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \

-				} \

-			}

-/* NOTE - c is not incremented as per n2l */

-#define n2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))    ; \

-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \

-			case 4: l1 =((unsigned long)(*(--(c))))    ; \

-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \

-				} \

-			}

-/* NOTE - c is not incremented as per l2n */

-#define l2nn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-				} \

-			}

-#undef n2l

-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \

-                         l|=((unsigned long)(*((c)++)))<<16L, \

-                         l|=((unsigned long)(*((c)++)))<< 8L, \

-                         l|=((unsigned long)(*((c)++))))

-#undef l2n

-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

-                         *((c)++)=(unsigned char)(((l)     )&0xff))

-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)

-#define ROTATE_l32(a,n)     _lrotl(a,n)

-#define ROTATE_r32(a,n)     _lrotr(a,n)

-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)

-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)

-#  define ROTATE_l32(a,n)	({ register unsigned int ret;	\

-					asm ("roll %%cl,%0"	\

-						: "=r"(ret)	\

-						: "c"(n),"0"(a)	\

-						: "cc");	\

-					ret;			\

-				})

-#  define ROTATE_r32(a,n)	({ register unsigned int ret;	\

-					asm ("rorl %%cl,%0"	\

-						: "=r"(ret)	\

-						: "c"(n),"0"(a)	\

-						: "cc");	\

-					ret;			\

-				})

-# endif

-#endif

-#ifndef ROTATE_l32

-#define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))

-#endif

-#ifndef ROTATE_r32

-#define ROTATE_r32(a,n)     (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))

-#endif

-#define RC5_32_MASK	0xffffffffL

-#define RC5_16_P	0xB7E1

-#define RC5_16_Q	0x9E37

-#define RC5_32_P	0xB7E15163L

-#define RC5_32_Q	0x9E3779B9L

-#define RC5_64_P	0xB7E151628AED2A6BLL

-#define RC5_64_Q	0x9E3779B97F4A7C15LL

-#define E_RC5_32(a,b,s,n) \

-	a^=b; \

-	a=ROTATE_l32(a,b); \

-	a+=s[n]; \

-	a&=RC5_32_MASK; \

-	b^=a; \

-	b=ROTATE_l32(b,a); \

-	b+=s[n+1]; \

-	b&=RC5_32_MASK;

-#define D_RC5_32(a,b,s,n) \

-	b-=s[n+1]; \

-	b&=RC5_32_MASK; \

-	b=ROTATE_r32(b,a); \

-	b^=a; \

-	a-=s[n]; \

-	a&=RC5_32_MASK; \

-	a=ROTATE_r32(a,b); \

-	a^=b;

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5_skey.c

+++ /dev/null

@@ -1,113 +1,0 @@

-/* crypto/rc5/rc5_skey.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc5.h>

-#include "rc5_locl.h"

-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,

-		    int rounds)

-	{

-	RC5_32_INT L[64],l,ll,A,B,*S,k;

-	int i,j,m,c,t,ii,jj;

-	if (	(rounds != RC5_16_ROUNDS) &&

-		(rounds != RC5_12_ROUNDS) &&

-		(rounds != RC5_8_ROUNDS))

-		rounds=RC5_16_ROUNDS;

-	key->rounds=rounds;

-	S= &(key->data[0]);

-	j=0;

-	for (i=0; i<=(len-8); i+=8)

-		{

-		c2l(data,l);

-		L[j++]=l;

-		c2l(data,l);

-		L[j++]=l;

-		}

-	ii=len-i;

-	if (ii)

-		{

-		k=len&0x07;

-		c2ln(data,l,ll,k);

-		L[j+0]=l;

-		L[j+1]=ll;

-		}

-	c=(len+3)/4;

-	t=(rounds+1)*2;

-	S[0]=RC5_32_P;

-	for (i=1; i<t; i++)

-		S[i]=(S[i-1]+RC5_32_Q)&RC5_32_MASK;

-	j=(t>c)?t:c;

-	j*=3;

-	ii=jj=0;

-	A=B=0;

-	for (i=0; i<j; i++)

-		{

-		k=(S[ii]+A+B)&RC5_32_MASK;

-		A=S[ii]=ROTATE_l32(k,3);

-		m=(int)(A+B);

-		k=(L[jj]+A+B)&RC5_32_MASK;

-		B=L[jj]=ROTATE_l32(k,m);

-		if (++ii >= t) ii=0;

-		if (++jj >= c) jj=0;

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5cfb64.c

+++ /dev/null

@@ -1,122 +1,0 @@

-/* crypto/rc5/rc5cfb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc5.h>

-#include "rc5_locl.h"

-/* The input and output encrypted as though 64bit cfb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,

-			  long length, RC5_32_KEY *schedule,

-			  unsigned char *ivec, int *num, int encrypt)

-	{

-	register unsigned long v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned long ti[2];

-	unsigned char *iv,c,cc;

-	iv=(unsigned char *)ivec;

-	if (encrypt)

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0); ti[0]=v0;

-				c2l(iv,v1); ti[1]=v1;

-				RC5_32_encrypt((unsigned long *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2c(t,iv);

-				t=ti[1]; l2c(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			c= *(in++)^iv[n];

-			*(out++)=c;

-			iv[n]=c;

-			n=(n+1)&0x07;

-			}

-		}

-	else

-		{

-		while (l--)

-			{

-			if (n == 0)

-				{

-				c2l(iv,v0); ti[0]=v0;

-				c2l(iv,v1); ti[1]=v1;

-				RC5_32_encrypt((unsigned long *)ti,schedule);

-				iv=(unsigned char *)ivec;

-				t=ti[0]; l2c(t,iv);

-				t=ti[1]; l2c(t,iv);

-				iv=(unsigned char *)ivec;

-				}

-			cc= *(in++);

-			c=iv[n];

-			iv[n]=cc;

-			*(out++)=c^cc;

-			n=(n+1)&0x07;

-			}

-		}

-	v0=v1=ti[0]=ti[1]=t=c=cc=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5ofb64.c

+++ /dev/null

@@ -1,111 +1,0 @@

-/* crypto/rc5/rc5ofb64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/rc5.h>

-#include "rc5_locl.h"

-/* The input and output encrypted as though 64bit ofb mode is being

- * used.  The extra state information to record how much of the

- * 64bit block we have used is contained in *num;

- */

-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,

-			  long length, RC5_32_KEY *schedule,

-			  unsigned char *ivec, int *num)

-	{

-	register unsigned long v0,v1,t;

-	register int n= *num;

-	register long l=length;

-	unsigned char d[8];

-	register char *dp;

-	unsigned long ti[2];

-	unsigned char *iv;

-	int save=0;

-	iv=(unsigned char *)ivec;

-	c2l(iv,v0);

-	c2l(iv,v1);

-	ti[0]=v0;

-	ti[1]=v1;

-	dp=(char *)d;

-	l2c(v0,dp);

-	l2c(v1,dp);

-	while (l--)

-		{

-		if (n == 0)

-			{

-			RC5_32_encrypt((unsigned long *)ti,schedule);

-			dp=(char *)d;

-			t=ti[0]; l2c(t,dp);

-			t=ti[1]; l2c(t,dp);

-			save++;

-			}

-		*(out++)= *(in++)^d[n];

-		n=(n+1)&0x07;

-		}

-	if (save)

-		{

-		v0=ti[0];

-		v1=ti[1];

-		iv=(unsigned char *)ivec;

-		l2c(v0,iv);

-		l2c(v1,iv);

-		}

-	t=v0=v1=ti[0]=ti[1]=0;

-	*num=n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5s.cpp

+++ /dev/null

@@ -1,70 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/rc5.h>

-void main(int argc,char *argv[])

-	{

-	RC5_32_KEY key;

-	unsigned long s1,s2,e1,e2;

-	unsigned long data[2];

-	int i,j;

-	static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};

-	RC5_32_set_key(&key, 16,d,12);

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<1000; i++) /**/

-			{

-			RC5_32_encrypt(&data[0],&key);

-			GetTSC(s1);

-			RC5_32_encrypt(&data[0],&key);

-			RC5_32_encrypt(&data[0],&key);

-			RC5_32_encrypt(&data[0],&key);

-			GetTSC(e1);

-			GetTSC(s2);

-			RC5_32_encrypt(&data[0],&key);

-			RC5_32_encrypt(&data[0],&key);

-			RC5_32_encrypt(&data[0],&key);

-			RC5_32_encrypt(&data[0],&key);

-			GetTSC(e2);

-			RC5_32_encrypt(&data[0],&key);

-			}

-		printf("cast %d %d (%d)\n",

-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5speed.c

+++ /dev/null

@@ -1,277 +1,0 @@

-/* crypto/rc5/rc5speed.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */

-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)

-#define TIMES

-#endif

-#include <stdio.h>

-#include <openssl/e_os2.h>

-#include OPENSSL_UNISTD_IO

-OPENSSL_DECLARE_EXIT

-#ifndef OPENSSL_SYS_NETWARE

-#include <signal.h>

-#endif

-#ifndef _IRIX

-#include <time.h>

-#endif

-#ifdef TIMES

-#include <sys/types.h>

-#include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#ifndef TIMES

-#include <sys/timeb.h>

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#include <openssl/rc5.h>

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-#ifndef CLK_TCK

-#define HZ	100.0

-#else /* CLK_TCK */

-#define HZ ((double)CLK_TCK)

-#endif

-#endif

-#define BUFSIZE	((long)1024)

-long run=0;

-double Time_F(int s);

-#ifdef SIGALRM

-#if defined(__STDC__) || defined(sgi) || defined(_AIX)

-#define SIGRETTYPE void

-#else

-#define SIGRETTYPE int

-#endif

-SIGRETTYPE sig_done(int sig);

-SIGRETTYPE sig_done(int sig)

-	{

-	signal(SIGALRM,sig_done);

-	run=0;

-#ifdef LINT

-	sig=sig;

-#endif

-	}

-#endif

-#define START	0

-#define STOP	1

-double Time_F(int s)

-	{

-	double ret;

-#ifdef TIMES

-	static struct tms tstart,tend;

-	if (s == START)

-		{

-		times(&tstart);

-		return(0);

-		}

-	else

-		{

-		times(&tend);

-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#else /* !times() */

-	static struct timeb tstart,tend;

-	long i;

-	if (s == START)

-		{

-		ftime(&tstart);

-		return(0);

-		}

-	else

-		{

-		ftime(&tend);

-		i=(long)tend.millitm-(long)tstart.millitm;

-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;

-		return((ret == 0.0)?1e-6:ret);

-		}

-#endif

-	}

-int main(int argc, char **argv)

-	{

-	long count;

-	static unsigned char buf[BUFSIZE];

-	static unsigned char key[] ={

-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,

-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,

-			};

-	RC5_32_KEY sch;

-	double a,b,c,d;

-#ifndef SIGALRM

-	long ca,cb,cc;

-#endif

-#ifndef TIMES

-	printf("To get the most accurate results, try to run this\n");

-	printf("program when this computer is idle.\n");

-#endif

-#ifndef SIGALRM

-	printf("First we calculate the approximate speed ...\n");

-	RC5_32_set_key(&sch,16,key,12);

-	count=10;

-	do	{

-		long i;

-		unsigned long data[2];

-		count*=2;

-		Time_F(START);

-		for (i=count; i; i--)

-			RC5_32_encrypt(data,&sch);

-		d=Time_F(STOP);

-		} while (d < 3.0);

-	ca=count/512;

-	cb=count;

-	cc=count*8/BUFSIZE+1;

-	printf("Doing RC5_32_set_key %ld times\n",ca);

-#define COND(d)	(count != (d))

-#define COUNT(d) (d)

-#else

-#define COND(c)	(run)

-#define COUNT(d) (count)

-	signal(SIGALRM,sig_done);

-	printf("Doing RC5_32_set_key for 10 seconds\n");

-	alarm(10);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(ca); count+=4)

-		{

-		RC5_32_set_key(&sch,16,key,12);

-		RC5_32_set_key(&sch,16,key,12);

-		RC5_32_set_key(&sch,16,key,12);

-		RC5_32_set_key(&sch,16,key,12);

-		}

-	d=Time_F(STOP);

-	printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d);

-	a=((double)COUNT(ca))/d;

-#ifdef SIGALRM

-	printf("Doing RC5_32_encrypt's for 10 seconds\n");

-	alarm(10);

-#else

-	printf("Doing RC5_32_encrypt %ld times\n",cb);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cb); count+=4)

-		{

-		unsigned long data[2];

-		RC5_32_encrypt(data,&sch);

-		RC5_32_encrypt(data,&sch);

-		RC5_32_encrypt(data,&sch);

-		RC5_32_encrypt(data,&sch);

-		}

-	d=Time_F(STOP);

-	printf("%ld RC5_32_encrypt's in %.2f second\n",count,d);

-	b=((double)COUNT(cb)*8)/d;

-#ifdef SIGALRM

-	printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",

-		BUFSIZE);

-	alarm(10);

-#else

-	printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc,

-		BUFSIZE);

-#endif

-	Time_F(START);

-	for (count=0,run=1; COND(cc); count++)

-		RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch,

-			&(key[0]),RC5_ENCRYPT);

-	d=Time_F(STOP);

-	printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",

-		count,BUFSIZE,d);

-	c=((double)COUNT(cc)*BUFSIZE)/d;

-	printf("RC5_32/12/16 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);

-	printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);

-	printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);

-	exit(0);

-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)

-	return(0);

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/rc5/rc5test.c

+++ /dev/null

@@ -1,386 +1,0 @@

-/* crypto/rc5/rc5test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other

- * RC5 modes, more of the code will be uncommented. */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_RC5

-int main(int argc, char *argv[])

-{

-    printf("No RC5 support\n");

-    return(0);

-}

-#else

-#include <openssl/rc5.h>

-static unsigned char RC5key[5][16]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x91,0x5f,0x46,0x19,0xbe,0x41,0xb2,0x51,

-	 0x63,0x55,0xa5,0x01,0x10,0xa9,0xce,0x91},

-	{0x78,0x33,0x48,0xe7,0x5a,0xeb,0x0f,0x2f,

-	 0xd7,0xb1,0x69,0xbb,0x8d,0xc1,0x67,0x87},

-	{0xdc,0x49,0xdb,0x13,0x75,0xa5,0x58,0x4f,

-	 0x64,0x85,0xb4,0x13,0xb5,0xf1,0x2b,0xaf},

-	{0x52,0x69,0xf1,0x49,0xd4,0x1b,0xa0,0x15,

-	 0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25},

-	};

-static unsigned char RC5plain[5][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},

-	{0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},

-	{0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},

-	{0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},

-	};

-static unsigned char RC5cipher[5][8]={

-	{0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},

-	{0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},

-	{0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},

-	{0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},

-	{0xEB,0x44,0xE4,0x15,0xDA,0x31,0x98,0x24},

-	};

-#define RC5_CBC_NUM 27

-static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={

-	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1e},

-	{0x79,0x7b,0xba,0x4d,0x78,0x11,0x1d,0x1e},

-	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},

-	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},

-	{0x8b,0x9d,0xed,0x91,0xce,0x77,0x94,0xa6},

-	{0x2f,0x75,0x9f,0xe7,0xad,0x86,0xa3,0x78},

-	{0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},

-	{0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},

-	{0xdc,0xfe,0x09,0x85,0x77,0xec,0xa5,0xff},

-	{0x96,0x46,0xfb,0x77,0x63,0x8f,0x9c,0xa8},

-	{0xb2,0xb3,0x20,0x9d,0xb6,0x59,0x4d,0xa4},

-	{0x54,0x5f,0x7f,0x32,0xa5,0xfc,0x38,0x36},

-	{0x82,0x85,0xe7,0xc1,0xb5,0xbc,0x74,0x02},

-	{0xfc,0x58,0x6f,0x92,0xf7,0x08,0x09,0x34},

-	{0xcf,0x27,0x0e,0xf9,0x71,0x7f,0xf7,0xc4},

-	{0xe4,0x93,0xf1,0xc1,0xbb,0x4d,0x6e,0x8c},

-	{0x5c,0x4c,0x04,0x1e,0x0f,0x21,0x7a,0xc3},

-	{0x92,0x1f,0x12,0x48,0x53,0x73,0xb4,0xf7},

-	{0x5b,0xa0,0xca,0x6b,0xbe,0x7f,0x5f,0xad},

-	{0xc5,0x33,0x77,0x1c,0xd0,0x11,0x0e,0x63},

-	{0x29,0x4d,0xdb,0x46,0xb3,0x27,0x8d,0x60},

-	{0xda,0xd6,0xbd,0xa9,0xdf,0xe8,0xf7,0xe8},

-	{0x97,0xe0,0x78,0x78,0x37,0xed,0x31,0x7f},

-	{0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},

-	{0x8f,0x34,0xc3,0xc6,0x81,0xc9,0x96,0x95},

-	{0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},

-	{0x7f,0xd1,0xa0,0x23,0xa5,0xbb,0xa2,0x17},

-	};

-static unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 1,0x11},

-	{ 1,0x00},

-	{ 4,0x00,0x00,0x00,0x00},

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 1,0x00},

-	{ 4,0x01,0x02,0x03,0x04},

-	{ 4,0x01,0x02,0x03,0x04},

-	{ 4,0x01,0x02,0x03,0x04},

-	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,

-	    0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,

-	    0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,

-	    0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{ 5,0x01,0x02,0x03,0x04,0x05},

-	{ 5,0x01,0x02,0x03,0x04,0x05},

-	{ 5,0x01,0x02,0x03,0x04,0x05},

-	{ 5,0x01,0x02,0x03,0x04,0x05},

-	{ 5,0x01,0x02,0x03,0x04,0x05},

-	};

-static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},

-	{0x08,0x08,0x08,0x08,0x08,0x08,0x08,0x08},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x01},

-	};

-static int rc5_cbc_rounds[RC5_CBC_NUM]={

-	 0, 0, 0, 0, 0, 1, 2, 2,

-	 8, 8,12,16, 8,12,16,12,

-	 8,12,16, 8,12,16,12, 8,

-	 8, 8, 8,

-	};

-static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},

-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},

-	{0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},

-	};

-int main(int argc, char *argv[])

-	{

-	int i,n,err=0;

-	RC5_32_KEY key;

-	unsigned char buf[8],buf2[8],ivb[8];

-	for (n=0; n<5; n++)

-		{

-		RC5_32_set_key(&key,16,&(RC5key[n][0]),12);

-		RC5_32_ecb_encrypt(&(RC5plain[n][0]),buf,&key,RC5_ENCRYPT);

-		if (memcmp(&(RC5cipher[n][0]),buf,8) != 0)

-			{

-			printf("ecb RC5 error encrypting (%d)\n",n+1);

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",buf[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",RC5cipher[n][i]);

-			err=20;

-			printf("\n");

-			}

-		RC5_32_ecb_encrypt(buf,buf2,&key,RC5_DECRYPT);

-		if (memcmp(&(RC5plain[n][0]),buf2,8) != 0)

-			{

-			printf("ecb RC5 error decrypting (%d)\n",n+1);

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",buf2[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",RC5plain[n][i]);

-			printf("\n");

-			err=3;

-			}

-		}

-	if (err == 0) printf("ecb RC5 ok\n");

-	for (n=0; n<RC5_CBC_NUM; n++)

-		{

-		i=rc5_cbc_rounds[n];

-		if (i < 8) continue;

-		RC5_32_set_key(&key,rc5_cbc_key[n][0],&(rc5_cbc_key[n][1]),i);

-		memcpy(ivb,&(rc5_cbc_iv[n][0]),8);

-		RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]),buf,8,

-			&key,&(ivb[0]),RC5_ENCRYPT);

-		if (memcmp(&(rc5_cbc_cipher[n][0]),buf,8) != 0)

-			{

-			printf("cbc RC5 error encrypting (%d)\n",n+1);

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",buf[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",rc5_cbc_cipher[n][i]);

-			err=30;

-			printf("\n");

-			}

-		memcpy(ivb,&(rc5_cbc_iv[n][0]),8);

-		RC5_32_cbc_encrypt(buf,buf2,8,

-			&key,&(ivb[0]),RC5_DECRYPT);

-		if (memcmp(&(rc5_cbc_plain[n][0]),buf2,8) != 0)

-			{

-			printf("cbc RC5 error decrypting (%d)\n",n+1);

-			printf("got     :");

-			for (i=0; i<8; i++)

-				printf("%02X ",buf2[i]);

-			printf("\n");

-			printf("expected:");

-			for (i=0; i<8; i++)

-				printf("%02X ",rc5_cbc_plain[n][i]);

-			printf("\n");

-			err=3;

-			}

-		}

-	if (err == 0) printf("cbc RC5 ok\n");

-	EXIT(err);

-	return(err);

-	}

-#ifdef undef

-static int cfb64_test(unsigned char *cfb_cipher)

-        {

-        IDEA_KEY_SCHEDULE eks,dks;

-        int err=0,i,n;

-        idea_set_encrypt_key(cfb_key,&eks);

-        idea_set_decrypt_key(&eks,&dks);

-        memcpy(cfb_tmp,cfb_iv,8);

-        n=0;

-        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,

-                cfb_tmp,&n,IDEA_ENCRYPT);

-        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),

-                (long)CFB_TEST_SIZE-12,&eks,

-                cfb_tmp,&n,IDEA_ENCRYPT);

-        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)

-                {

-                err=1;

-                printf("idea_cfb64_encrypt encrypt error\n");

-                for (i=0; i<CFB_TEST_SIZE; i+=8)

-                        printf("%s\n",pt(&(cfb_buf1[i])));

-                }

-        memcpy(cfb_tmp,cfb_iv,8);

-        n=0;

-        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,

-                cfb_tmp,&n,IDEA_DECRYPT);

-        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),

-                (long)CFB_TEST_SIZE-17,&dks,

-                cfb_tmp,&n,IDEA_DECRYPT);

-        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)

-                {

-                err=1;

-                printf("idea_cfb_encrypt decrypt error\n");

-                for (i=0; i<24; i+=8)

-                        printf("%s\n",pt(&(cfb_buf2[i])));

-                }

-        return(err);

-        }

-static char *pt(unsigned char *p)

-	{

-	static char bufs[10][20];

-	static int bnum=0;

-	char *ret;

-	int i;

-	static char *f="0123456789ABCDEF";

-	ret= &(bufs[bnum++][0]);

-	bnum%=10;

-	for (i=0; i<8; i++)

-		{

-		ret[i*2]=f[(p[i]>>4)&0xf];

-		ret[i*2+1]=f[p[i]&0xf];

-		}

-	ret[16]='\0';

-	return(ret);

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ripemd/Makefile

+++ /dev/null

@@ -1,99 +1,0 @@

-#

-# OpenSSL/crypto/ripemd/Makefile

-#

-DIR=    ripemd

-TOP=    ../..

-CC=     cc

-CPP=    $(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=       Makefile

-AR=             ar r

-RIP_ASM_OBJ=

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=rmdtest.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=rmd_dgst.c rmd_one.c

-LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)

-SRC= $(LIBSRC)

-EXHEADER= ripemd.h

-HEADER= rmd_locl.h rmdconst.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:    lib

-lib:    $(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@)

-# COFF

-rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@)

-# a.out

-rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h

-rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h

-rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rmd_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/ripemd.h

-rmd_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rmd_one.o: ../../include/openssl/symhacks.h rmd_one.c

--- a/sys/src/ape/lib/openssl/crypto/ripemd/README

+++ /dev/null

@@ -1,15 +1,0 @@

-RIPEMD-160

-http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html

-This is my implementation of RIPEMD-160.  The pentium assember is a little

-off the pace since I only get 1050 cycles, while the best is 1013.

-I have a few ideas for how to get another 20 or so cycles, but at

-this point I will not bother right now.  I belive the trick will be

-to remove my 'copy X array onto stack' until inside the RIP1() finctions the

-first time round.  To do this I need another register and will only have one

-temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words

-after the first half of the calculation.  I should read the origional

-value, add then write.  Currently I just save the new and read the origioal.

-I then read both at the end.  Bad.

-eric (20-Jan-1998)

--- a/sys/src/ape/lib/openssl/crypto/ripemd/asm/rips.cpp

+++ /dev/null

@@ -1,82 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/ripemd.h>

-#define ripemd160_block_x86 ripemd160_block_asm_host_order

-extern "C" {

-void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);

-}

-void main(int argc,char *argv[])

-	{

-	unsigned char buffer[64*256];

-	RIPEMD160_CTX ctx;

-	unsigned long s1,s2,e1,e2;

-	unsigned char k[16];

-	unsigned long data[2];

-	unsigned char iv[8];

-	int i,num=0,numm;

-	int j=0;

-	if (argc >= 2)

-		num=atoi(argv[1]);

-	if (num == 0) num=16;

-	if (num > 250) num=16;

-	numm=num+2;

-#if 0

-	num*=64;

-	numm*=64;

-#endif

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<10; i++) /**/

-			{

-			ripemd160_block_x86(&ctx,buffer,numm);

-			GetTSC(s1);

-			ripemd160_block_x86(&ctx,buffer,numm);

-			GetTSC(e1);

-			GetTSC(s2);

-			ripemd160_block_x86(&ctx,buffer,num);

-			GetTSC(e2);

-			ripemd160_block_x86(&ctx,buffer,num);

-			}

-		printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64,

-			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/ripemd/asm/rmd-586.pl

+++ /dev/null

@@ -1,590 +1,0 @@

-#!/usr/local/bin/perl

-# Normal is the

-# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks);

-$normal=0;

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],$0);

-$A="ecx";

-$B="esi";

-$C="edi";

-$D="ebx";

-$E="ebp";

-$tmp1="eax";

-$tmp2="edx";

-$KL1=0x5A827999;

-$KL2=0x6ED9EBA1;

-$KL3=0x8F1BBCDC;

-$KL4=0xA953FD4E;

-$KR0=0x50A28BE6;

-$KR1=0x5C4DD124;

-$KR2=0x6D703EF3;

-$KR3=0x7A6D76E9;

-@wl=(	 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,

-	 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,

-	 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,

-	 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,

-	 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,

-	 );

-@wr=(	 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,

-	 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,

-	15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,

-	 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,

-	12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,

-	);

-@sl=(	11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,

-	 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,

-	11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,

-	11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,

-	 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,

-	 );

-@sr=(	 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,

-	 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,

-	 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,

-	15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,

-	 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,

- 	);

-&ripemd160_block("ripemd160_block_asm_host_order");

-&asm_finish();

-sub Xv

-	{

-	local($n)=@_;

-	return(&swtmp($n));

-	# tmp on stack

-	}

-sub Np

-	{

-	local($p)=@_;

-	local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);

-	return($n{$p});

-	}

-sub RIP1

-	{

-	local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;

-	&comment($p++);

-	if ($p & 1)

-		{

-	 #&mov($tmp1,	$c) if $o == -1;

-	&xor($tmp1,	$d) if $o == -1;

-	 &mov($tmp2,	&Xv($pos));

-	&xor($tmp1,	$b);

-	 &add($a,	$tmp2);

-	&rotl($c,	10);

-	&add($a,	$tmp1);

-	 &mov($tmp1,	&Np($c));	# NEXT

-	 # XXX

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	else

-		{

-	 &xor($tmp1,	$d);

-	&mov($tmp2,	&Xv($pos));

-	 &xor($tmp1,	$b);

-	&add($a,	$tmp1);

-	 &mov($tmp1,	&Np($c)) if $o <= 0;

-	 &mov($tmp1,	-1) if $o == 1;

-	 # XXX if $o == 2;

-	&rotl($c,	10);

-	&add($a,	$tmp2);

-	 &xor($tmp1,	&Np($d)) if $o <= 0;

-	 &mov($tmp2,	&Xv($pos2)) if $o == 1;

-	 &mov($tmp2,	&wparam(0)) if $o == 2;

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	}

-sub RIP2

-	{

-	local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;

-# XXXXXX

-	&comment($p++);

-	if ($p & 1)

-		{

-#	 &mov($tmp2,	&Xv($pos)) if $o < -1;

-#	&mov($tmp1,	-1) if $o < -1;

-	 &add($a,	$tmp2);

-	&mov($tmp2,	$c);

-	 &sub($tmp1,	$b);

-	&and($tmp2,	$b);

-	 &and($tmp1,	$d);

-	&or($tmp2,	$tmp1);

-	 &mov($tmp1,	&Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX

-	 # XXX

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp2,1));

-	 &mov($tmp2,	-1) if $o <= 0;

-	 # XXX

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	else

-		{

-	 # XXX

-	 &add($a,	$tmp1);

-	&mov($tmp1,	$c);

-	 &sub($tmp2,	$b);

-	&and($tmp1,	$b);

-	 &and($tmp2,	$d);

-	if ($o != 2)

-		{

-	&or($tmp1,	$tmp2);

-	 &mov($tmp2,	&Xv($pos2)) if $o <= 0;

-	 &mov($tmp2,	-1) if $o == 1;

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp1,1));

-	 &mov($tmp1,	-1) if $o <= 0;

-	 &sub($tmp2,	&Np($c)) if $o == 1;

-		} else {

-	&or($tmp2,	$tmp1);

-	 &mov($tmp1,	&Np($c));

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp2,1));

-	 &xor($tmp1,	&Np($d));

-		}

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	}

-sub RIP3

-	{

-	local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;

-	&comment($p++);

-	if ($p & 1)

-		{

-#	 &mov($tmp2,	-1) if $o < -1;

-#	&sub($tmp2,	$c) if $o < -1;

-	 &mov($tmp1,	&Xv($pos));

-	&or($tmp2,	$b);

-	 &add($a,	$tmp1);

-	&xor($tmp2,	$d);

-	 &mov($tmp1,	-1) if $o <= 0;		# NEXT

-	 # XXX

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp2,1));

-	 &sub($tmp1,	&Np($c)) if $o <= 0;	# NEXT

-	 # XXX

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	else

-		{

-	 &mov($tmp2,	&Xv($pos));

-	&or($tmp1,	$b);

-	 &add($a,	$tmp2);

-	&xor($tmp1,	$d);

-	 &mov($tmp2,	-1) if $o <= 0;		# NEXT

-	 &mov($tmp2,	-1) if $o == 1;

-	 &mov($tmp2,	&Xv($pos2)) if $o == 2;

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp1,1));

-	 &sub($tmp2,	&Np($c)) if $o <= 0;	# NEXT

-	 &mov($tmp1,	&Np($d)) if $o == 1;

-	 &mov($tmp1,	-1) if $o == 2;

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	}

-sub RIP4

-	{

-	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;

-	&comment($p++);

-	if ($p & 1)

-		{

-#	 &mov($tmp2,	-1) if $o == -2;

-#	&mov($tmp1,	$d) if $o == -2;

-	 &sub($tmp2,	$d);

-	&and($tmp1,	$b);

-	 &and($tmp2,	$c);

-	&or($tmp2,	$tmp1);

-	 &mov($tmp1,	&Xv($pos));

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp2));

-	 &mov($tmp2,	-1) unless $o > 0;	# NEXT

-	 # XXX

-	&add($a,	$tmp1);

-	 &mov($tmp1,	&Np($d)) unless $o > 0; # NEXT

-	 # XXX

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	else

-		{

-	 &sub($tmp2,	$d);

-	&and($tmp1,	$b);

-	 &and($tmp2,	$c);

-	&or($tmp2,	$tmp1);

-	 &mov($tmp1,	&Xv($pos));

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp2));

-	 &mov($tmp2,	-1) if $o == 0;	# NEXT

-	 &mov($tmp2,	-1) if $o == 1;

-	 &mov($tmp2,	-1) if $o == 2;

-	 # XXX

-	&add($a,	$tmp1);

-	 &mov($tmp1,	&Np($d)) if $o == 0;	# NEXT

-	 &sub($tmp2,	&Np($d)) if $o == 1;

-	 &sub($tmp2,	&Np($c)) if $o == 2;

-	 # XXX

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	}

-sub RIP5

-	{

-	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;

-	&comment($p++);

-	if ($p & 1)

-		{

-	 &mov($tmp2,	-1) if $o == -2;

-	&sub($tmp2,	$d) if $o == -2;

-	 &mov($tmp1,	&Xv($pos));

-	&or($tmp2,	$c);

-	 &add($a,	$tmp1);

-	&xor($tmp2,	$b);

-	 &mov($tmp1,	-1) if $o <= 0;

-	 # XXX

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp2,1));

-	 &sub($tmp1,	&Np($d)) if $o <= 0;

-	 # XXX

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	else

-		{

-	 &mov($tmp2,	&Xv($pos));

-	&or($tmp1,	$c);

-	 &add($a,	$tmp2);

-	&xor($tmp1,	$b);

-	 &mov($tmp2,	-1) if $o <= 0;

-	 &mov($tmp2,	&wparam(0)) if $o == 1;	# Middle code

-	 &mov($tmp2,	-1) if $o == 2;

-	&rotl($c,	10);

-	&lea($a,	&DWP($K,$a,$tmp1,1));

-	 &sub($tmp2,	&Np($d)) if $o <= 0;

-	 &mov(&swtmp(16),	$A) if $o == 1;

-	 &mov($tmp1,	&Np($d)) if $o == 2;

-	&rotl($a,	$s);

-	&add($a,	$e);

-		}

-	}

-sub ripemd160_block

-	{

-	local($name)=@_;

-	&function_begin_B($name,"",3);

-	# parameter 1 is the RIPEMD160_CTX structure.

-	# A	0

-	# B	4

-	# C	8

-	# D 	12

-	# E 	16

-	&mov($tmp2,	&wparam(0));

-	 &mov($tmp1,	&wparam(1));

-	&push("esi");

-	 &mov($A,	&DWP( 0,$tmp2,"",0));

-	&push("edi");

-	 &mov($B,	&DWP( 4,$tmp2,"",0));

-	&push("ebp");

-	 &mov($C,	&DWP( 8,$tmp2,"",0));

-	&push("ebx");

-	 &stack_push(16+5+6);

-			  # Special comment about the figure of 6.

-			  # Idea is to pad the current frame so

-			  # that the top of the stack gets fairly

-			  # aligned. Well, as you realize it would

-			  # always depend on how the frame below is

-			  # aligned. The good news are that gcc-2.95

-			  # and later does keep first argument at

-			  # least double-wise aligned.

-			  #			<[email protected]>

-	&set_label("start") unless $normal;

-	&comment("");

-	# &mov($tmp1,	&wparam(1)); # Done at end of loop

-	# &mov($tmp2,	&wparam(0)); # Done at end of loop

-	for ($z=0; $z<16; $z+=2)

-		{

-		&mov($D,		&DWP( $z*4,$tmp1,"",0));

-		 &mov($E,		&DWP( ($z+1)*4,$tmp1,"",0));

-		&mov(&swtmp($z),	$D);

-		 &mov(&swtmp($z+1),	$E);

-		}

-	&mov($tmp1,	$C);

-	 &mov($D,	&DWP(12,$tmp2,"",0));

-	&mov($E,	&DWP(16,$tmp2,"",0));

-	&RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);

-	&RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);

-	&RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);

-	&RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);

-	&RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);

-	&RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);

-	&RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);

-	&RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);

-	&RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);

-	&RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);

-	&RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);

-	&RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);

-	&RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);

-	&RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);

-	&RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);

-	&RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);

-	&RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);

-	&RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);

-	&RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);

-	&RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);

-	&RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);

-	&RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);

-	&RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);

-	&RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);

-	&RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);

-	&RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);

-	&RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);

-	&RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);

-	&RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);

-	&RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);

-	&RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);

-	&RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);

-	&RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);

-	&RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);

-	&RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);

-	&RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);

-	&RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);

-	&RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);

-	&RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);

-	&RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);

-	&RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);

-	&RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);

-	&RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);

-	&RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);

-	&RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);

-	&RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);

-	&RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);

-	&RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);

-	&RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);

-	&RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);

-	&RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);

-	&RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);

-	&RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);

-	&RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);

-	&RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);

-	&RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);

-	&RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);

-	&RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);

-	&RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);

-	&RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);

-	&RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);

-	&RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);

-	&RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);

-	&RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);

-	&RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);

-	&RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);

-	&RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);

-	&RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);

-	&RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);

-	&RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);

-	&RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);

-	&RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);

-	&RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);

-	&RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);

-	&RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);

-	&RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);

-	&RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);

-	&RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);

-	&RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);

-	&RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);

-	# &mov($tmp2,	&wparam(0)); # moved into last RIP5

-	# &mov(&swtmp(16),	$A);

-	 &mov($A,	&DWP( 0,$tmp2,"",0));

-	&mov(&swtmp(16+1),	$B);

-	 &mov(&swtmp(16+2),	$C);

-	&mov($B,	&DWP( 4,$tmp2,"",0));

-	 &mov(&swtmp(16+3),	$D);

-	&mov($C,	&DWP( 8,$tmp2,"",0));

-	 &mov(&swtmp(16+4),	$E);

-	&mov($D,	&DWP(12,$tmp2,"",0));

-	 &mov($E,	&DWP(16,$tmp2,"",0));

-	&RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);

-	&RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);

-	&RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);

-	&RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);

-	&RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);

-	&RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);

-	&RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);

-	&RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);

-	&RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);

-	&RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);

-	&RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);

-	&RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);

-	&RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);

-	&RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);

-	&RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);

-	&RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);

-	&RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);

-	&RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);

-	&RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);

-	&RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);

-	&RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);

-	&RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);

-	&RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);

-	&RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);

-	&RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);

-	&RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);

-	&RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);

-	&RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);

-	&RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);

-	&RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);

-	&RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);

-	&RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);

-	&RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);

-	&RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);

-	&RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);

-	&RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);

-	&RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);

-	&RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);

-	&RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);

-	&RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);

-	&RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);

-	&RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);

-	&RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);

-	&RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);

-	&RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);

-	&RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);

-	&RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);

-	&RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);

-	&RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);

-	&RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);

-	&RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);

-	&RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);

-	&RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);

-	&RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);

-	&RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);

-	&RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);

-	&RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);

-	&RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);

-	&RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);

-	&RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);

-	&RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);

-	&RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);

-	&RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);

-	&RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);

-	&RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);

-	&RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);

-	&RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);

-	&RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);

-	&RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);

-	&RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);

-	&RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);

-	&RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);

-	&RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);

-	&RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);

-	&RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);

-	&RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);

-	&RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);

-	&RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);

-	&RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);

-	&RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);

-	# &mov($tmp2,	&wparam(0)); # Moved into last round

-	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B

- 	&add($D,	$tmp1);

-	 &mov($tmp1,	&swtmp(16+2));		# $c

-	&add($D,	$tmp1);

-	 &mov($tmp1,	&DWP( 8,$tmp2,"",0));	# ctx->C

-	&add($E,	$tmp1);

-	 &mov($tmp1,	&swtmp(16+3));		# $d

-	&add($E,	$tmp1);

-	 &mov($tmp1,	&DWP(12,$tmp2,"",0));	# ctx->D

-	&add($A,	$tmp1);

-	 &mov($tmp1,	&swtmp(16+4));		# $e

-	&add($A,	$tmp1);

-	 &mov($tmp1,	&DWP(16,$tmp2,"",0));	# ctx->E

-	&add($B,	$tmp1);

-	 &mov($tmp1,	&swtmp(16+0));		# $a

-	&add($B,	$tmp1);

-	 &mov($tmp1,	&DWP( 0,$tmp2,"",0));	# ctx->A

-	&add($C,	$tmp1);

-	 &mov($tmp1,	&swtmp(16+1));		# $b

-	&add($C,	$tmp1);

-	 &mov($tmp1,	&wparam(2));

-	&mov(&DWP( 0,$tmp2,"",0),	$D);

-	 &mov(&DWP( 4,$tmp2,"",0),	$E);

-	&mov(&DWP( 8,$tmp2,"",0),	$A);

-	 &sub($tmp1,1);

-	&mov(&DWP(12,$tmp2,"",0),	$B);

-	 &mov(&DWP(16,$tmp2,"",0),	$C);

-	&jle(&label("get_out"));

-	&mov(&wparam(2),$tmp1);

-	 &mov($C,	$A);

-	&mov($tmp1,	&wparam(1));

-	 &mov($A,	$D);

-	&add($tmp1,	64);

-	 &mov($B,	$E);

-	&mov(&wparam(1),$tmp1);

-	&jmp(&label("start"));

-	&set_label("get_out");

-	&stack_pop(16+5+6);

-	&pop("ebx");

-	&pop("ebp");

-	&pop("edi");

-	&pop("esi");

-	&ret();

-	&function_end_B($name);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ripemd/ripemd.h

+++ /dev/null

@@ -1,104 +1,0 @@

-/* crypto/ripemd/ripemd.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RIPEMD_H

-#define HEADER_RIPEMD_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_NO_RIPEMD

-#error RIPEMD is disabled.

-#endif

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define RIPEMD160_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define RIPEMD160_LONG unsigned long

-#define RIPEMD160_LONG_LOG2 3

-#else

-#define RIPEMD160_LONG unsigned int

-#endif

-#define RIPEMD160_CBLOCK	64

-#define RIPEMD160_LBLOCK	(RIPEMD160_CBLOCK/4)

-#define RIPEMD160_DIGEST_LENGTH	20

-typedef struct RIPEMD160state_st

-	{

-	RIPEMD160_LONG A,B,C,D,E;

-	RIPEMD160_LONG Nl,Nh;

-	RIPEMD160_LONG data[RIPEMD160_LBLOCK];

-	unsigned int   num;

-	} RIPEMD160_CTX;

-int RIPEMD160_Init(RIPEMD160_CTX *c);

-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);

-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

-unsigned char *RIPEMD160(const unsigned char *d, size_t n,

-	unsigned char *md);

-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ripemd/rmd160.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/ripemd/rmd160.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/ripemd.h>

-#define BUFSIZE	1024*16

-void do_fp(FILE *f);

-void pt(unsigned char *md);

-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)

-int read(int, void *, unsigned int);

-#endif

-int main(int argc, char **argv)

-	{

-	int i,err=0;

-	FILE *IN;

-	if (argc == 1)

-		{

-		do_fp(stdin);

-		}

-	else

-		{

-		for (i=1; i<argc; i++)

-			{

-			IN=fopen(argv[i],"r");

-			if (IN == NULL)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			printf("RIPEMD160(%s)= ",argv[i]);

-			do_fp(IN);

-			fclose(IN);

-			}

-		}

-	exit(err);

-	}

-void do_fp(FILE *f)

-	{

-	RIPEMD160_CTX c;

-	unsigned char md[RIPEMD160_DIGEST_LENGTH];

-	int fd;

-	int i;

-	static unsigned char buf[BUFSIZE];

-	fd=fileno(f);

-	RIPEMD160_Init(&c);

-	for (;;)

-		{

-		i=read(fd,buf,BUFSIZE);

-		if (i <= 0) break;

-		RIPEMD160_Update(&c,buf,(unsigned long)i);

-		}

-	RIPEMD160_Final(&(md[0]),&c);

-	pt(md);

-	}

-void pt(unsigned char *md)

-	{

-	int i;

-	for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)

-		printf("%02x",md[i]);

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/ripemd/rmd_dgst.c

+++ /dev/null

@@ -1,494 +1,0 @@

-/* crypto/ripemd/rmd_dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "rmd_locl.h"

-#include <openssl/opensslv.h>

-const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;

-#  ifdef RMD160_ASM

-     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num);

-#    define ripemd160_block ripemd160_block_x86

-#  else

-     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);

-#  endif

-int RIPEMD160_Init(RIPEMD160_CTX *c)

-	{

-	c->A=RIPEMD160_A;

-	c->B=RIPEMD160_B;

-	c->C=RIPEMD160_C;

-	c->D=RIPEMD160_D;

-	c->E=RIPEMD160_E;

-	c->Nl=0;

-	c->Nh=0;

-	c->num=0;

-	return 1;

-	}

-#ifndef ripemd160_block_host_order

-#ifdef X

-#undef X

-#endif

-#define X(i)	XX[i]

-void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, size_t num)

-	{

-	const RIPEMD160_LONG *XX=p;

-	register unsigned MD32_REG_T A,B,C,D,E;

-	register unsigned MD32_REG_T a,b,c,d,e;

-	for (;num--;XX+=HASH_LBLOCK)

-		{

-	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;

-	RIP1(A,B,C,D,E,WL00,SL00);

-	RIP1(E,A,B,C,D,WL01,SL01);

-	RIP1(D,E,A,B,C,WL02,SL02);

-	RIP1(C,D,E,A,B,WL03,SL03);

-	RIP1(B,C,D,E,A,WL04,SL04);

-	RIP1(A,B,C,D,E,WL05,SL05);

-	RIP1(E,A,B,C,D,WL06,SL06);

-	RIP1(D,E,A,B,C,WL07,SL07);

-	RIP1(C,D,E,A,B,WL08,SL08);

-	RIP1(B,C,D,E,A,WL09,SL09);

-	RIP1(A,B,C,D,E,WL10,SL10);

-	RIP1(E,A,B,C,D,WL11,SL11);

-	RIP1(D,E,A,B,C,WL12,SL12);

-	RIP1(C,D,E,A,B,WL13,SL13);

-	RIP1(B,C,D,E,A,WL14,SL14);

-	RIP1(A,B,C,D,E,WL15,SL15);

-	RIP2(E,A,B,C,D,WL16,SL16,KL1);

-	RIP2(D,E,A,B,C,WL17,SL17,KL1);

-	RIP2(C,D,E,A,B,WL18,SL18,KL1);

-	RIP2(B,C,D,E,A,WL19,SL19,KL1);

-	RIP2(A,B,C,D,E,WL20,SL20,KL1);

-	RIP2(E,A,B,C,D,WL21,SL21,KL1);

-	RIP2(D,E,A,B,C,WL22,SL22,KL1);

-	RIP2(C,D,E,A,B,WL23,SL23,KL1);

-	RIP2(B,C,D,E,A,WL24,SL24,KL1);

-	RIP2(A,B,C,D,E,WL25,SL25,KL1);

-	RIP2(E,A,B,C,D,WL26,SL26,KL1);

-	RIP2(D,E,A,B,C,WL27,SL27,KL1);

-	RIP2(C,D,E,A,B,WL28,SL28,KL1);

-	RIP2(B,C,D,E,A,WL29,SL29,KL1);

-	RIP2(A,B,C,D,E,WL30,SL30,KL1);

-	RIP2(E,A,B,C,D,WL31,SL31,KL1);

-	RIP3(D,E,A,B,C,WL32,SL32,KL2);

-	RIP3(C,D,E,A,B,WL33,SL33,KL2);

-	RIP3(B,C,D,E,A,WL34,SL34,KL2);

-	RIP3(A,B,C,D,E,WL35,SL35,KL2);

-	RIP3(E,A,B,C,D,WL36,SL36,KL2);

-	RIP3(D,E,A,B,C,WL37,SL37,KL2);

-	RIP3(C,D,E,A,B,WL38,SL38,KL2);

-	RIP3(B,C,D,E,A,WL39,SL39,KL2);

-	RIP3(A,B,C,D,E,WL40,SL40,KL2);

-	RIP3(E,A,B,C,D,WL41,SL41,KL2);

-	RIP3(D,E,A,B,C,WL42,SL42,KL2);

-	RIP3(C,D,E,A,B,WL43,SL43,KL2);

-	RIP3(B,C,D,E,A,WL44,SL44,KL2);

-	RIP3(A,B,C,D,E,WL45,SL45,KL2);

-	RIP3(E,A,B,C,D,WL46,SL46,KL2);

-	RIP3(D,E,A,B,C,WL47,SL47,KL2);

-	RIP4(C,D,E,A,B,WL48,SL48,KL3);

-	RIP4(B,C,D,E,A,WL49,SL49,KL3);

-	RIP4(A,B,C,D,E,WL50,SL50,KL3);

-	RIP4(E,A,B,C,D,WL51,SL51,KL3);

-	RIP4(D,E,A,B,C,WL52,SL52,KL3);

-	RIP4(C,D,E,A,B,WL53,SL53,KL3);

-	RIP4(B,C,D,E,A,WL54,SL54,KL3);

-	RIP4(A,B,C,D,E,WL55,SL55,KL3);

-	RIP4(E,A,B,C,D,WL56,SL56,KL3);

-	RIP4(D,E,A,B,C,WL57,SL57,KL3);

-	RIP4(C,D,E,A,B,WL58,SL58,KL3);

-	RIP4(B,C,D,E,A,WL59,SL59,KL3);

-	RIP4(A,B,C,D,E,WL60,SL60,KL3);

-	RIP4(E,A,B,C,D,WL61,SL61,KL3);

-	RIP4(D,E,A,B,C,WL62,SL62,KL3);

-	RIP4(C,D,E,A,B,WL63,SL63,KL3);

-	RIP5(B,C,D,E,A,WL64,SL64,KL4);

-	RIP5(A,B,C,D,E,WL65,SL65,KL4);

-	RIP5(E,A,B,C,D,WL66,SL66,KL4);

-	RIP5(D,E,A,B,C,WL67,SL67,KL4);

-	RIP5(C,D,E,A,B,WL68,SL68,KL4);

-	RIP5(B,C,D,E,A,WL69,SL69,KL4);

-	RIP5(A,B,C,D,E,WL70,SL70,KL4);

-	RIP5(E,A,B,C,D,WL71,SL71,KL4);

-	RIP5(D,E,A,B,C,WL72,SL72,KL4);

-	RIP5(C,D,E,A,B,WL73,SL73,KL4);

-	RIP5(B,C,D,E,A,WL74,SL74,KL4);

-	RIP5(A,B,C,D,E,WL75,SL75,KL4);

-	RIP5(E,A,B,C,D,WL76,SL76,KL4);

-	RIP5(D,E,A,B,C,WL77,SL77,KL4);

-	RIP5(C,D,E,A,B,WL78,SL78,KL4);

-	RIP5(B,C,D,E,A,WL79,SL79,KL4);

-	a=A; b=B; c=C; d=D; e=E;

-	/* Do other half */

-	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;

-	RIP5(A,B,C,D,E,WR00,SR00,KR0);

-	RIP5(E,A,B,C,D,WR01,SR01,KR0);

-	RIP5(D,E,A,B,C,WR02,SR02,KR0);

-	RIP5(C,D,E,A,B,WR03,SR03,KR0);

-	RIP5(B,C,D,E,A,WR04,SR04,KR0);

-	RIP5(A,B,C,D,E,WR05,SR05,KR0);

-	RIP5(E,A,B,C,D,WR06,SR06,KR0);

-	RIP5(D,E,A,B,C,WR07,SR07,KR0);

-	RIP5(C,D,E,A,B,WR08,SR08,KR0);

-	RIP5(B,C,D,E,A,WR09,SR09,KR0);

-	RIP5(A,B,C,D,E,WR10,SR10,KR0);

-	RIP5(E,A,B,C,D,WR11,SR11,KR0);

-	RIP5(D,E,A,B,C,WR12,SR12,KR0);

-	RIP5(C,D,E,A,B,WR13,SR13,KR0);

-	RIP5(B,C,D,E,A,WR14,SR14,KR0);

-	RIP5(A,B,C,D,E,WR15,SR15,KR0);

-	RIP4(E,A,B,C,D,WR16,SR16,KR1);

-	RIP4(D,E,A,B,C,WR17,SR17,KR1);

-	RIP4(C,D,E,A,B,WR18,SR18,KR1);

-	RIP4(B,C,D,E,A,WR19,SR19,KR1);

-	RIP4(A,B,C,D,E,WR20,SR20,KR1);

-	RIP4(E,A,B,C,D,WR21,SR21,KR1);

-	RIP4(D,E,A,B,C,WR22,SR22,KR1);

-	RIP4(C,D,E,A,B,WR23,SR23,KR1);

-	RIP4(B,C,D,E,A,WR24,SR24,KR1);

-	RIP4(A,B,C,D,E,WR25,SR25,KR1);

-	RIP4(E,A,B,C,D,WR26,SR26,KR1);

-	RIP4(D,E,A,B,C,WR27,SR27,KR1);

-	RIP4(C,D,E,A,B,WR28,SR28,KR1);

-	RIP4(B,C,D,E,A,WR29,SR29,KR1);

-	RIP4(A,B,C,D,E,WR30,SR30,KR1);

-	RIP4(E,A,B,C,D,WR31,SR31,KR1);

-	RIP3(D,E,A,B,C,WR32,SR32,KR2);

-	RIP3(C,D,E,A,B,WR33,SR33,KR2);

-	RIP3(B,C,D,E,A,WR34,SR34,KR2);

-	RIP3(A,B,C,D,E,WR35,SR35,KR2);

-	RIP3(E,A,B,C,D,WR36,SR36,KR2);

-	RIP3(D,E,A,B,C,WR37,SR37,KR2);

-	RIP3(C,D,E,A,B,WR38,SR38,KR2);

-	RIP3(B,C,D,E,A,WR39,SR39,KR2);

-	RIP3(A,B,C,D,E,WR40,SR40,KR2);

-	RIP3(E,A,B,C,D,WR41,SR41,KR2);

-	RIP3(D,E,A,B,C,WR42,SR42,KR2);

-	RIP3(C,D,E,A,B,WR43,SR43,KR2);

-	RIP3(B,C,D,E,A,WR44,SR44,KR2);

-	RIP3(A,B,C,D,E,WR45,SR45,KR2);

-	RIP3(E,A,B,C,D,WR46,SR46,KR2);

-	RIP3(D,E,A,B,C,WR47,SR47,KR2);

-	RIP2(C,D,E,A,B,WR48,SR48,KR3);

-	RIP2(B,C,D,E,A,WR49,SR49,KR3);

-	RIP2(A,B,C,D,E,WR50,SR50,KR3);

-	RIP2(E,A,B,C,D,WR51,SR51,KR3);

-	RIP2(D,E,A,B,C,WR52,SR52,KR3);

-	RIP2(C,D,E,A,B,WR53,SR53,KR3);

-	RIP2(B,C,D,E,A,WR54,SR54,KR3);

-	RIP2(A,B,C,D,E,WR55,SR55,KR3);

-	RIP2(E,A,B,C,D,WR56,SR56,KR3);

-	RIP2(D,E,A,B,C,WR57,SR57,KR3);

-	RIP2(C,D,E,A,B,WR58,SR58,KR3);

-	RIP2(B,C,D,E,A,WR59,SR59,KR3);

-	RIP2(A,B,C,D,E,WR60,SR60,KR3);

-	RIP2(E,A,B,C,D,WR61,SR61,KR3);

-	RIP2(D,E,A,B,C,WR62,SR62,KR3);

-	RIP2(C,D,E,A,B,WR63,SR63,KR3);

-	RIP1(B,C,D,E,A,WR64,SR64);

-	RIP1(A,B,C,D,E,WR65,SR65);

-	RIP1(E,A,B,C,D,WR66,SR66);

-	RIP1(D,E,A,B,C,WR67,SR67);

-	RIP1(C,D,E,A,B,WR68,SR68);

-	RIP1(B,C,D,E,A,WR69,SR69);

-	RIP1(A,B,C,D,E,WR70,SR70);

-	RIP1(E,A,B,C,D,WR71,SR71);

-	RIP1(D,E,A,B,C,WR72,SR72);

-	RIP1(C,D,E,A,B,WR73,SR73);

-	RIP1(B,C,D,E,A,WR74,SR74);

-	RIP1(A,B,C,D,E,WR75,SR75);

-	RIP1(E,A,B,C,D,WR76,SR76);

-	RIP1(D,E,A,B,C,WR77,SR77);

-	RIP1(C,D,E,A,B,WR78,SR78);

-	RIP1(B,C,D,E,A,WR79,SR79);

-	D     =ctx->B+c+D;

-	ctx->B=ctx->C+d+E;

-	ctx->C=ctx->D+e+A;

-	ctx->D=ctx->E+a+B;

-	ctx->E=ctx->A+b+C;

-	ctx->A=D;

-		}

-	}

-#endif

-#ifndef ripemd160_block_data_order

-#ifdef X

-#undef X

-#endif

-void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)

-	{

-	const unsigned char *data=p;

-	register unsigned MD32_REG_T A,B,C,D,E;

-	unsigned MD32_REG_T a,b,c,d,e,l;

-#ifndef MD32_XARRAY

-	/* See comment in crypto/sha/sha_locl.h for details. */

-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,

-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;

-# define X(i)	XX##i

-#else

-	RIPEMD160_LONG	XX[16];

-# define X(i)	XX[i]

-#endif

-	for (;num--;)

-		{

-	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;

-	HOST_c2l(data,l); X( 0)=l;	HOST_c2l(data,l); X( 1)=l;

-	RIP1(A,B,C,D,E,WL00,SL00);	HOST_c2l(data,l); X( 2)=l;

-	RIP1(E,A,B,C,D,WL01,SL01);	HOST_c2l(data,l); X( 3)=l;

-	RIP1(D,E,A,B,C,WL02,SL02);	HOST_c2l(data,l); X( 4)=l;

-	RIP1(C,D,E,A,B,WL03,SL03);	HOST_c2l(data,l); X( 5)=l;

-	RIP1(B,C,D,E,A,WL04,SL04);	HOST_c2l(data,l); X( 6)=l;

-	RIP1(A,B,C,D,E,WL05,SL05);	HOST_c2l(data,l); X( 7)=l;

-	RIP1(E,A,B,C,D,WL06,SL06);	HOST_c2l(data,l); X( 8)=l;

-	RIP1(D,E,A,B,C,WL07,SL07);	HOST_c2l(data,l); X( 9)=l;

-	RIP1(C,D,E,A,B,WL08,SL08);	HOST_c2l(data,l); X(10)=l;

-	RIP1(B,C,D,E,A,WL09,SL09);	HOST_c2l(data,l); X(11)=l;

-	RIP1(A,B,C,D,E,WL10,SL10);	HOST_c2l(data,l); X(12)=l;

-	RIP1(E,A,B,C,D,WL11,SL11);	HOST_c2l(data,l); X(13)=l;

-	RIP1(D,E,A,B,C,WL12,SL12);	HOST_c2l(data,l); X(14)=l;

-	RIP1(C,D,E,A,B,WL13,SL13);	HOST_c2l(data,l); X(15)=l;

-	RIP1(B,C,D,E,A,WL14,SL14);

-	RIP1(A,B,C,D,E,WL15,SL15);

-	RIP2(E,A,B,C,D,WL16,SL16,KL1);

-	RIP2(D,E,A,B,C,WL17,SL17,KL1);

-	RIP2(C,D,E,A,B,WL18,SL18,KL1);

-	RIP2(B,C,D,E,A,WL19,SL19,KL1);

-	RIP2(A,B,C,D,E,WL20,SL20,KL1);

-	RIP2(E,A,B,C,D,WL21,SL21,KL1);

-	RIP2(D,E,A,B,C,WL22,SL22,KL1);

-	RIP2(C,D,E,A,B,WL23,SL23,KL1);

-	RIP2(B,C,D,E,A,WL24,SL24,KL1);

-	RIP2(A,B,C,D,E,WL25,SL25,KL1);

-	RIP2(E,A,B,C,D,WL26,SL26,KL1);

-	RIP2(D,E,A,B,C,WL27,SL27,KL1);

-	RIP2(C,D,E,A,B,WL28,SL28,KL1);

-	RIP2(B,C,D,E,A,WL29,SL29,KL1);

-	RIP2(A,B,C,D,E,WL30,SL30,KL1);

-	RIP2(E,A,B,C,D,WL31,SL31,KL1);

-	RIP3(D,E,A,B,C,WL32,SL32,KL2);

-	RIP3(C,D,E,A,B,WL33,SL33,KL2);

-	RIP3(B,C,D,E,A,WL34,SL34,KL2);

-	RIP3(A,B,C,D,E,WL35,SL35,KL2);

-	RIP3(E,A,B,C,D,WL36,SL36,KL2);

-	RIP3(D,E,A,B,C,WL37,SL37,KL2);

-	RIP3(C,D,E,A,B,WL38,SL38,KL2);

-	RIP3(B,C,D,E,A,WL39,SL39,KL2);

-	RIP3(A,B,C,D,E,WL40,SL40,KL2);

-	RIP3(E,A,B,C,D,WL41,SL41,KL2);

-	RIP3(D,E,A,B,C,WL42,SL42,KL2);

-	RIP3(C,D,E,A,B,WL43,SL43,KL2);

-	RIP3(B,C,D,E,A,WL44,SL44,KL2);

-	RIP3(A,B,C,D,E,WL45,SL45,KL2);

-	RIP3(E,A,B,C,D,WL46,SL46,KL2);

-	RIP3(D,E,A,B,C,WL47,SL47,KL2);

-	RIP4(C,D,E,A,B,WL48,SL48,KL3);

-	RIP4(B,C,D,E,A,WL49,SL49,KL3);

-	RIP4(A,B,C,D,E,WL50,SL50,KL3);

-	RIP4(E,A,B,C,D,WL51,SL51,KL3);

-	RIP4(D,E,A,B,C,WL52,SL52,KL3);

-	RIP4(C,D,E,A,B,WL53,SL53,KL3);

-	RIP4(B,C,D,E,A,WL54,SL54,KL3);

-	RIP4(A,B,C,D,E,WL55,SL55,KL3);

-	RIP4(E,A,B,C,D,WL56,SL56,KL3);

-	RIP4(D,E,A,B,C,WL57,SL57,KL3);

-	RIP4(C,D,E,A,B,WL58,SL58,KL3);

-	RIP4(B,C,D,E,A,WL59,SL59,KL3);

-	RIP4(A,B,C,D,E,WL60,SL60,KL3);

-	RIP4(E,A,B,C,D,WL61,SL61,KL3);

-	RIP4(D,E,A,B,C,WL62,SL62,KL3);

-	RIP4(C,D,E,A,B,WL63,SL63,KL3);

-	RIP5(B,C,D,E,A,WL64,SL64,KL4);

-	RIP5(A,B,C,D,E,WL65,SL65,KL4);

-	RIP5(E,A,B,C,D,WL66,SL66,KL4);

-	RIP5(D,E,A,B,C,WL67,SL67,KL4);

-	RIP5(C,D,E,A,B,WL68,SL68,KL4);

-	RIP5(B,C,D,E,A,WL69,SL69,KL4);

-	RIP5(A,B,C,D,E,WL70,SL70,KL4);

-	RIP5(E,A,B,C,D,WL71,SL71,KL4);

-	RIP5(D,E,A,B,C,WL72,SL72,KL4);

-	RIP5(C,D,E,A,B,WL73,SL73,KL4);

-	RIP5(B,C,D,E,A,WL74,SL74,KL4);

-	RIP5(A,B,C,D,E,WL75,SL75,KL4);

-	RIP5(E,A,B,C,D,WL76,SL76,KL4);

-	RIP5(D,E,A,B,C,WL77,SL77,KL4);

-	RIP5(C,D,E,A,B,WL78,SL78,KL4);

-	RIP5(B,C,D,E,A,WL79,SL79,KL4);

-	a=A; b=B; c=C; d=D; e=E;

-	/* Do other half */

-	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;

-	RIP5(A,B,C,D,E,WR00,SR00,KR0);

-	RIP5(E,A,B,C,D,WR01,SR01,KR0);

-	RIP5(D,E,A,B,C,WR02,SR02,KR0);

-	RIP5(C,D,E,A,B,WR03,SR03,KR0);

-	RIP5(B,C,D,E,A,WR04,SR04,KR0);

-	RIP5(A,B,C,D,E,WR05,SR05,KR0);

-	RIP5(E,A,B,C,D,WR06,SR06,KR0);

-	RIP5(D,E,A,B,C,WR07,SR07,KR0);

-	RIP5(C,D,E,A,B,WR08,SR08,KR0);

-	RIP5(B,C,D,E,A,WR09,SR09,KR0);

-	RIP5(A,B,C,D,E,WR10,SR10,KR0);

-	RIP5(E,A,B,C,D,WR11,SR11,KR0);

-	RIP5(D,E,A,B,C,WR12,SR12,KR0);

-	RIP5(C,D,E,A,B,WR13,SR13,KR0);

-	RIP5(B,C,D,E,A,WR14,SR14,KR0);

-	RIP5(A,B,C,D,E,WR15,SR15,KR0);

-	RIP4(E,A,B,C,D,WR16,SR16,KR1);

-	RIP4(D,E,A,B,C,WR17,SR17,KR1);

-	RIP4(C,D,E,A,B,WR18,SR18,KR1);

-	RIP4(B,C,D,E,A,WR19,SR19,KR1);

-	RIP4(A,B,C,D,E,WR20,SR20,KR1);

-	RIP4(E,A,B,C,D,WR21,SR21,KR1);

-	RIP4(D,E,A,B,C,WR22,SR22,KR1);

-	RIP4(C,D,E,A,B,WR23,SR23,KR1);

-	RIP4(B,C,D,E,A,WR24,SR24,KR1);

-	RIP4(A,B,C,D,E,WR25,SR25,KR1);

-	RIP4(E,A,B,C,D,WR26,SR26,KR1);

-	RIP4(D,E,A,B,C,WR27,SR27,KR1);

-	RIP4(C,D,E,A,B,WR28,SR28,KR1);

-	RIP4(B,C,D,E,A,WR29,SR29,KR1);

-	RIP4(A,B,C,D,E,WR30,SR30,KR1);

-	RIP4(E,A,B,C,D,WR31,SR31,KR1);

-	RIP3(D,E,A,B,C,WR32,SR32,KR2);

-	RIP3(C,D,E,A,B,WR33,SR33,KR2);

-	RIP3(B,C,D,E,A,WR34,SR34,KR2);

-	RIP3(A,B,C,D,E,WR35,SR35,KR2);

-	RIP3(E,A,B,C,D,WR36,SR36,KR2);

-	RIP3(D,E,A,B,C,WR37,SR37,KR2);

-	RIP3(C,D,E,A,B,WR38,SR38,KR2);

-	RIP3(B,C,D,E,A,WR39,SR39,KR2);

-	RIP3(A,B,C,D,E,WR40,SR40,KR2);

-	RIP3(E,A,B,C,D,WR41,SR41,KR2);

-	RIP3(D,E,A,B,C,WR42,SR42,KR2);

-	RIP3(C,D,E,A,B,WR43,SR43,KR2);

-	RIP3(B,C,D,E,A,WR44,SR44,KR2);

-	RIP3(A,B,C,D,E,WR45,SR45,KR2);

-	RIP3(E,A,B,C,D,WR46,SR46,KR2);

-	RIP3(D,E,A,B,C,WR47,SR47,KR2);

-	RIP2(C,D,E,A,B,WR48,SR48,KR3);

-	RIP2(B,C,D,E,A,WR49,SR49,KR3);

-	RIP2(A,B,C,D,E,WR50,SR50,KR3);

-	RIP2(E,A,B,C,D,WR51,SR51,KR3);

-	RIP2(D,E,A,B,C,WR52,SR52,KR3);

-	RIP2(C,D,E,A,B,WR53,SR53,KR3);

-	RIP2(B,C,D,E,A,WR54,SR54,KR3);

-	RIP2(A,B,C,D,E,WR55,SR55,KR3);

-	RIP2(E,A,B,C,D,WR56,SR56,KR3);

-	RIP2(D,E,A,B,C,WR57,SR57,KR3);

-	RIP2(C,D,E,A,B,WR58,SR58,KR3);

-	RIP2(B,C,D,E,A,WR59,SR59,KR3);

-	RIP2(A,B,C,D,E,WR60,SR60,KR3);

-	RIP2(E,A,B,C,D,WR61,SR61,KR3);

-	RIP2(D,E,A,B,C,WR62,SR62,KR3);

-	RIP2(C,D,E,A,B,WR63,SR63,KR3);

-	RIP1(B,C,D,E,A,WR64,SR64);

-	RIP1(A,B,C,D,E,WR65,SR65);

-	RIP1(E,A,B,C,D,WR66,SR66);

-	RIP1(D,E,A,B,C,WR67,SR67);

-	RIP1(C,D,E,A,B,WR68,SR68);

-	RIP1(B,C,D,E,A,WR69,SR69);

-	RIP1(A,B,C,D,E,WR70,SR70);

-	RIP1(E,A,B,C,D,WR71,SR71);

-	RIP1(D,E,A,B,C,WR72,SR72);

-	RIP1(C,D,E,A,B,WR73,SR73);

-	RIP1(B,C,D,E,A,WR74,SR74);

-	RIP1(A,B,C,D,E,WR75,SR75);

-	RIP1(E,A,B,C,D,WR76,SR76);

-	RIP1(D,E,A,B,C,WR77,SR77);

-	RIP1(C,D,E,A,B,WR78,SR78);

-	RIP1(B,C,D,E,A,WR79,SR79);

-	D     =ctx->B+c+D;

-	ctx->B=ctx->C+d+E;

-	ctx->C=ctx->D+e+A;

-	ctx->D=ctx->E+a+B;

-	ctx->E=ctx->A+b+C;

-	ctx->A=D;

-		}

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ripemd/rmd_locl.h

+++ /dev/null

@@ -1,164 +1,0 @@

-/* crypto/ripemd/rmd_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/opensslconf.h>

-#include <openssl/ripemd.h>

-#ifndef RIPEMD160_LONG_LOG2

-#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */

-#endif

-/*

- * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c

- * FOR EXPLANATIONS ON FOLLOWING "CODE."

- *					<[email protected]>

- */

-#ifdef RMD160_ASM

-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)

-#  if !defined(B_ENDIAN)

-#   define ripemd160_block_host_order ripemd160_block_asm_host_order

-#  endif

-# endif

-#endif

-void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,size_t num);

-void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);

-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)

-# if !defined(B_ENDIAN)

-#  define ripemd160_block_data_order ripemd160_block_host_order

-# endif

-#endif

-#define DATA_ORDER_IS_LITTLE_ENDIAN

-#define HASH_LONG               RIPEMD160_LONG

-#define HASH_LONG_LOG2          RIPEMD160_LONG_LOG2

-#define HASH_CTX                RIPEMD160_CTX

-#define HASH_CBLOCK             RIPEMD160_CBLOCK

-#define HASH_LBLOCK             RIPEMD160_LBLOCK

-#define HASH_UPDATE             RIPEMD160_Update

-#define HASH_TRANSFORM          RIPEMD160_Transform

-#define HASH_FINAL              RIPEMD160_Final

-#define HASH_BLOCK_HOST_ORDER   ripemd160_block_host_order

-#define	HASH_MAKE_STRING(c,s)	do {	\

-	unsigned long ll;		\

-	ll=(c)->A; HOST_l2c(ll,(s));	\

-	ll=(c)->B; HOST_l2c(ll,(s));	\

-	ll=(c)->C; HOST_l2c(ll,(s));	\

-	ll=(c)->D; HOST_l2c(ll,(s));	\

-	ll=(c)->E; HOST_l2c(ll,(s));	\

-	} while (0)

-#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order)

-#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order

-#endif

-#include "md32_common.h"

-#if 0

-#define F1(x,y,z)	 ((x)^(y)^(z))

-#define F2(x,y,z)	(((x)&(y))|((~x)&z))

-#define F3(x,y,z)	(((x)|(~y))^(z))

-#define F4(x,y,z)	(((x)&(z))|((y)&(~(z))))

-#define F5(x,y,z)	 ((x)^((y)|(~(z))))

-#else

-/*

- * Transformed F2 and F4 are courtesy of Wei Dai <[email protected]>

- */

-#define F1(x,y,z)	((x) ^ (y) ^ (z))

-#define F2(x,y,z)	((((y) ^ (z)) & (x)) ^ (z))

-#define F3(x,y,z)	(((~(y)) | (x)) ^ (z))

-#define F4(x,y,z)	((((x) ^ (y)) & (z)) ^ (y))

-#define F5(x,y,z)	(((~(z)) | (y)) ^ (x))

-#endif

-#define RIPEMD160_A	0x67452301L

-#define RIPEMD160_B	0xEFCDAB89L

-#define RIPEMD160_C	0x98BADCFEL

-#define RIPEMD160_D	0x10325476L

-#define RIPEMD160_E	0xC3D2E1F0L

-#include "rmdconst.h"

-#define RIP1(a,b,c,d,e,w,s) { \

-	a+=F1(b,c,d)+X(w); \

-        a=ROTATE(a,s)+e; \

-        c=ROTATE(c,10); }

-#define RIP2(a,b,c,d,e,w,s,K) { \

-	a+=F2(b,c,d)+X(w)+K; \

-        a=ROTATE(a,s)+e; \

-        c=ROTATE(c,10); }

-#define RIP3(a,b,c,d,e,w,s,K) { \

-	a+=F3(b,c,d)+X(w)+K; \

-        a=ROTATE(a,s)+e; \

-        c=ROTATE(c,10); }

-#define RIP4(a,b,c,d,e,w,s,K) { \

-	a+=F4(b,c,d)+X(w)+K; \

-        a=ROTATE(a,s)+e; \

-        c=ROTATE(c,10); }

-#define RIP5(a,b,c,d,e,w,s,K) { \

-	a+=F5(b,c,d)+X(w)+K; \

-        a=ROTATE(a,s)+e; \

-        c=ROTATE(c,10); }

--- a/sys/src/ape/lib/openssl/crypto/ripemd/rmd_one.c

+++ /dev/null

@@ -1,78 +1,0 @@

-/* crypto/ripemd/rmd_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/ripemd.h>

-#include <openssl/crypto.h>

-unsigned char *RIPEMD160(const unsigned char *d, size_t n,

-	     unsigned char *md)

-	{

-	RIPEMD160_CTX c;

-	static unsigned char m[RIPEMD160_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!RIPEMD160_Init(&c))

-		return NULL;

-	RIPEMD160_Update(&c,d,n);

-	RIPEMD160_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */

-	return(md);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ripemd/rmdconst.h

+++ /dev/null

@@ -1,399 +1,0 @@

-/* crypto/ripemd/rmdconst.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#define KL0 0x00000000L

-#define KL1 0x5A827999L

-#define KL2 0x6ED9EBA1L

-#define KL3 0x8F1BBCDCL

-#define KL4 0xA953FD4EL

-#define KR0 0x50A28BE6L

-#define KR1 0x5C4DD124L

-#define KR2 0x6D703EF3L

-#define KR3 0x7A6D76E9L

-#define KR4 0x00000000L

-#define WL00  0

-#define SL00 11

-#define WL01  1

-#define SL01 14

-#define WL02  2

-#define SL02 15

-#define WL03  3

-#define SL03 12

-#define WL04  4

-#define SL04  5

-#define WL05  5

-#define SL05  8

-#define WL06  6

-#define SL06  7

-#define WL07  7

-#define SL07  9

-#define WL08  8

-#define SL08 11

-#define WL09  9

-#define SL09 13

-#define WL10 10

-#define SL10 14

-#define WL11 11

-#define SL11 15

-#define WL12 12

-#define SL12  6

-#define WL13 13

-#define SL13  7

-#define WL14 14

-#define SL14  9

-#define WL15 15

-#define SL15  8

-#define WL16  7

-#define SL16  7

-#define WL17  4

-#define SL17  6

-#define WL18 13

-#define SL18  8

-#define WL19  1

-#define SL19 13

-#define WL20 10

-#define SL20 11

-#define WL21  6

-#define SL21  9

-#define WL22 15

-#define SL22  7

-#define WL23  3

-#define SL23 15

-#define WL24 12

-#define SL24  7

-#define WL25  0

-#define SL25 12

-#define WL26  9

-#define SL26 15

-#define WL27  5

-#define SL27  9

-#define WL28  2

-#define SL28 11

-#define WL29 14

-#define SL29  7

-#define WL30 11

-#define SL30 13

-#define WL31  8

-#define SL31 12

-#define WL32  3

-#define SL32 11

-#define WL33 10

-#define SL33 13

-#define WL34 14

-#define SL34  6

-#define WL35  4

-#define SL35  7

-#define WL36  9

-#define SL36 14

-#define WL37 15

-#define SL37  9

-#define WL38  8

-#define SL38 13

-#define WL39  1

-#define SL39 15

-#define WL40  2

-#define SL40 14

-#define WL41  7

-#define SL41  8

-#define WL42  0

-#define SL42 13

-#define WL43  6

-#define SL43  6

-#define WL44 13

-#define SL44  5

-#define WL45 11

-#define SL45 12

-#define WL46  5

-#define SL46  7

-#define WL47 12

-#define SL47  5

-#define WL48  1

-#define SL48 11

-#define WL49  9

-#define SL49 12

-#define WL50 11

-#define SL50 14

-#define WL51 10

-#define SL51 15

-#define WL52  0

-#define SL52 14

-#define WL53  8

-#define SL53 15

-#define WL54 12

-#define SL54  9

-#define WL55  4

-#define SL55  8

-#define WL56 13

-#define SL56  9

-#define WL57  3

-#define SL57 14

-#define WL58  7

-#define SL58  5

-#define WL59 15

-#define SL59  6

-#define WL60 14

-#define SL60  8

-#define WL61  5

-#define SL61  6

-#define WL62  6

-#define SL62  5

-#define WL63  2

-#define SL63 12

-#define WL64  4

-#define SL64  9

-#define WL65  0

-#define SL65 15

-#define WL66  5

-#define SL66  5

-#define WL67  9

-#define SL67 11

-#define WL68  7

-#define SL68  6

-#define WL69 12

-#define SL69  8

-#define WL70  2

-#define SL70 13

-#define WL71 10

-#define SL71 12

-#define WL72 14

-#define SL72  5

-#define WL73  1

-#define SL73 12

-#define WL74  3

-#define SL74 13

-#define WL75  8

-#define SL75 14

-#define WL76 11

-#define SL76 11

-#define WL77  6

-#define SL77  8

-#define WL78 15

-#define SL78  5

-#define WL79 13

-#define SL79  6

-#define WR00  5

-#define SR00  8

-#define WR01 14

-#define SR01  9

-#define WR02  7

-#define SR02  9

-#define WR03  0

-#define SR03 11

-#define WR04  9

-#define SR04 13

-#define WR05  2

-#define SR05 15

-#define WR06 11

-#define SR06 15

-#define WR07  4

-#define SR07  5

-#define WR08 13

-#define SR08  7

-#define WR09  6

-#define SR09  7

-#define WR10 15

-#define SR10  8

-#define WR11  8

-#define SR11 11

-#define WR12  1

-#define SR12 14

-#define WR13 10

-#define SR13 14

-#define WR14  3

-#define SR14 12

-#define WR15 12

-#define SR15  6

-#define WR16  6

-#define SR16  9

-#define WR17 11

-#define SR17 13

-#define WR18  3

-#define SR18 15

-#define WR19  7

-#define SR19  7

-#define WR20  0

-#define SR20 12

-#define WR21 13

-#define SR21  8

-#define WR22  5

-#define SR22  9

-#define WR23 10

-#define SR23 11

-#define WR24 14

-#define SR24  7

-#define WR25 15

-#define SR25  7

-#define WR26  8

-#define SR26 12

-#define WR27 12

-#define SR27  7

-#define WR28  4

-#define SR28  6

-#define WR29  9

-#define SR29 15

-#define WR30  1

-#define SR30 13

-#define WR31  2

-#define SR31 11

-#define WR32 15

-#define SR32  9

-#define WR33  5

-#define SR33  7

-#define WR34  1

-#define SR34 15

-#define WR35  3

-#define SR35 11

-#define WR36  7

-#define SR36  8

-#define WR37 14

-#define SR37  6

-#define WR38  6

-#define SR38  6

-#define WR39  9

-#define SR39 14

-#define WR40 11

-#define SR40 12

-#define WR41  8

-#define SR41 13

-#define WR42 12

-#define SR42  5

-#define WR43  2

-#define SR43 14

-#define WR44 10

-#define SR44 13

-#define WR45  0

-#define SR45 13

-#define WR46  4

-#define SR46  7

-#define WR47 13

-#define SR47  5

-#define WR48  8

-#define SR48 15

-#define WR49  6

-#define SR49  5

-#define WR50  4

-#define SR50  8

-#define WR51  1

-#define SR51 11

-#define WR52  3

-#define SR52 14

-#define WR53 11

-#define SR53 14

-#define WR54 15

-#define SR54  6

-#define WR55  0

-#define SR55 14

-#define WR56  5

-#define SR56  6

-#define WR57 12

-#define SR57  9

-#define WR58  2

-#define SR58 12

-#define WR59 13

-#define SR59  9

-#define WR60  9

-#define SR60 12

-#define WR61  7

-#define SR61  5

-#define WR62 10

-#define SR62 15

-#define WR63 14

-#define SR63  8

-#define WR64 12

-#define SR64  8

-#define WR65 15

-#define SR65  5

-#define WR66 10

-#define SR66 12

-#define WR67  4

-#define SR67  9

-#define WR68  1

-#define SR68 12

-#define WR69  5

-#define SR69  5

-#define WR70  8

-#define SR70 14

-#define WR71  7

-#define SR71  6

-#define WR72  6

-#define SR72  8

-#define WR73  2

-#define SR73 13

-#define WR74 13

-#define SR74  6

-#define WR75 14

-#define SR75  5

-#define WR76  0

-#define SR76 15

-#define WR77  3

-#define SR77 13

-#define WR78  9

-#define SR78 11

-#define WR79 11

-#define SR79 11

--- a/sys/src/ape/lib/openssl/crypto/ripemd/rmdtest.c

+++ /dev/null

@@ -1,145 +1,0 @@

-/* crypto/ripemd/rmdtest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_RIPEMD

-int main(int argc, char *argv[])

-{

-    printf("No ripemd support\n");

-    return(0);

-}

-#else

-#include <openssl/ripemd.h>

-#include <openssl/evp.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-static char *test[]={

-	"",

-	"a",

-	"abc",

-	"message digest",

-	"abcdefghijklmnopqrstuvwxyz",

-	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",

-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",

-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",

-	NULL,

-	};

-static char *ret[]={

-	"9c1185a5c5e9fc54612808977ee8f548b2258d31",

-	"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",

-	"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",

-	"5d0689ef49d2fae572b881b123a85ffa21595f36",

-	"f71c27109c692c1b56bbdceb5b9d2865b3708dbc",

-	"12a053384a9c0c88e405a06c27dcf49ada62eb2b",

-	"b0e20b6e3116640286ed3a87a5713079b21f5189",

-	"9b752e45573d4b39f4dbd3323cab82bf63326bfb",

-	};

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	char **P,**R;

-	char *p;

-	unsigned char md[RIPEMD160_DIGEST_LENGTH];

-	P=test;

-	R=ret;

-	i=1;

-	while (*P != NULL)

-		{

-#ifdef CHARSET_EBCDIC

-		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));

-#endif

-		EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);

-		p=pt(md);

-		if (strcmp(p,(char *)*R) != 0)

-			{

-			printf("error calculating RIPEMD160 on '%s'\n",*P);

-			printf("got %s instead of %s\n",p,*R);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		i++;

-		R++;

-		P++;

-		}

-	EXIT(err);

-	return(0);

-	}

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/Makefile

+++ /dev/null

@@ -1,239 +1,0 @@

-#

-# OpenSSL/crypto/rsa/Makefile

-#

-DIR=	rsa

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=rsa_test.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \

-	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \

-	rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c

-LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \

-	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \

-	rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o

-SRC= $(LIBSRC)

-EXHEADER= rsa.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-rsa_asn1.o: ../../include/openssl/opensslconf.h

-rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_asn1.o: ../cryptlib.h rsa_asn1.c

-rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

-rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_chk.o: rsa_chk.c

-rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_depr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-rsa_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_depr.o: ../cryptlib.h rsa_depr.c

-rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c

-rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-rsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h

-rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_err.o: ../../include/openssl/symhacks.h rsa_err.c

-rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_gen.o: ../cryptlib.h rsa_gen.c

-rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

-rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

-rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_lib.o: ../cryptlib.h rsa_lib.c

-rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c

-rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c

-rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-rsa_oaep.o: ../../include/openssl/opensslconf.h

-rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_oaep.o: ../cryptlib.h rsa_oaep.c

-rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c

-rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

-rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c

-rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-rsa_saos.o: ../cryptlib.h rsa_saos.c

-rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

-rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-rsa_sign.o: ../cryptlib.h rsa_sign.c

-rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c

-rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h

-rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

-rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa.h

+++ /dev/null

@@ -1,455 +1,0 @@

-/* crypto/rsa/rsa.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_RSA_H

-#define HEADER_RSA_H

-#include <openssl/asn1.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/crypto.h>

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/bn.h>

-#endif

-#ifdef OPENSSL_NO_RSA

-#error RSA is disabled.

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Declared already in ossl_typ.h */

-/* typedef struct rsa_st RSA; */

-/* typedef struct rsa_meth_st RSA_METHOD; */

-struct rsa_meth_st

-	{

-	const char *name;

-	int (*rsa_pub_enc)(int flen,const unsigned char *from,

-			   unsigned char *to,

-			   RSA *rsa,int padding);

-	int (*rsa_pub_dec)(int flen,const unsigned char *from,

-			   unsigned char *to,

-			   RSA *rsa,int padding);

-	int (*rsa_priv_enc)(int flen,const unsigned char *from,

-			    unsigned char *to,

-			    RSA *rsa,int padding);

-	int (*rsa_priv_dec)(int flen,const unsigned char *from,

-			    unsigned char *to,

-			    RSA *rsa,int padding);

-	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */

-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx,

-			  BN_MONT_CTX *m_ctx); /* Can be null */

-	int (*init)(RSA *rsa);		/* called at new */

-	int (*finish)(RSA *rsa);	/* called at free */

-	int flags;			/* RSA_METHOD_FLAG_* things */

-	char *app_data;			/* may be needed! */

-/* New sign and verify functions: some libraries don't allow arbitrary data

- * to be signed/verified: this allows them to be used. Note: for this to work

- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used

- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards

- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER

- * option is set in 'flags'.

- */

-	int (*rsa_sign)(int type,

-		const unsigned char *m, unsigned int m_length,

-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);

-	int (*rsa_verify)(int dtype,

-		const unsigned char *m, unsigned int m_length,

-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);

-/* If this callback is NULL, the builtin software RSA key-gen will be used. This

- * is for behavioural compatibility whilst the code gets rewired, but one day

- * it would be nice to assume there are no such things as "builtin software"

- * implementations. */

-	int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);

-	};

-struct rsa_st

-	{

-	/* The first parameter is used to pickup errors where

-	 * this is passed instead of aEVP_PKEY, it is set to 0 */

-	int pad;

-	long version;

-	const RSA_METHOD *meth;

-	/* functional reference if 'meth' is ENGINE-provided */

-	ENGINE *engine;

-	BIGNUM *n;

-	BIGNUM *e;

-	BIGNUM *d;

-	BIGNUM *p;

-	BIGNUM *q;

-	BIGNUM *dmp1;

-	BIGNUM *dmq1;

-	BIGNUM *iqmp;

-	/* be careful using this if the RSA structure is shared */

-	CRYPTO_EX_DATA ex_data;

-	int references;

-	int flags;

-	/* Used to cache montgomery values */

-	BN_MONT_CTX *_method_mod_n;

-	BN_MONT_CTX *_method_mod_p;

-	BN_MONT_CTX *_method_mod_q;

-	/* all BIGNUM values are actually in the following data, if it is not

-	 * NULL */

-	char *bignum_data;

-	BN_BLINDING *blinding;

-	BN_BLINDING *mt_blinding;

-	};

-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS

-# define OPENSSL_RSA_MAX_MODULUS_BITS	16384

-#endif

-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS

-# define OPENSSL_RSA_SMALL_MODULUS_BITS	3072

-#endif

-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS

-# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */

-#endif

-#define RSA_3	0x3L

-#define RSA_F4	0x10001L

-#define RSA_METHOD_FLAG_NO_CHECK	0x0001 /* don't check pub/private match */

-#define RSA_FLAG_CACHE_PUBLIC		0x0002

-#define RSA_FLAG_CACHE_PRIVATE		0x0004

-#define RSA_FLAG_BLINDING		0x0008

-#define RSA_FLAG_THREAD_SAFE		0x0010

-/* This flag means the private key operations will be handled by rsa_mod_exp

- * and that they do not depend on the private key components being present:

- * for example a key stored in external hardware. Without this flag bn_mod_exp

- * gets called when private key components are absent.

- */

-#define RSA_FLAG_EXT_PKEY		0x0020

-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.

- */

-#define RSA_FLAG_SIGN_VER		0x0040

-#define RSA_FLAG_NO_BLINDING		0x0080 /* new with 0.9.6j and 0.9.7b; the built-in

-                                                * RSA implementation now uses blinding by

-                                                * default (ignoring RSA_FLAG_BLINDING),

-                                                * but other engines might not need it

-                                                */

-#define RSA_FLAG_NO_CONSTTIME		0x0100 /* new with 0.9.8f; the built-in RSA

-						* implementation now uses constant time

-						* operations by default in private key operations,

-						* e.g., constant time modular exponentiation,

-                                                * modular inverse without leaking branches,

-                                                * division without leaking branches. This

-                                                * flag disables these constant time

-                                                * operations and results in faster RSA

-                                                * private key operations.

-                                                */

-#ifndef OPENSSL_NO_DEPRECATED

-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/

-                                                /* new with 0.9.7h; the built-in RSA

-                                                * implementation now uses constant time

-                                                * modular exponentiation for secret exponents

-                                                * by default. This flag causes the

-                                                * faster variable sliding window method to

-                                                * be used for all exponents.

-                                                */

-#endif

-#define RSA_PKCS1_PADDING	1

-#define RSA_SSLV23_PADDING	2

-#define RSA_NO_PADDING		3

-#define RSA_PKCS1_OAEP_PADDING	4

-#define RSA_X931_PADDING	5

-#define RSA_PKCS1_PADDING_SIZE	11

-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)

-#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)

-RSA *	RSA_new(void);

-RSA *	RSA_new_method(ENGINE *engine);

-int	RSA_size(const RSA *);

-/* Deprecated version */

-#ifndef OPENSSL_NO_DEPRECATED

-RSA *	RSA_generate_key(int bits, unsigned long e,void

-		(*callback)(int,int,void *),void *cb_arg);

-#endif /* !defined(OPENSSL_NO_DEPRECATED) */

-/* New version */

-int	RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);

-int	RSA_check_key(const RSA *);

-	/* next 4 return -1 on error */

-int	RSA_public_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-int	RSA_private_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-int	RSA_public_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-int	RSA_private_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-void	RSA_free (RSA *r);

-/* "up" the RSA object's reference count */

-int	RSA_up_ref(RSA *r);

-int	RSA_flags(const RSA *r);

-void RSA_set_default_method(const RSA_METHOD *meth);

-const RSA_METHOD *RSA_get_default_method(void);

-const RSA_METHOD *RSA_get_method(const RSA *rsa);

-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);

-/* This function needs the memory locking malloc callbacks to be installed */

-int RSA_memory_lock(RSA *r);

-/* these are the actual SSLeay RSA functions */

-const RSA_METHOD *RSA_PKCS1_SSLeay(void);

-const RSA_METHOD *RSA_null_method(void);

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)

-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)

-#ifndef OPENSSL_NO_FP_API

-int	RSA_print_fp(FILE *fp, const RSA *r,int offset);

-#endif

-#ifndef OPENSSL_NO_BIO

-int	RSA_print(BIO *bp, const RSA *r,int offset);

-#endif

-int i2d_RSA_NET(const RSA *a, unsigned char **pp,

-		int (*cb)(char *buf, int len, const char *prompt, int verify),

-		int sgckey);

-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,

-		 int (*cb)(char *buf, int len, const char *prompt, int verify),

-		 int sgckey);

-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,

-		     int (*cb)(char *buf, int len, const char *prompt,

-			       int verify));

-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,

-		      int (*cb)(char *buf, int len, const char *prompt,

-				int verify));

-/* The following 2 functions sign and verify a X509_SIG ASN1 object

- * inside PKCS#1 padded RSA encryption */

-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,

-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);

-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,

-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

-/* The following 2 function sign and verify a ASN1_OCTET_STRING

- * object inside PKCS#1 padded RSA encryption */

-int RSA_sign_ASN1_OCTET_STRING(int type,

-	const unsigned char *m, unsigned int m_length,

-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);

-int RSA_verify_ASN1_OCTET_STRING(int type,

-	const unsigned char *m, unsigned int m_length,

-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);

-void RSA_blinding_off(RSA *rsa);

-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);

-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int PKCS1_MGF1(unsigned char *mask, long len,

-	const unsigned char *seed, long seedlen, const EVP_MD *dgst);

-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,

-	const unsigned char *p,int pl);

-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len,

-	const unsigned char *p,int pl);

-int RSA_padding_add_SSLv23(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_SSLv23(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_padding_add_none(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_none(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_padding_add_X931(unsigned char *to,int tlen,

-	const unsigned char *f,int fl);

-int RSA_padding_check_X931(unsigned char *to,int tlen,

-	const unsigned char *f,int fl,int rsa_len);

-int RSA_X931_hash_id(int nid);

-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,

-			const EVP_MD *Hash, const unsigned char *EM, int sLen);

-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,

-			const unsigned char *mHash,

-			const EVP_MD *Hash, int sLen);

-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int RSA_set_ex_data(RSA *r,int idx,void *arg);

-void *RSA_get_ex_data(const RSA *r, int idx);

-RSA *RSAPublicKey_dup(RSA *rsa);

-RSA *RSAPrivateKey_dup(RSA *rsa);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_RSA_strings(void);

-/* Error codes for the RSA functions. */

-/* Function codes. */

-#define RSA_F_MEMORY_LOCK				 100

-#define RSA_F_RSA_BUILTIN_KEYGEN			 129

-#define RSA_F_RSA_CHECK_KEY				 123

-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101

-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102

-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103

-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104

-#define RSA_F_RSA_GENERATE_KEY				 105

-#define RSA_F_RSA_MEMORY_LOCK				 130

-#define RSA_F_RSA_NEW_METHOD				 106

-#define RSA_F_RSA_NULL					 124

-#define RSA_F_RSA_NULL_MOD_EXP				 131

-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT			 132

-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT			 133

-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT			 134

-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT			 135

-#define RSA_F_RSA_PADDING_ADD_NONE			 107

-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121

-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125

-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108

-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109

-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110

-#define RSA_F_RSA_PADDING_ADD_X931			 127

-#define RSA_F_RSA_PADDING_CHECK_NONE			 111

-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122

-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112

-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113

-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114

-#define RSA_F_RSA_PADDING_CHECK_X931			 128

-#define RSA_F_RSA_PRINT					 115

-#define RSA_F_RSA_PRINT_FP				 116

-#define RSA_F_RSA_SETUP_BLINDING			 136

-#define RSA_F_RSA_SIGN					 117

-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118

-#define RSA_F_RSA_VERIFY				 119

-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120

-#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126

-/* Reason codes. */

-#define RSA_R_ALGORITHM_MISMATCH			 100

-#define RSA_R_BAD_E_VALUE				 101

-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102

-#define RSA_R_BAD_PAD_BYTE_COUNT			 103

-#define RSA_R_BAD_SIGNATURE				 104

-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106

-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107

-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108

-#define RSA_R_DATA_TOO_LARGE				 109

-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110

-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132

-#define RSA_R_DATA_TOO_SMALL				 111

-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122

-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112

-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124

-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125

-#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123

-#define RSA_R_FIRST_OCTET_INVALID			 133

-#define RSA_R_INVALID_HEADER				 137

-#define RSA_R_INVALID_MESSAGE_LENGTH			 131

-#define RSA_R_INVALID_PADDING				 138

-#define RSA_R_INVALID_TRAILER				 139

-#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126

-#define RSA_R_KEY_SIZE_TOO_SMALL			 120

-#define RSA_R_LAST_OCTET_INVALID			 134

-#define RSA_R_MODULUS_TOO_LARGE				 105

-#define RSA_R_NO_PUBLIC_EXPONENT			 140

-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113

-#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127

-#define RSA_R_OAEP_DECODING_ERROR			 121

-#define RSA_R_PADDING_CHECK_FAILED			 114

-#define RSA_R_P_NOT_PRIME				 128

-#define RSA_R_Q_NOT_PRIME				 129

-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130

-#define RSA_R_SLEN_CHECK_FAILED				 136

-#define RSA_R_SLEN_RECOVERY_FAILED			 135

-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115

-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116

-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117

-#define RSA_R_UNKNOWN_PADDING_TYPE			 118

-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_asn1.c

+++ /dev/null

@@ -1,121 +1,0 @@

-/* rsa_asn1.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/asn1t.h>

-static ASN1_METHOD method={

-        (I2D_OF(void))     i2d_RSAPrivateKey,

-        (D2I_OF(void))     d2i_RSAPrivateKey,

-        (void *(*)(void))  RSA_new,

-        (void (*)(void *)) RSA_free};

-ASN1_METHOD *RSAPrivateKey_asn1_meth(void)

-	{

-	return(&method);

-	}

-/* Override the default free and new methods */

-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

-{

-	if(operation == ASN1_OP_NEW_PRE) {

-		*pval = (ASN1_VALUE *)RSA_new();

-		if(*pval) return 2;

-		return 0;

-	} else if(operation == ASN1_OP_FREE_PRE) {

-		RSA_free((RSA *)*pval);

-		*pval = NULL;

-		return 2;

-	}

-	return 1;

-}

-ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {

-	ASN1_SIMPLE(RSA, version, LONG),

-	ASN1_SIMPLE(RSA, n, BIGNUM),

-	ASN1_SIMPLE(RSA, e, BIGNUM),

-	ASN1_SIMPLE(RSA, d, BIGNUM),

-	ASN1_SIMPLE(RSA, p, BIGNUM),

-	ASN1_SIMPLE(RSA, q, BIGNUM),

-	ASN1_SIMPLE(RSA, dmp1, BIGNUM),

-	ASN1_SIMPLE(RSA, dmq1, BIGNUM),

-	ASN1_SIMPLE(RSA, iqmp, BIGNUM)

-} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)

-ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {

-	ASN1_SIMPLE(RSA, n, BIGNUM),

-	ASN1_SIMPLE(RSA, e, BIGNUM),

-} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)

-RSA *RSAPublicKey_dup(RSA *rsa)

-	{

-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);

-	}

-RSA *RSAPrivateKey_dup(RSA *rsa)

-	{

-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_chk.c

+++ /dev/null

@@ -1,184 +1,0 @@

-/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- */

-#include <openssl/bn.h>

-#include <openssl/err.h>

-#include <openssl/rsa.h>

-int RSA_check_key(const RSA *key)

-	{

-	BIGNUM *i, *j, *k, *l, *m;

-	BN_CTX *ctx;

-	int r;

-	int ret=1;

-	i = BN_new();

-	j = BN_new();

-	k = BN_new();

-	l = BN_new();

-	m = BN_new();

-	ctx = BN_CTX_new();

-	if (i == NULL || j == NULL || k == NULL || l == NULL ||

-		m == NULL || ctx == NULL)

-		{

-		ret = -1;

-		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	/* p prime? */

-	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);

-	if (r != 1)

-		{

-		ret = r;

-		if (r != 0)

-			goto err;

-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);

-		}

-	/* q prime? */

-	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);

-	if (r != 1)

-		{

-		ret = r;

-		if (r != 0)

-			goto err;

-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);

-		}

-	/* n = p*q? */

-	r = BN_mul(i, key->p, key->q, ctx);

-	if (!r) { ret = -1; goto err; }

-	if (BN_cmp(i, key->n) != 0)

-		{

-		ret = 0;

-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);

-		}

-	/* d*e = 1  mod lcm(p-1,q-1)? */

-	r = BN_sub(i, key->p, BN_value_one());

-	if (!r) { ret = -1; goto err; }

-	r = BN_sub(j, key->q, BN_value_one());

-	if (!r) { ret = -1; goto err; }

-	/* now compute k = lcm(i,j) */

-	r = BN_mul(l, i, j, ctx);

-	if (!r) { ret = -1; goto err; }

-	r = BN_gcd(m, i, j, ctx);

-	if (!r) { ret = -1; goto err; }

-	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */

-	if (!r) { ret = -1; goto err; }

-	r = BN_mod_mul(i, key->d, key->e, k, ctx);

-	if (!r) { ret = -1; goto err; }

-	if (!BN_is_one(i))

-		{

-		ret = 0;

-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);

-		}

-	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)

-		{

-		/* dmp1 = d mod (p-1)? */

-		r = BN_sub(i, key->p, BN_value_one());

-		if (!r) { ret = -1; goto err; }

-		r = BN_mod(j, key->d, i, ctx);

-		if (!r) { ret = -1; goto err; }

-		if (BN_cmp(j, key->dmp1) != 0)

-			{

-			ret = 0;

-			RSAerr(RSA_F_RSA_CHECK_KEY,

-				RSA_R_DMP1_NOT_CONGRUENT_TO_D);

-			}

-		/* dmq1 = d mod (q-1)? */

-		r = BN_sub(i, key->q, BN_value_one());

-		if (!r) { ret = -1; goto err; }

-		r = BN_mod(j, key->d, i, ctx);

-		if (!r) { ret = -1; goto err; }

-		if (BN_cmp(j, key->dmq1) != 0)

-			{

-			ret = 0;

-			RSAerr(RSA_F_RSA_CHECK_KEY,

-				RSA_R_DMQ1_NOT_CONGRUENT_TO_D);

-			}

-		/* iqmp = q^-1 mod p? */

-		if(!BN_mod_inverse(i, key->q, key->p, ctx))

-			{

-			ret = -1;

-			goto err;

-			}

-		if (BN_cmp(i, key->iqmp) != 0)

-			{

-			ret = 0;

-			RSAerr(RSA_F_RSA_CHECK_KEY,

-				RSA_R_IQMP_NOT_INVERSE_OF_Q);

-			}

-		}

- err:

-	if (i != NULL) BN_free(i);

-	if (j != NULL) BN_free(j);

-	if (k != NULL) BN_free(k);

-	if (l != NULL) BN_free(l);

-	if (m != NULL) BN_free(m);

-	if (ctx != NULL) BN_CTX_free(ctx);

-	return (ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_depr.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* crypto/rsa/rsa_depr.c */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NB: This file contains deprecated functions (compatibility wrappers to the

- * "new" versions). */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#ifdef OPENSSL_NO_DEPRECATED

-static void *dummy=&dummy;

-#else

-RSA *RSA_generate_key(int bits, unsigned long e_value,

-	     void (*callback)(int,int,void *), void *cb_arg)

-	{

-	BN_GENCB cb;

-	int i;

-	RSA *rsa = RSA_new();

-	BIGNUM *e = BN_new();

-	if(!rsa || !e) goto err;

-	/* The problem is when building with 8, 16, or 32 BN_ULONG,

-	 * unsigned long can be larger */

-	for (i=0; i<(int)sizeof(unsigned long)*8; i++)

-		{

-		if (e_value & (1UL<<i))

-			if (BN_set_bit(e,i) == 0)

-				goto err;

-		}

-	BN_GENCB_set_old(&cb, callback, cb_arg);

-	if(RSA_generate_key_ex(rsa, bits, e, &cb)) {

-		BN_free(e);

-		return rsa;

-	}

-err:

-	if(e) BN_free(e);

-	if(rsa) RSA_free(rsa);

-	return 0;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_eay.c

+++ /dev/null

@@ -1,884 +1,0 @@

-/* crypto/rsa/rsa_eay.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-#ifndef RSA_NULL

-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);

-static int RSA_eay_init(RSA *rsa);

-static int RSA_eay_finish(RSA *rsa);

-static RSA_METHOD rsa_pkcs1_eay_meth={

-	"Eric Young's PKCS#1 RSA",

-	RSA_eay_public_encrypt,

-	RSA_eay_public_decrypt, /* signature verification */

-	RSA_eay_private_encrypt, /* signing */

-	RSA_eay_private_decrypt,

-	RSA_eay_mod_exp,

-	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */

-	RSA_eay_init,

-	RSA_eay_finish,

-	0, /* flags */

-	NULL,

-	0, /* rsa_sign */

-	0, /* rsa_verify */

-	NULL /* rsa_keygen */

-	};

-const RSA_METHOD *RSA_PKCS1_SSLeay(void)

-	{

-	return(&rsa_pkcs1_eay_meth);

-	}

-/* Usage example;

- *    MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);

- */

-#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \

-	if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \

-			!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \

-				CRYPTO_LOCK_RSA, \

-				(rsa)->m, (ctx))) \

-		err_instr

-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	BIGNUM *f,*ret;

-	int i,j,k,num=0,r= -1;

-	unsigned char *buf=NULL;

-	BN_CTX *ctx=NULL;

-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);

-		return -1;

-		}

-	if (BN_ucmp(rsa->n, rsa->e) <= 0)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);

-		return -1;

-		}

-	/* for large moduli, enforce exponent limit */

-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)

-		{

-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)

-			{

-			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);

-			return -1;

-			}

-		}

-	if ((ctx=BN_CTX_new()) == NULL) goto err;

-	BN_CTX_start(ctx);

-	f = BN_CTX_get(ctx);

-	ret = BN_CTX_get(ctx);

-	num=BN_num_bytes(rsa->n);

-	buf = OPENSSL_malloc(num);

-	if (!f || !ret || !buf)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	switch (padding)

-		{

-	case RSA_PKCS1_PADDING:

-		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);

-		break;

-#ifndef OPENSSL_NO_SHA

-	case RSA_PKCS1_OAEP_PADDING:

-	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);

-		break;

-#endif

-	case RSA_SSLV23_PADDING:

-		i=RSA_padding_add_SSLv23(buf,num,from,flen);

-		break;

-	case RSA_NO_PADDING:

-		i=RSA_padding_add_none(buf,num,from,flen);

-		break;

-	default:

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);

-		goto err;

-		}

-	if (i <= 0) goto err;

-	if (BN_bin2bn(buf,num,f) == NULL) goto err;

-	if (BN_ucmp(f, rsa->n) >= 0)

-		{

-		/* usually the padding functions would catch this */

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);

-		goto err;

-		}

-	MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);

-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,

-		rsa->_method_mod_n)) goto err;

-	/* put in leading 0 bytes if the number is less than the

-	 * length of the modulus */

-	j=BN_num_bytes(ret);

-	i=BN_bn2bin(ret,&(to[num-j]));

-	for (k=0; k<(num-i); k++)

-		to[k]=0;

-	r=num;

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,num);

-		OPENSSL_free(buf);

-		}

-	return(r);

-	}

-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)

-{

-	BN_BLINDING *ret;

-	int got_write_lock = 0;

-	CRYPTO_r_lock(CRYPTO_LOCK_RSA);

-	if (rsa->blinding == NULL)

-		{

-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

-		CRYPTO_w_lock(CRYPTO_LOCK_RSA);

-		got_write_lock = 1;

-		if (rsa->blinding == NULL)

-			rsa->blinding = RSA_setup_blinding(rsa, ctx);

-		}

-	ret = rsa->blinding;

-	if (ret == NULL)

-		goto err;

-	if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())

-		{

-		/* rsa->blinding is ours! */

-		*local = 1;

-		}

-	else

-		{

-		/* resort to rsa->mt_blinding instead */

-		*local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()

-		             * that the BN_BLINDING is shared, meaning that accesses

-		             * require locks, and that the blinding factor must be

-		             * stored outside the BN_BLINDING

-		             */

-		if (rsa->mt_blinding == NULL)

-			{

-			if (!got_write_lock)

-				{

-				CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

-				CRYPTO_w_lock(CRYPTO_LOCK_RSA);

-				got_write_lock = 1;

-				}

-			if (rsa->mt_blinding == NULL)

-				rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);

-			}

-		ret = rsa->mt_blinding;

-		}

- err:

-	if (got_write_lock)

-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

-	else

-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

-	return ret;

-}

-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,

-	BIGNUM *r, BN_CTX *ctx)

-{

-	if (local)

-		return BN_BLINDING_convert_ex(f, NULL, b, ctx);

-	else

-		{

-		int ret;

-		CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);

-		ret = BN_BLINDING_convert_ex(f, r, b, ctx);

-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);

-		return ret;

-		}

-}

-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,

-	BIGNUM *r, BN_CTX *ctx)

-{

-	if (local)

-		return BN_BLINDING_invert_ex(f, NULL, b, ctx);

-	else

-		{

-		int ret;

-		CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);

-		ret = BN_BLINDING_invert_ex(f, r, b, ctx);

-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);

-		return ret;

-		}

-}

-/* signing */

-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	BIGNUM *f, *ret, *br, *res;

-	int i,j,k,num=0,r= -1;

-	unsigned char *buf=NULL;

-	BN_CTX *ctx=NULL;

-	int local_blinding = 0;

-	BN_BLINDING *blinding = NULL;

-	if ((ctx=BN_CTX_new()) == NULL) goto err;

-	BN_CTX_start(ctx);

-	f   = BN_CTX_get(ctx);

-	br  = BN_CTX_get(ctx);

-	ret = BN_CTX_get(ctx);

-	num = BN_num_bytes(rsa->n);

-	buf = OPENSSL_malloc(num);

-	if(!f || !ret || !buf)

-		{

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	switch (padding)

-		{

-	case RSA_PKCS1_PADDING:

-		i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);

-		break;

-	case RSA_X931_PADDING:

-		i=RSA_padding_add_X931(buf,num,from,flen);

-		break;

-	case RSA_NO_PADDING:

-		i=RSA_padding_add_none(buf,num,from,flen);

-		break;

-	case RSA_SSLV23_PADDING:

-	default:

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);

-		goto err;

-		}

-	if (i <= 0) goto err;

-	if (BN_bin2bn(buf,num,f) == NULL) goto err;

-	if (BN_ucmp(f, rsa->n) >= 0)

-		{

-		/* usually the padding functions would catch this */

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);

-		goto err;

-		}

-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))

-		{

-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);

-		if (blinding == NULL)

-			{

-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		}

-	if (blinding != NULL)

-		if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))

-			goto err;

-	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||

-		((rsa->p != NULL) &&

-		(rsa->q != NULL) &&

-		(rsa->dmp1 != NULL) &&

-		(rsa->dmq1 != NULL) &&

-		(rsa->iqmp != NULL)) )

-		{

-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;

-		}

-	else

-		{

-		BIGNUM local_d;

-		BIGNUM *d = NULL;

-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-			{

-			BN_init(&local_d);

-			d = &local_d;

-			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);

-			}

-		else

-			d = rsa->d;

-		MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);

-		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,

-				rsa->_method_mod_n)) goto err;

-		}

-	if (blinding)

-		if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))

-			goto err;

-	if (padding == RSA_X931_PADDING)

-		{

-		BN_sub(f, rsa->n, ret);

-		if (BN_cmp(ret, f))

-			res = f;

-		else

-			res = ret;

-		}

-	else

-		res = ret;

-	/* put in leading 0 bytes if the number is less than the

-	 * length of the modulus */

-	j=BN_num_bytes(res);

-	i=BN_bn2bin(res,&(to[num-j]));

-	for (k=0; k<(num-i); k++)

-		to[k]=0;

-	r=num;

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,num);

-		OPENSSL_free(buf);

-		}

-	return(r);

-	}

-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	BIGNUM *f, *ret, *br;

-	int j,num=0,r= -1;

-	unsigned char *p;

-	unsigned char *buf=NULL;

-	BN_CTX *ctx=NULL;

-	int local_blinding = 0;

-	BN_BLINDING *blinding = NULL;

-	if((ctx = BN_CTX_new()) == NULL) goto err;

-	BN_CTX_start(ctx);

-	f   = BN_CTX_get(ctx);

-	br  = BN_CTX_get(ctx);

-	ret = BN_CTX_get(ctx);

-	num = BN_num_bytes(rsa->n);

-	buf = OPENSSL_malloc(num);

-	if(!f || !ret || !buf)

-		{

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	/* This check was for equality but PGP does evil things

-	 * and chops off the top '0' bytes */

-	if (flen > num)

-		{

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);

-		goto err;

-		}

-	/* make data into a big number */

-	if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;

-	if (BN_ucmp(f, rsa->n) >= 0)

-		{

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);

-		goto err;

-		}

-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))

-		{

-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);

-		if (blinding == NULL)

-			{

-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		}

-	if (blinding != NULL)

-		if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))

-			goto err;

-	/* do the decrypt */

-	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||

-		((rsa->p != NULL) &&

-		(rsa->q != NULL) &&

-		(rsa->dmp1 != NULL) &&

-		(rsa->dmq1 != NULL) &&

-		(rsa->iqmp != NULL)) )

-		{

-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;

-		}

-	else

-		{

-		BIGNUM local_d;

-		BIGNUM *d = NULL;

-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-			{

-			d = &local_d;

-			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);

-			}

-		else

-			d = rsa->d;

-		MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);

-		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,

-				rsa->_method_mod_n))

-		  goto err;

-		}

-	if (blinding)

-		if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))

-			goto err;

-	p=buf;

-	j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */

-	switch (padding)

-		{

-	case RSA_PKCS1_PADDING:

-		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);

-		break;

-#ifndef OPENSSL_NO_SHA

-        case RSA_PKCS1_OAEP_PADDING:

-	        r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);

-                break;

-#endif

- 	case RSA_SSLV23_PADDING:

-		r=RSA_padding_check_SSLv23(to,num,buf,j,num);

-		break;

-	case RSA_NO_PADDING:

-		r=RSA_padding_check_none(to,num,buf,j,num);

-		break;

-	default:

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);

-		goto err;

-		}

-	if (r < 0)

-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,num);

-		OPENSSL_free(buf);

-		}

-	return(r);

-	}

-/* signature verification */

-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	BIGNUM *f,*ret;

-	int i,num=0,r= -1;

-	unsigned char *p;

-	unsigned char *buf=NULL;

-	BN_CTX *ctx=NULL;

-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);

-		return -1;

-		}

-	if (BN_ucmp(rsa->n, rsa->e) <= 0)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);

-		return -1;

-		}

-	/* for large moduli, enforce exponent limit */

-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)

-		{

-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)

-			{

-			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);

-			return -1;

-			}

-		}

-	if((ctx = BN_CTX_new()) == NULL) goto err;

-	BN_CTX_start(ctx);

-	f = BN_CTX_get(ctx);

-	ret = BN_CTX_get(ctx);

-	num=BN_num_bytes(rsa->n);

-	buf = OPENSSL_malloc(num);

-	if(!f || !ret || !buf)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	/* This check was for equality but PGP does evil things

-	 * and chops off the top '0' bytes */

-	if (flen > num)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);

-		goto err;

-		}

-	if (BN_bin2bn(from,flen,f) == NULL) goto err;

-	if (BN_ucmp(f, rsa->n) >= 0)

-		{

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);

-		goto err;

-		}

-	MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);

-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,

-		rsa->_method_mod_n)) goto err;

-	if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))

-		BN_sub(ret, rsa->n, ret);

-	p=buf;

-	i=BN_bn2bin(ret,p);

-	switch (padding)

-		{

-	case RSA_PKCS1_PADDING:

-		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);

-		break;

-	case RSA_X931_PADDING:

-		r=RSA_padding_check_X931(to,num,buf,i,num);

-		break;

-	case RSA_NO_PADDING:

-		r=RSA_padding_check_none(to,num,buf,i,num);

-		break;

-	default:

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);

-		goto err;

-		}

-	if (r < 0)

-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);

-err:

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	if (buf != NULL)

-		{

-		OPENSSL_cleanse(buf,num);

-		OPENSSL_free(buf);

-		}

-	return(r);

-	}

-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	BIGNUM *r1,*m1,*vrfy;

-	BIGNUM local_dmp1,local_dmq1,local_c,local_r1;

-	BIGNUM *dmp1,*dmq1,*c,*pr1;

-	int bn_flags;

-	int ret=0;

-	BN_CTX_start(ctx);

-	r1 = BN_CTX_get(ctx);

-	m1 = BN_CTX_get(ctx);

-	vrfy = BN_CTX_get(ctx);

-	/* Make sure mod_inverse in montgomerey intialization use correct

-	 * BN_FLG_CONSTTIME flag.

-	 */

-	bn_flags = rsa->p->flags;

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		rsa->p->flags |= BN_FLG_CONSTTIME;

-		}

-	MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);

-	/* We restore bn_flags back */

-	rsa->p->flags = bn_flags;

-        /* Make sure mod_inverse in montgomerey intialization use correct

-         * BN_FLG_CONSTTIME flag.

-         */

-	bn_flags = rsa->q->flags;

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		rsa->q->flags |= BN_FLG_CONSTTIME;

-		}

-	MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);

-	/* We restore bn_flags back */

-	rsa->q->flags = bn_flags;

-	MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);

-	/* compute I mod q */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		c = &local_c;

-		BN_with_flags(c, I, BN_FLG_CONSTTIME);

-		if (!BN_mod(r1,c,rsa->q,ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_mod(r1,I,rsa->q,ctx)) goto err;

-		}

-	/* compute r1^dmq1 mod q */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		dmq1 = &local_dmq1;

-		BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);

-		}

-	else

-		dmq1 = rsa->dmq1;

-	if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,

-		rsa->_method_mod_q)) goto err;

-	/* compute I mod p */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		c = &local_c;

-		BN_with_flags(c, I, BN_FLG_CONSTTIME);

-		if (!BN_mod(r1,c,rsa->p,ctx)) goto err;

-		}

-	else

-		{

-		if (!BN_mod(r1,I,rsa->p,ctx)) goto err;

-		}

-	/* compute r1^dmp1 mod p */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		dmp1 = &local_dmp1;

-		BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);

-		}

-	else

-		dmp1 = rsa->dmp1;

-	if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,

-		rsa->_method_mod_p)) goto err;

-	if (!BN_sub(r0,r0,m1)) goto err;

-	/* This will help stop the size of r0 increasing, which does

-	 * affect the multiply if it optimised for a power of 2 size */

-	if (BN_is_negative(r0))

-		if (!BN_add(r0,r0,rsa->p)) goto err;

-	if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;

-	/* Turn BN_FLG_CONSTTIME flag on before division operation */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		pr1 = &local_r1;

-		BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);

-		}

-	else

-		pr1 = r1;

-	if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;

-	/* If p < q it is occasionally possible for the correction of

-         * adding 'p' if r0 is negative above to leave the result still

-	 * negative. This can break the private key operations: the following

-	 * second correction should *always* correct this rare occurrence.

-	 * This will *never* happen with OpenSSL generated keys because

-         * they ensure p > q [steve]

-         */

-	if (BN_is_negative(r0))

-		if (!BN_add(r0,r0,rsa->p)) goto err;

-	if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;

-	if (!BN_add(r0,r1,m1)) goto err;

-	if (rsa->e && rsa->n)

-		{

-		if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;

-		/* If 'I' was greater than (or equal to) rsa->n, the operation

-		 * will be equivalent to using 'I mod n'. However, the result of

-		 * the verify will *always* be less than 'n' so we don't check

-		 * for absolute equality, just congruency. */

-		if (!BN_sub(vrfy, vrfy, I)) goto err;

-		if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;

-		if (BN_is_negative(vrfy))

-			if (!BN_add(vrfy, vrfy, rsa->n)) goto err;

-		if (!BN_is_zero(vrfy))

-			{

-			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak

-			 * miscalculated CRT output, just do a raw (slower)

-			 * mod_exp and return that instead. */

-			BIGNUM local_d;

-			BIGNUM *d = NULL;

-			if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-				{

-				d = &local_d;

-				BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);

-				}

-			else

-				d = rsa->d;

-			if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,

-						   rsa->_method_mod_n)) goto err;

-			}

-		}

-	ret=1;

-err:

-	BN_CTX_end(ctx);

-	return(ret);

-	}

-static int RSA_eay_init(RSA *rsa)

-	{

-	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;

-	return(1);

-	}

-static int RSA_eay_finish(RSA *rsa)

-	{

-	if (rsa->_method_mod_n != NULL)

-		BN_MONT_CTX_free(rsa->_method_mod_n);

-	if (rsa->_method_mod_p != NULL)

-		BN_MONT_CTX_free(rsa->_method_mod_p);

-	if (rsa->_method_mod_q != NULL)

-		BN_MONT_CTX_free(rsa->_method_mod_q);

-	return(1);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_err.c

+++ /dev/null

@@ -1,171 +1,0 @@

-/* crypto/rsa/rsa_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/rsa.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)

-static ERR_STRING_DATA RSA_str_functs[]=

-	{

-{ERR_FUNC(RSA_F_MEMORY_LOCK),	"MEMORY_LOCK"},

-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},

-{ERR_FUNC(RSA_F_RSA_CHECK_KEY),	"RSA_check_key"},

-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},

-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),	"RSA_EAY_PRIVATE_ENCRYPT"},

-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},

-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},

-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),	"RSA_generate_key"},

-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),	"RSA_memory_lock"},

-{ERR_FUNC(RSA_F_RSA_NEW_METHOD),	"RSA_new_method"},

-{ERR_FUNC(RSA_F_RSA_NULL),	"RSA_NULL"},

-{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP),	"RSA_NULL_MOD_EXP"},

-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT),	"RSA_NULL_PRIVATE_DECRYPT"},

-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT),	"RSA_NULL_PRIVATE_ENCRYPT"},

-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT),	"RSA_NULL_PUBLIC_DECRYPT"},

-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT),	"RSA_NULL_PUBLIC_ENCRYPT"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),	"RSA_padding_add_none"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),	"RSA_padding_add_PKCS1_OAEP"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),	"RSA_padding_add_PKCS1_PSS"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),	"RSA_padding_add_PKCS1_type_1"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),	"RSA_padding_add_PKCS1_type_2"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),	"RSA_padding_add_SSLv23"},

-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),	"RSA_padding_add_X931"},

-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),	"RSA_padding_check_none"},

-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),	"RSA_padding_check_PKCS1_OAEP"},

-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),	"RSA_padding_check_PKCS1_type_1"},

-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),	"RSA_padding_check_PKCS1_type_2"},

-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),	"RSA_padding_check_SSLv23"},

-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),	"RSA_padding_check_X931"},

-{ERR_FUNC(RSA_F_RSA_PRINT),	"RSA_print"},

-{ERR_FUNC(RSA_F_RSA_PRINT_FP),	"RSA_print_fp"},

-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),	"RSA_setup_blinding"},

-{ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},

-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},

-{ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},

-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),	"RSA_verify_ASN1_OCTET_STRING"},

-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),	"RSA_verify_PKCS1_PSS"},

-{0,NULL}

-	};

-static ERR_STRING_DATA RSA_str_reasons[]=

-	{

-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},

-{ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},

-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},

-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},

-{ERR_REASON(RSA_R_BAD_SIGNATURE)         ,"bad signature"},

-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  ,"block type is not 01"},

-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  ,"block type is not 02"},

-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},

-{ERR_REASON(RSA_R_DATA_TOO_LARGE)        ,"data too large"},

-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},

-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},

-{ERR_REASON(RSA_R_DATA_TOO_SMALL)        ,"data too small"},

-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},

-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},

-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},

-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},

-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},

-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},

-{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},

-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},

-{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},

-{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},

-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},

-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},

-{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},

-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},

-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},

-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},

-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},

-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},

-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},

-{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},

-{ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},

-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},

-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},

-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},

-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},

-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},

-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},

-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},

-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},

-{0,NULL}

-	};

-#endif

-void ERR_load_RSA_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,RSA_str_functs);

-		ERR_load_strings(0,RSA_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_gen.c

+++ /dev/null

@@ -1,219 +1,0 @@

-/* crypto/rsa/rsa_gen.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* NB: these functions have been "upgraded", the deprecated versions (which are

- * compatibility wrappers using these functions) are in rsa_depr.c.

- * - Geoff

- */

-#include <stdio.h>

-#include <time.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);

-/* NB: this wrapper would normally be placed in rsa_lib.c and the static

- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so

- * that we don't introduce a new linker dependency. Eg. any application that

- * wasn't previously linking object code related to key-generation won't have to

- * now just because key-generation is part of RSA_METHOD. */

-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)

-	{

-	if(rsa->meth->rsa_keygen)

-		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);

-	return rsa_builtin_keygen(rsa, bits, e_value, cb);

-	}

-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)

-	{

-	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;

-	BIGNUM local_r0,local_d,local_p;

-	BIGNUM *pr0,*d,*p;

-	int bitsp,bitsq,ok= -1,n=0;

-	BN_CTX *ctx=NULL;

-	ctx=BN_CTX_new();

-	if (ctx == NULL) goto err;

-	BN_CTX_start(ctx);

-	r0 = BN_CTX_get(ctx);

-	r1 = BN_CTX_get(ctx);

-	r2 = BN_CTX_get(ctx);

-	r3 = BN_CTX_get(ctx);

-	if (r3 == NULL) goto err;

-	bitsp=(bits+1)/2;

-	bitsq=bits-bitsp;

-	/* We need the RSA components non-NULL */

-	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;

-	if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;

-	if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;

-	if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;

-	if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;

-	if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;

-	if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;

-	if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;

-	BN_copy(rsa->e, e_value);

-	/* generate p and q */

-	for (;;)

-		{

-		if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))

-			goto err;

-		if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;

-		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;

-		if (BN_is_one(r1)) break;

-		if(!BN_GENCB_call(cb, 2, n++))

-			goto err;

-		}

-	if(!BN_GENCB_call(cb, 3, 0))

-		goto err;

-	for (;;)

-		{

-		/* When generating ridiculously small keys, we can get stuck

-		 * continually regenerating the same prime values. Check for

-		 * this and bail if it happens 3 times. */

-		unsigned int degenerate = 0;

-		do

-			{

-			if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))

-				goto err;

-			} while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));

-		if(degenerate == 3)

-			{

-			ok = 0; /* we set our own err */

-			RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);

-			goto err;

-			}

-		if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;

-		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;

-		if (BN_is_one(r1))

-			break;

-		if(!BN_GENCB_call(cb, 2, n++))

-			goto err;

-		}

-	if(!BN_GENCB_call(cb, 3, 1))

-		goto err;

-	if (BN_cmp(rsa->p,rsa->q) < 0)

-		{

-		tmp=rsa->p;

-		rsa->p=rsa->q;

-		rsa->q=tmp;

-		}

-	/* calculate n */

-	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;

-	/* calculate d */

-	if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;	/* p-1 */

-	if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;	/* q-1 */

-	if (!BN_mul(r0,r1,r2,ctx)) goto err;	/* (p-1)(q-1) */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		  pr0 = &local_r0;

-		  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);

-		}

-	else

-	  pr0 = r0;

-	if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err;	/* d */

-	/* set up d for correct BN_FLG_CONSTTIME flag */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		d = &local_d;

-		BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);

-		}

-	else

-		d = rsa->d;

-	/* calculate d mod (p-1) */

-	if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;

-	/* calculate d mod (q-1) */

-	if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;

-	/* calculate inverse of q mod p */

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		p = &local_p;

-		BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);

-		}

-	else

-		p = rsa->p;

-	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;

-	ok=1;

-err:

-	if (ok == -1)

-		{

-		RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);

-		ok=0;

-		}

-	if (ctx != NULL)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	return ok;

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_lib.c

+++ /dev/null

@@ -1,474 +1,0 @@

-/* crypto/rsa/rsa_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;

-static const RSA_METHOD *default_RSA_meth=NULL;

-RSA *RSA_new(void)

-	{

-	RSA *r=RSA_new_method(NULL);

-	return r;

-	}

-void RSA_set_default_method(const RSA_METHOD *meth)

-	{

-	default_RSA_meth = meth;

-	}

-const RSA_METHOD *RSA_get_default_method(void)

-	{

-	if (default_RSA_meth == NULL)

-		{

-#ifdef RSA_NULL

-		default_RSA_meth=RSA_null_method();

-#else

-#if 0 /* was: #ifdef RSAref */

-		default_RSA_meth=RSA_PKCS1_RSAref();

-#else

-		default_RSA_meth=RSA_PKCS1_SSLeay();

-#endif

-#endif

-		}

-	return default_RSA_meth;

-	}

-const RSA_METHOD *RSA_get_method(const RSA *rsa)

-	{

-	return rsa->meth;

-	}

-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)

-	{

-	/* NB: The caller is specifically setting a method, so it's not up to us

-	 * to deal with which ENGINE it comes from. */

-	const RSA_METHOD *mtmp;

-	mtmp = rsa->meth;

-	if (mtmp->finish) mtmp->finish(rsa);

-#ifndef OPENSSL_NO_ENGINE

-	if (rsa->engine)

-		{

-		ENGINE_finish(rsa->engine);

-		rsa->engine = NULL;

-		}

-#endif

-	rsa->meth = meth;

-	if (meth->init) meth->init(rsa);

-	return 1;

-	}

-RSA *RSA_new_method(ENGINE *engine)

-	{

-	RSA *ret;

-	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));

-	if (ret == NULL)

-		{

-		RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	ret->meth = RSA_get_default_method();

-#ifndef OPENSSL_NO_ENGINE

-	if (engine)

-		{

-		if (!ENGINE_init(engine))

-			{

-			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		ret->engine = engine;

-		}

-	else

-		ret->engine = ENGINE_get_default_RSA();

-	if(ret->engine)

-		{

-		ret->meth = ENGINE_get_RSA(ret->engine);

-		if(!ret->meth)

-			{

-			RSAerr(RSA_F_RSA_NEW_METHOD,

-				ERR_R_ENGINE_LIB);

-			ENGINE_finish(ret->engine);

-			OPENSSL_free(ret);

-			return NULL;

-			}

-		}

-#endif

-	ret->pad=0;

-	ret->version=0;

-	ret->n=NULL;

-	ret->e=NULL;

-	ret->d=NULL;

-	ret->p=NULL;

-	ret->q=NULL;

-	ret->dmp1=NULL;

-	ret->dmq1=NULL;

-	ret->iqmp=NULL;

-	ret->references=1;

-	ret->_method_mod_n=NULL;

-	ret->_method_mod_p=NULL;

-	ret->_method_mod_q=NULL;

-	ret->blinding=NULL;

-	ret->mt_blinding=NULL;

-	ret->bignum_data=NULL;

-	ret->flags=ret->meth->flags;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);

-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))

-		{

-#ifndef OPENSSL_NO_ENGINE

-		if (ret->engine)

-			ENGINE_finish(ret->engine);

-#endif

-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);

-		OPENSSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-void RSA_free(RSA *r)

-	{

-	int i;

-	if (r == NULL) return;

-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);

-#ifdef REF_PRINT

-	REF_PRINT("RSA",r);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"RSA_free, bad reference count\n");

-		abort();

-		}

-#endif

-	if (r->meth->finish)

-		r->meth->finish(r);

-#ifndef OPENSSL_NO_ENGINE

-	if (r->engine)

-		ENGINE_finish(r->engine);

-#endif

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);

-	if (r->n != NULL) BN_clear_free(r->n);

-	if (r->e != NULL) BN_clear_free(r->e);

-	if (r->d != NULL) BN_clear_free(r->d);

-	if (r->p != NULL) BN_clear_free(r->p);

-	if (r->q != NULL) BN_clear_free(r->q);

-	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);

-	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);

-	if (r->iqmp != NULL) BN_clear_free(r->iqmp);

-	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);

-	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);

-	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);

-	OPENSSL_free(r);

-	}

-int RSA_up_ref(RSA *r)

-	{

-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);

-#ifdef REF_PRINT

-	REF_PRINT("RSA",r);

-#endif

-#ifdef REF_CHECK

-	if (i < 2)

-		{

-		fprintf(stderr, "RSA_up_ref, bad reference count\n");

-		abort();

-		}

-#endif

-	return ((i > 1) ? 1 : 0);

-	}

-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-        {

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,

-				new_func, dup_func, free_func);

-        }

-int RSA_set_ex_data(RSA *r, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));

-	}

-void *RSA_get_ex_data(const RSA *r, int idx)

-	{

-	return(CRYPTO_get_ex_data(&r->ex_data,idx));

-	}

-int RSA_size(const RSA *r)

-	{

-	return(BN_num_bytes(r->n));

-	}

-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));

-	}

-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));

-	}

-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));

-	}

-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));

-	}

-int RSA_flags(const RSA *r)

-	{

-	return((r == NULL)?0:r->meth->flags);

-	}

-void RSA_blinding_off(RSA *rsa)

-	{

-	if (rsa->blinding != NULL)

-		{

-		BN_BLINDING_free(rsa->blinding);

-		rsa->blinding=NULL;

-		}

-	rsa->flags &= ~RSA_FLAG_BLINDING;

-	rsa->flags |= RSA_FLAG_NO_BLINDING;

-	}

-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)

-	{

-	int ret=0;

-	if (rsa->blinding != NULL)

-		RSA_blinding_off(rsa);

-	rsa->blinding = RSA_setup_blinding(rsa, ctx);

-	if (rsa->blinding == NULL)

-		goto err;

-	rsa->flags |= RSA_FLAG_BLINDING;

-	rsa->flags &= ~RSA_FLAG_NO_BLINDING;

-	ret=1;

-err:

-	return(ret);

-	}

-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,

-	const BIGNUM *q, BN_CTX *ctx)

-{

-	BIGNUM *ret = NULL, *r0, *r1, *r2;

-	if (d == NULL || p == NULL || q == NULL)

-		return NULL;

-	BN_CTX_start(ctx);

-	r0 = BN_CTX_get(ctx);

-	r1 = BN_CTX_get(ctx);

-	r2 = BN_CTX_get(ctx);

-	if (r2 == NULL)

-		goto err;

-	if (!BN_sub(r1, p, BN_value_one())) goto err;

-	if (!BN_sub(r2, q, BN_value_one())) goto err;

-	if (!BN_mul(r0, r1, r2, ctx)) goto err;

-	ret = BN_mod_inverse(NULL, d, r0, ctx);

-err:

-	BN_CTX_end(ctx);

-	return ret;

-}

-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)

-{

-	BIGNUM local_n;

-	BIGNUM *e,*n;

-	BN_CTX *ctx;

-	BN_BLINDING *ret = NULL;

-	if (in_ctx == NULL)

-		{

-		if ((ctx = BN_CTX_new()) == NULL) return 0;

-		}

-	else

-		ctx = in_ctx;

-	BN_CTX_start(ctx);

-	e  = BN_CTX_get(ctx);

-	if (e == NULL)

-		{

-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (rsa->e == NULL)

-		{

-		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);

-		if (e == NULL)

-			{

-			RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);

-			goto err;

-			}

-		}

-	else

-		e = rsa->e;

-	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)

-		{

-		/* if PRNG is not properly seeded, resort to secret

-		 * exponent as unpredictable seed */

-		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);

-		}

-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))

-		{

-		/* Set BN_FLG_CONSTTIME flag */

-		n = &local_n;

-		BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);

-		}

-	else

-		n = rsa->n;

-	ret = BN_BLINDING_create_param(NULL, e, n, ctx,

-			rsa->meth->bn_mod_exp, rsa->_method_mod_n);

-	if (ret == NULL)

-		{

-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);

-		goto err;

-		}

-	BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());

-err:

-	BN_CTX_end(ctx);

-	if (in_ctx == NULL)

-		BN_CTX_free(ctx);

-	if(rsa->e == NULL)

-		BN_free(e);

-	return ret;

-}

-int RSA_memory_lock(RSA *r)

-	{

-	int i,j,k,off;

-	char *p;

-	BIGNUM *bn,**t[6],*b;

-	BN_ULONG *ul;

-	if (r->d == NULL) return(1);

-	t[0]= &r->d;

-	t[1]= &r->p;

-	t[2]= &r->q;

-	t[3]= &r->dmp1;

-	t[4]= &r->dmq1;

-	t[5]= &r->iqmp;

-	k=sizeof(BIGNUM)*6;

-	off=k/sizeof(BN_ULONG)+1;

-	j=1;

-	for (i=0; i<6; i++)

-		j+= (*t[i])->top;

-	if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)

-		{

-		RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	bn=(BIGNUM *)p;

-	ul=(BN_ULONG *)&(p[off]);

-	for (i=0; i<6; i++)

-		{

-		b= *(t[i]);

-		*(t[i])= &(bn[i]);

-		memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));

-		bn[i].flags=BN_FLG_STATIC_DATA;

-		bn[i].d=ul;

-		memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);

-		ul+=b->top;

-		BN_clear_free(b);

-		}

-	/* I should fix this so it can still be done */

-	r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);

-	r->bignum_data=p;

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_none.c

+++ /dev/null

@@ -1,98 +1,0 @@

-/* crypto/rsa/rsa_none.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-int RSA_padding_add_none(unsigned char *to, int tlen,

-	const unsigned char *from, int flen)

-	{

-	if (flen > tlen)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		return(0);

-		}

-	if (flen < tlen)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);

-		return(0);

-		}

-	memcpy(to,from,(unsigned int)flen);

-	return(1);

-	}

-int RSA_padding_check_none(unsigned char *to, int tlen,

-	const unsigned char *from, int flen, int num)

-	{

-	if (flen > tlen)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);

-		return(-1);

-		}

-	memset(to,0,tlen-flen);

-	memcpy(to+tlen-flen,from,flen);

-	return(tlen);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_null.c

+++ /dev/null

@@ -1,151 +1,0 @@

-/* rsa_null.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-/* This is a dummy RSA implementation that just returns errors when called.

- * It is designed to allow some RSA functions to work while stopping those

- * covered by the RSA patent. That is RSA, encryption, decryption, signing

- * and verify is not allowed but RSA key generation, key checking and other

- * operations (like storing RSA keys) are permitted.

- */

-static int RSA_null_public_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_null_private_encrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_null_public_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int RSA_null_private_decrypt(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-#if 0 /* not currently used */

-static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);

-#endif

-static int RSA_null_init(RSA *rsa);

-static int RSA_null_finish(RSA *rsa);

-static RSA_METHOD rsa_null_meth={

-	"Null RSA",

-	RSA_null_public_encrypt,

-	RSA_null_public_decrypt,

-	RSA_null_private_encrypt,

-	RSA_null_private_decrypt,

-	NULL,

-	NULL,

-	RSA_null_init,

-	RSA_null_finish,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-const RSA_METHOD *RSA_null_method(void)

-	{

-	return(&rsa_null_meth);

-	}

-static int RSA_null_public_encrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

-	return -1;

-	}

-static int RSA_null_private_encrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

-	return -1;

-	}

-static int RSA_null_private_decrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

-	return -1;

-	}

-static int RSA_null_public_decrypt(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

-	return -1;

-	}

-#if 0 /* not currently used */

-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)

-	{

-	...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

-	return -1;

-	}

-#endif

-static int RSA_null_init(RSA *rsa)

-	{

-	return(1);

-	}

-static int RSA_null_finish(RSA *rsa)

-	{

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_oaep.c

+++ /dev/null

@@ -1,213 +1,0 @@

-/* crypto/rsa/rsa_oaep.c */

-/* Written by Ulf Moeller. This software is distributed on an "AS IS"

-   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */

-/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */

-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,

- * <URL: http://www.shoup.net/papers/oaep.ps.Z>

- * for problems with the security proof for the

- * original OAEP scheme, which EME-OAEP is based on.

- *

- * A new proof can be found in E. Fujisaki, T. Okamoto,

- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",

- * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.

- * The new proof has stronger requirements for the

- * underlying permutation: "partial-one-wayness" instead

- * of one-wayness.  For the RSA function, this is

- * an equivalent notion.

- */

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/sha.h>

-int MGF1(unsigned char *mask, long len,

-	const unsigned char *seed, long seedlen);

-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,

-	const unsigned char *from, int flen,

-	const unsigned char *param, int plen)

-	{

-	int i, emlen = tlen - 1;

-	unsigned char *db, *seed;

-	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];

-	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,

-		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		return 0;

-		}

-	if (emlen < 2 * SHA_DIGEST_LENGTH + 1)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);

-		return 0;

-		}

-	dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);

-	if (dbmask == NULL)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	to[0] = 0;

-	seed = to + 1;

-	db = to + SHA_DIGEST_LENGTH + 1;

-	EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);

-	memset(db + SHA_DIGEST_LENGTH, 0,

-		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);

-	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;

-	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);

-	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)

-		return 0;

-#ifdef PKCS_TESTVECT

-	memcpy(seed,

-	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",

-	   20);

-#endif

-	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);

-	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)

-		db[i] ^= dbmask[i];

-	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);

-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)

-		seed[i] ^= seedmask[i];

-	OPENSSL_free(dbmask);

-	return 1;

-	}

-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,

-	const unsigned char *from, int flen, int num,

-	const unsigned char *param, int plen)

-	{

-	int i, dblen, mlen = -1;

-	const unsigned char *maskeddb;

-	int lzero;

-	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];

-	int bad = 0;

-	if (--num < 2 * SHA_DIGEST_LENGTH + 1)

-		/* 'num' is the length of the modulus, i.e. does not depend on the

-		 * particular ciphertext. */

-		goto decoding_err;

-	lzero = num - flen;

-	if (lzero < 0)

-		{

-		/* lzero == -1 */

-		/* signalling this error immediately after detection might allow

-		 * for side-channel attacks (e.g. timing if 'plen' is huge

-		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal

-		 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),

-		 * so we use a 'bad' flag */

-		bad = 1;

-		lzero = 0;

-		}

-	maskeddb = from - lzero + SHA_DIGEST_LENGTH;

-	dblen = num - SHA_DIGEST_LENGTH;

-	db = OPENSSL_malloc(dblen);

-	if (db == NULL)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);

-		return -1;

-		}

-	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);

-	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)

-		seed[i] ^= from[i - lzero];

-	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);

-	for (i = 0; i < dblen; i++)

-		db[i] ^= maskeddb[i];

-	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);

-	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)

-		goto decoding_err;

-	else

-		{

-		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)

-			if (db[i] != 0x00)

-				break;

-		if (db[i] != 0x01 || i++ >= dblen)

-			goto decoding_err;

-		else

-			{

-			/* everything looks OK */

-			mlen = dblen - i;

-			if (tlen < mlen)

-				{

-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);

-				mlen = -1;

-				}

-			else

-				memcpy(to, db + i, mlen);

-			}

-		}

-	OPENSSL_free(db);

-	return mlen;

-decoding_err:

-	/* to avoid chosen ciphertext attacks, the error message should not reveal

-	 * which kind of decoding error happened */

-	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);

-	if (db != NULL) OPENSSL_free(db);

-	return -1;

-	}

-int PKCS1_MGF1(unsigned char *mask, long len,

-	const unsigned char *seed, long seedlen, const EVP_MD *dgst)

-	{

-	long i, outlen = 0;

-	unsigned char cnt[4];

-	EVP_MD_CTX c;

-	unsigned char md[EVP_MAX_MD_SIZE];

-	int mdlen;

-	EVP_MD_CTX_init(&c);

-	mdlen = EVP_MD_size(dgst);

-	for (i = 0; outlen < len; i++)

-		{

-		cnt[0] = (unsigned char)((i >> 24) & 255);

-		cnt[1] = (unsigned char)((i >> 16) & 255);

-		cnt[2] = (unsigned char)((i >> 8)) & 255;

-		cnt[3] = (unsigned char)(i & 255);

-		EVP_DigestInit_ex(&c,dgst, NULL);

-		EVP_DigestUpdate(&c, seed, seedlen);

-		EVP_DigestUpdate(&c, cnt, 4);

-		if (outlen + mdlen <= len)

-			{

-			EVP_DigestFinal_ex(&c, mask + outlen, NULL);

-			outlen += mdlen;

-			}

-		else

-			{

-			EVP_DigestFinal_ex(&c, md, NULL);

-			memcpy(mask + outlen, md, len - outlen);

-			outlen = len;

-			}

-		}

-	EVP_MD_CTX_cleanup(&c);

-	return 0;

-	}

-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)

-	{

-	return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_pk1.c

+++ /dev/null

@@ -1,224 +1,0 @@

-/* crypto/rsa/rsa_pk1.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,

-	     const unsigned char *from, int flen)

-	{

-	int j;

-	unsigned char *p;

-	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		return(0);

-		}

-	p=(unsigned char *)to;

-	*(p++)=0;

-	*(p++)=1; /* Private Key BT (Block Type) */

-	/* pad out with 0xff data */

-	j=tlen-3-flen;

-	memset(p,0xff,j);

-	p+=j;

-	*(p++)='\0';

-	memcpy(p,from,(unsigned int)flen);

-	return(1);

-	}

-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,

-	     const unsigned char *from, int flen, int num)

-	{

-	int i,j;

-	const unsigned char *p;

-	p=from;

-	if ((num != (flen+1)) || (*(p++) != 01))

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);

-		return(-1);

-		}

-	/* scan over padding data */

-	j=flen-1; /* one for type. */

-	for (i=0; i<j; i++)

-		{

-		if (*p != 0xff) /* should decrypt to 0xff */

-			{

-			if (*p == 0)

-				{ p++; break; }

-			else	{

-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);

-				return(-1);

-				}

-			}

-		p++;

-		}

-	if (i == j)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);

-		return(-1);

-		}

-	if (i < 8)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);

-		return(-1);

-		}

-	i++; /* Skip over the '\0' */

-	j-=i;

-	if (j > tlen)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);

-		return(-1);

-		}

-	memcpy(to,p,(unsigned int)j);

-	return(j);

-	}

-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,

-	     const unsigned char *from, int flen)

-	{

-	int i,j;

-	unsigned char *p;

-	if (flen > (tlen-11))

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		return(0);

-		}

-	p=(unsigned char *)to;

-	*(p++)=0;

-	*(p++)=2; /* Public Key BT (Block Type) */

-	/* pad out with non-zero random data */

-	j=tlen-3-flen;

-	if (RAND_bytes(p,j) <= 0)

-		return(0);

-	for (i=0; i<j; i++)

-		{

-		if (*p == '\0')

-			do	{

-				if (RAND_bytes(p,1) <= 0)

-					return(0);

-				} while (*p == '\0');

-		p++;

-		}

-	*(p++)='\0';

-	memcpy(p,from,(unsigned int)flen);

-	return(1);

-	}

-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,

-	     const unsigned char *from, int flen, int num)

-	{

-	int i,j;

-	const unsigned char *p;

-	p=from;

-	if ((num != (flen+1)) || (*(p++) != 02))

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);

-		return(-1);

-		}

-#ifdef PKCS1_CHECK

-	return(num-11);

-#endif

-	/* scan over padding data */

-	j=flen-1; /* one for type. */

-	for (i=0; i<j; i++)

-		if (*(p++) == 0) break;

-	if (i == j)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);

-		return(-1);

-		}

-	if (i < 8)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);

-		return(-1);

-		}

-	i++; /* Skip over the '\0' */

-	j-=i;

-	if (j > tlen)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);

-		return(-1);

-		}

-	memcpy(to,p,(unsigned int)j);

-	return(j);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_pss.c

+++ /dev/null

@@ -1,269 +1,0 @@

-/* rsa_pss.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2005.

- */

-/* ====================================================================

- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/rand.h>

-#include <openssl/sha.h>

-static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};

-#if defined(_MSC_VER) && defined(_ARM_)

-#pragma optimize("g", off)

-#endif

-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,

-			const EVP_MD *Hash, const unsigned char *EM, int sLen)

-	{

-	int i;

-	int ret = 0;

-	int hLen, maskedDBLen, MSBits, emLen;

-	const unsigned char *H;

-	unsigned char *DB = NULL;

-	EVP_MD_CTX ctx;

-	unsigned char H_[EVP_MAX_MD_SIZE];

-	hLen = EVP_MD_size(Hash);

-	/*

-	 * Negative sLen has special meanings:

-	 *	-1	sLen == hLen

-	 *	-2	salt length is autorecovered from signature

-	 *	-N	reserved

-	 */

-	if      (sLen == -1)	sLen = hLen;

-	else if (sLen == -2)	sLen = -2;

-	else if (sLen < -2)

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);

-		goto err;

-		}

-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;

-	emLen = RSA_size(rsa);

-	if (EM[0] & (0xFF << MSBits))

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);

-		goto err;

-		}

-	if (MSBits == 0)

-		{

-		EM++;

-		emLen--;

-		}

-	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);

-		goto err;

-		}

-	if (EM[emLen - 1] != 0xbc)

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);

-		goto err;

-		}

-	maskedDBLen = emLen - hLen - 1;

-	H = EM + maskedDBLen;

-	DB = OPENSSL_malloc(maskedDBLen);

-	if (!DB)

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);

-	for (i = 0; i < maskedDBLen; i++)

-		DB[i] ^= EM[i];

-	if (MSBits)

-		DB[0] &= 0xFF >> (8 - MSBits);

-	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;

-	if (DB[i++] != 0x1)

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);

-		goto err;

-		}

-	if (sLen >= 0 && (maskedDBLen - i) != sLen)

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);

-		goto err;

-		}

-	EVP_MD_CTX_init(&ctx);

-	EVP_DigestInit_ex(&ctx, Hash, NULL);

-	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);

-	EVP_DigestUpdate(&ctx, mHash, hLen);

-	if (maskedDBLen - i)

-		EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);

-	EVP_DigestFinal(&ctx, H_, NULL);

-	EVP_MD_CTX_cleanup(&ctx);

-	if (memcmp(H_, H, hLen))

-		{

-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);

-		ret = 0;

-		}

-	else

-		ret = 1;

-	err:

-	if (DB)

-		OPENSSL_free(DB);

-	return ret;

-	}

-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,

-			const unsigned char *mHash,

-			const EVP_MD *Hash, int sLen)

-	{

-	int i;

-	int ret = 0;

-	int hLen, maskedDBLen, MSBits, emLen;

-	unsigned char *H, *salt = NULL, *p;

-	EVP_MD_CTX ctx;

-	hLen = EVP_MD_size(Hash);

-	/*

-	 * Negative sLen has special meanings:

-	 *	-1	sLen == hLen

-	 *	-2	salt length is maximized

-	 *	-N	reserved

-	 */

-	if      (sLen == -1)	sLen = hLen;

-	else if (sLen == -2)	sLen = -2;

-	else if (sLen < -2)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);

-		goto err;

-		}

-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;

-	emLen = RSA_size(rsa);

-	if (MSBits == 0)

-		{

-		*EM++ = 0;

-		emLen--;

-		}

-	if (sLen == -2)

-		{

-		sLen = emLen - hLen - 2;

-		}

-	else if (emLen < (hLen + sLen + 2))

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,

-		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		goto err;

-		}

-	if (sLen > 0)

-		{

-		salt = OPENSSL_malloc(sLen);

-		if (!salt)

-			{

-			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,

-		   		ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		if (!RAND_bytes(salt, sLen))

-			goto err;

-		}

-	maskedDBLen = emLen - hLen - 1;

-	H = EM + maskedDBLen;

-	EVP_MD_CTX_init(&ctx);

-	EVP_DigestInit_ex(&ctx, Hash, NULL);

-	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);

-	EVP_DigestUpdate(&ctx, mHash, hLen);

-	if (sLen)

-		EVP_DigestUpdate(&ctx, salt, sLen);

-	EVP_DigestFinal(&ctx, H, NULL);

-	EVP_MD_CTX_cleanup(&ctx);

-	/* Generate dbMask in place then perform XOR on it */

-	PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);

-	p = EM;

-	/* Initial PS XORs with all zeroes which is a NOP so just update

-	 * pointer. Note from a test above this value is guaranteed to

-	 * be non-negative.

-	 */

-	p += emLen - sLen - hLen - 2;

-	*p++ ^= 0x1;

-	if (sLen > 0)

-		{

-		for (i = 0; i < sLen; i++)

-			*p++ ^= salt[i];

-		}

-	if (MSBits)

-		EM[0] &= 0xFF >> (8 - MSBits);

-	/* H is already in place so just set final 0xbc */

-	EM[emLen - 1] = 0xbc;

-	ret = 1;

-	err:

-	if (salt)

-		OPENSSL_free(salt);

-	return ret;

-	}

-#if defined(_MSC_VER)

-#pragma optimize("",on)

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_saos.c

+++ /dev/null

@@ -1,150 +1,0 @@

-/* crypto/rsa/rsa_saos.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int RSA_sign_ASN1_OCTET_STRING(int type,

-	const unsigned char *m, unsigned int m_len,

-	unsigned char *sigret, unsigned int *siglen, RSA *rsa)

-	{

-	ASN1_OCTET_STRING sig;

-	int i,j,ret=1;

-	unsigned char *p,*s;

-	sig.type=V_ASN1_OCTET_STRING;

-	sig.length=m_len;

-	sig.data=(unsigned char *)m;

-	i=i2d_ASN1_OCTET_STRING(&sig,NULL);

-	j=RSA_size(rsa);

-	if (i > (j-RSA_PKCS1_PADDING_SIZE))

-		{

-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);

-		return(0);

-		}

-	s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);

-	if (s == NULL)

-		{

-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	p=s;

-	i2d_ASN1_OCTET_STRING(&sig,&p);

-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);

-	if (i <= 0)

-		ret=0;

-	else

-		*siglen=i;

-	OPENSSL_cleanse(s,(unsigned int)j+1);

-	OPENSSL_free(s);

-	return(ret);

-	}

-int RSA_verify_ASN1_OCTET_STRING(int dtype,

-	const unsigned char *m,

-	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,

-	RSA *rsa)

-	{

-	int i,ret=0;

-	unsigned char *s;

-	const unsigned char *p;

-	ASN1_OCTET_STRING *sig=NULL;

-	if (siglen != (unsigned int)RSA_size(rsa))

-		{

-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);

-		return(0);

-		}

-	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);

-	if (s == NULL)

-		{

-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);

-	if (i <= 0) goto err;

-	p=s;

-	sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);

-	if (sig == NULL) goto err;

-	if (	((unsigned int)sig->length != m_len) ||

-		(memcmp(m,sig->data,m_len) != 0))

-		{

-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);

-		}

-	else

-		ret=1;

-err:

-	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);

-	if (s != NULL)

-		{

-		OPENSSL_cleanse(s,(unsigned int)siglen);

-		OPENSSL_free(s);

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_sign.c

+++ /dev/null

@@ -1,249 +1,0 @@

-/* crypto/rsa/rsa_sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-/* Size of an SSL signature: MD5+SHA1 */

-#define SSL_SIG_LENGTH	36

-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,

-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)

-	{

-	X509_SIG sig;

-	ASN1_TYPE parameter;

-	int i,j,ret=1;

-	unsigned char *p, *tmps = NULL;

-	const unsigned char *s = NULL;

-	X509_ALGOR algor;

-	ASN1_OCTET_STRING digest;

-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)

-		{

-		return rsa->meth->rsa_sign(type, m, m_len,

-			sigret, siglen, rsa);

-		}

-	/* Special case: SSL signature, just check the length */

-	if(type == NID_md5_sha1) {

-		if(m_len != SSL_SIG_LENGTH) {

-			RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);

-			return(0);

-		}

-		i = SSL_SIG_LENGTH;

-		s = m;

-	} else {

-		sig.algor= &algor;

-		sig.algor->algorithm=OBJ_nid2obj(type);

-		if (sig.algor->algorithm == NULL)

-			{

-			RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);

-			return(0);

-			}

-		if (sig.algor->algorithm->length == 0)

-			{

-			RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

-			return(0);

-			}

-		parameter.type=V_ASN1_NULL;

-		parameter.value.ptr=NULL;

-		sig.algor->parameter= &parameter;

-		sig.digest= &digest;

-		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */

-		sig.digest->length=m_len;

-		i=i2d_X509_SIG(&sig,NULL);

-	}

-	j=RSA_size(rsa);

-	if (i > (j-RSA_PKCS1_PADDING_SIZE))

-		{

-		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);

-		return(0);

-		}

-	if(type != NID_md5_sha1) {

-		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);

-		if (tmps == NULL)

-			{

-			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		p=tmps;

-		i2d_X509_SIG(&sig,&p);

-		s=tmps;

-	}

-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);

-	if (i <= 0)

-		ret=0;

-	else

-		*siglen=i;

-	if(type != NID_md5_sha1) {

-		OPENSSL_cleanse(tmps,(unsigned int)j+1);

-		OPENSSL_free(tmps);

-	}

-	return(ret);

-	}

-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,

-	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)

-	{

-	int i,ret=0,sigtype;

-	unsigned char *s;

-	X509_SIG *sig=NULL;

-	if (siglen != (unsigned int)RSA_size(rsa))

-		{

-		RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);

-		return(0);

-		}

-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)

-		{

-		return rsa->meth->rsa_verify(dtype, m, m_len,

-			sigbuf, siglen, rsa);

-		}

-	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);

-	if (s == NULL)

-		{

-		RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {

-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);

-			goto err;

-	}

-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);

-	if (i <= 0) goto err;

-	/* Special case: SSL signature */

-	if(dtype == NID_md5_sha1) {

-		if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))

-				RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

-		else ret = 1;

-	} else {

-		const unsigned char *p=s;

-		sig=d2i_X509_SIG(NULL,&p,(long)i);

-		if (sig == NULL) goto err;

-		/* Excess data can be used to create forgeries */

-		if(p != s+i)

-			{

-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

-			goto err;

-			}

-		/* Parameters to the signature algorithm can also be used to

-		   create forgeries */

-		if(sig->algor->parameter

-		   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)

-			{

-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

-			goto err;

-			}

-		sigtype=OBJ_obj2nid(sig->algor->algorithm);

-	#ifdef RSA_DEBUG

-		/* put a backward compatibility flag in EAY */

-		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),

-			OBJ_nid2ln(dtype));

-	#endif

-		if (sigtype != dtype)

-			{

-			if (((dtype == NID_md5) &&

-				(sigtype == NID_md5WithRSAEncryption)) ||

-				((dtype == NID_md2) &&

-				(sigtype == NID_md2WithRSAEncryption)))

-				{

-				/* ok, we will let it through */

-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)

-				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");

-#endif

-				}

-			else

-				{

-				RSAerr(RSA_F_RSA_VERIFY,

-						RSA_R_ALGORITHM_MISMATCH);

-				goto err;

-				}

-			}

-		if (	((unsigned int)sig->digest->length != m_len) ||

-			(memcmp(m,sig->digest->data,m_len) != 0))

-			{

-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

-			}

-		else

-			ret=1;

-	}

-err:

-	if (sig != NULL) X509_SIG_free(sig);

-	if (s != NULL)

-		{

-		OPENSSL_cleanse(s,(unsigned int)siglen);

-		OPENSSL_free(s);

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_ssl.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* crypto/rsa/rsa_ssl.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,

-	const unsigned char *from, int flen)

-	{

-	int i,j;

-	unsigned char *p;

-	if (flen > (tlen-11))

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		return(0);

-		}

-	p=(unsigned char *)to;

-	*(p++)=0;

-	*(p++)=2; /* Public Key BT (Block Type) */

-	/* pad out with non-zero random data */

-	j=tlen-3-8-flen;

-	if (RAND_bytes(p,j) <= 0)

-		return(0);

-	for (i=0; i<j; i++)

-		{

-		if (*p == '\0')

-			do	{

-				if (RAND_bytes(p,1) <= 0)

-					return(0);

-				} while (*p == '\0');

-		p++;

-		}

-	memset(p,3,8);

-	p+=8;

-	*(p++)='\0';

-	memcpy(p,from,(unsigned int)flen);

-	return(1);

-	}

-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,

-	const unsigned char *from, int flen, int num)

-	{

-	int i,j,k;

-	const unsigned char *p;

-	p=from;

-	if (flen < 10)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);

-		return(-1);

-		}

-	if ((num != (flen+1)) || (*(p++) != 02))

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);

-		return(-1);

-		}

-	/* scan over padding data */

-	j=flen-1; /* one for type */

-	for (i=0; i<j; i++)

-		if (*(p++) == 0) break;

-	if ((i == j) || (i < 8))

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);

-		return(-1);

-		}

-	for (k= -8; k<0; k++)

-		{

-		if (p[k] !=  0x03) break;

-		}

-	if (k == -1)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);

-		return(-1);

-		}

-	i++; /* Skip over the '\0' */

-	j-=i;

-	if (j > tlen)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);

-		return(-1);

-		}

-	memcpy(to,p,(unsigned int)j);

-	return(j);

-	}

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_test.c

+++ /dev/null

@@ -1,340 +1,0 @@

-/* test vectors from p1ovect1.txt */

-#include <stdio.h>

-#include <string.h>

-#include "e_os.h"

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#include <openssl/bn.h>

-#ifdef OPENSSL_NO_RSA

-int main(int argc, char *argv[])

-{

-    printf("No RSA support\n");

-    return(0);

-}

-#else

-#include <openssl/rsa.h>

-#define SetKey \

-  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \

-  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \

-  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \

-  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \

-  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \

-  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \

-  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \

-  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \

-  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \

-  return (sizeof(ctext_ex) - 1);

-static int key1(RSA *key, unsigned char *c)

-    {

-    static unsigned char n[] =

-"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"

-"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"

-"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"

-"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"

-"\xF5";

-    static unsigned char e[] = "\x11";

-    static unsigned char d[] =

-"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"

-"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"

-"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"

-"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";

-    static unsigned char p[] =

-"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"

-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"

-"\x0D";

-    static unsigned char q[] =

-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"

-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"

-"\x89";

-    static unsigned char dmp1[] =

-"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"

-"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";

-    static unsigned char dmq1[] =

-"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"

-"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"

-"\x51";

-    static unsigned char iqmp[] =

-"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"

-"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";

-    static unsigned char ctext_ex[] =

-"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"

-"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"

-"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"

-"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";

-    SetKey;

-    }

-static int key2(RSA *key, unsigned char *c)

-    {

-    static unsigned char n[] =

-"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"

-"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"

-"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"

-"\x34\x77\xCF";

-    static unsigned char e[] = "\x3";

-    static unsigned char d[] =

-"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"

-"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"

-"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"

-"\xE5\xEB";

-    static unsigned char p[] =

-"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"

-"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";

-    static unsigned char q[] =

-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"

-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";

-    static unsigned char dmp1[] =

-"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"

-"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";

-    static unsigned char dmq1[] =

-"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"

-"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";

-    static unsigned char iqmp[] =

-"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"

-"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";

-    static unsigned char ctext_ex[] =

-"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"

-"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"

-"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"

-"\x62\x51";

-    SetKey;

-    }

-static int key3(RSA *key, unsigned char *c)

-    {

-    static unsigned char n[] =

-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"

-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"

-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"

-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"

-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"

-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"

-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"

-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"

-"\xCB";

-    static unsigned char e[] = "\x11";

-    static unsigned char d[] =

-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"

-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"

-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"

-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"

-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"

-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"

-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"

-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"

-"\xC1";

-    static unsigned char p[] =

-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"

-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"

-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"

-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"

-"\x99";

-    static unsigned char q[] =

-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"

-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"

-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"

-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"

-"\x03";

-    static unsigned char dmp1[] =

-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"

-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"

-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"

-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";

-    static unsigned char dmq1[] =

-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"

-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"

-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"

-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";

-    static unsigned char iqmp[] =

-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"

-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"

-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"

-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"

-"\xF7";

-    static unsigned char ctext_ex[] =

-"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"

-"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"

-"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"

-"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"

-"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"

-"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"

-"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"

-"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";

-    SetKey;

-    }

-static int pad_unknown(void)

-{

-    unsigned long l;

-    while ((l = ERR_get_error()) != 0)

-      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)

-	return(1);

-    return(0);

-}

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-int main(int argc, char *argv[])

-    {

-    int err=0;

-    int v;

-    RSA *key;

-    unsigned char ptext[256];

-    unsigned char ctext[256];

-    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";

-    unsigned char ctext_ex[256];

-    int plen;

-    int clen = 0;

-    int num;

-    int n;

-    CRYPTO_malloc_debug_init();

-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);

-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */

-    plen = sizeof(ptext_ex) - 1;

-    for (v = 0; v < 6; v++)

-	{

-	key = RSA_new();

-	switch (v%3) {

-    case 0:

-	clen = key1(key, ctext_ex);

-	break;

-    case 1:

-	clen = key2(key, ctext_ex);

-	break;

-    case 2:

-	clen = key3(key, ctext_ex);

-	break;

-	}

-	if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;

-	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,

-				 RSA_PKCS1_PADDING);

-	if (num != clen)

-	    {

-	    printf("PKCS#1 v1.5 encryption failed!\n");

-	    err=1;

-	    goto oaep;

-	    }

-	num = RSA_private_decrypt(num, ctext, ptext, key,

-				  RSA_PKCS1_PADDING);

-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)

-	    {

-	    printf("PKCS#1 v1.5 decryption failed!\n");

-	    err=1;

-	    }

-	else

-	    printf("PKCS #1 v1.5 encryption/decryption ok\n");

-    oaep:

-	ERR_clear_error();

-	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,

-				 RSA_PKCS1_OAEP_PADDING);

-	if (num == -1 && pad_unknown())

-	    {

-	    printf("No OAEP support\n");

-	    goto next;

-	    }

-	if (num != clen)

-	    {

-	    printf("OAEP encryption failed!\n");

-	    err=1;

-	    goto next;

-	    }

-	num = RSA_private_decrypt(num, ctext, ptext, key,

-				  RSA_PKCS1_OAEP_PADDING);

-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)

-	    {

-	    printf("OAEP decryption (encrypted data) failed!\n");

-	    err=1;

-	    }

-	else if (memcmp(ctext, ctext_ex, num) == 0)

-	    printf("OAEP test vector %d passed!\n", v);

-	/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).

-	   Try decrypting ctext_ex */

-	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,

-				  RSA_PKCS1_OAEP_PADDING);

-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)

-	    {

-	    printf("OAEP decryption (test vector data) failed!\n");

-	    err=1;

-	    }

-	else

-	    printf("OAEP encryption/decryption ok\n");

-	/* Try decrypting corrupted ciphertexts */

-	for(n = 0 ; n < clen ; ++n)

-	    {

-	    int b;

-	    unsigned char saved = ctext[n];

-	    for(b = 0 ; b < 256 ; ++b)

-		{

-		if(b == saved)

-		    continue;

-		ctext[n] = b;

-		num = RSA_private_decrypt(num, ctext, ptext, key,

-					  RSA_PKCS1_OAEP_PADDING);

-		if(num > 0)

-		    {

-		    printf("Corrupt data decrypted!\n");

-		    err = 1;

-		    }

-		}

-	    }

-    next:

-	RSA_free(key);

-	}

-    CRYPTO_cleanup_all_ex_data();

-    ERR_remove_state(0);

-    CRYPTO_mem_leaks_fp(stderr);

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-    return err;

-    }

-#endif

--- a/sys/src/ape/lib/openssl/crypto/rsa/rsa_x931.c

+++ /dev/null

@@ -1,177 +1,0 @@

-/* rsa_x931.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2005.

- */

-/* ====================================================================

- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/rsa.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-int RSA_padding_add_X931(unsigned char *to, int tlen,

-	     const unsigned char *from, int flen)

-	{

-	int j;

-	unsigned char *p;

-	/* Absolute minimum amount of padding is 1 header nibble, 1 padding

-	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.

-	 */

-	j = tlen - flen - 2;

-	if (j < 0)

-		{

-		RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

-		return -1;

-		}

-	p=(unsigned char *)to;

-	/* If no padding start and end nibbles are in one byte */

-	if (j == 0)

-		*p++ = 0x6A;

-	else

-		{

-		*p++ = 0x6B;

-		if (j > 1)

-			{

-			memset(p, 0xBB, j - 1);

-			p += j - 1;

-			}

-		*p++ = 0xBA;

-		}

-	memcpy(p,from,(unsigned int)flen);

-	p += flen;

-	*p = 0xCC;

-	return(1);

-	}

-int RSA_padding_check_X931(unsigned char *to, int tlen,

-	     const unsigned char *from, int flen, int num)

-	{

-	int i = 0,j;

-	const unsigned char *p;

-	p=from;

-	if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);

-		return -1;

-		}

-	if (*p++ == 0x6B)

-		{

-		j=flen-3;

-		for (i = 0; i < j; i++)

-			{

-			unsigned char c = *p++;

-			if (c == 0xBA)

-				break;

-			if (c != 0xBB)

-				{

-				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,

-					RSA_R_INVALID_PADDING);

-				return -1;

-				}

-			}

-		j -= i;

-		if (i == 0)

-			{

-			RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);

-			return -1;

-			}

-		}

-	else j = flen - 2;

-	if (p[j] != 0xCC)

-		{

-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);

-		return -1;

-		}

-	memcpy(to,p,(unsigned int)j);

-	return(j);

-	}

-/* Translate between X931 hash ids and NIDs */

-int RSA_X931_hash_id(int nid)

-	{

-	switch (nid)

-		{

-		case NID_sha1:

-		return 0x33;

-		case NID_sha256:

-		return 0x34;

-		case NID_sha384:

-		return 0x36;

-		case NID_sha512:

-		return 0x35;

-		}

-	return -1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/seed/Makefile

+++ /dev/null

@@ -1,87 +1,0 @@

-#

-# crypto/seed/Makefile

-#

-DIR=	seed

-TOP=	../..

-CC=	cc

-CPP=	$(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c

-LIBOBJ=seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o

-SRC= $(LIBSRC)

-EXHEADER= seed.h

-HEADER= seed_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-seed.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-seed.o: ../../include/openssl/seed.h seed.c seed_locl.h

-seed_cbc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-seed_cbc.o: ../../include/openssl/seed.h seed_cbc.c seed_locl.h

-seed_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-seed_cfb.o: ../../include/openssl/seed.h seed_cfb.c seed_locl.h

-seed_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/seed.h

-seed_ecb.o: seed_ecb.c

-seed_ofb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-seed_ofb.o: ../../include/openssl/seed.h seed_locl.h seed_ofb.c

--- a/sys/src/ape/lib/openssl/crypto/seed/seed.c

+++ /dev/null

@@ -1,286 +1,0 @@

-/*

- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Neither the name of author nor the names of its contributors may

- *    be used to endorse or promote products derived from this software

- *    without specific prior written permission.

- *

- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- */

-#ifndef OPENSSL_NO_SEED

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#ifdef WIN32

-#include <memory.h>

-#endif

-#include <openssl/seed.h>

-#include "seed_locl.h"

-static seed_word SS[4][256] = {	{

-	0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,

-	0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,

-	0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,

-	0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,

-	0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,

-	0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,

-	0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,

-	0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,

-	0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,

-	0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,

-	0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,

-	0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,

-	0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,

-	0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,

-	0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,

-	0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,

-	0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,

-	0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,

-	0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038,

-	0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,

-	0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,

-	0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,

-	0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,

-	0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,

-	0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,

-	0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,

-	0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,

-	0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,

-	0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,

-	0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,

-	0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330,

-	0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298

-},	{

-	0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,

-	0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,

-	0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,

-	0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,

-	0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,

-	0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,

-	0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,

-	0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,

-	0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,

-	0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,

-	0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,

-	0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,

-	0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,

-	0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171,

-	0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,

-	0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,

-	0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,

-	0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,

-	0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,

-	0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,

-	0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,

-	0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,

-	0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,

-	0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,

-	0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,

-	0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,

-	0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,

-	0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,

-	0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,

-	0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,

-	0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,

-	0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3

-},	{

-	0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,

-	0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,

-	0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,

-	0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,

-	0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,

-	0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,

-	0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,

-	0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,

-	0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,

-	0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,

-	0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,

-	0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,

-	0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,

-	0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,

-	0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,

-	0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,

-	0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,

-	0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,

-	0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808,

-	0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,

-	0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,

-	0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,

-	0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,

-	0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,

-	0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,

-	0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,

-	0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,

-	0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,

-	0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,

-	0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,

-	0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303,

-	0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a

-},	{

-	0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,

-	0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,

-	0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,

-	0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,

-	0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,

-	0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,

-	0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,

-	0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,

-	0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,

-	0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,

-	0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,

-	0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,

-	0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,

-	0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031,

-	0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,

-	0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,

-	0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,

-	0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,

-	0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,

-	0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,

-	0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,

-	0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,

-	0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,

-	0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,

-	0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,

-	0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,

-	0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,

-	0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,

-	0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,

-	0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,

-	0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,

-	0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437

-}	};

-/* key schedule constants - golden ratio */

-#define KC0     0x9e3779b9

-#define KC1     0x3c6ef373

-#define KC2     0x78dde6e6

-#define KC3     0xf1bbcdcc

-#define KC4     0xe3779b99

-#define KC5     0xc6ef3733

-#define KC6     0x8dde6e67

-#define KC7     0x1bbcdccf

-#define KC8     0x3779b99e

-#define KC9     0x6ef3733c

-#define KC10    0xdde6e678

-#define KC11    0xbbcdccf1

-#define KC12    0x779b99e3

-#define KC13    0xef3733c6

-#define KC14    0xde6e678d

-#define KC15    0xbcdccf1b

-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)

-{

-	seed_word x1, x2, x3, x4;

-	seed_word t0, t1;

-	char2word(rawkey   , x1);

-	char2word(rawkey+4 , x2);

-	char2word(rawkey+8 , x3);

-	char2word(rawkey+12, x4);

-	t0 = (x1 + x3 - KC0) & 0xffffffff;

-	t1 = (x2 - x4 + KC0) & 0xffffffff;                     KEYUPDATE_TEMP(t0, t1, &ks->data[0]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);      KEYUPDATE_TEMP(t0, t1, &ks->data[2]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);      KEYUPDATE_TEMP(t0, t1, &ks->data[4]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);      KEYUPDATE_TEMP(t0, t1, &ks->data[6]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);      KEYUPDATE_TEMP(t0, t1, &ks->data[8]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);      KEYUPDATE_TEMP(t0, t1, &ks->data[10]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);      KEYUPDATE_TEMP(t0, t1, &ks->data[12]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);      KEYUPDATE_TEMP(t0, t1, &ks->data[14]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);      KEYUPDATE_TEMP(t0, t1, &ks->data[16]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);      KEYUPDATE_TEMP(t0, t1, &ks->data[18]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);     KEYUPDATE_TEMP(t0, t1, &ks->data[20]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);     KEYUPDATE_TEMP(t0, t1, &ks->data[22]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);     KEYUPDATE_TEMP(t0, t1, &ks->data[24]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);     KEYUPDATE_TEMP(t0, t1, &ks->data[26]);

-	KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);     KEYUPDATE_TEMP(t0, t1, &ks->data[28]);

-	KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);     KEYUPDATE_TEMP(t0, t1, &ks->data[30]);

-}

-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)

-{

-	seed_word x1, x2, x3, x4;

-	seed_word t0, t1;

-	char2word(s,    x1);

-	char2word(s+4,  x2);

-	char2word(s+8,  x3);

-	char2word(s+12, x4);

-	E_SEED(t0, t1, x1, x2, x3, x4, 0);

-	E_SEED(t0, t1, x3, x4, x1, x2, 2);

-	E_SEED(t0, t1, x1, x2, x3, x4, 4);

-	E_SEED(t0, t1, x3, x4, x1, x2, 6);

-	E_SEED(t0, t1, x1, x2, x3, x4, 8);

-	E_SEED(t0, t1, x3, x4, x1, x2, 10);

-	E_SEED(t0, t1, x1, x2, x3, x4, 12);

-	E_SEED(t0, t1, x3, x4, x1, x2, 14);

-	E_SEED(t0, t1, x1, x2, x3, x4, 16);

-	E_SEED(t0, t1, x3, x4, x1, x2, 18);

-	E_SEED(t0, t1, x1, x2, x3, x4, 20);

-	E_SEED(t0, t1, x3, x4, x1, x2, 22);

-	E_SEED(t0, t1, x1, x2, x3, x4, 24);

-	E_SEED(t0, t1, x3, x4, x1, x2, 26);

-	E_SEED(t0, t1, x1, x2, x3, x4, 28);

-	E_SEED(t0, t1, x3, x4, x1, x2, 30);

-	word2char(x3, d);

-	word2char(x4, d+4);

-	word2char(x1, d+8);

-	word2char(x2, d+12);

-}

-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)

-{

-	seed_word x1, x2, x3, x4;

-	seed_word t0, t1;

-	char2word(s,    x1);

-	char2word(s+4,  x2);

-	char2word(s+8,  x3);

-	char2word(s+12, x4);

-	E_SEED(t0, t1, x1, x2, x3, x4, 30);

-	E_SEED(t0, t1, x3, x4, x1, x2, 28);

-	E_SEED(t0, t1, x1, x2, x3, x4, 26);

-	E_SEED(t0, t1, x3, x4, x1, x2, 24);

-	E_SEED(t0, t1, x1, x2, x3, x4, 22);

-	E_SEED(t0, t1, x3, x4, x1, x2, 20);

-	E_SEED(t0, t1, x1, x2, x3, x4, 18);

-	E_SEED(t0, t1, x3, x4, x1, x2, 16);

-	E_SEED(t0, t1, x1, x2, x3, x4, 14);

-	E_SEED(t0, t1, x3, x4, x1, x2, 12);

-	E_SEED(t0, t1, x1, x2, x3, x4, 10);

-	E_SEED(t0, t1, x3, x4, x1, x2, 8);

-	E_SEED(t0, t1, x1, x2, x3, x4, 6);

-	E_SEED(t0, t1, x3, x4, x1, x2, 4);

-	E_SEED(t0, t1, x1, x2, x3, x4, 2);

-	E_SEED(t0, t1, x3, x4, x1, x2, 0);

-	word2char(x3, d);

-	word2char(x4, d+4);

-	word2char(x1, d+8);

-	word2char(x2, d+12);

-}

-#endif /* OPENSSL_NO_SEED */

--- a/sys/src/ape/lib/openssl/crypto/seed/seed.h

+++ /dev/null

@@ -1,135 +1,0 @@

-/*

- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Neither the name of author nor the names of its contributors may

- *    be used to endorse or promote products derived from this software

- *    without specific prior written permission.

- *

- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SEED_H

-#define HEADER_SEED_H

-#include <openssl/opensslconf.h>

-#ifdef OPENSSL_NO_SEED

-#error SEED is disabled.

-#endif

-#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */

-# ifndef SEED_LONG

-#  define SEED_LONG 1

-# endif

-#endif

-#if !defined(NO_SYS_TYPES_H)

-# include <sys/types.h>

-#endif

-#define SEED_BLOCK_SIZE 16

-#define SEED_KEY_LENGTH	16

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct seed_key_st {

-#ifdef SEED_LONG

-    unsigned long data[32];

-#else

-    unsigned int data[32];

-#endif

-} SEED_KEY_SCHEDULE;

-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);

-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);

-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,

-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);

-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);

-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);

-#ifdef  __cplusplus

-}

-#endif

-#endif /* HEADER_SEED_H */

--- a/sys/src/ape/lib/openssl/crypto/seed/seed_cbc.c

+++ /dev/null

@@ -1,129 +1,0 @@

-/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include "seed_locl.h"

-#include <string.h>

-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,

-                      size_t len, const SEED_KEY_SCHEDULE *ks,

-                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)

-	{

-	size_t n;

-	unsigned char tmp[SEED_BLOCK_SIZE];

-	const unsigned char *iv = ivec;

-	if (enc)

-		{

-		while (len >= SEED_BLOCK_SIZE)

-			{

-			for (n = 0; n < SEED_BLOCK_SIZE; ++n)

-				out[n] = in[n] ^ iv[n];

-			SEED_encrypt(out, out, ks);

-			iv = out;

-			len -= SEED_BLOCK_SIZE;

-			in  += SEED_BLOCK_SIZE;

-			out += SEED_BLOCK_SIZE;

-			}

-		if (len)

-			{

-			for (n = 0; n < len; ++n)

-				out[n] = in[n] ^ iv[n];

-			for (n = len; n < SEED_BLOCK_SIZE; ++n)

-				out[n] = iv[n];

-			SEED_encrypt(out, out, ks);

-			iv = out;

-			}

-		memcpy(ivec, iv, SEED_BLOCK_SIZE);

-		}

-	else if (in != out) /* decrypt */

-		{

-		while (len >= SEED_BLOCK_SIZE)

-			{

-			SEED_decrypt(in, out, ks);

-			for (n = 0; n < SEED_BLOCK_SIZE; ++n)

-				out[n] ^= iv[n];

-			iv = in;

-			len -= SEED_BLOCK_SIZE;

-			in  += SEED_BLOCK_SIZE;

-			out += SEED_BLOCK_SIZE;

-			}

-		if (len)

-			{

-			SEED_decrypt(in, tmp, ks);

-			for (n = 0; n < len; ++n)

-				out[n] = tmp[n] ^ iv[n];

-			iv = in;

-			}

-		memcpy(ivec, iv, SEED_BLOCK_SIZE);

-		}

-	else /* decrypt, overlap */

-		{

-		while (len >= SEED_BLOCK_SIZE)

-			{

-			memcpy(tmp, in, SEED_BLOCK_SIZE);

-			SEED_decrypt(in, out, ks);

-			for (n = 0; n < SEED_BLOCK_SIZE; ++n)

-				out[n] ^= ivec[n];

-			memcpy(ivec, tmp, SEED_BLOCK_SIZE);

-			len -= SEED_BLOCK_SIZE;

-			in  += SEED_BLOCK_SIZE;

-			out += SEED_BLOCK_SIZE;

-			}

-		if (len)

-			{

-			memcpy(tmp, in, SEED_BLOCK_SIZE);

-			SEED_decrypt(tmp, tmp, ks);

-			for (n = 0; n < len; ++n)

-				out[n] = tmp[n] ^ ivec[n];

-			memcpy(ivec, tmp, SEED_BLOCK_SIZE);

-			}

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/seed/seed_cfb.c

+++ /dev/null

@@ -1,144 +1,0 @@

-/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "seed_locl.h"

-#include <string.h>

-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,

-                         size_t len, const SEED_KEY_SCHEDULE *ks,

-                         unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc)

-	{

-	int n;

-	unsigned char c;

-	n = *num;

-	if (enc)

-		{

-		while (len--)

-			{

-			if (n == 0)

-				SEED_encrypt(ivec, ivec, ks);

-			ivec[n] = *(out++) = *(in++) ^ ivec[n];

-			n = (n+1) % SEED_BLOCK_SIZE;

-			}

-		}

-	else

-		{

-		while (len--)

-			{

-			if (n == 0)

-				SEED_encrypt(ivec, ivec, ks);

-			c = *(in);

-			*(out++) = *(in++) ^ ivec[n];

-			ivec[n] = c;

-			n = (n+1) % SEED_BLOCK_SIZE;

-			}

-		}

-	*num = n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/seed/seed_ecb.c

+++ /dev/null

@@ -1,60 +1,0 @@

-/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include <openssl/seed.h>

-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc)

-	{

-	if (enc)

-		SEED_encrypt(in, out, ks);

-	else

-		SEED_decrypt(in, out, ks);

-	}

--- a/sys/src/ape/lib/openssl/crypto/seed/seed_locl.h

+++ /dev/null

@@ -1,116 +1,0 @@

-/*

- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Neither the name of author nor the names of its contributors may

- *    be used to endorse or promote products derived from this software

- *    without specific prior written permission.

- *

- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- */

-#ifndef HEADER_SEED_LOCL_H

-#define HEADER_SEED_LOCL_H

-#include "openssl/e_os2.h"

-#include <openssl/seed.h>

-#ifdef SEED_LONG /* need 32-bit type */

-typedef unsigned long seed_word;

-#else

-typedef unsigned int seed_word;

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define G_FUNC(v)       \

-        SS[0][(unsigned char)      (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \

-        SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]

-#define char2word(c, i)  \

-        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))

-#define word2char(l, c)  \

-        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \

-        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \

-        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \

-        *((c)+3) = (unsigned char)((l))     & 0xff

-#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \

-        (T0) = (X3);                                     \

-        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \

-        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \

-        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \

-        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff

-#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \

-        (T0) = (X1);                                     \

-        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \

-        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \

-        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \

-        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff

-#define KEYUPDATE_TEMP(T0, T1, K)   \

-        (K)[0] = G_FUNC((T0));      \

-        (K)[1] = G_FUNC((T1))

-#define XOR_SEEDBLOCK(DST, SRC)      \

-        ((DST))[0] ^= ((SRC))[0];    \

-        ((DST))[1] ^= ((SRC))[1];    \

-        ((DST))[2] ^= ((SRC))[2];    \

-        ((DST))[3] ^= ((SRC))[3]

-#define MOV_SEEDBLOCK(DST, SRC)      \

-        ((DST))[0] = ((SRC))[0];     \

-        ((DST))[1] = ((SRC))[1];     \

-        ((DST))[2] = ((SRC))[2];     \

-        ((DST))[3] = ((SRC))[3]

-# define CHAR2WORD(C, I)              \

-        char2word((C),    (I)[0]);    \

-        char2word((C+4),  (I)[1]);    \

-        char2word((C+8),  (I)[2]);    \

-        char2word((C+12), (I)[3])

-# define WORD2CHAR(I, C)              \

-        word2char((I)[0], (C));       \

-        word2char((I)[1], (C+4));     \

-        word2char((I)[2], (C+8));     \

-        word2char((I)[3], (C+12))

-# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \

-        (T0) = (X3) ^ (ks->data)[(rbase)];       \

-        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \

-        (T1) ^= (T0);                            \

-        (T1) = G_FUNC((T1));                     \

-        (T0) = ((T0) + (T1)) & 0xffffffff;       \

-        (T0) = G_FUNC((T0));                     \

-        (T1) = ((T1) + (T0)) & 0xffffffff;       \

-        (T1) = G_FUNC((T1));                     \

-        (T0) = ((T0) + (T1)) & 0xffffffff;       \

-        (X1) ^= (T0);                            \

-        (X2) ^= (T1)

-#ifdef  __cplusplus

-}

-#endif

-#endif /* HEADER_SEED_LOCL_H */

--- a/sys/src/ape/lib/openssl/crypto/seed/seed_ofb.c

+++ /dev/null

@@ -1,128 +1,0 @@

-/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "seed_locl.h"

-#include <string.h>

-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,

-                         size_t len, const SEED_KEY_SCHEDULE *ks,

-                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)

-	{

-	int n;

-	n = *num;

-	while (len--)

-		{

-		if (n == 0)

-			SEED_encrypt(ivec, ivec, ks);

-		*(out++) = *(in++) ^ ivec[n];

-		n = (n+1) % SEED_BLOCK_SIZE;

-		}

-	*num = n;

-	}

--- a/sys/src/ape/lib/openssl/crypto/sha/Makefile

+++ /dev/null

@@ -1,134 +1,0 @@

-#

-# OpenSSL/crypto/sha/Makefile

-#

-DIR=    sha

-TOP=    ../..

-CC=     cc

-CPP=    $(CC) -E

-INCLUDES=

-CFLAG=-g

-MAKEFILE=       Makefile

-AR=             ar r

-SHA1_ASM_OBJ=

-CFLAGS= $(INCLUDES) $(CFLAG)

-ASFLAGS= $(INCLUDES) $(ASFLAG)

-AFLAGS= $(ASFLAGS)

-GENERAL=Makefile

-TEST=shatest.c sha1test.c sha256t.c sha512t.c

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c

-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)

-SRC= $(LIBSRC)

-EXHEADER= sha.h

-HEADER= sha_locl.h $(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:    lib

-lib:    $(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-# ELF

-sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)

-s512sse2-elf.s:	asm/sha512-sse2.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)

-# COFF

-sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)

-s512sse2-cof.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)

-# a.out

-sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)

-s512sse2-out.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl

-	(cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)

-sha1-ia64.s:   asm/sha1-ia64.pl

-	(cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@

-sha256-ia64.s: asm/sha512-ia64.pl

-	(cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))

-sha512-ia64.s: asm/sha512-ia64.pl

-	(cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-sha1_one.o: ../../include/openssl/opensslconf.h

-sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-sha1_one.o: sha1_one.c

-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h

-sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h

-sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c

-sha512.o: ../../e_os.h ../../include/openssl/bio.h

-sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-sha512.o: ../cryptlib.h sha512.c

-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h

-sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h

-sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-sha_one.o: ../../include/openssl/symhacks.h sha_one.c

--- a/sys/src/ape/lib/openssl/crypto/sha/asm/README

+++ /dev/null

@@ -1,1 +1,0 @@

-C2.pl works

--- a/sys/src/ape/lib/openssl/crypto/sha/asm/sha1-586.pl

+++ /dev/null

@@ -1,430 +1,0 @@

-#!/usr/local/bin/perl

-# It was noted that Intel IA-32 C compiler generates code which

-# performs ~30% *faster* on P4 CPU than original *hand-coded*

-# SHA1 assembler implementation. To address this problem (and

-# prove that humans are still better than machines:-), the

-# original code was overhauled, which resulted in following

-# performance changes:

-#

-#		compared with original	compared with Intel cc

-#		assembler impl.		generated code

-# Pentium	-16%			+48%

-# PIII/AMD	+8%			+16%

-# P4		+85%(!)			+45%

-#

-# As you can see Pentium came out as looser:-( Yet I reckoned that

-# improvement on P4 outweights the loss and incorporate this

-# re-tuned code to 0.9.7 and later.

-# ----------------------------------------------------------------

-# Those who for any particular reason absolutely must score on

-# Pentium can replace this module with one from 0.9.6 distribution.

-# This "offer" shall be revoked the moment programming interface to

-# this module is changed, in which case this paragraph should be

-# removed.

-# ----------------------------------------------------------------

-#					<[email protected]>

-$normal=0;

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");

-$A="eax";

-$B="ecx";

-$C="ebx";

-$D="edx";

-$E="edi";

-$T="esi";

-$tmp1="ebp";

-$off=9*4;

-@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);

-&sha1_block_data("sha1_block_asm_data_order");

-&asm_finish();

-sub Nn

-	{

-	local($p)=@_;

-	local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);

-	return($n{$p});

-	}

-sub Np

-	{

-	local($p)=@_;

-	local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);

-	local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);

-	return($n{$p});

-	}

-sub Na

-	{

-	local($n)=@_;

-	return( (($n   )&0x0f),

-		(($n+ 2)&0x0f),

-		(($n+ 8)&0x0f),

-		(($n+13)&0x0f),

-		(($n+ 1)&0x0f));

-	}

-sub X_expand

-	{

-	local($in)=@_;

-	&comment("First, load the words onto the stack in network byte order");

-	for ($i=0; $i<16; $i+=2)

-		{

-		&mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0;

-		 &mov($B,&DWP(($i+1)*4,$in,"",0));

-		&bswap($A);

-		 &bswap($B);

-		&mov(&swtmp($i+0),$A);

-		 &mov(&swtmp($i+1),$B);

-		}

-	&comment("We now have the X array on the stack");

-	&comment("starting at sp-4");

-	}

-# Rules of engagement

-# F is always trashable at the start, the running total.

-# E becomes the next F so it can be trashed after it has been 'accumulated'

-# F becomes A in the next round.  We don't need to access it much.

-# During the X update part, the result ends up in $X[$n0].

-sub BODY_00_15

-	{

-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;

-	&comment("00_15 $n");

-	&mov($f,$c);			# f to hold F_00_19(b,c,d)

-	 if ($n==0)  { &mov($tmp1,$a); }

-	 else        { &mov($a,$tmp1); }

-	&rotl($tmp1,5);			# tmp1=ROTATE(a,5)

-	 &xor($f,$d);

-	&and($f,$b);

-	 &add($tmp1,$e);		# tmp1+=e;

-	&mov($e,&swtmp($n));		# e becomes volatile and

-	 				# is loaded with xi

-	 &xor($f,$d);			# f holds F_00_19(b,c,d)

-	&rotr($b,2);			# b=ROTATE(b,30)

-	 &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi

-	if ($n==15) { &add($f,$tmp1); }	# f+=tmp1

-	else        { &add($tmp1,$f); }

-	}

-sub BODY_16_19

-	{

-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;

-	local($n0,$n1,$n2,$n3,$np)=&Na($n);

-	&comment("16_19 $n");

-	&mov($f,&swtmp($n1));		# f to hold Xupdate(xi,xa,xb,xc,xd)

-	 &mov($tmp1,$c);		# tmp1 to hold F_00_19(b,c,d)

-	&xor($f,&swtmp($n0));

-	 &xor($tmp1,$d);

-	&xor($f,&swtmp($n2));

-	 &and($tmp1,$b);		# tmp1 holds F_00_19(b,c,d)

-	&rotr($b,2);			# b=ROTATE(b,30)

-	 &xor($f,&swtmp($n3));		# f holds xa^xb^xc^xd

-	&rotl($f,1);			# f=ROATE(f,1)

-	 &xor($tmp1,$d);		# tmp1=F_00_19(b,c,d)

-	&mov(&swtmp($n0),$f);		# xi=f

-	&lea($f,&DWP($K,$f,$e,1));	# f+=K_00_19+e

-	 &mov($e,$a);			# e becomes volatile

-	&rotl($e,5);			# e=ROTATE(a,5)

-	 &add($f,$tmp1);		# f+=F_00_19(b,c,d)

-	&add($f,$e);			# f+=ROTATE(a,5)

-	}

-sub BODY_20_39

-	{

-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;

-	&comment("20_39 $n");

-	local($n0,$n1,$n2,$n3,$np)=&Na($n);

-	&mov($tmp1,$b);			# tmp1 to hold F_20_39(b,c,d)

-	 &mov($f,&swtmp($n0));		# f to hold Xupdate(xi,xa,xb,xc,xd)

-	&rotr($b,2);			# b=ROTATE(b,30)

-	 &xor($f,&swtmp($n1));

-	&xor($tmp1,$c);

-	 &xor($f,&swtmp($n2));

-	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)

-	 &xor($f,&swtmp($n3));		# f holds xa^xb^xc^xd

-	&rotl($f,1);			# f=ROTATE(f,1)

-	 &add($tmp1,$e);

-	&mov(&swtmp($n0),$f);		# xi=f

-	 &mov($e,$a);			# e becomes volatile

-	&rotl($e,5);			# e=ROTATE(a,5)

-	 &lea($f,&DWP($K,$f,$tmp1,1));	# f+=K_20_39+e

-	&add($f,$e);			# f+=ROTATE(a,5)

-	}

-sub BODY_40_59

-	{

-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;

-	&comment("40_59 $n");

-	local($n0,$n1,$n2,$n3,$np)=&Na($n);

-	&mov($f,&swtmp($n0));		# f to hold Xupdate(xi,xa,xb,xc,xd)

-	 &mov($tmp1,&swtmp($n1));

-	&xor($f,$tmp1);

-	 &mov($tmp1,&swtmp($n2));

-	&xor($f,$tmp1);

-	 &mov($tmp1,&swtmp($n3));

-	&xor($f,$tmp1);			# f holds xa^xb^xc^xd

-	 &mov($tmp1,$b);		# tmp1 to hold F_40_59(b,c,d)

-	&rotl($f,1);			# f=ROTATE(f,1)

-	 &or($tmp1,$c);

-	&mov(&swtmp($n0),$f);		# xi=f

-	 &and($tmp1,$d);

-	&lea($f,&DWP($K,$f,$e,1));	# f+=K_40_59+e

-	 &mov($e,$b);			# e becomes volatile and is used

-					# to calculate F_40_59(b,c,d)

-	&rotr($b,2);			# b=ROTATE(b,30)

-	 &and($e,$c);

-	&or($tmp1,$e);			# tmp1 holds F_40_59(b,c,d)

-	 &mov($e,$a);

-	&rotl($e,5);			# e=ROTATE(a,5)

-	 &add($f,$tmp1);		# f+=tmp1;

-	&add($f,$e);			# f+=ROTATE(a,5)

-	}

-sub BODY_60_79

-	{

-	&BODY_20_39(@_);

-	}

-sub sha1_block_host

-	{

-	local($name, $sclabel)=@_;

-	&function_begin_B($name,"");

-	# parameter 1 is the MD5_CTX structure.

-	# A	0

-	# B	4

-	# C	8

-	# D 	12

-	# E 	16

-	&mov("ecx",	&wparam(2));

-	 &push("esi");

-	&shl("ecx",6);

-	 &mov("esi",	&wparam(1));

-	&push("ebp");

-	 &add("ecx","esi");	# offset to leave on

-	&push("ebx");

-	 &mov("ebp",	&wparam(0));

-	&push("edi");

-	 &mov($D,	&DWP(12,"ebp","",0));

-	&stack_push(18+9);

-	 &mov($E,	&DWP(16,"ebp","",0));

-	&mov($C,	&DWP( 8,"ebp","",0));

-	 &mov(&swtmp(17),"ecx");

-	&comment("First we need to setup the X array");

-	for ($i=0; $i<16; $i+=2)

-		{

-		&mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0;

-		 &mov($B,&DWP(($i+1)*4,"esi","",0));

-		&mov(&swtmp($i+0),$A);

-		 &mov(&swtmp($i+1),$B);

-		}

-	&jmp($sclabel);

-	&function_end_B($name);

-	}

-sub sha1_block_data

-	{

-	local($name)=@_;

-	&function_begin_B($name,"");

-	# parameter 1 is the MD5_CTX structure.

-	# A	0

-	# B	4

-	# C	8

-	# D 	12

-	# E 	16

-	&mov("ecx",	&wparam(2));

-	 &push("esi");

-	&shl("ecx",6);

-	 &mov("esi",	&wparam(1));

-	&push("ebp");

-	 &add("ecx","esi");	# offset to leave on

-	&push("ebx");

-	 &mov("ebp",	&wparam(0));

-	&push("edi");

-	 &mov($D,	&DWP(12,"ebp","",0));

-	&stack_push(18+9);

-	 &mov($E,	&DWP(16,"ebp","",0));

-	&mov($C,	&DWP( 8,"ebp","",0));

-	 &mov(&swtmp(17),"ecx");

-	&comment("First we need to setup the X array");

-	&set_label("start") unless $normal;

-	&X_expand("esi");

-	 &mov(&wparam(1),"esi");

-	&set_label("shortcut", 0, 1);

-	&comment("");

-	&comment("Start processing");

-	# odd start

-	&mov($A,	&DWP( 0,"ebp","",0));

-	 &mov($B,	&DWP( 4,"ebp","",0));

-	$X="esp";

-	&BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);

-	&BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);

-	&BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);

-	&BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);

-	&BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);

-	&BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);

-	&BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);

-	&BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);

-	&BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);

-	&BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);

-	&BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);

-	&BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);

-	&BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);

-	&BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);

-	&BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);

-	&BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);

-	&BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);

-	&BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);

-	&BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);

-	&BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);

-	&comment("End processing");

-	&comment("");

-	# D is the tmp value

-	# E -> A

-	# T -> B

-	# A -> C

-	# B -> D

-	# C -> E

-	# D -> T

-	&mov($tmp1,&wparam(0));

-	 &mov($D,	&DWP(12,$tmp1,"",0));

-	&add($D,$B);

-	 &mov($B,	&DWP( 4,$tmp1,"",0));

-	&add($B,$T);

-	 &mov($T,	$A);

-	&mov($A,	&DWP( 0,$tmp1,"",0));

-	 &mov(&DWP(12,$tmp1,"",0),$D);

-	&add($A,$E);

-	 &mov($E,	&DWP(16,$tmp1,"",0));

-	&add($E,$C);

-	 &mov($C,	&DWP( 8,$tmp1,"",0));

-	&add($C,$T);

-	 &mov(&DWP( 0,$tmp1,"",0),$A);

-	&mov("esi",&wparam(1));

-	 &mov(&DWP( 8,$tmp1,"",0),$C);

- 	&add("esi",64);

-	 &mov("eax",&swtmp(17));

-	&mov(&DWP(16,$tmp1,"",0),$E);

-	 &cmp("esi","eax");

-	&mov(&DWP( 4,$tmp1,"",0),$B);

-	 &jb(&label("start"));

-	&stack_pop(18+9);

-	 &pop("edi");

-	&pop("ebx");

-	 &pop("ebp");

-	&pop("esi");

-	 &ret();

-	# keep a note of shortcut label so it can be used outside

-	# block.

-	my $sclabel = &label("shortcut");

-	&function_end_B($name);

-	# Putting this here avoids problems with MASM in debugging mode

-	&sha1_block_host("sha1_block_asm_host_order", $sclabel);

-	}

--- a/sys/src/ape/lib/openssl/crypto/sha/asm/sha1-ia64.pl

+++ /dev/null

@@ -1,545 +1,0 @@

-#!/usr/bin/env perl

-#

-# ====================================================================

-# Written by Andy Polyakov <[email protected]> for the OpenSSL

-# project. Rights for redistribution and usage in source and binary

-# forms are granted according to the OpenSSL license.

-# ====================================================================

-#

-# Eternal question is what's wrong with compiler generated code? The

-# trick is that it's possible to reduce the number of shifts required

-# to perform rotations by maintaining copy of 32-bit value in upper

-# bits of 64-bit register. Just follow mux2 and shrp instructions...

-# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which

-# is >50% better than HP C and >2x better than gcc. As of this moment

-# performance under little-endian OS such as Linux and Windows will be

-# a bit lower, because data has to be picked in reverse byte-order.

-# It's possible to resolve this issue by implementing third function,

-# sha1_block_asm_data_order_aligned, which would temporarily flip

-# BE field in User Mask register...

-$code=<<___;

-.ident  \"sha1-ia64.s, version 1.0\"

-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"

-.explicit

-___

-if ($^O eq "hpux") {

-    $ADDP="addp4";

-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }

-} else { $ADDP="add"; }

-for (@ARGV) {	$big_endian=1 if (/\-DB_ENDIAN/);

-		$big_endian=0 if (/\-DL_ENDIAN/);   }

-if (!defined($big_endian))

-	    {	$big_endian=(unpack('L',pack('N',1))==1);   }

-#$human=1;

-if ($human) {	# useful for visual code auditing...

-	($A,$B,$C,$D,$E,$T)   = ("A","B","C","D","E","T");

-	($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");

-	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =

-	    (	"K_00_19","K_20_39","K_40_59","K_60_79"	);

-	@X= (	"X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",

-		"X8", "X9","X10","X11","X12","X13","X14","X15"	);

-}

-else {

-	($A,$B,$C,$D,$E,$T)   = ("loc0","loc1","loc2","loc3","loc4","loc5");

-	($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10");

-	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =

-	    (	"r14", "r15", "loc11", "loc12"	);

-	@X= (	"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",

-		"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"	);

-}

-sub BODY_00_15 {

-local	*code=shift;

-local	($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_;

-if ($unaligned) {

-	$code.=<<___;

-{ .mmi;	ld1	tmp0=[inp],2		    // MSB

-	ld1	tmp1=[tmp3],2		};;

-{ .mmi;	ld1	tmp2=[inp],2

-	ld1	$X[$i&0xf]=[tmp3],2	    // LSB

-	dep	tmp1=tmp0,tmp1,8,8	};;

-{ .mii;	cmp.ne	p16,p0=r0,r0		    // no misaligned prefetch

-	dep	$X[$i&0xf]=tmp2,$X[$i&0xf],8,8;;

-	dep	$X[$i&0xf]=tmp1,$X[$i&0xf],16,16	};;

-{ .mmi;	nop.m	0

-___

-	}

-elsif ($i<15) {

-	$code.=<<___;

-{ .mmi;	ld4	$X[($i+1)&0xf]=[inp],4	// prefetch

-___

-	}

-else	{

-	$code.=<<___;

-{ .mmi;	nop.m	0

-___

-	}

-if ($i<15) {

-	$code.=<<___;

-	and	tmp0=$c,$b

-	dep.z	tmp5=$a,5,27		}   // a<<5

-{ .mmi;	andcm	tmp1=$d,$b

-	add	tmp4=$e,$K_00_19	};;

-{ .mmi;	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)

-	add	$f=tmp4,$X[$i&0xf]	    // f=xi+e+K_00_19

-	extr.u	tmp1=$a,27,5		};; // a>>27

-{ .mib;	add	$f=$f,tmp0		    // f+=F_00_19(b,c,d)

-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)

-{ .mib;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)

-	mux2	tmp6=$a,0x44		};; // see b in next iteration

-{ .mii;	add	$f=$f,tmp1		    // f+=ROTATE(a,5)

-	mux2	$X[$i&0xf]=$X[$i&0xf],0x44

-	nop.i	0			};;

-___

-	}

-else	{

-	$code.=<<___;

-	and	tmp0=$c,$b

-	dep.z	tmp5=$a,5,27		}   // a<<5 ;;?

-{ .mmi;	andcm	tmp1=$d,$b

-	add	tmp4=$e,$K_00_19	};;

-{ .mmi;	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)

-	add	$f=tmp4,$X[$i&0xf]	    // f=xi+e+K_00_19

-	extr.u	tmp1=$a,27,5		}   // a>>27

-{ .mmi;	xor	tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]	// +1

-	xor	tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1

-	nop.i	0			};;

-{ .mmi;	add	$f=$f,tmp0		    // f+=F_00_19(b,c,d)

-	xor	tmp2=tmp2,tmp3		    // +1

-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)

-{ .mmi; or	tmp1=tmp1,tmp5		    // ROTATE(a,5)

-	mux2	tmp6=$a,0x44		};; // see b in next iteration

-{ .mii;	add	$f=$f,tmp1		    // f+=ROTATE(a,5)

-	shrp	$e=tmp2,tmp2,31		    // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)

-	mux2	$X[$i&0xf]=$X[$i&0xf],0x44  };;

-___

-	}

-}

-sub BODY_16_19 {

-local	*code=shift;

-local	($i,$a,$b,$c,$d,$e,$f)=@_;

-$code.=<<___;

-{ .mmi;	mov	$X[$i&0xf]=$f		    // Xupdate

-	and	tmp0=$c,$b

-	dep.z	tmp5=$a,5,27		}   // a<<5

-{ .mmi;	andcm	tmp1=$d,$b

-	add	tmp4=$e,$K_00_19	};;

-{ .mmi;	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)

-	add	$f=$f,tmp4		    // f+=e+K_00_19

-	extr.u	tmp1=$a,27,5		}   // a>>27

-{ .mmi;	xor	tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]	// +1

-	xor	tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf]	// +1

-	nop.i	0			};;

-{ .mmi;	add	$f=$f,tmp0		    // f+=F_00_19(b,c,d)

-	xor	tmp2=tmp2,tmp3		    // +1

-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)

-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)

-	mux2	tmp6=$a,0x44		};; // see b in next iteration

-{ .mii;	add	$f=$f,tmp1		    // f+=ROTATE(a,5)

-	shrp	$e=tmp2,tmp2,31		    // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)

-	nop.i	0			};;

-___

-}

-sub BODY_20_39 {

-local	*code=shift;

-local	($i,$a,$b,$c,$d,$e,$f,$Konst)=@_;

-	$Konst = $K_20_39 if (!defined($Konst));

-if ($i<79) {

-$code.=<<___;

-{ .mib;	mov	$X[$i&0xf]=$f		    // Xupdate

-	dep.z	tmp5=$a,5,27		}   // a<<5

-{ .mib;	xor	tmp0=$c,$b

-	add	tmp4=$e,$Konst		};;

-{ .mmi;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d

-	add	$f=$f,tmp4		    // f+=e+K_20_39

-	extr.u	tmp1=$a,27,5		}   // a>>27

-{ .mmi;	xor	tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]	// +1

-	xor	tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf]	// +1

-	nop.i	0			};;

-{ .mmi;	add	$f=$f,tmp0		    // f+=F_20_39(b,c,d)

-	xor	tmp2=tmp2,tmp3		    // +1

-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)

-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)

-	mux2	tmp6=$a,0x44		};; // see b in next iteration

-{ .mii;	add	$f=$f,tmp1		    // f+=ROTATE(a,5)

-	shrp	$e=tmp2,tmp2,31		    // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)

-	nop.i	0			};;

-___

-}

-else {

-$code.=<<___;

-{ .mib;	mov	$X[$i&0xf]=$f		    // Xupdate

-	dep.z	tmp5=$a,5,27		}   // a<<5

-{ .mib;	xor	tmp0=$c,$b

-	add	tmp4=$e,$Konst		};;

-{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d

-	extr.u	tmp1=$a,27,5		}   // a>>27

-{ .mib;	add	$f=$f,tmp4		    // f+=e+K_20_39

-	add	$h1=$h1,$a		};; // wrap up

-{ .mmi;

-(p16)	ld4.s	$X[0]=[inp],4		    // non-faulting prefetch

-	add	$f=$f,tmp0		    // f+=F_20_39(b,c,d)

-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30) ;;?

-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)

-	add	$h3=$h3,$c		};; // wrap up

-{ .mib;	add	tmp3=1,inp		    // used in unaligned codepath

-	add	$f=$f,tmp1		}   // f+=ROTATE(a,5)

-{ .mib;	add	$h2=$h2,$b		    // wrap up

-	add	$h4=$h4,$d		};; // wrap up

-___

-}

-}

-sub BODY_40_59 {

-local	*code=shift;

-local	($i,$a,$b,$c,$d,$e,$f)=@_;

-$code.=<<___;

-{ .mmi;	mov	$X[$i&0xf]=$f		    // Xupdate

-	and	tmp0=$c,$b

-	dep.z	tmp5=$a,5,27		}   // a<<5

-{ .mmi;	and	tmp1=$d,$b

-	add	tmp4=$e,$K_40_59	};;

-{ .mmi;	or	tmp0=tmp0,tmp1		    // (b&c)|(b&d)

-	add	$f=$f,tmp4		    // f+=e+K_40_59

-	extr.u	tmp1=$a,27,5		}   // a>>27

-{ .mmi;	and	tmp4=$c,$d

-	xor	tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]	// +1

-	xor	tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf]	// +1

-	};;

-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)

-	xor	tmp2=tmp2,tmp3		    // +1

-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)

-{ .mmi;	or	tmp0=tmp0,tmp4		    // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d)

-	mux2	tmp6=$a,0x44		};; // see b in next iteration

-{ .mii;	add	$f=$f,tmp0		    // f+=F_40_59(b,c,d)

-	shrp	$e=tmp2,tmp2,31;;	    // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)

-	add	$f=$f,tmp1		};; // f+=ROTATE(a,5)

-___

-}

-sub BODY_60_79	{ &BODY_20_39(@_,$K_60_79); }

-$code.=<<___;

-.text

-tmp0=r8;

-tmp1=r9;

-tmp2=r10;

-tmp3=r11;

-ctx=r32;	// in0

-inp=r33;	// in1

-// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num);

-.global	sha1_block_asm_host_order#

-.proc	sha1_block_asm_host_order#

-.align	32

-sha1_block_asm_host_order:

-	.prologue

-{ .mmi;	alloc	tmp1=ar.pfs,3,15,0,0

-	$ADDP	tmp0=4,ctx

-	.save	ar.lc,r3

-	mov	r3=ar.lc		}

-{ .mmi;	$ADDP	ctx=0,ctx

-	$ADDP	inp=0,inp

-	mov	r2=pr			};;

-tmp4=in2;

-tmp5=loc13;

-tmp6=loc14;

-	.body

-{ .mlx;	ld4	$h0=[ctx],8

-	movl	$K_00_19=0x5a827999	}

-{ .mlx;	ld4	$h1=[tmp0],8

-	movl	$K_20_39=0x6ed9eba1	};;

-{ .mlx;	ld4	$h2=[ctx],8

-	movl	$K_40_59=0x8f1bbcdc	}

-{ .mlx;	ld4	$h3=[tmp0]

-	movl	$K_60_79=0xca62c1d6	};;

-{ .mmi;	ld4	$h4=[ctx],-16

-	add	in2=-1,in2		    // adjust num for ar.lc

-	mov	ar.ec=1			};;

-{ .mmi;	ld4	$X[0]=[inp],4		    // prefetch

-	cmp.ne	p16,p0=r0,in2		    // prefecth at loop end

-	mov	ar.lc=in2		};; // brp.loop.imp: too far

-.Lhtop:

-{ .mmi;	mov	$A=$h0

-	mov	$B=$h1

-	mux2	tmp6=$h1,0x44		}

-{ .mmi;	mov	$C=$h2

-	mov	$D=$h3

-	mov	$E=$h4			};;

-___

-	&BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T);

-	&BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E);

-	&BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D);

-	&BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C);

-	&BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B);

-	&BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A);

-	&BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T);

-	&BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E);

-	&BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D);

-	&BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C);

-	&BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B);

-	&BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A);

-	&BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T);

-	&BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E);

-	&BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D);

-	&BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C);

-	&BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);

-	&BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);

-	&BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);

-	&BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);

-$code.=<<___;

-{ .mmb;	add	$h0=$h0,$E

-	nop.m	0

-	br.ctop.dptk.many	.Lhtop	};;

-.Lhend:

-{ .mmi;	add	tmp0=4,ctx

-	mov	ar.lc=r3		};;

-{ .mmi;	st4	[ctx]=$h0,8

-	st4	[tmp0]=$h1,8		};;

-{ .mmi;	st4	[ctx]=$h2,8

-	st4	[tmp0]=$h3		};;

-{ .mib;	st4	[ctx]=$h4,-16

-	mov	pr=r2,0x1ffff

-	br.ret.sptk.many	b0	};;

-.endp	sha1_block_asm_host_order#

-___

-$code.=<<___;

-// void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num);

-.global	sha1_block_asm_data_order#

-.proc	sha1_block_asm_data_order#

-.align	32

-sha1_block_asm_data_order:

-___

-$code.=<<___ if ($big_endian);

-{ .mmi;	and	r2=3,inp				};;

-{ .mib;	cmp.eq	p6,p0=r0,r2

-(p6)	br.dptk.many	sha1_block_asm_host_order	};;

-___

-$code.=<<___;

-	.prologue

-{ .mmi;	alloc	tmp1=ar.pfs,3,15,0,0

-	$ADDP	tmp0=4,ctx

-	.save	ar.lc,r3

-	mov	r3=ar.lc		}

-{ .mmi;	$ADDP	ctx=0,ctx

-	$ADDP	inp=0,inp

-	mov	r2=pr			};;

-tmp4=in2;

-tmp5=loc13;

-tmp6=loc14;

-	.body

-{ .mlx;	ld4	$h0=[ctx],8

-	movl	$K_00_19=0x5a827999	}

-{ .mlx;	ld4	$h1=[tmp0],8

-	movl	$K_20_39=0x6ed9eba1	};;

-{ .mlx;	ld4	$h2=[ctx],8

-	movl	$K_40_59=0x8f1bbcdc	}

-{ .mlx;	ld4	$h3=[tmp0]

-	movl	$K_60_79=0xca62c1d6	};;

-{ .mmi;	ld4	$h4=[ctx],-16

-	add	in2=-1,in2		    // adjust num for ar.lc

-	mov	ar.ec=1			};;

-{ .mmi;	nop.m	0

-	add	tmp3=1,inp

-	mov	ar.lc=in2		};; // brp.loop.imp: too far

-.Ldtop:

-{ .mmi;	mov	$A=$h0

-	mov	$B=$h1

-	mux2	tmp6=$h1,0x44		}

-{ .mmi;	mov	$C=$h2

-	mov	$D=$h3

-	mov	$E=$h4			};;

-___

-	&BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1);

-	&BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1);

-	&BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1);

-	&BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1);

-	&BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1);

-	&BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1);

-	&BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1);

-	&BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1);

-	&BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1);

-	&BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1);

-	&BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1);

-	&BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1);

-	&BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1);

-	&BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1);

-	&BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1);

-	&BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1);

-	&BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);

-	&BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);

-	&BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);

-	&BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);

-	&BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);

-	&BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);

-	&BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);

-	&BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);

-	&BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);

-	&BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);

-	&BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);

-	&BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);

-	&BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);

-	&BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);

-	&BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);

-	&BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);

-	&BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);

-	&BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);

-	&BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);

-	&BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);

-	&BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);

-	&BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);

-$code.=<<___;

-{ .mmb;	add	$h0=$h0,$E

-	nop.m	0

-	br.ctop.dptk.many	.Ldtop	};;

-.Ldend:

-{ .mmi;	add	tmp0=4,ctx

-	mov	ar.lc=r3		};;

-{ .mmi;	st4	[ctx]=$h0,8

-	st4	[tmp0]=$h1,8		};;

-{ .mmi;	st4	[ctx]=$h2,8

-	st4	[tmp0]=$h3		};;

-{ .mib;	st4	[ctx]=$h4,-16

-	mov	pr=r2,0x1ffff

-	br.ret.sptk.many	b0	};;

-.endp	sha1_block_asm_data_order#

-___

-print $code;

--- a/sys/src/ape/lib/openssl/crypto/sha/asm/sha512-ia64.pl

+++ /dev/null

@@ -1,431 +1,0 @@

-#!/usr/bin/env perl

-#

-# ====================================================================

-# Written by Andy Polyakov <[email protected]> for the OpenSSL

-# project. Rights for redistribution and usage in source and binary

-# forms are granted according to the OpenSSL license.

-# ====================================================================

-#

-# SHA256/512_Transform for Itanium.

-#

-# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50%

-# faster than gcc and >60%(!) faster than code generated by HP-UX

-# compiler (yes, HP-UX is generating slower code, because unlike gcc,

-# it failed to deploy "shift right pair," 'shrp' instruction, which

-# substitutes for 64-bit rotate).

-#

-# 924 cycles long sha256_block outperforms gcc by over factor of 2(!)

-# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost

-# this one big time). Note that "formally" 924 is about 100 cycles

-# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical

-# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round,

-# are spent on extra work to provide for 32-bit rotations. 32-bit

-# rotations are still handled by 'shrp' instruction and for this

-# reason lower 32 bits are deposited to upper half of 64-bit register

-# prior 'shrp' issue. And in order to minimize the amount of such

-# operations, X[16] values are *maintained* with copies of lower

-# halves in upper halves, which is why you'll spot such instructions

-# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel

-# 32-bit unsigned right shift," 'pshr4.u' instructions here.

-#

-# Rules of engagement.

-#

-# There is only one integer shifter meaning that if I have two rotate,

-# deposit or extract instructions in adjacent bundles, they shall

-# split [at run-time if they have to]. But note that variable and

-# parallel shifts are performed by multi-media ALU and *are* pairable

-# with rotates [and alike]. On the backside MMALU is rather slow: it

-# takes 2 extra cycles before the result of integer operation is

-# available *to* MMALU and 2(*) extra cycles before the result of MM

-# operation is available "back" *to* integer ALU, not to mention that

-# MMALU itself has 2 cycles latency. However! I explicitly scheduled

-# these MM instructions to avoid MM stalls, so that all these extra

-# latencies get "hidden" in instruction-level parallelism.

-#

-# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule

-#     for 2 in order to provide for best *overall* performance,

-#     because on Itanium 1 stall on MM result is accompanied by

-#     pipeline flush, which takes 6 cycles:-(

-#

-# Resulting performance numbers for 900MHz Itanium 2 system:

-#

-# The 'numbers' are in 1000s of bytes per second processed.

-# type     16 bytes    64 bytes   256 bytes  1024 bytes  8192 bytes

-# sha1(*)   6210.14k   20376.30k   52447.83k   85870.05k  105478.12k

-# sha256    7476.45k   20572.05k   41538.34k   56062.29k   62093.18k

-# sha512    4996.56k   20026.28k   47597.20k   85278.79k  111501.31k

-#

-# (*) SHA1 numbers are for HP-UX compiler and are presented purely

-#     for reference purposes. I bet it can improved too...

-#

-# To generate code, pass the file name with either 256 or 512 in its

-# name and compiler flags.

-$output=shift;

-if ($output =~ /512.*\.[s|asm]/) {

-	$SZ=8;

-	$BITS=8*$SZ;

-	$LDW="ld8";

-	$STW="st8";

-	$ADD="add";

-	$SHRU="shr.u";

-	$TABLE="K512";

-	$func="sha512_block";

-	@Sigma0=(28,34,39);

-	@Sigma1=(14,18,41);

-	@sigma0=(1,  8, 7);

-	@sigma1=(19,61, 6);

-	$rounds=80;

-} elsif ($output =~ /256.*\.[s|asm]/) {

-	$SZ=4;

-	$BITS=8*$SZ;

-	$LDW="ld4";

-	$STW="st4";

-	$ADD="padd4";

-	$SHRU="pshr4.u";

-	$TABLE="K256";

-	$func="sha256_block";

-	@Sigma0=( 2,13,22);

-	@Sigma1=( 6,11,25);

-	@sigma0=( 7,18, 3);

-	@sigma1=(17,19,10);

-	$rounds=64;

-} else { die "nonsense $output"; }

-open STDOUT,">$output" || die "can't open $output: $!";

-if ($^O eq "hpux") {

-    $ADDP="addp4";

-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }

-} else { $ADDP="add"; }

-for (@ARGV)  {	$big_endian=1 if (/\-DB_ENDIAN/);

-		$big_endian=0 if (/\-DL_ENDIAN/);  }

-if (!defined($big_endian))

-             {	$big_endian=(unpack('L',pack('N',1))==1);  }

-$code=<<___;

-.ident  \"$output, version 1.0\"

-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"

-.explicit

-.text

-prsave=r14;

-K=r15;

-A=r16;	B=r17;	C=r18;	D=r19;

-E=r20;	F=r21;	G=r22;	H=r23;

-T1=r24;	T2=r25;

-s0=r26;	s1=r27;	t0=r28;	t1=r29;

-Ktbl=r30;

-ctx=r31;	// 1st arg

-input=r48;	// 2nd arg

-num=r49;	// 3rd arg

-sgm0=r50;	sgm1=r51;	// small constants

-// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])

-.global	$func#

-.proc	$func#

-.align	32

-$func:

-	.prologue

-	.save	ar.pfs,r2

-{ .mmi;	alloc	r2=ar.pfs,3,17,0,16

-	$ADDP	ctx=0,r32		// 1st arg

-	.save	ar.lc,r3

-	mov	r3=ar.lc	}

-{ .mmi;	$ADDP	input=0,r33		// 2nd arg

-	addl	Ktbl=\@ltoff($TABLE#),gp

-	.save	pr,prsave

-	mov	prsave=pr	};;

-	.body

-{ .mii;	ld8	Ktbl=[Ktbl]

-	mov	num=r34		};;	// 3rd arg

-{ .mib;	add	r8=0*$SZ,ctx

-	add	r9=1*$SZ,ctx

-	brp.loop.imp	.L_first16,.L_first16_ctop

-				}

-{ .mib;	add	r10=2*$SZ,ctx

-	add	r11=3*$SZ,ctx

-	brp.loop.imp	.L_rest,.L_rest_ctop

-				};;

-// load A-H

-{ .mmi;	$LDW	A=[r8],4*$SZ

-	$LDW	B=[r9],4*$SZ

-	mov	sgm0=$sigma0[2]	}

-{ .mmi;	$LDW	C=[r10],4*$SZ

-	$LDW	D=[r11],4*$SZ

-	mov	sgm1=$sigma1[2]	};;

-{ .mmi;	$LDW	E=[r8]

-	$LDW	F=[r9]		}

-{ .mmi;	$LDW	G=[r10]

-	$LDW	H=[r11]

-	cmp.ne	p15,p14=0,r35	};;	// used in sha256_block

-.L_outer:

-{ .mii;	mov	ar.lc=15

-	mov	ar.ec=1		};;

-.align	32

-.L_first16:

-.rotr	X[16]

-___

-$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);

-{ .mib;	(p14)	add	r9=1,input

-	(p14)	add	r10=2,input	}

-{ .mib;	(p14)	add	r11=3,input

-	(p15)	br.dptk.few	.L_host	};;

-{ .mmi;	(p14)	ld1	r8=[input],$SZ

-	(p14)	ld1	r9=[r9]		}

-{ .mmi;	(p14)	ld1	r10=[r10]

-	(p14)	ld1	r11=[r11]	};;

-{ .mii;	(p14)	dep	r9=r8,r9,8,8

-	(p14)	dep	r11=r10,r11,8,8	};;

-{ .mib;	(p14)	dep	X[15]=r9,r11,16,16 };;

-.L_host:

-{ .mib;	(p15)	$LDW	X[15]=[input],$SZ	// X[i]=*input++

-		dep.z	$t1=E,32,32	}

-{ .mib;		$LDW	K=[Ktbl],$SZ

-		zxt4	E=E		};;

-{ .mmi;		or	$t1=$t1,E

-		and	T1=F,E

-		and	T2=A,B		}

-{ .mmi;		andcm	r8=G,E

-		and	r9=A,C

-		mux2	$t0=A,0x44	};;	// copy lower half to upper

-{ .mib;		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))

-		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)

-{ .mib;		and	r10=B,C

-		xor	T2=T2,r9	};;

-___

-$t0="A", $t1="E", $code.=<<___ if ($BITS==64);

-{ .mmi;		$LDW	X[15]=[input],$SZ	// X[i]=*input++

-		and	T1=F,E

-		and	T2=A,B		}

-{ .mmi;		$LDW	K=[Ktbl],$SZ

-		andcm	r8=G,E

-		and	r9=A,C		};;

-{ .mmi;		xor	T1=T1,r8		//T1=((e & f) ^ (~e & g))

-		and	r10=B,C

-		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)

-{ .mmi;		xor	T2=T2,r9

-		mux1	X[15]=X[15],\@rev };;	// eliminated in big-endian

-___

-$code.=<<___;

-{ .mib;		add	T1=T1,H			// T1=Ch(e,f,g)+h

-		_rotr	r8=$t1,$Sigma1[1] }	// ROTR(e,18)

-{ .mib;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))

-		mov	H=G		};;

-{ .mib;		xor	r11=r8,r11

-		_rotr	r9=$t1,$Sigma1[2] }	// ROTR(e,41)

-{ .mib;		mov	G=F

-		mov	F=E		};;

-{ .mib;		xor	r9=r9,r11		// r9=Sigma1(e)

-		_rotr	r10=$t0,$Sigma0[0] }	// ROTR(a,28)

-{ .mib;		add	T1=T1,K			// T1=Ch(e,f,g)+h+K512[i]

-		mov	E=D		};;

-{ .mib;		add	T1=T1,r9		// T1+=Sigma1(e)

-		_rotr	r11=$t0,$Sigma0[1] }	// ROTR(a,34)

-{ .mib;		mov	D=C

-		mov	C=B		};;

-{ .mib;		add	T1=T1,X[15]		// T1+=X[i]

-		_rotr	r8=$t0,$Sigma0[2] }	// ROTR(a,39)

-{ .mib;		xor	r10=r10,r11

-		mux2	X[15]=X[15],0x44 };;	// eliminated in 64-bit

-{ .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)

-		mov	B=A

-		add	A=T1,T2		};;

-.L_first16_ctop:

-{ .mib;		add	E=E,T1

-		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)

-	br.ctop.sptk	.L_first16	};;

-{ .mib;	mov	ar.lc=$rounds-17	}

-{ .mib;	mov	ar.ec=1			};;

-.align	32

-.L_rest:

-.rotr	X[16]

-{ .mib;		$LDW	K=[Ktbl],$SZ

-		_rotr	r8=X[15-1],$sigma0[0] }	// ROTR(s0,1)

-{ .mib; 	$ADD	X[15]=X[15],X[15-9]	// X[i&0xF]+=X[(i+9)&0xF]

-		$SHRU	s0=X[15-1],sgm0	};;	// s0=X[(i+1)&0xF]>>7

-{ .mib;		and	T1=F,E

-		_rotr	r9=X[15-1],$sigma0[1] }	// ROTR(s0,8)

-{ .mib;		andcm	r10=G,E

-		$SHRU	s1=X[15-14],sgm1 };;	// s1=X[(i+14)&0xF]>>6

-{ .mmi;		xor	T1=T1,r10		// T1=((e & f) ^ (~e & g))

-		xor	r9=r8,r9

-		_rotr	r10=X[15-14],$sigma1[0] };;// ROTR(s1,19)

-{ .mib;		and	T2=A,B

-		_rotr	r11=X[15-14],$sigma1[1] }// ROTR(s1,61)

-{ .mib;		and	r8=A,C		};;

-___

-$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);

-// I adhere to mmi; in order to hold Itanium 1 back and avoid 6 cycle

-// pipeline flush in last bundle. Note that even on Itanium2 the

-// latter stalls for one clock cycle...

-{ .mmi;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])

-		dep.z	$t1=E,32,32	}

-{ .mmi;		xor	r10=r11,r10

-		zxt4	E=E		};;

-{ .mmi;		or	$t1=$t1,E

-		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])

-		mux2	$t0=A,0x44	};;	// copy lower half to upper

-{ .mmi;		xor	T2=T2,r8

-		_rotr	r9=$t1,$Sigma1[0] }	// ROTR(e,14)

-{ .mmi;		and	r10=B,C

-		add	T1=T1,H			// T1=Ch(e,f,g)+h

-		$ADD	X[15]=X[15],s0	};;	// X[i&0xF]+=sigma0(X[(i+1)&0xF])

-___

-$t0="A", $t1="E", $code.=<<___ if ($BITS==64);

-{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])

-		_rotr	r9=$t1,$Sigma1[0] }	// ROTR(e,14)

-{ .mib;		xor	r10=r11,r10

-		xor	T2=T2,r8	};;

-{ .mib;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])

-		add	T1=T1,H		}

-{ .mib;		and	r10=B,C

-		$ADD	X[15]=X[15],s0	};;	// X[i&0xF]+=sigma0(X[(i+1)&0xF])

-___

-$code.=<<___;

-{ .mmi;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))

-		mov	H=G

-		_rotr	r8=$t1,$Sigma1[1] };;	// ROTR(e,18)

-{ .mmi;		xor	r11=r8,r9

-		$ADD	X[15]=X[15],s1		// X[i&0xF]+=sigma1(X[(i+14)&0xF])

-		_rotr	r9=$t1,$Sigma1[2] }	// ROTR(e,41)

-{ .mmi;		mov	G=F

-		mov	F=E		};;

-{ .mib;		xor	r9=r9,r11		// r9=Sigma1(e)

-		_rotr	r10=$t0,$Sigma0[0] }	// ROTR(a,28)

-{ .mib;		add	T1=T1,K			// T1=Ch(e,f,g)+h+K512[i]

-		mov	E=D		};;

-{ .mib;		add	T1=T1,r9		// T1+=Sigma1(e)

-		_rotr	r11=$t0,$Sigma0[1] }	// ROTR(a,34)

-{ .mib;		mov	D=C

-		mov	C=B		};;

-{ .mmi;		add	T1=T1,X[15]		// T1+=X[i]

-		xor	r10=r10,r11

-		_rotr	r8=$t0,$Sigma0[2] };;	// ROTR(a,39)

-{ .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)

-		mov	B=A

-		add	A=T1,T2		};;

-.L_rest_ctop:

-{ .mib;		add	E=E,T1

-		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)

-	br.ctop.sptk	.L_rest	};;

-{ .mib;	add	r8=0*$SZ,ctx

-	add	r9=1*$SZ,ctx		}

-{ .mib;	add	r10=2*$SZ,ctx

-	add	r11=3*$SZ,ctx		};;

-{ .mmi;	$LDW	r32=[r8],4*$SZ

-	$LDW	r33=[r9],4*$SZ		}

-{ .mmi;	$LDW	r34=[r10],4*$SZ

-	$LDW	r35=[r11],4*$SZ

-	cmp.ltu	p6,p7=1,num		};;

-{ .mmi;	$LDW	r36=[r8],-4*$SZ

-	$LDW	r37=[r9],-4*$SZ

-(p6)	add	Ktbl=-$SZ*$rounds,Ktbl	}

-{ .mmi;	$LDW	r38=[r10],-4*$SZ

-	$LDW	r39=[r11],-4*$SZ

-(p7)	mov	ar.lc=r3		};;

-{ .mmi;	add	A=A,r32

-	add	B=B,r33

-	add	C=C,r34			}

-{ .mmi;	add	D=D,r35

-	add	E=E,r36

-	add	F=F,r37			};;

-{ .mmi;	$STW	[r8]=A,4*$SZ

-	$STW	[r9]=B,4*$SZ

-	add	G=G,r38			}

-{ .mmi;	$STW	[r10]=C,4*$SZ

-	$STW	[r11]=D,4*$SZ

-	add	H=H,r39			};;

-{ .mmi;	$STW	[r8]=E

-	$STW	[r9]=F

-(p6)	add	num=-1,num		}

-{ .mmb;	$STW	[r10]=G

-	$STW	[r11]=H

-(p6)	br.dptk.many	.L_outer	};;

-{ .mib;	mov	pr=prsave,0x1ffff

-	br.ret.sptk.many	b0	};;

-.endp	$func#

-___

-$code =~ s/\`([^\`]*)\`/eval $1/gem;

-$code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;

-if ($BITS==64) {

-    $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm;

-    $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian);

-}

-print $code;

-print<<___ if ($BITS==32);

-.align	64

-.type	K256#,\@object

-K256:	data4	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5

-	data4	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5

-	data4	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3

-	data4	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174

-	data4	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc

-	data4	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da

-	data4	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7

-	data4	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967

-	data4	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13

-	data4	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85

-	data4	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3

-	data4	0xd192e819,0xd6990624,0xf40e3585,0x106aa070

-	data4	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5

-	data4	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3

-	data4	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208

-	data4	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2

-.size	K256#,$SZ*$rounds

-___

-print<<___ if ($BITS==64);

-.align	64

-.type	K512#,\@object

-K512:	data8	0x428a2f98d728ae22,0x7137449123ef65cd

-	data8	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc

-	data8	0x3956c25bf348b538,0x59f111f1b605d019

-	data8	0x923f82a4af194f9b,0xab1c5ed5da6d8118

-	data8	0xd807aa98a3030242,0x12835b0145706fbe

-	data8	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2

-	data8	0x72be5d74f27b896f,0x80deb1fe3b1696b1

-	data8	0x9bdc06a725c71235,0xc19bf174cf692694

-	data8	0xe49b69c19ef14ad2,0xefbe4786384f25e3

-	data8	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65

-	data8	0x2de92c6f592b0275,0x4a7484aa6ea6e483

-	data8	0x5cb0a9dcbd41fbd4,0x76f988da831153b5

-	data8	0x983e5152ee66dfab,0xa831c66d2db43210

-	data8	0xb00327c898fb213f,0xbf597fc7beef0ee4

-	data8	0xc6e00bf33da88fc2,0xd5a79147930aa725

-	data8	0x06ca6351e003826f,0x142929670a0e6e70

-	data8	0x27b70a8546d22ffc,0x2e1b21385c26c926

-	data8	0x4d2c6dfc5ac42aed,0x53380d139d95b3df

-	data8	0x650a73548baf63de,0x766a0abb3c77b2a8

-	data8	0x81c2c92e47edaee6,0x92722c851482353b

-	data8	0xa2bfe8a14cf10364,0xa81a664bbc423001

-	data8	0xc24b8b70d0f89791,0xc76c51a30654be30

-	data8	0xd192e819d6ef5218,0xd69906245565a910

-	data8	0xf40e35855771202a,0x106aa07032bbd1b8

-	data8	0x19a4c116b8d2d0c8,0x1e376c085141ab53

-	data8	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8

-	data8	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb

-	data8	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3

-	data8	0x748f82ee5defb2fc,0x78a5636f43172f60

-	data8	0x84c87814a1f0ab72,0x8cc702081a6439ec

-	data8	0x90befffa23631e28,0xa4506cebde82bde9

-	data8	0xbef9a3f7b2c67915,0xc67178f2e372532b

-	data8	0xca273eceea26619c,0xd186b8c721c0c207

-	data8	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178

-	data8	0x06f067aa72176fba,0x0a637dc5a2c898a6

-	data8	0x113f9804bef90dae,0x1b710b35131c471b

-	data8	0x28db77f523047d84,0x32caab7b40c72493

-	data8	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c

-	data8	0x4cc5d4becb3e42b6,0x597f299cfc657e2a

-	data8	0x5fcb6fab3ad6faec,0x6c44198c4a475817

-.size	K512#,$SZ*$rounds

-___

--- a/sys/src/ape/lib/openssl/crypto/sha/asm/sha512-sse2.pl

+++ /dev/null

@@ -1,404 +1,0 @@

-#!/usr/bin/env perl

-#

-# ====================================================================

-# Written by Andy Polyakov <[email protected]> for the OpenSSL

-# project. Rights for redistribution and usage in source and binary

-# forms are granted according to the OpenSSL license.

-# ====================================================================

-#

-# SHA512_Transform_SSE2.

-#

-# As the name suggests, this is an IA-32 SSE2 implementation of

-# SHA512_Transform. Motivating factor for the undertaken effort was that

-# SHA512 was observed to *consistently* perform *significantly* poorer

-# than SHA256 [2x and slower is common] on 32-bit platforms. On 64-bit

-# platforms on the other hand SHA512 tend to outperform SHA256 [~50%

-# seem to be common improvement factor]. All this is perfectly natural,

-# as SHA512 is a 64-bit algorithm. But isn't IA-32 SSE2 essentially

-# a 64-bit instruction set? Is it rich enough to implement SHA512?

-# If answer was "no," then you wouldn't have been reading this...

-#

-# Throughput performance in MBps (larger is better):

-#

-#		2.4GHz P4	1.4GHz AMD32	1.4GHz AMD64(*)

-# SHA256/gcc(*)	54		43		59

-# SHA512/gcc	17		23		92

-# SHA512/sse2	61(**)		57(**)

-# SHA512/icc	26		28

-# SHA256/icc(*)	65		54

-#

-# (*)	AMD64 and SHA256 numbers are presented mostly for amusement or

-#	reference purposes.

-# (**)	I.e. it gives ~2-3x speed-up if compared with compiler generated

-#	code. One can argue that hand-coded *non*-SSE2 implementation

-#	would perform better than compiler generated one as well, and

-#	that comparison is therefore not exactly fair. Well, as SHA512

-#	puts enormous pressure on IA-32 GP register bank, I reckon that

-#	hand-coded version wouldn't perform significantly better than

-#	one compiled with icc, ~20% perhaps... So that this code would

-#	still outperform it with distinguishing marginal. But feel free

-#	to prove me wrong:-)

-#						<[email protected]>

-push(@INC,"perlasm","../../perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],"sha512-sse2.pl",$ARGV[$#ARGV] eq "386");

-$K512="esi";	# K512[80] table, found at the end...

-#$W512="esp";	# $W512 is not just W512[16]: it comprises *two* copies

-		# of W512[16] and a copy of A-H variables...

-$W512_SZ=8*(16+16+8);	# see above...

-#$Kidx="ebx";	# index in K512 table, advances from 0 to 80...

-$Widx="edx";	# index in W512, wraps around at 16...

-$data="edi";	# 16 qwords of input data...

-$A="mm0";	# B-D and

-$E="mm1";	# F-H are allocated dynamically...

-$Aoff=256+0;	# A-H offsets relative to $W512...

-$Boff=256+8;

-$Coff=256+16;

-$Doff=256+24;

-$Eoff=256+32;

-$Foff=256+40;

-$Goff=256+48;

-$Hoff=256+56;

-sub SHA2_ROUND()

-{ local ($kidx,$widx)=@_;

-	# One can argue that one could reorder instructions for better

-	# performance. Well, I tried and it doesn't seem to make any

-	# noticeable difference. Modern out-of-order execution cores

-	# reorder instructions to their liking in either case and they

-	# apparently do decent job. So we can keep the code more

-	# readable/regular/comprehensible:-)

-	# I adhere to 64-bit %mmX registers in order to avoid/not care

-	# about #GP exceptions on misaligned 128-bit access, most

-	# notably in paddq with memory operand. Not to mention that

-	# SSE2 intructions operating on %mmX can be scheduled every

-	# cycle [and not every second one if operating on %xmmN].

-	&movq	("mm4",&QWP($Foff,$W512));	# load f

-	&movq	("mm5",&QWP($Goff,$W512));	# load g

-	&movq	("mm6",&QWP($Hoff,$W512));	# load h

-	&movq	("mm2",$E);			# %mm2 is sliding right

-	&movq	("mm3",$E);			# %mm3 is sliding left

-	&psrlq	("mm2",14);

-	&psllq	("mm3",23);

-	&movq	("mm7","mm2");			# %mm7 is T1

-	&pxor	("mm7","mm3");

-	&psrlq	("mm2",4);

-	&psllq	("mm3",23);

-	&pxor	("mm7","mm2");

-	&pxor	("mm7","mm3");

-	&psrlq	("mm2",23);

-	&psllq	("mm3",4);

-	&pxor	("mm7","mm2");

-	&pxor	("mm7","mm3");			# T1=Sigma1_512(e)

-	&movq	(&QWP($Foff,$W512),$E);		# f = e

-	&movq	(&QWP($Goff,$W512),"mm4");	# g = f

-	&movq	(&QWP($Hoff,$W512),"mm5");	# h = g

-	&pxor	("mm4","mm5");			# f^=g

-	&pand	("mm4",$E);			# f&=e

-	&pxor	("mm4","mm5");			# f^=g

-	&paddq	("mm7","mm4");			# T1+=Ch(e,f,g)

-	&movq	("mm2",&QWP($Boff,$W512));	# load b

-	&movq	("mm3",&QWP($Coff,$W512));	# load c

-	&movq	($E,&QWP($Doff,$W512));		# e = d

-	&paddq	("mm7","mm6");			# T1+=h

-	&paddq	("mm7",&QWP(0,$K512,$kidx,8));	# T1+=K512[i]

-	&paddq	("mm7",&QWP(0,$W512,$widx,8));	# T1+=W512[i]

-	&paddq	($E,"mm7");			# e += T1

-	&movq	("mm4",$A);			# %mm4 is sliding right

-	&movq	("mm5",$A);			# %mm5 is sliding left

-	&psrlq	("mm4",28);

-	&psllq	("mm5",25);

-	&movq	("mm6","mm4");			# %mm6 is T2

-	&pxor	("mm6","mm5");

-	&psrlq	("mm4",6);

-	&psllq	("mm5",5);

-	&pxor	("mm6","mm4");

-	&pxor	("mm6","mm5");

-	&psrlq	("mm4",5);

-	&psllq	("mm5",6);

-	&pxor	("mm6","mm4");

-	&pxor	("mm6","mm5");			# T2=Sigma0_512(a)

-	&movq	(&QWP($Boff,$W512),$A);		# b = a

-	&movq	(&QWP($Coff,$W512),"mm2");	# c = b

-	&movq	(&QWP($Doff,$W512),"mm3");	# d = c

-	&movq	("mm4",$A);			# %mm4=a

-	&por	($A,"mm3");			# a=a|c

-	&pand	("mm4","mm3");			# %mm4=a&c

-	&pand	($A,"mm2");			# a=(a|c)&b

-	&por	("mm4",$A);			# %mm4=(a&c)|((a|c)&b)

-	&paddq	("mm6","mm4");			# T2+=Maj(a,b,c)

-	&movq	($A,"mm7");			# a=T1

-	&paddq	($A,"mm6");			# a+=T2

-}

-$func="sha512_block_sse2";

-&function_begin_B($func);

-	if (0) {# Caller is expected to check if it's appropriate to

-		# call this routine. Below 3 lines are retained for

-		# debugging purposes...

-		&picmeup("eax","OPENSSL_ia32cap");

-		&bt	(&DWP(0,"eax"),26);

-		&jnc	("SHA512_Transform");

-	}

-	&push	("ebp");

-	&mov	("ebp","esp");

-	&push	("ebx");

-	&push	("esi");

-	&push	("edi");

-	&mov	($Widx,&DWP(8,"ebp"));		# A-H state, 1st arg

-	&mov	($data,&DWP(12,"ebp"));		# input data, 2nd arg

-	&call	(&label("pic_point"));		# make it PIC!

-&set_label("pic_point");

-	&blindpop($K512);

-	&lea	($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));

-	$W512 = "esp";			# start using %esp as W512

-	&sub	($W512,$W512_SZ);

-	&and	($W512,-16);		# ensure 128-bit alignment

-	# make private copy of A-H

-	#     v assume the worst and stick to unaligned load

-	&movdqu	("xmm0",&QWP(0,$Widx));

-	&movdqu	("xmm1",&QWP(16,$Widx));

-	&movdqu	("xmm2",&QWP(32,$Widx));

-	&movdqu	("xmm3",&QWP(48,$Widx));

-&align(8);

-&set_label("_chunk_loop");

-	&movdqa	(&QWP($Aoff,$W512),"xmm0");	# a,b

-	&movdqa	(&QWP($Coff,$W512),"xmm1");	# c,d

-	&movdqa	(&QWP($Eoff,$W512),"xmm2");	# e,f

-	&movdqa	(&QWP($Goff,$W512),"xmm3");	# g,h

-	&xor	($Widx,$Widx);

-	&movdq2q($A,"xmm0");			# load a

-	&movdq2q($E,"xmm2");			# load e

-	# Why aren't loops unrolled? It makes sense to unroll if

-	# execution time for loop body is comparable with branch

-	# penalties and/or if whole data-set resides in register bank.

-	# Neither is case here... Well, it would be possible to

-	# eliminate few store operations, but it would hardly affect

-	# so to say stop-watch performance, as there is a lot of

-	# available memory slots to fill. It will only relieve some

-	# pressure off memory bus...

-	# flip input stream byte order...

-	&mov	("eax",&DWP(0,$data,$Widx,8));

-	&mov	("ebx",&DWP(4,$data,$Widx,8));

-	&bswap	("eax");

-	&bswap	("ebx");

-	&mov	(&DWP(0,$W512,$Widx,8),"ebx");		# W512[i]

-	&mov	(&DWP(4,$W512,$Widx,8),"eax");

-	&mov	(&DWP(128+0,$W512,$Widx,8),"ebx");	# copy of W512[i]

-	&mov	(&DWP(128+4,$W512,$Widx,8),"eax");

-&align(8);

-&set_label("_1st_loop");		# 0-15

-	# flip input stream byte order...

-	&mov	("eax",&DWP(0+8,$data,$Widx,8));

-	&mov	("ebx",&DWP(4+8,$data,$Widx,8));

-	&bswap	("eax");

-	&bswap	("ebx");

-	&mov	(&DWP(0+8,$W512,$Widx,8),"ebx");	# W512[i]

-	&mov	(&DWP(4+8,$W512,$Widx,8),"eax");

-	&mov	(&DWP(128+0+8,$W512,$Widx,8),"ebx");	# copy of W512[i]

-	&mov	(&DWP(128+4+8,$W512,$Widx,8),"eax");

-&set_label("_1st_looplet");

-	&SHA2_ROUND($Widx,$Widx); &inc($Widx);

-&cmp	($Widx,15)

-&jl	(&label("_1st_loop"));

-&je	(&label("_1st_looplet"));	# playing similar trick on 2nd loop

-					# does not improve performance...

-	$Kidx = "ebx";			# start using %ebx as Kidx

-	&mov	($Kidx,$Widx);

-&align(8);

-&set_label("_2nd_loop");		# 16-79

-	&and($Widx,0xf);

-	# 128-bit fragment! I update W512[i] and W512[i+1] in

-	# parallel:-) Note that I refer to W512[(i&0xf)+N] and not to

-	# W512[(i+N)&0xf]! This is exactly what I maintain the second

-	# copy of W512[16] for...

-	&movdqu	("xmm0",&QWP(8*1,$W512,$Widx,8));	# s0=W512[i+1]

-	&movdqa	("xmm2","xmm0");		# %xmm2 is sliding right

-	&movdqa	("xmm3","xmm0");		# %xmm3 is sliding left

-	&psrlq	("xmm2",1);

-	&psllq	("xmm3",56);

-	&movdqa	("xmm0","xmm2");

-	&pxor	("xmm0","xmm3");

-	&psrlq	("xmm2",6);

-	&psllq	("xmm3",7);

-	&pxor	("xmm0","xmm2");

-	&pxor	("xmm0","xmm3");

-	&psrlq	("xmm2",1);

-	&pxor	("xmm0","xmm2");		# s0 = sigma0_512(s0);

-	&movdqa	("xmm1",&QWP(8*14,$W512,$Widx,8));	# s1=W512[i+14]

-	&movdqa	("xmm4","xmm1");		# %xmm4 is sliding right

-	&movdqa	("xmm5","xmm1");		# %xmm5 is sliding left

-	&psrlq	("xmm4",6);

-	&psllq	("xmm5",3);

-	&movdqa	("xmm1","xmm4");

-	&pxor	("xmm1","xmm5");

-	&psrlq	("xmm4",13);

-	&psllq	("xmm5",42);

-	&pxor	("xmm1","xmm4");

-	&pxor	("xmm1","xmm5");

-	&psrlq	("xmm4",42);

-	&pxor	("xmm1","xmm4");		# s1 = sigma1_512(s1);

-	#     + have to explictly load W512[i+9] as it's not 128-bit

-	#     v	aligned and paddq would throw an exception...

-	&movdqu	("xmm6",&QWP(8*9,$W512,$Widx,8));

-	&paddq	("xmm0","xmm1");		# s0 += s1

-	&paddq	("xmm0","xmm6");		# s0 += W512[i+9]

-	&paddq	("xmm0",&QWP(0,$W512,$Widx,8));	# s0 += W512[i]

-	&movdqa	(&QWP(0,$W512,$Widx,8),"xmm0");		# W512[i] = s0

-	&movdqa	(&QWP(16*8,$W512,$Widx,8),"xmm0");	# copy of W512[i]

-	# as the above fragment was 128-bit, we "owe" 2 rounds...

-	&SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx);

-	&SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx);

-&cmp	($Kidx,80);

-&jl	(&label("_2nd_loop"));

-	# update A-H state

-	&mov	($Widx,&DWP(8,"ebp"));		# A-H state, 1st arg

-	&movq	(&QWP($Aoff,$W512),$A);		# write out a

-	&movq	(&QWP($Eoff,$W512),$E);		# write out e

-	&movdqu	("xmm0",&QWP(0,$Widx));

-	&movdqu	("xmm1",&QWP(16,$Widx));

-	&movdqu	("xmm2",&QWP(32,$Widx));

-	&movdqu	("xmm3",&QWP(48,$Widx));

-	&paddq	("xmm0",&QWP($Aoff,$W512));	# 128-bit additions...

-	&paddq	("xmm1",&QWP($Coff,$W512));

-	&paddq	("xmm2",&QWP($Eoff,$W512));

-	&paddq	("xmm3",&QWP($Goff,$W512));

-	&movdqu	(&QWP(0,$Widx),"xmm0");

-	&movdqu	(&QWP(16,$Widx),"xmm1");

-	&movdqu	(&QWP(32,$Widx),"xmm2");

-	&movdqu	(&QWP(48,$Widx),"xmm3");

-&add	($data,16*8);				# advance input data pointer

-&dec	(&DWP(16,"ebp"));			# decrement 3rd arg

-&jnz	(&label("_chunk_loop"));

-	# epilogue

-	&emms	();	# required for at least ELF and Win32 ABIs

-	&mov	("edi",&DWP(-12,"ebp"));

-	&mov	("esi",&DWP(-8,"ebp"));

-	&mov	("ebx",&DWP(-4,"ebp"));

-	&leave	();

-&ret	();

-&align(64);

-&set_label("K512");	# Yes! I keep it in the code segment!

-	&data_word(0xd728ae22,0x428a2f98);	# u64

-	&data_word(0x23ef65cd,0x71374491);	# u64

-	&data_word(0xec4d3b2f,0xb5c0fbcf);	# u64

-	&data_word(0x8189dbbc,0xe9b5dba5);	# u64

-	&data_word(0xf348b538,0x3956c25b);	# u64

-	&data_word(0xb605d019,0x59f111f1);	# u64

-	&data_word(0xaf194f9b,0x923f82a4);	# u64

-	&data_word(0xda6d8118,0xab1c5ed5);	# u64

-	&data_word(0xa3030242,0xd807aa98);	# u64

-	&data_word(0x45706fbe,0x12835b01);	# u64

-	&data_word(0x4ee4b28c,0x243185be);	# u64

-	&data_word(0xd5ffb4e2,0x550c7dc3);	# u64

-	&data_word(0xf27b896f,0x72be5d74);	# u64

-	&data_word(0x3b1696b1,0x80deb1fe);	# u64

-	&data_word(0x25c71235,0x9bdc06a7);	# u64

-	&data_word(0xcf692694,0xc19bf174);	# u64

-	&data_word(0x9ef14ad2,0xe49b69c1);	# u64

-	&data_word(0x384f25e3,0xefbe4786);	# u64

-	&data_word(0x8b8cd5b5,0x0fc19dc6);	# u64

-	&data_word(0x77ac9c65,0x240ca1cc);	# u64

-	&data_word(0x592b0275,0x2de92c6f);	# u64

-	&data_word(0x6ea6e483,0x4a7484aa);	# u64

-	&data_word(0xbd41fbd4,0x5cb0a9dc);	# u64

-	&data_word(0x831153b5,0x76f988da);	# u64

-	&data_word(0xee66dfab,0x983e5152);	# u64

-	&data_word(0x2db43210,0xa831c66d);	# u64

-	&data_word(0x98fb213f,0xb00327c8);	# u64

-	&data_word(0xbeef0ee4,0xbf597fc7);	# u64

-	&data_word(0x3da88fc2,0xc6e00bf3);	# u64

-	&data_word(0x930aa725,0xd5a79147);	# u64

-	&data_word(0xe003826f,0x06ca6351);	# u64

-	&data_word(0x0a0e6e70,0x14292967);	# u64

-	&data_word(0x46d22ffc,0x27b70a85);	# u64

-	&data_word(0x5c26c926,0x2e1b2138);	# u64

-	&data_word(0x5ac42aed,0x4d2c6dfc);	# u64

-	&data_word(0x9d95b3df,0x53380d13);	# u64

-	&data_word(0x8baf63de,0x650a7354);	# u64

-	&data_word(0x3c77b2a8,0x766a0abb);	# u64

-	&data_word(0x47edaee6,0x81c2c92e);	# u64

-	&data_word(0x1482353b,0x92722c85);	# u64

-	&data_word(0x4cf10364,0xa2bfe8a1);	# u64

-	&data_word(0xbc423001,0xa81a664b);	# u64

-	&data_word(0xd0f89791,0xc24b8b70);	# u64

-	&data_word(0x0654be30,0xc76c51a3);	# u64

-	&data_word(0xd6ef5218,0xd192e819);	# u64

-	&data_word(0x5565a910,0xd6990624);	# u64

-	&data_word(0x5771202a,0xf40e3585);	# u64

-	&data_word(0x32bbd1b8,0x106aa070);	# u64

-	&data_word(0xb8d2d0c8,0x19a4c116);	# u64

-	&data_word(0x5141ab53,0x1e376c08);	# u64

-	&data_word(0xdf8eeb99,0x2748774c);	# u64

-	&data_word(0xe19b48a8,0x34b0bcb5);	# u64

-	&data_word(0xc5c95a63,0x391c0cb3);	# u64

-	&data_word(0xe3418acb,0x4ed8aa4a);	# u64

-	&data_word(0x7763e373,0x5b9cca4f);	# u64

-	&data_word(0xd6b2b8a3,0x682e6ff3);	# u64

-	&data_word(0x5defb2fc,0x748f82ee);	# u64

-	&data_word(0x43172f60,0x78a5636f);	# u64

-	&data_word(0xa1f0ab72,0x84c87814);	# u64

-	&data_word(0x1a6439ec,0x8cc70208);	# u64

-	&data_word(0x23631e28,0x90befffa);	# u64

-	&data_word(0xde82bde9,0xa4506ceb);	# u64

-	&data_word(0xb2c67915,0xbef9a3f7);	# u64

-	&data_word(0xe372532b,0xc67178f2);	# u64

-	&data_word(0xea26619c,0xca273ece);	# u64

-	&data_word(0x21c0c207,0xd186b8c7);	# u64

-	&data_word(0xcde0eb1e,0xeada7dd6);	# u64

-	&data_word(0xee6ed178,0xf57d4f7f);	# u64

-	&data_word(0x72176fba,0x06f067aa);	# u64

-	&data_word(0xa2c898a6,0x0a637dc5);	# u64

-	&data_word(0xbef90dae,0x113f9804);	# u64

-	&data_word(0x131c471b,0x1b710b35);	# u64

-	&data_word(0x23047d84,0x28db77f5);	# u64

-	&data_word(0x40c72493,0x32caab7b);	# u64

-	&data_word(0x15c9bebc,0x3c9ebe0a);	# u64

-	&data_word(0x9c100d4c,0x431d67c4);	# u64

-	&data_word(0xcb3e42b6,0x4cc5d4be);	# u64

-	&data_word(0xfc657e2a,0x597f299c);	# u64

-	&data_word(0x3ad6faec,0x5fcb6fab);	# u64

-	&data_word(0x4a475817,0x6c44198c);	# u64

-&function_end_B($func);

-&asm_finish();

--- a/sys/src/ape/lib/openssl/crypto/sha/sha.c

+++ /dev/null

@@ -1,124 +1,0 @@

-/* crypto/sha/sha.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/sha.h>

-#define BUFSIZE	1024*16

-void do_fp(FILE *f);

-void pt(unsigned char *md);

-int read(int, void *, unsigned int);

-int main(int argc, char **argv)

-	{

-	int i,err=0;

-	FILE *IN;

-	if (argc == 1)

-		{

-		do_fp(stdin);

-		}

-	else

-		{

-		for (i=1; i<argc; i++)

-			{

-			IN=fopen(argv[i],"r");

-			if (IN == NULL)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			printf("SHA(%s)= ",argv[i]);

-			do_fp(IN);

-			fclose(IN);

-			}

-		}

-	exit(err);

-	}

-void do_fp(FILE *f)

-	{

-	SHA_CTX c;

-	unsigned char md[SHA_DIGEST_LENGTH];

-	int fd;

-	int i;

-	unsigned char buf[BUFSIZE];

-	fd=fileno(f);

-	SHA_Init(&c);

-	for (;;)

-		{

-		i=read(fd,buf,BUFSIZE);

-		if (i <= 0) break;

-		SHA_Update(&c,buf,(unsigned long)i);

-		}

-	SHA_Final(&(md[0]),&c);

-	pt(md);

-	}

-void pt(unsigned char *md)

-	{

-	int i;

-	for (i=0; i<SHA_DIGEST_LENGTH; i++)

-		printf("%02x",md[i]);

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/sha/sha.h

+++ /dev/null

@@ -1,200 +1,0 @@

-/* crypto/sha/sha.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_SHA_H

-#define HEADER_SHA_H

-#include <openssl/e_os2.h>

-#include <stddef.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))

-#error SHA is disabled.

-#endif

-#if defined(OPENSSL_FIPS)

-#define FIPS_SHA_SIZE_T size_t

-#endif

-/*

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !

- * ! SHA_LONG_LOG2 has to be defined along.                        !

- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- */

-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)

-#define SHA_LONG unsigned long

-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)

-#define SHA_LONG unsigned long

-#define SHA_LONG_LOG2 3

-#else

-#define SHA_LONG unsigned int

-#endif

-#define SHA_LBLOCK	16

-#define SHA_CBLOCK	(SHA_LBLOCK*4)	/* SHA treats input data as a

-					 * contiguous array of 32 bit

-					 * wide big-endian values. */

-#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)

-#define SHA_DIGEST_LENGTH 20

-typedef struct SHAstate_st

-	{

-	SHA_LONG h0,h1,h2,h3,h4;

-	SHA_LONG Nl,Nh;

-	SHA_LONG data[SHA_LBLOCK];

-	unsigned int num;

-	} SHA_CTX;

-#ifndef OPENSSL_NO_SHA0

-int SHA_Init(SHA_CTX *c);

-int SHA_Update(SHA_CTX *c, const void *data, size_t len);

-int SHA_Final(unsigned char *md, SHA_CTX *c);

-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);

-void SHA_Transform(SHA_CTX *c, const unsigned char *data);

-#endif

-#ifndef OPENSSL_NO_SHA1

-int SHA1_Init(SHA_CTX *c);

-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);

-int SHA1_Final(unsigned char *md, SHA_CTX *c);

-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);

-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);

-#endif

-#define SHA256_CBLOCK	(SHA_LBLOCK*4)	/* SHA-256 treats input data as a

-					 * contiguous array of 32 bit

-					 * wide big-endian values. */

-#define SHA224_DIGEST_LENGTH	28

-#define SHA256_DIGEST_LENGTH	32

-typedef struct SHA256state_st

-	{

-	SHA_LONG h[8];

-	SHA_LONG Nl,Nh;

-	SHA_LONG data[SHA_LBLOCK];

-	unsigned int num,md_len;

-	} SHA256_CTX;

-#ifndef OPENSSL_NO_SHA256

-int SHA224_Init(SHA256_CTX *c);

-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);

-int SHA224_Final(unsigned char *md, SHA256_CTX *c);

-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);

-int SHA256_Init(SHA256_CTX *c);

-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);

-int SHA256_Final(unsigned char *md, SHA256_CTX *c);

-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);

-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);

-#endif

-#define SHA384_DIGEST_LENGTH	48

-#define SHA512_DIGEST_LENGTH	64

-#ifndef OPENSSL_NO_SHA512

-/*

- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64

- * being exactly 64-bit wide. See Implementation Notes in sha512.c

- * for further details.

- */

-#define SHA512_CBLOCK	(SHA_LBLOCK*8)	/* SHA-512 treats input data as a

-					 * contiguous array of 64 bit

-					 * wide big-endian values. */

-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)

-#define SHA_LONG64 unsigned __int64

-#define U64(C)     C##UI64

-#elif defined(__arch64__)

-#define SHA_LONG64 unsigned long

-#define U64(C)     C##UL

-#else

-#define SHA_LONG64 unsigned long long

-#define U64(C)     C##ULL

-#endif

-typedef struct SHA512state_st

-	{

-	SHA_LONG64 h[8];

-	SHA_LONG64 Nl,Nh;

-	union {

-		SHA_LONG64	d[SHA_LBLOCK];

-		unsigned char	p[SHA512_CBLOCK];

-	} u;

-	unsigned int num,md_len;

-	} SHA512_CTX;

-#endif

-#ifndef OPENSSL_NO_SHA512

-int SHA384_Init(SHA512_CTX *c);

-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);

-int SHA384_Final(unsigned char *md, SHA512_CTX *c);

-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);

-int SHA512_Init(SHA512_CTX *c);

-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);

-int SHA512_Final(unsigned char *md, SHA512_CTX *c);

-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);

-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha1.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* crypto/sha/sha1.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/sha.h>

-#define BUFSIZE	1024*16

-void do_fp(FILE *f);

-void pt(unsigned char *md);

-#ifndef _OSD_POSIX

-int read(int, void *, unsigned int);

-#endif

-int main(int argc, char **argv)

-	{

-	int i,err=0;

-	FILE *IN;

-	if (argc == 1)

-		{

-		do_fp(stdin);

-		}

-	else

-		{

-		for (i=1; i<argc; i++)

-			{

-			IN=fopen(argv[i],"r");

-			if (IN == NULL)

-				{

-				perror(argv[i]);

-				err++;

-				continue;

-				}

-			printf("SHA1(%s)= ",argv[i]);

-			do_fp(IN);

-			fclose(IN);

-			}

-		}

-	exit(err);

-	}

-void do_fp(FILE *f)

-	{

-	SHA_CTX c;

-	unsigned char md[SHA_DIGEST_LENGTH];

-	int fd;

-	int i;

-	unsigned char buf[BUFSIZE];

-	fd=fileno(f);

-	SHA1_Init(&c);

-	for (;;)

-		{

-		i=read(fd,buf,BUFSIZE);

-		if (i <= 0) break;

-		SHA1_Update(&c,buf,(unsigned long)i);

-		}

-	SHA1_Final(&(md[0]),&c);

-	pt(md);

-	}

-void pt(unsigned char *md)

-	{

-	int i;

-	for (i=0; i<SHA_DIGEST_LENGTH; i++)

-		printf("%02x",md[i]);

-	printf("\n");

-	}

--- a/sys/src/ape/lib/openssl/crypto/sha/sha1_one.c

+++ /dev/null

@@ -1,78 +1,0 @@

-/* crypto/sha/sha1_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/sha.h>

-#include <openssl/crypto.h>

-#ifndef OPENSSL_NO_SHA1

-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	SHA_CTX c;

-	static unsigned char m[SHA_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!SHA1_Init(&c))

-		return NULL;

-	SHA1_Update(&c,d,n);

-	SHA1_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));

-	return(md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha1dgst.c

+++ /dev/null

@@ -1,74 +1,0 @@

-/* crypto/sha/sha1dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>

-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)

-#undef  SHA_0

-#define SHA_1

-#include <openssl/opensslv.h>

-const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;

-/* The implementation is in ../md32_common.h */

-#include "sha_locl.h"

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha1s.cpp

+++ /dev/null

@@ -1,82 +1,0 @@

-//

-// gettsc.inl

-//

-// gives access to the Pentium's (secret) cycle counter

-//

-// This software was written by Leonard Janke ([email protected])

-// in 1996-7 and is entered, by him, into the public domain.

-#if defined(__WATCOMC__)

-void GetTSC(unsigned long&);

-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];

-#elif defined(__GNUC__)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  asm volatile(".byte 15, 49\n\t"

-	       : "=eax" (tsc)

-	       :

-	       : "%edx", "%eax");

-}

-#elif defined(_MSC_VER)

-inline

-void GetTSC(unsigned long& tsc)

-{

-  unsigned long a;

-  __asm _emit 0fh

-  __asm _emit 31h

-  __asm mov a, eax;

-  tsc=a;

-}

-#endif

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/sha.h>

-#define sha1_block_x86 sha1_block_asm_data_order

-extern "C" {

-void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);

-}

-void main(int argc,char *argv[])

-	{

-	unsigned char buffer[64*256];

-	SHA_CTX ctx;

-	unsigned long s1,s2,e1,e2;

-	unsigned char k[16];

-	unsigned long data[2];

-	unsigned char iv[8];

-	int i,num=0,numm;

-	int j=0;

-	if (argc >= 2)

-		num=atoi(argv[1]);

-	if (num == 0) num=16;

-	if (num > 250) num=16;

-	numm=num+2;

-#if 0

-	num*=64;

-	numm*=64;

-#endif

-	for (j=0; j<6; j++)

-		{

-		for (i=0; i<10; i++) /**/

-			{

-			sha1_block_x86(&ctx,buffer,numm);

-			GetTSC(s1);

-			sha1_block_x86(&ctx,buffer,numm);

-			GetTSC(e1);

-			GetTSC(s2);

-			sha1_block_x86(&ctx,buffer,num);

-			GetTSC(e2);

-			sha1_block_x86(&ctx,buffer,num);

-			}

-		printf("sha1 (%d bytes) %d %d (%.2f)\n",num*64,

-			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/sha/sha1test.c

+++ /dev/null

@@ -1,178 +1,0 @@

-/* crypto/sha/sha1test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#ifdef OPENSSL_NO_SHA

-int main(int argc, char *argv[])

-{

-    printf("No SHA support\n");

-    return(0);

-}

-#else

-#include <openssl/evp.h>

-#include <openssl/sha.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-#undef SHA_0 /* FIPS 180 */

-#define  SHA_1 /* FIPS 180-1 */

-static char *test[]={

-	"abc",

-	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",

-	NULL,

-	};

-#ifdef SHA_0

-static char *ret[]={

-	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",

-	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",

-	};

-static char *bigret=

-	"3232affa48628a26653b5aaa44541fd90d690603";

-#endif

-#ifdef SHA_1

-static char *ret[]={

-	"a9993e364706816aba3e25717850c26c9cd0d89d",

-	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",

-	};

-static char *bigret=

-	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";

-#endif

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	char **P,**R;

-	static unsigned char buf[1000];

-	char *p,*r;

-	EVP_MD_CTX c;

-	unsigned char md[SHA_DIGEST_LENGTH];

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(test[0], test[0], strlen(test[0]));

-	ebcdic2ascii(test[1], test[1], strlen(test[1]));

-#endif

-	EVP_MD_CTX_init(&c);

-	P=test;

-	R=ret;

-	i=1;

-	while (*P != NULL)

-		{

-		EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);

-		p=pt(md);

-		if (strcmp(p,(char *)*R) != 0)

-			{

-			printf("error calculating SHA1 on '%s'\n",*P);

-			printf("got %s instead of %s\n",p,*R);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		i++;

-		R++;

-		P++;

-		}

-	memset(buf,'a',1000);

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(buf, buf, 1000);

-#endif /*CHARSET_EBCDIC*/

-	EVP_DigestInit_ex(&c,EVP_sha1(), NULL);

-	for (i=0; i<1000; i++)

-		EVP_DigestUpdate(&c,buf,1000);

-	EVP_DigestFinal_ex(&c,md,NULL);

-	p=pt(md);

-	r=bigret;

-	if (strcmp(p,r) != 0)

-		{

-		printf("error calculating SHA1 on 'a' * 1000\n");

-		printf("got %s instead of %s\n",p,r);

-		err++;

-		}

-	else

-		printf("test 3 ok\n");

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EXIT(err);

-	EVP_MD_CTX_cleanup(&c);

-	return(0);

-	}

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<SHA_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha256.c

+++ /dev/null

@@ -1,319 +1,0 @@

-/* crypto/sha/sha256.c */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved

- * according to the OpenSSL license [found in ../../LICENSE].

- * ====================================================================

- */

-#include <openssl/opensslconf.h>

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/sha.h>

-#include <openssl/opensslv.h>

-const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;

-int SHA224_Init (SHA256_CTX *c)

-	{

-	c->h[0]=0xc1059ed8UL;	c->h[1]=0x367cd507UL;

-	c->h[2]=0x3070dd17UL;	c->h[3]=0xf70e5939UL;

-	c->h[4]=0xffc00b31UL;	c->h[5]=0x68581511UL;

-	c->h[6]=0x64f98fa7UL;	c->h[7]=0xbefa4fa4UL;

-	c->Nl=0;	c->Nh=0;

-	c->num=0;	c->md_len=SHA224_DIGEST_LENGTH;

-	return 1;

-	}

-int SHA256_Init (SHA256_CTX *c)

-	{

-	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;

-	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;

-	c->h[4]=0x510e527fUL;	c->h[5]=0x9b05688cUL;

-	c->h[6]=0x1f83d9abUL;	c->h[7]=0x5be0cd19UL;

-	c->Nl=0;	c->Nh=0;

-	c->num=0;	c->md_len=SHA256_DIGEST_LENGTH;

-	return 1;

-	}

-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	SHA256_CTX c;

-	static unsigned char m[SHA224_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	SHA224_Init(&c);

-	SHA256_Update(&c,d,n);

-	SHA256_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));

-	return(md);

-	}

-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	SHA256_CTX c;

-	static unsigned char m[SHA256_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	SHA256_Init(&c);

-	SHA256_Update(&c,d,n);

-	SHA256_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));

-	return(md);

-	}

-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)

-{   return SHA256_Update (c,data,len);   }

-int SHA224_Final (unsigned char *md, SHA256_CTX *c)

-{   return SHA256_Final (md,c);   }

-#ifndef	SHA_LONG_LOG2

-#define	SHA_LONG_LOG2	2	/* default to 32 bits */

-#endif

-#define	DATA_ORDER_IS_BIG_ENDIAN

-#define	HASH_LONG		SHA_LONG

-#define	HASH_LONG_LOG2		SHA_LONG_LOG2

-#define	HASH_CTX		SHA256_CTX

-#define	HASH_CBLOCK		SHA_CBLOCK

-#define	HASH_LBLOCK		SHA_LBLOCK

-/*

- * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."

- * default: case below covers for it. It's not clear however if it's

- * permitted to truncate to amount of bytes not divisible by 4. I bet not,

- * but if it is, then default: case shall be extended. For reference.

- * Idea behind separate cases for pre-defined lenghts is to let the

- * compiler decide if it's appropriate to unroll small loops.

- */

-#define	HASH_MAKE_STRING(c,s)	do {	\

-	unsigned long ll;		\

-	unsigned int  n;		\

-	switch ((c)->md_len)		\

-	{   case SHA224_DIGEST_LENGTH:	\

-		for (n=0;n<SHA224_DIGEST_LENGTH/4;n++)	\

-		{   ll=(c)->h[n]; HOST_l2c(ll,(s));   }	\

-		break;			\

-	    case SHA256_DIGEST_LENGTH:	\

-		for (n=0;n<SHA256_DIGEST_LENGTH/4;n++)	\

-		{   ll=(c)->h[n]; HOST_l2c(ll,(s));   }	\

-		break;			\

-	    default:			\

-		if ((c)->md_len > SHA256_DIGEST_LENGTH)	\

-		    return 0;				\

-		for (n=0;n<(c)->md_len/4;n++)		\

-		{   ll=(c)->h[n]; HOST_l2c(ll,(s));   }	\

-		break;			\

-	}				\

-	} while (0)

-#define	HASH_UPDATE		SHA256_Update

-#define	HASH_TRANSFORM		SHA256_Transform

-#define	HASH_FINAL		SHA256_Final

-#define	HASH_BLOCK_HOST_ORDER	sha256_block_host_order

-#define	HASH_BLOCK_DATA_ORDER	sha256_block_data_order

-void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);

-void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);

-#include "md32_common.h"

-#ifdef SHA256_ASM

-void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);

-#else

-static const SHA_LONG K256[64] = {

-	0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,

-	0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,

-	0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,

-	0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,

-	0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,

-	0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,

-	0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,

-	0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,

-	0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,

-	0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,

-	0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,

-	0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,

-	0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,

-	0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,

-	0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,

-	0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };

-/*

- * FIPS specification refers to right rotations, while our ROTATE macro

- * is left one. This is why you might notice that rotation coefficients

- * differ from those observed in FIPS document by 32-N...

- */

-#define Sigma0(x)	(ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))

-#define Sigma1(x)	(ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))

-#define sigma0(x)	(ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))

-#define sigma1(x)	(ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))

-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))

-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

-#ifdef OPENSSL_SMALL_FOOTPRINT

-static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)

-	{

-	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;

-	SHA_LONG	X[16];

-	int i;

-	const unsigned char *data=in;

-			while (num--) {

-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];

-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];

-	if (host)

-		{

-		const SHA_LONG *W=(const SHA_LONG *)data;

-		for (i=0;i<16;i++)

-			{

-			T1 = X[i] = W[i];

-			T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];

-			T2 = Sigma0(a) + Maj(a,b,c);

-			h = g;	g = f;	f = e;	e = d + T1;

-			d = c;	c = b;	b = a;	a = T1 + T2;

-			}

-		data += SHA256_CBLOCK;

-		}

-	else

-		{

-		SHA_LONG l;

-		for (i=0;i<16;i++)

-			{

-			HOST_c2l(data,l); T1 = X[i] = l;

-			T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];

-			T2 = Sigma0(a) + Maj(a,b,c);

-			h = g;	g = f;	f = e;	e = d + T1;

-			d = c;	c = b;	b = a;	a = T1 + T2;

-			}

-		}

-	for (;i<64;i++)

-		{

-		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);

-		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);

-		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];

-		T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];

-		T2 = Sigma0(a) + Maj(a,b,c);

-		h = g;	g = f;	f = e;	e = d + T1;

-		d = c;	c = b;	b = a;	a = T1 + T2;

-		}

-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;

-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;

-			}

-}

-#else

-#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\

-	T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];	\

-	h = Sigma0(a) + Maj(a,b,c);			\

-	d += T1;	h += T1;		} while (0)

-#define	ROUND_16_63(i,a,b,c,d,e,f,g,h,X)	do {	\

-	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\

-	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\

-	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\

-	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)

-static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)

-	{

-	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;

-	SHA_LONG	X[16];

-	int i;

-	const unsigned char *data=in;

-			while (num--) {

-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];

-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];

-	if (host)

-		{

-		const SHA_LONG *W=(const SHA_LONG *)data;

-		T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);

-		T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);

-		T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);

-		T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);

-		T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);

-		T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);

-		T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);

-		T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);

-		T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);

-		T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);

-		T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);

-		T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);

-		T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);

-		T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);

-		T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);

-		T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);

-		data += SHA256_CBLOCK;

-		}

-	else

-		{

-		SHA_LONG l;

-		HOST_c2l(data,l); T1 = X[0] = l;  ROUND_00_15(0,a,b,c,d,e,f,g,h);

-		HOST_c2l(data,l); T1 = X[1] = l;  ROUND_00_15(1,h,a,b,c,d,e,f,g);

-		HOST_c2l(data,l); T1 = X[2] = l;  ROUND_00_15(2,g,h,a,b,c,d,e,f);

-		HOST_c2l(data,l); T1 = X[3] = l;  ROUND_00_15(3,f,g,h,a,b,c,d,e);

-		HOST_c2l(data,l); T1 = X[4] = l;  ROUND_00_15(4,e,f,g,h,a,b,c,d);

-		HOST_c2l(data,l); T1 = X[5] = l;  ROUND_00_15(5,d,e,f,g,h,a,b,c);

-		HOST_c2l(data,l); T1 = X[6] = l;  ROUND_00_15(6,c,d,e,f,g,h,a,b);

-		HOST_c2l(data,l); T1 = X[7] = l;  ROUND_00_15(7,b,c,d,e,f,g,h,a);

-		HOST_c2l(data,l); T1 = X[8] = l;  ROUND_00_15(8,a,b,c,d,e,f,g,h);

-		HOST_c2l(data,l); T1 = X[9] = l;  ROUND_00_15(9,h,a,b,c,d,e,f,g);

-		HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);

-		HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);

-		HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);

-		HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);

-		HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);

-		HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);

-		}

-	for (i=16;i<64;i+=8)

-		{

-		ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);

-		ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);

-		ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);

-		ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);

-		ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);

-		ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);

-		ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);

-		ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);

-		}

-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;

-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;

-			}

-	}

-#endif

-#endif /* SHA256_ASM */

-/*

- * Idea is to trade couple of cycles for some space. On IA-32 we save

- * about 4K in "big footprint" case. In "small footprint" case any gain

- * is appreciated:-)

- */

-void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)

-{   sha256_block (ctx,in,num,1);   }

-void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)

-{   sha256_block (ctx,in,num,0);   }

-#endif /* OPENSSL_NO_SHA256 */

--- a/sys/src/ape/lib/openssl/crypto/sha/sha256t.c

+++ /dev/null

@@ -1,147 +1,0 @@

-/* crypto/sha/sha256t.c */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- * ====================================================================

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include <openssl/sha.h>

-#include <openssl/evp.h>

-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)

-int main(int argc, char *argv[])

-{

-    printf("No SHA256 support\n");

-    return(0);

-}

-#else

-unsigned char app_b1[SHA256_DIGEST_LENGTH] = {

-	0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,

-	0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,

-	0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,

-	0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad	};

-unsigned char app_b2[SHA256_DIGEST_LENGTH] = {

-	0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,

-	0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,

-	0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,

-	0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1	};

-unsigned char app_b3[SHA256_DIGEST_LENGTH] = {

-	0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,

-	0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,

-	0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,

-	0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0	};

-unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {

-	0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22,

-	0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3,

-	0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7,

-	0xe3,0x6c,0x9d,0xa7 };

-unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {

-	0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc,

-	0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50,

-	0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19,

-	0x52,0x52,0x25,0x25 };

-unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {

-	0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8,

-	0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b,

-	0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee,

-	0x4e,0xe7,0xad,0x67 };

-int main (int argc,char **argv)

-{ unsigned char md[SHA256_DIGEST_LENGTH];

-  int		i;

-  EVP_MD_CTX	evp;

-    fprintf(stdout,"Testing SHA-256 ");

-    EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL);

-    if (memcmp(md,app_b1,sizeof(app_b1)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"

-		"ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL);

-    if (memcmp(md,app_b2,sizeof(app_b2)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_MD_CTX_init (&evp);

-    EVP_DigestInit_ex (&evp,EVP_sha256(),NULL);

-    for (i=0;i<1000000;i+=160)

-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",

-				(1000000-i)<160?1000000-i:160);

-    EVP_DigestFinal_ex (&evp,md,NULL);

-    EVP_MD_CTX_cleanup (&evp);

-    if (memcmp(md,app_b3,sizeof(app_b3)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    fprintf(stdout," passed.\n"); fflush(stdout);

-    fprintf(stdout,"Testing SHA-224 ");

-    EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);

-    if (memcmp(md,addenum_1,sizeof(addenum_1)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"

-		"ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL);

-    if (memcmp(md,addenum_2,sizeof(addenum_2)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_MD_CTX_init (&evp);

-    EVP_DigestInit_ex (&evp,EVP_sha224(),NULL);

-    for (i=0;i<1000000;i+=64)

-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",

-				(1000000-i)<64?1000000-i:64);

-    EVP_DigestFinal_ex (&evp,md,NULL);

-    EVP_MD_CTX_cleanup (&evp);

-    if (memcmp(md,addenum_3,sizeof(addenum_3)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    fprintf(stdout," passed.\n"); fflush(stdout);

-  return 0;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha512.c

+++ /dev/null

@@ -1,496 +1,0 @@

-/* crypto/sha/sha512.c */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved

- * according to the OpenSSL license [found in ../../LICENSE].

- * ====================================================================

- */

-#include <openssl/opensslconf.h>

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)

-/*

- * IMPLEMENTATION NOTES.

- *

- * As you might have noticed 32-bit hash algorithms:

- *

- * - permit SHA_LONG to be wider than 32-bit (case on CRAY);

- * - optimized versions implement two transform functions: one operating

- *   on [aligned] data in host byte order and one - on data in input

- *   stream byte order;

- * - share common byte-order neutral collector and padding function

- *   implementations, ../md32_common.h;

- *

- * Neither of the above applies to this SHA-512 implementations. Reasons

- * [in reverse order] are:

- *

- * - it's the only 64-bit hash algorithm for the moment of this writing,

- *   there is no need for common collector/padding implementation [yet];

- * - by supporting only one transform function [which operates on

- *   *aligned* data in input stream byte order, big-endian in this case]

- *   we minimize burden of maintenance in two ways: a) collector/padding

- *   function is simpler; b) only one transform function to stare at;

- * - SHA_LONG64 is required to be exactly 64-bit in order to be able to

- *   apply a number of optimizations to mitigate potential performance

- *   penalties caused by previous design decision;

- *

- * Caveat lector.

- *

- * Implementation relies on the fact that "long long" is 64-bit on

- * both 32- and 64-bit platforms. If some compiler vendor comes up

- * with 128-bit long long, adjustment to sha.h would be required.

- * As this implementation relies on 64-bit integer type, it's totally

- * inappropriate for platforms which don't support it, most notably

- * 16-bit platforms.

- *					<[email protected]>

- */

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/sha.h>

-#include <openssl/opensslv.h>

-#include "cryptlib.h"

-const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;

-#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)

-#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA

-#endif

-int SHA384_Init (SHA512_CTX *c)

-	{

-	c->h[0]=U64(0xcbbb9d5dc1059ed8);

-	c->h[1]=U64(0x629a292a367cd507);

-	c->h[2]=U64(0x9159015a3070dd17);

-	c->h[3]=U64(0x152fecd8f70e5939);

-	c->h[4]=U64(0x67332667ffc00b31);

-	c->h[5]=U64(0x8eb44a8768581511);

-	c->h[6]=U64(0xdb0c2e0d64f98fa7);

-	c->h[7]=U64(0x47b5481dbefa4fa4);

-        c->Nl=0;        c->Nh=0;

-        c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;

-        return 1;

-	}

-int SHA512_Init (SHA512_CTX *c)

-	{

-	c->h[0]=U64(0x6a09e667f3bcc908);

-	c->h[1]=U64(0xbb67ae8584caa73b);

-	c->h[2]=U64(0x3c6ef372fe94f82b);

-	c->h[3]=U64(0xa54ff53a5f1d36f1);

-	c->h[4]=U64(0x510e527fade682d1);

-	c->h[5]=U64(0x9b05688c2b3e6c1f);

-	c->h[6]=U64(0x1f83d9abfb41bd6b);

-	c->h[7]=U64(0x5be0cd19137e2179);

-        c->Nl=0;        c->Nh=0;

-        c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;

-        return 1;

-	}

-#ifndef SHA512_ASM

-static

-#endif

-void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);

-int SHA512_Final (unsigned char *md, SHA512_CTX *c)

-	{

-	unsigned char *p=(unsigned char *)c->u.p;

-	size_t n=c->num;

-	p[n]=0x80;	/* There always is a room for one */

-	n++;

-	if (n > (sizeof(c->u)-16))

-		memset (p+n,0,sizeof(c->u)-n), n=0,

-		sha512_block (c,p,1);

-	memset (p+n,0,sizeof(c->u)-16-n);

-#ifdef	B_ENDIAN

-	c->u.d[SHA_LBLOCK-2] = c->Nh;

-	c->u.d[SHA_LBLOCK-1] = c->Nl;

-#else

-	p[sizeof(c->u)-1]  = (unsigned char)(c->Nl);

-	p[sizeof(c->u)-2]  = (unsigned char)(c->Nl>>8);

-	p[sizeof(c->u)-3]  = (unsigned char)(c->Nl>>16);

-	p[sizeof(c->u)-4]  = (unsigned char)(c->Nl>>24);

-	p[sizeof(c->u)-5]  = (unsigned char)(c->Nl>>32);

-	p[sizeof(c->u)-6]  = (unsigned char)(c->Nl>>40);

-	p[sizeof(c->u)-7]  = (unsigned char)(c->Nl>>48);

-	p[sizeof(c->u)-8]  = (unsigned char)(c->Nl>>56);

-	p[sizeof(c->u)-9]  = (unsigned char)(c->Nh);

-	p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);

-	p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);

-	p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);

-	p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);

-	p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);

-	p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);

-	p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);

-#endif

-	sha512_block (c,p,1);

-	if (md==0) return 0;

-	switch (c->md_len)

-		{

-		/* Let compiler decide if it's appropriate to unroll... */

-		case SHA384_DIGEST_LENGTH:

-			for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)

-				{

-				SHA_LONG64 t = c->h[n];

-				*(md++)	= (unsigned char)(t>>56);

-				*(md++)	= (unsigned char)(t>>48);

-				*(md++)	= (unsigned char)(t>>40);

-				*(md++)	= (unsigned char)(t>>32);

-				*(md++)	= (unsigned char)(t>>24);

-				*(md++)	= (unsigned char)(t>>16);

-				*(md++)	= (unsigned char)(t>>8);

-				*(md++)	= (unsigned char)(t);

-				}

-			break;

-		case SHA512_DIGEST_LENGTH:

-			for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)

-				{

-				SHA_LONG64 t = c->h[n];

-				*(md++)	= (unsigned char)(t>>56);

-				*(md++)	= (unsigned char)(t>>48);

-				*(md++)	= (unsigned char)(t>>40);

-				*(md++)	= (unsigned char)(t>>32);

-				*(md++)	= (unsigned char)(t>>24);

-				*(md++)	= (unsigned char)(t>>16);

-				*(md++)	= (unsigned char)(t>>8);

-				*(md++)	= (unsigned char)(t);

-				}

-			break;

-		/* ... as well as make sure md_len is not abused. */

-		default:	return 0;

-		}

-	return 1;

-	}

-int SHA384_Final (unsigned char *md,SHA512_CTX *c)

-{   return SHA512_Final (md,c);   }

-int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)

-	{

-	SHA_LONG64	l;

-	unsigned char  *p=c->u.p;

-	const unsigned char *data=(const unsigned char *)_data;

-	if (len==0) return  1;

-	l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);

-	if (l < c->Nl)		c->Nh++;

-	if (sizeof(len)>=8)	c->Nh+=(((SHA_LONG64)len)>>61);

-	c->Nl=l;

-	if (c->num != 0)

-		{

-		size_t n = sizeof(c->u) - c->num;

-		if (len < n)

-			{

-			memcpy (p+c->num,data,len), c->num += len;

-			return 1;

-			}

-		else	{

-			memcpy (p+c->num,data,n), c->num = 0;

-			len-=n, data+=n;

-			sha512_block (c,p,1);

-			}

-		}

-	if (len >= sizeof(c->u))

-		{

-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA

-		if ((size_t)data%sizeof(c->u.d[0]) != 0)

-			while (len >= sizeof(c->u))

-				memcpy (p,data,sizeof(c->u)),

-				sha512_block (c,p,1),

-				len  -= sizeof(c->u),

-				data += sizeof(c->u);

-		else

-#endif

-			sha512_block (c,data,len/sizeof(c->u)),

-			data += len,

-			len  %= sizeof(c->u),

-			data -= len;

-		}

-	if (len != 0)	memcpy (p,data,len), c->num = (int)len;

-	return 1;

-	}

-int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)

-{   return SHA512_Update (c,data,len);   }

-void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)

-{   sha512_block (c,data,1);  }

-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	SHA512_CTX c;

-	static unsigned char m[SHA384_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	SHA384_Init(&c);

-	SHA512_Update(&c,d,n);

-	SHA512_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));

-	return(md);

-	}

-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	SHA512_CTX c;

-	static unsigned char m[SHA512_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	SHA512_Init(&c);

-	SHA512_Update(&c,d,n);

-	SHA512_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));

-	return(md);

-	}

-#ifndef SHA512_ASM

-static const SHA_LONG64 K512[80] = {

-        U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),

-        U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),

-        U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),

-        U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),

-        U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),

-        U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),

-        U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),

-        U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),

-        U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),

-        U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),

-        U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),

-        U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),

-        U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),

-        U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),

-        U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),

-        U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),

-        U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),

-        U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),

-        U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),

-        U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),

-        U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),

-        U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),

-        U64(0xd192e819d6ef5218),U64(0xd69906245565a910),

-        U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),

-        U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),

-        U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),

-        U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),

-        U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),

-        U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),

-        U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),

-        U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),

-        U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),

-        U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),

-        U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),

-        U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),

-        U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),

-        U64(0x28db77f523047d84),U64(0x32caab7b40c72493),

-        U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),

-        U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),

-        U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };

-#ifndef PEDANTIC

-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)

-#  if defined(__x86_64) || defined(__x86_64__)

-#   define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));	\

-				asm ("bswapq	%0"		\

-				: "=r"(ret)			\

-				: "0"(ret)); ret;		})

-#  endif

-# endif

-#endif

-#ifndef PULL64

-#define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))

-#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))

-#endif

-#ifndef PEDANTIC

-# if defined(_MSC_VER)

-#  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */

-#   define ROTR(a,n)	_rotr64((a),n)

-#  endif

-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)

-#  if defined(__x86_64) || defined(__x86_64__)

-#   define ROTR(a,n)	({ unsigned long ret;		\

-				asm ("rorq %1,%0"	\

-				: "=r"(ret)		\

-				: "J"(n),"0"(a)		\

-				: "cc"); ret;		})

-#  elif defined(_ARCH_PPC) && defined(__64BIT__)

-#   define ROTR(a,n)	({ unsigned long ret;		\

-				asm ("rotrdi %0,%1,%2"	\

-				: "=r"(ret)		\

-				: "r"(a),"K"(n)); ret;	})

-#  endif

-# endif

-#endif

-#ifndef ROTR

-#define ROTR(x,s)	(((x)>>s) | (x)<<(64-s))

-#endif

-#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))

-#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))

-#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))

-#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))

-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))

-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

-#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)

-#define	GO_FOR_SSE2(ctx,in,num)		do {		\

-	void	sha512_block_sse2(void *,const void *,size_t);	\

-	if (!(OPENSSL_ia32cap_P & (1<<26))) break;	\

-	sha512_block_sse2(ctx->h,in,num); return;	\

-					} while (0)

-#endif

-#ifdef OPENSSL_SMALL_FOOTPRINT

-static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)

-	{

-	const SHA_LONG64 *W=in;

-	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1,T2;

-	SHA_LONG64	X[16];

-	int i;

-#ifdef GO_FOR_SSE2

-	GO_FOR_SSE2(ctx,in,num);

-#endif

-			while (num--) {

-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];

-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];

-	for (i=0;i<16;i++)

-		{

-#ifdef B_ENDIAN

-		T1 = X[i] = W[i];

-#else

-		T1 = X[i] = PULL64(W[i]);

-#endif

-		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];

-		T2 = Sigma0(a) + Maj(a,b,c);

-		h = g;	g = f;	f = e;	e = d + T1;

-		d = c;	c = b;	b = a;	a = T1 + T2;

-		}

-	for (;i<80;i++)

-		{

-		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);

-		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);

-		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];

-		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];

-		T2 = Sigma0(a) + Maj(a,b,c);

-		h = g;	g = f;	f = e;	e = d + T1;

-		d = c;	c = b;	b = a;	a = T1 + T2;

-		}

-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;

-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;

-			W+=SHA_LBLOCK;

-			}

-	}

-#else

-#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\

-	T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];	\

-	h = Sigma0(a) + Maj(a,b,c);			\

-	d += T1;	h += T1;		} while (0)

-#define	ROUND_16_80(i,a,b,c,d,e,f,g,h,X)	do {	\

-	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\

-	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\

-	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\

-	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)

-static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)

-	{

-	const SHA_LONG64 *W=in;

-	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1;

-	SHA_LONG64	X[16];

-	int i;

-#ifdef GO_FOR_SSE2

-	GO_FOR_SSE2(ctx,in,num);

-#endif

-			while (num--) {

-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];

-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];

-#ifdef B_ENDIAN

-	T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);

-	T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);

-	T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);

-	T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);

-	T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);

-	T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);

-	T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);

-	T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);

-	T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);

-	T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);

-	T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);

-	T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);

-	T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);

-	T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);

-	T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);

-	T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);

-#else

-	T1 = X[0]  = PULL64(W[0]);	ROUND_00_15(0,a,b,c,d,e,f,g,h);

-	T1 = X[1]  = PULL64(W[1]);	ROUND_00_15(1,h,a,b,c,d,e,f,g);

-	T1 = X[2]  = PULL64(W[2]);	ROUND_00_15(2,g,h,a,b,c,d,e,f);

-	T1 = X[3]  = PULL64(W[3]);	ROUND_00_15(3,f,g,h,a,b,c,d,e);

-	T1 = X[4]  = PULL64(W[4]);	ROUND_00_15(4,e,f,g,h,a,b,c,d);

-	T1 = X[5]  = PULL64(W[5]);	ROUND_00_15(5,d,e,f,g,h,a,b,c);

-	T1 = X[6]  = PULL64(W[6]);	ROUND_00_15(6,c,d,e,f,g,h,a,b);

-	T1 = X[7]  = PULL64(W[7]);	ROUND_00_15(7,b,c,d,e,f,g,h,a);

-	T1 = X[8]  = PULL64(W[8]);	ROUND_00_15(8,a,b,c,d,e,f,g,h);

-	T1 = X[9]  = PULL64(W[9]);	ROUND_00_15(9,h,a,b,c,d,e,f,g);

-	T1 = X[10] = PULL64(W[10]);	ROUND_00_15(10,g,h,a,b,c,d,e,f);

-	T1 = X[11] = PULL64(W[11]);	ROUND_00_15(11,f,g,h,a,b,c,d,e);

-	T1 = X[12] = PULL64(W[12]);	ROUND_00_15(12,e,f,g,h,a,b,c,d);

-	T1 = X[13] = PULL64(W[13]);	ROUND_00_15(13,d,e,f,g,h,a,b,c);

-	T1 = X[14] = PULL64(W[14]);	ROUND_00_15(14,c,d,e,f,g,h,a,b);

-	T1 = X[15] = PULL64(W[15]);	ROUND_00_15(15,b,c,d,e,f,g,h,a);

-#endif

-	for (i=16;i<80;i+=8)

-		{

-		ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);

-		ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);

-		ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);

-		ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);

-		ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);

-		ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);

-		ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);

-		ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);

-		}

-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;

-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;

-			W+=SHA_LBLOCK;

-			}

-	}

-#endif

-#endif /* SHA512_ASM */

-#endif /* OPENSSL_NO_SHA512 */

--- a/sys/src/ape/lib/openssl/crypto/sha/sha512t.c

+++ /dev/null

@@ -1,184 +1,0 @@

-/* crypto/sha/sha512t.c */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- * ====================================================================

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include <openssl/sha.h>

-#include <openssl/evp.h>

-#include <openssl/crypto.h>

-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)

-int main(int argc, char *argv[])

-{

-    printf("No SHA512 support\n");

-    return(0);

-}

-#else

-unsigned char app_c1[SHA512_DIGEST_LENGTH] = {

-	0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,

-	0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,

-	0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,

-	0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,

-	0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,

-	0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,

-	0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,

-	0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };

-unsigned char app_c2[SHA512_DIGEST_LENGTH] = {

-	0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,

-	0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,

-	0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,

-	0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,

-	0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,

-	0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,

-	0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,

-	0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };

-unsigned char app_c3[SHA512_DIGEST_LENGTH] = {

-	0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,

-	0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,

-	0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,

-	0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,

-	0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,

-	0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,

-	0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,

-	0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };

-unsigned char app_d1[SHA384_DIGEST_LENGTH] = {

-	0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,

-	0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,

-	0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,

-	0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,

-	0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,

-	0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };

-unsigned char app_d2[SHA384_DIGEST_LENGTH] = {

-	0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,

-	0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,

-	0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,

-	0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,

-	0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,

-	0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };

-unsigned char app_d3[SHA384_DIGEST_LENGTH] = {

-	0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,

-	0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,

-	0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,

-	0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,

-	0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,

-	0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };

-int main (int argc,char **argv)

-{ unsigned char md[SHA512_DIGEST_LENGTH];

-  int		i;

-  EVP_MD_CTX	evp;

-#ifdef OPENSSL_IA32_SSE2

-    /* Alternative to this is to call OpenSSL_add_all_algorithms...

-     * The below code is retained exclusively for debugging purposes. */

-    { char      *env;

-	if ((env=getenv("OPENSSL_ia32cap")))

-	    OPENSSL_ia32cap = strtoul (env,NULL,0);

-    }

-#endif

-    fprintf(stdout,"Testing SHA-512 ");

-    EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL);

-    if (memcmp(md,app_c1,sizeof(app_c1)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"

-		"efghijkl""fghijklm""ghijklmn""hijklmno"

-		"ijklmnop""jklmnopq""klmnopqr""lmnopqrs"

-		"mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL);

-    if (memcmp(md,app_c2,sizeof(app_c2)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_MD_CTX_init (&evp);

-    EVP_DigestInit_ex (&evp,EVP_sha512(),NULL);

-    for (i=0;i<1000000;i+=288)

-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",

-				(1000000-i)<288?1000000-i:288);

-    EVP_DigestFinal_ex (&evp,md,NULL);

-    EVP_MD_CTX_cleanup (&evp);

-    if (memcmp(md,app_c3,sizeof(app_c3)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    fprintf(stdout," passed.\n"); fflush(stdout);

-    fprintf(stdout,"Testing SHA-384 ");

-    EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL);

-    if (memcmp(md,app_d1,sizeof(app_d1)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"

-		"efghijkl""fghijklm""ghijklmn""hijklmno"

-		"ijklmnop""jklmnopq""klmnopqr""lmnopqrs"

-		"mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL);

-    if (memcmp(md,app_d2,sizeof(app_d2)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    EVP_MD_CTX_init (&evp);

-    EVP_DigestInit_ex (&evp,EVP_sha384(),NULL);

-    for (i=0;i<1000000;i+=64)

-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"

-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",

-				(1000000-i)<64?1000000-i:64);

-    EVP_DigestFinal_ex (&evp,md,NULL);

-    EVP_MD_CTX_cleanup (&evp);

-    if (memcmp(md,app_d3,sizeof(app_d3)))

-    {	fflush(stdout);

-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");

-	return 1;

-    }

-    else

-	fprintf(stdout,"."); fflush(stdout);

-    fprintf(stdout," passed.\n"); fflush(stdout);

-  return 0;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha_dgst.c

+++ /dev/null

@@ -1,74 +1,0 @@

-/* crypto/sha/sha1dgst.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/opensslconf.h>

-#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)

-#undef  SHA_1

-#define SHA_0

-#include <openssl/opensslv.h>

-const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT;

-/* The implementation is in ../md32_common.h */

-#include "sha_locl.h"

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha_locl.h

+++ /dev/null

@@ -1,605 +1,0 @@

-/* crypto/sha/sha_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdlib.h>

-#include <string.h>

-#include <openssl/opensslconf.h>

-#include <openssl/sha.h>

-#ifndef SHA_LONG_LOG2

-#define SHA_LONG_LOG2	2	/* default to 32 bits */

-#endif

-#define DATA_ORDER_IS_BIG_ENDIAN

-#define HASH_LONG               SHA_LONG

-#define HASH_LONG_LOG2          SHA_LONG_LOG2

-#define HASH_CTX                SHA_CTX

-#define HASH_CBLOCK             SHA_CBLOCK

-#define HASH_LBLOCK             SHA_LBLOCK

-#define HASH_MAKE_STRING(c,s)   do {	\

-	unsigned long ll;		\

-	ll=(c)->h0; HOST_l2c(ll,(s));	\

-	ll=(c)->h1; HOST_l2c(ll,(s));	\

-	ll=(c)->h2; HOST_l2c(ll,(s));	\

-	ll=(c)->h3; HOST_l2c(ll,(s));	\

-	ll=(c)->h4; HOST_l2c(ll,(s));	\

-	} while (0)

-#if defined(SHA_0)

-# define HASH_UPDATE             	SHA_Update

-# define HASH_TRANSFORM          	SHA_Transform

-# define HASH_FINAL              	SHA_Final

-# define HASH_INIT			SHA_Init

-# define HASH_BLOCK_HOST_ORDER   	sha_block_host_order

-# define HASH_BLOCK_DATA_ORDER   	sha_block_data_order

-# define Xupdate(a,ix,ia,ib,ic,id)	(ix=(a)=(ia^ib^ic^id))

-  void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);

-  void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);

-#elif defined(SHA_1)

-# define HASH_UPDATE             	SHA1_Update

-# define HASH_TRANSFORM          	SHA1_Transform

-# define HASH_FINAL              	SHA1_Final

-# define HASH_INIT			SHA1_Init

-# define HASH_BLOCK_HOST_ORDER   	sha1_block_host_order

-# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order

-# if defined(__MWERKS__) && defined(__MC68K__)

-   /* Metrowerks for Motorola fails otherwise:-( <[email protected]> */

-#  define Xupdate(a,ix,ia,ib,ic,id)	do { (a)=(ia^ib^ic^id);		\

-					     ix=(a)=ROTATE((a),1);	\

-					} while (0)

-# else

-#  define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\

-					  ix=(a)=ROTATE((a),1)	\

-					)

-# endif

-# ifdef SHA1_ASM

-#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)

-#   if !defined(B_ENDIAN)

-#    define sha1_block_host_order		sha1_block_asm_host_order

-#    define DONT_IMPLEMENT_BLOCK_HOST_ORDER

-#    define sha1_block_data_order		sha1_block_asm_data_order

-#    define DONT_IMPLEMENT_BLOCK_DATA_ORDER

-#    define HASH_BLOCK_DATA_ORDER_ALIGNED	sha1_block_asm_data_order

-#   endif

-#  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)

-#   define sha1_block_host_order		sha1_block_asm_host_order

-#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER

-#   define sha1_block_data_order		sha1_block_asm_data_order

-#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER

-#  endif

-# endif

-  void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);

-  void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);

-#else

-# error "Either SHA_0 or SHA_1 must be defined."

-#endif

-#include "md32_common.h"

-#define INIT_DATA_h0 0x67452301UL

-#define INIT_DATA_h1 0xefcdab89UL

-#define INIT_DATA_h2 0x98badcfeUL

-#define INIT_DATA_h3 0x10325476UL

-#define INIT_DATA_h4 0xc3d2e1f0UL

-int HASH_INIT (SHA_CTX *c)

-	{

-	c->h0=INIT_DATA_h0;

-	c->h1=INIT_DATA_h1;

-	c->h2=INIT_DATA_h2;

-	c->h3=INIT_DATA_h3;

-	c->h4=INIT_DATA_h4;

-	c->Nl=0;

-	c->Nh=0;

-	c->num=0;

-	return 1;

-	}

-#define K_00_19	0x5a827999UL

-#define K_20_39 0x6ed9eba1UL

-#define K_40_59 0x8f1bbcdcUL

-#define K_60_79 0xca62c1d6UL

-/* As  pointed out by Wei Dai <[email protected]>, F() below can be

- * simplified to the code in F_00_19.  Wei attributes these optimisations

- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.

- * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))

- * I've just become aware of another tweak to be made, again from Wei Dai,

- * in F_40_59, (x&a)|(y&a) -> (x|y)&a

- */

-#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))

-#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))

-#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d)))

-#define	F_60_79(b,c,d)	F_20_39(b,c,d)

-#ifndef OPENSSL_SMALL_FOOTPRINT

-#define BODY_00_15(i,a,b,c,d,e,f,xi) \

-	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \

-	(b)=ROTATE((b),30);

-#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \

-	Xupdate(f,xi,xa,xb,xc,xd); \

-	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \

-	(b)=ROTATE((b),30);

-#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \

-	Xupdate(f,xi,xa,xb,xc,xd); \

-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \

-	(b)=ROTATE((b),30);

-#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \

-	Xupdate(f,xa,xa,xb,xc,xd); \

-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \

-	(b)=ROTATE((b),30);

-#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \

-	Xupdate(f,xa,xa,xb,xc,xd); \

-	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \

-	(b)=ROTATE((b),30);

-#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \

-	Xupdate(f,xa,xa,xb,xc,xd); \

-	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \

-	(b)=ROTATE((b),30);

-#ifdef X

-#undef X

-#endif

-#ifndef MD32_XARRAY

-  /*

-   * Originally X was an array. As it's automatic it's natural

-   * to expect RISC compiler to accomodate at least part of it in

-   * the register bank, isn't it? Unfortunately not all compilers

-   * "find" this expectation reasonable:-( On order to make such

-   * compilers generate better code I replace X[] with a bunch of

-   * X0, X1, etc. See the function body below...

-   *					<[email protected]>

-   */

-# define X(i)	XX##i

-#else

-  /*

-   * However! Some compilers (most notably HP C) get overwhelmed by

-   * that many local variables so that we have to have the way to

-   * fall down to the original behavior.

-   */

-# define X(i)	XX[i]

-#endif

-#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER

-void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)

-	{

-	const SHA_LONG *W=d;

-	register unsigned MD32_REG_T A,B,C,D,E,T;

-#ifndef MD32_XARRAY

-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,

-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;

-#else

-	SHA_LONG	XX[16];

-#endif

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-	for (;;)

-		{

-	BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);

-	BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);

-	BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);

-	BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);

-	BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);

-	BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);

-	BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);

-	BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);

-	BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);

-	BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);

-	BODY_00_15(10,C,D,E,T,A,B,W[10]);

-	BODY_00_15(11,B,C,D,E,T,A,W[11]);

-	BODY_00_15(12,A,B,C,D,E,T,W[12]);

-	BODY_00_15(13,T,A,B,C,D,E,W[13]);

-	BODY_00_15(14,E,T,A,B,C,D,W[14]);

-	BODY_00_15(15,D,E,T,A,B,C,W[15]);

-	BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);

-	BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);

-	BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);

-	BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));

-	BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));

-	BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));

-	BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));

-	BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));

-	BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));

-	BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));

-	BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));

-	BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));

-	BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));

-	BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));

-	BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));

-	BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));

-	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));

-	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));

-	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));

-	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));

-	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));

-	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));

-	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));

-	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));

-	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));

-	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));

-	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));

-	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));

-	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));

-	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));

-	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));

-	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));

-	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));

-	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));

-	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));

-	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));

-	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));

-	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));

-	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));

-	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));

-	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));

-	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));

-	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));

-	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));

-	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));

-	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));

-	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));

-	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));

-	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));

-	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));

-	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));

-	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));

-	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));

-	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));

-	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));

-	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));

-	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));

-	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));

-	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));

-	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));

-	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));

-	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));

-	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));

-	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));

-	c->h0=(c->h0+E)&0xffffffffL;

-	c->h1=(c->h1+T)&0xffffffffL;

-	c->h2=(c->h2+A)&0xffffffffL;

-	c->h3=(c->h3+B)&0xffffffffL;

-	c->h4=(c->h4+C)&0xffffffffL;

-	if (--num == 0) break;

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-	W+=SHA_LBLOCK;

-		}

-	}

-#endif

-#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER

-void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)

-	{

-	const unsigned char *data=p;

-	register unsigned MD32_REG_T A,B,C,D,E,T,l;

-#ifndef MD32_XARRAY

-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,

-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;

-#else

-	SHA_LONG	XX[16];

-#endif

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-	for (;;)

-		{

-	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;

-	BODY_00_15( 0,A,B,C,D,E,T,X( 0));	HOST_c2l(data,l); X( 2)=l;

-	BODY_00_15( 1,T,A,B,C,D,E,X( 1));	HOST_c2l(data,l); X( 3)=l;

-	BODY_00_15( 2,E,T,A,B,C,D,X( 2));	HOST_c2l(data,l); X( 4)=l;

-	BODY_00_15( 3,D,E,T,A,B,C,X( 3));	HOST_c2l(data,l); X( 5)=l;

-	BODY_00_15( 4,C,D,E,T,A,B,X( 4));	HOST_c2l(data,l); X( 6)=l;

-	BODY_00_15( 5,B,C,D,E,T,A,X( 5));	HOST_c2l(data,l); X( 7)=l;

-	BODY_00_15( 6,A,B,C,D,E,T,X( 6));	HOST_c2l(data,l); X( 8)=l;

-	BODY_00_15( 7,T,A,B,C,D,E,X( 7));	HOST_c2l(data,l); X( 9)=l;

-	BODY_00_15( 8,E,T,A,B,C,D,X( 8));	HOST_c2l(data,l); X(10)=l;

-	BODY_00_15( 9,D,E,T,A,B,C,X( 9));	HOST_c2l(data,l); X(11)=l;

-	BODY_00_15(10,C,D,E,T,A,B,X(10));	HOST_c2l(data,l); X(12)=l;

-	BODY_00_15(11,B,C,D,E,T,A,X(11));	HOST_c2l(data,l); X(13)=l;

-	BODY_00_15(12,A,B,C,D,E,T,X(12));	HOST_c2l(data,l); X(14)=l;

-	BODY_00_15(13,T,A,B,C,D,E,X(13));	HOST_c2l(data,l); X(15)=l;

-	BODY_00_15(14,E,T,A,B,C,D,X(14));

-	BODY_00_15(15,D,E,T,A,B,C,X(15));

-	BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));

-	BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));

-	BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));

-	BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));

-	BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));

-	BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));

-	BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));

-	BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));

-	BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));

-	BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));

-	BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));

-	BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));

-	BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));

-	BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));

-	BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));

-	BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));

-	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));

-	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));

-	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));

-	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));

-	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));

-	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));

-	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));

-	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));

-	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));

-	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));

-	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));

-	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));

-	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));

-	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));

-	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));

-	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));

-	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));

-	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));

-	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));

-	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));

-	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));

-	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));

-	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));

-	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));

-	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));

-	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));

-	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));

-	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));

-	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));

-	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));

-	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));

-	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));

-	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));

-	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));

-	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));

-	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));

-	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));

-	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));

-	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));

-	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));

-	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));

-	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));

-	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));

-	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));

-	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));

-	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));

-	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));

-	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));

-	c->h0=(c->h0+E)&0xffffffffL;

-	c->h1=(c->h1+T)&0xffffffffL;

-	c->h2=(c->h2+A)&0xffffffffL;

-	c->h3=(c->h3+B)&0xffffffffL;

-	c->h4=(c->h4+C)&0xffffffffL;

-	if (--num == 0) break;

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-		}

-	}

-#endif

-#else	/* OPENSSL_SMALL_FOOTPRINT */

-#define BODY_00_15(xi)		 do {	\

-	T=E+K_00_19+F_00_19(B,C,D);	\

-	E=D, D=C, C=ROTATE(B,30), B=A;	\

-	A=ROTATE(A,5)+T+xi;	    } while(0)

-#define BODY_16_19(xa,xb,xc,xd)	 do {	\

-	Xupdate(T,xa,xa,xb,xc,xd);	\

-	T+=E+K_00_19+F_00_19(B,C,D);	\

-	E=D, D=C, C=ROTATE(B,30), B=A;	\

-	A=ROTATE(A,5)+T;	    } while(0)

-#define BODY_20_39(xa,xb,xc,xd)	 do {	\

-	Xupdate(T,xa,xa,xb,xc,xd);	\

-	T+=E+K_20_39+F_20_39(B,C,D);	\

-	E=D, D=C, C=ROTATE(B,30), B=A;	\

-	A=ROTATE(A,5)+T;	    } while(0)

-#define BODY_40_59(xa,xb,xc,xd)	 do {	\

-	Xupdate(T,xa,xa,xb,xc,xd);	\

-	T+=E+K_40_59+F_40_59(B,C,D);	\

-	E=D, D=C, C=ROTATE(B,30), B=A;	\

-	A=ROTATE(A,5)+T;	    } while(0)

-#define BODY_60_79(xa,xb,xc,xd)	 do {	\

-	Xupdate(T,xa,xa,xb,xc,xd);	\

-	T=E+K_60_79+F_60_79(B,C,D);	\

-	E=D, D=C, C=ROTATE(B,30), B=A;	\

-	A=ROTATE(A,5)+T+xa;	    } while(0)

-#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER

-void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)

-	{

-	const SHA_LONG *W=d;

-	register unsigned MD32_REG_T A,B,C,D,E,T;

-	int i;

-	SHA_LONG	X[16];

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-	for (;;)

-		{

-	for (i=0;i<16;i++)

-	{ X[i]=W[i]; BODY_00_15(X[i]); }

-	for (i=0;i<4;i++)

-	{ BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }

-	for (;i<24;i++)

-	{ BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }

-	for (i=0;i<20;i++)

-	{ BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }

-	for (i=4;i<24;i++)

-	{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }

-	c->h0=(c->h0+A)&0xffffffffL;

-	c->h1=(c->h1+B)&0xffffffffL;

-	c->h2=(c->h2+C)&0xffffffffL;

-	c->h3=(c->h3+D)&0xffffffffL;

-	c->h4=(c->h4+E)&0xffffffffL;

-	if (--num == 0) break;

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-	W+=SHA_LBLOCK;

-		}

-	}

-#endif

-#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER

-void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)

-	{

-	const unsigned char *data=p;

-	register unsigned MD32_REG_T A,B,C,D,E,T,l;

-	int i;

-	SHA_LONG	X[16];

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-	for (;;)

-		{

-	for (i=0;i<16;i++)

-	{ HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); }

-	for (i=0;i<4;i++)

-	{ BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }

-	for (;i<24;i++)

-	{ BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }

-	for (i=0;i<20;i++)

-	{ BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }

-	for (i=4;i<24;i++)

-	{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }

-	c->h0=(c->h0+A)&0xffffffffL;

-	c->h1=(c->h1+B)&0xffffffffL;

-	c->h2=(c->h2+C)&0xffffffffL;

-	c->h3=(c->h3+D)&0xffffffffL;

-	c->h4=(c->h4+E)&0xffffffffL;

-	if (--num == 0) break;

-	A=c->h0;

-	B=c->h1;

-	C=c->h2;

-	D=c->h3;

-	E=c->h4;

-		}

-	}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/sha_one.c

+++ /dev/null

@@ -1,78 +1,0 @@

-/* crypto/sha/sha_one.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/sha.h>

-#include <openssl/crypto.h>

-#ifndef OPENSSL_NO_SHA0

-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)

-	{

-	SHA_CTX c;

-	static unsigned char m[SHA_DIGEST_LENGTH];

-	if (md == NULL) md=m;

-	if (!SHA_Init(&c))

-		return NULL;

-	SHA_Update(&c,d,n);

-	SHA_Final(md,&c);

-	OPENSSL_cleanse(&c,sizeof(c));

-	return(md);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sha/shatest.c

+++ /dev/null

@@ -1,178 +1,0 @@

-/* crypto/sha/shatest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <string.h>

-#include <stdlib.h>

-#include "../e_os.h"

-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)

-int main(int argc, char *argv[])

-{

-    printf("No SHA0 support\n");

-    return(0);

-}

-#else

-#include <openssl/evp.h>

-#include <openssl/sha.h>

-#ifdef CHARSET_EBCDIC

-#include <openssl/ebcdic.h>

-#endif

-#define SHA_0 /* FIPS 180 */

-#undef  SHA_1 /* FIPS 180-1 */

-static char *test[]={

-	"abc",

-	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",

-	NULL,

-	};

-#ifdef SHA_0

-static char *ret[]={

-	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",

-	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",

-	};

-static char *bigret=

-	"3232affa48628a26653b5aaa44541fd90d690603";

-#endif

-#ifdef SHA_1

-static char *ret[]={

-	"a9993e364706816aba3e25717850c26c9cd0d89d",

-	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",

-	};

-static char *bigret=

-	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";

-#endif

-static char *pt(unsigned char *md);

-int main(int argc, char *argv[])

-	{

-	int i,err=0;

-	unsigned char **P,**R;

-	static unsigned char buf[1000];

-	char *p,*r;

-	EVP_MD_CTX c;

-	unsigned char md[SHA_DIGEST_LENGTH];

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(test[0], test[0], strlen(test[0]));

-	ebcdic2ascii(test[1], test[1], strlen(test[1]));

-#endif

-	EVP_MD_CTX_init(&c);

-	P=(unsigned char **)test;

-	R=(unsigned char **)ret;

-	i=1;

-	while (*P != NULL)

-		{

-		EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL);

-		p=pt(md);

-		if (strcmp(p,(char *)*R) != 0)

-			{

-			printf("error calculating SHA on '%s'\n",*P);

-			printf("got %s instead of %s\n",p,*R);

-			err++;

-			}

-		else

-			printf("test %d ok\n",i);

-		i++;

-		R++;

-		P++;

-		}

-	memset(buf,'a',1000);

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(buf, buf, 1000);

-#endif /*CHARSET_EBCDIC*/

-	EVP_DigestInit_ex(&c,EVP_sha(), NULL);

-	for (i=0; i<1000; i++)

-		EVP_DigestUpdate(&c,buf,1000);

-	EVP_DigestFinal_ex(&c,md,NULL);

-	p=pt(md);

-	r=bigret;

-	if (strcmp(p,r) != 0)

-		{

-		printf("error calculating SHA on '%s'\n",p);

-		printf("got %s instead of %s\n",p,r);

-		err++;

-		}

-	else

-		printf("test 3 ok\n");

-#ifdef OPENSSL_SYS_NETWARE

-    if (err) printf("ERROR: %d\n", err);

-#endif

-	EVP_MD_CTX_cleanup(&c);

-	EXIT(err);

-	return(0);

-	}

-static char *pt(unsigned char *md)

-	{

-	int i;

-	static char buf[80];

-	for (i=0; i<SHA_DIGEST_LENGTH; i++)

-		sprintf(&(buf[i*2]),"%02x",md[i]);

-	return(buf);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/sparccpuid.S

+++ /dev/null

@@ -1,239 +1,0 @@

-#if defined(__SUNPRO_C) && defined(__sparcv9)

-# define ABI64  /* They've said -xarch=v9 at command line */

-#elif defined(__GNUC__) && defined(__arch64__)

-# define ABI64  /* They've said -m64 at command line */

-#endif

-#ifdef ABI64

-  .register	%g2,#scratch

-  .register	%g3,#scratch

-# define	FRAME	-192

-# define	BIAS	2047

-#else

-# define	FRAME	-96

-# define	BIAS	0

-#endif

-.text

-.align	32

-.global	OPENSSL_wipe_cpu

-.type	OPENSSL_wipe_cpu,#function

-! Keep in mind that this does not excuse us from wiping the stack!

-! This routine wipes registers, but not the backing store [which

-! resides on the stack, toward lower addresses]. To facilitate for

-! stack wiping I return pointer to the top of stack of the *caller*.

-OPENSSL_wipe_cpu:

-	save	%sp,FRAME,%sp

-	nop

-#ifdef __sun

-#include <sys/trap.h>

-	ta	ST_CLEAN_WINDOWS

-#else

-	call	.walk.reg.wins

-#endif

-	nop

-	call	.PIC.zero.up

-	mov	.zero-(.-4),%o0

-	ldd	[%o0],%f0

-	subcc	%g0,1,%o0

-	! Following is V9 "rd %ccr,%o0" instruction. However! V8

-	! specification says that it ("rd %asr2,%o0" in V8 terms) does

-	! not cause illegal_instruction trap. It therefore can be used

-	! to determine if the CPU the code is executing on is V8- or

-	! V9-compliant, as V9 returns a distinct value of 0x99,

-	! "negative" and "borrow" bits set in both %icc and %xcc.

-	.word	0x91408000	!rd	%ccr,%o0

-	cmp	%o0,0x99

-	bne	.v8

-	nop

-			! Even though we do not use %fp register bank,

-			! we wipe it as memcpy might have used it...

-			.word	0xbfa00040	!fmovd	%f0,%f62

-			.word	0xbba00040	!...

-			.word	0xb7a00040

-			.word	0xb3a00040

-			.word	0xafa00040

-			.word	0xaba00040

-			.word	0xa7a00040

-			.word	0xa3a00040

-			.word	0x9fa00040

-			.word	0x9ba00040

-			.word	0x97a00040

-			.word	0x93a00040

-			.word	0x8fa00040

-			.word	0x8ba00040

-			.word	0x87a00040

-			.word	0x83a00040	!fmovd	%f0,%f32

-.v8:			fmovs	%f1,%f31

-	clr	%o0

-			fmovs	%f0,%f30

-	clr	%o1

-			fmovs	%f1,%f29

-	clr	%o2

-			fmovs	%f0,%f28

-	clr	%o3

-			fmovs	%f1,%f27

-	clr	%o4

-			fmovs	%f0,%f26

-	clr	%o5

-			fmovs	%f1,%f25

-	clr	%o7

-			fmovs	%f0,%f24

-	clr	%l0

-			fmovs	%f1,%f23

-	clr	%l1

-			fmovs	%f0,%f22

-	clr	%l2

-			fmovs	%f1,%f21

-	clr	%l3

-			fmovs	%f0,%f20

-	clr	%l4

-			fmovs	%f1,%f19

-	clr	%l5

-			fmovs	%f0,%f18

-	clr	%l6

-			fmovs	%f1,%f17

-	clr	%l7

-			fmovs	%f0,%f16

-	clr	%i0

-			fmovs	%f1,%f15

-	clr	%i1

-			fmovs	%f0,%f14

-	clr	%i2

-			fmovs	%f1,%f13

-	clr	%i3

-			fmovs	%f0,%f12

-	clr	%i4

-			fmovs	%f1,%f11

-	clr	%i5

-			fmovs	%f0,%f10

-	clr	%g1

-			fmovs	%f1,%f9

-	clr	%g2

-			fmovs	%f0,%f8

-	clr	%g3

-			fmovs	%f1,%f7

-	clr	%g4

-			fmovs	%f0,%f6

-	clr	%g5

-			fmovs	%f1,%f5

-			fmovs	%f0,%f4

-			fmovs	%f1,%f3

-			fmovs	%f0,%f2

-	add	%fp,BIAS,%i0	! return pointer to caller�s top of stack

-	ret

-	restore

-.zero:	.long	0x0,0x0

-.PIC.zero.up:

-	retl

-	add	%o0,%o7,%o0

-#ifdef DEBUG

-.global	walk_reg_wins

-.type	walk_reg_wins,#function

-walk_reg_wins:

-#endif

-.walk.reg.wins:

-	save	%sp,FRAME,%sp

-	cmp	%i7,%o7

-	be	2f

-	clr	%o0

-	cmp	%o7,0	! compiler never cleans %o7...

-	be	1f	! could have been a leaf function...

-	clr	%o1

-	call	.walk.reg.wins

-	nop

-1:	clr	%o2

-	clr	%o3

-	clr	%o4

-	clr	%o5

-	clr	%o7

-	clr	%l0

-	clr	%l1

-	clr	%l2

-	clr	%l3

-	clr	%l4

-	clr	%l5

-	clr	%l6

-	clr	%l7

-	add	%o0,1,%i0	! used for debugging

-2:	ret

-	restore

-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu

-.global	OPENSSL_atomic_add

-.type	OPENSSL_atomic_add,#function

-OPENSSL_atomic_add:

-#ifndef ABI64

-	subcc	%g0,1,%o2

-	.word	0x95408000	!rd	%ccr,%o2, see comment above

-	cmp	%o2,0x99

-	be	.v9

-	nop

-	save	%sp,FRAME,%sp

-	ba	.enter

-	nop

-#ifdef __sun

-! Note that you don't have to link with libthread to call thr_yield,

-! as libc provides a stub, which is overloaded the moment you link

-! with *either* libpthread or libthread...

-#define	YIELD_CPU	thr_yield

-#else

-! applies at least to Linux and FreeBSD... Feedback expected...

-#define	YIELD_CPU	sched_yield

-#endif

-.spin:	call	YIELD_CPU

-	nop

-.enter:	ld	[%i0],%i2

-	cmp	%i2,-4096

-	be	.spin

-	mov	-1,%i2

-	swap	[%i0],%i2

-	cmp	%i2,-1

-	be	.spin

-	add	%i2,%i1,%i2

-	stbar

-	st	%i2,[%i0]

-	sra	%i2,%g0,%i0

-	ret

-	restore

-.v9:

-#endif

-	ld	[%o0],%o2

-1:	add	%o1,%o2,%o3

-	.word	0xd7e2100a	!cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3

-	cmp	%o2,%o3

-	bne	1b

-	mov	%o3,%o2		! cas is always fetching to dest. register

-	add	%o1,%o2,%o0	! OpenSSL expects the new value

-	retl

-	sra	%o0,%g0,%o0	! we return signed int, remember?

-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add

-.global	OPENSSL_rdtsc

-	subcc	%g0,1,%o0

-	.word	0x91408000	!rd	%ccr,%o0

-	cmp	%o0,0x99

-	bne	.notsc

-	xor	%o0,%o0,%o0

-	save	%sp,FRAME-16,%sp

-	mov	513,%o0		!SI_PLATFORM

-	add	%sp,BIAS+16,%o1

-	call	sysinfo

-	mov	256,%o2

-	add	%sp,BIAS-16,%o1

-	ld	[%o1],%l0

-	ld	[%o1+4],%l1

-	ld	[%o1+8],%l2

-	mov	%lo('SUNW'),%l3

-	ret

-	restore

-.notsc:

-	retl

-	nop

-.type	OPENSSL_rdtsc,#function

-.size	OPENSSL_rdtsc,.-OPENSSL_atomic_add

--- a/sys/src/ape/lib/openssl/crypto/stack/Makefile

+++ /dev/null

@@ -1,84 +1,0 @@

-#

-# OpenSSL/crypto/stack/Makefile

-#

-DIR=	stack

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=stack.c

-LIBOBJ=stack.o

-SRC= $(LIBSRC)

-EXHEADER= stack.h safestack.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-stack.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-stack.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-stack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-stack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-stack.o: ../../include/openssl/symhacks.h ../cryptlib.h stack.c

--- a/sys/src/ape/lib/openssl/crypto/stack/safestack.h

+++ /dev/null

@@ -1,1854 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SAFESTACK_H

-#define HEADER_SAFESTACK_H

-#include <openssl/stack.h>

-#ifdef DEBUG_SAFESTACK

-#ifndef CHECKED_PTR_OF

-#define CHECKED_PTR_OF(type, p) \

-    ((void*) (1 ? p : (type*)0))

-#endif

-#define CHECKED_SK_FREE_FUNC(type, p) \

-    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))

-#define CHECKED_SK_CMP_FUNC(type, p) \

-    ((int (*)(const char * const *, const char * const *)) \

-	((1 ? p : (int (*)(const type * const *, const type * const *))0)))

-#define STACK_OF(type) struct stack_st_##type

-#define PREDECLARE_STACK_OF(type) STACK_OF(type);

-#define DECLARE_STACK_OF(type) \

-STACK_OF(type) \

-    { \

-    STACK stack; \

-    };

-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/

-/* SKM_sk_... stack macros are internal to safestack.h:

- * never use them directly, use sk_<type>_... instead */

-#define SKM_sk_new(type, cmp) \

-	((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))

-#define SKM_sk_new_null(type) \

-	((STACK_OF(type) *)sk_new_null())

-#define SKM_sk_free(type, st) \

-	sk_free(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_num(type, st) \

-	sk_num(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_value(type, st,i) \

-	((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))

-#define SKM_sk_set(type, st,i,val) \

-	sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))

-#define SKM_sk_zero(type, st) \

-	sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_push(type, st,val) \

-	sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))

-#define SKM_sk_unshift(type, st,val) \

-	sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))

-#define SKM_sk_find(type, st,val) \

-	sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))

-#define SKM_sk_delete(type, st,i) \

-	(type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)

-#define SKM_sk_delete_ptr(type, st,ptr) \

-	(type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))

-#define SKM_sk_insert(type, st,val,i) \

-	sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)

-#define SKM_sk_set_cmp_func(type, st,cmp) \

-	((int (*)(const type * const *,const type * const *)) \

-	sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))

-#define SKM_sk_dup(type, st) \

-	(STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_pop_free(type, st,free_func) \

-	sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))

-#define SKM_sk_shift(type, st) \

-	(type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_pop(type, st) \

-	(type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_sort(type, st) \

-	sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))

-#define SKM_sk_is_sorted(type, st) \

-	sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))

-#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \

-				pp, length, \

-				CHECKED_D2I_OF(type, d2i_func), \

-				CHECKED_SK_FREE_FUNC(type, free_func), \

-				ex_tag, ex_class)

-#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \

-				CHECKED_I2D_OF(type, i2d_func), \

-				ex_tag, ex_class, is_set)

-#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \

-	ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \

-			CHECKED_I2D_OF(type, i2d_func), buf, len)

-#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \

-	(STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))

-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \

-				CHECKED_D2I_OF(type, d2i_func), \

-				CHECKED_SK_FREE_FUNC(type, free_func), \

-				pass, passlen, oct, seq)

-#else

-#define STACK_OF(type) STACK

-#define PREDECLARE_STACK_OF(type) /* nada */

-#define DECLARE_STACK_OF(type)    /* nada */

-#define IMPLEMENT_STACK_OF(type)  /* nada */

-#define SKM_sk_new(type, cmp) \

-	sk_new((int (*)(const char * const *, const char * const *))(cmp))

-#define SKM_sk_new_null(type) \

-	sk_new_null()

-#define SKM_sk_free(type, st) \

-	sk_free(st)

-#define SKM_sk_num(type, st) \

-	sk_num(st)

-#define SKM_sk_value(type, st,i) \

-	((type *)sk_value(st, i))

-#define SKM_sk_set(type, st,i,val) \

-	((type *)sk_set(st, i,(char *)val))

-#define SKM_sk_zero(type, st) \

-	sk_zero(st)

-#define SKM_sk_push(type, st,val) \

-	sk_push(st, (char *)val)

-#define SKM_sk_unshift(type, st,val) \

-	sk_unshift(st, val)

-#define SKM_sk_find(type, st,val) \

-	sk_find(st, (char *)val)

-#define SKM_sk_delete(type, st,i) \

-	((type *)sk_delete(st, i))

-#define SKM_sk_delete_ptr(type, st,ptr) \

-	((type *)sk_delete_ptr(st,(char *)ptr))

-#define SKM_sk_insert(type, st,val,i) \

-	sk_insert(st, (char *)val, i)

-#define SKM_sk_set_cmp_func(type, st,cmp) \

-	((int (*)(const type * const *,const type * const *)) \

-	sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))

-#define SKM_sk_dup(type, st) \

-	sk_dup(st)

-#define SKM_sk_pop_free(type, st,free_func) \

-	sk_pop_free(st, (void (*)(void *))free_func)

-#define SKM_sk_shift(type, st) \

-	((type *)sk_shift(st))

-#define SKM_sk_pop(type, st) \

-	((type *)sk_pop(st))

-#define SKM_sk_sort(type, st) \

-	sk_sort(st)

-#define SKM_sk_is_sorted(type, st) \

-	sk_is_sorted(st)

-#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)

-#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)

-#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \

-	ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)

-#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \

-	ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)

-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))

-#endif

-/* This block of defines is updated by util/mkstack.pl, please do not touch! */

-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)

-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))

-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))

-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))

-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))

-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))

-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))

-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))

-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)

-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))

-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))

-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))

-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))

-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)

-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))

-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))

-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))

-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))

-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))

-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))

-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))

-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))

-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))

-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))

-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)

-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))

-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))

-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))

-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))

-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))

-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)

-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))

-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))

-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))

-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))

-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))

-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))

-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))

-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)

-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))

-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))

-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)

-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))

-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))

-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))

-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))

-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))

-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))

-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))

-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)

-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))

-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))

-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))

-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)

-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))

-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))

-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))

-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))

-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))

-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))

-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))

-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)

-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))

-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))

-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))

-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)

-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))

-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))

-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))

-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))

-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))

-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))

-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))

-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)

-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))

-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))

-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)

-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))

-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))

-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))

-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))

-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))

-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))

-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))

-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)

-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))

-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))

-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))

-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)

-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))

-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))

-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))

-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))

-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))

-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))

-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))

-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)

-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))

-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))

-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))

-#define sk_BIO_new(st) SKM_sk_new(BIO, (st))

-#define sk_BIO_new_null() SKM_sk_new_null(BIO)

-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))

-#define sk_BIO_num(st) SKM_sk_num(BIO, (st))

-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))

-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))

-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))

-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))

-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))

-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))

-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))

-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))

-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))

-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))

-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))

-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)

-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))

-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))

-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))

-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))

-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))

-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)

-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))

-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))

-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))

-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))

-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))

-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))

-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))

-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)

-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))

-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))

-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))

-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))

-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)

-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))

-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))

-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))

-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))

-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))

-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))

-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))

-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))

-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))

-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))

-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)

-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))

-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))

-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))

-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))

-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))

-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))

-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)

-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))

-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))

-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))

-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))

-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))

-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))

-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))

-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))

-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))

-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))

-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)

-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))

-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))

-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))

-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))

-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)

-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))

-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))

-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))

-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))

-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))

-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))

-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)

-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))

-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))

-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)

-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))

-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))

-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))

-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))

-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))

-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))

-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))

-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)

-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))

-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))

-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))

-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))

-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)

-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))

-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))

-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))

-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))

-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))

-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))

-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))

-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))

-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))

-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))

-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)

-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))

-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))

-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))

-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))

-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))

-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))

-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)

-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))

-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))

-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))

-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))

-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))

-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))

-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))

-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))

-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))

-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))

-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))

-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))

-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))

-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)

-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))

-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))

-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))

-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))

-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))

-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)

-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))

-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))

-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))

-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))

-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))

-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))

-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))

-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)

-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))

-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))

-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))

-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)

-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))

-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))

-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))

-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))

-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))

-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))

-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))

-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)

-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))

-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))

-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))

-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)

-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))

-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))

-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))

-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))

-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))

-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))

-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))

-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)

-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))

-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))

-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))

-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))

-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)

-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))

-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))

-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))

-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))

-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))

-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))

-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))

-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))

-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))

-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))

-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)

-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))

-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))

-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))

-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))

-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))

-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)

-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))

-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))

-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))

-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))

-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))

-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))

-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))

-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)

-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))

-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))

-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))

-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)

-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))

-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))

-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))

-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))

-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))

-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))

-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))

-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)

-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))

-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))

-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))

-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)

-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))

-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))

-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))

-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))

-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))

-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))

-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))

-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)

-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))

-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))

-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)

-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))

-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))

-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))

-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))

-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))

-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))

-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))

-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)

-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))

-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))

-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)

-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))

-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))

-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))

-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))

-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))

-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))

-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))

-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)

-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))

-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))

-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))

-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)

-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))

-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))

-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))

-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))

-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))

-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))

-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))

-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)

-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))

-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))

-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)

-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))

-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))

-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))

-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))

-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))

-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))

-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))

-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)

-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))

-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))

-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))

-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)

-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))

-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))

-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))

-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))

-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))

-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))

-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))

-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)

-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))

-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))

-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))

-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)

-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))

-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))

-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))

-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))

-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))

-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))

-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))

-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)

-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))

-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))

-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))

-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))

-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)

-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))

-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))

-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))

-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))

-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))

-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))

-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))

-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))

-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))

-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))

-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)

-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))

-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))

-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))

-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))

-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))

-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))

-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)

-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))

-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))

-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))

-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))

-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))

-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))

-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))

-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))

-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))

-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))

-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)

-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))

-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))

-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))

-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))

-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))

-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)

-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))

-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))

-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))

-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))

-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))

-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))

-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))

-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)

-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))

-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))

-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))

-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)

-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))

-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))

-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))

-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))

-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))

-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))

-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))

-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)

-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))

-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))

-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))

-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)

-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))

-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))

-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))

-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))

-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))

-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))

-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))

-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)

-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))

-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))

-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))

-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)

-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))

-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))

-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))

-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))

-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))

-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))

-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))

-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)

-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))

-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))

-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))

-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)

-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))

-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))

-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))

-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))

-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))

-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))

-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))

-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)

-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))

-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))

-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))

-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))

-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)

-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))

-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))

-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))

-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))

-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))

-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))

-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))

-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))

-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))

-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))

-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))

-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))

-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))

-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)

-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))

-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))

-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))

-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))

-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))

-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)

-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))

-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))

-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))

-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))

-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))

-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))

-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))

-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)

-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))

-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)

-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))

-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))

-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))

-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))

-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))

-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))

-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))

-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)

-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))

-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))

-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))

-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))

-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)

-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))

-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))

-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))

-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))

-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))

-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))

-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))

-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))

-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))

-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))

-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)

-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))

-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))

-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))

-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))

-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))

-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)

-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))

-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))

-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))

-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))

-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))

-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))

-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))

-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)

-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))

-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))

-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))

-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)

-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))

-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))

-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))

-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))

-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))

-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))

-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))

-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)

-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))

-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))

-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))

-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)

-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))

-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))

-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))

-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))

-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))

-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))

-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))

-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)

-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))

-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))

-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))

-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))

-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)

-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))

-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))

-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))

-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))

-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))

-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))

-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))

-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))

-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))

-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))

-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)

-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))

-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))

-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))

-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))

-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))

-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)

-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))

-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))

-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))

-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))

-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))

-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))

-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))

-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)

-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))

-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))

-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))

-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))

-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)

-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))

-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))

-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))

-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))

-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))

-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))

-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))

-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))

-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))

-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))

-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))

-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))

-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))

-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)

-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))

-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))

-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))

-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))

-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))

-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))

-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)

-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))

-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))

-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))

-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))

-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))

-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))

-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))

-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))

-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))

-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))

-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))

-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))

-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))

-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)

-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))

-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))

-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))

-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))

-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))

-#define sk_X509_new(st) SKM_sk_new(X509, (st))

-#define sk_X509_new_null() SKM_sk_new_null(X509)

-#define sk_X509_free(st) SKM_sk_free(X509, (st))

-#define sk_X509_num(st) SKM_sk_num(X509, (st))

-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))

-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))

-#define sk_X509_zero(st) SKM_sk_zero(X509, (st))

-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))

-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))

-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))

-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))

-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))

-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))

-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))

-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))

-#define sk_X509_dup(st) SKM_sk_dup(X509, st)

-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))

-#define sk_X509_shift(st) SKM_sk_shift(X509, (st))

-#define sk_X509_pop(st) SKM_sk_pop(X509, (st))

-#define sk_X509_sort(st) SKM_sk_sort(X509, (st))

-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))

-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)

-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))

-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))

-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))

-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))

-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))

-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))

-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))

-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)

-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))

-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))

-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))

-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))

-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)

-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))

-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))

-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))

-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))

-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))

-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))

-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))

-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))

-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))

-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))

-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)

-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))

-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))

-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))

-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))

-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))

-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)

-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))

-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))

-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))

-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))

-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))

-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))

-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))

-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)

-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))

-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))

-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))

-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))

-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)

-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))

-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))

-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))

-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))

-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))

-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))

-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))

-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))

-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))

-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))

-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))

-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))

-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))

-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)

-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))

-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))

-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))

-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))

-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))

-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)

-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))

-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))

-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))

-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))

-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))

-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))

-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))

-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)

-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))

-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))

-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))

-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))

-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)

-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))

-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))

-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))

-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))

-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))

-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))

-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))

-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))

-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))

-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))

-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))

-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))

-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))

-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)

-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))

-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))

-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))

-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))

-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))

-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)

-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))

-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))

-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))

-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))

-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))

-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))

-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))

-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)

-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))

-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))

-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))

-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))

-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)

-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))

-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))

-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))

-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))

-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))

-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))

-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))

-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))

-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))

-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))

-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))

-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))

-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))

-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)

-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))

-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))

-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))

-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))

-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))

-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)

-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))

-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))

-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))

-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))

-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))

-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))

-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))

-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)

-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))

-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))

-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))

-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))

-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)

-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))

-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))

-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))

-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))

-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))

-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))

-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))

-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))

-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))

-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))

-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)

-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))

-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))

-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))

-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))

-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))

-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)

-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))

-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))

-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))

-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))

-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))

-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))

-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))

-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)

-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))

-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))

-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)

-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))

-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))

-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))

-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))

-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))

-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))

-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))

-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)

-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))

-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)

-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))

-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))

-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))

-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))

-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))

-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))

-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))

-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)

-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))

-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))

-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))

-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)

-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))

-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))

-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))

-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))

-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))

-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))

-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))

-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)

-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))

-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))

-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))

-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))

-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)

-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))

-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))

-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))

-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))

-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))

-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))

-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))

-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))

-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))

-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))

-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)

-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))

-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))

-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))

-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))

-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))

-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))

-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)

-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))

-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))

-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))

-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))

-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))

-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))

-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))

-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))

-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))

-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))

-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)

-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))

-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))

-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))

-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))

-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))

-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)

-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))

-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))

-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))

-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))

-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))

-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))

-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))

-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)

-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))

-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))

-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))

-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))

-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \

-	SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))

-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \

-	SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))

-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \

-	SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))

-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \

-	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))

-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))

-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \

-	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))

-/* End of util/mkstack.pl block, you may now edit :-) */

-#endif /* !defined HEADER_SAFESTACK_H */

--- a/sys/src/ape/lib/openssl/crypto/stack/stack.c

+++ /dev/null

@@ -1,341 +1,0 @@

-/* crypto/stack/stack.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Code for stacks

- * Author - Eric Young v 1.0

- * 1.2 eay 12-Mar-97 -	Modified sk_find so that it _DOES_ return the

- *			lowest index for the searched item.

- *

- * 1.1 eay - Take from netdb and added to SSLeay

- *

- * 1.0 eay - First version 29/07/92

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/stack.h>

-#include <openssl/objects.h>

-#undef MIN_NODES

-#define MIN_NODES	4

-const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;

-#include <errno.h>

-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))

-		(const char * const *, const char * const *)

-	{

-	int (*old)(const char * const *,const char * const *)=sk->comp;

-	if (sk->comp != c)

-		sk->sorted=0;

-	sk->comp=c;

-	return old;

-	}

-STACK *sk_dup(STACK *sk)

-	{

-	STACK *ret;

-	char **s;

-	if ((ret=sk_new(sk->comp)) == NULL) goto err;

-	s=(char **)OPENSSL_realloc((char *)ret->data,

-		(unsigned int)sizeof(char *)*sk->num_alloc);

-	if (s == NULL) goto err;

-	ret->data=s;

-	ret->num=sk->num;

-	memcpy(ret->data,sk->data,sizeof(char *)*sk->num);

-	ret->sorted=sk->sorted;

-	ret->num_alloc=sk->num_alloc;

-	ret->comp=sk->comp;

-	return(ret);

-err:

-	if(ret)

-		sk_free(ret);

-	return(NULL);

-	}

-STACK *sk_new_null(void)

-	{

-	return sk_new((int (*)(const char * const *, const char * const *))0);

-	}

-STACK *sk_new(int (*c)(const char * const *, const char * const *))

-	{

-	STACK *ret;

-	int i;

-	if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)

-		goto err;

-	if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)

-		goto err;

-	for (i=0; i<MIN_NODES; i++)

-		ret->data[i]=NULL;

-	ret->comp=c;

-	ret->num_alloc=MIN_NODES;

-	ret->num=0;

-	ret->sorted=0;

-	return(ret);

-err:

-	if(ret)

-		OPENSSL_free(ret);

-	return(NULL);

-	}

-int sk_insert(STACK *st, char *data, int loc)

-	{

-	char **s;

-	if(st == NULL) return 0;

-	if (st->num_alloc <= st->num+1)

-		{

-		s=(char **)OPENSSL_realloc((char *)st->data,

-			(unsigned int)sizeof(char *)*st->num_alloc*2);

-		if (s == NULL)

-			return(0);

-		st->data=s;

-		st->num_alloc*=2;

-		}

-	if ((loc >= (int)st->num) || (loc < 0))

-		st->data[st->num]=data;

-	else

-		{

-		int i;

-		char **f,**t;

-		f=(char **)st->data;

-		t=(char **)&(st->data[1]);

-		for (i=st->num; i>=loc; i--)

-			t[i]=f[i];

-#ifdef undef /* no memmove on sunos :-( */

-		memmove( (char *)&(st->data[loc+1]),

-			(char *)&(st->data[loc]),

-			sizeof(char *)*(st->num-loc));

-#endif

-		st->data[loc]=data;

-		}

-	st->num++;

-	st->sorted=0;

-	return(st->num);

-	}

-char *sk_delete_ptr(STACK *st, char *p)

-	{

-	int i;

-	for (i=0; i<st->num; i++)

-		if (st->data[i] == p)

-			return(sk_delete(st,i));

-	return(NULL);

-	}

-char *sk_delete(STACK *st, int loc)

-	{

-	char *ret;

-	int i,j;

-	if(!st || (loc < 0) || (loc >= st->num)) return NULL;

-	ret=st->data[loc];

-	if (loc != st->num-1)

-		{

-		j=st->num-1;

-		for (i=loc; i<j; i++)

-			st->data[i]=st->data[i+1];

-		/* In theory memcpy is not safe for this

-		 * memcpy( &(st->data[loc]),

-		 *	&(st->data[loc+1]),

-		 *	sizeof(char *)*(st->num-loc-1));

-		 */

-		}

-	st->num--;

-	return(ret);

-	}

-static int internal_find(STACK *st, char *data, int ret_val_options)

-	{

-	char **r;

-	int i;

-	int (*comp_func)(const void *,const void *);

-	if(st == NULL) return -1;

-	if (st->comp == NULL)

-		{

-		for (i=0; i<st->num; i++)

-			if (st->data[i] == data)

-				return(i);

-		return(-1);

-		}

-	sk_sort(st);

-	if (data == NULL) return(-1);

-	/* This (and the "qsort" below) are the two places in OpenSSL

-	 * where we need to convert from our standard (type **,type **)

-	 * compare callback type to the (void *,void *) type required by

-	 * bsearch. However, the "data" it is being called(back) with are

-	 * not (type *) pointers, but the *pointers* to (type *) pointers,

-	 * so we get our extra level of pointer dereferencing that way. */

-	comp_func=(int (*)(const void *,const void *))(st->comp);

-	r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data,

-		st->num,sizeof(char *),comp_func,ret_val_options);

-	if (r == NULL) return(-1);

-	return((int)(r-st->data));

-	}

-int sk_find(STACK *st, char *data)

-	{

-	return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);

-	}

-int sk_find_ex(STACK *st, char *data)

-	{

-	return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);

-	}

-int sk_push(STACK *st, char *data)

-	{

-	return(sk_insert(st,data,st->num));

-	}

-int sk_unshift(STACK *st, char *data)

-	{

-	return(sk_insert(st,data,0));

-	}

-char *sk_shift(STACK *st)

-	{

-	if (st == NULL) return(NULL);

-	if (st->num <= 0) return(NULL);

-	return(sk_delete(st,0));

-	}

-char *sk_pop(STACK *st)

-	{

-	if (st == NULL) return(NULL);

-	if (st->num <= 0) return(NULL);

-	return(sk_delete(st,st->num-1));

-	}

-void sk_zero(STACK *st)

-	{

-	if (st == NULL) return;

-	if (st->num <= 0) return;

-	memset((char *)st->data,0,sizeof(st->data)*st->num);

-	st->num=0;

-	}

-void sk_pop_free(STACK *st, void (*func)(void *))

-	{

-	int i;

-	if (st == NULL) return;

-	for (i=0; i<st->num; i++)

-		if (st->data[i] != NULL)

-			func(st->data[i]);

-	sk_free(st);

-	}

-void sk_free(STACK *st)

-	{

-	if (st == NULL) return;

-	if (st->data != NULL) OPENSSL_free(st->data);

-	OPENSSL_free(st);

-	}

-int sk_num(const STACK *st)

-{

-	if(st == NULL) return -1;

-	return st->num;

-}

-char *sk_value(const STACK *st, int i)

-{

-	if(!st || (i < 0) || (i >= st->num)) return NULL;

-	return st->data[i];

-}

-char *sk_set(STACK *st, int i, char *value)

-{

-	if(!st || (i < 0) || (i >= st->num)) return NULL;

-	return (st->data[i] = value);

-}

-void sk_sort(STACK *st)

-	{

-	if (st && !st->sorted)

-		{

-		int (*comp_func)(const void *,const void *);

-		/* same comment as in sk_find ... previously st->comp was declared

-		 * as a (void*,void*) callback type, but this made the population

-		 * of the callback pointer illogical - our callbacks compare

-		 * type** with type**, so we leave the casting until absolutely

-		 * necessary (ie. "now"). */

-		comp_func=(int (*)(const void *,const void *))(st->comp);

-		qsort(st->data,st->num,sizeof(char *), comp_func);

-		st->sorted=1;

-		}

-	}

-int sk_is_sorted(const STACK *st)

-	{

-	if (!st)

-		return 1;

-	return st->sorted;

-	}

--- a/sys/src/ape/lib/openssl/crypto/stack/stack.h

+++ /dev/null

@@ -1,109 +1,0 @@

-/* crypto/stack/stack.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_STACK_H

-#define HEADER_STACK_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct stack_st

-	{

-	int num;

-	char **data;

-	int sorted;

-	int num_alloc;

-	int (*comp)(const char * const *, const char * const *);

-	} STACK;

-#define M_sk_num(sk)		((sk) ? (sk)->num:-1)

-#define M_sk_value(sk,n)	((sk) ? (sk)->data[n] : NULL)

-int sk_num(const STACK *);

-char *sk_value(const STACK *, int);

-char *sk_set(STACK *, int, char *);

-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));

-STACK *sk_new_null(void);

-void sk_free(STACK *);

-void sk_pop_free(STACK *st, void (*func)(void *));

-int sk_insert(STACK *sk,char *data,int where);

-char *sk_delete(STACK *st,int loc);

-char *sk_delete_ptr(STACK *st, char *p);

-int sk_find(STACK *st,char *data);

-int sk_find_ex(STACK *st,char *data);

-int sk_push(STACK *st,char *data);

-int sk_unshift(STACK *st,char *data);

-char *sk_shift(STACK *st);

-char *sk_pop(STACK *st);

-void sk_zero(STACK *st);

-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,

-			const char * const *)))

-			(const char * const *, const char * const *);

-STACK *sk_dup(STACK *st);

-void sk_sort(STACK *st);

-int sk_is_sorted(const STACK *st);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/store/Makefile

+++ /dev/null

@@ -1,112 +1,0 @@

-#

-# OpenSSL/crypto/store/Makefile

-#

-DIR=	store

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-#TEST= storetest.c

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c

-LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o

-SRC= $(LIBSRC)

-#EXHEADER= store.h str_compat.h

-EXHEADER= store.h

-HEADER=	$(EXHEADER) str_locl.h

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-str_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-str_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-str_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-str_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-str_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h

-str_err.o: str_err.c

-str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h

-str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h

-str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-str_lib.o: str_lib.c str_locl.h

-str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h

-str_mem.o: str_locl.h str_mem.c

-str_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-str_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-str_meth.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h

-str_meth.o: str_locl.h str_meth.c

--- a/sys/src/ape/lib/openssl/crypto/store/README

+++ /dev/null

@@ -1,95 +1,0 @@

-The STORE type

-==============

-A STORE, as defined in this code section, is really a rather simple

-thing which stores objects and per-object associations to a number

-of attributes.  What attributes are supported entirely depends on

-the particular implementation of a STORE.  It has some support for

-generation of certain objects (for example, keys and CRLs).

-Supported object types

-----------------------

-For now, the objects that are supported are the following:

-X.509 certificate

-X.509 CRL

-private key

-public key

-number

-arbitrary (application) data

-The intention is that a STORE should be able to store everything

-needed by an application that wants a cert/key store, as well as

-the data a CA might need to store (this includes the serial number

-counter, which explains the support for numbers).

-Supported attribute types

--------------------------

-For now, the following attributes are supported:

-Friendly Name		- the value is a normal C string

-Key ID			- the value is a 160 bit SHA1 hash

-Issuer Key ID		- the value is a 160 bit SHA1 hash

-Subject Key ID		- the value is a 160 bit SHA1 hash

-Issuer/Serial Hash	- the value is a 160 bit SHA1 hash

-Issuer			- the value is a X509_NAME

-Serial			- the value is a BIGNUM

-Subject			- the value is a X509_NAME

-Certificate Hash	- the value is a 160 bit SHA1 hash

-Email			- the value is a normal C string

-Filename		- the value is a normal C string

-It is expected that these attributes should be enough to support

-the need from most, if not all, current applications.  Applications

-that need to do certificate verification would typically use Subject

-Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.

-S/MIME applications would typically use Email to look up recipient

-and signer certificates.

-There's added support for combined sets of attributes to search for,

-with the special OR attribute.

-Supported basic functionality

------------------------------

-The functions that are supported through the STORE type are these:

-generate_object		- for example to generate keys and CRLs

-get_object		- to look up one object

-			  NOTE: this function is really rather

-			  redundant and probably of lesser usage

-			  than the list functions

-store_object		- store an object and the attributes

-			  associated with it

-modify_object		- modify the attributes associated with

-			  a specific object

-revoke_object		- revoke an object

-			  NOTE: this only marks an object as

-			  invalid, it doesn't remove the object

-			  from the database

-delete_object		- remove an object from the database

-list_object		- list objects associated with a given

-			  set of attributes

-			  NOTE: this is really four functions:

-			  list_start, list_next, list_end and

-			  list_endp

-update_store		- update the internal data of the store

-lock_store		- lock the store

-unlock_store		- unlock the store

-The list functions need some extra explanation: list_start is

-used to set up a lookup.  That's where the attributes to use in

-the search are set up.  It returns a search context.  list_next

-returns the next object searched for.  list_end closes the search.

-list_endp is used to check if we have reached the end.

-A few words on the store functions as well: update_store is

-typically used by a CA application to update the internal

-structure of a database.  This may for example involve automatic

-removal of expired certificates.  lock_store and unlock_store

-are used for locking a store to allow exclusive writes.

--- a/sys/src/ape/lib/openssl/crypto/store/store.h

+++ /dev/null

@@ -1,554 +1,0 @@

-/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_STORE_H

-#define HEADER_STORE_H

-#include <openssl/ossl_typ.h>

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#include <openssl/x509.h>

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Already defined in ossl_typ.h */

-/* typedef struct store_st STORE; */

-/* typedef struct store_method_st STORE_METHOD; */

-/* All the following functions return 0, a negative number or NULL on error.

-   When everything is fine, they return a positive value or a non-NULL

-   pointer, all depending on their purpose. */

-/* Creators and destructor.   */

-STORE *STORE_new_method(const STORE_METHOD *method);

-STORE *STORE_new_engine(ENGINE *engine);

-void STORE_free(STORE *ui);

-/* Give a user interface parametrised control commands.  This can be used to

-   send down an integer, a data pointer or a function pointer, as well as

-   be used to get information from a STORE. */

-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));

-/* A control to set the directory with keys and certificates.  Used by the

-   built-in directory level method. */

-#define STORE_CTRL_SET_DIRECTORY	0x0001

-/* A control to set a file to load.  Used by the built-in file level method. */

-#define STORE_CTRL_SET_FILE		0x0002

-/* A control to set a configuration file to load.  Can be used by any method

-   that wishes to load a configuration file. */

-#define STORE_CTRL_SET_CONF_FILE	0x0003

-/* A control to set a the section of the loaded configuration file.  Can be

-   used by any method that wishes to load a configuration file. */

-#define STORE_CTRL_SET_CONF_SECTION	0x0004

-/* Some methods may use extra data */

-#define STORE_set_app_data(s,arg)	STORE_set_ex_data(s,0,arg)

-#define STORE_get_app_data(s)		STORE_get_ex_data(s,0)

-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int STORE_set_ex_data(STORE *r,int idx,void *arg);

-void *STORE_get_ex_data(STORE *r, int idx);

-/* Use specific methods instead of the built-in one */

-const STORE_METHOD *STORE_get_method(STORE *store);

-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);

-/* The standard OpenSSL methods. */

-/* This is the in-memory method.  It does everything except revoking and updating,

-   and is of course volatile.  It's used by other methods that have an in-memory

-   cache. */

-const STORE_METHOD *STORE_Memory(void);

-#if 0 /* Not yet implemented */

-/* This is the directory store.  It does everything except revoking and updating,

-   and uses STORE_Memory() to cache things in memory. */

-const STORE_METHOD *STORE_Directory(void);

-/* This is the file store.  It does everything except revoking and updating,

-   and uses STORE_Memory() to cache things in memory.  Certificates are added

-   to it with the store operation, and it will only get cached certificates. */

-const STORE_METHOD *STORE_File(void);

-#endif

-/* Store functions take a type code for the type of data they should store

-   or fetch */

-typedef enum STORE_object_types

-	{

-	STORE_OBJECT_TYPE_X509_CERTIFICATE=	0x01, /* X509 * */

-	STORE_OBJECT_TYPE_X509_CRL=		0x02, /* X509_CRL * */

-	STORE_OBJECT_TYPE_PRIVATE_KEY=		0x03, /* EVP_PKEY * */

-	STORE_OBJECT_TYPE_PUBLIC_KEY=		0x04, /* EVP_PKEY * */

-	STORE_OBJECT_TYPE_NUMBER=		0x05, /* BIGNUM * */

-	STORE_OBJECT_TYPE_ARBITRARY=		0x06, /* BUF_MEM * */

-	STORE_OBJECT_TYPE_NUM=			0x06  /* The amount of known

-							 object types */

-	} STORE_OBJECT_TYPES;

-/* List of text strings corresponding to the object types. */

-extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];

-/* Some store functions take a parameter list.  Those parameters come with

-   one of the following codes. The comments following the codes below indicate

-   what type the value should be a pointer to. */

-typedef enum STORE_params

-	{

-	STORE_PARAM_EVP_TYPE=			0x01, /* int */

-	STORE_PARAM_BITS=			0x02, /* size_t */

-	STORE_PARAM_KEY_PARAMETERS=		0x03, /* ??? */

-	STORE_PARAM_KEY_NO_PARAMETERS=		0x04, /* N/A */

-	STORE_PARAM_AUTH_PASSPHRASE=		0x05, /* char * */

-	STORE_PARAM_AUTH_KRB5_TICKET=		0x06, /* void * */

-	STORE_PARAM_TYPE_NUM=			0x06  /* The amount of known

-							 parameter types */

-	} STORE_PARAM_TYPES;

-/* Parameter value sizes.  -1 means unknown, anything else is the required size. */

-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];

-/* Store functions take attribute lists.  Those attributes come with codes.

-   The comments following the codes below indicate what type the value should

-   be a pointer to. */

-typedef enum STORE_attribs

-	{

-	STORE_ATTR_END=				0x00,

-	STORE_ATTR_FRIENDLYNAME=		0x01, /* C string */

-	STORE_ATTR_KEYID=			0x02, /* 160 bit string (SHA1) */

-	STORE_ATTR_ISSUERKEYID=			0x03, /* 160 bit string (SHA1) */

-	STORE_ATTR_SUBJECTKEYID=		0x04, /* 160 bit string (SHA1) */

-	STORE_ATTR_ISSUERSERIALHASH=		0x05, /* 160 bit string (SHA1) */

-	STORE_ATTR_ISSUER=			0x06, /* X509_NAME * */

-	STORE_ATTR_SERIAL=			0x07, /* BIGNUM * */

-	STORE_ATTR_SUBJECT=			0x08, /* X509_NAME * */

-	STORE_ATTR_CERTHASH=			0x09, /* 160 bit string (SHA1) */

-	STORE_ATTR_EMAIL=			0x0a, /* C string */

-	STORE_ATTR_FILENAME=			0x0b, /* C string */

-	STORE_ATTR_TYPE_NUM=			0x0b, /* The amount of known

-							 attribute types */

-	STORE_ATTR_OR=				0xff  /* This is a special

-							 separator, which

-							 expresses the OR

-							 operation.  */

-	} STORE_ATTR_TYPES;

-/* Attribute value sizes.  -1 means unknown, anything else is the required size. */

-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];

-typedef enum STORE_certificate_status

-	{

-	STORE_X509_VALID=			0x00,

-	STORE_X509_EXPIRED=			0x01,

-	STORE_X509_SUSPENDED=			0x02,

-	STORE_X509_REVOKED=			0x03

-	} STORE_CERTIFICATE_STATUS;

-/* Engine store functions will return a structure that contains all the necessary

- * information, including revokation status for certificates.  This is really not

- * needed for application authors, as the ENGINE framework functions will extract

- * the OpenSSL-specific information when at all possible.  However, for engine

- * authors, it's crucial to know this structure.  */

-typedef struct STORE_OBJECT_st

-	{

-	STORE_OBJECT_TYPES type;

-	union

-		{

-		struct

-			{

-			STORE_CERTIFICATE_STATUS status;

-			X509 *certificate;

-			} x509;

-		X509_CRL *crl;

-		EVP_PKEY *key;

-		BIGNUM *number;

-		BUF_MEM *arbitrary;

-		} data;

-	} STORE_OBJECT;

-DECLARE_STACK_OF(STORE_OBJECT)

-STORE_OBJECT *STORE_OBJECT_new(void);

-void STORE_OBJECT_free(STORE_OBJECT *data);

-/* The following functions handle the storage. They return 0, a negative number

-   or NULL on error, anything else on success. */

-X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-X509 *STORE_list_certificate_next(STORE *e, void *handle);

-int STORE_list_certificate_end(STORE *e, void *handle);

-int STORE_list_certificate_endp(STORE *e, void *handle);

-EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_private_key(STORE *e, EVP_PKEY *data,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);

-int STORE_list_private_key_end(STORE *e, void *handle);

-int STORE_list_private_key_endp(STORE *e, void *handle);

-EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);

-int STORE_list_public_key_end(STORE *e, void *handle);

-int STORE_list_public_key_endp(STORE *e, void *handle);

-X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-X509_CRL *STORE_list_crl_next(STORE *e, void *handle);

-int STORE_list_crl_end(STORE *e, void *handle);

-int STORE_list_crl_endp(STORE *e, void *handle);

-int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-/* Create and manipulate methods */

-STORE_METHOD *STORE_create_method(char *name);

-void STORE_destroy_method(STORE_METHOD *store_method);

-/* These callback types are use for store handlers */

-typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);

-typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);

-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);

-typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);

-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));

-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);

-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);

-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);

-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);

-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);

-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);

-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);

-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);

-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);

-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);

-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);

-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);

-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);

-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);

-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);

-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);

-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);

-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);

-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);

-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);

-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);

-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);

-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);

-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);

-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);

-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);

-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);

-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);

-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);

-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);

-/* Method helper structures and functions. */

-/* This structure is the result of parsing through the information in a list

-   of OPENSSL_ITEMs.  It stores all the necessary information in a structured

-   way.*/

-typedef struct STORE_attr_info_st STORE_ATTR_INFO;

-/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.

-   Note that we do this in the list form, since the list of OPENSSL_ITEMs can

-   come in blocks separated with STORE_ATTR_OR.  Note that the value returned

-   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */

-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);

-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);

-int STORE_parse_attrs_end(void *handle);

-int STORE_parse_attrs_endp(void *handle);

-/* Creator and destructor */

-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);

-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);

-/* Manipulators */

-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);

-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,

-	STORE_ATTR_TYPES code);

-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);

-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);

-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	char *cstr, size_t cstr_size);

-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	unsigned char *sha1str, size_t sha1str_size);

-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	X509_NAME *dn);

-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	BIGNUM *number);

-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	char *cstr, size_t cstr_size);

-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	unsigned char *sha1str, size_t sha1str_size);

-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	X509_NAME *dn);

-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	BIGNUM *number);

-/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values

-   in each contained attribute. */

-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* Check if the set of attributes in a is within the range of attributes

-   set in b. */

-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* Check if the set of attributes in a are also set in b. */

-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */

-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_STORE_strings(void);

-/* Error codes for the STORE functions. */

-/* Function codes. */

-#define STORE_F_MEM_DELETE				 134

-#define STORE_F_MEM_GENERATE				 135

-#define STORE_F_MEM_LIST_END				 168

-#define STORE_F_MEM_LIST_NEXT				 136

-#define STORE_F_MEM_LIST_START				 137

-#define STORE_F_MEM_MODIFY				 169

-#define STORE_F_MEM_STORE				 138

-#define STORE_F_STORE_ATTR_INFO_GET0_CSTR		 139

-#define STORE_F_STORE_ATTR_INFO_GET0_DN			 140

-#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER		 141

-#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR		 142

-#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR		 143

-#define STORE_F_STORE_ATTR_INFO_MODIFY_DN		 144

-#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER		 145

-#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR		 146

-#define STORE_F_STORE_ATTR_INFO_SET_CSTR		 147

-#define STORE_F_STORE_ATTR_INFO_SET_DN			 148

-#define STORE_F_STORE_ATTR_INFO_SET_NUMBER		 149

-#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR		 150

-#define STORE_F_STORE_CERTIFICATE			 170

-#define STORE_F_STORE_CTRL				 161

-#define STORE_F_STORE_DELETE_ARBITRARY			 158

-#define STORE_F_STORE_DELETE_CERTIFICATE		 102

-#define STORE_F_STORE_DELETE_CRL			 103

-#define STORE_F_STORE_DELETE_NUMBER			 104

-#define STORE_F_STORE_DELETE_PRIVATE_KEY		 105

-#define STORE_F_STORE_DELETE_PUBLIC_KEY			 106

-#define STORE_F_STORE_GENERATE_CRL			 107

-#define STORE_F_STORE_GENERATE_KEY			 108

-#define STORE_F_STORE_GET_ARBITRARY			 159

-#define STORE_F_STORE_GET_CERTIFICATE			 109

-#define STORE_F_STORE_GET_CRL				 110

-#define STORE_F_STORE_GET_NUMBER			 111

-#define STORE_F_STORE_GET_PRIVATE_KEY			 112

-#define STORE_F_STORE_GET_PUBLIC_KEY			 113

-#define STORE_F_STORE_LIST_CERTIFICATE_END		 114

-#define STORE_F_STORE_LIST_CERTIFICATE_ENDP		 153

-#define STORE_F_STORE_LIST_CERTIFICATE_NEXT		 115

-#define STORE_F_STORE_LIST_CERTIFICATE_START		 116

-#define STORE_F_STORE_LIST_CRL_END			 117

-#define STORE_F_STORE_LIST_CRL_ENDP			 154

-#define STORE_F_STORE_LIST_CRL_NEXT			 118

-#define STORE_F_STORE_LIST_CRL_START			 119

-#define STORE_F_STORE_LIST_PRIVATE_KEY_END		 120

-#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP		 155

-#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT		 121

-#define STORE_F_STORE_LIST_PRIVATE_KEY_START		 122

-#define STORE_F_STORE_LIST_PUBLIC_KEY_END		 123

-#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP		 156

-#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT		 124

-#define STORE_F_STORE_LIST_PUBLIC_KEY_START		 125

-#define STORE_F_STORE_MODIFY_ARBITRARY			 162

-#define STORE_F_STORE_MODIFY_CERTIFICATE		 163

-#define STORE_F_STORE_MODIFY_CRL			 164

-#define STORE_F_STORE_MODIFY_NUMBER			 165

-#define STORE_F_STORE_MODIFY_PRIVATE_KEY		 166

-#define STORE_F_STORE_MODIFY_PUBLIC_KEY			 167

-#define STORE_F_STORE_NEW_ENGINE			 133

-#define STORE_F_STORE_NEW_METHOD			 132

-#define STORE_F_STORE_PARSE_ATTRS_END			 151

-#define STORE_F_STORE_PARSE_ATTRS_ENDP			 172

-#define STORE_F_STORE_PARSE_ATTRS_NEXT			 152

-#define STORE_F_STORE_PARSE_ATTRS_START			 171

-#define STORE_F_STORE_REVOKE_CERTIFICATE		 129

-#define STORE_F_STORE_REVOKE_PRIVATE_KEY		 130

-#define STORE_F_STORE_REVOKE_PUBLIC_KEY			 131

-#define STORE_F_STORE_STORE_ARBITRARY			 157

-#define STORE_F_STORE_STORE_CERTIFICATE			 100

-#define STORE_F_STORE_STORE_CRL				 101

-#define STORE_F_STORE_STORE_NUMBER			 126

-#define STORE_F_STORE_STORE_PRIVATE_KEY			 127

-#define STORE_F_STORE_STORE_PUBLIC_KEY			 128

-/* Reason codes. */

-#define STORE_R_ALREADY_HAS_A_VALUE			 127

-#define STORE_R_FAILED_DELETING_ARBITRARY		 132

-#define STORE_R_FAILED_DELETING_CERTIFICATE		 100

-#define STORE_R_FAILED_DELETING_KEY			 101

-#define STORE_R_FAILED_DELETING_NUMBER			 102

-#define STORE_R_FAILED_GENERATING_CRL			 103

-#define STORE_R_FAILED_GENERATING_KEY			 104

-#define STORE_R_FAILED_GETTING_ARBITRARY		 133

-#define STORE_R_FAILED_GETTING_CERTIFICATE		 105

-#define STORE_R_FAILED_GETTING_KEY			 106

-#define STORE_R_FAILED_GETTING_NUMBER			 107

-#define STORE_R_FAILED_LISTING_CERTIFICATES		 108

-#define STORE_R_FAILED_LISTING_KEYS			 109

-#define STORE_R_FAILED_MODIFYING_ARBITRARY		 138

-#define STORE_R_FAILED_MODIFYING_CERTIFICATE		 139

-#define STORE_R_FAILED_MODIFYING_CRL			 140

-#define STORE_R_FAILED_MODIFYING_NUMBER			 141

-#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY		 142

-#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY		 143

-#define STORE_R_FAILED_REVOKING_CERTIFICATE		 110

-#define STORE_R_FAILED_REVOKING_KEY			 111

-#define STORE_R_FAILED_STORING_ARBITRARY		 134

-#define STORE_R_FAILED_STORING_CERTIFICATE		 112

-#define STORE_R_FAILED_STORING_KEY			 113

-#define STORE_R_FAILED_STORING_NUMBER			 114

-#define STORE_R_NOT_IMPLEMENTED				 128

-#define STORE_R_NO_CONTROL_FUNCTION			 144

-#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION		 135

-#define STORE_R_NO_DELETE_NUMBER_FUNCTION		 115

-#define STORE_R_NO_DELETE_OBJECT_FUNCTION		 116

-#define STORE_R_NO_GENERATE_CRL_FUNCTION		 117

-#define STORE_R_NO_GENERATE_OBJECT_FUNCTION		 118

-#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION	 136

-#define STORE_R_NO_GET_OBJECT_FUNCTION			 119

-#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION		 120

-#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION		 131

-#define STORE_R_NO_LIST_OBJECT_END_FUNCTION		 121

-#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION		 122

-#define STORE_R_NO_LIST_OBJECT_START_FUNCTION		 123

-#define STORE_R_NO_MODIFY_OBJECT_FUNCTION		 145

-#define STORE_R_NO_REVOKE_OBJECT_FUNCTION		 124

-#define STORE_R_NO_STORE				 129

-#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION	 137

-#define STORE_R_NO_STORE_OBJECT_FUNCTION		 125

-#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION		 126

-#define STORE_R_NO_VALUE				 130

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/store/str_err.c

+++ /dev/null

@@ -1,211 +1,0 @@

-/* crypto/store/str_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/store.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)

-static ERR_STRING_DATA STORE_str_functs[]=

-	{

-{ERR_FUNC(STORE_F_MEM_DELETE),	"MEM_DELETE"},

-{ERR_FUNC(STORE_F_MEM_GENERATE),	"MEM_GENERATE"},

-{ERR_FUNC(STORE_F_MEM_LIST_END),	"MEM_LIST_END"},

-{ERR_FUNC(STORE_F_MEM_LIST_NEXT),	"MEM_LIST_NEXT"},

-{ERR_FUNC(STORE_F_MEM_LIST_START),	"MEM_LIST_START"},

-{ERR_FUNC(STORE_F_MEM_MODIFY),	"MEM_MODIFY"},

-{ERR_FUNC(STORE_F_MEM_STORE),	"MEM_STORE"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),	"STORE_ATTR_INFO_get0_cstr"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN),	"STORE_ATTR_INFO_get0_dn"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER),	"STORE_ATTR_INFO_get0_number"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),	"STORE_ATTR_INFO_get0_sha1str"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR),	"STORE_ATTR_INFO_modify_cstr"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),	"STORE_ATTR_INFO_modify_dn"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),	"STORE_ATTR_INFO_modify_number"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),	"STORE_ATTR_INFO_modify_sha1str"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR),	"STORE_ATTR_INFO_set_cstr"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN),	"STORE_ATTR_INFO_set_dn"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),	"STORE_ATTR_INFO_set_number"},

-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR),	"STORE_ATTR_INFO_set_sha1str"},

-{ERR_FUNC(STORE_F_STORE_CERTIFICATE),	"STORE_CERTIFICATE"},

-{ERR_FUNC(STORE_F_STORE_CTRL),	"STORE_ctrl"},

-{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY),	"STORE_delete_arbitrary"},

-{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE),	"STORE_delete_certificate"},

-{ERR_FUNC(STORE_F_STORE_DELETE_CRL),	"STORE_delete_crl"},

-{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER),	"STORE_delete_number"},

-{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY),	"STORE_delete_private_key"},

-{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY),	"STORE_delete_public_key"},

-{ERR_FUNC(STORE_F_STORE_GENERATE_CRL),	"STORE_generate_crl"},

-{ERR_FUNC(STORE_F_STORE_GENERATE_KEY),	"STORE_generate_key"},

-{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY),	"STORE_get_arbitrary"},

-{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE),	"STORE_get_certificate"},

-{ERR_FUNC(STORE_F_STORE_GET_CRL),	"STORE_get_crl"},

-{ERR_FUNC(STORE_F_STORE_GET_NUMBER),	"STORE_get_number"},

-{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY),	"STORE_get_private_key"},

-{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY),	"STORE_get_public_key"},

-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),	"STORE_list_certificate_end"},

-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP),	"STORE_list_certificate_endp"},

-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT),	"STORE_list_certificate_next"},

-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),	"STORE_list_certificate_start"},

-{ERR_FUNC(STORE_F_STORE_LIST_CRL_END),	"STORE_list_crl_end"},

-{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP),	"STORE_list_crl_endp"},

-{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT),	"STORE_list_crl_next"},

-{ERR_FUNC(STORE_F_STORE_LIST_CRL_START),	"STORE_list_crl_start"},

-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),	"STORE_list_private_key_end"},

-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP),	"STORE_list_private_key_endp"},

-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT),	"STORE_list_private_key_next"},

-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),	"STORE_list_private_key_start"},

-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),	"STORE_list_public_key_end"},

-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),	"STORE_list_public_key_endp"},

-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),	"STORE_list_public_key_next"},

-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START),	"STORE_list_public_key_start"},

-{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY),	"STORE_modify_arbitrary"},

-{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE),	"STORE_modify_certificate"},

-{ERR_FUNC(STORE_F_STORE_MODIFY_CRL),	"STORE_modify_crl"},

-{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER),	"STORE_modify_number"},

-{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY),	"STORE_modify_private_key"},

-{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY),	"STORE_modify_public_key"},

-{ERR_FUNC(STORE_F_STORE_NEW_ENGINE),	"STORE_new_engine"},

-{ERR_FUNC(STORE_F_STORE_NEW_METHOD),	"STORE_new_method"},

-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END),	"STORE_parse_attrs_end"},

-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP),	"STORE_parse_attrs_endp"},

-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT),	"STORE_parse_attrs_next"},

-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START),	"STORE_parse_attrs_start"},

-{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE),	"STORE_revoke_certificate"},

-{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY),	"STORE_revoke_private_key"},

-{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY),	"STORE_revoke_public_key"},

-{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY),	"STORE_store_arbitrary"},

-{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE),	"STORE_store_certificate"},

-{ERR_FUNC(STORE_F_STORE_STORE_CRL),	"STORE_store_crl"},

-{ERR_FUNC(STORE_F_STORE_STORE_NUMBER),	"STORE_store_number"},

-{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY),	"STORE_store_private_key"},

-{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY),	"STORE_store_public_key"},

-{0,NULL}

-	};

-static ERR_STRING_DATA STORE_str_reasons[]=

-	{

-{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},

-{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},

-{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},

-{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},

-{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},

-{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},

-{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},

-{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},

-{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},

-{ERR_REASON(STORE_R_FAILED_GETTING_KEY)  ,"failed getting key"},

-{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},

-{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},

-{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},

-{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},

-{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},

-{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},

-{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},

-{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},

-{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},

-{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},

-{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},

-{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},

-{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},

-{ERR_REASON(STORE_R_FAILED_STORING_KEY)  ,"failed storing key"},

-{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},

-{ERR_REASON(STORE_R_NOT_IMPLEMENTED)     ,"not implemented"},

-{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},

-{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},

-{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},

-{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},

-{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},

-{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},

-{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},

-{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},

-{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},

-{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},

-{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},

-{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},

-{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},

-{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},

-{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},

-{ERR_REASON(STORE_R_NO_STORE)            ,"no store"},

-{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},

-{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},

-{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},

-{ERR_REASON(STORE_R_NO_VALUE)            ,"no value"},

-{0,NULL}

-	};

-#endif

-void ERR_load_STORE_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,STORE_str_functs);

-		ERR_load_strings(0,STORE_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/store/str_lib.c

+++ /dev/null

@@ -1,1824 +1,0 @@

-/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include <openssl/bn.h>

-#include <openssl/err.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/sha.h>

-#include <openssl/x509.h>

-#include "str_locl.h"

-const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =

-	{

-	0,

-	"X.509 Certificate",

-	"X.509 CRL",

-	"Private Key",

-	"Public Key",

-	"Number",

-	"Arbitrary Data"

-	};

-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =

-	{

-	0,

-	sizeof(int),		/* EVP_TYPE */

-	sizeof(size_t),		/* BITS */

-	-1,			/* KEY_PARAMETERS */

-	0			/* KEY_NO_PARAMETERS */

-	};

-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =

-	{

-	0,

-	-1,			/* FRIENDLYNAME:	C string */

-	SHA_DIGEST_LENGTH,	/* KEYID:		SHA1 digest, 160 bits */

-	SHA_DIGEST_LENGTH,	/* ISSUERKEYID:		SHA1 digest, 160 bits */

-	SHA_DIGEST_LENGTH,	/* SUBJECTKEYID:	SHA1 digest, 160 bits */

-	SHA_DIGEST_LENGTH,	/* ISSUERSERIALHASH:	SHA1 digest, 160 bits */

-	sizeof(X509_NAME *),	/* ISSUER:		X509_NAME * */

-	sizeof(BIGNUM *),	/* SERIAL:		BIGNUM * */

-	sizeof(X509_NAME *),	/* SUBJECT:		X509_NAME * */

-	SHA_DIGEST_LENGTH,	/* CERTHASH:		SHA1 digest, 160 bits */

-	-1,			/* EMAIL:		C string */

-	-1,			/* FILENAME:		C string */

-	};

-STORE *STORE_new_method(const STORE_METHOD *method)

-	{

-	STORE *ret;

-	if (method == NULL)

-		{

-		STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	ret=(STORE *)OPENSSL_malloc(sizeof(STORE));

-	if (ret == NULL)

-		{

-		STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	ret->meth=method;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);

-	if (ret->meth->init && !ret->meth->init(ret))

-		{

-		STORE_free(ret);

-		ret = NULL;

-		}

-	return ret;

-	}

-STORE *STORE_new_engine(ENGINE *engine)

-	{

-	STORE *ret = NULL;

-	ENGINE *e = engine;

-	const STORE_METHOD *meth = 0;

-#ifdef OPENSSL_NO_ENGINE

-	e = NULL;

-#else

-	if (engine)

-		{

-		if (!ENGINE_init(engine))

-			{

-			STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);

-			return NULL;

-			}

-		e = engine;

-		}

-	else

-		{

-		STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if(e)

-		{

-		meth = ENGINE_get_STORE(e);

-		if(!meth)

-			{

-			STOREerr(STORE_F_STORE_NEW_ENGINE,

-				ERR_R_ENGINE_LIB);

-			ENGINE_finish(e);

-			return NULL;

-			}

-		}

-#endif

-	ret = STORE_new_method(meth);

-	if (ret == NULL)

-		{

-		STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);

-		return NULL;

-		}

-	ret->engine = e;

-	return(ret);

-	}

-void STORE_free(STORE *store)

-	{

-	if (store == NULL)

-		return;

-	if (store->meth->clean)

-		store->meth->clean(store);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);

-	OPENSSL_free(store);

-	}

-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))

-	{

-	if (store == NULL)

-		{

-		STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (store->meth->ctrl)

-		return store->meth->ctrl(store, cmd, i, p, f);

-	STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);

-	return 0;

-	}

-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-        {

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,

-				new_func, dup_func, free_func);

-        }

-int STORE_set_ex_data(STORE *r, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));

-	}

-void *STORE_get_ex_data(STORE *r, int idx)

-	{

-	return(CRYPTO_get_ex_data(&r->ex_data,idx));

-	}

-const STORE_METHOD *STORE_get_method(STORE *store)

-	{

-	return store->meth;

-	}

-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)

-	{

-	store->meth=meth;

-	return store->meth;

-	}

-/* API helpers */

-#define check_store(s,fncode,fnname,fnerrcode) \

-	do \

-		{ \

-		if ((s) == NULL || (s)->meth == NULL) \

-			{ \

-			STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \

-			return 0; \

-			} \

-		if ((s)->meth->fnname == NULL) \

-			{ \

-			STOREerr((fncode), (fnerrcode)); \

-			return 0; \

-			} \

-		} \

-	while(0)

-/* API functions */

-X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	X509 *x;

-	check_store(s,STORE_F_STORE_GET_CERTIFICATE,

-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);

-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,

-		attributes, parameters);

-	if (!object || !object->data.x509.certificate)

-		{

-		STOREerr(STORE_F_STORE_GET_CERTIFICATE,

-			STORE_R_FAILED_GETTING_CERTIFICATE);

-		return 0;

-		}

-	CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);

-#ifdef REF_PRINT

-	REF_PRINT("X509",data);

-#endif

-	x = object->data.x509.certificate;

-	STORE_OBJECT_free(object);

-	return x;

-	}

-int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	int i;

-	check_store(s,STORE_F_STORE_CERTIFICATE,

-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);

-	object = STORE_OBJECT_new();

-	if (!object)

-		{

-		STOREerr(STORE_F_STORE_STORE_CERTIFICATE,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);

-#ifdef REF_PRINT

-	REF_PRINT("X509",data);

-#endif

-	object->data.x509.certificate = data;

-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,

-		object, attributes, parameters);

-	STORE_OBJECT_free(object);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_STORE_CERTIFICATE,

-			STORE_R_FAILED_STORING_CERTIFICATE);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,

-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);

-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,

-		    search_attributes, add_attributes, modify_attributes,

-		    delete_attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,

-			STORE_R_FAILED_MODIFYING_CERTIFICATE);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,

-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);

-	if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,

-		    attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,

-			STORE_R_FAILED_REVOKING_CERTIFICATE);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,

-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);

-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,

-		    attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,

-			STORE_R_FAILED_DELETING_CERTIFICATE);

-		return 0;

-		}

-	return 1;

-	}

-void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	void *handle;

-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,

-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);

-	handle = s->meth->list_object_start(s,

-		STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);

-	if (!handle)

-		{

-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,

-			STORE_R_FAILED_LISTING_CERTIFICATES);

-		return 0;

-		}

-	return handle;

-	}

-X509 *STORE_list_certificate_next(STORE *s, void *handle)

-	{

-	STORE_OBJECT *object;

-	X509 *x;

-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,

-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);

-	object = s->meth->list_object_next(s, handle);

-	if (!object || !object->data.x509.certificate)

-		{

-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,

-			STORE_R_FAILED_LISTING_CERTIFICATES);

-		return 0;

-		}

-	CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);

-#ifdef REF_PRINT

-	REF_PRINT("X509",data);

-#endif

-	x = object->data.x509.certificate;

-	STORE_OBJECT_free(object);

-	return x;

-	}

-int STORE_list_certificate_end(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,

-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);

-	if (!s->meth->list_object_end(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,

-			STORE_R_FAILED_LISTING_CERTIFICATES);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_list_certificate_endp(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,

-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);

-	if (!s->meth->list_object_endp(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,

-			STORE_R_FAILED_LISTING_CERTIFICATES);

-		return 0;

-		}

-	return 1;

-	}

-EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	EVP_PKEY *pkey;

-	check_store(s,STORE_F_STORE_GENERATE_KEY,

-		generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);

-	object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,

-		attributes, parameters);

-	if (!object || !object->data.key)

-		{

-		STOREerr(STORE_F_STORE_GENERATE_KEY,

-			STORE_R_FAILED_GENERATING_KEY);

-		return 0;

-		}

-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	pkey = object->data.key;

-	STORE_OBJECT_free(object);

-	return pkey;

-	}

-EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	EVP_PKEY *pkey;

-	check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,

-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);

-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,

-		attributes, parameters);

-	if (!object || !object->data.key || !object->data.key)

-		{

-		STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,

-			STORE_R_FAILED_GETTING_KEY);

-		return 0;

-		}

-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	pkey = object->data.key;

-	STORE_OBJECT_free(object);

-	return pkey;

-	}

-int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	int i;

-	check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,

-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);

-	object = STORE_OBJECT_new();

-	if (!object)

-		{

-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	object->data.key = EVP_PKEY_new();

-	if (!object->data.key)

-		{

-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	object->data.key = data;

-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,

-		attributes, parameters);

-	STORE_OBJECT_free(object);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,

-			STORE_R_FAILED_STORING_KEY);

-		return 0;

-		}

-	return i;

-	}

-int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,

-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);

-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,

-		    search_attributes, add_attributes, modify_attributes,

-		    delete_attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,

-			STORE_R_FAILED_MODIFYING_PRIVATE_KEY);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	int i;

-	check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,

-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);

-	i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,

-		attributes, parameters);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,

-			STORE_R_FAILED_REVOKING_KEY);

-		return 0;

-		}

-	return i;

-	}

-int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,

-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);

-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,

-		    attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,

-			STORE_R_FAILED_DELETING_KEY);

-		return 0;

-		}

-	return 1;

-	}

-void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	void *handle;

-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,

-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);

-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,

-		attributes, parameters);

-	if (!handle)

-		{

-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return handle;

-	}

-EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)

-	{

-	STORE_OBJECT *object;

-	EVP_PKEY *pkey;

-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,

-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);

-	object = s->meth->list_object_next(s, handle);

-	if (!object || !object->data.key || !object->data.key)

-		{

-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	pkey = object->data.key;

-	STORE_OBJECT_free(object);

-	return pkey;

-	}

-int STORE_list_private_key_end(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,

-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);

-	if (!s->meth->list_object_end(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_list_private_key_endp(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,

-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);

-	if (!s->meth->list_object_endp(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return 1;

-	}

-EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	EVP_PKEY *pkey;

-	check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,

-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);

-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,

-		attributes, parameters);

-	if (!object || !object->data.key || !object->data.key)

-		{

-		STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,

-			STORE_R_FAILED_GETTING_KEY);

-		return 0;

-		}

-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	pkey = object->data.key;

-	STORE_OBJECT_free(object);

-	return pkey;

-	}

-int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	int i;

-	check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,

-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);

-	object = STORE_OBJECT_new();

-	if (!object)

-		{

-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	object->data.key = EVP_PKEY_new();

-	if (!object->data.key)

-		{

-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	object->data.key = data;

-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,

-		attributes, parameters);

-	STORE_OBJECT_free(object);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,

-			STORE_R_FAILED_STORING_KEY);

-		return 0;

-		}

-	return i;

-	}

-int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,

-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);

-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,

-		    search_attributes, add_attributes, modify_attributes,

-		    delete_attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,

-			STORE_R_FAILED_MODIFYING_PUBLIC_KEY);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	int i;

-	check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,

-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);

-	i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,

-		attributes, parameters);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,

-			STORE_R_FAILED_REVOKING_KEY);

-		return 0;

-		}

-	return i;

-	}

-int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,

-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);

-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,

-		    attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,

-			STORE_R_FAILED_DELETING_KEY);

-		return 0;

-		}

-	return 1;

-	}

-void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	void *handle;

-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,

-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);

-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,

-		attributes, parameters);

-	if (!handle)

-		{

-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return handle;

-	}

-EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)

-	{

-	STORE_OBJECT *object;

-	EVP_PKEY *pkey;

-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,

-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);

-	object = s->meth->list_object_next(s, handle);

-	if (!object || !object->data.key || !object->data.key)

-		{

-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);

-#ifdef REF_PRINT

-	REF_PRINT("EVP_PKEY",data);

-#endif

-	pkey = object->data.key;

-	STORE_OBJECT_free(object);

-	return pkey;

-	}

-int STORE_list_public_key_end(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,

-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);

-	if (!s->meth->list_object_end(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_list_public_key_endp(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,

-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);

-	if (!s->meth->list_object_endp(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return 1;

-	}

-X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	X509_CRL *crl;

-	check_store(s,STORE_F_STORE_GENERATE_CRL,

-		generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);

-	object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,

-		attributes, parameters);

-	if (!object || !object->data.crl)

-		{

-		STOREerr(STORE_F_STORE_GENERATE_CRL,

-			STORE_R_FAILED_GENERATING_CRL);

-		return 0;

-		}

-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);

-#ifdef REF_PRINT

-	REF_PRINT("X509_CRL",data);

-#endif

-	crl = object->data.crl;

-	STORE_OBJECT_free(object);

-	return crl;

-	}

-X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	X509_CRL *crl;

-	check_store(s,STORE_F_STORE_GET_CRL,

-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);

-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,

-		attributes, parameters);

-	if (!object || !object->data.crl)

-		{

-		STOREerr(STORE_F_STORE_GET_CRL,

-			STORE_R_FAILED_GETTING_KEY);

-		return 0;

-		}

-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);

-#ifdef REF_PRINT

-	REF_PRINT("X509_CRL",data);

-#endif

-	crl = object->data.crl;

-	STORE_OBJECT_free(object);

-	return crl;

-	}

-int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	int i;

-	check_store(s,STORE_F_STORE_STORE_CRL,

-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);

-	object = STORE_OBJECT_new();

-	if (!object)

-		{

-		STOREerr(STORE_F_STORE_STORE_CRL,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);

-#ifdef REF_PRINT

-	REF_PRINT("X509_CRL",data);

-#endif

-	object->data.crl = data;

-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,

-		attributes, parameters);

-	STORE_OBJECT_free(object);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_STORE_CRL,

-			STORE_R_FAILED_STORING_KEY);

-		return 0;

-		}

-	return i;

-	}

-int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_MODIFY_CRL,

-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);

-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,

-		    search_attributes, add_attributes, modify_attributes,

-		    delete_attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_MODIFY_CRL,

-			STORE_R_FAILED_MODIFYING_CRL);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_DELETE_CRL,

-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);

-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,

-		    attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_DELETE_CRL,

-			STORE_R_FAILED_DELETING_KEY);

-		return 0;

-		}

-	return 1;

-	}

-void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	void *handle;

-	check_store(s,STORE_F_STORE_LIST_CRL_START,

-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);

-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,

-		attributes, parameters);

-	if (!handle)

-		{

-		STOREerr(STORE_F_STORE_LIST_CRL_START,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return handle;

-	}

-X509_CRL *STORE_list_crl_next(STORE *s, void *handle)

-	{

-	STORE_OBJECT *object;

-	X509_CRL *crl;

-	check_store(s,STORE_F_STORE_LIST_CRL_NEXT,

-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);

-	object = s->meth->list_object_next(s, handle);

-	if (!object || !object->data.crl)

-		{

-		STOREerr(STORE_F_STORE_LIST_CRL_NEXT,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);

-#ifdef REF_PRINT

-	REF_PRINT("X509_CRL",data);

-#endif

-	crl = object->data.crl;

-	STORE_OBJECT_free(object);

-	return crl;

-	}

-int STORE_list_crl_end(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_CRL_END,

-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);

-	if (!s->meth->list_object_end(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_CRL_END,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_list_crl_endp(STORE *s, void *handle)

-	{

-	check_store(s,STORE_F_STORE_LIST_CRL_ENDP,

-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);

-	if (!s->meth->list_object_endp(s, handle))

-		{

-		STOREerr(STORE_F_STORE_LIST_CRL_ENDP,

-			STORE_R_FAILED_LISTING_KEYS);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	int i;

-	check_store(s,STORE_F_STORE_STORE_NUMBER,

-		store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);

-	object = STORE_OBJECT_new();

-	if (!object)

-		{

-		STOREerr(STORE_F_STORE_STORE_NUMBER,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	object->data.number = data;

-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,

-		attributes, parameters);

-	STORE_OBJECT_free(object);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_STORE_NUMBER,

-			STORE_R_FAILED_STORING_NUMBER);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_MODIFY_NUMBER,

-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);

-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,

-		    search_attributes, add_attributes, modify_attributes,

-		    delete_attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_MODIFY_NUMBER,

-			STORE_R_FAILED_MODIFYING_NUMBER);

-		return 0;

-		}

-	return 1;

-	}

-BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	BIGNUM *n;

-	check_store(s,STORE_F_STORE_GET_NUMBER,

-		get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);

-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,

-		parameters);

-	if (!object || !object->data.number)

-		{

-		STOREerr(STORE_F_STORE_GET_NUMBER,

-			STORE_R_FAILED_GETTING_NUMBER);

-		return 0;

-		}

-	n = object->data.number;

-	object->data.number = NULL;

-	STORE_OBJECT_free(object);

-	return n;

-	}

-int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_DELETE_NUMBER,

-		delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);

-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,

-		    parameters))

-		{

-		STOREerr(STORE_F_STORE_DELETE_NUMBER,

-			STORE_R_FAILED_DELETING_NUMBER);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	int i;

-	check_store(s,STORE_F_STORE_STORE_ARBITRARY,

-		store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);

-	object = STORE_OBJECT_new();

-	if (!object)

-		{

-		STOREerr(STORE_F_STORE_STORE_ARBITRARY,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	object->data.arbitrary = data;

-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,

-		attributes, parameters);

-	STORE_OBJECT_free(object);

-	if (!i)

-		{

-		STOREerr(STORE_F_STORE_STORE_ARBITRARY,

-			STORE_R_FAILED_STORING_ARBITRARY);

-		return 0;

-		}

-	return 1;

-	}

-int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],

-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],

-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,

-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);

-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,

-		    search_attributes, add_attributes, modify_attributes,

-		    delete_attributes, parameters))

-		{

-		STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,

-			STORE_R_FAILED_MODIFYING_ARBITRARY);

-		return 0;

-		}

-	return 1;

-	}

-BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STORE_OBJECT *object;

-	BUF_MEM *b;

-	check_store(s,STORE_F_STORE_GET_ARBITRARY,

-		get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);

-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,

-		attributes, parameters);

-	if (!object || !object->data.arbitrary)

-		{

-		STOREerr(STORE_F_STORE_GET_ARBITRARY,

-			STORE_R_FAILED_GETTING_ARBITRARY);

-		return 0;

-		}

-	b = object->data.arbitrary;

-	object->data.arbitrary = NULL;

-	STORE_OBJECT_free(object);

-	return b;

-	}

-int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	check_store(s,STORE_F_STORE_DELETE_ARBITRARY,

-		delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);

-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,

-		    parameters))

-		{

-		STOREerr(STORE_F_STORE_DELETE_ARBITRARY,

-			STORE_R_FAILED_DELETING_ARBITRARY);

-		return 0;

-		}

-	return 1;

-	}

-STORE_OBJECT *STORE_OBJECT_new(void)

-	{

-	STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));

-	if (object) memset(object, 0, sizeof(STORE_OBJECT));

-	return object;

-	}

-void STORE_OBJECT_free(STORE_OBJECT *data)

-	{

-	if (!data) return;

-	switch (data->type)

-		{

-	case STORE_OBJECT_TYPE_X509_CERTIFICATE:

-		X509_free(data->data.x509.certificate);

-		break;

-	case STORE_OBJECT_TYPE_X509_CRL:

-		X509_CRL_free(data->data.crl);

-		break;

-	case STORE_OBJECT_TYPE_PRIVATE_KEY:

-	case STORE_OBJECT_TYPE_PUBLIC_KEY:

-		EVP_PKEY_free(data->data.key);

-		break;

-	case STORE_OBJECT_TYPE_NUMBER:

-		BN_free(data->data.number);

-		break;

-	case STORE_OBJECT_TYPE_ARBITRARY:

-		BUF_MEM_free(data->data.arbitrary);

-		break;

-		}

-	OPENSSL_free(data);

-	}

-IMPLEMENT_STACK_OF(STORE_OBJECT*)

-struct STORE_attr_info_st

-	{

-	unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];

-	union

-		{

-		char *cstring;

-		unsigned char *sha1string;

-		X509_NAME *dn;

-		BIGNUM *number;

-		void *any;

-		} values[STORE_ATTR_TYPE_NUM+1];

-	size_t value_sizes[STORE_ATTR_TYPE_NUM+1];

-	};

-#define ATTR_IS_SET(a,i)	((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \

-				&& ((a)->set[(i) / 8] & (1 << ((i) % 8))))

-#define SET_ATTRBIT(a,i)	((a)->set[(i) / 8] |= (1 << ((i) % 8)))

-#define CLEAR_ATTRBIT(a,i)	((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))

-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)

-	{

-	return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));

-	}

-static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,

-	STORE_ATTR_TYPES code)

-	{

-	if (ATTR_IS_SET(attrs,code))

-		{

-		switch(code)

-			{

-		case STORE_ATTR_FRIENDLYNAME:

-		case STORE_ATTR_EMAIL:

-		case STORE_ATTR_FILENAME:

-			STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);

-			break;

-		case STORE_ATTR_KEYID:

-		case STORE_ATTR_ISSUERKEYID:

-		case STORE_ATTR_SUBJECTKEYID:

-		case STORE_ATTR_ISSUERSERIALHASH:

-		case STORE_ATTR_CERTHASH:

-			STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);

-			break;

-		case STORE_ATTR_ISSUER:

-		case STORE_ATTR_SUBJECT:

-			STORE_ATTR_INFO_modify_dn(attrs, code, NULL);

-			break;

-		case STORE_ATTR_SERIAL:

-			STORE_ATTR_INFO_modify_number(attrs, code, NULL);

-			break;

-		default:

-			break;

-			}

-		}

-	}

-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)

-	{

-	if (attrs)

-		{

-		STORE_ATTR_TYPES i;

-		for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)

-			STORE_ATTR_INFO_attr_free(attrs, i);

-		OPENSSL_free(attrs);

-		}

-	return 1;

-	}

-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		return attrs->values[code].cstring;

-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,

-		STORE_R_NO_VALUE);

-	return NULL;

-	}

-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,

-	STORE_ATTR_TYPES code)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		return attrs->values[code].sha1string;

-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,

-		STORE_R_NO_VALUE);

-	return NULL;

-	}

-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		return attrs->values[code].dn;

-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,

-		STORE_R_NO_VALUE);

-	return NULL;

-	}

-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		return attrs->values[code].number;

-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,

-		STORE_R_NO_VALUE);

-	return NULL;

-	}

-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	char *cstr, size_t cstr_size)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (!ATTR_IS_SET(attrs,code))

-		{

-		if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))

-			return 1;

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);

-	return 0;

-	}

-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	unsigned char *sha1str, size_t sha1str_size)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (!ATTR_IS_SET(attrs,code))

-		{

-		if ((attrs->values[code].sha1string =

-			    (unsigned char *)BUF_memdup(sha1str,

-				    sha1str_size)))

-			return 1;

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);

-	return 0;

-	}

-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	X509_NAME *dn)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (!ATTR_IS_SET(attrs,code))

-		{

-		if ((attrs->values[code].dn = X509_NAME_dup(dn)))

-			return 1;

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);

-	return 0;

-	}

-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	BIGNUM *number)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (!ATTR_IS_SET(attrs,code))

-		{

-		if ((attrs->values[code].number = BN_dup(number)))

-			return 1;

-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,

-			ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);

-	return 0;

-	}

-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	char *cstr, size_t cstr_size)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		{

-		OPENSSL_free(attrs->values[code].cstring);

-		attrs->values[code].cstring = NULL;

-		CLEAR_ATTRBIT(attrs, code);

-		}

-	return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);

-	}

-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	unsigned char *sha1str, size_t sha1str_size)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		{

-		OPENSSL_free(attrs->values[code].sha1string);

-		attrs->values[code].sha1string = NULL;

-		CLEAR_ATTRBIT(attrs, code);

-		}

-	return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);

-	}

-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	X509_NAME *dn)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		{

-		OPENSSL_free(attrs->values[code].dn);

-		attrs->values[code].dn = NULL;

-		CLEAR_ATTRBIT(attrs, code);

-		}

-	return STORE_ATTR_INFO_set_dn(attrs, code, dn);

-	}

-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,

-	BIGNUM *number)

-	{

-	if (!attrs)

-		{

-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,

-			ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (ATTR_IS_SET(attrs,code))

-		{

-		OPENSSL_free(attrs->values[code].number);

-		attrs->values[code].number = NULL;

-		CLEAR_ATTRBIT(attrs, code);

-		}

-	return STORE_ATTR_INFO_set_number(attrs, code, number);

-	}

-struct attr_list_ctx_st

-	{

-	OPENSSL_ITEM *attributes;

-	};

-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)

-	{

-	if (attributes)

-		{

-		struct attr_list_ctx_st *context =

-			(struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));

-		if (context)

-			context->attributes = attributes;

-		else

-			STOREerr(STORE_F_STORE_PARSE_ATTRS_START,

-				ERR_R_MALLOC_FAILURE);

-		return context;

-		}

-	STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);

-	return 0;

-	}

-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)

-	{

-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;

-	if (context && context->attributes)

-		{

-		STORE_ATTR_INFO *attrs = NULL;

-		while(context->attributes

-			&& context->attributes->code != STORE_ATTR_OR

-			&& context->attributes->code != STORE_ATTR_END)

-			{

-			switch(context->attributes->code)

-				{

-			case STORE_ATTR_FRIENDLYNAME:

-			case STORE_ATTR_EMAIL:

-			case STORE_ATTR_FILENAME:

-				if (!attrs) attrs = STORE_ATTR_INFO_new();

-				if (attrs == NULL)

-					{

-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,

-						ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				STORE_ATTR_INFO_set_cstr(attrs,

-					context->attributes->code,

-					context->attributes->value,

-					context->attributes->value_size);

-				break;

-			case STORE_ATTR_KEYID:

-			case STORE_ATTR_ISSUERKEYID:

-			case STORE_ATTR_SUBJECTKEYID:

-			case STORE_ATTR_ISSUERSERIALHASH:

-			case STORE_ATTR_CERTHASH:

-				if (!attrs) attrs = STORE_ATTR_INFO_new();

-				if (attrs == NULL)

-					{

-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,

-						ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				STORE_ATTR_INFO_set_sha1str(attrs,

-					context->attributes->code,

-					context->attributes->value,

-					context->attributes->value_size);

-				break;

-			case STORE_ATTR_ISSUER:

-			case STORE_ATTR_SUBJECT:

-				if (!attrs) attrs = STORE_ATTR_INFO_new();

-				if (attrs == NULL)

-					{

-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,

-						ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				STORE_ATTR_INFO_modify_dn(attrs,

-					context->attributes->code,

-					context->attributes->value);

-				break;

-			case STORE_ATTR_SERIAL:

-				if (!attrs) attrs = STORE_ATTR_INFO_new();

-				if (attrs == NULL)

-					{

-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,

-						ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				STORE_ATTR_INFO_modify_number(attrs,

-					context->attributes->code,

-					context->attributes->value);

-				break;

-				}

-			context->attributes++;

-			}

-		if (context->attributes->code == STORE_ATTR_OR)

-			context->attributes++;

-		return attrs;

-	err:

-		while(context->attributes

-			&& context->attributes->code != STORE_ATTR_OR

-			&& context->attributes->code != STORE_ATTR_END)

-			context->attributes++;

-		if (context->attributes->code == STORE_ATTR_OR)

-			context->attributes++;

-		return NULL;

-		}

-	STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);

-	return NULL;

-	}

-int STORE_parse_attrs_end(void *handle)

-	{

-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;

-	if (context && context->attributes)

-		{

-#if 0

-		OPENSSL_ITEM *attributes = context->attributes;

-#endif

-		OPENSSL_free(context);

-		return 1;

-		}

-	STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);

-	return 0;

-	}

-int STORE_parse_attrs_endp(void *handle)

-	{

-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;

-	if (context && context->attributes)

-		{

-		return context->attributes->code == STORE_ATTR_END;

-		}

-	STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);

-	return 0;

-	}

-static int attr_info_compare_compute_range(

-	unsigned char *abits, unsigned char *bbits,

-	unsigned int *alowp, unsigned int *ahighp,

-	unsigned int *blowp, unsigned int *bhighp)

-	{

-	unsigned int alow = (unsigned int)-1, ahigh = 0;

-	unsigned int blow = (unsigned int)-1, bhigh = 0;

-	int i, res = 0;

-	for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)

-		{

-		if (res == 0)

-			{

-			if (*abits < *bbits) res = -1;

-			if (*abits > *bbits) res = 1;

-			}

-		if (*abits)

-			{

-			if (alow == (unsigned int)-1)

-				{

-				alow = i * 8;

-				if (!(*abits & 0x01)) alow++;

-				if (!(*abits & 0x02)) alow++;

-				if (!(*abits & 0x04)) alow++;

-				if (!(*abits & 0x08)) alow++;

-				if (!(*abits & 0x10)) alow++;

-				if (!(*abits & 0x20)) alow++;

-				if (!(*abits & 0x40)) alow++;

-				}

-			ahigh = i * 8 + 7;

-			if (!(*abits & 0x80)) ahigh++;

-			if (!(*abits & 0x40)) ahigh++;

-			if (!(*abits & 0x20)) ahigh++;

-			if (!(*abits & 0x10)) ahigh++;

-			if (!(*abits & 0x08)) ahigh++;

-			if (!(*abits & 0x04)) ahigh++;

-			if (!(*abits & 0x02)) ahigh++;

-			}

-		if (*bbits)

-			{

-			if (blow == (unsigned int)-1)

-				{

-				blow = i * 8;

-				if (!(*bbits & 0x01)) blow++;

-				if (!(*bbits & 0x02)) blow++;

-				if (!(*bbits & 0x04)) blow++;

-				if (!(*bbits & 0x08)) blow++;

-				if (!(*bbits & 0x10)) blow++;

-				if (!(*bbits & 0x20)) blow++;

-				if (!(*bbits & 0x40)) blow++;

-				}

-			bhigh = i * 8 + 7;

-			if (!(*bbits & 0x80)) bhigh++;

-			if (!(*bbits & 0x40)) bhigh++;

-			if (!(*bbits & 0x20)) bhigh++;

-			if (!(*bbits & 0x10)) bhigh++;

-			if (!(*bbits & 0x08)) bhigh++;

-			if (!(*bbits & 0x04)) bhigh++;

-			if (!(*bbits & 0x02)) bhigh++;

-			}

-		}

-	if (ahigh + alow < bhigh + blow) res = -1;

-	if (ahigh + alow > bhigh + blow) res = 1;

-	if (alowp) *alowp = alow;

-	if (ahighp) *ahighp = ahigh;

-	if (blowp) *blowp = blow;

-	if (bhighp) *bhighp = bhigh;

-	return res;

-	}

-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)

-	{

-	if (a == b) return 0;

-	if (!a) return -1;

-	if (!b) return 1;

-	return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);

-	}

-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)

-	{

-	unsigned int alow, ahigh, blow, bhigh;

-	if (a == b) return 1;

-	if (!a) return 0;

-	if (!b) return 0;

-	attr_info_compare_compute_range(a->set, b->set,

-		&alow, &ahigh, &blow, &bhigh);

-	if (alow >= blow && ahigh <= bhigh)

-		return 1;

-	return 0;

-	}

-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)

-	{

-	unsigned char *abits, *bbits;

-	int i;

-	if (a == b) return 1;

-	if (!a) return 0;

-	if (!b) return 0;

-	abits = a->set;

-	bbits = b->set;

-	for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)

-		{

-		if (*abits && (*bbits & *abits) != *abits)

-			return 0;

-		}

-	return 1;

-	}

-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)

-	{

-	STORE_ATTR_TYPES i;

-	if (a == b) return 1;

-	if (!STORE_ATTR_INFO_in(a, b)) return 0;

-	for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)

-		if (ATTR_IS_SET(a, i))

-			{

-			switch(i)

-				{

-			case STORE_ATTR_FRIENDLYNAME:

-			case STORE_ATTR_EMAIL:

-			case STORE_ATTR_FILENAME:

-				if (strcmp(a->values[i].cstring,

-					    b->values[i].cstring))

-					return 0;

-				break;

-			case STORE_ATTR_KEYID:

-			case STORE_ATTR_ISSUERKEYID:

-			case STORE_ATTR_SUBJECTKEYID:

-			case STORE_ATTR_ISSUERSERIALHASH:

-			case STORE_ATTR_CERTHASH:

-				if (memcmp(a->values[i].sha1string,

-					    b->values[i].sha1string,

-					    a->value_sizes[i]))

-					return 0;

-				break;

-			case STORE_ATTR_ISSUER:

-			case STORE_ATTR_SUBJECT:

-				if (X509_NAME_cmp(a->values[i].dn,

-					    b->values[i].dn))

-					return 0;

-				break;

-			case STORE_ATTR_SERIAL:

-				if (BN_cmp(a->values[i].number,

-					    b->values[i].number))

-					return 0;

-				break;

-			default:

-				break;

-				}

-			}

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/store/str_locl.h

+++ /dev/null

@@ -1,124 +1,0 @@

-/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_STORE_LOCL_H

-#define HEADER_STORE_LOCL_H

-#include <openssl/crypto.h>

-#include <openssl/store.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-struct store_method_st

-	{

-	char *name;

-	/* All the functions return a positive integer or non-NULL for success

-	   and 0, a negative integer or NULL for failure */

-	/* Initialise the STORE with private data */

-	STORE_INITIALISE_FUNC_PTR init;

-	/* Initialise the STORE with private data */

-	STORE_CLEANUP_FUNC_PTR clean;

-	/* Generate an object of a given type */

-	STORE_GENERATE_OBJECT_FUNC_PTR generate_object;

-	/* Get an object of a given type.  This function isn't really very

-	   useful since the listing functions (below) can be used for the

-	   same purpose and are much more general. */

-	STORE_GET_OBJECT_FUNC_PTR get_object;

-	/* Store an object of a given type. */

-	STORE_STORE_OBJECT_FUNC_PTR store_object;

-	/* Modify the attributes bound to an object of a given type. */

-	STORE_MODIFY_OBJECT_FUNC_PTR modify_object;

-	/* Revoke an object of a given type. */

-	STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;

-	/* Delete an object of a given type. */

-	STORE_HANDLE_OBJECT_FUNC_PTR delete_object;

-	/* List a bunch of objects of a given type and with the associated

-	   attributes. */

-	STORE_START_OBJECT_FUNC_PTR list_object_start;

-	STORE_NEXT_OBJECT_FUNC_PTR list_object_next;

-	STORE_END_OBJECT_FUNC_PTR list_object_end;

-	STORE_END_OBJECT_FUNC_PTR list_object_endp;

-	/* Store-level function to make any necessary update operations. */

-	STORE_GENERIC_FUNC_PTR update_store;

-	/* Store-level function to get exclusive access to the store. */

-	STORE_GENERIC_FUNC_PTR lock_store;

-	/* Store-level function to release exclusive access to the store. */

-	STORE_GENERIC_FUNC_PTR unlock_store;

-	/* Generic control function */

-	STORE_CTRL_FUNC_PTR ctrl;

-	};

-struct store_st

-	{

-	const STORE_METHOD *meth;

-	/* functional reference if 'meth' is ENGINE-provided */

-	ENGINE *engine;

-	CRYPTO_EX_DATA ex_data;

-	int references;

-	};

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/store/str_mem.c

+++ /dev/null

@@ -1,357 +1,0 @@

-/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include <openssl/err.h>

-#include "str_locl.h"

-/* The memory store is currently highly experimental.  It's meant to become

-   a base store used by other stores for internal caching (for full caching

-   support, aging needs to be added).

-   The database use is meant to support as much attribute association as

-   possible, while providing for as small search ranges as possible.

-   This is currently provided for by sorting the entries by numbers that

-   are composed of bits set at the positions indicated by attribute type

-   codes.  This provides for ranges determined by the highest attribute

-   type code value.  A better idea might be to sort by values computed

-   from the range of attributes associated with the object (basically,

-   the difference between the highest and lowest attribute type code)

-   and it's distance from a base (basically, the lowest associated

-   attribute type code).

-*/

-struct mem_object_data_st

-	{

-	STORE_OBJECT *object;

-	STORE_ATTR_INFO *attr_info;

-	int references;

-	};

-struct mem_data_st

-	{

-	STACK *data;		/* A stack of mem_object_data_st,

-				   sorted with STORE_ATTR_INFO_compare(). */

-	unsigned int compute_components : 1; /* Currently unused, but can

-						be used to add attributes

-						from parts of the data. */

-	};

-struct mem_ctx_st

-	{

-	int type;		/* The type we're searching for */

-	STACK *search_attributes; /* Sets of attributes to search for.

-				     Each element is a STORE_ATTR_INFO. */

-	int search_index;	/* which of the search attributes we found a match

-				   for, -1 when we still haven't found any */

-	int index;		/* -1 as long as we're searching for the first */

-	};

-static int mem_init(STORE *s);

-static void mem_clean(STORE *s);

-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,

-	STORE_OBJECT *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],

-	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],

-	OPENSSL_ITEM parameters[]);

-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);

-static STORE_OBJECT *mem_list_next(STORE *s, void *handle);

-static int mem_list_end(STORE *s, void *handle);

-static int mem_list_endp(STORE *s, void *handle);

-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[]);

-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));

-static STORE_METHOD store_memory =

-	{

-	"OpenSSL memory store interface",

-	mem_init,

-	mem_clean,

-	mem_generate,

-	mem_get,

-	mem_store,

-	mem_modify,

-	NULL, /* revoke */

-	mem_delete,

-	mem_list_start,

-	mem_list_next,

-	mem_list_end,

-	mem_list_endp,

-	NULL, /* update */

-	mem_lock,

-	mem_unlock,

-	mem_ctrl

-	};

-const STORE_METHOD *STORE_Memory(void)

-	{

-	return &store_memory;

-	}

-static int mem_init(STORE *s)

-	{

-	return 1;

-	}

-static void mem_clean(STORE *s)

-	{

-	return;

-	}

-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])

-	{

-	STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);

-	return 0;

-	}

-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])

-	{

-	void *context = mem_list_start(s, type, attributes, parameters);

-	if (context)

-		{

-		STORE_OBJECT *object = mem_list_next(s, context);

-		if (mem_list_end(s, context))

-			return object;

-		}

-	return NULL;

-	}

-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,

-	STORE_OBJECT *data, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],

-	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])

-	{

-	STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);

-	return 0;

-	}

-/* The list functions may be the hardest to understand.  Basically,

-   mem_list_start compiles a stack of attribute info elements, and

-   puts that stack into the context to be returned.  mem_list_next

-   will then find the first matching element in the store, and then

-   walk all the way to the end of the store (since any combination

-   of attribute bits above the starting point may match the searched

-   for bit pattern...). */

-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,

-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])

-	{

-	struct mem_ctx_st *context =

-		(struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));

-	void *attribute_context = NULL;

-	STORE_ATTR_INFO *attrs = NULL;

-	if (!context)

-		{

-		STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	memset(context, 0, sizeof(struct mem_ctx_st));

-	attribute_context = STORE_parse_attrs_start(attributes);

-	if (!attribute_context)

-		{

-		STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);

-		goto err;

-		}

-	while((attrs = STORE_parse_attrs_next(attribute_context)))

-		{

-		if (context->search_attributes == NULL)

-			{

-			context->search_attributes =

-				sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare);

-			if (!context->search_attributes)

-				{

-				STOREerr(STORE_F_MEM_LIST_START,

-					ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			}

-		sk_push(context->search_attributes,(char *)attrs);

-		}

-	if (!STORE_parse_attrs_endp(attribute_context))

-		goto err;

-	STORE_parse_attrs_end(attribute_context);

-	context->search_index = -1;

-	context->index = -1;

-	return context;

- err:

-	if (attribute_context) STORE_parse_attrs_end(attribute_context);

-	mem_list_end(s, context);

-	return NULL;

-	}

-static STORE_OBJECT *mem_list_next(STORE *s, void *handle)

-	{

-	int i;

-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;

-	struct mem_object_data_st key = { 0, 0, 1 };

-	struct mem_data_st *store =

-		(struct mem_data_st *)STORE_get_ex_data(s, 1);

-	int srch;

-	int cres = 0;

-	if (!context)

-		{

-		STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);

-		return NULL;

-		}

-	if (!store)

-		{

-		STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);

-		return NULL;

-		}

-	if (context->search_index == -1)

-		{

-		for (i = 0; i < sk_num(context->search_attributes); i++)

-			{

-			key.attr_info =

-				(STORE_ATTR_INFO *)sk_value(context->search_attributes, i);

-			srch = sk_find_ex(store->data, (char *)&key);

-			if (srch >= 0)

-				{

-				context->search_index = srch;

-				break;

-				}

-			}

-		}

-	if (context->search_index < 0)

-		return NULL;

-	key.attr_info =

-		(STORE_ATTR_INFO *)sk_value(context->search_attributes,

-			context->search_index);

-	for(srch = context->search_index;

-	    srch < sk_num(store->data)

-		    && STORE_ATTR_INFO_in_range(key.attr_info,

-			    (STORE_ATTR_INFO *)sk_value(store->data, srch))

-		    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,

-				 (STORE_ATTR_INFO *)sk_value(store->data, srch)));

-	    srch++)

-		;

-	context->search_index = srch;

-	if (cres)

-		return ((struct mem_object_data_st *)sk_value(store->data,

-				srch))->object;

-	return NULL;

-	}

-static int mem_list_end(STORE *s, void *handle)

-	{

-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;

-	if (!context)

-		{

-		STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);

-		return 0;

-		}

-	if (context && context->search_attributes)

-		sk_free(context->search_attributes);

-	if (context) OPENSSL_free(context);

-	return 1;

-	}

-static int mem_list_endp(STORE *s, void *handle)

-	{

-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;

-	if (!context

-		|| context->search_index == sk_num(context->search_attributes))

-		return 1;

-	return 0;

-	}

-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	return 1;

-	}

-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],

-	OPENSSL_ITEM parameters[])

-	{

-	return 1;

-	}

-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))

-	{

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/store/str_meth.c

+++ /dev/null

@@ -1,250 +1,0 @@

-/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include <openssl/buffer.h>

-#include "str_locl.h"

-STORE_METHOD *STORE_create_method(char *name)

-	{

-	STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));

-	if (store_method)

-		{

-		memset(store_method, 0, sizeof(*store_method));

-		store_method->name = BUF_strdup(name);

-		}

-	return store_method;

-	}

-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method

-   (that is, it hasn't been allocated using STORE_create_method(), you deserve

-   anything Murphy can throw at you and more!  You have been warned. */

-void STORE_destroy_method(STORE_METHOD *store_method)

-	{

-	if (!store_method) return;

-	OPENSSL_free(store_method->name);

-	store_method->name = NULL;

-	OPENSSL_free(store_method);

-	}

-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)

-	{

-	sm->init = init_f;

-	return 1;

-	}

-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)

-	{

-	sm->clean = clean_f;

-	return 1;

-	}

-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)

-	{

-	sm->generate_object = generate_f;

-	return 1;

-	}

-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)

-	{

-	sm->get_object = get_f;

-	return 1;

-	}

-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)

-	{

-	sm->store_object = store_f;

-	return 1;

-	}

-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)

-	{

-	sm->modify_object = modify_f;

-	return 1;

-	}

-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)

-	{

-	sm->revoke_object = revoke_f;

-	return 1;

-	}

-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)

-	{

-	sm->delete_object = delete_f;

-	return 1;

-	}

-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)

-	{

-	sm->list_object_start = list_start_f;

-	return 1;

-	}

-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)

-	{

-	sm->list_object_next = list_next_f;

-	return 1;

-	}

-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)

-	{

-	sm->list_object_end = list_end_f;

-	return 1;

-	}

-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)

-	{

-	sm->update_store = update_f;

-	return 1;

-	}

-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)

-	{

-	sm->lock_store = lock_f;

-	return 1;

-	}

-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)

-	{

-	sm->unlock_store = unlock_f;

-	return 1;

-	}

-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)

-	{

-	sm->ctrl = ctrl_f;

-	return 1;

-	}

-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)

-	{

-	return sm->init;

-	}

-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)

-	{

-	return sm->clean;

-	}

-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)

-	{

-	return sm->generate_object;

-	}

-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)

-	{

-	return sm->get_object;

-	}

-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)

-	{

-	return sm->store_object;

-	}

-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)

-	{

-	return sm->modify_object;

-	}

-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)

-	{

-	return sm->revoke_object;

-	}

-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)

-	{

-	return sm->delete_object;

-	}

-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)

-	{

-	return sm->list_object_start;

-	}

-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)

-	{

-	return sm->list_object_next;

-	}

-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)

-	{

-	return sm->list_object_end;

-	}

-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)

-	{

-	return sm->update_store;

-	}

-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)

-	{

-	return sm->lock_store;

-	}

-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)

-	{

-	return sm->unlock_store;

-	}

-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)

-	{

-	return sm->ctrl;

-	}

--- a/sys/src/ape/lib/openssl/crypto/symhacks.h

+++ /dev/null

@@ -1,383 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SYMHACKS_H

-#define HEADER_SYMHACKS_H

-#include <openssl/e_os2.h>

-/* Hacks to solve the problem with linkers incapable of handling very long

-   symbol names.  In the case of VMS, the limit is 31 characters on VMS for

-   VAX. */

-#ifdef OPENSSL_SYS_VMS

-/* Hack a long name in crypto/ex_data.c */

-#undef CRYPTO_get_ex_data_implementation

-#define CRYPTO_get_ex_data_implementation	CRYPTO_get_ex_data_impl

-#undef CRYPTO_set_ex_data_implementation

-#define CRYPTO_set_ex_data_implementation	CRYPTO_set_ex_data_impl

-/* Hack a long name in crypto/asn1/a_mbstr.c */

-#undef ASN1_STRING_set_default_mask_asc

-#define ASN1_STRING_set_default_mask_asc	ASN1_STRING_set_def_mask_asc

-#if 0 /* No longer needed, since safestack macro magic does the job */

-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */

-#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO

-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF

-#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO

-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF

-#endif

-#if 0 /* No longer needed, since safestack macro magic does the job */

-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */

-#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO

-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO	i2d_ASN1_SET_OF_PKCS7_RECINF

-#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO

-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO	d2i_ASN1_SET_OF_PKCS7_RECINF

-#endif

-#if 0 /* No longer needed, since safestack macro magic does the job */

-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */

-#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION

-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION	i2d_ASN1_SET_OF_ACC_DESC

-#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION

-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION	d2i_ASN1_SET_OF_ACC_DESC

-#endif

-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */

-#undef PEM_read_NETSCAPE_CERT_SEQUENCE

-#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQ

-#undef PEM_write_NETSCAPE_CERT_SEQUENCE

-#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQ

-#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE

-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQ

-#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE

-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQ

-#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE

-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQ

-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */

-#undef PEM_read_PKCS8_PRIV_KEY_INFO

-#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO

-#undef PEM_write_PKCS8_PRIV_KEY_INFO

-#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO

-#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO

-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO

-#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO

-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO

-#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO

-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_wrt_cb_bio_P8_PRIV_KEY_INFO

-/* Hack other PEM names */

-#undef PEM_write_bio_PKCS8PrivateKey_nid

-#define PEM_write_bio_PKCS8PrivateKey_nid	PEM_write_bio_PKCS8PrivKey_nid

-/* Hack some long X509 names */

-#undef X509_REVOKED_get_ext_by_critical

-#define X509_REVOKED_get_ext_by_critical	X509_REVOKED_get_ext_by_critic

-#undef X509_policy_tree_get0_user_policies

-#define X509_policy_tree_get0_user_policies	X509_pcy_tree_get0_usr_policies

-#undef X509_policy_node_get0_qualifiers

-#define X509_policy_node_get0_qualifiers	X509_pcy_node_get0_qualifiers

-#undef X509_STORE_CTX_get_explicit_policy

-#define X509_STORE_CTX_get_explicit_policy	X509_STORE_CTX_get_expl_policy

-/* Hack some long CRYPTO names */

-#undef CRYPTO_set_dynlock_destroy_callback

-#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb

-#undef CRYPTO_set_dynlock_create_callback

-#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb

-#undef CRYPTO_set_dynlock_lock_callback

-#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb

-#undef CRYPTO_get_dynlock_lock_callback

-#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb

-#undef CRYPTO_get_dynlock_destroy_callback

-#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb

-#undef CRYPTO_get_dynlock_create_callback

-#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb

-#undef CRYPTO_set_locked_mem_ex_functions

-#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs

-#undef CRYPTO_get_locked_mem_ex_functions

-#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs

-/* Hack some long SSL names */

-#undef SSL_CTX_set_default_verify_paths

-#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths

-#undef SSL_get_ex_data_X509_STORE_CTX_idx

-#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx

-#undef SSL_add_file_cert_subjects_to_stack

-#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk

-#undef SSL_add_dir_cert_subjects_to_stack

-#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk

-#undef SSL_CTX_use_certificate_chain_file

-#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file

-#undef SSL_CTX_set_cert_verify_callback

-#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb

-#undef SSL_CTX_set_default_passwd_cb_userdata

-#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud

-#undef SSL_COMP_get_compression_methods

-#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods

-/* Hack some long ENGINE names */

-#undef ENGINE_get_default_BN_mod_exp_crt

-#define ENGINE_get_default_BN_mod_exp_crt	ENGINE_get_def_BN_mod_exp_crt

-#undef ENGINE_set_default_BN_mod_exp_crt

-#define ENGINE_set_default_BN_mod_exp_crt	ENGINE_set_def_BN_mod_exp_crt

-#undef ENGINE_set_load_privkey_function

-#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn

-#undef ENGINE_get_load_privkey_function

-#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn

-/* Hack some long OCSP names */

-#undef OCSP_REQUEST_get_ext_by_critical

-#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit

-#undef OCSP_BASICRESP_get_ext_by_critical

-#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit

-#undef OCSP_SINGLERESP_get_ext_by_critical

-#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit

-/* Hack some long DES names */

-#undef _ossl_old_des_ede3_cfb64_encrypt

-#define _ossl_old_des_ede3_cfb64_encrypt	_ossl_odes_ede3_cfb64_encrypt

-#undef _ossl_old_des_ede3_ofb64_encrypt

-#define _ossl_old_des_ede3_ofb64_encrypt	_ossl_odes_ede3_ofb64_encrypt

-/* Hack some long EVP names */

-#undef OPENSSL_add_all_algorithms_noconf

-#define OPENSSL_add_all_algorithms_noconf	OPENSSL_add_all_algo_noconf

-#undef OPENSSL_add_all_algorithms_conf

-#define OPENSSL_add_all_algorithms_conf		OPENSSL_add_all_algo_conf

-/* Hack some long EC names */

-#undef EC_GROUP_set_point_conversion_form

-#define EC_GROUP_set_point_conversion_form	EC_GROUP_set_point_conv_form

-#undef EC_GROUP_get_point_conversion_form

-#define EC_GROUP_get_point_conversion_form	EC_GROUP_get_point_conv_form

-#undef EC_GROUP_clear_free_all_extra_data

-#define EC_GROUP_clear_free_all_extra_data	EC_GROUP_clr_free_all_xtra_data

-#undef EC_POINT_set_Jprojective_coordinates_GFp

-#define EC_POINT_set_Jprojective_coordinates_GFp \

-                                                EC_POINT_set_Jproj_coords_GFp

-#undef EC_POINT_get_Jprojective_coordinates_GFp

-#define EC_POINT_get_Jprojective_coordinates_GFp \

-                                                EC_POINT_get_Jproj_coords_GFp

-#undef EC_POINT_set_affine_coordinates_GFp

-#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp

-#undef EC_POINT_get_affine_coordinates_GFp

-#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp

-#undef EC_POINT_set_compressed_coordinates_GFp

-#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp

-#undef EC_POINT_set_affine_coordinates_GF2m

-#define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m

-#undef EC_POINT_get_affine_coordinates_GF2m

-#define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m

-#undef EC_POINT_set_compressed_coordinates_GF2m

-#define EC_POINT_set_compressed_coordinates_GF2m \

-                                                EC_POINT_set_compr_coords_GF2m

-#undef ec_GF2m_simple_group_clear_finish

-#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish

-#undef ec_GF2m_simple_group_check_discriminant

-#define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim

-#undef ec_GF2m_simple_point_clear_finish

-#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish

-#undef ec_GF2m_simple_point_set_to_infinity

-#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf

-#undef ec_GF2m_simple_points_make_affine

-#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine

-#undef ec_GF2m_simple_point_set_affine_coordinates

-#define ec_GF2m_simple_point_set_affine_coordinates \

-                                                ec_GF2m_smp_pt_set_af_coords

-#undef ec_GF2m_simple_point_get_affine_coordinates

-#define ec_GF2m_simple_point_get_affine_coordinates \

-                                                ec_GF2m_smp_pt_get_af_coords

-#undef ec_GF2m_simple_set_compressed_coordinates

-#define ec_GF2m_simple_set_compressed_coordinates \

-                                                ec_GF2m_smp_set_compr_coords

-#undef ec_GFp_simple_group_set_curve_GFp

-#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp

-#undef ec_GFp_simple_group_get_curve_GFp

-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp

-#undef ec_GFp_simple_group_clear_finish

-#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish

-#undef ec_GFp_simple_group_set_generator

-#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator

-#undef ec_GFp_simple_group_get0_generator

-#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator

-#undef ec_GFp_simple_group_get_cofactor

-#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor

-#undef ec_GFp_simple_point_clear_finish

-#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish

-#undef ec_GFp_simple_point_set_to_infinity

-#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf

-#undef ec_GFp_simple_points_make_affine

-#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine

-#undef ec_GFp_simple_group_get_curve_GFp

-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp

-#undef ec_GFp_simple_set_Jprojective_coordinates_GFp

-#define ec_GFp_simple_set_Jprojective_coordinates_GFp \

-                                                ec_GFp_smp_set_Jproj_coords_GFp

-#undef ec_GFp_simple_get_Jprojective_coordinates_GFp

-#define ec_GFp_simple_get_Jprojective_coordinates_GFp \

-                                                ec_GFp_smp_get_Jproj_coords_GFp

-#undef ec_GFp_simple_point_set_affine_coordinates_GFp

-#define ec_GFp_simple_point_set_affine_coordinates_GFp \

-                                                ec_GFp_smp_pt_set_af_coords_GFp

-#undef ec_GFp_simple_point_get_affine_coordinates_GFp

-#define ec_GFp_simple_point_get_affine_coordinates_GFp \

-                                                ec_GFp_smp_pt_get_af_coords_GFp

-#undef ec_GFp_simple_set_compressed_coordinates_GFp

-#define ec_GFp_simple_set_compressed_coordinates_GFp \

-                                                ec_GFp_smp_set_compr_coords_GFp

-#undef ec_GFp_simple_point_set_affine_coordinates

-#define ec_GFp_simple_point_set_affine_coordinates \

-                                                ec_GFp_smp_pt_set_af_coords

-#undef ec_GFp_simple_point_get_affine_coordinates

-#define ec_GFp_simple_point_get_affine_coordinates \

-                                                ec_GFp_smp_pt_get_af_coords

-#undef ec_GFp_simple_set_compressed_coordinates

-#define ec_GFp_simple_set_compressed_coordinates \

-                                                ec_GFp_smp_set_compr_coords

-#undef ec_GFp_simple_group_check_discriminant

-#define ec_GFp_simple_group_check_discriminant	ec_GFp_simple_grp_chk_discrim

-/* Hack som long STORE names */

-#undef STORE_method_set_initialise_function

-#define STORE_method_set_initialise_function	STORE_meth_set_initialise_fn

-#undef STORE_method_set_cleanup_function

-#define STORE_method_set_cleanup_function	STORE_meth_set_cleanup_fn

-#undef STORE_method_set_generate_function

-#define STORE_method_set_generate_function	STORE_meth_set_generate_fn

-#undef STORE_method_set_modify_function

-#define STORE_method_set_modify_function	STORE_meth_set_modify_fn

-#undef STORE_method_set_revoke_function

-#define STORE_method_set_revoke_function	STORE_meth_set_revoke_fn

-#undef STORE_method_set_delete_function

-#define STORE_method_set_delete_function	STORE_meth_set_delete_fn

-#undef STORE_method_set_list_start_function

-#define STORE_method_set_list_start_function	STORE_meth_set_list_start_fn

-#undef STORE_method_set_list_next_function

-#define STORE_method_set_list_next_function	STORE_meth_set_list_next_fn

-#undef STORE_method_set_list_end_function

-#define STORE_method_set_list_end_function	STORE_meth_set_list_end_fn

-#undef STORE_method_set_update_store_function

-#define STORE_method_set_update_store_function	STORE_meth_set_update_store_fn

-#undef STORE_method_set_lock_store_function

-#define STORE_method_set_lock_store_function	STORE_meth_set_lock_store_fn

-#undef STORE_method_set_unlock_store_function

-#define STORE_method_set_unlock_store_function	STORE_meth_set_unlock_store_fn

-#undef STORE_method_get_initialise_function

-#define STORE_method_get_initialise_function	STORE_meth_get_initialise_fn

-#undef STORE_method_get_cleanup_function

-#define STORE_method_get_cleanup_function	STORE_meth_get_cleanup_fn

-#undef STORE_method_get_generate_function

-#define STORE_method_get_generate_function	STORE_meth_get_generate_fn

-#undef STORE_method_get_modify_function

-#define STORE_method_get_modify_function	STORE_meth_get_modify_fn

-#undef STORE_method_get_revoke_function

-#define STORE_method_get_revoke_function	STORE_meth_get_revoke_fn

-#undef STORE_method_get_delete_function

-#define STORE_method_get_delete_function	STORE_meth_get_delete_fn

-#undef STORE_method_get_list_start_function

-#define STORE_method_get_list_start_function	STORE_meth_get_list_start_fn

-#undef STORE_method_get_list_next_function

-#define STORE_method_get_list_next_function	STORE_meth_get_list_next_fn

-#undef STORE_method_get_list_end_function

-#define STORE_method_get_list_end_function	STORE_meth_get_list_end_fn

-#undef STORE_method_get_update_store_function

-#define STORE_method_get_update_store_function	STORE_meth_get_update_store_fn

-#undef STORE_method_get_lock_store_function

-#define STORE_method_get_lock_store_function	STORE_meth_get_lock_store_fn

-#undef STORE_method_get_unlock_store_function

-#define STORE_method_get_unlock_store_function	STORE_meth_get_unlock_store_fn

-#endif /* defined OPENSSL_SYS_VMS */

-/* Case insensiteve linking causes problems.... */

-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)

-#undef ERR_load_CRYPTO_strings

-#define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings

-#undef OCSP_crlID_new

-#define OCSP_crlID_new                          OCSP_crlID2_new

-#undef d2i_ECPARAMETERS

-#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS

-#undef i2d_ECPARAMETERS

-#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS

-#undef d2i_ECPKPARAMETERS

-#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS

-#undef i2d_ECPKPARAMETERS

-#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS

-/* These functions do not seem to exist!  However, I'm paranoid...

-   Original command in x509v3.h:

-   These functions are being redefined in another directory,

-   and clash when the linker is case-insensitive, so let's

-   hide them a little, by giving them an extra 'o' at the

-   beginning of the name... */

-#undef X509v3_cleanup_extensions

-#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions

-#undef X509v3_add_extension

-#define X509v3_add_extension                    oX509v3_add_extension

-#undef X509v3_add_netscape_extensions

-#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions

-#undef X509v3_add_standard_extensions

-#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions

-#endif

-#endif /* ! defined HEADER_VMS_IDHACKS_H */

--- a/sys/src/ape/lib/openssl/crypto/threads/README

+++ /dev/null

@@ -1,14 +1,0 @@

-Mutithreading testing area.

-Since this stuff is very very platorm specific, this is not part of the

-normal build.  Have a read of doc/threads.doc.

-mttest will do some testing and will currently build under Windows NT/95,

-Solaris and Linux.  The IRIX stuff is not finished.

-I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)

-and things seem to work ok.

-The Linux pthreads package can be retrieved from

-http://www.mit.edu:8001/people/proven/pthreads.html

--- a/sys/src/ape/lib/openssl/crypto/threads/mttest.c

+++ /dev/null

@@ -1,1211 +1,0 @@

-/* crypto/threads/mttest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#ifdef LINUX

-#include <typedefs.h>

-#endif

-#ifdef OPENSSL_SYS_WIN32

-#include <windows.h>

-#endif

-#ifdef SOLARIS

-#include <synch.h>

-#include <thread.h>

-#endif

-#ifdef IRIX

-#include <ulocks.h>

-#include <sys/prctl.h>

-#endif

-#ifdef PTHREADS

-#include <pthread.h>

-#endif

-#ifdef OPENSSL_SYS_NETWARE

-#if !defined __int64

-#  define __int64 long long

-#endif

-#include <nwmpk.h>

-#endif

-#include <openssl/lhash.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include "../../e_os.h"

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#ifdef OPENSSL_NO_FP_API

-#define APPS_WIN16

-#include "../buffer/bss_file.c"

-#endif

-#ifdef OPENSSL_SYS_NETWARE

-#define TEST_SERVER_CERT "/openssl/apps/server.pem"

-#define TEST_CLIENT_CERT "/openssl/apps/client.pem"

-#else

-#define TEST_SERVER_CERT "../../apps/server.pem"

-#define TEST_CLIENT_CERT "../../apps/client.pem"

-#endif

-#define MAX_THREAD_NUMBER	100

-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);

-void thread_setup(void);

-void thread_cleanup(void);

-void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);

-void irix_locking_callback(int mode,int type,char *file,int line);

-void solaris_locking_callback(int mode,int type,char *file,int line);

-void win32_locking_callback(int mode,int type,char *file,int line);

-void pthreads_locking_callback(int mode,int type,char *file,int line);

-void netware_locking_callback(int mode,int type,char *file,int line);

-unsigned long irix_thread_id(void );

-unsigned long solaris_thread_id(void );

-unsigned long pthreads_thread_id(void );

-unsigned long netware_thread_id(void );

-#if defined(OPENSSL_SYS_NETWARE)

-static MPKMutex *lock_cs;

-static MPKSema ThreadSem;

-static long *lock_count;

-#endif

-BIO *bio_err=NULL;

-BIO *bio_stdout=NULL;

-static char *cipher=NULL;

-int verbose=0;

-#ifdef FIONBIO

-static int s_nbio=0;

-#endif

-int thread_number=10;

-int number_of_loops=10;

-int reconnect=0;

-int cache_stats=0;

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-int doit(char *ctx[4]);

-static void print_stats(FILE *fp, SSL_CTX *ctx)

-{

-	fprintf(fp,"%4ld items in the session cache\n",

-		SSL_CTX_sess_number(ctx));

-	fprintf(fp,"%4d client connects (SSL_connect())\n",

-		SSL_CTX_sess_connect(ctx));

-	fprintf(fp,"%4d client connects that finished\n",

-		SSL_CTX_sess_connect_good(ctx));

-	fprintf(fp,"%4d server connects (SSL_accept())\n",

-		SSL_CTX_sess_accept(ctx));

-	fprintf(fp,"%4d server connects that finished\n",

-		SSL_CTX_sess_accept_good(ctx));

-	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));

-	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));

-	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));

-	}

-static void sv_usage(void)

-	{

-	fprintf(stderr,"usage: ssltest [args ...]\n");

-	fprintf(stderr,"\n");

-	fprintf(stderr," -server_auth  - check server certificate\n");

-	fprintf(stderr," -client_auth  - do client authentication\n");

-	fprintf(stderr," -v            - more output\n");

-	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");

-	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");

-	fprintf(stderr," -threads arg  - number of threads\n");

-	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");

-	fprintf(stderr," -reconnect    - reuse session-id's\n");

-	fprintf(stderr," -stats        - server session-id cache stats\n");

-	fprintf(stderr," -cert arg     - server certificate/key\n");

-	fprintf(stderr," -ccert arg    - client certificate/key\n");

-	fprintf(stderr," -ssl3         - just SSLv3n\n");

-	}

-int main(int argc, char *argv[])

-	{

-	char *CApath=NULL,*CAfile=NULL;

-	int badop=0;

-	int ret=1;

-	int client_auth=0;

-	int server_auth=0;

-	SSL_CTX *s_ctx=NULL;

-	SSL_CTX *c_ctx=NULL;

-	char *scert=TEST_SERVER_CERT;

-	char *ccert=TEST_CLIENT_CERT;

-	SSL_METHOD *ssl_method=SSLv23_method();

-	RAND_seed(rnd_seed, sizeof rnd_seed);

-	if (bio_err == NULL)

-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	if (bio_stdout == NULL)

-		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	(strcmp(*argv,"-server_auth") == 0)

-			server_auth=1;

-		else if	(strcmp(*argv,"-client_auth") == 0)

-			client_auth=1;

-		else if	(strcmp(*argv,"-reconnect") == 0)

-			reconnect=1;

-		else if	(strcmp(*argv,"-stats") == 0)

-			cache_stats=1;

-		else if	(strcmp(*argv,"-ssl3") == 0)

-			ssl_method=SSLv3_method();

-		else if	(strcmp(*argv,"-ssl2") == 0)

-			ssl_method=SSLv2_method();

-		else if	(strcmp(*argv,"-CApath") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CApath= *(++argv);

-			}

-		else if	(strcmp(*argv,"-CAfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAfile= *(++argv);

-			}

-		else if	(strcmp(*argv,"-cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			scert= *(++argv);

-			}

-		else if	(strcmp(*argv,"-ccert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			ccert= *(++argv);

-			}

-		else if	(strcmp(*argv,"-threads") == 0)

-			{

-			if (--argc < 1) goto bad;

-			thread_number= atoi(*(++argv));

-			if (thread_number == 0) thread_number=1;

-			if (thread_number > MAX_THREAD_NUMBER)

-				thread_number=MAX_THREAD_NUMBER;

-			}

-		else if	(strcmp(*argv,"-loops") == 0)

-			{

-			if (--argc < 1) goto bad;

-			number_of_loops= atoi(*(++argv));

-			if (number_of_loops == 0) number_of_loops=1;

-			}

-		else

-			{

-			fprintf(stderr,"unknown option %s\n",*argv);

-			badop=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badop)

-		{

-bad:

-		sv_usage();

-		goto end;

-		}

-	if (cipher == NULL && OPENSSL_issetugid() == 0)

-		cipher=getenv("SSL_CIPHER");

-	SSL_load_error_strings();

-	OpenSSL_add_ssl_algorithms();

-	c_ctx=SSL_CTX_new(ssl_method);

-	s_ctx=SSL_CTX_new(ssl_method);

-	if ((c_ctx == NULL) || (s_ctx == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	SSL_CTX_set_session_cache_mode(s_ctx,

-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);

-	SSL_CTX_set_session_cache_mode(c_ctx,

-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);

-	if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM))

-		{

-		ERR_print_errors(bio_err);

-		}

-	else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (client_auth)

-		{

-		SSL_CTX_use_certificate_file(c_ctx,ccert,

-			SSL_FILETYPE_PEM);

-		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,

-			SSL_FILETYPE_PEM);

-		}

-	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||

-		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(c_ctx)))

-		{

-		fprintf(stderr,"SSL_load_verify_locations\n");

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (client_auth)

-		{

-		fprintf(stderr,"client authentication\n");

-		SSL_CTX_set_verify(s_ctx,

-			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,

-			verify_callback);

-		}

-	if (server_auth)

-		{

-		fprintf(stderr,"server authentication\n");

-		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,

-			verify_callback);

-		}

-	thread_setup();

-	do_threads(s_ctx,c_ctx);

-	thread_cleanup();

-end:

-	if (c_ctx != NULL)

-		{

-		fprintf(stderr,"Client SSL_CTX stats then free it\n");

-		print_stats(stderr,c_ctx);

-		SSL_CTX_free(c_ctx);

-		}

-	if (s_ctx != NULL)

-		{

-		fprintf(stderr,"Server SSL_CTX stats then free it\n");

-		print_stats(stderr,s_ctx);

-		if (cache_stats)

-			{

-			fprintf(stderr,"-----\n");

-			lh_stats(SSL_CTX_sessions(s_ctx),stderr);

-			fprintf(stderr,"-----\n");

-		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);

-			fprintf(stderr,"-----\n"); */

-			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);

-			fprintf(stderr,"-----\n");

-			}

-		SSL_CTX_free(s_ctx);

-		fprintf(stderr,"done free\n");

-		}

-	exit(ret);

-	return(0);

-	}

-#define W_READ	1

-#define W_WRITE	2

-#define C_DONE	1

-#define S_DONE	2

-int ndoit(SSL_CTX *ssl_ctx[2])

-	{

-	int i;

-	int ret;

-	char *ctx[4];

-	ctx[0]=(char *)ssl_ctx[0];

-	ctx[1]=(char *)ssl_ctx[1];

-	if (reconnect)

-		{

-		ctx[2]=(char *)SSL_new(ssl_ctx[0]);

-		ctx[3]=(char *)SSL_new(ssl_ctx[1]);

-		}

-	else

-		{

-		ctx[2]=NULL;

-		ctx[3]=NULL;

-		}

-	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());

-	for (i=0; i<number_of_loops; i++)

-		{

-/*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",

-			CRYPTO_thread_id(),i,

-			ssl_ctx[0]->references,

-			ssl_ctx[1]->references); */

-	/*	pthread_delay_np(&tm);*/

-		ret=doit(ctx);

-		if (ret != 0)

-			{

-			fprintf(stdout,"error[%d] %lu - %d\n",

-				i,CRYPTO_thread_id(),ret);

-			return(ret);

-			}

-		}

-	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());

-	if (reconnect)

-		{

-		SSL_free((SSL *)ctx[2]);

-		SSL_free((SSL *)ctx[3]);

-		}

-#   ifdef OPENSSL_SYS_NETWARE

-        MPKSemaphoreSignal(ThreadSem);

-#   endif

-	return(0);

-	}

-int doit(char *ctx[4])

-	{

-	SSL_CTX *s_ctx,*c_ctx;

-	static char cbuf[200],sbuf[200];

-	SSL *c_ssl=NULL;

-	SSL *s_ssl=NULL;

-	BIO *c_to_s=NULL;

-	BIO *s_to_c=NULL;

-	BIO *c_bio=NULL;

-	BIO *s_bio=NULL;

-	int c_r,c_w,s_r,s_w;

-	int c_want,s_want;

-	int i;

-	int done=0;

-	int c_write,s_write;

-	int do_server=0,do_client=0;

-	s_ctx=(SSL_CTX *)ctx[0];

-	c_ctx=(SSL_CTX *)ctx[1];

-	if (ctx[2] != NULL)

-		s_ssl=(SSL *)ctx[2];

-	else

-		s_ssl=SSL_new(s_ctx);

-	if (ctx[3] != NULL)

-		c_ssl=(SSL *)ctx[3];

-	else

-		c_ssl=SSL_new(c_ctx);

-	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;

-	c_to_s=BIO_new(BIO_s_mem());

-	s_to_c=BIO_new(BIO_s_mem());

-	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;

-	c_bio=BIO_new(BIO_f_ssl());

-	s_bio=BIO_new(BIO_f_ssl());

-	if ((c_bio == NULL) || (s_bio == NULL)) goto err;

-	SSL_set_connect_state(c_ssl);

-	SSL_set_bio(c_ssl,s_to_c,c_to_s);

-	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);

-	SSL_set_accept_state(s_ssl);

-	SSL_set_bio(s_ssl,c_to_s,s_to_c);

-	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);

-	c_r=0; s_r=1;

-	c_w=1; s_w=0;

-	c_want=W_WRITE;

-	s_want=0;

-	c_write=1,s_write=0;

-	/* We can always do writes */

-	for (;;)

-		{

-		do_server=0;

-		do_client=0;

-		i=(int)BIO_pending(s_bio);

-		if ((i && s_r) || s_w) do_server=1;

-		i=(int)BIO_pending(c_bio);

-		if ((i && c_r) || c_w) do_client=1;

-		if (do_server && verbose)

-			{

-			if (SSL_in_init(s_ssl))

-				printf("server waiting in SSL_accept - %s\n",

-					SSL_state_string_long(s_ssl));

-			else if (s_write)

-				printf("server:SSL_write()\n");

-			else

-				printf("server:SSL_read()\n");

-			}

-		if (do_client && verbose)

-			{

-			if (SSL_in_init(c_ssl))

-				printf("client waiting in SSL_connect - %s\n",

-					SSL_state_string_long(c_ssl));

-			else if (c_write)

-				printf("client:SSL_write()\n");

-			else

-				printf("client:SSL_read()\n");

-			}

-		if (!do_client && !do_server)

-			{

-			fprintf(stdout,"ERROR IN STARTUP\n");

-			break;

-			}

-		if (do_client && !(done & C_DONE))

-			{

-			if (c_write)

-				{

-				i=BIO_write(c_bio,"hello from client\n",18);

-				if (i < 0)

-					{

-					c_r=0;

-					c_w=0;

-					if (BIO_should_retry(c_bio))

-						{

-						if (BIO_should_read(c_bio))

-							c_r=1;

-						if (BIO_should_write(c_bio))

-							c_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in CLIENT\n");

-						ERR_print_errors_fp(stderr);

-						return(1);

-						}

-					}

-				else if (i == 0)

-					{

-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");

-					return(1);

-					}

-				else

-					{

-					/* ok */

-					c_write=0;

-					}

-				}

-			else

-				{

-				i=BIO_read(c_bio,cbuf,100);

-				if (i < 0)

-					{

-					c_r=0;

-					c_w=0;

-					if (BIO_should_retry(c_bio))

-						{

-						if (BIO_should_read(c_bio))

-							c_r=1;

-						if (BIO_should_write(c_bio))

-							c_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in CLIENT\n");

-						ERR_print_errors_fp(stderr);

-						return(1);

-						}

-					}

-				else if (i == 0)

-					{

-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");

-					return(1);

-					}

-				else

-					{

-					done|=C_DONE;

-#ifdef undef

-					fprintf(stdout,"CLIENT:from server:");

-					fwrite(cbuf,1,i,stdout);

-					fflush(stdout);

-#endif

-					}

-				}

-			}

-		if (do_server && !(done & S_DONE))

-			{

-			if (!s_write)

-				{

-				i=BIO_read(s_bio,sbuf,100);

-				if (i < 0)

-					{

-					s_r=0;

-					s_w=0;

-					if (BIO_should_retry(s_bio))

-						{

-						if (BIO_should_read(s_bio))

-							s_r=1;

-						if (BIO_should_write(s_bio))

-							s_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in SERVER\n");

-						ERR_print_errors_fp(stderr);

-						return(1);

-						}

-					}

-				else if (i == 0)

-					{

-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");

-					return(1);

-					}

-				else

-					{

-					s_write=1;

-					s_w=1;

-#ifdef undef

-					fprintf(stdout,"SERVER:from client:");

-					fwrite(sbuf,1,i,stdout);

-					fflush(stdout);

-#endif

-					}

-				}

-			else

-				{

-				i=BIO_write(s_bio,"hello from server\n",18);

-				if (i < 0)

-					{

-					s_r=0;

-					s_w=0;

-					if (BIO_should_retry(s_bio))

-						{

-						if (BIO_should_read(s_bio))

-							s_r=1;

-						if (BIO_should_write(s_bio))

-							s_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in SERVER\n");

-						ERR_print_errors_fp(stderr);

-						return(1);

-						}

-					}

-				else if (i == 0)

-					{

-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");

-					return(1);

-					}

-				else

-					{

-					s_write=0;

-					s_r=1;

-					done|=S_DONE;

-					}

-				}

-			}

-		if ((done & S_DONE) && (done & C_DONE)) break;

-#   if defined(OPENSSL_SYS_NETWARE)

-        ThreadSwitchWithDelay();

-#   endif

-		}

-	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-#ifdef undef

-	fprintf(stdout,"DONE\n");

-#endif

-err:

-	/* We have to set the BIO's to NULL otherwise they will be

-	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and

-	 * again when c_ssl is SSL_free()ed.

-	 * This is a hack required because s_ssl and c_ssl are sharing the same

-	 * BIO structure and SSL_set_bio() and SSL_free() automatically

-	 * BIO_free non NULL entries.

-	 * You should not normally do this or be required to do this */

-	if (s_ssl != NULL)

-		{

-		s_ssl->rbio=NULL;

-		s_ssl->wbio=NULL;

-		}

-	if (c_ssl != NULL)

-		{

-		c_ssl->rbio=NULL;

-		c_ssl->wbio=NULL;

-		}

-	/* The SSL's are optionally freed in the following calls */

-	if (c_to_s != NULL) BIO_free(c_to_s);

-	if (s_to_c != NULL) BIO_free(s_to_c);

-	if (c_bio != NULL) BIO_free(c_bio);

-	if (s_bio != NULL) BIO_free(s_bio);

-	return(0);

-	}

-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)

-	{

-	char *s, buf[256];

-	if (verbose)

-		{

-		s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),

-				    buf,256);

-		if (s != NULL)

-			{

-			if (ok)

-				fprintf(stderr,"depth=%d %s\n",

-					ctx->error_depth,buf);

-			else

-				fprintf(stderr,"depth=%d error=%d %s\n",

-					ctx->error_depth,ctx->error,buf);

-			}

-		}

-	return(ok);

-	}

-#define THREAD_STACK_SIZE (16*1024)

-#ifdef OPENSSL_SYS_WIN32

-static HANDLE *lock_cs;

-void thread_setup(void)

-	{

-	int i;

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);

-		}

-	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);

-	/* id callback defined */

-	}

-void thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		CloseHandle(lock_cs[i]);

-	OPENSSL_free(lock_cs);

-	}

-void win32_locking_callback(int mode, int type, char *file, int line)

-	{

-	if (mode & CRYPTO_LOCK)

-		{

-		WaitForSingleObject(lock_cs[type],INFINITE);

-		}

-	else

-		{

-		ReleaseMutex(lock_cs[type]);

-		}

-	}

-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)

-	{

-	double ret;

-	SSL_CTX *ssl_ctx[2];

-	DWORD thread_id[MAX_THREAD_NUMBER];

-	HANDLE thread_handle[MAX_THREAD_NUMBER];

-	int i;

-	SYSTEMTIME start,end;

-	ssl_ctx[0]=s_ctx;

-	ssl_ctx[1]=c_ctx;

-	GetSystemTime(&start);

-	for (i=0; i<thread_number; i++)

-		{

-		thread_handle[i]=CreateThread(NULL,

-			THREAD_STACK_SIZE,

-			(LPTHREAD_START_ROUTINE)ndoit,

-			(void *)ssl_ctx,

-			0L,

-			&(thread_id[i]));

-		}

-	printf("reaping\n");

-	for (i=0; i<thread_number; i+=50)

-		{

-		int j;

-		j=(thread_number < (i+50))?(thread_number-i):50;

-		if (WaitForMultipleObjects(j,

-			(CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)

-			== WAIT_FAILED)

-			{

-			fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());

-			exit(1);

-			}

-		}

-	GetSystemTime(&end);

-	if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;

-	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;

-	ret=(ret+end.wHour-start.wHour)*60;

-	ret=(ret+end.wMinute-start.wMinute)*60;

-	ret=(ret+end.wSecond-start.wSecond);

-	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;

-	printf("win32 threads done - %.3f seconds\n",ret);

-	}

-#endif /* OPENSSL_SYS_WIN32 */

-#ifdef SOLARIS

-static mutex_t *lock_cs;

-/*static rwlock_t *lock_cs; */

-static long *lock_count;

-void thread_setup(void)

-	{

-	int i;

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));

-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_count[i]=0;

-		/* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */

-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);

-		}

-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);

-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);

-	}

-void thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	fprintf(stderr,"cleanup\n");

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		/* rwlock_destroy(&(lock_cs[i])); */

-		mutex_destroy(&(lock_cs[i]));

-		fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));

-		}

-	OPENSSL_free(lock_cs);

-	OPENSSL_free(lock_count);

-	fprintf(stderr,"done cleanup\n");

-	}

-void solaris_locking_callback(int mode, int type, char *file, int line)

-	{

-#ifdef undef

-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",

-		CRYPTO_thread_id(),

-		(mode&CRYPTO_LOCK)?"l":"u",

-		(type&CRYPTO_READ)?"r":"w",file,line);

-#endif

-	/*

-	if (CRYPTO_LOCK_SSL_CERT == type)

-	fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",

-		CRYPTO_thread_id(),

-		mode,file,line);

-	*/

-	if (mode & CRYPTO_LOCK)

-		{

-	/*	if (mode & CRYPTO_READ)

-			rw_rdlock(&(lock_cs[type]));

-		else

-			rw_wrlock(&(lock_cs[type])); */

-		mutex_lock(&(lock_cs[type]));

-		lock_count[type]++;

-		}

-	else

-		{

-/*		rw_unlock(&(lock_cs[type]));  */

-		mutex_unlock(&(lock_cs[type]));

-		}

-	}

-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)

-	{

-	SSL_CTX *ssl_ctx[2];

-	thread_t thread_ctx[MAX_THREAD_NUMBER];

-	int i;

-	ssl_ctx[0]=s_ctx;

-	ssl_ctx[1]=c_ctx;

-	thr_setconcurrency(thread_number);

-	for (i=0; i<thread_number; i++)

-		{

-		thr_create(NULL, THREAD_STACK_SIZE,

-			(void *(*)())ndoit,

-			(void *)ssl_ctx,

-			0L,

-			&(thread_ctx[i]));

-		}

-	printf("reaping\n");

-	for (i=0; i<thread_number; i++)

-		{

-		thr_join(thread_ctx[i],NULL,NULL);

-		}

-	printf("solaris threads done (%d,%d)\n",

-		s_ctx->references,c_ctx->references);

-	}

-unsigned long solaris_thread_id(void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)thr_self();

-	return(ret);

-	}

-#endif /* SOLARIS */

-#ifdef IRIX

-static usptr_t *arena;

-static usema_t **lock_cs;

-void thread_setup(void)

-	{

-	int i;

-	char filename[20];

-	strcpy(filename,"/tmp/mttest.XXXXXX");

-	mktemp(filename);

-	usconfig(CONF_STHREADIOOFF);

-	usconfig(CONF_STHREADMALLOCOFF);

-	usconfig(CONF_INITUSERS,100);

-	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);

-	arena=usinit(filename);

-	unlink(filename);

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_cs[i]=usnewsema(arena,1);

-		}

-	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);

-	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);

-	}

-void thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		char buf[10];

-		sprintf(buf,"%2d:",i);

-		usdumpsema(lock_cs[i],stdout,buf);

-		usfreesema(lock_cs[i],arena);

-		}

-	OPENSSL_free(lock_cs);

-	}

-void irix_locking_callback(int mode, int type, char *file, int line)

-	{

-	if (mode & CRYPTO_LOCK)

-		{

-		printf("lock %d\n",type);

-		uspsema(lock_cs[type]);

-		}

-	else

-		{

-		printf("unlock %d\n",type);

-		usvsema(lock_cs[type]);

-		}

-	}

-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)

-	{

-	SSL_CTX *ssl_ctx[2];

-	int thread_ctx[MAX_THREAD_NUMBER];

-	int i;

-	ssl_ctx[0]=s_ctx;

-	ssl_ctx[1]=c_ctx;

-	for (i=0; i<thread_number; i++)

-		{

-		thread_ctx[i]=sproc((void (*)())ndoit,

-			PR_SADDR|PR_SFDS,(void *)ssl_ctx);

-		}

-	printf("reaping\n");

-	for (i=0; i<thread_number; i++)

-		{

-		wait(NULL);

-		}

-	printf("irix threads done (%d,%d)\n",

-		s_ctx->references,c_ctx->references);

-	}

-unsigned long irix_thread_id(void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)getpid();

-	return(ret);

-	}

-#endif /* IRIX */

-#ifdef PTHREADS

-static pthread_mutex_t *lock_cs;

-static long *lock_count;

-void thread_setup(void)

-	{

-	int i;

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));

-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_count[i]=0;

-		pthread_mutex_init(&(lock_cs[i]),NULL);

-		}

-	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);

-	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);

-	}

-void thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	fprintf(stderr,"cleanup\n");

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		pthread_mutex_destroy(&(lock_cs[i]));

-		fprintf(stderr,"%8ld:%s\n",lock_count[i],

-			CRYPTO_get_lock_name(i));

-		}

-	OPENSSL_free(lock_cs);

-	OPENSSL_free(lock_count);

-	fprintf(stderr,"done cleanup\n");

-	}

-void pthreads_locking_callback(int mode, int type, char *file,

-	     int line)

-      {

-#ifdef undef

-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",

-		CRYPTO_thread_id(),

-		(mode&CRYPTO_LOCK)?"l":"u",

-		(type&CRYPTO_READ)?"r":"w",file,line);

-#endif

-/*

-	if (CRYPTO_LOCK_SSL_CERT == type)

-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",

-		CRYPTO_thread_id(),

-		mode,file,line);

-*/

-	if (mode & CRYPTO_LOCK)

-		{

-		pthread_mutex_lock(&(lock_cs[type]));

-		lock_count[type]++;

-		}

-	else

-		{

-		pthread_mutex_unlock(&(lock_cs[type]));

-		}

-	}

-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)

-	{

-	SSL_CTX *ssl_ctx[2];

-	pthread_t thread_ctx[MAX_THREAD_NUMBER];

-	int i;

-	ssl_ctx[0]=s_ctx;

-	ssl_ctx[1]=c_ctx;

-	/*

-	thr_setconcurrency(thread_number);

-	*/

-	for (i=0; i<thread_number; i++)

-		{

-		pthread_create(&(thread_ctx[i]), NULL,

-			(void *(*)())ndoit, (void *)ssl_ctx);

-		}

-	printf("reaping\n");

-	for (i=0; i<thread_number; i++)

-		{

-		pthread_join(thread_ctx[i],NULL);

-		}

-	printf("pthreads threads done (%d,%d)\n",

-		s_ctx->references,c_ctx->references);

-	}

-unsigned long pthreads_thread_id(void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)pthread_self();

-	return(ret);

-	}

-#endif /* PTHREADS */

-#ifdef OPENSSL_SYS_NETWARE

-void thread_setup(void)

-{

-   int i;

-   lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex));

-   lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));

-   for (i=0; i<CRYPTO_num_locks(); i++)

-   {

-      lock_count[i]=0;

-      lock_cs[i]=MPKMutexAlloc("OpenSSL mutex");

-   }

-   ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0 );

-   CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);

-   CRYPTO_set_locking_callback((void (*)())netware_locking_callback);

-}

-void thread_cleanup(void)

-{

-   int i;

-   CRYPTO_set_locking_callback(NULL);

-   fprintf(stdout,"thread_cleanup\n");

-   for (i=0; i<CRYPTO_num_locks(); i++)

-   {

-      MPKMutexFree(lock_cs[i]);

-      fprintf(stdout,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));

-   }

-   OPENSSL_free(lock_cs);

-   OPENSSL_free(lock_count);

-   MPKSemaphoreFree(ThreadSem);

-   fprintf(stdout,"done cleanup\n");

-}

-void netware_locking_callback(int mode, int type, char *file, int line)

-{

-   if (mode & CRYPTO_LOCK)

-   {

-      MPKMutexLock(lock_cs[type]);

-      lock_count[type]++;

-   }

-   else

-      MPKMutexUnlock(lock_cs[type]);

-}

-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)

-{

-   SSL_CTX *ssl_ctx[2];

-   int i;

-   ssl_ctx[0]=s_ctx;

-   ssl_ctx[1]=c_ctx;

-   for (i=0; i<thread_number; i++)

-   {

-      BeginThread( (void(*)(void*))ndoit, NULL, THREAD_STACK_SIZE,

-                   (void*)ssl_ctx);

-      ThreadSwitchWithDelay();

-   }

-   printf("reaping\n");

-      /* loop until all threads have signaled the semaphore */

-   for (i=0; i<thread_number; i++)

-   {

-      MPKSemaphoreWait(ThreadSem);

-   }

-   printf("netware threads done (%d,%d)\n",

-         s_ctx->references,c_ctx->references);

-}

-unsigned long netware_thread_id(void)

-{

-   unsigned long ret;

-   ret=(unsigned long)GetThreadID();

-   return(ret);

-}

-#endif /* NETWARE */

--- a/sys/src/ape/lib/openssl/crypto/threads/profile.sh

+++ /dev/null

@@ -1,4 +1,0 @@

-#!/bin/sh

-/bin/rm -f mttest

-cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket

--- a/sys/src/ape/lib/openssl/crypto/threads/pthread.sh

+++ /dev/null

@@ -1,9 +1,0 @@

-#!/bin/sh

-#

-# build using pthreads

-#

-# http://www.mit.edu:8001/people/proven/pthreads.html

-#

-/bin/rm -f mttest

-pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto

--- a/sys/src/ape/lib/openssl/crypto/threads/pthread2.sh

+++ /dev/null

@@ -1,7 +1,0 @@

-#!/bin/sh

-#

-# build using pthreads where it's already built into the system

-#

-/bin/rm -f mttest

-gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread

--- a/sys/src/ape/lib/openssl/crypto/threads/purify.sh

+++ /dev/null

@@ -1,4 +1,0 @@

-#!/bin/sh

-/bin/rm -f mttest

-purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket

--- a/sys/src/ape/lib/openssl/crypto/threads/solaris.sh

+++ /dev/null

@@ -1,4 +1,0 @@

-#!/bin/sh

-/bin/rm -f mttest

-cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket

--- a/sys/src/ape/lib/openssl/crypto/threads/th-lock.c

+++ /dev/null

@@ -1,387 +1,0 @@

-/* crypto/threads/th-lock.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#ifdef LINUX

-#include <typedefs.h>

-#endif

-#ifdef OPENSSL_SYS_WIN32

-#include <windows.h>

-#endif

-#ifdef SOLARIS

-#include <synch.h>

-#include <thread.h>

-#endif

-#ifdef IRIX

-#include <ulocks.h>

-#include <sys/prctl.h>

-#endif

-#ifdef PTHREADS

-#include <pthread.h>

-#endif

-#include <openssl/lhash.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include "../../e_os.h"

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-void CRYPTO_thread_setup(void);

-void CRYPTO_thread_cleanup(void);

-static void irix_locking_callback(int mode,int type,char *file,int line);

-static void solaris_locking_callback(int mode,int type,char *file,int line);

-static void win32_locking_callback(int mode,int type,char *file,int line);

-static void pthreads_locking_callback(int mode,int type,char *file,int line);

-static unsigned long irix_thread_id(void );

-static unsigned long solaris_thread_id(void );

-static unsigned long pthreads_thread_id(void );

-/* usage:

- * CRYPTO_thread_setup();

- * application code

- * CRYPTO_thread_cleanup();

- */

-#define THREAD_STACK_SIZE (16*1024)

-#ifdef OPENSSL_SYS_WIN32

-static HANDLE *lock_cs;

-void CRYPTO_thread_setup(void)

-	{

-	int i;

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);

-		}

-	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);

-	/* id callback defined */

-	return(1);

-	}

-static void CRYPTO_thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		CloseHandle(lock_cs[i]);

-	OPENSSL_free(lock_cs);

-	}

-void win32_locking_callback(int mode, int type, char *file, int line)

-	{

-	if (mode & CRYPTO_LOCK)

-		{

-		WaitForSingleObject(lock_cs[type],INFINITE);

-		}

-	else

-		{

-		ReleaseMutex(lock_cs[type]);

-		}

-	}

-#endif /* OPENSSL_SYS_WIN32 */

-#ifdef SOLARIS

-#define USE_MUTEX

-#ifdef USE_MUTEX

-static mutex_t *lock_cs;

-#else

-static rwlock_t *lock_cs;

-#endif

-static long *lock_count;

-void CRYPTO_thread_setup(void)

-	{

-	int i;

-#ifdef USE_MUTEX

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));

-#else

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));

-#endif

-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_count[i]=0;

-#ifdef USE_MUTEX

-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);

-#else

-		rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);

-#endif

-		}

-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);

-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);

-	}

-void CRYPTO_thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-#ifdef USE_MUTEX

-		mutex_destroy(&(lock_cs[i]));

-#else

-		rwlock_destroy(&(lock_cs[i]));

-#endif

-		}

-	OPENSSL_free(lock_cs);

-	OPENSSL_free(lock_count);

-	}

-void solaris_locking_callback(int mode, int type, char *file, int line)

-	{

-#if 0

-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",

-		CRYPTO_thread_id(),

-		(mode&CRYPTO_LOCK)?"l":"u",

-		(type&CRYPTO_READ)?"r":"w",file,line);

-#endif

-#if 0

-	if (CRYPTO_LOCK_SSL_CERT == type)

-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",

-			CRYPTO_thread_id(),

-			mode,file,line);

-#endif

-	if (mode & CRYPTO_LOCK)

-		{

-#ifdef USE_MUTEX

-		mutex_lock(&(lock_cs[type]));

-#else

-		if (mode & CRYPTO_READ)

-			rw_rdlock(&(lock_cs[type]));

-		else

-			rw_wrlock(&(lock_cs[type]));

-#endif

-		lock_count[type]++;

-		}

-	else

-		{

-#ifdef USE_MUTEX

-		mutex_unlock(&(lock_cs[type]));

-#else

-		rw_unlock(&(lock_cs[type]));

-#endif

-		}

-	}

-unsigned long solaris_thread_id(void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)thr_self();

-	return(ret);

-	}

-#endif /* SOLARIS */

-#ifdef IRIX

-/* I don't think this works..... */

-static usptr_t *arena;

-static usema_t **lock_cs;

-void CRYPTO_thread_setup(void)

-	{

-	int i;

-	char filename[20];

-	strcpy(filename,"/tmp/mttest.XXXXXX");

-	mktemp(filename);

-	usconfig(CONF_STHREADIOOFF);

-	usconfig(CONF_STHREADMALLOCOFF);

-	usconfig(CONF_INITUSERS,100);

-	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);

-	arena=usinit(filename);

-	unlink(filename);

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_cs[i]=usnewsema(arena,1);

-		}

-	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);

-	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);

-	}

-void CRYPTO_thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		char buf[10];

-		sprintf(buf,"%2d:",i);

-		usdumpsema(lock_cs[i],stdout,buf);

-		usfreesema(lock_cs[i],arena);

-		}

-	OPENSSL_free(lock_cs);

-	}

-void irix_locking_callback(int mode, int type, char *file, int line)

-	{

-	if (mode & CRYPTO_LOCK)

-		{

-		uspsema(lock_cs[type]);

-		}

-	else

-		{

-		usvsema(lock_cs[type]);

-		}

-	}

-unsigned long irix_thread_id(void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)getpid();

-	return(ret);

-	}

-#endif /* IRIX */

-/* Linux and a few others */

-#ifdef PTHREADS

-static pthread_mutex_t *lock_cs;

-static long *lock_count;

-void CRYPTO_thread_setup(void)

-	{

-	int i;

-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));

-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		lock_count[i]=0;

-		pthread_mutex_init(&(lock_cs[i]),NULL);

-		}

-	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);

-	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);

-	}

-void thread_cleanup(void)

-	{

-	int i;

-	CRYPTO_set_locking_callback(NULL);

-	for (i=0; i<CRYPTO_num_locks(); i++)

-		{

-		pthread_mutex_destroy(&(lock_cs[i]));

-		}

-	OPENSSL_free(lock_cs);

-	OPENSSL_free(lock_count);

-	}

-void pthreads_locking_callback(int mode, int type, char *file,

-	     int line)

-      {

-#if 0

-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",

-		CRYPTO_thread_id(),

-		(mode&CRYPTO_LOCK)?"l":"u",

-		(type&CRYPTO_READ)?"r":"w",file,line);

-#endif

-#if 0

-	if (CRYPTO_LOCK_SSL_CERT == type)

-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",

-		CRYPTO_thread_id(),

-		mode,file,line);

-#endif

-	if (mode & CRYPTO_LOCK)

-		{

-		pthread_mutex_lock(&(lock_cs[type]));

-		lock_count[type]++;

-		}

-	else

-		{

-		pthread_mutex_unlock(&(lock_cs[type]));

-		}

-	}

-unsigned long pthreads_thread_id(void)

-	{

-	unsigned long ret;

-	ret=(unsigned long)pthread_self();

-	return(ret);

-	}

-#endif /* PTHREADS */

--- a/sys/src/ape/lib/openssl/crypto/tmdiff.c

+++ /dev/null

@@ -1,260 +1,0 @@

-/* crypto/tmdiff.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include "cryptlib.h"

-#include <openssl/tmdiff.h>

-#if !defined(OPENSSL_SYS_MSDOS)

-#include OPENSSL_UNISTD

-#endif

-#ifdef TIMEB

-#undef OPENSSL_SYS_WIN32

-#undef TIMES

-#endif

-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS)

-# define TIMES

-#endif

-#ifdef OPENSSL_SYS_NETWARE

-#undef TIMES

-#endif

-#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE)

-#  include <time.h>

-#endif

-#ifdef TIMES

-#  include <sys/types.h>

-#  include <sys/times.h>

-#endif

-/* Depending on the VMS version, the tms structure is perhaps defined.

-   The __TMS macro will show if it was.  If it wasn't defined, we should

-   undefine TIMES, since that tells the rest of the program how things

-   should be handled.				-- Richard Levitte */

-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)

-#undef TIMES

-#endif

-#if defined(sun) || defined(__ultrix)

-#define _POSIX_SOURCE

-#include <limits.h>

-#include <sys/param.h>

-#endif

-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)

-#include <sys/timeb.h>

-#endif

-#ifdef OPENSSL_SYS_WIN32

-#include <windows.h>

-#endif

-/* The following if from times(3) man page.  It may need to be changed */

-#ifndef HZ

-# if defined(_SC_CLK_TCK) \

-     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)

-/* #  define HZ ((double)sysconf(_SC_CLK_TCK)) */

-#  define HZ sysconf(_SC_CLK_TCK)

-# else

-#  ifndef CLK_TCK

-#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */

-#    define HZ  100.0

-#   else /* _BSD_CLK_TCK_ */

-#    define HZ ((double)_BSD_CLK_TCK_)

-#   endif

-#  else /* CLK_TCK */

-#   define HZ ((double)CLK_TCK)

-#  endif

-# endif

-#endif

-struct ms_tm

-	{

-#ifdef TIMES

-	struct tms ms_tms;

-#else

-#  ifdef OPENSSL_SYS_WIN32

-	HANDLE thread_id;

-	FILETIME ms_win32;

-#  elif defined (OPENSSL_SYS_NETWARE)

-   clock_t ms_clock;

-#  else

-#    ifdef OPENSSL_SYS_VXWORKS

-          unsigned long ticks;

-#    else

-	struct timeb ms_timeb;

-#    endif

-#  endif

-#endif

-	};

-MS_TM *ms_time_new(void)

-	{

-	MS_TM *ret;

-	ret=(MS_TM *)OPENSSL_malloc(sizeof(MS_TM));

-	if (ret == NULL)

-		return(NULL);

-	memset(ret,0,sizeof(MS_TM));

-#ifdef OPENSSL_SYS_WIN32

-	ret->thread_id=GetCurrentThread();

-#endif

-	return ret;

-	}

-void ms_time_free(MS_TM *a)

-	{

-	if (a != NULL)

-		OPENSSL_free(a);

-	}

-void ms_time_get(MS_TM *tm)

-	{

-#ifdef OPENSSL_SYS_WIN32

-	FILETIME tmpa,tmpb,tmpc;

-#endif

-#ifdef TIMES

-	times(&tm->ms_tms);

-#else

-#  ifdef OPENSSL_SYS_WIN32

-	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));

-#  elif defined (OPENSSL_SYS_NETWARE)

-   tm->ms_clock = clock();

-#  else

-#    ifdef OPENSSL_SYS_VXWORKS

-        tm->ticks = tickGet();

-#    else

-	ftime(&tm->ms_timeb);

-#    endif

-#  endif

-#endif

-	}

-double ms_time_diff(MS_TM *a, MS_TM *b)

-	{

-	double ret;

-#ifdef TIMES

-	ret = HZ;

-	ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret;

-#else

-# ifdef OPENSSL_SYS_WIN32

-	{

-#ifdef __GNUC__

-	signed long long la,lb;

-#else

-	signed _int64 la,lb;

-#endif

-	la=a->ms_win32.dwHighDateTime;

-	lb=b->ms_win32.dwHighDateTime;

-	la<<=32;

-	lb<<=32;

-	la+=a->ms_win32.dwLowDateTime;

-	lb+=b->ms_win32.dwLowDateTime;

-	ret=((double)(lb-la))/1e7;

-	}

-# elif defined (OPENSSL_SYS_NETWARE)

-    ret= (double)(b->ms_clock - a->ms_clock);

-# else

-#  ifdef OPENSSL_SYS_VXWORKS

-        ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();

-#  else

-	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+

-		(((double)b->ms_timeb.millitm)-

-		((double)a->ms_timeb.millitm))/1000.0;

-#  endif

-# endif

-#endif

-	return((ret < 0.0000001)?0.0000001:ret);

-	}

-int ms_time_cmp(const MS_TM *a, const MS_TM *b)

-	{

-	double d;

-	int ret;

-#ifdef TIMES

-	d = HZ;

-	d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d;

-#else

-# ifdef OPENSSL_SYS_WIN32

-	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;

-	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;

-# elif defined (OPENSSL_SYS_NETWARE)

-    d= (double)(b->ms_clock - a->ms_clock);

-# else

-#  ifdef OPENSSL_SYS_VXWORKS

-        d = (b->ticks - a->ticks);

-#  else

-	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+

-		(((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;

-#  endif

-# endif

-#endif

-	if (d == 0.0)

-		ret=0;

-	else if (d < 0)

-		ret= -1;

-	else

-		ret=1;

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/tmdiff.h

+++ /dev/null

@@ -1,93 +1,0 @@

-/* crypto/tmdiff.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* Header for dynamic hash table routines

- * Author - Eric Young

- */

-/* ... erm yeah, "dynamic hash tables" you say?

- *

- * And what would dynamic hash tables have to do with any of this code *now*?

- * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused

- * file that I doubt compiles any more. speed.c is the only thing that could

- * use this (and it has nothing to do with hash tables), yet it instead has its

- * own duplication of all this stuff and looks, if anything, more complete. See

- * the corresponding note in apps/speed.c.

- * The Bemused - Geoff

- */

-#ifndef HEADER_TMDIFF_H

-#define HEADER_TMDIFF_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct ms_tm MS_TM;

-MS_TM *ms_time_new(void );

-void ms_time_free(MS_TM *a);

-void ms_time_get(MS_TM *a);

-double ms_time_diff(MS_TM *start, MS_TM *end);

-int ms_time_cmp(const MS_TM *ap, const MS_TM *bp);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/txt_db/Makefile

+++ /dev/null

@@ -1,84 +1,0 @@

-#

-# OpenSSL/crypto/txt_db/Makefile

-#

-DIR=	txt_db

-TOP=	../..

-CC=	cc

-INCLUDES=

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=txt_db.c

-LIBOBJ=txt_db.o

-SRC= $(LIBSRC)

-EXHEADER= txt_db.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-txt_db.o: ../../e_os.h ../../include/openssl/bio.h

-txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-txt_db.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-txt_db.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h

-txt_db.o: ../cryptlib.h txt_db.c

--- a/sys/src/ape/lib/openssl/crypto/txt_db/txt_db.c

+++ /dev/null

@@ -1,386 +1,0 @@

-/* crypto/txt_db/txt_db.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/txt_db.h>

-#undef BUFSIZE

-#define BUFSIZE	512

-const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT;

-TXT_DB *TXT_DB_read(BIO *in, int num)

-	{

-	TXT_DB *ret=NULL;

-	int er=1;

-	int esc=0;

-	long ln=0;

-	int i,add,n;

-	int size=BUFSIZE;

-	int offset=0;

-	char *p,**pp,*f;

-	BUF_MEM *buf=NULL;

-	if ((buf=BUF_MEM_new()) == NULL) goto err;

-	if (!BUF_MEM_grow(buf,size)) goto err;

-	if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)

-		goto err;

-	ret->num_fields=num;

-	ret->index=NULL;

-	ret->qual=NULL;

-	if ((ret->data=sk_new_null()) == NULL)

-		goto err;

-	if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)

-		goto err;

-	if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)

-		goto err;

-	for (i=0; i<num; i++)

-		{

-		ret->index[i]=NULL;

-		ret->qual[i]=NULL;

-		}

-	add=(num+1)*sizeof(char *);

-	buf->data[size-1]='\0';

-	offset=0;

-	for (;;)

-		{

-		if (offset != 0)

-			{

-			size+=BUFSIZE;

-			if (!BUF_MEM_grow_clean(buf,size)) goto err;

-			}

-		buf->data[offset]='\0';

-		BIO_gets(in,&(buf->data[offset]),size-offset);

-		ln++;

-		if (buf->data[offset] == '\0') break;

-		if ((offset == 0) && (buf->data[0] == '#')) continue;

-		i=strlen(&(buf->data[offset]));

-		offset+=i;

-		if (buf->data[offset-1] != '\n')

-			continue;

-		else

-			{

-			buf->data[offset-1]='\0'; /* blat the '\n' */

-			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;

-			offset=0;

-			}

-		pp=(char **)p;

-		p+=add;

-		n=0;

-		pp[n++]=p;

-		i=0;

-		f=buf->data;

-		esc=0;

-		for (;;)

-			{

-			if (*f == '\0') break;

-			if (*f == '\t')

-				{

-				if (esc)

-					p--;

-				else

-					{

-					*(p++)='\0';

-					f++;

-					if (n >=  num) break;

-					pp[n++]=p;

-					continue;

-					}

-				}

-			esc=(*f == '\\');

-			*(p++)= *(f++);

-			}

-		*(p++)='\0';

-		if ((n != num) || (*f != '\0'))

-			{

-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */

-			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);

-#endif

-			er=2;

-			goto err;

-			}

-		pp[n]=p;

-		if (!sk_push(ret->data,(char *)pp))

-			{

-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */

-			fprintf(stderr,"failure in sk_push\n");

-#endif

-			er=2;

-			goto err;

-			}

-		}

-	er=0;

-err:

-	BUF_MEM_free(buf);

-	if (er)

-		{

-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)

-		if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");

-#endif

-		if (ret != NULL)

-			{

-			if (ret->data != NULL) sk_free(ret->data);

-			if (ret->index != NULL) OPENSSL_free(ret->index);

-			if (ret->qual != NULL) OPENSSL_free(ret->qual);

-			if (ret != NULL) OPENSSL_free(ret);

-			}

-		return(NULL);

-		}

-	else

-		return(ret);

-	}

-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)

-	{

-	char **ret;

-	LHASH *lh;

-	if (idx >= db->num_fields)

-		{

-		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;

-		return(NULL);

-		}

-	lh=db->index[idx];

-	if (lh == NULL)

-		{

-		db->error=DB_ERROR_NO_INDEX;

-		return(NULL);

-		}

-	ret=(char **)lh_retrieve(lh,value);

-	db->error=DB_ERROR_OK;

-	return(ret);

-	}

-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),

-		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)

-	{

-	LHASH *idx;

-	char **r;

-	int i,n;

-	if (field >= db->num_fields)

-		{

-		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;

-		return(0);

-		}

-	if ((idx=lh_new(hash,cmp)) == NULL)

-		{

-		db->error=DB_ERROR_MALLOC;

-		return(0);

-		}

-	n=sk_num(db->data);

-	for (i=0; i<n; i++)

-		{

-		r=(char **)sk_value(db->data,i);

-		if ((qual != NULL) && (qual(r) == 0)) continue;

-		if ((r=lh_insert(idx,r)) != NULL)

-			{

-			db->error=DB_ERROR_INDEX_CLASH;

-			db->arg1=sk_find(db->data,(char *)r);

-			db->arg2=i;

-			lh_free(idx);

-			return(0);

-			}

-		}

-	if (db->index[field] != NULL) lh_free(db->index[field]);

-	db->index[field]=idx;

-	db->qual[field]=qual;

-	return(1);

-	}

-long TXT_DB_write(BIO *out, TXT_DB *db)

-	{

-	long i,j,n,nn,l,tot=0;

-	char *p,**pp,*f;

-	BUF_MEM *buf=NULL;

-	long ret= -1;

-	if ((buf=BUF_MEM_new()) == NULL)

-		goto err;

-	n=sk_num(db->data);

-	nn=db->num_fields;

-	for (i=0; i<n; i++)

-		{

-		pp=(char **)sk_value(db->data,i);

-		l=0;

-		for (j=0; j<nn; j++)

-			{

-			if (pp[j] != NULL)

-				l+=strlen(pp[j]);

-			}

-		if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;

-		p=buf->data;

-		for (j=0; j<nn; j++)

-			{

-			f=pp[j];

-			if (f != NULL)

-				for (;;)

-					{

-					if (*f == '\0') break;

-					if (*f == '\t') *(p++)='\\';

-					*(p++)= *(f++);

-					}

-			*(p++)='\t';

-			}

-		p[-1]='\n';

-		j=p-buf->data;

-		if (BIO_write(out,buf->data,(int)j) != j)

-			goto err;

-		tot+=j;

-		}

-	ret=tot;

-err:

-	if (buf != NULL) BUF_MEM_free(buf);

-	return(ret);

-	}

-int TXT_DB_insert(TXT_DB *db, char **row)

-	{

-	int i;

-	char **r;

-	for (i=0; i<db->num_fields; i++)

-		{

-		if (db->index[i] != NULL)

-			{

-			if ((db->qual[i] != NULL) &&

-				(db->qual[i](row) == 0)) continue;

-			r=(char **)lh_retrieve(db->index[i],row);

-			if (r != NULL)

-				{

-				db->error=DB_ERROR_INDEX_CLASH;

-				db->arg1=i;

-				db->arg_row=r;

-				goto err;

-				}

-			}

-		}

-	/* We have passed the index checks, now just append and insert */

-	if (!sk_push(db->data,(char *)row))

-		{

-		db->error=DB_ERROR_MALLOC;

-		goto err;

-		}

-	for (i=0; i<db->num_fields; i++)

-		{

-		if (db->index[i] != NULL)

-			{

-			if ((db->qual[i] != NULL) &&

-				(db->qual[i](row) == 0)) continue;

-			lh_insert(db->index[i],row);

-			}

-		}

-	return(1);

-err:

-	return(0);

-	}

-void TXT_DB_free(TXT_DB *db)

-	{

-	int i,n;

-	char **p,*max;

-	if(db == NULL)

-	    return;

-	if (db->index != NULL)

-		{

-		for (i=db->num_fields-1; i>=0; i--)

-			if (db->index[i] != NULL) lh_free(db->index[i]);

-		OPENSSL_free(db->index);

-		}

-	if (db->qual != NULL)

-		OPENSSL_free(db->qual);

-	if (db->data != NULL)

-		{

-		for (i=sk_num(db->data)-1; i>=0; i--)

-			{

-			/* check if any 'fields' have been allocated

-			 * from outside of the initial block */

-			p=(char **)sk_value(db->data,i);

-			max=p[db->num_fields]; /* last address */

-			if (max == NULL) /* new row */

-				{

-				for (n=0; n<db->num_fields; n++)

-					if (p[n] != NULL) OPENSSL_free(p[n]);

-				}

-			else

-				{

-				for (n=0; n<db->num_fields; n++)

-					{

-					if (((p[n] < (char *)p) || (p[n] > max))

-						&& (p[n] != NULL))

-						OPENSSL_free(p[n]);

-					}

-				}

-			OPENSSL_free(sk_value(db->data,i));

-			}

-		sk_free(db->data);

-		}

-	OPENSSL_free(db);

-	}

--- a/sys/src/ape/lib/openssl/crypto/txt_db/txt_db.h

+++ /dev/null

@@ -1,109 +1,0 @@

-/* crypto/txt_db/txt_db.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_TXT_DB_H

-#define HEADER_TXT_DB_H

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/lhash.h>

-#define DB_ERROR_OK			0

-#define DB_ERROR_MALLOC			1

-#define DB_ERROR_INDEX_CLASH    	2

-#define DB_ERROR_INDEX_OUT_OF_RANGE	3

-#define DB_ERROR_NO_INDEX		4

-#define DB_ERROR_INSERT_INDEX_CLASH    	5

-#ifdef  __cplusplus

-extern "C" {

-#endif

-typedef struct txt_db_st

-	{

-	int num_fields;

-	STACK /* char ** */ *data;

-	LHASH **index;

-	int (**qual)(char **);

-	long error;

-	long arg1;

-	long arg2;

-	char **arg_row;

-	} TXT_DB;

-#ifndef OPENSSL_NO_BIO

-TXT_DB *TXT_DB_read(BIO *in, int num);

-long TXT_DB_write(BIO *out, TXT_DB *db);

-#else

-TXT_DB *TXT_DB_read(char *in, int num);

-long TXT_DB_write(char *out, TXT_DB *db);

-#endif

-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),

-		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);

-void TXT_DB_free(TXT_DB *db);

-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);

-int TXT_DB_insert(TXT_DB *db,char **value);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ui/Makefile

+++ /dev/null

@@ -1,111 +1,0 @@

-#

-# OpenSSL/crypto/ui/Makefile

-#

-DIR=	ui

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile

-#TEST= uitest.c

-TEST=

-APPS=

-COMPATSRC= ui_compat.c

-COMPATOBJ= ui_compat.o

-LIB=$(TOP)/libcrypto.a

-LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)

-LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)

-SRC= $(LIBSRC)

-EXHEADER= ui.h ui_compat.h

-HEADER=	$(EXHEADER) ui_locl.h

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-ui_compat.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

-ui_compat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/ui.h

-ui_compat.o: ../../include/openssl/ui_compat.h ui_compat.c

-ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h

-ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ui_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ui_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_err.c

-ui_lib.o: ../../e_os.h ../../include/openssl/bio.h

-ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-ui_lib.o: ../cryptlib.h ui_lib.c ui_locl.h

-ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h

-ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

-ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

-ui_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

-ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

-ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c

-ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-ui_util.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

-ui_util.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-ui_util.o: ../../include/openssl/ui.h ui_locl.h ui_util.c

--- a/sys/src/ape/lib/openssl/crypto/ui/ui.h

+++ /dev/null

@@ -1,381 +1,0 @@

-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UI_H

-#define HEADER_UI_H

-#ifndef OPENSSL_NO_DEPRECATED

-#include <openssl/crypto.h>

-#endif

-#include <openssl/safestack.h>

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Declared already in ossl_typ.h */

-/* typedef struct ui_st UI; */

-/* typedef struct ui_method_st UI_METHOD; */

-/* All the following functions return -1 or NULL on error and in some cases

-   (UI_process()) -2 if interrupted or in some other way cancelled.

-   When everything is fine, they return 0, a positive value or a non-NULL

-   pointer, all depending on their purpose. */

-/* Creators and destructor.   */

-UI *UI_new(void);

-UI *UI_new_method(const UI_METHOD *method);

-void UI_free(UI *ui);

-/* The following functions are used to add strings to be printed and prompt

-   strings to prompt for data.  The names are UI_{add,dup}_<function>_string

-   and UI_{add,dup}_input_boolean.

-   UI_{add,dup}_<function>_string have the following meanings:

-	add	add a text or prompt string.  The pointers given to these

-		functions are used verbatim, no copying is done.

-	dup	make a copy of the text or prompt string, then add the copy

-		to the collection of strings in the user interface.

-	<function>

-		The function is a name for the functionality that the given

-		string shall be used for.  It can be one of:

-			input	use the string as data prompt.

-			verify	use the string as verification prompt.  This

-				is used to verify a previous input.

-			info	use the string for informational output.

-			error	use the string for error output.

-   Honestly, there's currently no difference between info and error for the

-   moment.

-   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",

-   and are typically used when one wants to prompt for a yes/no response.

-   All of the functions in this group take a UI and a prompt string.

-   The string input and verify addition functions also take a flag argument,

-   a buffer for the result to end up with, a minimum input size and a maximum

-   input size (the result buffer MUST be large enough to be able to contain

-   the maximum number of characters).  Additionally, the verify addition

-   functions takes another buffer to compare the result against.

-   The boolean input functions take an action description string (which should

-   be safe to ignore if the expected user action is obvious, for example with

-   a dialog box with an OK button and a Cancel button), a string of acceptable

-   characters to mean OK and to mean Cancel.  The two last strings are checked

-   to make sure they don't have common characters.  Additionally, the same

-   flag argument as for the string input is taken, as well as a result buffer.

-   The result buffer is required to be at least one byte long.  Depending on

-   the answer, the first character from the OK or the Cancel character strings

-   will be stored in the first byte of the result buffer.  No NUL will be

-   added, so the result is *not* a string.

-   On success, the all return an index of the added information.  That index

-   is usefull when retrieving results with UI_get0_result(). */

-int UI_add_input_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize);

-int UI_dup_input_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize);

-int UI_add_verify_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf);

-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf);

-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int flags, char *result_buf);

-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int flags, char *result_buf);

-int UI_add_info_string(UI *ui, const char *text);

-int UI_dup_info_string(UI *ui, const char *text);

-int UI_add_error_string(UI *ui, const char *text);

-int UI_dup_error_string(UI *ui, const char *text);

-/* These are the possible flags.  They can be or'ed together. */

-/* Use to have echoing of input */

-#define UI_INPUT_FLAG_ECHO		0x01

-/* Use a default password.  Where that password is found is completely

-   up to the application, it might for example be in the user data set

-   with UI_add_user_data().  It is not recommended to have more than

-   one input in each UI being marked with this flag, or the application

-   might get confused. */

-#define UI_INPUT_FLAG_DEFAULT_PWD	0x02

-/* The user of these routines may want to define flags of their own.  The core

-   UI won't look at those, but will pass them on to the method routines.  They

-   must use higher bits so they don't get confused with the UI bits above.

-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good

-   example of use is this:

-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)

-*/

-#define UI_INPUT_FLAG_USER_BASE	16

-/* The following function helps construct a prompt.  object_desc is a

-   textual short description of the object, for example "pass phrase",

-   and object_name is the name of the object (might be a card name or

-   a file name.

-   The returned string shall always be allocated on the heap with

-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().

-   If the ui_method doesn't contain a pointer to a user-defined prompt

-   constructor, a default string is built, looking like this:

-	"Enter {object_desc} for {object_name}:"

-   So, if object_desc has the value "pass phrase" and object_name has

-   the value "foo.key", the resulting string is:

-	"Enter pass phrase for foo.key:"

-*/

-char *UI_construct_prompt(UI *ui_method,

-	const char *object_desc, const char *object_name);

-/* The following function is used to store a pointer to user-specific data.

-   Any previous such pointer will be returned and replaced.

-   For callback purposes, this function makes a lot more sense than using

-   ex_data, since the latter requires that different parts of OpenSSL or

-   applications share the same ex_data index.

-   Note that the UI_OpenSSL() method completely ignores the user data.

-   Other methods may not, however.  */

-void *UI_add_user_data(UI *ui, void *user_data);

-/* We need a user data retrieving function as well.  */

-void *UI_get0_user_data(UI *ui);

-/* Return the result associated with a prompt given with the index i. */

-const char *UI_get0_result(UI *ui, int i);

-/* When all strings have been added, process the whole thing. */

-int UI_process(UI *ui);

-/* Give a user interface parametrised control commands.  This can be used to

-   send down an integer, a data pointer or a function pointer, as well as

-   be used to get information from a UI. */

-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void));

-/* The commands */

-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the

-   OpenSSL error stack before printing any info or added error messages and

-   before any prompting. */

-#define UI_CTRL_PRINT_ERRORS		1

-/* Check if a UI_process() is possible to do again with the same instance of

-   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0

-   if not. */

-#define UI_CTRL_IS_REDOABLE		2

-/* Some methods may use extra data */

-#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)

-#define UI_get_app_data(s)             UI_get_ex_data(s,0)

-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int UI_set_ex_data(UI *r,int idx,void *arg);

-void *UI_get_ex_data(UI *r, int idx);

-/* Use specific methods instead of the built-in one */

-void UI_set_default_method(const UI_METHOD *meth);

-const UI_METHOD *UI_get_default_method(void);

-const UI_METHOD *UI_get_method(UI *ui);

-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);

-/* The method with all the built-in thingies */

-UI_METHOD *UI_OpenSSL(void);

-/* ---------- For method writers ---------- */

-/* A method contains a number of functions that implement the low level

-   of the User Interface.  The functions are:

-	an opener	This function starts a session, maybe by opening

-			a channel to a tty, or by opening a window.

-	a writer	This function is called to write a given string,

-			maybe to the tty, maybe as a field label in a

-			window.

-	a flusher	This function is called to flush everything that

-			has been output so far.  It can be used to actually

-			display a dialog box after it has been built.

-	a reader	This function is called to read a given prompt,

-			maybe from the tty, maybe from a field in a

-			window.  Note that it's called wth all string

-			structures, not only the prompt ones, so it must

-			check such things itself.

-	a closer	This function closes the session, maybe by closing

-			the channel to the tty, or closing the window.

-   All these functions are expected to return:

-	0	on error.

-	1	on success.

-	-1	on out-of-band events, for example if some prompting has

-		been canceled (by pressing Ctrl-C, for example).  This is

-		only checked when returned by the flusher or the reader.

-   The way this is used, the opener is first called, then the writer for all

-   strings, then the flusher, then the reader for all strings and finally the

-   closer.  Note that if you want to prompt from a terminal or other command

-   line interface, the best is to have the reader also write the prompts

-   instead of having the writer do it.  If you want to prompt from a dialog

-   box, the writer can be used to build up the contents of the box, and the

-   flusher to actually display the box and run the event loop until all data

-   has been given, after which the reader only grabs the given data and puts

-   them back into the UI strings.

-   All method functions take a UI as argument.  Additionally, the writer and

-   the reader take a UI_STRING.

-*/

-/* The UI_STRING type is the data structure that contains all the needed info

-   about a string or a prompt, including test data for a verification prompt.

-*/

-DECLARE_STACK_OF(UI_STRING)

-typedef struct ui_string_st UI_STRING;

-/* The different types of strings that are currently supported.

-   This is only needed by method authors. */

-enum UI_string_types

-	{

-	UIT_NONE=0,

-	UIT_PROMPT,		/* Prompt for a string */

-	UIT_VERIFY,		/* Prompt for a string and verify */

-	UIT_BOOLEAN,		/* Prompt for a yes/no response */

-	UIT_INFO,		/* Send info to the user */

-	UIT_ERROR		/* Send an error message to the user */

-	};

-/* Create and manipulate methods */

-UI_METHOD *UI_create_method(char *name);

-void UI_destroy_method(UI_METHOD *ui_method);

-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));

-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));

-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));

-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));

-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));

-int (*UI_method_get_opener(UI_METHOD *method))(UI*);

-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);

-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);

-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);

-int (*UI_method_get_closer(UI_METHOD *method))(UI*);

-/* The following functions are helpers for method writers to access relevant

-   data from a UI_STRING. */

-/* Return type of the UI_STRING */

-enum UI_string_types UI_get_string_type(UI_STRING *uis);

-/* Return input flags of the UI_STRING */

-int UI_get_input_flags(UI_STRING *uis);

-/* Return the actual string to output (the prompt, info or error) */

-const char *UI_get0_output_string(UI_STRING *uis);

-/* Return the optional action string to output (the boolean promtp instruction) */

-const char *UI_get0_action_string(UI_STRING *uis);

-/* Return the result of a prompt */

-const char *UI_get0_result_string(UI_STRING *uis);

-/* Return the string to test the result against.  Only useful with verifies. */

-const char *UI_get0_test_string(UI_STRING *uis);

-/* Return the required minimum size of the result */

-int UI_get_result_minsize(UI_STRING *uis);

-/* Return the required maximum size of the result */

-int UI_get_result_maxsize(UI_STRING *uis);

-/* Set the result of a UI_STRING. */

-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);

-/* A couple of popular utility functions */

-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);

-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_UI_strings(void);

-/* Error codes for the UI functions. */

-/* Function codes. */

-#define UI_F_GENERAL_ALLOCATE_BOOLEAN			 108

-#define UI_F_GENERAL_ALLOCATE_PROMPT			 109

-#define UI_F_GENERAL_ALLOCATE_STRING			 100

-#define UI_F_UI_CTRL					 111

-#define UI_F_UI_DUP_ERROR_STRING			 101

-#define UI_F_UI_DUP_INFO_STRING				 102

-#define UI_F_UI_DUP_INPUT_BOOLEAN			 110

-#define UI_F_UI_DUP_INPUT_STRING			 103

-#define UI_F_UI_DUP_VERIFY_STRING			 106

-#define UI_F_UI_GET0_RESULT				 107

-#define UI_F_UI_NEW_METHOD				 104

-#define UI_F_UI_SET_RESULT				 105

-/* Reason codes. */

-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS		 104

-#define UI_R_INDEX_TOO_LARGE				 102

-#define UI_R_INDEX_TOO_SMALL				 103

-#define UI_R_NO_RESULT_BUFFER				 105

-#define UI_R_RESULT_TOO_LARGE				 100

-#define UI_R_RESULT_TOO_SMALL				 101

-#define UI_R_UNKNOWN_CONTROL_COMMAND			 106

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_compat.c

+++ /dev/null

@@ -1,67 +1,0 @@

-/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include <openssl/ui_compat.h>

-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)

-	{

-	return UI_UTIL_read_pw_string(buf, length, prompt, verify);

-	}

-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)

-	{

-	return UI_UTIL_read_pw(buf, buff, size, prompt, verify);

-	}

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_compat.h

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UI_COMPAT_H

-#define HEADER_UI_COMPAT_H

-#include <openssl/opensslconf.h>

-#include <openssl/ui.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* The following functions were previously part of the DES section,

-   and are provided here for backward compatibility reasons. */

-#define des_read_pw_string(b,l,p,v) \

-	_ossl_old_des_read_pw_string((b),(l),(p),(v))

-#define des_read_pw(b,bf,s,p,v) \

-	_ossl_old_des_read_pw((b),(bf),(s),(p),(v))

-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);

-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_err.c

+++ /dev/null

@@ -1,112 +1,0 @@

-/* crypto/ui/ui_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ui.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)

-static ERR_STRING_DATA UI_str_functs[]=

-	{

-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN),	"GENERAL_ALLOCATE_BOOLEAN"},

-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT),	"GENERAL_ALLOCATE_PROMPT"},

-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING),	"GENERAL_ALLOCATE_STRING"},

-{ERR_FUNC(UI_F_UI_CTRL),	"UI_ctrl"},

-{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING),	"UI_dup_error_string"},

-{ERR_FUNC(UI_F_UI_DUP_INFO_STRING),	"UI_dup_info_string"},

-{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN),	"UI_dup_input_boolean"},

-{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING),	"UI_dup_input_string"},

-{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING),	"UI_dup_verify_string"},

-{ERR_FUNC(UI_F_UI_GET0_RESULT),	"UI_get0_result"},

-{ERR_FUNC(UI_F_UI_NEW_METHOD),	"UI_new_method"},

-{ERR_FUNC(UI_F_UI_SET_RESULT),	"UI_set_result"},

-{0,NULL}

-	};

-static ERR_STRING_DATA UI_str_reasons[]=

-	{

-{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},

-{ERR_REASON(UI_R_INDEX_TOO_LARGE)        ,"index too large"},

-{ERR_REASON(UI_R_INDEX_TOO_SMALL)        ,"index too small"},

-{ERR_REASON(UI_R_NO_RESULT_BUFFER)       ,"no result buffer"},

-{ERR_REASON(UI_R_RESULT_TOO_LARGE)       ,"result too large"},

-{ERR_REASON(UI_R_RESULT_TOO_SMALL)       ,"result too small"},

-{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},

-{0,NULL}

-	};

-#endif

-void ERR_load_UI_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(UI_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,UI_str_functs);

-		ERR_load_strings(0,UI_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_lib.c

+++ /dev/null

@@ -1,904 +1,0 @@

-/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include "cryptlib.h"

-#include <openssl/e_os2.h>

-#include <openssl/buffer.h>

-#include <openssl/ui.h>

-#include <openssl/err.h>

-#include "ui_locl.h"

-IMPLEMENT_STACK_OF(UI_STRING_ST)

-static const UI_METHOD *default_UI_meth=NULL;

-UI *UI_new(void)

-	{

-	return(UI_new_method(NULL));

-	}

-UI *UI_new_method(const UI_METHOD *method)

-	{

-	UI *ret;

-	ret=(UI *)OPENSSL_malloc(sizeof(UI));

-	if (ret == NULL)

-		{

-		UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	if (method == NULL)

-		ret->meth=UI_get_default_method();

-	else

-		ret->meth=method;

-	ret->strings=NULL;

-	ret->user_data=NULL;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);

-	return ret;

-	}

-static void free_string(UI_STRING *uis)

-	{

-	if (uis->flags & OUT_STRING_FREEABLE)

-		{

-		OPENSSL_free((char *)uis->out_string);

-		switch(uis->type)

-			{

-		case UIT_BOOLEAN:

-			OPENSSL_free((char *)uis->_.boolean_data.action_desc);

-			OPENSSL_free((char *)uis->_.boolean_data.ok_chars);

-			OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);

-			break;

-		default:

-			break;

-			}

-		}

-	OPENSSL_free(uis);

-	}

-void UI_free(UI *ui)

-	{

-	if (ui == NULL)

-		return;

-	sk_UI_STRING_pop_free(ui->strings,free_string);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);

-	OPENSSL_free(ui);

-	}

-static int allocate_string_stack(UI *ui)

-	{

-	if (ui->strings == NULL)

-		{

-		ui->strings=sk_UI_STRING_new_null();

-		if (ui->strings == NULL)

-			{

-			return -1;

-			}

-		}

-	return 0;

-	}

-static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,

-	int prompt_freeable, enum UI_string_types type, int input_flags,

-	char *result_buf)

-	{

-	UI_STRING *ret = NULL;

-	if (prompt == NULL)

-		{

-		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);

-		}

-	else if ((type == UIT_PROMPT || type == UIT_VERIFY

-			 || type == UIT_BOOLEAN) && result_buf == NULL)

-		{

-		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);

-		}

-	else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))

-		{

-		ret->out_string=prompt;

-		ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;

-		ret->input_flags=input_flags;

-		ret->type=type;

-		ret->result_buf=result_buf;

-		}

-	return ret;

-	}

-static int general_allocate_string(UI *ui, const char *prompt,

-	int prompt_freeable, enum UI_string_types type, int input_flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf)

-	{

-	int ret = -1;

-	UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,

-		type, input_flags, result_buf);

-	if (s)

-		{

-		if (allocate_string_stack(ui) >= 0)

-			{

-			s->_.string_data.result_minsize=minsize;

-			s->_.string_data.result_maxsize=maxsize;

-			s->_.string_data.test_buf=test_buf;

-			ret=sk_UI_STRING_push(ui->strings, s);

-			/* sk_push() returns 0 on error.  Let's addapt that */

-			if (ret <= 0) ret--;

-			}

-		else

-			free_string(s);

-		}

-	return ret;

-	}

-static int general_allocate_boolean(UI *ui,

-	const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int prompt_freeable, enum UI_string_types type, int input_flags,

-	char *result_buf)

-	{

-	int ret = -1;

-	UI_STRING *s;

-	const char *p;

-	if (ok_chars == NULL)

-		{

-		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);

-		}

-	else if (cancel_chars == NULL)

-		{

-		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);

-		}

-	else

-		{

-		for(p = ok_chars; *p; p++)

-			{

-			if (strchr(cancel_chars, *p))

-				{

-				UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,

-					UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);

-				}

-			}

-		s = general_allocate_prompt(ui, prompt, prompt_freeable,

-			type, input_flags, result_buf);

-		if (s)

-			{

-			if (allocate_string_stack(ui) >= 0)

-				{

-				s->_.boolean_data.action_desc = action_desc;

-				s->_.boolean_data.ok_chars = ok_chars;

-				s->_.boolean_data.cancel_chars = cancel_chars;

-				ret=sk_UI_STRING_push(ui->strings, s);

-				/* sk_push() returns 0 on error.

-				   Let's addapt that */

-				if (ret <= 0) ret--;

-				}

-			else

-				free_string(s);

-			}

-		}

-	return ret;

-	}

-/* Returns the index to the place in the stack or -1 for error.  Uses a

-   direct reference to the prompt.  */

-int UI_add_input_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize)

-	{

-	return general_allocate_string(ui, prompt, 0,

-		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);

-	}

-/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */

-int UI_dup_input_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize)

-	{

-	char *prompt_copy=NULL;

-	if (prompt)

-		{

-		prompt_copy=BUF_strdup(prompt);

-		if (prompt_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		}

-	return general_allocate_string(ui, prompt_copy, 1,

-		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);

-	}

-int UI_add_verify_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf)

-	{

-	return general_allocate_string(ui, prompt, 0,

-		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);

-	}

-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,

-	char *result_buf, int minsize, int maxsize, const char *test_buf)

-	{

-	char *prompt_copy=NULL;

-	if (prompt)

-		{

-		prompt_copy=BUF_strdup(prompt);

-		if (prompt_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);

-			return -1;

-			}

-		}

-	return general_allocate_string(ui, prompt_copy, 1,

-		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);

-	}

-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int flags, char *result_buf)

-	{

-	return general_allocate_boolean(ui, prompt, action_desc,

-		ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);

-	}

-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

-	const char *ok_chars, const char *cancel_chars,

-	int flags, char *result_buf)

-	{

-	char *prompt_copy = NULL;

-	char *action_desc_copy = NULL;

-	char *ok_chars_copy = NULL;

-	char *cancel_chars_copy = NULL;

-	if (prompt)

-		{

-		prompt_copy=BUF_strdup(prompt);

-		if (prompt_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	if (action_desc)

-		{

-		action_desc_copy=BUF_strdup(action_desc);

-		if (action_desc_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	if (ok_chars)

-		{

-		ok_chars_copy=BUF_strdup(ok_chars);

-		if (ok_chars_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	if (cancel_chars)

-		{

-		cancel_chars_copy=BUF_strdup(cancel_chars);

-		if (cancel_chars_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,

-		ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,

-		result_buf);

- err:

-	if (prompt_copy) OPENSSL_free(prompt_copy);

-	if (action_desc_copy) OPENSSL_free(action_desc_copy);

-	if (ok_chars_copy) OPENSSL_free(ok_chars_copy);

-	if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);

-	return -1;

-	}

-int UI_add_info_string(UI *ui, const char *text)

-	{

-	return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,

-		NULL);

-	}

-int UI_dup_info_string(UI *ui, const char *text)

-	{

-	char *text_copy=NULL;

-	if (text)

-		{

-		text_copy=BUF_strdup(text);

-		if (text_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);

-			return -1;

-			}

-		}

-	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,

-		0, 0, NULL);

-	}

-int UI_add_error_string(UI *ui, const char *text)

-	{

-	return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,

-		NULL);

-	}

-int UI_dup_error_string(UI *ui, const char *text)

-	{

-	char *text_copy=NULL;

-	if (text)

-		{

-		text_copy=BUF_strdup(text);

-		if (text_copy == NULL)

-			{

-			UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);

-			return -1;

-			}

-		}

-	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,

-		0, 0, NULL);

-	}

-char *UI_construct_prompt(UI *ui, const char *object_desc,

-	const char *object_name)

-	{

-	char *prompt = NULL;

-	if (ui->meth->ui_construct_prompt)

-		prompt = ui->meth->ui_construct_prompt(ui,

-			object_desc, object_name);

-	else

-		{

-		char prompt1[] = "Enter ";

-		char prompt2[] = " for ";

-		char prompt3[] = ":";

-		int len = 0;

-		if (object_desc == NULL)

-			return NULL;

-		len = sizeof(prompt1) - 1 + strlen(object_desc);

-		if (object_name)

-			len += sizeof(prompt2) - 1 + strlen(object_name);

-		len += sizeof(prompt3) - 1;

-		prompt = (char *)OPENSSL_malloc(len + 1);

-		BUF_strlcpy(prompt, prompt1, len + 1);

-		BUF_strlcat(prompt, object_desc, len + 1);

-		if (object_name)

-			{

-			BUF_strlcat(prompt, prompt2, len + 1);

-			BUF_strlcat(prompt, object_name, len + 1);

-			}

-		BUF_strlcat(prompt, prompt3, len + 1);

-		}

-	return prompt;

-	}

-void *UI_add_user_data(UI *ui, void *user_data)

-	{

-	void *old_data = ui->user_data;

-	ui->user_data = user_data;

-	return old_data;

-	}

-void *UI_get0_user_data(UI *ui)

-	{

-	return ui->user_data;

-	}

-const char *UI_get0_result(UI *ui, int i)

-	{

-	if (i < 0)

-		{

-		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);

-		return NULL;

-		}

-	if (i >= sk_UI_STRING_num(ui->strings))

-		{

-		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);

-		return NULL;

-		}

-	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));

-	}

-static int print_error(const char *str, size_t len, UI *ui)

-	{

-	UI_STRING uis;

-	memset(&uis, 0, sizeof(uis));

-	uis.type = UIT_ERROR;

-	uis.out_string = str;

-	if (ui->meth->ui_write_string

-		&& !ui->meth->ui_write_string(ui, &uis))

-		return -1;

-	return 0;

-	}

-int UI_process(UI *ui)

-	{

-	int i, ok=0;

-	if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))

-		return -1;

-	if (ui->flags & UI_FLAG_PRINT_ERRORS)

-		ERR_print_errors_cb(

-			(int (*)(const char *, size_t, void *))print_error,

-			(void *)ui);

-	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)

-		{

-		if (ui->meth->ui_write_string

-			&& !ui->meth->ui_write_string(ui,

-				sk_UI_STRING_value(ui->strings, i)))

-			{

-			ok=-1;

-			goto err;

-			}

-		}

-	if (ui->meth->ui_flush)

-		switch(ui->meth->ui_flush(ui))

-			{

-		case -1: /* Interrupt/Cancel/something... */

-			ok = -2;

-			goto err;

-		case 0: /* Errors */

-			ok = -1;

-			goto err;

-		default: /* Success */

-			ok = 0;

-			break;

-			}

-	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)

-		{

-		if (ui->meth->ui_read_string)

-			{

-			switch(ui->meth->ui_read_string(ui,

-				sk_UI_STRING_value(ui->strings, i)))

-				{

-			case -1: /* Interrupt/Cancel/something... */

-				ok = -2;

-				goto err;

-			case 0: /* Errors */

-				ok = -1;

-				goto err;

-			default: /* Success */

-				ok = 0;

-				break;

-				}

-			}

-		}

- err:

-	if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))

-		return -1;

-	return ok;

-	}

-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void))

-	{

-	if (ui == NULL)

-		{

-		UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-		return -1;

-		}

-	switch(cmd)

-		{

-	case UI_CTRL_PRINT_ERRORS:

-		{

-		int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);

-		if (i)

-			ui->flags |= UI_FLAG_PRINT_ERRORS;

-		else

-			ui->flags &= ~UI_FLAG_PRINT_ERRORS;

-		return save_flag;

-		}

-	case UI_CTRL_IS_REDOABLE:

-		return !!(ui->flags & UI_FLAG_REDOABLE);

-	default:

-		break;

-		}

-	UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);

-	return -1;

-	}

-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-        {

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,

-				new_func, dup_func, free_func);

-        }

-int UI_set_ex_data(UI *r, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));

-	}

-void *UI_get_ex_data(UI *r, int idx)

-	{

-	return(CRYPTO_get_ex_data(&r->ex_data,idx));

-	}

-void UI_set_default_method(const UI_METHOD *meth)

-	{

-	default_UI_meth=meth;

-	}

-const UI_METHOD *UI_get_default_method(void)

-	{

-	if (default_UI_meth == NULL)

-		{

-		default_UI_meth=UI_OpenSSL();

-		}

-	return default_UI_meth;

-	}

-const UI_METHOD *UI_get_method(UI *ui)

-	{

-	return ui->meth;

-	}

-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)

-	{

-	ui->meth=meth;

-	return ui->meth;

-	}

-UI_METHOD *UI_create_method(char *name)

-	{

-	UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));

-	if (ui_method)

-		{

-		memset(ui_method, 0, sizeof(*ui_method));

-		ui_method->name = BUF_strdup(name);

-		}

-	return ui_method;

-	}

-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method

-   (that is, it hasn't been allocated using UI_create_method(), you deserve

-   anything Murphy can throw at you and more!  You have been warned. */

-void UI_destroy_method(UI_METHOD *ui_method)

-	{

-	OPENSSL_free(ui_method->name);

-	ui_method->name = NULL;

-	OPENSSL_free(ui_method);

-	}

-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))

-	{

-	if (method)

-		{

-		method->ui_open_session = opener;

-		return 0;

-		}

-	else

-		return -1;

-	}

-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))

-	{

-	if (method)

-		{

-		method->ui_write_string = writer;

-		return 0;

-		}

-	else

-		return -1;

-	}

-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))

-	{

-	if (method)

-		{

-		method->ui_flush = flusher;

-		return 0;

-		}

-	else

-		return -1;

-	}

-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))

-	{

-	if (method)

-		{

-		method->ui_read_string = reader;

-		return 0;

-		}

-	else

-		return -1;

-	}

-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))

-	{

-	if (method)

-		{

-		method->ui_close_session = closer;

-		return 0;

-		}

-	else

-		return -1;

-	}

-int (*UI_method_get_opener(UI_METHOD *method))(UI*)

-	{

-	if (method)

-		return method->ui_open_session;

-	else

-		return NULL;

-	}

-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)

-	{

-	if (method)

-		return method->ui_write_string;

-	else

-		return NULL;

-	}

-int (*UI_method_get_flusher(UI_METHOD *method))(UI*)

-	{

-	if (method)

-		return method->ui_flush;

-	else

-		return NULL;

-	}

-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)

-	{

-	if (method)

-		return method->ui_read_string;

-	else

-		return NULL;

-	}

-int (*UI_method_get_closer(UI_METHOD *method))(UI*)

-	{

-	if (method)

-		return method->ui_close_session;

-	else

-		return NULL;

-	}

-enum UI_string_types UI_get_string_type(UI_STRING *uis)

-	{

-	if (!uis)

-		return UIT_NONE;

-	return uis->type;

-	}

-int UI_get_input_flags(UI_STRING *uis)

-	{

-	if (!uis)

-		return 0;

-	return uis->input_flags;

-	}

-const char *UI_get0_output_string(UI_STRING *uis)

-	{

-	if (!uis)

-		return NULL;

-	return uis->out_string;

-	}

-const char *UI_get0_action_string(UI_STRING *uis)

-	{

-	if (!uis)

-		return NULL;

-	switch(uis->type)

-		{

-	case UIT_PROMPT:

-	case UIT_BOOLEAN:

-		return uis->_.boolean_data.action_desc;

-	default:

-		return NULL;

-		}

-	}

-const char *UI_get0_result_string(UI_STRING *uis)

-	{

-	if (!uis)

-		return NULL;

-	switch(uis->type)

-		{

-	case UIT_PROMPT:

-	case UIT_VERIFY:

-		return uis->result_buf;

-	default:

-		return NULL;

-		}

-	}

-const char *UI_get0_test_string(UI_STRING *uis)

-	{

-	if (!uis)

-		return NULL;

-	switch(uis->type)

-		{

-	case UIT_VERIFY:

-		return uis->_.string_data.test_buf;

-	default:

-		return NULL;

-		}

-	}

-int UI_get_result_minsize(UI_STRING *uis)

-	{

-	if (!uis)

-		return -1;

-	switch(uis->type)

-		{

-	case UIT_PROMPT:

-	case UIT_VERIFY:

-		return uis->_.string_data.result_minsize;

-	default:

-		return -1;

-		}

-	}

-int UI_get_result_maxsize(UI_STRING *uis)

-	{

-	if (!uis)

-		return -1;

-	switch(uis->type)

-		{

-	case UIT_PROMPT:

-	case UIT_VERIFY:

-		return uis->_.string_data.result_maxsize;

-	default:

-		return -1;

-		}

-	}

-int UI_set_result(UI *ui, UI_STRING *uis, const char *result)

-	{

-	int l = strlen(result);

-	ui->flags &= ~UI_FLAG_REDOABLE;

-	if (!uis)

-		return -1;

-	switch (uis->type)

-		{

-	case UIT_PROMPT:

-	case UIT_VERIFY:

-		{

-		char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];

-		char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];

-		BIO_snprintf(number1, sizeof(number1), "%d",

-			uis->_.string_data.result_minsize);

-		BIO_snprintf(number2, sizeof(number2), "%d",

-			uis->_.string_data.result_maxsize);

-		if (l < uis->_.string_data.result_minsize)

-			{

-			ui->flags |= UI_FLAG_REDOABLE;

-			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);

-			ERR_add_error_data(5,"You must type in ",

-				number1," to ",number2," characters");

-			return -1;

-			}

-		if (l > uis->_.string_data.result_maxsize)

-			{

-			ui->flags |= UI_FLAG_REDOABLE;

-			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);

-			ERR_add_error_data(5,"You must type in ",

-				number1," to ",number2," characters");

-			return -1;

-			}

-		}

-		if (!uis->result_buf)

-			{

-			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);

-			return -1;

-			}

-		BUF_strlcpy(uis->result_buf, result,

-			    uis->_.string_data.result_maxsize + 1);

-		break;

-	case UIT_BOOLEAN:

-		{

-		const char *p;

-		if (!uis->result_buf)

-			{

-			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);

-			return -1;

-			}

-		uis->result_buf[0] = '\0';

-		for(p = result; *p; p++)

-			{

-			if (strchr(uis->_.boolean_data.ok_chars, *p))

-				{

-				uis->result_buf[0] =

-					uis->_.boolean_data.ok_chars[0];

-				break;

-				}

-			if (strchr(uis->_.boolean_data.cancel_chars, *p))

-				{

-				uis->result_buf[0] =

-					uis->_.boolean_data.cancel_chars[0];

-				break;

-				}

-			}

-	default:

-		break;

-		}

-		}

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_locl.h

+++ /dev/null

@@ -1,153 +1,0 @@

-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UI_LOCL_H

-#define HEADER_UI_LOCL_H

-#include <openssl/ui.h>

-#include <openssl/crypto.h>

-#ifdef _

-#undef _

-#endif

-struct ui_method_st

-	{

-	char *name;

-	/* All the functions return 1 or non-NULL for success and 0 or NULL

-	   for failure */

-	/* Open whatever channel for this, be it the console, an X window

-	   or whatever.

-	   This function should use the ex_data structure to save

-	   intermediate data. */

-	int (*ui_open_session)(UI *ui);

-	int (*ui_write_string)(UI *ui, UI_STRING *uis);

-	/* Flush the output.  If a GUI dialog box is used, this function can

-	   be used to actually display it. */

-	int (*ui_flush)(UI *ui);

-	int (*ui_read_string)(UI *ui, UI_STRING *uis);

-	int (*ui_close_session)(UI *ui);

-	/* Construct a prompt in a user-defined manner.  object_desc is a

-	   textual short description of the object, for example "pass phrase",

-	   and object_name is the name of the object (might be a card name or

-	   a file name.

-	   The returned string shall always be allocated on the heap with

-	   OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */

-	char *(*ui_construct_prompt)(UI *ui, const char *object_desc,

-		const char *object_name);

-	};

-struct ui_string_st

-	{

-	enum UI_string_types type; /* Input */

-	const char *out_string;	/* Input */

-	int input_flags;	/* Flags from the user */

-	/* The following parameters are completely irrelevant for UIT_INFO,

-	   and can therefore be set to 0 or NULL */

-	char *result_buf;	/* Input and Output: If not NULL, user-defined

-				   with size in result_maxsize.  Otherwise, it

-				   may be allocated by the UI routine, meaning

-				   result_minsize is going to be overwritten.*/

-	union

-		{

-		struct

-			{

-			int result_minsize;	/* Input: minimum required

-						   size of the result.

-						*/

-			int result_maxsize;	/* Input: maximum permitted

-						   size of the result */

-			const char *test_buf;	/* Input: test string to verify

-						   against */

-			} string_data;

-		struct

-			{

-			const char *action_desc; /* Input */

-			const char *ok_chars; /* Input */

-			const char *cancel_chars; /* Input */

-			} boolean_data;

-		} _;

-#define OUT_STRING_FREEABLE 0x01

-	int flags;		/* flags for internal use */

-	};

-struct ui_st

-	{

-	const UI_METHOD *meth;

-	STACK_OF(UI_STRING) *strings; /* We might want to prompt for more

-					 than one thing at a time, and

-					 with different echoing status.  */

-	void *user_data;

-	CRYPTO_EX_DATA ex_data;

-#define UI_FLAG_REDOABLE	0x0001

-#define UI_FLAG_PRINT_ERRORS	0x0100

-	int flags;

-	};

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_openssl.c

+++ /dev/null

@@ -1,705 +1,0 @@

-/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]) and others

- * for the OpenSSL project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* The lowest level part of this file was previously in crypto/des/read_pwd.c,

- * Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <openssl/e_os2.h>

-/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc

- * [maybe others?], because it masks interfaces not discussed in standard,

- * sigaction and fileno included. -pedantic would be more appropriate for

- * the intended purposes, but we can't prevent users from adding -ansi.

- */

-#define _POSIX_C_SOURCE 1

-#include <signal.h>

-#include <stdio.h>

-#include <string.h>

-#include <errno.h>

-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)

-# ifdef OPENSSL_UNISTD

-#  include OPENSSL_UNISTD

-# else

-#  include <unistd.h>

-# endif

-/* If unistd.h defines _POSIX_VERSION, we conclude that we

- * are on a POSIX system and have sigaction and termios. */

-# if defined(_POSIX_VERSION)

-#  define SIGACTION

-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)

-#   define TERMIOS

-#  endif

-# endif

-#endif

-#ifdef WIN16TTY

-# undef OPENSSL_SYS_WIN16

-# undef WIN16

-# undef _WINDOWS

-# include <graph.h>

-#endif

-/* 06-Apr-92 Luke Brennan    Support for VMS */

-#include "ui_locl.h"

-#include "cryptlib.h"

-#ifdef OPENSSL_SYS_VMS		/* prototypes for sys$whatever */

-# include <starlet.h>

-# ifdef __DECC

-#  pragma message disable DOLLARID

-# endif

-#endif

-#ifdef WIN_CONSOLE_BUG

-# include <windows.h>

-#ifndef OPENSSL_SYS_WINCE

-# include <wincon.h>

-#endif

-#endif

-/* There are 5 types of terminal interface supported,

- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY

- */

-#if defined(__sgi) && !defined(TERMIOS)

-# define TERMIOS

-# undef  TERMIO

-# undef  SGTTY

-#endif

-#if defined(linux) && !defined(TERMIO)

-# undef  TERMIOS

-# define TERMIO

-# undef  SGTTY

-#endif

-#ifdef _LIBC

-# undef  TERMIOS

-# define TERMIO

-# undef  SGTTY

-#endif

-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)

-# undef  TERMIOS

-# undef  TERMIO

-# define SGTTY

-#endif

-#if defined(OPENSSL_SYS_VXWORKS)

-#undef TERMIOS

-#undef TERMIO

-#undef SGTTY

-#endif

-#if defined(OPENSSL_SYS_NETWARE)

-#undef TERMIOS

-#undef TERMIO

-#undef SGTTY

-#endif

-#ifdef TERMIOS

-# include <termios.h>

-# define TTY_STRUCT		struct termios

-# define TTY_FLAGS		c_lflag

-# define TTY_get(tty,data)	tcgetattr(tty,data)

-# define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)

-#endif

-#ifdef TERMIO

-# include <termio.h>

-# define TTY_STRUCT		struct termio

-# define TTY_FLAGS		c_lflag

-# define TTY_get(tty,data)	ioctl(tty,TCGETA,data)

-# define TTY_set(tty,data)	ioctl(tty,TCSETA,data)

-#endif

-#ifdef SGTTY

-# include <sgtty.h>

-# define TTY_STRUCT		struct sgttyb

-# define TTY_FLAGS		sg_flags

-# define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)

-# define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)

-#endif

-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)

-# include <sys/ioctl.h>

-#endif

-#ifdef OPENSSL_SYS_MSDOS

-# include <conio.h>

-#endif

-#ifdef OPENSSL_SYS_VMS

-# include <ssdef.h>

-# include <iodef.h>

-# include <ttdef.h>

-# include <descrip.h>

-struct IOSB {

-	short iosb$w_value;

-	short iosb$w_count;

-	long  iosb$l_info;

-	};

-#endif

-#ifdef OPENSSL_SYS_SUNOS

-	typedef int sig_atomic_t;

-#endif

-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)

-/*

- * This one needs work. As a matter of fact the code is unoperational

- * and this is only a trick to get it compiled.

- *					<[email protected]>

- */

-# define TTY_STRUCT int

-#endif

-#ifndef NX509_SIG

-# define NX509_SIG 32

-#endif

-/* Define globals.  They are protected by a lock */

-#ifdef SIGACTION

-static struct sigaction savsig[NX509_SIG];

-#else

-static void (*savsig[NX509_SIG])(int );

-#endif

-#ifdef OPENSSL_SYS_VMS

-static struct IOSB iosb;

-static $DESCRIPTOR(terminal,"TT");

-static long tty_orig[3], tty_new[3]; /* XXX   Is there any guarantee that this will always suffice for the actual structures? */

-static long status;

-static unsigned short channel = 0;

-#else

-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)

-static TTY_STRUCT tty_orig,tty_new;

-#endif

-#endif

-static FILE *tty_in, *tty_out;

-static int is_a_tty;

-/* Declare static functions */

-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)

-static void read_till_nl(FILE *);

-static void recsig(int);

-static void pushsig(void);

-static void popsig(void);

-#endif

-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)

-static int noecho_fgets(char *buf, int size, FILE *tty);

-#endif

-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);

-static int read_string(UI *ui, UI_STRING *uis);

-static int write_string(UI *ui, UI_STRING *uis);

-static int open_console(UI *ui);

-static int echo_console(UI *ui);

-static int noecho_console(UI *ui);

-static int close_console(UI *ui);

-static UI_METHOD ui_openssl =

-	{

-	"OpenSSL default user interface",

-	open_console,

-	write_string,

-	NULL,			/* No flusher is needed for command lines */

-	read_string,

-	close_console,

-	NULL

-	};

-/* The method with all the built-in thingies */

-UI_METHOD *UI_OpenSSL(void)

-	{

-	return &ui_openssl;

-	}

-/* The following function makes sure that info and error strings are printed

-   before any prompt. */

-static int write_string(UI *ui, UI_STRING *uis)

-	{

-	switch (UI_get_string_type(uis))

-		{

-	case UIT_ERROR:

-	case UIT_INFO:

-		fputs(UI_get0_output_string(uis), tty_out);

-		fflush(tty_out);

-		break;

-	default:

-		break;

-		}

-	return 1;

-	}

-static int read_string(UI *ui, UI_STRING *uis)

-	{

-	int ok = 0;

-	switch (UI_get_string_type(uis))

-		{

-	case UIT_BOOLEAN:

-		fputs(UI_get0_output_string(uis), tty_out);

-		fputs(UI_get0_action_string(uis), tty_out);

-		fflush(tty_out);

-		return read_string_inner(ui, uis,

-			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);

-	case UIT_PROMPT:

-		fputs(UI_get0_output_string(uis), tty_out);

-		fflush(tty_out);

-		return read_string_inner(ui, uis,

-			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);

-	case UIT_VERIFY:

-		fprintf(tty_out,"Verifying - %s",

-			UI_get0_output_string(uis));

-		fflush(tty_out);

-		if ((ok = read_string_inner(ui, uis,

-			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)

-			return ok;

-		if (strcmp(UI_get0_result_string(uis),

-			UI_get0_test_string(uis)) != 0)

-			{

-			fprintf(tty_out,"Verify failure\n");

-			fflush(tty_out);

-			return 0;

-			}

-		break;

-	default:

-		break;

-		}

-	return 1;

-	}

-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)

-/* Internal functions to read a string without echoing */

-static void read_till_nl(FILE *in)

-	{

-#define SIZE 4

-	char buf[SIZE+1];

-	do	{

-		fgets(buf,SIZE,in);

-		} while (strchr(buf,'\n') == NULL);

-	}

-static volatile sig_atomic_t intr_signal;

-#endif

-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)

-	{

-	static int ps;

-	int ok;

-	char result[BUFSIZ];

-	int maxsize = BUFSIZ-1;

-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)

-	char *p;

-	intr_signal=0;

-	ok=0;

-	ps=0;

-	pushsig();

-	ps=1;

-	if (!echo && !noecho_console(ui))

-		goto error;

-	ps=2;

-	result[0]='\0';

-#ifdef OPENSSL_SYS_MSDOS

-	if (!echo)

-		{

-		noecho_fgets(result,maxsize,tty_in);

-		p=result; /* FIXME: noecho_fgets doesn't return errors */

-		}

-	else

-		p=fgets(result,maxsize,tty_in);

-#else

-	p=fgets(result,maxsize,tty_in);

-#endif

-	if(!p)

-		goto error;

-	if (feof(tty_in)) goto error;

-	if (ferror(tty_in)) goto error;

-	if ((p=(char *)strchr(result,'\n')) != NULL)

-		{

-		if (strip_nl)

-			*p='\0';

-		}

-	else

-		read_till_nl(tty_in);

-	if (UI_set_result(ui, uis, result) >= 0)

-		ok=1;

-error:

-	if (intr_signal == SIGINT)

-		ok=-1;

-	if (!echo) fprintf(tty_out,"\n");

-	if (ps >= 2 && !echo && !echo_console(ui))

-		ok=0;

-	if (ps >= 1)

-		popsig();

-#else

-	ok=1;

-#endif

-	OPENSSL_cleanse(result,BUFSIZ);

-	return ok;

-	}

-/* Internal functions to open, handle and close a channel to the console.  */

-static int open_console(UI *ui)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_UI);

-	is_a_tty = 1;

-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)

-	tty_in=stdin;

-	tty_out=stderr;

-#else

-#  ifdef OPENSSL_SYS_MSDOS

-#    define DEV_TTY "con"

-#  else

-#    define DEV_TTY "/dev/tty"

-#  endif

-	if ((tty_in=fopen(DEV_TTY,"r")) == NULL)

-		tty_in=stdin;

-	if ((tty_out=fopen(DEV_TTY,"w")) == NULL)

-		tty_out=stderr;

-#endif

-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)

- 	if (TTY_get(fileno(tty_in),&tty_orig) == -1)

-		{

-#ifdef ENOTTY

-		if (errno == ENOTTY)

-			is_a_tty=0;

-		else

-#endif

-#ifdef EINVAL

-		/* Ariel Glenn [email protected] reports that solaris

-		 * can return EINVAL instead.  This should be ok */

-		if (errno == EINVAL)

-			is_a_tty=0;

-		else

-#endif

-			return 0;

-		}

-#endif

-#ifdef OPENSSL_SYS_VMS

-	status = sys$assign(&terminal,&channel,0,0);

-	if (status != SS$_NORMAL)

-		return 0;

-	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);

-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

-		return 0;

-#endif

-	return 1;

-	}

-static int noecho_console(UI *ui)

-	{

-#ifdef TTY_FLAGS

-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));

-	tty_new.TTY_FLAGS &= ~ECHO;

-#endif

-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)

-	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))

-		return 0;

-#endif

-#ifdef OPENSSL_SYS_VMS

-	tty_new[0] = tty_orig[0];

-	tty_new[1] = tty_orig[1] | TT$M_NOECHO;

-	tty_new[2] = tty_orig[2];

-	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);

-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

-		return 0;

-#endif

-	return 1;

-	}

-static int echo_console(UI *ui)

-	{

-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)

-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));

-	tty_new.TTY_FLAGS |= ECHO;

-#endif

-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)

-	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))

-		return 0;

-#endif

-#ifdef OPENSSL_SYS_VMS

-	tty_new[0] = tty_orig[0];

-	tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;

-	tty_new[2] = tty_orig[2];

-	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);

-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

-		return 0;

-#endif

-	return 1;

-	}

-static int close_console(UI *ui)

-	{

-	if (tty_in != stdin) fclose(tty_in);

-	if (tty_out != stderr) fclose(tty_out);

-#ifdef OPENSSL_SYS_VMS

-	status = sys$dassgn(channel);

-#endif

-	CRYPTO_w_unlock(CRYPTO_LOCK_UI);

-	return 1;

-	}

-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)

-/* Internal functions to handle signals and act on them */

-static void pushsig(void)

-	{

-#ifndef OPENSSL_SYS_WIN32

-	int i;

-#endif

-#ifdef SIGACTION

-	struct sigaction sa;

-	memset(&sa,0,sizeof sa);

-	sa.sa_handler=recsig;

-#endif

-#ifdef OPENSSL_SYS_WIN32

-	savsig[SIGABRT]=signal(SIGABRT,recsig);

-	savsig[SIGFPE]=signal(SIGFPE,recsig);

-	savsig[SIGILL]=signal(SIGILL,recsig);

-	savsig[SIGINT]=signal(SIGINT,recsig);

-	savsig[SIGSEGV]=signal(SIGSEGV,recsig);

-	savsig[SIGTERM]=signal(SIGTERM,recsig);

-#else

-	for (i=1; i<NX509_SIG; i++)

-		{

-#ifdef SIGUSR1

-		if (i == SIGUSR1)

-			continue;

-#endif

-#ifdef SIGUSR2

-		if (i == SIGUSR2)

-			continue;

-#endif

-#ifdef SIGKILL

-		if (i == SIGKILL) /* We can't make any action on that. */

-			continue;

-#endif

-#ifdef SIGACTION

-		sigaction(i,&sa,&savsig[i]);

-#else

-		savsig[i]=signal(i,recsig);

-#endif

-		}

-#endif

-#ifdef SIGWINCH

-	signal(SIGWINCH,SIG_DFL);

-#endif

-	}

-static void popsig(void)

-	{

-#ifdef OPENSSL_SYS_WIN32

-	signal(SIGABRT,savsig[SIGABRT]);

-	signal(SIGFPE,savsig[SIGFPE]);

-	signal(SIGILL,savsig[SIGILL]);

-	signal(SIGINT,savsig[SIGINT]);

-	signal(SIGSEGV,savsig[SIGSEGV]);

-	signal(SIGTERM,savsig[SIGTERM]);

-#else

-	int i;

-	for (i=1; i<NX509_SIG; i++)

-		{

-#ifdef SIGUSR1

-		if (i == SIGUSR1)

-			continue;

-#endif

-#ifdef SIGUSR2

-		if (i == SIGUSR2)

-			continue;

-#endif

-#ifdef SIGACTION

-		sigaction(i,&savsig[i],NULL);

-#else

-		signal(i,savsig[i]);

-#endif

-		}

-#endif

-	}

-static void recsig(int i)

-	{

-	intr_signal=i;

-	}

-#endif

-/* Internal functions specific for Windows */

-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)

-static int noecho_fgets(char *buf, int size, FILE *tty)

-	{

-	int i;

-	char *p;

-	p=buf;

-	for (;;)

-		{

-		if (size == 0)

-			{

-			*p='\0';

-			break;

-			}

-		size--;

-#ifdef WIN16TTY

-		i=_inchar();

-#else

-		i=getch();

-#endif

-		if (i == '\r') i='\n';

-		*(p++)=i;

-		if (i == '\n')

-			{

-			*p='\0';

-			break;

-			}

-		}

-#ifdef WIN_CONSOLE_BUG

-/* Win95 has several evil console bugs: one of these is that the

- * last character read using getch() is passed to the next read: this is

- * usually a CR so this can be trouble. No STDIO fix seems to work but

- * flushing the console appears to do the trick.

- */

-		{

-			HANDLE inh;

-			inh = GetStdHandle(STD_INPUT_HANDLE);

-			FlushConsoleInputBuffer(inh);

-		}

-#endif

-	return(strlen(buf));

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/ui/ui_util.c

+++ /dev/null

@@ -1,91 +1,0 @@

-/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <string.h>

-#include "ui_locl.h"

-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)

-	{

-	char buff[BUFSIZ];

-	int ret;

-	ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);

-	OPENSSL_cleanse(buff,BUFSIZ);

-	return(ret);

-	}

-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)

-	{

-	int ok = 0;

-	UI *ui;

-	if (size < 1)

-		return -1;

-	ui = UI_new();

-	if (ui)

-		{

-		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);

-		if (ok >= 0 && verify)

-			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,

-				buf);

-		if (ok >= 0)

-			ok=UI_process(ui);

-		UI_free(ui);

-		}

-	if (ok > 0)

-		ok = 0;

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/uid.c

+++ /dev/null

@@ -1,89 +1,0 @@

-/* crypto/uid.c */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/crypto.h>

-#include <openssl/opensslconf.h>

-#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)

-#include OPENSSL_UNISTD

-int OPENSSL_issetugid(void)

-	{

-	return issetugid();

-	}

-#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)

-int OPENSSL_issetugid(void)

-	{

-	return 0;

-	}

-#else

-#include OPENSSL_UNISTD

-#include <sys/types.h>

-int OPENSSL_issetugid(void)

-	{

-	if (getuid() != geteuid()) return 1;

-	if (getgid() != getegid()) return 1;

-	return 0;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x509/Makefile

+++ /dev/null

@@ -1,406 +1,0 @@

-#

-# OpenSSL/crypto/x509/Makefile

-#

-DIR=	x509

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \

-	x509_obj.c x509_req.c x509spki.c x509_vfy.c \

-	x509_set.c x509cset.c x509rset.c x509_err.c \

-	x509name.c x509_v3.c x509_ext.c x509_att.c \

-	x509type.c x509_lu.c x_all.c x509_txt.c \

-	x509_trs.c by_file.c by_dir.c x509_vpm.c

-LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \

-	x509_obj.o x509_req.o x509spki.o x509_vfy.o \

-	x509_set.o x509cset.o x509rset.o x509_err.o \

-	x509name.o x509_v3.o x509_ext.o x509_att.o \

-	x509type.o x509_lu.o x_all.o x509_txt.o \

-	x509_trs.o by_file.o by_dir.o x509_vpm.o

-SRC= $(LIBSRC)

-EXHEADER= x509.h x509_vfy.h

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-by_dir.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c

-by_file.o: ../../e_os.h ../../include/openssl/asn1.h

-by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h

-by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h

-by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-by_file.o: ../cryptlib.h by_file.c

-x509_att.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_att.o: ../cryptlib.h x509_att.c

-x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_cmp.o: ../cryptlib.h x509_cmp.c

-x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-x509_d2.o: ../cryptlib.h x509_d2.c

-x509_def.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509_def.o: ../../include/openssl/opensslconf.h

-x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_def.c

-x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_err.o: ../../include/openssl/x509_vfy.h x509_err.c

-x509_ext.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_ext.o: ../cryptlib.h x509_ext.c

-x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_lu.o: ../cryptlib.h x509_lu.c

-x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509_obj.o: ../../include/openssl/opensslconf.h

-x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_obj.c

-x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c

-x509_req.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

-x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h

-x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_req.c

-x509_set.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509_set.o: ../../include/openssl/opensslconf.h

-x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_set.c

-x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_trs.o: ../cryptlib.h x509_trs.c

-x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509_txt.o: ../../include/openssl/opensslconf.h

-x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_txt.c

-x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_v3.o: ../cryptlib.h x509_v3.c

-x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_vfy.o: ../cryptlib.h x509_vfy.c

-x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h

-x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509_vpm.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509_vpm.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-x509_vpm.o: ../cryptlib.h x509_vpm.c

-x509cset.o: ../../e_os.h ../../include/openssl/asn1.h

-x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509cset.o: ../../include/openssl/opensslconf.h

-x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509cset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509cset.c

-x509name.o: ../../e_os.h ../../include/openssl/asn1.h

-x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509name.o: ../../include/openssl/opensslconf.h

-x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509name.c

-x509rset.o: ../../e_os.h ../../include/openssl/asn1.h

-x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509rset.o: ../../include/openssl/opensslconf.h

-x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509rset.c

-x509spki.o: ../../e_os.h ../../include/openssl/asn1.h

-x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509spki.o: ../../include/openssl/opensslconf.h

-x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509spki.c

-x509type.o: ../../e_os.h ../../include/openssl/asn1.h

-x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x509type.o: ../../include/openssl/opensslconf.h

-x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.c

-x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

-x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h

-x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

-x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c

--- a/sys/src/ape/lib/openssl/crypto/x509/by_dir.c

+++ /dev/null

@@ -1,382 +1,0 @@

-/* crypto/x509/by_dir.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include <errno.h>

-#include "cryptlib.h"

-#ifndef NO_SYS_TYPES_H

-# include <sys/types.h>

-#endif

-#ifdef MAC_OS_pre_X

-# include <stat.h>

-#else

-# include <sys/stat.h>

-#endif

-#include <openssl/lhash.h>

-#include <openssl/x509.h>

-typedef struct lookup_dir_st

-	{

-	BUF_MEM *buffer;

-	int num_dirs;

-	char **dirs;

-	int *dirs_type;

-	int num_dirs_alloced;

-	} BY_DIR;

-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,

-	char **ret);

-static int new_dir(X509_LOOKUP *lu);

-static void free_dir(X509_LOOKUP *lu);

-static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);

-static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,

-	X509_OBJECT *ret);

-X509_LOOKUP_METHOD x509_dir_lookup=

-	{

-	"Load certs from files in a directory",

-	new_dir,		/* new */

-	free_dir,		/* free */

-	NULL, 			/* init */

-	NULL,			/* shutdown */

-	dir_ctrl,		/* ctrl */

-	get_cert_by_subject,	/* get_by_subject */

-	NULL,			/* get_by_issuer_serial */

-	NULL,			/* get_by_fingerprint */

-	NULL,			/* get_by_alias */

-	};

-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)

-	{

-	return(&x509_dir_lookup);

-	}

-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,

-	     char **retp)

-	{

-	int ret=0;

-	BY_DIR *ld;

-	char *dir = NULL;

-	ld=(BY_DIR *)ctx->method_data;

-	switch (cmd)

-		{

-	case X509_L_ADD_DIR:

-		if (argl == X509_FILETYPE_DEFAULT)

-			{

-			dir=(char *)Getenv(X509_get_default_cert_dir_env());

-			if (dir)

-				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);

-			else

-				ret=add_cert_dir(ld,X509_get_default_cert_dir(),

-					X509_FILETYPE_PEM);

-			if (!ret)

-				{

-				X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);

-				}

-			}

-		else

-			ret=add_cert_dir(ld,argp,(int)argl);

-		break;

-		}

-	return(ret);

-	}

-static int new_dir(X509_LOOKUP *lu)

-	{

-	BY_DIR *a;

-	if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)

-		return(0);

-	if ((a->buffer=BUF_MEM_new()) == NULL)

-		{

-		OPENSSL_free(a);

-		return(0);

-		}

-	a->num_dirs=0;

-	a->dirs=NULL;

-	a->dirs_type=NULL;

-	a->num_dirs_alloced=0;

-	lu->method_data=(char *)a;

-	return(1);

-	}

-static void free_dir(X509_LOOKUP *lu)

-	{

-	BY_DIR *a;

-	int i;

-	a=(BY_DIR *)lu->method_data;

-	for (i=0; i<a->num_dirs; i++)

-		if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);

-	if (a->dirs != NULL) OPENSSL_free(a->dirs);

-	if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);

-	if (a->buffer != NULL) BUF_MEM_free(a->buffer);

-	OPENSSL_free(a);

-	}

-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)

-	{

-	int j,len;

-	int *ip;

-	const char *s,*ss,*p;

-	char **pp;

-	if (dir == NULL || !*dir)

-	    {

-	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);

-	    return 0;

-	    }

-	s=dir;

-	p=s;

-	for (;;p++)

-		{

-		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))

-			{

-			ss=s;

-			s=p+1;

-			len=(int)(p-ss);

-			if (len == 0) continue;

-			for (j=0; j<ctx->num_dirs; j++)

-				if (strlen(ctx->dirs[j]) == (size_t)len &&

-				    strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)

-					break;

-			if (j<ctx->num_dirs)

-				continue;

-			if (ctx->num_dirs_alloced < (ctx->num_dirs+1))

-				{

-				ctx->num_dirs_alloced+=10;

-				pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*

-					sizeof(char *));

-				ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*

-					sizeof(int));

-				if ((pp == NULL) || (ip == NULL))

-					{

-					X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);

-					return(0);

-					}

-				memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*

-					sizeof(char *));

-				memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*

-					sizeof(int));

-				if (ctx->dirs != NULL)

-					OPENSSL_free(ctx->dirs);

-				if (ctx->dirs_type != NULL)

-					OPENSSL_free(ctx->dirs_type);

-				ctx->dirs=pp;

-				ctx->dirs_type=ip;

-				}

-			ctx->dirs_type[ctx->num_dirs]=type;

-			ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);

-			if (ctx->dirs[ctx->num_dirs] == NULL) return(0);

-			strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);

-			ctx->dirs[ctx->num_dirs][len]='\0';

-			ctx->num_dirs++;

-			}

-		if (*p == '\0') break;

-		}

-	return(1);

-	}

-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,

-	     X509_OBJECT *ret)

-	{

-	BY_DIR *ctx;

-	union	{

-		struct	{

-			X509 st_x509;

-			X509_CINF st_x509_cinf;

-			} x509;

-		struct	{

-			X509_CRL st_crl;

-			X509_CRL_INFO st_crl_info;

-			} crl;

-		} data;

-	int ok=0;

-	int i,j,k;

-	unsigned long h;

-	BUF_MEM *b=NULL;

-	struct stat st;

-	X509_OBJECT stmp,*tmp;

-	const char *postfix="";

-	if (name == NULL) return(0);

-	stmp.type=type;

-	if (type == X509_LU_X509)

-		{

-		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;

-		data.x509.st_x509_cinf.subject=name;

-		stmp.data.x509= &data.x509.st_x509;

-		postfix="";

-		}

-	else if (type == X509_LU_CRL)

-		{

-		data.crl.st_crl.crl= &data.crl.st_crl_info;

-		data.crl.st_crl_info.issuer=name;

-		stmp.data.crl= &data.crl.st_crl;

-		postfix="r";

-		}

-	else

-		{

-		X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);

-		goto finish;

-		}

-	if ((b=BUF_MEM_new()) == NULL)

-		{

-		X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);

-		goto finish;

-		}

-	ctx=(BY_DIR *)xl->method_data;

-	h=X509_NAME_hash(name);

-	for (i=0; i<ctx->num_dirs; i++)

-		{

-		j=strlen(ctx->dirs[i])+1+8+6+1+1;

-		if (!BUF_MEM_grow(b,j))

-			{

-			X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);

-			goto finish;

-			}

-		k=0;

-		for (;;)

-			{

-			char c = '/';

-#ifdef OPENSSL_SYS_VMS

-			c = ctx->dirs[i][strlen(ctx->dirs[i])-1];

-			if (c != ':' && c != '>' && c != ']')

-				{

-				/* If no separator is present, we assume the

-				   directory specifier is a logical name, and

-				   add a colon.  We really should use better

-				   VMS routines for merging things like this,

-				   but this will do for now...

-				   -- Richard Levitte */

-				c = ':';

-				}

-			else

-				{

-				c = '\0';

-				}

-#endif

-			if (c == '\0')

-				{

-				/* This is special.  When c == '\0', no

-				   directory separator should be added. */

-				BIO_snprintf(b->data,b->max,

-					"%s%08lx.%s%d",ctx->dirs[i],h,

-					postfix,k);

-				}

-			else

-				{

-				BIO_snprintf(b->data,b->max,

-					"%s%c%08lx.%s%d",ctx->dirs[i],c,h,

-					postfix,k);

-				}

-			k++;

-			if (stat(b->data,&st) < 0)

-				break;

-			/* found one. */

-			if (type == X509_LU_X509)

-				{

-				if ((X509_load_cert_file(xl,b->data,

-					ctx->dirs_type[i])) == 0)

-					break;

-				}

-			else if (type == X509_LU_CRL)

-				{

-				if ((X509_load_crl_file(xl,b->data,

-					ctx->dirs_type[i])) == 0)

-					break;

-				}

-			/* else case will caught higher up */

-			}

-		/* we have added it to the cache so now pull

-		 * it out again */

-		CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);

-		j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);

-		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);

-		else tmp = NULL;

-		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);

-		if (tmp != NULL)

-			{

-			ok=1;

-			ret->type=tmp->type;

-			memcpy(&ret->data,&tmp->data,sizeof(ret->data));

-			/* If we were going to up the reference count,

-			 * we would need to do it on a perl 'type'

-			 * basis */

-	/*		CRYPTO_add(&tmp->data.x509->references,1,

-				CRYPTO_LOCK_X509);*/

-			goto finish;

-			}

-		}

-finish:

-	if (b != NULL) BUF_MEM_free(b);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/by_file.c

+++ /dev/null

@@ -1,300 +1,0 @@

-/* crypto/x509/by_file.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/buffer.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#ifndef OPENSSL_NO_STDIO

-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,

-	long argl, char **ret);

-X509_LOOKUP_METHOD x509_file_lookup=

-	{

-	"Load file into cache",

-	NULL,		/* new */

-	NULL,		/* free */

-	NULL, 		/* init */

-	NULL,		/* shutdown */

-	by_file_ctrl,	/* ctrl */

-	NULL,		/* get_by_subject */

-	NULL,		/* get_by_issuer_serial */

-	NULL,		/* get_by_fingerprint */

-	NULL,		/* get_by_alias */

-	};

-X509_LOOKUP_METHOD *X509_LOOKUP_file(void)

-	{

-	return(&x509_file_lookup);

-	}

-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,

-	     char **ret)

-	{

-	int ok=0;

-	char *file;

-	switch (cmd)

-		{

-	case X509_L_FILE_LOAD:

-		if (argl == X509_FILETYPE_DEFAULT)

-			{

-			file = (char *)Getenv(X509_get_default_cert_file_env());

-			if (file)

-				ok = (X509_load_cert_crl_file(ctx,file,

-					      X509_FILETYPE_PEM) != 0);

-			else

-				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),

-					      X509_FILETYPE_PEM) != 0);

-			if (!ok)

-				{

-				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);

-				}

-			}

-		else

-			{

-			if(argl == X509_FILETYPE_PEM)

-				ok = (X509_load_cert_crl_file(ctx,argp,

-					X509_FILETYPE_PEM) != 0);

-			else

-				ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);

-			}

-		break;

-		}

-	return(ok);

-	}

-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)

-	{

-	int ret=0;

-	BIO *in=NULL;

-	int i,count=0;

-	X509 *x=NULL;

-	if (file == NULL) return(1);

-	in=BIO_new(BIO_s_file_internal());

-	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))

-		{

-		X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);

-		goto err;

-		}

-	if (type == X509_FILETYPE_PEM)

-		{

-		for (;;)

-			{

-			x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);

-			if (x == NULL)

-				{

-				if ((ERR_GET_REASON(ERR_peek_last_error()) ==

-					PEM_R_NO_START_LINE) && (count > 0))

-					{

-					ERR_clear_error();

-					break;

-					}

-				else

-					{

-					X509err(X509_F_X509_LOAD_CERT_FILE,

-						ERR_R_PEM_LIB);

-					goto err;

-					}

-				}

-			i=X509_STORE_add_cert(ctx->store_ctx,x);

-			if (!i) goto err;

-			count++;

-			X509_free(x);

-			x=NULL;

-			}

-		ret=count;

-		}

-	else if (type == X509_FILETYPE_ASN1)

-		{

-		x=d2i_X509_bio(in,NULL);

-		if (x == NULL)

-			{

-			X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		i=X509_STORE_add_cert(ctx->store_ctx,x);

-		if (!i) goto err;

-		ret=i;

-		}

-	else

-		{

-		X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);

-		goto err;

-		}

-err:

-	if (x != NULL) X509_free(x);

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)

-	{

-	int ret=0;

-	BIO *in=NULL;

-	int i,count=0;

-	X509_CRL *x=NULL;

-	if (file == NULL) return(1);

-	in=BIO_new(BIO_s_file_internal());

-	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))

-		{

-		X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);

-		goto err;

-		}

-	if (type == X509_FILETYPE_PEM)

-		{

-		for (;;)

-			{

-			x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);

-			if (x == NULL)

-				{

-				if ((ERR_GET_REASON(ERR_peek_last_error()) ==

-					PEM_R_NO_START_LINE) && (count > 0))

-					{

-					ERR_clear_error();

-					break;

-					}

-				else

-					{

-					X509err(X509_F_X509_LOAD_CRL_FILE,

-						ERR_R_PEM_LIB);

-					goto err;

-					}

-				}

-			i=X509_STORE_add_crl(ctx->store_ctx,x);

-			if (!i) goto err;

-			count++;

-			X509_CRL_free(x);

-			x=NULL;

-			}

-		ret=count;

-		}

-	else if (type == X509_FILETYPE_ASN1)

-		{

-		x=d2i_X509_CRL_bio(in,NULL);

-		if (x == NULL)

-			{

-			X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		i=X509_STORE_add_crl(ctx->store_ctx,x);

-		if (!i) goto err;

-		ret=i;

-		}

-	else

-		{

-		X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);

-		goto err;

-		}

-err:

-	if (x != NULL) X509_CRL_free(x);

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)

-{

-	STACK_OF(X509_INFO) *inf;

-	X509_INFO *itmp;

-	BIO *in;

-	int i, count = 0;

-	if(type != X509_FILETYPE_PEM)

-		return X509_load_cert_file(ctx, file, type);

-	in = BIO_new_file(file, "r");

-	if(!in) {

-		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);

-		return 0;

-	}

-	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);

-	BIO_free(in);

-	if(!inf) {

-		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);

-		return 0;

-	}

-	for(i = 0; i < sk_X509_INFO_num(inf); i++) {

-		itmp = sk_X509_INFO_value(inf, i);

-		if(itmp->x509) {

-			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);

-			count++;

-		}

-		if(itmp->crl) {

-			X509_STORE_add_crl(ctx->store_ctx, itmp->crl);

-			count++;

-		}

-	}

-	sk_X509_INFO_pop_free(inf, X509_INFO_free);

-	return count;

-}

-#endif /* OPENSSL_NO_STDIO */

--- a/sys/src/ape/lib/openssl/crypto/x509/x509.h

+++ /dev/null

@@ -1,1344 +1,0 @@

-/* crypto/x509/x509.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECDH support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_X509_H

-#define HEADER_X509_H

-#include <openssl/e_os2.h>

-#include <openssl/symhacks.h>

-#ifndef OPENSSL_NO_BUFFER

-#include <openssl/buffer.h>

-#endif

-#ifndef OPENSSL_NO_EVP

-#include <openssl/evp.h>

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#include <openssl/stack.h>

-#include <openssl/asn1.h>

-#include <openssl/safestack.h>

-#ifndef OPENSSL_NO_EC

-#include <openssl/ec.h>

-#endif

-#ifndef OPENSSL_NO_ECDSA

-#include <openssl/ecdsa.h>

-#endif

-#ifndef OPENSSL_NO_ECDH

-#include <openssl/ecdh.h>

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#endif

-#ifndef OPENSSL_NO_SHA

-#include <openssl/sha.h>

-#endif

-#include <openssl/ossl_typ.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef OPENSSL_SYS_WIN32

-/* Under Win32 these are defined in wincrypt.h */

-#undef X509_NAME

-#undef X509_CERT_PAIR

-#endif

-#define X509_FILETYPE_PEM	1

-#define X509_FILETYPE_ASN1	2

-#define X509_FILETYPE_DEFAULT	3

-#define X509v3_KU_DIGITAL_SIGNATURE	0x0080

-#define X509v3_KU_NON_REPUDIATION	0x0040

-#define X509v3_KU_KEY_ENCIPHERMENT	0x0020

-#define X509v3_KU_DATA_ENCIPHERMENT	0x0010

-#define X509v3_KU_KEY_AGREEMENT		0x0008

-#define X509v3_KU_KEY_CERT_SIGN		0x0004

-#define X509v3_KU_CRL_SIGN		0x0002

-#define X509v3_KU_ENCIPHER_ONLY		0x0001

-#define X509v3_KU_DECIPHER_ONLY		0x8000

-#define X509v3_KU_UNDEF			0xffff

-typedef struct X509_objects_st

-	{

-	int nid;

-	int (*a2i)(void);

-	int (*i2a)(void);

-	} X509_OBJECTS;

-struct X509_algor_st

-	{

-	ASN1_OBJECT *algorithm;

-	ASN1_TYPE *parameter;

-	} /* X509_ALGOR */;

-DECLARE_STACK_OF(X509_ALGOR)

-DECLARE_ASN1_SET_OF(X509_ALGOR)

-typedef struct X509_val_st

-	{

-	ASN1_TIME *notBefore;

-	ASN1_TIME *notAfter;

-	} X509_VAL;

-typedef struct X509_pubkey_st

-	{

-	X509_ALGOR *algor;

-	ASN1_BIT_STRING *public_key;

-	EVP_PKEY *pkey;

-	} X509_PUBKEY;

-typedef struct X509_sig_st

-	{

-	X509_ALGOR *algor;

-	ASN1_OCTET_STRING *digest;

-	} X509_SIG;

-typedef struct X509_name_entry_st

-	{

-	ASN1_OBJECT *object;

-	ASN1_STRING *value;

-	int set;

-	int size; 	/* temp variable */

-	} X509_NAME_ENTRY;

-DECLARE_STACK_OF(X509_NAME_ENTRY)

-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)

-/* we always keep X509_NAMEs in 2 forms. */

-struct X509_name_st

-	{

-	STACK_OF(X509_NAME_ENTRY) *entries;

-	int modified;	/* true if 'bytes' needs to be built */

-#ifndef OPENSSL_NO_BUFFER

-	BUF_MEM *bytes;

-#else

-	char *bytes;

-#endif

-	unsigned long hash; /* Keep the hash around for lookups */

-	} /* X509_NAME */;

-DECLARE_STACK_OF(X509_NAME)

-#define X509_EX_V_NETSCAPE_HACK		0x8000

-#define X509_EX_V_INIT			0x0001

-typedef struct X509_extension_st

-	{

-	ASN1_OBJECT *object;

-	ASN1_BOOLEAN critical;

-	ASN1_OCTET_STRING *value;

-	} X509_EXTENSION;

-DECLARE_STACK_OF(X509_EXTENSION)

-DECLARE_ASN1_SET_OF(X509_EXTENSION)

-/* a sequence of these are used */

-typedef struct x509_attributes_st

-	{

-	ASN1_OBJECT *object;

-	int single; /* 0 for a set, 1 for a single item (which is wrong) */

-	union	{

-		char		*ptr;

-/* 0 */		STACK_OF(ASN1_TYPE) *set;

-/* 1 */		ASN1_TYPE	*single;

-		} value;

-	} X509_ATTRIBUTE;

-DECLARE_STACK_OF(X509_ATTRIBUTE)

-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)

-typedef struct X509_req_info_st

-	{

-	ASN1_ENCODING enc;

-	ASN1_INTEGER *version;

-	X509_NAME *subject;

-	X509_PUBKEY *pubkey;

-	/*  d=2 hl=2 l=  0 cons: cont: 00 */

-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */

-	} X509_REQ_INFO;

-typedef struct X509_req_st

-	{

-	X509_REQ_INFO *req_info;

-	X509_ALGOR *sig_alg;

-	ASN1_BIT_STRING *signature;

-	int references;

-	} X509_REQ;

-typedef struct x509_cinf_st

-	{

-	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */

-	ASN1_INTEGER *serialNumber;

-	X509_ALGOR *signature;

-	X509_NAME *issuer;

-	X509_VAL *validity;

-	X509_NAME *subject;

-	X509_PUBKEY *key;

-	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */

-	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */

-	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */

-	} X509_CINF;

-/* This stuff is certificate "auxiliary info"

- * it contains details which are useful in certificate

- * stores and databases. When used this is tagged onto

- * the end of the certificate itself

- */

-typedef struct x509_cert_aux_st

-	{

-	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */

-	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */

-	ASN1_UTF8STRING *alias;			/* "friendly name" */

-	ASN1_OCTET_STRING *keyid;		/* key id of private key */

-	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */

-	} X509_CERT_AUX;

-struct x509_st

-	{

-	X509_CINF *cert_info;

-	X509_ALGOR *sig_alg;

-	ASN1_BIT_STRING *signature;

-	int valid;

-	int references;

-	char *name;

-	CRYPTO_EX_DATA ex_data;

-	/* These contain copies of various extension values */

-	long ex_pathlen;

-	long ex_pcpathlen;

-	unsigned long ex_flags;

-	unsigned long ex_kusage;

-	unsigned long ex_xkusage;

-	unsigned long ex_nscert;

-	ASN1_OCTET_STRING *skid;

-	struct AUTHORITY_KEYID_st *akid;

-	X509_POLICY_CACHE *policy_cache;

-#ifndef OPENSSL_NO_RFC3779

-	STACK_OF(IPAddressFamily) *rfc3779_addr;

-	struct ASIdentifiers_st *rfc3779_asid;

-#endif

-#ifndef OPENSSL_NO_SHA

-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];

-#endif

-	X509_CERT_AUX *aux;

-	} /* X509 */;

-DECLARE_STACK_OF(X509)

-DECLARE_ASN1_SET_OF(X509)

-/* This is used for a table of trust checking functions */

-typedef struct x509_trust_st {

-	int trust;

-	int flags;

-	int (*check_trust)(struct x509_trust_st *, X509 *, int);

-	char *name;

-	int arg1;

-	void *arg2;

-} X509_TRUST;

-DECLARE_STACK_OF(X509_TRUST)

-typedef struct x509_cert_pair_st {

-	X509 *forward;

-	X509 *reverse;

-} X509_CERT_PAIR;

-/* standard trust ids */

-#define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */

-#define X509_TRUST_COMPAT	1

-#define X509_TRUST_SSL_CLIENT	2

-#define X509_TRUST_SSL_SERVER	3

-#define X509_TRUST_EMAIL	4

-#define X509_TRUST_OBJECT_SIGN	5

-#define X509_TRUST_OCSP_SIGN	6

-#define X509_TRUST_OCSP_REQUEST	7

-/* Keep these up to date! */

-#define X509_TRUST_MIN		1

-#define X509_TRUST_MAX		7

-/* trust_flags values */

-#define	X509_TRUST_DYNAMIC 	1

-#define	X509_TRUST_DYNAMIC_NAME	2

-/* check_trust return codes */

-#define X509_TRUST_TRUSTED	1

-#define X509_TRUST_REJECTED	2

-#define X509_TRUST_UNTRUSTED	3

-/* Flags for X509_print_ex() */

-#define	X509_FLAG_COMPAT		0

-#define	X509_FLAG_NO_HEADER		1L

-#define	X509_FLAG_NO_VERSION		(1L << 1)

-#define	X509_FLAG_NO_SERIAL		(1L << 2)

-#define	X509_FLAG_NO_SIGNAME		(1L << 3)

-#define	X509_FLAG_NO_ISSUER		(1L << 4)

-#define	X509_FLAG_NO_VALIDITY		(1L << 5)

-#define	X509_FLAG_NO_SUBJECT		(1L << 6)

-#define	X509_FLAG_NO_PUBKEY		(1L << 7)

-#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)

-#define	X509_FLAG_NO_SIGDUMP		(1L << 9)

-#define	X509_FLAG_NO_AUX		(1L << 10)

-#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)

-/* Flags specific to X509_NAME_print_ex() */

-/* The field separator information */

-#define XN_FLAG_SEP_MASK	(0xf << 16)

-#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */

-#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */

-#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */

-#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */

-#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */

-#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */

-/* How the field name is shown */

-#define XN_FLAG_FN_MASK		(0x3 << 21)

-#define XN_FLAG_FN_SN		0		/* Object short name */

-#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */

-#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */

-#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */

-#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */

-/* This determines if we dump fields we don't recognise:

- * RFC2253 requires this.

- */

-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)

-#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */

-/* Complete set of RFC2253 flags */

-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \

-			XN_FLAG_SEP_COMMA_PLUS | \

-			XN_FLAG_DN_REV | \

-			XN_FLAG_FN_SN | \

-			XN_FLAG_DUMP_UNKNOWN_FIELDS)

-/* readable oneline form */

-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \

-			ASN1_STRFLGS_ESC_QUOTE | \

-			XN_FLAG_SEP_CPLUS_SPC | \

-			XN_FLAG_SPC_EQ | \

-			XN_FLAG_FN_SN)

-/* readable multiline form */

-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \

-			ASN1_STRFLGS_ESC_MSB | \

-			XN_FLAG_SEP_MULTILINE | \

-			XN_FLAG_SPC_EQ | \

-			XN_FLAG_FN_LN | \

-			XN_FLAG_FN_ALIGN)

-typedef struct X509_revoked_st

-	{

-	ASN1_INTEGER *serialNumber;

-	ASN1_TIME *revocationDate;

-	STACK_OF(X509_EXTENSION) /* optional */ *extensions;

-	int sequence; /* load sequence */

-	} X509_REVOKED;

-DECLARE_STACK_OF(X509_REVOKED)

-DECLARE_ASN1_SET_OF(X509_REVOKED)

-typedef struct X509_crl_info_st

-	{

-	ASN1_INTEGER *version;

-	X509_ALGOR *sig_alg;

-	X509_NAME *issuer;

-	ASN1_TIME *lastUpdate;

-	ASN1_TIME *nextUpdate;

-	STACK_OF(X509_REVOKED) *revoked;

-	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;

-	ASN1_ENCODING enc;

-	} X509_CRL_INFO;

-struct X509_crl_st

-	{

-	/* actual signature */

-	X509_CRL_INFO *crl;

-	X509_ALGOR *sig_alg;

-	ASN1_BIT_STRING *signature;

-	int references;

-	} /* X509_CRL */;

-DECLARE_STACK_OF(X509_CRL)

-DECLARE_ASN1_SET_OF(X509_CRL)

-typedef struct private_key_st

-	{

-	int version;

-	/* The PKCS#8 data types */

-	X509_ALGOR *enc_algor;

-	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */

-	/* When decrypted, the following will not be NULL */

-	EVP_PKEY *dec_pkey;

-	/* used to encrypt and decrypt */

-	int key_length;

-	char *key_data;

-	int key_free;	/* true if we should auto free key_data */

-	/* expanded version of 'enc_algor' */

-	EVP_CIPHER_INFO cipher;

-	int references;

-	} X509_PKEY;

-#ifndef OPENSSL_NO_EVP

-typedef struct X509_info_st

-	{

-	X509 *x509;

-	X509_CRL *crl;

-	X509_PKEY *x_pkey;

-	EVP_CIPHER_INFO enc_cipher;

-	int enc_len;

-	char *enc_data;

-	int references;

-	} X509_INFO;

-DECLARE_STACK_OF(X509_INFO)

-#endif

-/* The next 2 structures and their 8 routines were sent to me by

- * Pat Richard <[email protected]> and are used to manipulate

- * Netscapes spki structures - useful if you are writing a CA web page

- */

-typedef struct Netscape_spkac_st

-	{

-	X509_PUBKEY *pubkey;

-	ASN1_IA5STRING *challenge;	/* challenge sent in atlas >= PR2 */

-	} NETSCAPE_SPKAC;

-typedef struct Netscape_spki_st

-	{

-	NETSCAPE_SPKAC *spkac;	/* signed public key and challenge */

-	X509_ALGOR *sig_algor;

-	ASN1_BIT_STRING *signature;

-	} NETSCAPE_SPKI;

-/* Netscape certificate sequence structure */

-typedef struct Netscape_certificate_sequence

-	{

-	ASN1_OBJECT *type;

-	STACK_OF(X509) *certs;

-	} NETSCAPE_CERT_SEQUENCE;

-/* Unused (and iv length is wrong)

-typedef struct CBCParameter_st

-	{

-	unsigned char iv[8];

-	} CBC_PARAM;

-*/

-/* Password based encryption structure */

-typedef struct PBEPARAM_st {

-ASN1_OCTET_STRING *salt;

-ASN1_INTEGER *iter;

-} PBEPARAM;

-/* Password based encryption V2 structures */

-typedef struct PBE2PARAM_st {

-X509_ALGOR *keyfunc;

-X509_ALGOR *encryption;

-} PBE2PARAM;

-typedef struct PBKDF2PARAM_st {

-ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */

-ASN1_INTEGER *iter;

-ASN1_INTEGER *keylength;

-X509_ALGOR *prf;

-} PBKDF2PARAM;

-/* PKCS#8 private key info structure */

-typedef struct pkcs8_priv_key_info_st

-        {

-        int broken;     /* Flag for various broken formats */

-#define PKCS8_OK		0

-#define PKCS8_NO_OCTET		1

-#define PKCS8_EMBEDDED_PARAM	2

-#define PKCS8_NS_DB		3

-        ASN1_INTEGER *version;

-        X509_ALGOR *pkeyalg;

-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */

-        STACK_OF(X509_ATTRIBUTE) *attributes;

-        } PKCS8_PRIV_KEY_INFO;

-#ifdef  __cplusplus

-}

-#endif

-#include <openssl/x509_vfy.h>

-#include <openssl/pkcs7.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef SSLEAY_MACROS

-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\

-	a->signature,(char *)a->cert_info,r)

-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \

-	a->sig_alg,a->signature,(char *)a->req_info,r)

-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \

-	a->sig_alg, a->signature,(char *)a->crl,r)

-#define X509_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \

-		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)

-#define X509_REQ_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \

-		x->signature, (char *)x->req_info,pkey,md)

-#define X509_CRL_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \

-		x->signature, (char *)x->crl,pkey,md)

-#define NETSCAPE_SPKI_sign(x,pkey,md) \

-	ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \

-		x->signature, (char *)x->spkac,pkey,md)

-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \

-		(char *(*)())d2i_X509,(char *)x509)

-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\

-		(int (*)())i2d_X509_ATTRIBUTE, \

-		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)

-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \

-		(int (*)())i2d_X509_EXTENSION, \

-		(char *(*)())d2i_X509_EXTENSION,(char *)ex)

-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \

-		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509))

-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)

-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \

-		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509))

-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)

-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \

-		(char *(*)())d2i_X509_CRL,(char *)crl)

-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \

-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\

-		(unsigned char **)(crl))

-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\

-		(unsigned char *)crl)

-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \

-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\

-		(unsigned char **)(crl))

-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\

-		(unsigned char *)crl)

-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \

-		(char *(*)())d2i_PKCS7,(char *)p7)

-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \

-		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\

-		(unsigned char **)(p7))

-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\

-		(unsigned char *)p7)

-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \

-		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\

-		(unsigned char **)(p7))

-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\

-		(unsigned char *)p7)

-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \

-		(char *(*)())d2i_X509_REQ,(char *)req)

-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\

-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\

-		(unsigned char **)(req))

-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\

-		(unsigned char *)req)

-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\

-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\

-		(unsigned char **)(req))

-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\

-		(unsigned char *)req)

-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \

-		(char *(*)())d2i_RSAPublicKey,(char *)rsa)

-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \

-		(char *(*)())d2i_RSAPrivateKey,(char *)rsa)

-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \

-		(unsigned char *)rsa)

-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \

-		(unsigned char *)rsa)

-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \

-		(unsigned char *)rsa)

-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\

-		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \

-		(unsigned char **)(rsa))

-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \

-		(unsigned char *)rsa)

-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\

-		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \

-		(unsigned char **)(dsa))

-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \

-		(unsigned char *)dsa)

-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\

-		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \

-		(unsigned char **)(dsa))

-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \

-		(unsigned char *)dsa)

-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\

-		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \

-		(unsigned char **)(ecdsa))

-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \

-		(unsigned char *)ecdsa)

-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\

-		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \

-		(unsigned char **)(ecdsa))

-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \

-		(unsigned char *)ecdsa)

-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\

-		(char *(*)())d2i_X509_ALGOR,(char *)xn)

-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \

-		(char *(*)())d2i_X509_NAME,(char *)xn)

-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \

-		(int (*)())i2d_X509_NAME_ENTRY, \

-		(char *(*)())d2i_X509_NAME_ENTRY,\

-		(char *)ne)

-#define X509_digest(data,type,md,len) \

-	ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)

-#define X509_NAME_digest(data,type,md,len) \

-	ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)

-#ifndef PKCS7_ISSUER_AND_SERIAL_digest

-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \

-	ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\

-		(char *)data,md,len)

-#endif

-#endif

-#define X509_EXT_PACK_UNKNOWN	1

-#define X509_EXT_PACK_STRING	2

-#define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)

-/* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */

-#define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)

-#define		X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)

-#define		X509_extract_key(x)	X509_get_pubkey(x) /*****/

-#define		X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)

-#define		X509_REQ_get_subject_name(x) ((x)->req_info->subject)

-#define		X509_REQ_extract_key(a)	X509_REQ_get_pubkey(a)

-#define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))

-#define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))

-#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)

-#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)

-#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)

-#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)

-#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)

-/* This one is only used so that a binary form can output, as in

- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */

-#define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)

-const char *X509_verify_cert_error_string(long n);

-#ifndef SSLEAY_MACROS

-#ifndef OPENSSL_NO_EVP

-int X509_verify(X509 *a, EVP_PKEY *r);

-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);

-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);

-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);

-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);

-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);

-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);

-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);

-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);

-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);

-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);

-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);

-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);

-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);

-int X509_pubkey_digest(const X509 *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_digest(const X509 *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,

-		unsigned char *md, unsigned int *len);

-#endif

-#ifndef OPENSSL_NO_FP_API

-X509 *d2i_X509_fp(FILE *fp, X509 **x509);

-int i2d_X509_fp(FILE *fp,X509 *x509);

-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);

-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);

-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);

-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);

-#ifndef OPENSSL_NO_RSA

-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);

-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);

-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);

-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);

-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);

-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);

-#endif

-#ifndef OPENSSL_NO_DSA

-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);

-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);

-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);

-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);

-#endif

-#ifndef OPENSSL_NO_EC

-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);

-int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);

-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);

-int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);

-#endif

-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);

-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);

-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,

-						PKCS8_PRIV_KEY_INFO **p8inf);

-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);

-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);

-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);

-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);

-#endif

-#ifndef OPENSSL_NO_BIO

-X509 *d2i_X509_bio(BIO *bp,X509 **x509);

-int i2d_X509_bio(BIO *bp,X509 *x509);

-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);

-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);

-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);

-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);

-#ifndef OPENSSL_NO_RSA

-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);

-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);

-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);

-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);

-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);

-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);

-#endif

-#ifndef OPENSSL_NO_DSA

-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);

-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);

-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);

-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);

-#endif

-#ifndef OPENSSL_NO_EC

-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);

-int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);

-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);

-int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);

-#endif

-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);

-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);

-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,

-						PKCS8_PRIV_KEY_INFO **p8inf);

-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);

-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);

-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);

-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);

-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);

-#endif

-X509 *X509_dup(X509 *x509);

-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);

-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);

-X509_CRL *X509_CRL_dup(X509_CRL *crl);

-X509_REQ *X509_REQ_dup(X509_REQ *req);

-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);

-X509_NAME *X509_NAME_dup(X509_NAME *xn);

-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);

-#endif /* !SSLEAY_MACROS */

-int		X509_cmp_time(ASN1_TIME *s, time_t *t);

-int		X509_cmp_current_time(ASN1_TIME *s);

-ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);

-ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);

-const char *	X509_get_default_cert_area(void );

-const char *	X509_get_default_cert_dir(void );

-const char *	X509_get_default_cert_file(void );

-const char *	X509_get_default_cert_dir_env(void );

-const char *	X509_get_default_cert_file_env(void );

-const char *	X509_get_default_private_dir(void );

-X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);

-X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);

-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)

-DECLARE_ASN1_FUNCTIONS(X509_VAL)

-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)

-int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);

-EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);

-int		X509_get_pubkey_parameters(EVP_PKEY *pkey,

-					   STACK_OF(X509) *chain);

-int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);

-EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,

-			long length);

-#ifndef OPENSSL_NO_RSA

-int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);

-RSA *		d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,

-			long length);

-#endif

-#ifndef OPENSSL_NO_DSA

-int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);

-DSA *		d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,

-			long length);

-#endif

-#ifndef OPENSSL_NO_EC

-int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);

-EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,

-			long length);

-#endif

-DECLARE_ASN1_FUNCTIONS(X509_SIG)

-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)

-DECLARE_ASN1_FUNCTIONS(X509_REQ)

-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)

-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);

-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)

-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)

-DECLARE_ASN1_FUNCTIONS(X509_NAME)

-int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);

-DECLARE_ASN1_FUNCTIONS(X509_CINF)

-DECLARE_ASN1_FUNCTIONS(X509)

-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)

-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)

-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int X509_set_ex_data(X509 *r, int idx, void *arg);

-void *X509_get_ex_data(X509 *r, int idx);

-int		i2d_X509_AUX(X509 *a,unsigned char **pp);

-X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);

-int X509_alias_set1(X509 *x, unsigned char *name, int len);

-int X509_keyid_set1(X509 *x, unsigned char *id, int len);

-unsigned char * X509_alias_get0(X509 *x, int *len);

-unsigned char * X509_keyid_get0(X509 *x, int *len);

-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);

-int X509_TRUST_set(int *t, int trust);

-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);

-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);

-void X509_trust_clear(X509 *x);

-void X509_reject_clear(X509 *x);

-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)

-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)

-DECLARE_ASN1_FUNCTIONS(X509_CRL)

-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);

-X509_PKEY *	X509_PKEY_new(void );

-void		X509_PKEY_free(X509_PKEY *a);

-int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);

-X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)

-#ifndef OPENSSL_NO_EVP

-X509_INFO *	X509_INFO_new(void);

-void		X509_INFO_free(X509_INFO *a);

-char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);

-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,

-		ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);

-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,

-		unsigned char *md,unsigned int *len);

-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,

-	      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,

-	      char *data,EVP_PKEY *pkey, const EVP_MD *type);

-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,

-	unsigned char *md,unsigned int *len);

-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,

-	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);

-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,

-	ASN1_BIT_STRING *signature,

-	void *data, EVP_PKEY *pkey, const EVP_MD *type);

-#endif

-int 		X509_set_version(X509 *x,long version);

-int 		X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);

-ASN1_INTEGER *	X509_get_serialNumber(X509 *x);

-int 		X509_set_issuer_name(X509 *x, X509_NAME *name);

-X509_NAME *	X509_get_issuer_name(X509 *a);

-int 		X509_set_subject_name(X509 *x, X509_NAME *name);

-X509_NAME *	X509_get_subject_name(X509 *a);

-int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);

-int 		X509_set_notAfter(X509 *x, ASN1_TIME *tm);

-int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);

-EVP_PKEY *	X509_get_pubkey(X509 *x);

-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);

-int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);

-int		X509_REQ_set_version(X509_REQ *x,long version);

-int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);

-int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);

-EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);

-int		X509_REQ_extension_nid(int nid);

-int *		X509_REQ_get_extension_nids(void);

-void		X509_REQ_set_extension_nids(int *nids);

-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);

-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,

-				int nid);

-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);

-int X509_REQ_get_attr_count(const X509_REQ *req);

-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,

-			  int lastpos);

-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,

-			  int lastpos);

-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);

-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);

-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);

-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len);

-int X509_REQ_add1_attr_by_NID(X509_REQ *req,

-			int nid, int type,

-			const unsigned char *bytes, int len);

-int X509_REQ_add1_attr_by_txt(X509_REQ *req,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len);

-int X509_CRL_set_version(X509_CRL *x, long version);

-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);

-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);

-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);

-int X509_CRL_sort(X509_CRL *crl);

-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);

-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);

-int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);

-int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);

-int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);

-unsigned long	X509_issuer_and_serial_hash(X509 *a);

-int		X509_issuer_name_cmp(const X509 *a, const X509 *b);

-unsigned long	X509_issuer_name_hash(X509 *a);

-int		X509_subject_name_cmp(const X509 *a, const X509 *b);

-unsigned long	X509_subject_name_hash(X509 *x);

-int		X509_cmp(const X509 *a, const X509 *b);

-int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);

-unsigned long	X509_NAME_hash(X509_NAME *x);

-int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);

-#ifndef OPENSSL_NO_FP_API

-int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);

-int		X509_print_fp(FILE *bp,X509 *x);

-int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);

-int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);

-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);

-#endif

-#ifndef OPENSSL_NO_BIO

-int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);

-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);

-int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);

-int		X509_print(BIO *bp,X509 *x);

-int		X509_ocspid_print(BIO *bp,X509 *x);

-int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);

-int		X509_CRL_print(BIO *bp,X509_CRL *x);

-int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);

-int		X509_REQ_print(BIO *bp,X509_REQ *req);

-#endif

-int 		X509_NAME_entry_count(X509_NAME *name);

-int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,

-			char *buf,int len);

-int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,

-			char *buf,int len);

-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use

- * lastpos, search after that position on. */

-int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);

-int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,

-			int lastpos);

-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);

-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);

-int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,

-			int loc, int set);

-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,

-			unsigned char *bytes, int len, int loc, int set);

-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,

-			unsigned char *bytes, int len, int loc, int set);

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,

-		const char *field, int type, const unsigned char *bytes, int len);

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,

-			int type,unsigned char *bytes, int len);

-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,

-			const unsigned char *bytes, int len, int loc, int set);

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,

-			ASN1_OBJECT *obj, int type,const unsigned char *bytes,

-			int len);

-int 		X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,

-			ASN1_OBJECT *obj);

-int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,

-			const unsigned char *bytes, int len);

-ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);

-ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);

-int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);

-int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,

-				      int nid, int lastpos);

-int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,

-				      ASN1_OBJECT *obj,int lastpos);

-int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,

-					   int crit, int lastpos);

-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);

-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);

-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,

-					 X509_EXTENSION *ex, int loc);

-int		X509_get_ext_count(X509 *x);

-int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);

-int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);

-int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);

-X509_EXTENSION *X509_get_ext(X509 *x, int loc);

-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);

-int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);

-void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);

-int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,

-							unsigned long flags);

-int		X509_CRL_get_ext_count(X509_CRL *x);

-int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);

-int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);

-int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);

-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);

-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);

-int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);

-void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);

-int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,

-							unsigned long flags);

-int		X509_REVOKED_get_ext_count(X509_REVOKED *x);

-int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);

-int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);

-int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);

-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);

-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);

-int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);

-void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);

-int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,

-							unsigned long flags);

-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,

-			int nid, int crit, ASN1_OCTET_STRING *data);

-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,

-			ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);

-int		X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);

-int		X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);

-int		X509_EXTENSION_set_data(X509_EXTENSION *ex,

-			ASN1_OCTET_STRING *data);

-ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);

-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);

-int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);

-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);

-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,

-			  int lastpos);

-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,

-			  int lastpos);

-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);

-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,

-					 X509_ATTRIBUTE *attr);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,

-			int nid, int type,

-			const unsigned char *bytes, int len);

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len);

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,

-	     int atrtype, const void *data, int len);

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,

-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,

-		const char *atrname, int type, const unsigned char *bytes, int len);

-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);

-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);

-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,

-					int atrtype, void *data);

-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);

-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);

-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);

-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);

-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,

-			  int lastpos);

-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,

-			  int lastpos);

-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);

-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);

-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);

-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len);

-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,

-			int nid, int type,

-			const unsigned char *bytes, int len);

-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len);

-int		X509_verify_cert(X509_STORE_CTX *ctx);

-/* lookup a cert from a X509 STACK */

-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,

-				     ASN1_INTEGER *serial);

-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);

-DECLARE_ASN1_FUNCTIONS(PBEPARAM)

-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)

-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)

-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);

-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,

-					 unsigned char *salt, int saltlen);

-/* PKCS#8 utilities */

-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)

-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);

-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);

-int X509_check_trust(X509 *x, int id, int flags);

-int X509_TRUST_get_count(void);

-X509_TRUST * X509_TRUST_get0(int idx);

-int X509_TRUST_get_by_id(int id);

-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),

-					char *name, int arg1, void *arg2);

-void X509_TRUST_cleanup(void);

-int X509_TRUST_get_flags(X509_TRUST *xp);

-char *X509_TRUST_get0_name(X509_TRUST *xp);

-int X509_TRUST_get_trust(X509_TRUST *xp);

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_X509_strings(void);

-/* Error codes for the X509 functions. */

-/* Function codes. */

-#define X509_F_ADD_CERT_DIR				 100

-#define X509_F_BY_FILE_CTRL				 101

-#define X509_F_CHECK_POLICY				 145

-#define X509_F_DIR_CTRL					 102

-#define X509_F_GET_CERT_BY_SUBJECT			 103

-#define X509_F_NETSCAPE_SPKI_B64_DECODE			 129

-#define X509_F_NETSCAPE_SPKI_B64_ENCODE			 130

-#define X509_F_X509AT_ADD1_ATTR				 135

-#define X509_F_X509V3_ADD_EXT				 104

-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID		 136

-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ		 137

-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT		 140

-#define X509_F_X509_ATTRIBUTE_GET0_DATA			 139

-#define X509_F_X509_ATTRIBUTE_SET1_DATA			 138

-#define X509_F_X509_CHECK_PRIVATE_KEY			 128

-#define X509_F_X509_CRL_PRINT_FP			 147

-#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108

-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109

-#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110

-#define X509_F_X509_LOAD_CERT_CRL_FILE			 132

-#define X509_F_X509_LOAD_CERT_FILE			 111

-#define X509_F_X509_LOAD_CRL_FILE			 112

-#define X509_F_X509_NAME_ADD_ENTRY			 113

-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114

-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT		 131

-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115

-#define X509_F_X509_NAME_ONELINE			 116

-#define X509_F_X509_NAME_PRINT				 117

-#define X509_F_X509_PRINT_EX_FP				 118

-#define X509_F_X509_PUBKEY_GET				 119

-#define X509_F_X509_PUBKEY_SET				 120

-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY		 144

-#define X509_F_X509_REQ_PRINT_EX			 121

-#define X509_F_X509_REQ_PRINT_FP			 122

-#define X509_F_X509_REQ_TO_X509				 123

-#define X509_F_X509_STORE_ADD_CERT			 124

-#define X509_F_X509_STORE_ADD_CRL			 125

-#define X509_F_X509_STORE_CTX_GET1_ISSUER		 146

-#define X509_F_X509_STORE_CTX_INIT			 143

-#define X509_F_X509_STORE_CTX_NEW			 142

-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT		 134

-#define X509_F_X509_TO_X509_REQ				 126

-#define X509_F_X509_TRUST_ADD				 133

-#define X509_F_X509_TRUST_SET				 141

-#define X509_F_X509_VERIFY_CERT				 127

-/* Reason codes. */

-#define X509_R_BAD_X509_FILETYPE			 100

-#define X509_R_BASE64_DECODE_ERROR			 118

-#define X509_R_CANT_CHECK_DH_KEY			 114

-#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101

-#define X509_R_ERR_ASN1_LIB				 102

-#define X509_R_INVALID_DIRECTORY			 113

-#define X509_R_INVALID_FIELD_NAME			 119

-#define X509_R_INVALID_TRUST				 123

-#define X509_R_KEY_TYPE_MISMATCH			 115

-#define X509_R_KEY_VALUES_MISMATCH			 116

-#define X509_R_LOADING_CERT_DIR				 103

-#define X509_R_LOADING_DEFAULTS				 104

-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105

-#define X509_R_SHOULD_RETRY				 106

-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107

-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108

-#define X509_R_UNKNOWN_KEY_TYPE				 117

-#define X509_R_UNKNOWN_NID				 109

-#define X509_R_UNKNOWN_PURPOSE_ID			 121

-#define X509_R_UNKNOWN_TRUST_ID				 120

-#define X509_R_UNSUPPORTED_ALGORITHM			 111

-#define X509_R_WRONG_LOOKUP_TYPE			 112

-#define X509_R_WRONG_TYPE				 122

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_att.c

+++ /dev/null

@@ -1,332 +1,0 @@

-/* crypto/x509/x509_att.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/stack.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)

-{

-	if (!x) return 0;

-	return(sk_X509_ATTRIBUTE_num(x));

-}

-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,

-			  int lastpos)

-{

-	ASN1_OBJECT *obj;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL) return(-2);

-	return(X509at_get_attr_by_OBJ(x,obj,lastpos));

-}

-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,

-			  int lastpos)

-{

-	int n;

-	X509_ATTRIBUTE *ex;

-	if (sk == NULL) return(-1);

-	lastpos++;

-	if (lastpos < 0)

-		lastpos=0;

-	n=sk_X509_ATTRIBUTE_num(sk);

-	for ( ; lastpos < n; lastpos++)

-		{

-		ex=sk_X509_ATTRIBUTE_value(sk,lastpos);

-		if (OBJ_cmp(ex->object,obj) == 0)

-			return(lastpos);

-		}

-	return(-1);

-}

-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)

-{

-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)

-		return NULL;

-	else

-		return sk_X509_ATTRIBUTE_value(x,loc);

-}

-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)

-{

-	X509_ATTRIBUTE *ret;

-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)

-		return(NULL);

-	ret=sk_X509_ATTRIBUTE_delete(x,loc);

-	return(ret);

-}

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,

-					 X509_ATTRIBUTE *attr)

-{

-	X509_ATTRIBUTE *new_attr=NULL;

-	STACK_OF(X509_ATTRIBUTE) *sk=NULL;

-	if (x == NULL)

-		{

-		X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);

-		goto err2;

-		}

-	if (*x == NULL)

-		{

-		if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)

-			goto err;

-		}

-	else

-		sk= *x;

-	if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)

-		goto err2;

-	if (!sk_X509_ATTRIBUTE_push(sk,new_attr))

-		goto err;

-	if (*x == NULL)

-		*x=sk;

-	return(sk);

-err:

-	X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);

-err2:

-	if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);

-	if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);

-	return(NULL);

-}

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len)

-{

-	X509_ATTRIBUTE *attr;

-	STACK_OF(X509_ATTRIBUTE) *ret;

-	attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);

-	if(!attr) return 0;

-	ret = X509at_add1_attr(x, attr);

-	X509_ATTRIBUTE_free(attr);

-	return ret;

-}

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,

-			int nid, int type,

-			const unsigned char *bytes, int len)

-{

-	X509_ATTRIBUTE *attr;

-	STACK_OF(X509_ATTRIBUTE) *ret;

-	attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);

-	if(!attr) return 0;

-	ret = X509at_add1_attr(x, attr);

-	X509_ATTRIBUTE_free(attr);

-	return ret;

-}

-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len)

-{

-	X509_ATTRIBUTE *attr;

-	STACK_OF(X509_ATTRIBUTE) *ret;

-	attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);

-	if(!attr) return 0;

-	ret = X509at_add1_attr(x, attr);

-	X509_ATTRIBUTE_free(attr);

-	return ret;

-}

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,

-	     int atrtype, const void *data, int len)

-{

-	ASN1_OBJECT *obj;

-	X509_ATTRIBUTE *ret;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);

-		return(NULL);

-		}

-	ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);

-	if (ret == NULL) ASN1_OBJECT_free(obj);

-	return(ret);

-}

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,

-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len)

-{

-	X509_ATTRIBUTE *ret;

-	if ((attr == NULL) || (*attr == NULL))

-		{

-		if ((ret=X509_ATTRIBUTE_new()) == NULL)

-			{

-			X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		}

-	else

-		ret= *attr;

-	if (!X509_ATTRIBUTE_set1_object(ret,obj))

-		goto err;

-	if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))

-		goto err;

-	if ((attr != NULL) && (*attr == NULL)) *attr=ret;

-	return(ret);

-err:

-	if ((attr == NULL) || (ret != *attr))

-		X509_ATTRIBUTE_free(ret);

-	return(NULL);

-}

-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,

-		const char *atrname, int type, const unsigned char *bytes, int len)

-	{

-	ASN1_OBJECT *obj;

-	X509_ATTRIBUTE *nattr;

-	obj=OBJ_txt2obj(atrname, 0);

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,

-						X509_R_INVALID_FIELD_NAME);

-		ERR_add_error_data(2, "name=", atrname);

-		return(NULL);

-		}

-	nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);

-	ASN1_OBJECT_free(obj);

-	return nattr;

-	}

-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)

-{

-	if ((attr == NULL) || (obj == NULL))

-		return(0);

-	ASN1_OBJECT_free(attr->object);

-	attr->object=OBJ_dup(obj);

-	return(1);

-}

-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)

-{

-	ASN1_TYPE *ttmp;

-	ASN1_STRING *stmp;

-	int atype;

-	if (!attr) return 0;

-	if(attrtype & MBSTRING_FLAG) {

-		stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,

-						OBJ_obj2nid(attr->object));

-		if(!stmp) {

-			X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);

-			return 0;

-		}

-		atype = stmp->type;

-	} else {

-		if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;

-		if(!ASN1_STRING_set(stmp, data, len)) goto err;

-		atype = attrtype;

-	}

-	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;

-	if(!(ttmp = ASN1_TYPE_new())) goto err;

-	if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;

-	attr->single = 0;

-	ASN1_TYPE_set(ttmp, atype, stmp);

-	return 1;

-	err:

-	X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);

-	return 0;

-}

-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)

-{

-	if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);

-	if(attr->value.single) return 1;

-	return 0;

-}

-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)

-{

-	if (attr == NULL) return(NULL);

-	return(attr->object);

-}

-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,

-					int atrtype, void *data)

-{

-	ASN1_TYPE *ttmp;

-	ttmp = X509_ATTRIBUTE_get0_type(attr, idx);

-	if(!ttmp) return NULL;

-	if(atrtype != ASN1_TYPE_get(ttmp)){

-		X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);

-		return NULL;

-	}

-	return ttmp->value.ptr;

-}

-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)

-{

-	if (attr == NULL) return(NULL);

-	if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;

-	if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);

-	else return attr->value.single;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_cmp.c

+++ /dev/null

@@ -1,425 +1,0 @@

-/* crypto/x509/x509_cmp.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)

-	{

-	int i;

-	X509_CINF *ai,*bi;

-	ai=a->cert_info;

-	bi=b->cert_info;

-	i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);

-	if (i) return(i);

-	return(X509_NAME_cmp(ai->issuer,bi->issuer));

-	}

-#ifndef OPENSSL_NO_MD5

-unsigned long X509_issuer_and_serial_hash(X509 *a)

-	{

-	unsigned long ret=0;

-	EVP_MD_CTX ctx;

-	unsigned char md[16];

-	char *f;

-	EVP_MD_CTX_init(&ctx);

-	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);

-	ret=strlen(f);

-	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);

-	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);

-	OPENSSL_free(f);

-	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,

-		(unsigned long)a->cert_info->serialNumber->length);

-	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);

-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|

-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)

-		)&0xffffffffL;

-	EVP_MD_CTX_cleanup(&ctx);

-	return(ret);

-	}

-#endif

-int X509_issuer_name_cmp(const X509 *a, const X509 *b)

-	{

-	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));

-	}

-int X509_subject_name_cmp(const X509 *a, const X509 *b)

-	{

-	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));

-	}

-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)

-	{

-	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));

-	}

-X509_NAME *X509_get_issuer_name(X509 *a)

-	{

-	return(a->cert_info->issuer);

-	}

-unsigned long X509_issuer_name_hash(X509 *x)

-	{

-	return(X509_NAME_hash(x->cert_info->issuer));

-	}

-X509_NAME *X509_get_subject_name(X509 *a)

-	{

-	return(a->cert_info->subject);

-	}

-ASN1_INTEGER *X509_get_serialNumber(X509 *a)

-	{

-	return(a->cert_info->serialNumber);

-	}

-unsigned long X509_subject_name_hash(X509 *x)

-	{

-	return(X509_NAME_hash(x->cert_info->subject));

-	}

-#ifndef OPENSSL_NO_SHA

-/* Compare two certificates: they must be identical for

- * this to work. NB: Although "cmp" operations are generally

- * prototyped to take "const" arguments (eg. for use in

- * STACKs), the way X509 handling is - these operations may

- * involve ensuring the hashes are up-to-date and ensuring

- * certain cert information is cached. So this is the point

- * where the "depth-first" constification tree has to halt

- * with an evil cast.

- */

-int X509_cmp(const X509 *a, const X509 *b)

-{

-	/* ensure hash is valid */

-	X509_check_purpose((X509 *)a, -1, 0);

-	X509_check_purpose((X509 *)b, -1, 0);

-	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);

-}

-#endif

-/* Case insensitive string comparision */

-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)

-{

-	int i;

-	if (a->length != b->length)

-		return (a->length - b->length);

-	for (i=0; i<a->length; i++)

-	{

-		int ca, cb;

-		ca = tolower(a->data[i]);

-		cb = tolower(b->data[i]);

-		if (ca != cb)

-			return(ca-cb);

-	}

-	return 0;

-}

-/* Case insensitive string comparision with space normalization

- * Space normalization - ignore leading, trailing spaces,

- *       multiple spaces between characters are replaced by single space

- */

-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)

-{

-	unsigned char *pa = NULL, *pb = NULL;

-	int la, lb;

-	la = a->length;

-	lb = b->length;

-	pa = a->data;

-	pb = b->data;

-	/* skip leading spaces */

-	while (la > 0 && isspace(*pa))

-	{

-		la--;

-		pa++;

-	}

-	while (lb > 0 && isspace(*pb))

-	{

-		lb--;

-		pb++;

-	}

-	/* skip trailing spaces */

-	while (la > 0 && isspace(pa[la-1]))

-		la--;

-	while (lb > 0 && isspace(pb[lb-1]))

-		lb--;

-	/* compare strings with space normalization */

-	while (la > 0 && lb > 0)

-	{

-		int ca, cb;

-		/* compare character */

-		ca = tolower(*pa);

-		cb = tolower(*pb);

-		if (ca != cb)

-			return (ca - cb);

-		pa++; pb++;

-		la--; lb--;

-		if (la <= 0 || lb <= 0)

-			break;

-		/* is white space next character ? */

-		if (isspace(*pa) && isspace(*pb))

-		{

-			/* skip remaining white spaces */

-			while (la > 0 && isspace(*pa))

-			{

-				la--;

-				pa++;

-			}

-			while (lb > 0 && isspace(*pb))

-			{

-				lb--;

-				pb++;

-			}

-		}

-	}

-	if (la > 0 || lb > 0)

-		return la - lb;

-	return 0;

-}

-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)

-	{

-	int j;

-	j = a->length - b->length;

-	if (j)

-		return j;

-	return memcmp(a->data, b->data, a->length);

-	}

-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)

-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)

-	{

-	int i,j;

-	X509_NAME_ENTRY *na,*nb;

-	unsigned long nabit, nbbit;

-	j = sk_X509_NAME_ENTRY_num(a->entries)

-		  - sk_X509_NAME_ENTRY_num(b->entries);

-	if (j)

-		return j;

-	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)

-		{

-		na=sk_X509_NAME_ENTRY_value(a->entries,i);

-		nb=sk_X509_NAME_ENTRY_value(b->entries,i);

-		j=na->value->type-nb->value->type;

-		if (j)

-			{

-			nabit = ASN1_tag2bit(na->value->type);

-			nbbit = ASN1_tag2bit(nb->value->type);

-			if (!(nabit & STR_TYPE_CMP) ||

-				!(nbbit & STR_TYPE_CMP))

-				return j;

-			j = asn1_string_memcmp(na->value, nb->value);

-			}

-		else if (na->value->type == V_ASN1_PRINTABLESTRING)

-			j=nocase_spacenorm_cmp(na->value, nb->value);

-		else if (na->value->type == V_ASN1_IA5STRING

-			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)

-			j=nocase_cmp(na->value, nb->value);

-		else

-			j = asn1_string_memcmp(na->value, nb->value);

-		if (j) return(j);

-		j=na->set-nb->set;

-		if (j) return(j);

-		}

-	/* We will check the object types after checking the values

-	 * since the values will more often be different than the object

-	 * types. */

-	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)

-		{

-		na=sk_X509_NAME_ENTRY_value(a->entries,i);

-		nb=sk_X509_NAME_ENTRY_value(b->entries,i);

-		j=OBJ_cmp(na->object,nb->object);

-		if (j) return(j);

-		}

-	return(0);

-	}

-#ifndef OPENSSL_NO_MD5

-/* I now DER encode the name and hash it.  Since I cache the DER encoding,

- * this is reasonably efficient. */

-unsigned long X509_NAME_hash(X509_NAME *x)

-	{

-	unsigned long ret=0;

-	unsigned char md[16];

-	/* Make sure X509_NAME structure contains valid cached encoding */

-	i2d_X509_NAME(x,NULL);

-	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);

-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|

-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)

-		)&0xffffffffL;

-	return(ret);

-	}

-#endif

-/* Search a stack of X509 for a match */

-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,

-		ASN1_INTEGER *serial)

-	{

-	int i;

-	X509_CINF cinf;

-	X509 x,*x509=NULL;

-	if(!sk) return NULL;

-	x.cert_info= &cinf;

-	cinf.serialNumber=serial;

-	cinf.issuer=name;

-	for (i=0; i<sk_X509_num(sk); i++)

-		{

-		x509=sk_X509_value(sk,i);

-		if (X509_issuer_and_serial_cmp(x509,&x) == 0)

-			return(x509);

-		}

-	return(NULL);

-	}

-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)

-	{

-	X509 *x509;

-	int i;

-	for (i=0; i<sk_X509_num(sk); i++)

-		{

-		x509=sk_X509_value(sk,i);

-		if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)

-			return(x509);

-		}

-	return(NULL);

-	}

-EVP_PKEY *X509_get_pubkey(X509 *x)

-	{

-	if ((x == NULL) || (x->cert_info == NULL))

-		return(NULL);

-	return(X509_PUBKEY_get(x->cert_info->key));

-	}

-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)

-	{

-	if(!x) return NULL;

-	return x->cert_info->key->public_key;

-	}

-int X509_check_private_key(X509 *x, EVP_PKEY *k)

-	{

-	EVP_PKEY *xk=NULL;

-	int ok=0;

-	xk=X509_get_pubkey(x);

-	switch (EVP_PKEY_cmp(xk, k))

-		{

-	case 1:

-		ok=1;

-		break;

-	case 0:

-		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);

-		break;

-	case -1:

-		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);

-		break;

-	case -2:

-#ifndef OPENSSL_NO_EC

-		if (k->type == EVP_PKEY_EC)

-			{

-			X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);

-			break;

-			}

-#endif

-#ifndef OPENSSL_NO_DH

-		if (k->type == EVP_PKEY_DH)

-			{

-			/* No idea */

-			X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);

-			break;

-			}

-#endif

-	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);

-		}

-	EVP_PKEY_free(xk);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_d2.c

+++ /dev/null

@@ -1,107 +1,0 @@

-/* crypto/x509/x509_d2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/crypto.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_STDIO

-int X509_STORE_set_default_paths(X509_STORE *ctx)

-	{

-	X509_LOOKUP *lookup;

-	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());

-	if (lookup == NULL) return(0);

-	X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);

-	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());

-	if (lookup == NULL) return(0);

-	X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

-	/* clear any errors */

-	ERR_clear_error();

-	return(1);

-	}

-int X509_STORE_load_locations(X509_STORE *ctx, const char *file,

-		const char *path)

-	{

-	X509_LOOKUP *lookup;

-	if (file != NULL)

-		{

-		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());

-		if (lookup == NULL) return(0);

-		if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)

-		    return(0);

-		}

-	if (path != NULL)

-		{

-		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());

-		if (lookup == NULL) return(0);

-		if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)

-		    return(0);

-		}

-	if ((path == NULL) && (file == NULL))

-		return(0);

-	return(1);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_def.c

+++ /dev/null

@@ -1,81 +1,0 @@

-/* crypto/x509/x509_def.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/crypto.h>

-#include <openssl/x509.h>

-const char *X509_get_default_private_dir(void)

-	{ return(X509_PRIVATE_DIR); }

-const char *X509_get_default_cert_area(void)

-	{ return(X509_CERT_AREA); }

-const char *X509_get_default_cert_dir(void)

-	{ return(X509_CERT_DIR); }

-const char *X509_get_default_cert_file(void)

-	{ return(X509_CERT_FILE); }

-const char *X509_get_default_cert_dir_env(void)

-	{ return(X509_CERT_DIR_EVP); }

-const char *X509_get_default_cert_file_env(void)

-	{ return(X509_CERT_FILE_EVP); }

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_err.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* crypto/x509/x509_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/x509.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)

-static ERR_STRING_DATA X509_str_functs[]=

-	{

-{ERR_FUNC(X509_F_ADD_CERT_DIR),	"ADD_CERT_DIR"},

-{ERR_FUNC(X509_F_BY_FILE_CTRL),	"BY_FILE_CTRL"},

-{ERR_FUNC(X509_F_CHECK_POLICY),	"CHECK_POLICY"},

-{ERR_FUNC(X509_F_DIR_CTRL),	"DIR_CTRL"},

-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),	"GET_CERT_BY_SUBJECT"},

-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),	"NETSCAPE_SPKI_b64_decode"},

-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),	"NETSCAPE_SPKI_b64_encode"},

-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR),	"X509at_add1_attr"},

-{ERR_FUNC(X509_F_X509V3_ADD_EXT),	"X509v3_add_ext"},

-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),	"X509_ATTRIBUTE_create_by_NID"},

-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),	"X509_ATTRIBUTE_create_by_OBJ"},

-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),	"X509_ATTRIBUTE_create_by_txt"},

-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),	"X509_ATTRIBUTE_get0_data"},

-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),	"X509_ATTRIBUTE_set1_data"},

-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),	"X509_check_private_key"},

-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP),	"X509_CRL_print_fp"},

-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),	"X509_EXTENSION_create_by_NID"},

-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),	"X509_EXTENSION_create_by_OBJ"},

-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),	"X509_get_pubkey_parameters"},

-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE),	"X509_load_cert_crl_file"},

-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE),	"X509_load_cert_file"},

-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE),	"X509_load_crl_file"},

-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY),	"X509_NAME_add_entry"},

-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),	"X509_NAME_ENTRY_create_by_NID"},

-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),	"X509_NAME_ENTRY_create_by_txt"},

-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),	"X509_NAME_ENTRY_set_object"},

-{ERR_FUNC(X509_F_X509_NAME_ONELINE),	"X509_NAME_oneline"},

-{ERR_FUNC(X509_F_X509_NAME_PRINT),	"X509_NAME_print"},

-{ERR_FUNC(X509_F_X509_PRINT_EX_FP),	"X509_print_ex_fp"},

-{ERR_FUNC(X509_F_X509_PUBKEY_GET),	"X509_PUBKEY_get"},

-{ERR_FUNC(X509_F_X509_PUBKEY_SET),	"X509_PUBKEY_set"},

-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),	"X509_REQ_check_private_key"},

-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX),	"X509_REQ_print_ex"},

-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP),	"X509_REQ_print_fp"},

-{ERR_FUNC(X509_F_X509_REQ_TO_X509),	"X509_REQ_to_X509"},

-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT),	"X509_STORE_add_cert"},

-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL),	"X509_STORE_add_crl"},

-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),	"X509_STORE_CTX_get1_issuer"},

-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT),	"X509_STORE_CTX_init"},

-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW),	"X509_STORE_CTX_new"},

-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),	"X509_STORE_CTX_purpose_inherit"},

-{ERR_FUNC(X509_F_X509_TO_X509_REQ),	"X509_to_X509_REQ"},

-{ERR_FUNC(X509_F_X509_TRUST_ADD),	"X509_TRUST_add"},

-{ERR_FUNC(X509_F_X509_TRUST_SET),	"X509_TRUST_set"},

-{ERR_FUNC(X509_F_X509_VERIFY_CERT),	"X509_verify_cert"},

-{0,NULL}

-	};

-static ERR_STRING_DATA X509_str_reasons[]=

-	{

-{ERR_REASON(X509_R_BAD_X509_FILETYPE)    ,"bad x509 filetype"},

-{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  ,"base64 decode error"},

-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    ,"cant check dh key"},

-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},

-{ERR_REASON(X509_R_ERR_ASN1_LIB)         ,"err asn1 lib"},

-{ERR_REASON(X509_R_INVALID_DIRECTORY)    ,"invalid directory"},

-{ERR_REASON(X509_R_INVALID_FIELD_NAME)   ,"invalid field name"},

-{ERR_REASON(X509_R_INVALID_TRUST)        ,"invalid trust"},

-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH)    ,"key type mismatch"},

-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  ,"key values mismatch"},

-{ERR_REASON(X509_R_LOADING_CERT_DIR)     ,"loading cert dir"},

-{ERR_REASON(X509_R_LOADING_DEFAULTS)     ,"loading defaults"},

-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},

-{ERR_REASON(X509_R_SHOULD_RETRY)         ,"should retry"},

-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},

-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},

-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE)     ,"unknown key type"},

-{ERR_REASON(X509_R_UNKNOWN_NID)          ,"unknown nid"},

-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID)   ,"unknown purpose id"},

-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID)     ,"unknown trust id"},

-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},

-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE)    ,"wrong lookup type"},

-{ERR_REASON(X509_R_WRONG_TYPE)           ,"wrong type"},

-{0,NULL}

-	};

-#endif

-void ERR_load_X509_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(X509_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,X509_str_functs);

-		ERR_load_strings(0,X509_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_ext.c

+++ /dev/null

@@ -1,210 +1,0 @@

-/* crypto/x509/x509_ext.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/stack.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-int X509_CRL_get_ext_count(X509_CRL *x)

-	{

-	return(X509v3_get_ext_count(x->crl->extensions));

-	}

-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));

-	}

-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));

-	}

-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));

-	}

-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)

-	{

-	return(X509v3_get_ext(x->crl->extensions,loc));

-	}

-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)

-	{

-	return(X509v3_delete_ext(x->crl->extensions,loc));

-	}

-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)

-{

-	return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);

-}

-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,

-							unsigned long flags)

-{

-	return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);

-}

-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);

-	}

-int X509_get_ext_count(X509 *x)

-	{

-	return(X509v3_get_ext_count(x->cert_info->extensions));

-	}

-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));

-	}

-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));

-	}

-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));

-	}

-X509_EXTENSION *X509_get_ext(X509 *x, int loc)

-	{

-	return(X509v3_get_ext(x->cert_info->extensions,loc));

-	}

-X509_EXTENSION *X509_delete_ext(X509 *x, int loc)

-	{

-	return(X509v3_delete_ext(x->cert_info->extensions,loc));

-	}

-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);

-	}

-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)

-{

-	return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);

-}

-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,

-							unsigned long flags)

-{

-	return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,

-							flags);

-}

-int X509_REVOKED_get_ext_count(X509_REVOKED *x)

-	{

-	return(X509v3_get_ext_count(x->extensions));

-	}

-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)

-	{

-	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));

-	}

-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,

-	     int lastpos)

-	{

-	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));

-	}

-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)

-	{

-	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));

-	}

-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)

-	{

-	return(X509v3_get_ext(x->extensions,loc));

-	}

-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)

-	{

-	return(X509v3_delete_ext(x->extensions,loc));

-	}

-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)

-	{

-	return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);

-	}

-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)

-{

-	return X509V3_get_d2i(x->extensions, nid, crit, idx);

-}

-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,

-							unsigned long flags)

-{

-	return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);

-}

-IMPLEMENT_STACK_OF(X509_EXTENSION)

-IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_lu.c

+++ /dev/null

@@ -1,567 +1,0 @@

-/* crypto/x509/x509_lu.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)

-	{

-	X509_LOOKUP *ret;

-	ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));

-	if (ret == NULL) return NULL;

-	ret->init=0;

-	ret->skip=0;

-	ret->method=method;

-	ret->method_data=NULL;

-	ret->store_ctx=NULL;

-	if ((method->new_item != NULL) && !method->new_item(ret))

-		{

-		OPENSSL_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void X509_LOOKUP_free(X509_LOOKUP *ctx)

-	{

-	if (ctx == NULL) return;

-	if (	(ctx->method != NULL) &&

-		(ctx->method->free != NULL))

-		ctx->method->free(ctx);

-	OPENSSL_free(ctx);

-	}

-int X509_LOOKUP_init(X509_LOOKUP *ctx)

-	{

-	if (ctx->method == NULL) return 0;

-	if (ctx->method->init != NULL)

-		return ctx->method->init(ctx);

-	else

-		return 1;

-	}

-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)

-	{

-	if (ctx->method == NULL) return 0;

-	if (ctx->method->shutdown != NULL)

-		return ctx->method->shutdown(ctx);

-	else

-		return 1;

-	}

-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,

-	     char **ret)

-	{

-	if (ctx->method == NULL) return -1;

-	if (ctx->method->ctrl != NULL)

-		return ctx->method->ctrl(ctx,cmd,argc,argl,ret);

-	else

-		return 1;

-	}

-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,

-	     X509_OBJECT *ret)

-	{

-	if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))

-		return X509_LU_FAIL;

-	if (ctx->skip) return 0;

-	return ctx->method->get_by_subject(ctx,type,name,ret);

-	}

-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,

-	     ASN1_INTEGER *serial, X509_OBJECT *ret)

-	{

-	if ((ctx->method == NULL) ||

-		(ctx->method->get_by_issuer_serial == NULL))

-		return X509_LU_FAIL;

-	return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);

-	}

-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,

-	     unsigned char *bytes, int len, X509_OBJECT *ret)

-	{

-	if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))

-		return X509_LU_FAIL;

-	return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);

-	}

-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,

-	     X509_OBJECT *ret)

-	{

-	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))

-		return X509_LU_FAIL;

-	return ctx->method->get_by_alias(ctx,type,str,len,ret);

-	}

-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)

-  	{

- 	int ret;

- 	ret=((*a)->type - (*b)->type);

- 	if (ret) return ret;

- 	switch ((*a)->type)

- 		{

- 	case X509_LU_X509:

- 		ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);

- 		break;

- 	case X509_LU_CRL:

- 		ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);

- 		break;

-	default:

-		/* abort(); */

-		return 0;

-		}

-	return ret;

-	}

-X509_STORE *X509_STORE_new(void)

-	{

-	X509_STORE *ret;

-	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)

-		return NULL;

-	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);

-	ret->cache=1;

-	ret->get_cert_methods=sk_X509_LOOKUP_new_null();

-	ret->verify=0;

-	ret->verify_cb=0;

-	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)

-		return NULL;

-	ret->get_issuer = 0;

-	ret->check_issued = 0;

-	ret->check_revocation = 0;

-	ret->get_crl = 0;

-	ret->check_crl = 0;

-	ret->cert_crl = 0;

-	ret->cleanup = 0;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);

-	ret->references=1;

-	return ret;

-	}

-static void cleanup(X509_OBJECT *a)

-	{

-	if (a->type == X509_LU_X509)

-		{

-		X509_free(a->data.x509);

-		}

-	else if (a->type == X509_LU_CRL)

-		{

-		X509_CRL_free(a->data.crl);

-		}

-	else

-		{

-		/* abort(); */

-		}

-	OPENSSL_free(a);

-	}

-void X509_STORE_free(X509_STORE *vfy)

-	{

-	int i;

-	STACK_OF(X509_LOOKUP) *sk;

-	X509_LOOKUP *lu;

-	if (vfy == NULL)

-	    return;

-	sk=vfy->get_cert_methods;

-	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)

-		{

-		lu=sk_X509_LOOKUP_value(sk,i);

-		X509_LOOKUP_shutdown(lu);

-		X509_LOOKUP_free(lu);

-		}

-	sk_X509_LOOKUP_free(sk);

-	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);

-	if (vfy->param)

-		X509_VERIFY_PARAM_free(vfy->param);

-	OPENSSL_free(vfy);

-	}

-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)

-	{

-	int i;

-	STACK_OF(X509_LOOKUP) *sk;

-	X509_LOOKUP *lu;

-	sk=v->get_cert_methods;

-	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)

-		{

-		lu=sk_X509_LOOKUP_value(sk,i);

-		if (m == lu->method)

-			{

-			return lu;

-			}

-		}

-	/* a new one */

-	lu=X509_LOOKUP_new(m);

-	if (lu == NULL)

-		return NULL;

-	else

-		{

-		lu->store_ctx=v;

-		if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))

-			return lu;

-		else

-			{

-			X509_LOOKUP_free(lu);

-			return NULL;

-			}

-		}

-	}

-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,

-	     X509_OBJECT *ret)

-	{

-	X509_STORE *ctx=vs->ctx;

-	X509_LOOKUP *lu;

-	X509_OBJECT stmp,*tmp;

-	int i,j;

-	tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);

-	if (tmp == NULL)

-		{

-		for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)

-			{

-			lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);

-			j=X509_LOOKUP_by_subject(lu,type,name,&stmp);

-			if (j < 0)

-				{

-				vs->current_method=j;

-				return j;

-				}

-			else if (j)

-				{

-				tmp= &stmp;

-				break;

-				}

-			}

-		vs->current_method=0;

-		if (tmp == NULL)

-			return 0;

-		}

-/*	if (ret->data.ptr != NULL)

-		X509_OBJECT_free_contents(ret); */

-	ret->type=tmp->type;

-	ret->data.ptr=tmp->data.ptr;

-	X509_OBJECT_up_ref_count(ret);

-	return 1;

-	}

-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)

-	{

-	X509_OBJECT *obj;

-	int ret=1;

-	if (x == NULL) return 0;

-	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	obj->type=X509_LU_X509;

-	obj->data.x509=x;

-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

-	X509_OBJECT_up_ref_count(obj);

-	if (X509_OBJECT_retrieve_match(ctx->objs, obj))

-		{

-		X509_OBJECT_free_contents(obj);

-		OPENSSL_free(obj);

-		X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);

-		ret=0;

-		}

-	else sk_X509_OBJECT_push(ctx->objs, obj);

-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

-	return ret;

-	}

-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)

-	{

-	X509_OBJECT *obj;

-	int ret=1;

-	if (x == NULL) return 0;

-	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	obj->type=X509_LU_CRL;

-	obj->data.crl=x;

-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

-	X509_OBJECT_up_ref_count(obj);

-	if (X509_OBJECT_retrieve_match(ctx->objs, obj))

-		{

-		X509_OBJECT_free_contents(obj);

-		OPENSSL_free(obj);

-		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);

-		ret=0;

-		}

-	else sk_X509_OBJECT_push(ctx->objs, obj);

-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

-	return ret;

-	}

-void X509_OBJECT_up_ref_count(X509_OBJECT *a)

-	{

-	switch (a->type)

-		{

-	case X509_LU_X509:

-		CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);

-		break;

-	case X509_LU_CRL:

-		CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);

-		break;

-		}

-	}

-void X509_OBJECT_free_contents(X509_OBJECT *a)

-	{

-	switch (a->type)

-		{

-	case X509_LU_X509:

-		X509_free(a->data.x509);

-		break;

-	case X509_LU_CRL:

-		X509_CRL_free(a->data.crl);

-		break;

-		}

-	}

-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,

-	     X509_NAME *name)

-	{

-	X509_OBJECT stmp;

-	X509 x509_s;

-	X509_CINF cinf_s;

-	X509_CRL crl_s;

-	X509_CRL_INFO crl_info_s;

-	stmp.type=type;

-	switch (type)

-		{

-	case X509_LU_X509:

-		stmp.data.x509= &x509_s;

-		x509_s.cert_info= &cinf_s;

-		cinf_s.subject=name;

-		break;

-	case X509_LU_CRL:

-		stmp.data.crl= &crl_s;

-		crl_s.crl= &crl_info_s;

-		crl_info_s.issuer=name;

-		break;

-	default:

-		/* abort(); */

-		return -1;

-		}

-	return sk_X509_OBJECT_find(h,&stmp);

-	}

-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,

-	     X509_NAME *name)

-{

-	int idx;

-	idx = X509_OBJECT_idx_by_subject(h, type, name);

-	if (idx==-1) return NULL;

-	return sk_X509_OBJECT_value(h, idx);

-}

-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)

-{

-	int idx, i;

-	X509_OBJECT *obj;

-	idx = sk_X509_OBJECT_find(h, x);

-	if (idx == -1) return NULL;

-	if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);

-	for (i = idx; i < sk_X509_OBJECT_num(h); i++)

-		{

-		obj = sk_X509_OBJECT_value(h, i);

-		if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))

-			return NULL;

-		if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))

-			return obj;

-		}

-	return NULL;

-}

-/* Try to get issuer certificate from store. Due to limitations

- * of the API this can only retrieve a single certificate matching

- * a given subject name. However it will fill the cache with all

- * matching certificates, so we can examine the cache for all

- * matches.

- *

- * Return values are:

- *  1 lookup successful.

- *  0 certificate not found.

- * -1 some other error.

- */

-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)

-{

-	X509_NAME *xn;

-	X509_OBJECT obj, *pobj;

-	int i, ok, idx;

-	xn=X509_get_issuer_name(x);

-	ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);

-	if (ok != X509_LU_X509)

-		{

-		if (ok == X509_LU_RETRY)

-			{

-			X509_OBJECT_free_contents(&obj);

-			X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);

-			return -1;

-			}

-		else if (ok != X509_LU_FAIL)

-			{

-			X509_OBJECT_free_contents(&obj);

-			/* not good :-(, break anyway */

-			return -1;

-			}

-		return 0;

-		}

-	/* If certificate matches all OK */

-	if (ctx->check_issued(ctx, x, obj.data.x509))

-		{

-		*issuer = obj.data.x509;

-		return 1;

-		}

-	X509_OBJECT_free_contents(&obj);

-	/* Else find index of first matching cert */

-	idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);

-	/* This shouldn't normally happen since we already have one match */

-	if (idx == -1) return 0;

-	/* Look through all matching certificates for a suitable issuer */

-	for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)

-		{

-		pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);

-		/* See if we've ran out of matches */

-		if (pobj->type != X509_LU_X509) return 0;

-		if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;

-		if (ctx->check_issued(ctx, x, pobj->data.x509))

-			{

-			*issuer = pobj->data.x509;

-			X509_OBJECT_up_ref_count(pobj);

-			return 1;

-			}

-		}

-	return 0;

-}

-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)

-	{

-	return X509_VERIFY_PARAM_set_flags(ctx->param, flags);

-	}

-int X509_STORE_set_depth(X509_STORE *ctx, int depth)

-	{

-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);

-	return 1;

-	}

-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)

-	{

-	return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);

-	}

-int X509_STORE_set_trust(X509_STORE *ctx, int trust)

-	{

-	return X509_VERIFY_PARAM_set_trust(ctx->param, trust);

-	}

-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)

-	{

-	return X509_VERIFY_PARAM_set1(ctx->param, param);

-	}

-IMPLEMENT_STACK_OF(X509_LOOKUP)

-IMPLEMENT_STACK_OF(X509_OBJECT)

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_obj.c

+++ /dev/null

@@ -1,226 +1,0 @@

-/* crypto/x509/x509_obj.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/buffer.h>

-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)

-	{

-	X509_NAME_ENTRY *ne;

-int i;

-	int n,lold,l,l1,l2,num,j,type;

-	const char *s;

-	char *p;

-	unsigned char *q;

-	BUF_MEM *b=NULL;

-	static char hex[17]="0123456789ABCDEF";

-	int gs_doit[4];

-	char tmp_buf[80];

-#ifdef CHARSET_EBCDIC

-	char ebcdic_buf[1024];

-#endif

-	if (buf == NULL)

-		{

-		if ((b=BUF_MEM_new()) == NULL) goto err;

-		if (!BUF_MEM_grow(b,200)) goto err;

-		b->data[0]='\0';

-		len=200;

-		}

-	if (a == NULL)

-	    {

-	    if(b)

-		{

-		buf=b->data;

-		OPENSSL_free(b);

-		}

-	    strncpy(buf,"NO X509_NAME",len);

-	    buf[len-1]='\0';

-	    return buf;

-	    }

-	len--; /* space for '\0' */

-	l=0;

-	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)

-		{

-		ne=sk_X509_NAME_ENTRY_value(a->entries,i);

-		n=OBJ_obj2nid(ne->object);

-		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))

-			{

-			i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);

-			s=tmp_buf;

-			}

-		l1=strlen(s);

-		type=ne->value->type;

-		num=ne->value->length;

-		q=ne->value->data;

-#ifdef CHARSET_EBCDIC

-                if (type == V_ASN1_GENERALSTRING ||

-		    type == V_ASN1_VISIBLESTRING ||

-		    type == V_ASN1_PRINTABLESTRING ||

-		    type == V_ASN1_TELETEXSTRING ||

-		    type == V_ASN1_VISIBLESTRING ||

-		    type == V_ASN1_IA5STRING) {

-                        ascii2ebcdic(ebcdic_buf, q,

-				     (num > sizeof ebcdic_buf)

-				     ? sizeof ebcdic_buf : num);

-                        q=ebcdic_buf;

-		}

-#endif

-		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))

-			{

-			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;

-			for (j=0; j<num; j++)

-				if (q[j] != 0) gs_doit[j&3]=1;

-			if (gs_doit[0]|gs_doit[1]|gs_doit[2])

-				gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;

-			else

-				{

-				gs_doit[0]=gs_doit[1]=gs_doit[2]=0;

-				gs_doit[3]=1;

-				}

-			}

-		else

-			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;

-		for (l2=j=0; j<num; j++)

-			{

-			if (!gs_doit[j&3]) continue;

-			l2++;

-#ifndef CHARSET_EBCDIC

-			if ((q[j] < ' ') || (q[j] > '~')) l2+=3;

-#else

-			if ((os_toascii[q[j]] < os_toascii[' ']) ||

-			    (os_toascii[q[j]] > os_toascii['~'])) l2+=3;

-#endif

-			}

-		lold=l;

-		l+=1+l1+1+l2;

-		if (b != NULL)

-			{

-			if (!BUF_MEM_grow(b,l+1)) goto err;

-			p= &(b->data[lold]);

-			}

-		else if (l > len)

-			{

-			break;

-			}

-		else

-			p= &(buf[lold]);

-		*(p++)='/';

-		memcpy(p,s,(unsigned int)l1); p+=l1;

-		*(p++)='=';

-#ifndef CHARSET_EBCDIC /* q was assigned above already. */

-		q=ne->value->data;

-#endif

-		for (j=0; j<num; j++)

-			{

-			if (!gs_doit[j&3]) continue;

-#ifndef CHARSET_EBCDIC

-			n=q[j];

-			if ((n < ' ') || (n > '~'))

-				{

-				*(p++)='\\';

-				*(p++)='x';

-				*(p++)=hex[(n>>4)&0x0f];

-				*(p++)=hex[n&0x0f];

-				}

-			else

-				*(p++)=n;

-#else

-			n=os_toascii[q[j]];

-			if ((n < os_toascii[' ']) ||

-			    (n > os_toascii['~']))

-				{

-				*(p++)='\\';

-				*(p++)='x';

-				*(p++)=hex[(n>>4)&0x0f];

-				*(p++)=hex[n&0x0f];

-				}

-			else

-				*(p++)=q[j];

-#endif

-			}

-		*p='\0';

-		}

-	if (b != NULL)

-		{

-		p=b->data;

-		OPENSSL_free(b);

-		}

-	else

-		p=buf;

-	if (i == 0)

-		*p = '\0';

-	return(p);

-err:

-	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);

-	if (b != NULL) BUF_MEM_free(b);

-	return(NULL);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_r2x.c

+++ /dev/null

@@ -1,114 +1,0 @@

-/* crypto/x509/x509_r2x.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)

-	{

-	X509 *ret=NULL;

-	X509_CINF *xi=NULL;

-	X509_NAME *xn;

-	if ((ret=X509_new()) == NULL)

-		{

-		X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	/* duplicate the request */

-	xi=ret->cert_info;

-	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)

-		{

-		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;

-		if (!ASN1_INTEGER_set(xi->version,2)) goto err;

-/*		xi->extensions=ri->attributes; <- bad, should not ever be done

-		ri->attributes=NULL; */

-		}

-	xn=X509_REQ_get_subject_name(r);

-	if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)

-		goto err;

-	if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)

-		goto err;

-	if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)

-		goto err;

-	if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)

-		goto err;

-	X509_set_pubkey(ret,X509_REQ_get_pubkey(r));

-	if (!X509_sign(ret,pkey,EVP_md5()))

-		goto err;

-	if (0)

-		{

-err:

-		X509_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_req.c

+++ /dev/null

@@ -1,324 +1,0 @@

-/* crypto/x509/x509_req.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/bn.h>

-#include <openssl/evp.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-#include <openssl/buffer.h>

-#include <openssl/pem.h>

-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)

-	{

-	X509_REQ *ret;

-	X509_REQ_INFO *ri;

-	int i;

-	EVP_PKEY *pktmp;

-	ret=X509_REQ_new();

-	if (ret == NULL)

-		{

-		X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	ri=ret->req_info;

-	ri->version->length=1;

-	ri->version->data=(unsigned char *)OPENSSL_malloc(1);

-	if (ri->version->data == NULL) goto err;

-	ri->version->data[0]=0; /* version == 0 */

-	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))

-		goto err;

-	pktmp = X509_get_pubkey(x);

-	i=X509_REQ_set_pubkey(ret,pktmp);

-	EVP_PKEY_free(pktmp);

-	if (!i) goto err;

-	if (pkey != NULL)

-		{

-		if (!X509_REQ_sign(ret,pkey,md))

-			goto err;

-		}

-	return(ret);

-err:

-	X509_REQ_free(ret);

-	return(NULL);

-	}

-EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)

-	{

-	if ((req == NULL) || (req->req_info == NULL))

-		return(NULL);

-	return(X509_PUBKEY_get(req->req_info->pubkey));

-	}

-int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)

-	{

-	EVP_PKEY *xk=NULL;

-	int ok=0;

-	xk=X509_REQ_get_pubkey(x);

-	switch (EVP_PKEY_cmp(xk, k))

-		{

-	case 1:

-		ok=1;

-		break;

-	case 0:

-		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);

-		break;

-	case -1:

-		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);

-		break;

-	case -2:

-#ifndef OPENSSL_NO_EC

-		if (k->type == EVP_PKEY_EC)

-			{

-			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);

-			break;

-			}

-#endif

-#ifndef OPENSSL_NO_DH

-		if (k->type == EVP_PKEY_DH)

-			{

-			/* No idea */

-			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);

-			break;

-			}

-#endif

-	        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);

-		}

-	EVP_PKEY_free(xk);

-	return(ok);

-	}

-/* It seems several organisations had the same idea of including a list of

- * extensions in a certificate request. There are at least two OIDs that are

- * used and there may be more: so the list is configurable.

- */

-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};

-static int *ext_nids = ext_nid_list;

-int X509_REQ_extension_nid(int req_nid)

-{

-	int i, nid;

-	for(i = 0; ; i++) {

-		nid = ext_nids[i];

-		if(nid == NID_undef) return 0;

-		else if (req_nid == nid) return 1;

-	}

-}

-int *X509_REQ_get_extension_nids(void)

-{

-	return ext_nids;

-}

-void X509_REQ_set_extension_nids(int *nids)

-{

-	ext_nids = nids;

-}

-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)

-	{

-	X509_ATTRIBUTE *attr;

-	ASN1_TYPE *ext = NULL;

-	int idx, *pnid;

-	const unsigned char *p;

-	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)

-		return(NULL);

-	for (pnid = ext_nids; *pnid != NID_undef; pnid++)

-		{

-		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);

-		if (idx == -1)

-			continue;

-		attr = X509_REQ_get_attr(req, idx);

-		if(attr->single) ext = attr->value.single;

-		else if(sk_ASN1_TYPE_num(attr->value.set))

-			ext = sk_ASN1_TYPE_value(attr->value.set, 0);

-		break;

-		}

-	if(!ext || (ext->type != V_ASN1_SEQUENCE))

-		return NULL;

-	p = ext->value.sequence->data;

-	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,

-			ext->value.sequence->length,

-			d2i_X509_EXTENSION, X509_EXTENSION_free,

-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);

-}

-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs

- * in case we want to create a non standard one.

- */

-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,

-				int nid)

-{

-	unsigned char *p = NULL, *q;

-	long len;

-	ASN1_TYPE *at = NULL;

-	X509_ATTRIBUTE *attr = NULL;

-	if(!(at = ASN1_TYPE_new()) ||

-		!(at->value.sequence = ASN1_STRING_new())) goto err;

-	at->type = V_ASN1_SEQUENCE;

-	/* Generate encoding of extensions */

-	len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,

-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);

-	if(!(p = OPENSSL_malloc(len))) goto err;

-	q = p;

-	i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,

-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);

-	at->value.sequence->data = p;

-	p = NULL;

-	at->value.sequence->length = len;

-	if(!(attr = X509_ATTRIBUTE_new())) goto err;

-	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;

-	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;

-	at = NULL;

-	attr->single = 0;

-	attr->object = OBJ_nid2obj(nid);

-	if (!req->req_info->attributes)

-		{

-		if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))

-			goto err;

-		}

-	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;

-	return 1;

-	err:

-	if(p) OPENSSL_free(p);

-	X509_ATTRIBUTE_free(attr);

-	ASN1_TYPE_free(at);

-	return 0;

-}

-/* This is the normal usage: use the "official" OID */

-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)

-{

-	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);

-}

-/* Request attribute functions */

-int X509_REQ_get_attr_count(const X509_REQ *req)

-{

-	return X509at_get_attr_count(req->req_info->attributes);

-}

-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,

-			  int lastpos)

-{

-	return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);

-}

-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,

-			  int lastpos)

-{

-	return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);

-}

-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)

-{

-	return X509at_get_attr(req->req_info->attributes, loc);

-}

-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)

-{

-	return X509at_delete_attr(req->req_info->attributes, loc);

-}

-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)

-{

-	if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;

-	return 0;

-}

-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,

-			const ASN1_OBJECT *obj, int type,

-			const unsigned char *bytes, int len)

-{

-	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,

-				type, bytes, len)) return 1;

-	return 0;

-}

-int X509_REQ_add1_attr_by_NID(X509_REQ *req,

-			int nid, int type,

-			const unsigned char *bytes, int len)

-{

-	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,

-				type, bytes, len)) return 1;

-	return 0;

-}

-int X509_REQ_add1_attr_by_txt(X509_REQ *req,

-			const char *attrname, int type,

-			const unsigned char *bytes, int len)

-{

-	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,

-				type, bytes, len)) return 1;

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_set.c

+++ /dev/null

@@ -1,150 +1,0 @@

-/* crypto/x509/x509_set.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-int X509_set_version(X509 *x, long version)

-	{

-	if (x == NULL) return(0);

-	if (x->cert_info->version == NULL)

-		{

-		if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)

-			return(0);

-		}

-	return(ASN1_INTEGER_set(x->cert_info->version,version));

-	}

-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)

-	{

-	ASN1_INTEGER *in;

-	if (x == NULL) return(0);

-	in=x->cert_info->serialNumber;

-	if (in != serial)

-		{

-		in=M_ASN1_INTEGER_dup(serial);

-		if (in != NULL)

-			{

-			M_ASN1_INTEGER_free(x->cert_info->serialNumber);

-			x->cert_info->serialNumber=in;

-			}

-		}

-	return(in != NULL);

-	}

-int X509_set_issuer_name(X509 *x, X509_NAME *name)

-	{

-	if ((x == NULL) || (x->cert_info == NULL)) return(0);

-	return(X509_NAME_set(&x->cert_info->issuer,name));

-	}

-int X509_set_subject_name(X509 *x, X509_NAME *name)

-	{

-	if ((x == NULL) || (x->cert_info == NULL)) return(0);

-	return(X509_NAME_set(&x->cert_info->subject,name));

-	}

-int X509_set_notBefore(X509 *x, ASN1_TIME *tm)

-	{

-	ASN1_TIME *in;

-	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);

-	in=x->cert_info->validity->notBefore;

-	if (in != tm)

-		{

-		in=M_ASN1_TIME_dup(tm);

-		if (in != NULL)

-			{

-			M_ASN1_TIME_free(x->cert_info->validity->notBefore);

-			x->cert_info->validity->notBefore=in;

-			}

-		}

-	return(in != NULL);

-	}

-int X509_set_notAfter(X509 *x, ASN1_TIME *tm)

-	{

-	ASN1_TIME *in;

-	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);

-	in=x->cert_info->validity->notAfter;

-	if (in != tm)

-		{

-		in=M_ASN1_TIME_dup(tm);

-		if (in != NULL)

-			{

-			M_ASN1_TIME_free(x->cert_info->validity->notAfter);

-			x->cert_info->validity->notAfter=in;

-			}

-		}

-	return(in != NULL);

-	}

-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)

-	{

-	if ((x == NULL) || (x->cert_info == NULL)) return(0);

-	return(X509_PUBKEY_set(&(x->cert_info->key),pkey));

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_trs.c

+++ /dev/null

@@ -1,287 +1,0 @@

-/* x509_trs.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509v3.h>

-static int tr_cmp(const X509_TRUST * const *a,

-		const X509_TRUST * const *b);

-static void trtable_free(X509_TRUST *p);

-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);

-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);

-static int trust_compat(X509_TRUST *trust, X509 *x, int flags);

-static int obj_trust(int id, X509 *x, int flags);

-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;

-/* WARNING: the following table should be kept in order of trust

- * and without any gaps so we can just subtract the minimum trust

- * value to get an index into the table

- */

-static X509_TRUST trstandard[] = {

-{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},

-{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},

-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},

-{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},

-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},

-{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},

-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}

-};

-#define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))

-IMPLEMENT_STACK_OF(X509_TRUST)

-static STACK_OF(X509_TRUST) *trtable = NULL;

-static int tr_cmp(const X509_TRUST * const *a,

-		const X509_TRUST * const *b)

-{

-	return (*a)->trust - (*b)->trust;

-}

-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)

-{

-	int (*oldtrust)(int , X509 *, int);

-	oldtrust = default_trust;

-	default_trust = trust;

-	return oldtrust;

-}

-int X509_check_trust(X509 *x, int id, int flags)

-{

-	X509_TRUST *pt;

-	int idx;

-	if(id == -1) return 1;

-	idx = X509_TRUST_get_by_id(id);

-	if(idx == -1) return default_trust(id, x, flags);

-	pt = X509_TRUST_get0(idx);

-	return pt->check_trust(pt, x, flags);

-}

-int X509_TRUST_get_count(void)

-{

-	if(!trtable) return X509_TRUST_COUNT;

-	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;

-}

-X509_TRUST * X509_TRUST_get0(int idx)

-{

-	if(idx < 0) return NULL;

-	if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;

-	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);

-}

-int X509_TRUST_get_by_id(int id)

-{

-	X509_TRUST tmp;

-	int idx;

-	if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))

-				 return id - X509_TRUST_MIN;

-	tmp.trust = id;

-	if(!trtable) return -1;

-	idx = sk_X509_TRUST_find(trtable, &tmp);

-	if(idx == -1) return -1;

-	return idx + X509_TRUST_COUNT;

-}

-int X509_TRUST_set(int *t, int trust)

-{

-	if(X509_TRUST_get_by_id(trust) == -1) {

-		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);

-		return 0;

-	}

-	*t = trust;

-	return 1;

-}

-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),

-					char *name, int arg1, void *arg2)

-{

-	int idx;

-	X509_TRUST *trtmp;

-	/* This is set according to what we change: application can't set it */

-	flags &= ~X509_TRUST_DYNAMIC;

-	/* This will always be set for application modified trust entries */

-	flags |= X509_TRUST_DYNAMIC_NAME;

-	/* Get existing entry if any */

-	idx = X509_TRUST_get_by_id(id);

-	/* Need a new entry */

-	if(idx == -1) {

-		if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {

-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		trtmp->flags = X509_TRUST_DYNAMIC;

-	} else trtmp = X509_TRUST_get0(idx);

-	/* OPENSSL_free existing name if dynamic */

-	if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);

-	/* dup supplied name */

-	if(!(trtmp->name = BUF_strdup(name))) {

-		X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	/* Keep the dynamic flag of existing entry */

-	trtmp->flags &= X509_TRUST_DYNAMIC;

-	/* Set all other flags */

-	trtmp->flags |= flags;

-	trtmp->trust = id;

-	trtmp->check_trust = ck;

-	trtmp->arg1 = arg1;

-	trtmp->arg2 = arg2;

-	/* If its a new entry manage the dynamic table */

-	if(idx == -1) {

-		if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {

-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		if (!sk_X509_TRUST_push(trtable, trtmp)) {

-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-	}

-	return 1;

-}

-static void trtable_free(X509_TRUST *p)

-	{

-	if(!p) return;

-	if (p->flags & X509_TRUST_DYNAMIC)

-		{

-		if (p->flags & X509_TRUST_DYNAMIC_NAME)

-			OPENSSL_free(p->name);

-		OPENSSL_free(p);

-		}

-	}

-void X509_TRUST_cleanup(void)

-{

-	unsigned int i;

-	for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);

-	sk_X509_TRUST_pop_free(trtable, trtable_free);

-	trtable = NULL;

-}

-int X509_TRUST_get_flags(X509_TRUST *xp)

-{

-	return xp->flags;

-}

-char *X509_TRUST_get0_name(X509_TRUST *xp)

-{

-	return xp->name;

-}

-int X509_TRUST_get_trust(X509_TRUST *xp)

-{

-	return xp->trust;

-}

-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)

-{

-	if(x->aux && (x->aux->trust || x->aux->reject))

-		return obj_trust(trust->arg1, x, flags);

-	/* we don't have any trust settings: for compatibility

-	 * we return trusted if it is self signed

-	 */

-	return trust_compat(trust, x, flags);

-}

-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)

-{

-	if(x->aux) return obj_trust(trust->arg1, x, flags);

-	return X509_TRUST_UNTRUSTED;

-}

-static int trust_compat(X509_TRUST *trust, X509 *x, int flags)

-{

-	X509_check_purpose(x, -1, 0);

-	if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;

-	else return X509_TRUST_UNTRUSTED;

-}

-static int obj_trust(int id, X509 *x, int flags)

-{

-	ASN1_OBJECT *obj;

-	int i;

-	X509_CERT_AUX *ax;

-	ax = x->aux;

-	if(!ax) return X509_TRUST_UNTRUSTED;

-	if(ax->reject) {

-		for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {

-			obj = sk_ASN1_OBJECT_value(ax->reject, i);

-			if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;

-		}

-	}

-	if(ax->trust) {

-		for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {

-			obj = sk_ASN1_OBJECT_value(ax->trust, i);

-			if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;

-		}

-	}

-	return X509_TRUST_UNTRUSTED;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_txt.c

+++ /dev/null

@@ -1,173 +1,0 @@

-/* crypto/x509/x509_txt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/lhash.h>

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-const char *X509_verify_cert_error_string(long n)

-	{

-	static char buf[100];

-	switch ((int)n)

-		{

-	case X509_V_OK:

-		return("ok");

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

-		return("unable to get issuer certificate");

-	case X509_V_ERR_UNABLE_TO_GET_CRL:

-		return("unable to get certificate CRL");

-	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:

-		return("unable to decrypt certificate's signature");

-	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:

-		return("unable to decrypt CRL's signature");

-	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:

-		return("unable to decode issuer public key");

-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:

-		return("certificate signature failure");

-	case X509_V_ERR_CRL_SIGNATURE_FAILURE:

-		return("CRL signature failure");

-	case X509_V_ERR_CERT_NOT_YET_VALID:

-		return("certificate is not yet valid");

-	case X509_V_ERR_CRL_NOT_YET_VALID:

-		return("CRL is not yet valid");

-	case X509_V_ERR_CERT_HAS_EXPIRED:

-		return("certificate has expired");

-	case X509_V_ERR_CRL_HAS_EXPIRED:

-		return("CRL has expired");

-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

-		return("format error in certificate's notBefore field");

-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

-		return("format error in certificate's notAfter field");

-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:

-		return("format error in CRL's lastUpdate field");

-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:

-		return("format error in CRL's nextUpdate field");

-	case X509_V_ERR_OUT_OF_MEM:

-		return("out of memory");

-	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:

-		return("self signed certificate");

-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:

-		return("self signed certificate in certificate chain");

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:

-		return("unable to get local issuer certificate");

-	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:

-		return("unable to verify the first certificate");

-	case X509_V_ERR_CERT_CHAIN_TOO_LONG:

-		return("certificate chain too long");

-	case X509_V_ERR_CERT_REVOKED:

-		return("certificate revoked");

-	case X509_V_ERR_INVALID_CA:

-		return ("invalid CA certificate");

-	case X509_V_ERR_INVALID_NON_CA:

-		return ("invalid non-CA certificate (has CA markings)");

-	case X509_V_ERR_PATH_LENGTH_EXCEEDED:

-		return ("path length constraint exceeded");

-	case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:

-		return("proxy path length constraint exceeded");

-	case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:

-		return("proxy certificates not allowed, please set the appropriate flag");

-	case X509_V_ERR_INVALID_PURPOSE:

-		return ("unsupported certificate purpose");

-	case X509_V_ERR_CERT_UNTRUSTED:

-		return ("certificate not trusted");

-	case X509_V_ERR_CERT_REJECTED:

-		return ("certificate rejected");

-	case X509_V_ERR_APPLICATION_VERIFICATION:

-		return("application verification failure");

-	case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:

-		return("subject issuer mismatch");

-	case X509_V_ERR_AKID_SKID_MISMATCH:

-		return("authority and subject key identifier mismatch");

-	case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:

-		return("authority and issuer serial number mismatch");

-	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:

-		return("key usage does not include certificate signing");

-	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:

-		return("unable to get CRL issuer certificate");

-	case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:

-		return("unhandled critical extension");

-	case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:

-		return("key usage does not include CRL signing");

-	case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:

-		return("key usage does not include digital signature");

-	case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:

-		return("unhandled critical CRL extension");

-	case X509_V_ERR_INVALID_EXTENSION:

-		return("invalid or inconsistent certificate extension");

-	case X509_V_ERR_INVALID_POLICY_EXTENSION:

-		return("invalid or inconsistent certificate policy extension");

-	case X509_V_ERR_NO_EXPLICIT_POLICY:

-		return("no explicit policy");

-	case X509_V_ERR_UNNESTED_RESOURCE:

-		return("RFC 3779 resource not subset of parent's resources");

-	default:

-		BIO_snprintf(buf,sizeof buf,"error number %ld",n);

-		return(buf);

-		}

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_v3.c

+++ /dev/null

@@ -1,274 +1,0 @@

-/* crypto/x509/x509_v3.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/stack.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)

-	{

-	if (x == NULL) return(0);

-	return(sk_X509_EXTENSION_num(x));

-	}

-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,

-			  int lastpos)

-	{

-	ASN1_OBJECT *obj;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL) return(-2);

-	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));

-	}

-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,

-			  int lastpos)

-	{

-	int n;

-	X509_EXTENSION *ex;

-	if (sk == NULL) return(-1);

-	lastpos++;

-	if (lastpos < 0)

-		lastpos=0;

-	n=sk_X509_EXTENSION_num(sk);

-	for ( ; lastpos < n; lastpos++)

-		{

-		ex=sk_X509_EXTENSION_value(sk,lastpos);

-		if (OBJ_cmp(ex->object,obj) == 0)

-			return(lastpos);

-		}

-	return(-1);

-	}

-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,

-			       int lastpos)

-	{

-	int n;

-	X509_EXTENSION *ex;

-	if (sk == NULL) return(-1);

-	lastpos++;

-	if (lastpos < 0)

-		lastpos=0;

-	n=sk_X509_EXTENSION_num(sk);

-	for ( ; lastpos < n; lastpos++)

-		{

-		ex=sk_X509_EXTENSION_value(sk,lastpos);

-		if (	((ex->critical > 0) && crit) ||

-			((ex->critical <= 0) && !crit))

-			return(lastpos);

-		}

-	return(-1);

-	}

-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)

-	{

-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)

-		return NULL;

-	else

-		return sk_X509_EXTENSION_value(x,loc);

-	}

-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)

-	{

-	X509_EXTENSION *ret;

-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)

-		return(NULL);

-	ret=sk_X509_EXTENSION_delete(x,loc);

-	return(ret);

-	}

-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,

-					 X509_EXTENSION *ex, int loc)

-	{

-	X509_EXTENSION *new_ex=NULL;

-	int n;

-	STACK_OF(X509_EXTENSION) *sk=NULL;

-	if (x == NULL)

-		{

-		X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);

-		goto err2;

-		}

-	if (*x == NULL)

-		{

-		if ((sk=sk_X509_EXTENSION_new_null()) == NULL)

-			goto err;

-		}

-	else

-		sk= *x;

-	n=sk_X509_EXTENSION_num(sk);

-	if (loc > n) loc=n;

-	else if (loc < 0) loc=n;

-	if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)

-		goto err2;

-	if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))

-		goto err;

-	if (*x == NULL)

-		*x=sk;

-	return(sk);

-err:

-	X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);

-err2:

-	if (new_ex != NULL) X509_EXTENSION_free(new_ex);

-	if (sk != NULL) sk_X509_EXTENSION_free(sk);

-	return(NULL);

-	}

-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,

-	     int crit, ASN1_OCTET_STRING *data)

-	{

-	ASN1_OBJECT *obj;

-	X509_EXTENSION *ret;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);

-		return(NULL);

-		}

-	ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);

-	if (ret == NULL) ASN1_OBJECT_free(obj);

-	return(ret);

-	}

-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,

-	     ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)

-	{

-	X509_EXTENSION *ret;

-	if ((ex == NULL) || (*ex == NULL))

-		{

-		if ((ret=X509_EXTENSION_new()) == NULL)

-			{

-			X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);

-			return(NULL);

-			}

-		}

-	else

-		ret= *ex;

-	if (!X509_EXTENSION_set_object(ret,obj))

-		goto err;

-	if (!X509_EXTENSION_set_critical(ret,crit))

-		goto err;

-	if (!X509_EXTENSION_set_data(ret,data))

-		goto err;

-	if ((ex != NULL) && (*ex == NULL)) *ex=ret;

-	return(ret);

-err:

-	if ((ex == NULL) || (ret != *ex))

-		X509_EXTENSION_free(ret);

-	return(NULL);

-	}

-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)

-	{

-	if ((ex == NULL) || (obj == NULL))

-		return(0);

-	ASN1_OBJECT_free(ex->object);

-	ex->object=OBJ_dup(obj);

-	return(1);

-	}

-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)

-	{

-	if (ex == NULL) return(0);

-	ex->critical=(crit)?0xFF:-1;

-	return(1);

-	}

-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)

-	{

-	int i;

-	if (ex == NULL) return(0);

-	i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);

-	if (!i) return(0);

-	return(1);

-	}

-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)

-	{

-	if (ex == NULL) return(NULL);

-	return(ex->object);

-	}

-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)

-	{

-	if (ex == NULL) return(NULL);

-	return(ex->value);

-	}

-int X509_EXTENSION_get_critical(X509_EXTENSION *ex)

-	{

-	if (ex == NULL) return(0);

-	if(ex->critical > 0) return 1;

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_vfy.c

+++ /dev/null

@@ -1,1548 +1,0 @@

-/* crypto/x509/x509_vfy.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <time.h>

-#include <errno.h>

-#include "cryptlib.h"

-#include <openssl/crypto.h>

-#include <openssl/lhash.h>

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/objects.h>

-static int null_callback(int ok,X509_STORE_CTX *e);

-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);

-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);

-static int check_chain_extensions(X509_STORE_CTX *ctx);

-static int check_trust(X509_STORE_CTX *ctx);

-static int check_revocation(X509_STORE_CTX *ctx);

-static int check_cert(X509_STORE_CTX *ctx);

-static int check_policy(X509_STORE_CTX *ctx);

-static int internal_verify(X509_STORE_CTX *ctx);

-const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;

-static int null_callback(int ok, X509_STORE_CTX *e)

-	{

-	return ok;

-	}

-#if 0

-static int x509_subject_cmp(X509 **a, X509 **b)

-	{

-	return X509_subject_name_cmp(*a,*b);

-	}

-#endif

-int X509_verify_cert(X509_STORE_CTX *ctx)

-	{

-	X509 *x,*xtmp,*chain_ss=NULL;

-	X509_NAME *xn;

-	int bad_chain = 0;

-	X509_VERIFY_PARAM *param = ctx->param;

-	int depth,i,ok=0;

-	int num;

-	int (*cb)(int xok,X509_STORE_CTX *xctx);

-	STACK_OF(X509) *sktmp=NULL;

-	if (ctx->cert == NULL)

-		{

-		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);

-		return -1;

-		}

-	cb=ctx->verify_cb;

-	/* first we make sure the chain we are going to build is

-	 * present and that the first entry is in place */

-	if (ctx->chain == NULL)

-		{

-		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||

-			(!sk_X509_push(ctx->chain,ctx->cert)))

-			{

-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);

-			goto end;

-			}

-		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);

-		ctx->last_untrusted=1;

-		}

-	/* We use a temporary STACK so we can chop and hack at it */

-	if (ctx->untrusted != NULL

-	    && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)

-		{

-		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);

-		goto end;

-		}

-	num=sk_X509_num(ctx->chain);

-	x=sk_X509_value(ctx->chain,num-1);

-	depth=param->depth;

-	for (;;)

-		{

-		/* If we have enough, we break */

-		if (depth < num) break; /* FIXME: If this happens, we should take

-		                         * note of it and, if appropriate, use the

-		                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error

-		                         * code later.

-		                         */

-		/* If we are self signed, we break */

-		xn=X509_get_issuer_name(x);

-		if (ctx->check_issued(ctx, x,x)) break;

-		/* If we were passed a cert chain, use it first */

-		if (ctx->untrusted != NULL)

-			{

-			xtmp=find_issuer(ctx, sktmp,x);

-			if (xtmp != NULL)

-				{

-				if (!sk_X509_push(ctx->chain,xtmp))

-					{

-					X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);

-					goto end;

-					}

-				CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);

-				(void)sk_X509_delete_ptr(sktmp,xtmp);

-				ctx->last_untrusted++;

-				x=xtmp;

-				num++;

-				/* reparse the full chain for

-				 * the next one */

-				continue;

-				}

-			}

-		break;

-		}

-	/* at this point, chain should contain a list of untrusted

-	 * certificates.  We now need to add at least one trusted one,

-	 * if possible, otherwise we complain. */

-	/* Examine last certificate in chain and see if it

- 	 * is self signed.

- 	 */

-	i=sk_X509_num(ctx->chain);

-	x=sk_X509_value(ctx->chain,i-1);

-	xn = X509_get_subject_name(x);

-	if (ctx->check_issued(ctx, x, x))

-		{

-		/* we have a self signed certificate */

-		if (sk_X509_num(ctx->chain) == 1)

-			{

-			/* We have a single self signed certificate: see if

-			 * we can find it in the store. We must have an exact

-			 * match to avoid possible impersonation.

-			 */

-			ok = ctx->get_issuer(&xtmp, ctx, x);

-			if ((ok <= 0) || X509_cmp(x, xtmp))

-				{

-				ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;

-				ctx->current_cert=x;

-				ctx->error_depth=i-1;

-				if (ok == 1) X509_free(xtmp);

-				bad_chain = 1;

-				ok=cb(0,ctx);

-				if (!ok) goto end;

-				}

-			else

-				{

-				/* We have a match: replace certificate with store version

-				 * so we get any trust settings.

-				 */

-				X509_free(x);

-				x = xtmp;

-				(void)sk_X509_set(ctx->chain, i - 1, x);

-				ctx->last_untrusted=0;

-				}

-			}

-		else

-			{

-			/* extract and save self signed certificate for later use */

-			chain_ss=sk_X509_pop(ctx->chain);

-			ctx->last_untrusted--;

-			num--;

-			x=sk_X509_value(ctx->chain,num-1);

-			}

-		}

-	/* We now lookup certs from the certificate store */

-	for (;;)

-		{

-		/* If we have enough, we break */

-		if (depth < num) break;

-		/* If we are self signed, we break */

-		xn=X509_get_issuer_name(x);

-		if (ctx->check_issued(ctx,x,x)) break;

-		ok = ctx->get_issuer(&xtmp, ctx, x);

-		if (ok < 0) return ok;

-		if (ok == 0) break;

-		x = xtmp;

-		if (!sk_X509_push(ctx->chain,x))

-			{

-			X509_free(xtmp);

-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);

-			return 0;

-			}

-		num++;

-		}

-	/* we now have our chain, lets check it... */

-	xn=X509_get_issuer_name(x);

-	/* Is last certificate looked up self signed? */

-	if (!ctx->check_issued(ctx,x,x))

-		{

-		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))

-			{

-			if (ctx->last_untrusted >= num)

-				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;

-			else

-				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;

-			ctx->current_cert=x;

-			}

-		else

-			{

-			sk_X509_push(ctx->chain,chain_ss);

-			num++;

-			ctx->last_untrusted=num;

-			ctx->current_cert=chain_ss;

-			ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;

-			chain_ss=NULL;

-			}

-		ctx->error_depth=num-1;

-		bad_chain = 1;

-		ok=cb(0,ctx);

-		if (!ok) goto end;

-		}

-	/* We have the chain complete: now we need to check its purpose */

-	ok = check_chain_extensions(ctx);

-	if (!ok) goto end;

-	/* The chain extensions are OK: check trust */

-	if (param->trust > 0) ok = check_trust(ctx);

-	if (!ok) goto end;

-	/* We may as well copy down any DSA parameters that are required */

-	X509_get_pubkey_parameters(NULL,ctx->chain);

-	/* Check revocation status: we do this after copying parameters

-	 * because they may be needed for CRL signature verification.

-	 */

-	ok = ctx->check_revocation(ctx);

-	if(!ok) goto end;

-	/* At this point, we have a chain and need to verify it */

-	if (ctx->verify != NULL)

-		ok=ctx->verify(ctx);

-	else

-		ok=internal_verify(ctx);

-	if(!ok) goto end;

-#ifndef OPENSSL_NO_RFC3779

-	/* RFC 3779 path validation, now that CRL check has been done */

-	ok = v3_asid_validate_path(ctx);

-	if (!ok) goto end;

-	ok = v3_addr_validate_path(ctx);

-	if (!ok) goto end;

-#endif

-	/* If we get this far evaluate policies */

-	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))

-		ok = ctx->check_policy(ctx);

-	if(!ok) goto end;

-	if (0)

-		{

-end:

-		X509_get_pubkey_parameters(NULL,ctx->chain);

-		}

-	if (sktmp != NULL) sk_X509_free(sktmp);

-	if (chain_ss != NULL) X509_free(chain_ss);

-	return ok;

-	}

-/* Given a STACK_OF(X509) find the issuer of cert (if any)

- */

-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)

-{

-	int i;

-	X509 *issuer;

-	for (i = 0; i < sk_X509_num(sk); i++)

-		{

-		issuer = sk_X509_value(sk, i);

-		if (ctx->check_issued(ctx, x, issuer))

-			return issuer;

-		}

-	return NULL;

-}

-/* Given a possible certificate and issuer check them */

-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)

-{

-	int ret;

-	ret = X509_check_issued(issuer, x);

-	if (ret == X509_V_OK)

-		return 1;

-	/* If we haven't asked for issuer errors don't set ctx */

-	if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))

-		return 0;

-	ctx->error = ret;

-	ctx->current_cert = x;

-	ctx->current_issuer = issuer;

-	return ctx->verify_cb(0, ctx);

-	return 0;

-}

-/* Alternative lookup method: look from a STACK stored in other_ctx */

-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)

-{

-	*issuer = find_issuer(ctx, ctx->other_ctx, x);

-	if (*issuer)

-		{

-		CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);

-		return 1;

-		}

-	else

-		return 0;

-}

-/* Check a certificate chains extensions for consistency

- * with the supplied purpose

- */

-static int check_chain_extensions(X509_STORE_CTX *ctx)

-{

-#ifdef OPENSSL_NO_CHAIN_VERIFY

-	return 1;

-#else

-	int i, ok=0, must_be_ca;

-	X509 *x;

-	int (*cb)(int xok,X509_STORE_CTX *xctx);

-	int proxy_path_length = 0;

-	int allow_proxy_certs =

-		!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);

-	cb=ctx->verify_cb;

-	/* must_be_ca can have 1 of 3 values:

-	   -1: we accept both CA and non-CA certificates, to allow direct

-	       use of self-signed certificates (which are marked as CA).

-	   0:  we only accept non-CA certificates.  This is currently not

-	       used, but the possibility is present for future extensions.

-	   1:  we only accept CA certificates.  This is currently used for

-	       all certificates in the chain except the leaf certificate.

-	*/

-	must_be_ca = -1;

-	/* A hack to keep people who don't want to modify their software

-	   happy */

-	if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))

-		allow_proxy_certs = 1;

-	/* Check all untrusted certificates */

-	for (i = 0; i < ctx->last_untrusted; i++)

-		{

-		int ret;

-		x = sk_X509_value(ctx->chain, i);

-		if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)

-			&& (x->ex_flags & EXFLAG_CRITICAL))

-			{

-			ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;

-			ctx->error_depth = i;

-			ctx->current_cert = x;

-			ok=cb(0,ctx);

-			if (!ok) goto end;

-			}

-		if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))

-			{

-			ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;

-			ctx->error_depth = i;

-			ctx->current_cert = x;

-			ok=cb(0,ctx);

-			if (!ok) goto end;

-			}

-		ret = X509_check_ca(x);

-		switch(must_be_ca)

-			{

-		case -1:

-			if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)

-				&& (ret != 1) && (ret != 0))

-				{

-				ret = 0;

-				ctx->error = X509_V_ERR_INVALID_CA;

-				}

-			else

-				ret = 1;

-			break;

-		case 0:

-			if (ret != 0)

-				{

-				ret = 0;

-				ctx->error = X509_V_ERR_INVALID_NON_CA;

-				}

-			else

-				ret = 1;

-			break;

-		default:

-			if ((ret == 0)

-				|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)

-					&& (ret != 1)))

-				{

-				ret = 0;

-				ctx->error = X509_V_ERR_INVALID_CA;

-				}

-			else

-				ret = 1;

-			break;

-			}

-		if (ret == 0)

-			{

-			ctx->error_depth = i;

-			ctx->current_cert = x;

-			ok=cb(0,ctx);

-			if (!ok) goto end;

-			}

-		if (ctx->param->purpose > 0)

-			{

-			ret = X509_check_purpose(x, ctx->param->purpose,

-				must_be_ca > 0);

-			if ((ret == 0)

-				|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)

-					&& (ret != 1)))

-				{

-				ctx->error = X509_V_ERR_INVALID_PURPOSE;

-				ctx->error_depth = i;

-				ctx->current_cert = x;

-				ok=cb(0,ctx);

-				if (!ok) goto end;

-				}

-			}

-		/* Check pathlen */

-		if ((i > 1) && (x->ex_pathlen != -1)

-			   && (i > (x->ex_pathlen + proxy_path_length + 1)))

-			{

-			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;

-			ctx->error_depth = i;

-			ctx->current_cert = x;

-			ok=cb(0,ctx);

-			if (!ok) goto end;

-			}

-		/* If this certificate is a proxy certificate, the next

-		   certificate must be another proxy certificate or a EE

-		   certificate.  If not, the next certificate must be a

-		   CA certificate.  */

-		if (x->ex_flags & EXFLAG_PROXY)

-			{

-			if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)

-				{

-				ctx->error =

-					X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;

-				ctx->error_depth = i;

-				ctx->current_cert = x;

-				ok=cb(0,ctx);

-				if (!ok) goto end;

-				}

-			proxy_path_length++;

-			must_be_ca = 0;

-			}

-		else

-			must_be_ca = 1;

-		}

-	ok = 1;

- end:

-	return ok;

-#endif

-}

-static int check_trust(X509_STORE_CTX *ctx)

-{

-#ifdef OPENSSL_NO_CHAIN_VERIFY

-	return 1;

-#else

-	int i, ok;

-	X509 *x;

-	int (*cb)(int xok,X509_STORE_CTX *xctx);

-	cb=ctx->verify_cb;

-/* For now just check the last certificate in the chain */

-	i = sk_X509_num(ctx->chain) - 1;

-	x = sk_X509_value(ctx->chain, i);

-	ok = X509_check_trust(x, ctx->param->trust, 0);

-	if (ok == X509_TRUST_TRUSTED)

-		return 1;

-	ctx->error_depth = i;

-	ctx->current_cert = x;

-	if (ok == X509_TRUST_REJECTED)

-		ctx->error = X509_V_ERR_CERT_REJECTED;

-	else

-		ctx->error = X509_V_ERR_CERT_UNTRUSTED;

-	ok = cb(0, ctx);

-	return ok;

-#endif

-}

-static int check_revocation(X509_STORE_CTX *ctx)

-	{

-	int i, last, ok;

-	if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))

-		return 1;

-	if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)

-		last = sk_X509_num(ctx->chain) - 1;

-	else

-		last = 0;

-	for(i = 0; i <= last; i++)

-		{

-		ctx->error_depth = i;

-		ok = check_cert(ctx);

-		if (!ok) return ok;

-		}

-	return 1;

-	}

-static int check_cert(X509_STORE_CTX *ctx)

-	{

-	X509_CRL *crl = NULL;

-	X509 *x;

-	int ok, cnum;

-	cnum = ctx->error_depth;

-	x = sk_X509_value(ctx->chain, cnum);

-	ctx->current_cert = x;

-	/* Try to retrieve relevant CRL */

-	ok = ctx->get_crl(ctx, &crl, x);

-	/* If error looking up CRL, nothing we can do except

-	 * notify callback

-	 */

-	if(!ok)

-		{

-		ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;

-		ok = ctx->verify_cb(0, ctx);

-		goto err;

-		}

-	ctx->current_crl = crl;

-	ok = ctx->check_crl(ctx, crl);

-	if (!ok) goto err;

-	ok = ctx->cert_crl(ctx, crl, x);

-	err:

-	ctx->current_crl = NULL;

-	X509_CRL_free(crl);

-	return ok;

-	}

-/* Check CRL times against values in X509_STORE_CTX */

-static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)

-	{

-	time_t *ptime;

-	int i;

-	ctx->current_crl = crl;

-	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)

-		ptime = &ctx->param->check_time;

-	else

-		ptime = NULL;

-	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);

-	if (i == 0)

-		{

-		ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;

-		if (!notify || !ctx->verify_cb(0, ctx))

-			return 0;

-		}

-	if (i > 0)

-		{

-		ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;

-		if (!notify || !ctx->verify_cb(0, ctx))

-			return 0;

-		}

-	if(X509_CRL_get_nextUpdate(crl))

-		{

-		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);

-		if (i == 0)

-			{

-			ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;

-			if (!notify || !ctx->verify_cb(0, ctx))

-				return 0;

-			}

-		if (i < 0)

-			{

-			ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;

-			if (!notify || !ctx->verify_cb(0, ctx))

-				return 0;

-			}

-		}

-	ctx->current_crl = NULL;

-	return 1;

-	}

-/* Lookup CRLs from the supplied list. Look for matching isser name

- * and validity. If we can't find a valid CRL return the last one

- * with matching name. This gives more meaningful error codes. Otherwise

- * we'd get a CRL not found error if a CRL existed with matching name but

- * was invalid.

- */

-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,

-			X509_NAME *nm, STACK_OF(X509_CRL) *crls)

-	{

-	int i;

-	X509_CRL *crl, *best_crl = NULL;

-	for (i = 0; i < sk_X509_CRL_num(crls); i++)

-		{

-		crl = sk_X509_CRL_value(crls, i);

-		if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))

-			continue;

-		if (check_crl_time(ctx, crl, 0))

-			{

-			*pcrl = crl;

-			CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);

-			return 1;

-			}

-		best_crl = crl;

-		}

-	if (best_crl)

-		{

-		*pcrl = best_crl;

-		CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);

-		}

-	return 0;

-	}

-/* Retrieve CRL corresponding to certificate: currently just a

- * subject lookup: maybe use AKID later...

- */

-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)

-	{

-	int ok;

-	X509_CRL *crl = NULL;

-	X509_OBJECT xobj;

-	X509_NAME *nm;

-	nm = X509_get_issuer_name(x);

-	ok = get_crl_sk(ctx, &crl, nm, ctx->crls);

-	if (ok)

-		{

-		*pcrl = crl;

-		return 1;

-		}

-	ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);

-	if (!ok)

-		{

-		/* If we got a near match from get_crl_sk use that */

-		if (crl)

-			{

-			*pcrl = crl;

-			return 1;

-			}

-		return 0;

-		}

-	*pcrl = xobj.data.crl;

-	if (crl)

-		X509_CRL_free(crl);

-	return 1;

-	}

-/* Check CRL validity */

-static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)

-	{

-	X509 *issuer = NULL;

-	EVP_PKEY *ikey = NULL;

-	int ok = 0, chnum, cnum;

-	cnum = ctx->error_depth;

-	chnum = sk_X509_num(ctx->chain) - 1;

-	/* Find CRL issuer: if not last certificate then issuer

-	 * is next certificate in chain.

-	 */

-	if(cnum < chnum)

-		issuer = sk_X509_value(ctx->chain, cnum + 1);

-	else

-		{

-		issuer = sk_X509_value(ctx->chain, chnum);

-		/* If not self signed, can't check signature */

-		if(!ctx->check_issued(ctx, issuer, issuer))

-			{

-			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;

-			ok = ctx->verify_cb(0, ctx);

-			if(!ok) goto err;

-			}

-		}

-	if(issuer)

-		{

-		/* Check for cRLSign bit if keyUsage present */

-		if ((issuer->ex_flags & EXFLAG_KUSAGE) &&

-			!(issuer->ex_kusage & KU_CRL_SIGN))

-			{

-			ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;

-			ok = ctx->verify_cb(0, ctx);

-			if(!ok) goto err;

-			}

-		/* Attempt to get issuer certificate public key */

-		ikey = X509_get_pubkey(issuer);

-		if(!ikey)

-			{

-			ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;

-			ok = ctx->verify_cb(0, ctx);

-			if (!ok) goto err;

-			}

-		else

-			{

-			/* Verify CRL signature */

-			if(X509_CRL_verify(crl, ikey) <= 0)

-				{

-				ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;

-				ok = ctx->verify_cb(0, ctx);

-				if (!ok) goto err;

-				}

-			}

-		}

-	ok = check_crl_time(ctx, crl, 1);

-	if (!ok)

-		goto err;

-	ok = 1;

-	err:

-	EVP_PKEY_free(ikey);

-	return ok;

-	}

-/* Check certificate against CRL */

-static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)

-	{

-	int idx, ok;

-	X509_REVOKED rtmp;

-	STACK_OF(X509_EXTENSION) *exts;

-	X509_EXTENSION *ext;

-	/* Look for serial number of certificate in CRL */

-	rtmp.serialNumber = X509_get_serialNumber(x);

-	/* Sort revoked into serial number order if not already sorted.

-	 * Do this under a lock to avoid race condition.

- 	 */

-	if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);

-		sk_X509_REVOKED_sort(crl->crl->revoked);

-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);

-		}

-	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);

-	/* If found assume revoked: want something cleverer than

-	 * this to handle entry extensions in V2 CRLs.

-	 */

-	if(idx >= 0)

-		{

-		ctx->error = X509_V_ERR_CERT_REVOKED;

-		ok = ctx->verify_cb(0, ctx);

-		if (!ok) return 0;

-		}

-	if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)

-		return 1;

-	/* See if we have any critical CRL extensions: since we

-	 * currently don't handle any CRL extensions the CRL must be

-	 * rejected.

-	 * This code accesses the X509_CRL structure directly: applications

-	 * shouldn't do this.

-	 */

-	exts = crl->crl->extensions;

-	for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)

-		{

-		ext = sk_X509_EXTENSION_value(exts, idx);

-		if (ext->critical > 0)

-			{

-			ctx->error =

-				X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;

-			ok = ctx->verify_cb(0, ctx);

-			if(!ok) return 0;

-			break;

-			}

-		}

-	return 1;

-	}

-static int check_policy(X509_STORE_CTX *ctx)

-	{

-	int ret;

-	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,

-				ctx->param->policies, ctx->param->flags);

-	if (ret == 0)

-		{

-		X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	/* Invalid or inconsistent extensions */

-	if (ret == -1)

-		{

-		/* Locate certificates with bad extensions and notify

-		 * callback.

-		 */

-		X509 *x;

-		int i;

-		for (i = 1; i < sk_X509_num(ctx->chain); i++)

-			{

-			x = sk_X509_value(ctx->chain, i);

-			if (!(x->ex_flags & EXFLAG_INVALID_POLICY))

-				continue;

-			ctx->current_cert = x;

-			ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;

-			ret = ctx->verify_cb(0, ctx);

-			}

-		return 1;

-		}

-	if (ret == -2)

-		{

-		ctx->current_cert = NULL;

-		ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;

-		return ctx->verify_cb(0, ctx);

-		}

-	if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)

-		{

-		ctx->current_cert = NULL;

-		ctx->error = X509_V_OK;

-		if (!ctx->verify_cb(2, ctx))

-			return 0;

-		}

-	return 1;

-	}

-static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)

-	{

-	time_t *ptime;

-	int i;

-	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)

-		ptime = &ctx->param->check_time;

-	else

-		ptime = NULL;

-	i=X509_cmp_time(X509_get_notBefore(x), ptime);

-	if (i == 0)

-		{

-		ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;

-		ctx->current_cert=x;

-		if (!ctx->verify_cb(0, ctx))

-			return 0;

-		}

-	if (i > 0)

-		{

-		ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;

-		ctx->current_cert=x;

-		if (!ctx->verify_cb(0, ctx))

-			return 0;

-		}

-	i=X509_cmp_time(X509_get_notAfter(x), ptime);

-	if (i == 0)

-		{

-		ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;

-		ctx->current_cert=x;

-		if (!ctx->verify_cb(0, ctx))

-			return 0;

-		}

-	if (i < 0)

-		{

-		ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;

-		ctx->current_cert=x;

-		if (!ctx->verify_cb(0, ctx))

-			return 0;

-		}

-	return 1;

-	}

-static int internal_verify(X509_STORE_CTX *ctx)

-	{

-	int ok=0,n;

-	X509 *xs,*xi;

-	EVP_PKEY *pkey=NULL;

-	int (*cb)(int xok,X509_STORE_CTX *xctx);

-	cb=ctx->verify_cb;

-	n=sk_X509_num(ctx->chain);

-	ctx->error_depth=n-1;

-	n--;

-	xi=sk_X509_value(ctx->chain,n);

-	if (ctx->check_issued(ctx, xi, xi))

-		xs=xi;

-	else

-		{

-		if (n <= 0)

-			{

-			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;

-			ctx->current_cert=xi;

-			ok=cb(0,ctx);

-			goto end;

-			}

-		else

-			{

-			n--;

-			ctx->error_depth=n;

-			xs=sk_X509_value(ctx->chain,n);

-			}

-		}

-/*	ctx->error=0;  not needed */

-	while (n >= 0)

-		{

-		ctx->error_depth=n;

-		if (!xs->valid)

-			{

-			if ((pkey=X509_get_pubkey(xi)) == NULL)

-				{

-				ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;

-				ctx->current_cert=xi;

-				ok=(*cb)(0,ctx);

-				if (!ok) goto end;

-				}

-			else if (X509_verify(xs,pkey) <= 0)

-				/* XXX  For the final trusted self-signed cert,

-				 * this is a waste of time.  That check should

-				 * optional so that e.g. 'openssl x509' can be

-				 * used to detect invalid self-signatures, but

-				 * we don't verify again and again in SSL

-				 * handshakes and the like once the cert has

-				 * been declared trusted. */

-				{

-				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;

-				ctx->current_cert=xs;

-				ok=(*cb)(0,ctx);

-				if (!ok)

-					{

-					EVP_PKEY_free(pkey);

-					goto end;

-					}

-				}

-			EVP_PKEY_free(pkey);

-			pkey=NULL;

-			}

-		xs->valid = 1;

-		ok = check_cert_time(ctx, xs);

-		if (!ok)

-			goto end;

-		/* The last error (if any) is still in the error value */

-		ctx->current_issuer=xi;

-		ctx->current_cert=xs;

-		ok=(*cb)(1,ctx);

-		if (!ok) goto end;

-		n--;

-		if (n >= 0)

-			{

-			xi=xs;

-			xs=sk_X509_value(ctx->chain,n);

-			}

-		}

-	ok=1;

-end:

-	return ok;

-	}

-int X509_cmp_current_time(ASN1_TIME *ctm)

-{

-	return X509_cmp_time(ctm, NULL);

-}

-int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)

-	{

-	char *str;

-	ASN1_TIME atm;

-	long offset;

-	char buff1[24],buff2[24],*p;

-	int i,j;

-	p=buff1;

-	i=ctm->length;

-	str=(char *)ctm->data;

-	if (ctm->type == V_ASN1_UTCTIME)

-		{

-		if ((i < 11) || (i > 17)) return 0;

-		memcpy(p,str,10);

-		p+=10;

-		str+=10;

-		}

-	else

-		{

-		if (i < 13) return 0;

-		memcpy(p,str,12);

-		p+=12;

-		str+=12;

-		}

-	if ((*str == 'Z') || (*str == '-') || (*str == '+'))

-		{ *(p++)='0'; *(p++)='0'; }

-	else

-		{

-		*(p++)= *(str++);

-		*(p++)= *(str++);

-		/* Skip any fractional seconds... */

-		if (*str == '.')

-			{

-			str++;

-			while ((*str >= '0') && (*str <= '9')) str++;

-			}

-		}

-	*(p++)='Z';

-	*(p++)='\0';

-	if (*str == 'Z')

-		offset=0;

-	else

-		{

-		if ((*str != '+') && (*str != '-'))

-			return 0;

-		offset=((str[1]-'0')*10+(str[2]-'0'))*60;

-		offset+=(str[3]-'0')*10+(str[4]-'0');

-		if (*str == '-')

-			offset= -offset;

-		}

-	atm.type=ctm->type;

-	atm.length=sizeof(buff2);

-	atm.data=(unsigned char *)buff2;

-	if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)

-		return 0;

-	if (ctm->type == V_ASN1_UTCTIME)

-		{

-		i=(buff1[0]-'0')*10+(buff1[1]-'0');

-		if (i < 50) i+=100; /* cf. RFC 2459 */

-		j=(buff2[0]-'0')*10+(buff2[1]-'0');

-		if (j < 50) j+=100;

-		if (i < j) return -1;

-		if (i > j) return 1;

-		}

-	i=strcmp(buff1,buff2);

-	if (i == 0) /* wait a second then return younger :-) */

-		return -1;

-	else

-		return i;

-	}

-ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)

-{

-	return X509_time_adj(s, adj, NULL);

-}

-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)

-	{

-	time_t t;

-	int type = -1;

-	if (in_tm) t = *in_tm;

-	else time(&t);

-	t+=adj;

-	if (s) type = s->type;

-	if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);

-	if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);

-	return ASN1_TIME_set(s, t);

-	}

-int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)

-	{

-	EVP_PKEY *ktmp=NULL,*ktmp2;

-	int i,j;

-	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;

-	for (i=0; i<sk_X509_num(chain); i++)

-		{

-		ktmp=X509_get_pubkey(sk_X509_value(chain,i));

-		if (ktmp == NULL)

-			{

-			X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);

-			return 0;

-			}

-		if (!EVP_PKEY_missing_parameters(ktmp))

-			break;

-		else

-			{

-			EVP_PKEY_free(ktmp);

-			ktmp=NULL;

-			}

-		}

-	if (ktmp == NULL)

-		{

-		X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);

-		return 0;

-		}

-	/* first, populate the other certs */

-	for (j=i-1; j >= 0; j--)

-		{

-		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));

-		EVP_PKEY_copy_parameters(ktmp2,ktmp);

-		EVP_PKEY_free(ktmp2);

-		}

-	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);

-	EVP_PKEY_free(ktmp);

-	return 1;

-	}

-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-	{

-	/* This function is (usually) called only once, by

-	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,

-			new_func, dup_func, free_func);

-	}

-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)

-	{

-	return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);

-	}

-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)

-	{

-	return CRYPTO_get_ex_data(&ctx->ex_data,idx);

-	}

-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)

-	{

-	return ctx->error;

-	}

-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)

-	{

-	ctx->error=err;

-	}

-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)

-	{

-	return ctx->error_depth;

-	}

-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)

-	{

-	return ctx->current_cert;

-	}

-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)

-	{

-	return ctx->chain;

-	}

-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)

-	{

-	int i;

-	X509 *x;

-	STACK_OF(X509) *chain;

-	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;

-	for (i = 0; i < sk_X509_num(chain); i++)

-		{

-		x = sk_X509_value(chain, i);

-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

-		}

-	return chain;

-	}

-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)

-	{

-	ctx->cert=x;

-	}

-void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)

-	{

-	ctx->untrusted=sk;

-	}

-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)

-	{

-	ctx->crls=sk;

-	}

-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)

-	{

-	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);

-	}

-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)

-	{

-	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);

-	}

-/* This function is used to set the X509_STORE_CTX purpose and trust

- * values. This is intended to be used when another structure has its

- * own trust and purpose values which (if set) will be inherited by

- * the ctx. If they aren't set then we will usually have a default

- * purpose in mind which should then be used to set the trust value.

- * An example of this is SSL use: an SSL structure will have its own

- * purpose and trust settings which the application can set: if they

- * aren't set then we use the default of SSL client/server.

- */

-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

-				int purpose, int trust)

-{

-	int idx;

-	/* If purpose not set use default */

-	if (!purpose) purpose = def_purpose;

-	/* If we have a purpose then check it is valid */

-	if (purpose)

-		{

-		X509_PURPOSE *ptmp;

-		idx = X509_PURPOSE_get_by_id(purpose);

-		if (idx == -1)

-			{

-			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,

-						X509_R_UNKNOWN_PURPOSE_ID);

-			return 0;

-			}

-		ptmp = X509_PURPOSE_get0(idx);

-		if (ptmp->trust == X509_TRUST_DEFAULT)

-			{

-			idx = X509_PURPOSE_get_by_id(def_purpose);

-			if (idx == -1)

-				{

-				X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,

-						X509_R_UNKNOWN_PURPOSE_ID);

-				return 0;

-				}

-			ptmp = X509_PURPOSE_get0(idx);

-			}

-		/* If trust not set then get from purpose default */

-		if (!trust) trust = ptmp->trust;

-		}

-	if (trust)

-		{

-		idx = X509_TRUST_get_by_id(trust);

-		if (idx == -1)

-			{

-			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,

-						X509_R_UNKNOWN_TRUST_ID);

-			return 0;

-			}

-		}

-	if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;

-	if (trust && !ctx->param->trust) ctx->param->trust = trust;

-	return 1;

-}

-X509_STORE_CTX *X509_STORE_CTX_new(void)

-{

-	X509_STORE_CTX *ctx;

-	ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));

-	if (!ctx)

-		{

-		X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	memset(ctx, 0, sizeof(X509_STORE_CTX));

-	return ctx;

-}

-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)

-{

-	X509_STORE_CTX_cleanup(ctx);

-	OPENSSL_free(ctx);

-}

-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,

-	     STACK_OF(X509) *chain)

-	{

-	int ret = 1;

-	ctx->ctx=store;

-	ctx->current_method=0;

-	ctx->cert=x509;

-	ctx->untrusted=chain;

-	ctx->crls = NULL;

-	ctx->last_untrusted=0;

-	ctx->other_ctx=NULL;

-	ctx->valid=0;

-	ctx->chain=NULL;

-	ctx->error=0;

-	ctx->explicit_policy=0;

-	ctx->error_depth=0;

-	ctx->current_cert=NULL;

-	ctx->current_issuer=NULL;

-	ctx->tree = NULL;

-	ctx->param = X509_VERIFY_PARAM_new();

-	if (!ctx->param)

-		{

-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	/* Inherit callbacks and flags from X509_STORE if not set

-	 * use defaults.

-	 */

-	if (store)

-		ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);

-	else

-		ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;

-	if (store)

-		{

-		ctx->verify_cb = store->verify_cb;

-		ctx->cleanup = store->cleanup;

-		}

-	else

-		ctx->cleanup = 0;

-	if (ret)

-		ret = X509_VERIFY_PARAM_inherit(ctx->param,

-					X509_VERIFY_PARAM_lookup("default"));

-	if (ret == 0)

-		{

-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	if (store && store->check_issued)

-		ctx->check_issued = store->check_issued;

-	else

-		ctx->check_issued = check_issued;

-	if (store && store->get_issuer)

-		ctx->get_issuer = store->get_issuer;

-	else

-		ctx->get_issuer = X509_STORE_CTX_get1_issuer;

-	if (store && store->verify_cb)

-		ctx->verify_cb = store->verify_cb;

-	else

-		ctx->verify_cb = null_callback;

-	if (store && store->verify)

-		ctx->verify = store->verify;

-	else

-		ctx->verify = internal_verify;

-	if (store && store->check_revocation)

-		ctx->check_revocation = store->check_revocation;

-	else

-		ctx->check_revocation = check_revocation;

-	if (store && store->get_crl)

-		ctx->get_crl = store->get_crl;

-	else

-		ctx->get_crl = get_crl;

-	if (store && store->check_crl)

-		ctx->check_crl = store->check_crl;

-	else

-		ctx->check_crl = check_crl;

-	if (store && store->cert_crl)

-		ctx->cert_crl = store->cert_crl;

-	else

-		ctx->cert_crl = cert_crl;

-	ctx->check_policy = check_policy;

-	/* This memset() can't make any sense anyway, so it's removed. As

-	 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a

-	 * corresponding "new" here and remove this bogus initialisation. */

-	/* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */

-	if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,

-				&(ctx->ex_data)))

-		{

-		OPENSSL_free(ctx);

-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);

-		return 0;

-		}

-	return 1;

-	}

-/* Set alternative lookup method: just a STACK of trusted certificates.

- * This avoids X509_STORE nastiness where it isn't needed.

- */

-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)

-{

-	ctx->other_ctx = sk;

-	ctx->get_issuer = get_issuer_sk;

-}

-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)

-	{

-	if (ctx->cleanup) ctx->cleanup(ctx);

-	if (ctx->param != NULL)

-		{

-		X509_VERIFY_PARAM_free(ctx->param);

-		ctx->param=NULL;

-		}

-	if (ctx->tree != NULL)

-		{

-		X509_policy_tree_free(ctx->tree);

-		ctx->tree=NULL;

-		}

-	if (ctx->chain != NULL)

-		{

-		sk_X509_pop_free(ctx->chain,X509_free);

-		ctx->chain=NULL;

-		}

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));

-	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));

-	}

-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)

-	{

-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);

-	}

-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)

-	{

-	X509_VERIFY_PARAM_set_flags(ctx->param, flags);

-	}

-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)

-	{

-	X509_VERIFY_PARAM_set_time(ctx->param, t);

-	}

-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,

-				  int (*verify_cb)(int, X509_STORE_CTX *))

-	{

-	ctx->verify_cb=verify_cb;

-	}

-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)

-	{

-	return ctx->tree;

-	}

-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)

-	{

-	return ctx->explicit_policy;

-	}

-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)

-	{

-	const X509_VERIFY_PARAM *param;

-	param = X509_VERIFY_PARAM_lookup(name);

-	if (!param)

-		return 0;

-	return X509_VERIFY_PARAM_inherit(ctx->param, param);

-	}

-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)

-	{

-	return ctx->param;

-	}

-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)

-	{

-	if (ctx->param)

-		X509_VERIFY_PARAM_free(ctx->param);

-	ctx->param = param;

-	}

-IMPLEMENT_STACK_OF(X509)

-IMPLEMENT_ASN1_SET_OF(X509)

-IMPLEMENT_STACK_OF(X509_NAME)

-IMPLEMENT_STACK_OF(X509_ATTRIBUTE)

-IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_vfy.h

+++ /dev/null

@@ -1,531 +1,0 @@

-/* crypto/x509/x509_vfy.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_X509_H

-#include <openssl/x509.h>

-/* openssl/x509.h ends up #include-ing this file at about the only

- * appropriate moment. */

-#endif

-#ifndef HEADER_X509_VFY_H

-#define HEADER_X509_VFY_H

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_LHASH

-#include <openssl/lhash.h>

-#endif

-#include <openssl/bio.h>

-#include <openssl/crypto.h>

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Outer object */

-typedef struct x509_hash_dir_st

-	{

-	int num_dirs;

-	char **dirs;

-	int *dirs_type;

-	int num_dirs_alloced;

-	} X509_HASH_DIR_CTX;

-typedef struct x509_file_st

-	{

-	int num_paths;	/* number of paths to files or directories */

-	int num_alloced;

-	char **paths;	/* the list of paths or directories */

-	int *path_type;

-	} X509_CERT_FILE_CTX;

-/*******************************/

-/*

-SSL_CTX -> X509_STORE

-		-> X509_LOOKUP

-			->X509_LOOKUP_METHOD

-		-> X509_LOOKUP

-			->X509_LOOKUP_METHOD

-SSL	-> X509_STORE_CTX

-		->X509_STORE

-The X509_STORE holds the tables etc for verification stuff.

-A X509_STORE_CTX is used while validating a single certificate.

-The X509_STORE has X509_LOOKUPs for looking up certs.

-The X509_STORE then calls a function to actually verify the

-certificate chain.

-*/

-#define X509_LU_RETRY		-1

-#define X509_LU_FAIL		0

-#define X509_LU_X509		1

-#define X509_LU_CRL		2

-#define X509_LU_PKEY		3

-typedef struct x509_object_st

-	{

-	/* one of the above types */

-	int type;

-	union	{

-		char *ptr;

-		X509 *x509;

-		X509_CRL *crl;

-		EVP_PKEY *pkey;

-		} data;

-	} X509_OBJECT;

-typedef struct x509_lookup_st X509_LOOKUP;

-DECLARE_STACK_OF(X509_LOOKUP)

-DECLARE_STACK_OF(X509_OBJECT)

-/* This is a static that defines the function interface */

-typedef struct x509_lookup_method_st

-	{

-	const char *name;

-	int (*new_item)(X509_LOOKUP *ctx);

-	void (*free)(X509_LOOKUP *ctx);

-	int (*init)(X509_LOOKUP *ctx);

-	int (*shutdown)(X509_LOOKUP *ctx);

-	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,

-			char **ret);

-	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,

-			      X509_OBJECT *ret);

-	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,

-				    ASN1_INTEGER *serial,X509_OBJECT *ret);

-	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,

-				  unsigned char *bytes,int len,

-				  X509_OBJECT *ret);

-	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,

-			    X509_OBJECT *ret);

-	} X509_LOOKUP_METHOD;

-/* This structure hold all parameters associated with a verify operation

- * by including an X509_VERIFY_PARAM structure in related structures the

- * parameters used can be customized

- */

-typedef struct X509_VERIFY_PARAM_st

-	{

-	char *name;

-	time_t check_time;	/* Time to use */

-	unsigned long inh_flags; /* Inheritance flags */

-	unsigned long flags;	/* Various verify flags */

-	int purpose;		/* purpose to check untrusted certificates */

-	int trust;		/* trust setting to check */

-	int depth;		/* Verify depth */

-	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */

-	} X509_VERIFY_PARAM;

-DECLARE_STACK_OF(X509_VERIFY_PARAM)

-/* This is used to hold everything.  It is used for all certificate

- * validation.  Once we have a certificate chain, the 'verify'

- * function is then called to actually check the cert chain. */

-struct x509_store_st

-	{

-	/* The following is a cache of trusted certs */

-	int cache; 	/* if true, stash any hits */

-	STACK_OF(X509_OBJECT) *objs;	/* Cache of all objects */

-	/* These are external lookup methods */

-	STACK_OF(X509_LOOKUP) *get_cert_methods;

-	X509_VERIFY_PARAM *param;

-	/* Callbacks for various operations */

-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */

-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */

-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */

-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */

-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */

-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */

-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */

-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */

-	int (*cleanup)(X509_STORE_CTX *ctx);

-	CRYPTO_EX_DATA ex_data;

-	int references;

-	} /* X509_STORE */;

-int X509_STORE_set_depth(X509_STORE *store, int depth);

-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))

-#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))

-/* This is the functions plus an instance of the local variables. */

-struct x509_lookup_st

-	{

-	int init;			/* have we been started */

-	int skip;			/* don't use us. */

-	X509_LOOKUP_METHOD *method;	/* the functions */

-	char *method_data;		/* method data */

-	X509_STORE *store_ctx;	/* who owns us */

-	} /* X509_LOOKUP */;

-/* This is a used when verifying cert chains.  Since the

- * gathering of the cert chain can take some time (and have to be

- * 'retried', this needs to be kept and passed around. */

-struct x509_store_ctx_st      /* X509_STORE_CTX */

-	{

-	X509_STORE *ctx;

-	int current_method;	/* used when looking up certs */

-	/* The following are set by the caller */

-	X509 *cert;		/* The cert to check */

-	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */

-	STACK_OF(X509_CRL) *crls;	/* set of CRLs passed in */

-	X509_VERIFY_PARAM *param;

-	void *other_ctx;	/* Other info for use with get_issuer() */

-	/* Callbacks for various operations */

-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */

-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */

-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */

-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */

-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */

-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */

-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */

-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */

-	int (*check_policy)(X509_STORE_CTX *ctx);

-	int (*cleanup)(X509_STORE_CTX *ctx);

-	/* The following is built up */

-	int valid;		/* if 0, rebuild chain */

-	int last_untrusted;	/* index of last untrusted cert */

-	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */

-	X509_POLICY_TREE *tree;	/* Valid policy tree */

-	int explicit_policy;	/* Require explicit policy value */

-	/* When something goes wrong, this is why */

-	int error_depth;

-	int error;

-	X509 *current_cert;

-	X509 *current_issuer;	/* cert currently being tested as valid issuer */

-	X509_CRL *current_crl;	/* current CRL */

-	CRYPTO_EX_DATA ex_data;

-	} /* X509_STORE_CTX */;

-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);

-#define X509_STORE_CTX_set_app_data(ctx,data) \

-	X509_STORE_CTX_set_ex_data(ctx,0,data)

-#define X509_STORE_CTX_get_app_data(ctx) \

-	X509_STORE_CTX_get_ex_data(ctx,0)

-#define X509_L_FILE_LOAD	1

-#define X509_L_ADD_DIR		2

-#define X509_LOOKUP_load_file(x,name,type) \

-		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)

-#define X509_LOOKUP_add_dir(x,name,type) \

-		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)

-#define		X509_V_OK					0

-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */

-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2

-#define		X509_V_ERR_UNABLE_TO_GET_CRL			3

-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4

-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5

-#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6

-#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7

-#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8

-#define		X509_V_ERR_CERT_NOT_YET_VALID			9

-#define		X509_V_ERR_CERT_HAS_EXPIRED			10

-#define		X509_V_ERR_CRL_NOT_YET_VALID			11

-#define		X509_V_ERR_CRL_HAS_EXPIRED			12

-#define		X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD	13

-#define		X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD	14

-#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD	15

-#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD	16

-#define		X509_V_ERR_OUT_OF_MEM				17

-#define		X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT		18

-#define		X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN		19

-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY	20

-#define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21

-#define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22

-#define		X509_V_ERR_CERT_REVOKED				23

-#define		X509_V_ERR_INVALID_CA				24

-#define		X509_V_ERR_PATH_LENGTH_EXCEEDED			25

-#define		X509_V_ERR_INVALID_PURPOSE			26

-#define		X509_V_ERR_CERT_UNTRUSTED			27

-#define		X509_V_ERR_CERT_REJECTED			28

-/* These are 'informational' when looking for issuer cert */

-#define		X509_V_ERR_SUBJECT_ISSUER_MISMATCH		29

-#define		X509_V_ERR_AKID_SKID_MISMATCH			30

-#define		X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH		31

-#define		X509_V_ERR_KEYUSAGE_NO_CERTSIGN			32

-#define		X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER		33

-#define		X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION		34

-#define		X509_V_ERR_KEYUSAGE_NO_CRL_SIGN			35

-#define		X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION	36

-#define		X509_V_ERR_INVALID_NON_CA			37

-#define		X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED		38

-#define		X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE	39

-#define		X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED	40

-#define		X509_V_ERR_INVALID_EXTENSION			41

-#define		X509_V_ERR_INVALID_POLICY_EXTENSION		42

-#define		X509_V_ERR_NO_EXPLICIT_POLICY			43

-#define		X509_V_ERR_UNNESTED_RESOURCE			44

-/* The application is not happy */

-#define		X509_V_ERR_APPLICATION_VERIFICATION		50

-/* Certificate verify flags */

-/* Send issuer+subject checks to verify_cb */

-#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1

-/* Use check time instead of current time */

-#define	X509_V_FLAG_USE_CHECK_TIME		0x2

-/* Lookup CRLs */

-#define	X509_V_FLAG_CRL_CHECK			0x4

-/* Lookup CRLs for whole chain */

-#define	X509_V_FLAG_CRL_CHECK_ALL		0x8

-/* Ignore unhandled critical extensions */

-#define	X509_V_FLAG_IGNORE_CRITICAL		0x10

-/* Disable workarounds for broken certificates */

-#define	X509_V_FLAG_X509_STRICT			0x20

-/* Enable proxy certificate validation */

-#define	X509_V_FLAG_ALLOW_PROXY_CERTS		0x40

-/* Enable policy checking */

-#define X509_V_FLAG_POLICY_CHECK		0x80

-/* Policy variable require-explicit-policy */

-#define X509_V_FLAG_EXPLICIT_POLICY		0x100

-/* Policy variable inhibit-any-policy */

-#define	X509_V_FLAG_INHIBIT_ANY			0x200

-/* Policy variable inhibit-policy-mapping */

-#define X509_V_FLAG_INHIBIT_MAP			0x400

-/* Notify callback that policy is OK */

-#define X509_V_FLAG_NOTIFY_POLICY		0x800

-#define X509_VP_FLAG_DEFAULT			0x1

-#define X509_VP_FLAG_OVERWRITE			0x2

-#define X509_VP_FLAG_RESET_FLAGS		0x4

-#define X509_VP_FLAG_LOCKED			0x8

-#define X509_VP_FLAG_ONCE			0x10

-/* Internal use: mask of policy related options */

-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \

-				| X509_V_FLAG_EXPLICIT_POLICY \

-				| X509_V_FLAG_INHIBIT_ANY \

-				| X509_V_FLAG_INHIBIT_MAP)

-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,

-	     X509_NAME *name);

-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);

-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);

-void X509_OBJECT_up_ref_count(X509_OBJECT *a);

-void X509_OBJECT_free_contents(X509_OBJECT *a);

-X509_STORE *X509_STORE_new(void );

-void X509_STORE_free(X509_STORE *v);

-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);

-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);

-int X509_STORE_set_trust(X509_STORE *ctx, int trust);

-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);

-X509_STORE_CTX *X509_STORE_CTX_new(void);

-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);

-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);

-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,

-			 X509 *x509, STACK_OF(X509) *chain);

-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);

-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);

-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);

-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);

-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);

-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);

-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);

-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,

-	X509_OBJECT *ret);

-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,

-	long argl, char **ret);

-#ifndef OPENSSL_NO_STDIO

-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);

-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);

-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);

-#endif

-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);

-void X509_LOOKUP_free(X509_LOOKUP *ctx);

-int X509_LOOKUP_init(X509_LOOKUP *ctx);

-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,

-	X509_OBJECT *ret);

-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,

-	ASN1_INTEGER *serial, X509_OBJECT *ret);

-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,

-	unsigned char *bytes, int len, X509_OBJECT *ret);

-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,

-	int len, X509_OBJECT *ret);

-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);

-#ifndef OPENSSL_NO_STDIO

-int	X509_STORE_load_locations (X509_STORE *ctx,

-		const char *file, const char *dir);

-int	X509_STORE_set_default_paths(X509_STORE *ctx);

-#endif

-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);

-void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);

-int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);

-void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);

-int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);

-X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);

-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);

-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);

-void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);

-void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);

-void	X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);

-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);

-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);

-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

-				int purpose, int trust);

-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);

-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,

-								time_t t);

-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,

-				  int (*verify_cb)(int, X509_STORE_CTX *));

-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);

-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);

-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);

-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);

-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);

-/* X509_VERIFY_PARAM functions */

-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);

-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);

-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,

-						const X509_VERIFY_PARAM *from);

-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,

-						const X509_VERIFY_PARAM *from);

-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);

-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);

-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,

-							unsigned long flags);

-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);

-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);

-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);

-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);

-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);

-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,

-						ASN1_OBJECT *policy);

-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,

-					STACK_OF(ASN1_OBJECT) *policies);

-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);

-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);

-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);

-void X509_VERIFY_PARAM_table_cleanup(void);

-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,

-			STACK_OF(X509) *certs,

-			STACK_OF(ASN1_OBJECT) *policy_oids,

-			unsigned int flags);

-void X509_policy_tree_free(X509_POLICY_TREE *tree);

-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);

-X509_POLICY_LEVEL *

-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);

-STACK_OF(X509_POLICY_NODE) *

-	X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);

-STACK_OF(X509_POLICY_NODE) *

-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);

-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);

-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);

-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);

-STACK_OF(POLICYQUALINFO) *

-	X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);

-const X509_POLICY_NODE *

-	X509_policy_node_get0_parent(const X509_POLICY_NODE *node);

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x509/x509_vpm.c

+++ /dev/null

@@ -1,420 +1,0 @@

-/* x509_vpm.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/crypto.h>

-#include <openssl/lhash.h>

-#include <openssl/buffer.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-/* X509_VERIFY_PARAM functions */

-static void x509_verify_param_zero(X509_VERIFY_PARAM *param)

-	{

-	if (!param)

-		return;

-	param->name = NULL;

-	param->purpose = 0;

-	param->trust = 0;

-	param->inh_flags = X509_VP_FLAG_DEFAULT;

-	param->flags = 0;

-	param->depth = -1;

-	if (param->policies)

-		{

-		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);

-		param->policies = NULL;

-		}

-	}

-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)

-	{

-	X509_VERIFY_PARAM *param;

-	param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));

-	memset(param, 0, sizeof(X509_VERIFY_PARAM));

-	x509_verify_param_zero(param);

-	return param;

-	}

-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)

-	{

-	x509_verify_param_zero(param);

-	OPENSSL_free(param);

-	}

-/* This function determines how parameters are "inherited" from one structure

- * to another. There are several different ways this can happen.

- *

- * 1. If a child structure needs to have its values initialized from a parent

- *    they are simply copied across. For example SSL_CTX copied to SSL.

- * 2. If the structure should take on values only if they are currently unset.

- *    For example the values in an SSL structure will take appropriate value

- *    for SSL servers or clients but only if the application has not set new

- *    ones.

- *

- * The "inh_flags" field determines how this function behaves.

- *

- * Normally any values which are set in the default are not copied from the

- * destination and verify flags are ORed together.

- *

- * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied

- * to the destination. Effectively the values in "to" become default values

- * which will be used only if nothing new is set in "from".

- *

- * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether

- * they are set or not. Flags is still Ored though.

- *

- * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead

- * of ORed.

- *

- * If X509_VP_FLAG_LOCKED is set then no values are copied.

- *

- * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed

- * after the next call.

- */

-/* Macro to test if a field should be copied from src to dest */

-#define test_x509_verify_param_copy(field, def) \

-	(to_overwrite || \

-		((src->field != def) && (to_default || (dest->field == def))))

-/* Macro to test and copy a field if necessary */

-#define x509_verify_param_copy(field, def) \

-	if (test_x509_verify_param_copy(field, def)) \

-		dest->field = src->field

-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,

-						const X509_VERIFY_PARAM *src)

-	{

-	unsigned long inh_flags;

-	int to_default, to_overwrite;

-	if (!src)

-		return 1;

-	inh_flags = dest->inh_flags | src->inh_flags;

-	if (inh_flags & X509_VP_FLAG_ONCE)

-		dest->inh_flags = 0;

-	if (inh_flags & X509_VP_FLAG_LOCKED)

-		return 1;

-	if (inh_flags & X509_VP_FLAG_DEFAULT)

-		to_default = 1;

-	else

-		to_default = 0;

-	if (inh_flags & X509_VP_FLAG_OVERWRITE)

-		to_overwrite = 1;

-	else

-		to_overwrite = 0;

-	x509_verify_param_copy(purpose, 0);

-	x509_verify_param_copy(trust, 0);

-	x509_verify_param_copy(depth, -1);

-	/* If overwrite or check time not set, copy across */

-	if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))

-		{

-		dest->check_time = src->check_time;

-		dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;

-		/* Don't need to copy flag: that is done below */

-		}

-	if (inh_flags & X509_VP_FLAG_RESET_FLAGS)

-		dest->flags = 0;

-	dest->flags |= src->flags;

-	if (test_x509_verify_param_copy(policies, NULL))

-		{

-		if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))

-			return 0;

-		}

-	return 1;

-	}

-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,

-						const X509_VERIFY_PARAM *from)

-	{

-	to->inh_flags |= X509_VP_FLAG_DEFAULT;

-	return X509_VERIFY_PARAM_inherit(to, from);

-	}

-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)

-	{

-	if (param->name)

-		OPENSSL_free(param->name);

-	param->name = BUF_strdup(name);

-	if (param->name)

-		return 1;

-	return 0;

-	}

-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)

-	{

-	param->flags |= flags;

-	if (flags & X509_V_FLAG_POLICY_MASK)

-		param->flags |= X509_V_FLAG_POLICY_CHECK;

-	return 1;

-	}

-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)

-	{

-	param->flags &= ~flags;

-	return 1;

-	}

-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)

-	{

-	return param->flags;

-	}

-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)

-	{

-	return X509_PURPOSE_set(&param->purpose, purpose);

-	}

-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)

-	{

-	return X509_TRUST_set(&param->trust, trust);

-	}

-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)

-	{

-	param->depth = depth;

-	}

-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)

-	{

-	param->check_time = t;

-	param->flags |= X509_V_FLAG_USE_CHECK_TIME;

-	}

-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)

-	{

-	if (!param->policies)

-		{

-		param->policies = sk_ASN1_OBJECT_new_null();

-		if (!param->policies)

-			return 0;

-		}

-	if (!sk_ASN1_OBJECT_push(param->policies, policy))

-		return 0;

-	return 1;

-	}

-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,

-					STACK_OF(ASN1_OBJECT) *policies)

-	{

-	int i;

-	ASN1_OBJECT *oid, *doid;

-	if (!param)

-		return 0;

-	if (param->policies)

-		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);

-	if (!policies)

-		{

-		param->policies = NULL;

-		return 1;

-		}

-	param->policies = sk_ASN1_OBJECT_new_null();

-	if (!param->policies)

-		return 0;

-	for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)

-		{

-		oid = sk_ASN1_OBJECT_value(policies, i);

-		doid = OBJ_dup(oid);

-		if (!doid)

-			return 0;

-		if (!sk_ASN1_OBJECT_push(param->policies, doid))

-			{

-			ASN1_OBJECT_free(doid);

-			return 0;

-			}

-		}

-	param->flags |= X509_V_FLAG_POLICY_CHECK;

-	return 1;

-	}

-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)

-	{

-	return param->depth;

-	}

-/* Default verify parameters: these are used for various

- * applications and can be overridden by the user specified table.

- * NB: the 'name' field *must* be in alphabetical order because it

- * will be searched using OBJ_search.

- */

-static const X509_VERIFY_PARAM default_table[] = {

-	{

-	"default",	/* X509 default parameters */

-	0,		/* Check time */

-	0,		/* internal flags */

-	0,		/* flags */

-	0,		/* purpose */

-	0,		/* trust */

-	9,		/* depth */

-	NULL		/* policies */

-	},

-	{

-	"pkcs7",			/* SSL/TLS client parameters */

-	0,				/* Check time */

-	0,				/* internal flags */

-	0,				/* flags */

-	X509_PURPOSE_SMIME_SIGN,	/* purpose */

-	X509_TRUST_EMAIL,		/* trust */

-	-1,				/* depth */

-	NULL				/* policies */

-	},

-	{

-	"ssl_client",			/* SSL/TLS client parameters */

-	0,				/* Check time */

-	0,				/* internal flags */

-	0,				/* flags */

-	X509_PURPOSE_SSL_CLIENT,	/* purpose */

-	X509_TRUST_SSL_CLIENT,		/* trust */

-	-1,				/* depth */

-	NULL				/* policies */

-	},

-	{

-	"ssl_server",			/* SSL/TLS server parameters */

-	0,				/* Check time */

-	0,				/* internal flags */

-	0,				/* flags */

-	X509_PURPOSE_SSL_SERVER,	/* purpose */

-	X509_TRUST_SSL_SERVER,		/* trust */

-	-1,				/* depth */

-	NULL				/* policies */

-	}};

-static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;

-static int table_cmp(const void *pa, const void *pb)

-	{

-	const X509_VERIFY_PARAM *a = pa, *b = pb;

-	return strcmp(a->name, b->name);

-	}

-static int param_cmp(const X509_VERIFY_PARAM * const *a,

-			const X509_VERIFY_PARAM * const *b)

-	{

-	return strcmp((*a)->name, (*b)->name);

-	}

-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)

-	{

-	int idx;

-	X509_VERIFY_PARAM *ptmp;

-	if (!param_table)

-		{

-		param_table = sk_X509_VERIFY_PARAM_new(param_cmp);

-		if (!param_table)

-			return 0;

-		}

-	else

-		{

-		idx = sk_X509_VERIFY_PARAM_find(param_table, param);

-		if (idx != -1)

-			{

-			ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);

-			X509_VERIFY_PARAM_free(ptmp);

-			(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);

-			}

-		}

-	if (!sk_X509_VERIFY_PARAM_push(param_table, param))

-		return 0;

-	return 1;

-	}

-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)

-	{

-	int idx;

-	X509_VERIFY_PARAM pm;

-	pm.name = (char *)name;

-	if (param_table)

-		{

-		idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);

-		if (idx != -1)

-			return sk_X509_VERIFY_PARAM_value(param_table, idx);

-		}

-	return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,

-				(char *)&default_table,

-				sizeof(default_table)/sizeof(X509_VERIFY_PARAM),

-				sizeof(X509_VERIFY_PARAM),

-				table_cmp);

-	}

-void X509_VERIFY_PARAM_table_cleanup(void)

-	{

-	if (param_table)

-		sk_X509_VERIFY_PARAM_pop_free(param_table,

-						X509_VERIFY_PARAM_free);

-	param_table = NULL;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509cset.c

+++ /dev/null

@@ -1,170 +1,0 @@

-/* crypto/x509/x509cset.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-int X509_CRL_set_version(X509_CRL *x, long version)

-	{

-	if (x == NULL) return(0);

-	if (x->crl->version == NULL)

-		{

-		if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)

-			return(0);

-		}

-	return(ASN1_INTEGER_set(x->crl->version,version));

-	}

-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)

-	{

-	if ((x == NULL) || (x->crl == NULL)) return(0);

-	return(X509_NAME_set(&x->crl->issuer,name));

-	}

-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)

-	{

-	ASN1_TIME *in;

-	if (x == NULL) return(0);

-	in=x->crl->lastUpdate;

-	if (in != tm)

-		{

-		in=M_ASN1_TIME_dup(tm);

-		if (in != NULL)

-			{

-			M_ASN1_TIME_free(x->crl->lastUpdate);

-			x->crl->lastUpdate=in;

-			}

-		}

-	return(in != NULL);

-	}

-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)

-	{

-	ASN1_TIME *in;

-	if (x == NULL) return(0);

-	in=x->crl->nextUpdate;

-	if (in != tm)

-		{

-		in=M_ASN1_TIME_dup(tm);

-		if (in != NULL)

-			{

-			M_ASN1_TIME_free(x->crl->nextUpdate);

-			x->crl->nextUpdate=in;

-			}

-		}

-	return(in != NULL);

-	}

-int X509_CRL_sort(X509_CRL *c)

-	{

-	int i;

-	X509_REVOKED *r;

-	/* sort the data so it will be written in serial

-	 * number order */

-	sk_X509_REVOKED_sort(c->crl->revoked);

-	for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)

-		{

-		r=sk_X509_REVOKED_value(c->crl->revoked,i);

-		r->sequence=i;

-		}

-	c->crl->enc.modified = 1;

-	return 1;

-	}

-int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)

-	{

-	ASN1_TIME *in;

-	if (x == NULL) return(0);

-	in=x->revocationDate;

-	if (in != tm)

-		{

-		in=M_ASN1_TIME_dup(tm);

-		if (in != NULL)

-			{

-			M_ASN1_TIME_free(x->revocationDate);

-			x->revocationDate=in;

-			}

-		}

-	return(in != NULL);

-	}

-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)

-	{

-	ASN1_INTEGER *in;

-	if (x == NULL) return(0);

-	in=x->serialNumber;

-	if (in != serial)

-		{

-		in=M_ASN1_INTEGER_dup(serial);

-		if (in != NULL)

-			{

-			M_ASN1_INTEGER_free(x->serialNumber);

-			x->serialNumber=in;

-			}

-		}

-	return(in != NULL);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509name.c

+++ /dev/null

@@ -1,383 +1,0 @@

-/* crypto/x509/x509name.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/stack.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)

-	{

-	ASN1_OBJECT *obj;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL) return(-1);

-	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));

-	}

-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,

-	     int len)

-	{

-	int i;

-	ASN1_STRING *data;

-	i=X509_NAME_get_index_by_OBJ(name,obj,-1);

-	if (i < 0) return(-1);

-	data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));

-	i=(data->length > (len-1))?(len-1):data->length;

-	if (buf == NULL) return(data->length);

-	memcpy(buf,data->data,i);

-	buf[i]='\0';

-	return(i);

-	}

-int X509_NAME_entry_count(X509_NAME *name)

-	{

-	if (name == NULL) return(0);

-	return(sk_X509_NAME_ENTRY_num(name->entries));

-	}

-int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)

-	{

-	ASN1_OBJECT *obj;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL) return(-2);

-	return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));

-	}

-/* NOTE: you should be passsing -1, not 0 as lastpos */

-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,

-	     int lastpos)

-	{

-	int n;

-	X509_NAME_ENTRY *ne;

-	STACK_OF(X509_NAME_ENTRY) *sk;

-	if (name == NULL) return(-1);

-	if (lastpos < 0)

-		lastpos= -1;

-	sk=name->entries;

-	n=sk_X509_NAME_ENTRY_num(sk);

-	for (lastpos++; lastpos < n; lastpos++)

-		{

-		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);

-		if (OBJ_cmp(ne->object,obj) == 0)

-			return(lastpos);

-		}

-	return(-1);

-	}

-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)

-	{

-	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc

-	   || loc < 0)

-		return(NULL);

-	else

-		return(sk_X509_NAME_ENTRY_value(name->entries,loc));

-	}

-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)

-	{

-	X509_NAME_ENTRY *ret;

-	int i,n,set_prev,set_next;

-	STACK_OF(X509_NAME_ENTRY) *sk;

-	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc

-	    || loc < 0)

-		return(NULL);

-	sk=name->entries;

-	ret=sk_X509_NAME_ENTRY_delete(sk,loc);

-	n=sk_X509_NAME_ENTRY_num(sk);

-	name->modified=1;

-	if (loc == n) return(ret);

-	/* else we need to fixup the set field */

-	if (loc != 0)

-		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;

-	else

-		set_prev=ret->set-1;

-	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;

-	/* set_prev is the previous set

-	 * set is the current set

-	 * set_next is the following

-	 * prev  1 1	1 1	1 1	1 1

-	 * set   1	1	2	2

-	 * next  1 1	2 2	2 2	3 2

-	 * so basically only if prev and next differ by 2, then

-	 * re-number down by 1 */

-	if (set_prev+1 < set_next)

-		for (i=loc; i<n; i++)

-			sk_X509_NAME_ENTRY_value(sk,i)->set--;

-	return(ret);

-	}

-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,

-			unsigned char *bytes, int len, int loc, int set)

-{

-	X509_NAME_ENTRY *ne;

-	int ret;

-	ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);

-	if(!ne) return 0;

-	ret = X509_NAME_add_entry(name, ne, loc, set);

-	X509_NAME_ENTRY_free(ne);

-	return ret;

-}

-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,

-			unsigned char *bytes, int len, int loc, int set)

-{

-	X509_NAME_ENTRY *ne;

-	int ret;

-	ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);

-	if(!ne) return 0;

-	ret = X509_NAME_add_entry(name, ne, loc, set);

-	X509_NAME_ENTRY_free(ne);

-	return ret;

-}

-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,

-			const unsigned char *bytes, int len, int loc, int set)

-{

-	X509_NAME_ENTRY *ne;

-	int ret;

-	ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);

-	if(!ne) return 0;

-	ret = X509_NAME_add_entry(name, ne, loc, set);

-	X509_NAME_ENTRY_free(ne);

-	return ret;

-}

-/* if set is -1, append to previous set, 0 'a new one', and 1,

- * prepend to the guy we are about to stomp on. */

-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,

-	     int set)

-	{

-	X509_NAME_ENTRY *new_name=NULL;

-	int n,i,inc;

-	STACK_OF(X509_NAME_ENTRY) *sk;

-	if (name == NULL) return(0);

-	sk=name->entries;

-	n=sk_X509_NAME_ENTRY_num(sk);

-	if (loc > n) loc=n;

-	else if (loc < 0) loc=n;

-	name->modified=1;

-	if (set == -1)

-		{

-		if (loc == 0)

-			{

-			set=0;

-			inc=1;

-			}

-		else

-			{

-			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;

-			inc=0;

-			}

-		}

-	else /* if (set >= 0) */

-		{

-		if (loc >= n)

-			{

-			if (loc != 0)

-				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;

-			else

-				set=0;

-			}

-		else

-			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;

-		inc=(set == 0)?1:0;

-		}

-	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)

-		goto err;

-	new_name->set=set;

-	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))

-		{

-		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (inc)

-		{

-		n=sk_X509_NAME_ENTRY_num(sk);

-		for (i=loc+1; i<n; i++)

-			sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;

-		}

-	return(1);

-err:

-	if (new_name != NULL)

-		X509_NAME_ENTRY_free(new_name);

-	return(0);

-	}

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,

-		const char *field, int type, const unsigned char *bytes, int len)

-	{

-	ASN1_OBJECT *obj;

-	X509_NAME_ENTRY *nentry;

-	obj=OBJ_txt2obj(field, 0);

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,

-						X509_R_INVALID_FIELD_NAME);

-		ERR_add_error_data(2, "name=", field);

-		return(NULL);

-		}

-	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);

-	ASN1_OBJECT_free(obj);

-	return nentry;

-	}

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,

-	     int type, unsigned char *bytes, int len)

-	{

-	ASN1_OBJECT *obj;

-	X509_NAME_ENTRY *nentry;

-	obj=OBJ_nid2obj(nid);

-	if (obj == NULL)

-		{

-		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);

-		return(NULL);

-		}

-	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);

-	ASN1_OBJECT_free(obj);

-	return nentry;

-	}

-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,

-	     ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)

-	{

-	X509_NAME_ENTRY *ret;

-	if ((ne == NULL) || (*ne == NULL))

-		{

-		if ((ret=X509_NAME_ENTRY_new()) == NULL)

-			return(NULL);

-		}

-	else

-		ret= *ne;

-	if (!X509_NAME_ENTRY_set_object(ret,obj))

-		goto err;

-	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))

-		goto err;

-	if ((ne != NULL) && (*ne == NULL)) *ne=ret;

-	return(ret);

-err:

-	if ((ne == NULL) || (ret != *ne))

-		X509_NAME_ENTRY_free(ret);

-	return(NULL);

-	}

-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)

-	{

-	if ((ne == NULL) || (obj == NULL))

-		{

-		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	ASN1_OBJECT_free(ne->object);

-	ne->object=OBJ_dup(obj);

-	return((ne->object == NULL)?0:1);

-	}

-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,

-	     const unsigned char *bytes, int len)

-	{

-	int i;

-	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);

-	if((type > 0) && (type & MBSTRING_FLAG))

-		return ASN1_STRING_set_by_NID(&ne->value, bytes,

-						len, type,

-					OBJ_obj2nid(ne->object)) ? 1 : 0;

-	if (len < 0) len=strlen((char *)bytes);

-	i=ASN1_STRING_set(ne->value,bytes,len);

-	if (!i) return(0);

-	if (type != V_ASN1_UNDEF)

-		{

-		if (type == V_ASN1_APP_CHOOSE)

-			ne->value->type=ASN1_PRINTABLE_type(bytes,len);

-		else

-			ne->value->type=type;

-		}

-	return(1);

-	}

-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)

-	{

-	if (ne == NULL) return(NULL);

-	return(ne->object);

-	}

-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)

-	{

-	if (ne == NULL) return(NULL);

-	return(ne->value);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509rset.c

+++ /dev/null

@@ -1,83 +1,0 @@

-/* crypto/x509/x509rset.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-int X509_REQ_set_version(X509_REQ *x, long version)

-	{

-	if (x == NULL) return(0);

-	return(ASN1_INTEGER_set(x->req_info->version,version));

-	}

-int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)

-	{

-	if ((x == NULL) || (x->req_info == NULL)) return(0);

-	return(X509_NAME_set(&x->req_info->subject,name));

-	}

-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)

-	{

-	if ((x == NULL) || (x->req_info == NULL)) return(0);

-	return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509spki.c

+++ /dev/null

@@ -1,121 +1,0 @@

-/* x509spki.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509.h>

-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)

-{

-	if ((x == NULL) || (x->spkac == NULL)) return(0);

-	return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));

-}

-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)

-{

-	if ((x == NULL) || (x->spkac == NULL))

-		return(NULL);

-	return(X509_PUBKEY_get(x->spkac->pubkey));

-}

-/* Load a Netscape SPKI from a base64 encoded string */

-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)

-{

-	unsigned char *spki_der;

-	const unsigned char *p;

-	int spki_len;

-	NETSCAPE_SPKI *spki;

-	if(len <= 0) len = strlen(str);

-	if (!(spki_der = OPENSSL_malloc(len + 1))) {

-		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);

-	if(spki_len < 0) {

-		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,

-						X509_R_BASE64_DECODE_ERROR);

-		OPENSSL_free(spki_der);

-		return NULL;

-	}

-	p = spki_der;

-	spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);

-	OPENSSL_free(spki_der);

-	return spki;

-}

-/* Generate a base64 encoded string from an SPKI */

-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)

-{

-	unsigned char *der_spki, *p;

-	char *b64_str;

-	int der_len;

-	der_len = i2d_NETSCAPE_SPKI(spki, NULL);

-	der_spki = OPENSSL_malloc(der_len);

-	b64_str = OPENSSL_malloc(der_len * 2);

-	if(!der_spki || !b64_str) {

-		X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	p = der_spki;

-	i2d_NETSCAPE_SPKI(spki, &p);

-	EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);

-	OPENSSL_free(der_spki);

-	return b64_str;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509/x509type.c

+++ /dev/null

@@ -1,121 +1,0 @@

-/* crypto/x509/x509type.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-int X509_certificate_type(X509 *x, EVP_PKEY *pkey)

-	{

-	EVP_PKEY *pk;

-	int ret=0,i;

-	if (x == NULL) return(0);

-	if (pkey == NULL)

-		pk=X509_get_pubkey(x);

-	else

-		pk=pkey;

-	if (pk == NULL) return(0);

-	switch (pk->type)

-		{

-	case EVP_PKEY_RSA:

-		ret=EVP_PK_RSA|EVP_PKT_SIGN;

-/*		if (!sign only extension) */

-			ret|=EVP_PKT_ENC;

-	break;

-	case EVP_PKEY_DSA:

-		ret=EVP_PK_DSA|EVP_PKT_SIGN;

-		break;

-	case EVP_PKEY_EC:

-		ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;

-		break;

-	case EVP_PKEY_DH:

-		ret=EVP_PK_DH|EVP_PKT_EXCH;

-		break;

-	default:

-		break;

-		}

-	i=X509_get_signature_type(x);

-	switch (i)

-		{

-	case EVP_PKEY_RSA:

-		ret|=EVP_PKS_RSA;

-		break;

-	case EVP_PKEY_DSA:

-		ret|=EVP_PKS_DSA;

-		break;

-	case EVP_PKEY_EC:

-		ret|=EVP_PKS_EC;

-		break;

-	default:

-		break;

-		}

-	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

-					   for, not bytes */

-		ret|=EVP_PKT_EXP;

-	if(pkey==NULL) EVP_PKEY_free(pk);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509/x_all.c

+++ /dev/null

@@ -1,522 +1,0 @@

-/* crypto/x509/x_all.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#undef SSLEAY_MACROS

-#include <openssl/stack.h>

-#include "cryptlib.h"

-#include <openssl/buffer.h>

-#include <openssl/asn1.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-int X509_verify(X509 *a, EVP_PKEY *r)

-	{

-	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,

-		a->signature,a->cert_info,r));

-	}

-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)

-	{

-	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),

-		a->sig_alg,a->signature,a->req_info,r));

-	}

-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)

-	{

-	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),

-		a->sig_alg, a->signature,a->crl,r));

-	}

-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)

-	{

-	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),

-		a->sig_algor,a->signature,a->spkac,r));

-	}

-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)

-	{

-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,

-		x->sig_alg, x->signature, x->cert_info,pkey,md));

-	}

-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)

-	{

-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,

-		x->signature, x->req_info,pkey,md));

-	}

-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)

-	{

-	x->crl->enc.modified = 1;

-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,

-		x->sig_alg, x->signature, x->crl,pkey,md));

-	}

-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)

-	{

-	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,

-		x->signature, x->spkac,pkey,md));

-	}

-#ifndef OPENSSL_NO_FP_API

-X509 *d2i_X509_fp(FILE *fp, X509 **x509)

-	{

-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);

-	}

-int i2d_X509_fp(FILE *fp, X509 *x509)

-	{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);

-	}

-#endif

-X509 *d2i_X509_bio(BIO *bp, X509 **x509)

-	{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);

-	}

-int i2d_X509_bio(BIO *bp, X509 *x509)

-	{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);

-	}

-#ifndef OPENSSL_NO_FP_API

-X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)

-	{

-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);

-	}

-int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)

-	{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);

-	}

-#endif

-X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)

-	{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);

-	}

-int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)

-	{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);

-	}

-#ifndef OPENSSL_NO_FP_API

-PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)

-	{

-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);

-	}

-int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)

-	{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);

-	}

-#endif

-PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)

-	{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);

-	}

-int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)

-	{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);

-	}

-#ifndef OPENSSL_NO_FP_API

-X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)

-	{

-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);

-	}

-int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)

-	{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);

-	}

-#endif

-X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)

-	{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);

-	}

-int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)

-	{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);

-	}

-#ifndef OPENSSL_NO_RSA

-#ifndef OPENSSL_NO_FP_API

-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)

-	{

-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);

-	}

-int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)

-	{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);

-	}

-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)

-	{

-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);

-	}

-RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)

-	{

-	return ASN1_d2i_fp((void *(*)(void))

-			   RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,

-			   (void **)rsa);

-	}

-int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)

-	{

-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);

-	}

-int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)

-	{

-	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);

-	}

-#endif

-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)

-	{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);

-	}

-int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)

-	{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);

-	}

-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)

-	{

-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);

-	}

-RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)

-	{

-	return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);

-	}

-int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)

-	{

-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);

-	}

-int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)

-	{

-	return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-#ifndef OPENSSL_NO_FP_API

-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)

-	{

-	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);

-	}

-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)

-	{

-	return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);

-	}

-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)

-	{

-	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);

-	}

-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)

-	{

-	return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);

-	}

-#endif

-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)

-	{

-	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa

-);

-	}

-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)

-	{

-	return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);

-	}

-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)

-	{

-	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);

-	}

-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)

-	{

-	return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);

-	}

-#endif

-#ifndef OPENSSL_NO_EC

-#ifndef OPENSSL_NO_FP_API

-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)

-	{

-	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);

-	}

-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)

-	{

-	return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);

-	}

-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)

-	{

-	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);

-	}

-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)

-	{

-	return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);

-	}

-#endif

-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)

-	{

-	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);

-	}

-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)

-	{

-	return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);

-	}

-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)

-	{

-	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);

-	}

-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)

-	{

-	return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);

-	}

-#endif

-int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,

-	     unsigned int *len)

-	{

-	ASN1_BIT_STRING *key;

-	key = X509_get0_pubkey_bitstr(data);

-	if(!key) return 0;

-	return EVP_Digest(key->data, key->length, md, len, type, NULL);

-	}

-int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,

-	     unsigned int *len)

-	{

-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));

-	}

-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,

-	     unsigned int *len)

-	{

-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));

-	}

-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,

-	     unsigned int *len)

-	{

-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));

-	}

-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,

-	     unsigned int *len)

-	{

-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));

-	}

-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,

-	     unsigned char *md, unsigned int *len)

-	{

-	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,

-		(char *)data,md,len));

-	}

-#ifndef OPENSSL_NO_FP_API

-X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)

-	{

-	return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);

-	}

-int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)

-	{

-	return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);

-	}

-#endif

-X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)

-	{

-	return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);

-	}

-int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)

-	{

-	return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);

-	}

-#ifndef OPENSSL_NO_FP_API

-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,

-						 PKCS8_PRIV_KEY_INFO **p8inf)

-	{

-	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,

-			      d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);

-	}

-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)

-	{

-	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,

-			      p8inf);

-	}

-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)

-	{

-	PKCS8_PRIV_KEY_INFO *p8inf;

-	int ret;

-	p8inf = EVP_PKEY2PKCS8(key);

-	if(!p8inf) return 0;

-	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);

-	PKCS8_PRIV_KEY_INFO_free(p8inf);

-	return ret;

-	}

-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)

-	{

-	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);

-	}

-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)

-{

-	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);

-}

-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)

-	{

-	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);

-	}

-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)

-{

-	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);

-}

-#endif

-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,

-						 PKCS8_PRIV_KEY_INFO **p8inf)

-	{

-	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,

-			    d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);

-	}

-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)

-	{

-	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,

-			       p8inf);

-	}

-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)

-	{

-	PKCS8_PRIV_KEY_INFO *p8inf;

-	int ret;

-	p8inf = EVP_PKEY2PKCS8(key);

-	if(!p8inf) return 0;

-	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);

-	PKCS8_PRIV_KEY_INFO_free(p8inf);

-	return ret;

-	}

-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)

-	{

-	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);

-	}

-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)

-	{

-	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);

-	}

-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)

-	{

-	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);

-	}

-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)

-	{

-	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/Makefile

+++ /dev/null

@@ -1,591 +1,0 @@

-#

-# OpenSSL/crypto/x509v3/Makefile

-#

-DIR=	x509v3

-TOP=	../..

-CC=	cc

-INCLUDES= -I.. -I$(TOP) -I../../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile README

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \

-v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \

-v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \

-v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \

-pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \

-v3_asid.c v3_addr.c

-LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \

-v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \

-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \

-v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \

-pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \

-v3_asid.o v3_addr.o

-SRC= $(LIBSRC)

-EXHEADER= x509v3.h

-HEADER=	$(EXHEADER) pcy_int.h

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)

-all:	lib

-lib:	$(LIBOBJ)

-	$(AR) $(LIB) $(LIBOBJ)

-	$(RANLIB) $(LIB) || echo Never mind.

-	@touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)

-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)

-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \

-	do  \

-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \

-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \

-	done;

-tags:

-	ctags $(SRC)

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...

-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-pcy_cache.o: ../../e_os.h ../../include/openssl/asn1.h

-pcy_cache.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pcy_cache.o: ../../include/openssl/objects.h

-pcy_cache.o: ../../include/openssl/opensslconf.h

-pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pcy_cache.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pcy_cache.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pcy_cache.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pcy_cache.o: ../cryptlib.h pcy_cache.c pcy_int.h

-pcy_data.o: ../../e_os.h ../../include/openssl/asn1.h

-pcy_data.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pcy_data.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pcy_data.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pcy_data.o: ../cryptlib.h pcy_data.c pcy_int.h

-pcy_lib.o: ../../e_os.h ../../include/openssl/asn1.h

-pcy_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c

-pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h

-pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c

-pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h

-pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pcy_node.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pcy_node.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pcy_node.o: pcy_int.h pcy_node.c

-pcy_tree.o: ../../e_os.h ../../include/openssl/asn1.h

-pcy_tree.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-pcy_tree.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-pcy_tree.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-pcy_tree.o: ../cryptlib.h pcy_int.h pcy_tree.c

-v3_addr.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_addr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c

-v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c

-v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_akeya.o: ../../include/openssl/opensslconf.h

-v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_akeya.o: ../cryptlib.h v3_akeya.c

-v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c

-v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_asid.o: ../cryptlib.h v3_asid.c

-v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_bcons.o: ../../include/openssl/opensslconf.h

-v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_bcons.o: ../cryptlib.h v3_bcons.c

-v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_bitst.o: ../cryptlib.h v3_bitst.c

-v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_conf.o: ../cryptlib.h v3_conf.c

-v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_cpols.o: ../../include/openssl/opensslconf.h

-v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_cpols.o: ../cryptlib.h pcy_int.h v3_cpols.c

-v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c

-v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_enum.o: ../cryptlib.h v3_enum.c

-v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_extku.o: ../../include/openssl/opensslconf.h

-v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_extku.o: ../cryptlib.h v3_extku.c

-v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c

-v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c

-v3_info.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c

-v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c

-v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c

-v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_ncons.o: ../../include/openssl/opensslconf.h

-v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_ncons.o: ../cryptlib.h v3_ncons.c

-v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h

-v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c

-v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c

-v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h

-v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c

-v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_pcons.o: ../../include/openssl/opensslconf.h

-v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_pcons.o: ../cryptlib.h v3_pcons.c

-v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c

-v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_pmaps.o: ../../include/openssl/opensslconf.h

-v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_pmaps.o: ../cryptlib.h v3_pmaps.c

-v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c

-v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_purp.o: ../cryptlib.h v3_purp.c

-v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

-v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_skey.o: ../cryptlib.h v3_skey.c

-v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h

-v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h

-v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3_sxnet.o: ../../include/openssl/opensslconf.h

-v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_sxnet.o: ../cryptlib.h v3_sxnet.c

-v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

-v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

-v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

-v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h

-v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h

-v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

-v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

-v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

-v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

-v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

-v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

-v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

-v3_utl.o: ../cryptlib.h v3_utl.c

-v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

-v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

-v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

-v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h

-v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h

-v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h

-v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

-v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h

-v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

-v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

-v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h

-v3err.o: ../../include/openssl/x509v3.h v3err.c

--- a/sys/src/ape/lib/openssl/crypto/x509v3/ext_dat.h

+++ /dev/null

@@ -1,131 +1,0 @@

-/* ext_dat.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* This file contains a table of "standard" extensions */

-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;

-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;

-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;

-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;

-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;

-extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;

-extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;

-extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;

-extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;

-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;

-#ifndef OPENSSL_NO_RFC3779

-extern X509V3_EXT_METHOD v3_addr, v3_asid;

-#endif

-/* This table will be searched using OBJ_bsearch so it *must* kept in

- * order of the ext_nid values.

- */

-static X509V3_EXT_METHOD *standard_exts[] = {

-&v3_nscert,

-&v3_ns_ia5_list[0],

-&v3_ns_ia5_list[1],

-&v3_ns_ia5_list[2],

-&v3_ns_ia5_list[3],

-&v3_ns_ia5_list[4],

-&v3_ns_ia5_list[5],

-&v3_ns_ia5_list[6],

-&v3_skey_id,

-&v3_key_usage,

-&v3_pkey_usage_period,

-&v3_alt[0],

-&v3_alt[1],

-&v3_bcons,

-&v3_crl_num,

-&v3_cpols,

-&v3_akey_id,

-&v3_crld,

-&v3_ext_ku,

-&v3_delta_crl,

-&v3_crl_reason,

-#ifndef OPENSSL_NO_OCSP

-&v3_crl_invdate,

-#endif

-&v3_sxnet,

-&v3_info,

-#ifndef OPENSSL_NO_RFC3779

-&v3_addr,

-&v3_asid,

-#endif

-#ifndef OPENSSL_NO_OCSP

-&v3_ocsp_nonce,

-&v3_ocsp_crlid,

-&v3_ocsp_accresp,

-&v3_ocsp_nocheck,

-&v3_ocsp_acutoff,

-&v3_ocsp_serviceloc,

-#endif

-&v3_sinfo,

-&v3_policy_constraints,

-#ifndef OPENSSL_NO_OCSP

-&v3_crl_hold,

-#endif

-&v3_pci,

-&v3_name_constraints,

-&v3_policy_mappings,

-&v3_inhibit_anyp

-};

-/* Number of standard extensions */

-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_cache.c

+++ /dev/null

@@ -1,287 +1,0 @@

-/* pcy_cache.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-static int policy_data_cmp(const X509_POLICY_DATA * const *a,

-				const X509_POLICY_DATA * const *b);

-static int policy_cache_set_int(long *out, ASN1_INTEGER *value);

-/* Set cache entry according to CertificatePolicies extension.

- * Note: this destroys the passed CERTIFICATEPOLICIES structure.

- */

-static int policy_cache_create(X509 *x,

-			CERTIFICATEPOLICIES *policies, int crit)

-	{

-	int i;

-	int ret = 0;

-	X509_POLICY_CACHE *cache = x->policy_cache;

-	X509_POLICY_DATA *data = NULL;

-	POLICYINFO *policy;

-	if (sk_POLICYINFO_num(policies) == 0)

-		goto bad_policy;

-	cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);

-	if (!cache->data)

-		goto bad_policy;

-	for (i = 0; i < sk_POLICYINFO_num(policies); i++)

-		{

-		policy = sk_POLICYINFO_value(policies, i);

-		data = policy_data_new(policy, NULL, crit);

-		if (!data)

-			goto bad_policy;

-		/* Duplicate policy OIDs are illegal: reject if matches

-		 * found.

-		 */

-		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)

-			{

-			if (cache->anyPolicy)

-				{

-				ret = -1;

-				goto bad_policy;

-				}

-			cache->anyPolicy = data;

-			}

-		else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)

-			{

-			ret = -1;

-			goto bad_policy;

-			}

-		else if (!sk_X509_POLICY_DATA_push(cache->data, data))

-			goto bad_policy;

-		data = NULL;

-		}

-	ret = 1;

-	bad_policy:

-	if (ret == -1)

-		x->ex_flags |= EXFLAG_INVALID_POLICY;

-	if (data)

-		policy_data_free(data);

-	sk_POLICYINFO_pop_free(policies, POLICYINFO_free);

-	if (ret <= 0)

-		{

-		sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);

-		cache->data = NULL;

-		}

-	return ret;

-	}

-static int policy_cache_new(X509 *x)

-	{

-	X509_POLICY_CACHE *cache;

-	ASN1_INTEGER *ext_any = NULL;

-	POLICY_CONSTRAINTS *ext_pcons = NULL;

-	CERTIFICATEPOLICIES *ext_cpols = NULL;

-	POLICY_MAPPINGS *ext_pmaps = NULL;

-	int i;

-	cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));

-	if (!cache)

-		return 0;

-	cache->anyPolicy = NULL;

-	cache->data = NULL;

-	cache->maps = NULL;

-	cache->any_skip = -1;

-	cache->explicit_skip = -1;

-	cache->map_skip = -1;

-	x->policy_cache = cache;

-	/* Handle requireExplicitPolicy *first*. Need to process this

-	 * even if we don't have any policies.

-	 */

-	ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);

-	if (!ext_pcons)

-		{

-		if (i != -1)

-			goto bad_cache;

-		}

-	else

-		{

-		if (!ext_pcons->requireExplicitPolicy

-			&& !ext_pcons->inhibitPolicyMapping)

-			goto bad_cache;

-		if (!policy_cache_set_int(&cache->explicit_skip,

-			ext_pcons->requireExplicitPolicy))

-			goto bad_cache;

-		if (!policy_cache_set_int(&cache->map_skip,

-			ext_pcons->inhibitPolicyMapping))

-			goto bad_cache;

-		}

-	/* Process CertificatePolicies */

-	ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);

-	/* If no CertificatePolicies extension or problem decoding then

-	 * there is no point continuing because the valid policies will be

-	 * NULL.

-	 */

-	if (!ext_cpols)

-		{

-		/* If not absent some problem with extension */

-		if (i != -1)

-			goto bad_cache;

-		return 1;

-		}

-	i = policy_cache_create(x, ext_cpols, i);

-	/* NB: ext_cpols freed by policy_cache_set_policies */

-	if (i <= 0)

-		return i;

-	ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);

-	if (!ext_pmaps)

-		{

-		/* If not absent some problem with extension */

-		if (i != -1)

-			goto bad_cache;

-		}

-	else

-		{

-		i = policy_cache_set_mapping(x, ext_pmaps);

-		if (i <= 0)

-			goto bad_cache;

-		}

-	ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);

-	if (!ext_any)

-		{

-		if (i != -1)

-			goto bad_cache;

-		}

-	else if (!policy_cache_set_int(&cache->any_skip, ext_any))

-			goto bad_cache;

-	if (0)

-		{

-		bad_cache:

-		x->ex_flags |= EXFLAG_INVALID_POLICY;

-		}

-	if(ext_pcons)

-		POLICY_CONSTRAINTS_free(ext_pcons);

-	if (ext_any)

-		ASN1_INTEGER_free(ext_any);

-	return 1;

-}

-void policy_cache_free(X509_POLICY_CACHE *cache)

-	{

-	if (!cache)

-		return;

-	if (cache->anyPolicy)

-		policy_data_free(cache->anyPolicy);

-	if (cache->data)

-		sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);

-	OPENSSL_free(cache);

-	}

-const X509_POLICY_CACHE *policy_cache_set(X509 *x)

-	{

-	if (x->policy_cache == NULL)

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_X509);

-			policy_cache_new(x);

-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);

-		}

-	return x->policy_cache;

-	}

-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,

-						const ASN1_OBJECT *id)

-	{

-	int idx;

-	X509_POLICY_DATA tmp;

-	tmp.valid_policy = (ASN1_OBJECT *)id;

-	idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);

-	if (idx == -1)

-		return NULL;

-	return sk_X509_POLICY_DATA_value(cache->data, idx);

-	}

-static int policy_data_cmp(const X509_POLICY_DATA * const *a,

-				const X509_POLICY_DATA * const *b)

-	{

-	return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);

-	}

-static int policy_cache_set_int(long *out, ASN1_INTEGER *value)

-	{

-	if (value == NULL)

-		return 1;

-	if (value->type == V_ASN1_NEG_INTEGER)

-		return 0;

-	*out = ASN1_INTEGER_get(value);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_data.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* pcy_data.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-/* Policy Node routines */

-void policy_data_free(X509_POLICY_DATA *data)

-	{

-	ASN1_OBJECT_free(data->valid_policy);

-	/* Don't free qualifiers if shared */

-	if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))

-		sk_POLICYQUALINFO_pop_free(data->qualifier_set,

-					POLICYQUALINFO_free);

-	sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);

-	OPENSSL_free(data);

-	}

-/* Create a data based on an existing policy. If 'id' is NULL use the

- * oid in the policy, otherwise use 'id'. This behaviour covers the two

- * types of data in RFC3280: data with from a CertificatePolcies extension

- * and additional data with just the qualifiers of anyPolicy and ID from

- * another source.

- */

-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)

-	{

-	X509_POLICY_DATA *ret;

-	if (!policy && !id)

-		return NULL;

-	ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));

-	if (!ret)

-		return NULL;

-	ret->expected_policy_set = sk_ASN1_OBJECT_new_null();

-	if (!ret->expected_policy_set)

-		{

-		OPENSSL_free(ret);

-		return NULL;

-		}

-	if (crit)

-		ret->flags = POLICY_DATA_FLAG_CRITICAL;

-	else

-		ret->flags = 0;

-	if (id)

-		ret->valid_policy = id;

-	else

-		{

-		ret->valid_policy = policy->policyid;

-		policy->policyid = NULL;

-		}

-	if (policy)

-		{

-		ret->qualifier_set = policy->qualifiers;

-		policy->qualifiers = NULL;

-		}

-	else

-		ret->qualifier_set = NULL;

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_int.h

+++ /dev/null

@@ -1,223 +1,0 @@

-/* pcy_int.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-DECLARE_STACK_OF(X509_POLICY_DATA)

-DECLARE_STACK_OF(X509_POLICY_REF)

-DECLARE_STACK_OF(X509_POLICY_NODE)

-typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;

-typedef struct X509_POLICY_REF_st X509_POLICY_REF;

-/* Internal structures */

-/* This structure and the field names correspond to the Policy 'node' of

- * RFC3280. NB this structure contains no pointers to parent or child

- * data: X509_POLICY_NODE contains that. This means that the main policy data

- * can be kept static and cached with the certificate.

- */

-struct X509_POLICY_DATA_st

-	{

-	unsigned int flags;

-	/* Policy OID and qualifiers for this data */

-	ASN1_OBJECT *valid_policy;

-	STACK_OF(POLICYQUALINFO) *qualifier_set;

-	STACK_OF(ASN1_OBJECT) *expected_policy_set;

-	};

-/* X509_POLICY_DATA flags values */

-/* This flag indicates the structure has been mapped using a policy mapping

- * extension. If policy mapping is not active its references get deleted.

- */

-#define POLICY_DATA_FLAG_MAPPED			0x1

-/* This flag indicates the data doesn't correspond to a policy in Certificate

- * Policies: it has been mapped to any policy.

- */

-#define POLICY_DATA_FLAG_MAPPED_ANY		0x2

-/* AND with flags to see if any mapping has occurred */

-#define POLICY_DATA_FLAG_MAP_MASK		0x3

-/* qualifiers are shared and shouldn't be freed */

-#define POLICY_DATA_FLAG_SHARED_QUALIFIERS	0x4

-/* Parent node is an extra node and should be freed */

-#define POLICY_DATA_FLAG_EXTRA_NODE		0x8

-/* Corresponding CertificatePolicies is critical */

-#define POLICY_DATA_FLAG_CRITICAL		0x10

-/* This structure is an entry from a table of mapped policies which

- * cross reference the policy it refers to.

- */

-struct X509_POLICY_REF_st

-	{

-	ASN1_OBJECT *subjectDomainPolicy;

-	const X509_POLICY_DATA *data;

-	};

-/* This structure is cached with a certificate */

-struct X509_POLICY_CACHE_st {

-	/* anyPolicy data or NULL if no anyPolicy */

-	X509_POLICY_DATA *anyPolicy;

-	/* other policy data */

-	STACK_OF(X509_POLICY_DATA) *data;

-	/* If policyMappings extension present a table of mapped policies */

-	STACK_OF(X509_POLICY_REF) *maps;

-	/* If InhibitAnyPolicy present this is its value or -1 if absent. */

-	long any_skip;

-	/* If policyConstraints and requireExplicitPolicy present this is its

-	 * value or -1 if absent.

-	 */

-	long explicit_skip;

-	/* If policyConstraints and policyMapping present this is its

-	 * value or -1 if absent.

-         */

-	long map_skip;

-	};

-/*#define POLICY_CACHE_FLAG_CRITICAL		POLICY_DATA_FLAG_CRITICAL*/

-/* This structure represents the relationship between nodes */

-struct X509_POLICY_NODE_st

-	{

-	/* node data this refers to */

-	const X509_POLICY_DATA *data;

-	/* Parent node */

-	X509_POLICY_NODE *parent;

-	/* Number of child nodes */

-	int nchild;

-	};

-struct X509_POLICY_LEVEL_st

-	{

-	/* Cert for this level */

-	X509 *cert;

-	/* nodes at this level */

-	STACK_OF(X509_POLICY_NODE) *nodes;

-	/* anyPolicy node */

-	X509_POLICY_NODE *anyPolicy;

-	/* Extra data */

-	/*STACK_OF(X509_POLICY_DATA) *extra_data;*/

-	unsigned int flags;

-	};

-struct X509_POLICY_TREE_st

-	{

-	/* This is the tree 'level' data */

-	X509_POLICY_LEVEL *levels;

-	int nlevel;

-	/* Extra policy data when additional nodes (not from the certificate)

-	 * are required.

-	 */

-	STACK_OF(X509_POLICY_DATA) *extra_data;

-	/* This is the authority constained policy set */

-	STACK_OF(X509_POLICY_NODE) *auth_policies;

-	STACK_OF(X509_POLICY_NODE) *user_policies;

-	unsigned int flags;

-	};

-/* Set if anyPolicy present in user policies */

-#define POLICY_FLAG_ANY_POLICY		0x2

-/* Useful macros */

-#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)

-#define node_critical(node) node_data_critical(node->data)

-/* Internal functions */

-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,

-								int crit);

-void policy_data_free(X509_POLICY_DATA *data);

-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,

-							const ASN1_OBJECT *id);

-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);

-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);

-void policy_cache_init(void);

-void policy_cache_free(X509_POLICY_CACHE *cache);

-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,

-					const ASN1_OBJECT *id);

-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,

-						const ASN1_OBJECT *id);

-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,

-			X509_POLICY_DATA *data,

-			X509_POLICY_NODE *parent,

-			X509_POLICY_TREE *tree);

-void policy_node_free(X509_POLICY_NODE *node);

-const X509_POLICY_CACHE *policy_cache_set(X509 *x);

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_lib.c

+++ /dev/null

@@ -1,167 +1,0 @@

-/* pcy_lib.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-/* accessor functions */

-/* X509_POLICY_TREE stuff */

-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)

-	{

-	if (!tree)

-		return 0;

-	return tree->nlevel;

-	}

-X509_POLICY_LEVEL *

-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i)

-	{

-	if (!tree || (i < 0) || (i >= tree->nlevel))

-		return NULL;

-	return tree->levels + i;

-	}

-STACK_OF(X509_POLICY_NODE) *

-		X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree)

-	{

-	if (!tree)

-		return NULL;

-	return tree->auth_policies;

-	}

-STACK_OF(X509_POLICY_NODE) *

-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree)

-	{

-	if (!tree)

-		return NULL;

-	if (tree->flags & POLICY_FLAG_ANY_POLICY)

-		return tree->auth_policies;

-	else

-		return tree->user_policies;

-	}

-/* X509_POLICY_LEVEL stuff */

-int X509_policy_level_node_count(X509_POLICY_LEVEL *level)

-	{

-	int n;

-	if (!level)

-		return 0;

-	if (level->anyPolicy)

-		n = 1;

-	else

-		n = 0;

-	if (level->nodes)

-		n += sk_X509_POLICY_NODE_num(level->nodes);

-	return n;

-	}

-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)

-	{

-	if (!level)

-		return NULL;

-	if (level->anyPolicy)

-		{

-		if (i == 0)

-			return level->anyPolicy;

-		i--;

-		}

-	return sk_X509_POLICY_NODE_value(level->nodes, i);

-	}

-/* X509_POLICY_NODE stuff */

-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)

-	{

-	if (!node)

-		return NULL;

-	return node->data->valid_policy;

-	}

-#if 0

-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)

-	{

-	if (node_critical(node))

-		return 1;

-	return 0;

-	}

-#endif

-STACK_OF(POLICYQUALINFO) *

-		X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)

-	{

-	if (!node)

-		return NULL;

-	return node->data->qualifier_set;

-	}

-const X509_POLICY_NODE *

-		X509_policy_node_get0_parent(const X509_POLICY_NODE *node)

-	{

-	if (!node)

-		return NULL;

-	return node->parent;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_map.c

+++ /dev/null

@@ -1,186 +1,0 @@

-/* pcy_map.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-static int ref_cmp(const X509_POLICY_REF * const *a,

-			const X509_POLICY_REF * const *b)

-	{

-	return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);

-	}

-static void policy_map_free(X509_POLICY_REF *map)

-	{

-	if (map->subjectDomainPolicy)

-		ASN1_OBJECT_free(map->subjectDomainPolicy);

-	OPENSSL_free(map);

-	}

-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id)

-	{

-	X509_POLICY_REF tmp;

-	int idx;

-	tmp.subjectDomainPolicy = id;

-	idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);

-	if (idx == -1)

-		return NULL;

-	return sk_X509_POLICY_REF_value(cache->maps, idx);

-	}

-/* Set policy mapping entries in cache.

- * Note: this modifies the passed POLICY_MAPPINGS structure

- */

-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)

-	{

-	POLICY_MAPPING *map;

-	X509_POLICY_REF *ref = NULL;

-	X509_POLICY_DATA *data;

-	X509_POLICY_CACHE *cache = x->policy_cache;

-	int i;

-	int ret = 0;

-	if (sk_POLICY_MAPPING_num(maps) == 0)

-		{

-		ret = -1;

-		goto bad_mapping;

-		}

-	cache->maps = sk_X509_POLICY_REF_new(ref_cmp);

-	for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)

-		{

-		map = sk_POLICY_MAPPING_value(maps, i);

-		/* Reject if map to or from anyPolicy */

-		if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)

-		   || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy))

-			{

-			ret = -1;

-			goto bad_mapping;

-			}

-		/* If we've already mapped from this OID bad mapping */

-		if (policy_map_find(cache, map->subjectDomainPolicy) != NULL)

-			{

-			ret = -1;

-			goto bad_mapping;

-			}

-		/* Attempt to find matching policy data */

-		data = policy_cache_find_data(cache, map->issuerDomainPolicy);

-		/* If we don't have anyPolicy can't map */

-		if (!data && !cache->anyPolicy)

-			continue;

-		/* Create a NODE from anyPolicy */

-		if (!data)

-			{

-			data = policy_data_new(NULL, map->issuerDomainPolicy,

-					cache->anyPolicy->flags

-						& POLICY_DATA_FLAG_CRITICAL);

-			if (!data)

-				goto bad_mapping;

-			data->qualifier_set = cache->anyPolicy->qualifier_set;

-			map->issuerDomainPolicy = NULL;

-			data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;

-			data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;

-			if (!sk_X509_POLICY_DATA_push(cache->data, data))

-				{

-				policy_data_free(data);

-				goto bad_mapping;

-				}

-			}

-		else

-			data->flags |= POLICY_DATA_FLAG_MAPPED;

-		if (!sk_ASN1_OBJECT_push(data->expected_policy_set,

-						map->subjectDomainPolicy))

-			goto bad_mapping;

-		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));

-		if (!ref)

-			goto bad_mapping;

-		ref->subjectDomainPolicy = map->subjectDomainPolicy;

-		map->subjectDomainPolicy = NULL;

-		ref->data = data;

-		if (!sk_X509_POLICY_REF_push(cache->maps, ref))

-			goto bad_mapping;

-		ref = NULL;

-		}

-	ret = 1;

-	bad_mapping:

-	if (ret == -1)

-		x->ex_flags |= EXFLAG_INVALID_POLICY;

-	if (ref)

-		policy_map_free(ref);

-	if (ret <= 0)

-		{

-		sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);

-		cache->maps = NULL;

-		}

-	sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_node.c

+++ /dev/null

@@ -1,158 +1,0 @@

-/* pcy_node.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/asn1.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-static int node_cmp(const X509_POLICY_NODE * const *a,

-			const X509_POLICY_NODE * const *b)

-	{

-	return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);

-	}

-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)

-	{

-	return sk_X509_POLICY_NODE_new(node_cmp);

-	}

-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,

-					const ASN1_OBJECT *id)

-	{

-	X509_POLICY_DATA n;

-	X509_POLICY_NODE l;

-	int idx;

-	n.valid_policy = (ASN1_OBJECT *)id;

-	l.data = &n;

-	idx = sk_X509_POLICY_NODE_find(nodes, &l);

-	if (idx == -1)

-		return NULL;

-	return sk_X509_POLICY_NODE_value(nodes, idx);

-	}

-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,

-					const ASN1_OBJECT *id)

-	{

-	return tree_find_sk(level->nodes, id);

-	}

-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,

-			X509_POLICY_DATA *data,

-			X509_POLICY_NODE *parent,

-			X509_POLICY_TREE *tree)

-	{

-	X509_POLICY_NODE *node;

-	node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));

-	if (!node)

-		return NULL;

-	node->data = data;

-	node->parent = parent;

-	node->nchild = 0;

-	if (level)

-		{

-		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)

-			{

-			if (level->anyPolicy)

-				goto node_error;

-			level->anyPolicy = node;

-			}

-		else

-			{

-			if (!level->nodes)

-				level->nodes = policy_node_cmp_new();

-			if (!level->nodes)

-				goto node_error;

-			if (!sk_X509_POLICY_NODE_push(level->nodes, node))

-				goto node_error;

-			}

-		}

-	if (tree)

-		{

-		if (!tree->extra_data)

-			 tree->extra_data = sk_X509_POLICY_DATA_new_null();

-		if (!tree->extra_data)

-			goto node_error;

-		if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))

-			goto node_error;

-		}

-	if (parent)

-		parent->nchild++;

-	return node;

-	node_error:

-	policy_node_free(node);

-	return 0;

-	}

-void policy_node_free(X509_POLICY_NODE *node)

-	{

-	OPENSSL_free(node);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/pcy_tree.c

+++ /dev/null

@@ -1,692 +1,0 @@

-/* pcy_tree.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2004.

- */

-/* ====================================================================

- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "cryptlib.h"

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-/* Initialize policy tree. Return values:

- *  0 Some internal error occured.

- * -1 Inconsistent or invalid extensions in certificates.

- *  1 Tree initialized OK.

- *  2 Policy tree is empty.

- *  5 Tree OK and requireExplicitPolicy true.

- *  6 Tree empty and requireExplicitPolicy true.

- */

-static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,

-			unsigned int flags)

-	{

-	X509_POLICY_TREE *tree;

-	X509_POLICY_LEVEL *level;

-	const X509_POLICY_CACHE *cache;

-	X509_POLICY_DATA *data = NULL;

-	X509 *x;

-	int ret = 1;

-	int i, n;

-	int explicit_policy;

-	int any_skip;

-	int map_skip;

-	*ptree = NULL;

-	n = sk_X509_num(certs);

-	/* Disable policy mapping for now... */

-	flags |= X509_V_FLAG_INHIBIT_MAP;

-	if (flags & X509_V_FLAG_EXPLICIT_POLICY)

-		explicit_policy = 0;

-	else

-		explicit_policy = n + 1;

-	if (flags & X509_V_FLAG_INHIBIT_ANY)

-		any_skip = 0;

-	else

-		any_skip = n + 1;

-	if (flags & X509_V_FLAG_INHIBIT_MAP)

-		map_skip = 0;

-	else

-		map_skip = n + 1;

-	/* Can't do anything with just a trust anchor */

-	if (n == 1)

-		return 1;

-	/* First setup policy cache in all certificates apart from the

-	 * trust anchor. Note any bad cache results on the way. Also can

-	 * calculate explicit_policy value at this point.

-	 */

-	for (i = n - 2; i >= 0; i--)

-		{

-		x = sk_X509_value(certs, i);

-		X509_check_purpose(x, -1, -1);

-		cache = policy_cache_set(x);

-		/* If cache NULL something bad happened: return immediately */

-		if (cache == NULL)

-			return 0;

-		/* If inconsistent extensions keep a note of it but continue */

-		if (x->ex_flags & EXFLAG_INVALID_POLICY)

-			ret = -1;

-		/* Otherwise if we have no data (hence no CertificatePolicies)

-		 * and haven't already set an inconsistent code note it.

-		 */

-		else if ((ret == 1) && !cache->data)

-			ret = 2;

-		if (explicit_policy > 0)

-			{

-			explicit_policy--;

-			if (!(x->ex_flags & EXFLAG_SS)

-				&& (cache->explicit_skip != -1)

-				&& (cache->explicit_skip < explicit_policy))

-				explicit_policy = cache->explicit_skip;

-			}

-		}

-	if (ret != 1)

-		{

-		if (ret == 2 && !explicit_policy)

-			return 6;

-		return ret;

-		}

-	/* If we get this far initialize the tree */

-	tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));

-	if (!tree)

-		return 0;

-	tree->flags = 0;

-	tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);

-	tree->nlevel = 0;

-	tree->extra_data = NULL;

-	tree->auth_policies = NULL;

-	tree->user_policies = NULL;

-	if (!tree)

-		{

-		OPENSSL_free(tree);

-		return 0;

-		}

-	memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));

-	tree->nlevel = n;

-	level = tree->levels;

-	/* Root data: initialize to anyPolicy */

-	data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);

-	if (!data || !level_add_node(level, data, NULL, tree))

-		goto bad_tree;

-	for (i = n - 2; i >= 0; i--)

-		{

-		level++;

-		x = sk_X509_value(certs, i);

-		cache = policy_cache_set(x);

-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

-		level->cert = x;

-		if (!cache->anyPolicy)

-				level->flags |= X509_V_FLAG_INHIBIT_ANY;

-		/* Determine inhibit any and inhibit map flags */

-		if (any_skip == 0)

-			{

-			/* Any matching allowed if certificate is self

-			 * issued and not the last in the chain.

-			 */

-			if (!(x->ex_flags & EXFLAG_SS) || (i == 0))

-				level->flags |= X509_V_FLAG_INHIBIT_ANY;

-			}

-		else

-			{

-			any_skip--;

-			if ((cache->any_skip > 0)

-				&& (cache->any_skip < any_skip))

-				any_skip = cache->any_skip;

-			}

-		if (map_skip == 0)

-			level->flags |= X509_V_FLAG_INHIBIT_MAP;

-		else

-			{

-			map_skip--;

-			if ((cache->map_skip > 0)

-				&& (cache->map_skip < map_skip))

-				map_skip = cache->map_skip;

-			}

-		}

-	*ptree = tree;

-	if (explicit_policy)

-		return 1;

-	else

-		return 5;

-	bad_tree:

-	X509_policy_tree_free(tree);

-	return 0;

-	}

-/* This corresponds to RFC3280 XXXX XXXXX:

- * link any data from CertificatePolicies onto matching parent

- * or anyPolicy if no match.

- */

-static int tree_link_nodes(X509_POLICY_LEVEL *curr,

-				const X509_POLICY_CACHE *cache)

-	{

-	int i;

-	X509_POLICY_LEVEL *last;

-	X509_POLICY_DATA *data;

-	X509_POLICY_NODE *parent;

-	last = curr - 1;

-	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)

-		{

-		data = sk_X509_POLICY_DATA_value(cache->data, i);

-		/* If a node is mapped any it doesn't have a corresponding

-		 * CertificatePolicies entry.

-		 * However such an identical node would be created

-		 * if anyPolicy matching is enabled because there would be

-		 * no match with the parent valid_policy_set. So we create

-		 * link because then it will have the mapping flags

-		 * right and we can prune it later.

-		 */

-		if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)

-			&& !(curr->flags & X509_V_FLAG_INHIBIT_ANY))

-			continue;

-		/* Look for matching node in parent */

-		parent = level_find_node(last, data->valid_policy);

-		/* If no match link to anyPolicy */

-		if (!parent)

-			parent = last->anyPolicy;

-		if (parent && !level_add_node(curr, data, parent, NULL))

-				return 0;

-		}

-	return 1;

-	}

-/* This corresponds to RFC3280 XXXX XXXXX:

- * Create new data for any unmatched policies in the parent and link

- * to anyPolicy.

- */

-static int tree_link_any(X509_POLICY_LEVEL *curr,

-			const X509_POLICY_CACHE *cache,

-			X509_POLICY_TREE *tree)

-	{

-	int i;

-	X509_POLICY_DATA *data;

-	X509_POLICY_NODE *node;

-	X509_POLICY_LEVEL *last;

-	last = curr - 1;

-	for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)

-		{

-		node = sk_X509_POLICY_NODE_value(last->nodes, i);

-		/* Skip any node with any children: we only want unmathced

-		 * nodes.

-		 *

-		 * Note: need something better for policy mapping

-		 * because each node may have multiple children

-		 */

-		if (node->nchild)

-			continue;

-		/* Create a new node with qualifiers from anyPolicy and

-		 * id from unmatched node.

-		 */

-		data = policy_data_new(NULL, node->data->valid_policy,

-						node_critical(node));

-		if (data == NULL)

-			return 0;

-		data->qualifier_set = curr->anyPolicy->data->qualifier_set;

-		data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;

-		if (!level_add_node(curr, data, node, tree))

-			{

-			policy_data_free(data);

-			return 0;

-			}

-		}

-	/* Finally add link to anyPolicy */

-	if (last->anyPolicy)

-		{

-		if (!level_add_node(curr, cache->anyPolicy,

-						last->anyPolicy, NULL))

-			return 0;

-		}

-	return 1;

-	}

-/* Prune the tree: delete any child mapped child data on the current level

- * then proceed up the tree deleting any data with no children. If we ever

- * have no data on a level we can halt because the tree will be empty.

- */

-static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)

-	{

-	X509_POLICY_NODE *node;

-	int i;

-	for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)

-		{

-		node = sk_X509_POLICY_NODE_value(curr->nodes, i);

-		/* Delete any mapped data: see RFC3280 XXXX */

-		if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)

-			{

-			node->parent->nchild--;

-			OPENSSL_free(node);

-			(void)sk_X509_POLICY_NODE_delete(curr->nodes, i);

-			}

-		}

-	for(;;)	{

-		--curr;

-		for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)

-			{

-			node = sk_X509_POLICY_NODE_value(curr->nodes, i);

-			if (node->nchild == 0)

-				{

-				node->parent->nchild--;

-				OPENSSL_free(node);

-				(void)sk_X509_POLICY_NODE_delete(curr->nodes, i);

-				}

-			}

-		if (curr->anyPolicy && !curr->anyPolicy->nchild)

-			{

-			if (curr->anyPolicy->parent)

-				curr->anyPolicy->parent->nchild--;

-			OPENSSL_free(curr->anyPolicy);

-			curr->anyPolicy = NULL;

-			}

-		if (curr == tree->levels)

-			{

-			/* If we zapped anyPolicy at top then tree is empty */

-			if (!curr->anyPolicy)

-					return 2;

-			return 1;

-			}

-		}

-	return 1;

-	}

-static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,

-						 X509_POLICY_NODE *pcy)

-	{

-	if (!*pnodes)

-		{

-		*pnodes = policy_node_cmp_new();

-		if (!*pnodes)

-			return 0;

-		}

-	else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)

-		return 1;

-	if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))

-		return 0;

-	return 1;

-	}

-/* Calculate the authority set based on policy tree.

- * The 'pnodes' parameter is used as a store for the set of policy nodes

- * used to calculate the user set. If the authority set is not anyPolicy

- * then pnodes will just point to the authority set. If however the authority

- * set is anyPolicy then the set of valid policies (other than anyPolicy)

- * is store in pnodes. The return value of '2' is used in this case to indicate

- * that pnodes should be freed.

- */

-static int tree_calculate_authority_set(X509_POLICY_TREE *tree,

-					STACK_OF(X509_POLICY_NODE) **pnodes)

-	{

-	X509_POLICY_LEVEL *curr;

-	X509_POLICY_NODE *node, *anyptr;

-	STACK_OF(X509_POLICY_NODE) **addnodes;

-	int i, j;

-	curr = tree->levels + tree->nlevel - 1;

-	/* If last level contains anyPolicy set is anyPolicy */

-	if (curr->anyPolicy)

-		{

-		if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))

-			return 0;

-		addnodes = pnodes;

-		}

-	else

-		/* Add policies to authority set */

-		addnodes = &tree->auth_policies;

-	curr = tree->levels;

-	for (i = 1; i < tree->nlevel; i++)

-		{

-		/* If no anyPolicy node on this this level it can't

-		 * appear on lower levels so end search.

-		 */

-		if (!(anyptr = curr->anyPolicy))

-			break;

-		curr++;

-		for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++)

-			{

-			node = sk_X509_POLICY_NODE_value(curr->nodes, j);

-			if ((node->parent == anyptr)

-				&& !tree_add_auth_node(addnodes, node))

-					return 0;

-			}

-		}

-	if (addnodes == pnodes)

-		return 2;

-	*pnodes = tree->auth_policies;

-	return 1;

-	}

-static int tree_calculate_user_set(X509_POLICY_TREE *tree,

-				STACK_OF(ASN1_OBJECT) *policy_oids,

-				STACK_OF(X509_POLICY_NODE) *auth_nodes)

-	{

-	int i;

-	X509_POLICY_NODE *node;

-	ASN1_OBJECT *oid;

-	X509_POLICY_NODE *anyPolicy;

-	X509_POLICY_DATA *extra;

-	/* Check if anyPolicy present in authority constrained policy set:

-	 * this will happen if it is a leaf node.

-	 */

-	if (sk_ASN1_OBJECT_num(policy_oids) <= 0)

-		return 1;

-	anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;

-	for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)

-		{

-		oid = sk_ASN1_OBJECT_value(policy_oids, i);

-		if (OBJ_obj2nid(oid) == NID_any_policy)

-			{

-			tree->flags |= POLICY_FLAG_ANY_POLICY;

-			return 1;

-			}

-		}

-	for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)

-		{

-		oid = sk_ASN1_OBJECT_value(policy_oids, i);

-		node = tree_find_sk(auth_nodes, oid);

-		if (!node)

-			{

-			if (!anyPolicy)

-				continue;

-			/* Create a new node with policy ID from user set

-			 * and qualifiers from anyPolicy.

-			 */

-			extra = policy_data_new(NULL, oid,

-						node_critical(anyPolicy));

-			if (!extra)

-				return 0;

-			extra->qualifier_set = anyPolicy->data->qualifier_set;

-			extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS

-						| POLICY_DATA_FLAG_EXTRA_NODE;

-			node = level_add_node(NULL, extra, anyPolicy->parent,

-						tree);

-			}

-		if (!tree->user_policies)

-			{

-			tree->user_policies = sk_X509_POLICY_NODE_new_null();

-			if (!tree->user_policies)

-				return 1;

-			}

-		if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))

-			return 0;

-		}

-	return 1;

-	}

-static int tree_evaluate(X509_POLICY_TREE *tree)

-	{

-	int ret, i;

-	X509_POLICY_LEVEL *curr = tree->levels + 1;

-	const X509_POLICY_CACHE *cache;

-	for(i = 1; i < tree->nlevel; i++, curr++)

-		{

-		cache = policy_cache_set(curr->cert);

-		if (!tree_link_nodes(curr, cache))

-			return 0;

-		if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)

-			&& !tree_link_any(curr, cache, tree))

-			return 0;

-		ret = tree_prune(tree, curr);

-		if (ret != 1)

-			return ret;

-		}

-	return 1;

-	}

-static void exnode_free(X509_POLICY_NODE *node)

-	{

-	if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))

-		OPENSSL_free(node);

-	}

-void X509_policy_tree_free(X509_POLICY_TREE *tree)

-	{

-	X509_POLICY_LEVEL *curr;

-	int i;

-	if (!tree)

-		return;

-	sk_X509_POLICY_NODE_free(tree->auth_policies);

-	sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);

-	for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++)

-		{

-		if (curr->cert)

-			X509_free(curr->cert);

-		if (curr->nodes)

-			sk_X509_POLICY_NODE_pop_free(curr->nodes,

-						policy_node_free);

-		if (curr->anyPolicy)

-			policy_node_free(curr->anyPolicy);

-		}

-	if (tree->extra_data)

-		sk_X509_POLICY_DATA_pop_free(tree->extra_data,

-						policy_data_free);

-	OPENSSL_free(tree->levels);

-	OPENSSL_free(tree);

-	}

-/* Application policy checking function.

- * Return codes:

- *  0 	Internal Error.

- *  1   Successful.

- * -1   One or more certificates contain invalid or inconsistent extensions

- * -2	User constrained policy set empty and requireExplicit true.

- */

-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,

-			STACK_OF(X509) *certs,

-			STACK_OF(ASN1_OBJECT) *policy_oids,

-			unsigned int flags)

-	{

-	int ret;

-	X509_POLICY_TREE *tree = NULL;

-	STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;

-	*ptree = NULL;

-	*pexplicit_policy = 0;

-	ret = tree_init(&tree, certs, flags);

-	switch (ret)

-		{

-		/* Tree empty requireExplicit False: OK */

-		case 2:

-		return 1;

-		/* Some internal error */

-		case 0:

-		return 0;

-		/* Tree empty requireExplicit True: Error */

-		case 6:

-		*pexplicit_policy = 1;

-		return -2;

-		/* Tree OK requireExplicit True: OK and continue */

-		case 5:

-		*pexplicit_policy = 1;

-		break;

-		/* Tree OK: continue */

-		case 1:

-		if (!tree)

-			/*

-			 * tree_init() returns success and a null tree

-			 * if it's just looking at a trust anchor.

-			 * I'm not sure that returning success here is

-			 * correct, but I'm sure that reporting this

-			 * as an internal error which our caller

-			 * interprets as a malloc failure is wrong.

-			 */

-			return 1;

-		break;

-		}

-	if (!tree) goto error;

-	ret = tree_evaluate(tree);

-	if (ret <= 0)

-		goto error;

-	/* Return value 2 means tree empty */

-	if (ret == 2)

-		{

-		X509_policy_tree_free(tree);

-		if (*pexplicit_policy)

-			return -2;

-		else

-			return 1;

-		}

-	/* Tree is not empty: continue */

-	ret = tree_calculate_authority_set(tree, &auth_nodes);

-	if (!ret)

-		goto error;

-	if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))

-		goto error;

-	if (ret == 2)

-		sk_X509_POLICY_NODE_free(auth_nodes);

-	if (tree)

-		*ptree = tree;

-	if (*pexplicit_policy)

-		{

-		nodes = X509_policy_tree_get0_user_policies(tree);

-		if (sk_X509_POLICY_NODE_num(nodes) <= 0)

-			return -2;

-		}

-	return 1;

-	error:

-	X509_policy_tree_free(tree);

-	return 0;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/tabtest.c

+++ /dev/null

@@ -1,88 +1,0 @@

-/* tabtest.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Simple program to check the ext_dat.h is correct and print out

- * problems if it is not.

- */

-#include <stdio.h>

-#include <openssl/x509v3.h>

-#include "ext_dat.h"

-main()

-{

-	int i, prev = -1, bad = 0;

-	X509V3_EXT_METHOD **tmp;

-	i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);

-	if(i != STANDARD_EXTENSION_COUNT)

-		fprintf(stderr, "Extension number invalid expecting %d\n", i);

-	tmp = standard_exts;

-	for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {

-		if((*tmp)->ext_nid < prev) bad = 1;

-		prev = (*tmp)->ext_nid;

-	}

-	if(bad) {

-		tmp = standard_exts;

-		fprintf(stderr, "Extensions out of order!\n");

-		for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)

-		printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));

-	} else fprintf(stderr, "Order OK\n");

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_addr.c

+++ /dev/null

@@ -1,1280 +1,0 @@

-/*

- * Contributed to the OpenSSL Project by the American Registry for

- * Internet Numbers ("ARIN").

- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- */

-/*

- * Implementation of RFC 3779 section 2.2.

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <assert.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/buffer.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_RFC3779

-/*

- * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.

- */

-ASN1_SEQUENCE(IPAddressRange) = {

-  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),

-  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)

-} ASN1_SEQUENCE_END(IPAddressRange)

-ASN1_CHOICE(IPAddressOrRange) = {

-  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),

-  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)

-} ASN1_CHOICE_END(IPAddressOrRange)

-ASN1_CHOICE(IPAddressChoice) = {

-  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),

-  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)

-} ASN1_CHOICE_END(IPAddressChoice)

-ASN1_SEQUENCE(IPAddressFamily) = {

-  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),

-  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)

-} ASN1_SEQUENCE_END(IPAddressFamily)

-ASN1_ITEM_TEMPLATE(IPAddrBlocks) =

-  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,

-			IPAddrBlocks, IPAddressFamily)

-ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)

-IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)

-IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)

-IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)

-IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)

-/*

- * How much buffer space do we need for a raw address?

- */

-#define ADDR_RAW_BUF_LEN	16

-/*

- * What's the address length associated with this AFI?

- */

-static int length_from_afi(const unsigned afi)

-{

-  switch (afi) {

-  case IANA_AFI_IPV4:

-    return 4;

-  case IANA_AFI_IPV6:

-    return 16;

-  default:

-    return 0;

-  }

-}

-/*

- * Extract the AFI from an IPAddressFamily.

- */

-unsigned v3_addr_get_afi(const IPAddressFamily *f)

-{

-  return ((f != NULL &&

-	   f->addressFamily != NULL &&

-	   f->addressFamily->data != NULL)

-	  ? ((f->addressFamily->data[0] << 8) |

-	     (f->addressFamily->data[1]))

-	  : 0);

-}

-/*

- * Expand the bitstring form of an address into a raw byte array.

- * At the moment this is coded for simplicity, not speed.

- */

-static void addr_expand(unsigned char *addr,

-			const ASN1_BIT_STRING *bs,

-			const int length,

-			const unsigned char fill)

-{

-  assert(bs->length >= 0 && bs->length <= length);

-  if (bs->length > 0) {

-    memcpy(addr, bs->data, bs->length);

-    if ((bs->flags & 7) != 0) {

-      unsigned char mask = 0xFF >> (8 - (bs->flags & 7));

-      if (fill == 0)

-	addr[bs->length - 1] &= ~mask;

-      else

-	addr[bs->length - 1] |= mask;

-    }

-  }

-  memset(addr + bs->length, fill, length - bs->length);

-}

-/*

- * Extract the prefix length from a bitstring.

- */

-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))

-/*

- * i2r handler for one address bitstring.

- */

-static int i2r_address(BIO *out,

-		       const unsigned afi,

-		       const unsigned char fill,

-		       const ASN1_BIT_STRING *bs)

-{

-  unsigned char addr[ADDR_RAW_BUF_LEN];

-  int i, n;

-  switch (afi) {

-  case IANA_AFI_IPV4:

-    addr_expand(addr, bs, 4, fill);

-    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);

-    break;

-  case IANA_AFI_IPV6:

-    addr_expand(addr, bs, 16, fill);

-    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)

-      ;

-    for (i = 0; i < n; i += 2)

-      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));

-    if (i < 16)

-      BIO_puts(out, ":");

-    break;

-  default:

-    for (i = 0; i < bs->length; i++)

-      BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);

-    BIO_printf(out, "[%d]", (int) (bs->flags & 7));

-    break;

-  }

-  return 1;

-}

-/*

- * i2r handler for a sequence of addresses and ranges.

- */

-static int i2r_IPAddressOrRanges(BIO *out,

-				 const int indent,

-				 const IPAddressOrRanges *aors,

-				 const unsigned afi)

-{

-  int i;

-  for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {

-    const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);

-    BIO_printf(out, "%*s", indent, "");

-    switch (aor->type) {

-    case IPAddressOrRange_addressPrefix:

-      if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))

-	return 0;

-      BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));

-      continue;

-    case IPAddressOrRange_addressRange:

-      if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))

-	return 0;

-      BIO_puts(out, "-");

-      if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))

-	return 0;

-      BIO_puts(out, "\n");

-      continue;

-    }

-  }

-  return 1;

-}

-/*

- * i2r handler for an IPAddrBlocks extension.

- */

-static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,

-			    void *ext,

-			    BIO *out,

-			    int indent)

-{

-  const IPAddrBlocks *addr = ext;

-  int i;

-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {

-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);

-    const unsigned afi = v3_addr_get_afi(f);

-    switch (afi) {

-    case IANA_AFI_IPV4:

-      BIO_printf(out, "%*sIPv4", indent, "");

-      break;

-    case IANA_AFI_IPV6:

-      BIO_printf(out, "%*sIPv6", indent, "");

-      break;

-    default:

-      BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);

-      break;

-    }

-    if (f->addressFamily->length > 2) {

-      switch (f->addressFamily->data[2]) {

-      case   1:

-	BIO_puts(out, " (Unicast)");

-	break;

-      case   2:

-	BIO_puts(out, " (Multicast)");

-	break;

-      case   3:

-	BIO_puts(out, " (Unicast/Multicast)");

-	break;

-      case   4:

-	BIO_puts(out, " (MPLS)");

-	break;

-      case  64:

-	BIO_puts(out, " (Tunnel)");

-	break;

-      case  65:

-	BIO_puts(out, " (VPLS)");

-	break;

-      case  66:

-	BIO_puts(out, " (BGP MDT)");

-	break;

-      case 128:

-	BIO_puts(out, " (MPLS-labeled VPN)");

-	break;

-      default:

-	BIO_printf(out, " (Unknown SAFI %u)",

-		   (unsigned) f->addressFamily->data[2]);

-	break;

-      }

-    }

-    switch (f->ipAddressChoice->type) {

-    case IPAddressChoice_inherit:

-      BIO_puts(out, ": inherit\n");

-      break;

-    case IPAddressChoice_addressesOrRanges:

-      BIO_puts(out, ":\n");

-      if (!i2r_IPAddressOrRanges(out,

-				 indent + 2,

-				 f->ipAddressChoice->u.addressesOrRanges,

-				 afi))

-	return 0;

-      break;

-    }

-  }

-  return 1;

-}

-/*

- * Sort comparison function for a sequence of IPAddressOrRange

- * elements.

- */

-static int IPAddressOrRange_cmp(const IPAddressOrRange *a,

-				const IPAddressOrRange *b,

-				const int length)

-{

-  unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];

-  int prefixlen_a = 0;

-  int prefixlen_b = 0;

-  int r;

-  switch (a->type) {

-  case IPAddressOrRange_addressPrefix:

-    addr_expand(addr_a, a->u.addressPrefix, length, 0x00);

-    prefixlen_a = addr_prefixlen(a->u.addressPrefix);

-    break;

-  case IPAddressOrRange_addressRange:

-    addr_expand(addr_a, a->u.addressRange->min, length, 0x00);

-    prefixlen_a = length * 8;

-    break;

-  }

-  switch (b->type) {

-  case IPAddressOrRange_addressPrefix:

-    addr_expand(addr_b, b->u.addressPrefix, length, 0x00);

-    prefixlen_b = addr_prefixlen(b->u.addressPrefix);

-    break;

-  case IPAddressOrRange_addressRange:

-    addr_expand(addr_b, b->u.addressRange->min, length, 0x00);

-    prefixlen_b = length * 8;

-    break;

-  }

-  if ((r = memcmp(addr_a, addr_b, length)) != 0)

-    return r;

-  else

-    return prefixlen_a - prefixlen_b;

-}

-/*

- * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()

- * comparision routines are only allowed two arguments.

- */

-static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,

-				  const IPAddressOrRange * const *b)

-{

-  return IPAddressOrRange_cmp(*a, *b, 4);

-}

-/*

- * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()

- * comparision routines are only allowed two arguments.

- */

-static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,

-				  const IPAddressOrRange * const *b)

-{

-  return IPAddressOrRange_cmp(*a, *b, 16);

-}

-/*

- * Calculate whether a range collapses to a prefix.

- * See last paragraph of RFC 3779 2.2.3.7.

- */

-static int range_should_be_prefix(const unsigned char *min,

-				  const unsigned char *max,

-				  const int length)

-{

-  unsigned char mask;

-  int i, j;

-  for (i = 0; i < length && min[i] == max[i]; i++)

-    ;

-  for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)

-    ;

-  if (i < j)

-    return -1;

-  if (i > j)

-    return i * 8;

-  mask = min[i] ^ max[i];

-  switch (mask) {

-  case 0x01: j = 7; break;

-  case 0x03: j = 6; break;

-  case 0x07: j = 5; break;

-  case 0x0F: j = 4; break;

-  case 0x1F: j = 3; break;

-  case 0x3F: j = 2; break;

-  case 0x7F: j = 1; break;

-  default:   return -1;

-  }

-  if ((min[i] & mask) != 0 || (max[i] & mask) != mask)

-    return -1;

-  else

-    return i * 8 + j;

-}

-/*

- * Construct a prefix.

- */

-static int make_addressPrefix(IPAddressOrRange **result,

-			      unsigned char *addr,

-			      const int prefixlen)

-{

-  int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;

-  IPAddressOrRange *aor = IPAddressOrRange_new();

-  if (aor == NULL)

-    return 0;

-  aor->type = IPAddressOrRange_addressPrefix;

-  if (aor->u.addressPrefix == NULL &&

-      (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)

-    goto err;

-  if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))

-    goto err;

-  aor->u.addressPrefix->flags &= ~7;

-  aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;

-  if (bitlen > 0) {

-    aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);

-    aor->u.addressPrefix->flags |= 8 - bitlen;

-  }

-  *result = aor;

-  return 1;

- err:

-  IPAddressOrRange_free(aor);

-  return 0;

-}

-/*

- * Construct a range.  If it can be expressed as a prefix,

- * return a prefix instead.  Doing this here simplifies

- * the rest of the code considerably.

- */

-static int make_addressRange(IPAddressOrRange **result,

-			     unsigned char *min,

-			     unsigned char *max,

-			     const int length)

-{

-  IPAddressOrRange *aor;

-  int i, prefixlen;

-  if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)

-    return make_addressPrefix(result, min, prefixlen);

-  if ((aor = IPAddressOrRange_new()) == NULL)

-    return 0;

-  aor->type = IPAddressOrRange_addressRange;

-  assert(aor->u.addressRange == NULL);

-  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)

-    goto err;

-  if (aor->u.addressRange->min == NULL &&

-      (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)

-    goto err;

-  if (aor->u.addressRange->max == NULL &&

-      (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)

-    goto err;

-  for (i = length; i > 0 && min[i - 1] == 0x00; --i)

-    ;

-  if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))

-    goto err;

-  aor->u.addressRange->min->flags &= ~7;

-  aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;

-  if (i > 0) {

-    unsigned char b = min[i - 1];

-    int j = 1;

-    while ((b & (0xFFU >> j)) != 0)

-      ++j;

-    aor->u.addressRange->min->flags |= 8 - j;

-  }

-  for (i = length; i > 0 && max[i - 1] == 0xFF; --i)

-    ;

-  if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))

-    goto err;

-  aor->u.addressRange->max->flags &= ~7;

-  aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;

-  if (i > 0) {

-    unsigned char b = max[i - 1];

-    int j = 1;

-    while ((b & (0xFFU >> j)) != (0xFFU >> j))

-      ++j;

-    aor->u.addressRange->max->flags |= 8 - j;

-  }

-  *result = aor;

-  return 1;

- err:

-  IPAddressOrRange_free(aor);

-  return 0;

-}

-/*

- * Construct a new address family or find an existing one.

- */

-static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,

-					     const unsigned afi,

-					     const unsigned *safi)

-{

-  IPAddressFamily *f;

-  unsigned char key[3];

-  unsigned keylen;

-  int i;

-  key[0] = (afi >> 8) & 0xFF;

-  key[1] = afi & 0xFF;

-  if (safi != NULL) {

-    key[2] = *safi & 0xFF;

-    keylen = 3;

-  } else {

-    keylen = 2;

-  }

-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {

-    f = sk_IPAddressFamily_value(addr, i);

-    assert(f->addressFamily->data != NULL);

-    if (f->addressFamily->length == keylen &&

-	!memcmp(f->addressFamily->data, key, keylen))

-      return f;

-  }

-  if ((f = IPAddressFamily_new()) == NULL)

-    goto err;

-  if (f->ipAddressChoice == NULL &&

-      (f->ipAddressChoice = IPAddressChoice_new()) == NULL)

-    goto err;

-  if (f->addressFamily == NULL &&

-      (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)

-    goto err;

-  if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))

-    goto err;

-  if (!sk_IPAddressFamily_push(addr, f))

-    goto err;

-  return f;

- err:

-  IPAddressFamily_free(f);

-  return NULL;

-}

-/*

- * Add an inheritance element.

- */

-int v3_addr_add_inherit(IPAddrBlocks *addr,

-			const unsigned afi,

-			const unsigned *safi)

-{

-  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);

-  if (f == NULL ||

-      f->ipAddressChoice == NULL ||

-      (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&

-       f->ipAddressChoice->u.addressesOrRanges != NULL))

-    return 0;

-  if (f->ipAddressChoice->type == IPAddressChoice_inherit &&

-      f->ipAddressChoice->u.inherit != NULL)

-    return 1;

-  if (f->ipAddressChoice->u.inherit == NULL &&

-      (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)

-    return 0;

-  f->ipAddressChoice->type = IPAddressChoice_inherit;

-  return 1;

-}

-/*

- * Construct an IPAddressOrRange sequence, or return an existing one.

- */

-static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,

-					       const unsigned afi,

-					       const unsigned *safi)

-{

-  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);

-  IPAddressOrRanges *aors = NULL;

-  if (f == NULL ||

-      f->ipAddressChoice == NULL ||

-      (f->ipAddressChoice->type == IPAddressChoice_inherit &&

-       f->ipAddressChoice->u.inherit != NULL))

-    return NULL;

-  if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)

-    aors = f->ipAddressChoice->u.addressesOrRanges;

-  if (aors != NULL)

-    return aors;

-  if ((aors = sk_IPAddressOrRange_new_null()) == NULL)

-    return NULL;

-  switch (afi) {

-  case IANA_AFI_IPV4:

-    sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);

-    break;

-  case IANA_AFI_IPV6:

-    sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);

-    break;

-  }

-  f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;

-  f->ipAddressChoice->u.addressesOrRanges = aors;

-  return aors;

-}

-/*

- * Add a prefix.

- */

-int v3_addr_add_prefix(IPAddrBlocks *addr,

-		       const unsigned afi,

-		       const unsigned *safi,

-		       unsigned char *a,

-		       const int prefixlen)

-{

-  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);

-  IPAddressOrRange *aor;

-  if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))

-    return 0;

-  if (sk_IPAddressOrRange_push(aors, aor))

-    return 1;

-  IPAddressOrRange_free(aor);

-  return 0;

-}

-/*

- * Add a range.

- */

-int v3_addr_add_range(IPAddrBlocks *addr,

-		      const unsigned afi,

-		      const unsigned *safi,

-		      unsigned char *min,

-		      unsigned char *max)

-{

-  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);

-  IPAddressOrRange *aor;

-  int length = length_from_afi(afi);

-  if (aors == NULL)

-    return 0;

-  if (!make_addressRange(&aor, min, max, length))

-    return 0;

-  if (sk_IPAddressOrRange_push(aors, aor))

-    return 1;

-  IPAddressOrRange_free(aor);

-  return 0;

-}

-/*

- * Extract min and max values from an IPAddressOrRange.

- */

-static void extract_min_max(IPAddressOrRange *aor,

-			    unsigned char *min,

-			    unsigned char *max,

-			    int length)

-{

-  assert(aor != NULL && min != NULL && max != NULL);

-  switch (aor->type) {

-  case IPAddressOrRange_addressPrefix:

-    addr_expand(min, aor->u.addressPrefix, length, 0x00);

-    addr_expand(max, aor->u.addressPrefix, length, 0xFF);

-    return;

-  case IPAddressOrRange_addressRange:

-    addr_expand(min, aor->u.addressRange->min, length, 0x00);

-    addr_expand(max, aor->u.addressRange->max, length, 0xFF);

-    return;

-  }

-}

-/*

- * Public wrapper for extract_min_max().

- */

-int v3_addr_get_range(IPAddressOrRange *aor,

-		      const unsigned afi,

-		      unsigned char *min,

-		      unsigned char *max,

-		      const int length)

-{

-  int afi_length = length_from_afi(afi);

-  if (aor == NULL || min == NULL || max == NULL ||

-      afi_length == 0 || length < afi_length ||

-      (aor->type != IPAddressOrRange_addressPrefix &&

-       aor->type != IPAddressOrRange_addressRange))

-    return 0;

-  extract_min_max(aor, min, max, afi_length);

-  return afi_length;

-}

-/*

- * Sort comparision function for a sequence of IPAddressFamily.

- *

- * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about

- * the ordering: I can read it as meaning that IPv6 without a SAFI

- * comes before IPv4 with a SAFI, which seems pretty weird.  The

- * examples in appendix B suggest that the author intended the

- * null-SAFI rule to apply only within a single AFI, which is what I

- * would have expected and is what the following code implements.

- */

-static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,

-			       const IPAddressFamily * const *b_)

-{

-  const ASN1_OCTET_STRING *a = (*a_)->addressFamily;

-  const ASN1_OCTET_STRING *b = (*b_)->addressFamily;

-  int len = ((a->length <= b->length) ? a->length : b->length);

-  int cmp = memcmp(a->data, b->data, len);

-  return cmp ? cmp : a->length - b->length;

-}

-/*

- * Check whether an IPAddrBLocks is in canonical form.

- */

-int v3_addr_is_canonical(IPAddrBlocks *addr)

-{

-  unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];

-  unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];

-  IPAddressOrRanges *aors;

-  int i, j, k;

-  /*

-   * Empty extension is cannonical.

-   */

-  if (addr == NULL)

-    return 1;

-  /*

-   * Check whether the top-level list is in order.

-   */

-  for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {

-    const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);

-    const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);

-    if (IPAddressFamily_cmp(&a, &b) >= 0)

-      return 0;

-  }

-  /*

-   * Top level's ok, now check each address family.

-   */

-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {

-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);

-    int length = length_from_afi(v3_addr_get_afi(f));

-    /*

-     * Inheritance is canonical.  Anything other than inheritance or

-     * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.

-     */

-    if (f == NULL || f->ipAddressChoice == NULL)

-      return 0;

-    switch (f->ipAddressChoice->type) {

-    case IPAddressChoice_inherit:

-      continue;

-    case IPAddressChoice_addressesOrRanges:

-      break;

-    default:

-      return 0;

-    }

-    /*

-     * It's an IPAddressOrRanges sequence, check it.

-     */

-    aors = f->ipAddressChoice->u.addressesOrRanges;

-    if (sk_IPAddressOrRange_num(aors) == 0)

-      return 0;

-    for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {

-      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);

-      IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);

-      extract_min_max(a, a_min, a_max, length);

-      extract_min_max(b, b_min, b_max, length);

-      /*

-       * Punt misordered list, overlapping start, or inverted range.

-       */

-      if (memcmp(a_min, b_min, length) >= 0 ||

-	  memcmp(a_min, a_max, length) > 0 ||

-	  memcmp(b_min, b_max, length) > 0)

-	return 0;

-      /*

-       * Punt if adjacent or overlapping.  Check for adjacency by

-       * subtracting one from b_min first.

-       */

-      for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)

-	;

-      if (memcmp(a_max, b_min, length) >= 0)

-	return 0;

-      /*

-       * Check for range that should be expressed as a prefix.

-       */

-      if (a->type == IPAddressOrRange_addressRange &&

-	  range_should_be_prefix(a_min, a_max, length) >= 0)

-	return 0;

-    }

-    /*

-     * Check final range to see if it should be a prefix.

-     */

-    j = sk_IPAddressOrRange_num(aors) - 1;

-    {

-      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);

-      if (a->type == IPAddressOrRange_addressRange) {

-	extract_min_max(a, a_min, a_max, length);

-	if (range_should_be_prefix(a_min, a_max, length) >= 0)

-	  return 0;

-      }

-    }

-  }

-  /*

-   * If we made it through all that, we're happy.

-   */

-  return 1;

-}

-/*

- * Whack an IPAddressOrRanges into canonical form.

- */

-static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,

-				      const unsigned afi)

-{

-  int i, j, length = length_from_afi(afi);

-  /*

-   * Sort the IPAddressOrRanges sequence.

-   */

-  sk_IPAddressOrRange_sort(aors);

-  /*

-   * Clean up representation issues, punt on duplicates or overlaps.

-   */

-  for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {

-    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);

-    IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);

-    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];

-    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];

-    extract_min_max(a, a_min, a_max, length);

-    extract_min_max(b, b_min, b_max, length);

-    /*

-     * Punt overlaps.

-     */

-    if (memcmp(a_max, b_min, length) >= 0)

-      return 0;

-    /*

-     * Merge if a and b are adjacent.  We check for

-     * adjacency by subtracting one from b_min first.

-     */

-    for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)

-      ;

-    if (memcmp(a_max, b_min, length) == 0) {

-      IPAddressOrRange *merged;

-      if (!make_addressRange(&merged, a_min, b_max, length))

-	return 0;

-      sk_IPAddressOrRange_set(aors, i, merged);

-      sk_IPAddressOrRange_delete(aors, i + 1);

-      IPAddressOrRange_free(a);

-      IPAddressOrRange_free(b);

-      --i;

-      continue;

-    }

-  }

-  return 1;

-}

-/*

- * Whack an IPAddrBlocks extension into canonical form.

- */

-int v3_addr_canonize(IPAddrBlocks *addr)

-{

-  int i;

-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {

-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);

-    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&

-	!IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,

-				    v3_addr_get_afi(f)))

-      return 0;

-  }

-  sk_IPAddressFamily_sort(addr);

-  assert(v3_addr_is_canonical(addr));

-  return 1;

-}

-/*

- * v2i handler for the IPAddrBlocks extension.

- */

-static void *v2i_IPAddrBlocks(struct v3_ext_method *method,

-			      struct v3_ext_ctx *ctx,

-			      STACK_OF(CONF_VALUE) *values)

-{

-  static const char v4addr_chars[] = "0123456789.";

-  static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";

-  IPAddrBlocks *addr = NULL;

-  char *s = NULL, *t;

-  int i;

-  if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {

-    X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);

-    return NULL;

-  }

-  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {

-    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);

-    unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];

-    unsigned afi, *safi = NULL, safi_;

-    const char *addr_chars;

-    int prefixlen, i1, i2, delim, length;

-    if (       !name_cmp(val->name, "IPv4")) {

-      afi = IANA_AFI_IPV4;

-    } else if (!name_cmp(val->name, "IPv6")) {

-      afi = IANA_AFI_IPV6;

-    } else if (!name_cmp(val->name, "IPv4-SAFI")) {

-      afi = IANA_AFI_IPV4;

-      safi = &safi_;

-    } else if (!name_cmp(val->name, "IPv6-SAFI")) {

-      afi = IANA_AFI_IPV6;

-      safi = &safi_;

-    } else {

-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);

-      X509V3_conf_err(val);

-      goto err;

-    }

-    switch (afi) {

-    case IANA_AFI_IPV4:

-      addr_chars = v4addr_chars;

-      break;

-    case IANA_AFI_IPV6:

-      addr_chars = v6addr_chars;

-      break;

-    }

-    length = length_from_afi(afi);

-    /*

-     * Handle SAFI, if any, and BUF_strdup() so we can null-terminate

-     * the other input values.

-     */

-    if (safi != NULL) {

-      *safi = strtoul(val->value, &t, 0);

-      t += strspn(t, " \t");

-      if (*safi > 0xFF || *t++ != ':') {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);

-	X509V3_conf_err(val);

-	goto err;

-      }

-      t += strspn(t, " \t");

-      s = BUF_strdup(t);

-    } else {

-      s = BUF_strdup(val->value);

-    }

-    if (s == NULL) {

-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);

-      goto err;

-    }

-    /*

-     * Check for inheritance.  Not worth additional complexity to

-     * optimize this (seldom-used) case.

-     */

-    if (!strcmp(s, "inherit")) {

-      if (!v3_addr_add_inherit(addr, afi, safi)) {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);

-	X509V3_conf_err(val);

-	goto err;

-      }

-      OPENSSL_free(s);

-      s = NULL;

-      continue;

-    }

-    i1 = strspn(s, addr_chars);

-    i2 = i1 + strspn(s + i1, " \t");

-    delim = s[i2++];

-    s[i1] = '\0';

-    if (a2i_ipadd(min, s) != length) {

-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);

-      X509V3_conf_err(val);

-      goto err;

-    }

-    switch (delim) {

-    case '/':

-      prefixlen = (int) strtoul(s + i2, &t, 10);

-      if (t == s + i2 || *t != '\0') {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);

-	X509V3_conf_err(val);

-	goto err;

-      }

-      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);

-	goto err;

-      }

-      break;

-    case '-':

-      i1 = i2 + strspn(s + i2, " \t");

-      i2 = i1 + strspn(s + i1, addr_chars);

-      if (i1 == i2 || s[i2] != '\0') {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);

-	X509V3_conf_err(val);

-	goto err;

-      }

-      if (a2i_ipadd(max, s + i1) != length) {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);

-	X509V3_conf_err(val);

-	goto err;

-      }

-      if (!v3_addr_add_range(addr, afi, safi, min, max)) {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);

-	goto err;

-      }

-      break;

-    case '\0':

-      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {

-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);

-	goto err;

-      }

-      break;

-    default:

-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);

-      X509V3_conf_err(val);

-      goto err;

-    }

-    OPENSSL_free(s);

-    s = NULL;

-  }

-  /*

-   * Canonize the result, then we're done.

-   */

-  if (!v3_addr_canonize(addr))

-    goto err;

-  return addr;

- err:

-  OPENSSL_free(s);

-  sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);

-  return NULL;

-}

-/*

- * OpenSSL dispatch

- */

-const X509V3_EXT_METHOD v3_addr = {

-  NID_sbgp_ipAddrBlock,		/* nid */

-  0,				/* flags */

-  ASN1_ITEM_ref(IPAddrBlocks),	/* template */

-  0, 0, 0, 0,			/* old functions, ignored */

-  0,				/* i2s */

-  0,				/* s2i */

-  0,				/* i2v */

-  v2i_IPAddrBlocks,		/* v2i */

-  i2r_IPAddrBlocks,		/* i2r */

-  0,				/* r2i */

-  NULL				/* extension-specific data */

-};

-/*

- * Figure out whether extension sues inheritance.

- */

-int v3_addr_inherits(IPAddrBlocks *addr)

-{

-  int i;

-  if (addr == NULL)

-    return 0;

-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {

-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);

-    if (f->ipAddressChoice->type == IPAddressChoice_inherit)

-      return 1;

-  }

-  return 0;

-}

-/*

- * Figure out whether parent contains child.

- */

-static int addr_contains(IPAddressOrRanges *parent,

-			 IPAddressOrRanges *child,

-			 int length)

-{

-  unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];

-  unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];

-  int p, c;

-  if (child == NULL || parent == child)

-    return 1;

-  if (parent == NULL)

-    return 0;

-  p = 0;

-  for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {

-    extract_min_max(sk_IPAddressOrRange_value(child, c),

-		    c_min, c_max, length);

-    for (;; p++) {

-      if (p >= sk_IPAddressOrRange_num(parent))

-	return 0;

-      extract_min_max(sk_IPAddressOrRange_value(parent, p),

-		      p_min, p_max, length);

-      if (memcmp(p_max, c_max, length) < 0)

-	continue;

-      if (memcmp(p_min, c_min, length) > 0)

-	return 0;

-      break;

-    }

-  }

-  return 1;

-}

-/*

- * Test whether a is a subset of b.

- */

-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)

-{

-  int i;

-  if (a == NULL || a == b)

-    return 1;

-  if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))

-    return 0;

-  sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);

-  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {

-    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);

-    int j = sk_IPAddressFamily_find(b, fa);

-    IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);

-    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,

-		       fa->ipAddressChoice->u.addressesOrRanges,

-		       length_from_afi(v3_addr_get_afi(fb))))

-      return 0;

-  }

-  return 1;

-}

-/*

- * Validation error handling via callback.

- */

-#define validation_err(_err_)		\

-  do {					\

-    if (ctx != NULL) {			\

-      ctx->error = _err_;		\

-      ctx->error_depth = i;		\

-      ctx->current_cert = x;		\

-      ret = ctx->verify_cb(0, ctx);	\

-    } else {				\

-      ret = 0;				\

-    }					\

-    if (!ret)				\

-      goto done;			\

-  } while (0)

-/*

- * Core code for RFC 3779 2.3 path validation.

- */

-static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,

-					  STACK_OF(X509) *chain,

-					  IPAddrBlocks *ext)

-{

-  IPAddrBlocks *child = NULL;

-  int i, j, ret = 1;

-  X509 *x = NULL;

-  assert(chain != NULL && sk_X509_num(chain) > 0);

-  assert(ctx != NULL || ext != NULL);

-  assert(ctx == NULL || ctx->verify_cb != NULL);

-  /*

-   * Figure out where to start.  If we don't have an extension to

-   * check, we're done.  Otherwise, check canonical form and

-   * set up for walking up the chain.

-   */

-  if (ext != NULL) {

-    i = -1;

-  } else {

-    i = 0;

-    x = sk_X509_value(chain, i);

-    assert(x != NULL);

-    if ((ext = x->rfc3779_addr) == NULL)

-      goto done;

-  }

-  if (!v3_addr_is_canonical(ext))

-    validation_err(X509_V_ERR_INVALID_EXTENSION);

-  sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);

-  if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {

-    X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);

-    ret = 0;

-    goto done;

-  }

-  /*

-   * Now walk up the chain.  No cert may list resources that its

-   * parent doesn't list.

-   */

-  for (i++; i < sk_X509_num(chain); i++) {

-    x = sk_X509_value(chain, i);

-    assert(x != NULL);

-    if (!v3_addr_is_canonical(x->rfc3779_addr))

-      validation_err(X509_V_ERR_INVALID_EXTENSION);

-    if (x->rfc3779_addr == NULL) {

-      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {

-	IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);

-	if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {

-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-	  break;

-	}

-      }

-      continue;

-    }

-    sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);

-    for (j = 0; j < sk_IPAddressFamily_num(child); j++) {

-      IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);

-      int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);

-      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);

-      if (fp == NULL) {

-	if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {

-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-	  break;

-	}

-	continue;

-      }

-      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {

-	if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||

-	    addr_contains(fp->ipAddressChoice->u.addressesOrRanges,

-			  fc->ipAddressChoice->u.addressesOrRanges,

-			  length_from_afi(v3_addr_get_afi(fc))))

-	  sk_IPAddressFamily_set(child, j, fp);

-	else

-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-      }

-    }

-  }

-  /*

-   * Trust anchor can't inherit.

-   */

-  if (x->rfc3779_addr != NULL) {

-    for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {

-      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);

-      if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&

-	  sk_IPAddressFamily_find(child, fp) >= 0)

-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-    }

-  }

- done:

-  sk_IPAddressFamily_free(child);

-  return ret;

-}

-#undef validation_err

-/*

- * RFC 3779 2.3 path validation -- called from X509_verify_cert().

- */

-int v3_addr_validate_path(X509_STORE_CTX *ctx)

-{

-  return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);

-}

-/*

- * RFC 3779 2.3 path validation of an extension.

- * Test whether chain covers extension.

- */

-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,

-				  IPAddrBlocks *ext,

-				  int allow_inheritance)

-{

-  if (ext == NULL)

-    return 1;

-  if (chain == NULL || sk_X509_num(chain) == 0)

-    return 0;

-  if (!allow_inheritance && v3_addr_inherits(ext))

-    return 0;

-  return v3_addr_validate_path_internal(NULL, chain, ext);

-}

-#endif /* OPENSSL_NO_RFC3779 */

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_akey.c

+++ /dev/null

@@ -1,208 +1,0 @@

-/* v3_akey.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

-			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);

-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

-			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

-const X509V3_EXT_METHOD v3_akey_id =

-	{

-	NID_authority_key_identifier,

-	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),

-	0,0,0,0,

-	0,0,

-	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,

-	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,

-	0,0,

-	NULL

-	};

-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

-	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)

-{

-	char *tmp;

-	if(akeyid->keyid) {

-		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);

-		X509V3_add_value("keyid", tmp, &extlist);

-		OPENSSL_free(tmp);

-	}

-	if(akeyid->issuer)

-		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);

-	if(akeyid->serial) {

-		tmp = hex_to_string(akeyid->serial->data,

-						 akeyid->serial->length);

-		X509V3_add_value("serial", tmp, &extlist);

-		OPENSSL_free(tmp);

-	}

-	return extlist;

-}

-/* Currently two options:

- * keyid: use the issuers subject keyid, the value 'always' means its is

- * an error if the issuer certificate doesn't have a key id.

- * issuer: use the issuers cert issuer and serial number. The default is

- * to only use this if keyid is not present. With the option 'always'

- * this is always included.

- */

-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)

-	{

-	char keyid=0, issuer=0;

-	int i;

-	CONF_VALUE *cnf;

-	ASN1_OCTET_STRING *ikeyid = NULL;

-	X509_NAME *isname = NULL;

-	GENERAL_NAMES * gens = NULL;

-	GENERAL_NAME *gen = NULL;

-	ASN1_INTEGER *serial = NULL;

-	X509_EXTENSION *ext;

-	X509 *cert;

-	AUTHORITY_KEYID *akeyid;

-	for(i = 0; i < sk_CONF_VALUE_num(values); i++)

-		{

-		cnf = sk_CONF_VALUE_value(values, i);

-		if(!strcmp(cnf->name, "keyid"))

-			{

-			keyid = 1;

-			if(cnf->value && !strcmp(cnf->value, "always"))

-				keyid = 2;

-			}

-		else if(!strcmp(cnf->name, "issuer"))

-			{

-			issuer = 1;

-			if(cnf->value && !strcmp(cnf->value, "always"))

-				issuer = 2;

-			}

-		else

-			{

-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);

-			ERR_add_error_data(2, "name=", cnf->name);

-			return NULL;

-			}

-		}

-	if(!ctx || !ctx->issuer_cert)

-		{

-		if(ctx && (ctx->flags==CTX_TEST))

-			return AUTHORITY_KEYID_new();

-		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);

-		return NULL;

-		}

-	cert = ctx->issuer_cert;

-	if(keyid)

-		{

-		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);

-		if((i >= 0)  && (ext = X509_get_ext(cert, i)))

-			ikeyid = X509V3_EXT_d2i(ext);

-		if(keyid==2 && !ikeyid)

-			{

-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);

-			return NULL;

-			}

-		}

-	if((issuer && !ikeyid) || (issuer == 2))

-		{

-		isname = X509_NAME_dup(X509_get_issuer_name(cert));

-		serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));

-		if(!isname || !serial)

-			{

-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);

-			goto err;

-			}

-		}

-	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;

-	if(isname)

-		{

-		if(!(gens = sk_GENERAL_NAME_new_null())

-			|| !(gen = GENERAL_NAME_new())

-			|| !sk_GENERAL_NAME_push(gens, gen))

-			{

-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		gen->type = GEN_DIRNAME;

-		gen->d.dirn = isname;

-		}

-	akeyid->issuer = gens;

-	akeyid->serial = serial;

-	akeyid->keyid = ikeyid;

-	return akeyid;

- err:

-	X509_NAME_free(isname);

-	M_ASN1_INTEGER_free(serial);

-	M_ASN1_OCTET_STRING_free(ikeyid);

-	return NULL;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_akeya.c

+++ /dev/null

@@ -1,72 +1,0 @@

-/* v3_akey_asn1.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-ASN1_SEQUENCE(AUTHORITY_KEYID) = {

-	ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),

-	ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),

-	ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)

-} ASN1_SEQUENCE_END(AUTHORITY_KEYID)

-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_alt.c

+++ /dev/null

@@ -1,581 +1,0 @@

-/* v3_alt.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);

-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);

-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

-const X509V3_EXT_METHOD v3_alt[] = {

-{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),

-0,0,0,0,

-0,0,

-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,

-(X509V3_EXT_V2I)v2i_subject_alt,

-NULL, NULL, NULL},

-{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),

-0,0,0,0,

-0,0,

-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,

-(X509V3_EXT_V2I)v2i_issuer_alt,

-NULL, NULL, NULL},

-};

-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,

-		GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)

-{

-	int i;

-	GENERAL_NAME *gen;

-	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {

-		gen = sk_GENERAL_NAME_value(gens, i);

-		ret = i2v_GENERAL_NAME(method, gen, ret);

-	}

-	if(!ret) return sk_CONF_VALUE_new_null();

-	return ret;

-}

-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,

-				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)

-{

-	unsigned char *p;

-	char oline[256], htmp[5];

-	int i;

-	switch (gen->type)

-	{

-		case GEN_OTHERNAME:

-		X509V3_add_value("othername","<unsupported>", &ret);

-		break;

-		case GEN_X400:

-		X509V3_add_value("X400Name","<unsupported>", &ret);

-		break;

-		case GEN_EDIPARTY:

-		X509V3_add_value("EdiPartyName","<unsupported>", &ret);

-		break;

-		case GEN_EMAIL:

-		X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);

-		break;

-		case GEN_DNS:

-		X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);

-		break;

-		case GEN_URI:

-		X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);

-		break;

-		case GEN_DIRNAME:

-		X509_NAME_oneline(gen->d.dirn, oline, 256);

-		X509V3_add_value("DirName",oline, &ret);

-		break;

-		case GEN_IPADD:

-		p = gen->d.ip->data;

-		if(gen->d.ip->length == 4)

-			BIO_snprintf(oline, sizeof oline,

-				     "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);

-		else if(gen->d.ip->length == 16)

-			{

-			oline[0] = 0;

-			for (i = 0; i < 8; i++)

-				{

-				BIO_snprintf(htmp, sizeof htmp,

-					     "%X", p[0] << 8 | p[1]);

-				p += 2;

-				strcat(oline, htmp);

-				if (i != 7)

-					strcat(oline, ":");

-				}

-			}

-		else

-			{

-			X509V3_add_value("IP Address","<invalid>", &ret);

-			break;

-			}

-		X509V3_add_value("IP Address",oline, &ret);

-		break;

-		case GEN_RID:

-		i2t_ASN1_OBJECT(oline, 256, gen->d.rid);

-		X509V3_add_value("Registered ID",oline, &ret);

-		break;

-	}

-	return ret;

-}

-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)

-{

-	unsigned char *p;

-	int i;

-	switch (gen->type)

-	{

-		case GEN_OTHERNAME:

-		BIO_printf(out, "othername:<unsupported>");

-		break;

-		case GEN_X400:

-		BIO_printf(out, "X400Name:<unsupported>");

-		break;

-		case GEN_EDIPARTY:

-		/* Maybe fix this: it is supported now */

-		BIO_printf(out, "EdiPartyName:<unsupported>");

-		break;

-		case GEN_EMAIL:

-		BIO_printf(out, "email:%s",gen->d.ia5->data);

-		break;

-		case GEN_DNS:

-		BIO_printf(out, "DNS:%s",gen->d.ia5->data);

-		break;

-		case GEN_URI:

-		BIO_printf(out, "URI:%s",gen->d.ia5->data);

-		break;

-		case GEN_DIRNAME:

-		BIO_printf(out, "DirName: ");

-		X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);

-		break;

-		case GEN_IPADD:

-		p = gen->d.ip->data;

-		if(gen->d.ip->length == 4)

-			BIO_printf(out, "IP Address:%d.%d.%d.%d",

-						p[0], p[1], p[2], p[3]);

-		else if(gen->d.ip->length == 16)

-			{

-			BIO_printf(out, "IP Address");

-			for (i = 0; i < 8; i++)

-				{

-				BIO_printf(out, ":%X", p[0] << 8 | p[1]);

-				p += 2;

-				}

-			BIO_puts(out, "\n");

-			}

-		else

-			{

-			BIO_printf(out,"IP Address:<invalid>");

-			break;

-			}

-		break;

-		case GEN_RID:

-		BIO_printf(out, "Registered ID");

-		i2a_ASN1_OBJECT(out, gen->d.rid);

-		break;

-	}

-	return 1;

-}

-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,

-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	GENERAL_NAMES *gens = NULL;

-	CONF_VALUE *cnf;

-	int i;

-	if(!(gens = sk_GENERAL_NAME_new_null())) {

-		X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		cnf = sk_CONF_VALUE_value(nval, i);

-		if(!name_cmp(cnf->name, "issuer") && cnf->value &&

-						!strcmp(cnf->value, "copy")) {

-			if(!copy_issuer(ctx, gens)) goto err;

-		} else {

-			GENERAL_NAME *gen;

-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))

-								 goto err;

-			sk_GENERAL_NAME_push(gens, gen);

-		}

-	}

-	return gens;

-	err:

-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);

-	return NULL;

-}

-/* Append subject altname of issuer to issuer alt name of subject */

-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)

-{

-	GENERAL_NAMES *ialt;

-	GENERAL_NAME *gen;

-	X509_EXTENSION *ext;

-	int i;

-	if(ctx && (ctx->flags == CTX_TEST)) return 1;

-	if(!ctx || !ctx->issuer_cert) {

-		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);

-		goto err;

-	}

-        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);

-	if(i < 0) return 1;

-        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||

-                        !(ialt = X509V3_EXT_d2i(ext)) ) {

-		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);

-		goto err;

-	}

-	for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {

-		gen = sk_GENERAL_NAME_value(ialt, i);

-		if(!sk_GENERAL_NAME_push(gens, gen)) {

-			X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-	}

-	sk_GENERAL_NAME_free(ialt);

-	return 1;

-	err:

-	return 0;

-}

-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,

-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	GENERAL_NAMES *gens = NULL;

-	CONF_VALUE *cnf;

-	int i;

-	if(!(gens = sk_GENERAL_NAME_new_null())) {

-		X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		cnf = sk_CONF_VALUE_value(nval, i);

-		if(!name_cmp(cnf->name, "email") && cnf->value &&

-						!strcmp(cnf->value, "copy")) {

-			if(!copy_email(ctx, gens, 0)) goto err;

-		} else if(!name_cmp(cnf->name, "email") && cnf->value &&

-						!strcmp(cnf->value, "move")) {

-			if(!copy_email(ctx, gens, 1)) goto err;

-		} else {

-			GENERAL_NAME *gen;

-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))

-								 goto err;

-			sk_GENERAL_NAME_push(gens, gen);

-		}

-	}

-	return gens;

-	err:

-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);

-	return NULL;

-}

-/* Copy any email addresses in a certificate or request to

- * GENERAL_NAMES

- */

-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)

-{

-	X509_NAME *nm;

-	ASN1_IA5STRING *email = NULL;

-	X509_NAME_ENTRY *ne;

-	GENERAL_NAME *gen = NULL;

-	int i;

-	if(ctx != NULL && ctx->flags == CTX_TEST)

-		return 1;

-	if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {

-		X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);

-		goto err;

-	}

-	/* Find the subject name */

-	if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);

-	else nm = X509_REQ_get_subject_name(ctx->subject_req);

-	/* Now add any email address(es) to STACK */

-	i = -1;

-	while((i = X509_NAME_get_index_by_NID(nm,

-					 NID_pkcs9_emailAddress, i)) >= 0) {

-		ne = X509_NAME_get_entry(nm, i);

-		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));

-                if (move_p)

-                        {

-                        X509_NAME_delete_entry(nm, i);

-                        i--;

-                        }

-		if(!email || !(gen = GENERAL_NAME_new())) {

-			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		gen->d.ia5 = email;

-		email = NULL;

-		gen->type = GEN_EMAIL;

-		if(!sk_GENERAL_NAME_push(gens, gen)) {

-			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		gen = NULL;

-	}

-	return 1;

-	err:

-	GENERAL_NAME_free(gen);

-	M_ASN1_IA5STRING_free(email);

-	return 0;

-}

-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	GENERAL_NAME *gen;

-	GENERAL_NAMES *gens = NULL;

-	CONF_VALUE *cnf;

-	int i;

-	if(!(gens = sk_GENERAL_NAME_new_null())) {

-		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		cnf = sk_CONF_VALUE_value(nval, i);

-		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;

-		sk_GENERAL_NAME_push(gens, gen);

-	}

-	return gens;

-	err:

-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);

-	return NULL;

-}

-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

-							 CONF_VALUE *cnf)

-	{

-	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);

-	}

-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,

-				X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

-						 CONF_VALUE *cnf, int is_nc)

-	{

-	char is_string = 0;

-	int type;

-	GENERAL_NAME *gen = NULL;

-	char *name, *value;

-	name = cnf->name;

-	value = cnf->value;

-	if(!value)

-		{

-		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);

-		return NULL;

-		}

-	if (out)

-		gen = out;

-	else

-		{

-		gen = GENERAL_NAME_new();

-		if(gen == NULL)

-			{

-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);

-			return NULL;

-			}

-		}

-	if(!name_cmp(name, "email"))

-		{

-		is_string = 1;

-		type = GEN_EMAIL;

-		}

-	else if(!name_cmp(name, "URI"))

-		{

-		is_string = 1;

-		type = GEN_URI;

-		}

-	else if(!name_cmp(name, "DNS"))

-		{

-		is_string = 1;

-		type = GEN_DNS;

-		}

-	else if(!name_cmp(name, "RID"))

-		{

-		ASN1_OBJECT *obj;

-		if(!(obj = OBJ_txt2obj(value,0)))

-			{

-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);

-			ERR_add_error_data(2, "value=", value);

-			goto err;

-			}

-		gen->d.rid = obj;

-		type = GEN_RID;

-		}

-	else if(!name_cmp(name, "IP"))

-		{

-		if (is_nc)

-			gen->d.ip = a2i_IPADDRESS_NC(value);

-		else

-			gen->d.ip = a2i_IPADDRESS(value);

-		if(gen->d.ip == NULL)

-			{

-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);

-			ERR_add_error_data(2, "value=", value);

-			goto err;

-			}

-		type = GEN_IPADD;

-		}

-	else if(!name_cmp(name, "dirName"))

-		{

-		type = GEN_DIRNAME;

-		if (!do_dirname(gen, value, ctx))

-			{

-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);

-			goto err;

-			}

-		}

-	else if(!name_cmp(name, "otherName"))

-		{

-		if (!do_othername(gen, value, ctx))

-			{

-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);

-			goto err;

-			}

-		type = GEN_OTHERNAME;

-		}

-	else

-		{

-		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);

-		ERR_add_error_data(2, "name=", name);

-		goto err;

-		}

-	if(is_string)

-		{

-		if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||

-			      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,

-					       strlen(value)))

-			{

-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	gen->type = type;

-	return gen;

-	err:

-	GENERAL_NAME_free(gen);

-	return NULL;

-	}

-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)

-	{

-	char *objtmp = NULL, *p;

-	int objlen;

-	if (!(p = strchr(value, ';')))

-		return 0;

-	if (!(gen->d.otherName = OTHERNAME_new()))

-		return 0;

-	/* Free this up because we will overwrite it.

-	 * no need to free type_id because it is static

-	 */

-	ASN1_TYPE_free(gen->d.otherName->value);

-	if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))

-		return 0;

-	objlen = p - value;

-	objtmp = OPENSSL_malloc(objlen + 1);

-	strncpy(objtmp, value, objlen);

-	objtmp[objlen] = 0;

-	gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);

-	OPENSSL_free(objtmp);

-	if (!gen->d.otherName->type_id)

-		return 0;

-	return 1;

-	}

-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)

-	{

-	int ret;

-	STACK_OF(CONF_VALUE) *sk;

-	X509_NAME *nm;

-	if (!(nm = X509_NAME_new()))

-		return 0;

-	sk = X509V3_get_section(ctx, value);

-	if (!sk)

-		{

-		X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);

-		ERR_add_error_data(2, "section=", value);

-		X509_NAME_free(nm);

-		return 0;

-		}

-	/* FIXME: should allow other character types... */

-	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);

-	if (!ret)

-		X509_NAME_free(nm);

-	gen->d.dirn = nm;

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_asid.c

+++ /dev/null

@@ -1,842 +1,0 @@

-/*

- * Contributed to the OpenSSL Project by the American Registry for

- * Internet Numbers ("ARIN").

- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- */

-/*

- * Implementation of RFC 3779 section 3.2.

- */

-#include <stdio.h>

-#include <string.h>

-#include <assert.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-#include <openssl/x509.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RFC3779

-/*

- * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.

- */

-ASN1_SEQUENCE(ASRange) = {

-  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),

-  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(ASRange)

-ASN1_CHOICE(ASIdOrRange) = {

-  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),

-  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)

-} ASN1_CHOICE_END(ASIdOrRange)

-ASN1_CHOICE(ASIdentifierChoice) = {

-  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),

-  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)

-} ASN1_CHOICE_END(ASIdentifierChoice)

-ASN1_SEQUENCE(ASIdentifiers) = {

-  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),

-  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)

-} ASN1_SEQUENCE_END(ASIdentifiers)

-IMPLEMENT_ASN1_FUNCTIONS(ASRange)

-IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)

-IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)

-IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)

-/*

- * i2r method for an ASIdentifierChoice.

- */

-static int i2r_ASIdentifierChoice(BIO *out,

-				  ASIdentifierChoice *choice,

-				  int indent,

-				  const char *msg)

-{

-  int i;

-  char *s;

-  if (choice == NULL)

-    return 1;

-  BIO_printf(out, "%*s%s:\n", indent, "", msg);

-  switch (choice->type) {

-  case ASIdentifierChoice_inherit:

-    BIO_printf(out, "%*sinherit\n", indent + 2, "");

-    break;

-  case ASIdentifierChoice_asIdsOrRanges:

-    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {

-      ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);

-      switch (aor->type) {

-      case ASIdOrRange_id:

-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)

-	  return 0;

-	BIO_printf(out, "%*s%s\n", indent + 2, "", s);

-	OPENSSL_free(s);

-	break;

-      case ASIdOrRange_range:

-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)

-	  return 0;

-	BIO_printf(out, "%*s%s-", indent + 2, "", s);

-	OPENSSL_free(s);

-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)

-	  return 0;

-	BIO_printf(out, "%s\n", s);

-	OPENSSL_free(s);

-	break;

-      default:

-	return 0;

-      }

-    }

-    break;

-  default:

-    return 0;

-  }

-  return 1;

-}

-/*

- * i2r method for an ASIdentifier extension.

- */

-static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,

-			     void *ext,

-			     BIO *out,

-			     int indent)

-{

-  ASIdentifiers *asid = ext;

-  return (i2r_ASIdentifierChoice(out, asid->asnum, indent,

-				 "Autonomous System Numbers") &&

-	  i2r_ASIdentifierChoice(out, asid->rdi, indent,

-				 "Routing Domain Identifiers"));

-}

-/*

- * Sort comparision function for a sequence of ASIdOrRange elements.

- */

-static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,

-			   const ASIdOrRange * const *b_)

-{

-  const ASIdOrRange *a = *a_, *b = *b_;

-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||

-	 (a->type == ASIdOrRange_range && a->u.range != NULL &&

-	  a->u.range->min != NULL && a->u.range->max != NULL));

-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||

-	 (b->type == ASIdOrRange_range && b->u.range != NULL &&

-	  b->u.range->min != NULL && b->u.range->max != NULL));

-  if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)

-    return ASN1_INTEGER_cmp(a->u.id, b->u.id);

-  if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {

-    int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);

-    return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);

-  }

-  if (a->type == ASIdOrRange_id)

-    return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);

-  else

-    return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);

-}

-/*

- * Add an inherit element.

- */

-int v3_asid_add_inherit(ASIdentifiers *asid, int which)

-{

-  ASIdentifierChoice **choice;

-  if (asid == NULL)

-    return 0;

-  switch (which) {

-  case V3_ASID_ASNUM:

-    choice = &asid->asnum;

-    break;

-  case V3_ASID_RDI:

-    choice = &asid->rdi;

-    break;

-  default:

-    return 0;

-  }

-  if (*choice == NULL) {

-    if ((*choice = ASIdentifierChoice_new()) == NULL)

-      return 0;

-    assert((*choice)->u.inherit == NULL);

-    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)

-      return 0;

-    (*choice)->type = ASIdentifierChoice_inherit;

-  }

-  return (*choice)->type == ASIdentifierChoice_inherit;

-}

-/*

- * Add an ID or range to an ASIdentifierChoice.

- */

-int v3_asid_add_id_or_range(ASIdentifiers *asid,

-			    int which,

-			    ASN1_INTEGER *min,

-			    ASN1_INTEGER *max)

-{

-  ASIdentifierChoice **choice;

-  ASIdOrRange *aor;

-  if (asid == NULL)

-    return 0;

-  switch (which) {

-  case V3_ASID_ASNUM:

-    choice = &asid->asnum;

-    break;

-  case V3_ASID_RDI:

-    choice = &asid->rdi;

-    break;

-  default:

-    return 0;

-  }

-  if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)

-    return 0;

-  if (*choice == NULL) {

-    if ((*choice = ASIdentifierChoice_new()) == NULL)

-      return 0;

-    assert((*choice)->u.asIdsOrRanges == NULL);

-    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);

-    if ((*choice)->u.asIdsOrRanges == NULL)

-      return 0;

-    (*choice)->type = ASIdentifierChoice_asIdsOrRanges;

-  }

-  if ((aor = ASIdOrRange_new()) == NULL)

-    return 0;

-  if (max == NULL) {

-    aor->type = ASIdOrRange_id;

-    aor->u.id = min;

-  } else {

-    aor->type = ASIdOrRange_range;

-    if ((aor->u.range = ASRange_new()) == NULL)

-      goto err;

-    ASN1_INTEGER_free(aor->u.range->min);

-    aor->u.range->min = min;

-    ASN1_INTEGER_free(aor->u.range->max);

-    aor->u.range->max = max;

-  }

-  if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))

-    goto err;

-  return 1;

- err:

-  ASIdOrRange_free(aor);

-  return 0;

-}

-/*

- * Extract min and max values from an ASIdOrRange.

- */

-static void extract_min_max(ASIdOrRange *aor,

-			    ASN1_INTEGER **min,

-			    ASN1_INTEGER **max)

-{

-  assert(aor != NULL && min != NULL && max != NULL);

-  switch (aor->type) {

-  case ASIdOrRange_id:

-    *min = aor->u.id;

-    *max = aor->u.id;

-    return;

-  case ASIdOrRange_range:

-    *min = aor->u.range->min;

-    *max = aor->u.range->max;

-    return;

-  }

-}

-/*

- * Check whether an ASIdentifierChoice is in canonical form.

- */

-static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)

-{

-  ASN1_INTEGER *a_max_plus_one = NULL;

-  BIGNUM *bn = NULL;

-  int i, ret = 0;

-  /*

-   * Empty element or inheritance is canonical.

-   */

-  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)

-    return 1;

-  /*

-   * If not a list, or if empty list, it's broken.

-   */

-  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||

-      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)

-    return 0;

-  /*

-   * It's a list, check it.

-   */

-  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {

-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);

-    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);

-    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;

-    extract_min_max(a, &a_min, &a_max);

-    extract_min_max(b, &b_min, &b_max);

-    /*

-     * Punt misordered list, overlapping start, or inverted range.

-     */

-    if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||

-	ASN1_INTEGER_cmp(a_min, a_max) > 0 ||

-	ASN1_INTEGER_cmp(b_min, b_max) > 0)

-      goto done;

-    /*

-     * Calculate a_max + 1 to check for adjacency.

-     */

-    if ((bn == NULL && (bn = BN_new()) == NULL) ||

-	ASN1_INTEGER_to_BN(a_max, bn) == NULL ||

-	!BN_add_word(bn, 1) ||

-	(a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {

-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,

-		ERR_R_MALLOC_FAILURE);

-      goto done;

-    }

-    /*

-     * Punt if adjacent or overlapping.

-     */

-    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)

-      goto done;

-  }

-  ret = 1;

- done:

-  ASN1_INTEGER_free(a_max_plus_one);

-  BN_free(bn);

-  return ret;

-}

-/*

- * Check whether an ASIdentifier extension is in canonical form.

- */

-int v3_asid_is_canonical(ASIdentifiers *asid)

-{

-  return (asid == NULL ||

-	  (ASIdentifierChoice_is_canonical(asid->asnum) ||

-	   ASIdentifierChoice_is_canonical(asid->rdi)));

-}

-/*

- * Whack an ASIdentifierChoice into canonical form.

- */

-static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)

-{

-  ASN1_INTEGER *a_max_plus_one = NULL;

-  BIGNUM *bn = NULL;

-  int i, ret = 0;

-  /*

-   * Nothing to do for empty element or inheritance.

-   */

-  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)

-    return 1;

-  /*

-   * We have a list.  Sort it.

-   */

-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);

-  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);

-  /*

-   * Now check for errors and suboptimal encoding, rejecting the

-   * former and fixing the latter.

-   */

-  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {

-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);

-    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);

-    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;

-    extract_min_max(a, &a_min, &a_max);

-    extract_min_max(b, &b_min, &b_max);

-    /*

-     * Make sure we're properly sorted (paranoia).

-     */

-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);

-    /*

-     * Check for overlaps.

-     */

-    if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {

-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,

-		X509V3_R_EXTENSION_VALUE_ERROR);

-      goto done;

-    }

-    /*

-     * Calculate a_max + 1 to check for adjacency.

-     */

-    if ((bn == NULL && (bn = BN_new()) == NULL) ||

-	ASN1_INTEGER_to_BN(a_max, bn) == NULL ||

-	!BN_add_word(bn, 1) ||

-	(a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {

-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);

-      goto done;

-    }

-    /*

-     * If a and b are adjacent, merge them.

-     */

-    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {

-      ASRange *r;

-      switch (a->type) {

-      case ASIdOrRange_id:

-	if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {

-	  X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,

-		    ERR_R_MALLOC_FAILURE);

-	  goto done;

-	}

-	r->min = a_min;

-	r->max = b_max;

-	a->type = ASIdOrRange_range;

-	a->u.range = r;

-	break;

-      case ASIdOrRange_range:

-	ASN1_INTEGER_free(a->u.range->max);

-	a->u.range->max = b_max;

-	break;

-      }

-      switch (b->type) {

-      case ASIdOrRange_id:

-	b->u.id = NULL;

-	break;

-      case ASIdOrRange_range:

-	b->u.range->max = NULL;

-	break;

-      }

-      ASIdOrRange_free(b);

-      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);

-      i--;

-      continue;

-    }

-  }

-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */

-  ret = 1;

- done:

-  ASN1_INTEGER_free(a_max_plus_one);

-  BN_free(bn);

-  return ret;

-}

-/*

- * Whack an ASIdentifier extension into canonical form.

- */

-int v3_asid_canonize(ASIdentifiers *asid)

-{

-  return (asid == NULL ||

-	  (ASIdentifierChoice_canonize(asid->asnum) &&

-	   ASIdentifierChoice_canonize(asid->rdi)));

-}

-/*

- * v2i method for an ASIdentifier extension.

- */

-static void *v2i_ASIdentifiers(struct v3_ext_method *method,

-			       struct v3_ext_ctx *ctx,

-			       STACK_OF(CONF_VALUE) *values)

-{

-  ASIdentifiers *asid = NULL;

-  int i;

-  if ((asid = ASIdentifiers_new()) == NULL) {

-    X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

-    return NULL;

-  }

-  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {

-    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);

-    ASN1_INTEGER *min = NULL, *max = NULL;

-    int i1, i2, i3, is_range, which;

-    /*

-     * Figure out whether this is an AS or an RDI.

-     */

-    if (       !name_cmp(val->name, "AS")) {

-      which = V3_ASID_ASNUM;

-    } else if (!name_cmp(val->name, "RDI")) {

-      which = V3_ASID_RDI;

-    } else {

-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);

-      X509V3_conf_err(val);

-      goto err;

-    }

-    /*

-     * Handle inheritance.

-     */

-    if (!strcmp(val->value, "inherit")) {

-      if (v3_asid_add_inherit(asid, which))

-	continue;

-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);

-      X509V3_conf_err(val);

-      goto err;

-    }

-    /*

-     * Number, range, or mistake, pick it apart and figure out which.

-     */

-    i1 = strspn(val->value, "0123456789");

-    if (val->value[i1] == '\0') {

-      is_range = 0;

-    } else {

-      is_range = 1;

-      i2 = i1 + strspn(val->value + i1, " \t");

-      if (val->value[i2] != '-') {

-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);

-	X509V3_conf_err(val);

-	goto err;

-      }

-      i2++;

-      i2 = i2 + strspn(val->value + i2, " \t");

-      i3 = i2 + strspn(val->value + i2, "0123456789");

-      if (val->value[i3] != '\0') {

-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);

-	X509V3_conf_err(val);

-	goto err;

-      }

-    }

-    /*

-     * Syntax is ok, read and add it.

-     */

-    if (!is_range) {

-      if (!X509V3_get_value_int(val, &min)) {

-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

-	goto err;

-      }

-    } else {

-      char *s = BUF_strdup(val->value);

-      if (s == NULL) {

-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

-	goto err;

-      }

-      s[i1] = '\0';

-      min = s2i_ASN1_INTEGER(NULL, s);

-      max = s2i_ASN1_INTEGER(NULL, s + i2);

-      OPENSSL_free(s);

-      if (min == NULL || max == NULL) {

-	ASN1_INTEGER_free(min);

-	ASN1_INTEGER_free(max);

-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

-	goto err;

-      }

-    }

-    if (!v3_asid_add_id_or_range(asid, which, min, max)) {

-      ASN1_INTEGER_free(min);

-      ASN1_INTEGER_free(max);

-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

-      goto err;

-    }

-  }

-  /*

-   * Canonize the result, then we're done.

-   */

-  if (!v3_asid_canonize(asid))

-    goto err;

-  return asid;

- err:

-  ASIdentifiers_free(asid);

-  return NULL;

-}

-/*

- * OpenSSL dispatch.

- */

-const X509V3_EXT_METHOD v3_asid = {

-  NID_sbgp_autonomousSysNum,	/* nid */

-  0,				/* flags */

-  ASN1_ITEM_ref(ASIdentifiers),	/* template */

-  0, 0, 0, 0,			/* old functions, ignored */

-  0,				/* i2s */

-  0,				/* s2i */

-  0,				/* i2v */

-  v2i_ASIdentifiers,		/* v2i */

-  i2r_ASIdentifiers,		/* i2r */

-  0,				/* r2i */

-  NULL				/* extension-specific data */

-};

-/*

- * Figure out whether extension uses inheritance.

- */

-int v3_asid_inherits(ASIdentifiers *asid)

-{

-  return (asid != NULL &&

-	  ((asid->asnum != NULL &&

-	    asid->asnum->type == ASIdentifierChoice_inherit) ||

-	   (asid->rdi != NULL &&

-	    asid->rdi->type == ASIdentifierChoice_inherit)));

-}

-/*

- * Figure out whether parent contains child.

- */

-static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)

-{

-  ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;

-  int p, c;

-  if (child == NULL || parent == child)

-    return 1;

-  if (parent == NULL)

-    return 0;

-  p = 0;

-  for (c = 0; c < sk_ASIdOrRange_num(child); c++) {

-    extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);

-    for (;; p++) {

-      if (p >= sk_ASIdOrRange_num(parent))

-	return 0;

-      extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);

-      if (ASN1_INTEGER_cmp(p_max, c_max) < 0)

-	continue;

-      if (ASN1_INTEGER_cmp(p_min, c_min) > 0)

-	return 0;

-      break;

-    }

-  }

-  return 1;

-}

-/*

- * Test whether a is a subet of b.

- */

-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)

-{

-  return (a == NULL ||

-	  a == b ||

-	  (b != NULL &&

-	   !v3_asid_inherits(a) &&

-	   !v3_asid_inherits(b) &&

-	   asid_contains(b->asnum->u.asIdsOrRanges,

-			 a->asnum->u.asIdsOrRanges) &&

-	   asid_contains(b->rdi->u.asIdsOrRanges,

-			 a->rdi->u.asIdsOrRanges)));

-}

-/*

- * Validation error handling via callback.

- */

-#define validation_err(_err_)		\

-  do {					\

-    if (ctx != NULL) {			\

-      ctx->error = _err_;		\

-      ctx->error_depth = i;		\

-      ctx->current_cert = x;		\

-      ret = ctx->verify_cb(0, ctx);	\

-    } else {				\

-      ret = 0;				\

-    }					\

-    if (!ret)				\

-      goto done;			\

-  } while (0)

-/*

- * Core code for RFC 3779 3.3 path validation.

- */

-static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,

-					  STACK_OF(X509) *chain,

-					  ASIdentifiers *ext)

-{

-  ASIdOrRanges *child_as = NULL, *child_rdi = NULL;

-  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;

-  X509 *x = NULL;

-  assert(chain != NULL && sk_X509_num(chain) > 0);

-  assert(ctx != NULL || ext != NULL);

-  assert(ctx == NULL || ctx->verify_cb != NULL);

-  /*

-   * Figure out where to start.  If we don't have an extension to

-   * check, we're done.  Otherwise, check canonical form and

-   * set up for walking up the chain.

-   */

-  if (ext != NULL) {

-    i = -1;

-  } else {

-    i = 0;

-    x = sk_X509_value(chain, i);

-    assert(x != NULL);

-    if ((ext = x->rfc3779_asid) == NULL)

-      goto done;

-  }

-  if (!v3_asid_is_canonical(ext))

-    validation_err(X509_V_ERR_INVALID_EXTENSION);

-  if (ext->asnum != NULL)  {

-    switch (ext->asnum->type) {

-    case ASIdentifierChoice_inherit:

-      inherit_as = 1;

-      break;

-    case ASIdentifierChoice_asIdsOrRanges:

-      child_as = ext->asnum->u.asIdsOrRanges;

-      break;

-    }

-  }

-  if (ext->rdi != NULL) {

-    switch (ext->rdi->type) {

-    case ASIdentifierChoice_inherit:

-      inherit_rdi = 1;

-      break;

-    case ASIdentifierChoice_asIdsOrRanges:

-      child_rdi = ext->rdi->u.asIdsOrRanges;

-      break;

-    }

-  }

-  /*

-   * Now walk up the chain.  Extensions must be in canonical form, no

-   * cert may list resources that its parent doesn't list.

-   */

-  for (i++; i < sk_X509_num(chain); i++) {

-    x = sk_X509_value(chain, i);

-    assert(x != NULL);

-    if (x->rfc3779_asid == NULL) {

-      if (child_as != NULL || child_rdi != NULL)

-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-      continue;

-    }

-    if (!v3_asid_is_canonical(x->rfc3779_asid))

-      validation_err(X509_V_ERR_INVALID_EXTENSION);

-    if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {

-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-      child_as = NULL;

-      inherit_as = 0;

-    }

-    if (x->rfc3779_asid->asnum != NULL &&

-	x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {

-      if (inherit_as ||

-	  asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {

-	child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;

-	inherit_as = 0;

-      } else {

-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-      }

-    }

-    if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {

-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-      child_rdi = NULL;

-      inherit_rdi = 0;

-    }

-    if (x->rfc3779_asid->rdi != NULL &&

-	x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {

-      if (inherit_rdi ||

-	  asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {

-	child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;

-	inherit_rdi = 0;

-      } else {

-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-      }

-    }

-  }

-  /*

-   * Trust anchor can't inherit.

-   */

-  if (x->rfc3779_asid != NULL) {

-    if (x->rfc3779_asid->asnum != NULL &&

-	x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)

-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-    if (x->rfc3779_asid->rdi != NULL &&

-	x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)

-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);

-  }

- done:

-  return ret;

-}

-#undef validation_err

-/*

- * RFC 3779 3.3 path validation -- called from X509_verify_cert().

- */

-int v3_asid_validate_path(X509_STORE_CTX *ctx)

-{

-  return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);

-}

-/*

- * RFC 3779 3.3 path validation of an extension.

- * Test whether chain covers extension.

- */

-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,

-				  ASIdentifiers *ext,

-				  int allow_inheritance)

-{

-  if (ext == NULL)

-    return 1;

-  if (chain == NULL || sk_X509_num(chain) == 0)

-    return 0;

-  if (!allow_inheritance && v3_asid_inherits(ext))

-    return 0;

-  return v3_asid_validate_path_internal(NULL, chain, ext);

-}

-#endif /* OPENSSL_NO_RFC3779 */

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_bcons.c

+++ /dev/null

@@ -1,124 +1,0 @@

-/* v3_bcons.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);

-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

-const X509V3_EXT_METHOD v3_bcons = {

-NID_basic_constraints, 0,

-ASN1_ITEM_ref(BASIC_CONSTRAINTS),

-0,0,0,0,

-0,0,

-(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,

-(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,

-NULL,NULL,

-NULL

-};

-ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {

-	ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),

-	ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)

-IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)

-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,

-	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)

-{

-	X509V3_add_value_bool("CA", bcons->ca, &extlist);

-	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);

-	return extlist;

-}

-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)

-{

-	BASIC_CONSTRAINTS *bcons=NULL;

-	CONF_VALUE *val;

-	int i;

-	if(!(bcons = BASIC_CONSTRAINTS_new())) {

-		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {

-		val = sk_CONF_VALUE_value(values, i);

-		if(!strcmp(val->name, "CA")) {

-			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;

-		} else if(!strcmp(val->name, "pathlen")) {

-			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;

-		} else {

-			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);

-			X509V3_conf_err(val);

-			goto err;

-		}

-	}

-	return bcons;

-	err:

-	BASIC_CONSTRAINTS_free(bcons);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_bitst.c

+++ /dev/null

@@ -1,141 +1,0 @@

-/* v3_bitst.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static BIT_STRING_BITNAME ns_cert_type_table[] = {

-{0, "SSL Client", "client"},

-{1, "SSL Server", "server"},

-{2, "S/MIME", "email"},

-{3, "Object Signing", "objsign"},

-{4, "Unused", "reserved"},

-{5, "SSL CA", "sslCA"},

-{6, "S/MIME CA", "emailCA"},

-{7, "Object Signing CA", "objCA"},

-{-1, NULL, NULL}

-};

-static BIT_STRING_BITNAME key_usage_type_table[] = {

-{0, "Digital Signature", "digitalSignature"},

-{1, "Non Repudiation", "nonRepudiation"},

-{2, "Key Encipherment", "keyEncipherment"},

-{3, "Data Encipherment", "dataEncipherment"},

-{4, "Key Agreement", "keyAgreement"},

-{5, "Certificate Sign", "keyCertSign"},

-{6, "CRL Sign", "cRLSign"},

-{7, "Encipher Only", "encipherOnly"},

-{8, "Decipher Only", "decipherOnly"},

-{-1, NULL, NULL}

-};

-const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);

-const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);

-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,

-	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)

-{

-	BIT_STRING_BITNAME *bnam;

-	for(bnam =method->usr_data; bnam->lname; bnam++) {

-		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))

-			X509V3_add_value(bnam->lname, NULL, &ret);

-	}

-	return ret;

-}

-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	CONF_VALUE *val;

-	ASN1_BIT_STRING *bs;

-	int i;

-	BIT_STRING_BITNAME *bnam;

-	if(!(bs = M_ASN1_BIT_STRING_new())) {

-		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		val = sk_CONF_VALUE_value(nval, i);

-		for(bnam = method->usr_data; bnam->lname; bnam++) {

-			if(!strcmp(bnam->sname, val->name) ||

-				!strcmp(bnam->lname, val->name) ) {

-				if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {

-					X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,

-						ERR_R_MALLOC_FAILURE);

-					M_ASN1_BIT_STRING_free(bs);

-					return NULL;

-				}

-				break;

-			}

-		}

-		if(!bnam->lname) {

-			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,

-					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);

-			X509V3_conf_err(val);

-			M_ASN1_BIT_STRING_free(bs);

-			return NULL;

-		}

-	}

-	return bs;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_conf.c

+++ /dev/null

@@ -1,524 +1,0 @@

-/* v3_conf.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* extension creation utilities */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-static int v3_check_critical(char **value);

-static int v3_check_generic(char **value);

-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);

-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);

-static char *conf_lhash_get_string(void *db, char *section, char *value);

-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);

-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,

-						 int crit, void *ext_struc);

-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);

-/* CONF *conf:  Config file    */

-/* char *name:  Name    */

-/* char *value:  Value    */

-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,

-	     char *value)

-	{

-	int crit;

-	int ext_type;

-	X509_EXTENSION *ret;

-	crit = v3_check_critical(&value);

-	if ((ext_type = v3_check_generic(&value)))

-		return v3_generic_extension(name, value, crit, ext_type, ctx);

-	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);

-	if (!ret)

-		{

-		X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);

-		ERR_add_error_data(4,"name=", name, ", value=", value);

-		}

-	return ret;

-	}

-/* CONF *conf:  Config file    */

-/* char *value:  Value    */

-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,

-	     char *value)

-	{

-	int crit;

-	int ext_type;

-	crit = v3_check_critical(&value);

-	if ((ext_type = v3_check_generic(&value)))

-		return v3_generic_extension(OBJ_nid2sn(ext_nid),

-						 value, crit, ext_type, ctx);

-	return do_ext_nconf(conf, ctx, ext_nid, crit, value);

-	}

-/* CONF *conf:  Config file    */

-/* char *value:  Value    */

-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,

-	     int crit, char *value)

-	{

-	X509V3_EXT_METHOD *method;

-	X509_EXTENSION *ext;

-	STACK_OF(CONF_VALUE) *nval;

-	void *ext_struc;

-	if (ext_nid == NID_undef)

-		{

-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);

-		return NULL;

-		}

-	if (!(method = X509V3_EXT_get_nid(ext_nid)))

-		{

-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);

-		return NULL;

-		}

-	/* Now get internal extension representation based on type */

-	if (method->v2i)

-		{

-		if(*value == '@') nval = NCONF_get_section(conf, value + 1);

-		else nval = X509V3_parse_list(value);

-		if(sk_CONF_VALUE_num(nval) <= 0)

-			{

-			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);

-			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);

-			return NULL;

-			}

-		ext_struc = method->v2i(method, ctx, nval);

-		if(*value != '@') sk_CONF_VALUE_pop_free(nval,

-							 X509V3_conf_free);

-		if(!ext_struc) return NULL;

-		}

-	else if(method->s2i)

-		{

-		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;

-		}

-	else if(method->r2i)

-		{

-		if(!ctx->db || !ctx->db_meth)

-			{

-			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);

-			return NULL;

-			}

-		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;

-		}

-	else

-		{

-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);

-		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));

-		return NULL;

-		}

-	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);

-	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));

-	else method->ext_free(ext_struc);

-	return ext;

-	}

-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,

-						 int crit, void *ext_struc)

-	{

-	unsigned char *ext_der;

-	int ext_len;

-	ASN1_OCTET_STRING *ext_oct;

-	X509_EXTENSION *ext;

-	/* Convert internal representation to DER */

-	if (method->it)

-		{

-		ext_der = NULL;

-		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));

-		if (ext_len < 0) goto merr;

-		}

-	 else

-		{

-		unsigned char *p;

-		ext_len = method->i2d(ext_struc, NULL);

-		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;

-		p = ext_der;

-		method->i2d(ext_struc, &p);

-		}

-	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;

-	ext_oct->data = ext_der;

-	ext_oct->length = ext_len;

-	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);

-	if (!ext) goto merr;

-	M_ASN1_OCTET_STRING_free(ext_oct);

-	return ext;

-	merr:

-	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);

-	return NULL;

-	}

-/* Given an internal structure, nid and critical flag create an extension */

-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)

-	{

-	X509V3_EXT_METHOD *method;

-	if (!(method = X509V3_EXT_get_nid(ext_nid))) {

-		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);

-		return NULL;

-	}

-	return do_ext_i2d(method, ext_nid, crit, ext_struc);

-}

-/* Check the extension string for critical flag */

-static int v3_check_critical(char **value)

-{

-	char *p = *value;

-	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;

-	p+=9;

-	while(isspace((unsigned char)*p)) p++;

-	*value = p;

-	return 1;

-}

-/* Check extension string for generic extension and return the type */

-static int v3_check_generic(char **value)

-{

-	int gen_type = 0;

-	char *p = *value;

-	if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))

-		{

-		p+=4;

-		gen_type = 1;

-		}

-	else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))

-		{

-		p+=5;

-		gen_type = 2;

-		}

-	else

-		return 0;

-	while (isspace((unsigned char)*p)) p++;

-	*value = p;

-	return gen_type;

-}

-/* Create a generic extension: for now just handle DER type */

-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,

-	     int crit, int gen_type, X509V3_CTX *ctx)

-	{

-	unsigned char *ext_der=NULL;

-	long ext_len;

-	ASN1_OBJECT *obj=NULL;

-	ASN1_OCTET_STRING *oct=NULL;

-	X509_EXTENSION *extension=NULL;

-	if (!(obj = OBJ_txt2obj(ext, 0)))

-		{

-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);

-		ERR_add_error_data(2, "name=", ext);

-		goto err;

-		}

-	if (gen_type == 1)

-		ext_der = string_to_hex(value, &ext_len);

-	else if (gen_type == 2)

-		ext_der = generic_asn1(value, ctx, &ext_len);

-	if (ext_der == NULL)

-		{

-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);

-		ERR_add_error_data(2, "value=", value);

-		goto err;

-		}

-	if (!(oct = M_ASN1_OCTET_STRING_new()))

-		{

-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	oct->data = ext_der;

-	oct->length = ext_len;

-	ext_der = NULL;

-	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);

-	err:

-	ASN1_OBJECT_free(obj);

-	M_ASN1_OCTET_STRING_free(oct);

-	if(ext_der) OPENSSL_free(ext_der);

-	return extension;

-	}

-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)

-	{

-	ASN1_TYPE *typ;

-	unsigned char *ext_der = NULL;

-	typ = ASN1_generate_v3(value, ctx);

-	if (typ == NULL)

-		return NULL;

-	*ext_len = i2d_ASN1_TYPE(typ, &ext_der);

-	ASN1_TYPE_free(typ);

-	return ext_der;

-	}

-/* This is the main function: add a bunch of extensions based on a config file

- * section to an extension STACK.

- */

-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,

-	     STACK_OF(X509_EXTENSION) **sk)

-	{

-	X509_EXTENSION *ext;

-	STACK_OF(CONF_VALUE) *nval;

-	CONF_VALUE *val;

-	int i;

-	if (!(nval = NCONF_get_section(conf, section))) return 0;

-	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)

-		{

-		val = sk_CONF_VALUE_value(nval, i);

-		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))

-								return 0;

-		if (sk) X509v3_add_ext(sk, ext, -1);

-		X509_EXTENSION_free(ext);

-		}

-	return 1;

-	}

-/* Convenience functions to add extensions to a certificate, CRL and request */

-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

-	     X509 *cert)

-	{

-	STACK_OF(X509_EXTENSION) **sk = NULL;

-	if (cert)

-		sk = &cert->cert_info->extensions;

-	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

-	}

-/* Same as above but for a CRL */

-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

-	     X509_CRL *crl)

-	{

-	STACK_OF(X509_EXTENSION) **sk = NULL;

-	if (crl)

-		sk = &crl->crl->extensions;

-	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

-	}

-/* Add extensions to certificate request */

-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

-	     X509_REQ *req)

-	{

-	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;

-	int i;

-	if (req)

-		sk = &extlist;

-	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

-	if (!i || !sk)

-		return i;

-	i = X509_REQ_add_extensions(req, extlist);

-	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);

-	return i;

-	}

-/* Config database functions */

-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)

-	{

-	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)

-		{

-		X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);

-		return NULL;

-		}

-	if (ctx->db_meth->get_string)

-			return ctx->db_meth->get_string(ctx->db, name, section);

-	return NULL;

-	}

-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)

-	{

-	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)

-		{

-		X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);

-		return NULL;

-		}

-	if (ctx->db_meth->get_section)

-			return ctx->db_meth->get_section(ctx->db, section);

-	return NULL;

-	}

-void X509V3_string_free(X509V3_CTX *ctx, char *str)

-	{

-	if (!str) return;

-	if (ctx->db_meth->free_string)

-			ctx->db_meth->free_string(ctx->db, str);

-	}

-void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)

-	{

-	if (!section) return;

-	if (ctx->db_meth->free_section)

-			ctx->db_meth->free_section(ctx->db, section);

-	}

-static char *nconf_get_string(void *db, char *section, char *value)

-	{

-	return NCONF_get_string(db, section, value);

-	}

-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)

-	{

-	return NCONF_get_section(db, section);

-	}

-static X509V3_CONF_METHOD nconf_method = {

-nconf_get_string,

-nconf_get_section,

-NULL,

-NULL

-};

-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)

-	{

-	ctx->db_meth = &nconf_method;

-	ctx->db = conf;

-	}

-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,

-	     X509_CRL *crl, int flags)

-	{

-	ctx->issuer_cert = issuer;

-	ctx->subject_cert = subj;

-	ctx->crl = crl;

-	ctx->subject_req = req;

-	ctx->flags = flags;

-	}

-/* Old conf compatibility functions */

-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,

-	     char *value)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	return X509V3_EXT_nconf(&ctmp, ctx, name, value);

-	}

-/* LHASH *conf:  Config file    */

-/* char *value:  Value    */

-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,

-	     char *value)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);

-	}

-static char *conf_lhash_get_string(void *db, char *section, char *value)

-	{

-	return CONF_get_string(db, section, value);

-	}

-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)

-	{

-	return CONF_get_section(db, section);

-	}

-static X509V3_CONF_METHOD conf_lhash_method = {

-conf_lhash_get_string,

-conf_lhash_get_section,

-NULL,

-NULL

-};

-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)

-	{

-	ctx->db_meth = &conf_lhash_method;

-	ctx->db = lhash;

-	}

-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,

-	     X509 *cert)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);

-	}

-/* Same as above but for a CRL */

-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,

-	     X509_CRL *crl)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);

-	}

-/* Add extensions to certificate request */

-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,

-	     X509_REQ *req)

-	{

-	CONF ctmp;

-	CONF_set_nconf(&ctmp, conf);

-	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_cpols.c

+++ /dev/null

@@ -1,449 +1,0 @@

-/* v3_cpols.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-#include "pcy_int.h"

-/* Certificate policies extension support: this one is a bit complex... */

-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);

-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);

-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);

-static void print_notice(BIO *out, USERNOTICE *notice, int indent);

-static POLICYINFO *policy_section(X509V3_CTX *ctx,

-				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);

-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,

-					STACK_OF(CONF_VALUE) *unot, int ia5org);

-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

-const X509V3_EXT_METHOD v3_cpols = {

-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),

-0,0,0,0,

-0,0,

-0,0,

-(X509V3_EXT_I2R)i2r_certpol,

-(X509V3_EXT_R2I)r2i_certpol,

-NULL

-};

-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)

-ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)

-IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)

-ASN1_SEQUENCE(POLICYINFO) = {

-	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),

-	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)

-} ASN1_SEQUENCE_END(POLICYINFO)

-IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)

-ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);

-ASN1_ADB(POLICYQUALINFO) = {

-	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),

-	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))

-} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);

-ASN1_SEQUENCE(POLICYQUALINFO) = {

-	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),

-	ASN1_ADB_OBJECT(POLICYQUALINFO)

-} ASN1_SEQUENCE_END(POLICYQUALINFO)

-IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)

-ASN1_SEQUENCE(USERNOTICE) = {

-	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),

-	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)

-} ASN1_SEQUENCE_END(USERNOTICE)

-IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)

-ASN1_SEQUENCE(NOTICEREF) = {

-	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),

-	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(NOTICEREF)

-IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)

-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,

-		X509V3_CTX *ctx, char *value)

-{

-	STACK_OF(POLICYINFO) *pols = NULL;

-	char *pstr;

-	POLICYINFO *pol;

-	ASN1_OBJECT *pobj;

-	STACK_OF(CONF_VALUE) *vals;

-	CONF_VALUE *cnf;

-	int i, ia5org;

-	pols = sk_POLICYINFO_new_null();

-	if (pols == NULL) {

-		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	vals =  X509V3_parse_list(value);

-	if (vals == NULL) {

-		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);

-		goto err;

-	}

-	ia5org = 0;

-	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {

-		cnf = sk_CONF_VALUE_value(vals, i);

-		if(cnf->value || !cnf->name ) {

-			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);

-			X509V3_conf_err(cnf);

-			goto err;

-		}

-		pstr = cnf->name;

-		if(!strcmp(pstr,"ia5org")) {

-			ia5org = 1;

-			continue;

-		} else if(*pstr == '@') {

-			STACK_OF(CONF_VALUE) *polsect;

-			polsect = X509V3_get_section(ctx, pstr + 1);

-			if(!polsect) {

-				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);

-				X509V3_conf_err(cnf);

-				goto err;

-			}

-			pol = policy_section(ctx, polsect, ia5org);

-			X509V3_section_free(ctx, polsect);

-			if(!pol) goto err;

-		} else {

-			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {

-				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);

-				X509V3_conf_err(cnf);

-				goto err;

-			}

-			pol = POLICYINFO_new();

-			pol->policyid = pobj;

-		}

-		sk_POLICYINFO_push(pols, pol);

-	}

-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

-	return pols;

-	err:

-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

-	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);

-	return NULL;

-}

-static POLICYINFO *policy_section(X509V3_CTX *ctx,

-				STACK_OF(CONF_VALUE) *polstrs, int ia5org)

-{

-	int i;

-	CONF_VALUE *cnf;

-	POLICYINFO *pol;

-	POLICYQUALINFO *qual;

-	if(!(pol = POLICYINFO_new())) goto merr;

-	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {

-		cnf = sk_CONF_VALUE_value(polstrs, i);

-		if(!strcmp(cnf->name, "policyIdentifier")) {

-			ASN1_OBJECT *pobj;

-			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {

-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);

-				X509V3_conf_err(cnf);

-				goto err;

-			}

-			pol->policyid = pobj;

-		} else if(!name_cmp(cnf->name, "CPS")) {

-			if(!pol->qualifiers) pol->qualifiers =

-						 sk_POLICYQUALINFO_new_null();

-			if(!(qual = POLICYQUALINFO_new())) goto merr;

-			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))

-								 goto merr;

-			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);

-			qual->d.cpsuri = M_ASN1_IA5STRING_new();

-			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,

-						 strlen(cnf->value))) goto merr;

-		} else if(!name_cmp(cnf->name, "userNotice")) {

-			STACK_OF(CONF_VALUE) *unot;

-			if(*cnf->value != '@') {

-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);

-				X509V3_conf_err(cnf);

-				goto err;

-			}

-			unot = X509V3_get_section(ctx, cnf->value + 1);

-			if(!unot) {

-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);

-				X509V3_conf_err(cnf);

-				goto err;

-			}

-			qual = notice_section(ctx, unot, ia5org);

-			X509V3_section_free(ctx, unot);

-			if(!qual) goto err;

-			if(!pol->qualifiers) pol->qualifiers =

-						 sk_POLICYQUALINFO_new_null();

-			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))

-								 goto merr;

-		} else {

-			X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);

-			X509V3_conf_err(cnf);

-			goto err;

-		}

-	}

-	if(!pol->policyid) {

-		X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);

-		goto err;

-	}

-	return pol;

-	merr:

-	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);

-	err:

-	POLICYINFO_free(pol);

-	return NULL;

-}

-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,

-					STACK_OF(CONF_VALUE) *unot, int ia5org)

-{

-	int i, ret;

-	CONF_VALUE *cnf;

-	USERNOTICE *not;

-	POLICYQUALINFO *qual;

-	if(!(qual = POLICYQUALINFO_new())) goto merr;

-	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);

-	if(!(not = USERNOTICE_new())) goto merr;

-	qual->d.usernotice = not;

-	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {

-		cnf = sk_CONF_VALUE_value(unot, i);

-		if(!strcmp(cnf->name, "explicitText")) {

-			not->exptext = M_ASN1_VISIBLESTRING_new();

-			if(!ASN1_STRING_set(not->exptext, cnf->value,

-						 strlen(cnf->value))) goto merr;

-		} else if(!strcmp(cnf->name, "organization")) {

-			NOTICEREF *nref;

-			if(!not->noticeref) {

-				if(!(nref = NOTICEREF_new())) goto merr;

-				not->noticeref = nref;

-			} else nref = not->noticeref;

-			if(ia5org) nref->organization->type = V_ASN1_IA5STRING;

-			else nref->organization->type = V_ASN1_VISIBLESTRING;

-			if(!ASN1_STRING_set(nref->organization, cnf->value,

-						 strlen(cnf->value))) goto merr;

-		} else if(!strcmp(cnf->name, "noticeNumbers")) {

-			NOTICEREF *nref;

-			STACK_OF(CONF_VALUE) *nos;

-			if(!not->noticeref) {

-				if(!(nref = NOTICEREF_new())) goto merr;

-				not->noticeref = nref;

-			} else nref = not->noticeref;

-			nos = X509V3_parse_list(cnf->value);

-			if(!nos || !sk_CONF_VALUE_num(nos)) {

-				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);

-				X509V3_conf_err(cnf);

-				goto err;

-			}

-			ret = nref_nos(nref->noticenos, nos);

-			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);

-			if (!ret)

-				goto err;

-		} else {

-			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);

-			X509V3_conf_err(cnf);

-			goto err;

-		}

-	}

-	if(not->noticeref &&

-	      (!not->noticeref->noticenos || !not->noticeref->organization)) {

-			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);

-			goto err;

-	}

-	return qual;

-	merr:

-	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);

-	err:

-	POLICYQUALINFO_free(qual);

-	return NULL;

-}

-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)

-{

-	CONF_VALUE *cnf;

-	ASN1_INTEGER *aint;

-	int i;

-	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {

-		cnf = sk_CONF_VALUE_value(nos, i);

-		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {

-			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);

-			goto err;

-		}

-		if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;

-	}

-	return 1;

-	merr:

-	X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE);

-	err:

-	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);

-	return 0;

-}

-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,

-		BIO *out, int indent)

-{

-	int i;

-	POLICYINFO *pinfo;

-	/* First print out the policy OIDs */

-	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {

-		pinfo = sk_POLICYINFO_value(pol, i);

-		BIO_printf(out, "%*sPolicy: ", indent, "");

-		i2a_ASN1_OBJECT(out, pinfo->policyid);

-		BIO_puts(out, "\n");

-		if(pinfo->qualifiers)

-			 print_qualifiers(out, pinfo->qualifiers, indent + 2);

-	}

-	return 1;

-}

-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,

-		int indent)

-{

-	POLICYQUALINFO *qualinfo;

-	int i;

-	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {

-		qualinfo = sk_POLICYQUALINFO_value(quals, i);

-		switch(OBJ_obj2nid(qualinfo->pqualid))

-		{

-			case NID_id_qt_cps:

-			BIO_printf(out, "%*sCPS: %s\n", indent, "",

-						qualinfo->d.cpsuri->data);

-			break;

-			case NID_id_qt_unotice:

-			BIO_printf(out, "%*sUser Notice:\n", indent, "");

-			print_notice(out, qualinfo->d.usernotice, indent + 2);

-			break;

-			default:

-			BIO_printf(out, "%*sUnknown Qualifier: ",

-							 indent + 2, "");

-			i2a_ASN1_OBJECT(out, qualinfo->pqualid);

-			BIO_puts(out, "\n");

-			break;

-		}

-	}

-}

-static void print_notice(BIO *out, USERNOTICE *notice, int indent)

-{

-	int i;

-	if(notice->noticeref) {

-		NOTICEREF *ref;

-		ref = notice->noticeref;

-		BIO_printf(out, "%*sOrganization: %s\n", indent, "",

-						 ref->organization->data);

-		BIO_printf(out, "%*sNumber%s: ", indent, "",

-			   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");

-		for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {

-			ASN1_INTEGER *num;

-			char *tmp;

-			num = sk_ASN1_INTEGER_value(ref->noticenos, i);

-			if(i) BIO_puts(out, ", ");

-			tmp = i2s_ASN1_INTEGER(NULL, num);

-			BIO_puts(out, tmp);

-			OPENSSL_free(tmp);

-		}

-		BIO_puts(out, "\n");

-	}

-	if(notice->exptext)

-		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",

-							 notice->exptext->data);

-}

-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)

-	{

-	const X509_POLICY_DATA *dat = node->data;

-	BIO_printf(out, "%*sPolicy: ", indent, "");

-	i2a_ASN1_OBJECT(out, dat->valid_policy);

-	BIO_puts(out, "\n");

-	BIO_printf(out, "%*s%s\n", indent + 2, "",

-		node_data_critical(dat) ? "Critical" : "Non Critical");

-	if (dat->qualifier_set)

-		print_qualifiers(out, dat->qualifier_set, indent + 2);

-	else

-		BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_crld.c

+++ /dev/null

@@ -1,162 +1,0 @@

-/* v3_crld.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,

-		STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);

-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-const X509V3_EXT_METHOD v3_crld = {

-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),

-0,0,0,0,

-0,0,

-(X509V3_EXT_I2V)i2v_crld,

-(X509V3_EXT_V2I)v2i_crld,

-0,0,

-NULL

-};

-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,

-			STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)

-{

-	DIST_POINT *point;

-	int i;

-	for(i = 0; i < sk_DIST_POINT_num(crld); i++) {

-		point = sk_DIST_POINT_value(crld, i);

-		if(point->distpoint) {

-			if(point->distpoint->type == 0)

-				exts = i2v_GENERAL_NAMES(NULL,

-					 point->distpoint->name.fullname, exts);

-		        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);

-		}

-		if(point->reasons)

-			X509V3_add_value("reasons","<UNSUPPORTED>", &exts);

-		if(point->CRLissuer)

-			X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);

-	}

-	return exts;

-}

-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	STACK_OF(DIST_POINT) *crld = NULL;

-	GENERAL_NAMES *gens = NULL;

-	GENERAL_NAME *gen = NULL;

-	CONF_VALUE *cnf;

-	int i;

-	if(!(crld = sk_DIST_POINT_new_null())) goto merr;

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		DIST_POINT *point;

-		cnf = sk_CONF_VALUE_value(nval, i);

-		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;

-		if(!(gens = GENERAL_NAMES_new())) goto merr;

-		if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;

-		gen = NULL;

-		if(!(point = DIST_POINT_new())) goto merr;

-		if(!sk_DIST_POINT_push(crld, point)) {

-			DIST_POINT_free(point);

-			goto merr;

-		}

-		if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;

-		point->distpoint->name.fullname = gens;

-		point->distpoint->type = 0;

-		gens = NULL;

-	}

-	return crld;

-	merr:

-	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);

-	err:

-	GENERAL_NAME_free(gen);

-	GENERAL_NAMES_free(gens);

-	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);

-	return NULL;

-}

-IMPLEMENT_STACK_OF(DIST_POINT)

-IMPLEMENT_ASN1_SET_OF(DIST_POINT)

-ASN1_CHOICE(DIST_POINT_NAME) = {

-	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),

-	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)

-} ASN1_CHOICE_END(DIST_POINT_NAME)

-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)

-ASN1_SEQUENCE(DIST_POINT) = {

-	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),

-	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),

-	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)

-} ASN1_SEQUENCE_END(DIST_POINT)

-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)

-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)

-ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)

-IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_enum.c

+++ /dev/null

@@ -1,94 +1,0 @@

-/* v3_enum.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509v3.h>

-static ENUMERATED_NAMES crl_reasons[] = {

-{0, "Unspecified", "unspecified"},

-{1, "Key Compromise", "keyCompromise"},

-{2, "CA Compromise", "CACompromise"},

-{3, "Affiliation Changed", "affiliationChanged"},

-{4, "Superseded", "superseded"},

-{5, "Cessation Of Operation", "cessationOfOperation"},

-{6, "Certificate Hold", "certificateHold"},

-{8, "Remove From CRL", "removeFromCRL"},

-{-1, NULL, NULL}

-};

-const X509V3_EXT_METHOD v3_crl_reason = {

-NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),

-0,0,0,0,

-(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,

-0,

-0,0,0,0,

-crl_reasons};

-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,

-	     ASN1_ENUMERATED *e)

-{

-	ENUMERATED_NAMES *enam;

-	long strval;

-	strval = ASN1_ENUMERATED_get(e);

-	for(enam = method->usr_data; enam->lname; enam++) {

-		if(strval == enam->bitnum) return BUF_strdup(enam->lname);

-	}

-	return i2s_ASN1_ENUMERATED(method, e);

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_extku.c

+++ /dev/null

@@ -1,142 +1,0 @@

-/* v3_extku.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,

-		void *eku, STACK_OF(CONF_VALUE) *extlist);

-const X509V3_EXT_METHOD v3_ext_ku = {

-	NID_ext_key_usage, 0,

-	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),

-	0,0,0,0,

-	0,0,

-	i2v_EXTENDED_KEY_USAGE,

-	v2i_EXTENDED_KEY_USAGE,

-	0,0,

-	NULL

-};

-/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */

-const X509V3_EXT_METHOD v3_ocsp_accresp = {

-	NID_id_pkix_OCSP_acceptableResponses, 0,

-	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),

-	0,0,0,0,

-	0,0,

-	i2v_EXTENDED_KEY_USAGE,

-	v2i_EXTENDED_KEY_USAGE,

-	0,0,

-	NULL

-};

-ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)

-ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)

-IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)

-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,

-		void *a, STACK_OF(CONF_VALUE) *ext_list)

-{

-	EXTENDED_KEY_USAGE *eku = a;

-	int i;

-	ASN1_OBJECT *obj;

-	char obj_tmp[80];

-	for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {

-		obj = sk_ASN1_OBJECT_value(eku, i);

-		i2t_ASN1_OBJECT(obj_tmp, 80, obj);

-		X509V3_add_value(NULL, obj_tmp, &ext_list);

-	}

-	return ext_list;

-}

-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	EXTENDED_KEY_USAGE *extku;

-	char *extval;

-	ASN1_OBJECT *objtmp;

-	CONF_VALUE *val;

-	int i;

-	if(!(extku = sk_ASN1_OBJECT_new_null())) {

-		X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		val = sk_CONF_VALUE_value(nval, i);

-		if(val->value) extval = val->value;

-		else extval = val->name;

-		if(!(objtmp = OBJ_txt2obj(extval, 0))) {

-			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);

-			X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER);

-			X509V3_conf_err(val);

-			return NULL;

-		}

-		sk_ASN1_OBJECT_push(extku, objtmp);

-	}

-	return extku;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_genn.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* v3_genn.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-ASN1_SEQUENCE(OTHERNAME) = {

-	ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),

-	/* Maybe have a true ANY DEFINED BY later */

-	ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)

-} ASN1_SEQUENCE_END(OTHERNAME)

-IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)

-ASN1_SEQUENCE(EDIPARTYNAME) = {

-	ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),

-	ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)

-} ASN1_SEQUENCE_END(EDIPARTYNAME)

-IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)

-ASN1_CHOICE(GENERAL_NAME) = {

-	ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),

-	ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),

-	ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),

-	/* Don't decode this */

-	ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),

-	/* X509_NAME is a CHOICE type so use EXPLICIT */

-	ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),

-	ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),

-	ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),

-	ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),

-	ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)

-} ASN1_CHOICE_END(GENERAL_NAME)

-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)

-ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)

-ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)

-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_ia5.c

+++ /dev/null

@@ -1,116 +1,0 @@

-/* v3_ia5.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);

-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);

-const X509V3_EXT_METHOD v3_ns_ia5_list[] = {

-EXT_IA5STRING(NID_netscape_base_url),

-EXT_IA5STRING(NID_netscape_revocation_url),

-EXT_IA5STRING(NID_netscape_ca_revocation_url),

-EXT_IA5STRING(NID_netscape_renewal_url),

-EXT_IA5STRING(NID_netscape_ca_policy_url),

-EXT_IA5STRING(NID_netscape_ssl_server_name),

-EXT_IA5STRING(NID_netscape_comment),

-EXT_END

-};

-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,

-	     ASN1_IA5STRING *ia5)

-{

-	char *tmp;

-	if(!ia5 || !ia5->length) return NULL;

-	if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {

-		X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	memcpy(tmp, ia5->data, ia5->length);

-	tmp[ia5->length] = 0;

-	return tmp;

-}

-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, char *str)

-{

-	ASN1_IA5STRING *ia5;

-	if(!str) {

-		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);

-		return NULL;

-	}

-	if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;

-	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,

-			    strlen(str))) {

-		M_ASN1_IA5STRING_free(ia5);

-		goto err;

-	}

-#ifdef CHARSET_EBCDIC

-        ebcdic2ascii(ia5->data, ia5->data, ia5->length);

-#endif /*CHARSET_EBCDIC*/

-	return ia5;

-	err:

-	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_info.c

+++ /dev/null

@@ -1,193 +1,0 @@

-/* v3_info.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,

-				AUTHORITY_INFO_ACCESS *ainfo,

-						STACK_OF(CONF_VALUE) *ret);

-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,

-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-const X509V3_EXT_METHOD v3_info =

-{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),

-0,0,0,0,

-0,0,

-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,

-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,

-0,0,

-NULL};

-const X509V3_EXT_METHOD v3_sinfo =

-{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),

-0,0,0,0,

-0,0,

-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,

-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,

-0,0,

-NULL};

-ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {

-	ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),

-	ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)

-} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)

-IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)

-ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)

-ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)

-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)

-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,

-				AUTHORITY_INFO_ACCESS *ainfo,

-						STACK_OF(CONF_VALUE) *ret)

-{

-	ACCESS_DESCRIPTION *desc;

-	int i,nlen;

-	char objtmp[80], *ntmp;

-	CONF_VALUE *vtmp;

-	for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {

-		desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);

-		ret = i2v_GENERAL_NAME(method, desc->location, ret);

-		if(!ret) break;

-		vtmp = sk_CONF_VALUE_value(ret, i);

-		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);

-		nlen = strlen(objtmp) + strlen(vtmp->name) + 5;

-		ntmp = OPENSSL_malloc(nlen);

-		if(!ntmp) {

-			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,

-					ERR_R_MALLOC_FAILURE);

-			return NULL;

-		}

-		BUF_strlcpy(ntmp, objtmp, nlen);

-		BUF_strlcat(ntmp, " - ", nlen);

-		BUF_strlcat(ntmp, vtmp->name, nlen);

-		OPENSSL_free(vtmp->name);

-		vtmp->name = ntmp;

-	}

-	if(!ret) return sk_CONF_VALUE_new_null();

-	return ret;

-}

-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,

-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	AUTHORITY_INFO_ACCESS *ainfo = NULL;

-	CONF_VALUE *cnf, ctmp;

-	ACCESS_DESCRIPTION *acc;

-	int i, objlen;

-	char *objtmp, *ptmp;

-	if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {

-		X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		cnf = sk_CONF_VALUE_value(nval, i);

-		if(!(acc = ACCESS_DESCRIPTION_new())

-			|| !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {

-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		ptmp = strchr(cnf->name, ';');

-		if(!ptmp) {

-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX);

-			goto err;

-		}

-		objlen = ptmp - cnf->name;

-		ctmp.name = ptmp + 1;

-		ctmp.value = cnf->value;

-		if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))

-								 goto err;

-		if(!(objtmp = OPENSSL_malloc(objlen + 1))) {

-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		strncpy(objtmp, cnf->name, objlen);

-		objtmp[objlen] = 0;

-		acc->method = OBJ_txt2obj(objtmp, 0);

-		if(!acc->method) {

-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);

-			ERR_add_error_data(2, "value=", objtmp);

-			OPENSSL_free(objtmp);

-			goto err;

-		}

-		OPENSSL_free(objtmp);

-	}

-	return ainfo;

-	err:

-	sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);

-	return NULL;

-}

-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)

-        {

-	i2a_ASN1_OBJECT(bp, a->method);

-#ifdef UNDEF

-	i2a_GENERAL_NAME(bp, a->location);

-#endif

-	return 2;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_int.c

+++ /dev/null

@@ -1,89 +1,0 @@

-/* v3_int.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509v3.h>

-const X509V3_EXT_METHOD v3_crl_num = {

-	NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),

-	0,0,0,0,

-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,

-	0,

-	0,0,0,0, NULL};

-const X509V3_EXT_METHOD v3_delta_crl = {

-	NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),

-	0,0,0,0,

-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,

-	0,

-	0,0,0,0, NULL};

-static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)

-	{

-	return s2i_ASN1_INTEGER(meth, value);

-	}

-const X509V3_EXT_METHOD v3_inhibit_anyp = {

-	NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),

-	0,0,0,0,

-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,

-	(X509V3_EXT_S2I)s2i_asn1_int,

-	0,0,0,0, NULL};

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_lib.c

+++ /dev/null

@@ -1,303 +1,0 @@

-/* v3_lib.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* X509 v3 extension utilities */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-#include "ext_dat.h"

-static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;

-static int ext_cmp(const X509V3_EXT_METHOD * const *a,

-		const X509V3_EXT_METHOD * const *b);

-static void ext_list_free(X509V3_EXT_METHOD *ext);

-int X509V3_EXT_add(X509V3_EXT_METHOD *ext)

-{

-	if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {

-		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {

-		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	return 1;

-}

-static int ext_cmp(const X509V3_EXT_METHOD * const *a,

-		const X509V3_EXT_METHOD * const *b)

-{

-	return ((*a)->ext_nid - (*b)->ext_nid);

-}

-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)

-{

-	X509V3_EXT_METHOD tmp, *t = &tmp, **ret;

-	int idx;

-	if(nid < 0) return NULL;

-	tmp.ext_nid = nid;

-	ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,

-			(char *)standard_exts, STANDARD_EXTENSION_COUNT,

-			sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);

-	if(ret) return *ret;

-	if(!ext_list) return NULL;

-	idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);

-	if(idx == -1) return NULL;

-	return sk_X509V3_EXT_METHOD_value(ext_list, idx);

-}

-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)

-{

-	int nid;

-	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;

-	return X509V3_EXT_get_nid(nid);

-}

-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)

-{

-	for(;extlist->ext_nid!=-1;extlist++)

-			if(!X509V3_EXT_add(extlist)) return 0;

-	return 1;

-}

-int X509V3_EXT_add_alias(int nid_to, int nid_from)

-{

-	X509V3_EXT_METHOD *ext, *tmpext;

-	if(!(ext = X509V3_EXT_get_nid(nid_from))) {

-		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);

-		return 0;

-	}

-	if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {

-		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	*tmpext = *ext;

-	tmpext->ext_nid = nid_to;

-	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;

-	return X509V3_EXT_add(tmpext);

-}

-void X509V3_EXT_cleanup(void)

-{

-	sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);

-	ext_list = NULL;

-}

-static void ext_list_free(X509V3_EXT_METHOD *ext)

-{

-	if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);

-}

-/* Legacy function: we don't need to add standard extensions

- * any more because they are now kept in ext_dat.h.

- */

-int X509V3_add_standard_extensions(void)

-{

-	return 1;

-}

-/* Return an extension internal structure */

-void *X509V3_EXT_d2i(X509_EXTENSION *ext)

-{

-	X509V3_EXT_METHOD *method;

-	const unsigned char *p;

-	if(!(method = X509V3_EXT_get(ext))) return NULL;

-	p = ext->value->data;

-	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));

-	return method->d2i(NULL, &p, ext->value->length);

-}

-/* Get critical flag and decoded version of extension from a NID.

- * The "idx" variable returns the last found extension and can

- * be used to retrieve multiple extensions of the same NID.

- * However multiple extensions with the same NID is usually

- * due to a badly encoded certificate so if idx is NULL we

- * choke if multiple extensions exist.

- * The "crit" variable is set to the critical value.

- * The return value is the decoded extension or NULL on

- * error. The actual error can have several different causes,

- * the value of *crit reflects the cause:

- * >= 0, extension found but not decoded (reflects critical value).

- * -1 extension not found.

- * -2 extension occurs more than once.

- */

-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)

-{

-	int lastpos, i;

-	X509_EXTENSION *ex, *found_ex = NULL;

-	if(!x) {

-		if(idx) *idx = -1;

-		if(crit) *crit = -1;

-		return NULL;

-	}

-	if(idx) lastpos = *idx + 1;

-	else lastpos = 0;

-	if(lastpos < 0) lastpos = 0;

-	for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)

-	{

-		ex = sk_X509_EXTENSION_value(x, i);

-		if(OBJ_obj2nid(ex->object) == nid) {

-			if(idx) {

-				*idx = i;

-				found_ex = ex;

-				break;

-			} else if(found_ex) {

-				/* Found more than one */

-				if(crit) *crit = -2;

-				return NULL;

-			}

-			found_ex = ex;

-		}

-	}

-	if(found_ex) {

-		/* Found it */

-		if(crit) *crit = X509_EXTENSION_get_critical(found_ex);

-		return X509V3_EXT_d2i(found_ex);

-	}

-	/* Extension not found */

-	if(idx) *idx = -1;

-	if(crit) *crit = -1;

-	return NULL;

-}

-/* This function is a general extension append, replace and delete utility.

- * The precise operation is governed by the 'flags' value. The 'crit' and

- * 'value' arguments (if relevant) are the extensions internal structure.

- */

-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,

-					int crit, unsigned long flags)

-{

-	int extidx = -1;

-	int errcode;

-	X509_EXTENSION *ext, *extmp;

-	unsigned long ext_op = flags & X509V3_ADD_OP_MASK;

-	/* If appending we don't care if it exists, otherwise

-	 * look for existing extension.

-	 */

-	if(ext_op != X509V3_ADD_APPEND)

-		extidx = X509v3_get_ext_by_NID(*x, nid, -1);

-	/* See if extension exists */

-	if(extidx >= 0) {

-		/* If keep existing, nothing to do */

-		if(ext_op == X509V3_ADD_KEEP_EXISTING)

-			return 1;

-		/* If default then its an error */

-		if(ext_op == X509V3_ADD_DEFAULT) {

-			errcode = X509V3_R_EXTENSION_EXISTS;

-			goto err;

-		}

-		/* If delete, just delete it */

-		if(ext_op == X509V3_ADD_DELETE) {

-			if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;

-			return 1;

-		}

-	} else {

-		/* If replace existing or delete, error since

-		 * extension must exist

-		 */

-		if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||

-		   (ext_op == X509V3_ADD_DELETE)) {

-			errcode = X509V3_R_EXTENSION_NOT_FOUND;

-			goto err;

-		}

-	}

-	/* If we get this far then we have to create an extension:

-	 * could have some flags for alternative encoding schemes...

-	 */

-	ext = X509V3_EXT_i2d(nid, crit, value);

-	if(!ext) {

-		X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION);

-		return 0;

-	}

-	/* If extension exists replace it.. */

-	if(extidx >= 0) {

-		extmp = sk_X509_EXTENSION_value(*x, extidx);

-		X509_EXTENSION_free(extmp);

-		if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;

-		return 1;

-	}

-	if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;

-	if(!sk_X509_EXTENSION_push(*x, ext)) return -1;

-	return 1;

-	err:

-	if(!(flags & X509V3_ADD_SILENT))

-		X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);

-	return 0;

-}

-IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_ncons.c

+++ /dev/null

@@ -1,220 +1,0 @@

-/* v3_ncons.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,

-				void *a, BIO *bp, int ind);

-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,

-				STACK_OF(GENERAL_SUBTREE) *trees,

-					BIO *bp, int ind, char *name);

-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);

-const X509V3_EXT_METHOD v3_name_constraints = {

-	NID_name_constraints, 0,

-	ASN1_ITEM_ref(NAME_CONSTRAINTS),

-	0,0,0,0,

-	0,0,

-	0, v2i_NAME_CONSTRAINTS,

-	i2r_NAME_CONSTRAINTS,0,

-	NULL

-};

-ASN1_SEQUENCE(GENERAL_SUBTREE) = {

-	ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),

-	ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),

-	ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)

-} ASN1_SEQUENCE_END(GENERAL_SUBTREE)

-ASN1_SEQUENCE(NAME_CONSTRAINTS) = {

-	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,

-							GENERAL_SUBTREE, 0),

-	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,

-							GENERAL_SUBTREE, 1),

-} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)

-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-	{

-	int i;

-	CONF_VALUE tval, *val;

-	STACK_OF(GENERAL_SUBTREE) **ptree = NULL;

-	NAME_CONSTRAINTS *ncons = NULL;

-	GENERAL_SUBTREE *sub = NULL;

-	ncons = NAME_CONSTRAINTS_new();

-	if (!ncons)

-		goto memerr;

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)

-		{

-		val = sk_CONF_VALUE_value(nval, i);

-		if (!strncmp(val->name, "permitted", 9) && val->name[9])

-			{

-			ptree = &ncons->permittedSubtrees;

-			tval.name = val->name + 10;

-			}

-		else if (!strncmp(val->name, "excluded", 8) && val->name[8])

-			{

-			ptree = &ncons->excludedSubtrees;

-			tval.name = val->name + 9;

-			}

-		else

-			{

-			X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);

-			goto err;

-			}

-		tval.value = val->value;

-		sub = GENERAL_SUBTREE_new();

-		if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))

-			goto err;

-		if (!*ptree)

-			*ptree = sk_GENERAL_SUBTREE_new_null();

-		if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))

-			goto memerr;

-		sub = NULL;

-		}

-	return ncons;

-	memerr:

-	X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);

-	err:

-	if (ncons)

-		NAME_CONSTRAINTS_free(ncons);

-	if (sub)

-		GENERAL_SUBTREE_free(sub);

-	return NULL;

-	}

-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,

-				void *a, BIO *bp, int ind)

-	{

-	NAME_CONSTRAINTS *ncons = a;

-	do_i2r_name_constraints(method, ncons->permittedSubtrees,

-					bp, ind, "Permitted");

-	do_i2r_name_constraints(method, ncons->excludedSubtrees,

-					bp, ind, "Excluded");

-	return 1;

-	}

-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,

-				STACK_OF(GENERAL_SUBTREE) *trees,

-					BIO *bp, int ind, char *name)

-	{

-	GENERAL_SUBTREE *tree;

-	int i;

-	if (sk_GENERAL_SUBTREE_num(trees) > 0)

-		BIO_printf(bp, "%*s%s:\n", ind, "", name);

-	for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)

-		{

-		tree = sk_GENERAL_SUBTREE_value(trees, i);

-		BIO_printf(bp, "%*s", ind + 2, "");

-		if (tree->base->type == GEN_IPADD)

-			print_nc_ipadd(bp, tree->base->d.ip);

-		else

-			GENERAL_NAME_print(bp, tree->base);

-		tree = sk_GENERAL_SUBTREE_value(trees, i);

-		BIO_puts(bp, "\n");

-		}

-	return 1;

-	}

-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)

-	{

-	int i, len;

-	unsigned char *p;

-	p = ip->data;

-	len = ip->length;

-	BIO_puts(bp, "IP:");

-	if(len == 8)

-		{

-		BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",

-				p[0], p[1], p[2], p[3],

-				p[4], p[5], p[6], p[7]);

-		}

-	else if(len == 32)

-		{

-		for (i = 0; i < 16; i++)

-			{

-			BIO_printf(bp, "%X", p[0] << 8 | p[1]);

-			p += 2;

-			if (i == 7)

-				BIO_puts(bp, "/");

-			else if (i != 15)

-				BIO_puts(bp, ":");

-			}

-		}

-	else

-		BIO_printf(bp, "IP Address:<invalid>");

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_ocsp.c

+++ /dev/null

@@ -1,275 +1,0 @@

-/* v3_ocsp.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef OPENSSL_NO_OCSP

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/ocsp.h>

-#include <openssl/x509v3.h>

-/* OCSP extensions and a couple of CRL entry extensions

- */

-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);

-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);

-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);

-static void *ocsp_nonce_new(void);

-static int i2d_ocsp_nonce(void *a, unsigned char **pp);

-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);

-static void ocsp_nonce_free(void *a);

-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);

-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);

-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);

-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);

-const X509V3_EXT_METHOD v3_ocsp_crlid = {

-	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),

-	0,0,0,0,

-	0,0,

-	0,0,

-	i2r_ocsp_crlid,0,

-	NULL

-};

-const X509V3_EXT_METHOD v3_ocsp_acutoff = {

-	NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),

-	0,0,0,0,

-	0,0,

-	0,0,

-	i2r_ocsp_acutoff,0,

-	NULL

-};

-const X509V3_EXT_METHOD v3_crl_invdate = {

-	NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),

-	0,0,0,0,

-	0,0,

-	0,0,

-	i2r_ocsp_acutoff,0,

-	NULL

-};

-const X509V3_EXT_METHOD v3_crl_hold = {

-	NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),

-	0,0,0,0,

-	0,0,

-	0,0,

-	i2r_object,0,

-	NULL

-};

-const X509V3_EXT_METHOD v3_ocsp_nonce = {

-	NID_id_pkix_OCSP_Nonce, 0, NULL,

-	ocsp_nonce_new,

-	ocsp_nonce_free,

-	d2i_ocsp_nonce,

-	i2d_ocsp_nonce,

-	0,0,

-	0,0,

-	i2r_ocsp_nonce,0,

-	NULL

-};

-const X509V3_EXT_METHOD v3_ocsp_nocheck = {

-	NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),

-	0,0,0,0,

-	0,s2i_ocsp_nocheck,

-	0,0,

-	i2r_ocsp_nocheck,0,

-	NULL

-};

-const X509V3_EXT_METHOD v3_ocsp_serviceloc = {

-	NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),

-	0,0,0,0,

-	0,0,

-	0,0,

-	i2r_ocsp_serviceloc,0,

-	NULL

-};

-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)

-{

-	OCSP_CRLID *a = in;

-	if (a->crlUrl)

-	        {

-		if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;

-		if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;

-		if (!BIO_write(bp, "\n", 1)) goto err;

-		}

-	if (a->crlNum)

-	        {

-		if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;

-		if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;

-		if (!BIO_write(bp, "\n", 1)) goto err;

-		}

-	if (a->crlTime)

-	        {

-		if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;

-		if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;

-		if (!BIO_write(bp, "\n", 1)) goto err;

-		}

-	return 1;

-	err:

-	return 0;

-}

-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)

-{

-	if (!BIO_printf(bp, "%*s", ind, "")) return 0;

-	if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;

-	return 1;

-}

-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)

-{

-	if (!BIO_printf(bp, "%*s", ind, "")) return 0;

-	if(!i2a_ASN1_OBJECT(bp, oid)) return 0;

-	return 1;

-}

-/* OCSP nonce. This is needs special treatment because it doesn't have

- * an ASN1 encoding at all: it just contains arbitrary data.

- */

-static void *ocsp_nonce_new(void)

-{

-	return ASN1_OCTET_STRING_new();

-}

-static int i2d_ocsp_nonce(void *a, unsigned char **pp)

-{

-	ASN1_OCTET_STRING *os = a;

-	if(pp) {

-		memcpy(*pp, os->data, os->length);

-		*pp += os->length;

-	}

-	return os->length;

-}

-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)

-{

-	ASN1_OCTET_STRING *os, **pos;

-	pos = a;

-	if(!pos || !*pos) os = ASN1_OCTET_STRING_new();

-	else os = *pos;

-	if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;

-	*pp += length;

-	if(pos) *pos = os;

-	return os;

-	err:

-	if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);

-	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);

-	return NULL;

-}

-static void ocsp_nonce_free(void *a)

-{

-	M_ASN1_OCTET_STRING_free(a);

-}

-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)

-{

-	if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;

-	if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;

-	return 1;

-}

-/* Nocheck is just a single NULL. Don't print anything and always set it */

-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)

-{

-	return 1;

-}

-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)

-{

-	return ASN1_NULL_new();

-}

-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)

-        {

-	int i;

-	OCSP_SERVICELOC *a = in;

-	ACCESS_DESCRIPTION *ad;

-        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;

-        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;

-	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)

-	        {

-				ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);

-				if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)

-					goto err;

-				if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;

-				if(BIO_puts(bp, " - ") <= 0) goto err;

-				if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;

-		}

-	return 1;

-err:

-	return 0;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_pci.c

+++ /dev/null

@@ -1,302 +1,0 @@

-/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */

-/* Contributed to the OpenSSL Project 2004

- * by Richard Levitte ([email protected])

- */

-/* Copyright (c) 2004 Kungliga Tekniska H�gskolan

- * (Royal Institute of Technology, Stockholm, Sweden).

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * 3. Neither the name of the Institute nor the names of its contributors

- *    may be used to endorse or promote products derived from this software

- *    without specific prior written permission.

- *

- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,

-	BIO *out, int indent);

-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,

-	X509V3_CTX *ctx, char *str);

-const X509V3_EXT_METHOD v3_pci =

-	{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),

-	  0,0,0,0,

-	  0,0,

-	  NULL, NULL,

-	  (X509V3_EXT_I2R)i2r_pci,

-	  (X509V3_EXT_R2I)r2i_pci,

-	  NULL,

-	};

-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,

-	BIO *out, int indent)

-	{

-	BIO_printf(out, "%*sPath Length Constraint: ", indent, "");

-	if (pci->pcPathLengthConstraint)

-	  i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);

-	else

-	  BIO_printf(out, "infinite");

-	BIO_puts(out, "\n");

-	BIO_printf(out, "%*sPolicy Language: ", indent, "");

-	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);

-	BIO_puts(out, "\n");

-	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)

-	  BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",

-		     pci->proxyPolicy->policy->data);

-	return 1;

-	}

-static int process_pci_value(CONF_VALUE *val,

-	ASN1_OBJECT **language, ASN1_INTEGER **pathlen,

-	ASN1_OCTET_STRING **policy)

-	{

-	int free_policy = 0;

-	if (strcmp(val->name, "language") == 0)

-		{

-		if (*language)

-			{

-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);

-			X509V3_conf_err(val);

-			return 0;

-			}

-		if (!(*language = OBJ_txt2obj(val->value, 0)))

-			{

-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);

-			X509V3_conf_err(val);

-			return 0;

-			}

-		}

-	else if (strcmp(val->name, "pathlen") == 0)

-		{

-		if (*pathlen)

-			{

-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);

-			X509V3_conf_err(val);

-			return 0;

-			}

-		if (!X509V3_get_value_int(val, pathlen))

-			{

-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);

-			X509V3_conf_err(val);

-			return 0;

-			}

-		}

-	else if (strcmp(val->name, "policy") == 0)

-		{

-		unsigned char *tmp_data = NULL;

-		long val_len;

-		if (!*policy)

-			{

-			*policy = ASN1_OCTET_STRING_new();

-			if (!*policy)

-				{

-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);

-				X509V3_conf_err(val);

-				return 0;

-				}

-			free_policy = 1;

-			}

-		if (strncmp(val->value, "hex:", 4) == 0)

-			{

-			unsigned char *tmp_data2 =

-				string_to_hex(val->value + 4, &val_len);

-			if (!tmp_data2) goto err;

-			tmp_data = OPENSSL_realloc((*policy)->data,

-				(*policy)->length + val_len + 1);

-			if (tmp_data)

-				{

-				(*policy)->data = tmp_data;

-				memcpy(&(*policy)->data[(*policy)->length],

-					tmp_data2, val_len);

-				(*policy)->length += val_len;

-				(*policy)->data[(*policy)->length] = '\0';

-				}

-			}

-		else if (strncmp(val->value, "file:", 5) == 0)

-			{

-			unsigned char buf[2048];

-			int n;

-			BIO *b = BIO_new_file(val->value + 5, "r");

-			if (!b)

-				{

-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);

-				X509V3_conf_err(val);

-				goto err;

-				}

-			while((n = BIO_read(b, buf, sizeof(buf))) > 0

-				|| (n == 0 && BIO_should_retry(b)))

-				{

-				if (!n) continue;

-				tmp_data = OPENSSL_realloc((*policy)->data,

-					(*policy)->length + n + 1);

-				if (!tmp_data)

-					break;

-				(*policy)->data = tmp_data;

-				memcpy(&(*policy)->data[(*policy)->length],

-					buf, n);

-				(*policy)->length += n;

-				(*policy)->data[(*policy)->length] = '\0';

-				}

-			if (n < 0)

-				{

-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);

-				X509V3_conf_err(val);

-				goto err;

-				}

-			}

-		else if (strncmp(val->value, "text:", 5) == 0)

-			{

-			val_len = strlen(val->value + 5);

-			tmp_data = OPENSSL_realloc((*policy)->data,

-				(*policy)->length + val_len + 1);

-			if (tmp_data)

-				{

-				(*policy)->data = tmp_data;

-				memcpy(&(*policy)->data[(*policy)->length],

-					val->value + 5, val_len);

-				(*policy)->length += val_len;

-				(*policy)->data[(*policy)->length] = '\0';

-				}

-			}

-		else

-			{

-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);

-			X509V3_conf_err(val);

-			goto err;

-			}

-		if (!tmp_data)

-			{

-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);

-			X509V3_conf_err(val);

-			goto err;

-			}

-		}

-	return 1;

-err:

-	if (free_policy)

-		{

-		ASN1_OCTET_STRING_free(*policy);

-		*policy = NULL;

-		}

-	return 0;

-	}

-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,

-	X509V3_CTX *ctx, char *value)

-	{

-	PROXY_CERT_INFO_EXTENSION *pci = NULL;

-	STACK_OF(CONF_VALUE) *vals;

-	ASN1_OBJECT *language = NULL;

-	ASN1_INTEGER *pathlen = NULL;

-	ASN1_OCTET_STRING *policy = NULL;

-	int i, j;

-	vals = X509V3_parse_list(value);

-	for (i = 0; i < sk_CONF_VALUE_num(vals); i++)

-		{

-		CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);

-		if (!cnf->name || (*cnf->name != '@' && !cnf->value))

-			{

-			X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);

-			X509V3_conf_err(cnf);

-			goto err;

-			}

-		if (*cnf->name == '@')

-			{

-			STACK_OF(CONF_VALUE) *sect;

-			int success_p = 1;

-			sect = X509V3_get_section(ctx, cnf->name + 1);

-			if (!sect)

-				{

-				X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);

-				X509V3_conf_err(cnf);

-				goto err;

-				}

-			for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)

-				{

-				success_p =

-					process_pci_value(sk_CONF_VALUE_value(sect, j),

-						&language, &pathlen, &policy);

-				}

-			X509V3_section_free(ctx, sect);

-			if (!success_p)

-				goto err;

-			}

-		else

-			{

-			if (!process_pci_value(cnf,

-					&language, &pathlen, &policy))

-				{

-				X509V3_conf_err(cnf);

-				goto err;

-				}

-			}

-		}

-	/* Language is mandatory */

-	if (!language)

-		{

-		X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);

-		goto err;

-		}

-	i = OBJ_obj2nid(language);

-	if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)

-		{

-		X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);

-		goto err;

-		}

-	pci = PROXY_CERT_INFO_EXTENSION_new();

-	if (!pci)

-		{

-		X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	pci->proxyPolicy->policyLanguage = language; language = NULL;

-	pci->proxyPolicy->policy = policy; policy = NULL;

-	pci->pcPathLengthConstraint = pathlen; pathlen = NULL;

-	goto end;

-err:

-	if (language) { ASN1_OBJECT_free(language); language = NULL; }

-	if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }

-	if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }

-	if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }

-end:

-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

-	return pci;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_pcia.c

+++ /dev/null

@@ -1,55 +1,0 @@

-/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */

-/* Contributed to the OpenSSL Project 2004

- * by Richard Levitte ([email protected])

- */

-/* Copyright (c) 2004 Kungliga Tekniska H�gskolan

- * (Royal Institute of Technology, Stockholm, Sweden).

- * All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- *

- * 3. Neither the name of the Institute nor the names of its contributors

- *    may be used to endorse or promote products derived from this software

- *    without specific prior written permission.

- *

- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- */

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-ASN1_SEQUENCE(PROXY_POLICY) =

-	{

-	ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),

-	ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(PROXY_POLICY)

-IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)

-ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =

-	{

-	ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),

-	ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)

-} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)

-IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_pcons.c

+++ /dev/null

@@ -1,136 +1,0 @@

-/* v3_pcons.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,

-				void *bcons, STACK_OF(CONF_VALUE) *extlist);

-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

-const X509V3_EXT_METHOD v3_policy_constraints = {

-NID_policy_constraints, 0,

-ASN1_ITEM_ref(POLICY_CONSTRAINTS),

-0,0,0,0,

-0,0,

-i2v_POLICY_CONSTRAINTS,

-v2i_POLICY_CONSTRAINTS,

-NULL,NULL,

-NULL

-};

-ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {

-	ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),

-	ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)

-} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)

-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,

-	     void *a, STACK_OF(CONF_VALUE) *extlist)

-{

-	POLICY_CONSTRAINTS *pcons = a;

-	X509V3_add_value_int("Require Explicit Policy",

-			pcons->requireExplicitPolicy, &extlist);

-	X509V3_add_value_int("Inhibit Policy Mapping",

-			pcons->inhibitPolicyMapping, &extlist);

-	return extlist;

-}

-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)

-{

-	POLICY_CONSTRAINTS *pcons=NULL;

-	CONF_VALUE *val;

-	int i;

-	if(!(pcons = POLICY_CONSTRAINTS_new())) {

-		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {

-		val = sk_CONF_VALUE_value(values, i);

-		if(!strcmp(val->name, "requireExplicitPolicy")) {

-			if(!X509V3_get_value_int(val,

-				&pcons->requireExplicitPolicy)) goto err;

-		} else if(!strcmp(val->name, "inhibitPolicyMapping")) {

-			if(!X509V3_get_value_int(val,

-				&pcons->inhibitPolicyMapping)) goto err;

-		} else {

-			X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);

-			X509V3_conf_err(val);

-			goto err;

-		}

-	}

-	if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {

-		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION);

-		goto err;

-	}

-	return pcons;

-	err:

-	POLICY_CONSTRAINTS_free(pcons);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_pku.c

+++ /dev/null

@@ -1,108 +1,0 @@

-/* v3_pku.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);

-/*

-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

-*/

-const X509V3_EXT_METHOD v3_pkey_usage_period = {

-NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),

-0,0,0,0,

-0,0,0,0,

-(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,

-NULL

-};

-ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {

-	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),

-	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)

-} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)

-IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)

-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,

-	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)

-{

-	BIO_printf(out, "%*s", indent, "");

-	if(usage->notBefore) {

-		BIO_write(out, "Not Before: ", 12);

-		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);

-		if(usage->notAfter) BIO_write(out, ", ", 2);

-	}

-	if(usage->notAfter) {

-		BIO_write(out, "Not After: ", 11);

-		ASN1_GENERALIZEDTIME_print(out, usage->notAfter);

-	}

-	return 1;

-}

-/*

-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)

-X509V3_EXT_METHOD *method;

-X509V3_CTX *ctx;

-STACK_OF(CONF_VALUE) *values;

-{

-return NULL;

-}

-*/

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_pmaps.c

+++ /dev/null

@@ -1,153 +1,0 @@

-/* v3_pmaps.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1t.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,

-				void *pmps, STACK_OF(CONF_VALUE) *extlist);

-const X509V3_EXT_METHOD v3_policy_mappings = {

-	NID_policy_mappings, 0,

-	ASN1_ITEM_ref(POLICY_MAPPINGS),

-	0,0,0,0,

-	0,0,

-	i2v_POLICY_MAPPINGS,

-	v2i_POLICY_MAPPINGS,

-	0,0,

-	NULL

-};

-ASN1_SEQUENCE(POLICY_MAPPING) = {

-	ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),

-	ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)

-} ASN1_SEQUENCE_END(POLICY_MAPPING)

-ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =

-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,

-								POLICY_MAPPING)

-ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)

-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)

-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,

-		void *a, STACK_OF(CONF_VALUE) *ext_list)

-{

-	POLICY_MAPPINGS *pmaps = a;

-	POLICY_MAPPING *pmap;

-	int i;

-	char obj_tmp1[80];

-	char obj_tmp2[80];

-	for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {

-		pmap = sk_POLICY_MAPPING_value(pmaps, i);

-		i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);

-		i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);

-		X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);

-	}

-	return ext_list;

-}

-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

-{

-	POLICY_MAPPINGS *pmaps;

-	POLICY_MAPPING *pmap;

-	ASN1_OBJECT *obj1, *obj2;

-	CONF_VALUE *val;

-	int i;

-	if(!(pmaps = sk_POLICY_MAPPING_new_null())) {

-		X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		val = sk_CONF_VALUE_value(nval, i);

-		if(!val->value || !val->name) {

-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);

-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);

-			X509V3_conf_err(val);

-			return NULL;

-		}

-		obj1 = OBJ_txt2obj(val->name, 0);

-		obj2 = OBJ_txt2obj(val->value, 0);

-		if(!obj1 || !obj2) {

-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);

-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);

-			X509V3_conf_err(val);

-			return NULL;

-		}

-		pmap = POLICY_MAPPING_new();

-		if (!pmap) {

-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);

-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);

-			return NULL;

-		}

-		pmap->issuerDomainPolicy = obj1;

-		pmap->subjectDomainPolicy = obj2;

-		sk_POLICY_MAPPING_push(pmaps, pmap);

-	}

-	return pmaps;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_prn.c

+++ /dev/null

@@ -1,234 +1,0 @@

-/* v3_prn.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* X509 v3 extension utilities */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-/* Extension printing routines */

-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);

-/* Print out a name+value stack */

-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)

-{

-	int i;

-	CONF_VALUE *nval;

-	if(!val) return;

-	if(!ml || !sk_CONF_VALUE_num(val)) {

-		BIO_printf(out, "%*s", indent, "");

-		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");

-	}

-	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {

-		if(ml) BIO_printf(out, "%*s", indent, "");

-		else if(i > 0) BIO_printf(out, ", ");

-		nval = sk_CONF_VALUE_value(val, i);

-		if(!nval->name) BIO_puts(out, nval->value);

-		else if(!nval->value) BIO_puts(out, nval->name);

-#ifndef CHARSET_EBCDIC

-		else BIO_printf(out, "%s:%s", nval->name, nval->value);

-#else

-		else {

-			int len;

-			char *tmp;

-			len = strlen(nval->value)+1;

-			tmp = OPENSSL_malloc(len);

-			if (tmp)

-			{

-				ascii2ebcdic(tmp, nval->value, len);

-				BIO_printf(out, "%s:%s", nval->name, tmp);

-				OPENSSL_free(tmp);

-			}

-		}

-#endif

-		if(ml) BIO_puts(out, "\n");

-	}

-}

-/* Main routine: print out a general extension */

-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)

-{

-	void *ext_str = NULL;

-	char *value = NULL;

-	const unsigned char *p;

-	X509V3_EXT_METHOD *method;

-	STACK_OF(CONF_VALUE) *nval = NULL;

-	int ok = 1;

-	if(!(method = X509V3_EXT_get(ext)))

-		return unknown_ext_print(out, ext, flag, indent, 0);

-	p = ext->value->data;

-	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));

-	else ext_str = method->d2i(NULL, &p, ext->value->length);

-	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);

-	if(method->i2s) {

-		if(!(value = method->i2s(method, ext_str))) {

-			ok = 0;

-			goto err;

-		}

-#ifndef CHARSET_EBCDIC

-		BIO_printf(out, "%*s%s", indent, "", value);

-#else

-		{

-			int len;

-			char *tmp;

-			len = strlen(value)+1;

-			tmp = OPENSSL_malloc(len);

-			if (tmp)

-			{

-				ascii2ebcdic(tmp, value, len);

-				BIO_printf(out, "%*s%s", indent, "", tmp);

-				OPENSSL_free(tmp);

-			}

-		}

-#endif

-	} else if(method->i2v) {

-		if(!(nval = method->i2v(method, ext_str, NULL))) {

-			ok = 0;

-			goto err;

-		}

-		X509V3_EXT_val_prn(out, nval, indent,

-				 method->ext_flags & X509V3_EXT_MULTILINE);

-	} else if(method->i2r) {

-		if(!method->i2r(method, ext_str, out, indent)) ok = 0;

-	} else ok = 0;

-	err:

-		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);

-		if(value) OPENSSL_free(value);

-		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));

-		else method->ext_free(ext_str);

-		return ok;

-}

-int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)

-{

-	int i, j;

-	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;

-	if(title)

-		{

-		BIO_printf(bp,"%*s%s:\n",indent, "", title);

-		indent += 4;

-		}

-	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)

-		{

-		ASN1_OBJECT *obj;

-		X509_EXTENSION *ex;

-		ex=sk_X509_EXTENSION_value(exts, i);

-		if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;

-		obj=X509_EXTENSION_get_object(ex);

-		i2a_ASN1_OBJECT(bp,obj);

-		j=X509_EXTENSION_get_critical(ex);

-		if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)

-			return 0;

-		if(!X509V3_EXT_print(bp, ex, flag, indent + 4))

-			{

-			BIO_printf(bp, "%*s", indent + 4, "");

-			M_ASN1_OCTET_STRING_print(bp,ex->value);

-			}

-		if (BIO_write(bp,"\n",1) <= 0) return 0;

-		}

-	return 1;

-}

-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)

-{

-	switch(flag & X509V3_EXT_UNKNOWN_MASK) {

-		case X509V3_EXT_DEFAULT:

-		return 0;

-		case X509V3_EXT_ERROR_UNKNOWN:

-		if(supported)

-			BIO_printf(out, "%*s<Parse Error>", indent, "");

-		else

-			BIO_printf(out, "%*s<Not Supported>", indent, "");

-		return 1;

-		case X509V3_EXT_PARSE_UNKNOWN:

-			return ASN1_parse_dump(out,

-				ext->value->data, ext->value->length, indent, -1);

-		case X509V3_EXT_DUMP_UNKNOWN:

-			return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);

-		default:

-		return 1;

-	}

-}

-#ifndef OPENSSL_NO_FP_API

-int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)

-{

-	BIO *bio_tmp;

-	int ret;

-	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;

-	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);

-	BIO_free(bio_tmp);

-	return ret;

-}

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_purp.c

+++ /dev/null

@@ -1,661 +1,0 @@

-/* v3_purp.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2001.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509v3.h>

-#include <openssl/x509_vfy.h>

-static void x509v3_cache_extensions(X509 *x);

-static int check_ssl_ca(const X509 *x);

-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int purpose_smime(const X509 *x, int ca);

-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);

-static int xp_cmp(const X509_PURPOSE * const *a,

-		const X509_PURPOSE * const *b);

-static void xptable_free(X509_PURPOSE *p);

-static X509_PURPOSE xstandard[] = {

-	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},

-	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},

-	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},

-	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},

-	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},

-	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},

-	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},

-	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},

-};

-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))

-IMPLEMENT_STACK_OF(X509_PURPOSE)

-static STACK_OF(X509_PURPOSE) *xptable = NULL;

-static int xp_cmp(const X509_PURPOSE * const *a,

-		const X509_PURPOSE * const *b)

-{

-	return (*a)->purpose - (*b)->purpose;

-}

-/* As much as I'd like to make X509_check_purpose use a "const" X509*

- * I really can't because it does recalculate hashes and do other non-const

- * things. */

-int X509_check_purpose(X509 *x, int id, int ca)

-{

-	int idx;

-	const X509_PURPOSE *pt;

-	if(!(x->ex_flags & EXFLAG_SET)) {

-		CRYPTO_w_lock(CRYPTO_LOCK_X509);

-		x509v3_cache_extensions(x);

-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);

-	}

-	if(id == -1) return 1;

-	idx = X509_PURPOSE_get_by_id(id);

-	if(idx == -1) return -1;

-	pt = X509_PURPOSE_get0(idx);

-	return pt->check_purpose(pt, x, ca);

-}

-int X509_PURPOSE_set(int *p, int purpose)

-{

-	if(X509_PURPOSE_get_by_id(purpose) == -1) {

-		X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);

-		return 0;

-	}

-	*p = purpose;

-	return 1;

-}

-int X509_PURPOSE_get_count(void)

-{

-	if(!xptable) return X509_PURPOSE_COUNT;

-	return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;

-}

-X509_PURPOSE * X509_PURPOSE_get0(int idx)

-{

-	if(idx < 0) return NULL;

-	if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;

-	return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);

-}

-int X509_PURPOSE_get_by_sname(char *sname)

-{

-	int i;

-	X509_PURPOSE *xptmp;

-	for(i = 0; i < X509_PURPOSE_get_count(); i++) {

-		xptmp = X509_PURPOSE_get0(i);

-		if(!strcmp(xptmp->sname, sname)) return i;

-	}

-	return -1;

-}

-int X509_PURPOSE_get_by_id(int purpose)

-{

-	X509_PURPOSE tmp;

-	int idx;

-	if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))

-		return purpose - X509_PURPOSE_MIN;

-	tmp.purpose = purpose;

-	if(!xptable) return -1;

-	idx = sk_X509_PURPOSE_find(xptable, &tmp);

-	if(idx == -1) return -1;

-	return idx + X509_PURPOSE_COUNT;

-}

-int X509_PURPOSE_add(int id, int trust, int flags,

-			int (*ck)(const X509_PURPOSE *, const X509 *, int),

-					char *name, char *sname, void *arg)

-{

-	int idx;

-	X509_PURPOSE *ptmp;

-	/* This is set according to what we change: application can't set it */

-	flags &= ~X509_PURPOSE_DYNAMIC;

-	/* This will always be set for application modified trust entries */

-	flags |= X509_PURPOSE_DYNAMIC_NAME;

-	/* Get existing entry if any */

-	idx = X509_PURPOSE_get_by_id(id);

-	/* Need a new entry */

-	if(idx == -1) {

-		if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {

-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		ptmp->flags = X509_PURPOSE_DYNAMIC;

-	} else ptmp = X509_PURPOSE_get0(idx);

-	/* OPENSSL_free existing name if dynamic */

-	if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {

-		OPENSSL_free(ptmp->name);

-		OPENSSL_free(ptmp->sname);

-	}

-	/* dup supplied name */

-	ptmp->name = BUF_strdup(name);

-	ptmp->sname = BUF_strdup(sname);

-	if(!ptmp->name || !ptmp->sname) {

-		X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);

-		return 0;

-	}

-	/* Keep the dynamic flag of existing entry */

-	ptmp->flags &= X509_PURPOSE_DYNAMIC;

-	/* Set all other flags */

-	ptmp->flags |= flags;

-	ptmp->purpose = id;

-	ptmp->trust = trust;

-	ptmp->check_purpose = ck;

-	ptmp->usr_data = arg;

-	/* If its a new entry manage the dynamic table */

-	if(idx == -1) {

-		if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {

-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-		if (!sk_X509_PURPOSE_push(xptable, ptmp)) {

-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);

-			return 0;

-		}

-	}

-	return 1;

-}

-static void xptable_free(X509_PURPOSE *p)

-	{

-	if(!p) return;

-	if (p->flags & X509_PURPOSE_DYNAMIC)

-		{

-		if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {

-			OPENSSL_free(p->name);

-			OPENSSL_free(p->sname);

-		}

-		OPENSSL_free(p);

-		}

-	}

-void X509_PURPOSE_cleanup(void)

-{

-	unsigned int i;

-	sk_X509_PURPOSE_pop_free(xptable, xptable_free);

-	for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);

-	xptable = NULL;

-}

-int X509_PURPOSE_get_id(X509_PURPOSE *xp)

-{

-	return xp->purpose;

-}

-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)

-{

-	return xp->name;

-}

-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)

-{

-	return xp->sname;

-}

-int X509_PURPOSE_get_trust(X509_PURPOSE *xp)

-{

-	return xp->trust;

-}

-static int nid_cmp(int *a, int *b)

-	{

-	return *a - *b;

-	}

-int X509_supported_extension(X509_EXTENSION *ex)

-	{

-	/* This table is a list of the NIDs of supported extensions:

-	 * that is those which are used by the verify process. If

-	 * an extension is critical and doesn't appear in this list

-	 * then the verify process will normally reject the certificate.

-	 * The list must be kept in numerical order because it will be

-	 * searched using bsearch.

-	 */

-	static int supported_nids[] = {

-		NID_netscape_cert_type, /* 71 */

-        	NID_key_usage,		/* 83 */

-		NID_subject_alt_name,	/* 85 */

-		NID_basic_constraints,	/* 87 */

-		NID_certificate_policies, /* 89 */

-        	NID_ext_key_usage,	/* 126 */

-#ifndef OPENSSL_NO_RFC3779

-		NID_sbgp_ipAddrBlock,	/* 290 */

-		NID_sbgp_autonomousSysNum, /* 291 */

-#endif

-		NID_proxyCertInfo	/* 661 */

-	};

-	int ex_nid;

-	ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));

-	if (ex_nid == NID_undef)

-		return 0;

-	if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,

-		sizeof(supported_nids)/sizeof(int), sizeof(int),

-		(int (*)(const void *, const void *))nid_cmp))

-		return 1;

-	return 0;

-	}

-static void x509v3_cache_extensions(X509 *x)

-{

-	BASIC_CONSTRAINTS *bs;

-	PROXY_CERT_INFO_EXTENSION *pci;

-	ASN1_BIT_STRING *usage;

-	ASN1_BIT_STRING *ns;

-	EXTENDED_KEY_USAGE *extusage;

-	X509_EXTENSION *ex;

-	int i;

-	if(x->ex_flags & EXFLAG_SET) return;

-#ifndef OPENSSL_NO_SHA

-	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);

-#endif

-	/* Does subject name match issuer ? */

-	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))

-			 x->ex_flags |= EXFLAG_SS;

-	/* V1 should mean no extensions ... */

-	if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;

-	/* Handle basic constraints */

-	if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {

-		if(bs->ca) x->ex_flags |= EXFLAG_CA;

-		if(bs->pathlen) {

-			if((bs->pathlen->type == V_ASN1_NEG_INTEGER)

-						|| !bs->ca) {

-				x->ex_flags |= EXFLAG_INVALID;

-				x->ex_pathlen = 0;

-			} else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);

-		} else x->ex_pathlen = -1;

-		BASIC_CONSTRAINTS_free(bs);

-		x->ex_flags |= EXFLAG_BCONS;

-	}

-	/* Handle proxy certificates */

-	if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {

-		if (x->ex_flags & EXFLAG_CA

-		    || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0

-		    || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {

-			x->ex_flags |= EXFLAG_INVALID;

-		}

-		if (pci->pcPathLengthConstraint) {

-			x->ex_pcpathlen =

-				ASN1_INTEGER_get(pci->pcPathLengthConstraint);

-		} else x->ex_pcpathlen = -1;

-		PROXY_CERT_INFO_EXTENSION_free(pci);

-		x->ex_flags |= EXFLAG_PROXY;

-	}

-	/* Handle key usage */

-	if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {

-		if(usage->length > 0) {

-			x->ex_kusage = usage->data[0];

-			if(usage->length > 1)

-				x->ex_kusage |= usage->data[1] << 8;

-		} else x->ex_kusage = 0;

-		x->ex_flags |= EXFLAG_KUSAGE;

-		ASN1_BIT_STRING_free(usage);

-	}

-	x->ex_xkusage = 0;

-	if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {

-		x->ex_flags |= EXFLAG_XKUSAGE;

-		for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {

-			switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {

-				case NID_server_auth:

-				x->ex_xkusage |= XKU_SSL_SERVER;

-				break;

-				case NID_client_auth:

-				x->ex_xkusage |= XKU_SSL_CLIENT;

-				break;

-				case NID_email_protect:

-				x->ex_xkusage |= XKU_SMIME;

-				break;

-				case NID_code_sign:

-				x->ex_xkusage |= XKU_CODE_SIGN;

-				break;

-				case NID_ms_sgc:

-				case NID_ns_sgc:

-				x->ex_xkusage |= XKU_SGC;

-				break;

-				case NID_OCSP_sign:

-				x->ex_xkusage |= XKU_OCSP_SIGN;

-				break;

-				case NID_time_stamp:

-				x->ex_xkusage |= XKU_TIMESTAMP;

-				break;

-				case NID_dvcs:

-				x->ex_xkusage |= XKU_DVCS;

-				break;

-			}

-		}

-		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);

-	}

-	if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {

-		if(ns->length > 0) x->ex_nscert = ns->data[0];

-		else x->ex_nscert = 0;

-		x->ex_flags |= EXFLAG_NSCERT;

-		ASN1_BIT_STRING_free(ns);

-	}

-	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);

-	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);

-#ifndef OPENSSL_NO_RFC3779

-	x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);

-	x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,

-					  NULL, NULL);

-#endif

-	for (i = 0; i < X509_get_ext_count(x); i++)

-		{

-		ex = X509_get_ext(x, i);

-		if (!X509_EXTENSION_get_critical(ex))

-			continue;

-		if (!X509_supported_extension(ex))

-			{

-			x->ex_flags |= EXFLAG_CRITICAL;

-			break;

-			}

-		}

-	x->ex_flags |= EXFLAG_SET;

-}

-/* CA checks common to all purposes

- * return codes:

- * 0 not a CA

- * 1 is a CA

- * 2 basicConstraints absent so "maybe" a CA

- * 3 basicConstraints absent but self signed V1.

- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.

- */

-#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)

-#define ku_reject(x, usage) \

-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))

-#define xku_reject(x, usage) \

-	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))

-#define ns_reject(x, usage) \

-	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))

-static int check_ca(const X509 *x)

-{

-	/* keyUsage if present should allow cert signing */

-	if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;

-	if(x->ex_flags & EXFLAG_BCONS) {

-		if(x->ex_flags & EXFLAG_CA) return 1;

-		/* If basicConstraints says not a CA then say so */

-		else return 0;

-	} else {

-		/* we support V1 roots for...  uh, I don't really know why. */

-		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;

-		/* If key usage present it must have certSign so tolerate it */

-		else if (x->ex_flags & EXFLAG_KUSAGE) return 4;

-		/* Older certificates could have Netscape-specific CA types */

-		else if (x->ex_flags & EXFLAG_NSCERT

-			 && x->ex_nscert & NS_ANY_CA) return 5;

-		/* can this still be regarded a CA certificate?  I doubt it */

-		return 0;

-	}

-}

-int X509_check_ca(X509 *x)

-{

-	if(!(x->ex_flags & EXFLAG_SET)) {

-		CRYPTO_w_lock(CRYPTO_LOCK_X509);

-		x509v3_cache_extensions(x);

-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);

-	}

-	return check_ca(x);

-}

-/* Check SSL CA: common checks for SSL client and server */

-static int check_ssl_ca(const X509 *x)

-{

-	int ca_ret;

-	ca_ret = check_ca(x);

-	if(!ca_ret) return 0;

-	/* check nsCertType if present */

-	if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;

-	else return 0;

-}

-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	if(xku_reject(x,XKU_SSL_CLIENT)) return 0;

-	if(ca) return check_ssl_ca(x);

-	/* We need to do digital signatures with it */

-	if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;

-	/* nsCertType if present should allow SSL client use */

-	if(ns_reject(x, NS_SSL_CLIENT)) return 0;

-	return 1;

-}

-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;

-	if(ca) return check_ssl_ca(x);

-	if(ns_reject(x, NS_SSL_SERVER)) return 0;

-	/* Now as for keyUsage: we'll at least need to sign OR encipher */

-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;

-	return 1;

-}

-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	int ret;

-	ret = check_purpose_ssl_server(xp, x, ca);

-	if(!ret || ca) return ret;

-	/* We need to encipher or Netscape complains */

-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;

-	return ret;

-}

-/* common S/MIME checks */

-static int purpose_smime(const X509 *x, int ca)

-{

-	if(xku_reject(x,XKU_SMIME)) return 0;

-	if(ca) {

-		int ca_ret;

-		ca_ret = check_ca(x);

-		if(!ca_ret) return 0;

-		/* check nsCertType if present */

-		if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;

-		else return 0;

-	}

-	if(x->ex_flags & EXFLAG_NSCERT) {

-		if(x->ex_nscert & NS_SMIME) return 1;

-		/* Workaround for some buggy certificates */

-		if(x->ex_nscert & NS_SSL_CLIENT) return 2;

-		return 0;

-	}

-	return 1;

-}

-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	int ret;

-	ret = purpose_smime(x, ca);

-	if(!ret || ca) return ret;

-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;

-	return ret;

-}

-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	int ret;

-	ret = purpose_smime(x, ca);

-	if(!ret || ca) return ret;

-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;

-	return ret;

-}

-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	if(ca) {

-		int ca_ret;

-		if((ca_ret = check_ca(x)) != 2) return ca_ret;

-		else return 0;

-	}

-	if(ku_reject(x, KU_CRL_SIGN)) return 0;

-	return 1;

-}

-/* OCSP helper: this is *not* a full OCSP check. It just checks that

- * each CA is valid. Additional checks must be made on the chain.

- */

-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	/* Must be a valid CA.  Should we really support the "I don't know"

-	   value (2)? */

-	if(ca) return check_ca(x);

-	/* leaf certificate is checked in OCSP_verify() */

-	return 1;

-}

-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)

-{

-	return 1;

-}

-/* Various checks to see if one certificate issued the second.

- * This can be used to prune a set of possible issuer certificates

- * which have been looked up using some simple method such as by

- * subject name.

- * These are:

- * 1. Check issuer_name(subject) == subject_name(issuer)

- * 2. If akid(subject) exists check it matches issuer

- * 3. If key_usage(issuer) exists check it supports certificate signing

- * returns 0 for OK, positive for reason for mismatch, reasons match

- * codes for X509_verify_cert()

- */

-int X509_check_issued(X509 *issuer, X509 *subject)

-{

-	if(X509_NAME_cmp(X509_get_subject_name(issuer),

-			X509_get_issuer_name(subject)))

-				return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;

-	x509v3_cache_extensions(issuer);

-	x509v3_cache_extensions(subject);

-	if(subject->akid) {

-		/* Check key ids (if present) */

-		if(subject->akid->keyid && issuer->skid &&

-		 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )

-				return X509_V_ERR_AKID_SKID_MISMATCH;

-		/* Check serial number */

-		if(subject->akid->serial &&

-			ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),

-						subject->akid->serial))

-				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;

-		/* Check issuer name */

-		if(subject->akid->issuer) {

-			/* Ugh, for some peculiar reason AKID includes

-			 * SEQUENCE OF GeneralName. So look for a DirName.

-			 * There may be more than one but we only take any

-			 * notice of the first.

-			 */

-			GENERAL_NAMES *gens;

-			GENERAL_NAME *gen;

-			X509_NAME *nm = NULL;

-			int i;

-			gens = subject->akid->issuer;

-			for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {

-				gen = sk_GENERAL_NAME_value(gens, i);

-				if(gen->type == GEN_DIRNAME) {

-					nm = gen->d.dirn;

-					break;

-				}

-			}

-			if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))

-				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;

-		}

-	}

-	if(subject->ex_flags & EXFLAG_PROXY)

-		{

-		if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))

-			return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;

-		}

-	else if(ku_reject(issuer, KU_KEY_CERT_SIGN))

-		return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;

-	return X509_V_OK;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_skey.c

+++ /dev/null

@@ -1,144 +1,0 @@

-/* v3_skey.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/x509v3.h>

-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);

-const X509V3_EXT_METHOD v3_skey_id = {

-NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),

-0,0,0,0,

-(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,

-(X509V3_EXT_S2I)s2i_skey_id,

-0,0,0,0,

-NULL};

-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,

-	     ASN1_OCTET_STRING *oct)

-{

-	return hex_to_string(oct->data, oct->length);

-}

-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, char *str)

-{

-	ASN1_OCTET_STRING *oct;

-	long length;

-	if(!(oct = M_ASN1_OCTET_STRING_new())) {

-		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if(!(oct->data = string_to_hex(str, &length))) {

-		M_ASN1_OCTET_STRING_free(oct);

-		return NULL;

-	}

-	oct->length = length;

-	return oct;

-}

-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,

-	     X509V3_CTX *ctx, char *str)

-{

-	ASN1_OCTET_STRING *oct;

-	ASN1_BIT_STRING *pk;

-	unsigned char pkey_dig[EVP_MAX_MD_SIZE];

-	unsigned int diglen;

-	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);

-	if(!(oct = M_ASN1_OCTET_STRING_new())) {

-		X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	if(ctx && (ctx->flags == CTX_TEST)) return oct;

-	if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {

-		X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);

-		goto err;

-	}

-	if(ctx->subject_req)

-		pk = ctx->subject_req->req_info->pubkey->public_key;

-	else pk = ctx->subject_cert->cert_info->key->public_key;

-	if(!pk) {

-		X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);

-		goto err;

-	}

-	EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);

-	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {

-		X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);

-		goto err;

-	}

-	return oct;

-	err:

-	M_ASN1_OCTET_STRING_free(oct);

-	return NULL;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_sxnet.c

+++ /dev/null

@@ -1,262 +1,0 @@

-/* v3_sxnet.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-/* Support for Thawte strong extranet extension */

-#define SXNET_TEST

-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);

-#ifdef SXNET_TEST

-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

-						STACK_OF(CONF_VALUE) *nval);

-#endif

-const X509V3_EXT_METHOD v3_sxnet = {

-NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),

-0,0,0,0,

-0,0,

-0,

-#ifdef SXNET_TEST

-(X509V3_EXT_V2I)sxnet_v2i,

-#else

-0,

-#endif

-(X509V3_EXT_I2R)sxnet_i2r,

-0,

-NULL

-};

-ASN1_SEQUENCE(SXNETID) = {

-	ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),

-	ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(SXNETID)

-IMPLEMENT_ASN1_FUNCTIONS(SXNETID)

-ASN1_SEQUENCE(SXNET) = {

-	ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),

-	ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)

-} ASN1_SEQUENCE_END(SXNET)

-IMPLEMENT_ASN1_FUNCTIONS(SXNET)

-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,

-	     int indent)

-{

-	long v;

-	char *tmp;

-	SXNETID *id;

-	int i;

-	v = ASN1_INTEGER_get(sx->version);

-	BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);

-	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {

-		id = sk_SXNETID_value(sx->ids, i);

-		tmp = i2s_ASN1_INTEGER(NULL, id->zone);

-		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);

-		OPENSSL_free(tmp);

-		M_ASN1_OCTET_STRING_print(out, id->user);

-	}

-	return 1;

-}

-#ifdef SXNET_TEST

-/* NBB: this is used for testing only. It should *not* be used for anything

- * else because it will just take static IDs from the configuration file and

- * they should really be separate values for each user.

- */

-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

-	     STACK_OF(CONF_VALUE) *nval)

-{

-	CONF_VALUE *cnf;

-	SXNET *sx = NULL;

-	int i;

-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {

-		cnf = sk_CONF_VALUE_value(nval, i);

-		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))

-								 return NULL;

-	}

-	return sx;

-}

-#endif

-/* Strong Extranet utility functions */

-/* Add an id given the zone as an ASCII number */

-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,

-	     int userlen)

-{

-	ASN1_INTEGER *izone = NULL;

-	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {

-		X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);

-		return 0;

-	}

-	return SXNET_add_id_INTEGER(psx, izone, user, userlen);

-}

-/* Add an id given the zone as an unsigned long */

-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,

-	     int userlen)

-{

-	ASN1_INTEGER *izone = NULL;

-	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {

-		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);

-		M_ASN1_INTEGER_free(izone);

-		return 0;

-	}

-	return SXNET_add_id_INTEGER(psx, izone, user, userlen);

-}

-/* Add an id given the zone as an ASN1_INTEGER.

- * Note this version uses the passed integer and doesn't make a copy so don't

- * free it up afterwards.

- */

-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,

-	     int userlen)

-{

-	SXNET *sx = NULL;

-	SXNETID *id = NULL;

-	if(!psx || !zone || !user) {

-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);

-		return 0;

-	}

-	if(userlen == -1) userlen = strlen(user);

-	if(userlen > 64) {

-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);

-		return 0;

-	}

-	if(!*psx) {

-		if(!(sx = SXNET_new())) goto err;

-		if(!ASN1_INTEGER_set(sx->version, 0)) goto err;

-		*psx = sx;

-	} else sx = *psx;

-	if(SXNET_get_id_INTEGER(sx, zone)) {

-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);

-		return 0;

-	}

-	if(!(id = SXNETID_new())) goto err;

-	if(userlen == -1) userlen = strlen(user);

-	if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;

-	if(!sk_SXNETID_push(sx->ids, id)) goto err;

-	id->zone = zone;

-	return 1;

-	err:

-	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);

-	SXNETID_free(id);

-	SXNET_free(sx);

-	*psx = NULL;

-	return 0;

-}

-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)

-{

-	ASN1_INTEGER *izone = NULL;

-	ASN1_OCTET_STRING *oct;

-	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {

-		X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);

-		return NULL;

-	}

-	oct = SXNET_get_id_INTEGER(sx, izone);

-	M_ASN1_INTEGER_free(izone);

-	return oct;

-}

-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)

-{

-	ASN1_INTEGER *izone = NULL;

-	ASN1_OCTET_STRING *oct;

-	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {

-		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);

-		M_ASN1_INTEGER_free(izone);

-		return NULL;

-	}

-	oct = SXNET_get_id_INTEGER(sx, izone);

-	M_ASN1_INTEGER_free(izone);

-	return oct;

-}

-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)

-{

-	SXNETID *id;

-	int i;

-	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {

-		id = sk_SXNETID_value(sx->ids, i);

-		if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;

-	}

-	return NULL;

-}

-IMPLEMENT_STACK_OF(SXNETID)

-IMPLEMENT_ASN1_SET_OF(SXNETID)

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3_utl.c

+++ /dev/null

@@ -1,844 +1,0 @@

-/* v3_utl.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project.

- */

-/* ====================================================================

- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* X509 v3 extension utilities */

-#include <stdio.h>

-#include <ctype.h>

-#include "cryptlib.h"

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-#include <openssl/bn.h>

-static char *strip_spaces(char *name);

-static int sk_strcmp(const char * const *a, const char * const *b);

-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);

-static void str_free(void *str);

-static int append_ia5(STACK **sk, ASN1_IA5STRING *email);

-static int ipv4_from_asc(unsigned char *v4, const char *in);

-static int ipv6_from_asc(unsigned char *v6, const char *in);

-static int ipv6_cb(const char *elem, int len, void *usr);

-static int ipv6_hex(unsigned char *out, const char *in, int inlen);

-/* Add a CONF_VALUE name value pair to stack */

-int X509V3_add_value(const char *name, const char *value,

-						STACK_OF(CONF_VALUE) **extlist)

-{

-	CONF_VALUE *vtmp = NULL;

-	char *tname = NULL, *tvalue = NULL;

-	if(name && !(tname = BUF_strdup(name))) goto err;

-	if(value && !(tvalue = BUF_strdup(value))) goto err;;

-	if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;

-	if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;

-	vtmp->section = NULL;

-	vtmp->name = tname;

-	vtmp->value = tvalue;

-	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;

-	return 1;

-	err:

-	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);

-	if(vtmp) OPENSSL_free(vtmp);

-	if(tname) OPENSSL_free(tname);

-	if(tvalue) OPENSSL_free(tvalue);

-	return 0;

-}

-int X509V3_add_value_uchar(const char *name, const unsigned char *value,

-			   STACK_OF(CONF_VALUE) **extlist)

-    {

-    return X509V3_add_value(name,(const char *)value,extlist);

-    }

-/* Free function for STACK_OF(CONF_VALUE) */

-void X509V3_conf_free(CONF_VALUE *conf)

-{

-	if(!conf) return;

-	if(conf->name) OPENSSL_free(conf->name);

-	if(conf->value) OPENSSL_free(conf->value);

-	if(conf->section) OPENSSL_free(conf->section);

-	OPENSSL_free(conf);

-}

-int X509V3_add_value_bool(const char *name, int asn1_bool,

-						STACK_OF(CONF_VALUE) **extlist)

-{

-	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);

-	return X509V3_add_value(name, "FALSE", extlist);

-}

-int X509V3_add_value_bool_nf(char *name, int asn1_bool,

-						STACK_OF(CONF_VALUE) **extlist)

-{

-	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);

-	return 1;

-}

-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)

-{

-	BIGNUM *bntmp = NULL;

-	char *strtmp = NULL;

-	if(!a) return NULL;

-	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||

-	    !(strtmp = BN_bn2dec(bntmp)) )

-		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);

-	BN_free(bntmp);

-	return strtmp;

-}

-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)

-{

-	BIGNUM *bntmp = NULL;

-	char *strtmp = NULL;

-	if(!a) return NULL;

-	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||

-	    !(strtmp = BN_bn2dec(bntmp)) )

-		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);

-	BN_free(bntmp);

-	return strtmp;

-}

-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)

-{

-	BIGNUM *bn = NULL;

-	ASN1_INTEGER *aint;

-	int isneg, ishex;

-	int ret;

-	if (!value) {

-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);

-		return 0;

-	}

-	bn = BN_new();

-	if (value[0] == '-') {

-		value++;

-		isneg = 1;

-	} else isneg = 0;

-	if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {

-		value += 2;

-		ishex = 1;

-	} else ishex = 0;

-	if (ishex) ret = BN_hex2bn(&bn, value);

-	else ret = BN_dec2bn(&bn, value);

-	if (!ret || value[ret]) {

-		BN_free(bn);

-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);

-		return 0;

-	}

-	if (isneg && BN_is_zero(bn)) isneg = 0;

-	aint = BN_to_ASN1_INTEGER(bn, NULL);

-	BN_free(bn);

-	if (!aint) {

-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);

-		return 0;

-	}

-	if (isneg) aint->type |= V_ASN1_NEG;

-	return aint;

-}

-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,

-	     STACK_OF(CONF_VALUE) **extlist)

-{

-	char *strtmp;

-	int ret;

-	if(!aint) return 1;

-	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;

-	ret = X509V3_add_value(name, strtmp, extlist);

-	OPENSSL_free(strtmp);

-	return ret;

-}

-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)

-{

-	char *btmp;

-	if(!(btmp = value->value)) goto err;

-	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")

-		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")

-		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {

-		*asn1_bool = 0xff;

-		return 1;

-	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")

-		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")

-		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {

-		*asn1_bool = 0;

-		return 1;

-	}

-	err:

-	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);

-	X509V3_conf_err(value);

-	return 0;

-}

-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)

-{

-	ASN1_INTEGER *itmp;

-	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {

-		X509V3_conf_err(value);

-		return 0;

-	}

-	*aint = itmp;

-	return 1;

-}

-#define HDR_NAME	1

-#define HDR_VALUE	2

-/*#define DEBUG*/

-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)

-{

-	char *p, *q, c;

-	char *ntmp, *vtmp;

-	STACK_OF(CONF_VALUE) *values = NULL;

-	char *linebuf;

-	int state;

-	/* We are going to modify the line so copy it first */

-	linebuf = BUF_strdup(line);

-	state = HDR_NAME;

-	ntmp = NULL;

-	/* Go through all characters */

-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {

-		switch(state) {

-			case HDR_NAME:

-			if(c == ':') {

-				state = HDR_VALUE;

-				*p = 0;

-				ntmp = strip_spaces(q);

-				if(!ntmp) {

-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);

-					goto err;

-				}

-				q = p + 1;

-			} else if(c == ',') {

-				*p = 0;

-				ntmp = strip_spaces(q);

-				q = p + 1;

-#if 0

-				printf("%s\n", ntmp);

-#endif

-				if(!ntmp) {

-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);

-					goto err;

-				}

-				X509V3_add_value(ntmp, NULL, &values);

-			}

-			break ;

-			case HDR_VALUE:

-			if(c == ',') {

-				state = HDR_NAME;

-				*p = 0;

-				vtmp = strip_spaces(q);

-#if 0

-				printf("%s\n", ntmp);

-#endif

-				if(!vtmp) {

-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);

-					goto err;

-				}

-				X509V3_add_value(ntmp, vtmp, &values);

-				ntmp = NULL;

-				q = p + 1;

-			}

-		}

-	}

-	if(state == HDR_VALUE) {

-		vtmp = strip_spaces(q);

-#if 0

-		printf("%s=%s\n", ntmp, vtmp);

-#endif

-		if(!vtmp) {

-			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);

-			goto err;

-		}

-		X509V3_add_value(ntmp, vtmp, &values);

-	} else {

-		ntmp = strip_spaces(q);

-#if 0

-		printf("%s\n", ntmp);

-#endif

-		if(!ntmp) {

-			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);

-			goto err;

-		}

-		X509V3_add_value(ntmp, NULL, &values);

-	}

-OPENSSL_free(linebuf);

-return values;

-err:

-OPENSSL_free(linebuf);

-sk_CONF_VALUE_pop_free(values, X509V3_conf_free);

-return NULL;

-}

-/* Delete leading and trailing spaces from a string */

-static char *strip_spaces(char *name)

-{

-	char *p, *q;

-	/* Skip over leading spaces */

-	p = name;

-	while(*p && isspace((unsigned char)*p)) p++;

-	if(!*p) return NULL;

-	q = p + strlen(p) - 1;

-	while((q != p) && isspace((unsigned char)*q)) q--;

-	if(p != q) q[1] = 0;

-	if(!*p) return NULL;

-	return p;

-}

-/* hex string utilities */

-/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its

- * hex representation

- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)

- */

-char *hex_to_string(unsigned char *buffer, long len)

-{

-	char *tmp, *q;

-	unsigned char *p;

-	int i;

-	const static char hexdig[] = "0123456789ABCDEF";

-	if(!buffer || !len) return NULL;

-	if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {

-		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);

-		return NULL;

-	}

-	q = tmp;

-	for(i = 0, p = buffer; i < len; i++,p++) {

-		*q++ = hexdig[(*p >> 4) & 0xf];

-		*q++ = hexdig[*p & 0xf];

-		*q++ = ':';

-	}

-	q[-1] = 0;

-#ifdef CHARSET_EBCDIC

-	ebcdic2ascii(tmp, tmp, q - tmp - 1);

-#endif

-	return tmp;

-}

-/* Give a string of hex digits convert to

- * a buffer

- */

-unsigned char *string_to_hex(char *str, long *len)

-{

-	unsigned char *hexbuf, *q;

-	unsigned char ch, cl, *p;

-	if(!str) {

-		X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);

-		return NULL;

-	}

-	if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;

-	for(p = (unsigned char *)str, q = hexbuf; *p;) {

-		ch = *p++;

-#ifdef CHARSET_EBCDIC

-		ch = os_toebcdic[ch];

-#endif

-		if(ch == ':') continue;

-		cl = *p++;

-#ifdef CHARSET_EBCDIC

-		cl = os_toebcdic[cl];

-#endif

-		if(!cl) {

-			X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);

-			OPENSSL_free(hexbuf);

-			return NULL;

-		}

-		if(isupper(ch)) ch = tolower(ch);

-		if(isupper(cl)) cl = tolower(cl);

-		if((ch >= '0') && (ch <= '9')) ch -= '0';

-		else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;

-		else goto badhex;

-		if((cl >= '0') && (cl <= '9')) cl -= '0';

-		else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;

-		else goto badhex;

-		*q++ = (ch << 4) | cl;

-	}

-	if(len) *len = q - hexbuf;

-	return hexbuf;

-	err:

-	if(hexbuf) OPENSSL_free(hexbuf);

-	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);

-	return NULL;

-	badhex:

-	OPENSSL_free(hexbuf);

-	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);

-	return NULL;

-}

-/* V2I name comparison function: returns zero if 'name' matches

- * cmp or cmp.*

- */

-int name_cmp(const char *name, const char *cmp)

-{

-	int len, ret;

-	char c;

-	len = strlen(cmp);

-	if((ret = strncmp(name, cmp, len))) return ret;

-	c = name[len];

-	if(!c || (c=='.')) return 0;

-	return 1;

-}

-static int sk_strcmp(const char * const *a, const char * const *b)

-{

-	return strcmp(*a, *b);

-}

-STACK *X509_get1_email(X509 *x)

-{

-	GENERAL_NAMES *gens;

-	STACK *ret;

-	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);

-	ret = get_email(X509_get_subject_name(x), gens);

-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);

-	return ret;

-}

-STACK *X509_REQ_get1_email(X509_REQ *x)

-{

-	GENERAL_NAMES *gens;

-	STACK_OF(X509_EXTENSION) *exts;

-	STACK *ret;

-	exts = X509_REQ_get_extensions(x);

-	gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);

-	ret = get_email(X509_REQ_get_subject_name(x), gens);

-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);

-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

-	return ret;

-}

-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)

-{

-	STACK *ret = NULL;

-	X509_NAME_ENTRY *ne;

-	ASN1_IA5STRING *email;

-	GENERAL_NAME *gen;

-	int i;

-	/* Now add any email address(es) to STACK */

-	i = -1;

-	/* First supplied X509_NAME */

-	while((i = X509_NAME_get_index_by_NID(name,

-					 NID_pkcs9_emailAddress, i)) >= 0) {

-		ne = X509_NAME_get_entry(name, i);

-		email = X509_NAME_ENTRY_get_data(ne);

-		if(!append_ia5(&ret, email)) return NULL;

-	}

-	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)

-	{

-		gen = sk_GENERAL_NAME_value(gens, i);

-		if(gen->type != GEN_EMAIL) continue;

-		if(!append_ia5(&ret, gen->d.ia5)) return NULL;

-	}

-	return ret;

-}

-static void str_free(void *str)

-{

-	OPENSSL_free(str);

-}

-static int append_ia5(STACK **sk, ASN1_IA5STRING *email)

-{

-	char *emtmp;

-	/* First some sanity checks */

-	if(email->type != V_ASN1_IA5STRING) return 1;

-	if(!email->data || !email->length) return 1;

-	if(!*sk) *sk = sk_new(sk_strcmp);

-	if(!*sk) return 0;

-	/* Don't add duplicates */

-	if(sk_find(*sk, (char *)email->data) != -1) return 1;

-	emtmp = BUF_strdup((char *)email->data);

-	if(!emtmp || !sk_push(*sk, emtmp)) {

-		X509_email_free(*sk);

-		*sk = NULL;

-		return 0;

-	}

-	return 1;

-}

-void X509_email_free(STACK *sk)

-{

-	sk_pop_free(sk, str_free);

-}

-/* Convert IP addresses both IPv4 and IPv6 into an

- * OCTET STRING compatible with RFC3280.

- */

-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)

-	{

-	unsigned char ipout[16];

-	ASN1_OCTET_STRING *ret;

-	int iplen;

-	/* If string contains a ':' assume IPv6 */

-	iplen = a2i_ipadd(ipout, ipasc);

-	if (!iplen)

-		return NULL;

-	ret = ASN1_OCTET_STRING_new();

-	if (!ret)

-		return NULL;

-	if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))

-		{

-		ASN1_OCTET_STRING_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)

-	{

-	ASN1_OCTET_STRING *ret = NULL;

-	unsigned char ipout[32];

-	char *iptmp = NULL, *p;

-	int iplen1, iplen2;

-	p = strchr(ipasc,'/');

-	if (!p)

-		return NULL;

-	iptmp = BUF_strdup(ipasc);

-	if (!iptmp)

-		return NULL;

-	p = iptmp + (p - ipasc);

-	*p++ = 0;

-	iplen1 = a2i_ipadd(ipout, iptmp);

-	if (!iplen1)

-		goto err;

-	iplen2 = a2i_ipadd(ipout + iplen1, p);

-	OPENSSL_free(iptmp);

-	iptmp = NULL;

-	if (!iplen2 || (iplen1 != iplen2))

-		goto err;

-	ret = ASN1_OCTET_STRING_new();

-	if (!ret)

-		goto err;

-	if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))

-		goto err;

-	return ret;

-	err:

-	if (iptmp)

-		OPENSSL_free(iptmp);

-	if (ret)

-		ASN1_OCTET_STRING_free(ret);

-	return NULL;

-	}

-int a2i_ipadd(unsigned char *ipout, const char *ipasc)

-	{

-	/* If string contains a ':' assume IPv6 */

-	if (strchr(ipasc, ':'))

-		{

-		if (!ipv6_from_asc(ipout, ipasc))

-			return 0;

-		return 16;

-		}

-	else

-		{

-		if (!ipv4_from_asc(ipout, ipasc))

-			return 0;

-		return 4;

-		}

-	}

-static int ipv4_from_asc(unsigned char *v4, const char *in)

-	{

-	int a0, a1, a2, a3;

-	if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)

-		return 0;

-	if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)

-		|| (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))

-		return 0;

-	v4[0] = a0;

-	v4[1] = a1;

-	v4[2] = a2;

-	v4[3] = a3;

-	return 1;

-	}

-typedef struct {

-		/* Temporary store for IPV6 output */

-		unsigned char tmp[16];

-		/* Total number of bytes in tmp */

-		int total;

-		/* The position of a zero (corresponding to '::') */

-		int zero_pos;

-		/* Number of zeroes */

-		int zero_cnt;

-	} IPV6_STAT;

-static int ipv6_from_asc(unsigned char *v6, const char *in)

-	{

-	IPV6_STAT v6stat;

-	v6stat.total = 0;

-	v6stat.zero_pos = -1;

-	v6stat.zero_cnt = 0;

-	/* Treat the IPv6 representation as a list of values

-	 * separated by ':'. The presence of a '::' will parse

- 	 * as one, two or three zero length elements.

-	 */

-	if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))

-		return 0;

-	/* Now for some sanity checks */

-	if (v6stat.zero_pos == -1)

-		{

-		/* If no '::' must have exactly 16 bytes */

-		if (v6stat.total != 16)

-			return 0;

-		}

-	else

-		{

-		/* If '::' must have less than 16 bytes */

-		if (v6stat.total == 16)

-			return 0;

-		/* More than three zeroes is an error */

-		if (v6stat.zero_cnt > 3)

-			return 0;

-		/* Can only have three zeroes if nothing else present */

-		else if (v6stat.zero_cnt == 3)

-			{

-			if (v6stat.total > 0)

-				return 0;

-			}

-		/* Can only have two zeroes if at start or end */

-		else if (v6stat.zero_cnt == 2)

-			{

-			if ((v6stat.zero_pos != 0)

-				&& (v6stat.zero_pos != v6stat.total))

-				return 0;

-			}

-		else

-		/* Can only have one zero if *not* start or end */

-			{

-			if ((v6stat.zero_pos == 0)

-				|| (v6stat.zero_pos == v6stat.total))

-				return 0;

-			}

-		}

-	/* Format result */

-	/* Copy initial part */

-	if (v6stat.zero_pos > 0)

-		memcpy(v6, v6stat.tmp, v6stat.zero_pos);

-	/* Zero middle */

-	if (v6stat.total != 16)

-		memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);

-	/* Copy final part */

-	if (v6stat.total != v6stat.zero_pos)

-		memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,

-			v6stat.tmp + v6stat.zero_pos,

-			v6stat.total - v6stat.zero_pos);

-	return 1;

-	}

-static int ipv6_cb(const char *elem, int len, void *usr)

-	{

-	IPV6_STAT *s = usr;

-	/* Error if 16 bytes written */

-	if (s->total == 16)

-		return 0;

-	if (len == 0)

-		{

-		/* Zero length element, corresponds to '::' */

-		if (s->zero_pos == -1)

-			s->zero_pos = s->total;

-		/* If we've already got a :: its an error */

-		else if (s->zero_pos != s->total)

-			return 0;

-		s->zero_cnt++;

-		}

-	else

-		{

-		/* If more than 4 characters could be final a.b.c.d form */

-		if (len > 4)

-			{

-			/* Need at least 4 bytes left */

-			if (s->total > 12)

-				return 0;

-			/* Must be end of string */

-			if (elem[len])

-				return 0;

-			if (!ipv4_from_asc(s->tmp + s->total, elem))

-				return 0;

-			s->total += 4;

-			}

-		else

-			{

-			if (!ipv6_hex(s->tmp + s->total, elem, len))

-				return 0;

-			s->total += 2;

-			}

-		}

-	return 1;

-	}

-/* Convert a string of up to 4 hex digits into the corresponding

- * IPv6 form.

- */

-static int ipv6_hex(unsigned char *out, const char *in, int inlen)

-	{

-	unsigned char c;

-	unsigned int num = 0;

-	if (inlen > 4)

-		return 0;

-	while(inlen--)

-		{

-		c = *in++;

-		num <<= 4;

-		if ((c >= '0') && (c <= '9'))

-			num |= c - '0';

-		else if ((c >= 'A') && (c <= 'F'))

-			num |= c - 'A' + 10;

-		else if ((c >= 'a') && (c <= 'f'))

-			num |=  c - 'a' + 10;

-		else

-			return 0;

-		}

-	out[0] = num >> 8;

-	out[1] = num & 0xff;

-	return 1;

-	}

-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,

-						unsigned long chtype)

-	{

-	CONF_VALUE *v;

-	int i, mval;

-	char *p, *type;

-	if (!nm)

-		return 0;

-	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)

-		{

-		v=sk_CONF_VALUE_value(dn_sk,i);

-		type=v->name;

-		/* Skip past any leading X. X: X, etc to allow for

-		 * multiple instances

-		 */

-		for(p = type; *p ; p++)

-#ifndef CHARSET_EBCDIC

-			if ((*p == ':') || (*p == ',') || (*p == '.'))

-#else

-			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))

-#endif

-				{

-				p++;

-				if(*p) type = p;

-				break;

-				}

-#ifndef CHARSET_EBCDIC

-		if (*type == '+')

-#else

-		if (*type == os_toascii['+'])

-#endif

-			{

-			mval = -1;

-			type++;

-			}

-		else

-			mval = 0;

-		if (!X509_NAME_add_entry_by_txt(nm,type, chtype,

-				(unsigned char *) v->value,-1,-1,mval))

-					return 0;

-		}

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3conf.c

+++ /dev/null

@@ -1,127 +1,0 @@

-/* v3conf.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "cryptlib.h"

-#include <openssl/asn1.h>

-#include <openssl/conf.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-/* Test application to add extensions from a config file */

-int main(int argc, char **argv)

-{

-	LHASH *conf;

-	X509 *cert;

-	FILE *inf;

-	char *conf_file;

-	int i;

-	int count;

-	X509_EXTENSION *ext;

-	X509V3_add_standard_extensions();

-	ERR_load_crypto_strings();

-	if(!argv[1]) {

-		fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");

-		exit(1);

-	}

-	conf_file = argv[2];

-	if(!conf_file) conf_file = "test.cnf";

-	conf = CONF_load(NULL, "test.cnf", NULL);

-	if(!conf) {

-		fprintf(stderr, "Error opening Config file %s\n", conf_file);

-		ERR_print_errors_fp(stderr);

-		exit(1);

-	}

-	inf = fopen(argv[1], "r");

-	if(!inf) {

-		fprintf(stderr, "Can't open certificate file %s\n", argv[1]);

-		exit(1);

-	}

-	cert = PEM_read_X509(inf, NULL, NULL);

-	if(!cert) {

-		fprintf(stderr, "Error reading certificate file %s\n", argv[1]);

-		exit(1);

-	}

-	fclose(inf);

-	sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);

-	cert->cert_info->extensions = NULL;

-	if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {

-		fprintf(stderr, "Error adding extensions\n");

-		ERR_print_errors_fp(stderr);

-		exit(1);

-	}

-	count = X509_get_ext_count(cert);

-	printf("%d extensions\n", count);

-	for(i = 0; i < count; i++) {

-		ext = X509_get_ext(cert, i);

-		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));

-		if(ext->critical) printf(",critical:\n");

-		else printf(":\n");

-		X509V3_EXT_print_fp(stdout, ext, 0, 0);

-		printf("\n");

-	}

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3err.c

+++ /dev/null

@@ -1,219 +1,0 @@

-/* crypto/x509v3/v3err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/x509v3.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)

-static ERR_STRING_DATA X509V3_str_functs[]=

-	{

-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),	"ASIDENTIFIERCHOICE_CANONIZE"},

-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),	"ASIDENTIFIERCHOICE_IS_CANONICAL"},

-{ERR_FUNC(X509V3_F_COPY_EMAIL),	"COPY_EMAIL"},

-{ERR_FUNC(X509V3_F_COPY_ISSUER),	"COPY_ISSUER"},

-{ERR_FUNC(X509V3_F_DO_DIRNAME),	"DO_DIRNAME"},

-{ERR_FUNC(X509V3_F_DO_EXT_CONF),	"DO_EXT_CONF"},

-{ERR_FUNC(X509V3_F_DO_EXT_I2D),	"DO_EXT_I2D"},

-{ERR_FUNC(X509V3_F_DO_EXT_NCONF),	"DO_EXT_NCONF"},

-{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),	"DO_I2V_NAME_CONSTRAINTS"},

-{ERR_FUNC(X509V3_F_HEX_TO_STRING),	"hex_to_string"},

-{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),	"i2s_ASN1_ENUMERATED"},

-{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING),	"I2S_ASN1_IA5STRING"},

-{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER),	"i2s_ASN1_INTEGER"},

-{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),	"I2V_AUTHORITY_INFO_ACCESS"},

-{ERR_FUNC(X509V3_F_NOTICE_SECTION),	"NOTICE_SECTION"},

-{ERR_FUNC(X509V3_F_NREF_NOS),	"NREF_NOS"},

-{ERR_FUNC(X509V3_F_POLICY_SECTION),	"POLICY_SECTION"},

-{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE),	"PROCESS_PCI_VALUE"},

-{ERR_FUNC(X509V3_F_R2I_CERTPOL),	"R2I_CERTPOL"},

-{ERR_FUNC(X509V3_F_R2I_PCI),	"R2I_PCI"},

-{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING),	"S2I_ASN1_IA5STRING"},

-{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER),	"s2i_ASN1_INTEGER"},

-{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),	"s2i_ASN1_OCTET_STRING"},

-{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),	"S2I_ASN1_SKEY_ID"},

-{ERR_FUNC(X509V3_F_S2I_SKEY_ID),	"S2I_SKEY_ID"},

-{ERR_FUNC(X509V3_F_STRING_TO_HEX),	"string_to_hex"},

-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),	"SXNET_add_id_asc"},

-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),	"SXNET_add_id_INTEGER"},

-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG),	"SXNET_add_id_ulong"},

-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC),	"SXNET_get_id_asc"},

-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG),	"SXNET_get_id_ulong"},

-{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS),	"V2I_ASIDENTIFIERS"},

-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING),	"v2i_ASN1_BIT_STRING"},

-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),	"V2I_AUTHORITY_INFO_ACCESS"},

-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID),	"V2I_AUTHORITY_KEYID"},

-{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS),	"V2I_BASIC_CONSTRAINTS"},

-{ERR_FUNC(X509V3_F_V2I_CRLD),	"V2I_CRLD"},

-{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),	"V2I_EXTENDED_KEY_USAGE"},

-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),	"v2i_GENERAL_NAMES"},

-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),	"v2i_GENERAL_NAME_ex"},

-{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS),	"V2I_IPADDRBLOCKS"},

-{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),	"V2I_ISSUER_ALT"},

-{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),	"V2I_NAME_CONSTRAINTS"},

-{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS),	"V2I_POLICY_CONSTRAINTS"},

-{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS),	"V2I_POLICY_MAPPINGS"},

-{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT),	"V2I_SUBJECT_ALT"},

-{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),	"V3_ADDR_VALIDATE_PATH_INTERNAL"},

-{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION),	"V3_GENERIC_EXTENSION"},

-{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D),	"X509V3_add1_i2d"},

-{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE),	"X509V3_add_value"},

-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD),	"X509V3_EXT_add"},

-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS),	"X509V3_EXT_add_alias"},

-{ERR_FUNC(X509V3_F_X509V3_EXT_CONF),	"X509V3_EXT_conf"},

-{ERR_FUNC(X509V3_F_X509V3_EXT_I2D),	"X509V3_EXT_i2d"},

-{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF),	"X509V3_EXT_nconf"},

-{ERR_FUNC(X509V3_F_X509V3_GET_SECTION),	"X509V3_get_section"},

-{ERR_FUNC(X509V3_F_X509V3_GET_STRING),	"X509V3_get_string"},

-{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL),	"X509V3_get_value_bool"},

-{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST),	"X509V3_parse_list"},

-{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD),	"X509_PURPOSE_add"},

-{ERR_FUNC(X509V3_F_X509_PURPOSE_SET),	"X509_PURPOSE_set"},

-{0,NULL}

-	};

-static ERR_STRING_DATA X509V3_str_reasons[]=

-	{

-{ERR_REASON(X509V3_R_BAD_IP_ADDRESS)     ,"bad ip address"},

-{ERR_REASON(X509V3_R_BAD_OBJECT)         ,"bad object"},

-{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},

-{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},

-{ERR_REASON(X509V3_R_DIRNAME_ERROR)      ,"dirname error"},

-{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},

-{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},

-{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},

-{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},

-{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},

-{ERR_REASON(X509V3_R_EXTENSION_EXISTS)   ,"extension exists"},

-{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},

-{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},

-{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},

-{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},

-{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},

-{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},

-{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},

-{ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},

-{ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},

-{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},

-{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},

-{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"},

-{ERR_REASON(X509V3_R_INVALID_IPADDRESS)  ,"invalid ipaddress"},

-{ERR_REASON(X509V3_R_INVALID_NAME)       ,"invalid name"},

-{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},

-{ERR_REASON(X509V3_R_INVALID_NULL_NAME)  ,"invalid null name"},

-{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},

-{ERR_REASON(X509V3_R_INVALID_NUMBER)     ,"invalid number"},

-{ERR_REASON(X509V3_R_INVALID_NUMBERS)    ,"invalid numbers"},

-{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},

-{ERR_REASON(X509V3_R_INVALID_OPTION)     ,"invalid option"},

-{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},

-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},

-{ERR_REASON(X509V3_R_INVALID_PURPOSE)    ,"invalid purpose"},

-{ERR_REASON(X509V3_R_INVALID_SAFI)       ,"invalid safi"},

-{ERR_REASON(X509V3_R_INVALID_SECTION)    ,"invalid section"},

-{ERR_REASON(X509V3_R_INVALID_SYNTAX)     ,"invalid syntax"},

-{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},

-{ERR_REASON(X509V3_R_MISSING_VALUE)      ,"missing value"},

-{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},

-{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},

-{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},

-{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS)  ,"no issuer details"},

-{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},

-{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},

-{ERR_REASON(X509V3_R_NO_PUBLIC_KEY)      ,"no public key"},

-{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},

-{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},

-{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},

-{ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},

-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},

-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},

-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},

-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},

-{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},

-{ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},

-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},

-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},

-{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},

-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION)  ,"unknown extension"},

-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},

-{ERR_REASON(X509V3_R_UNKNOWN_OPTION)     ,"unknown option"},

-{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},

-{ERR_REASON(X509V3_R_USER_TOO_LONG)      ,"user too long"},

-{0,NULL}

-	};

-#endif

-void ERR_load_X509V3_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,X509V3_str_functs);

-		ERR_load_strings(0,X509V3_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/v3prin.c

+++ /dev/null

@@ -1,99 +1,0 @@

-/* v3prin.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/asn1.h>

-#include <openssl/conf.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-int main(int argc, char **argv)

-{

-	X509 *cert;

-	FILE *inf;

-	int i, count;

-	X509_EXTENSION *ext;

-	X509V3_add_standard_extensions();

-	ERR_load_crypto_strings();

-	if(!argv[1]) {

-		fprintf(stderr, "Usage v3prin cert.pem\n");

-		exit(1);

-	}

-	if(!(inf = fopen(argv[1], "r"))) {

-		fprintf(stderr, "Can't open %s\n", argv[1]);

-		exit(1);

-	}

-	if(!(cert = PEM_read_X509(inf, NULL, NULL))) {

-		fprintf(stderr, "Can't read certificate %s\n", argv[1]);

-		ERR_print_errors_fp(stderr);

-		exit(1);

-	}

-	fclose(inf);

-	count = X509_get_ext_count(cert);

-	printf("%d extensions\n", count);

-	for(i = 0; i < count; i++) {

-		ext = X509_get_ext(cert, i);

-		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));

-		if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);

-		printf("\n");

-	}

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/crypto/x509v3/x509v3.h

+++ /dev/null

@@ -1,919 +1,0 @@

-/* x509v3.h */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 1999.

- */

-/* ====================================================================

- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_X509V3_H

-#define HEADER_X509V3_H

-#include <openssl/bio.h>

-#include <openssl/x509.h>

-#include <openssl/conf.h>

-#ifdef __cplusplus

-extern "C" {

-#endif

-/* Forward reference */

-struct v3_ext_method;

-struct v3_ext_ctx;

-/* Useful typedefs */

-typedef void * (*X509V3_EXT_NEW)(void);

-typedef void (*X509V3_EXT_FREE)(void *);

-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);

-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);

-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);

-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);

-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);

-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);

-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);

-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);

-/* V3 extension structure */

-struct v3_ext_method {

-int ext_nid;

-int ext_flags;

-/* If this is set the following four fields are ignored */

-ASN1_ITEM_EXP *it;

-/* Old style ASN1 calls */

-X509V3_EXT_NEW ext_new;

-X509V3_EXT_FREE ext_free;

-X509V3_EXT_D2I d2i;

-X509V3_EXT_I2D i2d;

-/* The following pair is used for string extensions */

-X509V3_EXT_I2S i2s;

-X509V3_EXT_S2I s2i;

-/* The following pair is used for multi-valued extensions */

-X509V3_EXT_I2V i2v;

-X509V3_EXT_V2I v2i;

-/* The following are used for raw extensions */

-X509V3_EXT_I2R i2r;

-X509V3_EXT_R2I r2i;

-void *usr_data;	/* Any extension specific data */

-};

-typedef struct X509V3_CONF_METHOD_st {

-char * (*get_string)(void *db, char *section, char *value);

-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);

-void (*free_string)(void *db, char * string);

-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);

-} X509V3_CONF_METHOD;

-/* Context specific info */

-struct v3_ext_ctx {

-#define CTX_TEST 0x1

-int flags;

-X509 *issuer_cert;

-X509 *subject_cert;

-X509_REQ *subject_req;

-X509_CRL *crl;

-X509V3_CONF_METHOD *db_meth;

-void *db;

-/* Maybe more here */

-};

-typedef struct v3_ext_method X509V3_EXT_METHOD;

-DECLARE_STACK_OF(X509V3_EXT_METHOD)

-/* ext_flags values */

-#define X509V3_EXT_DYNAMIC	0x1

-#define X509V3_EXT_CTX_DEP	0x2

-#define X509V3_EXT_MULTILINE	0x4

-typedef BIT_STRING_BITNAME ENUMERATED_NAMES;

-typedef struct BASIC_CONSTRAINTS_st {

-int ca;

-ASN1_INTEGER *pathlen;

-} BASIC_CONSTRAINTS;

-typedef struct PKEY_USAGE_PERIOD_st {

-ASN1_GENERALIZEDTIME *notBefore;

-ASN1_GENERALIZEDTIME *notAfter;

-} PKEY_USAGE_PERIOD;

-typedef struct otherName_st {

-ASN1_OBJECT *type_id;

-ASN1_TYPE *value;

-} OTHERNAME;

-typedef struct EDIPartyName_st {

-	ASN1_STRING *nameAssigner;

-	ASN1_STRING *partyName;

-} EDIPARTYNAME;

-typedef struct GENERAL_NAME_st {

-#define GEN_OTHERNAME	0

-#define GEN_EMAIL	1

-#define GEN_DNS		2

-#define GEN_X400	3

-#define GEN_DIRNAME	4

-#define GEN_EDIPARTY	5

-#define GEN_URI		6

-#define GEN_IPADD	7

-#define GEN_RID		8

-int type;

-union {

-	char *ptr;

-	OTHERNAME *otherName; /* otherName */

-	ASN1_IA5STRING *rfc822Name;

-	ASN1_IA5STRING *dNSName;

-	ASN1_TYPE *x400Address;

-	X509_NAME *directoryName;

-	EDIPARTYNAME *ediPartyName;

-	ASN1_IA5STRING *uniformResourceIdentifier;

-	ASN1_OCTET_STRING *iPAddress;

-	ASN1_OBJECT *registeredID;

-	/* Old names */

-	ASN1_OCTET_STRING *ip; /* iPAddress */

-	X509_NAME *dirn;		/* dirn */

-	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */

-	ASN1_OBJECT *rid; /* registeredID */

-	ASN1_TYPE *other; /* x400Address */

-} d;

-} GENERAL_NAME;

-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;

-typedef struct ACCESS_DESCRIPTION_st {

-	ASN1_OBJECT *method;

-	GENERAL_NAME *location;

-} ACCESS_DESCRIPTION;

-typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;

-typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;

-DECLARE_STACK_OF(GENERAL_NAME)

-DECLARE_ASN1_SET_OF(GENERAL_NAME)

-DECLARE_STACK_OF(ACCESS_DESCRIPTION)

-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)

-typedef struct DIST_POINT_NAME_st {

-int type;

-union {

-	GENERAL_NAMES *fullname;

-	STACK_OF(X509_NAME_ENTRY) *relativename;

-} name;

-} DIST_POINT_NAME;

-typedef struct DIST_POINT_st {

-DIST_POINT_NAME	*distpoint;

-ASN1_BIT_STRING *reasons;

-GENERAL_NAMES *CRLissuer;

-} DIST_POINT;

-typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;

-DECLARE_STACK_OF(DIST_POINT)

-DECLARE_ASN1_SET_OF(DIST_POINT)

-typedef struct AUTHORITY_KEYID_st {

-ASN1_OCTET_STRING *keyid;

-GENERAL_NAMES *issuer;

-ASN1_INTEGER *serial;

-} AUTHORITY_KEYID;

-/* Strong extranet structures */

-typedef struct SXNET_ID_st {

-	ASN1_INTEGER *zone;

-	ASN1_OCTET_STRING *user;

-} SXNETID;

-DECLARE_STACK_OF(SXNETID)

-DECLARE_ASN1_SET_OF(SXNETID)

-typedef struct SXNET_st {

-	ASN1_INTEGER *version;

-	STACK_OF(SXNETID) *ids;

-} SXNET;

-typedef struct NOTICEREF_st {

-	ASN1_STRING *organization;

-	STACK_OF(ASN1_INTEGER) *noticenos;

-} NOTICEREF;

-typedef struct USERNOTICE_st {

-	NOTICEREF *noticeref;

-	ASN1_STRING *exptext;

-} USERNOTICE;

-typedef struct POLICYQUALINFO_st {

-	ASN1_OBJECT *pqualid;

-	union {

-		ASN1_IA5STRING *cpsuri;

-		USERNOTICE *usernotice;

-		ASN1_TYPE *other;

-	} d;

-} POLICYQUALINFO;

-DECLARE_STACK_OF(POLICYQUALINFO)

-DECLARE_ASN1_SET_OF(POLICYQUALINFO)

-typedef struct POLICYINFO_st {

-	ASN1_OBJECT *policyid;

-	STACK_OF(POLICYQUALINFO) *qualifiers;

-} POLICYINFO;

-typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;

-DECLARE_STACK_OF(POLICYINFO)

-DECLARE_ASN1_SET_OF(POLICYINFO)

-typedef struct POLICY_MAPPING_st {

-	ASN1_OBJECT *issuerDomainPolicy;

-	ASN1_OBJECT *subjectDomainPolicy;

-} POLICY_MAPPING;

-DECLARE_STACK_OF(POLICY_MAPPING)

-typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;

-typedef struct GENERAL_SUBTREE_st {

-	GENERAL_NAME *base;

-	ASN1_INTEGER *minimum;

-	ASN1_INTEGER *maximum;

-} GENERAL_SUBTREE;

-DECLARE_STACK_OF(GENERAL_SUBTREE)

-typedef struct NAME_CONSTRAINTS_st {

-	STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;

-	STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;

-} NAME_CONSTRAINTS;

-typedef struct POLICY_CONSTRAINTS_st {

-	ASN1_INTEGER *requireExplicitPolicy;

-	ASN1_INTEGER *inhibitPolicyMapping;

-} POLICY_CONSTRAINTS;

-/* Proxy certificate structures, see RFC 3820 */

-typedef struct PROXY_POLICY_st

-	{

-	ASN1_OBJECT *policyLanguage;

-	ASN1_OCTET_STRING *policy;

-	} PROXY_POLICY;

-typedef struct PROXY_CERT_INFO_EXTENSION_st

-	{

-	ASN1_INTEGER *pcPathLengthConstraint;

-	PROXY_POLICY *proxyPolicy;

-	} PROXY_CERT_INFO_EXTENSION;

-DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)

-DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)

-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \

-",name:", val->name, ",value:", val->value);

-#define X509V3_set_ctx_test(ctx) \

-			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)

-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;

-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \

-			0,0,0,0, \

-			0,0, \

-			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \

-			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \

-			NULL, NULL, \

-			table}

-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \

-			0,0,0,0, \

-			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \

-			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \

-			0,0,0,0, \

-			NULL}

-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}

-/* X509_PURPOSE stuff */

-#define EXFLAG_BCONS		0x1

-#define EXFLAG_KUSAGE		0x2

-#define EXFLAG_XKUSAGE		0x4

-#define EXFLAG_NSCERT		0x8

-#define EXFLAG_CA		0x10

-#define EXFLAG_SS		0x20

-#define EXFLAG_V1		0x40

-#define EXFLAG_INVALID		0x80

-#define EXFLAG_SET		0x100

-#define EXFLAG_CRITICAL		0x200

-#define EXFLAG_PROXY		0x400

-#define EXFLAG_INVALID_POLICY	0x400

-#define KU_DIGITAL_SIGNATURE	0x0080

-#define KU_NON_REPUDIATION	0x0040

-#define KU_KEY_ENCIPHERMENT	0x0020

-#define KU_DATA_ENCIPHERMENT	0x0010

-#define KU_KEY_AGREEMENT	0x0008

-#define KU_KEY_CERT_SIGN	0x0004

-#define KU_CRL_SIGN		0x0002

-#define KU_ENCIPHER_ONLY	0x0001

-#define KU_DECIPHER_ONLY	0x8000

-#define NS_SSL_CLIENT		0x80

-#define NS_SSL_SERVER		0x40

-#define NS_SMIME		0x20

-#define NS_OBJSIGN		0x10

-#define NS_SSL_CA		0x04

-#define NS_SMIME_CA		0x02

-#define NS_OBJSIGN_CA		0x01

-#define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)

-#define XKU_SSL_SERVER		0x1

-#define XKU_SSL_CLIENT		0x2

-#define XKU_SMIME		0x4

-#define XKU_CODE_SIGN		0x8

-#define XKU_SGC			0x10

-#define XKU_OCSP_SIGN		0x20

-#define XKU_TIMESTAMP		0x40

-#define XKU_DVCS		0x80

-#define X509_PURPOSE_DYNAMIC	0x1

-#define X509_PURPOSE_DYNAMIC_NAME	0x2

-typedef struct x509_purpose_st {

-	int purpose;

-	int trust;		/* Default trust ID */

-	int flags;

-	int (*check_purpose)(const struct x509_purpose_st *,

-				const X509 *, int);

-	char *name;

-	char *sname;

-	void *usr_data;

-} X509_PURPOSE;

-#define X509_PURPOSE_SSL_CLIENT		1

-#define X509_PURPOSE_SSL_SERVER		2

-#define X509_PURPOSE_NS_SSL_SERVER	3

-#define X509_PURPOSE_SMIME_SIGN		4

-#define X509_PURPOSE_SMIME_ENCRYPT	5

-#define X509_PURPOSE_CRL_SIGN		6

-#define X509_PURPOSE_ANY		7

-#define X509_PURPOSE_OCSP_HELPER	8

-#define X509_PURPOSE_MIN		1

-#define X509_PURPOSE_MAX		8

-/* Flags for X509V3_EXT_print() */

-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)

-/* Return error for unknown extensions */

-#define X509V3_EXT_DEFAULT		0

-/* Print error for unknown extensions */

-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)

-/* ASN1 parse unknown extensions */

-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)

-/* BIO_dump unknown extensions */

-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)

-/* Flags for X509V3_add1_i2d */

-#define X509V3_ADD_OP_MASK		0xfL

-#define X509V3_ADD_DEFAULT		0L

-#define X509V3_ADD_APPEND		1L

-#define X509V3_ADD_REPLACE		2L

-#define X509V3_ADD_REPLACE_EXISTING	3L

-#define X509V3_ADD_KEEP_EXISTING	4L

-#define X509V3_ADD_DELETE		5L

-#define X509V3_ADD_SILENT		0x10

-DECLARE_STACK_OF(X509_PURPOSE)

-DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)

-DECLARE_ASN1_FUNCTIONS(SXNET)

-DECLARE_ASN1_FUNCTIONS(SXNETID)

-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);

-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);

-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);

-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);

-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);

-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);

-DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)

-DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)

-DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)

-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,

-				ASN1_BIT_STRING *bits,

-				STACK_OF(CONF_VALUE) *extlist);

-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);

-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);

-DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)

-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,

-		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);

-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

-DECLARE_ASN1_FUNCTIONS(OTHERNAME)

-DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)

-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);

-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);

-DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)

-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);

-DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)

-DECLARE_ASN1_FUNCTIONS(POLICYINFO)

-DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)

-DECLARE_ASN1_FUNCTIONS(USERNOTICE)

-DECLARE_ASN1_FUNCTIONS(NOTICEREF)

-DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)

-DECLARE_ASN1_FUNCTIONS(DIST_POINT)

-DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)

-DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)

-DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)

-DECLARE_ASN1_ITEM(POLICY_MAPPING)

-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)

-DECLARE_ASN1_ITEM(POLICY_MAPPINGS)

-DECLARE_ASN1_ITEM(GENERAL_SUBTREE)

-DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)

-DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)

-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)

-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)

-DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)

-#ifdef HEADER_CONF_H

-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

-							CONF_VALUE *cnf);

-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,

-				X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);

-void X509V3_conf_free(CONF_VALUE *val);

-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);

-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);

-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);

-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);

-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);

-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);

-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);

-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);

-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);

-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);

-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);

-int X509V3_add_value_bool_nf(char *name, int asn1_bool,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);

-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);

-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);

-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);

-#endif

-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);

-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);

-void X509V3_string_free(X509V3_CTX *ctx, char *str);

-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);

-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,

-				 X509_REQ *req, X509_CRL *crl, int flags);

-int X509V3_add_value(const char *name, const char *value,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_add_value_uchar(const char *name, const unsigned char *value,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_add_value_bool(const char *name, int asn1_bool,

-						STACK_OF(CONF_VALUE) **extlist);

-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,

-						STACK_OF(CONF_VALUE) **extlist);

-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);

-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);

-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);

-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);

-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);

-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);

-int X509V3_EXT_add_alias(int nid_to, int nid_from);

-void X509V3_EXT_cleanup(void);

-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);

-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);

-int X509V3_add_standard_extensions(void);

-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);

-void *X509V3_EXT_d2i(X509_EXTENSION *ext);

-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);

-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);

-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);

-char *hex_to_string(unsigned char *buffer, long len);

-unsigned char *string_to_hex(char *str, long *len);

-int name_cmp(const char *name, const char *cmp);

-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,

-								 int ml);

-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);

-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);

-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);

-int X509_check_ca(X509 *x);

-int X509_check_purpose(X509 *x, int id, int ca);

-int X509_supported_extension(X509_EXTENSION *ex);

-int X509_PURPOSE_set(int *p, int purpose);

-int X509_check_issued(X509 *issuer, X509 *subject);

-int X509_PURPOSE_get_count(void);

-X509_PURPOSE * X509_PURPOSE_get0(int idx);

-int X509_PURPOSE_get_by_sname(char *sname);

-int X509_PURPOSE_get_by_id(int id);

-int X509_PURPOSE_add(int id, int trust, int flags,

-			int (*ck)(const X509_PURPOSE *, const X509 *, int),

-				char *name, char *sname, void *arg);

-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);

-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);

-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);

-void X509_PURPOSE_cleanup(void);

-int X509_PURPOSE_get_id(X509_PURPOSE *);

-STACK *X509_get1_email(X509 *x);

-STACK *X509_REQ_get1_email(X509_REQ *x);

-void X509_email_free(STACK *sk);

-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);

-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);

-int a2i_ipadd(unsigned char *ipout, const char *ipasc);

-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,

-						unsigned long chtype);

-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);

-#ifndef OPENSSL_NO_RFC3779

-typedef struct ASRange_st {

-  ASN1_INTEGER *min, *max;

-} ASRange;

-#define	ASIdOrRange_id		0

-#define	ASIdOrRange_range	1

-typedef struct ASIdOrRange_st {

-  int type;

-  union {

-    ASN1_INTEGER *id;

-    ASRange      *range;

-  } u;

-} ASIdOrRange;

-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;

-DECLARE_STACK_OF(ASIdOrRange)

-#define	ASIdentifierChoice_inherit		0

-#define	ASIdentifierChoice_asIdsOrRanges	1

-typedef struct ASIdentifierChoice_st {

-  int type;

-  union {

-    ASN1_NULL    *inherit;

-    ASIdOrRanges *asIdsOrRanges;

-  } u;

-} ASIdentifierChoice;

-typedef struct ASIdentifiers_st {

-  ASIdentifierChoice *asnum, *rdi;

-} ASIdentifiers;

-DECLARE_ASN1_FUNCTIONS(ASRange)

-DECLARE_ASN1_FUNCTIONS(ASIdOrRange)

-DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)

-DECLARE_ASN1_FUNCTIONS(ASIdentifiers)

-typedef struct IPAddressRange_st {

-  ASN1_BIT_STRING	*min, *max;

-} IPAddressRange;

-#define	IPAddressOrRange_addressPrefix	0

-#define	IPAddressOrRange_addressRange	1

-typedef struct IPAddressOrRange_st {

-  int type;

-  union {

-    ASN1_BIT_STRING	*addressPrefix;

-    IPAddressRange	*addressRange;

-  } u;

-} IPAddressOrRange;

-typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;

-DECLARE_STACK_OF(IPAddressOrRange)

-#define	IPAddressChoice_inherit			0

-#define	IPAddressChoice_addressesOrRanges	1

-typedef struct IPAddressChoice_st {

-  int type;

-  union {

-    ASN1_NULL		*inherit;

-    IPAddressOrRanges	*addressesOrRanges;

-  } u;

-} IPAddressChoice;

-typedef struct IPAddressFamily_st {

-  ASN1_OCTET_STRING	*addressFamily;

-  IPAddressChoice	*ipAddressChoice;

-} IPAddressFamily;

-typedef STACK_OF(IPAddressFamily) IPAddrBlocks;

-DECLARE_STACK_OF(IPAddressFamily)

-DECLARE_ASN1_FUNCTIONS(IPAddressRange)

-DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)

-DECLARE_ASN1_FUNCTIONS(IPAddressChoice)

-DECLARE_ASN1_FUNCTIONS(IPAddressFamily)

-/*

- * API tag for elements of the ASIdentifer SEQUENCE.

- */

-#define	V3_ASID_ASNUM	0

-#define	V3_ASID_RDI	1

-/*

- * AFI values, assigned by IANA.  It'd be nice to make the AFI

- * handling code totally generic, but there are too many little things

- * that would need to be defined for other address families for it to

- * be worth the trouble.

- */

-#define	IANA_AFI_IPV4	1

-#define	IANA_AFI_IPV6	2

-/*

- * Utilities to construct and extract values from RFC3779 extensions,

- * since some of the encodings (particularly for IP address prefixes

- * and ranges) are a bit tedious to work with directly.

- */

-int v3_asid_add_inherit(ASIdentifiers *asid, int which);

-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,

-			    ASN1_INTEGER *min, ASN1_INTEGER *max);

-int v3_addr_add_inherit(IPAddrBlocks *addr,

-			const unsigned afi, const unsigned *safi);

-int v3_addr_add_prefix(IPAddrBlocks *addr,

-		       const unsigned afi, const unsigned *safi,

-		       unsigned char *a, const int prefixlen);

-int v3_addr_add_range(IPAddrBlocks *addr,

-		      const unsigned afi, const unsigned *safi,

-		      unsigned char *min, unsigned char *max);

-unsigned v3_addr_get_afi(const IPAddressFamily *f);

-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,

-		      unsigned char *min, unsigned char *max,

-		      const int length);

-/*

- * Canonical forms.

- */

-int v3_asid_is_canonical(ASIdentifiers *asid);

-int v3_addr_is_canonical(IPAddrBlocks *addr);

-int v3_asid_canonize(ASIdentifiers *asid);

-int v3_addr_canonize(IPAddrBlocks *addr);

-/*

- * Tests for inheritance and containment.

- */

-int v3_asid_inherits(ASIdentifiers *asid);

-int v3_addr_inherits(IPAddrBlocks *addr);

-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);

-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);

-/*

- * Check whether RFC 3779 extensions nest properly in chains.

- */

-int v3_asid_validate_path(X509_STORE_CTX *);

-int v3_addr_validate_path(X509_STORE_CTX *);

-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,

-				  ASIdentifiers *ext,

-				  int allow_inheritance);

-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,

-				  IPAddrBlocks *ext,

-				  int allow_inheritance);

-#endif /* OPENSSL_NO_RFC3779 */

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_X509V3_strings(void);

-/* Error codes for the X509V3 functions. */

-/* Function codes. */

-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE		 156

-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL	 157

-#define X509V3_F_COPY_EMAIL				 122

-#define X509V3_F_COPY_ISSUER				 123

-#define X509V3_F_DO_DIRNAME				 144

-#define X509V3_F_DO_EXT_CONF				 124

-#define X509V3_F_DO_EXT_I2D				 135

-#define X509V3_F_DO_EXT_NCONF				 151

-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS		 148

-#define X509V3_F_HEX_TO_STRING				 111

-#define X509V3_F_I2S_ASN1_ENUMERATED			 121

-#define X509V3_F_I2S_ASN1_IA5STRING			 149

-#define X509V3_F_I2S_ASN1_INTEGER			 120

-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138

-#define X509V3_F_NOTICE_SECTION				 132

-#define X509V3_F_NREF_NOS				 133

-#define X509V3_F_POLICY_SECTION				 131

-#define X509V3_F_PROCESS_PCI_VALUE			 150

-#define X509V3_F_R2I_CERTPOL				 130

-#define X509V3_F_R2I_PCI				 155

-#define X509V3_F_S2I_ASN1_IA5STRING			 100

-#define X509V3_F_S2I_ASN1_INTEGER			 108

-#define X509V3_F_S2I_ASN1_OCTET_STRING			 112

-#define X509V3_F_S2I_ASN1_SKEY_ID			 114

-#define X509V3_F_S2I_SKEY_ID				 115

-#define X509V3_F_STRING_TO_HEX				 113

-#define X509V3_F_SXNET_ADD_ID_ASC			 125

-#define X509V3_F_SXNET_ADD_ID_INTEGER			 126

-#define X509V3_F_SXNET_ADD_ID_ULONG			 127

-#define X509V3_F_SXNET_GET_ID_ASC			 128

-#define X509V3_F_SXNET_GET_ID_ULONG			 129

-#define X509V3_F_V2I_ASIDENTIFIERS			 158

-#define X509V3_F_V2I_ASN1_BIT_STRING			 101

-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS		 139

-#define X509V3_F_V2I_AUTHORITY_KEYID			 119

-#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102

-#define X509V3_F_V2I_CRLD				 134

-#define X509V3_F_V2I_EXTENDED_KEY_USAGE			 103

-#define X509V3_F_V2I_GENERAL_NAMES			 118

-#define X509V3_F_V2I_GENERAL_NAME_EX			 117

-#define X509V3_F_V2I_IPADDRBLOCKS			 159

-#define X509V3_F_V2I_ISSUER_ALT				 153

-#define X509V3_F_V2I_NAME_CONSTRAINTS			 147

-#define X509V3_F_V2I_POLICY_CONSTRAINTS			 146

-#define X509V3_F_V2I_POLICY_MAPPINGS			 145

-#define X509V3_F_V2I_SUBJECT_ALT			 154

-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL		 160

-#define X509V3_F_V3_GENERIC_EXTENSION			 116

-#define X509V3_F_X509V3_ADD1_I2D			 140

-#define X509V3_F_X509V3_ADD_VALUE			 105

-#define X509V3_F_X509V3_EXT_ADD				 104

-#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106

-#define X509V3_F_X509V3_EXT_CONF			 107

-#define X509V3_F_X509V3_EXT_I2D				 136

-#define X509V3_F_X509V3_EXT_NCONF			 152

-#define X509V3_F_X509V3_GET_SECTION			 142

-#define X509V3_F_X509V3_GET_STRING			 143

-#define X509V3_F_X509V3_GET_VALUE_BOOL			 110

-#define X509V3_F_X509V3_PARSE_LIST			 109

-#define X509V3_F_X509_PURPOSE_ADD			 137

-#define X509V3_F_X509_PURPOSE_SET			 141

-/* Reason codes. */

-#define X509V3_R_BAD_IP_ADDRESS				 118

-#define X509V3_R_BAD_OBJECT				 119

-#define X509V3_R_BN_DEC2BN_ERROR			 100

-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101

-#define X509V3_R_DIRNAME_ERROR				 149

-#define X509V3_R_DUPLICATE_ZONE_ID			 133

-#define X509V3_R_ERROR_CONVERTING_ZONE			 131

-#define X509V3_R_ERROR_CREATING_EXTENSION		 144

-#define X509V3_R_ERROR_IN_EXTENSION			 128

-#define X509V3_R_EXPECTED_A_SECTION_NAME		 137

-#define X509V3_R_EXTENSION_EXISTS			 145

-#define X509V3_R_EXTENSION_NAME_ERROR			 115

-#define X509V3_R_EXTENSION_NOT_FOUND			 102

-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103

-#define X509V3_R_EXTENSION_VALUE_ERROR			 116

-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION		 151

-#define X509V3_R_ILLEGAL_HEX_DIGIT			 113

-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG		 152

-#define X509V3_R_INVALID_ASNUMBER			 160

-#define X509V3_R_INVALID_ASRANGE			 161

-#define X509V3_R_INVALID_BOOLEAN_STRING			 104

-#define X509V3_R_INVALID_EXTENSION_STRING		 105

-#define X509V3_R_INVALID_INHERITANCE			 162

-#define X509V3_R_INVALID_IPADDRESS			 163

-#define X509V3_R_INVALID_NAME				 106

-#define X509V3_R_INVALID_NULL_ARGUMENT			 107

-#define X509V3_R_INVALID_NULL_NAME			 108

-#define X509V3_R_INVALID_NULL_VALUE			 109

-#define X509V3_R_INVALID_NUMBER				 140

-#define X509V3_R_INVALID_NUMBERS			 141

-#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110

-#define X509V3_R_INVALID_OPTION				 138

-#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134

-#define X509V3_R_INVALID_PROXY_POLICY_SETTING		 153

-#define X509V3_R_INVALID_PURPOSE			 146

-#define X509V3_R_INVALID_SAFI				 164

-#define X509V3_R_INVALID_SECTION			 135

-#define X509V3_R_INVALID_SYNTAX				 143

-#define X509V3_R_ISSUER_DECODE_ERROR			 126

-#define X509V3_R_MISSING_VALUE				 124

-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142

-#define X509V3_R_NO_CONFIG_DATABASE			 136

-#define X509V3_R_NO_ISSUER_CERTIFICATE			 121

-#define X509V3_R_NO_ISSUER_DETAILS			 127

-#define X509V3_R_NO_POLICY_IDENTIFIER			 139

-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED	 154

-#define X509V3_R_NO_PUBLIC_KEY				 114

-#define X509V3_R_NO_SUBJECT_DETAILS			 125

-#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112

-#define X509V3_R_OPERATION_NOT_DEFINED			 148

-#define X509V3_R_OTHERNAME_ERROR			 147

-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED	 155

-#define X509V3_R_POLICY_PATH_LENGTH			 156

-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED	 157

-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED	 158

-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159

-#define X509V3_R_SECTION_NOT_FOUND			 150

-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122

-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123

-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111

-#define X509V3_R_UNKNOWN_EXTENSION			 129

-#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130

-#define X509V3_R_UNKNOWN_OPTION				 120

-#define X509V3_R_UNSUPPORTED_OPTION			 117

-#define X509V3_R_USER_TOO_LONG				 132

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/crypto/x86_64cpuid.pl

+++ /dev/null

@@ -1,138 +1,0 @@

-#!/usr/bin/env perl

-$output=shift;

-$win64a=1 if ($output =~ /win64a\.[s|asm]/);

-open STDOUT,">$output" || die "can't open $output: $!";

-print<<___ if(defined($win64a));

-_TEXT	SEGMENT

-PUBLIC	OPENSSL_rdtsc

-ALIGN	16

-OPENSSL_rdtsc	PROC

-	rdtsc

-	shl	rdx,32

-	or	rax,rdx

-	ret

-OPENSSL_rdtsc	ENDP

-PUBLIC	OPENSSL_atomic_add

-ALIGN	16

-OPENSSL_atomic_add	PROC

-	mov	eax,DWORD PTR[rcx]

-\$Lspin:	lea	r8,DWORD PTR[rdx+rax]

-lock	cmpxchg	DWORD PTR[rcx],r8d

-	jne	\$Lspin

-	mov	eax,r8d

-	cdqe

-	ret

-OPENSSL_atomic_add	ENDP

-PUBLIC	OPENSSL_wipe_cpu

-ALIGN	16

-OPENSSL_wipe_cpu	PROC

-	pxor	xmm0,xmm0

-	pxor	xmm1,xmm1

-	pxor	xmm2,xmm2

-	pxor	xmm3,xmm3

-	pxor	xmm4,xmm4

-	pxor	xmm5,xmm5

-	xor	rcx,rcx

-	xor	rdx,rdx

-	xor	r8,r8

-	xor	r9,r9

-	xor	r10,r10

-	xor	r11,r11

-	lea	rax,QWORD PTR[rsp+8]

-	ret

-OPENSSL_wipe_cpu	ENDP

-OPENSSL_ia32_cpuid	PROC

-	mov	r8,rbx

-	mov	eax,1

-	cpuid

-	shl	rcx,32

-	mov	eax,edx

-	mov	rbx,r8

-	or	rax,rcx

-	ret

-OPENSSL_ia32_cpuid	ENDP

-_TEXT	ENDS

-CRT\$XIU	SEGMENT

-EXTRN	OPENSSL_cpuid_setup:PROC

-DQ	OPENSSL_cpuid_setup

-CRT\$XIU	ENDS

-END

-___

-print<<___ if(!defined($win64a));

-.text

-.globl	OPENSSL_rdtsc

-.align	16

-OPENSSL_rdtsc:

-	rdtsc

-	shlq	\$32,%rdx

-	orq	%rdx,%rax

-	ret

-.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc

-.globl	OPENSSL_atomic_add

-.type	OPENSSL_atomic_add,\@function

-.align	16

-OPENSSL_atomic_add:

-	movl	(%rdi),%eax

-.Lspin:	leaq	(%rsi,%rax),%r8

-lock;	cmpxchgl	%r8d,(%rdi)

-	jne	.Lspin

-	movl	%r8d,%eax

-	.byte	0x48,0x98

-	ret

-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add

-.globl	OPENSSL_wipe_cpu

-.type	OPENSSL_wipe_cpu,\@function

-.align	16

-OPENSSL_wipe_cpu:

-	pxor	%xmm0,%xmm0

-	pxor	%xmm1,%xmm1

-	pxor	%xmm2,%xmm2

-	pxor	%xmm3,%xmm3

-	pxor	%xmm4,%xmm4

-	pxor	%xmm5,%xmm5

-	pxor	%xmm6,%xmm6

-	pxor	%xmm7,%xmm7

-	pxor	%xmm8,%xmm8

-	pxor	%xmm9,%xmm9

-	pxor	%xmm10,%xmm10

-	pxor	%xmm11,%xmm11

-	pxor	%xmm12,%xmm12

-	pxor	%xmm13,%xmm13

-	pxor	%xmm14,%xmm14

-	pxor	%xmm15,%xmm15

-	xorq	%rcx,%rcx

-	xorq	%rdx,%rdx

-	xorq	%rsi,%rsi

-	xorq	%rdi,%rdi

-	xorq	%r8,%r8

-	xorq	%r9,%r9

-	xorq	%r10,%r10

-	xorq	%r11,%r11

-	leaq	8(%rsp),%rax

-	ret

-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu

-.globl	OPENSSL_ia32_cpuid

-.align	16

-OPENSSL_ia32_cpuid:

-	movq	%rbx,%r8

-	movl	\$1,%eax

-	cpuid

-	shlq	\$32,%rcx

-	movl	%edx,%eax

-	movq	%r8,%rbx

-	orq	%rcx,%rax

-	ret

-.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid

-.section	.init

-	call	OPENSSL_cpuid_setup

-___

--- a/sys/src/ape/lib/openssl/crypto/x86cpuid.pl

+++ /dev/null

@@ -1,197 +1,0 @@

-#!/usr/bin/env perl

-push(@INC,"perlasm");

-require "x86asm.pl";

-&asm_init($ARGV[0],"x86cpuid");

-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }

-&function_begin("OPENSSL_ia32_cpuid");

-	&xor	("edx","edx");

-	&pushf	();

-	&pop	("eax");

-	&mov	("ecx","eax");

-	&xor	("eax",1<<21);

-	&push	("eax");

-	&popf	();

-	&pushf	();

-	&pop	("eax");

-	&xor	("ecx","eax");

-	&bt	("ecx",21);

-	&jnc	(&label("nocpuid"));

-	&mov	("eax",1);

-	&cpuid	();

-&set_label("nocpuid");

-	&mov	("eax","edx");

-	&mov	("edx","ecx");

-&function_end("OPENSSL_ia32_cpuid");

-&external_label("OPENSSL_ia32cap_P");

-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");

-	&xor	("eax","eax");

-	&xor	("edx","edx");

-	&picmeup("ecx","OPENSSL_ia32cap_P");

-	&bt	(&DWP(0,"ecx"),4);

-	&jnc	(&label("notsc"));

-	&rdtsc	();

-&set_label("notsc");

-	&ret	();

-&function_end_B("OPENSSL_rdtsc");

-# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],

-# but it's safe to call it on any [supported] 32-bit platform...

-# Just check for [non-]zero return value...

-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");

-	&picmeup("ecx","OPENSSL_ia32cap_P");

-	&bt	(&DWP(0,"ecx"),4);

-	&jnc	(&label("nohalt"));	# no TSC

-	&data_word(0x9058900e);		# push %cs; pop %eax

-	&and	("eax",3);

-	&jnz	(&label("nohalt"));	# not enough privileges

-	&pushf	();

-	&pop	("eax")

-	&bt	("eax",9);

-	&jnc	(&label("nohalt"));	# interrupts are disabled

-	&rdtsc	();

-	&push	("edx");

-	&push	("eax");

-	&halt	();

-	&rdtsc	();

-	&sub	("eax",&DWP(0,"esp"));

-	&sbb	("edx",&DWP(4,"esp"));

-	&add	("esp",8);

-	&ret	();

-&set_label("nohalt");

-	&xor	("eax","eax");

-	&xor	("edx","edx");

-	&ret	();

-&function_end_B("OPENSSL_instrument_halt");

-# Essentially there is only one use for this function. Under DJGPP:

-#

-#	#include <go32.h>

-#	...

-#	i=OPENSSL_far_spin(_dos_ds,0x46c);

-#	...

-# to obtain the number of spins till closest timer interrupt.

-&function_begin_B("OPENSSL_far_spin");

-	&pushf	();

-	&pop	("eax")

-	&bt	("eax",9);

-	&jnc	(&label("nospin"));	# interrupts are disabled

-	&mov	("eax",&DWP(4,"esp"));

-	&mov	("ecx",&DWP(8,"esp"));

-	&data_word (0x90d88e1e);	# push %ds, mov %eax,%ds

-	&xor	("eax","eax");

-	&mov	("edx",&DWP(0,"ecx"));

-	&jmp	(&label("spin"));

-	&align	(16);

-&set_label("spin");

-	&inc	("eax");

-	&cmp	("edx",&DWP(0,"ecx"));

-	&je	(&label("spin"));

-	&data_word (0x1f909090);	# pop	%ds

-	&ret	();

-&set_label("nospin");

-	&xor	("eax","eax");

-	&xor	("edx","edx");

-	&ret	();

-&function_end_B("OPENSSL_far_spin");

-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");

-	&xor	("eax","eax");

-	&xor	("edx","edx");

-	&picmeup("ecx","OPENSSL_ia32cap_P");

-	&mov	("ecx",&DWP(0,"ecx"));

-	&bt	(&DWP(0,"ecx"),1);

-	&jnc	(&label("no_x87"));

-	if ($sse2) {

-		&bt	(&DWP(0,"ecx"),26);

-		&jnc	(&label("no_sse2"));

-		&pxor	("xmm0","xmm0");

-		&pxor	("xmm1","xmm1");

-		&pxor	("xmm2","xmm2");

-		&pxor	("xmm3","xmm3");

-		&pxor	("xmm4","xmm4");

-		&pxor	("xmm5","xmm5");

-		&pxor	("xmm6","xmm6");

-		&pxor	("xmm7","xmm7");

-	&set_label("no_sse2");

-	}

-	# just a bunch of fldz to zap the fp/mm bank followed by finit...

-	&data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b);

-&set_label("no_x87");

-	&lea	("eax",&DWP(4,"esp"));

-	&ret	();

-&function_end_B("OPENSSL_wipe_cpu");

-&function_begin_B("OPENSSL_atomic_add");

-	&mov	("edx",&DWP(4,"esp"));	# fetch the pointer, 1st arg

-	&mov	("ecx",&DWP(8,"esp"));	# fetch the increment, 2nd arg

-	&push	("ebx");

-	&nop	();

-	&mov	("eax",&DWP(0,"edx"));

-&set_label("spin");

-	&lea	("ebx",&DWP(0,"eax","ecx"));

-	&nop	();

-	&data_word(0x1ab10ff0);	# lock;	cmpxchg	%ebx,(%edx)	# %eax is envolved and is always reloaded

-	&jne	(&label("spin"));

-	&mov	("eax","ebx");	# OpenSSL expects the new value

-	&pop	("ebx");

-	&ret	();

-&function_end_B("OPENSSL_atomic_add");

-# This function can become handy under Win32 in situations when

-# we don't know which calling convention, __stdcall or __cdecl(*),

-# indirect callee is using. In C it can be deployed as

-#

-#ifdef OPENSSL_CPUID_OBJ

-#	type OPENSSL_indirect_call(void *f,...);

-#	...

-#	OPENSSL_indirect_call(func,[up to $max arguments]);

-#endif

-#

-# (*)	it's designed to work even for __fastcall if number of

-#	arguments is 1 or 2!

-&function_begin_B("OPENSSL_indirect_call");

-	{

-	my $i,$max=7;		# $max has to be chosen as 4*n-1

-				# in order to preserve eventual

-				# stack alignment

-	&push	("ebp");

-	&mov	("ebp","esp");

-	&sub	("esp",$max*4);

-	&mov	("ecx",&DWP(12,"ebp"));

-	&mov	(&DWP(0,"esp"),"ecx");

-	&mov	("edx",&DWP(16,"ebp"));

-	&mov	(&DWP(4,"esp"),"edx");

-	for($i=2;$i<$max;$i++)

-		{

-		# Some copies will be redundant/bogus...

-		&mov	("eax",&DWP(12+$i*4,"ebp"));

-		&mov	(&DWP(0+$i*4,"esp"),"eax");

-		}

-	&call_ptr	(&DWP(8,"ebp"));# make the call...

-	&mov	("esp","ebp");	# ... and just restore the stack pointer

-				# without paying attention to what we called,

-				# (__cdecl *func) or (__stdcall *one).

-	&pop	("ebp");

-	&ret	();

-	}

-&function_end_B("OPENSSL_indirect_call");

-&initseg("OPENSSL_cpuid_setup");

-&asm_finish();

--- a/sys/src/ape/lib/openssl/demos/README

+++ /dev/null

@@ -1,9 +1,0 @@

-NOTE: Don't expect any of these programs to work with current

-OpenSSL releases, or even with later SSLeay releases.

-Original README:

-=============================================================================

-Some demo programs sent to me by various people

-eric

--- a/sys/src/ape/lib/openssl/demos/asn1/README.ASN1

+++ /dev/null

@@ -1,7 +1,0 @@

-This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't

-do much yet other than demonstrate what the new ASN1 modules might look

-like.

-It wont even compile yet: the new code isn't in place.

--- a/sys/src/ape/lib/openssl/demos/asn1/ocsp.c

+++ /dev/null

@@ -1,366 +1,0 @@

-/* ocsp.c */

-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <openssl/asn1.h>

-#include <openssl/asn1t.h>

-#include <openssl/x509v3.h>

-/* Example of new ASN1 code, OCSP request

-	OCSPRequest     ::=     SEQUENCE {

-	    tbsRequest                  TBSRequest,

-	    optionalSignature   [0]     EXPLICIT Signature OPTIONAL }

-	TBSRequest      ::=     SEQUENCE {

-	    version             [0] EXPLICIT Version DEFAULT v1,

-	    requestorName       [1] EXPLICIT GeneralName OPTIONAL,

-	    requestList             SEQUENCE OF Request,

-	    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }

-	Signature       ::=     SEQUENCE {

-	    signatureAlgorithm   AlgorithmIdentifier,

-	    signature            BIT STRING,

-	    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

-	Version  ::=  INTEGER  {  v1(0) }

-	Request ::=     SEQUENCE {

-	    reqCert                    CertID,

-	    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }

-	CertID ::= SEQUENCE {

-	    hashAlgorithm            AlgorithmIdentifier,

-	    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN

-	    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key

-	    serialNumber       CertificateSerialNumber }

-	OCSPResponse ::= SEQUENCE {

-	   responseStatus         OCSPResponseStatus,

-	   responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

-	OCSPResponseStatus ::= ENUMERATED {

-	    successful            (0),      --Response has valid confirmations

-	    malformedRequest      (1),      --Illegal confirmation request

-	    internalError         (2),      --Internal error in issuer

-	    tryLater              (3),      --Try again later

-					    --(4) is not used

-	    sigRequired           (5),      --Must sign the request

-	    unauthorized          (6)       --Request unauthorized

-	}

-	ResponseBytes ::=       SEQUENCE {

-	    responseType   OBJECT IDENTIFIER,

-	    response       OCTET STRING }

-	BasicOCSPResponse       ::= SEQUENCE {

-	   tbsResponseData      ResponseData,

-	   signatureAlgorithm   AlgorithmIdentifier,

-	   signature            BIT STRING,

-	   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

-	ResponseData ::= SEQUENCE {

-	   version              [0] EXPLICIT Version DEFAULT v1,

-	   responderID              ResponderID,

-	   producedAt               GeneralizedTime,

-	   responses                SEQUENCE OF SingleResponse,

-	   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }

-	ResponderID ::= CHOICE {

-	   byName   [1] Name,    --EXPLICIT

-	   byKey    [2] KeyHash }

-	KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key

-				 --(excluding the tag and length fields)

-	SingleResponse ::= SEQUENCE {

-	   certID                       CertID,

-	   certStatus                   CertStatus,

-	   thisUpdate                   GeneralizedTime,

-	   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,

-	   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }

-	CertStatus ::= CHOICE {

-	    good                [0]     IMPLICIT NULL,

-	    revoked             [1]     IMPLICIT RevokedInfo,

-	    unknown             [2]     IMPLICIT UnknownInfo }

-	RevokedInfo ::= SEQUENCE {

-	    revocationTime              GeneralizedTime,

-	    revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

-	UnknownInfo ::= NULL -- this can be replaced with an enumeration

-	ArchiveCutoff ::= GeneralizedTime

-	AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER

-	ServiceLocator ::= SEQUENCE {

-	    issuer    Name,

-	    locator   AuthorityInfoAccessSyntax }

-	-- Object Identifiers

-	id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }

-	id-pkix-ocsp                 OBJECT IDENTIFIER ::= { id-ad-ocsp }

-	id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }

-	id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }

-	id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }

-	id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }

-	id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }

-	id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }

-	id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }

-*/

-/* Request Structures */

-DECLARE_STACK_OF(Request)

-typedef struct {

-	ASN1_INTEGER *version;

-	GENERAL_NAME *requestorName;

-	STACK_OF(Request) *requestList;

-	STACK_OF(X509_EXTENSION) *requestExtensions;

-} TBSRequest;

-typedef struct {

-	X509_ALGOR *signatureAlgorithm;

-	ASN1_BIT_STRING *signature;

-	STACK_OF(X509) *certs;

-} Signature;

-typedef struct {

-	TBSRequest *tbsRequest;

-	Signature *optionalSignature;

-} OCSPRequest;

-typedef struct {

-	X509_ALGOR *hashAlgorithm;

-	ASN1_OCTET_STRING *issuerNameHash;

-	ASN1_OCTET_STRING *issuerKeyHash;

-	ASN1_INTEGER *certificateSerialNumber;

-} CertID;

-typedef struct {

-	CertID *reqCert;

-	STACK_OF(X509_EXTENSION) *singleRequestExtensions;

-} Request;

-/* Response structures */

-typedef struct {

-	ASN1_OBJECT *responseType;

-	ASN1_OCTET_STRING *response;

-} ResponseBytes;

-typedef struct {

-	ASN1_ENUMERATED *responseStatus;

-	ResponseBytes *responseBytes;

-} OCSPResponse;

-typedef struct {

-	int type;

-	union {

-	   X509_NAME *byName;

-	   ASN1_OCTET_STRING *byKey;

-	}d;

-} ResponderID;

-typedef struct {

-	   ASN1_INTEGER *version;

-	   ResponderID *responderID;

-	   ASN1_GENERALIZEDTIME *producedAt;

-	   STACK_OF(SingleResponse) *responses;

-	   STACK_OF(X509_EXTENSION) *responseExtensions;

-} ResponseData;

-typedef struct {

-	   ResponseData *tbsResponseData;

-	   X509_ALGOR *signatureAlgorithm;

-	   ASN1_BIT_STRING *signature;

-	   STACK_OF(X509) *certs;

-} BasicOCSPResponse;

-typedef struct {

-	ASN1_GENERALIZEDTIME *revocationTime;

-	ASN1_ENUMERATED * revocationReason;

-} RevokedInfo;

-typedef struct {

-	int type;

-	union {

-	    ASN1_NULL *good;

-	    RevokedInfo *revoked;

-	    ASN1_NULL *unknown;

-	} d;

-} CertStatus;

-typedef struct {

-	   CertID *certID;

-	   CertStatus *certStatus;

-	   ASN1_GENERALIZEDTIME *thisUpdate;

-	   ASN1_GENERALIZEDTIME *nextUpdate;

-	   STACK_OF(X509_EXTENSION) *singleExtensions;

-} SingleResponse;

-typedef struct {

-    X509_NAME *issuer;

-    STACK_OF(ACCESS_DESCRIPTION) *locator;

-} ServiceLocator;

-/* Now the ASN1 templates */

-IMPLEMENT_COMPAT_ASN1(X509);

-IMPLEMENT_COMPAT_ASN1(X509_ALGOR);

-//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);

-IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);

-IMPLEMENT_COMPAT_ASN1(X509_NAME);

-ASN1_SEQUENCE(X509_EXTENSION) = {

-	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),

-	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),

-	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(X509_EXTENSION);

-ASN1_SEQUENCE(Signature) = {

-	ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),

-	ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),

-	ASN1_SEQUENCE_OF(Signature, certs, X509)

-} ASN1_SEQUENCE_END(Signature);

-ASN1_SEQUENCE(CertID) = {

-	ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),

-	ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),

-	ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)

-} ASN1_SEQUENCE_END(CertID);

-ASN1_SEQUENCE(Request) = {

-	ASN1_SIMPLE(Request, reqCert, CertID),

-	ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)

-} ASN1_SEQUENCE_END(Request);

-ASN1_SEQUENCE(TBSRequest) = {

-	ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),

-	ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),

-	ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),

-	ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)

-} ASN1_SEQUENCE_END(TBSRequest);

-ASN1_SEQUENCE(OCSPRequest) = {

-	ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),

-	ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)

-} ASN1_SEQUENCE_END(OCSPRequest);

-/* Response templates */

-ASN1_SEQUENCE(ResponseBytes) = {

-	    ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),

-	    ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)

-} ASN1_SEQUENCE_END(ResponseBytes);

-ASN1_SEQUENCE(OCSPResponse) = {

-	ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),

-	ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)

-} ASN1_SEQUENCE_END(OCSPResponse);

-ASN1_CHOICE(ResponderID) = {

-	   ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),

-	   ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)

-} ASN1_CHOICE_END(ResponderID);

-ASN1_SEQUENCE(RevokedInfo) = {

-	ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),

-  	ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)

-} ASN1_SEQUENCE_END(RevokedInfo);

-ASN1_CHOICE(CertStatus) = {

-	ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),

-	ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),

-	ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)

-} ASN1_CHOICE_END(CertStatus);

-ASN1_SEQUENCE(SingleResponse) = {

-	   ASN1_SIMPLE(SingleResponse, certID, CertID),

-	   ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),

-	   ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),

-	   ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),

-	   ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)

-} ASN1_SEQUENCE_END(SingleResponse);

-ASN1_SEQUENCE(ResponseData) = {

-	   ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),

-	   ASN1_SIMPLE(ResponseData, responderID, ResponderID),

-	   ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),

-	   ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),

-	   ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)

-} ASN1_SEQUENCE_END(ResponseData);

-ASN1_SEQUENCE(BasicOCSPResponse) = {

-	   ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),

-	   ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),

-	   ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),

-	   ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)

-} ASN1_SEQUENCE_END(BasicOCSPResponse);

--- a/sys/src/ape/lib/openssl/demos/b64.c

+++ /dev/null

@@ -1,268 +1,0 @@

-/* demos/b64.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "../apps/apps.h"

-#include <openssl/buffer.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#undef SIZE

-#undef BSIZE

-#undef PROG

-#define SIZE	(512)

-#define BSIZE	(8*1024)

-#define	PROG	enc_main

-int main(argc,argv)

-int argc;

-char **argv;

-	{

-	char *strbuf=NULL;

-	unsigned char *buff=NULL,*bufsize=NULL;

-	int bsize=BSIZE,verbose=0;

-	int ret=1,inl;

-	char *str=NULL;

-	char *hkey=NULL,*hiv=NULL;

-	int enc=1,printkey=0,i,base64=0;

-	int debug=0;

-	EVP_CIPHER *cipher=NULL,*c;

-	char *inf=NULL,*outf=NULL;

-	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;

-#define PROG_NAME_SIZE  39

-	apps_startup();

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

-	base64=1;

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	(strcmp(*argv,"-e") == 0)

-			enc=1;

-		if (strcmp(*argv,"-in") == 0)

-			{

-			if (--argc < 1) goto bad;

-			inf= *(++argv);

-			}

-		else if (strcmp(*argv,"-out") == 0)

-			{

-			if (--argc < 1) goto bad;

-			outf= *(++argv);

-			}

-		else if	(strcmp(*argv,"-d") == 0)

-			enc=0;

-		else if	(strcmp(*argv,"-v") == 0)

-			verbose=1;

-		else if	(strcmp(*argv,"-debug") == 0)

-			debug=1;

-		else if (strcmp(*argv,"-bufsize") == 0)

-			{

-			if (--argc < 1) goto bad;

-			bufsize=(unsigned char *)*(++argv);

-			}

-		else

-			{

-			BIO_printf(bio_err,"unknown option '%s'\n",*argv);

-bad:

-			BIO_printf(bio_err,"options are\n");

-			BIO_printf(bio_err,"%-14s input file\n","-in <file>");

-			BIO_printf(bio_err,"%-14s output file\n","-out <file>");

-			BIO_printf(bio_err,"%-14s encode\n","-e");

-			BIO_printf(bio_err,"%-14s decode\n","-d");

-			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");

-			goto end;

-			}

-		argc--;

-		argv++;

-		}

-	if (bufsize != NULL)

-		{

-		int i;

-		unsigned long n;

-		for (n=0; *bufsize; bufsize++)

-			{

-			i= *bufsize;

-			if ((i <= '9') && (i >= '0'))

-				n=n*10+i-'0';

-			else if (i == 'k')

-				{

-				n*=1024;

-				bufsize++;

-				break;

-				}

-			}

-		if (*bufsize != '\0')

-			{

-			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");

-			goto end;

-			}

-		/* It must be large enough for a base64 encoded line */

-		if (n < 80) n=80;

-		bsize=(int)n;

-		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);

-		}

-	strbuf=OPENSSL_malloc(SIZE);

-	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));

-	if ((buff == NULL) || (strbuf == NULL))

-		{

-		BIO_printf(bio_err,"OPENSSL_malloc failure\n");

-		goto end;

-		}

-	in=BIO_new(BIO_s_file());

-	out=BIO_new(BIO_s_file());

-	if ((in == NULL) || (out == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (debug)

-		{

-		BIO_set_callback(in,BIO_debug_callback);

-		BIO_set_callback(out,BIO_debug_callback);

-		BIO_set_callback_arg(in,bio_err);

-		BIO_set_callback_arg(out,bio_err);

-		}

-	if (inf == NULL)

-		BIO_set_fp(in,stdin,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_read_filename(in,inf) <= 0)

-			{

-			perror(inf);

-			goto end;

-			}

-		}

-	if (outf == NULL)

-		BIO_set_fp(out,stdout,BIO_NOCLOSE);

-	else

-		{

-		if (BIO_write_filename(out,outf) <= 0)

-			{

-			perror(outf);

-			goto end;

-			}

-		}

-	rbio=in;

-	wbio=out;

-	if (base64)

-		{

-		if ((b64=BIO_new(BIO_f_base64())) == NULL)

-			goto end;

-		if (debug)

-			{

-			BIO_set_callback(b64,BIO_debug_callback);

-			BIO_set_callback_arg(b64,bio_err);

-			}

-		if (enc)

-			wbio=BIO_push(b64,wbio);

-		else

-			rbio=BIO_push(b64,rbio);

-		}

-	for (;;)

-		{

-		inl=BIO_read(rbio,(char *)buff,bsize);

-		if (inl <= 0) break;

-		if (BIO_write(wbio,(char *)buff,inl) != inl)

-			{

-			BIO_printf(bio_err,"error writing output file\n");

-			goto end;

-			}

-		}

-	BIO_flush(wbio);

-	ret=0;

-	if (verbose)

-		{

-		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));

-		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));

-		}

-end:

-	if (strbuf != NULL) OPENSSL_free(strbuf);

-	if (buff != NULL) OPENSSL_free(buff);

-	if (in != NULL) BIO_free(in);

-	if (out != NULL) BIO_free(out);

-	if (benc != NULL) BIO_free(benc);

-	if (b64 != NULL) BIO_free(b64);

-	EXIT(ret);

-	}

--- a/sys/src/ape/lib/openssl/demos/b64.pl

+++ /dev/null

@@ -1,20 +1,0 @@

-#!/usr/local/bin/perl

-#

-# Make PEM encoded data have lines of 64 bytes of data

-#

-while (<>)

-	{

-	if (/^-----BEGIN/ .. /^-----END/)

-		{

-		if (/^-----BEGIN/) { $first=$_; next; }

-		if (/^-----END/) { $last=$_; next; }

-		$out.=$_;

-		}

-	}

-$out =~ s/\s//g;

-$out =~ s/(.{64})/$1\n/g;

-print "$first$out\n$last\n";

--- a/sys/src/ape/lib/openssl/demos/bio/Makefile

+++ /dev/null

@@ -1,16 +1,0 @@

-CC=cc

-CFLAGS= -g -I../../include

-LIBS= -L../.. ../../libssl.a ../../libcrypto.a

-EXAMPLES=saccept sconnect

-all: $(EXAMPLES)

-saccept: saccept.o

-	$(CC) -o saccept saccept.o $(LIBS)

-sconnect: sconnect.o

-	$(CC) -o sconnect sconnect.o $(LIBS)

-clean:

-	rm -f $(EXAMPLES) *.o

--- a/sys/src/ape/lib/openssl/demos/bio/README

+++ /dev/null

@@ -1,3 +1,0 @@

-This directory contains some simple examples of the use of BIO's

-to simplify socket programming.

--- a/sys/src/ape/lib/openssl/demos/bio/saccept.c

+++ /dev/null

@@ -1,112 +1,0 @@

-/* NOCW */

-/* demos/bio/saccept.c */

-/* A minimal program to server an SSL connection.

- * It uses blocking.

- * saccept host:port

- * host is the interface IP to use.  If any interface, use *:port

- * The default it *:4433

- *

- * cc -I../../include saccept.c -L../.. -lssl -lcrypto

- */

-#include <stdio.h>

-#include <signal.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-#define CERT_FILE	"server.pem"

-BIO *in=NULL;

-void close_up()

-	{

-	if (in != NULL)

-		BIO_free(in);

-	}

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	char *port=NULL;

-	BIO *ssl_bio,*tmp;

-	SSL_CTX *ctx;

-	SSL *ssl;

-	char buf[512];

-	int ret=1,i;

-        if (argc <= 1)

-		port="*:4433";

-	else

-		port=argv[1];

-	signal(SIGINT,close_up);

-	SSL_load_error_strings();

-#ifdef WATT32

-	dbug_init();

-	sock_init();

-#endif

-	/* Add ciphers and message digests */

-	OpenSSL_add_ssl_algorithms();

-	ctx=SSL_CTX_new(SSLv23_server_method());

-	if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))

-		goto err;

-	if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))

-		goto err;

-	if (!SSL_CTX_check_private_key(ctx))

-		goto err;

-	/* Setup server side SSL bio */

-	ssl=SSL_new(ctx);

-	ssl_bio=BIO_new_ssl(ctx,0);

-	if ((in=BIO_new_accept(port)) == NULL) goto err;

-	/* This means that when a new connection is acceptede on 'in',

-	 * The ssl_bio will be 'dupilcated' and have the new socket

-	 * BIO push into it.  Basically it means the SSL BIO will be

-	 * automatically setup */

-	BIO_set_accept_bios(in,ssl_bio);

-again:

-	/* The first call will setup the accept socket, and the second

-	 * will get a socket.  In this loop, the first actual accept

-	 * will occur in the BIO_read() function. */

-	if (BIO_do_accept(in) <= 0) goto err;

-	for (;;)

-		{

-		i=BIO_read(in,buf,512);

-		if (i == 0)

-			{

-			/* If we have finished, remove the underlying

-			 * BIO stack so the next time we call any function

-			 * for this BIO, it will attempt to do an

-			 * accept */

-			printf("Done\n");

-			tmp=BIO_pop(in);

-			BIO_free_all(tmp);

-			goto again;

-			}

-		if (i < 0) goto err;

-		fwrite(buf,1,i,stdout);

-		fflush(stdout);

-		}

-	ret=0;

-err:

-	if (ret)

-		{

-		ERR_print_errors_fp(stderr);

-		}

-	if (in != NULL) BIO_free(in);

-	exit(ret);

-	return(!ret);

-	}

--- a/sys/src/ape/lib/openssl/demos/bio/sconnect.c

+++ /dev/null

@@ -1,121 +1,0 @@

-/* NOCW */

-/* demos/bio/sconnect.c */

-/* A minimal program to do SSL to a passed host and port.

- * It is actually using non-blocking IO but in a very simple manner

- * sconnect host:port - it does a 'GET / HTTP/1.0'

- *

- * cc -I../../include sconnect.c -L../.. -lssl -lcrypto

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <unistd.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-extern int errno;

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	char *host;

-	BIO *out;

-	char buf[1024*10],*p;

-	SSL_CTX *ssl_ctx=NULL;

-	SSL *ssl;

-	BIO *ssl_bio;

-	int i,len,off,ret=1;

-	if (argc <= 1)

-		host="localhost:4433";

-	else

-		host=argv[1];

-#ifdef WATT32

-	dbug_init();

-	sock_init();

-#endif

-	/* Lets get nice error messages */

-	SSL_load_error_strings();

-	/* Setup all the global SSL stuff */

-	OpenSSL_add_ssl_algorithms();

-	ssl_ctx=SSL_CTX_new(SSLv23_client_method());

-	/* Lets make a SSL structure */

-	ssl=SSL_new(ssl_ctx);

-	SSL_set_connect_state(ssl);

-	/* Use it inside an SSL BIO */

-	ssl_bio=BIO_new(BIO_f_ssl());

-	BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);

-	/* Lets use a connect BIO under the SSL BIO */

-	out=BIO_new(BIO_s_connect());

-	BIO_set_conn_hostname(out,host);

-	BIO_set_nbio(out,1);

-	out=BIO_push(ssl_bio,out);

-	p="GET / HTTP/1.0\r\n\r\n";

-	len=strlen(p);

-	off=0;

-	for (;;)

-		{

-		i=BIO_write(out,&(p[off]),len);

-		if (i <= 0)

-			{

-			if (BIO_should_retry(out))

-				{

-				fprintf(stderr,"write DELAY\n");

-				sleep(1);

-				continue;

-				}

-			else

-				{

-				goto err;

-				}

-			}

-		off+=i;

-		len-=i;

-		if (len <= 0) break;

-		}

-	for (;;)

-		{

-		i=BIO_read(out,buf,sizeof(buf));

-		if (i == 0) break;

-		if (i < 0)

-			{

-			if (BIO_should_retry(out))

-				{

-				fprintf(stderr,"read DELAY\n");

-				sleep(1);

-				continue;

-				}

-			goto err;

-			}

-		fwrite(buf,1,i,stdout);

-		}

-	ret=1;

-	if (0)

-		{

-err:

-		if (ERR_peek_error() == 0) /* system call error */

-			{

-			fprintf(stderr,"errno=%d ",errno);

-			perror("error");

-			}

-		else

-			ERR_print_errors_fp(stderr);

-		}

-	BIO_free_all(out);

-	if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);

-	exit(!ret);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/demos/bio/server.pem

+++ /dev/null

@@ -1,30 +1,0 @@

-subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server

-issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA

------BEGIN X509 CERTIFICATE-----

-MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV

-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz

-MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM

-RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV

-BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3

-LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb

-/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0

-DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn

-IMs6ZOZB

------END X509 CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe

-Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ

-hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG

-sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw

-tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq

-agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA

-g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=

------END RSA PRIVATE KEY-----

------BEGIN DH PARAMETERS-----

-MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn

-a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC

------END DH PARAMETERS-----

--- a/sys/src/ape/lib/openssl/demos/easy_tls/Makefile

+++ /dev/null

@@ -1,123 +1,0 @@

-# Makefile for easy-tls example application (rudimentary client and server)

-# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $

-SOLARIS_CFLAGS=-Wall -pedantic -g -O2

-SOLARIS_LIBS=-lxnet

-LINUX_CFLAGS=-Wall -pedantic -g -O2

-LINUX_LIBS=

-auto-all:

-	case `uname -s` in \

-	SunOS) echo Using SunOS configuration; \

-	  make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \

-	Linux) echo Using Linux configuration; \

-	  make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \

-	*) echo "unknown system"; exit 1;; \

-	esac

-all: test TAGS

-# For adapting this Makefile to a different system, only the following

-# definitions should need customizing:

-OPENSSLDIR=../..

-CC=gcc

-SYSCFLAGS=whatever

-SYSLIBS=whatever

-#############################################################################

-#

-# SSLeay/OpenSSL imports

-#

-# OPENSSLDIR (set above) can be either the directory where OpenSSL is

-# installed or the directory where it was compiled.

-# We rely on having a new OpenSSL release where include files

-# have names like <openssl/ssl.h> (not just <ssl.h>).

-OPENSSLINCLUDES=-I$(OPENSSLDIR)/include

-# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is

-# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed

-# library.  With the following definition, we can handle either case.

-OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto

-#############################################################################

-#

-# Stuff for handling the source files

-#

-SOURCES=easy-tls.c test.c

-HEADERS=easy-tls.h test.h

-DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem

-EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)

-ls: ls-l

-ls-l:

-	ls -l $(EVERYTHING)

-# For RCS:

-tag:

-	-rcs -n_`date +%y%m%d`: $(EVERYTHING)

-	rcs -nMYTAG $(EVERYTHING)

-	rcs -nMYTAG: $(EVERYTHING)

-diff:

-	-rcsdiff -rMYTAG -u $(EVERYTHING)

-today:

-	-rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)

-ident:

-	for a in $(EVERYTHING); do ident $$a; done

-# Distribution .tar:

-easy-tls.tar.gz: $(EVERYTHING)

-	tar cvf - $(EVERYTHING) | \

-	gzip -9 > easy-tls.tar.gz

-# Working .tar:

-tls.tgz: $(EVERYTHING)

-	tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \

-	gzip -9 > tls.tgz

-# For emacs:

-etags: TAGS

-TAGS: $(SOURCES) $(HEADERS)

-	-etags $(SOURCES) $(HEADERS)

-#############################################################################

-#

-# Compilation

-#

-# The following definitions are system dependent (and hence defined

-# at the beginning of this Makefile, where they are more easily found):

-### CC=gcc

-### SYSCFLAGS=-Wall -pedantic -g -O2

-### SYSLIBS=-lxnet

-EXTRACFLAGS=-DTLS_APP=\"test.h\"

-# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS

-#

-# The rest shouldn't need to be touched.

-#

-LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)

-INCLUDES=$(OPENSSLINCLUDES)

-CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)

-OBJS=easy-tls.o test.o

-clean:

-	@rm -f test

-	@rm -f TAGS

-	@rm -f *.o

-	@rm -f core

-test: $(OBJS)

-	$(CC) $(OBJS) $(LDFLAGS) -o test

-test.o: $(HEADERS)

-easy-tls.o: $(HEADERS)

--- a/sys/src/ape/lib/openssl/demos/easy_tls/README

+++ /dev/null

@@ -1,65 +1,0 @@

-easy_tls - generic SSL/TLS proxy

-========

-(... and example for non-blocking SSL/TLS I/O multiplexing.)

-  easy_tls.c, easy_tls.h:

-     Small generic SSL/TLS proxy library: With a few function calls,

-     an application socket will be replaced by a pipe handled by a

-     separate SSL/TLS proxy process.  This allows easily adding

-     SSL/TLS support to many programs not originally designed for it.

-     [Actually easy_tls.c is not a proper library: Customization

-     requires defining preprocessor macros while compiling it.

-     This is quite confusing, so I'll probably change it.]

-     These files may be used under the OpenSSL license.

-  test.c, test.h, Makefile, cert.pem, cacerts.pem:

-     Rudimentary example program using the easy_tls library, and

-     example key and certificates for it.  Usage examples:

-       $ ./test 8443     # create server listening at port 8443

-       $ ./test 127.0.0.1 8443  # create client, connect to port 8443

-                                # at IP address 127.0.0.1

-     'test' will not automatically do SSL/TLS, or even read or write

-     data -- it must be told to do so on input lines starting

-     with a command letter.  'W' means write a line, 'R' means

-     read a line, 'C' means close the connection, 'T' means

-     start an SSL/TLS proxy.  E.g. (user input tagged with '*'):

-     * R

-       <<< 220 mail.example.net

-     * WSTARTTLS

-       >>> STARTTLS

-     * R

-       <<< 220 Ready to start TLS

-     * T

-       test_process_init(fd = 3, client_p = 1, apparg = (nil))

-       +++ `E:self signed certificate in certificate chain'

-       +++ `<... certificate info ...>'

-     * WHELO localhost

-       >>> HELO localhost

-       R

-       <<< 250 mail.example.net

-     You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using

-     'T' multiple times.  I have no idea why you would want to though.

-This code is rather old.  When I find time I will update anything that

-should be changed, and improve code comments.  To compile the sample

-program 'test' on platforms other then Linux or Solaris, you will have

-to edit the Makefile.

-As noted above, easy_tls.c will be changed to become a library one

-day, which means that future revisions will not be fully compatible to

-the current version.

-Bodo M�ller <[email protected]>

--- a/sys/src/ape/lib/openssl/demos/easy_tls/cacerts.pem

+++ /dev/null

@@ -1,18 +1,0 @@

-$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $

-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

------BEGIN CERTIFICATE-----

-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD

-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw

-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY

-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0

-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ

-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv

-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2

-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v

-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4

-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA

-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/demos/easy_tls/cert.pem

+++ /dev/null

@@ -1,31 +1,0 @@

-$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $

-Example certificate and key.

------BEGIN CERTIFICATE-----

-MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV

-BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0

-ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF

-MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

-gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF

-AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL

-tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3

-DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco

-9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9

-MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68

-/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2

-ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB

-AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU

-4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP

-I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri

-dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM

-D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC

-Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06

-5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB

-AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft

-JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08

-Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/demos/easy_tls/easy-tls.c

+++ /dev/null

@@ -1,1240 +1,0 @@

-/* -*- Mode: C; c-file-style: "bsd" -*- */

-/*

- * easy-tls.c -- generic TLS proxy.

- * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $

- */

-/*

- (c) Copyright 1999 Bodo Moeller.  All rights reserved.

- This is free software; you can redistributed and/or modify it

- unter the terms of either

-   -  the GNU General Public License as published by the

-      Free Software Foundation, version 1, or (at your option)

-      any later version,

- or

-   -  the following license:

-*/

-/*

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that each of the following

- * conditions is met:

- *

- * 1. Redistributions qualify as "freeware" or "Open Source Software" under

- *    one of the following terms:

- *

- *    (a) Redistributions are made at no charge beyond the reasonable cost of

- *        materials and delivery.

- *

- *    (b) Redistributions are accompanied by a copy of the Source Code

- *        or by an irrevocable offer to provide a copy of the Source Code

- *        for up to three years at the cost of materials and delivery.

- *        Such redistributions must allow further use, modification, and

- *        redistribution of the Source Code under substantially the same

- *        terms as this license.

- *

- * 2. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 3. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 4. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by Bodo Moeller."

- *    (If available, substitute umlauted o for oe.)

- *

- * 5. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by Bodo Moeller."

- *

- * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BODO MOELLER OR

- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-/*

- * Attribution for OpenSSL library:

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- * This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)

- */

-static char const rcsid[] =

-"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";

-#include <assert.h>

-#include <errno.h>

-#include <fcntl.h>

-#include <limits.h>

-#include <stdarg.h>

-#include <stdio.h>

-#include <string.h>

-#include <sys/select.h>

-#include <sys/socket.h>

-#include <sys/stat.h>

-#include <sys/time.h>

-#include <sys/types.h>

-#include <sys/utsname.h>

-#include <unistd.h>

-#include <openssl/crypto.h>

-#include <openssl/dh.h>

-#include <openssl/dsa.h>

-#include <openssl/err.h>

-#include <openssl/evp.h>

-#include <openssl/opensslv.h>

-#include <openssl/pem.h>

-#include <openssl/rand.h>

-#ifndef NO_RSA

- #include <openssl/rsa.h>

-#endif

-#include <openssl/ssl.h>

-#include <openssl/x509.h>

-#include <openssl/x509_vfy.h>

-#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */

-# error "This program needs OpenSSL 0.9.4 or later."

-#endif

-#include "easy-tls.h" /* include after <openssl/ssl.h> if both are needed */

-#if TLS_INFO_SIZE > PIPE_BUF

-# if PIPE_BUF < 512

-#  error "PIPE_BUF < 512" /* non-POSIX */

-# endif

-# error "TLS_INFO_SIZE > PIPE_BUF"

-#endif

-/*****************************************************************************/

-#ifdef TLS_APP

-# include TLS_APP

-#endif

-/* Applications can define:

- *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)

- *   TLS_CUMULATE_ERRORS

- *   TLS_ERROR_BUFSIZ

- *   TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)

- */

-#ifndef TLS_APP_PROCESS_INIT

-# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)

-#endif

-#ifndef TLS_ERROR_BUFSIZ

-# define TLS_ERROR_BUFSIZ (10*160)

-#endif

-#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */

-# error "TLS_ERROR_BUFSIZE is too small."

-#endif

-#ifndef TLS_APP_ERRFLUSH

-# define TLS_APP_ERRFLUSH tls_app_errflush

-static void

-tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)

-{

-    fputs(errbuf, stderr);

-}

-#endif

-/*****************************************************************************/

-#ifdef DEBUG_TLS

-# define DEBUG_MSG(x) fprintf(stderr,"  %s\n",x)

-# define DEBUG_MSG2(x,y) fprintf(stderr, "  %s: %d\n",x,y)

-static int tls_loop_count = 0;

-static int tls_select_count = 0;

-#else

-# define DEBUG_MSG(x) (void)0

-# define DEBUG_MSG2(x,y) (void)0

-#endif

-static void tls_rand_seed_uniquely(void);

-static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p);

-static int tls_socket_nonblocking(int fd);

-static int tls_child_p = 0;

-static void *tls_child_apparg;

-struct tls_start_proxy_args

-tls_start_proxy_defaultargs(void)

-{

-    struct tls_start_proxy_args ret;

-    ret.fd = -1;

-    ret.client_p = -1;

-    ret.ctx = NULL;

-    ret.pid = NULL;

-    ret.infofd = NULL;

-    return ret;

-}

-/* Slice in TLS proxy process at fd.

- * Return value:

- *   0    ok  (*pid is set to child's PID if pid != NULL),

- *   < 0  look at errno

- *   > 0  other error

- *   (return value encodes place of error)

- *

- */

-int

-tls_start_proxy(struct tls_start_proxy_args a, void *apparg)

-{

-    int fds[2] = {-1, -1};

-    int infofds[2] = {-1, -1};

-    int r, getfd, getfl;

-    int ret;

-    DEBUG_MSG2("tls_start_proxy fd", a.fd);

-    DEBUG_MSG2("tls_start_proxy client_p", a.client_p);

-    if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)

-	return 1;

-    if (a.pid != NULL) {

-	*a.pid = 0;

-    }

-    if (a.infofd != NULL) {

-	*a.infofd = -1;

-    }

-    r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);

-    if (r == -1)

-	return -1;

-    if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {

-	ret = 2;

-	goto err;

-    }

-    if (a.infofd != NULL) {

-	r = pipe(infofds);

-	if (r == -1) {

-	    ret = -3;

-	    goto err;

-	}

-    }

-    r = fork();

-    if (r == -1) {

-	ret = -4;

-	goto err;

-    }

-    if (r == 0) {

-	DEBUG_MSG("fork");

-	tls_child_p = 1;

-	tls_child_apparg = apparg;

-	close(fds[1]);

-	if (infofds[0] != -1)

-	    close(infofds[0]);

-	TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);

-	DEBUG_MSG("TLS_APP_PROCESS_INIT");

-	tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);

-	exit(0);

-    }

-    if (a.pid != NULL)

-	*a.pid = r;

-    if (infofds[1] != -1) {

-	close(infofds[1]);

-	infofds[1] = -1;

-    }

-    /* install fds[1] in place of fd: */

-    close(fds[0]);

-    fds[0] = -1;

-    getfd = fcntl(a.fd, F_GETFD);

-    getfl = fcntl(a.fd, F_GETFL);

-    r = dup2(fds[1], a.fd);

-    close(fds[1]);

-    fds[1] = -1;

-    if (r == -1) {

-	ret = -5;

-	goto err;

-    }

-    if (getfd != 1)

-	fcntl(a.fd, F_SETFD, getfd);

-    if (getfl & O_NONBLOCK)

-	(void)tls_socket_nonblocking(a.fd);

-    if (a.infofd != NULL)

-	*a.infofd = infofds[0];

-    return 0;

-  err:

-    if (fds[0] != -1)

-	close(fds[0]);

-    if (fds[1] != -1)

-	close(fds[1]);

-    if (infofds[0] != -1)

-	close(infofds[0]);

-    if (infofds[1] != -1)

-	close(infofds[1]);

-    return ret;

-}

-/*****************************************************************************/

-static char errbuf[TLS_ERROR_BUFSIZ];

-static size_t errbuf_i = 0;

-static void

-tls_errflush(void *apparg)

-{

-    if (errbuf_i == 0)

-	return;

-    assert(errbuf_i < sizeof errbuf);

-    assert(errbuf[errbuf_i] == 0);

-    if (errbuf_i == sizeof errbuf - 1) {

-	/* make sure we have a newline, even if string has been truncated */

-	errbuf[errbuf_i - 1] = '\n';

-    }

-    /* TLS_APP_ERRFLUSH may modify the string as needed,

-     * e.g. substitute other characters for \n for convenience */

-    TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);

-    errbuf_i = 0;

-}

-static void

-tls_errprintf(int flush, void *apparg, const char *fmt, ...)

-{

-    va_list args;

-    int r;

-    if (errbuf_i < sizeof errbuf - 1) {

-	size_t n;

-	va_start(args, fmt);

-	n = (sizeof errbuf) - errbuf_i;

-	r = vsnprintf(errbuf + errbuf_i, n, fmt, args);

-	if (r >= n)

-	    r = n - 1;

-	if (r >= 0) {

-	    errbuf_i += r;

-	} else {

-	    errbuf_i = sizeof errbuf - 1;

-	    errbuf[errbuf_i] = '\0';

-	}

-	assert(errbuf_i < sizeof errbuf);

-	assert(errbuf[errbuf_i] == 0);

-    }

-#ifndef TLS_CUMULATE_ERRORS

-    tls_errflush(apparg);

-#else

-    if (flush)

-	tls_errflush(apparg);

-#endif

-}

-/* app_prefix.. are for additional information provided by caller.

- * If OpenSSL error queue is empty, print default_text ("???" if NULL).

- */

-static char *

-tls_openssl_errors(const char *app_prefix_1, const char *app_prefix_2, const char *default_text, void *apparg)

-{

-    static char reasons[255];

-    size_t reasons_i;

-    unsigned long err;

-    const char *file;

-    int line;

-    const char *data;

-    int flags;

-    char *errstring;

-    int printed_something = 0;

-    reasons_i = 0;

-    assert(app_prefix_1 != NULL);

-    assert(app_prefix_2 != NULL);

-    if (default_text == NULL)

-	default_text = "?""?""?";

-    while ((err = ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) {

-	if (reasons_i < sizeof reasons) {

-	    size_t n;

-	    int r;

-	    n = (sizeof reasons) - reasons_i;

-	    r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err));

-	    if (r >= n)

-		r = n - 1;

-	    if (r >= 0) {

-		reasons_i += r;

-	    } else {

-		reasons_i = sizeof reasons;

-	    }

-	    assert(reasons_i <= sizeof reasons);

-	}

-	errstring = ERR_error_string(err, NULL);

-	assert(errstring != NULL);

-	tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", app_prefix_1, app_prefix_2, errstring, file, line, (flags & ERR_TXT_STRING) ? data : "");

-	printed_something = 1;

-    }

-    if (!printed_something) {

-	assert(reasons_i == 0);

-	snprintf(reasons, sizeof reasons, "%s", default_text);

-	tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text);

-    }

-#ifdef TLS_CUMULATE_ERRORS

-    tls_errflush(apparg);

-#endif

-    assert(errbuf_i == 0);

-    return reasons;

-}

-/*****************************************************************************/

-static int tls_init_done = 0;

-static int

-tls_init(void *apparg)

-{

-    if (tls_init_done)

-	return 0;

-    SSL_load_error_strings();

-    if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {

-	tls_errprintf(1, apparg, "SSL_library_init failed.\n");

-	return -1;

-    }

-    tls_init_done = 1;

-    tls_rand_seed();

-    return 0;

-}

-/*****************************************************************************/

-static void

-tls_rand_seed_uniquely(void)

-{

-    struct {

-	pid_t pid;

-	time_t time;

-	void *stack;

-    } data;

-    data.pid = getpid();

-    data.time = time(NULL);

-    data.stack = (void *)&data;

-    RAND_seed((const void *)&data, sizeof data);

-}

-void

-tls_rand_seed(void)

-{

-    struct {

-	struct utsname uname;

-	int uname_1;

-	int uname_2;

-	uid_t uid;

-	uid_t euid;

-	gid_t gid;

-	gid_t egid;

-    } data;

-    data.uname_1 = uname(&data.uname);

-    data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */

-    data.uid = getuid();

-    data.euid = geteuid();

-    data.gid = getgid();

-    data.egid = getegid();

-    RAND_seed((const void *)&data, sizeof data);

-    tls_rand_seed_uniquely();

-}

-static int tls_rand_seeded_p = 0;

-#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */

-int

-tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)

-{

-    /* Seed OpenSSL's random number generator from file.

-       Try to read n bytes if n > 0, whole file if n == 0. */

-    int r;

-    if (tls_init(apparg) == -1)

-	return -1;

-    tls_rand_seed();

-    r = RAND_load_file(filename, (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);

-    /* r is the number of bytes filled into the random number generator,

-     * which are taken from "stat(filename, ...)" in addition to the

-     * file contents.

-     */

-    assert(1 < my_MIN_SEED_BYTES);

-    /* We need to detect at least those cases when the file does not exist

-     * at all.  With current versions of OpenSSL, this should do it: */

-    if (n == 0)

-	n = my_MIN_SEED_BYTES;

-    if (r < n) {

-	tls_errprintf(1, apparg, "rand_seed_from_file: could not read %d bytes from %s.\n", n, filename);

-	return -1;

-    } else {

-	tls_rand_seeded_p = 1;

-	return 0;

-    }

-}

-void

-tls_rand_seed_from_memory(const void *buf, size_t n)

-{

-    size_t i = 0;

-    while (i < n) {

-	size_t rest = n - i;

-	int chunk = rest < INT_MAX ? (int)rest : INT_MAX;

-	RAND_seed((const char *)buf + i, chunk);

-	i += chunk;

-    }

-    tls_rand_seeded_p = 1;

-}

-/*****************************************************************************/

-struct tls_x509_name_string {

-    char str[100];

-};

-static void

-tls_get_x509_subject_name_oneline(X509 *cert, struct tls_x509_name_string *namestring)

-{

-    X509_NAME *name;

-    if (cert == NULL) {

-	namestring->str[0] = '\0';

-	return;

-    }

-    name = X509_get_subject_name(cert); /* does not increment any reference counter */

-    assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */

-    if (name == NULL) {

-	namestring->str[0] = '?';

-	namestring->str[1] = 0;

-    } else {

-	size_t len;

-	X509_NAME_oneline(name, namestring->str, sizeof namestring->str);

-	len = strlen(namestring->str);

-	assert(namestring->str[len] == 0);

-	assert(len < sizeof namestring->str);

-	if (len+1 == sizeof namestring->str) {

-	    /* (Probably something was cut off.)

-	     * Does not really work -- X509_NAME_oneline truncates after

-	     * name components, we cannot tell from the result whether

-	     * anything is missing. */

-	    assert(namestring->str[len] == 0);

-	    namestring->str[--len] = '.';

-	    namestring->str[--len] = '.';

-	    namestring->str[--len] = '.';

-	}

-    }

-}

-/*****************************************************************************/

-/* to hinder OpenSSL from asking for passphrases */

-static int

-no_passphrase_callback(char *buf, int num, int w, void *arg)

-{

-    return -1;

-}

-#if OPENSSL_VERSION_NUMBER >= 0x00907000L

-static int

-verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)

-#else

-static int

-verify_dont_fail_cb(X509_STORE_CTX *c)

-#endif

-{

-    int i;

-    i = X509_verify_cert(c); /* sets c->error */

-#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified

-					   * certificates -- they could

-					   * survive session reuse, but

-					   * OpenSSL < 0.9.5-dev does not

-					   * preserve their verify_result */

-    if (i == 0)

-	return 1;

-    else

-#endif

-	return i;

-}

-static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it just once */

-void

-tls_set_dhe1024(int i, void *apparg)

-{

-    DSA *dsaparams;

-    DH *dhparams;

-    const char *seed[] = { ";-)  :-(  :-)  :-(  ",

-			   ";-)  :-(  :-)  :-(  ",

-			   "Random String no. 12",

-			   ";-)  :-(  :-)  :-(  ",

-			   "hackers have even mo", /* from jargon file */

-    };

-    unsigned char seedbuf[20];

-    tls_init(apparg);

-    if (i >= 0) {

-	i %= sizeof seed / sizeof seed[0];

-	assert(strlen(seed[i]) == 20);

-	memcpy(seedbuf, seed[i], 20);

-	dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);

-    } else {

-	/* random parameters (may take a while) */

-	dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);

-    }

-    if (dsaparams == NULL) {

-	tls_openssl_errors("", "", NULL, apparg);

-	return;

-    }

-    dhparams = DSA_dup_DH(dsaparams);

-    DSA_free(dsaparams);

-    if (dhparams == NULL) {

-	tls_openssl_errors("", "", NULL, apparg);

-	return;

-    }

-    if (tls_dhe1024 != NULL)

-	DH_free(tls_dhe1024);

-    tls_dhe1024 = dhparams;

-}

-struct tls_create_ctx_args

-tls_create_ctx_defaultargs(void)

-{

-	struct tls_create_ctx_args ret;

-	ret.client_p = 0;

-	ret.certificate_file = NULL;

-	ret.key_file = NULL;

-	ret.ca_file = NULL;

-	ret.verify_depth = -1;

-	ret.fail_unless_verified = 0;

-	ret.export_p = 0;

-	return ret;

-}

-SSL_CTX *

-tls_create_ctx(struct tls_create_ctx_args a, void *apparg)

-{

-    int r;

-    static long context_num = 0;

-    SSL_CTX *ret;

-    const char *err_pref_1 = "", *err_pref_2 = "";

-    if (tls_init(apparg) == -1)

-	return NULL;

-    ret = SSL_CTX_new((a.client_p? SSLv23_client_method:SSLv23_server_method)());

-    if (ret == NULL)

-	goto err;

-    SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);

-    SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);

-    if ((a.certificate_file != NULL) || (a.key_file != NULL)) {

-	if (a.key_file == NULL) {

-	    tls_errprintf(1, apparg, "Need a key file.\n");

-	    goto err_return;

-	}

-	if (a.certificate_file == NULL) {

-	    tls_errprintf(1, apparg, "Need a certificate chain file.\n");

-	    goto err_return;

-	}

-	if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))

-	    goto err;

-	if (!tls_rand_seeded_p) {

-	    /* particularly paranoid people may not like this --

-	     * so provide your own random seeding before calling this */

-	    if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)

-		goto err_return;

-	}

-	if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))

-	    goto err;

-	if (!SSL_CTX_check_private_key(ret)) {

-	    tls_errprintf(1, apparg, "Private key \"%s\" does not match certificate \"%s\".\n", a.key_file, a.certificate_file);

-	    goto err_peek;

-	}

-    }

-    if ((a.ca_file != NULL) || (a.verify_depth > 0)) {

-	context_num++;

-	r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, (unsigned int)sizeof context_num);

-	if (!r)

-	    goto err;

-	SSL_CTX_set_verify(ret, SSL_VERIFY_PEER | (a.fail_unless_verified ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), 0);

-	if (!a.fail_unless_verified)

-	    SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);

-	if (a.verify_depth > 0)

-	    SSL_CTX_set_verify_depth(ret, a.verify_depth);

-	if (a.ca_file != NULL) {

-	    r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */

-	    if (!r) {

-		err_pref_1 = " while processing certificate file ";

-		err_pref_2 = a.ca_file;

-		goto err;

-	    }

-	    if (!a.client_p) {

-		/* SSL_load_client_CA_file is a misnomer, it just creates a list of CNs. */

-		SSL_CTX_set_client_CA_list(ret, SSL_load_client_CA_file(a.ca_file));

-		/* SSL_CTX_set_client_CA_list does not have a return value;

-		 * it does not really need one, but make sure

-		 * (we really test if SSL_load_client_CA_file worked) */

-		if (SSL_CTX_get_client_CA_list(ret) == NULL) {

-		    tls_errprintf(1, apparg, "Could not set client CA list from \"%s\".\n", a.ca_file);

-		    goto err_peek;

-		}

-	    }

-	}

-    }

-    if (!a.client_p) {

-	if (tls_dhe1024 == NULL) {

-	    int i;

-	    RAND_bytes((unsigned char *) &i, sizeof i);

-	    /* make sure that i is non-negative -- pick one of the provided

-	     * seeds */

-	    if (i < 0)

-		i = -i;

-	    if (i < 0)

-		i = 0;

-	    tls_set_dhe1024(i, apparg);

-	    if (tls_dhe1024 == NULL)

-		goto err_return;

-	}

-	if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))

-	    goto err;

-	/* avoid small subgroup attacks: */

-	SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);

-    }

-#ifndef NO_RSA

-    if (!a.client_p && a.export_p) {

-	RSA *tmpkey;

-	tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);

-	if (tmpkey == NULL)

-	    goto err;

-	if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {

-	    RSA_free(tmpkey);

-	    goto err;

-	}

-	RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */

-    }

-#endif

-    return ret;

- err_peek:

-    if (!ERR_peek_error())

-	goto err_return;

- err:

-    tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);

- err_return:

-    if (ret != NULL)

-	SSL_CTX_free(ret);

-    return NULL;

-}

-/*****************************************************************************/

-static int

-tls_socket_nonblocking(int fd)

-{

-    int v, r;

-    v = fcntl(fd, F_GETFL, 0);

-    if (v == -1) {

-	if (errno == EINVAL)

-	    return 0; /* already shut down -- ignore */

-	return -1;

-    }

-    r = fcntl(fd, F_SETFL, v | O_NONBLOCK);

-    if (r == -1) {

-	if (errno == EINVAL)

-	    return 0; /* already shut down -- ignore */

-	return -1;

-    }

-    return 0;

-}

-static int

-max(int a, int b)

-{

-    return a > b ? a : b;

-}

-static void

-tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, int write_select_2, int seconds /* timeout, -1 means no timeout */)

-{

-    int maxfd, n;

-    fd_set reads, writes;

-    struct timeval timeout;

-    struct timeval *timeout_p;

-    assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 && write_select_2 >= -1);

-    assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE -1 && write_select_1 < FD_SETSIZE -1 && write_select_2 < FD_SETSIZE -1);

-    maxfd = max(max(read_select_1, read_select_2), max(write_select_1, write_select_2));

-    assert(maxfd >= 0);

-    FD_ZERO(&reads);

-    FD_ZERO(&writes);

-    for(n = 0; n < 4; ++n) {

-	int i = n % 2;

-	int w = n >= 2;

-	/* loop over all (i, w) in {0,1}x{0,1} */

-	int fd;

-	if (i == 0 && w == 0)

-	    fd = read_select_1;

-	else if (i == 1 && w == 0)

-	    fd = read_select_2;

-	else if (i == 0 && w == 1)

-	    fd = write_select_1;

-	else {

-	    assert(i == 1 && w == 1);

-	    fd = write_select_2;

-	}

-	if (fd >= 0) {

-	    if (w == 0)

-		FD_SET(fd, &reads);

-	    else /* w == 1 */

-		FD_SET(fd, &writes);

-	}

-    }

-    if (seconds >= 0) {

-	timeout.tv_sec = seconds;

-	timeout.tv_usec = 0;

-	timeout_p = &timeout;

-    } else

-	timeout_p = NULL;

-    DEBUG_MSG2("select no.", ++tls_select_count);

-    select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);

-    DEBUG_MSG("cont.");

-}

-/*****************************************************************************/

-#define TUNNELBUFSIZE (16*1024)

-struct tunnelbuf {

-    char buf[TUNNELBUFSIZE];

-    size_t len;

-    size_t offset;

-};

-static int tls_connect_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);

-static int tls_accept_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);

-static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);

-static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);

-static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);

-static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);

-static void write_info(SSL *ssl, int *info_fd)

-{

-    if (*info_fd != -1) {

-	long v;

-	int v_ok;

-	struct tls_x509_name_string peer;

-	char infobuf[TLS_INFO_SIZE];

-	int r;

-	DEBUG_MSG("write_info");

-	v = SSL_get_verify_result(ssl);

-	v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */

-	{

-	    X509 *peercert;

-	    peercert = SSL_get_peer_certificate(ssl);

-	    tls_get_x509_subject_name_oneline(peercert, &peer);

-	    if (peercert != NULL)

-		X509_free(peercert);

-	}

-	if (peer.str[0] == '\0')

-	    v_ok = '0'; /* no cert at all */

-	else

-	    if (strchr(peer.str, '\n')) {

-		/* should not happen, but make sure */

-		*strchr(peer.str, '\n') = '\0';

-	    }

-	r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str);

-	DEBUG_MSG2("snprintf", r);

-	if (r == -1 || r >= sizeof infobuf)

-	    r = sizeof infobuf - 1;

-	write(*info_fd, infobuf, r);

-	close (*info_fd);

-	*info_fd = -1;

-    }

-}

-/* tls_proxy expects that all fds are closed after return */

-static void

-tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)

-{

-    struct tunnelbuf clear_to_tls, tls_to_clear;

-    SSL *ssl;

-    BIO *rbio, *wbio;

-    int closed, in_handshake;

-    const char *err_pref_1 = "", *err_pref_2 = "";

-    const char *err_def = NULL;

-    assert(clear_fd != -1);

-    assert(tls_fd != -1);

-    assert(clear_fd < FD_SETSIZE);

-    assert(tls_fd < FD_SETSIZE);

-    /* info_fd may be -1 */

-    assert(ctx != NULL);

-    tls_rand_seed_uniquely();

-    tls_socket_nonblocking(clear_fd);

-    DEBUG_MSG2("clear_fd", clear_fd);

-    tls_socket_nonblocking(tls_fd);

-    DEBUG_MSG2("tls_fd", tls_fd);

-    ssl = SSL_new(ctx);

-    if (ssl == NULL)

-	goto err;

-    DEBUG_MSG("SSL_new");

-    if (!SSL_set_fd(ssl, tls_fd))

-	goto err;

-    rbio = SSL_get_rbio(ssl);

-    wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */

-    assert(rbio != NULL);

-    assert(wbio != NULL);

-    if (client_p)

-	SSL_set_connect_state(ssl);

-    else

-	SSL_set_accept_state(ssl);

-    closed = 0;

-    in_handshake = 1;

-    tls_to_clear.len = 0;

-    tls_to_clear.offset = 0;

-    clear_to_tls.len = 0;

-    clear_to_tls.offset = 0;

-    err_def = "I/O error";

-    /* loop finishes as soon as we detect that one side closed;

-     * when all (program and OS) buffers have enough space,

-     * the data from the last succesful read in each direction is transferred

-     * before close */

-    do {

-	int clear_read_select = 0, clear_write_select = 0,

-	    tls_read_select = 0, tls_write_select = 0,

-	    progress = 0;

-	int r;

-	unsigned long num_read = BIO_number_read(rbio),

-	    num_written = BIO_number_written(wbio);

-	DEBUG_MSG2("loop iteration", ++tls_loop_count);

-	if (in_handshake) {

-	    DEBUG_MSG("in_handshake");

-	    if (client_p)

-		r = tls_connect_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);

-	    else

-		r = tls_accept_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);

-	    if (r != 0) {

-		write_info(ssl, &info_fd);

-		goto err;

-	    }

-	    if (closed)

-		goto err_return;

-	    if (!SSL_in_init(ssl)) {

-		in_handshake = 0;

-		write_info(ssl, &info_fd);

-	    }

-	}

-	if (clear_to_tls.len != 0 && !in_handshake) {

-	    assert(!closed);

-	    r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);

-	    if (r != 0)

-		goto err;

-	    if (closed) {

-		assert(progress);

-		tls_to_clear.offset = 0;

-		tls_to_clear.len = 0;

-	    }

-	}

-	if (tls_to_clear.len != 0) {

-	    assert(!closed);

-	    r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, &closed, &progress);

-	    if (r != 0)

-		goto err_return;

-	    if (closed) {

-		assert(progress);

-		clear_to_tls.offset = 0;

-		clear_to_tls.len = 0;

-	    }

-	}

-	if (!closed) {

-	    if (clear_to_tls.offset + clear_to_tls.len < sizeof clear_to_tls.buf) {

-		r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress);

-		if (r != 0)

-		    goto err_return;

-		if (closed) {

-		    r = SSL_shutdown(ssl);

-		    DEBUG_MSG2("SSL_shutdown", r);

-		}

-	    }

-	}

-	if (!closed && !in_handshake) {

-	    if (tls_to_clear.offset + tls_to_clear.len < sizeof tls_to_clear.buf) {

-		r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);

-		if (r != 0)

-		    goto err;

-		if (closed) {

-		    r = SSL_shutdown(ssl);

-		    DEBUG_MSG2("SSL_shutdown", r);

-		}

-	    }

-	}

-	if (!progress) {

-	    DEBUG_MSG("!progress?");

-	    if (num_read != BIO_number_read(rbio) || num_written != BIO_number_written(wbio))

-		progress = 1;

-	    if (!progress) {

-		DEBUG_MSG("!progress");

-		assert(clear_read_select || tls_read_select || clear_write_select || tls_write_select);

-		tls_sockets_select(clear_read_select ? clear_fd : -1, tls_read_select ? tls_fd : -1, clear_write_select ? clear_fd : -1, tls_write_select ? tls_fd : -1, -1);

-	    }

-	}

-    } while (!closed);

-    return;

- err:

-    tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);

- err_return:

-    return;

-}

-static int

-tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, int *closed, int *progress)

-{

-    int err = SSL_get_error(ssl, r);

-    if (err == SSL_ERROR_NONE) {

-	assert(r > 0);

-	*progress = 1;

-	return 0;

-    }

-    assert(r <= 0);

-    switch (err) {

-    case SSL_ERROR_ZERO_RETURN:

-	assert(r == 0);

-	*closed = 1;

-	*progress = 1;

-	return 0;

-    case SSL_ERROR_WANT_WRITE:

-	*write_select = 1;

-	return 0;

-    case SSL_ERROR_WANT_READ:

-	*read_select = 1;

-	return 0;

-    }

-    return -1;

-}

-static int

-tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)

-{

-    int n, r;

-    DEBUG_MSG("tls_connect_attempt");

-    n = SSL_connect(ssl);

-    DEBUG_MSG2("SSL_connect",n);

-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);

-    if (r == -1)

-	*err_pref = " during SSL_connect";

-    return r;

-}

-static int

-tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)

-{

-    int n, r;

-    DEBUG_MSG("tls_accept_attempt");

-    n = SSL_accept(ssl);

-    DEBUG_MSG2("SSL_accept",n);

-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);

-    if (r == -1)

-	*err_pref = " during SSL_accept";

-    return r;

-}

-static int

-tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)

-{

-    int n, r;

-    DEBUG_MSG("tls_write_attempt");

-    n = SSL_write(ssl, buf->buf + buf->offset, buf->len);

-    DEBUG_MSG2("SSL_write",n);

-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);

-    if (n > 0) {

-	buf->len -= n;

-	assert(buf->len >= 0);

-	if (buf->len == 0)

-	    buf->offset = 0;

-	else

-	    buf->offset += n;

-    }

-    if (r == -1)

-	*err_pref = " during SSL_write";

-    return r;

-}

-static int

-tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)

-{

-    int n, r;

-    size_t total;

-    DEBUG_MSG("tls_read_attempt");

-    total = buf->offset + buf->len;

-    assert(total < sizeof buf->buf);

-    n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);

-    DEBUG_MSG2("SSL_read",n);

-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);

-    if (n > 0) {

-	buf->len += n;

-	assert(buf->offset + buf->len <= sizeof buf->buf);

-    }

-    if (r == -1)

-	*err_pref = " during SSL_read";

-    return r;

-}

-static int

-get_error(int r, int *select, int *closed, int *progress)

-{

-    if (r >= 0) {

-	*progress = 1;

-	if (r == 0)

-	    *closed = 1;

-	return 0;

-    } else {

-	assert(r == -1);

-	if (errno == EAGAIN || errno == EWOULDBLOCK) {

-	    *select = 1;

-	    return 0;

-	} else if (errno == EPIPE) {

-	    *progress = 1;

-	    *closed = 1;

-	    return 0;

-	} else

-	    return -1;

-    }

-}

-static int write_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)

-{

-    int n, r;

-    DEBUG_MSG("write_attempt");

-    n = write(fd, buf->buf + buf->offset, buf->len);

-    DEBUG_MSG2("write",n);

-    r = get_error(n, select, closed, progress);

-    if (n > 0) {

-	buf->len -= n;

-	assert(buf->len >= 0);

-	if (buf->len == 0)

-	    buf->offset = 0;

-	else

-	    buf->offset += n;

-    }

-    if (r == -1)

-	tls_errprintf(1, tls_child_apparg, "write error: %s\n", strerror(errno));

-    return r;

-}

-static int

-read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)

-{

-    int n, r;

-    size_t total;

-    DEBUG_MSG("read_attempt");

-    total = buf->offset + buf->len;

-    assert(total < sizeof buf->buf);

-    n = read(fd, buf->buf + total, (sizeof buf->buf) - total);

-    DEBUG_MSG2("read",n);

-    r = get_error(n, select, closed, progress);

-    if (n > 0) {

-	buf->len += n;

-	assert(buf->offset + buf->len <= sizeof buf->buf);

-    }

-    if (r == -1)

-	tls_errprintf(1, tls_child_apparg, "read error: %s\n", strerror(errno));

-    return r;

-}

--- a/sys/src/ape/lib/openssl/demos/easy_tls/easy-tls.h

+++ /dev/null

@@ -1,57 +1,0 @@

-/* -*- Mode: C; c-file-style: "bsd" -*- */

-/*

- * easy-tls.h -- generic TLS proxy.

- * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $

- */

-/*

- * (c) Copyright 1999 Bodo Moeller.  All rights reserved.

- */

-#ifndef HEADER_TLS_H

-#define HEADER_TLS_H

-#ifndef HEADER_SSL_H

-typedef struct ssl_ctx_st SSL_CTX;

-#endif

-#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */

-void tls_set_dhe1024(int i, void* apparg);

-/* Generate DHE parameters:

- * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).

- * tls_create_ctx calls this with random non-negative i if the application

- * has never called it.*/

-void tls_rand_seed(void);

-int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);

-void tls_rand_seed_from_memory(const void *buf, size_t n);

-struct tls_create_ctx_args

-{

-    int client_p;

-    const char *certificate_file;

-    const char *key_file;

-    const char *ca_file;

-    int verify_depth;

-    int fail_unless_verified;

-    int export_p;

-};

-struct tls_create_ctx_args tls_create_ctx_defaultargs(void);

-/* struct tls_create_ctx_args is similar to a conventional argument list,

- * but it can provide default values and allows for future extension. */

-SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);

-struct tls_start_proxy_args

-{

-    int fd;

-    int client_p;

-    SSL_CTX *ctx;

-    pid_t *pid;

-    int *infofd;

-};

-struct tls_start_proxy_args tls_start_proxy_defaultargs(void);

-/* tls_start_proxy return value *MUST* be checked!

- * 0 means ok, otherwise we've probably run out of some resources. */

-int tls_start_proxy(struct tls_start_proxy_args, void *apparg);

-#endif

--- a/sys/src/ape/lib/openssl/demos/easy_tls/test.c

+++ /dev/null

@@ -1,244 +1,0 @@

-/* test.c */

-/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */

-#define L_PORT 9999

-#define C_PORT 443

-#include <arpa/inet.h>

-#include <assert.h>

-#include <errno.h>

-#include <fcntl.h>

-#include <netinet/in.h>

-#include <netinet/tcp.h>

-#include <stdlib.h>

-#include <stdio.h>

-#include <string.h>

-#include <sys/select.h>

-#include <sys/socket.h>

-#include <unistd.h>

-#include "test.h"

-#include "easy-tls.h"

-void

-test_process_init(int fd, int client_p, void *apparg)

-{

-    fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);

-}

-void

-test_errflush(int child_p, char *errbuf, size_t num, void *apparg)

-{

-    fputs(errbuf, stderr);

-}

-int

-main(int argc, char *argv[])

-{

-    int s, fd, r;

-    FILE *conn_in;

-    FILE *conn_out;

-    char buf[256];

-    SSL_CTX *ctx;

-    int client_p = 0;

-    int port;

-    int tls = 0;

-    char infobuf[TLS_INFO_SIZE + 1];

-    if (argc > 1 && argv[1][0] == '-') {

-	fputs("Usage: test [port]                   -- server\n"

-	      "       test num.num.num.num [port]   -- client\n",

-	      stderr);

-	exit(1);

-    }

-    if (argc > 1) {

-	if (strchr(argv[1], '.')) {

-	    client_p = 1;

-	}

-    }

-    fputs(client_p ? "Client\n" : "Server\n", stderr);

-    {

-	struct tls_create_ctx_args a = tls_create_ctx_defaultargs();

-	a.client_p = client_p;

-	a.certificate_file = "cert.pem";

-	a.key_file = "cert.pem";

-	a.ca_file = "cacerts.pem";

-	ctx = tls_create_ctx(a, NULL);

-	if (ctx == NULL)

-	    exit(1);

-    }

-    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

-    if (s == -1) {

-	perror("socket");

-	exit(1);

-    }

-    if (client_p) {

-	struct sockaddr_in addr;

-	size_t addr_len = sizeof addr;

-	addr.sin_family = AF_INET;

-	assert(argc > 1);

-	if (argc > 2)

-	    sscanf(argv[2], "%d", &port);

-	else

-	    port = C_PORT;

-	addr.sin_port = htons(port);

-	addr.sin_addr.s_addr = inet_addr(argv[1]);

-	r = connect(s, &addr, addr_len);

-	if (r != 0) {

-	    perror("connect");

-	    exit(1);

-	}

-	fd = s;

-	fprintf(stderr, "Connect (fd = %d).\n", fd);

-    } else {

-	/* server */

-	{

-	    int i = 1;

-	    r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);

-	    if (r == -1) {

-		perror("setsockopt");

-		exit(1);

-	    }

-	}

-	{

-	    struct sockaddr_in addr;

-	    size_t addr_len = sizeof addr;

-	    if (argc > 1)

-		sscanf(argv[1], "%d", &port);

-	    else

-		port = L_PORT;

-	    addr.sin_family = AF_INET;

-	    addr.sin_port = htons(port);

-	    addr.sin_addr.s_addr = INADDR_ANY;

-	    r = bind(s, &addr, addr_len);

-	    if (r != 0) {

-		perror("bind");

-		exit(1);

-	    }

-	}

-	r = listen(s, 1);

-	if (r == -1) {

-	    perror("listen");

-	    exit(1);

-	}

-	fprintf(stderr, "Listening at port %i.\n", port);

-	fd = accept(s, NULL, 0);

-	if (fd == -1) {

-	    perror("accept");

-	    exit(1);

-	}

-	fprintf(stderr, "Accept (fd = %d).\n", fd);

-    }

-    conn_in = fdopen(fd, "r");

-    if (conn_in == NULL) {

-	perror("fdopen");

-	exit(1);

-    }

-    conn_out = fdopen(fd, "w");

-    if (conn_out == NULL) {

-	perror("fdopen");

-	exit(1);

-    }

-    setvbuf(conn_in, NULL, _IOLBF, 256);

-    setvbuf(conn_out, NULL, _IOLBF, 256);

-    while (fgets(buf, sizeof buf, stdin) != NULL) {

-	if (buf[0] == 'W') {

-	    fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);

-	    fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);

-	} else if (buf[0] == 'C') {

-	    fprintf(stderr, "Closing.\n");

-	    fclose(conn_in);

-	    fclose(conn_out);

-	    exit(0);

-	} else if (buf[0] == 'R') {

-	    int lines = 0;

-	    sscanf(buf + 1, "%d", &lines);

-	    do {

-		if (fgets(buf, sizeof buf, conn_in) == NULL) {

-		    if (ferror(conn_in)) {

-			fprintf(stderr, "ERROR\n");

-			exit(1);

-		    }

-		    fprintf(stderr, "CLOSED\n");

-		    return 0;

-		}

-		fprintf(stderr, "<<< %s", buf);

-	    } while (--lines > 0);

-	} else if (buf[0] == 'T') {

-	    int infofd;

-	    tls++;

-	    {

-		struct tls_start_proxy_args a = tls_start_proxy_defaultargs();

-		a.fd = fd;

-		a.client_p = client_p;

-		a.ctx = ctx;

-		a.infofd = &infofd;

-		r = tls_start_proxy(a, NULL);

-	    }

-	    assert(r != 1);

-	    if (r != 0) {

-		fprintf(stderr, "tls_start_proxy failed: %d\n", r);

-		switch (r) {

-		case -1:

-		    fputs("socketpair", stderr); break;

-		case 2:

-		    fputs("FD_SETSIZE exceeded", stderr); break;

-		case -3:

-		    fputs("pipe", stderr); break;

-		case -4:

-		    fputs("fork", stderr); break;

-		case -5:

-		    fputs("dup2", stderr); break;

-		default:

-		    fputs("?", stderr);

-		}

-		if (r < 0)

-		    perror("");

-		else

-		    fputc('\n', stderr);

-		exit(1);

-	    }

-	    r = read(infofd, infobuf, sizeof infobuf - 1);

-	    if (r > 0) {

-		const char *info = infobuf;

-		const char *eol;

-		infobuf[r] = '\0';

-		while ((eol = strchr(info, '\n')) != NULL) {

-		    fprintf(stderr, "+++ `%.*s'\n", eol - info, info);

-		    info = eol+1;

-		}

-		close (infofd);

-	    }

-	} else {

-	    fprintf(stderr, "W...  write line to network\n"

-		    "R[n]  read line (n lines) from network\n"

-		    "C     close\n"

-		    "T     start %sTLS proxy\n", tls ? "another " : "");

-	}

-    }

-    return 0;

-}

--- a/sys/src/ape/lib/openssl/demos/easy_tls/test.h

+++ /dev/null

@@ -1,11 +1,0 @@

-/* test.h */

-/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */

-void test_process_init(int fd, int client_p, void *apparg);

-#define TLS_APP_PROCESS_INIT test_process_init

-#undef TLS_CUMULATE_ERRORS

-void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);

-#define TLS_APP_ERRFLUSH test_errflush

--- a/sys/src/ape/lib/openssl/demos/eay/Makefile

+++ /dev/null

@@ -1,24 +1,0 @@

-CC=cc

-CFLAGS= -g -I../../include

-#LIBS=  -L../.. -lcrypto -lssl

-LIBS= -L../.. ../../libssl.a ../../libcrypto.a

-# the file conn.c requires a file "proxy.h" which I couldn't find...

-#EXAMPLES=base64 conn loadrsa

-EXAMPLES=base64 loadrsa

-all: $(EXAMPLES)

-base64: base64.o

-	$(CC) -o base64 base64.o $(LIBS)

-#

-# sorry... can't find "proxy.h"

-#conn: conn.o

-#	$(CC) -o conn conn.o $(LIBS)

-loadrsa: loadrsa.o

-	$(CC) -o loadrsa loadrsa.o $(LIBS)

-clean:

-	rm -f $(EXAMPLES) *.o

--- a/sys/src/ape/lib/openssl/demos/eay/base64.c

+++ /dev/null

@@ -1,49 +1,0 @@

-/* This is a simple example of using the base64 BIO to a memory BIO and then

- * getting the data.

- */

-#include <stdio.h>

-#include <openssl/bio.h>

-#include <openssl/evp.h>

-main()

-	{

-	int i;

-	BIO *mbio,*b64bio,*bio;

-	char buf[512];

-	char *p;

-	mbio=BIO_new(BIO_s_mem());

-	b64bio=BIO_new(BIO_f_base64());

-	bio=BIO_push(b64bio,mbio);

-	/* We now have bio pointing at b64->mem, the base64 bio encodes on

-	 * write and decodes on read */

-	for (;;)

-		{

-		i=fread(buf,1,512,stdin);

-		if (i <= 0) break;

-		BIO_write(bio,buf,i);

-		}

-	/* We need to 'flush' things to push out the encoding of the

-	 * last few bytes.  There is special encoding if it is not a

-	 * multiple of 3

-	 */

-	BIO_flush(bio);

-	printf("We have %d bytes available\n",BIO_pending(mbio));

-	/* We will now get a pointer to the data and the number of elements. */

-	/* hmm... this one was not defined by a macro in bio.h, it will be for

-	 * 0.9.1.  The other option is too just read from the memory bio.

-	 */

-	i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p);

-	printf("%d\n",i);

-	fwrite("---\n",1,4,stdout);

-	fwrite(p,1,i,stdout);

-	fwrite("---\n",1,4,stdout);

-	/* This call will walk the chain freeing all the BIOs */

-	BIO_free_all(bio);

-	}

--- a/sys/src/ape/lib/openssl/demos/eay/conn.c

+++ /dev/null

@@ -1,105 +1,0 @@

-/* NOCW */

-/* demos/eay/conn.c */

-/* A minimal program to connect to a port using the sock4a protocol.

- *

- * cc -I../../include conn.c -L../.. -lcrypto

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/err.h>

-#include <openssl/bio.h>

-/* #include "proxy.h" */

-extern int errno;

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	PROXY *pxy;

-	char *host;

-	char buf[1024*10],*p;

-	BIO *bio;

-	int i,len,off,ret=1;

-	if (argc <= 1)

-		host="localhost:4433";

-	else

-		host=argv[1];

-	/* Lets get nice error messages */

-	ERR_load_crypto_strings();

-	/* First, configure proxy settings */

-	pxy=PROXY_new();

-	PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080");

-	bio=BIO_new(BIO_s_socks4a_connect());

-	BIO_set_conn_hostname(bio,host);

-	BIO_set_proxies(bio,pxy);

-	BIO_set_socks_userid(bio,"eay");

-	BIO_set_nbio(bio,1);

-	p="GET / HTTP/1.0\r\n\r\n";

-	len=strlen(p);

-	off=0;

-	for (;;)

-		{

-		i=BIO_write(bio,&(p[off]),len);

-		if (i <= 0)

-			{

-			if (BIO_should_retry(bio))

-				{

-				fprintf(stderr,"write DELAY\n");

-				sleep(1);

-				continue;

-				}

-			else

-				{

-				goto err;

-				}

-			}

-		off+=i;

-		len-=i;

-		if (len <= 0) break;

-		}

-	for (;;)

-		{

-		i=BIO_read(bio,buf,sizeof(buf));

-		if (i == 0) break;

-		if (i < 0)

-			{

-			if (BIO_should_retry(bio))

-				{

-				fprintf(stderr,"read DELAY\n");

-				sleep(1);

-				continue;

-				}

-			goto err;

-			}

-		fwrite(buf,1,i,stdout);

-		}

-	ret=1;

-	if (0)

-		{

-err:

-		if (ERR_peek_error() == 0) /* system call error */

-			{

-			fprintf(stderr,"errno=%d ",errno);

-			perror("error");

-			}

-		else

-			ERR_print_errors_fp(stderr);

-		}

-	BIO_free_all(bio);

-	if (pxy != NULL) PROXY_free(pxy);

-	exit(!ret);

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/demos/eay/loadrsa.c

+++ /dev/null

@@ -1,53 +1,0 @@

-#include <stdio.h>

-#include <openssl/rsa.h>

-/* This is a simple program to generate an RSA private key.  It then

- * saves both the public and private key into a char array, then

- * re-reads them.  It saves them as DER encoded binary data.

- */

-void callback(stage,count,arg)

-int stage,count;

-char *arg;

-	{

-	FILE *out;

-	out=(FILE *)arg;

-	fprintf(out,"%d",stage);

-	if (stage == 3)

-		fprintf(out,"\n");

-	fflush(out);

-	}

-main()

-	{

-	RSA *rsa,*pub_rsa,*priv_rsa;

-	int len;

-	unsigned char buf[1024],*p;

-	rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout);

-	p=buf;

-	/* Save the public key into buffer, we know it will be big enough

-	 * but we should really check how much space we need by calling the

-	 * i2d functions with a NULL second parameter */

-	len=i2d_RSAPublicKey(rsa,&p);

-	len+=i2d_RSAPrivateKey(rsa,&p);

-	printf("The public and private key are now both in a char array\n");

-	printf("and are taking up %d bytes\n",len);

-	RSA_free(rsa);

-	p=buf;

-	pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len);

-	len-=(p-buf);

-	priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len);

-	if ((pub_rsa == NULL) || (priv_rsa == NULL))

-		ERR_print_errors_fp(stderr);

-	RSA_free(pub_rsa);

-	RSA_free(priv_rsa);

-	}

--- a/sys/src/ape/lib/openssl/demos/engines/cluster_labs/Makefile

+++ /dev/null

@@ -1,114 +1,0 @@

-LIBNAME=	libclabs

-SRC=		hw_cluster_labs.c

-OBJ=		hw_cluster_labs.o

-HEADER=		hw_cluster_labs.h

-CC=		gcc

-PIC=		-fPIC

-CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC

-AR=		ar r

-RANLIB=		ranlib

-LIB=		$(LIBNAME).a

-SHLIB=		$(LIBNAME).so

-all:

-		@echo 'Please choose a system to build on:'

-		@echo ''

-		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'

-		@echo 'solaris:  Solaris'

-		@echo 'irix:     IRIX'

-		@echo 'hpux32:   32-bit HP/UX'

-		@echo 'hpux64:   64-bit HP/UX'

-		@echo 'aix:      AIX'

-		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'

-		@echo ''

-FORCE.update:

-update:		FORCE.update

-		perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \

-			-nostatic -staticloader -write hw_cluster_labs.c

-gnu:		$(SHLIB).gnu

-tru64:		$(SHLIB).tru64

-solaris:	$(SHLIB).solaris

-irix:		$(SHLIB).irix

-hpux32:		$(SHLIB).hpux32

-hpux64:		$(SHLIB).hpux64

-aix:		$(SHLIB).aix

-$(LIB):		$(OBJ)

-		$(AR) $(LIB) $(OBJ)

-		- $(RANLIB) $(LIB)

-LINK_SO=	\

-  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \

-  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \

-   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)

-$(SHLIB).gnu:	$(LIB)

-		ALLSYMSFLAGS='--whole-archive' \

-		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).gnu

-$(SHLIB).tru64:	$(LIB)

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).tru64

-$(SHLIB).solaris:	$(LIB)

-		ALLSYMSFLAGS='-z allextract' \

-		SHAREDFLAGS='-G -h $(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).solaris

-$(SHLIB).irix:	$(LIB)

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).irix

-$(SHLIB).hpux32:	$(LIB)

-		ALLSYMSFLAGS='-Fl' \

-		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux32

-$(SHLIB).hpux64:	$(LIB)

-		ALLSYMSFLAGS='+forceload' \

-		SHAREDFLAGS='-b -z +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux64

-$(SHLIB).aix:	$(LIB)

-		ALLSYMSFLAGS='-bnogc' \

-		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).aix

-depend:

-		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp

-		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp

-		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp

-		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new

-		rm -f Makefile.tmp Makefile

-		mv Makefile.new Makefile

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h

-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h

-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h

-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h

-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h

-rsaref.o: ../../../include/openssl/opensslconf.h

-rsaref.o: ../../../include/openssl/opensslv.h

-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h

-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h

-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h

-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h

-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h

-rsaref.o: source/rsaref.h

--- a/sys/src/ape/lib/openssl/demos/engines/cluster_labs/cluster_labs.h

+++ /dev/null

@@ -1,35 +1,0 @@

-typedef int cl_engine_init(void);

-typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *m, BN_CTX *cgx);

-typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,

-		const BIGNUM *iqmp, BN_CTX *ctx);

-typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);

-typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding);

-typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding);

-typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa, int padding);

-typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa, int padding);

-typedef int cl_rand_bytes(unsigned char *buf, int num);

-typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);

-typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,

-				DSA_SIG *sig, DSA *dsa);

-static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";

-static const char *CLUSTER_LABS_F1	 = "hw_engine_init";

-static const char *CLUSTER_LABS_F2	 = "hw_mod_exp";

-static const char *CLUSTER_LABS_F3	 = "hw_mod_exp_crt";

-static const char *CLUSTER_LABS_F4	 = "hw_rsa_mod_exp";

-static const char *CLUSTER_LABS_F5	 = "hw_rsa_priv_enc";

-static const char *CLUSTER_LABS_F6	 = "hw_rsa_priv_dec";

-static const char *CLUSTER_LABS_F7	 = "hw_rsa_pub_enc";

-static const char *CLUSTER_LABS_F8	 = "hw_rsa_pub_dec";

-static const char *CLUSTER_LABS_F20	 = "hw_rand_bytes";

-static const char *CLUSTER_LABS_F30	 = "hw_dsa_sign";

-static const char *CLUSTER_LABS_F31	 = "hw_dsa_verify";

--- a/sys/src/ape/lib/openssl/demos/engines/cluster_labs/hw_cluster_labs.c

+++ /dev/null

@@ -1,721 +1,0 @@

-/* crypto/engine/hw_cluster_labs.c */

-/* Written by Jan Tschirschwitz ([email protected]

- * for the OpenSSL project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#define MSC_VER   /* only used cryptic.h */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include <openssl/dso.h>

-#include <openssl/des.h>

-#include <openssl/engine.h>

-#ifndef NO_HW

-#ifndef NO_HW_CLUSTER_LABS

-#ifdef FLAT_INC

-#include "cluster_labs.h"

-#else

-#include "vendor_defns/cluster_labs.h"

-#endif

-#define CL_LIB_NAME "cluster_labs engine"

-#include "hw_cluster_labs_err.c"

-static int cluster_labs_destroy(ENGINE *e);

-static int cluster_labs_init(ENGINE *e);

-static int cluster_labs_finish(ENGINE *e);

-static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());

-/* BIGNUM stuff */

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-/* RSA stuff */

-#ifndef OPENSSL_NO_RSA

-static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding);

-static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding);

-static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa, int padding);

-static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa, int padding);

-static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);

-#endif

-/* DSA stuff */

-#ifndef OPENSSL_NO_DSA

-static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);

-static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,

-				DSA_SIG *sig, DSA *dsa);

-static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont);

-static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx);

-#endif

-/* DH stuff */

-#ifndef OPENSSL_NO_DH

-/* This function is alised to mod_exp (with the DH and mont dropped). */

-static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* RANDOM stuff */

-static int cluster_labs_rand_bytes(unsigned char *buf, int num);

-/* The definitions for control commands specific to this engine */

-#define CLUSTER_LABS_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =

-	{

-	{ CLUSTER_LABS_CMD_SO_PATH,

-	  "SO_PATH",

-	  "Specifies the path to the 'cluster labs' shared library",

-	  ENGINE_CMD_FLAG_STRING

-	},

-	{0, NULL, NULL, 0}

-	};

-/* Our internal RSA_METHOD that we provide pointers to */

-#ifndef OPENSSL_NO_RSA

-static RSA_METHOD cluster_labs_rsa =

-	{

-	"Cluster Labs RSA method",

-	cluster_labs_rsa_pub_enc,	/* rsa_pub_enc */

-	cluster_labs_rsa_pub_dec,	/* rsa_pub_dec */

-	cluster_labs_rsa_priv_enc,	/* rsa_priv_enc */

-	cluster_labs_rsa_priv_dec,	/* rsa_priv_dec */

-	cluster_labs_rsa_mod_exp,	/* rsa_mod_exp */

-	cluster_labs_mod_exp_mont,	/* bn_mod_exp */

-	NULL,				/* init */

-	NULL,				/* finish */

-	0, 				/* flags */

-	NULL,				/* apps_data */

-	NULL,				/* rsa_sign */

-	NULL				/* rsa_verify */

-	};

-#endif

-/* Our internal DSA_METHOD that we provide pointers to */

-#ifndef OPENSSL_NO_DSA

-static DSA_METHOD cluster_labs_dsa =

-	{

-	"Cluster Labs DSA method",

-	cluster_labs_dsa_sign,  	/* dsa_do_sign */

-	NULL, 				/* dsa_sign_setup */

-	cluster_labs_dsa_verify,	/* dsa_do_verify */

-	cluster_labs_dsa_mod_exp, 	/* dsa_mod_exp */

-	cluster_labs_mod_exp_dsa, 	/* bn_mod_exp */

-	NULL, 				/* init */

-	NULL, 				/* finish */

-	0, 				/* flags */

-	NULL 				/* app_data */

-	};

-#endif

-/* Our internal DH_METHOD that we provide pointers to */

-#ifndef OPENSSL_NO_DH

-static DH_METHOD cluster_labs_dh =

-	{

-	"Cluster Labs DH method",

-	NULL,				/* generate key */

-	NULL,				/* compute key */

-	cluster_labs_mod_exp_dh,	/* bn_mod_exp */

-	NULL,				/* init */

-	NULL,				/* finish */

-	0,				/* flags */

-	NULL				/* app_data */

-	};

-#endif

-static RAND_METHOD cluster_labs_rand =

-	{

-	/* "Cluster Labs RAND method", */

-	NULL,				/* seed */

-	cluster_labs_rand_bytes,	/* bytes */

-	NULL,				/* cleanup */

-	NULL,				/* add */

-	cluster_labs_rand_bytes,	/* pseudorand */

-	NULL,				/* status */

-	};

-static const char *engine_cluster_labs_id = "cluster_labs";

-static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";

-/* engine implementation */

-/*-----------------------*/

-static int bind_helper(ENGINE *e)

-	{

-	if(!ENGINE_set_id(e, engine_cluster_labs_id) ||

-			!ENGINE_set_name(e, engine_cluster_labs_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &cluster_labs_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-			!ENGINE_set_DSA(e, &cluster_labs_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH(e, &cluster_labs_dh) ||

-#endif

-			!ENGINE_set_RAND(e, &cluster_labs_rand) ||

-			!ENGINE_set_destroy_function(e, cluster_labs_destroy) ||

-			!ENGINE_set_init_function(e, cluster_labs_init) ||

-			!ENGINE_set_finish_function(e, cluster_labs_finish) ||

-			!ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||

-			!ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))

-		return 0;

-	/* Ensure the error handling is set up */

-	ERR_load_CL_strings();

-	return 1;

-	}

-#ifndef ENGINE_DYNAMIC_SUPPORT

-static ENGINE *engine_cluster_labs(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static

-#endif

-void ENGINE_load_cluster_labs(void)

-	{

-	ENGINE *cluster_labs = engine_cluster_labs();

-	if(!cluster_labs) return;

-	ENGINE_add(cluster_labs);

-	ENGINE_free(cluster_labs);

-	ERR_clear_error();

-	}

-#endif /* !ENGINE_DYNAMIC_SUPPORT */

-static int cluster_labs_destroy(ENGINE *e)

-	{

-	ERR_unload_CL_strings();

-	return 1;

-	}

-/* This is a process-global DSO handle used for loading and unloading

- * the Cluster Labs library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *cluster_labs_dso = NULL;

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static cl_engine_init	  	*p_cl_engine_init 		 = NULL;

-static cl_mod_exp	 	*p_cl_mod_exp 			 = NULL;

-static cl_mod_exp_crt		*p_cl_mod_exp_crt 		 = NULL;

-static cl_rsa_mod_exp		*p_cl_rsa_mod_exp 		 = NULL;

-static cl_rsa_priv_enc		*p_cl_rsa_priv_enc 		 = NULL;

-static cl_rsa_priv_dec		*p_cl_rsa_priv_dec 		 = NULL;

-static cl_rsa_pub_enc		*p_cl_rsa_pub_enc 		 = NULL;

-static cl_rsa_pub_dec		*p_cl_rsa_pub_dec 		 = NULL;

-static cl_rand_bytes		*p_cl_rand_bytes	 	 = NULL;

-static cl_dsa_sign		*p_cl_dsa_sign		 	 = NULL;

-static cl_dsa_verify		*p_cl_dsa_verify	 	 = NULL;

-int cluster_labs_init(ENGINE *e)

-	{

-	cl_engine_init			*p1;

-	cl_mod_exp			*p2;

-	cl_mod_exp_crt			*p3;

-	cl_rsa_mod_exp			*p4;

-	cl_rsa_priv_enc			*p5;

-	cl_rsa_priv_dec			*p6;

-	cl_rsa_pub_enc			*p7;

-	cl_rsa_pub_dec			*p8;

-	cl_rand_bytes			*p20;

-	cl_dsa_sign			*p30;

-	cl_dsa_verify			*p31;

-	/* engine already loaded */

-	if(cluster_labs_dso != NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);

-		goto err;

-		}

-	/* try to load engine	 */

-	cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);

-		goto err;

-		}

-	/* bind functions */

-	if(	!(p1 = (cl_engine_init *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F1)) ||

-		!(p2 = (cl_mod_exp *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F2)) ||

-		!(p3 = (cl_mod_exp_crt *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F3)) ||

-		!(p4 = (cl_rsa_mod_exp *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F4)) ||

-		!(p5 = (cl_rsa_priv_enc *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F5)) ||

-		!(p6 = (cl_rsa_priv_dec *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F6)) ||

-		!(p7 = (cl_rsa_pub_enc *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F7)) ||

-		!(p8 = (cl_rsa_pub_dec *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F8)) ||

-		!(p20= (cl_rand_bytes *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F20)) ||

-		!(p30= (cl_dsa_sign *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F30)) ||

-		!(p31= (cl_dsa_verify *)DSO_bind_func(

-				cluster_labs_dso, CLUSTER_LABS_F31)))

-		{

-		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);

-		goto err;

-		}

-	/* copy function pointers */

-	p_cl_engine_init		= p1;

-	p_cl_mod_exp			= p2;

-	p_cl_mod_exp_crt		= p3;

-	p_cl_rsa_mod_exp 		= p4;

-	p_cl_rsa_priv_enc	 	= p5;

-	p_cl_rsa_priv_dec	 	= p6;

-	p_cl_rsa_pub_enc	 	= p7;

-	p_cl_rsa_pub_dec	 	= p8;

-	p_cl_rand_bytes			= p20;

-	p_cl_dsa_sign			= p30;

-	p_cl_dsa_verify			= p31;

-	/* cluster labs engine init */

-	if(p_cl_engine_init()== 0){

-		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);

-		goto err;

-	}

-	return(1);

-err:

-	/* reset all pointers */

-	if(cluster_labs_dso)

-		DSO_free(cluster_labs_dso);

-	cluster_labs_dso		= NULL;

-	p_cl_engine_init		= NULL;

-	p_cl_mod_exp			= NULL;

-	p_cl_mod_exp_crt		= NULL;

-	p_cl_rsa_mod_exp		= NULL;

-	p_cl_rsa_priv_enc		= NULL;

-	p_cl_rsa_priv_dec		= NULL;

-	p_cl_rsa_pub_enc		= NULL;

-	p_cl_rsa_pub_dec		= NULL;

-	p_cl_rand_bytes			= NULL;

-	p_cl_dsa_sign			= NULL;

-	p_cl_dsa_verify			= NULL;

-	return(0);

-	}

-static int cluster_labs_finish(ENGINE *e)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(!DSO_free(cluster_labs_dso))

-		{

-		CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);

-		return 0;

-		}

-	cluster_labs_dso 		= NULL;

-	p_cl_engine_init		= NULL;

-	p_cl_mod_exp			= NULL;

-	p_cl_rsa_mod_exp		= NULL;

-	p_cl_mod_exp_crt		= NULL;

-	p_cl_rsa_priv_enc		= NULL;

-	p_cl_rsa_priv_dec		= NULL;

-	p_cl_rsa_pub_enc		= NULL;

-	p_cl_rsa_pub_dec		= NULL;

-	p_cl_rand_bytes			= NULL;

-	p_cl_dsa_sign			= NULL;

-	p_cl_dsa_verify			= NULL;

-	return(1);

-	}

-static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())

-	{

-	int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case CLUSTER_LABS_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);

-			return 0;

-			}

-		CLUSTER_LABS_LIB_NAME = (const char *)p;

-		return 1;

-	default:

-		break;

-		}

-	CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_mod_exp == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return	p_cl_mod_exp(r, a, p, m, ctx);

-	}

-static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,

-		const BIGNUM *iqmp, BN_CTX *ctx)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_mod_exp_crt == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return	p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);

-	}

-static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_rsa_mod_exp == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return p_cl_rsa_mod_exp(r0, I, rsa);

-	}

-static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_dsa_sign == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return p_cl_dsa_sign(dgst, dlen, dsa);

-	}

-static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,

-				DSA_SIG *sig, DSA *dsa)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_dsa_verify == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);

-	}

-static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	BIGNUM t;

-	int status = 0;

-	BN_init(&t);

-	/* let rr = a1 ^ p1 mod m */

-	if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;

-	/* let t = a2 ^ p2 mod m */

-	if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;

-	/* let rr = rr * t mod m */

-	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

-	status = 1;

-end:

-	BN_free(&t);

-	return(1);

-	}

-static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx)

-	{

-	return 	cluster_labs_mod_exp(r, a, p, m, ctx);

-	}

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return	cluster_labs_mod_exp(r, a, p, m, ctx);

-	}

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return 	cluster_labs_mod_exp(r, a, p, m, ctx);

-	}

-static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_rsa_priv_enc == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return 	p_cl_rsa_pub_enc(flen, from, to, rsa, padding);

-	}

-static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,

-	     unsigned char *to, RSA *rsa, int padding)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_rsa_priv_enc == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return 	p_cl_rsa_pub_dec(flen, from, to, rsa, padding);

-	}

-static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa, int padding)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_rsa_priv_enc == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return 	p_cl_rsa_priv_enc(flen, from, to, rsa, padding);

-	}

-static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa, int padding)

-	{

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_rsa_priv_dec == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return 	p_cl_rsa_priv_dec(flen, from, to, rsa, padding);

-	}

-/************************************************************************************

-* Symmetric algorithms

-************************************************************************************/

-/* this will be come soon! */

-/************************************************************************************

-* Random generator

-************************************************************************************/

-static int cluster_labs_rand_bytes(unsigned char *buf, int num){

-	if(cluster_labs_dso == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);

-		return 0;

-		}

-	if(p_cl_mod_exp_crt == NULL)

-		{

-		CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);

-		return 0;

-		}

-	return 	p_cl_rand_bytes(buf, num);

-}

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	fprintf(stderr, "bind_fn CLUSTER_LABS\n");

-	if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {

-		fprintf(stderr, "bind_fn return(0) first\n");

-		return 0;

-		}

-	if(!bind_helper(e)) {

-		fprintf(stderr, "bind_fn return(1) first\n");

-		return 0;

-		}

-	fprintf(stderr, "bind_fn return(1)\n");

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* ENGINE_DYNAMIC_SUPPORT */

-#endif /* !NO_HW_CLUSTER_LABS */

-#endif /* !NO_HW */

--- a/sys/src/ape/lib/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec

+++ /dev/null

@@ -1,8 +1,0 @@

-# configuration file for util/mkerr.pl

-#

-# use like this:

-#

-#	perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \

-#		-nostatic -staticloader -write *.c

-L CL		hw_cluster_labs_err.h		hw_cluster_labs_err.c

--- a/sys/src/ape/lib/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c

+++ /dev/null

@@ -1,151 +1,0 @@

-/* hw_cluster_labs_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "hw_cluster_labs_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-static ERR_STRING_DATA CL_str_functs[]=

-	{

-{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0),	"CLUSTER_LABS_CTRL"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0),	"CLUSTER_LABS_DSA_SIGN"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0),	"CLUSTER_LABS_DSA_VERIFY"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0),	"CLUSTER_LABS_FINISH"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0),	"CLUSTER_LABS_INIT"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0),	"CLUSTER_LABS_MOD_EXP"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0),	"CLUSTER_LABS_MOD_EXP_CRT"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0),	"CLUSTER_LABS_RAND_BYTES"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0),	"CLUSTER_LABS_RSA_MOD_EXP"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0),	"CLUSTER_LABS_RSA_PRIV_DEC"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0),	"CLUSTER_LABS_RSA_PRIV_ENC"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0),	"CLUSTER_LABS_RSA_PUB_DEC"},

-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0),	"CLUSTER_LABS_RSA_PUB_ENC"},

-{0,NULL}

-	};

-static ERR_STRING_DATA CL_str_reasons[]=

-	{

-{CL_R_ALREADY_LOADED                     ,"already loaded"},

-{CL_R_COMMAND_NOT_IMPLEMENTED            ,"command not implemented"},

-{CL_R_DSO_FAILURE                        ,"dso failure"},

-{CL_R_FUNCTION_NOT_BINDED                ,"function not binded"},

-{CL_R_INIT_FAILED                        ,"init failed"},

-{CL_R_NOT_LOADED                         ,"not loaded"},

-{0,NULL}

-	};

-#endif

-#ifdef CL_LIB_NAME

-static ERR_STRING_DATA CL_lib_name[]=

-        {

-{0	,CL_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int CL_lib_error_code=0;

-static int CL_error_init=1;

-static void ERR_load_CL_strings(void)

-	{

-	if (CL_lib_error_code == 0)

-		CL_lib_error_code=ERR_get_next_error_library();

-	if (CL_error_init)

-		{

-		CL_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(CL_lib_error_code,CL_str_functs);

-		ERR_load_strings(CL_lib_error_code,CL_str_reasons);

-#endif

-#ifdef CL_LIB_NAME

-		CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);

-		ERR_load_strings(0,CL_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_CL_strings(void)

-	{

-	if (CL_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(CL_lib_error_code,CL_str_functs);

-		ERR_unload_strings(CL_lib_error_code,CL_str_reasons);

-#endif

-#ifdef CL_LIB_NAME

-		ERR_unload_strings(0,CL_lib_name);

-#endif

-		CL_error_init=1;

-		}

-	}

-static void ERR_CL_error(int function, int reason, char *file, int line)

-	{

-	if (CL_lib_error_code == 0)

-		CL_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(CL_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_CL_ERR_H

-#define HEADER_CL_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_CL_strings(void);

-static void ERR_unload_CL_strings(void);

-static void ERR_CL_error(int function, int reason, char *file, int line);

-#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the CL functions. */

-/* Function codes. */

-#define CL_F_CLUSTER_LABS_CTRL				 100

-#define CL_F_CLUSTER_LABS_DSA_SIGN			 101

-#define CL_F_CLUSTER_LABS_DSA_VERIFY			 102

-#define CL_F_CLUSTER_LABS_FINISH			 103

-#define CL_F_CLUSTER_LABS_INIT				 104

-#define CL_F_CLUSTER_LABS_MOD_EXP			 105

-#define CL_F_CLUSTER_LABS_MOD_EXP_CRT			 106

-#define CL_F_CLUSTER_LABS_RAND_BYTES			 107

-#define CL_F_CLUSTER_LABS_RSA_MOD_EXP			 108

-#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC			 109

-#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC			 110

-#define CL_F_CLUSTER_LABS_RSA_PUB_DEC			 111

-#define CL_F_CLUSTER_LABS_RSA_PUB_ENC			 112

-/* Reason codes. */

-#define CL_R_ALREADY_LOADED				 100

-#define CL_R_COMMAND_NOT_IMPLEMENTED			 101

-#define CL_R_DSO_FAILURE				 102

-#define CL_R_FUNCTION_NOT_BINDED			 103

-#define CL_R_INIT_FAILED				 104

-#define CL_R_NOT_LOADED					 105

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/demos/engines/ibmca/Makefile

+++ /dev/null

@@ -1,114 +1,0 @@

-LIBNAME=	libibmca

-SRC=		hw_ibmca.c

-OBJ=		hw_ibmca.o

-HEADER=		hw_ibmca.h

-CC=		gcc

-PIC=		-fPIC

-CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC

-AR=		ar r

-RANLIB=		ranlib

-LIB=		$(LIBNAME).a

-SHLIB=		$(LIBNAME).so

-all:

-		@echo 'Please choose a system to build on:'

-		@echo ''

-		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'

-		@echo 'solaris:  Solaris'

-		@echo 'irix:     IRIX'

-		@echo 'hpux32:   32-bit HP/UX'

-		@echo 'hpux64:   64-bit HP/UX'

-		@echo 'aix:      AIX'

-		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'

-		@echo ''

-FORCE.update:

-update:		FORCE.update

-		perl ../../../util/mkerr.pl -conf hw_ibmca.ec \

-			-nostatic -staticloader -write hw_ibmca.c

-gnu:		$(SHLIB).gnu

-tru64:		$(SHLIB).tru64

-solaris:	$(SHLIB).solaris

-irix:		$(SHLIB).irix

-hpux32:		$(SHLIB).hpux32

-hpux64:		$(SHLIB).hpux64

-aix:		$(SHLIB).aix

-$(LIB):		$(OBJ)

-		$(AR) $(LIB) $(OBJ)

-		- $(RANLIB) $(LIB)

-LINK_SO=	\

-  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \

-  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \

-   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)

-$(SHLIB).gnu:	$(LIB)

-		ALLSYMSFLAGS='--whole-archive' \

-		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).gnu

-$(SHLIB).tru64:	$(LIB)

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).tru64

-$(SHLIB).solaris:	$(LIB)

-		ALLSYMSFLAGS='-z allextract' \

-		SHAREDFLAGS='-G -h $(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).solaris

-$(SHLIB).irix:	$(LIB)

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).irix

-$(SHLIB).hpux32:	$(LIB)

-		ALLSYMSFLAGS='-Fl' \

-		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux32

-$(SHLIB).hpux64:	$(LIB)

-		ALLSYMSFLAGS='+forceload' \

-		SHAREDFLAGS='-b -z +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux64

-$(SHLIB).aix:	$(LIB)

-		ALLSYMSFLAGS='-bnogc' \

-		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).aix

-depend:

-		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp

-		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp

-		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp

-		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new

-		rm -f Makefile.tmp Makefile

-		mv Makefile.new Makefile

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h

-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h

-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h

-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h

-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h

-rsaref.o: ../../../include/openssl/opensslconf.h

-rsaref.o: ../../../include/openssl/opensslv.h

-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h

-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h

-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h

-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h

-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h

-rsaref.o: source/rsaref.h

--- a/sys/src/ape/lib/openssl/demos/engines/ibmca/hw_ibmca.c

+++ /dev/null

@@ -1,920 +1,0 @@

-/* crypto/engine/hw_ibmca.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* (C) COPYRIGHT International Business Machines Corp. 2001 */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_IBMCA

-#ifdef FLAT_INC

-#include "ica_openssl_api.h"

-#else

-#include "vendor_defns/ica_openssl_api.h"

-#endif

-#define IBMCA_LIB_NAME "ibmca engine"

-#include "hw_ibmca_err.c"

-static int ibmca_destroy(ENGINE *e);

-static int ibmca_init(ENGINE *e);

-static int ibmca_finish(ENGINE *e);

-static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());

-static const char *IBMCA_F1 = "icaOpenAdapter";

-static const char *IBMCA_F2 = "icaCloseAdapter";

-static const char *IBMCA_F3 = "icaRsaModExpo";

-static const char *IBMCA_F4 = "icaRandomNumberGenerate";

-static const char *IBMCA_F5 = "icaRsaCrt";

-ICA_ADAPTER_HANDLE handle=0;

-/* BIGNUM stuff */

-static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-        const BIGNUM *m, BN_CTX *ctx);

-static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-        const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,

-        const BIGNUM *iqmp, BN_CTX *ctx);

-#ifndef OPENSSL_NO_RSA

-/* RSA stuff */

-static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);

-#endif

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#ifndef OPENSSL_NO_DSA

-/* DSA stuff */

-static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-        BN_CTX *ctx, BN_MONT_CTX *in_mont);

-static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-        BN_MONT_CTX *m_ctx);

-#endif

-#ifndef OPENSSL_NO_DH

-/* DH stuff */

-/* This function is alised to mod_exp (with the DH and mont dropped). */

-static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,

-	const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* RAND stuff */

-static int ibmca_rand_bytes(unsigned char *buf, int num);

-static int ibmca_rand_status(void);

-/* WJH - check for more commands, like in nuron */

-/* The definitions for control commands specific to this engine */

-#define IBMCA_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {

-	{IBMCA_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'atasi' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD ibmca_rsa =

-        {

-        "Ibmca RSA method",

-        NULL,

-        NULL,

-        NULL,

-        NULL,

-        ibmca_rsa_mod_exp,

-        ibmca_mod_exp_mont,

-        NULL,

-        NULL,

-        0,

-        NULL,

-        NULL,

-        NULL

-        };

-#endif

-#ifndef OPENSSL_NO_DSA

-/* Our internal DSA_METHOD that we provide pointers to */

-static DSA_METHOD ibmca_dsa =

-        {

-        "Ibmca DSA method",

-        NULL, /* dsa_do_sign */

-        NULL, /* dsa_sign_setup */

-        NULL, /* dsa_do_verify */

-        ibmca_dsa_mod_exp, /* dsa_mod_exp */

-        ibmca_mod_exp_dsa, /* bn_mod_exp */

-        NULL, /* init */

-        NULL, /* finish */

-        0, /* flags */

-        NULL /* app_data */

-        };

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-static DH_METHOD ibmca_dh =

-        {

-        "Ibmca DH method",

-        NULL,

-        NULL,

-        ibmca_mod_exp_dh,

-        NULL,

-        NULL,

-        0,

-        NULL

-        };

-#endif

-static RAND_METHOD ibmca_rand =

-        {

-        /* "IBMCA RAND method", */

-        NULL,

-        ibmca_rand_bytes,

-        NULL,

-        NULL,

-        ibmca_rand_bytes,

-        ibmca_rand_status,

-        };

-/* Constants used when creating the ENGINE */

-static const char *engine_ibmca_id = "ibmca";

-static const char *engine_ibmca_name = "Ibmca hardware engine support";

-/* This internal function is used by ENGINE_ibmca() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DSA

-	const DSA_METHOD *meth2;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth3;

-#endif

-	if(!ENGINE_set_id(e, engine_ibmca_id) ||

-		!ENGINE_set_name(e, engine_ibmca_name) ||

-#ifndef OPENSSL_NO_RSA

-		!ENGINE_set_RSA(e, &ibmca_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-		!ENGINE_set_DSA(e, &ibmca_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-		!ENGINE_set_DH(e, &ibmca_dh) ||

-#endif

-		!ENGINE_set_RAND(e, &ibmca_rand) ||

-		!ENGINE_set_destroy_function(e, ibmca_destroy) ||

-		!ENGINE_set_init_function(e, ibmca_init) ||

-		!ENGINE_set_finish_function(e, ibmca_finish) ||

-		!ENGINE_set_ctrl_function(e, ibmca_ctrl) ||

-		!ENGINE_set_cmd_defns(e, ibmca_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the ibmca-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DSA

-	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

-	 * bits. */

-	meth2 = DSA_OpenSSL();

-	ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;

-	ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;

-	ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth3 = DH_OpenSSL();

-	ibmca_dh.generate_key = meth3->generate_key;

-	ibmca_dh.compute_key = meth3->compute_key;

-#endif

-	/* Ensure the ibmca error handling is set up */

-	ERR_load_IBMCA_strings();

-	return 1;

-	}

-static ENGINE *engine_ibmca(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static

-#endif

-void ENGINE_load_ibmca(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_ibmca();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-/* Destructor (complements the "ENGINE_ibmca()" constructor) */

-static int ibmca_destroy(ENGINE *e)

-	{

-	/* Unload the ibmca error strings so any error state including our

-	 * functs or reasons won't lead to a segfault (they simply get displayed

-	 * without corresponding string data because none will be found). */

-        ERR_unload_IBMCA_strings();

-	return 1;

-	}

-/* This is a process-global DSO handle used for loading and unloading

- * the Ibmca library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *ibmca_dso = NULL;

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static unsigned int    (ICA_CALL *p_icaOpenAdapter)();

-static unsigned int    (ICA_CALL *p_icaCloseAdapter)();

-static unsigned int    (ICA_CALL *p_icaRsaModExpo)();

-static unsigned int    (ICA_CALL *p_icaRandomNumberGenerate)();

-static unsigned int    (ICA_CALL *p_icaRsaCrt)();

-/* utility function to obtain a context */

-static int get_context(ICA_ADAPTER_HANDLE *p_handle)

-        {

-        unsigned int status=0;

-        status = p_icaOpenAdapter(0, p_handle);

-        if(status != 0)

-                return 0;

-        return 1;

-        }

-/* similarly to release one. */

-static void release_context(ICA_ADAPTER_HANDLE handle)

-        {

-        p_icaCloseAdapter(handle);

-        }

-/* (de)initialisation functions. */

-static int ibmca_init(ENGINE *e)

-        {

-        void          (*p1)();

-        void          (*p2)();

-        void          (*p3)();

-        void          (*p4)();

-        void          (*p5)();

-        if(ibmca_dso != NULL)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);

-                goto err;

-                }

-        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be

-         * changed unfortunately because the Ibmca drivers don't have

-         * standard library names that can be platform-translated well. */

-        /* TODO: Work out how to actually map to the names the Ibmca

-         * drivers really use - for now a symbollic link needs to be

-         * created on the host system from libatasi.so to atasi.so on

-         * unix variants. */

-	/* WJH XXX check name translation */

-        ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,

-			     /* DSO_FLAG_NAME_TRANSLATION */ 0);

-        if(ibmca_dso == NULL)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);

-                goto err;

-                }

-        if(!(p1 = DSO_bind_func(

-                ibmca_dso, IBMCA_F1)) ||

-                !(p2 = DSO_bind_func(

-                        ibmca_dso, IBMCA_F2)) ||

-                !(p3 = DSO_bind_func(

-                        ibmca_dso, IBMCA_F3)) ||

-                !(p4 = DSO_bind_func(

-                        ibmca_dso, IBMCA_F4)) ||

-                !(p5 = DSO_bind_func(

-                        ibmca_dso, IBMCA_F5)))

-                {

-                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);

-                goto err;

-                }

-        /* Copy the pointers */

-	p_icaOpenAdapter =           (unsigned int (ICA_CALL *)())p1;

-	p_icaCloseAdapter =          (unsigned int (ICA_CALL *)())p2;

-	p_icaRsaModExpo =            (unsigned int (ICA_CALL *)())p3;

-	p_icaRandomNumberGenerate =  (unsigned int (ICA_CALL *)())p4;

-	p_icaRsaCrt =                (unsigned int (ICA_CALL *)())p5;

-        if(!get_context(&handle))

-                {

-                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);

-                goto err;

-                }

-        return 1;

- err:

-        if(ibmca_dso)

-                DSO_free(ibmca_dso);

-        p_icaOpenAdapter = NULL;

-        p_icaCloseAdapter = NULL;

-        p_icaRsaModExpo = NULL;

-        p_icaRandomNumberGenerate = NULL;

-        return 0;

-        }

-static int ibmca_finish(ENGINE *e)

-        {

-        if(ibmca_dso == NULL)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);

-                return 0;

-                }

-        release_context(handle);

-        if(!DSO_free(ibmca_dso))

-                {

-                IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);

-                return 0;

-                }

-        ibmca_dso = NULL;

-        return 1;

-        }

-static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())

-	{

-	int initialised = ((ibmca_dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case IBMCA_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);

-			return 0;

-			}

-		IBMCA_LIBNAME = (const char *)p;

-		return 1;

-	default:

-		break;

-		}

-	IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-        const BIGNUM *m, BN_CTX *ctx)

-        {

-        /* I need somewhere to store temporary serialised values for

-         * use with the Ibmca API calls. A neat cheat - I'll use

-         * BIGNUMs from the BN_CTX but access their arrays directly as

-         * byte arrays <grin>. This way I don't have to clean anything

-         * up. */

-        BIGNUM *argument=NULL;

-        BIGNUM *result=NULL;

-        BIGNUM *key=NULL;

-        int to_return;

-	int inLen, outLen, tmpLen;

-        ICA_KEY_RSA_MODEXPO *publKey=NULL;

-        unsigned int rc;

-        to_return = 0; /* expect failure */

-        if(!ibmca_dso)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);

-                goto err;

-                }

-        /* Prepare the params */

-	BN_CTX_start(ctx);

-        argument = BN_CTX_get(ctx);

-        result = BN_CTX_get(ctx);

-        key = BN_CTX_get(ctx);

-        if( !argument || !result || !key)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);

-                goto err;

-                }

-	if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||

-                !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))

-                {

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);

-                goto err;

-                }

-        publKey = (ICA_KEY_RSA_MODEXPO *)key->d;

-        if (publKey == NULL)

-                {

-                goto err;

-                }

-        memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));

-        publKey->keyType   =  CORRECT_ENDIANNESS(ME_KEY_TYPE);

-        publKey->keyLength =  CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));

-        publKey->expOffset =  (char *) publKey->keyRecord - (char *) publKey;

-        /* A quirk of the card: the exponent length has to be the same

-     as the modulus (key) length */

-	outLen = BN_num_bytes(m);

-/* check for modulus length SAB*/

-	if (outLen > 256 ) {

-		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);

-		goto err;

-	}

-/* check for modulus length SAB*/

-	publKey->expLength = publKey->nLength = outLen;

-/* SAB Check for underflow condition

-    the size of the exponent is less than the size of the parameter

-    then we have a big problem and will underflow the keyRecord

-   buffer.  Bad stuff could happen then

-*/

-if (outLen < BN_num_bytes(p)){

-	IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);

-	goto err;

-}

-/* SAB End check for underflow */

-        BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -

-                BN_num_bytes(p)]);

-        BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);

-        publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);

-        publKey->nOffset   = CORRECT_ENDIANNESS(publKey->expOffset +

-						publKey->expLength);

-        publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -

-						(char *) publKey);

-	tmpLen = outLen;

-	publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);

-  /* Prepare the argument */

-	memset(argument->d, 0, outLen);

-	BN_bn2bin(a, (unsigned char *)argument->d + outLen -

-                 BN_num_bytes(a));

-	inLen = outLen;

-  /* Perform the operation */

-          if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,

-                publKey, &outLen, (unsigned char *)result->d))

-                !=0 )

-                {

-                printf("rc = %d\n", rc);

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);

-                goto err;

-                }

-        /* Convert the response */

-        BN_bin2bn((unsigned char *)result->d, outLen, r);

-        to_return = 1;

- err:

-	BN_CTX_end(ctx);

-        return to_return;

-        }

-#ifndef OPENSSL_NO_RSA

-static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)

-        {

-        BN_CTX *ctx;

-        int to_return = 0;

-        if((ctx = BN_CTX_new()) == NULL)

-                goto err;

-        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

-                {

-                if(!rsa->d || !rsa->n)

-                        {

-                        IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,

-                                IBMCA_R_MISSING_KEY_COMPONENTS);

-                        goto err;

-                        }

-                to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);

-                }

-        else

-                {

-                to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,

-                        rsa->dmq1, rsa->iqmp, ctx);

-                }

- err:

-        if(ctx)

-                BN_CTX_free(ctx);

-        return to_return;

-        }

-#endif

-/* Ein kleines chinesisches "Restessen"  */

-static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-        const BIGNUM *q, const BIGNUM *dmp1,

-        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)

-        {

-        BIGNUM *argument = NULL;

-        BIGNUM *result = NULL;

-        BIGNUM *key = NULL;

-        int to_return = 0; /* expect failure */

-        char                *pkey=NULL;

-        ICA_KEY_RSA_CRT     *privKey=NULL;

-        int inLen, outLen;

-        int rc;

-        unsigned int        offset, pSize, qSize;

-/* SAB New variables */

-	unsigned int keyRecordSize;

-	unsigned int pbytes = BN_num_bytes(p);

-	unsigned int qbytes = BN_num_bytes(q);

-	unsigned int dmp1bytes = BN_num_bytes(dmp1);

-	unsigned int dmq1bytes = BN_num_bytes(dmq1);

-	unsigned int iqmpbytes = BN_num_bytes(iqmp);

-        /* Prepare the params */

-	BN_CTX_start(ctx);

-        argument = BN_CTX_get(ctx);

-        result = BN_CTX_get(ctx);

-        key = BN_CTX_get(ctx);

-        if(!argument || !result || !key)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);

-                goto err;

-                }

-	if(!bn_wexpand(argument, p->top + q->top) ||

-                !bn_wexpand(result, p->top + q->top) ||

-                !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))

-                {

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);

-                goto err;

-                }

-        privKey = (ICA_KEY_RSA_CRT *)key->d;

-/* SAB Add check for total size in bytes of the parms does not exceed

-   the buffer space we have

-   do this first

-*/

-      keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;

-     if (  keyRecordSize > sizeof(privKey->keyRecord )) {

-	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

-         goto err;

-     }

-     if ( (qbytes + dmq1bytes)  > 256 ){

-	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

-         goto err;

-     }

-     if ( pbytes + dmp1bytes > 256 ) {

-	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

-         goto err;

-     }

-/* end SAB additions */

-        memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));

-        privKey->keyType =  CORRECT_ENDIANNESS(CRT_KEY_TYPE);

-        privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));

-        privKey->modulusBitLength =

-	  CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);

-        /*

-         * p,dp & qInv are 1 QWORD Larger

-         */

-        privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);

-        privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));

-        privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);

-        privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));

-        privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);

-        offset = (char *) privKey->keyRecord

-                  - (char *) privKey;

-        qSize = BN_num_bytes(q);

-        pSize = qSize + 8;   /*  1 QWORD larger */

-/* SAB  probably aittle redundant, but we'll verify that each of the

-   components which make up a key record sent ot the card does not exceed

-   the space that is allocated for it.  this handles the case where even if

-   the total length does not exceed keyrecord zied, if the operands are funny sized

-they could cause potential side affects on either the card or the result */

-     if ( (pbytes > pSize) || (dmp1bytes > pSize) ||

-          (iqmpbytes > pSize) || ( qbytes >qSize) ||

-          (dmq1bytes > qSize) ) {

-		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);

-		goto err;

-	}

-        privKey->dpOffset = CORRECT_ENDIANNESS(offset);

-	offset += pSize;

-	privKey->dqOffset = CORRECT_ENDIANNESS(offset);

-	offset += qSize;

-	privKey->pOffset = CORRECT_ENDIANNESS(offset);

-	offset += pSize;

-	privKey->qOffset = CORRECT_ENDIANNESS(offset);

-	offset += qSize;

-	privKey->qInvOffset = CORRECT_ENDIANNESS(offset);

-        pkey = (char *) privKey->keyRecord;

-/* SAB first check that we don;t under flow the buffer */

-	if ( pSize < pbytes ) {

-		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);

-		goto err;

-	}

-        /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */

-        pkey += pSize - BN_num_bytes(dmp1);

-        BN_bn2bin(dmp1, pkey);

-        pkey += BN_num_bytes(dmp1);  /* move the pointer */

-        BN_bn2bin(dmq1, pkey);  /* Copy over dmq1 */

-        pkey += qSize;     /* move pointer */

-	pkey += pSize - BN_num_bytes(p);  /* set up for zero padding of next field */

-        BN_bn2bin(p, pkey);

-        pkey += BN_num_bytes(p);  /* increment pointer by number of bytes moved  */

-        BN_bn2bin(q, pkey);

-        pkey += qSize ;  /* move the pointer */

-	pkey +=  pSize - BN_num_bytes(iqmp); /* Adjust for padding */

-        BN_bn2bin(iqmp, pkey);

-        /* Prepare the argument and response */

-	outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2;  /* Correct endianess is used

-						because the fields were converted above */

-        if (outLen > 256) {

-		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);

-		goto err;

-	}

-	/* SAB check for underflow here on the argeument */

-	if ( outLen < BN_num_bytes(a)) {

-		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);

-		goto err;

-	}

-        BN_bn2bin(a, (unsigned char *)argument->d + outLen -

-                          BN_num_bytes(a));

-        inLen = outLen;

-        memset(result->d, 0, outLen);

-        /* Perform the operation */

-        if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,

-                privKey, &outLen, (unsigned char *)result->d)) != 0)

-                {

-                printf("rc = %d\n", rc);

-                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);

-                goto err;

-                }

-        /* Convert the response */

-        BN_bin2bn((unsigned char *)result->d, outLen, r);

-        to_return = 1;

- err:

-	BN_CTX_end(ctx);

-        return to_return;

-        }

-#ifndef OPENSSL_NO_DSA

-/* This code was liberated and adapted from the commented-out code in

- * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration

- * (it doesn't have a CRT form for RSA), this function means that an

- * Ibmca system running with a DSA server certificate can handshake

- * around 5 or 6 times faster/more than an equivalent system running with

- * RSA. Just check out the "signs" statistics from the RSA and DSA parts

- * of "openssl speed -engine ibmca dsa1024 rsa1024". */

-static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-        BN_CTX *ctx, BN_MONT_CTX *in_mont)

-        {

-        BIGNUM t;

-        int to_return = 0;

-        BN_init(&t);

-        /* let rr = a1 ^ p1 mod m */

-        if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;

-        /* let t = a2 ^ p2 mod m */

-        if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;

-        /* let rr = rr * t mod m */

-        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

-        to_return = 1;

- end:

-        BN_free(&t);

-        return to_return;

-        }

-static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-        BN_MONT_CTX *m_ctx)

-        {

-        return ibmca_mod_exp(r, a, p, m, ctx);

-        }

-#endif

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-        {

-        return ibmca_mod_exp(r, a, p, m, ctx);

-        }

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,

-	const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-        {

-        return ibmca_mod_exp(r, a, p, m, ctx);

-        }

-#endif

-/* Random bytes are good */

-static int ibmca_rand_bytes(unsigned char *buf, int num)

-        {

-        int to_return = 0; /* assume failure */

-        unsigned int ret;

-        if(handle == 0)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);

-                goto err;

-                }

-        ret = p_icaRandomNumberGenerate(handle, num, buf);

-        if (ret < 0)

-                {

-                IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);

-                goto err;

-                }

-        to_return = 1;

- err:

-        return to_return;

-        }

-static int ibmca_rand_status(void)

-        {

-        return 1;

-        }

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_ibmca_id) != 0))  /* WJH XXX */

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* ENGINE_DYNAMIC_SUPPORT */

-#endif /* !OPENSSL_NO_HW_IBMCA */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/demos/engines/ibmca/hw_ibmca.ec

+++ /dev/null

@@ -1,8 +1,0 @@

-# configuration file for util/mkerr.pl

-#

-# use like this:

-#

-#	perl ../../../util/mkerr.pl -conf hw_ibmca.ec \

-#		-nostatic -staticloader -write *.c

-L IBMCA		hw_ibmca_err.h			hw_ibmca_err.c

--- a/sys/src/ape/lib/openssl/demos/engines/ibmca/hw_ibmca_err.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* hw_ibmca_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "hw_ibmca_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-static ERR_STRING_DATA IBMCA_str_functs[]=

-	{

-{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0),	"IBMCA_CTRL"},

-{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0),	"IBMCA_FINISH"},

-{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0),	"IBMCA_INIT"},

-{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0),	"IBMCA_MOD_EXP"},

-{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0),	"IBMCA_MOD_EXP_CRT"},

-{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0),	"IBMCA_RAND_BYTES"},

-{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0),	"IBMCA_RSA_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA IBMCA_str_reasons[]=

-	{

-{IBMCA_R_ALREADY_LOADED                  ,"already loaded"},

-{IBMCA_R_BN_CTX_FULL                     ,"bn ctx full"},

-{IBMCA_R_BN_EXPAND_FAIL                  ,"bn expand fail"},

-{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},

-{IBMCA_R_DSO_FAILURE                     ,"dso failure"},

-{IBMCA_R_MEXP_LENGTH_TO_LARGE            ,"mexp length to large"},

-{IBMCA_R_MISSING_KEY_COMPONENTS          ,"missing key components"},

-{IBMCA_R_NOT_INITIALISED                 ,"not initialised"},

-{IBMCA_R_NOT_LOADED                      ,"not loaded"},

-{IBMCA_R_OPERANDS_TO_LARGE               ,"operands to large"},

-{IBMCA_R_OUTLEN_TO_LARGE                 ,"outlen to large"},

-{IBMCA_R_REQUEST_FAILED                  ,"request failed"},

-{IBMCA_R_UNDERFLOW_CONDITION             ,"underflow condition"},

-{IBMCA_R_UNDERFLOW_KEYRECORD             ,"underflow keyrecord"},

-{IBMCA_R_UNIT_FAILURE                    ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef IBMCA_LIB_NAME

-static ERR_STRING_DATA IBMCA_lib_name[]=

-        {

-{0	,IBMCA_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int IBMCA_lib_error_code=0;

-static int IBMCA_error_init=1;

-static void ERR_load_IBMCA_strings(void)

-	{

-	if (IBMCA_lib_error_code == 0)

-		IBMCA_lib_error_code=ERR_get_next_error_library();

-	if (IBMCA_error_init)

-		{

-		IBMCA_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);

-		ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);

-#endif

-#ifdef IBMCA_LIB_NAME

-		IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);

-		ERR_load_strings(0,IBMCA_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_IBMCA_strings(void)

-	{

-	if (IBMCA_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);

-		ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);

-#endif

-#ifdef IBMCA_LIB_NAME

-		ERR_unload_strings(0,IBMCA_lib_name);

-#endif

-		IBMCA_error_init=1;

-		}

-	}

-static void ERR_IBMCA_error(int function, int reason, char *file, int line)

-	{

-	if (IBMCA_lib_error_code == 0)

-		IBMCA_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/demos/engines/ibmca/hw_ibmca_err.h

+++ /dev/null

@@ -1,98 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_IBMCA_ERR_H

-#define HEADER_IBMCA_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_IBMCA_strings(void);

-static void ERR_unload_IBMCA_strings(void);

-static void ERR_IBMCA_error(int function, int reason, char *file, int line);

-#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the IBMCA functions. */

-/* Function codes. */

-#define IBMCA_F_IBMCA_CTRL				 100

-#define IBMCA_F_IBMCA_FINISH				 101

-#define IBMCA_F_IBMCA_INIT				 102

-#define IBMCA_F_IBMCA_MOD_EXP				 103

-#define IBMCA_F_IBMCA_MOD_EXP_CRT			 104

-#define IBMCA_F_IBMCA_RAND_BYTES			 105

-#define IBMCA_F_IBMCA_RSA_MOD_EXP			 106

-/* Reason codes. */

-#define IBMCA_R_ALREADY_LOADED				 100

-#define IBMCA_R_BN_CTX_FULL				 101

-#define IBMCA_R_BN_EXPAND_FAIL				 102

-#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define IBMCA_R_DSO_FAILURE				 104

-#define IBMCA_R_MEXP_LENGTH_TO_LARGE			 105

-#define IBMCA_R_MISSING_KEY_COMPONENTS			 106

-#define IBMCA_R_NOT_INITIALISED				 107

-#define IBMCA_R_NOT_LOADED				 108

-#define IBMCA_R_OPERANDS_TO_LARGE			 109

-#define IBMCA_R_OUTLEN_TO_LARGE				 110

-#define IBMCA_R_REQUEST_FAILED				 111

-#define IBMCA_R_UNDERFLOW_CONDITION			 112

-#define IBMCA_R_UNDERFLOW_KEYRECORD			 113

-#define IBMCA_R_UNIT_FAILURE				 114

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/demos/engines/ibmca/ica_openssl_api.h

+++ /dev/null

@@ -1,189 +1,0 @@

-#ifndef __ICA_OPENSSL_API_H__

-#define __ICA_OPENSSL_API_H__

-/**

- ** abstract data types for API

- **/

-#define ICA_ADAPTER_HANDLE int

-#if defined(linux) || defined (_AIX)

-#define ICA_CALL

-#endif

-#if defined(WIN32) || defined(_WIN32)

-#define ICA_CALL  __stdcall

-#endif

-/*------------------------------------------------*

- | RSA defines and typedefs                       |

- *------------------------------------------------*/

- /*

- * All data elements of the RSA key are in big-endian format

- * Modulus-Exponent form of key

- *

- */

- #define MAX_EXP_SIZE 256

- #define MAX_MODULUS_SIZE 256

- #define MAX_MODEXP_SIZE  (MAX_EXP_SIZE + MAX_MODULUS_SIZE)

- #define MAX_OPERAND_SIZE  MAX_EXP_SIZE

- typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];

- /*

- * All data elements of the RSA key are in big-endian format

- * Chinese Remainder Thereom(CRT) form of key

- * Used only for Decrypt, the encrypt form is typically Modulus-Exponent

- *

- */

- #define MAX_BP_SIZE 136

- #define MAX_BQ_SIZE 128

- #define MAX_NP_SIZE 136

- #define MAX_NQ_SIZE 128

- #define MAX_QINV_SIZE 136

- #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)

-#define RSA_GEN_OPERAND_MAX   256 /* bytes */

-typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];

-/*------------------------------------------------*

- | RSA key token types                            |

- *------------------------------------------------*/

-#define  RSA_PUBLIC_MODULUS_EXPONENT        3

-#define  RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6

-#define KEYTYPE_MODEXPO         1

-#define KEYTYPE_PKCSCRT         2

-/*------------------------------------------------*

- | RSA Key Token format                           |

- *------------------------------------------------*/

-/*

- * NOTE:  All the fields in the ICA_KEY_RSA_MODEXPO structure

- *        (lengths, offsets, exponents, modulus, etc.) are

- *        stored in big-endian format

- */

-typedef struct _ICA_KEY_RSA_MODEXPO

-{   unsigned int  keyType;             /* RSA key type.               */

-    unsigned int  keyLength;           /* Total length of the token.  */

-    unsigned int  modulusBitLength;    /* Modulus n bit length.       */

-                                       /* -- Start of the data length.*/

-    unsigned int  nLength;             /* Modulus n = p * q           */

-    unsigned int  expLength;           /* exponent (public or private)*/

-                                       /*   e = 1/d * mod(p-1)(q-1)   */

-                                       /* -- Start of the data offsets*/

-    unsigned int  nOffset;             /* Modulus n .                 */

-    unsigned int  expOffset;           /* exponent (public or private)*/

-    unsigned char reserved[112];       /* reserved area               */

-                                       /* -- Start of the variable -- */

-                                       /* -- length token data.    -- */

-    ICA_KEY_RSA_MODEXPO_REC keyRecord;

-} ICA_KEY_RSA_MODEXPO;

-#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))

-/*

- * NOTE:  All the fields in the ICA_KEY_RSA_CRT structure

- *        (lengths, offsets, exponents, modulus, etc.) are

- *        stored in big-endian format

- */

-typedef struct _ICA_KEY_RSA_CRT

-{   unsigned int  keyType;             /* RSA key type.               */

-    unsigned int  keyLength;           /* Total length of the token.  */

-    unsigned int  modulusBitLength;    /* Modulus n bit length.       */

-                                       /* -- Start of the data length.*/

-#if _AIX

-    unsigned int  nLength;             /* Modulus n = p * q           */

-#endif

-    unsigned int  pLength;             /* Prime number p .            */

-    unsigned int  qLength;             /* Prime number q .            */

-    unsigned int  dpLength;            /* dp = d * mod(p-1) .         */

-    unsigned int  dqLength;            /* dq = d * mod(q-1) .         */

-    unsigned int  qInvLength;          /* PKCS: qInv = Ap/q           */

-                                       /* -- Start of the data offsets*/

-#if _AIX

-    unsigned int  nOffset;             /* Modulus n .                 */

-#endif

-    unsigned int  pOffset;             /* Prime number p .            */

-    unsigned int  qOffset;             /* Prime number q .            */

-    unsigned int  dpOffset;            /* dp .                        */

-    unsigned int  dqOffset;            /* dq .                        */

-    unsigned int  qInvOffset;          /* qInv for PKCS               */

-#if _AIX

-    unsigned char reserved[80];        /* reserved area               */

-#else

-    unsigned char reserved[88];        /* reserved area               */

-#endif

-                                       /* -- Start of the variable -- */

-                                       /* -- length token data.    -- */

-    ICA_KEY_RSA_CRT_REC keyRecord;

-} ICA_KEY_RSA_CRT;

-#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))

-unsigned int

-icaOpenAdapter( unsigned int        adapterId,

-	        ICA_ADAPTER_HANDLE *pAdapterHandle );

-unsigned int

-icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );

-unsigned int

-icaRsaModExpo( ICA_ADAPTER_HANDLE    hAdapterHandle,

-	       unsigned int          inputDataLength,

-	       unsigned char        *pInputData,

-	       ICA_KEY_RSA_MODEXPO  *pKeyModExpo,

-	       unsigned int         *pOutputDataLength,

-	       unsigned char        *pOutputData );

-unsigned int

-icaRsaCrt( ICA_ADAPTER_HANDLE     hAdapterHandle,

-	   unsigned int           inputDataLength,

-	   unsigned char         *pInputData,

-	   ICA_KEY_RSA_CRT       *pKeyCrt,

-	   unsigned int          *pOutputDataLength,

-	   unsigned char         *pOutputData );

-unsigned int

-icaRandomNumberGenerate( ICA_ADAPTER_HANDLE  hAdapterHandle,

-			 unsigned int        outputDataLength,

-			 unsigned char      *pOutputData );

-/* Specific macros and definitions to not have IFDEF;s all over the

-   main code */

-#if (_AIX)

-static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";

-#elif (WIN32)

-static const char *IBMCA_LIBNAME = "cryptica";

-#else

-static const char *IBMCA_LIBNAME = "ica";

-#endif

-#if (WIN32)

-/*

- The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and

- offsets must be in big-endian format.

-*/

-#define CORRECT_ENDIANNESS(b) (  \

-                             (((unsigned long) (b) & 0x000000ff) << 24) |  \

-                             (((unsigned long) (b) & 0x0000ff00) <<  8) |  \

-                             (((unsigned long) (b) & 0x00ff0000) >>  8) |  \

-                             (((unsigned long) (b) & 0xff000000) >> 24)    \

-                             )

-#define CRT_KEY_TYPE   RSA_PKCS_PRIVATE_CHINESE_REMAINDER

-#define ME_KEY_TYPE    RSA_PUBLIC_MODULUS_EXPONENT

-#else

-#define CORRECT_ENDIANNESS(b) (b)

-#define CRT_KEY_TYPE       KEYTYPE_PKCSCRT

-#define ME_KEY_TYPE        KEYTYPE_MODEXPO

-#endif

-#endif   /* __ICA_OPENSSL_API_H__ */

--- a/sys/src/ape/lib/openssl/demos/engines/rsaref/Makefile

+++ /dev/null

@@ -1,135 +1,0 @@

-LIBNAME=	librsaref

-SRC=		rsaref.c

-OBJ=		rsaref.o

-HEADER=		rsaref.h

-CC=		gcc

-PIC=		-fPIC

-CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT

-AR=		ar r

-RANLIB=		ranlib

-LIB=		$(LIBNAME).a

-SHLIB=		$(LIBNAME).so

-all:

-		@echo 'Please choose a system to build on:'

-		@echo ''

-		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'

-		@echo 'solaris:  Solaris'

-		@echo 'irix:     IRIX'

-		@echo 'hpux32:   32-bit HP/UX'

-		@echo 'hpux64:   64-bit HP/UX'

-		@echo 'aix:      AIX'

-		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'

-		@echo ''

-FORCE.install:

-install:	FORCE.install

-		cd install; \

-			make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a

-FORCE.update:

-update:		FORCE.update

-		perl ../../../util/mkerr.pl -conf rsaref.ec \

-			-nostatic -staticloader -write rsaref.c

-darwin:		install $(SHLIB).darwin

-cygwin:		install $(SHLIB).cygwin

-gnu:		install $(SHLIB).gnu

-alpha-osf1:	install $(SHLIB).alpha-osf1

-tru64:		install $(SHLIB).tru64

-solaris:	install $(SHLIB).solaris

-irix:		install $(SHLIB).irix

-hpux32:		install $(SHLIB).hpux32

-hpux64:		install $(SHLIB).hpux64

-aix:		install $(SHLIB).aix

-reliantunix:	install $(SHLIB).reliantunix

-$(LIB):		$(OBJ)

-		$(AR) $(LIB) $(OBJ)

-		- $(RANLIB) $(LIB)

-LINK_SO=	\

-  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \

-  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \

-   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)

-$(SHLIB).darwin:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='-all_load' \

-		SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).darwin

-$(SHLIB).cygwin:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='--whole-archive' \

-		SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).cygwin

-$(SHLIB).gnu:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='--whole-archive' \

-		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).gnu

-$(SHLIB).tru64:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).tru64

-$(SHLIB).solaris:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='-z allextract' \

-		SHAREDFLAGS='-G -h $(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).solaris

-$(SHLIB).irix:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).irix

-$(SHLIB).hpux32:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='-Fl' \

-		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux32

-$(SHLIB).hpux64:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='+forceload' \

-		SHAREDFLAGS='-b -z +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux64

-$(SHLIB).aix:	$(LIB) install/librsaref.a

-		ALLSYMSFLAGS='-bnogc' \

-		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).aix

-depend:

-		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp

-		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp

-		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp

-		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new

-		rm -f Makefile.tmp Makefile

-		mv Makefile.new Makefile

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h

-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h

-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h

-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h

-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h

-rsaref.o: ../../../include/openssl/opensslconf.h

-rsaref.o: ../../../include/openssl/opensslv.h

-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h

-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h

-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h

-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h

-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h

-rsaref.o: source/rsaref.h

--- a/sys/src/ape/lib/openssl/demos/engines/rsaref/README

+++ /dev/null

@@ -1,22 +1,0 @@

-librsaref.so is a demonstration dynamic engine that does RSA

-operations using the old RSAref 2.0 implementation.

-To make proper use of this engine, you must download RSAref 2.0

-(search the web for rsaref.tar.Z for example) and unpack it in this

-directory, so you'll end up having the subdirectories "install" and

-"source" among others.

-To build, do the following:

-	make

-This will list a number of available targets to choose from.  Most of

-them are architecture-specific.  The exception is "gnu" which is to be

-used on systems where GNU ld and gcc have been installed in such a way

-that gcc uses GNU ld to link together programs and shared libraries.

-The make file assumes you use gcc.  To change that, just reassign CC:

-	make CC=cc

-The result is librsaref.so, which you can copy to any place you wish.

--- a/sys/src/ape/lib/openssl/demos/engines/rsaref/rsaref.c

+++ /dev/null

@@ -1,685 +1,0 @@

-/* Demo of how to construct your own engine and using it.  The basis of this

-   engine is RSAref, an old reference of the RSA algorithm which can still

-   be found a little here and there. */

-#include <stdio.h>

-#include <string.h>

-#include "./source/global.h"

-#include "./source/rsaref.h"

-#include "./source/rsa.h"

-#include "./source/des.h"

-#include <openssl/err.h>

-#define OPENSSL_NO_MD2

-#define OPENSSL_NO_MD5

-#include <openssl/evp.h>

-#include <openssl/bn.h>

-#include <openssl/engine.h>

-#define RSAREF_LIB_NAME "rsaref engine"

-#include "rsaref_err.c"

-/*****************************************************************************

- *** Function declarations and global variable definitions                 ***

- *****************************************************************************/

-/*****************************************************************************

- * Constants used when creating the ENGINE

- **/

-static const char *engine_rsaref_id = "rsaref";

-static const char *engine_rsaref_name = "RSAref engine support";

-/*****************************************************************************

- * Functions to handle the engine

- **/

-static int rsaref_destroy(ENGINE *e);

-static int rsaref_init(ENGINE *e);

-static int rsaref_finish(ENGINE *e);

-#if 0

-static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());

-#endif

-/*****************************************************************************

- * Engine commands

- **/

-static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {

-	{0, NULL, NULL, 0}

-	};

-/*****************************************************************************

- * RSA functions

- **/

-static int rsaref_private_decrypt(int len, const unsigned char *from,

-	unsigned char *to, RSA *rsa, int padding);

-static int rsaref_private_encrypt(int len, const unsigned char *from,

-	unsigned char *to, RSA *rsa, int padding);

-static int rsaref_public_encrypt(int len, const unsigned char *from,

-	unsigned char *to, RSA *rsa, int padding);

-static int rsaref_public_decrypt(int len, const unsigned char *from,

-	unsigned char *to, RSA *rsa, int padding);

-static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,

-			  BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);

-/*****************************************************************************

- * Our RSA method

- **/

-static RSA_METHOD rsaref_rsa =

-{

-  "RSAref PKCS#1 RSA",

-  rsaref_public_encrypt,

-  rsaref_public_decrypt,

-  rsaref_private_encrypt,

-  rsaref_private_decrypt,

-  rsaref_mod_exp,

-  bnref_mod_exp,

-  NULL,

-  NULL,

-  0,

-  NULL,

-  NULL,

-  NULL

-};

-/*****************************************************************************

- * Symetric cipher and digest function registrars

- **/

-static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,

-	const int **nids, int nid);

-static int rsaref_digests(ENGINE *e, const EVP_MD **digest,

-	const int **nids, int nid);

-static int rsaref_cipher_nids[] =

-	{ NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };

-static int rsaref_digest_nids[] =

-	{ NID_md2, NID_md5, 0 };

-/*****************************************************************************

- * DES functions

- **/

-static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc);

-static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl);

-static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);

-static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc);

-static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl);

-static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);

-static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc);

-static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl);

-static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);

-/*****************************************************************************

- * Our DES ciphers

- **/

-static const EVP_CIPHER cipher_des_cbc =

-	{

-	NID_des_cbc,

-	8, 8, 8,

-	0 | EVP_CIPH_CBC_MODE,

-	cipher_des_cbc_init,

-	cipher_des_cbc_code,

-	cipher_des_cbc_clean,

-	sizeof(DES_CBC_CTX),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-static const EVP_CIPHER cipher_des_ede3_cbc =

-	{

-	NID_des_ede3_cbc,

-	8, 24, 8,

-	0 | EVP_CIPH_CBC_MODE,

-	cipher_des_ede3_cbc_init,

-	cipher_des_ede3_cbc_code,

-	cipher_des_ede3_cbc_clean,

-	sizeof(DES3_CBC_CTX),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-static const EVP_CIPHER cipher_desx_cbc =

-	{

-	NID_desx_cbc,

-	8, 24, 8,

-	0 | EVP_CIPH_CBC_MODE,

-	cipher_desx_cbc_init,

-	cipher_desx_cbc_code,

-	cipher_desx_cbc_clean,

-	sizeof(DESX_CBC_CTX),

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-/*****************************************************************************

- * MD functions

- **/

-static int digest_md2_init(EVP_MD_CTX *ctx);

-static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,

-	unsigned long count);

-static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);

-static int digest_md5_init(EVP_MD_CTX *ctx);

-static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,

-	unsigned long count);

-static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);

-/*****************************************************************************

- * Our MD digests

- **/

-static const EVP_MD digest_md2 =

-	{

-	NID_md2,

-	NID_md2WithRSAEncryption,

-	16,

-	0,

-	digest_md2_init,

-	digest_md2_update,

-	digest_md2_final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	16,

-	sizeof(MD2_CTX)

-	};

-static const EVP_MD digest_md5 =

-	{

-	NID_md5,

-	NID_md5WithRSAEncryption,

-	16,

-	0,

-	digest_md5_init,

-	digest_md5_update,

-	digest_md5_final,

-	NULL,

-	NULL,

-	EVP_PKEY_RSA_method,

-	64,

-	sizeof(MD5_CTX)

-	};

-/*****************************************************************************

- *** Function definitions                                                  ***

- *****************************************************************************/

-/*****************************************************************************

- * Functions to handle the engine

- **/

-static int bind_rsaref(ENGINE *e)

-	{

-	const RSA_METHOD *meth1;

-	if(!ENGINE_set_id(e, engine_rsaref_id)

-		|| !ENGINE_set_name(e, engine_rsaref_name)

-		|| !ENGINE_set_RSA(e, &rsaref_rsa)

-		|| !ENGINE_set_ciphers(e, rsaref_ciphers)

-		|| !ENGINE_set_digests(e, rsaref_digests)

-		|| !ENGINE_set_destroy_function(e, rsaref_destroy)

-		|| !ENGINE_set_init_function(e, rsaref_init)

-		|| !ENGINE_set_finish_function(e, rsaref_finish)

-		/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */

-		/* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)

-		return 0;

-	/* Ensure the rsaref error handling is set up */

-	ERR_load_RSAREF_strings();

-	return 1;

-	}

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static int bind_helper(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_rsaref_id) != 0))

-		return 0;

-	if(!bind_rsaref(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)

-#else

-static ENGINE *engine_rsaref(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_rsaref(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_rsaref(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_rsaref();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* Initiator which is only present to make sure this engine looks available */

-static int rsaref_init(ENGINE *e)

-	{

-	return 1;

-	}

-/* Finisher which is only present to make sure this engine looks available */

-static int rsaref_finish(ENGINE *e)

-	{

-	return 1;

-	}

-/* Destructor (complements the "ENGINE_ncipher()" constructor) */

-static int rsaref_destroy(ENGINE *e)

-	{

-	ERR_unload_RSAREF_strings();

-	return 1;

-	}

-/*****************************************************************************

- * RSA functions

- **/

-static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)

-	{

-	RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(0);

-	}

-static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(0);

-	}

-/* unsigned char *to:  [max]    */

-static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)

-	{

-	int i;

-	i=BN_num_bytes(from);

-	if (i > max)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);

-		return(0);

-		}

-	memset(to,0,(unsigned int)max);

-	if (!BN_bn2bin(from,&(to[max-i])))

-		return(0);

-	return(1);

-	}

-#ifdef undef

-/* unsigned char *from:  [max]    */

-static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)

-	{

-	int i;

-	BIGNUM *ret;

-	for (i=0; i<max; i++)

-		if (from[i]) break;

-	ret=BN_bin2bn(&(from[i]),max-i,to);

-	return(ret);

-	}

-static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)

-	{

-	to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);

-	to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);

-	if ((to->n == NULL) || (to->e == NULL)) return(0);

-	return(1);

-	}

-#endif

-static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)

-	{

-	to->bits=BN_num_bits(from->n);

-	if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);

-	if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);

-	return(1);

-	}

-#ifdef undef

-static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)

-	{

-	if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)

-		return(0);

-	if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)

-		return(0);

-	if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)

-		return(0);

-	if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)

-		return(0);

-	if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)

-		return(0);

-	if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))

-		== NULL)

-		return(0);

-	if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))

-		== NULL)

-		return(0);

-	if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)

-		return(0);

-	return(1);

-	}

-#endif

-static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)

-	{

-	to->bits=BN_num_bits(from->n);

-	if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);

-	if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);

-	if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);

-	if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);

-	if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);

-	if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);

-	if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);

-	if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);

-	return(1);

-	}

-static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	int i,outlen= -1;

-	R_RSA_PRIVATE_KEY RSAkey;

-	if (!RSAref_Private_eay2ref(rsa,&RSAkey))

-		goto err;

-	if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);

-		outlen= -1;

-		}

-err:

-	memset(&RSAkey,0,sizeof(RSAkey));

-	return(outlen);

-	}

-static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	int i,outlen= -1;

-	R_RSA_PRIVATE_KEY RSAkey;

-	if (padding != RSA_PKCS1_PADDING)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);

-		goto err;

-	}

-	if (!RSAref_Private_eay2ref(rsa,&RSAkey))

-		goto err;

-	if ((i=RSAPrivateEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);

-		outlen= -1;

-		}

-err:

-	memset(&RSAkey,0,sizeof(RSAkey));

-	return(outlen);

-	}

-static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	int i,outlen= -1;

-	R_RSA_PUBLIC_KEY RSAkey;

-	if (!RSAref_Public_eay2ref(rsa,&RSAkey))

-		goto err;

-	if ((i=RSAPublicDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);

-		outlen= -1;

-		}

-err:

-	memset(&RSAkey,0,sizeof(RSAkey));

-	return(outlen);

-	}

-static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,

-	     RSA *rsa, int padding)

-	{

-	int outlen= -1;

-	int i;

-	R_RSA_PUBLIC_KEY RSAkey;

-	R_RANDOM_STRUCT rnd;

-	unsigned char buf[16];

-	if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);

-		goto err;

-		}

-	R_RandomInit(&rnd);

-	R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);

-	while (i > 0)

-		{

-		if (RAND_bytes(buf,16) <= 0)

-			goto err;

-		R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));

-		i-=16;

-		}

-	if (!RSAref_Public_eay2ref(rsa,&RSAkey))

-		goto err;

-	if ((i=RSAPublicEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)

-		{

-		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);

-		outlen= -1;

-		goto err;

-		}

-err:

-	memset(&RSAkey,0,sizeof(RSAkey));

-	R_RandomFinal(&rnd);

-	memset(&rnd,0,sizeof(rnd));

-	return(outlen);

-	}

-/*****************************************************************************

- * Symetric cipher and digest function registrars

- **/

-static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,

-	const int **nids, int nid)

-	{

-	int ok = 1;

-	if(!cipher)

-		{

-		/* We are returning a list of supported nids */

-		*nids = rsaref_cipher_nids;

-		return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);

-		}

-	/* We are being asked for a specific cipher */

-	switch (nid)

-		{

-	case NID_des_cbc:

-		*cipher = &cipher_des_cbc; break;

-	case NID_des_ede3_cbc:

-		*cipher = &cipher_des_ede3_cbc; break;

-	case NID_desx_cbc:

-		*cipher = &cipher_desx_cbc; break;

-	default:

-		ok = 0;

-		*cipher = NULL;

-		break;

-		}

-	return ok;

-	}

-static int rsaref_digests(ENGINE *e, const EVP_MD **digest,

-	const int **nids, int nid)

-	{

-	int ok = 1;

-	if(!digest)

-		{

-		/* We are returning a list of supported nids */

-		*nids = rsaref_digest_nids;

-		return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);

-		}

-	/* We are being asked for a specific digest */

-	switch (nid)

-		{

-	case NID_md2:

-		*digest = &digest_md2; break;

-	case NID_md5:

-		*digest = &digest_md5; break;

-	default:

-		ok = 0;

-		*digest = NULL;

-		break;

-		}

-	return ok;

-	}

-/*****************************************************************************

- * DES functions

- **/

-#undef data

-#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)

-static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc)

-	{

-	DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);

-	return 1;

-	}

-static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl)

-	{

-	int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);

-	switch (ret)

-		{

-	case RE_LEN:

-		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);

-		break;

-	case 0:

-		break;

-	default:

-		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);

-		}

-	return !ret;

-	}

-static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)

-	{

-	memset(data(ctx), 0, ctx->cipher->ctx_size);

-	return 1;

-	}

-#undef data

-#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)

-static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc)

-	{

-	DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,

-		enc);

-	return 1;

-	}

-static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl)

-	{

-	int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);

-	switch (ret)

-		{

-	case RE_LEN:

-		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);

-		break;

-	case 0:

-		break;

-	default:

-		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);

-		}

-	return !ret;

-	}

-static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)

-	{

-	memset(data(ctx), 0, ctx->cipher->ctx_size);

-	return 1;

-	}

-#undef data

-#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)

-static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,

-	const unsigned char *iv, int enc)

-	{

-	DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,

-		enc);

-	return 1;

-	}

-static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,

-	const unsigned char *in, unsigned int inl)

-	{

-	int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);

-	switch (ret)

-		{

-	case RE_LEN:

-		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);

-		break;

-	case 0:

-		break;

-	default:

-		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);

-		}

-	return !ret;

-	}

-static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)

-	{

-	memset(data(ctx), 0, ctx->cipher->ctx_size);

-	return 1;

-	}

-/*****************************************************************************

- * MD functions

- **/

-#undef data

-#define data(ctx) ((MD2_CTX *)(ctx)->md_data)

-static int digest_md2_init(EVP_MD_CTX *ctx)

-	{

-	MD2Init(data(ctx));

-	return 1;

-	}

-static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,

-	unsigned long count)

-	{

-	MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);

-	return 1;

-	}

-static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)

-	{

-	MD2Final(md, data(ctx));

-	return 1;

-	}

-#undef data

-#define data(ctx) ((MD5_CTX *)(ctx)->md_data)

-static int digest_md5_init(EVP_MD_CTX *ctx)

-	{

-	MD5Init(data(ctx));

-	return 1;

-	}

-static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,

-	unsigned long count)

-	{

-	MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);

-	return 1;

-	}

-static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)

-	{

-	MD5Final(md, data(ctx));

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/demos/engines/rsaref/rsaref.ec

+++ /dev/null

@@ -1,8 +1,0 @@

-# configuration file for util/mkerr.pl

-#

-# use like this:

-#

-#	perl ../../../util/mkerr.pl -conf rsaref.ec \

-#		-nostatic -staticloader -write *.c

-L RSAREF	rsaref_err.h			rsaref_err.c

--- a/sys/src/ape/lib/openssl/demos/engines/rsaref/rsaref_err.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* rsaref_err.c */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "rsaref_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-static ERR_STRING_DATA RSAREF_str_functs[]=

-	{

-{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0),	"BNREF_MOD_EXP"},

-{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0),	"CIPHER_DES_CBC_CODE"},

-{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0),	"RSAREF_BN2BIN"},

-{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0),	"RSAREF_MOD_EXP"},

-{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0),	"RSAREF_PRIVATE_DECRYPT"},

-{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0),	"RSAREF_PRIVATE_ENCRYPT"},

-{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0),	"RSAREF_PUBLIC_DECRYPT"},

-{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0),	"RSAREF_PUBLIC_ENCRYPT"},

-{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0),	"RSA_BN2BIN"},

-{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0),	"RSA_PRIVATE_DECRYPT"},

-{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0),	"RSA_PRIVATE_ENCRYPT"},

-{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0),	"RSA_PUBLIC_DECRYPT"},

-{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0),	"RSA_PUBLIC_ENCRYPT"},

-{0,NULL}

-	};

-static ERR_STRING_DATA RSAREF_str_reasons[]=

-	{

-{RSAREF_R_CONTENT_ENCODING               ,"content encoding"},

-{RSAREF_R_DATA                           ,"data"},

-{RSAREF_R_DIGEST_ALGORITHM               ,"digest algorithm"},

-{RSAREF_R_ENCODING                       ,"encoding"},

-{RSAREF_R_ENCRYPTION_ALGORITHM           ,"encryption algorithm"},

-{RSAREF_R_KEY                            ,"key"},

-{RSAREF_R_KEY_ENCODING                   ,"key encoding"},

-{RSAREF_R_LEN                            ,"len"},

-{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED       ,"length not block aligned"},

-{RSAREF_R_MODULUS_LEN                    ,"modulus len"},

-{RSAREF_R_NEED_RANDOM                    ,"need random"},

-{RSAREF_R_PRIVATE_KEY                    ,"private key"},

-{RSAREF_R_PUBLIC_KEY                     ,"public key"},

-{RSAREF_R_SIGNATURE                      ,"signature"},

-{RSAREF_R_SIGNATURE_ENCODING             ,"signature encoding"},

-{RSAREF_R_UNKNOWN_FAULT                  ,"unknown fault"},

-{0,NULL}

-	};

-#endif

-#ifdef RSAREF_LIB_NAME

-static ERR_STRING_DATA RSAREF_lib_name[]=

-        {

-{0	,RSAREF_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int RSAREF_lib_error_code=0;

-static int RSAREF_error_init=1;

-static void ERR_load_RSAREF_strings(void)

-	{

-	if (RSAREF_lib_error_code == 0)

-		RSAREF_lib_error_code=ERR_get_next_error_library();

-	if (RSAREF_error_init)

-		{

-		RSAREF_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);

-		ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);

-#endif

-#ifdef RSAREF_LIB_NAME

-		RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);

-		ERR_load_strings(0,RSAREF_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_RSAREF_strings(void)

-	{

-	if (RSAREF_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);

-		ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);

-#endif

-#ifdef RSAREF_LIB_NAME

-		ERR_unload_strings(0,RSAREF_lib_name);

-#endif

-		RSAREF_error_init=1;

-		}

-	}

-static void ERR_RSAREF_error(int function, int reason, char *file, int line)

-	{

-	if (RSAREF_lib_error_code == 0)

-		RSAREF_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/demos/engines/rsaref/rsaref_err.h

+++ /dev/null

@@ -1,109 +1,0 @@

-/* rsaref_err.h */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_RSAREF_ERR_H

-#define HEADER_RSAREF_ERR_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_RSAREF_strings(void);

-static void ERR_unload_RSAREF_strings(void);

-static void ERR_RSAREF_error(int function, int reason, char *file, int line);

-#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the RSAREF functions. */

-/* Function codes. */

-#define RSAREF_F_BNREF_MOD_EXP				 100

-#define RSAREF_F_CIPHER_DES_CBC_CODE			 112

-#define RSAREF_F_RSAREF_BN2BIN				 101

-#define RSAREF_F_RSAREF_MOD_EXP				 102

-#define RSAREF_F_RSAREF_PRIVATE_DECRYPT			 103

-#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT			 104

-#define RSAREF_F_RSAREF_PUBLIC_DECRYPT			 105

-#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT			 106

-#define RSAREF_F_RSA_BN2BIN				 107

-#define RSAREF_F_RSA_PRIVATE_DECRYPT			 108

-#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 109

-#define RSAREF_F_RSA_PUBLIC_DECRYPT			 110

-#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 111

-/* Reason codes. */

-#define RSAREF_R_CONTENT_ENCODING			 100

-#define RSAREF_R_DATA					 101

-#define RSAREF_R_DIGEST_ALGORITHM			 102

-#define RSAREF_R_ENCODING				 103

-#define RSAREF_R_ENCRYPTION_ALGORITHM			 104

-#define RSAREF_R_KEY					 105

-#define RSAREF_R_KEY_ENCODING				 106

-#define RSAREF_R_LEN					 107

-#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED		 114

-#define RSAREF_R_MODULUS_LEN				 108

-#define RSAREF_R_NEED_RANDOM				 109

-#define RSAREF_R_PRIVATE_KEY				 110

-#define RSAREF_R_PUBLIC_KEY				 111

-#define RSAREF_R_SIGNATURE				 112

-#define RSAREF_R_SIGNATURE_ENCODING			 113

-#define RSAREF_R_UNKNOWN_FAULT				 115

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/demos/engines/zencod/Makefile

+++ /dev/null

@@ -1,114 +1,0 @@

-LIBNAME=	libzencod

-SRC=		hw_zencod.c

-OBJ=		hw_zencod.o

-HEADER=		hw_zencod.h

-CC=		gcc

-PIC=		-fPIC

-CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC

-AR=		ar r

-RANLIB=		ranlib

-LIB=		$(LIBNAME).a

-SHLIB=		$(LIBNAME).so

-all:

-		@echo 'Please choose a system to build on:'

-		@echo ''

-		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'

-		@echo 'solaris:  Solaris'

-		@echo 'irix:     IRIX'

-		@echo 'hpux32:   32-bit HP/UX'

-		@echo 'hpux64:   64-bit HP/UX'

-		@echo 'aix:      AIX'

-		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'

-		@echo ''

-FORCE.update:

-update:		FORCE.update

-		perl ../../../util/mkerr.pl -conf hw_zencod.ec \

-			-nostatic -staticloader -write hw_zencod.c

-gnu:		$(SHLIB).gnu

-tru64:		$(SHLIB).tru64

-solaris:	$(SHLIB).solaris

-irix:		$(SHLIB).irix

-hpux32:		$(SHLIB).hpux32

-hpux64:		$(SHLIB).hpux64

-aix:		$(SHLIB).aix

-$(LIB):		$(OBJ)

-		$(AR) $(LIB) $(OBJ)

-		- $(RANLIB) $(LIB)

-LINK_SO=	\

-  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \

-  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \

-   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)

-$(SHLIB).gnu:	$(LIB)

-		ALLSYMSFLAGS='--whole-archive' \

-		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).gnu

-$(SHLIB).tru64:	$(LIB)

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).tru64

-$(SHLIB).solaris:	$(LIB)

-		ALLSYMSFLAGS='-z allextract' \

-		SHAREDFLAGS='-G -h $(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).solaris

-$(SHLIB).irix:	$(LIB)

-		ALLSYMSFLAGS='-all' \

-		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).irix

-$(SHLIB).hpux32:	$(LIB)

-		ALLSYMSFLAGS='-Fl' \

-		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux32

-$(SHLIB).hpux64:	$(LIB)

-		ALLSYMSFLAGS='+forceload' \

-		SHAREDFLAGS='-b -z +h $(SHLIB)' \

-		SHAREDCMD='/usr/ccs/bin/ld'; \

-		$(LINK_SO)

-		touch $(SHLIB).hpux64

-$(SHLIB).aix:	$(LIB)

-		ALLSYMSFLAGS='-bnogc' \

-		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \

-		SHAREDCMD='$(CC)'; \

-		$(LINK_SO)

-		touch $(SHLIB).aix

-depend:

-		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp

-		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp

-		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp

-		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new

-		rm -f Makefile.tmp Makefile

-		mv Makefile.new Makefile

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h

-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h

-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h

-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h

-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h

-rsaref.o: ../../../include/openssl/opensslconf.h

-rsaref.o: ../../../include/openssl/opensslv.h

-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h

-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h

-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h

-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h

-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h

-rsaref.o: source/rsaref.h

--- a/sys/src/ape/lib/openssl/demos/engines/zencod/hw_zencod.c

+++ /dev/null

@@ -1,1739 +1,0 @@

-/* crypto/engine/hw_zencod.c */

- /* Written by Fred Donnat ([email protected]) for "zencod"

- * engine integration in order to redirect crypto computing on a crypto

- * hardware accelerator zenssl32  ;-)

- *

- * Date : 25 jun 2002

- * Revision : 17 Ju7 2002

- * Version : zencod_engine-0.9.7

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ENGINE general include */

-#include <stdio.h>

-#include <openssl/crypto.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_ZENCOD

-#ifdef FLAT_INC

-#  include "hw_zencod.h"

-#else

-#  include "vendor_defns/hw_zencod.h"

-#endif

-#define ZENCOD_LIB_NAME "zencod engine"

-#include "hw_zencod_err.c"

-#define FAIL_TO_SOFTWARE		-15

-#define	ZEN_LIBRARY	"zenbridge"

-#if 0

-#  define PERROR(s)	perror(s)

-#  define CHEESE()	fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)

-#else

-#  define PERROR(s)

-#  define CHEESE()

-#endif

-/* Sorry ;) */

-#ifndef WIN32

-static inline void esrever ( unsigned char *d, int l )

-{

-	for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}

-}

-static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )

-{

-	for(d+=l;l--;)*--d=*s++;

-}

-#else

-static __inline void esrever ( unsigned char *d, int l )

-{

-	for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}

-}

-static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )

-{

-	for(d+=l;l--;)*--d=*s++;

-}

-#endif

-#define BIGNUM2ZEN(n, bn)	(ptr_zencod_init_number((n), \

-					(unsigned long) ((bn)->top * BN_BITS2), \

-					(unsigned char *) ((bn)->d)))

-#define ZEN_BITS(n, bytes)	(ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))

-#define ZEN_BYTES(bits)	(ptr_zencod_bits2bytes((unsigned long) (bits)))

-/* Function for ENGINE detection and control */

-static int zencod_destroy ( ENGINE *e ) ;

-static int zencod_init ( ENGINE *e ) ;

-static int zencod_finish ( ENGINE *e ) ;

-static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;

-/* BIGNUM stuff */

-static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;

-/* RSA stuff */

-#ifndef OPENSSL_NO_RSA

-static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;

-static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;

-#endif

-/* DSA stuff */

-#ifndef OPENSSL_NO_DSA

-static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx ) ;

-static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;

-static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,

-		DSA *dsa ) ;

-#endif

-/* DH stuff */

-#ifndef OPENSSL_NO_DH

-static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx ) ;

-static int DH_zencod_generate_key ( DH *dh ) ;

-static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;

-#endif

-/* Rand stuff */

-static void RAND_zencod_seed ( const void *buf, int num ) ;

-static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;

-static int RAND_zencod_rand_status ( void ) ;

-/* Digest Stuff */

-static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;

-/* Cipher Stuff */

-static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;

-#define ZENCOD_CMD_SO_PATH			ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =

-{

-	{ ZENCOD_CMD_SO_PATH,

-	  "SO_PATH",

-	  "Specifies the path to the 'zenbridge' shared library",

-	  ENGINE_CMD_FLAG_STRING},

-	{ 0, NULL, NULL, 0 }

-} ;

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */

-static RSA_METHOD zencod_rsa =

-{

-	"ZENCOD RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	RSA_zencod_rsa_mod_exp,

-	RSA_zencod_bn_mod_exp,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL

-} ;

-#endif

-#ifndef OPENSSL_NO_DSA

-/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */

-static DSA_METHOD zencod_dsa =

-{

-	"ZENCOD DSA method",

-	DSA_zencod_do_sign,

-	NULL,

-	DSA_zencod_do_verify,

-	NULL,

-	DSA_zencod_bn_mod_exp,

-	NULL,

-	NULL,

-	0,

-	NULL

-} ;

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */

-static DH_METHOD zencod_dh =

-{

-	"ZENCOD DH method",

-	DH_zencod_generate_key,

-	DH_zencod_compute_key,

-	DH_zencod_bn_mod_exp,

-	NULL,

-	NULL,

-	0,

-	NULL

-} ;

-#endif

-/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to  our function */

-static RAND_METHOD zencod_rand =

-{

-	RAND_zencod_seed,

-	RAND_zencod_rand_bytes,

-	NULL,

-	NULL,

-	RAND_zencod_rand_bytes,

-	RAND_zencod_rand_status

-} ;

-/* Constants used when creating the ENGINE */

-static const char *engine_zencod_id = "zencod";

-static const char *engine_zencod_name = "ZENCOD hardware engine support";

-/* This internal function is used by ENGINE_zencod () and possibly by the

- * "dynamic" ENGINE support too   ;-)

- */

-static int bind_helper ( ENGINE *e )

-{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth_rsa ;

-#endif

-#ifndef OPENSSL_NO_DSA

-	const DSA_METHOD *meth_dsa ;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth_dh ;

-#endif

-	const RAND_METHOD *meth_rand ;

-	if ( !ENGINE_set_id ( e, engine_zencod_id ) ||

-			!ENGINE_set_name ( e, engine_zencod_name ) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA ( e, &zencod_rsa ) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-			!ENGINE_set_DSA ( e, &zencod_dsa ) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH ( e, &zencod_dh ) ||

-#endif

-			!ENGINE_set_RAND ( e, &zencod_rand ) ||

-			!ENGINE_set_destroy_function ( e, zencod_destroy ) ||

-			!ENGINE_set_init_function ( e, zencod_init ) ||

-			!ENGINE_set_finish_function ( e, zencod_finish ) ||

-			!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||

-			!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||

-			!ENGINE_set_digests ( e, engine_digests ) ||

-			!ENGINE_set_ciphers ( e, engine_ciphers ) ) {

-		return 0 ;

-	}

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the Zencod-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway!

-	 */

-	meth_rsa = RSA_PKCS1_SSLeay () ;

-	zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;

-	zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;

-	zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;

-	zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;

-	/* meth_rsa->rsa_mod_exp */

-	/* meth_rsa->bn_mod_exp */

-	zencod_rsa.init = meth_rsa->init ;

-	zencod_rsa.finish = meth_rsa->finish ;

-#endif

-#ifndef OPENSSL_NO_DSA

-	/* We use OpenSSL meth to supply what we don't provide ;-*)

-	 */

-	meth_dsa = DSA_OpenSSL () ;

-	/* meth_dsa->dsa_do_sign */

-	zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;

-	/* meth_dsa->dsa_do_verify */

-	zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;

-	/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */

-	zencod_dsa.init = meth_dsa->init ;

-	zencod_dsa.finish = meth_dsa->finish ;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* We use OpenSSL meth to supply what we don't provide ;-*)

-	 */

-	meth_dh = DH_OpenSSL () ;

-	/* zencod_dh.generate_key = meth_dh->generate_key ; */

-	/* zencod_dh.compute_key = meth_dh->compute_key ; */

-	/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */

-	zencod_dh.init = meth_dh->init ;

-	zencod_dh.finish = meth_dh->finish ;

-#endif

-	/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)

-	 */

-	meth_rand = RAND_SSLeay () ;

-	/* meth_rand->seed ; */

-	/* zencod_rand.seed = meth_rand->seed ; */

-	/* meth_rand->bytes ; */

-	/* zencod_rand.bytes = meth_rand->bytes ; */

-	zencod_rand.cleanup = meth_rand->cleanup ;

-	zencod_rand.add = meth_rand->add ;

-	/* meth_rand->pseudorand ; */

-	/* zencod_rand.pseudorand = meth_rand->pseudorand ; */

-	/* zencod_rand.status = meth_rand->status ; */

-	/* meth_rand->status ; */

-	/* Ensure the zencod error handling is set up */

-	ERR_load_ZENCOD_strings () ;

-	return 1 ;

-}

-/* As this is only ever called once, there's no need for locking

- * (indeed - the lock will already be held by our caller!!!)

- */

-static ENGINE *ENGINE_zencod ( void )

-{

-	ENGINE *eng = ENGINE_new () ;

-	if ( !eng ) {

-		return NULL ;

-	}

-	if ( !bind_helper ( eng ) ) {

-		ENGINE_free ( eng ) ;

-		return NULL ;

-	}

-	return eng ;

-}

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static

-#endif

-void ENGINE_load_zencod ( void )

-{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = ENGINE_zencod ( ) ;

-	if ( !toadd ) return ;

-	ENGINE_add ( toadd ) ;

-	ENGINE_free ( toadd ) ;

-	ERR_clear_error ( ) ;

-}

-/* This is a process-global DSO handle used for loading and unloading

- * the ZENBRIDGE library.

- * NB: This is only set (or unset) during an * init () or finish () call

- * (reference counts permitting) and they're  * operating with global locks,

- * so this should be thread-safe * implicitly.

- */

-static DSO *zencod_dso = NULL ;

-static t_zencod_test *ptr_zencod_test = NULL ;

-static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;

-static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;

-static t_zencod_new_number *ptr_zencod_new_number = NULL ;

-static t_zencod_init_number *ptr_zencod_init_number = NULL ;

-static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;

-static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;

-static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;

-static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;

-static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;

-static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;

-static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;

-static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;

-static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;

-static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;

-static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;

-static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;

-static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;

-static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;

-static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;

-static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;

-/* These are the static string constants for the DSO file name and the function

- * symbol names to bind to.

- */

-static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;

-static const char *ZENCOD_Fct_0 = "test_device" ;

-static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;

-static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;

-static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;

-static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;

-static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;

-static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;

-static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;

-static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;

-static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;

-static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;

-static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;

-static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;

-static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;

-static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;

-static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;

-static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;

-static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;

-static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;

-static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;

-static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;

-/* Destructor (complements the "ENGINE_zencod ()" constructor)

- */

-static int zencod_destroy (ENGINE *e )

-{

-	ERR_unload_ZENCOD_strings () ;

-	return 1 ;

-}

-/* (de)initialisation functions. Control Function

- */

-static int zencod_init ( ENGINE *e )

-{

-	t_zencod_test *ptr_0 ;

-	t_zencod_bytes2bits *ptr_1 ;

-	t_zencod_bits2bytes *ptr_2 ;

-	t_zencod_new_number *ptr_3 ;

-	t_zencod_init_number *ptr_4 ;

-	t_zencod_rsa_mod_exp *ptr_exp_1 ;

-	t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;

-	t_zencod_dsa_do_sign *ptr_dsa_1 ;

-	t_zencod_dsa_do_verify *ptr_dsa_2 ;

-	t_zencod_dh_generate_key *ptr_dh_1 ;

-	t_zencod_dh_compute_key *ptr_dh_2 ;

-	t_zencod_rand_bytes *ptr_rand_1 ;

-	t_zencod_math_mod_exp *ptr_math_1 ;

-	t_zencod_md5_init *ptr_md5_1 ;

-	t_zencod_md5_update *ptr_md5_2 ;

-	t_zencod_md5_do_final *ptr_md5_3 ;

-	t_zencod_sha1_init *ptr_sha1_1 ;

-	t_zencod_sha1_update *ptr_sha1_2 ;

-	t_zencod_sha1_do_final *ptr_sha1_3 ;

-	t_zencod_xdes_cipher *ptr_xdes_1 ;

-	t_zencod_rc4_cipher *ptr_rc4_1 ;

-	CHEESE () ;

-	/*

-	 * We Should add some tests for non NULL parameters or bad value !!

-	 * Stuff to be done ...

-	 */

-	if ( zencod_dso != NULL ) {

-		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;

-		goto err ;

-	}

-	/* Trying to load the Library "cryptozen"

-	 */

-	zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;

-	if ( zencod_dso == NULL ) {

-		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;

-		goto err ;

-	}

-	/* Trying to load Function from the Library

-	 */

-	if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||

-			! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||

-			! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||

-			! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||

-			! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||

-			! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||

-			! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||

-			! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||

-			! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||

-			! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||

-			! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||

-			! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||

-			! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||

-			! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||

-			! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||

-			! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||

-			! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||

-			! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||

-			! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||

-			! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||

-			! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {

-		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;

-		goto err ;

-	}

-	/* The function from "cryptozen" Library have been correctly loaded so copy them

-	 */

-	ptr_zencod_test = ptr_0 ;

-	ptr_zencod_bytes2bits = ptr_1 ;

-	ptr_zencod_bits2bytes = ptr_2 ;

-	ptr_zencod_new_number = ptr_3 ;

-	ptr_zencod_init_number = ptr_4 ;

-	ptr_zencod_rsa_mod_exp = ptr_exp_1 ;

-	ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;

-	ptr_zencod_dsa_do_sign = ptr_dsa_1 ;

-	ptr_zencod_dsa_do_verify = ptr_dsa_2 ;

-	ptr_zencod_dh_generate_key = ptr_dh_1 ;

-	ptr_zencod_dh_compute_key = ptr_dh_2 ;

-	ptr_zencod_rand_bytes = ptr_rand_1 ;

-	ptr_zencod_math_mod_exp = ptr_math_1 ;

-	ptr_zencod_test = ptr_0 ;

-	ptr_zencod_md5_init = ptr_md5_1 ;

-	ptr_zencod_md5_update = ptr_md5_2 ;

-	ptr_zencod_md5_do_final = ptr_md5_3 ;

-	ptr_zencod_sha1_init = ptr_sha1_1 ;

-	ptr_zencod_sha1_update = ptr_sha1_2 ;

-	ptr_zencod_sha1_do_final = ptr_sha1_3 ;

-	ptr_zencod_xdes_cipher = ptr_xdes_1 ;

-	ptr_zencod_rc4_cipher = ptr_rc4_1 ;

-	/* We should peform a test to see if there is actually any unit runnig on the system ...

-	 * Even if the cryptozen library is loaded the module coul not be loaded on the system ...

-	 * For now we may just open and close the device !!

-	 */

-	if ( ptr_zencod_test () != 0 ) {

-		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;

-		goto err ;

-	}

-	return 1 ;

-err :

-	if ( zencod_dso ) {

-		DSO_free ( zencod_dso ) ;

-	}

-	zencod_dso = NULL ;

-	ptr_zencod_bytes2bits = NULL ;

-	ptr_zencod_bits2bytes = NULL ;

-	ptr_zencod_new_number = NULL ;

-	ptr_zencod_init_number = NULL ;

-	ptr_zencod_rsa_mod_exp = NULL ;

-	ptr_zencod_rsa_mod_exp_crt = NULL ;

-	ptr_zencod_dsa_do_sign = NULL ;

-	ptr_zencod_dsa_do_verify = NULL ;

-	ptr_zencod_dh_generate_key = NULL ;

-	ptr_zencod_dh_compute_key = NULL ;

-	ptr_zencod_rand_bytes = NULL ;

-	ptr_zencod_math_mod_exp = NULL ;

-	ptr_zencod_test = NULL ;

-	ptr_zencod_md5_init = NULL ;

-	ptr_zencod_md5_update = NULL ;

-	ptr_zencod_md5_do_final = NULL ;

-	ptr_zencod_sha1_init = NULL ;

-	ptr_zencod_sha1_update = NULL ;

-	ptr_zencod_sha1_do_final = NULL ;

-	ptr_zencod_xdes_cipher = NULL ;

-	ptr_zencod_rc4_cipher = NULL ;

-	return 0 ;

-}

-static int zencod_finish ( ENGINE *e )

-{

-	CHEESE () ;

-	/*

-	 * We Should add some tests for non NULL parameters or bad value !!

-	 * Stuff to be done ...

-	 */

-	if ( zencod_dso == NULL ) {

-		ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;

-		return 0 ;

-	}

-	if ( !DSO_free ( zencod_dso ) ) {

-		ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;

-		return 0 ;

-	}

-	zencod_dso = NULL ;

-	ptr_zencod_bytes2bits = NULL ;

-	ptr_zencod_bits2bytes = NULL ;

-	ptr_zencod_new_number = NULL ;

-	ptr_zencod_init_number = NULL ;

-	ptr_zencod_rsa_mod_exp = NULL ;

-	ptr_zencod_rsa_mod_exp_crt = NULL ;

-	ptr_zencod_dsa_do_sign = NULL ;

-	ptr_zencod_dsa_do_verify = NULL ;

-	ptr_zencod_dh_generate_key = NULL ;

-	ptr_zencod_dh_compute_key = NULL ;

-	ptr_zencod_rand_bytes = NULL ;

-	ptr_zencod_math_mod_exp = NULL ;

-	ptr_zencod_test = NULL ;

-	ptr_zencod_md5_init = NULL ;

-	ptr_zencod_md5_update = NULL ;

-	ptr_zencod_md5_do_final = NULL ;

-	ptr_zencod_sha1_init = NULL ;

-	ptr_zencod_sha1_update = NULL ;

-	ptr_zencod_sha1_do_final = NULL ;

-	ptr_zencod_xdes_cipher = NULL ;

-	ptr_zencod_rc4_cipher = NULL ;

-	return 1 ;

-}

-static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )

-{

-	int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;

-	CHEESE () ;

-	/*

-	 * We Should add some tests for non NULL parameters or bad value !!

-	 * Stuff to be done ...

-	 */

-	switch ( cmd ) {

-	case ZENCOD_CMD_SO_PATH :

-		if ( p == NULL ) {

-			ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;

-			return 0 ;

-		}

-		if ( initialised ) {

-			ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;

-			return 0 ;

-		}

-		ZENCOD_LIBNAME = (const char *) p ;

-		return 1 ;

-	default :

-		break ;

-	}

-	ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;

-	return 0 ;

-}

-/* BIGNUM stuff Functions

- */

-static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )

-{

-	zen_nb_t y, x, e, n;

-	int ret;

-	CHEESE () ;

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	if ( !bn_wexpand(r, m->top + 1) ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);

-		return 0;

-	}

-	memset(r->d, 0, BN_num_bytes(m));

-	ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;

-	BIGNUM2ZEN ( &x, a ) ;

-	BIGNUM2ZEN ( &e, p ) ;

-	BIGNUM2ZEN ( &n, m ) ;

-	/* Must invert x and e parameter due to BN mod exp prototype ... */

-	ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;

-	if ( ret )  {

-		PERROR("zenbridge_math_mod_exp");

-		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);

-		return 0;

-	}

-	r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;

-	return 1;

-}

-/* RSA stuff Functions

- */

-#ifndef OPENSSL_NO_RSA

-static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )

-{

-	CHEESE () ;

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);

-		return 0;

-	}

-	/* Do in software if argument is too large for hardware */

-	if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {

-		const RSA_METHOD *meth;

-		meth = RSA_PKCS1_SSLeay();

-		return meth->rsa_mod_exp(r0, i, rsa);

-	} else {

-		zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;

-		if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {

-			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);

-			return 0;

-		}

-		r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;

-		BIGNUM2ZEN ( &x, i ) ;

-		BIGNUM2ZEN ( &y, r0 ) ;

-		BIGNUM2ZEN ( &p, rsa->p ) ;

-		BIGNUM2ZEN ( &q, rsa->q ) ;

-		BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;

-		BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;

-		BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;

-		if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {

-			PERROR("zenbridge_rsa_mod_exp_crt");

-			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);

-			return 0;

-		}

-		return 1;

-	}

-}

-/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).

- */

-static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )

-{

-	CHEESE () ;

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	/* Do in software if argument is too large for hardware */

-	if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {

-		const RSA_METHOD *meth;

-		meth = RSA_PKCS1_SSLeay();

-		return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);

-	} else {

-		zen_nb_t y, x, e, n;

-		if ( !bn_expand(r, BN_num_bits(m)) ) {

-			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);

-			return 0;

-		}

-		r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;

-		BIGNUM2ZEN ( &x, a ) ;

-		BIGNUM2ZEN ( &y, r ) ;

-		BIGNUM2ZEN ( &e, p ) ;

-		BIGNUM2ZEN ( &n, m ) ;

-		if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {

-			PERROR("zenbridge_rsa_mod_exp");

-			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);

-			return 0;

-		}

-		return 1;

-	}

-}

-#endif /* !OPENSSL_NO_RSA */

-#ifndef OPENSSL_NO_DSA

-/* DSA stuff Functions

- */

-static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )

-{

-	zen_nb_t p, q, g, x, y, r, s, data;

-	DSA_SIG *sig;

-	BIGNUM *bn_r = NULL;

-	BIGNUM *bn_s = NULL;

-	char msg[20];

-	CHEESE();

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);

-		goto FAILED;

-	}

-	if ( dlen > 160 ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);

-		goto FAILED;

-	}

-	/* Do in software if argument is too large for hardware */

-	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||

-		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {

-		const DSA_METHOD *meth;

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);

-		meth = DSA_OpenSSL();

-		return meth->dsa_do_sign(dgst, dlen, dsa);

-	}

-	if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);

-		goto FAILED;

-	}

-	if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);

-		goto FAILED;

-	}

-	bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;

-	BIGNUM2ZEN ( &p, dsa->p ) ;

-	BIGNUM2ZEN ( &q, dsa->q ) ;

-	BIGNUM2ZEN ( &g, dsa->g ) ;

-	BIGNUM2ZEN ( &x, dsa->priv_key ) ;

-	BIGNUM2ZEN ( &y, dsa->pub_key ) ;

-	BIGNUM2ZEN ( &r, bn_r ) ;

-	BIGNUM2ZEN ( &s, bn_s ) ;

-	q.len = x.len = 160;

-	ypcmem(msg, dgst, 20);

-	ptr_zencod_init_number ( &data, 160, msg ) ;

-	if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {

-		PERROR("zenbridge_dsa_do_sign");

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);

-		goto FAILED;

-	}

-	if ( !( sig = DSA_SIG_new () ) ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);

-		goto FAILED;

-	}

-	sig->r = bn_r;

-	sig->s = bn_s;

-	return sig;

- FAILED:

-	if (bn_r)

-		BN_free(bn_r);

-	if (bn_s)

-		BN_free(bn_s);

-	return NULL;

-}

-static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )

-{

-	zen_nb_t data, p, q, g, y, r, s, v;

-	char msg[20];

-	char v_data[20];

-	int ret;

-	CHEESE();

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	if ( dlen > 160 ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);

-		return 0;

-	}

-	/* Do in software if argument is too large for hardware */

-	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||

-		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {

-		const DSA_METHOD *meth;

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);

-		meth = DSA_OpenSSL();

-		return meth->dsa_do_verify(dgst, dlen, sig, dsa);

-	}

-	BIGNUM2ZEN ( &p, dsa->p ) ;

-	BIGNUM2ZEN ( &q, dsa->q ) ;

-	BIGNUM2ZEN ( &g, dsa->g ) ;

-	BIGNUM2ZEN ( &y, dsa->pub_key ) ;

-	BIGNUM2ZEN ( &r, sig->r ) ;

-	BIGNUM2ZEN ( &s, sig->s ) ;

-	ptr_zencod_init_number ( &v, 160, v_data ) ;

-	ypcmem(msg, dgst, 20);

-	ptr_zencod_init_number ( &data, 160, msg ) ;

-	if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {

-		PERROR("zenbridge_dsa_do_verify");

-		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);

-		return 0;

-	}

-	return ( ( ret == 0 ) ? 1 : ret ) ;

-}

-static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,

-			     BN_CTX *ctx, BN_MONT_CTX *m_ctx )

-{

-	CHEESE () ;

-	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;

-}

-#endif /* !OPENSSL_NO_DSA */

-#ifndef OPENSSl_NO_DH

-/* DH stuff Functions

- */

-static int DH_zencod_generate_key ( DH *dh )

-{

-	BIGNUM *bn_prv = NULL;

-	BIGNUM *bn_pub = NULL;

-	zen_nb_t y, x, g, p;

-	int generate_x;

-	CHEESE();

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	/* Private key */

-	if ( dh->priv_key ) {

-		bn_prv = dh->priv_key;

-		generate_x = 0;

-	} else {

-		if (!(bn_prv = BN_new())) {

-			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);

-			goto FAILED;

-		}

-		generate_x = 1;

-	}

-	/* Public key */

-	if ( dh->pub_key )

-		bn_pub = dh->pub_key;

-	else

-		if ( !( bn_pub = BN_new () ) ) {

-			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);

-			goto FAILED;

-		}

-	/* Expand */

-	if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||

-	    !bn_wexpand ( bn_pub, dh->p->dmax ) ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);

-		goto FAILED;

-	}

-	bn_prv->top = dh->p->top;

-	bn_pub->top = dh->p->top;

-	/* Convert all keys */

-	BIGNUM2ZEN ( &p, dh->p ) ;

-	BIGNUM2ZEN ( &g, dh->g ) ;

-	BIGNUM2ZEN ( &y, bn_pub ) ;

-	BIGNUM2ZEN ( &x, bn_prv ) ;

-	x.len = DH_size(dh) * 8;

-	/* Adjust the lengths of P and G */

-	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;

-	g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;

-	/* Send the request to the driver */

-	if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {

-		perror("zenbridge_dh_generate_key");

-		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);

-		goto FAILED;

-	}

-	dh->priv_key = bn_prv;

-	dh->pub_key  = bn_pub;

-	return 1;

- FAILED:

-	if (!dh->priv_key && bn_prv)

-		BN_free(bn_prv);

-	if (!dh->pub_key && bn_pub)

-		BN_free(bn_pub);

-	return 0;

-}

-static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )

-{

-	zen_nb_t y, x, p, k;

-	CHEESE();

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	if ( !dh->priv_key ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);

-		return 0;

-	}

-	/* Convert all keys */

-	BIGNUM2ZEN ( &y, pub_key ) ;

-	BIGNUM2ZEN ( &x, dh->priv_key ) ;

-	BIGNUM2ZEN ( &p, dh->p ) ;

-	ptr_zencod_init_number ( &k, p.len, key ) ;

-	/* Adjust the lengths */

-	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;

-	y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;

-	x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;

-	/* Call the hardware */

-	if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);

-		return 0;

-	}

-	/* The key must be written MSB -> LSB */

-	k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;

-	esrever ( key, ZEN_BYTES ( k.len ) ) ;

-	return ZEN_BYTES ( k.len ) ;

-}

-static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx )

-{

-	CHEESE () ;

-	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;

-}

-#endif	/* !OPENSSL_NO_DH */

-/* RAND stuff Functions

- */

-static void RAND_zencod_seed ( const void *buf, int num )

-{

-	/* Nothing to do cause our crypto accelerator provide a true random generator */

-}

-static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )

-{

-	zen_nb_t r;

-	CHEESE();

-	if ( !zencod_dso ) {

-		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);

-		return 0;

-	}

-	ptr_zencod_init_number ( &r, num * 8, buf ) ;

-	if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {

-		PERROR("zenbridge_rand_bytes");

-		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);

-		return 0;

-	}

-	return 1;

-}

-static int RAND_zencod_rand_status ( void )

-{

-	CHEESE () ;

-	return 1;

-}

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library.

- */

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static int bind_fn ( ENGINE *e, const char *id )

-{

-	if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {

-		return 0 ;

-	}

-	if ( !bind_helper ( e ) )  {

-		return 0 ;

-	}

-	return 1 ;

-}

-IMPLEMENT_DYNAMIC_CHECK_FN ()

-IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )

-#endif /* ENGINE_DYNAMIC_SUPPORT */

-/*

- * Adding "Digest" and "Cipher" tools ...

- * This is in development ... ;-)

- * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),

- * and evp, sha md5 definitions etc ...

- */

-/* First add some include ... */

-#include <openssl/evp.h>

-#include <openssl/sha.h>

-#include <openssl/md5.h>

-#include <openssl/rc4.h>

-#include <openssl/des.h>

-/* Some variables declaration ... */

-/* DONS:

- * Disable symetric computation except DES and 3DES, but let part of the code

- */

-/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */

-static int engine_digest_nids [ ] = {  } ;

-static int engine_digest_nids_num = 0 ;

-/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */

-static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;

-static int engine_cipher_nids_num = 2 ;

-/* Function prototype ... */

-/*  SHA stuff */

-static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;

-static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;

-static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;

-/*  MD5 stuff */

-static int engine_md5_init ( EVP_MD_CTX *ctx ) ;

-static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;

-static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;

-static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;

-static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;

-/* RC4 Stuff */

-static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;

-static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;

-/* DES Stuff */

-static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;

-static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;

-/*  3DES Stuff */

-static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;

-static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;

-static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ;	/* cleanup ctx */

-/* The one for SHA ... */

-static const EVP_MD engine_sha1_md =

-{

-	NID_sha1,

-	NID_sha1WithRSAEncryption,

-	SHA_DIGEST_LENGTH,

-	EVP_MD_FLAG_ONESHOT,

-	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block

-				* XXX: set according to device info ... */

-	engine_sha1_init,

-	engine_sha1_update,

-	engine_sha1_final,

-	engine_md_copy,		/* dev_crypto_sha_copy */

-	engine_md_cleanup,		/* dev_crypto_sha_cleanup */

-	EVP_PKEY_RSA_method,

-	SHA_CBLOCK,

-	/* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */

-	sizeof ( ZEN_MD_DATA )

-	/* sizeof ( MD_CTX_DATA )	The message digest data structure ... */

-} ;

-/* The one for MD5 ... */

-static const EVP_MD engine_md5_md =

-{

-	NID_md5,

-	NID_md5WithRSAEncryption,

-	MD5_DIGEST_LENGTH,

-	EVP_MD_FLAG_ONESHOT,

-	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block

-				* XXX: set according to device info ... */

-	engine_md5_init,

-	engine_md5_update,

-	engine_md5_final,

-	engine_md_copy,		/* dev_crypto_md5_copy */

-	engine_md_cleanup,		/* dev_crypto_md5_cleanup */

-	EVP_PKEY_RSA_method,

-	MD5_CBLOCK,

-	/* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */

-	sizeof ( ZEN_MD_DATA )

-	/* sizeof ( MD_CTX_DATA )	The message digest data structure ... */

-} ;

-/* The one for RC4 ... */

-#define EVP_RC4_KEY_SIZE			16

-/* Try something static ... */

-typedef struct

-{

-	unsigned int len ;

-	unsigned int first ;

-	unsigned char rc4_state [ 260 ] ;

-} NEW_ZEN_RC4_KEY ;

-#define rc4_data(ctx)				( (EVP_RC4_KEY *) ( ctx )->cipher_data )

-static const EVP_CIPHER engine_rc4 =

-{

-	NID_rc4,

-	1,

-	16,				/* EVP_RC4_KEY_SIZE should be 128 bits */

-	0,				/* FIXME: key should be up to 256 bytes */

-	EVP_CIPH_VARIABLE_LENGTH,

-	engine_rc4_init_key,

-	engine_rc4_cipher,

-	engine_cipher_cleanup,

-	sizeof ( NEW_ZEN_RC4_KEY ),

-	NULL,

-	NULL,

-	NULL

-} ;

-/* The one for RC4_40 ... */

-static const EVP_CIPHER engine_rc4_40 =

-{

-	NID_rc4_40,

-	1,

-	5,				/* 40 bits */

-	0,

-	EVP_CIPH_VARIABLE_LENGTH,

-	engine_rc4_init_key,

-	engine_rc4_cipher,

-	engine_cipher_cleanup,

-	sizeof ( NEW_ZEN_RC4_KEY ),

-	NULL,

-	NULL,

-	NULL

-} ;

-/* The one for DES ... */

-/* Try something static ... */

-typedef struct

-{

-	unsigned char des_key [ 24 ] ;

-	unsigned char des_iv [ 8 ] ;

-} ZEN_DES_KEY ;

-static const EVP_CIPHER engine_des_cbc =

-	{

-	NID_des_cbc,

-	8, 8, 8,

-	0 | EVP_CIPH_CBC_MODE,

-	engine_des_init_key,

-	engine_des_cbc_cipher,

-	engine_cipher_cleanup,

-	sizeof(ZEN_DES_KEY),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL,

-	NULL

-	};

-/* The one for 3DES ... */

-/* Try something static ... */

-typedef struct

-{

-	unsigned char des3_key [ 24 ] ;

-	unsigned char des3_iv [ 8 ] ;

-} ZEN_3DES_KEY ;

-#define des_data(ctx)				 ( (DES_EDE_KEY *) ( ctx )->cipher_data )

-static const EVP_CIPHER engine_des_ede3_cbc =

-	{

-	NID_des_ede3_cbc,

-	8, 8, 8,

-	0 | EVP_CIPH_CBC_MODE,

-	engine_des_ede3_init_key,

-	engine_des_ede3_cbc_cipher,

-	engine_cipher_cleanup,

-	sizeof(ZEN_3DES_KEY),

-	EVP_CIPHER_set_asn1_iv,

-	EVP_CIPHER_get_asn1_iv,

-	NULL,

-	NULL

-	};

-/* General function cloned on hw_openbsd_dev_crypto one ... */

-static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )

-{

-#ifdef DEBUG_ZENCOD_MD

-	fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;

-#endif

-	if ( !digest ) {

-		/* We are returning a list of supported nids */

-		*nids = engine_digest_nids ;

-		return engine_digest_nids_num ;

-	}

-	/* We are being asked for a specific digest */

-	if ( nid == NID_md5 ) {

-		*digest = &engine_md5_md ;

-	}

-	else if ( nid == NID_sha1 ) {

-		*digest = &engine_sha1_md ;

-	}

-	else {

-		*digest = NULL ;

-		return 0 ;

-	}

-	return 1 ;

-}

-/* SHA stuff Functions

- */

-static int engine_sha1_init ( EVP_MD_CTX *ctx )

-{

-	int to_return = 0 ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;

-	to_return = !to_return ;

-	return to_return ;

-}

-static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )

-{

-	zen_nb_t input ;

-	int to_return = 0 ;

-	/* Convert parameters ... */

-	input.len = count ;

-	input.data = (unsigned char *) data ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;

-	to_return = !to_return ;

-	return to_return ;

-}

-static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )

-{

-	zen_nb_t output ;

-	int to_return = 0 ;

-	/* Convert parameters ... */

-	output.len = SHA_DIGEST_LENGTH ;

-	output.data = md ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;

-	to_return = !to_return ;

-	return to_return ;

-}

-/* MD5 stuff Functions

- */

-static int engine_md5_init ( EVP_MD_CTX *ctx )

-{

-	int to_return = 0 ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;

-	to_return = !to_return ;

-	return to_return ;

-}

-static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )

-{

-	zen_nb_t input ;

-	int to_return = 0 ;

-	/* Convert parameters ... */

-	input.len = count ;

-	input.data = (unsigned char *) data ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;

-	to_return = !to_return ;

-	return to_return ;

-}

-static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )

-{

-	zen_nb_t output ;

-	int to_return = 0 ;

-	/* Convert parameters ... */

-	output.len = MD5_DIGEST_LENGTH ;

-	output.data = md ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;

-	to_return = !to_return ;

-	return to_return ;

-}

-static int engine_md_cleanup ( EVP_MD_CTX *ctx )

-{

-	ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;

-	if ( zen_md_data->HashBuffer != NULL ) {

-		OPENSSL_free ( zen_md_data->HashBuffer ) ;

-		zen_md_data->HashBufferSize = 0 ;

-		ctx->md_data = NULL ;

-	}

-	return 1 ;

-}

-static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )

-{

-	const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;

-	ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;

-	to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;

-	memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;

-	return 1;

-}

-/* General function cloned on hw_openbsd_dev_crypto one ... */

-static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )

-{

-	if ( !cipher ) {

-		/* We are returning a list of supported nids */

-		*nids = engine_cipher_nids ;

-		return engine_cipher_nids_num ;

-	}

-	/* We are being asked for a specific cipher */

-	if ( nid == NID_rc4 ) {

-		*cipher = &engine_rc4 ;

-	}

-	else if ( nid == NID_rc4_40 ) {

-		*cipher = &engine_rc4_40 ;

-	}

-	else if ( nid == NID_des_cbc ) {

-		*cipher = &engine_des_cbc ;

-	}

-	else if ( nid == NID_des_ede3_cbc ) {

-		*cipher = &engine_des_ede3_cbc ;

-	}

-	else {

-		*cipher = NULL ;

-		return 0 ;

-	}

-	return 1 ;

-}

-static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )

-{

-	int to_return = 0 ;

-	int i = 0 ;

-	int nb = 0 ;

-	NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;

-	tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;

-	tmp_rc4_key->first = 0 ;

-	tmp_rc4_key->len = ctx->key_len ;

-	tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;

-	tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;

-	nb = 256 / ctx->key_len ;

-	for ( i = 0; i < nb ; i++ ) {

-		memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;

-	}

-	to_return = 1 ;

-	return to_return ;

-}

-static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )

-{

-	zen_nb_t output, input ;

-	zen_nb_t rc4key ;

-	int to_return = 0 ;

-	NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;

-	/* Convert parameters ... */

-	input.len = in_len ;

-	input.data = (unsigned char *) in ;

-	output.len = in_len ;

-	output.data = (unsigned char *) out ;

-	tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;

-	rc4key.len = 260 ;

-	rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;

-	to_return = !to_return ;

-	/* Update encryption state ... */

-	tmp_rc4_key->first = 1 ;

-	tmp_rc4_key = NULL ;

-	return to_return ;

-}

-static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )

-{

-	ZEN_DES_KEY *tmp_des_key = NULL ;

-	int to_return = 0 ;

-	tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;

-	memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;

-	memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;

-	memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;

-	memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;

-	to_return = 1 ;

-	return to_return ;

-}

-static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )

-{

-	zen_nb_t output, input ;

-	zen_nb_t deskey_1, deskey_2, deskey_3, iv ;

-	int to_return = 0 ;

-	/* Convert parameters ... */

-	input.len = inl ;

-	input.data = (unsigned char *) in ;

-	output.len = inl ;

-	output.data = out ;

-	/* Set key parameters ... */

-	deskey_1.len = 8 ;

-	deskey_2.len = 8 ;

-	deskey_3.len = 8 ;

-	deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;

-	deskey_2.data =  (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;

-	deskey_3.data =  (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;

-	/* Key correct iv ... */

-	memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;

-	iv.len = 8 ;

-	iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;

-	if ( ctx->encrypt == 0 ) {

-		memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;

-	}

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_xdes_cipher ( &output, &input,

-			(zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;

-	to_return = !to_return ;

-	/* But we need to set up the rigth iv ...

-	 * Test ENCRYPT or DECRYPT mode to set iv ... */

-	if ( ctx->encrypt == 1 ) {

-		memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;

-	}

-	return to_return ;

-}

-static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )

-{

-	ZEN_3DES_KEY *tmp_3des_key = NULL ;

-	int to_return = 0 ;

-	tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;

-	memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;

-	memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;

-	to_return = 1;

-	return to_return ;

-}

-static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,

-	unsigned int in_len )

-{

-	zen_nb_t output, input ;

-	zen_nb_t deskey_1, deskey_2, deskey_3, iv ;

-	int to_return = 0 ;

-	/* Convert parameters ... */

-	input.len = in_len ;

-	input.data = (unsigned char *) in ;

-	output.len = in_len ;

-	output.data = out ;

-	/* Set key ... */

-	deskey_1.len = 8 ;

-	deskey_2.len = 8 ;

-	deskey_3.len = 8 ;

-	deskey_1.data =  (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;

-	deskey_2.data =  (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;

-	deskey_3.data =  (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;

-	/* Key correct iv ... */

-	memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;

-	iv.len = 8 ;

-	iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;

-	if ( ctx->encrypt == 0 ) {

-		memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;

-	}

-	/* Test with zenbridge library ... */

-	to_return = ptr_zencod_xdes_cipher ( &output, &input,

-			(zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;

-	to_return = !to_return ;

-	if ( ctx->encrypt == 1 ) {

-		memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;

-	}

-	return to_return ;

-}

-static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )

-{

-	/* Set the key pointer ... */

-	if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {

-	}

-	else if ( ctx->cipher->nid == NID_des_cbc ) {

-	}

-	else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {

-	}

-	return 1 ;

-}

-#endif /* !OPENSSL_NO_HW_ZENCOD */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/demos/engines/zencod/hw_zencod.ec

+++ /dev/null

@@ -1,8 +1,0 @@

-# configuration file for util/mkerr.pl

-#

-# use like this:

-#

-#	perl ../../../util/mkerr.pl -conf hw_zencod.ec \

-#		-nostatic -staticloader -write *.c

-L ZENCOD	hw_zencod_err.h			hw_zencod_err.c

--- a/sys/src/ape/lib/openssl/demos/engines/zencod/hw_zencod.h

+++ /dev/null

@@ -1,160 +1,0 @@

-/* File : /crypto/engine/vendor_defns/hw_zencod.h */

-/* ====================================================================

- * Written by Donnat Frederic ([email protected]) from ZENCOD

- * for "zencod" ENGINE integration in OpenSSL project.

- */

- #ifndef	_HW_ZENCOD_H_

-#define	_HW_ZENCOD_H_

-#include <stdio.h>

-#ifdef	__cplusplus

-extern "C" {

-#endif	/* __cplusplus */

-#define ZENBRIDGE_MAX_KEYSIZE_RSA	2048

-#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT	1024

-#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN	1024

-#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY	1024

-/* Library version computation */

-#define	ZENBRIDGE_VERSION_MAJOR(x)	(((x) >> 16) | 0xff)

-#define	ZENBRIDGE_VERSION_MINOR(x)	(((x) >>  8) | 0xff)

-#define	ZENBRIDGE_VERSION_PATCH(x)	(((x) >>  0) | 0xff)

-#define	ZENBRIDGE_VERSION(x, y, z)		((x) << 16 | (y) << 8 | (z))

-/*

- * Memory type

- */

-typedef struct zencod_number_s {

-	unsigned long len;

-	unsigned char *data;

-} zen_nb_t;

-#define KEY	zen_nb_t

-/*

- * Misc

- */

-typedef int t_zencod_lib_version (void);

-typedef int t_zencod_hw_version (void);

-typedef int t_zencod_test (void);

-typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);

-/*

- * Key management tools

- */

-typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);

-typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);

-typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);

-typedef unsigned long t_zencod_bits2bytes (unsigned long bits);

-/*

- * RSA API

- */

-/* Compute modular exponential : y = x**e | n */

-typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);

-/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */

-typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,

-					KEY *edp, KEY *edq, KEY *qinv);

-/*

- * DSA API

- */

-typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,

-				    KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);

-typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,

-				      KEY *p, KEY *q, KEY *g, KEY *y,

-				      KEY *r, KEY *s, KEY *v);

-/*

- * DH API

- */

- /* Key generation : compute public value y = g**x | n */

-typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);

-typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);

-/*

- * RNG API

- */

-#define ZENBRIDGE_RNG_DIRECT		0

-#define ZENBRIDGE_RNG_SHA1		1

-typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);

-/*

- * Math API

- */

-typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);

-/*

- * Symetric API

- */

-/* Define a data structure for digests operations */

-typedef struct ZEN_data_st

-{

-	unsigned int HashBufferSize ;

-	unsigned char *HashBuffer ;

-} ZEN_MD_DATA ;

-/*

- * Functions for Digest (MD5, SHA1) stuff

- */

-/* output : output data buffer */

-/* input : input data buffer */

-/* algo : hash algorithm, MD5 or SHA1 */

-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;

- * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;

- */

-/* For now separate this stuff that mad it easier to test */

-typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;

-typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;

-typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;

-typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;

-typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;

-typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;

-/*

- * Functions for Cipher (RC4, DES, 3DES) stuff

- */

-/* output : output data buffer */

-/* input : input data buffer */

-/* key : rc4 key data */

-/* index_1 : value of index x from RC4 key structure */

-/* index_2 : value of index y from RC4 key structure */

-/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */

-typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,

-		unsigned char *index_1, unsigned char *index_2, int mode ) ;

-/* output : output data buffer */

-/* input : input data buffer */

-/* key_1 : des first key data */

-/* key_2 : des second key data */

-/* key_3 : des third key data */

-/* iv : initial vector */

-/* mode : xdes mode (encrypt or decrypt) */

-/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */

-typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,

-		const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;

-#undef KEY

-#ifdef	__cplusplus

-}

-#endif	/* __cplusplus */

-#endif	/* !_HW_ZENCOD_H_ */

--- a/sys/src/ape/lib/openssl/demos/engines/zencod/hw_zencod_err.c

+++ /dev/null

@@ -1,151 +1,0 @@

-/* hw_zencod_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "hw_zencod_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-static ERR_STRING_DATA ZENCOD_str_functs[]=

-	{

-{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0),	"ZENCOD_BN_MOD_EXP"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0),	"ZENCOD_CTRL"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0),	"ZENCOD_DH_COMPUTE"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0),	"ZENCOD_DH_GENERATE"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0),	"ZENCOD_DSA_DO_SIGN"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0),	"ZENCOD_DSA_DO_VERIFY"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0),	"ZENCOD_FINISH"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0),	"ZENCOD_INIT"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0),	"ZENCOD_RAND"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0),	"ZENCOD_RSA_MOD_EXP"},

-{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0),	"ZENCOD_RSA_MOD_EXP_CRT"},

-{0,NULL}

-	};

-static ERR_STRING_DATA ZENCOD_str_reasons[]=

-	{

-{ZENCOD_R_ALREADY_LOADED                 ,"already loaded"},

-{ZENCOD_R_BAD_KEY_COMPONENTS             ,"bad key components"},

-{ZENCOD_R_BN_EXPAND_FAIL                 ,"bn expand fail"},

-{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},

-{ZENCOD_R_DSO_FAILURE                    ,"dso failure"},

-{ZENCOD_R_NOT_LOADED                     ,"not loaded"},

-{ZENCOD_R_REQUEST_FAILED                 ,"request failed"},

-{ZENCOD_R_UNIT_FAILURE                   ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef ZENCOD_LIB_NAME

-static ERR_STRING_DATA ZENCOD_lib_name[]=

-        {

-{0	,ZENCOD_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int ZENCOD_lib_error_code=0;

-static int ZENCOD_error_init=1;

-static void ERR_load_ZENCOD_strings(void)

-	{

-	if (ZENCOD_lib_error_code == 0)

-		ZENCOD_lib_error_code=ERR_get_next_error_library();

-	if (ZENCOD_error_init)

-		{

-		ZENCOD_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);

-		ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);

-#endif

-#ifdef ZENCOD_LIB_NAME

-		ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);

-		ERR_load_strings(0,ZENCOD_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_ZENCOD_strings(void)

-	{

-	if (ZENCOD_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);

-		ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);

-#endif

-#ifdef ZENCOD_LIB_NAME

-		ERR_unload_strings(0,ZENCOD_lib_name);

-#endif

-		ZENCOD_error_init=1;

-		}

-	}

-static void ERR_ZENCOD_error(int function, int reason, char *file, int line)

-	{

-	if (ZENCOD_lib_error_code == 0)

-		ZENCOD_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/demos/engines/zencod/hw_zencod_err.h

+++ /dev/null

@@ -1,95 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ZENCOD_ERR_H

-#define HEADER_ZENCOD_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_ZENCOD_strings(void);

-static void ERR_unload_ZENCOD_strings(void);

-static void ERR_ZENCOD_error(int function, int reason, char *file, int line);

-#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the ZENCOD functions. */

-/* Function codes. */

-#define ZENCOD_F_ZENCOD_BN_MOD_EXP			 100

-#define ZENCOD_F_ZENCOD_CTRL				 101

-#define ZENCOD_F_ZENCOD_DH_COMPUTE			 102

-#define ZENCOD_F_ZENCOD_DH_GENERATE			 103

-#define ZENCOD_F_ZENCOD_DSA_DO_SIGN			 104

-#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY			 105

-#define ZENCOD_F_ZENCOD_FINISH				 106

-#define ZENCOD_F_ZENCOD_INIT				 107

-#define ZENCOD_F_ZENCOD_RAND				 108

-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP			 109

-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT			 110

-/* Reason codes. */

-#define ZENCOD_R_ALREADY_LOADED				 100

-#define ZENCOD_R_BAD_KEY_COMPONENTS			 101

-#define ZENCOD_R_BN_EXPAND_FAIL				 102

-#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define ZENCOD_R_DSO_FAILURE				 104

-#define ZENCOD_R_NOT_LOADED				 105

-#define ZENCOD_R_REQUEST_FAILED				 106

-#define ZENCOD_R_UNIT_FAILURE				 107

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/demos/maurice/Makefile

+++ /dev/null

@@ -1,59 +1,0 @@

-CC=cc

-CFLAGS= -g -I../../include -Wall

-LIBS=  -L../.. -lcrypto

-EXAMPLES=example1 example2 example3 example4

-all: $(EXAMPLES)

-example1: example1.o loadkeys.o

-	$(CC) -o example1 example1.o loadkeys.o $(LIBS)

-example2: example2.o loadkeys.o

-	$(CC) -o example2 example2.o loadkeys.o $(LIBS)

-example3: example3.o

-	$(CC) -o example3 example3.o $(LIBS)

-example4: example4.o

-	$(CC) -o example4 example4.o $(LIBS)

-clean:

-	rm -f $(EXAMPLES) *.o

-test: all

-	@echo

-	@echo Example 1 Demonstrates the sealing and opening APIs

-	@echo Doing the encrypt side...

-	./example1 <README >t.t

-	@echo Doing the decrypt side...

-	./example1 -d <t.t >t.2

-	diff t.2 README

-	rm -f t.t t.2

-	@echo  example1 is OK

-	@echo

-	@echo Example2 Demonstrates rsa encryption and decryption

-	@echo   and it should just print \"This the clear text\"

-	./example2

-	@echo

-	@echo Example3 Demonstrates the use of symmetric block ciphers

-	@echo in this case it uses EVP_des_ede3_cbc

-	@echo i.e. triple DES in Cipher Block Chaining mode

-	@echo Doing the encrypt side...

-	./example3 ThisIsThePassword <README >t.t

-	@echo Doing the decrypt side...

-	./example3 -d ThisIsThePassword <t.t >t.2

-	diff t.2 README

-	rm -f t.t t.2

-	@echo  example3 is OK

-	@echo

-	@echo Example4 Demonstrates base64 encoding and decoding

-	@echo Doing the encrypt side...

-	./example4 <README >t.t

-	@echo Doing the decrypt side...

-	./example4 -d <t.t >t.2

-	diff t.2 README

-	rm -f t.t t.2

-	@echo example4 is OK

--- a/sys/src/ape/lib/openssl/demos/maurice/README

+++ /dev/null

@@ -1,34 +1,0 @@

-From Maurice Gittens <[email protected]>

-	Example programs, demonstrating some basic SSLeay crypto library

-	operations, to help you not to make the same mistakes I did.

-	The following files are present.

-	- loadkeys.c 	Demonstrates the loading and of public and

-			private keys.

-	- loadkeys.h   	The interface for loadkeys.c

-	- example1.c    Demonstrates the sealing and opening API's

-	- example2.c  	Demonstrates rsa encryption and decryption

-	- example3.c    Demonstrates the use of symmetric block ciphers

-	- example4.c	Demonstrates base64 and decoding

-	- Makefile	A makefile you probably will have to adjust for

-			your environment

-	- README	this file

-	The programs were written by Maurice Gittens <[email protected]>

-	with the necesary help from Eric Young <[email protected]>

-	You may do as you please with these programs, but please don't

-	pretend that you wrote them.

-	To be complete: If you use these programs you acknowlegde that

-	you are aware that there is NO warranty of any kind associated

-	with these programs. I don't even claim that the programs work,

-	they are provided AS-IS.

- 	January 1997

-	Maurice

--- a/sys/src/ape/lib/openssl/demos/maurice/cert.pem

+++ /dev/null

@@ -1,77 +1,0 @@

-issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/[email protected]

-subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/[email protected]

-serial :01

-Certificate:

-    Data:

-        Version: 0 (0x0)

-        Serial Number: 1 (0x1)

-        Signature Algorithm: md5withRSAEncryption

-        Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/[email protected]

-        Validity

-            Not Before: Jan  5 13:21:16 1997 GMT

-            Not After : Jul 24 13:21:16 1997 GMT

-        Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-                Modulus:

-                    00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:

-                    82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:

-                    71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:

-                    f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:

-                    62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:

-                    78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:

-                    81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:

-                    1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:

-                    b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:

-                    64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:

-                    d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:

-                    2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:

-                    e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:

-                    e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:

-                    8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:

-                    d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:

-                    d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:

-                    20:f9

-                Exponent: 65537 (0x10001)

-    Signature Algorithm: md5withRSAEncryption

-        93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:

-        4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:

-        9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:

-        87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:

-        a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:

-        0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:

-        b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:

-        c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:

-        fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:

-        4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:

-        72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:

-        c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:

-        60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:

-        a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:

-        28:ba:d8:4f

------BEGIN CERTIFICATE-----

-MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD

-VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl

-bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0

-aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB

-FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx

-NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH

-aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm

-aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG

-SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP

-ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6

-RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB

-ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm

-ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S

-/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB

-R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC

-AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j

-eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2

-5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25

-uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do

-fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M

-A6fxn/gOjbvGundh946+KLrYTw==

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/demos/maurice/example1.c

+++ /dev/null

@@ -1,198 +1,0 @@

-/* NOCW */

-/*

-	Please read the README file for condition of use, before

-	using this software.

-	Maurice Gittens  <[email protected]>   January 1997

-*/

-#include <unistd.h>

-#include <stdio.h>

-#include <netinet/in.h>

-#include <fcntl.h>

-#include <strings.h>

-#include <stdlib.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#include "loadkeys.h"

-#define PUBFILE   "cert.pem"

-#define PRIVFILE  "privkey.pem"

-#define STDIN     0

-#define STDOUT    1

-void main_encrypt(void);

-void main_decrypt(void);

-static const char *usage = "Usage: example1 [-d]\n";

-int main(int argc, char *argv[])

-{

-        ERR_load_crypto_strings();

-	if ((argc == 1))

-	{

-		main_encrypt();

-	}

-	else if ((argc == 2) && !strcmp(argv[1],"-d"))

-	{

-		main_decrypt();

-	}

-	else

-	{

-		printf("%s",usage);

-		exit(1);

-	}

-	return 0;

-}

-void main_encrypt(void)

-{

-	unsigned int ebuflen;

-        EVP_CIPHER_CTX ectx;

-        unsigned char iv[EVP_MAX_IV_LENGTH];

-	unsigned char *ekey[1];

-	int readlen;

-	int ekeylen, net_ekeylen;

-	EVP_PKEY *pubKey[1];

-	char buf[512];

-	char ebuf[512];

- 	memset(iv, '\0', sizeof(iv));

-        pubKey[0] = ReadPublicKey(PUBFILE);

-	if(!pubKey[0])

-	{

-           fprintf(stderr,"Error: can't load public key");

-           exit(1);

-        }

-        ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));

-        if (!ekey[0])

-	{

-	   EVP_PKEY_free(pubKey[0]);

-	   perror("malloc");

-	   exit(1);

-	}

-	EVP_SealInit(&ectx,

-                   EVP_des_ede3_cbc(),

-		   ekey,

-		   &ekeylen,

-		   iv,

-		   pubKey,

-		   1);

-	net_ekeylen = htonl(ekeylen);

-	write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));

-        write(STDOUT, ekey[0], ekeylen);

-        write(STDOUT, iv, sizeof(iv));

-	while(1)

-	{

-		readlen = read(STDIN, buf, sizeof(buf));

-		if (readlen <= 0)

-		{

-		   if (readlen < 0)

-			perror("read");

-		   break;

-		}

-		EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);

-		write(STDOUT, ebuf, ebuflen);

-	}

-        EVP_SealFinal(&ectx, ebuf, &ebuflen);

-	write(STDOUT, ebuf, ebuflen);

-        EVP_PKEY_free(pubKey[0]);

-	free(ekey[0]);

-}

-void main_decrypt(void)

-{

-	char buf[520];

-	char ebuf[512];

-	unsigned int buflen;

-        EVP_CIPHER_CTX ectx;

-        unsigned char iv[EVP_MAX_IV_LENGTH];

-	unsigned char *encryptKey;

-	unsigned int ekeylen;

-	EVP_PKEY *privateKey;

-	memset(iv, '\0', sizeof(iv));

-	privateKey = ReadPrivateKey(PRIVFILE);

-	if (!privateKey)

-	{

-		fprintf(stderr, "Error: can't load private key");

-		exit(1);

-	}

-     	read(STDIN, &ekeylen, sizeof(ekeylen));

-	ekeylen = ntohl(ekeylen);

-	if (ekeylen != EVP_PKEY_size(privateKey))

-	{

-        	EVP_PKEY_free(privateKey);

-		fprintf(stderr, "keylength mismatch");

-		exit(1);

-	}

-	encryptKey = malloc(sizeof(char) * ekeylen);

-	if (!encryptKey)

-	{

-        	EVP_PKEY_free(privateKey);

-		perror("malloc");

-		exit(1);

-	}

-	read(STDIN, encryptKey, ekeylen);

-	read(STDIN, iv, sizeof(iv));

-	EVP_OpenInit(&ectx,

-		   EVP_des_ede3_cbc(),

-		   encryptKey,

-		   ekeylen,

-		   iv,

-		   privateKey);

-	while(1)

-	{

-		int readlen = read(STDIN, ebuf, sizeof(ebuf));

-		if (readlen <= 0)

-		{

-			if (readlen < 0)

-				perror("read");

-			break;

-		}

-		EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);

-		write(STDOUT, buf, buflen);

-	}

-        EVP_OpenFinal(&ectx, buf, &buflen);

-	write(STDOUT, buf, buflen);

-        EVP_PKEY_free(privateKey);

-	free(encryptKey);

-}

--- a/sys/src/ape/lib/openssl/demos/maurice/example2.c

+++ /dev/null

@@ -1,75 +1,0 @@

-/* NOCW */

-/*

-        Please read the README file for condition of use, before

-        using this software.

-        Maurice Gittens  <[email protected]>   January 1997

-*/

-#include <stdlib.h>

-#include <stdio.h>

-#include <strings.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#include "loadkeys.h"

-#define PUBFILE   "cert.pem"

-#define PRIVFILE  "privkey.pem"

-#define STDIN     0

-#define STDOUT    1

-int main()

-{

-        char *ct = "This the clear text";

-	char *buf;

-	char *buf2;

-  	EVP_PKEY *pubKey;

-  	EVP_PKEY *privKey;

-	int len;

-        ERR_load_crypto_strings();

-        privKey = ReadPrivateKey(PRIVFILE);

-        if (!privKey)

-	{

-		ERR_print_errors_fp (stderr);

-		exit (1);

-	}

-        pubKey = ReadPublicKey(PUBFILE);

-	if(!pubKey)

-	{

-	   EVP_PKEY_free(privKey);

-           fprintf(stderr,"Error: can't load public key");

-	   exit(1);

-	}

-	/* No error checking */

-        buf = malloc(EVP_PKEY_size(pubKey));

-        buf2 = malloc(EVP_PKEY_size(pubKey));

-	len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);

-	if (len != EVP_PKEY_size(pubKey))

-	{

-	    fprintf(stderr,"Error: ciphertext should match length of key\n");

-	    exit(1);

-	}

-	RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);

-	printf("%s\n", buf2);

-	EVP_PKEY_free(privKey);

-	EVP_PKEY_free(pubKey);

-	free(buf);

-	free(buf2);

-        return 0;

-}

--- a/sys/src/ape/lib/openssl/demos/maurice/example3.c

+++ /dev/null

@@ -1,87 +1,0 @@

-/* NOCW */

-/*

-        Please read the README file for condition of use, before

-        using this software.

-        Maurice Gittens  <[email protected]>   January 1997

-*/

-#include <stdio.h>

-#include <unistd.h>

-#include <fcntl.h>

-#include <sys/stat.h>

-#include <openssl/evp.h>

-#define STDIN     	0

-#define STDOUT    	1

-#define BUFLEN	  	512

-#define INIT_VECTOR 	"12345678"

-#define ENCRYPT		1

-#define DECRYPT         0

-#define ALG		EVP_des_ede3_cbc()

-static const char *usage = "Usage: example3 [-d] password\n";

-void do_cipher(char *,int);

-int main(int argc, char *argv[])

-{

-	if ((argc == 2))

-	{

-		do_cipher(argv[1],ENCRYPT);

-	}

-	else if ((argc == 3) && !strcmp(argv[1],"-d"))

-	{

-		do_cipher(argv[2],DECRYPT);

-	}

-	else

-	{

-		fprintf(stderr,"%s", usage);

-		exit(1);

-	}

-	return 0;

-}

-void do_cipher(char *pw, int operation)

-{

-	char buf[BUFLEN];

-	char ebuf[BUFLEN + 8];

-	unsigned int ebuflen; /* rc; */

-        unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];

-	/* unsigned int ekeylen, net_ekeylen;  */

-	EVP_CIPHER_CTX ectx;

-	memcpy(iv, INIT_VECTOR, sizeof(iv));

-	EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);

-	EVP_CIPHER_CTX_init(&ectx);

-	EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);

-	while(1)

-	{

-		int readlen = read(STDIN, buf, sizeof(buf));

-		if (readlen <= 0)

-		{

-			if (!readlen)

-			   break;

-			else

-			{

-				perror("read");

-				exit(1);

-			}

-		}

-		EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen);

-		write(STDOUT, ebuf, ebuflen);

-	}

-        EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen);

-	EVP_CIPHER_CTX_cleanup(&ectx);

-	write(STDOUT, ebuf, ebuflen);

-}

--- a/sys/src/ape/lib/openssl/demos/maurice/example4.c

+++ /dev/null

@@ -1,123 +1,0 @@

-/* NOCW */

-/*

-        Please read the README file for condition of use, before

-        using this software.

-        Maurice Gittens  <[email protected]>   January 1997

-*/

-#include <stdio.h>

-#include <unistd.h>

-#include <fcntl.h>

-#include <sys/stat.h>

-#include <openssl/evp.h>

-#define STDIN     	0

-#define STDOUT    	1

-#define BUFLEN	  	512

-static const char *usage = "Usage: example4 [-d]\n";

-void do_encode(void);

-void do_decode(void);

-int main(int argc, char *argv[])

-{

-	if ((argc == 1))

-	{

-		do_encode();

-	}

-	else if ((argc == 2) && !strcmp(argv[1],"-d"))

-	{

-		do_decode();

-	}

-	else

-	{

-		fprintf(stderr,"%s", usage);

-		exit(1);

-	}

-	return 0;

-}

-void do_encode()

-{

-	char buf[BUFLEN];

-	char ebuf[BUFLEN+24];

-	unsigned int ebuflen;

-	EVP_ENCODE_CTX ectx;

-	EVP_EncodeInit(&ectx);

-	while(1)

-	{

-		int readlen = read(STDIN, buf, sizeof(buf));

-		if (readlen <= 0)

-		{

-			if (!readlen)

-			   break;

-			else

-			{

-				perror("read");

-				exit(1);

-			}

-		}

-		EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);

-		write(STDOUT, ebuf, ebuflen);

-	}

-        EVP_EncodeFinal(&ectx, ebuf, &ebuflen);

-	write(STDOUT, ebuf, ebuflen);

-}

-void do_decode()

-{

- 	char buf[BUFLEN];

- 	char ebuf[BUFLEN+24];

-	unsigned int ebuflen;

-	EVP_ENCODE_CTX ectx;

-	EVP_DecodeInit(&ectx);

-	while(1)

-	{

-		int readlen = read(STDIN, buf, sizeof(buf));

-		int rc;

-		if (readlen <= 0)

-		{

-			if (!readlen)

-			   break;

-			else

-			{

-				perror("read");

-				exit(1);

-			}

-		}

-		rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);

-		if (rc <= 0)

-		{

-			if (!rc)

-			{

-				write(STDOUT, ebuf, ebuflen);

-				break;

-			}

-			fprintf(stderr, "Error: decoding message\n");

-			return;

-		}

-		write(STDOUT, ebuf, ebuflen);

-	}

-        EVP_DecodeFinal(&ectx, ebuf, &ebuflen);

-	write(STDOUT, ebuf, ebuflen);

-}

--- a/sys/src/ape/lib/openssl/demos/maurice/loadkeys.c

+++ /dev/null

@@ -1,72 +1,0 @@

-/* NOCW */

-/*

-        Please read the README file for condition of use, before

-        using this software.

-        Maurice Gittens  <[email protected]>   January 1997

-*/

-#include <unistd.h>

-#include <stdio.h>

-#include <netinet/in.h>

-#include <fcntl.h>

-#include <strings.h>

-#include <stdlib.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-EVP_PKEY * ReadPublicKey(const char *certfile)

-{

-  FILE *fp = fopen (certfile, "r");

-  X509 *x509;

-  EVP_PKEY *pkey;

-  if (!fp)

-     return NULL;

-  x509 = PEM_read_X509(fp, NULL, 0, NULL);

-  if (x509 == NULL)

-  {

-     ERR_print_errors_fp (stderr);

-     return NULL;

-  }

-  fclose (fp);

-  pkey=X509_extract_key(x509);

-  X509_free(x509);

-  if (pkey == NULL)

-     ERR_print_errors_fp (stderr);

-  return pkey;

-}

-EVP_PKEY *ReadPrivateKey(const char *keyfile)

-{

-	FILE *fp = fopen(keyfile, "r");

-	EVP_PKEY *pkey;

-	if (!fp)

-		return NULL;

-	pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);

-	fclose (fp);

-  	if (pkey == NULL)

-		ERR_print_errors_fp (stderr);

-	return pkey;

-}

--- a/sys/src/ape/lib/openssl/demos/maurice/loadkeys.h

+++ /dev/null

@@ -1,19 +1,0 @@

-/* NOCW */

-/*

-        Please read the README file for condition of use, before

-        using this software.

-        Maurice Gittens  <[email protected]>   January 1997

-*/

-#ifndef LOADKEYS_H_SEEN

-#define LOADKEYS_H_SEEN

-#include <openssl/evp.h>

-EVP_PKEY * ReadPublicKey(const char *certfile);

-EVP_PKEY *ReadPrivateKey(const char *keyfile);

-#endif

--- a/sys/src/ape/lib/openssl/demos/maurice/privkey.pem

+++ /dev/null

@@ -1,27 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0

-zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7//

-wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+

-QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp

-7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq

-cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g

-Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh

-rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb

-uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll

-e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor

-XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl

-7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS

-bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW

-Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y

-nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA

-Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK

-mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE

-poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5

-a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF

-E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL

-oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q

-JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX

-LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno

-KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj

-V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA==

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/demos/pkcs12/README

+++ /dev/null

@@ -1,3 +1,0 @@

-PKCS#12 demo applications

-Written by Steve Henson.

--- a/sys/src/ape/lib/openssl/demos/pkcs12/pkread.c

+++ /dev/null

@@ -1,61 +1,0 @@

-/* pkread.c */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include <openssl/pkcs12.h>

-/* Simple PKCS#12 file reader */

-int main(int argc, char **argv)

-{

-	FILE *fp;

-	EVP_PKEY *pkey;

-	X509 *cert;

-	STACK_OF(X509) *ca = NULL;

-	PKCS12 *p12;

-	int i;

-	if (argc != 4) {

-		fprintf(stderr, "Usage: pkread p12file password opfile\n");

-		exit (1);

-	}

-	SSLeay_add_all_algorithms();

-	ERR_load_crypto_strings();

-	if (!(fp = fopen(argv[1], "rb"))) {

-		fprintf(stderr, "Error opening file %s\n", argv[1]);

-		exit(1);

-	}

-	p12 = d2i_PKCS12_fp(fp, NULL);

-	fclose (fp);

-	if (!p12) {

-		fprintf(stderr, "Error reading PKCS#12 file\n");

-		ERR_print_errors_fp(stderr);

-		exit (1);

-	}

-	if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {

-		fprintf(stderr, "Error parsing PKCS#12 file\n");

-		ERR_print_errors_fp(stderr);

-		exit (1);

-	}

-	PKCS12_free(p12);

-	if (!(fp = fopen(argv[3], "w"))) {

-		fprintf(stderr, "Error opening file %s\n", argv[1]);

-		exit(1);

-	}

-	if (pkey) {

-		fprintf(fp, "***Private Key***\n");

-		PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);

-	}

-	if (cert) {

-		fprintf(fp, "***User Certificate***\n");

-		PEM_write_X509_AUX(fp, cert);

-	}

-	if (ca && sk_num(ca)) {

-		fprintf(fp, "***Other Certificates***\n");

-		for (i = 0; i < sk_X509_num(ca); i++)

-		    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));

-	}

-	fclose(fp);

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/demos/pkcs12/pkwrite.c

+++ /dev/null

@@ -1,46 +1,0 @@

-/* pkwrite.c */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/pem.h>

-#include <openssl/err.h>

-#include <openssl/pkcs12.h>

-/* Simple PKCS#12 file creator */

-int main(int argc, char **argv)

-{

-	FILE *fp;

-	EVP_PKEY *pkey;

-	X509 *cert;

-	PKCS12 *p12;

-	if (argc != 5) {

-		fprintf(stderr, "Usage: pkwrite infile password name p12file\n");

-		exit(1);

-	}

-	SSLeay_add_all_algorithms();

-	ERR_load_crypto_strings();

-	if (!(fp = fopen(argv[1], "r"))) {

-		fprintf(stderr, "Error opening file %s\n", argv[1]);

-		exit(1);

-	}

-	cert = PEM_read_X509(fp, NULL, NULL, NULL);

-	rewind(fp);

-	pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);

-	fclose(fp);

-	p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);

-	if(!p12) {

-		fprintf(stderr, "Error creating PKCS#12 structure\n");

-		ERR_print_errors_fp(stderr);

-		exit(1);

-	}

-	if (!(fp = fopen(argv[4], "wb"))) {

-		fprintf(stderr, "Error opening file %s\n", argv[1]);

-		ERR_print_errors_fp(stderr);

-		exit(1);

-	}

-	i2d_PKCS12_fp(fp, p12);

-	PKCS12_free(p12);

-	fclose(fp);

-	return 0;

-}

--- a/sys/src/ape/lib/openssl/demos/prime/Makefile

+++ /dev/null

@@ -1,20 +1,0 @@

-CC=cc

-CFLAGS= -g -I../../include -Wall

-LIBS=  -L../.. -lcrypto

-EXAMPLES=prime

-all: $(EXAMPLES)

-prime: prime.o

-	$(CC) -o prime prime.o $(LIBS)

-clean:

-	rm -f $(EXAMPLES) *.o

-test: all

-	@echo Test creating a 128-bit prime

-	./prime 128

-	@echo Test creating a 256-bit prime

-	./prime 256

-	@echo Test creating a 512-bit prime

-	./prime 512

--- a/sys/src/ape/lib/openssl/demos/prime/prime.c

+++ /dev/null

@@ -1,101 +1,0 @@

-/* demos/prime/prime.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/bn.h>

-void callback(type,num)

-int type,num;

-	{

-	if (type == 0)

-		fprintf(stderr,".");

-	else if (type == 1)

-		fprintf(stderr,"+");

-	else if (type == 2)

-		fprintf(stderr,"*");

-	fflush(stderr);

-	}

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	BIGNUM *rand;

-	int num=256;

-	/* we should really call RAND_seed(char *bytes,int num);

-	 * to fully initalise the random number generator */

-	if (argc >= 2)

-		{

-		num=atoi(argv[1]);

-		if (num == 0) num=256;

-		}

-	fprintf(stderr,"generate a strong prime\n");

-        rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);

-	/* change the third parameter to 1 for a strong prime */

-	fprintf(stderr,"\n");

-	BN_print_fp(stdout,rand);

-	fprintf(stdout,"\n");

-	BN_free(rand);

-	exit(0);

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/demos/privkey.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu

-4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/

-F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs

-JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd

-SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl

-b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA

-nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/demos/selfsign.c

+++ /dev/null

@@ -1,180 +1,0 @@

-/* NOCW */

-/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/pem.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);

-int main()

-	{

-	BIO *bio_err;

-	X509 *x509=NULL;

-	EVP_PKEY *pkey=NULL;

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);

-	mkit(&x509,&pkey,512,0,365);

-	RSA_print_fp(stdout,pkey->pkey.rsa,0);

-	X509_print_fp(stdout,x509);

-	PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);

-	PEM_write_X509(stdout,x509);

-	X509_free(x509);

-	EVP_PKEY_free(pkey);

-#ifdef CUSTOM_EXT

-	/* Only needed if we add objects or custom extensions */

-	X509V3_EXT_cleanup();

-	OBJ_cleanup();

-#endif

-	CRYPTO_mem_leaks(bio_err);

-	BIO_free(bio_err);

-	return(0);

-	}

-#ifdef WIN16

-#  define MS_CALLBACK   _far _loadds

-#  define MS_FAR        _far

-#else

-#  define MS_CALLBACK

-#  define MS_FAR

-#endif

-static void MS_CALLBACK callback(p, n, arg)

-int p;

-int n;

-void *arg;

-	{

-	char c='B';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	fputc(c,stderr);

-	}

-int mkit(x509p,pkeyp,bits,serial,days)

-X509 **x509p;

-EVP_PKEY **pkeyp;

-int bits;

-int serial;

-int days;

-	{

-	X509 *x;

-	EVP_PKEY *pk;

-	RSA *rsa;

-	X509_NAME *name=NULL;

-	X509_NAME_ENTRY *ne=NULL;

-	X509_EXTENSION *ex=NULL;

-	if ((pkeyp == NULL) || (*pkeyp == NULL))

-		{

-		if ((pk=EVP_PKEY_new()) == NULL)

-			{

-			abort();

-			return(0);

-			}

-		}

-	else

-		pk= *pkeyp;

-	if ((x509p == NULL) || (*x509p == NULL))

-		{

-		if ((x=X509_new()) == NULL)

-			goto err;

-		}

-	else

-		x= *x509p;

-	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);

-	if (!EVP_PKEY_assign_RSA(pk,rsa))

-		{

-		abort();

-		goto err;

-		}

-	rsa=NULL;

-	X509_set_version(x,3);

-	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);

-	X509_gmtime_adj(X509_get_notBefore(x),0);

-	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);

-	X509_set_pubkey(x,pk);

-	name=X509_get_subject_name(x);

-	/* This function creates and adds the entry, working out the

-	 * correct string type and performing checks on its length.

-	 * Normally we'd check the return value for errors...

-	 */

-	X509_NAME_add_entry_by_txt(name,"C",

-				MBSTRING_ASC, "UK", -1, -1, 0);

-	X509_NAME_add_entry_by_txt(name,"CN",

-				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);

-	X509_set_issuer_name(x,name);

-	/* Add extension using V3 code: we can set the config file as NULL

-	 * because we wont reference any other sections. We can also set

-         * the context to NULL because none of these extensions below will need

-	 * to access it.

-	 */

-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");

-	X509_add_ext(x,ex,-1);

-	X509_EXTENSION_free(ex);

-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,

-						"example comment extension");

-	X509_add_ext(x,ex,-1);

-	X509_EXTENSION_free(ex);

-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,

-							"www.openssl.org");

-	X509_add_ext(x,ex,-1);

-	X509_EXTENSION_free(ex);

-#if 0

-	/* might want something like this too.... */

-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,

-							"critical,CA:TRUE");

-	X509_add_ext(x,ex,-1);

-	X509_EXTENSION_free(ex);

-#endif

-#ifdef CUSTOM_EXT

-	/* Maybe even add our own extension based on existing */

-	{

-		int nid;

-		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");

-		X509V3_EXT_add_alias(nid, NID_netscape_comment);

-		ex = X509V3_EXT_conf_nid(NULL, NULL, nid,

-						"example comment alias");

-		X509_add_ext(x,ex,-1);

-		X509_EXTENSION_free(ex);

-	}

-#endif

-	if (!X509_sign(x,pk,EVP_md5()))

-		goto err;

-	*x509p=x;

-	*pkeyp=pk;

-	return(1);

-err:

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/demos/sign/Makefile

+++ /dev/null

@@ -1,15 +1,0 @@

-CC=cc

-CFLAGS= -g -I../../include -Wall

-LIBS=  -L../.. -lcrypto

-EXAMPLES=sign

-all: $(EXAMPLES)

-sign: sign.o

-	$(CC) -o sign sign.o $(LIBS)

-clean:

-	rm -f $(EXAMPLES) *.o

-test: all

-	./sign

--- a/sys/src/ape/lib/openssl/demos/sign/cert.pem

+++ /dev/null

@@ -1,14 +1,0 @@

------BEGIN CERTIFICATE-----

-MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv

-bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy

-dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X

-DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw

-EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l

-dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT

-EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp

-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw

-L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN

-BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX

-9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/demos/sign/key.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ

-2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF

-oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr

-8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc

-a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7

-WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA

-6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/demos/sign/sig.txt

+++ /dev/null

@@ -1,158 +1,0 @@

-From [email protected] Mon Sep 30 02:37:40 1996

-Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782

-  (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000

-Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)

-Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <[email protected]>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)

-Received: by minbne.mincom.oz.au id AA22230

-  (5.65c/IDA-1.4.4 for [email protected]); Mon, 30 Sep 1996 11:38:41 +1000

-Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <[email protected]>; Mon, 30 Sep 1996 11:40:07 +1000

-Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100

-Date: Mon, 30 Sep 1996 01:37:40 +0100

-Message-Id: <[email protected]>

-From: Sampo Kellomaki <[email protected]>

-To: [email protected]

-Cc: [email protected]

-Subject: Signing with envelope routines

-Sender: [email protected]

-Precedence: bulk

-Status: RO

-X-Status: D

-I have been trying to figure out how to produce signatures with EVP_

-routines. I seem to be able to read in private key and sign some

-data ok, but I can't figure out how I am supposed to read in

-public key so that I could verify my signature. I use self signed

-certificate.

-I figured I should use

-	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,

-	                               fp, NULL, NULL);

-to read in private key and this seems to work Ok.

-However when I try analogous

-	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,

-	                               fp, NULL, NULL);

-the program fails with

-error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93

-error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232

-I figured that the second argument to PEM_ASN1_read should match the

-name in my PEM encoded object, hence PEM_STRING_X509.

-PEM_STRING_EVP_PKEY seems to be somehow magical

-because it matches whatever private key there happens to be. I could

-not find a similar constant to use with getting the certificate, however.

-Is my approach of using PEM_ASN1_read correct? What should I pass in

-as name?  Can I use normal (or even self signed) X509 certificate for

-verifying the signature?

-When will SSLeay documentation be written ;-)? If I would contribute

-comments to the code, would Eric take time to review them and include

-them in distribution?

-I'm using SSLeay-0.6.4. My program is included below along with the

-key and cert that I use.

---Sampo

------------------------------------

-/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data

-   29.9.1996, Sampo Kellomaki <[email protected]> */

-#include <stdio.h>

-#include "rsa.h"

-#include "evp.h"

-#include "objects.h"

-#include "x509.h"

-#include "err.h"

-#include "pem.h"

-#include "ssl.h"

-void main ()

-{

-  int err;

-  int sig_len;

-  unsigned char sig_buf [4096];

-  const char certfile[] = "plain-cert.pem";

-  const char keyfile[]  = "plain-key.pem";

-  const char data[]     = "I owe you...";

-  EVP_MD_CTX     md_ctx;

-  EVP_PKEY*      pkey;

-  FILE*          fp;

-  SSL_load_error_strings();

-  /* Read private key */

-  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);

-  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,

-				   PEM_STRING_EVP_PKEY,

-				   fp,

-				   NULL, NULL);

-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  fclose (fp);

-  /* Do the signature */

-  EVP_SignInit   (&md_ctx, EVP_md5());

-  EVP_SignUpdate (&md_ctx, data, strlen(data));

-  sig_len = sizeof(sig_buf);

-  err = EVP_SignFinal (&md_ctx,

-		       sig_buf,

-		       &sig_len,

-		       pkey);

-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  EVP_PKEY_free (pkey);

-  /* Read public key */

-  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);

-  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,

-				   PEM_STRING_X509,

-				   fp,

-				   NULL, NULL);

-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  fclose (fp);

-  /* Verify the signature */

-  EVP_VerifyInit   (&md_ctx, EVP_md5());

-  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));

-  err = EVP_VerifyFinal (&md_ctx,

-			 sig_buf,

-			 sig_len,

-			 pkey);

-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  EVP_PKEY_free (pkey);

-  printf ("Signature Verified Ok.\n");

-}

-/* EOF */

---------------- plain-cert.pem -----------------

------BEGIN CERTIFICATE-----

-MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD

-VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv

-bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy

-dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X

-DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw

-EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l

-dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT

-EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp

-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw

-L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN

-BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX

-9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=

------END CERTIFICATE-----

----------------- plain-key.pem -----------------

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ

-2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF

-oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr

-8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc

-a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7

-WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA

-6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=

------END RSA PRIVATE KEY-----

-------------------------------------------------

--- a/sys/src/ape/lib/openssl/demos/sign/sign.c

+++ /dev/null

@@ -1,153 +1,0 @@

-/* demos/sign/sign.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data

-   29.9.1996, Sampo Kellomaki <[email protected]> */

-/* converted to C - eay :-) */

-/* reformated a bit and converted to use the more common functions: this was

- * initially written at the dawn of time :-) - Steve.

- */

-#include <stdio.h>

-#include <openssl/rsa.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/err.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-int main ()

-{

-  int err;

-  int sig_len;

-  unsigned char sig_buf [4096];

-  static char certfile[] = "cert.pem";

-  static char keyfile[]  = "key.pem";

-  static char data[]     = "I owe you...";

-  EVP_MD_CTX     md_ctx;

-  EVP_PKEY *      pkey;

-  FILE *          fp;

-  X509 *	x509;

-  /* Just load the crypto library error strings,

-   * SSL_load_error_strings() loads the crypto AND the SSL ones */

-  /* SSL_load_error_strings();*/

-  ERR_load_crypto_strings();

-  /* Read private key */

-  fp = fopen (keyfile, "r");

-  if (fp == NULL) exit (1);

-  pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);

-  fclose (fp);

-  if (pkey == NULL) {

-	ERR_print_errors_fp (stderr);

-	exit (1);

-  }

-  /* Do the signature */

-  EVP_SignInit   (&md_ctx, EVP_sha1());

-  EVP_SignUpdate (&md_ctx, data, strlen(data));

-  sig_len = sizeof(sig_buf);

-  err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);

-  if (err != 1) {

-	ERR_print_errors_fp(stderr);

-	exit (1);

-  }

-  EVP_PKEY_free (pkey);

-  /* Read public key */

-  fp = fopen (certfile, "r");

-  if (fp == NULL) exit (1);

-  x509 = PEM_read_X509(fp, NULL, NULL, NULL);

-  fclose (fp);

-  if (x509 == NULL) {

-	ERR_print_errors_fp (stderr);

-	exit (1);

-  }

-  /* Get public key - eay */

-  pkey=X509_get_pubkey(x509);

-  if (pkey == NULL) {

-	ERR_print_errors_fp (stderr);

-	exit (1);

-  }

-  /* Verify the signature */

-  EVP_VerifyInit   (&md_ctx, EVP_sha1());

-  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));

-  err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);

-  EVP_PKEY_free (pkey);

-  if (err != 1) {

-	ERR_print_errors_fp (stderr);

-	exit (1);

-  }

-  printf ("Signature Verified Ok.\n");

-  return(0);

-}

--- a/sys/src/ape/lib/openssl/demos/sign/sign.txt

+++ /dev/null

@@ -1,170 +1,0 @@

-From [email protected] Mon Sep 30 22:43:15 1996

-Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802

-  (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000

-Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)

-Received: from orb.mincom.oz.au ([email protected] [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <[email protected]>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)

-Received: by orb.mincom.oz.au id AA12688

-  (5.65c/IDA-1.4.4 for [email protected]); Mon, 30 Sep 1996 12:43:16 +1000

-Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)

-From: Eric Young <[email protected]>

-X-Sender: eay@orb

-To: Sampo Kellomaki <[email protected]>

-Cc: [email protected], [email protected]

-Subject: Re: Signing with envelope routines

-In-Reply-To: <[email protected]>

-Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>

-Mime-Version: 1.0

-Content-Type: TEXT/PLAIN; charset=US-ASCII

-Sender: [email protected]

-Precedence: bulk

-Status: O

-X-Status:

-On Mon, 30 Sep 1996, Sampo Kellomaki wrote:

-> I have been trying to figure out how to produce signatures with EVP_

-> routines. I seem to be able to read in private key and sign some

-> data ok, but I can't figure out how I am supposed to read in

-> public key so that I could verify my signature. I use self signed

-> certificate.

-hmm... a rather poorly documented are of the library at this point in time.

-> I figured I should use

-> 	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,

-> 	                               fp, NULL, NULL);

-> to read in private key and this seems to work Ok.

->

-> However when I try analogous

-> 	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,

-> 	                               fp, NULL, NULL);

-What you should do is

-	X509 *x509=PEM_read_X509(fp,NULL,NULL);

-	/* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,

-	 * NULL,NULL); */

-Then

-	EVP_PKEY *pkey=X509_extract_key(x509);

-There is also a X509_REQ_extract_key(req);

-which gets the public key from a certificate request.

-I re-worked quite a bit of this when I cleaned up the dependancy on

-RSA as the private key.

-> I figured that the second argument to PEM_ASN1_read should match the

-> name in my PEM encoded object, hence PEM_STRING_X509.

-> PEM_STRING_EVP_PKEY seems to be somehow magical

-> because it matches whatever private key there happens to be. I could

-> not find a similar constant to use with getting the certificate, however.

-:-), PEM_STRING_EVP_PKEY is 'magical' :-).  In theory I should be using a

-standard such as PKCS#8 to store the private key so that the type is

-encoded in the asn.1 encoding of the object.

-> Is my approach of using PEM_ASN1_read correct? What should I pass in

-> as name?  Can I use normal (or even self signed) X509 certificate for

-> verifying the signature?

-The actual public key is kept in the certificate, so basically you have

-to load the certificate and then 'unpack' the public key from the

-certificate.

-> When will SSLeay documentation be written ;-)? If I would contribute

-> comments to the code, would Eric take time to review them and include

-> them in distribution?

-:-) After SSLv3 and PKCS#7 :-).  I actually started doing a function list

-but what I really need to do is do quite a few 'this is how you do xyz'

-type documents.  I suppose the current method is to post to ssl-users and

-I'll respond :-).

-I'll add a 'demo' directory for the next release, I've appended a

-modified version of your program that works, you were very close :-).

-eric

-/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data

-   29.9.1996, Sampo Kellomaki <[email protected]> */

-/* converted to C - eay :-) */

-#include <stdio.h>

-#include "rsa.h"

-#include "evp.h"

-#include "objects.h"

-#include "x509.h"

-#include "err.h"

-#include "pem.h"

-#include "ssl.h"

-void main ()

-{

-  int err;

-  int sig_len;

-  unsigned char sig_buf [4096];

-  static char certfile[] = "plain-cert.pem";

-  static char keyfile[]  = "plain-key.pem";

-  static char data[]     = "I owe you...";

-  EVP_MD_CTX     md_ctx;

-  EVP_PKEY *      pkey;

-  FILE *          fp;

-  X509 *	x509;

-  /* Just load the crypto library error strings,

-   * SSL_load_error_strings() loads the crypto AND the SSL ones */

-  /* SSL_load_error_strings();*/

-  ERR_load_crypto_strings();

-  /* Read private key */

-  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);

-  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,

-				   PEM_STRING_EVP_PKEY,

-				   fp,

-				   NULL, NULL);

-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  fclose (fp);

-  /* Do the signature */

-  EVP_SignInit   (&md_ctx, EVP_md5());

-  EVP_SignUpdate (&md_ctx, data, strlen(data));

-  sig_len = sizeof(sig_buf);

-  err = EVP_SignFinal (&md_ctx,

-		       sig_buf,

-		       &sig_len,

-		       pkey);

-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  EVP_PKEY_free (pkey);

-  /* Read public key */

-  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);

-  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,

-				   PEM_STRING_X509,

-				   fp, NULL, NULL);

-  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  fclose (fp);

-  /* Get public key - eay */

-  pkey=X509_extract_key(x509);

-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  /* Verify the signature */

-  EVP_VerifyInit   (&md_ctx, EVP_md5());

-  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));

-  err = EVP_VerifyFinal (&md_ctx,

-			 sig_buf,

-			 sig_len,

-			 pkey);

-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }

-  EVP_PKEY_free (pkey);

-  printf ("Signature Verified Ok.\n");

-}

--- a/sys/src/ape/lib/openssl/demos/spkigen.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* NOCW */

-/* demos/spkigen.c

- * 18-Mar-1997 - eay - A quick hack :-)

- * 		version 1.1, it would probably help to save or load the

- *		private key :-)

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/err.h>

-#include <openssl/asn1.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-/* The following two don't exist in SSLeay but they are in here as

- * examples */

-#define PEM_write_SPKI(fp,x) \

-	PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\

-			(char *)x,NULL,NULL,0,NULL)

-int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);

-/* These are defined in the next version of SSLeay */

-int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);

-#define RSA_F4	0x10001

-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\

-					(char *)(rsa))

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	RSA *rsa=NULL;

-	NETSCAPE_SPKI *spki=NULL;

-	EVP_PKEY *pkey=NULL;

-	char buf[128];

-	int ok=0,i;

-	FILE *fp;

-	pkey=EVP_PKEY_new();

-	if (argc < 2)

-		{

-		/* Generate an RSA key, the random state should have been seeded

-		 * with lots of calls to RAND_seed(....) */

-		fprintf(stderr,"generating RSA key, could take some time...\n");

-		if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;

-		}

-	else

-		{

-		if ((fp=fopen(argv[1],"r")) == NULL)

-			{ perror(argv[1]); goto err; }

-		if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)

-			goto err;

-		fclose(fp);

-		}

-	if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;

-	rsa=NULL;

-	/* lets make the spki and set the public key and challenge */

-	if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;

-	if (!SPKI_set_pubkey(spki,pkey)) goto err;

-	fprintf(stderr,"please enter challenge string:");

-	fflush(stderr);

-	buf[0]='\0';

-	fgets(buf,sizeof buf,stdin);

-	i=strlen(buf);

-	if (i > 0) buf[--i]='\0';

-	if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,

-		buf,i)) goto err;

-	if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;

-	PEM_write_SPKI(stdout,spki);

-	if (argc < 2)

-		PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);

-	ok=1;

-err:

-	if (!ok)

-		{

-		fprintf(stderr,"something bad happened....");

-		ERR_print_errors_fp(stderr);

-		}

-	NETSCAPE_SPKI_free(spki);

-	EVP_PKEY_free(pkey);

-	exit(!ok);

-	}

-/* This function is in the next version of SSLeay */

-int EVP_PKEY_assign(pkey,type,key)

-EVP_PKEY *pkey;

-int type;

-char *key;

-	{

-	if (pkey == NULL) return(0);

-	if (pkey->pkey.ptr != NULL)

-		{

-		if (pkey->type == EVP_PKEY_RSA)

-			RSA_free(pkey->pkey.rsa);

-		/* else memory leak */

-		}

-	pkey->type=type;

-	pkey->pkey.ptr=key;

-	return(1);

-	}

-/* While I have a

- * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does

- * not currently exist so here is a version of it.

- * The next SSLeay release will probably have

- * X509_set_pubkey(),

- * X509_REQ_set_pubkey() and

- * NETSCAPE_SPKI_set_pubkey()

- * as macros calling the same function */

-int SPKI_set_pubkey(x,pkey)

-NETSCAPE_SPKI *x;

-EVP_PKEY *pkey;

-	{

-	int ok=0;

-	X509_PUBKEY *pk;

-	X509_ALGOR *a;

-	ASN1_OBJECT *o;

-	unsigned char *s,*p;

-	int i;

-	if (x == NULL) return(0);

-	if ((pk=X509_PUBKEY_new()) == NULL) goto err;

-	a=pk->algor;

-	/* set the algorithm id */

-	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;

-	ASN1_OBJECT_free(a->algorithm);

-	a->algorithm=o;

-	/* Set the parameter list */

-	if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))

-		{

-		ASN1_TYPE_free(a->parameter);

-		a->parameter=ASN1_TYPE_new();

-		a->parameter->type=V_ASN1_NULL;

-		}

-	i=i2d_PublicKey(pkey,NULL);

-	if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;

-	p=s;

-	i2d_PublicKey(pkey,&p);

-	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;

-	free(s);

-	X509_PUBKEY_free(x->spkac->pubkey);

-	x->spkac->pubkey=pk;

-	pk=NULL;

-	ok=1;

-err:

-	if (pk != NULL) X509_PUBKEY_free(pk);

-	return(ok);

-	}

--- a/sys/src/ape/lib/openssl/demos/ssl/cli.cpp

+++ /dev/null

@@ -1,110 +1,0 @@

-/* cli.cpp  -  Minimal ssleay client for Unix

-   30.9.1996, Sampo Kellomaki <[email protected]> */

-/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b

-   Simplified to be even more minimal

-   12/98 - 4/99 Wade Scholine <[email protected]> */

-#include <stdio.h>

-#include <memory.h>

-#include <errno.h>

-#include <sys/types.h>

-#include <sys/socket.h>

-#include <netinet/in.h>

-#include <arpa/inet.h>

-#include <netdb.h>

-#include <openssl/crypto.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-#define CHK_NULL(x) if ((x)==NULL) exit (1)

-#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }

-#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }

-void main ()

-{

-  int err;

-  int sd;

-  struct sockaddr_in sa;

-  SSL_CTX* ctx;

-  SSL*     ssl;

-  X509*    server_cert;

-  char*    str;

-  char     buf [4096];

-  SSL_METHOD *meth;

-  SSLeay_add_ssl_algorithms();

-  meth = SSLv2_client_method();

-  SSL_load_error_strings();

-  ctx = SSL_CTX_new (meth);                        CHK_NULL(ctx);

-  CHK_SSL(err);

-  /* ----------------------------------------------- */

-  /* Create a socket and connect to server using normal socket calls. */

-  sd = socket (AF_INET, SOCK_STREAM, 0);       CHK_ERR(sd, "socket");

-  memset (&sa, '\0', sizeof(sa));

-  sa.sin_family      = AF_INET;

-  sa.sin_addr.s_addr = inet_addr ("127.0.0.1");   /* Server IP */

-  sa.sin_port        = htons     (1111);          /* Server Port number */

-  err = connect(sd, (struct sockaddr*) &sa,

-		sizeof(sa));                   CHK_ERR(err, "connect");

-  /* ----------------------------------------------- */

-  /* Now we have TCP conncetion. Start SSL negotiation. */

-  ssl = SSL_new (ctx);                         CHK_NULL(ssl);

-  SSL_set_fd (ssl, sd);

-  err = SSL_connect (ssl);                     CHK_SSL(err);

-  /* Following two steps are optional and not required for

-     data exchange to be successful. */

-  /* Get the cipher - opt */

-  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));

-  /* Get server's certificate (note: beware of dynamic allocation) - opt */

-  server_cert = SSL_get_peer_certificate (ssl);       CHK_NULL(server_cert);

-  printf ("Server certificate:\n");

-  str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);

-  CHK_NULL(str);

-  printf ("\t subject: %s\n", str);

-  OPENSSL_free (str);

-  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);

-  CHK_NULL(str);

-  printf ("\t issuer: %s\n", str);

-  OPENSSL_free (str);

-  /* We could do all sorts of certificate verification stuff here before

-     deallocating the certificate. */

-  X509_free (server_cert);

-  /* --------------------------------------------------- */

-  /* DATA EXCHANGE - Send a message and receive a reply. */

-  err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));  CHK_SSL(err);

-  err = SSL_read (ssl, buf, sizeof(buf) - 1);                     CHK_SSL(err);

-  buf[err] = '\0';

-  printf ("Got %d chars:'%s'\n", err, buf);

-  SSL_shutdown (ssl);  /* send SSL/TLS close_notify */

-  /* Clean up. */

-  close (sd);

-  SSL_free (ssl);

-  SSL_CTX_free (ctx);

-}

-/* EOF - cli.cpp */

--- a/sys/src/ape/lib/openssl/demos/ssl/inetdsrv.cpp

+++ /dev/null

@@ -1,98 +1,0 @@

-/* inetdserv.cpp  -  Minimal ssleay server for Unix inetd.conf

- * 30.9.1996, Sampo Kellomaki <[email protected]>

- * From /etc/inetd.conf:

- *     1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv

- */

-#include <stdio.h>

-#include <errno.h>

-#include "rsa.h"       /* SSLeay stuff */

-#include <openssl/crypto.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-#define HOME "/usr/users/sampo/demo/"

-#define CERTF HOME "plain-cert.pem"

-#define KEYF  HOME "plain-key.pem"

-#define CHK_NULL(x) if ((x)==NULL) exit (1)

-#define CHK_ERR(err,s) if ((err)==-1) \

-                         { fprintf(log, "%s %d\n", (s), errno); exit(1); }

-#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }

-void main ()

-{

-  int err;

-  SSL_CTX* ctx;

-  SSL*     ssl;

-  X509*    client_cert;

-  char*    str;

-  char     buf [4096];

-  FILE* log;

-  log = fopen ("/dev/console", "a");                     CHK_NULL(log);

-  fprintf (log, "inetdserv %ld\n", (long)getpid());

-  SSL_load_error_strings();

-  ctx = SSL_CTX_new (); CHK_NULL(ctx);

-  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);

-  CHK_SSL (err);

-  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);

-  CHK_SSL (err);

-  /* inetd has already opened the TCP connection, so we can get right

-     down to business. */

-  ssl = SSL_new (ctx);  CHK_NULL(ssl);

-  SSL_set_fd (ssl,  fileno(stdin));

-  err = SSL_accept (ssl);                                CHK_SSL(err);

-  /* Get the cipher - opt */

-  fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));

-  /* Get client's certificate (note: beware of dynamic allocation) - opt */

-  client_cert = SSL_get_peer_certificate (ssl);

-  if (client_cert != NULL) {

-    fprintf (log, "Client certificate:\n");

-    str = X509_NAME_oneline (X509_get_subject_name (client_cert));

-    CHK_NULL(str);

-    fprintf (log, "\t subject: %s\n", str);

-    OPENSSL_free (str);

-    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));

-    CHK_NULL(str);

-    fprintf (log, "\t issuer: %s\n", str);

-    OPENSSL_free (str);

-    /* We could do all sorts of certificate verification stuff here before

-       deallocating the certificate. */

-    X509_free (client_cert);

-  } else

-    fprintf (log, "Client doe not have certificate.\n");

-  /* ------------------------------------------------- */

-  /* DATA EXCHANGE: Receive message and send reply  */

-  err = SSL_read (ssl, buf, sizeof(buf) - 1);  CHK_SSL(err);

-  buf[err] = '\0';

-  fprintf (log, "Got %d chars:'%s'\n", err, buf);

-  err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));

-  CHK_SSL(err);

-  /* Clean up. */

-  fclose (log);

-  SSL_free (ssl);

-  SSL_CTX_free (ctx);

-}

-/* EOF - inetdserv.cpp */

--- a/sys/src/ape/lib/openssl/demos/ssl/serv.cpp

+++ /dev/null

@@ -1,152 +1,0 @@

-/* serv.cpp  -  Minimal ssleay server for Unix

-   30.9.1996, Sampo Kellomaki <[email protected]> */

-/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b

-   Simplified to be even more minimal

-   12/98 - 4/99 Wade Scholine <[email protected]> */

-#include <stdio.h>

-#include <unistd.h>

-#include <stdlib.h>

-#include <memory.h>

-#include <errno.h>

-#include <sys/types.h>

-#include <sys/socket.h>

-#include <netinet/in.h>

-#include <arpa/inet.h>

-#include <netdb.h>

-#include <openssl/rsa.h>       /* SSLeay stuff */

-#include <openssl/crypto.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-/* define HOME to be dir for key and cert files... */

-#define HOME "./"

-/* Make these what you want for cert & key files */

-#define CERTF  HOME "foo-cert.pem"

-#define KEYF  HOME  "foo-cert.pem"

-#define CHK_NULL(x) if ((x)==NULL) exit (1)

-#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }

-#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }

-void main ()

-{

-  int err;

-  int listen_sd;

-  int sd;

-  struct sockaddr_in sa_serv;

-  struct sockaddr_in sa_cli;

-  size_t client_len;

-  SSL_CTX* ctx;

-  SSL*     ssl;

-  X509*    client_cert;

-  char*    str;

-  char     buf [4096];

-  SSL_METHOD *meth;

-  /* SSL preliminaries. We keep the certificate and key with the context. */

-  SSL_load_error_strings();

-  SSLeay_add_ssl_algorithms();

-  meth = SSLv23_server_method();

-  ctx = SSL_CTX_new (meth);

-  if (!ctx) {

-    ERR_print_errors_fp(stderr);

-    exit(2);

-  }

-  if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {

-    ERR_print_errors_fp(stderr);

-    exit(3);

-  }

-  if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {

-    ERR_print_errors_fp(stderr);

-    exit(4);

-  }

-  if (!SSL_CTX_check_private_key(ctx)) {

-    fprintf(stderr,"Private key does not match the certificate public key\n");

-    exit(5);

-  }

-  /* ----------------------------------------------- */

-  /* Prepare TCP socket for receiving connections */

-  listen_sd = socket (AF_INET, SOCK_STREAM, 0);   CHK_ERR(listen_sd, "socket");

-  memset (&sa_serv, '\0', sizeof(sa_serv));

-  sa_serv.sin_family      = AF_INET;

-  sa_serv.sin_addr.s_addr = INADDR_ANY;

-  sa_serv.sin_port        = htons (1111);          /* Server Port number */

-  err = bind(listen_sd, (struct sockaddr*) &sa_serv,

-	     sizeof (sa_serv));                   CHK_ERR(err, "bind");

-  /* Receive a TCP connection. */

-  err = listen (listen_sd, 5);                    CHK_ERR(err, "listen");

-  client_len = sizeof(sa_cli);

-  sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);

-  CHK_ERR(sd, "accept");

-  close (listen_sd);

-  printf ("Connection from %lx, port %x\n",

-	  sa_cli.sin_addr.s_addr, sa_cli.sin_port);

-  /* ----------------------------------------------- */

-  /* TCP connection is ready. Do server side SSL. */

-  ssl = SSL_new (ctx);                           CHK_NULL(ssl);

-  SSL_set_fd (ssl, sd);

-  err = SSL_accept (ssl);                        CHK_SSL(err);

-  /* Get the cipher - opt */

-  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));

-  /* Get client's certificate (note: beware of dynamic allocation) - opt */

-  client_cert = SSL_get_peer_certificate (ssl);

-  if (client_cert != NULL) {

-    printf ("Client certificate:\n");

-    str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);

-    CHK_NULL(str);

-    printf ("\t subject: %s\n", str);

-    OPENSSL_free (str);

-    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);

-    CHK_NULL(str);

-    printf ("\t issuer: %s\n", str);

-    OPENSSL_free (str);

-    /* We could do all sorts of certificate verification stuff here before

-       deallocating the certificate. */

-    X509_free (client_cert);

-  } else

-    printf ("Client does not have certificate.\n");

-  /* DATA EXCHANGE - Receive message and send reply. */

-  err = SSL_read (ssl, buf, sizeof(buf) - 1);                   CHK_SSL(err);

-  buf[err] = '\0';

-  printf ("Got %d chars:'%s'\n", err, buf);

-  err = SSL_write (ssl, "I hear you.", strlen("I hear you."));  CHK_SSL(err);

-  /* Clean up. */

-  close (sd);

-  SSL_free (ssl);

-  SSL_CTX_free (ctx);

-}

-/* EOF - serv.cpp */

--- a/sys/src/ape/lib/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh

+++ /dev/null

@@ -1,98 +1,0 @@

-#!/bin/sh

-# For a list of supported curves, use "apps/openssl ecparam -list_curves".

-# Path to the openssl distribution

-OPENSSL_DIR=../..

-# Path to the openssl program

-OPENSSL_CMD=$OPENSSL_DIR/apps/openssl

-# Option to find configuration file

-OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"

-# Directory where certificates are stored

-CERTS_DIR=./Certs

-# Directory where private key files are stored

-KEYS_DIR=$CERTS_DIR

-# Directory where combo files (containing a certificate and corresponding

-# private key together) are stored

-COMBO_DIR=$CERTS_DIR

-# cat command

-CAT=/bin/cat

-# rm command

-RM=/bin/rm

-# mkdir command

-MKDIR=/bin/mkdir

-# The certificate will expire these many days after the issue date.

-DAYS=1500

-TEST_CA_FILE=rsa1024TestCA

-TEST_SERVER_CURVE=sect163r1

-TEST_SERVER_FILE=sect163r1-rsaTestServer

-TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)"

-TEST_CLIENT_CURVE=sect163r1

-TEST_CLIENT_FILE=sect163r1-rsaTestClient

-TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)"

-# Generating an EC certificate involves the following main steps

-# 1. Generating curve parameters (if needed)

-# 2. Generating a certificate request

-# 3. Signing the certificate request

-# 4. [Optional] One can combine the cert and private key into a single

-#    file and also delete the certificate request

-$MKDIR -p $CERTS_DIR

-$MKDIR -p $KEYS_DIR

-$MKDIR -p $COMBO_DIR

-echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)"

-echo "=============================================================="

-$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \

-    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \

-    -newkey ec:$TEST_SERVER_CURVE.pem -new \

-    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \

-    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \

-    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_SERVER_FILE.pem

-$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem

-echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)"

-echo "=============================================================="

-$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \

-	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \

-	     -newkey ec:$TEST_CLIENT_CURVE.pem -new \

-	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \

-    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \

-    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem

-$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

--- a/sys/src/ape/lib/openssl/demos/ssltest-ecc/ECCcertgen.sh

+++ /dev/null

@@ -1,164 +1,0 @@

-#!/bin/sh

-# For a list of supported curves, use "apps/openssl ecparam -list_curves".

-# Path to the openssl distribution

-OPENSSL_DIR=../..

-# Path to the openssl program

-OPENSSL_CMD=$OPENSSL_DIR/apps/openssl

-# Option to find configuration file

-OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"

-# Directory where certificates are stored

-CERTS_DIR=./Certs

-# Directory where private key files are stored

-KEYS_DIR=$CERTS_DIR

-# Directory where combo files (containing a certificate and corresponding

-# private key together) are stored

-COMBO_DIR=$CERTS_DIR

-# cat command

-CAT=/bin/cat

-# rm command

-RM=/bin/rm

-# mkdir command

-MKDIR=/bin/mkdir

-# The certificate will expire these many days after the issue date.

-DAYS=1500

-TEST_CA_CURVE=secp160r1

-TEST_CA_FILE=secp160r1TestCA

-TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)"

-TEST_SERVER_CURVE=secp160r2

-TEST_SERVER_FILE=secp160r2TestServer

-TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)"

-TEST_CLIENT_CURVE=secp160r2

-TEST_CLIENT_FILE=secp160r2TestClient

-TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)"

-# Generating an EC certificate involves the following main steps

-# 1. Generating curve parameters (if needed)

-# 2. Generating a certificate request

-# 3. Signing the certificate request

-# 4. [Optional] One can combine the cert and private key into a single

-#    file and also delete the certificate request

-$MKDIR -p $CERTS_DIR

-$MKDIR -p $KEYS_DIR

-$MKDIR -p $COMBO_DIR

-echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)"

-echo "==============================================================="

-$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem

-# Generate a new certificate request in $TEST_CA_FILE.req.pem. A

-# new ecdsa (actually ECC) key pair is generated on the parameters in

-# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem

-# WARNING: By using the -nodes option, we force the private key to be

-# stored in the clear (rather than encrypted with a password).

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \

-    -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -newkey ec:$TEST_CA_CURVE.pem -new \

-    -out $CERTS_DIR/$TEST_CA_FILE.req.pem

-# Sign the certificate request in $TEST_CA_FILE.req.pem using the

-# private key in $TEST_CA_FILE.key.pem and include the CA extension.

-# Make the certificate valid for 1500 days from the time of signing.

-# The certificate is written into $TEST_CA_FILE.cert.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_CA_FILE.req.pem \

-    -extfile $OPENSSL_DIR/apps/openssl.cnf \

-    -extensions v3_ca \

-    -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_CA_FILE.cert.pem

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_CA_FILE.pem

-$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_CA_FILE.req.pem

-echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)"

-echo "=========================================================================="

-# Generate parameters for curve $TEST_SERVER_CURVE, if needed

-$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem

-# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A

-# new ecdsa (actually ECC) key pair is generated on the parameters in

-# $TEST_SERVER_CURVE.pem and the private key is saved in

-# $TEST_SERVER_FILE.key.pem

-# WARNING: By using the -nodes option, we force the private key to be

-# stored in the clear (rather than encrypted with a password).

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \

-    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \

-    -newkey ec:$TEST_SERVER_CURVE.pem -new \

-    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem

-# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the

-# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in

-# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number

-# file for this CA, create one. Make the certificate valid for $DAYS days

-# from the time of signing. The certificate is written into

-# $TEST_SERVER_FILE.cert.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \

-    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \

-    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_SERVER_FILE.pem

-$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem

-echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)"

-echo "=========================================================================="

-# Generate parameters for curve $TEST_CLIENT_CURVE, if needed

-$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem

-# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A

-# new ecdsa (actually ECC) key pair is generated on the parameters in

-# $TEST_CLIENT_CURVE.pem and the private key is saved in

-# $TEST_CLIENT_FILE.key.pem

-# WARNING: By using the -nodes option, we force the private key to be

-# stored in the clear (rather than encrypted with a password).

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \

-	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \

-	     -newkey ec:$TEST_CLIENT_CURVE.pem -new \

-	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

-# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the

-# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in

-# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number

-# file for this CA, create one. Make the certificate valid for $DAYS days

-# from the time of signing. The certificate is written into

-# $TEST_CLIENT_FILE.cert.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \

-    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \

-    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem

-$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

--- a/sys/src/ape/lib/openssl/demos/ssltest-ecc/README

+++ /dev/null

@@ -1,15 +1,0 @@

-Scripts for using ECC ciphersuites with test/testssl

-(these ciphersuites are described in the Internet Draft available at

-http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt).

-Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate

-root, client and server certs of the following types:

-     ECC certs signed with ECDSA

-     RSA certs signed with RSA

-     ECC certs signed with RSA

-Afterwards, you can use ssltest.sh to run the various tests;

-specify one of the following options:

-     aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa

--- a/sys/src/ape/lib/openssl/demos/ssltest-ecc/RSAcertgen.sh

+++ /dev/null

@@ -1,121 +1,0 @@

-#!/bin/sh

-# For a list of supported curves, use "apps/openssl ecparam -list_curves".

-# Path to the openssl distribution

-OPENSSL_DIR=../..

-# Path to the openssl program

-OPENSSL_CMD=$OPENSSL_DIR/apps/openssl

-# Option to find configuration file

-OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"

-# Directory where certificates are stored

-CERTS_DIR=./Certs

-# Directory where private key files are stored

-KEYS_DIR=$CERTS_DIR

-# Directory where combo files (containing a certificate and corresponding

-# private key together) are stored

-COMBO_DIR=$CERTS_DIR

-# cat command

-CAT=/bin/cat

-# rm command

-RM=/bin/rm

-# mkdir command

-MKDIR=/bin/mkdir

-# The certificate will expire these many days after the issue date.

-DAYS=1500

-TEST_CA_FILE=rsa1024TestCA

-TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"

-TEST_SERVER_FILE=rsa1024TestServer

-TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"

-TEST_CLIENT_FILE=rsa1024TestClient

-TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"

-# Generating an EC certificate involves the following main steps

-# 1. Generating curve parameters (if needed)

-# 2. Generating a certificate request

-# 3. Signing the certificate request

-# 4. [Optional] One can combine the cert and private key into a single

-#    file and also delete the certificate request

-$MKDIR -p $CERTS_DIR

-$MKDIR -p $KEYS_DIR

-$MKDIR -p $COMBO_DIR

-echo "Generating self-signed CA certificate (RSA)"

-echo "==========================================="

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \

-    -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -newkey rsa:1024 -new \

-    -out $CERTS_DIR/$TEST_CA_FILE.req.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_CA_FILE.req.pem \

-    -extfile $OPENSSL_DIR/apps/openssl.cnf \

-    -extensions v3_ca \

-    -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_CA_FILE.cert.pem

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_CA_FILE.pem

-$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_CA_FILE.req.pem

-echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"

-echo "=========================================="

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \

-    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \

-    -newkey rsa:1024 -new \

-    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \

-    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \

-    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_SERVER_FILE.pem

-$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem

-echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"

-echo "=========================================="

-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \

-	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \

-	     -newkey rsa:1024 -new \

-	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

-$OPENSSL_CMD x509 -req -days $DAYS \

-    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \

-    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \

-    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \

-    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial

-# Display the certificate

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text

-# Place the certificate and key in a common file

-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \

-	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem

-$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem

-# Remove the cert request file (no longer needed)

-$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

--- a/sys/src/ape/lib/openssl/demos/ssltest-ecc/ssltest.sh

+++ /dev/null

@@ -1,188 +1,0 @@

-#! /bin/sh

-# Tests ECC cipher suites using ssltest. Requires one argument which could

-# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa.

-# A second optional argument can be one of ssl2 ssl3 or tls1

-if [ "$1" = "" ]; then

-  (echo "Usage: $0 test [ protocol ]"

-   echo "   where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa"

-   echo "   and protocol (optional) is one of ssl2, ssl3, tls1"

-   echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first."

-  ) >&2

-  exit 1

-fi

-OPENSSL_DIR=../..

-CERTS_DIR=./Certs

-SSLTEST=$OPENSSL_DIR/test/ssltest

-# SSL protocol version to test (one of ssl2 ssl3 or tls1)"

-SSLVERSION=

-# These don't really require any certificates

-AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"

-# These require ECC certificates signed with ECDSA

-# The EC public key must be authorized for key agreement.

-ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"

-# These require ECC certificates.

-# The EC public key must be authorized for digital signature.

-ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"

-# These require ECC certificates signed with RSA.

-# The EC public key must be authorized for key agreement.

-ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"

-# These require RSA certificates.

-# The RSA public key must be authorized for digital signature.

-ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"

-# List of Elliptic curves over which we wish to test generation of

-# ephemeral ECDH keys when using AECDH or ECDHE ciphers

-# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1

-#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1"

-ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1"

-DEFAULT_CURVE="sect163r2"

-if [ "$2" = "" ]; then

-    if [ "$SSL_VERSION" = "" ]; then

-	SSL_VERSION=""

-    else

-	SSL_VERSION="-$SSL_VERSION"

-    fi

-else

-    SSL_VERSION="-$2"

-fi

-#==============================================================

-# Anonymous cipher suites do not require key or certificate files

-# but ssltest expects a cert file and complains if it can't

-# open the default one.

-SERVER_PEM=$OPENSSL_DIR/apps/server.pem

-if [ "$1" = "aecdh" ]; then

-for cipher in $AECDH_CIPHER_LIST

-do

-    echo "Testing $cipher"

-    $SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher

-done

-#--------------------------------------------------------------

-for curve in $ELLIPTIC_CURVE_LIST

-do

-    echo "Testing AECDH-NULL-SHA (with $curve)"

-    $SSLTEST $SSL_VERSION -cert $SERVER_PEM \

-	-named_curve $curve -cipher AECDH-NULL-SHA

-done

-for curve in $ELLIPTIC_CURVE_LIST

-do

-    echo "Testing AECDH-RC4-SHA (with $curve)"

-    $SSLTEST $SSL_VERSION -cert $SERVER_PEM \

-	-named_curve $curve -cipher AECDH-RC4-SHA

-done

-fi

-#==============================================================

-# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require

-# the server to have an ECC certificate signed with ECDSA.

-CA_PEM=$CERTS_DIR/secp160r1TestCA.pem

-SERVER_PEM=$CERTS_DIR/secp160r2TestServer.pem

-CLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pem

-if [ "$1" = "ecdh-ecdsa" ]; then

-for cipher in $ECDH_ECDSA_CIPHER_LIST

-do

-    echo "Testing $cipher (with server authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-cipher $cipher

-    echo "Testing $cipher (with server and client authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-c_cert $CLIENT_PEM -client_auth \

-	-cipher $cipher

-done

-fi

-#==============================================================

-if [ "$1" = "ecdhe-ecdsa" ]; then

-for cipher in $ECDHE_ECDSA_CIPHER_LIST

-do

-    echo "Testing $cipher (with server authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-cipher $cipher -named_curve $DEFAULT_CURVE

-    echo "Testing $cipher (with server and client authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-c_cert $CLIENT_PEM -client_auth \

-	-cipher $cipher -named_curve $DEFAULT_CURVE

-done

-#--------------------------------------------------------------

-for curve in $ELLIPTIC_CURVE_LIST

-do

-    echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-c_cert $CLIENT_PEM -client_auth \

-	-cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve

-done

-fi

-#==============================================================

-# ECDH-RSA cipher suites require the server to have an ECC

-# certificate signed with RSA.

-CA_PEM=$CERTS_DIR/rsa1024TestCA.pem

-SERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pem

-CLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pem

-if [ "$1" = "ecdh-rsa" ]; then

-for cipher in $ECDH_RSA_CIPHER_LIST

-do

-    echo "Testing $cipher (with server authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-cipher $cipher

-    echo "Testing $cipher (with server and client authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-c_cert $CLIENT_PEM -client_auth \

-	-cipher $cipher

-done

-fi

-#==============================================================

-# ECDHE-RSA cipher suites require the server to have an RSA cert.

-CA_PEM=$CERTS_DIR/rsa1024TestCA.pem

-SERVER_PEM=$CERTS_DIR/rsa1024TestServer.pem

-CLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pem

-if [ "$1" = "ecdhe-rsa" ]; then

-for cipher in $ECDHE_RSA_CIPHER_LIST

-do

-    echo "Testing $cipher (with server authentication)"

-    echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-cipher $cipher -named_curve $DEFAULT_CURVE

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-cipher $cipher -named_curve $DEFAULT_CURVE

-    echo "Testing $cipher (with server and client authentication)"

-    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \

-	-cert $SERVER_PEM -server_auth \

-	-c_cert $CLIENT_PEM -client_auth \

-	-cipher $cipher -named_curve $DEFAULT_CURVE

-done

-fi

-#==============================================================

--- a/sys/src/ape/lib/openssl/demos/state_machine/Makefile

+++ /dev/null

@@ -1,9 +1,0 @@

-CFLAGS=-I../../include -Wall -Werror -g

-all: state_machine

-state_machine: state_machine.o

-	$(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto

-test: state_machine

-	./state_machine 10000 ../../apps/server.pem ../../apps/server.pem

--- a/sys/src/ape/lib/openssl/demos/state_machine/state_machine.c

+++ /dev/null

@@ -1,416 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

- * Nuron, a leader in hardware encryption technology, generously

- * sponsored the development of this demo by Ben Laurie.

- *

- * See http://www.nuron.com/.

- */

-/*

- * the aim of this demo is to provide a fully working state-machine

- * style SSL implementation, i.e. one where the main loop acquires

- * some data, then converts it from or to SSL by feeding it into the

- * SSL state machine. It then does any I/O required by the state machine

- * and loops.

- *

- * In order to keep things as simple as possible, this implementation

- * listens on a TCP socket, which it expects to get an SSL connection

- * on (for example, from s_client) and from then on writes decrypted

- * data to stdout and encrypts anything arriving on stdin. Verbose

- * commentary is written to stderr.

- *

- * This implementation acts as a server, but it can also be done for a client.  */

-#include <openssl/ssl.h>

-#include <assert.h>

-#include <unistd.h>

-#include <string.h>

-#include <openssl/err.h>

-#include <sys/types.h>

-#include <sys/socket.h>

-#include <netinet/in.h>

-/* die_unless is intended to work like assert, except that it happens

-   always, even if NDEBUG is defined. Use assert as a stopgap. */

-#define die_unless(x)	assert(x)

-typedef struct

-    {

-    SSL_CTX *pCtx;

-    BIO *pbioRead;

-    BIO *pbioWrite;

-    SSL *pSSL;

-    } SSLStateMachine;

-void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr)

-    {

-    unsigned long l;

-    fprintf(stderr,"%s\n",szErr);

-    while((l=ERR_get_error()))

-	{

-	char buf[1024];

-	ERR_error_string_n(l,buf,sizeof buf);

-	fprintf(stderr,"Error %lx: %s\n",l,buf);

-	}

-    }

-SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,

-				     const char *szKeyFile)

-    {

-    SSLStateMachine *pMachine=malloc(sizeof *pMachine);

-    int n;

-    die_unless(pMachine);

-    pMachine->pCtx=SSL_CTX_new(SSLv23_server_method());

-    die_unless(pMachine->pCtx);

-    n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,

-				   SSL_FILETYPE_PEM);

-    die_unless(n > 0);

-    n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);

-    die_unless(n > 0);

-    pMachine->pSSL=SSL_new(pMachine->pCtx);

-    die_unless(pMachine->pSSL);

-    pMachine->pbioRead=BIO_new(BIO_s_mem());

-    pMachine->pbioWrite=BIO_new(BIO_s_mem());

-    SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite);

-    SSL_set_accept_state(pMachine->pSSL);

-    return pMachine;

-    }

-void SSLStateMachine_read_inject(SSLStateMachine *pMachine,

-				 const unsigned char *aucBuf,int nBuf)

-    {

-    int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf);

-    /* If it turns out this assert fails, then buffer the data here

-     * and just feed it in in churn instead. Seems to me that it

-     * should be guaranteed to succeed, though.

-     */

-    assert(n == nBuf);

-    fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n);

-    }

-int SSLStateMachine_read_extract(SSLStateMachine *pMachine,

-				 unsigned char *aucBuf,int nBuf)

-    {

-    int n;

-    if(!SSL_is_init_finished(pMachine->pSSL))

-	{

-	fprintf(stderr,"Doing SSL_accept\n");

-	n=SSL_accept(pMachine->pSSL);

-	if(n == 0)

-	    fprintf(stderr,"SSL_accept returned zero\n");

-	if(n < 0)

-	    {

-	    int err;

-	    if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ)

-		{

-		fprintf(stderr,"SSL_accept wants more data\n");

-		return 0;

-		}

-	    SSLStateMachine_print_error(pMachine,"SSL_accept error");

-	    exit(7);

-	    }

-	return 0;

-	}

-    n=SSL_read(pMachine->pSSL,aucBuf,nBuf);

-    if(n < 0)

-	{

-	int err=SSL_get_error(pMachine->pSSL,n);

-	if(err == SSL_ERROR_WANT_READ)

-	    {

-	    fprintf(stderr,"SSL_read wants more data\n");

-	    return 0;

-	    }

-	SSLStateMachine_print_error(pMachine,"SSL_read error");

-	exit(8);

-	}

-    fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);

-    return n;

-    }

-int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine)

-    {

-    int n=BIO_pending(pMachine->pbioWrite);

-    if(n)

-	fprintf(stderr,"There is encrypted data available to write\n");

-    else

-	fprintf(stderr,"There is no encrypted data available to write\n");

-    return n;

-    }

-int SSLStateMachine_write_extract(SSLStateMachine *pMachine,

-				  unsigned char *aucBuf,int nBuf)

-    {

-    int n;

-    n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf);

-    fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n);

-    return n;

-    }

-void SSLStateMachine_write_inject(SSLStateMachine *pMachine,

-				  const unsigned char *aucBuf,int nBuf)

-    {

-    int n=SSL_write(pMachine->pSSL,aucBuf,nBuf);

-    /* If it turns out this assert fails, then buffer the data here

-     * and just feed it in in churn instead. Seems to me that it

-     * should be guaranteed to succeed, though.

-     */

-    assert(n == nBuf);

-    fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n);

-    }

-int OpenSocket(int nPort)

-    {

-    int nSocket;

-    struct sockaddr_in saServer;

-    struct sockaddr_in saClient;

-    int one=1;

-    int nSize;

-    int nFD;

-    int nLen;

-    nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);

-    if(nSocket < 0)

-	{

-	perror("socket");

-	exit(1);

-	}

-    if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0)

-	{

-	perror("setsockopt");

-        exit(2);

-	}

-    memset(&saServer,0,sizeof saServer);

-    saServer.sin_family=AF_INET;

-    saServer.sin_port=htons(nPort);

-    nSize=sizeof saServer;

-    if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0)

-	{

-	perror("bind");

-	exit(3);

-	}

-    if(listen(nSocket,512) < 0)

-	{

-	perror("listen");

-	exit(4);

-	}

-    nLen=sizeof saClient;

-    nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen);

-    if(nFD < 0)

-	{

-	perror("accept");

-	exit(5);

-	}

-    fprintf(stderr,"Incoming accepted on port %d\n",nPort);

-    return nFD;

-    }

-int main(int argc,char **argv)

-    {

-    SSLStateMachine *pMachine;

-    int nPort;

-    int nFD;

-    const char *szCertificateFile;

-    const char *szKeyFile;

-    char rbuf[1];

-    int nrbuf=0;

-    if(argc != 4)

-	{

-	fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]);

-	exit(6);

-	}

-    nPort=atoi(argv[1]);

-    szCertificateFile=argv[2];

-    szKeyFile=argv[3];

-    SSL_library_init();

-    OpenSSL_add_ssl_algorithms();

-    SSL_load_error_strings();

-    ERR_load_crypto_strings();

-    nFD=OpenSocket(nPort);

-    pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile);

-    for( ; ; )

-	{

-	fd_set rfds,wfds;

-	unsigned char buf[1024];

-	int n;

-	FD_ZERO(&rfds);

-	FD_ZERO(&wfds);

-	/* Select socket for input */

-	FD_SET(nFD,&rfds);

-	/* check whether there's decrypted data */

-	if(!nrbuf)

-	    nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);

-	/* if there's decrypted data, check whether we can write it */

-	if(nrbuf)

-	    FD_SET(1,&wfds);

-	/* Select socket for output */

-	if(SSLStateMachine_write_can_extract(pMachine))

-	    FD_SET(nFD,&wfds);

-	/* Select stdin for input */

-	FD_SET(0,&rfds);

-	/* Wait for something to do something */

-	n=select(nFD+1,&rfds,&wfds,NULL,NULL);

-	assert(n > 0);

-	/* Socket is ready for input */

-	if(FD_ISSET(nFD,&rfds))

-	    {

-	    n=read(nFD,buf,sizeof buf);

-	    if(n == 0)

-		{

-		fprintf(stderr,"Got EOF on socket\n");

-		exit(0);

-		}

-	    assert(n > 0);

-	    SSLStateMachine_read_inject(pMachine,buf,n);

-	    }

-	/* stdout is ready for output (and hence we have some to send it) */

-	if(FD_ISSET(1,&wfds))

-	    {

-	    assert(nrbuf == 1);

-	    buf[0]=rbuf[0];

-	    nrbuf=0;

-	    n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);

-	    if(n < 0)

-		{

-		SSLStateMachine_print_error(pMachine,"read extract failed");

-		break;

-		}

-	    assert(n >= 0);

-	    ++n;

-	    if(n > 0) /* FIXME: has to be true now */

-		{

-		int w;

-		w=write(1,buf,n);

-		/* FIXME: we should push back any unwritten data */

-		assert(w == n);

-		}

-	    }

-	/* Socket is ready for output (and therefore we have output to send) */

-	if(FD_ISSET(nFD,&wfds))

-	    {

-	    int w;

-	    n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf);

-	    assert(n > 0);

-	    w=write(nFD,buf,n);

-	    /* FIXME: we should push back any unwritten data */

-	    assert(w == n);

-	    }

-	/* Stdin is ready for input */

-	if(FD_ISSET(0,&rfds))

-	    {

-	    n=read(0,buf,sizeof buf);

-	    if(n == 0)

-		{

-		fprintf(stderr,"Got EOF on stdin\n");

-		exit(0);

-		}

-	    assert(n > 0);

-	    SSLStateMachine_write_inject(pMachine,buf,n);

-	    }

-	}

-    /* not reached */

-    return 0;

-    }

--- a/sys/src/ape/lib/openssl/demos/tunala/A-client.pem

+++ /dev/null

@@ -1,84 +1,0 @@

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 2 (0x2)

-        Signature Algorithm: md5WithRSAEncryption

-        Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/[email protected]

-        Validity

-            Not Before: Jan 16 05:19:30 2002 GMT

-            Not After : Jan 14 05:19:30 2012 GMT

-        Subject: C=NZ, L=Auckland, O=Mordor, OU=SSL grunt things, CN=tunala-client/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-            RSA Public Key: (1024 bit)

-                Modulus (1024 bit):

-                    00:b0:d3:56:5c:c8:7f:fb:f4:95:9d:04:84:4f:82:

-                    b7:a2:75:5c:81:48:8c:56:5d:52:ee:38:e1:5c:c8:

-                    9a:70:8e:72:f2:00:1c:17:ef:df:b7:06:59:82:04:

-                    f1:f6:49:11:12:a6:4d:cb:1e:ed:ac:59:1c:4a:d0:

-                    3d:de:e6:f2:8d:cd:39:c2:0f:e0:46:2f:db:cb:9f:

-                    47:f7:56:e7:f8:16:5f:68:71:fb:3a:e3:ab:d2:e5:

-                    05:b7:da:65:61:fe:6d:30:e4:12:a8:b5:c1:71:24:

-                    6b:aa:80:05:41:17:a0:8b:6e:8b:e6:04:cf:85:7b:

-                    2a:ac:a1:79:7d:f4:96:6e:77

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            X509v3 Basic Constraints:

-                CA:FALSE

-            Netscape Comment:

-                OpenSSL Generated Certificate

-            X509v3 Subject Key Identifier:

-                F8:43:CB:4F:4D:4F:BC:6E:52:1A:FD:F9:7B:E1:12:3F:A7:A3:BA:93

-            X509v3 Authority Key Identifier:

-                keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17

-                DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/[email protected]

-                serial:00

-    Signature Algorithm: md5WithRSAEncryption

-        8f:5f:0e:43:da:9d:61:43:7e:03:38:9a:e6:50:9d:42:e8:95:

-        34:49:75:ec:04:8d:5c:85:99:94:70:a0:e7:1f:1e:a0:8b:0f:

-        d6:e2:cb:f7:35:d9:96:72:bd:a6:e9:8d:4e:b1:e2:ac:97:7f:

-        2f:70:01:9d:aa:04:bc:d4:01:2b:63:77:a5:de:63:3c:a8:f5:

-        f2:72:af:ec:11:12:c0:d4:70:cf:71:a6:fb:e9:1d:b3:27:07:

-        aa:f2:b1:f3:87:d6:ab:8b:ce:c2:08:1b:3c:f9:ba:ff:77:71:

-        86:09:ef:9e:4e:04:06:63:44:e9:93:20:90:c7:2d:50:c6:50:

-        f8:66

------BEGIN CERTIFICATE-----

-MIID9TCCA16gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox

-EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp

-YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy

-dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3

-DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE5MzBaFw0xMjAxMTQw

-NTE5MzBaMIGHMQswCQYDVQQGEwJOWjERMA8GA1UEBxMIQXVja2xhbmQxDzANBgNV

-BAoTBk1vcmRvcjEZMBcGA1UECxMQU1NMIGdydW50IHRoaW5nczEWMBQGA1UEAxMN

-dHVuYWxhLWNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGZha2UuZG9tYWlu

-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw01ZcyH/79JWdBIRPgreidVyB

-SIxWXVLuOOFcyJpwjnLyABwX79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnC

-D+BGL9vLn0f3Vuf4Fl9ocfs646vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovm

-BM+FeyqsoXl99JZudwIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglghkgBhvhC

-AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPhD

-y09NT7xuUhr9+XvhEj+no7qTMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6V

-xCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3Rv

-bjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBB

-dXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQD

-ExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9t

-YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAI9fDkPanWFDfgM4muZQnULolTRJdewE

-jVyFmZRwoOcfHqCLD9biy/c12ZZyvabpjU6x4qyXfy9wAZ2qBLzUAStjd6XeYzyo

-9fJyr+wREsDUcM9xpvvpHbMnB6rysfOH1quLzsIIGzz5uv93cYYJ755OBAZjROmT

-IJDHLVDGUPhm

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXgIBAAKBgQCw01ZcyH/79JWdBIRPgreidVyBSIxWXVLuOOFcyJpwjnLyABwX

-79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnCD+BGL9vLn0f3Vuf4Fl9ocfs6

-46vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovmBM+FeyqsoXl99JZudwIDAQAB

-AoGAU4chbqbPvkclPYzaq2yGLlneHrwUft+KwzlfS6L/QVgo+CQRIUWQmjaHpaGM

-YtjVFcg1S1QK1bUqZjTEZT0XKhfbYmqW8yYTfbcDEbnY7esoYlvIlW8qRlPRlTBE

-utKrtZafmVhLgoNawYGD0aLZofPqpYjbGUlrC7nrem2vNJECQQDVLD3Qb+OlEMET

-73ApnJhYsK3e+G2LTrtjrS8y5zS4+Xv61XUqvdV7ogzRl0tpvSAmMOItVyoYadkB

-S3xSIWX9AkEA1Fm1FhkQSZwGG5rf4c6gMN71jJ6JE3/kocdVa0sUjRevIupo4XQ2

-Vkykxi84MRP8cfHqyjewq7Ozv3op2MGWgwJBAKemsb66IJjzAkaBav7u70nhOf0/

-+Dc1Zl7QF2y7NVW8sGrnccx5m+ot2lMD4AV6/kvK6jaqdKrapBZGnbGiHqkCQQDI

-T1r33mqz1R8Z2S2Jtzz6/McKf930a/dC+GLGVEutkILf39lRmytKmv/wB0jtWtoO

-rlJ5sLDSNzC+1cE1u997AkEAu3IrtGmLKiuS6kDj6W47m+iiTIsuSJtTJb1SbUaK

-fIoBNFxbvJYW6rUU9+PxpMRaEhzh5s24/jBOE+mlb17mRQ==

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/demos/tunala/A-server.pem

+++ /dev/null

@@ -1,84 +1,0 @@

-Certificate:

-    Data:

-        Version: 3 (0x2)

-        Serial Number: 1 (0x1)

-        Signature Algorithm: md5WithRSAEncryption

-        Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/[email protected]

-        Validity

-            Not Before: Jan 16 05:14:06 2002 GMT

-            Not After : Jan 14 05:14:06 2012 GMT

-        Subject: C=NZ, L=Wellington, O=Middle Earth, OU=SSL dev things, CN=tunala-server/[email protected]

-        Subject Public Key Info:

-            Public Key Algorithm: rsaEncryption

-            RSA Public Key: (1024 bit)

-                Modulus (1024 bit):

-                    00:a9:3e:62:87:97:13:6b:de:8f:bc:1d:0a:3f:65:

-                    0c:f9:76:a3:53:ce:97:30:27:0d:c6:df:72:1f:8d:

-                    5a:ce:58:23:6a:65:e5:e3:72:1a:8d:7f:fe:90:01:

-                    ea:42:f1:9f:6e:7b:0a:bd:eb:52:15:7b:f4:3d:9c:

-                    4e:db:74:29:2b:d1:81:9d:b9:9e:18:2b:87:e1:da:

-                    50:20:3c:59:6c:c9:83:3e:2c:11:0b:78:1e:03:f4:

-                    56:3a:db:95:6a:75:33:85:a9:7b:cc:3c:4a:67:96:

-                    f2:24:b2:a0:cb:2e:cc:52:18:16:6f:44:d9:29:64:

-                    07:2e:fb:56:cc:7c:dc:a2:d7

-                Exponent: 65537 (0x10001)

-        X509v3 extensions:

-            X509v3 Basic Constraints:

-                CA:FALSE

-            Netscape Comment:

-                OpenSSL Generated Certificate

-            X509v3 Subject Key Identifier:

-                70:AC:7A:B5:6E:97:C2:82:AF:11:9E:32:CB:8D:48:49:93:B7:DC:22

-            X509v3 Authority Key Identifier:

-                keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17

-                DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/[email protected]

-                serial:00

-    Signature Algorithm: md5WithRSAEncryption

-        2e:cb:a3:cd:6d:a8:9d:d1:dc:e5:f0:e0:27:7e:4b:5a:90:a8:

-        85:43:f0:05:f7:04:43:d7:5f:d1:a5:8f:5c:58:eb:fc:da:c6:

-        7c:e0:0b:2b:98:72:95:f6:79:48:96:7a:fa:0c:6b:09:ec:c6:

-        8c:91:74:45:9f:8f:0f:16:78:e3:66:14:fa:1e:f4:f0:23:ec:

-        cd:a9:52:77:20:4d:c5:05:2c:52:b6:7b:f3:42:33:fd:90:1f:

-        3e:88:6f:9b:23:61:c8:80:3b:e6:57:84:2e:f7:26:c7:35:ed:

-        00:8b:08:30:9b:aa:21:83:b6:6d:b8:7c:8a:9b:2a:ef:79:3d:

-        96:31

------BEGIN CERTIFICATE-----

-MIID+zCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox

-EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp

-YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy

-dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3

-DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE0MDZaFw0xMjAxMTQw

-NTE0MDZaMIGNMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjEVMBMG

-A1UEChMMTWlkZGxlIEVhcnRoMRcwFQYDVQQLEw5TU0wgZGV2IHRoaW5nczEWMBQG

-A1UEAxMNdHVuYWxhLXNlcnZlcjEhMB8GCSqGSIb3DQEJARYSc2VydmVyQGZha2Uu

-ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPmKHlxNr3o+8HQo/

-ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXjchqNf/6QAepC8Z9uewq961IVe/Q9nE7b

-dCkr0YGduZ4YK4fh2lAgPFlsyYM+LBELeB4D9FY625VqdTOFqXvMPEpnlvIksqDL

-LsxSGBZvRNkpZAcu+1bMfNyi1wIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglg

-hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O

-BBYEFHCserVul8KCrxGeMsuNSEmTt9wiMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzh

-RaHTCJ6VxCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2Vs

-bGluZ3RvbjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNh

-dGlvbiBBdXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkw

-FwYDVQQDExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZh

-a2UuZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAC7Lo81tqJ3R3OXw4Cd+S1qQ

-qIVD8AX3BEPXX9Glj1xY6/zaxnzgCyuYcpX2eUiWevoMawnsxoyRdEWfjw8WeONm

-FPoe9PAj7M2pUncgTcUFLFK2e/NCM/2QHz6Ib5sjYciAO+ZXhC73Jsc17QCLCDCb

-qiGDtm24fIqbKu95PZYx

------END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIICXAIBAAKBgQCpPmKHlxNr3o+8HQo/ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXj

-chqNf/6QAepC8Z9uewq961IVe/Q9nE7bdCkr0YGduZ4YK4fh2lAgPFlsyYM+LBEL

-eB4D9FY625VqdTOFqXvMPEpnlvIksqDLLsxSGBZvRNkpZAcu+1bMfNyi1wIDAQAB

-AoGANCwqHZhiAU/TyW6+WPqivEhpYw19p/dyFMuPF9DwnEmpaUROUQY8z0AUznn4

-qHhp6Jn/nrprTHowucl0ucweYIYVxZoUiUDFpxdFUbzMdFvo6HcyV1Pe4Rt81HaY

-KYWrTZ6PaPtN65hLms8NhPEdGcGAFlY1owYv4QNGq2bU1JECQQDd32LM0NSfyGmK

-4ziajqGcvzK9NO2XyV/nJsGlJZNgMh2zm1t7yR28l/6Q2uyU49cCN+2aYULZCAfs

-taNvxBspAkEAw0alNub+xj2AVQvaxOB1sGfKzsJjHCzKIxUXn/tJi3j0+2asmkBZ

-Umx1MWr9jKQBnCMciCRUbnMEZiElOxCN/wJAfAeQl6Z19gx206lJzzzEo3dOye54

-k02DSxijT8q9pBzf9bN3ZK987BybtiZr8p+bZiYVsSOF1wViSLURdD1QYQJAIaMU

-qH1n24wShBPTrmAfxbBLTgxL+Dl65Eoo1KT7iSvfv0JzbuqwuDL4iPeuD0DdCiE+

-M/FWHeRwGIuTFzaFzwJBANKwx0jZS/h093w9g0Clw6UzeA1P5VcAt9y+qMC9hO3c

-4KXwIxQAt9yRaFLpiIR9do5bjjKNnMguf3aO/XRSDQM=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/demos/tunala/CA.pem

+++ /dev/null

@@ -1,24 +1,0 @@

------BEGIN CERTIFICATE-----

-MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox

-EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp

-YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy

-dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3

-DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTA5NTlaFw0xMjAxMTQw

-NTA5NTlaMIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoG

-A1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3Jp

-dHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNr

-b3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluMIGf

-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7QdDfFIrJn3X24hKmpkyk3TG0Ivxd

-K2wWmDPXq1wjr8lUTwrA6hM5Ba9N36jLieWpXhviLOWu9DBza5GmtgCuXloATKTC

-94xOdKHlciTVujG3wDlLDB5e710Kar84nnj6VueL1RyZ0bmP5PANa4mbGW9Tqc7J

-CkBTTW2y9d0SgQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEn7RXISxMzhRaHTCJ6V

-xCxtVT8XMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6VxCxtVT8XoYG6pIG3

-MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoGA1UEChMz

-UmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3JpdHkgKFJJ

-QUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNrb3YgYWwt

-VHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluggEAMAwGA1Ud

-EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYQo95V/NY+eKxYxkhibZiUQygph+

-gTfgbDG20MsnH6+8//w5ArHauFCgDrf0P2VyACgq+N4pBTWFGaAaLwbjKy9HCe2E

-j9C91tO1CqDS4MJkDB5AP13FTkK6fP1ZCiTQranOAp3DlGWTTWsFVyW5kVfQ9diS

-ZOyJZ9Fit5XM2X0=

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/demos/tunala/INSTALL

+++ /dev/null

@@ -1,107 +1,0 @@

-There are two ways to build this code;

-(1) Manually

-(2) Using all-singing all-dancing (all-confusing) autotools, ie. autoconf,

-automake, and their little friends (autoheader, etc).

-=================

-Building Manually

-=================

-There is a basic "Makefile" in this directory that gets moved out of the way and

-ignored when building with autoconf et al. This Makefile is suitable for

-building tunala on Linux using gcc. Any other platform probably requires some

-tweaking. Here are the various bits you might need to do if you want to build

-this way and the default Makefile isn't sufficient;

-* Compiler: Edit the "CC" definition in Makefile

-* Headers, features: tunala.h controls what happens in the non-autoconf world.

-  It, by default, assumes the system has *everything* (except autoconf's

-  "config.h") so if a target system is missing something it must define the

-  appropriate "NO_***" symbols in CFLAGS. These include;

-  - NO_HAVE_UNISTD_H, NO_HAVE_FCNTL_H, NO_HAVE_LIMITS_H

-    Indicates the compiling system doesn't have (or need) these header files.

-  - NO_HAVE_STRSTR, NO_HAVE_STRTOUL

-    Indicates the compiling system doesn't have these functions. Replacements

-    are compiled and used in breakage.c

-  - NO_HAVE_SELECT, NO_HAVE_SOCKET

-    Pointless symbols - these indicate select() and/or socket() are missing in

-    which case the program won't compile anyway.

-  If you want to specify any of these, add them with "-D" prefixed to each in

-  the CFLAGS definition in Makefile.

-* Compilation flags: edit DEBUG_FLAGS and/or CFLAGS directly to control the

-  flags passed to the compiler. This can also be used to change the degree of

-  optimisation.

-* Linker flags: some systems (eg. Solaris) require extra linker flags such as;

-  -ldl, -lsocket, -lnsl, etc. If unsure, bring up the man page for whichever

-  function is "undefined" when the linker fails - that usually indicates what

-  you need to add. Make changes to the LINK_FLAGS symbol.

-* Linker command: if a different linker syntax or even a different program is

-  required to link, edit the linker line directly in the "tunala:" target

-  definition - it currently assumes the "CC" (compiler) program is used to link.

-======================

-Building Automagically

-======================

-Automagic building is handled courtesy of autoconf, automake, etc. There are in

-fact two steps required to build, and only the first has to be done on a system

-with these tools installed (and if I was prepared to bloat out the CVS

-repository, I could store these extra files, but I'm not).

-First step: "autogunk.sh"

--------------------------

-The "./autogunk.sh" script will call all the necessary autotool commands to

-create missing files and run automake and autoconf. The result is that a

-"./configure" script should be generated and a "Makefile.in" generated from the

-supplied "Makefile.am". NB: This script also moves the "manual" Makefile (see

-above) out of the way and calls it "Makefile.plain" - the "ungunk" script

-reverses this to leave the directory it was previously.

-Once "ungunk" has been run, the resulting directory should be able to build on

-other systems without autoconf, automake, or libtool. Which is what the second

-step describes;

-Second step: "./configure"

---------------------------

-The second step is to run the generated "./configure" script to create a

-config.h header for your system and to generate a "Makefile" (generated from

-"Makefile.in") tweaked to compile on your system. This is the standard sort of

-thing you see in GNU packages, for example, and the standard tricks also work.

-Eg. to override "configure"'s choice of compiler, set the CC environment

-variable prior to running configure, eg.

-    CC=gcc ./configure

-would cause "gcc" to be used even if there is an otherwise preferable (to

-autoconf) native compiler on your system.

-After this run "make" and it should build the "tunala" executable.

-Notes

------

-- Some versions of autoconf (or automake?) generate a Makefile syntax that gives

-  trouble to some "make" programs on some systems (eg. OpenBSD). If this

-  happens, either build 'Manually' (see above) or use "gmake" instead of "make".

-  I don't like this either but like even less the idea of sifting into all the

-  script magic crud that's involved.

-- On a solaris system I tried, the "configure" script specified some broken

-  compiler flags in the resulting Makefile that don't even get echoed to

-  stdout/err when the error happens (evil!). If this happens, go into the

-  generated Makefile, find the two affected targets ("%.o:" and "%.lo"), and

-  remove the offending hidden option in the $(COMPILE) line all the sludge after

-  the two first lines of script (ie. after the "echo" and the "COMPILE" lines).

-  NB: This will probably only function if "--disable-shared" was used, otherwise

-  who knows what would result ...

--- a/sys/src/ape/lib/openssl/demos/tunala/Makefile

+++ /dev/null

@@ -1,41 +1,0 @@

-# Edit these to suit

-#

-# Oh yeah, and please read the README too.

-SSL_HOMEDIR=../..

-SSL_INCLUDEDIR=$(SSL_HOMEDIR)/include

-SSL_LIBDIR=$(SSL_HOMEDIR)

-RM=rm -f

-CC=gcc

-DEBUG_FLAGS=-g -ggdb3 -Wall -Wshadow

-INCLUDE_FLAGS=-I$(SSL_INCLUDEDIR)

-CFLAGS=$(DEBUG_FLAGS) $(INCLUDE_FLAGS) -DNO_CONFIG_H

-COMPILE=$(CC) $(CFLAGS) -c

-# Edit, particularly the "-ldl" if not building with "dlfcn" support

-LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl

-SRCS=buffer.c cb.c ip.c sm.c tunala.c breakage.c

-OBJS=buffer.o cb.o ip.o sm.o tunala.o breakage.o

-TARGETS=tunala

-default: $(TARGETS)

-clean:

-	$(RM) $(OBJS) $(TARGETS) *.bak core

-.c.o:

-	$(COMPILE) $<

-tunala: $(OBJS)

-	$(CC) -o tunala $(OBJS) $(LINK_FLAGS)

-# Extra dependencies, should really use makedepend

-buffer.o: buffer.c tunala.h

-cb.o: cb.c tunala.h

-ip.o: ip.c tunala.h

-sm.o: sm.c tunala.h

-tunala.o: tunala.c tunala.h

--- a/sys/src/ape/lib/openssl/demos/tunala/Makefile.am

+++ /dev/null

@@ -1,7 +1,0 @@

-# Our includes come from the OpenSSL build-tree we're in

-INCLUDES		= -I$(top_builddir)/../../include

-bin_PROGRAMS		= tunala

-tunala_SOURCES		= tunala.c buffer.c cb.c ip.c sm.c breakage.c

-tunala_LDADD		= -L$(top_builddir)/../.. -lssl -lcrypto

--- a/sys/src/ape/lib/openssl/demos/tunala/README

+++ /dev/null

@@ -1,233 +1,0 @@

-This is intended to be an example of a state-machine driven SSL application. It

-acts as an SSL tunneler (functioning as either the server or client half,

-depending on command-line arguments). *PLEASE* read the comments in tunala.h

-before you treat this stuff as anything more than a curiosity - YOU HAVE BEEN

-WARNED!! There, that's the draconian bit out of the way ...

-Why "tunala"??

---------------

-I thought I asked you to read tunala.h?? :-)

-Show me

--------

-If you want to simply see it running, skip to the end and see some example

-command-line arguments to demonstrate with.

-Where to look and what to do?

------------------------------

-The code is split up roughly coinciding with the detaching of an "abstract" SSL

-state machine (which is the purpose of all this) and its surrounding application

-specifics. This is primarily to make it possible for me to know when I could cut

-corners and when I needed to be rigorous (or at least maintain the pretense as

-such :-).

-Network stuff:

-Basically, the network part of all this is what is supposed to be abstracted out

-of the way. The intention is to illustrate one way to stick OpenSSL's mechanisms

-inside a little memory-driven sandbox and operate it like a pure state-machine.

-So, the network code is inside both ip.c (general utility functions and gory

-IPv4 details) and tunala.c itself, which takes care of application specifics

-like the main select() loop. The connectivity between the specifics of this

-application (TCP/IP tunneling and the associated network code) and the

-underlying abstract SSL state machine stuff is through the use of the "buffer_t"

-type, declared in tunala.h and implemented in buffer.c.

-State machine:

-Which leaves us, generally speaking, with the abstract "state machine" code left

-over and this is sitting inside sm.c, with declarations inside tunala.h. As can

-be seen by the definition of the state_machine_t structure and the associated

-functions to manipulate it, there are the 3 OpenSSL "handles" plus 4 buffer_t

-structures dealing with IO on both the encrypted and unencrypted sides ("dirty"

-and "clean" respectively). The "SSL" handle is what facilitates the reading and

-writing of the unencrypted (tunneled) data. The two "BIO" handles act as the

-read and write channels for encrypted tunnel traffic - in other applications

-these are often socket BIOs so that the OpenSSL framework operates with the

-network layer directly. In this example, those two BIOs are memory BIOs

-(BIO_s_mem()) so that the sending and receiving of the tunnel traffic stays

-within the state-machine, and we can handle where this gets send to (or read

-from) ourselves.

-Why?

-----

-If you take a look at the "state_machine_t" section of tunala.h and the code in

-sm.c, you will notice that nothing related to the concept of 'transport' is

-involved. The binding to TCP/IP networking occurs in tunala.c, specifically

-within the "tunala_item_t" structure that associates a state_machine_t object

-with 4 file-descriptors. The way to best see where the bridge between the

-outside world (TCP/IP reads, writes, select()s, file-descriptors, etc) and the

-state machine is, is to examine the "tunala_item_io()" function in tunala.c.

-This is currently around lines 641-732 but of course could be subject to change.

-And...?

--------

-Well, although that function is around 90 lines of code, it could easily have

-been a lot less only I was trying to address an easily missed "gotcha" (item (2)

-below). The main() code that drives the select/accept/IO loop initialises new

-tunala_item_t structures when connections arrive, and works out which

-file-descriptors go where depending on whether we're an SSL client or server

-(client --> accepted connection is clean and proxied is dirty, server -->

-accepted connection is dirty and proxied is clean). What that tunala_item_io()

-function is attempting to do is 2 things;

-  (1) Perform all reads and writes on the network directly into the

-      state_machine_t's buffers (based on a previous select() result), and only

-      then allow the abstact state_machine_t to "churn()" using those buffers.

-      This will cause the SSL machine to consume as much input data from the two

-      "IN" buffers as possible, and generate as much output data into the two

-      "OUT" buffers as possible. Back up in the main() function, the next main

-      loop loop will examine these output buffers and select() for writability

-      on the corresponding sockets if the buffers are non-empty.

-  (2) Handle the complicated tunneling-specific issue of cascading "close"s.

-      This is the reason for most of the complexity in the logic - if one side

-      of the tunnel is closed, you can't simply close the other side and throw

-      away the whole thing - (a) there may still be outgoing data on the other

-      side of the tunnel that hasn't been sent yet, (b) the close (or things

-      happening during the close) may cause more data to be generated that needs

-      sending on the other side. Of course, this logic is complicated yet futher

-      by the fact that it's different depending on which side closes first :-)

-      state_machine_close_clean() will indicate to the state machine that the

-      unencrypted side of the tunnel has closed, so any existing outgoing data

-      needs to be flushed, and the SSL stream needs to be closed down using the

-      appropriate shutdown sequence. state_machine_close_dirty() is simpler

-      because it indicates that the SSL stream has been disconnected, so all

-      that remains before closing the other side is to flush out anything that

-      remains and wait for it to all be sent.

-Anyway, with those things in mind, the code should be a little easier to follow

-in terms of "what is *this* bit supposed to achieve??!!".

-How might this help?

---------------------

-Well, the reason I wrote this is that there seemed to be rather a flood of

-questions of late on the openssl-dev and openssl-users lists about getting this

-whole IO logic thing sorted out, particularly by those who were trying to either

-use non-blocking IO, or wanted SSL in an environment where "something else" was

-handling the network already and they needed to operate in memory only. This

-code is loosely based on some other stuff I've been working on, although that

-stuff is far more complete, far more dependant on a whole slew of other

-network/framework code I don't want to incorporate here, and far harder to look

-at for 5 minutes and follow where everything is going. I will be trying over

-time to suck in a few things from that into this demo in the hopes it might be

-more useful, and maybe to even make this demo usable as a utility of its own.

-Possible things include:

-  * controlling multiple processes/threads - this can be used to combat

-    latencies and get passed file-descriptor limits on some systems, and it uses

-    a "controller" process/thread that maintains IPC links with the

-    processes/threads doing the real work.

-  * cert verification rules - having some say over which certs get in or out :-)

-  * control over SSL protocols and cipher suites

-  * A few other things you can already do in s_client and s_server :-)

-  * Support (and control over) session resuming, particularly when functioning

-    as an SSL client.

-If you have a particular environment where this model might work to let you "do

-SSL" without having OpenSSL be aware of the transport, then you should find you

-could use the state_machine_t structure (or your own variant thereof) and hook

-it up to your transport stuff in much the way tunala.c matches it up with those

-4 file-descriptors. The state_machine_churn(), state_machine_close_clean(), and

-state_machine_close_dirty() functions are the main things to understand - after

-that's done, you just have to ensure you're feeding and bleeding the 4

-state_machine buffers in a logical fashion. This state_machine loop handles not

-only handshakes and normal streaming, but also renegotiates - there's no special

-handling required beyond keeping an eye on those 4 buffers and keeping them in

-sync with your outer "loop" logic. Ie. if one of the OUT buffers is not empty,

-you need to find an opportunity to try and forward its data on. If one of the IN

-buffers is not full, you should keep an eye out for data arriving that should be

-placed there.

-This approach could hopefully also allow you to run the SSL protocol in very

-different environments. As an example, you could support encrypted event-driven

-IPC where threads/processes pass messages to each other inside an SSL layer;

-each IPC-message's payload would be in fact the "dirty" content, and the "clean"

-payload coming out of the tunnel at each end would be the real intended message.

-Likewise, this could *easily* be made to work across unix domain sockets, or

-even entirely different network/comms protocols.

-This is also a quick and easy way to do VPN if you (and the remote network's

-gateway) support virtual network devices that are encapsulted in a single

-network connection, perhaps PPP going through an SSL tunnel?

-Suggestions

------------

-Please let me know if you find this useful, or if there's anything wrong or

-simply too confusing about it. Patches are also welcome, but please attach a

-description of what it changes and why, and "diff -urN" format is preferred.

-Mail to [email protected] should do the trick.

-Example

--------

-Here is an example of how to use "tunala" ...

-First, it's assumed that OpenSSL has already built, and that you are building

-inside the ./demos/tunala/ directory. If not - please correct the paths and

-flags inside the Makefile. Likewise, if you want to tweak the building, it's

-best to try and do so in the makefile (eg. removing the debug flags and adding

-optimisation flags).

-Secondly, this code has mostly only been tested on Linux. However, some

-autoconf/etc support has been added and the code has been compiled on openbsd

-and solaris using that.

-Thirdly, if you are Win32, you probably need to do some *major* rewriting of

-ip.c to stand a hope in hell. Good luck, and please mail me the diff if you do

-this, otherwise I will take a look at another time. It can certainly be done,

-but it's very non-POSIXy.

-See the INSTALL document for details on building.

-Now, if you don't have an executable "tunala" compiled, go back to "First,...".

-Rinse and repeat.

-Inside one console, try typing;

-(i)  ./tunala -listen localhost:8080 -proxy localhost:8081 -cacert CA.pem \

-              -cert A-client.pem -out_totals -v_peer -v_strict

-In another console, type;

-(ii) ./tunala -listen localhost:8081 -proxy localhost:23 -cacert CA.pem \

-              -cert A-server.pem -server 1 -out_totals -v_peer -v_strict

-Now if you open another console and "telnet localhost 8080", you should be

-tunneled through to the telnet service on your local machine (if it's running -

-you could change it to port "22" and tunnel ssh instead if you so desired). When

-you logout of the telnet session, the tunnel should cleanly shutdown and show

-you some traffic stats in both consoles. Feel free to experiment. :-)

-Notes:

- - the format for the "-listen" argument can skip the host part (eg. "-listen

-   8080" is fine). If you do, the listening socket will listen on all interfaces

-   so you can connect from other machines for example. Using the "localhost"

-   form listens only on 127.0.0.1 so you can only connect locally (unless, of

-   course, you've set up weird stuff with your networking in which case probably

-   none of the above applies).

- - ./tunala -? gives you a list of other command-line options, but tunala.c is

-   also a good place to look :-)

--- a/sys/src/ape/lib/openssl/demos/tunala/autogunk.sh

+++ /dev/null

@@ -1,25 +1,0 @@

-#!/bin/sh

-# This script tries to follow the "GNU way" w.r.t. the autobits.

-# This does of course generate a number of irritating files.

-# Try to get over it (I am getting there myself).

-# This should generate any missing crud, and then run autoconf which should turn

-# configure.in into a "./configure" script and "Makefile.am" into a

-# "Makefile.in". Then running "./configure" should turn "Makefile.in" into

-# "Makefile" and should generate the config.h containing your systems various

-# settings. I know ... what a hassle ...

-# Also, sometimes these autobits things generate bizarre output (looking like

-# errors). So I direct everything "elsewhere" ...

-(aclocal

-autoheader

-libtoolize --copy --force

-automake --foreign --add-missing --copy

-autoconf) 1> /dev/null 2>&1

-# Move the "no-autotools" Makefile out of the way

-if test ! -f Makefile.plain; then

-	mv Makefile Makefile.plain

-fi

--- a/sys/src/ape/lib/openssl/demos/tunala/autoungunk.sh

+++ /dev/null

@@ -1,18 +1,0 @@

-#!/bin/sh

-# This script tries to clean up as much as is possible from whatever diabolical

-# mess has been left in the directory thanks to autoconf, automake, and their

-# friends.

-if test -f Makefile.plain; then

-	if test -f Makefile; then

-		make distclean

-	fi

-	mv Makefile.plain Makefile

-else

-	make clean

-fi

-rm -f aclocal.m4 config.* configure install-sh \

-	missing mkinstalldirs stamp-h.* Makefile.in \

-	ltconfig ltmain.sh

--- a/sys/src/ape/lib/openssl/demos/tunala/breakage.c

+++ /dev/null

@@ -1,66 +1,0 @@

-#include "tunala.h"

-int int_strtoul(const char *str, unsigned long *val)

-{

-#ifdef HAVE_STRTOUL

-	char *tmp;

-	unsigned long ret = strtoul(str, &tmp, 10);

-	if((str == tmp) || (*tmp != '\0'))

-		/* The value didn't parse cleanly */

-		return 0;

-	if(ret == ULONG_MAX)

-		/* We hit a limit */

-		return 0;

-	*val = ret;

-	return 1;

-#else

-	char buf[2];

-	unsigned long ret = 0;

-	buf[1] = '\0';

-	if(str == '\0')

-		/* An empty string ... */

-		return 0;

-	while(*str != '\0') {

-		/* We have to multiply 'ret' by 10 before absorbing the next

-		 * digit. If this will overflow, catch it now. */

-		if(ret && (((ULONG_MAX + 10) / ret) < 10))

-			return 0;

-		ret *= 10;

-		if(!isdigit(*str))

-			return 0;

-		buf[0] = *str;

-		ret += atoi(buf);

-		str++;

-	}

-	*val = ret;

-	return 1;

-#endif

-}

-#ifndef HAVE_STRSTR

-char *int_strstr(const char *haystack, const char *needle)

-{

-	const char *sub_haystack = haystack, *sub_needle = needle;

-	unsigned int offset = 0;

-	if(!needle)

-		return haystack;

-	if(!haystack)

-		return NULL;

-	while((*sub_haystack != '\0') && (*sub_needle != '\0')) {

-		if(sub_haystack[offset] == sub_needle) {

-			/* sub_haystack is still a candidate */

-			offset++;

-			sub_needle++;

-		} else {

-			/* sub_haystack is no longer a possibility */

-			sub_haystack++;

-			offset = 0;

-			sub_needle = needle;

-		}

-	}

-	if(*sub_haystack == '\0')

-		/* Found nothing */

-		return NULL;

-	return sub_haystack;

-}

-#endif

--- a/sys/src/ape/lib/openssl/demos/tunala/buffer.c

+++ /dev/null

@@ -1,205 +1,0 @@

-#include "tunala.h"

-#ifndef NO_BUFFER

-void buffer_init(buffer_t *buf)

-{

-	buf->used = 0;

-	buf->total_in = buf->total_out = 0;

-}

-void buffer_close(buffer_t *buf)

-{

-	/* Our data is static - nothing needs "release", just reset it */

-	buf->used = 0;

-}

-/* Code these simple ones in compact form */

-unsigned int buffer_used(buffer_t *buf) {

-	return buf->used; }

-unsigned int buffer_unused(buffer_t *buf) {

-	return (MAX_DATA_SIZE - buf->used); }

-int buffer_full(buffer_t *buf) {

-	return (buf->used == MAX_DATA_SIZE ? 1 : 0); }

-int buffer_notfull(buffer_t *buf) {

-	return (buf->used < MAX_DATA_SIZE ? 1 : 0); }

-int buffer_empty(buffer_t *buf) {

-	return (buf->used == 0 ? 1 : 0); }

-int buffer_notempty(buffer_t *buf) {

-	return (buf->used > 0 ? 1 : 0); }

-unsigned long buffer_total_in(buffer_t *buf) {

-	return buf->total_in; }

-unsigned long buffer_total_out(buffer_t *buf) {

-	return buf->total_out; }

-/* These 3 static (internal) functions don't adjust the "total" variables as

- * it's not sure when they're called how it should be interpreted. Only the

- * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these

- * values. */

-#if 0 /* To avoid "unused" warnings */

-static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,

-		unsigned int size)

-{

-	unsigned int added = MAX_DATA_SIZE - buf->used;

-	if(added > size)

-		added = size;

-	if(added == 0)

-		return 0;

-	memcpy(buf->data + buf->used, ptr, added);

-	buf->used += added;

-	buf->total_in += added;

-	return added;

-}

-static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)

-{

-	unsigned int moved, tomove = from->used;

-	if((int)tomove > cap)

-		tomove = cap;

-	if(tomove == 0)

-		return 0;

-	moved = buffer_adddata(to, from->data, tomove);

-	if(moved == 0)

-		return 0;

-	buffer_takedata(from, NULL, moved);

-	return moved;

-}

-#endif

-static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,

-		unsigned int size)

-{

-	unsigned int taken = buf->used;

-	if(taken > size)

-		taken = size;

-	if(taken == 0)

-		return 0;

-	if(ptr)

-		memcpy(ptr, buf->data, taken);

-	buf->used -= taken;

-	/* Do we have to scroll? */

-	if(buf->used > 0)

-		memmove(buf->data, buf->data + taken, buf->used);

-	return taken;

-}

-#ifndef NO_IP

-int buffer_from_fd(buffer_t *buf, int fd)

-{

-	int toread = buffer_unused(buf);

-	if(toread == 0)

-		/* Shouldn't be called in this case! */

-		abort();

-	toread = read(fd, buf->data + buf->used, toread);

-	if(toread > 0) {

-		buf->used += toread;

-		buf->total_in += toread;

-	}

-	return toread;

-}

-int buffer_to_fd(buffer_t *buf, int fd)

-{

-	int towrite = buffer_used(buf);

-	if(towrite == 0)

-		/* Shouldn't be called in this case! */

-		abort();

-	towrite = write(fd, buf->data, towrite);

-	if(towrite > 0) {

-		buffer_takedata(buf, NULL, towrite);

-		buf->total_out += towrite;

-	}

-	return towrite;

-}

-#endif /* !defined(NO_IP) */

-#ifndef NO_OPENSSL

-static void int_ssl_check(SSL *s, int ret)

-{

-	int e = SSL_get_error(s, ret);

-	switch(e) {

-		/* These seem to be harmless and already "dealt with" by our

-		 * non-blocking environment. NB: "ZERO_RETURN" is the clean

-		 * "error" indicating a successfully closed SSL tunnel. We let

-		 * this happen because our IO loop should not appear to have

-		 * broken on this condition - and outside the IO loop, the

-		 * "shutdown" state is checked. */

-	case SSL_ERROR_NONE:

-	case SSL_ERROR_WANT_READ:

-	case SSL_ERROR_WANT_WRITE:

-	case SSL_ERROR_WANT_X509_LOOKUP:

-	case SSL_ERROR_ZERO_RETURN:

-		return;

-		/* These seem to be indications of a genuine error that should

-		 * result in the SSL tunnel being regarded as "dead". */

-	case SSL_ERROR_SYSCALL:

-	case SSL_ERROR_SSL:

-		SSL_set_app_data(s, (char *)1);

-		return;

-	default:

-		break;

-	}

-	/* For any other errors that (a) exist, and (b) crop up - we need to

-	 * interpret what to do with them - so "politely inform" the caller that

-	 * the code needs updating here. */

-	abort();

-}

-void buffer_from_SSL(buffer_t *buf, SSL *ssl)

-{

-	int ret;

-	if(!ssl || buffer_full(buf))

-		return;

-	ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));

-	if(ret > 0) {

-		buf->used += ret;

-		buf->total_in += ret;

-	}

-	if(ret < 0)

-		int_ssl_check(ssl, ret);

-}

-void buffer_to_SSL(buffer_t *buf, SSL *ssl)

-{

-	int ret;

-	if(!ssl || buffer_empty(buf))

-		return;

-	ret = SSL_write(ssl, buf->data, buf->used);

-	if(ret > 0) {

-		buffer_takedata(buf, NULL, ret);

-		buf->total_out += ret;

-	}

-	if(ret < 0)

-		int_ssl_check(ssl, ret);

-}

-void buffer_from_BIO(buffer_t *buf, BIO *bio)

-{

-	int ret;

-	if(!bio || buffer_full(buf))

-		return;

-	ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));

-	if(ret > 0) {

-		buf->used += ret;

-		buf->total_in += ret;

-	}

-}

-void buffer_to_BIO(buffer_t *buf, BIO *bio)

-{

-	int ret;

-	if(!bio || buffer_empty(buf))

-		return;

-	ret = BIO_write(bio, buf->data, buf->used);

-	if(ret > 0) {

-		buffer_takedata(buf, NULL, ret);

-		buf->total_out += ret;

-	}

-}

-#endif /* !defined(NO_OPENSSL) */

-#endif /* !defined(NO_BUFFER) */

--- a/sys/src/ape/lib/openssl/demos/tunala/cb.c

+++ /dev/null

@@ -1,143 +1,0 @@

-#include "tunala.h"

-#ifndef NO_OPENSSL

-/* For callbacks generating output, here are their file-descriptors. */

-static FILE *fp_cb_ssl_info = NULL;

-static FILE *fp_cb_ssl_verify = NULL;

-/* Output level:

- *     0 = nothing,

- *     1 = minimal, just errors,

- *     2 = minimal, all steps,

- *     3 = detail, all steps */

-static unsigned int cb_ssl_verify_level = 1;

-/* Other static rubbish (to mirror s_cb.c where required) */

-static int int_verify_depth = 10;

-/* This function is largely borrowed from the one used in OpenSSL's "s_client"

- * and "s_server" utilities. */

-void cb_ssl_info(const SSL *s, int where, int ret)

-{

-	const char *str1, *str2;

-	int w;

-	if(!fp_cb_ssl_info)

-		return;

-	w = where & ~SSL_ST_MASK;

-	str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?

-				"SSL_accept" : "undefined")),

-	str2 = SSL_state_string_long(s);

-	if (where & SSL_CB_LOOP)

-		fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);

-	else if (where & SSL_CB_EXIT) {

-		if (ret == 0)

-			fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);

-/* In a non-blocking model, we get a few of these "error"s simply because we're

- * calling "reads" and "writes" on the state-machine that are virtual NOPs

- * simply to avoid wasting the time seeing if we *should* call them. Removing

- * this case makes the "-out_state" output a lot easier on the eye. */

-#if 0

-		else if (ret < 0)

-			fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);

-#endif

-	}

-}

-void cb_ssl_info_set_output(FILE *fp)

-{

-	fp_cb_ssl_info = fp;

-}

-static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";

-static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";

-static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";

-static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";

-static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";

-/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */

-int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)

-{

-	char buf1[256]; /* Used for the subject name */

-	char buf2[256]; /* Used for the issuer name */

-	const char *reason = NULL; /* Error reason (if any) */

-	X509 *err_cert;

-	int err, depth;

-	if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))

-		return ok;

-	err_cert = X509_STORE_CTX_get_current_cert(ctx);

-	err = X509_STORE_CTX_get_error(ctx);

-	depth = X509_STORE_CTX_get_error_depth(ctx);

-	buf1[0] = buf2[0] = '\0';

-	/* Fill buf1 */

-	X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);

-	/* Fill buf2 */

-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);

-	switch (ctx->error) {

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

-		reason = int_reason_no_issuer;

-		break;

-	case X509_V_ERR_CERT_NOT_YET_VALID:

-		reason = int_reason_not_yet;

-		break;

-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

-		reason = int_reason_before;

-		break;

-	case X509_V_ERR_CERT_HAS_EXPIRED:

-		reason = int_reason_expired;

-		break;

-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

-		reason = int_reason_after;

-		break;

-	}

-	if((cb_ssl_verify_level == 1) && ok)

-		return ok;

-	fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);

-	if(reason)

-		fprintf(fp_cb_ssl_verify, "error=%s\n", reason);

-	else

-		fprintf(fp_cb_ssl_verify, "error=%d\n", err);

-	if(cb_ssl_verify_level < 3)

-		return ok;

-	fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);

-	fprintf(fp_cb_ssl_verify, "--> issuer  = %s\n", buf2);

-	if(!ok)

-		fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,

-			X509_verify_cert_error_string(err));

-	fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);

-	return ok;

-}

-void cb_ssl_verify_set_output(FILE *fp)

-{

-	fp_cb_ssl_verify = fp;

-}

-void cb_ssl_verify_set_depth(unsigned int verify_depth)

-{

-	int_verify_depth = verify_depth;

-}

-void cb_ssl_verify_set_level(unsigned int level)

-{

-	if(level < 4)

-		cb_ssl_verify_level = level;

-}

-RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)

-{

-	/* TODO: Perhaps make it so our global key can be generated on-the-fly

-	 * after certain intervals? */

-	static RSA *rsa_tmp = NULL;

-	if(!rsa_tmp)

-		rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);

-	return rsa_tmp;

-}

-#endif /* !defined(NO_OPENSSL) */

--- a/sys/src/ape/lib/openssl/demos/tunala/configure.in

+++ /dev/null

@@ -1,29 +1,0 @@

-dnl Process this file with autoconf to produce a configure script.

-AC_INIT(tunala.c)

-AM_CONFIG_HEADER(config.h)

-AM_INIT_AUTOMAKE(tunala, 0.0.1-dev)

-dnl Checks for programs. (Though skip libtool)

-AC_PROG_CC

-dnl AC_PROG_LIBTOOL

-dnl AM_PROG_LIBTOOL

-dnl Checks for libraries.

-AC_CHECK_LIB(dl, dlopen)

-AC_CHECK_LIB(z, inflate)

-AC_CHECK_LIB(socket, socket)

-AC_CHECK_LIB(nsl, gethostbyname)

-dnl Checks for header files.

-AC_HEADER_STDC

-AC_CHECK_HEADERS(fcntl.h limits.h unistd.h)

-dnl Checks for typedefs, structures, and compiler characteristics.

-AC_C_CONST

-dnl Checks for library functions.

-AC_CHECK_FUNCS(strstr strtoul)

-AC_CHECK_FUNCS(select socket)

-AC_CHECK_FUNCS(dlopen)

-AC_OUTPUT(Makefile)

--- a/sys/src/ape/lib/openssl/demos/tunala/ip.c

+++ /dev/null

@@ -1,146 +1,0 @@

-#include "tunala.h"

-#ifndef NO_IP

-#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other

-				   such value it'll still be respectable */

-/* Any IP-related initialisations. For now, this means blocking SIGPIPE */

-int ip_initialise(void)

-{

-	struct sigaction sa;

-	sa.sa_handler = SIG_IGN;

-	sa.sa_flags = 0;

-	sigemptyset(&sa.sa_mask);

-	if(sigaction(SIGPIPE, &sa, NULL) != 0)

-		return 0;

-	return 1;

-}

-int ip_create_listener_split(const char *ip, unsigned short port)

-{

-	struct sockaddr_in in_addr;

-	int fd = -1;

-	int reuseVal = 1;

-	/* Create the socket */

-	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)

-		goto err;

-	/* Set the SO_REUSEADDR flag - servers act weird without it */

-	if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),

-				sizeof(reuseVal)) != 0)

-		goto err;

-	/* Prepare the listen address stuff */

-	in_addr.sin_family = AF_INET;

-	memcpy(&in_addr.sin_addr.s_addr, ip, 4);

-	in_addr.sin_port = htons(port);

-	/* Bind to the required port/address/interface */

-	if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)

-		goto err;

-	/* Start "listening" */

-	if(listen(fd, IP_LISTENER_BACKLOG) != 0)

-		goto err;

-	return fd;

-err:

-	if(fd != -1)

-		close(fd);

-	return -1;

-}

-int ip_create_connection_split(const char *ip, unsigned short port)

-{

-	struct sockaddr_in in_addr;

-	int flags, fd = -1;

-	/* Create the socket */

-	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)

-		goto err;

-	/* Make it non-blocking */

-	if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||

-			(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))

-		goto err;

-	/* Prepare the connection address stuff */

-	in_addr.sin_family = AF_INET;

-	memcpy(&in_addr.sin_addr.s_addr, ip, 4);

-	in_addr.sin_port = htons(port);

-	/* Start a connect (non-blocking, in all likelihood) */

-	if((connect(fd, (struct sockaddr *)&in_addr,

-			sizeof(struct sockaddr_in)) != 0) &&

-			(errno != EINPROGRESS))

-		goto err;

-	return fd;

-err:

-	if(fd != -1)

-		close(fd);

-	return -1;

-}

-static char all_local_ip[] = {0x00,0x00,0x00,0x00};

-int ip_parse_address(const char *address, const char **parsed_ip,

-		unsigned short *parsed_port, int accept_all_ip)

-{

-	char buf[256];

-	struct hostent *lookup;

-	unsigned long port;

-	const char *ptr = strstr(address, ":");

-	const char *ip = all_local_ip;

-	if(!ptr) {

-		/* We assume we're listening on all local interfaces and have

-		 * only specified a port. */

-		if(!accept_all_ip)

-			return 0;

-		ptr = address;

-		goto determine_port;

-	}

-	if((ptr - address) > 255)

-		return 0;

-	memset(buf, 0, 256);

-	memcpy(buf, address, ptr - address);

-	ptr++;

-	if((lookup = gethostbyname(buf)) == NULL) {

-		/* Spit a message to differentiate between lookup failures and

-		 * bad strings. */

-		fprintf(stderr, "hostname lookup for '%s' failed\n", buf);

-		return 0;

-	}

-	ip = lookup->h_addr_list[0];

-determine_port:

-	if(strlen(ptr) < 1)

-		return 0;

-	if(!int_strtoul(ptr, &port) || (port > 65535))

-		return 0;

-	*parsed_ip = ip;

-	*parsed_port = (unsigned short)port;

-	return 1;

-}

-int ip_create_listener(const char *address)

-{

-	const char *ip;

-	unsigned short port;

-	if(!ip_parse_address(address, &ip, &port, 1))

-		return -1;

-	return ip_create_listener_split(ip, port);

-}

-int ip_create_connection(const char *address)

-{

-	const char *ip;

-	unsigned short port;

-	if(!ip_parse_address(address, &ip, &port, 0))

-		return -1;

-	return ip_create_connection_split(ip, port);

-}

-int ip_accept_connection(int listen_fd)

-{

-	return accept(listen_fd, NULL, NULL);

-}

-#endif /* !defined(NO_IP) */

--- a/sys/src/ape/lib/openssl/demos/tunala/sm.c

+++ /dev/null

@@ -1,151 +1,0 @@

-#include "tunala.h"

-#ifndef NO_TUNALA

-void state_machine_init(state_machine_t *machine)

-{

-	machine->ssl = NULL;

-	machine->bio_intossl = machine->bio_fromssl = NULL;

-	buffer_init(&machine->clean_in);

-	buffer_init(&machine->clean_out);

-	buffer_init(&machine->dirty_in);

-	buffer_init(&machine->dirty_out);

-}

-void state_machine_close(state_machine_t *machine)

-{

-	if(machine->ssl)

-		SSL_free(machine->ssl);

-/* SSL_free seems to decrement the reference counts already so doing this goes

- * kaboom. */

-#if 0

-	if(machine->bio_intossl)

-		BIO_free(machine->bio_intossl);

-	if(machine->bio_fromssl)

-		BIO_free(machine->bio_fromssl);

-#endif

-	buffer_close(&machine->clean_in);

-	buffer_close(&machine->clean_out);

-	buffer_close(&machine->dirty_in);

-	buffer_close(&machine->dirty_out);

-	state_machine_init(machine);

-}

-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)

-{

-	switch(type) {

-	case SM_CLEAN_IN:

-		return &machine->clean_in;

-	case SM_CLEAN_OUT:

-		return &machine->clean_out;

-	case SM_DIRTY_IN:

-		return &machine->dirty_in;

-	case SM_DIRTY_OUT:

-		return &machine->dirty_out;

-	default:

-		break;

-	}

-	/* Should never get here */

-	abort();

-	return NULL;

-}

-SSL *state_machine_get_SSL(state_machine_t *machine)

-{

-	return machine->ssl;

-}

-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)

-{

-	if(machine->ssl)

-		/* Shouldn't ever be set twice */

-		abort();

-	machine->ssl = ssl;

-	/* Create the BIOs to handle the dirty side of the SSL */

-	if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)

-		abort();

-	if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)

-		abort();

-	/* Hook up the BIOs on the dirty side of the SSL */

-	SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);

-	if(is_server)

-		SSL_set_accept_state(machine->ssl);

-	else

-		SSL_set_connect_state(machine->ssl);

-	/* If we're the first one to generate traffic - do it now otherwise we

-	 * go into the next select empty-handed and our peer will not send data

-	 * but will similarly wait for us. */

-	return state_machine_churn(machine);

-}

-/* Performs the data-IO loop and returns zero if the machine should close */

-int state_machine_churn(state_machine_t *machine)

-{

-	unsigned int loop;

-	if(machine->ssl == NULL) {

-		if(buffer_empty(&machine->clean_out))

-			/* Time to close this state-machine altogether */

-			return 0;

-		else

-			/* Still buffered data on the clean side to go out */

-			return 1;

-	}

-	/* Do this loop twice to cover any dependencies about which precise

-	 * order of reads and writes is required. */

-	for(loop = 0; loop < 2; loop++) {

-		buffer_to_SSL(&machine->clean_in, machine->ssl);

-		buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);

-		buffer_from_SSL(&machine->clean_out, machine->ssl);

-		buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);

-	}

-	/* We close on the SSL side if the info callback noticed some problems

-	 * or an SSL shutdown was underway and shutdown traffic had all been

-	 * sent. */

-	if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&

-				buffer_empty(&machine->dirty_out))) {

-		/* Great, we can seal off the dirty side completely */

-		if(!state_machine_close_dirty(machine))

-			return 0;

-	}

-	/* Either the SSL is alive and well, or the closing process still has

-	 * outgoing data waiting to be sent */

-	return 1;

-}

-/* Called when the clean side of the SSL has lost its connection */

-int state_machine_close_clean(state_machine_t *machine)

-{

-	/* Well, first thing to do is null out the clean-side buffers - they're

-	 * no use any more. */

-	buffer_close(&machine->clean_in);

-	buffer_close(&machine->clean_out);

-	/* And start an SSL shutdown */

-	if(machine->ssl)

-		SSL_shutdown(machine->ssl);

-	/* This is an "event", so flush the SSL of any generated traffic */

-	state_machine_churn(machine);

-	if(buffer_empty(&machine->dirty_in) &&

-			buffer_empty(&machine->dirty_out))

-		return 0;

-	return 1;

-}

-/* Called when the dirty side of the SSL has lost its connection. This is pretty

- * terminal as all that can be left to do is send any buffered output on the

- * clean side - after that, we're done. */

-int state_machine_close_dirty(state_machine_t *machine)

-{

-	buffer_close(&machine->dirty_in);

-	buffer_close(&machine->dirty_out);

-	buffer_close(&machine->clean_in);

-	if(machine->ssl)

-		SSL_free(machine->ssl);

-	machine->ssl = NULL;

-	machine->bio_intossl = machine->bio_fromssl = NULL;

-	if(buffer_empty(&machine->clean_out))

-		return 0;

-	return 1;

-}

-#endif /* !defined(NO_TUNALA) */

--- a/sys/src/ape/lib/openssl/demos/tunala/test.sh

+++ /dev/null

@@ -1,107 +1,0 @@

-#!/bin/sh

-HTTP="localhost:8080"

-CLIENT_PORT="9020"

-SERVER_PORT="9021"

-sub_test ()

-{

-	echo "STARTING - $VER $CIPHER"

-	./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \

-		-cacert CA.pem -cert A-client.pem -server 0 \

-		-dh_special standard -v_peer -v_strict \

-		$VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt &

-	./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \

-		-cacert CA.pem -cert A-server.pem -server 1 \

-		-dh_special standard -v_peer -v_strict \

-		$VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt &

-	# Wait for the servers to be listening before starting the wget test

-	DONE="no"

-	while [ "$DONE" != "yes" ]; do

-		L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`

-		L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`

-		if [ "x$L1" != "x" ]; then

-			DONE="yes"

-		elif [ "x$L2" != "x" ]; then

-			DONE="yes"

-		else

-			sleep 1

-		fi

-	done

-	HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep "<HTML>"`

-	if [ "x$HTML" != "x" ]; then

-		echo "OK - $CIPHER ($VER)"

-	else

-		echo "FAIL - $CIPHER ($VER)"

-		killall tunala

-		exit 1

-	fi

-	killall tunala

-	# Wait for the servers to stop before returning - otherwise the next

-	# test my fail to start ... (fscking race conditions)

-	DONE="yes"

-	while [ "$DONE" != "no" ]; do

-		L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`

-		L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`

-		if [ "x$L1" != "x" ]; then

-			DONE="yes"

-		elif [ "x$L2" != "x" ]; then

-			DONE="yes"

-		else

-			DONE="no"

-		fi

-	done

-	exit 0

-}

-run_test ()

-{

-	(sub_test 1> /dev/null) || exit 1

-}

-run_ssl_test ()

-{

-killall tunala 1> /dev/null 2> /dev/null

-echo ""

-echo "Starting all $PRETTY tests"

-if [ "$PRETTY" != "SSLv2" ]; then

-	if [ "$PRETTY" != "SSLv3" ]; then

-		export VER="-no_ssl2 -no_ssl3"

-		export OSSL="-tls1"

-	else

-		export VER="-no_ssl2 -no_tls1"

-		export OSSL="-ssl3"

-	fi

-else

-	export VER="-no_ssl3 -no_tls1"

-	export OSSL="-ssl2"

-fi

-LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`"

-#echo "$LIST"

-for i in $LIST; do \

-	DSS=`echo "$i" | grep "DSS"`

-	if [ "x$DSS" != "x" ]; then

-		echo "---- skipping $i (no DSA cert/keys) ----"

-	else

-		export CIPHER=$i

-		run_test

-		echo "SUCCESS: $i"

-	fi

-done;

-}

-# Welcome the user

-echo "Tests will assume an http server running at $HTTP"

-# TLSv1 test

-export PRETTY="TLSv1"

-run_ssl_test

-# SSLv3 test

-export PRETTY="SSLv3"

-run_ssl_test

-# SSLv2 test

-export PRETTY="SSLv2"

-run_ssl_test

--- a/sys/src/ape/lib/openssl/demos/tunala/tunala.c

+++ /dev/null

@@ -1,1107 +1,0 @@

-#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)

-#error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"

-#endif

-/* Include our bits'n'pieces */

-#include "tunala.h"

-/********************************************/

-/* Our local types that specify our "world" */

-/********************************************/

-/* These represent running "tunnels". Eg. if you wanted to do SSL in a

- * "message-passing" scanario, the "int" file-descriptors might be replaced by

- * thread or process IDs, and the "select" code might be replaced by message

- * handling code. Whatever. */

-typedef struct _tunala_item_t {

-	/* The underlying SSL state machine. This is a data-only processing unit

-	 * and we communicate with it by talking to its four "buffers". */

-	state_machine_t sm;

-	/* The file-descriptors for the "dirty" (encrypted) side of the SSL

-	 * setup. In actuality, this is typically a socket and both values are

-	 * identical. */

-	int dirty_read, dirty_send;

-	/* The file-descriptors for the "clean" (unencrypted) side of the SSL

-	 * setup. These could be stdin/stdout, a socket (both values the same),

-	 * or whatever you like. */

-	int clean_read, clean_send;

-} tunala_item_t;

-/* This structure is used as the data for running the main loop. Namely, in a

- * network format such as this, it is stuff for select() - but as pointed out,

- * when moving the real-world to somewhere else, this might be replaced by

- * something entirely different. It's basically the stuff that controls when

- * it's time to do some "work". */

-typedef struct _select_sets_t {

-	int max; /* As required as the first argument to select() */

-	fd_set reads, sends, excepts; /* As passed to select() */

-} select_sets_t;

-typedef struct _tunala_selector_t {

-	select_sets_t last_selected; /* Results of the last select() */

-	select_sets_t next_select; /* What we'll next select on */

-} tunala_selector_t;

-/* This structure is *everything*. We do it to avoid the use of globals so that,

- * for example, it would be easier to shift things around between async-IO,

- * thread-based, or multi-fork()ed (or combinations thereof). */

-typedef struct _tunala_world_t {

-	/* The file-descriptor we "listen" on for new connections */

-	int listen_fd;

-	/* The array of tunnels */

-	tunala_item_t *tunnels;

-	/* the number of tunnels in use and allocated, respectively */

-	unsigned int tunnels_used, tunnels_size;

-	/* Our outside "loop" context stuff */

-	tunala_selector_t selector;

-	/* Our SSL_CTX, which is configured as the SSL client or server and has

-	 * the various cert-settings and callbacks configured. */

-	SSL_CTX *ssl_ctx;

-	/* Simple flag with complex logic :-) Indicates whether we're an SSL

-	 * server or an SSL client. */

-	int server_mode;

-} tunala_world_t;

-/*****************************/

-/* Internal static functions */

-/*****************************/

-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,

-		const char *CAfile, const char *cert, const char *key,

-		const char *dcert, const char *dkey, const char *cipher_list,

-		const char *dh_file, const char *dh_special, int tmp_rsa,

-		int ctx_options, int out_state, int out_verify, int verify_mode,

-		unsigned int verify_depth);

-static void selector_init(tunala_selector_t *selector);

-static void selector_add_listener(tunala_selector_t *selector, int fd);

-static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t);

-static int selector_select(tunala_selector_t *selector);

-/* This returns -1 for error, 0 for no new connections, or 1 for success, in

- * which case *newfd is populated. */

-static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd);

-static int tunala_world_new_item(tunala_world_t *world, int fd,

-		const char *ip, unsigned short port, int flipped);

-static void tunala_world_del_item(tunala_world_t *world, unsigned int idx);

-static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item);

-/*********************************************/

-/* MAIN FUNCTION (and its utility functions) */

-/*********************************************/

-static const char *def_proxyhost = "127.0.0.1:443";

-static const char *def_listenhost = "127.0.0.1:8080";

-static int def_max_tunnels = 50;

-static const char *def_cacert = NULL;

-static const char *def_cert = NULL;

-static const char *def_key = NULL;

-static const char *def_dcert = NULL;

-static const char *def_dkey = NULL;

-static const char *def_engine_id = NULL;

-static int def_server_mode = 0;

-static int def_flipped = 0;

-static const char *def_cipher_list = NULL;

-static const char *def_dh_file = NULL;

-static const char *def_dh_special = NULL;

-static int def_tmp_rsa = 1;

-static int def_ctx_options = 0;

-static int def_verify_mode = 0;

-static unsigned int def_verify_depth = 10;

-static int def_out_state = 0;

-static unsigned int def_out_verify = 0;

-static int def_out_totals = 0;

-static int def_out_conns = 0;

-static const char *helpstring =

-"\n'Tunala' (A tunneler with a New Zealand accent)\n"

-"Usage: tunala [options], where options are from;\n"

-" -listen [host:]<port>  (default = 127.0.0.1:8080)\n"

-" -proxy <host>:<port>   (default = 127.0.0.1:443)\n"

-" -maxtunnels <num>      (default = 50)\n"

-" -cacert <path|NULL>    (default = NULL)\n"

-" -cert <path|NULL>      (default = NULL)\n"

-" -key <path|NULL>       (default = whatever '-cert' is)\n"

-" -dcert <path|NULL>     (usually for DSA, default = NULL)\n"

-" -dkey <path|NULL>      (usually for DSA, default = whatever '-dcert' is)\n"

-" -engine <id|NULL>      (default = NULL)\n"

-" -server <0|1>          (default = 0, ie. an SSL client)\n"

-" -flipped <0|1>         (makes SSL servers be network clients, and vice versa)\n"

-" -cipher <list>         (specifies cipher list to use)\n"

-" -dh_file <path>        (a PEM file containing DH parameters to use)\n"

-" -dh_special <NULL|generate|standard> (see below: def=NULL)\n"

-" -no_tmp_rsa            (don't generate temporary RSA keys)\n"

-" -no_ssl2               (disable SSLv2)\n"

-" -no_ssl3               (disable SSLv3)\n"

-" -no_tls1               (disable TLSv1)\n"

-" -v_peer                (verify the peer certificate)\n"

-" -v_strict              (do not continue if peer doesn't authenticate)\n"

-" -v_once                (no verification in renegotiates)\n"

-" -v_depth <num>         (limit certificate chain depth, default = 10)\n"

-" -out_conns             (prints client connections and disconnections)\n"

-" -out_state             (prints SSL handshake states)\n"

-" -out_verify <0|1|2|3>  (prints certificate verification states: def=1)\n"

-" -out_totals            (prints out byte-totals when a tunnel closes)\n"

-" -<h|help|?>            (displays this help screen)\n"

-"Notes:\n"

-"(1) It is recommended to specify a cert+key when operating as an SSL server.\n"

-"    If you only specify '-cert', the same file must contain a matching\n"

-"    private key.\n"

-"(2) Either dh_file or dh_special can be used to specify where DH parameters\n"

-"    will be obtained from (or '-dh_special NULL' for the default choice) but\n"

-"    you cannot specify both. For dh_special, 'generate' will create new DH\n"

-"    parameters on startup, and 'standard' will use embedded parameters\n"

-"    instead.\n"

-"(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"

-"    tunala' listens for 'clean' client connections and proxies ssl, and an\n"

-"    'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"

-"    '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"

-"    listens for clean client connections and proxies ssl (but participating\n"

-"    as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"

-"    listens for ssl connections (participating as an ssl *client* in the\n"

-"    SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"

-"    be useful for allowing network access to 'servers' where only the server\n"

-"    needs to authenticate the client (ie. the other way is not required).\n"

-"    Even with client and server authentication, this 'technique' mitigates\n"

-"    some DoS (denial-of-service) potential as it will be the network client\n"

-"    having to perform the first private key operation rather than the other\n"

-"    way round.\n"

-"(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"

-"    absolutely nothing except another complimentary instance of 'tunala'\n"

-"    running with '-flipped 1'. :-)\n";

-/* Default DH parameters for use with "-dh_special standard" ... stolen striaght

- * from s_server. */

-static unsigned char dh512_p[]={

-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,

-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,

-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,

-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,

-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,

-	0x47,0x74,0xE8,0x33,

-	};

-static unsigned char dh512_g[]={

-	0x02,

-	};

-/* And the function that parses the above "standard" parameters, again, straight

- * out of s_server. */

-static DH *get_dh512(void)

-	{

-	DH *dh=NULL;

-	if ((dh=DH_new()) == NULL) return(NULL);

-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);

-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);

-	if ((dh->p == NULL) || (dh->g == NULL))

-		return(NULL);

-	return(dh);

-	}

-/* Various help/error messages used by main() */

-static int usage(const char *errstr, int isunknownarg)

-{

-	if(isunknownarg)

-		fprintf(stderr, "Error: unknown argument '%s'\n", errstr);

-	else

-		fprintf(stderr, "Error: %s\n", errstr);

-	fprintf(stderr, "%s\n", helpstring);

-	return 1;

-}

-static int err_str0(const char *str0)

-{

-	fprintf(stderr, "%s\n", str0);

-	return 1;

-}

-static int err_str1(const char *fmt, const char *str1)

-{

-	fprintf(stderr, fmt, str1);

-	fprintf(stderr, "\n");

-	return 1;

-}

-static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)

-{

-	unsigned long l;

-	if(!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {

-		fprintf(stderr, "Error, '%s' is an invalid value for "

-				"maxtunnels\n", s);

-		return 0;

-	}

-	*maxtunnels = (unsigned int)l;

-	return 1;

-}

-static int parse_server_mode(const char *s, int *servermode)

-{

-	unsigned long l;

-	if(!int_strtoul(s, &l) || (l > 1)) {

-		fprintf(stderr, "Error, '%s' is an invalid value for the "

-				"server mode\n", s);

-		return 0;

-	}

-	*servermode = (int)l;

-	return 1;

-}

-static int parse_dh_special(const char *s, const char **dh_special)

-{

-	if((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||

-			(strcmp(s, "standard") == 0)) {

-		*dh_special = s;

-		return 1;

-	}

-	fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);

-	return 0;

-}

-static int parse_verify_level(const char *s, unsigned int *verify_level)

-{

-	unsigned long l;

-	if(!int_strtoul(s, &l) || (l > 3)) {

-		fprintf(stderr, "Error, '%s' is an invalid value for "

-				"out_verify\n", s);

-		return 0;

-	}

-	*verify_level = (unsigned int)l;

-	return 1;

-}

-static int parse_verify_depth(const char *s, unsigned int *verify_depth)

-{

-	unsigned long l;

-	if(!int_strtoul(s, &l) || (l < 1) || (l > 50)) {

-		fprintf(stderr, "Error, '%s' is an invalid value for "

-				"verify_depth\n", s);

-		return 0;

-	}

-	*verify_depth = (unsigned int)l;

-	return 1;

-}

-/* Some fprintf format strings used when tunnels close */

-static const char *io_stats_dirty =

-"    SSL traffic;   %8lu bytes in, %8lu bytes out\n";

-static const char *io_stats_clean =

-"    clear traffic; %8lu bytes in, %8lu bytes out\n";

-int main(int argc, char *argv[])

-{

-	unsigned int loop;

-	int newfd;

-	tunala_world_t world;

-	tunala_item_t *t_item;

-	const char *proxy_ip;

-	unsigned short proxy_port;

-	/* Overridables */

-	const char *proxyhost = def_proxyhost;

-	const char *listenhost = def_listenhost;

-	unsigned int max_tunnels = def_max_tunnels;

-	const char *cacert = def_cacert;

-	const char *cert = def_cert;

-	const char *key = def_key;

-	const char *dcert = def_dcert;

-	const char *dkey = def_dkey;

-	const char *engine_id = def_engine_id;

-	int server_mode = def_server_mode;

-	int flipped = def_flipped;

-	const char *cipher_list = def_cipher_list;

-	const char *dh_file = def_dh_file;

-	const char *dh_special = def_dh_special;

-	int tmp_rsa = def_tmp_rsa;

-	int ctx_options = def_ctx_options;

-	int verify_mode = def_verify_mode;

-	unsigned int verify_depth = def_verify_depth;

-	int out_state = def_out_state;

-	unsigned int out_verify = def_out_verify;

-	int out_totals = def_out_totals;

-	int out_conns = def_out_conns;

-/* Parse command-line arguments */

-next_arg:

-	argc--; argv++;

-	if(argc > 0) {

-		if(strcmp(*argv, "-listen") == 0) {

-			if(argc < 2)

-				return usage("-listen requires an argument", 0);

-			argc--; argv++;

-			listenhost = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-proxy") == 0) {

-			if(argc < 2)

-				return usage("-proxy requires an argument", 0);

-			argc--; argv++;

-			proxyhost = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-maxtunnels") == 0) {

-			if(argc < 2)

-				return usage("-maxtunnels requires an argument", 0);

-			argc--; argv++;

-			if(!parse_max_tunnels(*argv, &max_tunnels))

-				return 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-cacert") == 0) {

-			if(argc < 2)

-				return usage("-cacert requires an argument", 0);

-			argc--; argv++;

-			if(strcmp(*argv, "NULL") == 0)

-				cacert = NULL;

-			else

-				cacert = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-cert") == 0) {

-			if(argc < 2)

-				return usage("-cert requires an argument", 0);

-			argc--; argv++;

-			if(strcmp(*argv, "NULL") == 0)

-				cert = NULL;

-			else

-				cert = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-key") == 0) {

-			if(argc < 2)

-				return usage("-key requires an argument", 0);

-			argc--; argv++;

-			if(strcmp(*argv, "NULL") == 0)

-				key = NULL;

-			else

-				key = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-dcert") == 0) {

-			if(argc < 2)

-				return usage("-dcert requires an argument", 0);

-			argc--; argv++;

-			if(strcmp(*argv, "NULL") == 0)

-				dcert = NULL;

-			else

-				dcert = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-dkey") == 0) {

-			if(argc < 2)

-				return usage("-dkey requires an argument", 0);

-			argc--; argv++;

-			if(strcmp(*argv, "NULL") == 0)

-				dkey = NULL;

-			else

-				dkey = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-engine") == 0) {

-			if(argc < 2)

-				return usage("-engine requires an argument", 0);

-			argc--; argv++;

-			engine_id = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-server") == 0) {

-			if(argc < 2)

-				return usage("-server requires an argument", 0);

-			argc--; argv++;

-			if(!parse_server_mode(*argv, &server_mode))

-				return 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-flipped") == 0) {

-			if(argc < 2)

-				return usage("-flipped requires an argument", 0);

-			argc--; argv++;

-			if(!parse_server_mode(*argv, &flipped))

-				return 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-cipher") == 0) {

-			if(argc < 2)

-				return usage("-cipher requires an argument", 0);

-			argc--; argv++;

-			cipher_list = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-dh_file") == 0) {

-			if(argc < 2)

-				return usage("-dh_file requires an argument", 0);

-			if(dh_special)

-				return usage("cannot mix -dh_file with "

-						"-dh_special", 0);

-			argc--; argv++;

-			dh_file = *argv;

-			goto next_arg;

-		} else if(strcmp(*argv, "-dh_special") == 0) {

-			if(argc < 2)

-				return usage("-dh_special requires an argument", 0);

-			if(dh_file)

-				return usage("cannot mix -dh_file with "

-						"-dh_special", 0);

-			argc--; argv++;

-			if(!parse_dh_special(*argv, &dh_special))

-				return 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-no_tmp_rsa") == 0) {

-			tmp_rsa = 0;

-			goto next_arg;

-		} else if(strcmp(*argv, "-no_ssl2") == 0) {

-			ctx_options |= SSL_OP_NO_SSLv2;

-			goto next_arg;

-		} else if(strcmp(*argv, "-no_ssl3") == 0) {

-			ctx_options |= SSL_OP_NO_SSLv3;

-			goto next_arg;

-		} else if(strcmp(*argv, "-no_tls1") == 0) {

-			ctx_options |= SSL_OP_NO_TLSv1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-v_peer") == 0) {

-			verify_mode |= SSL_VERIFY_PEER;

-			goto next_arg;

-		} else if(strcmp(*argv, "-v_strict") == 0) {

-			verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;

-			goto next_arg;

-		} else if(strcmp(*argv, "-v_once") == 0) {

-			verify_mode |= SSL_VERIFY_CLIENT_ONCE;

-			goto next_arg;

-		} else if(strcmp(*argv, "-v_depth") == 0) {

-			if(argc < 2)

-				return usage("-v_depth requires an argument", 0);

-			argc--; argv++;

-			if(!parse_verify_depth(*argv, &verify_depth))

-				return 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-out_state") == 0) {

-			out_state = 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-out_verify") == 0) {

-			if(argc < 2)

-				return usage("-out_verify requires an argument", 0);

-			argc--; argv++;

-			if(!parse_verify_level(*argv, &out_verify))

-				return 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-out_totals") == 0) {

-			out_totals = 1;

-			goto next_arg;

-		} else if(strcmp(*argv, "-out_conns") == 0) {

-			out_conns = 1;

-			goto next_arg;

-		} else if((strcmp(*argv, "-h") == 0) ||

-				(strcmp(*argv, "-help") == 0) ||

-				(strcmp(*argv, "-?") == 0)) {

-			fprintf(stderr, "%s\n", helpstring);

-			return 0;

-		} else

-			return usage(*argv, 1);

-	}

-	/* Run any sanity checks we want here */

-	if(!cert && !dcert && server_mode)

-		fprintf(stderr, "WARNING: you are running an SSL server without "

-				"a certificate - this may not work!\n");

-	/* Initialise network stuff */

-	if(!ip_initialise())

-		return err_str0("ip_initialise failed");

-	/* Create the SSL_CTX */

-	if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,

-			cacert, cert, key, dcert, dkey, cipher_list, dh_file,

-			dh_special, tmp_rsa, ctx_options, out_state, out_verify,

-			verify_mode, verify_depth)) == NULL)

-		return err_str1("initialise_ssl_ctx(engine_id=%s) failed",

-			(engine_id == NULL) ? "NULL" : engine_id);

-	if(engine_id)

-		fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);

-	/* Create the listener */

-	if((world.listen_fd = ip_create_listener(listenhost)) == -1)

-		return err_str1("ip_create_listener(%s) failed", listenhost);

-	fprintf(stderr, "Info, listening on '%s'\n", listenhost);

-	if(!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))

-		return err_str1("ip_parse_address(%s) failed", proxyhost);

-	fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,

-			(int)proxy_ip[0], (int)proxy_ip[1],

-			(int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);

-	fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);

-	fprintf(stderr, "Info, set to operate as an SSL %s\n",

-			(server_mode ? "server" : "client"));

-	/* Initialise the rest of the stuff */

-	world.tunnels_used = world.tunnels_size = 0;

-	world.tunnels = NULL;

-	world.server_mode = server_mode;

-	selector_init(&world.selector);

-/* We're ready to loop */

-main_loop:

-	/* Should we listen for *new* tunnels? */

-	if(world.tunnels_used < max_tunnels)

-		selector_add_listener(&world.selector, world.listen_fd);

-	/* We should add in our existing tunnels */

-	for(loop = 0; loop < world.tunnels_used; loop++)

-		selector_add_tunala(&world.selector, world.tunnels + loop);

-	/* Now do the select */

-	switch(selector_select(&world.selector)) {

-	case -1:

-		if(errno != EINTR) {

-			fprintf(stderr, "selector_select returned a "

-					"badness error.\n");

-			goto shouldnt_happen;

-		}

-		fprintf(stderr, "Warn, selector interrupted by a signal\n");

-		goto main_loop;

-	case 0:

-		fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n");

-		goto main_loop;

-	default:

-		break;

-	}

-	/* Accept new connection if we should and can */

-	if((world.tunnels_used < max_tunnels) && (selector_get_listener(

-					&world.selector, world.listen_fd,

-					&newfd) == 1)) {

-		/* We have a new connection */

-		if(!tunala_world_new_item(&world, newfd, proxy_ip,

-						proxy_port, flipped))

-			fprintf(stderr, "tunala_world_new_item failed\n");

-		else if(out_conns)

-			fprintf(stderr, "Info, new tunnel opened, now up to "

-					"%d\n", world.tunnels_used);

-	}

-	/* Give each tunnel its moment, note the while loop is because it makes

-	 * the logic easier than with "for" to deal with an array that may shift

-	 * because of deletes. */

-	loop = 0;

-	t_item = world.tunnels;

-	while(loop < world.tunnels_used) {

-		if(!tunala_item_io(&world.selector, t_item)) {

-			/* We're closing whether for reasons of an error or a

-			 * natural close. Don't increment loop or t_item because

-			 * the next item is moving to us! */

-			if(!out_totals)

-				goto skip_totals;

-			fprintf(stderr, "Tunnel closing, traffic stats follow\n");

-			/* Display the encrypted (over the network) stats */

-			fprintf(stderr, io_stats_dirty,

-				buffer_total_in(state_machine_get_buffer(

-						&t_item->sm,SM_DIRTY_IN)),

-				buffer_total_out(state_machine_get_buffer(

-						&t_item->sm,SM_DIRTY_OUT)));

-			/* Display the local (tunnelled) stats. NB: Data we

-			 * *receive* is data sent *out* of the state_machine on

-			 * its 'clean' side. Hence the apparent back-to-front

-			 * OUT/IN mixup here :-) */

-			fprintf(stderr, io_stats_clean,

-				buffer_total_out(state_machine_get_buffer(

-						&t_item->sm,SM_CLEAN_OUT)),

-				buffer_total_in(state_machine_get_buffer(

-						&t_item->sm,SM_CLEAN_IN)));

-skip_totals:

-			tunala_world_del_item(&world, loop);

-			if(out_conns)

-				fprintf(stderr, "Info, tunnel closed, down to %d\n",

-					world.tunnels_used);

-		}

-		else {

-			/* Move to the next item */

-			loop++;

-			t_item++;

-		}

-	}

-	goto main_loop;

-	/* Should never get here */

-shouldnt_happen:

-	abort();

-	return 1;

-}

-/****************/

-/* OpenSSL bits */

-/****************/

-static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)

-{

-	FILE *fp = NULL;

-	X509 *x509 = NULL;

-	EVP_PKEY *pkey = NULL;

-	int toret = 0; /* Assume an error */

-	/* cert */

-	if(cert) {

-		if((fp = fopen(cert, "r")) == NULL) {

-			fprintf(stderr, "Error opening cert file '%s'\n", cert);

-			goto err;

-		}

-		if(!PEM_read_X509(fp, &x509, NULL, NULL)) {

-			fprintf(stderr, "Error reading PEM cert from '%s'\n",

-					cert);

-			goto err;

-		}

-		if(!SSL_CTX_use_certificate(ctx, x509)) {

-			fprintf(stderr, "Error, cert in '%s' can not be used\n",

-					cert);

-			goto err;

-		}

-		/* Clear the FILE* for reuse in the "key" code */

-		fclose(fp);

-		fp = NULL;

-		fprintf(stderr, "Info, operating with cert in '%s'\n", cert);

-		/* If a cert was given without matching key, we assume the same

-		 * file contains the required key. */

-		if(!key)

-			key = cert;

-	} else {

-		if(key)

-			fprintf(stderr, "Error, can't specify a key without a "

-					"corresponding certificate\n");

-		else

-			fprintf(stderr, "Error, ctx_set_cert called with "

-					"NULLs!\n");

-		goto err;

-	}

-	/* key */

-	if(key) {

-		if((fp = fopen(key, "r")) == NULL) {

-			fprintf(stderr, "Error opening key file '%s'\n", key);

-			goto err;

-		}

-		if(!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {

-			fprintf(stderr, "Error reading PEM key from '%s'\n",

-					key);

-			goto err;

-		}

-		if(!SSL_CTX_use_PrivateKey(ctx, pkey)) {

-			fprintf(stderr, "Error, key in '%s' can not be used\n",

-					key);

-			goto err;

-		}

-		fprintf(stderr, "Info, operating with key in '%s'\n", key);

-	} else

-		fprintf(stderr, "Info, operating without a cert or key\n");

-	/* Success */

-	toret = 1; err:

-	if(x509)

-		X509_free(x509);

-	if(pkey)

-		EVP_PKEY_free(pkey);

-	if(fp)

-		fclose(fp);

-	return toret;

-}

-static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)

-{

-	DH *dh = NULL;

-	FILE *fp = NULL;

-	if(dh_special) {

-		if(strcmp(dh_special, "NULL") == 0)

-			return 1;

-		if(strcmp(dh_special, "standard") == 0) {

-			if((dh = get_dh512()) == NULL) {

-				fprintf(stderr, "Error, can't parse 'standard'"

-						" DH parameters\n");

-				return 0;

-			}

-			fprintf(stderr, "Info, using 'standard' DH parameters\n");

-			goto do_it;

-		}

-		if(strcmp(dh_special, "generate") != 0)

-			/* This shouldn't happen - screening values is handled

-			 * in main(). */

-			abort();

-		fprintf(stderr, "Info, generating DH parameters ... ");

-		fflush(stderr);

-		if((dh = DH_generate_parameters(512, DH_GENERATOR_5,

-					NULL, NULL)) == NULL) {

-			fprintf(stderr, "error!\n");

-			return 0;

-		}

-		fprintf(stderr, "complete\n");

-		goto do_it;

-	}

-	/* So, we're loading dh_file */

-	if((fp = fopen(dh_file, "r")) == NULL) {

-		fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",

-				dh_file);

-		return 0;

-	}

-	dh = PEM_read_DHparams(fp, NULL, NULL, NULL);

-	fclose(fp);

-	if(dh == NULL) {

-		fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",

-				dh_file);

-		return 0;

-	}

-	fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);

-do_it:

-	SSL_CTX_set_tmp_dh(ctx, dh);

-	DH_free(dh);

-	return 1;

-}

-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,

-		const char *CAfile, const char *cert, const char *key,

-		const char *dcert, const char *dkey, const char *cipher_list,

-		const char *dh_file, const char *dh_special, int tmp_rsa,

-		int ctx_options, int out_state, int out_verify, int verify_mode,

-		unsigned int verify_depth)

-{

-	SSL_CTX *ctx = NULL, *ret = NULL;

-	SSL_METHOD *meth;

-	ENGINE *e = NULL;

-        OpenSSL_add_ssl_algorithms();

-        SSL_load_error_strings();

-	meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());

-	if(meth == NULL)

-		goto err;

-	if(engine_id) {

-		ENGINE_load_builtin_engines();

-		if((e = ENGINE_by_id(engine_id)) == NULL) {

-			fprintf(stderr, "Error obtaining '%s' engine, openssl "

-					"errors follow\n", engine_id);

-			goto err;

-		}

-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {

-			fprintf(stderr, "Error assigning '%s' engine, openssl "

-					"errors follow\n", engine_id);

-			goto err;

-		}

-		ENGINE_free(e);

-	}

-	if((ctx = SSL_CTX_new(meth)) == NULL)

-		goto err;

-	/* cacert */

-	if(CAfile) {

-		if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),

-					CAfile, NULL)) {

-			fprintf(stderr, "Error loading CA cert(s) in '%s'\n",

-					CAfile);

-			goto err;

-		}

-		fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n",

-				CAfile);

-	} else

-		fprintf(stderr, "Info, operating without a CA cert(-list)\n");

-	if(!SSL_CTX_set_default_verify_paths(ctx)) {

-		fprintf(stderr, "Error setting default verify paths\n");

-		goto err;

-	}

-	/* cert and key */

-	if((cert || key) && !ctx_set_cert(ctx, cert, key))

-		goto err;

-	/* dcert and dkey */

-	if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))

-		goto err;

-	/* temporary RSA key generation */

-	if(tmp_rsa)

-		SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);

-	/* cipher_list */

-	if(cipher_list) {

-		if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) {

-			fprintf(stderr, "Error setting cipher list '%s'\n",

-					cipher_list);

-			goto err;

-		}

-		fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);

-	} else

-		fprintf(stderr, "Info, operating with default cipher list\n");

-	/* dh_file & dh_special */

-	if((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))

-		goto err;

-	/* ctx_options */

-	SSL_CTX_set_options(ctx, ctx_options);

-	/* out_state (output of SSL handshake states to screen). */

-	if(out_state)

-		cb_ssl_info_set_output(stderr);

-	/* out_verify */

-	if(out_verify > 0) {

-		cb_ssl_verify_set_output(stderr);

-		cb_ssl_verify_set_level(out_verify);

-	}

-	/* verify_depth */

-	cb_ssl_verify_set_depth(verify_depth);

-	/* Success! (includes setting verify_mode) */

-	SSL_CTX_set_info_callback(ctx, cb_ssl_info);

-	SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);

-	ret = ctx;

-err:

-	if(!ret) {

-		ERR_print_errors_fp(stderr);

-		if(ctx)

-			SSL_CTX_free(ctx);

-	}

-	return ret;

-}

-/*****************/

-/* Selector bits */

-/*****************/

-static void selector_sets_init(select_sets_t *s)

-{

-	s->max = 0;

-	FD_ZERO(&s->reads);

-	FD_ZERO(&s->sends);

-	FD_ZERO(&s->excepts);

-}

-static void selector_init(tunala_selector_t *selector)

-{

-	selector_sets_init(&selector->last_selected);

-	selector_sets_init(&selector->next_select);

-}

-#define SEL_EXCEPTS 0x00

-#define SEL_READS   0x01

-#define SEL_SENDS   0x02

-static void selector_add_raw_fd(tunala_selector_t *s, int fd, int flags)

-{

-	FD_SET(fd, &s->next_select.excepts);

-	if(flags & SEL_READS)

-		FD_SET(fd, &s->next_select.reads);

-	if(flags & SEL_SENDS)

-		FD_SET(fd, &s->next_select.sends);

-	/* Adjust "max" */

-	if(s->next_select.max < (fd + 1))

-		s->next_select.max = fd + 1;

-}

-static void selector_add_listener(tunala_selector_t *selector, int fd)

-{

-	selector_add_raw_fd(selector, fd, SEL_READS);

-}

-static void selector_add_tunala(tunala_selector_t *s, tunala_item_t *t)

-{

-	/* Set clean read if sm.clean_in is not full */

-	if(t->clean_read != -1) {

-		selector_add_raw_fd(s, t->clean_read,

-			(buffer_full(state_machine_get_buffer(&t->sm,

-				SM_CLEAN_IN)) ? SEL_EXCEPTS : SEL_READS));

-	}

-	/* Set clean send if sm.clean_out is not empty */

-	if(t->clean_send != -1) {

-		selector_add_raw_fd(s, t->clean_send,

-			(buffer_empty(state_machine_get_buffer(&t->sm,

-				SM_CLEAN_OUT)) ? SEL_EXCEPTS : SEL_SENDS));

-	}

-	/* Set dirty read if sm.dirty_in is not full */

-	if(t->dirty_read != -1) {

-		selector_add_raw_fd(s, t->dirty_read,

-			(buffer_full(state_machine_get_buffer(&t->sm,

-				SM_DIRTY_IN)) ? SEL_EXCEPTS : SEL_READS));

-	}

-	/* Set dirty send if sm.dirty_out is not empty */

-	if(t->dirty_send != -1) {

-		selector_add_raw_fd(s, t->dirty_send,

-			(buffer_empty(state_machine_get_buffer(&t->sm,

-				SM_DIRTY_OUT)) ? SEL_EXCEPTS : SEL_SENDS));

-	}

-}

-static int selector_select(tunala_selector_t *selector)

-{

-	memcpy(&selector->last_selected, &selector->next_select,

-			sizeof(select_sets_t));

-	selector_sets_init(&selector->next_select);

-	return select(selector->last_selected.max,

-			&selector->last_selected.reads,

-			&selector->last_selected.sends,

-			&selector->last_selected.excepts, NULL);

-}

-/* This returns -1 for error, 0 for no new connections, or 1 for success, in

- * which case *newfd is populated. */

-static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd)

-{

-	if(FD_ISSET(fd, &selector->last_selected.excepts))

-		return -1;

-	if(!FD_ISSET(fd, &selector->last_selected.reads))

-		return 0;

-	if((*newfd = ip_accept_connection(fd)) == -1)

-		return -1;

-	return 1;

-}

-/************************/

-/* "Tunala" world stuff */

-/************************/

-static int tunala_world_make_room(tunala_world_t *world)

-{

-	unsigned int newsize;

-	tunala_item_t *newarray;

-	if(world->tunnels_used < world->tunnels_size)

-		return 1;

-	newsize = (world->tunnels_size == 0 ? 16 :

-			((world->tunnels_size * 3) / 2));

-	if((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)

-		return 0;

-	memset(newarray, 0, newsize * sizeof(tunala_item_t));

-	if(world->tunnels_used > 0)

-		memcpy(newarray, world->tunnels,

-			world->tunnels_used * sizeof(tunala_item_t));

-	if(world->tunnels_size > 0)

-		free(world->tunnels);

-	/* migrate */

-	world->tunnels = newarray;

-	world->tunnels_size = newsize;

-	return 1;

-}

-static int tunala_world_new_item(tunala_world_t *world, int fd,

-		const char *ip, unsigned short port, int flipped)

-{

-	tunala_item_t *item;

-	int newfd;

-	SSL *new_ssl = NULL;

-	if(!tunala_world_make_room(world))

-		return 0;

-	if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {

-		fprintf(stderr, "Error creating new SSL\n");

-		ERR_print_errors_fp(stderr);

-		return 0;

-	}

-	item = world->tunnels + (world->tunnels_used++);

-	state_machine_init(&item->sm);

-	item->clean_read = item->clean_send =

-		item->dirty_read = item->dirty_send = -1;

-	if((newfd = ip_create_connection_split(ip, port)) == -1)

-		goto err;

-	/* Which way round? If we're a server, "fd" is the dirty side and the

-	 * connection we open is the clean one. For a client, it's the other way

-	 * around. Unless, of course, we're "flipped" in which case everything

-	 * gets reversed. :-) */

-	if((world->server_mode && !flipped) ||

-			(!world->server_mode && flipped)) {

-		item->dirty_read = item->dirty_send = fd;

-		item->clean_read = item->clean_send = newfd;

-	} else {

-		item->clean_read = item->clean_send = fd;

-		item->dirty_read = item->dirty_send = newfd;

-	}

-	/* We use the SSL's "app_data" to indicate a call-back induced "kill" */

-	SSL_set_app_data(new_ssl, NULL);

-	if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))

-		goto err;

-	return 1;

-err:

-	tunala_world_del_item(world, world->tunnels_used - 1);

-	return 0;

-}

-static void tunala_world_del_item(tunala_world_t *world, unsigned int idx)

-{

-	tunala_item_t *item = world->tunnels + idx;

-	if(item->clean_read != -1)

-		close(item->clean_read);

-	if(item->clean_send != item->clean_read)

-		close(item->clean_send);

-	item->clean_read = item->clean_send = -1;

-	if(item->dirty_read != -1)

-		close(item->dirty_read);

-	if(item->dirty_send != item->dirty_read)

-		close(item->dirty_send);

-	item->dirty_read = item->dirty_send = -1;

-	state_machine_close(&item->sm);

-	/* OK, now we fix the item array */

-	if(idx + 1 < world->tunnels_used)

-		/* We need to scroll entries to the left */

-		memmove(world->tunnels + idx,

-				world->tunnels + (idx + 1),

-				(world->tunnels_used - (idx + 1)) *

-					sizeof(tunala_item_t));

-	world->tunnels_used--;

-}

-static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item)

-{

-	int c_r, c_s, d_r, d_s; /* Four boolean flags */

-	/* Take ourselves out of the gene-pool if there was an except */

-	if((item->clean_read != -1) && FD_ISSET(item->clean_read,

-				&selector->last_selected.excepts))

-		return 0;

-	if((item->clean_send != -1) && FD_ISSET(item->clean_send,

-				&selector->last_selected.excepts))

-		return 0;

-	if((item->dirty_read != -1) && FD_ISSET(item->dirty_read,

-				&selector->last_selected.excepts))

-		return 0;

-	if((item->dirty_send != -1) && FD_ISSET(item->dirty_send,

-				&selector->last_selected.excepts))

-		return 0;

-	/* Grab our 4 IO flags */

-	c_r = c_s = d_r = d_s = 0;

-	if(item->clean_read != -1)

-		c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);

-	if(item->clean_send != -1)

-		c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);

-	if(item->dirty_read != -1)

-		d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);

-	if(item->dirty_send != -1)

-		d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);

-	/* If no IO has happened for us, skip needless data looping */

-	if(!c_r && !c_s && !d_r && !d_s)

-		return 1;

-	if(c_r)

-		c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,

-				SM_CLEAN_IN), item->clean_read) <= 0);

-	if(c_s)

-		c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,

-				SM_CLEAN_OUT), item->clean_send) <= 0);

-	if(d_r)

-		d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,

-				SM_DIRTY_IN), item->dirty_read) <= 0);

-	if(d_s)

-		d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,

-				SM_DIRTY_OUT), item->dirty_send) <= 0);

-	/* If any of the flags is non-zero, that means they need closing */

-	if(c_r) {

-		close(item->clean_read);

-		if(item->clean_send == item->clean_read)

-			item->clean_send = -1;

-		item->clean_read = -1;

-	}

-	if(c_s && (item->clean_send != -1)) {

-		close(item->clean_send);

-		if(item->clean_send == item->clean_read)

-			item->clean_read = -1;

-		item->clean_send = -1;

-	}

-	if(d_r) {

-		close(item->dirty_read);

-		if(item->dirty_send == item->dirty_read)

-			item->dirty_send = -1;

-		item->dirty_read = -1;

-	}

-	if(d_s && (item->dirty_send != -1)) {

-		close(item->dirty_send);

-		if(item->dirty_send == item->dirty_read)

-			item->dirty_read = -1;

-		item->dirty_send = -1;

-	}

-	/* This function name is attributed to the term donated by David

-	 * Schwartz on openssl-dev, message-ID:

-	 * <[email protected]>. :-) */

-	if(!state_machine_churn(&item->sm))

-		/* If the SSL closes, it will also zero-out the _in buffers

-		 * and will in future process just outgoing data. As and

-		 * when the outgoing data has gone, it will return zero

-		 * here to tell us to bail out. */

-		return 0;

-	/* Otherwise, we return zero if both sides are dead. */

-	if(((item->clean_read == -1) || (item->clean_send == -1)) &&

-			((item->dirty_read == -1) || (item->dirty_send == -1)))

-		return 0;

-	/* If only one side closed, notify the SSL of this so it can take

-	 * appropriate action. */

-	if((item->clean_read == -1) || (item->clean_send == -1)) {

-		if(!state_machine_close_clean(&item->sm))

-			return 0;

-	}

-	if((item->dirty_read == -1) || (item->dirty_send == -1)) {

-		if(!state_machine_close_dirty(&item->sm))

-			return 0;

-	}

-	return 1;

-}

--- a/sys/src/ape/lib/openssl/demos/tunala/tunala.h

+++ /dev/null

@@ -1,215 +1,0 @@

-/* Tunala ("Tunneler with a New Zealand accent")

- *

- * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is

- * if it's useful or informative to you, but it's only here as a scratchpad for

- * ideas about how you might (or might not) program with OpenSSL. If you deploy

- * this is in a mission-critical environment, and have not read, understood,

- * audited, and modified this code to your satisfaction, and the result is that

- * all hell breaks loose and you are looking for a new employer, then it proves

- * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*

- * don't use this in a mission-critical environment, so it would be stupid for

- * anyone to assume that it is solid and/or tested enough when even its author

- * doesn't place that much trust in it. You have been warned.

- *

- * With thanks to Cryptographic Appliances, Inc.

- */

-#ifndef _TUNALA_H

-#define _TUNALA_H

-/* pull in autoconf fluff */

-#ifndef NO_CONFIG_H

-#include "config.h"

-#else

-/* We don't have autoconf, we have to set all of these unless a tweaked Makefile

- * tells us not to ... */

-/* headers */

-#ifndef NO_HAVE_SELECT

-#define HAVE_SELECT

-#endif

-#ifndef NO_HAVE_SOCKET

-#define HAVE_SOCKET

-#endif

-#ifndef NO_HAVE_UNISTD_H

-#define HAVE_UNISTD_H

-#endif

-#ifndef NO_HAVE_FCNTL_H

-#define HAVE_FCNTL_H

-#endif

-#ifndef NO_HAVE_LIMITS_H

-#define HAVE_LIMITS_H

-#endif

-/* features */

-#ifndef NO_HAVE_STRSTR

-#define HAVE_STRSTR

-#endif

-#ifndef NO_HAVE_STRTOUL

-#define HAVE_STRTOUL

-#endif

-#endif

-#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)

-#error "can't build without some network basics like select() and socket()"

-#endif

-#include <stdlib.h>

-#ifndef NO_SYSTEM_H

-#include <string.h>

-#ifdef HAVE_UNISTD_H

-#include <unistd.h>

-#endif

-#ifdef HAVE_FCNTL_H

-#include <fcntl.h>

-#endif

-#ifdef HAVE_LIMITS_H

-#include <limits.h>

-#endif

-#include <netdb.h>

-#include <signal.h>

-#include <sys/socket.h>

-#include <sys/types.h>

-#include <netinet/in.h>

-#endif /* !defined(NO_SYSTEM_H) */

-#ifndef NO_OPENSSL

-#include <openssl/err.h>

-#include <openssl/engine.h>

-#include <openssl/ssl.h>

-#endif /* !defined(NO_OPENSSL) */

-#ifndef OPENSSL_NO_BUFFER

-/* This is the generic "buffer" type that is used when feeding the

- * state-machine. It's basically a FIFO with respect to the "adddata" &

- * "takedata" type functions that operate on it. */

-#define MAX_DATA_SIZE 16384

-typedef struct _buffer_t {

-	unsigned char data[MAX_DATA_SIZE];

-	unsigned int used;

-	/* Statistical values - counts the total number of bytes read in and

-	 * read out (respectively) since "buffer_init()" */

-	unsigned long total_in, total_out;

-} buffer_t;

-/* Initialise a buffer structure before use */

-void buffer_init(buffer_t *buf);

-/* Cleanup a buffer structure - presently not needed, but if buffer_t is

- * converted to using dynamic allocation, this would be required - so should be

- * called to protect against an explosion of memory leaks later if the change is

- * made. */

-void buffer_close(buffer_t *buf);

-/* Basic functions to manipulate buffers */

-unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */

-unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */

-int buffer_full(buffer_t *buf); /* Boolean, is it full? */

-int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */

-int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */

-int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */

-unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */

-unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */

-#if 0 /* Currently used only within buffer.c - better to expose only

-       * higher-level functions anyway */

-/* Add data to the tail of the buffer, returns the amount that was actually

- * added (so, you need to check if return value is less than size) */

-unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,

-		unsigned int size);

-/* Take data from the front of the buffer (and scroll the rest forward). If

- * "ptr" is NULL, this just removes data off the front of the buffer. Return

- * value is the amount actually removed (can be less than size if the buffer has

- * too little data). */

-unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,

-		unsigned int size);

-/* Flushes as much data as possible out of the "from" buffer into the "to"

- * buffer. Return value is the amount moved. The amount moved can be restricted

- * to a maximum by specifying "cap" - setting it to -1 means no limit. */

-unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);

-#endif

-#ifndef NO_IP

-/* Read or write between a file-descriptor and a buffer */

-int buffer_from_fd(buffer_t *buf, int fd);

-int buffer_to_fd(buffer_t *buf, int fd);

-#endif /* !defined(NO_IP) */

-#ifndef NO_OPENSSL

-/* Read or write between an SSL or BIO and a buffer */

-void buffer_from_SSL(buffer_t *buf, SSL *ssl);

-void buffer_to_SSL(buffer_t *buf, SSL *ssl);

-void buffer_from_BIO(buffer_t *buf, BIO *bio);

-void buffer_to_BIO(buffer_t *buf, BIO *bio);

-/* Callbacks */

-void cb_ssl_info(const SSL *s, int where, int ret);

-void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */

-int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);

-void cb_ssl_verify_set_output(FILE *fp);

-void cb_ssl_verify_set_depth(unsigned int verify_depth);

-void cb_ssl_verify_set_level(unsigned int level);

-RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);

-#endif /* !defined(NO_OPENSSL) */

-#endif /* !defined(OPENSSL_NO_BUFFER) */

-#ifndef NO_TUNALA

-#ifdef OPENSSL_NO_BUFFER

-#error "TUNALA section of tunala.h requires BUFFER support"

-#endif

-typedef struct _state_machine_t {

-	SSL *ssl;

-	BIO *bio_intossl;

-	BIO *bio_fromssl;

-	buffer_t clean_in, clean_out;

-	buffer_t dirty_in, dirty_out;

-} state_machine_t;

-typedef enum {

-	SM_CLEAN_IN, SM_CLEAN_OUT,

-	SM_DIRTY_IN, SM_DIRTY_OUT

-} sm_buffer_t;

-void state_machine_init(state_machine_t *machine);

-void state_machine_close(state_machine_t *machine);

-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);

-SSL *state_machine_get_SSL(state_machine_t *machine);

-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);

-/* Performs the data-IO loop and returns zero if the machine should close */

-int state_machine_churn(state_machine_t *machine);

-/* Is used to handle closing conditions - namely when one side of the tunnel has

- * closed but the other should finish flushing. */

-int state_machine_close_clean(state_machine_t *machine);

-int state_machine_close_dirty(state_machine_t *machine);

-#endif /* !defined(NO_TUNALA) */

-#ifndef NO_IP

-/* Initialise anything related to the networking. This includes blocking pesky

- * SIGPIPE signals. */

-int ip_initialise(void);

-/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is

- * the port to listen on (host byte order), and the return value is the

- * file-descriptor or -1 on error. */

-int ip_create_listener_split(const char *ip, unsigned short port);

-/* Same semantics as above. */

-int ip_create_connection_split(const char *ip, unsigned short port);

-/* Converts a string into the ip/port before calling the above */

-int ip_create_listener(const char *address);

-int ip_create_connection(const char *address);

-/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,

- * then the address string could be just a port. Ie. it's suitable for a

- * listening address but not a connecting address. */

-int ip_parse_address(const char *address, const char **parsed_ip,

-		unsigned short *port, int accept_all_ip);

-/* Accepts an incoming connection through the listener. Assumes selects and

- * what-not have deemed it an appropriate thing to do. */

-int ip_accept_connection(int listen_fd);

-#endif /* !defined(NO_IP) */

-/* These functions wrap up things that can be portability hassles. */

-int int_strtoul(const char *str, unsigned long *val);

-#ifdef HAVE_STRSTR

-#define int_strstr strstr

-#else

-char *int_strstr(const char *haystack, const char *needle);

-#endif

-#endif /* !defined(_TUNALA_H) */

--- a/sys/src/ape/lib/openssl/demos/x509/README

+++ /dev/null

@@ -1,3 +1,0 @@

-This directory contains examples of how to contruct

-various X509 structures. Certificates, certificate requests

-and CRLs.

--- a/sys/src/ape/lib/openssl/demos/x509/mkcert.c

+++ /dev/null

@@ -1,172 +1,0 @@

-/* Certificate creation. Demonstrates some certificate related

- * operations.

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/pem.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);

-int add_ext(X509 *cert, int nid, char *value);

-int main(int argc, char **argv)

-	{

-	BIO *bio_err;

-	X509 *x509=NULL;

-	EVP_PKEY *pkey=NULL;

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);

-	mkcert(&x509,&pkey,512,0,365);

-	RSA_print_fp(stdout,pkey->pkey.rsa,0);

-	X509_print_fp(stdout,x509);

-	PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);

-	PEM_write_X509(stdout,x509);

-	X509_free(x509);

-	EVP_PKEY_free(pkey);

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE_cleanup();

-#endif

-	CRYPTO_cleanup_all_ex_data();

-	CRYPTO_mem_leaks(bio_err);

-	BIO_free(bio_err);

-	return(0);

-	}

-static void callback(int p, int n, void *arg)

-	{

-	char c='B';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	fputc(c,stderr);

-	}

-int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)

-	{

-	X509 *x;

-	EVP_PKEY *pk;

-	RSA *rsa;

-	X509_NAME *name=NULL;

-	if ((pkeyp == NULL) || (*pkeyp == NULL))

-		{

-		if ((pk=EVP_PKEY_new()) == NULL)

-			{

-			abort();

-			return(0);

-			}

-		}

-	else

-		pk= *pkeyp;

-	if ((x509p == NULL) || (*x509p == NULL))

-		{

-		if ((x=X509_new()) == NULL)

-			goto err;

-		}

-	else

-		x= *x509p;

-	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);

-	if (!EVP_PKEY_assign_RSA(pk,rsa))

-		{

-		abort();

-		goto err;

-		}

-	rsa=NULL;

-	X509_set_version(x,2);

-	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);

-	X509_gmtime_adj(X509_get_notBefore(x),0);

-	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);

-	X509_set_pubkey(x,pk);

-	name=X509_get_subject_name(x);

-	/* This function creates and adds the entry, working out the

-	 * correct string type and performing checks on its length.

-	 * Normally we'd check the return value for errors...

-	 */

-	X509_NAME_add_entry_by_txt(name,"C",

-				MBSTRING_ASC, "UK", -1, -1, 0);

-	X509_NAME_add_entry_by_txt(name,"CN",

-				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);

-	/* Its self signed so set the issuer name to be the same as the

- 	 * subject.

-	 */

-	X509_set_issuer_name(x,name);

-	/* Add various extensions: standard extensions */

-	add_ext(x, NID_basic_constraints, "critical,CA:TRUE");

-	add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");

-	add_ext(x, NID_subject_key_identifier, "hash");

-	/* Some Netscape specific extensions */

-	add_ext(x, NID_netscape_cert_type, "sslCA");

-	add_ext(x, NID_netscape_comment, "example comment extension");

-#ifdef CUSTOM_EXT

-	/* Maybe even add our own extension based on existing */

-	{

-		int nid;

-		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");

-		X509V3_EXT_add_alias(nid, NID_netscape_comment);

-		add_ext(x, nid, "example comment alias");

-	}

-#endif

-	if (!X509_sign(x,pk,EVP_md5()))

-		goto err;

-	*x509p=x;

-	*pkeyp=pk;

-	return(1);

-err:

-	return(0);

-	}

-/* Add extension using V3 code: we can set the config file as NULL

- * because we wont reference any other sections.

- */

-int add_ext(X509 *cert, int nid, char *value)

-	{

-	X509_EXTENSION *ex;

-	X509V3_CTX ctx;

-	/* This sets the 'context' of the extensions. */

-	/* No configuration database */

-	X509V3_set_ctx_nodb(&ctx);

-	/* Issuer and subject certs: both the target since it is self signed,

-	 * no request and no CRL

-	 */

-	X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);

-	ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);

-	if (!ex)

-		return 0;

-	X509_add_ext(cert,ex,-1);

-	X509_EXTENSION_free(ex);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/demos/x509/mkreq.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* Certificate request creation. Demonstrates some request related

- * operations.

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/pem.h>

-#include <openssl/conf.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);

-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);

-int main(int argc, char **argv)

-	{

-	BIO *bio_err;

-	X509_REQ *req=NULL;

-	EVP_PKEY *pkey=NULL;

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);

-	mkreq(&req,&pkey,512,0,365);

-	RSA_print_fp(stdout,pkey->pkey.rsa,0);

-	X509_REQ_print_fp(stdout,req);

-	PEM_write_X509_REQ(stdout,req);

-	X509_REQ_free(req);

-	EVP_PKEY_free(pkey);

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE_cleanup();

-#endif

-	CRYPTO_cleanup_all_ex_data();

-	CRYPTO_mem_leaks(bio_err);

-	BIO_free(bio_err);

-	return(0);

-	}

-static void callback(int p, int n, void *arg)

-	{

-	char c='B';

-	if (p == 0) c='.';

-	if (p == 1) c='+';

-	if (p == 2) c='*';

-	if (p == 3) c='\n';

-	fputc(c,stderr);

-	}

-int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)

-	{

-	X509_REQ *x;

-	EVP_PKEY *pk;

-	RSA *rsa;

-	X509_NAME *name=NULL;

-	STACK_OF(X509_EXTENSION) *exts = NULL;

-	if ((pk=EVP_PKEY_new()) == NULL)

-		goto err;

-	if ((x=X509_REQ_new()) == NULL)

-		goto err;

-	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);

-	if (!EVP_PKEY_assign_RSA(pk,rsa))

-		goto err;

-	rsa=NULL;

-	X509_REQ_set_pubkey(x,pk);

-	name=X509_REQ_get_subject_name(x);

-	/* This function creates and adds the entry, working out the

-	 * correct string type and performing checks on its length.

-	 * Normally we'd check the return value for errors...

-	 */

-	X509_NAME_add_entry_by_txt(name,"C",

-				MBSTRING_ASC, "UK", -1, -1, 0);

-	X509_NAME_add_entry_by_txt(name,"CN",

-				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);

-#ifdef REQUEST_EXTENSIONS

-	/* Certificate requests can contain extensions, which can be used

-	 * to indicate the extensions the requestor would like added to

-	 * their certificate. CAs might ignore them however or even choke

-	 * if they are present.

-	 */

-	/* For request extensions they are all packed in a single attribute.

-	 * We save them in a STACK and add them all at once later...

-	 */

-	exts = sk_X509_EXTENSION_new_null();

-	/* Standard extenions */

-	add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");

-	/* This is a typical use for request extensions: requesting a value for

-	 * subject alternative name.

-	 */

-	add_ext(exts, NID_subject_alt_name, "email:[email protected]");

-	/* Some Netscape specific extensions */

-	add_ext(exts, NID_netscape_cert_type, "client,email");

-#ifdef CUSTOM_EXT

-	/* Maybe even add our own extension based on existing */

-	{

-		int nid;

-		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");

-		X509V3_EXT_add_alias(nid, NID_netscape_comment);

-		add_ext(x, nid, "example comment alias");

-	}

-#endif

-	/* Now we've created the extensions we add them to the request */

-	X509_REQ_add_extensions(x, exts);

-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

-#endif

-	if (!X509_REQ_sign(x,pk,EVP_md5()))

-		goto err;

-	*req=x;

-	*pkeyp=pk;

-	return(1);

-err:

-	return(0);

-	}

-/* Add extension using V3 code: we can set the config file as NULL

- * because we wont reference any other sections.

- */

-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)

-	{

-	X509_EXTENSION *ex;

-	ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);

-	if (!ex)

-		return 0;

-	sk_X509_EXTENSION_push(sk, ex);

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/engines/Makefile

+++ /dev/null

@@ -1,249 +1,0 @@

-#

-# OpenSSL/engines/Makefile

-#

-DIR=	engines

-TOP=	..

-CC=	cc

-INCLUDES= -I../include

-CFLAG=-g

-MAKEFILE=	Makefile

-AR=		ar r

-PEX_LIBS=

-EX_LIBS=

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile engines.com install.com engine_vector.mar

-TEST=

-APPS=

-LIB=$(TOP)/libcrypto.a

-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec

-LIBSRC=	e_4758cca.c \

-	e_aep.c \

-	e_atalla.c \

-	e_cswift.c \

-	e_gmp.c \

-	e_chil.c \

-	e_nuron.c \

-	e_sureware.c \

-	e_ubsec.c

-LIBOBJ= e_4758cca.o \

-	e_aep.o \

-	e_atalla.o \

-	e_cswift.o \

-	e_gmp.o \

-	e_chil.o \

-	e_nuron.o \

-	e_sureware.o \

-	e_ubsec.o

-SRC= $(LIBSRC)

-EXHEADER=

-HEADER=	e_4758cca_err.c e_4758cca_err.h \

-	e_aep_err.c e_aep_err.h \

-	e_atalla_err.c e_atalla_err.h \

-	e_cswift_err.c e_cswift_err.h \

-	e_gmp_err.c e_gmp_err.h \

-	e_chil_err.c e_chil_err.h \

-	e_nuron_err.c e_nuron_err.h \

-	e_sureware_err.c e_sureware_err.h \

-	e_ubsec_err.c e_ubsec_err.h

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ..; $(MAKE) DIRS=$(DIR) all)

-all:	lib

-lib:	$(LIBOBJ)

-	@if [ -n "$(SHARED_LIBS)" ]; then \

-		set -e; \

-		for l in $(LIBNAMES); do \

-			$(MAKE) -f ../Makefile.shared -e \

-				LIBNAME=$$l LIBEXTRAS=e_$$l.o \

-				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \

-				link_o.$(SHLIB_TARGET); \

-		done; \

-	else \

-		$(AR) $(LIB) $(LIBOBJ); \

-		$(RANLIB) $(LIB) || echo Never mind.; \

-	fi; \

-	touch lib

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-# XXXXX This currently only works on systems that use .so as suffix

-# for shared libraries as well as for Cygwin which uses the

-# dlfcn_name_converter and therefore stores the engines with .so suffix, too.

-# XXXXX This was extended to HP-UX dl targets, which use .sl suffix.

-install:

-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...

-	@if [ -n "$(SHARED_LIBS)" ]; then \

-		set -e; \

-		for l in $(LIBNAMES); do \

-			( echo installing $$l; \

-			  if [ "$(PLATFORM)" != "Cygwin" ]; then \

-				case "$(CFLAGS)" in \

-				*DSO_DLFCN*)	sfx="so";;	\

-				*DSO_DL*)	sfx="sl";;	\

-				*)		sfx="bad";;	\

-				esac; \

-				cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \

-			  else \

-			  	sfx="so"; \

-				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \

-			  fi; \

-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \

-			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx ); \

-		done; \

-	fi

-tags:

-	ctags $(SRC)

-errors:

-	set -e; for l in $(LIBNAMES); do \

-		$(PERL) ../util/mkerr.pl -conf e_$$l.ec \

-			-nostatic -staticloader -write e_$$l.c; \

-	done

-tests:

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@if [ -z "$(THIS)" ]; then \

-	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \

-	else \

-	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \

-	fi

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h

-e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h

-e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h

-e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h

-e_4758cca.o: vendor_defns/hw_4758_cca.h

-e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h

-e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h

-e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h

-e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h

-e_aep.o: vendor_defns/aep.h

-e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h

-e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h

-e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h

-e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c

-e_atalla.o: e_atalla_err.h vendor_defns/atalla.h

-e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h

-e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h

-e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h

-e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

-e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h

-e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h

-e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c

-e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h

-e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h

-e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h

-e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h

-e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

-e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c

-e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h

-e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h

-e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c

-e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h

-e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h

-e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h

-e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h

-e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h

-e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h

-e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

-e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

-e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h

-e_sureware.o: vendor_defns/sureware.h

-e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h

-e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h

-e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h

-e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h

-e_ubsec.o: vendor_defns/hw_ubsec.h

--- a/sys/src/ape/lib/openssl/engines/axp.opt

+++ /dev/null

@@ -1,1 +1,0 @@

-SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)

--- a/sys/src/ape/lib/openssl/engines/e_4758cca.c

+++ /dev/null

@@ -1,994 +1,0 @@

-/* Author: Maurice Gittens <[email protected]>                       */

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/dso.h>

-#include <openssl/x509.h>

-#include <openssl/objects.h>

-#include <openssl/engine.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_4758_CCA

-#ifdef FLAT_INC

-#include "hw_4758_cca.h"

-#else

-#include "vendor_defns/hw_4758_cca.h"

-#endif

-#include "e_4758cca_err.c"

-static int ibm_4758_cca_destroy(ENGINE *e);

-static int ibm_4758_cca_init(ENGINE *e);

-static int ibm_4758_cca_finish(ENGINE *e);

-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-/* rsa functions */

-/*---------------*/

-#ifndef OPENSSL_NO_RSA

-static int cca_rsa_pub_enc(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int cca_rsa_priv_dec(int flen, const unsigned char *from,

-		unsigned char *to, RSA *rsa,int padding);

-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,

-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);

-static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,

-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);

-/* utility functions */

-/*-----------------------*/

-static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,

-		UI_METHOD *ui_method, void *callback_data);

-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,

-		UI_METHOD *ui_method, void *callback_data);

-static int getModulusAndExponent(const unsigned char *token, long *exponentLength,

-		unsigned char *exponent, long *modulusLength,

-		long *modulusFieldLength, unsigned char *modulus);

-#endif

-/* RAND number functions */

-/*-----------------------*/

-static int cca_get_random_bytes(unsigned char*, int );

-static int cca_random_status(void);

-#ifndef OPENSSL_NO_RSA

-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-		int idx,long argl, void *argp);

-#endif

-/* Function pointers for CCA verbs */

-/*---------------------------------*/

-#ifndef OPENSSL_NO_RSA

-static F_KEYRECORDREAD keyRecordRead;

-static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;

-static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;

-static F_PUBLICKEYEXTRACT publicKeyExtract;

-static F_PKAENCRYPT pkaEncrypt;

-static F_PKADECRYPT pkaDecrypt;

-#endif

-static F_RANDOMNUMBERGENERATE randomNumberGenerate;

-/* static variables */

-/*------------------*/

-static const char *CCA4758_LIB_NAME = NULL;

-static const char *get_CCA4758_LIB_NAME(void)

-	{

-	if(CCA4758_LIB_NAME)

-		return CCA4758_LIB_NAME;

-	return CCA_LIB_NAME;

-	}

-static void free_CCA4758_LIB_NAME(void)

-	{

-	if(CCA4758_LIB_NAME)

-		OPENSSL_free((void*)CCA4758_LIB_NAME);

-	CCA4758_LIB_NAME = NULL;

-	}

-static long set_CCA4758_LIB_NAME(const char *name)

-	{

-	free_CCA4758_LIB_NAME();

-	return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);

-	}

-#ifndef OPENSSL_NO_RSA

-static const char* n_keyRecordRead = CSNDKRR;

-static const char* n_digitalSignatureGenerate = CSNDDSG;

-static const char* n_digitalSignatureVerify = CSNDDSV;

-static const char* n_publicKeyExtract = CSNDPKX;

-static const char* n_pkaEncrypt = CSNDPKE;

-static const char* n_pkaDecrypt = CSNDPKD;

-#endif

-static const char* n_randomNumberGenerate = CSNBRNG;

-#ifndef OPENSSL_NO_RSA

-static int hndidx = -1;

-#endif

-static DSO *dso = NULL;

-/* openssl engine initialization structures */

-/*------------------------------------------*/

-#define CCA4758_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN	cca4758_cmd_defns[] = {

-	{CCA4758_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the '4758cca' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-static RSA_METHOD ibm_4758_cca_rsa =

-	{

-	"IBM 4758 CCA RSA method",

-	cca_rsa_pub_enc,

-	NULL,

-	NULL,

-	cca_rsa_priv_dec,

-	NULL, /*rsa_mod_exp,*/

-	NULL, /*mod_exp_mont,*/

-	NULL, /* init */

-	NULL, /* finish */

-	RSA_FLAG_SIGN_VER,	  /* flags */

-	NULL, /* app_data */

-	cca_rsa_sign, /* rsa_sign */

-	cca_rsa_verify, /* rsa_verify */

-	NULL /* rsa_keygen */

-	};

-#endif

-static RAND_METHOD ibm_4758_cca_rand =

-	{

-	/* "IBM 4758 RAND method", */

-	NULL, /* seed */

-	cca_get_random_bytes, /* get random bytes from the card */

-	NULL, /* cleanup */

-	NULL, /* add */

-	cca_get_random_bytes, /* pseudo rand */

-	cca_random_status, /* status */

-	};

-static const char *engine_4758_cca_id = "4758cca";

-static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-/* Compatibility hack, the dynamic library uses this form in the path */

-static const char *engine_4758_cca_id_alt = "4758_cca";

-#endif

-/* engine implementation */

-/*-----------------------*/

-static int bind_helper(ENGINE *e)

-	{

-	if(!ENGINE_set_id(e, engine_4758_cca_id) ||

-			!ENGINE_set_name(e, engine_4758_cca_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||

-#endif

-			!ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||

-			!ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||

-			!ENGINE_set_init_function(e, ibm_4758_cca_init) ||

-			!ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||

-			!ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||

-			!ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||

-#endif

-			!ENGINE_set_cmd_defns(e, cca4758_cmd_defns))

-		return 0;

-	/* Ensure the error handling is set up */

-	ERR_load_CCA4758_strings();

-	return 1;

-	}

-#ifdef OPENSSL_NO_DYNAMIC_ENGINE

-static ENGINE *engine_4758_cca(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_4758cca(void)

-	{

-	ENGINE *e_4758 = engine_4758_cca();

-	if (!e_4758) return;

-	ENGINE_add(e_4758);

-	ENGINE_free(e_4758);

-	ERR_clear_error();

-	}

-#endif

-static int ibm_4758_cca_destroy(ENGINE *e)

-	{

-	ERR_unload_CCA4758_strings();

-	free_CCA4758_LIB_NAME();

-	return 1;

-	}

-static int ibm_4758_cca_init(ENGINE *e)

-	{

-	if(dso)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);

-		goto err;

-		}

-	dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);

-	if(!dso)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);

-		goto err;

-		}

-#ifndef OPENSSL_NO_RSA

-	if(!(keyRecordRead = (F_KEYRECORDREAD)

-				DSO_bind_func(dso, n_keyRecordRead)) ||

-			!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)

-				DSO_bind_func(dso, n_randomNumberGenerate)) ||

-			!(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)

-				DSO_bind_func(dso, n_digitalSignatureGenerate)) ||

-			!(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)

-				DSO_bind_func(dso, n_digitalSignatureVerify)) ||

-			!(publicKeyExtract = (F_PUBLICKEYEXTRACT)

-				DSO_bind_func(dso, n_publicKeyExtract)) ||

-			!(pkaEncrypt = (F_PKAENCRYPT)

-				DSO_bind_func(dso, n_pkaEncrypt)) ||

-			!(pkaDecrypt = (F_PKADECRYPT)

-				DSO_bind_func(dso, n_pkaDecrypt)))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);

-		goto err;

-		}

-#else

-	if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)

-				DSO_bind_func(dso, n_randomNumberGenerate)))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);

-		goto err;

-		}

-#endif

-#ifndef OPENSSL_NO_RSA

-	hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",

-		NULL, NULL, cca_ex_free);

-#endif

-	return 1;

-err:

-	if(dso)

-		DSO_free(dso);

-	dso = NULL;

-#ifndef OPENSSL_NO_RSA

-	keyRecordRead = (F_KEYRECORDREAD)0;

-	digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;

-	digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;

-	publicKeyExtract = (F_PUBLICKEYEXTRACT)0;

-	pkaEncrypt = (F_PKAENCRYPT)0;

-	pkaDecrypt = (F_PKADECRYPT)0;

-#endif

-	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;

-	return 0;

-	}

-static int ibm_4758_cca_finish(ENGINE *e)

-	{

-	free_CCA4758_LIB_NAME();

-	if(!dso)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,

-				CCA4758_R_NOT_LOADED);

-		return 0;

-		}

-	if(!DSO_free(dso))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,

-				CCA4758_R_UNIT_FAILURE);

-		return 0;

-		}

-	dso = NULL;

-#ifndef OPENSSL_NO_RSA

-	keyRecordRead = (F_KEYRECORDREAD)0;

-	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;

-	digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;

-	digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;

-	publicKeyExtract = (F_PUBLICKEYEXTRACT)0;

-	pkaEncrypt = (F_PKAENCRYPT)0;

-	pkaDecrypt = (F_PKADECRYPT)0;

-#endif

-	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;

-	return 1;

-	}

-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int initialised = ((dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case CCA4758_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,

-					ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,

-					CCA4758_R_ALREADY_LOADED);

-			return 0;

-			}

-		return set_CCA4758_LIB_NAME((const char *)p);

-	default:

-		break;

-		}

-	CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,

-			CCA4758_R_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-#ifndef OPENSSL_NO_RSA

-#define MAX_CCA_PKA_TOKEN_SIZE 2500

-static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,

-			UI_METHOD *ui_method, void *callback_data)

-	{

-	RSA *rtmp = NULL;

-	EVP_PKEY *res = NULL;

-	unsigned char* keyToken = NULL;

-	unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];

-	long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;

-	long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;

-	long returnCode;

-	long reasonCode;

-	long exitDataLength = 0;

-	long ruleArrayLength = 0;

-	unsigned char exitData[8];

-	unsigned char ruleArray[8];

-	unsigned char keyLabel[64];

-	unsigned long keyLabelLength = strlen(key_id);

-	unsigned char modulus[256];

-	long modulusFieldLength = sizeof(modulus);

-	long modulusLength = 0;

-	unsigned char exponent[256];

-	long exponentLength = sizeof(exponent);

-	if (keyLabelLength > sizeof(keyLabel))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,

-		CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-		return NULL;

-		}

-	memset(keyLabel,' ', sizeof(keyLabel));

-	memcpy(keyLabel, key_id, keyLabelLength);

-	keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));

-	if (!keyToken)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,

-				ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	keyRecordRead(&returnCode, &reasonCode, &exitDataLength,

-		exitData, &ruleArrayLength, ruleArray, keyLabel,

-		&keyTokenLength, keyToken+sizeof(long));

-	if (returnCode)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,

-			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);

-		goto err;

-		}

-	publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,

-		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,

-		keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);

-	if (returnCode)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,

-			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);

-		goto err;

-		}

-	if (!getModulusAndExponent(pubKeyToken, &exponentLength,

-			exponent, &modulusLength, &modulusFieldLength,

-			modulus))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,

-			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);

-		goto err;

-		}

-	(*(long*)keyToken) = keyTokenLength;

-	rtmp = RSA_new_method(e);

-	RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);

-	rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);

-	rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);

-	rtmp->flags |= RSA_FLAG_EXT_PKEY;

-	res = EVP_PKEY_new();

-	EVP_PKEY_assign_RSA(res, rtmp);

-	return res;

-err:

-	if (keyToken)

-		OPENSSL_free(keyToken);

-	if (res)

-		EVP_PKEY_free(res);

-	if (rtmp)

-		RSA_free(rtmp);

-	return NULL;

-	}

-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,

-			UI_METHOD *ui_method, void *callback_data)

-	{

-	RSA *rtmp = NULL;

-	EVP_PKEY *res = NULL;

-	unsigned char* keyToken = NULL;

-	long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;

-	long returnCode;

-	long reasonCode;

-	long exitDataLength = 0;

-	long ruleArrayLength = 0;

-	unsigned char exitData[8];

-	unsigned char ruleArray[8];

-	unsigned char keyLabel[64];

-	unsigned long keyLabelLength = strlen(key_id);

-	unsigned char modulus[512];

-	long modulusFieldLength = sizeof(modulus);

-	long modulusLength = 0;

-	unsigned char exponent[512];

-	long exponentLength = sizeof(exponent);

-	if (keyLabelLength > sizeof(keyLabel))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,

-			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-		return NULL;

-		}

-	memset(keyLabel,' ', sizeof(keyLabel));

-	memcpy(keyLabel, key_id, keyLabelLength);

-	keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));

-	if (!keyToken)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,

-				ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,

-		&ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,

-		keyToken+sizeof(long));

-	if (returnCode)

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,

-				ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,

-			exponent, &modulusLength, &modulusFieldLength, modulus))

-		{

-		CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,

-			CCA4758_R_FAILED_LOADING_PUBLIC_KEY);

-		goto err;

-		}

-	(*(long*)keyToken) = keyTokenLength;

-	rtmp = RSA_new_method(e);

-	RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);

-	rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);

-	rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);

-	rtmp->flags |= RSA_FLAG_EXT_PKEY;

-	res = EVP_PKEY_new();

-	EVP_PKEY_assign_RSA(res, rtmp);

-	return res;

-err:

-	if (keyToken)

-		OPENSSL_free(keyToken);

-	if (res)

-		EVP_PKEY_free(res);

-	if (rtmp)

-		RSA_free(rtmp);

-	return NULL;

-	}

-static int cca_rsa_pub_enc(int flen, const unsigned char *from,

-			unsigned char *to, RSA *rsa,int padding)

-	{

-	long returnCode;

-	long reasonCode;

-	long lflen = flen;

-	long exitDataLength = 0;

-	unsigned char exitData[8];

-	long ruleArrayLength = 1;

-	unsigned char ruleArray[8] = "PKCS-1.2";

-	long dataStructureLength = 0;

-	unsigned char dataStructure[8];

-	long outputLength = RSA_size(rsa);

-	long keyTokenLength;

-	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);

-	keyTokenLength = *(long*)keyToken;

-	keyToken+=sizeof(long);

-	pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,

-		&ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,

-		&dataStructureLength, dataStructure, &keyTokenLength,

-		keyToken, &outputLength, to);

-	if (returnCode || reasonCode)

-		return -(returnCode << 16 | reasonCode);

-	return outputLength;

-	}

-static int cca_rsa_priv_dec(int flen, const unsigned char *from,

-			unsigned char *to, RSA *rsa,int padding)

-	{

-	long returnCode;

-	long reasonCode;

-	long lflen = flen;

-	long exitDataLength = 0;

-	unsigned char exitData[8];

-	long ruleArrayLength = 1;

-	unsigned char ruleArray[8] = "PKCS-1.2";

-	long dataStructureLength = 0;

-	unsigned char dataStructure[8];

-	long outputLength = RSA_size(rsa);

-	long keyTokenLength;

-	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);

-	keyTokenLength = *(long*)keyToken;

-	keyToken+=sizeof(long);

-	pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,

-		&ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,

-		&dataStructureLength, dataStructure, &keyTokenLength,

-		keyToken, &outputLength, to);

-	return (returnCode | reasonCode) ? 0 : 1;

-	}

-#define SSL_SIG_LEN 36

-static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,

-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)

-	{

-	long returnCode;

-	long reasonCode;

-	long lsiglen = siglen;

-	long exitDataLength = 0;

-	unsigned char exitData[8];

-	long ruleArrayLength = 1;

-	unsigned char ruleArray[8] = "PKCS-1.1";

-	long keyTokenLength;

-	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);

-	long length = SSL_SIG_LEN;

-	long keyLength ;

-	unsigned char *hashBuffer = NULL;

-	X509_SIG sig;

-	ASN1_TYPE parameter;

-	X509_ALGOR algorithm;

-	ASN1_OCTET_STRING digest;

-	keyTokenLength = *(long*)keyToken;

-	keyToken+=sizeof(long);

-	if (type == NID_md5 || type == NID_sha1)

-		{

-		sig.algor = &algorithm;

-		algorithm.algorithm = OBJ_nid2obj(type);

-		if (!algorithm.algorithm)

-			{

-			CCA4758err(CCA4758_F_CCA_RSA_VERIFY,

-				CCA4758_R_UNKNOWN_ALGORITHM_TYPE);

-			return 0;

-			}

-		if (!algorithm.algorithm->length)

-			{

-			CCA4758err(CCA4758_F_CCA_RSA_VERIFY,

-				CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);

-			return 0;

-			}

-		parameter.type = V_ASN1_NULL;

-		parameter.value.ptr = NULL;

-		algorithm.parameter = &parameter;

-		sig.digest = &digest;

-		sig.digest->data = (unsigned char*)m;

-		sig.digest->length = m_len;

-		length = i2d_X509_SIG(&sig, NULL);

-		}

-	keyLength = RSA_size(rsa);

-	if (length - RSA_PKCS1_PADDING > keyLength)

-		{

-		CCA4758err(CCA4758_F_CCA_RSA_VERIFY,

-			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-		return 0;

-		}

-	switch (type)

-		{

-		case NID_md5_sha1 :

-			if (m_len != SSL_SIG_LEN)

-				{

-				CCA4758err(CCA4758_F_CCA_RSA_VERIFY,

-				CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-				return 0;

-				}

-			hashBuffer = (unsigned char *)m;

-			length = m_len;

-			break;

-		case NID_md5 :

-			{

-			unsigned char *ptr;

-			ptr = hashBuffer = OPENSSL_malloc(

-					(unsigned int)keyLength+1);

-			if (!hashBuffer)

-				{

-				CCA4758err(CCA4758_F_CCA_RSA_VERIFY,

-						ERR_R_MALLOC_FAILURE);

-				return 0;

-				}

-			i2d_X509_SIG(&sig, &ptr);

-			}

-			break;

-		case NID_sha1 :

-			{

-			unsigned char *ptr;

-			ptr = hashBuffer = OPENSSL_malloc(

-					(unsigned int)keyLength+1);

-			if (!hashBuffer)

-				{

-				CCA4758err(CCA4758_F_CCA_RSA_VERIFY,

-						ERR_R_MALLOC_FAILURE);

-				return 0;

-				}

-			i2d_X509_SIG(&sig, &ptr);

-			}

-			break;

-		default:

-			return 0;

-		}

-	digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,

-		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,

-		keyToken, &length, hashBuffer, &lsiglen, sigbuf);

-	if (type == NID_sha1 || type == NID_md5)

-		{

-		OPENSSL_cleanse(hashBuffer, keyLength+1);

-		OPENSSL_free(hashBuffer);

-		}

-	return ((returnCode || reasonCode) ? 0 : 1);

-	}

-#define SSL_SIG_LEN 36

-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,

-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa)

-	{

-	long returnCode;

-	long reasonCode;

-	long exitDataLength = 0;

-	unsigned char exitData[8];

-	long ruleArrayLength = 1;

-	unsigned char ruleArray[8] = "PKCS-1.1";

-	long outputLength=256;

-	long outputBitLength;

-	long keyTokenLength;

-	unsigned char *hashBuffer = NULL;

-	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);

-	long length = SSL_SIG_LEN;

-	long keyLength ;

-	X509_SIG sig;

-	ASN1_TYPE parameter;

-	X509_ALGOR algorithm;

-	ASN1_OCTET_STRING digest;

-	keyTokenLength = *(long*)keyToken;

-	keyToken+=sizeof(long);

-	if (type == NID_md5 || type == NID_sha1)

-		{

-		sig.algor = &algorithm;

-		algorithm.algorithm = OBJ_nid2obj(type);

-		if (!algorithm.algorithm)

-			{

-			CCA4758err(CCA4758_F_CCA_RSA_SIGN,

-				CCA4758_R_UNKNOWN_ALGORITHM_TYPE);

-			return 0;

-			}

-		if (!algorithm.algorithm->length)

-			{

-			CCA4758err(CCA4758_F_CCA_RSA_SIGN,

-				CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);

-			return 0;

-			}

-		parameter.type = V_ASN1_NULL;

-		parameter.value.ptr = NULL;

-		algorithm.parameter = &parameter;

-		sig.digest = &digest;

-		sig.digest->data = (unsigned char*)m;

-		sig.digest->length = m_len;

-		length = i2d_X509_SIG(&sig, NULL);

-		}

-	keyLength = RSA_size(rsa);

-	if (length - RSA_PKCS1_PADDING > keyLength)

-		{

-		CCA4758err(CCA4758_F_CCA_RSA_SIGN,

-			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-		return 0;

-		}

-	switch (type)

-		{

-		case NID_md5_sha1 :

-			if (m_len != SSL_SIG_LEN)

-				{

-				CCA4758err(CCA4758_F_CCA_RSA_SIGN,

-				CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-				return 0;

-				}

-			hashBuffer = (unsigned char*)m;

-			length = m_len;

-			break;

-		case NID_md5 :

-			{

-			unsigned char *ptr;

-			ptr = hashBuffer = OPENSSL_malloc(

-					(unsigned int)keyLength+1);

-			if (!hashBuffer)

-				{

-				CCA4758err(CCA4758_F_CCA_RSA_SIGN,

-						ERR_R_MALLOC_FAILURE);

-				return 0;

-				}

-			i2d_X509_SIG(&sig, &ptr);

-			}

-			break;

-		case NID_sha1 :

-			{

-			unsigned char *ptr;

-			ptr = hashBuffer = OPENSSL_malloc(

-					(unsigned int)keyLength+1);

-			if (!hashBuffer)

-				{

-				CCA4758err(CCA4758_F_CCA_RSA_SIGN,

-						ERR_R_MALLOC_FAILURE);

-				return 0;

-				}

-			i2d_X509_SIG(&sig, &ptr);

-			}

-			break;

-		default:

-			return 0;

-		}

-	digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,

-		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,

-		keyToken, &length, hashBuffer, &outputLength, &outputBitLength,

-		sigret);

-	if (type == NID_sha1 || type == NID_md5)

-		{

-		OPENSSL_cleanse(hashBuffer, keyLength+1);

-		OPENSSL_free(hashBuffer);

-		}

-	*siglen = outputLength;

-	return ((returnCode || reasonCode) ? 0 : 1);

-	}

-static int getModulusAndExponent(const unsigned char*token, long *exponentLength,

-		unsigned char *exponent, long *modulusLength, long *modulusFieldLength,

-		unsigned char *modulus)

-	{

-	unsigned long len;

-	if (*token++ != (char)0x1E) /* internal PKA token? */

-		return 0;

-	if (*token++) /* token version must be zero */

-		return 0;

-	len = *token++;

-	len = len << 8;

-	len |= (unsigned char)*token++;

-	token += 4; /* skip reserved bytes */

-	if (*token++ == (char)0x04)

-		{

-		if (*token++) /* token version must be zero */

-			return 0;

-		len = *token++;

-		len = len << 8;

-		len |= (unsigned char)*token++;

-		token+=2; /* skip reserved section */

-		len = *token++;

-		len = len << 8;

-		len |= (unsigned char)*token++;

-		*exponentLength = len;

-		len = *token++;

-		len = len << 8;

-		len |= (unsigned char)*token++;

-		*modulusLength = len;

-		len = *token++;

-		len = len << 8;

-		len |= (unsigned char)*token++;

-		*modulusFieldLength = len;

-		memcpy(exponent, token, *exponentLength);

-		token+= *exponentLength;

-		memcpy(modulus, token, *modulusFieldLength);

-		return 1;

-		}

-	return 0;

-	}

-#endif /* OPENSSL_NO_RSA */

-static int cca_random_status(void)

-	{

-	return 1;

-	}

-static int cca_get_random_bytes(unsigned char* buf, int num)

-	{

-	long ret_code;

-	long reason_code;

-	long exit_data_length;

-	unsigned char exit_data[4];

-	unsigned char form[] = "RANDOM  ";

-	unsigned char rand_buf[8];

-	while(num >= (int)sizeof(rand_buf))

-		{

-		randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,

-			exit_data, form, rand_buf);

-		if (ret_code)

-			return 0;

-		num -= sizeof(rand_buf);

-		memcpy(buf, rand_buf, sizeof(rand_buf));

-		buf += sizeof(rand_buf);

-		}

-	if (num)

-		{

-		randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,

-			form, rand_buf);

-		if (ret_code)

-			return 0;

-		memcpy(buf, rand_buf, num);

-		}

-	return 1;

-	}

-#ifndef OPENSSL_NO_RSA

-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,

-		long argl, void *argp)

-	{

-	if (item)

-		OPENSSL_free(item);

-	}

-#endif

-/* Goo to handle building as a dynamic engine */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_4758_cca_id) != 0) &&

-			(strcmp(id, engine_4758_cca_id_alt) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_4758_CCA */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_4758cca.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L CCA4758	e_4758cca_err.h		e_4758cca_err.c

--- a/sys/src/ape/lib/openssl/engines/e_4758cca_err.c

+++ /dev/null

@@ -1,153 +1,0 @@

-/* e_4758cca_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_4758cca_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA CCA4758_str_functs[]=

-	{

-{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN),	"CCA_RSA_SIGN"},

-{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY),	"CCA_RSA_VERIFY"},

-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL),	"IBM_4758_CCA_CTRL"},

-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH),	"IBM_4758_CCA_FINISH"},

-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT),	"IBM_4758_CCA_INIT"},

-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY),	"IBM_4758_LOAD_PRIVKEY"},

-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY),	"IBM_4758_LOAD_PUBKEY"},

-{0,NULL}

-	};

-static ERR_STRING_DATA CCA4758_str_reasons[]=

-	{

-{ERR_REASON(CCA4758_R_ALREADY_LOADED)    ,"already loaded"},

-{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),"asn1 oid unknown for md"},

-{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),"command not implemented"},

-{ERR_REASON(CCA4758_R_DSO_FAILURE)       ,"dso failure"},

-{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},

-{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},

-{ERR_REASON(CCA4758_R_NOT_LOADED)        ,"not loaded"},

-{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},

-{ERR_REASON(CCA4758_R_UNIT_FAILURE)      ,"unit failure"},

-{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},

-{0,NULL}

-	};

-#endif

-#ifdef CCA4758_LIB_NAME

-static ERR_STRING_DATA CCA4758_lib_name[]=

-        {

-{0	,CCA4758_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int CCA4758_lib_error_code=0;

-static int CCA4758_error_init=1;

-static void ERR_load_CCA4758_strings(void)

-	{

-	if (CCA4758_lib_error_code == 0)

-		CCA4758_lib_error_code=ERR_get_next_error_library();

-	if (CCA4758_error_init)

-		{

-		CCA4758_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);

-		ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);

-#endif

-#ifdef CCA4758_LIB_NAME

-		CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);

-		ERR_load_strings(0,CCA4758_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_CCA4758_strings(void)

-	{

-	if (CCA4758_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);

-		ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);

-#endif

-#ifdef CCA4758_LIB_NAME

-		ERR_unload_strings(0,CCA4758_lib_name);

-#endif

-		CCA4758_error_init=1;

-		}

-	}

-static void ERR_CCA4758_error(int function, int reason, char *file, int line)

-	{

-	if (CCA4758_lib_error_code == 0)

-		CCA4758_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_4758cca_err.h

+++ /dev/null

@@ -1,93 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_CCA4758_ERR_H

-#define HEADER_CCA4758_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_CCA4758_strings(void);

-static void ERR_unload_CCA4758_strings(void);

-static void ERR_CCA4758_error(int function, int reason, char *file, int line);

-#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the CCA4758 functions. */

-/* Function codes. */

-#define CCA4758_F_CCA_RSA_SIGN				 105

-#define CCA4758_F_CCA_RSA_VERIFY			 106

-#define CCA4758_F_IBM_4758_CCA_CTRL			 100

-#define CCA4758_F_IBM_4758_CCA_FINISH			 101

-#define CCA4758_F_IBM_4758_CCA_INIT			 102

-#define CCA4758_F_IBM_4758_LOAD_PRIVKEY			 103

-#define CCA4758_F_IBM_4758_LOAD_PUBKEY			 104

-/* Reason codes. */

-#define CCA4758_R_ALREADY_LOADED			 100

-#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD		 101

-#define CCA4758_R_COMMAND_NOT_IMPLEMENTED		 102

-#define CCA4758_R_DSO_FAILURE				 103

-#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY		 104

-#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY		 105

-#define CCA4758_R_NOT_LOADED				 106

-#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107

-#define CCA4758_R_UNIT_FAILURE				 108

-#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE		 109

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_aep.c

+++ /dev/null

@@ -1,1137 +1,0 @@

-/* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/bn.h>

-#include <string.h>

-#include <openssl/e_os2.h>

-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)

-#include <sys/types.h>

-#include <unistd.h>

-#else

-#include <process.h>

-typedef int pid_t;

-#endif

-#include <openssl/crypto.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#include <openssl/buffer.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_AEP

-#ifdef FLAT_INC

-#include "aep.h"

-#else

-#include "vendor_defns/aep.h"

-#endif

-#define AEP_LIB_NAME "aep engine"

-#define FAIL_TO_SW 0x10101010

-#include "e_aep_err.c"

-static int aep_init(ENGINE *e);

-static int aep_finish(ENGINE *e);

-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-static int aep_destroy(ENGINE *e);

-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);

-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);

-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);

-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);

-/* BIGNUM stuff */

-#ifndef OPENSSL_NO_RSA

-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx);

-static AEP_RV aep_mod_exp_crt(BIGNUM *r,const  BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,

-	const BIGNUM *iqmp, BN_CTX *ctx);

-#endif

-/* RSA stuff */

-#ifndef OPENSSL_NO_RSA

-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-#endif

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-#ifndef OPENSSL_NO_RSA

-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* DSA stuff */

-#ifndef OPENSSL_NO_DSA

-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-	BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-	BN_CTX *ctx, BN_MONT_CTX *in_mont);

-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-	BN_MONT_CTX *m_ctx);

-#endif

-/* DH stuff */

-/* This function is aliased to mod_exp (with the DH and mont dropped). */

-#ifndef OPENSSL_NO_DH

-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* rand stuff   */

-#ifdef AEPRAND

-static int aep_rand(unsigned char *buf, int num);

-static int aep_rand_status(void);

-#endif

-/* Bignum conversion stuff */

-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);

-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,

-	unsigned char* AEP_BigNum);

-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,

-	unsigned char* AEP_BigNum);

-/* The definitions for control commands specific to this engine */

-#define AEP_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN aep_cmd_defns[] =

-	{

-	{ AEP_CMD_SO_PATH,

-	  "SO_PATH",

-	  "Specifies the path to the 'aep' shared library",

-	  ENGINE_CMD_FLAG_STRING

-	},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD aep_rsa =

-	{

-	"Aep RSA method",

-	NULL,                /*rsa_pub_encrypt*/

-	NULL,                /*rsa_pub_decrypt*/

-	NULL,                /*rsa_priv_encrypt*/

-	NULL,                /*rsa_priv_encrypt*/

-	aep_rsa_mod_exp,     /*rsa_mod_exp*/

-	aep_mod_exp_mont,    /*bn_mod_exp*/

-	NULL,                /*init*/

-	NULL,                /*finish*/

-	0,                   /*flags*/

-	NULL,                /*app_data*/

-	NULL,                /*rsa_sign*/

-	NULL,                /*rsa_verify*/

-	NULL                 /*rsa_keygen*/

-	};

-#endif

-#ifndef OPENSSL_NO_DSA

-/* Our internal DSA_METHOD that we provide pointers to */

-static DSA_METHOD aep_dsa =

-	{

-	"Aep DSA method",

-	NULL,                /* dsa_do_sign */

-	NULL,                /* dsa_sign_setup */

-	NULL,                /* dsa_do_verify */

-	aep_dsa_mod_exp,     /* dsa_mod_exp */

-	aep_mod_exp_dsa,     /* bn_mod_exp */

-	NULL,                /* init */

-	NULL,                /* finish */

-	0,                   /* flags */

-	NULL,                /* app_data */

-	NULL,                /* dsa_paramgen */

-	NULL                 /* dsa_keygen */

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-static DH_METHOD aep_dh =

-	{

-	"Aep DH method",

-	NULL,

-	NULL,

-	aep_mod_exp_dh,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL

-	};

-#endif

-#ifdef AEPRAND

-/* our internal RAND_method that we provide pointers to  */

-static RAND_METHOD aep_random =

-	{

-	/*"AEP RAND method", */

-	NULL,

-	aep_rand,

-	NULL,

-	NULL,

-	aep_rand,

-	aep_rand_status,

-	};

-#endif

-/*Define an array of structures to hold connections*/

-static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];

-/*Used to determine if this is a new process*/

-static pid_t    recorded_pid = 0;

-#ifdef AEPRAND

-static AEP_U8   rand_block[RAND_BLK_SIZE];

-static AEP_U32  rand_block_bytes = 0;

-#endif

-/* Constants used when creating the ENGINE */

-static const char *engine_aep_id = "aep";

-static const char *engine_aep_name = "Aep hardware engine support";

-static int max_key_len = 2176;

-/* This internal function is used by ENGINE_aep() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_aep(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD  *meth1;

-#endif

-#ifndef OPENSSL_NO_DSA

-	const DSA_METHOD  *meth2;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD	  *meth3;

-#endif

-	if(!ENGINE_set_id(e, engine_aep_id) ||

-		!ENGINE_set_name(e, engine_aep_name) ||

-#ifndef OPENSSL_NO_RSA

-		!ENGINE_set_RSA(e, &aep_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-		!ENGINE_set_DSA(e, &aep_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-		!ENGINE_set_DH(e, &aep_dh) ||

-#endif

-#ifdef AEPRAND

-		!ENGINE_set_RAND(e, &aep_random) ||

-#endif

-		!ENGINE_set_init_function(e, aep_init) ||

-		!ENGINE_set_destroy_function(e, aep_destroy) ||

-		!ENGINE_set_finish_function(e, aep_finish) ||

-		!ENGINE_set_ctrl_function(e, aep_ctrl) ||

-		!ENGINE_set_cmd_defns(e, aep_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the aep-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DSA

-	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

-	 * bits. */

-	meth2 = DSA_OpenSSL();

-	aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;

-	aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;

-	aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;

-	aep_dsa = *DSA_get_default_method();

-	aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;

-	aep_dsa.bn_mod_exp = aep_mod_exp_dsa;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth3 = DH_OpenSSL();

-	aep_dh.generate_key = meth3->generate_key;

-	aep_dh.compute_key  = meth3->compute_key;

-	aep_dh.bn_mod_exp   = meth3->bn_mod_exp;

-#endif

-	/* Ensure the aep error handling is set up */

-	ERR_load_AEPHK_strings();

-	return 1;

-}

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_helper(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_aep_id) != 0))

-		return 0;

-	if(!bind_aep(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)

-#else

-static ENGINE *engine_aep(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_aep(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_aep(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_aep();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This is a process-global DSO handle used for loading and unloading

- * the Aep library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *aep_dso = NULL;

-/* These are the static string constants for the DSO file name and the function

- * symbol names to bind to.

-*/

-static const char *AEP_LIBNAME = NULL;

-static const char *get_AEP_LIBNAME(void)

-	{

-	if(AEP_LIBNAME)

-		return AEP_LIBNAME;

-	return "aep";

-	}

-static void free_AEP_LIBNAME(void)

-	{

-	if(AEP_LIBNAME)

-		OPENSSL_free((void*)AEP_LIBNAME);

-	AEP_LIBNAME = NULL;

-	}

-static long set_AEP_LIBNAME(const char *name)

-	{

-	free_AEP_LIBNAME();

-	return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);

-	}

-static const char *AEP_F1    = "AEP_ModExp";

-static const char *AEP_F2    = "AEP_ModExpCrt";

-#ifdef AEPRAND

-static const char *AEP_F3    = "AEP_GenRandom";

-#endif

-static const char *AEP_F4    = "AEP_Finalize";

-static const char *AEP_F5    = "AEP_Initialize";

-static const char *AEP_F6    = "AEP_OpenConnection";

-static const char *AEP_F7    = "AEP_SetBNCallBacks";

-static const char *AEP_F8    = "AEP_CloseConnection";

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static t_AEP_OpenConnection    *p_AEP_OpenConnection  = NULL;

-static t_AEP_CloseConnection   *p_AEP_CloseConnection = NULL;

-static t_AEP_ModExp            *p_AEP_ModExp          = NULL;

-static t_AEP_ModExpCrt         *p_AEP_ModExpCrt       = NULL;

-#ifdef AEPRAND

-static t_AEP_GenRandom         *p_AEP_GenRandom       = NULL;

-#endif

-static t_AEP_Initialize        *p_AEP_Initialize      = NULL;

-static t_AEP_Finalize          *p_AEP_Finalize        = NULL;

-static t_AEP_SetBNCallBacks    *p_AEP_SetBNCallBacks  = NULL;

-/* (de)initialisation functions. */

-static int aep_init(ENGINE *e)

-	{

-	t_AEP_ModExp          *p1;

-	t_AEP_ModExpCrt       *p2;

-#ifdef AEPRAND

-	t_AEP_GenRandom       *p3;

-#endif

-	t_AEP_Finalize        *p4;

-	t_AEP_Initialize      *p5;

-	t_AEP_OpenConnection  *p6;

-	t_AEP_SetBNCallBacks  *p7;

-	t_AEP_CloseConnection *p8;

-	int to_return = 0;

-	if(aep_dso != NULL)

-		{

-		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);

-		goto err;

-		}

-	/* Attempt to load libaep.so. */

-	aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);

-	if(aep_dso == NULL)

-		{

-		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);

-		goto err;

-		}

-	if(	!(p1 = (t_AEP_ModExp *)     DSO_bind_func( aep_dso,AEP_F1))  ||

-		!(p2 = (t_AEP_ModExpCrt*)   DSO_bind_func( aep_dso,AEP_F2))  ||

-#ifdef AEPRAND

-		!(p3 = (t_AEP_GenRandom*)   DSO_bind_func( aep_dso,AEP_F3))  ||

-#endif

-		!(p4 = (t_AEP_Finalize*)    DSO_bind_func( aep_dso,AEP_F4))  ||

-		!(p5 = (t_AEP_Initialize*)  DSO_bind_func( aep_dso,AEP_F5))  ||

-		!(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6))  ||

-		!(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7))  ||

-		!(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))

-		{

-		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);

-		goto err;

-		}

-	/* Copy the pointers */

-	p_AEP_ModExp           = p1;

-	p_AEP_ModExpCrt        = p2;

-#ifdef AEPRAND

-	p_AEP_GenRandom        = p3;

-#endif

-	p_AEP_Finalize         = p4;

-	p_AEP_Initialize       = p5;

-	p_AEP_OpenConnection   = p6;

-	p_AEP_SetBNCallBacks   = p7;

-	p_AEP_CloseConnection  = p8;

-	to_return = 1;

-	return to_return;

- err:

-	if(aep_dso)

-		DSO_free(aep_dso);

-	aep_dso = NULL;

-	p_AEP_OpenConnection    = NULL;

-	p_AEP_ModExp            = NULL;

-	p_AEP_ModExpCrt         = NULL;

-#ifdef AEPRAND

-	p_AEP_GenRandom         = NULL;

-#endif

-	p_AEP_Initialize        = NULL;

-	p_AEP_Finalize          = NULL;

-	p_AEP_SetBNCallBacks    = NULL;

-	p_AEP_CloseConnection   = NULL;

-	return to_return;

-	}

-/* Destructor (complements the "ENGINE_aep()" constructor) */

-static int aep_destroy(ENGINE *e)

-	{

-	free_AEP_LIBNAME();

-	ERR_unload_AEPHK_strings();

-	return 1;

-	}

-static int aep_finish(ENGINE *e)

-	{

-	int to_return = 0, in_use;

-	AEP_RV rv;

-	if(aep_dso == NULL)

-		{

-		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);

-		goto err;

-		}

-	rv = aep_close_all_connections(0, &in_use);

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);

-		goto err;

-		}

-	if (in_use)

-		{

-		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);

-		goto err;

-		}

-	rv = p_AEP_Finalize();

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);

-		goto err;

-		}

-	if(!DSO_free(aep_dso))

-		{

-		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);

-		goto err;

-		}

-	aep_dso = NULL;

-	p_AEP_CloseConnection   = NULL;

-	p_AEP_OpenConnection    = NULL;

-	p_AEP_ModExp            = NULL;

-	p_AEP_ModExpCrt         = NULL;

-#ifdef AEPRAND

-	p_AEP_GenRandom         = NULL;

-#endif

-	p_AEP_Initialize        = NULL;

-	p_AEP_Finalize          = NULL;

-	p_AEP_SetBNCallBacks    = NULL;

-	to_return = 1;

- err:

-	return to_return;

-	}

-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int initialised = ((aep_dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case AEP_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			AEPHKerr(AEPHK_F_AEP_CTRL,

-				ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			AEPHKerr(AEPHK_F_AEP_CTRL,

-				AEPHK_R_ALREADY_LOADED);

-			return 0;

-			}

-		return set_AEP_LIBNAME((const char*)p);

-	default:

-		break;

-		}

-	AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx)

-	{

-	int to_return = 0;

-	int 	r_len = 0;

-	AEP_CONNECTION_HNDL hConnection;

-	AEP_RV rv;

-	r_len = BN_num_bits(m);

-	/* Perform in software if modulus is too large for hardware. */

-	if (r_len > max_key_len){

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-		return BN_mod_exp(r, a, p, m, ctx);

-	}

-	/*Grab a connection from the pool*/

-	rv = aep_get_connection(&hConnection);

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);

-		return BN_mod_exp(r, a, p, m, ctx);

-		}

-	/*To the card with the mod exp*/

-	rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);

-	if (rv !=  AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);

-		rv = aep_close_connection(hConnection);

-		return BN_mod_exp(r, a, p, m, ctx);

-		}

-	/*Return the connection to the pool*/

-	rv = aep_return_connection(hConnection);

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_RETURN_CONNECTION_FAILED);

-		goto err;

-		}

-	to_return = 1;

- err:

-	return to_return;

-	}

-#ifndef OPENSSL_NO_RSA

-static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *q, const BIGNUM *dmp1,

-	const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)

-	{

-	AEP_RV rv = AEP_R_OK;

-	AEP_CONNECTION_HNDL hConnection;

-	/*Grab a connection from the pool*/

-	rv = aep_get_connection(&hConnection);

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);

-		return FAIL_TO_SW;

-		}

-	/*To the card with the mod exp*/

-	rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,

-		(void*)iqmp,(void*)r,NULL);

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);

-		rv = aep_close_connection(hConnection);

-		return FAIL_TO_SW;

-		}

-	/*Return the connection to the pool*/

-	rv = aep_return_connection(hConnection);

-	if (rv != AEP_R_OK)

-		{

-		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_RETURN_CONNECTION_FAILED);

-		goto err;

-		}

- err:

-	return rv;

-	}

-#endif

-#ifdef AEPRAND

-static int aep_rand(unsigned char *buf,int len )

-	{

-	AEP_RV rv = AEP_R_OK;

-	AEP_CONNECTION_HNDL hConnection;

-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-	/*Can the request be serviced with what's already in the buffer?*/

-	if (len <= rand_block_bytes)

-		{

-		memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);

-		rand_block_bytes -= len;

-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-		}

-	else

-		/*If not the get another block of random bytes*/

-		{

-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-		rv = aep_get_connection(&hConnection);

-		if (rv !=  AEP_R_OK)

-			{

-			AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);

-			goto err_nounlock;

-			}

-		if (len > RAND_BLK_SIZE)

-			{

-			rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);

-			if (rv !=  AEP_R_OK)

-				{

-				AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);

-				goto err_nounlock;

-				}

-			}

-		else

-			{

-			CRYPTO_w_lock(CRYPTO_LOCK_RAND);

-			rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);

-			if (rv !=  AEP_R_OK)

-				{

-				AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);

-				goto err;

-				}

-			rand_block_bytes = RAND_BLK_SIZE;

-			memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);

-			rand_block_bytes -= len;

-			CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

-			}

-		rv = aep_return_connection(hConnection);

-		if (rv != AEP_R_OK)

-			{

-			AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);

-			goto err_nounlock;

-			}

-		}

-	return 1;

- err:

-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);

- err_nounlock:

-	return 0;

-	}

-static int aep_rand_status(void)

-{

-	return 1;

-}

-#endif

-#ifndef OPENSSL_NO_RSA

-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	int to_return = 0;

-	AEP_RV rv = AEP_R_OK;

-	if (!aep_dso)

-		{

-		AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);

-		goto err;

-		}

-	/*See if we have all the necessary bits for a crt*/

-	if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)

-		{

-		rv =  aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);

-		if (rv == FAIL_TO_SW){

-			const RSA_METHOD *meth = RSA_PKCS1_SSLeay();

-			to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);

-			goto err;

-		}

-		else if (rv != AEP_R_OK)

-			goto err;

-		}

-	else

-		{

-		if (!rsa->d || !rsa->n)

-			{

-			AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);

-			goto err;

-			}

-		rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);

-		if  (rv != AEP_R_OK)

-			goto err;

-		}

-	to_return = 1;

- err:

-	return to_return;

-}

-#endif

-#ifndef OPENSSL_NO_DSA

-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-	BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-	BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	BIGNUM t;

-	int to_return = 0;

-	BN_init(&t);

-	/* let rr = a1 ^ p1 mod m */

-	if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;

-	/* let t = a2 ^ p2 mod m */

-	if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;

-	/* let rr = rr * t mod m */

-	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

-	to_return = 1;

- end:

-	BN_free(&t);

-	return to_return;

-	}

-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-	BN_MONT_CTX *m_ctx)

-	{

-	return aep_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_RSA

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return aep_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-	BN_MONT_CTX *m_ctx)

-	{

-	return aep_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)

-	{

-	int count;

-	AEP_RV rv = AEP_R_OK;

-	/*Get the current process id*/

-	pid_t curr_pid;

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-#ifndef NETWARE_CLIB

-	curr_pid = getpid();

-#else

-	curr_pid = GetThreadID();

-#endif

-	/*Check if this is the first time this is being called from the current

-	  process*/

-	if (recorded_pid != curr_pid)

-		{

-		/*Remember our pid so we can check if we're in a new process*/

-		recorded_pid = curr_pid;

-		/*Call Finalize to make sure we have not inherited some data

-		  from a parent process*/

-		p_AEP_Finalize();

-		/*Initialise the AEP API*/

-		rv = p_AEP_Initialize(NULL);

-		if (rv != AEP_R_OK)

-			{

-			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);

-			recorded_pid = 0;

-			goto end;

-			}

-		/*Set the AEP big num call back functions*/

-		rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,

-			&ConvertAEPBigNum);

-		if (rv != AEP_R_OK)

-			{

-			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);

-			recorded_pid = 0;

-			goto end;

-			}

-#ifdef AEPRAND

-		/*Reset the rand byte count*/

-		rand_block_bytes = 0;

-#endif

-		/*Init the structures*/

-		for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)

-			{

-			aep_app_conn_table[count].conn_state = NotConnected;

-			aep_app_conn_table[count].conn_hndl  = 0;

-			}

-		/*Open a connection*/

-		rv = p_AEP_OpenConnection(phConnection);

-		if (rv != AEP_R_OK)

-			{

-			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);

-			recorded_pid = 0;

-			goto end;

-			}

-		aep_app_conn_table[0].conn_state = InUse;

-		aep_app_conn_table[0].conn_hndl = *phConnection;

-		goto end;

-		}

-	/*Check the existing connections to see if we can find a free one*/

-	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)

-		{

-		if (aep_app_conn_table[count].conn_state == Connected)

-			{

-			aep_app_conn_table[count].conn_state = InUse;

-			*phConnection = aep_app_conn_table[count].conn_hndl;

-			goto end;

-			}

-		}

-	/*If no connections available, we're going to have to try

-	  to open a new one*/

-	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)

-		{

-		if (aep_app_conn_table[count].conn_state == NotConnected)

-			{

-			/*Open a connection*/

-			rv = p_AEP_OpenConnection(phConnection);

-			if (rv != AEP_R_OK)

-				{

-				AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);

-				goto end;

-				}

-			aep_app_conn_table[count].conn_state = InUse;

-			aep_app_conn_table[count].conn_hndl = *phConnection;

-			goto end;

-			}

-		}

-	rv = AEP_R_GENERAL_ERROR;

- end:

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return rv;

-	}

-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)

-	{

-	int count;

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	/*Find the connection item that matches this connection handle*/

-	for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)

-		{

-		if (aep_app_conn_table[count].conn_hndl == hConnection)

-			{

-			aep_app_conn_table[count].conn_state = Connected;

-			break;

-			}

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return AEP_R_OK;

-	}

-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)

-	{

-	int count;

-	AEP_RV rv = AEP_R_OK;

-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	/*Find the connection item that matches this connection handle*/

-	for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)

-		{

-		if (aep_app_conn_table[count].conn_hndl == hConnection)

-			{

-			rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);

-			if (rv != AEP_R_OK)

-				goto end;

-			aep_app_conn_table[count].conn_state = NotConnected;

-			aep_app_conn_table[count].conn_hndl  = 0;

-			break;

-			}

-		}

- end:

-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return rv;

-	}

-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)

-	{

-	int count;

-	AEP_RV rv = AEP_R_OK;

-	*in_use = 0;

-	if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)

-		{

-		switch (aep_app_conn_table[count].conn_state)

-			{

-		case Connected:

-			rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);

-			if (rv != AEP_R_OK)

-				goto end;

-			aep_app_conn_table[count].conn_state = NotConnected;

-			aep_app_conn_table[count].conn_hndl  = 0;

-			break;

-		case InUse:

-			(*in_use)++;

-			break;

-		case NotConnected:

-			break;

-			}

-		}

- end:

-	if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-	return rv;

-	}

-/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.

-  Note only 32bit Openssl build support*/

-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)

-	{

-	BIGNUM* bn;

-	/*Cast the ArbBigNum pointer to our BIGNUM struct*/

-	bn = (BIGNUM*) ArbBigNum;

-#ifdef SIXTY_FOUR_BIT_LONG

-	*BigNumSize = bn->top << 3;

-#else

-	/*Size of the bignum in bytes is equal to the bn->top (no of 32 bit

-	  words) multiplies by 4*/

-	*BigNumSize = bn->top << 2;

-#endif

-	return AEP_R_OK;

-	}

-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,

-	unsigned char* AEP_BigNum)

-	{

-	BIGNUM* bn;

-#ifndef SIXTY_FOUR_BIT_LONG

-	unsigned char* buf;

-	int i;

-#endif

-	/*Cast the ArbBigNum pointer to our BIGNUM struct*/

-	bn = (BIGNUM*) ArbBigNum;

-#ifdef SIXTY_FOUR_BIT_LONG

-  	memcpy(AEP_BigNum, bn->d, BigNumSize);

-#else

-	/*Must copy data into a (monotone) least significant byte first format

-	  performing endian conversion if necessary*/

-	for(i=0;i<bn->top;i++)

-		{

-		buf = (unsigned char*)&bn->d[i];

-		*((AEP_U32*)AEP_BigNum) = (AEP_U32)

-			((unsigned) buf[1] << 8 | buf[0]) |

-			((unsigned) buf[3] << 8 | buf[2])  << 16;

-		AEP_BigNum += 4;

-		}

-#endif

-	return AEP_R_OK;

-	}

-/*Turn an AEP Big Num back to a user big num*/

-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,

-	unsigned char* AEP_BigNum)

-	{

-	BIGNUM* bn;

-#ifndef SIXTY_FOUR_BIT_LONG

-	int i;

-#endif

-	bn = (BIGNUM*)ArbBigNum;

-	/*Expand the result bn so that it can hold our big num.

-	  Size is in bits*/

-	bn_expand(bn, (int)(BigNumSize << 3));

-#ifdef SIXTY_FOUR_BIT_LONG

-	bn->top = BigNumSize >> 3;

-	if((BigNumSize & 7) != 0)

-		bn->top++;

-	memset(bn->d, 0, bn->top << 3);

-	memcpy(bn->d, AEP_BigNum, BigNumSize);

-#else

-	bn->top = BigNumSize >> 2;

-	for(i=0;i<bn->top;i++)

-		{

-		bn->d[i] = (AEP_U32)

-			((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |

-			((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);

-		AEP_BigNum += 4;

-		}

-#endif

-	return AEP_R_OK;

-}

-#endif /* !OPENSSL_NO_HW_AEP */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_aep.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L AEPHK		e_aep_err.h			e_aep_err.c

--- a/sys/src/ape/lib/openssl/engines/e_aep_err.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* e_aep_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_aep_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA AEPHK_str_functs[]=

-	{

-{ERR_FUNC(AEPHK_F_AEP_CTRL),	"AEP_CTRL"},

-{ERR_FUNC(AEPHK_F_AEP_FINISH),	"AEP_FINISH"},

-{ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION),	"AEP_GET_CONNECTION"},

-{ERR_FUNC(AEPHK_F_AEP_INIT),	"AEP_INIT"},

-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP),	"AEP_MOD_EXP"},

-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT),	"AEP_MOD_EXP_CRT"},

-{ERR_FUNC(AEPHK_F_AEP_RAND),	"AEP_RAND"},

-{ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP),	"AEP_RSA_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA AEPHK_str_reasons[]=

-	{

-{ERR_REASON(AEPHK_R_ALREADY_LOADED)      ,"already loaded"},

-{ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED),"close handles failed"},

-{ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE)  ,"connections in use"},

-{ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(AEPHK_R_FINALIZE_FAILED)     ,"finalize failed"},

-{ERR_REASON(AEPHK_R_GET_HANDLE_FAILED)   ,"get handle failed"},

-{ERR_REASON(AEPHK_R_GET_RANDOM_FAILED)   ,"get random failed"},

-{ERR_REASON(AEPHK_R_INIT_FAILURE)        ,"init failure"},

-{ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED)  ,"mod exp crt failed"},

-{ERR_REASON(AEPHK_R_MOD_EXP_FAILED)      ,"mod exp failed"},

-{ERR_REASON(AEPHK_R_NOT_LOADED)          ,"not loaded"},

-{ERR_REASON(AEPHK_R_OK)                  ,"ok"},

-{ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),"return connection failed"},

-{ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE),"setbncallback failure"},

-{ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},

-{ERR_REASON(AEPHK_R_UNIT_FAILURE)        ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef AEPHK_LIB_NAME

-static ERR_STRING_DATA AEPHK_lib_name[]=

-        {

-{0	,AEPHK_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int AEPHK_lib_error_code=0;

-static int AEPHK_error_init=1;

-static void ERR_load_AEPHK_strings(void)

-	{

-	if (AEPHK_lib_error_code == 0)

-		AEPHK_lib_error_code=ERR_get_next_error_library();

-	if (AEPHK_error_init)

-		{

-		AEPHK_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);

-		ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);

-#endif

-#ifdef AEPHK_LIB_NAME

-		AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);

-		ERR_load_strings(0,AEPHK_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_AEPHK_strings(void)

-	{

-	if (AEPHK_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);

-		ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);

-#endif

-#ifdef AEPHK_LIB_NAME

-		ERR_unload_strings(0,AEPHK_lib_name);

-#endif

-		AEPHK_error_init=1;

-		}

-	}

-static void ERR_AEPHK_error(int function, int reason, char *file, int line)

-	{

-	if (AEPHK_lib_error_code == 0)

-		AEPHK_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_aep_err.h

+++ /dev/null

@@ -1,101 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_AEPHK_ERR_H

-#define HEADER_AEPHK_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_AEPHK_strings(void);

-static void ERR_unload_AEPHK_strings(void);

-static void ERR_AEPHK_error(int function, int reason, char *file, int line);

-#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the AEPHK functions. */

-/* Function codes. */

-#define AEPHK_F_AEP_CTRL				 100

-#define AEPHK_F_AEP_FINISH				 101

-#define AEPHK_F_AEP_GET_CONNECTION			 102

-#define AEPHK_F_AEP_INIT				 103

-#define AEPHK_F_AEP_MOD_EXP				 104

-#define AEPHK_F_AEP_MOD_EXP_CRT				 105

-#define AEPHK_F_AEP_RAND				 106

-#define AEPHK_F_AEP_RSA_MOD_EXP				 107

-/* Reason codes. */

-#define AEPHK_R_ALREADY_LOADED				 100

-#define AEPHK_R_CLOSE_HANDLES_FAILED			 101

-#define AEPHK_R_CONNECTIONS_IN_USE			 102

-#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define AEPHK_R_FINALIZE_FAILED				 104

-#define AEPHK_R_GET_HANDLE_FAILED			 105

-#define AEPHK_R_GET_RANDOM_FAILED			 106

-#define AEPHK_R_INIT_FAILURE				 107

-#define AEPHK_R_MISSING_KEY_COMPONENTS			 108

-#define AEPHK_R_MOD_EXP_CRT_FAILED			 109

-#define AEPHK_R_MOD_EXP_FAILED				 110

-#define AEPHK_R_NOT_LOADED				 111

-#define AEPHK_R_OK					 112

-#define AEPHK_R_RETURN_CONNECTION_FAILED		 113

-#define AEPHK_R_SETBNCALLBACK_FAILURE			 114

-#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 116

-#define AEPHK_R_UNIT_FAILURE				 115

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_atalla.c

+++ /dev/null

@@ -1,607 +1,0 @@

-/* crypto/engine/hw_atalla.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_ATALLA

-#ifdef FLAT_INC

-#include "atalla.h"

-#else

-#include "vendor_defns/atalla.h"

-#endif

-#define ATALLA_LIB_NAME "atalla engine"

-#include "e_atalla_err.c"

-static int atalla_destroy(ENGINE *e);

-static int atalla_init(ENGINE *e);

-static int atalla_finish(ENGINE *e);

-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-/* BIGNUM stuff */

-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx);

-#ifndef OPENSSL_NO_RSA

-/* RSA stuff */

-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-#ifndef OPENSSL_NO_DSA

-/* DSA stuff */

-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont);

-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx);

-#endif

-#ifndef OPENSSL_NO_DH

-/* DH stuff */

-/* This function is alised to mod_exp (with the DH and mont dropped). */

-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,

-		const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* The definitions for control commands specific to this engine */

-#define ATALLA_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {

-	{ATALLA_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'atasi' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD atalla_rsa =

-	{

-	"Atalla RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	atalla_rsa_mod_exp,

-	atalla_mod_exp_mont,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-#ifndef OPENSSL_NO_DSA

-/* Our internal DSA_METHOD that we provide pointers to */

-static DSA_METHOD atalla_dsa =

-	{

-	"Atalla DSA method",

-	NULL, /* dsa_do_sign */

-	NULL, /* dsa_sign_setup */

-	NULL, /* dsa_do_verify */

-	atalla_dsa_mod_exp, /* dsa_mod_exp */

-	atalla_mod_exp_dsa, /* bn_mod_exp */

-	NULL, /* init */

-	NULL, /* finish */

-	0, /* flags */

-	NULL, /* app_data */

-	NULL, /* dsa_paramgen */

-	NULL /* dsa_keygen */

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-static DH_METHOD atalla_dh =

-	{

-	"Atalla DH method",

-	NULL,

-	NULL,

-	atalla_mod_exp_dh,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL

-	};

-#endif

-/* Constants used when creating the ENGINE */

-static const char *engine_atalla_id = "atalla";

-static const char *engine_atalla_name = "Atalla hardware engine support";

-/* This internal function is used by ENGINE_atalla() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DSA

-	const DSA_METHOD *meth2;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth3;

-#endif

-	if(!ENGINE_set_id(e, engine_atalla_id) ||

-			!ENGINE_set_name(e, engine_atalla_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &atalla_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-			!ENGINE_set_DSA(e, &atalla_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH(e, &atalla_dh) ||

-#endif

-			!ENGINE_set_destroy_function(e, atalla_destroy) ||

-			!ENGINE_set_init_function(e, atalla_init) ||

-			!ENGINE_set_finish_function(e, atalla_finish) ||

-			!ENGINE_set_ctrl_function(e, atalla_ctrl) ||

-			!ENGINE_set_cmd_defns(e, atalla_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the atalla-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DSA

-	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

-	 * bits. */

-	meth2 = DSA_OpenSSL();

-	atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;

-	atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;

-	atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth3 = DH_OpenSSL();

-	atalla_dh.generate_key = meth3->generate_key;

-	atalla_dh.compute_key = meth3->compute_key;

-#endif

-	/* Ensure the atalla error handling is set up */

-	ERR_load_ATALLA_strings();

-	return 1;

-	}

-#ifdef OPENSSL_NO_DYNAMIC_ENGINE

-static ENGINE *engine_atalla(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_atalla(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_atalla();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This is a process-global DSO handle used for loading and unloading

- * the Atalla library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *atalla_dso = NULL;

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;

-static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;

-static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;

-/* These are the static string constants for the DSO file name and the function

- * symbol names to bind to. Regrettably, the DSO name on *nix appears to be

- * "atasi.so" rather than something more consistent like "libatasi.so". At the

- * time of writing, I'm not sure what the file name on win32 is but clearly

- * native name translation is not possible (eg libatasi.so on *nix, and

- * atasi.dll on win32). For the purposes of testing, I have created a symbollic

- * link called "libatasi.so" so that we can use native name-translation - a

- * better solution will be needed. */

-static const char *ATALLA_LIBNAME = NULL;

-static const char *get_ATALLA_LIBNAME(void)

-	{

-		if(ATALLA_LIBNAME)

-			return ATALLA_LIBNAME;

-		return "atasi";

-	}

-static void free_ATALLA_LIBNAME(void)

-	{

-		if(ATALLA_LIBNAME)

-			OPENSSL_free((void*)ATALLA_LIBNAME);

-		ATALLA_LIBNAME = NULL;

-	}

-static long set_ATALLA_LIBNAME(const char *name)

-	{

-	free_ATALLA_LIBNAME();

-	return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);

-	}

-static const char *ATALLA_F1 = "ASI_GetHardwareConfig";

-static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";

-static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";

-/* Destructor (complements the "ENGINE_atalla()" constructor) */

-static int atalla_destroy(ENGINE *e)

-	{

-	free_ATALLA_LIBNAME();

-	/* Unload the atalla error strings so any error state including our

-	 * functs or reasons won't lead to a segfault (they simply get displayed

-	 * without corresponding string data because none will be found). */

-	ERR_unload_ATALLA_strings();

-	return 1;

-	}

-/* (de)initialisation functions. */

-static int atalla_init(ENGINE *e)

-	{

-	tfnASI_GetHardwareConfig *p1;

-	tfnASI_RSAPrivateKeyOpFn *p2;

-	tfnASI_GetPerformanceStatistics *p3;

-	/* Not sure of the origin of this magic value, but Ben's code had it

-	 * and it seemed to have been working for a few people. :-) */

-	unsigned int config_buf[1024];

-	if(atalla_dso != NULL)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);

-		goto err;

-		}

-	/* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be

-	 * changed unfortunately because the Atalla drivers don't have

-	 * standard library names that can be platform-translated well. */

-	/* TODO: Work out how to actually map to the names the Atalla

-	 * drivers really use - for now a symbollic link needs to be

-	 * created on the host system from libatasi.so to atasi.so on

-	 * unix variants. */

-	atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);

-	if(atalla_dso == NULL)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);

-		goto err;

-		}

-	if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(

-				atalla_dso, ATALLA_F1)) ||

-			!(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(

-				atalla_dso, ATALLA_F2)) ||

-			!(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(

-				atalla_dso, ATALLA_F3)))

-		{

-		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);

-		goto err;

-		}

-	/* Copy the pointers */

-	p_Atalla_GetHardwareConfig = p1;

-	p_Atalla_RSAPrivateKeyOpFn = p2;

-	p_Atalla_GetPerformanceStatistics = p3;

-	/* Perform a basic test to see if there's actually any unit

-	 * running. */

-	if(p1(0L, config_buf) != 0)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);

-		goto err;

-		}

-	/* Everything's fine. */

-	return 1;

-err:

-	if(atalla_dso)

-		DSO_free(atalla_dso);

-	atalla_dso = NULL;

-	p_Atalla_GetHardwareConfig = NULL;

-	p_Atalla_RSAPrivateKeyOpFn = NULL;

-	p_Atalla_GetPerformanceStatistics = NULL;

-	return 0;

-	}

-static int atalla_finish(ENGINE *e)

-	{

-	free_ATALLA_LIBNAME();

-	if(atalla_dso == NULL)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);

-		return 0;

-		}

-	if(!DSO_free(atalla_dso))

-		{

-		ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);

-		return 0;

-		}

-	atalla_dso = NULL;

-	p_Atalla_GetHardwareConfig = NULL;

-	p_Atalla_RSAPrivateKeyOpFn = NULL;

-	p_Atalla_GetPerformanceStatistics = NULL;

-	return 1;

-	}

-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int initialised = ((atalla_dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case ATALLA_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);

-			return 0;

-			}

-		return set_ATALLA_LIBNAME((const char *)p);

-	default:

-		break;

-		}

-	ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *m, BN_CTX *ctx)

-	{

-	/* I need somewhere to store temporary serialised values for

-	 * use with the Atalla API calls. A neat cheat - I'll use

-	 * BIGNUMs from the BN_CTX but access their arrays directly as

-	 * byte arrays <grin>. This way I don't have to clean anything

-	 * up. */

-	BIGNUM *modulus;

-	BIGNUM *exponent;

-	BIGNUM *argument;

-	BIGNUM *result;

-	RSAPrivateKey keydata;

-	int to_return, numbytes;

-	modulus = exponent = argument = result = NULL;

-	to_return = 0; /* expect failure */

-	if(!atalla_dso)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);

-		goto err;

-		}

-	/* Prepare the params */

-	BN_CTX_start(ctx);

-	modulus = BN_CTX_get(ctx);

-	exponent = BN_CTX_get(ctx);

-	argument = BN_CTX_get(ctx);

-	result = BN_CTX_get(ctx);

-	if (!result)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);

-		goto err;

-		}

-	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||

-	   !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))

-		{

-		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);

-		goto err;

-		}

-	/* Prepare the key-data */

-	memset(&keydata, 0,sizeof keydata);

-	numbytes = BN_num_bytes(m);

-	memset(exponent->d, 0, numbytes);

-	memset(modulus->d, 0, numbytes);

-	BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));

-	BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));

-	keydata.privateExponent.data = (unsigned char *)exponent->d;

-	keydata.privateExponent.len = numbytes;

-	keydata.modulus.data = (unsigned char *)modulus->d;

-	keydata.modulus.len = numbytes;

-	/* Prepare the argument */

-	memset(argument->d, 0, numbytes);

-	memset(result->d, 0, numbytes);

-	BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));

-	/* Perform the operation */

-	if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,

-			(unsigned char *)argument->d,

-			keydata.modulus.len) != 0)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);

-		goto err;

-		}

-	/* Convert the response */

-	BN_bin2bn((unsigned char *)result->d, numbytes, r);

-	to_return = 1;

-err:

-	BN_CTX_end(ctx);

-	return to_return;

-	}

-#ifndef OPENSSL_NO_RSA

-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	int to_return = 0;

-	if(!atalla_dso)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);

-		goto err;

-		}

-	if(!rsa->d || !rsa->n)

-		{

-		ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);

-		goto err;

-		}

-	to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);

-err:

-	return to_return;

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-/* This code was liberated and adapted from the commented-out code in

- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration

- * (it doesn't have a CRT form for RSA), this function means that an

- * Atalla system running with a DSA server certificate can handshake

- * around 5 or 6 times faster/more than an equivalent system running with

- * RSA. Just check out the "signs" statistics from the RSA and DSA parts

- * of "openssl speed -engine atalla dsa1024 rsa1024". */

-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	BIGNUM t;

-	int to_return = 0;

-	BN_init(&t);

-	/* let rr = a1 ^ p1 mod m */

-	if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;

-	/* let t = a2 ^ p2 mod m */

-	if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;

-	/* let rr = rr * t mod m */

-	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

-	to_return = 1;

-end:

-	BN_free(&t);

-	return to_return;

-	}

-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx)

-	{

-	return atalla_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_RSA

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return atalla_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,

-		const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return atalla_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_atalla_id) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_ATALLA */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_atalla.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L ATALLA	e_atalla_err.h			e_atalla_err.c

--- a/sys/src/ape/lib/openssl/engines/e_atalla_err.c

+++ /dev/null

@@ -1,149 +1,0 @@

-/* e_atalla_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_atalla_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA ATALLA_str_functs[]=

-	{

-{ERR_FUNC(ATALLA_F_ATALLA_CTRL),	"ATALLA_CTRL"},

-{ERR_FUNC(ATALLA_F_ATALLA_FINISH),	"ATALLA_FINISH"},

-{ERR_FUNC(ATALLA_F_ATALLA_INIT),	"ATALLA_INIT"},

-{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP),	"ATALLA_MOD_EXP"},

-{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP),	"ATALLA_RSA_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA ATALLA_str_reasons[]=

-	{

-{ERR_REASON(ATALLA_R_ALREADY_LOADED)     ,"already loaded"},

-{ERR_REASON(ATALLA_R_BN_CTX_FULL)        ,"bn ctx full"},

-{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL)     ,"bn expand fail"},

-{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{ERR_REASON(ATALLA_R_NOT_LOADED)         ,"not loaded"},

-{ERR_REASON(ATALLA_R_REQUEST_FAILED)     ,"request failed"},

-{ERR_REASON(ATALLA_R_UNIT_FAILURE)       ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef ATALLA_LIB_NAME

-static ERR_STRING_DATA ATALLA_lib_name[]=

-        {

-{0	,ATALLA_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int ATALLA_lib_error_code=0;

-static int ATALLA_error_init=1;

-static void ERR_load_ATALLA_strings(void)

-	{

-	if (ATALLA_lib_error_code == 0)

-		ATALLA_lib_error_code=ERR_get_next_error_library();

-	if (ATALLA_error_init)

-		{

-		ATALLA_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);

-		ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);

-#endif

-#ifdef ATALLA_LIB_NAME

-		ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);

-		ERR_load_strings(0,ATALLA_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_ATALLA_strings(void)

-	{

-	if (ATALLA_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);

-		ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);

-#endif

-#ifdef ATALLA_LIB_NAME

-		ERR_unload_strings(0,ATALLA_lib_name);

-#endif

-		ATALLA_error_init=1;

-		}

-	}

-static void ERR_ATALLA_error(int function, int reason, char *file, int line)

-	{

-	if (ATALLA_lib_error_code == 0)

-		ATALLA_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_atalla_err.h

+++ /dev/null

@@ -1,89 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_ATALLA_ERR_H

-#define HEADER_ATALLA_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_ATALLA_strings(void);

-static void ERR_unload_ATALLA_strings(void);

-static void ERR_ATALLA_error(int function, int reason, char *file, int line);

-#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the ATALLA functions. */

-/* Function codes. */

-#define ATALLA_F_ATALLA_CTRL				 100

-#define ATALLA_F_ATALLA_FINISH				 101

-#define ATALLA_F_ATALLA_INIT				 102

-#define ATALLA_F_ATALLA_MOD_EXP				 103

-#define ATALLA_F_ATALLA_RSA_MOD_EXP			 104

-/* Reason codes. */

-#define ATALLA_R_ALREADY_LOADED				 100

-#define ATALLA_R_BN_CTX_FULL				 101

-#define ATALLA_R_BN_EXPAND_FAIL				 102

-#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define ATALLA_R_MISSING_KEY_COMPONENTS			 104

-#define ATALLA_R_NOT_LOADED				 105

-#define ATALLA_R_REQUEST_FAILED				 106

-#define ATALLA_R_UNIT_FAILURE				 107

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_chil.c

+++ /dev/null

@@ -1,1374 +1,0 @@

-/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Richard Levitte ([email protected]), Geoff Thorpe

- * ([email protected]) and Dr Stephen N Henson ([email protected])

- * for the OpenSSL project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/pem.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#include <openssl/ui.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_CHIL

-/* Attribution notice: nCipher have said several times that it's OK for

- * us to implement a general interface to their boxes, and recently declared

- * their HWCryptoHook to be public, and therefore available for us to use.

- * Thanks, nCipher.

- *

- * The hwcryptohook.h included here is from May 2000.

- * [Richard Levitte]

- */

-#ifdef FLAT_INC

-#include "hwcryptohook.h"

-#else

-#include "vendor_defns/hwcryptohook.h"

-#endif

-#define HWCRHK_LIB_NAME "CHIL engine"

-#include "e_chil_err.c"

-static int hwcrhk_destroy(ENGINE *e);

-static int hwcrhk_init(ENGINE *e);

-static int hwcrhk_finish(ENGINE *e);

-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-/* Functions to handle mutexes */

-static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);

-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);

-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);

-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);

-/* BIGNUM stuff */

-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx);

-#ifndef OPENSSL_NO_RSA

-/* RSA stuff */

-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-#endif

-#ifndef OPENSSL_NO_RSA

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-#ifndef OPENSSL_NO_DH

-/* DH stuff */

-/* This function is alised to mod_exp (with the DH and mont dropped). */

-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,

-	const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* RAND stuff */

-static int hwcrhk_rand_bytes(unsigned char *buf, int num);

-static int hwcrhk_rand_status(void);

-/* KM stuff */

-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-#ifndef OPENSSL_NO_RSA

-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-	int ind,long argl, void *argp);

-#endif

-/* Interaction stuff */

-static int hwcrhk_insert_card(const char *prompt_info,

-	const char *wrong_info,

-	HWCryptoHook_PassphraseContext *ppctx,

-	HWCryptoHook_CallerContext *cactx);

-static int hwcrhk_get_pass(const char *prompt_info,

-	int *len_io, char *buf,

-	HWCryptoHook_PassphraseContext *ppctx,

-	HWCryptoHook_CallerContext *cactx);

-static void hwcrhk_log_message(void *logstr, const char *message);

-/* The definitions for control commands specific to this engine */

-#define HWCRHK_CMD_SO_PATH		ENGINE_CMD_BASE

-#define HWCRHK_CMD_FORK_CHECK		(ENGINE_CMD_BASE + 1)

-#define HWCRHK_CMD_THREAD_LOCKING	(ENGINE_CMD_BASE + 2)

-#define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)

-#define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)

-static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {

-	{HWCRHK_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'hwcrhk' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{HWCRHK_CMD_FORK_CHECK,

-		"FORK_CHECK",

-		"Turns fork() checking on or off (boolean)",

-		ENGINE_CMD_FLAG_NUMERIC},

-	{HWCRHK_CMD_THREAD_LOCKING,

-		"THREAD_LOCKING",

-		"Turns thread-safe locking on or off (boolean)",

-		ENGINE_CMD_FLAG_NUMERIC},

-	{HWCRHK_CMD_SET_USER_INTERFACE,

-		"SET_USER_INTERFACE",

-		"Set the global user interface (internal)",

-		ENGINE_CMD_FLAG_INTERNAL},

-	{HWCRHK_CMD_SET_CALLBACK_DATA,

-		"SET_CALLBACK_DATA",

-		"Set the global user interface extra data (internal)",

-		ENGINE_CMD_FLAG_INTERNAL},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD hwcrhk_rsa =

-	{

-	"CHIL RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	hwcrhk_rsa_mod_exp,

-	hwcrhk_mod_exp_mont,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-static DH_METHOD hwcrhk_dh =

-	{

-	"CHIL DH method",

-	NULL,

-	NULL,

-	hwcrhk_mod_exp_dh,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL

-	};

-#endif

-static RAND_METHOD hwcrhk_rand =

-	{

-	/* "CHIL RAND method", */

-	NULL,

-	hwcrhk_rand_bytes,

-	NULL,

-	NULL,

-	hwcrhk_rand_bytes,

-	hwcrhk_rand_status,

-	};

-/* Constants used when creating the ENGINE */

-static const char *engine_hwcrhk_id = "chil";

-static const char *engine_hwcrhk_name = "CHIL hardware engine support";

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-/* Compatibility hack, the dynamic library uses this form in the path */

-static const char *engine_hwcrhk_id_alt = "ncipher";

-#endif

-/* Internal stuff for HWCryptoHook */

-/* Some structures needed for proper use of thread locks */

-/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue

-   into HWCryptoHook_Mutex */

-struct HWCryptoHook_MutexValue

-	{

-	int lockid;

-	};

-/* hwcryptohook.h has some typedefs that turn

-   struct HWCryptoHook_PassphraseContextValue

-   into HWCryptoHook_PassphraseContext */

-struct HWCryptoHook_PassphraseContextValue

-	{

-        UI_METHOD *ui_method;

-	void *callback_data;

-	};

-/* hwcryptohook.h has some typedefs that turn

-   struct HWCryptoHook_CallerContextValue

-   into HWCryptoHook_CallerContext */

-struct HWCryptoHook_CallerContextValue

-	{

-	pem_password_cb *password_callback; /* Deprecated!  Only present for

-                                               backward compatibility! */

-        UI_METHOD *ui_method;

-	void *callback_data;

-	};

-/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL

-   BIGNUM's, so lets define a couple of conversion macros */

-#define BN2MPI(mp, bn) \

-    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}

-#define MPI2BN(bn, mp) \

-    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}

-static BIO *logstream = NULL;

-static int disable_mutex_callbacks = 0;

-/* One might wonder why these are needed, since one can pass down at least

-   a UI_METHOD and a pointer to callback data to the key-loading functions.

-   The thing is that the ModExp and RSAImmed functions can load keys as well,

-   if the data they get is in a special, nCipher-defined format (hint: if you

-   look at the private exponent of the RSA data as a string, you'll see this

-   string: "nCipher KM tool key id", followed by some bytes, followed a key

-   identity string, followed by more bytes.  This happens when you use "embed"

-   keys instead of "hwcrhk" keys).  Unfortunately, those functions do not take

-   any passphrase or caller context, and our functions can't really take any

-   callback data either.  Still, the "insert_card" and "get_passphrase"

-   callbacks may be called down the line, and will need to know what user

-   interface callbacks to call, and having callback data from the application

-   may be a nice thing as well, so we need to keep track of that globally. */

-static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };

-/* Stuff to pass to the HWCryptoHook library */

-static HWCryptoHook_InitInfo hwcrhk_globals = {

-	HWCryptoHook_InitFlags_SimpleForkCheck,	/* Flags */

-	&logstream,		/* logstream */

-	sizeof(BN_ULONG),	/* limbsize */

-	0,			/* mslimb first: false for BNs */

-	-1,			/* msbyte first: use native */

-	0,			/* Max mutexes, 0 = no small limit */

-	0,			/* Max simultaneous, 0 = default */

-	/* The next few are mutex stuff: we write wrapper functions

-	   around the OS mutex functions.  We initialise them to 0

-	   here, and change that to actual function pointers in hwcrhk_init()

-	   if dynamic locks are supported (that is, if the application

-	   programmer has made sure of setting up callbacks bafore starting

-	   this engine) *and* if disable_mutex_callbacks hasn't been set by

-	   a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */

-	sizeof(HWCryptoHook_Mutex),

-	0,

-	0,

-	0,

-	0,

-	/* The next few are condvar stuff: we write wrapper functions

-	   round the OS functions.  Currently not implemented and not

-	   and absolute necessity even in threaded programs, therefore

-	   0'ed.  Will hopefully be implemented some day, since it

-	   enhances the efficiency of HWCryptoHook.  */

-	0, /* sizeof(HWCryptoHook_CondVar), */

-	0, /* hwcrhk_cv_init, */

-	0, /* hwcrhk_cv_wait, */

-	0, /* hwcrhk_cv_signal, */

-	0, /* hwcrhk_cv_broadcast, */

-	0, /* hwcrhk_cv_destroy, */

-	hwcrhk_get_pass,	/* pass phrase */

-	hwcrhk_insert_card,	/* insert a card */

-	hwcrhk_log_message	/* Log message */

-};

-/* Now, to our own code */

-/* This internal function is used by ENGINE_chil() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth2;

-#endif

-	if(!ENGINE_set_id(e, engine_hwcrhk_id) ||

-			!ENGINE_set_name(e, engine_hwcrhk_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &hwcrhk_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH(e, &hwcrhk_dh) ||

-#endif

-			!ENGINE_set_RAND(e, &hwcrhk_rand) ||

-			!ENGINE_set_destroy_function(e, hwcrhk_destroy) ||

-			!ENGINE_set_init_function(e, hwcrhk_init) ||

-			!ENGINE_set_finish_function(e, hwcrhk_finish) ||

-			!ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||

-			!ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||

-			!ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||

-			!ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the cswift-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth2 = DH_OpenSSL();

-	hwcrhk_dh.generate_key = meth2->generate_key;

-	hwcrhk_dh.compute_key = meth2->compute_key;

-#endif

-	/* Ensure the hwcrhk error handling is set up */

-	ERR_load_HWCRHK_strings();

-	return 1;

-	}

-#ifdef OPENSSL_NO_DYNAMIC_ENGINE

-static ENGINE *engine_chil(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_chil(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_chil();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This is a process-global DSO handle used for loading and unloading

- * the HWCryptoHook library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *hwcrhk_dso = NULL;

-static HWCryptoHook_ContextHandle hwcrhk_context = 0;

-#ifndef OPENSSL_NO_RSA

-static int hndidx_rsa = -1;    /* Index for KM handle.  Not really used yet. */

-#endif

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;

-static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;

-static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;

-#ifndef OPENSSL_NO_RSA

-static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;

-#endif

-static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;

-#ifndef OPENSSL_NO_RSA

-static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;

-static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;

-static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;

-#endif

-static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;

-/* Used in the DSO operations. */

-static const char *HWCRHK_LIBNAME = NULL;

-static void free_HWCRHK_LIBNAME(void)

-	{

-	if(HWCRHK_LIBNAME)

-		OPENSSL_free((void*)HWCRHK_LIBNAME);

-	HWCRHK_LIBNAME = NULL;

-	}

-static const char *get_HWCRHK_LIBNAME(void)

-	{

-	if(HWCRHK_LIBNAME)

-		return HWCRHK_LIBNAME;

-	return "nfhwcrhk";

-	}

-static long set_HWCRHK_LIBNAME(const char *name)

-	{

-	free_HWCRHK_LIBNAME();

-	return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);

-	}

-static const char *n_hwcrhk_Init = "HWCryptoHook_Init";

-static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";

-static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";

-#ifndef OPENSSL_NO_RSA

-static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";

-#endif

-static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";

-#ifndef OPENSSL_NO_RSA

-static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";

-static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";

-static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";

-#endif

-static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";

-/* HWCryptoHook library functions and mechanics - these are used by the

- * higher-level functions further down. NB: As and where there's no

- * error checking, take a look lower down where these functions are

- * called, the checking and error handling is probably down there. */

-/* utility function to obtain a context */

-static int get_context(HWCryptoHook_ContextHandle *hac,

-        HWCryptoHook_CallerContext *cac)

-	{

-	char tempbuf[1024];

-	HWCryptoHook_ErrMsgBuf rmsg;

-	rmsg.buf = tempbuf;

-	rmsg.size = sizeof(tempbuf);

-        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,

-		cac);

-	if (!*hac)

-                return 0;

-        return 1;

-	}

-/* similarly to release one. */

-static void release_context(HWCryptoHook_ContextHandle hac)

-	{

-	p_hwcrhk_Finish(hac);

-	}

-/* Destructor (complements the "ENGINE_chil()" constructor) */

-static int hwcrhk_destroy(ENGINE *e)

-	{

-	free_HWCRHK_LIBNAME();

-	ERR_unload_HWCRHK_strings();

-	return 1;

-	}

-/* (de)initialisation functions. */

-static int hwcrhk_init(ENGINE *e)

-	{

-	HWCryptoHook_Init_t *p1;

-	HWCryptoHook_Finish_t *p2;

-	HWCryptoHook_ModExp_t *p3;

-#ifndef OPENSSL_NO_RSA

-	HWCryptoHook_RSA_t *p4;

-	HWCryptoHook_RSALoadKey_t *p5;

-	HWCryptoHook_RSAGetPublicKey_t *p6;

-	HWCryptoHook_RSAUnloadKey_t *p7;

-#endif

-	HWCryptoHook_RandomBytes_t *p8;

-	HWCryptoHook_ModExpCRT_t *p9;

-	if(hwcrhk_dso != NULL)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);

-		goto err;

-		}

-	/* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */

-	hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);

-	if(hwcrhk_dso == NULL)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);

-		goto err;

-		}

-	if(!(p1 = (HWCryptoHook_Init_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||

-		!(p2 = (HWCryptoHook_Finish_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||

-		!(p3 = (HWCryptoHook_ModExp_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||

-#ifndef OPENSSL_NO_RSA

-		!(p4 = (HWCryptoHook_RSA_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||

-		!(p5 = (HWCryptoHook_RSALoadKey_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||

-		!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||

-		!(p7 = (HWCryptoHook_RSAUnloadKey_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||

-#endif

-		!(p8 = (HWCryptoHook_RandomBytes_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||

-		!(p9 = (HWCryptoHook_ModExpCRT_t *)

-			DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);

-		goto err;

-		}

-	/* Copy the pointers */

-	p_hwcrhk_Init = p1;

-	p_hwcrhk_Finish = p2;

-	p_hwcrhk_ModExp = p3;

-#ifndef OPENSSL_NO_RSA

-	p_hwcrhk_RSA = p4;

-	p_hwcrhk_RSALoadKey = p5;

-	p_hwcrhk_RSAGetPublicKey = p6;

-	p_hwcrhk_RSAUnloadKey = p7;

-#endif

-	p_hwcrhk_RandomBytes = p8;

-	p_hwcrhk_ModExpCRT = p9;

-	/* Check if the application decided to support dynamic locks,

-	   and if it does, use them. */

-	if (disable_mutex_callbacks == 0)

-		{

-		if (CRYPTO_get_dynlock_create_callback() != NULL &&

-			CRYPTO_get_dynlock_lock_callback() != NULL &&

-			CRYPTO_get_dynlock_destroy_callback() != NULL)

-			{

-			hwcrhk_globals.mutex_init = hwcrhk_mutex_init;

-			hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;

-			hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;

-			hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;

-			}

-		else if (CRYPTO_get_locking_callback() != NULL)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);

-			ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");

-			goto err;

-			}

-		}

-	/* Try and get a context - if not, we may have a DSO but no

-	 * accelerator! */

-	if(!get_context(&hwcrhk_context, &password_context))

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);

-		goto err;

-		}

-	/* Everything's fine. */

-#ifndef OPENSSL_NO_RSA

-	if (hndidx_rsa == -1)

-		hndidx_rsa = RSA_get_ex_new_index(0,

-			"nFast HWCryptoHook RSA key handle",

-			NULL, NULL, hwcrhk_ex_free);

-#endif

-	return 1;

-err:

-	if(hwcrhk_dso)

-		DSO_free(hwcrhk_dso);

-	hwcrhk_dso = NULL;

-	p_hwcrhk_Init = NULL;

-	p_hwcrhk_Finish = NULL;

-	p_hwcrhk_ModExp = NULL;

-#ifndef OPENSSL_NO_RSA

-	p_hwcrhk_RSA = NULL;

-	p_hwcrhk_RSALoadKey = NULL;

-	p_hwcrhk_RSAGetPublicKey = NULL;

-	p_hwcrhk_RSAUnloadKey = NULL;

-#endif

-	p_hwcrhk_ModExpCRT = NULL;

-	p_hwcrhk_RandomBytes = NULL;

-	return 0;

-	}

-static int hwcrhk_finish(ENGINE *e)

-	{

-	int to_return = 1;

-	free_HWCRHK_LIBNAME();

-	if(hwcrhk_dso == NULL)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);

-		to_return = 0;

-		goto err;

-		}

-	release_context(hwcrhk_context);

-	if(!DSO_free(hwcrhk_dso))

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);

-		to_return = 0;

-		goto err;

-		}

- err:

-	if (logstream)

-		BIO_free(logstream);

-	hwcrhk_dso = NULL;

-	p_hwcrhk_Init = NULL;

-	p_hwcrhk_Finish = NULL;

-	p_hwcrhk_ModExp = NULL;

-#ifndef OPENSSL_NO_RSA

-	p_hwcrhk_RSA = NULL;

-	p_hwcrhk_RSALoadKey = NULL;

-	p_hwcrhk_RSAGetPublicKey = NULL;

-	p_hwcrhk_RSAUnloadKey = NULL;

-#endif

-	p_hwcrhk_ModExpCRT = NULL;

-	p_hwcrhk_RandomBytes = NULL;

-	return to_return;

-	}

-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int to_return = 1;

-	switch(cmd)

-		{

-	case HWCRHK_CMD_SO_PATH:

-		if(hwcrhk_dso)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);

-			return 0;

-			}

-		if(p == NULL)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		return set_HWCRHK_LIBNAME((const char *)p);

-	case ENGINE_CTRL_SET_LOGSTREAM:

-		{

-		BIO *bio = (BIO *)p;

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		if (logstream)

-			{

-			BIO_free(logstream);

-			logstream = NULL;

-			}

-		if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)

-			logstream = bio;

-		else

-			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);

-		}

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	case ENGINE_CTRL_SET_PASSWORD_CALLBACK:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		password_context.password_callback = (pem_password_cb *)f;

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	case ENGINE_CTRL_SET_USER_INTERFACE:

-	case HWCRHK_CMD_SET_USER_INTERFACE:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		password_context.ui_method = (UI_METHOD *)p;

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	case ENGINE_CTRL_SET_CALLBACK_DATA:

-	case HWCRHK_CMD_SET_CALLBACK_DATA:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		password_context.callback_data = p;

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	/* this enables or disables the "SimpleForkCheck" flag used in the

-	 * initialisation structure. */

-	case ENGINE_CTRL_CHIL_SET_FORKCHECK:

-	case HWCRHK_CMD_FORK_CHECK:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		if(i)

-			hwcrhk_globals.flags |=

-				HWCryptoHook_InitFlags_SimpleForkCheck;

-		else

-			hwcrhk_globals.flags &=

-				~HWCryptoHook_InitFlags_SimpleForkCheck;

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	/* This will prevent the initialisation function from "installing"

-	 * the mutex-handling callbacks, even if they are available from

-	 * within the library (or were provided to the library from the

-	 * calling application). This is to remove any baggage for

-	 * applications not using multithreading. */

-	case ENGINE_CTRL_CHIL_NO_LOCKING:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		disable_mutex_callbacks = 1;

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	case HWCRHK_CMD_THREAD_LOCKING:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		disable_mutex_callbacks = ((i == 0) ? 0 : 1);

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	/* The command isn't understood by this engine */

-	default:

-		HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,

-			HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-		to_return = 0;

-		break;

-		}

-	return to_return;

-	}

-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data)

-	{

-#ifndef OPENSSL_NO_RSA

-	RSA *rtmp = NULL;

-#endif

-	EVP_PKEY *res = NULL;

-#ifndef OPENSSL_NO_RSA

-	HWCryptoHook_MPI e, n;

-	HWCryptoHook_RSAKeyHandle *hptr;

-#endif

-#if !defined(OPENSSL_NO_RSA)

-	char tempbuf[1024];

-	HWCryptoHook_ErrMsgBuf rmsg;

-	HWCryptoHook_PassphraseContext ppctx;

-#endif

-#if !defined(OPENSSL_NO_RSA)

-	rmsg.buf = tempbuf;

-	rmsg.size = sizeof(tempbuf);

-#endif

-	if(!hwcrhk_context)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,

-			HWCRHK_R_NOT_INITIALISED);

-		goto err;

-		}

-#ifndef OPENSSL_NO_RSA

-	hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));

-	if (!hptr)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,

-			ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-        ppctx.ui_method = ui_method;

-	ppctx.callback_data = callback_data;

-	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,

-		&rmsg, &ppctx))

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,

-			HWCRHK_R_CHIL_ERROR);

-		ERR_add_error_data(1,rmsg.buf);

-		goto err;

-		}

-	if (!*hptr)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,

-			HWCRHK_R_NO_KEY);

-		goto err;

-		}

-#endif

-#ifndef OPENSSL_NO_RSA

-	rtmp = RSA_new_method(eng);

-	RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);

-	rtmp->e = BN_new();

-	rtmp->n = BN_new();

-	rtmp->flags |= RSA_FLAG_EXT_PKEY;

-	MPI2BN(rtmp->e, e);

-	MPI2BN(rtmp->n, n);

-	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)

-		!= HWCRYPTOHOOK_ERROR_MPISIZE)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR);

-		ERR_add_error_data(1,rmsg.buf);

-		goto err;

-		}

-	bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));

-	bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));

-	MPI2BN(rtmp->e, e);

-	MPI2BN(rtmp->n, n);

-	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,

-			HWCRHK_R_CHIL_ERROR);

-		ERR_add_error_data(1,rmsg.buf);

-		goto err;

-		}

-	rtmp->e->top = e.size / sizeof(BN_ULONG);

-	bn_fix_top(rtmp->e);

-	rtmp->n->top = n.size / sizeof(BN_ULONG);

-	bn_fix_top(rtmp->n);

-	res = EVP_PKEY_new();

-	EVP_PKEY_assign_RSA(res, rtmp);

-#endif

-        if (!res)

-                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,

-                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);

-	return res;

- err:

-	if (res)

-		EVP_PKEY_free(res);

-#ifndef OPENSSL_NO_RSA

-	if (rtmp)

-		RSA_free(rtmp);

-#endif

-	return NULL;

-	}

-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data)

-	{

-	EVP_PKEY *res = NULL;

-#ifndef OPENSSL_NO_RSA

-        res = hwcrhk_load_privkey(eng, key_id,

-                ui_method, callback_data);

-#endif

-	if (res)

-		switch(res->type)

-			{

-#ifndef OPENSSL_NO_RSA

-		case EVP_PKEY_RSA:

-			{

-			RSA *rsa = NULL;

-			CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);

-			rsa = res->pkey.rsa;

-			res->pkey.rsa = RSA_new();

-			res->pkey.rsa->n = rsa->n;

-			res->pkey.rsa->e = rsa->e;

-			rsa->n = NULL;

-			rsa->e = NULL;

-			CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);

-			RSA_free(rsa);

-			}

-			break;

-#endif

-		default:

-			HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,

-				HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-			goto err;

-			}

-	return res;

- err:

-	if (res)

-		EVP_PKEY_free(res);

-	return NULL;

-	}

-/* A little mod_exp */

-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *m, BN_CTX *ctx)

-	{

-	char tempbuf[1024];

-	HWCryptoHook_ErrMsgBuf rmsg;

-	/* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,

-	   we use them directly, plus a little macro magic.  We only

-	   thing we need to make sure of is that enough space is allocated. */

-	HWCryptoHook_MPI m_a, m_p, m_n, m_r;

-	int to_return, ret;

-	to_return = 0; /* expect failure */

-	rmsg.buf = tempbuf;

-	rmsg.size = sizeof(tempbuf);

-	if(!hwcrhk_context)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);

-		goto err;

-		}

-	/* Prepare the params */

-	bn_expand2(r, m->top);	/* Check for error !! */

-	BN2MPI(m_a, a);

-	BN2MPI(m_p, p);

-	BN2MPI(m_n, m);

-	MPI2BN(r, m_r);

-	/* Perform the operation */

-	ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);

-	/* Convert the response */

-	r->top = m_r.size / sizeof(BN_ULONG);

-	bn_fix_top(r);

-	if (ret < 0)

-		{

-		/* FIXME: When this error is returned, HWCryptoHook is

-		   telling us that falling back to software computation

-		   might be a good thing. */

-		if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);

-			}

-		else

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);

-			}

-		ERR_add_error_data(1,rmsg.buf);

-		goto err;

-		}

-	to_return = 1;

-err:

-	return to_return;

-	}

-#ifndef OPENSSL_NO_RSA

-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	char tempbuf[1024];

-	HWCryptoHook_ErrMsgBuf rmsg;

-	HWCryptoHook_RSAKeyHandle *hptr;

-	int to_return = 0, ret;

-	rmsg.buf = tempbuf;

-	rmsg.size = sizeof(tempbuf);

-	if(!hwcrhk_context)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED);

-		goto err;

-		}

-	/* This provides support for nForce keys.  Since that's opaque data

-	   all we do is provide a handle to the proper key and let HWCryptoHook

-	   take care of the rest. */

-	if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))

-		!= NULL)

-		{

-		HWCryptoHook_MPI m_a, m_r;

-		if(!rsa->n)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,

-				HWCRHK_R_MISSING_KEY_COMPONENTS);

-			goto err;

-			}

-		/* Prepare the params */

-		bn_expand2(r, rsa->n->top); /* Check for error !! */

-		BN2MPI(m_a, I);

-		MPI2BN(r, m_r);

-		/* Perform the operation */

-		ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);

-		/* Convert the response */

-		r->top = m_r.size / sizeof(BN_ULONG);

-		bn_fix_top(r);

-		if (ret < 0)

-			{

-			/* FIXME: When this error is returned, HWCryptoHook is

-			   telling us that falling back to software computation

-			   might be a good thing. */

-			if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)

-				{

-				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,

-					HWCRHK_R_REQUEST_FALLBACK);

-				}

-			else

-				{

-				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,

-					HWCRHK_R_REQUEST_FAILED);

-				}

-			ERR_add_error_data(1,rmsg.buf);

-			goto err;

-			}

-		}

-	else

-		{

-		HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;

-		if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,

-				HWCRHK_R_MISSING_KEY_COMPONENTS);

-			goto err;

-			}

-		/* Prepare the params */

-		bn_expand2(r, rsa->n->top); /* Check for error !! */

-		BN2MPI(m_a, I);

-		BN2MPI(m_p, rsa->p);

-		BN2MPI(m_q, rsa->q);

-		BN2MPI(m_dmp1, rsa->dmp1);

-		BN2MPI(m_dmq1, rsa->dmq1);

-		BN2MPI(m_iqmp, rsa->iqmp);

-		MPI2BN(r, m_r);

-		/* Perform the operation */

-		ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,

-			m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);

-		/* Convert the response */

-		r->top = m_r.size / sizeof(BN_ULONG);

-		bn_fix_top(r);

-		if (ret < 0)

-			{

-			/* FIXME: When this error is returned, HWCryptoHook is

-			   telling us that falling back to software computation

-			   might be a good thing. */

-			if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)

-				{

-				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,

-					HWCRHK_R_REQUEST_FALLBACK);

-				}

-			else

-				{

-				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,

-					HWCRHK_R_REQUEST_FAILED);

-				}

-			ERR_add_error_data(1,rmsg.buf);

-			goto err;

-			}

-		}

-	/* If we're here, we must be here with some semblance of success :-) */

-	to_return = 1;

-err:

-	return to_return;

-	}

-#endif

-#ifndef OPENSSL_NO_RSA

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return hwcrhk_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,

-		const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return hwcrhk_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-/* Random bytes are good */

-static int hwcrhk_rand_bytes(unsigned char *buf, int num)

-	{

-	char tempbuf[1024];

-	HWCryptoHook_ErrMsgBuf rmsg;

-	int to_return = 0; /* assume failure */

-	int ret;

-	rmsg.buf = tempbuf;

-	rmsg.size = sizeof(tempbuf);

-	if(!hwcrhk_context)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);

-		goto err;

-		}

-	ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);

-	if (ret < 0)

-		{

-		/* FIXME: When this error is returned, HWCryptoHook is

-		   telling us that falling back to software computation

-		   might be a good thing. */

-		if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,

-				HWCRHK_R_REQUEST_FALLBACK);

-			}

-		else

-			{

-			HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,

-				HWCRHK_R_REQUEST_FAILED);

-			}

-		ERR_add_error_data(1,rmsg.buf);

-		goto err;

-		}

-	to_return = 1;

- err:

-	return to_return;

-	}

-static int hwcrhk_rand_status(void)

-	{

-	return 1;

-	}

-/* This cleans up an RSA KM key, called when ex_data is freed */

-#ifndef OPENSSL_NO_RSA

-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-	int ind,long argl, void *argp)

-{

-	char tempbuf[1024];

-	HWCryptoHook_ErrMsgBuf rmsg;

-#ifndef OPENSSL_NO_RSA

-	HWCryptoHook_RSAKeyHandle *hptr;

-#endif

-#if !defined(OPENSSL_NO_RSA)

-	int ret;

-#endif

-	rmsg.buf = tempbuf;

-	rmsg.size = sizeof(tempbuf);

-#ifndef OPENSSL_NO_RSA

-	hptr = (HWCryptoHook_RSAKeyHandle *) item;

-	if(hptr)

-                {

-                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);

-                OPENSSL_free(hptr);

-                }

-#endif

-}

-#endif

-/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model

- * these just wrap the POSIX functions and add some logging.

- */

-static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,

-	HWCryptoHook_CallerContext *cactx)

-	{

-	mt->lockid = CRYPTO_get_new_dynlockid();

-	if (mt->lockid == 0)

-		return 1; /* failure */

-	return 0; /* success */

-	}

-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)

-	{

-	CRYPTO_w_lock(mt->lockid);

-	return 0;

-	}

-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)

-	{

-	CRYPTO_w_unlock(mt->lockid);

-	}

-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)

-	{

-	CRYPTO_destroy_dynlockid(mt->lockid);

-	}

-static int hwcrhk_get_pass(const char *prompt_info,

-	int *len_io, char *buf,

-	HWCryptoHook_PassphraseContext *ppctx,

-	HWCryptoHook_CallerContext *cactx)

-	{

-	pem_password_cb *callback = NULL;

-	void *callback_data = NULL;

-        UI_METHOD *ui_method = NULL;

-        if (cactx)

-                {

-                if (cactx->ui_method)

-                        ui_method = cactx->ui_method;

-		if (cactx->password_callback)

-			callback = cactx->password_callback;

-		if (cactx->callback_data)

-			callback_data = cactx->callback_data;

-                }

-	if (ppctx)

-		{

-                if (ppctx->ui_method)

-                        {

-                        ui_method = ppctx->ui_method;

-                        callback = NULL;

-                        }

-		if (ppctx->callback_data)

-			callback_data = ppctx->callback_data;

-		}

-	if (callback == NULL && ui_method == NULL)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);

-		return -1;

-		}

-        if (ui_method)

-                {

-                UI *ui = UI_new_method(ui_method);

-                if (ui)

-                        {

-                        int ok;

-                        char *prompt = UI_construct_prompt(ui,

-                                "pass phrase", prompt_info);

-                        ok = UI_add_input_string(ui,prompt,

-                                UI_INPUT_FLAG_DEFAULT_PWD,

-				buf,0,(*len_io) - 1);

-                        UI_add_user_data(ui, callback_data);

-			UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);

-			if (ok >= 0)

-				do

-					{

-					ok=UI_process(ui);

-					}

-				while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));

-                        if (ok >= 0)

-                                *len_io = strlen(buf);

-                        UI_free(ui);

-                        OPENSSL_free(prompt);

-                        }

-                }

-        else

-                {

-                *len_io = callback(buf, *len_io, 0, callback_data);

-                }

-	if(!*len_io)

-		return -1;

-	return 0;

-	}

-static int hwcrhk_insert_card(const char *prompt_info,

-		      const char *wrong_info,

-		      HWCryptoHook_PassphraseContext *ppctx,

-		      HWCryptoHook_CallerContext *cactx)

-        {

-        int ok = -1;

-        UI *ui;

-	void *callback_data = NULL;

-        UI_METHOD *ui_method = NULL;

-        if (cactx)

-                {

-                if (cactx->ui_method)

-                        ui_method = cactx->ui_method;

-		if (cactx->callback_data)

-			callback_data = cactx->callback_data;

-                }

-	if (ppctx)

-		{

-                if (ppctx->ui_method)

-                        ui_method = ppctx->ui_method;

-		if (ppctx->callback_data)

-			callback_data = ppctx->callback_data;

-		}

-	if (ui_method == NULL)

-		{

-		HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,

-			HWCRHK_R_NO_CALLBACK);

-		return -1;

-		}

-	ui = UI_new_method(ui_method);

-	if (ui)

-		{

-		char answer;

-		char buf[BUFSIZ];

-		if (wrong_info)

-			BIO_snprintf(buf, sizeof(buf)-1,

-				"Current card: \"%s\"\n", wrong_info);

-		ok = UI_dup_info_string(ui, buf);

-		if (ok >= 0 && prompt_info)

-			{

-			BIO_snprintf(buf, sizeof(buf)-1,

-				"Insert card \"%s\"", prompt_info);

-			ok = UI_dup_input_boolean(ui, buf,

-				"\n then hit <enter> or C<enter> to cancel\n",

-				"\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);

-			}

-		UI_add_user_data(ui, callback_data);

-		if (ok >= 0)

-			ok = UI_process(ui);

-		UI_free(ui);

-		if (ok == -2 || (ok >= 0 && answer == 'C'))

-			ok = 1;

-		else if (ok < 0)

-			ok = -1;

-		else

-			ok = 0;

-		}

-	return ok;

-	}

-static void hwcrhk_log_message(void *logstr, const char *message)

-	{

-	BIO *lstream = NULL;

-	CRYPTO_w_lock(CRYPTO_LOCK_BIO);

-	if (logstr)

-		lstream=*(BIO **)logstr;

-	if (lstream)

-		{

-		BIO_printf(lstream, "%s\n", message);

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_BIO);

-	}

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_hwcrhk_id) != 0) &&

-			(strcmp(id, engine_hwcrhk_id_alt) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_CHIL */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_chil.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L HWCRHK	e_chil_err.h			e_chil_err.c

--- a/sys/src/ape/lib/openssl/engines/e_chil_err.c

+++ /dev/null

@@ -1,161 +1,0 @@

-/* e_chil_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_chil_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA HWCRHK_str_functs[]=

-	{

-{ERR_FUNC(HWCRHK_F_HWCRHK_CTRL),	"HWCRHK_CTRL"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_FINISH),	"HWCRHK_FINISH"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS),	"HWCRHK_GET_PASS"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_INIT),	"HWCRHK_INIT"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD),	"HWCRHK_INSERT_CARD"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY),	"HWCRHK_LOAD_PRIVKEY"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY),	"HWCRHK_LOAD_PUBKEY"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP),	"HWCRHK_MOD_EXP"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES),	"HWCRHK_RAND_BYTES"},

-{ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP),	"HWCRHK_RSA_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA HWCRHK_str_reasons[]=

-	{

-{ERR_REASON(HWCRHK_R_ALREADY_LOADED)     ,"already loaded"},

-{ERR_REASON(HWCRHK_R_BIO_WAS_FREED)      ,"bio was freed"},

-{ERR_REASON(HWCRHK_R_CHIL_ERROR)         ,"chil error"},

-{ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(HWCRHK_R_DSO_FAILURE)        ,"dso failure"},

-{ERR_REASON(HWCRHK_R_LOCKING_MISSING)    ,"locking missing"},

-{ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{ERR_REASON(HWCRHK_R_NOT_INITIALISED)    ,"not initialised"},

-{ERR_REASON(HWCRHK_R_NOT_LOADED)         ,"not loaded"},

-{ERR_REASON(HWCRHK_R_NO_CALLBACK)        ,"no callback"},

-{ERR_REASON(HWCRHK_R_NO_KEY)             ,"no key"},

-{ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),"private key algorithms disabled"},

-{ERR_REASON(HWCRHK_R_REQUEST_FAILED)     ,"request failed"},

-{ERR_REASON(HWCRHK_R_REQUEST_FALLBACK)   ,"request fallback"},

-{ERR_REASON(HWCRHK_R_UNIT_FAILURE)       ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef HWCRHK_LIB_NAME

-static ERR_STRING_DATA HWCRHK_lib_name[]=

-        {

-{0	,HWCRHK_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int HWCRHK_lib_error_code=0;

-static int HWCRHK_error_init=1;

-static void ERR_load_HWCRHK_strings(void)

-	{

-	if (HWCRHK_lib_error_code == 0)

-		HWCRHK_lib_error_code=ERR_get_next_error_library();

-	if (HWCRHK_error_init)

-		{

-		HWCRHK_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);

-		ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);

-#endif

-#ifdef HWCRHK_LIB_NAME

-		HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);

-		ERR_load_strings(0,HWCRHK_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_HWCRHK_strings(void)

-	{

-	if (HWCRHK_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);

-		ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);

-#endif

-#ifdef HWCRHK_LIB_NAME

-		ERR_unload_strings(0,HWCRHK_lib_name);

-#endif

-		HWCRHK_error_init=1;

-		}

-	}

-static void ERR_HWCRHK_error(int function, int reason, char *file, int line)

-	{

-	if (HWCRHK_lib_error_code == 0)

-		HWCRHK_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_chil_err.h

+++ /dev/null

@@ -1,101 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_HWCRHK_ERR_H

-#define HEADER_HWCRHK_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_HWCRHK_strings(void);

-static void ERR_unload_HWCRHK_strings(void);

-static void ERR_HWCRHK_error(int function, int reason, char *file, int line);

-#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the HWCRHK functions. */

-/* Function codes. */

-#define HWCRHK_F_HWCRHK_CTRL				 100

-#define HWCRHK_F_HWCRHK_FINISH				 101

-#define HWCRHK_F_HWCRHK_GET_PASS			 102

-#define HWCRHK_F_HWCRHK_INIT				 103

-#define HWCRHK_F_HWCRHK_INSERT_CARD			 104

-#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY			 105

-#define HWCRHK_F_HWCRHK_LOAD_PUBKEY			 106

-#define HWCRHK_F_HWCRHK_MOD_EXP				 107

-#define HWCRHK_F_HWCRHK_RAND_BYTES			 108

-#define HWCRHK_F_HWCRHK_RSA_MOD_EXP			 109

-/* Reason codes. */

-#define HWCRHK_R_ALREADY_LOADED				 100

-#define HWCRHK_R_BIO_WAS_FREED				 101

-#define HWCRHK_R_CHIL_ERROR				 102

-#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103

-#define HWCRHK_R_DSO_FAILURE				 104

-#define HWCRHK_R_LOCKING_MISSING			 114

-#define HWCRHK_R_MISSING_KEY_COMPONENTS			 105

-#define HWCRHK_R_NOT_INITIALISED			 106

-#define HWCRHK_R_NOT_LOADED				 107

-#define HWCRHK_R_NO_CALLBACK				 108

-#define HWCRHK_R_NO_KEY					 109

-#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED	 110

-#define HWCRHK_R_REQUEST_FAILED				 111

-#define HWCRHK_R_REQUEST_FALLBACK			 112

-#define HWCRHK_R_UNIT_FAILURE				 113

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_cswift.c

+++ /dev/null

@@ -1,1131 +1,0 @@

-/* crypto/engine/hw_cswift.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/rand.h>

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_CSWIFT

-/* Attribution notice: Rainbow have generously allowed me to reproduce

- * the necessary definitions here from their API. This means the support

- * can build independently of whether application builders have the

- * API or hardware. This will allow developers to easily produce software

- * that has latent hardware support for any users that have accelerators

- * installed, without the developers themselves needing anything extra.

- *

- * I have only clipped the parts from the CryptoSwift header files that

- * are (or seem) relevant to the CryptoSwift support code. This is

- * simply to keep the file sizes reasonable.

- * [Geoff]

- */

-#ifdef FLAT_INC

-#include "cswift.h"

-#else

-#include "vendor_defns/cswift.h"

-#endif

-#define CSWIFT_LIB_NAME "cswift engine"

-#include "e_cswift_err.c"

-#define DECIMAL_SIZE(type)	((sizeof(type)*8+2)/3+1)

-static int cswift_destroy(ENGINE *e);

-static int cswift_init(ENGINE *e);

-static int cswift_finish(ENGINE *e);

-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-#ifndef OPENSSL_NO_RSA

-static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);

-#endif

-/* BIGNUM stuff */

-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx);

-#ifndef OPENSSL_NO_RSA

-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,

-		const BIGNUM *iqmp, BN_CTX *ctx);

-#endif

-#ifndef OPENSSL_NO_RSA

-/* RSA stuff */

-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-#ifndef OPENSSL_NO_DSA

-/* DSA stuff */

-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);

-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,

-				DSA_SIG *sig, DSA *dsa);

-#endif

-#ifndef OPENSSL_NO_DH

-/* DH stuff */

-/* This function is alised to mod_exp (with the DH and mont dropped). */

-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,

-		const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#endif

-/* RAND stuff */

-static int cswift_rand_bytes(unsigned char *buf, int num);

-static int cswift_rand_status(void);

-/* The definitions for control commands specific to this engine */

-#define CSWIFT_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {

-	{CSWIFT_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'cswift' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD cswift_rsa =

-	{

-	"CryptoSwift RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	cswift_rsa_mod_exp,

-	cswift_mod_exp_mont,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-#ifndef OPENSSL_NO_DSA

-/* Our internal DSA_METHOD that we provide pointers to */

-static DSA_METHOD cswift_dsa =

-	{

-	"CryptoSwift DSA method",

-	cswift_dsa_sign,

-	NULL, /* dsa_sign_setup */

-	cswift_dsa_verify,

-	NULL, /* dsa_mod_exp */

-	NULL, /* bn_mod_exp */

-	NULL, /* init */

-	NULL, /* finish */

-	0, /* flags */

-	NULL, /* app_data */

-	NULL, /* dsa_paramgen */

-	NULL /* dsa_keygen */

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-static DH_METHOD cswift_dh =

-	{

-	"CryptoSwift DH method",

-	NULL,

-	NULL,

-	cswift_mod_exp_dh,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL

-	};

-#endif

-static RAND_METHOD cswift_random =

-    {

-    /* "CryptoSwift RAND method", */

-    NULL,

-    cswift_rand_bytes,

-    NULL,

-    NULL,

-    cswift_rand_bytes,

-    cswift_rand_status,

-    };

-/* Constants used when creating the ENGINE */

-static const char *engine_cswift_id = "cswift";

-static const char *engine_cswift_name = "CryptoSwift hardware engine support";

-/* This internal function is used by ENGINE_cswift() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth2;

-#endif

-	if(!ENGINE_set_id(e, engine_cswift_id) ||

-			!ENGINE_set_name(e, engine_cswift_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &cswift_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-			!ENGINE_set_DSA(e, &cswift_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH(e, &cswift_dh) ||

-#endif

-			!ENGINE_set_RAND(e, &cswift_random) ||

-			!ENGINE_set_destroy_function(e, cswift_destroy) ||

-			!ENGINE_set_init_function(e, cswift_init) ||

-			!ENGINE_set_finish_function(e, cswift_finish) ||

-			!ENGINE_set_ctrl_function(e, cswift_ctrl) ||

-			!ENGINE_set_cmd_defns(e, cswift_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the cswift-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth2 = DH_OpenSSL();

-	cswift_dh.generate_key = meth2->generate_key;

-	cswift_dh.compute_key = meth2->compute_key;

-#endif

-	/* Ensure the cswift error handling is set up */

-	ERR_load_CSWIFT_strings();

-	return 1;

-	}

-#ifdef OPENSSL_NO_DYNAMIC_ENGINE

-static ENGINE *engine_cswift(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_cswift(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_cswift();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This is a process-global DSO handle used for loading and unloading

- * the CryptoSwift library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *cswift_dso = NULL;

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;

-t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;

-t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;

-t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;

-/* Used in the DSO operations. */

-static const char *CSWIFT_LIBNAME = NULL;

-static const char *get_CSWIFT_LIBNAME(void)

-	{

-	if(CSWIFT_LIBNAME)

-		return CSWIFT_LIBNAME;

-	return "swift";

-	}

-static void free_CSWIFT_LIBNAME(void)

-	{

-	if(CSWIFT_LIBNAME)

-		OPENSSL_free((void*)CSWIFT_LIBNAME);

-	CSWIFT_LIBNAME = NULL;

-	}

-static long set_CSWIFT_LIBNAME(const char *name)

-	{

-	free_CSWIFT_LIBNAME();

-	return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);

-	}

-static const char *CSWIFT_F1 = "swAcquireAccContext";

-static const char *CSWIFT_F2 = "swAttachKeyParam";

-static const char *CSWIFT_F3 = "swSimpleRequest";

-static const char *CSWIFT_F4 = "swReleaseAccContext";

-/* CryptoSwift library functions and mechanics - these are used by the

- * higher-level functions further down. NB: As and where there's no

- * error checking, take a look lower down where these functions are

- * called, the checking and error handling is probably down there. */

-/* utility function to obtain a context */

-static int get_context(SW_CONTEXT_HANDLE *hac)

-	{

-        SW_STATUS status;

-        status = p_CSwift_AcquireAccContext(hac);

-        if(status != SW_OK)

-                return 0;

-        return 1;

-	}

-/* similarly to release one. */

-static void release_context(SW_CONTEXT_HANDLE hac)

-	{

-        p_CSwift_ReleaseAccContext(hac);

-	}

-/* Destructor (complements the "ENGINE_cswift()" constructor) */

-static int cswift_destroy(ENGINE *e)

-	{

-	free_CSWIFT_LIBNAME();

-	ERR_unload_CSWIFT_strings();

-	return 1;

-	}

-/* (de)initialisation functions. */

-static int cswift_init(ENGINE *e)

-	{

-        SW_CONTEXT_HANDLE hac;

-        t_swAcquireAccContext *p1;

-        t_swAttachKeyParam *p2;

-        t_swSimpleRequest *p3;

-        t_swReleaseAccContext *p4;

-	if(cswift_dso != NULL)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);

-		goto err;

-		}

-	/* Attempt to load libswift.so/swift.dll/whatever. */

-	cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);

-	if(cswift_dso == NULL)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);

-		goto err;

-		}

-	if(!(p1 = (t_swAcquireAccContext *)

-				DSO_bind_func(cswift_dso, CSWIFT_F1)) ||

-			!(p2 = (t_swAttachKeyParam *)

-				DSO_bind_func(cswift_dso, CSWIFT_F2)) ||

-			!(p3 = (t_swSimpleRequest *)

-				DSO_bind_func(cswift_dso, CSWIFT_F3)) ||

-			!(p4 = (t_swReleaseAccContext *)

-				DSO_bind_func(cswift_dso, CSWIFT_F4)))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);

-		goto err;

-		}

-	/* Copy the pointers */

-	p_CSwift_AcquireAccContext = p1;

-	p_CSwift_AttachKeyParam = p2;

-	p_CSwift_SimpleRequest = p3;

-	p_CSwift_ReleaseAccContext = p4;

-	/* Try and get a context - if not, we may have a DSO but no

-	 * accelerator! */

-	if(!get_context(&hac))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);

-		goto err;

-		}

-	release_context(hac);

-	/* Everything's fine. */

-	return 1;

-err:

-	if(cswift_dso)

-	{

-		DSO_free(cswift_dso);

-		cswift_dso = NULL;

-	}

-	p_CSwift_AcquireAccContext = NULL;

-	p_CSwift_AttachKeyParam = NULL;

-	p_CSwift_SimpleRequest = NULL;

-	p_CSwift_ReleaseAccContext = NULL;

-	return 0;

-	}

-static int cswift_finish(ENGINE *e)

-	{

-	free_CSWIFT_LIBNAME();

-	if(cswift_dso == NULL)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);

-		return 0;

-		}

-	if(!DSO_free(cswift_dso))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);

-		return 0;

-		}

-	cswift_dso = NULL;

-	p_CSwift_AcquireAccContext = NULL;

-	p_CSwift_AttachKeyParam = NULL;

-	p_CSwift_SimpleRequest = NULL;

-	p_CSwift_ReleaseAccContext = NULL;

-	return 1;

-	}

-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int initialised = ((cswift_dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case CSWIFT_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);

-			return 0;

-			}

-		return set_CSWIFT_LIBNAME((const char *)p);

-	default:

-		break;

-		}

-	CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-/* Un petit mod_exp */

-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *m, BN_CTX *ctx)

-	{

-	/* I need somewhere to store temporary serialised values for

-	 * use with the CryptoSwift API calls. A neat cheat - I'll use

-	 * BIGNUMs from the BN_CTX but access their arrays directly as

-	 * byte arrays <grin>. This way I don't have to clean anything

-	 * up. */

-	BIGNUM *modulus;

-	BIGNUM *exponent;

-	BIGNUM *argument;

-	BIGNUM *result;

-	SW_STATUS sw_status;

-	SW_LARGENUMBER arg, res;

-	SW_PARAM sw_param;

-	SW_CONTEXT_HANDLE hac;

-	int to_return, acquired;

-	modulus = exponent = argument = result = NULL;

-	to_return = 0; /* expect failure */

-	acquired = 0;

-	if(!get_context(&hac))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);

-		goto err;

-		}

-	acquired = 1;

-	/* Prepare the params */

-	BN_CTX_start(ctx);

-	modulus = BN_CTX_get(ctx);

-	exponent = BN_CTX_get(ctx);

-	argument = BN_CTX_get(ctx);

-	result = BN_CTX_get(ctx);

-	if(!result)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);

-		goto err;

-		}

-	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||

-		!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-		}

-	sw_param.type = SW_ALG_EXP;

-	sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,

-		(unsigned char *)modulus->d);

-	sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;

-	sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,

-		(unsigned char *)exponent->d);

-	sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;

-	/* Attach the key params */

-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);

-	switch(sw_status)

-		{

-	case SW_OK:

-		break;

-	case SW_ERR_INPUT_SIZE:

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);

-		goto err;

-	default:

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		}

-		goto err;

-		}

-	/* Prepare the argument and response */

-	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);

-	arg.value = (unsigned char *)argument->d;

-	res.nbytes = BN_num_bytes(m);

-	memset(result->d, 0, res.nbytes);

-	res.value = (unsigned char *)result->d;

-	/* Perform the operation */

-	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,

-		&res, 1)) != SW_OK)

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		goto err;

-		}

-	/* Convert the response */

-	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);

-	to_return = 1;

-err:

-	if(acquired)

-		release_context(hac);

-	BN_CTX_end(ctx);

-	return to_return;

-	}

-#ifndef OPENSSL_NO_RSA

-int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)

-{

-	int mod;

-	int numbytes = BN_num_bytes(in);

-	mod = 0;

-	while( ((out->nbytes = (numbytes+mod)) % 32) )

-	{

-		mod++;

-	}

-	out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);

-	if(!out->value)

-	{

-		return 0;

-	}

-	BN_bn2bin(in, &out->value[mod]);

-	if(mod)

-		memset(out->value, 0, mod);

-	return 1;

-}

-#endif

-#ifndef OPENSSL_NO_RSA

-/* Un petit mod_exp chinois */

-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *q, const BIGNUM *dmp1,

-			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)

-	{

-	SW_STATUS sw_status;

-	SW_LARGENUMBER arg, res;

-	SW_PARAM sw_param;

-	SW_CONTEXT_HANDLE hac;

-	BIGNUM *result = NULL;

-	BIGNUM *argument = NULL;

-	int to_return = 0; /* expect failure */

-	int acquired = 0;

-	sw_param.up.crt.p.value = NULL;

-	sw_param.up.crt.q.value = NULL;

-	sw_param.up.crt.dmp1.value = NULL;

-	sw_param.up.crt.dmq1.value = NULL;

-	sw_param.up.crt.iqmp.value = NULL;

-	if(!get_context(&hac))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);

-		goto err;

-		}

-	acquired = 1;

-	/* Prepare the params */

-	argument = BN_new();

-	result = BN_new();

-	if(!result || !argument)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);

-		goto err;

-		}

-	sw_param.type = SW_ALG_CRT;

-	/************************************************************************/

-	/* 04/02/2003                                                           */

-	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */

-	/* limitation of cswift with values not a multiple of 32                */

-	/************************************************************************/

-	if(!cswift_bn_32copy(&sw_param.up.crt.p, p))

-	{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if(!cswift_bn_32copy(&sw_param.up.crt.q, q))

-	{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))

-	{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))

-	{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))

-	{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if(	!bn_wexpand(argument, a->top) ||

-			!bn_wexpand(result, p->top + q->top))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-		}

-	/* Attach the key params */

-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);

-	switch(sw_status)

-		{

-	case SW_OK:

-		break;

-	case SW_ERR_INPUT_SIZE:

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);

-		goto err;

-	default:

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		}

-		goto err;

-		}

-	/* Prepare the argument and response */

-	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);

-	arg.value = (unsigned char *)argument->d;

-	res.nbytes = 2 * BN_num_bytes(p);

-	memset(result->d, 0, res.nbytes);

-	res.value = (unsigned char *)result->d;

-	/* Perform the operation */

-	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,

-		&res, 1)) != SW_OK)

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		goto err;

-		}

-	/* Convert the response */

-	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);

-	to_return = 1;

-err:

-	if(sw_param.up.crt.p.value)

-		OPENSSL_free(sw_param.up.crt.p.value);

-	if(sw_param.up.crt.q.value)

-		OPENSSL_free(sw_param.up.crt.q.value);

-	if(sw_param.up.crt.dmp1.value)

-		OPENSSL_free(sw_param.up.crt.dmp1.value);

-	if(sw_param.up.crt.dmq1.value)

-		OPENSSL_free(sw_param.up.crt.dmq1.value);

-	if(sw_param.up.crt.iqmp.value)

-		OPENSSL_free(sw_param.up.crt.iqmp.value);

-	if(result)

-		BN_free(result);

-	if(argument)

-		BN_free(argument);

-	if(acquired)

-		release_context(hac);

-	return to_return;

-	}

-#endif

-#ifndef OPENSSL_NO_RSA

-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	int to_return = 0;

-	const RSA_METHOD * def_rsa_method;

-	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);

-		goto err;

-		}

-	/* Try the limits of RSA (2048 bits) */

-	if(BN_num_bytes(rsa->p) > 128 ||

-		BN_num_bytes(rsa->q) > 128 ||

-		BN_num_bytes(rsa->dmp1) > 128 ||

-		BN_num_bytes(rsa->dmq1) > 128 ||

-		BN_num_bytes(rsa->iqmp) > 128)

-	{

-#ifdef RSA_NULL

-		def_rsa_method=RSA_null_method();

-#else

-#if 0

-		def_rsa_method=RSA_PKCS1_RSAref();

-#else

-		def_rsa_method=RSA_PKCS1_SSLeay();

-#endif

-#endif

-		if(def_rsa_method)

-			return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);

-	}

-	to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,

-		rsa->dmq1, rsa->iqmp, ctx);

-err:

-	return to_return;

-	}

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	const RSA_METHOD * def_rsa_method;

-	/* Try the limits of RSA (2048 bits) */

-	if(BN_num_bytes(r) > 256 ||

-		BN_num_bytes(a) > 256 ||

-		BN_num_bytes(m) > 256)

-	{

-#ifdef RSA_NULL

-		def_rsa_method=RSA_null_method();

-#else

-#if 0

-		def_rsa_method=RSA_PKCS1_RSAref();

-#else

-		def_rsa_method=RSA_PKCS1_SSLeay();

-#endif

-#endif

-		if(def_rsa_method)

-			return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);

-	}

-	return cswift_mod_exp(r, a, p, m, ctx);

-	}

-#endif	/* OPENSSL_NO_RSA */

-#ifndef OPENSSL_NO_DSA

-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)

-	{

-	SW_CONTEXT_HANDLE hac;

-	SW_PARAM sw_param;

-	SW_STATUS sw_status;

-	SW_LARGENUMBER arg, res;

-	unsigned char *ptr;

-	BN_CTX *ctx;

-	BIGNUM *dsa_p = NULL;

-	BIGNUM *dsa_q = NULL;

-	BIGNUM *dsa_g = NULL;

-	BIGNUM *dsa_key = NULL;

-	BIGNUM *result = NULL;

-	DSA_SIG *to_return = NULL;

-	int acquired = 0;

-	if((ctx = BN_CTX_new()) == NULL)

-		goto err;

-	if(!get_context(&hac))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);

-		goto err;

-		}

-	acquired = 1;

-	/* Prepare the params */

-	BN_CTX_start(ctx);

-	dsa_p = BN_CTX_get(ctx);

-	dsa_q = BN_CTX_get(ctx);

-	dsa_g = BN_CTX_get(ctx);

-	dsa_key = BN_CTX_get(ctx);

-	result = BN_CTX_get(ctx);

-	if(!result)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);

-		goto err;

-		}

-	if(!bn_wexpand(dsa_p, dsa->p->top) ||

-			!bn_wexpand(dsa_q, dsa->q->top) ||

-			!bn_wexpand(dsa_g, dsa->g->top) ||

-			!bn_wexpand(dsa_key, dsa->priv_key->top) ||

-			!bn_wexpand(result, dsa->p->top))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-		}

-	sw_param.type = SW_ALG_DSA;

-	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,

-				(unsigned char *)dsa_p->d);

-	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;

-	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,

-				(unsigned char *)dsa_q->d);

-	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;

-	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,

-				(unsigned char *)dsa_g->d);

-	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;

-	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,

-				(unsigned char *)dsa_key->d);

-	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;

-	/* Attach the key params */

-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);

-	switch(sw_status)

-		{

-	case SW_OK:

-		break;

-	case SW_ERR_INPUT_SIZE:

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);

-		goto err;

-	default:

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		}

-		goto err;

-		}

-	/* Prepare the argument and response */

-	arg.nbytes = dlen;

-	arg.value = (unsigned char *)dgst;

-	res.nbytes = BN_num_bytes(dsa->p);

-	memset(result->d, 0, res.nbytes);

-	res.value = (unsigned char *)result->d;

-	/* Perform the operation */

-	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,

-		&res, 1);

-	if(sw_status != SW_OK)

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		goto err;

-		}

-	/* Convert the response */

-	ptr = (unsigned char *)result->d;

-	if((to_return = DSA_SIG_new()) == NULL)

-		goto err;

-	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);

-	to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);

-err:

-	if(acquired)

-		release_context(hac);

-	if(ctx)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	return to_return;

-	}

-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,

-				DSA_SIG *sig, DSA *dsa)

-	{

-	SW_CONTEXT_HANDLE hac;

-	SW_PARAM sw_param;

-	SW_STATUS sw_status;

-	SW_LARGENUMBER arg[2], res;

-	unsigned long sig_result;

-	BN_CTX *ctx;

-	BIGNUM *dsa_p = NULL;

-	BIGNUM *dsa_q = NULL;

-	BIGNUM *dsa_g = NULL;

-	BIGNUM *dsa_key = NULL;

-	BIGNUM *argument = NULL;

-	int to_return = -1;

-	int acquired = 0;

-	if((ctx = BN_CTX_new()) == NULL)

-		goto err;

-	if(!get_context(&hac))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);

-		goto err;

-		}

-	acquired = 1;

-	/* Prepare the params */

-	BN_CTX_start(ctx);

-	dsa_p = BN_CTX_get(ctx);

-	dsa_q = BN_CTX_get(ctx);

-	dsa_g = BN_CTX_get(ctx);

-	dsa_key = BN_CTX_get(ctx);

-	argument = BN_CTX_get(ctx);

-	if(!argument)

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);

-		goto err;

-		}

-	if(!bn_wexpand(dsa_p, dsa->p->top) ||

-			!bn_wexpand(dsa_q, dsa->q->top) ||

-			!bn_wexpand(dsa_g, dsa->g->top) ||

-			!bn_wexpand(dsa_key, dsa->pub_key->top) ||

-			!bn_wexpand(argument, 40))

-		{

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);

-		goto err;

-		}

-	sw_param.type = SW_ALG_DSA;

-	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,

-				(unsigned char *)dsa_p->d);

-	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;

-	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,

-				(unsigned char *)dsa_q->d);

-	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;

-	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,

-				(unsigned char *)dsa_g->d);

-	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;

-	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,

-				(unsigned char *)dsa_key->d);

-	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;

-	/* Attach the key params */

-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);

-	switch(sw_status)

-		{

-	case SW_OK:

-		break;

-	case SW_ERR_INPUT_SIZE:

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);

-		goto err;

-	default:

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		}

-		goto err;

-		}

-	/* Prepare the argument and response */

-	arg[0].nbytes = dgst_len;

-	arg[0].value = (unsigned char *)dgst;

-	arg[1].nbytes = 40;

-	arg[1].value = (unsigned char *)argument->d;

-	memset(arg[1].value, 0, 40);

-	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));

-	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));

-	res.nbytes = 4; /* unsigned long */

-	res.value = (unsigned char *)(&sig_result);

-	/* Perform the operation */

-	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,

-		&res, 1);

-	if(sw_status != SW_OK)

-		{

-		char tmpbuf[DECIMAL_SIZE(sw_status)+1];

-		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);

-		sprintf(tmpbuf, "%ld", sw_status);

-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

-		goto err;

-		}

-	/* Convert the response */

-	to_return = ((sig_result == 0) ? 0 : 1);

-err:

-	if(acquired)

-		release_context(hac);

-	if(ctx)

-		{

-		BN_CTX_end(ctx);

-		BN_CTX_free(ctx);

-		}

-	return to_return;

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,

-		const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return cswift_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-/* Random bytes are good */

-static int cswift_rand_bytes(unsigned char *buf, int num)

-{

-	SW_CONTEXT_HANDLE hac;

-	SW_STATUS swrc;

-	SW_LARGENUMBER largenum;

-	int acquired = 0;

-	int to_return = 0; /* assume failure */

-	unsigned char buf32[1024];

-	if (!get_context(&hac))

-	{

-		CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);

-		goto err;

-	}

-	acquired = 1;

-	/************************************************************************/

-	/* 04/02/2003                                                           */

-	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */

-	/* limitation of cswift with values not a multiple of 32                */

-	/************************************************************************/

-	while(num >= (int)sizeof(buf32))

-	{

-		largenum.value = buf;

-		largenum.nbytes = sizeof(buf32);

-		/* tell CryptoSwift how many bytes we want and where we want it.

-		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.

-		 *       - CryptoSwift can only do multiple of 32-bits. */

-		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);

-		if (swrc != SW_OK)

-		{

-			char tmpbuf[20];

-			CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);

-			sprintf(tmpbuf, "%ld", swrc);

-			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);

-			goto err;

-		}

-		buf += sizeof(buf32);

-		num -= sizeof(buf32);

-	}

-	if(num)

-	{

-		largenum.nbytes = sizeof(buf32);

-		largenum.value = buf32;

-		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);

-		if (swrc != SW_OK)

-		{

-			char tmpbuf[20];

-			CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);

-			sprintf(tmpbuf, "%ld", swrc);

-			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);

-			goto err;

-		}

-		memcpy(buf, largenum.value, num);

-	}

-	to_return = 1;  /* success */

-err:

-	if (acquired)

-		release_context(hac);

-	return to_return;

-}

-static int cswift_rand_status(void)

-{

-	return 1;

-}

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_cswift_id) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_CSWIFT */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_cswift.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L CSWIFT	e_cswift_err.h			e_cswift_err.c

--- a/sys/src/ape/lib/openssl/engines/e_cswift_err.c

+++ /dev/null

@@ -1,154 +1,0 @@

-/* e_cswift_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_cswift_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA CSWIFT_str_functs[]=

-	{

-{ERR_FUNC(CSWIFT_F_CSWIFT_CTRL),	"CSWIFT_CTRL"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN),	"CSWIFT_DSA_SIGN"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY),	"CSWIFT_DSA_VERIFY"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_FINISH),	"CSWIFT_FINISH"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_INIT),	"CSWIFT_INIT"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP),	"CSWIFT_MOD_EXP"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT),	"CSWIFT_MOD_EXP_CRT"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES),	"CSWIFT_RAND_BYTES"},

-{ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP),	"CSWIFT_RSA_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA CSWIFT_str_reasons[]=

-	{

-{ERR_REASON(CSWIFT_R_ALREADY_LOADED)     ,"already loaded"},

-{ERR_REASON(CSWIFT_R_BAD_KEY_SIZE)       ,"bad key size"},

-{ERR_REASON(CSWIFT_R_BN_CTX_FULL)        ,"bn ctx full"},

-{ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL)     ,"bn expand fail"},

-{ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{ERR_REASON(CSWIFT_R_NOT_LOADED)         ,"not loaded"},

-{ERR_REASON(CSWIFT_R_REQUEST_FAILED)     ,"request failed"},

-{ERR_REASON(CSWIFT_R_UNIT_FAILURE)       ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef CSWIFT_LIB_NAME

-static ERR_STRING_DATA CSWIFT_lib_name[]=

-        {

-{0	,CSWIFT_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int CSWIFT_lib_error_code=0;

-static int CSWIFT_error_init=1;

-static void ERR_load_CSWIFT_strings(void)

-	{

-	if (CSWIFT_lib_error_code == 0)

-		CSWIFT_lib_error_code=ERR_get_next_error_library();

-	if (CSWIFT_error_init)

-		{

-		CSWIFT_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);

-		ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);

-#endif

-#ifdef CSWIFT_LIB_NAME

-		CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);

-		ERR_load_strings(0,CSWIFT_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_CSWIFT_strings(void)

-	{

-	if (CSWIFT_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);

-		ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);

-#endif

-#ifdef CSWIFT_LIB_NAME

-		ERR_unload_strings(0,CSWIFT_lib_name);

-#endif

-		CSWIFT_error_init=1;

-		}

-	}

-static void ERR_CSWIFT_error(int function, int reason, char *file, int line)

-	{

-	if (CSWIFT_lib_error_code == 0)

-		CSWIFT_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_cswift_err.h

+++ /dev/null

@@ -1,94 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_CSWIFT_ERR_H

-#define HEADER_CSWIFT_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_CSWIFT_strings(void);

-static void ERR_unload_CSWIFT_strings(void);

-static void ERR_CSWIFT_error(int function, int reason, char *file, int line);

-#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the CSWIFT functions. */

-/* Function codes. */

-#define CSWIFT_F_CSWIFT_CTRL				 100

-#define CSWIFT_F_CSWIFT_DSA_SIGN			 101

-#define CSWIFT_F_CSWIFT_DSA_VERIFY			 102

-#define CSWIFT_F_CSWIFT_FINISH				 103

-#define CSWIFT_F_CSWIFT_INIT				 104

-#define CSWIFT_F_CSWIFT_MOD_EXP				 105

-#define CSWIFT_F_CSWIFT_MOD_EXP_CRT			 106

-#define CSWIFT_F_CSWIFT_RAND_BYTES			 108

-#define CSWIFT_F_CSWIFT_RSA_MOD_EXP			 107

-/* Reason codes. */

-#define CSWIFT_R_ALREADY_LOADED				 100

-#define CSWIFT_R_BAD_KEY_SIZE				 101

-#define CSWIFT_R_BN_CTX_FULL				 102

-#define CSWIFT_R_BN_EXPAND_FAIL				 103

-#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED		 104

-#define CSWIFT_R_MISSING_KEY_COMPONENTS			 105

-#define CSWIFT_R_NOT_LOADED				 106

-#define CSWIFT_R_REQUEST_FAILED				 107

-#define CSWIFT_R_UNIT_FAILURE				 108

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_gmp.c

+++ /dev/null

@@ -1,435 +1,0 @@

-/* crypto/engine/e_gmp.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2003.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* This engine is not (currently) compiled in by default. Do enable it,

- * reconfigure OpenSSL with "-DOPENSSL_USE_GMP -lgmp". The GMP libraries and

- * headers must reside in one of the paths searched by the compiler/linker,

- * otherwise paths must be specified - eg. try configuring with

- * "-DOPENSSL_USE_GMP -I<includepath> -L<libpath> -lgmp". YMMV. */

-/* As for what this does - it's a largely unoptimised implementation of an

- * ENGINE that uses the GMP library to perform RSA private key operations. To

- * obtain more information about what "unoptimised" means, see my original mail

- * on the subject (though ignore the build instructions which have since

- * changed);

- *

- *    http://www.mail-archive.com/[email protected]/msg12227.html

- *

- * On my athlon system at least, it appears the builtin OpenSSL code is now

- * slightly faster, which is to say that the RSA-related MPI performance

- * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty

- * balanced for this chip, and so the performance degradation in this ENGINE by

- * having to convert to/from GMP formats (and not being able to cache

- * montgomery forms) is probably the difference. However, if some unconfirmed

- * reports from users is anything to go by, the situation on some other

- * chipsets might be a good deal more favourable to the GMP version (eg. PPC).

- * Feedback welcome. */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_HW

-#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP)

-#include <gmp.h>

-#define E_GMP_LIB_NAME "gmp engine"

-#include "e_gmp_err.c"

-static int e_gmp_destroy(ENGINE *e);

-static int e_gmp_init(ENGINE *e);

-static int e_gmp_finish(ENGINE *e);

-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-#ifndef OPENSSL_NO_RSA

-/* RSA stuff */

-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-static int e_gmp_rsa_finish(RSA *r);

-#endif

-/* The definitions for control commands specific to this engine */

-/* #define E_GMP_CMD_SO_PATH		ENGINE_CMD_BASE */

-static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {

-#if 0

-	{E_GMP_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'e_gmp' shared library",

-		ENGINE_CMD_FLAG_STRING},

-#endif

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD e_gmp_rsa =

-	{

-	"GMP RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	e_gmp_rsa_mod_exp,

-	NULL,

-	NULL,

-	e_gmp_rsa_finish,

-	/* These flags initialise montgomery crud that GMP ignores, however it

-	 * makes sure the public key ops (which are done in openssl) don't seem

-	 * *slower* than usual :-) */

-	RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-/* Constants used when creating the ENGINE */

-static const char *engine_e_gmp_id = "gmp";

-static const char *engine_e_gmp_name = "GMP engine support";

-/* This internal function is used by ENGINE_gmp() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-	if(!ENGINE_set_id(e, engine_e_gmp_id) ||

-			!ENGINE_set_name(e, engine_e_gmp_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &e_gmp_rsa) ||

-#endif

-			!ENGINE_set_destroy_function(e, e_gmp_destroy) ||

-			!ENGINE_set_init_function(e, e_gmp_init) ||

-			!ENGINE_set_finish_function(e, e_gmp_finish) ||

-			!ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||

-			!ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	meth1 = RSA_PKCS1_SSLeay();

-	e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-	e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;

-#endif

-	/* Ensure the e_gmp error handling is set up */

-	ERR_load_GMP_strings();

-	return 1;

-	}

-static ENGINE *engine_gmp(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_gmp(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_gmp();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#ifndef OPENSSL_NO_RSA

-/* Used to attach our own key-data to an RSA structure */

-static int hndidx_rsa = -1;

-#endif

-static int e_gmp_destroy(ENGINE *e)

-	{

-	ERR_unload_GMP_strings();

-	return 1;

-	}

-/* (de)initialisation functions. */

-static int e_gmp_init(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	if (hndidx_rsa == -1)

-		hndidx_rsa = RSA_get_ex_new_index(0,

-			"GMP-based RSA key handle",

-			NULL, NULL, NULL);

-#endif

-	if (hndidx_rsa == -1)

-		return 0;

-	return 1;

-	}

-static int e_gmp_finish(ENGINE *e)

-	{

-	return 1;

-	}

-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int to_return = 1;

-	switch(cmd)

-		{

-#if 0

-	case E_GMP_CMD_SO_PATH:

-		/* ... */

-#endif

-	/* The command isn't understood by this engine */

-	default:

-		GMPerr(GMP_F_E_GMP_CTRL,

-			GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-		to_return = 0;

-		break;

-		}

-	return to_return;

-	}

-/* HACK - use text I/O functions in openssl and GMP to handle conversions. This

- * is vile. */

-static int bn2gmp(const BIGNUM *bn, mpz_t g)

-	{

-	int toret;

-	char *tmpchar = BN_bn2hex(bn);

-	if(!tmpchar) return 0;

-	toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);

-	OPENSSL_free(tmpchar);

-	return toret;

-	}

-static int gmp2bn(mpz_t g, BIGNUM *bn)

-	{

-	int toret;

-	char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);

-	if(!tmpchar) return 0;

-	mpz_get_str(tmpchar, 16, g);

-	toret = BN_hex2bn(&bn, tmpchar);

-	OPENSSL_free(tmpchar);

-	return toret;

-	}

-#ifndef OPENSSL_NO_RSA

-typedef struct st_e_gmp_rsa_ctx

-	{

-	int public_only;

-	mpz_t n;

-	mpz_t d;

-	mpz_t e;

-	mpz_t p;

-	mpz_t q;

-	mpz_t dmp1;

-	mpz_t dmq1;

-	mpz_t iqmp;

-	mpz_t r0, r1, I0, m1;

-	} E_GMP_RSA_CTX;

-static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)

-	{

-	E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);

-	if(hptr) return hptr;

-	hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));

-	if(!hptr) return NULL;

-	/* These inits could probably be replaced by more intelligent

-	 * mpz_init2() versions, to reduce malloc-thrashing. */

-	mpz_init(hptr->n);

-	mpz_init(hptr->d);

-	mpz_init(hptr->e);

-	mpz_init(hptr->p);

-	mpz_init(hptr->q);

-	mpz_init(hptr->dmp1);

-	mpz_init(hptr->dmq1);

-	mpz_init(hptr->iqmp);

-	mpz_init(hptr->r0);

-	mpz_init(hptr->r1);

-	mpz_init(hptr->I0);

-	mpz_init(hptr->m1);

-	if(!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))

-		goto err;

-	if(!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

-		{

-		hptr->public_only = 1;

-		return hptr;

-		}

-	if(!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||

-			!bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||

-			!bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))

-		goto err;

-	hptr->public_only = 0;

-	RSA_set_ex_data(rsa, hndidx_rsa, hptr);

-	return hptr;

-err:

-	mpz_clear(hptr->n);

-	mpz_clear(hptr->d);

-	mpz_clear(hptr->e);

-	mpz_clear(hptr->p);

-	mpz_clear(hptr->q);

-	mpz_clear(hptr->dmp1);

-	mpz_clear(hptr->dmq1);

-	mpz_clear(hptr->iqmp);

-	mpz_clear(hptr->r0);

-	mpz_clear(hptr->r1);

-	mpz_clear(hptr->I0);

-	mpz_clear(hptr->m1);

-	OPENSSL_free(hptr);

-	return NULL;

-	}

-static int e_gmp_rsa_finish(RSA *rsa)

-	{

-	E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);

-	if(!hptr) return 0;

-	mpz_clear(hptr->n);

-	mpz_clear(hptr->d);

-	mpz_clear(hptr->e);

-	mpz_clear(hptr->p);

-	mpz_clear(hptr->q);

-	mpz_clear(hptr->dmp1);

-	mpz_clear(hptr->dmq1);

-	mpz_clear(hptr->iqmp);

-	mpz_clear(hptr->r0);

-	mpz_clear(hptr->r1);

-	mpz_clear(hptr->I0);

-	mpz_clear(hptr->m1);

-	OPENSSL_free(hptr);

-	RSA_set_ex_data(rsa, hndidx_rsa, NULL);

-	return 1;

-	}

-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	E_GMP_RSA_CTX *hptr;

-	int to_return = 0;

-	hptr = e_gmp_get_rsa(rsa);

-	if(!hptr)

-		{

-		GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,

-				GMP_R_KEY_CONTEXT_ERROR);

-		return 0;

-		}

-	if(hptr->public_only)

-		{

-		GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,

-				GMP_R_MISSING_KEY_COMPONENTS);

-		return 0;

-		}

-	/* ugh!!! */

-	if(!bn2gmp(I, hptr->I0))

-		return 0;

-	/* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into

-	 * GMP-speak. It may be that GMP's API facilitates cleaner formulations

-	 * of this stuff, eg. better handling of negatives, or functions that

-	 * combine operations. */

-	mpz_mod(hptr->r1, hptr->I0, hptr->q);

-	mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);

-	mpz_mod(hptr->r1, hptr->I0, hptr->p);

-	mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);

-	mpz_sub(hptr->r0, hptr->r0, hptr->m1);

-	if(mpz_sgn(hptr->r0) < 0)

-		mpz_add(hptr->r0, hptr->r0, hptr->p);

-	mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);

-	mpz_mod(hptr->r0, hptr->r1, hptr->p);

-	if(mpz_sgn(hptr->r0) < 0)

-		mpz_add(hptr->r0, hptr->r0, hptr->p);

-	mpz_mul(hptr->r1, hptr->r0, hptr->q);

-	mpz_add(hptr->r0, hptr->r1, hptr->m1);

-	/* ugh!!! */

-	if(gmp2bn(hptr->r0, r))

-		to_return = 1;

-	return 1;

-	}

-#endif

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifdef ENGINE_DYNAMIC_SUPPORT

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_e_gmp_id) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* ENGINE_DYNAMIC_SUPPORT */

-#endif /* !OPENSSL_NO_HW_GMP */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_gmp.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L GMP		e_gmp_err.h			e_gmp_err.c

--- a/sys/src/ape/lib/openssl/engines/e_gmp_err.c

+++ /dev/null

@@ -1,141 +1,0 @@

-/* e_gmp_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_gmp_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA GMP_str_functs[]=

-	{

-{ERR_FUNC(GMP_F_E_GMP_CTRL),	"E_GMP_CTRL"},

-{ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP),	"E_GMP_RSA_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA GMP_str_reasons[]=

-	{

-{ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(GMP_R_KEY_CONTEXT_ERROR)     ,"key context error"},

-{ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{0,NULL}

-	};

-#endif

-#ifdef GMP_LIB_NAME

-static ERR_STRING_DATA GMP_lib_name[]=

-        {

-{0	,GMP_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int GMP_lib_error_code=0;

-static int GMP_error_init=1;

-static void ERR_load_GMP_strings(void)

-	{

-	if (GMP_lib_error_code == 0)

-		GMP_lib_error_code=ERR_get_next_error_library();

-	if (GMP_error_init)

-		{

-		GMP_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(GMP_lib_error_code,GMP_str_functs);

-		ERR_load_strings(GMP_lib_error_code,GMP_str_reasons);

-#endif

-#ifdef GMP_LIB_NAME

-		GMP_lib_name->error = ERR_PACK(GMP_lib_error_code,0,0);

-		ERR_load_strings(0,GMP_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_GMP_strings(void)

-	{

-	if (GMP_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(GMP_lib_error_code,GMP_str_functs);

-		ERR_unload_strings(GMP_lib_error_code,GMP_str_reasons);

-#endif

-#ifdef GMP_LIB_NAME

-		ERR_unload_strings(0,GMP_lib_name);

-#endif

-		GMP_error_init=1;

-		}

-	}

-static void ERR_GMP_error(int function, int reason, char *file, int line)

-	{

-	if (GMP_lib_error_code == 0)

-		GMP_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(GMP_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_gmp_err.h

+++ /dev/null

@@ -1,81 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_GMP_ERR_H

-#define HEADER_GMP_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_GMP_strings(void);

-static void ERR_unload_GMP_strings(void);

-static void ERR_GMP_error(int function, int reason, char *file, int line);

-#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the GMP functions. */

-/* Function codes. */

-#define GMP_F_E_GMP_CTRL				 100

-#define GMP_F_E_GMP_RSA_MOD_EXP				 101

-/* Reason codes. */

-#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED		 100

-#define GMP_R_KEY_CONTEXT_ERROR				 101

-#define GMP_R_MISSING_KEY_COMPONENTS			 102

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_nuron.c

+++ /dev/null

@@ -1,434 +1,0 @@

-/* crypto/engine/hw_nuron.c */

-/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff

- * Thorpe's Atalla implementation.

- */

-/* ====================================================================

- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_NURON

-#define NURON_LIB_NAME "nuron engine"

-#include "e_nuron_err.c"

-static const char *NURON_LIBNAME = NULL;

-static const char *get_NURON_LIBNAME(void)

-	{

-	if(NURON_LIBNAME)

-		return NURON_LIBNAME;

-	return "nuronssl";

-	}

-static void free_NURON_LIBNAME(void)

-	{

-	if(NURON_LIBNAME)

-		OPENSSL_free((void*)NURON_LIBNAME);

-	NURON_LIBNAME = NULL;

-	}

-static long set_NURON_LIBNAME(const char *name)

-	{

-	free_NURON_LIBNAME();

-	return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);

-	}

-static const char *NURON_F1 = "nuron_mod_exp";

-/* The definitions for control commands specific to this engine */

-#define NURON_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {

-	{NURON_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'nuronssl' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{0, NULL, NULL, 0}

-	};

-typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);

-static tfnModExp *pfnModExp = NULL;

-static DSO *pvDSOHandle = NULL;

-static int nuron_destroy(ENGINE *e)

-	{

-	free_NURON_LIBNAME();

-	ERR_unload_NURON_strings();

-	return 1;

-	}

-static int nuron_init(ENGINE *e)

-	{

-	if(pvDSOHandle != NULL)

-		{

-		NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);

-		return 0;

-		}

-	pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,

-		DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);

-	if(!pvDSOHandle)

-		{

-		NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);

-		return 0;

-		}

-	pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);

-	if(!pfnModExp)

-		{

-		NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);

-		return 0;

-		}

-	return 1;

-	}

-static int nuron_finish(ENGINE *e)

-	{

-	free_NURON_LIBNAME();

-	if(pvDSOHandle == NULL)

-		{

-		NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);

-		return 0;

-		}

-	if(!DSO_free(pvDSOHandle))

-		{

-		NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);

-		return 0;

-		}

-	pvDSOHandle=NULL;

-	pfnModExp=NULL;

-	return 1;

-	}

-static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int initialised = ((pvDSOHandle == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case NURON_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);

-			return 0;

-			}

-		return set_NURON_LIBNAME((const char *)p);

-	default:

-		break;

-		}

-	NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-}

-static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,

-			 const BIGNUM *m,BN_CTX *ctx)

-	{

-	if(!pvDSOHandle)

-		{

-		NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);

-		return 0;

-		}

-	return pfnModExp(r,a,p,m);

-	}

-#ifndef OPENSSL_NO_RSA

-static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	return nuron_mod_exp(r0,I,rsa->d,rsa->n,ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-/* This code was liberated and adapted from the commented-out code in

- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration

- * (it doesn't have a CRT form for RSA), this function means that an

- * Atalla system running with a DSA server certificate can handshake

- * around 5 or 6 times faster/more than an equivalent system running with

- * RSA. Just check out the "signs" statistics from the RSA and DSA parts

- * of "openssl speed -engine atalla dsa1024 rsa1024". */

-static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-			     BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-			     BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	BIGNUM t;

-	int to_return = 0;

-	BN_init(&t);

-	/* let rr = a1 ^ p1 mod m */

-	if (!nuron_mod_exp(rr,a1,p1,m,ctx))

-		goto end;

-	/* let t = a2 ^ p2 mod m */

-	if (!nuron_mod_exp(&t,a2,p2,m,ctx))

-		goto end;

-	/* let rr = rr * t mod m */

-	if (!BN_mod_mul(rr,rr,&t,m,ctx))

-		goto end;

-	to_return = 1;

-end:

-	BN_free(&t);

-	return to_return;

-	}

-static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-			     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-			     BN_MONT_CTX *m_ctx)

-	{

-	return nuron_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-#ifndef OPENSSL_NO_RSA

-static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return nuron_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,

-		const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-	{

-	return nuron_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_RSA

-static RSA_METHOD nuron_rsa =

-	{

-	"Nuron RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	nuron_rsa_mod_exp,

-	nuron_mod_exp_mont,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-#ifndef OPENSSL_NO_DSA

-static DSA_METHOD nuron_dsa =

-	{

-	"Nuron DSA method",

-	NULL, /* dsa_do_sign */

-	NULL, /* dsa_sign_setup */

-	NULL, /* dsa_do_verify */

-	nuron_dsa_mod_exp, /* dsa_mod_exp */

-	nuron_mod_exp_dsa, /* bn_mod_exp */

-	NULL, /* init */

-	NULL, /* finish */

-	0, /* flags */

-	NULL, /* app_data */

-	NULL, /* dsa_paramgen */

-	NULL /* dsa_keygen */

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-static DH_METHOD nuron_dh =

-	{

-	"Nuron DH method",

-	NULL,

-	NULL,

-	nuron_mod_exp_dh,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL

-	};

-#endif

-/* Constants used when creating the ENGINE */

-static const char *engine_nuron_id = "nuron";

-static const char *engine_nuron_name = "Nuron hardware engine support";

-/* This internal function is used by ENGINE_nuron() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DSA

-	const DSA_METHOD *meth2;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth3;

-#endif

-	if(!ENGINE_set_id(e, engine_nuron_id) ||

-			!ENGINE_set_name(e, engine_nuron_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &nuron_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-			!ENGINE_set_DSA(e, &nuron_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH(e, &nuron_dh) ||

-#endif

-			!ENGINE_set_destroy_function(e, nuron_destroy) ||

-			!ENGINE_set_init_function(e, nuron_init) ||

-			!ENGINE_set_finish_function(e, nuron_finish) ||

-			!ENGINE_set_ctrl_function(e, nuron_ctrl) ||

-			!ENGINE_set_cmd_defns(e, nuron_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the nuron-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1=RSA_PKCS1_SSLeay();

-	nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;

-	nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;

-	nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;

-	nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DSA

-	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

-	 * bits. */

-	meth2=DSA_OpenSSL();

-	nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;

-	nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;

-	nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth3=DH_OpenSSL();

-	nuron_dh.generate_key=meth3->generate_key;

-	nuron_dh.compute_key=meth3->compute_key;

-#endif

-	/* Ensure the nuron error handling is set up */

-	ERR_load_NURON_strings();

-	return 1;

-	}

-#ifdef OPENSSL_NO_DYNAMIC_ENGINE

-static ENGINE *engine_nuron(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_nuron(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_nuron();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_nuron_id) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_NURON */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_nuron.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L NURON		e_nuron_err.h			e_nuron_err.c

--- a/sys/src/ape/lib/openssl/engines/e_nuron_err.c

+++ /dev/null

@@ -1,146 +1,0 @@

-/* e_nuron_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_nuron_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA NURON_str_functs[]=

-	{

-{ERR_FUNC(NURON_F_NURON_CTRL),	"NURON_CTRL"},

-{ERR_FUNC(NURON_F_NURON_FINISH),	"NURON_FINISH"},

-{ERR_FUNC(NURON_F_NURON_INIT),	"NURON_INIT"},

-{ERR_FUNC(NURON_F_NURON_MOD_EXP),	"NURON_MOD_EXP"},

-{0,NULL}

-	};

-static ERR_STRING_DATA NURON_str_reasons[]=

-	{

-{ERR_REASON(NURON_R_ALREADY_LOADED)      ,"already loaded"},

-{ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(NURON_R_DSO_FAILURE)         ,"dso failure"},

-{ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND),"dso function not found"},

-{ERR_REASON(NURON_R_DSO_NOT_FOUND)       ,"dso not found"},

-{ERR_REASON(NURON_R_NOT_LOADED)          ,"not loaded"},

-{0,NULL}

-	};

-#endif

-#ifdef NURON_LIB_NAME

-static ERR_STRING_DATA NURON_lib_name[]=

-        {

-{0	,NURON_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int NURON_lib_error_code=0;

-static int NURON_error_init=1;

-static void ERR_load_NURON_strings(void)

-	{

-	if (NURON_lib_error_code == 0)

-		NURON_lib_error_code=ERR_get_next_error_library();

-	if (NURON_error_init)

-		{

-		NURON_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(NURON_lib_error_code,NURON_str_functs);

-		ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);

-#endif

-#ifdef NURON_LIB_NAME

-		NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);

-		ERR_load_strings(0,NURON_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_NURON_strings(void)

-	{

-	if (NURON_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);

-		ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);

-#endif

-#ifdef NURON_LIB_NAME

-		ERR_unload_strings(0,NURON_lib_name);

-#endif

-		NURON_error_init=1;

-		}

-	}

-static void ERR_NURON_error(int function, int reason, char *file, int line)

-	{

-	if (NURON_lib_error_code == 0)

-		NURON_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_nuron_err.h

+++ /dev/null

@@ -1,86 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_NURON_ERR_H

-#define HEADER_NURON_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_NURON_strings(void);

-static void ERR_unload_NURON_strings(void);

-static void ERR_NURON_error(int function, int reason, char *file, int line);

-#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the NURON functions. */

-/* Function codes. */

-#define NURON_F_NURON_CTRL				 100

-#define NURON_F_NURON_FINISH				 101

-#define NURON_F_NURON_INIT				 102

-#define NURON_F_NURON_MOD_EXP				 103

-/* Reason codes. */

-#define NURON_R_ALREADY_LOADED				 100

-#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED		 101

-#define NURON_R_DSO_FAILURE				 102

-#define NURON_R_DSO_FUNCTION_NOT_FOUND			 103

-#define NURON_R_DSO_NOT_FOUND				 104

-#define NURON_R_NOT_LOADED				 105

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_sureware.c

+++ /dev/null

@@ -1,1057 +1,0 @@

-/* Written by Corinne Dive-Reclus([email protected])

-*

-*

-* Redistribution and use in source and binary forms, with or without

-* modification, are permitted provided that the following conditions

-* are met:

-*

-* 1. Redistributions of source code must retain the above copyright

-*    notice, this list of conditions and the following disclaimer.

-*

-* 2. Redistributions in binary form must reproduce the above copyright

-*    notice, this list of conditions and the following disclaimer in

-*    the documentation and/or other materials provided with the

-*    distribution.

-*

-* 3. All advertising materials mentioning features or use of this

-*    software must display the following acknowledgment:

-*    "This product includes software developed by the OpenSSL Project

-*    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

-*

-* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

-*    endorse or promote products derived from this software without

-*    prior written permission. For written permission, please contact

-*    [email protected].

-*

-* 5. Products derived from this software may not be called "OpenSSL"

-*    nor may "OpenSSL" appear in their names without prior written

-*    permission of the OpenSSL Project.

-*

-* 6. Redistributions of any form whatsoever must retain the following

-*    acknowledgment:

-*    "This product includes software developed by the OpenSSL Project

-*    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

-*

-* Written by Corinne Dive-Reclus([email protected])

-*

-* Copyright@2001 Baltimore Technologies Ltd.

-* All right Reserved.

-*																								*

-*		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*

-*		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					*

-*		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*

-*		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*

-*		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*

-*		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*

-*		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*

-*		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*

-*		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*

-*		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*

-*		SUCH DAMAGE.																			*

-====================================================================*/

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/pem.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_SUREWARE

-#ifdef FLAT_INC

-#include "sureware.h"

-#else

-#include "vendor_defns/sureware.h"

-#endif

-#define SUREWARE_LIB_NAME "sureware engine"

-#include "e_sureware_err.c"

-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-static int surewarehk_destroy(ENGINE *e);

-static int surewarehk_init(ENGINE *e);

-static int surewarehk_finish(ENGINE *e);

-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-	const BIGNUM *m, BN_CTX *ctx);

-/* RSA stuff */

-#ifndef OPENSSL_NO_RSA

-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,

-			RSA *rsa,int padding);

-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,

-			    RSA *rsa,int padding);

-#endif

-/* RAND stuff */

-static int surewarehk_rand_bytes(unsigned char *buf, int num);

-static void surewarehk_rand_seed(const void *buf, int num);

-static void surewarehk_rand_add(const void *buf, int num, double entropy);

-/* KM stuff */

-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,

-	UI_METHOD *ui_method, void *callback_data);

-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-	int idx,long argl, void *argp);

-#if 0

-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-	int idx,long argl, void *argp);

-#endif

-#ifndef OPENSSL_NO_RSA

-/* This function is aliased to mod_exp (with the mont stuff dropped). */

-static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-{

-	return surewarehk_modexp(r, a, p, m, ctx);

-}

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD surewarehk_rsa =

-	{

-	"SureWare RSA method",

-	NULL, /* pub_enc*/

-	NULL, /* pub_dec*/

-	surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/

-	surewarehk_rsa_priv_dec, /* priv_dec*/

-	NULL, /*mod_exp*/

-	surewarehk_mod_exp_mont, /*mod_exp_mongomery*/

-	NULL, /* init*/

-	NULL, /* finish*/

-	0,	/* RSA flag*/

-	NULL,

-	NULL, /* OpenSSL sign*/

-	NULL, /* OpenSSL verify*/

-	NULL  /* keygen */

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-{

-	return surewarehk_modexp(r, a, p, m, ctx);

-}

-static DH_METHOD surewarehk_dh =

-	{

-	"SureWare DH method",

-	NULL,/*gen_key*/

-	NULL,/*agree,*/

-	surewarehk_modexp_dh, /*dh mod exp*/

-	NULL, /* init*/

-	NULL, /* finish*/

-	0,    /* flags*/

-	NULL,

-	NULL

-	};

-#endif

-static RAND_METHOD surewarehk_rand =

-	{

-	/* "SureWare RAND method", */

-	surewarehk_rand_seed,

-	surewarehk_rand_bytes,

-	NULL,/*cleanup*/

-	surewarehk_rand_add,

-	surewarehk_rand_bytes,

-	NULL,/*rand_status*/

-	};

-#ifndef OPENSSL_NO_DSA

-/* DSA stuff */

-static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);

-static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont)

-{

-	BIGNUM t;

-	int to_return = 0;

-	BN_init(&t);

-	/* let rr = a1 ^ p1 mod m */

-	if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;

-	/* let t = a2 ^ p2 mod m */

-	if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;

-	/* let rr = rr * t mod m */

-	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

-	to_return = 1;

-end:

-	BN_free(&t);

-	return to_return;

-}

-static DSA_METHOD surewarehk_dsa =

-	{

-	 "SureWare DSA method",

-	surewarehk_dsa_do_sign,

-	NULL,/*sign setup*/

-	NULL,/*verify,*/

-	surewarehk_dsa_mod_exp,/*mod exp*/

-	NULL,/*bn mod exp*/

-	NULL, /*init*/

-	NULL,/*finish*/

-	0,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-static const char *engine_sureware_id = "sureware";

-static const char *engine_sureware_name = "SureWare hardware engine support";

-/* Now, to our own code */

-/* As this is only ever called once, there's no need for locking

- * (indeed - the lock will already be held by our caller!!!) */

-static int bind_sureware(ENGINE *e)

-{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DSA

-	const DSA_METHOD *meth2;

-#endif

-#ifndef OPENSSL_NO_DH

-	const DH_METHOD *meth3;

-#endif

-	if(!ENGINE_set_id(e, engine_sureware_id) ||

-	   !ENGINE_set_name(e, engine_sureware_name) ||

-#ifndef OPENSSL_NO_RSA

-	   !ENGINE_set_RSA(e, &surewarehk_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-	   !ENGINE_set_DSA(e, &surewarehk_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-	   !ENGINE_set_DH(e, &surewarehk_dh) ||

-#endif

-	   !ENGINE_set_RAND(e, &surewarehk_rand) ||

-	   !ENGINE_set_destroy_function(e, surewarehk_destroy) ||

-	   !ENGINE_set_init_function(e, surewarehk_init) ||

-	   !ENGINE_set_finish_function(e, surewarehk_finish) ||

-	   !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||

-	   !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||

-	   !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))

-	  return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the cswift-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	if (meth1)

-	{

-		surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-		surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

-	 * bits. */

-	meth2 = DSA_OpenSSL();

-	if (meth2)

-	{

-		surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-	/* Much the same for Diffie-Hellman */

-	meth3 = DH_OpenSSL();

-	if (meth3)

-	{

-		surewarehk_dh.generate_key = meth3->generate_key;

-		surewarehk_dh.compute_key = meth3->compute_key;

-	}

-#endif

-	/* Ensure the sureware error handling is set up */

-	ERR_load_SUREWARE_strings();

-	return 1;

-}

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_helper(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_sureware_id) != 0))

-		return 0;

-	if(!bind_sureware(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)

-#else

-static ENGINE *engine_sureware(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_sureware(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_sureware(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_sureware();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This is a process-global DSO handle used for loading and unloading

- * the SureWareHook library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *surewarehk_dso = NULL;

-#ifndef OPENSSL_NO_RSA

-static int rsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */

-#endif

-#ifndef OPENSSL_NO_DSA

-static int dsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */

-#endif

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static SureWareHook_Init_t *p_surewarehk_Init = NULL;

-static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;

-static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;

-static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;

-static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;

-static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;

-static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;

-static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;

-static SureWareHook_Free_t *p_surewarehk_Free=NULL;

-static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;

-static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;

-static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;

-static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;

-/* Used in the DSO operations. */

-static const char *surewarehk_LIBNAME = "SureWareHook";

-static const char *n_surewarehk_Init = "SureWareHook_Init";

-static const char *n_surewarehk_Finish = "SureWareHook_Finish";

-static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";

-static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";

-static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";

-static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";

-static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";

-static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";

-static const char *n_surewarehk_Free="SureWareHook_Free";

-static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";

-static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";

-static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";

-static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";

-static BIO *logstream = NULL;

-/* SureWareHook library functions and mechanics - these are used by the

- * higher-level functions further down. NB: As and where there's no

- * error checking, take a look lower down where these functions are

- * called, the checking and error handling is probably down there.

-*/

-static int threadsafe=1;

-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-{

-	int to_return = 1;

-	switch(cmd)

-	{

-		case ENGINE_CTRL_SET_LOGSTREAM:

-		{

-			BIO *bio = (BIO *)p;

-			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-			if (logstream)

-			{

-				BIO_free(logstream);

-				logstream = NULL;

-			}

-			if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)

-				logstream = bio;

-			else

-				SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);

-		}

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	/* This will prevent the initialisation function from "installing"

-	 * the mutex-handling callbacks, even if they are available from

-	 * within the library (or were provided to the library from the

-	 * calling application). This is to remove any baggage for

-	 * applications not using multithreading. */

-	case ENGINE_CTRL_CHIL_NO_LOCKING:

-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

-		threadsafe = 0;

-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

-		break;

-	/* The command isn't understood by this engine */

-	default:

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,

-			ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-		to_return = 0;

-		break;

-		}

-	return to_return;

-}

-/* Destructor (complements the "ENGINE_surewarehk()" constructor) */

-static int surewarehk_destroy(ENGINE *e)

-{

-	ERR_unload_SUREWARE_strings();

-	return 1;

-}

-/* (de)initialisation functions. */

-static int surewarehk_init(ENGINE *e)

-{

-	char msg[64]="ENGINE_init";

-	SureWareHook_Init_t *p1=NULL;

-	SureWareHook_Finish_t *p2=NULL;

-	SureWareHook_Rand_Bytes_t *p3=NULL;

-	SureWareHook_Rand_Seed_t *p4=NULL;

-	SureWareHook_Load_Privkey_t *p5=NULL;

-	SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;

-	SureWareHook_Free_t *p7=NULL;

-	SureWareHook_Rsa_Priv_Dec_t *p8=NULL;

-	SureWareHook_Rsa_Sign_t *p9=NULL;

-	SureWareHook_Dsa_Sign_t *p12=NULL;

-	SureWareHook_Info_Pubkey_t *p13=NULL;

-	SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;

-	SureWareHook_Mod_Exp_t *p15=NULL;

-	if(surewarehk_dso != NULL)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);

-		goto err;

-	}

-	/* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */

-	surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);

-	if(surewarehk_dso == NULL)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);

-		goto err;

-	}

-	if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||

-	   !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||

-	   !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||

-	   !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||

-	   !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||

-	   !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||

-	   !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||

-	   !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||

-	   !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||

-	   !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||

-	   !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||

-	   !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||

-	   !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);

-		goto err;

-	}

-	/* Copy the pointers */

-	p_surewarehk_Init = p1;

-	p_surewarehk_Finish = p2;

-	p_surewarehk_Rand_Bytes = p3;

-	p_surewarehk_Rand_Seed = p4;

-	p_surewarehk_Load_Privkey = p5;

-	p_surewarehk_Load_Rsa_Pubkey = p6;

-	p_surewarehk_Free = p7;

-	p_surewarehk_Rsa_Priv_Dec = p8;

-	p_surewarehk_Rsa_Sign = p9;

-	p_surewarehk_Dsa_Sign = p12;

-	p_surewarehk_Info_Pubkey = p13;

-	p_surewarehk_Load_Dsa_Pubkey = p14;

-	p_surewarehk_Mod_Exp = p15;

-	/* Contact the hardware and initialises it. */

-	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);

-		goto err;

-	}

-	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);

-		goto err;

-	}

-	/* try to load the default private key, if failed does not return a failure but

-           wait for an explicit ENGINE_load_privakey */

-	surewarehk_load_privkey(e,NULL,NULL,NULL);

-	/* Everything's fine. */

-#ifndef OPENSSL_NO_RSA

-	if (rsaHndidx == -1)

-		rsaHndidx = RSA_get_ex_new_index(0,

-						"SureWareHook RSA key handle",

-						NULL, NULL, surewarehk_ex_free);

-#endif

-#ifndef OPENSSL_NO_DSA

-	if (dsaHndidx == -1)

-		dsaHndidx = DSA_get_ex_new_index(0,

-						"SureWareHook DSA key handle",

-						NULL, NULL, surewarehk_ex_free);

-#endif

-	return 1;

-err:

-	if(surewarehk_dso)

-		DSO_free(surewarehk_dso);

-	surewarehk_dso = NULL;

-	p_surewarehk_Init = NULL;

-	p_surewarehk_Finish = NULL;

-	p_surewarehk_Rand_Bytes = NULL;

-	p_surewarehk_Rand_Seed = NULL;

-	p_surewarehk_Load_Privkey = NULL;

-	p_surewarehk_Load_Rsa_Pubkey = NULL;

-	p_surewarehk_Free = NULL;

-	p_surewarehk_Rsa_Priv_Dec = NULL;

-	p_surewarehk_Rsa_Sign = NULL;

-	p_surewarehk_Dsa_Sign = NULL;

-	p_surewarehk_Info_Pubkey = NULL;

-	p_surewarehk_Load_Dsa_Pubkey = NULL;

-	p_surewarehk_Mod_Exp = NULL;

-	return 0;

-}

-static int surewarehk_finish(ENGINE *e)

-{

-	int to_return = 1;

-	if(surewarehk_dso == NULL)

-		{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);

-		to_return = 0;

-		goto err;

-		}

-	p_surewarehk_Finish();

-	if(!DSO_free(surewarehk_dso))

-		{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);

-		to_return = 0;

-		goto err;

-		}

- err:

-	if (logstream)

-		BIO_free(logstream);

-	surewarehk_dso = NULL;

-	p_surewarehk_Init = NULL;

-	p_surewarehk_Finish = NULL;

-	p_surewarehk_Rand_Bytes = NULL;

-	p_surewarehk_Rand_Seed = NULL;

-	p_surewarehk_Load_Privkey = NULL;

-	p_surewarehk_Load_Rsa_Pubkey = NULL;

-	p_surewarehk_Free = NULL;

-	p_surewarehk_Rsa_Priv_Dec = NULL;

-	p_surewarehk_Rsa_Sign = NULL;

-	p_surewarehk_Dsa_Sign = NULL;

-	p_surewarehk_Info_Pubkey = NULL;

-	p_surewarehk_Load_Dsa_Pubkey = NULL;

-	p_surewarehk_Mod_Exp = NULL;

-	return to_return;

-}

-static void surewarehk_error_handling(char *const msg,int func,int ret)

-{

-	switch (ret)

-	{

-		case SUREWAREHOOK_ERROR_UNIT_FAILURE:

-			ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);

-			break;

-		case SUREWAREHOOK_ERROR_FALLBACK:

-			ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);

-			break;

-		case SUREWAREHOOK_ERROR_DATA_SIZE:

-			ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-			break;

-		case SUREWAREHOOK_ERROR_INVALID_PAD:

-			ENGINEerr(func,SUREWARE_R_PADDING_CHECK_FAILED);

-			break;

-		default:

-			ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);

-			break;

-		case 1:/*nothing*/

-			msg[0]='\0';

-	}

-	if (*msg)

-	{

-		ERR_add_error_data(1,msg);

-		if (logstream)

-		{

-			CRYPTO_w_lock(CRYPTO_LOCK_BIO);

-			BIO_write(logstream, msg, strlen(msg));

-			CRYPTO_w_unlock(CRYPTO_LOCK_BIO);

-		}

-	}

-}

-static int surewarehk_rand_bytes(unsigned char *buf, int num)

-{

-	int ret=0;

-	char msg[64]="ENGINE_rand_bytes";

-	if(!p_surewarehk_Rand_Bytes)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-	{

-		ret = p_surewarehk_Rand_Bytes(msg,buf, num);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);

-	}

-	return ret==1 ? 1 : 0;

-}

-static void surewarehk_rand_seed(const void *buf, int num)

-{

-	int ret=0;

-	char msg[64]="ENGINE_rand_seed";

-	if(!p_surewarehk_Rand_Seed)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-	{

-		ret = p_surewarehk_Rand_Seed(msg,buf, num);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);

-	}

-}

-static void surewarehk_rand_add(const void *buf, int num, double entropy)

-{

-	surewarehk_rand_seed(buf,num);

-}

-static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)

-{

-	EVP_PKEY *res = NULL;

-#ifndef OPENSSL_NO_RSA

-	RSA *rsatmp = NULL;

-#endif

-#ifndef OPENSSL_NO_DSA

-	DSA *dsatmp=NULL;

-#endif

-	char msg[64]="sureware_load_public";

-	int ret=0;

-	if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);

-		goto err;

-	}

-	switch (keytype)

-	{

-#ifndef OPENSSL_NO_RSA

-	case 1: /*RSA*/

-		/* set private external reference */

-		rsatmp = RSA_new_method(e);

-		RSA_set_ex_data(rsatmp,rsaHndidx,hptr);

-		rsatmp->flags |= RSA_FLAG_EXT_PKEY;

-		/* set public big nums*/

-		rsatmp->e = BN_new();

-		rsatmp->n = BN_new();

-		bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));

-		bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));

-		if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||

-			!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))

-			goto err;

-		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,

-						 (unsigned long *)rsatmp->n->d,

-						 (unsigned long *)rsatmp->e->d);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);

-		if (ret!=1)

-		{

-			SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);

-			goto err;

-		}

-		/* normalise pub e and pub n */

-		rsatmp->e->top=el/sizeof(BN_ULONG);

-		bn_fix_top(rsatmp->e);

-		rsatmp->n->top=el/sizeof(BN_ULONG);

-		bn_fix_top(rsatmp->n);

-		/* create an EVP object: engine + rsa key */

-		res = EVP_PKEY_new();

-		EVP_PKEY_assign_RSA(res, rsatmp);

-		break;

-#endif

-#ifndef OPENSSL_NO_DSA

-	case 2:/*DSA*/

-		/* set private/public external reference */

-		dsatmp = DSA_new_method(e);

-		DSA_set_ex_data(dsatmp,dsaHndidx,hptr);

-		/*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/

-		/* set public key*/

-		dsatmp->pub_key = BN_new();

-		dsatmp->p = BN_new();

-		dsatmp->q = BN_new();

-		dsatmp->g = BN_new();

-		bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));

-		bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));

-		bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));

-		bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));

-		if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||

-			!dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||

-			!dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||

-			!dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))

-			goto err;

-		ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,

-						 (unsigned long *)dsatmp->pub_key->d,

-						 (unsigned long *)dsatmp->p->d,

-						 (unsigned long *)dsatmp->q->d,

-						 (unsigned long *)dsatmp->g->d);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);

-		if (ret!=1)

-		{

-			SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);

-			goto err;

-		}

-		/* set parameters */

-		/* normalise pubkey and parameters in case of */

-		dsatmp->pub_key->top=el/sizeof(BN_ULONG);

-		bn_fix_top(dsatmp->pub_key);

-		dsatmp->p->top=el/sizeof(BN_ULONG);

-		bn_fix_top(dsatmp->p);

-		dsatmp->q->top=20/sizeof(BN_ULONG);

-		bn_fix_top(dsatmp->q);

-		dsatmp->g->top=el/sizeof(BN_ULONG);

-		bn_fix_top(dsatmp->g);

-		/* create an EVP object: engine + rsa key */

-		res = EVP_PKEY_new();

-		EVP_PKEY_assign_DSA(res, dsatmp);

-		break;

-#endif

-	default:

-		SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);

-		goto err;

-	}

-	return res;

- err:

-	if (res)

-		EVP_PKEY_free(res);

-#ifndef OPENSSL_NO_RSA

-	if (rsatmp)

-		RSA_free(rsatmp);

-#endif

-#ifndef OPENSSL_NO_DSA

-	if (dsatmp)

-		DSA_free(dsatmp);

-#endif

-	return NULL;

-}

-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,

-					 UI_METHOD *ui_method, void *callback_data)

-{

-	EVP_PKEY *res = NULL;

-	int ret=0;

-	unsigned long el=0;

-	char *hptr=NULL;

-	char keytype=0;

-	char msg[64]="ENGINE_load_privkey";

-	if(!p_surewarehk_Load_Privkey)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-	{

-		ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);

-		if (ret!=1)

-		{

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);

-			ERR_add_error_data(1,msg);

-		}

-		else

-			res=sureware_load_public(e,key_id,hptr,el,keytype);

-	}

-	return res;

-}

-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,

-					 UI_METHOD *ui_method, void *callback_data)

-{

-	EVP_PKEY *res = NULL;

-	int ret=0;

-	unsigned long el=0;

-	char *hptr=NULL;

-	char keytype=0;

-	char msg[64]="ENGINE_load_pubkey";

-	if(!p_surewarehk_Info_Pubkey)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-	{

-		/* call once to identify if DSA or RSA */

-		ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);

-		if (ret!=1)

-		{

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);

-			ERR_add_error_data(1,msg);

-		}

-		else

-			res=sureware_load_public(e,key_id,hptr,el,keytype);

-	}

-	return res;

-}

-/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)

-, called when ex_data is freed */

-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-	int idx,long argl, void *argp)

-{

-	if(!p_surewarehk_Free)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-		p_surewarehk_Free((char *)item,0);

-}

-#if 0

-/* not currently used (bug?) */

-/* This cleans up an DH KM key (destroys the key into hardware),

-called when ex_data is freed */

-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

-	int idx,long argl, void *argp)

-{

-	if(!p_surewarehk_Free)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-		p_surewarehk_Free((char *)item,1);

-}

-#endif

-/*

-* return number of decrypted bytes

-*/

-#ifndef OPENSSL_NO_RSA

-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,

-			RSA *rsa,int padding)

-{

-	int ret=0,tlen;

-	char *buf=NULL,*hptr=NULL;

-	char msg[64]="ENGINE_rsa_priv_dec";

-	if (!p_surewarehk_Rsa_Priv_Dec)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);

-	}

-	/* extract ref to private key */

-	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);

-		goto err;

-	}

-	/* analyse what padding we can do into the hardware */

-	if (padding==RSA_PKCS1_PADDING)

-	{

-		/* do it one shot */

-		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);

-		if (ret!=1)

-			goto err;

-		ret=tlen;

-	}

-	else /* do with no padding into hardware */

-	{

-		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);

-		if (ret!=1)

-			goto err;

-		/* intermediate buffer for padding */

-		if ((buf=OPENSSL_malloc(tlen)) == NULL)

-		{

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		memcpy(buf,to,tlen);/* transfert to into buf */

-		switch (padding) /* check padding in software */

-		{

-#ifndef OPENSSL_NO_SHA

-		case RSA_PKCS1_OAEP_PADDING:

-			ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);

-			break;

-#endif

- 		case RSA_SSLV23_PADDING:

-			ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);

-			break;

-		case RSA_NO_PADDING:

-			ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);

-			break;

-		default:

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);

-			goto err;

-		}

-		if (ret < 0)

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);

-	}

-err:

-	if (buf)

-	{

-		OPENSSL_cleanse(buf,tlen);

-		OPENSSL_free(buf);

-	}

-	return ret;

-}

-/*

-* Does what OpenSSL rsa_priv_enc does.

-*/

-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,

-			    RSA *rsa,int padding)

-{

-	int ret=0,tlen;

-	char *hptr=NULL;

-	char msg[64]="ENGINE_rsa_sign";

-	if (!p_surewarehk_Rsa_Sign)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);

-	}

-	/* extract ref to private key */

-	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);

-	}

-	else

-	{

-		switch (padding)

-		{

-		case RSA_PKCS1_PADDING: /* do it in one shot */

-			ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);

-			surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);

-			break;

-		case RSA_NO_PADDING:

-		default:

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);

-		}

-	}

-	return ret==1 ? tlen : ret;

-}

-#endif

-#ifndef OPENSSL_NO_DSA

-/* DSA sign and verify */

-static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)

-{

-	int ret=0;

-	char *hptr=NULL;

-	DSA_SIG *psign=NULL;

-	char msg[64]="ENGINE_dsa_do_sign";

-	if (!p_surewarehk_Dsa_Sign)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);

-		goto err;

-	}

-	/* extract ref to private key */

-	else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);

-		goto err;

-	}

-	else

-	{

-		if((psign = DSA_SIG_new()) == NULL)

-		{

-			SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);

-			goto err;

-		}

-		psign->r=BN_new();

-		psign->s=BN_new();

-		bn_expand2(psign->r, 20/sizeof(BN_ULONG));

-		bn_expand2(psign->s, 20/sizeof(BN_ULONG));

-		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||

-			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))

-			goto err;

-		ret=p_surewarehk_Dsa_Sign(msg,flen,from,

-					  (unsigned long *)psign->r->d,

-					  (unsigned long *)psign->s->d,

-					  hptr);

-		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);

-	}

-	psign->r->top=20/sizeof(BN_ULONG);

-	bn_fix_top(psign->r);

-	psign->s->top=20/sizeof(BN_ULONG);

-	bn_fix_top(psign->s);

-err:

-	if (psign)

-	{

-		DSA_SIG_free(psign);

-		psign=NULL;

-	}

-	return psign;

-}

-#endif

-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			     const BIGNUM *m, BN_CTX *ctx)

-{

-	int ret=0;

-	char msg[64]="ENGINE_modexp";

-	if (!p_surewarehk_Mod_Exp)

-	{

-		SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP,ENGINE_R_NOT_INITIALISED);

-	}

-	else

-	{

-		bn_expand2(r,m->top);

-		if (r && r->dmax==m->top)

-		{

-			/* do it*/

-			ret=p_surewarehk_Mod_Exp(msg,

-						 m->top*sizeof(BN_ULONG),

-						 (unsigned long *)m->d,

-						 p->top*sizeof(BN_ULONG),

-						 (unsigned long *)p->d,

-						 a->top*sizeof(BN_ULONG),

-						 (unsigned long *)a->d,

-						 (unsigned long *)r->d);

-			surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MODEXP,ret);

-			if (ret==1)

-			{

-				/* normalise result */

-				r->top=m->top;

-				bn_fix_top(r);

-			}

-		}

-	}

-	return ret;

-}

-#endif /* !OPENSSL_NO_HW_SureWare */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_sureware.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L SUREWARE	e_sureware_err.h		e_sureware_err.c

--- a/sys/src/ape/lib/openssl/engines/e_sureware_err.c

+++ /dev/null

@@ -1,158 +1,0 @@

-/* e_sureware_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_sureware_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA SUREWARE_str_functs[]=

-	{

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL),	"SUREWAREHK_CTRL"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE),	"SUREWAREHK_DH_EX_FREE"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN),	"SUREWAREHK_DSA_DO_SIGN"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE),	"SUREWAREHK_EX_FREE"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH),	"SUREWAREHK_FINISH"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT),	"SUREWAREHK_INIT"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY),	"SUREWAREHK_LOAD_PRIVKEY"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY),	"SUREWAREHK_LOAD_PUBKEY"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP),	"SUREWAREHK_MODEXP"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES),	"SUREWAREHK_RAND_BYTES"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED),	"SUREWAREHK_RAND_SEED"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC),	"SUREWAREHK_RSA_PRIV_DEC"},

-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN),	"SUREWAREHK_RSA_SIGN"},

-{ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC),	"SUREWARE_LOAD_PUBLIC"},

-{0,NULL}

-	};

-static ERR_STRING_DATA SUREWARE_str_reasons[]=

-	{

-{ERR_REASON(SUREWARE_R_BIO_WAS_FREED)    ,"bio was freed"},

-{ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED),"padding check failed"},

-{ERR_REASON(SUREWARE_R_REQUEST_FAILED)   ,"request failed"},

-{ERR_REASON(SUREWARE_R_REQUEST_FALLBACK) ,"request fallback"},

-{ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},

-{ERR_REASON(SUREWARE_R_UNIT_FAILURE)     ,"unit failure"},

-{ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE),"unknown padding type"},

-{0,NULL}

-	};

-#endif

-#ifdef SUREWARE_LIB_NAME

-static ERR_STRING_DATA SUREWARE_lib_name[]=

-        {

-{0	,SUREWARE_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int SUREWARE_lib_error_code=0;

-static int SUREWARE_error_init=1;

-static void ERR_load_SUREWARE_strings(void)

-	{

-	if (SUREWARE_lib_error_code == 0)

-		SUREWARE_lib_error_code=ERR_get_next_error_library();

-	if (SUREWARE_error_init)

-		{

-		SUREWARE_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);

-		ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);

-#endif

-#ifdef SUREWARE_LIB_NAME

-		SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);

-		ERR_load_strings(0,SUREWARE_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_SUREWARE_strings(void)

-	{

-	if (SUREWARE_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);

-		ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);

-#endif

-#ifdef SUREWARE_LIB_NAME

-		ERR_unload_strings(0,SUREWARE_lib_name);

-#endif

-		SUREWARE_error_init=1;

-		}

-	}

-static void ERR_SUREWARE_error(int function, int reason, char *file, int line)

-	{

-	if (SUREWARE_lib_error_code == 0)

-		SUREWARE_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_sureware_err.h

+++ /dev/null

@@ -1,98 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_SUREWARE_ERR_H

-#define HEADER_SUREWARE_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_SUREWARE_strings(void);

-static void ERR_unload_SUREWARE_strings(void);

-static void ERR_SUREWARE_error(int function, int reason, char *file, int line);

-#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the SUREWARE functions. */

-/* Function codes. */

-#define SUREWARE_F_SUREWAREHK_CTRL			 100

-#define SUREWARE_F_SUREWAREHK_DH_EX_FREE		 112

-#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN		 101

-#define SUREWARE_F_SUREWAREHK_EX_FREE			 102

-#define SUREWARE_F_SUREWAREHK_FINISH			 103

-#define SUREWARE_F_SUREWAREHK_INIT			 104

-#define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY		 105

-#define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY		 113

-#define SUREWARE_F_SUREWAREHK_MODEXP			 107

-#define SUREWARE_F_SUREWAREHK_RAND_BYTES		 108

-#define SUREWARE_F_SUREWAREHK_RAND_SEED			 109

-#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC		 110

-#define SUREWARE_F_SUREWAREHK_RSA_SIGN			 111

-#define SUREWARE_F_SUREWARE_LOAD_PUBLIC			 106

-/* Reason codes. */

-#define SUREWARE_R_BIO_WAS_FREED			 100

-#define SUREWARE_R_MISSING_KEY_COMPONENTS		 105

-#define SUREWARE_R_PADDING_CHECK_FAILED			 106

-#define SUREWARE_R_REQUEST_FAILED			 101

-#define SUREWARE_R_REQUEST_FALLBACK			 102

-#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 103

-#define SUREWARE_R_UNIT_FAILURE				 104

-#define SUREWARE_R_UNKNOWN_PADDING_TYPE			 107

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/e_ubsec.c

+++ /dev/null

@@ -1,1070 +1,0 @@

-/* crypto/engine/hw_ubsec.c */

-/* Written by Geoff Thorpe ([email protected]) for the OpenSSL

- * project 2000.

- *

- * Cloned shamelessly by Joe Tardo.

- */

-/* ====================================================================

- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <string.h>

-#include <openssl/crypto.h>

-#include <openssl/buffer.h>

-#include <openssl/dso.h>

-#include <openssl/engine.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_HW

-#ifndef OPENSSL_NO_HW_UBSEC

-#ifdef FLAT_INC

-#include "hw_ubsec.h"

-#else

-#include "vendor_defns/hw_ubsec.h"

-#endif

-#define UBSEC_LIB_NAME "ubsec engine"

-#include "e_ubsec_err.c"

-#define FAIL_TO_SOFTWARE -15

-static int ubsec_destroy(ENGINE *e);

-static int ubsec_init(ENGINE *e);

-static int ubsec_finish(ENGINE *e);

-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx);

-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *q, const BIGNUM *dp,

-			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);

-#ifndef OPENSSL_NO_RSA

-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

-#endif

-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

-#ifndef OPENSSL_NO_DSA

-#ifdef NOT_USED

-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont);

-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx);

-#endif

-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);

-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,

-                                DSA_SIG *sig, DSA *dsa);

-#endif

-#ifndef OPENSSL_NO_DH

-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx);

-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);

-static int ubsec_dh_generate_key(DH *dh);

-#endif

-#ifdef NOT_USED

-static int ubsec_rand_bytes(unsigned char *buf, int num);

-static int ubsec_rand_status(void);

-#endif

-#define UBSEC_CMD_SO_PATH		ENGINE_CMD_BASE

-static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {

-	{UBSEC_CMD_SO_PATH,

-		"SO_PATH",

-		"Specifies the path to the 'ubsec' shared library",

-		ENGINE_CMD_FLAG_STRING},

-	{0, NULL, NULL, 0}

-	};

-#ifndef OPENSSL_NO_RSA

-/* Our internal RSA_METHOD that we provide pointers to */

-static RSA_METHOD ubsec_rsa =

-	{

-	"UBSEC RSA method",

-	NULL,

-	NULL,

-	NULL,

-	NULL,

-	ubsec_rsa_mod_exp,

-	ubsec_mod_exp_mont,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL,

-	NULL,

-	NULL

-	};

-#endif

-#ifndef OPENSSL_NO_DSA

-/* Our internal DSA_METHOD that we provide pointers to */

-static DSA_METHOD ubsec_dsa =

-	{

-	"UBSEC DSA method",

-	ubsec_dsa_do_sign, /* dsa_do_sign */

-	NULL, /* dsa_sign_setup */

-	ubsec_dsa_verify, /* dsa_do_verify */

-	NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */

-	NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */

-	NULL, /* init */

-	NULL, /* finish */

-	0, /* flags */

-	NULL, /* app_data */

-	NULL, /* dsa_paramgen */

-	NULL /* dsa_keygen */

-	};

-#endif

-#ifndef OPENSSL_NO_DH

-/* Our internal DH_METHOD that we provide pointers to */

-static DH_METHOD ubsec_dh =

-	{

-	"UBSEC DH method",

-	ubsec_dh_generate_key,

-	ubsec_dh_compute_key,

-	ubsec_mod_exp_dh,

-	NULL,

-	NULL,

-	0,

-	NULL,

-	NULL

-	};

-#endif

-/* Constants used when creating the ENGINE */

-static const char *engine_ubsec_id = "ubsec";

-static const char *engine_ubsec_name = "UBSEC hardware engine support";

-/* This internal function is used by ENGINE_ubsec() and possibly by the

- * "dynamic" ENGINE support too */

-static int bind_helper(ENGINE *e)

-	{

-#ifndef OPENSSL_NO_RSA

-	const RSA_METHOD *meth1;

-#endif

-#ifndef OPENSSL_NO_DH

-#ifndef HAVE_UBSEC_DH

-	const DH_METHOD *meth3;

-#endif /* HAVE_UBSEC_DH */

-#endif

-	if(!ENGINE_set_id(e, engine_ubsec_id) ||

-			!ENGINE_set_name(e, engine_ubsec_name) ||

-#ifndef OPENSSL_NO_RSA

-			!ENGINE_set_RSA(e, &ubsec_rsa) ||

-#endif

-#ifndef OPENSSL_NO_DSA

-			!ENGINE_set_DSA(e, &ubsec_dsa) ||

-#endif

-#ifndef OPENSSL_NO_DH

-			!ENGINE_set_DH(e, &ubsec_dh) ||

-#endif

-			!ENGINE_set_destroy_function(e, ubsec_destroy) ||

-			!ENGINE_set_init_function(e, ubsec_init) ||

-			!ENGINE_set_finish_function(e, ubsec_finish) ||

-			!ENGINE_set_ctrl_function(e, ubsec_ctrl) ||

-			!ENGINE_set_cmd_defns(e, ubsec_cmd_defns))

-		return 0;

-#ifndef OPENSSL_NO_RSA

-	/* We know that the "PKCS1_SSLeay()" functions hook properly

-	 * to the Broadcom-specific mod_exp and mod_exp_crt so we use

-	 * those functions. NB: We don't use ENGINE_openssl() or

-	 * anything "more generic" because something like the RSAref

-	 * code may not hook properly, and if you own one of these

-	 * cards then you have the right to do RSA operations on it

-	 * anyway! */

-	meth1 = RSA_PKCS1_SSLeay();

-	ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

-	ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

-	ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

-	ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

-#endif

-#ifndef OPENSSL_NO_DH

-#ifndef HAVE_UBSEC_DH

-	/* Much the same for Diffie-Hellman */

-	meth3 = DH_OpenSSL();

-	ubsec_dh.generate_key = meth3->generate_key;

-	ubsec_dh.compute_key = meth3->compute_key;

-#endif /* HAVE_UBSEC_DH */

-#endif

-	/* Ensure the ubsec error handling is set up */

-	ERR_load_UBSEC_strings();

-	return 1;

-	}

-#ifdef OPENSSL_NO_DYNAMIC_ENGINE

-static ENGINE *engine_ubsec(void)

-	{

-	ENGINE *ret = ENGINE_new();

-	if(!ret)

-		return NULL;

-	if(!bind_helper(ret))

-		{

-		ENGINE_free(ret);

-		return NULL;

-		}

-	return ret;

-	}

-void ENGINE_load_ubsec(void)

-	{

-	/* Copied from eng_[openssl|dyn].c */

-	ENGINE *toadd = engine_ubsec();

-	if(!toadd) return;

-	ENGINE_add(toadd);

-	ENGINE_free(toadd);

-	ERR_clear_error();

-	}

-#endif

-/* This is a process-global DSO handle used for loading and unloading

- * the UBSEC library. NB: This is only set (or unset) during an

- * init() or finish() call (reference counts permitting) and they're

- * operating with global locks, so this should be thread-safe

- * implicitly. */

-static DSO *ubsec_dso = NULL;

-/* These are the function pointers that are (un)set when the library has

- * successfully (un)loaded. */

-static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;

-static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;

-static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;

-static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;

-#ifndef OPENSSL_NO_DH

-static t_UBSEC_diffie_hellman_generate_ioctl

-	*p_UBSEC_diffie_hellman_generate_ioctl = NULL;

-static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;

-#endif

-/* #ifndef OPENSSL_NO_RSA */

-static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;

-static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;

-/* #endif */

-#ifndef OPENSSL_NO_DSA

-static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;

-static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;

-#endif

-static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;

-static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;

-static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;

-static int max_key_len = 1024;  /* ??? */

-/*

- * These are the static string constants for the DSO file name and the function

- * symbol names to bind to.

- */

-static const char *UBSEC_LIBNAME = NULL;

-static const char *get_UBSEC_LIBNAME(void)

-	{

-	if(UBSEC_LIBNAME)

-		return UBSEC_LIBNAME;

-	return "ubsec";

-	}

-static void free_UBSEC_LIBNAME(void)

-	{

-	if(UBSEC_LIBNAME)

-		OPENSSL_free((void*)UBSEC_LIBNAME);

-	UBSEC_LIBNAME = NULL;

-	}

-static long set_UBSEC_LIBNAME(const char *name)

-	{

-	free_UBSEC_LIBNAME();

-	return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);

-	}

-static const char *UBSEC_F1 = "ubsec_bytes_to_bits";

-static const char *UBSEC_F2 = "ubsec_bits_to_bytes";

-static const char *UBSEC_F3 = "ubsec_open";

-static const char *UBSEC_F4 = "ubsec_close";

-#ifndef OPENSSL_NO_DH

-static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";

-static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";

-#endif

-/* #ifndef OPENSSL_NO_RSA */

-static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";

-static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";

-/* #endif */

-#ifndef OPENSSL_NO_DSA

-static const char *UBSEC_F9 = "dsa_sign_ioctl";

-static const char *UBSEC_F10 = "dsa_verify_ioctl";

-#endif

-static const char *UBSEC_F11 = "math_accelerate_ioctl";

-static const char *UBSEC_F12 = "rng_ioctl";

-static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";

-/* Destructor (complements the "ENGINE_ubsec()" constructor) */

-static int ubsec_destroy(ENGINE *e)

-	{

-	free_UBSEC_LIBNAME();

-	ERR_unload_UBSEC_strings();

-	return 1;

-	}

-/* (de)initialisation functions. */

-static int ubsec_init(ENGINE *e)

-	{

-	t_UBSEC_ubsec_bytes_to_bits *p1;

-	t_UBSEC_ubsec_bits_to_bytes *p2;

-	t_UBSEC_ubsec_open *p3;

-	t_UBSEC_ubsec_close *p4;

-#ifndef OPENSSL_NO_DH

-	t_UBSEC_diffie_hellman_generate_ioctl *p5;

-	t_UBSEC_diffie_hellman_agree_ioctl *p6;

-#endif

-/* #ifndef OPENSSL_NO_RSA */

-	t_UBSEC_rsa_mod_exp_ioctl *p7;

-	t_UBSEC_rsa_mod_exp_crt_ioctl *p8;

-/* #endif */

-#ifndef OPENSSL_NO_DSA

-	t_UBSEC_dsa_sign_ioctl *p9;

-	t_UBSEC_dsa_verify_ioctl *p10;

-#endif

-	t_UBSEC_math_accelerate_ioctl *p11;

-	t_UBSEC_rng_ioctl *p12;

-        t_UBSEC_max_key_len_ioctl *p13;

-	int fd = 0;

-	if(ubsec_dso != NULL)

-		{

-		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);

-		goto err;

-		}

-	/*

-	 * Attempt to load libubsec.so/ubsec.dll/whatever.

-	 */

-	ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);

-	if(ubsec_dso == NULL)

-		{

-		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);

-		goto err;

-		}

-	if (

-	!(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||

-	!(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||

-	!(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||

-	!(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||

-#ifndef OPENSSL_NO_DH

-	!(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)

-				DSO_bind_func(ubsec_dso, UBSEC_F5)) ||

-	!(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)

-				DSO_bind_func(ubsec_dso, UBSEC_F6)) ||

-#endif

-/* #ifndef OPENSSL_NO_RSA */

-	!(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||

-	!(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||

-/* #endif */

-#ifndef OPENSSL_NO_DSA

-	!(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||

-	!(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||

-#endif

-	!(p11 = (t_UBSEC_math_accelerate_ioctl *)

-				DSO_bind_func(ubsec_dso, UBSEC_F11)) ||

-	!(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||

-        !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))

-		{

-		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);

-		goto err;

-		}

-	/* Copy the pointers */

-	p_UBSEC_ubsec_bytes_to_bits = p1;

-	p_UBSEC_ubsec_bits_to_bytes = p2;

-	p_UBSEC_ubsec_open = p3;

-	p_UBSEC_ubsec_close = p4;

-#ifndef OPENSSL_NO_DH

-	p_UBSEC_diffie_hellman_generate_ioctl = p5;

-	p_UBSEC_diffie_hellman_agree_ioctl = p6;

-#endif

-#ifndef OPENSSL_NO_RSA

-	p_UBSEC_rsa_mod_exp_ioctl = p7;

-	p_UBSEC_rsa_mod_exp_crt_ioctl = p8;

-#endif

-#ifndef OPENSSL_NO_DSA

-	p_UBSEC_dsa_sign_ioctl = p9;

-	p_UBSEC_dsa_verify_ioctl = p10;

-#endif

-	p_UBSEC_math_accelerate_ioctl = p11;

-	p_UBSEC_rng_ioctl = p12;

-        p_UBSEC_max_key_len_ioctl = p13;

-	/* Perform an open to see if there's actually any unit running. */

-	if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))

-	{

-	   p_UBSEC_ubsec_close(fd);

-	   return 1;

-	}

-	else

-	{

-	  UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);

-	}

-err:

-	if(ubsec_dso)

-		DSO_free(ubsec_dso);

-	ubsec_dso = NULL;

-	p_UBSEC_ubsec_bytes_to_bits = NULL;

-	p_UBSEC_ubsec_bits_to_bytes = NULL;

-	p_UBSEC_ubsec_open = NULL;

-	p_UBSEC_ubsec_close = NULL;

-#ifndef OPENSSL_NO_DH

-	p_UBSEC_diffie_hellman_generate_ioctl = NULL;

-	p_UBSEC_diffie_hellman_agree_ioctl = NULL;

-#endif

-#ifndef OPENSSL_NO_RSA

-	p_UBSEC_rsa_mod_exp_ioctl = NULL;

-	p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;

-#endif

-#ifndef OPENSSL_NO_DSA

-	p_UBSEC_dsa_sign_ioctl = NULL;

-	p_UBSEC_dsa_verify_ioctl = NULL;

-#endif

-	p_UBSEC_math_accelerate_ioctl = NULL;

-	p_UBSEC_rng_ioctl = NULL;

-        p_UBSEC_max_key_len_ioctl = NULL;

-	return 0;

-	}

-static int ubsec_finish(ENGINE *e)

-	{

-	free_UBSEC_LIBNAME();

-	if(ubsec_dso == NULL)

-		{

-		UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);

-		return 0;

-		}

-	if(!DSO_free(ubsec_dso))

-		{

-		UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);

-		return 0;

-		}

-	ubsec_dso = NULL;

-	p_UBSEC_ubsec_bytes_to_bits = NULL;

-	p_UBSEC_ubsec_bits_to_bytes = NULL;

-	p_UBSEC_ubsec_open = NULL;

-	p_UBSEC_ubsec_close = NULL;

-#ifndef OPENSSL_NO_DH

-	p_UBSEC_diffie_hellman_generate_ioctl = NULL;

-	p_UBSEC_diffie_hellman_agree_ioctl = NULL;

-#endif

-#ifndef OPENSSL_NO_RSA

-	p_UBSEC_rsa_mod_exp_ioctl = NULL;

-	p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;

-#endif

-#ifndef OPENSSL_NO_DSA

-	p_UBSEC_dsa_sign_ioctl = NULL;

-	p_UBSEC_dsa_verify_ioctl = NULL;

-#endif

-	p_UBSEC_math_accelerate_ioctl = NULL;

-	p_UBSEC_rng_ioctl = NULL;

-        p_UBSEC_max_key_len_ioctl = NULL;

-	return 1;

-	}

-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))

-	{

-	int initialised = ((ubsec_dso == NULL) ? 0 : 1);

-	switch(cmd)

-		{

-	case UBSEC_CMD_SO_PATH:

-		if(p == NULL)

-			{

-			UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);

-			return 0;

-			}

-		if(initialised)

-			{

-			UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);

-			return 0;

-			}

-		return set_UBSEC_LIBNAME((const char *)p);

-	default:

-		break;

-		}

-	UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);

-	return 0;

-	}

-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx)

-	{

-	int 	y_len = 0;

-	int 	fd;

-	if(ubsec_dso == NULL)

-	{

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);

-		return 0;

-	}

-	/* Check if hardware can't handle this argument. */

-	y_len = BN_num_bits(m);

-	if (y_len > max_key_len) {

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-                return BN_mod_exp(r, a, p, m, ctx);

-	}

-	if(!bn_wexpand(r, m->top))

-	{

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);

-		return 0;

-	}

-	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {

-		fd = 0;

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);

-                return BN_mod_exp(r, a, p, m, ctx);

-	}

-	if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),

-		(unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,

-		BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)

-	{

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-                return BN_mod_exp(r, a, p, m, ctx);

-	}

-	p_UBSEC_ubsec_close(fd);

-	r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;

-	return 1;

-	}

-#ifndef OPENSSL_NO_RSA

-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)

-	{

-	int to_return = 0;

-	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

-		{

-		UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);

-		goto err;

-		}

-	to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,

-		    rsa->dmq1, rsa->iqmp, ctx);

-	if (to_return == FAIL_TO_SOFTWARE)

-	{

-	  /*

-	   * Do in software as hardware failed.

-	   */

-	   const RSA_METHOD *meth = RSA_PKCS1_SSLeay();

-	   to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);

-	}

-err:

-	return to_return;

-	}

-#endif

-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-			const BIGNUM *q, const BIGNUM *dp,

-			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)

-	{

-	int	y_len,

-		m_len,

-		fd;

-	m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;

-	y_len = BN_num_bits(p) + BN_num_bits(q);

-	/* Check if hardware can't handle this argument. */

-	if (y_len > max_key_len) {

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);

-		return FAIL_TO_SOFTWARE;

-	}

-	if (!bn_wexpand(r, p->top + q->top + 1)) {

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);

-		return 0;

-	}

-	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {

-		fd = 0;

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);

-		return FAIL_TO_SOFTWARE;

-	}

-	if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,

-		(unsigned char *)a->d, BN_num_bits(a),

-		(unsigned char *)qinv->d, BN_num_bits(qinv),

-		(unsigned char *)dp->d, BN_num_bits(dp),

-		(unsigned char *)p->d, BN_num_bits(p),

-		(unsigned char *)dq->d, BN_num_bits(dq),

-		(unsigned char *)q->d, BN_num_bits(q),

-		(unsigned char *)r->d,  &y_len) != 0) {

-		UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-		return FAIL_TO_SOFTWARE;

-	}

-	p_UBSEC_ubsec_close(fd);

-	r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;

-	return 1;

-}

-#ifndef OPENSSL_NO_DSA

-#ifdef NOT_USED

-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

-		BN_CTX *ctx, BN_MONT_CTX *in_mont)

-	{

-	BIGNUM t;

-	int to_return = 0;

-	BN_init(&t);

-	/* let rr = a1 ^ p1 mod m */

-	if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;

-	/* let t = a2 ^ p2 mod m */

-	if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;

-	/* let rr = rr * t mod m */

-	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

-	to_return = 1;

-end:

-	BN_free(&t);

-	return to_return;

-	}

-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx)

-	{

-	return ubsec_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#endif

-/*

- * This function is aliased to mod_exp (with the mont stuff dropped).

- */

-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

-        {

-	int ret = 0;

-#ifndef OPENSSL_NO_RSA

- 	/* Do in software if the key is too large for the hardware. */

-	if (BN_num_bits(m) > max_key_len)

-                {

-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();

-		ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);

-                }

-        else

-#endif

-                {

-		ret = ubsec_mod_exp(r, a, p, m, ctx);

-                }

-	return ret;

-        }

-#ifndef OPENSSL_NO_DH

-/* This function is aliased to mod_exp (with the dh and mont dropped). */

-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,

-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

-		BN_MONT_CTX *m_ctx)

-	{

-	return ubsec_mod_exp(r, a, p, m, ctx);

-	}

-#endif

-#ifndef OPENSSL_NO_DSA

-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)

-	{

-	DSA_SIG *to_return = NULL;

-	int s_len = 160, r_len = 160, d_len, fd;

-	BIGNUM m, *r=NULL, *s=NULL;

-	BN_init(&m);

-	s = BN_new();

-	r = BN_new();

-	if ((s == NULL) || (r==NULL))

-		goto err;

-	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);

-        if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||

-       	   (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {

-		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if (BN_bin2bn(dgst,dlen,&m) == NULL) {

-		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {

-                const DSA_METHOD *meth;

-		fd = 0;

-		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);

-                meth = DSA_OpenSSL();

-                to_return =  meth->dsa_do_sign(dgst, dlen, dsa);

-		goto err;

-	}

-	if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */

-		(unsigned char *)dgst, d_len,

-		NULL, 0,  /* compute random value */

-		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),

-		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),

-		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),

-		(unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),

-		(unsigned char *)r->d, &r_len,

-		(unsigned char *)s->d, &s_len ) != 0) {

-                const DSA_METHOD *meth;

-		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-                meth = DSA_OpenSSL();

-                to_return = meth->dsa_do_sign(dgst, dlen, dsa);

-		goto err;

-	}

-	p_UBSEC_ubsec_close(fd);

-	r->top = (160+BN_BITS2-1)/BN_BITS2;

-	s->top = (160+BN_BITS2-1)/BN_BITS2;

-	to_return = DSA_SIG_new();

-	if(to_return == NULL) {

-		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	to_return->r = r;

-	to_return->s = s;

-err:

-	if (!to_return) {

-		if (r) BN_free(r);

-		if (s) BN_free(s);

-	}

-	BN_clear_free(&m);

-	return to_return;

-}

-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,

-                                DSA_SIG *sig, DSA *dsa)

-	{

-	int v_len, d_len;

-	int to_return = 0;

-	int fd;

-	BIGNUM v, *pv = &v;

-	BN_init(&v);

-	if(!bn_wexpand(pv, dsa->p->top)) {

-		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);

-		goto err;

-	}

-	v_len = BN_num_bits(dsa->p);

-	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);

-	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {

-                const DSA_METHOD *meth;

-		fd = 0;

-		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);

-                meth = DSA_OpenSSL();

-                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);

-		goto err;

-	}

-	if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */

-		(unsigned char *)dgst, d_len,

-		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),

-		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),

-		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),

-		(unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),

-		(unsigned char *)sig->r->d, BN_num_bits(sig->r),

-		(unsigned char *)sig->s->d, BN_num_bits(sig->s),

-		(unsigned char *)v.d, &v_len) != 0) {

-                const DSA_METHOD *meth;

-		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-                meth = DSA_OpenSSL();

-                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);

-		goto err;

-	}

-	p_UBSEC_ubsec_close(fd);

-	to_return = 1;

-err:

-	BN_clear_free(&v);

-	return to_return;

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)

-        {

-        int      ret      = -1,

-                 k_len,

-                 fd;

-        k_len = BN_num_bits(dh->p);

-        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)

-                {

-                const DH_METHOD *meth;

-                UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);

-                meth = DH_OpenSSL();

-                ret = meth->compute_key(key, pub_key, dh);

-                goto err;

-                }

-        if (p_UBSEC_diffie_hellman_agree_ioctl(fd,

-                                               (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),

-                                               (unsigned char *)pub_key->d, BN_num_bits(pub_key),

-                                               (unsigned char *)dh->p->d, BN_num_bits(dh->p),

-                                               key, &k_len) != 0)

-                {

-                /* Hardware's a no go, failover to software */

-                const DH_METHOD *meth;

-                UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-                meth = DH_OpenSSL();

-                ret = meth->compute_key(key, pub_key, dh);

-                goto err;

-                }

-        p_UBSEC_ubsec_close(fd);

-        ret = p_UBSEC_ubsec_bits_to_bytes(k_len);

-err:

-        return ret;

-        }

-static int ubsec_dh_generate_key(DH *dh)

-        {

-        int      ret               = 0,

-                 random_bits       = 0,

-                 pub_key_len       = 0,

-                 priv_key_len      = 0,

-                 fd;

-        BIGNUM   *pub_key          = NULL;

-        BIGNUM   *priv_key         = NULL;

-        /*

-         *  How many bits should Random x be? dh_key.c

-         *  sets the range from 0 to num_bits(modulus) ???

-         */

-        if (dh->priv_key == NULL)

-                {

-                priv_key = BN_new();

-                if (priv_key == NULL) goto err;

-                priv_key_len = BN_num_bits(dh->p);

-                bn_wexpand(priv_key, dh->p->top);

-                do

-                        if (!BN_rand_range(priv_key, dh->p)) goto err;

-                while (BN_is_zero(priv_key));

-                random_bits = BN_num_bits(priv_key);

-                }

-        else

-                {

-                priv_key = dh->priv_key;

-                }

-        if (dh->pub_key == NULL)

-                {

-                pub_key = BN_new();

-                pub_key_len = BN_num_bits(dh->p);

-                bn_wexpand(pub_key, dh->p->top);

-                if(pub_key == NULL) goto err;

-                }

-        else

-                {

-                pub_key = dh->pub_key;

-                }

-        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)

-                {

-                const DH_METHOD *meth;

-                UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);

-                meth = DH_OpenSSL();

-                ret = meth->generate_key(dh);

-                goto err;

-                }

-        if (p_UBSEC_diffie_hellman_generate_ioctl(fd,

-                                                  (unsigned char *)priv_key->d, &priv_key_len,

-                                                  (unsigned char *)pub_key->d,  &pub_key_len,

-                                                  (unsigned char *)dh->g->d, BN_num_bits(dh->g),

-                                                  (unsigned char *)dh->p->d, BN_num_bits(dh->p),

-                                                  0, 0, random_bits) != 0)

-                {

-                /* Hardware's a no go, failover to software */

-                const DH_METHOD *meth;

-                UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-                meth = DH_OpenSSL();

-                ret = meth->generate_key(dh);

-                goto err;

-                }

-        p_UBSEC_ubsec_close(fd);

-        dh->pub_key = pub_key;

-        dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;

-        dh->priv_key = priv_key;

-        dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;

-        ret = 1;

-err:

-        return ret;

-        }

-#endif

-#ifdef NOT_USED

-static int ubsec_rand_bytes(unsigned char * buf,

-                            int num)

-        {

-        int      ret      = 0,

-                 fd;

-        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)

-                {

-                const RAND_METHOD *meth;

-                UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);

-                num = p_UBSEC_ubsec_bits_to_bytes(num);

-                meth = RAND_SSLeay();

-                meth->seed(buf, num);

-                ret = meth->bytes(buf, num);

-                goto err;

-                }

-        num *= 8; /* bytes to bits */

-        if (p_UBSEC_rng_ioctl(fd,

-                              UBSEC_RNG_DIRECT,

-                              buf,

-                              &num) != 0)

-                {

-                /* Hardware's a no go, failover to software */

-                const RAND_METHOD *meth;

-                UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);

-                p_UBSEC_ubsec_close(fd);

-                num = p_UBSEC_ubsec_bits_to_bytes(num);

-                meth = RAND_SSLeay();

-                meth->seed(buf, num);

-                ret = meth->bytes(buf, num);

-                goto err;

-                }

-        p_UBSEC_ubsec_close(fd);

-        ret = 1;

-err:

-        return(ret);

-        }

-static int ubsec_rand_status(void)

-	{

-	return 0;

-	}

-#endif

-/* This stuff is needed if this ENGINE is being compiled into a self-contained

- * shared-library. */

-#ifndef OPENSSL_NO_DYNAMIC_ENGINE

-static int bind_fn(ENGINE *e, const char *id)

-	{

-	if(id && (strcmp(id, engine_ubsec_id) != 0))

-		return 0;

-	if(!bind_helper(e))

-		return 0;

-	return 1;

-	}

-IMPLEMENT_DYNAMIC_CHECK_FN()

-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_UBSEC */

-#endif /* !OPENSSL_NO_HW */

--- a/sys/src/ape/lib/openssl/engines/e_ubsec.ec

+++ /dev/null

@@ -1,1 +1,0 @@

-L UBSEC		e_ubsec_err.h			e_ubsec_err.c

--- a/sys/src/ape/lib/openssl/engines/e_ubsec_err.c

+++ /dev/null

@@ -1,157 +1,0 @@

-/* e_ubsec_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include "e_ubsec_err.h"

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(0,func,0)

-#define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA UBSEC_str_functs[]=

-	{

-{ERR_FUNC(UBSEC_F_UBSEC_CTRL),	"UBSEC_CTRL"},

-{ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY),	"UBSEC_DH_COMPUTE_KEY"},

-{ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY),	"UBSEC_DH_GENERATE_KEY"},

-{ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN),	"UBSEC_DSA_DO_SIGN"},

-{ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY),	"UBSEC_DSA_VERIFY"},

-{ERR_FUNC(UBSEC_F_UBSEC_FINISH),	"UBSEC_FINISH"},

-{ERR_FUNC(UBSEC_F_UBSEC_INIT),	"UBSEC_INIT"},

-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP),	"UBSEC_MOD_EXP"},

-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT),	"UBSEC_MOD_EXP_CRT"},

-{ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES),	"UBSEC_RAND_BYTES"},

-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP),	"UBSEC_RSA_MOD_EXP"},

-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT),	"UBSEC_RSA_MOD_EXP_CRT"},

-{0,NULL}

-	};

-static ERR_STRING_DATA UBSEC_str_reasons[]=

-	{

-{ERR_REASON(UBSEC_R_ALREADY_LOADED)      ,"already loaded"},

-{ERR_REASON(UBSEC_R_BN_EXPAND_FAIL)      ,"bn expand fail"},

-{ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},

-{ERR_REASON(UBSEC_R_DSO_FAILURE)         ,"dso failure"},

-{ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS),"missing key components"},

-{ERR_REASON(UBSEC_R_NOT_LOADED)          ,"not loaded"},

-{ERR_REASON(UBSEC_R_REQUEST_FAILED)      ,"request failed"},

-{ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},

-{ERR_REASON(UBSEC_R_UNIT_FAILURE)        ,"unit failure"},

-{0,NULL}

-	};

-#endif

-#ifdef UBSEC_LIB_NAME

-static ERR_STRING_DATA UBSEC_lib_name[]=

-        {

-{0	,UBSEC_LIB_NAME},

-{0,NULL}

-	};

-#endif

-static int UBSEC_lib_error_code=0;

-static int UBSEC_error_init=1;

-static void ERR_load_UBSEC_strings(void)

-	{

-	if (UBSEC_lib_error_code == 0)

-		UBSEC_lib_error_code=ERR_get_next_error_library();

-	if (UBSEC_error_init)

-		{

-		UBSEC_error_init=0;

-#ifndef OPENSSL_NO_ERR

-		ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);

-		ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);

-#endif

-#ifdef UBSEC_LIB_NAME

-		UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);

-		ERR_load_strings(0,UBSEC_lib_name);

-#endif

-		}

-	}

-static void ERR_unload_UBSEC_strings(void)

-	{

-	if (UBSEC_error_init == 0)

-		{

-#ifndef OPENSSL_NO_ERR

-		ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);

-		ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);

-#endif

-#ifdef UBSEC_LIB_NAME

-		ERR_unload_strings(0,UBSEC_lib_name);

-#endif

-		UBSEC_error_init=1;

-		}

-	}

-static void ERR_UBSEC_error(int function, int reason, char *file, int line)

-	{

-	if (UBSEC_lib_error_code == 0)

-		UBSEC_lib_error_code=ERR_get_next_error_library();

-	ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);

-	}

--- a/sys/src/ape/lib/openssl/engines/e_ubsec_err.h

+++ /dev/null

@@ -1,97 +1,0 @@

-/* ====================================================================

- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_UBSEC_ERR_H

-#define HEADER_UBSEC_ERR_H

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-static void ERR_load_UBSEC_strings(void);

-static void ERR_unload_UBSEC_strings(void);

-static void ERR_UBSEC_error(int function, int reason, char *file, int line);

-#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the UBSEC functions. */

-/* Function codes. */

-#define UBSEC_F_UBSEC_CTRL				 100

-#define UBSEC_F_UBSEC_DH_COMPUTE_KEY			 101

-#define UBSEC_F_UBSEC_DH_GENERATE_KEY			 111

-#define UBSEC_F_UBSEC_DSA_DO_SIGN			 102

-#define UBSEC_F_UBSEC_DSA_VERIFY			 103

-#define UBSEC_F_UBSEC_FINISH				 104

-#define UBSEC_F_UBSEC_INIT				 105

-#define UBSEC_F_UBSEC_MOD_EXP				 106

-#define UBSEC_F_UBSEC_MOD_EXP_CRT			 110

-#define UBSEC_F_UBSEC_RAND_BYTES			 107

-#define UBSEC_F_UBSEC_RSA_MOD_EXP			 108

-#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT			 109

-/* Reason codes. */

-#define UBSEC_R_ALREADY_LOADED				 100

-#define UBSEC_R_BN_EXPAND_FAIL				 101

-#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED		 102

-#define UBSEC_R_DSO_FAILURE				 103

-#define UBSEC_R_MISSING_KEY_COMPONENTS			 104

-#define UBSEC_R_NOT_LOADED				 105

-#define UBSEC_R_REQUEST_FAILED				 106

-#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107

-#define UBSEC_R_UNIT_FAILURE				 108

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/engines/engine_vector.mar

+++ /dev/null

@@ -1,24 +1,0 @@

-;

-; Transfer vector for VAX shareable image

-;

-	.TITLE ENGINE

-	.IDENT /ENGINE/

-;

-; Define macro to assist in building transfer vector entries.  Each entry

-; should take no more than 8 bytes.

-;

-	.MACRO FTRANSFER_ENTRY routine

-	.ALIGN QUAD

-	.TRANSFER routine

-	.MASK	routine

-	JMP	routine+2

-	.ENDM FTRANSFER_ENTRY

-;

-; Place entries in own program section.

-;

-	.PSECT $$ENGINE,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT

-ENGINE_xfer:

-	FTRANSFER_ENTRY bind_engine

-	FTRANSFER_ENTRY v_check

-	.BLKB 32768-<.-ENGINE_xfer>	; 64 pages total.

-	.END

--- a/sys/src/ape/lib/openssl/engines/vax.opt

+++ /dev/null

@@ -1,9 +1,0 @@

-!

-! Ensure transfer vector is at beginning of image

-!

-CLUSTER=FIRST

-COLLECT=FIRST,$$ENGINE

-!

-! make psects nonshareable so image can be installed.

-!

-PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/aep.h

+++ /dev/null

@@ -1,178 +1,0 @@

-/* This header declares the necessary definitions for using the exponentiation

- * acceleration capabilities, and rnd number generation of the AEP card.

- *

- */

-/*

- *

- * Some AEP defines

- *

- */

-/*Successful return value*/

-#define AEP_R_OK                                0x00000000

-/*Miscelleanous unsuccessful return value*/

-#define AEP_R_GENERAL_ERROR                     0x10000001

-/*Insufficient host memory*/

-#define AEP_R_HOST_MEMORY                       0x10000002

-#define AEP_R_FUNCTION_FAILED                   0x10000006

-/*Invalid arguments in function call*/

-#define AEP_R_ARGUMENTS_BAD                     0x10020000

-#define AEP_R_NO_TARGET_RESOURCES				0x10030000

-/*Error occuring on socket operation*/

-#define AEP_R_SOCKERROR							0x10000010

-/*Socket has been closed from the other end*/

-#define AEP_R_SOCKEOF							0x10000011

-/*Invalid handles*/

-#define AEP_R_CONNECTION_HANDLE_INVALID         0x100000B3

-#define AEP_R_TRANSACTION_HANDLE_INVALID		0x10040000

-/*Transaction has not yet returned from accelerator*/

-#define AEP_R_TRANSACTION_NOT_READY				0x00010000

-/*There is already a thread waiting on this transaction*/

-#define AEP_R_TRANSACTION_CLAIMED				0x10050000

-/*The transaction timed out*/

-#define AEP_R_TIMED_OUT							0x10060000

-#define AEP_R_FXN_NOT_IMPLEMENTED				0x10070000

-#define AEP_R_TARGET_ERROR						0x10080000

-/*Error in the AEP daemon process*/

-#define AEP_R_DAEMON_ERROR						0x10090000

-/*Invalid ctx id*/

-#define AEP_R_INVALID_CTX_ID					0x10009000

-#define AEP_R_NO_KEY_MANAGER					0x1000a000

-/*Error obtaining a mutex*/

-#define AEP_R_MUTEX_BAD                         0x000001A0

-/*Fxn call before AEP_Initialise ot after AEP_Finialise*/

-#define AEP_R_AEPAPI_NOT_INITIALIZED			0x10000190

-/*AEP_Initialise has already been called*/

-#define AEP_R_AEPAPI_ALREADY_INITIALIZED		0x10000191

-/*Maximum number of connections to daemon reached*/

-#define AEP_R_NO_MORE_CONNECTION_HNDLS			0x10000200

-/*

- *

- * Some AEP Type definitions

- *

- */

-/* an unsigned 8-bit value */

-typedef unsigned char				AEP_U8;

-/* an unsigned 8-bit character */

-typedef char					AEP_CHAR;

-/* a BYTE-sized Boolean flag */

-typedef AEP_U8					AEP_BBOOL;

-/*Unsigned value, at least 16 bits long*/

-typedef unsigned short				AEP_U16;

-/* an unsigned value, at least 32 bits long */

-#ifdef SIXTY_FOUR_BIT_LONG

-typedef unsigned int				AEP_U32;

-#else

-typedef unsigned long				AEP_U32;

-#endif

-#ifdef SIXTY_FOUR_BIT_LONG

-typedef unsigned long				AEP_U64;

-#else

-typedef struct { unsigned long l1, l2; }	AEP_U64;

-#endif

-/* at least 32 bits; each bit is a Boolean flag */

-typedef AEP_U32			AEP_FLAGS;

-typedef AEP_U8	    	*AEP_U8_PTR;

-typedef AEP_CHAR    	*AEP_CHAR_PTR;

-typedef AEP_U32			*AEP_U32_PTR;

-typedef AEP_U64			*AEP_U64_PTR;

-typedef void        	*AEP_VOID_PTR;

-/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */

-typedef AEP_VOID_PTR 	*AEP_VOID_PTR_PTR;

-/*Used to identify an AEP connection handle*/

-typedef AEP_U32					AEP_CONNECTION_HNDL;

-/*Pointer to an AEP connection handle*/

-typedef AEP_CONNECTION_HNDL 	*AEP_CONNECTION_HNDL_PTR;

-/*Used by an application (in conjunction with the apps process id) to

-identify an individual transaction*/

-typedef AEP_U32					AEP_TRANSACTION_ID;

-/*Pointer to an applications transaction identifier*/

-typedef AEP_TRANSACTION_ID 		*AEP_TRANSACTION_ID_PTR;

-/*Return value type*/

-typedef AEP_U32					AEP_RV;

-#define MAX_PROCESS_CONNECTIONS 256

-#define RAND_BLK_SIZE 1024

-typedef enum{

-        NotConnected=   0,

-        Connected=              1,

-        InUse=                  2

-} AEP_CONNECTION_STATE;

-typedef struct AEP_CONNECTION_ENTRY{

-        AEP_CONNECTION_STATE    conn_state;

-        AEP_CONNECTION_HNDL     conn_hndl;

-} AEP_CONNECTION_ENTRY;

-typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);

-typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);

-typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,

-			    AEP_VOID_PTR pA, AEP_VOID_PTR pP,

-			    AEP_VOID_PTR pN,

-			    AEP_VOID_PTR pResult,

-			    AEP_TRANSACTION_ID* pidTransID);

-typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,

-			       AEP_VOID_PTR pA, AEP_VOID_PTR pP,

-			       AEP_VOID_PTR pQ,

-			       AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,

-			       AEP_VOID_PTR pIqmp,

-			       AEP_VOID_PTR pResult,

-			       AEP_TRANSACTION_ID* pidTransID);

-#ifdef AEPRAND

-typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,

-			       AEP_U32 Len,

-			       AEP_U32 Type,

-			       AEP_VOID_PTR pResult,

-			       AEP_TRANSACTION_ID* pidTransID);

-#endif

-typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);

-typedef AEP_RV t_AEP_Finalize(void);

-typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize),

-				    AEP_RV (*MakeAEPBigNumFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum),

-				    AEP_RV (*ConverAEPBigNumFunc)(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum));

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/atalla.h

+++ /dev/null

@@ -1,48 +1,0 @@

-/* This header declares the necessary definitions for using the exponentiation

- * acceleration capabilities of Atalla cards. The only cryptographic operation

- * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that

- * defines an "RSA private key". However, it is really only performing a

- * regular mod_exp using the supplied modulus and exponent - no CRT form is

- * being used. Hence, it is a generic mod_exp function in disguise, and we use

- * it as such.

- *

- * Thanks to the people at Atalla for letting me know these definitions are

- * fine and that they can be reproduced here.

- *

- * Geoff.

- */

-typedef struct ItemStr

-	{

-	unsigned char *data;

-	int len;

-	} Item;

-typedef struct RSAPrivateKeyStr

-	{

-	void *reserved;

-	Item version;

-	Item modulus;

-	Item publicExponent;

-	Item privateExponent;

-	Item prime[2];

-	Item exponent[2];

-	Item coefficient;

-	} RSAPrivateKey;

-/* Predeclare the function pointer types that we dynamically load from the DSO.

- * These use the same names and form that Ben's original support code had (in

- * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style

- * somewhere along the way!

- */

-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,

-					unsigned int *ret_buf);

-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);

-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,

-					unsigned char *output,

-					unsigned char *input,

-					unsigned int modulus_len);

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/cswift.h

+++ /dev/null

@@ -1,234 +1,0 @@

-/* Attribution notice: Rainbow have generously allowed me to reproduce

- * the necessary definitions here from their API. This means the support

- * can build independently of whether application builders have the

- * API or hardware. This will allow developers to easily produce software

- * that has latent hardware support for any users that have accelertors

- * installed, without the developers themselves needing anything extra.

- *

- * I have only clipped the parts from the CryptoSwift header files that

- * are (or seem) relevant to the CryptoSwift support code. This is

- * simply to keep the file sizes reasonable.

- * [Geoff]

- */

-/* NB: These type widths do *not* seem right in general, in particular

- * they're not terribly friendly to 64-bit architectures (unsigned long)

- * will be 64-bit on IA-64 for a start. I'm leaving these alone as they

- * agree with Rainbow's API and this will only be called into question

- * on platforms with Rainbow support anyway! ;-) */

-#ifdef __cplusplus

-extern "C" {

-#endif /* __cplusplus */

-typedef long              SW_STATUS;              /* status           */

-typedef unsigned char     SW_BYTE;                /* 8 bit byte       */

-typedef unsigned short    SW_U16;                 /* 16 bit number    */

-#if defined(_IRIX)

-#include <sgidefs.h>

-typedef __uint32_t        SW_U32;

-#else

-typedef unsigned long     SW_U32;                 /* 32 bit integer   */

-#endif

-#if defined(OPENSSL_SYS_WIN32)

-  typedef struct _SW_U64 {

-      SW_U32 low32;

-      SW_U32 high32;

-  } SW_U64;                                         /* 64 bit integer   */

-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)

-  typedef longlong SW_U64

-#else /* Unix variants */

-  typedef struct _SW_U64 {

-      SW_U32 low32;

-      SW_U32 high32;

-  } SW_U64;                                         /* 64 bit integer   */

-#endif

-/* status codes */

-#define SW_OK                 (0L)

-#define SW_ERR_BASE           (-10000L)

-#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present   */

-#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered  */

-                                              /*    up yet                 */

-#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command    */

-                                              /*    time out               */

-#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to        */

-                                              /*    execute the command    */

-#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is     */

-                                              /*    NULL                   */

-#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too      */

-                                              /*    small, too large.      */

-#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT    */

-                                              /*    handle                 */

-#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */

-                                              /*    standing at this       */

-                                              /*    context handle         */

-#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.    */

-#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10)/* No request is pending.    */

-#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11)/* Not enough memory         */

-#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12)/* Invalid algorithm type    */

-                                              /*    in SW_PARAM structure  */

-#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13)/* No key is associated with */

-                                              /*    context.               */

-                                              /*    swAttachKeyParam() is  */

-                                              /*    not called.            */

-#define SW_ERR_KEY_CMD_MISMATCH \

-                              (SW_ERR_BASE-14)/* Cannot perform requested  */

-                                              /*    SW_COMMAND_CODE since  */

-                                              /*    key attached via       */

-                                              /*    swAttachKeyParam()     */

-                                              /*    cannot be used for this*/

-                                              /*    SW_COMMAND_CODE.       */

-#define SW_ERR_NOT_IMPLEMENTED \

-                              (SW_ERR_BASE-15)/* Not implemented           */

-#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16)/* Bad command code          */

-#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17)/* too small or too large in */

-                                              /*    the "initems" or       */

-                                              /*    "outitems".            */

-#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18)/* Bad accelerator number    */

-#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19)/* At least one of the self  */

-                                              /*    test fail, look at the */

-                                              /*    selfTestBitmap in      */

-                                              /*    SW_ACCELERATOR_INFO for*/

-                                              /*    details.               */

-#define SW_ERR_MISALIGN       (SW_ERR_BASE-20)/* Certain alogrithms require*/

-                                              /*    key materials aligned  */

-                                              /*    in certain order, e.g. */

-                                              /*    128 bit for CRT        */

-#define SW_ERR_OUTPUT_NULL_PTR \

-                              (SW_ERR_BASE-21)/* a required pointer is     */

-                                              /*    NULL                   */

-#define SW_ERR_OUTPUT_SIZE \

-                              (SW_ERR_BASE-22)/* size is invalid, too      */

-                                              /*    small, too large.      */

-#define SW_ERR_FIRMWARE_CHECKSUM \

-                              (SW_ERR_BASE-23)/* firmware checksum mismatch*/

-                                              /*    download failed.       */

-#define SW_ERR_UNKNOWN_FIRMWARE \

-                              (SW_ERR_BASE-24)/* unknown firmware error    */

-#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25)/* request is abort when     */

-                                              /*    it's waiting to be     */

-                                              /*    completed.             */

-#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26)/* error in writing to Non-  */

-                                              /*    volatile memory        */

-#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27)/* out of range error in     */

-                                              /*    writing to NV memory   */

-#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28)/* Random Number Generation  */

-                                              /*    failure                */

-#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/

-#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math   */

-                                              /*    calculations           */

-#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on -   */

-                                              /*    board memory           */

-#define SW_ERR_FIRMWARE_VERSION \

-                              (SW_ERR_BASE-32)/* Wrong version in firmware */

-                                              /*    update                 */

-#define SW_ERR_ZERO_WORKING_ACCELERATOR \

-                              (SW_ERR_BASE-44)/* All accelerators are bad  */

-  /* algorithm type */

-#define SW_ALG_CRT          1

-#define SW_ALG_EXP          2

-#define SW_ALG_DSA          3

-#define SW_ALG_NVDATA       4

-  /* command code */

-#define SW_CMD_MODEXP_CRT   1 /* perform Modular Exponentiation using  */

-                              /*  Chinese Remainder Theorem (CRT)      */

-#define SW_CMD_MODEXP       2 /* perform Modular Exponentiation        */

-#define SW_CMD_DSS_SIGN     3 /* perform DSS sign                      */

-#define SW_CMD_DSS_VERIFY   4 /* perform DSS verify                    */

-#define SW_CMD_RAND         5 /* perform random number generation      */

-#define SW_CMD_NVREAD       6 /* perform read to nonvolatile RAM       */

-#define SW_CMD_NVWRITE      7 /* perform write to nonvolatile RAM      */

-typedef SW_U32            SW_ALGTYPE;             /* alogrithm type   */

-typedef SW_U32            SW_STATE;               /* state            */

-typedef SW_U32            SW_COMMAND_CODE;        /* command code     */

-typedef SW_U32            SW_COMMAND_BITMAP[4];   /* bitmap           */

-typedef struct _SW_LARGENUMBER {

-    SW_U32    nbytes;       /* number of bytes in the buffer "value"  */

-    SW_BYTE*  value;        /* the large integer as a string of       */

-                            /*   bytes in network (big endian) order  */

-} SW_LARGENUMBER;

-#if defined(OPENSSL_SYS_WIN32)

-    #include <windows.h>

-    typedef HANDLE          SW_OSHANDLE;          /* handle to kernel object */

-    #define SW_OS_INVALID_HANDLE  INVALID_HANDLE_VALUE

-    #define SW_CALLCONV _stdcall

-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)

-    /* async callback mechanisms */

-    /* swiftCallbackLevel */

-    #define SW_MAC_CALLBACK_LEVEL_NO         0

-    #define SW_MAC_CALLBACK_LEVEL_HARDWARE   1	/* from the hardware ISR */

-    #define SW_MAC_CALLBACK_LEVEL_SECONDARY  2	/* as secondary ISR */

-    typedef int             SW_MAC_CALLBACK_LEVEL;

-    typedef int             SW_OSHANDLE;

-    #define SW_OS_INVALID_HANDLE  (-1)

-    #define SW_CALLCONV

-#else /* Unix variants */

-    typedef int             SW_OSHANDLE;          /* handle to driver */

-    #define SW_OS_INVALID_HANDLE  (-1)

-    #define SW_CALLCONV

-#endif

-typedef struct _SW_CRT {

-    SW_LARGENUMBER  p;      /* prime number p                         */

-    SW_LARGENUMBER  q;      /* prime number q                         */

-    SW_LARGENUMBER  dmp1;   /* exponent1                              */

-    SW_LARGENUMBER  dmq1;   /* exponent2                              */

-    SW_LARGENUMBER  iqmp;   /* CRT coefficient                        */

-} SW_CRT;

-typedef struct _SW_EXP {

-    SW_LARGENUMBER  modulus; /* modulus                                */

-    SW_LARGENUMBER  exponent;/* exponent                               */

-} SW_EXP;

-typedef struct _SW_DSA {

-    SW_LARGENUMBER  p;      /*                                        */

-    SW_LARGENUMBER  q;      /*                                        */

-    SW_LARGENUMBER  g;      /*                                        */

-    SW_LARGENUMBER  key;    /* private/public key                     */

-} SW_DSA;

-typedef struct _SW_NVDATA {

-    SW_U32 accnum;          /* accelerator board number               */

-    SW_U32 offset;          /* offset in byte                         */

-} SW_NVDATA;

-typedef struct _SW_PARAM {

-    SW_ALGTYPE    type;     /* type of the alogrithm                  */

-    union {

-        SW_CRT    crt;

-        SW_EXP    exp;

-        SW_DSA    dsa;

-        SW_NVDATA nvdata;

-    } up;

-} SW_PARAM;

-typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */

-/* Now the OpenSSL bits, these function types are the for the function

- * pointers that will bound into the Rainbow shared libraries. */

-typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);

-typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,

-                                                SW_PARAM *key_params);

-typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,

-                                                SW_COMMAND_CODE cmd,

-                				SW_LARGENUMBER pin[],

-                                		SW_U32 pin_count,

-                                                SW_LARGENUMBER pout[],

-                				SW_U32 pout_count);

-typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);

-#ifdef __cplusplus

-}

-#endif /* __cplusplus */

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/hw_4758_cca.h

+++ /dev/null

@@ -1,149 +1,0 @@

-/**********************************************************************/

-/*                                                                    */

-/*  Prototypes of the CCA verbs used by the 4758 CCA openssl driver   */

-/*                                                                    */

-/*  Maurice Gittens <[email protected]>                              */

-/*                                                                    */

-/**********************************************************************/

-#ifndef __HW_4758_CCA__

-#define __HW_4758_CCA__

-/*

- *  Only WIN32 support for now

- */

-#if defined(WIN32)

-  #define CCA_LIB_NAME "CSUNSAPI"

-  #define CSNDPKX   "CSNDPKX_32"

-  #define CSNDKRR   "CSNDKRR_32"

-  #define CSNDPKE   "CSNDPKE_32"

-  #define CSNDPKD   "CSNDPKD_32"

-  #define CSNDDSV   "CSNDDSV_32"

-  #define CSNDDSG   "CSNDDSG_32"

-  #define CSNBRNG   "CSNBRNG_32"

-  #define SECURITYAPI __stdcall

-#else

-    /* Fixme!!

-      Find out the values of these constants for other platforms.

-    */

-  #define CCA_LIB_NAME "CSUNSAPI"

-  #define CSNDPKX   "CSNDPKX"

-  #define CSNDKRR   "CSNDKRR"

-  #define CSNDPKE   "CSNDPKE"

-  #define CSNDPKD   "CSNDPKD"

-  #define CSNDDSV   "CSNDDSV"

-  #define CSNDDSG   "CSNDDSG"

-  #define CSNBRNG   "CSNBRNG"

-  #define SECURITYAPI

-#endif

-/*

- * security API prototypes

- */

-/* PKA Key Record Read */

-typedef void (SECURITYAPI *F_KEYRECORDREAD)

-             (long          * return_code,

-              long          * reason_code,

-              long          * exit_data_length,

-              unsigned char * exit_data,

-              long          * rule_array_count,

-              unsigned char * rule_array,

-              unsigned char * key_label,

-              long          * key_token_length,

-              unsigned char * key_token);

-/* Random Number Generate */

-typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)

-             (long          * return_code,

-              long          * reason_code,

-              long          * exit_data_length,

-              unsigned char * exit_data,

-              unsigned char * form,

-              unsigned char * random_number);

-/* Digital Signature Generate */

-typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)

-             (long          * return_code,

-              long          * reason_code,

-              long          * exit_data_length,

-              unsigned char * exit_data,

-              long          * rule_array_count,

-              unsigned char * rule_array,

-              long          * PKA_private_key_id_length,

-              unsigned char * PKA_private_key_id,

-              long          * hash_length,

-              unsigned char * hash,

-              long          * signature_field_length,

-              long          * signature_bit_length,

-              unsigned char * signature_field);

-/* Digital Signature Verify */

-typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(

-              long          * return_code,

-              long          * reason_code,

-              long          * exit_data_length,

-              unsigned char * exit_data,

-              long          * rule_array_count,

-              unsigned char * rule_array,

-              long          * PKA_public_key_id_length,

-              unsigned char * PKA_public_key_id,

-              long          * hash_length,

-              unsigned char * hash,

-              long          * signature_field_length,

-              unsigned char * signature_field);

-/* PKA Public Key Extract */

-typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(

-              long          * return_code,

-              long          * reason_code,

-              long          * exit_data_length,

-              unsigned char * exit_data,

-              long          * rule_array_count,

-              unsigned char * rule_array,

-              long          * source_key_identifier_length,

-              unsigned char * source_key_identifier,

-              long          * target_key_token_length,

-              unsigned char * target_key_token);

-/* PKA Encrypt */

-typedef void   (SECURITYAPI *F_PKAENCRYPT)

-               (long          *  return_code,

-                 long          *  reason_code,

-                 long          *  exit_data_length,

-                 unsigned char *  exit_data,

-                 long          *  rule_array_count,

-                 unsigned char *  rule_array,

-                 long          *  key_value_length,

-                 unsigned char *  key_value,

-                 long          *  data_struct_length,

-                 unsigned char *  data_struct,

-                 long          *  RSA_public_key_length,

-                 unsigned char *  RSA_public_key,

-                 long          *  RSA_encipher_length,

-                 unsigned char *  RSA_encipher );

-/* PKA Decrypt */

-typedef void    (SECURITYAPI *F_PKADECRYPT)

-                (long          *  return_code,

-                 long          *  reason_code,

-                 long          *  exit_data_length,

-                 unsigned char *  exit_data,

-                 long          *  rule_array_count,

-                 unsigned char *  rule_array,

-                 long          *  enciphered_key_length,

-                 unsigned char *  enciphered_key,

-                 long          *  data_struct_length,

-                 unsigned char *  data_struct,

-                 long          *  RSA_private_key_length,

-                 unsigned char *  RSA_private_key,

-                 long          *  key_value_length,

-                 unsigned char *  key_value    );

-#endif

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/hw_ubsec.h

+++ /dev/null

@@ -1,100 +1,0 @@

-/******************************************************************************

- *

- *  Copyright 2000

- *  Broadcom Corporation

- *  16215 Alton Parkway

- *  PO Box 57013

- *  Irvine CA 92619-7013

- *

- *****************************************************************************/

-/*

- * Broadcom Corporation uBSec SDK

- */

-/*

- * Character device header file.

- */

-/*

- * Revision History:

- *

- * October 2000 JTT Created.

- */

-#define MAX_PUBLIC_KEY_BITS (1024)

-#define MAX_PUBLIC_KEY_BYTES (1024/8)

-#define SHA_BIT_SIZE  (160)

-#define MAX_CRYPTO_KEY_LENGTH 24

-#define MAX_MAC_KEY_LENGTH 64

-#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")

-#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")

-/* Math command types. */

-#define UBSEC_MATH_MODADD 0x0001

-#define UBSEC_MATH_MODSUB 0x0002

-#define UBSEC_MATH_MODMUL 0x0004

-#define UBSEC_MATH_MODEXP 0x0008

-#define UBSEC_MATH_MODREM 0x0010

-#define UBSEC_MATH_MODINV 0x0020

-typedef long ubsec_MathCommand_t;

-typedef long ubsec_RNGCommand_t;

-typedef struct ubsec_crypto_context_s {

-	unsigned int	flags;

-	unsigned char	crypto[MAX_CRYPTO_KEY_LENGTH];

-	unsigned char 	auth[MAX_MAC_KEY_LENGTH];

-} ubsec_crypto_context_t, *ubsec_crypto_context_p;

-/*

- * Predeclare the function pointer types that we dynamically load from the DSO.

- */

-typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);

-typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);

-typedef int t_UBSEC_ubsec_open(unsigned char *device);

-typedef int t_UBSEC_ubsec_close(int fd);

-typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,

-	unsigned char *x, int *x_len, unsigned char *y, int *y_len,

-	unsigned char *g, int g_len, unsigned char *m, int m_len,

-	unsigned char *userX, int userX_len, int random_bits);

-typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,

-	unsigned char *x, int x_len, unsigned char *y, int y_len,

-	unsigned char *m, int m_len, unsigned char *k, int *k_len);

-typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,

-	unsigned char *x, int x_len, unsigned char *m, int m_len,

-	unsigned char *e, int e_len, unsigned char *y, int *y_len);

-typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,

-	unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,

-	unsigned char *edq, int edq_len, unsigned char *q, int q_len,

-	unsigned char *edp, int edp_len, unsigned char *p, int p_len,

-	unsigned char *y, int *y_len);

-typedef int t_UBSEC_dsa_sign_ioctl (int fd,

-	int hash, unsigned char *data, int data_len,

-	unsigned char *rndom, int random_len,

-	unsigned char *p, int p_len, unsigned char *q, int q_len,

-	unsigned char *g, int g_len, unsigned char *key, int key_len,

-	unsigned char *r, int *r_len, unsigned char *s, int *s_len);

-typedef int t_UBSEC_dsa_verify_ioctl (int fd,

-	int hash, unsigned char *data, int data_len,

-	unsigned char *p, int p_len, unsigned char *q, int q_len,

-	unsigned char *g, int g_len, unsigned char *key, int key_len,

-	unsigned char *r, int r_len, unsigned char *s, int s_len,

-	unsigned char *v, int *v_len);

-typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,

-	unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,

-	unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,

-	unsigned char *Result, int *Result_len);

-typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,

-	unsigned char *Result, int *Result_len);

-typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/hwcryptohook.h

+++ /dev/null

@@ -1,486 +1,0 @@

-/*

- * ModExp / RSA (with/without KM) plugin API

- *

- * The application will load a dynamic library which

- * exports entrypoint(s) defined in this file.

- *

- * This set of entrypoints provides only a multithreaded,

- * synchronous-within-each-thread, facility.

- *

- *

- * This file is Copyright 1998-2000 nCipher Corporation Limited.

- *

- * Redistribution and use in source and binary forms, with opr without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the copyright notice,

- *    this list of conditions, and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above

- *    copyright notice, this list of conditions, and the following

- *    disclaimer, in the documentation and/or other materials provided

- *    with the distribution

- *

- * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR

- * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any

- * damages arising directly or indirectly from this file, its use or

- * this licence.  Without prejudice to the generality of the

- * foregoing: all liability shall be excluded for direct, indirect,

- * special, incidental, consequential or other damages or any loss of

- * profits, business, revenue goodwill or anticipated savings;

- * liability shall be excluded even if nCipher or anyone else has been

- * advised of the possibility of damage.  In any event, if the

- * exclusion of liability is not effective, the liability of nCipher

- * or any author or distributor shall be limited to the lesser of the

- * price paid and 1,000 pounds sterling. This licence only fails to

- * exclude or limit liability for death or personal injury arising out

- * of negligence, and only to the extent that such an exclusion or

- * limitation is not effective.

- *

- * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL

- * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not

- * limited to, any implied warranties of merchantability, fitness for

- * a particular purpose, satisfactory quality, and/or non-infringement

- * of any third party rights.

- *

- * US Government use: This software and documentation is Commercial

- * Computer Software and Computer Software Documentation, as defined in

- * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in

- * Noncommercial Computer Software and Noncommercial Computer Software

- * Documentation."  Use, duplication or disclosure by the Government is

- * subject to the terms and conditions specified here.

- *

- * By using or distributing this file you will be accepting these

- * terms and conditions, including the limitation of liability and

- * lack of warranty.  If you do not wish to accept these terms and

- * conditions, DO NOT USE THE FILE.

- *

- *

- * The actual dynamically loadable plugin, and the library files for

- * static linking, which are also provided in some distributions, are

- * not covered by the licence described above.  You should have

- * received a separate licence with terms and conditions for these

- * library files; if you received the library files without a licence,

- * please contact nCipher.

- *

- *

- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $

- */

-#ifndef HWCRYPTOHOOK_H

-#define HWCRYPTOHOOK_H

-#include <sys/types.h>

-#include <stdio.h>

-#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES

-#define HWCRYPTOHOOK_DECLARE_APPTYPES 1

-#endif

-#define HWCRYPTOHOOK_ERROR_FAILED   -1

-#define HWCRYPTOHOOK_ERROR_FALLBACK -2

-#define HWCRYPTOHOOK_ERROR_MPISIZE  -3

-#if HWCRYPTOHOOK_DECLARE_APPTYPES

-/* These structs are defined by the application and opaque to the

- * crypto plugin.  The application may define these as it sees fit.

- * Default declarations are provided here, but the application may

- *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0

- * to prevent these declarations, and instead provide its own

- * declarations of these types.  (Pointers to them must still be

- * ordinary pointers to structs or unions, or the resulting combined

- * program will have a type inconsistency.)

- */

-typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;

-typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;

-typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;

-typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;

-#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */

-/* These next two structs are opaque to the application.  The crypto

- * plugin will return pointers to them; the caller simply manipulates

- * the pointers.

- */

-typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;

-typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;

-typedef struct {

-  char *buf;

-  size_t size;

-} HWCryptoHook_ErrMsgBuf;

-/* Used for error reporting.  When a HWCryptoHook function fails it

- * will return a sentinel value (0 for pointer-valued functions, or a

- * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for

- * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put

- * an error message there.

- *

- * size is the size of the buffer, and will not be modified.  If you

- * pass 0 for size you must pass 0 for buf, and nothing will be

- * recorded (just as if you passed 0 for the struct pointer).

- * Messages written to the buffer will always be null-terminated, even

- * when truncated to fit within size bytes.

- *

- * The contents of the buffer are not defined if there is no error.

- */

-typedef struct HWCryptoHook_MPIStruct {

-  unsigned char *buf;

-  size_t size;

-} HWCryptoHook_MPI;

-/* When one of these is returned, a pointer is passed to the function.

- * At call, size is the space available.  Afterwards it is updated to

- * be set to the actual length (which may be more than the space available,

- * if there was not enough room and the result was truncated).

- * buf (the pointer) is not updated.

- *

- * size is in bytes and may be zero at call or return, but must be a

- * multiple of the limb size.  Zero limbs at the MS end are not

- * permitted.

- */

-#define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL

-#define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL

-/* Enable requesting fallback to software in case of problems with the

- * hardware support.  This indicates to the crypto provider that the

- * application is prepared to fall back to software operation if the

- * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.

- * Without this flag those calls will never return

- * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto

- * provider to avoid repeatedly attempting to contact dead hardware

- * within a short interval, if appropriate.

- */

-#define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL

-/* Without _SimpleForkCheck the library is allowed to assume that the

- * application will not fork and call the library in the child(ren).

- *

- * When it is specified, this is allowed.  However, after a fork

- * neither parent nor child may unload any loaded keys or call

- * _Finish.  Instead, they should call exit (or die with a signal)

- * without calling _Finish.  After all the children have died the

- * parent may unload keys or call _Finish.

- *

- * This flag only has any effect on UN*X platforms.

- */

-typedef struct {

-  unsigned long flags;

-  void *logstream; /* usually a FILE*.  See below. */

-  size_t limbsize; /* bignum format - size of radix type, must be power of 2 */

-  int mslimbfirst; /* 0 or 1 */

-  int msbytefirst; /* 0 or 1; -1 = native */

-  /* All the callback functions should return 0 on success, or a

-   * nonzero integer (whose value will be visible in the error message

-   * put in the buffer passed to the call).

-   *

-   * If a callback is not available pass a null function pointer.

-   *

-   * The callbacks may not call down again into the crypto plugin.

-   */

-  /* For thread-safety.  Set everything to 0 if you promise only to be

-   * singlethreaded.  maxsimultaneous is the number of calls to

-   * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to

-   * put there then say 0 and the hook library will use a default.

-   *

-   * maxmutexes is a small limit on the number of simultaneous mutexes

-   * which will be requested by the library.  If there is no small

-   * limit, set it to 0.  If the crypto plugin cannot create the

-   * advertised number of mutexes the calls to its functions may fail.

-   * If a low number of mutexes is advertised the plugin will try to

-   * do the best it can.  Making larger numbers of mutexes available

-   * may improve performance and parallelism by reducing contention

-   * over critical sections.  Unavailability of any mutexes, implying

-   * single-threaded operation, should be indicated by the setting

-   * mutex_init et al to 0.

-   */

-  int maxmutexes;

-  int maxsimultaneous;

-  size_t mutexsize;

-  int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);

-  int (*mutex_acquire)(HWCryptoHook_Mutex*);

-  void (*mutex_release)(HWCryptoHook_Mutex*);

-  void (*mutex_destroy)(HWCryptoHook_Mutex*);

-  /* For greater efficiency, can use condition vars internally for

-   * synchronisation.  In this case maxsimultaneous is ignored, but

-   * the other mutex stuff must be available.  In singlethreaded

-   * programs, set everything to 0.

-   */

-  size_t condvarsize;

-  int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);

-  int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);

-  void (*condvar_signal)(HWCryptoHook_CondVar*);

-  void (*condvar_broadcast)(HWCryptoHook_CondVar*);

-  void (*condvar_destroy)(HWCryptoHook_CondVar*);

-  /* The semantics of acquiring and releasing mutexes and broadcasting

-   * and waiting on condition variables are expected to be those from

-   * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)

-   * fast mutexes, recursive mutexes, or nonrecursive ones.

-   *

-   * The _release/_signal/_broadcast and _destroy functions must

-   * always succeed when given a valid argument; if they are given an

-   * invalid argument then the program (crypto plugin + application)

-   * has an internal error, and they should abort the program.

-   */

-  int (*getpassphrase)(const char *prompt_info,

-                       int *len_io, char *buf,

-                       HWCryptoHook_PassphraseContext *ppctx,

-                       HWCryptoHook_CallerContext *cactx);

-  /* Passphrases and the prompt_info, if they contain high-bit-set

-   * characters, are UTF-8.  The prompt_info may be a null pointer if

-   * no prompt information is available (it should not be an empty

-   * string).  It will not contain text like `enter passphrase';

-   * instead it might say something like `Operator Card for John

-   * Smith' or `SmartCard in nFast Module #1, Slot #1'.

-   *

-   * buf points to a buffer in which to return the passphrase; on

-   * entry *len_io is the length of the buffer.  It should be updated

-   * by the callback.  The returned passphrase should not be

-   * null-terminated by the callback.

-   */

-  int (*getphystoken)(const char *prompt_info,

-                      const char *wrong_info,

-                      HWCryptoHook_PassphraseContext *ppctx,

-                      HWCryptoHook_CallerContext *cactx);

-  /* Requests that the human user physically insert a different

-   * smartcard, DataKey, etc.  The plugin should check whether the

-   * currently inserted token(s) are appropriate, and if they are it

-   * should not make this call.

-   *

-   * prompt_info is as before.  wrong_info is a description of the

-   * currently inserted token(s) so that the user is told what

-   * something is.  wrong_info, like prompt_info, may be null, but

-   * should not be an empty string.  Its contents should be

-   * syntactically similar to that of prompt_info.

-   */

-  /* Note that a single LoadKey operation might cause several calls to

-   * getpassphrase and/or requestphystoken.  If requestphystoken is

-   * not provided (ie, a null pointer is passed) then the plugin may

-   * not support loading keys for which authorisation by several cards

-   * is required.  If getpassphrase is not provided then cards with

-   * passphrases may not be supported.

-   *

-   * getpassphrase and getphystoken do not need to check that the

-   * passphrase has been entered correctly or the correct token

-   * inserted; the crypto plugin will do that.  If this is not the

-   * case then the crypto plugin is responsible for calling these

-   * routines again as appropriate until the correct token(s) and

-   * passphrase(s) are supplied as required, or until any retry limits

-   * implemented by the crypto plugin are reached.

-   *

-   * In either case, the application must allow the user to say `no'

-   * or `cancel' to indicate that they do not know the passphrase or

-   * have the appropriate token; this should cause the callback to

-   * return nonzero indicating error.

-   */

-  void (*logmessage)(void *logstream, const char *message);

-  /* A log message will be generated at least every time something goes

-   * wrong and an ErrMsgBuf is filled in (or would be if one was

-   * provided).  Other diagnostic information may be written there too,

-   * including more detailed reasons for errors which are reported in an

-   * ErrMsgBuf.

-   *

-   * When a log message is generated, this callback is called.  It

-   * should write a message to the relevant logging arrangements.

-   *

-   * The message string passed will be null-terminated and may be of arbitrary

-   * length.  It will not be prefixed by the time and date, nor by the

-   * name of the library that is generating it - if this is required,

-   * the logmessage callback must do it.  The message will not have a

-   * trailing newline (though it may contain internal newlines).

-   *

-   * If a null pointer is passed for logmessage a default function is

-   * used.  The default function treats logstream as a FILE* which has

-   * been converted to a void*.  If logstream is 0 it does nothing.

-   * Otherwise it prepends the date and time and library name and

-   * writes the message to logstream.  Each line will be prefixed by a

-   * descriptive string containing the date, time and identity of the

-   * crypto plugin.  Errors on the logstream are not reported

-   * anywhere, and the default function doesn't flush the stream, so

-   * the application must set the buffering how it wants it.

-   *

-   * The crypto plugin may also provide a facility to have copies of

-   * log messages sent elsewhere, and or for adjusting the verbosity

-   * of the log messages; any such facilities will be configured by

-   * external means.

-   */

-} HWCryptoHook_InitInfo;

-typedef

-HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,

-                                               size_t initinfosize,

-                                               const HWCryptoHook_ErrMsgBuf *errors,

-                                               HWCryptoHook_CallerContext *cactx);

-extern HWCryptoHook_Init_t HWCryptoHook_Init;

-/* Caller should set initinfosize to the size of the HWCryptoHook struct,

- * so it can be extended later.

- *

- * On success, a message for display or logging by the server,

- * including the name and version number of the plugin, will be filled

- * in into *errors; on failure *errors is used for error handling, as

- * usual.

- */

-/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED

- * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of

- * the output MPI buffer(s) was too small; the sizes of all have been

- * set to the desired size (and for those where the buffer was large

- * enough, the value may have been copied in), and no error message

- * has been recorded.

- *

- * You may pass 0 for the errors struct.  In any case, unless you set

- * _NoStderr at init time then messages may be reported to stderr.

- */

-/* The RSAImmed* functions (and key managed RSA) only work with

- * modules which have an RSA patent licence - currently that means KM

- * units; the ModExp* ones work with all modules, so you need a patent

- * licence in the software in the US.  They are otherwise identical.

- */

-typedef

-void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);

-extern HWCryptoHook_Finish_t HWCryptoHook_Finish;

-/* You must not have any calls going or keys loaded when you call this. */

-typedef

-int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,

-                               unsigned char *buf, size_t len,

-                               const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;

-typedef

-int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,

-                          HWCryptoHook_MPI a,

-                          HWCryptoHook_MPI p,

-                          HWCryptoHook_MPI n,

-                          HWCryptoHook_MPI *r,

-                          const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;

-typedef

-int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,

-                               HWCryptoHook_MPI m,

-                               HWCryptoHook_MPI e,

-                               HWCryptoHook_MPI n,

-                               HWCryptoHook_MPI *r,

-                               const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;

-typedef

-int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,

-                             HWCryptoHook_MPI a,

-                             HWCryptoHook_MPI p,

-                             HWCryptoHook_MPI q,

-                             HWCryptoHook_MPI dmp1,

-                             HWCryptoHook_MPI dmq1,

-                             HWCryptoHook_MPI iqmp,

-                             HWCryptoHook_MPI *r,

-                             const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;

-typedef

-int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,

-                                HWCryptoHook_MPI m,

-                                HWCryptoHook_MPI p,

-                                HWCryptoHook_MPI q,

-                                HWCryptoHook_MPI dmp1,

-                                HWCryptoHook_MPI dmq1,

-                                HWCryptoHook_MPI iqmp,

-                                HWCryptoHook_MPI *r,

-                                const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;

-/* The RSAImmed* and ModExp* functions may return E_FAILED or

- * E_FALLBACK for failure.

- *

- * E_FAILED means the failure is permanent and definite and there

- *    should be no attempt to fall back to software.  (Eg, for some

- *    applications, which support only the acceleration-only

- *    functions, the `key material' may actually be an encoded key

- *    identifier, and doing the operation in software would give wrong

- *    answers.)

- *

- * E_FALLBACK means that doing the computation in software would seem

- *    reasonable.  If an application pays attention to this and is

- *    able to fall back, it should also set the Fallback init flags.

- */

-typedef

-int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,

-                              const char *key_ident,

-                              HWCryptoHook_RSAKeyHandle *keyhandle_r,

-                              const HWCryptoHook_ErrMsgBuf *errors,

-                              HWCryptoHook_PassphraseContext *ppctx);

-extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;

-/* The key_ident is a null-terminated string configured by the

- * user via the application's usual configuration mechanisms.

- * It is provided to the user by the crypto provider's key management

- * system.  The user must be able to enter at least any string of between

- * 1 and 1023 characters inclusive, consisting of printable 7-bit

- * ASCII characters.  The provider should avoid using

- * any characters except alphanumerics and the punctuation

- * characters  _ - + . / @ ~  (the user is expected to be able

- * to enter these without quoting).  The string may be case-sensitive.

- * The application may allow the user to enter other NULL-terminated strings,

- * and the provider must cope (returning an error if the string is not

- * valid).

- *

- * If the key does not exist, no error is recorded and 0 is returned;

- * keyhandle_r will be set to 0 instead of to a key handle.

- */

-typedef

-int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,

-                                   HWCryptoHook_MPI *n,

-                                   HWCryptoHook_MPI *e,

-                                   const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;

-/* The crypto plugin will not store certificates.

- *

- * Although this function for acquiring the public key value is

- * provided, it is not the purpose of this API to deal fully with the

- * handling of the public key.

- *

- * It is expected that the crypto supplier's key generation program

- * will provide general facilities for producing X.509

- * self-certificates and certificate requests in PEM format.  These

- * will be given to the user so that they can configure them in the

- * application, send them to CAs, or whatever.

- *

- * In case this kind of certificate handling is not appropriate, the

- * crypto supplier's key generation program should be able to be

- * configured not to generate such a self-certificate or certificate

- * request.  Then the application will need to do all of this, and

- * will need to store and handle the public key and certificates

- * itself.

- */

-typedef

-int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,

-                                const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;

-/* Might fail due to locking problems, or other serious internal problems. */

-typedef

-int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,

-                       HWCryptoHook_RSAKeyHandle k,

-                       HWCryptoHook_MPI *r,

-                       const HWCryptoHook_ErrMsgBuf *errors);

-extern HWCryptoHook_RSA_t HWCryptoHook_RSA;

-/* RSA private key operation (sign or decrypt) - raw, unpadded. */

-#endif /*HWCRYPTOHOOK_H*/

--- a/sys/src/ape/lib/openssl/engines/vendor_defns/sureware.h

+++ /dev/null

@@ -1,239 +1,0 @@

-/*

-* Written by Corinne Dive-Reclus([email protected])

-*

-* Copyright@2001 Baltimore Technologies Ltd.

-*																								*

-*		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*

-*		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					*

-*		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*

-*		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*

-*		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*

-*		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*

-*		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*

-*		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*

-*		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*

-*		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*

-*		SUCH DAMAGE.																			*

-*

-*

-*/

-#ifdef WIN32

-#define SW_EXPORT	__declspec ( dllexport )

-#else

-#define SW_EXPORT

-#endif

-/*

-*	List of exposed SureWare errors

-*/

-#define SUREWAREHOOK_ERROR_FAILED		-1

-#define SUREWAREHOOK_ERROR_FALLBACK		-2

-#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3

-#define SUREWAREHOOK_ERROR_DATA_SIZE -4

-#define SUREWAREHOOK_ERROR_INVALID_PAD -5

-/*

-* -----------------WARNING-----------------------------------

-* In all the following functions:

-* msg is a string with at least 24 bytes free.

-* A 24 bytes string will be concatenated to the existing content of msg.

-*/

-/*

-*	SureWare Initialisation function

-*	in param threadsafe, if !=0, thread safe enabled

-*	return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success

-*/

-typedef int SureWareHook_Init_t(char*const msg,int threadsafe);

-extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;

-/*

-*	SureWare Finish function

-*/

-typedef void SureWareHook_Finish_t(void);

-extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;

-/*

-*	 PRE_CONDITION:

-*		DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE

-*/

-/*

-*	SureWare RAND Bytes function

-*	In case of failure, the content of buf is unpredictable.

-*	return 1 if success

-*			SureWareHOOK_ERROR_FALLBACK if function not available in hardware

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure

-*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf

-*

-*	in/out param buf : a num bytes long buffer where random bytes will be put

-*	in param num : the number of bytes into buf

-*/

-typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);

-extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;

-/*

-*	SureWare RAND Seed function

-*	Adds some seed to the Hardware Random Number Generator

-*	return 1 if success

-*			SureWareHOOK_ERROR_FALLBACK if function not available in hardware

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure

-*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf

-*

-*	in param buf : the seed to add into the HRNG

-*	in param num : the number of bytes into buf

-*/

-typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);

-extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;

-/*

-*	SureWare Load Private Key function

-*	return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*	No hardware is contact for this function.

-*

-*	in param key_id :the name of the private protected key file without the extension

-						".sws"

-*	out param hptr : a pointer to a buffer allocated by SureWare_Hook

-*	out param num: the effective key length in bytes

-*	out param keytype: 1 if RSA 2 if DSA

-*/

-typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);

-extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;

-/*

-*	SureWare Info Public Key function

-*	return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*	No hardware is contact for this function.

-*

-*	in param key_id :the name of the private protected key file without the extension

-						".swp"

-*	out param hptr : a pointer to a buffer allocated by SureWare_Hook

-*	out param num: the effective key length in bytes

-*	out param keytype: 1 if RSA 2 if DSA

-*/

-typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,

-										char *keytype);

-extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;

-/*

-*	SureWare Load Public Key function

-*	return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*	No hardware is contact for this function.

-*

-*	in param key_id :the name of the public protected key file without the extension

-						".swp"

-*	in param num : the bytes size of n and e

-*	out param n: where to write modulus in bn format

-*	out param e: where to write exponent in bn format

-*/

-typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,

-										unsigned long *n, unsigned long *e);

-extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;

-/*

-*	SureWare Load DSA Public Key function

-*	return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*	No hardware is contact for this function.

-*

-*	in param key_id :the name of the public protected key file without the extension

-						".swp"

-*	in param num : the bytes size of n and e

-*	out param pub: where to write pub key in bn format

-*	out param p: where to write prime in bn format

-*	out param q: where to write sunprime (length 20 bytes) in bn format

-*	out param g: where to write base in bn format

-*/

-typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,

-										unsigned long *pub, unsigned long *p,unsigned long*q,

-										unsigned long *g);

-extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;

-/*

-*	SureWare Free function

-*	Destroy the key into the hardware if destroy==1

-*/

-typedef void SureWareHook_Free_t(char *p,int destroy);

-extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;

-#define SUREWARE_PKCS1_PAD 1

-#define SUREWARE_ISO9796_PAD 2

-#define SUREWARE_NO_PAD 0

-/*

-* SureWare RSA Private Decryption

-* return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure

-*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf

-*

-*	in param flen : byte size of from and to

-*	in param from : encrypted data buffer, should be a not-null valid pointer

-*	out param tlen: byte size of decrypted data, if error, unexpected value

-*	out param to : decrypted data buffer, should be a not-null valid pointer

-*   in param prsa: a protected key pointer, should be a not-null valid pointer

-*   int padding: padding id as follow

-*					SUREWARE_PKCS1_PAD

-*					SUREWARE_NO_PAD

-*

-*/

-typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,

-										int *tlen,unsigned char *to,

-										char *prsa,int padding);

-extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;

-/*

-* SureWare RSA Signature

-* return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure

-*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf

-*

-*	in param flen : byte size of from and to

-*	in param from : encrypted data buffer, should be a not-null valid pointer

-*	out param tlen: byte size of decrypted data, if error, unexpected value

-*	out param to : decrypted data buffer, should be a not-null valid pointer

-*   in param prsa: a protected key pointer, should be a not-null valid pointer

-*   int padding: padding id as follow

-*					SUREWARE_PKCS1_PAD

-*					SUREWARE_ISO9796_PAD

-*

-*/

-typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,

-										int *tlen,unsigned char *to,

-										char *prsa,int padding);

-extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;

-/*

-* SureWare DSA Signature

-* return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure

-*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf

-*

-*	in param flen : byte size of from and to

-*	in param from : encrypted data buffer, should be a not-null valid pointer

-*	out param to : decrypted data buffer, should be a 40bytes valid pointer

-*   in param pdsa: a protected key pointer, should be a not-null valid pointer

-*

-*/

-typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,

-										unsigned long *r,unsigned long *s,char *pdsa);

-extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;

-/*

-* SureWare Mod Exp

-* return 1 if success

-*			SureWareHOOK_ERROR_FAILED if error while processing

-*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure

-*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf

-*

-*	mod and res are mlen bytes long.

-*	exp is elen bytes long

-*	data is dlen bytes long

-*	mlen,elen and dlen are all multiple of sizeof(unsigned long)

-*/

-typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,

-									int elen,const unsigned long *exponent,

-									int dlen,unsigned long *data,

-									unsigned long *res);

-extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;

--- a/sys/src/ape/lib/openssl/include/buildinf.h

+++ /dev/null

@@ -1,4 +1,0 @@

-#ifndef MK1MF_BUILD

-  #define PLATFORM "Plan 9"

-  #define DATE "Tue Jan 22 10:29:30 ART 2008"

-#endif

--- a/sys/src/ape/lib/openssl/include/e_os.h

+++ /dev/null

@@ -1,584 +1,0 @@

-/* e_os.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_E_OS_H

-#define HEADER_E_OS_H

-#include <openssl/opensslconf.h>

-#include <openssl/e_os2.h>

-/* <openssl/e_os2.h> contains what we can justify to make visible

- * to the outside; this file e_os.h is not part of the exported

- * interface. */

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#ifdef PLAN9

-#if defined(T386) || defined(Tamd64) || defined(Talpha) || defined(Tarm) || defined(Tspim)

-#define L_ENDIAN

-#elif defined(Tmips) || defined(Tsparc) || defined(Tpower)

-#define B_ENDIAN

-#else

-Error unknown byte order

-#endif

-#define	NO_STRINGS_H

-#define	NO_SYSLOG

-#define	HAVE_SOCK_OPTS

-#endif

-/* Used to checking reference counts, most while doing perl5 stuff :-) */

-#ifdef REF_PRINT

-#undef REF_PRINT

-#define REF_PRINT(a,b)	fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)

-#endif

-#ifndef DEVRANDOM

-/* set this to a comma-separated list of 'random' device files to try out.

- * My default, we will try to read at least one of these files */

-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"

-#endif

-#ifndef DEVRANDOM_EGD

-/* set this to a comma-seperated list of 'egd' sockets to try out. These

- * sockets will be tried in the order listed in case accessing the device files

- * listed in DEVRANDOM did not return enough entropy. */

-#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"

-#endif

-#if defined(OPENSSL_SYS_VXWORKS)

-#  define NO_SYS_PARAM_H

-#  define NO_CHMOD

-#  define NO_SYSLOG

-#endif

-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)

-# if macintosh==1

-#  ifndef MAC_OS_GUSI_SOURCE

-#    define MAC_OS_pre_X

-#    define NO_SYS_TYPES_H

-     typedef long ssize_t;

-#  endif

-#  define NO_SYS_PARAM_H

-#  define NO_CHMOD

-#  define NO_SYSLOG

-#  undef  DEVRANDOM

-#  define GETPID_IS_MEANINGLESS

-# endif

-#endif

-/********************************************************************

- The Microsoft section

- ********************************************************************/

-/* The following is used becaue of the small stack in some

- * Microsoft operating systems */

-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)

-#  define MS_STATIC	static

-#else

-#  define MS_STATIC

-#endif

-#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)

-#  define WIN32

-#endif

-#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)

-#  define WIN16

-#endif

-#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)

-#  define WINDOWS

-#endif

-#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)

-#  define MSDOS

-#endif

-#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)

-#  define GETPID_IS_MEANINGLESS

-#endif

-#ifdef WIN32

-#define get_last_sys_error()	GetLastError()

-#define clear_sys_error()	SetLastError(0)

-#if !defined(WINNT)

-#define WIN_CONSOLE_BUG

-#endif

-#else

-#define get_last_sys_error()	errno

-#define clear_sys_error()	errno=0

-#endif

-#if defined(WINDOWS)

-#define get_last_socket_error()	WSAGetLastError()

-#define clear_socket_error()	WSASetLastError(0)

-#define readsocket(s,b,n)	recv((s),(b),(n),0)

-#define writesocket(s,b,n)	send((s),(b),(n),0)

-#define EADDRINUSE		WSAEADDRINUSE

-#elif defined(__DJGPP__)

-#define WATT32

-#define get_last_socket_error()	errno

-#define clear_socket_error()	errno=0

-#define closesocket(s)		close_s(s)

-#define readsocket(s,b,n)	read_s(s,b,n)

-#define writesocket(s,b,n)	send(s,b,n,0)

-#elif defined(MAC_OS_pre_X)

-#define get_last_socket_error()	errno

-#define clear_socket_error()	errno=0

-#define closesocket(s)		MacSocket_close(s)

-#define readsocket(s,b,n)	MacSocket_recv((s),(b),(n),true)

-#define writesocket(s,b,n)	MacSocket_send((s),(b),(n))

-#elif defined(OPENSSL_SYS_VMS)

-#define get_last_socket_error() errno

-#define clear_socket_error()    errno=0

-#define ioctlsocket(a,b,c)      ioctl(a,b,c)

-#define closesocket(s)          close(s)

-#define readsocket(s,b,n)       recv((s),(b),(n),0)

-#define writesocket(s,b,n)      send((s),(b),(n),0)

-#elif defined(OPENSSL_SYS_VXWORKS)

-#define get_last_socket_error()	errno

-#define clear_socket_error()	errno=0

-#define ioctlsocket(a,b,c)	    ioctl((a),(b),(int)(c))

-#define closesocket(s)		    close(s)

-#define readsocket(s,b,n)	    read((s),(b),(n))

-#define writesocket(s,b,n)	    write((s),(char *)(b),(n))

-#else

-#define get_last_socket_error()	errno

-#define clear_socket_error()	errno=0

-#define ioctlsocket(a,b,c)	ioctl(a,b,c)

-#define closesocket(s)		close(s)

-#define readsocket(s,b,n)	read((s),(b),(n))

-#define writesocket(s,b,n)	write((s),(b),(n))

-#endif

-#ifdef WIN16

-#  define OPENSSL_NO_FP_API

-#  define MS_CALLBACK	_far _loadds

-#  define MS_FAR	_far

-#else

-#  define MS_CALLBACK

-#  define MS_FAR

-#endif

-#ifdef OPENSSL_NO_STDIO

-#  define OPENSSL_NO_FP_API

-#endif

-#if (defined(WINDOWS) || defined(MSDOS))

-#  ifdef __DJGPP__

-#    include <unistd.h>

-#    include <sys/stat.h>

-#    include <sys/socket.h>

-#    include <tcp.h>

-#    include <netdb.h>

-#    define _setmode setmode

-#    define _O_TEXT O_TEXT

-#    define _O_BINARY O_BINARY

-#  endif /* __DJGPP__ */

-#  ifndef S_IFDIR

-#    define S_IFDIR	_S_IFDIR

-#  endif

-#  ifndef S_IFMT

-#    define S_IFMT	_S_IFMT

-#  endif

-#  if !defined(WINNT) && !defined(__DJGPP__)

-#    define NO_SYSLOG

-#  endif

-#  define NO_DIRENT

-#  ifdef WINDOWS

-#    include <windows.h>

-#    include <stddef.h>

-#    include <errno.h>

-#    include <string.h>

-#    include <malloc.h>

-#  endif

-#  include <io.h>

-#  include <fcntl.h>

-#  ifdef OPENSSL_SYS_WINCE

-#    include <winsock_extras.h>

-#  endif

-#  define ssize_t long

-#  if defined (__BORLANDC__)

-#    define _setmode setmode

-#    define _O_TEXT O_TEXT

-#    define _O_BINARY O_BINARY

-#    define _int64 __int64

-#    define _kbhit kbhit

-#  endif

-#  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)

-#    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)

-#    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)

-#  else

-#    define EXIT(n) exit(n)

-#  endif

-#  define LIST_SEPARATOR_CHAR ';'

-#  ifndef X_OK

-#    define X_OK	0

-#  endif

-#  ifndef W_OK

-#    define W_OK	2

-#  endif

-#  ifndef R_OK

-#    define R_OK	4

-#  endif

-#  define OPENSSL_CONF	"openssl.cnf"

-#  define SSLEAY_CONF	OPENSSL_CONF

-#  define NUL_DEV	"nul"

-#  define RFILE		".rnd"

-#  ifdef OPENSSL_SYS_WINCE

-#    define DEFAULT_HOME  ""

-#  else

-#    define DEFAULT_HOME  "C:"

-#  endif

-#else /* The non-microsoft world world */

-#  ifdef OPENSSL_SYS_VMS

-#    define VMS 1

-  /* some programs don't include stdlib, so exit() and others give implicit

-     function warnings */

-#    include <stdlib.h>

-#    if defined(__DECC)

-#      include <unistd.h>

-#    else

-#      include <unixlib.h>

-#    endif

-#    define OPENSSL_CONF	"openssl.cnf"

-#    define SSLEAY_CONF		OPENSSL_CONF

-#    define RFILE		".rnd"

-#    define LIST_SEPARATOR_CHAR ','

-#    define NUL_DEV		"NLA0:"

-  /* We don't have any well-defined random devices on VMS, yet... */

-#    undef DEVRANDOM

-  /* We need to do this since VMS has the following coding on status codes:

-     Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...

-               The important thing to know is that odd numbers are considered

-	       good, while even ones are considered errors.

-     Bits 3-15: actual status number

-     Bits 16-27: facility number.  0 is considered "unknown"

-     Bits 28-31: control bits.  If bit 28 is set, the shell won't try to

-                 output the message (which, for random codes, just looks ugly)

-     So, what we do here is to change 0 to 1 to get the default success status,

-     and everything else is shifted up to fit into the status number field, and

-     the status is tagged as an error, which I believe is what is wanted here.

-     -- Richard Levitte

-  */

-#    define EXIT(n)		do { int __VMS_EXIT = n; \

-                                     if (__VMS_EXIT == 0) \

-				       __VMS_EXIT = 1; \

-				     else \

-				       __VMS_EXIT = (n << 3) | 2; \

-                                     __VMS_EXIT |= 0x10000000; \

-				     exit(__VMS_EXIT); } while(0)

-#    define NO_SYS_PARAM_H

-#  else

-     /* !defined VMS */

-#    ifdef OPENSSL_SYS_MPE

-#      define NO_SYS_PARAM_H

-#    endif

-#    ifdef OPENSSL_UNISTD

-#      include OPENSSL_UNISTD

-#    else

-#      include <unistd.h>

-#    endif

-#    ifndef NO_SYS_TYPES_H

-#      include <sys/types.h>

-#    endif

-#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)

-#      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP

-                         * (unless when compiling with -D_POSIX_SOURCE,

-                         * which doesn't work for us) */

-#    endif

-#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)

-#      define ssize_t int /* ditto */

-#    endif

-#    ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */

-#      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))

-       typedef unsigned long clock_t;

-#    endif

-#    define OPENSSL_CONF	"openssl.cnf"

-#    define SSLEAY_CONF		OPENSSL_CONF

-#    define RFILE		".rnd"

-#    define LIST_SEPARATOR_CHAR ':'

-#    define NUL_DEV		"/dev/null"

-#    define EXIT(n)		exit(n)

-#  endif

-#  define SSLeay_getpid()	getpid()

-#endif

-/*************/

-#ifdef USE_SOCKETS

-#  if defined(WINDOWS) || defined(MSDOS)

-      /* windows world */

-#    ifdef OPENSSL_NO_SOCK

-#      define SSLeay_Write(a,b,c)	(-1)

-#      define SSLeay_Read(a,b,c)	(-1)

-#      define SHUTDOWN(fd)		close(fd)

-#      define SHUTDOWN2(fd)		close(fd)

-#    elif !defined(__DJGPP__)

-#      include <winsock.h>

-extern HINSTANCE _hInstance;

-#      define SSLeay_Write(a,b,c)	send((a),(b),(c),0)

-#      define SSLeay_Read(a,b,c)	recv((a),(b),(c),0)

-#      define SHUTDOWN(fd)		{ shutdown((fd),0); closesocket(fd); }

-#      define SHUTDOWN2(fd)		{ shutdown((fd),2); closesocket(fd); }

-#    else

-#      define SSLeay_Write(a,b,c)	write_s(a,b,c,0)

-#      define SSLeay_Read(a,b,c)	read_s(a,b,c)

-#      define SHUTDOWN(fd)		close_s(fd)

-#      define SHUTDOWN2(fd)		close_s(fd)

-#    endif

-#  elif defined(MAC_OS_pre_X)

-#    include "MacSocket.h"

-#    define SSLeay_Write(a,b,c)		MacSocket_send((a),(b),(c))

-#    define SSLeay_Read(a,b,c)		MacSocket_recv((a),(b),(c),true)

-#    define SHUTDOWN(fd)		MacSocket_close(fd)

-#    define SHUTDOWN2(fd)		MacSocket_close(fd)

-#  else

-#    ifndef NO_SYS_PARAM_H

-#      include <sys/param.h>

-#    endif

-#    ifdef OPENSSL_SYS_VXWORKS

-#      include <time.h>

-#    elif !defined(OPENSSL_SYS_MPE)

-#      include <sys/time.h> /* Needed under linux for FD_XXX */

-#    endif

-#    include <netdb.h>

-#    if defined(OPENSSL_SYS_VMS_NODECC)

-#      include <socket.h>

-#      include <in.h>

-#      include <inet.h>

-#    else

-#      include <sys/socket.h>

-#      ifdef FILIO_H

-#        include <sys/filio.h> /* Added for FIONBIO under unixware */

-#      endif

-#      include <netinet/in.h>

-#      include <arpa/inet.h>

-#    endif

-#    if defined(NeXT) || defined(_NEXT_SOURCE)

-#      include <sys/fcntl.h>

-#      include <sys/types.h>

-#    endif

-#    ifdef OPENSSL_SYS_AIX

-#      include <sys/select.h>

-#    endif

-#    ifdef __QNX__

-#      include <sys/select.h>

-#    endif

-#    if defined(sun)

-#      include <sys/filio.h>

-#    else

-#      ifndef VMS

-#        include <sys/ioctl.h>

-#      else

-	 /* ioctl is only in VMS > 7.0 and when socketshr is not used */

-#        if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)

-#          include <sys/ioctl.h>

-#        endif

-#      endif

-#    endif

-#    ifdef VMS

-#      include <unixio.h>

-#      if defined(TCPIP_TYPE_SOCKETSHR)

-#        include <socketshr.h>

-#      endif

-#    endif

-#    define SSLeay_Read(a,b,c)     read((a),(b),(c))

-#    define SSLeay_Write(a,b,c)    write((a),(b),(c))

-#    define SHUTDOWN(fd)    { shutdown((fd),0); closesocket((fd)); }

-#    define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }

-#    ifndef INVALID_SOCKET

-#    define INVALID_SOCKET	(-1)

-#    endif /* INVALID_SOCKET */

-#  endif

-#endif

-#if defined(__ultrix)

-#  ifndef ssize_t

-#    define ssize_t int

-#  endif

-#endif

-#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)

-  /* include headers first, so our defines don't break it */

-#include <stdlib.h>

-#include <string.h>

-  /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */

-# define memmove(s1,s2,n) bcopy((s2),(s1),(n))

-# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))

-extern char *sys_errlist[]; extern int sys_nerr;

-# define strerror(errnum) \

-	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])

-#endif

-#ifndef OPENSSL_EXIT

-# if defined(MONOLITH) && !defined(OPENSSL_C)

-#  define OPENSSL_EXIT(n) return(n)

-# else

-#  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)

-# endif

-#endif

-/***********************************************/

-/* do we need to do this for getenv.

- * Just define getenv for use under windows */

-#ifdef WIN16

-/* How to do this needs to be thought out a bit more.... */

-/*char *GETENV(char *);

-#define Getenv	GETENV*/

-#define Getenv	getenv

-#else

-#define Getenv getenv

-#endif

-#define DG_GCC_BUG	/* gcc < 2.6.3 on DGUX */

-#ifdef sgi

-#define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */

-#endif

-#ifdef OPENSSL_SYS_SNI

-#define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/

-#endif

-#if defined(OPENSSL_SYS_WINDOWS)

-#  define strcasecmp _stricmp

-#  define strncasecmp _strnicmp

-#elif defined(OPENSSL_SYS_VMS)

-/* VMS below version 7.0 doesn't have strcasecmp() */

-#  include "o_str.h"

-#  define strcasecmp OPENSSL_strcasecmp

-#  define strncasecmp OPENSSL_strncasecmp

-#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)

-#  define strcasecmp stricmp

-#  define strncasecmp strnicmp

-#else

-#  ifdef NO_STRINGS_H

-    int	strcasecmp();

-    int	strncasecmp();

-#  else

-#    include <strings.h>

-#  endif /* NO_STRINGS_H */

-#endif

-#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)

-# include <io.h>

-# include <fcntl.h>

-# define NO_SYSLOG

-#endif

-/* vxworks */

-#if defined(OPENSSL_SYS_VXWORKS)

-#include <ioLib.h>

-#include <tickLib.h>

-#include <sysLib.h>

-#define TTY_STRUCT int

-#define sleep(a) taskDelay((a) * sysClkRateGet())

-#include <vxWorks.h>

-#include <sockLib.h>

-#include <taskLib.h>

-#define getpid taskIdSelf

-/* NOTE: these are implemented by helpers in database app!

- * if the database is not linked, we need to implement them

- * elswhere */

-struct hostent *gethostbyname(const char *name);

-struct hostent *gethostbyaddr(const char *addr, int length, int type);

-struct servent *getservbyname(const char *name, const char *proto);

-#endif

-/* end vxworks */

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/mkfile

+++ /dev/null

@@ -1,9 +1,0 @@

-DIRS=ssl crypto apps

-default:V:	all

-all clean nuke install installall:V:

-	for (i in $DIRS) @{

-		cd $i

-		mk $target

-	}

--- a/sys/src/ape/lib/openssl/openssl.proto

+++ /dev/null

@@ -1,16 +1,0 @@

-# APE Libs - OpenSSL

-386	- sys sys

-	lib	- sys sys

-		ape	- sys sys

-			libcrypto.a	- sys sys

-			libssl.a	- sys sys

-sys	- sys sys

-	include	- sys sys

-		ape	- sys sys

-			openssl	- sys sys

-				+	- sys sys

-	src	- sys sys

-		ape	- sys sys

-			lib	- sys sys

-				openssl	- sys sys

-					+ 	- sys sys

--- a/sys/src/ape/lib/openssl/ssl/bio_ssl.c

+++ /dev/null

@@ -1,598 +1,0 @@

-/* ssl/bio_ssl.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include <openssl/crypto.h>

-#include <openssl/bio.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-static int ssl_write(BIO *h, const char *buf, int num);

-static int ssl_read(BIO *h, char *buf, int size);

-static int ssl_puts(BIO *h, const char *str);

-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);

-static int ssl_new(BIO *h);

-static int ssl_free(BIO *data);

-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);

-typedef struct bio_ssl_st

-	{

-	SSL *ssl; /* The ssl handle :-) */

-	/* re-negotiate every time the total number of bytes is this size */

-	int num_renegotiates;

-	unsigned long renegotiate_count;

-	unsigned long byte_count;

-	unsigned long renegotiate_timeout;

-	unsigned long last_time;

-	} BIO_SSL;

-static BIO_METHOD methods_sslp=

-	{

-	BIO_TYPE_SSL,"ssl",

-	ssl_write,

-	ssl_read,

-	ssl_puts,

-	NULL, /* ssl_gets, */

-	ssl_ctrl,

-	ssl_new,

-	ssl_free,

-	ssl_callback_ctrl,

-	};

-BIO_METHOD *BIO_f_ssl(void)

-	{

-	return(&methods_sslp);

-	}

-static int ssl_new(BIO *bi)

-	{

-	BIO_SSL *bs;

-	bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));

-	if (bs == NULL)

-		{

-		BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	memset(bs,0,sizeof(BIO_SSL));

-	bi->init=0;

-	bi->ptr=(char *)bs;

-	bi->flags=0;

-	return(1);

-	}

-static int ssl_free(BIO *a)

-	{

-	BIO_SSL *bs;

-	if (a == NULL) return(0);

-	bs=(BIO_SSL *)a->ptr;

-	if (bs->ssl != NULL) SSL_shutdown(bs->ssl);

-	if (a->shutdown)

-		{

-		if (a->init && (bs->ssl != NULL))

-			SSL_free(bs->ssl);

-		a->init=0;

-		a->flags=0;

-		}

-	if (a->ptr != NULL)

-		OPENSSL_free(a->ptr);

-	return(1);

-	}

-static int ssl_read(BIO *b, char *out, int outl)

-	{

-	int ret=1;

-	BIO_SSL *sb;

-	SSL *ssl;

-	int retry_reason=0;

-	int r=0;

-	if (out == NULL) return(0);

-	sb=(BIO_SSL *)b->ptr;

-	ssl=sb->ssl;

-	BIO_clear_retry_flags(b);

-#if 0

-	if (!SSL_is_init_finished(ssl))

-		{

-/*		ret=SSL_do_handshake(ssl); */

-		if (ret > 0)

-			{

-			outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);

-			ret= -1;

-			goto end;

-			}

-		}

-#endif

-/*	if (ret > 0) */

-	ret=SSL_read(ssl,out,outl);

-	switch (SSL_get_error(ssl,ret))

-		{

-	case SSL_ERROR_NONE:

-		if (ret <= 0) break;

-		if (sb->renegotiate_count > 0)

-			{

-			sb->byte_count+=ret;

-			if (sb->byte_count > sb->renegotiate_count)

-				{

-				sb->byte_count=0;

-				sb->num_renegotiates++;

-				SSL_renegotiate(ssl);

-				r=1;

-				}

-			}

-		if ((sb->renegotiate_timeout > 0) && (!r))

-			{

-			unsigned long tm;

-			tm=(unsigned long)time(NULL);

-			if (tm > sb->last_time+sb->renegotiate_timeout)

-				{

-				sb->last_time=tm;

-				sb->num_renegotiates++;

-				SSL_renegotiate(ssl);

-				}

-			}

-		break;

-	case SSL_ERROR_WANT_READ:

-		BIO_set_retry_read(b);

-		break;

-	case SSL_ERROR_WANT_WRITE:

-		BIO_set_retry_write(b);

-		break;

-	case SSL_ERROR_WANT_X509_LOOKUP:

-		BIO_set_retry_special(b);

-		retry_reason=BIO_RR_SSL_X509_LOOKUP;

-		break;

-	case SSL_ERROR_WANT_ACCEPT:

-		BIO_set_retry_special(b);

-		retry_reason=BIO_RR_ACCEPT;

-		break;

-	case SSL_ERROR_WANT_CONNECT:

-		BIO_set_retry_special(b);

-		retry_reason=BIO_RR_CONNECT;

-		break;

-	case SSL_ERROR_SYSCALL:

-	case SSL_ERROR_SSL:

-	case SSL_ERROR_ZERO_RETURN:

-	default:

-		break;

-		}

-	b->retry_reason=retry_reason;

-	return(ret);

-	}

-static int ssl_write(BIO *b, const char *out, int outl)

-	{

-	int ret,r=0;

-	int retry_reason=0;

-	SSL *ssl;

-	BIO_SSL *bs;

-	if (out == NULL) return(0);

-	bs=(BIO_SSL *)b->ptr;

-	ssl=bs->ssl;

-	BIO_clear_retry_flags(b);

-/*	ret=SSL_do_handshake(ssl);

-	if (ret > 0) */

-	ret=SSL_write(ssl,out,outl);

-	switch (SSL_get_error(ssl,ret))

-		{

-	case SSL_ERROR_NONE:

-		if (ret <= 0) break;

-		if (bs->renegotiate_count > 0)

-			{

-			bs->byte_count+=ret;

-			if (bs->byte_count > bs->renegotiate_count)

-				{

-				bs->byte_count=0;

-				bs->num_renegotiates++;

-				SSL_renegotiate(ssl);

-				r=1;

-				}

-			}

-		if ((bs->renegotiate_timeout > 0) && (!r))

-			{

-			unsigned long tm;

-			tm=(unsigned long)time(NULL);

-			if (tm > bs->last_time+bs->renegotiate_timeout)

-				{

-				bs->last_time=tm;

-				bs->num_renegotiates++;

-				SSL_renegotiate(ssl);

-				}

-			}

-		break;

-	case SSL_ERROR_WANT_WRITE:

-		BIO_set_retry_write(b);

-		break;

-	case SSL_ERROR_WANT_READ:

-		BIO_set_retry_read(b);

-		break;

-	case SSL_ERROR_WANT_X509_LOOKUP:

-		BIO_set_retry_special(b);

-		retry_reason=BIO_RR_SSL_X509_LOOKUP;

-		break;

-	case SSL_ERROR_WANT_CONNECT:

-		BIO_set_retry_special(b);

-		retry_reason=BIO_RR_CONNECT;

-	case SSL_ERROR_SYSCALL:

-	case SSL_ERROR_SSL:

-	default:

-		break;

-		}

-	b->retry_reason=retry_reason;

-	return(ret);

-	}

-static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)

-	{

-	SSL **sslp,*ssl;

-	BIO_SSL *bs;

-	BIO *dbio,*bio;

-	long ret=1;

-	bs=(BIO_SSL *)b->ptr;

-	ssl=bs->ssl;

-	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))

-		return(0);

-	switch (cmd)

-		{

-	case BIO_CTRL_RESET:

-		SSL_shutdown(ssl);

-		if (ssl->handshake_func == ssl->method->ssl_connect)

-			SSL_set_connect_state(ssl);

-		else if (ssl->handshake_func == ssl->method->ssl_accept)

-			SSL_set_accept_state(ssl);

-		SSL_clear(ssl);

-		if (b->next_bio != NULL)

-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);

-		else if (ssl->rbio != NULL)

-			ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);

-		else

-			ret=1;

-		break;

-	case BIO_CTRL_INFO:

-		ret=0;

-		break;

-	case BIO_C_SSL_MODE:

-		if (num) /* client mode */

-			SSL_set_connect_state(ssl);

-		else

-			SSL_set_accept_state(ssl);

-		break;

-	case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:

-		ret=bs->renegotiate_timeout;

-		if (num < 60) num=5;

-		bs->renegotiate_timeout=(unsigned long)num;

-		bs->last_time=(unsigned long)time(NULL);

-		break;

-	case BIO_C_SET_SSL_RENEGOTIATE_BYTES:

-		ret=bs->renegotiate_count;

-		if ((long)num >=512)

-			bs->renegotiate_count=(unsigned long)num;

-		break;

-	case BIO_C_GET_SSL_NUM_RENEGOTIATES:

-		ret=bs->num_renegotiates;

-		break;

-	case BIO_C_SET_SSL:

-		if (ssl != NULL)

-			ssl_free(b);

-		b->shutdown=(int)num;

-		ssl=(SSL *)ptr;

-		((BIO_SSL *)b->ptr)->ssl=ssl;

-		bio=SSL_get_rbio(ssl);

-		if (bio != NULL)

-			{

-			if (b->next_bio != NULL)

-				BIO_push(bio,b->next_bio);

-			b->next_bio=bio;

-			CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);

-			}

-		b->init=1;

-		break;

-	case BIO_C_GET_SSL:

-		if (ptr != NULL)

-			{

-			sslp=(SSL **)ptr;

-			*sslp=ssl;

-			}

-		else

-			ret=0;

-		break;

-	case BIO_CTRL_GET_CLOSE:

-		ret=b->shutdown;

-		break;

-	case BIO_CTRL_SET_CLOSE:

-		b->shutdown=(int)num;

-		break;

-	case BIO_CTRL_WPENDING:

-		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_PENDING:

-		ret=SSL_pending(ssl);

-		if (ret == 0)

-			ret=BIO_pending(ssl->rbio);

-		break;

-	case BIO_CTRL_FLUSH:

-		BIO_clear_retry_flags(b);

-		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);

-		BIO_copy_next_retry(b);

-		break;

-	case BIO_CTRL_PUSH:

-		if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))

-			{

-			SSL_set_bio(ssl,b->next_bio,b->next_bio);

-			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);

-			}

-		break;

-	case BIO_CTRL_POP:

-		/* ugly bit of a hack */

-		if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */

-			{

-			BIO_free_all(ssl->wbio);

-			}

-		if (b->next_bio != NULL)

-			{

-			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);

-			}

-		ssl->wbio=NULL;

-		ssl->rbio=NULL;

-		break;

-	case BIO_C_DO_STATE_MACHINE:

-		BIO_clear_retry_flags(b);

-		b->retry_reason=0;

-		ret=(int)SSL_do_handshake(ssl);

-		switch (SSL_get_error(ssl,(int)ret))

-			{

-		case SSL_ERROR_WANT_READ:

-			BIO_set_flags(b,

-				BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);

-			break;

-		case SSL_ERROR_WANT_WRITE:

-			BIO_set_flags(b,

-				BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);

-			break;

-		case SSL_ERROR_WANT_CONNECT:

-			BIO_set_flags(b,

-				BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);

-			b->retry_reason=b->next_bio->retry_reason;

-			break;

-		default:

-			break;

-			}

-		break;

-	case BIO_CTRL_DUP:

-		dbio=(BIO *)ptr;

-		if (((BIO_SSL *)dbio->ptr)->ssl != NULL)

-			SSL_free(((BIO_SSL *)dbio->ptr)->ssl);

-		((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);

-		((BIO_SSL *)dbio->ptr)->renegotiate_count=

-			((BIO_SSL *)b->ptr)->renegotiate_count;

-		((BIO_SSL *)dbio->ptr)->byte_count=

-			((BIO_SSL *)b->ptr)->byte_count;

-		((BIO_SSL *)dbio->ptr)->renegotiate_timeout=

-			((BIO_SSL *)b->ptr)->renegotiate_timeout;

-		((BIO_SSL *)dbio->ptr)->last_time=

-			((BIO_SSL *)b->ptr)->last_time;

-		ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);

-		break;

-	case BIO_C_GET_FD:

-		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);

-		break;

-	case BIO_CTRL_SET_CALLBACK:

-		{

-#if 0 /* FIXME: Should this be used?  -- Richard Levitte */

-		SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		ret = -1;

-#else

-		ret=0;

-#endif

-		}

-		break;

-	case BIO_CTRL_GET_CALLBACK:

-		{

-		void (**fptr)(const SSL *xssl,int type,int val);

-		fptr=(void (**)(const SSL *xssl,int type,int val))ptr;

-		*fptr=SSL_get_info_callback(ssl);

-		}

-		break;

-	default:

-		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);

-		break;

-		}

-	return(ret);

-	}

-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)

-	{

-	SSL *ssl;

-	BIO_SSL *bs;

-	long ret=1;

-	bs=(BIO_SSL *)b->ptr;

-	ssl=bs->ssl;

-	switch (cmd)

-		{

-	case BIO_CTRL_SET_CALLBACK:

-		{

-		/* FIXME: setting this via a completely different prototype

-		   seems like a crap idea */

-		SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);

-		}

-		break;

-	default:

-		ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);

-		break;

-		}

-	return(ret);

-	}

-static int ssl_puts(BIO *bp, const char *str)

-	{

-	int n,ret;

-	n=strlen(str);

-	ret=BIO_write(bp,str,n);

-	return(ret);

-	}

-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)

-	{

-#ifndef OPENSSL_NO_SOCK

-	BIO *ret=NULL,*buf=NULL,*ssl=NULL;

-	if ((buf=BIO_new(BIO_f_buffer())) == NULL)

-		return(NULL);

-	if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)

-		goto err;

-	if ((ret=BIO_push(buf,ssl)) == NULL)

-		goto err;

-	return(ret);

-err:

-	if (buf != NULL) BIO_free(buf);

-	if (ssl != NULL) BIO_free(ssl);

-#endif

-	return(NULL);

-	}

-BIO *BIO_new_ssl_connect(SSL_CTX *ctx)

-	{

-	BIO *ret=NULL,*con=NULL,*ssl=NULL;

-	if ((con=BIO_new(BIO_s_connect())) == NULL)

-		return(NULL);

-	if ((ssl=BIO_new_ssl(ctx,1)) == NULL)

-		goto err;

-	if ((ret=BIO_push(ssl,con)) == NULL)

-		goto err;

-	return(ret);

-err:

-	if (con != NULL) BIO_free(con);

-	if (ret != NULL) BIO_free(ret);

-	return(NULL);

-	}

-BIO *BIO_new_ssl(SSL_CTX *ctx, int client)

-	{

-	BIO *ret;

-	SSL *ssl;

-	if ((ret=BIO_new(BIO_f_ssl())) == NULL)

-		return(NULL);

-	if ((ssl=SSL_new(ctx)) == NULL)

-		{

-		BIO_free(ret);

-		return(NULL);

-		}

-	if (client)

-		SSL_set_connect_state(ssl);

-	else

-		SSL_set_accept_state(ssl);

-	BIO_set_ssl(ret,ssl,BIO_CLOSE);

-	return(ret);

-	}

-int BIO_ssl_copy_session_id(BIO *t, BIO *f)

-	{

-	t=BIO_find_type(t,BIO_TYPE_SSL);

-	f=BIO_find_type(f,BIO_TYPE_SSL);

-	if ((t == NULL) || (f == NULL))

-		return(0);

-	if (	(((BIO_SSL *)t->ptr)->ssl == NULL) ||

-		(((BIO_SSL *)f->ptr)->ssl == NULL))

-		return(0);

-	SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);

-	return(1);

-	}

-void BIO_ssl_shutdown(BIO *b)

-	{

-	SSL *s;

-	while (b != NULL)

-		{

-		if (b->method->type == BIO_TYPE_SSL)

-			{

-			s=((BIO_SSL *)b->ptr)->ssl;

-			SSL_shutdown(s);

-			break;

-			}

-		b=b->next_bio;

-		}

-	}

--- a/sys/src/ape/lib/openssl/ssl/d1_both.c

+++ /dev/null

@@ -1,1193 +1,0 @@

-/* ssl/d1_both.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <limits.h>

-#include <string.h>

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-/* XDTLS:  figure out the right values */

-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};

-static unsigned int dtls1_min_mtu(void);

-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);

-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,

-	unsigned long frag_len);

-static unsigned char *dtls1_write_message_header(SSL *s,

-	unsigned char *p);

-static void dtls1_set_message_header_int(SSL *s, unsigned char mt,

-	unsigned long len, unsigned short seq_num, unsigned long frag_off,

-	unsigned long frag_len);

-static int dtls1_retransmit_buffered_messages(SSL *s);

-static long dtls1_get_message_fragment(SSL *s, int st1, int stn,

-	long max, int *ok);

-static hm_fragment *

-dtls1_hm_fragment_new(unsigned long frag_len)

-	{

-	hm_fragment *frag = NULL;

-	unsigned char *buf = NULL;

-	frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));

-	if ( frag == NULL)

-		return NULL;

-	if (frag_len)

-		{

-		buf = (unsigned char *)OPENSSL_malloc(frag_len);

-		if ( buf == NULL)

-			{

-			OPENSSL_free(frag);

-			return NULL;

-			}

-		}

-	/* zero length fragment gets zero frag->fragment */

-	frag->fragment = buf;

-	return frag;

-	}

-static void

-dtls1_hm_fragment_free(hm_fragment *frag)

-	{

-	if (frag->fragment) OPENSSL_free(frag->fragment);

-	OPENSSL_free(frag);

-	}

-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */

-int dtls1_do_write(SSL *s, int type)

-	{

-	int ret;

-	int curr_mtu;

-	unsigned int len, frag_off;

-	/* AHA!  Figure out the MTU, and stick to the right size */

-	if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))

-		{

-		s->d1->mtu =

-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

-		/* I've seen the kernel return bogus numbers when it doesn't know

-		 * (initial write), so just make sure we have a reasonable number */

-		if ( s->d1->mtu < dtls1_min_mtu())

-			{

-			s->d1->mtu = 0;

-			s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);

-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,

-				s->d1->mtu, NULL);

-			}

-		}

-#if 0

-	mtu = s->d1->mtu;

-	fprintf(stderr, "using MTU = %d\n", mtu);

-	mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);

-	curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));

-	if ( curr_mtu > 0)

-		mtu = curr_mtu;

-	else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)

-		return ret;

-	if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)

-		{

-		ret = BIO_flush(SSL_get_wbio(s));

-		if ( ret <= 0)

-			return ret;

-		mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);

-		}

-	OPENSSL_assert(mtu > 0);  /* should have something reasonable now */

-#endif

-	if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)

-		OPENSSL_assert(s->init_num ==

-			(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);

-	frag_off = 0;

-	while( s->init_num)

-		{

-		curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -

-			DTLS1_RT_HEADER_LENGTH;

-		if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)

-			{

-			/* grr.. we could get an error if MTU picked was wrong */

-			ret = BIO_flush(SSL_get_wbio(s));

-			if ( ret <= 0)

-				return ret;

-			curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;

-			}

-		if ( s->init_num > curr_mtu)

-			len = curr_mtu;

-		else

-			len = s->init_num;

-		/* XDTLS: this function is too long.  split out the CCS part */

-		if ( type == SSL3_RT_HANDSHAKE)

-			{

-			if ( s->init_off != 0)

-				{

-				OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);

-				s->init_off -= DTLS1_HM_HEADER_LENGTH;

-				s->init_num += DTLS1_HM_HEADER_LENGTH;

-				/* write atleast DTLS1_HM_HEADER_LENGTH bytes */

-				if ( len <= DTLS1_HM_HEADER_LENGTH)

-					len += DTLS1_HM_HEADER_LENGTH;

-				}

-			dtls1_fix_message_header(s, frag_off,

-				len - DTLS1_HM_HEADER_LENGTH);

-			dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);

-			OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);

-			}

-		ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],

-			len);

-		if (ret < 0)

-			{

-			/* might need to update MTU here, but we don't know

-			 * which previous packet caused the failure -- so can't

-			 * really retransmit anything.  continue as if everything

-			 * is fine and wait for an alert to handle the

-			 * retransmit

-			 */

-			if ( BIO_ctrl(SSL_get_wbio(s),

-				BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))

-				s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),

-					BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

-			else

-				return(-1);

-			}

-		else

-			{

-			/* bad if this assert fails, only part of the handshake

-			 * message got sent.  but why would this happen? */

-			OPENSSL_assert(len == (unsigned int)ret);

-			if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)

-				{

-				/* should not be done for 'Hello Request's, but in that case

-				 * we'll ignore the result anyway */

-				unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];

-				const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

-				int xlen;

-				if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)

-					{

-					/* reconstruct message header is if it

-					 * is being sent in single fragment */

-					*p++ = msg_hdr->type;

-					l2n3(msg_hdr->msg_len,p);

-					s2n (msg_hdr->seq,p);

-					l2n3(0,p);

-					l2n3(msg_hdr->msg_len,p);

-					p  -= DTLS1_HM_HEADER_LENGTH;

-					xlen = ret;

-					}

-				else

-					{

-					p  += DTLS1_HM_HEADER_LENGTH;

-					xlen = ret - DTLS1_HM_HEADER_LENGTH;

-					}

-				ssl3_finish_mac(s, p, xlen);

-				}

-			if (ret == s->init_num)

-				{

-				if (s->msg_callback)

-					s->msg_callback(1, s->version, type, s->init_buf->data,

-						(size_t)(s->init_off + s->init_num), s,

-						s->msg_callback_arg);

-				s->init_off = 0;  /* done writing this message */

-				s->init_num = 0;

-				return(1);

-				}

-			s->init_off+=ret;

-			s->init_num-=ret;

-			frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);

-			}

-		}

-	return(0);

-	}

-/* Obtain handshake message of message type 'mt' (any if mt == -1),

- * maximum acceptable body length 'max'.

- * Read an entire handshake message.  Handshake messages arrive in

- * fragments.

- */

-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)

-	{

-	int i, al;

-	struct hm_header_st *msg_hdr;

-	/* s3->tmp is used to store messages that are unexpected, caused

-	 * by the absence of an optional handshake message */

-	if (s->s3->tmp.reuse_message)

-		{

-		s->s3->tmp.reuse_message=0;

-		if ((mt >= 0) && (s->s3->tmp.message_type != mt))

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);

-			goto f_err;

-			}

-		*ok=1;

-		s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;

-		s->init_num = (int)s->s3->tmp.message_size;

-		return s->init_num;

-		}

-	msg_hdr = &s->d1->r_msg_hdr;

-	do

-		{

-		if ( msg_hdr->frag_off == 0)

-			{

-			/* s->d1->r_message_header.msg_len = 0; */

-			memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

-			}

-		i = dtls1_get_message_fragment(s, st1, stn, max, ok);

-		if ( i == DTLS1_HM_BAD_FRAGMENT ||

-			i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */

-			continue;

-		else if ( i <= 0 && !*ok)

-			return i;

-		/* Note that s->init_sum is used as a counter summing

-		 * up fragments' lengths: as soon as they sum up to

-		 * handshake packet length, we assume we have got all

-		 * the fragments. Overlapping fragments would cause

-		 * premature termination, so we don't expect overlaps.

-		 * Well, handling overlaps would require something more

-		 * drastic. Indeed, as it is now there is no way to

-		 * tell if out-of-order fragment from the middle was

-		 * the last. '>=' is the best/least we can do to control

-		 * the potential damage caused by malformed overlaps. */

-		if ((unsigned int)s->init_num >= msg_hdr->msg_len)

-			{

-			unsigned char *p = (unsigned char *)s->init_buf->data;

-			unsigned long msg_len = msg_hdr->msg_len;

-			/* reconstruct message header as if it was

-			 * sent in single fragment */

-			*(p++) = msg_hdr->type;

-			l2n3(msg_len,p);

-			s2n (msg_hdr->seq,p);

-			l2n3(0,p);

-			l2n3(msg_len,p);

-			if (s->client_version != DTLS1_BAD_VER)

-				p       -= DTLS1_HM_HEADER_LENGTH,

-				msg_len += DTLS1_HM_HEADER_LENGTH;

-			ssl3_finish_mac(s, p, msg_len);

-			if (s->msg_callback)

-				s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,

-					p, msg_len,

-					s, s->msg_callback_arg);

-			memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

-			s->d1->handshake_read_seq++;

-			/* we just read a handshake message from the other side:

-			 * this means that we don't need to retransmit of the

-			 * buffered messages.

-			 * XDTLS: may be able clear out this

-			 * buffer a little sooner (i.e if an out-of-order

-			 * handshake message/record is received at the record

-			 * layer.

-			 * XDTLS: exception is that the server needs to

-			 * know that change cipher spec and finished messages

-			 * have been received by the client before clearing this

-			 * buffer.  this can simply be done by waiting for the

-			 * first data  segment, but is there a better way?  */

-			dtls1_clear_record_buffer(s);

-			s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;

-			return s->init_num;

-			}

-		else

-			msg_hdr->frag_off = i;

-		} while(1) ;

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-	*ok = 0;

-	return -1;

-	}

-static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)

-	{

-	size_t frag_off,frag_len,msg_len;

-	msg_len  = msg_hdr->msg_len;

-	frag_off = msg_hdr->frag_off;

-	frag_len = msg_hdr->frag_len;

-	/* sanity checking */

-	if ( (frag_off+frag_len) > msg_len)

-		{

-		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);

-		return SSL_AD_ILLEGAL_PARAMETER;

-		}

-	if ( (frag_off+frag_len) > (unsigned long)max)

-		{

-		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);

-		return SSL_AD_ILLEGAL_PARAMETER;

-		}

-	if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */

-		{

-		/* msg_len is limited to 2^24, but is effectively checked

-		 * against max above */

-		if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))

-			{

-			SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);

-			return SSL_AD_INTERNAL_ERROR;

-			}

-		s->s3->tmp.message_size  = msg_len;

-		s->d1->r_msg_hdr.msg_len = msg_len;

-		s->s3->tmp.message_type  = msg_hdr->type;

-		s->d1->r_msg_hdr.type    = msg_hdr->type;

-		s->d1->r_msg_hdr.seq     = msg_hdr->seq;

-		}

-	else if (msg_len != s->d1->r_msg_hdr.msg_len)

-		{

-		/* They must be playing with us! BTW, failure to enforce

-		 * upper limit would open possibility for buffer overrun. */

-		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);

-		return SSL_AD_ILLEGAL_PARAMETER;

-		}

-	return 0; /* no error */

-	}

-static int

-dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)

-	{

-	/* (0) check whether the desired fragment is available

-	 * if so:

-	 * (1) copy over the fragment to s->init_buf->data[]

-	 * (2) update s->init_num

-	 */

-	pitem *item;

-	hm_fragment *frag;

-	int al;

-	*ok = 0;

-	item = pqueue_peek(s->d1->buffered_messages);

-	if ( item == NULL)

-		return 0;

-	frag = (hm_fragment *)item->data;

-	if ( s->d1->handshake_read_seq == frag->msg_header.seq)

-		{

-		pqueue_pop(s->d1->buffered_messages);

-		al=dtls1_preprocess_fragment(s,&frag->msg_header,max);

-		if (al==0) /* no alert */

-			{

-			unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;

-			memcpy(&p[frag->msg_header.frag_off],

-				frag->fragment,frag->msg_header.frag_len);

-			}

-		dtls1_hm_fragment_free(frag);

-		pitem_free(item);

-		if (al==0)

-			{

-			*ok = 1;

-			return frag->msg_header.frag_len;

-			}

-		ssl3_send_alert(s,SSL3_AL_FATAL,al);

-		s->init_num = 0;

-		*ok = 0;

-		return -1;

-		}

-	else

-		return 0;

-	}

-static int

-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)

-{

-	int i=-1;

-	hm_fragment *frag = NULL;

-	pitem *item = NULL;

-	PQ_64BIT seq64;

-	unsigned long frag_len = msg_hdr->frag_len;

-	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)

-		goto err;

-	if (msg_hdr->seq <= s->d1->handshake_read_seq)

-		{

-		unsigned char devnull [256];

-		while (frag_len)

-			{

-			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,

-				devnull,

-				frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);

-			if (i<=0) goto err;

-			frag_len -= i;

-			}

-		}

-	frag = dtls1_hm_fragment_new(frag_len);

-	if ( frag == NULL)

-		goto err;

-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));

-	if (frag_len)

-		{

-		/* read the body of the fragment (header has already been read */

-		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,

-			frag->fragment,frag_len,0);

-		if (i<=0 || (unsigned long)i!=frag_len)

-			goto err;

-		}

-	pq_64bit_init(&seq64);

-	pq_64bit_assign_word(&seq64, msg_hdr->seq);

-	item = pitem_new(seq64, frag);

-	pq_64bit_free(&seq64);

-	if ( item == NULL)

-		goto err;

-	pqueue_insert(s->d1->buffered_messages, item);

-	return DTLS1_HM_FRAGMENT_RETRY;

-err:

-	if ( frag != NULL) dtls1_hm_fragment_free(frag);

-	if ( item != NULL) OPENSSL_free(item);

-	*ok = 0;

-	return i;

-	}

-static long

-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)

-	{

-	unsigned char wire[DTLS1_HM_HEADER_LENGTH];

-	unsigned long l, frag_off, frag_len;

-	int i,al;

-	struct hm_header_st msg_hdr;

-	/* see if we have the required fragment already */

-	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)

-		{

-		if (*ok)	s->init_num += frag_len;

-		return frag_len;

-		}

-	/* read handshake message header */

-	i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,

-		DTLS1_HM_HEADER_LENGTH, 0);

-	if (i <= 0) 	/* nbio, or an error */

-		{

-		s->rwstate=SSL_READING;

-		*ok = 0;

-		return i;

-		}

-	OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);

-	/* parse the message fragment header */

-	dtls1_get_message_header(wire, &msg_hdr);

-	/*

-	 * if this is a future (or stale) message it gets buffered

-	 * (or dropped)--no further processing at this time

-	 */

-	if ( msg_hdr.seq != s->d1->handshake_read_seq)

-		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);

-	l = msg_hdr.msg_len;

-	frag_off = msg_hdr.frag_off;

-	frag_len = msg_hdr.frag_len;

-	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&

-		wire[0] == SSL3_MT_HELLO_REQUEST)

-		{

-		/* The server may always send 'Hello Request' messages --

-		 * we are doing a handshake anyway now, so ignore them

-		 * if their format is correct. Does not count for

-		 * 'Finished' MAC. */

-		if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)

-			{

-			if (s->msg_callback)

-				s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,

-					wire, DTLS1_HM_HEADER_LENGTH, s,

-					s->msg_callback_arg);

-			s->init_num = 0;

-			return dtls1_get_message_fragment(s, st1, stn,

-				max, ok);

-			}

-		else /* Incorrectly formated Hello request */

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);

-			goto f_err;

-			}

-		}

-	if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))

-		goto f_err;

-	/* XDTLS:  ressurect this when restart is in place */

-	s->state=stn;

-	if ( frag_len > 0)

-		{

-		unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;

-		i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,

-			&p[frag_off],frag_len,0);

-		/* XDTLS:  fix this--message fragments cannot span multiple packets */

-		if (i <= 0)

-			{

-			s->rwstate=SSL_READING;

-			*ok = 0;

-			return i;

-			}

-		}

-	else

-		i = 0;

-	/* XDTLS:  an incorrectly formatted fragment should cause the

-	 * handshake to fail */

-	OPENSSL_assert(i == (int)frag_len);

-	*ok = 1;

-	/* Note that s->init_num is *not* used as current offset in

-	 * s->init_buf->data, but as a counter summing up fragments'

-	 * lengths: as soon as they sum up to handshake packet

-	 * length, we assume we have got all the fragments. */

-	s->init_num += frag_len;

-	return frag_len;

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-	s->init_num = 0;

-	*ok=0;

-	return(-1);

-	}

-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)

-	{

-	unsigned char *p,*d;

-	int i;

-	unsigned long l;

-	if (s->state == a)

-		{

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[DTLS1_HM_HEADER_LENGTH]);

-		i=s->method->ssl3_enc->final_finish_mac(s,

-			&(s->s3->finish_dgst1),

-			&(s->s3->finish_dgst2),

-			sender,slen,s->s3->tmp.finish_md);

-		s->s3->tmp.finish_md_len = i;

-		memcpy(p, s->s3->tmp.finish_md, i);

-		p+=i;

-		l=i;

-#ifdef OPENSSL_SYS_WIN16

-		/* MSVC 1.5 does not clear the top bytes of the word unless

-		 * I do this.

-		 */

-		l&=0xffff;

-#endif

-		d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);

-		s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		s->state=b;

-		}

-	/* SSL3_ST_SEND_xxxxxx_HELLO_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-/* for these 2 messages, we need to

- * ssl->enc_read_ctx			re-init

- * ssl->s3->read_sequence		zero

- * ssl->s3->read_mac_secret		re-init

- * ssl->session->read_sym_enc		assign

- * ssl->session->read_compression	assign

- * ssl->session->read_hash		assign

- */

-int dtls1_send_change_cipher_spec(SSL *s, int a, int b)

-	{

-	unsigned char *p;

-	if (s->state == a)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*p++=SSL3_MT_CCS;

-		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;

-		s->init_num=DTLS1_CCS_HEADER_LENGTH;

-		if (s->client_version == DTLS1_BAD_VER)

-			{

-			s->d1->next_handshake_write_seq++;

-			s2n(s->d1->handshake_write_seq,p);

-			s->init_num+=2;

-			}

-		s->init_off=0;

-		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,

-			s->d1->handshake_write_seq, 0, 0);

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 1);

-		s->state=b;

-		}

-	/* SSL3_ST_CW_CHANGE_B */

-	return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

-	}

-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)

-	{

-	unsigned char *p;

-	int n,i;

-	unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;

-	BUF_MEM *buf;

-	X509_STORE_CTX xs_ctx;

-	X509_OBJECT obj;

-	/* TLSv1 sends a chain with nothing in it, instead of an alert */

-	buf=s->init_buf;

-	if (!BUF_MEM_grow_clean(buf,10))

-		{

-		SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

-		return(0);

-		}

-	if (x != NULL)

-		{

-		if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))

-			{

-			SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);

-			return(0);

-			}

-		for (;;)

-			{

-			n=i2d_X509(x,NULL);

-			if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))

-				{

-				SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

-				return(0);

-				}

-			p=(unsigned char *)&(buf->data[l]);

-			l2n3(n,p);

-			i2d_X509(x,&p);

-			l+=n+3;

-			if (X509_NAME_cmp(X509_get_subject_name(x),

-				X509_get_issuer_name(x)) == 0) break;

-			i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,

-				X509_get_issuer_name(x),&obj);

-			if (i <= 0) break;

-			x=obj.data.x509;

-			/* Count is one too high since the X509_STORE_get uped the

-			 * ref count */

-			X509_free(x);

-			}

-		X509_STORE_CTX_cleanup(&xs_ctx);

-		}

-	/* Thawte special :-) */

-	if (s->ctx->extra_certs != NULL)

-	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)

-		{

-		x=sk_X509_value(s->ctx->extra_certs,i);

-		n=i2d_X509(x,NULL);

-		if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))

-			{

-			SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

-			return(0);

-			}

-		p=(unsigned char *)&(buf->data[l]);

-		l2n3(n,p);

-		i2d_X509(x,&p);

-		l+=n+3;

-		}

-	l-= (3 + DTLS1_HM_HEADER_LENGTH);

-	p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);

-	l2n3(l,p);

-	l+=3;

-	p=(unsigned char *)&(buf->data[0]);

-	p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);

-	l+=DTLS1_HM_HEADER_LENGTH;

-	return(l);

-	}

-int dtls1_read_failed(SSL *s, int code)

-	{

-	DTLS1_STATE *state;

-	BIO *bio;

-	int send_alert = 0;

-	if ( code > 0)

-		{

-		fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);

-		return 1;

-		}

-	bio = SSL_get_rbio(s);

-	if ( ! BIO_dgram_recv_timedout(bio))

-		{

-		/* not a timeout, none of our business,

-		   let higher layers handle this.  in fact it's probably an error */

-		return code;

-		}

-	if ( ! SSL_in_init(s))  /* done, no need to send a retransmit */

-		{

-		BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);

-		return code;

-		}

-	state = s->d1;

-	state->timeout.num_alerts++;

-	if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)

-		{

-		/* fail the connection, enough alerts have been sent */

-		SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);

-		return 0;

-		}

-	state->timeout.read_timeouts++;

-	if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)

-		{

-		send_alert = 1;

-		state->timeout.read_timeouts = 1;

-		}

-#if 0 /* for now, each alert contains only one record number */

-	item = pqueue_peek(state->rcvd_records);

-	if ( item )

-		{

-		/* send an alert immediately for all the missing records */

-		}

-	else

-#endif

-#if 0  /* no more alert sending, just retransmit the last set of messages */

-		if ( send_alert)

-			ssl3_send_alert(s,SSL3_AL_WARNING,

-				DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);

-#endif

-	return dtls1_retransmit_buffered_messages(s) ;

-	}

-static int

-dtls1_retransmit_buffered_messages(SSL *s)

-	{

-	pqueue sent = s->d1->sent_messages;

-	piterator iter;

-	pitem *item;

-	hm_fragment *frag;

-	int found = 0;

-	iter = pqueue_iterator(sent);

-	for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))

-		{

-		frag = (hm_fragment *)item->data;

-		if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 &&

-			found)

-			{

-			fprintf(stderr, "dtls1_retransmit_message() failed\n");

-			return -1;

-			}

-		}

-	return 1;

-	}

-int

-dtls1_buffer_message(SSL *s, int is_ccs)

-	{

-	pitem *item;

-	hm_fragment *frag;

-	PQ_64BIT seq64;

-	unsigned int epoch = s->d1->w_epoch;

-	/* this function is called immediately after a message has

-	 * been serialized */

-	OPENSSL_assert(s->init_off == 0);

-	frag = dtls1_hm_fragment_new(s->init_num);

-	memcpy(frag->fragment, s->init_buf->data, s->init_num);

-	if ( is_ccs)

-		{

-		OPENSSL_assert(s->d1->w_msg_hdr.msg_len +

-			DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);

-		epoch++;

-		}

-	else

-		{

-		OPENSSL_assert(s->d1->w_msg_hdr.msg_len +

-			DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);

-		}

-	frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;

-	frag->msg_header.seq = s->d1->w_msg_hdr.seq;

-	frag->msg_header.type = s->d1->w_msg_hdr.type;

-	frag->msg_header.frag_off = 0;

-	frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;

-	frag->msg_header.is_ccs = is_ccs;

-	pq_64bit_init(&seq64);

-	pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq);

-	item = pitem_new(seq64, frag);

-	pq_64bit_free(&seq64);

-	if ( item == NULL)

-		{

-		dtls1_hm_fragment_free(frag);

-		return 0;

-		}

-#if 0

-	fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);

-	fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);

-	fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);

-#endif

-	pqueue_insert(s->d1->sent_messages, item);

-	return 1;

-	}

-int

-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,

-	int *found)

-	{

-	int ret;

-	/* XDTLS: for now assuming that read/writes are blocking */

-	pitem *item;

-	hm_fragment *frag ;

-	unsigned long header_length;

-	PQ_64BIT seq64;

-	/*

-	  OPENSSL_assert(s->init_num == 0);

-	  OPENSSL_assert(s->init_off == 0);

-	 */

-	/* XDTLS:  the requested message ought to be found, otherwise error */

-	pq_64bit_init(&seq64);

-	pq_64bit_assign_word(&seq64, seq);

-	item = pqueue_find(s->d1->sent_messages, seq64);

-	pq_64bit_free(&seq64);

-	if ( item == NULL)

-		{

-		fprintf(stderr, "retransmit:  message %d non-existant\n", seq);

-		*found = 0;

-		return 0;

-		}

-	*found = 1;

-	frag = (hm_fragment *)item->data;

-	if ( frag->msg_header.is_ccs)

-		header_length = DTLS1_CCS_HEADER_LENGTH;

-	else

-		header_length = DTLS1_HM_HEADER_LENGTH;

-	memcpy(s->init_buf->data, frag->fragment,

-		frag->msg_header.msg_len + header_length);

-		s->init_num = frag->msg_header.msg_len + header_length;

-	dtls1_set_message_header_int(s, frag->msg_header.type,

-		frag->msg_header.msg_len, frag->msg_header.seq, 0,

-		frag->msg_header.frag_len);

-	s->d1->retransmitting = 1;

-	ret = dtls1_do_write(s, frag->msg_header.is_ccs ?

-		SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);

-	s->d1->retransmitting = 0;

-	(void)BIO_flush(SSL_get_wbio(s));

-	return ret;

-	}

-/* call this function when the buffered messages are no longer needed */

-void

-dtls1_clear_record_buffer(SSL *s)

-	{

-	pitem *item;

-	for(item = pqueue_pop(s->d1->sent_messages);

-		item != NULL; item = pqueue_pop(s->d1->sent_messages))

-		{

-		dtls1_hm_fragment_free((hm_fragment *)item->data);

-		pitem_free(item);

-		}

-	}

-unsigned char *

-dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,

-			unsigned long len, unsigned long frag_off, unsigned long frag_len)

-	{

-	if ( frag_off == 0)

-		{

-		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;

-		s->d1->next_handshake_write_seq++;

-		}

-	dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,

-		frag_off, frag_len);

-	return p += DTLS1_HM_HEADER_LENGTH;

-	}

-/* don't actually do the writing, wait till the MTU has been retrieved */

-static void

-dtls1_set_message_header_int(SSL *s, unsigned char mt,

-			    unsigned long len, unsigned short seq_num, unsigned long frag_off,

-			    unsigned long frag_len)

-	{

-	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

-	msg_hdr->type = mt;

-	msg_hdr->msg_len = len;

-	msg_hdr->seq = seq_num;

-	msg_hdr->frag_off = frag_off;

-	msg_hdr->frag_len = frag_len;

-	}

-static void

-dtls1_fix_message_header(SSL *s, unsigned long frag_off,

-			unsigned long frag_len)

-	{

-	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

-	msg_hdr->frag_off = frag_off;

-	msg_hdr->frag_len = frag_len;

-	}

-static unsigned char *

-dtls1_write_message_header(SSL *s, unsigned char *p)

-	{

-	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

-	*p++ = msg_hdr->type;

-	l2n3(msg_hdr->msg_len, p);

-	s2n(msg_hdr->seq, p);

-	l2n3(msg_hdr->frag_off, p);

-	l2n3(msg_hdr->frag_len, p);

-	return p;

-	}

-static unsigned int

-dtls1_min_mtu(void)

-	{

-	return (g_probable_mtu[(sizeof(g_probable_mtu) /

-		sizeof(g_probable_mtu[0])) - 1]);

-	}

-static unsigned int

-dtls1_guess_mtu(unsigned int curr_mtu)

-	{

-	size_t i;

-	if ( curr_mtu == 0 )

-		return g_probable_mtu[0] ;

-	for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)

-		if ( curr_mtu > g_probable_mtu[i])

-			return g_probable_mtu[i];

-	return curr_mtu;

-	}

-void

-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)

-	{

-	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

-	msg_hdr->type = *(data++);

-	n2l3(data, msg_hdr->msg_len);

-	n2s(data, msg_hdr->seq);

-	n2l3(data, msg_hdr->frag_off);

-	n2l3(data, msg_hdr->frag_len);

-	}

-void

-dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)

-	{

-	memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));

-	ccs_hdr->type = *(data++);

-	}

--- a/sys/src/ape/lib/openssl/ssl/d1_clnt.c

+++ /dev/null

@@ -1,1156 +1,0 @@

-/* ssl/d1_clnt.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include "kssl_lcl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/md5.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-static SSL_METHOD *dtls1_get_client_method(int ver);

-static int dtls1_get_hello_verify(SSL *s);

-static SSL_METHOD *dtls1_get_client_method(int ver)

-	{

-	if (ver == DTLS1_VERSION)

-		return(DTLSv1_client_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,

-			ssl_undefined_function,

-			dtls1_connect,

-			dtls1_get_client_method)

-int dtls1_connect(SSL *s)

-	{

-	BUF_MEM *buf=NULL;

-	unsigned long Time=(unsigned long)time(NULL),l;

-	long num1;

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	int ret= -1;

-	int new_state,state,skip=0;;

-	RAND_add(&Time,sizeof(Time),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	for (;;)

-		{

-		state=s->state;

-		switch(s->state)

-			{

-		case SSL_ST_RENEGOTIATE:

-			s->new_session=1;

-			s->state=SSL_ST_CONNECT;

-			s->ctx->stats.sess_connect_renegotiate++;

-			/* break */

-		case SSL_ST_BEFORE:

-		case SSL_ST_CONNECT:

-		case SSL_ST_BEFORE|SSL_ST_CONNECT:

-		case SSL_ST_OK|SSL_ST_CONNECT:

-			s->server=0;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))

-				{

-				SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);

-				ret = -1;

-				goto end;

-				}

-			/* s->version=SSL3_VERSION; */

-			s->type=SSL_ST_CONNECT;

-			if (s->init_buf == NULL)

-				{

-				if ((buf=BUF_MEM_new()) == NULL)

-					{

-					ret= -1;

-					goto end;

-					}

-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))

-					{

-					ret= -1;

-					goto end;

-					}

-				s->init_buf=buf;

-				buf=NULL;

-				}

-			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }

-			/* setup buffing BIO */

-			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }

-			/* don't push the buffering BIO quite yet */

-			s->state=SSL3_ST_CW_CLNT_HELLO_A;

-			s->ctx->stats.sess_connect++;

-			s->init_num=0;

-			/* mark client_random uninitialized */

-			memset(s->s3->client_random,0,sizeof(s->s3->client_random));

-			break;

-		case SSL3_ST_CW_CLNT_HELLO_A:

-		case SSL3_ST_CW_CLNT_HELLO_B:

-			s->shutdown=0;

-			/* every DTLS ClientHello resets Finished MAC */

-			ssl3_init_finished_mac(s);

-			ret=dtls1_client_hello(s);

-			if (ret <= 0) goto end;

-			if ( s->d1->send_cookie)

-				{

-				s->state=SSL3_ST_CW_FLUSH;

-				s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;

-				}

-			else

-				s->state=SSL3_ST_CR_SRVR_HELLO_A;

-			s->init_num=0;

-			/* turn on buffering for the next lot of output */

-			if (s->bbio != s->wbio)

-				s->wbio=BIO_push(s->bbio,s->wbio);

-			break;

-		case SSL3_ST_CR_SRVR_HELLO_A:

-		case SSL3_ST_CR_SRVR_HELLO_B:

-			ret=ssl3_get_server_hello(s);

-			if (ret <= 0) goto end;

-			else

-				{

-				if (s->hit)

-					s->state=SSL3_ST_CR_FINISHED_A;

-				else

-					s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;

-				}

-			s->init_num=0;

-			break;

-		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:

-		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:

-			ret = dtls1_get_hello_verify(s);

-			if ( ret <= 0)

-				goto end;

-			if ( s->d1->send_cookie) /* start again, with a cookie */

-				s->state=SSL3_ST_CW_CLNT_HELLO_A;

-			else

-				s->state = SSL3_ST_CR_CERT_A;

-			s->init_num = 0;

-			break;

-		case SSL3_ST_CR_CERT_A:

-		case SSL3_ST_CR_CERT_B:

-			/* Check if it is anon DH */

-			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))

-				{

-				ret=ssl3_get_server_certificate(s);

-				if (ret <= 0) goto end;

-				}

-			else

-				skip=1;

-			s->state=SSL3_ST_CR_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CR_KEY_EXCH_A:

-		case SSL3_ST_CR_KEY_EXCH_B:

-			ret=ssl3_get_key_exchange(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CR_CERT_REQ_A;

-			s->init_num=0;

-			/* at this point we check that we have the

-			 * required stuff from the server */

-			if (!ssl3_check_cert_and_algorithm(s))

-				{

-				ret= -1;

-				goto end;

-				}

-			break;

-		case SSL3_ST_CR_CERT_REQ_A:

-		case SSL3_ST_CR_CERT_REQ_B:

-			ret=ssl3_get_certificate_request(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CR_SRVR_DONE_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CR_SRVR_DONE_A:

-		case SSL3_ST_CR_SRVR_DONE_B:

-			ret=ssl3_get_server_done(s);

-			if (ret <= 0) goto end;

-			if (s->s3->tmp.cert_req)

-				s->state=SSL3_ST_CW_CERT_A;

-			else

-				s->state=SSL3_ST_CW_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_CERT_A:

-		case SSL3_ST_CW_CERT_B:

-		case SSL3_ST_CW_CERT_C:

-		case SSL3_ST_CW_CERT_D:

-			ret=dtls1_send_client_certificate(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_KEY_EXCH_A:

-		case SSL3_ST_CW_KEY_EXCH_B:

-			ret=dtls1_send_client_key_exchange(s);

-			if (ret <= 0) goto end;

-			l=s->s3->tmp.new_cipher->algorithms;

-			/* EAY EAY EAY need to check for DH fix cert

-			 * sent back */

-			/* For TLS, cert_req is set to 2, so a cert chain

-			 * of nothing is sent, but no verify packet is sent */

-			if (s->s3->tmp.cert_req == 1)

-				{

-				s->state=SSL3_ST_CW_CERT_VRFY_A;

-				}

-			else

-				{

-				s->state=SSL3_ST_CW_CHANGE_A;

-				s->s3->change_cipher_spec=0;

-				}

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_CERT_VRFY_A:

-		case SSL3_ST_CW_CERT_VRFY_B:

-			ret=dtls1_send_client_verify(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_CHANGE_A;

-			s->init_num=0;

-			s->s3->change_cipher_spec=0;

-			break;

-		case SSL3_ST_CW_CHANGE_A:

-		case SSL3_ST_CW_CHANGE_B:

-			ret=dtls1_send_change_cipher_spec(s,

-				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_FINISHED_A;

-			s->init_num=0;

-			s->session->cipher=s->s3->tmp.new_cipher;

-#ifdef OPENSSL_NO_COMP

-			s->session->compress_meth=0;

-#else

-			if (s->s3->tmp.new_compression == NULL)

-				s->session->compress_meth=0;

-			else

-				s->session->compress_meth=

-					s->s3->tmp.new_compression->id;

-#endif

-			if (!s->method->ssl3_enc->setup_key_block(s))

-				{

-				ret= -1;

-				goto end;

-				}

-			if (!s->method->ssl3_enc->change_cipher_state(s,

-				SSL3_CHANGE_CIPHER_CLIENT_WRITE))

-				{

-				ret= -1;

-				goto end;

-				}

-			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);

-			break;

-		case SSL3_ST_CW_FINISHED_A:

-		case SSL3_ST_CW_FINISHED_B:

-			ret=dtls1_send_finished(s,

-				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,

-				s->method->ssl3_enc->client_finished_label,

-				s->method->ssl3_enc->client_finished_label_len);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_FLUSH;

-			/* clear flags */

-			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;

-			if (s->hit)

-				{

-				s->s3->tmp.next_state=SSL_ST_OK;

-				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)

-					{

-					s->state=SSL_ST_OK;

-					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;

-					s->s3->delay_buf_pop_ret=0;

-					}

-				}

-			else

-				{

-				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;

-				}

-			s->init_num=0;

-			/* mark client_random uninitialized */

-			memset (s->s3->client_random,0,sizeof(s->s3->client_random));

-			break;

-		case SSL3_ST_CR_FINISHED_A:

-		case SSL3_ST_CR_FINISHED_B:

-			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,

-				SSL3_ST_CR_FINISHED_B);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL3_ST_CW_CHANGE_A;

-			else

-				s->state=SSL_ST_OK;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_FLUSH:

-			/* number of bytes to be flushed */

-			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);

-			if (num1 > 0)

-				{

-				s->rwstate=SSL_WRITING;

-				num1=BIO_flush(s->wbio);

-				if (num1 <= 0) { ret= -1; goto end; }

-				s->rwstate=SSL_NOTHING;

-				}

-			s->state=s->s3->tmp.next_state;

-			break;

-		case SSL_ST_OK:

-			/* clean a few things up */

-			ssl3_cleanup_key_block(s);

-#if 0

-			if (s->init_buf != NULL)

-				{

-				BUF_MEM_free(s->init_buf);

-				s->init_buf=NULL;

-				}

-#endif

-			/* If we are not 'joining' the last two packets,

-			 * remove the buffering now */

-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))

-				ssl_free_wbio_buffer(s);

-			/* else do it later in ssl3_write */

-			s->init_num=0;

-			s->new_session=0;

-			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);

-			if (s->hit) s->ctx->stats.sess_hit++;

-			ret=1;

-			/* s->server=0; */

-			s->handshake_func=dtls1_connect;

-			s->ctx->stats.sess_connect_good++;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);

-			/* done with handshaking */

-			s->d1->handshake_read_seq  = 0;

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* break; */

-			}

-		/* did we do anything */

-		if (!s->s3->tmp.reuse_message && !skip)

-			{

-			if (s->debug)

-				{

-				if ((ret=BIO_flush(s->wbio)) <= 0)

-					goto end;

-				}

-			if ((cb != NULL) && (s->state != state))

-				{

-				new_state=s->state;

-				s->state=state;

-				cb(s,SSL_CB_CONNECT_LOOP,1);

-				s->state=new_state;

-				}

-			}

-		skip=0;

-		}

-end:

-	s->in_handshake--;

-	if (buf != NULL)

-		BUF_MEM_free(buf);

-	if (cb != NULL)

-		cb(s,SSL_CB_CONNECT_EXIT,ret);

-	return(ret);

-	}

-int dtls1_client_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	unsigned int i,j;

-	unsigned long Time,l;

-	SSL_COMP *comp;

-	buf=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)

-		{

-		if ((s->session == NULL) ||

-			(s->session->ssl_version != s->version) ||

-			(s->session->not_resumable))

-			{

-			if (!ssl_get_new_session(s,0))

-				goto err;

-			}

-		/* else use the pre-loaded session */

-		p=s->s3->client_random;

-		/* if client_random is initialized, reuse it, we are

-		 * required to use same upon reply to HelloVerify */

-		for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;

-		if (i==sizeof(s->s3->client_random))

-			{

-			Time=(unsigned long)time(NULL);	/* Time */

-			l2n(Time,p);

-			RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);

-			}

-		/* Do the message type and length last */

-		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

-		*(p++)=s->version>>8;

-		*(p++)=s->version&0xff;

-		s->client_version=s->version;

-		/* Random stuff */

-		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);

-		p+=SSL3_RANDOM_SIZE;

-		/* Session ID */

-		if (s->new_session)

-			i=0;

-		else

-			i=s->session->session_id_length;

-		*(p++)=i;

-		if (i != 0)

-			{

-			if (i > sizeof s->session->session_id)

-				{

-				SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			memcpy(p,s->session->session_id,i);

-			p+=i;

-			}

-		/* cookie stuff */

-		if ( s->d1->cookie_len > sizeof(s->d1->cookie))

-			{

-			SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		*(p++) = s->d1->cookie_len;

-		memcpy(p, s->d1->cookie, s->d1->cookie_len);

-		p += s->d1->cookie_len;

-		/* Ciphers supported */

-		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

-			goto err;

-			}

-		s2n(i,p);

-		p+=i;

-		/* COMPRESSION */

-		if (s->ctx->comp_methods == NULL)

-			j=0;

-		else

-			j=sk_SSL_COMP_num(s->ctx->comp_methods);

-		*(p++)=1+j;

-		for (i=0; i<j; i++)

-			{

-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);

-			*(p++)=comp->id;

-			}

-		*(p++)=0; /* Add the NULL method */

-		l=(p-d);

-		d=buf;

-		d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);

-		s->state=SSL3_ST_CW_CLNT_HELLO_B;

-		/* number of bytes to write */

-		s->init_num=p-buf;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-static int dtls1_get_hello_verify(SSL *s)

-	{

-	int n, al, ok = 0;

-	unsigned char *data;

-	unsigned int cookie_len;

-	n=s->method->ssl_get_message(s,

-		DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,

-		DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)

-		{

-		s->d1->send_cookie = 0;

-		s->s3->tmp.reuse_message=1;

-		return(1);

-		}

-	data = (unsigned char *)s->init_msg;

-	if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))

-		{

-		SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);

-		s->version=(s->version&0xff00)|data[1];

-		al = SSL_AD_PROTOCOL_VERSION;

-		goto f_err;

-		}

-	data+=2;

-	cookie_len = *(data++);

-	if ( cookie_len > sizeof(s->d1->cookie))

-		{

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		goto f_err;

-		}

-	memcpy(s->d1->cookie, data, cookie_len);

-	s->d1->cookie_len = cookie_len;

-	s->d1->send_cookie = 1;

-	return 1;

-f_err:

-	ssl3_send_alert(s, SSL3_AL_FATAL, al);

-	return -1;

-	}

-int dtls1_send_client_key_exchange(SSL *s)

-	{

-	unsigned char *p,*d;

-	int n;

-	unsigned long l;

-#ifndef OPENSSL_NO_RSA

-	unsigned char *q;

-	EVP_PKEY *pkey=NULL;

-#endif

-#ifndef OPENSSL_NO_KRB5

-        KSSL_ERR kssl_err;

-#endif /* OPENSSL_NO_KRB5 */

-	if (s->state == SSL3_ST_CW_KEY_EXCH_A)

-		{

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[DTLS1_HM_HEADER_LENGTH]);

-		l=s->s3->tmp.new_cipher->algorithms;

-                /* Fool emacs indentation */

-                if (0) {}

-#ifndef OPENSSL_NO_RSA

-		else if (l & SSL_kRSA)

-			{

-			RSA *rsa;

-			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];

-			if (s->session->sess_cert->peer_rsa_tmp != NULL)

-				rsa=s->session->sess_cert->peer_rsa_tmp;

-			else

-				{

-				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);

-				if ((pkey == NULL) ||

-					(pkey->type != EVP_PKEY_RSA) ||

-					(pkey->pkey.rsa == NULL))

-					{

-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

-					goto err;

-					}

-				rsa=pkey->pkey.rsa;

-				EVP_PKEY_free(pkey);

-				}

-			tmp_buf[0]=s->client_version>>8;

-			tmp_buf[1]=s->client_version&0xff;

-			if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)

-					goto err;

-			s->session->master_key_length=sizeof tmp_buf;

-			q=p;

-			/* Fix buf for TLS and [incidentally] DTLS */

-			if (s->version > SSL3_VERSION)

-				p+=2;

-			n=RSA_public_encrypt(sizeof tmp_buf,

-				tmp_buf,p,rsa,RSA_PKCS1_PADDING);

-#ifdef PKCS1_CHECK

-			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;

-			if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;

-#endif

-			if (n <= 0)

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);

-				goto err;

-				}

-			/* Fix buf for TLS and [incidentally] DTLS */

-			if (s->version > SSL3_VERSION)

-				{

-				s2n(n,q);

-				n+=2;

-				}

-			s->session->master_key_length=

-				s->method->ssl3_enc->generate_master_secret(s,

-					s->session->master_key,

-					tmp_buf,sizeof tmp_buf);

-			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);

-			}

-#endif

-#ifndef OPENSSL_NO_KRB5

-		else if (l & SSL_kKRB5)

-                        {

-                        krb5_error_code	krb5rc;

-                        KSSL_CTX	*kssl_ctx = s->kssl_ctx;

-                        /*  krb5_data	krb5_ap_req;  */

-                        krb5_data	*enc_ticket;

-                        krb5_data	authenticator, *authp = NULL;

-			EVP_CIPHER_CTX	ciph_ctx;

-			EVP_CIPHER	*enc = NULL;

-			unsigned char	iv[EVP_MAX_IV_LENGTH];

-			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];

-			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH

-						+ EVP_MAX_IV_LENGTH];

-			int 		padl, outl = sizeof(epms);

-			EVP_CIPHER_CTX_init(&ciph_ctx);

-#ifdef KSSL_DEBUG

-                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",

-                                l, SSL_kKRB5);

-#endif	/* KSSL_DEBUG */

-			authp = NULL;

-#ifdef KRB5SENDAUTH

-			if (KRB5SENDAUTH)  authp = &authenticator;

-#endif	/* KRB5SENDAUTH */

-                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,

-				&kssl_err);

-			enc = kssl_map_enc(kssl_ctx->enctype);

-                        if (enc == NULL)

-                            goto err;

-#ifdef KSSL_DEBUG

-                        {

-                        printf("kssl_cget_tkt rtn %d\n", krb5rc);

-                        if (krb5rc && kssl_err.text)

-			  printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);

-                        }

-#endif	/* KSSL_DEBUG */

-                        if (krb5rc)

-                                {

-                                ssl3_send_alert(s,SSL3_AL_FATAL,

-						SSL_AD_HANDSHAKE_FAILURE);

-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,

-						kssl_err.reason);

-                                goto err;

-                                }

-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ

-			**  in place of RFC 2712 KerberosWrapper, as in:

-			**

-                        **  Send ticket (copy to *p, set n = length)

-                        **  n = krb5_ap_req.length;

-                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);

-                        **  if (krb5_ap_req.data)

-                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);

-                        **

-			**  Now using real RFC 2712 KerberosWrapper

-			**  (Thanks to Simon Wilkinson <[email protected]>)

-			**  Note: 2712 "opaque" types are here replaced

-			**  with a 2-byte length followed by the value.

-			**  Example:

-			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms

-			**  Where "xx xx" = length bytes.  Shown here with

-			**  optional authenticator omitted.

-			*/

-			/*  KerberosWrapper.Ticket		*/

-			s2n(enc_ticket->length,p);

-			memcpy(p, enc_ticket->data, enc_ticket->length);

-			p+= enc_ticket->length;

-			n = enc_ticket->length + 2;

-			/*  KerberosWrapper.Authenticator	*/

-			if (authp  &&  authp->length)

-				{

-				s2n(authp->length,p);

-				memcpy(p, authp->data, authp->length);

-				p+= authp->length;

-				n+= authp->length + 2;

-				free(authp->data);

-				authp->data = NULL;

-				authp->length = 0;

-				}

-			else

-				{

-				s2n(0,p);/*  null authenticator length	*/

-				n+=2;

-				}

-			if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)

-			    goto err;

-			/*  20010420 VRS.  Tried it this way; failed.

-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);

-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,

-			**				kssl_ctx->length);

-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);

-			*/

-			memset(iv, 0, sizeof iv);  /* per RFC 1510 */

-			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,

-				kssl_ctx->key,iv);

-			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,

-				sizeof tmp_buf);

-			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);

-			outl += padl;

-			if (outl > sizeof epms)

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			EVP_CIPHER_CTX_cleanup(&ciph_ctx);

-			/*  KerberosWrapper.EncryptedPreMasterSecret	*/

-			s2n(outl,p);

-			memcpy(p, epms, outl);

-			p+=outl;

-			n+=outl + 2;

-                        s->session->master_key_length=

-                                s->method->ssl3_enc->generate_master_secret(s,

-					s->session->master_key,

-					tmp_buf, sizeof tmp_buf);

-			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);

-			OPENSSL_cleanse(epms, outl);

-                        }

-#endif

-#ifndef OPENSSL_NO_DH

-		else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

-			{

-			DH *dh_srvr,*dh_clnt;

-			if (s->session->sess_cert->peer_dh_tmp != NULL)

-				dh_srvr=s->session->sess_cert->peer_dh_tmp;

-			else

-				{

-				/* we get them from the cert */

-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);

-				goto err;

-				}

-			/* generate a new random key */

-			if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			if (!DH_generate_key(dh_clnt))

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			/* use the 'p' output buffer for the DH key, but

-			 * make sure to clear it out afterwards */

-			n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);

-			if (n <= 0)

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			/* generate master key from the result */

-			s->session->master_key_length=

-				s->method->ssl3_enc->generate_master_secret(s,

-					s->session->master_key,p,n);

-			/* clean up */

-			memset(p,0,n);

-			/* send off the data */

-			n=BN_num_bytes(dh_clnt->pub_key);

-			s2n(n,p);

-			BN_bn2bin(dh_clnt->pub_key,p);

-			n+=2;

-			DH_free(dh_clnt);

-			/* perhaps clean things up a bit EAY EAY EAY EAY*/

-			}

-#endif

-		else

-			{

-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);

-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		d = dtls1_set_message_header(s, d,

-		SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);

-		/*

-		 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;

-		 l2n3(n,d);

-		 l2n(s->d1->handshake_write_seq,d);

-		 s->d1->handshake_write_seq++;

-		*/

-		s->state=SSL3_ST_CW_KEY_EXCH_B;

-		/* number of bytes to write */

-		s->init_num=n+DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* SSL3_ST_CW_KEY_EXCH_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-int dtls1_send_client_verify(SSL *s)

-	{

-	unsigned char *p,*d;

-	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];

-	EVP_PKEY *pkey;

-#ifndef OPENSSL_NO_RSA

-	unsigned u=0;

-#endif

-	unsigned long n;

-#ifndef OPENSSL_NO_DSA

-	int j;

-#endif

-	if (s->state == SSL3_ST_CW_CERT_VRFY_A)

-		{

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[DTLS1_HM_HEADER_LENGTH]);

-		pkey=s->cert->key->privatekey;

-		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),

-			&(data[MD5_DIGEST_LENGTH]));

-#ifndef OPENSSL_NO_RSA

-		if (pkey->type == EVP_PKEY_RSA)

-			{

-			s->method->ssl3_enc->cert_verify_mac(s,

-				&(s->s3->finish_dgst1),&(data[0]));

-			if (RSA_sign(NID_md5_sha1, data,

-					 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,

-					&(p[2]), &u, pkey->pkey.rsa) <= 0 )

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);

-				goto err;

-				}

-			s2n(u,p);

-			n=u+2;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-			if (pkey->type == EVP_PKEY_DSA)

-			{

-			if (!DSA_sign(pkey->save_type,

-				&(data[MD5_DIGEST_LENGTH]),

-				SHA_DIGEST_LENGTH,&(p[2]),

-				(unsigned int *)&j,pkey->pkey.dsa))

-				{

-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);

-				goto err;

-				}

-			s2n(j,p);

-			n=j+2;

-			}

-		else

-#endif

-			{

-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		d = dtls1_set_message_header(s, d,

-			SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;

-		s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		s->state = SSL3_ST_CW_CERT_VRFY_B;

-		}

-	/* s->state = SSL3_ST_CW_CERT_VRFY_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-int dtls1_send_client_certificate(SSL *s)

-	{

-	X509 *x509=NULL;

-	EVP_PKEY *pkey=NULL;

-	int i;

-	unsigned long l;

-	if (s->state ==	SSL3_ST_CW_CERT_A)

-		{

-		if ((s->cert == NULL) ||

-			(s->cert->key->x509 == NULL) ||

-			(s->cert->key->privatekey == NULL))

-			s->state=SSL3_ST_CW_CERT_B;

-		else

-			s->state=SSL3_ST_CW_CERT_C;

-		}

-	/* We need to get a client cert */

-	if (s->state == SSL3_ST_CW_CERT_B)

-		{

-		/* If we get an error, we need to

-		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);

-		 * We then get retied later */

-		i=0;

-		if (s->ctx->client_cert_cb != NULL)

-			i=s->ctx->client_cert_cb(s,&(x509),&(pkey));

-		if (i < 0)

-			{

-			s->rwstate=SSL_X509_LOOKUP;

-			return(-1);

-			}

-		s->rwstate=SSL_NOTHING;

-		if ((i == 1) && (pkey != NULL) && (x509 != NULL))

-			{

-			s->state=SSL3_ST_CW_CERT_B;

-			if (	!SSL_use_certificate(s,x509) ||

-				!SSL_use_PrivateKey(s,pkey))

-				i=0;

-			}

-		else if (i == 1)

-			{

-			i=0;

-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);

-			}

-		if (x509 != NULL) X509_free(x509);

-		if (pkey != NULL) EVP_PKEY_free(pkey);

-		if (i == 0)

-			{

-			if (s->version == SSL3_VERSION)

-				{

-				s->s3->tmp.cert_req=0;

-				ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);

-				return(1);

-				}

-			else

-				{

-				s->s3->tmp.cert_req=2;

-				}

-			}

-		/* Ok, we have a cert */

-		s->state=SSL3_ST_CW_CERT_C;

-		}

-	if (s->state == SSL3_ST_CW_CERT_C)

-		{

-		s->state=SSL3_ST_CW_CERT_D;

-		l=dtls1_output_cert_chain(s,

-			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);

-		s->init_num=(int)l;

-		s->init_off=0;

-		/* set header called by dtls1_output_cert_chain() */

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* SSL3_ST_CW_CERT_D */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

--- a/sys/src/ape/lib/openssl/ssl/d1_enc.c

+++ /dev/null

@@ -1,281 +1,0 @@

-/* ssl/d1_enc.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/comp.h>

-#include <openssl/evp.h>

-#include <openssl/hmac.h>

-#include <openssl/md5.h>

-#include <openssl/rand.h>

-int dtls1_enc(SSL *s, int send)

-	{

-	SSL3_RECORD *rec;

-	EVP_CIPHER_CTX *ds;

-	unsigned long l;

-	int bs,i,ii,j,k,n=0;

-	const EVP_CIPHER *enc;

-	if (send)

-		{

-		if (s->write_hash != NULL)

-			n=EVP_MD_size(s->write_hash);

-		ds=s->enc_write_ctx;

-		rec= &(s->s3->wrec);

-		if (s->enc_write_ctx == NULL)

-			enc=NULL;

-		else

-			{

-			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

-			if ( rec->data != rec->input)

-				/* we can't write into the input stream */

-				fprintf(stderr, "%s:%d: rec->data != rec->input\n",

-					__FILE__, __LINE__);

-			else if ( EVP_CIPHER_block_size(ds->cipher) > 1)

-				{

-				if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))

-					return -1;

-				}

-			}

-		}

-	else

-		{

-		if (s->read_hash != NULL)

-			n=EVP_MD_size(s->read_hash);

-		ds=s->enc_read_ctx;

-		rec= &(s->s3->rrec);

-		if (s->enc_read_ctx == NULL)

-			enc=NULL;

-		else

-			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

-		}

-#ifdef KSSL_DEBUG

-	printf("dtls1_enc(%d)\n", send);

-#endif    /* KSSL_DEBUG */

-	if ((s->session == NULL) || (ds == NULL) ||

-		(enc == NULL))

-		{

-		memmove(rec->data,rec->input,rec->length);

-		rec->input=rec->data;

-		}

-	else

-		{

-		l=rec->length;

-		bs=EVP_CIPHER_block_size(ds->cipher);

-		if ((bs != 1) && send)

-			{

-			i=bs-((int)l%bs);

-			/* Add weird padding of upto 256 bytes */

-			/* we need to add 'i' padding bytes of value j */

-			j=i-1;

-			if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)

-				{

-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)

-					j++;

-				}

-			for (k=(int)l; k<(int)(l+i); k++)

-				rec->input[k]=j;

-			l+=i;

-			rec->length+=i;

-			}

-#ifdef KSSL_DEBUG

-		{

-                unsigned long ui;

-		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",

-                        ds,rec->data,rec->input,l);

-		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",

-                        ds->buf_len, ds->cipher->key_len,

-                        DES_KEY_SZ, DES_SCHEDULE_SZ,

-                        ds->cipher->iv_len);

-		printf("\t\tIV: ");

-		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);

-		printf("\n");

-		printf("\trec->input=");

-		for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);

-		printf("\n");

-		}

-#endif	/* KSSL_DEBUG */

-		if (!send)

-			{

-			if (l == 0 || l%bs != 0)

-				{

-				SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);

-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);

-				return 0;

-				}

-			}

-		EVP_Cipher(ds,rec->data,rec->input,l);

-#ifdef KSSL_DEBUG

-		{

-                unsigned long i;

-                printf("\trec->data=");

-		for (i=0; i<l; i++)

-                        printf(" %02x", rec->data[i]);  printf("\n");

-                }

-#endif	/* KSSL_DEBUG */

-		if ((bs != 1) && !send)

-			{

-			ii=i=rec->data[l-1]; /* padding_length */

-			i++;

-			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)

-				{

-				/* First packet is even in size, so check */

-				if ((memcmp(s->s3->read_sequence,

-					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))

-					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;

-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)

-					i--;

-				}

-			/* TLS 1.0 does not bound the number of padding bytes by the block size.

-			 * All of them must have value 'padding_length'. */

-			if (i > (int)rec->length)

-				{

-				/* Incorrect padding. SSLerr() and ssl3_alert are done

-				 * by caller: we don't want to reveal whether this is

-				 * a decryption error or a MAC verification failure

-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt)

-				 */

-				return -1;

-				}

-			for (j=(int)(l-i); j<(int)l; j++)

-				{

-				if (rec->data[j] != ii)

-					{

-					/* Incorrect padding */

-					return -1;

-					}

-				}

-			rec->length-=i;

-			rec->data += bs;    /* skip the implicit IV */

-			rec->input += bs;

-			rec->length -= bs;

-			}

-		}

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/ssl/d1_lib.c

+++ /dev/null

@@ -1,210 +1,0 @@

-/* ssl/d1_lib.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;

-SSL3_ENC_METHOD DTLSv1_enc_data={

-    dtls1_enc,

-	tls1_mac,

-	tls1_setup_key_block,

-	tls1_generate_master_secret,

-	tls1_change_cipher_state,

-	tls1_final_finish_mac,

-	TLS1_FINISH_MAC_LENGTH,

-	tls1_cert_verify_mac,

-	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,

-	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,

-	tls1_alert_code,

-	};

-long dtls1_default_timeout(void)

-	{

-	/* 2 hours, the 24 hours mentioned in the DTLSv1 spec

-	 * is way too long for http, the cache would over fill */

-	return(60*60*2);

-	}

-IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,

-			ssl_undefined_function,

-			ssl_undefined_function,

-			ssl_bad_method)

-int dtls1_new(SSL *s)

-	{

-	DTLS1_STATE *d1;

-	if (!ssl3_new(s)) return(0);

-	if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);

-	memset(d1,0, sizeof *d1);

-	/* d1->handshake_epoch=0; */

-#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)

-	d1->bitmap.length=64;

-#else

-	d1->bitmap.length=sizeof(d1->bitmap.map) * 8;

-#endif

-	pq_64bit_init(&(d1->bitmap.map));

-	pq_64bit_init(&(d1->bitmap.max_seq_num));

-	pq_64bit_init(&(d1->next_bitmap.map));

-	pq_64bit_init(&(d1->next_bitmap.max_seq_num));

-	d1->unprocessed_rcds.q=pqueue_new();

-	d1->processed_rcds.q=pqueue_new();

-	d1->buffered_messages = pqueue_new();

-	d1->sent_messages=pqueue_new();

-	if ( s->server)

-		{

-		d1->cookie_len = sizeof(s->d1->cookie);

-		}

-	if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q

-        || ! d1->buffered_messages || ! d1->sent_messages)

-		{

-        if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);

-        if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);

-        if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);

-		if ( d1->sent_messages) pqueue_free(d1->sent_messages);

-		OPENSSL_free(d1);

-		return (0);

-		}

-	s->d1=d1;

-	s->method->ssl_clear(s);

-	return(1);

-	}

-void dtls1_free(SSL *s)

-	{

-    pitem *item = NULL;

-    hm_fragment *frag = NULL;

-	ssl3_free(s);

-    while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)

-        {

-        OPENSSL_free(item->data);

-        pitem_free(item);

-        }

-    pqueue_free(s->d1->unprocessed_rcds.q);

-    while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)

-        {

-        OPENSSL_free(item->data);

-        pitem_free(item);

-        }

-    pqueue_free(s->d1->processed_rcds.q);

-    while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)

-        {

-        frag = (hm_fragment *)item->data;

-        OPENSSL_free(frag->fragment);

-        OPENSSL_free(frag);

-        pitem_free(item);

-        }

-    pqueue_free(s->d1->buffered_messages);

-    while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)

-        {

-        frag = (hm_fragment *)item->data;

-        OPENSSL_free(frag->fragment);

-        OPENSSL_free(frag);

-        pitem_free(item);

-        }

-	pqueue_free(s->d1->sent_messages);

-	pq_64bit_free(&(s->d1->bitmap.map));

-	pq_64bit_free(&(s->d1->bitmap.max_seq_num));

-	pq_64bit_free(&(s->d1->next_bitmap.map));

-	pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));

-	OPENSSL_free(s->d1);

-	}

-void dtls1_clear(SSL *s)

-	{

-	ssl3_clear(s);

-	s->version=DTLS1_VERSION;

-	}

-/*

- * As it's impossible to use stream ciphers in "datagram" mode, this

- * simple filter is designed to disengage them in DTLS. Unfortunately

- * there is no universal way to identify stream SSL_CIPHER, so we have

- * to explicitly list their SSL_* codes. Currently RC4 is the only one

- * available, but if new ones emerge, they will have to be added...

- */

-SSL_CIPHER *dtls1_get_cipher(unsigned int u)

-	{

-	SSL_CIPHER *ciph = ssl3_get_cipher(u);

-	if (ciph != NULL)

-		{

-		if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)

-			return NULL;

-		}

-	return ciph;

-	}

--- a/sys/src/ape/lib/openssl/ssl/d1_meth.c

+++ /dev/null

@@ -1,77 +1,0 @@

-/* ssl/d1_meth.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-static SSL_METHOD *dtls1_get_method(int ver);

-static SSL_METHOD *dtls1_get_method(int ver)

-	{

-	if (ver == DTLS1_VERSION)

-		return(DTLSv1_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_dtls1_meth_func(DTLSv1_method,

-			dtls1_accept,

-			dtls1_connect,

-			dtls1_get_method)

--- a/sys/src/ape/lib/openssl/ssl/d1_pkt.c

+++ /dev/null

@@ -1,1778 +1,0 @@

-/* ssl/d1_pkt.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "ssl_locl.h"

-#include <openssl/evp.h>

-#include <openssl/buffer.h>

-#include <openssl/pqueue.h>

-#include <openssl/rand.h>

-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,

-	int len, int peek);

-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,

-	PQ_64BIT *seq_num);

-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);

-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,

-    unsigned int *is_next_epoch);

-#if 0

-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,

-	unsigned short *priority, unsigned long *offset);

-#endif

-static int dtls1_buffer_record(SSL *s, record_pqueue *q,

-	PQ_64BIT priority);

-static int dtls1_process_record(SSL *s);

-#if PQ_64BIT_IS_INTEGER

-static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);

-#endif

-static void dtls1_clear_timeouts(SSL *s);

-/* copy buffered record into SSL structure */

-static int

-dtls1_copy_record(SSL *s, pitem *item)

-    {

-    DTLS1_RECORD_DATA *rdata;

-    rdata = (DTLS1_RECORD_DATA *)item->data;

-    if (s->s3->rbuf.buf != NULL)

-        OPENSSL_free(s->s3->rbuf.buf);

-    s->packet = rdata->packet;

-    s->packet_length = rdata->packet_length;

-    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));

-    memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));

-    return(1);

-    }

-static int

-dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)

-{

-    DTLS1_RECORD_DATA *rdata;

-	pitem *item;

-	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));

-	item = pitem_new(priority, rdata);

-	if (rdata == NULL || item == NULL)

-		{

-		if (rdata != NULL) OPENSSL_free(rdata);

-		if (item != NULL) pitem_free(item);

-		SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);

-		return(0);

-		}

-	rdata->packet = s->packet;

-	rdata->packet_length = s->packet_length;

-	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));

-	memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));

-	item->data = rdata;

-	/* insert should not fail, since duplicates are dropped */

-	if (pqueue_insert(queue->q, item) == NULL)

-		{

-		OPENSSL_free(rdata);

-		pitem_free(item);

-		return(0);

-		}

-	s->packet = NULL;

-	s->packet_length = 0;

-	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));

-	memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));

-	if (!ssl3_setup_buffers(s))

-		{

-		SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);

-		OPENSSL_free(rdata);

-		pitem_free(item);

-		return(0);

-		}

-	return(1);

-    }

-static int

-dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)

-    {

-    pitem *item;

-    item = pqueue_pop(queue->q);

-    if (item)

-        {

-        dtls1_copy_record(s, item);

-        OPENSSL_free(item->data);

-		pitem_free(item);

-        return(1);

-        }

-    return(0);

-    }

-/* retrieve a buffered record that belongs to the new epoch, i.e., not processed

- * yet */

-#define dtls1_get_unprocessed_record(s) \

-                   dtls1_retrieve_buffered_record((s), \

-                   &((s)->d1->unprocessed_rcds))

-/* retrieve a buffered record that belongs to the current epoch, ie, processed */

-#define dtls1_get_processed_record(s) \

-                   dtls1_retrieve_buffered_record((s), \

-                   &((s)->d1->processed_rcds))

-static int

-dtls1_process_buffered_records(SSL *s)

-    {

-    pitem *item;

-    item = pqueue_peek(s->d1->unprocessed_rcds.q);

-    if (item)

-        {

-        DTLS1_RECORD_DATA *rdata;

-        rdata = (DTLS1_RECORD_DATA *)item->data;

-        /* Check if epoch is current. */

-        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)

-            return(1);  /* Nothing to do. */

-        /* Process all the records. */

-        while (pqueue_peek(s->d1->unprocessed_rcds.q))

-            {

-            dtls1_get_unprocessed_record(s);

-            if ( ! dtls1_process_record(s))

-                return(0);

-            dtls1_buffer_record(s, &(s->d1->processed_rcds),

-                s->s3->rrec.seq_num);

-            }

-        }

-    /* sync epoch numbers once all the unprocessed records

-     * have been processed */

-    s->d1->processed_rcds.epoch = s->d1->r_epoch;

-    s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;

-    return(1);

-    }

-#if 0

-static int

-dtls1_get_buffered_record(SSL *s)

-	{

-	pitem *item;

-	PQ_64BIT priority =

-		(((PQ_64BIT)s->d1->handshake_read_seq) << 32) |

-		((PQ_64BIT)s->d1->r_msg_hdr.frag_off);

-	if ( ! SSL_in_init(s))  /* if we're not (re)negotiating,

-							   nothing buffered */

-		return 0;

-	item = pqueue_peek(s->d1->rcvd_records);

-	if (item && item->priority == priority)

-		{

-		/* Check if we've received the record of interest.  It must be

-		 * a handshake record, since data records as passed up without

-		 * buffering */

-		DTLS1_RECORD_DATA *rdata;

-		item = pqueue_pop(s->d1->rcvd_records);

-		rdata = (DTLS1_RECORD_DATA *)item->data;

-		if (s->s3->rbuf.buf != NULL)

-			OPENSSL_free(s->s3->rbuf.buf);

-		s->packet = rdata->packet;

-		s->packet_length = rdata->packet_length;

-		memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));

-		memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));

-		OPENSSL_free(item->data);

-		pitem_free(item);

-		/* s->d1->next_expected_seq_num++; */

-		return(1);

-		}

-	return 0;

-	}

-#endif

-static int

-dtls1_process_record(SSL *s)

-{

-    int i,al;

-	int clear=0;

-    int enc_err;

-	SSL_SESSION *sess;

-    SSL3_RECORD *rr;

-	unsigned int mac_size;

-	unsigned char md[EVP_MAX_MD_SIZE];

-	rr= &(s->s3->rrec);

-    sess = s->session;

-	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,

-	 * and we have that many bytes in s->packet

-	 */

-	rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);

-	/* ok, we can now read from 's->packet' data into 'rr'

-	 * rr->input points at rr->length bytes, which

-	 * need to be copied into rr->data by either

-	 * the decryption or by the decompression

-	 * When the data is 'copied' into the rr->data buffer,

-	 * rr->input will be pointed at the new buffer */

-	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]

-	 * rr->length bytes of encrypted compressed stuff. */

-	/* check is not needed I believe */

-	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)

-		{

-		al=SSL_AD_RECORD_OVERFLOW;

-		SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

-		goto f_err;

-		}

-	/* decrypt in place in 'rr->input' */

-	rr->data=rr->input;

-	enc_err = s->method->ssl3_enc->enc(s,0);

-	if (enc_err <= 0)

-		{

-		if (enc_err == 0)

-			/* SSLerr() and ssl3_send_alert() have been called */

-			goto err;

-		/* otherwise enc_err == -1 */

-		goto decryption_failed_or_bad_record_mac;

-		}

-#ifdef TLS_DEBUG

-printf("dec %d\n",rr->length);

-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }

-printf("\n");

-#endif

-	/* r->length is now the compressed data plus mac */

-if (	(sess == NULL) ||

-		(s->enc_read_ctx == NULL) ||

-		(s->read_hash == NULL))

-    clear=1;

-	if (!clear)

-		{

-		mac_size=EVP_MD_size(s->read_hash);

-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)

-			{

-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */

-			al=SSL_AD_RECORD_OVERFLOW;

-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);

-			goto f_err;

-#else

-			goto decryption_failed_or_bad_record_mac;

-#endif

-			}

-		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */

-		if (rr->length < mac_size)

-			{

-#if 0 /* OK only for stream ciphers */

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);

-			goto f_err;

-#else

-			goto decryption_failed_or_bad_record_mac;

-#endif

-			}

-		rr->length-=mac_size;

-		i=s->method->ssl3_enc->mac(s,md,0);

-		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)

-			{

-			goto decryption_failed_or_bad_record_mac;

-			}

-		}

-	/* r->length is now just compressed */

-	if (s->expand != NULL)

-		{

-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)

-			{

-			al=SSL_AD_RECORD_OVERFLOW;

-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);

-			goto f_err;

-			}

-		if (!ssl3_do_uncompress(s))

-			{

-			al=SSL_AD_DECOMPRESSION_FAILURE;

-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);

-			goto f_err;

-			}

-		}

-	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)

-		{

-		al=SSL_AD_RECORD_OVERFLOW;

-		SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);

-		goto f_err;

-		}

-	rr->off=0;

-	/* So at this point the following is true

-	 * ssl->s3->rrec.type 	is the type of record

-	 * ssl->s3->rrec.length	== number of bytes in record

-	 * ssl->s3->rrec.off	== offset to first valid byte

-	 * ssl->s3->rrec.data	== where to take bytes from, increment

-	 *			   after use :-).

-	 */

-	/* we have pulled in a full packet so zero things */

-	s->packet_length=0;

-    dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */

-    return(1);

-decryption_failed_or_bad_record_mac:

-	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,

-	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption

-	 * failure is directly visible from the ciphertext anyway,

-	 * we should not reveal which kind of error occured -- this

-	 * might become visible to an attacker (e.g. via logfile) */

-	al=SSL_AD_BAD_RECORD_MAC;

-	SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(0);

-}

-/* Call this to get a new input record.

- * It will return <= 0 if more data is needed, normally due to an error

- * or non-blocking IO.

- * When it finishes, one packet has been decoded and can be found in

- * ssl->s3->rrec.type    - is the type of record

- * ssl->s3->rrec.data, 	 - data

- * ssl->s3->rrec.length, - number of bytes

- */

-/* used only by dtls1_read_bytes */

-int dtls1_get_record(SSL *s)

-	{

-	int ssl_major,ssl_minor,al;

-	int i,n;

-	SSL3_RECORD *rr;

-	SSL_SESSION *sess;

-	unsigned char *p;

-	unsigned short version;

-	DTLS1_BITMAP *bitmap;

-	unsigned int is_next_epoch;

-	rr= &(s->s3->rrec);

-	sess=s->session;

-    /* The epoch may have changed.  If so, process all the

-     * pending records.  This is a non-blocking operation. */

-    if ( ! dtls1_process_buffered_records(s))

-        return 0;

-	/* if we're renegotiating, then there may be buffered records */

-	if (dtls1_get_processed_record(s))

-		return 1;

-	/* get something from the wire */

-again:

-	/* check if we have the header */

-	if (	(s->rstate != SSL_ST_READ_BODY) ||

-		(s->packet_length < DTLS1_RT_HEADER_LENGTH))

-		{

-		n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);

-		/* read timeout is handled by dtls1_read_bytes */

-		if (n <= 0) return(n); /* error or non-blocking */

-		OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);

-		s->rstate=SSL_ST_READ_BODY;

-		p=s->packet;

-		/* Pull apart the header into the DTLS1_RECORD */

-		rr->type= *(p++);

-		ssl_major= *(p++);

-		ssl_minor= *(p++);

-		version=(ssl_major<<8)|ssl_minor;

-		/* sequence number is 64 bits, with top 2 bytes = epoch */

-		n2s(p,rr->epoch);

-		memcpy(&(s->s3->read_sequence[2]), p, 6);

-		p+=6;

-		n2s(p,rr->length);

-		/* Lets check version */

-		if (!s->first_packet)

-			{

-			if (version != s->version && version != DTLS1_BAD_VER)

-				{

-				SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

-				/* Send back error using their

-				 * version number :-) */

-				s->version=version;

-				al=SSL_AD_PROTOCOL_VERSION;

-				goto f_err;

-				}

-			}

-		if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&

-		    (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))

-			{

-			SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

-			goto err;

-			}

-		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)

-			{

-			al=SSL_AD_RECORD_OVERFLOW;

-			SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);

-			goto f_err;

-			}

-		s->client_version = version;

-		/* now s->rstate == SSL_ST_READ_BODY */

-		}

-	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */

-	if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)

-		{

-		/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */

-		i=rr->length;

-		n=ssl3_read_n(s,i,i,1);

-		if (n <= 0) return(n); /* error or non-blocking io */

-		/* this packet contained a partial record, dump it */

-		if ( n != i)

-			{

-			s->packet_length = 0;

-			goto again;

-			}

-		/* now n == rr->length,

-		 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */

-		}

-	s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */

-	/* match epochs.  NULL means the packet is dropped on the floor */

-	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);

-	if ( bitmap == NULL)

-        {

-        s->packet_length = 0;  /* dump this record */

-        goto again;   /* get another record */

-		}

-	/* check whether this is a repeat, or aged record */

-	if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))

-		{

-		s->packet_length=0; /* dump this record */

-		goto again;     /* get another record */

-		}

-	/* just read a 0 length packet */

-	if (rr->length == 0) goto again;

-    /* If this record is from the next epoch (either HM or ALERT), buffer it

-     * since it cannot be processed at this time.

-     * Records from the next epoch are marked as received even though they are

-     * not processed, so as to prevent any potential resource DoS attack */

-    if (is_next_epoch)

-        {

-        dtls1_record_bitmap_update(s, bitmap);

-        dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);

-        s->packet_length = 0;

-        goto again;

-        }

-    if ( ! dtls1_process_record(s))

-        return(0);

-	dtls1_clear_timeouts(s);  /* done waiting */

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(0);

-	}

-/* Return up to 'len' payload bytes received in 'type' records.

- * 'type' is one of the following:

- *

- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)

- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)

- *   -  0 (during a shutdown, no data has to be returned)

- *

- * If we don't have stored data to work from, read a SSL/TLS record first

- * (possibly multiple records if we still don't have anything to return).

- *

- * This function must handle any surprises the peer may have for us, such as

- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really

- * a surprise, but handled as if it were), or renegotiation requests.

- * Also if record payloads contain fragments too small to process, we store

- * them until there is enough for the respective protocol (the record protocol

- * may use arbitrary fragmentation and even interleaving):

- *     Change cipher spec protocol

- *             just 1 byte needed, no need for keeping anything stored

- *     Alert protocol

- *             2 bytes needed (AlertLevel, AlertDescription)

- *     Handshake protocol

- *             4 bytes needed (HandshakeType, uint24 length) -- we just have

- *             to detect unexpected Client Hello and Hello Request messages

- *             here, anything else is handled by higher layers

- *     Application data protocol

- *             none of our business

- */

-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

-	{

-	int al,i,j,ret;

-	unsigned int n;

-	SSL3_RECORD *rr;

-	void (*cb)(const SSL *ssl,int type2,int val)=NULL;

-	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */

-		if (!ssl3_setup_buffers(s))

-			return(-1);

-    /* XXX: check what the second '&& type' is about */

-	if ((type && (type != SSL3_RT_APPLICATION_DATA) &&

-		(type != SSL3_RT_HANDSHAKE) && type) ||

-	    (peek && (type != SSL3_RT_APPLICATION_DATA)))

-		{

-		SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	/* check whether there's a handshake message (client hello?) waiting */

-	if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))

-		return ret;

-	/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */

-	if (!s->in_handshake && SSL_in_init(s))

-		{

-		/* type == SSL3_RT_APPLICATION_DATA */

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		}

-start:

-	s->rwstate=SSL_NOTHING;

-	/* s->s3->rrec.type	    - is the type of record

-	 * s->s3->rrec.data,    - data

-	 * s->s3->rrec.off,     - offset into 'data' for next read

-	 * s->s3->rrec.length,  - number of bytes. */

-	rr = &(s->s3->rrec);

-	/* get new packet if necessary */

-	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))

-		{

-		ret=dtls1_get_record(s);

-		if (ret <= 0)

-			{

-			ret = dtls1_read_failed(s, ret);

-			/* anything other than a timeout is an error */

-			if (ret <= 0)

-				return(ret);

-			else

-				goto start;

-			}

-		}

-	/* we now have a packet which can be read and processed */

-	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,

-	                               * reset by ssl3_get_finished */

-		&& (rr->type != SSL3_RT_HANDSHAKE))

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);

-		goto err;

-		}

-	/* If the other end has shut down, throw anything we read away

-	 * (even in 'peek' mode) */

-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)

-		{

-		rr->length=0;

-		s->rwstate=SSL_NOTHING;

-		return(0);

-		}

-	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */

-		{

-		/* make sure that we are not getting application data when we

-		 * are doing a handshake for the first time */

-		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&

-			(s->enc_read_ctx == NULL))

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);

-			goto f_err;

-			}

-		if (len <= 0) return(len);

-		if ((unsigned int)len > rr->length)

-			n = rr->length;

-		else

-			n = (unsigned int)len;

-		memcpy(buf,&(rr->data[rr->off]),n);

-		if (!peek)

-			{

-			rr->length-=n;

-			rr->off+=n;

-			if (rr->length == 0)

-				{

-				s->rstate=SSL_ST_READ_HEADER;

-				rr->off=0;

-				}

-			}

-		return(n);

-		}

-	/* If we get here, then type != rr->type; if we have a handshake

-	 * message, then it was unexpected (Hello Request or Client Hello). */

-	/* In case of record types for which we have 'fragment' storage,

-	 * fill that so that we can process the data at a fixed place.

-	 */

-		{

-		unsigned int k, dest_maxlen = 0;

-		unsigned char *dest = NULL;

-		unsigned int *dest_len = NULL;

-		if (rr->type == SSL3_RT_HANDSHAKE)

-			{

-			dest_maxlen = sizeof s->d1->handshake_fragment;

-			dest = s->d1->handshake_fragment;

-			dest_len = &s->d1->handshake_fragment_len;

-			}

-		else if (rr->type == SSL3_RT_ALERT)

-			{

-			dest_maxlen = sizeof(s->d1->alert_fragment);

-			dest = s->d1->alert_fragment;

-			dest_len = &s->d1->alert_fragment_len;

-			}

-                /* else it's a CCS message, or it's wrong */

-                else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)

-                        {

-                          /* Not certain if this is the right error handling */

-                          al=SSL_AD_UNEXPECTED_MESSAGE;

-                          SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);

-                          goto f_err;

-                        }

-		if (dest_maxlen > 0)

-			{

-            /* XDTLS:  In a pathalogical case, the Client Hello

-             *  may be fragmented--don't always expect dest_maxlen bytes */

-			if ( rr->length < dest_maxlen)

-				{

-				s->rstate=SSL_ST_READ_HEADER;

-				rr->length = 0;

-				goto start;

-				}

-			/* now move 'n' bytes: */

-			for ( k = 0; k < dest_maxlen; k++)

-				{

-				dest[k] = rr->data[rr->off++];

-				rr->length--;

-				}

-			*dest_len = dest_maxlen;

-			}

-		}

-	/* s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;

-	 * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.

-	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */

-	/* If we are a client, check for an incoming 'Hello Request': */

-	if ((!s->server) &&

-		(s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&

-		(s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&

-		(s->session != NULL) && (s->session->cipher != NULL))

-		{

-		s->d1->handshake_fragment_len = 0;

-		if ((s->d1->handshake_fragment[1] != 0) ||

-			(s->d1->handshake_fragment[2] != 0) ||

-			(s->d1->handshake_fragment[3] != 0))

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);

-			goto err;

-			}

-		/* no need to check sequence number on HELLO REQUEST messages */

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,

-				s->d1->handshake_fragment, 4, s, s->msg_callback_arg);

-		if (SSL_is_init_finished(s) &&

-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&

-			!s->s3->renegotiate)

-			{

-			ssl3_renegotiate(s);

-			if (ssl3_renegotiate_check(s))

-				{

-				i=s->handshake_func(s);

-				if (i < 0) return(i);

-				if (i == 0)

-					{

-					SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-					return(-1);

-					}

-				if (!(s->mode & SSL_MODE_AUTO_RETRY))

-					{

-					if (s->s3->rbuf.left == 0) /* no read-ahead left? */

-						{

-						BIO *bio;

-						/* In the case where we try to read application data,

-						 * but we trigger an SSL handshake, we return -1 with

-						 * the retry option set.  Otherwise renegotiation may

-						 * cause nasty problems in the blocking world */

-						s->rwstate=SSL_READING;

-						bio=SSL_get_rbio(s);

-						BIO_clear_retry_flags(bio);

-						BIO_set_retry_read(bio);

-						return(-1);

-						}

-					}

-				}

-			}

-		/* we either finished a handshake or ignored the request,

-		 * now try again to obtain the (application) data we were asked for */

-		goto start;

-		}

-	if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)

-		{

-		int alert_level = s->d1->alert_fragment[0];

-		int alert_descr = s->d1->alert_fragment[1];

-		s->d1->alert_fragment_len = 0;

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, SSL3_RT_ALERT,

-				s->d1->alert_fragment, 2, s, s->msg_callback_arg);

-		if (s->info_callback != NULL)

-			cb=s->info_callback;

-		else if (s->ctx->info_callback != NULL)

-			cb=s->ctx->info_callback;

-		if (cb != NULL)

-			{

-			j = (alert_level << 8) | alert_descr;

-			cb(s, SSL_CB_READ_ALERT, j);

-			}

-		if (alert_level == 1) /* warning */

-			{

-			s->s3->warn_alert = alert_descr;

-			if (alert_descr == SSL_AD_CLOSE_NOTIFY)

-				{

-				s->shutdown |= SSL_RECEIVED_SHUTDOWN;

-				return(0);

-				}

-#if 0

-            /* XXX: this is a possible improvement in the future */

-			/* now check if it's a missing record */

-			if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)

-				{

-				unsigned short seq;

-				unsigned int frag_off;

-				unsigned char *p = &(s->d1->alert_fragment[2]);

-				n2s(p, seq);

-				n2l3(p, frag_off);

-				dtls1_retransmit_message(s, seq, frag_off, &found);

-				if ( ! found  && SSL_in_init(s))

-					{

-					/* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */

-					/* requested a message not yet sent,

-					   send an alert ourselves */

-					ssl3_send_alert(s,SSL3_AL_WARNING,

-						DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);

-					}

-				}

-#endif

-			}

-		else if (alert_level == 2) /* fatal */

-			{

-			char tmp[16];

-			s->rwstate=SSL_NOTHING;

-			s->s3->fatal_alert = alert_descr;

-			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);

-			BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);

-			ERR_add_error_data(2,"SSL alert number ",tmp);

-			s->shutdown|=SSL_RECEIVED_SHUTDOWN;

-			SSL_CTX_remove_session(s->ctx,s->session);

-			return(0);

-			}

-		else

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);

-			goto f_err;

-			}

-		goto start;

-		}

-	if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */

-		{

-		s->rwstate=SSL_NOTHING;

-		rr->length=0;

-		return(0);

-		}

-	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)

-		{

-		struct ccs_header_st ccs_hdr;

-		dtls1_get_ccs_header(rr->data, &ccs_hdr);

-		/* 'Change Cipher Spec' is just a single byte, so we know

-		 * exactly what the record payload has to look like */

-		/* XDTLS: check that epoch is consistent */

-		if (	(s->client_version == DTLS1_BAD_VER && rr->length != 3) ||

-			(s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||

-			(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))

-			{

-			i=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);

-			goto err;

-			}

-		rr->length=0;

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,

-				rr->data, 1, s, s->msg_callback_arg);

-		s->s3->change_cipher_spec=1;

-		if (!ssl3_do_change_cipher_spec(s))

-			goto err;

-		/* do this whenever CCS is processed */

-		dtls1_reset_seq_numbers(s, SSL3_CC_READ);

-		if (s->client_version == DTLS1_BAD_VER)

-			s->d1->handshake_read_seq++;

-		goto start;

-		}

-	/* Unexpected handshake message (Client Hello, or protocol violation) */

-	if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&

-		!s->in_handshake)

-		{

-		struct hm_header_st msg_hdr;

-		/* this may just be a stale retransmit */

-		dtls1_get_message_header(rr->data, &msg_hdr);

-		if( rr->epoch != s->d1->r_epoch)

-			{

-			rr->length = 0;

-			goto start;

-			}

-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&

-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))

-			{

-#if 0 /* worked only because C operator preferences are not as expected (and

-       * because this is not really needed for clients except for detecting

-       * protocol violations): */

-			s->state=SSL_ST_BEFORE|(s->server)

-				?SSL_ST_ACCEPT

-				:SSL_ST_CONNECT;

-#else

-			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;

-#endif

-			s->new_session=1;

-			}

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		if (!(s->mode & SSL_MODE_AUTO_RETRY))

-			{

-			if (s->s3->rbuf.left == 0) /* no read-ahead left? */

-				{

-				BIO *bio;

-				/* In the case where we try to read application data,

-				 * but we trigger an SSL handshake, we return -1 with

-				 * the retry option set.  Otherwise renegotiation may

-				 * cause nasty problems in the blocking world */

-				s->rwstate=SSL_READING;

-				bio=SSL_get_rbio(s);

-				BIO_clear_retry_flags(bio);

-				BIO_set_retry_read(bio);

-				return(-1);

-				}

-			}

-		goto start;

-		}

-	switch (rr->type)

-		{

-	default:

-#ifndef OPENSSL_NO_TLS

-		/* TLS just ignores unknown message types */

-		if (s->version == TLS1_VERSION)

-			{

-			rr->length = 0;

-			goto start;

-			}

-#endif

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);

-		goto f_err;

-	case SSL3_RT_CHANGE_CIPHER_SPEC:

-	case SSL3_RT_ALERT:

-	case SSL3_RT_HANDSHAKE:

-		/* we already handled all of these, with the possible exception

-		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that

-		 * should not happen when type != rr->type */

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);

-		goto f_err;

-	case SSL3_RT_APPLICATION_DATA:

-		/* At this point, we were expecting handshake data,

-		 * but have application data.  If the library was

-		 * running inside ssl3_read() (i.e. in_read_app_data

-		 * is set) and it makes sense to read application data

-		 * at this point (session renegotiation not yet started),

-		 * we will indulge it.

-		 */

-		if (s->s3->in_read_app_data &&

-			(s->s3->total_renegotiations != 0) &&

-			((

-				(s->state & SSL_ST_CONNECT) &&

-				(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&

-				(s->state <= SSL3_ST_CR_SRVR_HELLO_A)

-				) || (

-					(s->state & SSL_ST_ACCEPT) &&

-					(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&

-					(s->state >= SSL3_ST_SR_CLNT_HELLO_A)

-					)

-				))

-			{

-			s->s3->in_read_app_data=2;

-			return(-1);

-			}

-		else

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);

-			goto f_err;

-			}

-		}

-	/* not reached */

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(-1);

-	}

-int

-dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)

-	{

-	unsigned int n,tot;

-	int i;

-	if (SSL_in_init(s) && !s->in_handshake)

-		{

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return -1;

-			}

-		}

-	tot = s->s3->wnum;

-	n = len - tot;

-	while( n)

-		{

-		/* dtls1_write_bytes sends one record at a time, sized according to

-		 * the currently known MTU */

-		i = dtls1_write_bytes(s, type, buf_, len);

-		if (i <= 0) return i;

-		if ((i == (int)n) ||

-			(type == SSL3_RT_APPLICATION_DATA &&

-				(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))

-			{

-			/* next chunk of data should get another prepended empty fragment

-			 * in ciphersuites with known-IV weakness: */

-			s->s3->empty_fragment_done = 0;

-			return tot+i;

-			}

-		tot += i;

-		n-=i;

-		}

-	return tot;

-	}

-	/* this only happens when a client hello is received and a handshake

-	 * is started. */

-static int

-have_handshake_fragment(SSL *s, int type, unsigned char *buf,

-	int len, int peek)

-	{

-	if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))

-		/* (partially) satisfy request from storage */

-		{

-		unsigned char *src = s->d1->handshake_fragment;

-		unsigned char *dst = buf;

-		unsigned int k,n;

-		/* peek == 0 */

-		n = 0;

-		while ((len > 0) && (s->d1->handshake_fragment_len > 0))

-			{

-			*dst++ = *src++;

-			len--; s->d1->handshake_fragment_len--;

-			n++;

-			}

-		/* move any remaining fragment bytes: */

-		for (k = 0; k < s->d1->handshake_fragment_len; k++)

-			s->d1->handshake_fragment[k] = *src++;

-		return n;

-		}

-	return 0;

-	}

-/* Call this to write data in records of type 'type'

- * It will return <= 0 if not all data has been sent or non-blocking IO.

- */

-int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)

-	{

-	const unsigned char *buf=buf_;

-	unsigned int tot,n,nw;

-	int i;

-	unsigned int mtu;

-	s->rwstate=SSL_NOTHING;

-	tot=s->s3->wnum;

-	n=(len-tot);

-	/* handshake layer figures out MTU for itself, but data records

-	 * are also sent through this interface, so need to figure out MTU */

-#if 0

-	mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_MTU, 0, NULL);

-	mtu += DTLS1_HM_HEADER_LENGTH;  /* HM already inserted */

-#endif

-	mtu = s->d1->mtu;

-	if (mtu > SSL3_RT_MAX_PLAIN_LENGTH)

-		mtu = SSL3_RT_MAX_PLAIN_LENGTH;

-	if (n > mtu)

-		nw=mtu;

-	else

-		nw=n;

-	i=do_dtls1_write(s, type, &(buf[tot]), nw, 0);

-	if (i <= 0)

-		{

-		s->s3->wnum=tot;

-		return i;

-		}

-	if ( (int)s->s3->wnum + i == len)

-		s->s3->wnum = 0;

-	else

-		s->s3->wnum += i;

-	return tot + i;

-	}

-int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)

-	{

-	unsigned char *p,*pseq;

-	int i,mac_size,clear=0;

-	int prefix_len = 0;

-	SSL3_RECORD *wr;

-	SSL3_BUFFER *wb;

-	SSL_SESSION *sess;

-	int bs;

-	/* first check if there is a SSL3_BUFFER still being written

-	 * out.  This will happen with non blocking IO */

-	if (s->s3->wbuf.left != 0)

-		{

-		OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */

-		return(ssl3_write_pending(s,type,buf,len));

-		}

-	/* If we have an alert to send, lets send it */

-	if (s->s3->alert_dispatch)

-		{

-		i=s->method->ssl_dispatch_alert(s);

-		if (i <= 0)

-			return(i);

-		/* if it went, fall through and send more stuff */

-		}

-	if (len == 0 && !create_empty_fragment)

-		return 0;

-	wr= &(s->s3->wrec);

-	wb= &(s->s3->wbuf);

-	sess=s->session;

-	if (	(sess == NULL) ||

-		(s->enc_write_ctx == NULL) ||

-		(s->write_hash == NULL))

-		clear=1;

-	if (clear)

-		mac_size=0;

-	else

-		mac_size=EVP_MD_size(s->write_hash);

-	/* DTLS implements explicit IV, so no need for empty fragments */

-#if 0

-	/* 'create_empty_fragment' is true only when this function calls itself */

-	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done

-		&& SSL_version(s) != DTLS1_VERSION)

-		{

-		/* countermeasure against known-IV weakness in CBC ciphersuites

-		 * (see http://www.openssl.org/~bodo/tls-cbc.txt)

-		 */

-		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)

-			{

-			/* recursive function call with 'create_empty_fragment' set;

-			 * this prepares and buffers the data for an empty fragment

-			 * (these 'prefix_len' bytes are sent out later

-			 * together with the actual payload) */

-			prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);

-			if (prefix_len <= 0)

-				goto err;

-			if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)

-				{

-				/* insufficient space */

-				SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			}

-		s->s3->empty_fragment_done = 1;

-		}

-#endif

-	p = wb->buf + prefix_len;

-	/* write the header */

-	*(p++)=type&0xff;

-	wr->type=type;

-	if (s->client_version == DTLS1_BAD_VER)

-		*(p++) = DTLS1_BAD_VER>>8,

-		*(p++) = DTLS1_BAD_VER&0xff;

-	else

-		*(p++)=(s->version>>8),

-		*(p++)=s->version&0xff;

-	/* field where we are to write out packet epoch, seq num and len */

-	pseq=p;

-	p+=10;

-	/* lets setup the record stuff. */

-	/* Make space for the explicit IV in case of CBC.

-	 * (this is a bit of a boundary violation, but what the heck).

-	 */

-	if ( s->enc_write_ctx &&

-		(EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))

-		bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);

-	else

-		bs = 0;

-	wr->data=p + bs;  /* make room for IV in case of CBC */

-	wr->length=(int)len;

-	wr->input=(unsigned char *)buf;

-	/* we now 'read' from wr->input, wr->length bytes into

-	 * wr->data */

-	/* first we compress */

-	if (s->compress != NULL)

-		{

-		if (!ssl3_do_compress(s))

-			{

-			SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);

-			goto err;

-			}

-		}

-	else

-		{

-		memcpy(wr->data,wr->input,wr->length);

-		wr->input=wr->data;

-		}

-	/* we should still have the output to wr->data and the input

-	 * from wr->input.  Length should be wr->length.

-	 * wr->data still points in the wb->buf */

-	if (mac_size != 0)

-		{

-		s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1);

-		wr->length+=mac_size;

-		}

-	/* this is true regardless of mac size */

-	wr->input=p;

-	wr->data=p;

-	/* ssl3_enc can only have an error on read */

-	if (bs)	/* bs != 0 in case of CBC */

-		{

-		RAND_pseudo_bytes(p,bs);

-		/* master IV and last CBC residue stand for

-		 * the rest of randomness */

-		wr->length += bs;

-		}

-	s->method->ssl3_enc->enc(s,1);

-	/* record length after mac and block padding */

-/*	if (type == SSL3_RT_APPLICATION_DATA ||

-	(type == SSL3_RT_ALERT && ! SSL_in_init(s))) */

-	/* there's only one epoch between handshake and app data */

-	s2n(s->d1->w_epoch, pseq);

-	/* XDTLS: ?? */

-/*	else

-	s2n(s->d1->handshake_epoch, pseq); */

-	memcpy(pseq, &(s->s3->write_sequence[2]), 6);

-	pseq+=6;

-	s2n(wr->length,pseq);

-	/* we should now have

-	 * wr->data pointing to the encrypted data, which is

-	 * wr->length long */

-	wr->type=type; /* not needed but helps for debugging */

-	wr->length+=DTLS1_RT_HEADER_LENGTH;

-#if 0  /* this is now done at the message layer */

-	/* buffer the record, making it easy to handle retransmits */

-	if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)

-		dtls1_buffer_record(s, wr->data, wr->length,

-			*((PQ_64BIT *)&(s->s3->write_sequence[0])));

-#endif

-	ssl3_record_sequence_update(&(s->s3->write_sequence[0]));

-	if (create_empty_fragment)

-		{

-		/* we are in a recursive call;

-		 * just return the length, don't write out anything here

-		 */

-		return wr->length;

-		}

-	/* now let's set up wb */

-	wb->left = prefix_len + wr->length;

-	wb->offset = 0;

-	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */

-	s->s3->wpend_tot=len;

-	s->s3->wpend_buf=buf;

-	s->s3->wpend_type=type;

-	s->s3->wpend_ret=len;

-	/* we now just need to write the buffer */

-	return ssl3_write_pending(s,type,buf,len);

-err:

-	return -1;

-	}

-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,

-	PQ_64BIT *seq_num)

-	{

-#if PQ_64BIT_IS_INTEGER

-	PQ_64BIT mask = 0x0000000000000001L;

-#endif

-	PQ_64BIT rcd_num, tmp;

-	pq_64bit_init(&rcd_num);

-	pq_64bit_init(&tmp);

-	/* this is the sequence number for the record just read */

-	pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);

-	if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||

-		pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))

-		{

-		pq_64bit_assign(seq_num, &rcd_num);

-		pq_64bit_free(&rcd_num);

-		pq_64bit_free(&tmp);

-		return 1;  /* this record is new */

-		}

-	pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);

-	if ( pq_64bit_get_word(&tmp) > bitmap->length)

-		{

-		pq_64bit_free(&rcd_num);

-		pq_64bit_free(&tmp);

-		return 0;  /* stale, outside the window */

-		}

-#if PQ_64BIT_IS_BIGNUM

-	{

-	int offset;

-	pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);

-	pq_64bit_sub_word(&tmp, 1);

-	offset = pq_64bit_get_word(&tmp);

-	if ( pq_64bit_is_bit_set(&(bitmap->map), offset))

-		{

-		pq_64bit_free(&rcd_num);

-		pq_64bit_free(&tmp);

-		return 0;

-		}

-	}

-#else

-	mask <<= (bitmap->max_seq_num - rcd_num - 1);

-	if (bitmap->map & mask)

-		return 0; /* record previously received */

-#endif

-	pq_64bit_assign(seq_num, &rcd_num);

-	pq_64bit_free(&rcd_num);

-	pq_64bit_free(&tmp);

-	return 1;

-	}

-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)

-	{

-	unsigned int shift;

-	PQ_64BIT rcd_num;

-	PQ_64BIT tmp;

-	PQ_64BIT_CTX *ctx;

-	pq_64bit_init(&rcd_num);

-	pq_64bit_init(&tmp);

-	pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);

-	/* unfortunate code complexity due to 64-bit manipulation support

-	 * on 32-bit machines */

-	if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||

-		pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))

-		{

-		pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));

-		pq_64bit_add_word(&tmp, 1);

-		shift = (unsigned int)pq_64bit_get_word(&tmp);

-		pq_64bit_lshift(&(tmp), &(bitmap->map), shift);

-		pq_64bit_assign(&(bitmap->map), &tmp);

-		pq_64bit_set_bit(&(bitmap->map), 0);

-		pq_64bit_add_word(&rcd_num, 1);

-		pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);

-		pq_64bit_assign_word(&tmp, 1);

-		pq_64bit_lshift(&tmp, &tmp, bitmap->length);

-		ctx = pq_64bit_ctx_new(&ctx);

-		pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);

-		pq_64bit_ctx_free(ctx);

-		}

-	else

-		{

-		pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);

-		pq_64bit_sub_word(&tmp, 1);

-		shift = (unsigned int)pq_64bit_get_word(&tmp);

-		pq_64bit_set_bit(&(bitmap->map), shift);

-		}

-	pq_64bit_free(&rcd_num);

-	pq_64bit_free(&tmp);

-	}

-int dtls1_dispatch_alert(SSL *s)

-	{

-	int i,j;

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */

-	unsigned char *ptr = &buf[0];

-	s->s3->alert_dispatch=0;

-	memset(buf, 0x00, sizeof(buf));

-	*ptr++ = s->s3->send_alert[0];

-	*ptr++ = s->s3->send_alert[1];

-	if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)

-		{

-		s2n(s->d1->handshake_read_seq, ptr);

-#if 0

-		if ( s->d1->r_msg_hdr.frag_off == 0)  /* waiting for a new msg */

-		else

-			s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */

-#endif

-#if 0

-		fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);

-#endif

-		l2n3(s->d1->r_msg_hdr.frag_off, ptr);

-		}

-	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);

-	if (i <= 0)

-		{

-		s->s3->alert_dispatch=1;

-		/* fprintf( stderr, "not done with alert\n" ); */

-		}

-	else

-		{

-		if ( s->s3->send_alert[0] == SSL3_AL_FATAL ||

-			s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)

-			(void)BIO_flush(s->wbio);

-		if (s->msg_callback)

-			s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,

-				2, s, s->msg_callback_arg);

-		if (s->info_callback != NULL)

-			cb=s->info_callback;

-		else if (s->ctx->info_callback != NULL)

-			cb=s->ctx->info_callback;

-		if (cb != NULL)

-			{

-			j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];

-			cb(s,SSL_CB_WRITE_ALERT,j);

-			}

-		}

-	return(i);

-	}

-static DTLS1_BITMAP *

-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)

-    {

-    *is_next_epoch = 0;

-    /* In current epoch, accept HM, CCS, DATA, & ALERT */

-    if (rr->epoch == s->d1->r_epoch)

-        return &s->d1->bitmap;

-    /* Only HM and ALERT messages can be from the next epoch */

-    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&

-        (rr->type == SSL3_RT_HANDSHAKE ||

-            rr->type == SSL3_RT_ALERT))

-        {

-        *is_next_epoch = 1;

-        return &s->d1->next_bitmap;

-        }

-    return NULL;

-    }

-#if 0

-static int

-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,

-	unsigned long *offset)

-	{

-	/* alerts are passed up immediately */

-	if ( rr->type == SSL3_RT_APPLICATION_DATA ||

-		rr->type == SSL3_RT_ALERT)

-		return 0;

-	/* Only need to buffer if a handshake is underway.

-	 * (this implies that Hello Request and Client Hello are passed up

-	 * immediately) */

-	if ( SSL_in_init(s))

-		{

-		unsigned char *data = rr->data;

-		/* need to extract the HM/CCS sequence number here */

-		if ( rr->type == SSL3_RT_HANDSHAKE ||

-			rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)

-			{

-			unsigned short seq_num;

-			struct hm_header_st msg_hdr;

-			struct ccs_header_st ccs_hdr;

-			if ( rr->type == SSL3_RT_HANDSHAKE)

-				{

-				dtls1_get_message_header(data, &msg_hdr);

-				seq_num = msg_hdr.seq;

-				*offset = msg_hdr.frag_off;

-				}

-			else

-				{

-				dtls1_get_ccs_header(data, &ccs_hdr);

-				seq_num = ccs_hdr.seq;

-				*offset = 0;

-				}

-			/* this is either a record we're waiting for, or a

-			 * retransmit of something we happened to previously

-			 * receive (higher layers will drop the repeat silently */

-			if ( seq_num < s->d1->handshake_read_seq)

-				return 0;

-			if (rr->type == SSL3_RT_HANDSHAKE &&

-				seq_num == s->d1->handshake_read_seq &&

-				msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)

-				return 0;

-			else if ( seq_num == s->d1->handshake_read_seq &&

-				(rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||

-					msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))

-				return 0;

-			else

-				{

-				*priority = seq_num;

-				return 1;

-				}

-			}

-		else /* unknown record type */

-			return 0;

-		}

-	return 0;

-	}

-#endif

-void

-dtls1_reset_seq_numbers(SSL *s, int rw)

-	{

-	unsigned char *seq;

-	unsigned int seq_bytes = sizeof(s->s3->read_sequence);

-	if ( rw & SSL3_CC_READ)

-		{

-		seq = s->s3->read_sequence;

-		s->d1->r_epoch++;

-		pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));

-		s->d1->bitmap.length = s->d1->next_bitmap.length;

-		pq_64bit_assign(&(s->d1->bitmap.max_seq_num),

-			&(s->d1->next_bitmap.max_seq_num));

-		pq_64bit_free(&(s->d1->next_bitmap.map));

-		pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));

-		memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));

-		pq_64bit_init(&(s->d1->next_bitmap.map));

-		pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));

-		}

-	else

-		{

-		seq = s->s3->write_sequence;

-		s->d1->w_epoch++;

-		}

-	memset(seq, 0x00, seq_bytes);

-	}

-#if PQ_64BIT_IS_INTEGER

-static PQ_64BIT

-bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)

-       {

-       PQ_64BIT _num;

-       _num = (((PQ_64BIT)bytes[0]) << 56) |

-               (((PQ_64BIT)bytes[1]) << 48) |

-               (((PQ_64BIT)bytes[2]) << 40) |

-               (((PQ_64BIT)bytes[3]) << 32) |

-               (((PQ_64BIT)bytes[4]) << 24) |

-               (((PQ_64BIT)bytes[5]) << 16) |

-               (((PQ_64BIT)bytes[6]) <<  8) |

-               (((PQ_64BIT)bytes[7])      );

-	   *num = _num ;

-       return _num;

-       }

-#endif

-static void

-dtls1_clear_timeouts(SSL *s)

-	{

-	memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));

-	}

--- a/sys/src/ape/lib/openssl/ssl/d1_srvr.c

+++ /dev/null

@@ -1,1147 +1,0 @@

-/* ssl/d1_srvr.c */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/md5.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-static SSL_METHOD *dtls1_get_server_method(int ver);

-static int dtls1_send_hello_verify_request(SSL *s);

-static SSL_METHOD *dtls1_get_server_method(int ver)

-	{

-	if (ver == DTLS1_VERSION)

-		return(DTLSv1_server_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,

-			dtls1_accept,

-			ssl_undefined_function,

-			dtls1_get_server_method)

-int dtls1_accept(SSL *s)

-	{

-	BUF_MEM *buf;

-	unsigned long l,Time=(unsigned long)time(NULL);

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	long num1;

-	int ret= -1;

-	int new_state,state,skip=0;

-	RAND_add(&Time,sizeof(Time),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	/* init things to blank */

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	if (s->cert == NULL)

-		{

-		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);

-		return(-1);

-		}

-	for (;;)

-		{

-		state=s->state;

-		switch (s->state)

-			{

-		case SSL_ST_RENEGOTIATE:

-			s->new_session=1;

-			/* s->state=SSL_ST_ACCEPT; */

-		case SSL_ST_BEFORE:

-		case SSL_ST_ACCEPT:

-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:

-		case SSL_ST_OK|SSL_ST_ACCEPT:

-			s->server=1;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))

-				{

-				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);

-				return -1;

-				}

-			s->type=SSL_ST_ACCEPT;

-			if (s->init_buf == NULL)

-				{

-				if ((buf=BUF_MEM_new()) == NULL)

-					{

-					ret= -1;

-					goto end;

-					}

-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))

-					{

-					ret= -1;

-					goto end;

-					}

-				s->init_buf=buf;

-				}

-			if (!ssl3_setup_buffers(s))

-				{

-				ret= -1;

-				goto end;

-				}

-			s->init_num=0;

-			if (s->state != SSL_ST_RENEGOTIATE)

-				{

-				/* Ok, we now need to push on a buffering BIO so that

-				 * the output is sent in a way that TCP likes :-)

-				 */

-				if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }

-				ssl3_init_finished_mac(s);

-				s->state=SSL3_ST_SR_CLNT_HELLO_A;

-				s->ctx->stats.sess_accept++;

-				}

-			else

-				{

-				/* s->state == SSL_ST_RENEGOTIATE,

-				 * we will just send a HelloRequest */

-				s->ctx->stats.sess_accept_renegotiate++;

-				s->state=SSL3_ST_SW_HELLO_REQ_A;

-				}

-            if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))

-                s->d1->send_cookie = 1;

-            else

-                s->d1->send_cookie = 0;

-			break;

-		case SSL3_ST_SW_HELLO_REQ_A:

-		case SSL3_ST_SW_HELLO_REQ_B:

-			s->shutdown=0;

-			ret=dtls1_send_hello_request(s);

-			if (ret <= 0) goto end;

-			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;

-			s->state=SSL3_ST_SW_FLUSH;

-			s->init_num=0;

-			ssl3_init_finished_mac(s);

-			break;

-		case SSL3_ST_SW_HELLO_REQ_C:

-			s->state=SSL_ST_OK;

-			break;

-		case SSL3_ST_SR_CLNT_HELLO_A:

-		case SSL3_ST_SR_CLNT_HELLO_B:

-		case SSL3_ST_SR_CLNT_HELLO_C:

-			s->shutdown=0;

-			ret=ssl3_get_client_hello(s);

-			if (ret <= 0) goto end;

-			s->new_session = 2;

-			if ( s->d1->send_cookie)

-				s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;

-			else

-				s->state = SSL3_ST_SW_SRVR_HELLO_A;

-			s->init_num=0;

-			break;

-		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:

-		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:

-			ret = dtls1_send_hello_verify_request(s);

-			if ( ret <= 0) goto end;

-			s->d1->send_cookie = 0;

-			s->state=SSL3_ST_SW_FLUSH;

-			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;

-			/* HelloVerifyRequests resets Finished MAC */

-			if (s->client_version != DTLS1_BAD_VER)

-				ssl3_init_finished_mac(s);

-			break;

-		case SSL3_ST_SW_SRVR_HELLO_A:

-		case SSL3_ST_SW_SRVR_HELLO_B:

-			ret=dtls1_send_server_hello(s);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL3_ST_SW_CHANGE_A;

-			else

-				s->state=SSL3_ST_SW_CERT_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_CERT_A:

-		case SSL3_ST_SW_CERT_B:

-			/* Check if it is anon DH */

-			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))

-				{

-				ret=dtls1_send_server_certificate(s);

-				if (ret <= 0) goto end;

-				}

-			else

-				skip=1;

-			s->state=SSL3_ST_SW_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_KEY_EXCH_A:

-		case SSL3_ST_SW_KEY_EXCH_B:

-			l=s->s3->tmp.new_cipher->algorithms;

-			/* clear this, it may get reset by

-			 * send_server_key_exchange */

-			if ((s->options & SSL_OP_EPHEMERAL_RSA)

-#ifndef OPENSSL_NO_KRB5

-				&& !(l & SSL_KRB5)

-#endif /* OPENSSL_NO_KRB5 */

-				)

-				/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key

-				 * even when forbidden by protocol specs

-				 * (handshake may fail as clients are not required to

-				 * be able to handle this) */

-				s->s3->tmp.use_rsa_tmp=1;

-			else

-				s->s3->tmp.use_rsa_tmp=0;

-			/* only send if a DH key exchange, fortezza or

-			 * RSA but we have a sign only certificate */

-			if (s->s3->tmp.use_rsa_tmp

-			    || (l & (SSL_DH|SSL_kFZA))

-			    || ((l & SSL_kRSA)

-				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

-				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)

-					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)

-					)

-				    )

-				)

-			    )

-				{

-				ret=dtls1_send_server_key_exchange(s);

-				if (ret <= 0) goto end;

-				}

-			else

-				skip=1;

-			s->state=SSL3_ST_SW_CERT_REQ_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_CERT_REQ_A:

-		case SSL3_ST_SW_CERT_REQ_B:

-			if (/* don't request cert unless asked for it: */

-				!(s->verify_mode & SSL_VERIFY_PEER) ||

-				/* if SSL_VERIFY_CLIENT_ONCE is set,

-				 * don't request cert during re-negotiation: */

-				((s->session->peer != NULL) &&

-				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||

-				/* never request cert in anonymous ciphersuites

-				 * (see section "Certificate request" in SSL 3 drafts

-				 * and in RFC 2246): */

-				((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&

-				 /* ... except when the application insists on verification

-				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */

-				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||

-                                 /* never request cert in Kerberos ciphersuites */

-                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))

-				{

-				/* no cert request */

-				skip=1;

-				s->s3->tmp.cert_request=0;

-				s->state=SSL3_ST_SW_SRVR_DONE_A;

-				}

-			else

-				{

-				s->s3->tmp.cert_request=1;

-				ret=dtls1_send_certificate_request(s);

-				if (ret <= 0) goto end;

-#ifndef NETSCAPE_HANG_BUG

-				s->state=SSL3_ST_SW_SRVR_DONE_A;

-#else

-				s->state=SSL3_ST_SW_FLUSH;

-				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;

-#endif

-				s->init_num=0;

-				}

-			break;

-		case SSL3_ST_SW_SRVR_DONE_A:

-		case SSL3_ST_SW_SRVR_DONE_B:

-			ret=dtls1_send_server_done(s);

-			if (ret <= 0) goto end;

-			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;

-			s->state=SSL3_ST_SW_FLUSH;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_FLUSH:

-			/* number of bytes to be flushed */

-			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);

-			if (num1 > 0)

-				{

-				s->rwstate=SSL_WRITING;

-				num1=BIO_flush(s->wbio);

-				if (num1 <= 0) { ret= -1; goto end; }

-				s->rwstate=SSL_NOTHING;

-				}

-			s->state=s->s3->tmp.next_state;

-			break;

-		case SSL3_ST_SR_CERT_A:

-		case SSL3_ST_SR_CERT_B:

-			/* Check for second client hello (MS SGC) */

-			ret = ssl3_check_client_hello(s);

-			if (ret <= 0)

-				goto end;

-			if (ret == 2)

-				s->state = SSL3_ST_SR_CLNT_HELLO_C;

-			else {

-				/* could be sent for a DH cert, even if we

-				 * have not asked for it :-) */

-				ret=ssl3_get_client_certificate(s);

-				if (ret <= 0) goto end;

-				s->init_num=0;

-				s->state=SSL3_ST_SR_KEY_EXCH_A;

-			}

-			break;

-		case SSL3_ST_SR_KEY_EXCH_A:

-		case SSL3_ST_SR_KEY_EXCH_B:

-			ret=ssl3_get_client_key_exchange(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SR_CERT_VRFY_A;

-			s->init_num=0;

-			/* We need to get hashes here so if there is

-			 * a client cert, it can be verified */

-			s->method->ssl3_enc->cert_verify_mac(s,

-				&(s->s3->finish_dgst1),

-				&(s->s3->tmp.cert_verify_md[0]));

-			s->method->ssl3_enc->cert_verify_mac(s,

-				&(s->s3->finish_dgst2),

-				&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));

-			break;

-		case SSL3_ST_SR_CERT_VRFY_A:

-		case SSL3_ST_SR_CERT_VRFY_B:

-			/* we should decide if we expected this one */

-			ret=ssl3_get_cert_verify(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SR_FINISHED_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SR_FINISHED_A:

-		case SSL3_ST_SR_FINISHED_B:

-			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,

-				SSL3_ST_SR_FINISHED_B);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL_ST_OK;

-			else

-				s->state=SSL3_ST_SW_CHANGE_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_CHANGE_A:

-		case SSL3_ST_SW_CHANGE_B:

-			s->session->cipher=s->s3->tmp.new_cipher;

-			if (!s->method->ssl3_enc->setup_key_block(s))

-				{ ret= -1; goto end; }

-			ret=dtls1_send_change_cipher_spec(s,

-				SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SW_FINISHED_A;

-			s->init_num=0;

-			if (!s->method->ssl3_enc->change_cipher_state(s,

-				SSL3_CHANGE_CIPHER_SERVER_WRITE))

-				{

-				ret= -1;

-				goto end;

-				}

-			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);

-			break;

-		case SSL3_ST_SW_FINISHED_A:

-		case SSL3_ST_SW_FINISHED_B:

-			ret=dtls1_send_finished(s,

-				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,

-				s->method->ssl3_enc->server_finished_label,

-				s->method->ssl3_enc->server_finished_label_len);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SW_FLUSH;

-			if (s->hit)

-				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;

-			else

-				s->s3->tmp.next_state=SSL_ST_OK;

-			s->init_num=0;

-			break;

-		case SSL_ST_OK:

-			/* clean a few things up */

-			ssl3_cleanup_key_block(s);

-#if 0

-			BUF_MEM_free(s->init_buf);

-			s->init_buf=NULL;

-#endif

-			/* remove buffering on output */

-			ssl_free_wbio_buffer(s);

-			s->init_num=0;

-			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */

-				{

-				/* actually not necessarily a 'new' session unless

-				 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */

-				s->new_session=0;

-				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);

-				s->ctx->stats.sess_accept_good++;

-				/* s->server=1; */

-				s->handshake_func=dtls1_accept;

-				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);

-				}

-			ret = 1;

-			/* done handshaking, next message is client hello */

-			s->d1->handshake_read_seq = 0;

-			/* next message is server hello */

-			s->d1->handshake_write_seq = 0;

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* break; */

-			}

-		if (!s->s3->tmp.reuse_message && !skip)

-			{

-			if (s->debug)

-				{

-				if ((ret=BIO_flush(s->wbio)) <= 0)

-					goto end;

-				}

-			if ((cb != NULL) && (s->state != state))

-				{

-				new_state=s->state;

-				s->state=state;

-				cb(s,SSL_CB_ACCEPT_LOOP,1);

-				s->state=new_state;

-				}

-			}

-		skip=0;

-		}

-end:

-	/* BIO_flush(s->wbio); */

-	s->in_handshake--;

-	if (cb != NULL)

-		cb(s,SSL_CB_ACCEPT_EXIT,ret);

-	return(ret);

-	}

-int dtls1_send_hello_request(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL3_ST_SW_HELLO_REQ_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);

-		s->state=SSL3_ST_SW_HELLO_REQ_B;

-		/* number of bytes to write */

-		s->init_num=DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-		/* no need to buffer this message, since there are no retransmit

-		 * requests for it */

-		}

-	/* SSL3_ST_SW_HELLO_REQ_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int dtls1_send_hello_verify_request(SSL *s)

-	{

-	unsigned int msg_len;

-	unsigned char *msg, *buf, *p;

-	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)

-		{

-		buf = (unsigned char *)s->init_buf->data;

-		msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);

-		if (s->client_version == DTLS1_BAD_VER)

-			*(p++) = DTLS1_BAD_VER>>8,

-			*(p++) = DTLS1_BAD_VER&0xff;

-		else

-			*(p++) = s->version >> 8,

-			*(p++) = s->version & 0xFF;

-		if (s->ctx->app_gen_cookie_cb != NULL &&

-		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie,

-		    &(s->d1->cookie_len)) == 0)

-			{

-			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);

-			return 0;

-			}

-		/* else the cookie is assumed to have

-		 * been initialized by the application */

-		*(p++) = (unsigned char) s->d1->cookie_len;

-		memcpy(p, s->d1->cookie, s->d1->cookie_len);

-		p += s->d1->cookie_len;

-		msg_len = p - msg;

-		dtls1_set_message_header(s, buf,

-			DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);

-		s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;

-		/* number of bytes to write */

-		s->init_num=p-buf;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int dtls1_send_server_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	int i;

-	unsigned int sl;

-	unsigned long l,Time;

-	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)

-		{

-		buf=(unsigned char *)s->init_buf->data;

-		p=s->s3->server_random;

-		Time=(unsigned long)time(NULL);			/* Time */

-		l2n(Time,p);

-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));

-		/* Do the message type and length last */

-		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

-		if (s->client_version == DTLS1_BAD_VER)

-			*(p++)=DTLS1_BAD_VER>>8,

-			*(p++)=DTLS1_BAD_VER&0xff;

-		else

-			*(p++)=s->version>>8,

-			*(p++)=s->version&0xff;

-		/* Random stuff */

-		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);

-		p+=SSL3_RANDOM_SIZE;

-		/* now in theory we have 3 options to sending back the

-		 * session id.  If it is a re-use, we send back the

-		 * old session-id, if it is a new session, we send

-		 * back the new session-id or we send back a 0 length

-		 * session-id if we want it to be single use.

-		 * Currently I will not implement the '0' length session-id

-		 * 12-Jan-98 - I'll now support the '0' length stuff.

-		 */

-		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))

-			s->session->session_id_length=0;

-		sl=s->session->session_id_length;

-		if (sl > sizeof s->session->session_id)

-			{

-			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		*(p++)=sl;

-		memcpy(p,s->session->session_id,sl);

-		p+=sl;

-		/* put the cipher */

-		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);

-		p+=i;

-		/* put the compression method */

-#ifdef OPENSSL_NO_COMP

-		*(p++)=0;

-#else

-		if (s->s3->tmp.new_compression == NULL)

-			*(p++)=0;

-		else

-			*(p++)=s->s3->tmp.new_compression->id;

-#endif

-		/* do the header */

-		l=(p-d);

-		d=buf;

-		d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);

-		s->state=SSL3_ST_CW_CLNT_HELLO_B;

-		/* number of bytes to write */

-		s->init_num=p-buf;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int dtls1_send_server_done(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL3_ST_SW_SRVR_DONE_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		/* do the header */

-		p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);

-		s->state=SSL3_ST_SW_SRVR_DONE_B;

-		/* number of bytes to write */

-		s->init_num=DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int dtls1_send_server_key_exchange(SSL *s)

-	{

-#ifndef OPENSSL_NO_RSA

-	unsigned char *q;

-	int j,num;

-	RSA *rsa;

-	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];

-	unsigned int u;

-#endif

-#ifndef OPENSSL_NO_DH

-	DH *dh=NULL,*dhp;

-#endif

-	EVP_PKEY *pkey;

-	unsigned char *p,*d;

-	int al,i;

-	unsigned long type;

-	int n;

-	CERT *cert;

-	BIGNUM *r[4];

-	int nr[4],kn;

-	BUF_MEM *buf;

-	EVP_MD_CTX md_ctx;

-	EVP_MD_CTX_init(&md_ctx);

-	if (s->state == SSL3_ST_SW_KEY_EXCH_A)

-		{

-		type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;

-		cert=s->cert;

-		buf=s->init_buf;

-		r[0]=r[1]=r[2]=r[3]=NULL;

-		n=0;

-#ifndef OPENSSL_NO_RSA

-		if (type & SSL_kRSA)

-			{

-			rsa=cert->rsa_tmp;

-			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))

-				{

-				rsa=s->cert->rsa_tmp_cb(s,

-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),

-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));

-				if(rsa == NULL)

-				{

-					al=SSL_AD_HANDSHAKE_FAILURE;

-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);

-					goto f_err;

-				}

-				RSA_up_ref(rsa);

-				cert->rsa_tmp=rsa;

-				}

-			if (rsa == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);

-				goto f_err;

-				}

-			r[0]=rsa->n;

-			r[1]=rsa->e;

-			s->s3->tmp.use_rsa_tmp=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DH

-			if (type & SSL_kEDH)

-			{

-			dhp=cert->dh_tmp;

-			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))

-				dhp=s->cert->dh_tmp_cb(s,

-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),

-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));

-			if (dhp == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);

-				goto f_err;

-				}

-			if (s->s3->tmp.dh != NULL)

-				{

-				DH_free(dh);

-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			if ((dh=DHparams_dup(dhp)) == NULL)

-				{

-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			s->s3->tmp.dh=dh;

-			if ((dhp->pub_key == NULL ||

-			     dhp->priv_key == NULL ||

-			     (s->options & SSL_OP_SINGLE_DH_USE)))

-				{

-				if(!DH_generate_key(dh))

-				    {

-				    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,

-					   ERR_R_DH_LIB);

-				    goto err;

-				    }

-				}

-			else

-				{

-				dh->pub_key=BN_dup(dhp->pub_key);

-				dh->priv_key=BN_dup(dhp->priv_key);

-				if ((dh->pub_key == NULL) ||

-					(dh->priv_key == NULL))

-					{

-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);

-					goto err;

-					}

-				}

-			r[0]=dh->p;

-			r[1]=dh->g;

-			r[2]=dh->pub_key;

-			}

-		else

-#endif

-			{

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);

-			goto f_err;

-			}

-		for (i=0; r[i] != NULL; i++)

-			{

-			nr[i]=BN_num_bytes(r[i]);

-			n+=2+nr[i];

-			}

-		if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))

-			{

-			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))

-				== NULL)

-				{

-				al=SSL_AD_DECODE_ERROR;

-				goto f_err;

-				}

-			kn=EVP_PKEY_size(pkey);

-			}

-		else

-			{

-			pkey=NULL;

-			kn=0;

-			}

-		if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))

-			{

-			SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);

-			goto err;

-			}

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[DTLS1_HM_HEADER_LENGTH]);

-		for (i=0; r[i] != NULL; i++)

-			{

-			s2n(nr[i],p);

-			BN_bn2bin(r[i],p);

-			p+=nr[i];

-			}

-		/* not anonymous */

-		if (pkey != NULL)

-			{

-			/* n is the length of the params, they start at

-			 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space

-			 * at the end. */

-#ifndef OPENSSL_NO_RSA

-			if (pkey->type == EVP_PKEY_RSA)

-				{

-				q=md_buf;

-				j=0;

-				for (num=2; num > 0; num--)

-					{

-					EVP_DigestInit_ex(&md_ctx,(num == 2)

-						?s->ctx->md5:s->ctx->sha1, NULL);

-					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-					EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);

-					EVP_DigestFinal_ex(&md_ctx,q,

-						(unsigned int *)&i);

-					q+=i;

-					j+=i;

-					}

-				if (RSA_sign(NID_md5_sha1, md_buf, j,

-					&(p[2]), &u, pkey->pkey.rsa) <= 0)

-					{

-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);

-					goto err;

-					}

-				s2n(u,p);

-				n+=u+2;

-				}

-			else

-#endif

-#if !defined(OPENSSL_NO_DSA)

-				if (pkey->type == EVP_PKEY_DSA)

-				{

-				/* lets do DSS */

-				EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);

-				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-				EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);

-				if (!EVP_SignFinal(&md_ctx,&(p[2]),

-					(unsigned int *)&i,pkey))

-					{

-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);

-					goto err;

-					}

-				s2n(i,p);

-				n+=i+2;

-				}

-			else

-#endif

-				{

-				/* Is this error check actually needed? */

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);

-				goto f_err;

-				}

-			}

-		d = dtls1_set_message_header(s, d,

-			SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);

-		/* we should now have things packed up, so lets send

-		 * it off */

-		s->init_num=n+DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	s->state = SSL3_ST_SW_KEY_EXCH_B;

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return(-1);

-	}

-int dtls1_send_certificate_request(SSL *s)

-	{

-	unsigned char *p,*d;

-	int i,j,nl,off,n;

-	STACK_OF(X509_NAME) *sk=NULL;

-	X509_NAME *name;

-	BUF_MEM *buf;

-	unsigned int msg_len;

-	if (s->state == SSL3_ST_SW_CERT_REQ_A)

-		{

-		buf=s->init_buf;

-		d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);

-		/* get the list of acceptable cert types */

-		p++;

-		n=ssl3_get_req_cert_type(s,p);

-		d[0]=n;

-		p+=n;

-		n++;

-		off=n;

-		p+=2;

-		n+=2;

-		sk=SSL_get_client_CA_list(s);

-		nl=0;

-		if (sk != NULL)

-			{

-			for (i=0; i<sk_X509_NAME_num(sk); i++)

-				{

-				name=sk_X509_NAME_value(sk,i);

-				j=i2d_X509_NAME(name,NULL);

-				if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))

-					{

-					SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);

-					goto err;

-					}

-				p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);

-				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))

-					{

-					s2n(j,p);

-					i2d_X509_NAME(name,&p);

-					n+=2+j;

-					nl+=2+j;

-					}

-				else

-					{

-					d=p;

-					i2d_X509_NAME(name,&p);

-					j-=2; s2n(j,d); j+=2;

-					n+=j;

-					nl+=j;

-					}

-				}

-			}

-		/* else no CA names */

-		p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);

-		s2n(nl,p);

-		d=(unsigned char *)buf->data;

-		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;

-		l2n3(n,d);

-		s2n(s->d1->handshake_write_seq,d);

-		s->d1->handshake_write_seq++;

-		/* we should now have things packed up, so lets send

-		 * it off */

-		s->init_num=n+DTLS1_HM_HEADER_LENGTH;

-		s->init_off=0;

-#ifdef NETSCAPE_HANG_BUG

-/* XXX: what to do about this? */

-		p=(unsigned char *)s->init_buf->data + s->init_num;

-		/* do the header */

-		*(p++)=SSL3_MT_SERVER_DONE;

-		*(p++)=0;

-		*(p++)=0;

-		*(p++)=0;

-		s->init_num += 4;

-#endif

-		/* XDTLS:  set message header ? */

-		msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;

-		dtls1_set_message_header(s, (void *)s->init_buf->data,

-			SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		s->state = SSL3_ST_SW_CERT_REQ_B;

-		}

-	/* SSL3_ST_SW_CERT_REQ_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-int dtls1_send_server_certificate(SSL *s)

-	{

-	unsigned long l;

-	X509 *x;

-	if (s->state == SSL3_ST_SW_CERT_A)

-		{

-		x=ssl_get_server_send_cert(s);

-		if (x == NULL &&

-                        /* VRS: allow null cert if auth == KRB5 */

-                        (s->s3->tmp.new_cipher->algorithms

-                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))

-                        != (SSL_aKRB5|SSL_kKRB5))

-			{

-			SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);

-			return(0);

-			}

-		l=dtls1_output_cert_chain(s,x);

-		s->state=SSL3_ST_SW_CERT_B;

-		s->init_num=(int)l;

-		s->init_off=0;

-		/* buffer the message to handle re-xmits */

-		dtls1_buffer_message(s, 0);

-		}

-	/* SSL3_ST_SW_CERT_B */

-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));

-	}

--- a/sys/src/ape/lib/openssl/ssl/dtls1.h

+++ /dev/null

@@ -1,211 +1,0 @@

-/* ssl/dtls1.h */

-/*

- * DTLS implementation written by Nagendra Modadugu

- * ([email protected]) for the OpenSSL project 2005.

- */

-/* ====================================================================

- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef HEADER_DTLS1_H

-#define HEADER_DTLS1_H

-#include <openssl/buffer.h>

-#include <openssl/pqueue.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define DTLS1_VERSION			0xFEFF

-#define DTLS1_BAD_VER			0x0100

-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110

-/* lengths of messages */

-#define DTLS1_COOKIE_LENGTH                     32

-#define DTLS1_RT_HEADER_LENGTH                  13

-#define DTLS1_HM_HEADER_LENGTH                  12

-#define DTLS1_HM_BAD_FRAGMENT                   -2

-#define DTLS1_HM_FRAGMENT_RETRY                 -3

-#define DTLS1_CCS_HEADER_LENGTH                  1

-#define DTLS1_AL_HEADER_LENGTH                   7

-typedef struct dtls1_bitmap_st

-	{

-	PQ_64BIT map;

-	unsigned long length;     /* sizeof the bitmap in bits */

-	PQ_64BIT max_seq_num;  /* max record number seen so far */

-	} DTLS1_BITMAP;

-struct hm_header_st

-	{

-	unsigned char type;

-	unsigned long msg_len;

-	unsigned short seq;

-	unsigned long frag_off;

-	unsigned long frag_len;

-	unsigned int is_ccs;

-	};

-struct ccs_header_st

-	{

-	unsigned char type;

-	unsigned short seq;

-	};

-struct dtls1_timeout_st

-	{

-	/* Number of read timeouts so far */

-	unsigned int read_timeouts;

-	/* Number of write timeouts so far */

-	unsigned int write_timeouts;

-	/* Number of alerts received so far */

-	unsigned int num_alerts;

-	};

-typedef struct record_pqueue_st

-	{

-	unsigned short epoch;

-	pqueue q;

-	} record_pqueue;

-typedef struct hm_fragment_st

-	{

-	struct hm_header_st msg_header;

-	unsigned char *fragment;

-	} hm_fragment;

-typedef struct dtls1_state_st

-	{

-	unsigned int send_cookie;

-	unsigned char cookie[DTLS1_COOKIE_LENGTH];

-	unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];

-	unsigned int cookie_len;

-	/*

-	 * The current data and handshake epoch.  This is initially

-	 * undefined, and starts at zero once the initial handshake is

-	 * completed

-	 */

-	unsigned short r_epoch;

-	unsigned short w_epoch;

-	/* records being received in the current epoch */

-	DTLS1_BITMAP bitmap;

-	/* renegotiation starts a new set of sequence numbers */

-	DTLS1_BITMAP next_bitmap;

-	/* handshake message numbers */

-	unsigned short handshake_write_seq;

-	unsigned short next_handshake_write_seq;

-	unsigned short handshake_read_seq;

-	/* Received handshake records (processed and unprocessed) */

-	record_pqueue unprocessed_rcds;

-	record_pqueue processed_rcds;

-	/* Buffered handshake messages */

-	pqueue buffered_messages;

-	/* Buffered (sent) handshake records */

-	pqueue sent_messages;

-	unsigned int mtu; /* max wire packet size */

-	struct hm_header_st w_msg_hdr;

-	struct hm_header_st r_msg_hdr;

-	struct dtls1_timeout_st timeout;

-	/* storage for Alert/Handshake protocol data received but not

-	 * yet processed by ssl3_read_bytes: */

-	unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];

-	unsigned int alert_fragment_len;

-	unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];

-	unsigned int handshake_fragment_len;

-	unsigned int retransmitting;

-	} DTLS1_STATE;

-typedef struct dtls1_record_data_st

-	{

-	unsigned char *packet;

-	unsigned int   packet_length;

-	SSL3_BUFFER    rbuf;

-	SSL3_RECORD    rrec;

-	} DTLS1_RECORD_DATA;

-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */

-#define DTLS1_TMO_READ_COUNT                      2

-#define DTLS1_TMO_WRITE_COUNT                     2

-#define DTLS1_TMO_ALERT_COUNT                     12

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/kssl.c

+++ /dev/null

@@ -1,2203 +1,0 @@

-/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*  ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl

-**

-**  19990701	VRS 	Started.

-**  200011??	Jeffrey Altman, Richard Levitte

-**          		Generalized for Heimdal, Newer MIT, & Win32.

-**          		Integrated into main OpenSSL 0.9.7 snapshots.

-**  20010413	Simon Wilkinson, VRS

-**          		Real RFC2712 KerberosWrapper replaces AP_REQ.

-*/

-#include <openssl/opensslconf.h>

-#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */

-#include <time.h>

-#if 0 /* experimental */

-#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */

-#endif

-#include <string.h>

-#define KRB5_PRIVATE	1

-#include <openssl/ssl.h>

-#include <openssl/evp.h>

-#include <openssl/objects.h>

-#include <openssl/krb5_asn.h>

-#ifndef OPENSSL_NO_KRB5

-#ifndef ENOMEM

-#define ENOMEM KRB5KRB_ERR_GENERIC

-#endif

-/*

- * When OpenSSL is built on Windows, we do not want to require that

- * the Kerberos DLLs be available in order for the OpenSSL DLLs to

- * work.  Therefore, all Kerberos routines are loaded at run time

- * and we do not link to a .LIB file.

- */

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)

-/*

- * The purpose of the following pre-processor statements is to provide

- * compatibility with different releases of MIT Kerberos for Windows.

- * All versions up to 1.2 used macros.  But macros do not allow for

- * a binary compatible interface for DLLs.  Therefore, all macros are

- * being replaced by function calls.  The following code will allow

- * an OpenSSL DLL built on Windows to work whether or not the macro

- * or function form of the routines are utilized.

- */

-#ifdef  krb5_cc_get_principal

-#define NO_DEF_KRB5_CCACHE

-#undef  krb5_cc_get_principal

-#endif

-#define krb5_cc_get_principal    kssl_krb5_cc_get_principal

-#define krb5_free_data_contents  kssl_krb5_free_data_contents

-#define krb5_free_context        kssl_krb5_free_context

-#define krb5_auth_con_free       kssl_krb5_auth_con_free

-#define krb5_free_principal      kssl_krb5_free_principal

-#define krb5_mk_req_extended     kssl_krb5_mk_req_extended

-#define krb5_get_credentials     kssl_krb5_get_credentials

-#define krb5_cc_default          kssl_krb5_cc_default

-#define krb5_sname_to_principal  kssl_krb5_sname_to_principal

-#define krb5_init_context        kssl_krb5_init_context

-#define krb5_free_ticket         kssl_krb5_free_ticket

-#define krb5_rd_req              kssl_krb5_rd_req

-#define krb5_kt_default          kssl_krb5_kt_default

-#define krb5_kt_resolve          kssl_krb5_kt_resolve

-/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */

-#ifndef krb5_kt_close

-#define krb5_kt_close            kssl_krb5_kt_close

-#endif /* krb5_kt_close */

-#ifndef krb5_kt_get_entry

-#define krb5_kt_get_entry        kssl_krb5_kt_get_entry

-#endif /* krb5_kt_get_entry */

-#define krb5_auth_con_init       kssl_krb5_auth_con_init

-#define krb5_principal_compare   kssl_krb5_principal_compare

-#define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part

-#define krb5_timeofday           kssl_krb5_timeofday

-#define krb5_rc_default           kssl_krb5_rc_default

-#ifdef krb5_rc_initialize

-#undef krb5_rc_initialize

-#endif

-#define krb5_rc_initialize   kssl_krb5_rc_initialize

-#ifdef krb5_rc_get_lifespan

-#undef krb5_rc_get_lifespan

-#endif

-#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan

-#ifdef krb5_rc_destroy

-#undef krb5_rc_destroy

-#endif

-#define krb5_rc_destroy      kssl_krb5_rc_destroy

-#define valid_cksumtype      kssl_valid_cksumtype

-#define krb5_checksum_size   kssl_krb5_checksum_size

-#define krb5_kt_free_entry   kssl_krb5_kt_free_entry

-#define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache

-#define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache

-#define krb5_get_server_rcache   kssl_krb5_get_server_rcache

-/* Prototypes for built in stubs */

-void kssl_krb5_free_data_contents(krb5_context, krb5_data *);

-void kssl_krb5_free_principal(krb5_context, krb5_principal );

-krb5_error_code kssl_krb5_kt_resolve(krb5_context,

-                                     krb5_const char *,

-                                     krb5_keytab *);

-krb5_error_code kssl_krb5_kt_default(krb5_context,

-                                     krb5_keytab *);

-krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);

-krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,

-                                 krb5_const krb5_data *,

-                                 krb5_const_principal, krb5_keytab,

-                                 krb5_flags *,krb5_ticket **);

-krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,

-                                         krb5_const_principal);

-krb5_error_code kssl_krb5_mk_req_extended(krb5_context,

-                                          krb5_auth_context  *,

-                                          krb5_const krb5_flags,

-                                          krb5_data  *,

-                                          krb5_creds  *,

-                                          krb5_data  * );

-krb5_error_code kssl_krb5_init_context(krb5_context *);

-void kssl_krb5_free_context(krb5_context);

-krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache  *);

-krb5_error_code kssl_krb5_sname_to_principal(krb5_context,

-                                             krb5_const char  *,

-                                             krb5_const char  *,

-                                             krb5_int32,

-                                             krb5_principal  *);

-krb5_error_code kssl_krb5_get_credentials(krb5_context,

-                                          krb5_const krb5_flags,

-                                          krb5_ccache,

-                                          krb5_creds  *,

-                                          krb5_creds  *  *);

-krb5_error_code kssl_krb5_auth_con_init(krb5_context,

-                                        krb5_auth_context  *);

-krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,

-                                           krb5_ccache cache,

-                                           krb5_principal *principal);

-krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);

-size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);

-krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);

-krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );

-krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,

-                                             krb5_auth_context,

-                                             krb5_rcache);

-krb5_error_code kssl_krb5_get_server_rcache(krb5_context,

-                                            krb5_const krb5_data *,

-                                            krb5_rcache *);

-krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,

-                                             krb5_auth_context,

-                                             krb5_rcache *);

-/* Function pointers (almost all Kerberos functions are _stdcall) */

-static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)

-	=NULL;

-static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )

-	=NULL;

-static krb5_error_code(_stdcall *p_krb5_kt_resolve)

-			(krb5_context, krb5_const char *, krb5_keytab *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context,

-                                                     krb5_keytab *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context,

-                                                      krb5_ticket *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context,

-                                                 krb5_auth_context *,

-                                                 krb5_const krb5_data *,

-                                                 krb5_const_principal,

-                                                 krb5_keytab, krb5_flags *,

-                                                 krb5_ticket **)=NULL;

-static krb5_error_code (_stdcall *p_krb5_mk_req_extended)

-			(krb5_context, krb5_auth_context *,

-			 krb5_const krb5_flags, krb5_data *, krb5_creds *,

-			 krb5_data * )=NULL;

-static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL;

-static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL;

-static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context,

-                                                     krb5_ccache  *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_sname_to_principal)

-			(krb5_context, krb5_const char *, krb5_const char *,

-			 krb5_int32, krb5_principal *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_get_credentials)

-			(krb5_context, krb5_const krb5_flags, krb5_ccache,

-			 krb5_creds *, krb5_creds **)=NULL;

-static krb5_error_code (_stdcall *p_krb5_auth_con_init)

-			(krb5_context, krb5_auth_context *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_cc_get_principal)

-			(krb5_context context, krb5_ccache cache,

-			 krb5_principal *principal)=NULL;

-static krb5_error_code (_stdcall *p_krb5_auth_con_free)

-			(krb5_context, krb5_auth_context)=NULL;

-static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)

-                        (krb5_context, krb5_const krb5_keyblock *,

-                                           krb5_ticket *)=NULL;

-static krb5_error_code (_stdcall *p_krb5_timeofday)

-                        (krb5_context context, krb5_int32 *timeret)=NULL;

-static krb5_error_code (_stdcall *p_krb5_rc_default)

-                        (krb5_context context, krb5_rcache *rc)=NULL;

-static krb5_error_code (_stdcall *p_krb5_rc_initialize)

-                        (krb5_context context, krb5_rcache rc,

-                                     krb5_deltat lifespan)=NULL;

-static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)

-                        (krb5_context context, krb5_rcache rc,

-                                       krb5_deltat *lifespan)=NULL;

-static krb5_error_code (_stdcall *p_krb5_rc_destroy)

-                        (krb5_context context, krb5_rcache rc)=NULL;

-static krb5_boolean (_stdcall *p_krb5_principal_compare)

-                     (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;

-static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;

-static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;

-static krb5_error_code (_stdcall *p_krb5_kt_free_entry)

-                        (krb5_context,krb5_keytab_entry * )=NULL;

-static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context,

-                                                               krb5_auth_context,

-                                                               krb5_rcache)=NULL;

-static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context,

-                                                              krb5_const krb5_data *,

-                                                              krb5_rcache *)=NULL;

-static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context,

-                                                      krb5_auth_context,

-                                                      krb5_rcache *)=NULL;

-static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context,

-                                                    krb5_keytab keytab)=NULL;

-static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context,

-                                                        krb5_keytab keytab,

-                       krb5_const_principal principal, krb5_kvno vno,

-                       krb5_enctype enctype, krb5_keytab_entry *entry)=NULL;

-static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */

-/* Function to Load the Kerberos 5 DLL and initialize function pointers */

-void

-load_krb5_dll(void)

-	{

-	HANDLE hKRB5_32;

-	krb5_loaded++;

-	hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));

-	if (!hKRB5_32)

-		return;

-	(FARPROC) p_krb5_free_data_contents =

-		GetProcAddress( hKRB5_32, "krb5_free_data_contents" );

-	(FARPROC) p_krb5_free_context =

-		GetProcAddress( hKRB5_32, "krb5_free_context" );

-	(FARPROC) p_krb5_auth_con_free =

-		GetProcAddress( hKRB5_32, "krb5_auth_con_free" );

-	(FARPROC) p_krb5_free_principal =

-		GetProcAddress( hKRB5_32, "krb5_free_principal" );

-	(FARPROC) p_krb5_mk_req_extended =

-		GetProcAddress( hKRB5_32, "krb5_mk_req_extended" );

-	(FARPROC) p_krb5_get_credentials =

-		GetProcAddress( hKRB5_32, "krb5_get_credentials" );

-	(FARPROC) p_krb5_cc_get_principal =

-		GetProcAddress( hKRB5_32, "krb5_cc_get_principal" );

-	(FARPROC) p_krb5_cc_default =

-		GetProcAddress( hKRB5_32, "krb5_cc_default" );

-	(FARPROC) p_krb5_sname_to_principal =

-		GetProcAddress( hKRB5_32, "krb5_sname_to_principal" );

-	(FARPROC) p_krb5_init_context =

-		GetProcAddress( hKRB5_32, "krb5_init_context" );

-	(FARPROC) p_krb5_free_ticket =

-		GetProcAddress( hKRB5_32, "krb5_free_ticket" );

-	(FARPROC) p_krb5_rd_req =

-		GetProcAddress( hKRB5_32, "krb5_rd_req" );

-	(FARPROC) p_krb5_principal_compare =

-		GetProcAddress( hKRB5_32, "krb5_principal_compare" );

-	(FARPROC) p_krb5_decrypt_tkt_part =

-		GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" );

-	(FARPROC) p_krb5_timeofday =

-		GetProcAddress( hKRB5_32, "krb5_timeofday" );

-	(FARPROC) p_krb5_rc_default =

-		GetProcAddress( hKRB5_32, "krb5_rc_default" );

-	(FARPROC) p_krb5_rc_initialize =

-		GetProcAddress( hKRB5_32, "krb5_rc_initialize" );

-	(FARPROC) p_krb5_rc_get_lifespan =

-		GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" );

-	(FARPROC) p_krb5_rc_destroy =

-		GetProcAddress( hKRB5_32, "krb5_rc_destroy" );

-	(FARPROC) p_krb5_kt_default =

-		GetProcAddress( hKRB5_32, "krb5_kt_default" );

-	(FARPROC) p_krb5_kt_resolve =

-		GetProcAddress( hKRB5_32, "krb5_kt_resolve" );

-	(FARPROC) p_krb5_auth_con_init =

-		GetProcAddress( hKRB5_32, "krb5_auth_con_init" );

-        (FARPROC) p_valid_cksumtype =

-                GetProcAddress( hKRB5_32, "valid_cksumtype" );

-        (FARPROC) p_krb5_checksum_size =

-                GetProcAddress( hKRB5_32, "krb5_checksum_size" );

-        (FARPROC) p_krb5_kt_free_entry =

-                GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );

-        (FARPROC) p_krb5_auth_con_setrcache =

-                GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" );

-        (FARPROC) p_krb5_get_server_rcache =

-                GetProcAddress( hKRB5_32, "krb5_get_server_rcache" );

-        (FARPROC) p_krb5_auth_con_getrcache =

-                GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" );

-        (FARPROC) p_krb5_kt_close =

-                GetProcAddress( hKRB5_32, "krb5_kt_close" );

-        (FARPROC) p_krb5_kt_get_entry =

-                GetProcAddress( hKRB5_32, "krb5_kt_get_entry" );

-	}

-/* Stubs for each function to be dynamicly loaded */

-void

-kssl_krb5_free_data_contents(krb5_context CO, krb5_data  * data)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_free_data_contents )

-		p_krb5_free_data_contents(CO,data);

-	}

-krb5_error_code

-kssl_krb5_mk_req_extended (krb5_context CO,

-                          krb5_auth_context  * pACO,

-                          krb5_const krb5_flags F,

-                          krb5_data  * pD1,

-                          krb5_creds  * pC,

-                          krb5_data  * pD2)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_mk_req_extended )

-		return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_auth_con_init(krb5_context CO,

-                       krb5_auth_context  * pACO)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_auth_con_init )

-		return(p_krb5_auth_con_init(CO,pACO));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_auth_con_free (krb5_context CO,

-                        krb5_auth_context ACO)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_auth_con_free )

-		return(p_krb5_auth_con_free(CO,ACO));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_get_credentials(krb5_context CO,

-                         krb5_const krb5_flags F,

-                         krb5_ccache CC,

-                         krb5_creds  * pCR,

-                         krb5_creds  ** ppCR)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_get_credentials )

-		return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_sname_to_principal(krb5_context CO,

-                            krb5_const char  * pC1,

-                            krb5_const char  * pC2,

-                            krb5_int32 I,

-                            krb5_principal  * pPR)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_sname_to_principal )

-		return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_cc_default(krb5_context CO,

-                    krb5_ccache  * pCC)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_cc_default )

-		return(p_krb5_cc_default(CO,pCC));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_init_context(krb5_context * pCO)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_init_context )

-		return(p_krb5_init_context(pCO));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-void

-kssl_krb5_free_context(krb5_context CO)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_free_context )

-		p_krb5_free_context(CO);

-	}

-void

-kssl_krb5_free_principal(krb5_context c, krb5_principal p)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_free_principal )

-		p_krb5_free_principal(c,p);

-	}

-krb5_error_code

-kssl_krb5_kt_resolve(krb5_context con,

-                    krb5_const char * sz,

-                    krb5_keytab * kt)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_kt_resolve )

-		return(p_krb5_kt_resolve(con,sz,kt));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_kt_default(krb5_context con,

-                    krb5_keytab * kt)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_kt_default )

-		return(p_krb5_kt_default(con,kt));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_free_ticket(krb5_context con,

-                     krb5_ticket * kt)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_free_ticket )

-		return(p_krb5_free_ticket(con,kt));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon,

-                krb5_const krb5_data * data,

-                krb5_const_principal princ, krb5_keytab keytab,

-                krb5_flags * flags, krb5_ticket ** pptkt)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_rd_req )

-		return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_boolean

-krb5_principal_compare(krb5_context con, krb5_const_principal princ1,

-                krb5_const_principal princ2)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_principal_compare )

-		return(p_krb5_principal_compare(con,princ1,princ2));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,

-                krb5_ticket *ticket)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_decrypt_tkt_part )

-		return(p_krb5_decrypt_tkt_part(con,keys,ticket));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-krb5_timeofday(krb5_context con, krb5_int32 *timeret)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_timeofday )

-		return(p_krb5_timeofday(con,timeret));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-krb5_rc_default(krb5_context con, krb5_rcache *rc)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_rc_default )

-		return(p_krb5_rc_default(con,rc));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_rc_initialize )

-		return(p_krb5_rc_initialize(con, rc, lifespan));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_rc_get_lifespan )

-		return(p_krb5_rc_get_lifespan(con, rc, lifespanp));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-krb5_rc_destroy(krb5_context con, krb5_rcache rc)

-	{

-	if (!krb5_loaded)

-		load_krb5_dll();

-	if ( p_krb5_rc_destroy )

-		return(p_krb5_rc_destroy(con, rc));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-size_t

-krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)

-        {

-        if (!krb5_loaded)

-                load_krb5_dll();

-        if ( p_krb5_checksum_size )

-                return(p_krb5_checksum_size(context, ctype));

-        else

-                return KRB5KRB_ERR_GENERIC;

-        }

-krb5_boolean

-valid_cksumtype(krb5_cksumtype ctype)

-        {

-        if (!krb5_loaded)

-                load_krb5_dll();

-        if ( p_valid_cksumtype )

-                return(p_valid_cksumtype(ctype));

-        else

-                return KRB5KRB_ERR_GENERIC;

-        }

-krb5_error_code

-krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)

-        {

-        if (!krb5_loaded)

-                load_krb5_dll();

-        if ( p_krb5_kt_free_entry )

-                return(p_krb5_kt_free_entry(con,entry));

-        else

-                return KRB5KRB_ERR_GENERIC;

-        }

-/* Structure definitions  */

-#ifndef NO_DEF_KRB5_CCACHE

-#ifndef krb5_x

-#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))

-#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))

-#endif

-typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */

-typedef struct _krb5_ccache

-	{

-	krb5_magic magic;

-	struct _krb5_cc_ops FAR *ops;

-	krb5_pointer data;

-	} *krb5_ccache;

-typedef struct _krb5_cc_ops

-	{

-	krb5_magic magic;

-	char  *prefix;

-	char  * (KRB5_CALLCONV *get_name)

-		(krb5_context, krb5_ccache);

-	krb5_error_code (KRB5_CALLCONV *resolve)

-		(krb5_context, krb5_ccache  *, const char  *);

-	krb5_error_code (KRB5_CALLCONV *gen_new)

-		(krb5_context, krb5_ccache  *);

-	krb5_error_code (KRB5_CALLCONV *init)

-		(krb5_context, krb5_ccache, krb5_principal);

-	krb5_error_code (KRB5_CALLCONV *destroy)

-		(krb5_context, krb5_ccache);

-	krb5_error_code (KRB5_CALLCONV *close)

-		(krb5_context, krb5_ccache);

-	krb5_error_code (KRB5_CALLCONV *store)

-		(krb5_context, krb5_ccache, krb5_creds  *);

-	krb5_error_code (KRB5_CALLCONV *retrieve)

-		(krb5_context, krb5_ccache,

-		krb5_flags, krb5_creds  *, krb5_creds  *);

-	krb5_error_code (KRB5_CALLCONV *get_princ)

-		(krb5_context, krb5_ccache, krb5_principal  *);

-	krb5_error_code (KRB5_CALLCONV *get_first)

-		(krb5_context, krb5_ccache, krb5_cc_cursor  *);

-	krb5_error_code (KRB5_CALLCONV *get_next)

-		(krb5_context, krb5_ccache,

-		krb5_cc_cursor  *, krb5_creds  *);

-	krb5_error_code (KRB5_CALLCONV *end_get)

-		(krb5_context, krb5_ccache, krb5_cc_cursor  *);

-	krb5_error_code (KRB5_CALLCONV *remove_cred)

-		(krb5_context, krb5_ccache,

-		krb5_flags, krb5_creds  *);

-	krb5_error_code (KRB5_CALLCONV *set_flags)

-		(krb5_context, krb5_ccache, krb5_flags);

-	} krb5_cc_ops;

-#endif /* NO_DEF_KRB5_CCACHE */

-krb5_error_code

-kssl_krb5_cc_get_principal

-    (krb5_context context, krb5_ccache cache,

-      krb5_principal *principal)

-	{

-	if ( p_krb5_cc_get_principal )

-		return(p_krb5_cc_get_principal(context,cache,principal));

-	else

-		return(krb5_x

-			((cache)->ops->get_princ,(context, cache, principal)));

-	}

-krb5_error_code

-kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,

-                             krb5_rcache rcache)

-        {

-        if ( p_krb5_auth_con_setrcache )

-                 return(p_krb5_auth_con_setrcache(con,acon,rcache));

-        else

-                 return KRB5KRB_ERR_GENERIC;

-        }

-krb5_error_code

-kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data,

-                            krb5_rcache * rcache)

-        {

-	if ( p_krb5_get_server_rcache )

-		return(p_krb5_get_server_rcache(con,data,rcache));

-	else

-		return KRB5KRB_ERR_GENERIC;

-        }

-krb5_error_code

-kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,

-                             krb5_rcache * prcache)

-        {

-	if ( p_krb5_auth_con_getrcache )

-		return(p_krb5_auth_con_getrcache(con,acon, prcache));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)

-	{

-	if ( p_krb5_kt_close )

-		return(p_krb5_kt_close(context,keytab));

-	else

-		return KRB5KRB_ERR_GENERIC;

-	}

-krb5_error_code

-kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,

-                       krb5_const_principal principal, krb5_kvno vno,

-                       krb5_enctype enctype, krb5_keytab_entry *entry)

-	{

-	if ( p_krb5_kt_get_entry )

-		return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry));

-	else

-		return KRB5KRB_ERR_GENERIC;

-        }

-#endif  /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */

-/* memory allocation functions for non-temporary storage

- * (e.g. stuff that gets saved into the kssl context) */

-static void* kssl_calloc(size_t nmemb, size_t size)

-{

-	void* p;

-	p=OPENSSL_malloc(nmemb*size);

-	if (p){

-		memset(p, 0, nmemb*size);

-	}

-	return p;

-}

-#define kssl_malloc(size) OPENSSL_malloc((size))

-#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)

-#define kssl_free(ptr) OPENSSL_free((ptr))

-char

-*kstring(char *string)

-        {

-        static char	*null = "[NULL]";

-	return ((string == NULL)? null: string);

-        }

-/*	Given KRB5 enctype (basically DES or 3DES),

-**	return closest match openssl EVP_ encryption algorithm.

-**	Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.

-**	Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.

-*/

-const EVP_CIPHER *

-kssl_map_enc(krb5_enctype enctype)

-        {

-	switch (enctype)

-		{

-	case ENCTYPE_DES_HMAC_SHA1:		/*    EVP_des_cbc();       */

-	case ENCTYPE_DES_CBC_CRC:

-	case ENCTYPE_DES_CBC_MD4:

-	case ENCTYPE_DES_CBC_MD5:

-	case ENCTYPE_DES_CBC_RAW:

-				return EVP_des_cbc();

-				break;

-	case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */

-	case ENCTYPE_DES3_CBC_SHA:

-	case ENCTYPE_DES3_CBC_RAW:

-				return EVP_des_ede3_cbc();

-				break;

-	default:                return NULL;

-				break;

-		}

-	}

-/*	Return true:1 if p "looks like" the start of the real authenticator

-**	described in kssl_skip_confound() below.  The ASN.1 pattern is

-**	"62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and

-**	xx and yy are possibly multi-byte length fields.

-*/

-int 	kssl_test_confound(unsigned char *p)

-	{

-	int 	len = 2;

-	int 	xx = 0, yy = 0;

-	if (*p++ != 0x62)  return 0;

-	if (*p > 0x82)  return 0;

-	switch(*p)  {

-		case 0x82:  p++;          xx = (*p++ << 8);  xx += *p++;  break;

-		case 0x81:  p++;          xx =  *p++;  break;

-		case 0x80:  return 0;

-		default:    xx = *p++;  break;

-		}

-	if (*p++ != 0x30)  return 0;

-	if (*p > 0x82)  return 0;

-	switch(*p)  {

-		case 0x82:  p++; len+=2;  yy = (*p++ << 8);  yy += *p++;  break;

-		case 0x81:  p++; len++;   yy =  *p++;  break;

-		case 0x80:  return 0;

-		default:    yy = *p++;  break;

-		}

-	return (xx - len == yy)? 1: 0;

-	}

-/*	Allocate, fill, and return cksumlens array of checksum lengths.

-**	This array holds just the unique elements from the krb5_cksumarray[].

-**	array[n] == 0 signals end of data.

-**

-**      The krb5_cksumarray[] was an internal variable that has since been

-**      replaced by a more general method for storing the data.  It should

-**      not be used.  Instead we use real API calls and make a guess for

-**      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2

-**      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.

-*/

-size_t  *populate_cksumlens(void)

-	{

-	int 		i, j, n;

-	static size_t 	*cklens = NULL;

-#ifdef KRB5_MIT_OLD11

-	n = krb5_max_cksum;

-#else

-	n = 0x0010;

-#endif	/* KRB5_MIT_OLD11 */

-#ifdef KRB5CHECKAUTH

-	if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1)))  return NULL;

-	for (i=0; i < n; i++)  {

-		if (!valid_cksumtype(i))  continue;	/*  array has holes  */

-		for (j=0; j < n; j++)  {

-			if (cklens[j] == 0)  {

-				cklens[j] = krb5_checksum_size(NULL,i);

-				break;		/*  krb5 elem was new: add   */

-				}

-			if (cklens[j] == krb5_checksum_size(NULL,i))  {

-				break;		/*  ignore duplicate elements */

-				}

-			}

-		}

-#endif	/* KRB5CHECKAUTH */

-	return cklens;

-	}

-/*	Return pointer to start of real authenticator within authenticator, or

-**	return NULL on error.

-**	Decrypted authenticator looks like this:

-**		[0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]

-**	This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the

-**	krb5_auth_con_getcksumtype() function advertised in its krb5.h.

-*/

-unsigned char	*kssl_skip_confound(krb5_enctype etype, unsigned char *a)

-	{

-	int 		i, conlen;

-	size_t		cklen;

-	static size_t 	*cksumlens = NULL;

-	unsigned char	*test_auth;

-	conlen = (etype)? 8: 0;

-	if (!cksumlens  &&  !(cksumlens = populate_cksumlens()))  return NULL;

-	for (i=0; (cklen = cksumlens[i]) != 0; i++)

-		{

-		test_auth = a + conlen + cklen;

-		if (kssl_test_confound(test_auth))  return test_auth;

-		}

-	return NULL;

-	}

-/*	Set kssl_err error info when reason text is a simple string

-**		kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }

-*/

-void

-kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)

-        {

-	if (kssl_err == NULL)  return;

-	kssl_err->reason = reason;

-	BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, text);

-	return;

-        }

-/*	Display contents of krb5_data struct, for debugging

-*/

-void

-print_krb5_data(char *label, krb5_data *kdata)

-        {

-	int i;

-	printf("%s[%d] ", label, kdata->length);

-	for (i=0; i < (int)kdata->length; i++)

-                {

-		if (0 &&  isprint((int) kdata->data[i]))

-                        printf(	"%c ",  kdata->data[i]);

-		else

-                        printf(	"%02x ", (unsigned char) kdata->data[i]);

-		}

-	printf("\n");

-        }

-/*	Display contents of krb5_authdata struct, for debugging

-*/

-void

-print_krb5_authdata(char *label, krb5_authdata **adata)

-        {

-	if (adata == NULL)

-                {

-		printf("%s, authdata==0\n", label);

-		return;

-		}

-	printf("%s [%p]\n", label, (void *)adata);

-#if 0

-	{

-        int 	i;

-	printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);

-	for (i=0; i < adata->length; i++)

-                {

-                printf((isprint(adata->contents[i]))? "%c ": "%02x",

-                        adata->contents[i]);

-		}

-	printf("\n");

-	}

-#endif

-	}

-/*	Display contents of krb5_keyblock struct, for debugging

-*/

-void

-print_krb5_keyblock(char *label, krb5_keyblock *keyblk)

-        {

-	int i;

-	if (keyblk == NULL)

-                {

-		printf("%s, keyblk==0\n", label);

-		return;

-		}

-#ifdef KRB5_HEIMDAL

-	printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,

-					   keyblk->keyvalue->length);

-	for (i=0; i < (int)keyblk->keyvalue->length; i++)

-                {

-		printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);

-		}

-	printf("\n");

-#else

-	printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);

-	for (i=0; i < (int)keyblk->length; i++)

-                {

-		printf("%02x",keyblk->contents[i]);

-		}

-	printf("\n");

-#endif

-        }

-/*	Display contents of krb5_principal_data struct, for debugging

-**	(krb5_principal is typedef'd == krb5_principal_data *)

-*/

-void

-print_krb5_princ(char *label, krb5_principal_data *princ)

-        {

-	int i, ui, uj;

-	printf("%s principal Realm: ", label);

-	if (princ == NULL)  return;

-	for (ui=0; ui < (int)princ->realm.length; ui++)  putchar(princ->realm.data[ui]);

-	printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);

-	for (i=0; i < (int)princ->length; i++)

-                {

-		printf("\t%d [%d]: ", i, princ->data[i].length);

-		for (uj=0; uj < (int)princ->data[i].length; uj++)  {

-			putchar(princ->data[i].data[uj]);

-			}

-		printf("\n");

-		}

-	return;

-        }

-/*	Given krb5 service (typically "kssl") and hostname in kssl_ctx,

-**	Return encrypted Kerberos ticket for service @ hostname.

-**	If authenp is non-NULL, also return encrypted authenticator,

-**	whose data should be freed by caller.

-**	(Originally was: Create Kerberos AP_REQ message for SSL Client.)

-**

-**	19990628	VRS 	Started; Returns Kerberos AP_REQ message.

-**	20010409	VRS 	Modified for RFC2712; Returns enc tkt.

-**	20010606	VRS 	May also return optional authenticator.

-*/

-krb5_error_code

-kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,

-                /* OUT    */	krb5_data **enc_ticketp,

-                /* UPDATE */	krb5_data *authenp,

-                /* OUT    */	KSSL_ERR *kssl_err)

-	{

-	krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;

-	krb5_context		krb5context = NULL;

-	krb5_auth_context	krb5auth_context = NULL;

-	krb5_ccache 		krb5ccdef = NULL;

-	krb5_creds		krb5creds, *krb5credsp = NULL;

-	krb5_data		krb5_app_req;

-	kssl_err_set(kssl_err, 0, "");

-	memset((char *)&krb5creds, 0, sizeof(krb5creds));

-	if (!kssl_ctx)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "No kssl_ctx defined.\n");

-		goto err;

-		}

-	else if (!kssl_ctx->service_host)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "kssl_ctx service_host undefined.\n");

-		goto err;

-		}

-	if ((krb5rc = krb5_init_context(&krb5context)) != 0)

-                {

-		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,

-                        "krb5_init_context() fails: %d\n", krb5rc);

-		kssl_err->reason = SSL_R_KRB5_C_INIT;

-		goto err;

-		}

-	if ((krb5rc = krb5_sname_to_principal(krb5context,

-                kssl_ctx->service_host,

-                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,

-                KRB5_NT_SRV_HST, &krb5creds.server)) != 0)

-                {

-		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,

-                        "krb5_sname_to_principal() fails for %s/%s\n",

-                        kssl_ctx->service_host,

-                        (kssl_ctx->service_name)? kssl_ctx->service_name:

-						  KRB5SVC);

-		kssl_err->reason = SSL_R_KRB5_C_INIT;

-		goto err;

-		}

-	if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,

-                        "krb5_cc_default fails.\n");

-		goto err;

-		}

-	if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,

-                &krb5creds.client)) != 0)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,

-                        "krb5_cc_get_principal() fails.\n");

-		goto err;

-		}

-	if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,

-                &krb5creds, &krb5credsp)) != 0)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,

-                        "krb5_get_credentials() fails.\n");

-		goto err;

-		}

-	*enc_ticketp = &krb5credsp->ticket;

-#ifdef KRB5_HEIMDAL

-	kssl_ctx->enctype = krb5credsp->session.keytype;

-#else

-	kssl_ctx->enctype = krb5credsp->keyblock.enctype;

-#endif

-	krb5rc = KRB5KRB_ERR_GENERIC;

-	/*	caller should free data of krb5_app_req  */

-	/*  20010406 VRS deleted for real KerberosWrapper

-	**  20010605 VRS reinstated to offer Authenticator to KerberosWrapper

-	*/

-	krb5_app_req.length = 0;

-	if (authenp)

-                {

-		krb5_data	krb5in_data;

-		const unsigned char	*p;

-		long		arlen;

-		KRB5_APREQBODY	*ap_req;

-		authenp->length = 0;

-		krb5in_data.data = NULL;

-		krb5in_data.length = 0;

-		if ((krb5rc = krb5_mk_req_extended(krb5context,

-			&krb5auth_context, 0, &krb5in_data, krb5credsp,

-			&krb5_app_req)) != 0)

-			{

-			kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,

-				"krb5_mk_req_extended() fails.\n");

-			goto err;

-			}

-		arlen = krb5_app_req.length;

-		p = (unsigned char *)krb5_app_req.data;

-		ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen);

-		if (ap_req)

-			{

-			authenp->length = i2d_KRB5_ENCDATA(

-					ap_req->authenticator, NULL);

-			if (authenp->length  &&

-				(authenp->data = malloc(authenp->length)))

-				{

-				unsigned char	*adp = (unsigned char *)authenp->data;

-				authenp->length = i2d_KRB5_ENCDATA(

-						ap_req->authenticator, &adp);

-				}

-			}

-		if (ap_req)  KRB5_APREQ_free((KRB5_APREQ *) ap_req);

-		if (krb5_app_req.length)

-                        kssl_krb5_free_data_contents(krb5context,&krb5_app_req);

-		}

-#ifdef KRB5_HEIMDAL

-	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,

-                        "kssl_ctx_setkey() fails.\n");

-		}

-#else

-	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,

-                        "kssl_ctx_setkey() fails.\n");

-		}

-#endif

-	else	krb5rc = 0;

- err:

-#ifdef KSSL_DEBUG

-	kssl_ctx_show(kssl_ctx);

-#endif	/* KSSL_DEBUG */

-	if (krb5creds.client)	krb5_free_principal(krb5context,

-							krb5creds.client);

-	if (krb5creds.server)	krb5_free_principal(krb5context,

-							krb5creds.server);

-	if (krb5auth_context)	krb5_auth_con_free(krb5context,

-							krb5auth_context);

-	if (krb5context)	krb5_free_context(krb5context);

-	return (krb5rc);

-	}

-/*  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.

-**  Return Kerberos error code and kssl_err struct on error.

-**  Allocates krb5_ticket and krb5_principal; caller should free these.

-**

-**	20010410	VRS	Implemented krb5_decode_ticket() as

-**				old_krb5_decode_ticket(). Missing from MIT1.0.6.

-**	20010615	VRS 	Re-cast as openssl/asn1 d2i_*() functions.

-**				Re-used some of the old krb5_decode_ticket()

-**				code here.  This tkt should alloc/free just

-**				like the real thing.

-*/

-krb5_error_code

-kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,

-		/* IN     */	KRB5_TKTBODY	*asn1ticket,

-		/* OUT    */	krb5_ticket	**krb5ticket,

-		/* OUT    */	KSSL_ERR *kssl_err  )

-        {

-        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;

-	krb5_ticket 			*new5ticket = NULL;

-	ASN1_GENERALSTRING		*gstr_svc, *gstr_host;

-	*krb5ticket = NULL;

-	if (asn1ticket == NULL  ||  asn1ticket->realm == NULL  ||

-		asn1ticket->sname == NULL  ||

-		sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)

-		{

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"Null field in asn1ticket.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		return KRB5KRB_ERR_GENERIC;

-		}

-	if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)

-		{

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"Unable to allocate new krb5_ticket.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		return ENOMEM;		/*  or  KRB5KRB_ERR_GENERIC;	*/

-		}

-	gstr_svc  = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);

-	gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);

-	if ((krb5rc = kssl_build_principal_2(krb5context,

-			&new5ticket->server,

-			asn1ticket->realm->length, (char *)asn1ticket->realm->data,

-			gstr_svc->length,  (char *)gstr_svc->data,

-			gstr_host->length, (char *)gstr_host->data)) != 0)

-		{

-		free(new5ticket);

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"Error building ticket server principal.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		return krb5rc;		/*  or  KRB5KRB_ERR_GENERIC;	*/

-		}

-	krb5_princ_type(krb5context, new5ticket->server) =

-			asn1ticket->sname->nametype->data[0];

-	new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];

-	new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];

-	new5ticket->enc_part.ciphertext.length =

-			asn1ticket->encdata->cipher->length;

-	if ((new5ticket->enc_part.ciphertext.data =

-		calloc(1, asn1ticket->encdata->cipher->length)) == NULL)

-		{

-		free(new5ticket);

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"Error allocating cipher in krb5ticket.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		return KRB5KRB_ERR_GENERIC;

-		}

-	else

-		{

-		memcpy(new5ticket->enc_part.ciphertext.data,

-			asn1ticket->encdata->cipher->data,

-			asn1ticket->encdata->cipher->length);

-		}

-	*krb5ticket = new5ticket;

-	return 0;

-	}

-/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),

-**		and krb5 AP_REQ message & message length,

-**	Return Kerberos session key and client principle

-**		to SSL Server in KSSL_CTX *kssl_ctx.

-**

-**	19990702	VRS 	Started.

-*/

-krb5_error_code

-kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,

-		/* IN     */	krb5_data		*indata,

-		/* OUT    */	krb5_ticket_times	*ttimes,

-		/* OUT    */	KSSL_ERR		*kssl_err  )

-        {

-        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;

-        static krb5_context		krb5context = NULL;

-	static krb5_auth_context	krb5auth_context = NULL;

-	krb5_ticket 			*krb5ticket = NULL;

-	KRB5_TKTBODY 			*asn1ticket = NULL;

-	const unsigned char		*p;

-	krb5_keytab 			krb5keytab = NULL;

-	krb5_keytab_entry		kt_entry;

-	krb5_principal			krb5server;

-        krb5_rcache                     rcache = NULL;

-	kssl_err_set(kssl_err, 0, "");

-	if (!kssl_ctx)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-			"No kssl_ctx defined.\n");

-		goto err;

-		}

-#ifdef KSSL_DEBUG

-	printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));

-#endif	/* KSSL_DEBUG */

-	if (!krb5context  &&  (krb5rc = krb5_init_context(&krb5context)))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "krb5_init_context() fails.\n");

-		goto err;

-		}

-	if (krb5auth_context  &&

-		(krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "krb5_auth_con_free() fails.\n");

-		goto err;

-		}

-	else  krb5auth_context = NULL;

-	if (!krb5auth_context  &&

-		(krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "krb5_auth_con_init() fails.\n");

-		goto err;

-		}

-	if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,

-		&rcache)))

-		{

- 		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-			"krb5_auth_con_getrcache() fails.\n");

- 		goto err;

-		}

-	if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,

-                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,

-                KRB5_NT_SRV_HST, &krb5server)) != 0)

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "krb5_sname_to_principal() fails.\n");

-		goto err;

-		}

-	if (rcache == NULL)

-                {

-                if ((krb5rc = krb5_get_server_rcache(krb5context,

-			krb5_princ_component(krb5context, krb5server, 0),

-			&rcache)))

-                        {

-		        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                                "krb5_get_server_rcache() fails.\n");

-                  	goto err;

-                        }

-                }

-        if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache)))

-                {

-                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-			"krb5_auth_con_setrcache() fails.\n");

-                goto err;

-                }

-	/*	kssl_ctx->keytab_file == NULL ==> use Kerberos default

-	*/

-	if (kssl_ctx->keytab_file)

-		{

-		krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,

-                        &krb5keytab);

-		if (krb5rc)

-			{

-			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-				"krb5_kt_resolve() fails.\n");

-			goto err;

-			}

-		}

-	else

-		{

-                krb5rc = krb5_kt_default(krb5context,&krb5keytab);

-                if (krb5rc)

-			{

-			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-				"krb5_kt_default() fails.\n");

-			goto err;

-			}

-		}

-	/*	Actual Kerberos5 krb5_recvauth() has initial conversation here

-	**	o	check KRB5_SENDAUTH_BADAUTHVERS

-	**		unless KRB5_RECVAUTH_SKIP_VERSION

-	**	o	check KRB5_SENDAUTH_BADAPPLVERS

-	**	o	send "0" msg if all OK

-	*/

-	/*  20010411 was using AP_REQ instead of true KerberosWrapper

-	**

-	**  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,

-	**			&krb5in_data, krb5server, krb5keytab,

-	**			&ap_option, &krb5ticket)) != 0)  { Error }

-	*/

-	p = (unsigned char *)indata->data;

-	if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,

-						(long) indata->length)) == NULL)

-		{

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"d2i_KRB5_TICKET() ASN.1 decode failure.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		goto err;

-		}

-	/* Was:  krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */

-	if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,

-					kssl_err)) != 0)

-		{

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"Error converting ASN.1 ticket to krb5_ticket.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		goto err;

-		}

-	if (! krb5_principal_compare(krb5context, krb5server,

-						  krb5ticket->server))  {

-		krb5rc = KRB5_PRINC_NOMATCH;

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"server principal != ticket principal\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		goto err;

-		}

-	if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,

-			krb5ticket->server, krb5ticket->enc_part.kvno,

-			krb5ticket->enc_part.enctype, &kt_entry)) != 0)  {

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"krb5_kt_get_entry() fails with %x.\n", krb5rc);

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		goto err;

-		}

-	if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,

-			krb5ticket)) != 0)  {

-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,

-			"krb5_decrypt_tkt_part() failed.\n");

-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;

-		goto err;

-		}

-	else  {

-		krb5_kt_free_entry(krb5context, &kt_entry);

-#ifdef KSSL_DEBUG

-		{

-		int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;

-		printf("Decrypted ticket fields:\n");

-		printf("\tflags: %X, transit-type: %X",

-			krb5ticket->enc_part2->flags,

-			krb5ticket->enc_part2->transited.tr_type);

-		print_krb5_data("\ttransit-data: ",

-			&(krb5ticket->enc_part2->transited.tr_contents));

-		printf("\tcaddrs: %p, authdata: %p\n",

-			krb5ticket->enc_part2->caddrs,

-			krb5ticket->enc_part2->authorization_data);

-		if (paddr)

-			{

-			printf("\tcaddrs:\n");

-			for (i=0; paddr[i] != NULL; i++)

-				{

-				krb5_data d;

-				d.length=paddr[i]->length;

-				d.data=paddr[i]->contents;

-				print_krb5_data("\t\tIP: ", &d);

-				}

-			}

-		printf("\tstart/auth/end times: %d / %d / %d\n",

-			krb5ticket->enc_part2->times.starttime,

-			krb5ticket->enc_part2->times.authtime,

-			krb5ticket->enc_part2->times.endtime);

-		}

-#endif	/* KSSL_DEBUG */

-		}

-	krb5rc = KRB5_NO_TKT_SUPPLIED;

-	if (!krb5ticket  ||	!krb5ticket->enc_part2  ||

-                !krb5ticket->enc_part2->client  ||

-                !krb5ticket->enc_part2->client->data  ||

-                !krb5ticket->enc_part2->session)

-                {

-                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,

-                        "bad ticket from krb5_rd_req.\n");

-		}

-	else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,

-		 &krb5ticket->enc_part2->client->realm,

-		 krb5ticket->enc_part2->client->data,

-		 krb5ticket->enc_part2->client->length))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,

-                        "kssl_ctx_setprinc() fails.\n");

-		}

-	else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session))

-                {

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,

-                        "kssl_ctx_setkey() fails.\n");

-		}

-	else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID)

-                {

-		krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;

-                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,

-                        "invalid ticket from krb5_rd_req.\n");

-		}

-	else	krb5rc = 0;

-	kssl_ctx->enctype	= krb5ticket->enc_part.enctype;

-	ttimes->authtime	= krb5ticket->enc_part2->times.authtime;

-	ttimes->starttime	= krb5ticket->enc_part2->times.starttime;

-	ttimes->endtime 	= krb5ticket->enc_part2->times.endtime;

-	ttimes->renew_till	= krb5ticket->enc_part2->times.renew_till;

- err:

-#ifdef KSSL_DEBUG

-	kssl_ctx_show(kssl_ctx);

-#endif	/* KSSL_DEBUG */

-	if (asn1ticket) 	KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);

-        if (krb5keytab)         krb5_kt_close(krb5context, krb5keytab);

-	if (krb5ticket) 	krb5_free_ticket(krb5context, krb5ticket);

-	if (krb5server) 	krb5_free_principal(krb5context, krb5server);

-	return (krb5rc);

-        }

-/*	Allocate & return a new kssl_ctx struct.

-*/

-KSSL_CTX	*

-kssl_ctx_new(void)

-        {

-	return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX)));

-        }

-/*	Frees a kssl_ctx struct and any allocated memory it holds.

-**	Returns NULL.

-*/

-KSSL_CTX	*

-kssl_ctx_free(KSSL_CTX *kssl_ctx)

-        {

-	if (kssl_ctx == NULL)  return kssl_ctx;

-	if (kssl_ctx->key)  		OPENSSL_cleanse(kssl_ctx->key,

-							      kssl_ctx->length);

-	if (kssl_ctx->key)  		kssl_free(kssl_ctx->key);

-	if (kssl_ctx->client_princ) 	kssl_free(kssl_ctx->client_princ);

-	if (kssl_ctx->service_host) 	kssl_free(kssl_ctx->service_host);

-	if (kssl_ctx->service_name) 	kssl_free(kssl_ctx->service_name);

-	if (kssl_ctx->keytab_file) 	kssl_free(kssl_ctx->keytab_file);

-	kssl_free(kssl_ctx);

-	return (KSSL_CTX *) NULL;

-        }

-/*	Given an array of (krb5_data *) entity (and optional realm),

-**	set the plain (char *) client_princ or service_host member

-**	of the kssl_ctx struct.

-*/

-krb5_error_code

-kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,

-        krb5_data *realm, krb5_data *entity, int nentities)

-        {

-	char	**princ;

-	int 	length;

-	int i;

-	if (kssl_ctx == NULL  ||  entity == NULL)  return KSSL_CTX_ERR;

-	switch (which)

-                {

-        case KSSL_CLIENT:	princ = &kssl_ctx->client_princ;	break;

-        case KSSL_SERVER:	princ = &kssl_ctx->service_host;	break;

-        default:		return KSSL_CTX_ERR;			break;

-		}

-	if (*princ)  kssl_free(*princ);

-	/* Add up all the entity->lengths */

-	length = 0;

-	for (i=0; i < nentities; i++)

-		{

-		length += entity[i].length;

-		}

-	/* Add in space for the '/' character(s) (if any) */

-	length += nentities-1;

-	/* Space for the ('@'+realm+NULL | NULL) */

-	length += ((realm)? realm->length + 2: 1);

-	if ((*princ = kssl_calloc(1, length)) == NULL)

-		return KSSL_CTX_ERR;

-	else

-		{

-		for (i = 0; i < nentities; i++)

-			{

-			strncat(*princ, entity[i].data, entity[i].length);

-			if (i < nentities-1)

-				{

-				strcat (*princ, "/");

-				}

-			}

-		if (realm)

-                        {

-			strcat (*princ, "@");

-			(void) strncat(*princ, realm->data, realm->length);

-			}

-		}

-	return KSSL_CTX_OK;

-        }

-/*	Set one of the plain (char *) string members of the kssl_ctx struct.

-**	Default values should be:

-**		which == KSSL_SERVICE	=>	"khost" (KRB5SVC)

-**		which == KSSL_KEYTAB	=>	"/etc/krb5.keytab" (KRB5KEYTAB)

-*/

-krb5_error_code

-kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)

-        {

-	char	**string;

-	if (!kssl_ctx)  return KSSL_CTX_ERR;

-	switch (which)

-                {

-        case KSSL_SERVICE:	string = &kssl_ctx->service_name;	break;

-        case KSSL_SERVER:	string = &kssl_ctx->service_host;	break;

-        case KSSL_CLIENT:	string = &kssl_ctx->client_princ;	break;

-        case KSSL_KEYTAB:	string = &kssl_ctx->keytab_file;	break;

-        default:		return KSSL_CTX_ERR;			break;

-		}

-	if (*string)  kssl_free(*string);

-	if (!text)

-                {

-		*string = '\0';

-		return KSSL_CTX_OK;

-		}

-	if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)

-		return KSSL_CTX_ERR;

-	else

-		strcpy(*string, text);

-	return KSSL_CTX_OK;

-        }

-/*	Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx

-**	struct.  Clear kssl_ctx->key if Kerberos session key is NULL.

-*/

-krb5_error_code

-kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)

-        {

-	int 		length;

-	krb5_enctype	enctype;

-	krb5_octet FAR	*contents = NULL;

-	if (!kssl_ctx)  return KSSL_CTX_ERR;

-	if (kssl_ctx->key)

-                {

-		OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);

-		kssl_free(kssl_ctx->key);

-		}

-	if (session)

-                {

-#ifdef KRB5_HEIMDAL

-		length = session->keyvalue->length;

-		enctype = session->keytype;

-		contents = session->keyvalue->contents;

-#else

-		length = session->length;

-		enctype = session->enctype;

-		contents = session->contents;

-#endif

-		kssl_ctx->enctype = enctype;

-		kssl_ctx->length  = length;

-		}

-	else

-                {

-		kssl_ctx->enctype = ENCTYPE_UNKNOWN;

-		kssl_ctx->length  = 0;

-		return KSSL_CTX_OK;

-		}

-	if ((kssl_ctx->key =

-                (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL)

-                {

-		kssl_ctx->length  = 0;

-		return KSSL_CTX_ERR;

-		}

-	else

-		memcpy(kssl_ctx->key, contents, length);

-	return KSSL_CTX_OK;

-        }

-/*	Display contents of kssl_ctx struct

-*/

-void

-kssl_ctx_show(KSSL_CTX *kssl_ctx)

-        {

-	int 	i;

-	printf("kssl_ctx: ");

-	if (kssl_ctx == NULL)

-                {

-		printf("NULL\n");

-		return;

-		}

-	else

-		printf("%p\n", (void *)kssl_ctx);

-	printf("\tservice:\t%s\n",

-                (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");

-	printf("\tclient:\t%s\n",

-                (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL");

-	printf("\tserver:\t%s\n",

-                (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");

-	printf("\tkeytab:\t%s\n",

-                (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");

-	printf("\tkey [%d:%d]:\t",

-                kssl_ctx->enctype, kssl_ctx->length);

-	for (i=0; i < kssl_ctx->length  &&  kssl_ctx->key; i++)

-                {

-		printf("%02x", kssl_ctx->key[i]);

-		}

-	printf("\n");

-	return;

-        }

-    int

-    kssl_keytab_is_available(KSSL_CTX *kssl_ctx)

-{

-    krb5_context		krb5context = NULL;

-    krb5_keytab 		krb5keytab = NULL;

-    krb5_keytab_entry           entry;

-    krb5_principal              princ = NULL;

-    krb5_error_code  		krb5rc = KRB5KRB_ERR_GENERIC;

-    int rc = 0;

-    if ((krb5rc = krb5_init_context(&krb5context)))

-        return(0);

-    /*	kssl_ctx->keytab_file == NULL ==> use Kerberos default

-    */

-    if (kssl_ctx->keytab_file)

-    {

-        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,

-                                  &krb5keytab);

-        if (krb5rc)

-            goto exit;

-    }

-    else

-    {

-        krb5rc = krb5_kt_default(krb5context,&krb5keytab);

-        if (krb5rc)

-            goto exit;

-    }

-    /* the host key we are looking for */

-    krb5rc = krb5_sname_to_principal(krb5context, NULL,

-                                     kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,

-                                     KRB5_NT_SRV_HST, &princ);

-    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,

-                                princ,

-                                0 /* IGNORE_VNO */,

-                                0 /* IGNORE_ENCTYPE */,

-                                &entry);

-    if ( krb5rc == KRB5_KT_NOTFOUND ) {

-        rc = 1;

-        goto exit;

-    } else if ( krb5rc )

-        goto exit;

-    krb5_kt_free_entry(krb5context, &entry);

-    rc = 1;

-  exit:

-    if (krb5keytab)     krb5_kt_close(krb5context, krb5keytab);

-    if (princ)          krb5_free_principal(krb5context, princ);

-    if (krb5context)	krb5_free_context(krb5context);

-    return(rc);

-}

-int

-kssl_tgt_is_available(KSSL_CTX *kssl_ctx)

-        {

-        krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;

-        krb5_context		krb5context = NULL;

-        krb5_ccache 		krb5ccdef = NULL;

-        krb5_creds		krb5creds, *krb5credsp = NULL;

-        int                     rc = 0;

-        memset((char *)&krb5creds, 0, sizeof(krb5creds));

-        if (!kssl_ctx)

-            return(0);

-        if (!kssl_ctx->service_host)

-            return(0);

-        if ((krb5rc = krb5_init_context(&krb5context)) != 0)

-            goto err;

-        if ((krb5rc = krb5_sname_to_principal(krb5context,

-                                              kssl_ctx->service_host,

-                                              (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,

-                                              KRB5_NT_SRV_HST, &krb5creds.server)) != 0)

-            goto err;

-        if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)

-            goto err;

-        if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,

-                                             &krb5creds.client)) != 0)

-            goto err;

-        if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,

-                                            &krb5creds, &krb5credsp)) != 0)

-            goto err;

-        rc = 1;

-      err:

-#ifdef KSSL_DEBUG

-	kssl_ctx_show(kssl_ctx);

-#endif	/* KSSL_DEBUG */

-	if (krb5creds.client)	krb5_free_principal(krb5context, krb5creds.client);

-	if (krb5creds.server)	krb5_free_principal(krb5context, krb5creds.server);

-	if (krb5context)	krb5_free_context(krb5context);

-        return(rc);

-	}

-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)

-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)

-	{

-#ifdef KRB5_HEIMDAL

-	data->length = 0;

-        if (data->data)

-            free(data->data);

-#elif defined(KRB5_MIT_OLD11)

-	if (data->data)  {

-		krb5_xfree(data->data);

-		data->data = 0;

-		}

-#else

-	krb5_free_data_contents(NULL, data);

-#endif

-	}

-#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */

-/*  Given pointers to KerberosTime and struct tm structs, convert the

-**  KerberosTime string to struct tm.  Note that KerberosTime is a

-**  ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional

-**  seconds as defined in RFC 1510.

-**  Return pointer to the (partially) filled in struct tm on success,

-**  return NULL on failure.

-*/

-struct tm	*k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)

-	{

-	char 		c, *p;

-	if (!k_tm)  return NULL;

-	if (gtime == NULL  ||  gtime->length < 14)  return NULL;

-	if (gtime->data == NULL)  return NULL;

-	p = (char *)&gtime->data[14];

-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_sec  = atoi(p);      *(p+2) = c;

-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_min  = atoi(p);      *(p+2) = c;

-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_hour = atoi(p);      *(p+2) = c;

-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mday = atoi(p);      *(p+2) = c;

-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mon  = atoi(p)-1;    *(p+2) = c;

-	c = *p;	 *p = '\0';  p -= 4;  k_tm->tm_year = atoi(p)-1900; *(p+4) = c;

-	return k_tm;

-	}

-/*  Helper function for kssl_validate_times().

-**  We need context->clockskew, but krb5_context is an opaque struct.

-**  So we try to sneek the clockskew out through the replay cache.

-**	If that fails just return a likely default (300 seconds).

-*/

-krb5_deltat	get_rc_clockskew(krb5_context context)

-	{

-	krb5_rcache 	rc;

-	krb5_deltat 	clockskew;

-	if (krb5_rc_default(context, &rc))  return KSSL_CLOCKSKEW;

-	if (krb5_rc_initialize(context, rc, 0))  return KSSL_CLOCKSKEW;

-	if (krb5_rc_get_lifespan(context, rc, &clockskew))  {

-		clockskew = KSSL_CLOCKSKEW;

-		}

-	(void) krb5_rc_destroy(context, rc);

-	return clockskew;

-	}

-/*  kssl_validate_times() combines (and more importantly exposes)

-**  the MIT KRB5 internal function krb5_validate_times() and the

-**  in_clock_skew() macro.  The authenticator client time is checked

-**  to be within clockskew secs of the current time and the current

-**  time is checked to be within the ticket start and expire times.

-**  Either check may be omitted by supplying a NULL value.

-**  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.

-**  See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c

-**  20010420 VRS

-*/

-krb5_error_code  kssl_validate_times(	krb5_timestamp atime,

-					krb5_ticket_times *ttimes)

-	{

-	krb5_deltat 	skew;

-	krb5_timestamp	start, now;

-	krb5_error_code	rc;

-	krb5_context	context;

-	if ((rc = krb5_init_context(&context)))	 return SSL_R_KRB5_S_BAD_TICKET;

-	skew = get_rc_clockskew(context);

-	if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET;

-	krb5_free_context(context);

-	if (atime  &&  labs(atime - now) >= skew)  return SSL_R_KRB5_S_TKT_SKEW;

-	if (! ttimes)  return 0;

-	start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime;

-	if (start - now > skew)  return SSL_R_KRB5_S_TKT_NYV;

-	if ((now - ttimes->endtime) > skew)  return SSL_R_KRB5_S_TKT_EXPIRED;

-#ifdef KSSL_DEBUG

-	printf("kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",

-		start, atime, now, skew, ttimes->endtime);

-#endif	/* KSSL_DEBUG */

-	return 0;

-	}

-/*  Decode and decrypt given DER-encoded authenticator, then pass

-**  authenticator ctime back in *atimep (or 0 if time unavailable).

-**  Returns krb5_error_code and kssl_err on error.  A NULL

-**  authenticator (authentp->length == 0) is not considered an error.

-**  Note that kssl_check_authent() makes use of the KRB5 session key;

-**  you must call kssl_sget_tkt() to get the key before calling this routine.

-*/

-krb5_error_code  kssl_check_authent(

-			/* IN     */	KSSL_CTX	*kssl_ctx,

-                        /* IN     */   	krb5_data	*authentp,

-			/* OUT    */	krb5_timestamp	*atimep,

-			/* OUT    */    KSSL_ERR	*kssl_err  )

-	{

-        krb5_error_code		krb5rc = 0;

-	KRB5_ENCDATA		*dec_authent = NULL;

-	KRB5_AUTHENTBODY	*auth = NULL;

-	krb5_enctype		enctype;

-	EVP_CIPHER_CTX		ciph_ctx;

-	const EVP_CIPHER	*enc = NULL;

-	unsigned char		iv[EVP_MAX_IV_LENGTH];

-	const unsigned char	*p;

-	unsigned char		*unenc_authent;

-	int 			outl, unencbufsize;

-	struct tm		tm_time, *tm_l, *tm_g;

-	time_t			now, tl, tg, tr, tz_offset;

-	EVP_CIPHER_CTX_init(&ciph_ctx);

-	*atimep = 0;

-	kssl_err_set(kssl_err, 0, "");

-#ifndef KRB5CHECKAUTH

-	authentp = NULL;

-#else

-#if	KRB5CHECKAUTH == 0

-	authentp = NULL;

-#endif

-#endif	/* KRB5CHECKAUTH */

-	if (authentp == NULL  ||  authentp->length == 0)  return 0;

-#ifdef KSSL_DEBUG

-        {

-        unsigned int ui;

-	printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);

-	p = authentp->data;

-	for (ui=0; ui < authentp->length; ui++)  printf("%02x ",p[ui]);

-	printf("\n");

-        }

-#endif	/* KSSL_DEBUG */

-	unencbufsize = 2 * authentp->length;

-	if ((unenc_authent = calloc(1, unencbufsize)) == NULL)

-		{

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-			"Unable to allocate authenticator buffer.\n");

-		krb5rc = KRB5KRB_ERR_GENERIC;

-		goto err;

-		}

-	p = (unsigned char *)authentp->data;

-	if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,

-					(long) authentp->length)) == NULL)

-		{

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "Error decoding authenticator.\n");

-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;

-		goto err;

-		}

-	enctype = dec_authent->etype->data[0];	/* should = kssl_ctx->enctype */

-#if !defined(KRB5_MIT_OLD11)

-            switch ( enctype ) {

-            case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */

-            case ENCTYPE_DES3_CBC_SHA:

-            case ENCTYPE_DES3_CBC_RAW:

-                krb5rc = 0;                     /* Skip, can't handle derived keys */

-                goto err;

-            }

-#endif

-	enc = kssl_map_enc(enctype);

-	memset(iv, 0, sizeof iv);       /* per RFC 1510 */

-	if (enc == NULL)

-		{

-		/*  Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.

-		**  This enctype indicates the authenticator was encrypted

-		**  using key-usage derived keys which openssl cannot decrypt.

-		*/

-		goto err;

-		}

-        if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))

-                {

-                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "EVP_CipherInit error decrypting authenticator.\n");

-                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;

-                goto err;

-                }

-        outl = dec_authent->cipher->length;

-        if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))

-                {

-                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "EVP_Cipher error decrypting authenticator.\n");

-                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;

-                goto err;

-                }

-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);

-#ifdef KSSL_DEBUG

-	printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);

-	for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);

-	printf("\n");

-#endif	/* KSSL_DEBUG */

-	if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)

-		{

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "confounded by authenticator.\n");

-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;

-		goto err;

-		}

-	outl -= p - unenc_authent;

-	if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,

-							  (long) outl))==NULL)

-		{

-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,

-                        "Error decoding authenticator body.\n");

-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;

-		goto err;

-		}

-	memset(&tm_time,0,sizeof(struct tm));

-	if (k_gmtime(auth->ctime, &tm_time)  &&

-		((tr = mktime(&tm_time)) != (time_t)(-1)))

- 		{

- 		now  = time(&now);

- 		tm_l = localtime(&now); 	tl = mktime(tm_l);

- 		tm_g = gmtime(&now);		tg = mktime(tm_g);

- 		tz_offset = tg - tl;

-		*atimep = tr - tz_offset;

- 		}

-#ifdef KSSL_DEBUG

-	printf("kssl_check_authent: returns %d for client time ", *atimep);

-	if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)

-		printf("%.*s\n", auth->ctime->length, auth->ctime->data);

-	else	printf("NULL\n");

-#endif	/* KSSL_DEBUG */

- err:

-	if (auth)		KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);

-	if (dec_authent)	KRB5_ENCDATA_free(dec_authent);

-	if (unenc_authent)	free(unenc_authent);

-	EVP_CIPHER_CTX_cleanup(&ciph_ctx);

-	return krb5rc;

-	}

-/*  Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),

-**  because I dont't know how to stub varargs.

-**  Returns krb5_error_code == ENOMEM on alloc error, otherwise

-**  passes back newly constructed principal, which should be freed by caller.

-*/

-krb5_error_code  kssl_build_principal_2(

-			/* UPDATE */	krb5_context	context,

-			/* OUT    */	krb5_principal	*princ,

-			/* IN     */	int rlen,  const char *realm,

-			/* IN	  */	int slen,  const char *svc,

-			/* IN	  */	int hlen,  const char *host)

-	{

-	krb5_data		*p_data = NULL;

-	krb5_principal		new_p = NULL;

-        char			*new_r = NULL;

-	if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL  ||

-	    (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data)))

-			== NULL)  goto err;

-	new_p->length = 2;

-	new_p->data = p_data;

-	if ((new_r = calloc(1, rlen + 1)) == NULL)  goto err;

-	memcpy(new_r, realm, rlen);

-	krb5_princ_set_realm_length(context, new_p, rlen);

-	krb5_princ_set_realm_data(context, new_p, new_r);

-	if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)  goto err;

-	memcpy(new_p->data[0].data, svc, slen);

-	new_p->data[0].length = slen;

-	if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)  goto err;

-	memcpy(new_p->data[1].data, host, hlen);

-	new_p->data[1].length = hlen;

-	krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;

-	*princ = new_p;

-	return 0;

- err:

-	if (new_p  &&  new_p[0].data)	free(new_p[0].data);

-	if (new_p  &&  new_p[1].data)	free(new_p[1].data);

-	if (new_p)	free(new_p);

-	if (new_r)	free(new_r);

-	return ENOMEM;

-	}

-#else /* !OPENSSL_NO_KRB5 */

-#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)

-static int dummy=(int)&dummy;

-#endif

-#endif	/* !OPENSSL_NO_KRB5	*/

--- a/sys/src/ape/lib/openssl/ssl/kssl.h

+++ /dev/null

@@ -1,179 +1,0 @@

-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project 2000.

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/*

-**	19990701	VRS 	Started.

-*/

-#ifndef	KSSL_H

-#define	KSSL_H

-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_KRB5

-#include <stdio.h>

-#include <ctype.h>

-#include <krb5.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*

-**	Depending on which KRB5 implementation used, some types from

-**	the other may be missing.  Resolve that here and now

-*/

-#ifdef KRB5_HEIMDAL

-typedef unsigned char krb5_octet;

-#define FAR

-#else

-#ifndef FAR

-#define FAR

-#endif

-#endif

-/*	Uncomment this to debug kssl problems or

-**	to trace usage of the Kerberos session key

-**

-**	#define		KSSL_DEBUG

-*/

-#ifndef	KRB5SVC

-#define KRB5SVC	"host"

-#endif

-#ifndef	KRB5KEYTAB

-#define KRB5KEYTAB	"/etc/krb5.keytab"

-#endif

-#ifndef KRB5SENDAUTH

-#define KRB5SENDAUTH	1

-#endif

-#ifndef KRB5CHECKAUTH

-#define KRB5CHECKAUTH	1

-#endif

-#ifndef KSSL_CLOCKSKEW

-#define	KSSL_CLOCKSKEW	300;

-#endif

-#define	KSSL_ERR_MAX	255

-typedef struct kssl_err_st  {

-	int  reason;

-	char text[KSSL_ERR_MAX+1];

-	} KSSL_ERR;

-/*	Context for passing

-**		(1) Kerberos session key to SSL, and

-**		(2)	Config data between application and SSL lib

-*/

-typedef struct kssl_ctx_st

-        {

-                                /*	used by:    disposition:            */

-	char *service_name;	/*	C,S	    default ok (kssl)       */

-	char *service_host;	/*	C	    input, REQUIRED         */

-	char *client_princ;	/*	S	    output from krb5 ticket */

-	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */

-	char *cred_cache;	/*	C	    NULL (default)          */

-	krb5_enctype enctype;

-	int length;

-	krb5_octet FAR *key;

-	} KSSL_CTX;

-#define	KSSL_CLIENT 	1

-#define KSSL_SERVER 	2

-#define	KSSL_SERVICE	3

-#define	KSSL_KEYTAB 	4

-#define KSSL_CTX_OK 	0

-#define KSSL_CTX_ERR	1

-#define KSSL_NOMEM	2

-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */

-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);

-KSSL_CTX *kssl_ctx_new(void);

-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);

-void kssl_ctx_show(KSSL_CTX *kssl_ctx);

-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,

-        krb5_data *realm, krb5_data *entity, int nentities);

-krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,

-        krb5_data *authenp, KSSL_ERR *kssl_err);

-krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,

-        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);

-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);

-void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);

-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);

-krb5_error_code  kssl_build_principal_2(krb5_context context,

-			krb5_principal *princ, int rlen, const char *realm,

-			int slen, const char *svc, int hlen, const char *host);

-krb5_error_code  kssl_validate_times(krb5_timestamp atime,

-					krb5_ticket_times *ttimes);

-krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,

-			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);

-unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);

-#ifdef  __cplusplus

-}

-#endif

-#endif	/* OPENSSL_NO_KRB5	*/

-#endif	/* KSSL_H 	*/

--- a/sys/src/ape/lib/openssl/ssl/kssl_lcl.h

+++ /dev/null

@@ -1,87 +1,0 @@

-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */

-/* Written by Vern Staats <[email protected]> for the OpenSSL project 2000.

- * project 2000.

- */

-/* ====================================================================

- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#ifndef	KSSL_LCL_H

-#define	KSSL_LCL_H

-#include <openssl/kssl.h>

-#ifndef OPENSSL_NO_KRB5

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Private (internal to OpenSSL) */

-void print_krb5_data(char *label, krb5_data *kdata);

-void print_krb5_authdata(char *label, krb5_authdata **adata);

-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);

-char *kstring(char *string);

-char *knumber(int len, krb5_octet *contents);

-EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);

-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);

-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);

-#ifdef  __cplusplus

-}

-#endif

-#endif	/* OPENSSL_NO_KRB5	*/

-#endif	/* KSSL_LCL_H 	*/

--- a/sys/src/ape/lib/openssl/ssl/mkfile

+++ /dev/null

@@ -1,57 +1,0 @@

-APE=/sys/src/ape

-<$APE/config

-LIB=/$objtype/lib/ape/libssl.a

-OFILES=\

-	bio_ssl.$O\

-	d1_both.$O\

-	d1_clnt.$O\

-	d1_enc.$O\

-	d1_lib.$O\

-	d1_meth.$O\

-	d1_pkt.$O\

-	d1_srvr.$O\

-	kssl.$O\

-	s23_clnt.$O\

-	s23_lib.$O\

-	s23_meth.$O\

-	s23_pkt.$O\

-	s23_srvr.$O\

-	s2_clnt.$O\

-	s2_enc.$O\

-	s2_lib.$O\

-	s2_meth.$O\

-	s2_pkt.$O\

-	s2_srvr.$O\

-	s3_both.$O\

-	s3_clnt.$O\

-	s3_enc.$O\

-	s3_lib.$O\

-	s3_meth.$O\

-	s3_pkt.$O\

-	s3_srvr.$O\

-	ssl_algs.$O\

-	ssl_asn1.$O\

-	ssl_cert.$O\

-	ssl_ciph.$O\

-	ssl_err.$O\

-	ssl_err2.$O\

-	ssl_lib.$O\

-	ssl_rsa.$O\

-	ssl_sess.$O\

-	ssl_stat.$O\

-	ssl_txt.$O\

-	t1_clnt.$O\

-	t1_enc.$O\

-	t1_lib.$O\

-	t1_meth.$O\

-	t1_srvr.$O\

-HFILES=\

-	../include/buildinf.h\

-	../include/e_os.h\

-</sys/src/cmd/mksyslib

-CFLAGS=-c -I. -I../include -I../crypto -D_POSIX_SOURCE -D_BSD_EXTENSION -DPLAN9 -DT$objtype

--- a/sys/src/ape/lib/openssl/ssl/s23_clnt.c

+++ /dev/null

@@ -1,597 +1,0 @@

-/* ssl/s23_clnt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-static SSL_METHOD *ssl23_get_client_method(int ver);

-static int ssl23_client_hello(SSL *s);

-static int ssl23_get_server_hello(SSL *s);

-static SSL_METHOD *ssl23_get_client_method(int ver)

-	{

-#ifndef OPENSSL_NO_SSL2

-	if (ver == SSL2_VERSION)

-		return(SSLv2_client_method());

-#endif

-	if (ver == SSL3_VERSION)

-		return(SSLv3_client_method());

-	else if (ver == TLS1_VERSION)

-		return(TLSv1_client_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl23_meth_func(SSLv23_client_method,

-			ssl_undefined_function,

-			ssl23_connect,

-			ssl23_get_client_method)

-int ssl23_connect(SSL *s)

-	{

-	BUF_MEM *buf=NULL;

-	unsigned long Time=(unsigned long)time(NULL);

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	int ret= -1;

-	int new_state,state;

-	RAND_add(&Time,sizeof(Time),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	for (;;)

-		{

-		state=s->state;

-		switch(s->state)

-			{

-		case SSL_ST_BEFORE:

-		case SSL_ST_CONNECT:

-		case SSL_ST_BEFORE|SSL_ST_CONNECT:

-		case SSL_ST_OK|SSL_ST_CONNECT:

-			if (s->session != NULL)

-				{

-				SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);

-				ret= -1;

-				goto end;

-				}

-			s->server=0;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			/* s->version=TLS1_VERSION; */

-			s->type=SSL_ST_CONNECT;

-			if (s->init_buf == NULL)

-				{

-				if ((buf=BUF_MEM_new()) == NULL)

-					{

-					ret= -1;

-					goto end;

-					}

-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))

-					{

-					ret= -1;

-					goto end;

-					}

-				s->init_buf=buf;

-				buf=NULL;

-				}

-			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }

-			ssl3_init_finished_mac(s);

-			s->state=SSL23_ST_CW_CLNT_HELLO_A;

-			s->ctx->stats.sess_connect++;

-			s->init_num=0;

-			break;

-		case SSL23_ST_CW_CLNT_HELLO_A:

-		case SSL23_ST_CW_CLNT_HELLO_B:

-			s->shutdown=0;

-			ret=ssl23_client_hello(s);

-			if (ret <= 0) goto end;

-			s->state=SSL23_ST_CR_SRVR_HELLO_A;

-			s->init_num=0;

-			break;

-		case SSL23_ST_CR_SRVR_HELLO_A:

-		case SSL23_ST_CR_SRVR_HELLO_B:

-			ret=ssl23_get_server_hello(s);

-			if (ret >= 0) cb=NULL;

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* break; */

-			}

-		if (s->debug) { (void)BIO_flush(s->wbio); }

-		if ((cb != NULL) && (s->state != state))

-			{

-			new_state=s->state;

-			s->state=state;

-			cb(s,SSL_CB_CONNECT_LOOP,1);

-			s->state=new_state;

-			}

-		}

-end:

-	s->in_handshake--;

-	if (buf != NULL)

-		BUF_MEM_free(buf);

-	if (cb != NULL)

-		cb(s,SSL_CB_CONNECT_EXIT,ret);

-	return(ret);

-	}

-static int ssl23_client_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	int i,j,ch_len;

-	unsigned long Time,l;

-	int ssl2_compat;

-	int version = 0, version_major, version_minor;

-	SSL_COMP *comp;

-	int ret;

-	ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;

-	if (!(s->options & SSL_OP_NO_TLSv1))

-		{

-		version = TLS1_VERSION;

-		}

-	else if (!(s->options & SSL_OP_NO_SSLv3))

-		{

-		version = SSL3_VERSION;

-		}

-	else if (!(s->options & SSL_OP_NO_SSLv2))

-		{

-		version = SSL2_VERSION;

-		}

-#ifndef OPENSSL_NO_TLSEXT

-	if (version != SSL2_VERSION)

-		{

-		/* have to disable SSL 2.0 compatibility if we need TLS extensions */

-		if (s->tlsext_hostname != NULL)

-			ssl2_compat = 0;

-		}

-#endif

-	buf=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)

-		{

-#if 0

-		/* don't reuse session-id's */

-		if (!ssl_get_new_session(s,0))

-			{

-			return(-1);

-			}

-#endif

-		p=s->s3->client_random;

-		Time=(unsigned long)time(NULL);		/* Time */

-		l2n(Time,p);

-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)

-			return -1;

-		if (version == TLS1_VERSION)

-			{

-			version_major = TLS1_VERSION_MAJOR;

-			version_minor = TLS1_VERSION_MINOR;

-			}

-		else if (version == SSL3_VERSION)

-			{

-			version_major = SSL3_VERSION_MAJOR;

-			version_minor = SSL3_VERSION_MINOR;

-			}

-		else if (version == SSL2_VERSION)

-			{

-			version_major = SSL2_VERSION_MAJOR;

-			version_minor = SSL2_VERSION_MINOR;

-			}

-		else

-			{

-			SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);

-			return(-1);

-			}

-		s->client_version = version;

-		if (ssl2_compat)

-			{

-			/* create SSL 2.0 compatible Client Hello */

-			/* two byte record header will be written last */

-			d = &(buf[2]);

-			p = d + 9; /* leave space for message type, version, individual length fields */

-			*(d++) = SSL2_MT_CLIENT_HELLO;

-			*(d++) = version_major;

-			*(d++) = version_minor;

-			/* Ciphers supported */

-			i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);

-			if (i == 0)

-				{

-				/* no ciphers */

-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

-				return -1;

-				}

-			s2n(i,d);

-			p+=i;

-			/* put in the session-id length (zero since there is no reuse) */

-#if 0

-			s->session->session_id_length=0;

-#endif

-			s2n(0,d);

-			if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)

-				ch_len=SSL2_CHALLENGE_LENGTH;

-			else

-				ch_len=SSL2_MAX_CHALLENGE_LENGTH;

-			/* write out sslv2 challenge */

-			if (SSL3_RANDOM_SIZE < ch_len)

-				i=SSL3_RANDOM_SIZE;

-			else

-				i=ch_len;

-			s2n(i,d);

-			memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);

-			if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)

-				return -1;

-			memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);

-			p+=i;

-			i= p- &(buf[2]);

-			buf[0]=((i>>8)&0xff)|0x80;

-			buf[1]=(i&0xff);

-			/* number of bytes to write */

-			s->init_num=i+2;

-			s->init_off=0;

-			ssl3_finish_mac(s,&(buf[2]),i);

-			}

-		else

-			{

-			/* create Client Hello in SSL 3.0/TLS 1.0 format */

-			/* do the record header (5 bytes) and handshake message header (4 bytes) last */

-			d = p = &(buf[9]);

-			*(p++) = version_major;

-			*(p++) = version_minor;

-			/* Random stuff */

-			memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);

-			p += SSL3_RANDOM_SIZE;

-			/* Session ID (zero since there is no reuse) */

-			*(p++) = 0;

-			/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */

-			i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);

-			if (i == 0)

-				{

-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

-				return -1;

-				}

-			s2n(i,p);

-			p+=i;

-			/* COMPRESSION */

-			if (s->ctx->comp_methods == NULL)

-				j=0;

-			else

-				j=sk_SSL_COMP_num(s->ctx->comp_methods);

-			*(p++)=1+j;

-			for (i=0; i<j; i++)

-				{

-				comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);

-				*(p++)=comp->id;

-				}

-			*(p++)=0; /* Add the NULL method */

-#ifndef OPENSSL_NO_TLSEXT

-			if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

-				{

-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);

-				return -1;

-				}

-#endif

-			l = p-d;

-			*p = 42;

-			/* fill in 4-byte handshake header */

-			d=&(buf[5]);

-			*(d++)=SSL3_MT_CLIENT_HELLO;

-			l2n3(l,d);

-			l += 4;

-			if (l > SSL3_RT_MAX_PLAIN_LENGTH)

-				{

-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);

-				return -1;

-				}

-			/* fill in 5-byte record header */

-			d=buf;

-			*(d++) = SSL3_RT_HANDSHAKE;

-			*(d++) = version_major;

-			*(d++) = version_minor; /* arguably we should send the *lowest* suported version here

-			                         * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */

-			s2n((int)l,d);

-			/* number of bytes to write */

-			s->init_num=p-buf;

-			s->init_off=0;

-			ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);

-			}

-		s->state=SSL23_ST_CW_CLNT_HELLO_B;

-		s->init_off=0;

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	ret = ssl23_write_bytes(s);

-	if ((ret >= 2) && s->msg_callback)

-		{

-		/* Client Hello has been sent; tell msg_callback */

-		if (ssl2_compat)

-			s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);

-		else

-			s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);

-		}

-	return ret;

-	}

-static int ssl23_get_server_hello(SSL *s)

-	{

-	char buf[8];

-	unsigned char *p;

-	int i;

-	int n;

-	n=ssl23_read_bytes(s,7);

-	if (n != 7) return(n);

-	p=s->packet;

-	memcpy(buf,p,n);

-	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&

-		(p[5] == 0x00) && (p[6] == 0x02))

-		{

-#ifdef OPENSSL_NO_SSL2

-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);

-		goto err;

-#else

-		/* we are talking sslv2 */

-		/* we need to clean up the SSLv3 setup and put in the

-		 * sslv2 stuff. */

-		int ch_len;

-		if (s->options & SSL_OP_NO_SSLv2)

-			{

-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);

-			goto err;

-			}

-		if (s->s2 == NULL)

-			{

-			if (!ssl2_new(s))

-				goto err;

-			}

-		else

-			ssl2_clear(s);

-		if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)

-			ch_len=SSL2_CHALLENGE_LENGTH;

-		else

-			ch_len=SSL2_MAX_CHALLENGE_LENGTH;

-		/* write out sslv2 challenge */

-		i=(SSL3_RANDOM_SIZE < ch_len)

-			?SSL3_RANDOM_SIZE:ch_len;

-		s->s2->challenge_length=i;

-		memcpy(s->s2->challenge,

-			&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);

-		if (s->s3 != NULL) ssl3_free(s);

-		if (!BUF_MEM_grow_clean(s->init_buf,

-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))

-			{

-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);

-			goto err;

-			}

-		s->state=SSL2_ST_GET_SERVER_HELLO_A;

-		if (!(s->client_version == SSL2_VERSION))

-			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */

-			s->s2->ssl2_rollback=1;

-		/* setup the 5 bytes we have read so we get them from

-		 * the sslv2 buffer */

-		s->rstate=SSL_ST_READ_HEADER;

-		s->packet_length=n;

-		s->packet= &(s->s2->rbuf[0]);

-		memcpy(s->packet,buf,n);

-		s->s2->rbuf_left=n;

-		s->s2->rbuf_offs=0;

-		/* we have already written one */

-		s->s2->write_sequence=1;

-		s->method=SSLv2_client_method();

-		s->handshake_func=s->method->ssl_connect;

-#endif

-		}

-	else if ((p[0] == SSL3_RT_HANDSHAKE) &&

-		 (p[1] == SSL3_VERSION_MAJOR) &&

-		 ((p[2] == SSL3_VERSION_MINOR) ||

-		  (p[2] == TLS1_VERSION_MINOR)) &&

-		 (p[5] == SSL3_MT_SERVER_HELLO))

-		{

-		/* we have sslv3 or tls1 */

-		if (!ssl_init_wbio_buffer(s,1)) goto err;

-		/* we are in this state */

-		s->state=SSL3_ST_CR_SRVR_HELLO_A;

-		/* put the 5 bytes we have read into the input buffer

-		 * for SSLv3 */

-		s->rstate=SSL_ST_READ_HEADER;

-		s->packet_length=n;

-		s->packet= &(s->s3->rbuf.buf[0]);

-		memcpy(s->packet,buf,n);

-		s->s3->rbuf.left=n;

-		s->s3->rbuf.offset=0;

-		if ((p[2] == SSL3_VERSION_MINOR) &&

-			!(s->options & SSL_OP_NO_SSLv3))

-			{

-			s->version=SSL3_VERSION;

-			s->method=SSLv3_client_method();

-			}

-		else if ((p[2] == TLS1_VERSION_MINOR) &&

-			!(s->options & SSL_OP_NO_TLSv1))

-			{

-			s->version=TLS1_VERSION;

-			s->method=TLSv1_client_method();

-			}

-		else

-			{

-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);

-			goto err;

-			}

-		s->handshake_func=s->method->ssl_connect;

-		}

-	else if ((p[0] == SSL3_RT_ALERT) &&

-		 (p[1] == SSL3_VERSION_MAJOR) &&

-		 ((p[2] == SSL3_VERSION_MINOR) ||

-		  (p[2] == TLS1_VERSION_MINOR)) &&

-		 (p[3] == 0) &&

-		 (p[4] == 2))

-		{

-		void (*cb)(const SSL *ssl,int type,int val)=NULL;

-		int j;

-		/* An alert */

-		if (s->info_callback != NULL)

-			cb=s->info_callback;

-		else if (s->ctx->info_callback != NULL)

-			cb=s->ctx->info_callback;

-		i=p[5];

-		if (cb != NULL)

-			{

-			j=(i<<8)|p[6];

-			cb(s,SSL_CB_READ_ALERT,j);

-			}

-		s->rwstate=SSL_NOTHING;

-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);

-		goto err;

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);

-		goto err;

-		}

-	s->init_num=0;

-	/* Since, if we are sending a ssl23 client hello, we are not

-	 * reusing a session-id */

-	if (!ssl_get_new_session(s,0))

-		goto err;

-	return(SSL_connect(s));

-err:

-	return(-1);

-	}

--- a/sys/src/ape/lib/openssl/ssl/s23_lib.c

+++ /dev/null

@@ -1,198 +1,0 @@

-/* ssl/s23_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-long ssl23_default_timeout(void)

-	{

-	return(300);

-	}

-IMPLEMENT_ssl23_meth_func(sslv23_base_method,

-			ssl_undefined_function,

-			ssl_undefined_function,

-			ssl_bad_method)

-int ssl23_num_ciphers(void)

-	{

-	return(ssl3_num_ciphers()

-#ifndef OPENSSL_NO_SSL2

-	       + ssl2_num_ciphers()

-#endif

-	    );

-	}

-SSL_CIPHER *ssl23_get_cipher(unsigned int u)

-	{

-	unsigned int uu=ssl3_num_ciphers();

-	if (u < uu)

-		return(ssl3_get_cipher(u));

-	else

-#ifndef OPENSSL_NO_SSL2

-		return(ssl2_get_cipher(u-uu));

-#else

-		return(NULL);

-#endif

-	}

-/* This function needs to check if the ciphers required are actually

- * available */

-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)

-	{

-	SSL_CIPHER c,*cp;

-	unsigned long id;

-	int n;

-	n=ssl3_num_ciphers();

-	id=0x03000000|((unsigned long)p[0]<<16L)|

-		((unsigned long)p[1]<<8L)|(unsigned long)p[2];

-	c.id=id;

-	cp=ssl3_get_cipher_by_char(p);

-#ifndef OPENSSL_NO_SSL2

-	if (cp == NULL)

-		cp=ssl2_get_cipher_by_char(p);

-#endif

-	return(cp);

-	}

-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)

-	{

-	long l;

-	/* We can write SSLv2 and SSLv3 ciphers */

-	if (p != NULL)

-		{

-		l=c->id;

-		p[0]=((unsigned char)(l>>16L))&0xFF;

-		p[1]=((unsigned char)(l>> 8L))&0xFF;

-		p[2]=((unsigned char)(l     ))&0xFF;

-		}

-	return(3);

-	}

-int ssl23_read(SSL *s, void *buf, int len)

-	{

-	int n;

-	clear_sys_error();

-	if (SSL_in_init(s) && (!s->in_handshake))

-		{

-		n=s->handshake_func(s);

-		if (n < 0) return(n);

-		if (n == 0)

-			{

-			SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		return(SSL_read(s,buf,len));

-		}

-	else

-		{

-		ssl_undefined_function(s);

-		return(-1);

-		}

-	}

-int ssl23_peek(SSL *s, void *buf, int len)

-	{

-	int n;

-	clear_sys_error();

-	if (SSL_in_init(s) && (!s->in_handshake))

-		{

-		n=s->handshake_func(s);

-		if (n < 0) return(n);

-		if (n == 0)

-			{

-			SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		return(SSL_peek(s,buf,len));

-		}

-	else

-		{

-		ssl_undefined_function(s);

-		return(-1);

-		}

-	}

-int ssl23_write(SSL *s, const void *buf, int len)

-	{

-	int n;

-	clear_sys_error();

-	if (SSL_in_init(s) && (!s->in_handshake))

-		{

-		n=s->handshake_func(s);

-		if (n < 0) return(n);

-		if (n == 0)

-			{

-			SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		return(SSL_write(s,buf,len));

-		}

-	else

-		{

-		ssl_undefined_function(s);

-		return(-1);

-		}

-	}

--- a/sys/src/ape/lib/openssl/ssl/s23_meth.c

+++ /dev/null

@@ -1,88 +1,0 @@

-/* ssl/s23_meth.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-static SSL_METHOD *ssl23_get_method(int ver);

-static SSL_METHOD *ssl23_get_method(int ver)

-	{

-#ifndef OPENSSL_NO_SSL2

-	if (ver == SSL2_VERSION)

-		return(SSLv2_method());

-	else

-#endif

-#ifndef OPENSSL_NO_SSL3

-	if (ver == SSL3_VERSION)

-		return(SSLv3_method());

-	else

-#endif

-#ifndef OPENSSL_NO_TLS1

-	if (ver == TLS1_VERSION)

-		return(TLSv1_method());

-	else

-#endif

-		return(NULL);

-	}

-IMPLEMENT_ssl23_meth_func(SSLv23_method,

-			ssl23_accept,

-			ssl23_connect,

-			ssl23_get_method)

--- a/sys/src/ape/lib/openssl/ssl/s23_pkt.c

+++ /dev/null

@@ -1,117 +1,0 @@

-/* ssl/s23_pkt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "ssl_locl.h"

-#include <openssl/evp.h>

-#include <openssl/buffer.h>

-int ssl23_write_bytes(SSL *s)

-	{

-	int i,num,tot;

-	char *buf;

-	buf=s->init_buf->data;

-	tot=s->init_off;

-	num=s->init_num;

-	for (;;)

-		{

-		s->rwstate=SSL_WRITING;

-		i=BIO_write(s->wbio,&(buf[tot]),num);

-		if (i <= 0)

-			{

-			s->init_off=tot;

-			s->init_num=num;

-			return(i);

-			}

-		s->rwstate=SSL_NOTHING;

-		if (i == num) return(tot+i);

-		num-=i;

-		tot+=i;

-		}

-	}

-/* return regularly only when we have read (at least) 'n' bytes */

-int ssl23_read_bytes(SSL *s, int n)

-	{

-	unsigned char *p;

-	int j;

-	if (s->packet_length < (unsigned int)n)

-		{

-		p=s->packet;

-		for (;;)

-			{

-			s->rwstate=SSL_READING;

-			j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),

-				n-s->packet_length);

-			if (j <= 0)

-				return(j);

-			s->rwstate=SSL_NOTHING;

-			s->packet_length+=j;

-			if (s->packet_length >= (unsigned int)n)

-				return(s->packet_length);

-			}

-		}

-	return(n);

-	}

--- a/sys/src/ape/lib/openssl/ssl/s23_srvr.c

+++ /dev/null

@@ -1,572 +1,0 @@

-/* ssl/s23_srvr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-static SSL_METHOD *ssl23_get_server_method(int ver);

-int ssl23_get_client_hello(SSL *s);

-static SSL_METHOD *ssl23_get_server_method(int ver)

-	{

-#ifndef OPENSSL_NO_SSL2

-	if (ver == SSL2_VERSION)

-		return(SSLv2_server_method());

-#endif

-	if (ver == SSL3_VERSION)

-		return(SSLv3_server_method());

-	else if (ver == TLS1_VERSION)

-		return(TLSv1_server_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl23_meth_func(SSLv23_server_method,

-			ssl23_accept,

-			ssl_undefined_function,

-			ssl23_get_server_method)

-int ssl23_accept(SSL *s)

-	{

-	BUF_MEM *buf;

-	unsigned long Time=(unsigned long)time(NULL);

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	int ret= -1;

-	int new_state,state;

-	RAND_add(&Time,sizeof(Time),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	for (;;)

-		{

-		state=s->state;

-		switch(s->state)

-			{

-		case SSL_ST_BEFORE:

-		case SSL_ST_ACCEPT:

-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:

-		case SSL_ST_OK|SSL_ST_ACCEPT:

-			s->server=1;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			/* s->version=SSL3_VERSION; */

-			s->type=SSL_ST_ACCEPT;

-			if (s->init_buf == NULL)

-				{

-				if ((buf=BUF_MEM_new()) == NULL)

-					{

-					ret= -1;

-					goto end;

-					}

-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))

-					{

-					ret= -1;

-					goto end;

-					}

-				s->init_buf=buf;

-				}

-			ssl3_init_finished_mac(s);

-			s->state=SSL23_ST_SR_CLNT_HELLO_A;

-			s->ctx->stats.sess_accept++;

-			s->init_num=0;

-			break;

-		case SSL23_ST_SR_CLNT_HELLO_A:

-		case SSL23_ST_SR_CLNT_HELLO_B:

-			s->shutdown=0;

-			ret=ssl23_get_client_hello(s);

-			if (ret >= 0) cb=NULL;

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* break; */

-			}

-		if ((cb != NULL) && (s->state != state))

-			{

-			new_state=s->state;

-			s->state=state;

-			cb(s,SSL_CB_ACCEPT_LOOP,1);

-			s->state=new_state;

-			}

-		}

-end:

-	s->in_handshake--;

-	if (cb != NULL)

-		cb(s,SSL_CB_ACCEPT_EXIT,ret);

-	return(ret);

-	}

-int ssl23_get_client_hello(SSL *s)

-	{

-	char buf_space[11]; /* Request this many bytes in initial read.

-	                     * We can detect SSL 3.0/TLS 1.0 Client Hellos

-	                     * ('type == 3') correctly only when the following

-	                     * is in a single record, which is not guaranteed by

-	                     * the protocol specification:

-	                     * Byte  Content

-	                     *  0     type            \

-	                     *  1/2   version          > record header

-	                     *  3/4   length          /

-	                     *  5     msg_type        \

-	                     *  6-8   length           > Client Hello message

-	                     *  9/10  client_version  /

-	                     */

-	char *buf= &(buf_space[0]);

-	unsigned char *p,*d,*d_len,*dd;

-	unsigned int i;

-	unsigned int csl,sil,cl;

-	int n=0,j;

-	int type=0;

-	int v[2];

-	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)

-		{

-		/* read the initial header */

-		v[0]=v[1]=0;

-		if (!ssl3_setup_buffers(s)) goto err;

-		n=ssl23_read_bytes(s, sizeof buf_space);

-		if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */

-		p=s->packet;

-		memcpy(buf,p,n);

-		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))

-			{

-			/*

-			 * SSLv2 header

-			 */

-			if ((p[3] == 0x00) && (p[4] == 0x02))

-				{

-				v[0]=p[3]; v[1]=p[4];

-				/* SSLv2 */

-				if (!(s->options & SSL_OP_NO_SSLv2))

-					type=1;

-				}

-			else if (p[3] == SSL3_VERSION_MAJOR)

-				{

-				v[0]=p[3]; v[1]=p[4];

-				/* SSLv3/TLSv1 */

-				if (p[4] >= TLS1_VERSION_MINOR)

-					{

-					if (!(s->options & SSL_OP_NO_TLSv1))

-						{

-						s->version=TLS1_VERSION;

-						/* type=2; */ /* done later to survive restarts */

-						s->state=SSL23_ST_SR_CLNT_HELLO_B;

-						}

-					else if (!(s->options & SSL_OP_NO_SSLv3))

-						{

-						s->version=SSL3_VERSION;

-						/* type=2; */

-						s->state=SSL23_ST_SR_CLNT_HELLO_B;

-						}

-					else if (!(s->options & SSL_OP_NO_SSLv2))

-						{

-						type=1;

-						}

-					}

-				else if (!(s->options & SSL_OP_NO_SSLv3))

-					{

-					s->version=SSL3_VERSION;

-					/* type=2; */

-					s->state=SSL23_ST_SR_CLNT_HELLO_B;

-					}

-				else if (!(s->options & SSL_OP_NO_SSLv2))

-					type=1;

-				}

-			}

-		else if ((p[0] == SSL3_RT_HANDSHAKE) &&

-			 (p[1] == SSL3_VERSION_MAJOR) &&

-			 (p[5] == SSL3_MT_CLIENT_HELLO) &&

-			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)

-				|| (p[9] == p[1])))

-			{

-			/*

-			 * SSLv3 or tls1 header

-			 */

-			v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */

-			/* We must look at client_version inside the Client Hello message

-			 * to get the correct minor version.

-			 * However if we have only a pathologically small fragment of the

-			 * Client Hello message, this would be difficult, and we'd have

-			 * to read more records to find out.

-			 * No known SSL 3.0 client fragments ClientHello like this,

-			 * so we simply assume TLS 1.0 to avoid protocol version downgrade

-			 * attacks. */

-			if (p[3] == 0 && p[4] < 6)

-				{

-#if 0

-				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);

-				goto err;

-#else

-				v[1] = TLS1_VERSION_MINOR;

-#endif

-				}

-			else

-				v[1]=p[10]; /* minor version according to client_version */

-			if (v[1] >= TLS1_VERSION_MINOR)

-				{

-				if (!(s->options & SSL_OP_NO_TLSv1))

-					{

-					s->version=TLS1_VERSION;

-					type=3;

-					}

-				else if (!(s->options & SSL_OP_NO_SSLv3))

-					{

-					s->version=SSL3_VERSION;

-					type=3;

-					}

-				}

-			else

-				{

-				/* client requests SSL 3.0 */

-				if (!(s->options & SSL_OP_NO_SSLv3))

-					{

-					s->version=SSL3_VERSION;

-					type=3;

-					}

-				else if (!(s->options & SSL_OP_NO_TLSv1))

-					{

-					/* we won't be able to use TLS of course,

-					 * but this will send an appropriate alert */

-					s->version=TLS1_VERSION;

-					type=3;

-					}

-				}

-			}

-		else if ((strncmp("GET ", (char *)p,4) == 0) ||

-			 (strncmp("POST ",(char *)p,5) == 0) ||

-			 (strncmp("HEAD ",(char *)p,5) == 0) ||

-			 (strncmp("PUT ", (char *)p,4) == 0))

-			{

-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);

-			goto err;

-			}

-		else if (strncmp("CONNECT",(char *)p,7) == 0)

-			{

-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);

-			goto err;

-			}

-		}

-	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)

-		{

-		/* we have SSLv3/TLSv1 in an SSLv2 header

-		 * (other cases skip this state) */

-		type=2;

-		p=s->packet;

-		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */

-		v[1] = p[4];

-		n=((p[0]&0x7f)<<8)|p[1];

-		if (n > (1024*4))

-			{

-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);

-			goto err;

-			}

-		j=ssl23_read_bytes(s,n+2);

-		if (j <= 0) return(j);

-		ssl3_finish_mac(s, s->packet+2, s->packet_length-2);

-		if (s->msg_callback)

-			s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */

-		p=s->packet;

-		p+=5;

-		n2s(p,csl);

-		n2s(p,sil);

-		n2s(p,cl);

-		d=(unsigned char *)s->init_buf->data;

-		if ((csl+sil+cl+11) != s->packet_length)

-			{

-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);

-			goto err;

-			}

-		/* record header: msg_type ... */

-		*(d++) = SSL3_MT_CLIENT_HELLO;

-		/* ... and length (actual value will be written later) */

-		d_len = d;

-		d += 3;

-		/* client_version */

-		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */

-		*(d++) = v[1];

-		/* lets populate the random area */

-		/* get the challenge_length */

-		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;

-		memset(d,0,SSL3_RANDOM_SIZE);

-		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);

-		d+=SSL3_RANDOM_SIZE;

-		/* no session-id reuse */

-		*(d++)=0;

-		/* ciphers */

-		j=0;

-		dd=d;

-		d+=2;

-		for (i=0; i<csl; i+=3)

-			{

-			if (p[i] != 0) continue;

-			*(d++)=p[i+1];

-			*(d++)=p[i+2];

-			j+=2;

-			}

-		s2n(j,dd);

-		/* COMPRESSION */

-		*(d++)=1;

-		*(d++)=0;

-		i = (d-(unsigned char *)s->init_buf->data) - 4;

-		l2n3((long)i, d_len);

-		/* get the data reused from the init_buf */

-		s->s3->tmp.reuse_message=1;

-		s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;

-		s->s3->tmp.message_size=i;

-		}

-	/* imaginary new state (for program structure): */

-	/* s->state = SSL23_SR_CLNT_HELLO_C */

-	if (type == 1)

-		{

-#ifdef OPENSSL_NO_SSL2

-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);

-		goto err;

-#else

-		/* we are talking sslv2 */

-		/* we need to clean up the SSLv3/TLSv1 setup and put in the

-		 * sslv2 stuff. */

-		if (s->s2 == NULL)

-			{

-			if (!ssl2_new(s))

-				goto err;

-			}

-		else

-			ssl2_clear(s);

-		if (s->s3 != NULL) ssl3_free(s);

-		if (!BUF_MEM_grow_clean(s->init_buf,

-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))

-			{

-			goto err;

-			}

-		s->state=SSL2_ST_GET_CLIENT_HELLO_A;

-		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)

-			s->s2->ssl2_rollback=0;

-		else

-			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0

-			 * (SSL 3.0 draft/RFC 2246, App. E.2) */

-			s->s2->ssl2_rollback=1;

-		/* setup the n bytes we have read so we get them from

-		 * the sslv2 buffer */

-		s->rstate=SSL_ST_READ_HEADER;

-		s->packet_length=n;

-		s->packet= &(s->s2->rbuf[0]);

-		memcpy(s->packet,buf,n);

-		s->s2->rbuf_left=n;

-		s->s2->rbuf_offs=0;

-		s->method=SSLv2_server_method();

-		s->handshake_func=s->method->ssl_accept;

-#endif

-		}

-	if ((type == 2) || (type == 3))

-		{

-		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */

-		if (!ssl_init_wbio_buffer(s,1)) goto err;

-		/* we are in this state */

-		s->state=SSL3_ST_SR_CLNT_HELLO_A;

-		if (type == 3)

-			{

-			/* put the 'n' bytes we have read into the input buffer

-			 * for SSLv3 */

-			s->rstate=SSL_ST_READ_HEADER;

-			s->packet_length=n;

-			s->packet= &(s->s3->rbuf.buf[0]);

-			memcpy(s->packet,buf,n);

-			s->s3->rbuf.left=n;

-			s->s3->rbuf.offset=0;

-			}

-		else

-			{

-			s->packet_length=0;

-			s->s3->rbuf.left=0;

-			s->s3->rbuf.offset=0;

-			}

-		if (s->version == TLS1_VERSION)

-			s->method = TLSv1_server_method();

-		else

-			s->method = SSLv3_server_method();

-#if 0 /* ssl3_get_client_hello does this */

-		s->client_version=(v[0]<<8)|v[1];

-#endif

-		s->handshake_func=s->method->ssl_accept;

-		}

-	if ((type < 1) || (type > 3))

-		{

-		/* bad, very bad */

-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);

-		goto err;

-		}

-	s->init_num=0;

-	if (buf != buf_space) OPENSSL_free(buf);

-	return(SSL_accept(s));

-err:

-	if (buf != buf_space) OPENSSL_free(buf);

-	return(-1);

-	}

--- a/sys/src/ape/lib/openssl/ssl/s2_clnt.c

+++ /dev/null

@@ -1,1123 +1,0 @@

-/* ssl/s2_clnt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_SSL2

-#include <stdio.h>

-#include <openssl/rand.h>

-#include <openssl/buffer.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-static SSL_METHOD *ssl2_get_client_method(int ver);

-static int get_server_finished(SSL *s);

-static int get_server_verify(SSL *s);

-static int get_server_hello(SSL *s);

-static int client_hello(SSL *s);

-static int client_master_key(SSL *s);

-static int client_finished(SSL *s);

-static int client_certificate(SSL *s);

-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,

-	unsigned char *to,int padding);

-#define BREAK	break

-static SSL_METHOD *ssl2_get_client_method(int ver)

-	{

-	if (ver == SSL2_VERSION)

-		return(SSLv2_client_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl2_meth_func(SSLv2_client_method,

-			ssl_undefined_function,

-			ssl2_connect,

-			ssl2_get_client_method)

-int ssl2_connect(SSL *s)

-	{

-	unsigned long l=(unsigned long)time(NULL);

-	BUF_MEM *buf=NULL;

-	int ret= -1;

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	int new_state,state;

-	RAND_add(&l,sizeof(l),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	/* init things to blank */

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	for (;;)

-		{

-		state=s->state;

-		switch (s->state)

-			{

-		case SSL_ST_BEFORE:

-		case SSL_ST_CONNECT:

-		case SSL_ST_BEFORE|SSL_ST_CONNECT:

-		case SSL_ST_OK|SSL_ST_CONNECT:

-			s->server=0;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			s->version=SSL2_VERSION;

-			s->type=SSL_ST_CONNECT;

-			buf=s->init_buf;

-			if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))

-				{

-				ret= -1;

-				goto end;

-				}

-			if (!BUF_MEM_grow(buf,

-				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))

-				{

-				if (buf == s->init_buf)

-					buf=NULL;

-				ret= -1;

-				goto end;

-				}

-			s->init_buf=buf;

-			buf=NULL;

-			s->init_num=0;

-			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;

-			s->ctx->stats.sess_connect++;

-			s->handshake_func=ssl2_connect;

-			BREAK;

-		case SSL2_ST_SEND_CLIENT_HELLO_A:

-		case SSL2_ST_SEND_CLIENT_HELLO_B:

-			s->shutdown=0;

-			ret=client_hello(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_GET_SERVER_HELLO_A;

-			BREAK;

-		case SSL2_ST_GET_SERVER_HELLO_A:

-		case SSL2_ST_GET_SERVER_HELLO_B:

-			ret=get_server_hello(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			if (!s->hit) /* new session */

-				{

-				s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;

-				BREAK;

-				}

-			else

-				{

-				s->state=SSL2_ST_CLIENT_START_ENCRYPTION;

-				break;

-				}

-		case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:

-		case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:

-			ret=client_master_key(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_CLIENT_START_ENCRYPTION;

-			break;

-		case SSL2_ST_CLIENT_START_ENCRYPTION:

-			/* Ok, we now have all the stuff needed to

-			 * start encrypting, so lets fire it up :-) */

-			if (!ssl2_enc_init(s,1))

-				{

-				ret= -1;

-				goto end;

-				}

-			s->s2->clear_text=0;

-			s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;

-			break;

-		case SSL2_ST_SEND_CLIENT_FINISHED_A:

-		case SSL2_ST_SEND_CLIENT_FINISHED_B:

-			ret=client_finished(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_GET_SERVER_VERIFY_A;

-			break;

-		case SSL2_ST_GET_SERVER_VERIFY_A:

-		case SSL2_ST_GET_SERVER_VERIFY_B:

-			ret=get_server_verify(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_GET_SERVER_FINISHED_A;

-			break;

-		case SSL2_ST_GET_SERVER_FINISHED_A:

-		case SSL2_ST_GET_SERVER_FINISHED_B:

-			ret=get_server_finished(s);

-			if (ret <= 0) goto end;

-			break;

-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:

-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:

-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:

-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:

-		case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:

-			ret=client_certificate(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_GET_SERVER_FINISHED_A;

-			break;

-		case SSL_ST_OK:

-			if (s->init_buf != NULL)

-				{

-				BUF_MEM_free(s->init_buf);

-				s->init_buf=NULL;

-				}

-			s->init_num=0;

-		/*	ERR_clear_error();*/

-			/* If we want to cache session-ids in the client

-			 * and we successfully add the session-id to the

-			 * cache, and there is a callback, then pass it out.

-			 * 26/11/96 - eay - only add if not a re-used session.

-			 */

-			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);

-			if (s->hit) s->ctx->stats.sess_hit++;

-			ret=1;

-			/* s->server=0; */

-			s->ctx->stats.sess_connect_good++;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);

-			return(-1);

-			/* break; */

-			}

-		if ((cb != NULL) && (s->state != state))

-			{

-			new_state=s->state;

-			s->state=state;

-			cb(s,SSL_CB_CONNECT_LOOP,1);

-			s->state=new_state;

-			}

-		}

-end:

-	s->in_handshake--;

-	if (buf != NULL)

-		BUF_MEM_free(buf);

-	if (cb != NULL)

-		cb(s,SSL_CB_CONNECT_EXIT,ret);

-	return(ret);

-	}

-static int get_server_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p;

-	int i,j;

-	unsigned long len;

-	STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;

-	buf=(unsigned char *)s->init_buf->data;

-	p=buf;

-	if (s->state == SSL2_ST_GET_SERVER_HELLO_A)

-		{

-		i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);

-		if (i < (11-s->init_num))

-			return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));

-		s->init_num = 11;

-		if (*(p++) != SSL2_MT_SERVER_HELLO)

-			{

-			if (p[-1] != SSL2_MT_ERROR)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_SERVER_HELLO,

-					SSL_R_READ_WRONG_PACKET_TYPE);

-				}

-			else

-				SSLerr(SSL_F_GET_SERVER_HELLO,

-					SSL_R_PEER_ERROR);

-			return(-1);

-			}

-#ifdef __APPLE_CC__

-		/* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug

-		 * workaround. <[email protected]> */

-		s->hit=(i=*(p++))?1:0;

-#else

-		s->hit=(*(p++))?1:0;

-#endif

-		s->s2->tmp.cert_type= *(p++);

-		n2s(p,i);

-		if (i < s->version) s->version=i;

-		n2s(p,i); s->s2->tmp.cert_length=i;

-		n2s(p,i); s->s2->tmp.csl=i;

-		n2s(p,i); s->s2->tmp.conn_id_length=i;

-		s->state=SSL2_ST_GET_SERVER_HELLO_B;

-		}

-	/* SSL2_ST_GET_SERVER_HELLO_B */

-	len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;

-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

-		{

-		SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);

-		return -1;

-		}

-	j = (int)len - s->init_num;

-	i = ssl2_read(s,(char *)&(buf[s->init_num]),j);

-	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */

-	/* things are looking good */

-	p = buf + 11;

-	if (s->hit)

-		{

-		if (s->s2->tmp.cert_length != 0)

-			{

-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);

-			return(-1);

-			}

-		if (s->s2->tmp.cert_type != 0)

-			{

-			if (!(s->options &

-				SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))

-				{

-				SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);

-				return(-1);

-				}

-			}

-		if (s->s2->tmp.csl != 0)

-			{

-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);

-			return(-1);

-			}

-		}

-	else

-		{

-#ifdef undef

-		/* very bad */

-		memset(s->session->session_id,0,

-			SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);

-		s->session->session_id_length=0;

-		*/

-#endif

-		/* we need to do this in case we were trying to reuse a

-		 * client session but others are already reusing it.

-		 * If this was a new 'blank' session ID, the session-id

-		 * length will still be 0 */

-		if (s->session->session_id_length > 0)

-			{

-			if (!ssl_get_new_session(s,0))

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				return(-1);

-				}

-			}

-		if (ssl2_set_certificate(s,s->s2->tmp.cert_type,

-			s->s2->tmp.cert_length,p) <= 0)

-			{

-			ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);

-			return(-1);

-			}

-		p+=s->s2->tmp.cert_length;

-		if (s->s2->tmp.csl == 0)

-			{

-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);

-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);

-			return(-1);

-			}

-		/* We have just received a list of ciphers back from the

-		 * server.  We need to get the ones that match, then select

-		 * the one we want the most :-). */

-		/* load the ciphers */

-		sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,

-					    &s->session->ciphers);

-		p+=s->s2->tmp.csl;

-		if (sk == NULL)

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);

-			return(-1);

-			}

-		(void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);

-		/* get the array of ciphers we will accept */

-		cl=SSL_get_ciphers(s);

-		(void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);

-		/*

-		 * If server preference flag set, choose the first

-		 * (highest priority) cipher the server sends, otherwise

-		 * client preference has priority.

-		 */

-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)

-		    {

-		    prio = sk;

-		    allow = cl;

-		    }

-		else

-		    {

-		    prio = cl;

-		    allow = sk;

-		    }

-		/* In theory we could have ciphers sent back that we

-		 * don't want to use but that does not matter since we

-		 * will check against the list we originally sent and

-		 * for performance reasons we should not bother to match

-		 * the two lists up just to check. */

-		for (i=0; i<sk_SSL_CIPHER_num(prio); i++)

-			{

-			if (sk_SSL_CIPHER_find(allow,

-					     sk_SSL_CIPHER_value(prio,i)) >= 0)

-				break;

-			}

-		if (i >= sk_SSL_CIPHER_num(prio))

-			{

-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);

-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);

-			return(-1);

-			}

-		s->session->cipher=sk_SSL_CIPHER_value(prio,i);

-		if (s->session->peer != NULL) /* can't happen*/

-			{

-			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);

-			return(-1);

-			}

-		s->session->peer = s->session->sess_cert->peer_key->x509;

-		/* peer_key->x509 has been set by ssl2_set_certificate. */

-		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);

-		}

-	if (s->session->sess_cert == NULL

-      || s->session->peer != s->session->sess_cert->peer_key->x509)

-		/* can't happen */

-		{

-		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);

-		return(-1);

-		}

-	s->s2->conn_id_length=s->s2->tmp.conn_id_length;

-	if (s->s2->conn_id_length > sizeof s->s2->conn_id)

-		{

-		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);

-		return -1;

-		}

-	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);

-	return(1);

-	}

-static int client_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-/*	CIPHER **cipher;*/

-	int i,n,j;

-	buf=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)

-		{

-		if ((s->session == NULL) ||

-			(s->session->ssl_version != s->version))

-			{

-			if (!ssl_get_new_session(s,0))

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				return(-1);

-				}

-			}

-		/* else use the pre-loaded session */

-		p=buf;					/* header */

-		d=p+9;					/* data section */

-		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */

-		s2n(SSL2_VERSION,p);			/* version */

-		n=j=0;

-		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);

-		d+=n;

-		if (n == 0)

-			{

-			SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

-			return(-1);

-			}

-		s2n(n,p);			/* cipher spec num bytes */

-		if ((s->session->session_id_length > 0) &&

-			(s->session->session_id_length <=

-			SSL2_MAX_SSL_SESSION_ID_LENGTH))

-			{

-			i=s->session->session_id_length;

-			s2n(i,p);		/* session id length */

-			memcpy(d,s->session->session_id,(unsigned int)i);

-			d+=i;

-			}

-		else

-			{

-			s2n(0,p);

-			}

-		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;

-		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */

-		/*challenge id data*/

-		if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)

-			return -1;

-		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);

-		d+=SSL2_CHALLENGE_LENGTH;

-		s->state=SSL2_ST_SEND_CLIENT_HELLO_B;

-		s->init_num=d-buf;

-		s->init_off=0;

-		}

-	/* SSL2_ST_SEND_CLIENT_HELLO_B */

-	return(ssl2_do_write(s));

-	}

-static int client_master_key(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	int clear,enc,karg,i;

-	SSL_SESSION *sess;

-	const EVP_CIPHER *c;

-	const EVP_MD *md;

-	buf=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)

-		{

-		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))

-			{

-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);

-			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

-			return(-1);

-			}

-		sess=s->session;

-		p=buf;

-		d=p+10;

-		*(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */

-		i=ssl_put_cipher_by_char(s,sess->cipher,p);

-		p+=i;

-		/* make key_arg data */

-		i=EVP_CIPHER_iv_length(c);

-		sess->key_arg_length=i;

-		if (i > SSL_MAX_KEY_ARG_LENGTH)

-			{

-			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		if (i > 0)

-			if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)

-				return -1;

-		/* make a master key */

-		i=EVP_CIPHER_key_length(c);

-		sess->master_key_length=i;

-		if (i > 0)

-			{

-			if (i > (int)sizeof(sess->master_key))

-				{

-				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);

-				return -1;

-				}

-			if (RAND_bytes(sess->master_key,i) <= 0)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				return(-1);

-				}

-			}

-		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)

-			enc=8;

-		else if (SSL_C_IS_EXPORT(sess->cipher))

-			enc=5;

-		else

-			enc=i;

-		if ((int)i < enc)

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);

-			return(-1);

-			}

-		clear=i-enc;

-		s2n(clear,p);

-		memcpy(d,sess->master_key,(unsigned int)clear);

-		d+=clear;

-		enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,

-			&(sess->master_key[clear]),d,

-			(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);

-		if (enc <= 0)

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);

-			return(-1);

-			}

-#ifdef PKCS1_CHECK

-		if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;

-		if (s->options & SSL_OP_PKCS1_CHECK_2)

-			sess->master_key[clear]++;

-#endif

-		s2n(enc,p);

-		d+=enc;

-		karg=sess->key_arg_length;

-		s2n(karg,p); /* key arg size */

-		if (karg > (int)sizeof(sess->key_arg))

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		memcpy(d,sess->key_arg,(unsigned int)karg);

-		d+=karg;

-		s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;

-		s->init_num=d-buf;

-		s->init_off=0;

-		}

-	/* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */

-	return(ssl2_do_write(s));

-	}

-static int client_finished(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*(p++)=SSL2_MT_CLIENT_FINISHED;

-		if (s->s2->conn_id_length > sizeof s->s2->conn_id)

-			{

-			SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);

-		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;

-		s->init_num=s->s2->conn_id_length+1;

-		s->init_off=0;

-		}

-	return(ssl2_do_write(s));

-	}

-/* read the data and then respond */

-static int client_certificate(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	int i;

-	unsigned int n;

-	int cert_ch_len;

-	unsigned char *cert_ch;

-	buf=(unsigned char *)s->init_buf->data;

-	/* We have a cert associated with the SSL, so attach it to

-	 * the session if it does not have one */

-	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)

-		{

-		i=ssl2_read(s,(char *)&(buf[s->init_num]),

-			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);

-		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))

-			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));

-		s->init_num += i;

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */

-		/* type=buf[0]; */

-		/* type eq x509 */

-		if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)

-			{

-			ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);

-			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);

-			return(-1);

-			}

-		if ((s->cert == NULL) ||

-			(s->cert->key->x509 == NULL) ||

-			(s->cert->key->privatekey == NULL))

-			{

-			s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;

-			}

-		else

-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;

-		}

-	cert_ch = buf + 2;

-	cert_ch_len = s->init_num - 2;

-	if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)

-		{

-		X509 *x509=NULL;

-		EVP_PKEY *pkey=NULL;

-		/* If we get an error we need to

-		 * ssl->rwstate=SSL_X509_LOOKUP;

-		 * return(error);

-		 * We should then be retried when things are ok and we

-		 * can get a cert or not */

-		i=0;

-		if (s->ctx->client_cert_cb != NULL)

-			{

-			i=s->ctx->client_cert_cb(s,&(x509),&(pkey));

-			}

-		if (i < 0)

-			{

-			s->rwstate=SSL_X509_LOOKUP;

-			return(-1);

-			}

-		s->rwstate=SSL_NOTHING;

-		if ((i == 1) && (pkey != NULL) && (x509 != NULL))

-			{

-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;

-			if (	!SSL_use_certificate(s,x509) ||

-				!SSL_use_PrivateKey(s,pkey))

-				{

-				i=0;

-				}

-			X509_free(x509);

-			EVP_PKEY_free(pkey);

-			}

-		else if (i == 1)

-			{

-			if (x509 != NULL) X509_free(x509);

-			if (pkey != NULL) EVP_PKEY_free(pkey);

-			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);

-			i=0;

-			}

-		if (i == 0)

-			{

-			/* We have no client certificate to respond with

-			 * so send the correct error message back */

-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;

-			p=buf;

-			*(p++)=SSL2_MT_ERROR;

-			s2n(SSL2_PE_NO_CERTIFICATE,p);

-			s->init_off=0;

-			s->init_num=3;

-			/* Write is done at the end */

-			}

-		}

-	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)

-		{

-		return(ssl2_do_write(s));

-		}

-	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)

-		{

-		EVP_MD_CTX ctx;

-		/* ok, now we calculate the checksum

-		 * do it first so we can reuse buf :-) */

-		p=buf;

-		EVP_MD_CTX_init(&ctx);

-		EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);

-		EVP_SignUpdate(&ctx,s->s2->key_material,

-			       s->s2->key_material_length);

-		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);

-		n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);

-		EVP_SignUpdate(&ctx,buf,(unsigned int)n);

-		p=buf;

-		d=p+6;

-		*(p++)=SSL2_MT_CLIENT_CERTIFICATE;

-		*(p++)=SSL2_CT_X509_CERTIFICATE;

-		n=i2d_X509(s->cert->key->x509,&d);

-		s2n(n,p);

-		if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))

-			{

-			/* this is not good.  If things have failed it

-			 * means there so something wrong with the key.

-			 * We will continue with a 0 length signature

-			 */

-			}

-		EVP_MD_CTX_cleanup(&ctx);

-		s2n(n,p);

-		d+=n;

-		s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;

-		s->init_num=d-buf;

-		s->init_off=0;

-		}

-	/* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */

-	return(ssl2_do_write(s));

-	}

-static int get_server_verify(SSL *s)

-	{

-	unsigned char *p;

-	int i, n, len;

-	p=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)

-		{

-		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);

-		if (i < (1-s->init_num))

-			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));

-		s->init_num += i;

-		s->state= SSL2_ST_GET_SERVER_VERIFY_B;

-		if (*p != SSL2_MT_SERVER_VERIFY)

-			{

-			if (p[0] != SSL2_MT_ERROR)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_SERVER_VERIFY,

-					SSL_R_READ_WRONG_PACKET_TYPE);

-				}

-			else

-				{

-				SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);

-				/* try to read the error message */

-				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);

-				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);

-				}

-			return(-1);

-			}

-		}

-	p=(unsigned char *)s->init_buf->data;

-	len = 1 + s->s2->challenge_length;

-	n =  len - s->init_num;

-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);

-	if (i < n)

-		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */

-	p += 1;

-	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);

-		return(-1);

-		}

-	return(1);

-	}

-static int get_server_finished(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p;

-	int i, n, len;

-	buf=(unsigned char *)s->init_buf->data;

-	p=buf;

-	if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)

-		{

-		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);

-		if (i < (1-s->init_num))

-			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));

-		s->init_num += i;

-		if (*p == SSL2_MT_REQUEST_CERTIFICATE)

-			{

-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;

-			return(1);

-			}

-		else if (*p != SSL2_MT_SERVER_FINISHED)

-			{

-			if (p[0] != SSL2_MT_ERROR)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);

-				}

-			else

-				{

-				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);

-				/* try to read the error message */

-				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);

-				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);

-				}

-			return(-1);

-			}

-		s->state=SSL2_ST_GET_SERVER_FINISHED_B;

-		}

-	len = 1 + SSL2_SSL_SESSION_ID_LENGTH;

-	n = len - s->init_num;

-	i = ssl2_read(s,(char *)&(buf[s->init_num]), n);

-	if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */

-		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));

-	s->init_num += i;

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */

-	if (!s->hit) /* new session */

-		{

-		/* new session-id */

-		/* Make sure we were not trying to re-use an old SSL_SESSION

-		 * or bad things can happen */

-		/* ZZZZZZZZZZZZZ */

-		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;

-		memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);

-		}

-	else

-		{

-		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))

-			{

-			if ((s->session->session_id_length > sizeof s->session->session_id)

-			    || (0 != memcmp(buf + 1, s->session->session_id,

-			                    (unsigned int)s->session->session_id_length)))

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);

-				return(-1);

-				}

-			}

-		}

-	s->state = SSL_ST_OK;

-	return(1);

-	}

-/* loads in the certificate from the server */

-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)

-	{

-	STACK_OF(X509) *sk=NULL;

-	EVP_PKEY *pkey=NULL;

-	SESS_CERT *sc=NULL;

-	int i;

-	X509 *x509=NULL;

-	int ret=0;

-	x509=d2i_X509(NULL,&data,(long)len);

-	if (x509 == NULL)

-		{

-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);

-		goto err;

-		}

-	if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))

-		{

-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	i=ssl_verify_cert_chain(s,sk);

-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))

-		{

-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);

-		goto err;

-		}

-	ERR_clear_error(); /* but we keep s->verify_result */

-	s->session->verify_result = s->verify_result;

-	/* server's cert for this session */

-	sc=ssl_sess_cert_new();

-	if (sc == NULL)

-		{

-		ret= -1;

-		goto err;

-		}

-	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);

-	s->session->sess_cert=sc;

-	sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;

-	sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);

-	pkey=X509_get_pubkey(x509);

-	x509=NULL;

-	if (pkey == NULL)

-		{

-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);

-		goto err;

-		}

-	if (pkey->type != EVP_PKEY_RSA)

-		{

-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);

-		goto err;

-		}

-	if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))

-		goto err;

-	ret=1;

-err:

-	sk_X509_free(sk);

-	X509_free(x509);

-	EVP_PKEY_free(pkey);

-	return(ret);

-	}

-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,

-	     unsigned char *to, int padding)

-	{

-	EVP_PKEY *pkey=NULL;

-	int i= -1;

-	if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||

-		((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))

-		{

-		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);

-		return(-1);

-		}

-	if (pkey->type != EVP_PKEY_RSA)

-		{

-		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);

-		goto end;

-		}

-	/* we have the public key */

-	i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);

-	if (i < 0)

-		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);

-end:

-	EVP_PKEY_free(pkey);

-	return(i);

-	}

-#else /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s2_enc.c

+++ /dev/null

@@ -1,194 +1,0 @@

-/* ssl/s2_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_SSL2

-#include <stdio.h>

-int ssl2_enc_init(SSL *s, int client)

-	{

-	/* Max number of bytes needed */

-	EVP_CIPHER_CTX *rs,*ws;

-	const EVP_CIPHER *c;

-	const EVP_MD *md;

-	int num;

-	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))

-		{

-		ssl2_return_error(s,SSL2_PE_NO_CIPHER);

-		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

-		return(0);

-		}

-	s->read_hash=md;

-	s->write_hash=md;

-	if ((s->enc_read_ctx == NULL) &&

-		((s->enc_read_ctx=(EVP_CIPHER_CTX *)

-		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))

-		goto err;

-	/* make sure it's intialized in case the malloc for enc_write_ctx fails

-	 * and we exit with an error */

-	rs= s->enc_read_ctx;

-	EVP_CIPHER_CTX_init(rs);

-	if ((s->enc_write_ctx == NULL) &&

-		((s->enc_write_ctx=(EVP_CIPHER_CTX *)

-		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))

-		goto err;

-	ws= s->enc_write_ctx;

-	EVP_CIPHER_CTX_init(ws);

-	num=c->key_len;

-	s->s2->key_material_length=num*2;

-	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);

-	if (ssl2_generate_key_material(s) <= 0)

-		return 0;

-	OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));

-	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),

-		s->session->key_arg);

-	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),

-		s->session->key_arg);

-	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);

-	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);

-	return(1);

-err:

-	SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

-/* read/writes from s->s2->mac_data using length for encrypt and

- * decrypt.  It sets s->s2->padding and s->[rw]length

- * if we are encrypting */

-void ssl2_enc(SSL *s, int send)

-	{

-	EVP_CIPHER_CTX *ds;

-	unsigned long l;

-	int bs;

-	if (send)

-		{

-		ds=s->enc_write_ctx;

-		l=s->s2->wlength;

-		}

-	else

-		{

-		ds=s->enc_read_ctx;

-		l=s->s2->rlength;

-		}

-	/* check for NULL cipher */

-	if (ds == NULL) return;

-	bs=ds->cipher->block_size;

-	/* This should be using (bs-1) and bs instead of 7 and 8, but

-	 * what the hell. */

-	if (bs == 8)

-		l=(l+7)/8*8;

-	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);

-	}

-void ssl2_mac(SSL *s, unsigned char *md, int send)

-	{

-	EVP_MD_CTX c;

-	unsigned char sequence[4],*p,*sec,*act;

-	unsigned long seq;

-	unsigned int len;

-	if (send)

-		{

-		seq=s->s2->write_sequence;

-		sec=s->s2->write_key;

-		len=s->s2->wact_data_length;

-		act=s->s2->wact_data;

-		}

-	else

-		{

-		seq=s->s2->read_sequence;

-		sec=s->s2->read_key;

-		len=s->s2->ract_data_length;

-		act=s->s2->ract_data;

-		}

-	p= &(sequence[0]);

-	l2n(seq,p);

-	/* There has to be a MAC algorithm. */

-	EVP_MD_CTX_init(&c);

-	EVP_DigestInit_ex(&c, s->read_hash, NULL);

-	EVP_DigestUpdate(&c,sec,

-		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));

-	EVP_DigestUpdate(&c,act,len);

-	/* the above line also does the pad data */

-	EVP_DigestUpdate(&c,sequence,4);

-	EVP_DigestFinal_ex(&c,md,NULL);

-	EVP_MD_CTX_cleanup(&c);

-	}

-#else /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s2_lib.c

+++ /dev/null

@@ -1,478 +1,0 @@

-/* ssl/s2_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_SSL2

-#include <stdio.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/md5.h>

-const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;

-#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))

-/* list of available SSLv2 ciphers (sorted by id) */

-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={

-/* NULL_WITH_MD5 v3 */

-#if 0

-	{

-	1,

-	SSL2_TXT_NULL_WITH_MD5,

-	SSL2_CK_NULL_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,

-	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,

-	0,

-	0,

-	0,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif

-/* RC4_128_WITH_MD5 */

-	{

-	1,

-	SSL2_TXT_RC4_128_WITH_MD5,

-	SSL2_CK_RC4_128_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* RC4_128_EXPORT40_WITH_MD5 */

-	{

-	1,

-	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,

-	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,

-	SSL_EXPORT|SSL_EXP40,

-	SSL2_CF_5_BYTE_ENC,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* RC2_128_CBC_WITH_MD5 */

-	{

-	1,

-	SSL2_TXT_RC2_128_CBC_WITH_MD5,

-	SSL2_CK_RC2_128_CBC_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* RC2_128_CBC_EXPORT40_WITH_MD5 */

-	{

-	1,

-	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,

-	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,

-	SSL_EXPORT|SSL_EXP40,

-	SSL2_CF_5_BYTE_ENC,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* IDEA_128_CBC_WITH_MD5 */

-#ifndef OPENSSL_NO_IDEA

-	{

-	1,

-	SSL2_TXT_IDEA_128_CBC_WITH_MD5,

-	SSL2_CK_IDEA_128_CBC_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif

-/* DES_64_CBC_WITH_MD5 */

-	{

-	1,

-	SSL2_TXT_DES_64_CBC_WITH_MD5,

-	SSL2_CK_DES_64_CBC_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* DES_192_EDE3_CBC_WITH_MD5 */

-	{

-	1,

-	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,

-	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* RC4_64_WITH_MD5 */

-#if 0

-	{

-	1,

-	SSL2_TXT_RC4_64_WITH_MD5,

-	SSL2_CK_RC4_64_WITH_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,

-	SSL_NOT_EXP|SSL_LOW,

-	SSL2_CF_8_BYTE_ENC,

-	64,

-	64,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif

-/* NULL SSLeay (testing) */

-#if 0

-	{

-	0,

-	SSL2_TXT_NULL,

-	SSL2_CK_NULL,

-	0,

-	SSL_STRONG_NONE,

-	0,

-	0,

-	0,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif

-/* end of list :-) */

-	};

-long ssl2_default_timeout(void)

-	{

-	return(300);

-	}

-IMPLEMENT_ssl2_meth_func(sslv2_base_method,

-			ssl_undefined_function,

-			ssl_undefined_function,

-			ssl_bad_method)

-int ssl2_num_ciphers(void)

-	{

-	return(SSL2_NUM_CIPHERS);

-	}

-SSL_CIPHER *ssl2_get_cipher(unsigned int u)

-	{

-	if (u < SSL2_NUM_CIPHERS)

-		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));

-	else

-		return(NULL);

-	}

-int ssl2_pending(const SSL *s)

-	{

-	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;

-	}

-int ssl2_new(SSL *s)

-	{

-	SSL2_STATE *s2;

-	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;

-	memset(s2,0,sizeof *s2);

-#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2

-#  error "assertion failed"

-#endif

-	if ((s2->rbuf=OPENSSL_malloc(

-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;

-	/* wbuf needs one byte more because when using two-byte headers,

-	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */

-	if ((s2->wbuf=OPENSSL_malloc(

-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;

-	s->s2=s2;

-	ssl2_clear(s);

-	return(1);

-err:

-	if (s2 != NULL)

-		{

-		if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);

-		if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);

-		OPENSSL_free(s2);

-		}

-	return(0);

-	}

-void ssl2_free(SSL *s)

-	{

-	SSL2_STATE *s2;

-	if(s == NULL)

-	    return;

-	s2=s->s2;

-	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);

-	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);

-	OPENSSL_cleanse(s2,sizeof *s2);

-	OPENSSL_free(s2);

-	s->s2=NULL;

-	}

-void ssl2_clear(SSL *s)

-	{

-	SSL2_STATE *s2;

-	unsigned char *rbuf,*wbuf;

-	s2=s->s2;

-	rbuf=s2->rbuf;

-	wbuf=s2->wbuf;

-	memset(s2,0,sizeof *s2);

-	s2->rbuf=rbuf;

-	s2->wbuf=wbuf;

-	s2->clear_text=1;

-	s->packet=s2->rbuf;

-	s->version=SSL2_VERSION;

-	s->packet_length=0;

-	}

-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)

-	{

-	int ret=0;

-	switch(cmd)

-		{

-	case SSL_CTRL_GET_SESSION_REUSED:

-		ret=s->hit;

-		break;

-	default:

-		break;

-		}

-	return(ret);

-	}

-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))

-	{

-	return(0);

-	}

-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)

-	{

-	return(0);

-	}

-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))

-	{

-	return(0);

-	}

-/* This function needs to check if the ciphers required are actually

- * available */

-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)

-	{

-	SSL_CIPHER c,*cp;

-	unsigned long id;

-	id=0x02000000L|((unsigned long)p[0]<<16L)|

-		((unsigned long)p[1]<<8L)|(unsigned long)p[2];

-	c.id=id;

-	cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,

-		(char *)ssl2_ciphers,

-		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),

-		FP_ICC ssl_cipher_id_cmp);

-	if ((cp == NULL) || (cp->valid == 0))

-		return NULL;

-	else

-		return cp;

-	}

-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)

-	{

-	long l;

-	if (p != NULL)

-		{

-		l=c->id;

-		if ((l & 0xff000000) != 0x02000000) return(0);

-		p[0]=((unsigned char)(l>>16L))&0xFF;

-		p[1]=((unsigned char)(l>> 8L))&0xFF;

-		p[2]=((unsigned char)(l     ))&0xFF;

-		}

-	return(3);

-	}

-int ssl2_generate_key_material(SSL *s)

-	{

-	unsigned int i;

-	EVP_MD_CTX ctx;

-	unsigned char *km;

-	unsigned char c='0';

-	const EVP_MD *md5;

-	md5 = EVP_md5();

-#ifdef CHARSET_EBCDIC

-	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',

-				see SSLv2 docu */

-#endif

-	EVP_MD_CTX_init(&ctx);

-	km=s->s2->key_material;

- 	if (s->session->master_key_length < 0 ||

-			s->session->master_key_length > (int)sizeof(s->session->master_key))

- 		{

- 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);

- 		return 0;

- 		}

-	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))

-		{

-		if (((km - s->s2->key_material) + EVP_MD_size(md5)) >

-				(int)sizeof(s->s2->key_material))

-			{

-			/* EVP_DigestFinal_ex() below would write beyond buffer */

-			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);

-			return 0;

-			}

-		EVP_DigestInit_ex(&ctx, md5, NULL);

-		OPENSSL_assert(s->session->master_key_length >= 0

-		    && s->session->master_key_length

-		    < (int)sizeof(s->session->master_key));

-		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);

-		EVP_DigestUpdate(&ctx,&c,1);

-		c++;

-		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);

-		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);

-		EVP_DigestFinal_ex(&ctx,km,NULL);

-		km += EVP_MD_size(md5);

-		}

-	EVP_MD_CTX_cleanup(&ctx);

-	return 1;

-	}

-void ssl2_return_error(SSL *s, int err)

-	{

-	if (!s->error)

-		{

-		s->error=3;

-		s->error_code=err;

-		ssl2_write_error(s);

-		}

-	}

-void ssl2_write_error(SSL *s)

-	{

-	unsigned char buf[3];

-	int i,error;

-	buf[0]=SSL2_MT_ERROR;

-	buf[1]=(s->error_code>>8)&0xff;

-	buf[2]=(s->error_code)&0xff;

-/*	state=s->rwstate;*/

-	error=s->error; /* number of bytes left to write */

-	s->error=0;

-	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));

-	i=ssl2_write(s,&(buf[3-error]),error);

-/*	if (i == error) s->rwstate=state; */

-	if (i < 0)

-		s->error=error;

-	else

-		{

-		s->error=error-i;

-		if (s->error == 0)

-			if (s->msg_callback)

-				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */

-		}

-	}

-int ssl2_shutdown(SSL *s)

-	{

-	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-	return(1);

-	}

-#else /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s2_meth.c

+++ /dev/null

@@ -1,84 +1,0 @@

-/* ssl/s2_meth.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_SSL2

-#include <stdio.h>

-#include <openssl/objects.h>

-static SSL_METHOD *ssl2_get_method(int ver);

-static SSL_METHOD *ssl2_get_method(int ver)

-	{

-	if (ver == SSL2_VERSION)

-		return(SSLv2_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl2_meth_func(SSLv2_method,

-			ssl2_accept,

-			ssl2_connect,

-			ssl2_get_method)

-#else /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s2_pkt.c

+++ /dev/null

@@ -1,737 +1,0 @@

-/* ssl/s2_pkt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_SSL2

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);

-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);

-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);

-static int ssl_mt_error(int n);

-/* SSL 2.0 imlementation for SSL_read/SSL_peek -

- * This routine will return 0 to len bytes, decrypted etc if required.

- */

-static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)

-	{

-	int n;

-	unsigned char mac[MAX_MAC_SIZE];

-	unsigned char *p;

-	int i;

-	unsigned int mac_size;

- ssl2_read_again:

-	if (SSL_in_init(s) && !s->in_handshake)

-		{

-		n=s->handshake_func(s);

-		if (n < 0) return(n);

-		if (n == 0)

-			{

-			SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		}

-	clear_sys_error();

-	s->rwstate=SSL_NOTHING;

-	if (len <= 0) return(len);

-	if (s->s2->ract_data_length != 0) /* read from buffer */

-		{

-		if (len > s->s2->ract_data_length)

-			n=s->s2->ract_data_length;

-		else

-			n=len;

-		memcpy(buf,s->s2->ract_data,(unsigned int)n);

-		if (!peek)

-			{

-			s->s2->ract_data_length-=n;

-			s->s2->ract_data+=n;

-			if (s->s2->ract_data_length == 0)

-				s->rstate=SSL_ST_READ_HEADER;

-			}

-		return(n);

-		}

-	/* s->s2->ract_data_length == 0

-	 *

-	 * Fill the buffer, then goto ssl2_read_again.

-	 */

-	if (s->rstate == SSL_ST_READ_HEADER)

-		{

-		if (s->first_packet)

-			{

-			n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);

-			if (n <= 0) return(n); /* error or non-blocking */

-			s->first_packet=0;

-			p=s->packet;

-			if (!((p[0] & 0x80) && (

-				(p[2] == SSL2_MT_CLIENT_HELLO) ||

-				(p[2] == SSL2_MT_SERVER_HELLO))))

-				{

-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);

-				return(-1);

-				}

-			}

-		else

-			{

-			n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);

-			if (n <= 0) return(n); /* error or non-blocking */

-			}

-		/* part read stuff */

-		s->rstate=SSL_ST_READ_BODY;

-		p=s->packet;

-		/* Do header */

-		/*s->s2->padding=0;*/

-		s->s2->escape=0;

-		s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);

-		if ((p[0] & TWO_BYTE_BIT))		/* Two byte header? */

-			{

-			s->s2->three_byte_header=0;

-			s->s2->rlength&=TWO_BYTE_MASK;

-			}

-		else

-			{

-			s->s2->three_byte_header=1;

-			s->s2->rlength&=THREE_BYTE_MASK;

-			/* security >s2->escape */

-			s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;

-			}

-		}

-	if (s->rstate == SSL_ST_READ_BODY)

-		{

-		n=s->s2->rlength+2+s->s2->three_byte_header;

-		if (n > (int)s->packet_length)

-			{

-			n-=s->packet_length;

-			i=read_n(s,(unsigned int)n,(unsigned int)n,1);

-			if (i <= 0) return(i); /* ERROR */

-			}

-		p= &(s->packet[2]);

-		s->rstate=SSL_ST_READ_HEADER;

-		if (s->s2->three_byte_header)

-			s->s2->padding= *(p++);

-		else	s->s2->padding=0;

-		/* Data portion */

-		if (s->s2->clear_text)

-			{

-			mac_size = 0;

-			s->s2->mac_data=p;

-			s->s2->ract_data=p;

-			if (s->s2->padding)

-				{

-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);

-				return(-1);

-				}

-			}

-		else

-			{

-			mac_size=EVP_MD_size(s->read_hash);

-			OPENSSL_assert(mac_size <= MAX_MAC_SIZE);

-			s->s2->mac_data=p;

-			s->s2->ract_data= &p[mac_size];

-			if (s->s2->padding + mac_size > s->s2->rlength)

-				{

-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);

-				return(-1);

-				}

-			}

-		s->s2->ract_data_length=s->s2->rlength;

-		/* added a check for length > max_size in case

-		 * encryption was not turned on yet due to an error */

-		if ((!s->s2->clear_text) &&

-			(s->s2->rlength >= mac_size))

-			{

-			ssl2_enc(s,0);

-			s->s2->ract_data_length-=mac_size;

-			ssl2_mac(s,mac,0);

-			s->s2->ract_data_length-=s->s2->padding;

-			if (	(memcmp(mac,s->s2->mac_data,

-				(unsigned int)mac_size) != 0) ||

-				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))

-				{

-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);

-				return(-1);

-				}

-			}

-		INC32(s->s2->read_sequence); /* expect next number */

-		/* s->s2->ract_data is now available for processing */

-		/* Possibly the packet that we just read had 0 actual data bytes.

-		 * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)

-		 * In this case, returning 0 would be interpreted by the caller

-		 * as indicating EOF, so it's not a good idea.  Instead, we just

-		 * continue reading; thus ssl2_read_internal may have to process

-		 * multiple packets before it can return.

-		 *

-		 * [Note that using select() for blocking sockets *never* guarantees

-		 * that the next SSL_read will not block -- the available

-		 * data may contain incomplete packets, and except for SSL 2,

-		 * renegotiation can confuse things even more.] */

-		goto ssl2_read_again; /* This should really be

-		                       * "return ssl2_read(s,buf,len)",

-		                       * but that would allow for

-		                       * denial-of-service attacks if a

-		                       * C compiler is used that does not

-		                       * recognize end-recursion. */

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);

-			return(-1);

-		}

-	}

-int ssl2_read(SSL *s, void *buf, int len)

-	{

-	return ssl2_read_internal(s, buf, len, 0);

-	}

-int ssl2_peek(SSL *s, void *buf, int len)

-	{

-	return ssl2_read_internal(s, buf, len, 1);

-	}

-static int read_n(SSL *s, unsigned int n, unsigned int max,

-	     unsigned int extend)

-	{

-	int i,off,newb;

-	/* if there is stuff still in the buffer from a previous read,

-	 * and there is more than we want, take some. */

-	if (s->s2->rbuf_left >= (int)n)

-		{

-		if (extend)

-			s->packet_length+=n;

-		else

-			{

-			s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);

-			s->packet_length=n;

-			}

-		s->s2->rbuf_left-=n;

-		s->s2->rbuf_offs+=n;

-		return(n);

-		}

-	if (!s->read_ahead) max=n;

-	if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))

-		max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;

-	/* Else we want more than we have.

-	 * First, if there is some left or we want to extend */

-	off=0;

-	if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))

-		{

-		newb=s->s2->rbuf_left;

-		if (extend)

-			{

-			off=s->packet_length;

-			if (s->packet != s->s2->rbuf)

-				memcpy(s->s2->rbuf,s->packet,

-					(unsigned int)newb+off);

-			}

-		else if (s->s2->rbuf_offs != 0)

-			{

-			memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),

-				(unsigned int)newb);

-			s->s2->rbuf_offs=0;

-			}

-		s->s2->rbuf_left=0;

-		}

-	else

-		newb=0;

-	/* off is the offset to start writing too.

-	 * r->s2->rbuf_offs is the 'unread data', now 0.

-	 * newb is the number of new bytes so far

-	 */

-	s->packet=s->s2->rbuf;

-	while (newb < (int)n)

-		{

-		clear_sys_error();

-		if (s->rbio != NULL)

-			{

-			s->rwstate=SSL_READING;

-			i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),

-				max-newb);

-			}

-		else

-			{

-			SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);

-			i= -1;

-			}

-#ifdef PKT_DEBUG

-		if (s->debug & 0x01) sleep(1);

-#endif

-		if (i <= 0)

-			{

-			s->s2->rbuf_left+=newb;

-			return(i);

-			}

-		newb+=i;

-		}

-	/* record unread data */

-	if (newb > (int)n)

-		{

-		s->s2->rbuf_offs=n+off;

-		s->s2->rbuf_left=newb-n;

-		}

-	else

-		{

-		s->s2->rbuf_offs=0;

-		s->s2->rbuf_left=0;

-		}

-	if (extend)

-		s->packet_length+=n;

-	else

-		s->packet_length=n;

-	s->rwstate=SSL_NOTHING;

-	return(n);

-	}

-int ssl2_write(SSL *s, const void *_buf, int len)

-	{

-	const unsigned char *buf=_buf;

-	unsigned int n,tot;

-	int i;

-	if (SSL_in_init(s) && !s->in_handshake)

-		{

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		}

-	if (s->error)

-		{

-		ssl2_write_error(s);

-		if (s->error)

-			return(-1);

-		}

-	clear_sys_error();

-	s->rwstate=SSL_NOTHING;

-	if (len <= 0) return(len);

-	tot=s->s2->wnum;

-	s->s2->wnum=0;

-	n=(len-tot);

-	for (;;)

-		{

-		i=do_ssl_write(s,&(buf[tot]),n);

-		if (i <= 0)

-			{

-			s->s2->wnum=tot;

-			return(i);

-			}

-		if ((i == (int)n) ||

-			(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))

-			{

-			return(tot+i);

-			}

-		n-=i;

-		tot+=i;

-		}

-	}

-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)

-	{

-	int i;

-	/* s->s2->wpend_len != 0 MUST be true. */

-	/* check that they have given us the same buffer to

-	 * write */

-	if ((s->s2->wpend_tot > (int)len) ||

-		((s->s2->wpend_buf != buf) &&

-		 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))

-		{

-		SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);

-		return(-1);

-		}

-	for (;;)

-		{

-		clear_sys_error();

-		if (s->wbio != NULL)

-			{

-			s->rwstate=SSL_WRITING;

-			i=BIO_write(s->wbio,

-				(char *)&(s->s2->write_ptr[s->s2->wpend_off]),

-				(unsigned int)s->s2->wpend_len);

-			}

-		else

-			{

-			SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);

-			i= -1;

-			}

-#ifdef PKT_DEBUG

-		if (s->debug & 0x01) sleep(1);

-#endif

-		if (i == s->s2->wpend_len)

-			{

-			s->s2->wpend_len=0;

-			s->rwstate=SSL_NOTHING;

-			return(s->s2->wpend_ret);

-			}

-		else if (i <= 0)

-			return(i);

-		s->s2->wpend_off+=i;

-		s->s2->wpend_len-=i;

-		}

-	}

-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)

-	{

-	unsigned int j,k,olen,p,mac_size,bs;

-	register unsigned char *pp;

-	olen=len;

-	/* first check if there is data from an encryption waiting to

-	 * be sent - it must be sent because the other end is waiting.

-	 * This will happen with non-blocking IO.  We print it and then

-	 * return.

-	 */

-	if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));

-	/* set mac_size to mac size */

-	if (s->s2->clear_text)

-		mac_size=0;

-	else

-		mac_size=EVP_MD_size(s->write_hash);

-	/* lets set the pad p */

-	if (s->s2->clear_text)

-		{

-		if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)

-			len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;

-		p=0;

-		s->s2->three_byte_header=0;

-		/* len=len; */

-		}

-	else

-		{

-		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);

-		j=len+mac_size;

-		/* Two-byte headers allow for a larger record length than

-		 * three-byte headers, but we can't use them if we need

-		 * padding or if we have to set the escape bit. */

-		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&

-			(!s->s2->escape))

-			{

-			if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)

-				j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;

-			/* set k to the max number of bytes with 2

-			 * byte header */

-			k=j-(j%bs);

-			/* how many data bytes? */

-			len=k-mac_size;

-			s->s2->three_byte_header=0;

-			p=0;

-			}

-		else if ((bs <= 1) && (!s->s2->escape))

-			{

-			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus

-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */

-			s->s2->three_byte_header=0;

-			p=0;

-			}

-		else /* we may have to use a 3 byte header */

-			{

-			/* If s->s2->escape is not set, then

-			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus

-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */

-			p=(j%bs);

-			p=(p == 0)?0:(bs-p);

-			if (s->s2->escape)

-				{

-				s->s2->three_byte_header=1;

-				if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

-					j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;

-				}

-			else

-				s->s2->three_byte_header=(p == 0)?0:1;

-			}

-		}

-	/* Now

-	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER

-	 * holds, and if s->s2->three_byte_header is set, then even

-	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.

-	 */

-	/* mac_size is the number of MAC bytes

-	 * len is the number of data bytes we are going to send

-	 * p is the number of padding bytes

-	 * (if it is a two-byte header, then p == 0) */

-	s->s2->wlength=len;

-	s->s2->padding=p;

-	s->s2->mac_data= &(s->s2->wbuf[3]);

-	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);

-	/* we copy the data into s->s2->wbuf */

-	memcpy(s->s2->wact_data,buf,len);

-	if (p)

-		memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */

-	if (!s->s2->clear_text)

-		{

-		s->s2->wact_data_length=len+p;

-		ssl2_mac(s,s->s2->mac_data,1);

-		s->s2->wlength+=p+mac_size;

-		ssl2_enc(s,1);

-		}

-	/* package up the header */

-	s->s2->wpend_len=s->s2->wlength;

-	if (s->s2->three_byte_header) /* 3 byte header */

-		{

-		pp=s->s2->mac_data;

-		pp-=3;

-		pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);

-		if (s->s2->escape) pp[0]|=SEC_ESC_BIT;

-		pp[1]=s->s2->wlength&0xff;

-		pp[2]=s->s2->padding;

-		s->s2->wpend_len+=3;

-		}

-	else

-		{

-		pp=s->s2->mac_data;

-		pp-=2;

-		pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;

-		pp[1]=s->s2->wlength&0xff;

-		s->s2->wpend_len+=2;

-		}

-	s->s2->write_ptr=pp;

-	INC32(s->s2->write_sequence); /* expect next number */

-	/* lets try to actually write the data */

-	s->s2->wpend_tot=olen;

-	s->s2->wpend_buf=buf;

-	s->s2->wpend_ret=len;

-	s->s2->wpend_off=0;

-	return(write_pending(s,buf,olen));

-	}

-int ssl2_part_read(SSL *s, unsigned long f, int i)

-	{

-	unsigned char *p;

-	int j;

-	if (i < 0)

-		{

-		/* ssl2_return_error(s); */

-		/* for non-blocking io,

-		 * this is not necessarily fatal */

-		return(i);

-		}

-	else

-		{

-		s->init_num+=i;

-		/* Check for error.  While there are recoverable errors,

-		 * this function is not called when those must be expected;

-		 * any error detected here is fatal. */

-		if (s->init_num >= 3)

-			{

-			p=(unsigned char *)s->init_buf->data;

-			if (p[0] == SSL2_MT_ERROR)

-				{

-				j=(p[1]<<8)|p[2];

-				SSLerr((int)f,ssl_mt_error(j));

-				s->init_num -= 3;

-				if (s->init_num > 0)

-					memmove(p, p+3, s->init_num);

-				}

-			}

-		/* If it's not an error message, we have some error anyway --

-		 * the message was shorter than expected.  This too is treated

-		 * as fatal (at least if SSL_get_error is asked for its opinion). */

-		return(0);

-		}

-	}

-int ssl2_do_write(SSL *s)

-	{

-	int ret;

-	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);

-	if (ret == s->init_num)

-		{

-		if (s->msg_callback)

-			s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);

-		return(1);

-		}

-	if (ret < 0)

-		return(-1);

-	s->init_off+=ret;

-	s->init_num-=ret;

-	return(0);

-	}

-static int ssl_mt_error(int n)

-	{

-	int ret;

-	switch (n)

-		{

-	case SSL2_PE_NO_CIPHER:

-		ret=SSL_R_PEER_ERROR_NO_CIPHER;

-		break;

-	case SSL2_PE_NO_CERTIFICATE:

-		ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;

-		break;

-	case SSL2_PE_BAD_CERTIFICATE:

-		ret=SSL_R_PEER_ERROR_CERTIFICATE;

-		break;

-	case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:

-		ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;

-		break;

-	default:

-		ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;

-		break;

-		}

-	return(ret);

-	}

-#else /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s2_srvr.c

+++ /dev/null

@@ -1,1143 +1,0 @@

-/* ssl/s2_srvr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_SSL2

-#include <stdio.h>

-#include <openssl/bio.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-static SSL_METHOD *ssl2_get_server_method(int ver);

-static int get_client_master_key(SSL *s);

-static int get_client_hello(SSL *s);

-static int server_hello(SSL *s);

-static int get_client_finished(SSL *s);

-static int server_verify(SSL *s);

-static int server_finish(SSL *s);

-static int request_certificate(SSL *s);

-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,

-	unsigned char *to,int padding);

-#define BREAK	break

-static SSL_METHOD *ssl2_get_server_method(int ver)

-	{

-	if (ver == SSL2_VERSION)

-		return(SSLv2_server_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl2_meth_func(SSLv2_server_method,

-			ssl2_accept,

-			ssl_undefined_function,

-			ssl2_get_server_method)

-int ssl2_accept(SSL *s)

-	{

-	unsigned long l=(unsigned long)time(NULL);

-	BUF_MEM *buf=NULL;

-	int ret= -1;

-	long num1;

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	int new_state,state;

-	RAND_add(&l,sizeof(l),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	/* init things to blank */

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	if (s->cert == NULL)

-		{

-		SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);

-		return(-1);

-		}

-	clear_sys_error();

-	for (;;)

-		{

-		state=s->state;

-		switch (s->state)

-			{

-		case SSL_ST_BEFORE:

-		case SSL_ST_ACCEPT:

-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:

-		case SSL_ST_OK|SSL_ST_ACCEPT:

-			s->server=1;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			s->version=SSL2_VERSION;

-			s->type=SSL_ST_ACCEPT;

-			buf=s->init_buf;

-			if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))

-				{ ret= -1; goto end; }

-			if (!BUF_MEM_grow(buf,(int)

-				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))

-				{ ret= -1; goto end; }

-			s->init_buf=buf;

-			s->init_num=0;

-			s->ctx->stats.sess_accept++;

-			s->handshake_func=ssl2_accept;

-			s->state=SSL2_ST_GET_CLIENT_HELLO_A;

-			BREAK;

-		case SSL2_ST_GET_CLIENT_HELLO_A:

-		case SSL2_ST_GET_CLIENT_HELLO_B:

-		case SSL2_ST_GET_CLIENT_HELLO_C:

-			s->shutdown=0;

-			ret=get_client_hello(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_SEND_SERVER_HELLO_A;

-			BREAK;

-		case SSL2_ST_SEND_SERVER_HELLO_A:

-		case SSL2_ST_SEND_SERVER_HELLO_B:

-			ret=server_hello(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			if (!s->hit)

-				{

-				s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;

-				BREAK;

-				}

-			else

-				{

-				s->state=SSL2_ST_SERVER_START_ENCRYPTION;

-				BREAK;

-				}

-		case SSL2_ST_GET_CLIENT_MASTER_KEY_A:

-		case SSL2_ST_GET_CLIENT_MASTER_KEY_B:

-			ret=get_client_master_key(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_SERVER_START_ENCRYPTION;

-			BREAK;

-		case SSL2_ST_SERVER_START_ENCRYPTION:

-			/* Ok we how have sent all the stuff needed to

-			 * start encrypting, the next packet back will

-			 * be encrypted. */

-			if (!ssl2_enc_init(s,0))

-				{ ret= -1; goto end; }

-			s->s2->clear_text=0;

-			s->state=SSL2_ST_SEND_SERVER_VERIFY_A;

-			BREAK;

-		case SSL2_ST_SEND_SERVER_VERIFY_A:

-		case SSL2_ST_SEND_SERVER_VERIFY_B:

-			ret=server_verify(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			if (s->hit)

-				{

-				/* If we are in here, we have been

-				 * buffering the output, so we need to

-				 * flush it and remove buffering from

-				 * future traffic */

-				s->state=SSL2_ST_SEND_SERVER_VERIFY_C;

-				BREAK;

-				}

-			else

-				{

-				s->state=SSL2_ST_GET_CLIENT_FINISHED_A;

-				break;

-				}

- 		case SSL2_ST_SEND_SERVER_VERIFY_C:

- 			/* get the number of bytes to write */

- 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);

- 			if (num1 != 0)

- 				{

-				s->rwstate=SSL_WRITING;

- 				num1=BIO_flush(s->wbio);

- 				if (num1 <= 0) { ret= -1; goto end; }

-				s->rwstate=SSL_NOTHING;

-				}

- 			/* flushed and now remove buffering */

- 			s->wbio=BIO_pop(s->wbio);

- 			s->state=SSL2_ST_GET_CLIENT_FINISHED_A;

-  			BREAK;

-		case SSL2_ST_GET_CLIENT_FINISHED_A:

-		case SSL2_ST_GET_CLIENT_FINISHED_B:

-			ret=get_client_finished(s);

-			if (ret <= 0)

-				goto end;

-			s->init_num=0;

-			s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;

-			BREAK;

-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:

-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:

-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:

-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:

-			/* don't do a 'request certificate' if we

-			 * don't want to, or we already have one, and

-			 * we only want to do it once. */

-			if (!(s->verify_mode & SSL_VERIFY_PEER) ||

-				((s->session->peer != NULL) &&

-				(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))

-				{

-				s->state=SSL2_ST_SEND_SERVER_FINISHED_A;

-				break;

-				}

-			else

-				{

-				ret=request_certificate(s);

-				if (ret <= 0) goto end;

-				s->init_num=0;

-				s->state=SSL2_ST_SEND_SERVER_FINISHED_A;

-				}

-			BREAK;

-		case SSL2_ST_SEND_SERVER_FINISHED_A:

-		case SSL2_ST_SEND_SERVER_FINISHED_B:

-			ret=server_finish(s);

-			if (ret <= 0) goto end;

-			s->init_num=0;

-			s->state=SSL_ST_OK;

-			break;

-		case SSL_ST_OK:

-			BUF_MEM_free(s->init_buf);

-			ssl_free_wbio_buffer(s);

-			s->init_buf=NULL;

-			s->init_num=0;

-		/*	ERR_clear_error();*/

-			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);

-			s->ctx->stats.sess_accept_good++;

-			/* s->server=1; */

-			ret=1;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);

-			goto end;

-			/* BREAK; */

-		default:

-			SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* BREAK; */

-			}

-		if ((cb != NULL) && (s->state != state))

-			{

-			new_state=s->state;

-			s->state=state;

-			cb(s,SSL_CB_ACCEPT_LOOP,1);

-			s->state=new_state;

-			}

-		}

-end:

-	s->in_handshake--;

-	if (cb != NULL)

-		cb(s,SSL_CB_ACCEPT_EXIT,ret);

-	return(ret);

-	}

-static int get_client_master_key(SSL *s)

-	{

-	int is_export,i,n,keya,ek;

-	unsigned long len;

-	unsigned char *p;

-	SSL_CIPHER *cp;

-	const EVP_CIPHER *c;

-	const EVP_MD *md;

-	p=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)

-		{

-		i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);

-		if (i < (10-s->init_num))

-			return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));

-		s->init_num = 10;

-		if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)

-			{

-			if (p[-1] != SSL2_MT_ERROR)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);

-				}

-			else

-				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);

-			return(-1);

-			}

-		cp=ssl2_get_cipher_by_char(p);

-		if (cp == NULL)

-			{

-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);

-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);

-			return(-1);

-			}

-		s->session->cipher= cp;

-		p+=3;

-		n2s(p,i); s->s2->tmp.clear=i;

-		n2s(p,i); s->s2->tmp.enc=i;

-		n2s(p,i); s->session->key_arg_length=i;

-		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);

-			return -1;

-			}

-		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;

-		}

-	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */

-	p=(unsigned char *)s->init_buf->data;

-	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	keya=s->session->key_arg_length;

-	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;

-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);

-		return -1;

-		}

-	n = (int)len - s->init_num;

-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);

-	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */

-	p += 10;

-	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),

-		(unsigned int)keya);

-	if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);

-		return(-1);

-		}

-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,

-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),

-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);

-	is_export=SSL_C_IS_EXPORT(s->session->cipher);

-	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))

-		{

-		ssl2_return_error(s,SSL2_PE_NO_CIPHER);

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);

-		return(0);

-		}

-	if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)

-		{

-		is_export=1;

-		ek=8;

-		}

-	else

-		ek=5;

-	/* bad decrypt */

-#if 1

-	/* If a bad decrypt, continue with protocol but with a

-	 * random master secret (Bleichenbacher attack) */

-	if ((i < 0) ||

-		((!is_export && (i != EVP_CIPHER_key_length(c)))

-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=

-			(unsigned int)EVP_CIPHER_key_length(c))))))

-		{

-		ERR_clear_error();

-		if (is_export)

-			i=ek;

-		else

-			i=EVP_CIPHER_key_length(c);

-		if (RAND_pseudo_bytes(p,i) <= 0)

-			return 0;

-		}

-#else

-	if (i < 0)

-		{

-		error=1;

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);

-		}

-	/* incorrect number of key bytes for non export cipher */

-	else if ((!is_export && (i != EVP_CIPHER_key_length(c)))

-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=

-			EVP_CIPHER_key_length(c)))))

-		{

-		error=1;

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);

-		}

-	if (error)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		return(-1);

-		}

-#endif

-	if (is_export) i+=s->s2->tmp.clear;

-	if (i > SSL_MAX_MASTER_KEY_LENGTH)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	s->session->master_key_length=i;

-	memcpy(s->session->master_key,p,(unsigned int)i);

-	return(1);

-	}

-static int get_client_hello(SSL *s)

-	{

-	int i,n;

-	unsigned long len;

-	unsigned char *p;

-	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */

-	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */

-	STACK_OF(SSL_CIPHER) *prio, *allow;

-	int z;

-	/* This is a bit of a hack to check for the correct packet

-	 * type the first time round. */

-	if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)

-		{

-		s->first_packet=1;

-		s->state=SSL2_ST_GET_CLIENT_HELLO_B;

-		}

-	p=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)

-		{

-		i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);

-		if (i < (9-s->init_num))

-			return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));

-		s->init_num = 9;

-		if (*(p++) != SSL2_MT_CLIENT_HELLO)

-			{

-			if (p[-1] != SSL2_MT_ERROR)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);

-				}

-			else

-				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);

-			return(-1);

-			}

-		n2s(p,i);

-		if (i < s->version) s->version=i;

-		n2s(p,i); s->s2->tmp.cipher_spec_length=i;

-		n2s(p,i); s->s2->tmp.session_id_length=i;

-		n2s(p,i); s->s2->challenge_length=i;

-		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||

-			(i > SSL2_MAX_CHALLENGE_LENGTH))

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);

-			return(-1);

-			}

-		s->state=SSL2_ST_GET_CLIENT_HELLO_C;

-		}

-	/* SSL2_ST_GET_CLIENT_HELLO_C */

-	p=(unsigned char *)s->init_buf->data;

-	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;

-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);

-		return -1;

-		}

-	n = (int)len - s->init_num;

-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);

-	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */

-	p += 9;

-	/* get session-id before cipher stuff so we can get out session

-	 * structure if it is cached */

-	/* session-id */

-	if ((s->s2->tmp.session_id_length != 0) &&

-		(s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);

-		return(-1);

-		}

-	if (s->s2->tmp.session_id_length == 0)

-		{

-		if (!ssl_get_new_session(s,1))

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			return(-1);

-			}

-		}

-	else

-		{

-		i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),

-			s->s2->tmp.session_id_length, NULL);

-		if (i == 1)

-			{ /* previous session */

-			s->hit=1;

-			}

-		else if (i == -1)

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			return(-1);

-			}

-		else

-			{

-			if (s->cert == NULL)

-				{

-				ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);

-				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);

-				return(-1);

-				}

-			if (!ssl_get_new_session(s,1))

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				return(-1);

-				}

-			}

-		}

-	if (!s->hit)

-		{

-		cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,

-			&s->session->ciphers);

-		if (cs == NULL) goto mem_err;

-		cl=SSL_get_ciphers(s);

-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)

-		    {

-		    prio=sk_SSL_CIPHER_dup(cl);

-		    if (prio == NULL) goto mem_err;

-		    allow = cs;

-		    }

-		else

-		    {

-		    prio = cs;

-		    allow = cl;

-		    }

-		for (z=0; z<sk_SSL_CIPHER_num(prio); z++)

-			{

-			if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)

-				{

-				(void)sk_SSL_CIPHER_delete(prio,z);

-				z--;

-				}

-			}

-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)

-		    {

-		    sk_SSL_CIPHER_free(s->session->ciphers);

-		    s->session->ciphers = prio;

-		    }

-		/* s->session->ciphers should now have a list of

-		 * ciphers that are on both the client and server.

-		 * This list is ordered by the order the client sent

-		 * the ciphers or in the order of the server's preference

-		 * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.

-		 */

-		}

-	p+=s->s2->tmp.cipher_spec_length;

-	/* done cipher selection */

-	/* session id extracted already */

-	p+=s->s2->tmp.session_id_length;

-	/* challenge */

-	if (s->s2->challenge_length > sizeof s->s2->challenge)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);

-	return(1);

-mem_err:

-	SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

-static int server_hello(SSL *s)

-	{

-	unsigned char *p,*d;

-	int n,hit;

-	STACK_OF(SSL_CIPHER) *sk;

-	p=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)

-		{

-		d=p+11;

-		*(p++)=SSL2_MT_SERVER_HELLO;		/* type */

-		hit=s->hit;

-		*(p++)=(unsigned char)hit;

-#if 1

-		if (!hit)

-			{

-			if (s->session->sess_cert != NULL)

-				/* This can't really happen because get_client_hello

-				 * has called ssl_get_new_session, which does not set

-				 * sess_cert. */

-				ssl_sess_cert_free(s->session->sess_cert);

-			s->session->sess_cert = ssl_sess_cert_new();

-			if (s->session->sess_cert == NULL)

-				{

-				SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);

-				return(-1);

-				}

-			}

-		/* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,

-		 * depending on whether it survived in the internal cache

-		 * or was retrieved from an external cache.

-		 * If it is NULL, we cannot put any useful data in it anyway,

-		 * so we don't touch it.

-		 */

-#else /* That's what used to be done when cert_st and sess_cert_st were

-	   * the same. */

-		if (!hit)

-			{			/* else add cert to session */

-			CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);

-			if (s->session->sess_cert != NULL)

-				ssl_cert_free(s->session->sess_cert);

-			s->session->sess_cert=s->cert;

-			}

-		else	/* We have a session id-cache hit, if the

-			 * session-id has no certificate listed against

-			 * the 'cert' structure, grab the 'old' one

-			 * listed against the SSL connection */

-			{

-			if (s->session->sess_cert == NULL)

-				{

-				CRYPTO_add(&s->cert->references,1,

-					CRYPTO_LOCK_SSL_CERT);

-				s->session->sess_cert=s->cert;

-				}

-			}

-#endif

-		if (s->cert == NULL)

-			{

-			ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);

-			SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);

-			return(-1);

-			}

-		if (hit)

-			{

-			*(p++)=0;		/* no certificate type */

-			s2n(s->version,p);	/* version */

-			s2n(0,p);		/* cert len */

-			s2n(0,p);		/* ciphers len */

-			}

-		else

-			{

-			/* EAY EAY */

-			/* put certificate type */

-			*(p++)=SSL2_CT_X509_CERTIFICATE;

-			s2n(s->version,p);	/* version */

-			n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);

-			s2n(n,p);		/* certificate length */

-			i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);

-			n=0;

-			/* lets send out the ciphers we like in the

-			 * prefered order */

-			sk= s->session->ciphers;

-			n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);

-			d+=n;

-			s2n(n,p);		/* add cipher length */

-			}

-		/* make and send conn_id */

-		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */

-		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;

-		if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)

-			return -1;

-		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);

-		d+=SSL2_CONNECTION_ID_LENGTH;

-		s->state=SSL2_ST_SEND_SERVER_HELLO_B;

-		s->init_num=d-(unsigned char *)s->init_buf->data;

-		s->init_off=0;

-		}

-	/* SSL2_ST_SEND_SERVER_HELLO_B */

- 	/* If we are using TCP/IP, the performance is bad if we do 2

- 	 * writes without a read between them.  This occurs when

- 	 * Session-id reuse is used, so I will put in a buffering module

- 	 */

- 	if (s->hit)

- 		{

-		if (!ssl_init_wbio_buffer(s,1)) return(-1);

- 		}

-	return(ssl2_do_write(s));

-	}

-static int get_client_finished(SSL *s)

-	{

-	unsigned char *p;

-	int i, n;

-	unsigned long len;

-	p=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)

-		{

-		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);

-		if (i < 1-s->init_num)

-			return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));

-		s->init_num += i;

-		if (*p != SSL2_MT_CLIENT_FINISHED)

-			{

-			if (*p != SSL2_MT_ERROR)

-				{

-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);

-				}

-			else

-				{

-				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);

-				/* try to read the error message */

-				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);

-				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);

-				}

-			return(-1);

-			}

-		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;

-		}

-	/* SSL2_ST_GET_CLIENT_FINISHED_B */

-	if (s->s2->conn_id_length > sizeof s->s2->conn_id)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	len = 1 + (unsigned long)s->s2->conn_id_length;

-	n = (int)len - s->init_num;

-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);

-	if (i < n)

-		{

-		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));

-		}

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */

-	p += 1;

-	if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)

-		{

-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-		SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);

-		return(-1);

-		}

-	return(1);

-	}

-static int server_verify(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*(p++)=SSL2_MT_SERVER_VERIFY;

-		if (s->s2->challenge_length > sizeof s->s2->challenge)

-			{

-			SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);

-		/* p+=s->s2->challenge_length; */

-		s->state=SSL2_ST_SEND_SERVER_VERIFY_B;

-		s->init_num=s->s2->challenge_length+1;

-		s->init_off=0;

-		}

-	return(ssl2_do_write(s));

-	}

-static int server_finish(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*(p++)=SSL2_MT_SERVER_FINISHED;

-		if (s->session->session_id_length > sizeof s->session->session_id)

-			{

-			SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);

-		/* p+=s->session->session_id_length; */

-		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;

-		s->init_num=s->session->session_id_length+1;

-		s->init_off=0;

-		}

-	/* SSL2_ST_SEND_SERVER_FINISHED_B */

-	return(ssl2_do_write(s));

-	}

-/* send the request and check the response */

-static int request_certificate(SSL *s)

-	{

-	const unsigned char *cp;

-	unsigned char *p,*p2,*buf2;

-	unsigned char *ccd;

-	int i,j,ctype,ret= -1;

-	unsigned long len;

-	X509 *x509=NULL;

-	STACK_OF(X509) *sk=NULL;

-	ccd=s->s2->tmp.ccl;

-	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;

-		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;

-		if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)

-			return -1;

-		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);

-		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;

-		s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;

-		s->init_off=0;

-		}

-	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)

-		{

-		i=ssl2_do_write(s);

-		if (i <= 0)

-			{

-			ret=i;

-			goto end;

-			}

-		s->init_num=0;

-		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;

-		}

-	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */

-		if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3

-		                        * (probably NO-CERTIFICATE-ERROR) */

-			{

-			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);

-			goto end;

-			}

-		s->init_num += i;

-		if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))

-			{

-			n2s(p,i);

-			if (i != SSL2_PE_NO_CERTIFICATE)

-				{

-				/* not the error message we expected -- let ssl2_part_read handle it */

-				s->init_num -= 3;

-				ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);

-				goto end;

-				}

-			if (s->msg_callback)

-				s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */

-			/* this is the one place where we can recover from an SSL 2.0 error */

-			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)

-				{

-				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);

-				SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);

-				goto end;

-				}

-			ret=1;

-			goto end;

-			}

-		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))

-			{

-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);

-			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);

-			goto end;

-			}

-		if (s->init_num != 6)

-			{

-			SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);

-			goto end;

-			}

-		/* ok we have a response */

-		/* certificate type, there is only one right now. */

-		ctype= *(p++);

-		if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)

-			{

-			ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);

-			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);

-			goto end;

-			}

-		n2s(p,i); s->s2->tmp.clen=i;

-		n2s(p,i); s->s2->tmp.rlen=i;

-		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;

-		}

-	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */

-	p=(unsigned char *)s->init_buf->data;

-	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;

-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)

-		{

-		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);

-		goto end;

-		}

-	j = (int)len - s->init_num;

-	i = ssl2_read(s,(char *)&(p[s->init_num]),j);

-	if (i < j)

-		{

-		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);

-		goto end;

-		}

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */

-	p += 6;

-	cp = p;

-	x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);

-	if (x509 == NULL)

-		{

-		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);

-		goto msg_end;

-		}

-	if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))

-		{

-		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		goto msg_end;

-		}

-	i=ssl_verify_cert_chain(s,sk);

-	if (i)	/* we like the packet, now check the chksum */

-		{

-		EVP_MD_CTX ctx;

-		EVP_PKEY *pkey=NULL;

-		EVP_MD_CTX_init(&ctx);

-		EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);

-		EVP_VerifyUpdate(&ctx,s->s2->key_material,

-				 s->s2->key_material_length);

-		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);

-		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);

-		buf2=OPENSSL_malloc((unsigned int)i);

-		if (buf2 == NULL)

-			{

-			SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-			goto msg_end;

-			}

-		p2=buf2;

-		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);

-		EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);

-		OPENSSL_free(buf2);

-		pkey=X509_get_pubkey(x509);

-		if (pkey == NULL) goto end;

-		i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);

-		EVP_PKEY_free(pkey);

-		EVP_MD_CTX_cleanup(&ctx);

-		if (i)

-			{

-			if (s->session->peer != NULL)

-				X509_free(s->session->peer);

-			s->session->peer=x509;

-			CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);

-			s->session->verify_result = s->verify_result;

-			ret=1;

-			goto end;

-			}

-		else

-			{

-			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);

-			goto msg_end;

-			}

-		}

-	else

-		{

-msg_end:

-		ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);

-		}

-end:

-	sk_X509_free(sk);

-	X509_free(x509);

-	return(ret);

-	}

-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,

-	     unsigned char *to, int padding)

-	{

-	RSA *rsa;

-	int i;

-	if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))

-		{

-		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);

-		return(-1);

-		}

-	if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)

-		{

-		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);

-		return(-1);

-		}

-	rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;

-	/* we have the public key */

-	i=RSA_private_decrypt(len,from,to,rsa,padding);

-	if (i < 0)

-		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);

-	return(i);

-	}

-#else /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s3_both.c

+++ /dev/null

@@ -1,622 +1,0 @@

-/* ssl/s3_both.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include <limits.h>

-#include <string.h>

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */

-int ssl3_do_write(SSL *s, int type)

-	{

-	int ret;

-	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],

-	                     s->init_num);

-	if (ret < 0) return(-1);

-	if (type == SSL3_RT_HANDSHAKE)

-		/* should not be done for 'Hello Request's, but in that case

-		 * we'll ignore the result anyway */

-		ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);

-	if (ret == s->init_num)

-		{

-		if (s->msg_callback)

-			s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);

-		return(1);

-		}

-	s->init_off+=ret;

-	s->init_num-=ret;

-	return(0);

-	}

-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)

-	{

-	unsigned char *p,*d;

-	int i;

-	unsigned long l;

-	if (s->state == a)

-		{

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[4]);

-		i=s->method->ssl3_enc->final_finish_mac(s,

-			&(s->s3->finish_dgst1),

-			&(s->s3->finish_dgst2),

-			sender,slen,s->s3->tmp.finish_md);

-		s->s3->tmp.finish_md_len = i;

-		memcpy(p, s->s3->tmp.finish_md, i);

-		p+=i;

-		l=i;

-#ifdef OPENSSL_SYS_WIN16

-		/* MSVC 1.5 does not clear the top bytes of the word unless

-		 * I do this.

-		 */

-		l&=0xffff;

-#endif

-		*(d++)=SSL3_MT_FINISHED;

-		l2n3(l,d);

-		s->init_num=(int)l+4;

-		s->init_off=0;

-		s->state=b;

-		}

-	/* SSL3_ST_SEND_xxxxxx_HELLO_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int ssl3_get_finished(SSL *s, int a, int b)

-	{

-	int al,i,ok;

-	long n;

-	unsigned char *p;

-	/* the mac has already been generated when we received the

-	 * change cipher spec message and is in s->s3->tmp.peer_finish_md

-	 */

-	n=s->method->ssl_get_message(s,

-		a,

-		b,

-		SSL3_MT_FINISHED,

-		64, /* should actually be 36+4 :-) */

-		&ok);

-	if (!ok) return((int)n);

-	/* If this occurs, we have missed a message */

-	if (!s->s3->change_cipher_spec)

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);

-		goto f_err;

-		}

-	s->s3->change_cipher_spec=0;

-	p = (unsigned char *)s->init_msg;

-	i = s->s3->tmp.peer_finish_md_len;

-	if (i != n)

-		{

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);

-		goto f_err;

-		}

-	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)

-		{

-		al=SSL_AD_DECRYPT_ERROR;

-		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);

-		goto f_err;

-		}

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-	return(0);

-	}

-/* for these 2 messages, we need to

- * ssl->enc_read_ctx			re-init

- * ssl->s3->read_sequence		zero

- * ssl->s3->read_mac_secret		re-init

- * ssl->session->read_sym_enc		assign

- * ssl->session->read_compression	assign

- * ssl->session->read_hash		assign

- */

-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)

-	{

-	unsigned char *p;

-	if (s->state == a)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*p=SSL3_MT_CCS;

-		s->init_num=1;

-		s->init_off=0;

-		s->state=b;

-		}

-	/* SSL3_ST_CW_CHANGE_B */

-	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

-	}

-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)

-	{

-	unsigned char *p;

-	int n,i;

-	unsigned long l=7;

-	BUF_MEM *buf;

-	X509_STORE_CTX xs_ctx;

-	X509_OBJECT obj;

-	int no_chain;

-	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)

-		no_chain = 1;

-	else

-		no_chain = 0;

-	/* TLSv1 sends a chain with nothing in it, instead of an alert */

-	buf=s->init_buf;

-	if (!BUF_MEM_grow_clean(buf,10))

-		{

-		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

-		return(0);

-		}

-	if (x != NULL)

-		{

-		if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))

-			{

-			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);

-			return(0);

-			}

-		for (;;)

-			{

-			n=i2d_X509(x,NULL);

-			if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))

-				{

-				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

-				return(0);

-				}

-			p=(unsigned char *)&(buf->data[l]);

-			l2n3(n,p);

-			i2d_X509(x,&p);

-			l+=n+3;

-			if (no_chain)

-				break;

-			if (X509_NAME_cmp(X509_get_subject_name(x),

-				X509_get_issuer_name(x)) == 0) break;

-			i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,

-				X509_get_issuer_name(x),&obj);

-			if (i <= 0) break;

-			x=obj.data.x509;

-			/* Count is one too high since the X509_STORE_get uped the

-			 * ref count */

-			X509_free(x);

-			}

-		if (!no_chain)

-			X509_STORE_CTX_cleanup(&xs_ctx);

-		}

-	/* Thawte special :-) */

-	if (s->ctx->extra_certs != NULL)

-	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)

-		{

-		x=sk_X509_value(s->ctx->extra_certs,i);

-		n=i2d_X509(x,NULL);

-		if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))

-			{

-			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

-			return(0);

-			}

-		p=(unsigned char *)&(buf->data[l]);

-		l2n3(n,p);

-		i2d_X509(x,&p);

-		l+=n+3;

-		}

-	l-=7;

-	p=(unsigned char *)&(buf->data[4]);

-	l2n3(l,p);

-	l+=3;

-	p=(unsigned char *)&(buf->data[0]);

-	*(p++)=SSL3_MT_CERTIFICATE;

-	l2n3(l,p);

-	l+=4;

-	return(l);

-	}

-/* Obtain handshake message of message type 'mt' (any if mt == -1),

- * maximum acceptable body length 'max'.

- * The first four bytes (msg_type and length) are read in state 'st1',

- * the body is read in state 'stn'.

- */

-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)

-	{

-	unsigned char *p;

-	unsigned long l;

-	long n;

-	int i,al;

-	if (s->s3->tmp.reuse_message)

-		{

-		s->s3->tmp.reuse_message=0;

-		if ((mt >= 0) && (s->s3->tmp.message_type != mt))

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);

-			goto f_err;

-			}

-		*ok=1;

-		s->init_msg = s->init_buf->data + 4;

-		s->init_num = (int)s->s3->tmp.message_size;

-		return s->init_num;

-		}

-	p=(unsigned char *)s->init_buf->data;

-	if (s->state == st1) /* s->init_num < 4 */

-		{

-		int skip_message;

-		do

-			{

-			while (s->init_num < 4)

-				{

-				i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,

-					&p[s->init_num],4 - s->init_num, 0);

-				if (i <= 0)

-					{

-					s->rwstate=SSL_READING;

-					*ok = 0;

-					return i;

-					}

-				s->init_num+=i;

-				}

-			skip_message = 0;

-			if (!s->server)

-				if (p[0] == SSL3_MT_HELLO_REQUEST)

-					/* The server may always send 'Hello Request' messages --

-					 * we are doing a handshake anyway now, so ignore them

-					 * if their format is correct. Does not count for

-					 * 'Finished' MAC. */

-					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)

-						{

-						s->init_num = 0;

-						skip_message = 1;

-						if (s->msg_callback)

-							s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);

-						}

-			}

-		while (skip_message);

-		/* s->init_num == 4 */

-		if ((mt >= 0) && (*p != mt))

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);

-			goto f_err;

-			}

-		if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&

-					(st1 == SSL3_ST_SR_CERT_A) &&

-					(stn == SSL3_ST_SR_CERT_B))

-			{

-			/* At this point we have got an MS SGC second client

-			 * hello (maybe we should always allow the client to

-			 * start a new handshake?). We need to restart the mac.

-			 * Don't increment {num,total}_renegotiations because

-			 * we have not completed the handshake. */

-			ssl3_init_finished_mac(s);

-			}

-		s->s3->tmp.message_type= *(p++);

-		n2l3(p,l);

-		if (l > (unsigned long)max)

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);

-			goto f_err;

-			}

-		if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);

-			goto f_err;

-			}

-		if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))

-			{

-			SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);

-			goto err;

-			}

-		s->s3->tmp.message_size=l;

-		s->state=stn;

-		s->init_msg = s->init_buf->data + 4;

-		s->init_num = 0;

-		}

-	/* next state (stn) */

-	p = s->init_msg;

-	n = s->s3->tmp.message_size - s->init_num;

-	while (n > 0)

-		{

-		i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);

-		if (i <= 0)

-			{

-			s->rwstate=SSL_READING;

-			*ok = 0;

-			return i;

-			}

-		s->init_num += i;

-		n -= i;

-		}

-	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);

-	if (s->msg_callback)

-		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);

-	*ok=1;

-	return s->init_num;

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	*ok=0;

-	return(-1);

-	}

-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)

-	{

-	EVP_PKEY *pk;

-	int ret= -1,i;

-	if (pkey == NULL)

-		pk=X509_get_pubkey(x);

-	else

-		pk=pkey;

-	if (pk == NULL) goto err;

-	i=pk->type;

-	if (i == EVP_PKEY_RSA)

-		{

-		ret=SSL_PKEY_RSA_ENC;

-		}

-	else if (i == EVP_PKEY_DSA)

-		{

-		ret=SSL_PKEY_DSA_SIGN;

-		}

-#ifndef OPENSSL_NO_EC

-	else if (i == EVP_PKEY_EC)

-		{

-		ret = SSL_PKEY_ECC;

-		}

-#endif

-err:

-	if(!pkey) EVP_PKEY_free(pk);

-	return(ret);

-	}

-int ssl_verify_alarm_type(long type)

-	{

-	int al;

-	switch(type)

-		{

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

-	case X509_V_ERR_UNABLE_TO_GET_CRL:

-	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:

-		al=SSL_AD_UNKNOWN_CA;

-		break;

-	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:

-	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:

-	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:

-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:

-	case X509_V_ERR_CERT_NOT_YET_VALID:

-	case X509_V_ERR_CRL_NOT_YET_VALID:

-	case X509_V_ERR_CERT_UNTRUSTED:

-	case X509_V_ERR_CERT_REJECTED:

-		al=SSL_AD_BAD_CERTIFICATE;

-		break;

-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:

-	case X509_V_ERR_CRL_SIGNATURE_FAILURE:

-		al=SSL_AD_DECRYPT_ERROR;

-		break;

-	case X509_V_ERR_CERT_HAS_EXPIRED:

-	case X509_V_ERR_CRL_HAS_EXPIRED:

-		al=SSL_AD_CERTIFICATE_EXPIRED;

-		break;

-	case X509_V_ERR_CERT_REVOKED:

-		al=SSL_AD_CERTIFICATE_REVOKED;

-		break;

-	case X509_V_ERR_OUT_OF_MEM:

-		al=SSL_AD_INTERNAL_ERROR;

-		break;

-	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:

-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:

-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:

-	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:

-	case X509_V_ERR_CERT_CHAIN_TOO_LONG:

-	case X509_V_ERR_PATH_LENGTH_EXCEEDED:

-	case X509_V_ERR_INVALID_CA:

-		al=SSL_AD_UNKNOWN_CA;

-		break;

-	case X509_V_ERR_APPLICATION_VERIFICATION:

-		al=SSL_AD_HANDSHAKE_FAILURE;

-		break;

-	case X509_V_ERR_INVALID_PURPOSE:

-		al=SSL_AD_UNSUPPORTED_CERTIFICATE;

-		break;

-	default:

-		al=SSL_AD_CERTIFICATE_UNKNOWN;

-		break;

-		}

-	return(al);

-	}

-int ssl3_setup_buffers(SSL *s)

-	{

-	unsigned char *p;

-	unsigned int extra;

-	size_t len;

-	if (s->s3->rbuf.buf == NULL)

-		{

-		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)

-			extra=SSL3_RT_MAX_EXTRA;

-		else

-			extra=0;

-		len = SSL3_RT_MAX_PACKET_SIZE + extra;

-		if ((p=OPENSSL_malloc(len)) == NULL)

-			goto err;

-		s->s3->rbuf.buf = p;

-		s->s3->rbuf.len = len;

-		}

-	if (s->s3->wbuf.buf == NULL)

-		{

-		len = SSL3_RT_MAX_PACKET_SIZE;

-		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */

-		if ((p=OPENSSL_malloc(len)) == NULL)

-			goto err;

-		s->s3->wbuf.buf = p;

-		s->s3->wbuf.len = len;

-		}

-	s->packet= &(s->s3->rbuf.buf[0]);

-	return(1);

-err:

-	SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/ssl/s3_clnt.c

+++ /dev/null

@@ -1,2613 +1,0 @@

-/* ssl/s3_clnt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * ECC cipher suite support in OpenSSL originally written by

- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

- *

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include "kssl_lcl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/md5.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-static SSL_METHOD *ssl3_get_client_method(int ver);

-static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);

-#ifndef OPENSSL_NO_TLSEXT

-static int ssl3_check_finished(SSL *s);

-#endif

-#ifndef OPENSSL_NO_ECDH

-static int curve_id2nid(int curve_id);

-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);

-#endif

-static SSL_METHOD *ssl3_get_client_method(int ver)

-	{

-	if (ver == SSL3_VERSION)

-		return(SSLv3_client_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,

-			ssl_undefined_function,

-			ssl3_connect,

-			ssl3_get_client_method)

-int ssl3_connect(SSL *s)

-	{

-	BUF_MEM *buf=NULL;

-	unsigned long Time=(unsigned long)time(NULL),l;

-	long num1;

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	int ret= -1;

-	int new_state,state,skip=0;;

-	RAND_add(&Time,sizeof(Time),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	for (;;)

-		{

-		state=s->state;

-		switch(s->state)

-			{

-		case SSL_ST_RENEGOTIATE:

-			s->new_session=1;

-			s->state=SSL_ST_CONNECT;

-			s->ctx->stats.sess_connect_renegotiate++;

-			/* break */

-		case SSL_ST_BEFORE:

-		case SSL_ST_CONNECT:

-		case SSL_ST_BEFORE|SSL_ST_CONNECT:

-		case SSL_ST_OK|SSL_ST_CONNECT:

-			s->server=0;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			if ((s->version & 0xff00 ) != 0x0300)

-				{

-				SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);

-				ret = -1;

-				goto end;

-				}

-			/* s->version=SSL3_VERSION; */

-			s->type=SSL_ST_CONNECT;

-			if (s->init_buf == NULL)

-				{

-				if ((buf=BUF_MEM_new()) == NULL)

-					{

-					ret= -1;

-					goto end;

-					}

-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))

-					{

-					ret= -1;

-					goto end;

-					}

-				s->init_buf=buf;

-				buf=NULL;

-				}

-			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }

-			/* setup buffing BIO */

-			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }

-			/* don't push the buffering BIO quite yet */

-			ssl3_init_finished_mac(s);

-			s->state=SSL3_ST_CW_CLNT_HELLO_A;

-			s->ctx->stats.sess_connect++;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_CLNT_HELLO_A:

-		case SSL3_ST_CW_CLNT_HELLO_B:

-			s->shutdown=0;

-			ret=ssl3_client_hello(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CR_SRVR_HELLO_A;

-			s->init_num=0;

-			/* turn on buffering for the next lot of output */

-			if (s->bbio != s->wbio)

-				s->wbio=BIO_push(s->bbio,s->wbio);

-			break;

-		case SSL3_ST_CR_SRVR_HELLO_A:

-		case SSL3_ST_CR_SRVR_HELLO_B:

-			ret=ssl3_get_server_hello(s);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL3_ST_CR_FINISHED_A;

-			else

-				s->state=SSL3_ST_CR_CERT_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CR_CERT_A:

-		case SSL3_ST_CR_CERT_B:

-#ifndef OPENSSL_NO_TLSEXT

-			ret=ssl3_check_finished(s);

-			if (ret <= 0) goto end;

-			if (ret == 2)

-				{

-				s->hit = 1;

-				s->state=SSL3_ST_CR_FINISHED_A;

-				s->init_num=0;

-				break;

-				}

-#endif

-			/* Check if it is anon DH/ECDH */

-			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))

-				{

-				ret=ssl3_get_server_certificate(s);

-				if (ret <= 0) goto end;

-				}

-			else

-				skip=1;

-			s->state=SSL3_ST_CR_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CR_KEY_EXCH_A:

-		case SSL3_ST_CR_KEY_EXCH_B:

-			ret=ssl3_get_key_exchange(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CR_CERT_REQ_A;

-			s->init_num=0;

-			/* at this point we check that we have the

-			 * required stuff from the server */

-			if (!ssl3_check_cert_and_algorithm(s))

-				{

-				ret= -1;

-				goto end;

-				}

-			break;

-		case SSL3_ST_CR_CERT_REQ_A:

-		case SSL3_ST_CR_CERT_REQ_B:

-			ret=ssl3_get_certificate_request(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CR_SRVR_DONE_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CR_SRVR_DONE_A:

-		case SSL3_ST_CR_SRVR_DONE_B:

-			ret=ssl3_get_server_done(s);

-			if (ret <= 0) goto end;

-			if (s->s3->tmp.cert_req)

-				s->state=SSL3_ST_CW_CERT_A;

-			else

-				s->state=SSL3_ST_CW_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_CERT_A:

-		case SSL3_ST_CW_CERT_B:

-		case SSL3_ST_CW_CERT_C:

-		case SSL3_ST_CW_CERT_D:

-			ret=ssl3_send_client_certificate(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_KEY_EXCH_A:

-		case SSL3_ST_CW_KEY_EXCH_B:

-			ret=ssl3_send_client_key_exchange(s);

-			if (ret <= 0) goto end;

-			l=s->s3->tmp.new_cipher->algorithms;

-			/* EAY EAY EAY need to check for DH fix cert

-			 * sent back */

-			/* For TLS, cert_req is set to 2, so a cert chain

-			 * of nothing is sent, but no verify packet is sent */

-			/* XXX: For now, we do not support client

-			 * authentication in ECDH cipher suites with

-			 * ECDH (rather than ECDSA) certificates.

-			 * We need to skip the certificate verify

-			 * message when client's ECDH public key is sent

-			 * inside the client certificate.

-			 */

-			if (s->s3->tmp.cert_req == 1)

-				{

-				s->state=SSL3_ST_CW_CERT_VRFY_A;

-				}

-			else

-				{

-				s->state=SSL3_ST_CW_CHANGE_A;

-				s->s3->change_cipher_spec=0;

-				}

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_CERT_VRFY_A:

-		case SSL3_ST_CW_CERT_VRFY_B:

-			ret=ssl3_send_client_verify(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_CHANGE_A;

-			s->init_num=0;

-			s->s3->change_cipher_spec=0;

-			break;

-		case SSL3_ST_CW_CHANGE_A:

-		case SSL3_ST_CW_CHANGE_B:

-			ret=ssl3_send_change_cipher_spec(s,

-				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_FINISHED_A;

-			s->init_num=0;

-			s->session->cipher=s->s3->tmp.new_cipher;

-#ifdef OPENSSL_NO_COMP

-			s->session->compress_meth=0;

-#else

-			if (s->s3->tmp.new_compression == NULL)

-				s->session->compress_meth=0;

-			else

-				s->session->compress_meth=

-					s->s3->tmp.new_compression->id;

-#endif

-			if (!s->method->ssl3_enc->setup_key_block(s))

-				{

-				ret= -1;

-				goto end;

-				}

-			if (!s->method->ssl3_enc->change_cipher_state(s,

-				SSL3_CHANGE_CIPHER_CLIENT_WRITE))

-				{

-				ret= -1;

-				goto end;

-				}

-			break;

-		case SSL3_ST_CW_FINISHED_A:

-		case SSL3_ST_CW_FINISHED_B:

-			ret=ssl3_send_finished(s,

-				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,

-				s->method->ssl3_enc->client_finished_label,

-				s->method->ssl3_enc->client_finished_label_len);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CW_FLUSH;

-			/* clear flags */

-			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;

-			if (s->hit)

-				{

-				s->s3->tmp.next_state=SSL_ST_OK;

-				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)

-					{

-					s->state=SSL_ST_OK;

-					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;

-					s->s3->delay_buf_pop_ret=0;

-					}

-				}

-			else

-				{

-#ifndef OPENSSL_NO_TLSEXT

-				/* Allow NewSessionTicket if ticket expected */

-				if (s->tlsext_ticket_expected)

-					s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;

-				else

-#endif

-				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;

-				}

-			s->init_num=0;

-			break;

-#ifndef OPENSSL_NO_TLSEXT

-		case SSL3_ST_CR_SESSION_TICKET_A:

-		case SSL3_ST_CR_SESSION_TICKET_B:

-			ret=ssl3_get_new_session_ticket(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_CR_FINISHED_A;

-			s->init_num=0;

-		break;

-#endif

-		case SSL3_ST_CR_FINISHED_A:

-		case SSL3_ST_CR_FINISHED_B:

-			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,

-				SSL3_ST_CR_FINISHED_B);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL3_ST_CW_CHANGE_A;

-			else

-				s->state=SSL_ST_OK;

-			s->init_num=0;

-			break;

-		case SSL3_ST_CW_FLUSH:

-			/* number of bytes to be flushed */

-			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);

-			if (num1 > 0)

-				{

-				s->rwstate=SSL_WRITING;

-				num1=BIO_flush(s->wbio);

-				if (num1 <= 0) { ret= -1; goto end; }

-				s->rwstate=SSL_NOTHING;

-				}

-			s->state=s->s3->tmp.next_state;

-			break;

-		case SSL_ST_OK:

-			/* clean a few things up */

-			ssl3_cleanup_key_block(s);

-			if (s->init_buf != NULL)

-				{

-				BUF_MEM_free(s->init_buf);

-				s->init_buf=NULL;

-				}

-			/* If we are not 'joining' the last two packets,

-			 * remove the buffering now */

-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))

-				ssl_free_wbio_buffer(s);

-			/* else do it later in ssl3_write */

-			s->init_num=0;

-			s->new_session=0;

-			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);

-			if (s->hit) s->ctx->stats.sess_hit++;

-			ret=1;

-			/* s->server=0; */

-			s->handshake_func=ssl3_connect;

-			s->ctx->stats.sess_connect_good++;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* break; */

-			}

-		/* did we do anything */

-		if (!s->s3->tmp.reuse_message && !skip)

-			{

-			if (s->debug)

-				{

-				if ((ret=BIO_flush(s->wbio)) <= 0)

-					goto end;

-				}

-			if ((cb != NULL) && (s->state != state))

-				{

-				new_state=s->state;

-				s->state=state;

-				cb(s,SSL_CB_CONNECT_LOOP,1);

-				s->state=new_state;

-				}

-			}

-		skip=0;

-		}

-end:

-	s->in_handshake--;

-	if (buf != NULL)

-		BUF_MEM_free(buf);

-	if (cb != NULL)

-		cb(s,SSL_CB_CONNECT_EXIT,ret);

-	return(ret);

-	}

-int ssl3_client_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	int i;

-	unsigned long Time,l;

-#ifndef OPENSSL_NO_COMP

-	int j;

-	SSL_COMP *comp;

-#endif

-	buf=(unsigned char *)s->init_buf->data;

-	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)

-		{

-		if ((s->session == NULL) ||

-			(s->session->ssl_version != s->version) ||

-			(s->session->not_resumable))

-			{

-			if (!ssl_get_new_session(s,0))

-				goto err;

-			}

-		/* else use the pre-loaded session */

-		p=s->s3->client_random;

-		Time=(unsigned long)time(NULL);			/* Time */

-		l2n(Time,p);

-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)

-			goto err;

-		/* Do the message type and length last */

-		d=p= &(buf[4]);

-		*(p++)=s->version>>8;

-		*(p++)=s->version&0xff;

-		s->client_version=s->version;

-		/* Random stuff */

-		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);

-		p+=SSL3_RANDOM_SIZE;

-		/* Session ID */

-		if (s->new_session)

-			i=0;

-		else

-			i=s->session->session_id_length;

-		*(p++)=i;

-		if (i != 0)

-			{

-			if (i > (int)sizeof(s->session->session_id))

-				{

-				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			memcpy(p,s->session->session_id,i);

-			p+=i;

-			}

-		/* Ciphers supported */

-		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

-			goto err;

-			}

-		s2n(i,p);

-		p+=i;

-		/* COMPRESSION */

-#ifdef OPENSSL_NO_COMP

-		*(p++)=1;

-#else

-		if (s->ctx->comp_methods == NULL)

-			j=0;

-		else

-			j=sk_SSL_COMP_num(s->ctx->comp_methods);

-		*(p++)=1+j;

-		for (i=0; i<j; i++)

-			{

-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);

-			*(p++)=comp->id;

-			}

-#endif

-		*(p++)=0; /* Add the NULL method */

-#ifndef OPENSSL_NO_TLSEXT

-		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-#endif

-		l=(p-d);

-		d=buf;

-		*(d++)=SSL3_MT_CLIENT_HELLO;

-		l2n3(l,d);

-		s->state=SSL3_ST_CW_CLNT_HELLO_B;

-		/* number of bytes to write */

-		s->init_num=p-buf;

-		s->init_off=0;

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-int ssl3_get_server_hello(SSL *s)

-	{

-	STACK_OF(SSL_CIPHER) *sk;

-	SSL_CIPHER *c;

-	unsigned char *p,*d;

-	int i,al,ok;

-	unsigned int j;

-	long n;

-#ifndef OPENSSL_NO_COMP

-	SSL_COMP *comp;

-#endif

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_SRVR_HELLO_A,

-		SSL3_ST_CR_SRVR_HELLO_B,

-		-1,

-		20000, /* ?? */

-		&ok);

-	if (!ok) return((int)n);

-	if ( SSL_version(s) == DTLS1_VERSION)

-		{

-		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)

-			{

-			if ( s->d1->send_cookie == 0)

-				{

-				s->s3->tmp.reuse_message = 1;

-				return 1;

-				}

-			else /* already sent a cookie */

-				{

-				al=SSL_AD_UNEXPECTED_MESSAGE;

-				SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);

-				goto f_err;

-				}

-			}

-		}

-	if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);

-		goto f_err;

-		}

-	d=p=(unsigned char *)s->init_msg;

-	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))

-		{

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);

-		s->version=(s->version&0xff00)|p[1];

-		al=SSL_AD_PROTOCOL_VERSION;

-		goto f_err;

-		}

-	p+=2;

-	/* load the server hello data */

-	/* load the server random */

-	memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);

-	p+=SSL3_RANDOM_SIZE;

-	/* get the session-id */

-	j= *(p++);

-	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))

-		{

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);

-		goto f_err;

-		}

-	if (j != 0 && j == s->session->session_id_length

-	    && memcmp(p,s->session->session_id,j) == 0)

-	    {

-	    if(s->sid_ctx_length != s->session->sid_ctx_length

-	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))

-		{

-		/* actually a client application bug */

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);

-		goto f_err;

-		}

-	    s->hit=1;

-	    }

-	else	/* a miss or crap from the other end */

-		{

-		/* If we were trying for session-id reuse, make a new

-		 * SSL_SESSION so we don't stuff up other people */

-		s->hit=0;

-		if (s->session->session_id_length > 0)

-			{

-			if (!ssl_get_new_session(s,0))

-				{

-				al=SSL_AD_INTERNAL_ERROR;

-				goto f_err;

-				}

-			}

-		s->session->session_id_length=j;

-		memcpy(s->session->session_id,p,j); /* j could be 0 */

-		}

-	p+=j;

-	c=ssl_get_cipher_by_char(s,p);

-	if (c == NULL)

-		{

-		/* unknown cipher */

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);

-		goto f_err;

-		}

-	p+=ssl_put_cipher_by_char(s,NULL,NULL);

-	sk=ssl_get_ciphers_by_id(s);

-	i=sk_SSL_CIPHER_find(sk,c);

-	if (i < 0)

-		{

-		/* we did not say we would use this cipher */

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);

-		goto f_err;

-		}

-	/* Depending on the session caching (internal/external), the cipher

-	   and/or cipher_id values may not be set. Make sure that

-	   cipher_id is set and use it for comparison. */

-	if (s->session->cipher)

-		s->session->cipher_id = s->session->cipher->id;

-	if (s->hit && (s->session->cipher_id != c->id))

-		{

-		if (!(s->options &

-			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);

-			goto f_err;

-			}

-		}

-	s->s3->tmp.new_cipher=c;

-	/* lets get the compression algorithm */

-	/* COMPRESSION */

-#ifdef OPENSSL_NO_COMP

-	if (*(p++) != 0)

-		{

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);

-		goto f_err;

-		}

-#else

-	j= *(p++);

-	if (j == 0)

-		comp=NULL;

-	else

-		comp=ssl3_comp_find(s->ctx->comp_methods,j);

-	if ((j != 0) && (comp == NULL))

-		{

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);

-		goto f_err;

-		}

-	else

-		{

-		s->s3->tmp.new_compression=comp;

-		}

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-	/* TLS extensions*/

-	if (s->version > SSL3_VERSION)

-		{

-		if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))

-			{

-			/* 'al' set by ssl_parse_serverhello_tlsext */

-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);

-			goto f_err;

-			}

-		if (ssl_check_serverhello_tlsext(s) <= 0)

-			{

-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);

-				goto err;

-			}

-		}

-#endif

-	if (p != (d+n))

-		{

-		/* wrong packet length */

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);

-		goto err;

-		}

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(-1);

-	}

-int ssl3_get_server_certificate(SSL *s)

-	{

-	int al,i,ok,ret= -1;

-	unsigned long n,nc,llen,l;

-	X509 *x=NULL;

-	const unsigned char *q,*p;

-	unsigned char *d;

-	STACK_OF(X509) *sk=NULL;

-	SESS_CERT *sc;

-	EVP_PKEY *pkey=NULL;

-	int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_CERT_A,

-		SSL3_ST_CR_CERT_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||

-		((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&

-		(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))

-		{

-		s->s3->tmp.reuse_message=1;

-		return(1);

-		}

-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);

-		goto f_err;

-		}

-	p=d=(unsigned char *)s->init_msg;

-	if ((sk=sk_X509_new_null()) == NULL)

-		{

-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	n2l3(p,llen);

-	if (llen+3 != n)

-		{

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);

-		goto f_err;

-		}

-	for (nc=0; nc<llen; )

-		{

-		n2l3(p,l);

-		if ((l+nc+3) > llen)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);

-			goto f_err;

-			}

-		q=p;

-		x=d2i_X509(NULL,&q,l);

-		if (x == NULL)

-			{

-			al=SSL_AD_BAD_CERTIFICATE;

-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);

-			goto f_err;

-			}

-		if (q != (p+l))

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);

-			goto f_err;

-			}

-		if (!sk_X509_push(sk,x))

-			{

-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		x=NULL;

-		nc+=l+3;

-		p=q;

-		}

-	i=ssl_verify_cert_chain(s,sk);

-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)

-#ifndef OPENSSL_NO_KRB5

-	        && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))

-	        != (SSL_aKRB5|SSL_kKRB5)

-#endif /* OPENSSL_NO_KRB5 */

-	        )

-		{

-		al=ssl_verify_alarm_type(s->verify_result);

-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);

-		goto f_err;

-		}

-	ERR_clear_error(); /* but we keep s->verify_result */

-	sc=ssl_sess_cert_new();

-	if (sc == NULL) goto err;

-	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);

-	s->session->sess_cert=sc;

-	sc->cert_chain=sk;

-	/* Inconsistency alert: cert_chain does include the peer's

-	 * certificate, which we don't include in s3_srvr.c */

-	x=sk_X509_value(sk,0);

-	sk=NULL;

- 	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/

-	pkey=X509_get_pubkey(x);

-	/* VRS: allow null cert if auth == KRB5 */

-	need_cert =	((s->s3->tmp.new_cipher->algorithms

-	                 & (SSL_MKEY_MASK|SSL_AUTH_MASK))

-	                 == (SSL_aKRB5|SSL_kKRB5))? 0: 1;

-#ifdef KSSL_DEBUG

-	printf("pkey,x = %p, %p\n", pkey,x);

-	printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));

-	printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,

-	        s->s3->tmp.new_cipher->algorithms, need_cert);

-#endif    /* KSSL_DEBUG */

-	if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))

-		{

-		x=NULL;

-		al=SSL3_AL_FATAL;

-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,

-			SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);

-		goto f_err;

-		}

-	i=ssl_cert_type(x,pkey);

-	if (need_cert && i < 0)

-		{

-		x=NULL;

-		al=SSL3_AL_FATAL;

-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,

-			SSL_R_UNKNOWN_CERTIFICATE_TYPE);

-		goto f_err;

-		}

-	if (need_cert)

-		{

-		sc->peer_cert_type=i;

-		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);

-		/* Why would the following ever happen?

-		 * We just created sc a couple of lines ago. */

-		if (sc->peer_pkeys[i].x509 != NULL)

-			X509_free(sc->peer_pkeys[i].x509);

-		sc->peer_pkeys[i].x509=x;

-		sc->peer_key= &(sc->peer_pkeys[i]);

-		if (s->session->peer != NULL)

-			X509_free(s->session->peer);

-		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);

-		s->session->peer=x;

-		}

-	else

-		{

-		sc->peer_cert_type=i;

-		sc->peer_key= NULL;

-		if (s->session->peer != NULL)

-			X509_free(s->session->peer);

-		s->session->peer=NULL;

-		}

-	s->session->verify_result = s->verify_result;

-	x=NULL;

-	ret=1;

-	if (0)

-		{

-f_err:

-		ssl3_send_alert(s,SSL3_AL_FATAL,al);

-		}

-err:

-	EVP_PKEY_free(pkey);

-	X509_free(x);

-	sk_X509_pop_free(sk,X509_free);

-	return(ret);

-	}

-int ssl3_get_key_exchange(SSL *s)

-	{

-#ifndef OPENSSL_NO_RSA

-	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];

-#endif

-	EVP_MD_CTX md_ctx;

-	unsigned char *param,*p;

-	int al,i,j,param_len,ok;

-	long n,alg;

-	EVP_PKEY *pkey=NULL;

-#ifndef OPENSSL_NO_RSA

-	RSA *rsa=NULL;

-#endif

-#ifndef OPENSSL_NO_DH

-	DH *dh=NULL;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *ecdh = NULL;

-	BN_CTX *bn_ctx = NULL;

-	EC_POINT *srvr_ecpoint = NULL;

-	int curve_nid = 0;

-	int encoded_pt_len = 0;

-#endif

-	/* use same message size as in ssl3_get_certificate_request()

-	 * as ServerKeyExchange message may be skipped */

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_KEY_EXCH_A,

-		SSL3_ST_CR_KEY_EXCH_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)

-		{

-		s->s3->tmp.reuse_message=1;

-		return(1);

-		}

-	param=p=(unsigned char *)s->init_msg;

-	if (s->session->sess_cert != NULL)

-		{

-#ifndef OPENSSL_NO_RSA

-		if (s->session->sess_cert->peer_rsa_tmp != NULL)

-			{

-			RSA_free(s->session->sess_cert->peer_rsa_tmp);

-			s->session->sess_cert->peer_rsa_tmp=NULL;

-			}

-#endif

-#ifndef OPENSSL_NO_DH

-		if (s->session->sess_cert->peer_dh_tmp)

-			{

-			DH_free(s->session->sess_cert->peer_dh_tmp);

-			s->session->sess_cert->peer_dh_tmp=NULL;

-			}

-#endif

-#ifndef OPENSSL_NO_ECDH

-		if (s->session->sess_cert->peer_ecdh_tmp)

-			{

-			EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);

-			s->session->sess_cert->peer_ecdh_tmp=NULL;

-			}

-#endif

-		}

-	else

-		{

-		s->session->sess_cert=ssl_sess_cert_new();

-		}

-	param_len=0;

-	alg=s->s3->tmp.new_cipher->algorithms;

-	EVP_MD_CTX_init(&md_ctx);

-#ifndef OPENSSL_NO_RSA

-	if (alg & SSL_kRSA)

-		{

-		if ((rsa=RSA_new()) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		n2s(p,i);

-		param_len=i+2;

-		if (param_len > n)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);

-			goto f_err;

-			}

-		if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);

-			goto err;

-			}

-		p+=i;

-		n2s(p,i);

-		param_len+=i+2;

-		if (param_len > n)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);

-			goto f_err;

-			}

-		if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);

-			goto err;

-			}

-		p+=i;

-		n-=param_len;

-		/* this should be because we are using an export cipher */

-		if (alg & SSL_aRSA)

-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);

-		else

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		s->session->sess_cert->peer_rsa_tmp=rsa;

-		rsa=NULL;

-		}

-#else /* OPENSSL_NO_RSA */

-	if (0)

-		;

-#endif

-#ifndef OPENSSL_NO_DH

-	else if (alg & SSL_kEDH)

-		{

-		if ((dh=DH_new()) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);

-			goto err;

-			}

-		n2s(p,i);

-		param_len=i+2;

-		if (param_len > n)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);

-			goto f_err;

-			}

-		if (!(dh->p=BN_bin2bn(p,i,NULL)))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);

-			goto err;

-			}

-		p+=i;

-		n2s(p,i);

-		param_len+=i+2;

-		if (param_len > n)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);

-			goto f_err;

-			}

-		if (!(dh->g=BN_bin2bn(p,i,NULL)))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);

-			goto err;

-			}

-		p+=i;

-		n2s(p,i);

-		param_len+=i+2;

-		if (param_len > n)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);

-			goto f_err;

-			}

-		if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);

-			goto err;

-			}

-		p+=i;

-		n-=param_len;

-#ifndef OPENSSL_NO_RSA

-		if (alg & SSL_aRSA)

-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);

-#else

-		if (0)

-			;

-#endif

-#ifndef OPENSSL_NO_DSA

-		else if (alg & SSL_aDSS)

-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);

-#endif

-		/* else anonymous DH, so no certificate or pkey. */

-		s->session->sess_cert->peer_dh_tmp=dh;

-		dh=NULL;

-		}

-	else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))

-		{

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);

-		goto f_err;

-		}

-#endif /* !OPENSSL_NO_DH */

-#ifndef OPENSSL_NO_ECDH

-	else if (alg & SSL_kECDHE)

-		{

-		EC_GROUP *ngroup;

-		const EC_GROUP *group;

-		if ((ecdh=EC_KEY_new()) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		/* Extract elliptic curve parameters and the

-		 * server's ephemeral ECDH public key.

-		 * Keep accumulating lengths of various components in

-		 * param_len and make sure it never exceeds n.

-		 */

-		/* XXX: For now we only support named (not generic) curves

-		 * and the ECParameters in this case is just three bytes.

-		 */

-		param_len=3;

-		if ((param_len > n) ||

-		    (*p != NAMED_CURVE_TYPE) ||

-		    ((curve_nid = curve_id2nid(*(p + 2))) == 0))

-			{

-			al=SSL_AD_INTERNAL_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);

-			goto f_err;

-			}

-		ngroup = EC_GROUP_new_by_curve_name(curve_nid);

-		if (ngroup == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);

-			goto err;

-			}

-		if (EC_KEY_set_group(ecdh, ngroup) == 0)

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);

-			goto err;

-			}

-		EC_GROUP_free(ngroup);

-		group = EC_KEY_get0_group(ecdh);

-		if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&

-		    (EC_GROUP_get_degree(group) > 163))

-			{

-			al=SSL_AD_EXPORT_RESTRICTION;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);

-			goto f_err;

-			}

-		p+=3;

-		/* Next, get the encoded ECPoint */

-		if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||

-		    ((bn_ctx = BN_CTX_new()) == NULL))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		encoded_pt_len = *p;  /* length of encoded point */

-		p+=1;

-		param_len += (1 + encoded_pt_len);

-		if ((param_len > n) ||

-		    (EC_POINT_oct2point(group, srvr_ecpoint,

-			p, encoded_pt_len, bn_ctx) == 0))

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);

-			goto f_err;

-			}

-		n-=param_len;

-		p+=encoded_pt_len;

-		/* The ECC/TLS specification does not mention

-		 * the use of DSA to sign ECParameters in the server

-		 * key exchange message. We do support RSA and ECDSA.

-		 */

-		if (0) ;

-#ifndef OPENSSL_NO_RSA

-		else if (alg & SSL_aRSA)

-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		else if (alg & SSL_aECDSA)

-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);

-#endif

-		/* else anonymous ECDH, so no certificate or pkey. */

-		EC_KEY_set_public_key(ecdh, srvr_ecpoint);

-		s->session->sess_cert->peer_ecdh_tmp=ecdh;

-		ecdh=NULL;

-		BN_CTX_free(bn_ctx);

-		EC_POINT_free(srvr_ecpoint);

-		srvr_ecpoint = NULL;

-		}

-	else if (alg & SSL_kECDH)

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);

-		goto f_err;

-		}

-#endif /* !OPENSSL_NO_ECDH */

-	if (alg & SSL_aFZA)

-		{

-		al=SSL_AD_HANDSHAKE_FAILURE;

-		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);

-		goto f_err;

-		}

-	/* p points to the next byte, there are 'n' bytes left */

-	/* if it was signed, check the signature */

-	if (pkey != NULL)

-		{

-		n2s(p,i);

-		n-=2;

-		j=EVP_PKEY_size(pkey);

-		if ((i != n) || (n > j) || (n <= 0))

-			{

-			/* wrong packet length */

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);

-			goto f_err;

-			}

-#ifndef OPENSSL_NO_RSA

-		if (pkey->type == EVP_PKEY_RSA)

-			{

-			int num;

-			j=0;

-			q=md_buf;

-			for (num=2; num > 0; num--)

-				{

-				EVP_DigestInit_ex(&md_ctx,(num == 2)

-					?s->ctx->md5:s->ctx->sha1, NULL);

-				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-				EVP_DigestUpdate(&md_ctx,param,param_len);

-				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);

-				q+=i;

-				j+=i;

-				}

-			i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,

-								pkey->pkey.rsa);

-			if (i < 0)

-				{

-				al=SSL_AD_DECRYPT_ERROR;

-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);

-				goto f_err;

-				}

-			if (i == 0)

-				{

-				/* bad signature */

-				al=SSL_AD_DECRYPT_ERROR;

-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);

-				goto f_err;

-				}

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-			if (pkey->type == EVP_PKEY_DSA)

-			{

-			/* lets do DSS */

-			EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);

-			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-			EVP_VerifyUpdate(&md_ctx,param,param_len);

-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))

-				{

-				/* bad signature */

-				al=SSL_AD_DECRYPT_ERROR;

-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);

-				goto f_err;

-				}

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_ECDSA

-			if (pkey->type == EVP_PKEY_EC)

-			{

-			/* let's do ECDSA */

-			EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);

-			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-			EVP_VerifyUpdate(&md_ctx,param,param_len);

-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))

-				{

-				/* bad signature */

-				al=SSL_AD_DECRYPT_ERROR;

-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);

-				goto f_err;

-				}

-			}

-		else

-#endif

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		}

-	else

-		{

-		/* still data left over */

-		if (!(alg & SSL_aNULL))

-			{

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		if (n != 0)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);

-			goto f_err;

-			}

-		}

-	EVP_PKEY_free(pkey);

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	EVP_PKEY_free(pkey);

-#ifndef OPENSSL_NO_RSA

-	if (rsa != NULL)

-		RSA_free(rsa);

-#endif

-#ifndef OPENSSL_NO_DH

-	if (dh != NULL)

-		DH_free(dh);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	BN_CTX_free(bn_ctx);

-	EC_POINT_free(srvr_ecpoint);

-	if (ecdh != NULL)

-		EC_KEY_free(ecdh);

-#endif

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return(-1);

-	}

-int ssl3_get_certificate_request(SSL *s)

-	{

-	int ok,ret=0;

-	unsigned long n,nc,l;

-	unsigned int llen,ctype_num,i;

-	X509_NAME *xn=NULL;

-	const unsigned char *p,*q;

-	unsigned char *d;

-	STACK_OF(X509_NAME) *ca_sk=NULL;

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_CERT_REQ_A,

-		SSL3_ST_CR_CERT_REQ_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	s->s3->tmp.cert_req=0;

-	if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)

-		{

-		s->s3->tmp.reuse_message=1;

-		return(1);

-		}

-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)

-		{

-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);

-		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);

-		goto err;

-		}

-	/* TLS does not like anon-DH with client cert */

-	if (s->version > SSL3_VERSION)

-		{

-		l=s->s3->tmp.new_cipher->algorithms;

-		if (l & SSL_aNULL)

-			{

-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);

-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);

-			goto err;

-			}

-		}

-	p=d=(unsigned char *)s->init_msg;

-	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)

-		{

-		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	/* get the certificate types */

-	ctype_num= *(p++);

-	if (ctype_num > SSL3_CT_NUMBER)

-		ctype_num=SSL3_CT_NUMBER;

-	for (i=0; i<ctype_num; i++)

-		s->s3->tmp.ctype[i]= p[i];

-	p+=ctype_num;

-	/* get the CA RDNs */

-	n2s(p,llen);

-#if 0

-{

-FILE *out;

-out=fopen("/tmp/vsign.der","w");

-fwrite(p,1,llen,out);

-fclose(out);

-}

-#endif

-	if ((llen+ctype_num+2+1) != n)

-		{

-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);

-		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);

-		goto err;

-		}

-	for (nc=0; nc<llen; )

-		{

-		n2s(p,l);

-		if ((l+nc+2) > llen)

-			{

-			if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))

-				goto cont; /* netscape bugs */

-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);

-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);

-			goto err;

-			}

-		q=p;

-		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)

-			{

-			/* If netscape tolerance is on, ignore errors */

-			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)

-				goto cont;

-			else

-				{

-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);

-				SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);

-				goto err;

-				}

-			}

-		if (q != (p+l))

-			{

-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);

-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);

-			goto err;

-			}

-		if (!sk_X509_NAME_push(ca_sk,xn))

-			{

-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		p+=l;

-		nc+=l+2;

-		}

-	if (0)

-		{

-cont:

-		ERR_clear_error();

-		}

-	/* we should setup a certificate to return.... */

-	s->s3->tmp.cert_req=1;

-	s->s3->tmp.ctype_num=ctype_num;

-	if (s->s3->tmp.ca_names != NULL)

-		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);

-	s->s3->tmp.ca_names=ca_sk;

-	ca_sk=NULL;

-	ret=1;

-err:

-	if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);

-	return(ret);

-	}

-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)

-	{

-	return(X509_NAME_cmp(*a,*b));

-	}

-#ifndef OPENSSL_NO_TLSEXT

-int ssl3_get_new_session_ticket(SSL *s)

-	{

-	int ok,al,ret=0, ticklen;

-	long n;

-	const unsigned char *p;

-	unsigned char *d;

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_SESSION_TICKET_A,

-		SSL3_ST_CR_SESSION_TICKET_B,

-		-1,

-		16384,

-		&ok);

-	if (!ok)

-		return((int)n);

-	if (s->s3->tmp.message_type == SSL3_MT_FINISHED)

-		{

-		s->s3->tmp.reuse_message=1;

-		return(1);

-		}

-	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);

-		goto f_err;

-		}

-	if (n < 6)

-		{

-		/* need at least ticket_lifetime_hint + ticket length */

-		al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);

-		goto f_err;

-		}

-	p=d=(unsigned char *)s->init_msg;

-	n2l(p, s->session->tlsext_tick_lifetime_hint);

-	n2s(p, ticklen);

-	/* ticket_lifetime_hint + ticket_length + ticket */

-	if (ticklen + 6 != n)

-		{

-		al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);

-		goto f_err;

-		}

-	if (s->session->tlsext_tick)

-		{

-		OPENSSL_free(s->session->tlsext_tick);

-		s->session->tlsext_ticklen = 0;

-		}

-	s->session->tlsext_tick = OPENSSL_malloc(ticklen);

-	if (!s->session->tlsext_tick)

-		{

-		SSLerr(SSL_F_SSL3_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	memcpy(s->session->tlsext_tick, p, ticklen);

-	s->session->tlsext_ticklen = ticklen;

-	ret=1;

-	return(ret);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(-1);

-	}

-#endif

-int ssl3_get_server_done(SSL *s)

-	{

-	int ok,ret=0;

-	long n;

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_SRVR_DONE_A,

-		SSL3_ST_CR_SRVR_DONE_B,

-		SSL3_MT_SERVER_DONE,

-		30, /* should be very small, like 0 :-) */

-		&ok);

-	if (!ok) return((int)n);

-	if (n > 0)

-		{

-		/* should contain no data */

-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);

-		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);

-		return -1;

-		}

-	ret=1;

-	return(ret);

-	}

-int ssl3_send_client_key_exchange(SSL *s)

-	{

-	unsigned char *p,*d;

-	int n;

-	unsigned long l;

-#ifndef OPENSSL_NO_RSA

-	unsigned char *q;

-	EVP_PKEY *pkey=NULL;

-#endif

-#ifndef OPENSSL_NO_KRB5

-	KSSL_ERR kssl_err;

-#endif /* OPENSSL_NO_KRB5 */

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *clnt_ecdh = NULL;

-	const EC_POINT *srvr_ecpoint = NULL;

-	EVP_PKEY *srvr_pub_pkey = NULL;

-	unsigned char *encodedPoint = NULL;

-	int encoded_pt_len = 0;

-	BN_CTX * bn_ctx = NULL;

-#endif

-	if (s->state == SSL3_ST_CW_KEY_EXCH_A)

-		{

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[4]);

-		l=s->s3->tmp.new_cipher->algorithms;

-		/* Fool emacs indentation */

-		if (0) {}

-#ifndef OPENSSL_NO_RSA

-		else if (l & SSL_kRSA)

-			{

-			RSA *rsa;

-			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];

-			if (s->session->sess_cert->peer_rsa_tmp != NULL)

-				rsa=s->session->sess_cert->peer_rsa_tmp;

-			else

-				{

-				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);

-				if ((pkey == NULL) ||

-					(pkey->type != EVP_PKEY_RSA) ||

-					(pkey->pkey.rsa == NULL))

-					{

-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

-					goto err;

-					}

-				rsa=pkey->pkey.rsa;

-				EVP_PKEY_free(pkey);

-				}

-			tmp_buf[0]=s->client_version>>8;

-			tmp_buf[1]=s->client_version&0xff;

-			if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)

-					goto err;

-			s->session->master_key_length=sizeof tmp_buf;

-			q=p;

-			/* Fix buf for TLS and beyond */

-			if (s->version > SSL3_VERSION)

-				p+=2;

-			n=RSA_public_encrypt(sizeof tmp_buf,

-				tmp_buf,p,rsa,RSA_PKCS1_PADDING);

-#ifdef PKCS1_CHECK

-			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;

-			if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;

-#endif

-			if (n <= 0)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);

-				goto err;

-				}

-			/* Fix buf for TLS and beyond */

-			if (s->version > SSL3_VERSION)

-				{

-				s2n(n,q);

-				n+=2;

-				}

-			s->session->master_key_length=

-				s->method->ssl3_enc->generate_master_secret(s,

-					s->session->master_key,

-					tmp_buf,sizeof tmp_buf);

-			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);

-			}

-#endif

-#ifndef OPENSSL_NO_KRB5

-		else if (l & SSL_kKRB5)

-			{

-			krb5_error_code	krb5rc;

-			KSSL_CTX	*kssl_ctx = s->kssl_ctx;

-			/*  krb5_data	krb5_ap_req;  */

-			krb5_data	*enc_ticket;

-			krb5_data	authenticator, *authp = NULL;

-			EVP_CIPHER_CTX	ciph_ctx;

-			EVP_CIPHER	*enc = NULL;

-			unsigned char	iv[EVP_MAX_IV_LENGTH];

-			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];

-			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH

-						+ EVP_MAX_IV_LENGTH];

-			int 		padl, outl = sizeof(epms);

-			EVP_CIPHER_CTX_init(&ciph_ctx);

-#ifdef KSSL_DEBUG

-			printf("ssl3_send_client_key_exchange(%lx & %lx)\n",

-			        l, SSL_kKRB5);

-#endif	/* KSSL_DEBUG */

-			authp = NULL;

-#ifdef KRB5SENDAUTH

-			if (KRB5SENDAUTH)  authp = &authenticator;

-#endif	/* KRB5SENDAUTH */

-			krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,

-				&kssl_err);

-			enc = kssl_map_enc(kssl_ctx->enctype);

-			if (enc == NULL)

-			    goto err;

-#ifdef KSSL_DEBUG

-			{

-			printf("kssl_cget_tkt rtn %d\n", krb5rc);

-			if (krb5rc && kssl_err.text)

-			  printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);

-			}

-#endif	/* KSSL_DEBUG */

-			if (krb5rc)

-				{

-				ssl3_send_alert(s,SSL3_AL_FATAL,

-						SSL_AD_HANDSHAKE_FAILURE);

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

-						kssl_err.reason);

-				goto err;

-				}

-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ

-			**  in place of RFC 2712 KerberosWrapper, as in:

-			**

-			**  Send ticket (copy to *p, set n = length)

-			**  n = krb5_ap_req.length;

-			**  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);

-			**  if (krb5_ap_req.data)

-			**    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);

-			**

-			**  Now using real RFC 2712 KerberosWrapper

-			**  (Thanks to Simon Wilkinson <[email protected]>)

-			**  Note: 2712 "opaque" types are here replaced

-			**  with a 2-byte length followed by the value.

-			**  Example:

-			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms

-			**  Where "xx xx" = length bytes.  Shown here with

-			**  optional authenticator omitted.

-			*/

-			/*  KerberosWrapper.Ticket		*/

-			s2n(enc_ticket->length,p);

-			memcpy(p, enc_ticket->data, enc_ticket->length);

-			p+= enc_ticket->length;

-			n = enc_ticket->length + 2;

-			/*  KerberosWrapper.Authenticator	*/

-			if (authp  &&  authp->length)

-				{

-				s2n(authp->length,p);

-				memcpy(p, authp->data, authp->length);

-				p+= authp->length;

-				n+= authp->length + 2;

-				free(authp->data);

-				authp->data = NULL;

-				authp->length = 0;

-				}

-			else

-				{

-				s2n(0,p);/*  null authenticator length	*/

-				n+=2;

-				}

-			    tmp_buf[0]=s->client_version>>8;

-			    tmp_buf[1]=s->client_version&0xff;

-			    if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)

-				goto err;

-			/*  20010420 VRS.  Tried it this way; failed.

-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);

-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,

-			**				kssl_ctx->length);

-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);

-			*/

-			memset(iv, 0, sizeof iv);  /* per RFC 1510 */

-			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,

-				kssl_ctx->key,iv);

-			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,

-				sizeof tmp_buf);

-			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);

-			outl += padl;

-			if (outl > sizeof epms)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			EVP_CIPHER_CTX_cleanup(&ciph_ctx);

-			/*  KerberosWrapper.EncryptedPreMasterSecret	*/

-			s2n(outl,p);

-			memcpy(p, epms, outl);

-			p+=outl;

-			n+=outl + 2;

-			s->session->master_key_length=

-			        s->method->ssl3_enc->generate_master_secret(s,

-					s->session->master_key,

-					tmp_buf, sizeof tmp_buf);

-			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);

-			OPENSSL_cleanse(epms, outl);

-			}

-#endif

-#ifndef OPENSSL_NO_DH

-		else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

-			{

-			DH *dh_srvr,*dh_clnt;

-			if (s->session->sess_cert->peer_dh_tmp != NULL)

-				dh_srvr=s->session->sess_cert->peer_dh_tmp;

-			else

-				{

-				/* we get them from the cert */

-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);

-				goto err;

-				}

-			/* generate a new random key */

-			if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			if (!DH_generate_key(dh_clnt))

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			/* use the 'p' output buffer for the DH key, but

-			 * make sure to clear it out afterwards */

-			n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);

-			if (n <= 0)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			/* generate master key from the result */

-			s->session->master_key_length=

-				s->method->ssl3_enc->generate_master_secret(s,

-					s->session->master_key,p,n);

-			/* clean up */

-			memset(p,0,n);

-			/* send off the data */

-			n=BN_num_bytes(dh_clnt->pub_key);

-			s2n(n,p);

-			BN_bn2bin(dh_clnt->pub_key,p);

-			n+=2;

-			DH_free(dh_clnt);

-			/* perhaps clean things up a bit EAY EAY EAY EAY*/

-			}

-#endif

-#ifndef OPENSSL_NO_ECDH

-		else if ((l & SSL_kECDH) || (l & SSL_kECDHE))

-			{

-			const EC_GROUP *srvr_group = NULL;

-			EC_KEY *tkey;

-			int ecdh_clnt_cert = 0;

-			int field_size = 0;

-			/* Did we send out the client's

-			 * ECDH share for use in premaster

-			 * computation as part of client certificate?

-			 * If so, set ecdh_clnt_cert to 1.

-			 */

-			if ((l & SSL_kECDH) && (s->cert != NULL))

-				{

-				/* XXX: For now, we do not support client

-				 * authentication using ECDH certificates.

-				 * To add such support, one needs to add

-				 * code that checks for appropriate

-				 * conditions and sets ecdh_clnt_cert to 1.

-				 * For example, the cert have an ECC

-				 * key on the same curve as the server's

-				 * and the key should be authorized for

-				 * key agreement.

-				 *

-				 * One also needs to add code in ssl3_connect

-				 * to skip sending the certificate verify

-				 * message.

-				 *

-				 * if ((s->cert->key->privatekey != NULL) &&

-				 *     (s->cert->key->privatekey->type ==

-				 *      EVP_PKEY_EC) && ...)

-				 * ecdh_clnt_cert = 1;

-				 */

-				}

-			if (s->session->sess_cert->peer_ecdh_tmp != NULL)

-				{

-				tkey = s->session->sess_cert->peer_ecdh_tmp;

-				}

-			else

-				{

-				/* Get the Server Public Key from Cert */

-				srvr_pub_pkey = X509_get_pubkey(s->session-> \

-				    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);

-				if ((srvr_pub_pkey == NULL) ||

-				    (srvr_pub_pkey->type != EVP_PKEY_EC) ||

-				    (srvr_pub_pkey->pkey.ec == NULL))

-					{

-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

-					    ERR_R_INTERNAL_ERROR);

-					goto err;

-					}

-				tkey = srvr_pub_pkey->pkey.ec;

-				}

-			srvr_group   = EC_KEY_get0_group(tkey);

-			srvr_ecpoint = EC_KEY_get0_public_key(tkey);

-			if ((srvr_group == NULL) || (srvr_ecpoint == NULL))

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

-				    ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			if ((clnt_ecdh=EC_KEY_new()) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			if (!EC_KEY_set_group(clnt_ecdh, srvr_group))

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);

-				goto err;

-				}

-			if (ecdh_clnt_cert)

-				{

-				/* Reuse key info from our certificate

-				 * We only need our private key to perform

-				 * the ECDH computation.

-				 */

-				const BIGNUM *priv_key;

-				tkey = s->cert->key->privatekey->pkey.ec;

-				priv_key = EC_KEY_get0_private_key(tkey);

-				if (priv_key == NULL)

-					{

-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))

-					{

-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);

-					goto err;

-					}

-				}

-			else

-				{

-				/* Generate a new ECDH key pair */

-				if (!(EC_KEY_generate_key(clnt_ecdh)))

-					{

-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);

-					goto err;

-					}

-				}

-			/* use the 'p' output buffer for the ECDH key, but

-			 * make sure to clear it out afterwards

-			 */

-			field_size = EC_GROUP_get_degree(srvr_group);

-			if (field_size <= 0)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

-				       ERR_R_ECDH_LIB);

-				goto err;

-				}

-			n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);

-			if (n <= 0)

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

-				       ERR_R_ECDH_LIB);

-				goto err;

-				}

-			/* generate master key from the result */

-			s->session->master_key_length = s->method->ssl3_enc \

-			    -> generate_master_secret(s,

-				s->session->master_key,

-				p, n);

-			memset(p, 0, n); /* clean up */

-			if (ecdh_clnt_cert)

-				{

-				/* Send empty client key exch message */

-				n = 0;

-				}

-			else

-				{

-				/* First check the size of encoding and

-				 * allocate memory accordingly.

-				 */

-				encoded_pt_len =

-				    EC_POINT_point2oct(srvr_group,

-					EC_KEY_get0_public_key(clnt_ecdh),

-					POINT_CONVERSION_UNCOMPRESSED,

-					NULL, 0, NULL);

-				encodedPoint = (unsigned char *)

-				    OPENSSL_malloc(encoded_pt_len *

-					sizeof(unsigned char));

-				bn_ctx = BN_CTX_new();

-				if ((encodedPoint == NULL) ||

-				    (bn_ctx == NULL))

-					{

-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-					goto err;

-					}

-				/* Encode the public key */

-				n = EC_POINT_point2oct(srvr_group,

-				    EC_KEY_get0_public_key(clnt_ecdh),

-				    POINT_CONVERSION_UNCOMPRESSED,

-				    encodedPoint, encoded_pt_len, bn_ctx);

-				*p = n; /* length of encoded point */

-				/* Encoded point will be copied here */

-				p += 1;

-				/* copy the point */

-				memcpy((unsigned char *)p, encodedPoint, n);

-				/* increment n to account for length field */

-				n += 1;

-				}

-			/* Free allocated memory */

-			BN_CTX_free(bn_ctx);

-			if (encodedPoint != NULL) OPENSSL_free(encodedPoint);

-			if (clnt_ecdh != NULL)

-				 EC_KEY_free(clnt_ecdh);

-			EVP_PKEY_free(srvr_pub_pkey);

-			}

-#endif /* !OPENSSL_NO_ECDH */

-		else

-			{

-			ssl3_send_alert(s, SSL3_AL_FATAL,

-			    SSL_AD_HANDSHAKE_FAILURE);

-			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

-			    ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;

-		l2n3(n,d);

-		s->state=SSL3_ST_CW_KEY_EXCH_B;

-		/* number of bytes to write */

-		s->init_num=n+4;

-		s->init_off=0;

-		}

-	/* SSL3_ST_CW_KEY_EXCH_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-#ifndef OPENSSL_NO_ECDH

-	BN_CTX_free(bn_ctx);

-	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);

-	if (clnt_ecdh != NULL)

-		EC_KEY_free(clnt_ecdh);

-	EVP_PKEY_free(srvr_pub_pkey);

-#endif

-	return(-1);

-	}

-int ssl3_send_client_verify(SSL *s)

-	{

-	unsigned char *p,*d;

-	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];

-	EVP_PKEY *pkey;

-#ifndef OPENSSL_NO_RSA

-	unsigned u=0;

-#endif

-	unsigned long n;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)

-	int j;

-#endif

-	if (s->state == SSL3_ST_CW_CERT_VRFY_A)

-		{

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[4]);

-		pkey=s->cert->key->privatekey;

-		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),

-			&(data[MD5_DIGEST_LENGTH]));

-#ifndef OPENSSL_NO_RSA

-		if (pkey->type == EVP_PKEY_RSA)

-			{

-			s->method->ssl3_enc->cert_verify_mac(s,

-				&(s->s3->finish_dgst1),&(data[0]));

-			if (RSA_sign(NID_md5_sha1, data,

-					 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,

-					&(p[2]), &u, pkey->pkey.rsa) <= 0 )

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);

-				goto err;

-				}

-			s2n(u,p);

-			n=u+2;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DSA

-			if (pkey->type == EVP_PKEY_DSA)

-			{

-			if (!DSA_sign(pkey->save_type,

-				&(data[MD5_DIGEST_LENGTH]),

-				SHA_DIGEST_LENGTH,&(p[2]),

-				(unsigned int *)&j,pkey->pkey.dsa))

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);

-				goto err;

-				}

-			s2n(j,p);

-			n=j+2;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_ECDSA

-			if (pkey->type == EVP_PKEY_EC)

-			{

-			if (!ECDSA_sign(pkey->save_type,

-				&(data[MD5_DIGEST_LENGTH]),

-				SHA_DIGEST_LENGTH,&(p[2]),

-				(unsigned int *)&j,pkey->pkey.ec))

-				{

-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,

-				    ERR_R_ECDSA_LIB);

-				goto err;

-				}

-			s2n(j,p);

-			n=j+2;

-			}

-		else

-#endif

-			{

-			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);

-			goto err;

-			}

-		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;

-		l2n3(n,d);

-		s->state=SSL3_ST_CW_CERT_VRFY_B;

-		s->init_num=(int)n+4;

-		s->init_off=0;

-		}

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-int ssl3_send_client_certificate(SSL *s)

-	{

-	X509 *x509=NULL;

-	EVP_PKEY *pkey=NULL;

-	int i;

-	unsigned long l;

-	if (s->state ==	SSL3_ST_CW_CERT_A)

-		{

-		if ((s->cert == NULL) ||

-			(s->cert->key->x509 == NULL) ||

-			(s->cert->key->privatekey == NULL))

-			s->state=SSL3_ST_CW_CERT_B;

-		else

-			s->state=SSL3_ST_CW_CERT_C;

-		}

-	/* We need to get a client cert */

-	if (s->state == SSL3_ST_CW_CERT_B)

-		{

-		/* If we get an error, we need to

-		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);

-		 * We then get retied later */

-		i=0;

-		if (s->ctx->client_cert_cb != NULL)

-			i=s->ctx->client_cert_cb(s,&(x509),&(pkey));

-		if (i < 0)

-			{

-			s->rwstate=SSL_X509_LOOKUP;

-			return(-1);

-			}

-		s->rwstate=SSL_NOTHING;

-		if ((i == 1) && (pkey != NULL) && (x509 != NULL))

-			{

-			s->state=SSL3_ST_CW_CERT_B;

-			if (	!SSL_use_certificate(s,x509) ||

-				!SSL_use_PrivateKey(s,pkey))

-				i=0;

-			}

-		else if (i == 1)

-			{

-			i=0;

-			SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);

-			}

-		if (x509 != NULL) X509_free(x509);

-		if (pkey != NULL) EVP_PKEY_free(pkey);

-		if (i == 0)

-			{

-			if (s->version == SSL3_VERSION)

-				{

-				s->s3->tmp.cert_req=0;

-				ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);

-				return(1);

-				}

-			else

-				{

-				s->s3->tmp.cert_req=2;

-				}

-			}

-		/* Ok, we have a cert */

-		s->state=SSL3_ST_CW_CERT_C;

-		}

-	if (s->state == SSL3_ST_CW_CERT_C)

-		{

-		s->state=SSL3_ST_CW_CERT_D;

-		l=ssl3_output_cert_chain(s,

-			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);

-		s->init_num=(int)l;

-		s->init_off=0;

-		}

-	/* SSL3_ST_CW_CERT_D */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-#define has_bits(i,m)	(((i)&(m)) == (m))

-int ssl3_check_cert_and_algorithm(SSL *s)

-	{

-	int i,idx;

-	long algs;

-	EVP_PKEY *pkey=NULL;

-	SESS_CERT *sc;

-#ifndef OPENSSL_NO_RSA

-	RSA *rsa;

-#endif

-#ifndef OPENSSL_NO_DH

-	DH *dh;

-#endif

-	sc=s->session->sess_cert;

-	algs=s->s3->tmp.new_cipher->algorithms;

-	/* we don't have a certificate */

-	if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))

-		return(1);

-	if (sc == NULL)

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);

-		goto err;

-		}

-#ifndef OPENSSL_NO_RSA

-	rsa=s->session->sess_cert->peer_rsa_tmp;

-#endif

-#ifndef OPENSSL_NO_DH

-	dh=s->session->sess_cert->peer_dh_tmp;

-#endif

-	/* This is the passed certificate */

-	idx=sc->peer_cert_type;

-#ifndef OPENSSL_NO_ECDH

-	if (idx == SSL_PKEY_ECC)

-		{

-		if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,

-		    s->s3->tmp.new_cipher) == 0)

-			{ /* check failed */

-			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);

-			goto f_err;

-			}

-		else

-			{

-			return 1;

-			}

-		}

-#endif

-	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);

-	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);

-	EVP_PKEY_free(pkey);

-	/* Check that we have a certificate if we require one */

-	if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);

-		goto f_err;

-		}

-#ifndef OPENSSL_NO_DSA

-	else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);

-		goto f_err;

-		}

-#endif

-#ifndef OPENSSL_NO_RSA

-	if ((algs & SSL_kRSA) &&

-		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);

-		goto f_err;

-		}

-#endif

-#ifndef OPENSSL_NO_DH

-	if ((algs & SSL_kEDH) &&

-		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);

-		goto f_err;

-		}

-	else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);

-		goto f_err;

-		}

-#ifndef OPENSSL_NO_DSA

-	else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))

-		{

-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);

-		goto f_err;

-		}

-#endif

-#endif

-	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))

-		{

-#ifndef OPENSSL_NO_RSA

-		if (algs & SSL_kRSA)

-			{

-			if (rsa == NULL

-			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))

-				{

-				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);

-				goto f_err;

-				}

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DH

-			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

-			    {

-			    if (dh == NULL

-				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))

-				{

-				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);

-				goto f_err;

-				}

-			}

-		else

-#endif

-			{

-			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);

-			goto f_err;

-			}

-		}

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);

-err:

-	return(0);

-	}

-#ifndef OPENSSL_NO_ECDH

-/* This is the complement of nid2curve_id in s3_srvr.c. */

-static int curve_id2nid(int curve_id)

-{

-	/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)

-	 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */

-	static int nid_list[26] =

-	{

-		0,

-		NID_sect163k1, /* sect163k1 (1) */

-		NID_sect163r1, /* sect163r1 (2) */

-		NID_sect163r2, /* sect163r2 (3) */

-		NID_sect193r1, /* sect193r1 (4) */

-		NID_sect193r2, /* sect193r2 (5) */

-		NID_sect233k1, /* sect233k1 (6) */

-		NID_sect233r1, /* sect233r1 (7) */

-		NID_sect239k1, /* sect239k1 (8) */

-		NID_sect283k1, /* sect283k1 (9) */

-		NID_sect283r1, /* sect283r1 (10) */

-		NID_sect409k1, /* sect409k1 (11) */

-		NID_sect409r1, /* sect409r1 (12) */

-		NID_sect571k1, /* sect571k1 (13) */

-		NID_sect571r1, /* sect571r1 (14) */

-		NID_secp160k1, /* secp160k1 (15) */

-		NID_secp160r1, /* secp160r1 (16) */

-		NID_secp160r2, /* secp160r2 (17) */

-		NID_secp192k1, /* secp192k1 (18) */

-		NID_X9_62_prime192v1, /* secp192r1 (19) */

-		NID_secp224k1, /* secp224k1 (20) */

-		NID_secp224r1, /* secp224r1 (21) */

-		NID_secp256k1, /* secp256k1 (22) */

-		NID_X9_62_prime256v1, /* secp256r1 (23) */

-		NID_secp384r1, /* secp384r1 (24) */

-		NID_secp521r1  /* secp521r1 (25) */

-	};

-	if ((curve_id < 1) || (curve_id > 25)) return 0;

-	return nid_list[curve_id];

-}

-#endif

-/* Check to see if handshake is full or resumed. Usually this is just a

- * case of checking to see if a cache hit has occurred. In the case of

- * session tickets we have to check the next message to be sure.

- */

-#ifndef OPENSSL_NO_TLSEXT

-static int ssl3_check_finished(SSL *s)

-	{

-	int ok;

-	long n;

-	if (!s->session->tlsext_tick)

-		return 1;

-	/* this function is called when we really expect a Certificate

-	 * message, so permit appropriate message length */

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_CR_CERT_A,

-		SSL3_ST_CR_CERT_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	s->s3->tmp.reuse_message = 1;

-	if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)

-		|| (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))

-		return 2;

-	return 1;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/ssl/s3_enc.c

+++ /dev/null

@@ -1,720 +1,0 @@

-/* ssl/s3_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/evp.h>

-#include <openssl/md5.h>

-static unsigned char ssl3_pad_1[48]={

-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,

-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,

-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,

-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,

-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,

-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };

-static unsigned char ssl3_pad_2[48]={

-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,

-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,

-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,

-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,

-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,

-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };

-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,

-	const char *sender, int len, unsigned char *p);

-static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)

-	{

-	EVP_MD_CTX m5;

-	EVP_MD_CTX s1;

-	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];

-	unsigned char c='A';

-	unsigned int i,j,k;

-#ifdef CHARSET_EBCDIC

-	c = os_toascii[c]; /*'A' in ASCII */

-#endif

-	k=0;

-	EVP_MD_CTX_init(&m5);

-	EVP_MD_CTX_init(&s1);

-	for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)

-		{

-		k++;

-		if (k > sizeof buf)

-			{

-			/* bug: 'buf' is too small for this ciphersuite */

-			SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);

-			return 0;

-			}

-		for (j=0; j<k; j++)

-			buf[j]=c;

-		c++;

-		EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);

-		EVP_DigestUpdate(&s1,buf,k);

-		EVP_DigestUpdate(&s1,s->session->master_key,

-			s->session->master_key_length);

-		EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);

-		EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);

-		EVP_DigestFinal_ex(&s1,smd,NULL);

-		EVP_DigestInit_ex(&m5,EVP_md5(), NULL);

-		EVP_DigestUpdate(&m5,s->session->master_key,

-			s->session->master_key_length);

-		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);

-		if ((int)(i+MD5_DIGEST_LENGTH) > num)

-			{

-			EVP_DigestFinal_ex(&m5,smd,NULL);

-			memcpy(km,smd,(num-i));

-			}

-		else

-			EVP_DigestFinal_ex(&m5,km,NULL);

-		km+=MD5_DIGEST_LENGTH;

-		}

-	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);

-	EVP_MD_CTX_cleanup(&m5);

-	EVP_MD_CTX_cleanup(&s1);

-	return 1;

-	}

-int ssl3_change_cipher_state(SSL *s, int which)

-	{

-	unsigned char *p,*key_block,*mac_secret;

-	unsigned char exp_key[EVP_MAX_KEY_LENGTH];

-	unsigned char exp_iv[EVP_MAX_IV_LENGTH];

-	unsigned char *ms,*key,*iv,*er1,*er2;

-	EVP_CIPHER_CTX *dd;

-	const EVP_CIPHER *c;

-#ifndef OPENSSL_NO_COMP

-	COMP_METHOD *comp;

-#endif

-	const EVP_MD *m;

-	EVP_MD_CTX md;

-	int is_exp,n,i,j,k,cl;

-	int reuse_dd = 0;

-	is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);

-	c=s->s3->tmp.new_sym_enc;

-	m=s->s3->tmp.new_hash;

-#ifndef OPENSSL_NO_COMP

-	if (s->s3->tmp.new_compression == NULL)

-		comp=NULL;

-	else

-		comp=s->s3->tmp.new_compression->method;

-#endif

-	key_block=s->s3->tmp.key_block;

-	if (which & SSL3_CC_READ)

-		{

-		if (s->enc_read_ctx != NULL)

-			reuse_dd = 1;

-		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)

-			goto err;

-		else

-			/* make sure it's intialized in case we exit later with an error */

-			EVP_CIPHER_CTX_init(s->enc_read_ctx);

-		dd= s->enc_read_ctx;

-		s->read_hash=m;

-#ifndef OPENSSL_NO_COMP

-		/* COMPRESS */

-		if (s->expand != NULL)

-			{

-			COMP_CTX_free(s->expand);

-			s->expand=NULL;

-			}

-		if (comp != NULL)

-			{

-			s->expand=COMP_CTX_new(comp);

-			if (s->expand == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);

-				goto err2;

-				}

-			if (s->s3->rrec.comp == NULL)

-				s->s3->rrec.comp=(unsigned char *)

-					OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);

-			if (s->s3->rrec.comp == NULL)

-				goto err;

-			}

-#endif

-		memset(&(s->s3->read_sequence[0]),0,8);

-		mac_secret= &(s->s3->read_mac_secret[0]);

-		}

-	else

-		{

-		if (s->enc_write_ctx != NULL)

-			reuse_dd = 1;

-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)

-			goto err;

-		else

-			/* make sure it's intialized in case we exit later with an error */

-			EVP_CIPHER_CTX_init(s->enc_write_ctx);

-		dd= s->enc_write_ctx;

-		s->write_hash=m;

-#ifndef OPENSSL_NO_COMP

-		/* COMPRESS */

-		if (s->compress != NULL)

-			{

-			COMP_CTX_free(s->compress);

-			s->compress=NULL;

-			}

-		if (comp != NULL)

-			{

-			s->compress=COMP_CTX_new(comp);

-			if (s->compress == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);

-				goto err2;

-				}

-			}

-#endif

-		memset(&(s->s3->write_sequence[0]),0,8);

-		mac_secret= &(s->s3->write_mac_secret[0]);

-		}

-	if (reuse_dd)

-		EVP_CIPHER_CTX_cleanup(dd);

-	p=s->s3->tmp.key_block;

-	i=EVP_MD_size(m);

-	cl=EVP_CIPHER_key_length(c);

-	j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?

-		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;

-	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */

-	k=EVP_CIPHER_iv_length(c);

-	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||

-		(which == SSL3_CHANGE_CIPHER_SERVER_READ))

-		{

-		ms=  &(p[ 0]); n=i+i;

-		key= &(p[ n]); n+=j+j;

-		iv=  &(p[ n]); n+=k+k;

-		er1= &(s->s3->client_random[0]);

-		er2= &(s->s3->server_random[0]);

-		}

-	else

-		{

-		n=i;

-		ms=  &(p[ n]); n+=i+j;

-		key= &(p[ n]); n+=j+k;

-		iv=  &(p[ n]); n+=k;

-		er1= &(s->s3->server_random[0]);

-		er2= &(s->s3->client_random[0]);

-		}

-	if (n > s->s3->tmp.key_block_length)

-		{

-		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);

-		goto err2;

-		}

-	EVP_MD_CTX_init(&md);

-	memcpy(mac_secret,ms,i);

-	if (is_exp)

-		{

-		/* In here I set both the read and write key/iv to the

-		 * same value since only the correct one will be used :-).

-		 */

-		EVP_DigestInit_ex(&md,EVP_md5(), NULL);

-		EVP_DigestUpdate(&md,key,j);

-		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);

-		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);

-		EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);

-		key= &(exp_key[0]);

-		if (k > 0)

-			{

-			EVP_DigestInit_ex(&md,EVP_md5(), NULL);

-			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);

-			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);

-			EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);

-			iv= &(exp_iv[0]);

-			}

-		}

-	s->session->key_arg_length=0;

-	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));

-	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));

-	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));

-	EVP_MD_CTX_cleanup(&md);

-	return(1);

-err:

-	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);

-err2:

-	return(0);

-	}

-int ssl3_setup_key_block(SSL *s)

-	{

-	unsigned char *p;

-	const EVP_CIPHER *c;

-	const EVP_MD *hash;

-	int num;

-	int ret = 0;

-	SSL_COMP *comp;

-	if (s->s3->tmp.key_block_length != 0)

-		return(1);

-	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))

-		{

-		SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);

-		return(0);

-		}

-	s->s3->tmp.new_sym_enc=c;

-	s->s3->tmp.new_hash=hash;

-#ifdef OPENSSL_NO_COMP

-	s->s3->tmp.new_compression=NULL;

-#else

-	s->s3->tmp.new_compression=comp;

-#endif

-	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);

-	num*=2;

-	ssl3_cleanup_key_block(s);

-	if ((p=OPENSSL_malloc(num)) == NULL)

-		goto err;

-	s->s3->tmp.key_block_length=num;

-	s->s3->tmp.key_block=p;

-	ret = ssl3_generate_key_block(s,p,num);

-	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))

-		{

-		/* enable vulnerability countermeasure for CBC ciphers with

-		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)

-		 */

-		s->s3->need_empty_fragments = 1;

-		if (s->session->cipher != NULL)

-			{

-			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)

-				s->s3->need_empty_fragments = 0;

-#ifndef OPENSSL_NO_RC4

-			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)

-				s->s3->need_empty_fragments = 0;

-#endif

-			}

-		}

-	return ret;

-err:

-	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

-void ssl3_cleanup_key_block(SSL *s)

-	{

-	if (s->s3->tmp.key_block != NULL)

-		{

-		OPENSSL_cleanse(s->s3->tmp.key_block,

-			s->s3->tmp.key_block_length);

-		OPENSSL_free(s->s3->tmp.key_block);

-		s->s3->tmp.key_block=NULL;

-		}

-	s->s3->tmp.key_block_length=0;

-	}

-int ssl3_enc(SSL *s, int send)

-	{

-	SSL3_RECORD *rec;

-	EVP_CIPHER_CTX *ds;

-	unsigned long l;

-	int bs,i;

-	const EVP_CIPHER *enc;

-	if (send)

-		{

-		ds=s->enc_write_ctx;

-		rec= &(s->s3->wrec);

-		if (s->enc_write_ctx == NULL)

-			enc=NULL;

-		else

-			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

-		}

-	else

-		{

-		ds=s->enc_read_ctx;

-		rec= &(s->s3->rrec);

-		if (s->enc_read_ctx == NULL)

-			enc=NULL;

-		else

-			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

-		}

-	if ((s->session == NULL) || (ds == NULL) ||

-		(enc == NULL))

-		{

-		memmove(rec->data,rec->input,rec->length);

-		rec->input=rec->data;

-		}

-	else

-		{

-		l=rec->length;

-		bs=EVP_CIPHER_block_size(ds->cipher);

-		/* COMPRESS */

-		if ((bs != 1) && send)

-			{

-			i=bs-((int)l%bs);

-			/* we need to add 'i-1' padding bytes */

-			l+=i;

-			rec->length+=i;

-			rec->input[l-1]=(i-1);

-			}

-		if (!send)

-			{

-			if (l == 0 || l%bs != 0)

-				{

-				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);

-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);

-				return 0;

-				}

-			/* otherwise, rec->length >= bs */

-			}

-		EVP_Cipher(ds,rec->data,rec->input,l);

-		if ((bs != 1) && !send)

-			{

-			i=rec->data[l-1]+1;

-			/* SSL 3.0 bounds the number of padding bytes by the block size;

-			 * padding bytes (except the last one) are arbitrary */

-			if (i > bs)

-				{

-				/* Incorrect padding. SSLerr() and ssl3_alert are done

-				 * by caller: we don't want to reveal whether this is

-				 * a decryption error or a MAC verification failure

-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */

-				return -1;

-				}

-			/* now i <= bs <= rec->length */

-			rec->length-=i;

-			}

-		}

-	return(1);

-	}

-void ssl3_init_finished_mac(SSL *s)

-	{

-	EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);

-	EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);

-	}

-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)

-	{

-	EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);

-	EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);

-	}

-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)

-	{

-	return(ssl3_handshake_mac(s,ctx,NULL,0,p));

-	}

-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,

-	     const char *sender, int len, unsigned char *p)

-	{

-	int ret;

-	ret=ssl3_handshake_mac(s,ctx1,sender,len,p);

-	p+=ret;

-	ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);

-	return(ret);

-	}

-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,

-	     const char *sender, int len, unsigned char *p)

-	{

-	unsigned int ret;

-	int npad,n;

-	unsigned int i;

-	unsigned char md_buf[EVP_MAX_MD_SIZE];

-	EVP_MD_CTX ctx;

-	EVP_MD_CTX_init(&ctx);

-	EVP_MD_CTX_copy_ex(&ctx,in_ctx);

-	n=EVP_MD_CTX_size(&ctx);

-	npad=(48/n)*n;

-	if (sender != NULL)

-		EVP_DigestUpdate(&ctx,sender,len);

-	EVP_DigestUpdate(&ctx,s->session->master_key,

-		s->session->master_key_length);

-	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);

-	EVP_DigestFinal_ex(&ctx,md_buf,&i);

-	EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);

-	EVP_DigestUpdate(&ctx,s->session->master_key,

-		s->session->master_key_length);

-	EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);

-	EVP_DigestUpdate(&ctx,md_buf,i);

-	EVP_DigestFinal_ex(&ctx,p,&ret);

-	EVP_MD_CTX_cleanup(&ctx);

-	return((int)ret);

-	}

-int ssl3_mac(SSL *ssl, unsigned char *md, int send)

-	{

-	SSL3_RECORD *rec;

-	unsigned char *mac_sec,*seq;

-	EVP_MD_CTX md_ctx;

-	const EVP_MD *hash;

-	unsigned char *p,rec_char;

-	unsigned int md_size;

-	int npad;

-	if (send)

-		{

-		rec= &(ssl->s3->wrec);

-		mac_sec= &(ssl->s3->write_mac_secret[0]);

-		seq= &(ssl->s3->write_sequence[0]);

-		hash=ssl->write_hash;

-		}

-	else

-		{

-		rec= &(ssl->s3->rrec);

-		mac_sec= &(ssl->s3->read_mac_secret[0]);

-		seq= &(ssl->s3->read_sequence[0]);

-		hash=ssl->read_hash;

-		}

-	md_size=EVP_MD_size(hash);

-	npad=(48/md_size)*md_size;

-	/* Chop the digest off the end :-) */

-	EVP_MD_CTX_init(&md_ctx);

-	EVP_DigestInit_ex(  &md_ctx,hash, NULL);

-	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);

-	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);

-	EVP_DigestUpdate(&md_ctx,seq,8);

-	rec_char=rec->type;

-	EVP_DigestUpdate(&md_ctx,&rec_char,1);

-	p=md;

-	s2n(rec->length,p);

-	EVP_DigestUpdate(&md_ctx,md,2);

-	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);

-	EVP_DigestFinal_ex( &md_ctx,md,NULL);

-	EVP_DigestInit_ex(  &md_ctx,hash, NULL);

-	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);

-	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);

-	EVP_DigestUpdate(&md_ctx,md,md_size);

-	EVP_DigestFinal_ex( &md_ctx,md,&md_size);

-	EVP_MD_CTX_cleanup(&md_ctx);

-	ssl3_record_sequence_update(seq);

-	return(md_size);

-	}

-void ssl3_record_sequence_update(unsigned char *seq)

-	{

-	int i;

-	for (i=7; i>=0; i--)

-		{

-		++seq[i];

-		if (seq[i] != 0) break;

-		}

-	}

-int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,

-	     int len)

-	{

-	static const unsigned char *salt[3]={

-#ifndef CHARSET_EBCDIC

-		(const unsigned char *)"A",

-		(const unsigned char *)"BB",

-		(const unsigned char *)"CCC",

-#else

-		(const unsigned char *)"\x41",

-		(const unsigned char *)"\x42\x42",

-		(const unsigned char *)"\x43\x43\x43",

-#endif

-		};

-	unsigned char buf[EVP_MAX_MD_SIZE];

-	EVP_MD_CTX ctx;

-	int i,ret=0;

-	unsigned int n;

-	EVP_MD_CTX_init(&ctx);

-	for (i=0; i<3; i++)

-		{

-		EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);

-		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));

-		EVP_DigestUpdate(&ctx,p,len);

-		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),

-			SSL3_RANDOM_SIZE);

-		EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),

-			SSL3_RANDOM_SIZE);

-		EVP_DigestFinal_ex(&ctx,buf,&n);

-		EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);

-		EVP_DigestUpdate(&ctx,p,len);

-		EVP_DigestUpdate(&ctx,buf,n);

-		EVP_DigestFinal_ex(&ctx,out,&n);

-		out+=n;

-		ret+=n;

-		}

-	EVP_MD_CTX_cleanup(&ctx);

-	return(ret);

-	}

-int ssl3_alert_code(int code)

-	{

-	switch (code)

-		{

-	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);

-	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);

-	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);

-	case SSL_AD_DECRYPTION_FAILED:	return(SSL3_AD_BAD_RECORD_MAC);

-	case SSL_AD_RECORD_OVERFLOW:	return(SSL3_AD_BAD_RECORD_MAC);

-	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);

-	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_NO_CERTIFICATE:	return(SSL3_AD_NO_CERTIFICATE);

-	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);

-	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);

-	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);

-	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);

-	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);

-	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);

-	case SSL_AD_UNKNOWN_CA:		return(SSL3_AD_BAD_CERTIFICATE);

-	case SSL_AD_ACCESS_DENIED:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_DECODE_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_DECRYPT_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_EXPORT_RESTRICTION:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_PROTOCOL_VERSION:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_USER_CANCELLED:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */

-	default:			return(-1);

-		}

-	}

--- a/sys/src/ape/lib/openssl/ssl/s3_lib.c

+++ /dev/null

@@ -1,2567 +1,0 @@

-/* ssl/s3_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * ECC cipher suite support in OpenSSL originally written by

- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

- *

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-#include "kssl_lcl.h"

-#include <openssl/md5.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/pq_compat.h>

-const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;

-#define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))

-/* list of available SSLv3 ciphers (sorted by id) */

-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={

-/* The RSA ciphers */

-/* Cipher 01 */

-	{

-	1,

-	SSL3_TXT_RSA_NULL_MD5,

-	SSL3_CK_RSA_NULL_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_STRONG_NONE,

-	0,

-	0,

-	0,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 02 */

-	{

-	1,

-	SSL3_TXT_RSA_NULL_SHA,

-	SSL3_CK_RSA_NULL_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_STRONG_NONE,

-	0,

-	0,

-	0,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 03 */

-	{

-	1,

-	SSL3_TXT_RSA_RC4_40_MD5,

-	SSL3_CK_RSA_RC4_40_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 04 */

-	{

-	1,

-	SSL3_TXT_RSA_RC4_128_MD5,

-	SSL3_CK_RSA_RC4_128_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 05 */

-	{

-	1,

-	SSL3_TXT_RSA_RC4_128_SHA,

-	SSL3_CK_RSA_RC4_128_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 06 */

-	{

-	1,

-	SSL3_TXT_RSA_RC2_40_MD5,

-	SSL3_CK_RSA_RC2_40_MD5,

-	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 07 */

-#ifndef OPENSSL_NO_IDEA

-	{

-	1,

-	SSL3_TXT_RSA_IDEA_128_SHA,

-	SSL3_CK_RSA_IDEA_128_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif

-/* Cipher 08 */

-	{

-	1,

-	SSL3_TXT_RSA_DES_40_CBC_SHA,

-	SSL3_CK_RSA_DES_40_CBC_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 09 */

-	{

-	1,

-	SSL3_TXT_RSA_DES_64_CBC_SHA,

-	SSL3_CK_RSA_DES_64_CBC_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 0A */

-	{

-	1,

-	SSL3_TXT_RSA_DES_192_CBC3_SHA,

-	SSL3_CK_RSA_DES_192_CBC3_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* The DH ciphers */

-/* Cipher 0B */

-	{

-	0,

-	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,

-	SSL3_CK_DH_DSS_DES_40_CBC_SHA,

-	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 0C */

-	{

-	0,

-	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,

-	SSL3_CK_DH_DSS_DES_64_CBC_SHA,

-	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 0D */

-	{

-	0,

-	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,

-	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,

-	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 0E */

-	{

-	0,

-	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,

-	SSL3_CK_DH_RSA_DES_40_CBC_SHA,

-	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 0F */

-	{

-	0,

-	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,

-	SSL3_CK_DH_RSA_DES_64_CBC_SHA,

-	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 10 */

-	{

-	0,

-	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,

-	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,

-	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* The Ephemeral DH ciphers */

-/* Cipher 11 */

-	{

-	1,

-	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,

-	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 12 */

-	{

-	1,

-	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,

-	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 13 */

-	{

-	1,

-	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,

-	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 14 */

-	{

-	1,

-	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,

-	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 15 */

-	{

-	1,

-	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,

-	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 16 */

-	{

-	1,

-	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,

-	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 17 */

-	{

-	1,

-	SSL3_TXT_ADH_RC4_40_MD5,

-	SSL3_CK_ADH_RC4_40_MD5,

-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 18 */

-	{

-	1,

-	SSL3_TXT_ADH_RC4_128_MD5,

-	SSL3_CK_ADH_RC4_128_MD5,

-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 19 */

-	{

-	1,

-	SSL3_TXT_ADH_DES_40_CBC_SHA,

-	SSL3_CK_ADH_DES_40_CBC_SHA,

-	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 1A */

-	{

-	1,

-	SSL3_TXT_ADH_DES_64_CBC_SHA,

-	SSL3_CK_ADH_DES_64_CBC_SHA,

-	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 1B */

-	{

-	1,

-	SSL3_TXT_ADH_DES_192_CBC_SHA,

-	SSL3_CK_ADH_DES_192_CBC_SHA,

-	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Fortezza */

-/* Cipher 1C */

-	{

-	0,

-	SSL3_TXT_FZA_DMS_NULL_SHA,

-	SSL3_CK_FZA_DMS_NULL_SHA,

-	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_STRONG_NONE,

-	0,

-	0,

-	0,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 1D */

-	{

-	0,

-	SSL3_TXT_FZA_DMS_FZA_SHA,

-	SSL3_CK_FZA_DMS_FZA_SHA,

-	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_STRONG_NONE,

-	0,

-	0,

-	0,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#if 0

-/* Cipher 1E */

-	{

-	0,

-	SSL3_TXT_FZA_DMS_RC4_SHA,

-	SSL3_CK_FZA_DMS_RC4_SHA,

-	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif

-#ifndef OPENSSL_NO_KRB5

-/* The Kerberos ciphers */

-/* Cipher 1E */

-	{

-	1,

-	SSL3_TXT_KRB5_DES_64_CBC_SHA,

-	SSL3_CK_KRB5_DES_64_CBC_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 1F */

-	{

-	1,

-	SSL3_TXT_KRB5_DES_192_CBC3_SHA,

-	SSL3_CK_KRB5_DES_192_CBC3_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 20 */

-	{

-	1,

-	SSL3_TXT_KRB5_RC4_128_SHA,

-	SSL3_CK_KRB5_RC4_128_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 21 */

-	{

-	1,

-	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,

-	SSL3_CK_KRB5_IDEA_128_CBC_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 22 */

-	{

-	1,

-	SSL3_TXT_KRB5_DES_64_CBC_MD5,

-	SSL3_CK_KRB5_DES_64_CBC_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_LOW,

-	0,

-	56,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 23 */

-	{

-	1,

-	SSL3_TXT_KRB5_DES_192_CBC3_MD5,

-	SSL3_CK_KRB5_DES_192_CBC3_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	168,

-	168,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 24 */

-	{

-	1,

-	SSL3_TXT_KRB5_RC4_128_MD5,

-	SSL3_CK_KRB5_RC4_128_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 25 */

-	{

-	1,

-	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,

-	SSL3_CK_KRB5_IDEA_128_CBC_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 26 */

-	{

-	1,

-	SSL3_TXT_KRB5_DES_40_CBC_SHA,

-	SSL3_CK_KRB5_DES_40_CBC_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 27 */

-	{

-	1,

-	SSL3_TXT_KRB5_RC2_40_CBC_SHA,

-	SSL3_CK_KRB5_RC2_40_CBC_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 28 */

-	{

-	1,

-	SSL3_TXT_KRB5_RC4_40_SHA,

-	SSL3_CK_KRB5_RC4_40_SHA,

-	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 29 */

-	{

-	1,

-	SSL3_TXT_KRB5_DES_40_CBC_MD5,

-	SSL3_CK_KRB5_DES_40_CBC_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	56,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 2A */

-	{

-	1,

-	SSL3_TXT_KRB5_RC2_40_CBC_MD5,

-	SSL3_CK_KRB5_RC2_40_CBC_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 2B */

-	{

-	1,

-	SSL3_TXT_KRB5_RC4_40_MD5,

-	SSL3_CK_KRB5_RC4_40_MD5,

-	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,

-	SSL_EXPORT|SSL_EXP40,

-	0,

-	40,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif	/* OPENSSL_NO_KRB5 */

-/* New AES ciphersuites */

-/* Cipher 2F */

-	{

-	1,

-	TLS1_TXT_RSA_WITH_AES_128_SHA,

-	TLS1_CK_RSA_WITH_AES_128_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 30 */

-	{

-	0,

-	TLS1_TXT_DH_DSS_WITH_AES_128_SHA,

-	TLS1_CK_DH_DSS_WITH_AES_128_SHA,

-	SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 31 */

-	{

-	0,

-	TLS1_TXT_DH_RSA_WITH_AES_128_SHA,

-	TLS1_CK_DH_RSA_WITH_AES_128_SHA,

-	SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 32 */

-	{

-	1,

-	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,

-	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 33 */

-	{

-	1,

-	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,

-	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 34 */

-	{

-	1,

-	TLS1_TXT_ADH_WITH_AES_128_SHA,

-	TLS1_CK_ADH_WITH_AES_128_SHA,

-	SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 35 */

-	{

-	1,

-	TLS1_TXT_RSA_WITH_AES_256_SHA,

-	TLS1_CK_RSA_WITH_AES_256_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 36 */

-	{

-	0,

-	TLS1_TXT_DH_DSS_WITH_AES_256_SHA,

-	TLS1_CK_DH_DSS_WITH_AES_256_SHA,

-	SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 37 */

-	{

-	0,

-	TLS1_TXT_DH_RSA_WITH_AES_256_SHA,

-	TLS1_CK_DH_RSA_WITH_AES_256_SHA,

-	SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 38 */

-	{

-	1,

-	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,

-	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-/* Cipher 39 */

-	{

-	1,

-	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,

-	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-	/* Cipher 3A */

-	{

-	1,

-	TLS1_TXT_ADH_WITH_AES_256_SHA,

-	TLS1_CK_ADH_WITH_AES_256_SHA,

-	SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#ifndef OPENSSL_NO_CAMELLIA

-	/* Camellia ciphersuites from RFC4132 (128-bit portion) */

-	/* Cipher 41 */

-	{

-	1,

-	TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,

-	TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 42 */

-	{

-	0, /* not implemented (non-ephemeral DH) */

-	TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,

-	TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,

-	SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 43 */

-	{

-	0, /* not implemented (non-ephemeral DH) */

-	TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,

-	TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,

-	SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 44 */

-	{

-	1,

-	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,

-	TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 45 */

-	{

-	1,

-	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,

-	TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 46 */

-	{

-	1,

-	TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,

-	TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,

-	SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-#endif /* OPENSSL_NO_CAMELLIA */

-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES

-	/* New TLS Export CipherSuites from expired ID */

-#if 0

-	/* Cipher 60 */

-	    {

-	    1,

-	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,

-	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,

-	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,

-	    SSL_EXPORT|SSL_EXP56,

-	    0,

-	    56,

-	    128,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher 61 */

-	    {

-	    1,

-	    TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,

-	    TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,

-	    SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,

-	    SSL_EXPORT|SSL_EXP56,

-	    0,

-	    56,

-	    128,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS,

-	    },

-#endif

-	/* Cipher 62 */

-	    {

-	    1,

-	    TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,

-	    TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,

-	    SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,

-	    SSL_EXPORT|SSL_EXP56,

-	    0,

-	    56,

-	    56,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher 63 */

-	    {

-	    1,

-	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,

-	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,

-	    SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,

-	    SSL_EXPORT|SSL_EXP56,

-	    0,

-	    56,

-	    56,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher 64 */

-	    {

-	    1,

-	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,

-	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,

-	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

-	    SSL_EXPORT|SSL_EXP56,

-	    0,

-	    56,

-	    128,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher 65 */

-	    {

-	    1,

-	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,

-	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,

-	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,

-	    SSL_EXPORT|SSL_EXP56,

-	    0,

-	    56,

-	    128,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher 66 */

-	    {

-	    1,

-	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,

-	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,

-	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,

-	    SSL_NOT_EXP|SSL_MEDIUM,

-	    0,

-	    128,

-	    128,

-	    SSL_ALL_CIPHERS,

-	    SSL_ALL_STRENGTHS

-	    },

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	/* Camellia ciphersuites from RFC4132 (256-bit portion) */

-	/* Cipher 84 */

-	{

-	1,

-	TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,

-	TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 85 */

-	{

-	0, /* not implemented (non-ephemeral DH) */

-	TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,

-	TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,

-	SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 86 */

-	{

-	0, /* not implemented (non-ephemeral DH) */

-	TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,

-	TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,

-	SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 87 */

-	{

-	1,

-	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,

-	TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 88 */

-	{

-	1,

-	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,

-	TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-	/* Cipher 89 */

-	{

-	1,

-	TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,

-	TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,

-	SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_HIGH,

-	0,

-	256,

-	256,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS

-	},

-#endif /* OPENSSL_NO_CAMELLIA */

-#ifndef OPENSSL_NO_SEED

-	/* SEED ciphersuites from RFC4162 */

-	/* Cipher 96 */

-	{

-	1,

-	TLS1_TXT_RSA_WITH_SEED_SHA,

-	TLS1_CK_RSA_WITH_SEED_SHA,

-	SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-	/* Cipher 97 */

-	{

-	0, /* not implemented (non-ephemeral DH) */

-	TLS1_TXT_DH_DSS_WITH_SEED_SHA,

-	TLS1_CK_DH_DSS_WITH_SEED_SHA,

-	SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-	/* Cipher 98 */

-	{

-	0, /* not implemented (non-ephemeral DH) */

-	TLS1_TXT_DH_RSA_WITH_SEED_SHA,

-	TLS1_CK_DH_RSA_WITH_SEED_SHA,

-	SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-	/* Cipher 99 */

-	{

-	1,

-	TLS1_TXT_DHE_DSS_WITH_SEED_SHA,

-	TLS1_CK_DHE_DSS_WITH_SEED_SHA,

-	SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-	/* Cipher 9A */

-	{

-	1,

-	TLS1_TXT_DHE_RSA_WITH_SEED_SHA,

-	TLS1_CK_DHE_RSA_WITH_SEED_SHA,

-	SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-	/* Cipher 9B */

-	{

-	1,

-	TLS1_TXT_ADH_WITH_SEED_SHA,

-	TLS1_CK_ADH_WITH_SEED_SHA,

-	SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,

-	SSL_NOT_EXP|SSL_MEDIUM,

-	0,

-	128,

-	128,

-	SSL_ALL_CIPHERS,

-	SSL_ALL_STRENGTHS,

-	},

-#endif /* OPENSSL_NO_SEED */

-#ifndef OPENSSL_NO_ECDH

-	/* Cipher C001 */

-	    {

-            1,

-            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,

-            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,

-            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            0,

-            0,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C002 */

-	    {

-            1,

-            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,

-            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,

-            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C003 */

-	    {

-            1,

-            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,

-            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,

-            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            168,

-            168,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C004 */

-	    {

-            1,

-            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,

-            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,

-            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C005 */

-	    {

-            1,

-            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,

-            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,

-            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            256,

-            256,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C006 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,

-            TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,

-            SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            0,

-            0,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C007 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,

-            TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,

-            SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C008 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

-            TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

-            SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            168,

-            168,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C009 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

-            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

-            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C00A */

-	    {

-            1,

-            TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

-            TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

-            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            256,

-            256,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C00B */

-	    {

-            1,

-            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,

-            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,

-            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            0,

-            0,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C00C */

-	    {

-            1,

-            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,

-            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,

-            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C00D */

-	    {

-            1,

-            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,

-            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,

-            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            168,

-            168,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C00E */

-	    {

-            1,

-            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,

-            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,

-            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C00F */

-	    {

-            1,

-            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,

-            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,

-            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            256,

-            256,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C010 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,

-            TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,

-            SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            0,

-            0,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C011 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,

-            TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,

-            SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C012 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

-            TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

-            SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            168,

-            168,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C013 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,

-            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,

-            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C014 */

-	    {

-            1,

-            TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,

-            TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,

-            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            256,

-            256,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C015 */

-            {

-            1,

-            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,

-            TLS1_CK_ECDH_anon_WITH_NULL_SHA,

-            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            0,

-            0,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher C016 */

-            {

-            1,

-            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,

-            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,

-            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-	    },

-	/* Cipher C017 */

-	    {

-            1,

-            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,

-            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,

-            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            168,

-            168,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C018 */

-	    {

-            1,

-            TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,

-            TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,

-            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            128,

-            128,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-	/* Cipher C019 */

-	    {

-            1,

-            TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,

-            TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,

-            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

-            SSL_NOT_EXP|SSL_HIGH,

-            0,

-            256,

-            256,

-            SSL_ALL_CIPHERS,

-            SSL_ALL_STRENGTHS,

-            },

-#endif	/* OPENSSL_NO_ECDH */

-/* end of list */

-	};

-SSL3_ENC_METHOD SSLv3_enc_data={

-	ssl3_enc,

-	ssl3_mac,

-	ssl3_setup_key_block,

-	ssl3_generate_master_secret,

-	ssl3_change_cipher_state,

-	ssl3_final_finish_mac,

-	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,

-	ssl3_cert_verify_mac,

-	SSL3_MD_CLIENT_FINISHED_CONST,4,

-	SSL3_MD_SERVER_FINISHED_CONST,4,

-	ssl3_alert_code,

-	};

-long ssl3_default_timeout(void)

-	{

-	/* 2 hours, the 24 hours mentioned in the SSLv3 spec

-	 * is way too long for http, the cache would over fill */

-	return(60*60*2);

-	}

-IMPLEMENT_ssl3_meth_func(sslv3_base_method,

-			ssl_undefined_function,

-			ssl_undefined_function,

-			ssl_bad_method)

-int ssl3_num_ciphers(void)

-	{

-	return(SSL3_NUM_CIPHERS);

-	}

-SSL_CIPHER *ssl3_get_cipher(unsigned int u)

-	{

-	if (u < SSL3_NUM_CIPHERS)

-		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));

-	else

-		return(NULL);

-	}

-int ssl3_pending(const SSL *s)

-	{

-	if (s->rstate == SSL_ST_READ_BODY)

-		return 0;

-	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;

-	}

-int ssl3_new(SSL *s)

-	{

-	SSL3_STATE *s3;

-	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;

-	memset(s3,0,sizeof *s3);

-	EVP_MD_CTX_init(&s3->finish_dgst1);

-	EVP_MD_CTX_init(&s3->finish_dgst2);

-	pq_64bit_init(&(s3->rrec.seq_num));

-	pq_64bit_init(&(s3->wrec.seq_num));

-	s->s3=s3;

-	s->method->ssl_clear(s);

-	return(1);

-err:

-	return(0);

-	}

-void ssl3_free(SSL *s)

-	{

-	if(s == NULL)

-	    return;

-	ssl3_cleanup_key_block(s);

-	if (s->s3->rbuf.buf != NULL)

-		OPENSSL_free(s->s3->rbuf.buf);

-	if (s->s3->wbuf.buf != NULL)

-		OPENSSL_free(s->s3->wbuf.buf);

-	if (s->s3->rrec.comp != NULL)

-		OPENSSL_free(s->s3->rrec.comp);

-#ifndef OPENSSL_NO_DH

-	if (s->s3->tmp.dh != NULL)

-		DH_free(s->s3->tmp.dh);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (s->s3->tmp.ecdh != NULL)

-		EC_KEY_free(s->s3->tmp.ecdh);

-#endif

-	if (s->s3->tmp.ca_names != NULL)

-		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);

-	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);

-	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);

-	pq_64bit_free(&(s->s3->rrec.seq_num));

-	pq_64bit_free(&(s->s3->wrec.seq_num));

-	OPENSSL_cleanse(s->s3,sizeof *s->s3);

-	OPENSSL_free(s->s3);

-	s->s3=NULL;

-	}

-void ssl3_clear(SSL *s)

-	{

-	unsigned char *rp,*wp;

-	size_t rlen, wlen;

-	ssl3_cleanup_key_block(s);

-	if (s->s3->tmp.ca_names != NULL)

-		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);

-	if (s->s3->rrec.comp != NULL)

-		{

-		OPENSSL_free(s->s3->rrec.comp);

-		s->s3->rrec.comp=NULL;

-		}

-#ifndef OPENSSL_NO_DH

-	if (s->s3->tmp.dh != NULL)

-		DH_free(s->s3->tmp.dh);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (s->s3->tmp.ecdh != NULL)

-		EC_KEY_free(s->s3->tmp.ecdh);

-#endif

-	rp = s->s3->rbuf.buf;

-	wp = s->s3->wbuf.buf;

-	rlen = s->s3->rbuf.len;

- 	wlen = s->s3->wbuf.len;

-	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);

-	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);

-	memset(s->s3,0,sizeof *s->s3);

-	s->s3->rbuf.buf = rp;

-	s->s3->wbuf.buf = wp;

-	s->s3->rbuf.len = rlen;

- 	s->s3->wbuf.len = wlen;

-	ssl_free_wbio_buffer(s);

-	s->packet_length=0;

-	s->s3->renegotiate=0;

-	s->s3->total_renegotiations=0;

-	s->s3->num_renegotiations=0;

-	s->s3->in_read_app_data=0;

-	s->version=SSL3_VERSION;

-	}

-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)

-	{

-	int ret=0;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)

-	if (

-#ifndef OPENSSL_NO_RSA

-	    cmd == SSL_CTRL_SET_TMP_RSA ||

-	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||

-#endif

-#ifndef OPENSSL_NO_DSA

-	    cmd == SSL_CTRL_SET_TMP_DH ||

-	    cmd == SSL_CTRL_SET_TMP_DH_CB ||

-#endif

-		0)

-		{

-		if (!ssl_cert_inst(&s->cert))

-		    	{

-			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		}

-#endif

-	switch (cmd)

-		{

-	case SSL_CTRL_GET_SESSION_REUSED:

-		ret=s->hit;

-		break;

-	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:

-		break;

-	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:

-		ret=s->s3->num_renegotiations;

-		break;

-	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:

-		ret=s->s3->num_renegotiations;

-		s->s3->num_renegotiations=0;

-		break;

-	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:

-		ret=s->s3->total_renegotiations;

-		break;

-	case SSL_CTRL_GET_FLAGS:

-		ret=(int)(s->s3->flags);

-		break;

-#ifndef OPENSSL_NO_RSA

-	case SSL_CTRL_NEED_TMP_RSA:

-		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&

-		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||

-		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))

-			ret = 1;

-		break;

-	case SSL_CTRL_SET_TMP_RSA:

-		{

-			RSA *rsa = (RSA *)parg;

-			if (rsa == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);

-				return(ret);

-				}

-			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);

-				return(ret);

-				}

-			if (s->cert->rsa_tmp != NULL)

-				RSA_free(s->cert->rsa_tmp);

-			s->cert->rsa_tmp = rsa;

-			ret = 1;

-		}

-		break;

-	case SSL_CTRL_SET_TMP_RSA_CB:

-		{

-		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return(ret);

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_DH

-	case SSL_CTRL_SET_TMP_DH:

-		{

-			DH *dh = (DH *)parg;

-			if (dh == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);

-				return(ret);

-				}

-			if ((dh = DHparams_dup(dh)) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);

-				return(ret);

-				}

-			if (!(s->options & SSL_OP_SINGLE_DH_USE))

-				{

-				if (!DH_generate_key(dh))

-					{

-					DH_free(dh);

-					SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);

-					return(ret);

-					}

-				}

-			if (s->cert->dh_tmp != NULL)

-				DH_free(s->cert->dh_tmp);

-			s->cert->dh_tmp = dh;

-			ret = 1;

-		}

-		break;

-	case SSL_CTRL_SET_TMP_DH_CB:

-		{

-		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return(ret);

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	case SSL_CTRL_SET_TMP_ECDH:

-		{

-		EC_KEY *ecdh = NULL;

-		if (parg == NULL)

-			{

-			SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);

-			return(ret);

-			}

-		if (!EC_KEY_up_ref((EC_KEY *)parg))

-			{

-			SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);

-			return(ret);

-			}

-		ecdh = (EC_KEY *)parg;

-		if (!(s->options & SSL_OP_SINGLE_ECDH_USE))

-			{

-			if (!EC_KEY_generate_key(ecdh))

-				{

-				EC_KEY_free(ecdh);

-				SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);

-				return(ret);

-				}

-			}

-		if (s->cert->ecdh_tmp != NULL)

-			EC_KEY_free(s->cert->ecdh_tmp);

-		s->cert->ecdh_tmp = ecdh;

-		ret = 1;

-		}

-		break;

-	case SSL_CTRL_SET_TMP_ECDH_CB:

-		{

-		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return(ret);

-		}

-		break;

-#endif /* !OPENSSL_NO_ECDH */

-#ifndef OPENSSL_NO_TLSEXT

-	case SSL_CTRL_SET_TLSEXT_HOSTNAME:

- 		if (larg == TLSEXT_NAMETYPE_host_name)

-			{

-			if (s->tlsext_hostname != NULL)

-				OPENSSL_free(s->tlsext_hostname);

-			s->tlsext_hostname = NULL;

-			ret = 1;

-			if (parg == NULL)

-				break;

-			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)

-				{

-				SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);

-				return 0;

-				}

-			if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);

-				return 0;

-				}

-			}

-		else

-			{

-			SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);

-			return 0;

-			}

- 		break;

-	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:

-		s->tlsext_debug_arg=parg;

-		ret = 1;

-		break;

-#endif /* !OPENSSL_NO_TLSEXT */

-	default:

-		break;

-		}

-	return(ret);

-	}

-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))

-	{

-	int ret=0;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)

-	if (

-#ifndef OPENSSL_NO_RSA

-	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||

-#endif

-#ifndef OPENSSL_NO_DSA

-	    cmd == SSL_CTRL_SET_TMP_DH_CB ||

-#endif

-		0)

-		{

-		if (!ssl_cert_inst(&s->cert))

-			{

-			SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		}

-#endif

-	switch (cmd)

-		{

-#ifndef OPENSSL_NO_RSA

-	case SSL_CTRL_SET_TMP_RSA_CB:

-		{

-		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_DH

-	case SSL_CTRL_SET_TMP_DH_CB:

-		{

-		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	case SSL_CTRL_SET_TMP_ECDH_CB:

-		{

-		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:

-		s->tlsext_debug_cb=(void (*)(SSL *,int ,int,

-					unsigned char *, int, void *))fp;

-		break;

-#endif

-	default:

-		break;

-		}

-	return(ret);

-	}

-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)

-	{

-	CERT *cert;

-	cert=ctx->cert;

-	switch (cmd)

-		{

-#ifndef OPENSSL_NO_RSA

-	case SSL_CTRL_NEED_TMP_RSA:

-		if (	(cert->rsa_tmp == NULL) &&

-			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||

-			 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))

-			)

-			return(1);

-		else

-			return(0);

-		/* break; */

-	case SSL_CTRL_SET_TMP_RSA:

-		{

-		RSA *rsa;

-		int i;

-		rsa=(RSA *)parg;

-		i=1;

-		if (rsa == NULL)

-			i=0;

-		else

-			{

-			if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)

-				i=0;

-			}

-		if (!i)

-			{

-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);

-			return(0);

-			}

-		else

-			{

-			if (cert->rsa_tmp != NULL)

-				RSA_free(cert->rsa_tmp);

-			cert->rsa_tmp=rsa;

-			return(1);

-			}

-		}

-		/* break; */

-	case SSL_CTRL_SET_TMP_RSA_CB:

-		{

-		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return(0);

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_DH

-	case SSL_CTRL_SET_TMP_DH:

-		{

-		DH *new=NULL,*dh;

-		dh=(DH *)parg;

-		if ((new=DHparams_dup(dh)) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);

-			return 0;

-			}

-		if (!(ctx->options & SSL_OP_SINGLE_DH_USE))

-			{

-			if (!DH_generate_key(new))

-				{

-				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);

-				DH_free(new);

-				return 0;

-				}

-			}

-		if (cert->dh_tmp != NULL)

-			DH_free(cert->dh_tmp);

-		cert->dh_tmp=new;

-		return 1;

-		}

-		/*break; */

-	case SSL_CTRL_SET_TMP_DH_CB:

-		{

-		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return(0);

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	case SSL_CTRL_SET_TMP_ECDH:

-		{

-		EC_KEY *ecdh = NULL;

-		if (parg == NULL)

-			{

-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);

-			return 0;

-			}

-		ecdh = EC_KEY_dup((EC_KEY *)parg);

-		if (ecdh == NULL)

-			{

-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);

-			return 0;

-			}

-		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))

-			{

-			if (!EC_KEY_generate_key(ecdh))

-				{

-				EC_KEY_free(ecdh);

-				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);

-				return 0;

-				}

-			}

-		if (cert->ecdh_tmp != NULL)

-			{

-			EC_KEY_free(cert->ecdh_tmp);

-			}

-		cert->ecdh_tmp = ecdh;

-		return 1;

-		}

-		/* break; */

-	case SSL_CTRL_SET_TMP_ECDH_CB:

-		{

-		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-		return(0);

-		}

-		break;

-#endif /* !OPENSSL_NO_ECDH */

-#ifndef OPENSSL_NO_TLSEXT

-	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:

-		ctx->tlsext_servername_arg=parg;

-		break;

-	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:

-	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:

-		{

-		unsigned char *keys = parg;

-		if (!keys)

-			return 48;

-		if (larg != 48)

-			{

-			SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);

-			return 0;

-			}

-		if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)

-			{

-			memcpy(ctx->tlsext_tick_key_name, keys, 16);

-			memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);

-			memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);

-			}

-		else

-			{

-			memcpy(keys, ctx->tlsext_tick_key_name, 16);

-			memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);

-			memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);

-			}

-		return 1;

-		}

-#endif /* !OPENSSL_NO_TLSEXT */

-	/* A Thawte special :-) */

-	case SSL_CTRL_EXTRA_CHAIN_CERT:

-		if (ctx->extra_certs == NULL)

-			{

-			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)

-				return(0);

-			}

-		sk_X509_push(ctx->extra_certs,(X509 *)parg);

-		break;

-	default:

-		return(0);

-		}

-	return(1);

-	}

-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))

-	{

-	CERT *cert;

-	cert=ctx->cert;

-	switch (cmd)

-		{

-#ifndef OPENSSL_NO_RSA

-	case SSL_CTRL_SET_TMP_RSA_CB:

-		{

-		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_DH

-	case SSL_CTRL_SET_TMP_DH_CB:

-		{

-		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	case SSL_CTRL_SET_TMP_ECDH_CB:

-		{

-		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;

-		}

-		break;

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:

-		ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;

-		break;

-#endif

-	default:

-		return(0);

-		}

-	return(1);

-	}

-/* This function needs to check if the ciphers required are actually

- * available */

-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)

-	{

-	SSL_CIPHER c,*cp;

-	unsigned long id;

-	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];

-	c.id=id;

-	cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,

-		(char *)ssl3_ciphers,

-		SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),

-		FP_ICC ssl_cipher_id_cmp);

-	if (cp == NULL || cp->valid == 0)

-		return NULL;

-	else

-		return cp;

-	}

-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)

-	{

-	long l;

-	if (p != NULL)

-		{

-		l=c->id;

-		if ((l & 0xff000000) != 0x03000000) return(0);

-		p[0]=((unsigned char)(l>> 8L))&0xFF;

-		p[1]=((unsigned char)(l     ))&0xFF;

-		}

-	return(2);

-	}

-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

-	     STACK_OF(SSL_CIPHER) *srvr)

-	{

-	SSL_CIPHER *c,*ret=NULL;

-	STACK_OF(SSL_CIPHER) *prio, *allow;

-	int i,j,ok;

-	CERT *cert;

-	unsigned long alg,mask,emask;

-	/* Let's see which ciphers we can support */

-	cert=s->cert;

-#if 0

-	/* Do not set the compare functions, because this may lead to a

-	 * reordering by "id". We want to keep the original ordering.

-	 * We may pay a price in performance during sk_SSL_CIPHER_find(),

-	 * but would have to pay with the price of sk_SSL_CIPHER_dup().

-	 */

-	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);

-	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);

-#endif

-#ifdef CIPHER_DEBUG

-        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);

-        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)

-	    {

-	    c=sk_SSL_CIPHER_value(srvr,i);

-	    printf("%p:%s\n",c,c->name);

-	    }

-        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);

-        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)

-	    {

-	    c=sk_SSL_CIPHER_value(clnt,i);

-	    printf("%p:%s\n",c,c->name);

-	    }

-#endif

-	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)

-	    {

-	    prio = srvr;

-	    allow = clnt;

-	    }

-	else

-	    {

-	    prio = clnt;

-	    allow = srvr;

-	    }

-	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)

-		{

-		c=sk_SSL_CIPHER_value(prio,i);

-		ssl_set_cert_masks(cert,c);

-		mask=cert->mask;

-		emask=cert->export_mask;

-#ifdef KSSL_DEBUG

-		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);

-#endif    /* KSSL_DEBUG */

-		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);

-#ifndef OPENSSL_NO_KRB5

-                if (alg & SSL_KRB5)

-                        {

-                        if ( !kssl_keytab_is_available(s->kssl_ctx) )

-                            continue;

-                        }

-#endif /* OPENSSL_NO_KRB5 */

-		if (SSL_C_IS_EXPORT(c))

-			{

-			ok=((alg & emask) == alg)?1:0;

-#ifdef CIPHER_DEBUG

-			printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,

-			       c,c->name);

-#endif

-			}

-		else

-			{

-			ok=((alg & mask) == alg)?1:0;

-#ifdef CIPHER_DEBUG

-			printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,

-			       c->name);

-#endif

-			}

-		if (!ok) continue;

-		j=sk_SSL_CIPHER_find(allow,c);

-		if (j >= 0)

-			{

-			ret=sk_SSL_CIPHER_value(allow,j);

-			break;

-			}

-		}

-	return(ret);

-	}

-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)

-	{

-	int ret=0;

-	unsigned long alg;

-	alg=s->s3->tmp.new_cipher->algorithms;

-#ifndef OPENSSL_NO_DH

-	if (alg & (SSL_kDHr|SSL_kEDH))

-		{

-#  ifndef OPENSSL_NO_RSA

-		p[ret++]=SSL3_CT_RSA_FIXED_DH;

-#  endif

-#  ifndef OPENSSL_NO_DSA

-		p[ret++]=SSL3_CT_DSS_FIXED_DH;

-#  endif

-		}

-	if ((s->version == SSL3_VERSION) &&

-		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))

-		{

-#  ifndef OPENSSL_NO_RSA

-		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;

-#  endif

-#  ifndef OPENSSL_NO_DSA

-		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;

-#  endif

-		}

-#endif /* !OPENSSL_NO_DH */

-#ifndef OPENSSL_NO_RSA

-	p[ret++]=SSL3_CT_RSA_SIGN;

-#endif

-#ifndef OPENSSL_NO_DSA

-	p[ret++]=SSL3_CT_DSS_SIGN;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	/* We should ask for fixed ECDH certificates only

-	 * for SSL_kECDH (and not SSL_kECDHE)

-	 */

-	if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))

-		{

-		p[ret++]=TLS_CT_RSA_FIXED_ECDH;

-		p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;

-		}

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	/* ECDSA certs can be used with RSA cipher suites as well

-	 * so we don't need to check for SSL_kECDH or SSL_kECDHE

-	 */

-	if (s->version >= TLS1_VERSION)

-		{

-		p[ret++]=TLS_CT_ECDSA_SIGN;

-		}

-#endif

-	return(ret);

-	}

-int ssl3_shutdown(SSL *s)

-	{

-	/* Don't do anything much if we have not done the handshake or

-	 * we don't want to send messages :-) */

-	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))

-		{

-		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);

-		return(1);

-		}

-	if (!(s->shutdown & SSL_SENT_SHUTDOWN))

-		{

-		s->shutdown|=SSL_SENT_SHUTDOWN;

-#if 1

-		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);

-#endif

-		/* our shutdown alert has been sent now, and if it still needs

-	 	 * to be written, s->s3->alert_dispatch will be true */

-		}

-	else if (s->s3->alert_dispatch)

-		{

-		/* resend it if not sent */

-#if 1

-		s->method->ssl_dispatch_alert(s);

-#endif

-		}

-	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))

-		{

-		/* If we are waiting for a close from our peer, we are closed */

-		s->method->ssl_read_bytes(s,0,NULL,0,0);

-		}

-	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&

-		!s->s3->alert_dispatch)

-		return(1);

-	else

-		return(0);

-	}

-int ssl3_write(SSL *s, const void *buf, int len)

-	{

-	int ret,n;

-#if 0

-	if (s->shutdown & SSL_SEND_SHUTDOWN)

-		{

-		s->rwstate=SSL_NOTHING;

-		return(0);

-		}

-#endif

-	clear_sys_error();

-	if (s->s3->renegotiate) ssl3_renegotiate_check(s);

-	/* This is an experimental flag that sends the

-	 * last handshake message in the same packet as the first

-	 * use data - used to see if it helps the TCP protocol during

-	 * session-id reuse */

-	/* The second test is because the buffer may have been removed */

-	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))

-		{

-		/* First time through, we write into the buffer */

-		if (s->s3->delay_buf_pop_ret == 0)

-			{

-			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,

-					     buf,len);

-			if (ret <= 0) return(ret);

-			s->s3->delay_buf_pop_ret=ret;

-			}

-		s->rwstate=SSL_WRITING;

-		n=BIO_flush(s->wbio);

-		if (n <= 0) return(n);

-		s->rwstate=SSL_NOTHING;

-		/* We have flushed the buffer, so remove it */

-		ssl_free_wbio_buffer(s);

-		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;

-		ret=s->s3->delay_buf_pop_ret;

-		s->s3->delay_buf_pop_ret=0;

-		}

-	else

-		{

-		ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,

-			buf,len);

-		if (ret <= 0) return(ret);

-		}

-	return(ret);

-	}

-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)

-	{

-	int ret;

-	clear_sys_error();

-	if (s->s3->renegotiate) ssl3_renegotiate_check(s);

-	s->s3->in_read_app_data=1;

-	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);

-	if ((ret == -1) && (s->s3->in_read_app_data == 2))

-		{

-		/* ssl3_read_bytes decided to call s->handshake_func, which

-		 * called ssl3_read_bytes to read handshake data.

-		 * However, ssl3_read_bytes actually found application data

-		 * and thinks that application data makes sense here; so disable

-		 * handshake processing and try to read application data again. */

-		s->in_handshake++;

-		ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);

-		s->in_handshake--;

-		}

-	else

-		s->s3->in_read_app_data=0;

-	return(ret);

-	}

-int ssl3_read(SSL *s, void *buf, int len)

-	{

-	return ssl3_read_internal(s, buf, len, 0);

-	}

-int ssl3_peek(SSL *s, void *buf, int len)

-	{

-	return ssl3_read_internal(s, buf, len, 1);

-	}

-int ssl3_renegotiate(SSL *s)

-	{

-	if (s->handshake_func == NULL)

-		return(1);

-	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)

-		return(0);

-	s->s3->renegotiate=1;

-	return(1);

-	}

-int ssl3_renegotiate_check(SSL *s)

-	{

-	int ret=0;

-	if (s->s3->renegotiate)

-		{

-		if (	(s->s3->rbuf.left == 0) &&

-			(s->s3->wbuf.left == 0) &&

-			!SSL_in_init(s))

-			{

-/*

-if we are the server, and we have sent a 'RENEGOTIATE' message, we

-need to go to SSL_ST_ACCEPT.

-*/

-			/* SSL_ST_ACCEPT */

-			s->state=SSL_ST_RENEGOTIATE;

-			s->s3->renegotiate=0;

-			s->s3->num_renegotiations++;

-			s->s3->total_renegotiations++;

-			ret=1;

-			}

-		}

-	return(ret);

-	}

--- a/sys/src/ape/lib/openssl/ssl/s3_meth.c

+++ /dev/null

@@ -1,77 +1,0 @@

-/* ssl/s3_meth.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-static SSL_METHOD *ssl3_get_method(int ver);

-static SSL_METHOD *ssl3_get_method(int ver)

-	{

-	if (ver == SSL3_VERSION)

-		return(SSLv3_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl3_meth_func(SSLv3_method,

-			ssl3_accept,

-			ssl3_connect,

-			ssl3_get_method)

--- a/sys/src/ape/lib/openssl/ssl/s3_pkt.c

+++ /dev/null

@@ -1,1311 +1,0 @@

-/* ssl/s3_pkt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include <errno.h>

-#define USE_SOCKETS

-#include "ssl_locl.h"

-#include <openssl/evp.h>

-#include <openssl/buffer.h>

-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,

-			 unsigned int len, int create_empty_fragment);

-static int ssl3_get_record(SSL *s);

-int ssl3_read_n(SSL *s, int n, int max, int extend)

-	{

-	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase

-	 * packet by another n bytes.

-	 * The packet will be in the sub-array of s->s3->rbuf.buf specified

-	 * by s->packet and s->packet_length.

-	 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf

-	 * [plus s->packet_length bytes if extend == 1].)

-	 */

-	int i,off,newb;

-	if (!extend)

-		{

-		/* start with empty packet ... */

-		if (s->s3->rbuf.left == 0)

-			s->s3->rbuf.offset = 0;

-		s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;

-		s->packet_length = 0;

-		/* ... now we can act as if 'extend' was set */

-		}

-	/* extend reads should not span multiple packets for DTLS */

-	if ( SSL_version(s) == DTLS1_VERSION &&

-		extend)

-		{

-		if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)

-			n = s->s3->rbuf.left;

-		}

-	/* if there is enough in the buffer from a previous read, take some */

-	if (s->s3->rbuf.left >= (int)n)

-		{

-		s->packet_length+=n;

-		s->s3->rbuf.left-=n;

-		s->s3->rbuf.offset+=n;

-		return(n);

-		}

-	/* else we need to read more data */

-	if (!s->read_ahead)

-		max=n;

-	{

-		/* avoid buffer overflow */

-		int max_max = s->s3->rbuf.len - s->packet_length;

-		if (max > max_max)

-			max = max_max;

-	}

-	if (n > max) /* does not happen */

-		{

-		SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	off = s->packet_length;

-	newb = s->s3->rbuf.left;

-	/* Move any available bytes to front of buffer:

-	 * 'off' bytes already pointed to by 'packet',

-	 * 'newb' extra ones at the end */

-	if (s->packet != s->s3->rbuf.buf)

-		{

-		/*  off > 0 */

-		memmove(s->s3->rbuf.buf, s->packet, off+newb);

-		s->packet = s->s3->rbuf.buf;

-		}

-	while (newb < n)

-		{

-		/* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need

-		 * to read in more until we have off+n (up to off+max if possible) */

-		clear_sys_error();

-		if (s->rbio != NULL)

-			{

-			s->rwstate=SSL_READING;

-			i=BIO_read(s->rbio,	&(s->s3->rbuf.buf[off+newb]), max-newb);

-			}

-		else

-			{

-			SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);

-			i = -1;

-			}

-		if (i <= 0)

-			{

-			s->s3->rbuf.left = newb;

-			return(i);

-			}

-		newb+=i;

-		}

-	/* done reading, now the book-keeping */

-	s->s3->rbuf.offset = off + n;

-	s->s3->rbuf.left = newb - n;

-	s->packet_length += n;

-	s->rwstate=SSL_NOTHING;

-	return(n);

-	}

-/* Call this to get a new input record.

- * It will return <= 0 if more data is needed, normally due to an error

- * or non-blocking IO.

- * When it finishes, one packet has been decoded and can be found in

- * ssl->s3->rrec.type    - is the type of record

- * ssl->s3->rrec.data, 	 - data

- * ssl->s3->rrec.length, - number of bytes

- */

-/* used only by ssl3_read_bytes */

-static int ssl3_get_record(SSL *s)

-	{

-	int ssl_major,ssl_minor,al;

-	int enc_err,n,i,ret= -1;

-	SSL3_RECORD *rr;

-	SSL_SESSION *sess;

-	unsigned char *p;

-	unsigned char md[EVP_MAX_MD_SIZE];

-	short version;

-	unsigned int mac_size;

-	int clear=0;

-	size_t extra;

-	int decryption_failed_or_bad_record_mac = 0;

-	unsigned char *mac = NULL;

-	rr= &(s->s3->rrec);

-	sess=s->session;

-	if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)

-		extra=SSL3_RT_MAX_EXTRA;

-	else

-		extra=0;

-	if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)

-		{

-		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER

-		 * set after ssl3_setup_buffers() was done */

-		SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-again:

-	/* check if we have the header */

-	if (	(s->rstate != SSL_ST_READ_BODY) ||

-		(s->packet_length < SSL3_RT_HEADER_LENGTH))

-		{

-		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);

-		if (n <= 0) return(n); /* error or non-blocking */

-		s->rstate=SSL_ST_READ_BODY;

-		p=s->packet;

-		/* Pull apart the header into the SSL3_RECORD */

-		rr->type= *(p++);

-		ssl_major= *(p++);

-		ssl_minor= *(p++);

-		version=(ssl_major<<8)|ssl_minor;

-		n2s(p,rr->length);

-		/* Lets check version */

-		if (!s->first_packet)

-			{

-			if (version != s->version)

-				{

-				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

-				/* Send back error using their

-				 * version number :-) */

-				s->version=version;

-				al=SSL_AD_PROTOCOL_VERSION;

-				goto f_err;

-				}

-			}

-		if ((version>>8) != SSL3_VERSION_MAJOR)

-			{

-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

-			goto err;

-			}

-		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)

-			{

-			al=SSL_AD_RECORD_OVERFLOW;

-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);

-			goto f_err;

-			}

-		/* now s->rstate == SSL_ST_READ_BODY */

-		}

-	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */

-	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)

-		{

-		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */

-		i=rr->length;

-		n=ssl3_read_n(s,i,i,1);

-		if (n <= 0) return(n); /* error or non-blocking io */

-		/* now n == rr->length,

-		 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */

-		}

-	s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */

-	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,

-	 * and we have that many bytes in s->packet

-	 */

-	rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);

-	/* ok, we can now read from 's->packet' data into 'rr'

-	 * rr->input points at rr->length bytes, which

-	 * need to be copied into rr->data by either

-	 * the decryption or by the decompression

-	 * When the data is 'copied' into the rr->data buffer,

-	 * rr->input will be pointed at the new buffer */

-	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]

-	 * rr->length bytes of encrypted compressed stuff. */

-	/* check is not needed I believe */

-	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)

-		{

-		al=SSL_AD_RECORD_OVERFLOW;

-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

-		goto f_err;

-		}

-	/* decrypt in place in 'rr->input' */

-	rr->data=rr->input;

-	enc_err = s->method->ssl3_enc->enc(s,0);

-	if (enc_err <= 0)

-		{

-		if (enc_err == 0)

-			/* SSLerr() and ssl3_send_alert() have been called */

-			goto err;

-		/* Otherwise enc_err == -1, which indicates bad padding

-		 * (rec->length has not been changed in this case).

-		 * To minimize information leaked via timing, we will perform

-		 * the MAC computation anyway. */

-		decryption_failed_or_bad_record_mac = 1;

-		}

-#ifdef TLS_DEBUG

-printf("dec %d\n",rr->length);

-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }

-printf("\n");

-#endif

-	/* r->length is now the compressed data plus mac */

-	if (	(sess == NULL) ||

-		(s->enc_read_ctx == NULL) ||

-		(s->read_hash == NULL))

-		clear=1;

-	if (!clear)

-		{

-		mac_size=EVP_MD_size(s->read_hash);

-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)

-			{

-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */

-			al=SSL_AD_RECORD_OVERFLOW;

-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);

-			goto f_err;

-#else

-			decryption_failed_or_bad_record_mac = 1;

-#endif

-			}

-		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */

-		if (rr->length >= mac_size)

-			{

-			rr->length -= mac_size;

-			mac = &rr->data[rr->length];

-			}

-		else

-			{

-			/* record (minus padding) is too short to contain a MAC */

-#if 0 /* OK only for stream ciphers */

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);

-			goto f_err;

-#else

-			decryption_failed_or_bad_record_mac = 1;

-			rr->length = 0;

-#endif

-			}

-		i=s->method->ssl3_enc->mac(s,md,0);

-		if (mac == NULL || memcmp(md, mac, mac_size) != 0)

-			{

-			decryption_failed_or_bad_record_mac = 1;

-			}

-		}

-	if (decryption_failed_or_bad_record_mac)

-		{

-		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,

-		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption

-		 * failure is directly visible from the ciphertext anyway,

-		 * we should not reveal which kind of error occured -- this

-		 * might become visible to an attacker (e.g. via a logfile) */

-		al=SSL_AD_BAD_RECORD_MAC;

-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

-		goto f_err;

-		}

-	/* r->length is now just compressed */

-	if (s->expand != NULL)

-		{

-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)

-			{

-			al=SSL_AD_RECORD_OVERFLOW;

-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);

-			goto f_err;

-			}

-		if (!ssl3_do_uncompress(s))

-			{

-			al=SSL_AD_DECOMPRESSION_FAILURE;

-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);

-			goto f_err;

-			}

-		}

-	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)

-		{

-		al=SSL_AD_RECORD_OVERFLOW;

-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);

-		goto f_err;

-		}

-	rr->off=0;

-	/* So at this point the following is true

-	 * ssl->s3->rrec.type 	is the type of record

-	 * ssl->s3->rrec.length	== number of bytes in record

-	 * ssl->s3->rrec.off	== offset to first valid byte

-	 * ssl->s3->rrec.data	== where to take bytes from, increment

-	 *			   after use :-).

-	 */

-	/* we have pulled in a full packet so zero things */

-	s->packet_length=0;

-	/* just read a 0 length packet */

-	if (rr->length == 0) goto again;

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(ret);

-	}

-int ssl3_do_uncompress(SSL *ssl)

-	{

-#ifndef OPENSSL_NO_COMP

-	int i;

-	SSL3_RECORD *rr;

-	rr= &(ssl->s3->rrec);

-	i=COMP_expand_block(ssl->expand,rr->comp,

-		SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);

-	if (i < 0)

-		return(0);

-	else

-		rr->length=i;

-	rr->data=rr->comp;

-#endif

-	return(1);

-	}

-int ssl3_do_compress(SSL *ssl)

-	{

-#ifndef OPENSSL_NO_COMP

-	int i;

-	SSL3_RECORD *wr;

-	wr= &(ssl->s3->wrec);

-	i=COMP_compress_block(ssl->compress,wr->data,

-		SSL3_RT_MAX_COMPRESSED_LENGTH,

-		wr->input,(int)wr->length);

-	if (i < 0)

-		return(0);

-	else

-		wr->length=i;

-	wr->input=wr->data;

-#endif

-	return(1);

-	}

-/* Call this to write data in records of type 'type'

- * It will return <= 0 if not all data has been sent or non-blocking IO.

- */

-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)

-	{

-	const unsigned char *buf=buf_;

-	unsigned int tot,n,nw;

-	int i;

-	s->rwstate=SSL_NOTHING;

-	tot=s->s3->wnum;

-	s->s3->wnum=0;

-	if (SSL_in_init(s) && !s->in_handshake)

-		{

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return -1;

-			}

-		}

-	n=(len-tot);

-	for (;;)

-		{

-		if (n > SSL3_RT_MAX_PLAIN_LENGTH)

-			nw=SSL3_RT_MAX_PLAIN_LENGTH;

-		else

-			nw=n;

-		i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);

-		if (i <= 0)

-			{

-			s->s3->wnum=tot;

-			return i;

-			}

-		if ((i == (int)n) ||

-			(type == SSL3_RT_APPLICATION_DATA &&

-			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))

-			{

-			/* next chunk of data should get another prepended empty fragment

-			 * in ciphersuites with known-IV weakness: */

-			s->s3->empty_fragment_done = 0;

-			return tot+i;

-			}

-		n-=i;

-		tot+=i;

-		}

-	}

-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,

-			 unsigned int len, int create_empty_fragment)

-	{

-	unsigned char *p,*plen;

-	int i,mac_size,clear=0;

-	int prefix_len = 0;

-	SSL3_RECORD *wr;

-	SSL3_BUFFER *wb;

-	SSL_SESSION *sess;

-	/* first check if there is a SSL3_BUFFER still being written

-	 * out.  This will happen with non blocking IO */

-	if (s->s3->wbuf.left != 0)

-		return(ssl3_write_pending(s,type,buf,len));

-	/* If we have an alert to send, lets send it */

-	if (s->s3->alert_dispatch)

-		{

-		i=s->method->ssl_dispatch_alert(s);

-		if (i <= 0)

-			return(i);

-		/* if it went, fall through and send more stuff */

-		}

-	if (len == 0 && !create_empty_fragment)

-		return 0;

-	wr= &(s->s3->wrec);

-	wb= &(s->s3->wbuf);

-	sess=s->session;

-	if (	(sess == NULL) ||

-		(s->enc_write_ctx == NULL) ||

-		(s->write_hash == NULL))

-		clear=1;

-	if (clear)

-		mac_size=0;

-	else

-		mac_size=EVP_MD_size(s->write_hash);

-	/* 'create_empty_fragment' is true only when this function calls itself */

-	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)

-		{

-		/* countermeasure against known-IV weakness in CBC ciphersuites

-		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */

-		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)

-			{

-			/* recursive function call with 'create_empty_fragment' set;

-			 * this prepares and buffers the data for an empty fragment

-			 * (these 'prefix_len' bytes are sent out later

-			 * together with the actual payload) */

-			prefix_len = do_ssl3_write(s, type, buf, 0, 1);

-			if (prefix_len <= 0)

-				goto err;

-			if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)

-				{

-				/* insufficient space */

-				SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			}

-		s->s3->empty_fragment_done = 1;

-		}

-	p = wb->buf + prefix_len;

-	/* write the header */

-	*(p++)=type&0xff;

-	wr->type=type;

-	*(p++)=(s->version>>8);

-	*(p++)=s->version&0xff;

-	/* field where we are to write out packet length */

-	plen=p;

-	p+=2;

-	/* lets setup the record stuff. */

-	wr->data=p;

-	wr->length=(int)len;

-	wr->input=(unsigned char *)buf;

-	/* we now 'read' from wr->input, wr->length bytes into

-	 * wr->data */

-	/* first we compress */

-	if (s->compress != NULL)

-		{

-		if (!ssl3_do_compress(s))

-			{

-			SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);

-			goto err;

-			}

-		}

-	else

-		{

-		memcpy(wr->data,wr->input,wr->length);

-		wr->input=wr->data;

-		}

-	/* we should still have the output to wr->data and the input

-	 * from wr->input.  Length should be wr->length.

-	 * wr->data still points in the wb->buf */

-	if (mac_size != 0)

-		{

-		s->method->ssl3_enc->mac(s,&(p[wr->length]),1);

-		wr->length+=mac_size;

-		wr->input=p;

-		wr->data=p;

-		}

-	/* ssl3_enc can only have an error on read */

-	s->method->ssl3_enc->enc(s,1);

-	/* record length after mac and block padding */

-	s2n(wr->length,plen);

-	/* we should now have

-	 * wr->data pointing to the encrypted data, which is

-	 * wr->length long */

-	wr->type=type; /* not needed but helps for debugging */

-	wr->length+=SSL3_RT_HEADER_LENGTH;

-	if (create_empty_fragment)

-		{

-		/* we are in a recursive call;

-		 * just return the length, don't write out anything here

-		 */

-		return wr->length;

-		}

-	/* now let's set up wb */

-	wb->left = prefix_len + wr->length;

-	wb->offset = 0;

-	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */

-	s->s3->wpend_tot=len;

-	s->s3->wpend_buf=buf;

-	s->s3->wpend_type=type;

-	s->s3->wpend_ret=len;

-	/* we now just need to write the buffer */

-	return ssl3_write_pending(s,type,buf,len);

-err:

-	return -1;

-	}

-/* if s->s3->wbuf.left != 0, we need to call this */

-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,

-	unsigned int len)

-	{

-	int i;

-/* XXXX */

-	if ((s->s3->wpend_tot > (int)len)

-		|| ((s->s3->wpend_buf != buf) &&

-			!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))

-		|| (s->s3->wpend_type != type))

-		{

-		SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);

-		return(-1);

-		}

-	for (;;)

-		{

-		clear_sys_error();

-		if (s->wbio != NULL)

-			{

-			s->rwstate=SSL_WRITING;

-			i=BIO_write(s->wbio,

-				(char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),

-				(unsigned int)s->s3->wbuf.left);

-			}

-		else

-			{

-			SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);

-			i= -1;

-			}

-		if (i == s->s3->wbuf.left)

-			{

-			s->s3->wbuf.left=0;

-			s->rwstate=SSL_NOTHING;

-			return(s->s3->wpend_ret);

-			}

-		else if (i <= 0)

-			return(i);

-		s->s3->wbuf.offset+=i;

-		s->s3->wbuf.left-=i;

-		}

-	}

-/* Return up to 'len' payload bytes received in 'type' records.

- * 'type' is one of the following:

- *

- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)

- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)

- *   -  0 (during a shutdown, no data has to be returned)

- *

- * If we don't have stored data to work from, read a SSL/TLS record first

- * (possibly multiple records if we still don't have anything to return).

- *

- * This function must handle any surprises the peer may have for us, such as

- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really

- * a surprise, but handled as if it were), or renegotiation requests.

- * Also if record payloads contain fragments too small to process, we store

- * them until there is enough for the respective protocol (the record protocol

- * may use arbitrary fragmentation and even interleaving):

- *     Change cipher spec protocol

- *             just 1 byte needed, no need for keeping anything stored

- *     Alert protocol

- *             2 bytes needed (AlertLevel, AlertDescription)

- *     Handshake protocol

- *             4 bytes needed (HandshakeType, uint24 length) -- we just have

- *             to detect unexpected Client Hello and Hello Request messages

- *             here, anything else is handled by higher layers

- *     Application data protocol

- *             none of our business

- */

-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

-	{

-	int al,i,j,ret;

-	unsigned int n;

-	SSL3_RECORD *rr;

-	void (*cb)(const SSL *ssl,int type2,int val)=NULL;

-	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */

-		if (!ssl3_setup_buffers(s))

-			return(-1);

-	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||

-	    (peek && (type != SSL3_RT_APPLICATION_DATA)))

-		{

-		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);

-		return -1;

-		}

-	if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))

-		/* (partially) satisfy request from storage */

-		{

-		unsigned char *src = s->s3->handshake_fragment;

-		unsigned char *dst = buf;

-		unsigned int k;

-		/* peek == 0 */

-		n = 0;

-		while ((len > 0) && (s->s3->handshake_fragment_len > 0))

-			{

-			*dst++ = *src++;

-			len--; s->s3->handshake_fragment_len--;

-			n++;

-			}

-		/* move any remaining fragment bytes: */

-		for (k = 0; k < s->s3->handshake_fragment_len; k++)

-			s->s3->handshake_fragment[k] = *src++;

-		return n;

-	}

-	/* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */

-	if (!s->in_handshake && SSL_in_init(s))

-		{

-		/* type == SSL3_RT_APPLICATION_DATA */

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		}

-start:

-	s->rwstate=SSL_NOTHING;

-	/* s->s3->rrec.type	    - is the type of record

-	 * s->s3->rrec.data,    - data

-	 * s->s3->rrec.off,     - offset into 'data' for next read

-	 * s->s3->rrec.length,  - number of bytes. */

-	rr = &(s->s3->rrec);

-	/* get new packet if necessary */

-	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))

-		{

-		ret=ssl3_get_record(s);

-		if (ret <= 0) return(ret);

-		}

-	/* we now have a packet which can be read and processed */

-	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,

-	                               * reset by ssl3_get_finished */

-		&& (rr->type != SSL3_RT_HANDSHAKE))

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);

-		goto f_err;

-		}

-	/* If the other end has shut down, throw anything we read away

-	 * (even in 'peek' mode) */

-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)

-		{

-		rr->length=0;

-		s->rwstate=SSL_NOTHING;

-		return(0);

-		}

-	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */

-		{

-		/* make sure that we are not getting application data when we

-		 * are doing a handshake for the first time */

-		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&

-			(s->enc_read_ctx == NULL))

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);

-			goto f_err;

-			}

-		if (len <= 0) return(len);

-		if ((unsigned int)len > rr->length)

-			n = rr->length;

-		else

-			n = (unsigned int)len;

-		memcpy(buf,&(rr->data[rr->off]),n);

-		if (!peek)

-			{

-			rr->length-=n;

-			rr->off+=n;

-			if (rr->length == 0)

-				{

-				s->rstate=SSL_ST_READ_HEADER;

-				rr->off=0;

-				}

-			}

-		return(n);

-		}

-	/* If we get here, then type != rr->type; if we have a handshake

-	 * message, then it was unexpected (Hello Request or Client Hello). */

-	/* In case of record types for which we have 'fragment' storage,

-	 * fill that so that we can process the data at a fixed place.

-	 */

-		{

-		unsigned int dest_maxlen = 0;

-		unsigned char *dest = NULL;

-		unsigned int *dest_len = NULL;

-		if (rr->type == SSL3_RT_HANDSHAKE)

-			{

-			dest_maxlen = sizeof s->s3->handshake_fragment;

-			dest = s->s3->handshake_fragment;

-			dest_len = &s->s3->handshake_fragment_len;

-			}

-		else if (rr->type == SSL3_RT_ALERT)

-			{

-			dest_maxlen = sizeof s->s3->alert_fragment;

-			dest = s->s3->alert_fragment;

-			dest_len = &s->s3->alert_fragment_len;

-			}

-		if (dest_maxlen > 0)

-			{

-			n = dest_maxlen - *dest_len; /* available space in 'dest' */

-			if (rr->length < n)

-				n = rr->length; /* available bytes */

-			/* now move 'n' bytes: */

-			while (n-- > 0)

-				{

-				dest[(*dest_len)++] = rr->data[rr->off++];

-				rr->length--;

-				}

-			if (*dest_len < dest_maxlen)

-				goto start; /* fragment was too small */

-			}

-		}

-	/* s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;

-	 * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.

-	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */

-	/* If we are a client, check for an incoming 'Hello Request': */

-	if ((!s->server) &&

-		(s->s3->handshake_fragment_len >= 4) &&

-		(s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&

-		(s->session != NULL) && (s->session->cipher != NULL))

-		{

-		s->s3->handshake_fragment_len = 0;

-		if ((s->s3->handshake_fragment[1] != 0) ||

-			(s->s3->handshake_fragment[2] != 0) ||

-			(s->s3->handshake_fragment[3] != 0))

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);

-			goto f_err;

-			}

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);

-		if (SSL_is_init_finished(s) &&

-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&

-			!s->s3->renegotiate)

-			{

-			ssl3_renegotiate(s);

-			if (ssl3_renegotiate_check(s))

-				{

-				i=s->handshake_func(s);

-				if (i < 0) return(i);

-				if (i == 0)

-					{

-					SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-					return(-1);

-					}

-				if (!(s->mode & SSL_MODE_AUTO_RETRY))

-					{

-					if (s->s3->rbuf.left == 0) /* no read-ahead left? */

-						{

-						BIO *bio;

-						/* In the case where we try to read application data,

-						 * but we trigger an SSL handshake, we return -1 with

-						 * the retry option set.  Otherwise renegotiation may

-						 * cause nasty problems in the blocking world */

-						s->rwstate=SSL_READING;

-						bio=SSL_get_rbio(s);

-						BIO_clear_retry_flags(bio);

-						BIO_set_retry_read(bio);

-						return(-1);

-						}

-					}

-				}

-			}

-		/* we either finished a handshake or ignored the request,

-		 * now try again to obtain the (application) data we were asked for */

-		goto start;

-		}

-	if (s->s3->alert_fragment_len >= 2)

-		{

-		int alert_level = s->s3->alert_fragment[0];

-		int alert_descr = s->s3->alert_fragment[1];

-		s->s3->alert_fragment_len = 0;

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);

-		if (s->info_callback != NULL)

-			cb=s->info_callback;

-		else if (s->ctx->info_callback != NULL)

-			cb=s->ctx->info_callback;

-		if (cb != NULL)

-			{

-			j = (alert_level << 8) | alert_descr;

-			cb(s, SSL_CB_READ_ALERT, j);

-			}

-		if (alert_level == 1) /* warning */

-			{

-			s->s3->warn_alert = alert_descr;

-			if (alert_descr == SSL_AD_CLOSE_NOTIFY)

-				{

-				s->shutdown |= SSL_RECEIVED_SHUTDOWN;

-				return(0);

-				}

-			}

-		else if (alert_level == 2) /* fatal */

-			{

-			char tmp[16];

-			s->rwstate=SSL_NOTHING;

-			s->s3->fatal_alert = alert_descr;

-			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);

-			BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);

-			ERR_add_error_data(2,"SSL alert number ",tmp);

-			s->shutdown|=SSL_RECEIVED_SHUTDOWN;

-			SSL_CTX_remove_session(s->ctx,s->session);

-			return(0);

-			}

-		else

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);

-			goto f_err;

-			}

-		goto start;

-		}

-	if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */

-		{

-		s->rwstate=SSL_NOTHING;

-		rr->length=0;

-		return(0);

-		}

-	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)

-		{

-		/* 'Change Cipher Spec' is just a single byte, so we know

-		 * exactly what the record payload has to look like */

-		if (	(rr->length != 1) || (rr->off != 0) ||

-			(rr->data[0] != SSL3_MT_CCS))

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);

-			goto f_err;

-			}

-		/* Check we have a cipher to change to */

-		if (s->s3->tmp.new_cipher == NULL)

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);

-			goto f_err;

-			}

-		rr->length=0;

-		if (s->msg_callback)

-			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);

-		s->s3->change_cipher_spec=1;

-		if (!ssl3_do_change_cipher_spec(s))

-			goto err;

-		else

-			goto start;

-		}

-	/* Unexpected handshake message (Client Hello, or protocol violation) */

-	if ((s->s3->handshake_fragment_len >= 4) &&	!s->in_handshake)

-		{

-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&

-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))

-			{

-#if 0 /* worked only because C operator preferences are not as expected (and

-       * because this is not really needed for clients except for detecting

-       * protocol violations): */

-			s->state=SSL_ST_BEFORE|(s->server)

-				?SSL_ST_ACCEPT

-				:SSL_ST_CONNECT;

-#else

-			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;

-#endif

-			s->new_session=1;

-			}

-		i=s->handshake_func(s);

-		if (i < 0) return(i);

-		if (i == 0)

-			{

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);

-			return(-1);

-			}

-		if (!(s->mode & SSL_MODE_AUTO_RETRY))

-			{

-			if (s->s3->rbuf.left == 0) /* no read-ahead left? */

-				{

-				BIO *bio;

-				/* In the case where we try to read application data,

-				 * but we trigger an SSL handshake, we return -1 with

-				 * the retry option set.  Otherwise renegotiation may

-				 * cause nasty problems in the blocking world */

-				s->rwstate=SSL_READING;

-				bio=SSL_get_rbio(s);

-				BIO_clear_retry_flags(bio);

-				BIO_set_retry_read(bio);

-				return(-1);

-				}

-			}

-		goto start;

-		}

-	switch (rr->type)

-		{

-	default:

-#ifndef OPENSSL_NO_TLS

-		/* TLS just ignores unknown message types */

-		if (s->version == TLS1_VERSION)

-			{

-			rr->length = 0;

-			goto start;

-			}

-#endif

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);

-		goto f_err;

-	case SSL3_RT_CHANGE_CIPHER_SPEC:

-	case SSL3_RT_ALERT:

-	case SSL3_RT_HANDSHAKE:

-		/* we already handled all of these, with the possible exception

-		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that

-		 * should not happen when type != rr->type */

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);

-		goto f_err;

-	case SSL3_RT_APPLICATION_DATA:

-		/* At this point, we were expecting handshake data,

-		 * but have application data.  If the library was

-		 * running inside ssl3_read() (i.e. in_read_app_data

-		 * is set) and it makes sense to read application data

-		 * at this point (session renegotiation not yet started),

-		 * we will indulge it.

-		 */

-		if (s->s3->in_read_app_data &&

-			(s->s3->total_renegotiations != 0) &&

-			((

-				(s->state & SSL_ST_CONNECT) &&

-				(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&

-				(s->state <= SSL3_ST_CR_SRVR_HELLO_A)

-				) || (

-					(s->state & SSL_ST_ACCEPT) &&

-					(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&

-					(s->state >= SSL3_ST_SR_CLNT_HELLO_A)

-					)

-				))

-			{

-			s->s3->in_read_app_data=2;

-			return(-1);

-			}

-		else

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);

-			goto f_err;

-			}

-		}

-	/* not reached */

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-	return(-1);

-	}

-int ssl3_do_change_cipher_spec(SSL *s)

-	{

-	int i;

-	const char *sender;

-	int slen;

-	if (s->state & SSL_ST_ACCEPT)

-		i=SSL3_CHANGE_CIPHER_SERVER_READ;

-	else

-		i=SSL3_CHANGE_CIPHER_CLIENT_READ;

-	if (s->s3->tmp.key_block == NULL)

-		{

-		s->session->cipher=s->s3->tmp.new_cipher;

-		if (!s->method->ssl3_enc->setup_key_block(s)) return(0);

-		}

-	if (!s->method->ssl3_enc->change_cipher_state(s,i))

-		return(0);

-	/* we have to record the message digest at

-	 * this point so we can get it before we read

-	 * the finished message */

-	if (s->state & SSL_ST_CONNECT)

-		{

-		sender=s->method->ssl3_enc->server_finished_label;

-		slen=s->method->ssl3_enc->server_finished_label_len;

-		}

-	else

-		{

-		sender=s->method->ssl3_enc->client_finished_label;

-		slen=s->method->ssl3_enc->client_finished_label_len;

-		}

-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,

-		&(s->s3->finish_dgst1),

-		&(s->s3->finish_dgst2),

-		sender,slen,s->s3->tmp.peer_finish_md);

-	return(1);

-	}

-void ssl3_send_alert(SSL *s, int level, int desc)

-	{

-	/* Map tls/ssl alert value to correct one */

-	desc=s->method->ssl3_enc->alert_value(desc);

-	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)

-		desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */

-	if (desc < 0) return;

-	/* If a fatal one, remove from cache */

-	if ((level == 2) && (s->session != NULL))

-		SSL_CTX_remove_session(s->ctx,s->session);

-	s->s3->alert_dispatch=1;

-	s->s3->send_alert[0]=level;

-	s->s3->send_alert[1]=desc;

-	if (s->s3->wbuf.left == 0) /* data still being written out? */

-		s->method->ssl_dispatch_alert(s);

-	/* else data is still being written out, we will get written

-	 * some time in the future */

-	}

-int ssl3_dispatch_alert(SSL *s)

-	{

-	int i,j;

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	s->s3->alert_dispatch=0;

-	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);

-	if (i <= 0)

-		{

-		s->s3->alert_dispatch=1;

-		}

-	else

-		{

-		/* Alert sent to BIO.  If it is important, flush it now.

-		 * If the message does not get sent due to non-blocking IO,

-		 * we will not worry too much. */

-		if (s->s3->send_alert[0] == SSL3_AL_FATAL)

-			(void)BIO_flush(s->wbio);

-		if (s->msg_callback)

-			s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);

-		if (s->info_callback != NULL)

-			cb=s->info_callback;

-		else if (s->ctx->info_callback != NULL)

-			cb=s->ctx->info_callback;

-		if (cb != NULL)

-			{

-			j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];

-			cb(s,SSL_CB_WRITE_ALERT,j);

-			}

-		}

-	return(i);

-	}

--- a/sys/src/ape/lib/openssl/ssl/s3_srvr.c

+++ /dev/null

@@ -1,2743 +1,0 @@

-/* ssl/s3_srvr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * ECC cipher suite support in OpenSSL originally written by

- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

- *

- */

-#define REUSE_CIPHER_BUG

-#define NETSCAPE_HANG_BUG

-#include <stdio.h>

-#include "ssl_locl.h"

-#include "kssl_lcl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/hmac.h>

-#include <openssl/x509.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#ifndef OPENSSL_NO_KRB5

-#include <openssl/krb5_asn.h>

-#endif

-#include <openssl/md5.h>

-static SSL_METHOD *ssl3_get_server_method(int ver);

-#ifndef OPENSSL_NO_ECDH

-static int nid2curve_id(int nid);

-#endif

-static SSL_METHOD *ssl3_get_server_method(int ver)

-	{

-	if (ver == SSL3_VERSION)

-		return(SSLv3_server_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,

-			ssl3_accept,

-			ssl_undefined_function,

-			ssl3_get_server_method)

-int ssl3_accept(SSL *s)

-	{

-	BUF_MEM *buf;

-	unsigned long l,Time=(unsigned long)time(NULL);

-	void (*cb)(const SSL *ssl,int type,int val)=NULL;

-	long num1;

-	int ret= -1;

-	int new_state,state,skip=0;

-	RAND_add(&Time,sizeof(Time),0);

-	ERR_clear_error();

-	clear_sys_error();

-	if (s->info_callback != NULL)

-		cb=s->info_callback;

-	else if (s->ctx->info_callback != NULL)

-		cb=s->ctx->info_callback;

-	/* init things to blank */

-	s->in_handshake++;

-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);

-	if (s->cert == NULL)

-		{

-		SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);

-		return(-1);

-		}

-	for (;;)

-		{

-		state=s->state;

-		switch (s->state)

-			{

-		case SSL_ST_RENEGOTIATE:

-			s->new_session=1;

-			/* s->state=SSL_ST_ACCEPT; */

-		case SSL_ST_BEFORE:

-		case SSL_ST_ACCEPT:

-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:

-		case SSL_ST_OK|SSL_ST_ACCEPT:

-			s->server=1;

-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			if ((s->version>>8) != 3)

-				{

-				SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);

-				return -1;

-				}

-			s->type=SSL_ST_ACCEPT;

-			if (s->init_buf == NULL)

-				{

-				if ((buf=BUF_MEM_new()) == NULL)

-					{

-					ret= -1;

-					goto end;

-					}

-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))

-					{

-					ret= -1;

-					goto end;

-					}

-				s->init_buf=buf;

-				}

-			if (!ssl3_setup_buffers(s))

-				{

-				ret= -1;

-				goto end;

-				}

-			s->init_num=0;

-			if (s->state != SSL_ST_RENEGOTIATE)

-				{

-				/* Ok, we now need to push on a buffering BIO so that

-				 * the output is sent in a way that TCP likes :-)

-				 */

-				if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }

-				ssl3_init_finished_mac(s);

-				s->state=SSL3_ST_SR_CLNT_HELLO_A;

-				s->ctx->stats.sess_accept++;

-				}

-			else

-				{

-				/* s->state == SSL_ST_RENEGOTIATE,

-				 * we will just send a HelloRequest */

-				s->ctx->stats.sess_accept_renegotiate++;

-				s->state=SSL3_ST_SW_HELLO_REQ_A;

-				}

-			break;

-		case SSL3_ST_SW_HELLO_REQ_A:

-		case SSL3_ST_SW_HELLO_REQ_B:

-			s->shutdown=0;

-			ret=ssl3_send_hello_request(s);

-			if (ret <= 0) goto end;

-			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;

-			s->state=SSL3_ST_SW_FLUSH;

-			s->init_num=0;

-			ssl3_init_finished_mac(s);

-			break;

-		case SSL3_ST_SW_HELLO_REQ_C:

-			s->state=SSL_ST_OK;

-			break;

-		case SSL3_ST_SR_CLNT_HELLO_A:

-		case SSL3_ST_SR_CLNT_HELLO_B:

-		case SSL3_ST_SR_CLNT_HELLO_C:

-			s->shutdown=0;

-			ret=ssl3_get_client_hello(s);

-			if (ret <= 0) goto end;

-			s->new_session = 2;

-			s->state=SSL3_ST_SW_SRVR_HELLO_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_SRVR_HELLO_A:

-		case SSL3_ST_SW_SRVR_HELLO_B:

-			ret=ssl3_send_server_hello(s);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL3_ST_SW_CHANGE_A;

-			else

-				s->state=SSL3_ST_SW_CERT_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_CERT_A:

-		case SSL3_ST_SW_CERT_B:

-			/* Check if it is anon DH or anon ECDH or KRB5 */

-			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)

-				&& !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))

-				{

-				ret=ssl3_send_server_certificate(s);

-				if (ret <= 0) goto end;

-				}

-			else

-				skip=1;

-			s->state=SSL3_ST_SW_KEY_EXCH_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_KEY_EXCH_A:

-		case SSL3_ST_SW_KEY_EXCH_B:

-			l=s->s3->tmp.new_cipher->algorithms;

-			/* clear this, it may get reset by

-			 * send_server_key_exchange */

-			if ((s->options & SSL_OP_EPHEMERAL_RSA)

-#ifndef OPENSSL_NO_KRB5

-				&& !(l & SSL_KRB5)

-#endif /* OPENSSL_NO_KRB5 */

-				)

-				/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key

-				 * even when forbidden by protocol specs

-				 * (handshake may fail as clients are not required to

-				 * be able to handle this) */

-				s->s3->tmp.use_rsa_tmp=1;

-			else

-				s->s3->tmp.use_rsa_tmp=0;

-			/* only send if a DH key exchange, fortezza or

-			 * RSA but we have a sign only certificate

-			 *

-			 * For ECC ciphersuites, we send a serverKeyExchange

-			 * message only if the cipher suite is either

-			 * ECDH-anon or ECDHE. In other cases, the

-			 * server certificate contains the server's

-			 * public key for key exchange.

-			 */

-			if (s->s3->tmp.use_rsa_tmp

-			    || (l & SSL_kECDHE)

-			    || (l & (SSL_DH|SSL_kFZA))

-			    || ((l & SSL_kRSA)

-				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

-				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)

-					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)

-					)

-				    )

-				)

-			    )

-				{

-				ret=ssl3_send_server_key_exchange(s);

-				if (ret <= 0) goto end;

-				}

-			else

-				skip=1;

-			s->state=SSL3_ST_SW_CERT_REQ_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_CERT_REQ_A:

-		case SSL3_ST_SW_CERT_REQ_B:

-			if (/* don't request cert unless asked for it: */

-				!(s->verify_mode & SSL_VERIFY_PEER) ||

-				/* if SSL_VERIFY_CLIENT_ONCE is set,

-				 * don't request cert during re-negotiation: */

-				((s->session->peer != NULL) &&

-				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||

-				/* never request cert in anonymous ciphersuites

-				 * (see section "Certificate request" in SSL 3 drafts

-				 * and in RFC 2246): */

-				((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&

-				 /* ... except when the application insists on verification

-				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */

-				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||

-                                 /* never request cert in Kerberos ciphersuites */

-                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))

-				{

-				/* no cert request */

-				skip=1;

-				s->s3->tmp.cert_request=0;

-				s->state=SSL3_ST_SW_SRVR_DONE_A;

-				}

-			else

-				{

-				s->s3->tmp.cert_request=1;

-				ret=ssl3_send_certificate_request(s);

-				if (ret <= 0) goto end;

-#ifndef NETSCAPE_HANG_BUG

-				s->state=SSL3_ST_SW_SRVR_DONE_A;

-#else

-				s->state=SSL3_ST_SW_FLUSH;

-				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;

-#endif

-				s->init_num=0;

-				}

-			break;

-		case SSL3_ST_SW_SRVR_DONE_A:

-		case SSL3_ST_SW_SRVR_DONE_B:

-			ret=ssl3_send_server_done(s);

-			if (ret <= 0) goto end;

-			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;

-			s->state=SSL3_ST_SW_FLUSH;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SW_FLUSH:

-			/* number of bytes to be flushed */

-			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);

-			if (num1 > 0)

-				{

-				s->rwstate=SSL_WRITING;

-				num1=BIO_flush(s->wbio);

-				if (num1 <= 0) { ret= -1; goto end; }

-				s->rwstate=SSL_NOTHING;

-				}

-			s->state=s->s3->tmp.next_state;

-			break;

-		case SSL3_ST_SR_CERT_A:

-		case SSL3_ST_SR_CERT_B:

-			/* Check for second client hello (MS SGC) */

-			ret = ssl3_check_client_hello(s);

-			if (ret <= 0)

-				goto end;

-			if (ret == 2)

-				s->state = SSL3_ST_SR_CLNT_HELLO_C;

-			else {

-				if (s->s3->tmp.cert_request)

-					{

-					ret=ssl3_get_client_certificate(s);

-					if (ret <= 0) goto end;

-					}

-				s->init_num=0;

-				s->state=SSL3_ST_SR_KEY_EXCH_A;

-			}

-			break;

-		case SSL3_ST_SR_KEY_EXCH_A:

-		case SSL3_ST_SR_KEY_EXCH_B:

-			ret=ssl3_get_client_key_exchange(s);

-			if (ret <= 0)

-				goto end;

-			if (ret == 2)

-				{

-				/* For the ECDH ciphersuites when

-				 * the client sends its ECDH pub key in

-				 * a certificate, the CertificateVerify

-				 * message is not sent.

-				 */

-				s->state=SSL3_ST_SR_FINISHED_A;

-				s->init_num = 0;

-				}

-			else

-				{

-				s->state=SSL3_ST_SR_CERT_VRFY_A;

-				s->init_num=0;

-				/* We need to get hashes here so if there is

-				 * a client cert, it can be verified

-				 */

-				s->method->ssl3_enc->cert_verify_mac(s,

-				    &(s->s3->finish_dgst1),

-				    &(s->s3->tmp.cert_verify_md[0]));

-				s->method->ssl3_enc->cert_verify_mac(s,

-				    &(s->s3->finish_dgst2),

-				    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));

-				}

-			break;

-		case SSL3_ST_SR_CERT_VRFY_A:

-		case SSL3_ST_SR_CERT_VRFY_B:

-			/* we should decide if we expected this one */

-			ret=ssl3_get_cert_verify(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SR_FINISHED_A;

-			s->init_num=0;

-			break;

-		case SSL3_ST_SR_FINISHED_A:

-		case SSL3_ST_SR_FINISHED_B:

-			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,

-				SSL3_ST_SR_FINISHED_B);

-			if (ret <= 0) goto end;

-			if (s->hit)

-				s->state=SSL_ST_OK;

-#ifndef OPENSSL_NO_TLSEXT

-			else if (s->tlsext_ticket_expected)

-				s->state=SSL3_ST_SW_SESSION_TICKET_A;

-#endif

-			else

-				s->state=SSL3_ST_SW_CHANGE_A;

-			s->init_num=0;

-			break;

-#ifndef OPENSSL_NO_TLSEXT

-		case SSL3_ST_SW_SESSION_TICKET_A:

-		case SSL3_ST_SW_SESSION_TICKET_B:

-			ret=ssl3_send_newsession_ticket(s);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SW_CHANGE_A;

-			s->init_num=0;

-			break;

-#endif

-		case SSL3_ST_SW_CHANGE_A:

-		case SSL3_ST_SW_CHANGE_B:

-			s->session->cipher=s->s3->tmp.new_cipher;

-			if (!s->method->ssl3_enc->setup_key_block(s))

-				{ ret= -1; goto end; }

-			ret=ssl3_send_change_cipher_spec(s,

-				SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SW_FINISHED_A;

-			s->init_num=0;

-			if (!s->method->ssl3_enc->change_cipher_state(s,

-				SSL3_CHANGE_CIPHER_SERVER_WRITE))

-				{

-				ret= -1;

-				goto end;

-				}

-			break;

-		case SSL3_ST_SW_FINISHED_A:

-		case SSL3_ST_SW_FINISHED_B:

-			ret=ssl3_send_finished(s,

-				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,

-				s->method->ssl3_enc->server_finished_label,

-				s->method->ssl3_enc->server_finished_label_len);

-			if (ret <= 0) goto end;

-			s->state=SSL3_ST_SW_FLUSH;

-			if (s->hit)

-				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;

-			else

-				s->s3->tmp.next_state=SSL_ST_OK;

-			s->init_num=0;

-			break;

-		case SSL_ST_OK:

-			/* clean a few things up */

-			ssl3_cleanup_key_block(s);

-			BUF_MEM_free(s->init_buf);

-			s->init_buf=NULL;

-			/* remove buffering on output */

-			ssl_free_wbio_buffer(s);

-			s->init_num=0;

-			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */

-				{

-				/* actually not necessarily a 'new' session unless

-				 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */

-				s->new_session=0;

-				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);

-				s->ctx->stats.sess_accept_good++;

-				/* s->server=1; */

-				s->handshake_func=ssl3_accept;

-				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);

-				}

-			ret = 1;

-			goto end;

-			/* break; */

-		default:

-			SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);

-			ret= -1;

-			goto end;

-			/* break; */

-			}

-		if (!s->s3->tmp.reuse_message && !skip)

-			{

-			if (s->debug)

-				{

-				if ((ret=BIO_flush(s->wbio)) <= 0)

-					goto end;

-				}

-			if ((cb != NULL) && (s->state != state))

-				{

-				new_state=s->state;

-				s->state=state;

-				cb(s,SSL_CB_ACCEPT_LOOP,1);

-				s->state=new_state;

-				}

-			}

-		skip=0;

-		}

-end:

-	/* BIO_flush(s->wbio); */

-	s->in_handshake--;

-	if (cb != NULL)

-		cb(s,SSL_CB_ACCEPT_EXIT,ret);

-	return(ret);

-	}

-int ssl3_send_hello_request(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL3_ST_SW_HELLO_REQ_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		*(p++)=SSL3_MT_HELLO_REQUEST;

-		*(p++)=0;

-		*(p++)=0;

-		*(p++)=0;

-		s->state=SSL3_ST_SW_HELLO_REQ_B;

-		/* number of bytes to write */

-		s->init_num=4;

-		s->init_off=0;

-		}

-	/* SSL3_ST_SW_HELLO_REQ_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int ssl3_check_client_hello(SSL *s)

-	{

-	int ok;

-	long n;

-	/* this function is called when we really expect a Certificate message,

-	 * so permit appropriate message length */

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_SR_CERT_A,

-		SSL3_ST_SR_CERT_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	s->s3->tmp.reuse_message = 1;

-	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)

-		{

-		/* Throw away what we have done so far in the current handshake,

-		 * which will now be aborted. (A full SSL_clear would be too much.)

-		 * I hope that tmp.dh is the only thing that may need to be cleared

-		 * when a handshake is not completed ... */

-#ifndef OPENSSL_NO_DH

-		if (s->s3->tmp.dh != NULL)

-			{

-			DH_free(s->s3->tmp.dh);

-			s->s3->tmp.dh = NULL;

-			}

-#endif

-		return 2;

-		}

-	return 1;

-}

-int ssl3_get_client_hello(SSL *s)

-	{

-	int i,j,ok,al,ret= -1;

-	unsigned int cookie_len;

-	long n;

-	unsigned long id;

-	unsigned char *p,*d,*q;

-	SSL_CIPHER *c;

-#ifndef OPENSSL_NO_COMP

-	SSL_COMP *comp=NULL;

-#endif

-	STACK_OF(SSL_CIPHER) *ciphers=NULL;

-	/* We do this so that we will respond with our native type.

-	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,

-	 * This down switching should be handled by a different method.

-	 * If we are SSLv3, we will respond with SSLv3, even if prompted with

-	 * TLSv1.

-	 */

-	if (s->state == SSL3_ST_SR_CLNT_HELLO_A)

-		{

-		s->state=SSL3_ST_SR_CLNT_HELLO_B;

-		}

-	s->first_packet=1;

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_SR_CLNT_HELLO_B,

-		SSL3_ST_SR_CLNT_HELLO_C,

-		SSL3_MT_CLIENT_HELLO,

-		SSL3_RT_MAX_PLAIN_LENGTH,

-		&ok);

-	if (!ok) return((int)n);

-	s->first_packet=0;

-	d=p=(unsigned char *)s->init_msg;

-	/* use version from inside client hello, not from record header

-	 * (may differ: see RFC 2246, Appendix E, second paragraph) */

-	s->client_version=(((int)p[0])<<8)|(int)p[1];

-	p+=2;

-	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||

-	    (s->version != DTLS1_VERSION && s->client_version < s->version))

-		{

-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);

-		if ((s->client_version>>8) == SSL3_VERSION_MAJOR)

-			{

-			/* similar to ssl3_get_record, send alert using remote version number */

-			s->version = s->client_version;

-			}

-		al = SSL_AD_PROTOCOL_VERSION;

-		goto f_err;

-		}

-	/* load the client random */

-	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);

-	p+=SSL3_RANDOM_SIZE;

-	/* get the session-id */

-	j= *(p++);

-	s->hit=0;

-	/* Versions before 0.9.7 always allow session reuse during renegotiation

-	 * (i.e. when s->new_session is true), option

-	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.

-	 * Maybe this optional behaviour should always have been the default,

-	 * but we cannot safely change the default behaviour (or new applications

-	 * might be written that become totally unsecure when compiled with

-	 * an earlier library version)

-	 */

-	if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))

-		{

-		if (!ssl_get_new_session(s,1))

-			goto err;

-		}

-	else

-		{

-		i=ssl_get_prev_session(s, p, j, d + n);

-		if (i == 1)

-			{ /* previous session */

-			s->hit=1;

-			}

-		else if (i == -1)

-			goto err;

-		else /* i == 0 */

-			{

-			if (!ssl_get_new_session(s,1))

-				goto err;

-			}

-		}

-	p+=j;

-	if (s->version == DTLS1_VERSION)

-		{

-		/* cookie stuff */

-		cookie_len = *(p++);

-		if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&

-			s->d1->send_cookie == 0)

-			{

-			/* HelloVerifyMessage has already been sent */

-			if ( cookie_len != s->d1->cookie_len)

-				{

-				al = SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);

-				goto f_err;

-				}

-			}

-		/*

-		 * The ClientHello may contain a cookie even if the

-		 * HelloVerify message has not been sent--make sure that it

-		 * does not cause an overflow.

-		 */

-		if ( cookie_len > sizeof(s->d1->rcvd_cookie))

-			{

-			/* too much data */

-			al = SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);

-			goto f_err;

-			}

-		/* verify the cookie if appropriate option is set. */

-		if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&

-			cookie_len > 0)

-			{

-			memcpy(s->d1->rcvd_cookie, p, cookie_len);

-			if ( s->ctx->app_verify_cookie_cb != NULL)

-				{

-				if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,

-					cookie_len) == 0)

-					{

-					al=SSL_AD_HANDSHAKE_FAILURE;

-					SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,

-						SSL_R_COOKIE_MISMATCH);

-					goto f_err;

-					}

-				/* else cookie verification succeeded */

-				}

-			else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,

-						  s->d1->cookie_len) != 0) /* default verification */

-				{

-					al=SSL_AD_HANDSHAKE_FAILURE;

-					SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,

-						SSL_R_COOKIE_MISMATCH);

-					goto f_err;

-				}

-			}

-		p += cookie_len;

-		}

-	n2s(p,i);

-	if ((i == 0) && (j != 0))

-		{

-		/* we need a cipher if we are not resuming a session */

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);

-		goto f_err;

-		}

-	if ((p+i) >= (d+n))

-		{

-		/* not enough data */

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);

-		goto f_err;

-		}

-	if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))

-		== NULL))

-		{

-		goto err;

-		}

-	p+=i;

-	/* If it is a hit, check that the cipher is in the list */

-	if ((s->hit) && (i > 0))

-		{

-		j=0;

-		id=s->session->cipher->id;

-#ifdef CIPHER_DEBUG

-		printf("client sent %d ciphers\n",sk_num(ciphers));

-#endif

-		for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)

-			{

-			c=sk_SSL_CIPHER_value(ciphers,i);

-#ifdef CIPHER_DEBUG

-			printf("client [%2d of %2d]:%s\n",

-				i,sk_num(ciphers),SSL_CIPHER_get_name(c));

-#endif

-			if (c->id == id)

-				{

-				j=1;

-				break;

-				}

-			}

-		if (j == 0)

-			{

-			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))

-				{

-				/* Very bad for multi-threading.... */

-				s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);

-				}

-			else

-				{

-				/* we need to have the cipher in the cipher

-				 * list if we are asked to reuse it */

-				al=SSL_AD_ILLEGAL_PARAMETER;

-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);

-				goto f_err;

-				}

-			}

-		}

-	/* compression */

-	i= *(p++);

-	if ((p+i) > (d+n))

-		{

-		/* not enough data */

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);

-		goto f_err;

-		}

-	q=p;

-	for (j=0; j<i; j++)

-		{

-		if (p[j] == 0) break;

-		}

-	p+=i;

-	if (j >= i)

-		{

-		/* no compress */

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);

-		goto f_err;

-		}

-#ifndef OPENSSL_NO_TLSEXT

-	/* TLS extensions*/

-	if (s->version > SSL3_VERSION)

-		{

-		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))

-			{

-			/* 'al' set by ssl_parse_clienthello_tlsext */

-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);

-			goto f_err;

-			}

-		}

-		if (ssl_check_clienthello_tlsext(s) <= 0) {

-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);

-			goto err;

-		}

-#endif

-	/* Worst case, we will use the NULL compression, but if we have other

-	 * options, we will now look for them.  We have i-1 compression

-	 * algorithms from the client, starting at q. */

-	s->s3->tmp.new_compression=NULL;

-#ifndef OPENSSL_NO_COMP

-	if (s->ctx->comp_methods != NULL)

-		{ /* See if we have a match */

-		int m,nn,o,v,done=0;

-		nn=sk_SSL_COMP_num(s->ctx->comp_methods);

-		for (m=0; m<nn; m++)

-			{

-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);

-			v=comp->id;

-			for (o=0; o<i; o++)

-				{

-				if (v == q[o])

-					{

-					done=1;

-					break;

-					}

-				}

-			if (done) break;

-			}

-		if (done)

-			s->s3->tmp.new_compression=comp;

-		else

-			comp=NULL;

-		}

-#endif

-	/* TLS does not mind if there is extra stuff */

-#if 0   /* SSL 3.0 does not mind either, so we should disable this test

-         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,

-         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */

-	if (s->version == SSL3_VERSION)

-		{

-		if (p < (d+n))

-			{

-			/* wrong number of bytes,

-			 * there could be more to follow */

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);

-			goto f_err;

-			}

-		}

-#endif

-	/* Given s->session->ciphers and SSL_get_ciphers, we must

-	 * pick a cipher */

-	if (!s->hit)

-		{

-#ifdef OPENSSL_NO_COMP

-		s->session->compress_meth=0;

-#else

-		s->session->compress_meth=(comp == NULL)?0:comp->id;

-#endif

-		if (s->session->ciphers != NULL)

-			sk_SSL_CIPHER_free(s->session->ciphers);

-		s->session->ciphers=ciphers;

-		if (ciphers == NULL)

-			{

-			al=SSL_AD_ILLEGAL_PARAMETER;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);

-			goto f_err;

-			}

-		ciphers=NULL;

-		c=ssl3_choose_cipher(s,s->session->ciphers,

-				     SSL_get_ciphers(s));

-		if (c == NULL)

-			{

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);

-			goto f_err;

-			}

-		s->s3->tmp.new_cipher=c;

-		}

-	else

-		{

-		/* Session-id reuse */

-#ifdef REUSE_CIPHER_BUG

-		STACK_OF(SSL_CIPHER) *sk;

-		SSL_CIPHER *nc=NULL;

-		SSL_CIPHER *ec=NULL;

-		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)

-			{

-			sk=s->session->ciphers;

-			for (i=0; i<sk_SSL_CIPHER_num(sk); i++)

-				{

-				c=sk_SSL_CIPHER_value(sk,i);

-				if (c->algorithms & SSL_eNULL)

-					nc=c;

-				if (SSL_C_IS_EXPORT(c))

-					ec=c;

-				}

-			if (nc != NULL)

-				s->s3->tmp.new_cipher=nc;

-			else if (ec != NULL)

-				s->s3->tmp.new_cipher=ec;

-			else

-				s->s3->tmp.new_cipher=s->session->cipher;

-			}

-		else

-#endif

-		s->s3->tmp.new_cipher=s->session->cipher;

-		}

-	/* we now have the following setup.

-	 * client_random

-	 * cipher_list 		- our prefered list of ciphers

-	 * ciphers 		- the clients prefered list of ciphers

-	 * compression		- basically ignored right now

-	 * ssl version is set	- sslv3

-	 * s->session		- The ssl session has been setup.

-	 * s->hit		- session reuse flag

-	 * s->tmp.new_cipher	- the new cipher to use.

-	 */

-	ret=1;

-	if (0)

-		{

-f_err:

-		ssl3_send_alert(s,SSL3_AL_FATAL,al);

-		}

-err:

-	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);

-	return(ret);

-	}

-int ssl3_send_server_hello(SSL *s)

-	{

-	unsigned char *buf;

-	unsigned char *p,*d;

-	int i,sl;

-	unsigned long l,Time;

-	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)

-		{

-		buf=(unsigned char *)s->init_buf->data;

-		p=s->s3->server_random;

-		Time=(unsigned long)time(NULL);			/* Time */

-		l2n(Time,p);

-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)

-			return -1;

-		/* Do the message type and length last */

-		d=p= &(buf[4]);

-		*(p++)=s->version>>8;

-		*(p++)=s->version&0xff;

-		/* Random stuff */

-		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);

-		p+=SSL3_RANDOM_SIZE;

-		/* now in theory we have 3 options to sending back the

-		 * session id.  If it is a re-use, we send back the

-		 * old session-id, if it is a new session, we send

-		 * back the new session-id or we send back a 0 length

-		 * session-id if we want it to be single use.

-		 * Currently I will not implement the '0' length session-id

-		 * 12-Jan-98 - I'll now support the '0' length stuff.

-		 */

-		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))

-			s->session->session_id_length=0;

-		sl=s->session->session_id_length;

-		if (sl > (int)sizeof(s->session->session_id))

-			{

-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-		*(p++)=sl;

-		memcpy(p,s->session->session_id,sl);

-		p+=sl;

-		/* put the cipher */

-		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);

-		p+=i;

-		/* put the compression method */

-#ifdef OPENSSL_NO_COMP

-			*(p++)=0;

-#else

-		if (s->s3->tmp.new_compression == NULL)

-			*(p++)=0;

-		else

-			*(p++)=s->s3->tmp.new_compression->id;

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);

-			return -1;

-			}

-#endif

-		/* do the header */

-		l=(p-d);

-		d=buf;

-		*(d++)=SSL3_MT_SERVER_HELLO;

-		l2n3(l,d);

-		s->state=SSL3_ST_CW_CLNT_HELLO_B;

-		/* number of bytes to write */

-		s->init_num=p-buf;

-		s->init_off=0;

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int ssl3_send_server_done(SSL *s)

-	{

-	unsigned char *p;

-	if (s->state == SSL3_ST_SW_SRVR_DONE_A)

-		{

-		p=(unsigned char *)s->init_buf->data;

-		/* do the header */

-		*(p++)=SSL3_MT_SERVER_DONE;

-		*(p++)=0;

-		*(p++)=0;

-		*(p++)=0;

-		s->state=SSL3_ST_SW_SRVR_DONE_B;

-		/* number of bytes to write */

-		s->init_num=4;

-		s->init_off=0;

-		}

-	/* SSL3_ST_CW_CLNT_HELLO_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-int ssl3_send_server_key_exchange(SSL *s)

-	{

-#ifndef OPENSSL_NO_RSA

-	unsigned char *q;

-	int j,num;

-	RSA *rsa;

-	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];

-	unsigned int u;

-#endif

-#ifndef OPENSSL_NO_DH

-	DH *dh=NULL,*dhp;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *ecdh=NULL, *ecdhp;

-	unsigned char *encodedPoint = NULL;

-	int encodedlen = 0;

-	int curve_id = 0;

-	BN_CTX *bn_ctx = NULL;

-#endif

-	EVP_PKEY *pkey;

-	unsigned char *p,*d;

-	int al,i;

-	unsigned long type;

-	int n;

-	CERT *cert;

-	BIGNUM *r[4];

-	int nr[4],kn;

-	BUF_MEM *buf;

-	EVP_MD_CTX md_ctx;

-	EVP_MD_CTX_init(&md_ctx);

-	if (s->state == SSL3_ST_SW_KEY_EXCH_A)

-		{

-		type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;

-		cert=s->cert;

-		buf=s->init_buf;

-		r[0]=r[1]=r[2]=r[3]=NULL;

-		n=0;

-#ifndef OPENSSL_NO_RSA

-		if (type & SSL_kRSA)

-			{

-			rsa=cert->rsa_tmp;

-			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))

-				{

-				rsa=s->cert->rsa_tmp_cb(s,

-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),

-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));

-				if(rsa == NULL)

-				{

-					al=SSL_AD_HANDSHAKE_FAILURE;

-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);

-					goto f_err;

-				}

-				RSA_up_ref(rsa);

-				cert->rsa_tmp=rsa;

-				}

-			if (rsa == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);

-				goto f_err;

-				}

-			r[0]=rsa->n;

-			r[1]=rsa->e;

-			s->s3->tmp.use_rsa_tmp=1;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_DH

-			if (type & SSL_kEDH)

-			{

-			dhp=cert->dh_tmp;

-			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))

-				dhp=s->cert->dh_tmp_cb(s,

-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),

-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));

-			if (dhp == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);

-				goto f_err;

-				}

-			if (s->s3->tmp.dh != NULL)

-				{

-				DH_free(dh);

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			if ((dh=DHparams_dup(dhp)) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);

-				goto err;

-				}

-			s->s3->tmp.dh=dh;

-			if ((dhp->pub_key == NULL ||

-			     dhp->priv_key == NULL ||

-			     (s->options & SSL_OP_SINGLE_DH_USE)))

-				{

-				if(!DH_generate_key(dh))

-				    {

-				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

-					   ERR_R_DH_LIB);

-				    goto err;

-				    }

-				}

-			else

-				{

-				dh->pub_key=BN_dup(dhp->pub_key);

-				dh->priv_key=BN_dup(dhp->priv_key);

-				if ((dh->pub_key == NULL) ||

-					(dh->priv_key == NULL))

-					{

-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);

-					goto err;

-					}

-				}

-			r[0]=dh->p;

-			r[1]=dh->g;

-			r[2]=dh->pub_key;

-			}

-		else

-#endif

-#ifndef OPENSSL_NO_ECDH

-			if (type & SSL_kECDHE)

-			{

-			const EC_GROUP *group;

-			ecdhp=cert->ecdh_tmp;

-			if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))

-				{

-				ecdhp=s->cert->ecdh_tmp_cb(s,

-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),

-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));

-				}

-			if (ecdhp == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);

-				goto f_err;

-				}

-			if (s->s3->tmp.ecdh != NULL)

-				{

-				EC_KEY_free(s->s3->tmp.ecdh);

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

-				goto err;

-				}

-			/* Duplicate the ECDH structure. */

-			if (ecdhp == NULL)

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);

-				goto err;

-				}

-			if (!EC_KEY_up_ref(ecdhp))

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);

-				goto err;

-				}

-			ecdh = ecdhp;

-			s->s3->tmp.ecdh=ecdh;

-			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||

-			    (EC_KEY_get0_private_key(ecdh) == NULL) ||

-			    (s->options & SSL_OP_SINGLE_ECDH_USE))

-				{

-				if(!EC_KEY_generate_key(ecdh))

-				    {

-				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);

-				    goto err;

-				    }

-				}

-			if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||

-			    (EC_KEY_get0_public_key(ecdh)  == NULL) ||

-			    (EC_KEY_get0_private_key(ecdh) == NULL))

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);

-				goto err;

-				}

-			if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&

-			    (EC_GROUP_get_degree(group) > 163))

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);

-				goto err;

-				}

-			/* XXX: For now, we only support ephemeral ECDH

-			 * keys over named (not generic) curves. For

-			 * supported named curves, curve_id is non-zero.

-			 */

-			if ((curve_id =

-			    nid2curve_id(EC_GROUP_get_curve_name(group)))

-			    == 0)

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);

-				goto err;

-				}

-			/* Encode the public key.

-			 * First check the size of encoding and

-			 * allocate memory accordingly.

-			 */

-			encodedlen = EC_POINT_point2oct(group,

-			    EC_KEY_get0_public_key(ecdh),

-			    POINT_CONVERSION_UNCOMPRESSED,

-			    NULL, 0, NULL);

-			encodedPoint = (unsigned char *)

-			    OPENSSL_malloc(encodedlen*sizeof(unsigned char));

-			bn_ctx = BN_CTX_new();

-			if ((encodedPoint == NULL) || (bn_ctx == NULL))

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			encodedlen = EC_POINT_point2oct(group,

-			    EC_KEY_get0_public_key(ecdh),

-			    POINT_CONVERSION_UNCOMPRESSED,

-			    encodedPoint, encodedlen, bn_ctx);

-			if (encodedlen == 0)

-				{

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);

-				goto err;

-				}

-			BN_CTX_free(bn_ctx);  bn_ctx=NULL;

-			/* XXX: For now, we only support named (not

-			 * generic) curves in ECDH ephemeral key exchanges.

-			 * In this situation, we need four additional bytes

-			 * to encode the entire ServerECDHParams

-			 * structure.

-			 */

-			n = 4 + encodedlen;

-			/* We'll generate the serverKeyExchange message

-			 * explicitly so we can set these to NULLs

-			 */

-			r[0]=NULL;

-			r[1]=NULL;

-			r[2]=NULL;

-			r[3]=NULL;

-			}

-		else

-#endif /* !OPENSSL_NO_ECDH */

-			{

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);

-			goto f_err;

-			}

-		for (i=0; r[i] != NULL; i++)

-			{

-			nr[i]=BN_num_bytes(r[i]);

-			n+=2+nr[i];

-			}

-		if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))

-			{

-			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))

-				== NULL)

-				{

-				al=SSL_AD_DECODE_ERROR;

-				goto f_err;

-				}

-			kn=EVP_PKEY_size(pkey);

-			}

-		else

-			{

-			pkey=NULL;

-			kn=0;

-			}

-		if (!BUF_MEM_grow_clean(buf,n+4+kn))

-			{

-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);

-			goto err;

-			}

-		d=(unsigned char *)s->init_buf->data;

-		p= &(d[4]);

-		for (i=0; r[i] != NULL; i++)

-			{

-			s2n(nr[i],p);

-			BN_bn2bin(r[i],p);

-			p+=nr[i];

-			}

-#ifndef OPENSSL_NO_ECDH

-		if (type & SSL_kECDHE)

-			{

-			/* XXX: For now, we only support named (not generic) curves.

-			 * In this situation, the serverKeyExchange message has:

-			 * [1 byte CurveType], [2 byte CurveName]

-			 * [1 byte length of encoded point], followed by

-			 * the actual encoded point itself

-			 */

-			*p = NAMED_CURVE_TYPE;

-			p += 1;

-			*p = 0;

-			p += 1;

-			*p = curve_id;

-			p += 1;

-			*p = encodedlen;

-			p += 1;

-			memcpy((unsigned char*)p,

-			    (unsigned char *)encodedPoint,

-			    encodedlen);

-			OPENSSL_free(encodedPoint);

-			p += encodedlen;

-			}

-#endif

-		/* not anonymous */

-		if (pkey != NULL)

-			{

-			/* n is the length of the params, they start at &(d[4])

-			 * and p points to the space at the end. */

-#ifndef OPENSSL_NO_RSA

-			if (pkey->type == EVP_PKEY_RSA)

-				{

-				q=md_buf;

-				j=0;

-				for (num=2; num > 0; num--)

-					{

-					EVP_DigestInit_ex(&md_ctx,(num == 2)

-						?s->ctx->md5:s->ctx->sha1, NULL);

-					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-					EVP_DigestUpdate(&md_ctx,&(d[4]),n);

-					EVP_DigestFinal_ex(&md_ctx,q,

-						(unsigned int *)&i);

-					q+=i;

-					j+=i;

-					}

-				if (RSA_sign(NID_md5_sha1, md_buf, j,

-					&(p[2]), &u, pkey->pkey.rsa) <= 0)

-					{

-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);

-					goto err;

-					}

-				s2n(u,p);

-				n+=u+2;

-				}

-			else

-#endif

-#if !defined(OPENSSL_NO_DSA)

-				if (pkey->type == EVP_PKEY_DSA)

-				{

-				/* lets do DSS */

-				EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);

-				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-				EVP_SignUpdate(&md_ctx,&(d[4]),n);

-				if (!EVP_SignFinal(&md_ctx,&(p[2]),

-					(unsigned int *)&i,pkey))

-					{

-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);

-					goto err;

-					}

-				s2n(i,p);

-				n+=i+2;

-				}

-			else

-#endif

-#if !defined(OPENSSL_NO_ECDSA)

-				if (pkey->type == EVP_PKEY_EC)

-				{

-				/* let's do ECDSA */

-				EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);

-				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);

-				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);

-				EVP_SignUpdate(&md_ctx,&(d[4]),n);

-				if (!EVP_SignFinal(&md_ctx,&(p[2]),

-					(unsigned int *)&i,pkey))

-					{

-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);

-					goto err;

-					}

-				s2n(i,p);

-				n+=i+2;

-				}

-			else

-#endif

-				{

-				/* Is this error check actually needed? */

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);

-				goto f_err;

-				}

-			}

-		*(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;

-		l2n3(n,d);

-		/* we should now have things packed up, so lets send

-		 * it off */

-		s->init_num=n+4;

-		s->init_off=0;

-		}

-	s->state = SSL3_ST_SW_KEY_EXCH_B;

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-err:

-#ifndef OPENSSL_NO_ECDH

-	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);

-	BN_CTX_free(bn_ctx);

-#endif

-	EVP_MD_CTX_cleanup(&md_ctx);

-	return(-1);

-	}

-int ssl3_send_certificate_request(SSL *s)

-	{

-	unsigned char *p,*d;

-	int i,j,nl,off,n;

-	STACK_OF(X509_NAME) *sk=NULL;

-	X509_NAME *name;

-	BUF_MEM *buf;

-	if (s->state == SSL3_ST_SW_CERT_REQ_A)

-		{

-		buf=s->init_buf;

-		d=p=(unsigned char *)&(buf->data[4]);

-		/* get the list of acceptable cert types */

-		p++;

-		n=ssl3_get_req_cert_type(s,p);

-		d[0]=n;

-		p+=n;

-		n++;

-		off=n;

-		p+=2;

-		n+=2;

-		sk=SSL_get_client_CA_list(s);

-		nl=0;

-		if (sk != NULL)

-			{

-			for (i=0; i<sk_X509_NAME_num(sk); i++)

-				{

-				name=sk_X509_NAME_value(sk,i);

-				j=i2d_X509_NAME(name,NULL);

-				if (!BUF_MEM_grow_clean(buf,4+n+j+2))

-					{

-					SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);

-					goto err;

-					}

-				p=(unsigned char *)&(buf->data[4+n]);

-				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))

-					{

-					s2n(j,p);

-					i2d_X509_NAME(name,&p);

-					n+=2+j;

-					nl+=2+j;

-					}

-				else

-					{

-					d=p;

-					i2d_X509_NAME(name,&p);

-					j-=2; s2n(j,d); j+=2;

-					n+=j;

-					nl+=j;

-					}

-				}

-			}

-		/* else no CA names */

-		p=(unsigned char *)&(buf->data[4+off]);

-		s2n(nl,p);

-		d=(unsigned char *)buf->data;

-		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;

-		l2n3(n,d);

-		/* we should now have things packed up, so lets send

-		 * it off */

-		s->init_num=n+4;

-		s->init_off=0;

-#ifdef NETSCAPE_HANG_BUG

-		p=(unsigned char *)s->init_buf->data + s->init_num;

-		/* do the header */

-		*(p++)=SSL3_MT_SERVER_DONE;

-		*(p++)=0;

-		*(p++)=0;

-		*(p++)=0;

-		s->init_num += 4;

-#endif

-		s->state = SSL3_ST_SW_CERT_REQ_B;

-		}

-	/* SSL3_ST_SW_CERT_REQ_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-err:

-	return(-1);

-	}

-int ssl3_get_client_key_exchange(SSL *s)

-	{

-	int i,al,ok;

-	long n;

-	unsigned long l;

-	unsigned char *p;

-#ifndef OPENSSL_NO_RSA

-	RSA *rsa=NULL;

-	EVP_PKEY *pkey=NULL;

-#endif

-#ifndef OPENSSL_NO_DH

-	BIGNUM *pub=NULL;

-	DH *dh_srvr;

-#endif

-#ifndef OPENSSL_NO_KRB5

-        KSSL_ERR kssl_err;

-#endif /* OPENSSL_NO_KRB5 */

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *srvr_ecdh = NULL;

-	EVP_PKEY *clnt_pub_pkey = NULL;

-	EC_POINT *clnt_ecpoint = NULL;

-	BN_CTX *bn_ctx = NULL;

-#endif

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_SR_KEY_EXCH_A,

-		SSL3_ST_SR_KEY_EXCH_B,

-		SSL3_MT_CLIENT_KEY_EXCHANGE,

-		2048, /* ??? */

-		&ok);

-	if (!ok) return((int)n);

-	p=(unsigned char *)s->init_msg;

-	l=s->s3->tmp.new_cipher->algorithms;

-#ifndef OPENSSL_NO_RSA

-	if (l & SSL_kRSA)

-		{

-		/* FIX THIS UP EAY EAY EAY EAY */

-		if (s->s3->tmp.use_rsa_tmp)

-			{

-			if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))

-				rsa=s->cert->rsa_tmp;

-			/* Don't do a callback because rsa_tmp should

-			 * be sent already */

-			if (rsa == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);

-				goto f_err;

-				}

-			}

-		else

-			{

-			pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;

-			if (	(pkey == NULL) ||

-				(pkey->type != EVP_PKEY_RSA) ||

-				(pkey->pkey.rsa == NULL))

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);

-				goto f_err;

-				}

-			rsa=pkey->pkey.rsa;

-			}

-		/* TLS and [incidentally] DTLS, including pre-0.9.8f */

-		if (s->version > SSL3_VERSION &&

-		    s->client_version != DTLS1_BAD_VER)

-			{

-			n2s(p,i);

-			if (n != i+2)

-				{

-				if (!(s->options & SSL_OP_TLS_D5_BUG))

-					{

-					SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);

-					goto err;

-					}

-				else

-					p-=2;

-				}

-			else

-				n=i;

-			}

-		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);

-		al = -1;

-		if (i != SSL_MAX_MASTER_KEY_LENGTH)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */

-			}

-		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))

-			{

-			/* The premaster secret must contain the same version number as the

-			 * ClientHello to detect version rollback attacks (strangely, the

-			 * protocol does not offer such protection for DH ciphersuites).

-			 * However, buggy clients exist that send the negotiated protocol

-			 * version instead if the server does not support the requested

-			 * protocol version.

-			 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */

-			if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&

-				(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))

-				{

-				al=SSL_AD_DECODE_ERROR;

-				/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */

-				/* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack

-				 * (http://eprint.iacr.org/2003/052/) exploits the version

-				 * number check as a "bad version oracle" -- an alert would

-				 * reveal that the plaintext corresponding to some ciphertext

-				 * made up by the adversary is properly formatted except

-				 * that the version number is wrong.  To avoid such attacks,

-				 * we should treat this just like any other decryption error. */

-				}

-			}

-		if (al != -1)

-			{

-			/* Some decryption failure -- use random value instead as countermeasure

-			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding

-			 * (see RFC 2246, section 7.4.7.1). */

-			ERR_clear_error();

-			i = SSL_MAX_MASTER_KEY_LENGTH;

-			p[0] = s->client_version >> 8;

-			p[1] = s->client_version & 0xff;

-			if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */

-				goto err;

-			}

-		s->session->master_key_length=

-			s->method->ssl3_enc->generate_master_secret(s,

-				s->session->master_key,

-				p,i);

-		OPENSSL_cleanse(p,i);

-		}

-	else

-#endif

-#ifndef OPENSSL_NO_DH

-		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

-		{

-		n2s(p,i);

-		if (n != i+2)

-			{

-			if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))

-				{

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);

-				goto err;

-				}

-			else

-				{

-				p-=2;

-				i=(int)n;

-				}

-			}

-		if (n == 0L) /* the parameters are in the cert */

-			{

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);

-			goto f_err;

-			}

-		else

-			{

-			if (s->s3->tmp.dh == NULL)

-				{

-				al=SSL_AD_HANDSHAKE_FAILURE;

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);

-				goto f_err;

-				}

-			else

-				dh_srvr=s->s3->tmp.dh;

-			}

-		pub=BN_bin2bn(p,i,NULL);

-		if (pub == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);

-			goto err;

-			}

-		i=DH_compute_key(p,pub,dh_srvr);

-		if (i <= 0)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);

-			goto err;

-			}

-		DH_free(s->s3->tmp.dh);

-		s->s3->tmp.dh=NULL;

-		BN_clear_free(pub);

-		pub=NULL;

-		s->session->master_key_length=

-			s->method->ssl3_enc->generate_master_secret(s,

-				s->session->master_key,p,i);

-		OPENSSL_cleanse(p,i);

-		}

-	else

-#endif

-#ifndef OPENSSL_NO_KRB5

-        if (l & SSL_kKRB5)

-                {

-                krb5_error_code		krb5rc;

-		krb5_data		enc_ticket;

-		krb5_data		authenticator;

-		krb5_data		enc_pms;

-                KSSL_CTX		*kssl_ctx = s->kssl_ctx;

-		EVP_CIPHER_CTX		ciph_ctx;

-		EVP_CIPHER		*enc = NULL;

-		unsigned char		iv[EVP_MAX_IV_LENGTH];

-		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH

-                                               + EVP_MAX_BLOCK_LENGTH];

-		int                     padl, outl;

-		krb5_timestamp		authtime = 0;

-		krb5_ticket_times	ttimes;

-		EVP_CIPHER_CTX_init(&ciph_ctx);

-                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();

-		n2s(p,i);

-		enc_ticket.length = i;

-		if (n < (int)enc_ticket.length + 6)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DATA_LENGTH_TOO_LONG);

-			goto err;

-			}

-		enc_ticket.data = (char *)p;

-		p+=enc_ticket.length;

-		n2s(p,i);

-		authenticator.length = i;

-		if (n < (int)(enc_ticket.length + authenticator.length) + 6)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DATA_LENGTH_TOO_LONG);

-			goto err;

-			}

-		authenticator.data = (char *)p;

-		p+=authenticator.length;

-		n2s(p,i);

-		enc_pms.length = i;

-		enc_pms.data = (char *)p;

-		p+=enc_pms.length;

-		/* Note that the length is checked again below,

-		** after decryption

-		*/

-		if(enc_pms.length > sizeof pms)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			       SSL_R_DATA_LENGTH_TOO_LONG);

-			goto err;

-			}

-		if (n != (long)(enc_ticket.length + authenticator.length +

-						enc_pms.length + 6))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DATA_LENGTH_TOO_LONG);

-			goto err;

-			}

-                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,

-					&kssl_err)) != 0)

-                        {

-#ifdef KSSL_DEBUG

-                        printf("kssl_sget_tkt rtn %d [%d]\n",

-                                krb5rc, kssl_err.reason);

-                        if (kssl_err.text)

-                                printf("kssl_err text= %s\n", kssl_err.text);

-#endif	/* KSSL_DEBUG */

-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-                                kssl_err.reason);

-                        goto err;

-                        }

-		/*  Note: no authenticator is not considered an error,

-		**  but will return authtime == 0.

-		*/

-		if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,

-					&authtime, &kssl_err)) != 0)

-			{

-#ifdef KSSL_DEBUG

-                        printf("kssl_check_authent rtn %d [%d]\n",

-                                krb5rc, kssl_err.reason);

-                        if (kssl_err.text)

-                                printf("kssl_err text= %s\n", kssl_err.text);

-#endif	/* KSSL_DEBUG */

-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-                                kssl_err.reason);

-                        goto err;

-			}

-		if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);

-                        goto err;

-			}

-#ifdef KSSL_DEBUG

-                kssl_ctx_show(kssl_ctx);

-#endif	/* KSSL_DEBUG */

-		enc = kssl_map_enc(kssl_ctx->enctype);

-                if (enc == NULL)

-                    goto err;

-		memset(iv, 0, sizeof iv);	/* per RFC 1510 */

-		if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DECRYPTION_FAILED);

-			goto err;

-			}

-		if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,

-					(unsigned char *)enc_pms.data, enc_pms.length))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DECRYPTION_FAILED);

-			goto err;

-			}

-		if (outl > SSL_MAX_MASTER_KEY_LENGTH)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DATA_LENGTH_TOO_LONG);

-			goto err;

-			}

-		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DECRYPTION_FAILED);

-			goto err;

-			}

-		outl += padl;

-		if (outl > SSL_MAX_MASTER_KEY_LENGTH)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_DATA_LENGTH_TOO_LONG);

-			goto err;

-			}

-		if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))

-		    {

-		    /* The premaster secret must contain the same version number as the

-		     * ClientHello to detect version rollback attacks (strangely, the

-		     * protocol does not offer such protection for DH ciphersuites).

-		     * However, buggy clients exist that send random bytes instead of

-		     * the protocol version.

-		     * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.

-		     * (Perhaps we should have a separate BUG value for the Kerberos cipher)

-		     */

-		    if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))

-		        {

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			       SSL_AD_DECODE_ERROR);

-			goto err;

-			}

-		    }

-		EVP_CIPHER_CTX_cleanup(&ciph_ctx);

-                s->session->master_key_length=

-                        s->method->ssl3_enc->generate_master_secret(s,

-                                s->session->master_key, pms, outl);

-                if (kssl_ctx->client_princ)

-                        {

-                        size_t len = strlen(kssl_ctx->client_princ);

-                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )

-                                {

-                                s->session->krb5_client_princ_len = len;

-                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);

-                                }

-                        }

-                /*  Was doing kssl_ctx_free() here,

-		**  but it caused problems for apache.

-                **  kssl_ctx = kssl_ctx_free(kssl_ctx);

-                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;

-                */

-                }

-	else

-#endif	/* OPENSSL_NO_KRB5 */

-#ifndef OPENSSL_NO_ECDH

-		if ((l & SSL_kECDH) || (l & SSL_kECDHE))

-		{

-		int ret = 1;

-		int field_size = 0;

-		const EC_KEY   *tkey;

-		const EC_GROUP *group;

-		const BIGNUM *priv_key;

-                /* initialize structures for server's ECDH key pair */

-		if ((srvr_ecdh = EC_KEY_new()) == NULL)

-			{

-                	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			    ERR_R_MALLOC_FAILURE);

-                	goto err;

-			}

-		/* Let's get server private key and group information */

-		if (l & SSL_kECDH)

-			{

-                        /* use the certificate */

-			tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;

-			}

-		else

-			{

-			/* use the ephermeral values we saved when

-			 * generating the ServerKeyExchange msg.

-			 */

-			tkey = s->s3->tmp.ecdh;

-			}

-		group    = EC_KEY_get0_group(tkey);

-		priv_key = EC_KEY_get0_private_key(tkey);

-		if (!EC_KEY_set_group(srvr_ecdh, group) ||

-		    !EC_KEY_set_private_key(srvr_ecdh, priv_key))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			       ERR_R_EC_LIB);

-			goto err;

-			}

-		/* Let's get client's public key */

-		if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			    ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-                if (n == 0L)

-                        {

-			/* Client Publickey was in Client Certificate */

-			 if (l & SSL_kECDHE)

-				 {

-				 al=SSL_AD_HANDSHAKE_FAILURE;

-				 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);

-				 goto f_err;

-				 }

-                        if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))

-			    == NULL) ||

-			    (clnt_pub_pkey->type != EVP_PKEY_EC))

-                        	{

-				/* XXX: For now, we do not support client

-				 * authentication using ECDH certificates

-				 * so this branch (n == 0L) of the code is

-				 * never executed. When that support is

-				 * added, we ought to ensure the key

-				 * received in the certificate is

-				 * authorized for key agreement.

-				 * ECDH_compute_key implicitly checks that

-				 * the two ECDH shares are for the same

-				 * group.

-				 */

-                           	al=SSL_AD_HANDSHAKE_FAILURE;

-                           	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);

-                           	goto f_err;

-                           	}

-			if (EC_POINT_copy(clnt_ecpoint,

-			    EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)

-				{

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-					ERR_R_EC_LIB);

-				goto err;

-				}

-                        ret = 2; /* Skip certificate verify processing */

-                        }

-                else

-                        {

-			/* Get client's public key from encoded point

-			 * in the ClientKeyExchange message.

-			 */

-			if ((bn_ctx = BN_CTX_new()) == NULL)

-				{

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				    ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-                        /* Get encoded point length */

-                        i = *p;

-			p += 1;

-                        if (EC_POINT_oct2point(group,

-			    clnt_ecpoint, p, i, bn_ctx) == 0)

-				{

-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				    ERR_R_EC_LIB);

-				goto err;

-				}

-                        /* p is pointing to somewhere in the buffer

-                         * currently, so set it to the start

-                         */

-                        p=(unsigned char *)s->init_buf->data;

-                        }

-		/* Compute the shared pre-master secret */

-		field_size = EC_GROUP_get_degree(group);

-		if (field_size <= 0)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			       ERR_R_ECDH_LIB);

-			goto err;

-			}

-		i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);

-                if (i <= 0)

-                        {

-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-			    ERR_R_ECDH_LIB);

-                        goto err;

-                        }

-		EVP_PKEY_free(clnt_pub_pkey);

-		EC_POINT_free(clnt_ecpoint);

-		if (srvr_ecdh != NULL)

-			EC_KEY_free(srvr_ecdh);

-		BN_CTX_free(bn_ctx);

-		/* Compute the master secret */

-                s->session->master_key_length = s->method->ssl3_enc-> \

-		    generate_master_secret(s, s->session->master_key, p, i);

-                OPENSSL_cleanse(p, i);

-                return (ret);

-		}

-	else

-#endif

-		{

-		al=SSL_AD_HANDSHAKE_FAILURE;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

-				SSL_R_UNKNOWN_CIPHER_TYPE);

-		goto f_err;

-		}

-	return(1);

-f_err:

-	ssl3_send_alert(s,SSL3_AL_FATAL,al);

-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)

-err:

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EVP_PKEY_free(clnt_pub_pkey);

-	EC_POINT_free(clnt_ecpoint);

-	if (srvr_ecdh != NULL)

-		EC_KEY_free(srvr_ecdh);

-	BN_CTX_free(bn_ctx);

-#endif

-	return(-1);

-	}

-int ssl3_get_cert_verify(SSL *s)

-	{

-	EVP_PKEY *pkey=NULL;

-	unsigned char *p;

-	int al,ok,ret=0;

-	long n;

-	int type=0,i,j;

-	X509 *peer;

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_SR_CERT_VRFY_A,

-		SSL3_ST_SR_CERT_VRFY_B,

-		-1,

-		514, /* 514? */

-		&ok);

-	if (!ok) return((int)n);

-	if (s->session->peer != NULL)

-		{

-		peer=s->session->peer;

-		pkey=X509_get_pubkey(peer);

-		type=X509_certificate_type(peer,pkey);

-		}

-	else

-		{

-		peer=NULL;

-		pkey=NULL;

-		}

-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)

-		{

-		s->s3->tmp.reuse_message=1;

-		if ((peer != NULL) && (type | EVP_PKT_SIGN))

-			{

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);

-			goto f_err;

-			}

-		ret=1;

-		goto end;

-		}

-	if (peer == NULL)

-		{

-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		goto f_err;

-		}

-	if (!(type & EVP_PKT_SIGN))

-		{

-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);

-		al=SSL_AD_ILLEGAL_PARAMETER;

-		goto f_err;

-		}

-	if (s->s3->change_cipher_spec)

-		{

-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		goto f_err;

-		}

-	/* we now have a signature that we need to verify */

-	p=(unsigned char *)s->init_msg;

-	n2s(p,i);

-	n-=2;

-	if (i > n)

-		{

-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);

-		al=SSL_AD_DECODE_ERROR;

-		goto f_err;

-		}

-	j=EVP_PKEY_size(pkey);

-	if ((i > j) || (n > j) || (n <= 0))

-		{

-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);

-		al=SSL_AD_DECODE_ERROR;

-		goto f_err;

-		}

-#ifndef OPENSSL_NO_RSA

-	if (pkey->type == EVP_PKEY_RSA)

-		{

-		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,

-			MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,

-							pkey->pkey.rsa);

-		if (i < 0)

-			{

-			al=SSL_AD_DECRYPT_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);

-			goto f_err;

-			}

-		if (i == 0)

-			{

-			al=SSL_AD_DECRYPT_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);

-			goto f_err;

-			}

-		}

-	else

-#endif

-#ifndef OPENSSL_NO_DSA

-		if (pkey->type == EVP_PKEY_DSA)

-		{

-		j=DSA_verify(pkey->save_type,

-			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),

-			SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);

-		if (j <= 0)

-			{

-			/* bad signature */

-			al=SSL_AD_DECRYPT_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);

-			goto f_err;

-			}

-		}

-	else

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		if (pkey->type == EVP_PKEY_EC)

-		{

-		j=ECDSA_verify(pkey->save_type,

-			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),

-			SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);

-		if (j <= 0)

-			{

-			/* bad signature */

-			al=SSL_AD_DECRYPT_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,

-			    SSL_R_BAD_ECDSA_SIGNATURE);

-			goto f_err;

-			}

-		}

-	else

-#endif

-		{

-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);

-		al=SSL_AD_UNSUPPORTED_CERTIFICATE;

-		goto f_err;

-		}

-	ret=1;

-	if (0)

-		{

-f_err:

-		ssl3_send_alert(s,SSL3_AL_FATAL,al);

-		}

-end:

-	EVP_PKEY_free(pkey);

-	return(ret);

-	}

-int ssl3_get_client_certificate(SSL *s)

-	{

-	int i,ok,al,ret= -1;

-	X509 *x=NULL;

-	unsigned long l,nc,llen,n;

-	const unsigned char *p,*q;

-	unsigned char *d;

-	STACK_OF(X509) *sk=NULL;

-	n=s->method->ssl_get_message(s,

-		SSL3_ST_SR_CERT_A,

-		SSL3_ST_SR_CERT_B,

-		-1,

-		s->max_cert_list,

-		&ok);

-	if (!ok) return((int)n);

-	if	(s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)

-		{

-		if (	(s->verify_mode & SSL_VERIFY_PEER) &&

-			(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			goto f_err;

-			}

-		/* If tls asked for a client cert, the client must return a 0 list */

-		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);

-			al=SSL_AD_UNEXPECTED_MESSAGE;

-			goto f_err;

-			}

-		s->s3->tmp.reuse_message=1;

-		return(1);

-		}

-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)

-		{

-		al=SSL_AD_UNEXPECTED_MESSAGE;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);

-		goto f_err;

-		}

-	p=d=(unsigned char *)s->init_msg;

-	if ((sk=sk_X509_new_null()) == NULL)

-		{

-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	n2l3(p,llen);

-	if (llen+3 != n)

-		{

-		al=SSL_AD_DECODE_ERROR;

-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);

-		goto f_err;

-		}

-	for (nc=0; nc<llen; )

-		{

-		n2l3(p,l);

-		if ((l+nc+3) > llen)

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);

-			goto f_err;

-			}

-		q=p;

-		x=d2i_X509(NULL,&p,l);

-		if (x == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);

-			goto err;

-			}

-		if (p != (q+l))

-			{

-			al=SSL_AD_DECODE_ERROR;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);

-			goto f_err;

-			}

-		if (!sk_X509_push(sk,x))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		x=NULL;

-		nc+=l+3;

-		}

-	if (sk_X509_num(sk) <= 0)

-		{

-		/* TLS does not mind 0 certs returned */

-		if (s->version == SSL3_VERSION)

-			{

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);

-			goto f_err;

-			}

-		/* Fail for TLS only if we required a certificate */

-		else if ((s->verify_mode & SSL_VERIFY_PEER) &&

-			 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);

-			al=SSL_AD_HANDSHAKE_FAILURE;

-			goto f_err;

-			}

-		}

-	else

-		{

-		i=ssl_verify_cert_chain(s,sk);

-		if (!i)

-			{

-			al=ssl_verify_alarm_type(s->verify_result);

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);

-			goto f_err;

-			}

-		}

-	if (s->session->peer != NULL) /* This should not be needed */

-		X509_free(s->session->peer);

-	s->session->peer=sk_X509_shift(sk);

-	s->session->verify_result = s->verify_result;

-	/* With the current implementation, sess_cert will always be NULL

-	 * when we arrive here. */

-	if (s->session->sess_cert == NULL)

-		{

-		s->session->sess_cert = ssl_sess_cert_new();

-		if (s->session->sess_cert == NULL)

-			{

-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);

-			goto err;

-			}

-		}

-	if (s->session->sess_cert->cert_chain != NULL)

-		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);

-	s->session->sess_cert->cert_chain=sk;

-	/* Inconsistency alert: cert_chain does *not* include the

-	 * peer's own certificate, while we do include it in s3_clnt.c */

-	sk=NULL;

-	ret=1;

-	if (0)

-		{

-f_err:

-		ssl3_send_alert(s,SSL3_AL_FATAL,al);

-		}

-err:

-	if (x != NULL) X509_free(x);

-	if (sk != NULL) sk_X509_pop_free(sk,X509_free);

-	return(ret);

-	}

-int ssl3_send_server_certificate(SSL *s)

-	{

-	unsigned long l;

-	X509 *x;

-	if (s->state == SSL3_ST_SW_CERT_A)

-		{

-		x=ssl_get_server_send_cert(s);

-		if (x == NULL &&

-                        /* VRS: allow null cert if auth == KRB5 */

-                        (s->s3->tmp.new_cipher->algorithms

-                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))

-                        != (SSL_aKRB5|SSL_kKRB5))

-			{

-			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);

-			return(0);

-			}

-		l=ssl3_output_cert_chain(s,x);

-		s->state=SSL3_ST_SW_CERT_B;

-		s->init_num=(int)l;

-		s->init_off=0;

-		}

-	/* SSL3_ST_SW_CERT_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-#ifndef OPENSSL_NO_ECDH

-/* This is the complement of curve_id2nid in s3_clnt.c. */

-static int nid2curve_id(int nid)

-{

-	/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)

-	 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */

-	switch (nid) {

-	case NID_sect163k1: /* sect163k1 (1) */

-		return 1;

-	case NID_sect163r1: /* sect163r1 (2) */

-		return 2;

-	case NID_sect163r2: /* sect163r2 (3) */

-		return 3;

-	case NID_sect193r1: /* sect193r1 (4) */

-		return 4;

-	case NID_sect193r2: /* sect193r2 (5) */

-		return 5;

-	case NID_sect233k1: /* sect233k1 (6) */

-		return 6;

-	case NID_sect233r1: /* sect233r1 (7) */

-		return 7;

-	case NID_sect239k1: /* sect239k1 (8) */

-		return 8;

-	case NID_sect283k1: /* sect283k1 (9) */

-		return 9;

-	case NID_sect283r1: /* sect283r1 (10) */

-		return 10;

-	case NID_sect409k1: /* sect409k1 (11) */

-		return 11;

-	case NID_sect409r1: /* sect409r1 (12) */

-		return 12;

-	case NID_sect571k1: /* sect571k1 (13) */

-		return 13;

-	case NID_sect571r1: /* sect571r1 (14) */

-		return 14;

-	case NID_secp160k1: /* secp160k1 (15) */

-		return 15;

-	case NID_secp160r1: /* secp160r1 (16) */

-		return 16;

-	case NID_secp160r2: /* secp160r2 (17) */

-		return 17;

-	case NID_secp192k1: /* secp192k1 (18) */

-		return 18;

-	case NID_X9_62_prime192v1: /* secp192r1 (19) */

-		return 19;

-	case NID_secp224k1: /* secp224k1 (20) */

-		return 20;

-	case NID_secp224r1: /* secp224r1 (21) */

-		return 21;

-	case NID_secp256k1: /* secp256k1 (22) */

-		return 22;

-	case NID_X9_62_prime256v1: /* secp256r1 (23) */

-		return 23;

-	case NID_secp384r1: /* secp384r1 (24) */

-		return 24;

-	case NID_secp521r1:  /* secp521r1 (25) */

-		return 25;

-	default:

-		return 0;

-	}

-}

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-int ssl3_send_newsession_ticket(SSL *s)

-	{

-	if (s->state == SSL3_ST_SW_SESSION_TICKET_A)

-		{

-		unsigned char *p, *senc, *macstart;

-		int len, slen;

-		unsigned int hlen;

-		EVP_CIPHER_CTX ctx;

-		HMAC_CTX hctx;

-		/* get session encoding length */

-		slen = i2d_SSL_SESSION(s->session, NULL);

-		/* Some length values are 16 bits, so forget it if session is

- 		 * too long

- 		 */

-		if (slen > 0xFF00)

-			return -1;

-		/* Grow buffer if need be: the length calculation is as

- 		 * follows 1 (size of message name) + 3 (message length

- 		 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +

- 		 * 16 (key name) + max_iv_len (iv length) +

- 		 * session_length + max_enc_block_size (max encrypted session

- 		 * length) + max_md_size (HMAC).

- 		 */

-		if (!BUF_MEM_grow(s->init_buf,

-			26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +

-			EVP_MAX_MD_SIZE + slen))

-			return -1;

-		senc = OPENSSL_malloc(slen);

-		if (!senc)

-			return -1;

-		p = senc;

-		i2d_SSL_SESSION(s->session, &p);

-		p=(unsigned char *)s->init_buf->data;

-		/* do the header */

-		*(p++)=SSL3_MT_NEWSESSION_TICKET;

-		/* Skip message length for now */

-		p += 3;

-		l2n(s->session->tlsext_tick_lifetime_hint, p);

-		/* Skip ticket length for now */

-		p += 2;

-		/* Output key name */

-		macstart = p;

-		memcpy(p, s->ctx->tlsext_tick_key_name, 16);

-		p += 16;

-		/* Generate and output IV */

-		RAND_pseudo_bytes(p, 16);

-		EVP_CIPHER_CTX_init(&ctx);

-		/* Encrypt session data */

-		EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,

-					s->ctx->tlsext_tick_aes_key, p);

-		p += 16;

-		EVP_EncryptUpdate(&ctx, p, &len, senc, slen);

-		p += len;

-		EVP_EncryptFinal(&ctx, p, &len);

-		p += len;

-		EVP_CIPHER_CTX_cleanup(&ctx);

-		HMAC_CTX_init(&hctx);

-		HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,

-				tlsext_tick_md(), NULL);

-		HMAC_Update(&hctx, macstart, p - macstart);

-		HMAC_Final(&hctx, p, &hlen);

-		HMAC_CTX_cleanup(&hctx);

-		p += hlen;

-		/* Now write out lengths: p points to end of data written */

-		/* Total length */

-		len = p - (unsigned char *)s->init_buf->data;

-		p=(unsigned char *)s->init_buf->data + 1;

-		l2n3(len - 4, p); /* Message length */

-		p += 4;

-		s2n(len - 10, p);  /* Ticket length */

-		/* number of bytes to write */

-		s->init_num= len;

-		s->state=SSL3_ST_SW_SESSION_TICKET_B;

-		s->init_off=0;

-		OPENSSL_free(senc);

-		}

-	/* SSL3_ST_SW_SESSION_TICKET_B */

-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

-	}

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl.h

+++ /dev/null

@@ -1,2026 +1,0 @@

-/* ssl/ssl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_SSL_H

-#define HEADER_SSL_H

-#include <openssl/e_os2.h>

-#ifndef OPENSSL_NO_COMP

-#include <openssl/comp.h>

-#endif

-#ifndef OPENSSL_NO_BIO

-#include <openssl/bio.h>

-#endif

-#ifndef OPENSSL_NO_DEPRECATED

-#ifndef OPENSSL_NO_X509

-#include <openssl/x509.h>

-#endif

-#include <openssl/crypto.h>

-#include <openssl/lhash.h>

-#include <openssl/buffer.h>

-#endif

-#include <openssl/pem.h>

-#include <openssl/kssl.h>

-#include <openssl/safestack.h>

-#include <openssl/symhacks.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* SSLeay version number for ASN.1 encoding of the session information */

-/* Version 0 - initial version

- * Version 1 - added the optional peer certificate

- */

-#define SSL_SESSION_ASN1_VERSION 0x0001

-/* text strings for the ciphers */

-#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5

-#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5

-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5

-#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5

-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5

-#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5

-#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5

-#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA

-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5

-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA

-/*    VRS Additional Kerberos5 entries

- */

-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA

-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA

-#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA

-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA

-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5

-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5

-#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5

-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5

-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA

-#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA

-#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA

-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5

-#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5

-#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5

-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA

-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5

-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA

-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5

-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA

-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5

-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256

-#define SSL_MAX_SSL_SESSION_ID_LENGTH		32

-#define SSL_MAX_SID_CTX_LENGTH			32

-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)

-#define SSL_MAX_KEY_ARG_LENGTH			8

-#define SSL_MAX_MASTER_KEY_LENGTH		48

-/* These are used to specify which ciphers to use and not to use */

-#define SSL_TXT_LOW		"LOW"

-#define SSL_TXT_MEDIUM		"MEDIUM"

-#define SSL_TXT_HIGH		"HIGH"

-#define SSL_TXT_kFZA		"kFZA"

-#define	SSL_TXT_aFZA		"aFZA"

-#define SSL_TXT_eFZA		"eFZA"

-#define SSL_TXT_FZA		"FZA"

-#define	SSL_TXT_aNULL		"aNULL"

-#define	SSL_TXT_eNULL		"eNULL"

-#define	SSL_TXT_NULL		"NULL"

-#define SSL_TXT_kKRB5     	"kKRB5"

-#define SSL_TXT_aKRB5     	"aKRB5"

-#define SSL_TXT_KRB5      	"KRB5"

-#define SSL_TXT_kRSA		"kRSA"

-#define SSL_TXT_kDHr		"kDHr"

-#define SSL_TXT_kDHd		"kDHd"

-#define SSL_TXT_kEDH		"kEDH"

-#define	SSL_TXT_aRSA		"aRSA"

-#define	SSL_TXT_aDSS		"aDSS"

-#define	SSL_TXT_aDH		"aDH"

-#define	SSL_TXT_DSS		"DSS"

-#define SSL_TXT_DH		"DH"

-#define SSL_TXT_EDH		"EDH"

-#define SSL_TXT_ADH		"ADH"

-#define SSL_TXT_RSA		"RSA"

-#define SSL_TXT_DES		"DES"

-#define SSL_TXT_3DES		"3DES"

-#define SSL_TXT_RC4		"RC4"

-#define SSL_TXT_RC2		"RC2"

-#define SSL_TXT_IDEA		"IDEA"

-#define SSL_TXT_SEED		"SEED"

-#define SSL_TXT_AES		"AES"

-#define SSL_TXT_CAMELLIA	"CAMELLIA"

-#define SSL_TXT_MD5		"MD5"

-#define SSL_TXT_SHA1		"SHA1"

-#define SSL_TXT_SHA		"SHA"

-#define SSL_TXT_EXP		"EXP"

-#define SSL_TXT_EXPORT		"EXPORT"

-#define SSL_TXT_EXP40		"EXPORT40"

-#define SSL_TXT_EXP56		"EXPORT56"

-#define SSL_TXT_SSLV2		"SSLv2"

-#define SSL_TXT_SSLV3		"SSLv3"

-#define SSL_TXT_TLSV1		"TLSv1"

-#define SSL_TXT_ALL		"ALL"

-#define SSL_TXT_ECC		"ECCdraft" /* ECC ciphersuites are not yet official */

-/*

- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)

- * ciphers normally not being used.

- * Example: "RC4" will activate all ciphers using RC4 including ciphers

- * without authentication, which would normally disabled by DEFAULT (due

- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"

- * will make sure that it is also disabled in the specific selection.

- * COMPLEMENTOF* identifiers are portable between version, as adjustments

- * to the default cipher setup will also be included here.

- *

- * COMPLEMENTOFDEFAULT does not experience the same special treatment that

- * DEFAULT gets, as only selection is being done and no sorting as needed

- * for DEFAULT.

- */

-#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"

-#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"

-/* The following cipher list is used by default.

- * It also is substituted when an application-defined cipher list string

- * starts with 'DEFAULT'. */

-#define SSL_DEFAULT_CIPHER_LIST	"AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */

-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */

-#define SSL_SENT_SHUTDOWN	1

-#define SSL_RECEIVED_SHUTDOWN	2

-#ifdef __cplusplus

-}

-#endif

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)

-#define OPENSSL_NO_SSL2

-#endif

-#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1

-#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM

-/* This is needed to stop compilers complaining about the

- * 'struct ssl_st *' function parameters used to prototype callbacks

- * in SSL_CTX. */

-typedef struct ssl_st *ssl_crock_st;

-/* used to hold info on the particular ciphers used */

-typedef struct ssl_cipher_st

-	{

-	int valid;

-	const char *name;		/* text name */

-	unsigned long id;		/* id, 4 bytes, first is version */

-	unsigned long algorithms;	/* what ciphers are used */

-	unsigned long algo_strength;	/* strength and export flags */

-	unsigned long algorithm2;	/* Extra flags */

-	int strength_bits;		/* Number of bits really used */

-	int alg_bits;			/* Number of bits for algorithm */

-	unsigned long mask;		/* used for matching */

-	unsigned long mask_strength;	/* also used for matching */

-	} SSL_CIPHER;

-DECLARE_STACK_OF(SSL_CIPHER)

-typedef struct ssl_st SSL;

-typedef struct ssl_ctx_st SSL_CTX;

-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */

-typedef struct ssl_method_st

-	{

-	int version;

-	int (*ssl_new)(SSL *s);

-	void (*ssl_clear)(SSL *s);

-	void (*ssl_free)(SSL *s);

-	int (*ssl_accept)(SSL *s);

-	int (*ssl_connect)(SSL *s);

-	int (*ssl_read)(SSL *s,void *buf,int len);

-	int (*ssl_peek)(SSL *s,void *buf,int len);

-	int (*ssl_write)(SSL *s,const void *buf,int len);

-	int (*ssl_shutdown)(SSL *s);

-	int (*ssl_renegotiate)(SSL *s);

-	int (*ssl_renegotiate_check)(SSL *s);

-	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long

-		max, int *ok);

-	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,

-		int peek);

-	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);

-	int (*ssl_dispatch_alert)(SSL *s);

-	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);

-	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);

-	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);

-	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);

-	int (*ssl_pending)(const SSL *s);

-	int (*num_ciphers)(void);

-	SSL_CIPHER *(*get_cipher)(unsigned ncipher);

-	struct ssl_method_st *(*get_ssl_method)(int version);

-	long (*get_timeout)(void);

-	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */

-	int (*ssl_version)(void);

-	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));

-	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));

-	} SSL_METHOD;

-/* Lets make this into an ASN.1 type structure as follows

- * SSL_SESSION_ID ::= SEQUENCE {

- *	version 		INTEGER,	-- structure version number

- *	SSLversion 		INTEGER,	-- SSL version number

- *	Cipher 			OCTET_STRING,	-- the 3 byte cipher ID

- *	Session_ID 		OCTET_STRING,	-- the Session ID

- *	Master_key 		OCTET_STRING,	-- the master key

- *	KRB5_principal		OCTET_STRING	-- optional Kerberos principal

- *	Key_Arg [ 0 ] IMPLICIT	OCTET_STRING,	-- the optional Key argument

- *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time

- *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds

- *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate

- *	Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context

- *	Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'

- *	Compression [6] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX

- *	}

- * Look in ssl/ssl_asn1.c for more details

- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).

- */

-typedef struct ssl_session_st

-	{

-	int ssl_version;	/* what ssl version session info is

-				 * being kept in here? */

-	/* only really used in SSLv2 */

-	unsigned int key_arg_length;

-	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];

-	int master_key_length;

-	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

-	/* session_id - valid? */

-	unsigned int session_id_length;

-	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

-	/* this is used to determine whether the session is being reused in

-	 * the appropriate context. It is up to the application to set this,

-	 * via SSL_new */

-	unsigned int sid_ctx_length;

-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

-#ifndef OPENSSL_NO_KRB5

-        unsigned int krb5_client_princ_len;

-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];

-#endif /* OPENSSL_NO_KRB5 */

-	int not_resumable;

-	/* The cert is the certificate used to establish this connection */

-	struct sess_cert_st /* SESS_CERT */ *sess_cert;

-	/* This is the cert for the other end.

-	 * On clients, it will be the same as sess_cert->peer_key->x509

-	 * (the latter is not enough as sess_cert is not retained

-	 * in the external representation of sessions, see ssl_asn1.c). */

-	X509 *peer;

-	/* when app_verify_callback accepts a session where the peer's certificate

-	 * is not ok, we must remember the error for session reuse: */

-	long verify_result; /* only for servers */

-	int references;

-	long timeout;

-	long time;

-	int compress_meth;		/* Need to lookup the method */

-	SSL_CIPHER *cipher;

-	unsigned long cipher_id;	/* when ASN.1 loaded, this

-					 * needs to be used to load

-					 * the 'cipher' structure */

-	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */

-	CRYPTO_EX_DATA ex_data; /* application specific data */

-	/* These are used to make removal of session-ids more

-	 * efficient and to implement a maximum cache size. */

-	struct ssl_session_st *prev,*next;

-#ifndef OPENSSL_NO_TLSEXT

-	char *tlsext_hostname;

-	/* RFC4507 info */

-	unsigned char *tlsext_tick;	/* Session ticket */

-	size_t	tlsext_ticklen;		/* Session ticket length */

-	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */

-#endif

-	} SSL_SESSION;

-#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L

-#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L

-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L

-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L

-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L

-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */

-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L

-#define SSL_OP_TLS_D5_BUG				0x00000100L

-#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L

-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added

- * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)

- * the workaround is not needed.  Unfortunately some broken SSL/TLS

- * implementations cannot handle it at all, which is why we include

- * it in SSL_OP_ALL. */

-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */

-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.

- *             This used to be 0x000FFFFFL before 0.9.7. */

-#define SSL_OP_ALL					0x00000FFFL

-/* DTLS options */

-#define SSL_OP_NO_QUERY_MTU                 0x00001000L

-/* Turn on Cookie Exchange (on relevant for servers) */

-#define SSL_OP_COOKIE_EXCHANGE              0x00002000L

-/* Don't use RFC4507 ticket extension */

-#define SSL_OP_NO_TICKET	            0x00004000L

-/* As server, disallow session resumption on renegotiation */

-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L

-/* If set, always create a new key when using tmp_ecdh parameters */

-#define SSL_OP_SINGLE_ECDH_USE				0x00080000L

-/* If set, always create a new key when using tmp_dh parameters */

-#define SSL_OP_SINGLE_DH_USE				0x00100000L

-/* Set to always use the tmp_rsa key when doing RSA operations,

- * even when this violates protocol specs */

-#define SSL_OP_EPHEMERAL_RSA				0x00200000L

-/* Set on servers to choose the cipher according to the server's

- * preferences */

-#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L

-/* If set, a server will allow a client to issue a SSLv3.0 version number

- * as latest version supported in the premaster secret, even when TLSv1.0

- * (version 3.1) was announced in the client hello. Normally this is

- * forbidden to prevent version rollback attacks. */

-#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L

-#define SSL_OP_NO_SSLv2					0x01000000L

-#define SSL_OP_NO_SSLv3					0x02000000L

-#define SSL_OP_NO_TLSv1					0x04000000L

-/* The next flag deliberately changes the ciphertest, this is a check

- * for the PKCS#1 attack */

-#define SSL_OP_PKCS1_CHECK_1				0x08000000L

-#define SSL_OP_PKCS1_CHECK_2				0x10000000L

-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L

-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L

-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success

- * when just a single record has been written): */

-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L

-/* Make it possible to retry SSL_write() with changed buffer location

- * (buffer contents must stay the same!); this is not the default to avoid

- * the misconception that non-blocking SSL_write() behaves like

- * non-blocking write(): */

-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L

-/* Never bother the application with retries if the transport

- * is blocking: */

-#define SSL_MODE_AUTO_RETRY 0x00000004L

-/* Don't attempt to automatically build certificate chain */

-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L

-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,

- * they cannot be used to clear bits. */

-#define SSL_CTX_set_options(ctx,op) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)

-#define SSL_CTX_get_options(ctx) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)

-#define SSL_set_options(ssl,op) \

-	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)

-#define SSL_get_options(ssl) \

-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)

-#define SSL_CTX_set_mode(ctx,op) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)

-#define SSL_CTX_get_mode(ctx) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)

-#define SSL_set_mode(ssl,op) \

-	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)

-#define SSL_get_mode(ssl) \

-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)

-#define SSL_set_mtu(ssl, mtu) \

-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)

-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));

-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));

-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)

-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */

-#else

-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */

-#endif

-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)

-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set

- * them. It is used to override the generation of SSL/TLS session IDs in a

- * server. Return value should be zero on an error, non-zero to proceed. Also,

- * callbacks should themselves check if the id they generate is unique otherwise

- * the SSL handshake will fail with an error - callbacks can do this using the

- * 'ssl' value they're passed by;

- *      SSL_has_matching_session_id(ssl, id, *id_len)

- * The length value passed in is set at the maximum size the session ID can be.

- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback

- * can alter this length to be less if desired, but under SSLv2 session IDs are

- * supposed to be fixed at 16 bytes so the id will be padded after the callback

- * returns in this case. It is also an error for the callback to set the size to

- * zero. */

-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,

-				unsigned int *id_len);

-typedef struct ssl_comp_st

-	{

-	int id;

-	const char *name;

-#ifndef OPENSSL_NO_COMP

-	COMP_METHOD *method;

-#else

-	char *method;

-#endif

-	} SSL_COMP;

-DECLARE_STACK_OF(SSL_COMP)

-struct ssl_ctx_st

-	{

-	SSL_METHOD *method;

-	STACK_OF(SSL_CIPHER) *cipher_list;

-	/* same as above but sorted for lookup */

-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

-	struct x509_store_st /* X509_STORE */ *cert_store;

-	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSIONs */

-	/* Most session-ids that will be cached, default is

-	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */

-	unsigned long session_cache_size;

-	struct ssl_session_st *session_cache_head;

-	struct ssl_session_st *session_cache_tail;

-	/* This can have one of 2 values, ored together,

-	 * SSL_SESS_CACHE_CLIENT,

-	 * SSL_SESS_CACHE_SERVER,

-	 * Default is SSL_SESSION_CACHE_SERVER, which means only

-	 * SSL_accept which cache SSL_SESSIONS. */

-	int session_cache_mode;

-	/* If timeout is not 0, it is the default timeout value set

-	 * when SSL_new() is called.  This has been put in to make

-	 * life easier to set things up */

-	long session_timeout;

-	/* If this callback is not null, it will be called each

-	 * time a session id is added to the cache.  If this function

-	 * returns 1, it means that the callback will do a

-	 * SSL_SESSION_free() when it has finished using it.  Otherwise,

-	 * on 0, it means the callback has finished with it.

-	 * If remove_session_cb is not null, it will be called when

-	 * a session-id is removed from the cache.  After the call,

-	 * OpenSSL will SSL_SESSION_free() it. */

-	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);

-	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);

-	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,

-		unsigned char *data,int len,int *copy);

-	struct

-		{

-		int sess_connect;	/* SSL new conn - started */

-		int sess_connect_renegotiate;/* SSL reneg - requested */

-		int sess_connect_good;	/* SSL new conne/reneg - finished */

-		int sess_accept;	/* SSL new accept - started */

-		int sess_accept_renegotiate;/* SSL reneg - requested */

-		int sess_accept_good;	/* SSL accept/reneg - finished */

-		int sess_miss;		/* session lookup misses  */

-		int sess_timeout;	/* reuse attempt on timeouted session */

-		int sess_cache_full;	/* session removed due to full cache */

-		int sess_hit;		/* session reuse actually done */

-		int sess_cb_hit;	/* session-id that was not

-					 * in the cache was

-					 * passed back via the callback.  This

-					 * indicates that the application is

-					 * supplying session-id's from other

-					 * processes - spooky :-) */

-		} stats;

-	int references;

-	/* if defined, these override the X509_verify_cert() calls */

-	int (*app_verify_callback)(X509_STORE_CTX *, void *);

-	void *app_verify_arg;

-	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored

-	 * ('app_verify_callback' was called with just one argument) */

-	/* Default password callback. */

-	pem_password_cb *default_passwd_callback;

-	/* Default password callback user data. */

-	void *default_passwd_callback_userdata;

-	/* get client cert callback */

-	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

-    /* cookie generate callback */

-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,

-        unsigned int *cookie_len);

-    /* verify cookie callback */

-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,

-        unsigned int cookie_len);

-	CRYPTO_EX_DATA ex_data;

-	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */

-	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */

-	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */

-	STACK_OF(X509) *extra_certs;

-	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */

-	/* Default values used when no per-SSL value is defined follow */

-	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */

-	/* what we put in client cert requests */

-	STACK_OF(X509_NAME) *client_CA;

-	/* Default values to use in SSL structures follow (these are copied by SSL_new) */

-	unsigned long options;

-	unsigned long mode;

-	long max_cert_list;

-	struct cert_st /* CERT */ *cert;

-	int read_ahead;

-	/* callback that allows applications to peek at protocol messages */

-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);

-	void *msg_callback_arg;

-	int verify_mode;

-	unsigned int sid_ctx_length;

-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

-	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */

-	/* Default generate session ID callback. */

-	GEN_SESSION_CB generate_session_id;

-	X509_VERIFY_PARAM *param;

-#if 0

-	int purpose;		/* Purpose setting */

-	int trust;		/* Trust setting */

-#endif

-	int quiet_shutdown;

-#ifndef OPENSSL_NO_TLSEXT

-	/* TLS extensions servername callback */

-	int (*tlsext_servername_callback)(SSL*, int *, void *);

-	void *tlsext_servername_arg;

-	/* RFC 4507 session ticket keys */

-	unsigned char tlsext_tick_key_name[16];

-	unsigned char tlsext_tick_hmac_key[16];

-	unsigned char tlsext_tick_aes_key[16];

-#endif

-	};

-#define SSL_SESS_CACHE_OFF			0x0000

-#define SSL_SESS_CACHE_CLIENT			0x0001

-#define SSL_SESS_CACHE_SERVER			0x0002

-#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)

-#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080

-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */

-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100

-#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200

-#define SSL_SESS_CACHE_NO_INTERNAL \

-	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)

-  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);

-#define SSL_CTX_sess_number(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)

-#define SSL_CTX_sess_connect(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)

-#define SSL_CTX_sess_connect_good(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)

-#define SSL_CTX_sess_connect_renegotiate(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)

-#define SSL_CTX_sess_accept(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)

-#define SSL_CTX_sess_accept_renegotiate(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)

-#define SSL_CTX_sess_accept_good(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)

-#define SSL_CTX_sess_hits(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)

-#define SSL_CTX_sess_cb_hits(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)

-#define SSL_CTX_sess_misses(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)

-#define SSL_CTX_sess_timeouts(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)

-#define SSL_CTX_sess_cache_full(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)

-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));

-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);

-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));

-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);

-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));

-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);

-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));

-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);

-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));

-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));

-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));

-#define SSL_NOTHING	1

-#define SSL_WRITING	2

-#define SSL_READING	3

-#define SSL_X509_LOOKUP	4

-/* These will only be used when doing non-blocking IO */

-#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)

-#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)

-#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)

-#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)

-struct ssl_st

-	{

-	/* protocol version

-	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)

-	 */

-	int version;

-	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

-	SSL_METHOD *method; /* SSLv3 */

-	/* There are 2 BIO's even though they are normally both the

-	 * same.  This is so data can be read and written to different

-	 * handlers */

-#ifndef OPENSSL_NO_BIO

-	BIO *rbio; /* used by SSL_read */

-	BIO *wbio; /* used by SSL_write */

-	BIO *bbio; /* used during session-id reuse to concatenate

-		    * messages */

-#else

-	char *rbio; /* used by SSL_read */

-	char *wbio; /* used by SSL_write */

-	char *bbio;

-#endif

-	/* This holds a variable that indicates what we were doing

-	 * when a 0 or -1 is returned.  This is needed for

-	 * non-blocking IO so we know what request needs re-doing when

-	 * in SSL_accept or SSL_connect */

-	int rwstate;

-	/* true when we are actually in SSL_accept() or SSL_connect() */

-	int in_handshake;

-	int (*handshake_func)(SSL *);

-	/* Imagine that here's a boolean member "init" that is

-	 * switched as soon as SSL_set_{accept/connect}_state

-	 * is called for the first time, so that "state" and

-	 * "handshake_func" are properly initialized.  But as

-	 * handshake_func is == 0 until then, we use this

-	 * test instead of an "init" member.

-	 */

-	int server;	/* are we the server side? - mostly used by SSL_clear*/

-	int new_session;/* 1 if we are to use a new session.

-	                 * 2 if we are a server and are inside a handshake

-	                 *   (i.e. not just sending a HelloRequest)

-	                 * NB: For servers, the 'new' session may actually be a previously

-	                 * cached session or even the previous session unless

-	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */

-	int quiet_shutdown;/* don't send shutdown packets */

-	int shutdown;	/* we have shut things down, 0x01 sent, 0x02

-			 * for received */

-	int state;	/* where we are */

-	int rstate;	/* where we are when reading */

-	BUF_MEM *init_buf;	/* buffer used during init */

-	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */

-	int init_num;		/* amount read/written */

-	int init_off;		/* amount read/written */

-	/* used internally to point at a raw packet */

-	unsigned char *packet;

-	unsigned int packet_length;

-	struct ssl2_state_st *s2; /* SSLv2 variables */

-	struct ssl3_state_st *s3; /* SSLv3 variables */

-	struct dtls1_state_st *d1; /* DTLSv1 variables */

-	int read_ahead;		/* Read as many input bytes as possible

-	               	 	 * (for non-blocking reads) */

-	/* callback that allows applications to peek at protocol messages */

-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);

-	void *msg_callback_arg;

-	int hit;		/* reusing a previous session */

-	X509_VERIFY_PARAM *param;

-#if 0

-	int purpose;		/* Purpose setting */

-	int trust;		/* Trust setting */

-#endif

-	/* crypto */

-	STACK_OF(SSL_CIPHER) *cipher_list;

-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;

-	/* These are the ones being used, the ones in SSL_SESSION are

-	 * the ones to be 'copied' into these ones */

-	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */

-	const EVP_MD *read_hash;		/* used for mac generation */

-#ifndef OPENSSL_NO_COMP

-	COMP_CTX *expand;			/* uncompress */

-#else

-	char *expand;

-#endif

-	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */

-	const EVP_MD *write_hash;		/* used for mac generation */

-#ifndef OPENSSL_NO_COMP

-	COMP_CTX *compress;			/* compression */

-#else

-	char *compress;

-#endif

-	/* session info */

-	/* client cert? */

-	/* This is used to hold the server certificate used */

-	struct cert_st /* CERT */ *cert;

-	/* the session_id_context is used to ensure sessions are only reused

-	 * in the appropriate context */

-	unsigned int sid_ctx_length;

-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

-	/* This can also be in the session once a session is established */

-	SSL_SESSION *session;

-	/* Default generate session ID callback. */

-	GEN_SESSION_CB generate_session_id;

-	/* Used in SSL2 and SSL3 */

-	int verify_mode;	/* 0 don't care about verify failure.

-				 * 1 fail if verify fails */

-	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */

-	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */

-	int error;		/* error bytes to be written */

-	int error_code;		/* actual code */

-#ifndef OPENSSL_NO_KRB5

-	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */

-#endif	/* OPENSSL_NO_KRB5 */

-	SSL_CTX *ctx;

-	/* set this flag to 1 and a sleep(1) is put into all SSL_read()

-	 * and SSL_write() calls, good for nbio debuging :-) */

-	int debug;

-	/* extra application data */

-	long verify_result;

-	CRYPTO_EX_DATA ex_data;

-	/* for server side, keep the list of CA_dn we can use */

-	STACK_OF(X509_NAME) *client_CA;

-	int references;

-	unsigned long options; /* protocol behaviour */

-	unsigned long mode; /* API behaviour */

-	long max_cert_list;

-	int first_packet;

-	int client_version;	/* what was passed, used for

-				 * SSLv3/TLS rollback check */

-#ifndef OPENSSL_NO_TLSEXT

-	/* TLS extension debug callback */

-	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,

-					unsigned char *data, int len,

-					void *arg);

-	void *tlsext_debug_arg;

-	char *tlsext_hostname;

-	int servername_done;   /* no further mod of servername

-	                          0 : call the servername extension callback.

-	                          1 : prepare 2, allow last ack just after in server callback.

-	                          2 : don't call servername callback, no ack in server hello

-	                       */

-	/* RFC4507 session ticket expected to be received or sent */

-	int tlsext_ticket_expected;

-	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

-#define session_ctx initial_ctx

-#else

-#define session_ctx ctx

-#endif

-	};

-#ifdef __cplusplus

-}

-#endif

-#include <openssl/ssl2.h>

-#include <openssl/ssl3.h>

-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */

-#include <openssl/dtls1.h> /* Datagram TLS */

-#include <openssl/ssl23.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* compatibility */

-#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))

-#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))

-#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))

-#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))

-#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))

-#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))

-/* The following are the possible values for ssl->state are are

- * used to indicate where we are up to in the SSL connection establishment.

- * The macros that follow are about the only things you should need to use

- * and even then, only when using non-blocking IO.

- * It can also be useful to work out where you were when the connection

- * failed */

-#define SSL_ST_CONNECT			0x1000

-#define SSL_ST_ACCEPT			0x2000

-#define SSL_ST_MASK			0x0FFF

-#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)

-#define SSL_ST_BEFORE			0x4000

-#define SSL_ST_OK			0x03

-#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)

-#define SSL_CB_LOOP			0x01

-#define SSL_CB_EXIT			0x02

-#define SSL_CB_READ			0x04

-#define SSL_CB_WRITE			0x08

-#define SSL_CB_ALERT			0x4000 /* used in callback */

-#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)

-#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)

-#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)

-#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)

-#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)

-#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)

-#define SSL_CB_HANDSHAKE_START		0x10

-#define SSL_CB_HANDSHAKE_DONE		0x20

-/* Is the SSL_connection established? */

-#define SSL_get_state(a)		SSL_state(a)

-#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)

-#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)

-#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)

-#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)

-#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)

-/* The following 2 states are kept in ssl->rstate when reads fail,

- * you should not need these */

-#define SSL_ST_READ_HEADER			0xF0

-#define SSL_ST_READ_BODY			0xF1

-#define SSL_ST_READ_DONE			0xF2

-/* Obtain latest Finished message

- *   -- that we sent (SSL_get_finished)

- *   -- that we expected from peer (SSL_get_peer_finished).

- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */

-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);

-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);

-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options

- * are 'ored' with SSL_VERIFY_PEER if they are desired */

-#define SSL_VERIFY_NONE			0x00

-#define SSL_VERIFY_PEER			0x01

-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02

-#define SSL_VERIFY_CLIENT_ONCE		0x04

-#define OpenSSL_add_ssl_algorithms()	SSL_library_init()

-#define SSLeay_add_ssl_algorithms()	SSL_library_init()

-/* this is for backward compatibility */

-#if 0 /* NEW_SSLEAY */

-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)

-#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)

-#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))

-#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))

-#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))

-#endif

-/* More backward compatibility */

-#define SSL_get_cipher(s) \

-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))

-#define SSL_get_cipher_bits(s,np) \

-		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)

-#define SSL_get_cipher_version(s) \

-		SSL_CIPHER_get_version(SSL_get_current_cipher(s))

-#define SSL_get_cipher_name(s) \

-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))

-#define SSL_get_time(a)		SSL_SESSION_get_time(a)

-#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))

-#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)

-#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))

-#if 1 /*SSLEAY_MACROS*/

-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)

-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)

-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \

-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)

-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)

-#define PEM_write_SSL_SESSION(fp,x) \

-	PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \

-		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)

-#define PEM_write_bio_SSL_SESSION(bp,x) \

-	PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)

-#endif

-#define SSL_AD_REASON_OFFSET		1000

-/* These alert types are for SSLv3 and TLSv1 */

-#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY

-#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */

-#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */

-#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED

-#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW

-#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */

-#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */

-#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */

-#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE

-#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE

-#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED

-#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED

-#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN

-#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */

-#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */

-#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */

-#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */

-#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR

-#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */

-#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */

-#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */

-#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */

-#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED

-#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION

-#define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION

-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE

-#define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME

-#define SSL_ERROR_NONE			0

-#define SSL_ERROR_SSL			1

-#define SSL_ERROR_WANT_READ		2

-#define SSL_ERROR_WANT_WRITE		3

-#define SSL_ERROR_WANT_X509_LOOKUP	4

-#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */

-#define SSL_ERROR_ZERO_RETURN		6

-#define SSL_ERROR_WANT_CONNECT		7

-#define SSL_ERROR_WANT_ACCEPT		8

-#define SSL_CTRL_NEED_TMP_RSA			1

-#define SSL_CTRL_SET_TMP_RSA			2

-#define SSL_CTRL_SET_TMP_DH			3

-#define SSL_CTRL_SET_TMP_ECDH			4

-#define SSL_CTRL_SET_TMP_RSA_CB			5

-#define SSL_CTRL_SET_TMP_DH_CB			6

-#define SSL_CTRL_SET_TMP_ECDH_CB		7

-#define SSL_CTRL_GET_SESSION_REUSED		8

-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9

-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10

-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11

-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12

-#define SSL_CTRL_GET_FLAGS			13

-#define SSL_CTRL_EXTRA_CHAIN_CERT		14

-#define SSL_CTRL_SET_MSG_CALLBACK               15

-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16

-/* only applies to datagram connections */

-#define SSL_CTRL_SET_MTU                17

-/* Stats */

-#define SSL_CTRL_SESS_NUMBER			20

-#define SSL_CTRL_SESS_CONNECT			21

-#define SSL_CTRL_SESS_CONNECT_GOOD		22

-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23

-#define SSL_CTRL_SESS_ACCEPT			24

-#define SSL_CTRL_SESS_ACCEPT_GOOD		25

-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26

-#define SSL_CTRL_SESS_HIT			27

-#define SSL_CTRL_SESS_CB_HIT			28

-#define SSL_CTRL_SESS_MISSES			29

-#define SSL_CTRL_SESS_TIMEOUTS			30

-#define SSL_CTRL_SESS_CACHE_FULL		31

-#define SSL_CTRL_OPTIONS			32

-#define SSL_CTRL_MODE				33

-#define SSL_CTRL_GET_READ_AHEAD			40

-#define SSL_CTRL_SET_READ_AHEAD			41

-#define SSL_CTRL_SET_SESS_CACHE_SIZE		42

-#define SSL_CTRL_GET_SESS_CACHE_SIZE		43

-#define SSL_CTRL_SET_SESS_CACHE_MODE		44

-#define SSL_CTRL_GET_SESS_CACHE_MODE		45

-#define SSL_CTRL_GET_MAX_CERT_LIST		50

-#define SSL_CTRL_SET_MAX_CERT_LIST		51

-/* see tls1.h for macros based on these */

-#ifndef OPENSSL_NO_TLSEXT

-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB	53

-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54

-#define SSL_CTRL_SET_TLSEXT_HOSTNAME		55

-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB		56

-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG		57

-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58

-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59

-#endif

-#define SSL_session_reused(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)

-#define SSL_num_renegotiations(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)

-#define SSL_clear_num_renegotiations(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)

-#define SSL_total_renegotiations(ssl) \

-	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)

-#define SSL_CTX_need_tmp_RSA(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)

-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)

-#define SSL_CTX_set_tmp_dh(ctx,dh) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)

-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)

-#define SSL_need_tmp_RSA(ssl) \

-	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)

-#define SSL_set_tmp_rsa(ssl,rsa) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)

-#define SSL_set_tmp_dh(ssl,dh) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)

-#define SSL_set_tmp_ecdh(ssl,ecdh) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)

-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)

-#ifndef OPENSSL_NO_BIO

-BIO_METHOD *BIO_f_ssl(void);

-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);

-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);

-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);

-int BIO_ssl_copy_session_id(BIO *to,BIO *from);

-void BIO_ssl_shutdown(BIO *ssl_bio);

-#endif

-int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);

-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);

-void	SSL_CTX_free(SSL_CTX *);

-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);

-long SSL_CTX_get_timeout(const SSL_CTX *ctx);

-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);

-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);

-int SSL_want(const SSL *s);

-int	SSL_clear(SSL *s);

-void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);

-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);

-int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);

-char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);

-const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);

-int	SSL_get_fd(const SSL *s);

-int	SSL_get_rfd(const SSL *s);

-int	SSL_get_wfd(const SSL *s);

-const char  * SSL_get_cipher_list(const SSL *s,int n);

-char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);

-int	SSL_get_read_ahead(const SSL * s);

-int	SSL_pending(const SSL *s);

-#ifndef OPENSSL_NO_SOCK

-int	SSL_set_fd(SSL *s, int fd);

-int	SSL_set_rfd(SSL *s, int fd);

-int	SSL_set_wfd(SSL *s, int fd);

-#endif

-#ifndef OPENSSL_NO_BIO

-void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);

-BIO *	SSL_get_rbio(const SSL *s);

-BIO *	SSL_get_wbio(const SSL *s);

-#endif

-int	SSL_set_cipher_list(SSL *s, const char *str);

-void	SSL_set_read_ahead(SSL *s, int yes);

-int	SSL_get_verify_mode(const SSL *s);

-int	SSL_get_verify_depth(const SSL *s);

-int	(*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);

-void	SSL_set_verify(SSL *s, int mode,

-		       int (*callback)(int ok,X509_STORE_CTX *ctx));

-void	SSL_set_verify_depth(SSL *s, int depth);

-#ifndef OPENSSL_NO_RSA

-int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);

-#endif

-int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);

-int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);

-int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);

-int	SSL_use_certificate(SSL *ssl, X509 *x);

-int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);

-#ifndef OPENSSL_NO_STDIO

-int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);

-int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);

-int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);

-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);

-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);

-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);

-int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */

-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);

-int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,

-					    const char *file);

-#ifndef OPENSSL_SYS_VMS

-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */

-int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,

-					   const char *dir);

-#endif

-#endif

-#endif

-void	SSL_load_error_strings(void );

-const char *SSL_state_string(const SSL *s);

-const char *SSL_rstate_string(const SSL *s);

-const char *SSL_state_string_long(const SSL *s);

-const char *SSL_rstate_string_long(const SSL *s);

-long	SSL_SESSION_get_time(const SSL_SESSION *s);

-long	SSL_SESSION_set_time(SSL_SESSION *s, long t);

-long	SSL_SESSION_get_timeout(const SSL_SESSION *s);

-long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);

-void	SSL_copy_session_id(SSL *to,const SSL *from);

-SSL_SESSION *SSL_SESSION_new(void);

-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);

-int	SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);

-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);

-#ifndef OPENSSL_NO_FP_API

-int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);

-#endif

-#ifndef OPENSSL_NO_BIO

-int	SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);

-#endif

-void	SSL_SESSION_free(SSL_SESSION *ses);

-int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);

-int	SSL_set_session(SSL *to, SSL_SESSION *session);

-int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);

-int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);

-int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);

-int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);

-int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,

-					unsigned int id_len);

-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,

-			     long length);

-#ifdef HEADER_X509_H

-X509 *	SSL_get_peer_certificate(const SSL *s);

-#endif

-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);

-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);

-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);

-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);

-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,

-			int (*callback)(int, X509_STORE_CTX *));

-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);

-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);

-#ifndef OPENSSL_NO_RSA

-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);

-#endif

-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);

-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);

-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,

-	const unsigned char *d, long len);

-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);

-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);

-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);

-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

-int SSL_CTX_check_private_key(const SSL_CTX *ctx);

-int SSL_check_private_key(const SSL *ctx);

-int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,

-				       unsigned int sid_ctx_len);

-SSL *	SSL_new(SSL_CTX *ctx);

-int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,

-				   unsigned int sid_ctx_len);

-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);

-int SSL_set_purpose(SSL *s, int purpose);

-int SSL_CTX_set_trust(SSL_CTX *s, int trust);

-int SSL_set_trust(SSL *s, int trust);

-void	SSL_free(SSL *ssl);

-int 	SSL_accept(SSL *ssl);

-int 	SSL_connect(SSL *ssl);

-int 	SSL_read(SSL *ssl,void *buf,int num);

-int 	SSL_peek(SSL *ssl,void *buf,int num);

-int 	SSL_write(SSL *ssl,const void *buf,int num);

-long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);

-long	SSL_callback_ctrl(SSL *, int, void (*)(void));

-long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);

-long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));

-int	SSL_get_error(const SSL *s,int ret_code);

-const char *SSL_get_version(const SSL *s);

-/* This sets the 'default' SSL version that SSL_new() will create */

-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);

-SSL_METHOD *SSLv2_method(void);		/* SSLv2 */

-SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */

-SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */

-SSL_METHOD *SSLv3_method(void);		/* SSLv3 */

-SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */

-SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */

-SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */

-SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */

-SSL_METHOD *SSLv23_client_method(void);	/* SSLv3 but can rollback to v2 */

-SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */

-SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */

-SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */

-SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */

-SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */

-SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */

-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);

-int SSL_do_handshake(SSL *s);

-int SSL_renegotiate(SSL *s);

-int SSL_renegotiate_pending(SSL *s);

-int SSL_shutdown(SSL *s);

-SSL_METHOD *SSL_get_ssl_method(SSL *s);

-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);

-const char *SSL_alert_type_string_long(int value);

-const char *SSL_alert_type_string(int value);

-const char *SSL_alert_desc_string_long(int value);

-const char *SSL_alert_desc_string(int value);

-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);

-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);

-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);

-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);

-int SSL_add_client_CA(SSL *ssl,X509 *x);

-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);

-void SSL_set_connect_state(SSL *s);

-void SSL_set_accept_state(SSL *s);

-long SSL_get_default_timeout(const SSL *s);

-int SSL_library_init(void );

-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);

-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);

-SSL *SSL_dup(SSL *ssl);

-X509 *SSL_get_certificate(const SSL *ssl);

-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);

-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);

-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);

-void SSL_set_quiet_shutdown(SSL *ssl,int mode);

-int SSL_get_quiet_shutdown(const SSL *ssl);

-void SSL_set_shutdown(SSL *ssl,int mode);

-int SSL_get_shutdown(const SSL *ssl);

-int SSL_version(const SSL *ssl);

-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);

-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,

-	const char *CApath);

-#define SSL_get0_session SSL_get_session /* just peek at pointer */

-SSL_SESSION *SSL_get_session(const SSL *ssl);

-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */

-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);

-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);

-void SSL_set_info_callback(SSL *ssl,

-			   void (*cb)(const SSL *ssl,int type,int val));

-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);

-int SSL_state(const SSL *ssl);

-void SSL_set_verify_result(SSL *ssl,long v);

-long SSL_get_verify_result(const SSL *ssl);

-int SSL_set_ex_data(SSL *ssl,int idx,void *data);

-void *SSL_get_ex_data(const SSL *ssl,int idx);

-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);

-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);

-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);

-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);

-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

-int SSL_get_ex_data_X509_STORE_CTX_idx(void );

-#define SSL_CTX_sess_set_cache_size(ctx,t) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)

-#define SSL_CTX_sess_get_cache_size(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)

-#define SSL_CTX_set_session_cache_mode(ctx,m) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)

-#define SSL_CTX_get_session_cache_mode(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)

-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)

-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)

-#define SSL_CTX_get_read_ahead(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)

-#define SSL_CTX_set_read_ahead(ctx,m) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)

-#define SSL_CTX_get_max_cert_list(ctx) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)

-#define SSL_CTX_set_max_cert_list(ctx,m) \

-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)

-#define SSL_get_max_cert_list(ssl) \

-	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)

-#define SSL_set_max_cert_list(ssl,m) \

-	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)

-     /* NB: the keylength is only applicable when is_export is true */

-#ifndef OPENSSL_NO_RSA

-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,

-				  RSA *(*cb)(SSL *ssl,int is_export,

-					     int keylength));

-void SSL_set_tmp_rsa_callback(SSL *ssl,

-				  RSA *(*cb)(SSL *ssl,int is_export,

-					     int keylength));

-#endif

-#ifndef OPENSSL_NO_DH

-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,

-				 DH *(*dh)(SSL *ssl,int is_export,

-					   int keylength));

-void SSL_set_tmp_dh_callback(SSL *ssl,

-				 DH *(*dh)(SSL *ssl,int is_export,

-					   int keylength));

-#endif

-#ifndef OPENSSL_NO_ECDH

-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,

-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,

-					   int keylength));

-void SSL_set_tmp_ecdh_callback(SSL *ssl,

-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,

-					   int keylength));

-#endif

-#ifndef OPENSSL_NO_COMP

-const COMP_METHOD *SSL_get_current_compression(SSL *s);

-const COMP_METHOD *SSL_get_current_expansion(SSL *s);

-const char *SSL_COMP_get_name(const COMP_METHOD *comp);

-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);

-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);

-#else

-const void *SSL_get_current_compression(SSL *s);

-const void *SSL_get_current_expansion(SSL *s);

-const char *SSL_COMP_get_name(const void *comp);

-void *SSL_COMP_get_compression_methods(void);

-int SSL_COMP_add_compression_method(int id,void *cm);

-#endif

-/* BEGIN ERROR CODES */

-/* The following lines are auto generated by the script mkerr.pl. Any changes

- * made after this point may be overwritten when the script is next run.

- */

-void ERR_load_SSL_strings(void);

-/* Error codes for the SSL functions. */

-/* Function codes. */

-#define SSL_F_CLIENT_CERTIFICATE			 100

-#define SSL_F_CLIENT_FINISHED				 167

-#define SSL_F_CLIENT_HELLO				 101

-#define SSL_F_CLIENT_MASTER_KEY				 102

-#define SSL_F_D2I_SSL_SESSION				 103

-#define SSL_F_DO_DTLS1_WRITE				 245

-#define SSL_F_DO_SSL3_WRITE				 104

-#define SSL_F_DTLS1_ACCEPT				 246

-#define SSL_F_DTLS1_BUFFER_RECORD			 247

-#define SSL_F_DTLS1_CLIENT_HELLO			 248

-#define SSL_F_DTLS1_CONNECT				 249

-#define SSL_F_DTLS1_ENC					 250

-#define SSL_F_DTLS1_GET_HELLO_VERIFY			 251

-#define SSL_F_DTLS1_GET_MESSAGE				 252

-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253

-#define SSL_F_DTLS1_GET_RECORD				 254

-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255

-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 277

-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256

-#define SSL_F_DTLS1_PROCESS_RECORD			 257

-#define SSL_F_DTLS1_READ_BYTES				 258

-#define SSL_F_DTLS1_READ_FAILED				 259

-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST		 260

-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE		 261

-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE		 262

-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY			 263

-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST		 264

-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE		 265

-#define SSL_F_DTLS1_SEND_SERVER_HELLO			 266

-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE		 267

-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES		 268

-#define SSL_F_GET_CLIENT_FINISHED			 105

-#define SSL_F_GET_CLIENT_HELLO				 106

-#define SSL_F_GET_CLIENT_MASTER_KEY			 107

-#define SSL_F_GET_SERVER_FINISHED			 108

-#define SSL_F_GET_SERVER_HELLO				 109

-#define SSL_F_GET_SERVER_VERIFY				 110

-#define SSL_F_I2D_SSL_SESSION				 111

-#define SSL_F_READ_N					 112

-#define SSL_F_REQUEST_CERTIFICATE			 113

-#define SSL_F_SERVER_FINISH				 239

-#define SSL_F_SERVER_HELLO				 114

-#define SSL_F_SERVER_VERIFY				 240

-#define SSL_F_SSL23_ACCEPT				 115

-#define SSL_F_SSL23_CLIENT_HELLO			 116

-#define SSL_F_SSL23_CONNECT				 117

-#define SSL_F_SSL23_GET_CLIENT_HELLO			 118

-#define SSL_F_SSL23_GET_SERVER_HELLO			 119

-#define SSL_F_SSL23_PEEK				 237

-#define SSL_F_SSL23_READ				 120

-#define SSL_F_SSL23_WRITE				 121

-#define SSL_F_SSL2_ACCEPT				 122

-#define SSL_F_SSL2_CONNECT				 123

-#define SSL_F_SSL2_ENC_INIT				 124

-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241

-#define SSL_F_SSL2_PEEK					 234

-#define SSL_F_SSL2_READ					 125

-#define SSL_F_SSL2_READ_INTERNAL			 236

-#define SSL_F_SSL2_SET_CERTIFICATE			 126

-#define SSL_F_SSL2_WRITE				 127

-#define SSL_F_SSL3_ACCEPT				 128

-#define SSL_F_SSL3_CALLBACK_CTRL			 233

-#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129

-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130

-#define SSL_F_SSL3_CLIENT_HELLO				 131

-#define SSL_F_SSL3_CONNECT				 132

-#define SSL_F_SSL3_CTRL					 213

-#define SSL_F_SSL3_CTX_CTRL				 133

-#define SSL_F_SSL3_ENC					 134

-#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238

-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135

-#define SSL_F_SSL3_GET_CERT_VERIFY			 136

-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137

-#define SSL_F_SSL3_GET_CLIENT_HELLO			 138

-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139

-#define SSL_F_SSL3_GET_FINISHED				 140

-#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141

-#define SSL_F_SSL3_GET_MESSAGE				 142

-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283

-#define SSL_F_SSL3_GET_RECORD				 143

-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144

-#define SSL_F_SSL3_GET_SERVER_DONE			 145

-#define SSL_F_SSL3_GET_SERVER_HELLO			 146

-#define SSL_F_SSL3_NEW_SESSION_TICKET			 284

-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147

-#define SSL_F_SSL3_PEEK					 235

-#define SSL_F_SSL3_READ_BYTES				 148

-#define SSL_F_SSL3_READ_N				 149

-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150

-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151

-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152

-#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153

-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154

-#define SSL_F_SSL3_SEND_SERVER_HELLO			 242

-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155

-#define SSL_F_SSL3_SETUP_BUFFERS			 156

-#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157

-#define SSL_F_SSL3_WRITE_BYTES				 158

-#define SSL_F_SSL3_WRITE_PENDING			 159

-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 272

-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215

-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216

-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 273

-#define SSL_F_SSL_BAD_METHOD				 160

-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161

-#define SSL_F_SSL_CERT_DUP				 221

-#define SSL_F_SSL_CERT_INST				 222

-#define SSL_F_SSL_CERT_INSTANTIATE			 214

-#define SSL_F_SSL_CERT_NEW				 162

-#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163

-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT		 274

-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230

-#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231

-#define SSL_F_SSL_CLEAR					 164

-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165

-#define SSL_F_SSL_CREATE_CIPHER_LIST			 166

-#define SSL_F_SSL_CTRL					 232

-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168

-#define SSL_F_SSL_CTX_NEW				 169

-#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 269

-#define SSL_F_SSL_CTX_SET_PURPOSE			 226

-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219

-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170

-#define SSL_F_SSL_CTX_SET_TRUST				 229

-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171

-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172

-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220

-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173

-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174

-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175

-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176

-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177

-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178

-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179

-#define SSL_F_SSL_DO_HANDSHAKE				 180

-#define SSL_F_SSL_GET_NEW_SESSION			 181

-#define SSL_F_SSL_GET_PREV_SESSION			 217

-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182

-#define SSL_F_SSL_GET_SIGN_PKEY				 183

-#define SSL_F_SSL_INIT_WBIO_BUFFER			 184

-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185

-#define SSL_F_SSL_NEW					 186

-#define SSL_F_SSL_PEEK					 270

-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 275

-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 276

-#define SSL_F_SSL_READ					 223

-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187

-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188

-#define SSL_F_SSL_SESSION_NEW				 189

-#define SSL_F_SSL_SESSION_PRINT_FP			 190

-#define SSL_F_SSL_SESS_CERT_NEW				 225

-#define SSL_F_SSL_SET_CERT				 191

-#define SSL_F_SSL_SET_CIPHER_LIST			 271

-#define SSL_F_SSL_SET_FD				 192

-#define SSL_F_SSL_SET_PKEY				 193

-#define SSL_F_SSL_SET_PURPOSE				 227

-#define SSL_F_SSL_SET_RFD				 194

-#define SSL_F_SSL_SET_SESSION				 195

-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218

-#define SSL_F_SSL_SET_TRUST				 228

-#define SSL_F_SSL_SET_WFD				 196

-#define SSL_F_SSL_SHUTDOWN				 224

-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243

-#define SSL_F_SSL_UNDEFINED_FUNCTION			 197

-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244

-#define SSL_F_SSL_USE_CERTIFICATE			 198

-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199

-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200

-#define SSL_F_SSL_USE_PRIVATEKEY			 201

-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202

-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203

-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204

-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205

-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206

-#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207

-#define SSL_F_SSL_WRITE					 208

-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209

-#define SSL_F_TLS1_ENC					 210

-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211

-#define SSL_F_WRITE_PENDING				 212

-/* Reason codes. */

-#define SSL_R_APP_DATA_IN_HANDSHAKE			 100

-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272

-#define SSL_R_BAD_ALERT_RECORD				 101

-#define SSL_R_BAD_AUTHENTICATION_TYPE			 102

-#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103

-#define SSL_R_BAD_CHECKSUM				 104

-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106

-#define SSL_R_BAD_DECOMPRESSION				 107

-#define SSL_R_BAD_DH_G_LENGTH				 108

-#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109

-#define SSL_R_BAD_DH_P_LENGTH				 110

-#define SSL_R_BAD_DIGEST_LENGTH				 111

-#define SSL_R_BAD_DSA_SIGNATURE				 112

-#define SSL_R_BAD_ECC_CERT				 304

-#define SSL_R_BAD_ECDSA_SIGNATURE			 305

-#define SSL_R_BAD_ECPOINT				 306

-#define SSL_R_BAD_HELLO_REQUEST				 105

-#define SSL_R_BAD_LENGTH				 271

-#define SSL_R_BAD_MAC_DECODE				 113

-#define SSL_R_BAD_MESSAGE_TYPE				 114

-#define SSL_R_BAD_PACKET_LENGTH				 115

-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116

-#define SSL_R_BAD_RESPONSE_ARGUMENT			 117

-#define SSL_R_BAD_RSA_DECRYPT				 118

-#define SSL_R_BAD_RSA_ENCRYPT				 119

-#define SSL_R_BAD_RSA_E_LENGTH				 120

-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121

-#define SSL_R_BAD_RSA_SIGNATURE				 122

-#define SSL_R_BAD_SIGNATURE				 123

-#define SSL_R_BAD_SSL_FILETYPE				 124

-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125

-#define SSL_R_BAD_STATE					 126

-#define SSL_R_BAD_WRITE_RETRY				 127

-#define SSL_R_BIO_NOT_SET				 128

-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129

-#define SSL_R_BN_LIB					 130

-#define SSL_R_CA_DN_LENGTH_MISMATCH			 131

-#define SSL_R_CA_DN_TOO_LONG				 132

-#define SSL_R_CCS_RECEIVED_EARLY			 133

-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134

-#define SSL_R_CERT_LENGTH_MISMATCH			 135

-#define SSL_R_CHALLENGE_IS_DIFFERENT			 136

-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137

-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138

-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139

-#define SSL_R_CLIENTHELLO_TLSEXT			 157

-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140

-#define SSL_R_COMPRESSION_FAILURE			 141

-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307

-#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142

-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143

-#define SSL_R_CONNECTION_TYPE_NOT_SET			 144

-#define SSL_R_COOKIE_MISMATCH				 308

-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145

-#define SSL_R_DATA_LENGTH_TOO_LONG			 146

-#define SSL_R_DECRYPTION_FAILED				 147

-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281

-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148

-#define SSL_R_DIGEST_CHECK_FAILED			 149

-#define SSL_R_DUPLICATE_COMPRESSION_ID			 309

-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310

-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150

-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282

-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151

-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152

-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153

-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154

-#define SSL_R_HTTPS_PROXY_REQUEST			 155

-#define SSL_R_HTTP_REQUEST				 156

-#define SSL_R_ILLEGAL_PADDING				 283

-#define SSL_R_INVALID_CHALLENGE_LENGTH			 158

-#define SSL_R_INVALID_COMMAND				 280

-#define SSL_R_INVALID_PURPOSE				 278

-#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 275

-#define SSL_R_INVALID_TRUST				 279

-#define SSL_R_KEY_ARG_TOO_LONG				 284

-#define SSL_R_KRB5					 285

-#define SSL_R_KRB5_C_CC_PRINC				 286

-#define SSL_R_KRB5_C_GET_CRED				 287

-#define SSL_R_KRB5_C_INIT				 288

-#define SSL_R_KRB5_C_MK_REQ				 289

-#define SSL_R_KRB5_S_BAD_TICKET				 290

-#define SSL_R_KRB5_S_INIT				 291

-#define SSL_R_KRB5_S_RD_REQ				 292

-#define SSL_R_KRB5_S_TKT_EXPIRED			 293

-#define SSL_R_KRB5_S_TKT_NYV				 294

-#define SSL_R_KRB5_S_TKT_SKEW				 295

-#define SSL_R_LENGTH_MISMATCH				 159

-#define SSL_R_LENGTH_TOO_SHORT				 160

-#define SSL_R_LIBRARY_BUG				 274

-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161

-#define SSL_R_MESSAGE_TOO_LONG				 296

-#define SSL_R_MISSING_DH_DSA_CERT			 162

-#define SSL_R_MISSING_DH_KEY				 163

-#define SSL_R_MISSING_DH_RSA_CERT			 164

-#define SSL_R_MISSING_DSA_SIGNING_CERT			 165

-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166

-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167

-#define SSL_R_MISSING_RSA_CERTIFICATE			 168

-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169

-#define SSL_R_MISSING_RSA_SIGNING_CERT			 170

-#define SSL_R_MISSING_TMP_DH_KEY			 171

-#define SSL_R_MISSING_TMP_ECDH_KEY			 311

-#define SSL_R_MISSING_TMP_RSA_KEY			 172

-#define SSL_R_MISSING_TMP_RSA_PKEY			 173

-#define SSL_R_MISSING_VERIFY_MESSAGE			 174

-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175

-#define SSL_R_NO_CERTIFICATES_RETURNED			 176

-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177

-#define SSL_R_NO_CERTIFICATE_RETURNED			 178

-#define SSL_R_NO_CERTIFICATE_SET			 179

-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180

-#define SSL_R_NO_CIPHERS_AVAILABLE			 181

-#define SSL_R_NO_CIPHERS_PASSED				 182

-#define SSL_R_NO_CIPHERS_SPECIFIED			 183

-#define SSL_R_NO_CIPHER_LIST				 184

-#define SSL_R_NO_CIPHER_MATCH				 185

-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186

-#define SSL_R_NO_COMPRESSION_SPECIFIED			 187

-#define SSL_R_NO_METHOD_SPECIFIED			 188

-#define SSL_R_NO_PRIVATEKEY				 189

-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190

-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191

-#define SSL_R_NO_PUBLICKEY				 192

-#define SSL_R_NO_SHARED_CIPHER				 193

-#define SSL_R_NO_VERIFY_CALLBACK			 194

-#define SSL_R_NULL_SSL_CTX				 195

-#define SSL_R_NULL_SSL_METHOD_PASSED			 196

-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197

-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297

-#define SSL_R_PACKET_LENGTH_TOO_LONG			 198

-#define SSL_R_PARSE_TLSEXT				 223

-#define SSL_R_PATH_TOO_LONG				 270

-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199

-#define SSL_R_PEER_ERROR				 200

-#define SSL_R_PEER_ERROR_CERTIFICATE			 201

-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202

-#define SSL_R_PEER_ERROR_NO_CIPHER			 203

-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204

-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205

-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206

-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207

-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208

-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209

-#define SSL_R_PUBLIC_KEY_NOT_RSA			 210

-#define SSL_R_READ_BIO_NOT_SET				 211

-#define SSL_R_READ_TIMEOUT_EXPIRED			 312

-#define SSL_R_READ_WRONG_PACKET_TYPE			 212

-#define SSL_R_RECORD_LENGTH_MISMATCH			 213

-#define SSL_R_RECORD_TOO_LARGE				 214

-#define SSL_R_RECORD_TOO_SMALL				 298

-#define SSL_R_REQUIRED_CIPHER_MISSING			 215

-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216

-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217

-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218

-#define SSL_R_SERVERHELLO_TLSEXT			 224

-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277

-#define SSL_R_SHORT_READ				 219

-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220

-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221

-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299

-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME		 225

-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE		 226

-#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 300

-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222

-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042

-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020

-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045

-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044

-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046

-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030

-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040

-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047

-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041

-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010

-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043

-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228

-#define SSL_R_SSL_HANDSHAKE_FAILURE			 229

-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230

-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301

-#define SSL_R_SSL_SESSION_ID_CONFLICT			 302

-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273

-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 303

-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231

-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049

-#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050

-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021

-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051

-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060

-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071

-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080

-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100

-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070

-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022

-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048

-#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090

-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232

-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 227

-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233

-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234

-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235

-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236

-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 313

-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237

-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238

-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 314

-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239

-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240

-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241

-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242

-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243

-#define SSL_R_UNEXPECTED_MESSAGE			 244

-#define SSL_R_UNEXPECTED_RECORD				 245

-#define SSL_R_UNINITIALIZED				 276

-#define SSL_R_UNKNOWN_ALERT_TYPE			 246

-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247

-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248

-#define SSL_R_UNKNOWN_CIPHER_TYPE			 249

-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250

-#define SSL_R_UNKNOWN_PKEY_TYPE				 251

-#define SSL_R_UNKNOWN_PROTOCOL				 252

-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253

-#define SSL_R_UNKNOWN_SSL_VERSION			 254

-#define SSL_R_UNKNOWN_STATE				 255

-#define SSL_R_UNSUPPORTED_CIPHER			 256

-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257

-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 315

-#define SSL_R_UNSUPPORTED_PROTOCOL			 258

-#define SSL_R_UNSUPPORTED_SSL_VERSION			 259

-#define SSL_R_WRITE_BIO_NOT_SET				 260

-#define SSL_R_WRONG_CIPHER_RETURNED			 261

-#define SSL_R_WRONG_MESSAGE_TYPE			 262

-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263

-#define SSL_R_WRONG_SIGNATURE_LENGTH			 264

-#define SSL_R_WRONG_SIGNATURE_SIZE			 265

-#define SSL_R_WRONG_SSL_VERSION				 266

-#define SSL_R_WRONG_VERSION_NUMBER			 267

-#define SSL_R_X509_LIB					 268

-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl2.h

+++ /dev/null

@@ -1,268 +1,0 @@

-/* ssl/ssl2.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_SSL2_H

-#define HEADER_SSL2_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/* Protocol Version Codes */

-#define SSL2_VERSION		0x0002

-#define SSL2_VERSION_MAJOR	0x00

-#define SSL2_VERSION_MINOR	0x02

-/* #define SSL2_CLIENT_VERSION	0x0002 */

-/* #define SSL2_SERVER_VERSION	0x0002 */

-/* Protocol Message Codes */

-#define SSL2_MT_ERROR			0

-#define SSL2_MT_CLIENT_HELLO		1

-#define SSL2_MT_CLIENT_MASTER_KEY	2

-#define SSL2_MT_CLIENT_FINISHED		3

-#define SSL2_MT_SERVER_HELLO		4

-#define SSL2_MT_SERVER_VERIFY		5

-#define SSL2_MT_SERVER_FINISHED		6

-#define SSL2_MT_REQUEST_CERTIFICATE	7

-#define SSL2_MT_CLIENT_CERTIFICATE	8

-/* Error Message Codes */

-#define SSL2_PE_UNDEFINED_ERROR		0x0000

-#define SSL2_PE_NO_CIPHER		0x0001

-#define SSL2_PE_NO_CERTIFICATE		0x0002

-#define SSL2_PE_BAD_CERTIFICATE		0x0004

-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006

-/* Cipher Kind Values */

-#define SSL2_CK_NULL_WITH_MD5			0x02000000 /* v3 */

-#define SSL2_CK_RC4_128_WITH_MD5		0x02010080

-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5	0x02020080

-#define SSL2_CK_RC2_128_CBC_WITH_MD5		0x02030080

-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x02040080

-#define SSL2_CK_IDEA_128_CBC_WITH_MD5		0x02050080

-#define SSL2_CK_DES_64_CBC_WITH_MD5		0x02060040

-#define SSL2_CK_DES_64_CBC_WITH_SHA		0x02060140 /* v3 */

-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5	0x020700c0

-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA	0x020701c0 /* v3 */

-#define SSL2_CK_RC4_64_WITH_MD5			0x02080080 /* MS hack */

-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1		0x02ff0800 /* SSLeay */

-#define SSL2_CK_NULL				0x02ff0810 /* SSLeay */

-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1	"DES-CFB-M1"

-#define SSL2_TXT_NULL_WITH_MD5			"NULL-MD5"

-#define SSL2_TXT_RC4_128_WITH_MD5		"RC4-MD5"

-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	"EXP-RC4-MD5"

-#define SSL2_TXT_RC2_128_CBC_WITH_MD5		"RC2-CBC-MD5"

-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	"EXP-RC2-CBC-MD5"

-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5		"IDEA-CBC-MD5"

-#define SSL2_TXT_DES_64_CBC_WITH_MD5		"DES-CBC-MD5"

-#define SSL2_TXT_DES_64_CBC_WITH_SHA		"DES-CBC-SHA"

-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	"DES-CBC3-MD5"

-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	"DES-CBC3-SHA"

-#define SSL2_TXT_RC4_64_WITH_MD5		"RC4-64-MD5"

-#define SSL2_TXT_NULL				"NULL"

-/* Flags for the SSL_CIPHER.algorithm2 field */

-#define SSL2_CF_5_BYTE_ENC			0x01

-#define SSL2_CF_8_BYTE_ENC			0x02

-/* Certificate Type Codes */

-#define SSL2_CT_X509_CERTIFICATE		0x01

-/* Authentication Type Code */

-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION		0x01

-#define SSL2_MAX_SSL_SESSION_ID_LENGTH		32

-/* Upper/Lower Bounds */

-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256

-#ifdef OPENSSL_SYS_MPE

-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u

-#else

-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */

-#endif

-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */

-#define SSL2_CHALLENGE_LENGTH	16

-/*#define SSL2_CHALLENGE_LENGTH	32 */

-#define SSL2_MIN_CHALLENGE_LENGTH	16

-#define SSL2_MAX_CHALLENGE_LENGTH	32

-#define SSL2_CONNECTION_ID_LENGTH	16

-#define SSL2_MAX_CONNECTION_ID_LENGTH	16

-#define SSL2_SSL_SESSION_ID_LENGTH	16

-#define SSL2_MAX_CERT_CHALLENGE_LENGTH	32

-#define SSL2_MIN_CERT_CHALLENGE_LENGTH	16

-#define SSL2_MAX_KEY_MATERIAL_LENGTH	24

-#ifndef HEADER_SSL_LOCL_H

-#define  CERT		char

-#endif

-typedef struct ssl2_state_st

-	{

-	int three_byte_header;

-	int clear_text;		/* clear text */

-	int escape;		/* not used in SSLv2 */

-	int ssl2_rollback;	/* used if SSLv23 rolled back to SSLv2 */

-	/* non-blocking io info, used to make sure the same

-	 * args were passwd */

-	unsigned int wnum;	/* number of bytes sent so far */

-	int wpend_tot;

-	const unsigned char *wpend_buf;

-	int wpend_off;	/* offset to data to write */

-	int wpend_len; 	/* number of bytes passwd to write */

-	int wpend_ret; 	/* number of bytes to return to caller */

-	/* buffer raw data */

-	int rbuf_left;

-	int rbuf_offs;

-	unsigned char *rbuf;

-	unsigned char *wbuf;

-	unsigned char *write_ptr;/* used to point to the start due to

-				  * 2/3 byte header. */

-	unsigned int padding;

-	unsigned int rlength; /* passed to ssl2_enc */

-	int ract_data_length; /* Set when things are encrypted. */

-	unsigned int wlength; /* passed to ssl2_enc */

-	int wact_data_length; /* Set when things are decrypted. */

-	unsigned char *ract_data;

-	unsigned char *wact_data;

-	unsigned char *mac_data;

-	unsigned char *read_key;

-	unsigned char *write_key;

-		/* Stuff specifically to do with this SSL session */

-	unsigned int challenge_length;

-	unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];

-	unsigned int conn_id_length;

-	unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];

-	unsigned int key_material_length;

-	unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];

-	unsigned long read_sequence;

-	unsigned long write_sequence;

-	struct	{

-		unsigned int conn_id_length;

-		unsigned int cert_type;

-		unsigned int cert_length;

-		unsigned int csl;

-		unsigned int clear;

-		unsigned int enc;

-		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];

-		unsigned int cipher_spec_length;

-		unsigned int session_id_length;

-		unsigned int clen;

-		unsigned int rlen;

-		} tmp;

-	} SSL2_STATE;

-/* SSLv2 */

-/* client */

-#define SSL2_ST_SEND_CLIENT_HELLO_A		(0x10|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_HELLO_B		(0x11|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_HELLO_A		(0x20|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_HELLO_B		(0x21|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A	(0x30|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B	(0x31|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_FINISHED_A		(0x40|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_FINISHED_B		(0x41|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A	(0x50|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B	(0x51|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C	(0x52|SSL_ST_CONNECT)

-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D	(0x53|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_VERIFY_A		(0x60|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_VERIFY_B		(0x61|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_FINISHED_A		(0x70|SSL_ST_CONNECT)

-#define SSL2_ST_GET_SERVER_FINISHED_B		(0x71|SSL_ST_CONNECT)

-#define SSL2_ST_CLIENT_START_ENCRYPTION		(0x80|SSL_ST_CONNECT)

-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE	(0x90|SSL_ST_CONNECT)

-/* server */

-#define SSL2_ST_GET_CLIENT_HELLO_A		(0x10|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_HELLO_B		(0x11|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_HELLO_C		(0x12|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_HELLO_A		(0x20|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_HELLO_B		(0x21|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A		(0x30|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B		(0x31|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_VERIFY_A		(0x40|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_VERIFY_B		(0x41|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_VERIFY_C		(0x42|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_FINISHED_A		(0x50|SSL_ST_ACCEPT)

-#define SSL2_ST_GET_CLIENT_FINISHED_B		(0x51|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_FINISHED_A		(0x60|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_SERVER_FINISHED_B		(0x61|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A	(0x70|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B	(0x71|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C	(0x72|SSL_ST_ACCEPT)

-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D	(0x73|SSL_ST_ACCEPT)

-#define SSL2_ST_SERVER_START_ENCRYPTION		(0x80|SSL_ST_ACCEPT)

-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE	(0x90|SSL_ST_ACCEPT)

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl23.h

+++ /dev/null

@@ -1,83 +1,0 @@

-/* ssl/ssl23.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#ifndef HEADER_SSL23_H

-#define HEADER_SSL23_H

-#ifdef  __cplusplus

-extern "C" {

-#endif

-/*client */

-/* write to server */

-#define SSL23_ST_CW_CLNT_HELLO_A	(0x210|SSL_ST_CONNECT)

-#define SSL23_ST_CW_CLNT_HELLO_B	(0x211|SSL_ST_CONNECT)

-/* read from server */

-#define SSL23_ST_CR_SRVR_HELLO_A	(0x220|SSL_ST_CONNECT)

-#define SSL23_ST_CR_SRVR_HELLO_B	(0x221|SSL_ST_CONNECT)

-/* server */

-/* read from client */

-#define SSL23_ST_SR_CLNT_HELLO_A	(0x210|SSL_ST_ACCEPT)

-#define SSL23_ST_SR_CLNT_HELLO_B	(0x211|SSL_ST_ACCEPT)

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl3.h

+++ /dev/null

@@ -1,560 +1,0 @@

-/* ssl/ssl3.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_SSL3_H

-#define HEADER_SSL3_H

-#ifndef OPENSSL_NO_COMP

-#include <openssl/comp.h>

-#endif

-#include <openssl/buffer.h>

-#include <openssl/evp.h>

-#include <openssl/ssl.h>

-#include <openssl/pq_compat.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define SSL3_CK_RSA_NULL_MD5			0x03000001

-#define SSL3_CK_RSA_NULL_SHA			0x03000002

-#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003

-#define SSL3_CK_RSA_RC4_128_MD5			0x03000004

-#define SSL3_CK_RSA_RC4_128_SHA			0x03000005

-#define SSL3_CK_RSA_RC2_40_MD5			0x03000006

-#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007

-#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008

-#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009

-#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A

-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B

-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C

-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D

-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E

-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F

-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010

-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011

-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012

-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013

-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014

-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015

-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016

-#define SSL3_CK_ADH_RC4_40_MD5			0x03000017

-#define SSL3_CK_ADH_RC4_128_MD5			0x03000018

-#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019

-#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A

-#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B

-#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C

-#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D

-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe

-	 to remove according to David Hopwood <[email protected]>

-	 of the ietf-tls list */

-#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E

-#endif

-/*    VRS Additional Kerberos5 entries

- */

-#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E

-#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F

-#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020

-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021

-#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022

-#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023

-#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024

-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025

-#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026

-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027

-#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028

-#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029

-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A

-#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B

-#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"

-#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"

-#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"

-#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"

-#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"

-#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"

-#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"

-#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"

-#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"

-#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"

-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"

-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"

-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"

-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"

-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"

-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"

-#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"

-#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"

-#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"

-#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"

-#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"

-#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"

-#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"

-#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"

-#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"

-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"

-#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"

-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"

-#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"

-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"

-#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"

-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"

-#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"

-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"

-#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"

-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"

-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"

-#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"

-#define SSL3_SSL_SESSION_ID_LENGTH		32

-#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32

-#define SSL3_MASTER_SECRET_SIZE			48

-#define SSL3_RANDOM_SIZE			32

-#define SSL3_SESSION_ID_SIZE			32

-#define SSL3_RT_HEADER_LENGTH			5

-/* Due to MS stuffing up, this can change.... */

-#if defined(OPENSSL_SYS_WIN16) || \

-	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))

-#define SSL3_RT_MAX_EXTRA			(14000)

-#else

-#define SSL3_RT_MAX_EXTRA			(16384)

-#endif

-#define SSL3_RT_MAX_PLAIN_LENGTH		16384

-#ifdef OPENSSL_NO_COMP

-#define SSL3_RT_MAX_COMPRESSED_LENGTH	SSL3_RT_MAX_PLAIN_LENGTH

-#else

-#define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)

-#endif

-#define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)

-#define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)

-#define SSL3_RT_MAX_DATA_SIZE			(1024*1024)

-#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"

-#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"

-#define SSL3_VERSION			0x0300

-#define SSL3_VERSION_MAJOR		0x03

-#define SSL3_VERSION_MINOR		0x00

-#define SSL3_RT_CHANGE_CIPHER_SPEC	20

-#define SSL3_RT_ALERT			21

-#define SSL3_RT_HANDSHAKE		22

-#define SSL3_RT_APPLICATION_DATA	23

-#define SSL3_AL_WARNING			1

-#define SSL3_AL_FATAL			2

-#define SSL3_AD_CLOSE_NOTIFY		 0

-#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */

-#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */

-#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */

-#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */

-#define SSL3_AD_NO_CERTIFICATE		41

-#define SSL3_AD_BAD_CERTIFICATE		42

-#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43

-#define SSL3_AD_CERTIFICATE_REVOKED	44

-#define SSL3_AD_CERTIFICATE_EXPIRED	45

-#define SSL3_AD_CERTIFICATE_UNKNOWN	46

-#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */

-typedef struct ssl3_record_st

-	{

-/*r */	int type;               /* type of record */

-/*rw*/	unsigned int length;    /* How many bytes available */

-/*r */	unsigned int off;       /* read/write offset into 'buf' */

-/*rw*/	unsigned char *data;    /* pointer to the record data */

-/*rw*/	unsigned char *input;   /* where the decode bytes are */

-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */

-/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */

-/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */

-	} SSL3_RECORD;

-typedef struct ssl3_buffer_st

-	{

-	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,

-	                         * see ssl3_setup_buffers() */

-	size_t len;             /* buffer size */

-	int offset;             /* where to 'copy from' */

-	int left;               /* how many bytes left */

-	} SSL3_BUFFER;

-#define SSL3_CT_RSA_SIGN			1

-#define SSL3_CT_DSS_SIGN			2

-#define SSL3_CT_RSA_FIXED_DH			3

-#define SSL3_CT_DSS_FIXED_DH			4

-#define SSL3_CT_RSA_EPHEMERAL_DH		5

-#define SSL3_CT_DSS_EPHEMERAL_DH		6

-#define SSL3_CT_FORTEZZA_DMS			20

-/* SSL3_CT_NUMBER is used to size arrays and it must be large

- * enough to contain all of the cert types defined either for

- * SSLv3 and TLSv1.

- */

-#define SSL3_CT_NUMBER			7

-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001

-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002

-#define SSL3_FLAGS_POP_BUFFER			0x0004

-#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008

-typedef struct ssl3_state_st

-	{

-	long flags;

-	int delay_buf_pop_ret;

-	unsigned char read_sequence[8];

-	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];

-	unsigned char write_sequence[8];

-	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];

-	unsigned char server_random[SSL3_RANDOM_SIZE];

-	unsigned char client_random[SSL3_RANDOM_SIZE];

-	/* flags for countermeasure against known-IV weakness */

-	int need_empty_fragments;

-	int empty_fragment_done;

-	SSL3_BUFFER rbuf;	/* read IO goes into here */

-	SSL3_BUFFER wbuf;	/* write IO goes into here */

-	SSL3_RECORD rrec;	/* each decoded record goes in here */

-	SSL3_RECORD wrec;	/* goes out from here */

-	/* storage for Alert/Handshake protocol data received but not

-	 * yet processed by ssl3_read_bytes: */

-	unsigned char alert_fragment[2];

-	unsigned int alert_fragment_len;

-	unsigned char handshake_fragment[4];

-	unsigned int handshake_fragment_len;

-	/* partial write - check the numbers match */

-	unsigned int wnum;	/* number of bytes sent so far */

-	int wpend_tot;		/* number bytes written */

-	int wpend_type;

-	int wpend_ret;		/* number of bytes submitted */

-	const unsigned char *wpend_buf;

-	/* used during startup, digest all incoming/outgoing packets */

-	EVP_MD_CTX finish_dgst1;

-	EVP_MD_CTX finish_dgst2;

-	/* this is set whenerver we see a change_cipher_spec message

-	 * come in when we are not looking for one */

-	int change_cipher_spec;

-	int warn_alert;

-	int fatal_alert;

-	/* we allow one fatal and one warning alert to be outstanding,

-	 * send close alert via the warning alert */

-	int alert_dispatch;

-	unsigned char send_alert[2];

-	/* This flag is set when we should renegotiate ASAP, basically when

-	 * there is no more data in the read or write buffers */

-	int renegotiate;

-	int total_renegotiations;

-	int num_renegotiations;

-	int in_read_app_data;

-	struct	{

-		/* actually only needs to be 16+20 */

-		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

-		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */

-		unsigned char finish_md[EVP_MAX_MD_SIZE*2];

-		int finish_md_len;

-		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];

-		int peer_finish_md_len;

-		unsigned long message_size;

-		int message_type;

-		/* used to hold the new cipher we are going to use */

-		SSL_CIPHER *new_cipher;

-#ifndef OPENSSL_NO_DH

-		DH *dh;

-#endif

-#ifndef OPENSSL_NO_ECDH

-		EC_KEY *ecdh; /* holds short lived ECDH key */

-#endif

-		/* used when SSL_ST_FLUSH_DATA is entered */

-		int next_state;

-		int reuse_message;

-		/* used for certificate requests */

-		int cert_req;

-		int ctype_num;

-		char ctype[SSL3_CT_NUMBER];

-		STACK_OF(X509_NAME) *ca_names;

-		int use_rsa_tmp;

-		int key_block_length;

-		unsigned char *key_block;

-		const EVP_CIPHER *new_sym_enc;

-		const EVP_MD *new_hash;

-#ifndef OPENSSL_NO_COMP

-		const SSL_COMP *new_compression;

-#else

-		char *new_compression;

-#endif

-		int cert_request;

-		} tmp;

-	} SSL3_STATE;

-/* SSLv3 */

-/*client */

-/* extra state */

-#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)

-/* write to server */

-#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)

-/* read from server */

-#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)

-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)

-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)

-#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)

-#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)

-/* write to server */

-#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)

-#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)

-#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)

-#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)

-#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)

-#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)

-/* read from server */

-#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)

-#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)

-#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)

-#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SESSION_TICKET_A	(0x1E0|SSL_ST_CONNECT)

-#define SSL3_ST_CR_SESSION_TICKET_B	(0x1E1|SSL_ST_CONNECT)

-/* server */

-/* extra state */

-#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)

-/* read from client */

-/* Do not change the number values, they do matter */

-#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)

-/* write to client */

-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)

-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)

-/* read from client */

-#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)

-#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)

-/* write to client */

-#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SESSION_TICKET_A	(0x1F0|SSL_ST_ACCEPT)

-#define SSL3_ST_SW_SESSION_TICKET_B	(0x1F1|SSL_ST_ACCEPT)

-#define SSL3_MT_HELLO_REQUEST			0

-#define SSL3_MT_CLIENT_HELLO			1

-#define SSL3_MT_SERVER_HELLO			2

-#define	SSL3_MT_NEWSESSION_TICKET		4

-#define SSL3_MT_CERTIFICATE			11

-#define SSL3_MT_SERVER_KEY_EXCHANGE		12

-#define SSL3_MT_CERTIFICATE_REQUEST		13

-#define SSL3_MT_SERVER_DONE			14

-#define SSL3_MT_CERTIFICATE_VERIFY		15

-#define SSL3_MT_CLIENT_KEY_EXCHANGE		16

-#define SSL3_MT_FINISHED			20

-#define DTLS1_MT_HELLO_VERIFY_REQUEST    3

-#define SSL3_MT_CCS				1

-/* These are used when changing over to a new cipher */

-#define SSL3_CC_READ		0x01

-#define SSL3_CC_WRITE		0x02

-#define SSL3_CC_CLIENT		0x10

-#define SSL3_CC_SERVER		0x20

-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)

-#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)

-#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)

-#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl_algs.c

+++ /dev/null

@@ -1,132 +1,0 @@

-/* ssl/ssl_algs.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include <openssl/lhash.h>

-#include "ssl_locl.h"

-int SSL_library_init(void)

-	{

-#ifndef OPENSSL_NO_DES

-	EVP_add_cipher(EVP_des_cbc());

-	EVP_add_cipher(EVP_des_ede3_cbc());

-#endif

-#ifndef OPENSSL_NO_IDEA

-	EVP_add_cipher(EVP_idea_cbc());

-#endif

-#ifndef OPENSSL_NO_RC4

-	EVP_add_cipher(EVP_rc4());

-#endif

-#ifndef OPENSSL_NO_RC2

-	EVP_add_cipher(EVP_rc2_cbc());

-#endif

-#ifndef OPENSSL_NO_AES

-	EVP_add_cipher(EVP_aes_128_cbc());

-	EVP_add_cipher(EVP_aes_192_cbc());

-	EVP_add_cipher(EVP_aes_256_cbc());

-#endif

-#ifndef OPENSSL_NO_CAMELLIA

-	EVP_add_cipher(EVP_camellia_128_cbc());

-	EVP_add_cipher(EVP_camellia_256_cbc());

-#endif

-#ifndef OPENSSL_NO_SEED

-	EVP_add_cipher(EVP_seed_cbc());

-#endif

-#ifndef OPENSSL_NO_MD2

-	EVP_add_digest(EVP_md2());

-#endif

-#ifndef OPENSSL_NO_MD5

-	EVP_add_digest(EVP_md5());

-	EVP_add_digest_alias(SN_md5,"ssl2-md5");

-	EVP_add_digest_alias(SN_md5,"ssl3-md5");

-#endif

-#ifndef OPENSSL_NO_SHA

-	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */

-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");

-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);

-#endif

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)

-	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */

-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);

-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");

-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");

-#endif

-#ifndef OPENSSL_NO_ECDSA

-	EVP_add_digest(EVP_ecdsa());

-#endif

-	/* If you want support for phased out ciphers, add the following */

-#if 0

-	EVP_add_digest(EVP_sha());

-	EVP_add_digest(EVP_dss());

-#endif

-#ifndef OPENSSL_NO_COMP

-	/* This will initialise the built-in compression algorithms.

-	   The value returned is a STACK_OF(SSL_COMP), but that can

-	   be discarded safely */

-	(void)SSL_COMP_get_compression_methods();

-#endif

-	/* initialize cipher/digest methods table */

-	ssl_load_ciphers();

-	return(1);

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_asn1.c

+++ /dev/null

@@ -1,497 +1,0 @@

-/* ssl/ssl_asn1.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include "ssl_locl.h"

-#include <openssl/asn1_mac.h>

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-typedef struct ssl_session_asn1_st

-	{

-	ASN1_INTEGER version;

-	ASN1_INTEGER ssl_version;

-	ASN1_OCTET_STRING cipher;

-	ASN1_OCTET_STRING master_key;

-	ASN1_OCTET_STRING session_id;

-	ASN1_OCTET_STRING session_id_context;

-	ASN1_OCTET_STRING key_arg;

-#ifndef OPENSSL_NO_KRB5

-        ASN1_OCTET_STRING krb5_princ;

-#endif /* OPENSSL_NO_KRB5 */

-	ASN1_INTEGER time;

-	ASN1_INTEGER timeout;

-	ASN1_INTEGER verify_result;

-#ifndef OPENSSL_NO_TLSEXT

-	ASN1_OCTET_STRING tlsext_hostname;

-	ASN1_INTEGER tlsext_tick_lifetime;

-	ASN1_OCTET_STRING tlsext_tick;

-#endif /* OPENSSL_NO_TLSEXT */

-	} SSL_SESSION_ASN1;

-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)

-	{

-#define LSIZE2 (sizeof(long)*2)

-	int v1=0,v2=0,v3=0,v4=0,v5=0;

-	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];

-	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];

-#ifndef OPENSSL_NO_TLSEXT

-	int v6=0,v9=0,v10=0;

-	unsigned char ibuf6[LSIZE2];

-#endif

-	long l;

-	SSL_SESSION_ASN1 a;

-	M_ASN1_I2D_vars(in);

-	if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))

-		return(0);

-	/* Note that I cheat in the following 2 assignments.  I know

-	 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set

-	 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.

-	 * This is a bit evil but makes things simple, no dynamic allocation

-	 * to clean up :-) */

-	a.version.length=LSIZE2;

-	a.version.type=V_ASN1_INTEGER;

-	a.version.data=ibuf1;

-	ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);

-	a.ssl_version.length=LSIZE2;

-	a.ssl_version.type=V_ASN1_INTEGER;

-	a.ssl_version.data=ibuf2;

-	ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);

-	a.cipher.type=V_ASN1_OCTET_STRING;

-	a.cipher.data=buf;

-	if (in->cipher == NULL)

-		l=in->cipher_id;

-	else

-		l=in->cipher->id;

-	if (in->ssl_version == SSL2_VERSION)

-		{

-		a.cipher.length=3;

-		buf[0]=((unsigned char)(l>>16L))&0xff;

-		buf[1]=((unsigned char)(l>> 8L))&0xff;

-		buf[2]=((unsigned char)(l     ))&0xff;

-		}

-	else

-		{

-		a.cipher.length=2;

-		buf[0]=((unsigned char)(l>>8L))&0xff;

-		buf[1]=((unsigned char)(l    ))&0xff;

-		}

-	a.master_key.length=in->master_key_length;

-	a.master_key.type=V_ASN1_OCTET_STRING;

-	a.master_key.data=in->master_key;

-	a.session_id.length=in->session_id_length;

-	a.session_id.type=V_ASN1_OCTET_STRING;

-	a.session_id.data=in->session_id;

-	a.session_id_context.length=in->sid_ctx_length;

-	a.session_id_context.type=V_ASN1_OCTET_STRING;

-	a.session_id_context.data=in->sid_ctx;

-	a.key_arg.length=in->key_arg_length;

-	a.key_arg.type=V_ASN1_OCTET_STRING;

-	a.key_arg.data=in->key_arg;

-#ifndef OPENSSL_NO_KRB5

-	if (in->krb5_client_princ_len)

-		{

-		a.krb5_princ.length=in->krb5_client_princ_len;

-		a.krb5_princ.type=V_ASN1_OCTET_STRING;

-		a.krb5_princ.data=in->krb5_client_princ;

-		}

-#endif /* OPENSSL_NO_KRB5 */

-	if (in->time != 0L)

-		{

-		a.time.length=LSIZE2;

-		a.time.type=V_ASN1_INTEGER;

-		a.time.data=ibuf3;

-		ASN1_INTEGER_set(&(a.time),in->time);

-		}

-	if (in->timeout != 0L)

-		{

-		a.timeout.length=LSIZE2;

-		a.timeout.type=V_ASN1_INTEGER;

-		a.timeout.data=ibuf4;

-		ASN1_INTEGER_set(&(a.timeout),in->timeout);

-		}

-	if (in->verify_result != X509_V_OK)

-		{

-		a.verify_result.length=LSIZE2;

-		a.verify_result.type=V_ASN1_INTEGER;

-		a.verify_result.data=ibuf5;

-		ASN1_INTEGER_set(&a.verify_result,in->verify_result);

-		}

-#ifndef OPENSSL_NO_TLSEXT

-	if (in->tlsext_hostname)

-                {

-                a.tlsext_hostname.length=strlen(in->tlsext_hostname);

-                a.tlsext_hostname.type=V_ASN1_OCTET_STRING;

-                a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;

-                }

-	if (in->tlsext_tick)

-                {

-                a.tlsext_tick.length= in->tlsext_ticklen;

-                a.tlsext_tick.type=V_ASN1_OCTET_STRING;

-                a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;

-		/* If we have a ticket set session ID to empty because

-		 * it will be bogus.

-		 */

-		if (in->tlsext_ticklen)

-			a.session_id.length=0;

-                }

-	if (in->tlsext_tick_lifetime_hint != 0)

-		{

-		a.tlsext_tick_lifetime.length=LSIZE2;

-		a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;

-		a.tlsext_tick_lifetime.data=ibuf6;

-		ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);

-		}

-#endif /* OPENSSL_NO_TLSEXT */

-	M_ASN1_I2D_len(&(a.version),		i2d_ASN1_INTEGER);

-	M_ASN1_I2D_len(&(a.ssl_version),	i2d_ASN1_INTEGER);

-	M_ASN1_I2D_len(&(a.cipher),		i2d_ASN1_OCTET_STRING);

-	M_ASN1_I2D_len(&(a.session_id),		i2d_ASN1_OCTET_STRING);

-	M_ASN1_I2D_len(&(a.master_key),		i2d_ASN1_OCTET_STRING);

-#ifndef OPENSSL_NO_KRB5

-	if (in->krb5_client_princ_len)

-        	M_ASN1_I2D_len(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);

-#endif /* OPENSSL_NO_KRB5 */

-	if (in->key_arg_length > 0)

-		M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);

-	if (in->time != 0L)

-		M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);

-	if (in->timeout != 0L)

-		M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);

-	if (in->peer != NULL)

-		M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);

-	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);

-	if (in->verify_result != X509_V_OK)

-		M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);

-#ifndef OPENSSL_NO_TLSEXT

-	if (in->tlsext_tick_lifetime_hint)

-      	 	M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);

-	if (in->tlsext_tick)

-        	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);

-	if (in->tlsext_hostname)

-        	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);

-#endif /* OPENSSL_NO_TLSEXT */

-	M_ASN1_I2D_seq_total();

-	M_ASN1_I2D_put(&(a.version),		i2d_ASN1_INTEGER);

-	M_ASN1_I2D_put(&(a.ssl_version),	i2d_ASN1_INTEGER);

-	M_ASN1_I2D_put(&(a.cipher),		i2d_ASN1_OCTET_STRING);

-	M_ASN1_I2D_put(&(a.session_id),		i2d_ASN1_OCTET_STRING);

-	M_ASN1_I2D_put(&(a.master_key),		i2d_ASN1_OCTET_STRING);

-#ifndef OPENSSL_NO_KRB5

-	if (in->krb5_client_princ_len)

-        	M_ASN1_I2D_put(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);

-#endif /* OPENSSL_NO_KRB5 */

-	if (in->key_arg_length > 0)

-		M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);

-	if (in->time != 0L)

-		M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);

-	if (in->timeout != 0L)

-		M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);

-	if (in->peer != NULL)

-		M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);

-	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,

-			       v4);

-	if (in->verify_result != X509_V_OK)

-		M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);

-#ifndef OPENSSL_NO_TLSEXT

-	if (in->tlsext_hostname)

-        	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);

-	if (in->tlsext_tick_lifetime_hint)

-      	 	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);

-	if (in->tlsext_tick)

-        	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);

-#endif /* OPENSSL_NO_TLSEXT */

-	M_ASN1_I2D_finish();

-	}

-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,

-	     long length)

-	{

-	int version,ssl_version=0,i;

-	long id;

-	ASN1_INTEGER ai,*aip;

-	ASN1_OCTET_STRING os,*osp;

-	M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);

-	aip= &ai;

-	osp= &os;

-	M_ASN1_D2I_Init();

-	M_ASN1_D2I_start_sequence();

-	ai.data=NULL; ai.length=0;

-	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);

-	version=(int)ASN1_INTEGER_get(aip);

-	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }

-	/* we don't care about the version right now :-) */

-	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);

-	ssl_version=(int)ASN1_INTEGER_get(aip);

-	ret->ssl_version=ssl_version;

-	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }

-	os.data=NULL; os.length=0;

-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);

-	if (ssl_version == SSL2_VERSION)

-		{

-		if (os.length != 3)

-			{

-			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;

-			goto err;

-			}

-		id=0x02000000L|

-			((unsigned long)os.data[0]<<16L)|

-			((unsigned long)os.data[1]<< 8L)|

-			 (unsigned long)os.data[2];

-		}

-	else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)

-		{

-		if (os.length != 2)

-			{

-			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;

-			goto err;

-			}

-		id=0x03000000L|

-			((unsigned long)os.data[0]<<8L)|

-			 (unsigned long)os.data[1];

-		}

-	else

-		{

-		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);

-		return(NULL);

-		}

-	ret->cipher=NULL;

-	ret->cipher_id=id;

-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);

-	if ((ssl_version>>8) == SSL3_VERSION_MAJOR)

-		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;

-	else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */

-		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;

-	if (os.length > i)

-		os.length = i;

-	if (os.length > (int)sizeof(ret->session_id)) /* can't happen */

-		os.length = sizeof(ret->session_id);

-	ret->session_id_length=os.length;

-	OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));

-	memcpy(ret->session_id,os.data,os.length);

-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);

-	if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)

-		ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;

-	else

-		ret->master_key_length=os.length;

-	memcpy(ret->master_key,os.data,ret->master_key_length);

-	os.length=0;

-#ifndef OPENSSL_NO_KRB5

-	os.length=0;

-	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);

-	if (os.data)

-		{

-        	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)

-            		ret->krb5_client_princ_len=0;

-		else

-			ret->krb5_client_princ_len=os.length;

-		memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);

-		OPENSSL_free(os.data);

-		os.data = NULL;

-		os.length = 0;

-		}

-	else

-		ret->krb5_client_princ_len=0;

-#endif /* OPENSSL_NO_KRB5 */

-	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);

-	if (os.length > SSL_MAX_KEY_ARG_LENGTH)

-		ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;

-	else

-		ret->key_arg_length=os.length;

-	memcpy(ret->key_arg,os.data,ret->key_arg_length);

-	if (os.data != NULL) OPENSSL_free(os.data);

-	ai.length=0;

-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);

-	if (ai.data != NULL)

-		{

-		ret->time=ASN1_INTEGER_get(aip);

-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;

-		}

-	else

-		ret->time=(unsigned long)time(NULL);

-	ai.length=0;

-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);

-	if (ai.data != NULL)

-		{

-		ret->timeout=ASN1_INTEGER_get(aip);

-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;

-		}

-	else

-		ret->timeout=3;

-	if (ret->peer != NULL)

-		{

-		X509_free(ret->peer);

-		ret->peer=NULL;

-		}

-	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);

-	os.length=0;

-	os.data=NULL;

-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);

-	if(os.data != NULL)

-	    {

-	    if (os.length > SSL_MAX_SID_CTX_LENGTH)

-		{

-		ret->sid_ctx_length=os.length;

-		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);

-		}

-	    else

-		{

-		ret->sid_ctx_length=os.length;

-		memcpy(ret->sid_ctx,os.data,os.length);

-		}

-	    OPENSSL_free(os.data); os.data=NULL; os.length=0;

-	    }

-	else

-	    ret->sid_ctx_length=0;

-	ai.length=0;

-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);

-	if (ai.data != NULL)

-		{

-		ret->verify_result=ASN1_INTEGER_get(aip);

-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;

-		}

-	else

-		ret->verify_result=X509_V_OK;

-#ifndef OPENSSL_NO_TLSEXT

-	os.length=0;

-	os.data=NULL;

-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);

-	if (os.data)

-		{

-		ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);

-		OPENSSL_free(os.data);

-		os.data = NULL;

-		os.length = 0;

-		}

-	else

-		ret->tlsext_hostname=NULL;

-	ai.length=0;

-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);

-	if (ai.data != NULL)

-		{

-		ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);

-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;

-		}

-	else

-		ret->tlsext_tick_lifetime_hint=0;

- 	os.length=0;

- 	os.data=NULL;

-  	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);

- 	if (os.data)

- 		{

-		ret->tlsext_tick = os.data;

-		ret->tlsext_ticklen = os.length;

- 		os.data = NULL;

- 		os.length = 0;

-#if 0

-		/* There are two ways to detect a resumed ticket sesion.

-		 * One is to set a random session ID and then the server

-		 * must return a match in ServerHello. This allows the normal

-		 * client session ID matching to work.

-		 */

-		if (ret->session_id_length == 0)

-			{

-			ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH;

-			RAND_pseudo_bytes(ret->session_id,

-						ret->session_id_length);

-			}

-#endif

- 		}

-	else

-		ret->tlsext_tick=NULL;

-#endif /* OPENSSL_NO_TLSEXT */

-	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_cert.c

+++ /dev/null

@@ -1,829 +1,0 @@

-/*! \file ssl/ssl_cert.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include <stdio.h>

-#include "e_os.h"

-#ifndef NO_SYS_TYPES_H

-# include <sys/types.h>

-#endif

-#include "o_dir.h"

-#include <openssl/objects.h>

-#include <openssl/bio.h>

-#include <openssl/pem.h>

-#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#include "ssl_locl.h"

-int SSL_get_ex_data_X509_STORE_CTX_idx(void)

-	{

-	static  int ssl_x509_store_ctx_idx= -1;

-	int got_write_lock = 0;

-	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

-	if (ssl_x509_store_ctx_idx < 0)

-		{

-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

-		got_write_lock = 1;

-		if (ssl_x509_store_ctx_idx < 0)

-			{

-			ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(

-				0,"SSL for verify callback",NULL,NULL,NULL);

-			}

-		}

-	if (got_write_lock)

-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

-	else

-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

-	return ssl_x509_store_ctx_idx;

-	}

-CERT *ssl_cert_new(void)

-	{

-	CERT *ret;

-	ret=(CERT *)OPENSSL_malloc(sizeof(CERT));

-	if (ret == NULL)

-		{

-		SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	memset(ret,0,sizeof(CERT));

-	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);

-	ret->references=1;

-	return(ret);

-	}

-CERT *ssl_cert_dup(CERT *cert)

-	{

-	CERT *ret;

-	int i;

-	ret = (CERT *)OPENSSL_malloc(sizeof(CERT));

-	if (ret == NULL)

-		{

-		SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);

-		return(NULL);

-		}

-	memset(ret, 0, sizeof(CERT));

-	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];

-	/* or ret->key = ret->pkeys + (cert->key - cert->pkeys),

-	 * if you find that more readable */

-	ret->valid = cert->valid;

-	ret->mask = cert->mask;

-	ret->export_mask = cert->export_mask;

-#ifndef OPENSSL_NO_RSA

-	if (cert->rsa_tmp != NULL)

-		{

-		RSA_up_ref(cert->rsa_tmp);

-		ret->rsa_tmp = cert->rsa_tmp;

-		}

-	ret->rsa_tmp_cb = cert->rsa_tmp_cb;

-#endif

-#ifndef OPENSSL_NO_DH

-	if (cert->dh_tmp != NULL)

-		{

-		ret->dh_tmp = DHparams_dup(cert->dh_tmp);

-		if (ret->dh_tmp == NULL)

-			{

-			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);

-			goto err;

-			}

-		if (cert->dh_tmp->priv_key)

-			{

-			BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);

-			if (!b)

-				{

-				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);

-				goto err;

-				}

-			ret->dh_tmp->priv_key = b;

-			}

-		if (cert->dh_tmp->pub_key)

-			{

-			BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);

-			if (!b)

-				{

-				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);

-				goto err;

-				}

-			ret->dh_tmp->pub_key = b;

-			}

-		}

-	ret->dh_tmp_cb = cert->dh_tmp_cb;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (cert->ecdh_tmp)

-		{

-		ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);

-		if (ret->ecdh_tmp == NULL)

-			{

-			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);

-			goto err;

-			}

-		}

-	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;

-#endif

-	for (i = 0; i < SSL_PKEY_NUM; i++)

-		{

-		if (cert->pkeys[i].x509 != NULL)

-			{

-			ret->pkeys[i].x509 = cert->pkeys[i].x509;

-			CRYPTO_add(&ret->pkeys[i].x509->references, 1,

-				CRYPTO_LOCK_X509);

-			}

-		if (cert->pkeys[i].privatekey != NULL)

-			{

-			ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;

-			CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,

-				CRYPTO_LOCK_EVP_PKEY);

-			switch(i)

-				{

-				/* If there was anything special to do for

-				 * certain types of keys, we'd do it here.

-				 * (Nothing at the moment, I think.) */

-			case SSL_PKEY_RSA_ENC:

-			case SSL_PKEY_RSA_SIGN:

-				/* We have an RSA key. */

-				break;

-			case SSL_PKEY_DSA_SIGN:

-				/* We have a DSA key. */

-				break;

-			case SSL_PKEY_DH_RSA:

-			case SSL_PKEY_DH_DSA:

-				/* We have a DH key. */

-				break;

-			case SSL_PKEY_ECC:

-				/* We have an ECC key */

-				break;

-			default:

-				/* Can't happen. */

-				SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);

-				}

-			}

-		}

-	/* ret->extra_certs *should* exist, but currently the own certificate

-	 * chain is held inside SSL_CTX */

-	ret->references=1;

-	return(ret);

-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)

-err:

-#endif

-#ifndef OPENSSL_NO_RSA

-	if (ret->rsa_tmp != NULL)

-		RSA_free(ret->rsa_tmp);

-#endif

-#ifndef OPENSSL_NO_DH

-	if (ret->dh_tmp != NULL)

-		DH_free(ret->dh_tmp);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (ret->ecdh_tmp != NULL)

-		EC_KEY_free(ret->ecdh_tmp);

-#endif

-	for (i = 0; i < SSL_PKEY_NUM; i++)

-		{

-		if (ret->pkeys[i].x509 != NULL)

-			X509_free(ret->pkeys[i].x509);

-		if (ret->pkeys[i].privatekey != NULL)

-			EVP_PKEY_free(ret->pkeys[i].privatekey);

-		}

-	return NULL;

-	}

-void ssl_cert_free(CERT *c)

-	{

-	int i;

-	if(c == NULL)

-	    return;

-	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);

-#ifdef REF_PRINT

-	REF_PRINT("CERT",c);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"ssl_cert_free, bad reference count\n");

-		abort(); /* ok */

-		}

-#endif

-#ifndef OPENSSL_NO_RSA

-	if (c->rsa_tmp) RSA_free(c->rsa_tmp);

-#endif

-#ifndef OPENSSL_NO_DH

-	if (c->dh_tmp) DH_free(c->dh_tmp);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);

-#endif

-	for (i=0; i<SSL_PKEY_NUM; i++)

-		{

-		if (c->pkeys[i].x509 != NULL)

-			X509_free(c->pkeys[i].x509);

-		if (c->pkeys[i].privatekey != NULL)

-			EVP_PKEY_free(c->pkeys[i].privatekey);

-#if 0

-		if (c->pkeys[i].publickey != NULL)

-			EVP_PKEY_free(c->pkeys[i].publickey);

-#endif

-		}

-	OPENSSL_free(c);

-	}

-int ssl_cert_inst(CERT **o)

-	{

-	/* Create a CERT if there isn't already one

-	 * (which cannot really happen, as it is initially created in

-	 * SSL_CTX_new; but the earlier code usually allows for that one

-	 * being non-existant, so we follow that behaviour, as it might

-	 * turn out that there actually is a reason for it -- but I'm

-	 * not sure that *all* of the existing code could cope with

-	 * s->cert being NULL, otherwise we could do without the

-	 * initialization in SSL_CTX_new).

-	 */

-	if (o == NULL)

-		{

-		SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (*o == NULL)

-		{

-		if ((*o = ssl_cert_new()) == NULL)

-			{

-			SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);

-			return(0);

-			}

-		}

-	return(1);

-	}

-SESS_CERT *ssl_sess_cert_new(void)

-	{

-	SESS_CERT *ret;

-	ret = OPENSSL_malloc(sizeof *ret);

-	if (ret == NULL)

-		{

-		SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);

-		return NULL;

-		}

-	memset(ret, 0 ,sizeof *ret);

-	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);

-	ret->references = 1;

-	return ret;

-	}

-void ssl_sess_cert_free(SESS_CERT *sc)

-	{

-	int i;

-	if (sc == NULL)

-		return;

-	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);

-#ifdef REF_PRINT

-	REF_PRINT("SESS_CERT", sc);

-#endif

-	if (i > 0)

-		return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");

-		abort(); /* ok */

-		}

-#endif

-	/* i == 0 */

-	if (sc->cert_chain != NULL)

-		sk_X509_pop_free(sc->cert_chain, X509_free);

-	for (i = 0; i < SSL_PKEY_NUM; i++)

-		{

-		if (sc->peer_pkeys[i].x509 != NULL)

-			X509_free(sc->peer_pkeys[i].x509);

-#if 0 /* We don't have the peer's private key.  These lines are just

-	   * here as a reminder that we're still using a not-quite-appropriate

-	   * data structure. */

-		if (sc->peer_pkeys[i].privatekey != NULL)

-			EVP_PKEY_free(sc->peer_pkeys[i].privatekey);

-#endif

-		}

-#ifndef OPENSSL_NO_RSA

-	if (sc->peer_rsa_tmp != NULL)

-		RSA_free(sc->peer_rsa_tmp);

-#endif

-#ifndef OPENSSL_NO_DH

-	if (sc->peer_dh_tmp != NULL)

-		DH_free(sc->peer_dh_tmp);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (sc->peer_ecdh_tmp != NULL)

-		EC_KEY_free(sc->peer_ecdh_tmp);

-#endif

-	OPENSSL_free(sc);

-	}

-int ssl_set_peer_cert_type(SESS_CERT *sc,int type)

-	{

-	sc->peer_cert_type = type;

-	return(1);

-	}

-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)

-	{

-	X509 *x;

-	int i;

-	X509_STORE_CTX ctx;

-	if ((sk == NULL) || (sk_X509_num(sk) == 0))

-		return(0);

-	x=sk_X509_value(sk,0);

-	if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))

-		{

-		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);

-		return(0);

-		}

-	if (s->param)

-		X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),

-						s->param);

-#if 0

-	if (SSL_get_verify_depth(s) >= 0)

-		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));

-#endif

-	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);

-	/* We need to inherit the verify parameters. These can be determined by

-	 * the context: if its a server it will verify SSL client certificates

-	 * or vice versa.

-	 */

-	X509_STORE_CTX_set_default(&ctx,

-				s->server ? "ssl_client" : "ssl_server");

-	if (s->verify_callback)

-		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);

-	if (s->ctx->app_verify_callback != NULL)

-#if 1 /* new with OpenSSL 0.9.7 */

-		i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);

-#else

-		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */

-#endif

-	else

-		{

-#ifndef OPENSSL_NO_X509_VERIFY

-		i=X509_verify_cert(&ctx);

-#else

-		i=0;

-		ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;

-		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);

-#endif

-		}

-	s->verify_result=ctx.error;

-	X509_STORE_CTX_cleanup(&ctx);

-	return(i);

-	}

-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)

-	{

-	if (*ca_list != NULL)

-		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);

-	*ca_list=name_list;

-	}

-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)

-	{

-	int i;

-	STACK_OF(X509_NAME) *ret;

-	X509_NAME *name;

-	ret=sk_X509_NAME_new_null();

-	for (i=0; i<sk_X509_NAME_num(sk); i++)

-		{

-		name=X509_NAME_dup(sk_X509_NAME_value(sk,i));

-		if ((name == NULL) || !sk_X509_NAME_push(ret,name))

-			{

-			sk_X509_NAME_pop_free(ret,X509_NAME_free);

-			return(NULL);

-			}

-		}

-	return(ret);

-	}

-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)

-	{

-	set_client_CA_list(&(s->client_CA),name_list);

-	}

-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)

-	{

-	set_client_CA_list(&(ctx->client_CA),name_list);

-	}

-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)

-	{

-	return(ctx->client_CA);

-	}

-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)

-	{

-	if (s->type == SSL_ST_CONNECT)

-		{ /* we are in the client */

-		if (((s->version>>8) == SSL3_VERSION_MAJOR) &&

-			(s->s3 != NULL))

-			return(s->s3->tmp.ca_names);

-		else

-			return(NULL);

-		}

-	else

-		{

-		if (s->client_CA != NULL)

-			return(s->client_CA);

-		else

-			return(s->ctx->client_CA);

-		}

-	}

-static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)

-	{

-	X509_NAME *name;

-	if (x == NULL) return(0);

-	if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))

-		return(0);

-	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)

-		return(0);

-	if (!sk_X509_NAME_push(*sk,name))

-		{

-		X509_NAME_free(name);

-		return(0);

-		}

-	return(1);

-	}

-int SSL_add_client_CA(SSL *ssl,X509 *x)

-	{

-	return(add_client_CA(&(ssl->client_CA),x));

-	}

-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)

-	{

-	return(add_client_CA(&(ctx->client_CA),x));

-	}

-static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)

-	{

-	return(X509_NAME_cmp(*a,*b));

-	}

-#ifndef OPENSSL_NO_STDIO

-/*!

- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;

- * it doesn't really have anything to do with clients (except that a common use

- * for a stack of CAs is to send it to the client). Actually, it doesn't have

- * much to do with CAs, either, since it will load any old cert.

- * \param file the file containing one or more certs.

- * \return a ::STACK containing the certs.

- */

-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)

-	{

-	BIO *in;

-	X509 *x=NULL;

-	X509_NAME *xn=NULL;

-	STACK_OF(X509_NAME) *ret = NULL,*sk;

-	sk=sk_X509_NAME_new(xname_cmp);

-	in=BIO_new(BIO_s_file_internal());

-	if ((sk == NULL) || (in == NULL))

-		{

-		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!BIO_read_filename(in,file))

-		goto err;

-	for (;;)

-		{

-		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)

-			break;

-		if (ret == NULL)

-			{

-			ret = sk_X509_NAME_new_null();

-			if (ret == NULL)

-				{

-				SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			}

-		if ((xn=X509_get_subject_name(x)) == NULL) goto err;

-		/* check for duplicates */

-		xn=X509_NAME_dup(xn);

-		if (xn == NULL) goto err;

-		if (sk_X509_NAME_find(sk,xn) >= 0)

-			X509_NAME_free(xn);

-		else

-			{

-			sk_X509_NAME_push(sk,xn);

-			sk_X509_NAME_push(ret,xn);

-			}

-		}

-	if (0)

-		{

-err:

-		if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);

-		ret=NULL;

-		}

-	if (sk != NULL) sk_X509_NAME_free(sk);

-	if (in != NULL) BIO_free(in);

-	if (x != NULL) X509_free(x);

-	if (ret != NULL)

-		ERR_clear_error();

-	return(ret);

-	}

-#endif

-/*!

- * Add a file of certs to a stack.

- * \param stack the stack to add to.

- * \param file the file to add from. All certs in this file that are not

- * already in the stack will be added.

- * \return 1 for success, 0 for failure. Note that in the case of failure some

- * certs may have been added to \c stack.

- */

-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,

-					const char *file)

-	{

-	BIO *in;

-	X509 *x=NULL;

-	X509_NAME *xn=NULL;

-	int ret=1;

-	int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);

-	oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);

-		goto err;

-		}

-	if (!BIO_read_filename(in,file))

-		goto err;

-	for (;;)

-		{

-		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)

-			break;

-		if ((xn=X509_get_subject_name(x)) == NULL) goto err;

-		xn=X509_NAME_dup(xn);

-		if (xn == NULL) goto err;

-		if (sk_X509_NAME_find(stack,xn) >= 0)

-			X509_NAME_free(xn);

-		else

-			sk_X509_NAME_push(stack,xn);

-		}

-	if (0)

-		{

-err:

-		ret=0;

-		}

-	if(in != NULL)

-		BIO_free(in);

-	if(x != NULL)

-		X509_free(x);

-	(void)sk_X509_NAME_set_cmp_func(stack,oldcmp);

-	return ret;

-	}

-/*!

- * Add a directory of certs to a stack.

- * \param stack the stack to append to.

- * \param dir the directory to append from. All files in this directory will be

- * examined as potential certs. Any that are acceptable to

- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be

- * included.

- * \return 1 for success, 0 for failure. Note that in the case of failure some

- * certs may have been added to \c stack.

- */

-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,

-				       const char *dir)

-	{

-	OPENSSL_DIR_CTX *d = NULL;

-	const char *filename;

-	int ret = 0;

-	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);

-	/* Note that a side effect is that the CAs will be sorted by name */

-	while((filename = OPENSSL_DIR_read(&d, dir)))

-		{

-		char buf[1024];

-		int r;

-		if(strlen(dir)+strlen(filename)+2 > sizeof buf)

-			{

-			SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);

-			goto err;

-			}

-#ifdef OPENSSL_SYS_VMS

-		r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);

-#else

-		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);

-#endif

-		if (r <= 0 || r >= (int)sizeof(buf))

-			goto err;

-		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))

-			goto err;

-		}

-	if (errno)

-		{

-		SYSerr(SYS_F_OPENDIR, get_last_sys_error());

-		ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");

-		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);

-		goto err;

-		}

-	ret = 1;

-err:

-	if (d) OPENSSL_DIR_end(&d);

-	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);

-	return ret;

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_ciph.c

+++ /dev/null

@@ -1,1374 +1,0 @@

-/* ssl/ssl_ciph.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include <openssl/comp.h>

-#include "ssl_locl.h"

-#define SSL_ENC_DES_IDX		0

-#define SSL_ENC_3DES_IDX	1

-#define SSL_ENC_RC4_IDX		2

-#define SSL_ENC_RC2_IDX		3

-#define SSL_ENC_IDEA_IDX	4

-#define SSL_ENC_eFZA_IDX	5

-#define SSL_ENC_NULL_IDX	6

-#define SSL_ENC_AES128_IDX	7

-#define SSL_ENC_AES256_IDX	8

-#define SSL_ENC_CAMELLIA128_IDX	9

-#define SSL_ENC_CAMELLIA256_IDX	10

-#define SSL_ENC_SEED_IDX    	11

-#define SSL_ENC_NUM_IDX		12

-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={

-	NULL,NULL,NULL,NULL,NULL,NULL,

-	};

-#define SSL_COMP_NULL_IDX	0

-#define SSL_COMP_ZLIB_IDX	1

-#define SSL_COMP_NUM_IDX	2

-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;

-#define SSL_MD_MD5_IDX	0

-#define SSL_MD_SHA1_IDX	1

-#define SSL_MD_NUM_IDX	2

-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={

-	NULL,NULL,

-	};

-#define CIPHER_ADD	1

-#define CIPHER_KILL	2

-#define CIPHER_DEL	3

-#define CIPHER_ORD	4

-#define CIPHER_SPECIAL	5

-typedef struct cipher_order_st

-	{

-	SSL_CIPHER *cipher;

-	int active;

-	int dead;

-	struct cipher_order_st *next,*prev;

-	} CIPHER_ORDER;

-static const SSL_CIPHER cipher_aliases[]={

-	/* Don't include eNULL unless specifically enabled. */

-	/* Don't include ECC in ALL because these ciphers are not yet official. */

-	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */

-	/* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */

-	{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */

-	{0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */

-	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_DH,	0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_ECC,	0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},

-	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},

-	{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */

-	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_DSS,	0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},

-	{0,SSL_TXT_DES,	0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_RC4,	0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_RC2,	0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},

-#ifndef OPENSSL_NO_IDEA

-	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},

-#endif

-	{0,SSL_TXT_SEED,0,SSL_SEED,  0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_AES,	0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},

-	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},

-	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},

-	{0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},

-	{0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},

-	{0,SSL_TXT_RSA,	0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},

-	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},

-	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},

-	{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},

-	{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},

-	{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},

-	{0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},

-	{0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},

-	{0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},

-	{0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},

-	{0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},

-	{0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},

-	{0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},

-	};

-void ssl_load_ciphers(void)

-	{

-	ssl_cipher_methods[SSL_ENC_DES_IDX]=

-		EVP_get_cipherbyname(SN_des_cbc);

-	ssl_cipher_methods[SSL_ENC_3DES_IDX]=

-		EVP_get_cipherbyname(SN_des_ede3_cbc);

-	ssl_cipher_methods[SSL_ENC_RC4_IDX]=

-		EVP_get_cipherbyname(SN_rc4);

-	ssl_cipher_methods[SSL_ENC_RC2_IDX]=

-		EVP_get_cipherbyname(SN_rc2_cbc);

-#ifndef OPENSSL_NO_IDEA

-	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=

-		EVP_get_cipherbyname(SN_idea_cbc);

-#else

-	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;

-#endif

-	ssl_cipher_methods[SSL_ENC_AES128_IDX]=

-	  EVP_get_cipherbyname(SN_aes_128_cbc);

-	ssl_cipher_methods[SSL_ENC_AES256_IDX]=

-	  EVP_get_cipherbyname(SN_aes_256_cbc);

-	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=

-	  EVP_get_cipherbyname(SN_camellia_128_cbc);

-	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=

-	  EVP_get_cipherbyname(SN_camellia_256_cbc);

-	ssl_cipher_methods[SSL_ENC_SEED_IDX]=

-	  EVP_get_cipherbyname(SN_seed_cbc);

-	ssl_digest_methods[SSL_MD_MD5_IDX]=

-		EVP_get_digestbyname(SN_md5);

-	ssl_digest_methods[SSL_MD_SHA1_IDX]=

-		EVP_get_digestbyname(SN_sha1);

-	}

-#ifndef OPENSSL_NO_COMP

-static int sk_comp_cmp(const SSL_COMP * const *a,

-			const SSL_COMP * const *b)

-	{

-	return((*a)->id-(*b)->id);

-	}

-static void load_builtin_compressions(void)

-	{

-	int got_write_lock = 0;

-	CRYPTO_r_lock(CRYPTO_LOCK_SSL);

-	if (ssl_comp_methods == NULL)

-		{

-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);

-		CRYPTO_w_lock(CRYPTO_LOCK_SSL);

-		got_write_lock = 1;

-		if (ssl_comp_methods == NULL)

-			{

-			SSL_COMP *comp = NULL;

-			MemCheck_off();

-			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);

-			if (ssl_comp_methods != NULL)

-				{

-				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));

-				if (comp != NULL)

-					{

-					comp->method=COMP_zlib();

-					if (comp->method

-						&& comp->method->type == NID_undef)

-						OPENSSL_free(comp);

-					else

-						{

-						comp->id=SSL_COMP_ZLIB_IDX;

-						comp->name=comp->method->name;

-						sk_SSL_COMP_push(ssl_comp_methods,comp);

-						}

-					}

-				}

-			MemCheck_on();

-			}

-		}

-	if (got_write_lock)

-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);

-	else

-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);

-	}

-#endif

-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,

-	     const EVP_MD **md, SSL_COMP **comp)

-	{

-	int i;

-	SSL_CIPHER *c;

-	c=s->cipher;

-	if (c == NULL) return(0);

-	if (comp != NULL)

-		{

-		SSL_COMP ctmp;

-#ifndef OPENSSL_NO_COMP

-		load_builtin_compressions();

-#endif

-		*comp=NULL;

-		ctmp.id=s->compress_meth;

-		if (ssl_comp_methods != NULL)

-			{

-			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);

-			if (i >= 0)

-				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);

-			else

-				*comp=NULL;

-			}

-		}

-	if ((enc == NULL) || (md == NULL)) return(0);

-	switch (c->algorithms & SSL_ENC_MASK)

-		{

-	case SSL_DES:

-		i=SSL_ENC_DES_IDX;

-		break;

-	case SSL_3DES:

-		i=SSL_ENC_3DES_IDX;

-		break;

-	case SSL_RC4:

-		i=SSL_ENC_RC4_IDX;

-		break;

-	case SSL_RC2:

-		i=SSL_ENC_RC2_IDX;

-		break;

-	case SSL_IDEA:

-		i=SSL_ENC_IDEA_IDX;

-		break;

-	case SSL_eNULL:

-		i=SSL_ENC_NULL_IDX;

-		break;

-	case SSL_AES:

-		switch(c->alg_bits)

-			{

-		case 128: i=SSL_ENC_AES128_IDX; break;

-		case 256: i=SSL_ENC_AES256_IDX; break;

-		default: i=-1; break;

-			}

-		break;

-	case SSL_CAMELLIA:

-		switch(c->alg_bits)

-			{

-		case 128: i=SSL_ENC_CAMELLIA128_IDX; break;

-		case 256: i=SSL_ENC_CAMELLIA256_IDX; break;

-		default: i=-1; break;

-			}

-		break;

-	case SSL_SEED:

-		i=SSL_ENC_SEED_IDX;

-		break;

-	default:

-		i= -1;

-		break;

-		}

-	if ((i < 0) || (i > SSL_ENC_NUM_IDX))

-		*enc=NULL;

-	else

-		{

-		if (i == SSL_ENC_NULL_IDX)

-			*enc=EVP_enc_null();

-		else

-			*enc=ssl_cipher_methods[i];

-		}

-	switch (c->algorithms & SSL_MAC_MASK)

-		{

-	case SSL_MD5:

-		i=SSL_MD_MD5_IDX;

-		break;

-	case SSL_SHA1:

-		i=SSL_MD_SHA1_IDX;

-		break;

-	default:

-		i= -1;

-		break;

-		}

-	if ((i < 0) || (i > SSL_MD_NUM_IDX))

-		*md=NULL;

-	else

-		*md=ssl_digest_methods[i];

-	if ((*enc != NULL) && (*md != NULL))

-		return(1);

-	else

-		return(0);

-	}

-#define ITEM_SEP(a) \

-	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))

-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,

-	     CIPHER_ORDER **tail)

-	{

-	if (curr == *tail) return;

-	if (curr == *head)

-		*head=curr->next;

-	if (curr->prev != NULL)

-		curr->prev->next=curr->next;

-	if (curr->next != NULL) /* should always be true */

-		curr->next->prev=curr->prev;

-	(*tail)->next=curr;

-	curr->prev= *tail;

-	curr->next=NULL;

-	*tail=curr;

-	}

-struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,

-                         * where 128-bit and 256-bit algorithms simply will get

-                         * separate bits. */

-  unsigned long mask; /* everything except m256 */

-  unsigned long m256; /* applies to 256-bit algorithms only */

-};

-static struct disabled_masks ssl_cipher_get_disabled(void)

-	{

-	unsigned long mask;

-	unsigned long m256;

-	struct disabled_masks ret;

-	mask = SSL_kFZA;

-#ifdef OPENSSL_NO_RSA

-	mask |= SSL_aRSA|SSL_kRSA;

-#endif

-#ifdef OPENSSL_NO_DSA

-	mask |= SSL_aDSS;

-#endif

-#ifdef OPENSSL_NO_DH

-	mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;

-#endif

-#ifdef OPENSSL_NO_KRB5

-	mask |= SSL_kKRB5|SSL_aKRB5;

-#endif

-#ifdef OPENSSL_NO_ECDH

-	mask |= SSL_kECDH|SSL_kECDHE;

-#endif

-#ifdef SSL_FORBID_ENULL

-	mask |= SSL_eNULL;

-#endif

-	mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;

-	mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;

-	mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;

-	mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;

-	mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;

-	mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;

-	mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;

-	mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;

-	mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;

-	/* finally consider algorithms where mask and m256 differ */

-	m256 = mask;

-	mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;

-	mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;

-	m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;

-	m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;

-	ret.mask = mask;

-	ret.m256 = m256;

-	return ret;

-	}

-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,

-		int num_of_ciphers, unsigned long mask, unsigned long m256,

-		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,

-		CIPHER_ORDER **tail_p)

-	{

-	int i, co_list_num;

-	SSL_CIPHER *c;

-	/*

-	 * We have num_of_ciphers descriptions compiled in, depending on the

-	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).

-	 * These will later be sorted in a linked list with at most num

-	 * entries.

-	 */

-	/* Get the initial list of ciphers */

-	co_list_num = 0;	/* actual count of ciphers */

-	for (i = 0; i < num_of_ciphers; i++)

-		{

-		c = ssl_method->get_cipher(i);

-#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))

-		/* drop those that use any of that is not available */

-		if ((c != NULL) && c->valid && !IS_MASKED(c))

-			{

-			co_list[co_list_num].cipher = c;

-			co_list[co_list_num].next = NULL;

-			co_list[co_list_num].prev = NULL;

-			co_list[co_list_num].active = 0;

-			co_list_num++;

-#ifdef KSSL_DEBUG

-			printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);

-#endif	/* KSSL_DEBUG */

-			/*

-			if (!sk_push(ca_list,(char *)c)) goto err;

-			*/

-			}

-		}

-	/*

-	 * Prepare linked list from list entries

-	 */

-	for (i = 1; i < co_list_num - 1; i++)

-		{

-		co_list[i].prev = &(co_list[i-1]);

-		co_list[i].next = &(co_list[i+1]);

-		}

-	if (co_list_num > 0)

-		{

-		(*head_p) = &(co_list[0]);

-		(*head_p)->prev = NULL;

-		(*head_p)->next = &(co_list[1]);

-		(*tail_p) = &(co_list[co_list_num - 1]);

-		(*tail_p)->prev = &(co_list[co_list_num - 2]);

-		(*tail_p)->next = NULL;

-		}

-	}

-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,

-			int num_of_group_aliases, unsigned long mask,

-			CIPHER_ORDER *head)

-	{

-	CIPHER_ORDER *ciph_curr;

-	SSL_CIPHER **ca_curr;

-	int i;

-	/*

-	 * First, add the real ciphers as already collected

-	 */

-	ciph_curr = head;

-	ca_curr = ca_list;

-	while (ciph_curr != NULL)

-		{

-		*ca_curr = ciph_curr->cipher;

-		ca_curr++;

-		ciph_curr = ciph_curr->next;

-		}

-	/*

-	 * Now we add the available ones from the cipher_aliases[] table.

-	 * They represent either an algorithm, that must be fully

-	 * supported (not match any bit in mask) or represent a cipher

-	 * strength value (will be added in any case because algorithms=0).

-	 */

-	for (i = 0; i < num_of_group_aliases; i++)

-		{

-		if ((i == 0) ||		/* always fetch "ALL" */

-		    !(cipher_aliases[i].algorithms & mask))

-			{

-			*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);

-			ca_curr++;

-			}

-		}

-	*ca_curr = NULL;	/* end of list */

-	}

-static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,

-		unsigned long algorithms, unsigned long mask,

-		unsigned long algo_strength, unsigned long mask_strength,

-		int rule, int strength_bits, CIPHER_ORDER *co_list,

-		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)

-	{

-	CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;

-	SSL_CIPHER *cp;

-	unsigned long ma, ma_s;

-#ifdef CIPHER_DEBUG

-	printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",

-		rule, algorithms, mask, algo_strength, mask_strength,

-		strength_bits);

-#endif

-	curr = head = *head_p;

-	curr2 = head;

-	tail2 = tail = *tail_p;

-	for (;;)

-		{

-		if ((curr == NULL) || (curr == tail2)) break;

-		curr = curr2;

-		curr2 = curr->next;

-		cp = curr->cipher;

-		/* If explicit cipher suite, match only that one for its own protocol version.

-		 * Usual selection criteria will be used for similar ciphersuites from other version! */

-		if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)

-			{

-			if (cp->id != cipher_id)

-				continue;

-			}

-		/*

-		 * Selection criteria is either the number of strength_bits

-		 * or the algorithm used.

-		 */

-		else if (strength_bits == -1)

-			{

-			ma = mask & cp->algorithms;

-			ma_s = mask_strength & cp->algo_strength;

-#ifdef CIPHER_DEBUG

-			printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);

-			printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);

-#endif

-			/*

-			 * Select: if none of the mask bit was met from the

-			 * cipher or not all of the bits were met, the

-			 * selection does not apply.

-			 */

-			if (((ma == 0) && (ma_s == 0)) ||

-			    ((ma & algorithms) != ma) ||

-			    ((ma_s & algo_strength) != ma_s))

-				continue; /* does not apply */

-			}

-		else if (strength_bits != cp->strength_bits)

-			continue;	/* does not apply */

-#ifdef CIPHER_DEBUG

-		printf("Action = %d\n", rule);

-#endif

-		/* add the cipher if it has not been added yet. */

-		if (rule == CIPHER_ADD)

-			{

-			if (!curr->active)

-				{

-				int add_this_cipher = 1;

-				if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))

-					{

-					/* Make sure "ECCdraft" ciphersuites are activated only if

-					 * *explicitly* requested, but not implicitly (such as

-					 * as part of the "AES" alias). */

-					add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;

-					}

-				if (add_this_cipher)

-					{

-					ll_append_tail(&head, curr, &tail);

-					curr->active = 1;

-					}

-				}

-			}

-		/* Move the added cipher to this location */

-		else if (rule == CIPHER_ORD)

-			{

-			if (curr->active)

-				{

-				ll_append_tail(&head, curr, &tail);

-				}

-			}

-		else if	(rule == CIPHER_DEL)

-			curr->active = 0;

-		else if (rule == CIPHER_KILL)

-			{

-			if (head == curr)

-				head = curr->next;

-			else

-				curr->prev->next = curr->next;

-			if (tail == curr)

-				tail = curr->prev;

-			curr->active = 0;

-			if (curr->next != NULL)

-				curr->next->prev = curr->prev;

-			if (curr->prev != NULL)

-				curr->prev->next = curr->next;

-			curr->next = NULL;

-			curr->prev = NULL;

-			}

-		}

-	*head_p = head;

-	*tail_p = tail;

-	}

-static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,

-				    CIPHER_ORDER **head_p,

-				    CIPHER_ORDER **tail_p)

-	{

-	int max_strength_bits, i, *number_uses;

-	CIPHER_ORDER *curr;

-	/*

-	 * This routine sorts the ciphers with descending strength. The sorting

-	 * must keep the pre-sorted sequence, so we apply the normal sorting

-	 * routine as '+' movement to the end of the list.

-	 */

-	max_strength_bits = 0;

-	curr = *head_p;

-	while (curr != NULL)

-		{

-		if (curr->active &&

-		    (curr->cipher->strength_bits > max_strength_bits))

-		    max_strength_bits = curr->cipher->strength_bits;

-		curr = curr->next;

-		}

-	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));

-	if (!number_uses)

-	{

-		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);

-		return(0);

-	}

-	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));

-	/*

-	 * Now find the strength_bits values actually used

-	 */

-	curr = *head_p;

-	while (curr != NULL)

-		{

-		if (curr->active)

-			number_uses[curr->cipher->strength_bits]++;

-		curr = curr->next;

-		}

-	/*

-	 * Go through the list of used strength_bits values in descending

-	 * order.

-	 */

-	for (i = max_strength_bits; i >= 0; i--)

-		if (number_uses[i] > 0)

-			ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,

-					co_list, head_p, tail_p);

-	OPENSSL_free(number_uses);

-	return(1);

-	}

-static int ssl_cipher_process_rulestr(const char *rule_str,

-		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,

-		CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)

-	{

-	unsigned long algorithms, mask, algo_strength, mask_strength;

-	const char *l, *start, *buf;

-	int j, multi, found, rule, retval, ok, buflen;

-	unsigned long cipher_id = 0, ssl_version = 0;

-	char ch;

-	retval = 1;

-	l = rule_str;

-	for (;;)

-		{

-		ch = *l;

-		if (ch == '\0')

-			break;		/* done */

-		if (ch == '-')

-			{ rule = CIPHER_DEL; l++; }

-		else if (ch == '+')

-			{ rule = CIPHER_ORD; l++; }

-		else if (ch == '!')

-			{ rule = CIPHER_KILL; l++; }

-		else if (ch == '@')

-			{ rule = CIPHER_SPECIAL; l++; }

-		else

-			{ rule = CIPHER_ADD; }

-		if (ITEM_SEP(ch))

-			{

-			l++;

-			continue;

-			}

-		algorithms = mask = algo_strength = mask_strength = 0;

-		start=l;

-		for (;;)

-			{

-			ch = *l;

-			buf = l;

-			buflen = 0;

-#ifndef CHARSET_EBCDIC

-			while (	((ch >= 'A') && (ch <= 'Z')) ||

-				((ch >= '0') && (ch <= '9')) ||

-				((ch >= 'a') && (ch <= 'z')) ||

-				 (ch == '-'))

-#else

-			while (	isalnum(ch) || (ch == '-'))

-#endif

-				 {

-				 ch = *(++l);

-				 buflen++;

-				 }

-			if (buflen == 0)

-				{

-				/*

-				 * We hit something we cannot deal with,

-				 * it is no command or separator nor

-				 * alphanumeric, so we call this an error.

-				 */

-				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,

-				       SSL_R_INVALID_COMMAND);

-				retval = found = 0;

-				l++;

-				break;

-				}

-			if (rule == CIPHER_SPECIAL)

-				{

-				found = 0; /* unused -- avoid compiler warning */

-				break;	/* special treatment */

-				}

-			/* check for multi-part specification */

-			if (ch == '+')

-				{

-				multi=1;

-				l++;

-				}

-			else

-				multi=0;

-			/*

-			 * Now search for the cipher alias in the ca_list. Be careful

-			 * with the strncmp, because the "buflen" limitation

-			 * will make the rule "ADH:SOME" and the cipher

-			 * "ADH-MY-CIPHER" look like a match for buflen=3.

-			 * So additionally check whether the cipher name found

-			 * has the correct length. We can save a strlen() call:

-			 * just checking for the '\0' at the right place is

-			 * sufficient, we have to strncmp() anyway. (We cannot

-			 * use strcmp(), because buf is not '\0' terminated.)

-			 */

-			 j = found = 0;

-			 cipher_id = 0;

-			 ssl_version = 0;

-			 while (ca_list[j])

-				{

-				if (!strncmp(buf, ca_list[j]->name, buflen) &&

-				    (ca_list[j]->name[buflen] == '\0'))

-					{

-					found = 1;

-					break;

-					}

-				else

-					j++;

-				}

-			if (!found)

-				break;	/* ignore this entry */

-			/* New algorithms:

-			 *  1 - any old restrictions apply outside new mask

-			 *  2 - any new restrictions apply outside old mask

-			 *  3 - enforce old & new where masks intersect

-			 */

-			algorithms = (algorithms & ~ca_list[j]->mask) |		/* 1 */

-			             (ca_list[j]->algorithms & ~mask) |		/* 2 */

-			             (algorithms & ca_list[j]->algorithms);	/* 3 */

-			mask |= ca_list[j]->mask;

-			algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |

-			                (ca_list[j]->algo_strength & ~mask_strength) |

-			                (algo_strength & ca_list[j]->algo_strength);

-			mask_strength |= ca_list[j]->mask_strength;

-			/* explicit ciphersuite found */

-			if (ca_list[j]->valid)

-				{

-				cipher_id = ca_list[j]->id;

-				ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;

-				break;

-				}

-			if (!multi) break;

-			}

-		/*

-		 * Ok, we have the rule, now apply it

-		 */

-		if (rule == CIPHER_SPECIAL)

-			{	/* special command */

-			ok = 0;

-			if ((buflen == 8) &&

-				!strncmp(buf, "STRENGTH", 8))

-				ok = ssl_cipher_strength_sort(co_list,

-					head_p, tail_p);

-			else

-				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,

-					SSL_R_INVALID_COMMAND);

-			if (ok == 0)

-				retval = 0;

-			/*

-			 * We do not support any "multi" options

-			 * together with "@", so throw away the

-			 * rest of the command, if any left, until

-			 * end or ':' is found.

-			 */

-			while ((*l != '\0') && !ITEM_SEP(*l))

-				l++;

-			}

-		else if (found)

-			{

-			ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,

-				algo_strength, mask_strength, rule, -1,

-				co_list, head_p, tail_p);

-			}

-		else

-			{

-			while ((*l != '\0') && !ITEM_SEP(*l))

-				l++;

-			}

-		if (*l == '\0') break; /* done */

-		}

-	return(retval);

-	}

-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,

-		STACK_OF(SSL_CIPHER) **cipher_list,

-		STACK_OF(SSL_CIPHER) **cipher_list_by_id,

-		const char *rule_str)

-	{

-	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;

-	unsigned long disabled_mask;

-	unsigned long disabled_m256;

-	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;

-	const char *rule_p;

-	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;

-	SSL_CIPHER **ca_list = NULL;

-	/*

-	 * Return with error if nothing to do.

-	 */

-	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)

-		return NULL;

-	/*

-	 * To reduce the work to do we only want to process the compiled

-	 * in algorithms, so we first get the mask of disabled ciphers.

-	 */

-	{

-		struct disabled_masks d;

-		d = ssl_cipher_get_disabled();

-		disabled_mask = d.mask;

-		disabled_m256 = d.m256;

-	}

-	/*

-	 * Now we have to collect the available ciphers from the compiled

-	 * in ciphers. We cannot get more than the number compiled in, so

-	 * it is used for allocation.

-	 */

-	num_of_ciphers = ssl_method->num_ciphers();

-#ifdef KSSL_DEBUG

-	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);

-#endif    /* KSSL_DEBUG */

-	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);

-	if (co_list == NULL)

-		{

-		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);

-		return(NULL);	/* Failure */

-		}

-	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,

-				   disabled_m256, co_list, &head, &tail);

-	/*

-	 * We also need cipher aliases for selecting based on the rule_str.

-	 * There might be two types of entries in the rule_str: 1) names

-	 * of ciphers themselves 2) aliases for groups of ciphers.

-	 * For 1) we need the available ciphers and for 2) the cipher

-	 * groups of cipher_aliases added together in one list (otherwise

-	 * we would be happy with just the cipher_aliases table).

-	 */

-	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);

-	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;

-	ca_list =

-		(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);

-	if (ca_list == NULL)

-		{

-		OPENSSL_free(co_list);

-		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);

-		return(NULL);	/* Failure */

-		}

-	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,

-				   (disabled_mask & disabled_m256), head);

-	/*

-	 * If the rule_string begins with DEFAULT, apply the default rule

-	 * before using the (possibly available) additional rules.

-	 */

-	ok = 1;

-	rule_p = rule_str;

-	if (strncmp(rule_str,"DEFAULT",7) == 0)

-		{

-		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,

-			co_list, &head, &tail, ca_list);

-		rule_p += 7;

-		if (*rule_p == ':')

-			rule_p++;

-		}

-	if (ok && (strlen(rule_p) > 0))

-		ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,

-						ca_list);

-	OPENSSL_free(ca_list);	/* Not needed anymore */

-	if (!ok)

-		{	/* Rule processing failure */

-		OPENSSL_free(co_list);

-		return(NULL);

-		}

-	/*

-	 * Allocate new "cipherstack" for the result, return with error

-	 * if we cannot get one.

-	 */

-	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)

-		{

-		OPENSSL_free(co_list);

-		return(NULL);

-		}

-	/*

-	 * The cipher selection for the list is done. The ciphers are added

-	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).

-	 */

-	for (curr = head; curr != NULL; curr = curr->next)

-		{

-		if (curr->active)

-			{

-			sk_SSL_CIPHER_push(cipherstack, curr->cipher);

-#ifdef CIPHER_DEBUG

-			printf("<%s>\n",curr->cipher->name);

-#endif

-			}

-		}

-	OPENSSL_free(co_list);	/* Not needed any longer */

-	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);

-	if (tmp_cipher_list == NULL)

-		{

-		sk_SSL_CIPHER_free(cipherstack);

-		return NULL;

-		}

-	if (*cipher_list != NULL)

-		sk_SSL_CIPHER_free(*cipher_list);

-	*cipher_list = cipherstack;

-	if (*cipher_list_by_id != NULL)

-		sk_SSL_CIPHER_free(*cipher_list_by_id);

-	*cipher_list_by_id = tmp_cipher_list;

-	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);

-	return(cipherstack);

-	}

-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)

-	{

-	int is_export,pkl,kl;

-	const char *ver,*exp_str;

-	const char *kx,*au,*enc,*mac;

-	unsigned long alg,alg2,alg_s;

-#ifdef KSSL_DEBUG

-	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";

-#else

-	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";

-#endif /* KSSL_DEBUG */

-	alg=cipher->algorithms;

-	alg_s=cipher->algo_strength;

-	alg2=cipher->algorithm2;

-	is_export=SSL_C_IS_EXPORT(cipher);

-	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);

-	kl=SSL_C_EXPORT_KEYLENGTH(cipher);

-	exp_str=is_export?" export":"";

-	if (alg & SSL_SSLV2)

-		ver="SSLv2";

-	else if (alg & SSL_SSLV3)

-		ver="SSLv3";

-	else

-		ver="unknown";

-	switch (alg&SSL_MKEY_MASK)

-		{

-	case SSL_kRSA:

-		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";

-		break;

-	case SSL_kDHr:

-		kx="DH/RSA";

-		break;

-	case SSL_kDHd:

-		kx="DH/DSS";

-		break;

-        case SSL_kKRB5:         /* VRS */

-        case SSL_KRB5:          /* VRS */

-            kx="KRB5";

-            break;

-	case SSL_kFZA:

-		kx="Fortezza";

-		break;

-	case SSL_kEDH:

-		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";

-		break;

-	case SSL_kECDH:

-	case SSL_kECDHE:

-		kx=is_export?"ECDH(<=163)":"ECDH";

-		break;

-	default:

-		kx="unknown";

-		}

-	switch (alg&SSL_AUTH_MASK)

-		{

-	case SSL_aRSA:

-		au="RSA";

-		break;

-	case SSL_aDSS:

-		au="DSS";

-		break;

-	case SSL_aDH:

-		au="DH";

-		break;

-        case SSL_aKRB5:         /* VRS */

-        case SSL_KRB5:          /* VRS */

-            au="KRB5";

-            break;

-	case SSL_aFZA:

-	case SSL_aNULL:

-		au="None";

-		break;

-	case SSL_aECDSA:

-		au="ECDSA";

-		break;

-	default:

-		au="unknown";

-		break;

-		}

-	switch (alg&SSL_ENC_MASK)

-		{

-	case SSL_DES:

-		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";

-		break;

-	case SSL_3DES:

-		enc="3DES(168)";

-		break;

-	case SSL_RC4:

-		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")

-		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");

-		break;

-	case SSL_RC2:

-		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";

-		break;

-	case SSL_IDEA:

-		enc="IDEA(128)";

-		break;

-	case SSL_eFZA:

-		enc="Fortezza";

-		break;

-	case SSL_eNULL:

-		enc="None";

-		break;

-	case SSL_AES:

-		switch(cipher->strength_bits)

-			{

-		case 128: enc="AES(128)"; break;

-		case 192: enc="AES(192)"; break;

-		case 256: enc="AES(256)"; break;

-		default: enc="AES(?""?""?)"; break;

-			}

-		break;

-	case SSL_CAMELLIA:

-		switch(cipher->strength_bits)

-			{

-		case 128: enc="Camellia(128)"; break;

-		case 256: enc="Camellia(256)"; break;

-		default: enc="Camellia(?""?""?)"; break;

-			}

-		break;

-	case SSL_SEED:

-		enc="SEED(128)";

-		break;

-	default:

-		enc="unknown";

-		break;

-		}

-	switch (alg&SSL_MAC_MASK)

-		{

-	case SSL_MD5:

-		mac="MD5";

-		break;

-	case SSL_SHA1:

-		mac="SHA1";

-		break;

-	default:

-		mac="unknown";

-		break;

-		}

-	if (buf == NULL)

-		{

-		len=128;

-		buf=OPENSSL_malloc(len);

-		if (buf == NULL) return("OPENSSL_malloc Error");

-		}

-	else if (len < 128)

-		return("Buffer too small");

-#ifdef KSSL_DEBUG

-	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);

-#else

-	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);

-#endif /* KSSL_DEBUG */

-	return(buf);

-	}

-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)

-	{

-	int i;

-	if (c == NULL) return("(NONE)");

-	i=(int)(c->id>>24L);

-	if (i == 3)

-		return("TLSv1/SSLv3");

-	else if (i == 2)

-		return("SSLv2");

-	else

-		return("unknown");

-	}

-/* return the actual cipher being used */

-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)

-	{

-	if (c != NULL)

-		return(c->name);

-	return("(NONE)");

-	}

-/* number of bits for symmetric cipher */

-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)

-	{

-	int ret=0;

-	if (c != NULL)

-		{

-		if (alg_bits != NULL) *alg_bits = c->alg_bits;

-		ret = c->strength_bits;

-		}

-	return(ret);

-	}

-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)

-	{

-	SSL_COMP *ctmp;

-	int i,nn;

-	if ((n == 0) || (sk == NULL)) return(NULL);

-	nn=sk_SSL_COMP_num(sk);

-	for (i=0; i<nn; i++)

-		{

-		ctmp=sk_SSL_COMP_value(sk,i);

-		if (ctmp->id == n)

-			return(ctmp);

-		}

-	return(NULL);

-	}

-#ifdef OPENSSL_NO_COMP

-void *SSL_COMP_get_compression_methods(void)

-	{

-	return NULL;

-	}

-int SSL_COMP_add_compression_method(int id, void *cm)

-	{

-	return 1;

-	}

-const char *SSL_COMP_get_name(const void *comp)

-	{

-	return NULL;

-	}

-#else

-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)

-	{

-	load_builtin_compressions();

-	return(ssl_comp_methods);

-	}

-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)

-	{

-	SSL_COMP *comp;

-        if (cm == NULL || cm->type == NID_undef)

-                return 1;

-	/* According to draft-ietf-tls-compression-04.txt, the

-	   compression number ranges should be the following:

-	   0 to 63:    methods defined by the IETF

-	   64 to 192:  external party methods assigned by IANA

-	   193 to 255: reserved for private use */

-	if (id < 193 || id > 255)

-		{

-		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);

-		return 0;

-		}

-	MemCheck_off();

-	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));

-	comp->id=id;

-	comp->method=cm;

-	load_builtin_compressions();

-	if (ssl_comp_methods

-		&& !sk_SSL_COMP_find(ssl_comp_methods,comp))

-		{

-		OPENSSL_free(comp);

-		MemCheck_on();

-		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);

-		return(1);

-		}

-	else if ((ssl_comp_methods == NULL)

-		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))

-		{

-		OPENSSL_free(comp);

-		MemCheck_on();

-		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);

-		return(1);

-		}

-	else

-		{

-		MemCheck_on();

-		return(0);

-		}

-	}

-const char *SSL_COMP_get_name(const COMP_METHOD *comp)

-	{

-	if (comp)

-		return comp->name;

-	return NULL;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl_err.c

+++ /dev/null

@@ -1,512 +1,0 @@

-/* ssl/ssl_err.c */

-/* ====================================================================

- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* NOTE: this file was auto generated by the mkerr.pl script: any changes

- * made to it will be overwritten when the script next updates this file,

- * only reason strings will be preserved.

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-/* BEGIN ERROR CODES */

-#ifndef OPENSSL_NO_ERR

-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)

-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)

-static ERR_STRING_DATA SSL_str_functs[]=

-	{

-{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE),	"CLIENT_CERTIFICATE"},

-{ERR_FUNC(SSL_F_CLIENT_FINISHED),	"CLIENT_FINISHED"},

-{ERR_FUNC(SSL_F_CLIENT_HELLO),	"CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),	"CLIENT_MASTER_KEY"},

-{ERR_FUNC(SSL_F_D2I_SSL_SESSION),	"d2i_SSL_SESSION"},

-{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),	"DO_DTLS1_WRITE"},

-{ERR_FUNC(SSL_F_DO_SSL3_WRITE),	"DO_SSL3_WRITE"},

-{ERR_FUNC(SSL_F_DTLS1_ACCEPT),	"DTLS1_ACCEPT"},

-{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),	"DTLS1_BUFFER_RECORD"},

-{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),	"DTLS1_CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_DTLS1_CONNECT),	"DTLS1_CONNECT"},

-{ERR_FUNC(SSL_F_DTLS1_ENC),	"DTLS1_ENC"},

-{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY),	"DTLS1_GET_HELLO_VERIFY"},

-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),	"DTLS1_GET_MESSAGE"},

-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),	"DTLS1_GET_MESSAGE_FRAGMENT"},

-{ERR_FUNC(SSL_F_DTLS1_GET_RECORD),	"DTLS1_GET_RECORD"},

-{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),	"DTLS1_OUTPUT_CERT_CHAIN"},

-{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT),	"DTLS1_PREPROCESS_FRAGMENT"},

-{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),	"DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},

-{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD),	"DTLS1_PROCESS_RECORD"},

-{ERR_FUNC(SSL_F_DTLS1_READ_BYTES),	"DTLS1_READ_BYTES"},

-{ERR_FUNC(SSL_F_DTLS1_READ_FAILED),	"DTLS1_READ_FAILED"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),	"DTLS1_SEND_CERTIFICATE_REQUEST"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),	"DTLS1_SEND_CLIENT_CERTIFICATE"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),	"DTLS1_SEND_CLIENT_KEY_EXCHANGE"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY),	"DTLS1_SEND_CLIENT_VERIFY"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),	"DTLS1_SEND_HELLO_VERIFY_REQUEST"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),	"DTLS1_SEND_SERVER_CERTIFICATE"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO),	"DTLS1_SEND_SERVER_HELLO"},

-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),	"DTLS1_SEND_SERVER_KEY_EXCHANGE"},

-{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),	"DTLS1_WRITE_APP_DATA_BYTES"},

-{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),	"GET_CLIENT_FINISHED"},

-{ERR_FUNC(SSL_F_GET_CLIENT_HELLO),	"GET_CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY),	"GET_CLIENT_MASTER_KEY"},

-{ERR_FUNC(SSL_F_GET_SERVER_FINISHED),	"GET_SERVER_FINISHED"},

-{ERR_FUNC(SSL_F_GET_SERVER_HELLO),	"GET_SERVER_HELLO"},

-{ERR_FUNC(SSL_F_GET_SERVER_VERIFY),	"GET_SERVER_VERIFY"},

-{ERR_FUNC(SSL_F_I2D_SSL_SESSION),	"i2d_SSL_SESSION"},

-{ERR_FUNC(SSL_F_READ_N),	"READ_N"},

-{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE),	"REQUEST_CERTIFICATE"},

-{ERR_FUNC(SSL_F_SERVER_FINISH),	"SERVER_FINISH"},

-{ERR_FUNC(SSL_F_SERVER_HELLO),	"SERVER_HELLO"},

-{ERR_FUNC(SSL_F_SERVER_VERIFY),	"SERVER_VERIFY"},

-{ERR_FUNC(SSL_F_SSL23_ACCEPT),	"SSL23_ACCEPT"},

-{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO),	"SSL23_CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_SSL23_CONNECT),	"SSL23_CONNECT"},

-{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO),	"SSL23_GET_CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO),	"SSL23_GET_SERVER_HELLO"},

-{ERR_FUNC(SSL_F_SSL23_PEEK),	"SSL23_PEEK"},

-{ERR_FUNC(SSL_F_SSL23_READ),	"SSL23_READ"},

-{ERR_FUNC(SSL_F_SSL23_WRITE),	"SSL23_WRITE"},

-{ERR_FUNC(SSL_F_SSL2_ACCEPT),	"SSL2_ACCEPT"},

-{ERR_FUNC(SSL_F_SSL2_CONNECT),	"SSL2_CONNECT"},

-{ERR_FUNC(SSL_F_SSL2_ENC_INIT),	"SSL2_ENC_INIT"},

-{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),	"SSL2_GENERATE_KEY_MATERIAL"},

-{ERR_FUNC(SSL_F_SSL2_PEEK),	"SSL2_PEEK"},

-{ERR_FUNC(SSL_F_SSL2_READ),	"SSL2_READ"},

-{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL),	"SSL2_READ_INTERNAL"},

-{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE),	"SSL2_SET_CERTIFICATE"},

-{ERR_FUNC(SSL_F_SSL2_WRITE),	"SSL2_WRITE"},

-{ERR_FUNC(SSL_F_SSL3_ACCEPT),	"SSL3_ACCEPT"},

-{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),	"SSL3_CALLBACK_CTRL"},

-{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),	"SSL3_CHANGE_CIPHER_STATE"},

-{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),	"SSL3_CHECK_CERT_AND_ALGORITHM"},

-{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),	"SSL3_CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},

-{ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},

-{ERR_FUNC(SSL_F_SSL3_CTX_CTRL),	"SSL3_CTX_CTRL"},

-{ERR_FUNC(SSL_F_SSL3_ENC),	"SSL3_ENC"},

-{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),	"SSL3_GENERATE_KEY_BLOCK"},

-{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),	"SSL3_GET_CERTIFICATE_REQUEST"},

-{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY),	"SSL3_GET_CERT_VERIFY"},

-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),	"SSL3_GET_CLIENT_CERTIFICATE"},

-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO),	"SSL3_GET_CLIENT_HELLO"},

-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),	"SSL3_GET_CLIENT_KEY_EXCHANGE"},

-{ERR_FUNC(SSL_F_SSL3_GET_FINISHED),	"SSL3_GET_FINISHED"},

-{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE),	"SSL3_GET_KEY_EXCHANGE"},

-{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE),	"SSL3_GET_MESSAGE"},

-{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),	"SSL3_GET_NEW_SESSION_TICKET"},

-{ERR_FUNC(SSL_F_SSL3_GET_RECORD),	"SSL3_GET_RECORD"},

-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),	"SSL3_GET_SERVER_CERTIFICATE"},

-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),	"SSL3_GET_SERVER_DONE"},

-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO),	"SSL3_GET_SERVER_HELLO"},

-{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET),	"SSL3_NEW_SESSION_TICKET"},

-{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN),	"SSL3_OUTPUT_CERT_CHAIN"},

-{ERR_FUNC(SSL_F_SSL3_PEEK),	"SSL3_PEEK"},

-{ERR_FUNC(SSL_F_SSL3_READ_BYTES),	"SSL3_READ_BYTES"},

-{ERR_FUNC(SSL_F_SSL3_READ_N),	"SSL3_READ_N"},

-{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),	"SSL3_SEND_CERTIFICATE_REQUEST"},

-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),	"SSL3_SEND_CLIENT_CERTIFICATE"},

-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},

-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY),	"SSL3_SEND_CLIENT_VERIFY"},

-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),	"SSL3_SEND_SERVER_CERTIFICATE"},

-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO),	"SSL3_SEND_SERVER_HELLO"},

-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},

-{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS),	"SSL3_SETUP_BUFFERS"},

-{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),	"SSL3_SETUP_KEY_BLOCK"},

-{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),	"SSL3_WRITE_BYTES"},

-{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),	"SSL3_WRITE_PENDING"},

-{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),	"SSL_ADD_CLIENTHELLO_TLSEXT"},

-{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),	"SSL_add_dir_cert_subjects_to_stack"},

-{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),	"SSL_add_file_cert_subjects_to_stack"},

-{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),	"SSL_ADD_SERVERHELLO_TLSEXT"},

-{ERR_FUNC(SSL_F_SSL_BAD_METHOD),	"SSL_BAD_METHOD"},

-{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),	"SSL_BYTES_TO_CIPHER_LIST"},

-{ERR_FUNC(SSL_F_SSL_CERT_DUP),	"SSL_CERT_DUP"},

-{ERR_FUNC(SSL_F_SSL_CERT_INST),	"SSL_CERT_INST"},

-{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),	"SSL_CERT_INSTANTIATE"},

-{ERR_FUNC(SSL_F_SSL_CERT_NEW),	"SSL_CERT_NEW"},

-{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY),	"SSL_check_private_key"},

-{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),	"SSL_CHECK_SERVERHELLO_TLSEXT"},

-{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),	"SSL_CIPHER_PROCESS_RULESTR"},

-{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),	"SSL_CIPHER_STRENGTH_SORT"},

-{ERR_FUNC(SSL_F_SSL_CLEAR),	"SSL_clear"},

-{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),	"SSL_COMP_add_compression_method"},

-{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST),	"SSL_CREATE_CIPHER_LIST"},

-{ERR_FUNC(SSL_F_SSL_CTRL),	"SSL_ctrl"},

-{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),	"SSL_CTX_check_private_key"},

-{ERR_FUNC(SSL_F_SSL_CTX_NEW),	"SSL_CTX_new"},

-{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),	"SSL_CTX_set_cipher_list"},

-{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE),	"SSL_CTX_set_purpose"},

-{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),	"SSL_CTX_set_session_id_context"},

-{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION),	"SSL_CTX_set_ssl_version"},

-{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST),	"SSL_CTX_set_trust"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE),	"SSL_CTX_use_certificate"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),	"SSL_CTX_use_certificate_ASN1"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),	"SSL_CTX_use_certificate_chain_file"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),	"SSL_CTX_use_certificate_file"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY),	"SSL_CTX_use_PrivateKey"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),	"SSL_CTX_use_PrivateKey_ASN1"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),	"SSL_CTX_use_PrivateKey_file"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY),	"SSL_CTX_use_RSAPrivateKey"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),	"SSL_CTX_use_RSAPrivateKey_ASN1"},

-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),	"SSL_CTX_use_RSAPrivateKey_file"},

-{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE),	"SSL_do_handshake"},

-{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),	"SSL_GET_NEW_SESSION"},

-{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),	"SSL_GET_PREV_SESSION"},

-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),	"SSL_GET_SERVER_SEND_CERT"},

-{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),	"SSL_GET_SIGN_PKEY"},

-{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),	"SSL_INIT_WBIO_BUFFER"},

-{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},

-{ERR_FUNC(SSL_F_SSL_NEW),	"SSL_new"},

-{ERR_FUNC(SSL_F_SSL_PEEK),	"SSL_peek"},

-{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),	"SSL_PREPARE_CLIENTHELLO_TLSEXT"},

-{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),	"SSL_PREPARE_SERVERHELLO_TLSEXT"},

-{ERR_FUNC(SSL_F_SSL_READ),	"SSL_read"},

-{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),	"SSL_RSA_PRIVATE_DECRYPT"},

-{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),	"SSL_RSA_PUBLIC_ENCRYPT"},

-{ERR_FUNC(SSL_F_SSL_SESSION_NEW),	"SSL_SESSION_new"},

-{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},

-{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),	"SSL_SESS_CERT_NEW"},

-{ERR_FUNC(SSL_F_SSL_SET_CERT),	"SSL_SET_CERT"},

-{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST),	"SSL_set_cipher_list"},

-{ERR_FUNC(SSL_F_SSL_SET_FD),	"SSL_set_fd"},

-{ERR_FUNC(SSL_F_SSL_SET_PKEY),	"SSL_SET_PKEY"},

-{ERR_FUNC(SSL_F_SSL_SET_PURPOSE),	"SSL_set_purpose"},

-{ERR_FUNC(SSL_F_SSL_SET_RFD),	"SSL_set_rfd"},

-{ERR_FUNC(SSL_F_SSL_SET_SESSION),	"SSL_set_session"},

-{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),	"SSL_set_session_id_context"},

-{ERR_FUNC(SSL_F_SSL_SET_TRUST),	"SSL_set_trust"},

-{ERR_FUNC(SSL_F_SSL_SET_WFD),	"SSL_set_wfd"},

-{ERR_FUNC(SSL_F_SSL_SHUTDOWN),	"SSL_shutdown"},

-{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),	"SSL_UNDEFINED_CONST_FUNCTION"},

-{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION),	"SSL_UNDEFINED_FUNCTION"},

-{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),	"SSL_UNDEFINED_VOID_FUNCTION"},

-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE),	"SSL_use_certificate"},

-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1),	"SSL_use_certificate_ASN1"},

-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE),	"SSL_use_certificate_file"},

-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY),	"SSL_use_PrivateKey"},

-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1),	"SSL_use_PrivateKey_ASN1"},

-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE),	"SSL_use_PrivateKey_file"},

-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY),	"SSL_use_RSAPrivateKey"},

-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),	"SSL_use_RSAPrivateKey_ASN1"},

-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),	"SSL_use_RSAPrivateKey_file"},

-{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN),	"SSL_VERIFY_CERT_CHAIN"},

-{ERR_FUNC(SSL_F_SSL_WRITE),	"SSL_write"},

-{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE),	"TLS1_CHANGE_CIPHER_STATE"},

-{ERR_FUNC(SSL_F_TLS1_ENC),	"TLS1_ENC"},

-{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),	"TLS1_SETUP_KEY_BLOCK"},

-{ERR_FUNC(SSL_F_WRITE_PENDING),	"WRITE_PENDING"},

-{0,NULL}

-	};

-static ERR_STRING_DATA SSL_str_reasons[]=

-	{

-{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},

-{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},

-{ERR_REASON(SSL_R_BAD_ALERT_RECORD)      ,"bad alert record"},

-{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},

-{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},

-{ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},

-{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},

-{ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},

-{ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},

-{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},

-{ERR_REASON(SSL_R_BAD_DH_P_LENGTH)       ,"bad dh p length"},

-{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH)     ,"bad digest length"},

-{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE)     ,"bad dsa signature"},

-{ERR_REASON(SSL_R_BAD_ECC_CERT)          ,"bad ecc cert"},

-{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   ,"bad ecdsa signature"},

-{ERR_REASON(SSL_R_BAD_ECPOINT)           ,"bad ecpoint"},

-{ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},

-{ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},

-{ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},

-{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      ,"bad message type"},

-{ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     ,"bad packet length"},

-{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},

-{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},

-{ERR_REASON(SSL_R_BAD_RSA_DECRYPT)       ,"bad rsa decrypt"},

-{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT)       ,"bad rsa encrypt"},

-{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH)      ,"bad rsa e length"},

-{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},

-{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE)     ,"bad rsa signature"},

-{ERR_REASON(SSL_R_BAD_SIGNATURE)         ,"bad signature"},

-{ERR_REASON(SSL_R_BAD_SSL_FILETYPE)      ,"bad ssl filetype"},

-{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},

-{ERR_REASON(SSL_R_BAD_STATE)             ,"bad state"},

-{ERR_REASON(SSL_R_BAD_WRITE_RETRY)       ,"bad write retry"},

-{ERR_REASON(SSL_R_BIO_NOT_SET)           ,"bio not set"},

-{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},

-{ERR_REASON(SSL_R_BN_LIB)                ,"bn lib"},

-{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},

-{ERR_REASON(SSL_R_CA_DN_TOO_LONG)        ,"ca dn too long"},

-{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    ,"ccs received early"},

-{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},

-{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  ,"cert length mismatch"},

-{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},

-{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},

-{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},

-{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},

-{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    ,"clienthello tlsext"},

-{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},

-{ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},

-{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},

-{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},

-{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},

-{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},

-{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},

-{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},

-{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},

-{ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},

-{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},

-{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},

-{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},

-{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},

-{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},

-{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},

-{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},

-{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},

-{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},

-{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},

-{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},

-{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},

-{ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},

-{ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},

-{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},

-{ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},

-{ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},

-{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},

-{ERR_REASON(SSL_R_INVALID_TRUST)         ,"invalid trust"},

-{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG)      ,"key arg too long"},

-{ERR_REASON(SSL_R_KRB5)                  ,"krb5"},

-{ERR_REASON(SSL_R_KRB5_C_CC_PRINC)       ,"krb5 client cc principal (no tkt?)"},

-{ERR_REASON(SSL_R_KRB5_C_GET_CRED)       ,"krb5 client get cred"},

-{ERR_REASON(SSL_R_KRB5_C_INIT)           ,"krb5 client init"},

-{ERR_REASON(SSL_R_KRB5_C_MK_REQ)         ,"krb5 client mk_req (expired tkt?)"},

-{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET)     ,"krb5 server bad ticket"},

-{ERR_REASON(SSL_R_KRB5_S_INIT)           ,"krb5 server init"},

-{ERR_REASON(SSL_R_KRB5_S_RD_REQ)         ,"krb5 server rd_req (keytab perms?)"},

-{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED)    ,"krb5 server tkt expired"},

-{ERR_REASON(SSL_R_KRB5_S_TKT_NYV)        ,"krb5 server tkt not yet valid"},

-{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW)       ,"krb5 server tkt skew"},

-{ERR_REASON(SSL_R_LENGTH_MISMATCH)       ,"length mismatch"},

-{ERR_REASON(SSL_R_LENGTH_TOO_SHORT)      ,"length too short"},

-{ERR_REASON(SSL_R_LIBRARY_BUG)           ,"library bug"},

-{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},

-{ERR_REASON(SSL_R_MESSAGE_TOO_LONG)      ,"message too long"},

-{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT)   ,"missing dh dsa cert"},

-{ERR_REASON(SSL_R_MISSING_DH_KEY)        ,"missing dh key"},

-{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT)   ,"missing dh rsa cert"},

-{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},

-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},

-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},

-{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},

-{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},

-{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},

-{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    ,"missing tmp dh key"},

-{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY)  ,"missing tmp ecdh key"},

-{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},

-{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},

-{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},

-{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},

-{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},

-{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},

-{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},

-{ERR_REASON(SSL_R_NO_CERTIFICATE_SET)    ,"no certificate set"},

-{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},

-{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE)  ,"no ciphers available"},

-{ERR_REASON(SSL_R_NO_CIPHERS_PASSED)     ,"no ciphers passed"},

-{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED)  ,"no ciphers specified"},

-{ERR_REASON(SSL_R_NO_CIPHER_LIST)        ,"no cipher list"},

-{ERR_REASON(SSL_R_NO_CIPHER_MATCH)       ,"no cipher match"},

-{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},

-{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},

-{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},

-{ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},

-{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},

-{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},

-{ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},

-{ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},

-{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},

-{ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},

-{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},

-{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},

-{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},

-{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},

-{ERR_REASON(SSL_R_PARSE_TLSEXT)          ,"parse tlsext"},

-{ERR_REASON(SSL_R_PATH_TOO_LONG)         ,"path too long"},

-{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},

-{ERR_REASON(SSL_R_PEER_ERROR)            ,"peer error"},

-{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},

-{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},

-{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},

-{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},

-{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},

-{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},

-{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},

-{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},

-{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},

-{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},

-{ERR_REASON(SSL_R_READ_BIO_NOT_SET)      ,"read bio not set"},

-{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},

-{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},

-{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},

-{ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},

-{ERR_REASON(SSL_R_RECORD_TOO_SMALL)      ,"record too small"},

-{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},

-{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},

-{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},

-{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},

-{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},

-{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},

-{ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},

-{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},

-{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},

-{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},

-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},

-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},

-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},

-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},

-{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},

-{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},

-{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},

-{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},

-{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},

-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},

-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},

-{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},

-{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},

-{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},

-{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},

-{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},

-{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},

-{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},

-{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},

-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},

-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},

-{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},

-{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},

-{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},

-{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},

-{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},

-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},

-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},

-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},

-{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE)    ,"unexpected message"},

-{ERR_REASON(SSL_R_UNEXPECTED_RECORD)     ,"unexpected record"},

-{ERR_REASON(SSL_R_UNINITIALIZED)         ,"uninitialized"},

-{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE)    ,"unknown alert type"},

-{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},

-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},

-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE)   ,"unknown cipher type"},

-{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},

-{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE)     ,"unknown pkey type"},

-{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL)      ,"unknown protocol"},

-{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},

-{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   ,"unknown ssl version"},

-{ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},

-{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},

-{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},

-{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},

-{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  ,"unsupported protocol"},

-{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},

-{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     ,"write bio not set"},

-{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},

-{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    ,"wrong message type"},

-{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},

-{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},

-{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  ,"wrong signature size"},

-{ERR_REASON(SSL_R_WRONG_SSL_VERSION)     ,"wrong ssl version"},

-{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},

-{ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},

-{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},

-{0,NULL}

-	};

-#endif

-void ERR_load_SSL_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)

-		{

-		ERR_load_strings(0,SSL_str_functs);

-		ERR_load_strings(0,SSL_str_reasons);

-		}

-#endif

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_err2.c

+++ /dev/null

@@ -1,70 +1,0 @@

-/* ssl/ssl_err2.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-void SSL_load_error_strings(void)

-	{

-#ifndef OPENSSL_NO_ERR

-	ERR_load_crypto_strings();

-	ERR_load_SSL_strings();

-#endif

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_lib.c

+++ /dev/null

@@ -1,2651 +1,0 @@

-/*! \file ssl/ssl_lib.c

- *  \brief Version independent SSL functions.

- */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifdef REF_CHECK

-#  include <assert.h>

-#endif

-#include <stdio.h>

-#include "ssl_locl.h"

-#include "kssl_lcl.h"

-#include <openssl/objects.h>

-#include <openssl/lhash.h>

-#include <openssl/x509v3.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-const char *SSL_version_str=OPENSSL_VERSION_TEXT;

-SSL3_ENC_METHOD ssl3_undef_enc_method={

-	/* evil casts, but these functions are only called if there's a library bug */

-	(int (*)(SSL *,int))ssl_undefined_function,

-	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,

-	ssl_undefined_function,

-	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,

-	(int (*)(SSL*, int))ssl_undefined_function,

-	(int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,

-	0,	/* finish_mac_length */

-	(int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,

-	NULL,	/* client_finished_label */

-	0,	/* client_finished_label_len */

-	NULL,	/* server_finished_label */

-	0,	/* server_finished_label_len */

-	(int (*)(int))ssl_undefined_function

-	};

-int SSL_clear(SSL *s)

-	{

-	if (s->method == NULL)

-		{

-		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);

-		return(0);

-		}

-	if (ssl_clear_bad_session(s))

-		{

-		SSL_SESSION_free(s->session);

-		s->session=NULL;

-		}

-	s->error=0;

-	s->hit=0;

-	s->shutdown=0;

-#if 0 /* Disabled since version 1.10 of this file (early return not

-       * needed because SSL_clear is not called when doing renegotiation) */

-	/* This is set if we are doing dynamic renegotiation so keep

-	 * the old cipher.  It is sort of a SSL_clear_lite :-) */

-	if (s->new_session) return(1);

-#else

-	if (s->new_session)

-		{

-		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);

-		return 0;

-		}

-#endif

-	s->type=0;

-	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);

-	s->version=s->method->version;

-	s->client_version=s->version;

-	s->rwstate=SSL_NOTHING;

-	s->rstate=SSL_ST_READ_HEADER;

-#if 0

-	s->read_ahead=s->ctx->read_ahead;

-#endif

-	if (s->init_buf != NULL)

-		{

-		BUF_MEM_free(s->init_buf);

-		s->init_buf=NULL;

-		}

-	ssl_clear_cipher_ctx(s);

-	s->first_packet=0;

-#if 1

-	/* Check to see if we were changed into a different method, if

-	 * so, revert back if we are not doing session-id reuse. */

-	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))

-		{

-		s->method->ssl_free(s);

-		s->method=s->ctx->method;

-		if (!s->method->ssl_new(s))

-			return(0);

-		}

-	else

-#endif

-		s->method->ssl_clear(s);

-	return(1);

-	}

-/** Used to change an SSL_CTXs default SSL method type */

-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)

-	{

-	STACK_OF(SSL_CIPHER) *sk;

-	ctx->method=meth;

-	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),

-		&(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);

-	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))

-		{

-		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);

-		return(0);

-		}

-	return(1);

-	}

-SSL *SSL_new(SSL_CTX *ctx)

-	{

-	SSL *s;

-	if (ctx == NULL)

-		{

-		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);

-		return(NULL);

-		}

-	if (ctx->method == NULL)

-		{

-		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);

-		return(NULL);

-		}

-	s=(SSL *)OPENSSL_malloc(sizeof(SSL));

-	if (s == NULL) goto err;

-	memset(s,0,sizeof(SSL));

-#ifndef	OPENSSL_NO_KRB5

-	s->kssl_ctx = kssl_ctx_new();

-#endif	/* OPENSSL_NO_KRB5 */

-	s->options=ctx->options;

-	s->mode=ctx->mode;

-	s->max_cert_list=ctx->max_cert_list;

-	if (ctx->cert != NULL)

-		{

-		/* Earlier library versions used to copy the pointer to

-		 * the CERT, not its contents; only when setting new

-		 * parameters for the per-SSL copy, ssl_cert_new would be

-		 * called (and the direct reference to the per-SSL_CTX

-		 * settings would be lost, but those still were indirectly

-		 * accessed for various purposes, and for that reason they

-		 * used to be known as s->ctx->default_cert).

-		 * Now we don't look at the SSL_CTX's CERT after having

-		 * duplicated it once. */

-		s->cert = ssl_cert_dup(ctx->cert);

-		if (s->cert == NULL)

-			goto err;

-		}

-	else

-		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */

-	s->read_ahead=ctx->read_ahead;

-	s->msg_callback=ctx->msg_callback;

-	s->msg_callback_arg=ctx->msg_callback_arg;

-	s->verify_mode=ctx->verify_mode;

-#if 0

-	s->verify_depth=ctx->verify_depth;

-#endif

-	s->sid_ctx_length=ctx->sid_ctx_length;

-	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);

-	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));

-	s->verify_callback=ctx->default_verify_callback;

-	s->generate_session_id=ctx->generate_session_id;

-	s->param = X509_VERIFY_PARAM_new();

-	if (!s->param)

-		goto err;

-	X509_VERIFY_PARAM_inherit(s->param, ctx->param);

-#if 0

-	s->purpose = ctx->purpose;

-	s->trust = ctx->trust;

-#endif

-	s->quiet_shutdown=ctx->quiet_shutdown;

-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);

-	s->ctx=ctx;

-#ifndef OPENSSL_NO_TLSEXT

-	s->tlsext_debug_cb = 0;

-	s->tlsext_debug_arg = NULL;

-	s->tlsext_ticket_expected = 0;

-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);

-	s->initial_ctx=ctx;

-#endif

-	s->verify_result=X509_V_OK;

-	s->method=ctx->method;

-	if (!s->method->ssl_new(s))

-		goto err;

-	s->references=1;

-	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;

-	SSL_clear(s);

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

-	return(s);

-err:

-	if (s != NULL)

-		{

-		if (s->cert != NULL)

-			ssl_cert_free(s->cert);

-		if (s->ctx != NULL)

-			SSL_CTX_free(s->ctx); /* decrement reference count */

-		OPENSSL_free(s);

-		}

-	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);

-	return(NULL);

-	}

-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,

-				   unsigned int sid_ctx_len)

-    {

-    if(sid_ctx_len > sizeof ctx->sid_ctx)

-	{

-	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);

-	return 0;

-	}

-    ctx->sid_ctx_length=sid_ctx_len;

-    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);

-    return 1;

-    }

-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,

-			       unsigned int sid_ctx_len)

-    {

-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)

-	{

-	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);

-	return 0;

-	}

-    ssl->sid_ctx_length=sid_ctx_len;

-    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);

-    return 1;

-    }

-int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

-	ctx->generate_session_id = cb;

-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

-	return 1;

-	}

-int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)

-	{

-	CRYPTO_w_lock(CRYPTO_LOCK_SSL);

-	ssl->generate_session_id = cb;

-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);

-	return 1;

-	}

-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,

-				unsigned int id_len)

-	{

-	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how

-	 * we can "construct" a session to give us the desired check - ie. to

-	 * find if there's a session in the hash table that would conflict with

-	 * any new session built out of this id/id_len and the ssl_version in

-	 * use by this SSL. */

-	SSL_SESSION r, *p;

-	if(id_len > sizeof r.session_id)

-		return 0;

-	r.ssl_version = ssl->version;

-	r.session_id_length = id_len;

-	memcpy(r.session_id, id, id_len);

-	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a

-	 * callback is calling us to check the uniqueness of a shorter ID, it

-	 * must be compared as a padded-out ID because that is what it will be

-	 * converted to when the callback has finished choosing it. */

-	if((r.ssl_version == SSL2_VERSION) &&

-			(id_len < SSL2_SSL_SESSION_ID_LENGTH))

-		{

-		memset(r.session_id + id_len, 0,

-			SSL2_SSL_SESSION_ID_LENGTH - id_len);

-		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;

-		}

-	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

-	p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);

-	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

-	return (p != NULL);

-	}

-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)

-	{

-	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);

-	}

-int SSL_set_purpose(SSL *s, int purpose)

-	{

-	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);

-	}

-int SSL_CTX_set_trust(SSL_CTX *s, int trust)

-	{

-	return X509_VERIFY_PARAM_set_trust(s->param, trust);

-	}

-int SSL_set_trust(SSL *s, int trust)

-	{

-	return X509_VERIFY_PARAM_set_trust(s->param, trust);

-	}

-void SSL_free(SSL *s)

-	{

-	int i;

-	if(s == NULL)

-	    return;

-	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);

-#ifdef REF_PRINT

-	REF_PRINT("SSL",s);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"SSL_free, bad reference count\n");

-		abort(); /* ok */

-		}

-#endif

-	if (s->param)

-		X509_VERIFY_PARAM_free(s->param);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

-	if (s->bbio != NULL)

-		{

-		/* If the buffering BIO is in place, pop it off */

-		if (s->bbio == s->wbio)

-			{

-			s->wbio=BIO_pop(s->wbio);

-			}

-		BIO_free(s->bbio);

-		s->bbio=NULL;

-		}

-	if (s->rbio != NULL)

-		BIO_free_all(s->rbio);

-	if ((s->wbio != NULL) && (s->wbio != s->rbio))

-		BIO_free_all(s->wbio);

-	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);

-	/* add extra stuff */

-	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);

-	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);

-	/* Make the next call work :-) */

-	if (s->session != NULL)

-		{

-		ssl_clear_bad_session(s);

-		SSL_SESSION_free(s->session);

-		}

-	ssl_clear_cipher_ctx(s);

-	if (s->cert != NULL) ssl_cert_free(s->cert);

-	/* Free up if allocated */

-	if (s->ctx) SSL_CTX_free(s->ctx);

-#ifndef OPENSSL_NO_TLSEXT

-	if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);

-#endif

-	if (s->client_CA != NULL)

-		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);

-	if (s->method != NULL) s->method->ssl_free(s);

-#ifndef	OPENSSL_NO_KRB5

-	if (s->kssl_ctx != NULL)

-		kssl_ctx_free(s->kssl_ctx);

-#endif	/* OPENSSL_NO_KRB5 */

-	OPENSSL_free(s);

-	}

-void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)

-	{

-	/* If the output buffering BIO is still in place, remove it

-	 */

-	if (s->bbio != NULL)

-		{

-		if (s->wbio == s->bbio)

-			{

-			s->wbio=s->wbio->next_bio;

-			s->bbio->next_bio=NULL;

-			}

-		}

-	if ((s->rbio != NULL) && (s->rbio != rbio))

-		BIO_free_all(s->rbio);

-	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))

-		BIO_free_all(s->wbio);

-	s->rbio=rbio;

-	s->wbio=wbio;

-	}

-BIO *SSL_get_rbio(const SSL *s)

-	{ return(s->rbio); }

-BIO *SSL_get_wbio(const SSL *s)

-	{ return(s->wbio); }

-int SSL_get_fd(const SSL *s)

-	{

-	return(SSL_get_rfd(s));

-	}

-int SSL_get_rfd(const SSL *s)

-	{

-	int ret= -1;

-	BIO *b,*r;

-	b=SSL_get_rbio(s);

-	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);

-	if (r != NULL)

-		BIO_get_fd(r,&ret);

-	return(ret);

-	}

-int SSL_get_wfd(const SSL *s)

-	{

-	int ret= -1;

-	BIO *b,*r;

-	b=SSL_get_wbio(s);

-	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);

-	if (r != NULL)

-		BIO_get_fd(r,&ret);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_SOCK

-int SSL_set_fd(SSL *s,int fd)

-	{

-	int ret=0;

-	BIO *bio=NULL;

-	bio=BIO_new(BIO_s_socket());

-	if (bio == NULL)

-		{

-		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);

-		goto err;

-		}

-	BIO_set_fd(bio,fd,BIO_NOCLOSE);

-	SSL_set_bio(s,bio,bio);

-	ret=1;

-err:

-	return(ret);

-	}

-int SSL_set_wfd(SSL *s,int fd)

-	{

-	int ret=0;

-	BIO *bio=NULL;

-	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)

-		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))

-		{

-		bio=BIO_new(BIO_s_socket());

-		if (bio == NULL)

-			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }

-		BIO_set_fd(bio,fd,BIO_NOCLOSE);

-		SSL_set_bio(s,SSL_get_rbio(s),bio);

-		}

-	else

-		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));

-	ret=1;

-err:

-	return(ret);

-	}

-int SSL_set_rfd(SSL *s,int fd)

-	{

-	int ret=0;

-	BIO *bio=NULL;

-	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)

-		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))

-		{

-		bio=BIO_new(BIO_s_socket());

-		if (bio == NULL)

-			{

-			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);

-			goto err;

-			}

-		BIO_set_fd(bio,fd,BIO_NOCLOSE);

-		SSL_set_bio(s,bio,SSL_get_wbio(s));

-		}

-	else

-		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));

-	ret=1;

-err:

-	return(ret);

-	}

-#endif

-/* return length of latest Finished message we sent, copy to 'buf' */

-size_t SSL_get_finished(const SSL *s, void *buf, size_t count)

-	{

-	size_t ret = 0;

-	if (s->s3 != NULL)

-		{

-		ret = s->s3->tmp.finish_md_len;

-		if (count > ret)

-			count = ret;

-		memcpy(buf, s->s3->tmp.finish_md, count);

-		}

-	return ret;

-	}

-/* return length of latest Finished message we expected, copy to 'buf' */

-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)

-	{

-	size_t ret = 0;

-	if (s->s3 != NULL)

-		{

-		ret = s->s3->tmp.peer_finish_md_len;

-		if (count > ret)

-			count = ret;

-		memcpy(buf, s->s3->tmp.peer_finish_md, count);

-		}

-	return ret;

-	}

-int SSL_get_verify_mode(const SSL *s)

-	{

-	return(s->verify_mode);

-	}

-int SSL_get_verify_depth(const SSL *s)

-	{

-	return X509_VERIFY_PARAM_get_depth(s->param);

-	}

-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)

-	{

-	return(s->verify_callback);

-	}

-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)

-	{

-	return(ctx->verify_mode);

-	}

-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)

-	{

-	return X509_VERIFY_PARAM_get_depth(ctx->param);

-	}

-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)

-	{

-	return(ctx->default_verify_callback);

-	}

-void SSL_set_verify(SSL *s,int mode,

-		    int (*callback)(int ok,X509_STORE_CTX *ctx))

-	{

-	s->verify_mode=mode;

-	if (callback != NULL)

-		s->verify_callback=callback;

-	}

-void SSL_set_verify_depth(SSL *s,int depth)

-	{

-	X509_VERIFY_PARAM_set_depth(s->param, depth);

-	}

-void SSL_set_read_ahead(SSL *s,int yes)

-	{

-	s->read_ahead=yes;

-	}

-int SSL_get_read_ahead(const SSL *s)

-	{

-	return(s->read_ahead);

-	}

-int SSL_pending(const SSL *s)

-	{

-	/* SSL_pending cannot work properly if read-ahead is enabled

-	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),

-	 * and it is impossible to fix since SSL_pending cannot report

-	 * errors that may be observed while scanning the new data.

-	 * (Note that SSL_pending() is often used as a boolean value,

-	 * so we'd better not return -1.)

-	 */

-	return(s->method->ssl_pending(s));

-	}

-X509 *SSL_get_peer_certificate(const SSL *s)

-	{

-	X509 *r;

-	if ((s == NULL) || (s->session == NULL))

-		r=NULL;

-	else

-		r=s->session->peer;

-	if (r == NULL) return(r);

-	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);

-	return(r);

-	}

-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)

-	{

-	STACK_OF(X509) *r;

-	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))

-		r=NULL;

-	else

-		r=s->session->sess_cert->cert_chain;

-	/* If we are a client, cert_chain includes the peer's own

-	 * certificate; if we are a server, it does not. */

-	return(r);

-	}

-/* Now in theory, since the calling process own 't' it should be safe to

- * modify.  We need to be able to read f without being hassled */

-void SSL_copy_session_id(SSL *t,const SSL *f)

-	{

-	CERT *tmp;

-	/* Do we need to to SSL locking? */

-	SSL_set_session(t,SSL_get_session(f));

-	/* what if we are setup as SSLv2 but want to talk SSLv3 or

-	 * vice-versa */

-	if (t->method != f->method)

-		{

-		t->method->ssl_free(t);	/* cleanup current */

-		t->method=f->method;	/* change method */

-		t->method->ssl_new(t);	/* setup new */

-		}

-	tmp=t->cert;

-	if (f->cert != NULL)

-		{

-		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);

-		t->cert=f->cert;

-		}

-	else

-		t->cert=NULL;

-	if (tmp != NULL) ssl_cert_free(tmp);

-	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);

-	}

-/* Fix this so it checks all the valid key/cert options */

-int SSL_CTX_check_private_key(const SSL_CTX *ctx)

-	{

-	if (	(ctx == NULL) ||

-		(ctx->cert == NULL) ||

-		(ctx->cert->key->x509 == NULL))

-		{

-		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);

-		return(0);

-		}

-	if 	(ctx->cert->key->privatekey == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);

-		return(0);

-		}

-	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));

-	}

-/* Fix this function so that it takes an optional type parameter */

-int SSL_check_private_key(const SSL *ssl)

-	{

-	if (ssl == NULL)

-		{

-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (ssl->cert == NULL)

-		{

-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);

-		return 0;

-		}

-	if (ssl->cert->key->x509 == NULL)

-		{

-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);

-		return(0);

-		}

-	if (ssl->cert->key->privatekey == NULL)

-		{

-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);

-		return(0);

-		}

-	return(X509_check_private_key(ssl->cert->key->x509,

-		ssl->cert->key->privatekey));

-	}

-int SSL_accept(SSL *s)

-	{

-	if (s->handshake_func == 0)

-		/* Not properly initialized yet */

-		SSL_set_accept_state(s);

-	return(s->method->ssl_accept(s));

-	}

-int SSL_connect(SSL *s)

-	{

-	if (s->handshake_func == 0)

-		/* Not properly initialized yet */

-		SSL_set_connect_state(s);

-	return(s->method->ssl_connect(s));

-	}

-long SSL_get_default_timeout(const SSL *s)

-	{

-	return(s->method->get_timeout());

-	}

-int SSL_read(SSL *s,void *buf,int num)

-	{

-	if (s->handshake_func == 0)

-		{

-		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);

-		return -1;

-		}

-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)

-		{

-		s->rwstate=SSL_NOTHING;

-		return(0);

-		}

-	return(s->method->ssl_read(s,buf,num));

-	}

-int SSL_peek(SSL *s,void *buf,int num)

-	{

-	if (s->handshake_func == 0)

-		{

-		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);

-		return -1;

-		}

-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)

-		{

-		return(0);

-		}

-	return(s->method->ssl_peek(s,buf,num));

-	}

-int SSL_write(SSL *s,const void *buf,int num)

-	{

-	if (s->handshake_func == 0)

-		{

-		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);

-		return -1;

-		}

-	if (s->shutdown & SSL_SENT_SHUTDOWN)

-		{

-		s->rwstate=SSL_NOTHING;

-		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);

-		return(-1);

-		}

-	return(s->method->ssl_write(s,buf,num));

-	}

-int SSL_shutdown(SSL *s)

-	{

-	/* Note that this function behaves differently from what one might

-	 * expect.  Return values are 0 for no success (yet),

-	 * 1 for success; but calling it once is usually not enough,

-	 * even if blocking I/O is used (see ssl3_shutdown).

-	 */

-	if (s->handshake_func == 0)

-		{

-		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);

-		return -1;

-		}

-	if ((s != NULL) && !SSL_in_init(s))

-		return(s->method->ssl_shutdown(s));

-	else

-		return(1);

-	}

-int SSL_renegotiate(SSL *s)

-	{

-	if (s->new_session == 0)

-		{

-		s->new_session=1;

-		}

-	return(s->method->ssl_renegotiate(s));

-	}

-int SSL_renegotiate_pending(SSL *s)

-	{

-	/* becomes true when negotiation is requested;

-	 * false again once a handshake has finished */

-	return (s->new_session != 0);

-	}

-long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)

-	{

-	long l;

-	switch (cmd)

-		{

-	case SSL_CTRL_GET_READ_AHEAD:

-		return(s->read_ahead);

-	case SSL_CTRL_SET_READ_AHEAD:

-		l=s->read_ahead;

-		s->read_ahead=larg;

-		return(l);

-	case SSL_CTRL_SET_MSG_CALLBACK_ARG:

-		s->msg_callback_arg = parg;

-		return 1;

-	case SSL_CTRL_OPTIONS:

-		return(s->options|=larg);

-	case SSL_CTRL_MODE:

-		return(s->mode|=larg);

-	case SSL_CTRL_GET_MAX_CERT_LIST:

-		return(s->max_cert_list);

-	case SSL_CTRL_SET_MAX_CERT_LIST:

-		l=s->max_cert_list;

-		s->max_cert_list=larg;

-		return(l);

-	case SSL_CTRL_SET_MTU:

-		if (SSL_version(s) == DTLS1_VERSION)

-			{

-			s->d1->mtu = larg;

-			return larg;

-			}

-		return 0;

-	default:

-		return(s->method->ssl_ctrl(s,cmd,larg,parg));

-		}

-	}

-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))

-	{

-	switch(cmd)

-		{

-	case SSL_CTRL_SET_MSG_CALLBACK:

-		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);

-		return 1;

-	default:

-		return(s->method->ssl_callback_ctrl(s,cmd,fp));

-		}

-	}

-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)

-	{

-	return ctx->sessions;

-	}

-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)

-	{

-	long l;

-	switch (cmd)

-		{

-	case SSL_CTRL_GET_READ_AHEAD:

-		return(ctx->read_ahead);

-	case SSL_CTRL_SET_READ_AHEAD:

-		l=ctx->read_ahead;

-		ctx->read_ahead=larg;

-		return(l);

-	case SSL_CTRL_SET_MSG_CALLBACK_ARG:

-		ctx->msg_callback_arg = parg;

-		return 1;

-	case SSL_CTRL_GET_MAX_CERT_LIST:

-		return(ctx->max_cert_list);

-	case SSL_CTRL_SET_MAX_CERT_LIST:

-		l=ctx->max_cert_list;

-		ctx->max_cert_list=larg;

-		return(l);

-	case SSL_CTRL_SET_SESS_CACHE_SIZE:

-		l=ctx->session_cache_size;

-		ctx->session_cache_size=larg;

-		return(l);

-	case SSL_CTRL_GET_SESS_CACHE_SIZE:

-		return(ctx->session_cache_size);

-	case SSL_CTRL_SET_SESS_CACHE_MODE:

-		l=ctx->session_cache_mode;

-		ctx->session_cache_mode=larg;

-		return(l);

-	case SSL_CTRL_GET_SESS_CACHE_MODE:

-		return(ctx->session_cache_mode);

-	case SSL_CTRL_SESS_NUMBER:

-		return(ctx->sessions->num_items);

-	case SSL_CTRL_SESS_CONNECT:

-		return(ctx->stats.sess_connect);

-	case SSL_CTRL_SESS_CONNECT_GOOD:

-		return(ctx->stats.sess_connect_good);

-	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:

-		return(ctx->stats.sess_connect_renegotiate);

-	case SSL_CTRL_SESS_ACCEPT:

-		return(ctx->stats.sess_accept);

-	case SSL_CTRL_SESS_ACCEPT_GOOD:

-		return(ctx->stats.sess_accept_good);

-	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:

-		return(ctx->stats.sess_accept_renegotiate);

-	case SSL_CTRL_SESS_HIT:

-		return(ctx->stats.sess_hit);

-	case SSL_CTRL_SESS_CB_HIT:

-		return(ctx->stats.sess_cb_hit);

-	case SSL_CTRL_SESS_MISSES:

-		return(ctx->stats.sess_miss);

-	case SSL_CTRL_SESS_TIMEOUTS:

-		return(ctx->stats.sess_timeout);

-	case SSL_CTRL_SESS_CACHE_FULL:

-		return(ctx->stats.sess_cache_full);

-	case SSL_CTRL_OPTIONS:

-		return(ctx->options|=larg);

-	case SSL_CTRL_MODE:

-		return(ctx->mode|=larg);

-	default:

-		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));

-		}

-	}

-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))

-	{

-	switch(cmd)

-		{

-	case SSL_CTRL_SET_MSG_CALLBACK:

-		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);

-		return 1;

-	default:

-		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));

-		}

-	}

-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)

-	{

-	long l;

-	l=a->id-b->id;

-	if (l == 0L)

-		return(0);

-	else

-		return((l > 0)?1:-1);

-	}

-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,

-			const SSL_CIPHER * const *bp)

-	{

-	long l;

-	l=(*ap)->id-(*bp)->id;

-	if (l == 0L)

-		return(0);

-	else

-		return((l > 0)?1:-1);

-	}

-/** return a STACK of the ciphers available for the SSL and in order of

- * preference */

-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)

-	{

-	if (s != NULL)

-		{

-		if (s->cipher_list != NULL)

-			{

-			return(s->cipher_list);

-			}

-		else if ((s->ctx != NULL) &&

-			(s->ctx->cipher_list != NULL))

-			{

-			return(s->ctx->cipher_list);

-			}

-		}

-	return(NULL);

-	}

-/** return a STACK of the ciphers available for the SSL and in order of

- * algorithm id */

-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)

-	{

-	if (s != NULL)

-		{

-		if (s->cipher_list_by_id != NULL)

-			{

-			return(s->cipher_list_by_id);

-			}

-		else if ((s->ctx != NULL) &&

-			(s->ctx->cipher_list_by_id != NULL))

-			{

-			return(s->ctx->cipher_list_by_id);

-			}

-		}

-	return(NULL);

-	}

-/** The old interface to get the same thing as SSL_get_ciphers() */

-const char *SSL_get_cipher_list(const SSL *s,int n)

-	{

-	SSL_CIPHER *c;

-	STACK_OF(SSL_CIPHER) *sk;

-	if (s == NULL) return(NULL);

-	sk=SSL_get_ciphers(s);

-	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))

-		return(NULL);

-	c=sk_SSL_CIPHER_value(sk,n);

-	if (c == NULL) return(NULL);

-	return(c->name);

-	}

-/** specify the ciphers to be used by default by the SSL_CTX */

-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)

-	{

-	STACK_OF(SSL_CIPHER) *sk;

-	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,

-		&ctx->cipher_list_by_id,str);

-	/* ssl_create_cipher_list may return an empty stack if it

-	 * was unable to find a cipher matching the given rule string

-	 * (for example if the rule string specifies a cipher which

-	 * has been disabled). This is not an error as far as

-	 * ssl_create_cipher_list is concerned, and hence

-	 * ctx->cipher_list and ctx->cipher_list_by_id has been

-	 * updated. */

-	if (sk == NULL)

-		return 0;

-	else if (sk_SSL_CIPHER_num(sk) == 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);

-		return 0;

-		}

-	return 1;

-	}

-/** specify the ciphers to be used by the SSL */

-int SSL_set_cipher_list(SSL *s,const char *str)

-	{

-	STACK_OF(SSL_CIPHER) *sk;

-	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,

-		&s->cipher_list_by_id,str);

-	/* see comment in SSL_CTX_set_cipher_list */

-	if (sk == NULL)

-		return 0;

-	else if (sk_SSL_CIPHER_num(sk) == 0)

-		{

-		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);

-		return 0;

-		}

-	return 1;

-	}

-/* works well for SSLv2, not so good for SSLv3 */

-char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)

-	{

-	char *p;

-	STACK_OF(SSL_CIPHER) *sk;

-	SSL_CIPHER *c;

-	int i;

-	if ((s->session == NULL) || (s->session->ciphers == NULL) ||

-		(len < 2))

-		return(NULL);

-	p=buf;

-	sk=s->session->ciphers;

-	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)

-		{

-		int n;

-		c=sk_SSL_CIPHER_value(sk,i);

-		n=strlen(c->name);

-		if (n+1 > len)

-			{

-			if (p != buf)

-				--p;

-			*p='\0';

-			return buf;

-			}

-		strcpy(p,c->name);

-		p+=n;

-		*(p++)=':';

-		len-=n+1;

-		}

-	p[-1]='\0';

-	return(buf);

-	}

-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,

-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))

-	{

-	int i,j=0;

-	SSL_CIPHER *c;

-	unsigned char *q;

-#ifndef OPENSSL_NO_KRB5

-        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);

-#endif /* OPENSSL_NO_KRB5 */

-	if (sk == NULL) return(0);

-	q=p;

-	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)

-		{

-		c=sk_SSL_CIPHER_value(sk,i);

-#ifndef OPENSSL_NO_KRB5

-                if ((c->algorithms & SSL_KRB5) && nokrb5)

-                    continue;

-#endif /* OPENSSL_NO_KRB5 */

-		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);

-		p+=j;

-		}

-	return(p-q);

-	}

-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,

-					       STACK_OF(SSL_CIPHER) **skp)

-	{

-	SSL_CIPHER *c;

-	STACK_OF(SSL_CIPHER) *sk;

-	int i,n;

-	n=ssl_put_cipher_by_char(s,NULL,NULL);

-	if ((num%n) != 0)

-		{

-		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);

-		return(NULL);

-		}

-	if ((skp == NULL) || (*skp == NULL))

-		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */

-	else

-		{

-		sk= *skp;

-		sk_SSL_CIPHER_zero(sk);

-		}

-	for (i=0; i<num; i+=n)

-		{

-		c=ssl_get_cipher_by_char(s,p);

-		p+=n;

-		if (c != NULL)

-			{

-			if (!sk_SSL_CIPHER_push(sk,c))

-				{

-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);

-				goto err;

-				}

-			}

-		}

-	if (skp != NULL)

-		*skp=sk;

-	return(sk);

-err:

-	if ((skp == NULL) || (*skp == NULL))

-		sk_SSL_CIPHER_free(sk);

-	return(NULL);

-	}

-#ifndef OPENSSL_NO_TLSEXT

-/** return a servername extension value if provided in Client Hello, or NULL.

- * So far, only host_name types are defined (RFC 3546).

- */

-const char *SSL_get_servername(const SSL *s, const int type)

-	{

-	if (type != TLSEXT_NAMETYPE_host_name)

-		return NULL;

-	return s->session && !s->tlsext_hostname ?

-		s->session->tlsext_hostname :

-		s->tlsext_hostname;

-	}

-int SSL_get_servername_type(const SSL *s)

-	{

-	if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))

-		return TLSEXT_NAMETYPE_host_name;

-	return -1;

-	}

-#endif

-unsigned long SSL_SESSION_hash(const SSL_SESSION *a)

-	{

-	unsigned long l;

-	l=(unsigned long)

-		((unsigned int) a->session_id[0]     )|

-		((unsigned int) a->session_id[1]<< 8L)|

-		((unsigned long)a->session_id[2]<<16L)|

-		((unsigned long)a->session_id[3]<<24L);

-	return(l);

-	}

-/* NB: If this function (or indeed the hash function which uses a sort of

- * coarser function than this one) is changed, ensure

- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being

- * able to construct an SSL_SESSION that will collide with any existing session

- * with a matching session ID. */

-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)

-	{

-	if (a->ssl_version != b->ssl_version)

-		return(1);

-	if (a->session_id_length != b->session_id_length)

-		return(1);

-	return(memcmp(a->session_id,b->session_id,a->session_id_length));

-	}

-/* These wrapper functions should remain rather than redeclaring

- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each

- * variable. The reason is that the functions aren't static, they're exposed via

- * ssl.h. */

-static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)

-static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)

-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)

-	{

-	SSL_CTX *ret=NULL;

-	if (meth == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);

-		return(NULL);

-		}

-	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);

-		goto err;

-		}

-	ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));

-	if (ret == NULL)

-		goto err;

-	memset(ret,0,sizeof(SSL_CTX));

-	ret->method=meth;

-	ret->cert_store=NULL;

-	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;

-	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;

-	ret->session_cache_head=NULL;

-	ret->session_cache_tail=NULL;

-	/* We take the system default */

-	ret->session_timeout=meth->get_timeout();

-	ret->new_session_cb=0;

-	ret->remove_session_cb=0;

-	ret->get_session_cb=0;

-	ret->generate_session_id=0;

-	memset((char *)&ret->stats,0,sizeof(ret->stats));

-	ret->references=1;

-	ret->quiet_shutdown=0;

-/*	ret->cipher=NULL;*/

-/*	ret->s2->challenge=NULL;

-	ret->master_key=NULL;

-	ret->key_arg=NULL;

-	ret->s2->conn_id=NULL; */

-	ret->info_callback=NULL;

-	ret->app_verify_callback=0;

-	ret->app_verify_arg=NULL;

-	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;

-	ret->read_ahead=0;

-	ret->msg_callback=0;

-	ret->msg_callback_arg=NULL;

-	ret->verify_mode=SSL_VERIFY_NONE;

-#if 0

-	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */

-#endif

-	ret->sid_ctx_length=0;

-	ret->default_verify_callback=NULL;

-	if ((ret->cert=ssl_cert_new()) == NULL)

-		goto err;

-	ret->default_passwd_callback=0;

-	ret->default_passwd_callback_userdata=NULL;

-	ret->client_cert_cb=0;

-	ret->app_gen_cookie_cb=0;

-	ret->app_verify_cookie_cb=0;

-	ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),

-			LHASH_COMP_FN(SSL_SESSION_cmp));

-	if (ret->sessions == NULL) goto err;

-	ret->cert_store=X509_STORE_new();

-	if (ret->cert_store == NULL) goto err;

-	ssl_create_cipher_list(ret->method,

-		&ret->cipher_list,&ret->cipher_list_by_id,

-		SSL_DEFAULT_CIPHER_LIST);

-	if (ret->cipher_list == NULL

-	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);

-		goto err2;

-		}

-	ret->param = X509_VERIFY_PARAM_new();

-	if (!ret->param)

-		goto err;

-	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);

-		goto err2;

-		}

-	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);

-		goto err2;

-		}

-	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);

-		goto err2;

-		}

-	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)

-		goto err;

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);

-	ret->extra_certs=NULL;

-	ret->comp_methods=SSL_COMP_get_compression_methods();

-#ifndef OPENSSL_NO_TLSEXT

-	ret->tlsext_servername_callback = 0;

-	ret->tlsext_servername_arg = NULL;

-	/* Setup RFC4507 ticket keys */

-	if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)

-		|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)

-		|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))

-		ret->options |= SSL_OP_NO_TICKET;

-#endif

-	return(ret);

-err:

-	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);

-err2:

-	if (ret != NULL) SSL_CTX_free(ret);

-	return(NULL);

-	}

-#if 0

-static void SSL_COMP_free(SSL_COMP *comp)

-    { OPENSSL_free(comp); }

-#endif

-void SSL_CTX_free(SSL_CTX *a)

-	{

-	int i;

-	if (a == NULL) return;

-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);

-#ifdef REF_PRINT

-	REF_PRINT("SSL_CTX",a);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"SSL_CTX_free, bad reference count\n");

-		abort(); /* ok */

-		}

-#endif

-	if (a->param)

-		X509_VERIFY_PARAM_free(a->param);

-	/*

-	 * Free internal session cache. However: the remove_cb() may reference

-	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed

-	 * after the sessions were flushed.

-	 * As the ex_data handling routines might also touch the session cache,

-	 * the most secure solution seems to be: empty (flush) the cache, then

-	 * free ex_data, then finally free the cache.

-	 * (See ticket [openssl.org #212].)

-	 */

-	if (a->sessions != NULL)

-		SSL_CTX_flush_sessions(a,0);

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);

-	if (a->sessions != NULL)

-		lh_free(a->sessions);

-	if (a->cert_store != NULL)

-		X509_STORE_free(a->cert_store);

-	if (a->cipher_list != NULL)

-		sk_SSL_CIPHER_free(a->cipher_list);

-	if (a->cipher_list_by_id != NULL)

-		sk_SSL_CIPHER_free(a->cipher_list_by_id);

-	if (a->cert != NULL)

-		ssl_cert_free(a->cert);

-	if (a->client_CA != NULL)

-		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);

-	if (a->extra_certs != NULL)

-		sk_X509_pop_free(a->extra_certs,X509_free);

-#if 0 /* This should never be done, since it removes a global database */

-	if (a->comp_methods != NULL)

-		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);

-#else

-	a->comp_methods = NULL;

-#endif

-	OPENSSL_free(a);

-	}

-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)

-	{

-	ctx->default_passwd_callback=cb;

-	}

-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)

-	{

-	ctx->default_passwd_callback_userdata=u;

-	}

-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)

-	{

-	ctx->app_verify_callback=cb;

-	ctx->app_verify_arg=arg;

-	}

-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))

-	{

-	ctx->verify_mode=mode;

-	ctx->default_verify_callback=cb;

-	}

-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)

-	{

-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);

-	}

-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)

-	{

-	CERT_PKEY *cpk;

-	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;

-	int rsa_enc_export,dh_rsa_export,dh_dsa_export;

-	int rsa_tmp_export,dh_tmp_export,kl;

-	unsigned long mask,emask;

-	int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;

-#ifndef OPENSSL_NO_ECDH

-	int have_ecdh_tmp;

-#endif

-	X509 *x = NULL;

-	EVP_PKEY *ecc_pkey = NULL;

-	int signature_nid = 0;

-	if (c == NULL) return;

-	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);

-#ifndef OPENSSL_NO_RSA

-	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);

-	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||

-		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));

-#else

-	rsa_tmp=rsa_tmp_export=0;

-#endif

-#ifndef OPENSSL_NO_DH

-	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);

-	dh_tmp_export=(c->dh_tmp_cb != NULL ||

-		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));

-#else

-	dh_tmp=dh_tmp_export=0;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);

-#endif

-	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);

-	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);

-	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);

-	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);

-	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);

-	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);

-	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);

-	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);

-	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);

-	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);

-	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);

-/* FIX THIS EAY EAY EAY */

-	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);

-	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);

-	cpk= &(c->pkeys[SSL_PKEY_ECC]);

-	have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);

-	mask=0;

-	emask=0;

-#ifdef CIPHER_DEBUG

-	printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",

-		rsa_tmp,rsa_tmp_export,dh_tmp,

-		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);

-#endif

-	if (rsa_enc || (rsa_tmp && rsa_sign))

-		mask|=SSL_kRSA;

-	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))

-		emask|=SSL_kRSA;

-#if 0

-	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */

-	if (	(dh_tmp || dh_rsa || dh_dsa) &&

-		(rsa_enc || rsa_sign || dsa_sign))

-		mask|=SSL_kEDH;

-	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&

-		(rsa_enc || rsa_sign || dsa_sign))

-		emask|=SSL_kEDH;

-#endif

-	if (dh_tmp_export)

-		emask|=SSL_kEDH;

-	if (dh_tmp)

-		mask|=SSL_kEDH;

-	if (dh_rsa) mask|=SSL_kDHr;

-	if (dh_rsa_export) emask|=SSL_kDHr;

-	if (dh_dsa) mask|=SSL_kDHd;

-	if (dh_dsa_export) emask|=SSL_kDHd;

-	if (rsa_enc || rsa_sign)

-		{

-		mask|=SSL_aRSA;

-		emask|=SSL_aRSA;

-		}

-	if (dsa_sign)

-		{

-		mask|=SSL_aDSS;

-		emask|=SSL_aDSS;

-		}

-	mask|=SSL_aNULL;

-	emask|=SSL_aNULL;

-#ifndef OPENSSL_NO_KRB5

-	mask|=SSL_kKRB5|SSL_aKRB5;

-	emask|=SSL_kKRB5|SSL_aKRB5;

-#endif

-	/* An ECC certificate may be usable for ECDH and/or

-	 * ECDSA cipher suites depending on the key usage extension.

-	 */

-	if (have_ecc_cert)

-		{

-                /* This call populates extension flags (ex_flags) */

-		x = (c->pkeys[SSL_PKEY_ECC]).x509;

-		X509_check_purpose(x, -1, 0);

-		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?

-		    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;

-		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?

-		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;

-		ecc_pkey = X509_get_pubkey(x);

-		ecc_pkey_size = (ecc_pkey != NULL) ?

-		    EVP_PKEY_bits(ecc_pkey) : 0;

-		EVP_PKEY_free(ecc_pkey);

-		if ((x->sig_alg) && (x->sig_alg->algorithm))

-			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);

-#ifndef OPENSSL_NO_ECDH

-		if (ecdh_ok)

-			{

-			if ((signature_nid == NID_md5WithRSAEncryption) ||

-			    (signature_nid == NID_md4WithRSAEncryption) ||

-			    (signature_nid == NID_md2WithRSAEncryption))

-				{

-				mask|=SSL_kECDH|SSL_aRSA;

-				if (ecc_pkey_size <= 163)

-					emask|=SSL_kECDH|SSL_aRSA;

-				}

-			if (signature_nid == NID_ecdsa_with_SHA1)

-				{

-				mask|=SSL_kECDH|SSL_aECDSA;

-				if (ecc_pkey_size <= 163)

-					emask|=SSL_kECDH|SSL_aECDSA;

-				}

-			}

-#endif

-#ifndef OPENSSL_NO_ECDSA

-		if (ecdsa_ok)

-			{

-			mask|=SSL_aECDSA;

-			emask|=SSL_aECDSA;

-			}

-#endif

-		}

-#ifndef OPENSSL_NO_ECDH

-	if (have_ecdh_tmp)

-		{

-		mask|=SSL_kECDHE;

-		emask|=SSL_kECDHE;

-		}

-#endif

-	c->mask=mask;

-	c->export_mask=emask;

-	c->valid=1;

-	}

-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */

-#define ku_reject(x, usage) \

-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))

-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)

-	{

-	unsigned long alg = cs->algorithms;

-	EVP_PKEY *pkey = NULL;

-	int keysize = 0;

-	int signature_nid = 0;

-	if (SSL_C_IS_EXPORT(cs))

-		{

-		/* ECDH key length in export ciphers must be <= 163 bits */

-		pkey = X509_get_pubkey(x);

-		if (pkey == NULL) return 0;

-		keysize = EVP_PKEY_bits(pkey);

-		EVP_PKEY_free(pkey);

-		if (keysize > 163) return 0;

-		}

-	/* This call populates the ex_flags field correctly */

-	X509_check_purpose(x, -1, 0);

-	if ((x->sig_alg) && (x->sig_alg->algorithm))

-		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);

-	if (alg & SSL_kECDH)

-		{

-		/* key usage, if present, must allow key agreement */

-		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))

-			{

-			return 0;

-			}

-		if (alg & SSL_aECDSA)

-			{

-			/* signature alg must be ECDSA */

-			if (signature_nid != NID_ecdsa_with_SHA1)

-				{

-				return 0;

-				}

-			}

-		if (alg & SSL_aRSA)

-			{

-			/* signature alg must be RSA */

-			if ((signature_nid != NID_md5WithRSAEncryption) &&

-			    (signature_nid != NID_md4WithRSAEncryption) &&

-			    (signature_nid != NID_md2WithRSAEncryption))

-				{

-				return 0;

-				}

-			}

-		}

-	else if (alg & SSL_aECDSA)

-		{

-		/* key usage, if present, must allow signing */

-		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))

-			{

-			return 0;

-			}

-		}

-	return 1;  /* all checks are ok */

-	}

-/* THIS NEEDS CLEANING UP */

-X509 *ssl_get_server_send_cert(SSL *s)

-	{

-	unsigned long alg,mask,kalg;

-	CERT *c;

-	int i,is_export;

-	c=s->cert;

-	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);

-	alg=s->s3->tmp.new_cipher->algorithms;

-	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);

-	mask=is_export?c->export_mask:c->mask;

-	kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);

-	if (kalg & SSL_kECDH)

-		{

-		/* we don't need to look at SSL_kECDHE

-		 * since no certificate is needed for

-		 * anon ECDH and for authenticated

-		 * ECDHE, the check for the auth

-		 * algorithm will set i correctly

-		 * NOTE: For ECDH-RSA, we need an ECC

-		 * not an RSA cert but for ECDHE-RSA

-		 * we need an RSA cert. Placing the

-		 * checks for SSL_kECDH before RSA

-		 * checks ensures the correct cert is chosen.

-		 */

-		i=SSL_PKEY_ECC;

-		}

-	else if (kalg & SSL_aECDSA)

-		{

-		i=SSL_PKEY_ECC;

-		}

-	else if (kalg & SSL_kDHr)

-		i=SSL_PKEY_DH_RSA;

-	else if (kalg & SSL_kDHd)

-		i=SSL_PKEY_DH_DSA;

-	else if (kalg & SSL_aDSS)

-		i=SSL_PKEY_DSA_SIGN;

-	else if (kalg & SSL_aRSA)

-		{

-		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)

-			i=SSL_PKEY_RSA_SIGN;

-		else

-			i=SSL_PKEY_RSA_ENC;

-		}

-	else if (kalg & SSL_aKRB5)

-		{

-		/* VRS something else here? */

-		return(NULL);

-		}

-	else /* if (kalg & SSL_aNULL) */

-		{

-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);

-		return(NULL);

-		}

-	if (c->pkeys[i].x509 == NULL) return(NULL);

-	return(c->pkeys[i].x509);

-	}

-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)

-	{

-	unsigned long alg;

-	CERT *c;

-	alg=cipher->algorithms;

-	c=s->cert;

-	if ((alg & SSL_aDSS) &&

-		(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))

-		return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);

-	else if (alg & SSL_aRSA)

-		{

-		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)

-			return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);

-		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)

-			return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);

-		else

-			return(NULL);

-		}

-	else if ((alg & SSL_aECDSA) &&

-	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))

-		return(c->pkeys[SSL_PKEY_ECC].privatekey);

-	else /* if (alg & SSL_aNULL) */

-		{

-		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);

-		return(NULL);

-		}

-	}

-void ssl_update_cache(SSL *s,int mode)

-	{

-	int i;

-	/* If the session_id_length is 0, we are not supposed to cache it,

-	 * and it would be rather hard to do anyway :-) */

-	if (s->session->session_id_length == 0) return;

-	i=s->ctx->session_cache_mode;

-	if ((i & mode) && (!s->hit)

-		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)

-		    || SSL_CTX_add_session(s->ctx,s->session))

-		&& (s->ctx->new_session_cb != NULL))

-		{

-		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);

-		if (!s->ctx->new_session_cb(s,s->session))

-			SSL_SESSION_free(s->session);

-		}

-	/* auto flush every 255 connections */

-	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&

-		((i & mode) == mode))

-		{

-		if (  (((mode & SSL_SESS_CACHE_CLIENT)

-			?s->ctx->stats.sess_connect_good

-			:s->ctx->stats.sess_accept_good) & 0xff) == 0xff)

-			{

-			SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));

-			}

-		}

-	}

-SSL_METHOD *SSL_get_ssl_method(SSL *s)

-	{

-	return(s->method);

-	}

-int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)

-	{

-	int conn= -1;

-	int ret=1;

-	if (s->method != meth)

-		{

-		if (s->handshake_func != NULL)

-			conn=(s->handshake_func == s->method->ssl_connect);

-		if (s->method->version == meth->version)

-			s->method=meth;

-		else

-			{

-			s->method->ssl_free(s);

-			s->method=meth;

-			ret=s->method->ssl_new(s);

-			}

-		if (conn == 1)

-			s->handshake_func=meth->ssl_connect;

-		else if (conn == 0)

-			s->handshake_func=meth->ssl_accept;

-		}

-	return(ret);

-	}

-int SSL_get_error(const SSL *s,int i)

-	{

-	int reason;

-	unsigned long l;

-	BIO *bio;

-	if (i > 0) return(SSL_ERROR_NONE);

-	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake

-	 * etc, where we do encode the error */

-	if ((l=ERR_peek_error()) != 0)

-		{

-		if (ERR_GET_LIB(l) == ERR_LIB_SYS)

-			return(SSL_ERROR_SYSCALL);

-		else

-			return(SSL_ERROR_SSL);

-		}

-	if ((i < 0) && SSL_want_read(s))

-		{

-		bio=SSL_get_rbio(s);

-		if (BIO_should_read(bio))

-			return(SSL_ERROR_WANT_READ);

-		else if (BIO_should_write(bio))

-			/* This one doesn't make too much sense ... We never try

-			 * to write to the rbio, and an application program where

-			 * rbio and wbio are separate couldn't even know what it

-			 * should wait for.

-			 * However if we ever set s->rwstate incorrectly

-			 * (so that we have SSL_want_read(s) instead of

-			 * SSL_want_write(s)) and rbio and wbio *are* the same,

-			 * this test works around that bug; so it might be safer

-			 * to keep it. */

-			return(SSL_ERROR_WANT_WRITE);

-		else if (BIO_should_io_special(bio))

-			{

-			reason=BIO_get_retry_reason(bio);

-			if (reason == BIO_RR_CONNECT)

-				return(SSL_ERROR_WANT_CONNECT);

-			else if (reason == BIO_RR_ACCEPT)

-				return(SSL_ERROR_WANT_ACCEPT);

-			else

-				return(SSL_ERROR_SYSCALL); /* unknown */

-			}

-		}

-	if ((i < 0) && SSL_want_write(s))

-		{

-		bio=SSL_get_wbio(s);

-		if (BIO_should_write(bio))

-			return(SSL_ERROR_WANT_WRITE);

-		else if (BIO_should_read(bio))

-			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */

-			return(SSL_ERROR_WANT_READ);

-		else if (BIO_should_io_special(bio))

-			{

-			reason=BIO_get_retry_reason(bio);

-			if (reason == BIO_RR_CONNECT)

-				return(SSL_ERROR_WANT_CONNECT);

-			else if (reason == BIO_RR_ACCEPT)

-				return(SSL_ERROR_WANT_ACCEPT);

-			else

-				return(SSL_ERROR_SYSCALL);

-			}

-		}

-	if ((i < 0) && SSL_want_x509_lookup(s))

-		{

-		return(SSL_ERROR_WANT_X509_LOOKUP);

-		}

-	if (i == 0)

-		{

-		if (s->version == SSL2_VERSION)

-			{

-			/* assume it is the socket being closed */

-			return(SSL_ERROR_ZERO_RETURN);

-			}

-		else

-			{

-			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&

-				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))

-				return(SSL_ERROR_ZERO_RETURN);

-			}

-		}

-	return(SSL_ERROR_SYSCALL);

-	}

-int SSL_do_handshake(SSL *s)

-	{

-	int ret=1;

-	if (s->handshake_func == NULL)

-		{

-		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);

-		return(-1);

-		}

-	s->method->ssl_renegotiate_check(s);

-	if (SSL_in_init(s) || SSL_in_before(s))

-		{

-		ret=s->handshake_func(s);

-		}

-	return(ret);

-	}

-/* For the next 2 functions, SSL_clear() sets shutdown and so

- * one of these calls will reset it */

-void SSL_set_accept_state(SSL *s)

-	{

-	s->server=1;

-	s->shutdown=0;

-	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;

-	s->handshake_func=s->method->ssl_accept;

-	/* clear the current cipher */

-	ssl_clear_cipher_ctx(s);

-	}

-void SSL_set_connect_state(SSL *s)

-	{

-	s->server=0;

-	s->shutdown=0;

-	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;

-	s->handshake_func=s->method->ssl_connect;

-	/* clear the current cipher */

-	ssl_clear_cipher_ctx(s);

-	}

-int ssl_undefined_function(SSL *s)

-	{

-	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(0);

-	}

-int ssl_undefined_void_function(void)

-	{

-	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(0);

-	}

-int ssl_undefined_const_function(const SSL *s)

-	{

-	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(0);

-	}

-SSL_METHOD *ssl_bad_method(int ver)

-	{

-	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

-	return(NULL);

-	}

-const char *SSL_get_version(const SSL *s)

-	{

-	if (s->version == TLS1_VERSION)

-		return("TLSv1");

-	else if (s->version == SSL3_VERSION)

-		return("SSLv3");

-	else if (s->version == SSL2_VERSION)

-		return("SSLv2");

-	else

-		return("unknown");

-	}

-SSL *SSL_dup(SSL *s)

-	{

-	STACK_OF(X509_NAME) *sk;

-	X509_NAME *xn;

-	SSL *ret;

-	int i;

-	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)

-	    return(NULL);

-	ret->version = s->version;

-	ret->type = s->type;

-	ret->method = s->method;

-	if (s->session != NULL)

-		{

-		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */

-		SSL_copy_session_id(ret,s);

-		}

-	else

-		{

-		/* No session has been established yet, so we have to expect

-		 * that s->cert or ret->cert will be changed later --

-		 * they should not both point to the same object,

-		 * and thus we can't use SSL_copy_session_id. */

-		ret->method->ssl_free(ret);

-		ret->method = s->method;

-		ret->method->ssl_new(ret);

-		if (s->cert != NULL)

-			{

-			if (ret->cert != NULL)

-				{

-				ssl_cert_free(ret->cert);

-				}

-			ret->cert = ssl_cert_dup(s->cert);

-			if (ret->cert == NULL)

-				goto err;

-			}

-		SSL_set_session_id_context(ret,

-			s->sid_ctx, s->sid_ctx_length);

-		}

-	ret->options=s->options;

-	ret->mode=s->mode;

-	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));

-	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));

-	ret->msg_callback = s->msg_callback;

-	ret->msg_callback_arg = s->msg_callback_arg;

-	SSL_set_verify(ret,SSL_get_verify_mode(s),

-		SSL_get_verify_callback(s));

-	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));

-	ret->generate_session_id = s->generate_session_id;

-	SSL_set_info_callback(ret,SSL_get_info_callback(s));

-	ret->debug=s->debug;

-	/* copy app data, a little dangerous perhaps */

-	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))

-		goto err;

-	/* setup rbio, and wbio */

-	if (s->rbio != NULL)

-		{

-		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))

-			goto err;

-		}

-	if (s->wbio != NULL)

-		{

-		if (s->wbio != s->rbio)

-			{

-			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))

-				goto err;

-			}

-		else

-			ret->wbio=ret->rbio;

-		}

-	ret->rwstate = s->rwstate;

-	ret->in_handshake = s->in_handshake;

-	ret->handshake_func = s->handshake_func;

-	ret->server = s->server;

-	ret->new_session = s->new_session;

-	ret->quiet_shutdown = s->quiet_shutdown;

-	ret->shutdown=s->shutdown;

-	ret->state=s->state; /* SSL_dup does not really work at any state, though */

-	ret->rstate=s->rstate;

-	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */

-	ret->hit=s->hit;

-	X509_VERIFY_PARAM_inherit(ret->param, s->param);

-	/* dup the cipher_list and cipher_list_by_id stacks */

-	if (s->cipher_list != NULL)

-		{

-		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)

-			goto err;

-		}

-	if (s->cipher_list_by_id != NULL)

-		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))

-			== NULL)

-			goto err;

-	/* Dup the client_CA list */

-	if (s->client_CA != NULL)

-		{

-		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;

-		ret->client_CA=sk;

-		for (i=0; i<sk_X509_NAME_num(sk); i++)

-			{

-			xn=sk_X509_NAME_value(sk,i);

-			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)

-				{

-				X509_NAME_free(xn);

-				goto err;

-				}

-			}

-		}

-	if (0)

-		{

-err:

-		if (ret != NULL) SSL_free(ret);

-		ret=NULL;

-		}

-	return(ret);

-	}

-void ssl_clear_cipher_ctx(SSL *s)

-	{

-	if (s->enc_read_ctx != NULL)

-		{

-		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);

-		OPENSSL_free(s->enc_read_ctx);

-		s->enc_read_ctx=NULL;

-		}

-	if (s->enc_write_ctx != NULL)

-		{

-		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);

-		OPENSSL_free(s->enc_write_ctx);

-		s->enc_write_ctx=NULL;

-		}

-#ifndef OPENSSL_NO_COMP

-	if (s->expand != NULL)

-		{

-		COMP_CTX_free(s->expand);

-		s->expand=NULL;

-		}

-	if (s->compress != NULL)

-		{

-		COMP_CTX_free(s->compress);

-		s->compress=NULL;

-		}

-#endif

-	}

-/* Fix this function so that it takes an optional type parameter */

-X509 *SSL_get_certificate(const SSL *s)

-	{

-	if (s->cert != NULL)

-		return(s->cert->key->x509);

-	else

-		return(NULL);

-	}

-/* Fix this function so that it takes an optional type parameter */

-EVP_PKEY *SSL_get_privatekey(SSL *s)

-	{

-	if (s->cert != NULL)

-		return(s->cert->key->privatekey);

-	else

-		return(NULL);

-	}

-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)

-	{

-	if ((s->session != NULL) && (s->session->cipher != NULL))

-		return(s->session->cipher);

-	return(NULL);

-	}

-#ifdef OPENSSL_NO_COMP

-const void *SSL_get_current_compression(SSL *s)

-	{

-	return NULL;

-	}

-const void *SSL_get_current_expansion(SSL *s)

-	{

-	return NULL;

-	}

-#else

-const COMP_METHOD *SSL_get_current_compression(SSL *s)

-	{

-	if (s->compress != NULL)

-		return(s->compress->meth);

-	return(NULL);

-	}

-const COMP_METHOD *SSL_get_current_expansion(SSL *s)

-	{

-	if (s->expand != NULL)

-		return(s->expand->meth);

-	return(NULL);

-	}

-#endif

-int ssl_init_wbio_buffer(SSL *s,int push)

-	{

-	BIO *bbio;

-	if (s->bbio == NULL)

-		{

-		bbio=BIO_new(BIO_f_buffer());

-		if (bbio == NULL) return(0);

-		s->bbio=bbio;

-		}

-	else

-		{

-		bbio=s->bbio;

-		if (s->bbio == s->wbio)

-			s->wbio=BIO_pop(s->wbio);

-		}

-	(void)BIO_reset(bbio);

-/*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */

-	if (!BIO_set_read_buffer_size(bbio,1))

-		{

-		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);

-		return(0);

-		}

-	if (push)

-		{

-		if (s->wbio != bbio)

-			s->wbio=BIO_push(bbio,s->wbio);

-		}

-	else

-		{

-		if (s->wbio == bbio)

-			s->wbio=BIO_pop(bbio);

-		}

-	return(1);

-	}

-void ssl_free_wbio_buffer(SSL *s)

-	{

-	if (s->bbio == NULL) return;

-	if (s->bbio == s->wbio)

-		{

-		/* remove buffering */

-		s->wbio=BIO_pop(s->wbio);

-#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */

-		assert(s->wbio != NULL);

-#endif

-	}

-	BIO_free(s->bbio);

-	s->bbio=NULL;

-	}

-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)

-	{

-	ctx->quiet_shutdown=mode;

-	}

-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)

-	{

-	return(ctx->quiet_shutdown);

-	}

-void SSL_set_quiet_shutdown(SSL *s,int mode)

-	{

-	s->quiet_shutdown=mode;

-	}

-int SSL_get_quiet_shutdown(const SSL *s)

-	{

-	return(s->quiet_shutdown);

-	}

-void SSL_set_shutdown(SSL *s,int mode)

-	{

-	s->shutdown=mode;

-	}

-int SSL_get_shutdown(const SSL *s)

-	{

-	return(s->shutdown);

-	}

-int SSL_version(const SSL *s)

-	{

-	return(s->version);

-	}

-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)

-	{

-	return(ssl->ctx);

-	}

-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)

-	{

-	if (ssl->ctx == ctx)

-		return ssl->ctx;

-#ifndef OPENSSL_NO_TLSEXT

-	if (ctx == NULL)

-		ctx = ssl->initial_ctx;

-#endif

-	if (ssl->cert != NULL)

-		ssl_cert_free(ssl->cert);

-	ssl->cert = ssl_cert_dup(ctx->cert);

-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);

-	if (ssl->ctx != NULL)

-		SSL_CTX_free(ssl->ctx); /* decrement reference count */

-	ssl->ctx = ctx;

-	return(ssl->ctx);

-	}

-#ifndef OPENSSL_NO_STDIO

-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)

-	{

-	return(X509_STORE_set_default_paths(ctx->cert_store));

-	}

-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,

-		const char *CApath)

-	{

-	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));

-	}

-#endif

-void SSL_set_info_callback(SSL *ssl,

-	void (*cb)(const SSL *ssl,int type,int val))

-	{

-	ssl->info_callback=cb;

-	}

-/* One compiler (Diab DCC) doesn't like argument names in returned

-   function pointer.  */

-void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)

-	{

-	return ssl->info_callback;

-	}

-int SSL_state(const SSL *ssl)

-	{

-	return(ssl->state);

-	}

-void SSL_set_verify_result(SSL *ssl,long arg)

-	{

-	ssl->verify_result=arg;

-	}

-long SSL_get_verify_result(const SSL *ssl)

-	{

-	return(ssl->verify_result);

-	}

-int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,

-			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)

-	{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,

-				new_func, dup_func, free_func);

-	}

-int SSL_set_ex_data(SSL *s,int idx,void *arg)

-	{

-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));

-	}

-void *SSL_get_ex_data(const SSL *s,int idx)

-	{

-	return(CRYPTO_get_ex_data(&s->ex_data,idx));

-	}

-int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,

-			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)

-	{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,

-				new_func, dup_func, free_func);

-	}

-int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)

-	{

-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));

-	}

-void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)

-	{

-	return(CRYPTO_get_ex_data(&s->ex_data,idx));

-	}

-int ssl_ok(SSL *s)

-	{

-	return(1);

-	}

-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)

-	{

-	return(ctx->cert_store);

-	}

-void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)

-	{

-	if (ctx->cert_store != NULL)

-		X509_STORE_free(ctx->cert_store);

-	ctx->cert_store=store;

-	}

-int SSL_want(const SSL *s)

-	{

-	return(s->rwstate);

-	}

-/*!

- * \brief Set the callback for generating temporary RSA keys.

- * \param ctx the SSL context.

- * \param cb the callback

- */

-#ifndef OPENSSL_NO_RSA

-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,

-							  int is_export,

-							  int keylength))

-    {

-    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);

-    }

-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,

-						  int is_export,

-						  int keylength))

-    {

-    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);

-    }

-#endif

-#ifdef DOXYGEN

-/*!

- * \brief The RSA temporary key callback function.

- * \param ssl the SSL session.

- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.

- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size

- * of the required key in bits.

- * \return the temporary RSA key.

- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback

- */

-RSA *cb(SSL *ssl,int is_export,int keylength)

-    {}

-#endif

-/*!

- * \brief Set the callback for generating temporary DH keys.

- * \param ctx the SSL context.

- * \param dh the callback

- */

-#ifndef OPENSSL_NO_DH

-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,

-							int keylength))

-	{

-	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);

-	}

-void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,

-						int keylength))

-	{

-	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);

-	}

-#endif

-#ifndef OPENSSL_NO_ECDH

-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,

-							int keylength))

-	{

-	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);

-	}

-void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,

-						int keylength))

-	{

-	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);

-	}

-#endif

-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))

-	{

-	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);

-	}

-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))

-	{

-	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);

-	}

-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)

-#include "../crypto/bio/bss_file.c"

-#endif

-IMPLEMENT_STACK_OF(SSL_CIPHER)

-IMPLEMENT_STACK_OF(SSL_COMP)

--- a/sys/src/ape/lib/openssl/ssl/ssl_locl.h

+++ /dev/null

@@ -1,974 +1,0 @@

-/* ssl/ssl_locl.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#ifndef HEADER_SSL_LOCL_H

-#define HEADER_SSL_LOCL_H

-#include <stdlib.h>

-#include <time.h>

-#include <string.h>

-#include <errno.h>

-#include "e_os.h"

-#include <openssl/buffer.h>

-#include <openssl/comp.h>

-#include <openssl/bio.h>

-#include <openssl/stack.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/ssl.h>

-#include <openssl/symhacks.h>

-#ifdef OPENSSL_BUILD_SHLIBSSL

-# undef OPENSSL_EXTERN

-# define OPENSSL_EXTERN OPENSSL_EXPORT

-#endif

-#define PKCS1_CHECK

-#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \

-			 l|=(((unsigned long)(*((c)++)))<< 8), \

-			 l|=(((unsigned long)(*((c)++)))<<16), \

-			 l|=(((unsigned long)(*((c)++)))<<24))

-/* NOTE - c is not incremented as per c2l */

-#define c2ln(c,l1,l2,n)	{ \

-			c+=n; \

-			l1=l2=0; \

-			switch (n) { \

-			case 8: l2 =((unsigned long)(*(--(c))))<<24; \

-			case 7: l2|=((unsigned long)(*(--(c))))<<16; \

-			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \

-			case 5: l2|=((unsigned long)(*(--(c))));     \

-			case 4: l1 =((unsigned long)(*(--(c))))<<24; \

-			case 3: l1|=((unsigned long)(*(--(c))))<<16; \

-			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \

-			case 1: l1|=((unsigned long)(*(--(c))));     \

-				} \

-			}

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))

-#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24, \

-			 l|=((unsigned long)(*((c)++)))<<16, \

-			 l|=((unsigned long)(*((c)++)))<< 8, \

-			 l|=((unsigned long)(*((c)++))))

-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \

-			 *((c)++)=(unsigned char)(((l)    )&0xff))

-#define l2n6(l,c)	(*((c)++)=(unsigned char)(((l)>>40)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \

-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \

-			 *((c)++)=(unsigned char)(((l)    )&0xff))

-#define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \

-			 l|=((BN_ULLONG)(*((c)++)))<<32, \

-			 l|=((BN_ULLONG)(*((c)++)))<<24, \

-			 l|=((BN_ULLONG)(*((c)++)))<<16, \

-			 l|=((BN_ULLONG)(*((c)++)))<< 8, \

-			 l|=((BN_ULLONG)(*((c)++))))

-/* NOTE - c is not incremented as per l2c */

-#define l2cn(l1,l2,c,n)	{ \

-			c+=n; \

-			switch (n) { \

-			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \

-			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \

-			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \

-			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \

-			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \

-			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \

-			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \

-			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \

-				} \

-			}

-#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \

-			    (((unsigned int)(c[1]))    )),c+=2)

-#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \

-			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)

-#define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \

-			     (((unsigned long)(c[1]))<< 8)| \

-			     (((unsigned long)(c[2]))    )),c+=3)

-#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \

-			  c[1]=(unsigned char)(((l)>> 8)&0xff), \

-			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)

-/* LOCAL STUFF */

-#define SSL_DECRYPT	0

-#define SSL_ENCRYPT	1

-#define TWO_BYTE_BIT	0x80

-#define SEC_ESC_BIT	0x40

-#define TWO_BYTE_MASK	0x7fff

-#define THREE_BYTE_MASK	0x3fff

-#define INC32(a)	((a)=((a)+1)&0xffffffffL)

-#define DEC32(a)	((a)=((a)-1)&0xffffffffL)

-#define MAX_MAC_SIZE	20 /* up from 16 for SSLv3 */

-/*

- * Define the Bitmasks for SSL_CIPHER.algorithms.

- * This bits are used packed as dense as possible. If new methods/ciphers

- * etc will be added, the bits a likely to change, so this information

- * is for internal library use only, even though SSL_CIPHER.algorithms

- * can be publicly accessed.

- * Use the according functions for cipher management instead.

- *

- * The bit mask handling in the selection and sorting scheme in

- * ssl_create_cipher_list() has only limited capabilities, reflecting

- * that the different entities within are mutually exclusive:

- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.

- */

-#define SSL_MKEY_MASK		0x000000FFL

-#define SSL_kRSA		0x00000001L /* RSA key exchange */

-#define SSL_kDHr		0x00000002L /* DH cert RSA CA cert */

-#define SSL_kDHd		0x00000004L /* DH cert DSA CA cert */

-#define SSL_kFZA		0x00000008L

-#define SSL_kEDH		0x00000010L /* tmp DH key no DH cert */

-#define SSL_kKRB5		0x00000020L /* Kerberos5 key exchange */

-#define SSL_kECDH               0x00000040L /* ECDH w/ long-term keys */

-#define SSL_kECDHE              0x00000080L /* ephemeral ECDH */

-#define SSL_EDH			(SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))

-#define SSL_AUTH_MASK		0x00007F00L

-#define SSL_aRSA		0x00000100L /* Authenticate with RSA */

-#define SSL_aDSS 		0x00000200L /* Authenticate with DSS */

-#define SSL_DSS 		SSL_aDSS

-#define SSL_aFZA 		0x00000400L

-#define SSL_aNULL 		0x00000800L /* no Authenticate, ADH */

-#define SSL_aDH 		0x00001000L /* no Authenticate, ADH */

-#define SSL_aKRB5               0x00002000L /* Authenticate with KRB5 */

-#define SSL_aECDSA              0x00004000L /* Authenticate with ECDSA */

-#define SSL_NULL		(SSL_eNULL)

-#define SSL_ADH			(SSL_kEDH|SSL_aNULL)

-#define SSL_RSA			(SSL_kRSA|SSL_aRSA)

-#define SSL_DH			(SSL_kDHr|SSL_kDHd|SSL_kEDH)

-#define SSL_ECDH		(SSL_kECDH|SSL_kECDHE)

-#define SSL_FZA			(SSL_aFZA|SSL_kFZA|SSL_eFZA)

-#define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)

-#define SSL_ENC_MASK		0x1C3F8000L

-#define SSL_DES			0x00008000L

-#define SSL_3DES		0x00010000L

-#define SSL_RC4			0x00020000L

-#define SSL_RC2			0x00040000L

-#define SSL_IDEA		0x00080000L

-#define SSL_eFZA		0x00100000L

-#define SSL_eNULL		0x00200000L

-#define SSL_AES			0x04000000L

-#define SSL_CAMELLIA		0x08000000L

-#define SSL_SEED          	0x10000000L

-#define SSL_MAC_MASK		0x00c00000L

-#define SSL_MD5			0x00400000L

-#define SSL_SHA1		0x00800000L

-#define SSL_SHA			(SSL_SHA1)

-#define SSL_SSL_MASK		0x03000000L

-#define SSL_SSLV2		0x01000000L

-#define SSL_SSLV3		0x02000000L

-#define SSL_TLSV1		SSL_SSLV3	/* for now */

-/* we have used 1fffffff - 3 bits left to go. */

-/*

- * Export and cipher strength information. For each cipher we have to decide

- * whether it is exportable or not. This information is likely to change

- * over time, since the export control rules are no static technical issue.

- *

- * Independent of the export flag the cipher strength is sorted into classes.

- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now

- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change

- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,

- * since SSL_EXP64 could be similar to SSL_LOW.

- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the

- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed

- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would

- * be possible.

- */

-#define SSL_EXP_MASK		0x00000003L

-#define SSL_NOT_EXP		0x00000001L

-#define SSL_EXPORT		0x00000002L

-#define SSL_STRONG_MASK		0x000000fcL

-#define SSL_STRONG_NONE		0x00000004L

-#define SSL_EXP40		0x00000008L

-#define SSL_MICRO		(SSL_EXP40)

-#define SSL_EXP56		0x00000010L

-#define SSL_MINI		(SSL_EXP56)

-#define SSL_LOW			0x00000020L

-#define SSL_MEDIUM		0x00000040L

-#define SSL_HIGH		0x00000080L

-/* we have used 000000ff - 24 bits left to go */

-/*

- * Macros to check the export status and cipher strength for export ciphers.

- * Even though the macros for EXPORT and EXPORT40/56 have similar names,

- * their meaning is different:

- * *_EXPORT macros check the 'exportable' status.

- * *_EXPORT40/56 macros are used to check whether a certain cipher strength

- *          is given.

- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct

- * algorithm structure element to be passed (algorithms, algo_strength) and no

- * typechecking can be done as they are all of type unsigned long, their

- * direct usage is discouraged.

- * Use the SSL_C_* macros instead.

- */

-#define SSL_IS_EXPORT(a)	((a)&SSL_EXPORT)

-#define SSL_IS_EXPORT56(a)	((a)&SSL_EXP56)

-#define SSL_IS_EXPORT40(a)	((a)&SSL_EXP40)

-#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algo_strength)

-#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algo_strength)

-#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algo_strength)

-#define SSL_EXPORT_KEYLENGTH(a,s)	(SSL_IS_EXPORT40(s) ? 5 : \

-				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)

-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)

-#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms, \

-				(c)->algo_strength)

-#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algo_strength)

-#define SSL_ALL			0xffffffffL

-#define SSL_ALL_CIPHERS		(SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\

-				SSL_MAC_MASK)

-#define SSL_ALL_STRENGTHS	(SSL_EXP_MASK|SSL_STRONG_MASK)

-/* Mostly for SSLv3 */

-#define SSL_PKEY_RSA_ENC	0

-#define SSL_PKEY_RSA_SIGN	1

-#define SSL_PKEY_DSA_SIGN	2

-#define SSL_PKEY_DH_RSA		3

-#define SSL_PKEY_DH_DSA		4

-#define SSL_PKEY_ECC            5

-#define SSL_PKEY_NUM		6

-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |

- * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)

- * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)

- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN

- * SSL_aRSA <- RSA_ENC | RSA_SIGN

- * SSL_aDSS <- DSA_SIGN

- */

-/*

-#define CERT_INVALID		0

-#define CERT_PUBLIC_KEY		1

-#define CERT_PRIVATE_KEY	2

-*/

-#ifndef OPENSSL_NO_EC

-/* From ECC-TLS draft, used in encoding the curve type in

- * ECParameters

- */

-#define EXPLICIT_PRIME_CURVE_TYPE  1

-#define EXPLICIT_CHAR2_CURVE_TYPE  2

-#define NAMED_CURVE_TYPE           3

-#endif  /* OPENSSL_NO_EC */

-typedef struct cert_pkey_st

-	{

-	X509 *x509;

-	EVP_PKEY *privatekey;

-	} CERT_PKEY;

-typedef struct cert_st

-	{

-	/* Current active set */

-	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array

-			 * Probably it would make more sense to store

-			 * an index, not a pointer. */

-	/* The following masks are for the key and auth

-	 * algorithms that are supported by the certs below */

-	int valid;

-	unsigned long mask;

-	unsigned long export_mask;

-#ifndef OPENSSL_NO_RSA

-	RSA *rsa_tmp;

-	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);

-#endif

-#ifndef OPENSSL_NO_DH

-	DH *dh_tmp;

-	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *ecdh_tmp;

-	/* Callback for generating ephemeral ECDH keys */

-	EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);

-#endif

-	CERT_PKEY pkeys[SSL_PKEY_NUM];

-	int references; /* >1 only if SSL_copy_session_id is used */

-	} CERT;

-typedef struct sess_cert_st

-	{

-	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */

-	/* The 'peer_...' members are used only by clients. */

-	int peer_cert_type;

-	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */

-	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];

-	/* Obviously we don't have the private keys of these,

-	 * so maybe we shouldn't even use the CERT_PKEY type here. */

-#ifndef OPENSSL_NO_RSA

-	RSA *peer_rsa_tmp; /* not used for SSL 2 */

-#endif

-#ifndef OPENSSL_NO_DH

-	DH *peer_dh_tmp; /* not used for SSL 2 */

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *peer_ecdh_tmp;

-#endif

-	int references; /* actually always 1 at the moment */

-	} SESS_CERT;

-/*#define MAC_DEBUG	*/

-/*#define ERR_DEBUG	*/

-/*#define ABORT_DEBUG	*/

-/*#define PKT_DEBUG 1   */

-/*#define DES_DEBUG	*/

-/*#define DES_OFB_DEBUG	*/

-/*#define SSL_DEBUG	*/

-/*#define RSA_DEBUG	*/

-/*#define IDEA_DEBUG	*/

-#define FP_ICC  (int (*)(const void *,const void *))

-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \

-		((ssl)->method->put_cipher_by_char((ciph),(ptr)))

-#define ssl_get_cipher_by_char(ssl,ptr) \

-		((ssl)->method->get_cipher_by_char(ptr))

-/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff

- * It is a bit of a mess of functions, but hell, think of it as

- * an opaque structure :-) */

-typedef struct ssl3_enc_method

-	{

-	int (*enc)(SSL *, int);

-	int (*mac)(SSL *, unsigned char *, int);

-	int (*setup_key_block)(SSL *);

-	int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);

-	int (*change_cipher_state)(SSL *, int);

-	int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);

-	int finish_mac_length;

-	int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);

-	const char *client_finished_label;

-	int client_finished_label_len;

-	const char *server_finished_label;

-	int server_finished_label_len;

-	int (*alert_value)(int);

-	} SSL3_ENC_METHOD;

-/* Used for holding the relevant compression methods loaded into SSL_CTX */

-typedef struct ssl3_comp_st

-	{

-	int comp_id;	/* The identifier byte for this compression type */

-	char *name;	/* Text name used for the compression type */

-	COMP_METHOD *method; /* The method :-) */

-	} SSL3_COMP;

-extern SSL3_ENC_METHOD ssl3_undef_enc_method;

-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];

-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];

-SSL_METHOD *ssl_bad_method(int ver);

-SSL_METHOD *sslv2_base_method(void);

-SSL_METHOD *sslv23_base_method(void);

-SSL_METHOD *sslv3_base_method(void);

-extern SSL3_ENC_METHOD TLSv1_enc_data;

-extern SSL3_ENC_METHOD SSLv3_enc_data;

-extern SSL3_ENC_METHOD DTLSv1_enc_data;

-#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \

-SSL_METHOD *func_name(void)  \

-	{ \

-	static SSL_METHOD func_name##_data= { \

-		TLS1_VERSION, \

-		tls1_new, \

-		tls1_clear, \

-		tls1_free, \

-		s_accept, \

-		s_connect, \

-		ssl3_read, \

-		ssl3_peek, \

-		ssl3_write, \

-		ssl3_shutdown, \

-		ssl3_renegotiate, \

-		ssl3_renegotiate_check, \

-		ssl3_get_message, \

-		ssl3_read_bytes, \

-		ssl3_write_bytes, \

-		ssl3_dispatch_alert, \

-		ssl3_ctrl, \

-		ssl3_ctx_ctrl, \

-		ssl3_get_cipher_by_char, \

-		ssl3_put_cipher_by_char, \

-		ssl3_pending, \

-		ssl3_num_ciphers, \

-		ssl3_get_cipher, \

-		s_get_meth, \

-		tls1_default_timeout, \

-		&TLSv1_enc_data, \

-		ssl_undefined_void_function, \

-		ssl3_callback_ctrl, \

-		ssl3_ctx_callback_ctrl, \

-	}; \

-	return &func_name##_data; \

-	}

-#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \

-SSL_METHOD *func_name(void)  \

-	{ \

-	static SSL_METHOD func_name##_data= { \

-		SSL3_VERSION, \

-		ssl3_new, \

-		ssl3_clear, \

-		ssl3_free, \

-		s_accept, \

-		s_connect, \

-		ssl3_read, \

-		ssl3_peek, \

-		ssl3_write, \

-		ssl3_shutdown, \

-		ssl3_renegotiate, \

-		ssl3_renegotiate_check, \

-		ssl3_get_message, \

-		ssl3_read_bytes, \

-		ssl3_write_bytes, \

-		ssl3_dispatch_alert, \

-		ssl3_ctrl, \

-		ssl3_ctx_ctrl, \

-		ssl3_get_cipher_by_char, \

-		ssl3_put_cipher_by_char, \

-		ssl3_pending, \

-		ssl3_num_ciphers, \

-		ssl3_get_cipher, \

-		s_get_meth, \

-		ssl3_default_timeout, \

-		&SSLv3_enc_data, \

-		ssl_undefined_void_function, \

-		ssl3_callback_ctrl, \

-		ssl3_ctx_callback_ctrl, \

-	}; \

-	return &func_name##_data; \

-	}

-#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \

-SSL_METHOD *func_name(void)  \

-	{ \

-	static SSL_METHOD func_name##_data= { \

-	TLS1_VERSION, \

-	tls1_new, \

-	tls1_clear, \

-	tls1_free, \

-	s_accept, \

-	s_connect, \

-	ssl23_read, \

-	ssl23_peek, \

-	ssl23_write, \

-	ssl_undefined_function, \

-	ssl_undefined_function, \

-	ssl_ok, \

-	ssl3_get_message, \

-	ssl3_read_bytes, \

-	ssl3_write_bytes, \

-	ssl3_dispatch_alert, \

-	ssl3_ctrl, \

-	ssl3_ctx_ctrl, \

-	ssl23_get_cipher_by_char, \

-	ssl23_put_cipher_by_char, \

-	ssl_undefined_const_function, \

-	ssl23_num_ciphers, \

-	ssl23_get_cipher, \

-	s_get_meth, \

-	ssl23_default_timeout, \

-	&ssl3_undef_enc_method, \

-	ssl_undefined_void_function, \

-	ssl3_callback_ctrl, \

-	ssl3_ctx_callback_ctrl, \

-	}; \

-	return &func_name##_data; \

-	}

-#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \

-SSL_METHOD *func_name(void)  \

-	{ \

-	static SSL_METHOD func_name##_data= { \

-		SSL2_VERSION, \

-		ssl2_new,	/* local */ \

-		ssl2_clear,	/* local */ \

-		ssl2_free,	/* local */ \

-		s_accept, \

-		s_connect, \

-		ssl2_read, \

-		ssl2_peek, \

-		ssl2_write, \

-		ssl2_shutdown, \

-		ssl_ok,	/* NULL - renegotiate */ \

-		ssl_ok,	/* NULL - check renegotiate */ \

-		NULL, /* NULL - ssl_get_message */ \

-		NULL, /* NULL - ssl_get_record */ \

-		NULL, /* NULL - ssl_write_bytes */ \

-		NULL, /* NULL - dispatch_alert */ \

-		ssl2_ctrl,	/* local */ \

-		ssl2_ctx_ctrl,	/* local */ \

-		ssl2_get_cipher_by_char, \

-		ssl2_put_cipher_by_char, \

-		ssl2_pending, \

-		ssl2_num_ciphers, \

-		ssl2_get_cipher, \

-		s_get_meth, \

-		ssl2_default_timeout, \

-		&ssl3_undef_enc_method, \

-		ssl_undefined_void_function, \

-		ssl2_callback_ctrl,	/* local */ \

-		ssl2_ctx_callback_ctrl,	/* local */ \

-	}; \

-	return &func_name##_data; \

-	}

-#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \

-SSL_METHOD *func_name(void)  \

-	{ \

-	static SSL_METHOD func_name##_data= { \

-		DTLS1_VERSION, \

-		dtls1_new, \

-		dtls1_clear, \

-		dtls1_free, \

-		s_accept, \

-		s_connect, \

-		ssl3_read, \

-		ssl3_peek, \

-		ssl3_write, \

-		ssl3_shutdown, \

-		ssl3_renegotiate, \

-		ssl3_renegotiate_check, \

-		dtls1_get_message, \

-		dtls1_read_bytes, \

-		dtls1_write_app_data_bytes, \

-		dtls1_dispatch_alert, \

-		ssl3_ctrl, \

-		ssl3_ctx_ctrl, \

-		ssl3_get_cipher_by_char, \

-		ssl3_put_cipher_by_char, \

-		ssl3_pending, \

-		ssl3_num_ciphers, \

-		dtls1_get_cipher, \

-		s_get_meth, \

-		dtls1_default_timeout, \

-		&DTLSv1_enc_data, \

-		ssl_undefined_void_function, \

-		ssl3_callback_ctrl, \

-		ssl3_ctx_callback_ctrl, \

-	}; \

-	return &func_name##_data; \

-	}

-void ssl_clear_cipher_ctx(SSL *s);

-int ssl_clear_bad_session(SSL *s);

-CERT *ssl_cert_new(void);

-CERT *ssl_cert_dup(CERT *cert);

-int ssl_cert_inst(CERT **o);

-void ssl_cert_free(CERT *c);

-SESS_CERT *ssl_sess_cert_new(void);

-void ssl_sess_cert_free(SESS_CERT *sc);

-int ssl_set_peer_cert_type(SESS_CERT *c, int type);

-int ssl_get_new_session(SSL *s, int session);

-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);

-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);

-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,

-			const SSL_CIPHER * const *bp);

-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,

-					       STACK_OF(SSL_CIPHER) **skp);

-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,

-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));

-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,

-					     STACK_OF(SSL_CIPHER) **pref,

-					     STACK_OF(SSL_CIPHER) **sorted,

-					     const char *rule_str);

-void ssl_update_cache(SSL *s, int mode);

-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,

-		       const EVP_MD **md,SSL_COMP **comp);

-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);

-int ssl_undefined_function(SSL *s);

-int ssl_undefined_void_function(void);

-int ssl_undefined_const_function(const SSL *s);

-X509 *ssl_get_server_send_cert(SSL *);

-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);

-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);

-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);

-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);

-int ssl_verify_alarm_type(long type);

-void ssl_load_ciphers(void);

-int ssl2_enc_init(SSL *s, int client);

-int ssl2_generate_key_material(SSL *s);

-void ssl2_enc(SSL *s,int send_data);

-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);

-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);

-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);

-int ssl2_part_read(SSL *s, unsigned long f, int i);

-int ssl2_do_write(SSL *s);

-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);

-void ssl2_return_error(SSL *s,int reason);

-void ssl2_write_error(SSL *s);

-int ssl2_num_ciphers(void);

-SSL_CIPHER *ssl2_get_cipher(unsigned int u);

-int	ssl2_new(SSL *s);

-void	ssl2_free(SSL *s);

-int	ssl2_accept(SSL *s);

-int	ssl2_connect(SSL *s);

-int	ssl2_read(SSL *s, void *buf, int len);

-int	ssl2_peek(SSL *s, void *buf, int len);

-int	ssl2_write(SSL *s, const void *buf, int len);

-int	ssl2_shutdown(SSL *s);

-void	ssl2_clear(SSL *s);

-long	ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);

-long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);

-long	ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));

-long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));

-int	ssl2_pending(const SSL *s);

-long	ssl2_default_timeout(void );

-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);

-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);

-void ssl3_init_finished_mac(SSL *s);

-int ssl3_send_server_certificate(SSL *s);

-int ssl3_send_newsession_ticket(SSL *s);

-int ssl3_get_finished(SSL *s,int state_a,int state_b);

-int ssl3_setup_key_block(SSL *s);

-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);

-int ssl3_change_cipher_state(SSL *s,int which);

-void ssl3_cleanup_key_block(SSL *s);

-int ssl3_do_write(SSL *s,int type);

-void ssl3_send_alert(SSL *s,int level, int desc);

-int ssl3_generate_master_secret(SSL *s, unsigned char *out,

-	unsigned char *p, int len);

-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);

-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);

-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);

-int ssl3_num_ciphers(void);

-SSL_CIPHER *ssl3_get_cipher(unsigned int u);

-int ssl3_renegotiate(SSL *ssl);

-int ssl3_renegotiate_check(SSL *ssl);

-int ssl3_dispatch_alert(SSL *s);

-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);

-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);

-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,

-	const char *sender, int slen,unsigned char *p);

-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);

-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);

-int ssl3_enc(SSL *s, int send_data);

-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);

-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);

-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,

-			       STACK_OF(SSL_CIPHER) *srvr);

-int	ssl3_setup_buffers(SSL *s);

-int	ssl3_new(SSL *s);

-void	ssl3_free(SSL *s);

-int	ssl3_accept(SSL *s);

-int	ssl3_connect(SSL *s);

-int	ssl3_read(SSL *s, void *buf, int len);

-int	ssl3_peek(SSL *s, void *buf, int len);

-int	ssl3_write(SSL *s, const void *buf, int len);

-int	ssl3_shutdown(SSL *s);

-void	ssl3_clear(SSL *s);

-long	ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);

-long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);

-long	ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));

-long	ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));

-int	ssl3_pending(const SSL *s);

-void ssl3_record_sequence_update(unsigned char *seq);

-int ssl3_do_change_cipher_spec(SSL *ssl);

-long ssl3_default_timeout(void );

-int ssl23_num_ciphers(void );

-SSL_CIPHER *ssl23_get_cipher(unsigned int u);

-int ssl23_read(SSL *s, void *buf, int len);

-int ssl23_peek(SSL *s, void *buf, int len);

-int ssl23_write(SSL *s, const void *buf, int len);

-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);

-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);

-long ssl23_default_timeout(void );

-long tls1_default_timeout(void);

-int dtls1_do_write(SSL *s,int type);

-int ssl3_read_n(SSL *s, int n, int max, int extend);

-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);

-int ssl3_do_compress(SSL *ssl);

-int ssl3_do_uncompress(SSL *ssl);

-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,

-	unsigned int len);

-unsigned char *dtls1_set_message_header(SSL *s,

-	unsigned char *p, unsigned char mt,	unsigned long len,

-	unsigned long frag_off, unsigned long frag_len);

-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);

-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);

-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);

-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);

-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);

-int dtls1_read_failed(SSL *s, int code);

-int dtls1_buffer_message(SSL *s, int ccs);

-int dtls1_retransmit_message(SSL *s, unsigned short seq,

-	unsigned long frag_off, int *found);

-void dtls1_clear_record_buffer(SSL *s);

-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);

-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);

-void dtls1_reset_seq_numbers(SSL *s, int rw);

-long dtls1_default_timeout(void);

-SSL_CIPHER *dtls1_get_cipher(unsigned int u);

-/* some client-only functions */

-int ssl3_client_hello(SSL *s);

-int ssl3_get_server_hello(SSL *s);

-int ssl3_get_certificate_request(SSL *s);

-int ssl3_get_new_session_ticket(SSL *s);

-int ssl3_get_server_done(SSL *s);

-int ssl3_send_client_verify(SSL *s);

-int ssl3_send_client_certificate(SSL *s);

-int ssl3_send_client_key_exchange(SSL *s);

-int ssl3_get_key_exchange(SSL *s);

-int ssl3_get_server_certificate(SSL *s);

-int ssl3_check_cert_and_algorithm(SSL *s);

-int dtls1_client_hello(SSL *s);

-int dtls1_send_client_certificate(SSL *s);

-int dtls1_send_client_key_exchange(SSL *s);

-int dtls1_send_client_verify(SSL *s);

-/* some server-only functions */

-int ssl3_get_client_hello(SSL *s);

-int ssl3_send_server_hello(SSL *s);

-int ssl3_send_hello_request(SSL *s);

-int ssl3_send_server_key_exchange(SSL *s);

-int ssl3_send_certificate_request(SSL *s);

-int ssl3_send_server_done(SSL *s);

-int ssl3_check_client_hello(SSL *s);

-int ssl3_get_client_certificate(SSL *s);

-int ssl3_get_client_key_exchange(SSL *s);

-int ssl3_get_cert_verify(SSL *s);

-int dtls1_send_hello_request(SSL *s);

-int dtls1_send_server_hello(SSL *s);

-int dtls1_send_server_certificate(SSL *s);

-int dtls1_send_server_key_exchange(SSL *s);

-int dtls1_send_certificate_request(SSL *s);

-int dtls1_send_server_done(SSL *s);

-int ssl23_accept(SSL *s);

-int ssl23_connect(SSL *s);

-int ssl23_read_bytes(SSL *s, int n);

-int ssl23_write_bytes(SSL *s);

-int tls1_new(SSL *s);

-void tls1_free(SSL *s);

-void tls1_clear(SSL *s);

-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);

-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));

-SSL_METHOD *tlsv1_base_method(void );

-int dtls1_new(SSL *s);

-int	dtls1_accept(SSL *s);

-int	dtls1_connect(SSL *s);

-void dtls1_free(SSL *s);

-void dtls1_clear(SSL *s);

-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);

-SSL_METHOD *dtlsv1_base_method(void );

-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);

-int dtls1_get_record(SSL *s);

-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,

-	unsigned int len, int create_empty_fragement);

-int dtls1_dispatch_alert(SSL *s);

-int dtls1_enc(SSL *s, int snd);

-int ssl_init_wbio_buffer(SSL *s, int push);

-void ssl_free_wbio_buffer(SSL *s);

-int tls1_change_cipher_state(SSL *s, int which);

-int tls1_setup_key_block(SSL *s);

-int tls1_enc(SSL *s, int snd);

-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,

-	const char *str, int slen, unsigned char *p);

-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);

-int tls1_mac(SSL *ssl, unsigned char *md, int snd);

-int tls1_generate_master_secret(SSL *s, unsigned char *out,

-	unsigned char *p, int len);

-int tls1_alert_code(int code);

-int ssl3_alert_code(int code);

-int ssl_ok(SSL *s);

-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);

-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);

-#ifndef OPENSSL_NO_TLSEXT

-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);

-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);

-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);

-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);

-int ssl_prepare_clienthello_tlsext(SSL *s);

-int ssl_prepare_serverhello_tlsext(SSL *s);

-int ssl_check_clienthello_tlsext(SSL *s);

-int ssl_check_serverhello_tlsext(SSL *s);

-#ifdef OPENSSL_NO_SHA256

-#define tlsext_tick_md	EVP_sha1

-#else

-#define tlsext_tick_md	EVP_sha256

-#endif

-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,

-				const unsigned char *limit, SSL_SESSION **ret);

-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;

-void ssl_clear_hash_ctx(EVP_MD_CTX **hash);

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl_rsa.c

+++ /dev/null

@@ -1,777 +1,0 @@

-/* ssl/ssl_rsa.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/bio.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/pem.h>

-static int ssl_set_cert(CERT *c, X509 *x509);

-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);

-int SSL_use_certificate(SSL *ssl, X509 *x)

-	{

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (!ssl_cert_inst(&ssl->cert))

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	return(ssl_set_cert(ssl->cert,x));

-	}

-#ifndef OPENSSL_NO_STDIO

-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)

-	{

-	int j;

-	BIO *in;

-	int ret=0;

-	X509 *x=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	if (type == SSL_FILETYPE_ASN1)

-		{

-		j=ERR_R_ASN1_LIB;

-		x=d2i_X509_bio(in,NULL);

-		}

-	else if (type == SSL_FILETYPE_PEM)

-		{

-		j=ERR_R_PEM_LIB;

-		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);

-		goto end;

-		}

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);

-		goto end;

-		}

-	ret=SSL_use_certificate(ssl,x);

-end:

-	if (x != NULL) X509_free(x);

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)

-	{

-	X509 *x;

-	int ret;

-	x=d2i_X509(NULL,&d,(long)len);

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);

-		return(0);

-		}

-	ret=SSL_use_certificate(ssl,x);

-	X509_free(x);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_RSA

-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)

-	{

-	EVP_PKEY *pkey;

-	int ret;

-	if (rsa == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (!ssl_cert_inst(&ssl->cert))

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	if ((pkey=EVP_PKEY_new()) == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);

-		return(0);

-		}

-	RSA_up_ref(rsa);

-	EVP_PKEY_assign_RSA(pkey,rsa);

-	ret=ssl_set_pkey(ssl->cert,pkey);

-	EVP_PKEY_free(pkey);

-	return(ret);

-	}

-#endif

-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)

-	{

-	int i;

-	i=ssl_cert_type(NULL,pkey);

-	if (i < 0)

-		{

-		SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);

-		return(0);

-		}

-	if (c->pkeys[i].x509 != NULL)

-		{

-		EVP_PKEY *pktmp;

-		pktmp =	X509_get_pubkey(c->pkeys[i].x509);

-		EVP_PKEY_copy_parameters(pktmp,pkey);

-		EVP_PKEY_free(pktmp);

-		ERR_clear_error();

-#ifndef OPENSSL_NO_RSA

-		/* Don't check the public/private key, this is mostly

-		 * for smart cards. */

-		if ((pkey->type == EVP_PKEY_RSA) &&

-			(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))

-			;

-		else

-#endif

-		if (!X509_check_private_key(c->pkeys[i].x509,pkey))

-			{

-			X509_free(c->pkeys[i].x509);

-			c->pkeys[i].x509 = NULL;

-			return 0;

-			}

-		}

-	if (c->pkeys[i].privatekey != NULL)

-		EVP_PKEY_free(c->pkeys[i].privatekey);

-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);

-	c->pkeys[i].privatekey=pkey;

-	c->key= &(c->pkeys[i]);

-	c->valid=0;

-	return(1);

-	}

-#ifndef OPENSSL_NO_RSA

-#ifndef OPENSSL_NO_STDIO

-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)

-	{

-	int j,ret=0;

-	BIO *in;

-	RSA *rsa=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	if	(type == SSL_FILETYPE_ASN1)

-		{

-		j=ERR_R_ASN1_LIB;

-		rsa=d2i_RSAPrivateKey_bio(in,NULL);

-		}

-	else if (type == SSL_FILETYPE_PEM)

-		{

-		j=ERR_R_PEM_LIB;

-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,

-			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);

-		goto end;

-		}

-	if (rsa == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);

-		goto end;

-		}

-	ret=SSL_use_RSAPrivateKey(ssl,rsa);

-	RSA_free(rsa);

-end:

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)

-	{

-	int ret;

-	const unsigned char *p;

-	RSA *rsa;

-	p=d;

-	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);

-		return(0);

-		}

-	ret=SSL_use_RSAPrivateKey(ssl,rsa);

-	RSA_free(rsa);

-	return(ret);

-	}

-#endif /* !OPENSSL_NO_RSA */

-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)

-	{

-	int ret;

-	if (pkey == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (!ssl_cert_inst(&ssl->cert))

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	ret=ssl_set_pkey(ssl->cert,pkey);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_STDIO

-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)

-	{

-	int j,ret=0;

-	BIO *in;

-	EVP_PKEY *pkey=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	if (type == SSL_FILETYPE_PEM)

-		{

-		j=ERR_R_PEM_LIB;

-		pkey=PEM_read_bio_PrivateKey(in,NULL,

-			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);

-		}

-	else if (type == SSL_FILETYPE_ASN1)

-		{

-		j = ERR_R_ASN1_LIB;

-		pkey = d2i_PrivateKey_bio(in,NULL);

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);

-		goto end;

-		}

-	if (pkey == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);

-		goto end;

-		}

-	ret=SSL_use_PrivateKey(ssl,pkey);

-	EVP_PKEY_free(pkey);

-end:

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)

-	{

-	int ret;

-	const unsigned char *p;

-	EVP_PKEY *pkey;

-	p=d;

-	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)

-		{

-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);

-		return(0);

-		}

-	ret=SSL_use_PrivateKey(ssl,pkey);

-	EVP_PKEY_free(pkey);

-	return(ret);

-	}

-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)

-	{

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (!ssl_cert_inst(&ctx->cert))

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	return(ssl_set_cert(ctx->cert, x));

-	}

-static int ssl_set_cert(CERT *c, X509 *x)

-	{

-	EVP_PKEY *pkey;

-	int i;

-	pkey=X509_get_pubkey(x);

-	if (pkey == NULL)

-		{

-		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);

-		return(0);

-		}

-	i=ssl_cert_type(x,pkey);

-	if (i < 0)

-		{

-		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);

-		EVP_PKEY_free(pkey);

-		return(0);

-		}

-	if (c->pkeys[i].privatekey != NULL)

-		{

-		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);

-		ERR_clear_error();

-#ifndef OPENSSL_NO_RSA

-		/* Don't check the public/private key, this is mostly

-		 * for smart cards. */

-		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&

-			(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &

-			 RSA_METHOD_FLAG_NO_CHECK))

-			 ;

-		else

-#endif /* OPENSSL_NO_RSA */

-		if (!X509_check_private_key(x,c->pkeys[i].privatekey))

-			{

-			/* don't fail for a cert/key mismatch, just free

-			 * current private key (when switching to a different

-			 * cert & key, first this function should be used,

-			 * then ssl_set_pkey */

-			EVP_PKEY_free(c->pkeys[i].privatekey);

-			c->pkeys[i].privatekey=NULL;

-			/* clear error queue */

-			ERR_clear_error();

-			}

-		}

-	EVP_PKEY_free(pkey);

-	if (c->pkeys[i].x509 != NULL)

-		X509_free(c->pkeys[i].x509);

-	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);

-	c->pkeys[i].x509=x;

-	c->key= &(c->pkeys[i]);

-	c->valid=0;

-	return(1);

-	}

-#ifndef OPENSSL_NO_STDIO

-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)

-	{

-	int j;

-	BIO *in;

-	int ret=0;

-	X509 *x=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	if (type == SSL_FILETYPE_ASN1)

-		{

-		j=ERR_R_ASN1_LIB;

-		x=d2i_X509_bio(in,NULL);

-		}

-	else if (type == SSL_FILETYPE_PEM)

-		{

-		j=ERR_R_PEM_LIB;

-		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);

-		goto end;

-		}

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);

-		goto end;

-		}

-	ret=SSL_CTX_use_certificate(ctx,x);

-end:

-	if (x != NULL) X509_free(x);

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)

-	{

-	X509 *x;

-	int ret;

-	x=d2i_X509(NULL,&d,(long)len);

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);

-		return(0);

-		}

-	ret=SSL_CTX_use_certificate(ctx,x);

-	X509_free(x);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_RSA

-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)

-	{

-	int ret;

-	EVP_PKEY *pkey;

-	if (rsa == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (!ssl_cert_inst(&ctx->cert))

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	if ((pkey=EVP_PKEY_new()) == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);

-		return(0);

-		}

-	RSA_up_ref(rsa);

-	EVP_PKEY_assign_RSA(pkey,rsa);

-	ret=ssl_set_pkey(ctx->cert, pkey);

-	EVP_PKEY_free(pkey);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_STDIO

-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)

-	{

-	int j,ret=0;

-	BIO *in;

-	RSA *rsa=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	if	(type == SSL_FILETYPE_ASN1)

-		{

-		j=ERR_R_ASN1_LIB;

-		rsa=d2i_RSAPrivateKey_bio(in,NULL);

-		}

-	else if (type == SSL_FILETYPE_PEM)

-		{

-		j=ERR_R_PEM_LIB;

-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,

-			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);

-		goto end;

-		}

-	if (rsa == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);

-		goto end;

-		}

-	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);

-	RSA_free(rsa);

-end:

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)

-	{

-	int ret;

-	const unsigned char *p;

-	RSA *rsa;

-	p=d;

-	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);

-		return(0);

-		}

-	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);

-	RSA_free(rsa);

-	return(ret);

-	}

-#endif /* !OPENSSL_NO_RSA */

-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)

-	{

-	if (pkey == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);

-		return(0);

-		}

-	if (!ssl_cert_inst(&ctx->cert))

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	return(ssl_set_pkey(ctx->cert,pkey));

-	}

-#ifndef OPENSSL_NO_STDIO

-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)

-	{

-	int j,ret=0;

-	BIO *in;

-	EVP_PKEY *pkey=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	if (type == SSL_FILETYPE_PEM)

-		{

-		j=ERR_R_PEM_LIB;

-		pkey=PEM_read_bio_PrivateKey(in,NULL,

-			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);

-		}

-	else if (type == SSL_FILETYPE_ASN1)

-		{

-		j = ERR_R_ASN1_LIB;

-		pkey = d2i_PrivateKey_bio(in,NULL);

-		}

-	else

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);

-		goto end;

-		}

-	if (pkey == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);

-		goto end;

-		}

-	ret=SSL_CTX_use_PrivateKey(ctx,pkey);

-	EVP_PKEY_free(pkey);

-end:

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,

-	     long len)

-	{

-	int ret;

-	const unsigned char *p;

-	EVP_PKEY *pkey;

-	p=d;

-	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);

-		return(0);

-		}

-	ret=SSL_CTX_use_PrivateKey(ctx,pkey);

-	EVP_PKEY_free(pkey);

-	return(ret);

-	}

-#ifndef OPENSSL_NO_STDIO

-/* Read a file that contains our certificate in "PEM" format,

- * possibly followed by a sequence of CA certificates that should be

- * sent to the peer in the Certificate message.

- */

-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)

-	{

-	BIO *in;

-	int ret=0;

-	X509 *x=NULL;

-	in=BIO_new(BIO_s_file_internal());

-	if (in == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);

-		goto end;

-		}

-	if (BIO_read_filename(in,file) <= 0)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);

-		goto end;

-		}

-	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);

-	if (x == NULL)

-		{

-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);

-		goto end;

-		}

-	ret=SSL_CTX_use_certificate(ctx,x);

-	if (ERR_peek_error() != 0)

-		ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */

-	if (ret)

-		{

-		/* If we could set up our certificate, now proceed to

-		 * the CA certificates.

-		 */

-		X509 *ca;

-		int r;

-		unsigned long err;

-		if (ctx->extra_certs != NULL)

-			{

-			sk_X509_pop_free(ctx->extra_certs, X509_free);

-			ctx->extra_certs = NULL;

-			}

-		while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))

-			!= NULL)

-			{

-			r = SSL_CTX_add_extra_chain_cert(ctx, ca);

-			if (!r)

-				{

-				X509_free(ca);

-				ret = 0;

-				goto end;

-				}

-			/* Note that we must not free r if it was successfully

-			 * added to the chain (while we must free the main

-			 * certificate, since its reference count is increased

-			 * by SSL_CTX_use_certificate). */

-			}

-		/* When the while loop ends, it's usually just EOF. */

-		err = ERR_peek_last_error();

-		if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)

-			ERR_clear_error();

-		else

-			ret = 0; /* some real error */

-		}

-end:

-	if (x != NULL) X509_free(x);

-	if (in != NULL) BIO_free(in);

-	return(ret);

-	}

-#endif

--- a/sys/src/ape/lib/openssl/ssl/ssl_sess.c

+++ /dev/null

@@ -1,884 +1,0 @@

-/* ssl/ssl_sess.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/lhash.h>

-#include <openssl/rand.h>

-#include "ssl_locl.h"

-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);

-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);

-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);

-SSL_SESSION *SSL_get_session(const SSL *ssl)

-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */

-	{

-	return(ssl->session);

-	}

-SSL_SESSION *SSL_get1_session(SSL *ssl)

-/* variant of SSL_get_session: caller really gets something */

-	{

-	SSL_SESSION *sess;

-	/* Need to lock this all up rather than just use CRYPTO_add so that

-	 * somebody doesn't free ssl->session between when we check it's

-	 * non-null and when we up the reference count. */

-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);

-	sess = ssl->session;

-	if(sess)

-		sess->references++;

-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);

-	return(sess);

-	}

-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

-	{

-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,

-			new_func, dup_func, free_func);

-	}

-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)

-	{

-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));

-	}

-void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)

-	{

-	return(CRYPTO_get_ex_data(&s->ex_data,idx));

-	}

-SSL_SESSION *SSL_SESSION_new(void)

-	{

-	SSL_SESSION *ss;

-	ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));

-	if (ss == NULL)

-		{

-		SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);

-		return(0);

-		}

-	memset(ss,0,sizeof(SSL_SESSION));

-	ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */

-	ss->references=1;

-	ss->timeout=60*5+4; /* 5 minute timeout by default */

-	ss->time=(unsigned long)time(NULL);

-	ss->prev=NULL;

-	ss->next=NULL;

-	ss->compress_meth=0;

-#ifndef OPENSSL_NO_TLSEXT

-	ss->tlsext_hostname = NULL;

-#endif

-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);

-	return(ss);

-	}

-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)

-	{

-	if(len)

-		*len = s->session_id_length;

-	return s->session_id;

-	}

-/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1

- * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly

- * until we have no conflict is going to complete in one iteration pretty much

- * "most" of the time (btw: understatement). So, if it takes us 10 iterations

- * and we still can't avoid a conflict - well that's a reasonable point to call

- * it quits. Either the RAND code is broken or someone is trying to open roughly

- * very close to 2^128 (or 2^256) SSL sessions to our server. How you might

- * store that many sessions is perhaps a more interesting question ... */

-#define MAX_SESS_ID_ATTEMPTS 10

-static int def_generate_session_id(const SSL *ssl, unsigned char *id,

-				unsigned int *id_len)

-{

-	unsigned int retry = 0;

-	do

-		if (RAND_pseudo_bytes(id, *id_len) <= 0)

-			return 0;

-	while(SSL_has_matching_session_id(ssl, id, *id_len) &&

-		(++retry < MAX_SESS_ID_ATTEMPTS));

-	if(retry < MAX_SESS_ID_ATTEMPTS)

-		return 1;

-	/* else - woops a session_id match */

-	/* XXX We should also check the external cache --

-	 * but the probability of a collision is negligible, and

-	 * we could not prevent the concurrent creation of sessions

-	 * with identical IDs since we currently don't have means

-	 * to atomically check whether a session ID already exists

-	 * and make a reservation for it if it does not

-	 * (this problem applies to the internal cache as well).

-	 */

-	return 0;

-}

-int ssl_get_new_session(SSL *s, int session)

-	{

-	/* This gets used by clients and servers. */

-	unsigned int tmp;

-	SSL_SESSION *ss=NULL;

-	GEN_SESSION_CB cb = def_generate_session_id;

-	if ((ss=SSL_SESSION_new()) == NULL) return(0);

-	/* If the context has a default timeout, use it */

-	if (s->ctx->session_timeout == 0)

-		ss->timeout=SSL_get_default_timeout(s);

-	else

-		ss->timeout=s->ctx->session_timeout;

-	if (s->session != NULL)

-		{

-		SSL_SESSION_free(s->session);

-		s->session=NULL;

-		}

-	if (session)

-		{

-		if (s->version == SSL2_VERSION)

-			{

-			ss->ssl_version=SSL2_VERSION;

-			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;

-			}

-		else if (s->version == SSL3_VERSION)

-			{

-			ss->ssl_version=SSL3_VERSION;

-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;

-			}

-		else if (s->version == TLS1_VERSION)

-			{

-			ss->ssl_version=TLS1_VERSION;

-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;

-			}

-		else if (s->version == DTLS1_VERSION)

-			{

-			ss->ssl_version=DTLS1_VERSION;

-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;

-			}

-		else

-			{

-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);

-			SSL_SESSION_free(ss);

-			return(0);

-			}

-#ifndef OPENSSL_NO_TLSEXT

-		/* If RFC4507 ticket use empty session ID */

-		if (s->tlsext_ticket_expected)

-			{

-			ss->session_id_length = 0;

-			goto sess_id_done;

-			}

-#endif

-		/* Choose which callback will set the session ID */

-		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

-		if(s->generate_session_id)

-			cb = s->generate_session_id;

-		else if(s->ctx->generate_session_id)

-			cb = s->ctx->generate_session_id;

-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

-		/* Choose a session ID */

-		tmp = ss->session_id_length;

-		if(!cb(s, ss->session_id, &tmp))

-			{

-			/* The callback failed */

-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,

-				SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);

-			SSL_SESSION_free(ss);

-			return(0);

-			}

-		/* Don't allow the callback to set the session length to zero.

-		 * nor set it higher than it was. */

-		if(!tmp || (tmp > ss->session_id_length))

-			{

-			/* The callback set an illegal length */

-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,

-				SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);

-			SSL_SESSION_free(ss);

-			return(0);

-			}

-		/* If the session length was shrunk and we're SSLv2, pad it */

-		if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))

-			memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);

-		else

-			ss->session_id_length = tmp;

-		/* Finally, check for a conflict */

-		if(SSL_has_matching_session_id(s, ss->session_id,

-						ss->session_id_length))

-			{

-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,

-				SSL_R_SSL_SESSION_ID_CONFLICT);

-			SSL_SESSION_free(ss);

-			return(0);

-			}

-#ifndef OPENSSL_NO_TLSEXT

-		sess_id_done:

-		if (s->tlsext_hostname) {

-			ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);

-			if (ss->tlsext_hostname == NULL) {

-				SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);

-				SSL_SESSION_free(ss);

-				return 0;

-				}

-			}

-#endif

-		}

-	else

-		{

-		ss->session_id_length=0;

-		}

-	if (s->sid_ctx_length > sizeof ss->sid_ctx)

-		{

-		SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);

-		SSL_SESSION_free(ss);

-		return 0;

-		}

-	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);

-	ss->sid_ctx_length=s->sid_ctx_length;

-	s->session=ss;

-	ss->ssl_version=s->version;

-	ss->verify_result = X509_V_OK;

-	return(1);

-	}

-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,

-			const unsigned char *limit)

-	{

-	/* This is used only by servers. */

-	SSL_SESSION *ret=NULL;

-	int fatal = 0;

-#ifndef OPENSSL_NO_TLSEXT

-	int r;

-#endif

-	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)

-		goto err;

-#ifndef OPENSSL_NO_TLSEXT

- 	r = tls1_process_ticket(s, session_id, len, limit, &ret);

-	if (r == -1)

-		{

-		fatal = 1;

- 		goto err;

-		}

-	else if (r == 0 || (!ret && !len))

-		goto err;

-	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))

-#else

-	if (len == 0)

-		goto err;

-	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))

-#endif

-		{

-		SSL_SESSION data;

-		data.ssl_version=s->version;

-		data.session_id_length=len;

-		if (len == 0)

-			return 0;

- 		memcpy(data.session_id,session_id,len);

-		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

-		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);

-		if (ret != NULL)

-		    /* don't allow other threads to steal it: */

-		    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);

-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

-		}

-	if (ret == NULL)

-		{

-		int copy=1;

-		s->ctx->stats.sess_miss++;

-		ret=NULL;

-		if (s->ctx->get_session_cb != NULL

-		    && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))

-		       != NULL)

-			{

-			s->ctx->stats.sess_cb_hit++;

-			/* Increment reference count now if the session callback

-			 * asks us to do so (note that if the session structures

-			 * returned by the callback are shared between threads,

-			 * it must handle the reference count itself [i.e. copy == 0],

-			 * or things won't be thread-safe). */

-			if (copy)

-				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);

-			/* Add the externally cached session to the internal

-			 * cache as well if and only if we are supposed to. */

-			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))

-				/* The following should not return 1, otherwise,

-				 * things are very strange */

-				SSL_CTX_add_session(s->ctx,ret);

-			}

-		if (ret == NULL)

-			goto err;

-		}

-	/* Now ret is non-NULL, and we own one of its reference counts. */

-	if (ret->sid_ctx_length != s->sid_ctx_length

-	    || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))

-		{

-		/* We've found the session named by the client, but we don't

-		 * want to use it in this context. */

-#if 0 /* The client cannot always know when a session is not appropriate,

-       * so we shouldn't generate an error message. */

-		SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);

-#endif

-		goto err; /* treat like cache miss */

-		}

-	if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)

-		{

-		/* We can't be sure if this session is being used out of

-		 * context, which is especially important for SSL_VERIFY_PEER.

-		 * The application should have used SSL[_CTX]_set_session_id_context.

-		 *

-		 * For this error case, we generate an error instead of treating

-		 * the event like a cache miss (otherwise it would be easy for

-		 * applications to effectively disable the session cache by

-		 * accident without anyone noticing).

-		 */

-		SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);

-		fatal = 1;

-		goto err;

-		}

-	if (ret->cipher == NULL)

-		{

-		unsigned char buf[5],*p;

-		unsigned long l;

-		p=buf;

-		l=ret->cipher_id;

-		l2n(l,p);

-		if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)

-			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));

-		else

-			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));

-		if (ret->cipher == NULL)

-			goto err;

-		}

-#if 0 /* This is way too late. */

-	/* If a thread got the session, then 'swaped', and another got

-	 * it and then due to a time-out decided to 'OPENSSL_free' it we could

-	 * be in trouble.  So I'll increment it now, then double decrement

-	 * later - am I speaking rubbish?. */

-	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);

-#endif

-	if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */

-		{

-		s->ctx->stats.sess_timeout++;

-		/* remove it from the cache */

-		SSL_CTX_remove_session(s->ctx,ret);

-		goto err;

-		}

-	s->ctx->stats.sess_hit++;

-	/* ret->time=time(NULL); */ /* rezero timeout? */

-	/* again, just leave the session

-	 * if it is the same session, we have just incremented and

-	 * then decremented the reference count :-) */

-	if (s->session != NULL)

-		SSL_SESSION_free(s->session);

-	s->session=ret;

-	s->verify_result = s->session->verify_result;

-	return(1);

- err:

-	if (ret != NULL)

-		SSL_SESSION_free(ret);

-	if (fatal)

-		return -1;

-	else

-		return 0;

-	}

-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)

-	{

-	int ret=0;

-	SSL_SESSION *s;

-	/* add just 1 reference count for the SSL_CTX's session cache

-	 * even though it has two ways of access: each session is in a

-	 * doubly linked list and an lhash */

-	CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);

-	/* if session c is in already in cache, we take back the increment later */

-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

-	s=(SSL_SESSION *)lh_insert(ctx->sessions,c);

-	/* s != NULL iff we already had a session with the given PID.

-	 * In this case, s == c should hold (then we did not really modify

-	 * ctx->sessions), or we're in trouble. */

-	if (s != NULL && s != c)

-		{

-		/* We *are* in trouble ... */

-		SSL_SESSION_list_remove(ctx,s);

-		SSL_SESSION_free(s);

-		/* ... so pretend the other session did not exist in cache

-		 * (we cannot handle two SSL_SESSION structures with identical

-		 * session ID in the same cache, which could happen e.g. when

-		 * two threads concurrently obtain the same session from an external

-		 * cache) */

-		s = NULL;

-		}

- 	/* Put at the head of the queue unless it is already in the cache */

-	if (s == NULL)

-		SSL_SESSION_list_add(ctx,c);

-	if (s != NULL)

-		{

-		/* existing cache entry -- decrement previously incremented reference

-		 * count because it already takes into account the cache */

-		SSL_SESSION_free(s); /* s == c */

-		ret=0;

-		}

-	else

-		{

-		/* new cache entry -- remove old ones if cache has become too large */

-		ret=1;

-		if (SSL_CTX_sess_get_cache_size(ctx) > 0)

-			{

-			while (SSL_CTX_sess_number(ctx) >

-				SSL_CTX_sess_get_cache_size(ctx))

-				{

-				if (!remove_session_lock(ctx,

-					ctx->session_cache_tail, 0))

-					break;

-				else

-					ctx->stats.sess_cache_full++;

-				}

-			}

-		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

-	return(ret);

-	}

-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)

-{

-	return remove_session_lock(ctx, c, 1);

-}

-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)

-	{

-	SSL_SESSION *r;

-	int ret=0;

-	if ((c != NULL) && (c->session_id_length != 0))

-		{

-		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

-		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)

-			{

-			ret=1;

-			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);

-			SSL_SESSION_list_remove(ctx,c);

-			}

-		if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

-		if (ret)

-			{

-			r->not_resumable=1;

-			if (ctx->remove_session_cb != NULL)

-				ctx->remove_session_cb(ctx,r);

-			SSL_SESSION_free(r);

-			}

-		}

-	else

-		ret=0;

-	return(ret);

-	}

-void SSL_SESSION_free(SSL_SESSION *ss)

-	{

-	int i;

-	if(ss == NULL)

-	    return;

-	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);

-#ifdef REF_PRINT

-	REF_PRINT("SSL_SESSION",ss);

-#endif

-	if (i > 0) return;

-#ifdef REF_CHECK

-	if (i < 0)

-		{

-		fprintf(stderr,"SSL_SESSION_free, bad reference count\n");

-		abort(); /* ok */

-		}

-#endif

-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);

-	OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);

-	OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);

-	OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);

-	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);

-	if (ss->peer != NULL) X509_free(ss->peer);

-	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);

-#ifndef OPENSSL_NO_TLSEXT

-	if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);

-	if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);

-#endif

-	OPENSSL_cleanse(ss,sizeof(*ss));

-	OPENSSL_free(ss);

-	}

-int SSL_set_session(SSL *s, SSL_SESSION *session)

-	{

-	int ret=0;

-	SSL_METHOD *meth;

-	if (session != NULL)

-		{

-		meth=s->ctx->method->get_ssl_method(session->ssl_version);

-		if (meth == NULL)

-			meth=s->method->get_ssl_method(session->ssl_version);

-		if (meth == NULL)

-			{

-			SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);

-			return(0);

-			}

-		if (meth != s->method)

-			{

-			if (!SSL_set_ssl_method(s,meth))

-				return(0);

-			if (s->ctx->session_timeout == 0)

-				session->timeout=SSL_get_default_timeout(s);

-			else

-				session->timeout=s->ctx->session_timeout;

-			}

-#ifndef OPENSSL_NO_KRB5

-                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&

-                    session->krb5_client_princ_len > 0)

-                {

-                    s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);

-                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,

-                            session->krb5_client_princ_len);

-                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';

-                }

-#endif /* OPENSSL_NO_KRB5 */

-		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/

-		CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);

-		if (s->session != NULL)

-			SSL_SESSION_free(s->session);

-		s->session=session;

-		s->verify_result = s->session->verify_result;

-		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/

-		ret=1;

-		}

-	else

-		{

-		if (s->session != NULL)

-			{

-			SSL_SESSION_free(s->session);

-			s->session=NULL;

-			}

-		meth=s->ctx->method;

-		if (meth != s->method)

-			{

-			if (!SSL_set_ssl_method(s,meth))

-				return(0);

-			}

-		ret=1;

-		}

-	return(ret);

-	}

-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)

-	{

-	if (s == NULL) return(0);

-	s->timeout=t;

-	return(1);

-	}

-long SSL_SESSION_get_timeout(const SSL_SESSION *s)

-	{

-	if (s == NULL) return(0);

-	return(s->timeout);

-	}

-long SSL_SESSION_get_time(const SSL_SESSION *s)

-	{

-	if (s == NULL) return(0);

-	return(s->time);

-	}

-long SSL_SESSION_set_time(SSL_SESSION *s, long t)

-	{

-	if (s == NULL) return(0);

-	s->time=t;

-	return(t);

-	}

-long SSL_CTX_set_timeout(SSL_CTX *s, long t)

-	{

-	long l;

-	if (s == NULL) return(0);

-	l=s->session_timeout;

-	s->session_timeout=t;

-	return(l);

-	}

-long SSL_CTX_get_timeout(const SSL_CTX *s)

-	{

-	if (s == NULL) return(0);

-	return(s->session_timeout);

-	}

-typedef struct timeout_param_st

-	{

-	SSL_CTX *ctx;

-	long time;

-	LHASH *cache;

-	} TIMEOUT_PARAM;

-static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)

-	{

-	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */

-		{

-		/* The reason we don't call SSL_CTX_remove_session() is to

-		 * save on locking overhead */

-		lh_delete(p->cache,s);

-		SSL_SESSION_list_remove(p->ctx,s);

-		s->not_resumable=1;

-		if (p->ctx->remove_session_cb != NULL)

-			p->ctx->remove_session_cb(p->ctx,s);

-		SSL_SESSION_free(s);

-		}

-	}

-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)

-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)

-	{

-	unsigned long i;

-	TIMEOUT_PARAM tp;

-	tp.ctx=s;

-	tp.cache=s->sessions;

-	if (tp.cache == NULL) return;

-	tp.time=t;

-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

-	i=tp.cache->down_load;

-	tp.cache->down_load=0;

-	lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);

-	tp.cache->down_load=i;

-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

-	}

-int ssl_clear_bad_session(SSL *s)

-	{

-	if (	(s->session != NULL) &&

-		!(s->shutdown & SSL_SENT_SHUTDOWN) &&

-		!(SSL_in_init(s) || SSL_in_before(s)))

-		{

-		SSL_CTX_remove_session(s->ctx,s->session);

-		return(1);

-		}

-	else

-		return(0);

-	}

-/* locked by SSL_CTX in the calling function */

-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)

-	{

-	if ((s->next == NULL) || (s->prev == NULL)) return;

-	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))

-		{ /* last element in list */

-		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))

-			{ /* only one element in list */

-			ctx->session_cache_head=NULL;

-			ctx->session_cache_tail=NULL;

-			}

-		else

-			{

-			ctx->session_cache_tail=s->prev;

-			s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);

-			}

-		}

-	else

-		{

-		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))

-			{ /* first element in list */

-			ctx->session_cache_head=s->next;

-			s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);

-			}

-		else

-			{ /* middle of list */

-			s->next->prev=s->prev;

-			s->prev->next=s->next;

-			}

-		}

-	s->prev=s->next=NULL;

-	}

-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)

-	{

-	if ((s->next != NULL) && (s->prev != NULL))

-		SSL_SESSION_list_remove(ctx,s);

-	if (ctx->session_cache_head == NULL)

-		{

-		ctx->session_cache_head=s;

-		ctx->session_cache_tail=s;

-		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);

-		s->next=(SSL_SESSION *)&(ctx->session_cache_tail);

-		}

-	else

-		{

-		s->next=ctx->session_cache_head;

-		s->next->prev=s;

-		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);

-		ctx->session_cache_head=s;

-		}

-	}

-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,

-	int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))

-	{

-	ctx->new_session_cb=cb;

-	}

-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)

-	{

-	return ctx->new_session_cb;

-	}

-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,

-	void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))

-	{

-	ctx->remove_session_cb=cb;

-	}

-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)

-	{

-	return ctx->remove_session_cb;

-	}

-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,

-	SSL_SESSION *(*cb)(struct ssl_st *ssl,

-	         unsigned char *data,int len,int *copy))

-	{

-	ctx->get_session_cb=cb;

-	}

-SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,

-	         unsigned char *data,int len,int *copy)

-	{

-	return ctx->get_session_cb;

-	}

-void SSL_CTX_set_info_callback(SSL_CTX *ctx,

-	void (*cb)(const SSL *ssl,int type,int val))

-	{

-	ctx->info_callback=cb;

-	}

-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)

-	{

-	return ctx->info_callback;

-	}

-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,

-	int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))

-	{

-	ctx->client_cert_cb=cb;

-	}

-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)

-	{

-	return ctx->client_cert_cb;

-	}

-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,

-	int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))

-	{

-	ctx->app_gen_cookie_cb=cb;

-	}

-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,

-	int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))

-	{

-	ctx->app_verify_cookie_cb=cb;

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_stat.c

+++ /dev/null

@@ -1,502 +1,0 @@

-/* ssl/ssl_stat.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-const char *SSL_state_string_long(const SSL *s)

-	{

-	const char *str;

-	switch (s->state)

-		{

-case SSL_ST_BEFORE: str="before SSL initialization"; break;

-case SSL_ST_ACCEPT: str="before accept initialization"; break;

-case SSL_ST_CONNECT: str="before connect initialization"; break;

-case SSL_ST_OK: str="SSL negotiation finished successfully"; break;

-case SSL_ST_RENEGOTIATE:	str="SSL renegotiate ciphers"; break;

-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;

-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;

-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;

-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;

-#ifndef OPENSSL_NO_SSL2

-case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;

-case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;

-case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;

-case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;

-case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;

-case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;

-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;

-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;

-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;

-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;

-case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;

-case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;

-case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;

-case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;

-case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;

-case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;

-case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;

-case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;

-case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;

-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;

-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;

-case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;

-case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;

-case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;

-case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;

-case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;

-case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;

-case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;

-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;

-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;

-#endif

-#ifndef OPENSSL_NO_SSL3

-/* SSLv3 additions */

-case SSL3_ST_CW_CLNT_HELLO_A:	str="SSLv3 write client hello A"; break;

-case SSL3_ST_CW_CLNT_HELLO_B:	str="SSLv3 write client hello B"; break;

-case SSL3_ST_CR_SRVR_HELLO_A:	str="SSLv3 read server hello A"; break;

-case SSL3_ST_CR_SRVR_HELLO_B:	str="SSLv3 read server hello B"; break;

-case SSL3_ST_CR_CERT_A:		str="SSLv3 read server certificate A"; break;

-case SSL3_ST_CR_CERT_B:		str="SSLv3 read server certificate B"; break;

-case SSL3_ST_CR_KEY_EXCH_A:	str="SSLv3 read server key exchange A"; break;

-case SSL3_ST_CR_KEY_EXCH_B:	str="SSLv3 read server key exchange B"; break;

-case SSL3_ST_CR_CERT_REQ_A:	str="SSLv3 read server certificate request A"; break;

-case SSL3_ST_CR_CERT_REQ_B:	str="SSLv3 read server certificate request B"; break;

-case SSL3_ST_CR_SRVR_DONE_A:	str="SSLv3 read server done A"; break;

-case SSL3_ST_CR_SRVR_DONE_B:	str="SSLv3 read server done B"; break;

-case SSL3_ST_CW_CERT_A:		str="SSLv3 write client certificate A"; break;

-case SSL3_ST_CW_CERT_B:		str="SSLv3 write client certificate B"; break;

-case SSL3_ST_CW_CERT_C:		str="SSLv3 write client certificate C"; break;

-case SSL3_ST_CW_CERT_D:		str="SSLv3 write client certificate D"; break;

-case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;

-case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;

-case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;

-case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify B"; break;

-case SSL3_ST_CW_CHANGE_A:

-case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;

-case SSL3_ST_CW_CHANGE_B:

-case SSL3_ST_SW_CHANGE_B:	str="SSLv3 write change cipher spec B"; break;

-case SSL3_ST_CW_FINISHED_A:

-case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;

-case SSL3_ST_CW_FINISHED_B:

-case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished B"; break;

-case SSL3_ST_CR_CHANGE_A:

-case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;

-case SSL3_ST_CR_CHANGE_B:

-case SSL3_ST_SR_CHANGE_B:	str="SSLv3 read change cipher spec B"; break;

-case SSL3_ST_CR_FINISHED_A:

-case SSL3_ST_SR_FINISHED_A:	str="SSLv3 read finished A"; break;

-case SSL3_ST_CR_FINISHED_B:

-case SSL3_ST_SR_FINISHED_B:	str="SSLv3 read finished B"; break;

-case SSL3_ST_CW_FLUSH:

-case SSL3_ST_SW_FLUSH:		str="SSLv3 flush data"; break;

-case SSL3_ST_SR_CLNT_HELLO_A:	str="SSLv3 read client hello A"; break;

-case SSL3_ST_SR_CLNT_HELLO_B:	str="SSLv3 read client hello B"; break;

-case SSL3_ST_SR_CLNT_HELLO_C:	str="SSLv3 read client hello C"; break;

-case SSL3_ST_SW_HELLO_REQ_A:	str="SSLv3 write hello request A"; break;

-case SSL3_ST_SW_HELLO_REQ_B:	str="SSLv3 write hello request B"; break;

-case SSL3_ST_SW_HELLO_REQ_C:	str="SSLv3 write hello request C"; break;

-case SSL3_ST_SW_SRVR_HELLO_A:	str="SSLv3 write server hello A"; break;

-case SSL3_ST_SW_SRVR_HELLO_B:	str="SSLv3 write server hello B"; break;

-case SSL3_ST_SW_CERT_A:		str="SSLv3 write certificate A"; break;

-case SSL3_ST_SW_CERT_B:		str="SSLv3 write certificate B"; break;

-case SSL3_ST_SW_KEY_EXCH_A:	str="SSLv3 write key exchange A"; break;

-case SSL3_ST_SW_KEY_EXCH_B:	str="SSLv3 write key exchange B"; break;

-case SSL3_ST_SW_CERT_REQ_A:	str="SSLv3 write certificate request A"; break;

-case SSL3_ST_SW_CERT_REQ_B:	str="SSLv3 write certificate request B"; break;

-case SSL3_ST_SW_SRVR_DONE_A:	str="SSLv3 write server done A"; break;

-case SSL3_ST_SW_SRVR_DONE_B:	str="SSLv3 write server done B"; break;

-case SSL3_ST_SR_CERT_A:		str="SSLv3 read client certificate A"; break;

-case SSL3_ST_SR_CERT_B:		str="SSLv3 read client certificate B"; break;

-case SSL3_ST_SR_KEY_EXCH_A:	str="SSLv3 read client key exchange A"; break;

-case SSL3_ST_SR_KEY_EXCH_B:	str="SSLv3 read client key exchange B"; break;

-case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;

-case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;

-#endif

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-/* SSLv2/v3 compatibility states */

-/* client */

-case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;

-case SSL23_ST_CW_CLNT_HELLO_B:	str="SSLv2/v3 write client hello B"; break;

-case SSL23_ST_CR_SRVR_HELLO_A:	str="SSLv2/v3 read server hello A"; break;

-case SSL23_ST_CR_SRVR_HELLO_B:	str="SSLv2/v3 read server hello B"; break;

-/* server */

-case SSL23_ST_SR_CLNT_HELLO_A:	str="SSLv2/v3 read client hello A"; break;

-case SSL23_ST_SR_CLNT_HELLO_B:	str="SSLv2/v3 read client hello B"; break;

-#endif

-default:	str="unknown state"; break;

-		}

-	return(str);

-	}

-const char *SSL_rstate_string_long(const SSL *s)

-	{

-	const char *str;

-	switch (s->rstate)

-		{

-	case SSL_ST_READ_HEADER: str="read header"; break;

-	case SSL_ST_READ_BODY: str="read body"; break;

-	case SSL_ST_READ_DONE: str="read done"; break;

-	default: str="unknown"; break;

-		}

-	return(str);

-	}

-const char *SSL_state_string(const SSL *s)

-	{

-	const char *str;

-	switch (s->state)

-		{

-case SSL_ST_BEFORE:				str="PINIT "; break;

-case SSL_ST_ACCEPT:				str="AINIT "; break;

-case SSL_ST_CONNECT:				str="CINIT "; break;

-case SSL_ST_OK:			 		str="SSLOK "; break;

-#ifndef OPENSSL_NO_SSL2

-case SSL2_ST_CLIENT_START_ENCRYPTION:		str="2CSENC"; break;

-case SSL2_ST_SERVER_START_ENCRYPTION:		str="2SSENC"; break;

-case SSL2_ST_SEND_CLIENT_HELLO_A:		str="2SCH_A"; break;

-case SSL2_ST_SEND_CLIENT_HELLO_B:		str="2SCH_B"; break;

-case SSL2_ST_GET_SERVER_HELLO_A:		str="2GSH_A"; break;

-case SSL2_ST_GET_SERVER_HELLO_B:		str="2GSH_B"; break;

-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:		str="2SCMKA"; break;

-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:		str="2SCMKB"; break;

-case SSL2_ST_SEND_CLIENT_FINISHED_A:		str="2SCF_A"; break;

-case SSL2_ST_SEND_CLIENT_FINISHED_B:		str="2SCF_B"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:		str="2SCC_A"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:		str="2SCC_B"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:		str="2SCC_C"; break;

-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:		str="2SCC_D"; break;

-case SSL2_ST_GET_SERVER_VERIFY_A:		str="2GSV_A"; break;

-case SSL2_ST_GET_SERVER_VERIFY_B:		str="2GSV_B"; break;

-case SSL2_ST_GET_SERVER_FINISHED_A:		str="2GSF_A"; break;

-case SSL2_ST_GET_SERVER_FINISHED_B:		str="2GSF_B"; break;

-case SSL2_ST_GET_CLIENT_HELLO_A:		str="2GCH_A"; break;

-case SSL2_ST_GET_CLIENT_HELLO_B:		str="2GCH_B"; break;

-case SSL2_ST_GET_CLIENT_HELLO_C:		str="2GCH_C"; break;

-case SSL2_ST_SEND_SERVER_HELLO_A:		str="2SSH_A"; break;

-case SSL2_ST_SEND_SERVER_HELLO_B:		str="2SSH_B"; break;

-case SSL2_ST_GET_CLIENT_MASTER_KEY_A:		str="2GCMKA"; break;

-case SSL2_ST_GET_CLIENT_MASTER_KEY_B:		str="2GCMKA"; break;

-case SSL2_ST_SEND_SERVER_VERIFY_A:		str="2SSV_A"; break;

-case SSL2_ST_SEND_SERVER_VERIFY_B:		str="2SSV_B"; break;

-case SSL2_ST_SEND_SERVER_VERIFY_C:		str="2SSV_C"; break;

-case SSL2_ST_GET_CLIENT_FINISHED_A:		str="2GCF_A"; break;

-case SSL2_ST_GET_CLIENT_FINISHED_B:		str="2GCF_B"; break;

-case SSL2_ST_SEND_SERVER_FINISHED_A:		str="2SSF_A"; break;

-case SSL2_ST_SEND_SERVER_FINISHED_B:		str="2SSF_B"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:	str="2SRC_A"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:	str="2SRC_B"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:	str="2SRC_C"; break;

-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:	str="2SRC_D"; break;

-case SSL2_ST_X509_GET_SERVER_CERTIFICATE:	str="2X9GSC"; break;

-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:	str="2X9GCC"; break;

-#endif

-#ifndef OPENSSL_NO_SSL3

-/* SSLv3 additions */

-case SSL3_ST_SW_FLUSH:

-case SSL3_ST_CW_FLUSH:				str="3FLUSH"; break;

-case SSL3_ST_CW_CLNT_HELLO_A:			str="3WCH_A"; break;

-case SSL3_ST_CW_CLNT_HELLO_B:			str="3WCH_B"; break;

-case SSL3_ST_CR_SRVR_HELLO_A:			str="3RSH_A"; break;

-case SSL3_ST_CR_SRVR_HELLO_B:			str="3RSH_B"; break;

-case SSL3_ST_CR_CERT_A:				str="3RSC_A"; break;

-case SSL3_ST_CR_CERT_B:				str="3RSC_B"; break;

-case SSL3_ST_CR_KEY_EXCH_A:			str="3RSKEA"; break;

-case SSL3_ST_CR_KEY_EXCH_B:			str="3RSKEB"; break;

-case SSL3_ST_CR_CERT_REQ_A:			str="3RCR_A"; break;

-case SSL3_ST_CR_CERT_REQ_B:			str="3RCR_B"; break;

-case SSL3_ST_CR_SRVR_DONE_A:			str="3RSD_A"; break;

-case SSL3_ST_CR_SRVR_DONE_B:			str="3RSD_B"; break;

-case SSL3_ST_CW_CERT_A:				str="3WCC_A"; break;

-case SSL3_ST_CW_CERT_B:				str="3WCC_B"; break;

-case SSL3_ST_CW_CERT_C:				str="3WCC_C"; break;

-case SSL3_ST_CW_CERT_D:				str="3WCC_D"; break;

-case SSL3_ST_CW_KEY_EXCH_A:			str="3WCKEA"; break;

-case SSL3_ST_CW_KEY_EXCH_B:			str="3WCKEB"; break;

-case SSL3_ST_CW_CERT_VRFY_A:			str="3WCV_A"; break;

-case SSL3_ST_CW_CERT_VRFY_B:			str="3WCV_B"; break;

-case SSL3_ST_SW_CHANGE_A:

-case SSL3_ST_CW_CHANGE_A:			str="3WCCSA"; break;

-case SSL3_ST_SW_CHANGE_B:

-case SSL3_ST_CW_CHANGE_B:			str="3WCCSB"; break;

-case SSL3_ST_SW_FINISHED_A:

-case SSL3_ST_CW_FINISHED_A:			str="3WFINA"; break;

-case SSL3_ST_SW_FINISHED_B:

-case SSL3_ST_CW_FINISHED_B:			str="3WFINB"; break;

-case SSL3_ST_SR_CHANGE_A:

-case SSL3_ST_CR_CHANGE_A:			str="3RCCSA"; break;

-case SSL3_ST_SR_CHANGE_B:

-case SSL3_ST_CR_CHANGE_B:			str="3RCCSB"; break;

-case SSL3_ST_SR_FINISHED_A:

-case SSL3_ST_CR_FINISHED_A:			str="3RFINA"; break;

-case SSL3_ST_SR_FINISHED_B:

-case SSL3_ST_CR_FINISHED_B:			str="3RFINB"; break;

-case SSL3_ST_SW_HELLO_REQ_A:			str="3WHR_A"; break;

-case SSL3_ST_SW_HELLO_REQ_B:			str="3WHR_B"; break;

-case SSL3_ST_SW_HELLO_REQ_C:			str="3WHR_C"; break;

-case SSL3_ST_SR_CLNT_HELLO_A:			str="3RCH_A"; break;

-case SSL3_ST_SR_CLNT_HELLO_B:			str="3RCH_B"; break;

-case SSL3_ST_SR_CLNT_HELLO_C:			str="3RCH_C"; break;

-case SSL3_ST_SW_SRVR_HELLO_A:			str="3WSH_A"; break;

-case SSL3_ST_SW_SRVR_HELLO_B:			str="3WSH_B"; break;

-case SSL3_ST_SW_CERT_A:				str="3WSC_A"; break;

-case SSL3_ST_SW_CERT_B:				str="3WSC_B"; break;

-case SSL3_ST_SW_KEY_EXCH_A:			str="3WSKEA"; break;

-case SSL3_ST_SW_KEY_EXCH_B:			str="3WSKEB"; break;

-case SSL3_ST_SW_CERT_REQ_A:			str="3WCR_A"; break;

-case SSL3_ST_SW_CERT_REQ_B:			str="3WCR_B"; break;

-case SSL3_ST_SW_SRVR_DONE_A:			str="3WSD_A"; break;

-case SSL3_ST_SW_SRVR_DONE_B:			str="3WSD_B"; break;

-case SSL3_ST_SR_CERT_A:				str="3RCC_A"; break;

-case SSL3_ST_SR_CERT_B:				str="3RCC_B"; break;

-case SSL3_ST_SR_KEY_EXCH_A:			str="3RCKEA"; break;

-case SSL3_ST_SR_KEY_EXCH_B:			str="3RCKEB"; break;

-case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;

-case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;

-#endif

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-/* SSLv2/v3 compatibility states */

-/* client */

-case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;

-case SSL23_ST_CW_CLNT_HELLO_B:			str="23WCHB"; break;

-case SSL23_ST_CR_SRVR_HELLO_A:			str="23RSHA"; break;

-case SSL23_ST_CR_SRVR_HELLO_B:			str="23RSHA"; break;

-/* server */

-case SSL23_ST_SR_CLNT_HELLO_A:			str="23RCHA"; break;

-case SSL23_ST_SR_CLNT_HELLO_B:			str="23RCHB"; break;

-#endif

-default:					str="UNKWN "; break;

-		}

-	return(str);

-	}

-const char *SSL_alert_type_string_long(int value)

-	{

-	value>>=8;

-	if (value == SSL3_AL_WARNING)

-		return("warning");

-	else if (value == SSL3_AL_FATAL)

-		return("fatal");

-	else

-		return("unknown");

-	}

-const char *SSL_alert_type_string(int value)

-	{

-	value>>=8;

-	if (value == SSL3_AL_WARNING)

-		return("W");

-	else if (value == SSL3_AL_FATAL)

-		return("F");

-	else

-		return("U");

-	}

-const char *SSL_alert_desc_string(int value)

-	{

-	const char *str;

-	switch (value & 0xff)

-		{

-	case SSL3_AD_CLOSE_NOTIFY:		str="CN"; break;

-	case SSL3_AD_UNEXPECTED_MESSAGE:	str="UM"; break;

-	case SSL3_AD_BAD_RECORD_MAC:		str="BM"; break;

-	case SSL3_AD_DECOMPRESSION_FAILURE:	str="DF"; break;

-	case SSL3_AD_HANDSHAKE_FAILURE:		str="HF"; break;

-	case SSL3_AD_NO_CERTIFICATE:		str="NC"; break;

-	case SSL3_AD_BAD_CERTIFICATE:		str="BC"; break;

-	case SSL3_AD_UNSUPPORTED_CERTIFICATE:	str="UC"; break;

-	case SSL3_AD_CERTIFICATE_REVOKED:	str="CR"; break;

-	case SSL3_AD_CERTIFICATE_EXPIRED:	str="CE"; break;

-	case SSL3_AD_CERTIFICATE_UNKNOWN:	str="CU"; break;

-	case SSL3_AD_ILLEGAL_PARAMETER:		str="IP"; break;

-	case TLS1_AD_DECRYPTION_FAILED:		str="DC"; break;

-	case TLS1_AD_RECORD_OVERFLOW:		str="RO"; break;

-	case TLS1_AD_UNKNOWN_CA:		str="CA"; break;

-	case TLS1_AD_ACCESS_DENIED:		str="AD"; break;

-	case TLS1_AD_DECODE_ERROR:		str="DE"; break;

-	case TLS1_AD_DECRYPT_ERROR:		str="CY"; break;

-	case TLS1_AD_EXPORT_RESTRICTION:	str="ER"; break;

-	case TLS1_AD_PROTOCOL_VERSION:		str="PV"; break;

-	case TLS1_AD_INSUFFICIENT_SECURITY:	str="IS"; break;

-	case TLS1_AD_INTERNAL_ERROR:		str="IE"; break;

-	case TLS1_AD_USER_CANCELLED:		str="US"; break;

-	case TLS1_AD_NO_RENEGOTIATION:		str="NR"; break;

-	default:				str="UK"; break;

-		}

-	return(str);

-	}

-const char *SSL_alert_desc_string_long(int value)

-	{

-	const char *str;

-	switch (value & 0xff)

-		{

-	case SSL3_AD_CLOSE_NOTIFY:

-		str="close notify";

-		break;

-	case SSL3_AD_UNEXPECTED_MESSAGE:

-		str="unexpected_message";

-		break;

-	case SSL3_AD_BAD_RECORD_MAC:

-		str="bad record mac";

-		break;

-	case SSL3_AD_DECOMPRESSION_FAILURE:

-		str="decompression failure";

-		break;

-	case SSL3_AD_HANDSHAKE_FAILURE:

-		str="handshake failure";

-		break;

-	case SSL3_AD_NO_CERTIFICATE:

-		str="no certificate";

-		break;

-	case SSL3_AD_BAD_CERTIFICATE:

-		str="bad certificate";

-		break;

-	case SSL3_AD_UNSUPPORTED_CERTIFICATE:

-		str="unsupported certificate";

-		break;

-	case SSL3_AD_CERTIFICATE_REVOKED:

-		str="certificate revoked";

-		break;

-	case SSL3_AD_CERTIFICATE_EXPIRED:

-		str="certificate expired";

-		break;

-	case SSL3_AD_CERTIFICATE_UNKNOWN:

-		str="certificate unknown";

-		break;

-	case SSL3_AD_ILLEGAL_PARAMETER:

-		str="illegal parameter";

-		break;

-	case TLS1_AD_DECRYPTION_FAILED:

-		str="decryption failed";

-		break;

-	case TLS1_AD_RECORD_OVERFLOW:

-		str="record overflow";

-		break;

-	case TLS1_AD_UNKNOWN_CA:

-		str="unknown CA";

-		break;

-	case TLS1_AD_ACCESS_DENIED:

-		str="access denied";

-		break;

-	case TLS1_AD_DECODE_ERROR:

-		str="decode error";

-		break;

-	case TLS1_AD_DECRYPT_ERROR:

-		str="decrypt error";

-		break;

-	case TLS1_AD_EXPORT_RESTRICTION:

-		str="export restriction";

-		break;

-	case TLS1_AD_PROTOCOL_VERSION:

-		str="protocol version";

-		break;

-	case TLS1_AD_INSUFFICIENT_SECURITY:

-		str="insufficient security";

-		break;

-	case TLS1_AD_INTERNAL_ERROR:

-		str="internal error";

-		break;

-	case TLS1_AD_USER_CANCELLED:

-		str="user canceled";

-		break;

-	case TLS1_AD_NO_RENEGOTIATION:

-		str="no renegotiation";

-		break;

-	default: str="unknown"; break;

-		}

-	return(str);

-	}

-const char *SSL_rstate_string(const SSL *s)

-	{

-	const char *str;

-	switch (s->rstate)

-		{

-	case SSL_ST_READ_HEADER:str="RH"; break;

-	case SSL_ST_READ_BODY:	str="RB"; break;

-	case SSL_ST_READ_DONE:	str="RD"; break;

-	default: str="unknown"; break;

-		}

-	return(str);

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssl_task.c

+++ /dev/null

@@ -1,369 +1,0 @@

-/* ssl/ssl_task.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* VMS */

-/*

- * DECnet object for servicing SSL.  We accept the inbound and speak a

- * simple protocol for multiplexing the 2 data streams (application and

- * ssl data) over this logical link.

- *

- * Logical names:

- *    SSL_CIPHER	Defines a list of cipher specifications the server

- *			will support in order of preference.

- *    SSL_SERVER_CERTIFICATE

- *			Points to PEM (privacy enhanced mail) file that

- *			contains the server certificate and private password.

- *    SYS$NET		Logical created by netserver.exe as hook for completing

- *			DECnet logical link.

- *

- * Each NSP message sent over the DECnet link has the following structure:

- *    struct rpc_msg {

- *      char channel;

- *      char function;

- *      short length;

- *      char data[MAX_DATA];

- *    } msg;

- *

- * The channel field designates the virtual data stream this message applies

- * to and is one of:

- *   A - Application data (payload).

- *   R - Remote client connection that initiated the SSL connection.  Encrypted

- *       data is sent over this connection.

- *   G - General data, reserved for future use.

- *

- * The data streams are half-duplex read/write and have following functions:

- *   G - Get, requests that up to msg.length bytes of data be returned.  The

- *       data is returned in the next 'C' function response that matches the

- *       requesting channel.

- *   P - Put, requests that the first msg.length bytes of msg.data be appended

- *       to the designated stream.

- *   C - Confirms a get or put.  Every get and put will get a confirm response,

- *       you cannot initiate another function on a channel until the previous

- *       operation has been confirmed.

- *

- *  The 2 channels may interleave their operations, for example:

- *        Server msg           Client msg

- *         A, Get, 4092          ---->

- *                               <----  R, get, 4092

- *         R, Confirm, {hello}   ---->

- *                               <----  R, put, {srv hello}

- *         R, Confirm, 0         ---->

- *                               .		(SSL handshake completed)

- *                               .              (read first app data).

- *                               <----  A, confirm, {http data}

- *         A, Put, {http data}   ---->

- *                               <----  A, confirm, 0

- *

- *  The length field is not permitted to be larger that 4092 bytes.

- *

- * Author: Dave Jones

- * Date:   22-JUL-1996

- */

-#include <stdlib.h>

-#include <stdio.h>

-#include <iodef.h>		/* VMS IO$_ definitions */

-#include <descrip.h>		/* VMS string descriptors */

-extern int SYS$QIOW(), SYS$ASSIGN();

-int LIB$INIT_TIMER(), LIB$SHOW_TIMER();

-#include <string.h>		/* from ssltest.c */

-#include <errno.h>

-#include "e_os.h"

-#include <openssl/buffer.h>

-#include <openssl/x509.h>

-#include <openssl/ssl.h>

-#include <openssl/err.h>

-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,

-	int error);

-BIO *bio_err=NULL;

-BIO *bio_stdout=NULL;

-BIO_METHOD *BIO_s_rtcp();

-static char *cipher=NULL;

-int verbose=1;

-#ifdef FIONBIO

-static int s_nbio=0;

-#endif

-#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"

-/*************************************************************************/

-struct rpc_msg {		/* Should have member alignment inhibited */

-   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */

-   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */

-   unsigned short int length;	/* Amount of data returned or max to return */

-   char data[4092];		/* variable data */

-};

-#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)

-static $DESCRIPTOR(sysnet, "SYS$NET");

-typedef unsigned short io_channel;

-struct io_status {

-    unsigned short status;

-    unsigned short count;

-    unsigned long stsval;

-};

-int doit(io_channel chan, SSL_CTX *s_ctx );

-/*****************************************************************************/

-/* Decnet I/O routines.

- */

-static int get ( io_channel chan, char *buffer, int maxlen, int *length )

-{

-    int status;

-    struct io_status iosb;

-    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,

-	buffer, maxlen, 0, 0, 0, 0 );

-    if ( (status&1) == 1 ) status = iosb.status;

-    if ( (status&1) == 1 ) *length = iosb.count;

-    return status;

-}

-static int put ( io_channel chan, char *buffer, int length )

-{

-    int status;

-    struct io_status iosb;

-    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,

-	buffer, length, 0, 0, 0, 0 );

-    if ( (status&1) == 1 ) status = iosb.status;

-    return status;

-}

-/***************************************************************************/

-/* Handle operations on the 'G' channel.

- */

-static int general_request ( io_channel chan, struct rpc_msg *msg, int length )

-{

-    return 48;

-}

-/***************************************************************************/

-int main ( int argc, char **argv )

-{

-    int status, length;

-    io_channel chan;

-    struct rpc_msg msg;

-	char *CApath=NULL,*CAfile=NULL;

-	int badop=0;

-	int ret=1;

-	int client_auth=0;

-	int server_auth=0;

-	SSL_CTX *s_ctx=NULL;

-    /*

-     * Confirm logical link with initiating client.

-     */

-    LIB$INIT_TIMER();

-    status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );

-    printf("status of assign to SYS$NET: %d\n", status );

-    /*

-     * Initialize standard out and error files.

-     */

-	if (bio_err == NULL)

-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

-	if (bio_stdout == NULL)

-		if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)

-			BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);

-    /*

-     * get the preferred cipher list and other initialization

-     */

-	if (cipher == NULL) cipher=getenv("SSL_CIPHER");

-	printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );

-	SSL_load_error_strings();

-	OpenSSL_add_all_algorithms();

-/* DRM, this was the original, but there is no such thing as SSLv2()

-	s_ctx=SSL_CTX_new(SSLv2());

-*/

-	s_ctx=SSL_CTX_new(SSLv2_server_method());

-	if (s_ctx == NULL) goto end;

-	SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);

-	SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);

-	printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );

-    /*

-     * Take commands from client until bad status.

-     */

-    LIB$SHOW_TIMER();

-    status = doit ( chan, s_ctx );

-    LIB$SHOW_TIMER();

-    /*

-     * do final cleanup and exit.

-     */

-end:

-	if (s_ctx != NULL) SSL_CTX_free(s_ctx);

-    LIB$SHOW_TIMER();

-    return 1;

-}

-int doit(io_channel chan, SSL_CTX *s_ctx )

-{

-    int status, length, link_state;

-     struct rpc_msg msg;

-	SSL *s_ssl=NULL;

-	BIO *c_to_s=NULL;

-	BIO *s_to_c=NULL;

-	BIO *c_bio=NULL;

-	BIO *s_bio=NULL;

-	int i;

-	int done=0;

-	s_ssl=SSL_new(s_ctx);

-	if (s_ssl == NULL) goto err;

-	c_to_s=BIO_new(BIO_s_rtcp());

-	s_to_c=BIO_new(BIO_s_rtcp());

-	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;

-/* original, DRM 24-SEP-1997

-	BIO_set_fd ( c_to_s, "", chan );

-	BIO_set_fd ( s_to_c, "", chan );

-*/

-	BIO_set_fd ( c_to_s, 0, chan );

-	BIO_set_fd ( s_to_c, 0, chan );

-	c_bio=BIO_new(BIO_f_ssl());

-	s_bio=BIO_new(BIO_f_ssl());

-	if ((c_bio == NULL) || (s_bio == NULL)) goto err;

-	SSL_set_accept_state(s_ssl);

-	SSL_set_bio(s_ssl,c_to_s,s_to_c);

-	BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);

-	/* We can always do writes */

-	printf("Begin doit main loop\n");

-	/*

-	 * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.

-	 */

-	for (link_state = 0; link_state < 3; ) {

-	    /*

-	     * Wait for remote end to request data action on A channel.

-	     */

-	    while ( link_state == 0 ) {

-		status = get ( chan, (char *) &msg, sizeof(msg), &length );

-		if ( (status&1) == 0 ) {

-		    printf("Error in main loop get: %d\n", status );

-		    link_state = 3;

-		    break;

-		}

-	   	if ( length < RPC_HDR_SIZE ) {

-		    printf("Error in main loop get size: %d\n", length );

-		    break;

-		    link_state = 3;

-		}

-	   	if ( msg.channel != 'A' ) {

-		    printf("Error in main loop, unexpected channel: %c\n",

-			msg.channel );

-		    break;

-		    link_state = 3;

-		}

-		if ( msg.function == 'G' ) {

-		    link_state = 1;

-		} else if ( msg.function == 'P' ) {

-		    link_state = 2;	/* write pending */

-		} else if ( msg.function == 'X' ) {

-		    link_state = 3;

-		} else {

-		    link_state = 3;

-		}

-	    }

-	    if ( link_state == 1 ) {

-		i = BIO_read ( s_bio, msg.data, msg.length );

-		if ( i < 0 ) link_state = 3;

-		else {

-		    msg.channel = 'A';

-		    msg.function = 'C';		/* confirm */

-		    msg.length = i;

-		    status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );

-		    if ( (status&1) == 0 ) break;

-		    link_state = 0;

-		}

-	    } else if ( link_state == 2 ) {

-		i = BIO_write ( s_bio, msg.data, msg.length );

-		if ( i < 0 ) link_state = 3;

-		else {

-		    msg.channel = 'A';

-		    msg.function = 'C';		/* confirm */

-		    msg.length = 0;

-		    status = put ( chan, (char *) &msg, RPC_HDR_SIZE );

-		    if ( (status&1) == 0 ) break;

-		    link_state = 0;

-		}

-	    }

-	}

-	fprintf(stdout,"DONE\n");

-err:

-	/* We have to set the BIO's to NULL otherwise they will be

-	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and

-	 * again when c_ssl is SSL_free()ed.

-	 * This is a hack required because s_ssl and c_ssl are sharing the same

-	 * BIO structure and SSL_set_bio() and SSL_free() automatically

-	 * BIO_free non NULL entries.

-	 * You should not normally do this or be required to do this */

-	s_ssl->rbio=NULL;

-	s_ssl->wbio=NULL;

-	if (c_to_s != NULL) BIO_free(c_to_s);

-	if (s_to_c != NULL) BIO_free(s_to_c);

-	if (c_bio != NULL) BIO_free(c_bio);

-	if (s_bio != NULL) BIO_free(s_bio);

-	return(0);

-}

--- a/sys/src/ape/lib/openssl/ssl/ssl_txt.c

+++ /dev/null

@@ -1,203 +1,0 @@

-/* ssl/ssl_txt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/buffer.h>

-#include "ssl_locl.h"

-#ifndef OPENSSL_NO_FP_API

-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)

-	{

-	BIO *b;

-	int ret;

-	if ((b=BIO_new(BIO_s_file_internal())) == NULL)

-		{

-		SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);

-		return(0);

-		}

-	BIO_set_fp(b,fp,BIO_NOCLOSE);

-	ret=SSL_SESSION_print(b,x);

-	BIO_free(b);

-	return(ret);

-	}

-#endif

-int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)

-	{

-	unsigned int i;

-	const char *s;

-	if (x == NULL) goto err;

-	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;

-	if (x->ssl_version == SSL2_VERSION)

-		s="SSLv2";

-	else if (x->ssl_version == SSL3_VERSION)

-		s="SSLv3";

-	else if (x->ssl_version == TLS1_VERSION)

-		s="TLSv1";

-	else

-		s="unknown";

-	if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;

-	if (x->cipher == NULL)

-		{

-		if (((x->cipher_id) & 0xff000000) == 0x02000000)

-			{

-			if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)

-				goto err;

-			}

-		else

-			{

-			if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)

-				goto err;

-			}

-		}

-	else

-		{

-		if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)

-			goto err;

-		}

-	if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;

-	for (i=0; i<x->session_id_length; i++)

-		{

-		if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;

-		}

-	if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;

-	for (i=0; i<x->sid_ctx_length; i++)

-		{

-		if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)

-			goto err;

-		}

-	if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;

-	for (i=0; i<(unsigned int)x->master_key_length; i++)

-		{

-		if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;

-		}

-	if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;

-	if (x->key_arg_length == 0)

-		{

-		if (BIO_puts(bp,"None") <= 0) goto err;

-		}

-	else

-		for (i=0; i<x->key_arg_length; i++)

-			{

-			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;

-			}

-#ifndef OPENSSL_NO_KRB5

-       if (BIO_puts(bp,"\n    Krb5 Principal: ") <= 0) goto err;

-            if (x->krb5_client_princ_len == 0)

-            {

-		if (BIO_puts(bp,"None") <= 0) goto err;

-		}

-	else

-		for (i=0; i<x->krb5_client_princ_len; i++)

-			{

-			if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;

-			}

-#endif /* OPENSSL_NO_KRB5 */

-#ifndef OPENSSL_NO_TLSEXT

-	if (x->tlsext_tick_lifetime_hint)

-		{

-		if (BIO_printf(bp,

-			"\n    TLS session ticket lifetime hint: %ld (seconds)",

-			x->tlsext_tick_lifetime_hint) <=0)

-			goto err;

-		}

-	if (x->tlsext_tick)

-		{

-		if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0) goto err;

-		if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)

-			goto err;

-		}

-#endif

-#ifndef OPENSSL_NO_COMP

-	if (x->compress_meth != 0)

-		{

-		SSL_COMP *comp = NULL;

-		ssl_cipher_get_evp(x,NULL,NULL,&comp);

-		if (comp == NULL)

-			{

-			if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;

-			}

-		else

-			{

-			if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;

-			}

-		}

-#endif

-	if (x->time != 0L)

-		{

-		if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;

-		}

-	if (x->timeout != 0L)

-		{

-		if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;

-		}

-	if (BIO_puts(bp,"\n") <= 0) goto err;

-	if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;

-	if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,

-		X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;

-	return(1);

-err:

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/ssl/ssltest.c

+++ /dev/null

@@ -1,2294 +1,0 @@

-/* ssl/ssltest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- * ECC cipher suite support in OpenSSL originally developed by

- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

- */

-#define _BSD_SOURCE 1		/* Or gethostname won't be declared properly

-				   on Linux and GNU platforms. */

-#include <assert.h>

-#include <errno.h>

-#include <limits.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <time.h>

-#define USE_SOCKETS

-#include "e_os.h"

-#define _XOPEN_SOURCE 500	/* Or isascii won't be declared properly on

-				   VMS (at least with DECompHP C).  */

-#include <ctype.h>

-#include <openssl/bio.h>

-#include <openssl/crypto.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-#include <openssl/x509v3.h>

-#include <openssl/ssl.h>

-#ifndef OPENSSL_NO_ENGINE

-#include <openssl/engine.h>

-#endif

-#include <openssl/err.h>

-#include <openssl/rand.h>

-#ifndef OPENSSL_NO_RSA

-#include <openssl/rsa.h>

-#endif

-#ifndef OPENSSL_NO_DSA

-#include <openssl/dsa.h>

-#endif

-#ifndef OPENSSL_NO_DH

-#include <openssl/dh.h>

-#endif

-#include <openssl/bn.h>

-#define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly

-				     on Compaq platforms (at least with DEC C).

-				     Do not try to put it earlier, or IPv6 includes

-				     get screwed...

-				  */

-#ifdef OPENSSL_SYS_WINDOWS

-#include <winsock.h>

-#else

-#include OPENSSL_UNISTD

-#endif

-#ifdef OPENSSL_SYS_VMS

-#  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"

-#  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"

-#elif defined(OPENSSL_SYS_WINCE)

-#  define TEST_SERVER_CERT "\\OpenSSL\\server.pem"

-#  define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"

-#elif defined(OPENSSL_SYS_NETWARE)

-#  define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"

-#  define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"

-#else

-#  define TEST_SERVER_CERT "../apps/server.pem"

-#  define TEST_CLIENT_CERT "../apps/client.pem"

-#endif

-/* There is really no standard for this, so let's assign some tentative

-   numbers.  In any case, these numbers are only for this test */

-#define COMP_RLE	255

-#define COMP_ZLIB	1

-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);

-#ifndef OPENSSL_NO_RSA

-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);

-static void free_tmp_rsa(void);

-#endif

-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);

-#define APP_CALLBACK_STRING "Test Callback Argument"

-struct app_verify_arg

-	{

-	char *string;

-	int app_verify;

-	int allow_proxy_certs;

-	char *proxy_auth;

-	char *proxy_cond;

-	};

-#ifndef OPENSSL_NO_DH

-static DH *get_dh512(void);

-static DH *get_dh1024(void);

-static DH *get_dh1024dsa(void);

-#endif

-static BIO *bio_err=NULL;

-static BIO *bio_stdout=NULL;

-static char *cipher=NULL;

-static int verbose=0;

-static int debug=0;

-#if 0

-/* Not used yet. */

-#ifdef FIONBIO

-static int s_nbio=0;

-#endif

-#endif

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";

-int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);

-int doit(SSL *s_ssl,SSL *c_ssl,long bytes);

-static int do_test_cipherlist(void);

-static void sv_usage(void)

-	{

-	fprintf(stderr,"usage: ssltest [args ...]\n");

-	fprintf(stderr,"\n");

-	fprintf(stderr," -server_auth  - check server certificate\n");

-	fprintf(stderr," -client_auth  - do client authentication\n");

-	fprintf(stderr," -proxy        - allow proxy certificates\n");

-	fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");

-	fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");

-	fprintf(stderr," -v            - more output\n");

-	fprintf(stderr," -d            - debug output\n");

-	fprintf(stderr," -reuse        - use session-id reuse\n");

-	fprintf(stderr," -num <val>    - number of connections to perform\n");

-	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");

-#ifndef OPENSSL_NO_DH

-	fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");

-	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");

-	fprintf(stderr," -no_dhe       - disable DHE\n");

-#endif

-#ifndef OPENSSL_NO_ECDH

-	fprintf(stderr," -no_ecdhe     - disable ECDHE\n");

-#endif

-#ifndef OPENSSL_NO_SSL2

-	fprintf(stderr," -ssl2         - use SSLv2\n");

-#endif

-#ifndef OPENSSL_NO_SSL3

-	fprintf(stderr," -ssl3         - use SSLv3\n");

-#endif

-#ifndef OPENSSL_NO_TLS1

-	fprintf(stderr," -tls1         - use TLSv1\n");

-#endif

-	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");

-	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");

-	fprintf(stderr," -cert arg     - Server certificate file\n");

-	fprintf(stderr," -key arg      - Server key file (default: same as -cert)\n");

-	fprintf(stderr," -c_cert arg   - Client certificate file\n");

-	fprintf(stderr," -c_key arg    - Client key file (default: same as -c_cert)\n");

-	fprintf(stderr," -cipher arg   - The cipher list\n");

-	fprintf(stderr," -bio_pair     - Use BIO pairs\n");

-	fprintf(stderr," -f            - Test even cases that can't work\n");

-	fprintf(stderr," -time         - measure processor time used by client and server\n");

-	fprintf(stderr," -zlib         - use zlib compression\n");

-	fprintf(stderr," -rle          - use rle compression\n");

-#ifndef OPENSSL_NO_ECDH

-	fprintf(stderr," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \

-	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \

-	               "                 (default is sect163r2).\n");

-#endif

-	fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");

-	}

-static void print_details(SSL *c_ssl, const char *prefix)

-	{

-	SSL_CIPHER *ciph;

-	X509 *cert;

-	ciph=SSL_get_current_cipher(c_ssl);

-	BIO_printf(bio_stdout,"%s%s, cipher %s %s",

-		prefix,

-		SSL_get_version(c_ssl),

-		SSL_CIPHER_get_version(ciph),

-		SSL_CIPHER_get_name(ciph));

-	cert=SSL_get_peer_certificate(c_ssl);

-	if (cert != NULL)

-		{

-		EVP_PKEY *pkey = X509_get_pubkey(cert);

-		if (pkey != NULL)

-			{

-			if (0)

-				;

-#ifndef OPENSSL_NO_RSA

-			else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL

-				&& pkey->pkey.rsa->n != NULL)

-				{

-				BIO_printf(bio_stdout, ", %d bit RSA",

-					BN_num_bits(pkey->pkey.rsa->n));

-				}

-#endif

-#ifndef OPENSSL_NO_DSA

-			else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL

-				&& pkey->pkey.dsa->p != NULL)

-				{

-				BIO_printf(bio_stdout, ", %d bit DSA",

-					BN_num_bits(pkey->pkey.dsa->p));

-				}

-#endif

-			EVP_PKEY_free(pkey);

-			}

-		X509_free(cert);

-		}

-	/* The SSL API does not allow us to look at temporary RSA/DH keys,

-	 * otherwise we should print their lengths too */

-	BIO_printf(bio_stdout,"\n");

-	}

-static void lock_dbg_cb(int mode, int type, const char *file, int line)

-	{

-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */

-	const char *errstr = NULL;

-	int rw;

-	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);

-	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))

-		{

-		errstr = "invalid mode";

-		goto err;

-		}

-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)

-		{

-		errstr = "type out of bounds";

-		goto err;

-		}

-	if (mode & CRYPTO_LOCK)

-		{

-		if (modes[type])

-			{

-			errstr = "already locked";

-			/* must not happen in a single-threaded program

-			 * (would deadlock) */

-			goto err;

-			}

-		modes[type] = rw;

-		}

-	else if (mode & CRYPTO_UNLOCK)

-		{

-		if (!modes[type])

-			{

-			errstr = "not locked";

-			goto err;

-			}

-		if (modes[type] != rw)

-			{

-			errstr = (rw == CRYPTO_READ) ?

-				"CRYPTO_r_unlock on write lock" :

-				"CRYPTO_w_unlock on read lock";

-			}

-		modes[type] = 0;

-		}

-	else

-		{

-		errstr = "invalid mode";

-		goto err;

-		}

- err:

-	if (errstr)

-		{

-		/* we cannot use bio_err here */

-		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",

-			errstr, mode, type, file, line);

-		}

-	}

-int main(int argc, char *argv[])

-	{

-	char *CApath=NULL,*CAfile=NULL;

-	int badop=0;

-	int bio_pair=0;

-	int force=0;

-	int tls1=0,ssl2=0,ssl3=0,ret=1;

-	int client_auth=0;

-	int server_auth=0,i;

-	struct app_verify_arg app_verify_arg =

-		{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };

-	char *server_cert=TEST_SERVER_CERT;

-	char *server_key=NULL;

-	char *client_cert=TEST_CLIENT_CERT;

-	char *client_key=NULL;

-#ifndef OPENSSL_NO_ECDH

-	char *named_curve = NULL;

-#endif

-	SSL_CTX *s_ctx=NULL;

-	SSL_CTX *c_ctx=NULL;

-	SSL_METHOD *meth=NULL;

-	SSL *c_ssl,*s_ssl;

-	int number=1,reuse=0;

-	long bytes=256L;

-#ifndef OPENSSL_NO_DH

-	DH *dh;

-	int dhe1024 = 0, dhe1024dsa = 0;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	EC_KEY *ecdh = NULL;

-#endif

-	int no_dhe = 0;

-	int no_ecdhe = 0;

-	int print_time = 0;

-	clock_t s_time = 0, c_time = 0;

-	int comp = 0;

-#ifndef OPENSSL_NO_COMP

-	COMP_METHOD *cm = NULL;

-#endif

-	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;

-	int test_cipherlist = 0;

-	verbose = 0;

-	debug = 0;

-	cipher = 0;

-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	CRYPTO_set_locking_callback(lock_dbg_cb);

-	/* enable memory leak checking unless explicitly disabled */

-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))

-		{

-		CRYPTO_malloc_debug_init();

-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);

-		}

-	else

-		{

-		/* OPENSSL_DEBUG_MEMORY=off */

-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);

-		}

-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-	RAND_seed(rnd_seed, sizeof rnd_seed);

-	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);

-	argc--;

-	argv++;

-	while (argc >= 1)

-		{

-		if	(strcmp(*argv,"-server_auth") == 0)

-			server_auth=1;

-		else if	(strcmp(*argv,"-client_auth") == 0)

-			client_auth=1;

-		else if (strcmp(*argv,"-proxy_auth") == 0)

-			{

-			if (--argc < 1) goto bad;

-			app_verify_arg.proxy_auth= *(++argv);

-			}

-		else if (strcmp(*argv,"-proxy_cond") == 0)

-			{

-			if (--argc < 1) goto bad;

-			app_verify_arg.proxy_cond= *(++argv);

-			}

-		else if	(strcmp(*argv,"-v") == 0)

-			verbose=1;

-		else if	(strcmp(*argv,"-d") == 0)

-			debug=1;

-		else if	(strcmp(*argv,"-reuse") == 0)

-			reuse=1;

-		else if	(strcmp(*argv,"-dhe1024") == 0)

-			{

-#ifndef OPENSSL_NO_DH

-			dhe1024=1;

-#else

-			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");

-#endif

-			}

-		else if	(strcmp(*argv,"-dhe1024dsa") == 0)

-			{

-#ifndef OPENSSL_NO_DH

-			dhe1024dsa=1;

-#else

-			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");

-#endif

-			}

-		else if	(strcmp(*argv,"-no_dhe") == 0)

-			no_dhe=1;

-		else if	(strcmp(*argv,"-no_ecdhe") == 0)

-			no_ecdhe=1;

-		else if	(strcmp(*argv,"-ssl2") == 0)

-			ssl2=1;

-		else if	(strcmp(*argv,"-tls1") == 0)

-			tls1=1;

-		else if	(strcmp(*argv,"-ssl3") == 0)

-			ssl3=1;

-		else if	(strncmp(*argv,"-num",4) == 0)

-			{

-			if (--argc < 1) goto bad;

-			number= atoi(*(++argv));

-			if (number == 0) number=1;

-			}

-		else if	(strcmp(*argv,"-bytes") == 0)

-			{

-			if (--argc < 1) goto bad;

-			bytes= atol(*(++argv));

-			if (bytes == 0L) bytes=1L;

-			i=strlen(argv[0]);

-			if (argv[0][i-1] == 'k') bytes*=1024L;

-			if (argv[0][i-1] == 'm') bytes*=1024L*1024L;

-			}

-		else if	(strcmp(*argv,"-cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			server_cert= *(++argv);

-			}

-		else if	(strcmp(*argv,"-s_cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			server_cert= *(++argv);

-			}

-		else if	(strcmp(*argv,"-key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			server_key= *(++argv);

-			}

-		else if	(strcmp(*argv,"-s_key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			server_key= *(++argv);

-			}

-		else if	(strcmp(*argv,"-c_cert") == 0)

-			{

-			if (--argc < 1) goto bad;

-			client_cert= *(++argv);

-			}

-		else if	(strcmp(*argv,"-c_key") == 0)

-			{

-			if (--argc < 1) goto bad;

-			client_key= *(++argv);

-			}

-		else if	(strcmp(*argv,"-cipher") == 0)

-			{

-			if (--argc < 1) goto bad;

-			cipher= *(++argv);

-			}

-		else if	(strcmp(*argv,"-CApath") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CApath= *(++argv);

-			}

-		else if	(strcmp(*argv,"-CAfile") == 0)

-			{

-			if (--argc < 1) goto bad;

-			CAfile= *(++argv);

-			}

-		else if	(strcmp(*argv,"-bio_pair") == 0)

-			{

-			bio_pair = 1;

-			}

-		else if	(strcmp(*argv,"-f") == 0)

-			{

-			force = 1;

-			}

-		else if	(strcmp(*argv,"-time") == 0)

-			{

-			print_time = 1;

-			}

-		else if	(strcmp(*argv,"-zlib") == 0)

-			{

-			comp = COMP_ZLIB;

-			}

-		else if	(strcmp(*argv,"-rle") == 0)

-			{

-			comp = COMP_RLE;

-			}

-		else if	(strcmp(*argv,"-named_curve") == 0)

-			{

-			if (--argc < 1) goto bad;

-#ifndef OPENSSL_NO_ECDH

-			named_curve = *(++argv);

-#else

-			fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");

-			++argv;

-#endif

-			}

-		else if	(strcmp(*argv,"-app_verify") == 0)

-			{

-			app_verify_arg.app_verify = 1;

-			}

-		else if	(strcmp(*argv,"-proxy") == 0)

-			{

-			app_verify_arg.allow_proxy_certs = 1;

-			}

-		else if (strcmp(*argv,"-test_cipherlist") == 0)

-			{

-			test_cipherlist = 1;

-			}

-		else

-			{

-			fprintf(stderr,"unknown option %s\n",*argv);

-			badop=1;

-			break;

-			}

-		argc--;

-		argv++;

-		}

-	if (badop)

-		{

-bad:

-		sv_usage();

-		goto end;

-		}

-	if (test_cipherlist == 1)

-		{

-		/* ensure that the cipher list are correctly sorted and exit */

-		if (do_test_cipherlist() == 0)

-			EXIT(1);

-		ret = 0;

-		goto end;

-		}

-	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)

-		{

-		fprintf(stderr, "This case cannot work.  Use -f to perform "

-			"the test anyway (and\n-d to see what happens), "

-			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"

-			"to avoid protocol mismatch.\n");

-		EXIT(1);

-		}

-	if (print_time)

-		{

-		if (!bio_pair)

-			{

-			fprintf(stderr, "Using BIO pair (-bio_pair)\n");

-			bio_pair = 1;

-			}

-		if (number < 50 && !force)

-			fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");

-		}

-/*	if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */

-	SSL_library_init();

-	SSL_load_error_strings();

-#ifndef OPENSSL_NO_COMP

-	if (comp == COMP_ZLIB) cm = COMP_zlib();

-	if (comp == COMP_RLE) cm = COMP_rle();

-	if (cm != NULL)

-		{

-		if (cm->type != NID_undef)

-			{

-			if (SSL_COMP_add_compression_method(comp, cm) != 0)

-				{

-				fprintf(stderr,

-					"Failed to add compression method\n");

-				ERR_print_errors_fp(stderr);

-				}

-			}

-		else

-			{

-			fprintf(stderr,

-				"Warning: %s compression not supported\n",

-				(comp == COMP_RLE ? "rle" :

-					(comp == COMP_ZLIB ? "zlib" :

-						"unknown")));

-			ERR_print_errors_fp(stderr);

-			}

-		}

-	ssl_comp_methods = SSL_COMP_get_compression_methods();

-	fprintf(stderr, "Available compression methods:\n");

-	{

-	int j, n = sk_SSL_COMP_num(ssl_comp_methods);

-	if (n == 0)

-		fprintf(stderr, "  NONE\n");

-	else

-		for (j = 0; j < n; j++)

-			{

-			SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);

-			fprintf(stderr, "  %d: %s\n", c->id, c->name);

-			}

-	}

-#endif

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

-	if (ssl2)

-		meth=SSLv2_method();

-	else

-	if (tls1)

-		meth=TLSv1_method();

-	else

-	if (ssl3)

-		meth=SSLv3_method();

-	else

-		meth=SSLv23_method();

-#else

-#ifdef OPENSSL_NO_SSL2

-	meth=SSLv3_method();

-#else

-	meth=SSLv2_method();

-#endif

-#endif

-	c_ctx=SSL_CTX_new(meth);

-	s_ctx=SSL_CTX_new(meth);

-	if ((c_ctx == NULL) || (s_ctx == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (cipher != NULL)

-		{

-		SSL_CTX_set_cipher_list(c_ctx,cipher);

-		SSL_CTX_set_cipher_list(s_ctx,cipher);

-		}

-#ifndef OPENSSL_NO_DH

-	if (!no_dhe)

-		{

-		if (dhe1024dsa)

-			{

-			/* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */

-			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);

-			dh=get_dh1024dsa();

-			}

-		else if (dhe1024)

-			dh=get_dh1024();

-		else

-			dh=get_dh512();

-		SSL_CTX_set_tmp_dh(s_ctx,dh);

-		DH_free(dh);

-		}

-#else

-	(void)no_dhe;

-#endif

-#ifndef OPENSSL_NO_ECDH

-	if (!no_ecdhe)

-		{

-		int nid;

-		if (named_curve != NULL)

-			{

-			nid = OBJ_sn2nid(named_curve);

-			if (nid == 0)

-			{

-				BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);

-				goto end;

-				}

-			}

-		else

-			nid = NID_sect163r2;

-		ecdh = EC_KEY_new_by_curve_name(nid);

-		if (ecdh == NULL)

-			{

-			BIO_printf(bio_err, "unable to create curve\n");

-			goto end;

-			}

-		SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);

-		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);

-		EC_KEY_free(ecdh);

-		}

-#else

-	(void)no_ecdhe;

-#endif

-#ifndef OPENSSL_NO_RSA

-	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);

-#endif

-	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))

-		{

-		ERR_print_errors(bio_err);

-		}

-	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,

-		(server_key?server_key:server_cert), SSL_FILETYPE_PEM))

-		{

-		ERR_print_errors(bio_err);

-		goto end;

-		}

-	if (client_auth)

-		{

-		SSL_CTX_use_certificate_file(c_ctx,client_cert,

-			SSL_FILETYPE_PEM);

-		SSL_CTX_use_PrivateKey_file(c_ctx,

-			(client_key?client_key:client_cert),

-			SSL_FILETYPE_PEM);

-		}

-	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||

-		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||

-		(!SSL_CTX_set_default_verify_paths(c_ctx)))

-		{

-		/* fprintf(stderr,"SSL_load_verify_locations\n"); */

-		ERR_print_errors(bio_err);

-		/* goto end; */

-		}

-	if (client_auth)

-		{

-		BIO_printf(bio_err,"client authentication\n");

-		SSL_CTX_set_verify(s_ctx,

-			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,

-			verify_callback);

-		SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);

-		}

-	if (server_auth)

-		{

-		BIO_printf(bio_err,"server authentication\n");

-		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,

-			verify_callback);

-		SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);

-		}

-	{

-		int session_id_context = 0;

-		SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);

-	}

-	c_ssl=SSL_new(c_ctx);

-	s_ssl=SSL_new(s_ctx);

-#ifndef OPENSSL_NO_KRB5

-	if (c_ssl  &&  c_ssl->kssl_ctx)

-                {

-                char	localhost[MAXHOSTNAMELEN+2];

-		if (gethostname(localhost, sizeof localhost-1) == 0)

-                        {

-			localhost[sizeof localhost-1]='\0';

-			if(strlen(localhost) == sizeof localhost-1)

-				{

-				BIO_printf(bio_err,"localhost name too long\n");

-				goto end;

-				}

-			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,

-                                localhost);

-			}

-		}

-#endif    /* OPENSSL_NO_KRB5  */

-	for (i=0; i<number; i++)

-		{

-		if (!reuse) SSL_set_session(c_ssl,NULL);

-		if (bio_pair)

-			ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);

-		else

-			ret=doit(s_ssl,c_ssl,bytes);

-		}

-	if (!verbose)

-		{

-		print_details(c_ssl, "");

-		}

-	if ((number > 1) || (bytes > 1L))

-		BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);

-	if (print_time)

-		{

-#ifdef CLOCKS_PER_SEC

-		/* "To determine the time in seconds, the value returned

-		 * by the clock function should be divided by the value

-		 * of the macro CLOCKS_PER_SEC."

-		 *                                       -- ISO/IEC 9899 */

-		BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"

-			"Approximate total client time: %6.2f s\n",

-			(double)s_time/CLOCKS_PER_SEC,

-			(double)c_time/CLOCKS_PER_SEC);

-#else

-		/* "`CLOCKS_PER_SEC' undeclared (first use this function)"

-		 *                            -- cc on NeXTstep/OpenStep */

-		BIO_printf(bio_stdout,

-			"Approximate total server time: %6.2f units\n"

-			"Approximate total client time: %6.2f units\n",

-			(double)s_time,

-			(double)c_time);

-#endif

-		}

-	SSL_free(s_ssl);

-	SSL_free(c_ssl);

-end:

-	if (s_ctx != NULL) SSL_CTX_free(s_ctx);

-	if (c_ctx != NULL) SSL_CTX_free(c_ctx);

-	if (bio_stdout != NULL) BIO_free(bio_stdout);

-#ifndef OPENSSL_NO_RSA

-	free_tmp_rsa();

-#endif

-#ifndef OPENSSL_NO_ENGINE

-	ENGINE_cleanup();

-#endif

-	CRYPTO_cleanup_all_ex_data();

-	ERR_free_strings();

-	ERR_remove_state(0);

-	EVP_cleanup();

-	CRYPTO_mem_leaks(bio_err);

-	if (bio_err != NULL) BIO_free(bio_err);

-	EXIT(ret);

-	return ret;

-	}

-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,

-	clock_t *s_time, clock_t *c_time)

-	{

-	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;

-	BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;

-	BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;

-	int ret = 1;

-	size_t bufsiz = 256; /* small buffer for testing */

-	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))

-		goto err;

-	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))

-		goto err;

-	s_ssl_bio = BIO_new(BIO_f_ssl());

-	if (!s_ssl_bio)

-		goto err;

-	c_ssl_bio = BIO_new(BIO_f_ssl());

-	if (!c_ssl_bio)

-		goto err;

-	SSL_set_connect_state(c_ssl);

-	SSL_set_bio(c_ssl, client, client);

-	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);

-	SSL_set_accept_state(s_ssl);

-	SSL_set_bio(s_ssl, server, server);

-	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);

-	do

-		{

-		/* c_ssl_bio:          SSL filter BIO

-		 *

-		 * client:             pseudo-I/O for SSL library

-		 *

-		 * client_io:          client's SSL communication; usually to be

-		 *                     relayed over some I/O facility, but in this

-		 *                     test program, we're the server, too:

-		 *

-		 * server_io:          server's SSL communication

-		 *

-		 * server:             pseudo-I/O for SSL library

-		 *

-		 * s_ssl_bio:          SSL filter BIO

-		 *

-		 * The client and the server each employ a "BIO pair":

-		 * client + client_io, server + server_io.

-		 * BIO pairs are symmetric.  A BIO pair behaves similar

-		 * to a non-blocking socketpair (but both endpoints must

-		 * be handled by the same thread).

-		 * [Here we could connect client and server to the ends

-		 * of a single BIO pair, but then this code would be less

-		 * suitable as an example for BIO pairs in general.]

-		 *

-		 * Useful functions for querying the state of BIO pair endpoints:

-		 *

-		 * BIO_ctrl_pending(bio)              number of bytes we can read now

-		 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil

-		 *                                      other side's read attempt

-		 * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now

-		 *

-		 * ..._read_request is never more than ..._write_guarantee;

-		 * it depends on the application which one you should use.

-		 */

-		/* We have non-blocking behaviour throughout this test program, but

-		 * can be sure that there is *some* progress in each iteration; so

-		 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE

-		 * -- we just try everything in each iteration

-		 */

-			{

-			/* CLIENT */

-			MS_STATIC char cbuf[1024*8];

-			int i, r;

-			clock_t c_clock = clock();

-			memset(cbuf, 0, sizeof(cbuf));

-			if (debug)

-				if (SSL_in_init(c_ssl))

-					printf("client waiting in SSL_connect - %s\n",

-						SSL_state_string_long(c_ssl));

-			if (cw_num > 0)

-				{

-				/* Write to server. */

-				if (cw_num > (long)sizeof cbuf)

-					i = sizeof cbuf;

-				else

-					i = (int)cw_num;

-				r = BIO_write(c_ssl_bio, cbuf, i);

-				if (r < 0)

-					{

-					if (!BIO_should_retry(c_ssl_bio))

-						{

-						fprintf(stderr,"ERROR in CLIENT\n");

-						goto err;

-						}

-					/* BIO_should_retry(...) can just be ignored here.

-					 * The library expects us to call BIO_write with

-					 * the same arguments again, and that's what we will

-					 * do in the next iteration. */

-					}

-				else if (r == 0)

-					{

-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("client wrote %d\n", r);

-					cw_num -= r;

-					}

-				}

-			if (cr_num > 0)

-				{

-				/* Read from server. */

-				r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));

-				if (r < 0)

-					{

-					if (!BIO_should_retry(c_ssl_bio))

-						{

-						fprintf(stderr,"ERROR in CLIENT\n");

-						goto err;

-						}

-					/* Again, "BIO_should_retry" can be ignored. */

-					}

-				else if (r == 0)

-					{

-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("client read %d\n", r);

-					cr_num -= r;

-					}

-				}

-			/* c_time and s_time increments will typically be very small

-			 * (depending on machine speed and clock tick intervals),

-			 * but sampling over a large number of connections should

-			 * result in fairly accurate figures.  We cannot guarantee

-			 * a lot, however -- if each connection lasts for exactly

-			 * one clock tick, it will be counted only for the client

-			 * or only for the server or even not at all.

-			 */

-			*c_time += (clock() - c_clock);

-			}

-			{

-			/* SERVER */

-			MS_STATIC char sbuf[1024*8];

-			int i, r;

-			clock_t s_clock = clock();

-			memset(sbuf, 0, sizeof(sbuf));

-			if (debug)

-				if (SSL_in_init(s_ssl))

-					printf("server waiting in SSL_accept - %s\n",

-						SSL_state_string_long(s_ssl));

-			if (sw_num > 0)

-				{

-				/* Write to client. */

-				if (sw_num > (long)sizeof sbuf)

-					i = sizeof sbuf;

-				else

-					i = (int)sw_num;

-				r = BIO_write(s_ssl_bio, sbuf, i);

-				if (r < 0)

-					{

-					if (!BIO_should_retry(s_ssl_bio))

-						{

-						fprintf(stderr,"ERROR in SERVER\n");

-						goto err;

-						}

-					/* Ignore "BIO_should_retry". */

-					}

-				else if (r == 0)

-					{

-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("server wrote %d\n", r);

-					sw_num -= r;

-					}

-				}

-			if (sr_num > 0)

-				{

-				/* Read from client. */

-				r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));

-				if (r < 0)

-					{

-					if (!BIO_should_retry(s_ssl_bio))

-						{

-						fprintf(stderr,"ERROR in SERVER\n");

-						goto err;

-						}

-					/* blah, blah */

-					}

-				else if (r == 0)

-					{

-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("server read %d\n", r);

-					sr_num -= r;

-					}

-				}

-			*s_time += (clock() - s_clock);

-			}

-			{

-			/* "I/O" BETWEEN CLIENT AND SERVER. */

-			size_t r1, r2;

-			BIO *io1 = server_io, *io2 = client_io;

-			/* we use the non-copying interface for io1

-			 * and the standard BIO_write/BIO_read interface for io2

-			 */

-			static int prev_progress = 1;

-			int progress = 0;

-			/* io1 to io2 */

-			do

-				{

-				size_t num;

-				int r;

-				r1 = BIO_ctrl_pending(io1);

-				r2 = BIO_ctrl_get_write_guarantee(io2);

-				num = r1;

-				if (r2 < num)

-					num = r2;

-				if (num)

-					{

-					char *dataptr;

-					if (INT_MAX < num) /* yeah, right */

-						num = INT_MAX;

-					r = BIO_nread(io1, &dataptr, (int)num);

-					assert(r > 0);

-					assert(r <= (int)num);

-					/* possibly r < num (non-contiguous data) */

-					num = r;

-					r = BIO_write(io2, dataptr, (int)num);

-					if (r != (int)num) /* can't happen */

-						{

-						fprintf(stderr, "ERROR: BIO_write could not write "

-							"BIO_ctrl_get_write_guarantee() bytes");

-						goto err;

-						}

-					progress = 1;

-					if (debug)

-						printf((io1 == client_io) ?

-							"C->S relaying: %d bytes\n" :

-							"S->C relaying: %d bytes\n",

-							(int)num);

-					}

-				}

-			while (r1 && r2);

-			/* io2 to io1 */

-			{

-				size_t num;

-				int r;

-				r1 = BIO_ctrl_pending(io2);

-				r2 = BIO_ctrl_get_read_request(io1);

-				/* here we could use ..._get_write_guarantee instead of

-				 * ..._get_read_request, but by using the latter

-				 * we test restartability of the SSL implementation

-				 * more thoroughly */

-				num = r1;

-				if (r2 < num)

-					num = r2;

-				if (num)

-					{

-					char *dataptr;

-					if (INT_MAX < num)

-						num = INT_MAX;

-					if (num > 1)

-						--num; /* test restartability even more thoroughly */

-					r = BIO_nwrite0(io1, &dataptr);

-					assert(r > 0);

-					if (r < (int)num)

-						num = r;

-					r = BIO_read(io2, dataptr, (int)num);

-					if (r != (int)num) /* can't happen */

-						{

-						fprintf(stderr, "ERROR: BIO_read could not read "

-							"BIO_ctrl_pending() bytes");

-						goto err;

-						}

-					progress = 1;

-					r = BIO_nwrite(io1, &dataptr, (int)num);

-					if (r != (int)num) /* can't happen */

-						{

-						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "

-							"BIO_nwrite0() bytes");

-						goto err;

-						}

-					if (debug)

-						printf((io2 == client_io) ?

-							"C->S relaying: %d bytes\n" :

-							"S->C relaying: %d bytes\n",

-							(int)num);

-					}

-			} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */

-			if (!progress && !prev_progress)

-				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)

-					{

-					fprintf(stderr, "ERROR: got stuck\n");

-					if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)

-						{

-						fprintf(stderr, "This can happen for SSL2 because "

-							"CLIENT-FINISHED and SERVER-VERIFY are written \n"

-							"concurrently ...");

-						if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0

-							&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)

-							{

-							fprintf(stderr, " ok.\n");

-							goto end;

-							}

-						}

-					fprintf(stderr, " ERROR.\n");

-					goto err;

-					}

-			prev_progress = progress;

-			}

-		}

-	while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);

-	if (verbose)

-		print_details(c_ssl, "DONE via BIO pair: ");

-end:

-	ret = 0;

- err:

-	ERR_print_errors(bio_err);

-	if (server)

-		BIO_free(server);

-	if (server_io)

-		BIO_free(server_io);

-	if (client)

-		BIO_free(client);

-	if (client_io)

-		BIO_free(client_io);

-	if (s_ssl_bio)

-		BIO_free(s_ssl_bio);

-	if (c_ssl_bio)

-		BIO_free(c_ssl_bio);

-	return ret;

-	}

-#define W_READ	1

-#define W_WRITE	2

-#define C_DONE	1

-#define S_DONE	2

-int doit(SSL *s_ssl, SSL *c_ssl, long count)

-	{

-	MS_STATIC char cbuf[1024*8],sbuf[1024*8];

-	long cw_num=count,cr_num=count;

-	long sw_num=count,sr_num=count;

-	int ret=1;

-	BIO *c_to_s=NULL;

-	BIO *s_to_c=NULL;

-	BIO *c_bio=NULL;

-	BIO *s_bio=NULL;

-	int c_r,c_w,s_r,s_w;

-	int c_want,s_want;

-	int i,j;

-	int done=0;

-	int c_write,s_write;

-	int do_server=0,do_client=0;

-	memset(cbuf,0,sizeof(cbuf));

-	memset(sbuf,0,sizeof(sbuf));

-	c_to_s=BIO_new(BIO_s_mem());

-	s_to_c=BIO_new(BIO_s_mem());

-	if ((s_to_c == NULL) || (c_to_s == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	c_bio=BIO_new(BIO_f_ssl());

-	s_bio=BIO_new(BIO_f_ssl());

-	if ((c_bio == NULL) || (s_bio == NULL))

-		{

-		ERR_print_errors(bio_err);

-		goto err;

-		}

-	SSL_set_connect_state(c_ssl);

-	SSL_set_bio(c_ssl,s_to_c,c_to_s);

-	BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);

-	SSL_set_accept_state(s_ssl);

-	SSL_set_bio(s_ssl,c_to_s,s_to_c);

-	BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);

-	c_r=0; s_r=1;

-	c_w=1; s_w=0;

-	c_want=W_WRITE;

-	s_want=0;

-	c_write=1,s_write=0;

-	/* We can always do writes */

-	for (;;)

-		{

-		do_server=0;

-		do_client=0;

-		i=(int)BIO_pending(s_bio);

-		if ((i && s_r) || s_w) do_server=1;

-		i=(int)BIO_pending(c_bio);

-		if ((i && c_r) || c_w) do_client=1;

-		if (do_server && debug)

-			{

-			if (SSL_in_init(s_ssl))

-				printf("server waiting in SSL_accept - %s\n",

-					SSL_state_string_long(s_ssl));

-/*			else if (s_write)

-				printf("server:SSL_write()\n");

-			else

-				printf("server:SSL_read()\n"); */

-			}

-		if (do_client && debug)

-			{

-			if (SSL_in_init(c_ssl))

-				printf("client waiting in SSL_connect - %s\n",

-					SSL_state_string_long(c_ssl));

-/*			else if (c_write)

-				printf("client:SSL_write()\n");

-			else

-				printf("client:SSL_read()\n"); */

-			}

-		if (!do_client && !do_server)

-			{

-			fprintf(stdout,"ERROR IN STARTUP\n");

-			ERR_print_errors(bio_err);

-			break;

-			}

-		if (do_client && !(done & C_DONE))

-			{

-			if (c_write)

-				{

-				j = (cw_num > (long)sizeof(cbuf)) ?

-					(int)sizeof(cbuf) : (int)cw_num;

-				i=BIO_write(c_bio,cbuf,j);

-				if (i < 0)

-					{

-					c_r=0;

-					c_w=0;

-					if (BIO_should_retry(c_bio))

-						{

-						if (BIO_should_read(c_bio))

-							c_r=1;

-						if (BIO_should_write(c_bio))

-							c_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in CLIENT\n");

-						ERR_print_errors(bio_err);

-						goto err;

-						}

-					}

-				else if (i == 0)

-					{

-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("client wrote %d\n",i);

-					/* ok */

-					s_r=1;

-					c_write=0;

-					cw_num-=i;

-					}

-				}

-			else

-				{

-				i=BIO_read(c_bio,cbuf,sizeof(cbuf));

-				if (i < 0)

-					{

-					c_r=0;

-					c_w=0;

-					if (BIO_should_retry(c_bio))

-						{

-						if (BIO_should_read(c_bio))

-							c_r=1;

-						if (BIO_should_write(c_bio))

-							c_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in CLIENT\n");

-						ERR_print_errors(bio_err);

-						goto err;

-						}

-					}

-				else if (i == 0)

-					{

-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("client read %d\n",i);

-					cr_num-=i;

-					if (sw_num > 0)

-						{

-						s_write=1;

-						s_w=1;

-						}

-					if (cr_num <= 0)

-						{

-						s_write=1;

-						s_w=1;

-						done=S_DONE|C_DONE;

-						}

-					}

-				}

-			}

-		if (do_server && !(done & S_DONE))

-			{

-			if (!s_write)

-				{

-				i=BIO_read(s_bio,sbuf,sizeof(cbuf));

-				if (i < 0)

-					{

-					s_r=0;

-					s_w=0;

-					if (BIO_should_retry(s_bio))

-						{

-						if (BIO_should_read(s_bio))

-							s_r=1;

-						if (BIO_should_write(s_bio))

-							s_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in SERVER\n");

-						ERR_print_errors(bio_err);

-						goto err;

-						}

-					}

-				else if (i == 0)

-					{

-					ERR_print_errors(bio_err);

-					fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("server read %d\n",i);

-					sr_num-=i;

-					if (cw_num > 0)

-						{

-						c_write=1;

-						c_w=1;

-						}

-					if (sr_num <= 0)

-						{

-						s_write=1;

-						s_w=1;

-						c_write=0;

-						}

-					}

-				}

-			else

-				{

-				j = (sw_num > (long)sizeof(sbuf)) ?

-					(int)sizeof(sbuf) : (int)sw_num;

-				i=BIO_write(s_bio,sbuf,j);

-				if (i < 0)

-					{

-					s_r=0;

-					s_w=0;

-					if (BIO_should_retry(s_bio))

-						{

-						if (BIO_should_read(s_bio))

-							s_r=1;

-						if (BIO_should_write(s_bio))

-							s_w=1;

-						}

-					else

-						{

-						fprintf(stderr,"ERROR in SERVER\n");

-						ERR_print_errors(bio_err);

-						goto err;

-						}

-					}

-				else if (i == 0)

-					{

-					ERR_print_errors(bio_err);

-					fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");

-					goto err;

-					}

-				else

-					{

-					if (debug)

-						printf("server wrote %d\n",i);

-					sw_num-=i;

-					s_write=0;

-					c_r=1;

-					if (sw_num <= 0)

-						done|=S_DONE;

-					}

-				}

-			}

-		if ((done & S_DONE) && (done & C_DONE)) break;

-		}

-	if (verbose)

-		print_details(c_ssl, "DONE: ");

-	ret=0;

-err:

-	/* We have to set the BIO's to NULL otherwise they will be

-	 * OPENSSL_free()ed twice.  Once when th s_ssl is SSL_free()ed and

-	 * again when c_ssl is SSL_free()ed.

-	 * This is a hack required because s_ssl and c_ssl are sharing the same

-	 * BIO structure and SSL_set_bio() and SSL_free() automatically

-	 * BIO_free non NULL entries.

-	 * You should not normally do this or be required to do this */

-	if (s_ssl != NULL)

-		{

-		s_ssl->rbio=NULL;

-		s_ssl->wbio=NULL;

-		}

-	if (c_ssl != NULL)

-		{

-		c_ssl->rbio=NULL;

-		c_ssl->wbio=NULL;

-		}

-	if (c_to_s != NULL) BIO_free(c_to_s);

-	if (s_to_c != NULL) BIO_free(s_to_c);

-	if (c_bio != NULL) BIO_free_all(c_bio);

-	if (s_bio != NULL) BIO_free_all(s_bio);

-	return(ret);

-	}

-static int get_proxy_auth_ex_data_idx(void)

-	{

-	static volatile int idx = -1;

-	if (idx < 0)

-		{

-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

-		if (idx < 0)

-			{

-			idx = X509_STORE_CTX_get_ex_new_index(0,

-				"SSLtest for verify callback", NULL,NULL,NULL);

-			}

-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

-		}

-	return idx;

-	}

-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)

-	{

-	char *s,buf[256];

-	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,

-			    sizeof buf);

-	if (s != NULL)

-		{

-		if (ok)

-			fprintf(stderr,"depth=%d %s\n",

-				ctx->error_depth,buf);

-		else

-			{

-			fprintf(stderr,"depth=%d error=%d %s\n",

-				ctx->error_depth,ctx->error,buf);

-			}

-		}

-	if (ok == 0)

-		{

-		fprintf(stderr,"Error string: %s\n",

-			X509_verify_cert_error_string(ctx->error));

-		switch (ctx->error)

-			{

-		case X509_V_ERR_CERT_NOT_YET_VALID:

-		case X509_V_ERR_CERT_HAS_EXPIRED:

-		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:

-			fprintf(stderr,"  ... ignored.\n");

-			ok=1;

-			}

-		}

-	if (ok == 1)

-		{

-		X509 *xs = ctx->current_cert;

-#if 0

-		X509 *xi = ctx->current_issuer;

-#endif

-		if (xs->ex_flags & EXFLAG_PROXY)

-			{

-			unsigned int *letters =

-				X509_STORE_CTX_get_ex_data(ctx,

-					get_proxy_auth_ex_data_idx());

-			if (letters)

-				{

-				int found_any = 0;

-				int i;

-				PROXY_CERT_INFO_EXTENSION *pci =

-					X509_get_ext_d2i(xs, NID_proxyCertInfo,

-						NULL, NULL);

-				switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))

-					{

-				case NID_Independent:

-					/* Completely meaningless in this

-					   program, as there's no way to

-					   grant explicit rights to a

-					   specific PrC.  Basically, using

-					   id-ppl-Independent is the perfect

-					   way to grant no rights at all. */

-					fprintf(stderr, "  Independent proxy certificate");

-					for (i = 0; i < 26; i++)

-						letters[i] = 0;

-					break;

-				case NID_id_ppl_inheritAll:

-					/* This is basically a NOP, we

-					   simply let the current rights

-					   stand as they are. */

-					fprintf(stderr, "  Proxy certificate inherits all");

-					break;

-				default:

-					s = (char *)

-						pci->proxyPolicy->policy->data;

-					i = pci->proxyPolicy->policy->length;

-					/* The algorithm works as follows:

-					   it is assumed that previous

-					   iterations or the initial granted

-					   rights has already set some elements

-					   of `letters'.  What we need to do is

-					   to clear those that weren't granted

-					   by the current PrC as well.  The

-					   easiest way to do this is to add 1

-					   to all the elements whose letters

-					   are given with the current policy.

-					   That way, all elements that are set

-					   by the current policy and were

-					   already set by earlier policies and

-					   through the original grant of rights

-					   will get the value 2 or higher.

-					   The last thing to do is to sweep

-					   through `letters' and keep the

-					   elements having the value 2 as set,

-					   and clear all the others. */

-					fprintf(stderr, "  Certificate proxy rights = %*.*s", i, i, s);

-					while(i-- > 0)

-						{

-						int c = *s++;

-						if (isascii(c) && isalpha(c))

-							{

-							if (islower(c))

-								c = toupper(c);

-							letters[c - 'A']++;

-							}

-						}

-					for (i = 0; i < 26; i++)

-						if (letters[i] < 2)

-							letters[i] = 0;

-						else

-							letters[i] = 1;

-					}

-				found_any = 0;

-				fprintf(stderr,

-					", resulting proxy rights = ");

-				for(i = 0; i < 26; i++)

-					if (letters[i])

-						{

-						fprintf(stderr, "%c", i + 'A');

-						found_any = 1;

-						}

-				if (!found_any)

-					fprintf(stderr, "none");

-				fprintf(stderr, "\n");

-				PROXY_CERT_INFO_EXTENSION_free(pci);

-				}

-			}

-		}

-	return(ok);

-	}

-static void process_proxy_debug(int indent, const char *format, ...)

-	{

-	static const char indentation[] =

-		">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"

-		">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */

-	char my_format[256];

-	va_list args;

-	BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",

-		indent, indent, indentation, format);

-	va_start(args, format);

-	vfprintf(stderr, my_format, args);

-	va_end(args);

-	}

-/* Priority levels:

-   0	[!]var, ()

-   1	& ^

-   2	|

-*/

-static int process_proxy_cond_adders(unsigned int letters[26],

-	const char *cond, const char **cond_end, int *pos, int indent);

-static int process_proxy_cond_val(unsigned int letters[26],

-	const char *cond, const char **cond_end, int *pos, int indent)

-	{

-	int c;

-	int ok = 1;

-	int negate = 0;

-	while(isspace((int)*cond))

-		{

-		cond++; (*pos)++;

-		}

-	c = *cond;

-	if (debug)

-		process_proxy_debug(indent,

-			"Start process_proxy_cond_val at position %d: %s\n",

-			*pos, cond);

-	while(c == '!')

-		{

-		negate = !negate;

-		cond++; (*pos)++;

-		while(isspace((int)*cond))

-			{

-			cond++; (*pos)++;

-			}

-		c = *cond;

-		}

-	if (c == '(')

-		{

-		cond++; (*pos)++;

-		ok = process_proxy_cond_adders(letters, cond, cond_end, pos,

-			indent + 1);

-		cond = *cond_end;

-		if (ok < 0)

-			goto end;

-		while(isspace((int)*cond))

-			{

-			cond++; (*pos)++;

-			}

-		c = *cond;

-		if (c != ')')

-			{

-			fprintf(stderr,

-				"Weird condition character in position %d: "

-				"%c\n", *pos, c);

-			ok = -1;

-			goto end;

-			}

-		cond++; (*pos)++;

-		}

-	else if (isascii(c) && isalpha(c))

-		{

-		if (islower(c))

-			c = toupper(c);

-		ok = letters[c - 'A'];

-		cond++; (*pos)++;

-		}

-	else

-		{

-		fprintf(stderr,

-			"Weird condition character in position %d: "

-			"%c\n", *pos, c);

-		ok = -1;

-		goto end;

-		}

- end:

-	*cond_end = cond;

-	if (ok >= 0 && negate)

-		ok = !ok;

-	if (debug)

-		process_proxy_debug(indent,

-			"End process_proxy_cond_val at position %d: %s, returning %d\n",

-			*pos, cond, ok);

-	return ok;

-	}

-static int process_proxy_cond_multipliers(unsigned int letters[26],

-	const char *cond, const char **cond_end, int *pos, int indent)

-	{

-	int ok;

-	char c;

-	if (debug)

-		process_proxy_debug(indent,

-			"Start process_proxy_cond_multipliers at position %d: %s\n",

-			*pos, cond);

-	ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);

-	cond = *cond_end;

-	if (ok < 0)

-		goto end;

-	while(ok >= 0)

-		{

-		while(isspace((int)*cond))

-			{

-			cond++; (*pos)++;

-			}

-		c = *cond;

-		switch(c)

-			{

-		case '&':

-		case '^':

-			{

-			int save_ok = ok;

-			cond++; (*pos)++;

-			ok = process_proxy_cond_val(letters,

-				cond, cond_end, pos, indent + 1);

-			cond = *cond_end;

-			if (ok < 0)

-				break;

-			switch(c)

-				{

-			case '&':

-				ok &= save_ok;

-				break;

-			case '^':

-				ok ^= save_ok;

-				break;

-			default:

-				fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"

-					" STOPPING\n");

-				EXIT(1);

-				}

-			}

-			break;

-		default:

-			goto end;

-			}

-		}

- end:

-	if (debug)

-		process_proxy_debug(indent,

-			"End process_proxy_cond_multipliers at position %d: %s, returning %d\n",

-			*pos, cond, ok);

-	*cond_end = cond;

-	return ok;

-	}

-static int process_proxy_cond_adders(unsigned int letters[26],

-	const char *cond, const char **cond_end, int *pos, int indent)

-	{

-	int ok;

-	char c;

-	if (debug)

-		process_proxy_debug(indent,

-			"Start process_proxy_cond_adders at position %d: %s\n",

-			*pos, cond);

-	ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,

-		indent + 1);

-	cond = *cond_end;

-	if (ok < 0)

-		goto end;

-	while(ok >= 0)

-		{

-		while(isspace((int)*cond))

-			{

-			cond++; (*pos)++;

-			}

-		c = *cond;

-		switch(c)

-			{

-		case '|':

-			{

-			int save_ok = ok;

-			cond++; (*pos)++;

-			ok = process_proxy_cond_multipliers(letters,

-				cond, cond_end, pos, indent + 1);

-			cond = *cond_end;

-			if (ok < 0)

-				break;

-			switch(c)

-				{

-			case '|':

-				ok |= save_ok;

-				break;

-			default:

-				fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"

-					" STOPPING\n");

-				EXIT(1);

-				}

-			}

-			break;

-		default:

-			goto end;

-			}

-		}

- end:

-	if (debug)

-		process_proxy_debug(indent,

-			"End process_proxy_cond_adders at position %d: %s, returning %d\n",

-			*pos, cond, ok);

-	*cond_end = cond;

-	return ok;

-	}

-static int process_proxy_cond(unsigned int letters[26],

-	const char *cond, const char **cond_end)

-	{

-	int pos = 1;

-	return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);

-	}

-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)

-	{

-	int ok=1;

-	struct app_verify_arg *cb_arg = arg;

-	unsigned int letters[26]; /* only used with proxy_auth */

-	if (cb_arg->app_verify)

-		{

-		char *s = NULL,buf[256];

-		fprintf(stderr, "In app_verify_callback, allowing cert. ");

-		fprintf(stderr, "Arg is: %s\n", cb_arg->string);

-		fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",

-			(void *)ctx, (void *)ctx->cert);

-		if (ctx->cert)

-			s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);

-		if (s != NULL)

-			{

-			fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);

-			}

-		return(1);

-		}

-	if (cb_arg->proxy_auth)

-		{

-		int found_any = 0, i;

-		char *sp;

-		for(i = 0; i < 26; i++)

-			letters[i] = 0;

-		for(sp = cb_arg->proxy_auth; *sp; sp++)

-			{

-			int c = *sp;

-			if (isascii(c) && isalpha(c))

-				{

-				if (islower(c))

-					c = toupper(c);

-				letters[c - 'A'] = 1;

-				}

-			}

-		fprintf(stderr,

-			"  Initial proxy rights = ");

-		for(i = 0; i < 26; i++)

-			if (letters[i])

-				{

-				fprintf(stderr, "%c", i + 'A');

-				found_any = 1;

-				}

-		if (!found_any)

-			fprintf(stderr, "none");

-		fprintf(stderr, "\n");

-		X509_STORE_CTX_set_ex_data(ctx,

-			get_proxy_auth_ex_data_idx(),letters);

-		}

-	if (cb_arg->allow_proxy_certs)

-		{

-		X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);

-		}

-#ifndef OPENSSL_NO_X509_VERIFY

-# ifdef OPENSSL_FIPS

-	if(s->version == TLS1_VERSION)

-		FIPS_allow_md5(1);

-# endif

-	ok = X509_verify_cert(ctx);

-# ifdef OPENSSL_FIPS

-	if(s->version == TLS1_VERSION)

-		FIPS_allow_md5(0);

-# endif

-#endif

-	if (cb_arg->proxy_auth)

-		{

-		if (ok)

-			{

-			const char *cond_end = NULL;

-			ok = process_proxy_cond(letters,

-				cb_arg->proxy_cond, &cond_end);

-			if (ok < 0)

-				EXIT(3);

-			if (*cond_end)

-				{

-				fprintf(stderr, "Stopped processing condition before it's end.\n");

-				ok = 0;

-				}

-			if (!ok)

-				fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",

-					cb_arg->proxy_cond);

-			else

-				fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",

-					cb_arg->proxy_cond);

-			}

-		}

-	return(ok);

-	}

-#ifndef OPENSSL_NO_RSA

-static RSA *rsa_tmp=NULL;

-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)

-	{

-	BIGNUM *bn = NULL;

-	if (rsa_tmp == NULL)

-		{

-		bn = BN_new();

-		rsa_tmp = RSA_new();

-		if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))

-			{

-			BIO_printf(bio_err, "Memory error...");

-			goto end;

-			}

-		BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);

-		(void)BIO_flush(bio_err);

-		if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))

-			{

-			BIO_printf(bio_err, "Error generating key.");

-			RSA_free(rsa_tmp);

-			rsa_tmp = NULL;

-			}

-end:

-		BIO_printf(bio_err,"\n");

-		(void)BIO_flush(bio_err);

-		}

-	if(bn) BN_free(bn);

-	return(rsa_tmp);

-	}

-static void free_tmp_rsa(void)

-	{

-	if (rsa_tmp != NULL)

-		{

-		RSA_free(rsa_tmp);

-		rsa_tmp = NULL;

-		}

-	}

-#endif

-#ifndef OPENSSL_NO_DH

-/* These DH parameters have been generated as follows:

- *    $ openssl dhparam -C -noout 512

- *    $ openssl dhparam -C -noout 1024

- *    $ openssl dhparam -C -noout -dsaparam 1024

- * (The third function has been renamed to avoid name conflicts.)

- */

-static DH *get_dh512()

-	{

-	static unsigned char dh512_p[]={

-		0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,

-		0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,

-		0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,

-		0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,

-		0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,

-		0x02,0xC5,0xAE,0x23,

-		};

-	static unsigned char dh512_g[]={

-		0x02,

-		};

-	DH *dh;

-	if ((dh=DH_new()) == NULL) return(NULL);

-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);

-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);

-	if ((dh->p == NULL) || (dh->g == NULL))

-		{ DH_free(dh); return(NULL); }

-	return(dh);

-	}

-static DH *get_dh1024()

-	{

-	static unsigned char dh1024_p[]={

-		0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,

-		0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,

-		0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,

-		0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,

-		0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,

-		0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,

-		0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,

-		0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,

-		0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,

-		0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,

-		0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,

-		};

-	static unsigned char dh1024_g[]={

-		0x02,

-		};

-	DH *dh;

-	if ((dh=DH_new()) == NULL) return(NULL);

-	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);

-	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);

-	if ((dh->p == NULL) || (dh->g == NULL))

-		{ DH_free(dh); return(NULL); }

-	return(dh);

-	}

-static DH *get_dh1024dsa()

-	{

-	static unsigned char dh1024_p[]={

-		0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,

-		0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,

-		0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,

-		0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,

-		0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,

-		0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,

-		0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,

-		0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,

-		0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,

-		0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,

-		0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,

-		};

-	static unsigned char dh1024_g[]={

-		0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,

-		0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,

-		0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,

-		0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,

-		0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,

-		0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,

-		0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,

-		0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,

-		0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,

-		0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,

-		0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,

-		};

-	DH *dh;

-	if ((dh=DH_new()) == NULL) return(NULL);

-	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);

-	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);

-	if ((dh->p == NULL) || (dh->g == NULL))

-		{ DH_free(dh); return(NULL); }

-	dh->length = 160;

-	return(dh);

-	}

-#endif

-static int do_test_cipherlist(void)

-	{

-	int i = 0;

-	const SSL_METHOD *meth;

-	SSL_CIPHER *ci, *tci = NULL;

-#ifndef OPENSSL_NO_SSL2

-	fprintf(stderr, "testing SSLv2 cipher list order: ");

-	meth = SSLv2_method();

-	while ((ci = meth->get_cipher(i++)) != NULL)

-		{

-		if (tci != NULL)

-			if (ci->id >= tci->id)

-				{

-				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);

-				return 0;

-				}

-		tci = ci;

-		}

-	fprintf(stderr, "ok\n");

-#endif

-#ifndef OPENSSL_NO_SSL3

-	fprintf(stderr, "testing SSLv3 cipher list order: ");

-	meth = SSLv3_method();

-	tci = NULL;

-	while ((ci = meth->get_cipher(i++)) != NULL)

-		{

-		if (tci != NULL)

-			if (ci->id >= tci->id)

-				{

-				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);

-				return 0;

-				}

-		tci = ci;

-		}

-	fprintf(stderr, "ok\n");

-#endif

-#ifndef OPENSSL_NO_TLS1

-	fprintf(stderr, "testing TLSv1 cipher list order: ");

-	meth = TLSv1_method();

-	tci = NULL;

-	while ((ci = meth->get_cipher(i++)) != NULL)

-		{

-		if (tci != NULL)

-			if (ci->id >= tci->id)

-				{

-				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);

-				return 0;

-				}

-		tci = ci;

-		}

-	fprintf(stderr, "ok\n");

-#endif

-	return 1;

-	}

--- a/sys/src/ape/lib/openssl/ssl/t1_clnt.c

+++ /dev/null

@@ -1,79 +1,0 @@

-/* ssl/t1_clnt.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-static SSL_METHOD *tls1_get_client_method(int ver);

-static SSL_METHOD *tls1_get_client_method(int ver)

-	{

-	if (ver == TLS1_VERSION)

-		return(TLSv1_client_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_tls1_meth_func(TLSv1_client_method,

-			ssl_undefined_function,

-			ssl3_connect,

-			tls1_get_client_method)

--- a/sys/src/ape/lib/openssl/ssl/t1_enc.c

+++ /dev/null

@@ -1,860 +1,0 @@

-/* ssl/t1_enc.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- * This product includes cryptographic software written by Eric Young

- * ([email protected]).  This product includes software written by Tim

- * Hudson ([email protected]).

- *

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/comp.h>

-#include <openssl/evp.h>

-#include <openssl/hmac.h>

-#include <openssl/md5.h>

-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,

-			int sec_len, unsigned char *seed, int seed_len,

-			unsigned char *out, int olen)

-	{

-	int chunk,n;

-	unsigned int j;

-	HMAC_CTX ctx;

-	HMAC_CTX ctx_tmp;

-	unsigned char A1[EVP_MAX_MD_SIZE];

-	unsigned int A1_len;

-	chunk=EVP_MD_size(md);

-	HMAC_CTX_init(&ctx);

-	HMAC_CTX_init(&ctx_tmp);

-	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);

-	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);

-	HMAC_Update(&ctx,seed,seed_len);

-	HMAC_Final(&ctx,A1,&A1_len);

-	n=0;

-	for (;;)

-		{

-		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */

-		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */

-		HMAC_Update(&ctx,A1,A1_len);

-		HMAC_Update(&ctx_tmp,A1,A1_len);

-		HMAC_Update(&ctx,seed,seed_len);

-		if (olen > chunk)

-			{

-			HMAC_Final(&ctx,out,&j);

-			out+=j;

-			olen-=j;

-			HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */

-			}

-		else	/* last one */

-			{

-			HMAC_Final(&ctx,A1,&A1_len);

-			memcpy(out,A1,olen);

-			break;

-			}

-		}

-	HMAC_CTX_cleanup(&ctx);

-	HMAC_CTX_cleanup(&ctx_tmp);

-	OPENSSL_cleanse(A1,sizeof(A1));

-	}

-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,

-		     unsigned char *label, int label_len,

-		     const unsigned char *sec, int slen, unsigned char *out1,

-		     unsigned char *out2, int olen)

-	{

-	int len,i;

-	const unsigned char *S1,*S2;

-	len=slen/2;

-	S1=sec;

-	S2= &(sec[len]);

-	len+=(slen&1); /* add for odd, make longer */

-	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);

-	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);

-	for (i=0; i<olen; i++)

-		out1[i]^=out2[i];

-	}

-static void tls1_generate_key_block(SSL *s, unsigned char *km,

-	     unsigned char *tmp, int num)

-	{

-	unsigned char *p;

-	unsigned char buf[SSL3_RANDOM_SIZE*2+

-		TLS_MD_MAX_CONST_SIZE];

-	p=buf;

-	memcpy(p,TLS_MD_KEY_EXPANSION_CONST,

-		TLS_MD_KEY_EXPANSION_CONST_SIZE);

-	p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;

-	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);

-	p+=SSL3_RANDOM_SIZE;

-	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);

-	p+=SSL3_RANDOM_SIZE;

-	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),

-		 s->session->master_key,s->session->master_key_length,

-		 km,tmp,num);

-#ifdef KSSL_DEBUG

-	printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",

-                s->session->master_key_length);

-	{

-        int i;

-        for (i=0; i < s->session->master_key_length; i++)

-                {

-                printf("%02X", s->session->master_key[i]);

-                }

-        printf("\n");  }

-#endif    /* KSSL_DEBUG */

-	}

-int tls1_change_cipher_state(SSL *s, int which)

-	{

-	static const unsigned char empty[]="";

-	unsigned char *p,*key_block,*mac_secret;

-	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+

-		SSL3_RANDOM_SIZE*2];

-	unsigned char tmp1[EVP_MAX_KEY_LENGTH];

-	unsigned char tmp2[EVP_MAX_KEY_LENGTH];

-	unsigned char iv1[EVP_MAX_IV_LENGTH*2];

-	unsigned char iv2[EVP_MAX_IV_LENGTH*2];

-	unsigned char *ms,*key,*iv,*er1,*er2;

-	int client_write;

-	EVP_CIPHER_CTX *dd;

-	const EVP_CIPHER *c;

-#ifndef OPENSSL_NO_COMP

-	const SSL_COMP *comp;

-#endif

-	const EVP_MD *m;

-	int is_export,n,i,j,k,exp_label_len,cl;

-	int reuse_dd = 0;

-	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);

-	c=s->s3->tmp.new_sym_enc;

-	m=s->s3->tmp.new_hash;

-#ifndef OPENSSL_NO_COMP

-	comp=s->s3->tmp.new_compression;

-#endif

-	key_block=s->s3->tmp.key_block;

-#ifdef KSSL_DEBUG

-	printf("tls1_change_cipher_state(which= %d) w/\n", which);

-	printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,

-                comp);

-	printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);

-	printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",

-                c->nid,c->block_size,c->key_len,c->iv_len);

-	printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);

-	{

-        int i;

-        for (i=0; i<s->s3->tmp.key_block_length; i++)

-		printf("%02x", key_block[i]);  printf("\n");

-        }

-#endif	/* KSSL_DEBUG */

-	if (which & SSL3_CC_READ)

-		{

-		if (s->enc_read_ctx != NULL)

-			reuse_dd = 1;

-		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)

-			goto err;

-		else

-			/* make sure it's intialized in case we exit later with an error */

-			EVP_CIPHER_CTX_init(s->enc_read_ctx);

-		dd= s->enc_read_ctx;

-		s->read_hash=m;

-#ifndef OPENSSL_NO_COMP

-		if (s->expand != NULL)

-			{

-			COMP_CTX_free(s->expand);

-			s->expand=NULL;

-			}

-		if (comp != NULL)

-			{

-			s->expand=COMP_CTX_new(comp->method);

-			if (s->expand == NULL)

-				{

-				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);

-				goto err2;

-				}

-			if (s->s3->rrec.comp == NULL)

-				s->s3->rrec.comp=(unsigned char *)

-					OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);

-			if (s->s3->rrec.comp == NULL)

-				goto err;

-			}

-#endif

-		/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */

- 		if (s->version != DTLS1_VERSION)

-			memset(&(s->s3->read_sequence[0]),0,8);

-		mac_secret= &(s->s3->read_mac_secret[0]);

-		}

-	else

-		{

-		if (s->enc_write_ctx != NULL)

-			reuse_dd = 1;

-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)

-			goto err;

-		else

-			/* make sure it's intialized in case we exit later with an error */

-			EVP_CIPHER_CTX_init(s->enc_write_ctx);

-		dd= s->enc_write_ctx;

-		s->write_hash=m;

-#ifndef OPENSSL_NO_COMP

-		if (s->compress != NULL)

-			{

-			COMP_CTX_free(s->compress);

-			s->compress=NULL;

-			}

-		if (comp != NULL)

-			{

-			s->compress=COMP_CTX_new(comp->method);

-			if (s->compress == NULL)

-				{

-				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);

-				goto err2;

-				}

-			}

-#endif

-		/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */

- 		if (s->version != DTLS1_VERSION)

-			memset(&(s->s3->write_sequence[0]),0,8);

-		mac_secret= &(s->s3->write_mac_secret[0]);

-		}

-	if (reuse_dd)

-		EVP_CIPHER_CTX_cleanup(dd);

-	p=s->s3->tmp.key_block;

-	i=EVP_MD_size(m);

-	cl=EVP_CIPHER_key_length(c);

-	j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?

-	               cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;

-	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */

-	k=EVP_CIPHER_iv_length(c);

-	er1= &(s->s3->client_random[0]);

-	er2= &(s->s3->server_random[0]);

-	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||

-		(which == SSL3_CHANGE_CIPHER_SERVER_READ))

-		{

-		ms=  &(p[ 0]); n=i+i;

-		key= &(p[ n]); n+=j+j;

-		iv=  &(p[ n]); n+=k+k;

-		exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;

-		exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;

-		client_write=1;

-		}

-	else

-		{

-		n=i;

-		ms=  &(p[ n]); n+=i+j;

-		key= &(p[ n]); n+=j+k;

-		iv=  &(p[ n]); n+=k;

-		exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;

-		exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;

-		client_write=0;

-		}

-	if (n > s->s3->tmp.key_block_length)

-		{

-		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);

-		goto err2;

-		}

-	memcpy(mac_secret,ms,i);

-#ifdef TLS_DEBUG

-printf("which = %04X\nmac key=",which);

-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }

-#endif

-	if (is_export)

-		{

-		/* In here I set both the read and write key/iv to the

-		 * same value since only the correct one will be used :-).

-		 */

-		p=buf;

-		memcpy(p,exp_label,exp_label_len);

-		p+=exp_label_len;

-		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);

-		p+=SSL3_RANDOM_SIZE;

-		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);

-		p+=SSL3_RANDOM_SIZE;

-		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,

-			 tmp1,tmp2,EVP_CIPHER_key_length(c));

-		key=tmp1;

-		if (k > 0)

-			{

-			p=buf;

-			memcpy(p,TLS_MD_IV_BLOCK_CONST,

-				TLS_MD_IV_BLOCK_CONST_SIZE);

-			p+=TLS_MD_IV_BLOCK_CONST_SIZE;

-			memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);

-			p+=SSL3_RANDOM_SIZE;

-			memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);

-			p+=SSL3_RANDOM_SIZE;

-			tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,

-				 iv1,iv2,k*2);

-			if (client_write)

-				iv=iv1;

-			else

-				iv= &(iv1[k]);

-			}

-		}

-	s->session->key_arg_length=0;

-#ifdef KSSL_DEBUG

-	{

-        int i;

-	printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");

-	printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);

-	printf("\n");

-	printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);

-	printf("\n");

-	}

-#endif	/* KSSL_DEBUG */

-	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));

-#ifdef TLS_DEBUG

-printf("which = %04X\nkey=",which);

-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }

-printf("\niv=");

-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }

-printf("\n");

-#endif

-	OPENSSL_cleanse(tmp1,sizeof(tmp1));

-	OPENSSL_cleanse(tmp2,sizeof(tmp1));

-	OPENSSL_cleanse(iv1,sizeof(iv1));

-	OPENSSL_cleanse(iv2,sizeof(iv2));

-	return(1);

-err:

-	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);

-err2:

-	return(0);

-	}

-int tls1_setup_key_block(SSL *s)

-	{

-	unsigned char *p1,*p2;

-	const EVP_CIPHER *c;

-	const EVP_MD *hash;

-	int num;

-	SSL_COMP *comp;

-#ifdef KSSL_DEBUG

-	printf ("tls1_setup_key_block()\n");

-#endif	/* KSSL_DEBUG */

-	if (s->s3->tmp.key_block_length != 0)

-		return(1);

-	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))

-		{

-		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);

-		return(0);

-		}

-	s->s3->tmp.new_sym_enc=c;

-	s->s3->tmp.new_hash=hash;

-	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);

-	num*=2;

-	ssl3_cleanup_key_block(s);

-	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)

-		goto err;

-	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)

-		goto err;

-	s->s3->tmp.key_block_length=num;

-	s->s3->tmp.key_block=p1;

-#ifdef TLS_DEBUG

-printf("client random\n");

-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }

-printf("server random\n");

-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }

-printf("pre-master\n");

-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }

-#endif

-	tls1_generate_key_block(s,p1,p2,num);

-	OPENSSL_cleanse(p2,num);

-	OPENSSL_free(p2);

-#ifdef TLS_DEBUG

-printf("\nkey block\n");

-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }

-#endif

-	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))

-		{

-		/* enable vulnerability countermeasure for CBC ciphers with

-		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)

-		 */

-		s->s3->need_empty_fragments = 1;

-		if (s->session->cipher != NULL)

-			{

-			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)

-				s->s3->need_empty_fragments = 0;

-#ifndef OPENSSL_NO_RC4

-			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)

-				s->s3->need_empty_fragments = 0;

-#endif

-			}

-		}

-	return(1);

-err:

-	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);

-	return(0);

-	}

-int tls1_enc(SSL *s, int send)

-	{

-	SSL3_RECORD *rec;

-	EVP_CIPHER_CTX *ds;

-	unsigned long l;

-	int bs,i,ii,j,k,n=0;

-	const EVP_CIPHER *enc;

-	if (send)

-		{

-		if (s->write_hash != NULL)

-			n=EVP_MD_size(s->write_hash);

-		ds=s->enc_write_ctx;

-		rec= &(s->s3->wrec);

-		if (s->enc_write_ctx == NULL)

-			enc=NULL;

-		else

-			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

-		}

-	else

-		{

-		if (s->read_hash != NULL)

-			n=EVP_MD_size(s->read_hash);

-		ds=s->enc_read_ctx;

-		rec= &(s->s3->rrec);

-		if (s->enc_read_ctx == NULL)

-			enc=NULL;

-		else

-			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

-		}

-#ifdef KSSL_DEBUG

-	printf("tls1_enc(%d)\n", send);

-#endif    /* KSSL_DEBUG */

-	if ((s->session == NULL) || (ds == NULL) ||

-		(enc == NULL))

-		{

-		memmove(rec->data,rec->input,rec->length);

-		rec->input=rec->data;

-		}

-	else

-		{

-		l=rec->length;

-		bs=EVP_CIPHER_block_size(ds->cipher);

-		if ((bs != 1) && send)

-			{

-			i=bs-((int)l%bs);

-			/* Add weird padding of upto 256 bytes */

-			/* we need to add 'i' padding bytes of value j */

-			j=i-1;

-			if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)

-				{

-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)

-					j++;

-				}

-			for (k=(int)l; k<(int)(l+i); k++)

-				rec->input[k]=j;

-			l+=i;

-			rec->length+=i;

-			}

-#ifdef KSSL_DEBUG

-		{

-                unsigned long ui;

-		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",

-                        ds,rec->data,rec->input,l);

-		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",

-                        ds->buf_len, ds->cipher->key_len,

-                        DES_KEY_SZ, DES_SCHEDULE_SZ,

-                        ds->cipher->iv_len);

-		printf("\t\tIV: ");

-		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);

-		printf("\n");

-		printf("\trec->input=");

-		for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);

-		printf("\n");

-		}

-#endif	/* KSSL_DEBUG */

-		if (!send)

-			{

-			if (l == 0 || l%bs != 0)

-				{

-				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);

-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);

-				return 0;

-				}

-			}

-		EVP_Cipher(ds,rec->data,rec->input,l);

-#ifdef KSSL_DEBUG

-		{

-                unsigned long i;

-                printf("\trec->data=");

-		for (i=0; i<l; i++)

-                        printf(" %02x", rec->data[i]);  printf("\n");

-                }

-#endif	/* KSSL_DEBUG */

-		if ((bs != 1) && !send)

-			{

-			ii=i=rec->data[l-1]; /* padding_length */

-			i++;

-			/* NB: if compression is in operation the first packet

-			 * may not be of even length so the padding bug check

-			 * cannot be performed. This bug workaround has been

-			 * around since SSLeay so hopefully it is either fixed

-			 * now or no buggy implementation supports compression

-			 * [steve]

-			 */

-			if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)

-				&& !s->expand)

-				{

-				/* First packet is even in size, so check */

-				if ((memcmp(s->s3->read_sequence,

-					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))

-					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;

-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)

-					i--;

-				}

-			/* TLS 1.0 does not bound the number of padding bytes by the block size.

-			 * All of them must have value 'padding_length'. */

-			if (i > (int)rec->length)

-				{

-				/* Incorrect padding. SSLerr() and ssl3_alert are done

-				 * by caller: we don't want to reveal whether this is

-				 * a decryption error or a MAC verification failure

-				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */

-				return -1;

-				}

-			for (j=(int)(l-i); j<(int)l; j++)

-				{

-				if (rec->data[j] != ii)

-					{

-					/* Incorrect padding */

-					return -1;

-					}

-				}

-			rec->length-=i;

-			}

-		}

-	return(1);

-	}

-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)

-	{

-	unsigned int ret;

-	EVP_MD_CTX ctx;

-	EVP_MD_CTX_init(&ctx);

-	EVP_MD_CTX_copy_ex(&ctx,in_ctx);

-	EVP_DigestFinal_ex(&ctx,out,&ret);

-	EVP_MD_CTX_cleanup(&ctx);

-	return((int)ret);

-	}

-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,

-	     const char *str, int slen, unsigned char *out)

-	{

-	unsigned int i;

-	EVP_MD_CTX ctx;

-	unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];

-	unsigned char *q,buf2[12];

-	q=buf;

-	memcpy(q,str,slen);

-	q+=slen;

-	EVP_MD_CTX_init(&ctx);

-	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);

-	EVP_DigestFinal_ex(&ctx,q,&i);

-	q+=i;

-	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);

-	EVP_DigestFinal_ex(&ctx,q,&i);

-	q+=i;

-	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),

-		s->session->master_key,s->session->master_key_length,

-		out,buf2,sizeof buf2);

-	EVP_MD_CTX_cleanup(&ctx);

-	return sizeof buf2;

-	}

-int tls1_mac(SSL *ssl, unsigned char *md, int send)

-	{

-	SSL3_RECORD *rec;

-	unsigned char *mac_sec,*seq;

-	const EVP_MD *hash;

-	unsigned int md_size;

-	int i;

-	HMAC_CTX hmac;

-	unsigned char buf[5];

-	if (send)

-		{

-		rec= &(ssl->s3->wrec);

-		mac_sec= &(ssl->s3->write_mac_secret[0]);

-		seq= &(ssl->s3->write_sequence[0]);

-		hash=ssl->write_hash;

-		}

-	else

-		{

-		rec= &(ssl->s3->rrec);

-		mac_sec= &(ssl->s3->read_mac_secret[0]);

-		seq= &(ssl->s3->read_sequence[0]);

-		hash=ssl->read_hash;

-		}

-	md_size=EVP_MD_size(hash);

-	buf[0]=rec->type;

-	if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)

-		{

-		buf[1]=TLS1_VERSION_MAJOR;

-		buf[2]=TLS1_VERSION_MINOR;

-		}

-	else	{

-		buf[1]=(unsigned char)(ssl->version>>8);

-		buf[2]=(unsigned char)(ssl->version);

-		}

-	buf[3]=rec->length>>8;

-	buf[4]=rec->length&0xff;

-	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */

-	HMAC_CTX_init(&hmac);

-	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);

-	if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)

-		{

-		unsigned char dtlsseq[8],*p=dtlsseq;

-		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);

-		memcpy (p,&seq[2],6);

-		HMAC_Update(&hmac,dtlsseq,8);

-		}

-	else

-		HMAC_Update(&hmac,seq,8);

-	HMAC_Update(&hmac,buf,5);

-	HMAC_Update(&hmac,rec->input,rec->length);

-	HMAC_Final(&hmac,md,&md_size);

-	HMAC_CTX_cleanup(&hmac);

-#ifdef TLS_DEBUG

-printf("sec=");

-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }

-printf("seq=");

-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }

-printf("buf=");

-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }

-printf("rec=");

-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }

-#endif

-	if ( SSL_version(ssl) != DTLS1_VERSION)

-		{

-		for (i=7; i>=0; i--)

-			{

-			++seq[i];

-			if (seq[i] != 0) break;

-			}

-		}

-#ifdef TLS_DEBUG

-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }

-#endif

-	return(md_size);

-	}

-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,

-	     int len)

-	{

-	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];

-	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];

-#ifdef KSSL_DEBUG

-	printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);

-#endif	/* KSSL_DEBUG */

-	/* Setup the stuff to munge */

-	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,

-		TLS_MD_MASTER_SECRET_CONST_SIZE);

-	memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),

-		s->s3->client_random,SSL3_RANDOM_SIZE);

-	memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),

-		s->s3->server_random,SSL3_RANDOM_SIZE);

-	tls1_PRF(s->ctx->md5,s->ctx->sha1,

-		buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,

-		s->session->master_key,buff,sizeof buff);

-#ifdef KSSL_DEBUG

-	printf ("tls1_generate_master_secret() complete\n");

-#endif	/* KSSL_DEBUG */

-	return(SSL3_MASTER_SECRET_SIZE);

-	}

-int tls1_alert_code(int code)

-	{

-	switch (code)

-		{

-	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);

-	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);

-	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);

-	case SSL_AD_DECRYPTION_FAILED:	return(TLS1_AD_DECRYPTION_FAILED);

-	case SSL_AD_RECORD_OVERFLOW:	return(TLS1_AD_RECORD_OVERFLOW);

-	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);

-	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);

-	case SSL_AD_NO_CERTIFICATE:	return(-1);

-	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);

-	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);

-	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);

-	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);

-	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);

-	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);

-	case SSL_AD_UNKNOWN_CA:		return(TLS1_AD_UNKNOWN_CA);

-	case SSL_AD_ACCESS_DENIED:	return(TLS1_AD_ACCESS_DENIED);

-	case SSL_AD_DECODE_ERROR:	return(TLS1_AD_DECODE_ERROR);

-	case SSL_AD_DECRYPT_ERROR:	return(TLS1_AD_DECRYPT_ERROR);

-	case SSL_AD_EXPORT_RESTRICTION:	return(TLS1_AD_EXPORT_RESTRICTION);

-	case SSL_AD_PROTOCOL_VERSION:	return(TLS1_AD_PROTOCOL_VERSION);

-	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);

-	case SSL_AD_INTERNAL_ERROR:	return(TLS1_AD_INTERNAL_ERROR);

-	case SSL_AD_USER_CANCELLED:	return(TLS1_AD_USER_CANCELLED);

-	case SSL_AD_NO_RENEGOTIATION:	return(TLS1_AD_NO_RENEGOTIATION);

-	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return

-					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);

-	default:			return(-1);

-		}

-	}

--- a/sys/src/ape/lib/openssl/ssl/t1_lib.c

+++ /dev/null

@@ -1,631 +1,0 @@

-/* ssl/t1_lib.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/hmac.h>

-#include "ssl_locl.h"

-const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;

-#ifndef OPENSSL_NO_TLSEXT

-static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,

-				const unsigned char *sess_id, int sesslen,

-				SSL_SESSION **psess);

-#endif

-SSL3_ENC_METHOD TLSv1_enc_data={

-	tls1_enc,

-	tls1_mac,

-	tls1_setup_key_block,

-	tls1_generate_master_secret,

-	tls1_change_cipher_state,

-	tls1_final_finish_mac,

-	TLS1_FINISH_MAC_LENGTH,

-	tls1_cert_verify_mac,

-	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,

-	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,

-	tls1_alert_code,

-	};

-long tls1_default_timeout(void)

-	{

-	/* 2 hours, the 24 hours mentioned in the TLSv1 spec

-	 * is way too long for http, the cache would over fill */

-	return(60*60*2);

-	}

-IMPLEMENT_tls1_meth_func(tlsv1_base_method,

-			ssl_undefined_function,

-			ssl_undefined_function,

-			ssl_bad_method)

-int tls1_new(SSL *s)

-	{

-	if (!ssl3_new(s)) return(0);

-	s->method->ssl_clear(s);

-	return(1);

-	}

-void tls1_free(SSL *s)

-	{

-	ssl3_free(s);

-	}

-void tls1_clear(SSL *s)

-	{

-	ssl3_clear(s);

-	s->version=TLS1_VERSION;

-	}

-#if 0

-long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)

-	{

-	return(0);

-	}

-long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())

-	{

-	return(0);

-	}

-#endif

-#ifndef OPENSSL_NO_TLSEXT

-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)

-	{

-	int extdatalen=0;

-	unsigned char *ret = p;

-	ret+=2;

-	if (ret>=limit) return NULL; /* this really never occurs, but ... */

- 	if (s->tlsext_hostname != NULL)

-		{

-		/* Add TLS extension servername to the Client Hello message */

-		unsigned long size_str;

-		long lenmax;

-		/* check for enough space.

-		   4 for the servername type and entension length

-		   2 for servernamelist length

-		   1 for the hostname type

-		   2 for hostname length

-		   + hostname length

-		*/

-		if ((lenmax = limit - ret - 9) < 0

-		|| (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)

-			return NULL;

-		/* extension type and length */

-		s2n(TLSEXT_TYPE_server_name,ret);

-		s2n(size_str+5,ret);

-		/* length of servername list */

-		s2n(size_str+3,ret);

-		/* hostname type, length and hostname */

-		*(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;

-		s2n(size_str,ret);

-		memcpy(ret, s->tlsext_hostname, size_str);

-		ret+=size_str;

-		}

-	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))

-		{

-		int ticklen;

-		if (s->session && s->session->tlsext_tick)

-			ticklen = s->session->tlsext_ticklen;

-		else

-			ticklen = 0;

-		/* Check for enough room 2 for extension type, 2 for len

- 		 * rest for ticket

-  		 */

-		if (limit - ret - 4 - ticklen < 0)

-			return NULL;

-		s2n(TLSEXT_TYPE_session_ticket,ret);

-		s2n(ticklen,ret);

-		if (ticklen)

-			{

-			memcpy(ret, s->session->tlsext_tick, ticklen);

-			ret += ticklen;

-			}

-		}

-	if ((extdatalen = ret-p-2)== 0)

-		return p;

-	s2n(extdatalen,p);

-	return ret;

-	}

-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)

-	{

-	int extdatalen=0;

-	unsigned char *ret = p;

-	ret+=2;

-	if (ret>=limit) return NULL; /* this really never occurs, but ... */

-	if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)

-		{

-		if (limit - ret - 4 < 0) return NULL;

-		s2n(TLSEXT_TYPE_server_name,ret);

-		s2n(0,ret);

-		}

-	if (s->tlsext_ticket_expected

-		&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))

-		{

-		if (limit - ret - 4 < 0) return NULL;

-		s2n(TLSEXT_TYPE_session_ticket,ret);

-		s2n(0,ret);

-		}

-	if ((extdatalen = ret-p-2)== 0)

-		return p;

-	s2n(extdatalen,p);

-	return ret;

-	}

-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)

-	{

-	unsigned short type;

-	unsigned short size;

-	unsigned short len;

-	unsigned char *data = *p;

-	s->servername_done = 0;

-	if (data >= (d+n-2))

-		return 1;

-	n2s(data,len);

-	if (data > (d+n-len))

-		return 1;

-	while (data <= (d+n-4))

-		{

-		n2s(data,type);

-		n2s(data,size);

-		if (data+size > (d+n))

-	   		return 1;

-		if (s->tlsext_debug_cb)

-			s->tlsext_debug_cb(s, 0, type, data, size,

-						s->tlsext_debug_arg);

-/* The servername extension is treated as follows:

-   - Only the hostname type is supported with a maximum length of 255.

-   - The servername is rejected if too long or if it contains zeros,

-     in which case an fatal alert is generated.

-   - The servername field is maintained together with the session cache.

-   - When a session is resumed, the servername call back invoked in order

-     to allow the application to position itself to the right context.

-   - The servername is acknowledged if it is new for a session or when

-     it is identical to a previously used for the same session.

-     Applications can control the behaviour.  They can at any time

-     set a 'desirable' servername for a new SSL object. This can be the

-     case for example with HTTPS when a Host: header field is received and

-     a renegotiation is requested. In this case, a possible servername

-     presented in the new client hello is only acknowledged if it matches

-     the value of the Host: field.

-   - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

-     if they provide for changing an explicit servername context for the session,

-     i.e. when the session has been established with a servername extension.

-   - On session reconnect, the servername extension may be absent.

-*/

-		if (type == TLSEXT_TYPE_server_name)

-			{

-			unsigned char *sdata;

-			int servname_type;

-			int dsize;

-			if (size < 2)

-				{

-				*al = SSL_AD_DECODE_ERROR;

-				return 0;

-				}

-			n2s(data,dsize);

-			size -= 2;

-			if (dsize > size  )

-				{

-				*al = SSL_AD_DECODE_ERROR;

-				return 0;

-				}

-			sdata = data;

-			while (dsize > 3)

-				{

-	 			servname_type = *(sdata++);

-				n2s(sdata,len);

-				dsize -= 3;

-				if (len > dsize)

-					{

-					*al = SSL_AD_DECODE_ERROR;

-					return 0;

-					}

-				if (s->servername_done == 0)

-				switch (servname_type)

-					{

-				case TLSEXT_NAMETYPE_host_name:

-					if (s->session->tlsext_hostname == NULL)

-						{

-						if (len > TLSEXT_MAXLEN_host_name ||

-							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))

-							{

-							*al = TLS1_AD_UNRECOGNIZED_NAME;

-							return 0;

-							}

-						memcpy(s->session->tlsext_hostname, sdata, len);

-						s->session->tlsext_hostname[len]='\0';

-						if (strlen(s->session->tlsext_hostname) != len) {

-							OPENSSL_free(s->session->tlsext_hostname);

-							*al = TLS1_AD_UNRECOGNIZED_NAME;

-							return 0;

-						}

-						s->servername_done = 1;

-						}

-					else

-						s->servername_done = strlen(s->session->tlsext_hostname) == len

-							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;

-					break;

-				default:

-					break;

-					}

-				dsize -= len;

-				}

-			if (dsize != 0)

-				{

-				*al = SSL_AD_DECODE_ERROR;

-				return 0;

-				}

-			}

-		/* session ticket processed earlier */

-		data+=size;

-		}

-	*p = data;

-	return 1;

-	}

-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)

-	{

-	unsigned short type;

-	unsigned short size;

-	unsigned short len;

-	unsigned char *data = *p;

-	int tlsext_servername = 0;

-	if (data >= (d+n-2))

-		return 1;

-	n2s(data,len);

-	while(data <= (d+n-4))

-		{

-		n2s(data,type);

-		n2s(data,size);

-		if (data+size > (d+n))

-	   		return 1;

-		if (s->tlsext_debug_cb)

-			s->tlsext_debug_cb(s, 1, type, data, size,

-						s->tlsext_debug_arg);

-		if (type == TLSEXT_TYPE_server_name)

-			{

-			if (s->tlsext_hostname == NULL || size > 0)

-				{

-				*al = TLS1_AD_UNRECOGNIZED_NAME;

-				return 0;

-				}

-			tlsext_servername = 1;

-			}

-		else if (type == TLSEXT_TYPE_session_ticket)

-			{

-			if ((SSL_get_options(s) & SSL_OP_NO_TICKET)

-				|| (size > 0))

-				{

-				*al = TLS1_AD_UNSUPPORTED_EXTENSION;

-				return 0;

-				}

-			s->tlsext_ticket_expected = 1;

-			}

-		data+=size;

-		}

-	if (data != d+n)

-		{

-		*al = SSL_AD_DECODE_ERROR;

-		return 0;

-		}

-	if (!s->hit && tlsext_servername == 1)

-		{

- 		if (s->tlsext_hostname)

-			{

-			if (s->session->tlsext_hostname == NULL)

-				{

-				s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);

-				if (!s->session->tlsext_hostname)

-					{

-					*al = SSL_AD_UNRECOGNIZED_NAME;

-					return 0;

-					}

-				}

-			else

-				{

-				*al = SSL_AD_DECODE_ERROR;

-				return 0;

-				}

-			}

-		}

-	*p = data;

-	return 1;

-	}

-int ssl_check_clienthello_tlsext(SSL *s)

-	{

-	int ret=SSL_TLSEXT_ERR_NOACK;

-	int al = SSL_AD_UNRECOGNIZED_NAME;

-	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)

-		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);

-	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)

-		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);

-	switch (ret)

-		{

-		case SSL_TLSEXT_ERR_ALERT_FATAL:

-			ssl3_send_alert(s,SSL3_AL_FATAL,al);

-			return -1;

-		case SSL_TLSEXT_ERR_ALERT_WARNING:

-			ssl3_send_alert(s,SSL3_AL_WARNING,al);

-			return 1;

-		case SSL_TLSEXT_ERR_NOACK:

-			s->servername_done=0;

-			default:

-		return 1;

-		}

-	}

-int ssl_check_serverhello_tlsext(SSL *s)

-	{

-	int ret=SSL_TLSEXT_ERR_NOACK;

-	int al = SSL_AD_UNRECOGNIZED_NAME;

-	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)

-		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);

-	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)

-		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);

-	switch (ret)

-		{

-		case SSL_TLSEXT_ERR_ALERT_FATAL:

-			ssl3_send_alert(s,SSL3_AL_FATAL,al);

-			return -1;

-		case SSL_TLSEXT_ERR_ALERT_WARNING:

-			ssl3_send_alert(s,SSL3_AL_WARNING,al);

-			return 1;

-		case SSL_TLSEXT_ERR_NOACK:

-			s->servername_done=0;

-			default:

-		return 1;

-		}

-	}

-/* Since the server cache lookup is done early on in the processing of client

- * hello and other operations depend on the result we need to handle any TLS

- * session ticket extension at the same time.

- */

-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,

-				const unsigned char *limit, SSL_SESSION **ret)

-	{

-	/* Point after session ID in client hello */

-	const unsigned char *p = session_id + len;

-	unsigned short i;

-	if ((s->version <= SSL3_VERSION) || !limit)

-		return 1;

-	if (p >= limit)

-		return -1;

-	/* Skip past cipher list */

-	n2s(p, i);

-	p+= i;

-	if (p >= limit)

-		return -1;

-	/* Skip past compression algorithm list */

-	i = *(p++);

-	p += i;

-	if (p > limit)

-		return -1;

-	/* Now at start of extensions */

-	if ((p + 2) >= limit)

-		return 1;

-	n2s(p, i);

-	while ((p + 4) <= limit)

-		{

-		unsigned short type, size;

-		n2s(p, type);

-		n2s(p, size);

-		if (p + size > limit)

-			return 1;

-		if (type == TLSEXT_TYPE_session_ticket)

-			{

-			/* If tickets disabled indicate cache miss which will

- 			 * trigger a full handshake

- 			 */

-			if (SSL_get_options(s) & SSL_OP_NO_TICKET)

-				return 0;

-			/* If zero length not client will accept a ticket

- 			 * and indicate cache miss to trigger full handshake

- 			 */

-			if (size == 0)

-				{

-				s->tlsext_ticket_expected = 1;

-				return 0;	/* Cache miss */

-				}

-			return tls_decrypt_ticket(s, p, size, session_id, len,

-									ret);

-			}

-		p += size;

-		}

-	return 1;

-	}

-static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,

-				const unsigned char *sess_id, int sesslen,

-				SSL_SESSION **psess)

-	{

-	SSL_SESSION *sess;

-	unsigned char *sdec;

-	const unsigned char *p;

-	int slen, mlen;

-	unsigned char tick_hmac[EVP_MAX_MD_SIZE];

-	HMAC_CTX hctx;

-	EVP_CIPHER_CTX ctx;

-	/* Attempt to process session ticket, first conduct sanity and

- 	 * integrity checks on ticket.

- 	 */

-	mlen = EVP_MD_size(tlsext_tick_md());

-	eticklen -= mlen;

-	/* Need at least keyname + iv + some encrypted data */

-	if (eticklen < 48)

-		goto tickerr;

-	/* Check key name matches */

-	if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))

-		goto tickerr;

-	/* Check HMAC of encrypted ticket */

-	HMAC_CTX_init(&hctx);

-	HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,

-				tlsext_tick_md(), NULL);

-	HMAC_Update(&hctx, etick, eticklen);

-	HMAC_Final(&hctx, tick_hmac, NULL);

-	HMAC_CTX_cleanup(&hctx);

-	if (memcmp(tick_hmac, etick + eticklen, mlen))

-		goto tickerr;

-	/* Set p to start of IV */

-	p = etick + 16;

-	EVP_CIPHER_CTX_init(&ctx);

-	/* Attempt to decrypt session data */

-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,

-					s->ctx->tlsext_tick_aes_key, p);

-	/* Move p after IV to start of encrypted ticket, update length */

-	p += 16;

-	eticklen -= 32;

-	sdec = OPENSSL_malloc(eticklen);

-	if (!sdec)

-		{

-		EVP_CIPHER_CTX_cleanup(&ctx);

-		return -1;

-		}

-	EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);

-	if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)

-		goto tickerr;

-	slen += mlen;

-	EVP_CIPHER_CTX_cleanup(&ctx);

-	p = sdec;

-	sess = d2i_SSL_SESSION(NULL, &p, slen);

-	OPENSSL_free(sdec);

-	if (sess)

-		{

-		/* The session ID if non-empty is used by some clients to

- 		 * detect that the ticket has been accepted. So we copy it to

- 		 * the session structure. If it is empty set length to zero

- 		 * as required by standard.

- 		 */

-		if (sesslen)

-			memcpy(sess->session_id, sess_id, sesslen);

-		sess->session_id_length = sesslen;

-		*psess = sess;

-		s->tlsext_ticket_expected = 0;

-		return 1;

-		}

-	/* If session decrypt failure indicate a cache miss and set state to

- 	 * send a new ticket

- 	 */

-	tickerr:

-	s->tlsext_ticket_expected = 1;

-	return 0;

-	}

-#endif

--- a/sys/src/ape/lib/openssl/ssl/t1_meth.c

+++ /dev/null

@@ -1,76 +1,0 @@

-/* ssl/t1_meth.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <openssl/objects.h>

-#include "ssl_locl.h"

-static SSL_METHOD *tls1_get_method(int ver);

-static SSL_METHOD *tls1_get_method(int ver)

-	{

-	if (ver == TLS1_VERSION)

-		return(TLSv1_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_tls1_meth_func(TLSv1_method,

-			ssl3_accept,

-			ssl3_connect,

-			tls1_get_method)

--- a/sys/src/ape/lib/openssl/ssl/t1_srvr.c

+++ /dev/null

@@ -1,80 +1,0 @@

-/* ssl/t1_srvr.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include "ssl_locl.h"

-#include <openssl/buffer.h>

-#include <openssl/rand.h>

-#include <openssl/objects.h>

-#include <openssl/evp.h>

-#include <openssl/x509.h>

-static SSL_METHOD *tls1_get_server_method(int ver);

-static SSL_METHOD *tls1_get_server_method(int ver)

-	{

-	if (ver == TLS1_VERSION)

-		return(TLSv1_server_method());

-	else

-		return(NULL);

-	}

-IMPLEMENT_tls1_meth_func(TLSv1_server_method,

-			ssl3_accept,

-			ssl_undefined_function,

-			tls1_get_server_method)

--- a/sys/src/ape/lib/openssl/ssl/tls1.h

+++ /dev/null

@@ -1,374 +1,0 @@

-/* ssl/tls1.h */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-/* ====================================================================

- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

- *

- * Portions of the attached software ("Contribution") are developed by

- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

- *

- * The Contribution is licensed pursuant to the OpenSSL open source

- * license provided above.

- *

- * ECC cipher suite support in OpenSSL originally written by

- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

- *

- */

-#ifndef HEADER_TLS1_H

-#define HEADER_TLS1_H

-#include <openssl/buffer.h>

-#ifdef  __cplusplus

-extern "C" {

-#endif

-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0

-#define TLS1_VERSION			0x0301

-#define TLS1_VERSION_MAJOR		0x03

-#define TLS1_VERSION_MINOR		0x01

-#define TLS1_AD_DECRYPTION_FAILED	21

-#define TLS1_AD_RECORD_OVERFLOW		22

-#define TLS1_AD_UNKNOWN_CA		48	/* fatal */

-#define TLS1_AD_ACCESS_DENIED		49	/* fatal */

-#define TLS1_AD_DECODE_ERROR		50	/* fatal */

-#define TLS1_AD_DECRYPT_ERROR		51

-#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */

-#define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */

-#define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */

-#define TLS1_AD_INTERNAL_ERROR		80	/* fatal */

-#define TLS1_AD_USER_CANCELLED		90

-#define TLS1_AD_NO_RENEGOTIATION	100

-/* codes 110-114 are from RFC3546 */

-#define TLS1_AD_UNSUPPORTED_EXTENSION	110

-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111

-#define TLS1_AD_UNRECOGNIZED_NAME 	112

-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113

-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114

-#define TLS1_AD_UNKNOWN_PSK_IDENTITY	115	/* fatal */

-/* ExtensionType values from RFC 3546 */

-#define TLSEXT_TYPE_server_name			0

-#define TLSEXT_TYPE_max_fragment_length		1

-#define TLSEXT_TYPE_client_certificate_url	2

-#define TLSEXT_TYPE_trusted_ca_keys		3

-#define TLSEXT_TYPE_truncated_hmac		4

-#define TLSEXT_TYPE_status_request		5

-#define TLSEXT_TYPE_elliptic_curves		10

-#define TLSEXT_TYPE_ec_point_formats		11

-#define TLSEXT_TYPE_session_ticket		35

-/* NameType value from RFC 3546 */

-#define TLSEXT_NAMETYPE_host_name 0

-#ifndef OPENSSL_NO_TLSEXT

-#define TLSEXT_MAXLEN_host_name 255

-const char *SSL_get_servername(const SSL *s, const int type) ;

-int SSL_get_servername_type(const SSL *s) ;

-#define SSL_set_tlsext_host_name(s,name) \

-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)

-#define SSL_set_tlsext_debug_callback(ssl, cb) \

-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)

-#define SSL_set_tlsext_debug_arg(ssl, arg) \

-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)

-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \

-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)

-#define SSL_TLSEXT_ERR_OK 0

-#define SSL_TLSEXT_ERR_ALERT_WARNING 1

-#define SSL_TLSEXT_ERR_ALERT_FATAL 2

-#define SSL_TLSEXT_ERR_NOACK 3

-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \

-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)

-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))

-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \

-	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))

-#endif

-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt

- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see

- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably

- * shouldn't. */

-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060

-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061

-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062

-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063

-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064

-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065

-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066

-/* AES ciphersuites from RFC3268 */

-#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F

-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030

-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031

-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032

-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033

-#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034

-#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035

-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036

-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037

-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038

-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039

-#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A

-/* Camellia ciphersuites from RFC4132 */

-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA		0x03000041

-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000042

-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000043

-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000044

-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000045

-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA		0x03000046

-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA		0x03000084

-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000085

-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000086

-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000087

-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000088

-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA		0x03000089

-/* SEED ciphersuites from RFC4162 */

-#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096

-#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097

-#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098

-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099

-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A

-#define TLS1_CK_ADH_WITH_SEED_SHA                	0x0300009B

-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */

-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001

-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002

-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003

-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004

-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005

-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006

-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007

-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008

-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009

-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A

-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B

-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C

-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D

-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E

-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F

-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010

-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011

-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012

-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013

-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014

-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015

-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016

-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017

-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018

-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019

-/* XXX

- * Inconsistency alert:

- * The OpenSSL names of ciphers with ephemeral DH here include the string

- * "DHE", while elsewhere it has always been "EDH".

- * (The alias for the list of all such ciphers also is "EDH".)

- * The specifications speak of "EDH"; maybe we should allow both forms

- * for everything. */

-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"

-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"

-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"

-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"

-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"

-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"

-/* AES ciphersuites from RFC3268 */

-#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"

-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"

-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"

-#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"

-#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"

-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"

-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"

-#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"

-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */

-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"

-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"

-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"

-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"

-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"

-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"

-/* Camellia ciphersuites from RFC4132 */

-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA		"CAMELLIA128-SHA"

-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	"DH-DSS-CAMELLIA128-SHA"

-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	"DH-RSA-CAMELLIA128-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	"DHE-DSS-CAMELLIA128-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	"DHE-RSA-CAMELLIA128-SHA"

-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA		"ADH-CAMELLIA128-SHA"

-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA		"CAMELLIA256-SHA"

-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	"DH-DSS-CAMELLIA256-SHA"

-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	"DH-RSA-CAMELLIA256-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	"DHE-DSS-CAMELLIA256-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	"DHE-RSA-CAMELLIA256-SHA"

-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA		"ADH-CAMELLIA256-SHA"

-/* SEED ciphersuites from RFC4162 */

-#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"

-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"

-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"

-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"

-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"

-#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"

-#define TLS_CT_RSA_SIGN			1

-#define TLS_CT_DSS_SIGN			2

-#define TLS_CT_RSA_FIXED_DH		3

-#define TLS_CT_DSS_FIXED_DH		4

-#define TLS_CT_ECDSA_SIGN		64

-#define TLS_CT_RSA_FIXED_ECDH		65

-#define TLS_CT_ECDSA_FIXED_ECDH 	66

-#define TLS_CT_NUMBER			7

-#define TLS1_FINISH_MAC_LENGTH		12

-#define TLS_MD_MAX_CONST_SIZE			20

-#define TLS_MD_CLIENT_FINISH_CONST		"client finished"

-#define TLS_MD_CLIENT_FINISH_CONST_SIZE		15

-#define TLS_MD_SERVER_FINISH_CONST		"server finished"

-#define TLS_MD_SERVER_FINISH_CONST_SIZE		15

-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"

-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16

-#define TLS_MD_KEY_EXPANSION_CONST		"key expansion"

-#define TLS_MD_KEY_EXPANSION_CONST_SIZE		13

-#define TLS_MD_CLIENT_WRITE_KEY_CONST		"client write key"

-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE	16

-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"

-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16

-#define TLS_MD_IV_BLOCK_CONST			"IV block"

-#define TLS_MD_IV_BLOCK_CONST_SIZE		8

-#define TLS_MD_MASTER_SECRET_CONST		"master secret"

-#define TLS_MD_MASTER_SECRET_CONST_SIZE		13

-#ifdef CHARSET_EBCDIC

-#undef TLS_MD_CLIENT_FINISH_CONST

-#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/

-#undef TLS_MD_SERVER_FINISH_CONST

-#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/

-#undef TLS_MD_SERVER_WRITE_KEY_CONST

-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/

-#undef TLS_MD_KEY_EXPANSION_CONST

-#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/

-#undef TLS_MD_CLIENT_WRITE_KEY_CONST

-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/

-#undef TLS_MD_SERVER_WRITE_KEY_CONST

-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/

-#undef TLS_MD_IV_BLOCK_CONST

-#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/

-#undef TLS_MD_MASTER_SECRET_CONST

-#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/

-#endif

-#ifdef  __cplusplus

-}

-#endif

-#endif

--- a/sys/src/ape/lib/openssl/test/CAss.cnf

+++ /dev/null

@@ -1,76 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-RANDFILE		= ./.rnd

-####################################################################

-[ req ]

-default_bits		= 512

-default_keyfile 	= keySS.pem

-distinguished_name	= req_distinguished_name

-encrypt_rsa_key		= no

-default_md		= sha1

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_value		= AU

-organizationName		= Organization Name (eg, company)

-organizationName_value		= Dodgy Brothers

-commonName			= Common Name (eg, YOUR name)

-commonName_value		= Dodgy CA

-####################################################################

-[ ca ]

-default_ca	= CA_default		# The default ca section

-####################################################################

-[ CA_default ]

-dir		= ./demoCA		# Where everything is kept

-certs		= $dir/certs		# Where the issued certs are kept

-crl_dir		= $dir/crl		# Where the issued crl are kept

-database	= $dir/index.txt	# database index file.

-#unique_subject	= no			# Set to 'no' to allow creation of

-					# several ctificates with same subject.

-new_certs_dir	= $dir/newcerts		# default place for new certs.

-certificate	= $dir/cacert.pem 	# The CA certificate

-serial		= $dir/serial 		# The current serial number

-crl		= $dir/crl.pem 		# The current CRL

-private_key	= $dir/private/cakey.pem# The private key

-RANDFILE	= $dir/private/.rand	# private random number file

-x509_extensions	= v3_ca			# The extentions to add to the cert

-name_opt 	= ca_default		# Subject Name options

-cert_opt 	= ca_default		# Certificate field options

-default_days	= 365			# how long to certify for

-default_crl_days= 30			# how long before next CRL

-default_md	= md5			# which md to use.

-preserve	= no			# keep passed DN ordering

-policy		= policy_anything

-[ policy_anything ]

-countryName		= optional

-stateOrProvinceName	= optional

-localityName		= optional

-organizationName	= optional

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-[ v3_ca ]

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid:always,issuer:always

-basicConstraints = CA:true,pathlen:1

-keyUsage = cRLSign, keyCertSign

-issuerAltName=issuer:copy

--- a/sys/src/ape/lib/openssl/test/CAssdh.cnf

+++ /dev/null

@@ -1,24 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# hacked by iang to do DH certs - CA

-RANDFILE              = ./.rnd

-####################################################################

-[ req ]

-distinguished_name    = req_distinguished_name

-encrypt_rsa_key               = no

-[ req_distinguished_name ]

-countryName                   = Country Name (2 letter code)

-countryName_default           = CU

-countryName_value             = CU

-organizationName              = Organization Name (eg, company)

-organizationName_value                = La Junta de la Revolucion

-commonName                    = Common Name (eg, YOUR name)

-commonName_value              = Junta

--- a/sys/src/ape/lib/openssl/test/CAssdsa.cnf

+++ /dev/null

@@ -1,23 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# hacked by iang to do DSA certs - CA

-RANDFILE              = ./.rnd

-####################################################################

-[ req ]

-distinguished_name    = req_distinguished_name

-encrypt_rsa_key               = no

-[ req_distinguished_name ]

-countryName                   = Country Name (2 letter code)

-countryName_default           = ES

-countryName_value             = ES

-organizationName              = Organization Name (eg, company)

-organizationName_value                = Hermanos Locos

-commonName                    = Common Name (eg, YOUR name)

-commonName_value              = Hermanos Locos CA

--- a/sys/src/ape/lib/openssl/test/CAssrsa.cnf

+++ /dev/null

@@ -1,24 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# create RSA certs - CA

-RANDFILE              = ./.rnd

-####################################################################

-[ req ]

-distinguished_name    = req_distinguished_name

-encrypt_key           = no

-[ req_distinguished_name ]

-countryName                   = Country Name (2 letter code)

-countryName_default           = ES

-countryName_value             = ES

-organizationName              = Organization Name (eg, company)

-organizationName_value                = Hermanos Locos

-commonName                    = Common Name (eg, YOUR name)

-commonName_value              = Hermanos Locos CA

--- a/sys/src/ape/lib/openssl/test/Makefile

+++ /dev/null

@@ -1,623 +1,0 @@

-#

-# test/Makefile

-#

-DIR=		test

-TOP=		..

-CC=		cc

-INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)

-CFLAG=		-g

-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)

-PERL=		perl

-# KRB5 stuff

-KRB5_INCLUDES=

-LIBKRB5=

-PEX_LIBS=

-EX_LIBS= #-lnsl -lsocket

-CFLAGS= $(INCLUDES) $(CFLAG)

-GENERAL=Makefile maketests.com \

-	tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \

-	tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \

-	testca.com VMSca-response.1 VMSca-response.2

-DLIBCRYPTO= ../libcrypto.a

-DLIBSSL= ../libssl.a

-LIBCRYPTO= -L.. -lcrypto

-LIBSSL= -L.. -lssl

-BNTEST=		bntest

-ECTEST=		ectest

-ECDSATEST=	ecdsatest

-ECDHTEST=	ecdhtest

-EXPTEST=	exptest

-IDEATEST=	ideatest

-SHATEST=	shatest

-SHA1TEST=	sha1test

-SHA256TEST=	sha256t

-SHA512TEST=	sha512t

-MDC2TEST=	mdc2test

-RMDTEST=	rmdtest

-MD2TEST=	md2test

-MD4TEST=	md4test

-MD5TEST=	md5test

-HMACTEST=	hmactest

-RC2TEST=	rc2test

-RC4TEST=	rc4test

-RC5TEST=	rc5test

-BFTEST=		bftest

-CASTTEST=	casttest

-DESTEST=	destest

-RANDTEST=	randtest

-DHTEST=		dhtest

-DSATEST=	dsatest

-METHTEST=	methtest

-SSLTEST=	ssltest

-RSATEST=	rsa_test

-ENGINETEST=	enginetest

-EVPTEST=	evp_test

-IGETEST=	igetest

-TESTS=		alltests

-EXE=	$(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT)  $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \

-	$(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \

-	$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \

-	$(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \

-	$(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \

-	$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \

-	$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \

-	$(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT)

-# $(METHTEST)$(EXE_EXT)

-OBJ=	$(BNTEST).o $(ECTEST).o  $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \

-	$(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \

-	$(HMACTEST).o \

-	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \

-	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \

-	$(MDC2TEST).o $(RMDTEST).o \

-	$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \

-	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \

-	$(EVPTEST).o $(IGETEST).o

-SRC=	$(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \

-	$(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \

-	$(HMACTEST).c \

-	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \

-	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \

-	$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \

-	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \

-	$(EVPTEST).c $(IGETEST).c

-EXHEADER=

-HEADER=	$(EXHEADER)

-ALL=    $(GENERAL) $(SRC) $(HEADER)

-top:

-	(cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)

-all:	exe

-exe:	$(EXE) dummytest$(EXE_EXT)

-files:

-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

-links:

-generate: $(SRC)

-$(SRC):

-	@sh $(TOP)/util/point.sh dummytest.c $@

-errors:

-install:

-tags:

-	ctags $(SRC)

-tests:	exe apps $(TESTS)

-apps:

-	@(cd ..; $(MAKE) DIRS=apps all)

-alltests: \

-	test_des test_idea test_sha test_md4 test_md5 test_hmac \

-	test_md2 test_mdc2 \

-	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \

-	test_rand test_bn test_ec test_ecdsa test_ecdh \

-	test_enc test_x509 test_rsa test_crl test_sid \

-	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \

-	test_ss test_ca test_engine test_evp test_ssl test_ige

-test_evp:

-	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt

-test_des:

-	../util/shlib_wrap.sh ./$(DESTEST)

-test_idea:

-	../util/shlib_wrap.sh ./$(IDEATEST)

-test_sha:

-	../util/shlib_wrap.sh ./$(SHATEST)

-	../util/shlib_wrap.sh ./$(SHA1TEST)

-	../util/shlib_wrap.sh ./$(SHA256TEST)

-	../util/shlib_wrap.sh ./$(SHA512TEST)

-test_mdc2:

-	../util/shlib_wrap.sh ./$(MDC2TEST)

-test_md5:

-	../util/shlib_wrap.sh ./$(MD5TEST)

-test_md4:

-	../util/shlib_wrap.sh ./$(MD4TEST)

-test_hmac:

-	../util/shlib_wrap.sh ./$(HMACTEST)

-test_md2:

-	../util/shlib_wrap.sh ./$(MD2TEST)

-test_rmd:

-	../util/shlib_wrap.sh ./$(RMDTEST)

-test_bf:

-	../util/shlib_wrap.sh ./$(BFTEST)

-test_cast:

-	../util/shlib_wrap.sh ./$(CASTTEST)

-test_rc2:

-	../util/shlib_wrap.sh ./$(RC2TEST)

-test_rc4:

-	../util/shlib_wrap.sh ./$(RC4TEST)

-test_rc5:

-	../util/shlib_wrap.sh ./$(RC5TEST)

-test_rand:

-	../util/shlib_wrap.sh ./$(RANDTEST)

-test_enc:

-	@sh ./testenc

-test_x509:

-	echo test normal x509v1 certificate

-	sh ./tx509 2>/dev/null

-	echo test first x509v3 certificate

-	sh ./tx509 v3-cert1.pem 2>/dev/null

-	echo test second x509v3 certificate

-	sh ./tx509 v3-cert2.pem 2>/dev/null

-test_rsa: $(RSATEST)$(EXE_EXT)

-	@sh ./trsa 2>/dev/null

-	../util/shlib_wrap.sh ./$(RSATEST)

-test_crl:

-	@sh ./tcrl 2>/dev/null

-test_sid:

-	@sh ./tsid 2>/dev/null

-test_req:

-	@sh ./treq 2>/dev/null

-	@sh ./treq testreq2.pem 2>/dev/null

-test_pkcs7:

-	@sh ./tpkcs7 2>/dev/null

-	@sh ./tpkcs7d 2>/dev/null

-test_bn:

-	@echo starting big number library test, could take a while...

-	@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest

-	@echo quit >>tmp.bntest

-	@echo "running bc"

-	@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'

-	@echo 'test a^b%c implementations'

-	../util/shlib_wrap.sh ./$(EXPTEST)

-test_ec:

-	@echo 'test elliptic curves'

-	../util/shlib_wrap.sh ./$(ECTEST)

-test_ecdsa:

-	@echo 'test ecdsa'

-	../util/shlib_wrap.sh ./$(ECDSATEST)

-test_ecdh:

-	@echo 'test ecdh'

-	../util/shlib_wrap.sh ./$(ECDHTEST)

-test_verify:

-	@echo "The following command should have some OK's and some failures"

-	@echo "There are definitly a few expired certificates"

-	../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem

-test_dh:

-	@echo "Generate a set of DH parameters"

-	../util/shlib_wrap.sh ./$(DHTEST)

-test_dsa:

-	@echo "Generate a set of DSA parameters"

-	../util/shlib_wrap.sh ./$(DSATEST)

-	../util/shlib_wrap.sh ./$(DSATEST) -app2_1

-test_gen:

-	@echo "Generate and verify a certificate request"

-	@sh ./testgen

-test_ss keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \

-		intP1.ss intP2.ss: testss

-	@echo "Generate and certify a test certificate"

-	@sh ./testss

-	@cat certCA.ss certU.ss > intP1.ss

-	@cat certCA.ss certU.ss certP1.ss > intP2.ss

-test_engine:

-	@echo "Manipulate the ENGINE structures"

-	../util/shlib_wrap.sh ./$(ENGINETEST)

-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \

-		intP1.ss intP2.ss

-	@echo "test SSL protocol"

-	../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist

-	@sh ./testssl keyU.ss certU.ss certCA.ss

-	@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss

-	@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss

-test_ca:

-	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \

-	  echo "skipping CA.sh test -- requires RSA"; \

-	else \

-	  echo "Generate and certify a test certificate via the 'ca' program"; \

-	  sh ./testca; \

-	fi

-test_aes: #$(AESTEST)

-#	@echo "test Rijndael"

-#	../util/shlib_wrap.sh ./$(AESTEST)

-test_ige: $(IGETEST)$(EXE_EXT)

-	@echo "Test IGE mode"

-	../util/shlib_wrap.sh ./$(IGETEST)

-lint:

-	lint -DLINT $(INCLUDES) $(SRC)>fluff

-depend:

-	@if [ -z "$(THIS)" ]; then \

-	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \

-	else \

-	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \

-	fi

-dclean:

-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

-	mv -f Makefile.new $(MAKEFILE)

-clean:

-	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log

-$(DLIBSSL):

-	(cd ..; $(MAKE) DIRS=ssl all)

-$(DLIBCRYPTO):

-	(cd ..; $(MAKE) DIRS=crypto all)

-BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \

-		shlib_target="$(SHLIB_TARGET)"; \

-	fi; \

-	LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \

-	$(MAKE) -f $(TOP)/Makefile.shared -e \

-		APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \

-		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \

-		link_app.$${shlib_target}

-$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)

-	@target=$(RSATEST); $(BUILD_CMD)

-$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)

-	@target=$(BNTEST); $(BUILD_CMD)

-$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)

-	@target=$(ECTEST); $(BUILD_CMD)

-$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)

-	@target=$(EXPTEST); $(BUILD_CMD)

-$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)

-	@target=$(IDEATEST); $(BUILD_CMD)

-$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)

-	@target=$(MD2TEST); $(BUILD_CMD)

-$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)

-	@target=$(SHATEST); $(BUILD_CMD)

-$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)

-	@target=$(SHA1TEST); $(BUILD_CMD)

-$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)

-	@target=$(SHA256TEST); $(BUILD_CMD)

-$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)

-	@target=$(SHA512TEST); $(BUILD_CMD)

-$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)

-	@target=$(RMDTEST); $(BUILD_CMD)

-$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)

-	@target=$(MDC2TEST); $(BUILD_CMD)

-$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)

-	@target=$(MD4TEST); $(BUILD_CMD)

-$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)

-	@target=$(MD5TEST); $(BUILD_CMD)

-$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)

-	@target=$(HMACTEST); $(BUILD_CMD)

-$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)

-	@target=$(RC2TEST); $(BUILD_CMD)

-$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)

-	@target=$(BFTEST); $(BUILD_CMD)

-$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)

-	@target=$(CASTTEST); $(BUILD_CMD)

-$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)

-	@target=$(RC4TEST); $(BUILD_CMD)

-$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)

-	@target=$(RC5TEST); $(BUILD_CMD)

-$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)

-	@target=$(DESTEST); $(BUILD_CMD)

-$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)

-	@target=$(RANDTEST); $(BUILD_CMD)

-$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)

-	@target=$(DHTEST); $(BUILD_CMD)

-$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)

-	@target=$(DSATEST); $(BUILD_CMD)

-$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)

-	@target=$(METHTEST); $(BUILD_CMD)

-$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)

-	@target=$(SSLTEST); $(BUILD_CMD)

-$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)

-	@target=$(ENGINETEST); $(BUILD_CMD)

-$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)

-	@target=$(EVPTEST); $(BUILD_CMD)

-$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)

-	@target=$(ECDSATEST); $(BUILD_CMD)

-$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)

-	@target=$(ECDHTEST); $(BUILD_CMD)

-$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)

-	@target=$(IGETEST); $(BUILD_CMD)

-#$(AESTEST).o: $(AESTEST).c

-#	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c

-#$(AESTEST)$(EXE_EXT): $(AESTEST).o $(DLIBCRYPTO)

-#	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \

-#	  $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \

-#	else \

-#	  $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \

-#	fi

-dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)

-	@target=dummytest$; $(BUILD_CMD)

-# DO NOT DELETE THIS LINE -- make depend depends on it.

-bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h

-bftest.o: ../include/openssl/opensslconf.h bftest.c

-bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h

-bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

-bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h

-bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h

-bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h

-bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c

-casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h

-casttest.o: ../include/openssl/opensslconf.h casttest.c

-destest.o: ../include/openssl/des.h ../include/openssl/des_old.h

-destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

-destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-destest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h destest.c

-dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h

-dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h

-dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h

-dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h

-dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c

-dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h

-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h

-dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h

-dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h

-dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-dsatest.o: ../include/openssl/symhacks.h dsatest.c

-ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h

-ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h

-ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h

-ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h

-ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c

-ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h

-ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h

-ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

-ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h

-ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h

-ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

-ecdsatest.o: ecdsatest.c

-ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h

-ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ectest.o: ../include/openssl/engine.h ../include/openssl/err.h

-ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h

-ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.c

-enginetest.o: ../include/openssl/bio.h ../include/openssl/buffer.h

-enginetest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h

-enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h

-enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-enginetest.o: ../include/openssl/symhacks.h enginetest.c

-evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h

-evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h

-evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h

-evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-evp_test.o: ../include/openssl/symhacks.h evp_test.c

-exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h

-exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h

-exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h

-exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-exptest.o: ../include/openssl/symhacks.h exptest.c

-hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h

-hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h

-hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-hmactest.o: ../include/openssl/symhacks.h hmactest.c

-ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h

-ideatest.o: ../include/openssl/opensslconf.h ideatest.c

-igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h

-igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h

-igetest.o: ../include/openssl/rand.h igetest.c

-md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h

-md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md2test.c

-md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h

-md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c

-md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h

-md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

-md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

-md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h

-md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c

-mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h

-mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

-mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-mdc2test.o: ../include/openssl/symhacks.h mdc2test.c

-randtest.o: ../e_os.h ../include/openssl/e_os2.h

-randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h

-randtest.o: ../include/openssl/rand.h randtest.c

-rc2test.o: ../e_os.h ../include/openssl/e_os2.h

-rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c

-rc4test.o: ../e_os.h ../include/openssl/e_os2.h

-rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h

-rc4test.o: ../include/openssl/sha.h rc4test.c

-rc5test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h

-rc5test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

-rc5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-rc5test.o: ../include/openssl/symhacks.h rc5test.c

-rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h

-rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h

-rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c

-rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h

-rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h

-rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h

-rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h

-rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h

-rsa_test.o: ../include/openssl/symhacks.h rsa_test.c

-sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h

-sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c

-shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h

-shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h

-shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h

-shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c

-ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

-ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h

-ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h

-ssltest.o: ../include/openssl/crypto.h ../include/openssl/dh.h

-ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h

-ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

-ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

-ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h

-ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h

-ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

-ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

-ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h

-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h

-ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h

-ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

-ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h

-ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h

-ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

-ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

-ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h

-ssltest.o: ../include/openssl/x509v3.h ssltest.c

--- a/sys/src/ape/lib/openssl/test/P1ss.cnf

+++ /dev/null

@@ -1,37 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-RANDFILE		= ./.rnd

-####################################################################

-[ req ]

-default_bits		= 512

-default_keyfile 	= keySS.pem

-distinguished_name	= req_distinguished_name

-encrypt_rsa_key		= no

-default_md		= md2

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_value		= AU

-organizationName                = Organization Name (eg, company)

-organizationName_value          = Dodgy Brothers

-0.commonName			= Common Name (eg, YOUR name)

-0.commonName_value		= Brother 1

-1.commonName			= Common Name (eg, YOUR name)

-1.commonName_value		= Brother 2

-2.commonName			= Common Name (eg, YOUR name)

-2.commonName_value		= Proxy 1

-[ v3_proxy ]

-basicConstraints=CA:FALSE

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer:always

-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB

--- a/sys/src/ape/lib/openssl/test/P2ss.cnf

+++ /dev/null

@@ -1,45 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-RANDFILE		= ./.rnd

-####################################################################

-[ req ]

-default_bits		= 512

-default_keyfile 	= keySS.pem

-distinguished_name	= req_distinguished_name

-encrypt_rsa_key		= no

-default_md		= md2

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_value		= AU

-organizationName                = Organization Name (eg, company)

-organizationName_value          = Dodgy Brothers

-0.commonName			= Common Name (eg, YOUR name)

-0.commonName_value		= Brother 1

-1.commonName			= Common Name (eg, YOUR name)

-1.commonName_value		= Brother 2

-2.commonName			= Common Name (eg, YOUR name)

-2.commonName_value		= Proxy 1

-3.commonName			= Common Name (eg, YOUR name)

-3.commonName_value		= Proxy 2

-[ v3_proxy ]

-basicConstraints=CA:FALSE

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer:always

-proxyCertInfo=critical,@proxy_ext

-[ proxy_ext ]

-language=id-ppl-anyLanguage

-pathlen=0

-policy=text:BC

--- a/sys/src/ape/lib/openssl/test/Sssdsa.cnf

+++ /dev/null

@@ -1,27 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# hacked by iang to do DSA certs - Server

-RANDFILE              = ./.rnd

-####################################################################

-[ req ]

-distinguished_name    = req_distinguished_name

-encrypt_rsa_key               = no

-[ req_distinguished_name ]

-countryName                   = Country Name (2 letter code)

-countryName_default           = ES

-countryName_value             = ES

-organizationName                = Organization Name (eg, company)

-organizationName_value          = Tortilleras S.A.

-0.commonName                  = Common Name (eg, YOUR name)

-0.commonName_value            = Torti

-1.commonName                  = Common Name (eg, YOUR name)

-1.commonName_value            = Gordita

--- a/sys/src/ape/lib/openssl/test/Sssrsa.cnf

+++ /dev/null

@@ -1,26 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-# create RSA certs - Server

-RANDFILE              = ./.rnd

-####################################################################

-[ req ]

-distinguished_name    = req_distinguished_name

-encrypt_key           = no

-[ req_distinguished_name ]

-countryName                   = Country Name (2 letter code)

-countryName_default           = ES

-countryName_value             = ES

-organizationName                = Organization Name (eg, company)

-organizationName_value          = Tortilleras S.A.

-0.commonName                  = Common Name (eg, YOUR name)

-0.commonName_value            = Torti

-1.commonName                  = Common Name (eg, YOUR name)

-1.commonName_value            = Gordita

--- a/sys/src/ape/lib/openssl/test/Uss.cnf

+++ /dev/null

@@ -1,36 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-RANDFILE		= ./.rnd

-####################################################################

-[ req ]

-default_bits		= 512

-default_keyfile 	= keySS.pem

-distinguished_name	= req_distinguished_name

-encrypt_rsa_key		= no

-default_md		= md2

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_value		= AU

-organizationName                = Organization Name (eg, company)

-organizationName_value          = Dodgy Brothers

-0.commonName			= Common Name (eg, YOUR name)

-0.commonName_value		= Brother 1

-1.commonName			= Common Name (eg, YOUR name)

-1.commonName_value		= Brother 2

-[ v3_ee ]

-subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid,issuer:always

-basicConstraints = CA:false

-keyUsage = nonRepudiation, digitalSignature, keyEncipherment

-issuerAltName=issuer:copy

--- a/sys/src/ape/lib/openssl/test/bctest

+++ /dev/null

@@ -1,111 +1,0 @@

-#!/bin/sh

-# This script is used by test/Makefile.ssl to check whether a sane 'bc'

-# is installed.

-# ('make test_bn' should not try to run 'bc' if it does not exist or if

-# it is a broken 'bc' version that is known to cause trouble.)

-#

-# If 'bc' works, we also test if it knows the 'print' command.

-#

-# In any case, output an appropriate command line for running (or not

-# running) bc.

-IFS=:

-try_without_dir=true

-# First we try "bc", then "$dir/bc" for each item in $PATH.

-for dir in dummy:$PATH; do

-    if [ "$try_without_dir" = true ]; then

-      # first iteration

-      bc=bc

-      try_without_dir=false

-    else

-      # second and later iterations

-      bc="$dir/bc"

-      if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix

-        bc=''

-      fi

-    fi

-    if [ ! "$bc" = '' ]; then

-        failure=none

-        # Test for SunOS 5.[78] bc bug

-        "$bc" >tmp.bctest <<\EOF

-obase=16

-ibase=16

-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\

-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\

-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\

-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\

-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\

-4FC3CADF855448B24A9D7640BCF473E

-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\

-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\

-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\

-3ED0E2017D60A68775B75481449

-(a/b)*b + (a%b) - a

-EOF

-        if [ 0 != "`cat tmp.bctest`" ]; then

-            failure=SunOStest

-        fi

-        if [ "$failure" = none ]; then

-            # Test for SCO bc bug.

-            "$bc" >tmp.bctest <<\EOF

-obase=16

-ibase=16

--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\

-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\

-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\

-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\

-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\

-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\

-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\

-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\

-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\

-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\

-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\

-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\

-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\

-89C8D71

-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\

-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\

-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\

-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\

-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\

-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\

-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\

-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\

-5296964

-EOF

-            if [ "0

-0" != "`cat tmp.bctest`" ]; then

-                failure=SCOtest

-            fi

-        fi

-        if [ "$failure" = none ]; then

-            # bc works; now check if it knows the 'print' command.

-            if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]

-            then

-                echo "$bc"

-            else

-                echo "sed 's/print.*//' | $bc"

-            fi

-            exit 0

-        fi

-        echo "$bc does not work properly ('$failure' failed).  Looking for another bc ..." >&2

-    fi

-done

-echo "No working bc found.  Consider installing GNU bc." >&2

-if [ "$1" = ignore ]; then

-  echo "cat >/dev/null"

-  exit 0

-fi

-exit 1

--- a/sys/src/ape/lib/openssl/test/dummytest.c

+++ /dev/null

@@ -1,48 +1,0 @@

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <ctype.h>

-#include <openssl/e_os2.h>

-#include <openssl/buffer.h>

-#include <openssl/crypto.h>

-int main(int argc, char *argv[])

-	{

-	char *p, *q = 0, *program;

-	p = strrchr(argv[0], '/');

-	if (!p) p = strrchr(argv[0], '\\');

-#ifdef OPENSSL_SYS_VMS

-	if (!p) p = strrchr(argv[0], ']');

-	if (p) q = strrchr(p, '>');

-	if (q) p = q;

-	if (!p) p = strrchr(argv[0], ':');

-	q = 0;

-#endif

-	if (p) p++;

-	if (!p) p = argv[0];

-	if (p) q = strchr(p, '.');

-	if (p && !q) q = p + strlen(p);

-	if (!p)

-		program = BUF_strdup("(unknown)");

-	else

-		{

-		program = OPENSSL_malloc((q - p) + 1);

-		strncpy(program, p, q - p);

-		program[q - p] = '\0';

-		}

-	for(p = program; *p; p++)

-		if (islower((unsigned char)(*p)))

-			*p = toupper((unsigned char)(*p));

-	q = strstr(program, "TEST");

-	if (q > p && q[-1] == '_') q--;

-	*q = '\0';

-	printf("No %s support\n", program);

-	OPENSSL_free(program);

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/test/evptests.txt

+++ /dev/null

@@ -1,321 +1,0 @@

-#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)

-#digest:::input:output

-# SHA(1) tests (from shatest.c)

-SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d

-# MD5 tests (from md5test.c)

-MD5::::d41d8cd98f00b204e9800998ecf8427e

-MD5:::61:0cc175b9c0f1b6a831c399e269772661

-MD5:::616263:900150983cd24fb0d6963f7d28e17f72

-MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0

-MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b

-MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f

-MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a

-# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)

-AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1

-# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)

-AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1

-# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)

-AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1

-# AES 128 ECB tests (from NIST test vectors, encrypt)

-#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1

-# AES 128 ECB tests (from NIST test vectors, decrypt)

-#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0

-# AES 192 ECB tests (from NIST test vectors, decrypt)

-#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0

-# AES 256 ECB tests (from NIST test vectors, decrypt)

-#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0

-# AES 128 CBC tests (from NIST test vectors, encrypt)

-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1

-# AES 192 CBC tests (from NIST test vectors, encrypt)

-#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1

-# AES 256 CBC tests (from NIST test vectors, encrypt)

-#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1

-# AES 128 CBC tests (from NIST test vectors, decrypt)

-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0

-# AES tests from NIST document SP800-38A

-# For all ECB encrypts and decrypts, the transformed sequence is

-#   AES-bits-ECB:key::plaintext:ciphertext:encdec

-# ECB-AES128.Encrypt and ECB-AES128.Decrypt

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688

-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4

-# ECB-AES192.Encrypt and ECB-AES192.Decrypt

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E

-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E

-# ECB-AES256.Encrypt and ECB-AES256.Decrypt

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D

-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7

-# For all CBC encrypts and decrypts, the transformed sequence is

-#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CBC-AES128.Encrypt and CBC-AES128.Decrypt

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516

-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7

-# CBC-AES192.Encrypt and CBC-AES192.Decrypt

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0

-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD

-# CBC-AES256.Encrypt and CBC-AES256.Decrypt

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461

-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B

-# We don't support CFB{1,8}-AESxxx.{En,De}crypt

-# For all CFB128 encrypts and decrypts, the transformed sequence is

-#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CFB128-AES128.Encrypt

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1

-# CFB128-AES128.Decrypt

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0

-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0

-# CFB128-AES192.Encrypt

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1

-# CFB128-AES192.Decrypt

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0

-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0

-# CFB128-AES256.Encrypt

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1

-# CFB128-AES256.Decrypt

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0

-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0

-# For all OFB encrypts and decrypts, the transformed sequence is

-#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec

-# OFB-AES128.Encrypt

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1

-# OFB-AES128.Decrypt

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0

-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0

-# OFB-AES192.Encrypt

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1

-# OFB-AES192.Decrypt

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0

-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0

-# OFB-AES256.Encrypt

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1

-# OFB-AES256.Decrypt

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0

-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0

-# DES ECB tests (from destest)

-DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7

-DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58

-DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B

-DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533

-DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D

-DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD

-DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4

-# DESX-CBC tests (from destest)

-DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4

-# DES EDE3 CBC tests (from destest)

-DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675

-# RC4 tests (from rc4test)

-RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596

-RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879

-RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a

-RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858

-RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf

-RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61

-# Camellia tests from RFC3713

-# For all ECB encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec

-CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43

-CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9

-CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509

-# ECB-CAMELLIA128.Encrypt

-CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1

-CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1

-CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1

-# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636

-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A

-# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366

-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26

-# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28

-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B

-# For all CBC encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54

-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980

-# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449

-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08

-# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83

-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F

-# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt

-# For all CFB128 encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec

-# CFB128-CAMELLIA128.Encrypt

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1

-# CFB128-CAMELLIA128.Decrypt

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0

-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0

-# CFB128-CAMELLIA192.Encrypt

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1

-# CFB128-CAMELLIA192.Decrypt

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0

-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0

-# CFB128-CAMELLIA256.Encrypt

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1

-# CFB128-CAMELLIA256.Decrypt

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0

-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0

-# For all OFB encrypts and decrypts, the transformed sequence is

-#   CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec

-# OFB-CAMELLIA128.Encrypt

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1

-# OFB-CAMELLIA128.Decrypt

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0

-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0

-# OFB-CAMELLIA192.Encrypt

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1

-# OFB-CAMELLIA192.Decrypt

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0

-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0

-# OFB-CAMELLIA256.Encrypt

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1

-# OFB-CAMELLIA256.Decrypt

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0

-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0

-# SEED test vectors from RFC4269

-SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0

-SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0

-SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0

-SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0

-SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1

-SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1

-SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1

-SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1

--- a/sys/src/ape/lib/openssl/test/igetest.c

+++ /dev/null

@@ -1,503 +1,0 @@

-/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */

-/* ====================================================================

- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- *    notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in

- *    the documentation and/or other materials provided with the

- *    distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- *    software must display the following acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- *    endorse or promote products derived from this software without

- *    prior written permission. For written permission, please contact

- *    [email protected].

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- *    nor may "OpenSSL" appear in their names without prior written

- *    permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- *    acknowledgment:

- *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include <openssl/aes.h>

-#include <openssl/rand.h>

-#include <stdio.h>

-#include <string.h>

-#include <assert.h>

-#define TEST_SIZE	128

-#define BIG_TEST_SIZE 10240

-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)

-    {

-    int n=0;

-    fprintf(f,"%s",title);

-    for( ; n < l ; ++n)

-		{

-		if((n%16) == 0)

-			fprintf(f,"\n%04x",n);

-		fprintf(f," %02x",s[n]);

-		}

-    fprintf(f,"\n");

-    }

-#define MAX_VECTOR_SIZE	64

-struct ige_test

-	{

-	const unsigned char key[16];

-	const unsigned char iv[32];

-	const unsigned char in[MAX_VECTOR_SIZE];

-	const unsigned char out[MAX_VECTOR_SIZE];

-	const size_t length;

-	const int encrypt;

-	};

-static struct ige_test const ige_test_vectors[] = {

-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */

-  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */

-  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */

-  { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,

-    0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,

-    0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,

-    0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */

-  32, AES_ENCRYPT }, /* test vector 0 */

-{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,

-    0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */

-  { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,

-    0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,

-    0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,

-    0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */

-  { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,

-    0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,

-    0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,

-    0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */

-  { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,

-    0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,

-    0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,

-    0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */

-  32, AES_DECRYPT }, /* test vector 1 */

-};

-struct bi_ige_test

-	{

-	const unsigned char key1[32];

-	const unsigned char key2[32];

-	const unsigned char iv[64];

-	const unsigned char in[MAX_VECTOR_SIZE];

-	const unsigned char out[MAX_VECTOR_SIZE];

-	const size_t keysize;

-	const size_t length;

-	const int encrypt;

-	};

-static struct bi_ige_test const bi_ige_test_vectors[] = {

-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */

-  { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */

-  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

-    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

-    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

-    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */

-  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */

-  { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,

-	0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,

-	0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,

-	0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */

-  16, 32, AES_ENCRYPT }, /* test vector 0 */

-{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,

-	0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,

-	0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,

-	0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */

-  { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,

-	0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,

-	0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,

-	0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */

-  { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,

-	0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,

-	0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,

-	0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,

-	0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,

-	0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,

-	0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,

-	0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */

-  { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,

-	0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,

-	0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,

-	0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,

-	0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,

-	0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,

-	0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,

-	0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */

-  { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,

-	0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,

-	0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,

-	0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,

-	0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,

-	0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,

-	0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,

-	0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */

-  32, 64, AES_ENCRYPT }, /* test vector 1 */

-};

-static int run_test_vectors(void)

-	{

-	int n;

-	int errs = 0;

-	for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)

-		{

-		const struct ige_test * const v = &ige_test_vectors[n];

-		AES_KEY key;

-		unsigned char buf[MAX_VECTOR_SIZE];

-		unsigned char iv[AES_BLOCK_SIZE*2];

-		assert(v->length <= MAX_VECTOR_SIZE);

-		if(v->encrypt == AES_ENCRYPT)

-			AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);

-		else

-			AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);

-		memcpy(iv, v->iv, sizeof iv);

-		AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);

-		if(memcmp(v->out, buf, v->length))

-			{

-			printf("IGE test vector %d failed\n", n);

-			hexdump(stdout, "key", v->key, sizeof v->key);

-			hexdump(stdout, "iv", v->iv, sizeof v->iv);

-			hexdump(stdout, "in", v->in, v->length);

-			hexdump(stdout, "expected", v->out, v->length);

-			hexdump(stdout, "got", buf, v->length);

-			++errs;

-			}

-		/* try with in == out */

-		memcpy(iv, v->iv, sizeof iv);

-		memcpy(buf, v->in, v->length);

-		AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);

-		if(memcmp(v->out, buf, v->length))

-			{

-			printf("IGE test vector %d failed (with in == out)\n", n);

-			hexdump(stdout, "key", v->key, sizeof v->key);

-			hexdump(stdout, "iv", v->iv, sizeof v->iv);

-			hexdump(stdout, "in", v->in, v->length);

-			hexdump(stdout, "expected", v->out, v->length);

-			hexdump(stdout, "got", buf, v->length);

-			++errs;

-			}

-		}

-	for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])

-			; ++n)

-		{

-		const struct bi_ige_test * const v = &bi_ige_test_vectors[n];

-		AES_KEY key1;

-		AES_KEY key2;

-		unsigned char buf[MAX_VECTOR_SIZE];

-		assert(v->length <= MAX_VECTOR_SIZE);

-		if(v->encrypt == AES_ENCRYPT)

-			{

-			AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);

-			AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);

-			}

-		else

-			{

-			AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);

-			AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);

-			}

-		AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,

-						   v->encrypt);

-		if(memcmp(v->out, buf, v->length))

-			{

-			printf("Bidirectional IGE test vector %d failed\n", n);

-			hexdump(stdout, "key 1", v->key1, sizeof v->key1);

-			hexdump(stdout, "key 2", v->key2, sizeof v->key2);

-			hexdump(stdout, "iv", v->iv, sizeof v->iv);

-			hexdump(stdout, "in", v->in, v->length);

-			hexdump(stdout, "expected", v->out, v->length);

-			hexdump(stdout, "got", buf, v->length);

-			++errs;

-			}

-		}

-	return errs;

-	}

-int main(int argc, char **argv)

-	{

-	unsigned char rkey[16];

-	unsigned char rkey2[16];

-	AES_KEY key;

-	AES_KEY key2;

-	unsigned char plaintext[BIG_TEST_SIZE];

-	unsigned char ciphertext[BIG_TEST_SIZE];

-	unsigned char checktext[BIG_TEST_SIZE];

-	unsigned char iv[AES_BLOCK_SIZE*4];

-	unsigned char saved_iv[AES_BLOCK_SIZE*4];

-	int err = 0;

-	int n;

-	unsigned matches;

-	assert(BIG_TEST_SIZE >= TEST_SIZE);

-	RAND_pseudo_bytes(rkey, sizeof rkey);

-	RAND_pseudo_bytes(plaintext, sizeof plaintext);

-	RAND_pseudo_bytes(iv, sizeof iv);

-	memcpy(saved_iv, iv, sizeof saved_iv);

-	/* Forward IGE only... */

-	/* Straight encrypt/decrypt */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,

-					AES_ENCRYPT);

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,

-					AES_DECRYPT);

-	if(memcmp(checktext, plaintext, TEST_SIZE))

-		{

-		printf("Encrypt+decrypt doesn't match\n");

-		hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);

-		hexdump(stdout, "Checktext", checktext, TEST_SIZE);

-		++err;

-		}

-	/* Now check encrypt chaining works */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,

-					AES_ENCRYPT);

-	AES_ige_encrypt(plaintext+TEST_SIZE/2,

-					ciphertext+TEST_SIZE/2, TEST_SIZE/2,

-					&key, iv, AES_ENCRYPT);

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,

-					AES_DECRYPT);

-	if(memcmp(checktext, plaintext, TEST_SIZE))

-		{

-		printf("Chained encrypt+decrypt doesn't match\n");

-		hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);

-		hexdump(stdout, "Checktext", checktext, TEST_SIZE);

-		++err;

-		}

-	/* And check decrypt chaining */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,

-					AES_ENCRYPT);

-	AES_ige_encrypt(plaintext+TEST_SIZE/2,

-					ciphertext+TEST_SIZE/2, TEST_SIZE/2,

-					&key, iv, AES_ENCRYPT);

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,

-					AES_DECRYPT);

-	AES_ige_encrypt(ciphertext+TEST_SIZE/2,

-					checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,

-					AES_DECRYPT);

-	if(memcmp(checktext, plaintext, TEST_SIZE))

-		{

-		printf("Chained encrypt+chained decrypt doesn't match\n");

-		hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);

-		hexdump(stdout, "Checktext", checktext, TEST_SIZE);

-		++err;

-		}

-	/* make sure garble extends forwards only */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,

-					AES_ENCRYPT);

-	/* corrupt halfway through */

-	++ciphertext[sizeof ciphertext/2];

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	memcpy(iv, saved_iv, sizeof iv);

-	AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,

-					AES_DECRYPT);

-	matches=0;

-	for(n=0 ; n < sizeof checktext ; ++n)

-		if(checktext[n] == plaintext[n])

-			++matches;

-	if(matches > sizeof checktext/2+sizeof checktext/100)

-		{

-		printf("More than 51%% matches after garbling\n");

-		++err;

-		}

-	if(matches < sizeof checktext/2)

-		{

-		printf("Garble extends backwards!\n");

-		++err;

-		}

-	/* Bi-directional IGE */

-	/* Note that we don't have to recover the IV, because chaining isn't */

-	/* possible with biIGE, so the IV is not updated. */

-	RAND_pseudo_bytes(rkey2, sizeof rkey2);

-	/* Straight encrypt/decrypt */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,

-					   AES_ENCRYPT);

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,

-					   AES_DECRYPT);

-	if(memcmp(checktext, plaintext, TEST_SIZE))

-		{

-		printf("Encrypt+decrypt doesn't match\n");

-		hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);

-		hexdump(stdout, "Checktext", checktext, TEST_SIZE);

-		++err;

-		}

-	/* make sure garble extends both ways */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,

-					AES_ENCRYPT);

-	/* corrupt halfway through */

-	++ciphertext[sizeof ciphertext/2];

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,

-					AES_DECRYPT);

-	matches=0;

-	for(n=0 ; n < sizeof checktext ; ++n)

-		if(checktext[n] == plaintext[n])

-			++matches;

-	if(matches > sizeof checktext/100)

-		{

-		printf("More than 1%% matches after bidirectional garbling\n");

-		++err;

-		}

-	/* make sure garble extends both ways (2) */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,

-					AES_ENCRYPT);

-	/* corrupt right at the end */

-	++ciphertext[sizeof ciphertext-1];

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,

-					AES_DECRYPT);

-	matches=0;

-	for(n=0 ; n < sizeof checktext ; ++n)

-		if(checktext[n] == plaintext[n])

-			++matches;

-	if(matches > sizeof checktext/100)

-		{

-		printf("More than 1%% matches after bidirectional garbling (2)\n");

-		++err;

-		}

-	/* make sure garble extends both ways (3) */

-	AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,

-					AES_ENCRYPT);

-	/* corrupt right at the start */

-	++ciphertext[0];

-	AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);

-	AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);

-	AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,

-					AES_DECRYPT);

-	matches=0;

-	for(n=0 ; n < sizeof checktext ; ++n)

-		if(checktext[n] == plaintext[n])

-			++matches;

-	if(matches > sizeof checktext/100)

-		{

-		printf("More than 1%% matches after bidirectional garbling (3)\n");

-		++err;

-		}

-	err += run_test_vectors();

-	return err;

-	}

--- a/sys/src/ape/lib/openssl/test/methtest.c

+++ /dev/null

@@ -1,105 +1,0 @@

-/* test/methtest.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

-#include <stdio.h>

-#include <stdlib.h>

-#include <openssl/rsa.h>

-#include <openssl/x509.h>

-#include "meth.h"

-#include <openssl/err.h>

-int main(argc,argv)

-int argc;

-char *argv[];

-	{

-	METHOD_CTX *top,*tmp1,*tmp2;

-	top=METH_new(x509_lookup()); /* get a top level context */

-	if (top == NULL) goto err;

-	tmp1=METH_new(x509_by_file());

-	if (top == NULL) goto err;

-	METH_arg(tmp1,METH_TYPE_FILE,"cafile1");

-	METH_arg(tmp1,METH_TYPE_FILE,"cafile2");

-	METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);

-	tmp2=METH_new(x509_by_dir());

-	METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");

-	METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");

-	METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");

-	METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);

-/*	tmp=METH_new(x509_by_issuer_dir);

-	METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");

-	METH_push(top,METH_X509_BY_ISSUER,tmp);

-	tmp=METH_new(x509_by_issuer_primary);

-	METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");

-	METH_push(top,METH_X509_BY_ISSUER,tmp);

-*/

-	METH_init(top);

-	METH_control(tmp1,METH_CONTROL_DUMP,stdout);

-	METH_control(tmp2,METH_CONTROL_DUMP,stdout);

-	EXIT(0);

-err:

-	ERR_load_crypto_strings();

-	ERR_print_errors_fp(stderr);

-	EXIT(1);

-	return(0);

-	}

--- a/sys/src/ape/lib/openssl/test/pkcs7-1.pem

+++ /dev/null

@@ -1,15 +1,0 @@

------BEGIN PKCS7-----

-MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG

-SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE

-AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF

-eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4

-MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv

-bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK

-ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB

-FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N

-9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8

-BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w

-bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB

-BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C

-j7Kie1x339mxW/w9VZNTUDQQweHh

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/test/pkcs7.pem

+++ /dev/null

@@ -1,54 +1,0 @@

-     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg

-     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH

-     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl

-     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw

-     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0

-     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh

-     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh

-     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE

-     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl

-     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G

-     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK

-     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0

-     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC

-     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg

-     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1

-     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj

-     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0

-     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx

-     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu

-     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU

-     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln

-     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT

-     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB

-     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t

-     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL

-     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF

-     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7

-     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR

-     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT

-     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp

-     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1

-     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu

-     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz

-     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv

-     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy

-     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb

-     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG

-     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA

-     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7

-     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4

-     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq

-     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp

-     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk

-     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ

-     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30

-     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW

-     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow

-     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W

-     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD

-     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw

-     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK

-     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/

-     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP

-     b+xSu/jH0gAAMYAAAAAAAAAAAA==

--- a/sys/src/ape/lib/openssl/test/r160test.c

+++ /dev/null

@@ -1,57 +1,0 @@

-/* test/r160test.c */

-/* Copyright (C) 1995-1998 Eric Young ([email protected])

- * All rights reserved.

- *

- * This package is an SSL implementation written

- * by Eric Young ([email protected]).

- * The implementation was written so as to conform with Netscapes SSL.

- *

- * This library is free for commercial and non-commercial use as long as

- * the following conditions are aheared to.  The following conditions

- * apply to all code found in this distribution, be it the RC4, RSA,

- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

- * included with this distribution is covered by the same copyright terms

- * except that the holder is Tim Hudson ([email protected]).

- *

- * Copyright remains Eric Young's, and as such any Copyright notices in

- * the code are not to be removed.

- * If this package is used in a product, Eric Young should be given attribution

- * as the author of the parts of the library used.

- * This can be in the form of a textual message at program startup or

- * in documentation (online or textual) provided with the package.

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the copyright

- *    notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- *    notice, this list of conditions and the following disclaimer in the

- *    documentation and/or other materials provided with the distribution.

- * 3. All advertising materials mentioning features or use of this software

- *    must display the following acknowledgement:

- *    "This product includes cryptographic software written by

- *     Eric Young ([email protected])"

- *    The word 'cryptographic' can be left out if the rouines from the library

- *    being used are not cryptographic related :-).

- * 4. If you include any Windows specific code (or a derivative thereof) from

- *    the apps directory (application code) you must include an acknowledgement:

- *    "This product includes software written by Tim Hudson ([email protected])"

- *

- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

- *

- * The licence and distribution terms for any publically available version or

- * derivative of this code cannot be changed.  i.e. this code cannot simply be

- * copied and put under another distribution licence

- * [including the GNU Public Licence.]

- */

--- a/sys/src/ape/lib/openssl/test/tcrl

+++ /dev/null

@@ -1,78 +1,0 @@

-#!/bin/sh

-cmd='../util/shlib_wrap.sh ../apps/openssl crl'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=testcrl.pem

-fi

-echo testing crl conversions

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in fff.p -inform p -outform t >f.t

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> d"

-#$cmd -in f.t -inform t -outform d >ff.d2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-#echo "d -> t"

-#$cmd -in f.d -inform d -outform t >ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#echo "t -> t"

-#$cmd -in f.t -inform t -outform t >ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in f.p -inform p -outform t >ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> p"

-#$cmd -in f.t -inform t -outform p >ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p f.p

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp fff.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/test.cnf

+++ /dev/null

@@ -1,88 +1,0 @@

-#

-# SSLeay example configuration file.

-# This is mostly being used for generation of certificate requests.

-#

-RANDFILE		= ./.rnd

-####################################################################

-[ ca ]

-default_ca	= CA_default		# The default ca section

-####################################################################

-[ CA_default ]

-dir		= ./demoCA		# Where everything is kept

-certs		= $dir/certs		# Where the issued certs are kept

-crl_dir		= $dir/crl		# Where the issued crl are kept

-database	= $dir/index.txt	# database index file.

-new_certs_dir	= $dir/new_certs	# default place for new certs.

-certificate	= $dir/CAcert.pem 	# The CA certificate

-serial		= $dir/serial 		# The current serial number

-crl		= $dir/crl.pem 		# The current CRL

-private_key	= $dir/private/CAkey.pem# The private key

-RANDFILE	= $dir/private/.rand	# private random number file

-default_days	= 365			# how long to certify for

-default_crl_days= 30			# how long before next CRL

-default_md	= md5			# which md to use.

-# A few difference way of specifying how similar the request should look

-# For type CA, the listed attributes must be the same, and the optional

-# and supplied fields are just that :-)

-policy		= policy_match

-# For the CA policy

-[ policy_match ]

-countryName		= match

-stateOrProvinceName	= match

-organizationName	= match

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-# For the 'anything' policy

-# At this point in time, you must list all acceptable 'object'

-# types.

-[ policy_anything ]

-countryName		= optional

-stateOrProvinceName	= optional

-localityName		= optional

-organizationName	= optional

-organizationalUnitName	= optional

-commonName		= supplied

-emailAddress		= optional

-####################################################################

-[ req ]

-default_bits		= 512

-default_keyfile 	= testkey.pem

-distinguished_name	= req_distinguished_name

-encrypt_rsa_key		= no

-[ req_distinguished_name ]

-countryName			= Country Name (2 letter code)

-countryName_default		= AU

-countryName_value		= AU

-stateOrProvinceName		= State or Province Name (full name)

-stateOrProvinceName_default	= Queensland

-stateOrProvinceName_value	=

-localityName			= Locality Name (eg, city)

-localityName_value		= Brisbane

-organizationName		= Organization Name (eg, company)

-organizationName_default	=

-organizationName_value		= CryptSoft Pty Ltd

-organizationalUnitName		= Organizational Unit Name (eg, section)

-organizationalUnitName_default	=

-organizationalUnitName_value	= .

-commonName			= Common Name (eg, YOUR name)

-commonName_value		= Eric Young

-emailAddress			= Email Address

-emailAddress_value		= [email protected]

--- a/sys/src/ape/lib/openssl/test/testca

+++ /dev/null

@@ -1,51 +1,0 @@

-#!/bin/sh

-SH="/bin/sh"

-if test "$OSTYPE" = msdosdjgpp; then

-    PATH="../apps\;$PATH"

-else

-    PATH="../apps:$PATH"

-fi

-export SH PATH

-SSLEAY_CONFIG="-config CAss.cnf"

-export SSLEAY_CONFIG

-OPENSSL="`pwd`/../util/opensslwrap.sh"

-export OPENSSL

-/bin/rm -fr demoCA

-$SH ../apps/CA.sh -newca <<EOF

-EOF

-if [ $? != 0 ]; then

-	exit 1;

-fi

-SSLEAY_CONFIG="-config Uss.cnf"

-export SSLEAY_CONFIG

-$SH ../apps/CA.sh -newreq

-if [ $? != 0 ]; then

-	exit 1;

-fi

-SSLEAY_CONFIG="-config ../apps/openssl.cnf"

-export SSLEAY_CONFIG

-$SH ../apps/CA.sh -sign  <<EOF

-y

-y

-EOF

-if [ $? != 0 ]; then

-	exit 1;

-fi

-$SH ../apps/CA.sh -verify newcert.pem

-if [ $? != 0 ]; then

-	exit 1;

-fi

-/bin/rm -fr demoCA newcert.pem newreq.pem

-#usage: CA -newcert|-newreq|-newca|-sign|-verify

--- a/sys/src/ape/lib/openssl/test/testcrl.pem

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN X509 CRL-----

-MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT

-F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy

-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw

-MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw

-MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw

-MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw

-MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw

-MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw

-MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw

-NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw

-NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF

-AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ

-wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt

-JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v

------END X509 CRL-----

--- a/sys/src/ape/lib/openssl/test/testenc

+++ /dev/null

@@ -1,54 +1,0 @@

-#!/bin/sh

-testsrc=Makefile

-test=./p

-cmd="../util/shlib_wrap.sh ../apps/openssl"

-cat $testsrc >$test;

-echo cat

-$cmd enc < $test > $test.cipher

-$cmd enc < $test.cipher >$test.clear

-cmp $test $test.clear

-if [ $? != 0 ]

-then

-	exit 1

-else

-	/bin/rm $test.cipher $test.clear

-fi

-echo base64

-$cmd enc -a -e < $test > $test.cipher

-$cmd enc -a -d < $test.cipher >$test.clear

-cmp $test $test.clear

-if [ $? != 0 ]

-then

-	exit 1

-else

-	/bin/rm $test.cipher $test.clear

-fi

-for i in `$cmd list-cipher-commands`

-do

-	echo $i

-	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher

-	$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear

-	cmp $test $test.$i.clear

-	if [ $? != 0 ]

-	then

-		exit 1

-	else

-		/bin/rm $test.$i.cipher $test.$i.clear

-	fi

-	echo $i base64

-	$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher

-	$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear

-	cmp $test $test.$i.clear

-	if [ $? != 0 ]

-	then

-		exit 1

-	else

-		/bin/rm $test.$i.cipher $test.$i.clear

-	fi

-done

-rm -f $test

--- a/sys/src/ape/lib/openssl/test/testgen

+++ /dev/null

@@ -1,44 +1,0 @@

-#!/bin/sh

-T=testcert

-KEY=512

-CA=../certs/testca.pem

-/bin/rm -f $T.1 $T.2 $T.key

-if test "$OSTYPE" = msdosdjgpp; then

-    PATH=../apps\;$PATH;

-else

-    PATH=../apps:$PATH;

-fi

-export PATH

-echo "generating certificate request"

-echo "string to make the random number generator think it has entropy" >> ./.rnd

-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

-  req_new='-newkey dsa:../apps/dsa512.pem'

-else

-  req_new='-new'

-  echo "There should be a 2 sequences of .'s and some +'s."

-  echo "There should not be more that at most 80 per line"

-fi

-echo "This could take some time."

-rm -f testkey.pem testreq.pem

-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem

-if [ $? != 0 ]; then

-echo problems creating request

-exit 1

-fi

-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout

-if [ $? != 0 ]; then

-echo signature on req is wrong

-exit 1

-fi

-exit 0

--- a/sys/src/ape/lib/openssl/test/testp7.pem

+++ /dev/null

@@ -1,46 +1,0 @@

------BEGIN PKCS7-----

-MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE

-cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw

-DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV

-BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw

-HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50

-ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln

-biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E

-aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy

-aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M

-VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq

-UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC

-AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR

-BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0

-ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0

-IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l

-bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t

-L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t

-OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s

-IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04

-ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0

-cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ

-QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC

-MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu

-AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr

-cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC

-AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT

-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD

-QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu

-dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp

-Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3

-DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES

-TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE

-AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD

-2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU

-47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT

-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD

-QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB

-AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl

-ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE

-BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW

-ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3

-MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW

-sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9

-XfZsaiiIgotQHjEA

------END PKCS7-----

--- a/sys/src/ape/lib/openssl/test/testreq2.pem

+++ /dev/null

@@ -1,7 +1,0 @@

------BEGIN CERTIFICATE REQUEST-----

-MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC

-QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG

-DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq

-hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi

-gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=

------END CERTIFICATE REQUEST-----

--- a/sys/src/ape/lib/openssl/test/testrsa.pem

+++ /dev/null

@@ -1,9 +1,0 @@

------BEGIN RSA PRIVATE KEY-----

-MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I

-Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R

-rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy

-oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S

-mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz

-rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA

-mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=

------END RSA PRIVATE KEY-----

--- a/sys/src/ape/lib/openssl/test/testsid.pem

+++ /dev/null

@@ -1,12 +1,0 @@

------BEGIN SSL SESSION PARAMETERS-----

-MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV

-bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw

-ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz

-YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG

-A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk

-LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G

-CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD

-TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI

-hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L

-CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0

------END SSL SESSION PARAMETERS-----

--- a/sys/src/ape/lib/openssl/test/testss

+++ /dev/null

@@ -1,163 +1,0 @@

-#!/bin/sh

-digest='-sha1'

-reqcmd="../util/shlib_wrap.sh ../apps/openssl req"

-x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"

-verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"

-dummycnf="../apps/openssl.cnf"

-CAkey="keyCA.ss"

-CAcert="certCA.ss"

-CAreq="reqCA.ss"

-CAconf="CAss.cnf"

-CAreq2="req2CA.ss"	# temp

-Uconf="Uss.cnf"

-Ukey="keyU.ss"

-Ureq="reqU.ss"

-Ucert="certU.ss"

-P1conf="P1ss.cnf"

-P1key="keyP1.ss"

-P1req="reqP1.ss"

-P1cert="certP1.ss"

-P1intermediate="tmp_intP1.ss"

-P2conf="P2ss.cnf"

-P2key="keyP2.ss"

-P2req="reqP2.ss"

-P2cert="certP2.ss"

-P2intermediate="tmp_intP2.ss"

-echo

-echo "make a certificate request using 'req'"

-echo "string to make the random number generator think it has entropy" >> ./.rnd

-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

-  req_new='-newkey dsa:../apps/dsa512.pem'

-else

-  req_new='-new'

-fi

-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss

-if [ $? != 0 ]; then

-	echo "error using 'req' to generate a certificate request"

-	exit 1

-fi

-echo

-echo "convert the certificate request into a self signed certificate using 'x509'"

-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'x509' to self sign a certificate request"

-	exit 1

-fi

-echo

-echo "convert a certificate into a certificate request using 'x509'"

-$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'x509' convert a certificate to a certificate request"

-	exit 1

-fi

-$reqcmd -config $dummycnf -verify -in $CAreq -noout

-if [ $? != 0 ]; then

-	echo first generated request is invalid

-	exit 1

-fi

-$reqcmd -config $dummycnf -verify -in $CAreq2 -noout

-if [ $? != 0 ]; then

-	echo second generated request is invalid

-	exit 1

-fi

-$verifycmd -CAfile $CAcert $CAcert

-if [ $? != 0 ]; then

-	echo first generated cert is invalid

-	exit 1

-fi

-echo

-echo "make a user certificate request using 'req'"

-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'req' to generate a user certificate request"

-	exit 1

-fi

-echo

-echo "sign user certificate request with the just created CA via 'x509'"

-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'x509' to sign a user certificate request"

-	exit 1

-fi

-$verifycmd -CAfile $CAcert $Ucert

-echo

-echo "Certificate details"

-$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert

-echo

-echo "make a proxy certificate request using 'req'"

-$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'req' to generate a proxy certificate request"

-	exit 1

-fi

-echo

-echo "sign proxy certificate request with the just created user certificate via 'x509'"

-$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'x509' to sign a proxy certificate request"

-	exit 1

-fi

-cat $Ucert > $P1intermediate

-$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert

-echo

-echo "Certificate details"

-$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert

-echo

-echo "make another proxy certificate request using 'req'"

-$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'req' to generate another proxy certificate request"

-	exit 1

-fi

-echo

-echo "sign second proxy certificate request with the first proxy certificate via 'x509'"

-$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss

-if [ $? != 0 ]; then

-	echo "error using 'x509' to sign a second proxy certificate request"

-	exit 1

-fi

-cat $Ucert $P1cert > $P2intermediate

-$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert

-echo

-echo "Certificate details"

-$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert

-echo

-echo The generated CA certificate is $CAcert

-echo The generated CA private key is $CAkey

-echo The generated user certificate is $Ucert

-echo The generated user private key is $Ukey

-echo The first generated proxy certificate is $P1cert

-echo The first generated proxy private key is $P1key

-echo The second generated proxy certificate is $P2cert

-echo The second generated proxy private key is $P2key

-/bin/rm err.ss

-#/bin/rm $P1intermediate

-#/bin/rm $P2intermediate

-exit 0

--- a/sys/src/ape/lib/openssl/test/testssl

+++ /dev/null

@@ -1,145 +1,0 @@

-#!/bin/sh

-if [ "$1" = "" ]; then

-  key=../apps/server.pem

-else

-  key="$1"

-fi

-if [ "$2" = "" ]; then

-  cert=../apps/server.pem

-else

-  cert="$2"

-fi

-ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"

-if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then

-  dsa_cert=YES

-else

-  dsa_cert=NO

-fi

-if [ "$3" = "" ]; then

-  CA="-CApath ../certs"

-else

-  CA="-CAfile $3"

-fi

-if [ "$4" = "" ]; then

-  extra=""

-else

-  extra="$4"

-fi

-#############################################################################

-echo test sslv2

-$ssltest -ssl2 $extra || exit 1

-echo test sslv2 with server authentication

-$ssltest -ssl2 -server_auth $CA $extra || exit 1

-if [ $dsa_cert = NO ]; then

-  echo test sslv2 with client authentication

-  $ssltest -ssl2 -client_auth $CA $extra || exit 1

-  echo test sslv2 with both client and server authentication

-  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1

-fi

-echo test sslv3

-$ssltest -ssl3 $extra || exit 1

-echo test sslv3 with server authentication

-$ssltest -ssl3 -server_auth $CA $extra || exit 1

-echo test sslv3 with client authentication

-$ssltest -ssl3 -client_auth $CA $extra || exit 1

-echo test sslv3 with both client and server authentication

-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1

-echo test sslv2/sslv3

-$ssltest $extra || exit 1

-echo test sslv2/sslv3 with server authentication

-$ssltest -server_auth $CA $extra || exit 1

-echo test sslv2/sslv3 with client authentication

-$ssltest -client_auth $CA $extra || exit 1

-echo test sslv2/sslv3 with both client and server authentication

-$ssltest -server_auth -client_auth $CA $extra || exit 1

-echo test sslv2 via BIO pair

-$ssltest -bio_pair -ssl2 $extra || exit 1

-echo test sslv2 with server authentication via BIO pair

-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1

-if [ $dsa_cert = NO ]; then

-  echo test sslv2 with client authentication via BIO pair

-  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1

-  echo test sslv2 with both client and server authentication via BIO pair

-  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1

-fi

-echo test sslv3 via BIO pair

-$ssltest -bio_pair -ssl3 $extra || exit 1

-echo test sslv3 with server authentication via BIO pair

-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1

-echo test sslv3 with client authentication via BIO pair

-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1

-echo test sslv3 with both client and server authentication via BIO pair

-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1

-echo test sslv2/sslv3 via BIO pair

-$ssltest $extra || exit 1

-if [ $dsa_cert = NO ]; then

-  echo test sslv2/sslv3 w/o DHE via BIO pair

-  $ssltest -bio_pair -no_dhe $extra || exit 1

-fi

-echo test sslv2/sslv3 with 1024bit DHE via BIO pair

-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

-echo test sslv2/sslv3 with server authentication

-$ssltest -bio_pair -server_auth $CA $extra || exit 1

-echo test sslv2/sslv3 with client authentication via BIO pair

-$ssltest -bio_pair -client_auth $CA $extra || exit 1

-echo test sslv2/sslv3 with both client and server authentication via BIO pair

-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify

-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

-#############################################################################

-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then

-  echo skipping anonymous DH tests

-else

-  echo test tls1 with 1024bit anonymous DH, multiple handshakes

-  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1

-fi

-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

-  echo skipping RSA tests

-else

-  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes

-  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1

-  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then

-    echo skipping RSA+DHE tests

-  else

-    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes

-    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1

-  fi

-fi

-exit 0

--- a/sys/src/ape/lib/openssl/test/testsslproxy

+++ /dev/null

@@ -1,10 +1,0 @@

-#! /bin/sh

-echo 'Testing a lot of proxy conditions.'

-echo 'Some of them may turn out being invalid, which is fine.'

-for auth in A B C BC; do

-    for cond in A B C 'A|B&!C'; do

-	sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"

-	if [ $? = 3 ]; then exit 1; fi

-    done

-done

--- a/sys/src/ape/lib/openssl/test/testx509.pem

+++ /dev/null

@@ -1,10 +1,0 @@

------BEGIN CERTIFICATE-----

-MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV

-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz

-MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM

-RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF

-AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO

-/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE

-Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ

-zl9HYIMxATFyqSiD9jsx

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/test/times

+++ /dev/null

@@ -1,113 +1,0 @@

-More number for the questions about SSL overheads....

-The following numbers were generated on a pentium pro 200, running linux.

-They give an indication of the SSL protocol and encryption overheads.

-The program that generated them is an unreleased version of ssl/ssltest.c

-which is the SSLeay ssl protocol testing program.  It is a single process that

-talks both sides of the SSL protocol via a non-blocking memory buffer

-interface.

-How do I read this?  The protocol and cipher are reasonable obvious.

-The next number is the number of connections being made.  The next is the

-number of bytes exchanged bewteen the client and server side of the protocol.

-This is the number of bytes that the client sends to the server, and then

-the server sends back.  Because this is all happening in one process,

-the data is being encrypted, decrypted, encrypted and then decrypted again.

-It is a round trip of that many bytes.  Because the one process performs

-both the client and server sides of the protocol and it sends this many bytes

-each direction, multiply this number by 4 to generate the number

-of bytes encrypted/decrypted/MACed.  The first time value is how many seconds

-elapsed doing a full SSL handshake, the second is the cost of one

-full handshake and the rest being session-id reuse.

-SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s

-SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s

-SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s

-SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA

-SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s

-SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s

-SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s

-SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s

-SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s

-SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA

-SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s

-SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s

-SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s

-SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s

-SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s

-SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s

-SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA

-SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s

-SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s

-SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s

-SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s

-SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s

-SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s

-SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA

-SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s

-SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s

-SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s

-What does this all mean?  Well for a server, with no session-id reuse, with

-a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,

-a pentium pro 200 running linux can handle the SSLv3 protocol overheads of

-about 49 connections a second.  Reality will be quite different :-).

-Remeber the first number is 1000 full ssl handshakes, the second is

-1 full and 999 with session-id reuse.  The RSA overheads for each exchange

-would be one public and one private operation, but the protocol/MAC/cipher

-cost would be quite similar in both the client and server.

-eric (adding numbers to speculation)

---- Appendix ---

-- The time measured is user time but these number a very rough.

-- Remember this is the cost of both client and server sides of the protocol.

-- The TCP/kernal overhead of connection establishment is normally the

-  killer in SSL.  Often delays in the TCP protocol will make session-id

-  reuse look slower that new sessions, but this would not be the case on

-  a loaded server.

-- The TCP round trip latencies, while slowing indervidual connections,

-  would have minimal impact on throughput.

-- Instead of sending one 102400 byte buffer, one 8k buffer is sent until

-- the required number of bytes are processed.

-- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.

-- A 512bit server key was being used except where noted.

-- No server key verification was being performed on the client side of the

-  protocol.  This would slow things down very little.

-- The library being used is SSLeay 0.8.x.

-- The normal mesauring system was commands of the form

-  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse

-  This modified version of ssltest should be in the next public release of

-  SSLeay.

-The general cipher performace number for this platform are

-SSLeay 0.8.2a 04-Sep-1997

-built on Fri Sep  5 17:37:05 EST 1997

-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)

-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized

-The 'numbers' are in 1000s of bytes per second processed.

-type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes

-md2               131.02k      368.41k      500.57k      549.21k      566.09k

-mdc2              535.60k      589.10k      595.88k      595.97k      594.54k

-md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k

-sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k

-sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k

-rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k

-des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k

-des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k

-idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k

-rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k

-blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k

-                  sign    verify

-rsa  512 bits   0.0100s   0.0011s

-rsa 1024 bits   0.0451s   0.0012s

-rsa 2048 bits   0.2605s   0.0086s

-rsa 4096 bits   1.6883s   0.0302s

--- a/sys/src/ape/lib/openssl/test/tpkcs7

+++ /dev/null

@@ -1,48 +1,0 @@

-#!/bin/sh

-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=testp7.pem

-fi

-echo testing pkcs7 conversions

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p f.p

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/tpkcs7d

+++ /dev/null

@@ -1,41 +1,0 @@

-#!/bin/sh

-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=pkcs7-1.pem

-fi

-echo "testing pkcs7 conversions (2)"

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/treq

+++ /dev/null

@@ -1,83 +1,0 @@

-#!/bin/sh

-cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=testreq.pem

-fi

-if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then

-  echo "skipping req conversion test for $t"

-  exit 0

-fi

-echo testing req conversions

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in fff.p -inform p -outform t >f.t

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -verify -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> d"

-#$cmd -in f.t -inform t -outform d >ff.d2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -verify -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-#echo "d -> t"

-#$cmd -in f.d -inform d -outform t >ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#echo "t -> t"

-#$cmd -in f.t -inform t -outform t >ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in f.p -inform p -outform t >ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> p"

-#$cmd -in f.t -inform t -outform p >ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p f.p

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp fff.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/trsa

+++ /dev/null

@@ -1,83 +1,0 @@

-#!/bin/sh

-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

-  echo skipping rsa conversion test

-  exit 0

-fi

-cmd='../util/shlib_wrap.sh ../apps/openssl rsa'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=testrsa.pem

-fi

-echo testing rsa conversions

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in fff.p -inform p -outform t >f.t

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> d"

-#$cmd -in f.t -inform t -outform d >ff.d2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-#echo "d -> t"

-#$cmd -in f.d -inform d -outform t >ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#echo "t -> t"

-#$cmd -in f.t -inform t -outform t >ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in f.p -inform p -outform t >ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> p"

-#$cmd -in f.t -inform t -outform p >ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p f.p

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp fff.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/tsid

+++ /dev/null

@@ -1,78 +1,0 @@

-#!/bin/sh

-cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=testsid.pem

-fi

-echo testing session-id conversions

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in fff.p -inform p -outform t >f.t

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> d"

-#$cmd -in f.t -inform t -outform d >ff.d2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-#echo "d -> t"

-#$cmd -in f.d -inform d -outform t >ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#echo "t -> t"

-#$cmd -in f.t -inform t -outform t >ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#echo "p -> t"

-#$cmd -in f.p -inform p -outform t >ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#echo "t -> p"

-#$cmd -in f.t -inform t -outform p >ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p f.p

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp fff.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t1

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t2

-#if [ $? != 0 ]; then exit 1; fi

-#cmp f.t ff.t3

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-#cmp f.p ff.p2

-#if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/tx509

+++ /dev/null

@@ -1,78 +1,0 @@

-#!/bin/sh

-cmd='../util/shlib_wrap.sh ../apps/openssl x509'

-if [ "$1"x != "x" ]; then

-	t=$1

-else

-	t=testx509.pem

-fi

-echo testing X509 conversions

-cp $t fff.p

-echo "p -> d"

-$cmd -in fff.p -inform p -outform d >f.d

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> n"

-$cmd -in fff.p -inform p -outform n >f.n

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in fff.p -inform p -outform p >f.p

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> d"

-$cmd -in f.d -inform d -outform d >ff.d1

-if [ $? != 0 ]; then exit 1; fi

-echo "n -> d"

-$cmd -in f.n -inform n -outform d >ff.d2

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> d"

-$cmd -in f.p -inform p -outform d >ff.d3

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> n"

-$cmd -in f.d -inform d -outform n >ff.n1

-if [ $? != 0 ]; then exit 1; fi

-echo "n -> n"

-$cmd -in f.n -inform n -outform n >ff.n2

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> n"

-$cmd -in f.p -inform p -outform n >ff.n3

-if [ $? != 0 ]; then exit 1; fi

-echo "d -> p"

-$cmd -in f.d -inform d -outform p >ff.p1

-if [ $? != 0 ]; then exit 1; fi

-echo "n -> p"

-$cmd -in f.n -inform n -outform p >ff.p2

-if [ $? != 0 ]; then exit 1; fi

-echo "p -> p"

-$cmd -in f.p -inform p -outform p >ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p f.p

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p2

-if [ $? != 0 ]; then exit 1; fi

-cmp fff.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-cmp f.n ff.n1

-if [ $? != 0 ]; then exit 1; fi

-cmp f.n ff.n2

-if [ $? != 0 ]; then exit 1; fi

-cmp f.n ff.n3

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p1

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p2

-if [ $? != 0 ]; then exit 1; fi

-cmp f.p ff.p3

-if [ $? != 0 ]; then exit 1; fi

-/bin/rm -f f.* ff.* fff.*

-exit 0

--- a/sys/src/ape/lib/openssl/test/v3-cert1.pem

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN CERTIFICATE-----

-MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx

-NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz

-dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw

-ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu

-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2

-ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp

-miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C

-AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK

-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x

-DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR

-MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB

-AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21

-X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3

-WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO

------END CERTIFICATE-----

--- a/sys/src/ape/lib/openssl/test/v3-cert2.pem

+++ /dev/null

@@ -1,16 +1,0 @@

------BEGIN CERTIFICATE-----

-MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD

-YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0

-ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu

-dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1

-WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV

-BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx

-FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA

-6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT

-G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ

-YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm

-b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc

-F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz

-lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap

-jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=

------END CERTIFICATE-----